* [PATCH v21 001/100] eclone (1/11): Factor out code to allocate pidmap page
2010-05-01 14:14 [PATCH v21 00/100] Kernel based checkpoint/restart Oren Laadan
@ 2010-05-01 14:14 ` Oren Laadan
2010-05-01 22:10 ` David Miller
2010-05-01 14:14 ` [PATCH v21 002/100] eclone (2/11): Have alloc_pidmap() return actual error code Oren Laadan
` (100 subsequent siblings)
101 siblings, 1 reply; 137+ messages in thread
From: Oren Laadan @ 2010-05-01 14:14 UTC (permalink / raw)
To: Andrew Morton
Cc: containers, linux-kernel, Serge Hallyn, Matt Helsley,
Pavel Emelyanov, Sukadev Bhattiprolu, linux-api, x86, linux-s390,
linuxppc-dev
From: Sukadev Bhattiprolu <sukadev@linux.vnet.ibm.com>
To simplify alloc_pidmap(), move code to allocate a pid map page to a
separate function.
Changelog[v4]:
- [Oren Laadan] Adapt to kernel 2.6.33-rc5
Changelog[v3]:
- Earlier version of patchset called alloc_pidmap_page() from two
places. But now its called from only one place. Even so, moving
this code out into a separate function simplifies alloc_pidmap().
Changelog[v2]:
- (Matt Helsley, Dave Hansen) Have alloc_pidmap_page() return
-ENOMEM on error instead of -1.
Cc: linux-api@vger.kernel.org
Cc: x86@kernel.org
Cc: linux-s390@vger.kernel.org
Cc: linuxppc-dev@ozlabs.org
Signed-off-by: Sukadev Bhattiprolu <sukadev@linux.vnet.ibm.com>
Acked-by: Serge E. Hallyn <serue@us.ibm.com>
Tested-by: Serge E. Hallyn <serue@us.ibm.com>
Reviewed-by: Oren Laadan <orenl@cs.columbia.edu>
---
kernel/pid.c | 41 ++++++++++++++++++++++++++---------------
1 files changed, 26 insertions(+), 15 deletions(-)
diff --git a/kernel/pid.c b/kernel/pid.c
index aebb30d..52a371a 100644
--- a/kernel/pid.c
+++ b/kernel/pid.c
@@ -122,6 +122,30 @@ static void free_pidmap(struct upid *upid)
atomic_inc(&map->nr_free);
}
+static int alloc_pidmap_page(struct pidmap *map)
+{
+ void *page;
+
+ if (likely(map->page))
+ return 0;
+
+ page = kzalloc(PAGE_SIZE, GFP_KERNEL);
+ /*
+ * Free the page if someone raced with us installing it:
+ */
+ spin_lock_irq(&pidmap_lock);
+ if (!map->page) {
+ map->page = page;
+ page = NULL;
+ }
+ spin_unlock_irq(&pidmap_lock);
+ kfree(page);
+ if (unlikely(!map->page))
+ return -1;
+
+ return 0;
+}
+
static int alloc_pidmap(struct pid_namespace *pid_ns)
{
int i, offset, max_scan, pid, last = pid_ns->last_pid;
@@ -134,22 +158,9 @@ static int alloc_pidmap(struct pid_namespace *pid_ns)
map = &pid_ns->pidmap[pid/BITS_PER_PAGE];
max_scan = (pid_max + BITS_PER_PAGE - 1)/BITS_PER_PAGE - !offset;
for (i = 0; i <= max_scan; ++i) {
- if (unlikely(!map->page)) {
- void *page = kzalloc(PAGE_SIZE, GFP_KERNEL);
- /*
- * Free the page if someone raced with us
- * installing it:
- */
- spin_lock_irq(&pidmap_lock);
- if (!map->page) {
- map->page = page;
- page = NULL;
- }
- spin_unlock_irq(&pidmap_lock);
- kfree(page);
- if (unlikely(!map->page))
+ if (unlikely(!map->page))
+ if (alloc_pidmap_page(map) < 0)
break;
- }
if (likely(atomic_read(&map->nr_free))) {
do {
if (!test_and_set_bit(offset, map->page)) {
--
1.6.3.3
^ permalink raw reply related [flat|nested] 137+ messages in thread* Re: [PATCH v21 001/100] eclone (1/11): Factor out code to allocate pidmap page
2010-05-01 14:14 ` [PATCH v21 001/100] eclone (1/11): Factor out code to allocate pidmap page Oren Laadan
@ 2010-05-01 22:10 ` David Miller
2010-05-02 0:14 ` Josh Boyer
` (3 more replies)
0 siblings, 4 replies; 137+ messages in thread
From: David Miller @ 2010-05-01 22:10 UTC (permalink / raw)
To: orenl
Cc: akpm, containers, linux-kernel, serue, matthltc, xemul, sukadev,
linux-api, x86, linux-s390, linuxppc-dev
NO WAY, there is no way in the world you should post 100 patches
at a time to any mailing list, especially those at vger.kernel.org
that have thousands upon thousands of subscribers.
Post only small, well contained, sets of patches at a time. At most
10 or so in one go.
Do you realize how much mail traffic you generate by posting so many
patches at one time, and how unlikely it is for anyone to actually
sift through and review your patches after you've spammed them by
posting so many at one time?
A second infraction and I will have no choice but to block you at the
SMTP level at vger.kernel.org so please do not do it again.
Thanks.
^ permalink raw reply [flat|nested] 137+ messages in thread* Re: [PATCH v21 001/100] eclone (1/11): Factor out code to allocate pidmap page
2010-05-01 22:10 ` David Miller
@ 2010-05-02 0:14 ` Josh Boyer
2010-05-02 0:25 ` Matt Helsley
` (2 subsequent siblings)
3 siblings, 0 replies; 137+ messages in thread
From: Josh Boyer @ 2010-05-02 0:14 UTC (permalink / raw)
To: David Miller
Cc: orenl, akpm, containers, linux-kernel, serue, matthltc, xemul,
sukadev, linux-api, x86, linux-s390, linuxppc-dev
On Sat, May 01, 2010 at 03:10:22PM -0700, David Miller wrote:
>
>NO WAY, there is no way in the world you should post 100 patches
>at a time to any mailing list, especially those at vger.kernel.org
>that have thousands upon thousands of subscribers.
>
>Post only small, well contained, sets of patches at a time. At most
>10 or so in one go.
>
>Do you realize how much mail traffic you generate by posting so many
>patches at one time, and how unlikely it is for anyone to actually
>sift through and review your patches after you've spammed them by
>posting so many at one time?
>
>A second infraction and I will have no choice but to block you at the
>SMTP level at vger.kernel.org so please do not do it again.
So I really agree with everything you said here, but I do wonder why you haven't
sent a similar rant about the often 100+ patchsets for the -stable series. We
are supposed to review those and follow up on them to be sure they're suitable
for a stable release.
Or the 100+ emails about regressions from version to version. Etc, etc.
I'm not saying you're wrong, but it does seem a bit odd that you choose to reply
to this one, and not the other umpteen cases I often see. Maybe it isn't about
the size or volume of the emails, and more about the fact that it's 100 patches
to implement _one_ thing? If so, then I don't really think it's about list
traffic at all...
josh
^ permalink raw reply [flat|nested] 137+ messages in thread* Re: [PATCH v21 001/100] eclone (1/11): Factor out code to allocate pidmap page
2010-05-01 22:10 ` David Miller
2010-05-02 0:14 ` Josh Boyer
@ 2010-05-02 0:25 ` Matt Helsley
2010-05-03 8:48 ` Brian K. White
2010-05-03 21:02 ` Dave Hansen
3 siblings, 0 replies; 137+ messages in thread
From: Matt Helsley @ 2010-05-02 0:25 UTC (permalink / raw)
To: David Miller
Cc: orenl, akpm, containers, linux-kernel, serue, matthltc, xemul,
sukadev, linux-api, x86, linux-s390, linuxppc-dev
On Sat, May 01, 2010 at 03:10:22PM -0700, David Miller wrote:
> NO WAY, there is no way in the world you should post 100 patches
> at a time to any mailing list, especially those at vger.kernel.org
> that have thousands upon thousands of subscribers.
I am sorry we concluded that sending these 100 patches at once was a
good idea. I will try, again, to find ways to divide the
set up into more manageable pieces. Regardless of how that goes
the whole set will not be submitted to LKML/vger all at once in the
future.
If anyone would like to offer more specific constructive suggestions
on subdividing the patches I'd be happy to try them.
That said, for anyone who's curious, we faced a few dilemmas which
pointed us down the wrong path here.
http://lkml.org/lkml/2010/3/1/422
Specifically the last part is rather hard to misinterpret:
"I'd suggest waiting until very shortly after 2.6.34-rc1 then please
send all the patches onto the list and let's get to work."
(ok, it's not shortly after 2.6.34-rc1 -- we were asked to reorganize
the code and we did...)
But even if one decides to ignore the common sense interpretation of
Andrew's reply there was more:
Standard procedure is to post to LKML when pushing patches upstream.
We were asked to create a useful implementation of checkpoint/restart
yet when we tried to submit a digestable piece we were told that
submitting it by itself was pointless (eclone). The rest of the code
was even more checkpoint/restart-specific so the same logic seemed to
apply.
We have public git trees and used the containers@ mailing list to post
patches for review but rarely received outside feedback on patches
there. Not even requests to divide the set.
So clearly we needed to post to relevant external lists and
reviewers. We tried that earlier and received complaints that lists
hadn't been Cc'd on some of the patches (e.g. fsdevel). So clearly we
needed to expand the Cc list for v21.
We looked at dividing the set but it always came down to trimming
functionality -- this conflicted with the "useful implementation"
we were asked for.
In summary: We've been given a fair number of conflicting instructions
and we failed to find the right balance in following them.
> Post only small, well contained, sets of patches at a time. At most
> 10 or so in one go.
We've tried to keep the individual patches small and reviewable. That
has the opposite effect on patch count unfortunately.
>
> Do you realize how much mail traffic you generate by posting so many
> patches at one time, and how unlikely it is for anyone to actually
> sift through and review your patches after you've spammed them by
> posting so many at one time?
>
> A second infraction and I will have no choice but to block you at the
> SMTP level at vger.kernel.org so please do not do it again.
We will not post nearly this many at once again.
I'm thinking we'll just provide URLs to git trees or quilt series
if subdividing is impossible and/or anyone needs wider context than
the 10 or so we post at a time.
Sorry again,
-Matt Helsley
^ permalink raw reply [flat|nested] 137+ messages in thread
* Re: [PATCH v21 001/100] eclone (1/11): Factor out code to allocate pidmap page
2010-05-01 22:10 ` David Miller
2010-05-02 0:14 ` Josh Boyer
2010-05-02 0:25 ` Matt Helsley
@ 2010-05-03 8:48 ` Brian K. White
2010-05-03 21:02 ` Dave Hansen
3 siblings, 0 replies; 137+ messages in thread
From: Brian K. White @ 2010-05-03 8:48 UTC (permalink / raw)
To: David Miller
Cc: orenl, linux-s390, linux-api, containers, x86, linux-kernel,
linuxppc-dev, akpm, sukadev, xemul
David Miller wrote:
> NO WAY, there is no way in the world you should post 100 patches
> at a time to any mailing list, especially those at vger.kernel.org
> that have thousands upon thousands of subscribers.
>
> Post only small, well contained, sets of patches at a time. At most
> 10 or so in one go.
>
> Do you realize how much mail traffic you generate by posting so many
> patches at one time, and how unlikely it is for anyone to actually
> sift through and review your patches after you've spammed them by
> posting so many at one time?
>
> A second infraction and I will have no choice but to block you at the
> SMTP level at vger.kernel.org so please do not do it again.
Some people, you give them gold and they just complain it's heavy.
--
bkw
^ permalink raw reply [flat|nested] 137+ messages in thread
* Re: [PATCH v21 001/100] eclone (1/11): Factor out code to allocate pidmap page
2010-05-01 22:10 ` David Miller
` (2 preceding siblings ...)
2010-05-03 8:48 ` Brian K. White
@ 2010-05-03 21:02 ` Dave Hansen
2010-05-03 21:12 ` David Miller
3 siblings, 1 reply; 137+ messages in thread
From: Dave Hansen @ 2010-05-03 21:02 UTC (permalink / raw)
To: David Miller
Cc: orenl, akpm, containers, linux-kernel, serue, matthltc, xemul,
sukadev, linux-api, x86, linux-s390, linuxppc-dev
On Sat, 2010-05-01 at 15:10 -0700, David Miller wrote:
> NO WAY, there is no way in the world you should post 100 patches
> at a time to any mailing list, especially those at vger.kernel.org
> that have thousands upon thousands of subscribers.
>
> Post only small, well contained, sets of patches at a time. At most
> 10 or so in one go.
Hi Dave,
I really do apologize if these caused undue traffic on vger. It
certainly wasn't our intention to cause any problems.
We've had a fear all along that we'll just go back into our little
containers@lists.linux-foundation.org, and go astray of what the
community wants done with these patches. It's also important to
remember that these really do affect the entire kernel. Unfortunately,
it's not really a single feature or something that fits well on any
other mailing list. It has implications _everywhere_. I think Andrew
Morton also asked that these continue coming to LKML, although his
request probably came at a time when the set was a wee bit smaller.
> Do you realize how much mail traffic you generate by posting so many
> patches at one time, and how unlikely it is for anyone to actually
> sift through and review your patches after you've spammed them by
> posting so many at one time?
I honestly don't expect people to be reading the whole thing at once.
But, I do hope that people can take a look at their individual bits that
are touched.
> A second infraction and I will have no choice but to block you at the
> SMTP level at vger.kernel.org so please do not do it again.
I know these patches are certainly not at the level of importance as,
say the pata or -stable updates, but they're certainly not of
unprecedented scale. I've seen a number of patchbombs of this size
recently.
I hope Andrew pulls this set into -mm so this doesn't even come up
again. But, if it does, can you make some suggestions on how to be more
kind to vger in the process?
-- Dave
^ permalink raw reply [flat|nested] 137+ messages in thread* Re: [PATCH v21 001/100] eclone (1/11): Factor out code to allocate pidmap page
2010-05-03 21:02 ` Dave Hansen
@ 2010-05-03 21:12 ` David Miller
0 siblings, 0 replies; 137+ messages in thread
From: David Miller @ 2010-05-03 21:12 UTC (permalink / raw)
To: dave
Cc: orenl, akpm, containers, linux-kernel, serue, matthltc, xemul,
sukadev, linux-api, x86, linux-s390, linuxppc-dev
From: Dave Hansen <dave@linux.vnet.ibm.com>
Date: Mon, 03 May 2010 14:02:31 -0700
> It has implications _everywhere_.
That does not remove the responsibility to break things up into
managable pieces, not does it make such a task impossible or
even hard to do.
You post sets of 10 to 15 at a time, once those are agreed to
and to everyone's general liking, you toss them into a GIT tree
and you say "here's the next 10 to 15 and they are relative to
the changes in GIT tree X which have already been fully reviewed"
And so on and so forth.
And this is the only logical thing to do, because if someone wants
a change in patch 7, it can effect patch 23 so it's pointless to
post for review a patch that's going to end up changing anyways.
That's a waste of reviewer resources.
To be honest, I'm really tired of what tends to be people's knee jerk
reaction to this situations, which is a lot of people doing nothing
but defending themselves. Even if it did not violate documented
policy (it did), it violates common sense. So, can people do
something more constructive than trying to defend themselves on this?
It's stupid and shouldn't have been done, and we should move on.
^ permalink raw reply [flat|nested] 137+ messages in thread
* [PATCH v21 002/100] eclone (2/11): Have alloc_pidmap() return actual error code
2010-05-01 14:14 [PATCH v21 00/100] Kernel based checkpoint/restart Oren Laadan
2010-05-01 14:14 ` [PATCH v21 001/100] eclone (1/11): Factor out code to allocate pidmap page Oren Laadan
@ 2010-05-01 14:14 ` Oren Laadan
2010-05-01 14:14 ` [PATCH v21 003/100] eclone (3/11): Define set_pidmap() function Oren Laadan
` (99 subsequent siblings)
101 siblings, 0 replies; 137+ messages in thread
From: Oren Laadan @ 2010-05-01 14:14 UTC (permalink / raw)
To: Andrew Morton
Cc: containers, linux-kernel, Serge Hallyn, Matt Helsley,
Pavel Emelyanov, Sukadev Bhattiprolu, linux-api, x86, linux-s390,
linuxppc-dev
From: Sukadev Bhattiprolu <sukadev@linux.vnet.ibm.com>
alloc_pidmap() can fail either because all pid numbers are in use or
because memory allocation failed. With support for setting a specific
pid number, alloc_pidmap() would also fail if either the given pid
number is invalid or in use.
Rather than have callers assume -ENOMEM, have alloc_pidmap() return
the actual error.
Changelog[v1]:
- [Oren Laadan] Rebase to kernel 2.6.33
Cc: linux-api@vger.kernel.org
Cc: x86@kernel.org
Cc: linux-s390@vger.kernel.org
Cc: linuxppc-dev@ozlabs.org
Signed-off-by: Sukadev Bhattiprolu <sukadev@linux.vnet.ibm.com>
Acked-by: Serge E. Hallyn <serue@us.ibm.com>
Tested-by: Serge E. Hallyn <serue@us.ibm.com>
Reviewed-by: Oren Laadan <orenl@cs.columbia.edu>
---
kernel/fork.c | 5 +++--
kernel/pid.c | 10 ++++++----
2 files changed, 9 insertions(+), 6 deletions(-)
diff --git a/kernel/fork.c b/kernel/fork.c
index 44b0791..afdfb08 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -1147,10 +1147,11 @@ static struct task_struct *copy_process(unsigned long clone_flags,
goto bad_fork_cleanup_io;
if (pid != &init_struct_pid) {
- retval = -ENOMEM;
pid = alloc_pid(p->nsproxy->pid_ns);
- if (!pid)
+ if (IS_ERR(pid)) {
+ retval = PTR_ERR(pid);
goto bad_fork_cleanup_io;
+ }
if (clone_flags & CLONE_NEWPID) {
retval = pid_ns_prepare_proc(p->nsproxy->pid_ns);
diff --git a/kernel/pid.c b/kernel/pid.c
index 52a371a..8330488 100644
--- a/kernel/pid.c
+++ b/kernel/pid.c
@@ -160,7 +160,7 @@ static int alloc_pidmap(struct pid_namespace *pid_ns)
for (i = 0; i <= max_scan; ++i) {
if (unlikely(!map->page))
if (alloc_pidmap_page(map) < 0)
- break;
+ return -ENOMEM;
if (likely(atomic_read(&map->nr_free))) {
do {
if (!test_and_set_bit(offset, map->page)) {
@@ -191,7 +191,7 @@ static int alloc_pidmap(struct pid_namespace *pid_ns)
}
pid = mk_pid(pid_ns, map, offset);
}
- return -1;
+ return -EBUSY;
}
int next_pidmap(struct pid_namespace *pid_ns, int last)
@@ -260,8 +260,10 @@ struct pid *alloc_pid(struct pid_namespace *ns)
struct upid *upid;
pid = kmem_cache_alloc(ns->pid_cachep, GFP_KERNEL);
- if (!pid)
+ if (!pid) {
+ pid = ERR_PTR(-ENOMEM);
goto out;
+ }
tmp = ns;
for (i = ns->level; i >= 0; i--) {
@@ -295,7 +297,7 @@ out_free:
free_pidmap(pid->numbers + i);
kmem_cache_free(ns->pid_cachep, pid);
- pid = NULL;
+ pid = ERR_PTR(nr);
goto out;
}
--
1.6.3.3
^ permalink raw reply related [flat|nested] 137+ messages in thread* [PATCH v21 003/100] eclone (3/11): Define set_pidmap() function
2010-05-01 14:14 [PATCH v21 00/100] Kernel based checkpoint/restart Oren Laadan
2010-05-01 14:14 ` [PATCH v21 001/100] eclone (1/11): Factor out code to allocate pidmap page Oren Laadan
2010-05-01 14:14 ` [PATCH v21 002/100] eclone (2/11): Have alloc_pidmap() return actual error code Oren Laadan
@ 2010-05-01 14:14 ` Oren Laadan
2010-05-01 14:14 ` [PATCH v21 004/100] eclone (4/11): Add target_pids parameter to alloc_pid() Oren Laadan
` (98 subsequent siblings)
101 siblings, 0 replies; 137+ messages in thread
From: Oren Laadan @ 2010-05-01 14:14 UTC (permalink / raw)
To: Andrew Morton
Cc: containers, linux-kernel, Serge Hallyn, Matt Helsley,
Pavel Emelyanov, Sukadev Bhattiprolu, linux-api, x86, linux-s390,
linuxppc-dev, Sukadev Bhattiprolu
From: Sukadev Bhattiprolu <sukadev@linux.vnet.ibm.com>
Define a set_pidmap() interface which is like alloc_pidmap() only that
caller specifies the pid number to be assigned.
Changelog[v13]:
- Don't let do_alloc_pidmap return 0 if it failed to find a pid.
Changelog[v9]:
- Completely rewrote this patch based on Eric Biederman's code.
Changelog[v7]:
- [Eric Biederman] Generalize alloc_pidmap() to take a range of pids.
Changelog[v6]:
- Separate target_pid > 0 case to minimize the number of checks needed.
Changelog[v3]:
- (Eric Biederman): Avoid set_pidmap() function. Added couple of
checks for target_pid in alloc_pidmap() itself.
Changelog[v2]:
- (Serge Hallyn) Check for 'pid < 0' in set_pidmap().(Code
actually checks for 'pid <= 0' for completeness).
Cc: linux-api@vger.kernel.org
Cc: x86@kernel.org
Cc: linux-s390@vger.kernel.org
Cc: linuxppc-dev@ozlabs.org
Signed-off-by: Sukadev Bhattiprolu <sukadev@us.ibm.com>
Signed-off-by: Serge E. Hallyn <serue@us.ibm.com>
Reviewed-by: Oren Laadan <orenl@cs.columbia.edu>
---
kernel/pid.c | 41 +++++++++++++++++++++++++++++++++--------
1 files changed, 33 insertions(+), 8 deletions(-)
diff --git a/kernel/pid.c b/kernel/pid.c
index 8330488..4eaf975 100644
--- a/kernel/pid.c
+++ b/kernel/pid.c
@@ -146,17 +146,18 @@ static int alloc_pidmap_page(struct pidmap *map)
return 0;
}
-static int alloc_pidmap(struct pid_namespace *pid_ns)
+static int do_alloc_pidmap(struct pid_namespace *pid_ns, int last, int min,
+ int max)
{
- int i, offset, max_scan, pid, last = pid_ns->last_pid;
+ int i, offset, max_scan, pid;
struct pidmap *map;
pid = last + 1;
if (pid >= pid_max)
- pid = RESERVED_PIDS;
+ pid = min;
offset = pid & BITS_PER_PAGE_MASK;
map = &pid_ns->pidmap[pid/BITS_PER_PAGE];
- max_scan = (pid_max + BITS_PER_PAGE - 1)/BITS_PER_PAGE - !offset;
+ max_scan = (max + BITS_PER_PAGE - 1)/BITS_PER_PAGE - !offset;
for (i = 0; i <= max_scan; ++i) {
if (unlikely(!map->page))
if (alloc_pidmap_page(map) < 0)
@@ -165,7 +166,6 @@ static int alloc_pidmap(struct pid_namespace *pid_ns)
do {
if (!test_and_set_bit(offset, map->page)) {
atomic_dec(&map->nr_free);
- pid_ns->last_pid = pid;
return pid;
}
offset = find_next_offset(map, offset);
@@ -176,16 +176,16 @@ static int alloc_pidmap(struct pid_namespace *pid_ns)
* bitmap block and the final block was the same
* as the starting point, pid is before last_pid.
*/
- } while (offset < BITS_PER_PAGE && pid < pid_max &&
+ } while (offset < BITS_PER_PAGE && pid < max &&
(i != max_scan || pid < last ||
!((last+1) & BITS_PER_PAGE_MASK)));
}
- if (map < &pid_ns->pidmap[(pid_max-1)/BITS_PER_PAGE]) {
+ if (map < &pid_ns->pidmap[(max-1)/BITS_PER_PAGE]) {
++map;
offset = 0;
} else {
map = &pid_ns->pidmap[0];
- offset = RESERVED_PIDS;
+ offset = min;
if (unlikely(last == offset))
break;
}
@@ -194,6 +194,31 @@ static int alloc_pidmap(struct pid_namespace *pid_ns)
return -EBUSY;
}
+static int alloc_pidmap(struct pid_namespace *pid_ns)
+{
+ int nr;
+
+ nr = do_alloc_pidmap(pid_ns, pid_ns->last_pid, RESERVED_PIDS, pid_max);
+ if (nr >= 0)
+ pid_ns->last_pid = nr;
+ return nr;
+}
+
+static int set_pidmap(struct pid_namespace *pid_ns, int target)
+{
+ if (!target)
+ return alloc_pidmap(pid_ns);
+
+ if (target >= pid_max)
+ return -EINVAL;
+
+ if ((target < 0) || (target < RESERVED_PIDS &&
+ pid_ns->last_pid >= RESERVED_PIDS))
+ return -EINVAL;
+
+ return do_alloc_pidmap(pid_ns, target - 1, target, target + 1);
+}
+
int next_pidmap(struct pid_namespace *pid_ns, int last)
{
int offset;
--
1.6.3.3
^ permalink raw reply related [flat|nested] 137+ messages in thread* [PATCH v21 004/100] eclone (4/11): Add target_pids parameter to alloc_pid()
2010-05-01 14:14 [PATCH v21 00/100] Kernel based checkpoint/restart Oren Laadan
` (2 preceding siblings ...)
2010-05-01 14:14 ` [PATCH v21 003/100] eclone (3/11): Define set_pidmap() function Oren Laadan
@ 2010-05-01 14:14 ` Oren Laadan
2010-05-01 14:14 ` [PATCH v21 005/100] eclone (5/11): Add target_pids parameter to copy_process() Oren Laadan
` (97 subsequent siblings)
101 siblings, 0 replies; 137+ messages in thread
From: Oren Laadan @ 2010-05-01 14:14 UTC (permalink / raw)
To: Andrew Morton
Cc: containers, linux-kernel, Serge Hallyn, Matt Helsley,
Pavel Emelyanov, Sukadev Bhattiprolu, linux-api, x86, linux-s390,
linuxppc-dev
From: Sukadev Bhattiprolu <sukadev@linux.vnet.ibm.com>
This parameter is currently NULL, but will be used in a follow-on patch.
Cc: linux-api@vger.kernel.org
Cc: x86@kernel.org
Cc: linux-s390@vger.kernel.org
Cc: linuxppc-dev@ozlabs.org
Signed-off-by: Sukadev Bhattiprolu <sukadev@linux.vnet.ibm.com>
Acked-by: Serge E. Hallyn <serue@us.ibm.com>
Tested-by: Serge E. Hallyn <serue@us.ibm.com>
Reviewed-by: Oren Laadan <orenl@cs.columbia.edu>
---
include/linux/pid.h | 2 +-
kernel/fork.c | 3 ++-
kernel/pid.c | 9 +++++++--
3 files changed, 10 insertions(+), 4 deletions(-)
diff --git a/include/linux/pid.h b/include/linux/pid.h
index 49f1c2f..914185d 100644
--- a/include/linux/pid.h
+++ b/include/linux/pid.h
@@ -119,7 +119,7 @@ extern struct pid *find_get_pid(int nr);
extern struct pid *find_ge_pid(int nr, struct pid_namespace *);
int next_pidmap(struct pid_namespace *pid_ns, int last);
-extern struct pid *alloc_pid(struct pid_namespace *ns);
+extern struct pid *alloc_pid(struct pid_namespace *ns, pid_t *target_pids);
extern void free_pid(struct pid *pid);
/*
diff --git a/kernel/fork.c b/kernel/fork.c
index afdfb08..62018c8 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -962,6 +962,7 @@ static struct task_struct *copy_process(unsigned long clone_flags,
int retval;
struct task_struct *p;
int cgroup_callbacks_done = 0;
+ pid_t *target_pids = NULL;
if ((clone_flags & (CLONE_NEWNS|CLONE_FS)) == (CLONE_NEWNS|CLONE_FS))
return ERR_PTR(-EINVAL);
@@ -1147,7 +1148,7 @@ static struct task_struct *copy_process(unsigned long clone_flags,
goto bad_fork_cleanup_io;
if (pid != &init_struct_pid) {
- pid = alloc_pid(p->nsproxy->pid_ns);
+ pid = alloc_pid(p->nsproxy->pid_ns, target_pids);
if (IS_ERR(pid)) {
retval = PTR_ERR(pid);
goto bad_fork_cleanup_io;
diff --git a/kernel/pid.c b/kernel/pid.c
index 4eaf975..57f1344 100644
--- a/kernel/pid.c
+++ b/kernel/pid.c
@@ -276,13 +276,14 @@ void free_pid(struct pid *pid)
call_rcu(&pid->rcu, delayed_put_pid);
}
-struct pid *alloc_pid(struct pid_namespace *ns)
+struct pid *alloc_pid(struct pid_namespace *ns, pid_t *target_pids)
{
struct pid *pid;
enum pid_type type;
int i, nr;
struct pid_namespace *tmp;
struct upid *upid;
+ pid_t tpid;
pid = kmem_cache_alloc(ns->pid_cachep, GFP_KERNEL);
if (!pid) {
@@ -292,7 +293,11 @@ struct pid *alloc_pid(struct pid_namespace *ns)
tmp = ns;
for (i = ns->level; i >= 0; i--) {
- nr = alloc_pidmap(tmp);
+ tpid = 0;
+ if (target_pids)
+ tpid = target_pids[i];
+
+ nr = set_pidmap(tmp, tpid);
if (nr < 0)
goto out_free;
--
1.6.3.3
^ permalink raw reply related [flat|nested] 137+ messages in thread* [PATCH v21 005/100] eclone (5/11): Add target_pids parameter to copy_process()
2010-05-01 14:14 [PATCH v21 00/100] Kernel based checkpoint/restart Oren Laadan
` (3 preceding siblings ...)
2010-05-01 14:14 ` [PATCH v21 004/100] eclone (4/11): Add target_pids parameter to alloc_pid() Oren Laadan
@ 2010-05-01 14:14 ` Oren Laadan
2010-05-01 14:14 ` [PATCH v21 006/100] eclone (6/11): Check invalid clone flags Oren Laadan
` (96 subsequent siblings)
101 siblings, 0 replies; 137+ messages in thread
From: Oren Laadan @ 2010-05-01 14:14 UTC (permalink / raw)
To: Andrew Morton
Cc: containers, linux-kernel, Serge Hallyn, Matt Helsley,
Pavel Emelyanov, Sukadev Bhattiprolu, linux-api, x86, linux-s390,
linuxppc-dev, Oleg Nesterov
From: Sukadev Bhattiprolu <sukadev@linux.vnet.ibm.com>
Add a 'target_pids' parameter to copy_process(). The new parameter will be
used in a follow-on patch when eclone() is implemented.
Cc: linux-api@vger.kernel.org
Cc: x86@kernel.org
Cc: linux-s390@vger.kernel.org
Cc: linuxppc-dev@ozlabs.org
Cc: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Sukadev Bhattiprolu <sukadev@linux.vnet.ibm.com>
Acked-by: Serge E. Hallyn <serue@us.ibm.com>
Tested-by: Serge E. Hallyn <serue@us.ibm.com>
Reviewed-by: Oren Laadan <orenl@cs.columbia.edu>
---
kernel/fork.c | 7 ++++---
1 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/kernel/fork.c b/kernel/fork.c
index 62018c8..9d2b57e 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -957,12 +957,12 @@ static struct task_struct *copy_process(unsigned long clone_flags,
unsigned long stack_size,
int __user *child_tidptr,
struct pid *pid,
+ pid_t *target_pids,
int trace)
{
int retval;
struct task_struct *p;
int cgroup_callbacks_done = 0;
- pid_t *target_pids = NULL;
if ((clone_flags & (CLONE_NEWNS|CLONE_FS)) == (CLONE_NEWNS|CLONE_FS))
return ERR_PTR(-EINVAL);
@@ -1339,7 +1339,7 @@ struct task_struct * __cpuinit fork_idle(int cpu)
struct pt_regs regs;
task = copy_process(CLONE_VM, 0, idle_regs(®s), 0, NULL,
- &init_struct_pid, 0);
+ &init_struct_pid, NULL, 0);
if (!IS_ERR(task))
init_idle(task, cpu);
@@ -1362,6 +1362,7 @@ long do_fork(unsigned long clone_flags,
struct task_struct *p;
int trace = 0;
long nr;
+ pid_t *target_pids = NULL;
/*
* Do some preliminary argument and permissions checking before we
@@ -1402,7 +1403,7 @@ long do_fork(unsigned long clone_flags,
trace = tracehook_prepare_clone(clone_flags);
p = copy_process(clone_flags, stack_start, regs, stack_size,
- child_tidptr, NULL, trace);
+ child_tidptr, NULL, target_pids, trace);
/*
* Do this prior waking up the new thread - the thread pointer
* might get invalid after that point, if the thread exits quickly.
--
1.6.3.3
^ permalink raw reply related [flat|nested] 137+ messages in thread* [PATCH v21 006/100] eclone (6/11): Check invalid clone flags
2010-05-01 14:14 [PATCH v21 00/100] Kernel based checkpoint/restart Oren Laadan
` (4 preceding siblings ...)
2010-05-01 14:14 ` [PATCH v21 005/100] eclone (5/11): Add target_pids parameter to copy_process() Oren Laadan
@ 2010-05-01 14:14 ` Oren Laadan
2010-05-01 14:14 ` [PATCH v21 007/100] eclone (7/11): Define do_fork_with_pids() Oren Laadan
` (95 subsequent siblings)
101 siblings, 0 replies; 137+ messages in thread
From: Oren Laadan @ 2010-05-01 14:14 UTC (permalink / raw)
To: Andrew Morton
Cc: containers, linux-kernel, Serge Hallyn, Matt Helsley,
Pavel Emelyanov, Sukadev Bhattiprolu, linux-api, x86, linux-s390,
linuxppc-dev, Oleg Nesterov
From: Sukadev Bhattiprolu <sukadev@linux.vnet.ibm.com>
As pointed out by Oren Laadan, we want to ensure that unused bits in the
clone-flags remain unused and available for future. To ensure this, define
a mask of clone-flags and check the flags in the clone() system calls.
Changelog[v9]:
- Include the unused clone-flag (CLONE_UNUSED) to VALID_CLONE_FLAGS
to avoid breaking any applications that may have set it. IOW, this
patch/check only applies to clone-flags bits 33 and higher.
Changelog[v8]:
- New patch in set
Cc: linux-api@vger.kernel.org
Cc: x86@kernel.org
Cc: linux-s390@vger.kernel.org
Cc: linuxppc-dev@ozlabs.org
Cc: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Sukadev Bhattiprolu <sukadev@linux.vnet.ibm.com>
Acked-by: Serge E. Hallyn <serue@us.ibm.com>
Tested-by: Serge E. Hallyn <serue@us.ibm.com>
Acked-by: Oren Laadan <orenl.cs.columbia.edu>
---
include/linux/sched.h | 12 ++++++++++++
kernel/fork.c | 3 +++
2 files changed, 15 insertions(+), 0 deletions(-)
diff --git a/include/linux/sched.h b/include/linux/sched.h
index dad7f66..5de3ce5 100644
--- a/include/linux/sched.h
+++ b/include/linux/sched.h
@@ -29,6 +29,18 @@
#define CLONE_NEWNET 0x40000000 /* New network namespace */
#define CLONE_IO 0x80000000 /* Clone io context */
+#define CLONE_UNUSED 0x00001000 /* Can be reused ? */
+
+#define VALID_CLONE_FLAGS (CSIGNAL | CLONE_VM | CLONE_FS | CLONE_FILES |\
+ CLONE_SIGHAND | CLONE_UNUSED | CLONE_PTRACE |\
+ CLONE_VFORK | CLONE_PARENT | CLONE_THREAD |\
+ CLONE_NEWNS | CLONE_SYSVSEM | CLONE_SETTLS |\
+ CLONE_PARENT_SETTID | CLONE_CHILD_CLEARTID |\
+ CLONE_DETACHED | CLONE_UNTRACED |\
+ CLONE_CHILD_SETTID | CLONE_STOPPED |\
+ CLONE_NEWUTS | CLONE_NEWIPC | CLONE_NEWUSER |\
+ CLONE_NEWPID | CLONE_NEWNET | CLONE_IO)
+
/*
* Scheduling policies
*/
diff --git a/kernel/fork.c b/kernel/fork.c
index 9d2b57e..e41b3d1 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -964,6 +964,9 @@ static struct task_struct *copy_process(unsigned long clone_flags,
struct task_struct *p;
int cgroup_callbacks_done = 0;
+ if (clone_flags & ~VALID_CLONE_FLAGS)
+ return ERR_PTR(-EINVAL);
+
if ((clone_flags & (CLONE_NEWNS|CLONE_FS)) == (CLONE_NEWNS|CLONE_FS))
return ERR_PTR(-EINVAL);
--
1.6.3.3
^ permalink raw reply related [flat|nested] 137+ messages in thread* [PATCH v21 007/100] eclone (7/11): Define do_fork_with_pids()
2010-05-01 14:14 [PATCH v21 00/100] Kernel based checkpoint/restart Oren Laadan
` (5 preceding siblings ...)
2010-05-01 14:14 ` [PATCH v21 006/100] eclone (6/11): Check invalid clone flags Oren Laadan
@ 2010-05-01 14:14 ` Oren Laadan
2010-05-01 14:14 ` [PATCH v21 008/100] eclone (8/11): Implement sys_eclone for x86 (32,64) Oren Laadan
` (94 subsequent siblings)
101 siblings, 0 replies; 137+ messages in thread
From: Oren Laadan @ 2010-05-01 14:14 UTC (permalink / raw)
To: Andrew Morton
Cc: containers, linux-kernel, Serge Hallyn, Matt Helsley,
Pavel Emelyanov, Sukadev Bhattiprolu, linux-api, x86, linux-s390,
linuxppc-dev, Oleg Nesterov
From: Sukadev Bhattiprolu <sukadev@linux.vnet.ibm.com>
do_fork_with_pids() is same as do_fork(), except that it takes an
additional, 'pid_set', parameter. This parameter, currently unused,
specifies the set of target pids of the process in each of its pid
namespaces.
Changelog[v7]:
- Drop 'struct pid_set' object and pass in 'pid_t *target_pids'
instead of 'struct pid_set *'.
Changelog[v6]:
- (Nathan Lynch, Arnd Bergmann, H. Peter Anvin, Linus Torvalds)
Change 'pid_set.pids' to a 'pid_t pids[]' so size of 'struct pid_set'
is constant across architectures.
- (Nathan Lynch) Change 'pid_set.num_pids' to 'unsigned int'.
Changelog[v4]:
- Rename 'struct target_pid_set' to 'struct pid_set' since it may
be useful in other contexts.
Changelog[v3]:
- Fix "long-line" warning from checkpatch.pl
Changelog[v2]:
- To facilitate moving architecture-inpdendent code to kernel/fork.c
pass in 'struct target_pid_set __user *' to do_fork_with_pids()
rather than 'pid_t *' (next patch moves the arch-independent
code to kernel/fork.c)
Cc: linux-api@vger.kernel.org
Cc: x86@kernel.org
Cc: linux-s390@vger.kernel.org
Cc: linuxppc-dev@ozlabs.org
Cc: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Sukadev Bhattiprolu <sukadev@linux.vnet.ibm.com>
Acked-by: Serge E. Hallyn <serue@us.ibm.com>
Tested-by: Serge E. Hallyn <serue@us.ibm.com>
Reviewed-by: Oren Laadan <orenl@cs.columbia.edu>
---
include/linux/sched.h | 3 +++
kernel/fork.c | 17 +++++++++++++++--
2 files changed, 18 insertions(+), 2 deletions(-)
diff --git a/include/linux/sched.h b/include/linux/sched.h
index 5de3ce5..f4ae3e3 100644
--- a/include/linux/sched.h
+++ b/include/linux/sched.h
@@ -2129,6 +2129,9 @@ extern int disallow_signal(int);
extern int do_execve(char *, char __user * __user *, char __user * __user *, struct pt_regs *);
extern long do_fork(unsigned long, unsigned long, struct pt_regs *, unsigned long, int __user *, int __user *);
+extern long do_fork_with_pids(unsigned long, unsigned long, struct pt_regs *,
+ unsigned long, int __user *, int __user *,
+ unsigned int, pid_t __user *);
struct task_struct *fork_idle(int);
extern void set_task_comm(struct task_struct *tsk, char *from);
diff --git a/kernel/fork.c b/kernel/fork.c
index e41b3d1..2559d7a 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -1355,12 +1355,14 @@ struct task_struct * __cpuinit fork_idle(int cpu)
* It copies the process, and if successful kick-starts
* it and waits for it to finish using the VM if required.
*/
-long do_fork(unsigned long clone_flags,
+long do_fork_with_pids(unsigned long clone_flags,
unsigned long stack_start,
struct pt_regs *regs,
unsigned long stack_size,
int __user *parent_tidptr,
- int __user *child_tidptr)
+ int __user *child_tidptr,
+ unsigned int num_pids,
+ pid_t __user *upids)
{
struct task_struct *p;
int trace = 0;
@@ -1463,6 +1465,17 @@ long do_fork(unsigned long clone_flags,
return nr;
}
+long do_fork(unsigned long clone_flags,
+ unsigned long stack_start,
+ struct pt_regs *regs,
+ unsigned long stack_size,
+ int __user *parent_tidptr,
+ int __user *child_tidptr)
+{
+ return do_fork_with_pids(clone_flags, stack_start, regs, stack_size,
+ parent_tidptr, child_tidptr, 0, NULL);
+}
+
#ifndef ARCH_MIN_MMSTRUCT_ALIGN
#define ARCH_MIN_MMSTRUCT_ALIGN 0
#endif
--
1.6.3.3
^ permalink raw reply related [flat|nested] 137+ messages in thread* [PATCH v21 008/100] eclone (8/11): Implement sys_eclone for x86 (32,64)
2010-05-01 14:14 [PATCH v21 00/100] Kernel based checkpoint/restart Oren Laadan
` (6 preceding siblings ...)
2010-05-01 14:14 ` [PATCH v21 007/100] eclone (7/11): Define do_fork_with_pids() Oren Laadan
@ 2010-05-01 14:14 ` Oren Laadan
2010-05-01 14:14 ` [PATCH v21 009/100] eclone (9/11): Implement sys_eclone for s390 Oren Laadan
` (93 subsequent siblings)
101 siblings, 0 replies; 137+ messages in thread
From: Oren Laadan @ 2010-05-01 14:14 UTC (permalink / raw)
To: Andrew Morton
Cc: containers, linux-kernel, Serge Hallyn, Matt Helsley,
Pavel Emelyanov, Sukadev Bhattiprolu, linux-api, x86, linux-s390,
linuxppc-dev
From: Sukadev Bhattiprolu <sukadev@linux.vnet.ibm.com>
Container restart requires that a task have the same pid it had when it was
checkpointed. When containers are nested the tasks within the containers
exist in multiple pid namespaces and hence have multiple pids to specify
during restart.
eclone(), intended for use during restart, is the same as
clone(), except that it takes a 'pids' paramter. This parameter lets
caller choose specific pid numbers for the child process, in the
process's active and ancestor pid namespaces. (Descendant pid namespaces
in general don't matter since processes don't have pids in them anyway,
but see comments in copy_target_pids() regarding CLONE_NEWPID).
eclone() also attempts to address a second limitation of the
clone() system call. clone() is restricted to 32 clone flags and all but
one of these are in use. If more new clone flags are needed, we will be
forced to define a new variant of the clone() system call. To address
this, eclone() allows at least 64 clone flags with some room
for more if necessary.
To prevent unprivileged processes from misusing this interface,
eclone() currently needs CAP_SYS_ADMIN, when the 'pids' parameter
is non-NULL.
See Documentation/eclone in next patch for more details and an
example of its usage.
NOTE:
- System calls are restricted to 6 parameters and the number and sizes
of parameters needed for eclone() exceed 6 integers. The new
prototype works around this restriction while providing some
flexibility if eclone() needs to be further extended in the
future.
TODO:
- We should convert clone-flags to 64-bit value in all architectures.
Its probably best to do that as a separate patchset since clone_flags
touches several functions and that patchset seems independent of this
new system call.
Changelog[v14]:
- [Oren Laadan] Rebase to kernel 2.6.33
* introduce PTREGSCALL4 for sys_eclone
* consolidate syscall definitions for 32/64 bit
- [Oren Laadan] Merge x86_64 (trivial patch) with current
- [Serge Hallyn] Add eclone stub for ia32 eclone
Changelog[v13]:
- [Dave Hansen]: Reorg to enable sharing code between x86 and x86-64.
- [Arnd Bergmann]: With args_size parameter, ->reserved1 is redundant
and can be removed.
- [Nathan Lynch]: stop warnings about assigning u64 to a (32-bit) int*.
- [Nathan Lynch, Serge Hallyn] Rename ->child_stack_base to
->child_stack and ensure ->child_stack_size is 0 on architectures
that don't need it (see comments in types.h for details).
Changelog[v12]:
- [Serge Hallyn] Ignore ->child_stack_size if ->child_stack_base
is NULL.
- [Oren Laadan, Serge Hallyn] Rename clone_with_pids() to eclone()
Changelog[v11]:
- [Dave Hansen] Move clone_args validation checks to arch-indpeendent
code.
- [Oren Laadan] Make args_size a parameter to system call and remove
it from 'struct clone_args'
Changelog[v10]:
- Rename clone3() to clone_with_pids()
- [Linus Torvalds] Use PTREGSCALL() rather than the generic syscall
implementation
Changelog[v9]:
- [Roland McGrath, H. Peter Anvin] To avoid confusion on 64-bit
architectures split the new clone-flags into 'low' and 'high'
words and pass in the 'lower' flags as the first argument.
This would maintain similarity of the clone3() with clone()/
clone2(). Also has the side-effect of the name matching the
number of parameters :-)
- [Roland McGrath] Rename structure to 'clone_args' and add a
'child_stack_size' field
Changelog[v8]
- [Oren Laadan] parent_tid and child_tid fields in 'struct clone_arg'
must be 64-bit.
- clone2() is in use in IA64. Rename system call to clone3().
Changelog[v7]:
- [Peter Zijlstra, Arnd Bergmann] Rename system call to clone2()
and group parameters into a new 'struct clone_struct' object.
Changelog[v6]:
- (Nathan Lynch, Arnd Bergmann, H. Peter Anvin, Linus Torvalds)
Change 'pid_set.pids' to a 'pid_t pids[]' so size of 'struct pid_set'
is constant across architectures.
- (Nathan Lynch) Change pid_set.num_pids to unsigned and remove
'unum_pids < 0' check.
Changelog[v4]:
- (Oren Laadan) rename 'struct target_pid_set' to 'struct pid_set'
Changelog[v3]:
- (Oren Laadan) Allow CLONE_NEWPID flag (by allocating an extra pid
in the target_pids[] list and setting it 0. See copy_target_pids()).
- (Oren Laadan) Specified target pids should apply only to youngest
pid-namespaces (see copy_target_pids())
- (Matt Helsley) Update patch description.
Changelog[v2]:
- Remove unnecessary printk and add a note to callers of
copy_target_pids() to free target_pids.
- (Serge Hallyn) Mention CAP_SYS_ADMIN restriction in patch description.
- (Oren Laadan) Add checks for 'num_pids < 0' (return -EINVAL) and
'num_pids == 0' (fall back to normal clone()).
- Move arch-independent code (sanity checks and copy-in of target-pids)
into kernel/fork.c and simplify sys_clone_with_pids()
Changelog[v1]:
- Fixed some compile errors (had fixed these errors earlier in my
git tree but had not refreshed patches before emailing them)
Cc: linux-api@vger.kernel.org
Cc: x86@kernel.org
Cc: linux-s390@vger.kernel.org
Cc: linuxppc-dev@ozlabs.org
Signed-off-by: Sukadev Bhattiprolu <sukadev@linux.vnet.ibm.com>
Acked-by: Serge E. Hallyn <serue@us.ibm.com>
Tested-by: Serge E. Hallyn <serue@us.ibm.com>
Acked-by: Oren Laadan <orenl.cs.columbia.edu>
---
arch/x86/ia32/ia32entry.S | 2 +
arch/x86/include/asm/syscalls.h | 2 +
arch/x86/include/asm/unistd_32.h | 3 +-
arch/x86/include/asm/unistd_64.h | 2 +
arch/x86/kernel/entry_32.S | 14 ++++
arch/x86/kernel/entry_64.S | 1 +
arch/x86/kernel/process.c | 40 +++++++++++-
arch/x86/kernel/syscall_table_32.S | 1 +
include/linux/sched.h | 2 +
include/linux/types.h | 16 +++++
kernel/fork.c | 124 +++++++++++++++++++++++++++++++++++-
11 files changed, 204 insertions(+), 3 deletions(-)
diff --git a/arch/x86/ia32/ia32entry.S b/arch/x86/ia32/ia32entry.S
index 59b4556..b7f3f34 100644
--- a/arch/x86/ia32/ia32entry.S
+++ b/arch/x86/ia32/ia32entry.S
@@ -477,6 +477,7 @@ quiet_ni_syscall:
PTREGSCALL stub32_clone, sys32_clone, %rdx
PTREGSCALL stub32_vfork, sys_vfork, %rdi
PTREGSCALL stub32_iopl, sys_iopl, %rsi
+ PTREGSCALL stub32_eclone, sys_eclone, %r8
ENTRY(ia32_ptregs_common)
popq %r11
@@ -842,4 +843,5 @@ ia32_sys_call_table:
.quad compat_sys_rt_tgsigqueueinfo /* 335 */
.quad sys_perf_event_open
.quad compat_sys_recvmmsg
+ .quad stub32_eclone
ia32_syscall_end:
diff --git a/arch/x86/include/asm/syscalls.h b/arch/x86/include/asm/syscalls.h
index 5c044b4..d525677 100644
--- a/arch/x86/include/asm/syscalls.h
+++ b/arch/x86/include/asm/syscalls.h
@@ -27,6 +27,8 @@ long sys_execve(char __user *, char __user * __user *,
char __user * __user *, struct pt_regs *);
long sys_clone(unsigned long, unsigned long, void __user *,
void __user *, struct pt_regs *);
+long sys_eclone(unsigned flags_low, struct clone_args __user *uca,
+ int args_size, pid_t __user *pids, struct pt_regs *regs);
/* kernel/ldt.c */
asmlinkage int sys_modify_ldt(int, void __user *, unsigned long);
diff --git a/arch/x86/include/asm/unistd_32.h b/arch/x86/include/asm/unistd_32.h
index beb9b5f..e543b0e 100644
--- a/arch/x86/include/asm/unistd_32.h
+++ b/arch/x86/include/asm/unistd_32.h
@@ -343,10 +343,11 @@
#define __NR_rt_tgsigqueueinfo 335
#define __NR_perf_event_open 336
#define __NR_recvmmsg 337
+#define __NR_eclone 338
#ifdef __KERNEL__
-#define NR_syscalls 338
+#define NR_syscalls 339
#define __ARCH_WANT_IPC_PARSE_VERSION
#define __ARCH_WANT_OLD_READDIR
diff --git a/arch/x86/include/asm/unistd_64.h b/arch/x86/include/asm/unistd_64.h
index ff4307b..1cd16af 100644
--- a/arch/x86/include/asm/unistd_64.h
+++ b/arch/x86/include/asm/unistd_64.h
@@ -663,6 +663,8 @@ __SYSCALL(__NR_rt_tgsigqueueinfo, sys_rt_tgsigqueueinfo)
__SYSCALL(__NR_perf_event_open, sys_perf_event_open)
#define __NR_recvmmsg 299
__SYSCALL(__NR_recvmmsg, sys_recvmmsg)
+#define __NR_eclone 300
+__SYSCALL(__NR_eclone, stub_eclone)
#ifndef __NO_STUBS
#define __ARCH_WANT_OLD_READDIR
diff --git a/arch/x86/kernel/entry_32.S b/arch/x86/kernel/entry_32.S
index 44a8e0d..65e1735 100644
--- a/arch/x86/kernel/entry_32.S
+++ b/arch/x86/kernel/entry_32.S
@@ -758,6 +758,19 @@ ptregs_##name: \
addl $4,%esp; \
ret
+#define PTREGSCALL4(name) \
+ ALIGN; \
+ptregs_##name: \
+ leal 4(%esp),%eax; \
+ pushl %eax; \
+ pushl PT_ESI(%eax); \
+ movl PT_EDX(%eax),%ecx; \
+ movl PT_ECX(%eax),%edx; \
+ movl PT_EBX(%eax),%eax; \
+ call sys_##name; \
+ addl $8,%esp; \
+ ret
+
PTREGSCALL1(iopl)
PTREGSCALL0(fork)
PTREGSCALL0(vfork)
@@ -767,6 +780,7 @@ PTREGSCALL0(sigreturn)
PTREGSCALL0(rt_sigreturn)
PTREGSCALL2(vm86)
PTREGSCALL1(vm86old)
+PTREGSCALL4(eclone)
/* Clone is an oddball. The 4th arg is in %edi */
ALIGN;
diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S
index 0697ff1..216681e 100644
--- a/arch/x86/kernel/entry_64.S
+++ b/arch/x86/kernel/entry_64.S
@@ -698,6 +698,7 @@ END(\label)
PTREGSCALL stub_vfork, sys_vfork, %rdi
PTREGSCALL stub_sigaltstack, sys_sigaltstack, %rdx
PTREGSCALL stub_iopl, sys_iopl, %rsi
+ PTREGSCALL stub_eclone, sys_eclone, %r8
ENTRY(ptregscall_common)
DEFAULT_FRAME 1 8 /* offset 8: return address */
diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c
index 28ad9f4..5abad20 100644
--- a/arch/x86/kernel/process.c
+++ b/arch/x86/kernel/process.c
@@ -259,6 +259,45 @@ sys_clone(unsigned long clone_flags, unsigned long newsp,
return do_fork(clone_flags, newsp, regs, 0, parent_tid, child_tid);
}
+long
+sys_eclone(unsigned flags_low, struct clone_args __user *uca,
+ int args_size, pid_t __user *pids, struct pt_regs *regs)
+{
+ int rc;
+ struct clone_args kca;
+ unsigned long flags;
+ int __user *parent_tidp;
+ int __user *child_tidp;
+ unsigned long __user stack;
+ unsigned long stack_size;
+
+ rc = fetch_clone_args_from_user(uca, args_size, &kca);
+ if (rc)
+ return rc;
+
+ /*
+ * TODO: Convert 'clone-flags' to 64-bits on all architectures.
+ * TODO: When ->clone_flags_high is non-zero, copy it in to the
+ * higher word(s) of 'flags':
+ *
+ * flags = (kca.clone_flags_high << 32) | flags_low;
+ */
+ flags = flags_low;
+ parent_tidp = (int *)(unsigned long)kca.parent_tid_ptr;
+ child_tidp = (int *)(unsigned long)kca.child_tid_ptr;
+
+ stack_size = (unsigned long)kca.child_stack_size;
+ if (stack_size)
+ return -EINVAL;
+
+ stack = (unsigned long)kca.child_stack;
+ if (!stack)
+ stack = regs->sp;
+
+ return do_fork_with_pids(flags, stack, regs, stack_size, parent_tidp,
+ child_tidp, kca.nr_pids, pids);
+}
+
/*
* This gets run with %si containing the
* function to call, and %di containing
@@ -700,4 +739,3 @@ unsigned long arch_randomize_brk(struct mm_struct *mm)
unsigned long range_end = mm->brk + 0x02000000;
return randomize_range(mm->brk, range_end, 0) ? : mm->brk;
}
-
diff --git a/arch/x86/kernel/syscall_table_32.S b/arch/x86/kernel/syscall_table_32.S
index 8b37293..0c92570 100644
--- a/arch/x86/kernel/syscall_table_32.S
+++ b/arch/x86/kernel/syscall_table_32.S
@@ -337,3 +337,4 @@ ENTRY(sys_call_table)
.long sys_rt_tgsigqueueinfo /* 335 */
.long sys_perf_event_open
.long sys_recvmmsg
+ .long ptregs_eclone
diff --git a/include/linux/sched.h b/include/linux/sched.h
index f4ae3e3..8593051 100644
--- a/include/linux/sched.h
+++ b/include/linux/sched.h
@@ -2129,6 +2129,8 @@ extern int disallow_signal(int);
extern int do_execve(char *, char __user * __user *, char __user * __user *, struct pt_regs *);
extern long do_fork(unsigned long, unsigned long, struct pt_regs *, unsigned long, int __user *, int __user *);
+extern int fetch_clone_args_from_user(struct clone_args __user *, int,
+ struct clone_args *);
extern long do_fork_with_pids(unsigned long, unsigned long, struct pt_regs *,
unsigned long, int __user *, int __user *,
unsigned int, pid_t __user *);
diff --git a/include/linux/types.h b/include/linux/types.h
index c42724f..d8bfd6b 100644
--- a/include/linux/types.h
+++ b/include/linux/types.h
@@ -204,6 +204,22 @@ struct ustat {
char f_fpack[6];
};
+struct clone_args {
+ u64 clone_flags_high;
+ /*
+ * Architectures can use child_stack for either the stack pointer or
+ * the base of of stack. If child_stack is used as the stack pointer,
+ * child_stack_size must be 0. Otherwise child_stack_size must be
+ * set to size of allocated stack.
+ */
+ u64 child_stack;
+ u64 child_stack_size;
+ u64 parent_tid_ptr;
+ u64 child_tid_ptr;
+ u32 nr_pids;
+ u32 reserved0;
+};
+
#endif /* __KERNEL__ */
#endif /* __ASSEMBLY__ */
#endif /* _LINUX_TYPES_H */
diff --git a/kernel/fork.c b/kernel/fork.c
index 2559d7a..9d5be5c 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -1350,6 +1350,114 @@ struct task_struct * __cpuinit fork_idle(int cpu)
}
/*
+ * If user specified any 'target-pids' in @upid_setp, copy them from
+ * user and return a pointer to a local copy of the list of pids. The
+ * caller must free the list, when they are done using it.
+ *
+ * If user did not specify any target pids, return NULL (caller should
+ * treat this like normal clone).
+ *
+ * On any errors, return the error code
+ */
+static pid_t *copy_target_pids(int unum_pids, pid_t __user *upids)
+{
+ int j;
+ int rc;
+ int size;
+ int knum_pids; /* # of pids needed in kernel */
+ pid_t *target_pids;
+
+ if (!unum_pids)
+ return NULL;
+
+ knum_pids = task_pid(current)->level + 1;
+ if (unum_pids > knum_pids)
+ return ERR_PTR(-EINVAL);
+
+ /*
+ * To keep alloc_pid() simple, allocate an extra pid_t in target_pids[]
+ * and set it to 0. This last entry in target_pids[] corresponds to the
+ * (yet-to-be-created) descendant pid-namespace if CLONE_NEWPID was
+ * specified. If CLONE_NEWPID was not specified, this last entry will
+ * simply be ignored.
+ */
+ target_pids = kzalloc((knum_pids + 1) * sizeof(pid_t), GFP_KERNEL);
+ if (!target_pids)
+ return ERR_PTR(-ENOMEM);
+
+ /*
+ * A process running in a level 2 pid namespace has three pid namespaces
+ * and hence three pid numbers. If this process is checkpointed,
+ * information about these three namespaces are saved. We refer to these
+ * namespaces as 'known namespaces'.
+ *
+ * If this checkpointed process is however restarted in a level 3 pid
+ * namespace, the restarted process has an extra ancestor pid namespace
+ * (i.e 'unknown namespace') and 'knum_pids' exceeds 'unum_pids'.
+ *
+ * During restart, the process requests specific pids for its 'known
+ * namespaces' and lets kernel assign pids to its 'unknown namespaces'.
+ *
+ * Since the requested-pids correspond to 'known namespaces' and since
+ * 'known-namespaces' are younger than (i.e descendants of) 'unknown-
+ * namespaces', copy requested pids to the back-end of target_pids[]
+ * (i.e before the last entry for CLONE_NEWPID mentioned above).
+ * Any entries in target_pids[] not corresponding to a requested pid
+ * will be set to zero and kernel assigns a pid in those namespaces.
+ *
+ * NOTE: The order of pids in target_pids[] is oldest pid namespace
+ * to youngest (target_pids[0] corresponds to init_pid_ns). i.e. the
+ * the order is:
+ *
+ * - pids for 'unknown-namespaces' (if any)
+ * - pids for 'known-namespaces' (requested pids)
+ * - 0 in the last entry (for CLONE_NEWPID).
+ */
+ j = knum_pids - unum_pids;
+ size = unum_pids * sizeof(pid_t);
+
+ rc = copy_from_user(&target_pids[j], upids, size);
+ if (rc) {
+ rc = -EFAULT;
+ goto out_free;
+ }
+
+ return target_pids;
+
+out_free:
+ kfree(target_pids);
+ return ERR_PTR(rc);
+}
+
+int
+fetch_clone_args_from_user(struct clone_args __user *uca, int args_size,
+ struct clone_args *kca)
+{
+ int rc;
+
+ /*
+ * TODO: If size of clone_args is not what the kernel expects, it
+ * could be that kernel is newer and has an extended structure.
+ * When that happens, this check needs to be smarter. For now,
+ * assume exact match.
+ */
+ if (args_size != sizeof(struct clone_args))
+ return -EINVAL;
+
+ rc = copy_from_user(kca, uca, args_size);
+ if (rc)
+ return -EFAULT;
+
+ /*
+ * To avoid future compatibility issues, ensure unused fields are 0.
+ */
+ if (kca->reserved0 || kca->clone_flags_high)
+ return -EINVAL;
+
+ return 0;
+}
+
+/*
* Ok, this is the main fork-routine.
*
* It copies the process, and if successful kick-starts
@@ -1367,7 +1475,7 @@ long do_fork_with_pids(unsigned long clone_flags,
struct task_struct *p;
int trace = 0;
long nr;
- pid_t *target_pids = NULL;
+ pid_t *target_pids;
/*
* Do some preliminary argument and permissions checking before we
@@ -1401,6 +1509,16 @@ long do_fork_with_pids(unsigned long clone_flags,
}
}
+ target_pids = copy_target_pids(num_pids, upids);
+ if (target_pids) {
+ if (IS_ERR(target_pids))
+ return PTR_ERR(target_pids);
+
+ nr = -EPERM;
+ if (!capable(CAP_SYS_ADMIN))
+ goto out_free;
+ }
+
/*
* When called from kernel_thread, don't do user tracing stuff.
*/
@@ -1462,6 +1580,10 @@ long do_fork_with_pids(unsigned long clone_flags,
} else {
nr = PTR_ERR(p);
}
+
+out_free:
+ kfree(target_pids);
+
return nr;
}
--
1.6.3.3
^ permalink raw reply related [flat|nested] 137+ messages in thread* [PATCH v21 009/100] eclone (9/11): Implement sys_eclone for s390
2010-05-01 14:14 [PATCH v21 00/100] Kernel based checkpoint/restart Oren Laadan
` (7 preceding siblings ...)
2010-05-01 14:14 ` [PATCH v21 008/100] eclone (8/11): Implement sys_eclone for x86 (32,64) Oren Laadan
@ 2010-05-01 14:14 ` Oren Laadan
2010-05-01 14:14 ` [PATCH v21 010/100] eclone (10/11): Implement sys_eclone for powerpc Oren Laadan
` (92 subsequent siblings)
101 siblings, 0 replies; 137+ messages in thread
From: Oren Laadan @ 2010-05-01 14:14 UTC (permalink / raw)
To: Andrew Morton
Cc: containers, linux-kernel, Serge Hallyn, Matt Helsley,
Pavel Emelyanov, linux-api, x86, linux-s390, linuxppc-dev
From: Serge E. Hallyn <serue@us.ibm.com>
Implement the s390 hook for sys_eclone().
Changelog:
Nov 24: Removed user-space code from commit log. See user-cr git tree.
Nov 17: remove redundant flags_high check
Nov 13: As suggested by Heiko, convert eclone to take its
parameters via registers.
Cc: linux-api@vger.kernel.org
Cc: x86@kernel.org
Cc: linux-s390@vger.kernel.org
Cc: linuxppc-dev@ozlabs.org
Signed-off-by: Serge E. Hallyn <serue@us.ibm.com>
---
arch/s390/include/asm/unistd.h | 3 ++-
arch/s390/kernel/compat_linux.c | 17 +++++++++++++++++
arch/s390/kernel/compat_wrapper.S | 8 ++++++++
arch/s390/kernel/process.c | 37 +++++++++++++++++++++++++++++++++++++
arch/s390/kernel/syscalls.S | 1 +
5 files changed, 65 insertions(+), 1 deletions(-)
diff --git a/arch/s390/include/asm/unistd.h b/arch/s390/include/asm/unistd.h
index 5f00751..ff13be1 100644
--- a/arch/s390/include/asm/unistd.h
+++ b/arch/s390/include/asm/unistd.h
@@ -269,7 +269,8 @@
#define __NR_pwritev 329
#define __NR_rt_tgsigqueueinfo 330
#define __NR_perf_event_open 331
-#define NR_syscalls 332
+#define __NR_eclone 332
+#define NR_syscalls 333
/*
* There are some system calls that are not present on 64 bit, some
diff --git a/arch/s390/kernel/compat_linux.c b/arch/s390/kernel/compat_linux.c
index 73b624e..1f70d6f 100644
--- a/arch/s390/kernel/compat_linux.c
+++ b/arch/s390/kernel/compat_linux.c
@@ -663,6 +663,23 @@ asmlinkage long sys32_write(unsigned int fd, char __user * buf, size_t count)
return sys_write(fd, buf, count);
}
+asmlinkage long sys32_clone(void)
+{
+ struct pt_regs *regs = task_pt_regs(current);
+ unsigned long clone_flags;
+ unsigned long newsp;
+ int __user *parent_tidptr, *child_tidptr;
+
+ clone_flags = regs->gprs[3] & 0xffffffffUL;
+ newsp = regs->orig_gpr2 & 0x7fffffffUL;
+ parent_tidptr = compat_ptr(regs->gprs[4]);
+ child_tidptr = compat_ptr(regs->gprs[5]);
+ if (!newsp)
+ newsp = regs->gprs[15];
+ return do_fork(clone_flags, newsp, regs, 0,
+ parent_tidptr, child_tidptr);
+}
+
/*
* 31 bit emulation wrapper functions for sys_fadvise64/fadvise64_64.
* These need to rewrite the advise values for POSIX_FADV_{DONTNEED,NOREUSE}
diff --git a/arch/s390/kernel/compat_wrapper.S b/arch/s390/kernel/compat_wrapper.S
index 672ce52..b7bedfa 100644
--- a/arch/s390/kernel/compat_wrapper.S
+++ b/arch/s390/kernel/compat_wrapper.S
@@ -1847,6 +1847,14 @@ sys_clone_wrapper:
llgtr %r5,%r5 # int *
jg sys_clone # branch to system call
+ .globl sys_eclone_wrapper
+sys_eclone_wrapper:
+ llgfr %r2,%r2 # unsigned int
+ llgtr %r3,%r3 # struct clone_args *
+ lgfr %r4,%r4 # int
+ llgtr %r5,%r5 # pid_t *
+ jg sys_eclone # branch to system call
+
.globl sys32_execve_wrapper
sys32_execve_wrapper:
llgtr %r2,%r2 # char *
diff --git a/arch/s390/kernel/process.c b/arch/s390/kernel/process.c
index 1039fde..799cbb0 100644
--- a/arch/s390/kernel/process.c
+++ b/arch/s390/kernel/process.c
@@ -240,6 +240,43 @@ SYSCALL_DEFINE4(clone, unsigned long, newsp, unsigned long, clone_flags,
parent_tidptr, child_tidptr);
}
+SYSCALL_DEFINE4(eclone, unsigned int, flags_low, struct clone_args __user *,
+ uca, int, args_size, pid_t __user *, pids)
+{
+ int rc;
+ struct pt_regs *regs = task_pt_regs(current);
+ struct clone_args kca;
+ int __user *parent_tid_ptr;
+ int __user *child_tid_ptr;
+ unsigned long flags;
+ unsigned long __user child_stack;
+ unsigned long stack_size;
+
+ rc = fetch_clone_args_from_user(uca, args_size, &kca);
+ if (rc)
+ return rc;
+
+ flags = flags_low;
+ parent_tid_ptr = (int __user *) kca.parent_tid_ptr;
+ child_tid_ptr = (int __user *) kca.child_tid_ptr;
+
+ stack_size = (unsigned long) kca.child_stack_size;
+ if (stack_size)
+ return -EINVAL;
+
+ child_stack = (unsigned long) kca.child_stack;
+ if (!child_stack)
+ child_stack = regs->gprs[15];
+
+ /*
+ * TODO: On 32-bit systems, clone_flags is passed in as 32-bit value
+ * to several functions. Need to convert clone_flags to 64-bit.
+ */
+ return do_fork_with_pids(flags, child_stack, regs, stack_size,
+ parent_tid_ptr, child_tid_ptr, kca.nr_pids,
+ pids);
+}
+
/*
* This is trivial, and on the face of it looks like it
* could equally well be done in user mode.
diff --git a/arch/s390/kernel/syscalls.S b/arch/s390/kernel/syscalls.S
index 201ce6b..08eab1d 100644
--- a/arch/s390/kernel/syscalls.S
+++ b/arch/s390/kernel/syscalls.S
@@ -340,3 +340,4 @@ SYSCALL(sys_preadv,sys_preadv,compat_sys_preadv_wrapper)
SYSCALL(sys_pwritev,sys_pwritev,compat_sys_pwritev_wrapper)
SYSCALL(sys_rt_tgsigqueueinfo,sys_rt_tgsigqueueinfo,compat_sys_rt_tgsigqueueinfo_wrapper) /* 330 */
SYSCALL(sys_perf_event_open,sys_perf_event_open,sys_perf_event_open_wrapper)
+SYSCALL(sys_eclone,sys_eclone,sys_eclone_wrapper)
--
1.6.3.3
^ permalink raw reply related [flat|nested] 137+ messages in thread* [PATCH v21 010/100] eclone (10/11): Implement sys_eclone for powerpc
2010-05-01 14:14 [PATCH v21 00/100] Kernel based checkpoint/restart Oren Laadan
` (8 preceding siblings ...)
2010-05-01 14:14 ` [PATCH v21 009/100] eclone (9/11): Implement sys_eclone for s390 Oren Laadan
@ 2010-05-01 14:14 ` Oren Laadan
2010-05-01 14:14 ` [PATCH v21 011/100] eclone (11/11): Document sys_eclone Oren Laadan
` (91 subsequent siblings)
101 siblings, 0 replies; 137+ messages in thread
From: Oren Laadan @ 2010-05-01 14:14 UTC (permalink / raw)
To: Andrew Morton
Cc: containers, linux-kernel, Serge Hallyn, Matt Helsley,
Pavel Emelyanov, Nathan Lynch, linux-api, x86, linux-s390,
linuxppc-dev
From: Nathan Lynch <ntl@pobox.com>
Wired up for both ppc32 and ppc64, but tested only with the latter.
Changelog:
- Jan 20: (ntl) fix 32-bit build
- Nov 17: (serge) remove redundant flags_high check, and
don't fold it into flags.
Cc: linux-api@vger.kernel.org
Cc: x86@kernel.org
Cc: linux-s390@vger.kernel.org
Cc: linuxppc-dev@ozlabs.org
Signed-off-by: Nathan Lynch <ntl@pobox.com>
Signed-off-by: Serge E. Hallyn <serue@us.ibm.com>
---
arch/powerpc/include/asm/syscalls.h | 6 ++++
arch/powerpc/include/asm/systbl.h | 1 +
arch/powerpc/include/asm/unistd.h | 3 +-
arch/powerpc/kernel/entry_32.S | 8 +++++
arch/powerpc/kernel/entry_64.S | 5 +++
arch/powerpc/kernel/process.c | 54 ++++++++++++++++++++++++++++++++++-
6 files changed, 75 insertions(+), 2 deletions(-)
diff --git a/arch/powerpc/include/asm/syscalls.h b/arch/powerpc/include/asm/syscalls.h
index 4084e56..920cefd 100644
--- a/arch/powerpc/include/asm/syscalls.h
+++ b/arch/powerpc/include/asm/syscalls.h
@@ -23,6 +23,12 @@ asmlinkage int sys_execve(unsigned long a0, unsigned long a1,
asmlinkage int sys_clone(unsigned long clone_flags, unsigned long usp,
int __user *parent_tidp, void __user *child_threadptr,
int __user *child_tidp, int p6, struct pt_regs *regs);
+asmlinkage int sys_eclone(unsigned long flags_low,
+ struct clone_args __user *args,
+ size_t args_size,
+ pid_t __user *pids,
+ unsigned long p5, unsigned long p6,
+ struct pt_regs *regs);
asmlinkage int sys_fork(unsigned long p1, unsigned long p2,
unsigned long p3, unsigned long p4, unsigned long p5,
unsigned long p6, struct pt_regs *regs);
diff --git a/arch/powerpc/include/asm/systbl.h b/arch/powerpc/include/asm/systbl.h
index a5ee345..f94fc43 100644
--- a/arch/powerpc/include/asm/systbl.h
+++ b/arch/powerpc/include/asm/systbl.h
@@ -326,3 +326,4 @@ SYSCALL_SPU(perf_event_open)
COMPAT_SYS_SPU(preadv)
COMPAT_SYS_SPU(pwritev)
COMPAT_SYS(rt_tgsigqueueinfo)
+PPC_SYS(eclone)
diff --git a/arch/powerpc/include/asm/unistd.h b/arch/powerpc/include/asm/unistd.h
index f0a1026..4cdbd5c 100644
--- a/arch/powerpc/include/asm/unistd.h
+++ b/arch/powerpc/include/asm/unistd.h
@@ -345,10 +345,11 @@
#define __NR_preadv 320
#define __NR_pwritev 321
#define __NR_rt_tgsigqueueinfo 322
+#define __NR_eclone 323
#ifdef __KERNEL__
-#define __NR_syscalls 323
+#define __NR_syscalls 324
#define __NR__exit __NR_exit
#define NR_syscalls __NR_syscalls
diff --git a/arch/powerpc/kernel/entry_32.S b/arch/powerpc/kernel/entry_32.S
index 1175a85..579f1da 100644
--- a/arch/powerpc/kernel/entry_32.S
+++ b/arch/powerpc/kernel/entry_32.S
@@ -586,6 +586,14 @@ ppc_clone:
stw r0,_TRAP(r1) /* register set saved */
b sys_clone
+ .globl ppc_eclone
+ppc_eclone:
+ SAVE_NVGPRS(r1)
+ lwz r0,_TRAP(r1)
+ rlwinm r0,r0,0,0,30 /* clear LSB to indicate full */
+ stw r0,_TRAP(r1) /* register set saved */
+ b sys_eclone
+
.globl ppc_swapcontext
ppc_swapcontext:
SAVE_NVGPRS(r1)
diff --git a/arch/powerpc/kernel/entry_64.S b/arch/powerpc/kernel/entry_64.S
index 07109d8..b763340 100644
--- a/arch/powerpc/kernel/entry_64.S
+++ b/arch/powerpc/kernel/entry_64.S
@@ -344,6 +344,11 @@ _GLOBAL(ppc_clone)
bl .sys_clone
b syscall_exit
+_GLOBAL(ppc_eclone)
+ bl .save_nvgprs
+ bl .sys_eclone
+ b syscall_exit
+
_GLOBAL(ppc32_swapcontext)
bl .save_nvgprs
bl .compat_sys_swapcontext
diff --git a/arch/powerpc/kernel/process.c b/arch/powerpc/kernel/process.c
index e4d71ce..b183287 100644
--- a/arch/powerpc/kernel/process.c
+++ b/arch/powerpc/kernel/process.c
@@ -961,7 +961,59 @@ int sys_clone(unsigned long clone_flags, unsigned long usp,
child_tidp = TRUNC_PTR(child_tidp);
}
#endif
- return do_fork(clone_flags, usp, regs, 0, parent_tidp, child_tidp);
+ return do_fork(clone_flags, usp, regs, 0, parent_tidp, child_tidp);
+}
+
+int sys_eclone(unsigned long clone_flags_low,
+ struct clone_args __user *uclone_args,
+ size_t size,
+ pid_t __user *upids,
+ unsigned long p5, unsigned long p6,
+ struct pt_regs *regs)
+{
+ struct clone_args kclone_args;
+ unsigned long stack_base;
+ int __user *parent_tidp;
+ int __user *child_tidp;
+ unsigned long stack_sz;
+ unsigned int nr_pids;
+ unsigned long flags;
+ unsigned long usp;
+ int rc;
+
+ CHECK_FULL_REGS(regs);
+
+ rc = fetch_clone_args_from_user(uclone_args, size, &kclone_args);
+ if (rc)
+ return rc;
+
+ stack_sz = kclone_args.child_stack_size;
+ stack_base = kclone_args.child_stack;
+
+ /* powerpc doesn't do anything useful with the stack size */
+ if (stack_sz)
+ return -EINVAL;
+
+ /* Interpret stack_base as the child sp if it is set. */
+ usp = regs->gpr[1];
+ if (stack_base)
+ usp = stack_base;
+
+ flags = clone_flags_low;
+
+ nr_pids = kclone_args.nr_pids;
+
+ parent_tidp = (int __user *)(unsigned long)kclone_args.parent_tid_ptr;
+ child_tidp = (int __user *)(unsigned long)kclone_args.child_tid_ptr;
+
+#ifdef CONFIG_PPC64
+ if (test_thread_flag(TIF_32BIT)) {
+ parent_tidp = TRUNC_PTR(parent_tidp);
+ child_tidp = TRUNC_PTR(child_tidp);
+ }
+#endif
+ return do_fork_with_pids(flags, stack_base, regs, stack_sz,
+ parent_tidp, child_tidp, nr_pids, upids);
}
int sys_fork(unsigned long p1, unsigned long p2, unsigned long p3,
--
1.6.3.3
^ permalink raw reply related [flat|nested] 137+ messages in thread* [PATCH v21 011/100] eclone (11/11): Document sys_eclone
2010-05-01 14:14 [PATCH v21 00/100] Kernel based checkpoint/restart Oren Laadan
` (9 preceding siblings ...)
2010-05-01 14:14 ` [PATCH v21 010/100] eclone (10/11): Implement sys_eclone for powerpc Oren Laadan
@ 2010-05-01 14:14 ` Oren Laadan
2010-05-05 21:14 ` Randy Dunlap
2010-05-01 14:14 ` [PATCH v21 012/100] c/r: extend arch_setup_additional_pages() Oren Laadan
` (90 subsequent siblings)
101 siblings, 1 reply; 137+ messages in thread
From: Oren Laadan @ 2010-05-01 14:14 UTC (permalink / raw)
To: Andrew Morton
Cc: containers, linux-kernel, Serge Hallyn, Matt Helsley,
Pavel Emelyanov, Sukadev Bhattiprolu, linux-api, x86, linux-s390,
linuxppc-dev
From: Sukadev Bhattiprolu <sukadev@linux.vnet.ibm.com>
This gives a brief overview of the eclone() system call. We should
eventually describe more details in existing clone(2) man page or in
a new man page.
Changelog[v13]:
- [Nathan Lynch, Serge Hallyn] Rename ->child_stack_base to
->child_stack and ensure ->child_stack_size is 0 on architectures
that don't need it.
- [Arnd Bergmann] Remove ->reserved1 field
- [Louis Rilling, Dave Hansen] Combine the two asm statements in the
example into one and use memory constraint to avoid unncessary copies.
Changelog[v12]:
- [Serge Hallyn] Fix/simplify stack-setup in the example code
- [Serge Hallyn, Oren Laadan] Rename syscall to eclone()
Changelog[v11]:
- [Dave Hansen] Move clone_args validation checks to arch-indpendent
code.
- [Oren Laadan] Make args_size a parameter to system call and remove
it from 'struct clone_args'
- [Oren Laadan] Fix some typos and clarify the order of pids in the
@pids parameter.
Changelog[v10]:
- Rename clone3() to clone_with_pids() and fix some typos.
- Modify example to show usage with the ptregs implementation.
Changelog[v9]:
- [Pavel Machek]: Fix an inconsistency and rename new file to
Documentation/clone3.
- [Roland McGrath, H. Peter Anvin] Updates to description and
example to reflect new prototype of clone3() and the updated/
renamed 'struct clone_args'.
Changelog[v8]:
- clone2() is already in use in IA64. Rename syscall to clone3()
- Add notes to say that we return -EINVAL if invalid clone flags
are specified or if the reserved fields are not 0.
Changelog[v7]:
- Rename clone_with_pids() to clone2()
- Changes to reflect new prototype of clone2() (using clone_struct).
Cc: linux-api@vger.kernel.org
Cc: x86@kernel.org
Cc: linux-s390@vger.kernel.org
Cc: linuxppc-dev@ozlabs.org
Signed-off-by: Sukadev Bhattiprolu <sukadev@linux.vnet.ibm.com>
Acked-by: Serge E. Hallyn <serue@us.ibm.com>
Acked-by: Oren Laadan <orenl@cs.columbia.edu>
---
Documentation/eclone | 348 ++++++++++++++++++++++++++++++++++++++++++++++++++
1 files changed, 348 insertions(+), 0 deletions(-)
create mode 100644 Documentation/eclone
diff --git a/Documentation/eclone b/Documentation/eclone
new file mode 100644
index 0000000..c2f1b4b
--- /dev/null
+++ b/Documentation/eclone
@@ -0,0 +1,348 @@
+
+struct clone_args {
+ u64 clone_flags_high;
+ u64 child_stack;
+ u64 child_stack_size;
+ u64 parent_tid_ptr;
+ u64 child_tid_ptr;
+ u32 nr_pids;
+ u32 reserved0;
+};
+
+
+sys_eclone(u32 flags_low, struct clone_args * __user cargs, int cargs_size,
+ pid_t * __user pids)
+
+ In addition to doing everything that clone() system call does, the
+ eclone() system call:
+
+ - allows additional clone flags (31 of 32 bits in the flags
+ parameter to clone() are in use)
+
+ - allows user to specify a pid for the child process in its
+ active and ancestor pid namespaces.
+
+ This system call is meant to be used when restarting an application
+ from a checkpoint. Such restart requires that the processes in the
+ application have the same pids they had when the application was
+ checkpointed. When containers are nested, the processes within the
+ containers exist in multiple pid namespaces and hence have multiple
+ pids to specify during restart.
+
+ The @flags_low parameter is identical to the 'clone_flags' parameter
+ in existing clone() system call.
+
+ The fields in 'struct clone_args' are meant to be used as follows:
+
+ u64 clone_flags_high:
+
+ When eclone() supports more than 32 flags, the additional bits
+ in the clone_flags should be specified in this field. This
+ field is currently unused and must be set to 0.
+
+ u64 child_stack;
+ u64 child_stack_size;
+
+ These two fields correspond to the 'child_stack' fields in
+ clone() and clone2() (on IA64) system calls. The usage of
+ these two fields depends on the processor architecture.
+
+ Most architectures use ->child_stack to pass-in a stack-pointer
+ itself and don't need the ->child_stack_size field. On these
+ architectures the ->child_stack_size field must be 0.
+
+ Some architectures, eg IA64, use ->child_stack to pass-in the
+ base of the region allocated for stack. These architectures
+ must pass in the size of the stack-region in ->child_stack_size.
+
+ u64 parent_tid_ptr;
+ u64 child_tid_ptr;
+
+ These two fields correspond to the 'parent_tid_ptr' and
+ 'child_tid_ptr' fields in the clone() system call
+
+ u32 nr_pids;
+
+ nr_pids specifies the number of pids in the @pids array
+ parameter to eclone() (see below). nr_pids should not exceed
+ the current nesting level of the calling process (i.e if the
+ process is in init_pid_ns, nr_pids must be 1, if process is
+ in a pid namespace that is a child of init-pid-ns, nr_pids
+ cannot exceed 2, and so on).
+
+ u32 reserved0;
+ u64 reserved1;
+
+ These fields are intended to extend the functionality of the
+ eclone() in the future, while preserving backward compatibility.
+ They must be set to 0 for now.
+
+ The @cargs_size parameter specifes the sizeof(struct clone_args) and
+ is intended to enable extending this structure in the future, while
+ preserving backward compatibility. For now, this field must be set
+ to the sizeof(struct clone_args) and this size must match the kernel's
+ view of the structure.
+
+ The @pids parameter defines the set of pids that should be assigned to
+ the child process in its active and ancestor pid namespaces. The
+ descendant pid namespaces do not matter since a process does not have a
+ pid in descendant namespaces, unless the process is in a new pid
+ namespace in which case the process is a container-init (and must have
+ the pid 1 in that namespace).
+
+ See CLONE_NEWPID section of clone(2) man page for details about pid
+ namespaces.
+
+ If a pid in the @pids list is 0, the kernel will assign the next
+ available pid in the pid namespace.
+
+ If a pid in the @pids list is non-zero, the kernel tries to assign
+ the specified pid in that namespace. If that pid is already in use
+ by another process, the system call fails (see EBUSY below).
+
+ The order of pids in @pids is oldest in pids[0] to youngest pid
+ namespace in pids[nr_pids-1]. If the number of pids specified in the
+ @pids list is fewer than the nesting level of the process, the pids
+ are applied from youngest namespace. i.e if the process is nested in
+ a level-6 pid namespace and @pids only specifies 3 pids, the 3 pids
+ are applied to levels 6, 5 and 4. Levels 0 through 3 are assumed to
+ have a pid of '0' (the kernel will assign a pid in those namespaces).
+
+ On success, the system call returns the pid of the child process in
+ the parent's active pid namespace.
+
+ On failure, eclone() returns -1 and sets 'errno' to one of following
+ values (the child process is not created).
+
+ EPERM Caller does not have the CAP_SYS_ADMIN privilege needed to
+ specify the pids in this call (if pids are not specifed
+ CAP_SYS_ADMIN is not required).
+
+ EINVAL The number of pids specified in 'clone_args.nr_pids' exceeds
+ the current nesting level of parent process
+
+ EINVAL Not all specified clone-flags are valid.
+
+ EINVAL The reserved fields in the clone_args argument are not 0.
+
+ EINVAL The child_stack_size field is not 0 (on architectures that
+ pass in a stack pointer in ->child_stack field)
+
+ EBUSY A requested pid is in use by another process in that namespace.
+
+---
+/*
+ * Example eclone() usage - Create a child process with pid CHILD_TID1 in
+ * the current pid namespace. The child gets the usual "random" pid in any
+ * ancestor pid namespaces.
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <signal.h>
+#include <errno.h>
+#include <unistd.h>
+#include <wait.h>
+#include <sys/syscall.h>
+
+#define __NR_eclone 337
+#define CLONE_NEWPID 0x20000000
+#define CLONE_CHILD_SETTID 0x01000000
+#define CLONE_PARENT_SETTID 0x00100000
+#define CLONE_UNUSED 0x00001000
+
+#define STACKSIZE 8192
+
+typedef unsigned long long u64;
+typedef unsigned int u32;
+typedef int pid_t;
+struct clone_args {
+ u64 clone_flags_high;
+ u64 child_stack;
+ u64 child_stack_size;
+
+ u64 parent_tid_ptr;
+ u64 child_tid_ptr;
+
+ u32 nr_pids;
+
+ u32 reserved0;
+};
+
+#define exit _exit
+
+/*
+ * Following eclone() is based on code posted by Oren Laadan at:
+ * https://lists.linux-foundation.org/pipermail/containers/2009-June/018463.html
+ */
+#if defined(__i386__) && defined(__NR_eclone)
+
+int eclone(u32 flags_low, struct clone_args *clone_args, int args_size,
+ int *pids)
+{
+ long retval;
+
+ __asm__ __volatile__(
+ "movl %3, %%ebx\n\t" /* flags_low -> 1st (ebx) */
+ "movl %4, %%ecx\n\t" /* clone_args -> 2nd (ecx)*/
+ "movl %5, %%edx\n\t" /* args_size -> 3rd (edx) */
+ "movl %6, %%edi\n\t" /* pids -> 4th (edi)*/
+
+ "pushl %%ebp\n\t" /* save value of ebp */
+ "int $0x80\n\t" /* Linux/i386 system call */
+ "testl %0,%0\n\t" /* check return value */
+ "jne 1f\n\t" /* jump if parent */
+
+ "popl %%esi\n\t" /* get subthread function */
+ "call *%%esi\n\t" /* start subthread function */
+ "movl %2,%0\n\t"
+ "int $0x80\n" /* exit system call: exit subthread */
+ "1:\n\t"
+ "popl %%ebp\t" /* restore parent's ebp */
+
+ :"=a" (retval)
+
+ :"0" (__NR_eclone),
+ "i" (__NR_exit),
+ "m" (flags_low),
+ "m" (clone_args),
+ "m" (args_size),
+ "m" (pids)
+ );
+
+ if (retval < 0) {
+ errno = -retval;
+ retval = -1;
+ }
+ return retval;
+}
+
+/*
+ * Allocate a stack for the clone-child and arrange to have the child
+ * execute @child_fn with @child_arg as the argument.
+ */
+void *setup_stack(int (*child_fn)(void *), void *child_arg, int size)
+{
+ void *stack_base;
+ void **stack_top;
+
+ stack_base = malloc(size + size);
+ if (!stack_base) {
+ perror("malloc()");
+ exit(1);
+ }
+
+ stack_top = (void **)((char *)stack_base + (size - 4));
+ *--stack_top = child_arg;
+ *--stack_top = child_fn;
+
+ return stack_top;
+}
+#endif
+
+/* gettid() is a bit more useful than getpid() when messing with clone() */
+int gettid()
+{
+ int rc;
+
+ rc = syscall(__NR_gettid, 0, 0, 0);
+ if (rc < 0) {
+ printf("rc %d, errno %d\n", rc, errno);
+ exit(1);
+ }
+ return rc;
+}
+
+#define CHILD_TID1 377
+#define CHILD_TID2 1177
+#define CHILD_TID3 2799
+
+struct clone_args clone_args;
+void *child_arg = &clone_args;
+int child_tid;
+
+int do_child(void *arg)
+{
+ struct clone_args *cs = (struct clone_args *)arg;
+ int ctid;
+
+ /* Verify we pushed the arguments correctly on the stack... */
+ if (arg != child_arg) {
+ printf("Child: Incorrect child arg pointer, expected %p,"
+ "actual %p\n", child_arg, arg);
+ exit(1);
+ }
+
+ /* ... and that we got the thread-id we expected */
+ ctid = *((int *)(unsigned long)cs->child_tid_ptr);
+ if (ctid != CHILD_TID1) {
+ printf("Child: Incorrect child tid, expected %d, actual %d\n",
+ CHILD_TID1, ctid);
+ exit(1);
+ } else {
+ printf("Child got the expected tid, %d\n", gettid());
+ }
+ sleep(2);
+
+ printf("[%d, %d]: Child exiting\n", getpid(), ctid);
+ exit(0);
+}
+
+static int do_clone(int (*child_fn)(void *), void *child_arg,
+ unsigned int flags_low, int nr_pids, pid_t *pids_list)
+{
+ int rc;
+ void *stack;
+ struct clone_args *ca = &clone_args;
+ int args_size;
+
+ stack = setup_stack(child_fn, child_arg, STACKSIZE);
+
+ memset(ca, 0, sizeof(*ca));
+
+ ca->child_stack = (u64)(unsigned long)stack;
+ ca->child_stack_size = (u64)0;
+ ca->child_tid_ptr = (u64)(unsigned long)&child_tid;
+ ca->nr_pids = nr_pids;
+
+ args_size = sizeof(struct clone_args);
+ rc = eclone(flags_low, ca, args_size, pids_list);
+
+ printf("[%d, %d]: eclone() returned %d, error %d\n", getpid(), gettid(),
+ rc, errno);
+ return rc;
+}
+
+/*
+ * Multiple pid_t pid_t values in pids_list[] here are just for illustration.
+ * The test case creates a child in the current pid namespace and uses only
+ * the first value, CHILD_TID1.
+ */
+pid_t pids_list[] = { CHILD_TID1, CHILD_TID2, CHILD_TID3 };
+int main()
+{
+ int rc, pid, status;
+ unsigned long flags;
+ int nr_pids = 1;
+
+ flags = SIGCHLD|CLONE_CHILD_SETTID;
+
+ pid = do_clone(do_child, &clone_args, flags, nr_pids, pids_list);
+
+ printf("[%d, %d]: Parent waiting for %d\n", getpid(), gettid(), pid);
+
+ rc = waitpid(pid, &status, __WALL);
+ if (rc < 0) {
+ printf("waitpid(): rc %d, error %d\n", rc, errno);
+ } else {
+ printf("[%d, %d]: child %d:\n\t wait-status 0x%x\n", getpid(),
+ gettid(), rc, status);
+
+ if (WIFEXITED(status)) {
+ printf("\t EXITED, %d\n", WEXITSTATUS(status));
+ } else if (WIFSIGNALED(status)) {
+ printf("\t SIGNALED, %d\n", WTERMSIG(status));
+ }
+ }
+ return 0;
+}
--
1.6.3.3
^ permalink raw reply related [flat|nested] 137+ messages in thread* Re: [PATCH v21 011/100] eclone (11/11): Document sys_eclone
2010-05-01 14:14 ` [PATCH v21 011/100] eclone (11/11): Document sys_eclone Oren Laadan
@ 2010-05-05 21:14 ` Randy Dunlap
2010-05-05 22:25 ` Sukadev Bhattiprolu
0 siblings, 1 reply; 137+ messages in thread
From: Randy Dunlap @ 2010-05-05 21:14 UTC (permalink / raw)
To: Oren Laadan
Cc: Andrew Morton, containers, linux-kernel, Serge Hallyn,
Matt Helsley, Pavel Emelyanov, Sukadev Bhattiprolu, linux-api,
x86, linux-s390, linuxppc-dev
On Sat, 1 May 2010 10:14:53 -0400 Oren Laadan wrote:
> From: Sukadev Bhattiprolu <sukadev@linux.vnet.ibm.com>
>
> This gives a brief overview of the eclone() system call. We should
> eventually describe more details in existing clone(2) man page or in
> a new man page.
>
> Signed-off-by: Sukadev Bhattiprolu <sukadev@linux.vnet.ibm.com>
> Acked-by: Serge E. Hallyn <serue@us.ibm.com>
> Acked-by: Oren Laadan <orenl@cs.columbia.edu>
> ---
> Documentation/eclone | 348 ++++++++++++++++++++++++++++++++++++++++++++++++++
> 1 files changed, 348 insertions(+), 0 deletions(-)
> create mode 100644 Documentation/eclone
>
> diff --git a/Documentation/eclone b/Documentation/eclone
> new file mode 100644
> index 0000000..c2f1b4b
> --- /dev/null
> +++ b/Documentation/eclone
> @@ -0,0 +1,348 @@
> +
> +struct clone_args {
> + u64 clone_flags_high;
> + u64 child_stack;
> + u64 child_stack_size;
> + u64 parent_tid_ptr;
> + u64 child_tid_ptr;
> + u32 nr_pids;
> + u32 reserved0;
> +};
> +
> +
> +sys_eclone(u32 flags_low, struct clone_args * __user cargs, int cargs_size,
> + pid_t * __user pids)
> +
> + In addition to doing everything that clone() system call does, the
that the clone()
> + eclone() system call:
> +
> + - allows additional clone flags (31 of 32 bits in the flags
> + parameter to clone() are in use)
> +
> + - allows user to specify a pid for the child process in its
> + active and ancestor pid namespaces.
> +
> + This system call is meant to be used when restarting an application
> + from a checkpoint. Such restart requires that the processes in the
> + application have the same pids they had when the application was
> + checkpointed. When containers are nested, the processes within the
> + containers exist in multiple pid namespaces and hence have multiple
> + pids to specify during restart.
> +
> + The @flags_low parameter is identical to the 'clone_flags' parameter
> + in existing clone() system call.
in the existing
> +
> + The fields in 'struct clone_args' are meant to be used as follows:
> +
> + u64 clone_flags_high:
> +
> + When eclone() supports more than 32 flags, the additional bits
> + in the clone_flags should be specified in this field. This
> + field is currently unused and must be set to 0.
> +
> + u64 child_stack;
> + u64 child_stack_size;
> +
> + These two fields correspond to the 'child_stack' fields in
> + clone() and clone2() (on IA64) system calls. The usage of
> + these two fields depends on the processor architecture.
> +
> + Most architectures use ->child_stack to pass-in a stack-pointer
to pass in
> + itself and don't need the ->child_stack_size field. On these
> + architectures the ->child_stack_size field must be 0.
> +
> + Some architectures, eg IA64, use ->child_stack to pass-in the
e.g. to pass in
> + base of the region allocated for stack. These architectures
> + must pass in the size of the stack-region in ->child_stack_size.
stack region
Seems unfortunate that different architectures use the fields differently.
> +
> + u64 parent_tid_ptr;
> + u64 child_tid_ptr;
> +
> + These two fields correspond to the 'parent_tid_ptr' and
> + 'child_tid_ptr' fields in the clone() system call
system call.
> +
> + u32 nr_pids;
> +
> + nr_pids specifies the number of pids in the @pids array
> + parameter to eclone() (see below). nr_pids should not exceed
> + the current nesting level of the calling process (i.e if the
i.e.
> + process is in init_pid_ns, nr_pids must be 1, if process is
> + in a pid namespace that is a child of init-pid-ns, nr_pids
> + cannot exceed 2, and so on).
> +
> + u32 reserved0;
> + u64 reserved1;
> +
> + These fields are intended to extend the functionality of the
> + eclone() in the future, while preserving backward compatibility.
> + They must be set to 0 for now.
The struct does not have a reserved1 field AFAICT.
> + The @cargs_size parameter specifes the sizeof(struct clone_args) and
> + is intended to enable extending this structure in the future, while
> + preserving backward compatibility. For now, this field must be set
> + to the sizeof(struct clone_args) and this size must match the kernel's
> + view of the structure.
> +
> + The @pids parameter defines the set of pids that should be assigned to
> + the child process in its active and ancestor pid namespaces. The
> + descendant pid namespaces do not matter since a process does not have a
> + pid in descendant namespaces, unless the process is in a new pid
> + namespace in which case the process is a container-init (and must have
> + the pid 1 in that namespace).
> +
> + See CLONE_NEWPID section of clone(2) man page for details about pid
of the clone(2)
> + namespaces.
> +
> + If a pid in the @pids list is 0, the kernel will assign the next
> + available pid in the pid namespace.
> +
> + If a pid in the @pids list is non-zero, the kernel tries to assign
> + the specified pid in that namespace. If that pid is already in use
> + by another process, the system call fails (see EBUSY below).
> +
> + The order of pids in @pids is oldest in pids[0] to youngest pid
> + namespace in pids[nr_pids-1]. If the number of pids specified in the
> + @pids list is fewer than the nesting level of the process, the pids
> + are applied from youngest namespace. i.e if the process is nested in
the youngest namespace. I.e.
> + a level-6 pid namespace and @pids only specifies 3 pids, the 3 pids
> + are applied to levels 6, 5 and 4. Levels 0 through 3 are assumed to
> + have a pid of '0' (the kernel will assign a pid in those namespaces).
> +
> + On success, the system call returns the pid of the child process in
> + the parent's active pid namespace.
> +
> + On failure, eclone() returns -1 and sets 'errno' to one of following
> + values (the child process is not created).
> +
> + EPERM Caller does not have the CAP_SYS_ADMIN privilege needed to
> + specify the pids in this call (if pids are not specifed
> + CAP_SYS_ADMIN is not required).
> +
> + EINVAL The number of pids specified in 'clone_args.nr_pids' exceeds
> + the current nesting level of parent process
process.
> +
> + EINVAL Not all specified clone-flags are valid.
> +
> + EINVAL The reserved fields in the clone_args argument are not 0.
> +
> + EINVAL The child_stack_size field is not 0 (on architectures that
> + pass in a stack pointer in ->child_stack field)
field).
> +
> + EBUSY A requested pid is in use by another process in that namespace.
> +
> +---
Is this example program meant to build only on i386?
On x86_64 I get:
eclone-syscall-test.c: In function 'do_clone':
eclone-syscall-test.c:166: warning: assignment makes pointer from integer without a cast
/tmp/cc0OrhU3.o: In function `do_clone':
eclone-syscall-test.c:(.text+0x173): undefined reference to `setup_stack'
eclone-syscall-test.c:(.text+0x1e2): undefined reference to `eclone'
> +/*
> + * Example eclone() usage - Create a child process with pid CHILD_TID1 in
> + * the current pid namespace. The child gets the usual "random" pid in any
> + * ancestor pid namespaces.
> + */
> +#include <stdio.h>
> +#include <stdlib.h>
> +#include <string.h>
> +#include <signal.h>
> +#include <errno.h>
> +#include <unistd.h>
> +#include <wait.h>
> +#include <sys/syscall.h>
> +
> +#define __NR_eclone 337
> +#define CLONE_NEWPID 0x20000000
> +#define CLONE_CHILD_SETTID 0x01000000
> +#define CLONE_PARENT_SETTID 0x00100000
> +#define CLONE_UNUSED 0x00001000
> +
> +#define STACKSIZE 8192
> +
> +typedef unsigned long long u64;
> +typedef unsigned int u32;
> +typedef int pid_t;
> +struct clone_args {
> + u64 clone_flags_high;
> + u64 child_stack;
> + u64 child_stack_size;
> +
> + u64 parent_tid_ptr;
> + u64 child_tid_ptr;
> +
> + u32 nr_pids;
> +
> + u32 reserved0;
> +};
> +
> +#define exit _exit
> +
> +/*
> + * Following eclone() is based on code posted by Oren Laadan at:
> + * https://lists.linux-foundation.org/pipermail/containers/2009-June/018463.html
> + */
> +#if defined(__i386__) && defined(__NR_eclone)
> +
> +int eclone(u32 flags_low, struct clone_args *clone_args, int args_size,
> + int *pids)
> +{
> + long retval;
> +
> + __asm__ __volatile__(
> + "movl %3, %%ebx\n\t" /* flags_low -> 1st (ebx) */
> + "movl %4, %%ecx\n\t" /* clone_args -> 2nd (ecx)*/
> + "movl %5, %%edx\n\t" /* args_size -> 3rd (edx) */
> + "movl %6, %%edi\n\t" /* pids -> 4th (edi)*/
> +
> + "pushl %%ebp\n\t" /* save value of ebp */
> + "int $0x80\n\t" /* Linux/i386 system call */
> + "testl %0,%0\n\t" /* check return value */
> + "jne 1f\n\t" /* jump if parent */
> +
> + "popl %%esi\n\t" /* get subthread function */
> + "call *%%esi\n\t" /* start subthread function */
> + "movl %2,%0\n\t"
> + "int $0x80\n" /* exit system call: exit subthread */
> + "1:\n\t"
> + "popl %%ebp\t" /* restore parent's ebp */
> +
> + :"=a" (retval)
> +
> + :"0" (__NR_eclone),
> + "i" (__NR_exit),
> + "m" (flags_low),
> + "m" (clone_args),
> + "m" (args_size),
> + "m" (pids)
> + );
> +
> + if (retval < 0) {
> + errno = -retval;
> + retval = -1;
> + }
> + return retval;
> +}
> +
> +/*
> + * Allocate a stack for the clone-child and arrange to have the child
> + * execute @child_fn with @child_arg as the argument.
> + */
> +void *setup_stack(int (*child_fn)(void *), void *child_arg, int size)
> +{
> + void *stack_base;
> + void **stack_top;
> +
> + stack_base = malloc(size + size);
> + if (!stack_base) {
> + perror("malloc()");
> + exit(1);
> + }
> +
> + stack_top = (void **)((char *)stack_base + (size - 4));
> + *--stack_top = child_arg;
> + *--stack_top = child_fn;
> +
> + return stack_top;
> +}
> +#endif
> +
> +/* gettid() is a bit more useful than getpid() when messing with clone() */
> +int gettid()
> +{
> + int rc;
> +
> + rc = syscall(__NR_gettid, 0, 0, 0);
> + if (rc < 0) {
> + printf("rc %d, errno %d\n", rc, errno);
> + exit(1);
> + }
> + return rc;
> +}
> +
> +#define CHILD_TID1 377
> +#define CHILD_TID2 1177
> +#define CHILD_TID3 2799
> +
> +struct clone_args clone_args;
> +void *child_arg = &clone_args;
> +int child_tid;
> +
> +int do_child(void *arg)
> +{
> + struct clone_args *cs = (struct clone_args *)arg;
> + int ctid;
> +
> + /* Verify we pushed the arguments correctly on the stack... */
> + if (arg != child_arg) {
> + printf("Child: Incorrect child arg pointer, expected %p,"
> + "actual %p\n", child_arg, arg);
> + exit(1);
> + }
> +
> + /* ... and that we got the thread-id we expected */
> + ctid = *((int *)(unsigned long)cs->child_tid_ptr);
> + if (ctid != CHILD_TID1) {
> + printf("Child: Incorrect child tid, expected %d, actual %d\n",
> + CHILD_TID1, ctid);
> + exit(1);
> + } else {
> + printf("Child got the expected tid, %d\n", gettid());
> + }
> + sleep(2);
> +
> + printf("[%d, %d]: Child exiting\n", getpid(), ctid);
> + exit(0);
> +}
> +
> +static int do_clone(int (*child_fn)(void *), void *child_arg,
> + unsigned int flags_low, int nr_pids, pid_t *pids_list)
> +{
> + int rc;
> + void *stack;
> + struct clone_args *ca = &clone_args;
> + int args_size;
> +
> + stack = setup_stack(child_fn, child_arg, STACKSIZE);
> +
> + memset(ca, 0, sizeof(*ca));
> +
> + ca->child_stack = (u64)(unsigned long)stack;
> + ca->child_stack_size = (u64)0;
> + ca->child_tid_ptr = (u64)(unsigned long)&child_tid;
> + ca->nr_pids = nr_pids;
> +
> + args_size = sizeof(struct clone_args);
> + rc = eclone(flags_low, ca, args_size, pids_list);
> +
> + printf("[%d, %d]: eclone() returned %d, error %d\n", getpid(), gettid(),
> + rc, errno);
> + return rc;
> +}
> +
> +/*
> + * Multiple pid_t pid_t values in pids_list[] here are just for illustration.
> + * The test case creates a child in the current pid namespace and uses only
> + * the first value, CHILD_TID1.
> + */
> +pid_t pids_list[] = { CHILD_TID1, CHILD_TID2, CHILD_TID3 };
> +int main()
> +{
> + int rc, pid, status;
> + unsigned long flags;
> + int nr_pids = 1;
> +
> + flags = SIGCHLD|CLONE_CHILD_SETTID;
> +
> + pid = do_clone(do_child, &clone_args, flags, nr_pids, pids_list);
> +
> + printf("[%d, %d]: Parent waiting for %d\n", getpid(), gettid(), pid);
> +
> + rc = waitpid(pid, &status, __WALL);
> + if (rc < 0) {
> + printf("waitpid(): rc %d, error %d\n", rc, errno);
> + } else {
> + printf("[%d, %d]: child %d:\n\t wait-status 0x%x\n", getpid(),
> + gettid(), rc, status);
> +
> + if (WIFEXITED(status)) {
> + printf("\t EXITED, %d\n", WEXITSTATUS(status));
> + } else if (WIFSIGNALED(status)) {
> + printf("\t SIGNALED, %d\n", WTERMSIG(status));
> + }
> + }
> + return 0;
> +}
> --
---
~Randy
*** Remember to use Documentation/SubmitChecklist when testing your code ***
^ permalink raw reply [flat|nested] 137+ messages in thread* Re: [PATCH v21 011/100] eclone (11/11): Document sys_eclone
2010-05-05 21:14 ` Randy Dunlap
@ 2010-05-05 22:25 ` Sukadev Bhattiprolu
0 siblings, 0 replies; 137+ messages in thread
From: Sukadev Bhattiprolu @ 2010-05-05 22:25 UTC (permalink / raw)
To: Randy Dunlap
Cc: Oren Laadan, Andrew Morton, containers, linux-kernel,
Serge Hallyn, Matt Helsley, Pavel Emelyanov, linux-api, x86,
linux-s390, linuxppc-dev
Randy Dunlap [randy.dunlap@oracle.com] wrote:
| > + base of the region allocated for stack. These architectures
| > + must pass in the size of the stack-region in ->child_stack_size.
|
| stack region
|
| Seems unfortunate that different architectures use the fields differently.
Yes and no. The field still has a single purpose, just that some architectures
may not need it. We enforce that if unused on an architecture, the field must
be 0. It looked like the easiest way to keep the API common across
architectures.
|
| Is this example program meant to build only on i386?
Yes. Will add a pointer to the clone*.[chS] and libeclone.a files in
git://git.ncl.cs.columbia.edu/pub/git/user-cr.git
for other architectures (currently x86_64, ppc, s390).
Thanks for the review. Will fix the errors and repost.
Sukadev
^ permalink raw reply [flat|nested] 137+ messages in thread
* [PATCH v21 012/100] c/r: extend arch_setup_additional_pages()
2010-05-01 14:14 [PATCH v21 00/100] Kernel based checkpoint/restart Oren Laadan
` (10 preceding siblings ...)
2010-05-01 14:14 ` [PATCH v21 011/100] eclone (11/11): Document sys_eclone Oren Laadan
@ 2010-05-01 14:14 ` Oren Laadan
2010-05-01 14:14 ` [PATCH v21 013/100] c/r: break out new_user_ns() Oren Laadan
` (89 subsequent siblings)
101 siblings, 0 replies; 137+ messages in thread
From: Oren Laadan @ 2010-05-01 14:14 UTC (permalink / raw)
To: Andrew Morton
Cc: containers, linux-kernel, Serge Hallyn, Matt Helsley,
Pavel Emelyanov, Alexey Dobriyan, x86, linux-s390, linuxppc-dev,
Oren Laadan
From: Alexey Dobriyan <adobriyan@gmail.com>
Add "start" argument, to request to map vDSO to a specific place,
and fail the operation if not.
This is useful for restart(2) to ensure that memory layout is restore
exactly as needed.
Changelog[v19]:
- [serge hallyn] Fix potential use-before-set ret
Changelog[v2]:
- [ntl] powerpc: vdso build fix (ckpt-v17)
Cc: x86@kernel.org
Cc: linux-s390@vger.kernel.org
Cc: linuxppc-dev@ozlabs.org
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: Oren Laadan <orenl@cs.columbia.edu>
---
arch/powerpc/include/asm/elf.h | 1 +
arch/powerpc/kernel/vdso.c | 13 ++++++++++++-
arch/s390/include/asm/elf.h | 2 +-
arch/s390/kernel/vdso.c | 13 ++++++++++++-
arch/sh/include/asm/elf.h | 1 +
arch/sh/kernel/vsyscall/vsyscall.c | 2 +-
arch/x86/include/asm/elf.h | 3 ++-
arch/x86/vdso/vdso32-setup.c | 9 +++++++--
arch/x86/vdso/vma.c | 11 ++++++++---
fs/binfmt_elf.c | 2 +-
10 files changed, 46 insertions(+), 11 deletions(-)
diff --git a/arch/powerpc/include/asm/elf.h b/arch/powerpc/include/asm/elf.h
index c376eda..0b06255 100644
--- a/arch/powerpc/include/asm/elf.h
+++ b/arch/powerpc/include/asm/elf.h
@@ -266,6 +266,7 @@ extern int ucache_bsize;
#define ARCH_HAS_SETUP_ADDITIONAL_PAGES
struct linux_binprm;
extern int arch_setup_additional_pages(struct linux_binprm *bprm,
+ unsigned long start,
int uses_interp);
#define VDSO_AUX_ENT(a,b) NEW_AUX_ENT(a,b);
diff --git a/arch/powerpc/kernel/vdso.c b/arch/powerpc/kernel/vdso.c
index d84d192..74210ab 100644
--- a/arch/powerpc/kernel/vdso.c
+++ b/arch/powerpc/kernel/vdso.c
@@ -188,7 +188,8 @@ static void dump_vdso_pages(struct vm_area_struct * vma)
* This is called from binfmt_elf, we create the special vma for the
* vDSO and insert it into the mm struct tree
*/
-int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp)
+int arch_setup_additional_pages(struct linux_binprm *bprm,
+ unsigned long start, int uses_interp)
{
struct mm_struct *mm = current->mm;
struct page **vdso_pagelist;
@@ -220,6 +221,10 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp)
vdso_base = VDSO32_MBASE;
#endif
+ /* in case restart(2) mandates a specific location */
+ if (start)
+ vdso_base = start;
+
current->mm->context.vdso_base = 0;
/* vDSO has a problem and was disabled, just don't "enable" it for the
@@ -249,6 +254,12 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp)
/* Add required alignment. */
vdso_base = ALIGN(vdso_base, VDSO_ALIGNMENT);
+ /* for restart(2), double check that we got we asked for */
+ if (start && vdso_base != start) {
+ rc = -EBUSY;
+ goto fail_mmapsem;
+ }
+
/*
* Put vDSO base into mm struct. We need to do this before calling
* install_special_mapping or the perf counter mmap tracking code
diff --git a/arch/s390/include/asm/elf.h b/arch/s390/include/asm/elf.h
index 354d426..5081938 100644
--- a/arch/s390/include/asm/elf.h
+++ b/arch/s390/include/asm/elf.h
@@ -216,6 +216,6 @@ do { \
struct linux_binprm;
#define ARCH_HAS_SETUP_ADDITIONAL_PAGES 1
-int arch_setup_additional_pages(struct linux_binprm *, int);
+int arch_setup_additional_pages(struct linux_binprm *, unsigned long, int);
#endif
diff --git a/arch/s390/kernel/vdso.c b/arch/s390/kernel/vdso.c
index 6bc9c19..54dad2f 100644
--- a/arch/s390/kernel/vdso.c
+++ b/arch/s390/kernel/vdso.c
@@ -195,7 +195,8 @@ static void vdso_init_cr5(void)
* This is called from binfmt_elf, we create the special vma for the
* vDSO and insert it into the mm struct tree
*/
-int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp)
+int arch_setup_additional_pages(struct linux_binprm *bprm,
+ unsigned long start, int uses_interp)
{
struct mm_struct *mm = current->mm;
struct page **vdso_pagelist;
@@ -226,6 +227,10 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp)
vdso_pages = vdso32_pages;
#endif
+ /* in case restart(2) mandates a specific location */
+ if (start)
+ vdso_base = start;
+
/*
* vDSO has a problem and was disabled, just don't "enable" it for
* the process
@@ -248,6 +253,12 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp)
goto out_up;
}
+ /* for restart(2), double check that we got we asked for */
+ if (start && vdso_base != start) {
+ rc = -EINVAL;
+ goto out_up;
+ }
+
/*
* Put vDSO base into mm struct. We need to do this before calling
* install_special_mapping or the perf counter mmap tracking code
diff --git a/arch/sh/include/asm/elf.h b/arch/sh/include/asm/elf.h
index ce830fa..4128c30 100644
--- a/arch/sh/include/asm/elf.h
+++ b/arch/sh/include/asm/elf.h
@@ -201,6 +201,7 @@ do { \
#define ARCH_HAS_SETUP_ADDITIONAL_PAGES
struct linux_binprm;
extern int arch_setup_additional_pages(struct linux_binprm *bprm,
+ unsigned long start,
int uses_interp);
extern unsigned int vdso_enabled;
diff --git a/arch/sh/kernel/vsyscall/vsyscall.c b/arch/sh/kernel/vsyscall/vsyscall.c
index 242117c..6dbdfe1 100644
--- a/arch/sh/kernel/vsyscall/vsyscall.c
+++ b/arch/sh/kernel/vsyscall/vsyscall.c
@@ -58,7 +58,7 @@ int __init vsyscall_init(void)
}
/* Setup a VMA at program startup for the vsyscall page */
-int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp)
+int arch_setup_additional_pages(struct linux_binprm *bprm, unsigned long start, int uses_interp)
{
struct mm_struct *mm = current->mm;
unsigned long addr;
diff --git a/arch/x86/include/asm/elf.h b/arch/x86/include/asm/elf.h
index f2ad216..3761be8 100644
--- a/arch/x86/include/asm/elf.h
+++ b/arch/x86/include/asm/elf.h
@@ -312,9 +312,10 @@ struct linux_binprm;
#define ARCH_HAS_SETUP_ADDITIONAL_PAGES 1
extern int arch_setup_additional_pages(struct linux_binprm *bprm,
+ unsigned long start,
int uses_interp);
-extern int syscall32_setup_pages(struct linux_binprm *, int exstack);
+extern int syscall32_setup_pages(struct linux_binprm *, unsigned long start, int exstack);
#define compat_arch_setup_additional_pages syscall32_setup_pages
extern unsigned long arch_randomize_brk(struct mm_struct *mm);
diff --git a/arch/x86/vdso/vdso32-setup.c b/arch/x86/vdso/vdso32-setup.c
index 02b442e..62043c1 100644
--- a/arch/x86/vdso/vdso32-setup.c
+++ b/arch/x86/vdso/vdso32-setup.c
@@ -310,7 +310,8 @@ int __init sysenter_setup(void)
}
/* Setup a VMA at program startup for the vsyscall page */
-int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp)
+int arch_setup_additional_pages(struct linux_binprm *bprm,
+ unsigned long start, int uses_interp)
{
struct mm_struct *mm = current->mm;
unsigned long addr;
@@ -331,13 +332,17 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp)
if (compat)
addr = VDSO_HIGH_BASE;
else {
- addr = get_unmapped_area(NULL, 0, PAGE_SIZE, 0, 0);
+ addr = get_unmapped_area(NULL, start, PAGE_SIZE, 0, 0);
if (IS_ERR_VALUE(addr)) {
ret = addr;
goto up_fail;
}
}
+ /* for restart(2), double check that we got we asked for */
+ if (start && addr != start)
+ goto up_fail;
+
current->mm->context.vdso = (void *)addr;
if (compat_uses_vma || !compat) {
diff --git a/arch/x86/vdso/vma.c b/arch/x86/vdso/vma.c
index ac74869..b813286 100644
--- a/arch/x86/vdso/vma.c
+++ b/arch/x86/vdso/vma.c
@@ -100,23 +100,28 @@ static unsigned long vdso_addr(unsigned long start, unsigned len)
/* Setup a VMA at program startup for the vsyscall page.
Not called for compat tasks */
-int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp)
+int arch_setup_additional_pages(struct linux_binprm *bprm,
+ unsigned long start, int uses_interp)
{
struct mm_struct *mm = current->mm;
unsigned long addr;
- int ret;
+ int ret = -EINVAL;
if (!vdso_enabled)
return 0;
down_write(&mm->mmap_sem);
- addr = vdso_addr(mm->start_stack, vdso_size);
+ addr = start ? : vdso_addr(mm->start_stack, vdso_size);
addr = get_unmapped_area(NULL, addr, vdso_size, 0, 0);
if (IS_ERR_VALUE(addr)) {
ret = addr;
goto up_fail;
}
+ /* for restart(2), double check that we got we asked for */
+ if (start && addr != start)
+ goto up_fail;
+
current->mm->context.vdso = (void *)addr;
ret = install_special_mapping(mm, addr, vdso_size,
diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
index 535e763..6434003 100644
--- a/fs/binfmt_elf.c
+++ b/fs/binfmt_elf.c
@@ -923,7 +923,7 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
set_binfmt(&elf_format);
#ifdef ARCH_HAS_SETUP_ADDITIONAL_PAGES
- retval = arch_setup_additional_pages(bprm, !!elf_interpreter);
+ retval = arch_setup_additional_pages(bprm, 0, !!elf_interpreter);
if (retval < 0) {
send_sig(SIGKILL, current, 0);
goto out;
--
1.6.3.3
^ permalink raw reply related [flat|nested] 137+ messages in thread* [PATCH v21 013/100] c/r: break out new_user_ns()
2010-05-01 14:14 [PATCH v21 00/100] Kernel based checkpoint/restart Oren Laadan
` (11 preceding siblings ...)
2010-05-01 14:14 ` [PATCH v21 012/100] c/r: extend arch_setup_additional_pages() Oren Laadan
@ 2010-05-01 14:14 ` Oren Laadan
2010-05-01 14:14 ` [PATCH v21 014/100] c/r: split core function out of some set*{u,g}id functions Oren Laadan
` (88 subsequent siblings)
101 siblings, 0 replies; 137+ messages in thread
From: Oren Laadan @ 2010-05-01 14:14 UTC (permalink / raw)
To: Andrew Morton
Cc: containers, linux-kernel, Serge Hallyn, Matt Helsley,
Pavel Emelyanov, David Howells
From: Serge E. Hallyn <serue@us.ibm.com>
Break out the core function which checks privilege and (if
allowed) creates a new user namespace, with the passed-in
creating user_struct. Note that a user_namespace, unlike
other namespace pointers, is not stored in the nsproxy.
Rather it is purely a property of user_structs.
This will let us keep the task restore code simpler.
Cc: David Howells <dhowells@redhat.com>
Signed-off-by: Serge E. Hallyn <serue@us.ibm.com>
Acked-by: Oren Laadan <orenl@cs.columbia.edu>
---
include/linux/user_namespace.h | 8 ++++++
kernel/user_namespace.c | 53 ++++++++++++++++++++++++++++------------
2 files changed, 45 insertions(+), 16 deletions(-)
diff --git a/include/linux/user_namespace.h b/include/linux/user_namespace.h
index cc4f453..f6ea75d 100644
--- a/include/linux/user_namespace.h
+++ b/include/linux/user_namespace.h
@@ -20,6 +20,8 @@ extern struct user_namespace init_user_ns;
#ifdef CONFIG_USER_NS
+struct user_namespace *new_user_ns(struct user_struct *creator,
+ struct user_struct **newroot);
static inline struct user_namespace *get_user_ns(struct user_namespace *ns)
{
if (ns)
@@ -38,6 +40,12 @@ static inline void put_user_ns(struct user_namespace *ns)
#else
+static inline struct user_namespace *new_user_ns(struct user_struct *creator,
+ struct user_struct **newroot)
+{
+ return ERR_PTR(-EINVAL);
+}
+
static inline struct user_namespace *get_user_ns(struct user_namespace *ns)
{
return &init_user_ns;
diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
index 076c7c8..e624b0f 100644
--- a/kernel/user_namespace.c
+++ b/kernel/user_namespace.c
@@ -11,15 +11,8 @@
#include <linux/user_namespace.h>
#include <linux/cred.h>
-/*
- * Create a new user namespace, deriving the creator from the user in the
- * passed credentials, and replacing that user with the new root user for the
- * new namespace.
- *
- * This is called by copy_creds(), which will finish setting the target task's
- * credentials.
- */
-int create_user_ns(struct cred *new)
+static struct user_namespace *_new_user_ns(struct user_struct *creator,
+ struct user_struct **newroot)
{
struct user_namespace *ns;
struct user_struct *root_user;
@@ -27,7 +20,7 @@ int create_user_ns(struct cred *new)
ns = kmalloc(sizeof(struct user_namespace), GFP_KERNEL);
if (!ns)
- return -ENOMEM;
+ return ERR_PTR(-ENOMEM);
kref_init(&ns->kref);
@@ -38,12 +31,43 @@ int create_user_ns(struct cred *new)
root_user = alloc_uid(ns, 0);
if (!root_user) {
kfree(ns);
- return -ENOMEM;
+ return ERR_PTR(-ENOMEM);
}
/* set the new root user in the credentials under preparation */
- ns->creator = new->user;
- new->user = root_user;
+ ns->creator = creator;
+
+ /* alloc_uid() incremented the userns refcount. Just set it to 1 */
+ kref_set(&ns->kref, 1);
+
+ *newroot = root_user;
+ return ns;
+}
+
+struct user_namespace *new_user_ns(struct user_struct *creator,
+ struct user_struct **newroot)
+{
+ if (!capable(CAP_SYS_ADMIN))
+ return ERR_PTR(-EPERM);
+ return _new_user_ns(creator, newroot);
+}
+
+/*
+ * Create a new user namespace, deriving the creator from the user in the
+ * passed credentials, and replacing that user with the new root user for the
+ * new namespace.
+ *
+ * This is called by copy_creds(), which will finish setting the target task's
+ * credentials.
+ */
+int create_user_ns(struct cred *new)
+{
+ struct user_namespace *ns;
+
+ ns = new_user_ns(new->user, &new->user);
+ if (IS_ERR(ns))
+ return PTR_ERR(ns);
+
new->uid = new->euid = new->suid = new->fsuid = 0;
new->gid = new->egid = new->sgid = new->fsgid = 0;
put_group_info(new->group_info);
@@ -54,9 +78,6 @@ int create_user_ns(struct cred *new)
#endif
/* tgcred will be cleared in our caller bc CLONE_THREAD won't be set */
- /* alloc_uid() incremented the userns refcount. Just set it to 1 */
- kref_set(&ns->kref, 1);
-
return 0;
}
--
1.6.3.3
^ permalink raw reply related [flat|nested] 137+ messages in thread* [PATCH v21 014/100] c/r: split core function out of some set*{u,g}id functions
2010-05-01 14:14 [PATCH v21 00/100] Kernel based checkpoint/restart Oren Laadan
` (12 preceding siblings ...)
2010-05-01 14:14 ` [PATCH v21 013/100] c/r: break out new_user_ns() Oren Laadan
@ 2010-05-01 14:14 ` Oren Laadan
2010-05-01 14:14 ` [PATCH v21 015/100] cgroup freezer: Update stale locking comments Oren Laadan
` (87 subsequent siblings)
101 siblings, 0 replies; 137+ messages in thread
From: Oren Laadan @ 2010-05-01 14:14 UTC (permalink / raw)
To: Andrew Morton
Cc: containers, linux-kernel, Serge Hallyn, Matt Helsley,
Pavel Emelyanov, David Howells
From: Serge E. Hallyn <serue@us.ibm.com>
When restarting tasks, we want to be able to change xuid and
xgid in a struct cred, and do so with security checks. Break
the core functionality of set{fs,res}{u,g}id into cred_setX
which performs the access checks based on current_cred(),
but performs the requested change on a passed-in cred.
This will allow us to securely construct struct creds based
on a checkpoint image, constrained by the caller's permissions,
and apply them to the caller at the end of sys_restart().
Changelog [v21]:
- Address dhowells feedback
Cc: David Howells <dhowells@redhat.com>
Signed-off-by: Serge E. Hallyn <serue@us.ibm.com>
Acked-by: Oren Laadan <orenl@cs.columbia.edu>
---
Documentation/credentials.txt | 14 ++++
include/linux/cred.h | 8 +++
kernel/cred.c | 114 ++++++++++++++++++++++++++++++++++
kernel/sys.c | 134 +++++++----------------------------------
4 files changed, 157 insertions(+), 113 deletions(-)
diff --git a/Documentation/credentials.txt b/Documentation/credentials.txt
index df03169..55dd589 100644
--- a/Documentation/credentials.txt
+++ b/Documentation/credentials.txt
@@ -530,6 +530,20 @@ A typical credentials alteration function would look something like this:
}
+SETUID/SETGID HELPERS
+---------------------
+
+Helpers exist to perform the core of uid and gid alterations:
+
+cred_setresuid(struct cred *new, uid_t ruid, uid_t euid, uid_t suid);
+cred_setresgid(struct cred *new, gid_t rgid, gid_t egid, gid_t sgid);
+cred_setfsuid(struct cred *new, uid_t uid, uid_t *old_fsuid);
+cred_setfsgid(struct cred *new, gid_t gid, gid_t *old_fsgid);
+
+These helpers are used in kernel/sys.c for the analogous syscalls.
+As can be seen in those examples, these helpers are to be wrapped
+between calls to prepare_creds() and commit_creds() or abort_creds().
+
MANAGING CREDENTIALS
--------------------
diff --git a/include/linux/cred.h b/include/linux/cred.h
index 52507c3..8558bec 100644
--- a/include/linux/cred.h
+++ b/include/linux/cred.h
@@ -22,6 +22,9 @@ struct user_struct;
struct cred;
struct inode;
+/* defined in sys.c, used in cred_setresuid */
+extern int set_user(struct cred *new);
+
/*
* COW Supplementary groups list
*/
@@ -396,4 +399,9 @@ do { \
*(_fsgid) = __cred->fsgid; \
} while(0)
+extern int cred_setresuid(struct cred *new, uid_t ruid, uid_t euid, uid_t suid);
+extern int cred_setresgid(struct cred *new, gid_t rgid, gid_t egid, gid_t sgid);
+extern int cred_setfsuid(struct cred *new, uid_t uid, uid_t *old_fsuid);
+extern int cred_setfsgid(struct cred *new, gid_t gid, gid_t *old_fsgid);
+
#endif /* _LINUX_CRED_H */
diff --git a/kernel/cred.c b/kernel/cred.c
index e1dbe9e..fbd1750 100644
--- a/kernel/cred.c
+++ b/kernel/cred.c
@@ -895,3 +895,117 @@ void validate_creds_for_do_exit(struct task_struct *tsk)
}
#endif /* CONFIG_DEBUG_CREDENTIALS */
+
+int cred_setresuid(struct cred *new, uid_t ruid, uid_t euid, uid_t suid)
+{
+ int retval;
+ const struct cred *old;
+
+ retval = security_task_setuid(ruid, euid, suid, LSM_SETID_RES);
+ if (retval)
+ return retval;
+ old = current_cred();
+
+ if (!capable(CAP_SETUID)) {
+ if (ruid != (uid_t) -1 && ruid != old->uid &&
+ ruid != old->euid && ruid != old->suid)
+ return -EPERM;
+ if (euid != (uid_t) -1 && euid != old->uid &&
+ euid != old->euid && euid != old->suid)
+ return -EPERM;
+ if (suid != (uid_t) -1 && suid != old->uid &&
+ suid != old->euid && suid != old->suid)
+ return -EPERM;
+ }
+
+ if (ruid != (uid_t) -1) {
+ new->uid = ruid;
+ if (ruid != old->uid) {
+ retval = set_user(new);
+ if (retval < 0)
+ return retval;
+ }
+ }
+ if (euid != (uid_t) -1)
+ new->euid = euid;
+ if (suid != (uid_t) -1)
+ new->suid = suid;
+ new->fsuid = new->euid;
+
+ return security_task_fix_setuid(new, old, LSM_SETID_RES);
+}
+
+int cred_setresgid(struct cred *new, gid_t rgid, gid_t egid,
+ gid_t sgid)
+{
+ const struct cred *old = current_cred();
+ int retval;
+
+ retval = security_task_setgid(rgid, egid, sgid, LSM_SETID_RES);
+ if (retval)
+ return retval;
+
+ if (!capable(CAP_SETGID)) {
+ if (rgid != (gid_t) -1 && rgid != old->gid &&
+ rgid != old->egid && rgid != old->sgid)
+ return -EPERM;
+ if (egid != (gid_t) -1 && egid != old->gid &&
+ egid != old->egid && egid != old->sgid)
+ return -EPERM;
+ if (sgid != (gid_t) -1 && sgid != old->gid &&
+ sgid != old->egid && sgid != old->sgid)
+ return -EPERM;
+ }
+
+ if (rgid != (gid_t) -1)
+ new->gid = rgid;
+ if (egid != (gid_t) -1)
+ new->egid = egid;
+ if (sgid != (gid_t) -1)
+ new->sgid = sgid;
+ new->fsgid = new->egid;
+ return 0;
+}
+
+int cred_setfsuid(struct cred *new, uid_t uid, uid_t *old_fsuid)
+{
+ const struct cred *old;
+
+ old = current_cred();
+ *old_fsuid = old->fsuid;
+
+ if (security_task_setuid(uid, (uid_t)-1, (uid_t)-1, LSM_SETID_FS) < 0)
+ return -EPERM;
+
+ if (uid == old->uid || uid == old->euid ||
+ uid == old->suid || uid == old->fsuid ||
+ capable(CAP_SETUID)) {
+ if (uid != *old_fsuid) {
+ new->fsuid = uid;
+ if (security_task_fix_setuid(new, old, LSM_SETID_FS) == 0)
+ return 0;
+ }
+ }
+ return -EPERM;
+}
+
+int cred_setfsgid(struct cred *new, gid_t gid, gid_t *old_fsgid)
+{
+ const struct cred *old;
+
+ old = current_cred();
+ *old_fsgid = old->fsgid;
+
+ if (security_task_setgid(gid, (gid_t)-1, (gid_t)-1, LSM_SETID_FS))
+ return -EPERM;
+
+ if (gid == old->gid || gid == old->egid ||
+ gid == old->sgid || gid == old->fsgid ||
+ capable(CAP_SETGID)) {
+ if (gid != *old_fsgid) {
+ new->fsgid = gid;
+ return 0;
+ }
+ }
+ return -EPERM;
+}
diff --git a/kernel/sys.c b/kernel/sys.c
index 6d1a7e0..ec11a3f 100644
--- a/kernel/sys.c
+++ b/kernel/sys.c
@@ -565,11 +565,12 @@ error:
/*
* change the user struct in a credentials set to match the new UID
*/
-static int set_user(struct cred *new)
+int set_user(struct cred *new)
{
struct user_struct *new_user;
- new_user = alloc_uid(current_user_ns(), new->uid);
+ /* is this ok? */
+ new_user = alloc_uid(new->user->user_ns, new->uid);
if (!new_user)
return -EAGAIN;
@@ -704,14 +705,12 @@ error:
return retval;
}
-
/*
* This function implements a generic ability to update ruid, euid,
* and suid. This allows you to implement the 4.4 compatible seteuid().
*/
SYSCALL_DEFINE3(setresuid, uid_t, ruid, uid_t, euid, uid_t, suid)
{
- const struct cred *old;
struct cred *new;
int retval;
@@ -719,45 +718,10 @@ SYSCALL_DEFINE3(setresuid, uid_t, ruid, uid_t, euid, uid_t, suid)
if (!new)
return -ENOMEM;
- retval = security_task_setuid(ruid, euid, suid, LSM_SETID_RES);
- if (retval)
- goto error;
- old = current_cred();
-
- retval = -EPERM;
- if (!capable(CAP_SETUID)) {
- if (ruid != (uid_t) -1 && ruid != old->uid &&
- ruid != old->euid && ruid != old->suid)
- goto error;
- if (euid != (uid_t) -1 && euid != old->uid &&
- euid != old->euid && euid != old->suid)
- goto error;
- if (suid != (uid_t) -1 && suid != old->uid &&
- suid != old->euid && suid != old->suid)
- goto error;
- }
-
- if (ruid != (uid_t) -1) {
- new->uid = ruid;
- if (ruid != old->uid) {
- retval = set_user(new);
- if (retval < 0)
- goto error;
- }
- }
- if (euid != (uid_t) -1)
- new->euid = euid;
- if (suid != (uid_t) -1)
- new->suid = suid;
- new->fsuid = new->euid;
-
- retval = security_task_fix_setuid(new, old, LSM_SETID_RES);
- if (retval < 0)
- goto error;
-
- return commit_creds(new);
+ retval = cred_setresuid(new, ruid, euid, suid);
+ if (retval == 0)
+ return commit_creds(new);
-error:
abort_creds(new);
return retval;
}
@@ -779,43 +743,17 @@ SYSCALL_DEFINE3(getresuid, uid_t __user *, ruid, uid_t __user *, euid, uid_t __u
*/
SYSCALL_DEFINE3(setresgid, gid_t, rgid, gid_t, egid, gid_t, sgid)
{
- const struct cred *old;
struct cred *new;
int retval;
new = prepare_creds();
if (!new)
return -ENOMEM;
- old = current_cred();
- retval = security_task_setgid(rgid, egid, sgid, LSM_SETID_RES);
- if (retval)
- goto error;
+ retval = cred_setresgid(new, rgid, egid, sgid);
+ if (retval == 0)
+ return commit_creds(new);
- retval = -EPERM;
- if (!capable(CAP_SETGID)) {
- if (rgid != (gid_t) -1 && rgid != old->gid &&
- rgid != old->egid && rgid != old->sgid)
- goto error;
- if (egid != (gid_t) -1 && egid != old->gid &&
- egid != old->egid && egid != old->sgid)
- goto error;
- if (sgid != (gid_t) -1 && sgid != old->gid &&
- sgid != old->egid && sgid != old->sgid)
- goto error;
- }
-
- if (rgid != (gid_t) -1)
- new->gid = rgid;
- if (egid != (gid_t) -1)
- new->egid = egid;
- if (sgid != (gid_t) -1)
- new->sgid = sgid;
- new->fsgid = new->egid;
-
- return commit_creds(new);
-
-error:
abort_creds(new);
return retval;
}
@@ -832,7 +770,6 @@ SYSCALL_DEFINE3(getresgid, gid_t __user *, rgid, gid_t __user *, egid, gid_t __u
return retval;
}
-
/*
* "setfsuid()" sets the fsuid - the uid used for filesystem checks. This
* is used for "access()" and for the NFS daemon (letting nfsd stay at
@@ -841,35 +778,20 @@ SYSCALL_DEFINE3(getresgid, gid_t __user *, rgid, gid_t __user *, egid, gid_t __u
*/
SYSCALL_DEFINE1(setfsuid, uid_t, uid)
{
- const struct cred *old;
struct cred *new;
uid_t old_fsuid;
+ int retval;
new = prepare_creds();
if (!new)
return current_fsuid();
- old = current_cred();
- old_fsuid = old->fsuid;
-
- if (security_task_setuid(uid, (uid_t)-1, (uid_t)-1, LSM_SETID_FS) < 0)
- goto error;
-
- if (uid == old->uid || uid == old->euid ||
- uid == old->suid || uid == old->fsuid ||
- capable(CAP_SETUID)) {
- if (uid != old_fsuid) {
- new->fsuid = uid;
- if (security_task_fix_setuid(new, old, LSM_SETID_FS) == 0)
- goto change_okay;
- }
- }
-error:
- abort_creds(new);
- return old_fsuid;
+ retval = cred_setfsuid(new, uid, &old_fsuid);
+ if (retval == 0)
+ commit_creds(new);
+ else
+ abort_creds(new);
-change_okay:
- commit_creds(new);
return old_fsuid;
}
@@ -878,34 +800,20 @@ change_okay:
*/
SYSCALL_DEFINE1(setfsgid, gid_t, gid)
{
- const struct cred *old;
struct cred *new;
gid_t old_fsgid;
+ int retval;
new = prepare_creds();
if (!new)
return current_fsgid();
- old = current_cred();
- old_fsgid = old->fsgid;
-
- if (security_task_setgid(gid, (gid_t)-1, (gid_t)-1, LSM_SETID_FS))
- goto error;
-
- if (gid == old->gid || gid == old->egid ||
- gid == old->sgid || gid == old->fsgid ||
- capable(CAP_SETGID)) {
- if (gid != old_fsgid) {
- new->fsgid = gid;
- goto change_okay;
- }
- }
-error:
- abort_creds(new);
- return old_fsgid;
+ retval = cred_setfsgid(new, gid, &old_fsgid);
+ if (retval == 0)
+ commit_creds(new);
+ else
+ abort_creds(new);
-change_okay:
- commit_creds(new);
return old_fsgid;
}
--
1.6.3.3
^ permalink raw reply related [flat|nested] 137+ messages in thread* [PATCH v21 015/100] cgroup freezer: Update stale locking comments
2010-05-01 14:14 [PATCH v21 00/100] Kernel based checkpoint/restart Oren Laadan
` (13 preceding siblings ...)
2010-05-01 14:14 ` [PATCH v21 014/100] c/r: split core function out of some set*{u,g}id functions Oren Laadan
@ 2010-05-01 14:14 ` Oren Laadan
2010-05-06 19:40 ` Rafael J. Wysocki
2010-05-01 14:14 ` [PATCH v21 016/100] cgroup freezer: Add CHECKPOINTING state to safeguard container checkpoint Oren Laadan
` (86 subsequent siblings)
101 siblings, 1 reply; 137+ messages in thread
From: Oren Laadan @ 2010-05-01 14:14 UTC (permalink / raw)
To: Andrew Morton
Cc: containers, linux-kernel, Serge Hallyn, Matt Helsley,
Pavel Emelyanov, Oren Laadan, Cedric Le Goater, Paul Menage,
Li Zefan, Rafael J. Wysocki, linux-pm
From: Matt Helsley <matthltc@us.ibm.com>
Update stale comments regarding locking order and add a little more detail
so it's easier to follow the locking between the cgroup freezer and the
power management freezer code.
Signed-off-by: Matt Helsley <matthltc@us.ibm.com>
Cc: Oren Laadan <orenl@cs.columbia.edu>
Cc: Cedric Le Goater <legoater@free.fr>
Cc: Paul Menage <menage@google.com>
Cc: Li Zefan <lizf@cn.fujitsu.com>
Cc: Rafael J. Wysocki <rjw@sisk.pl>
Cc: linux-pm@lists.linux-foundation.org
---
kernel/cgroup_freezer.c | 21 +++++++++++++--------
1 files changed, 13 insertions(+), 8 deletions(-)
diff --git a/kernel/cgroup_freezer.c b/kernel/cgroup_freezer.c
index da5e139..85f19cc 100644
--- a/kernel/cgroup_freezer.c
+++ b/kernel/cgroup_freezer.c
@@ -89,10 +89,10 @@ struct cgroup_subsys freezer_subsys;
/* Locks taken and their ordering
* ------------------------------
- * css_set_lock
* cgroup_mutex (AKA cgroup_lock)
- * task->alloc_lock (AKA task_lock)
* freezer->lock
+ * css_set_lock
+ * task->alloc_lock (AKA task_lock)
* task->sighand->siglock
*
* cgroup code forces css_set_lock to be taken before task->alloc_lock
@@ -100,33 +100,38 @@ struct cgroup_subsys freezer_subsys;
* freezer_create(), freezer_destroy():
* cgroup_mutex [ by cgroup core ]
*
- * can_attach():
- * cgroup_mutex
+ * freezer_can_attach():
+ * cgroup_mutex (held by caller of can_attach)
*
- * cgroup_frozen():
+ * cgroup_freezing_or_frozen():
* task->alloc_lock (to get task's cgroup)
*
* freezer_fork() (preserving fork() performance means can't take cgroup_mutex):
- * task->alloc_lock (to get task's cgroup)
* freezer->lock
* sighand->siglock (if the cgroup is freezing)
*
* freezer_read():
* cgroup_mutex
* freezer->lock
+ * write_lock css_set_lock (cgroup iterator start)
+ * task->alloc_lock
* read_lock css_set_lock (cgroup iterator start)
*
* freezer_write() (freeze):
* cgroup_mutex
* freezer->lock
+ * write_lock css_set_lock (cgroup iterator start)
+ * task->alloc_lock
* read_lock css_set_lock (cgroup iterator start)
- * sighand->siglock
+ * sighand->siglock (fake signal delivery inside freeze_task())
*
* freezer_write() (unfreeze):
* cgroup_mutex
* freezer->lock
+ * write_lock css_set_lock (cgroup iterator start)
+ * task->alloc_lock
* read_lock css_set_lock (cgroup iterator start)
- * task->alloc_lock (to prevent races with freeze_task())
+ * task->alloc_lock (inside thaw_process(), prevents race with refrigerator())
* sighand->siglock
*/
static struct cgroup_subsys_state *freezer_create(struct cgroup_subsys *ss,
--
1.6.3.3
^ permalink raw reply related [flat|nested] 137+ messages in thread* Re: [PATCH v21 015/100] cgroup freezer: Update stale locking comments
2010-05-01 14:14 ` [PATCH v21 015/100] cgroup freezer: Update stale locking comments Oren Laadan
@ 2010-05-06 19:40 ` Rafael J. Wysocki
2010-05-06 20:31 ` Matt Helsley
2010-05-06 21:25 ` Oren Laadan
0 siblings, 2 replies; 137+ messages in thread
From: Rafael J. Wysocki @ 2010-05-06 19:40 UTC (permalink / raw)
To: Oren Laadan
Cc: Andrew Morton, containers, linux-kernel, Serge Hallyn,
Matt Helsley, Pavel Emelyanov, Cedric Le Goater, Paul Menage,
Li Zefan, linux-pm
On Saturday 01 May 2010, Oren Laadan wrote:
> From: Matt Helsley <matthltc@us.ibm.com>
>
> Update stale comments regarding locking order and add a little more detail
> so it's easier to follow the locking between the cgroup freezer and the
> power management freezer code.
I guess these three patches are for me.
Do you want me to handle them?
Rafael
> Signed-off-by: Matt Helsley <matthltc@us.ibm.com>
> Cc: Oren Laadan <orenl@cs.columbia.edu>
> Cc: Cedric Le Goater <legoater@free.fr>
> Cc: Paul Menage <menage@google.com>
> Cc: Li Zefan <lizf@cn.fujitsu.com>
> Cc: Rafael J. Wysocki <rjw@sisk.pl>
> Cc: linux-pm@lists.linux-foundation.org
> ---
> kernel/cgroup_freezer.c | 21 +++++++++++++--------
> 1 files changed, 13 insertions(+), 8 deletions(-)
>
> diff --git a/kernel/cgroup_freezer.c b/kernel/cgroup_freezer.c
> index da5e139..85f19cc 100644
> --- a/kernel/cgroup_freezer.c
> +++ b/kernel/cgroup_freezer.c
> @@ -89,10 +89,10 @@ struct cgroup_subsys freezer_subsys;
>
> /* Locks taken and their ordering
> * ------------------------------
> - * css_set_lock
> * cgroup_mutex (AKA cgroup_lock)
> - * task->alloc_lock (AKA task_lock)
> * freezer->lock
> + * css_set_lock
> + * task->alloc_lock (AKA task_lock)
> * task->sighand->siglock
> *
> * cgroup code forces css_set_lock to be taken before task->alloc_lock
> @@ -100,33 +100,38 @@ struct cgroup_subsys freezer_subsys;
> * freezer_create(), freezer_destroy():
> * cgroup_mutex [ by cgroup core ]
> *
> - * can_attach():
> - * cgroup_mutex
> + * freezer_can_attach():
> + * cgroup_mutex (held by caller of can_attach)
> *
> - * cgroup_frozen():
> + * cgroup_freezing_or_frozen():
> * task->alloc_lock (to get task's cgroup)
> *
> * freezer_fork() (preserving fork() performance means can't take cgroup_mutex):
> - * task->alloc_lock (to get task's cgroup)
> * freezer->lock
> * sighand->siglock (if the cgroup is freezing)
> *
> * freezer_read():
> * cgroup_mutex
> * freezer->lock
> + * write_lock css_set_lock (cgroup iterator start)
> + * task->alloc_lock
> * read_lock css_set_lock (cgroup iterator start)
> *
> * freezer_write() (freeze):
> * cgroup_mutex
> * freezer->lock
> + * write_lock css_set_lock (cgroup iterator start)
> + * task->alloc_lock
> * read_lock css_set_lock (cgroup iterator start)
> - * sighand->siglock
> + * sighand->siglock (fake signal delivery inside freeze_task())
> *
> * freezer_write() (unfreeze):
> * cgroup_mutex
> * freezer->lock
> + * write_lock css_set_lock (cgroup iterator start)
> + * task->alloc_lock
> * read_lock css_set_lock (cgroup iterator start)
> - * task->alloc_lock (to prevent races with freeze_task())
> + * task->alloc_lock (inside thaw_process(), prevents race with refrigerator())
> * sighand->siglock
> */
> static struct cgroup_subsys_state *freezer_create(struct cgroup_subsys *ss,
>
^ permalink raw reply [flat|nested] 137+ messages in thread
* Re: [PATCH v21 015/100] cgroup freezer: Update stale locking comments
2010-05-06 19:40 ` Rafael J. Wysocki
@ 2010-05-06 20:31 ` Matt Helsley
2010-05-06 22:34 ` Matt Helsley
2010-05-06 21:25 ` Oren Laadan
1 sibling, 1 reply; 137+ messages in thread
From: Matt Helsley @ 2010-05-06 20:31 UTC (permalink / raw)
To: Rafael J. Wysocki
Cc: Oren Laadan, Andrew Morton, containers, linux-kernel,
Serge Hallyn, Matt Helsley, Pavel Emelyanov, Cedric Le Goater,
Paul Menage, Li Zefan, linux-pm
On Thu, May 06, 2010 at 09:40:19PM +0200, Rafael J. Wysocki wrote:
> On Saturday 01 May 2010, Oren Laadan wrote:
> > From: Matt Helsley <matthltc@us.ibm.com>
> >
> > Update stale comments regarding locking order and add a little more detail
> > so it's easier to follow the locking between the cgroup freezer and the
> > power management freezer code.
>
> I guess these three patches are for me.
>
> Do you want me to handle them?
>
> Rafael
Hi Rafael,
I think you can take 15 as it's an update to the comments.
16 and 17 are specific to checkpoint/restart. There are no other in-kernel
uses, that we've identified, for them. So I was under the impression that it's
inappropriate to add them without also adding the checkpoint/restart patches
that use them.
Thanks!
Cheers,
-Matt Helsley
>
>
> > Signed-off-by: Matt Helsley <matthltc@us.ibm.com>
> > Cc: Oren Laadan <orenl@cs.columbia.edu>
> > Cc: Cedric Le Goater <legoater@free.fr>
> > Cc: Paul Menage <menage@google.com>
> > Cc: Li Zefan <lizf@cn.fujitsu.com>
> > Cc: Rafael J. Wysocki <rjw@sisk.pl>
> > Cc: linux-pm@lists.linux-foundation.org
> > ---
> > kernel/cgroup_freezer.c | 21 +++++++++++++--------
> > 1 files changed, 13 insertions(+), 8 deletions(-)
> >
> > diff --git a/kernel/cgroup_freezer.c b/kernel/cgroup_freezer.c
> > index da5e139..85f19cc 100644
> > --- a/kernel/cgroup_freezer.c
> > +++ b/kernel/cgroup_freezer.c
> > @@ -89,10 +89,10 @@ struct cgroup_subsys freezer_subsys;
> >
> > /* Locks taken and their ordering
> > * ------------------------------
> > - * css_set_lock
> > * cgroup_mutex (AKA cgroup_lock)
> > - * task->alloc_lock (AKA task_lock)
> > * freezer->lock
> > + * css_set_lock
> > + * task->alloc_lock (AKA task_lock)
> > * task->sighand->siglock
> > *
> > * cgroup code forces css_set_lock to be taken before task->alloc_lock
> > @@ -100,33 +100,38 @@ struct cgroup_subsys freezer_subsys;
> > * freezer_create(), freezer_destroy():
> > * cgroup_mutex [ by cgroup core ]
> > *
> > - * can_attach():
> > - * cgroup_mutex
> > + * freezer_can_attach():
> > + * cgroup_mutex (held by caller of can_attach)
> > *
> > - * cgroup_frozen():
> > + * cgroup_freezing_or_frozen():
> > * task->alloc_lock (to get task's cgroup)
> > *
> > * freezer_fork() (preserving fork() performance means can't take cgroup_mutex):
> > - * task->alloc_lock (to get task's cgroup)
> > * freezer->lock
> > * sighand->siglock (if the cgroup is freezing)
> > *
> > * freezer_read():
> > * cgroup_mutex
> > * freezer->lock
> > + * write_lock css_set_lock (cgroup iterator start)
> > + * task->alloc_lock
> > * read_lock css_set_lock (cgroup iterator start)
> > *
> > * freezer_write() (freeze):
> > * cgroup_mutex
> > * freezer->lock
> > + * write_lock css_set_lock (cgroup iterator start)
> > + * task->alloc_lock
> > * read_lock css_set_lock (cgroup iterator start)
> > - * sighand->siglock
> > + * sighand->siglock (fake signal delivery inside freeze_task())
> > *
> > * freezer_write() (unfreeze):
> > * cgroup_mutex
> > * freezer->lock
> > + * write_lock css_set_lock (cgroup iterator start)
> > + * task->alloc_lock
> > * read_lock css_set_lock (cgroup iterator start)
> > - * task->alloc_lock (to prevent races with freeze_task())
> > + * task->alloc_lock (inside thaw_process(), prevents race with refrigerator())
> > * sighand->siglock
> > */
> > static struct cgroup_subsys_state *freezer_create(struct cgroup_subsys *ss,
> >
>
^ permalink raw reply [flat|nested] 137+ messages in thread
* Re: [PATCH v21 015/100] cgroup freezer: Update stale locking comments
2010-05-06 20:31 ` Matt Helsley
@ 2010-05-06 22:34 ` Matt Helsley
0 siblings, 0 replies; 137+ messages in thread
From: Matt Helsley @ 2010-05-06 22:34 UTC (permalink / raw)
To: Matt Helsley
Cc: Rafael J. Wysocki, Oren Laadan, Andrew Morton, containers,
linux-kernel, Serge Hallyn, Pavel Emelyanov, Cedric Le Goater,
Paul Menage, Li Zefan, linux-pm
On Thu, May 06, 2010 at 01:31:17PM -0700, Matt Helsley wrote:
> On Thu, May 06, 2010 at 09:40:19PM +0200, Rafael J. Wysocki wrote:
> > On Saturday 01 May 2010, Oren Laadan wrote:
> > > From: Matt Helsley <matthltc@us.ibm.com>
> > >
> > > Update stale comments regarding locking order and add a little more detail
> > > so it's easier to follow the locking between the cgroup freezer and the
> > > power management freezer code.
> >
> > I guess these three patches are for me.
> >
> > Do you want me to handle them?
> >
> > Rafael
>
> Hi Rafael,
>
> I think you can take 15 as it's an update to the comments.
>
> 16 and 17 are specific to checkpoint/restart. There are no other in-kernel
> uses, that we've identified, for them. So I was under the impression that it's
> inappropriate to add them without also adding the checkpoint/restart patches
> that use them.
Of course, assuming I'm wrong about the dependency on checkpoint/restart, I
have no objection to your taking them.
Thanks again!
Cheers,
-Matt Helsley
^ permalink raw reply [flat|nested] 137+ messages in thread
* Re: [PATCH v21 015/100] cgroup freezer: Update stale locking comments
2010-05-06 19:40 ` Rafael J. Wysocki
2010-05-06 20:31 ` Matt Helsley
@ 2010-05-06 21:25 ` Oren Laadan
2010-05-10 21:01 ` Rafael J. Wysocki
1 sibling, 1 reply; 137+ messages in thread
From: Oren Laadan @ 2010-05-06 21:25 UTC (permalink / raw)
To: Rafael J. Wysocki
Cc: Andrew Morton, containers, linux-kernel, Serge Hallyn,
Matt Helsley, Pavel Emelyanov, Cedric Le Goater, Paul Menage,
Li Zefan, linux-pm
On 05/06/2010 03:40 PM, Rafael J. Wysocki wrote:
> On Saturday 01 May 2010, Oren Laadan wrote:
>> From: Matt Helsley <matthltc@us.ibm.com>
>>
>> Update stale comments regarding locking order and add a little more detail
>> so it's easier to follow the locking between the cgroup freezer and the
>> power management freezer code.
>
> I guess these three patches are for me.
>
> Do you want me to handle them?
Yes, please, that would be great.
Thanks,
Oren.
>
> Rafael
>
>
>> Signed-off-by: Matt Helsley <matthltc@us.ibm.com>
>> Cc: Oren Laadan <orenl@cs.columbia.edu>
>> Cc: Cedric Le Goater <legoater@free.fr>
>> Cc: Paul Menage <menage@google.com>
>> Cc: Li Zefan <lizf@cn.fujitsu.com>
>> Cc: Rafael J. Wysocki <rjw@sisk.pl>
>> Cc: linux-pm@lists.linux-foundation.org
>> ---
>> kernel/cgroup_freezer.c | 21 +++++++++++++--------
>> 1 files changed, 13 insertions(+), 8 deletions(-)
>>
>> diff --git a/kernel/cgroup_freezer.c b/kernel/cgroup_freezer.c
>> index da5e139..85f19cc 100644
>> --- a/kernel/cgroup_freezer.c
>> +++ b/kernel/cgroup_freezer.c
>> @@ -89,10 +89,10 @@ struct cgroup_subsys freezer_subsys;
>>
>> /* Locks taken and their ordering
>> * ------------------------------
>> - * css_set_lock
>> * cgroup_mutex (AKA cgroup_lock)
>> - * task->alloc_lock (AKA task_lock)
>> * freezer->lock
>> + * css_set_lock
>> + * task->alloc_lock (AKA task_lock)
>> * task->sighand->siglock
>> *
>> * cgroup code forces css_set_lock to be taken before task->alloc_lock
>> @@ -100,33 +100,38 @@ struct cgroup_subsys freezer_subsys;
>> * freezer_create(), freezer_destroy():
>> * cgroup_mutex [ by cgroup core ]
>> *
>> - * can_attach():
>> - * cgroup_mutex
>> + * freezer_can_attach():
>> + * cgroup_mutex (held by caller of can_attach)
>> *
>> - * cgroup_frozen():
>> + * cgroup_freezing_or_frozen():
>> * task->alloc_lock (to get task's cgroup)
>> *
>> * freezer_fork() (preserving fork() performance means can't take cgroup_mutex):
>> - * task->alloc_lock (to get task's cgroup)
>> * freezer->lock
>> * sighand->siglock (if the cgroup is freezing)
>> *
>> * freezer_read():
>> * cgroup_mutex
>> * freezer->lock
>> + * write_lock css_set_lock (cgroup iterator start)
>> + * task->alloc_lock
>> * read_lock css_set_lock (cgroup iterator start)
>> *
>> * freezer_write() (freeze):
>> * cgroup_mutex
>> * freezer->lock
>> + * write_lock css_set_lock (cgroup iterator start)
>> + * task->alloc_lock
>> * read_lock css_set_lock (cgroup iterator start)
>> - * sighand->siglock
>> + * sighand->siglock (fake signal delivery inside freeze_task())
>> *
>> * freezer_write() (unfreeze):
>> * cgroup_mutex
>> * freezer->lock
>> + * write_lock css_set_lock (cgroup iterator start)
>> + * task->alloc_lock
>> * read_lock css_set_lock (cgroup iterator start)
>> - * task->alloc_lock (to prevent races with freeze_task())
>> + * task->alloc_lock (inside thaw_process(), prevents race with refrigerator())
>> * sighand->siglock
>> */
>> static struct cgroup_subsys_state *freezer_create(struct cgroup_subsys *ss,
>>
>
>
^ permalink raw reply [flat|nested] 137+ messages in thread
* Re: [PATCH v21 015/100] cgroup freezer: Update stale locking comments
2010-05-06 21:25 ` Oren Laadan
@ 2010-05-10 21:01 ` Rafael J. Wysocki
2010-05-10 21:07 ` Matt Helsley
0 siblings, 1 reply; 137+ messages in thread
From: Rafael J. Wysocki @ 2010-05-10 21:01 UTC (permalink / raw)
To: Oren Laadan
Cc: Andrew Morton, containers, linux-kernel, Serge Hallyn,
Matt Helsley, Pavel Emelyanov, Cedric Le Goater, Paul Menage,
Li Zefan, linux-pm
On Thursday 06 May 2010, Oren Laadan wrote:
>
> On 05/06/2010 03:40 PM, Rafael J. Wysocki wrote:
> > On Saturday 01 May 2010, Oren Laadan wrote:
> >> From: Matt Helsley <matthltc@us.ibm.com>
> >>
> >> Update stale comments regarding locking order and add a little more detail
> >> so it's easier to follow the locking between the cgroup freezer and the
> >> power management freezer code.
> >
> > I guess these three patches are for me.
> >
> > Do you want me to handle them?
>
> Yes, please, that would be great.
However, patches 16 and 17 seem to depend on checkpoint/restart and don't
appear to be margeable at this point. Is this correct?
Rafael
^ permalink raw reply [flat|nested] 137+ messages in thread
* Re: [PATCH v21 015/100] cgroup freezer: Update stale locking comments
2010-05-10 21:01 ` Rafael J. Wysocki
@ 2010-05-10 21:07 ` Matt Helsley
2010-05-10 21:12 ` Rafael J. Wysocki
0 siblings, 1 reply; 137+ messages in thread
From: Matt Helsley @ 2010-05-10 21:07 UTC (permalink / raw)
To: Rafael J. Wysocki
Cc: Oren Laadan, Andrew Morton, containers, linux-kernel,
Serge Hallyn, Matt Helsley, Pavel Emelyanov, Cedric Le Goater,
Paul Menage, Li Zefan, linux-pm
On Mon, May 10, 2010 at 11:01:45PM +0200, Rafael J. Wysocki wrote:
> On Thursday 06 May 2010, Oren Laadan wrote:
> >
> > On 05/06/2010 03:40 PM, Rafael J. Wysocki wrote:
> > > On Saturday 01 May 2010, Oren Laadan wrote:
> > >> From: Matt Helsley <matthltc@us.ibm.com>
> > >>
> > >> Update stale comments regarding locking order and add a little more detail
> > >> so it's easier to follow the locking between the cgroup freezer and the
> > >> power management freezer code.
> > >
> > > I guess these three patches are for me.
> > >
> > > Do you want me to handle them?
> >
> > Yes, please, that would be great.
>
> However, patches 16 and 17 seem to depend on checkpoint/restart and don't
> appear to be margeable at this point. Is this correct?
Strictly speaking they do not depend on checkpoint/restart. However, only
checkpoint/restart uses the functionality introduced by those patches so I
think you are correct that they aren't mergeable at this point.
Cheers,
-Matt Helsley
^ permalink raw reply [flat|nested] 137+ messages in thread
* Re: [PATCH v21 015/100] cgroup freezer: Update stale locking comments
2010-05-10 21:07 ` Matt Helsley
@ 2010-05-10 21:12 ` Rafael J. Wysocki
0 siblings, 0 replies; 137+ messages in thread
From: Rafael J. Wysocki @ 2010-05-10 21:12 UTC (permalink / raw)
To: Matt Helsley
Cc: Oren Laadan, Andrew Morton, containers, linux-kernel,
Serge Hallyn, Pavel Emelyanov, Cedric Le Goater, Paul Menage,
Li Zefan, linux-pm
On Monday 10 May 2010, Matt Helsley wrote:
> On Mon, May 10, 2010 at 11:01:45PM +0200, Rafael J. Wysocki wrote:
> > On Thursday 06 May 2010, Oren Laadan wrote:
> > >
> > > On 05/06/2010 03:40 PM, Rafael J. Wysocki wrote:
> > > > On Saturday 01 May 2010, Oren Laadan wrote:
> > > >> From: Matt Helsley <matthltc@us.ibm.com>
> > > >>
> > > >> Update stale comments regarding locking order and add a little more detail
> > > >> so it's easier to follow the locking between the cgroup freezer and the
> > > >> power management freezer code.
> > > >
> > > > I guess these three patches are for me.
> > > >
> > > > Do you want me to handle them?
> > >
> > > Yes, please, that would be great.
> >
> > However, patches 16 and 17 seem to depend on checkpoint/restart and don't
> > appear to be margeable at this point. Is this correct?
>
> Strictly speaking they do not depend on checkpoint/restart. However, only
> checkpoint/restart uses the functionality introduced by those patches so I
> think you are correct that they aren't mergeable at this point.
OK, so I'm going to take patch 15 only for the upcoming merge window.
Thanks,
Rafael
^ permalink raw reply [flat|nested] 137+ messages in thread
* [PATCH v21 016/100] cgroup freezer: Add CHECKPOINTING state to safeguard container checkpoint
2010-05-01 14:14 [PATCH v21 00/100] Kernel based checkpoint/restart Oren Laadan
` (14 preceding siblings ...)
2010-05-01 14:14 ` [PATCH v21 015/100] cgroup freezer: Update stale locking comments Oren Laadan
@ 2010-05-01 14:14 ` Oren Laadan
2010-05-01 14:14 ` [PATCH v21 017/100] cgroup freezer: interface to freeze a cgroup from within the kernel Oren Laadan
` (85 subsequent siblings)
101 siblings, 0 replies; 137+ messages in thread
From: Oren Laadan @ 2010-05-01 14:14 UTC (permalink / raw)
To: Andrew Morton
Cc: containers, linux-kernel, Serge Hallyn, Matt Helsley,
Pavel Emelyanov, Oren Laadan, Cedric Le Goater, Paul Menage,
Li Zefan, Rafael J. Wysocki, linux-pm
From: Matt Helsley <matthltc@us.ibm.com>
The CHECKPOINTING state prevents userspace from unfreezing tasks until
sys_checkpoint() is finished. When doing container checkpoint userspace
will do:
echo FROZEN > /cgroups/my_container/freezer.state
...
rc = sys_checkpoint( <pid of container root> );
To ensure a consistent checkpoint image userspace should not be allowed
to thaw the cgroup (echo THAWED > /cgroups/my_container/freezer.state)
during checkpoint.
"CHECKPOINTING" can only be set on a "FROZEN" cgroup using the checkpoint
system call. Once in the "CHECKPOINTING" state, the cgroup may not leave until
the checkpoint system call is finished and ready to return. Then the
freezer state returns to "FROZEN". Writing any new state to freezer.state while
checkpointing will return EBUSY. These semantics ensure that userspace cannot
unfreeze the cgroup midway through the checkpoint system call.
The cgroup_freezer_begin_checkpoint() and cgroup_freezer_end_checkpoint()
make relatively few assumptions about the task that is passed in. However the
way they are called in do_checkpoint() assumes that the root of the container
is in the same freezer cgroup as all the other tasks that will be
checkpointed.
Notes:
As a side-effect this prevents the multiple tasks from entering the
CHECKPOINTING state simultaneously. All but one will get -EBUSY.
Signed-off-by: Oren Laadan <orenl@cs.columbia.edu>
Signed-off-by: Matt Helsley <matthltc@us.ibm.com>
Cc: Cedric Le Goater <legoater@free.fr>
Cc: Paul Menage <menage@google.com>
Cc: Li Zefan <lizf@cn.fujitsu.com>
Cc: Rafael J. Wysocki <rjw@sisk.pl>
Cc: linux-pm@lists.linux-foundation.org
---
Documentation/cgroups/freezer-subsystem.txt | 10 ++
include/linux/freezer.h | 8 ++
kernel/cgroup_freezer.c | 166 ++++++++++++++++++++-------
3 files changed, 142 insertions(+), 42 deletions(-)
diff --git a/Documentation/cgroups/freezer-subsystem.txt b/Documentation/cgroups/freezer-subsystem.txt
index 41f37fe..92b68e6 100644
--- a/Documentation/cgroups/freezer-subsystem.txt
+++ b/Documentation/cgroups/freezer-subsystem.txt
@@ -100,3 +100,13 @@ things happens:
and returns EINVAL)
3) The tasks that blocked the cgroup from entering the "FROZEN"
state disappear from the cgroup's set of tasks.
+
+When the cgroup freezer is used to guard container checkpoint operations the
+freezer.state may be "CHECKPOINTING". "CHECKPOINTING" can only be set on a
+"FROZEN" cgroup using the checkpoint system call. Once in the "CHECKPOINTING"
+state, the cgroup may not leave until the checkpoint system call returns the
+freezer state to "FROZEN". Writing any new state to freezer.state while
+checkpointing will return EBUSY. These semantics ensure that userspace cannot
+unfreeze the cgroup midway through the checkpoint system call. Note that,
+unlike "FROZEN" and "FREEZING", there is no corresponding "CHECKPOINTED"
+state.
diff --git a/include/linux/freezer.h b/include/linux/freezer.h
index da7e52b..3d32641 100644
--- a/include/linux/freezer.h
+++ b/include/linux/freezer.h
@@ -65,11 +65,19 @@ extern void cancel_freezing(struct task_struct *p);
#ifdef CONFIG_CGROUP_FREEZER
extern int cgroup_freezing_or_frozen(struct task_struct *task);
+extern int in_same_cgroup_freezer(struct task_struct *p, struct task_struct *q);
+extern int cgroup_freezer_begin_checkpoint(struct task_struct *task);
+extern void cgroup_freezer_end_checkpoint(struct task_struct *task);
#else /* !CONFIG_CGROUP_FREEZER */
static inline int cgroup_freezing_or_frozen(struct task_struct *task)
{
return 0;
}
+static inline int in_same_cgroup_freezer(struct task_struct *p,
+ struct task_struct *q)
+{
+ return 0;
+}
#endif /* !CONFIG_CGROUP_FREEZER */
/*
diff --git a/kernel/cgroup_freezer.c b/kernel/cgroup_freezer.c
index 85f19cc..58ee049 100644
--- a/kernel/cgroup_freezer.c
+++ b/kernel/cgroup_freezer.c
@@ -26,6 +26,7 @@ enum freezer_state {
CGROUP_THAWED = 0,
CGROUP_FREEZING,
CGROUP_FROZEN,
+ CGROUP_CHECKPOINTING,
};
struct freezer {
@@ -64,6 +65,44 @@ int cgroup_freezing_or_frozen(struct task_struct *task)
return (state == CGROUP_FREEZING) || (state == CGROUP_FROZEN);
}
+/* Task is frozen or will freeze immediately when next it gets woken */
+static bool is_task_frozen_enough(struct task_struct *task)
+{
+ return frozen(task) ||
+ (task_is_stopped_or_traced(task) && freezing(task));
+}
+
+/*
+ * caller must hold freezer->lock
+ */
+static void update_freezer_state(struct cgroup *cgroup,
+ struct freezer *freezer)
+{
+ struct cgroup_iter it;
+ struct task_struct *task;
+ unsigned int nfrozen = 0, ntotal = 0;
+
+ cgroup_iter_start(cgroup, &it);
+ while ((task = cgroup_iter_next(cgroup, &it))) {
+ ntotal++;
+ if (is_task_frozen_enough(task))
+ nfrozen++;
+ }
+
+ /*
+ * Transition to FROZEN when no new tasks can be added ensures
+ * that we never exist in the FROZEN state while there are unfrozen
+ * tasks.
+ */
+ if (nfrozen == ntotal)
+ freezer->state = CGROUP_FROZEN;
+ else if (nfrozen > 0)
+ freezer->state = CGROUP_FREEZING;
+ else
+ freezer->state = CGROUP_THAWED;
+ cgroup_iter_end(cgroup, &it);
+}
+
/*
* cgroups_write_string() limits the size of freezer state strings to
* CGROUP_LOCAL_BUFFER_SIZE
@@ -72,6 +111,7 @@ static const char *freezer_state_strs[] = {
"THAWED",
"FREEZING",
"FROZEN",
+ "CHECKPOINTING",
};
/*
@@ -79,9 +119,9 @@ static const char *freezer_state_strs[] = {
* Transitions are caused by userspace writes to the freezer.state file.
* The values in parenthesis are state labels. The rest are edge labels.
*
- * (THAWED) --FROZEN--> (FREEZING) --FROZEN--> (FROZEN)
- * ^ ^ | |
- * | \_______THAWED_______/ |
+ * (THAWED) --FROZEN--> (FREEZING) --FROZEN--> (FROZEN) --> (CHECKPOINTING)
+ * ^ ^ | | ^ |
+ * | \_______THAWED_______/ | \_____________/
* \__________________________THAWED____________/
*/
@@ -154,13 +194,6 @@ static void freezer_destroy(struct cgroup_subsys *ss,
kfree(cgroup_freezer(cgroup));
}
-/* Task is frozen or will freeze immediately when next it gets woken */
-static bool is_task_frozen_enough(struct task_struct *task)
-{
- return frozen(task) ||
- (task_is_stopped_or_traced(task) && freezing(task));
-}
-
/*
* The call to cgroup_lock() in the freezer.state write method prevents
* a write to that file racing against an attach, and hence the
@@ -230,37 +263,6 @@ static void freezer_fork(struct cgroup_subsys *ss, struct task_struct *task)
spin_unlock_irq(&freezer->lock);
}
-/*
- * caller must hold freezer->lock
- */
-static void update_freezer_state(struct cgroup *cgroup,
- struct freezer *freezer)
-{
- struct cgroup_iter it;
- struct task_struct *task;
- unsigned int nfrozen = 0, ntotal = 0;
-
- cgroup_iter_start(cgroup, &it);
- while ((task = cgroup_iter_next(cgroup, &it))) {
- ntotal++;
- if (is_task_frozen_enough(task))
- nfrozen++;
- }
-
- /*
- * Transition to FROZEN when no new tasks can be added ensures
- * that we never exist in the FROZEN state while there are unfrozen
- * tasks.
- */
- if (nfrozen == ntotal)
- freezer->state = CGROUP_FROZEN;
- else if (nfrozen > 0)
- freezer->state = CGROUP_FREEZING;
- else
- freezer->state = CGROUP_THAWED;
- cgroup_iter_end(cgroup, &it);
-}
-
static int freezer_read(struct cgroup *cgroup, struct cftype *cft,
struct seq_file *m)
{
@@ -331,7 +333,10 @@ static int freezer_change_state(struct cgroup *cgroup,
freezer = cgroup_freezer(cgroup);
spin_lock_irq(&freezer->lock);
-
+ if (freezer->state == CGROUP_CHECKPOINTING) {
+ retval = -EBUSY;
+ goto out;
+ }
update_freezer_state(cgroup, freezer);
if (goal_state == freezer->state)
goto out;
@@ -399,3 +404,80 @@ struct cgroup_subsys freezer_subsys = {
.fork = freezer_fork,
.exit = NULL,
};
+
+#ifdef CONFIG_CHECKPOINT
+/*
+ * Caller is expected to ensure that neither @p nor @q may change its
+ * freezer cgroup during this test in a way that may affect the result.
+ * E.g., when called form c/r, @p must be in CHECKPOINTING cgroup, so
+ * may not change cgroup, and either @q is also there, or is not there
+ * and may not join.
+ */
+int in_same_cgroup_freezer(struct task_struct *p, struct task_struct *q)
+{
+ struct cgroup_subsys_state *p_css, *q_css;
+
+ task_lock(p);
+ p_css = task_subsys_state(p, freezer_subsys_id);
+ task_unlock(p);
+
+ task_lock(q);
+ q_css = task_subsys_state(q, freezer_subsys_id);
+ task_unlock(q);
+
+ return (p_css == q_css);
+}
+
+/*
+ * cgroup freezer state changes made without the aid of the cgroup filesystem
+ * must go through this function to ensure proper locking is observed.
+ */
+static int freezer_checkpointing(struct task_struct *task,
+ enum freezer_state next_state)
+{
+ struct freezer *freezer;
+ struct cgroup_subsys_state *css;
+ enum freezer_state state;
+
+ task_lock(task);
+ css = task_subsys_state(task, freezer_subsys_id);
+ css_get(css); /* make sure freezer doesn't go away */
+ freezer = container_of(css, struct freezer, css);
+ task_unlock(task);
+
+ if (freezer->state == CGROUP_FREEZING) {
+ /* May be in middle of a lazy FREEZING -> FROZEN transition */
+ if (cgroup_lock_live_group(css->cgroup)) {
+ spin_lock_irq(&freezer->lock);
+ update_freezer_state(css->cgroup, freezer);
+ spin_unlock_irq(&freezer->lock);
+ cgroup_unlock();
+ }
+ }
+
+ spin_lock_irq(&freezer->lock);
+ state = freezer->state;
+ if ((state == CGROUP_FROZEN && next_state == CGROUP_CHECKPOINTING) ||
+ (state == CGROUP_CHECKPOINTING && next_state == CGROUP_FROZEN))
+ freezer->state = next_state;
+ spin_unlock_irq(&freezer->lock);
+ css_put(css);
+ return state;
+}
+
+int cgroup_freezer_begin_checkpoint(struct task_struct *task)
+{
+ if (freezer_checkpointing(task, CGROUP_CHECKPOINTING) != CGROUP_FROZEN)
+ return -EBUSY;
+ return 0;
+}
+
+void cgroup_freezer_end_checkpoint(struct task_struct *task)
+{
+ /*
+ * If we weren't in CHECKPOINTING state then userspace could have
+ * unfrozen a task and given us an inconsistent checkpoint image
+ */
+ WARN_ON(freezer_checkpointing(task, CGROUP_FROZEN) != CGROUP_CHECKPOINTING);
+}
+#endif /* CONFIG_CHECKPOINT */
--
1.6.3.3
^ permalink raw reply related [flat|nested] 137+ messages in thread* [PATCH v21 017/100] cgroup freezer: interface to freeze a cgroup from within the kernel
2010-05-01 14:14 [PATCH v21 00/100] Kernel based checkpoint/restart Oren Laadan
` (15 preceding siblings ...)
2010-05-01 14:14 ` [PATCH v21 016/100] cgroup freezer: Add CHECKPOINTING state to safeguard container checkpoint Oren Laadan
@ 2010-05-01 14:14 ` Oren Laadan
2010-05-01 14:15 ` [PATCH v21 018/100] Namespaces submenu Oren Laadan
` (84 subsequent siblings)
101 siblings, 0 replies; 137+ messages in thread
From: Oren Laadan @ 2010-05-01 14:14 UTC (permalink / raw)
To: Andrew Morton
Cc: containers, linux-kernel, Serge Hallyn, Matt Helsley,
Pavel Emelyanov, Oren Laadan, Paul Menage, Li Zefan,
Cedric Le Goater, Rafael J. Wysocki, linux-pm
Add public interface to freeze a cgroup freezer given a task that
belongs to that cgroup: cgroup_freezer_make_frozen(task)
Freezing the root cgroup is not permitted. Freezing the cgroup to
which current process belong is also not permitted.
This will be used for restart(2) to be able to leave the restarted
processes in a frozen state, instead of resuming execution.
This is useful for debugging, if the user would like to attach a
debugger to the restarted task(s).
It is also useful if the restart procedure would like to perform
additional setup once the tasks are restored but before they are
allowed to proceed execution.
Signed-off-by: Oren Laadan <orenl@cs.columbia.edu>
CC: Matt Helsley <matthltc@us.ibm.com>
Cc: Paul Menage <menage@google.com>
Cc: Li Zefan <lizf@cn.fujitsu.com>
Cc: Cedric Le Goater <legoater@free.fr>
Cc: Rafael J. Wysocki <rjw@sisk.pl>
Cc: linux-pm@lists.linux-foundation.org
---
include/linux/freezer.h | 1 +
kernel/cgroup_freezer.c | 27 +++++++++++++++++++++++++++
2 files changed, 28 insertions(+), 0 deletions(-)
diff --git a/include/linux/freezer.h b/include/linux/freezer.h
index 3d32641..0cb22cb 100644
--- a/include/linux/freezer.h
+++ b/include/linux/freezer.h
@@ -68,6 +68,7 @@ extern int cgroup_freezing_or_frozen(struct task_struct *task);
extern int in_same_cgroup_freezer(struct task_struct *p, struct task_struct *q);
extern int cgroup_freezer_begin_checkpoint(struct task_struct *task);
extern void cgroup_freezer_end_checkpoint(struct task_struct *task);
+extern int cgroup_freezer_make_frozen(struct task_struct *task);
#else /* !CONFIG_CGROUP_FREEZER */
static inline int cgroup_freezing_or_frozen(struct task_struct *task)
{
diff --git a/kernel/cgroup_freezer.c b/kernel/cgroup_freezer.c
index 58ee049..8f923d8 100644
--- a/kernel/cgroup_freezer.c
+++ b/kernel/cgroup_freezer.c
@@ -480,4 +480,31 @@ void cgroup_freezer_end_checkpoint(struct task_struct *task)
*/
WARN_ON(freezer_checkpointing(task, CGROUP_FROZEN) != CGROUP_CHECKPOINTING);
}
+
+int cgroup_freezer_make_frozen(struct task_struct *task)
+{
+ struct freezer *freezer;
+ struct cgroup_subsys_state *css;
+ int ret = -ENODEV;
+
+ task_lock(task);
+ css = task_subsys_state(task, freezer_subsys_id);
+ css_get(css); /* make sure freezer doesn't go away */
+ freezer = container_of(css, struct freezer, css);
+ task_unlock(task);
+
+ /* Never freeze the root cgroup */
+ if (!test_bit(CSS_ROOT, &css->flags) &&
+ cgroup_lock_live_group(css->cgroup)) {
+ /* do not freeze outselves, ei ?! */
+ if (css != task_subsys_state(current, freezer_subsys_id))
+ ret = freezer_change_state(css->cgroup, CGROUP_FROZEN);
+ else
+ ret = -EPERM;
+ cgroup_unlock();
+ }
+
+ css_put(css);
+ return ret;
+}
#endif /* CONFIG_CHECKPOINT */
--
1.6.3.3
^ permalink raw reply related [flat|nested] 137+ messages in thread* [PATCH v21 018/100] Namespaces submenu
2010-05-01 14:14 [PATCH v21 00/100] Kernel based checkpoint/restart Oren Laadan
` (16 preceding siblings ...)
2010-05-01 14:14 ` [PATCH v21 017/100] cgroup freezer: interface to freeze a cgroup from within the kernel Oren Laadan
@ 2010-05-01 14:15 ` Oren Laadan
2010-05-01 14:15 ` [PATCH v21 019/100] Make file_pos_read/write() public and export kernel_write() Oren Laadan
` (83 subsequent siblings)
101 siblings, 0 replies; 137+ messages in thread
From: Oren Laadan @ 2010-05-01 14:15 UTC (permalink / raw)
To: Andrew Morton
Cc: containers, linux-kernel, Serge Hallyn, Matt Helsley,
Pavel Emelyanov, Dave Hansen
From: Dave Hansen <dave@linux.vnet.ibm.com>
Let's not steal too much space in the 'General Setup' menu.
Take a cue from the cgroups code and create a submenu.
This can go upstream now.
Signed-off-by: Dave Hansen <dave@linux.vnet.ibm.com>
Acked-by: Oren Laadan <orenl@cs.columbia.edu>
Acked-by: Serge E. Hallyn <serue@us.ibm.com>
---
init/Kconfig | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/init/Kconfig b/init/Kconfig
index eb77e8c..bd8174f 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -664,7 +664,7 @@ config RELAY
If unsure, say N.
-config NAMESPACES
+menuconfig NAMESPACES
bool "Namespaces support" if EMBEDDED
default !EMBEDDED
help
--
1.6.3.3
^ permalink raw reply related [flat|nested] 137+ messages in thread* [PATCH v21 019/100] Make file_pos_read/write() public and export kernel_write()
2010-05-01 14:14 [PATCH v21 00/100] Kernel based checkpoint/restart Oren Laadan
` (17 preceding siblings ...)
2010-05-01 14:15 ` [PATCH v21 018/100] Namespaces submenu Oren Laadan
@ 2010-05-01 14:15 ` Oren Laadan
2010-05-06 12:26 ` Josef Bacik
2010-05-01 14:15 ` [PATCH v21 020/100] c/r: documentation Oren Laadan
` (82 subsequent siblings)
101 siblings, 1 reply; 137+ messages in thread
From: Oren Laadan @ 2010-05-01 14:15 UTC (permalink / raw)
To: Andrew Morton
Cc: containers, linux-kernel, Serge Hallyn, Matt Helsley,
Pavel Emelyanov, Oren Laadan, linux-fsdevel
These three are used in a subsequent patch to allow the kernel c/r
code to call vfs_read/write() to read and write data to and from the
checkpoint image.
This patch makes the following changes:
1) Move kernel_write() from fs/splice.c to fs/exec.c to be near
kernel_read()
2) Make kernel_read/write() iterate if they face partial reads or
writes, and retry if they face -EAGAIN.
3) Adjust prototypes of kernel_read/write() to use size_t and ssize_t
4) Move file_pos_read/write() to include/linux/fs.h
Changelog [ckpt-v21]
- Introduce kernel_write(), fix kernel_read()
Cc: linux-fsdevel@vger.kernel.org
Signed-off-by: Oren Laadan <orenl@cs.columbia.edu>
Acked-by: Serge E. Hallyn <serue@us.ibm.com>
---
fs/exec.c | 69 ++++++++++++++++++++++++++++++++++++++++++++++++----
fs/read_write.c | 10 -------
fs/splice.c | 17 +------------
include/linux/fs.h | 13 +++++++++-
4 files changed, 77 insertions(+), 32 deletions(-)
diff --git a/fs/exec.c b/fs/exec.c
index 49cdaa1..7bacb6a 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -693,23 +693,82 @@ exit:
}
EXPORT_SYMBOL(open_exec);
-int kernel_read(struct file *file, loff_t offset,
- char *addr, unsigned long count)
+static ssize_t _kernel_read(struct file *file, loff_t offset,
+ char __user *ubuf, size_t count)
{
- mm_segment_t old_fs;
+ ssize_t nread;
+ size_t nleft;
loff_t pos = offset;
- int result;
+
+ for (nleft = count; nleft; nleft -= nread) {
+ nread = vfs_read(file, ubuf, nleft, &pos);
+ if (nread <= 0) {
+ if (nread == -EAGAIN) {
+ nread = 0;
+ continue;
+ } else if (nread == 0)
+ break;
+ else
+ return nread;
+ }
+ ubuf += nread;
+ }
+ return count - nleft;
+}
+
+ssize_t kernel_read(struct file *file, loff_t offset,
+ char *addr, size_t count)
+{
+ mm_segment_t old_fs;
+ ssize_t result;
old_fs = get_fs();
set_fs(get_ds());
/* The cast to a user pointer is valid due to the set_fs() */
- result = vfs_read(file, (void __user *)addr, count, &pos);
+ result = _kernel_read(file, offset, (void __user *)addr, count);
set_fs(old_fs);
return result;
}
EXPORT_SYMBOL(kernel_read);
+static ssize_t _kernel_write(struct file *file, loff_t offset,
+ const char __user *ubuf, size_t count)
+{
+ ssize_t nwrite;
+ size_t nleft;
+ loff_t pos = offset;
+
+ for (nleft = count; nleft; nleft -= nwrite) {
+ nwrite = vfs_write(file, ubuf, nleft, &pos);
+ if (nwrite < 0) {
+ if (nwrite == -EAGAIN) {
+ nwrite = 0;
+ continue;
+ } else
+ return nwrite;
+ }
+ ubuf += nwrite;
+ }
+ return count - nleft;
+}
+
+ssize_t kernel_write(struct file *file, loff_t offset,
+ const char *addr, size_t count)
+{
+ mm_segment_t old_fs;
+ ssize_t result;
+
+ old_fs = get_fs();
+ set_fs(get_ds());
+ /* The cast to a user pointer is valid due to the set_fs() */
+ result = _kernel_write(file, offset, (void __user *)addr, count);
+ set_fs(old_fs);
+ return result;
+}
+
+EXPORT_SYMBOL(kernel_write);
+
static int exec_mmap(struct mm_struct *mm)
{
struct task_struct *tsk;
diff --git a/fs/read_write.c b/fs/read_write.c
index 113386d..67b7d83 100644
--- a/fs/read_write.c
+++ b/fs/read_write.c
@@ -361,16 +361,6 @@ ssize_t vfs_write(struct file *file, const char __user *buf, size_t count, loff_
EXPORT_SYMBOL(vfs_write);
-static inline loff_t file_pos_read(struct file *file)
-{
- return file->f_pos;
-}
-
-static inline void file_pos_write(struct file *file, loff_t pos)
-{
- file->f_pos = pos;
-}
-
SYSCALL_DEFINE3(read, unsigned int, fd, char __user *, buf, size_t, count)
{
struct file *file;
diff --git a/fs/splice.c b/fs/splice.c
index 9313b61..188e17d 100644
--- a/fs/splice.c
+++ b/fs/splice.c
@@ -538,21 +538,6 @@ static ssize_t kernel_readv(struct file *file, const struct iovec *vec,
return res;
}
-static ssize_t kernel_write(struct file *file, const char *buf, size_t count,
- loff_t pos)
-{
- mm_segment_t old_fs;
- ssize_t res;
-
- old_fs = get_fs();
- set_fs(get_ds());
- /* The cast to a user pointer is valid due to the set_fs() */
- res = vfs_write(file, (const char __user *)buf, count, &pos);
- set_fs(old_fs);
-
- return res;
-}
-
ssize_t default_file_splice_read(struct file *in, loff_t *ppos,
struct pipe_inode_info *pipe, size_t len,
unsigned int flags)
@@ -1011,7 +996,7 @@ static int write_pipe_buf(struct pipe_inode_info *pipe, struct pipe_buffer *buf,
return ret;
data = buf->ops->map(pipe, buf, 0);
- ret = kernel_write(sd->u.file, data + buf->offset, sd->len, sd->pos);
+ ret = kernel_write(sd->u.file, sd->pos, data + buf->offset, sd->len);
buf->ops->unmap(pipe, buf, data);
return ret;
diff --git a/include/linux/fs.h b/include/linux/fs.h
index 39d57bc..9e8b171 100644
--- a/include/linux/fs.h
+++ b/include/linux/fs.h
@@ -1548,6 +1548,16 @@ ssize_t rw_copy_check_uvector(int type, const struct iovec __user * uvector,
struct iovec *fast_pointer,
struct iovec **ret_pointer);
+static inline loff_t file_pos_read(struct file *file)
+{
+ return file->f_pos;
+}
+
+static inline void file_pos_write(struct file *file, loff_t pos)
+{
+ file->f_pos = pos;
+}
+
extern ssize_t vfs_read(struct file *, char __user *, size_t, loff_t *);
extern ssize_t vfs_write(struct file *, const char __user *, size_t, loff_t *);
extern ssize_t vfs_readv(struct file *, const struct iovec __user *,
@@ -2127,7 +2137,8 @@ extern struct file *do_filp_open(int dfd, const char *pathname,
int open_flag, int mode, int acc_mode);
extern int may_open(struct path *, int, int);
-extern int kernel_read(struct file *, loff_t, char *, unsigned long);
+extern ssize_t kernel_read(struct file *, loff_t, char *, size_t);
+extern ssize_t kernel_write(struct file *, loff_t, const char *, size_t);
extern struct file * open_exec(const char *);
/* fs/dcache.c -- generic fs support functions */
--
1.6.3.3
^ permalink raw reply related [flat|nested] 137+ messages in thread* Re: [PATCH v21 019/100] Make file_pos_read/write() public and export kernel_write()
2010-05-01 14:15 ` [PATCH v21 019/100] Make file_pos_read/write() public and export kernel_write() Oren Laadan
@ 2010-05-06 12:26 ` Josef Bacik
0 siblings, 0 replies; 137+ messages in thread
From: Josef Bacik @ 2010-05-06 12:26 UTC (permalink / raw)
To: Oren Laadan
Cc: Andrew Morton, containers, linux-kernel, Serge Hallyn,
Matt Helsley, Pavel Emelyanov, linux-fsdevel
On Sat, May 01, 2010 at 10:15:01AM -0400, Oren Laadan wrote:
> These three are used in a subsequent patch to allow the kernel c/r
> code to call vfs_read/write() to read and write data to and from the
> checkpoint image.
>
> This patch makes the following changes:
>
> 1) Move kernel_write() from fs/splice.c to fs/exec.c to be near
> kernel_read()
>
> 2) Make kernel_read/write() iterate if they face partial reads or
> writes, and retry if they face -EAGAIN.
>
> 3) Adjust prototypes of kernel_read/write() to use size_t and ssize_t
>
> 4) Move file_pos_read/write() to include/linux/fs.h
>
> Changelog [ckpt-v21]
> - Introduce kernel_write(), fix kernel_read()
>
> Cc: linux-fsdevel@vger.kernel.org
> Signed-off-by: Oren Laadan <orenl@cs.columbia.edu>
> Acked-by: Serge E. Hallyn <serue@us.ibm.com>
> ---
> fs/exec.c | 69 ++++++++++++++++++++++++++++++++++++++++++++++++----
> fs/read_write.c | 10 -------
> fs/splice.c | 17 +------------
> include/linux/fs.h | 13 +++++++++-
> 4 files changed, 77 insertions(+), 32 deletions(-)
>
> diff --git a/fs/exec.c b/fs/exec.c
> index 49cdaa1..7bacb6a 100644
> --- a/fs/exec.c
> +++ b/fs/exec.c
> @@ -693,23 +693,82 @@ exit:
> }
> EXPORT_SYMBOL(open_exec);
>
> -int kernel_read(struct file *file, loff_t offset,
> - char *addr, unsigned long count)
> +static ssize_t _kernel_read(struct file *file, loff_t offset,
> + char __user *ubuf, size_t count)
> {
> - mm_segment_t old_fs;
> + ssize_t nread;
> + size_t nleft;
> loff_t pos = offset;
> - int result;
> +
> + for (nleft = count; nleft; nleft -= nread) {
> + nread = vfs_read(file, ubuf, nleft, &pos);
> + if (nread <= 0) {
> + if (nread == -EAGAIN) {
> + nread = 0;
> + continue;
> + } else if (nread == 0)
> + break;
> + else
> + return nread;
> + }
> + ubuf += nread;
> + }
> + return count - nleft;
> +}
> +
> +ssize_t kernel_read(struct file *file, loff_t offset,
> + char *addr, size_t count)
> +{
> + mm_segment_t old_fs;
> + ssize_t result;
>
> old_fs = get_fs();
> set_fs(get_ds());
> /* The cast to a user pointer is valid due to the set_fs() */
> - result = vfs_read(file, (void __user *)addr, count, &pos);
> + result = _kernel_read(file, offset, (void __user *)addr, count);
> set_fs(old_fs);
> return result;
> }
>
> EXPORT_SYMBOL(kernel_read);
>
> +static ssize_t _kernel_write(struct file *file, loff_t offset,
> + const char __user *ubuf, size_t count)
> +{
> + ssize_t nwrite;
> + size_t nleft;
> + loff_t pos = offset;
> +
> + for (nleft = count; nleft; nleft -= nwrite) {
> + nwrite = vfs_write(file, ubuf, nleft, &pos);
> + if (nwrite < 0) {
> + if (nwrite == -EAGAIN) {
> + nwrite = 0;
> + continue;
> + } else
> + return nwrite;
> + }
> + ubuf += nwrite;
> + }
> + return count - nleft;
> +}
I'm not entirely sure if this can happen, but if vfs_write doesn't write
anything, but doesn't have an error, we could end up in an infinite loop. Like
I said I'm not sure if thats even possible, but its definitely one of those
things that if it is possible some random security guy is going to figure out
how to exploit it at some point down the line.
> +
> +ssize_t kernel_write(struct file *file, loff_t offset,
> + const char *addr, size_t count)
> +{
> + mm_segment_t old_fs;
> + ssize_t result;
> +
> + old_fs = get_fs();
> + set_fs(get_ds());
> + /* The cast to a user pointer is valid due to the set_fs() */
> + result = _kernel_write(file, offset, (void __user *)addr, count);
> + set_fs(old_fs);
> + return result;
> +}
> +
> +EXPORT_SYMBOL(kernel_write);
> +
> static int exec_mmap(struct mm_struct *mm)
> {
> struct task_struct *tsk;
> diff --git a/fs/read_write.c b/fs/read_write.c
> index 113386d..67b7d83 100644
> --- a/fs/read_write.c
> +++ b/fs/read_write.c
> @@ -361,16 +361,6 @@ ssize_t vfs_write(struct file *file, const char __user *buf, size_t count, loff_
>
> EXPORT_SYMBOL(vfs_write);
>
> -static inline loff_t file_pos_read(struct file *file)
> -{
> - return file->f_pos;
> -}
> -
> -static inline void file_pos_write(struct file *file, loff_t pos)
> -{
> - file->f_pos = pos;
> -}
> -
> SYSCALL_DEFINE3(read, unsigned int, fd, char __user *, buf, size_t, count)
> {
> struct file *file;
> diff --git a/fs/splice.c b/fs/splice.c
> index 9313b61..188e17d 100644
> --- a/fs/splice.c
> +++ b/fs/splice.c
> @@ -538,21 +538,6 @@ static ssize_t kernel_readv(struct file *file, const struct iovec *vec,
> return res;
> }
>
> -static ssize_t kernel_write(struct file *file, const char *buf, size_t count,
> - loff_t pos)
> -{
> - mm_segment_t old_fs;
> - ssize_t res;
> -
> - old_fs = get_fs();
> - set_fs(get_ds());
> - /* The cast to a user pointer is valid due to the set_fs() */
> - res = vfs_write(file, (const char __user *)buf, count, &pos);
> - set_fs(old_fs);
> -
> - return res;
> -}
> -
> ssize_t default_file_splice_read(struct file *in, loff_t *ppos,
> struct pipe_inode_info *pipe, size_t len,
> unsigned int flags)
> @@ -1011,7 +996,7 @@ static int write_pipe_buf(struct pipe_inode_info *pipe, struct pipe_buffer *buf,
> return ret;
>
> data = buf->ops->map(pipe, buf, 0);
> - ret = kernel_write(sd->u.file, data + buf->offset, sd->len, sd->pos);
> + ret = kernel_write(sd->u.file, sd->pos, data + buf->offset, sd->len);
> buf->ops->unmap(pipe, buf, data);
>
> return ret;
> diff --git a/include/linux/fs.h b/include/linux/fs.h
> index 39d57bc..9e8b171 100644
> --- a/include/linux/fs.h
> +++ b/include/linux/fs.h
> @@ -1548,6 +1548,16 @@ ssize_t rw_copy_check_uvector(int type, const struct iovec __user * uvector,
> struct iovec *fast_pointer,
> struct iovec **ret_pointer);
>
> +static inline loff_t file_pos_read(struct file *file)
> +{
> + return file->f_pos;
> +}
> +
> +static inline void file_pos_write(struct file *file, loff_t pos)
> +{
> + file->f_pos = pos;
> +}
> +
> extern ssize_t vfs_read(struct file *, char __user *, size_t, loff_t *);
> extern ssize_t vfs_write(struct file *, const char __user *, size_t, loff_t *);
> extern ssize_t vfs_readv(struct file *, const struct iovec __user *,
> @@ -2127,7 +2137,8 @@ extern struct file *do_filp_open(int dfd, const char *pathname,
> int open_flag, int mode, int acc_mode);
> extern int may_open(struct path *, int, int);
>
> -extern int kernel_read(struct file *, loff_t, char *, unsigned long);
> +extern ssize_t kernel_read(struct file *, loff_t, char *, size_t);
> +extern ssize_t kernel_write(struct file *, loff_t, const char *, size_t);
> extern struct file * open_exec(const char *);
>
> /* fs/dcache.c -- generic fs support functions */
> --
I'd say fix that little nit I had above and you can add
Reviewed-by: Josef Bacik <josef@redhat.com>
Thanks,
Josef
^ permalink raw reply [flat|nested] 137+ messages in thread
* [PATCH v21 020/100] c/r: documentation
2010-05-01 14:14 [PATCH v21 00/100] Kernel based checkpoint/restart Oren Laadan
` (18 preceding siblings ...)
2010-05-01 14:15 ` [PATCH v21 019/100] Make file_pos_read/write() public and export kernel_write() Oren Laadan
@ 2010-05-01 14:15 ` Oren Laadan
2010-05-06 20:27 ` Randy Dunlap
2010-05-01 14:15 ` [PATCH v21 021/100] c/r: create syscalls: sys_checkpoint, sys_restart Oren Laadan
` (81 subsequent siblings)
101 siblings, 1 reply; 137+ messages in thread
From: Oren Laadan @ 2010-05-01 14:15 UTC (permalink / raw)
To: Andrew Morton
Cc: containers, linux-kernel, Serge Hallyn, Matt Helsley,
Pavel Emelyanov, Oren Laadan, linux-api, linux-mm, linux-fsdevel,
netdev, Dave Hansen
Covers application checkpoint/restart, overall design, interfaces,
usage, shared objects, and and checkpoint image format.
Changelog[v19-rc1]:
- Update documentation and examples for new syscalls API
- [Liu Alexander] Fix typos
- [Serge Hallyn] Update checkpoint image format
Changelog[v16]:
- Update documentation
- Unify into readme.txt and usage.txt
Changelog[v14]:
- Discard the 'h.parent' field
- New image format (shared objects appear before they are referenced
unless they are compound)
Changelog[v8]:
- Split into multiple files in Documentation/checkpoint/...
- Extend documentation, fix typos and comments from feedback
Cc: linux-api@vger.kernel.org
Cc: linux-mm@kvack.org
Cc: linux-fsdevel@vger.kernel.org
Cc: netdev@vger.kernel.org
Signed-off-by: Oren Laadan <orenl@cs.columbia.edu>
Signed-off-by: Dave Hansen <dave@linux.vnet.ibm.com>
Acked-by: Serge E. Hallyn <serue@us.ibm.com>
Tested-by: Serge E. Hallyn <serue@us.ibm.com>
---
Documentation/checkpoint/checkpoint.c | 38 +++
Documentation/checkpoint/readme.txt | 370 ++++++++++++++++++++++++++++
Documentation/checkpoint/self_checkpoint.c | 69 +++++
Documentation/checkpoint/self_restart.c | 40 +++
Documentation/checkpoint/usage.txt | 247 +++++++++++++++++++
5 files changed, 764 insertions(+), 0 deletions(-)
create mode 100644 Documentation/checkpoint/checkpoint.c
create mode 100644 Documentation/checkpoint/readme.txt
create mode 100644 Documentation/checkpoint/self_checkpoint.c
create mode 100644 Documentation/checkpoint/self_restart.c
create mode 100644 Documentation/checkpoint/usage.txt
diff --git a/Documentation/checkpoint/checkpoint.c b/Documentation/checkpoint/checkpoint.c
new file mode 100644
index 0000000..8560f30
--- /dev/null
+++ b/Documentation/checkpoint/checkpoint.c
@@ -0,0 +1,38 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <unistd.h>
+#include <sys/syscall.h>
+
+#include <linux/checkpoint.h>
+
+static inline int checkpoint(pid_t pid, int fd, unsigned long flags)
+{
+ return syscall(__NR_checkpoint, pid, fd, flags);
+}
+
+int main(int argc, char *argv[])
+{
+ pid_t pid;
+ int ret;
+
+ if (argc != 2) {
+ printf("usage: ckpt PID\n");
+ exit(1);
+ }
+
+ pid = atoi(argv[1]);
+ if (pid <= 0) {
+ printf("invalid pid\n");
+ exit(1);
+ }
+
+ ret = checkpoint(pid, STDOUT_FILENO, CHECKPOINT_SUBTREE);
+
+ if (ret < 0)
+ perror("checkpoint");
+ else
+ printf("checkpoint id %d\n", ret);
+
+ return (ret > 0 ? 0 : 1);
+}
diff --git a/Documentation/checkpoint/readme.txt b/Documentation/checkpoint/readme.txt
new file mode 100644
index 0000000..4fa5560
--- /dev/null
+++ b/Documentation/checkpoint/readme.txt
@@ -0,0 +1,370 @@
+
+ Checkpoint-Restart support in the Linux kernel
+ ==========================================================
+
+Copyright (C) 2008-2010 Oren Laadan
+
+Author: Oren Laadan <orenl@cs.columbia.edu>
+
+License: The GNU Free Documentation License, Version 1.2
+ (dual licensed under the GPL v2)
+
+Contributors: Oren Laadan <orenl@cs.columbia.edu>
+ Serge Hallyn <serue@us.ibm.com>
+ Dan Smith <danms@us.ibm.com>
+ Matt Helsley <matthltc@us.ibm.com>
+ Nathan Lynch <ntl@pobox.com>
+ Sukadev Bhattiprolu <sukadev@linux.vnet.ibm.com>
+ Dave Hansen <dave@linux.vnet.ibm.com>
+
+
+Introduction
+============
+
+Application checkpoint/restart [C/R] is the ability to save the state
+of a running application so that it can later resume its execution
+from the time at which it was checkpointed. An application can be
+migrated by checkpointing it on one machine and restarting it on
+another. C/R can provide many potential benefits:
+
+* Failure recovery: by rolling back to a previous checkpoint
+
+* Improved response time: by restarting applications from checkpoints
+ instead of from scratch.
+
+* Improved system utilization: by suspending long running CPU
+ intensive jobs and resuming them when load decreases.
+
+* Fault resilience: by migrating applications off faulty hosts.
+
+* Dynamic load balancing: by migrating applications to less loaded
+ hosts.
+
+* Improved service availability and administration: by migrating
+ applications before host maintenance so that they continue to run
+ with minimal downtime
+
+* Time-travel: by taking periodic checkpoints and restarting from
+ any previous checkpoint.
+
+Compared to hypervisor approaches, application C/R is more lightweight
+since it need only save the state associated with applications, while
+operating system data structures (e.g. buffer cache, drivers state
+and the like) are uninteresting.
+
+
+Overall design
+==============
+
+Checkpoint and restart are done in the kernel as much as possible.
+Two new system calls are introduced to provide C/R: sys_checkpoint()
+and sys_restart(). They both operate on a process tree (hierarchy),
+either a whole container or a subtree of a container.
+
+Checkpointing entire containers ensures that there are no dependencies
+on anything outside the container, which guarantees that a matching
+restart will succeed (assuming that the file system state remains
+consistent). However, it requires that users will always run the tasks
+that they wish to checkpoint inside containers. This is ideal for,
+e.g., private virtual servers and the like.
+
+In contrast, when checkpointing a subtree of a container it is up to
+the user to ensure that dependencies either don't exist or can be
+safely ignored. This is useful, for instance, for HPC scenarios or
+even a user that would like to periodically checkpoint a long-running
+batch job.
+
+An additional system call, a la madvise(), is planned, so that tasks
+can advise the kernel how to handle specific resources. For instance,
+a task could ask to skip a memory area at checkpoint to save space,
+or to use a preset file descriptor at restart instead of restoring it
+from the checkpoint image. It will provide the flexibility that is
+particularly useful to address the needs of a diverse crowd of users
+and use-cases.
+
+Syscall sys_checkpoint() is given a pid that indicates the top of the
+hierarchy, a file descriptor to store the image, and flags. The code
+serializes internal user- and kernel-state and writes it out to the
+file descriptor. The resulting image is stream-able. The processes are
+expected to be frozen for the duration of the checkpoint.
+
+In general, a checkpoint consists of 5 steps:
+1. Pre-dump
+2. Freeze the container/subtree
+3. Save tasks' and kernel state <-- sys_checkpoint()
+4. Thaw (or kill) the container/subtree
+5. Post-dump
+
+Step 3 is done by calling sys_checkpoint(). Steps 1 and 5 are an
+optimization to reduce application downtime. In particular, "pre-dump"
+works before freezing the container, e.g. the pre-copy for live
+migration, and "post-dump" works after the container resumes
+execution, e.g. write-back the data to secondary storage.
+
+The kernel exports a relatively opaque 'blob' of data to userspace
+which can then be handed to the new kernel at restart time. The
+'blob' contains data and state of select portions of kernel structures
+such as VMAs and mm_structs, as well as copies of the actual memory
+that the tasks use. Any changes in this blob's format between kernel
+revisions can be handled by an in-userspace conversion program.
+
+To restart, userspace first create a process hierarchy that matches
+that of the checkpoint, and each task calls sys_restart(). The syscall
+reads the saved kernel state from a file descriptor, and re-creates
+the resources that the tasks need to resume execution. The restart
+code is executed by each task that is restored in the new hierarchy to
+reconstruct its own state.
+
+In general, a restart consists of 3 steps:
+1. Create hierarchy
+2. Restore tasks' and kernel state <-- sys_restart()
+3. Resume userspace (or freeze tasks)
+
+Because the process hierarchy, during restart in created in userspace,
+the restarting tasks have the flexibility to prepare before calling
+sys_restart().
+
+
+Checkpoint image format
+=======================
+
+The checkpoint image format is built of records that consist of a
+pre-header identifying its contents, followed by a payload. This
+format allow userspace tools to easily parse and skip through the
+image without requiring intimate knowledge of the data. It will also
+be handy to enable parallel checkpointing in the future where multiple
+threads interleave data from multiple processes into a single stream.
+
+The pre-header is defined by 'struct ckpt_hdr' as follows: @type
+identifies the type of the payload, @len tells its length in bytes
+including the pre-header.
+
+struct ckpt_hdr {
+ __s32 type;
+ __s32 len;
+};
+
+The pre-header must be the first component in all other headers. For
+instance, the task data is saved in 'struct ckpt_hdr_task', which
+looks something like this:
+
+struct ckpt_hdr_task {
+ struct ckpt_hdr h;
+ __u32 pid;
+ ...
+};
+
+THE IMAGE FORMAT IS EXPECTED TO CHANGE over time as more features are
+supported, or as existing features change in the kernel and require to
+adjust their representation. Any such changes will be be handled by
+in-userspace conversion tools.
+
+The general format of the checkpoint image is as follows:
+* Image header
+* Container configuration
+* Task hierarchy
+* Tasks' state
+* Image trailer
+
+The image always begins with a general header that holds a magic
+number, an architecture identifier (little endian format), a format
+version number (@rev), followed by information about the kernel
+(currently version and UTS data). It also holds the time of the
+checkpoint and the flags given to sys_checkpoint(). This header is
+followed by an arch-specific header.
+
+The container configuration section containers information that is
+global to the container. Security (LSM) configuration is one example.
+Network configuration and container-wide mounts may also go here, so
+that the userspace restart coordinator can re-create a suitable
+environment.
+
+The task hierarchy comes next so that userspace tools can read it
+early (even from a stream) and re-create the restarting tasks. This is
+basically an array of all checkpointed tasks, and their relationships
+(parent, siblings, threads, etc).
+
+Then the state of all tasks is saved, in the order that they appear in
+the tasks array above. For each state, we save data like task_struct,
+namespaces, open files, memory layout, memory contents, cpu state,
+signals and signal handlers, etc. For resources that are shared among
+multiple processes, we first checkpoint said resource (and only once),
+and in the task data we give a reference to it. More about shared
+resources below.
+
+Finally, the image always ends with a trailer that holds a (different)
+magic number, serving for sanity check.
+
+
+Shared objects
+==============
+
+Many resources may be shared by multiple tasks (e.g. file descriptors,
+memory address space, etc), or even have multiple references from
+other resources (e.g. a single inode that represents two ends of a
+pipe).
+
+Shared objects are tracked using a hash table (objhash) to ensure that
+they are only checkpointed or restored once. To handle a shared
+object, it is first looked up in the hash table, to determine if is
+the first encounter or a recurring appearance. The hash table itself
+is not saved as part of the checkpoint image: it is constructed
+dynamically during both checkpoint and restart, and discarded at the
+end of the operation.
+
+During checkpoint, when a shared object is encountered for the first
+time, it is inserted to the hash table, indexed by its kernel address.
+It is assigned an identifier (@objref) in order of appearance, and
+then its state is saved. Subsequent lookups of that object in the hash
+will yield that entry, in which case only the @objref is saved, as
+opposed the entire state of the object.
+
+During restart, shared objects are indexed by their @objref as given
+during the checkpoint. On the first appearance of each shared object,
+a new resource will be created and its state restored from the image.
+Then the object is added to the hash table. Subsequent lookups of the
+same unique identifier in the hash table will yield that entry, and
+then the existing object instance is reused instead of creating
+a new one.
+
+The hash grabs a reference to each object that is inserted, and
+maintains this reference for the entire lifetime of the hash. Thus,
+it is always safe to reference an object that is stored in the hash.
+The hash is "one-way" in the sense that objects that are added are
+never deleted from the hash until the hash is discarded. This, in
+turn, happens only when the checkpoint (or restart) terminates.
+
+Shared objects are thus saved when they are first seen, and _before_
+the parent object that uses them. Therefore by the time the parent
+objects needs them, they should already be in the objhash. The one
+exception is when more than a single shared resource will be restarted
+at once (e.g. like the two ends of a pipe, or all the namespaces in an
+nsproxy). In this case the parent object is dumped first followed by
+the individual sub-resources).
+
+The checkpoint image is stream-able, meaning that restarting from it
+may not require lseek(). This is enforced at checkpoint time, by
+carefully selecting the order of shared objects, to respect the rule
+that an object is always saved before the objects that refers to it.
+
+
+Memory contents format
+======================
+
+The memory contents of a given memory address space (->mm) is dumped
+as a sequence of vma objects, represented by 'struct ckpt_hdr_vma'.
+This header details the vma properties, and a reference to a file
+(if file backed) or an inode (or shared memory) object.
+
+The vma header is followed by the actual contents - but only those
+pages that need to be saved, i.e. dirty pages. They are written in
+chunks of data, where each chunks contains a header that indicates
+that number of pages in the chunk, followed by an array of virtual
+addresses and then an array of actual page contents. The last chunk
+holds zero pages.
+
+To illustrate this, consider a single simple task with two vmas: one
+is file mapped with two dumped pages, and the other is anonymous with
+three dumped pages. The memory dump will look like this:
+
+ ckpt_hdr + ckpt_hdr_vma
+ ckpt_hdr_pgarr (nr_pages = 2)
+ addr1, addr2
+ page1, page2
+ ckpt_hdr_pgarr (nr_pages = 0)
+ ckpt_hdr + ckpt_hdr_vma
+ ckpt_hdr_pgarr (nr_pages = 3)
+ addr3, addr4, addr5
+ page3, page4, page5
+ ckpt_hdr_pgarr (nr_pages = 0)
+
+
+Error handling
+==============
+
+Both checkpoint and restart operations may fail due to a variety of
+reasons. Using a simple, single return value from the system call is
+insufficient to report the reason of a failure.
+
+Instead, both sys_checkpoint() and sys_restart() accept an additional
+argument - a file descriptor to which the kernel writes diagnostic
+and debugging information. Both the checkpoint and restart userspace
+utilities have options to specify a filename to store this log.
+
+In addition, checkpoint provides informative status report upon
+failure in the checkpoint image in the form of (one or more) error
+objects, 'struct ckpt_hdr_err'. An error objects consists of a
+mandatory pre-header followed by a null character ('\0'), and then a
+string that describes the error. By default, if an error occurs, this
+will be the last object written to the checkpoint image.
+
+Upon failure, the caller can examine the image (e.g. with 'ckptinfo')
+and extract the detailed error message. The leading '\0' is useful if
+one wants to seek back from the end of the checkpoint image, instead
+of parsing the entire image separately.
+
+
+Security
+========
+
+The main question is whether sys_checkpoint() and sys_restart()
+require privileged or unprivileged operation.
+
+Early versions checked capable(CAP_SYS_ADMIN) assuming that we would
+attempt to remove the need for privilege, so that all users could
+safely use it. Arnd Bergmann pointed out that it'd make more sense to
+let unprivileged users use them now, so that we'll be more careful
+about the security as patches roll in.
+
+Checkpoint: the main concern is whether a task that performs the
+checkpoint of another task has sufficient privileges to access its
+state. We address this by requiring that the checkpointer task will be
+able to ptrace the target task, by means of ptrace_may_access() with
+access mode.
+
+Restart: the main concern is that we may allow an unprivileged user to
+feed the kernel with random data. To this end, the restart works in a
+way that does not skip the usual security checks. Task credentials,
+i.e. euid, reuid, and LSM security contexts currently come from the
+caller, not the checkpoint image. As credentials are restored too,
+the ability of a task that calls sys_restore() to setresuid/setresgid
+to those values must be checked.
+
+Keeping the restart procedure to operate within the limits of the
+caller's credentials means that there various scenarios that cannot
+be supported. For instance, a setuid program that opened a protected
+log file and then dropped privileges will fail the restart, because
+the user won't have enough credentials to reopen the file. In these
+cases, we should probably treat restarting like inserting a kernel
+module: surely the user can cause havoc by providing incorrect data,
+but then again we must trust the root account.
+
+So that's why we don't want CAP_SYS_ADMIN required up-front. That way
+we will be forced to more carefully review each of those features.
+However, this can be controlled with a sysctl-variable.
+
+
+Kernel interfaces
+=================
+
+* To checkpoint a vma, the 'struct vm_operations_struct' needs to
+ provide a method ->checkpoint:
+ int checkpoint(struct ckpt_ctx *, struct vma_struct *)
+ Restart requires a matching (exported) restore:
+ int restore(struct ckpt_ctx *, struct mm_struct *, struct ckpt_hdr_vma *)
+
+* To checkpoint a file, the 'struct file_operations' needs to provide
+ the methods ->checkpoint and ->collect:
+ int checkpoint(struct ckpt_ctx *, struct file *)
+ int collect(struct ckpt_ctx *, struct file *)
+ Restart requires a matching (exported) restore:
+ int restore(struct ckpt_ctx *, struct ckpt_hdr_file *)
+ For most file systems, generic_file_{checkpoint,restore}() can be
+ used.
+
+* To checkpoint a socket, the 'struct proto_ops' needs to provide
+ the methods ->checkpoint, ->collect and ->restore:
+ int checkpoint(struct ckpt_ctx *ctx, struct socket *sock);
+ int collect(struct ckpt_ctx *ctx, struct socket *sock);
+ int restore(struct ckpt_ctx *, struct socket *sock, struct ckpt_hdr_socket *h)
+
diff --git a/Documentation/checkpoint/self_checkpoint.c b/Documentation/checkpoint/self_checkpoint.c
new file mode 100644
index 0000000..27dba0d
--- /dev/null
+++ b/Documentation/checkpoint/self_checkpoint.c
@@ -0,0 +1,69 @@
+/*
+ * self_checkpoint.c: demonstrate self-checkpoint
+ *
+ * Copyright (C) 2008 Oren Laadan
+ *
+ * This file is subject to the terms and conditions of the GNU General Public
+ * License. See the file COPYING in the main directory of the Linux
+ * distribution for more details.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <errno.h>
+#include <math.h>
+#include <sys/syscall.h>
+
+#include <linux/checkpoint.h>
+
+static inline int checkpoint(pid_t pid, int fd, unsigned long flags)
+{
+ return syscall(__NR_checkpoint, pid, fd, flags, CHECKPOINT_FD_NONE);
+}
+
+#define OUTFILE "/tmp/cr-self.out"
+
+int main(int argc, char *argv[])
+{
+ pid_t pid = getpid();
+ FILE *file;
+ int i, ret;
+
+ close(0);
+ close(2);
+
+ unlink(OUTFILE);
+ file = fopen(OUTFILE, "w+");
+ if (!file) {
+ perror("open");
+ exit(1);
+ }
+ if (dup2(0, 2) < 0) {
+ perror("dup2");
+ exit(1);
+ }
+
+ fprintf(file, "hello, world!\n");
+ fflush(file);
+
+ for (i = 0; i < 1000; i++) {
+ sleep(1);
+ fprintf(file, "count %d\n", i);
+ fflush(file);
+
+ if (i != 2)
+ continue;
+ ret = checkpoint(pid, STDOUT_FILENO, CHECKPOINT_SUBTREE);
+ if (ret < 0) {
+ fprintf(file, "ckpt: %s\n", strerror(errno));
+ exit(2);
+ }
+
+ fprintf(file, "checkpoint ret: %d\n", ret);
+ fflush(file);
+ }
+
+ return 0;
+}
diff --git a/Documentation/checkpoint/self_restart.c b/Documentation/checkpoint/self_restart.c
new file mode 100644
index 0000000..647ce51
--- /dev/null
+++ b/Documentation/checkpoint/self_restart.c
@@ -0,0 +1,40 @@
+/*
+ * self_restart.c: demonstrate self-restart
+ *
+ * Copyright (C) 2008 Oren Laadan
+ *
+ * This file is subject to the terms and conditions of the GNU General Public
+ * License. See the file COPYING in the main directory of the Linux
+ * distribution for more details.
+ */
+
+#define _GNU_SOURCE /* or _BSD_SOURCE or _SVID_SOURCE */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include <unistd.h>
+#include <sys/syscall.h>
+
+#include <linux/checkpoint.h>
+
+static inline int restart(pid_t pid, int fd, unsigned long flags)
+{
+ return syscall(__NR_restart, pid, fd, flags, CHECKPOINT_FD_NONE);
+}
+
+int main(int argc, char *argv[])
+{
+ pid_t pid = getpid();
+ int ret;
+
+ ret = restart(pid, STDIN_FILENO, RESTART_TASKSELF);
+ if (ret < 0)
+ perror("restart");
+
+ printf("should not reach here !\n");
+
+ return 0;
+}
diff --git a/Documentation/checkpoint/usage.txt b/Documentation/checkpoint/usage.txt
new file mode 100644
index 0000000..c6fc045
--- /dev/null
+++ b/Documentation/checkpoint/usage.txt
@@ -0,0 +1,247 @@
+
+ How to use Checkpoint-Restart
+ =========================================
+
+
+API
+===
+
+The API consists of three new system calls:
+
+* long checkpoint(pid_t pid, int fd, unsigned long flag, int logfd);
+
+ Checkpoint a (sub-)container whose root task is identified by @pid,
+ to the open file indicated by @fd. If @logfd isn't -1, it indicates
+ an open file to which error and debug messages are written. @flags
+ may be one or more of:
+ - CHECKPOINT_SUBTREE : allow checkpoint of sub-container
+ (other value are not allowed).
+
+ Returns: a positive checkpoint identifier (ckptid) upon success, 0 if
+ it returns from a restart, and -1 if an error occurs. The ckptid will
+ uniquely identify a checkpoint image, for as long as the checkpoint
+ is kept in the kernel (e.g. if one wishes to keep a checkpoint, or a
+ partial checkpoint, residing in kernel memory).
+
+* long sys_restart(pid_t pid, int fd, unsigned long flags, int logfd);
+
+ Restart a process hierarchy from a checkpoint image that is read from
+ the blob stored in the file indicated by @fd. If @logfd isn't -1, it
+ indicates an open file to which error and debug messages are written.
+ @flags will have future meaning (must be 0 for now). @pid indicates
+ the root of the hierarchy as seen in the coordinator's pid-namespace,
+ and is expected to be a child of the coordinator. @flags may be one
+ or more of:
+ - RESTART_TASKSELF : (self) restart of a single process
+ - RESTART_FROEZN : processes remain frozen once restart completes
+ - RESTART_GHOST : process is a ghost (placeholder for a pid)
+ (Note that this argument may mean 'ckptid' to identify an in-kernel
+ checkpoint image, with some @flags in the future).
+
+ Returns: -1 if an error occurs, 0 on success when restarting from a
+ "self" checkpoint, and return value of system call at the time of the
+ checkpoint when restarting from an "external" checkpoint.
+
+ (If a process was frozen for checkpoint while in userspace, it will
+ resume running in userspace exactly where it was interrupted. If it
+ was frozen while in kernel doing a syscall, it will return what the
+ syscall returned when interrupted/completed, and proceed from there
+ as if it had only been frozen and then thawed. Finally, if it did a
+ self-checkpoint, it will resume to the first instruction after the
+ call to checkpoint(2), having returned 0, to indicate whether the
+ return is from the checkpoint or a restart).
+
+* int clone_with_pid(unsigned long clone_flags, void *news,
+ int *parent_tidptr, int *child_tidptr,
+ struct target_pid_set *pid_set)
+
+ struct target_pid_set {
+ int num_pids;
+ pid_t *target_pids;
+ }
+
+ Container restart requires that a task have the same pid it had when
+ it was checkpointed. When containers are nested the tasks within the
+ containers exist in multiple pid namespaces and hence have multiple
+ pids to specify during restart.
+
+ clone_with_pids(), intended for use during restart, is similar to
+ clone(), except that it takes a 'target_pid_set' parameter. This
+ parameter lets caller choose specific pid numbers for the child
+ process, in the process's active and ancestor pid namespaces.
+
+ Unlike clone(), clone_with_pids() needs CAP_SYS_ADMIN, at least for
+ now, to prevent unprivileged processes from misusing this interface.
+
+ If a target-pid is 0, the kernel continues to assign a pid for the
+ process in that namespace. If a requested pid is taken, the system
+ call fails with -EBUSY. If 'pid_set.num_pids' exceeds the current
+ nesting level of pid namespaces, the system call fails with -EINVAL.
+
+
+Sysctl/proc
+===========
+
+/proc/sys/kernel/ckpt_unpriv_allowed [default = 1]
+ controls whether c/r operation is allowed for unprivileged users
+
+
+Operation
+=========
+
+The granularity of a checkpoint usually is a process hierarchy. The
+'pid' argument is interpreted in the caller's pid namespace. So to
+checkpoint a container whose init task (pid 1 in that pidns) appears
+as pid 3497 the caller's pidns, the caller must use pid 3497. Passing
+pid 1 will attempt to checkpoint the caller's container, and if the
+caller isn't privileged and init is owned by root, it will fail.
+
+Unless the CHECKPOINT_SUBTREE flag is set, if the caller passes a pid
+which does not refer to a container's init task, then sys_checkpoint()
+would return -EINVAL.
+
+We assume that during checkpoint and restart the container state is
+quiescent. During checkpoint, this means that all affected tasks are
+frozen (or otherwise stopped). During restart, this means that all
+affected tasks are executing the sys_restart() call. In both cases, if
+there are other tasks possible sharing state with the container, they
+must not modify it during the operation. It is the responsibility of
+the caller to follow this requirement.
+
+If the assumption that all tasks are frozen and that there is no other
+sharing doesn't hold - then the results of the operation are undefined
+(just as, e.g. not calling execve() immediately after vfork() produces
+undefined results). In particular, either checkpoint will fail, or it
+may produce a checkpoint image that can't be restarted, or (unlikely)
+the restart may produce a container whose state does not match that of
+the original container.
+
+
+User tools
+==========
+
+* checkpoint(1): a tool to perform a checkpoint of a container/subtree
+* restart(1): a tool to restart a container/subtree
+* ckptinfo: a tool to examine a checkpoint image
+
+It is best to use the dedicated user tools for checkpoint and restart.
+
+If you insist, then here is a code snippet that illustrates how a
+checkpoint is initiated by a process inside a container - the logic is
+similar to fork():
+ ...
+ ckptid = checkpoint(0, ...);
+ switch (crid) {
+ case -1:
+ perror("checkpoint failed");
+ break;
+ default:
+ fprintf(stderr, "checkpoint succeeded, CRID=%d\n", ret);
+ /* proceed with execution after checkpoint */
+ ...
+ break;
+ case 0:
+ fprintf(stderr, "returned after restart\n");
+ /* proceed with action required following a restart */
+ ...
+ break;
+ }
+ ...
+
+And to initiate a restart, the process in an empty container can use
+logic similar to execve():
+ ...
+ if (restart(pid, ...) < 0)
+ perror("restart failed");
+ /* only get here if restart failed */
+ ...
+
+Note, that the code also supports "self" checkpoint, where a process
+can checkpoint itself. This mode does not capture the relationships of
+the task with other tasks, or any shared resources. It is useful for
+application that wish to be able to save and restore their state.
+They will either not use (or care about) shared resources, or they
+will be aware of the operations and adapt suitably after a restart.
+The code above can also be used for "self" checkpoint.
+
+
+You may find the following sample programs useful:
+
+* checkpoint.c: accepts a 'pid' and checkpoint that task to stdout
+* self_checkpoint.c: a simple test program doing self-checkpoint
+* self_restart.c: restarts a (self-) checkpoint image from stdin
+
+See also the utilities 'checkpoint' and 'restart' (from user-cr).
+
+
+"External" checkpoint
+=====================
+
+To do "external" checkpoint, you need to first freeze that other task
+either using the freezer cgroup.
+
+Restart does not preserve the original PID yet, (because we haven't
+solved yet the fork-with-specific-pid issue). In a real scenario, you
+probably want to first create a new names space, and have the init
+task there call 'sys_restart()'.
+
+I tested it this way:
+ $ ./test &
+ [1] 3493
+
+ $ echo 3493 > /cgroup/0/tasks
+ $ echo FROZEN > /cgroup/0/freezer.state
+ $ ./checkpoint 3493 > ckpt.image
+
+ $ mv /tmp/cr-test.out /tmp/cr-test.out.orig
+ $ cp /tmp/cr-test.out.orig /tmp/cr-test.out
+
+ $ echo THAWED > /cgroup/0/freezer.state
+
+ $ ./self_restart < ckpt.image
+Now compare the output of the two output files.
+
+
+"Self" checkpoint
+================
+
+To do self-checkpoint, you can incorporate the code from
+self_checkpoint.c into your application.
+
+Here is how to test the self-checkpoint:
+ $ ./self_checkpoint > self.image &
+ [1] 3512
+
+ $ sleep 3
+ $ mv /tmp/cr-self.out /tmp/cr-self.out.orig
+ $ cp /tmp/cr-self.out.orig /tmp/cr-self.out
+
+ $ cat /tmp/cr-self.out
+ hello, world!
+ count 0
+ count 1
+ count 2
+ checkpoint ret: 1
+ count 3
+ ...
+
+ $ sed -i 's/count/xxxxx/g' /tmp/cr-self.out
+
+ $ ./self_restart < self.image &
+
+Now compare the output of the two output files.
+ $ cat /tmp/cr-self.out
+ hello, world!
+ xxxxx 0
+ xxxxx 1
+ xxxxx 2
+ checkpoint ret: 0
+ count 3
+ ...
+
+
+Note how in test.c we close stdin, stdout, stderr - that's because
+currently we only support regular files (not ttys/ptys).
+
+If you check the output of ps, you'll see that "self_restart" changed
+its name to "test" or "self_checkpoint", as expected.
--
1.6.3.3
^ permalink raw reply related [flat|nested] 137+ messages in thread* Re: [PATCH v21 020/100] c/r: documentation
2010-05-01 14:15 ` [PATCH v21 020/100] c/r: documentation Oren Laadan
@ 2010-05-06 20:27 ` Randy Dunlap
2010-05-07 6:54 ` Oren Laadan
0 siblings, 1 reply; 137+ messages in thread
From: Randy Dunlap @ 2010-05-06 20:27 UTC (permalink / raw)
To: Oren Laadan
Cc: Andrew Morton, containers, linux-kernel, Serge Hallyn,
Matt Helsley, Pavel Emelyanov, linux-api, linux-mm, linux-fsdevel,
netdev, Dave Hansen
On Sat, 1 May 2010 10:15:02 -0400 Oren Laadan wrote:
> Covers application checkpoint/restart, overall design, interfaces,
> usage, shared objects, and and checkpoint image format.
>
> Signed-off-by: Oren Laadan <orenl@cs.columbia.edu>
> Signed-off-by: Dave Hansen <dave@linux.vnet.ibm.com>
> Acked-by: Serge E. Hallyn <serue@us.ibm.com>
> Tested-by: Serge E. Hallyn <serue@us.ibm.com>
> ---
> Documentation/checkpoint/checkpoint.c | 38 +++
> Documentation/checkpoint/readme.txt | 370 ++++++++++++++++++++++++++++
> Documentation/checkpoint/self_checkpoint.c | 69 +++++
> Documentation/checkpoint/self_restart.c | 40 +++
> Documentation/checkpoint/usage.txt | 247 +++++++++++++++++++
> 5 files changed, 764 insertions(+), 0 deletions(-)
> create mode 100644 Documentation/checkpoint/checkpoint.c
> create mode 100644 Documentation/checkpoint/readme.txt
> create mode 100644 Documentation/checkpoint/self_checkpoint.c
> create mode 100644 Documentation/checkpoint/self_restart.c
> create mode 100644 Documentation/checkpoint/usage.txt
> diff --git a/Documentation/checkpoint/readme.txt b/Documentation/checkpoint/readme.txt
> new file mode 100644
> index 0000000..4fa5560
> --- /dev/null
> +++ b/Documentation/checkpoint/readme.txt
> @@ -0,0 +1,370 @@
> +
...
> +In contrast, when checkpointing a subtree of a container it is up to
> +the user to ensure that dependencies either don't exist or can be
> +safely ignored. This is useful, for instance, for HPC scenarios or
> +even a user that would like to periodically checkpoint a long-running
who
> +batch job.
> +
...
> +
> +Checkpoint image format
> +=======================
> +
...
> +
> +The container configuration section containers information that is
contains
> +global to the container. Security (LSM) configuration is one example.
> +Network configuration and container-wide mounts may also go here, so
> +that the userspace restart coordinator can re-create a suitable
> +environment.
> +
...
> +
> +Then the state of all tasks is saved, in the order that they appear in
> +the tasks array above. For each state, we save data like task_struct,
> +namespaces, open files, memory layout, memory contents, cpu state,
CPU (throughout, please)
> +signals and signal handlers, etc. For resources that are shared among
> +multiple processes, we first checkpoint said resource (and only once),
> +and in the task data we give a reference to it. More about shared
> +resources below.
> +
...
> +
> +Shared objects
> +==============
> +
> +Many resources may be shared by multiple tasks (e.g. file descriptors,
> +memory address space, etc), or even have multiple references from
etc.),
> +other resources (e.g. a single inode that represents two ends of a
> +pipe).
> +
...
> +Memory contents format
> +======================
> +
> +The memory contents of a given memory address space (->mm) is dumped
are (I think)
> +as a sequence of vma objects, represented by 'struct ckpt_hdr_vma'.
> +This header details the vma properties, and a reference to a file
> +(if file backed) or an inode (or shared memory) object.
> +
> +The vma header is followed by the actual contents - but only those
> +pages that need to be saved, i.e. dirty pages. They are written in
> +chunks of data, where each chunks contains a header that indicates
chunk
> +that number of pages in the chunk, followed by an array of virtual
the
> +addresses and then an array of actual page contents. The last chunk
> +holds zero pages.
> +
...
> +Kernel interfaces
> +=================
> +
> +* To checkpoint a vma, the 'struct vm_operations_struct' needs to
> + provide a method ->checkpoint:
> + int checkpoint(struct ckpt_ctx *, struct vma_struct *)
> + Restart requires a matching (exported) restore:
> + int restore(struct ckpt_ctx *, struct mm_struct *, struct ckpt_hdr_vma *)
> +
> +* To checkpoint a file, the 'struct file_operations' needs to provide
> + the methods ->checkpoint and ->collect:
> + int checkpoint(struct ckpt_ctx *, struct file *)
> + int collect(struct ckpt_ctx *, struct file *)
> + Restart requires a matching (exported) restore:
> + int restore(struct ckpt_ctx *, struct ckpt_hdr_file *)
> + For most file systems, generic_file_{checkpoint,restore}() can be
> + used.
> +
> +* To checkpoint a socket, the 'struct proto_ops' needs to provide
To checkpoint/restart a socket,
> + the methods ->checkpoint, ->collect and ->restore:
> + int checkpoint(struct ckpt_ctx *ctx, struct socket *sock);
> + int collect(struct ckpt_ctx *ctx, struct socket *sock);
> + int restore(struct ckpt_ctx *, struct socket *sock, struct ckpt_hdr_socket *h)
> diff --git a/Documentation/checkpoint/usage.txt b/Documentation/checkpoint/usage.txt
> new file mode 100644
> index 0000000..c6fc045
> --- /dev/null
> +++ b/Documentation/checkpoint/usage.txt
> @@ -0,0 +1,247 @@
> +
> + How to use Checkpoint-Restart
> + =========================================
> +
> +
> +API
> +===
> +
> +The API consists of three new system calls:
> +
> +* long checkpoint(pid_t pid, int fd, unsigned long flag, int logfd);
flags,
> +
> + Checkpoint a (sub-)container whose root task is identified by @pid,
> + to the open file indicated by @fd. If @logfd isn't -1, it indicates
> + an open file to which error and debug messages are written. @flags
> + may be one or more of:
> + - CHECKPOINT_SUBTREE : allow checkpoint of sub-container
> + (other value are not allowed).
> +
> + Returns: a positive checkpoint identifier (ckptid) upon success, 0 if
> + it returns from a restart, and -1 if an error occurs. The ckptid will
> + uniquely identify a checkpoint image, for as long as the checkpoint
> + is kept in the kernel (e.g. if one wishes to keep a checkpoint, or a
> + partial checkpoint, residing in kernel memory).
> +
> +* long sys_restart(pid_t pid, int fd, unsigned long flags, int logfd);
> +
> + Restart a process hierarchy from a checkpoint image that is read from
> + the blob stored in the file indicated by @fd. If @logfd isn't -1, it
> + indicates an open file to which error and debug messages are written.
> + @flags will have future meaning (must be 0 for now). @pid indicates
> + the root of the hierarchy as seen in the coordinator's pid-namespace,
> + and is expected to be a child of the coordinator. @flags may be one
> + or more of:
> + - RESTART_TASKSELF : (self) restart of a single process
> + - RESTART_FROEZN : processes remain frozen once restart completes
FROZEN ?
> + - RESTART_GHOST : process is a ghost (placeholder for a pid)
about @flags: Above says both of these:
a) @flags will have future meaning (must be 0 for now)
b) @flags may be one or more of:
so please decide which one it is ;)
> + (Note that this argument may mean 'ckptid' to identify an in-kernel
> + checkpoint image, with some @flags in the future).
> +
> + Returns: -1 if an error occurs, 0 on success when restarting from a
> + "self" checkpoint, and return value of system call at the time of the
> + checkpoint when restarting from an "external" checkpoint.
> +
...
> +
> +Sysctl/proc
> +===========
> +
> +/proc/sys/kernel/ckpt_unpriv_allowed [default = 1]
> + controls whether c/r operation is allowed for unprivileged users
C/R
> +
> +
> +Operation
> +=========
> +
> +The granularity of a checkpoint usually is a process hierarchy. The
> +'pid' argument is interpreted in the caller's pid namespace. So to
> +checkpoint a container whose init task (pid 1 in that pidns) appears
> +as pid 3497 the caller's pidns, the caller must use pid 3497. Passing
> +pid 1 will attempt to checkpoint the caller's container, and if the
> +caller isn't privileged and init is owned by root, it will fail.
> +
> +Unless the CHECKPOINT_SUBTREE flag is set, if the caller passes a pid
> +which does not refer to a container's init task, then sys_checkpoint()
> +would return -EINVAL.
returns -EINVAL.
...
> +
> +
> +User tools
> +==========
> +
> +* checkpoint(1): a tool to perform a checkpoint of a container/subtree
> +* restart(1): a tool to restart a container/subtree
> +* ckptinfo: a tool to examine a checkpoint image
> +
> +It is best to use the dedicated user tools for checkpoint and restart.
> +
> +If you insist, then here is a code snippet that illustrates how a
> +checkpoint is initiated by a process inside a container - the logic is
> +similar to fork():
> + ...
> + ckptid = checkpoint(0, ...);
> + switch (crid) {
(ckptid) ?
> + case -1:
> + perror("checkpoint failed");
> + break;
> + default:
> + fprintf(stderr, "checkpoint succeeded, CRID=%d\n", ret);
s/ret/ckptid/ ?
> + /* proceed with execution after checkpoint */
> + ...
> + break;
> + case 0:
> + fprintf(stderr, "returned after restart\n");
> + /* proceed with action required following a restart */
> + ...
> + break;
> + }
> + ...
> +
> +And to initiate a restart, the process in an empty container can use
> +logic similar to execve():
> + ...
> + if (restart(pid, ...) < 0)
> + perror("restart failed");
> + /* only get here if restart failed */
> + ...
> +
> +Note, that the code also supports "self" checkpoint, where a process
Note that
> +can checkpoint itself. This mode does not capture the relationships of
> +the task with other tasks, or any shared resources. It is useful for
> +application that wish to be able to save and restore their state.
applications
> +They will either not use (or care about) shared resources, or they
> +will be aware of the operations and adapt suitably after a restart.
> +The code above can also be used for "self" checkpoint.
> +
> +
> +You may find the following sample programs useful:
> +
> +* checkpoint.c: accepts a 'pid' and checkpoint that task to stdout
checkpoints
> +* self_checkpoint.c: a simple test program doing self-checkpoint
> +* self_restart.c: restarts a (self-) checkpoint image from stdin
> +
> +See also the utilities 'checkpoint' and 'restart' (from user-cr).
> +
> +
> +"External" checkpoint
> +=====================
> +
> +To do "external" checkpoint, you need to first freeze that other task
> +either using the freezer cgroup.
eh? cannot parse that.
> +
> +Restart does not preserve the original PID yet, (because we haven't
> +solved yet the fork-with-specific-pid issue). In a real scenario, you
> +probably want to first create a new names space, and have the init
namespace,
> +task there call 'sys_restart()'.
> +
> +I tested it this way:
...
---
~Randy
*** Remember to use Documentation/SubmitChecklist when testing your code ***
^ permalink raw reply [flat|nested] 137+ messages in thread* Re: [PATCH v21 020/100] c/r: documentation
2010-05-06 20:27 ` Randy Dunlap
@ 2010-05-07 6:54 ` Oren Laadan
0 siblings, 0 replies; 137+ messages in thread
From: Oren Laadan @ 2010-05-07 6:54 UTC (permalink / raw)
To: Randy Dunlap
Cc: Andrew Morton, containers, linux-kernel, Serge Hallyn,
Matt Helsley, Pavel Emelyanov, linux-api, linux-mm, linux-fsdevel,
netdev, Dave Hansen
Thanks for reading carefully through and pointing out
glitches and inconsistencies. I'll fix it for next post.
Oren.
On 05/06/2010 04:27 PM, Randy Dunlap wrote:
> On Sat, 1 May 2010 10:15:02 -0400 Oren Laadan wrote:
>
>> Covers application checkpoint/restart, overall design, interfaces,
>> usage, shared objects, and and checkpoint image format.
>>
>> Signed-off-by: Oren Laadan <orenl@cs.columbia.edu>
>> Signed-off-by: Dave Hansen <dave@linux.vnet.ibm.com>
>> Acked-by: Serge E. Hallyn <serue@us.ibm.com>
>> Tested-by: Serge E. Hallyn <serue@us.ibm.com>
>> ---
>> Documentation/checkpoint/checkpoint.c | 38 +++
>> Documentation/checkpoint/readme.txt | 370 ++++++++++++++++++++++++++++
>> Documentation/checkpoint/self_checkpoint.c | 69 +++++
>> Documentation/checkpoint/self_restart.c | 40 +++
>> Documentation/checkpoint/usage.txt | 247 +++++++++++++++++++
>> 5 files changed, 764 insertions(+), 0 deletions(-)
>> create mode 100644 Documentation/checkpoint/checkpoint.c
>> create mode 100644 Documentation/checkpoint/readme.txt
>> create mode 100644 Documentation/checkpoint/self_checkpoint.c
>> create mode 100644 Documentation/checkpoint/self_restart.c
>> create mode 100644 Documentation/checkpoint/usage.txt
>
>> diff --git a/Documentation/checkpoint/readme.txt b/Documentation/checkpoint/readme.txt
>> new file mode 100644
>> index 0000000..4fa5560
>> --- /dev/null
>> +++ b/Documentation/checkpoint/readme.txt
>> @@ -0,0 +1,370 @@
>> +
> ...
>> +In contrast, when checkpointing a subtree of a container it is up to
>> +the user to ensure that dependencies either don't exist or can be
>> +safely ignored. This is useful, for instance, for HPC scenarios or
>> +even a user that would like to periodically checkpoint a long-running
>
> who
>
>> +batch job.
>> +
> ...
>
>> +
>> +Checkpoint image format
>> +=======================
>> +
> ...
>
>> +
>> +The container configuration section containers information that is
>
> contains
>
>> +global to the container. Security (LSM) configuration is one example.
>> +Network configuration and container-wide mounts may also go here, so
>> +that the userspace restart coordinator can re-create a suitable
>> +environment.
>> +
> ...
>
>> +
>> +Then the state of all tasks is saved, in the order that they appear in
>> +the tasks array above. For each state, we save data like task_struct,
>> +namespaces, open files, memory layout, memory contents, cpu state,
>
> CPU (throughout, please)
>
>> +signals and signal handlers, etc. For resources that are shared among
>> +multiple processes, we first checkpoint said resource (and only once),
>> +and in the task data we give a reference to it. More about shared
>> +resources below.
>> +
> ...
>
>> +
>> +Shared objects
>> +==============
>> +
>> +Many resources may be shared by multiple tasks (e.g. file descriptors,
>> +memory address space, etc), or even have multiple references from
>
> etc.),
>
>> +other resources (e.g. a single inode that represents two ends of a
>> +pipe).
>> +
> ...
>
>> +Memory contents format
>> +======================
>> +
>> +The memory contents of a given memory address space (->mm) is dumped
>
> are (I think)
>
>> +as a sequence of vma objects, represented by 'struct ckpt_hdr_vma'.
>> +This header details the vma properties, and a reference to a file
>> +(if file backed) or an inode (or shared memory) object.
>> +
>> +The vma header is followed by the actual contents - but only those
>> +pages that need to be saved, i.e. dirty pages. They are written in
>> +chunks of data, where each chunks contains a header that indicates
>
> chunk
>
>> +that number of pages in the chunk, followed by an array of virtual
>
> the
>
>> +addresses and then an array of actual page contents. The last chunk
>> +holds zero pages.
>> +
> ...
>
>> +Kernel interfaces
>> +=================
>> +
>> +* To checkpoint a vma, the 'struct vm_operations_struct' needs to
>> + provide a method ->checkpoint:
>> + int checkpoint(struct ckpt_ctx *, struct vma_struct *)
>> + Restart requires a matching (exported) restore:
>> + int restore(struct ckpt_ctx *, struct mm_struct *, struct ckpt_hdr_vma *)
>> +
>> +* To checkpoint a file, the 'struct file_operations' needs to provide
>> + the methods ->checkpoint and ->collect:
>> + int checkpoint(struct ckpt_ctx *, struct file *)
>> + int collect(struct ckpt_ctx *, struct file *)
>> + Restart requires a matching (exported) restore:
>> + int restore(struct ckpt_ctx *, struct ckpt_hdr_file *)
>> + For most file systems, generic_file_{checkpoint,restore}() can be
>> + used.
>> +
>> +* To checkpoint a socket, the 'struct proto_ops' needs to provide
>
> To checkpoint/restart a socket,
>
>> + the methods ->checkpoint, ->collect and ->restore:
>> + int checkpoint(struct ckpt_ctx *ctx, struct socket *sock);
>> + int collect(struct ckpt_ctx *ctx, struct socket *sock);
>> + int restore(struct ckpt_ctx *, struct socket *sock, struct ckpt_hdr_socket *h)
>
>
>> diff --git a/Documentation/checkpoint/usage.txt b/Documentation/checkpoint/usage.txt
>> new file mode 100644
>> index 0000000..c6fc045
>> --- /dev/null
>> +++ b/Documentation/checkpoint/usage.txt
>> @@ -0,0 +1,247 @@
>> +
>> + How to use Checkpoint-Restart
>> + =========================================
>> +
>> +
>> +API
>> +===
>> +
>> +The API consists of three new system calls:
>> +
>> +* long checkpoint(pid_t pid, int fd, unsigned long flag, int logfd);
>
> flags,
>
>> +
>> + Checkpoint a (sub-)container whose root task is identified by @pid,
>> + to the open file indicated by @fd. If @logfd isn't -1, it indicates
>> + an open file to which error and debug messages are written. @flags
>> + may be one or more of:
>> + - CHECKPOINT_SUBTREE : allow checkpoint of sub-container
>> + (other value are not allowed).
>> +
>> + Returns: a positive checkpoint identifier (ckptid) upon success, 0 if
>> + it returns from a restart, and -1 if an error occurs. The ckptid will
>> + uniquely identify a checkpoint image, for as long as the checkpoint
>> + is kept in the kernel (e.g. if one wishes to keep a checkpoint, or a
>> + partial checkpoint, residing in kernel memory).
>> +
>> +* long sys_restart(pid_t pid, int fd, unsigned long flags, int logfd);
>> +
>> + Restart a process hierarchy from a checkpoint image that is read from
>> + the blob stored in the file indicated by @fd. If @logfd isn't -1, it
>> + indicates an open file to which error and debug messages are written.
>> + @flags will have future meaning (must be 0 for now). @pid indicates
>> + the root of the hierarchy as seen in the coordinator's pid-namespace,
>> + and is expected to be a child of the coordinator. @flags may be one
>> + or more of:
>> + - RESTART_TASKSELF : (self) restart of a single process
>> + - RESTART_FROEZN : processes remain frozen once restart completes
>
> FROZEN ?
>
>> + - RESTART_GHOST : process is a ghost (placeholder for a pid)
>
> about @flags: Above says both of these:
> a) @flags will have future meaning (must be 0 for now)
> b) @flags may be one or more of:
>
> so please decide which one it is ;)
>
>> + (Note that this argument may mean 'ckptid' to identify an in-kernel
>> + checkpoint image, with some @flags in the future).
>> +
>> + Returns: -1 if an error occurs, 0 on success when restarting from a
>> + "self" checkpoint, and return value of system call at the time of the
>> + checkpoint when restarting from an "external" checkpoint.
>> +
> ...
>> +
>> +Sysctl/proc
>> +===========
>> +
>> +/proc/sys/kernel/ckpt_unpriv_allowed [default = 1]
>> + controls whether c/r operation is allowed for unprivileged users
>
> C/R
>
>> +
>> +
>> +Operation
>> +=========
>> +
>> +The granularity of a checkpoint usually is a process hierarchy. The
>> +'pid' argument is interpreted in the caller's pid namespace. So to
>> +checkpoint a container whose init task (pid 1 in that pidns) appears
>> +as pid 3497 the caller's pidns, the caller must use pid 3497. Passing
>> +pid 1 will attempt to checkpoint the caller's container, and if the
>> +caller isn't privileged and init is owned by root, it will fail.
>> +
>> +Unless the CHECKPOINT_SUBTREE flag is set, if the caller passes a pid
>> +which does not refer to a container's init task, then sys_checkpoint()
>> +would return -EINVAL.
>
> returns -EINVAL.
>
> ...
>
>> +
>> +
>> +User tools
>> +==========
>> +
>> +* checkpoint(1): a tool to perform a checkpoint of a container/subtree
>> +* restart(1): a tool to restart a container/subtree
>> +* ckptinfo: a tool to examine a checkpoint image
>> +
>> +It is best to use the dedicated user tools for checkpoint and restart.
>> +
>> +If you insist, then here is a code snippet that illustrates how a
>> +checkpoint is initiated by a process inside a container - the logic is
>> +similar to fork():
>> + ...
>> + ckptid = checkpoint(0, ...);
>> + switch (crid) {
>
> (ckptid) ?
>
>> + case -1:
>> + perror("checkpoint failed");
>> + break;
>> + default:
>> + fprintf(stderr, "checkpoint succeeded, CRID=%d\n", ret);
>
> s/ret/ckptid/ ?
>
>> + /* proceed with execution after checkpoint */
>> + ...
>> + break;
>> + case 0:
>> + fprintf(stderr, "returned after restart\n");
>> + /* proceed with action required following a restart */
>> + ...
>> + break;
>> + }
>> + ...
>> +
>> +And to initiate a restart, the process in an empty container can use
>> +logic similar to execve():
>> + ...
>> + if (restart(pid, ...) < 0)
>> + perror("restart failed");
>> + /* only get here if restart failed */
>> + ...
>> +
>> +Note, that the code also supports "self" checkpoint, where a process
>
> Note that
>
>> +can checkpoint itself. This mode does not capture the relationships of
>> +the task with other tasks, or any shared resources. It is useful for
>> +application that wish to be able to save and restore their state.
>
> applications
>
>> +They will either not use (or care about) shared resources, or they
>> +will be aware of the operations and adapt suitably after a restart.
>> +The code above can also be used for "self" checkpoint.
>> +
>> +
>> +You may find the following sample programs useful:
>> +
>> +* checkpoint.c: accepts a 'pid' and checkpoint that task to stdout
>
> checkpoints
>
>> +* self_checkpoint.c: a simple test program doing self-checkpoint
>> +* self_restart.c: restarts a (self-) checkpoint image from stdin
>> +
>> +See also the utilities 'checkpoint' and 'restart' (from user-cr).
>> +
>> +
>> +"External" checkpoint
>> +=====================
>> +
>> +To do "external" checkpoint, you need to first freeze that other task
>> +either using the freezer cgroup.
>
> eh? cannot parse that.
>
>> +
>> +Restart does not preserve the original PID yet, (because we haven't
>> +solved yet the fork-with-specific-pid issue). In a real scenario, you
>> +probably want to first create a new names space, and have the init
>
> namespace,
>
>> +task there call 'sys_restart()'.
>> +
>> +I tested it this way:
>
> ...
>
> ---
> ~Randy
> *** Remember to use Documentation/SubmitChecklist when testing your code ***
>
^ permalink raw reply [flat|nested] 137+ messages in thread
* [PATCH v21 021/100] c/r: create syscalls: sys_checkpoint, sys_restart
2010-05-01 14:14 [PATCH v21 00/100] Kernel based checkpoint/restart Oren Laadan
` (19 preceding siblings ...)
2010-05-01 14:15 ` [PATCH v21 020/100] c/r: documentation Oren Laadan
@ 2010-05-01 14:15 ` Oren Laadan
2010-05-01 14:15 ` [PATCH v21 022/100] c/r: basic infrastructure for checkpoint/restart Oren Laadan
` (80 subsequent siblings)
101 siblings, 0 replies; 137+ messages in thread
From: Oren Laadan @ 2010-05-01 14:15 UTC (permalink / raw)
To: Andrew Morton
Cc: containers, linux-kernel, Serge Hallyn, Matt Helsley,
Pavel Emelyanov, Oren Laadan, linux-api, x86, linux-s390,
linuxppc-dev, Dave Hansen
Create trivial sys_checkpoint and sys_restore system calls. They will
enable to checkpoint and restart an entire container, to and from a
checkpoint image file descriptor.
The syscalls take a pid, a file descriptor (for the image file) and
flags as arguments. The pid identifies the top-most (root) task in the
process tree, e.g. the container init: for sys_checkpoint the first
argument identifies the pid of the target container/subtree; for
sys_restart it will identify the pid of restarting root task.
A checkpoint, much like a process coredump, dumps the state of multiple
processes at once, including the state of the container. The checkpoint
image is written to (and read from) the file descriptor directly from
the kernel. This way the data is generated and then pushed out naturally
as resources and tasks are scanned to save their state. This is the
approach taken by, e.g., Zap and OpenVZ.
By using a return value and not a file descriptor, we can distinguish
between a return from checkpoint, a return from restart (in case of a
checkpoint that includes self, i.e. a task checkpointing its own
container, or itself), and an error condition, in a manner analogous
to a fork() call.
We don't use copy_from_user()/copy_to_user() because it requires
holding the entire image in user space, and does not make sense for
restart. Also, we don't use a pipe, pseudo-fs file and the like,
because they work by generating data on demand as the user pulls it
(unless the entire image is buffered in the kernel) and would require
more complex logic. They also would significantly complicate
checkpoint that includes self.
Changelog[v21-rc3]:
- Reorganize code:move checkpoint/* to kernel/checkpoint/*
Changelog[v19-rc1]:
- Add 'int logfd' to prototype of sys_{checkpoint,restart}
Changelog[v18]:
- [John Dykstra] Fix no-dot-config-targets pattern in linux/Makefile
Changelog[v17]:
- Move checkpoint closer to namespaces (kconfig)
- Kill "Enable" in c/r config option
Changelog[v16]:
- Change sys_restart() first argument to be 'pid_t pid'
Changelog[v14]:
- Change CONFIG_CHEKCPOINT_RESTART to CONFIG_CHECKPOINT (Ingo)
- Remove line 'def_bool n' (default is already 'n')
- Add CHECKPOINT_SUPPORT in Kconfig (Nathan Lynch)
Changelog[v5]:
- Config is 'def_bool n' by default
Cc: linux-api@vger.kernel.org
Cc: x86@kernel.org
Cc: linux-s390@vger.kernel.org
Cc: linuxppc-dev@ozlabs.org
Signed-off-by: Oren Laadan <orenl@cs.columbia.edu>
Signed-off-by: Dave Hansen <dave@linux.vnet.ibm.com>
Acked-by: Serge E. Hallyn <serue@us.ibm.com>
Tested-by: Serge E. Hallyn <serue@us.ibm.com>
---
Makefile | 2 +-
arch/x86/Kconfig | 4 +++
arch/x86/include/asm/unistd_32.h | 4 ++-
arch/x86/kernel/syscall_table_32.S | 2 +
include/linux/syscalls.h | 4 +++
init/Kconfig | 2 +
kernel/Makefile | 1 +
kernel/checkpoint/Kconfig | 14 +++++++++++
kernel/checkpoint/Makefile | 5 ++++
kernel/checkpoint/sys.c | 45 ++++++++++++++++++++++++++++++++++++
kernel/sys_ni.c | 4 +++
11 files changed, 85 insertions(+), 2 deletions(-)
create mode 100644 kernel/checkpoint/Kconfig
create mode 100644 kernel/checkpoint/Makefile
create mode 100644 kernel/checkpoint/sys.c
diff --git a/Makefile b/Makefile
index fa1db90..93be4e1 100644
--- a/Makefile
+++ b/Makefile
@@ -409,7 +409,7 @@ endif
# of make so .config is not included in this case either (for *config).
no-dot-config-targets := clean mrproper distclean \
- cscope TAGS tags help %docs check% \
+ cscope TAGS tags help %docs checkstack \
include/linux/version.h headers_% \
kernelrelease kernelversion
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index 9458685..0874484 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -93,6 +93,10 @@ config STACKTRACE_SUPPORT
config HAVE_LATENCYTOP_SUPPORT
def_bool y
+config CHECKPOINT_SUPPORT
+ bool
+ default y if X86_32
+
config MMU
def_bool y
diff --git a/arch/x86/include/asm/unistd_32.h b/arch/x86/include/asm/unistd_32.h
index e543b0e..007d7cd 100644
--- a/arch/x86/include/asm/unistd_32.h
+++ b/arch/x86/include/asm/unistd_32.h
@@ -344,10 +344,12 @@
#define __NR_perf_event_open 336
#define __NR_recvmmsg 337
#define __NR_eclone 338
+#define __NR_checkpoint 339
+#define __NR_restart 340
#ifdef __KERNEL__
-#define NR_syscalls 339
+#define NR_syscalls 341
#define __ARCH_WANT_IPC_PARSE_VERSION
#define __ARCH_WANT_OLD_READDIR
diff --git a/arch/x86/kernel/syscall_table_32.S b/arch/x86/kernel/syscall_table_32.S
index 0c92570..2d5a6b0 100644
--- a/arch/x86/kernel/syscall_table_32.S
+++ b/arch/x86/kernel/syscall_table_32.S
@@ -338,3 +338,5 @@ ENTRY(sys_call_table)
.long sys_perf_event_open
.long sys_recvmmsg
.long ptregs_eclone
+ .long sys_checkpoint
+ .long sys_restart /* 340 */
diff --git a/include/linux/syscalls.h b/include/linux/syscalls.h
index 057929b..d1d1703 100644
--- a/include/linux/syscalls.h
+++ b/include/linux/syscalls.h
@@ -834,6 +834,10 @@ asmlinkage long sys_pselect6(int, fd_set __user *, fd_set __user *,
asmlinkage long sys_ppoll(struct pollfd __user *, unsigned int,
struct timespec __user *, const sigset_t __user *,
size_t);
+asmlinkage long sys_checkpoint(pid_t pid, int fd, unsigned long flags,
+ int logfd);
+asmlinkage long sys_restart(pid_t pid, int fd, unsigned long flags,
+ int logfd);
int kernel_execve(const char *filename, char *const argv[], char *const envp[]);
diff --git a/init/Kconfig b/init/Kconfig
index bd8174f..2345902 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -715,6 +715,8 @@ config NET_NS
Allow user space to create what appear to be multiple instances
of the network stack.
+source "kernel/checkpoint/Kconfig"
+
config BLK_DEV_INITRD
bool "Initial RAM filesystem and RAM disk (initramfs/initrd) support"
depends on BROKEN || !FRV
diff --git a/kernel/Makefile b/kernel/Makefile
index a987aa1..1b78cca 100644
--- a/kernel/Makefile
+++ b/kernel/Makefile
@@ -105,6 +105,7 @@ obj-$(CONFIG_PERF_EVENTS) += perf_event.o
obj-$(CONFIG_HAVE_HW_BREAKPOINT) += hw_breakpoint.o
obj-$(CONFIG_USER_RETURN_NOTIFIER) += user-return-notifier.o
obj-$(CONFIG_PADATA) += padata.o
+obj-$(CONFIG_CHECKPOINT) += checkpoint/
ifneq ($(CONFIG_SCHED_OMIT_FRAME_POINTER),y)
# According to Alan Modra <alan@linuxcare.com.au>, the -fno-omit-frame-pointer is
diff --git a/kernel/checkpoint/Kconfig b/kernel/checkpoint/Kconfig
new file mode 100644
index 0000000..ef7d406
--- /dev/null
+++ b/kernel/checkpoint/Kconfig
@@ -0,0 +1,14 @@
+# Architectures should define CHECKPOINT_SUPPORT when they have
+# implemented the hooks for processor state etc. needed by the
+# core checkpoint/restart code.
+
+config CHECKPOINT
+ bool "Checkpoint/restart (EXPERIMENTAL)"
+ depends on CHECKPOINT_SUPPORT && EXPERIMENTAL
+ help
+ Application checkpoint/restart is the ability to save the
+ state of a running application so that it can later resume
+ its execution from the time at which it was checkpointed.
+
+ Turning this option on will enable checkpoint and restart
+ functionality in the kernel.
diff --git a/kernel/checkpoint/Makefile b/kernel/checkpoint/Makefile
new file mode 100644
index 0000000..8a32c6f
--- /dev/null
+++ b/kernel/checkpoint/Makefile
@@ -0,0 +1,5 @@
+#
+# Makefile for linux checkpoint/restart.
+#
+
+obj-$(CONFIG_CHECKPOINT) += sys.o
diff --git a/kernel/checkpoint/sys.c b/kernel/checkpoint/sys.c
new file mode 100644
index 0000000..a81750a
--- /dev/null
+++ b/kernel/checkpoint/sys.c
@@ -0,0 +1,45 @@
+/*
+ * Generic container checkpoint-restart
+ *
+ * Copyright (C) 2008-2009 Oren Laadan
+ *
+ * This file is subject to the terms and conditions of the GNU General Public
+ * License. See the file COPYING in the main directory of the Linux
+ * distribution for more details.
+ */
+
+#include <linux/sched.h>
+#include <linux/kernel.h>
+#include <linux/syscalls.h>
+
+/**
+ * sys_checkpoint - checkpoint a container
+ * @pid: pid of the container init(1) process
+ * @fd: file to which dump the checkpoint image
+ * @flags: checkpoint operation flags
+ * @logfd: fd to which to dump debug and error messages
+ *
+ * Returns positive identifier on success, 0 when returning from restart
+ * or negative value on error
+ */
+SYSCALL_DEFINE4(checkpoint, pid_t, pid, int, fd,
+ unsigned long, flags, int, logfd)
+{
+ return -ENOSYS;
+}
+
+/**
+ * sys_restart - restart a container
+ * @pid: pid of task root (in coordinator's namespace), or 0
+ * @fd: file from which read the checkpoint image
+ * @flags: restart operation flags
+ * @logfd: fd to which to dump debug and error messages
+ *
+ * Returns negative value on error, or otherwise returns in the realm
+ * of the original checkpoint
+ */
+SYSCALL_DEFINE4(restart, pid_t, pid, int, fd,
+ unsigned long, flags, int, logfd)
+{
+ return -ENOSYS;
+}
diff --git a/kernel/sys_ni.c b/kernel/sys_ni.c
index 70f2ea7..0206aca 100644
--- a/kernel/sys_ni.c
+++ b/kernel/sys_ni.c
@@ -181,3 +181,7 @@ cond_syscall(sys_eventfd2);
/* performance counters: */
cond_syscall(sys_perf_event_open);
+
+/* checkpoint/restart */
+cond_syscall(sys_checkpoint);
+cond_syscall(sys_restart);
--
1.6.3.3
^ permalink raw reply related [flat|nested] 137+ messages in thread* [PATCH v21 022/100] c/r: basic infrastructure for checkpoint/restart
2010-05-01 14:14 [PATCH v21 00/100] Kernel based checkpoint/restart Oren Laadan
` (20 preceding siblings ...)
2010-05-01 14:15 ` [PATCH v21 021/100] c/r: create syscalls: sys_checkpoint, sys_restart Oren Laadan
@ 2010-05-01 14:15 ` Oren Laadan
2010-05-01 14:15 ` [PATCH v21 023/100] c/r: x86_32 support " Oren Laadan
` (79 subsequent siblings)
101 siblings, 0 replies; 137+ messages in thread
From: Oren Laadan @ 2010-05-01 14:15 UTC (permalink / raw)
To: Andrew Morton
Cc: containers, linux-kernel, Serge Hallyn, Matt Helsley,
Pavel Emelyanov, Oren Laadan, linux-mm, linux-fsdevel, netdev
Add those interfaces, as well as helpers needed to easily manage the
file format. The code is roughly broken out as follows:
kernel/checkpoint/sys.c - user/kernel data transfer, as well as setup
of the c/r context (a per-checkpoint data structure for housekeeping)
kernel/checkpoint/checkpoint.c - output wrappers and checkpoint handling
kernel/checkpoint/restart.c - input wrappers and restart handling
kernel/checkpoint/process.c - c/r of task data
For now, we can only checkpoint the 'current' task ("self" checkpoint),
and the 'pid' argument to the syscall is ignored.
Patches to add the per-architecture support as well as the actual
work to do the memory checkpoint follow in subsequent patches.
Changelog[v21]:
- Complain if checkpoint_hdr.h included without CONFIG_CHECKPOINT
- Do not include checkpoint_hdr.h explicitly
- Consolidate ckpt_read/write with kernel_read/write
- Reorganize code:move checkpoint/* to kernel/checkpoint/*
- [Christoffer Dall] Fix trivial bug in ckpt_msg macro
Changelog[v20]:
- Export key symbols to enable c/r from kernel modules
Changelog[v19]:
- [Serge Hallyn] Use ckpt_err() to for bad header values
Changelog[v19-rc3]:
- sys_{checkpoint,restart} to use ptregs prototype
Changelog[v19-rc1]:
- Set ctx->errno in do_ckpt_msg() if needed
- Document prototype of ckpt_write_err in header
- Update prototype of ckpt_read_obj()
- Fix up headers so we can munge them for use by userspace
- [Matt Helsley] Check for empty string for _ckpt_write_err()
- [Matt Helsley] Add cpp definitions for enums
- [Serge Hallyn] Add global section container to image format
- [Matt Helsley] Fix total byte read/write count for large images
- ckpt_read_buf_type() to accept max payload (excludes ckpt_hdr)
- [Serge Hallyn] Define new api for error and debug logging
- Use logfd in sys_{checkpoint,restart}
Changelog[v18]:
- Detect error-headers in input data on restart, and abort.
- Standard format for checkpoint error strings (and documentation)
- [Matt Helsley] Rename headerless struct ckpt_hdr_* to struct ckpt_*
- [Dan Smith] Add an errno validation function
- Add ckpt_read_payload(): read a variable-length object (no header)
- Add ckpt_read_string(): same for strings (ensures null-terminated)
- Add ckpt_read_consume(): consumes next object without processing
Changelog[v17]:
- Fix compilation for architectures that don't support checkpoint
- Save/restore t->{set,clear}_child_tid
- Restart(2) isn't idempotent: must return -EINTR if interrupted
- ckpt_debug does not depend on DYNAMIC_DEBUG, on by default
- Export generic checkpoint headers to userespace
- Fix comment for prototype of sys_restart
- Have ckpt_debug() print global-pid and __LINE__
- Only save and test kernel constants once (in header)
Changelog[v16]:
- Split ctx->flags to ->uflags (user flags) and ->kflags (kernel flags)
- Introduce __ckpt_write_err() and ckpt_write_err() to report errors
- Allow @ptr == NULL to write (or read) header only without payload
- Introduce _ckpt_read_obj_type()
Changelog[v15]:
- Replace header buffer in ckpt_ctx (hbuf,hpos) with kmalloc/kfree()
Changelog[v14]:
- Cleanup interface to get/put hdr buffers
- Merge checkpoint and restart code into a single file (per subsystem)
- Take uts_sem around access to uts->{release,version,machine}
- Embed ckpt_hdr in all ckpt_hdr_...., cleanup read/write helpers
- Define sys_checkpoint(0,...) as asking for a self-checkpoint (Serge)
- Revert use of 'pr_fmt' to avoid tainting whom includes us (Nathan Lynch)
- Explicitly indicate length of UTS fields in header
- Discard field 'h->parent' from ckpt_hdr
Changelog[v12]:
- ckpt_kwrite/ckpt_kread() again use vfs_read(), vfs_write() (safer)
- Split ckpt_write/ckpt_read() to two parts: _ckpt_write/read() helper
- Befriend with sparse : explicit conversion to 'void __user *'
- Redfine 'pr_fmt' instead of using special ckpt_debug()
Changelog[v10]:
- add ckpt_write_buffer(), ckpt_read_buffer() and ckpt_read_buf_type()
- force end-of-string in ckpt_read_string() (fix possible DoS)
Changelog[v9]:
- ckpt_kwrite/ckpt_kread() use file->f_op->write() directly
- Drop ckpt_uwrite/ckpt_uread() since they aren't used anywhere
Changelog[v6]:
- Balance all calls to ckpt_hbuf_get() with matching ckpt_hbuf_put()
(although it's not really needed)
Changelog[v5]:
- Rename headers files s/ckpt/checkpoint/
Changelog[v2]:
- Added utsname->{release,version,machine} to checkpoint header
- Pad header structures to 64 bits to ensure compatibility
Cc: linux-mm@kvack.org
Cc: linux-fsdevel@vger.kernel.org
Cc: netdev@vger.kernel.org
Signed-off-by: Oren Laadan <orenl@cs.columbia.edu>
Acked-by: Serge E. Hallyn <serue@us.ibm.com>
Tested-by: Serge E. Hallyn <serue@us.ibm.com>
---
arch/x86/include/asm/unistd_32.h | 2 -
arch/x86/kernel/syscall_table_32.S | 2 -
include/linux/Kbuild | 3 +
include/linux/checkpoint.h | 202 ++++++++++++++++
include/linux/checkpoint_hdr.h | 135 +++++++++++
include/linux/checkpoint_types.h | 44 ++++
include/linux/magic.h | 3 +
include/linux/syscalls.h | 4 -
kernel/checkpoint/Makefile | 6 +-
kernel/checkpoint/checkpoint.c | 213 +++++++++++++++++
kernel/checkpoint/process.c | 101 ++++++++
kernel/checkpoint/restart.c | 460 +++++++++++++++++++++++++++++++++++
kernel/checkpoint/sys.c | 461 +++++++++++++++++++++++++++++++++++-
lib/Kconfig.debug | 13 +
14 files changed, 1632 insertions(+), 17 deletions(-)
create mode 100644 include/linux/checkpoint.h
create mode 100644 include/linux/checkpoint_hdr.h
create mode 100644 include/linux/checkpoint_types.h
create mode 100644 kernel/checkpoint/checkpoint.c
create mode 100644 kernel/checkpoint/process.c
create mode 100644 kernel/checkpoint/restart.c
diff --git a/arch/x86/include/asm/unistd_32.h b/arch/x86/include/asm/unistd_32.h
index 007d7cd..cb67842 100644
--- a/arch/x86/include/asm/unistd_32.h
+++ b/arch/x86/include/asm/unistd_32.h
@@ -344,8 +344,6 @@
#define __NR_perf_event_open 336
#define __NR_recvmmsg 337
#define __NR_eclone 338
-#define __NR_checkpoint 339
-#define __NR_restart 340
#ifdef __KERNEL__
diff --git a/arch/x86/kernel/syscall_table_32.S b/arch/x86/kernel/syscall_table_32.S
index 2d5a6b0..0c92570 100644
--- a/arch/x86/kernel/syscall_table_32.S
+++ b/arch/x86/kernel/syscall_table_32.S
@@ -338,5 +338,3 @@ ENTRY(sys_call_table)
.long sys_perf_event_open
.long sys_recvmmsg
.long ptregs_eclone
- .long sys_checkpoint
- .long sys_restart /* 340 */
diff --git a/include/linux/Kbuild b/include/linux/Kbuild
index e2ea0b2..71bb8d1 100644
--- a/include/linux/Kbuild
+++ b/include/linux/Kbuild
@@ -45,6 +45,9 @@ header-y += bsg.h
header-y += can.h
header-y += cciss_defs.h
header-y += cdk.h
+header-y += checkpoint.h
+header-y += checkpoint_hdr.h
+header-y += checkpoint_types.h
header-y += chio.h
header-y += coda_psdev.h
header-y += coff.h
diff --git a/include/linux/checkpoint.h b/include/linux/checkpoint.h
new file mode 100644
index 0000000..4bb5b8d
--- /dev/null
+++ b/include/linux/checkpoint.h
@@ -0,0 +1,202 @@
+#ifndef _LINUX_CHECKPOINT_H_
+#define _LINUX_CHECKPOINT_H_
+/*
+ * Generic checkpoint-restart
+ *
+ * Copyright (C) 2008-2009 Oren Laadan
+ *
+ * This file is subject to the terms and conditions of the GNU General Public
+ * License. See the file COPYING in the main directory of the Linux
+ * distribution for more details.
+ */
+
+#define CHECKPOINT_VERSION 3
+
+/* misc user visible */
+#define CHECKPOINT_FD_NONE -1
+
+#ifdef __KERNEL__
+#ifdef CONFIG_CHECKPOINT
+
+#include <linux/checkpoint_types.h>
+#include <linux/checkpoint_hdr.h>
+#include <linux/err.h>
+
+/* sycall helpers */
+extern long do_sys_checkpoint(pid_t pid, int fd,
+ unsigned long flags, int logfd);
+extern long do_sys_restart(pid_t pid, int fd,
+ unsigned long flags, int logfd);
+
+/* ckpt_ctx: kflags */
+#define CKPT_CTX_CHECKPOINT_BIT 0
+#define CKPT_CTX_RESTART_BIT 1
+#define CKPT_CTX_ERROR_BIT 3
+
+#define CKPT_CTX_CHECKPOINT (1 << CKPT_CTX_CHECKPOINT_BIT)
+#define CKPT_CTX_RESTART (1 << CKPT_CTX_RESTART_BIT)
+#define CKPT_CTX_ERROR (1 << CKPT_CTX_ERROR_BIT)
+
+
+extern int ckpt_kwrite(struct ckpt_ctx *ctx, void *buf, size_t count);
+extern int ckpt_kread(struct ckpt_ctx *ctx, void *buf, size_t count);
+
+extern void _ckpt_hdr_put(struct ckpt_ctx *ctx, void *ptr, int n);
+extern void ckpt_hdr_put(struct ckpt_ctx *ctx, void *ptr);
+extern void *ckpt_hdr_get(struct ckpt_ctx *ctx, int n);
+extern void *ckpt_hdr_get_type(struct ckpt_ctx *ctx, int n, int type);
+
+extern int ckpt_write_obj(struct ckpt_ctx *ctx, struct ckpt_hdr *h);
+extern int ckpt_write_obj_type(struct ckpt_ctx *ctx,
+ void *ptr, int len, int type);
+extern int ckpt_write_buffer(struct ckpt_ctx *ctx, void *ptr, int len);
+extern int ckpt_write_string(struct ckpt_ctx *ctx, char *str, int len);
+
+extern int _ckpt_read_obj_type(struct ckpt_ctx *ctx,
+ void *ptr, int len, int type);
+extern int _ckpt_read_buffer(struct ckpt_ctx *ctx, void *ptr, int len);
+extern int _ckpt_read_string(struct ckpt_ctx *ctx, void *ptr, int len);
+extern void *ckpt_read_obj_type(struct ckpt_ctx *ctx, int len, int type);
+extern void *ckpt_read_buf_type(struct ckpt_ctx *ctx, int max, int type);
+extern int ckpt_read_payload(struct ckpt_ctx *ctx,
+ void **ptr, int max, int type);
+extern char *ckpt_read_string(struct ckpt_ctx *ctx, int max);
+extern int ckpt_read_consume(struct ckpt_ctx *ctx, int len, int type);
+
+extern long do_checkpoint(struct ckpt_ctx *ctx, pid_t pid);
+extern long do_restart(struct ckpt_ctx *ctx, pid_t pid);
+
+/* task */
+extern int checkpoint_task(struct ckpt_ctx *ctx, struct task_struct *t);
+extern int restore_task(struct ckpt_ctx *ctx);
+
+static inline int ckpt_validate_errno(int errno)
+{
+ return (errno >= 0) && (errno < MAX_ERRNO);
+}
+
+/* debugging flags */
+#define CKPT_DBASE 0x1 /* anything */
+#define CKPT_DSYS 0x2 /* generic (system) */
+#define CKPT_DRW 0x4 /* image read/write */
+
+#define CKPT_DDEFAULT 0xffff /* default debug level */
+
+#ifndef CKPT_DFLAG
+#define CKPT_DFLAG 0xffff /* everything */
+#endif
+
+#ifdef CONFIG_CHECKPOINT_DEBUG
+extern unsigned long ckpt_debug_level;
+
+/*
+ * This is deprecated
+ */
+/* use this to select a specific debug level */
+#define _ckpt_debug(level, fmt, args...) \
+ do { \
+ if (ckpt_debug_level & (level)) \
+ printk(KERN_DEBUG "[%d:%d:c/r:%s:%d] " fmt, \
+ current->pid, \
+ current->nsproxy ? \
+ task_pid_vnr(current) : -1, \
+ __func__, __LINE__, ## args); \
+ } while (0)
+
+/*
+ * CKPT_DBASE is the base flags, doesn't change
+ * CKPT_DFLAG is to be redfined in each source file
+ */
+#define ckpt_debug(fmt, args...) \
+ _ckpt_debug(CKPT_DBASE | CKPT_DFLAG, fmt, ## args)
+
+#else
+
+/*
+ * This is deprecated
+ */
+#define _ckpt_debug(level, fmt, args...) do { } while (0)
+#define ckpt_debug(fmt, args...) do { } while (0)
+
+#endif /* CONFIG_CHECKPOINT_DEBUG */
+
+/*
+ * prototypes for the new logging api
+ */
+
+extern void ckpt_msg_lock(struct ckpt_ctx *ctx);
+extern void ckpt_msg_unlock(struct ckpt_ctx *ctx);
+
+extern void _do_ckpt_msg(struct ckpt_ctx *ctx, int err, char *fmt, ...);
+extern void do_ckpt_msg(struct ckpt_ctx *ctx, int err, char *fmt, ...);
+
+/*
+ * Append formatted msg to ctx->msg[ctx->msg_len].
+ * Must be called after expanding format.
+ * May be called under spinlock.
+ * Must be called under ckpt_msg_lock().
+ */
+extern void _ckpt_msg_append(struct ckpt_ctx *ctx, char *fmt, ...);
+
+/*
+ * Write ctx->msg to all relevant places.
+ * Must not be called under spinlock.
+ * Must be called under ckpt_msg_lock().
+ */
+extern void _ckpt_msg_complete(struct ckpt_ctx *ctx);
+
+/*
+ * Append an enhanced formatted message to ctx->msg.
+ * This will not write the message out to the applicable files, so
+ * the caller will have to use _ckpt_msg_complete() to finish up.
+ * @ctx must be a valid checkpoint context.
+ * @fmt is the extended format
+ *
+ * Must be called with ckpt_msg_lock held.
+ */
+#define _ckpt_msg(ctx, fmt, args...) do { \
+ _do_ckpt_msg(ctx, 0, fmt, ##args); \
+} while (0)
+
+/*
+ * Append an enhanced formatted message to ctx->msg.
+ * This will take the ckpt_msg_lock and also write the message out
+ * to the applicable files by calling _ckpt_msg_complete().
+ * @ctx must be a valid checkpoint context.
+ * @fmt is the extended format
+ *
+ * Must not be called under spinlock.
+ */
+#define ckpt_msg(ctx, fmt, args...) do { \
+ do_ckpt_msg(ctx, 0, fmt, ##args); \
+} while (0)
+
+/*
+ * Report an error.
+ * This will take the ckpt_msg_lock and also write the message out
+ * to the applicable files by calling _ckpt_msg_complete().
+ * @ctx must be a valid checkpoint context.
+ * @err is the error value
+ * @fmt is the extended format
+ *
+ * Must not be called under spinlock.
+ */
+
+#define ckpt_err(ctx, err, fmt, args...) do { \
+ do_ckpt_msg(ctx, err, "[E @ %s:%d]" fmt, __func__, __LINE__, ##args); \
+} while (0)
+
+/*
+ * Same as ckpt_err() but
+ * must be called with ctx->msg_mutex held
+ * can be called under spinlock
+ * must be followed by a call to _ckpt_msg_complete()
+ */
+#define _ckpt_err(ctx, err, fmt, args...) do { \
+ _do_ckpt_msg(ctx, err, "[E @ %s:%d]" fmt, __func__, __LINE__, ##args); \
+} while (0)
+
+#endif /* CONFIG_CHECKPOINT */
+#endif /* __KERNEL__ */
+
+#endif /* _LINUX_CHECKPOINT_H_ */
diff --git a/include/linux/checkpoint_hdr.h b/include/linux/checkpoint_hdr.h
new file mode 100644
index 0000000..7ccebc7
--- /dev/null
+++ b/include/linux/checkpoint_hdr.h
@@ -0,0 +1,135 @@
+#ifndef _CHECKPOINT_CKPT_HDR_H_
+#define _CHECKPOINT_CKPT_HDR_H_
+/*
+ * Generic container checkpoint-restart
+ *
+ * Copyright (C) 2008-2010 Oren Laadan
+ *
+ * This file is subject to the terms and conditions of the GNU General Public
+ * License. See the file COPYING in the main directory of the Linux
+ * distribution for more details.
+ */
+
+#ifndef __KERNEL__
+#include <sys/types.h>
+#include <linux/types.h>
+#endif
+
+#ifdef __KERNEL__
+#include <linux/types.h>
+
+#ifndef CONFIG_CHECKPOINT
+#error linux/checkpoint_hdr.h included directly (without CONFIG_CHECKPOINT)
+#endif
+
+#endif
+
+#include <linux/utsname.h>
+
+/*
+ * To maintain compatibility between 32-bit and 64-bit architecture flavors,
+ * keep data 64-bit aligned: use padding for structure members, and use
+ * __attribute__((aligned (8))) for the entire structure.
+ *
+ * Quoting Arnd Bergmann:
+ * "This structure has an odd multiple of 32-bit members, which means
+ * that if you put it into a larger structure that also contains 64-bit
+ * members, the larger structure may get different alignment on x86-32
+ * and x86-64, which you might want to avoid. I can't tell if this is
+ * an actual problem here. ... In this case, I'm pretty sure that
+ * sizeof(ckpt_hdr_task) on x86-32 is different from x86-64, since it
+ * will be 32-bit aligned on x86-32."
+ */
+
+/*
+ * header format: 'struct ckpt_hdr' must prefix all other headers. Therfore
+ * when a header is passed around, the information about it (type, size)
+ * is readily available. Structs that include a struct ckpt_hdr are named
+ * struct ckpt_hdr_* by convention (usualy the struct ckpt_hdr is the first
+ * member).
+ */
+struct ckpt_hdr {
+ __u32 type;
+ __u32 len;
+} __attribute__((aligned(8)));
+
+/* header types */
+enum {
+ CKPT_HDR_HEADER = 1,
+#define CKPT_HDR_HEADER CKPT_HDR_HEADER
+ CKPT_HDR_CONTAINER,
+#define CKPT_HDR_CONTAINER CKPT_HDR_CONTAINER
+ CKPT_HDR_BUFFER,
+#define CKPT_HDR_BUFFER CKPT_HDR_BUFFER
+ CKPT_HDR_STRING,
+#define CKPT_HDR_STRING CKPT_HDR_STRING
+
+ CKPT_HDR_TASK = 101,
+#define CKPT_HDR_TASK CKPT_HDR_TASK
+
+ CKPT_HDR_TAIL = 9001,
+#define CKPT_HDR_TAIL CKPT_HDR_TAIL
+
+ CKPT_HDR_ERROR = 9999,
+#define CKPT_HDR_ERROR CKPT_HDR_ERROR
+};
+
+/* kernel constants */
+struct ckpt_const {
+ /* task */
+ __u16 task_comm_len;
+ /* uts */
+ __u16 uts_release_len;
+ __u16 uts_version_len;
+ __u16 uts_machine_len;
+} __attribute__((aligned(8)));
+
+/* checkpoint image header */
+struct ckpt_hdr_header {
+ struct ckpt_hdr h;
+ __u64 magic;
+
+ __u16 _padding;
+
+ __u16 major;
+ __u16 minor;
+ __u16 patch;
+ __u16 rev;
+
+ struct ckpt_const constants;
+
+ __u64 time; /* when checkpoint taken */
+ __u64 uflags; /* uflags from checkpoint */
+
+ /*
+ * the header is followed by three strings:
+ * char release[const.uts_release_len];
+ * char version[const.uts_version_len];
+ * char machine[const.uts_machine_len];
+ */
+} __attribute__((aligned(8)));
+
+/* checkpoint image trailer */
+struct ckpt_hdr_tail {
+ struct ckpt_hdr h;
+ __u64 magic;
+} __attribute__((aligned(8)));
+
+/* container configuration section header */
+struct ckpt_hdr_container {
+ struct ckpt_hdr h;
+} __attribute__((aligned(8)));;
+
+/* task data */
+struct ckpt_hdr_task {
+ struct ckpt_hdr h;
+ __u32 state;
+ __u32 exit_state;
+ __u32 exit_code;
+ __u32 exit_signal;
+
+ __u64 set_child_tid;
+ __u64 clear_child_tid;
+} __attribute__((aligned(8)));
+
+#endif /* _CHECKPOINT_CKPT_HDR_H_ */
diff --git a/include/linux/checkpoint_types.h b/include/linux/checkpoint_types.h
new file mode 100644
index 0000000..13d6dd5
--- /dev/null
+++ b/include/linux/checkpoint_types.h
@@ -0,0 +1,44 @@
+#ifndef _LINUX_CHECKPOINT_TYPES_H_
+#define _LINUX_CHECKPOINT_TYPES_H_
+/*
+ * Generic checkpoint-restart
+ *
+ * Copyright (C) 2008-2009 Oren Laadan
+ *
+ * This file is subject to the terms and conditions of the GNU General Public
+ * License. See the file COPYING in the main directory of the Linux
+ * distribution for more details.
+ */
+
+#ifdef __KERNEL__
+
+#include <linux/fs.h>
+
+struct ckpt_ctx {
+ int crid; /* unique checkpoint id */
+
+ pid_t root_pid; /* container identifier */
+
+ unsigned long kflags; /* kerenl flags */
+ unsigned long uflags; /* user flags */
+ unsigned long oflags; /* restart: uflags from checkpoint */
+
+ struct file *file; /* input/output file */
+ struct file *logfile; /* status/debug log file */
+ loff_t total; /* total read/written */
+
+ struct task_struct *tsk;/* checkpoint: current target task */
+ char err_string[256]; /* checkpoint: error string */
+
+ int errno; /* errno that caused failure */
+
+#define CKPT_MSG_LEN 1024
+ char fmt[CKPT_MSG_LEN];
+ char msg[CKPT_MSG_LEN];
+ int msglen;
+ struct mutex msg_mutex;
+};
+
+#endif /* __KERNEL__ */
+
+#endif /* _LINUX_CHECKPOINT_TYPES_H_ */
diff --git a/include/linux/magic.h b/include/linux/magic.h
index eb9800f..e04117a 100644
--- a/include/linux/magic.h
+++ b/include/linux/magic.h
@@ -58,4 +58,7 @@
#define DEVPTS_SUPER_MAGIC 0x1cd1
#define SOCKFS_MAGIC 0x534F434B
+#define CHECKPOINT_MAGIC_HEAD 0x00feed0cc0a2d200LL
+#define CHECKPOINT_MAGIC_TAIL 0x002d2a0cc0deef00LL
+
#endif /* __LINUX_MAGIC_H__ */
diff --git a/include/linux/syscalls.h b/include/linux/syscalls.h
index d1d1703..057929b 100644
--- a/include/linux/syscalls.h
+++ b/include/linux/syscalls.h
@@ -834,10 +834,6 @@ asmlinkage long sys_pselect6(int, fd_set __user *, fd_set __user *,
asmlinkage long sys_ppoll(struct pollfd __user *, unsigned int,
struct timespec __user *, const sigset_t __user *,
size_t);
-asmlinkage long sys_checkpoint(pid_t pid, int fd, unsigned long flags,
- int logfd);
-asmlinkage long sys_restart(pid_t pid, int fd, unsigned long flags,
- int logfd);
int kernel_execve(const char *filename, char *const argv[], char *const envp[]);
diff --git a/kernel/checkpoint/Makefile b/kernel/checkpoint/Makefile
index 8a32c6f..99364cc 100644
--- a/kernel/checkpoint/Makefile
+++ b/kernel/checkpoint/Makefile
@@ -2,4 +2,8 @@
# Makefile for linux checkpoint/restart.
#
-obj-$(CONFIG_CHECKPOINT) += sys.o
+obj-$(CONFIG_CHECKPOINT) += \
+ sys.o \
+ checkpoint.o \
+ restart.o \
+ process.o
diff --git a/kernel/checkpoint/checkpoint.c b/kernel/checkpoint/checkpoint.c
new file mode 100644
index 0000000..75b43e6
--- /dev/null
+++ b/kernel/checkpoint/checkpoint.c
@@ -0,0 +1,213 @@
+/*
+ * Checkpoint logic and helpers
+ *
+ * Copyright (C) 2008-2009 Oren Laadan
+ *
+ * This file is subject to the terms and conditions of the GNU General Public
+ * License. See the file COPYING in the main directory of the Linux
+ * distribution for more details.
+ */
+
+/* default debug level for output */
+#define CKPT_DFLAG CKPT_DSYS
+
+#include <linux/version.h>
+#include <linux/module.h>
+#include <linux/time.h>
+#include <linux/fs.h>
+#include <linux/file.h>
+#include <linux/dcache.h>
+#include <linux/mount.h>
+#include <linux/utsname.h>
+#include <linux/magic.h>
+#include <linux/checkpoint.h>
+
+/* unique checkpoint identifier (FIXME: should be per-container ?) */
+static atomic_t ctx_count = ATOMIC_INIT(0);
+
+/**
+ * ckpt_write_obj - write an object
+ * @ctx: checkpoint context
+ * @h: object descriptor
+ */
+int ckpt_write_obj(struct ckpt_ctx *ctx, struct ckpt_hdr *h)
+{
+ _ckpt_debug(CKPT_DRW, "type %d len %d\n", h->type, h->len);
+ return ckpt_kwrite(ctx, h, h->len);
+}
+EXPORT_SYMBOL(ckpt_write_obj);
+
+/**
+ * ckpt_write_obj_type - write an object (from a pointer)
+ * @ctx: checkpoint context
+ * @ptr: buffer pointer
+ * @len: buffer size
+ * @type: desired type
+ *
+ * If @ptr is NULL, then write only the header (payload to follow)
+ */
+int ckpt_write_obj_type(struct ckpt_ctx *ctx, void *ptr, int len, int type)
+{
+ struct ckpt_hdr *h;
+ int ret;
+
+ h = ckpt_hdr_get(ctx, sizeof(*h));
+ if (!h)
+ return -ENOMEM;
+
+ h->type = type;
+ h->len = len + sizeof(*h);
+
+ _ckpt_debug(CKPT_DRW, "type %d len %d\n", h->type, h->len);
+ ret = ckpt_kwrite(ctx, h, sizeof(*h));
+ if (ret < 0)
+ goto out;
+ if (ptr)
+ ret = ckpt_kwrite(ctx, ptr, len);
+ out:
+ _ckpt_hdr_put(ctx, h, sizeof(*h));
+ return ret;
+}
+EXPORT_SYMBOL(ckpt_write_obj_type);
+
+/**
+ * ckpt_write_buffer - write an object of type buffer
+ * @ctx: checkpoint context
+ * @ptr: buffer pointer
+ * @len: buffer size
+ */
+int ckpt_write_buffer(struct ckpt_ctx *ctx, void *ptr, int len)
+{
+ return ckpt_write_obj_type(ctx, ptr, len, CKPT_HDR_BUFFER);
+}
+EXPORT_SYMBOL(ckpt_write_buffer);
+
+/**
+ * ckpt_write_string - write an object of type string
+ * @ctx: checkpoint context
+ * @str: string pointer
+ * @len: string length
+ */
+int ckpt_write_string(struct ckpt_ctx *ctx, char *str, int len)
+{
+ return ckpt_write_obj_type(ctx, str, len, CKPT_HDR_STRING);
+}
+EXPORT_SYMBOL(ckpt_write_string);
+
+/***********************************************************************
+ * Checkpoint
+ */
+
+static void fill_kernel_const(struct ckpt_const *h)
+{
+ struct task_struct *tsk;
+ struct new_utsname *uts;
+
+ /* task */
+ h->task_comm_len = sizeof(tsk->comm);
+ /* uts */
+ h->uts_release_len = sizeof(uts->release);
+ h->uts_version_len = sizeof(uts->version);
+ h->uts_machine_len = sizeof(uts->machine);
+}
+
+/* write the checkpoint header */
+static int checkpoint_write_header(struct ckpt_ctx *ctx)
+{
+ struct ckpt_hdr_header *h;
+ struct new_utsname *uts;
+ struct timeval ktv;
+ int ret;
+
+ h = ckpt_hdr_get_type(ctx, sizeof(*h), CKPT_HDR_HEADER);
+ if (!h)
+ return -ENOMEM;
+
+ do_gettimeofday(&ktv);
+ uts = utsname();
+
+ h->magic = CHECKPOINT_MAGIC_HEAD;
+ h->major = (LINUX_VERSION_CODE >> 16) & 0xff;
+ h->minor = (LINUX_VERSION_CODE >> 8) & 0xff;
+ h->patch = (LINUX_VERSION_CODE) & 0xff;
+
+ h->rev = CHECKPOINT_VERSION;
+
+ h->uflags = ctx->uflags;
+ h->time = ktv.tv_sec;
+
+ fill_kernel_const(&h->constants);
+
+ ret = ckpt_write_obj(ctx, &h->h);
+ ckpt_hdr_put(ctx, h);
+ if (ret < 0)
+ return ret;
+
+ down_read(&uts_sem);
+ ret = ckpt_write_buffer(ctx, uts->release, sizeof(uts->release));
+ if (ret < 0)
+ goto up;
+ ret = ckpt_write_buffer(ctx, uts->version, sizeof(uts->version));
+ if (ret < 0)
+ goto up;
+ ret = ckpt_write_buffer(ctx, uts->machine, sizeof(uts->machine));
+ up:
+ up_read(&uts_sem);
+ return ret;
+}
+
+/* write the container configuration section */
+static int checkpoint_container(struct ckpt_ctx *ctx)
+{
+ struct ckpt_hdr_container *h;
+ int ret;
+
+ h = ckpt_hdr_get_type(ctx, sizeof(*h), CKPT_HDR_CONTAINER);
+ if (!h)
+ return -ENOMEM;
+ ret = ckpt_write_obj(ctx, &h->h);
+ ckpt_hdr_put(ctx, h);
+
+ return ret;
+}
+
+/* write the checkpoint trailer */
+static int checkpoint_write_tail(struct ckpt_ctx *ctx)
+{
+ struct ckpt_hdr_tail *h;
+ int ret;
+
+ h = ckpt_hdr_get_type(ctx, sizeof(*h), CKPT_HDR_TAIL);
+ if (!h)
+ return -ENOMEM;
+
+ h->magic = CHECKPOINT_MAGIC_TAIL;
+
+ ret = ckpt_write_obj(ctx, &h->h);
+ ckpt_hdr_put(ctx, h);
+ return ret;
+}
+
+long do_checkpoint(struct ckpt_ctx *ctx, pid_t pid)
+{
+ long ret;
+
+ ret = checkpoint_write_header(ctx);
+ if (ret < 0)
+ goto out;
+ ret = checkpoint_container(ctx);
+ if (ret < 0)
+ goto out;
+ ret = checkpoint_task(ctx, current);
+ if (ret < 0)
+ goto out;
+ ret = checkpoint_write_tail(ctx);
+ if (ret < 0)
+ goto out;
+
+ /* on success, return (unique) checkpoint identifier */
+ ctx->crid = atomic_inc_return(&ctx_count);
+ ret = ctx->crid;
+ out:
+ return ret;
+}
diff --git a/kernel/checkpoint/process.c b/kernel/checkpoint/process.c
new file mode 100644
index 0000000..abd9025
--- /dev/null
+++ b/kernel/checkpoint/process.c
@@ -0,0 +1,101 @@
+/*
+ * Checkpoint task structure
+ *
+ * Copyright (C) 2008-2009 Oren Laadan
+ *
+ * This file is subject to the terms and conditions of the GNU General Public
+ * License. See the file COPYING in the main directory of the Linux
+ * distribution for more details.
+ */
+
+/* default debug level for output */
+#define CKPT_DFLAG CKPT_DSYS
+
+#include <linux/sched.h>
+#include <linux/checkpoint.h>
+
+/***********************************************************************
+ * Checkpoint
+ */
+
+/* dump the task_struct of a given task */
+static int checkpoint_task_struct(struct ckpt_ctx *ctx, struct task_struct *t)
+{
+ struct ckpt_hdr_task *h;
+ int ret;
+
+ h = ckpt_hdr_get_type(ctx, sizeof(*h), CKPT_HDR_TASK);
+ if (!h)
+ return -ENOMEM;
+
+ h->state = t->state;
+ h->exit_state = t->exit_state;
+ h->exit_code = t->exit_code;
+ h->exit_signal = t->exit_signal;
+
+ h->set_child_tid = (unsigned long) t->set_child_tid;
+ h->clear_child_tid = (unsigned long) t->clear_child_tid;
+
+ /* FIXME: save remaining relevant task_struct fields */
+
+ ret = ckpt_write_obj(ctx, &h->h);
+ ckpt_hdr_put(ctx, h);
+ if (ret < 0)
+ return ret;
+
+ return ckpt_write_string(ctx, t->comm, TASK_COMM_LEN);
+}
+
+/* dump the entire state of a given task */
+int checkpoint_task(struct ckpt_ctx *ctx, struct task_struct *t)
+{
+ int ret;
+
+ ctx->tsk = t;
+
+ ret = checkpoint_task_struct(ctx, t);
+ ckpt_debug("task %d\n", ret);
+
+ ctx->tsk = NULL;
+ return ret;
+}
+
+/***********************************************************************
+ * Restart
+ */
+
+/* read the task_struct into the current task */
+static int restore_task_struct(struct ckpt_ctx *ctx)
+{
+ struct ckpt_hdr_task *h;
+ struct task_struct *t = current;
+ int ret;
+
+ h = ckpt_read_obj_type(ctx, sizeof(*h), CKPT_HDR_TASK);
+ if (IS_ERR(h))
+ return PTR_ERR(h);
+
+ memset(t->comm, 0, TASK_COMM_LEN);
+ ret = _ckpt_read_string(ctx, t->comm, TASK_COMM_LEN);
+ if (ret < 0)
+ goto out;
+
+ t->set_child_tid = (int __user *) (unsigned long) h->set_child_tid;
+ t->clear_child_tid = (int __user *) (unsigned long) h->clear_child_tid;
+
+ /* FIXME: restore remaining relevant task_struct fields */
+ out:
+ ckpt_hdr_put(ctx, h);
+ return ret;
+}
+
+/* read the entire state of the current task */
+int restore_task(struct ckpt_ctx *ctx)
+{
+ int ret;
+
+ ret = restore_task_struct(ctx);
+ ckpt_debug("task %d\n", ret);
+
+ return ret;
+}
diff --git a/kernel/checkpoint/restart.c b/kernel/checkpoint/restart.c
new file mode 100644
index 0000000..cd9945c
--- /dev/null
+++ b/kernel/checkpoint/restart.c
@@ -0,0 +1,460 @@
+/*
+ * Restart logic and helpers
+ *
+ * Copyright (C) 2008-2009 Oren Laadan
+ *
+ * This file is subject to the terms and conditions of the GNU General Public
+ * License. See the file COPYING in the main directory of the Linux
+ * distribution for more details.
+ */
+
+/* default debug level for output */
+#define CKPT_DFLAG CKPT_DSYS
+
+#include <linux/version.h>
+#include <linux/module.h>
+#include <linux/sched.h>
+#include <linux/slab.h>
+#include <linux/file.h>
+#include <linux/magic.h>
+#include <linux/utsname.h>
+#include <linux/checkpoint.h>
+
+static int _ckpt_read_err(struct ckpt_ctx *ctx, struct ckpt_hdr *h)
+{
+ char *ptr;
+ int len, ret;
+
+ len = h->len - sizeof(*h);
+ ptr = kzalloc(len + 1, GFP_KERNEL);
+ if (!ptr) {
+ ckpt_debug("insufficient memory to report image error\n");
+ return -ENOMEM;
+ }
+
+ ret = ckpt_kread(ctx, ptr, len);
+ if (ret >= 0) {
+ ckpt_debug("%s\n", &ptr[1]);
+ ret = -EIO;
+ }
+
+ kfree(ptr);
+ return ret;
+}
+
+/**
+ * _ckpt_read_obj - read an object (ckpt_hdr followed by payload)
+ * @ctx: checkpoint context
+ * @h: desired ckpt_hdr
+ * @ptr: desired buffer
+ * @len: desired object length (if 0, flexible)
+ * @max: maximum object length (if 0, flexible)
+ *
+ * If @ptr is NULL, then read only the header (payload to follow)
+ */
+static int _ckpt_read_obj(struct ckpt_ctx *ctx, struct ckpt_hdr *h,
+ void *ptr, int len, int max)
+{
+ int ret;
+
+ again:
+ ret = ckpt_kread(ctx, h, sizeof(*h));
+ if (ret < 0)
+ return ret;
+ _ckpt_debug(CKPT_DRW, "type %d len %d(%d,%d)\n",
+ h->type, h->len, len, max);
+ if (h->len < sizeof(*h))
+ return -EINVAL;
+
+ if (h->type == CKPT_HDR_ERROR) {
+ ret = _ckpt_read_err(ctx, h);
+ if (ret < 0)
+ return ret;
+ goto again;
+ }
+
+ /* if len specified, enforce, else if maximum specified, enforce */
+ if ((len && h->len != len) || (!len && max && h->len > max))
+ return -EINVAL;
+
+ if (ptr)
+ ret = ckpt_kread(ctx, ptr, h->len - sizeof(struct ckpt_hdr));
+ return ret;
+}
+
+/**
+ * _ckpt_read_obj_type - read an object of some type
+ * @ctx: checkpoint context
+ * @ptr: provided buffer
+ * @len: buffer length
+ * @type: buffer type
+ *
+ * If @ptr is NULL, then read only the header (payload to follow).
+ * @len specifies the expected buffer length (ignored if set to 0).
+ * Returns: actual _payload_ length
+ */
+int _ckpt_read_obj_type(struct ckpt_ctx *ctx, void *ptr, int len, int type)
+{
+ struct ckpt_hdr h;
+ int ret;
+
+ if (len)
+ len += sizeof(struct ckpt_hdr);
+ ret = _ckpt_read_obj(ctx, &h, ptr, len, len);
+ if (ret < 0)
+ return ret;
+ if (h.type != type)
+ return -EINVAL;
+ return h.len - sizeof(h);
+}
+EXPORT_SYMBOL(_ckpt_read_obj_type);
+
+/**
+ * _ckpt_read_buffer - read an object of type buffer (set length)
+ * @ctx: checkpoint context
+ * @ptr: provided buffer
+ * @len: buffer length
+ *
+ * If @ptr is NULL, then read only the header (payload to follow).
+ * @len specifies the expected buffer length (ignored if set to 0).
+ * Returns: _payload_ length.
+ */
+int _ckpt_read_buffer(struct ckpt_ctx *ctx, void *ptr, int len)
+{
+ BUG_ON(!len);
+ return _ckpt_read_obj_type(ctx, ptr, len, CKPT_HDR_BUFFER);
+}
+EXPORT_SYMBOL(_ckpt_read_buffer);
+
+/**
+ * _ckpt_read_string - read an object of type string (set length)
+ * @ctx: checkpoint context
+ * @ptr: provided buffer
+ * @len: string length (including '\0')
+ *
+ * If @ptr is NULL, then read only the header (payload to follow)
+ */
+int _ckpt_read_string(struct ckpt_ctx *ctx, void *ptr, int len)
+{
+ int ret;
+
+ BUG_ON(!len);
+ ret = _ckpt_read_obj_type(ctx, ptr, len, CKPT_HDR_STRING);
+ if (ret < 0)
+ return ret;
+ if (ptr)
+ ((char *) ptr)[len - 1] = '\0'; /* always play it safe */
+ return 0;
+}
+EXPORT_SYMBOL(_ckpt_read_string);
+
+/**
+ * ckpt_read_obj - allocate and read an object (ckpt_hdr followed by payload)
+ * @ctx: checkpoint context
+ * @h: object descriptor
+ * @len: desired total length (if 0, flexible)
+ * @max: maximum total length
+ *
+ * Return: new buffer allocated on success, error pointer otherwise
+ */
+static void *ckpt_read_obj(struct ckpt_ctx *ctx, int len, int max)
+{
+ struct ckpt_hdr hh;
+ struct ckpt_hdr *h;
+ int ret;
+
+ ret = ckpt_kread(ctx, &hh, sizeof(hh));
+ if (ret < 0)
+ return ERR_PTR(ret);
+ _ckpt_debug(CKPT_DRW, "type %d len %d(%d,%d)\n",
+ hh.type, hh.len, len, max);
+ if (hh.len < sizeof(*h))
+ return ERR_PTR(-EINVAL);
+ /* if len specified, enforce, else if maximum specified, enforce */
+ if ((len && hh.len != len) || (!len && max && hh.len > max))
+ return ERR_PTR(-EINVAL);
+
+ h = ckpt_hdr_get(ctx, hh.len);
+ if (!h)
+ return ERR_PTR(-ENOMEM);
+
+ *h = hh; /* yay ! */
+
+ ret = ckpt_kread(ctx, (h + 1), hh.len - sizeof(struct ckpt_hdr));
+ if (ret < 0) {
+ ckpt_hdr_put(ctx, h);
+ h = ERR_PTR(ret);
+ }
+
+ return h;
+}
+
+/**
+ * ckpt_read_obj_type - allocate and read an object of some type
+ * @ctx: checkpoint context
+ * @len: desired object length
+ * @type: desired object type
+ *
+ * Return: new buffer allocated on success, error pointer otherwise
+ */
+void *ckpt_read_obj_type(struct ckpt_ctx *ctx, int len, int type)
+{
+ struct ckpt_hdr *h;
+
+ BUG_ON(!len);
+
+ h = ckpt_read_obj(ctx, len, len);
+ if (IS_ERR(h))
+ return h;
+
+ if (h->type != type) {
+ ckpt_hdr_put(ctx, h);
+ h = ERR_PTR(-EINVAL);
+ }
+
+ return h;
+}
+EXPORT_SYMBOL(ckpt_read_obj_type);
+
+/**
+ * ckpt_read_buf_type - allocate and read an object of some type (flxible)
+ * @ctx: checkpoint context
+ * @max: maximum payload length
+ * @type: desired object type
+ *
+ * This differs from ckpt_read_obj_type() in that the length of the
+ * incoming object is flexible (up to the maximum specified by @max;
+ * unlimited if @max is 0), as determined by the ckpt_hdr data.
+ *
+ * NOTE: for symmetry with checkpoint, @max is the maximum _payload_
+ * size, excluding the header.
+ *
+ * Return: new buffer allocated on success, error pointer otherwise
+ */
+void *ckpt_read_buf_type(struct ckpt_ctx *ctx, int max, int type)
+{
+ struct ckpt_hdr *h;
+
+ if (max)
+ max += sizeof(struct ckpt_hdr);
+
+ h = ckpt_read_obj(ctx, 0, max);
+ if (IS_ERR(h))
+ return h;
+
+ if (h->type != type) {
+ ckpt_hdr_put(ctx, h);
+ h = ERR_PTR(-EINVAL);
+ }
+
+ return h;
+}
+EXPORT_SYMBOL(ckpt_read_buf_type);
+
+/**
+ * ckpt_read_payload - allocate and read the payload of an object
+ * @ctx: checkpoint context
+ * @max: maximum payload length
+ * @str: pointer to buffer to be allocated (caller must free)
+ * @type: desired object type
+ *
+ * This can be used to read a variable-length _payload_ from the checkpoint
+ * stream. @max limits the size of the resulting buffer.
+ *
+ * Return: actual _payload_ length
+ */
+int ckpt_read_payload(struct ckpt_ctx *ctx, void **ptr, int max, int type)
+{
+ int len, ret;
+
+ len = _ckpt_read_obj_type(ctx, NULL, 0, type);
+ if (len < 0)
+ return len;
+ else if (len > max)
+ return -EINVAL;
+
+ *ptr = kmalloc(len, GFP_KERNEL);
+ if (!*ptr)
+ return -ENOMEM;
+
+ ret = ckpt_kread(ctx, *ptr, len);
+ if (ret < 0) {
+ kfree(*ptr);
+ return ret;
+ }
+
+ return len;
+}
+EXPORT_SYMBOL(ckpt_read_payload);
+
+/**
+ * ckpt_read_string - allocate and read a string (variable length)
+ * @ctx: checkpoint context
+ * @max: maximum acceptable length
+ *
+ * Return: allocate string or error pointer
+ */
+char *ckpt_read_string(struct ckpt_ctx *ctx, int max)
+{
+ char *str;
+ int len;
+
+ len = ckpt_read_payload(ctx, (void **)&str, max, CKPT_HDR_STRING);
+ if (len < 0)
+ return ERR_PTR(len);
+ str[len - 1] = '\0'; /* always play it safe */
+ return str;
+}
+EXPORT_SYMBOL(ckpt_read_string);
+
+/**
+ * ckpt_read_consume - consume the next object of expected type
+ * @ctx: checkpoint context
+ * @len: desired object length
+ * @type: desired object type
+ *
+ * This can be used to skip an object in the input stream when the
+ * data is unnecessary for the restart. @len indicates the length of
+ * the object); if @len is zero the length is unconstrained.
+ */
+int ckpt_read_consume(struct ckpt_ctx *ctx, int len, int type)
+{
+ struct ckpt_hdr *h;
+ int ret = 0;
+
+ h = ckpt_read_obj(ctx, len, 0);
+ if (IS_ERR(h))
+ return PTR_ERR(h);
+
+ if (h->type != type)
+ ret = -EINVAL;
+
+ ckpt_hdr_put(ctx, h);
+ return ret;
+}
+EXPORT_SYMBOL(ckpt_read_consume);
+
+/***********************************************************************
+ * Restart
+ */
+
+static int check_kernel_const(struct ckpt_const *h)
+{
+ struct task_struct *tsk;
+ struct new_utsname *uts;
+
+ /* task */
+ if (h->task_comm_len != sizeof(tsk->comm))
+ return -EINVAL;
+ /* uts */
+ if (h->uts_release_len != sizeof(uts->release))
+ return -EINVAL;
+ if (h->uts_version_len != sizeof(uts->version))
+ return -EINVAL;
+ if (h->uts_machine_len != sizeof(uts->machine))
+ return -EINVAL;
+
+ return 0;
+}
+
+/* read the checkpoint header */
+static int restore_read_header(struct ckpt_ctx *ctx)
+{
+ struct ckpt_hdr_header *h;
+ struct new_utsname *uts = NULL;
+ int ret;
+
+ h = ckpt_read_obj_type(ctx, sizeof(*h), CKPT_HDR_HEADER);
+ if (IS_ERR(h))
+ return PTR_ERR(h);
+
+ ret = -EINVAL;
+ if (h->magic != CHECKPOINT_MAGIC_HEAD ||
+ h->rev != CHECKPOINT_VERSION ||
+ h->major != ((LINUX_VERSION_CODE >> 16) & 0xff) ||
+ h->minor != ((LINUX_VERSION_CODE >> 8) & 0xff) ||
+ h->patch != ((LINUX_VERSION_CODE) & 0xff)) {
+ ckpt_err(ctx, ret, "incompatible kernel version");
+ goto out;
+ }
+ if (h->uflags) {
+ ckpt_err(ctx, ret, "incompatible restart user flags");
+ goto out;
+ }
+
+ ret = check_kernel_const(&h->constants);
+ if (ret < 0) {
+ ckpt_err(ctx, ret, "incompatible kernel constants");
+ goto out;
+ }
+
+ ret = -ENOMEM;
+ uts = kmalloc(sizeof(*uts), GFP_KERNEL);
+ if (!uts)
+ goto out;
+
+ ctx->oflags = h->uflags;
+
+ /* FIX: verify compatibility of release, version and machine */
+ ret = _ckpt_read_buffer(ctx, uts->release, sizeof(uts->release));
+ if (ret < 0)
+ goto out;
+ ret = _ckpt_read_buffer(ctx, uts->version, sizeof(uts->version));
+ if (ret < 0)
+ goto out;
+ ret = _ckpt_read_buffer(ctx, uts->machine, sizeof(uts->machine));
+ out:
+ kfree(uts);
+ ckpt_hdr_put(ctx, h);
+ return ret;
+}
+
+/* read the container configuration section */
+static int restore_container(struct ckpt_ctx *ctx)
+{
+ int ret = 0;
+ struct ckpt_hdr_container *h;
+
+ h = ckpt_read_obj_type(ctx, sizeof(*h), CKPT_HDR_CONTAINER);
+ if (IS_ERR(h))
+ return PTR_ERR(h);
+ ckpt_hdr_put(ctx, h);
+
+ return ret;
+}
+
+/* read the checkpoint trailer */
+static int restore_read_tail(struct ckpt_ctx *ctx)
+{
+ struct ckpt_hdr_tail *h;
+ int ret = 0;
+
+ h = ckpt_read_obj_type(ctx, sizeof(*h), CKPT_HDR_TAIL);
+ if (IS_ERR(h))
+ return PTR_ERR(h);
+
+ if (h->magic != CHECKPOINT_MAGIC_TAIL)
+ ret = -EINVAL;
+
+ ckpt_hdr_put(ctx, h);
+ return ret;
+}
+
+long do_restart(struct ckpt_ctx *ctx, pid_t pid)
+{
+ long ret;
+
+ ret = restore_read_header(ctx);
+ if (ret < 0)
+ return ret;
+ ret = restore_container(ctx);
+ if (ret < 0)
+ return ret;
+ ret = restore_task(ctx);
+ if (ret < 0)
+ return ret;
+ ret = restore_read_tail(ctx);
+
+ /* on success, adjust the return value if needed [TODO] */
+ return ret;
+}
diff --git a/kernel/checkpoint/sys.c b/kernel/checkpoint/sys.c
index a81750a..af8c1bf 100644
--- a/kernel/checkpoint/sys.c
+++ b/kernel/checkpoint/sys.c
@@ -8,12 +8,398 @@
* distribution for more details.
*/
+/* default debug level for output */
+#define CKPT_DFLAG CKPT_DSYS
+
#include <linux/sched.h>
+#include <linux/module.h>
#include <linux/kernel.h>
#include <linux/syscalls.h>
+#include <linux/slab.h>
+#include <linux/fs.h>
+#include <linux/file.h>
+#include <linux/uaccess.h>
+#include <linux/capability.h>
+#include <linux/checkpoint.h>
+
+/*
+ * Helpers to write(read) from(to) kernel space to(from) the checkpoint
+ * image file descriptor (similar to how a core-dump is performed).
+ *
+ * _ckpt_kwrite() - write a kernel-space buffer to a file
+ * _ckpt_kread() - read from a file to a kernel-space buffer
+ *
+ * ckpt_kread() - read from the checkpoint image to a kernel-space buffer
+ * ckpt_kwrite() - write a kernel-space buffer to the checkpoint image
+ *
+ * They latter two succeed only if the entire read or write succeeds,
+ * and return 0, or negative error otherwise.
+ */
+
+static ssize_t _ckpt_kwrite(struct file *file, void *addr, size_t count)
+{
+ loff_t pos;
+ int ret;
+
+ pos = file_pos_read(file);
+ ret = kernel_write(file, pos, addr, count);
+ if (ret < 0)
+ return ret;
+ file_pos_write(file, pos + ret);
+ return ret;
+}
+
+/* returns 0 on success */
+int ckpt_kwrite(struct ckpt_ctx *ctx, void *addr, size_t count)
+{
+ int ret;
+
+ ret = _ckpt_kwrite(ctx->file, addr, count);
+ if (ret < 0)
+ return ret;
+
+ ctx->total += count;
+ return 0;
+}
+
+static ssize_t _ckpt_kread(struct file *file, void *addr, size_t count)
+{
+ loff_t pos;
+ int ret;
+
+ pos = file_pos_read(file);
+ ret = kernel_read(file, pos, addr, count);
+ if (ret < 0)
+ return ret;
+ file_pos_write(file, pos + ret);
+ return ret;
+}
+
+/* returns 0 on success */
+int ckpt_kread(struct ckpt_ctx *ctx, void *addr, size_t count)
+{
+ int ret;
+
+ ret = _ckpt_kread(ctx->file, addr, count);
+ if (ret < 0)
+ return ret;
+ if (ret != count)
+ return -EPIPE;
+
+ ctx->total += count;
+ return 0;
+}
+
+/**
+ * ckpt_hdr_get - get a hdr of certain size
+ * @ctx: checkpoint context
+ * @len: desired length
+ *
+ * Returns pointer to header
+ */
+void *ckpt_hdr_get(struct ckpt_ctx *ctx, int len)
+{
+ return kzalloc(len, GFP_KERNEL);
+}
+EXPORT_SYMBOL(ckpt_hdr_get);
+
+/**
+ * _ckpt_hdr_put - free a hdr allocated with ckpt_hdr_get
+ * @ctx: checkpoint context
+ * @ptr: header to free
+ * @len: header length
+ *
+ * (requiring 'ptr' makes it easily interchangable with kmalloc/kfree
+ */
+void _ckpt_hdr_put(struct ckpt_ctx *ctx, void *ptr, int len)
+{
+ kfree(ptr);
+}
+EXPORT_SYMBOL(_ckpt_hdr_put);
+
+/**
+ * ckpt_hdr_put - free a hdr allocated with ckpt_hdr_get
+ * @ctx: checkpoint context
+ * @ptr: header to free
+ *
+ * It is assumed that @ptr begins with a 'struct ckpt_hdr'.
+ */
+void ckpt_hdr_put(struct ckpt_ctx *ctx, void *ptr)
+{
+ struct ckpt_hdr *h = (struct ckpt_hdr *) ptr;
+ _ckpt_hdr_put(ctx, ptr, h->len);
+}
+EXPORT_SYMBOL(ckpt_hdr_put);
+
+/**
+ * ckpt_hdr_get_type - get a hdr of certain size
+ * @ctx: checkpoint context
+ * @len: number of bytes to reserve
+ *
+ * Returns pointer to reserved space on hbuf
+ */
+void *ckpt_hdr_get_type(struct ckpt_ctx *ctx, int len, int type)
+{
+ struct ckpt_hdr *h;
+
+ h = ckpt_hdr_get(ctx, len);
+ if (!h)
+ return NULL;
+
+ h->type = type;
+ h->len = len;
+ return h;
+}
+EXPORT_SYMBOL(ckpt_hdr_get_type);
+
+/*
+ * Helpers to manage c/r contexts: allocated for each checkpoint and/or
+ * restart operation, and persists until the operation is completed.
+ */
+
+static void ckpt_ctx_free(struct ckpt_ctx *ctx)
+{
+ if (ctx->file)
+ fput(ctx->file);
+ if (ctx->logfile)
+ fput(ctx->logfile);
+ kfree(ctx);
+}
+
+static struct ckpt_ctx *ckpt_ctx_alloc(int fd, unsigned long uflags,
+ unsigned long kflags, int logfd)
+{
+ struct ckpt_ctx *ctx;
+ int err;
+
+ ctx = kzalloc(sizeof(*ctx), GFP_KERNEL);
+ if (!ctx)
+ return ERR_PTR(-ENOMEM);
+
+ ctx->uflags = uflags;
+ ctx->kflags = kflags;
+
+ mutex_init(&ctx->msg_mutex);
+
+ err = -EBADF;
+ ctx->file = fget(fd);
+ if (!ctx->file)
+ goto err;
+ if (logfd == CHECKPOINT_FD_NONE)
+ goto nolog;
+ ctx->logfile = fget(logfd);
+ if (!ctx->logfile)
+ goto err;
+ nolog:
+ return ctx;
+ err:
+ ckpt_ctx_free(ctx);
+ return ERR_PTR(err);
+}
+
+static void ckpt_set_error(struct ckpt_ctx *ctx, int err)
+{
+ ctx->errno = err;
+}
+
+/* helpers to handler log/dbg/err messages */
+void ckpt_msg_lock(struct ckpt_ctx *ctx)
+{
+ if (!ctx)
+ return;
+ mutex_lock(&ctx->msg_mutex);
+ ctx->msg[0] = '\0';
+ ctx->msglen = 1;
+}
+
+void ckpt_msg_unlock(struct ckpt_ctx *ctx)
+{
+ if (!ctx)
+ return;
+ mutex_unlock(&ctx->msg_mutex);
+}
+
+static inline int is_special_flag(char *s)
+{
+ if (*s == '%' && s[1] == '(' && s[2] != '\0' && s[3] == ')')
+ return 1;
+ return 0;
+}
+
+/*
+ * _ckpt_generate_fmt - handle the special flags in the enhanced format
+ * strings used by checkpoint/restart error messages.
+ * @ctx: checkpoint context
+ * @fmt: message format
+ *
+ * The special flags are surrounded by %() to help them visually stand
+ * out. For instance, %(O) means an objref. The following special
+ * flags are recognized:
+ * O: objref
+ * P: pointer
+ * T: task
+ * S: string
+ * V: variable
+ *
+ * %(O) will be expanded to "[obj %d]". Likewise P, S, and V, will
+ * also expand to format flags requiring an argument to the subsequent
+ * sprintf or printk. T will be expanded to a string with no flags,
+ * requiring no further arguments.
+ *
+ * These do not accept any extra flags (i.e. min field width, precision,
+ * etc).
+ *
+ * The caller of ckpt_err() and _ckpt_err() must provide
+ * the additional variabes, in order, to match the @fmt (except for
+ * the T key), e.g.:
+ *
+ * ckpt_err(ctx, err, "%(T)FILE flags %d %(O)\n", flags, objref);
+ *
+ * May be called under spinlock.
+ * Must be called with ctx->msg_mutex held. The expanded format
+ * will be placed in ctx->fmt.
+ */
+static void _ckpt_generate_fmt(struct ckpt_ctx *ctx, char *fmt)
+{
+ char *s = ctx->fmt;
+ int len = 0;
+
+ for (; *fmt && len < CKPT_MSG_LEN; fmt++) {
+ if (!is_special_flag(fmt)) {
+ s[len++] = *fmt;
+ continue;
+ }
+ switch (fmt[2]) {
+ case 'O':
+ len += snprintf(s+len, CKPT_MSG_LEN-len, "[obj %%d]");
+ break;
+ case 'P':
+ len += snprintf(s+len, CKPT_MSG_LEN-len, "[ptr %%p]");
+ break;
+ case 'V':
+ len += snprintf(s+len, CKPT_MSG_LEN-len, "[sym %%pS]");
+ break;
+ case 'S':
+ len += snprintf(s+len, CKPT_MSG_LEN-len, "[str %%s]");
+ break;
+ case 'T':
+ if (ctx->tsk)
+ len += snprintf(s+len, CKPT_MSG_LEN-len,
+ "[pid %d tsk %s]",
+ task_pid_vnr(ctx->tsk), ctx->tsk->comm);
+ else
+ len += snprintf(s+len, CKPT_MSG_LEN-len,
+ "[pid -1 tsk NULL]");
+ break;
+ default:
+ printk(KERN_ERR "c/r: bad format specifier %c\n",
+ fmt[2]);
+ BUG();
+ }
+ fmt += 3;
+ }
+ if (len == CKPT_MSG_LEN)
+ s[CKPT_MSG_LEN-1] = '\0';
+ else
+ s[len] = '\0';
+}
+
+static void _ckpt_msg_appendv(struct ckpt_ctx *ctx, int err, char *fmt,
+ va_list ap)
+{
+ int len = ctx->msglen;
+
+ if (err) {
+ len += snprintf(&ctx->msg[len], CKPT_MSG_LEN-len, "[err %d]",
+ err);
+ if (len > CKPT_MSG_LEN)
+ goto full;
+ }
+
+ len += snprintf(&ctx->msg[len], CKPT_MSG_LEN-len, "[pos %lld]",
+ ctx->total);
+ len += vsnprintf(&ctx->msg[len], CKPT_MSG_LEN-len, fmt, ap);
+ if (len > CKPT_MSG_LEN) {
+full:
+ len = CKPT_MSG_LEN;
+ ctx->msg[CKPT_MSG_LEN-1] = '\0';
+ }
+ ctx->msglen = len;
+}
+
+void _ckpt_msg_append(struct ckpt_ctx *ctx, char *fmt, ...)
+{
+ va_list ap;
+
+ va_start(ap, fmt);
+ _ckpt_msg_appendv(ctx, 0, fmt, ap);
+ va_end(ap);
+}
+
+void _ckpt_msg_complete(struct ckpt_ctx *ctx)
+{
+ int ret;
+
+ /* Don't write an empty or uninitialized msg */
+ if (ctx->msglen <= 1)
+ return;
+
+ if (ctx->kflags & CKPT_CTX_CHECKPOINT && ctx->errno) {
+ ret = ckpt_write_obj_type(ctx, NULL, 0, CKPT_HDR_ERROR);
+ if (!ret)
+ ret = ckpt_write_string(ctx, ctx->msg, ctx->msglen);
+ if (ret < 0)
+ printk(KERN_NOTICE "c/r: error string unsaved (%d): %s\n",
+ ret, ctx->msg+1);
+ }
+
+ if (ctx->logfile) {
+ struct file *logfile = ctx->logfile;
+ loff_t pos = file_pos_read(logfile);
+ ret = kernel_write(logfile, pos, ctx->msg+1, ctx->msglen-1);
+ if (ret > 0)
+ file_pos_write(logfile, pos + ret);
+ }
+
+#ifdef CONFIG_CHECKPOINT_DEBUG
+ printk(KERN_DEBUG "%s", ctx->msg+1);
+#endif
+
+ ctx->msglen = 0;
+}
+
+#define __do_ckpt_msg(ctx, err, fmt) do { \
+ va_list ap; \
+ _ckpt_generate_fmt(ctx, fmt); \
+ va_start(ap, fmt); \
+ _ckpt_msg_appendv(ctx, err, ctx->fmt, ap); \
+ va_end(ap); \
+} while (0)
+
+void _do_ckpt_msg(struct ckpt_ctx *ctx, int err, char *fmt, ...)
+{
+ __do_ckpt_msg(ctx, err, fmt);
+}
+
+void do_ckpt_msg(struct ckpt_ctx *ctx, int err, char *fmt, ...)
+{
+ if (!ctx)
+ return;
+
+ ckpt_msg_lock(ctx);
+ __do_ckpt_msg(ctx, err, fmt);
+ _ckpt_msg_complete(ctx);
+ ckpt_msg_unlock(ctx);
+
+ if (err)
+ ckpt_set_error(ctx, err);
+}
+EXPORT_SYMBOL(do_ckpt_msg);
+
+/* checkpoint/restart syscalls */
/**
- * sys_checkpoint - checkpoint a container
+ * do_sys_checkpoint - checkpoint a container
* @pid: pid of the container init(1) process
* @fd: file to which dump the checkpoint image
* @flags: checkpoint operation flags
@@ -22,14 +408,32 @@
* Returns positive identifier on success, 0 when returning from restart
* or negative value on error
*/
-SYSCALL_DEFINE4(checkpoint, pid_t, pid, int, fd,
- unsigned long, flags, int, logfd)
+long do_sys_checkpoint(pid_t pid, int fd, unsigned long flags, int logfd)
{
- return -ENOSYS;
+ struct ckpt_ctx *ctx;
+ long ret;
+
+ /* no flags for now */
+ if (flags)
+ return -EINVAL;
+
+ if (pid == 0)
+ pid = task_pid_vnr(current);
+ ctx = ckpt_ctx_alloc(fd, flags, CKPT_CTX_CHECKPOINT, logfd);
+ if (IS_ERR(ctx))
+ return PTR_ERR(ctx);
+
+ ret = do_checkpoint(ctx, pid);
+
+ if (!ret)
+ ret = ctx->crid;
+
+ ckpt_ctx_free(ctx);
+ return ret;
}
/**
- * sys_restart - restart a container
+ * do_sys_restart - restart a container
* @pid: pid of task root (in coordinator's namespace), or 0
* @fd: file from which read the checkpoint image
* @flags: restart operation flags
@@ -38,8 +442,49 @@ SYSCALL_DEFINE4(checkpoint, pid_t, pid, int, fd,
* Returns negative value on error, or otherwise returns in the realm
* of the original checkpoint
*/
-SYSCALL_DEFINE4(restart, pid_t, pid, int, fd,
- unsigned long, flags, int, logfd)
+long do_sys_restart(pid_t pid, int fd, unsigned long flags, int logfd)
+{
+ struct ckpt_ctx *ctx = NULL;
+ long ret;
+
+ /* no flags for now */
+ if (flags)
+ return -EINVAL;
+
+ ctx = ckpt_ctx_alloc(fd, flags, CKPT_CTX_RESTART, logfd);
+ if (IS_ERR(ctx))
+ return PTR_ERR(ctx);
+
+ ret = do_restart(ctx, pid);
+
+ /* restart(2) isn't idempotent: can't restart syscall */
+ if (ret == -ERESTARTSYS || ret == -ERESTARTNOINTR ||
+ ret == -ERESTARTNOHAND || ret == -ERESTART_RESTARTBLOCK)
+ ret = -EINTR;
+
+ ckpt_ctx_free(ctx);
+ return ret;
+}
+
+
+/* 'ckpt_debug_level' controls the verbosity level of c/r code */
+#ifdef CONFIG_CHECKPOINT_DEBUG
+
+/* FIX: allow to change during runtime */
+unsigned long __read_mostly ckpt_debug_level = CKPT_DDEFAULT;
+EXPORT_SYMBOL(ckpt_debug_level);
+
+static __init int ckpt_debug_setup(char *s)
{
- return -ENOSYS;
+ long val, ret;
+
+ ret = strict_strtoul(s, 10, &val);
+ if (ret < 0)
+ return ret;
+ ckpt_debug_level = val;
+ return 0;
}
+
+__setup("ckpt_debug=", ckpt_debug_setup);
+
+#endif /* CONFIG_CHECKPOINT_DEBUG */
diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug
index 935248b..75d413e 100644
--- a/lib/Kconfig.debug
+++ b/lib/Kconfig.debug
@@ -1086,6 +1086,19 @@ config DMA_API_DEBUG
This option causes a performance degredation. Use only if you want
to debug device drivers. If unsure, say N.
+config CHECKPOINT_DEBUG
+ bool "Checkpoint/restart debugging (EXPERIMENTAL)"
+ depends on CHECKPOINT
+ default y
+ help
+ This options turns on the debugging output of checkpoint/restart.
+ The level of verbosity is controlled by 'ckpt_debug_level' and can
+ be set at boot time with "ckpt_debug=" option.
+
+ Turning this option off will reduce the size of the c/r code. If
+ turned on, it is unlikely to incur visible overhead if the debug
+ level is set to zero.
+
source "samples/Kconfig"
source "lib/Kconfig.kgdb"
--
1.6.3.3
^ permalink raw reply related [flat|nested] 137+ messages in thread* [PATCH v21 023/100] c/r: x86_32 support for checkpoint/restart
2010-05-01 14:14 [PATCH v21 00/100] Kernel based checkpoint/restart Oren Laadan
` (21 preceding siblings ...)
2010-05-01 14:15 ` [PATCH v21 022/100] c/r: basic infrastructure for checkpoint/restart Oren Laadan
@ 2010-05-01 14:15 ` Oren Laadan
2010-05-01 14:15 ` [PATCH v21 024/100] c/r: x86-64: checkpoint/restart implementation Oren Laadan
` (78 subsequent siblings)
101 siblings, 0 replies; 137+ messages in thread
From: Oren Laadan @ 2010-05-01 14:15 UTC (permalink / raw)
To: Andrew Morton
Cc: containers, linux-kernel, Serge Hallyn, Matt Helsley,
Pavel Emelyanov, Oren Laadan, x86
Add logic to save and restore architecture specific state, including
thread-specific state, CPU registers and FPU state.
In addition, architecture capabilities are saved in an architecure
specific extension of the header (ckpt_hdr_head_arch); Currently this
includes only FPU capabilities.
Currently only x86-32 is supported.
Changelog[v21]:
- [Nathan Lynch] Use task_user_gs to checkpoint gs
- Do not include checkpoint_hdr.h explicitly
Changelog[v19]:
- [Serge Hallyn] Use ckpt_err() for arch incompatbilities
Changelog[v19-rc3]:
- Rebase to kernel 2.6.33:
* Use PTREGSCALL4 for sys_{checkpoint,restart}
* Remove debug-reg support (need to redo with perf_events)
- [Serge Hallyn] Support for ia32 (checkpoint, restart)
- Split arch/x86/checkpoint.c to generic and 32bit specific parts
- sys_{checkpoint,restore} to use ptregs
Changelog[v19-rc1]:
- Fix up headers so we can munge them for use by userspace
- [Matt Helsley] Add cpp definitions for enums
- Allow X86_EFLAGS_RF on restart
Changelog[v17]:
- Fix compilation for architectures that don't support checkpoint
- Validate cpu registers and TLS descriptors on restart
- Validate debug registers on restart
- Export asm/checkpoint_hdr.h to userspace
Changelog[v16]:
- All objects are preceded by ckpt_hdr (TLS and xstate_buf)
- Add architecture identifier to main header
Changelog[v14]:
- Use new interface ckpt_hdr_get/put()
- Embed struct ckpt_hdr in struct ckpt_hdr...
- Remove preempt_disable/enable() around init_fpu() and fix leak
- Revert change to pr_debug(), back to ckpt_debug()
- Move code related to task_struct to checkpoint/process.c
Changelog[v12]:
- A couple of missed calls to ckpt_hbuf_put()
- Replace obsolete ckpt_debug() with pr_debug()
Changelog[v9]:
- Add arch-specific header that details architecture capabilities;
split FPU restore to send capabilities only once.
- Test for zero TLS entries in ckpt_write_thread()
- Fix asm/checkpoint_hdr.h so it can be included from user-space
Changelog[v7]:
- Fix save/restore state of FPU
Changelog[v5]:
- Remove preempt_disable() when restoring debug registers
Changelog[v4]:
- Fix header structure alignment
Changelog[v2]:
- Pad header structures to 64 bits to ensure compatibility
- Follow Dave Hansen's refactoring of the original post
Cc: x86@kernel.org
Signed-off-by: Oren Laadan <orenl@cs.columbia.edu>
Acked-by: Serge E. Hallyn <serue@us.ibm.com>
Tested-by: Serge E. Hallyn <serue@us.ibm.com>
---
arch/x86/ia32/ia32entry.S | 9 +
arch/x86/include/asm/Kbuild | 1 +
arch/x86/include/asm/checkpoint_hdr.h | 112 +++++++++
arch/x86/include/asm/syscalls.h | 6 +
arch/x86/include/asm/unistd_32.h | 2 +
arch/x86/kernel/Makefile | 8 +
arch/x86/kernel/checkpoint.c | 418 +++++++++++++++++++++++++++++++++
arch/x86/kernel/checkpoint_32.c | 171 ++++++++++++++
arch/x86/kernel/entry_32.S | 8 +
arch/x86/kernel/syscall_table_32.S | 2 +
include/linux/checkpoint.h | 9 +
include/linux/checkpoint_hdr.h | 20 ++-
kernel/checkpoint/checkpoint.c | 7 +-
kernel/checkpoint/process.c | 20 ++-
kernel/checkpoint/restart.c | 8 +
15 files changed, 797 insertions(+), 4 deletions(-)
create mode 100644 arch/x86/include/asm/checkpoint_hdr.h
create mode 100644 arch/x86/kernel/checkpoint.c
create mode 100644 arch/x86/kernel/checkpoint_32.c
diff --git a/arch/x86/ia32/ia32entry.S b/arch/x86/ia32/ia32entry.S
index b7f3f34..2efc4db 100644
--- a/arch/x86/ia32/ia32entry.S
+++ b/arch/x86/ia32/ia32entry.S
@@ -478,6 +478,13 @@ quiet_ni_syscall:
PTREGSCALL stub32_vfork, sys_vfork, %rdi
PTREGSCALL stub32_iopl, sys_iopl, %rsi
PTREGSCALL stub32_eclone, sys_eclone, %r8
+#ifdef CONFIG_CHECKPOINT
+ PTREGSCALL stub32_checkpoint, sys_checkpoint, %r8
+ PTREGSCALL stub32_restart, sys_restart, %r8
+#else
+ PTREGSCALL stub32_checkpoint, sys_ni_syscall, %r8
+ PTREGSCALL stub32_restart, sys_ni_syscall, %r8
+#endif
ENTRY(ia32_ptregs_common)
popq %r11
@@ -844,4 +851,6 @@ ia32_sys_call_table:
.quad sys_perf_event_open
.quad compat_sys_recvmmsg
.quad stub32_eclone
+ .quad stub32_checkpoint
+ .quad stub32_restart /* 340 */
ia32_syscall_end:
diff --git a/arch/x86/include/asm/Kbuild b/arch/x86/include/asm/Kbuild
index 493092e..0893cfa 100644
--- a/arch/x86/include/asm/Kbuild
+++ b/arch/x86/include/asm/Kbuild
@@ -2,6 +2,7 @@ include include/asm-generic/Kbuild.asm
header-y += boot.h
header-y += bootparam.h
+header-y += checkpoint_hdr.h
header-y += debugreg.h
header-y += ldt.h
header-y += msr-index.h
diff --git a/arch/x86/include/asm/checkpoint_hdr.h b/arch/x86/include/asm/checkpoint_hdr.h
new file mode 100644
index 0000000..e6cfc99
--- /dev/null
+++ b/arch/x86/include/asm/checkpoint_hdr.h
@@ -0,0 +1,112 @@
+#ifndef __ASM_X86_CKPT_HDR_H
+#define __ASM_X86_CKPT_HDR_H
+/*
+ * Checkpoint/restart - architecture specific headers x86
+ *
+ * Copyright (C) 2008-2009 Oren Laadan
+ *
+ * This file is subject to the terms and conditions of the GNU General Public
+ * License. See the file COPYING in the main directory of the Linux
+ * distribution for more details.
+ */
+
+#ifndef _CHECKPOINT_CKPT_HDR_H_
+#error asm/checkpoint_hdr.h included directly
+#endif
+
+#include <linux/types.h>
+
+/*
+ * To maintain compatibility between 32-bit and 64-bit architecture flavors,
+ * keep data 64-bit aligned: use padding for structure members, and use
+ * __attribute__((aligned (8))) for the entire structure.
+ *
+ * Quoting Arnd Bergmann:
+ * "This structure has an odd multiple of 32-bit members, which means
+ * that if you put it into a larger structure that also contains 64-bit
+ * members, the larger structure may get different alignment on x86-32
+ * and x86-64, which you might want to avoid. I can't tell if this is
+ * an actual problem here. ... In this case, I'm pretty sure that
+ * sizeof(ckpt_hdr_task) on x86-32 is different from x86-64, since it
+ * will be 32-bit aligned on x86-32."
+ */
+
+/* i387 structure seen from kernel/userspace */
+#ifdef __KERNEL__
+#include <asm/processor.h>
+#endif
+
+#ifdef CONFIG_X86_32
+#define CKPT_ARCH_ID CKPT_ARCH_X86_32
+#endif
+
+/* arch dependent header types */
+enum {
+ CKPT_HDR_CPU_FPU = 201,
+#define CKPT_HDR_CPU_FPU CKPT_HDR_CPU_FPU
+};
+
+struct ckpt_hdr_header_arch {
+ struct ckpt_hdr h;
+ /* FIXME: add HAVE_HWFP */
+ __u16 has_fxsr;
+ __u16 has_xsave;
+ __u16 xstate_size;
+ __u16 _pading;
+} __attribute__((aligned(8)));
+
+struct ckpt_hdr_thread {
+ struct ckpt_hdr h;
+ __u32 thread_info_flags;
+ __u16 gdt_entry_tls_entries;
+ __u16 sizeof_tls_array;
+} __attribute__((aligned(8)));
+
+/* designed to work for both x86_32 and x86_64 */
+struct ckpt_hdr_cpu {
+ struct ckpt_hdr h;
+ /* see struct pt_regs (x86_64) */
+ __u64 r15;
+ __u64 r14;
+ __u64 r13;
+ __u64 r12;
+ __u64 bp;
+ __u64 bx;
+ __u64 r11;
+ __u64 r10;
+ __u64 r9;
+ __u64 r8;
+ __u64 ax;
+ __u64 cx;
+ __u64 dx;
+ __u64 si;
+ __u64 di;
+ __u64 orig_ax;
+ __u64 ip;
+ __u64 sp;
+
+ __u64 flags;
+
+ /* segment registers */
+ __u64 fs;
+ __u64 gs;
+
+ __u16 fsindex;
+ __u16 gsindex;
+ __u16 cs;
+ __u16 ss;
+ __u16 ds;
+ __u16 es;
+
+ __u32 used_math;
+
+ /* thread_xstate contents follow (if used_math) */
+} __attribute__((aligned(8)));
+
+#define CKPT_X86_SEG_NULL 0
+#define CKPT_X86_SEG_USER32_CS 1
+#define CKPT_X86_SEG_USER32_DS 2
+#define CKPT_X86_SEG_TLS 0x4000 /* 0100 0000 0000 00xx */
+#define CKPT_X86_SEG_LDT 0x8000 /* 100x xxxx xxxx xxxx */
+
+#endif /* __ASM_X86_CKPT_HDR__H */
diff --git a/arch/x86/include/asm/syscalls.h b/arch/x86/include/asm/syscalls.h
index d525677..538a1ef 100644
--- a/arch/x86/include/asm/syscalls.h
+++ b/arch/x86/include/asm/syscalls.h
@@ -29,6 +29,12 @@ long sys_clone(unsigned long, unsigned long, void __user *,
void __user *, struct pt_regs *);
long sys_eclone(unsigned flags_low, struct clone_args __user *uca,
int args_size, pid_t __user *pids, struct pt_regs *regs);
+#ifdef CONFIG_CHECKPOINT
+long sys_checkpoint(pid_t pid, int fd, unsigned long flags,
+ int logfd, struct pt_regs *regs);
+long sys_restart(pid_t pid, int fd, unsigned long flags,
+ int logfd, struct pt_regs *regs);
+#endif
/* kernel/ldt.c */
asmlinkage int sys_modify_ldt(int, void __user *, unsigned long);
diff --git a/arch/x86/include/asm/unistd_32.h b/arch/x86/include/asm/unistd_32.h
index cb67842..007d7cd 100644
--- a/arch/x86/include/asm/unistd_32.h
+++ b/arch/x86/include/asm/unistd_32.h
@@ -344,6 +344,8 @@
#define __NR_perf_event_open 336
#define __NR_recvmmsg 337
#define __NR_eclone 338
+#define __NR_checkpoint 339
+#define __NR_restart 340
#ifdef __KERNEL__
diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile
index 4c58352..2078d1b 100644
--- a/arch/x86/kernel/Makefile
+++ b/arch/x86/kernel/Makefile
@@ -117,6 +117,14 @@ obj-$(CONFIG_X86_CHECK_BIOS_CORRUPTION) += check.o
obj-$(CONFIG_SWIOTLB) += pci-swiotlb.o
+obj-$(CONFIG_CHECKPOINT) += checkpoint.o
+
+###
+# 32 bit specific files
+ifeq ($(CONFIG_X86_32),y)
+ obj-$(CONFIG_CHECKPOINT) += checkpoint_32.o
+endif
+
###
# 64 bit specific files
ifeq ($(CONFIG_X86_64),y)
diff --git a/arch/x86/kernel/checkpoint.c b/arch/x86/kernel/checkpoint.c
new file mode 100644
index 0000000..015401a
--- /dev/null
+++ b/arch/x86/kernel/checkpoint.c
@@ -0,0 +1,418 @@
+/*
+ * Checkpoint/restart - architecture specific support for x86
+ *
+ * Copyright (C) 2008-2009 Oren Laadan
+ *
+ * This file is subject to the terms and conditions of the GNU General Public
+ * License. See the file COPYING in the main directory of the Linux
+ * distribution for more details.
+ */
+
+/* default debug level for output */
+#define CKPT_DFLAG CKPT_DSYS
+
+#include <asm/desc.h>
+#include <asm/i387.h>
+
+#include <linux/checkpoint.h>
+
+/*
+ * sys_checkpoint needs to be a ptregscall to match sys_restart
+ * so self-checkpoint images can be restarted.
+ */
+long sys_checkpoint(pid_t pid, int fd, unsigned long flags, int logfd,
+ struct pt_regs *regs)
+{
+ return do_sys_checkpoint(pid, fd, flags, logfd);
+}
+
+/*
+ * sys_restart needs to access and modify the pt_regs structure to
+ * restore the original state from the time of the checkpoint.
+ */
+long sys_restart(pid_t pid, int fd, unsigned long flags, int logfd,
+ struct pt_regs *regs)
+{
+ return do_sys_restart(pid, fd, flags, logfd);
+}
+
+
+extern int check_segment(__u16 seg);
+extern __u16 encode_segment(unsigned short seg);
+extern unsigned short decode_segment(__u16 seg);
+extern void save_cpu_regs(struct ckpt_hdr_cpu *h, struct task_struct *t);
+extern int load_cpu_regs(struct ckpt_hdr_cpu *h, struct task_struct *t);
+
+static int check_tls(struct desc_struct *desc)
+{
+ if (!desc->a && !desc->b)
+ return 1;
+ if (desc->l != 0 || desc->s != 1 || desc->dpl != 3)
+ return 0;
+ return 1;
+}
+
+#define CKPT_X86_TIF_UNSUPPORTED (_TIF_SECCOMP | _TIF_IO_BITMAP)
+
+/**************************************************************************
+ * Checkpoint
+ */
+
+static int may_checkpoint_thread(struct ckpt_ctx *ctx, struct task_struct *t)
+{
+#ifdef CONFIG_X86_32
+ if (t->thread.vm86_info) {
+ ckpt_err(ctx, -EBUSY, "%(T)Task in VM86 mode\n");
+ return -EBUSY;
+ }
+#endif
+
+ /* debugregs not (yet) supported */
+ if (test_tsk_thread_flag(t, TIF_DEBUG)) {
+ ckpt_err(ctx, -EBUSY, "%(T)Task with debugreg set\n");
+ return -EBUSY;
+ }
+
+ if (task_thread_info(t)->flags & CKPT_X86_TIF_UNSUPPORTED) {
+ ckpt_err(ctx, -EBUSY, "%(T)Bad thread info flags %#lx\n",
+ task_thread_info(t)->flags);
+ return -EBUSY;
+ }
+ return 0;
+}
+
+/* dump the thread_struct of a given task */
+int checkpoint_thread(struct ckpt_ctx *ctx, struct task_struct *t)
+{
+ struct ckpt_hdr_thread *h;
+ int tls_size;
+ int ret;
+
+ ret = may_checkpoint_thread(ctx, t);
+ if (ret < 0)
+ return ret;
+
+ tls_size = sizeof(t->thread.tls_array);
+
+ h = ckpt_hdr_get_type(ctx, sizeof(*h) + tls_size, CKPT_HDR_THREAD);
+ if (!h)
+ return -ENOMEM;
+
+ h->thread_info_flags =
+ task_thread_info(t)->flags & ~CKPT_X86_TIF_UNSUPPORTED;
+ h->gdt_entry_tls_entries = GDT_ENTRY_TLS_ENTRIES;
+ h->sizeof_tls_array = tls_size;
+
+ /* For simplicity dump the entire array */
+ memcpy(h + 1, t->thread.tls_array, tls_size);
+
+ ret = ckpt_write_obj(ctx, &h->h);
+ ckpt_hdr_put(ctx, h);
+ return ret;
+}
+
+static void save_cpu_debug(struct ckpt_hdr_cpu *h, struct task_struct *t)
+{
+ /*
+ * FIXME: as of kernel 2.6.33 debug registers are handled via
+ * perf_event interface. For neither, neither is supported.
+ */
+}
+
+static void save_cpu_fpu(struct ckpt_hdr_cpu *h, struct task_struct *t)
+{
+ h->used_math = tsk_used_math(t) ? 1 : 0;
+}
+
+static int checkpoint_cpu_fpu(struct ckpt_ctx *ctx, struct task_struct *t)
+{
+ struct ckpt_hdr *h;
+ int ret;
+
+ h = ckpt_hdr_get_type(ctx, xstate_size + sizeof(*h),
+ CKPT_HDR_CPU_FPU);
+ if (!h)
+ return -ENOMEM;
+
+ /* i387 + MMU + SSE logic */
+ preempt_disable(); /* needed it (t == current) */
+
+ /*
+ * normally, no need to unlazy_fpu(), since TS_USEDFPU flag
+ * was cleared when task was context-switched out...
+ * except if we are in process context, in which case we do
+ */
+ if (t == current && (task_thread_info(t)->status & TS_USEDFPU))
+ unlazy_fpu(current);
+
+ /*
+ * For simplicity dump the entire structure.
+ * FIX: need to be deliberate about what registers we are
+ * dumping for traceability and compatibility.
+ */
+ memcpy(h + 1, t->thread.xstate, xstate_size);
+ preempt_enable(); /* needed if (t == current) */
+
+ ret = ckpt_write_obj(ctx, h);
+ ckpt_hdr_put(ctx, h);
+
+ return ret;
+}
+
+/* dump the cpu state and registers of a given task */
+int checkpoint_cpu(struct ckpt_ctx *ctx, struct task_struct *t)
+{
+ struct ckpt_hdr_cpu *h;
+ int ret;
+
+ h = ckpt_hdr_get_type(ctx, sizeof(*h), CKPT_HDR_CPU);
+ if (!h)
+ return -ENOMEM;
+
+ save_cpu_regs(h, t);
+ save_cpu_debug(h, t);
+ save_cpu_fpu(h, t);
+
+ ckpt_debug("math %d\n", h->used_math);
+
+ ret = ckpt_write_obj(ctx, &h->h);
+ if (ret < 0)
+ goto out;
+
+ if (h->used_math)
+ ret = checkpoint_cpu_fpu(ctx, t);
+ out:
+ ckpt_hdr_put(ctx, h);
+ return ret;
+}
+
+int checkpoint_write_header_arch(struct ckpt_ctx *ctx)
+{
+ struct ckpt_hdr_header_arch *h;
+ int ret;
+
+ h = ckpt_hdr_get_type(ctx, sizeof(*h), CKPT_HDR_HEADER_ARCH);
+ if (!h)
+ return -ENOMEM;
+
+ /* FPU capabilities */
+ h->has_fxsr = cpu_has_fxsr;
+ h->has_xsave = cpu_has_xsave;
+ h->xstate_size = xstate_size;
+
+ ret = ckpt_write_obj(ctx, &h->h);
+ ckpt_hdr_put(ctx, h);
+
+ return ret;
+}
+
+/**************************************************************************
+ * Restart
+ */
+
+/* read the thread_struct into the current task */
+int restore_thread(struct ckpt_ctx *ctx)
+{
+ struct ckpt_hdr_thread *h;
+ struct thread_struct *thread = ¤t->thread;
+ struct desc_struct *desc;
+ int tls_size;
+ int i, cpu, ret;
+
+ tls_size = sizeof(thread->tls_array);
+
+ h = ckpt_read_obj_type(ctx, sizeof(*h) + tls_size, CKPT_HDR_THREAD);
+ if (IS_ERR(h))
+ return PTR_ERR(h);
+
+ ret = -EINVAL;
+ if (h->thread_info_flags & CKPT_X86_TIF_UNSUPPORTED)
+ goto out;
+ if (h->gdt_entry_tls_entries != GDT_ENTRY_TLS_ENTRIES)
+ goto out;
+ if (h->sizeof_tls_array != tls_size)
+ goto out;
+
+ /*
+ * restore TLS by hand: why convert to struct user_desc if
+ * sys_set_thread_entry() will convert it back ?
+ */
+ desc = (struct desc_struct *) (h + 1);
+
+ for (i = 0; i < GDT_ENTRY_TLS_ENTRIES; i++) {
+ if (!check_tls(&desc[i]))
+ goto out;
+ }
+
+ cpu = get_cpu();
+ memcpy(thread->tls_array, desc, tls_size);
+ load_TLS(thread, cpu);
+ put_cpu();
+
+ /* TODO: restore TIF flags as necessary (e.g. TIF_NOTSC) */
+
+ ret = 0;
+ out:
+ ckpt_hdr_put(ctx, h);
+ return ret;
+}
+
+static int load_cpu_debug(struct ckpt_hdr_cpu *h, struct task_struct *t)
+{
+ /*
+ * FIXME: as of kernel 2.6.33 debug registers are handled via
+ * perf_event interface. For neither, neither is supported.
+ */
+
+ return 0;
+}
+
+static int load_cpu_fpu(struct ckpt_hdr_cpu *h, struct task_struct *t)
+{
+ preempt_disable();
+
+ __clear_fpu(t); /* in case we used FPU in user mode */
+
+ if (!h->used_math)
+ clear_used_math();
+
+ preempt_enable();
+ return 0;
+}
+
+static int restore_cpu_fpu(struct ckpt_ctx *ctx, struct task_struct *t)
+{
+ struct ckpt_hdr *h;
+ int ret;
+
+ /* init_fpu() eventually also calls set_used_math() */
+ ret = init_fpu(current);
+ if (ret < 0)
+ return ret;
+
+ h = ckpt_read_obj_type(ctx, xstate_size + sizeof(*h),
+ CKPT_HDR_CPU_FPU);
+ if (IS_ERR(h))
+ return PTR_ERR(h);
+
+ memcpy(t->thread.xstate, h + 1, xstate_size);
+
+ ckpt_hdr_put(ctx, h);
+ return ret;
+}
+
+static int check_eflags(__u32 eflags)
+{
+#define X86_EFLAGS_CKPT_MASK \
+ (X86_EFLAGS_CF | X86_EFLAGS_PF | X86_EFLAGS_AF | X86_EFLAGS_ZF | \
+ X86_EFLAGS_SF | X86_EFLAGS_TF | X86_EFLAGS_DF | X86_EFLAGS_OF | \
+ X86_EFLAGS_NT | X86_EFLAGS_AC | X86_EFLAGS_ID | X86_EFLAGS_RF)
+
+ if ((eflags & ~X86_EFLAGS_CKPT_MASK) != (X86_EFLAGS_IF | 0x2))
+ return 0;
+ return 1;
+}
+
+static void restore_eflags(struct pt_regs *regs, __u32 eflags)
+{
+ /*
+ * A task may have had X86_EFLAGS_RF set at checkpoint, .e.g:
+ * 1) It ran in a KVM guest, and the guest was being debugged,
+ * 2) The kernel was debugged using kgbd,
+ * 3) From Intel's manual: "When calling an event handler,
+ * Intel 64 and IA-32 processors establish the value of the
+ * RF flag in the EFLAGS image pushed on the stack:
+ * - For any fault-class exception except a debug exception
+ * generated in response to an instruction breakpoint, the
+ * value pushed for RF is 1.
+ * - For any interrupt arriving after any iteration of a
+ * repeated string instruction but the last iteration, the
+ * value pushed for RF is 1.
+ * - For any trap-class exception generated by any iteration
+ * of a repeated string instruction but the last iteration,
+ * the value pushed for RF is 1.
+ * - For other cases, the value pushed for RF is the value
+ * that was in EFLAG.RF at the time the event handler was
+ * called.
+ * [from: http://www.intel.com/Assets/PDF/manual/253668.pdf]
+ *
+ * The RF flag may be set in EFLAGS by the hardware, or by
+ * kvm/kgdb, or even by the user with ptrace or by setting a
+ * suitable context when returning from a signal handler.
+ *
+ * Therefore, on restart we (1) prserve X86_EFLAGS_RF from
+ * checkpoint time, and (2) preserve a X86_EFLAGS_RF of the
+ * restarting process if it already exists on saved EFLAGS.
+ * Disable preemption to protect EFLAG test-and-change.
+ */
+ preempt_disable();
+ eflags |= (regs->flags & X86_EFLAGS_RF);
+ regs->flags = eflags;
+ preempt_enable();
+}
+
+static int load_cpu_eflags(struct ckpt_hdr_cpu *h, struct task_struct *t)
+{
+ struct pt_regs *regs = task_pt_regs(t);
+
+ if (!check_eflags(h->flags))
+ return -EINVAL;
+ restore_eflags(regs, h->flags);
+ return 0;
+}
+
+/* read the cpu state and registers for the current task */
+int restore_cpu(struct ckpt_ctx *ctx)
+{
+ struct ckpt_hdr_cpu *h;
+ struct task_struct *t = current;
+ int ret;
+
+ h = ckpt_read_obj_type(ctx, sizeof(*h), CKPT_HDR_CPU);
+ if (IS_ERR(h))
+ return PTR_ERR(h);
+
+ ckpt_debug("math %d\n", h->used_math);
+
+ ret = load_cpu_regs(h, t);
+ if (ret < 0)
+ goto out;
+ ret = load_cpu_eflags(h, t);
+ if (ret < 0)
+ goto out;
+ ret = load_cpu_debug(h, t);
+ if (ret < 0)
+ goto out;
+ ret = load_cpu_fpu(h, t);
+ if (ret < 0)
+ goto out;
+
+ if (h->used_math)
+ ret = restore_cpu_fpu(ctx, t);
+ out:
+ ckpt_hdr_put(ctx, h);
+ return ret;
+}
+
+int restore_read_header_arch(struct ckpt_ctx *ctx)
+{
+ struct ckpt_hdr_header_arch *h;
+ int ret = 0;
+
+ h = ckpt_read_obj_type(ctx, sizeof(*h), CKPT_HDR_HEADER_ARCH);
+ if (IS_ERR(h))
+ return PTR_ERR(h);
+
+ /* FIX: verify compatibility of architecture features */
+
+ /* verify FPU capabilities */
+ if (h->has_fxsr != cpu_has_fxsr ||
+ h->has_xsave != cpu_has_xsave ||
+ h->xstate_size != xstate_size) {
+ ret = -EINVAL;
+ ckpt_err(ctx, ret, "incompatible FPU capabilities");
+ }
+
+ ckpt_hdr_put(ctx, h);
+ return ret;
+}
diff --git a/arch/x86/kernel/checkpoint_32.c b/arch/x86/kernel/checkpoint_32.c
new file mode 100644
index 0000000..8b9a16c
--- /dev/null
+++ b/arch/x86/kernel/checkpoint_32.c
@@ -0,0 +1,171 @@
+/*
+ * Checkpoint/restart - architecture specific support for x86_32
+ *
+ * Copyright (C) 2008-2009 Oren Laadan
+ *
+ * This file is subject to the terms and conditions of the GNU General Public
+ * License. See the file COPYING in the main directory of the Linux
+ * distribution for more details.
+ */
+
+/* default debug level for output */
+#define CKPT_DFLAG CKPT_DSYS
+
+#include <asm/desc.h>
+#include <asm/i387.h>
+#include <asm/elf.h>
+
+#include <linux/checkpoint.h>
+
+/* helpers to encode/decode/validate segments */
+
+static int check_segment(__u16 seg)
+{
+ int ret = 0;
+
+ switch (seg) {
+ case CKPT_X86_SEG_NULL:
+ case CKPT_X86_SEG_USER32_CS:
+ case CKPT_X86_SEG_USER32_DS:
+ return 1;
+ }
+ if (seg & CKPT_X86_SEG_TLS) {
+ seg &= ~CKPT_X86_SEG_TLS;
+ if (seg <= GDT_ENTRY_TLS_MAX - GDT_ENTRY_TLS_MIN)
+ ret = 1;
+ } else if (seg & CKPT_X86_SEG_LDT) {
+ seg &= ~CKPT_X86_SEG_LDT;
+ if (seg <= 0x1fff)
+ ret = 1;
+ }
+ return ret;
+}
+
+static __u16 encode_segment(unsigned short seg)
+{
+ if (seg == 0)
+ return CKPT_X86_SEG_NULL;
+ BUG_ON((seg & 3) != 3);
+
+ if (seg == __USER_CS)
+ return CKPT_X86_SEG_USER32_CS;
+ if (seg == __USER_DS)
+ return CKPT_X86_SEG_USER32_DS;
+
+ if (seg & 4)
+ return CKPT_X86_SEG_LDT | (seg >> 3);
+
+ seg >>= 3;
+ if (GDT_ENTRY_TLS_MIN <= seg && seg <= GDT_ENTRY_TLS_MAX)
+ return CKPT_X86_SEG_TLS | (seg - GDT_ENTRY_TLS_MIN);
+
+ printk(KERN_ERR "c/r: (decode) bad segment %#hx\n", seg);
+ BUG();
+}
+
+static unsigned short decode_segment(__u16 seg)
+{
+ if (seg == CKPT_X86_SEG_NULL)
+ return 0;
+ if (seg == CKPT_X86_SEG_USER32_CS)
+ return __USER_CS;
+ if (seg == CKPT_X86_SEG_USER32_DS)
+ return __USER_DS;
+
+ if (seg & CKPT_X86_SEG_TLS) {
+ seg &= ~CKPT_X86_SEG_TLS;
+ return ((GDT_ENTRY_TLS_MIN + seg) << 3) | 3;
+ }
+ if (seg & CKPT_X86_SEG_LDT) {
+ seg &= ~CKPT_X86_SEG_LDT;
+ return (seg << 3) | 7;
+ }
+ BUG();
+}
+
+void save_cpu_regs(struct ckpt_hdr_cpu *h, struct task_struct *t)
+{
+ struct pt_regs *regs = task_pt_regs(t);
+ unsigned long _gs;
+
+ h->bp = regs->bp;
+ h->bx = regs->bx;
+ h->ax = regs->ax;
+ h->cx = regs->cx;
+ h->dx = regs->dx;
+ h->si = regs->si;
+ h->di = regs->di;
+ h->orig_ax = regs->orig_ax;
+ h->ip = regs->ip;
+
+ h->flags = regs->flags;
+ h->sp = regs->sp;
+
+ h->cs = encode_segment(regs->cs);
+ h->ss = encode_segment(regs->ss);
+ h->ds = encode_segment(regs->ds);
+ h->es = encode_segment(regs->es);
+
+ /*
+ * for checkpoint in process context (from within a container)
+ * the GS segment register should be saved from the hardware;
+ * otherwise use the standard way of accessing a task's GS
+ */
+ if (t == current)
+ _gs = get_user_gs(regs);
+ else
+ _gs = task_user_gs(t);
+
+ h->fsindex = encode_segment(regs->fs);
+ h->gsindex = encode_segment(_gs);
+
+ /*
+ * for checkpoint in process context (from within a container),
+ * the actual syscall is taking place at this very moment; so
+ * we (optimistically) subtitute the future return value (0) of
+ * this syscall into the orig_eax, so that upon restart it will
+ * succeed (or it will endlessly retry checkpoint...)
+ */
+ if (t == current) {
+ BUG_ON(h->orig_ax < 0);
+ h->ax = 0;
+ }
+}
+
+int load_cpu_regs(struct ckpt_hdr_cpu *h, struct task_struct *t)
+{
+ struct thread_struct *thread = &t->thread;
+ struct pt_regs *regs = task_pt_regs(t);
+
+ if (h->cs == CKPT_X86_SEG_NULL)
+ return -EINVAL;
+ if (!check_segment(h->cs) || !check_segment(h->ds) ||
+ !check_segment(h->es) || !check_segment(h->ss) ||
+ !check_segment(h->fsindex) || !check_segment(h->gsindex))
+ return -EINVAL;
+
+ regs->bp = h->bp;
+ regs->bx = h->bx;
+ regs->ax = h->ax;
+ regs->cx = h->cx;
+ regs->dx = h->dx;
+ regs->si = h->si;
+ regs->di = h->di;
+ regs->orig_ax = h->orig_ax;
+ regs->ip = h->ip;
+
+ regs->sp = h->sp;
+
+ regs->ds = decode_segment(h->ds);
+ regs->es = decode_segment(h->es);
+ regs->cs = decode_segment(h->cs);
+ regs->ss = decode_segment(h->ss);
+
+ regs->fs = decode_segment(h->fsindex);
+ regs->gs = decode_segment(h->gsindex);
+
+ thread->gs = regs->gs;
+ lazy_load_gs(regs->gs);
+
+ return 0;
+}
diff --git a/arch/x86/kernel/entry_32.S b/arch/x86/kernel/entry_32.S
index 65e1735..49d6628 100644
--- a/arch/x86/kernel/entry_32.S
+++ b/arch/x86/kernel/entry_32.S
@@ -781,6 +781,14 @@ PTREGSCALL0(rt_sigreturn)
PTREGSCALL2(vm86)
PTREGSCALL1(vm86old)
PTREGSCALL4(eclone)
+#ifdef CONFIG_CHECKPOINT
+PTREGSCALL4(checkpoint)
+PTREGSCALL4(restart)
+#else
+/* Use the weak defs in kernel/sys_ni.c */
+#define ptregs_checkpoint sys_checkpoint
+#define ptregs_restart sys_restart
+#endif
/* Clone is an oddball. The 4th arg is in %edi */
ALIGN;
diff --git a/arch/x86/kernel/syscall_table_32.S b/arch/x86/kernel/syscall_table_32.S
index 0c92570..2485482 100644
--- a/arch/x86/kernel/syscall_table_32.S
+++ b/arch/x86/kernel/syscall_table_32.S
@@ -338,3 +338,5 @@ ENTRY(sys_call_table)
.long sys_perf_event_open
.long sys_recvmmsg
.long ptregs_eclone
+ .long ptregs_checkpoint
+ .long ptregs_restart /* 340 */
diff --git a/include/linux/checkpoint.h b/include/linux/checkpoint.h
index 4bb5b8d..077bbcd 100644
--- a/include/linux/checkpoint.h
+++ b/include/linux/checkpoint.h
@@ -70,6 +70,15 @@ extern long do_restart(struct ckpt_ctx *ctx, pid_t pid);
extern int checkpoint_task(struct ckpt_ctx *ctx, struct task_struct *t);
extern int restore_task(struct ckpt_ctx *ctx);
+/* arch hooks */
+extern int checkpoint_write_header_arch(struct ckpt_ctx *ctx);
+extern int checkpoint_thread(struct ckpt_ctx *ctx, struct task_struct *t);
+extern int checkpoint_cpu(struct ckpt_ctx *ctx, struct task_struct *t);
+
+extern int restore_read_header_arch(struct ckpt_ctx *ctx);
+extern int restore_thread(struct ckpt_ctx *ctx);
+extern int restore_cpu(struct ckpt_ctx *ctx);
+
static inline int ckpt_validate_errno(int errno)
{
return (errno >= 0) && (errno < MAX_ERRNO);
diff --git a/include/linux/checkpoint_hdr.h b/include/linux/checkpoint_hdr.h
index 7ccebc7..a0189de 100644
--- a/include/linux/checkpoint_hdr.h
+++ b/include/linux/checkpoint_hdr.h
@@ -53,10 +53,16 @@ struct ckpt_hdr {
__u32 len;
} __attribute__((aligned(8)));
+
+#include <asm/checkpoint_hdr.h>
+
+
/* header types */
enum {
CKPT_HDR_HEADER = 1,
#define CKPT_HDR_HEADER CKPT_HDR_HEADER
+ CKPT_HDR_HEADER_ARCH,
+#define CKPT_HDR_HEADER_ARCH CKPT_HDR_HEADER_ARCH
CKPT_HDR_CONTAINER,
#define CKPT_HDR_CONTAINER CKPT_HDR_CONTAINER
CKPT_HDR_BUFFER,
@@ -66,6 +72,12 @@ enum {
CKPT_HDR_TASK = 101,
#define CKPT_HDR_TASK CKPT_HDR_TASK
+ CKPT_HDR_THREAD,
+#define CKPT_HDR_THREAD CKPT_HDR_THREAD
+ CKPT_HDR_CPU,
+#define CKPT_HDR_CPU CKPT_HDR_CPU
+
+ /* 201-299: reserved for arch-dependent */
CKPT_HDR_TAIL = 9001,
#define CKPT_HDR_TAIL CKPT_HDR_TAIL
@@ -74,6 +86,12 @@ enum {
#define CKPT_HDR_ERROR CKPT_HDR_ERROR
};
+/* architecture */
+enum {
+ CKPT_ARCH_X86_32 = 1,
+#define CKPT_ARCH_X86_32 CKPT_ARCH_X86_32
+};
+
/* kernel constants */
struct ckpt_const {
/* task */
@@ -89,7 +107,7 @@ struct ckpt_hdr_header {
struct ckpt_hdr h;
__u64 magic;
- __u16 _padding;
+ __u16 arch_id;
__u16 major;
__u16 minor;
diff --git a/kernel/checkpoint/checkpoint.c b/kernel/checkpoint/checkpoint.c
index 75b43e6..0f55d37 100644
--- a/kernel/checkpoint/checkpoint.c
+++ b/kernel/checkpoint/checkpoint.c
@@ -126,6 +126,8 @@ static int checkpoint_write_header(struct ckpt_ctx *ctx)
do_gettimeofday(&ktv);
uts = utsname();
+ h->arch_id = cpu_to_le16(CKPT_ARCH_ID); /* see asm/checkpoitn.h */
+
h->magic = CHECKPOINT_MAGIC_HEAD;
h->major = (LINUX_VERSION_CODE >> 16) & 0xff;
h->minor = (LINUX_VERSION_CODE >> 8) & 0xff;
@@ -153,7 +155,10 @@ static int checkpoint_write_header(struct ckpt_ctx *ctx)
ret = ckpt_write_buffer(ctx, uts->machine, sizeof(uts->machine));
up:
up_read(&uts_sem);
- return ret;
+ if (ret < 0)
+ return ret;
+
+ return checkpoint_write_header_arch(ctx);
}
/* write the container configuration section */
diff --git a/kernel/checkpoint/process.c b/kernel/checkpoint/process.c
index abd9025..e78b29b 100644
--- a/kernel/checkpoint/process.c
+++ b/kernel/checkpoint/process.c
@@ -55,7 +55,15 @@ int checkpoint_task(struct ckpt_ctx *ctx, struct task_struct *t)
ret = checkpoint_task_struct(ctx, t);
ckpt_debug("task %d\n", ret);
-
+ if (ret < 0)
+ goto out;
+ ret = checkpoint_thread(ctx, t);
+ ckpt_debug("thread %d\n", ret);
+ if (ret < 0)
+ goto out;
+ ret = checkpoint_cpu(ctx, t);
+ ckpt_debug("cpu %d\n", ret);
+ out:
ctx->tsk = NULL;
return ret;
}
@@ -96,6 +104,14 @@ int restore_task(struct ckpt_ctx *ctx)
ret = restore_task_struct(ctx);
ckpt_debug("task %d\n", ret);
-
+ if (ret < 0)
+ goto out;
+ ret = restore_thread(ctx);
+ ckpt_debug("thread %d\n", ret);
+ if (ret < 0)
+ goto out;
+ ret = restore_cpu(ctx);
+ ckpt_debug("cpu %d\n", ret);
+ out:
return ret;
}
diff --git a/kernel/checkpoint/restart.c b/kernel/checkpoint/restart.c
index cd9945c..f2b8575 100644
--- a/kernel/checkpoint/restart.c
+++ b/kernel/checkpoint/restart.c
@@ -369,6 +369,10 @@ static int restore_read_header(struct ckpt_ctx *ctx)
return PTR_ERR(h);
ret = -EINVAL;
+ if (le16_to_cpu(h->arch_id) != CKPT_ARCH_ID) {
+ ckpt_err(ctx, ret, "incompatible architecture id");
+ goto out;
+ }
if (h->magic != CHECKPOINT_MAGIC_HEAD ||
h->rev != CHECKPOINT_VERSION ||
h->major != ((LINUX_VERSION_CODE >> 16) & 0xff) ||
@@ -403,6 +407,10 @@ static int restore_read_header(struct ckpt_ctx *ctx)
if (ret < 0)
goto out;
ret = _ckpt_read_buffer(ctx, uts->machine, sizeof(uts->machine));
+ if (ret < 0)
+ goto out;
+
+ ret = restore_read_header_arch(ctx);
out:
kfree(uts);
ckpt_hdr_put(ctx, h);
--
1.6.3.3
^ permalink raw reply related [flat|nested] 137+ messages in thread* [PATCH v21 024/100] c/r: x86-64: checkpoint/restart implementation
2010-05-01 14:14 [PATCH v21 00/100] Kernel based checkpoint/restart Oren Laadan
` (22 preceding siblings ...)
2010-05-01 14:15 ` [PATCH v21 023/100] c/r: x86_32 support " Oren Laadan
@ 2010-05-01 14:15 ` Oren Laadan
2010-05-01 14:15 ` [PATCH v21 025/100] c/r: external checkpoint of a task other than ourself Oren Laadan
` (77 subsequent siblings)
101 siblings, 0 replies; 137+ messages in thread
From: Oren Laadan @ 2010-05-01 14:15 UTC (permalink / raw)
To: Andrew Morton
Cc: containers, linux-kernel, Serge Hallyn, Matt Helsley,
Pavel Emelyanov, Oren Laadan, x86
Support for checkpoint and restart for X86_32 architecture.
Partly based on Alexey's work.
Support for 32bit on 64bit and fixes from Serge Hallyn.
Checkpoint Restart
(app/arch) (app/arch/program*)
---------------------------------------
64/x86-64 -> 64/x86-64 works
32/x86-64 -> 32/x86-64 works
32/x86-64 -> 32/x86-32 ?
32/x86-32 -> 32/x86-64 ?
32/x86-64 -> 32/x86-32 ?
32/x86-32 -> 32/x86-64 ?
(*) "program" indicates the bit-ness of 'restart' executable.
Changelog[v21]:
- Do not include checkpoint_hdr.h explicitly
Changelog[v19-rc3]:
- Rebase to kernel 2.6.33
- [Serge Hallyn] Changes to fs/gs register handling
- [Serge Hallyn] Allow 32-bit restart of 64-bit and vice versa
- [Serge Hallyn] Only allow 'restart' with same bit-ness as image.
Cc: x86@kernel.org
Signed-off-by: Oren Laadan <orenl@cs.columbia.edu>
Signed-off-by: Serge Hallyn <serue@us.ibm.com>
---
arch/x86/Kconfig | 2 +-
arch/x86/include/asm/checkpoint_hdr.h | 6 +
arch/x86/include/asm/unistd_64.h | 4 +
arch/x86/kernel/Makefile | 2 +
arch/x86/kernel/checkpoint.c | 16 +++
arch/x86/kernel/checkpoint_64.c | 240 +++++++++++++++++++++++++++++++++
arch/x86/kernel/entry_64.S | 7 +
include/linux/checkpoint_hdr.h | 2 +
8 files changed, 278 insertions(+), 1 deletions(-)
create mode 100644 arch/x86/kernel/checkpoint_64.c
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index 0874484..335a4b3 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -95,7 +95,7 @@ config HAVE_LATENCYTOP_SUPPORT
config CHECKPOINT_SUPPORT
bool
- default y if X86_32
+ default y
config MMU
def_bool y
diff --git a/arch/x86/include/asm/checkpoint_hdr.h b/arch/x86/include/asm/checkpoint_hdr.h
index e6cfc99..6f600dd 100644
--- a/arch/x86/include/asm/checkpoint_hdr.h
+++ b/arch/x86/include/asm/checkpoint_hdr.h
@@ -36,6 +36,10 @@
#include <asm/processor.h>
#endif
+#ifdef CONFIG_X86_64
+#define CKPT_ARCH_ID CKPT_ARCH_X86_64
+#endif
+
#ifdef CONFIG_X86_32
#define CKPT_ARCH_ID CKPT_ARCH_X86_32
#endif
@@ -106,6 +110,8 @@ struct ckpt_hdr_cpu {
#define CKPT_X86_SEG_NULL 0
#define CKPT_X86_SEG_USER32_CS 1
#define CKPT_X86_SEG_USER32_DS 2
+#define CKPT_X86_SEG_USER64_CS 3
+#define CKPT_X86_SEG_USER64_DS 4
#define CKPT_X86_SEG_TLS 0x4000 /* 0100 0000 0000 00xx */
#define CKPT_X86_SEG_LDT 0x8000 /* 100x xxxx xxxx xxxx */
diff --git a/arch/x86/include/asm/unistd_64.h b/arch/x86/include/asm/unistd_64.h
index 1cd16af..2b162e1 100644
--- a/arch/x86/include/asm/unistd_64.h
+++ b/arch/x86/include/asm/unistd_64.h
@@ -665,6 +665,10 @@ __SYSCALL(__NR_perf_event_open, sys_perf_event_open)
__SYSCALL(__NR_recvmmsg, sys_recvmmsg)
#define __NR_eclone 300
__SYSCALL(__NR_eclone, stub_eclone)
+#define __NR_checkpoint 301
+__SYSCALL(__NR_checkpoint, stub_checkpoint)
+#define __NR_restart 302
+__SYSCALL(__NR_restart, stub_restart)
#ifndef __NO_STUBS
#define __ARCH_WANT_OLD_READDIR
diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile
index 2078d1b..916a7e1 100644
--- a/arch/x86/kernel/Makefile
+++ b/arch/x86/kernel/Makefile
@@ -138,4 +138,6 @@ ifeq ($(CONFIG_X86_64),y)
obj-$(CONFIG_PCI_MMCONFIG) += mmconf-fam10h_64.o
obj-y += vsmp_64.o
+
+ obj-$(CONFIG_CHECKPOINT) += checkpoint_64.o
endif
diff --git a/arch/x86/kernel/checkpoint.c b/arch/x86/kernel/checkpoint.c
index 015401a..3976318 100644
--- a/arch/x86/kernel/checkpoint.c
+++ b/arch/x86/kernel/checkpoint.c
@@ -249,6 +249,22 @@ int restore_thread(struct ckpt_ctx *ctx)
load_TLS(thread, cpu);
put_cpu();
+ {
+ int pre, post;
+ /*
+ * Eventually we'd like to support mixed-bit restart, but for
+ * now don't pretend to.
+ */
+ pre = test_thread_flag(TIF_IA32);
+ post = !!(h->thread_info_flags & _TIF_IA32);
+ if (pre != post) {
+ ret = -EINVAL;
+ ckpt_err(ctx, ret, "%d-bit restarting %d-bit\n",
+ 64 >> pre, 64 >> post);
+ goto out;
+ }
+ }
+
/* TODO: restore TIF flags as necessary (e.g. TIF_NOTSC) */
ret = 0;
diff --git a/arch/x86/kernel/checkpoint_64.c b/arch/x86/kernel/checkpoint_64.c
new file mode 100644
index 0000000..cac52f3
--- /dev/null
+++ b/arch/x86/kernel/checkpoint_64.c
@@ -0,0 +1,240 @@
+/*
+ * Checkpoint/restart - architecture specific support for x86_64
+ *
+ * Copyright (C) 2009 Oren Laadan
+ *
+ * This file is subject to the terms and conditions of the GNU General Public
+ * License. See the file COPYING in the main directory of the Linux
+ * distribution for more details.
+ */
+
+/* default debug level for output */
+#define CKPT_DFLAG CKPT_DSYS
+
+#include <asm/desc.h>
+#include <asm/i387.h>
+#include <asm/elf.h>
+
+#include <linux/checkpoint.h>
+
+/* helpers to encode/decode/validate segments */
+
+int check_segment(__u16 seg)
+{
+ int ret = 0;
+
+ switch (seg) {
+ case CKPT_X86_SEG_NULL:
+ case CKPT_X86_SEG_USER64_CS:
+ case CKPT_X86_SEG_USER64_DS:
+#ifdef CONFIG_COMPAT
+ case CKPT_X86_SEG_USER32_CS:
+ case CKPT_X86_SEG_USER32_DS:
+#endif
+ return 1;
+ }
+ if (seg & CKPT_X86_SEG_TLS) {
+ seg &= ~CKPT_X86_SEG_TLS;
+ if (seg <= GDT_ENTRY_TLS_MAX - GDT_ENTRY_TLS_MIN)
+ ret = 1;
+ } else if (seg & CKPT_X86_SEG_LDT) {
+ seg &= ~CKPT_X86_SEG_LDT;
+ if (seg <= 0x1fff)
+ ret = 1;
+ }
+ return ret;
+}
+
+__u16 encode_segment(unsigned short seg)
+{
+ if (seg == 0)
+ return CKPT_X86_SEG_NULL;
+ BUG_ON((seg & 3) != 3);
+
+ if (seg == __USER_CS)
+ return CKPT_X86_SEG_USER64_CS;
+ if (seg == __USER_DS)
+ return CKPT_X86_SEG_USER64_DS;
+#ifdef CONFIG_COMPAT
+ if (seg == __USER32_CS)
+ return CKPT_X86_SEG_USER32_CS;
+ if (seg == __USER32_DS)
+ return CKPT_X86_SEG_USER32_DS;
+#endif
+
+ if (seg & 4)
+ return CKPT_X86_SEG_LDT | (seg >> 3);
+
+ seg >>= 3;
+ if (GDT_ENTRY_TLS_MIN <= seg && seg <= GDT_ENTRY_TLS_MAX)
+ return CKPT_X86_SEG_TLS | (seg - GDT_ENTRY_TLS_MIN);
+
+ printk(KERN_ERR "c/r: (decode) bad segment %#hx\n", seg);
+ BUG();
+}
+
+unsigned short decode_segment(__u16 seg)
+{
+ if (seg == CKPT_X86_SEG_NULL)
+ return 0;
+
+ if (seg == CKPT_X86_SEG_USER64_CS)
+ return __USER_CS;
+ if (seg == CKPT_X86_SEG_USER64_DS)
+ return __USER_DS;
+#ifdef CONFIG_COMPAT
+ if (seg == CKPT_X86_SEG_USER32_CS)
+ return __USER32_CS;
+ if (seg == CKPT_X86_SEG_USER32_DS)
+ return __USER32_DS;
+#endif
+
+ if (seg & CKPT_X86_SEG_TLS) {
+ seg &= ~CKPT_X86_SEG_TLS;
+ return ((GDT_ENTRY_TLS_MIN + seg) << 3) | 3;
+ }
+ if (seg & CKPT_X86_SEG_LDT) {
+ seg &= ~CKPT_X86_SEG_LDT;
+ return (seg << 3) | 7;
+ }
+ BUG();
+}
+
+void save_cpu_regs(struct ckpt_hdr_cpu *h, struct task_struct *t)
+{
+ struct pt_regs *regs = task_pt_regs(t);
+ unsigned long _ds, _es, _fs, _gs;
+
+ h->r15 = regs->r15;
+ h->r14 = regs->r14;
+ h->r13 = regs->r13;
+ h->r12 = regs->r12;
+ h->r11 = regs->r11;
+ h->r10 = regs->r10;
+ h->r9 = regs->r9;
+ h->r8 = regs->r8;
+
+ h->bp = regs->bp;
+ h->bx = regs->bx;
+ h->ax = regs->ax;
+ h->cx = regs->cx;
+ h->dx = regs->dx;
+ h->si = regs->si;
+ h->di = regs->di;
+ h->orig_ax = regs->orig_ax;
+ h->ip = regs->ip;
+
+ h->flags = regs->flags;
+ h->sp = regs->sp;
+
+ /*
+ * for checkpoint in process context (from within a container)
+ * DS, ES, FS, GS registers should be saved from the hardware;
+ * otherwise they are already saved on the thread structure
+ */
+
+ h->cs = encode_segment(regs->cs);
+ h->ss = encode_segment(regs->ss);
+
+ if (t == current) {
+ savesegment(ds, _ds);
+ savesegment(es, _es);
+ savesegment(fs, _fs);
+ savesegment(gs, _gs);
+ rdmsrl(MSR_FS_BASE, h->fs);
+ rdmsrl(MSR_KERNEL_GS_BASE, h->gs);
+ } else {
+ _ds = t->thread.ds;
+ _es = t->thread.es;
+ _fs = t->thread.fsindex;
+ _gs = t->thread.gsindex;
+ h->fs = t->thread.fs;
+ h->gs = t->thread.gs;
+ }
+ h->ds = encode_segment(_ds);
+ h->es = encode_segment(_es);
+ h->fsindex = encode_segment(_fs);
+ h->gsindex = encode_segment(_gs);
+
+ /* see comment in __switch_to() */
+ if (_fs)
+ h->fs = 0;
+ if (_gs)
+ h->gs = 0;
+
+ /*
+ * for checkpoint in process context (from within a container),
+ * the actual syscall is taking place at this very moment; so
+ * we (optimistically) subtitute the future return value (0) of
+ * this syscall into the orig_eax, so that upon restart it will
+ * succeed (or it will endlessly retry checkpoint...)
+ */
+ if (t == current) {
+ BUG_ON(h->orig_ax < 0);
+ h->ax = 0;
+ }
+}
+
+int load_cpu_regs(struct ckpt_hdr_cpu *h, struct task_struct *t)
+{
+ struct thread_struct *thread = &t->thread;
+ struct pt_regs *regs = task_pt_regs(t);
+
+ if (h->cs == CKPT_X86_SEG_NULL)
+ return -EINVAL;
+ if (!check_segment(h->cs) || !check_segment(h->ds) ||
+ !check_segment(h->es) || !check_segment(h->ss) ||
+ !check_segment(h->fsindex) || !check_segment(h->gsindex))
+ return -EINVAL;
+
+ regs->r15 = h->r15;
+ regs->r14 = h->r14;
+ regs->r13 = h->r13;
+ regs->r12 = h->r12;
+ regs->r11 = h->r11;
+ regs->r10 = h->r10;
+ regs->r9 = h->r9;
+ regs->r8 = h->r8;
+
+ regs->bp = h->bp;
+ regs->bx = h->bx;
+ regs->ax = h->ax;
+ regs->cx = h->cx;
+ regs->dx = h->dx;
+ regs->si = h->si;
+ regs->di = h->di;
+ regs->orig_ax = h->orig_ax;
+ regs->ip = h->ip;
+
+ regs->sp = h->sp;
+ thread->usersp = h->sp;
+
+ preempt_disable();
+
+ regs->cs = decode_segment(h->cs);
+ regs->ss = decode_segment(h->ss);
+ thread->ds = decode_segment(h->ds);
+ thread->es = decode_segment(h->es);
+ thread->fsindex = decode_segment(h->fsindex);
+ thread->gsindex = decode_segment(h->gsindex);
+
+ thread->fs = h->fs;
+ thread->gs = h->gs;
+
+ /* XXX - unsure is this really needed ... */
+ loadsegment(fs, thread->fsindex);
+ if (thread->fs)
+ wrmsrl(MSR_FS_BASE, thread->fs);
+ load_gs_index(thread->gsindex);
+ /*
+ * when we switch to user-space, the MSR_KERNEL_GS_BASE
+ * will be moved back to MSR_GS_BASE.
+ * http://lists.openwall.net/linux-kernel/2008/11/18/340
+ */
+ if (thread->gs)
+ wrmsrl(MSR_KERNEL_GS_BASE, thread->gs);
+
+ preempt_enable();
+
+ return 0;
+}
diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S
index 216681e..c2ece28 100644
--- a/arch/x86/kernel/entry_64.S
+++ b/arch/x86/kernel/entry_64.S
@@ -699,6 +699,13 @@ END(\label)
PTREGSCALL stub_sigaltstack, sys_sigaltstack, %rdx
PTREGSCALL stub_iopl, sys_iopl, %rsi
PTREGSCALL stub_eclone, sys_eclone, %r8
+#ifdef CONFIG_CHECKPOINT
+ PTREGSCALL stub_checkpoint, sys_checkpoint, %r8
+ PTREGSCALL stub_restart, sys_restart, %r8
+#else
+ PTREGSCALL stub_checkpoint, sys_ni_syscall, %r8
+ PTREGSCALL stub_restart, sys_ni_syscall, %r8
+#endif
ENTRY(ptregscall_common)
DEFAULT_FRAME 1 8 /* offset 8: return address */
diff --git a/include/linux/checkpoint_hdr.h b/include/linux/checkpoint_hdr.h
index a0189de..ecc4afb 100644
--- a/include/linux/checkpoint_hdr.h
+++ b/include/linux/checkpoint_hdr.h
@@ -90,6 +90,8 @@ enum {
enum {
CKPT_ARCH_X86_32 = 1,
#define CKPT_ARCH_X86_32 CKPT_ARCH_X86_32
+ CKPT_ARCH_X86_64,
+#define CKPT_ARCH_X86_64 CKPT_ARCH_X86_64
};
/* kernel constants */
--
1.6.3.3
^ permalink raw reply related [flat|nested] 137+ messages in thread* [PATCH v21 025/100] c/r: external checkpoint of a task other than ourself
2010-05-01 14:14 [PATCH v21 00/100] Kernel based checkpoint/restart Oren Laadan
` (23 preceding siblings ...)
2010-05-01 14:15 ` [PATCH v21 024/100] c/r: x86-64: checkpoint/restart implementation Oren Laadan
@ 2010-05-01 14:15 ` Oren Laadan
2010-05-01 14:15 ` [PATCH v21 026/100] c/r: export functionality used in next patch for restart-blocks Oren Laadan
` (76 subsequent siblings)
101 siblings, 0 replies; 137+ messages in thread
From: Oren Laadan @ 2010-05-01 14:15 UTC (permalink / raw)
To: Andrew Morton
Cc: containers, linux-kernel, Serge Hallyn, Matt Helsley,
Pavel Emelyanov, Oren Laadan
Now we can do "external" checkpoint, i.e. act on another task.
sys_checkpoint() now looks up the target pid (in our namespace) and
checkpoints that corresponding task. That task should be the root of
a container, unless CHECKPOINT_SUBTREE flag is given.
Set state of freezer cgroup of checkpointed task hierarchy to
"CHECKPOINTING" during a checkpoint, to ensure that task(s) cannot be
thawed while at it.
Ensure that all tasks belong to root task's freezer cgroup (the root
task is also tested, to detect it if changes its freezer cgroups
before it moves to "CHECKPOINTING").
sys_restart() remains nearly the same, as the restart is always done
in the context of the restarting task. However, the original task may
have been frozen from user space, or interrupted from a syscall for
the checkpoint. This is accounted for by restoring a suitable retval
for the restarting task, according to how it was checkpointed.
Changelog[v20]:
- [Nathan Lynch] Use syscall_get_error
Changelog[v19-rc1]:
- [Serge Hallyn] Add global section container to image format
Changelog[v17]:
- Move restore_retval() to this patch
- Tighten ptrace ceckpoint for checkpoint to PTRACE_MODE_ATTACH
- Use CHECKPOINTING state for hierarchy's freezer for checkpoint
Changelog[v16]:
- Use CHECKPOINT_SUBTREE to allow subtree (partial container)
Changelog[v14]:
- Refuse non-self checkpoint if target task isn't frozen
Changelog[v12]:
- Replace obsolete ckpt_debug() with pr_debug()
Changelog[v11]:
- Copy contents of 'init->fs->root' instead of pointing to them
Changelog[v10]:
- Grab vfs root of container init, rather than current process
Signed-off-by: Oren Laadan <orenl@cs.columbia.edu>
Acked-by: Serge E. Hallyn <serue@us.ibm.com>
Tested-by: Serge E. Hallyn <serue@us.ibm.com>
---
include/linux/checkpoint_types.h | 7 ++-
kernel/checkpoint/Kconfig | 1 +
kernel/checkpoint/checkpoint.c | 98 +++++++++++++++++++++++++++++++++++++-
kernel/checkpoint/restart.c | 66 +++++++++++++++++++++++++-
kernel/checkpoint/sys.c | 10 ++++
5 files changed, 179 insertions(+), 3 deletions(-)
diff --git a/include/linux/checkpoint_types.h b/include/linux/checkpoint_types.h
index 13d6dd5..ff35b97 100644
--- a/include/linux/checkpoint_types.h
+++ b/include/linux/checkpoint_types.h
@@ -12,12 +12,17 @@
#ifdef __KERNEL__
+#include <linux/sched.h>
+#include <linux/nsproxy.h>
#include <linux/fs.h>
struct ckpt_ctx {
int crid; /* unique checkpoint id */
- pid_t root_pid; /* container identifier */
+ pid_t root_pid; /* [container] root pid */
+ struct task_struct *root_task; /* [container] root task */
+ struct nsproxy *root_nsproxy; /* [container] root nsproxy */
+ struct task_struct *root_freezer; /* [container] root task */
unsigned long kflags; /* kerenl flags */
unsigned long uflags; /* user flags */
diff --git a/kernel/checkpoint/Kconfig b/kernel/checkpoint/Kconfig
index ef7d406..21fc86b 100644
--- a/kernel/checkpoint/Kconfig
+++ b/kernel/checkpoint/Kconfig
@@ -5,6 +5,7 @@
config CHECKPOINT
bool "Checkpoint/restart (EXPERIMENTAL)"
depends on CHECKPOINT_SUPPORT && EXPERIMENTAL
+ depends on CGROUP_FREEZER
help
Application checkpoint/restart is the ability to save the
state of a running application so that it can later resume
diff --git a/kernel/checkpoint/checkpoint.c b/kernel/checkpoint/checkpoint.c
index 0f55d37..e45653b 100644
--- a/kernel/checkpoint/checkpoint.c
+++ b/kernel/checkpoint/checkpoint.c
@@ -13,6 +13,9 @@
#include <linux/version.h>
#include <linux/module.h>
+#include <linux/sched.h>
+#include <linux/freezer.h>
+#include <linux/ptrace.h>
#include <linux/time.h>
#include <linux/fs.h>
#include <linux/file.h>
@@ -193,17 +196,108 @@ static int checkpoint_write_tail(struct ckpt_ctx *ctx)
return ret;
}
+static int may_checkpoint_task(struct ckpt_ctx *ctx, struct task_struct *t)
+{
+ if (t->state == TASK_DEAD) {
+ _ckpt_err(ctx, -EBUSY, "%(T)Task state EXIT_DEAD\n");
+ return -EBUSY;
+ }
+
+ if (!ptrace_may_access(t, PTRACE_MODE_ATTACH)) {
+ _ckpt_err(ctx, -EPERM, "%(T)Ptrace attach denied\n");
+ return -EPERM;
+ }
+
+ /* verify that all tasks belongs to same freezer cgroup */
+ if (t != current && !in_same_cgroup_freezer(t, ctx->root_freezer)) {
+ _ckpt_err(ctx, -EBUSY, "%(T)Not frozen or wrong cgroup\n");
+ return -EBUSY;
+ }
+
+ /* FIX: add support for ptraced tasks */
+ if (task_ptrace(t)) {
+ _ckpt_err(ctx, -EBUSY, "%(T)Task is ptraced\n");
+ return -EBUSY;
+ }
+
+ return 0;
+}
+
+/* setup checkpoint-specific parts of ctx */
+static int init_checkpoint_ctx(struct ckpt_ctx *ctx, pid_t pid)
+{
+ struct task_struct *task;
+ struct nsproxy *nsproxy;
+ int ret;
+
+ /*
+ * No need for explicit cleanup here, because if an error
+ * occurs then ckpt_ctx_free() is eventually called.
+ */
+
+ ctx->root_pid = pid;
+
+ /* root task */
+ read_lock(&tasklist_lock);
+ task = find_task_by_vpid(pid);
+ if (task)
+ get_task_struct(task);
+ read_unlock(&tasklist_lock);
+ if (!task)
+ return -ESRCH;
+ else
+ ctx->root_task = task;
+
+ /* root nsproxy */
+ rcu_read_lock();
+ nsproxy = task_nsproxy(task);
+ if (nsproxy)
+ get_nsproxy(nsproxy);
+ rcu_read_unlock();
+ if (!nsproxy)
+ return -ESRCH;
+ else
+ ctx->root_nsproxy = nsproxy;
+
+ /* root freezer */
+ ctx->root_freezer = task;
+ get_task_struct(task);
+
+ ret = may_checkpoint_task(ctx, task);
+ if (ret) {
+ _ckpt_msg_complete(ctx);
+ put_task_struct(task);
+ put_task_struct(task);
+ put_nsproxy(nsproxy);
+ ctx->root_nsproxy = NULL;
+ ctx->root_task = NULL;
+ return ret;
+ }
+
+ return 0;
+}
+
long do_checkpoint(struct ckpt_ctx *ctx, pid_t pid)
{
long ret;
+ ret = init_checkpoint_ctx(ctx, pid);
+ if (ret < 0)
+ return ret;
+
+ if (ctx->root_freezer) {
+ ret = cgroup_freezer_begin_checkpoint(ctx->root_freezer);
+ if (ret < 0)
+ return ret;
+ }
+
ret = checkpoint_write_header(ctx);
if (ret < 0)
goto out;
ret = checkpoint_container(ctx);
if (ret < 0)
goto out;
- ret = checkpoint_task(ctx, current);
+ ret = checkpoint_task(ctx, ctx->root_task);
if (ret < 0)
goto out;
ret = checkpoint_write_tail(ctx);
@@ -214,5 +308,7 @@ long do_checkpoint(struct ckpt_ctx *ctx, pid_t pid)
ctx->crid = atomic_inc_return(&ctx_count);
ret = ctx->crid;
out:
+ if (ctx->root_freezer)
+ cgroup_freezer_end_checkpoint(ctx->root_freezer);
return ret;
}
diff --git a/kernel/checkpoint/restart.c b/kernel/checkpoint/restart.c
index f2b8575..7b6caf9 100644
--- a/kernel/checkpoint/restart.c
+++ b/kernel/checkpoint/restart.c
@@ -18,8 +18,11 @@
#include <linux/file.h>
#include <linux/magic.h>
#include <linux/utsname.h>
+#include <linux/elf.h>
#include <linux/checkpoint.h>
+#include <asm/syscall.h>
+
static int _ckpt_read_err(struct ckpt_ctx *ctx, struct ckpt_hdr *h)
{
char *ptr;
@@ -448,10 +451,69 @@ static int restore_read_tail(struct ckpt_ctx *ctx)
return ret;
}
+static long restore_retval(void)
+{
+ struct pt_regs *regs = task_pt_regs(current);
+ long syscall_err;
+ long syscall_nr;
+
+ /*
+ * For the restart, we entered the kernel via sys_restart(),
+ * so our return path is via the syscall exit. In particular,
+ * the code in entry.S will put the value that we will return
+ * into a register (e.g. regs->eax in x86), thus passing it to
+ * the caller task.
+ *
+ * What we do now depends on what happened to the checkpointed
+ * task right before the checkpoint - there are three cases:
+ *
+ * 1) It was carrying out a syscall when became frozen, or
+ * 2) It was running in userspace, or
+ * 3) It was doing a self-checkpoint
+ *
+ * In case #1, if the syscall succeeded, perhaps partially,
+ * then the retval is non-negative. If it failed, the error
+ * may be one of -ERESTART..., which is interpreted in the
+ * signal handling code. If that is the case, we force the
+ * signal handler to kick in by faking a signal to ourselves
+ * (a la freeze/thaw) when ret < 0.
+ *
+ * In case #2, our return value will overwrite the original
+ * value in the affected register. Workaround by simply using
+ * that saved value of that register as our retval.
+ *
+ * In case #3, then the state was recorded while the task was
+ * in checkpoint(2) syscall. The syscall is execpted to return
+ * 0 when returning from a restart. Fortunately, this already
+ * has been arranged for at checkpoint time (the register that
+ * holds the retval, e.g. regs->eax in x86, was set to
+ * zero).
+ */
+
+ /* needed for all 3 cases: get old value/error/retval */
+ syscall_nr = syscall_get_nr(current, regs);
+ syscall_err = syscall_get_error(current, regs);
+
+ /* if from a syscall and returning error, kick in signal handling */
+ if (syscall_nr >= 0 && syscall_err != 0)
+ set_tsk_thread_flag(current, TIF_SIGPENDING);
+
+ return syscall_get_return_value(current, regs);
+}
+
+/* setup restart-specific parts of ctx */
+static int init_restart_ctx(struct ckpt_ctx *ctx, pid_t pid)
+{
+ return 0;
+}
+
long do_restart(struct ckpt_ctx *ctx, pid_t pid)
{
long ret;
+ ret = init_restart_ctx(ctx, pid);
+ if (ret < 0)
+ return ret;
ret = restore_read_header(ctx);
if (ret < 0)
return ret;
@@ -462,7 +524,9 @@ long do_restart(struct ckpt_ctx *ctx, pid_t pid)
if (ret < 0)
return ret;
ret = restore_read_tail(ctx);
+ if (ret < 0)
+ return ret;
/* on success, adjust the return value if needed [TODO] */
- return ret;
+ return restore_retval();
}
diff --git a/kernel/checkpoint/sys.c b/kernel/checkpoint/sys.c
index af8c1bf..28a1b27 100644
--- a/kernel/checkpoint/sys.c
+++ b/kernel/checkpoint/sys.c
@@ -13,7 +13,9 @@
#include <linux/sched.h>
#include <linux/module.h>
+#include <linux/nsproxy.h>
#include <linux/kernel.h>
+#include <linux/cgroup.h>
#include <linux/syscalls.h>
#include <linux/slab.h>
#include <linux/fs.h>
@@ -163,6 +165,14 @@ static void ckpt_ctx_free(struct ckpt_ctx *ctx)
fput(ctx->file);
if (ctx->logfile)
fput(ctx->logfile);
+
+ if (ctx->root_nsproxy)
+ put_nsproxy(ctx->root_nsproxy);
+ if (ctx->root_task)
+ put_task_struct(ctx->root_task);
+ if (ctx->root_freezer)
+ put_task_struct(ctx->root_freezer);
+
kfree(ctx);
}
--
1.6.3.3
^ permalink raw reply related [flat|nested] 137+ messages in thread* [PATCH v21 026/100] c/r: export functionality used in next patch for restart-blocks
2010-05-01 14:14 [PATCH v21 00/100] Kernel based checkpoint/restart Oren Laadan
` (24 preceding siblings ...)
2010-05-01 14:15 ` [PATCH v21 025/100] c/r: external checkpoint of a task other than ourself Oren Laadan
@ 2010-05-01 14:15 ` Oren Laadan
2010-05-01 14:15 ` [PATCH v21 027/100] c/r: restart-blocks Oren Laadan
` (75 subsequent siblings)
101 siblings, 0 replies; 137+ messages in thread
From: Oren Laadan @ 2010-05-01 14:15 UTC (permalink / raw)
To: Andrew Morton
Cc: containers, linux-kernel, Serge Hallyn, Matt Helsley,
Pavel Emelyanov, Oren Laadan
To support c/r of restart-blocks (system call that need to be
restarted because they were interrupted but there was no userspace
visible side-effect), export restart-block callbacks for poll()
and futex() syscalls.
More details on c/r of restart-blocks and how it works in the
following patch.
Signed-off-by: Oren Laadan <orenl@cs.columbia.edu>
Acked-by: Serge E. Hallyn <serue@us.ibm.com>
Tested-by: Serge E. Hallyn <serue@us.ibm.com>
---
fs/select.c | 2 +-
include/linux/futex.h | 11 +++++++++++
include/linux/poll.h | 3 +++
include/linux/posix-timers.h | 6 ++++++
kernel/compat.c | 4 ++--
kernel/futex.c | 12 +-----------
kernel/posix-timers.c | 2 +-
7 files changed, 25 insertions(+), 15 deletions(-)
diff --git a/fs/select.c b/fs/select.c
index 500a669..194c6d6 100644
--- a/fs/select.c
+++ b/fs/select.c
@@ -890,7 +890,7 @@ out_fds:
return err;
}
-static long do_restart_poll(struct restart_block *restart_block)
+long do_restart_poll(struct restart_block *restart_block)
{
struct pollfd __user *ufds = restart_block->poll.ufds;
int nfds = restart_block->poll.nfds;
diff --git a/include/linux/futex.h b/include/linux/futex.h
index 1e5a26d..ae755f6 100644
--- a/include/linux/futex.h
+++ b/include/linux/futex.h
@@ -136,6 +136,17 @@ extern int
handle_futex_death(u32 __user *uaddr, struct task_struct *curr, int pi);
/*
+ * In case we must use restart_block to restart a futex_wait,
+ * we encode in the 'flags' shared capability
+ */
+#define FLAGS_SHARED 0x01
+#define FLAGS_CLOCKRT 0x02
+#define FLAGS_HAS_TIMEOUT 0x04
+
+/* for c/r */
+extern long futex_wait_restart(struct restart_block *restart);
+
+/*
* Futexes are matched on equal values of this key.
* The key type depends on whether it's a shared or private mapping.
* Don't rearrange members without looking at hash_futex().
diff --git a/include/linux/poll.h b/include/linux/poll.h
index 600cc1f..03357b8 100644
--- a/include/linux/poll.h
+++ b/include/linux/poll.h
@@ -136,6 +136,9 @@ extern int core_sys_select(int n, fd_set __user *inp, fd_set __user *outp,
extern int poll_select_set_timeout(struct timespec *to, long sec, long nsec);
+/* used by checkpoint/restart */
+extern long do_restart_poll(struct restart_block *restart_block);
+
#endif /* KERNEL */
#endif /* _LINUX_POLL_H */
diff --git a/include/linux/posix-timers.h b/include/linux/posix-timers.h
index 4f71bf4..d0d6a66 100644
--- a/include/linux/posix-timers.h
+++ b/include/linux/posix-timers.h
@@ -101,6 +101,10 @@ int posix_cpu_timer_create(struct k_itimer *timer);
int posix_cpu_nsleep(const clockid_t which_clock, int flags,
struct timespec *rqtp, struct timespec __user *rmtp);
long posix_cpu_nsleep_restart(struct restart_block *restart_block);
+#ifdef CONFIG_COMPAT
+long compat_nanosleep_restart(struct restart_block *restart);
+long compat_clock_nanosleep_restart(struct restart_block *restart);
+#endif
int posix_cpu_timer_set(struct k_itimer *timer, int flags,
struct itimerspec *new, struct itimerspec *old);
int posix_cpu_timer_del(struct k_itimer *timer);
@@ -119,4 +123,6 @@ long clock_nanosleep_restart(struct restart_block *restart_block);
void update_rlimit_cpu(unsigned long rlim_new);
+int invalid_clockid(const clockid_t which_clock);
+
#endif
diff --git a/kernel/compat.c b/kernel/compat.c
index 7f40e92..8b18f5d 100644
--- a/kernel/compat.c
+++ b/kernel/compat.c
@@ -101,7 +101,7 @@ int put_compat_timespec(const struct timespec *ts, struct compat_timespec __user
__put_user(ts->tv_nsec, &cts->tv_nsec)) ? -EFAULT : 0;
}
-static long compat_nanosleep_restart(struct restart_block *restart)
+long compat_nanosleep_restart(struct restart_block *restart)
{
struct compat_timespec __user *rmtp;
struct timespec rmt;
@@ -648,7 +648,7 @@ long compat_sys_clock_getres(clockid_t which_clock,
return err;
}
-static long compat_clock_nanosleep_restart(struct restart_block *restart)
+long compat_clock_nanosleep_restart(struct restart_block *restart)
{
long err;
mm_segment_t oldfs;
diff --git a/kernel/futex.c b/kernel/futex.c
index e7a35f1..23419c9 100644
--- a/kernel/futex.c
+++ b/kernel/futex.c
@@ -1593,16 +1593,6 @@ handle_fault:
goto retry;
}
-/*
- * In case we must use restart_block to restart a futex_wait,
- * we encode in the 'flags' shared capability
- */
-#define FLAGS_SHARED 0x01
-#define FLAGS_CLOCKRT 0x02
-#define FLAGS_HAS_TIMEOUT 0x04
-
-static long futex_wait_restart(struct restart_block *restart);
-
/**
* fixup_owner() - Post lock pi_state and corner case management
* @uaddr: user address of the futex
@@ -1876,7 +1866,7 @@ out:
}
-static long futex_wait_restart(struct restart_block *restart)
+long futex_wait_restart(struct restart_block *restart)
{
u32 __user *uaddr = (u32 __user *)restart->futex.uaddr;
int fshared = 0;
diff --git a/kernel/posix-timers.c b/kernel/posix-timers.c
index 00d1fda..ec2e802 100644
--- a/kernel/posix-timers.c
+++ b/kernel/posix-timers.c
@@ -211,7 +211,7 @@ static int no_nsleep(const clockid_t which_clock, int flags,
/*
* Return nonzero if we know a priori this clockid_t value is bogus.
*/
-static inline int invalid_clockid(const clockid_t which_clock)
+int invalid_clockid(const clockid_t which_clock)
{
if (which_clock < 0) /* CPU clock, posix_cpu_* will check it */
return 0;
--
1.6.3.3
^ permalink raw reply related [flat|nested] 137+ messages in thread* [PATCH v21 027/100] c/r: restart-blocks
2010-05-01 14:14 [PATCH v21 00/100] Kernel based checkpoint/restart Oren Laadan
` (25 preceding siblings ...)
2010-05-01 14:15 ` [PATCH v21 026/100] c/r: export functionality used in next patch for restart-blocks Oren Laadan
@ 2010-05-01 14:15 ` Oren Laadan
2010-05-01 14:15 ` [PATCH v21 028/100] c/r: checkpoint multiple processes Oren Laadan
` (74 subsequent siblings)
101 siblings, 0 replies; 137+ messages in thread
From: Oren Laadan @ 2010-05-01 14:15 UTC (permalink / raw)
To: Andrew Morton
Cc: containers, linux-kernel, Serge Hallyn, Matt Helsley,
Pavel Emelyanov, Oren Laadan
(Paraphrasing what's said this message:
http://lists.openwall.net/linux-kernel/2007/12/05/64)
Restart blocks are callbacks used cause a system call to be restarted
with the arguments specified in the system call restart block. It is
useful for system call that are not idempotent, i.e. the argument(s)
might be a relative timeout, where some adjustments are required when
restarting the system call. It relies on the system call itself to set
up its restart point and the argument save area. They are rare: an
actual signal would turn that it an EINTR. The only case that should
ever trigger this is some kernel action that interrupts the system
call, but does not actually result in any user-visible state changes -
like freeze and thaw.
So restart blocks are about time remaining for the system call to
sleep/wait. Generally in c/r, there are two possible time models that
we can follow: absolute, relative. Here, I chose to save the relative
timeout, measured from the beginning of the checkpoint. The time when
the checkpoint (and restart) begin is also saved. This information is
sufficient to restart in either model (absolute or negative).
Which model to use should eventually be a per application choice (and
possible configurable via cradvise() or some sort). For now, we adopt
the relative model, namely, at restart the timeout is set relative to
the beginning of the restart.
To checkpoint, we check if a task has a valid restart block, and if so
we save the *remaining* time that is has to wait/sleep, and the type
of the restart block.
To restart, we fill in the data required at the proper place in the
thread information. If the system call return an error (which is
possibly an -ERESTARTSYS eg), we not only use that error as our own
return value, but also arrange for the task to execute the signal
handler (by faking a signal). The handler, in turn, already has the
code to handle these restart request gracefully.
Changelog[v19-rc1]:
- [Matt Helsley] Add cpp definitions for enums
Changelog[v1]:
- [Nathan Lynch] fix compilation errors with CONFIG_COMPAT=y
Signed-off-by: Oren Laadan <orenl@cs.columbia.edu>
Acked-by: Serge E. Hallyn <serue@us.ibm.com>
Tested-by: Serge E. Hallyn <serue@us.ibm.com>
---
include/linux/checkpoint.h | 4 +
include/linux/checkpoint_hdr.h | 34 ++++++
include/linux/checkpoint_types.h | 3 +
kernel/checkpoint/checkpoint.c | 1 +
kernel/checkpoint/process.c | 226 ++++++++++++++++++++++++++++++++++++++
kernel/checkpoint/restart.c | 1 -
kernel/checkpoint/sys.c | 1 +
7 files changed, 269 insertions(+), 1 deletions(-)
diff --git a/include/linux/checkpoint.h b/include/linux/checkpoint.h
index 077bbcd..20dcd95 100644
--- a/include/linux/checkpoint.h
+++ b/include/linux/checkpoint.h
@@ -79,6 +79,10 @@ extern int restore_read_header_arch(struct ckpt_ctx *ctx);
extern int restore_thread(struct ckpt_ctx *ctx);
extern int restore_cpu(struct ckpt_ctx *ctx);
+extern int checkpoint_restart_block(struct ckpt_ctx *ctx,
+ struct task_struct *t);
+extern int restore_restart_block(struct ckpt_ctx *ctx);
+
static inline int ckpt_validate_errno(int errno)
{
return (errno >= 0) && (errno < MAX_ERRNO);
diff --git a/include/linux/checkpoint_hdr.h b/include/linux/checkpoint_hdr.h
index ecc4afb..f17f081 100644
--- a/include/linux/checkpoint_hdr.h
+++ b/include/linux/checkpoint_hdr.h
@@ -72,6 +72,8 @@ enum {
CKPT_HDR_TASK = 101,
#define CKPT_HDR_TASK CKPT_HDR_TASK
+ CKPT_HDR_RESTART_BLOCK,
+#define CKPT_HDR_RESTART_BLOCK CKPT_HDR_RESTART_BLOCK
CKPT_HDR_THREAD,
#define CKPT_HDR_THREAD CKPT_HDR_THREAD
CKPT_HDR_CPU,
@@ -152,4 +154,36 @@ struct ckpt_hdr_task {
__u64 clear_child_tid;
} __attribute__((aligned(8)));
+/* restart blocks */
+struct ckpt_hdr_restart_block {
+ struct ckpt_hdr h;
+ __u64 function_type;
+ __u64 arg_0;
+ __u64 arg_1;
+ __u64 arg_2;
+ __u64 arg_3;
+ __u64 arg_4;
+} __attribute__((aligned(8)));
+
+enum restart_block_type {
+ CKPT_RESTART_BLOCK_NONE = 1,
+#define CKPT_RESTART_BLOCK_NONE CKPT_RESTART_BLOCK_NONE
+ CKPT_RESTART_BLOCK_HRTIMER_NANOSLEEP,
+#define CKPT_RESTART_BLOCK_HRTIMER_NANOSLEEP \
+ CKPT_RESTART_BLOCK_HRTIMER_NANOSLEEP
+ CKPT_RESTART_BLOCK_POSIX_CPU_NANOSLEEP,
+#define CKPT_RESTART_BLOCK_POSIX_CPU_NANOSLEEP \
+ CKPT_RESTART_BLOCK_POSIX_CPU_NANOSLEEP
+ CKPT_RESTART_BLOCK_COMPAT_NANOSLEEP,
+#define CKPT_RESTART_BLOCK_COMPAT_NANOSLEEP \
+ CKPT_RESTART_BLOCK_COMPAT_NANOSLEEP
+ CKPT_RESTART_BLOCK_COMPAT_CLOCK_NANOSLEEP,
+#define CKPT_RESTART_BLOCK_COMPAT_CLOCK_NANOSLEEP \
+ CKPT_RESTART_BLOCK_COMPAT_CLOCK_NANOSLEEP
+ CKPT_RESTART_BLOCK_POLL,
+#define CKPT_RESTART_BLOCK_POLL CKPT_RESTART_BLOCK_POLL
+ CKPT_RESTART_BLOCK_FUTEX,
+#define CKPT_RESTART_BLOCK_FUTEX CKPT_RESTART_BLOCK_FUTEX
+};
+
#endif /* _CHECKPOINT_CKPT_HDR_H_ */
diff --git a/include/linux/checkpoint_types.h b/include/linux/checkpoint_types.h
index ff35b97..417e119 100644
--- a/include/linux/checkpoint_types.h
+++ b/include/linux/checkpoint_types.h
@@ -15,10 +15,13 @@
#include <linux/sched.h>
#include <linux/nsproxy.h>
#include <linux/fs.h>
+#include <linux/ktime.h>
struct ckpt_ctx {
int crid; /* unique checkpoint id */
+ ktime_t ktime_begin; /* checkpoint start time */
+
pid_t root_pid; /* [container] root pid */
struct task_struct *root_task; /* [container] root task */
struct nsproxy *root_nsproxy; /* [container] root nsproxy */
diff --git a/kernel/checkpoint/checkpoint.c b/kernel/checkpoint/checkpoint.c
index e45653b..0dbf3e7 100644
--- a/kernel/checkpoint/checkpoint.c
+++ b/kernel/checkpoint/checkpoint.c
@@ -23,6 +23,7 @@
#include <linux/mount.h>
#include <linux/utsname.h>
#include <linux/magic.h>
+#include <linux/hrtimer.h>
#include <linux/checkpoint.h>
/* unique checkpoint identifier (FIXME: should be per-container ?) */
diff --git a/kernel/checkpoint/process.c b/kernel/checkpoint/process.c
index e78b29b..b662e5d 100644
--- a/kernel/checkpoint/process.c
+++ b/kernel/checkpoint/process.c
@@ -12,6 +12,9 @@
#define CKPT_DFLAG CKPT_DSYS
#include <linux/sched.h>
+#include <linux/posix-timers.h>
+#include <linux/futex.h>
+#include <linux/poll.h>
#include <linux/checkpoint.h>
/***********************************************************************
@@ -46,6 +49,116 @@ static int checkpoint_task_struct(struct ckpt_ctx *ctx, struct task_struct *t)
return ckpt_write_string(ctx, t->comm, TASK_COMM_LEN);
}
+/* dump the task_struct of a given task */
+int checkpoint_restart_block(struct ckpt_ctx *ctx, struct task_struct *t)
+{
+ struct ckpt_hdr_restart_block *h;
+ struct restart_block *restart_block;
+ long (*fn)(struct restart_block *);
+ s64 base, expire = 0;
+ int ret;
+
+ h = ckpt_hdr_get_type(ctx, sizeof(*h), CKPT_HDR_RESTART_BLOCK);
+ if (!h)
+ return -ENOMEM;
+
+ base = ktime_to_ns(ctx->ktime_begin);
+ restart_block = &task_thread_info(t)->restart_block;
+ fn = restart_block->fn;
+
+ /* FIX: enumerate clockid_t so we're immune to changes */
+
+ if (fn == do_no_restart_syscall) {
+
+ h->function_type = CKPT_RESTART_BLOCK_NONE;
+ ckpt_debug("restart_block: non\n");
+
+ } else if (fn == hrtimer_nanosleep_restart) {
+
+ h->function_type = CKPT_RESTART_BLOCK_HRTIMER_NANOSLEEP;
+ h->arg_0 = restart_block->nanosleep.index;
+ h->arg_1 = (unsigned long) restart_block->nanosleep.rmtp;
+ expire = restart_block->nanosleep.expires;
+ ckpt_debug("restart_block: hrtimer expire %lld now %lld\n",
+ expire, base);
+
+ } else if (fn == posix_cpu_nsleep_restart) {
+ struct timespec ts;
+
+ h->function_type = CKPT_RESTART_BLOCK_POSIX_CPU_NANOSLEEP;
+ h->arg_0 = restart_block->arg0;
+ h->arg_1 = restart_block->arg1;
+ ts.tv_sec = restart_block->arg2;
+ ts.tv_nsec = restart_block->arg3;
+ expire = timespec_to_ns(&ts);
+ ckpt_debug("restart_block: posix_cpu expire %lld now %lld\n",
+ expire, base);
+
+#ifdef CONFIG_COMPAT
+ } else if (fn == compat_nanosleep_restart) {
+
+ h->function_type = CKPT_RESTART_BLOCK_COMPAT_NANOSLEEP;
+ h->arg_0 = restart_block->nanosleep.index;
+ h->arg_1 = (unsigned long)restart_block->nanosleep.rmtp;
+ h->arg_2 = (unsigned long)restart_block->nanosleep.compat_rmtp;
+ expire = restart_block->nanosleep.expires;
+ ckpt_debug("restart_block: compat expire %lld now %lld\n",
+ expire, base);
+
+ } else if (fn == compat_clock_nanosleep_restart) {
+
+ h->function_type = CKPT_RESTART_BLOCK_COMPAT_CLOCK_NANOSLEEP;
+ h->arg_0 = restart_block->nanosleep.index;
+ h->arg_1 = (unsigned long)restart_block->nanosleep.rmtp;
+ h->arg_2 = (unsigned long)restart_block->nanosleep.compat_rmtp;
+ expire = restart_block->nanosleep.expires;
+ ckpt_debug("restart_block: compat_clock expire %lld now %lld\n",
+ expire, base);
+
+#endif
+ } else if (fn == futex_wait_restart) {
+
+ h->function_type = CKPT_RESTART_BLOCK_FUTEX;
+ h->arg_0 = (unsigned long) restart_block->futex.uaddr;
+ h->arg_1 = restart_block->futex.val;
+ h->arg_2 = restart_block->futex.flags;
+ h->arg_3 = restart_block->futex.bitset;
+ expire = restart_block->futex.time;
+ ckpt_debug("restart_block: futex expire %lld now %lld\n",
+ expire, base);
+
+ } else if (fn == do_restart_poll) {
+ struct timespec ts;
+
+ h->function_type = CKPT_RESTART_BLOCK_POLL;
+ h->arg_0 = (unsigned long) restart_block->poll.ufds;
+ h->arg_1 = restart_block->poll.nfds;
+ h->arg_2 = restart_block->poll.has_timeout;
+ ts.tv_sec = restart_block->poll.tv_sec;
+ ts.tv_nsec = restart_block->poll.tv_nsec;
+ expire = timespec_to_ns(&ts);
+ ckpt_debug("restart_block: poll expire %lld now %lld\n",
+ expire, base);
+
+ } else {
+
+ BUG();
+
+ }
+
+ /* common to all restart blocks: */
+ h->arg_4 = (base < expire ? expire - base : 0);
+
+ ckpt_debug("restart_block: args %#llx %#llx %#llx %#llx %#llx\n",
+ h->arg_0, h->arg_1, h->arg_2, h->arg_3, h->arg_4);
+
+ ret = ckpt_write_obj(ctx, &h->h);
+ ckpt_hdr_put(ctx, h);
+
+ ckpt_debug("restart_block ret %d\n", ret);
+ return ret;
+}
+
/* dump the entire state of a given task */
int checkpoint_task(struct ckpt_ctx *ctx, struct task_struct *t)
{
@@ -61,6 +174,10 @@ int checkpoint_task(struct ckpt_ctx *ctx, struct task_struct *t)
ckpt_debug("thread %d\n", ret);
if (ret < 0)
goto out;
+ ret = checkpoint_restart_block(ctx, t);
+ ckpt_debug("restart-blocks %d\n", ret);
+ if (ret < 0)
+ goto out;
ret = checkpoint_cpu(ctx, t);
ckpt_debug("cpu %d\n", ret);
out:
@@ -97,6 +214,111 @@ static int restore_task_struct(struct ckpt_ctx *ctx)
return ret;
}
+int restore_restart_block(struct ckpt_ctx *ctx)
+{
+ struct ckpt_hdr_restart_block *h;
+ struct restart_block restart_block;
+ struct timespec ts;
+ clockid_t clockid;
+ s64 expire;
+ int ret = 0;
+
+ h = ckpt_read_obj_type(ctx, sizeof(*h), CKPT_HDR_RESTART_BLOCK);
+ if (IS_ERR(h))
+ return PTR_ERR(h);
+
+ expire = ktime_to_ns(ctx->ktime_begin) + h->arg_4;
+ restart_block.fn = NULL;
+
+ ckpt_debug("restart_block: expire %lld begin %lld\n",
+ expire, ktime_to_ns(ctx->ktime_begin));
+ ckpt_debug("restart_block: args %#llx %#llx %#llx %#llx %#llx\n",
+ h->arg_0, h->arg_1, h->arg_2, h->arg_3, h->arg_4);
+
+ switch (h->function_type) {
+ case CKPT_RESTART_BLOCK_NONE:
+ restart_block.fn = do_no_restart_syscall;
+ break;
+ case CKPT_RESTART_BLOCK_HRTIMER_NANOSLEEP:
+ clockid = h->arg_0;
+ if (clockid < 0 || invalid_clockid(clockid))
+ break;
+ restart_block.fn = hrtimer_nanosleep_restart;
+ restart_block.nanosleep.index = clockid;
+ restart_block.nanosleep.rmtp =
+ (struct timespec __user *) (unsigned long) h->arg_1;
+ restart_block.nanosleep.expires = expire;
+ break;
+ case CKPT_RESTART_BLOCK_POSIX_CPU_NANOSLEEP:
+ clockid = h->arg_0;
+ if (clockid < 0 || invalid_clockid(clockid))
+ break;
+ restart_block.fn = posix_cpu_nsleep_restart;
+ restart_block.arg0 = clockid;
+ restart_block.arg1 = h->arg_1;
+ ts = ns_to_timespec(expire);
+ restart_block.arg2 = ts.tv_sec;
+ restart_block.arg3 = ts.tv_nsec;
+ break;
+#ifdef CONFIG_COMPAT
+ case CKPT_RESTART_BLOCK_COMPAT_NANOSLEEP:
+ clockid = h->arg_0;
+ if (clockid < 0 || invalid_clockid(clockid))
+ break;
+ restart_block.fn = compat_nanosleep_restart;
+ restart_block.nanosleep.index = clockid;
+ restart_block.nanosleep.rmtp =
+ (struct timespec __user *) (unsigned long) h->arg_1;
+ restart_block.nanosleep.compat_rmtp =
+ (struct compat_timespec __user *)
+ (unsigned long) h->arg_2;
+ restart_block.nanosleep.expires = expire;
+ break;
+ case CKPT_RESTART_BLOCK_COMPAT_CLOCK_NANOSLEEP:
+ clockid = h->arg_0;
+ if (clockid < 0 || invalid_clockid(clockid))
+ break;
+ restart_block.fn = compat_clock_nanosleep_restart;
+ restart_block.nanosleep.index = clockid;
+ restart_block.nanosleep.rmtp =
+ (struct timespec __user *) (unsigned long) h->arg_1;
+ restart_block.nanosleep.compat_rmtp =
+ (struct compat_timespec __user *)
+ (unsigned long) h->arg_2;
+ restart_block.nanosleep.expires = expire;
+ break;
+#endif
+ case CKPT_RESTART_BLOCK_FUTEX:
+ restart_block.fn = futex_wait_restart;
+ restart_block.futex.uaddr = (u32 *) (unsigned long) h->arg_0;
+ restart_block.futex.val = h->arg_1;
+ restart_block.futex.flags = h->arg_2;
+ restart_block.futex.bitset = h->arg_3;
+ restart_block.futex.time = expire;
+ break;
+ case CKPT_RESTART_BLOCK_POLL:
+ restart_block.fn = do_restart_poll;
+ restart_block.poll.ufds =
+ (struct pollfd __user *) (unsigned long) h->arg_0;
+ restart_block.poll.nfds = h->arg_1;
+ restart_block.poll.has_timeout = h->arg_2;
+ ts = ns_to_timespec(expire);
+ restart_block.poll.tv_sec = ts.tv_sec;
+ restart_block.poll.tv_nsec = ts.tv_nsec;
+ break;
+ default:
+ break;
+ }
+
+ if (restart_block.fn)
+ task_thread_info(current)->restart_block = restart_block;
+ else
+ ret = -EINVAL;
+
+ ckpt_hdr_put(ctx, h);
+ return ret;
+}
+
/* read the entire state of the current task */
int restore_task(struct ckpt_ctx *ctx)
{
@@ -110,6 +332,10 @@ int restore_task(struct ckpt_ctx *ctx)
ckpt_debug("thread %d\n", ret);
if (ret < 0)
goto out;
+ ret = restore_restart_block(ctx);
+ ckpt_debug("restart-blocks %d\n", ret);
+ if (ret < 0)
+ goto out;
ret = restore_cpu(ctx);
ckpt_debug("cpu %d\n", ret);
out:
diff --git a/kernel/checkpoint/restart.c b/kernel/checkpoint/restart.c
index 7b6caf9..d9eeb39 100644
--- a/kernel/checkpoint/restart.c
+++ b/kernel/checkpoint/restart.c
@@ -527,6 +527,5 @@ long do_restart(struct ckpt_ctx *ctx, pid_t pid)
if (ret < 0)
return ret;
- /* on success, adjust the return value if needed [TODO] */
return restore_retval();
}
diff --git a/kernel/checkpoint/sys.c b/kernel/checkpoint/sys.c
index 28a1b27..4345bcc 100644
--- a/kernel/checkpoint/sys.c
+++ b/kernel/checkpoint/sys.c
@@ -188,6 +188,7 @@ static struct ckpt_ctx *ckpt_ctx_alloc(int fd, unsigned long uflags,
ctx->uflags = uflags;
ctx->kflags = kflags;
+ ctx->ktime_begin = ktime_get();
mutex_init(&ctx->msg_mutex);
--
1.6.3.3
^ permalink raw reply related [flat|nested] 137+ messages in thread* [PATCH v21 028/100] c/r: checkpoint multiple processes
2010-05-01 14:14 [PATCH v21 00/100] Kernel based checkpoint/restart Oren Laadan
` (26 preceding siblings ...)
2010-05-01 14:15 ` [PATCH v21 027/100] c/r: restart-blocks Oren Laadan
@ 2010-05-01 14:15 ` Oren Laadan
2010-05-01 14:15 ` [PATCH v21 029/100] c/r: restart " Oren Laadan
` (73 subsequent siblings)
101 siblings, 0 replies; 137+ messages in thread
From: Oren Laadan @ 2010-05-01 14:15 UTC (permalink / raw)
To: Andrew Morton
Cc: containers, linux-kernel, Serge Hallyn, Matt Helsley,
Pavel Emelyanov, Oren Laadan, Oleg Nesterov
Checkpointing of multiple processes works by recording the tasks tree
structure below a given "root" task. The root task is expected to be a
container init, and then an entire container is checkpointed. However,
passing CHECKPOINT_SUBTREE to checkpoint(2) relaxes this requirement
and allows to checkpoint a subtree of processes from the root task.
For a given root task, do a DFS scan of the tasks tree and collect them
into an array (keeping a reference to each task). Using DFS simplifies
the recreation of tasks either in user space or kernel space. For each
task collected, test if it can be checkpointed, and save its pid, tgid,
and ppid.
The actual work is divided into two passes: a first scan counts the
tasks, then memory is allocated and a second scan fills the array.
Whether checkpoints and restarts require CAP_SYS_ADMIN is determined
by sysctl 'ckpt_unpriv_allowed': if 1, then regular permission checks
are intended to prevent privilege escalation, however if 0 it prevents
unprivileged users from exploiting any privilege escalation bugs.
The logic is suitable for creation of processes during restart either
in userspace or by the kernel.
Currently we ignore threads and zombies.
Changelog[v20]:
- [Serge Hallyn] Change sysctl and default for unprivileged use
Changelog[v19-rc3]:
- Rebase to kernel 2.6.33 (fix sysctl entry for ckpt_unpriv_allowed)
Changelog[v19-rc1]:
- Introduce walk_task_subtree() to iterate through descendants
- [Matt Helsley] Add cpp definitions for enums
- [Serge Hallyn] Add global section container to image format
Changelog[v18]:
- Replace some EAGAIN with EBUSY
- Add a few more ckpt_write_err()s
- Rename headerless struct ckpt_hdr_* to struct ckpt_*
Changelog[v16]:
- CHECKPOINT_SUBTREE flags allows subtree (not whole container)
- sysctl variable 'ckpt_unpriv_allowed' controls needed privileges
Changelog[v14]:
- Refuse non-self checkpoint if target task isn't frozen
- Refuse checkpoint (for now) if task is ptraced
- Revert change to pr_debug(), back to ckpt_debug()
- Use only unsigned fields in checkpoint headers
- Check retval of ckpt_tree_count_tasks() in ckpt_build_tree()
- Discard 'h.parent' field
- Check whether calls to ckpt_hbuf_get() fail
- Disallow threads or siblings to container init
Changelog[v13]:
- Release tasklist_lock in error path in ckpt_tree_count_tasks()
- Use separate index for 'tasks_arr' and 'hh' in ckpt_write_pids()
Changelog[v12]:
- Replace obsolete ckpt_debug() with pr_debug()
Cc: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Oren Laadan <orenl@cs.columbia.edu>
Acked-by: Serge E. Hallyn <serue@us.ibm.com>
Tested-by: Serge E. Hallyn <serue@us.ibm.com>
---
include/linux/checkpoint.h | 10 ++
include/linux/checkpoint_hdr.h | 18 +++-
include/linux/checkpoint_types.h | 4 +
kernel/checkpoint/checkpoint.c | 272 ++++++++++++++++++++++++++++++++++++--
kernel/checkpoint/restart.c | 2 +-
kernel/checkpoint/sys.c | 108 +++++++++++++++-
kernel/sysctl.c | 16 +++
7 files changed, 412 insertions(+), 18 deletions(-)
diff --git a/include/linux/checkpoint.h b/include/linux/checkpoint.h
index 20dcd95..d423a37 100644
--- a/include/linux/checkpoint.h
+++ b/include/linux/checkpoint.h
@@ -12,6 +12,9 @@
#define CHECKPOINT_VERSION 3
+/* checkpoint user flags */
+#define CHECKPOINT_SUBTREE 0x1
+
/* misc user visible */
#define CHECKPOINT_FD_NONE -1
@@ -37,6 +40,13 @@ extern long do_sys_restart(pid_t pid, int fd,
#define CKPT_CTX_RESTART (1 << CKPT_CTX_RESTART_BIT)
#define CKPT_CTX_ERROR (1 << CKPT_CTX_ERROR_BIT)
+/* ckpt_ctx: uflags */
+#define CHECKPOINT_USER_FLAGS CHECKPOINT_SUBTREE
+
+
+extern int walk_task_subtree(struct task_struct *task,
+ int (*func)(struct task_struct *, void *),
+ void *data);
extern int ckpt_kwrite(struct ckpt_ctx *ctx, void *buf, size_t count);
extern int ckpt_kread(struct ckpt_ctx *ctx, void *buf, size_t count);
diff --git a/include/linux/checkpoint_hdr.h b/include/linux/checkpoint_hdr.h
index f17f081..4abae32 100644
--- a/include/linux/checkpoint_hdr.h
+++ b/include/linux/checkpoint_hdr.h
@@ -70,7 +70,9 @@ enum {
CKPT_HDR_STRING,
#define CKPT_HDR_STRING CKPT_HDR_STRING
- CKPT_HDR_TASK = 101,
+ CKPT_HDR_TREE = 101,
+#define CKPT_HDR_TREE CKPT_HDR_TREE
+ CKPT_HDR_TASK,
#define CKPT_HDR_TASK CKPT_HDR_TASK
CKPT_HDR_RESTART_BLOCK,
#define CKPT_HDR_RESTART_BLOCK CKPT_HDR_RESTART_BLOCK
@@ -142,6 +144,20 @@ struct ckpt_hdr_container {
struct ckpt_hdr h;
} __attribute__((aligned(8)));;
+/* task tree */
+struct ckpt_hdr_tree {
+ struct ckpt_hdr h;
+ __s32 nr_tasks;
+} __attribute__((aligned(8)));
+
+struct ckpt_pids {
+ __s32 vpid;
+ __s32 vppid;
+ __s32 vtgid;
+ __s32 vpgid;
+ __s32 vsid;
+} __attribute__((aligned(8)));
+
/* task data */
struct ckpt_hdr_task {
struct ckpt_hdr h;
diff --git a/include/linux/checkpoint_types.h b/include/linux/checkpoint_types.h
index 417e119..527b877 100644
--- a/include/linux/checkpoint_types.h
+++ b/include/linux/checkpoint_types.h
@@ -22,6 +22,7 @@ struct ckpt_ctx {
ktime_t ktime_begin; /* checkpoint start time */
+ int root_init; /* [container] root init ? */
pid_t root_pid; /* [container] root pid */
struct task_struct *root_task; /* [container] root task */
struct nsproxy *root_nsproxy; /* [container] root nsproxy */
@@ -35,6 +36,9 @@ struct ckpt_ctx {
struct file *logfile; /* status/debug log file */
loff_t total; /* total read/written */
+ struct task_struct **tasks_arr; /* array of all tasks in container */
+ int nr_tasks; /* size of tasks array */
+
struct task_struct *tsk;/* checkpoint: current target task */
char err_string[256]; /* checkpoint: error string */
diff --git a/kernel/checkpoint/checkpoint.c b/kernel/checkpoint/checkpoint.c
index 0dbf3e7..de7e19a 100644
--- a/kernel/checkpoint/checkpoint.c
+++ b/kernel/checkpoint/checkpoint.c
@@ -14,6 +14,7 @@
#include <linux/version.h>
#include <linux/module.h>
#include <linux/sched.h>
+#include <linux/slab.h>
#include <linux/freezer.h>
#include <linux/ptrace.h>
#include <linux/time.h>
@@ -197,8 +198,27 @@ static int checkpoint_write_tail(struct ckpt_ctx *ctx)
return ret;
}
+/* dump all tasks in ctx->tasks_arr[] */
+static int checkpoint_all_tasks(struct ckpt_ctx *ctx)
+{
+ int n, ret = 0;
+
+ for (n = 0; n < ctx->nr_tasks; n++) {
+ ckpt_debug("dumping task #%d\n", n);
+ ret = checkpoint_task(ctx, ctx->tasks_arr[n]);
+ if (ret < 0)
+ break;
+ }
+
+ return ret;
+}
+
static int may_checkpoint_task(struct ckpt_ctx *ctx, struct task_struct *t)
{
+ struct task_struct *root = ctx->root_task;
+
+ ckpt_debug("check %d\n", task_pid_nr_ns(t, ctx->root_nsproxy->pid_ns));
+
if (t->state == TASK_DEAD) {
_ckpt_err(ctx, -EBUSY, "%(T)Task state EXIT_DEAD\n");
return -EBUSY;
@@ -221,15 +241,234 @@ static int may_checkpoint_task(struct ckpt_ctx *ctx, struct task_struct *t)
return -EBUSY;
}
+ /*
+ * FIX: for now, disallow siblings of container init created
+ * via CLONE_PARENT (unclear if they will remain possible)
+ */
+ if (ctx->root_init && t != root && t->tgid != root->tgid &&
+ t->real_parent == root->real_parent) {
+ _ckpt_err(ctx, -EINVAL, "%(T)Task is sibling of root\n");
+ return -EINVAL;
+ }
+
+ /* FIX: change this when namespaces are added */
+ if (task_nsproxy(t) != ctx->root_nsproxy)
+ return -EPERM;
+
return 0;
}
+#define CKPT_HDR_PIDS_CHUNK 256
+
+static int checkpoint_pids(struct ckpt_ctx *ctx)
+{
+ struct ckpt_pids *h;
+ struct pid_namespace *ns;
+ struct task_struct *task;
+ struct task_struct **tasks_arr;
+ int nr_tasks, n, pos = 0, ret = 0;
+
+ ns = ctx->root_nsproxy->pid_ns;
+ tasks_arr = ctx->tasks_arr;
+ nr_tasks = ctx->nr_tasks;
+ BUG_ON(nr_tasks <= 0);
+
+ ret = ckpt_write_obj_type(ctx, NULL,
+ sizeof(*h) * nr_tasks,
+ CKPT_HDR_BUFFER);
+ if (ret < 0)
+ return ret;
+
+ h = ckpt_hdr_get(ctx, sizeof(*h) * CKPT_HDR_PIDS_CHUNK);
+ if (!h)
+ return -ENOMEM;
+
+ do {
+ rcu_read_lock();
+ for (n = 0; n < min(nr_tasks, CKPT_HDR_PIDS_CHUNK); n++) {
+ task = tasks_arr[pos];
+
+ h[n].vpid = task_pid_nr_ns(task, ns);
+ h[n].vtgid = task_tgid_nr_ns(task, ns);
+ h[n].vpgid = task_pgrp_nr_ns(task, ns);
+ h[n].vsid = task_session_nr_ns(task, ns);
+ h[n].vppid = task_tgid_nr_ns(task->real_parent, ns);
+ ckpt_debug("task[%d]: vpid %d vtgid %d parent %d\n",
+ pos, h[n].vpid, h[n].vtgid, h[n].vppid);
+ pos++;
+ }
+ rcu_read_unlock();
+
+ n = min(nr_tasks, CKPT_HDR_PIDS_CHUNK);
+ ret = ckpt_kwrite(ctx, h, n * sizeof(*h));
+ if (ret < 0)
+ break;
+
+ nr_tasks -= n;
+ } while (nr_tasks > 0);
+
+ _ckpt_hdr_put(ctx, h, sizeof(*h) * CKPT_HDR_PIDS_CHUNK);
+ return ret;
+}
+
+struct ckpt_cnt_tasks {
+ struct ckpt_ctx *ctx;
+ int nr;
+};
+
+/* count number of tasks in tree (and optionally fill pid's in array) */
+static int __tree_count_tasks(struct task_struct *task, void *data)
+{
+ struct ckpt_cnt_tasks *d = (struct ckpt_cnt_tasks *) data;
+ struct ckpt_ctx *ctx = d->ctx;
+ int ret;
+
+ ctx->tsk = task; /* (for _ckpt_err()) */
+
+ /* is this task cool ? */
+ ret = may_checkpoint_task(ctx, task);
+ if (ret < 0)
+ goto out;
+
+ if (ctx->tasks_arr) {
+ if (d->nr == ctx->nr_tasks) { /* unlikely... try again later */
+ _ckpt_err(ctx, -EBUSY, "%(T)Bad task count (%d)\n",
+ d->nr);
+ ret = -EBUSY;
+ goto out;
+ }
+ ctx->tasks_arr[d->nr++] = task;
+ get_task_struct(task);
+ }
+
+ ret = 1;
+ out:
+ ctx->tsk = NULL;
+ return ret;
+}
+
+static int tree_count_tasks(struct ckpt_ctx *ctx)
+{
+ struct ckpt_cnt_tasks data;
+ int ret;
+
+ data.ctx = ctx;
+ data.nr = 0;
+
+ ckpt_msg_lock(ctx);
+ ret = walk_task_subtree(ctx->root_task, __tree_count_tasks, &data);
+ ckpt_msg_unlock(ctx);
+ if (ret < 0)
+ _ckpt_msg_complete(ctx);
+ return ret;
+}
+
+/*
+ * build_tree - scan the tasks tree in DFS order and fill in array
+ * @ctx: checkpoint context
+ *
+ * Using DFS order simplifies the restart logic to re-create the tasks.
+ *
+ * On success, ctx->tasks_arr will be allocated and populated with all
+ * tasks (reference taken), and ctx->nr_tasks will hold the total count.
+ * The array is cleaned up by ckpt_ctx_free().
+ */
+static int build_tree(struct ckpt_ctx *ctx)
+{
+ int n, m;
+
+ /* count tasks (no side effects) */
+ n = tree_count_tasks(ctx);
+ if (n < 0)
+ return n;
+
+ ctx->nr_tasks = n;
+ ctx->tasks_arr = kzalloc(n * sizeof(*ctx->tasks_arr), GFP_KERNEL);
+ if (!ctx->tasks_arr)
+ return -ENOMEM;
+
+ /* count again (now will fill array) */
+ m = tree_count_tasks(ctx);
+
+ /* unlikely, but ... (cleanup in ckpt_ctx_free) */
+ if (m < 0)
+ return m;
+ else if (m != n)
+ return -EBUSY;
+
+ return 0;
+}
+
+/* dump the array that describes the tasks tree */
+static int checkpoint_tree(struct ckpt_ctx *ctx)
+{
+ struct ckpt_hdr_tree *h;
+ int ret;
+
+ h = ckpt_hdr_get_type(ctx, sizeof(*h), CKPT_HDR_TREE);
+ if (!h)
+ return -ENOMEM;
+
+ h->nr_tasks = ctx->nr_tasks;
+
+ ret = ckpt_write_obj(ctx, &h->h);
+ ckpt_hdr_put(ctx, h);
+ if (ret < 0)
+ return ret;
+
+ ret = checkpoint_pids(ctx);
+ return ret;
+}
+
+static struct task_struct *get_freezer_task(struct task_struct *root_task)
+{
+ struct task_struct *p;
+
+ /*
+ * For the duration of checkpoint we deep-freeze all tasks.
+ * Normally do it through the root task's freezer cgroup.
+ * However, if the root task is also the current task (doing
+ * self-checkpoint) we can't freeze ourselves. In this case,
+ * choose the next available (non-dead) task instead. We'll
+ * use its freezer cgroup to verify that all tasks belong to
+ * the same cgroup.
+ */
+
+ if (root_task != current) {
+ get_task_struct(root_task);
+ return root_task;
+ }
+
+ /* search among threads, then children */
+ read_lock(&tasklist_lock);
+
+ for (p = next_thread(root_task); p != root_task; p = next_thread(p)) {
+ if (p->state == TASK_DEAD)
+ continue;
+ if (!in_same_cgroup_freezer(p, root_task))
+ goto out;
+ }
+
+ list_for_each_entry(p, &root_task->children, sibling) {
+ if (p->state == TASK_DEAD)
+ continue;
+ if (!in_same_cgroup_freezer(p, root_task))
+ goto out;
+ }
+
+ p = NULL;
+ out:
+ read_unlock(&tasklist_lock);
+ if (p)
+ get_task_struct(p);
+ return p;
+}
+
/* setup checkpoint-specific parts of ctx */
static int init_checkpoint_ctx(struct ckpt_ctx *ctx, pid_t pid)
{
struct task_struct *task;
struct nsproxy *nsproxy;
- int ret;
/*
* No need for explicit cleanup here, because if an error
@@ -261,18 +500,14 @@ static int init_checkpoint_ctx(struct ckpt_ctx *ctx, pid_t pid)
ctx->root_nsproxy = nsproxy;
/* root freezer */
- ctx->root_freezer = task;
- get_task_struct(task);
+ ctx->root_freezer = get_freezer_task(task);
- ret = may_checkpoint_task(ctx, task);
- if (ret) {
- _ckpt_msg_complete(ctx);
- put_task_struct(task);
- put_task_struct(task);
- put_nsproxy(nsproxy);
- ctx->root_nsproxy = NULL;
- ctx->root_task = NULL;
- return ret;
+ /* container init ? */
+ ctx->root_init = is_container_init(task);
+
+ if (!(ctx->uflags & CHECKPOINT_SUBTREE) && !ctx->root_init) {
+ ckpt_err(ctx, -EINVAL, "Not container init\n");
+ return -EINVAL; /* cleanup by ckpt_ctx_free() */
}
return 0;
@@ -288,17 +523,26 @@ long do_checkpoint(struct ckpt_ctx *ctx, pid_t pid)
if (ctx->root_freezer) {
ret = cgroup_freezer_begin_checkpoint(ctx->root_freezer);
- if (ret < 0)
+ if (ret < 0) {
+ ckpt_err(ctx, ret, "Freezer cgroup failed\n");
return ret;
+ }
}
+ ret = build_tree(ctx);
+ if (ret < 0)
+ goto out;
+
ret = checkpoint_write_header(ctx);
if (ret < 0)
goto out;
ret = checkpoint_container(ctx);
if (ret < 0)
goto out;
- ret = checkpoint_task(ctx, ctx->root_task);
+ ret = checkpoint_tree(ctx);
+ if (ret < 0)
+ goto out;
+ ret = checkpoint_all_tasks(ctx);
if (ret < 0)
goto out;
ret = checkpoint_write_tail(ctx);
diff --git a/kernel/checkpoint/restart.c b/kernel/checkpoint/restart.c
index d9eeb39..936fc5e 100644
--- a/kernel/checkpoint/restart.c
+++ b/kernel/checkpoint/restart.c
@@ -384,7 +384,7 @@ static int restore_read_header(struct ckpt_ctx *ctx)
ckpt_err(ctx, ret, "incompatible kernel version");
goto out;
}
- if (h->uflags) {
+ if (h->uflags & ~CHECKPOINT_USER_FLAGS) {
ckpt_err(ctx, ret, "incompatible restart user flags");
goto out;
}
diff --git a/kernel/checkpoint/sys.c b/kernel/checkpoint/sys.c
index 4345bcc..3b13e08 100644
--- a/kernel/checkpoint/sys.c
+++ b/kernel/checkpoint/sys.c
@@ -25,6 +25,16 @@
#include <linux/checkpoint.h>
/*
+ * ckpt_unpriv_allowed - sysctl controlled.
+ * If 0, then caller of sys_checkpoint() or sys_restart() must have
+ * CAP_SYS_ADMIN
+ * If 1, then only sys_restart() requires CAP_SYS_ADMIN.
+ * If 2, then both can be called without privilege - regular permissions
+ * checks are intended to do the job.
+ */
+int ckpt_unpriv_allowed = 1; /* default: unpriv checkpoint not restart */
+
+/*
* Helpers to write(read) from(to) kernel space to(from) the checkpoint
* image file descriptor (similar to how a core-dump is performed).
*
@@ -159,6 +169,19 @@ EXPORT_SYMBOL(ckpt_hdr_get_type);
* restart operation, and persists until the operation is completed.
*/
+static void task_arr_free(struct ckpt_ctx *ctx)
+{
+ int n;
+
+ for (n = 0; n < ctx->nr_tasks; n++) {
+ if (ctx->tasks_arr[n]) {
+ put_task_struct(ctx->tasks_arr[n]);
+ ctx->tasks_arr[n] = NULL;
+ }
+ }
+ kfree(ctx->tasks_arr);
+}
+
static void ckpt_ctx_free(struct ckpt_ctx *ctx)
{
if (ctx->file)
@@ -166,6 +189,9 @@ static void ckpt_ctx_free(struct ckpt_ctx *ctx)
if (ctx->logfile)
fput(ctx->logfile);
+ if (ctx->tasks_arr)
+ task_arr_free(ctx);
+
if (ctx->root_nsproxy)
put_nsproxy(ctx->root_nsproxy);
if (ctx->root_task)
@@ -407,6 +433,79 @@ void do_ckpt_msg(struct ckpt_ctx *ctx, int err, char *fmt, ...)
}
EXPORT_SYMBOL(do_ckpt_msg);
+/**
+ * walk_task_subtree: iterate through a task's descendants
+ * @root: subtree root task
+ * @func: callback invoked on each task
+ * @data: pointer passed to the callback
+ *
+ * The function will start with @root, and iterate through all the
+ * descendants, including threads, in a DFS manner. Children of a task
+ * are traversed before proceeding to the next thread of that task.
+ *
+ * For each task, the callback @func will be called providing the task
+ * pointer and the @data. The callback is invoked while holding the
+ * tasklist_lock for reading. If the callback fails it should return a
+ * negative error, and the traversal ends. If the callback succeeds,
+ * it returns a non-negative number, and these values are summed.
+ *
+ * On success, walk_task_subtree() returns the total summed. On
+ * failure, it returns a negative value.
+ */
+int walk_task_subtree(struct task_struct *root,
+ int (*func)(struct task_struct *, void *),
+ void *data)
+{
+
+ struct task_struct *leader = root;
+ struct task_struct *parent = NULL;
+ struct task_struct *task = root;
+ int total = 0;
+ int ret;
+
+ read_lock(&tasklist_lock);
+ while (1) {
+ /* invoke callback on this task */
+ ret = func(task, data);
+ if (ret < 0)
+ break;
+
+ total += ret;
+
+ /* if has children - proceed with child */
+ if (!list_empty(&task->children)) {
+ parent = task;
+ task = list_entry(task->children.next,
+ struct task_struct, sibling);
+ continue;
+ }
+
+ while (task != root) {
+ /* if has sibling - proceed with sibling */
+ if (!list_is_last(&task->sibling, &parent->children)) {
+ task = list_entry(task->sibling.next,
+ struct task_struct, sibling);
+ break;
+ }
+
+ /* else, trace back to parent and proceed */
+ task = parent;
+ parent = parent->real_parent;
+ }
+
+ if (task == root) {
+ /* in case root task is multi-threaded */
+ root = task = next_thread(task);
+ if (root == leader)
+ break;
+ }
+ }
+ read_unlock(&tasklist_lock);
+
+ ckpt_debug("total %d ret %d\n", total, ret);
+ return (ret < 0 ? ret : total);
+}
+
/* checkpoint/restart syscalls */
/**
@@ -424,10 +523,12 @@ long do_sys_checkpoint(pid_t pid, int fd, unsigned long flags, int logfd)
struct ckpt_ctx *ctx;
long ret;
- /* no flags for now */
- if (flags)
+ if (flags & ~CHECKPOINT_USER_FLAGS)
return -EINVAL;
+ if (!ckpt_unpriv_allowed && !capable(CAP_SYS_ADMIN))
+ return -EPERM;
+
if (pid == 0)
pid = task_pid_vnr(current);
ctx = ckpt_ctx_alloc(fd, flags, CKPT_CTX_CHECKPOINT, logfd);
@@ -462,6 +563,9 @@ long do_sys_restart(pid_t pid, int fd, unsigned long flags, int logfd)
if (flags)
return -EINVAL;
+ if (ckpt_unpriv_allowed < 2 && !capable(CAP_SYS_ADMIN))
+ return -EPERM;
+
ctx = ckpt_ctx_alloc(fd, flags, CKPT_CTX_RESTART, logfd);
if (IS_ERR(ctx))
return PTR_ERR(ctx);
diff --git a/kernel/sysctl.c b/kernel/sysctl.c
index 8686b0f..b7afc16 100644
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -194,6 +194,10 @@ extern struct ctl_table epoll_table[];
int sysctl_legacy_va_layout;
#endif
+#ifdef CONFIG_CHECKPOINT
+extern int ckpt_unpriv_allowed;
+#endif
+
/* The default sysctl tables: */
static struct ctl_table root_table[] = {
@@ -926,6 +930,18 @@ static struct ctl_table kern_table[] = {
.proc_handler = proc_dointvec,
},
#endif
+#ifdef CONFIG_CHECKPOINT
+ {
+ .procname = "ckpt_unpriv_allowed",
+ .data = &ckpt_unpriv_allowed,
+ .maxlen = sizeof(int),
+ .mode = 0644,
+ .proc_handler = proc_dointvec_minmax,
+ .extra1 = &zero,
+ .extra2 = &two,
+ },
+#endif
+
/*
* NOTE: do not add new entries to this table unless you have read
* Documentation/sysctl/ctl_unnumbered.txt
--
1.6.3.3
^ permalink raw reply related [flat|nested] 137+ messages in thread* [PATCH v21 029/100] c/r: restart multiple processes
2010-05-01 14:14 [PATCH v21 00/100] Kernel based checkpoint/restart Oren Laadan
` (27 preceding siblings ...)
2010-05-01 14:15 ` [PATCH v21 028/100] c/r: checkpoint multiple processes Oren Laadan
@ 2010-05-01 14:15 ` Oren Laadan
2010-05-01 14:15 ` [PATCH v21 030/100] c/r: introduce PF_RESTARTING, and skip notification on exit Oren Laadan
` (72 subsequent siblings)
101 siblings, 0 replies; 137+ messages in thread
From: Oren Laadan @ 2010-05-01 14:15 UTC (permalink / raw)
To: Andrew Morton
Cc: containers, linux-kernel, Serge Hallyn, Matt Helsley,
Pavel Emelyanov, Oren Laadan, Oleg Nesterov
Restarting of multiple processes expects all restarting tasks to call
sys_restart(). Once inside the system call, each task will restart
itself at the same order that they were saved. The internals of the
syscall will take care of in-kernel synchronization bewteen tasks.
This patch does _not_ create the task tree in the kernel. Instead it
assumes that all tasks are created in some way and then invoke the
restart syscall. You can use the userspace mktree.c program to do
that.
There is one special task - the coordinator - that is not part of the
restarted hierarchy. The coordinator task allocates the restart
context (ctx) and orchestrates the restart. Thus even if a restart
fails after, or during the restore of the root task, the user
perceives a clean exit and an error message.
The coordinator task will:
1) read header and tree, create @ctx (wake up restarting tasks)
2) set the ->checkpoint_ctx field of itself and all descendants
3) wait for all restarting tasks to reach sync point #1
4) activate first restarting task (root task)
5) wait for all other tasks to complete and reach sync point #3
6) wake up everybody
(Note that in step #2 the coordinator assumes that the entire task
hierarchy exists by the time it enters sys_restart; this is arranged
in user space by 'mktree')
Task that are restarting has three sync points:
1) wait for its ->checkpoint_ctx to be set (by the coordinator)
2) wait for the task's turn to restore (be active)
[...now the task restores its state...]
3) wait for all other tasks to complete
The third sync point ensures that a task may only resume execution
after all tasks have successfully restored their state (or fail if an
error has occured). This prevents tasks from returning to user space
prematurely, before the entire restart completes.
If a single task wishes to restart, it can set the "RESTART_TASKSELF"
flag to restart(2) to skip the logic of the coordinator.
The root-task is a child of the coordinator, identified by the @pid
given to sys_restart() in the pid-ns of the coordinator. Restarting
tasks that aren't the coordinator, should set the @pid argument of
restart(2) syscall to zero.
All tasks explicitly test for an error flag on the checkpoint context
when they wakeup from sync points. If an error occurs during the
restart of some task, it will mark the @ctx with an error flag, and
wakeup the other tasks.
An array of pids (the one saved during the checkpoint) is used to
synchronize the operation. The first task in the array is the init
task (*). The restart context (@ctx) maintains a "current position" in
the array, which indicates which task is currently active. Once the
currently active task completes its own restart, it increments that
position and wakes up the next task.
Restart assumes that userspace provides meaningful data, otherwise
it's garbage-in-garbage-out. In this case, the syscall may block
indefinitely, but in TASK_INTERRUPTIBLE, so the user can ctrl-c or
otherwise kill the stray restarting tasks.
In terms of security, restart runs as the user the invokes it, so it
will not allow a user to do more than is otherwise permitted by the
usual system semantics and policy.
Currently we ignore threads and zombies, as well as session ids.
Add support for multiple processes
(*) For containers, restart should be called inside a fresh container
by the init task of that container. However, it is also possible to
restart applications not necessarily inside a container, and without
restoring the original pids of the processes (that is, provided that
the application can tolerate such behavior). This is useful to allow
multi-process restart of tasks not isolated inside a container, and
also for debugging.
Changelog[v21]:
- [Matt Helsley] Move CKPT_CTX_ERROR* definitions to first use.
- [Matt Helsley] Avoid using ctx kflags for until multiprocess
restart patch is introduced.
Changelog[v20]:
- Replace error_sem with an event completion
Changelog[v19-rc3]:
- Rebase to kernel 2.6.33
- Call restore_notify_error for restart (not checkpoint !)
- Make kread/kwrite() abort if CKPT_CTX_ERROR is set
Changelog[v19-rc1]:
- [Serge Hallyn] Move init_completion(&ctx->complete) to ctx_alloc
- Pull cleanup/debug code from patches zombie, pgid to here
- Simplify logic of tracking restarting tasks (->ctx)
- Use walk_task_subtree() to iterate through descendants
- Coordinator kills descendants on failure for proper cleanup
- Prepare descendants needs PTRACE_MODE_ATTACH permissions
- Threads wait for entire thread group before restoring
- Add debug process-tree status during restart
- Fix handling of bogus pid arg to sys_restart
- [Serge Hallyn] Add global section container to image format
- Coordinator to report correct error on restart failure
Changelog[v18]:
- Fix race of prepare_descendant() with an ongoing fork()
- Track and report the first error if restart fails
- Tighten logic to protect against bogus pids in input
- [Matt Helsley] Improve debug output from ckpt_notify_error()
Changelog[v17]:
- Add uflag RESTART_FROZEN to freeze tasks after restart
- Fix restore_retval() and use only for restarting tasks
- Coordinator converts -ERSTART... to -EINTR
- Coordinator marks and sets descendants' ->checkpoint_ctx
- Coordinator properly detects errors when woken up from wait
- Fix race where root_task could kick start too early
- Add a sync point for restarting tasks
- Multiple fixes to restart logic
Changelog[v14]:
- Revert change to pr_debug(), back to ckpt_debug()
- Discard field 'h.parent'
- Check whether calls to ckpt_hbuf_get() fail
Changelog[v13]:
- Clear root_task->checkpoint_ctx regardless of error condition
- Remove unused argument 'ctx' from do_restore_task() prototype
- Remove unused member 'pids_err' from 'struct ckpt_ctx'
Changelog[v12]:
- Replace obsolete ckpt_debug() with pr_debug()
Cc: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Oren Laadan <orenl@cs.columbia.edu>
Acked-by: Serge E. Hallyn <serue@us.ibm.com>
Tested-by: Serge E. Hallyn <serue@us.ibm.com>
---
include/linux/checkpoint.h | 42 ++-
include/linux/checkpoint_types.h | 22 +-
include/linux/sched.h | 10 +-
kernel/checkpoint/checkpoint.c | 5 +
kernel/checkpoint/restart.c | 759 ++++++++++++++++++++++++++++++++++++--
kernel/checkpoint/sys.c | 75 ++++-
kernel/exit.c | 5 +
kernel/fork.c | 7 +
8 files changed, 887 insertions(+), 38 deletions(-)
diff --git a/include/linux/checkpoint.h b/include/linux/checkpoint.h
index d423a37..f787a75 100644
--- a/include/linux/checkpoint.h
+++ b/include/linux/checkpoint.h
@@ -15,6 +15,10 @@
/* checkpoint user flags */
#define CHECKPOINT_SUBTREE 0x1
+/* restart user flags */
+#define RESTART_TASKSELF 0x1
+#define RESTART_FROZEN 0x2
+
/* misc user visible */
#define CHECKPOINT_FD_NONE -1
@@ -34,19 +38,22 @@ extern long do_sys_restart(pid_t pid, int fd,
/* ckpt_ctx: kflags */
#define CKPT_CTX_CHECKPOINT_BIT 0
#define CKPT_CTX_RESTART_BIT 1
+#define CKPT_CTX_SUCCESS_BIT 2
#define CKPT_CTX_ERROR_BIT 3
#define CKPT_CTX_CHECKPOINT (1 << CKPT_CTX_CHECKPOINT_BIT)
#define CKPT_CTX_RESTART (1 << CKPT_CTX_RESTART_BIT)
+#define CKPT_CTX_SUCCESS (1 << CKPT_CTX_SUCCESS_BIT)
#define CKPT_CTX_ERROR (1 << CKPT_CTX_ERROR_BIT)
/* ckpt_ctx: uflags */
#define CHECKPOINT_USER_FLAGS CHECKPOINT_SUBTREE
-
+#define RESTART_USER_FLAGS (RESTART_TASKSELF | RESTART_FROZEN)
extern int walk_task_subtree(struct task_struct *task,
int (*func)(struct task_struct *, void *),
void *data);
+extern void exit_checkpoint(struct task_struct *tsk);
extern int ckpt_kwrite(struct ckpt_ctx *ctx, void *buf, size_t count);
extern int ckpt_kread(struct ckpt_ctx *ctx, void *buf, size_t count);
@@ -73,6 +80,35 @@ extern int ckpt_read_payload(struct ckpt_ctx *ctx,
extern char *ckpt_read_string(struct ckpt_ctx *ctx, int max);
extern int ckpt_read_consume(struct ckpt_ctx *ctx, int len, int type);
+/* ckpt kflags */
+#define ckpt_set_ctx_kflag(__ctx, __kflag) \
+ set_bit(__kflag##_BIT, &(__ctx)->kflags)
+#define ckpt_test_and_set_ctx_kflag(__ctx, __kflag) \
+ test_and_set_bit(__kflag##_BIT, &(__ctx)->kflags)
+
+#define ckpt_test_error(ctx) \
+ ((ctx)->kflags & CKPT_CTX_ERROR)
+#define ckpt_test_complete(ctx) \
+ ((ctx)->kflags & (CKPT_CTX_SUCCESS | CKPT_CTX_ERROR))
+
+extern void ckpt_set_success(struct ckpt_ctx *ctx);
+extern void ckpt_set_error(struct ckpt_ctx *ctx, int err);
+
+static inline int ckpt_get_error(struct ckpt_ctx *ctx)
+{
+ /*
+ * We may notice CKPT_CTX_ERROR before ctx->errno is set, but
+ * ctx->errno_sync remains not-completed until after it's done.
+ */
+ wait_for_completion(&ctx->errno_sync);
+ return ctx->errno;
+}
+
+extern void restore_notify_error(struct ckpt_ctx *ctx);
+
+extern struct ckpt_ctx *ckpt_ctx_get(struct ckpt_ctx *ctx);
+extern void ckpt_ctx_put(struct ckpt_ctx *ctx);
+
extern long do_checkpoint(struct ckpt_ctx *ctx, pid_t pid);
extern long do_restart(struct ckpt_ctx *ctx, pid_t pid);
@@ -110,6 +146,8 @@ static inline int ckpt_validate_errno(int errno)
#endif
#ifdef CONFIG_CHECKPOINT_DEBUG
+
+extern void restore_debug_free(struct ckpt_ctx *ctx);
extern unsigned long ckpt_debug_level;
/*
@@ -135,6 +173,8 @@ extern unsigned long ckpt_debug_level;
#else
+static inline void restore_debug_free(struct ckpt_ctx *ctx) {}
+
/*
* This is deprecated
*/
diff --git a/include/linux/checkpoint_types.h b/include/linux/checkpoint_types.h
index 527b877..afe76ad 100644
--- a/include/linux/checkpoint_types.h
+++ b/include/linux/checkpoint_types.h
@@ -16,6 +16,7 @@
#include <linux/nsproxy.h>
#include <linux/fs.h>
#include <linux/ktime.h>
+#include <linux/wait.h>
struct ckpt_ctx {
int crid; /* unique checkpoint id */
@@ -36,19 +37,36 @@ struct ckpt_ctx {
struct file *logfile; /* status/debug log file */
loff_t total; /* total read/written */
- struct task_struct **tasks_arr; /* array of all tasks in container */
- int nr_tasks; /* size of tasks array */
+ atomic_t refcount;
struct task_struct *tsk;/* checkpoint: current target task */
char err_string[256]; /* checkpoint: error string */
int errno; /* errno that caused failure */
+ struct completion errno_sync; /* protect errno setting */
+
+ /* [multi-process checkpoint] */
+ struct task_struct **tasks_arr; /* array of all tasks [checkpoint] */
+ int nr_tasks; /* size of tasks array */
+
+ /* [multi-process restart] */
+ struct ckpt_pids *pids_arr; /* array of all pids [restart] */
+ int nr_pids; /* size of pids array */
+ atomic_t nr_total; /* total tasks count */
+ int active_pid; /* (next) position in pids array */
+ struct completion complete; /* container root and other tasks on */
+ wait_queue_head_t waitq; /* start, end, and restart ordering */
#define CKPT_MSG_LEN 1024
char fmt[CKPT_MSG_LEN];
char msg[CKPT_MSG_LEN];
int msglen;
struct mutex msg_mutex;
+
+#ifdef CONFIG_CHECKPOINT_DEBUG
+ struct list_head task_status; /* list of status for each task */
+ spinlock_t lock;
+#endif
};
#endif /* __KERNEL__ */
diff --git a/include/linux/sched.h b/include/linux/sched.h
index 8593051..3ff96d6 100644
--- a/include/linux/sched.h
+++ b/include/linux/sched.h
@@ -641,6 +641,10 @@ struct signal_struct {
#endif
int oom_adj; /* OOM kill score adjustment (bit shift) */
+
+#ifdef CONFIG_CHECKPOINT
+ atomic_t restart_count; /* threads group restart sync */
+#endif
};
/* Context switch must be unlocked if interrupts are to be enabled */
@@ -1518,6 +1522,9 @@ struct task_struct {
unsigned long memsw_bytes; /* uncharged mem+swap usage */
} memcg_batch;
#endif
+#ifdef CONFIG_CHECKPOINT
+ struct ckpt_ctx *checkpoint_ctx;
+#endif
};
/* Future-safe accessor for struct task_struct's cpus_allowed. */
@@ -1711,6 +1718,7 @@ extern void thread_group_times(struct task_struct *p, cputime_t *ut, cputime_t *
#define PF_EXITING 0x00000004 /* getting shut down */
#define PF_EXITPIDONE 0x00000008 /* pi exit done on shut down */
#define PF_VCPU 0x00000010 /* I'm a virtual CPU */
+#define PF_RESTARTING 0x00000020 /* Process is restarting (c/r) */
#define PF_FORKNOEXEC 0x00000040 /* forked but didn't exec */
#define PF_MCE_PROCESS 0x00000080 /* process policy on mce errors */
#define PF_SUPERPRIV 0x00000100 /* used super-user privileges */
@@ -2212,7 +2220,7 @@ static inline int task_detached(struct task_struct *p)
* Protects ->fs, ->files, ->mm, ->group_info, ->comm, keyring
* subscriptions and synchronises with wait4(). Also used in procfs. Also
* pins the final release of task.io_context. Also protects ->cpuset and
- * ->cgroup.subsys[].
+ * ->cgroup.subsys[]. Also protects ->checkpoint_ctx in checkpoint/restart.
*
* Nests both inside and outside of read_lock(&tasklist_lock).
* It must not be nested with write_lock_irq(&tasklist_lock),
diff --git a/kernel/checkpoint/checkpoint.c b/kernel/checkpoint/checkpoint.c
index de7e19a..14801f3 100644
--- a/kernel/checkpoint/checkpoint.c
+++ b/kernel/checkpoint/checkpoint.c
@@ -553,6 +553,11 @@ long do_checkpoint(struct ckpt_ctx *ctx, pid_t pid)
ctx->crid = atomic_inc_return(&ctx_count);
ret = ctx->crid;
out:
+ if (ret < 0)
+ ckpt_set_error(ctx, ret);
+ else
+ ckpt_set_success(ctx);
+
if (ctx->root_freezer)
cgroup_freezer_end_checkpoint(ctx->root_freezer);
return ret;
diff --git a/kernel/checkpoint/restart.c b/kernel/checkpoint/restart.c
index 936fc5e..ddc71ee 100644
--- a/kernel/checkpoint/restart.c
+++ b/kernel/checkpoint/restart.c
@@ -15,7 +15,10 @@
#include <linux/module.h>
#include <linux/sched.h>
#include <linux/slab.h>
+#include <linux/wait.h>
#include <linux/file.h>
+#include <linux/ptrace.h>
+#include <linux/freezer.h>
#include <linux/magic.h>
#include <linux/utsname.h>
#include <linux/elf.h>
@@ -23,6 +26,169 @@
#include <asm/syscall.h>
+#define RESTART_DBG_ROOT (1 << 0)
+#define RESTART_DBG_GHOST (1 << 1)
+#define RESTART_DBG_COORD (1 << 2)
+#define RESTART_DBG_TASK (1 << 3)
+#define RESTART_DBG_WAITING (1 << 4)
+#define RESTART_DBG_RUNNING (1 << 5)
+#define RESTART_DBG_EXITED (1 << 6)
+#define RESTART_DBG_FAILED (1 << 7)
+#define RESTART_DBG_SUCCESS (1 << 8)
+
+#ifdef CONFIG_CHECKPOINT_DEBUG
+
+/*
+ * Track status of restarting tasks in a list off of checkpoint_ctx.
+ * Print this info when the checkpoint_ctx is freed. Sample output:
+ *
+ * [3519:2:c/r:debug_task_status:207] 3 tasks registered, nr_tasks was 0 nr_total 0
+ * [3519:2:c/r:debug_task_status:210] active pid was 1, ctx->errno 0
+ * [3519:2:c/r:debug_task_status:212] kflags 6 uflags 0 oflags 1
+ * [3519:2:c/r:debug_task_status:214] task 0 to run was 2
+ * [3519:2:c/r:debug_task_status:217] pid 3517 C r
+ * [3519:2:c/r:debug_task_status:217] pid 3519 RN
+ * [3519:2:c/r:debug_task_status:217] pid 3520 G
+ */
+
+struct ckpt_task_status {
+ pid_t pid;
+ int flags;
+ int error;
+ struct list_head list;
+};
+
+static int restore_debug_task(struct ckpt_ctx *ctx, int flags)
+{
+ struct ckpt_task_status *s;
+
+ s = kmalloc(sizeof(*s), GFP_KERNEL);
+ if (!s) {
+ ckpt_debug("no memory to register ?!\n");
+ return -ENOMEM;
+ }
+ s->pid = current->pid;
+ s->error = 0;
+ s->flags = RESTART_DBG_WAITING | flags;
+ if (current == ctx->root_task)
+ s->flags |= RESTART_DBG_ROOT;
+
+ spin_lock(&ctx->lock);
+ list_add_tail(&s->list, &ctx->task_status);
+ spin_unlock(&ctx->lock);
+
+ return 0;
+}
+
+static struct ckpt_task_status *restore_debug_getme(struct ckpt_ctx *ctx)
+{
+ struct ckpt_task_status *s;
+
+ spin_lock(&ctx->lock);
+ list_for_each_entry(s, &ctx->task_status, list) {
+ if (s->pid == current->pid) {
+ spin_unlock(&ctx->lock);
+ return s;
+ }
+ }
+ spin_unlock(&ctx->lock);
+ return NULL;
+}
+
+static void restore_debug_error(struct ckpt_ctx *ctx, int err)
+{
+ struct ckpt_task_status *s = restore_debug_getme(ctx);
+
+ s->error = err;
+ s->flags &= ~RESTART_DBG_WAITING;
+ s->flags &= ~RESTART_DBG_RUNNING;
+ if (err)
+ s->flags |= RESTART_DBG_FAILED;
+ else
+ s->flags |= RESTART_DBG_SUCCESS;
+}
+
+static void restore_debug_running(struct ckpt_ctx *ctx)
+{
+ struct ckpt_task_status *s = restore_debug_getme(ctx);
+
+ s->flags &= ~RESTART_DBG_WAITING;
+ s->flags |= RESTART_DBG_RUNNING;
+}
+
+static void restore_debug_exit(struct ckpt_ctx *ctx)
+{
+ struct ckpt_task_status *s = restore_debug_getme(ctx);
+
+ s->flags &= ~RESTART_DBG_WAITING;
+ s->flags |= RESTART_DBG_EXITED;
+}
+
+void restore_debug_free(struct ckpt_ctx *ctx)
+{
+ struct ckpt_task_status *s, *p;
+ int i, count = 0;
+ char *which, *state;
+
+ /*
+ * See how many tasks registered. Tasks which didn't reach
+ * sys_restart() won't have registered. So if this count is
+ * not the same as ctx->nr_total, that's a warning bell
+ */
+ list_for_each_entry(s, &ctx->task_status, list)
+ count++;
+ ckpt_debug("%d tasks registered, nr_tasks was %d nr_total %d\n",
+ count, ctx->nr_tasks, atomic_read(&ctx->nr_total));
+
+ ckpt_debug("active pid was %d, ctx->errno %d\n", ctx->active_pid,
+ ctx->errno);
+ ckpt_debug("kflags %lu uflags %lu oflags %lu", ctx->kflags,
+ ctx->uflags, ctx->oflags);
+ for (i = 0; i < ctx->nr_pids; i++)
+ ckpt_debug("task[%d] to run %d\n", i, ctx->pids_arr[i].vpid);
+
+ list_for_each_entry_safe(s, p, &ctx->task_status, list) {
+ if (s->flags & RESTART_DBG_COORD)
+ which = "Coord";
+ else if (s->flags & RESTART_DBG_ROOT)
+ which = "Root";
+ else if (s->flags & RESTART_DBG_GHOST)
+ which = "Ghost";
+ else if (s->flags & RESTART_DBG_TASK)
+ which = "Task";
+ else
+ which = "?????";
+ if (s->flags & RESTART_DBG_WAITING)
+ state = "Waiting";
+ else if (s->flags & RESTART_DBG_RUNNING)
+ state = "Running";
+ else if (s->flags & RESTART_DBG_FAILED)
+ state = "Failed";
+ else if (s->flags & RESTART_DBG_SUCCESS)
+ state = "Success";
+ else if (s->flags & RESTART_DBG_EXITED)
+ state = "Exited";
+ else
+ state = "??????";
+ ckpt_debug("pid %d type %s state %s\n", s->pid, which, state);
+ list_del(&s->list);
+ kfree(s);
+ }
+}
+
+#else
+
+static inline int restore_debug_task(struct ckpt_ctx *ctx, int flags)
+{
+ return 0;
+}
+static inline void restore_debug_error(struct ckpt_ctx *ctx, int err) {}
+static inline void restore_debug_running(struct ckpt_ctx *ctx) {}
+static inline void restore_debug_exit(struct ckpt_ctx *ctx) {}
+
+#endif /* CONFIG_CHECKPOINT_DEBUG */
+
+
static int _ckpt_read_err(struct ckpt_ctx *ctx, struct ckpt_hdr *h)
{
char *ptr;
@@ -207,11 +373,16 @@ void *ckpt_read_obj_type(struct ckpt_ctx *ctx, int len, int type)
BUG_ON(!len);
h = ckpt_read_obj(ctx, len, len);
- if (IS_ERR(h))
+ if (IS_ERR(h)) {
+ ckpt_err(ctx, PTR_ERR(h), "Looking for type %d in ckptfile\n",
+ type);
return h;
+ }
if (h->type != type) {
ckpt_hdr_put(ctx, h);
+ ckpt_err(ctx, -EINVAL, "Next object was type %d, not %d\n",
+ h->type, type);
h = ERR_PTR(-EINVAL);
}
@@ -451,6 +622,519 @@ static int restore_read_tail(struct ckpt_ctx *ctx)
return ret;
}
+/* restore_read_tree - read the tasks tree into the checkpoint context */
+static int restore_read_tree(struct ckpt_ctx *ctx)
+{
+ struct ckpt_hdr_tree *h;
+ int size, ret;
+
+ h = ckpt_read_obj_type(ctx, sizeof(*h), CKPT_HDR_TREE);
+ if (IS_ERR(h))
+ return PTR_ERR(h);
+
+ ret = -EINVAL;
+ if (h->nr_tasks <= 0)
+ goto out;
+
+ ctx->nr_pids = h->nr_tasks;
+ size = sizeof(*ctx->pids_arr) * ctx->nr_pids;
+ if (size <= 0) /* overflow ? */
+ goto out;
+
+ ctx->pids_arr = kmalloc(size, GFP_KERNEL);
+ if (!ctx->pids_arr) {
+ ret = -ENOMEM;
+ goto out;
+ }
+ ret = _ckpt_read_buffer(ctx, ctx->pids_arr, size);
+ out:
+ ckpt_hdr_put(ctx, h);
+ return ret;
+}
+
+static inline int all_tasks_activated(struct ckpt_ctx *ctx)
+{
+ return (ctx->active_pid == ctx->nr_pids);
+}
+
+static inline pid_t get_active_pid(struct ckpt_ctx *ctx)
+{
+ int active = ctx->active_pid;
+ return active >= 0 ? ctx->pids_arr[active].vpid : 0;
+}
+
+static inline int is_task_active(struct ckpt_ctx *ctx, pid_t pid)
+{
+ return get_active_pid(ctx) == pid;
+}
+
+/*
+ * If exiting a restart with error, then wake up all other tasks
+ * in the restart context.
+ */
+void restore_notify_error(struct ckpt_ctx *ctx)
+{
+ complete(&ctx->complete);
+ wake_up_all(&ctx->waitq);
+}
+
+static inline struct ckpt_ctx *get_task_ctx(struct task_struct *task)
+{
+ struct ckpt_ctx *ctx;
+
+ task_lock(task);
+ ctx = ckpt_ctx_get(task->checkpoint_ctx);
+ task_unlock(task);
+ return ctx;
+}
+
+/* returns 0 on success, 1 otherwise */
+static int set_task_ctx(struct task_struct *task, struct ckpt_ctx *ctx)
+{
+ int ret;
+
+ task_lock(task);
+ if (!task->checkpoint_ctx) {
+ task->checkpoint_ctx = ckpt_ctx_get(ctx);
+ ret = 0;
+ } else {
+ ckpt_debug("task %d has checkpoint_ctx\n", task_pid_vnr(task));
+ ret = 1;
+ }
+ task_unlock(task);
+ return ret;
+}
+
+static void clear_task_ctx(struct task_struct *task)
+{
+ struct ckpt_ctx *old;
+
+ task_lock(task);
+ old = task->checkpoint_ctx;
+ task->checkpoint_ctx = NULL;
+ task_unlock(task);
+
+ ckpt_debug("task %d clear checkpoint_ctx\n", task_pid_vnr(task));
+ ckpt_ctx_put(old);
+}
+
+static void restore_task_done(struct ckpt_ctx *ctx)
+{
+ if (atomic_dec_and_test(&ctx->nr_total))
+ complete(&ctx->complete);
+ BUG_ON(atomic_read(&ctx->nr_total) < 0);
+}
+
+static int restore_activate_next(struct ckpt_ctx *ctx)
+{
+ struct task_struct *task;
+ pid_t pid;
+
+ ctx->active_pid++;
+
+ BUG_ON(ctx->active_pid > ctx->nr_pids);
+
+ if (!all_tasks_activated(ctx)) {
+ /* wake up next task in line to restore its state */
+ pid = get_active_pid(ctx);
+
+ rcu_read_lock();
+ task = find_task_by_pid_ns(pid, ctx->root_nsproxy->pid_ns);
+ /* target task must have same restart context */
+ if (task && task->checkpoint_ctx == ctx)
+ wake_up_process(task);
+ else
+ task = NULL;
+ rcu_read_unlock();
+
+ if (!task) {
+ ckpt_err(ctx, -ESRCH, "task %d not found\n", pid);
+ return -ESRCH;
+ }
+ }
+
+ return 0;
+}
+
+static int wait_task_active(struct ckpt_ctx *ctx)
+{
+ pid_t pid = task_pid_vnr(current);
+ int ret;
+
+ ckpt_debug("pid %d waiting\n", pid);
+ ret = wait_event_interruptible(ctx->waitq,
+ is_task_active(ctx, pid) ||
+ ckpt_test_error(ctx));
+ ckpt_debug("active %d < %d (ret %d, errno %d)\n",
+ ctx->active_pid, ctx->nr_pids, ret, ctx->errno);
+ if (ckpt_test_error(ctx))
+ return ckpt_get_error(ctx);
+ return 0;
+}
+
+static int wait_task_sync(struct ckpt_ctx *ctx)
+{
+ ckpt_debug("pid %d syncing\n", task_pid_vnr(current));
+ wait_event_interruptible(ctx->waitq, ckpt_test_complete(ctx));
+ ckpt_debug("task sync done (errno %d)\n", ctx->errno);
+ if (ckpt_test_error(ctx))
+ return ckpt_get_error(ctx);
+ return 0;
+}
+
+/* grabs a reference to the @ctx on success; caller should free */
+static struct ckpt_ctx *wait_checkpoint_ctx(void)
+{
+ DECLARE_WAIT_QUEUE_HEAD_ONSTACK(waitq);
+ struct ckpt_ctx *ctx;
+ int ret;
+
+ /*
+ * Wait for coordinator to become visible, then grab a
+ * reference to its restart context.
+ */
+ ret = wait_event_interruptible(waitq, current->checkpoint_ctx);
+ if (ret < 0) {
+ ckpt_debug("wait_checkpoint_ctx: failed (%d)\n", ret);
+ return ERR_PTR(ret);
+ }
+
+ ctx = get_task_ctx(current);
+ if (!ctx) {
+ ckpt_debug("wait_checkpoint_ctx: checkpoint_ctx missing\n");
+ return ERR_PTR(-EAGAIN);
+ }
+
+ return ctx;
+}
+
+/*
+ * Ensure that all members of a thread group are in sys_restart before
+ * restoring any of them. Otherwise, restore may modify shared state
+ * and crash or fault a thread still in userspace,
+ */
+static int wait_sync_threads(void)
+{
+ struct task_struct *p = current;
+ atomic_t *count;
+ int nr = 0;
+ int ret = 0;
+
+ if (thread_group_empty(p))
+ return 0;
+
+ count = &p->signal->restart_count;
+
+ if (!atomic_read(count)) {
+ read_lock(&tasklist_lock);
+ for (p = next_thread(p); p != current; p = next_thread(p))
+ nr++;
+ read_unlock(&tasklist_lock);
+ /*
+ * Testing that @count is 0 makes it unlikely that
+ * multiple threads get here. But if they do, then
+ * only one will succeed in initializing @count.
+ */
+ atomic_cmpxchg(count, 0, nr + 1);
+ }
+
+ if (atomic_dec_and_test(count)) {
+ read_lock(&tasklist_lock);
+ for (p = next_thread(p); p != current; p = next_thread(p))
+ wake_up_process(p);
+ read_unlock(&tasklist_lock);
+ } else {
+ DECLARE_WAIT_QUEUE_HEAD_ONSTACK(waitq);
+ ret = wait_event_interruptible(waitq, !atomic_read(count));
+ }
+
+ return ret;
+}
+
+static int do_restore_task(void)
+{
+ struct ckpt_ctx *ctx;
+ int ret;
+
+ ctx = wait_checkpoint_ctx();
+ if (IS_ERR(ctx))
+ return PTR_ERR(ctx);
+
+ ret = restore_debug_task(ctx, RESTART_DBG_TASK);
+ if (ret < 0)
+ goto out;
+
+ ret = wait_sync_threads();
+ if (ret < 0)
+ goto out;
+
+ /* wait for our turn, do the restore, and tell next task in line */
+ ret = wait_task_active(ctx);
+ if (ret < 0)
+ goto out;
+
+ restore_debug_running(ctx);
+
+ ret = restore_task(ctx);
+ if (ret < 0)
+ goto out;
+
+ restore_task_done(ctx);
+ ret = wait_task_sync(ctx);
+ out:
+ restore_debug_error(ctx, ret);
+ if (ret < 0)
+ ckpt_err(ctx, ret, "task restart failed\n");
+
+ clear_task_ctx(current);
+ ckpt_ctx_put(ctx);
+ return ret;
+}
+
+/**
+ * __prepare_descendants - set ->checkpoint_ctx of a descendants
+ * @task: descendant task
+ * @data: points to the checkpoint ctx
+ */
+static int __prepare_descendants(struct task_struct *task, void *data)
+{
+ struct ckpt_ctx *ctx = (struct ckpt_ctx *) data;
+
+ ckpt_debug("consider task %d\n", task_pid_vnr(task));
+
+ if (!ptrace_may_access(task, PTRACE_MODE_ATTACH)) {
+ ckpt_debug("stranger task %d\n", task_pid_vnr(task));
+ return -EPERM;
+ }
+
+ if (task_ptrace(task) & PT_PTRACED) {
+ ckpt_debug("ptraced task %d\n", task_pid_vnr(task));
+ return -EBUSY;
+ }
+
+ /*
+ * Set task->checkpoint_ctx of all non-zombie descendants.
+ * If a descendant already has a ->checkpoint_ctx, it
+ * must be a coordinator (for a different restart ?) so
+ * we fail.
+ *
+ * Note that own ancestors cannot interfere since they
+ * won't descend past us, as own ->checkpoint_ctx must
+ * already be set.
+ */
+ if (!task->exit_state) {
+ if (set_task_ctx(task, ctx))
+ return -EBUSY;
+ ckpt_debug("prepare task %d\n", task_pid_vnr(task));
+ wake_up_process(task);
+ return 1;
+ }
+
+ return 0;
+}
+
+/**
+ * prepare_descendants - set ->checkpoint_ctx of all descendants
+ * @ctx: checkpoint context
+ * @root: root process for restart
+ *
+ * Called by the coodinator to set the ->checkpoint_ctx pointer of the
+ * root task and all its descendants.
+ */
+static int prepare_descendants(struct ckpt_ctx *ctx, struct task_struct *root)
+{
+ int nr_pids;
+
+ nr_pids = walk_task_subtree(root, __prepare_descendants, ctx);
+ ckpt_debug("nr %d/%d\n", ctx->nr_pids, nr_pids);
+ if (nr_pids < 0)
+ return nr_pids;
+
+ /* fail unless number of processes matches */
+ if (nr_pids != ctx->nr_pids)
+ return -ESRCH;
+
+ atomic_set(&ctx->nr_total, nr_pids);
+ return nr_pids;
+}
+
+static int wait_all_tasks_finish(struct ckpt_ctx *ctx)
+{
+ int ret;
+
+ BUG_ON(ctx->active_pid != -1);
+ ret = restore_activate_next(ctx);
+ if (ret < 0)
+ return ret;
+
+ ret = wait_for_completion_interruptible(&ctx->complete);
+ ckpt_debug("final sync kflags %#lx (ret %d)\n", ctx->kflags, ret);
+
+ return ret;
+}
+
+static struct task_struct *choose_root_task(struct ckpt_ctx *ctx, pid_t pid)
+{
+ struct task_struct *task;
+
+ if (ctx->uflags & RESTART_TASKSELF) {
+ ctx->root_pid = pid;
+ ctx->root_task = current;
+ get_task_struct(current);
+ return current;
+ }
+
+ read_lock(&tasklist_lock);
+ list_for_each_entry(task, ¤t->children, sibling) {
+ if (task_pid_vnr(task) == pid) {
+ get_task_struct(task);
+ ctx->root_task = task;
+ ctx->root_pid = pid;
+ break;
+ }
+ }
+ read_unlock(&tasklist_lock);
+
+ return ctx->root_task;
+}
+
+/* setup restart-specific parts of ctx */
+static int init_restart_ctx(struct ckpt_ctx *ctx, pid_t pid)
+{
+ struct nsproxy *nsproxy;
+
+ /*
+ * No need for explicit cleanup here, because if an error
+ * occurs then ckpt_ctx_free() is eventually called.
+ */
+
+ if (!choose_root_task(ctx, pid))
+ return -ESRCH;
+
+ rcu_read_lock();
+ nsproxy = task_nsproxy(ctx->root_task);
+ if (nsproxy) {
+ get_nsproxy(nsproxy);
+ ctx->root_nsproxy = nsproxy;
+ }
+ rcu_read_unlock();
+ if (!nsproxy)
+ return -ESRCH;
+
+ ctx->active_pid = -1; /* see restore_activate_next, get_active_pid */
+
+ return 0;
+}
+
+static int __destroy_descendants(struct task_struct *task, void *data)
+{
+ struct ckpt_ctx *ctx = (struct ckpt_ctx *) data;
+
+ if (task->checkpoint_ctx == ctx)
+ force_sig(SIGKILL, task);
+
+ return 0;
+}
+
+static void destroy_descendants(struct ckpt_ctx *ctx)
+{
+ walk_task_subtree(ctx->root_task, __destroy_descendants, ctx);
+}
+
+static int do_restore_coord(struct ckpt_ctx *ctx, pid_t pid)
+{
+ int ret;
+
+ ret = restore_debug_task(ctx, RESTART_DBG_COORD);
+ if (ret < 0)
+ return ret;
+ restore_debug_running(ctx);
+
+ ret = restore_read_header(ctx);
+ ckpt_debug("restore header: %d\n", ret);
+ if (ret < 0)
+ return ret;
+ ret = restore_container(ctx);
+ ckpt_debug("restore container: %d\n", ret);
+ if (ret < 0)
+ return ret;
+ ret = restore_read_tree(ctx);
+ ckpt_debug("restore tree: %d\n", ret);
+ if (ret < 0)
+ return ret;
+
+ if ((ctx->uflags & RESTART_TASKSELF) && ctx->nr_pids != 1)
+ return -EINVAL;
+
+ ret = init_restart_ctx(ctx, pid);
+ if (ret < 0)
+ return ret;
+
+ /*
+ * Populate own ->checkpoint_ctx: if an ancestor attempts to
+ * prepare_descendants() on us, it will fail. Furthermore,
+ * that ancestor won't proceed deeper to interfere with our
+ * descendants that are restarting.
+ */
+ if (set_task_ctx(current, ctx)) {
+ /*
+ * We are a bad-behaving descendant: an ancestor must
+ * have prepare_descendants() us as part of a restart.
+ */
+ ckpt_debug("coord already has checkpoint_ctx\n");
+ return -EBUSY;
+ }
+
+ /*
+ * From now on we are committed to the restart. If anything
+ * fails, we'll cleanup (that is, kill) those tasks in our
+ * subtree that we marked for restart - see below.
+ */
+
+ if (ctx->uflags & RESTART_TASKSELF) {
+ ret = restore_task(ctx);
+ ckpt_debug("restore task: %d\n", ret);
+ if (ret < 0)
+ goto out;
+ } else {
+ /* prepare descendants' t->checkpoint_ctx point to coord */
+ ret = prepare_descendants(ctx, ctx->root_task);
+ ckpt_debug("restore prepare: %d\n", ret);
+ if (ret < 0)
+ goto out;
+ /* wait for all other tasks to complete do_restore_task() */
+ ret = wait_all_tasks_finish(ctx);
+ ckpt_debug("restore finish: %d\n", ret);
+ if (ret < 0)
+ goto out;
+ }
+
+ ret = restore_read_tail(ctx);
+ ckpt_debug("restore tail: %d\n", ret);
+ if (ret < 0)
+ goto out;
+
+ if (ctx->uflags & RESTART_FROZEN) {
+ ret = cgroup_freezer_make_frozen(ctx->root_task);
+ ckpt_debug("freezing restart tasks ... %d\n", ret);
+ }
+ out:
+ restore_debug_error(ctx, ret);
+ if (ret < 0)
+ ckpt_err(ctx, ret, "restart failed (coordinator)\n");
+
+ if (ckpt_test_error(ctx)) {
+ destroy_descendants(ctx);
+ ret = ckpt_get_error(ctx);
+ } else {
+ ckpt_set_success(ctx);
+ wake_up_all(&ctx->waitq);
+ }
+
+ clear_task_ctx(current);
+ return ret;
+}
+
static long restore_retval(void)
{
struct pt_regs *regs = task_pt_regs(current);
@@ -501,31 +1185,62 @@ static long restore_retval(void)
return syscall_get_return_value(current, regs);
}
-/* setup restart-specific parts of ctx */
-static int init_restart_ctx(struct ckpt_ctx *ctx, pid_t pid)
+long do_restart(struct ckpt_ctx *ctx, pid_t pid)
{
- return 0;
+ long ret;
+
+ if (ctx)
+ ret = do_restore_coord(ctx, pid);
+ else
+ ret = do_restore_task();
+
+ /* restart(2) isn't idempotent: should not be auto-restarted */
+ if (ret == -ERESTARTSYS || ret == -ERESTARTNOINTR ||
+ ret == -ERESTARTNOHAND || ret == -ERESTART_RESTARTBLOCK)
+ ret = -EINTR;
+
+ /*
+ * The retval from what we return to the caller when all goes
+ * well: this is either the retval from the original syscall
+ * that was interrupted during checkpoint, or the contents of
+ * (saved) eax if the task was in userspace.
+ *
+ * The coordinator (ctx!=NULL) is exempt: don't adjust its retval.
+ * But in self-restart (where RESTART_TASKSELF), the coordinator
+ * _itself_ is a restarting task.
+ */
+
+ if (!ctx || (ctx->uflags & RESTART_TASKSELF)) {
+ if (ret < 0) {
+ /* partial restore is undefined: terminate */
+ ckpt_debug("restart err %ld, exiting\n", ret);
+ force_sig(SIGKILL, current);
+ } else {
+ ret = restore_retval();
+ }
+ }
+
+ ckpt_debug("sys_restart returns %ld\n", ret);
+ return ret;
}
-long do_restart(struct ckpt_ctx *ctx, pid_t pid)
+/**
+ * exit_checkpoint - callback from do_exit to cleanup checkpoint state
+ * @tsk: terminating task
+ */
+void exit_checkpoint(struct task_struct *tsk)
{
- long ret;
+ struct ckpt_ctx *ctx;
- ret = init_restart_ctx(ctx, pid);
- if (ret < 0)
- return ret;
- ret = restore_read_header(ctx);
- if (ret < 0)
- return ret;
- ret = restore_container(ctx);
- if (ret < 0)
- return ret;
- ret = restore_task(ctx);
- if (ret < 0)
- return ret;
- ret = restore_read_tail(ctx);
- if (ret < 0)
- return ret;
+ /* no one else will touch this, because @tsk is dead already */
+ ctx = tsk->checkpoint_ctx;
+
+ /* restarting zombies will activate next task in restart */
+ if (tsk->flags & PF_RESTARTING) {
+ BUG_ON(ctx->active_pid == -1);
+ if (restore_activate_next(ctx) < 0)
+ pr_warning("c/r: [%d] failed zombie exit\n", tsk->pid);
+ }
- return restore_retval();
+ ckpt_ctx_put(ctx);
}
diff --git a/kernel/checkpoint/sys.c b/kernel/checkpoint/sys.c
index 3b13e08..224c0c9 100644
--- a/kernel/checkpoint/sys.c
+++ b/kernel/checkpoint/sys.c
@@ -66,9 +66,14 @@ int ckpt_kwrite(struct ckpt_ctx *ctx, void *addr, size_t count)
{
int ret;
+ if (ckpt_test_error(ctx))
+ return ckpt_get_error(ctx);
+
ret = _ckpt_kwrite(ctx->file, addr, count);
if (ret < 0)
return ret;
+ if (ret != count)
+ return -EPIPE;
ctx->total += count;
return 0;
@@ -92,6 +97,9 @@ int ckpt_kread(struct ckpt_ctx *ctx, void *addr, size_t count)
{
int ret;
+ if (ckpt_test_error(ctx))
+ return ckpt_get_error(ctx);
+
ret = _ckpt_kread(ctx->file, addr, count);
if (ret < 0)
return ret;
@@ -184,6 +192,12 @@ static void task_arr_free(struct ckpt_ctx *ctx)
static void ckpt_ctx_free(struct ckpt_ctx *ctx)
{
+ BUG_ON(atomic_read(&ctx->refcount));
+
+ /* per task status debugging only during restart */
+ if (ctx->kflags & CKPT_CTX_RESTART)
+ restore_debug_free(ctx);
+
if (ctx->file)
fput(ctx->file);
if (ctx->logfile)
@@ -199,6 +213,8 @@ static void ckpt_ctx_free(struct ckpt_ctx *ctx)
if (ctx->root_freezer)
put_task_struct(ctx->root_freezer);
+ kfree(ctx->pids_arr);
+
kfree(ctx);
}
@@ -216,6 +232,17 @@ static struct ckpt_ctx *ckpt_ctx_alloc(int fd, unsigned long uflags,
ctx->kflags = kflags;
ctx->ktime_begin = ktime_get();
+ atomic_set(&ctx->refcount, 0);
+ init_waitqueue_head(&ctx->waitq);
+ init_completion(&ctx->complete);
+
+ init_completion(&ctx->errno_sync);
+
+#ifdef CONFIG_CHECKPOINT_DEBUG
+ INIT_LIST_HEAD(&ctx->task_status);
+ spin_lock_init(&ctx->lock);
+#endif
+
mutex_init(&ctx->msg_mutex);
err = -EBADF;
@@ -228,15 +255,43 @@ static struct ckpt_ctx *ckpt_ctx_alloc(int fd, unsigned long uflags,
if (!ctx->logfile)
goto err;
nolog:
+ atomic_inc(&ctx->refcount);
return ctx;
err:
ckpt_ctx_free(ctx);
return ERR_PTR(err);
}
-static void ckpt_set_error(struct ckpt_ctx *ctx, int err)
+struct ckpt_ctx *ckpt_ctx_get(struct ckpt_ctx *ctx)
+{
+ if (ctx)
+ atomic_inc(&ctx->refcount);
+ return ctx;
+}
+
+void ckpt_ctx_put(struct ckpt_ctx *ctx)
{
- ctx->errno = err;
+ if (ctx && atomic_dec_and_test(&ctx->refcount))
+ ckpt_ctx_free(ctx);
+}
+
+void ckpt_set_error(struct ckpt_ctx *ctx, int err)
+{
+ /* atomically set ctx->errno */
+ if (!ckpt_test_and_set_ctx_kflag(ctx, CKPT_CTX_ERROR)) {
+ ctx->errno = err;
+ /* make ctx->errno visible to all other tasks */
+ complete_all(&ctx->errno_sync);
+ /* on restart, notify all tasks in restarting subtree */
+ if (ctx->kflags & CKPT_CTX_RESTART)
+ restore_notify_error(ctx);
+ }
+}
+
+void ckpt_set_success(struct ckpt_ctx *ctx)
+{
+ ckpt_set_ctx_kflag(ctx, CKPT_CTX_SUCCESS);
+ complete_all(&ctx->errno_sync);
}
/* helpers to handler log/dbg/err messages */
@@ -381,7 +436,7 @@ void _ckpt_msg_complete(struct ckpt_ctx *ctx)
if (ctx->msglen <= 1)
return;
- if (ctx->kflags & CKPT_CTX_CHECKPOINT && ctx->errno) {
+ if (ctx->kflags & CKPT_CTX_CHECKPOINT && ckpt_test_error(ctx)) {
ret = ckpt_write_obj_type(ctx, NULL, 0, CKPT_HDR_ERROR);
if (!ret)
ret = ckpt_write_string(ctx, ctx->msg, ctx->msglen);
@@ -540,7 +595,7 @@ long do_sys_checkpoint(pid_t pid, int fd, unsigned long flags, int logfd)
if (!ret)
ret = ctx->crid;
- ckpt_ctx_free(ctx);
+ ckpt_ctx_put(ctx);
return ret;
}
@@ -560,24 +615,20 @@ long do_sys_restart(pid_t pid, int fd, unsigned long flags, int logfd)
long ret;
/* no flags for now */
- if (flags)
+ if (flags & ~RESTART_USER_FLAGS)
return -EINVAL;
if (ckpt_unpriv_allowed < 2 && !capable(CAP_SYS_ADMIN))
return -EPERM;
- ctx = ckpt_ctx_alloc(fd, flags, CKPT_CTX_RESTART, logfd);
+ if (pid)
+ ctx = ckpt_ctx_alloc(fd, flags, CKPT_CTX_RESTART, logfd);
if (IS_ERR(ctx))
return PTR_ERR(ctx);
ret = do_restart(ctx, pid);
- /* restart(2) isn't idempotent: can't restart syscall */
- if (ret == -ERESTARTSYS || ret == -ERESTARTNOINTR ||
- ret == -ERESTARTNOHAND || ret == -ERESTART_RESTARTBLOCK)
- ret = -EINTR;
-
- ckpt_ctx_free(ctx);
+ ckpt_ctx_put(ctx);
return ret;
}
diff --git a/kernel/exit.c b/kernel/exit.c
index 7f2683a..d9da011 100644
--- a/kernel/exit.c
+++ b/kernel/exit.c
@@ -50,6 +50,7 @@
#include <linux/perf_event.h>
#include <trace/events/sched.h>
#include <linux/hw_breakpoint.h>
+#include <linux/checkpoint.h>
#include <asm/uaccess.h>
#include <asm/unistd.h>
@@ -1010,6 +1011,10 @@ NORET_TYPE void do_exit(long code)
if (unlikely(current->pi_state_cache))
kfree(current->pi_state_cache);
#endif
+#ifdef CONFIG_CHECKPOINT
+ if (unlikely(tsk->checkpoint_ctx))
+ exit_checkpoint(tsk);
+#endif
/*
* Make sure we are holding no locks:
*/
diff --git a/kernel/fork.c b/kernel/fork.c
index 9d5be5c..5d88ee6 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -65,6 +65,7 @@
#include <linux/perf_event.h>
#include <linux/posix-timers.h>
#include <linux/user-return-notifier.h>
+#include <linux/checkpoint.h>
#include <asm/pgtable.h>
#include <asm/pgalloc.h>
@@ -1226,6 +1227,12 @@ static struct task_struct *copy_process(unsigned long clone_flags,
/* Need tasklist lock for parent etc handling! */
write_lock_irq(&tasklist_lock);
+#ifdef CONFIG_CHECKPOINT
+ /* If parent is restarting, child should be too */
+ if (unlikely(current->checkpoint_ctx))
+ p->checkpoint_ctx = ckpt_ctx_get(current->checkpoint_ctx);
+#endif
+
/* CLONE_PARENT re-uses the old parent */
if (clone_flags & (CLONE_PARENT|CLONE_THREAD)) {
p->real_parent = current->real_parent;
--
1.6.3.3
^ permalink raw reply related [flat|nested] 137+ messages in thread* [PATCH v21 030/100] c/r: introduce PF_RESTARTING, and skip notification on exit
2010-05-01 14:14 [PATCH v21 00/100] Kernel based checkpoint/restart Oren Laadan
` (28 preceding siblings ...)
2010-05-01 14:15 ` [PATCH v21 029/100] c/r: restart " Oren Laadan
@ 2010-05-01 14:15 ` Oren Laadan
2010-05-01 14:15 ` [PATCH v21 031/100] c/r: support for zombie processes Oren Laadan
` (71 subsequent siblings)
101 siblings, 0 replies; 137+ messages in thread
From: Oren Laadan @ 2010-05-01 14:15 UTC (permalink / raw)
To: Andrew Morton
Cc: containers, linux-kernel, Serge Hallyn, Matt Helsley,
Pavel Emelyanov, Oren Laadan, Oleg Nesterov
To restore zombie's we will create the a task, that, on its turn to
run, calls do_exit(). Unlike normal tasks that exit, we need to
prevent notification side effects that send signals to other
processes, e.g. parent (SIGCHLD) or child tasks (per child's request).
There are three main cases for such notifications:
1) do_notify_parent(): parent of a process is notified about a change
in status (e.g. become zombie, reparent, etc). If parent ignores,
then mark child for immediate release (skip zombie).
2) kill_orphan_pgrp(): a process group that becomes orphaned will
signal stopped jobs (HUP then CONT).
3) forget_original_parent(): children of a process are signaled (per
request) with p->pdeath_signal
Remember that restoring signal state (for any restarting task) must
complete _before_ it is allowed to resume execution, and not during
the resume. Otherwise, a running task may send a signal to another
task that hasn't restored yet, so the new signal will be lost
soon-after.
I considered two possible way to address this:
1. Add another sync point to restart: all tasks will first restore
their state without signals (all signals blocked), and zombies call
do_exit(). A sync point then will ensure that all zombies are gone and
their effects done. Then all tasks restore their signal state (and
mask), and sync (new point) again. Only then they may resume
execution.
The main disadvantage is the added complexity and inefficiency,
for no good reason.
2. Introduce PF_RESTARTING: mark all restarting tasks with a new flag,
and teach the above three notifications to skip sending the signal if
theis flag is set.
The main advantage is simplicity and completeness. Also, such a flag
may to be useful later on. This the method implemented.
Changelog [ckpt-v19-rc3]:
- Rebase to kernel 2.6.33
Changelog [ckpt-v19-rc1]:
- In reparent_thread() test for PF_RESTARTING on parent
Cc: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Oren Laadan <orenl@cs.columbia.edu>
Acked-by: Serge E. Hallyn <serue@us.ibm.com>
Tested-by: Serge E. Hallyn <serue@us.ibm.com>
---
kernel/exit.c | 6 +++++-
kernel/signal.c | 4 ++++
2 files changed, 9 insertions(+), 1 deletions(-)
diff --git a/kernel/exit.c b/kernel/exit.c
index d9da011..0ef6685 100644
--- a/kernel/exit.c
+++ b/kernel/exit.c
@@ -304,6 +304,10 @@ kill_orphaned_pgrp(struct task_struct *tsk, struct task_struct *parent)
struct pid *pgrp = task_pgrp(tsk);
struct task_struct *ignored_task = tsk;
+ /* restarting zombie doesn't trigger signals */
+ if (tsk->flags & PF_RESTARTING)
+ return;
+
if (!parent)
/* exit: our father is in a different pgrp than
* we are and we were the only connection outside.
@@ -793,7 +797,7 @@ static void forget_original_parent(struct task_struct *father)
BUG_ON(task_ptrace(t));
t->parent = t->real_parent;
}
- if (t->pdeath_signal)
+ if (t->pdeath_signal && !(t->flags & PF_RESTARTING))
group_send_sig_info(t->pdeath_signal,
SEND_SIG_NOINFO, t);
} while_each_thread(p, t);
diff --git a/kernel/signal.c b/kernel/signal.c
index dbd7fe0..be447c8 100644
--- a/kernel/signal.c
+++ b/kernel/signal.c
@@ -1449,6 +1449,10 @@ int do_notify_parent(struct task_struct *tsk, int sig)
BUG_ON(!task_ptrace(tsk) &&
(tsk->group_leader != tsk || !thread_group_empty(tsk)));
+ /* restarting zombie doesn't notify parent */
+ if (tsk->flags & PF_RESTARTING)
+ return ret;
+
info.si_signo = sig;
info.si_errno = 0;
/*
--
1.6.3.3
^ permalink raw reply related [flat|nested] 137+ messages in thread* [PATCH v21 031/100] c/r: support for zombie processes
2010-05-01 14:14 [PATCH v21 00/100] Kernel based checkpoint/restart Oren Laadan
` (29 preceding siblings ...)
2010-05-01 14:15 ` [PATCH v21 030/100] c/r: introduce PF_RESTARTING, and skip notification on exit Oren Laadan
@ 2010-05-01 14:15 ` Oren Laadan
2010-05-01 14:15 ` [PATCH v21 032/100] c/r: Save and restore the [compat_]robust_list member of the task struct Oren Laadan
` (70 subsequent siblings)
101 siblings, 0 replies; 137+ messages in thread
From: Oren Laadan @ 2010-05-01 14:15 UTC (permalink / raw)
To: Andrew Morton
Cc: containers, linux-kernel, Serge Hallyn, Matt Helsley,
Pavel Emelyanov, Oren Laadan
During checkpoint, a zombie processes need only save p->comm,
p->state, p->exit_state, and p->exit_code.
During restart, zombie processes are created like all other
processes. They validate the saved exit_code restore p->comm
and p->exit_code. Then they call do_exit() instead of waking
up the next task in line.
But before, they place the @ctx in p->checkpoint_ctx, so that
only at exit time they will wake up the next task in line,
and drop the reference to the @ctx.
This provides the guarantee that when the coordinator's wait
completes, all normal tasks completed their restart, and all
zombie tasks are already zombified (as opposed to perhap only
becoming a zombie).
Changelog[v19-rc1]:
- Simplify logic of tracking restarting tasks
Changelog[v18]:
- Fix leak of ckpt_ctx when restoring zombie tasks
- Add a few more ckpt_write_err()s
Changelog[v17]:
- Validate t->exit_signal for both threads and leader
- Skip zombies in most of may_checkpoint_task()
- Save/restore t->pdeath_signal
- Validate ->exit_signal and ->pdeath_signal
Signed-off-by: Oren Laadan <orenl@cs.columbia.edu>
Acked-by: Serge E. Hallyn <serue@us.ibm.com>
Tested-by: Serge E. Hallyn <serue@us.ibm.com>
---
include/linux/checkpoint.h | 1 +
include/linux/checkpoint_hdr.h | 1 +
kernel/checkpoint/checkpoint.c | 10 ++++--
kernel/checkpoint/process.c | 69 +++++++++++++++++++++++++++++++++++-----
kernel/checkpoint/restart.c | 22 +++++++++++--
5 files changed, 89 insertions(+), 14 deletions(-)
diff --git a/include/linux/checkpoint.h b/include/linux/checkpoint.h
index f787a75..2d32c17 100644
--- a/include/linux/checkpoint.h
+++ b/include/linux/checkpoint.h
@@ -113,6 +113,7 @@ extern long do_checkpoint(struct ckpt_ctx *ctx, pid_t pid);
extern long do_restart(struct ckpt_ctx *ctx, pid_t pid);
/* task */
+extern int ckpt_activate_next(struct ckpt_ctx *ctx);
extern int checkpoint_task(struct ckpt_ctx *ctx, struct task_struct *t);
extern int restore_task(struct ckpt_ctx *ctx);
diff --git a/include/linux/checkpoint_hdr.h b/include/linux/checkpoint_hdr.h
index 4abae32..68ee0f3 100644
--- a/include/linux/checkpoint_hdr.h
+++ b/include/linux/checkpoint_hdr.h
@@ -165,6 +165,7 @@ struct ckpt_hdr_task {
__u32 exit_state;
__u32 exit_code;
__u32 exit_signal;
+ __u32 pdeath_signal;
__u64 set_child_tid;
__u64 clear_child_tid;
diff --git a/kernel/checkpoint/checkpoint.c b/kernel/checkpoint/checkpoint.c
index 14801f3..f451f8f 100644
--- a/kernel/checkpoint/checkpoint.c
+++ b/kernel/checkpoint/checkpoint.c
@@ -219,7 +219,7 @@ static int may_checkpoint_task(struct ckpt_ctx *ctx, struct task_struct *t)
ckpt_debug("check %d\n", task_pid_nr_ns(t, ctx->root_nsproxy->pid_ns));
- if (t->state == TASK_DEAD) {
+ if (t->exit_state == EXIT_DEAD) {
_ckpt_err(ctx, -EBUSY, "%(T)Task state EXIT_DEAD\n");
return -EBUSY;
}
@@ -229,6 +229,10 @@ static int may_checkpoint_task(struct ckpt_ctx *ctx, struct task_struct *t)
return -EPERM;
}
+ /* zombies are cool (and also don't have nsproxy, below...) */
+ if (t->exit_state)
+ return 0;
+
/* verify that all tasks belongs to same freezer cgroup */
if (t != current && !in_same_cgroup_freezer(t, ctx->root_freezer)) {
_ckpt_err(ctx, -EBUSY, "%(T)Not frozen or wrong cgroup\n");
@@ -245,8 +249,8 @@ static int may_checkpoint_task(struct ckpt_ctx *ctx, struct task_struct *t)
* FIX: for now, disallow siblings of container init created
* via CLONE_PARENT (unclear if they will remain possible)
*/
- if (ctx->root_init && t != root && t->tgid != root->tgid &&
- t->real_parent == root->real_parent) {
+ if (ctx->root_init && t != root &&
+ t->real_parent == root->real_parent && t->tgid != root->tgid) {
_ckpt_err(ctx, -EINVAL, "%(T)Task is sibling of root\n");
return -EINVAL;
}
diff --git a/kernel/checkpoint/process.c b/kernel/checkpoint/process.c
index b662e5d..ce009cb 100644
--- a/kernel/checkpoint/process.c
+++ b/kernel/checkpoint/process.c
@@ -34,12 +34,18 @@ static int checkpoint_task_struct(struct ckpt_ctx *ctx, struct task_struct *t)
h->state = t->state;
h->exit_state = t->exit_state;
h->exit_code = t->exit_code;
- h->exit_signal = t->exit_signal;
- h->set_child_tid = (unsigned long) t->set_child_tid;
- h->clear_child_tid = (unsigned long) t->clear_child_tid;
+ if (t->exit_state) {
+ /* zombie - skip remaining state */
+ BUG_ON(t->exit_state != EXIT_ZOMBIE);
+ } else {
+ /* FIXME: save remaining relevant task_struct fields */
+ h->exit_signal = t->exit_signal;
+ h->pdeath_signal = t->pdeath_signal;
- /* FIXME: save remaining relevant task_struct fields */
+ h->set_child_tid = (unsigned long) t->set_child_tid;
+ h->clear_child_tid = (unsigned long) t->clear_child_tid;
+ }
ret = ckpt_write_obj(ctx, &h->h);
ckpt_hdr_put(ctx, h);
@@ -170,6 +176,11 @@ int checkpoint_task(struct ckpt_ctx *ctx, struct task_struct *t)
ckpt_debug("task %d\n", ret);
if (ret < 0)
goto out;
+
+ /* zombie - we're done here */
+ if (t->exit_state)
+ return 0;
+
ret = checkpoint_thread(ctx, t);
ckpt_debug("thread %d\n", ret);
if (ret < 0)
@@ -189,6 +200,19 @@ int checkpoint_task(struct ckpt_ctx *ctx, struct task_struct *t)
* Restart
*/
+static inline int valid_exit_code(int exit_code)
+{
+ if (exit_code >= 0x10000)
+ return 0;
+ if (exit_code & 0xff) {
+ if (exit_code & ~0xff)
+ return 0;
+ if (!valid_signal(exit_code & 0xff))
+ return 0;
+ }
+ return 1;
+}
+
/* read the task_struct into the current task */
static int restore_task_struct(struct ckpt_ctx *ctx)
{
@@ -200,15 +224,39 @@ static int restore_task_struct(struct ckpt_ctx *ctx)
if (IS_ERR(h))
return PTR_ERR(h);
+ ret = -EINVAL;
+ if (h->state == TASK_DEAD) {
+ if (h->exit_state != EXIT_ZOMBIE)
+ goto out;
+ if (!valid_exit_code(h->exit_code))
+ goto out;
+ t->exit_code = h->exit_code;
+ } else {
+ if (h->exit_code)
+ goto out;
+ if ((thread_group_leader(t) && !valid_signal(h->exit_signal)) ||
+ (!thread_group_leader(t) && h->exit_signal != -1))
+ goto out;
+ if (!valid_signal(h->pdeath_signal))
+ goto out;
+
+ /* FIXME: restore remaining relevant task_struct fields */
+ t->exit_signal = h->exit_signal;
+ t->pdeath_signal = h->pdeath_signal;
+
+ t->set_child_tid =
+ (int __user *) (unsigned long) h->set_child_tid;
+ t->clear_child_tid =
+ (int __user *) (unsigned long) h->clear_child_tid;
+ }
+
memset(t->comm, 0, TASK_COMM_LEN);
ret = _ckpt_read_string(ctx, t->comm, TASK_COMM_LEN);
if (ret < 0)
goto out;
- t->set_child_tid = (int __user *) (unsigned long) h->set_child_tid;
- t->clear_child_tid = (int __user *) (unsigned long) h->clear_child_tid;
-
- /* FIXME: restore remaining relevant task_struct fields */
+ /* return 1 for zombie, 0 otherwise */
+ ret = (h->state == TASK_DEAD ? 1 : 0);
out:
ckpt_hdr_put(ctx, h);
return ret;
@@ -328,6 +376,11 @@ int restore_task(struct ckpt_ctx *ctx)
ckpt_debug("task %d\n", ret);
if (ret < 0)
goto out;
+
+ /* zombie - we're done here */
+ if (ret)
+ goto out;
+
ret = restore_thread(ctx);
ckpt_debug("thread %d\n", ret);
if (ret < 0)
diff --git a/kernel/checkpoint/restart.c b/kernel/checkpoint/restart.c
index ddc71ee..18b3815 100644
--- a/kernel/checkpoint/restart.c
+++ b/kernel/checkpoint/restart.c
@@ -854,7 +854,7 @@ static int wait_sync_threads(void)
static int do_restore_task(void)
{
struct ckpt_ctx *ctx;
- int ret;
+ int zombie, ret;
ctx = wait_checkpoint_ctx();
if (IS_ERR(ctx))
@@ -864,6 +864,8 @@ static int do_restore_task(void)
if (ret < 0)
goto out;
+ current->flags |= PF_RESTARTING;
+
ret = wait_sync_threads();
if (ret < 0)
goto out;
@@ -875,9 +877,22 @@ static int do_restore_task(void)
restore_debug_running(ctx);
- ret = restore_task(ctx);
- if (ret < 0)
+ zombie = restore_task(ctx);
+ if (zombie < 0) {
+ ret = zombie;
goto out;
+ }
+
+ /*
+ * zombie: we're done here; do_exit() will notice the @ctx on
+ * our current->checkpoint_ctx (and our PF_RESTARTING) - it
+ * will call restore_activate_next() and release the @ctx.
+ */
+ if (zombie) {
+ restore_debug_exit(ctx);
+ ckpt_ctx_put(ctx);
+ do_exit(current->exit_code);
+ }
restore_task_done(ctx);
ret = wait_task_sync(ctx);
@@ -886,6 +901,7 @@ static int do_restore_task(void)
if (ret < 0)
ckpt_err(ctx, ret, "task restart failed\n");
+ current->flags &= ~PF_RESTARTING;
clear_task_ctx(current);
ckpt_ctx_put(ctx);
return ret;
--
1.6.3.3
^ permalink raw reply related [flat|nested] 137+ messages in thread* [PATCH v21 032/100] c/r: Save and restore the [compat_]robust_list member of the task struct
2010-05-01 14:14 [PATCH v21 00/100] Kernel based checkpoint/restart Oren Laadan
` (30 preceding siblings ...)
2010-05-01 14:15 ` [PATCH v21 031/100] c/r: support for zombie processes Oren Laadan
@ 2010-05-01 14:15 ` Oren Laadan
2010-05-03 16:10 ` Darren Hart
2010-05-01 14:15 ` [PATCH v21 033/100] c/r: infrastructure for shared objects Oren Laadan
` (69 subsequent siblings)
101 siblings, 1 reply; 137+ messages in thread
From: Oren Laadan @ 2010-05-01 14:15 UTC (permalink / raw)
To: Andrew Morton
Cc: containers, linux-kernel, Serge Hallyn, Matt Helsley,
Pavel Emelyanov, Darren Hart, Thomas Gleixner, Peter Zijlstra,
Ingo Molnar, Eric Dumazet
From: Matt Helsley <matthltc@us.ibm.com>
These lists record which futexes the task holds. To keep the overhead of
robust futexes low the list is kept in userspace. When the task exits the
kernel carefully walks these lists to recover held futexes that
other tasks may be attempting to acquire with FUTEX_WAIT.
Because they point to userspace memory that is saved/restored by
checkpoint/restart saving the list pointers themselves is safe.
While saving the pointers is safe during checkpoint, restart is tricky
because the robust futex ABI contains provisions for changes based on
checking the size of the list head. So we need to save the length of
the list head too in order to make sure that the kernel used during
restart is capable of handling that ABI. Since there is only one ABI
supported at the moment taking the list head's size is simple. Should
the ABI change we will need to use the same size as specified during
sys_set_robust_list() and hence some new means of determining the length
of this userspace structure in sys_checkpoint would be required.
Rather than rewrite the logic that checks and handles the ABI we reuse
sys_set_robust_list() by factoring out the body of the function and
calling it during restart.
Changelog [v19]:
- Keep __u32s in even groups for 32-64 bit compatibility
Cc: Darren Hart <dvhltc@us.ibm.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Ingo Molnar <mingo@elte.hu>
Cc: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: Matt Helsley <matthltc@us.ibm.com>
Acked-by: Oren Laadan <orenl@cs.columbia.edu>
Acked-by: Serge E. Hallyn <serue@us.ibm.com>
Tested-by: Serge E. Hallyn <serue@us.ibm.com>
---
include/linux/checkpoint_hdr.h | 5 ++++
include/linux/compat.h | 3 +-
include/linux/futex.h | 1 +
kernel/checkpoint/process.c | 49 ++++++++++++++++++++++++++++++++++++++++
kernel/futex.c | 19 +++++++++-----
kernel/futex_compat.c | 13 ++++++++--
6 files changed, 79 insertions(+), 11 deletions(-)
diff --git a/include/linux/checkpoint_hdr.h b/include/linux/checkpoint_hdr.h
index 68ee0f3..c7d34a6 100644
--- a/include/linux/checkpoint_hdr.h
+++ b/include/linux/checkpoint_hdr.h
@@ -167,6 +167,11 @@ struct ckpt_hdr_task {
__u32 exit_signal;
__u32 pdeath_signal;
+ __u32 compat_robust_futex_head_len;
+ __u32 compat_robust_futex_list; /* a compat __user ptr */
+ __u32 robust_futex_head_len;
+ __u64 robust_futex_list; /* a __user ptr */
+
__u64 set_child_tid;
__u64 clear_child_tid;
} __attribute__((aligned(8)));
diff --git a/include/linux/compat.h b/include/linux/compat.h
index 717c691..89125dd 100644
--- a/include/linux/compat.h
+++ b/include/linux/compat.h
@@ -210,7 +210,8 @@ struct compat_robust_list_head {
};
extern void compat_exit_robust_list(struct task_struct *curr);
-
+extern long do_compat_set_robust_list(struct compat_robust_list_head __user *head,
+ compat_size_t len);
asmlinkage long
compat_sys_set_robust_list(struct compat_robust_list_head __user *head,
compat_size_t len);
diff --git a/include/linux/futex.h b/include/linux/futex.h
index ae755f6..c825790 100644
--- a/include/linux/futex.h
+++ b/include/linux/futex.h
@@ -185,6 +185,7 @@ union futex_key {
#define FUTEX_KEY_INIT (union futex_key) { .both = { .ptr = NULL } }
#ifdef CONFIG_FUTEX
+extern long do_set_robust_list(struct robust_list_head __user *head, size_t len);
extern void exit_robust_list(struct task_struct *curr);
extern void exit_pi_state_list(struct task_struct *curr);
extern int futex_cmpxchg_enabled;
diff --git a/kernel/checkpoint/process.c b/kernel/checkpoint/process.c
index ce009cb..aabefb6 100644
--- a/kernel/checkpoint/process.c
+++ b/kernel/checkpoint/process.c
@@ -14,9 +14,56 @@
#include <linux/sched.h>
#include <linux/posix-timers.h>
#include <linux/futex.h>
+#include <linux/compat.h>
#include <linux/poll.h>
#include <linux/checkpoint.h>
+
+#ifdef CONFIG_FUTEX
+static void save_task_robust_futex_list(struct ckpt_hdr_task *h,
+ struct task_struct *t)
+{
+ /*
+ * These are __user pointers and thus can be saved without
+ * the objhash.
+ */
+ h->robust_futex_list = (unsigned long)t->robust_list;
+ h->robust_futex_head_len = sizeof(*t->robust_list);
+#ifdef CONFIG_COMPAT
+ h->compat_robust_futex_list = ptr_to_compat(t->compat_robust_list);
+ h->compat_robust_futex_head_len = sizeof(*t->compat_robust_list);
+#endif
+}
+
+static void restore_task_robust_futex_list(struct ckpt_hdr_task *h)
+{
+ /* Since we restore the memory map the address remains the same and
+ * this is safe. This is the same as [compat_]sys_set_robust_list() */
+ if (h->robust_futex_list) {
+ struct robust_list_head __user *rfl;
+ rfl = (void __user *)(unsigned long) h->robust_futex_list;
+ do_set_robust_list(rfl, h->robust_futex_head_len);
+ }
+#ifdef CONFIG_COMPAT
+ if (h->compat_robust_futex_list) {
+ struct compat_robust_list_head __user *crfl;
+ crfl = compat_ptr(h->compat_robust_futex_list);
+ do_compat_set_robust_list(crfl, h->compat_robust_futex_head_len);
+ }
+#endif
+}
+#else /* !CONFIG_FUTEX */
+static inline void save_task_robust_futex_list(struct ckpt_hdr_task *h,
+ struct task_struct *t)
+{
+}
+
+static inline void restore_task_robust_futex_list(struct ckpt_hdr_task *h)
+{
+}
+#endif /* CONFIG_FUTEX */
+
+
/***********************************************************************
* Checkpoint
*/
@@ -45,6 +92,7 @@ static int checkpoint_task_struct(struct ckpt_ctx *ctx, struct task_struct *t)
h->set_child_tid = (unsigned long) t->set_child_tid;
h->clear_child_tid = (unsigned long) t->clear_child_tid;
+ save_task_robust_futex_list(h, t);
}
ret = ckpt_write_obj(ctx, &h->h);
@@ -248,6 +296,7 @@ static int restore_task_struct(struct ckpt_ctx *ctx)
(int __user *) (unsigned long) h->set_child_tid;
t->clear_child_tid =
(int __user *) (unsigned long) h->clear_child_tid;
+ restore_task_robust_futex_list(h);
}
memset(t->comm, 0, TASK_COMM_LEN);
diff --git a/kernel/futex.c b/kernel/futex.c
index 23419c9..baaecb4 100644
--- a/kernel/futex.c
+++ b/kernel/futex.c
@@ -2342,13 +2342,7 @@ out:
* the list. There can only be one such pending lock.
*/
-/**
- * sys_set_robust_list() - Set the robust-futex list head of a task
- * @head: pointer to the list-head
- * @len: length of the list-head, as userspace expects
- */
-SYSCALL_DEFINE2(set_robust_list, struct robust_list_head __user *, head,
- size_t, len)
+long do_set_robust_list(struct robust_list_head __user *head, size_t len)
{
if (!futex_cmpxchg_enabled)
return -ENOSYS;
@@ -2364,6 +2358,17 @@ SYSCALL_DEFINE2(set_robust_list, struct robust_list_head __user *, head,
}
/**
+ * sys_set_robust_list() - Set the robust-futex list head of a task
+ * @head: pointer to the list-head
+ * @len: length of the list-head, as userspace expects
+ */
+SYSCALL_DEFINE2(set_robust_list, struct robust_list_head __user *, head,
+ size_t, len)
+{
+ return do_set_robust_list(head, len);
+}
+
+/**
* sys_get_robust_list() - Get the robust-futex list head of a task
* @pid: pid of the process [zero for current task]
* @head_ptr: pointer to a list-head pointer, the kernel fills it in
diff --git a/kernel/futex_compat.c b/kernel/futex_compat.c
index d49afb2..900bb2b 100644
--- a/kernel/futex_compat.c
+++ b/kernel/futex_compat.c
@@ -114,9 +114,9 @@ void compat_exit_robust_list(struct task_struct *curr)
}
}
-asmlinkage long
-compat_sys_set_robust_list(struct compat_robust_list_head __user *head,
- compat_size_t len)
+long
+do_compat_set_robust_list(struct compat_robust_list_head __user *head,
+ compat_size_t len)
{
if (!futex_cmpxchg_enabled)
return -ENOSYS;
@@ -130,6 +130,13 @@ compat_sys_set_robust_list(struct compat_robust_list_head __user *head,
}
asmlinkage long
+compat_sys_set_robust_list(struct compat_robust_list_head __user *head,
+ compat_size_t len)
+{
+ return do_compat_set_robust_list(head, len);
+}
+
+asmlinkage long
compat_sys_get_robust_list(int pid, compat_uptr_t __user *head_ptr,
compat_size_t __user *len_ptr)
{
--
1.6.3.3
^ permalink raw reply related [flat|nested] 137+ messages in thread* Re: [PATCH v21 032/100] c/r: Save and restore the [compat_]robust_list member of the task struct
2010-05-01 14:15 ` [PATCH v21 032/100] c/r: Save and restore the [compat_]robust_list member of the task struct Oren Laadan
@ 2010-05-03 16:10 ` Darren Hart
2010-05-03 18:02 ` Matt Helsley
0 siblings, 1 reply; 137+ messages in thread
From: Darren Hart @ 2010-05-03 16:10 UTC (permalink / raw)
To: Oren Laadan
Cc: Andrew Morton, containers, linux-kernel, Serge Hallyn,
Matt Helsley, Pavel Emelyanov, Thomas Gleixner, Peter Zijlstra,
Ingo Molnar, Eric Dumazet
Oren Laadan wrote:
> From: Matt Helsley <matthltc@us.ibm.com>
>
> These lists record which futexes the task holds. To keep the overhead of
> robust futexes low the list is kept in userspace. When the task exits the
> kernel carefully walks these lists to recover held futexes that
> other tasks may be attempting to acquire with FUTEX_WAIT.
>
> Because they point to userspace memory that is saved/restored by
> checkpoint/restart saving the list pointers themselves is safe.
>
> While saving the pointers is safe during checkpoint, restart is tricky
> because the robust futex ABI contains provisions for changes based on
> checking the size of the list head. So we need to save the length of
> the list head too in order to make sure that the kernel used during
> restart is capable of handling that ABI. Since there is only one ABI
> supported at the moment taking the list head's size is simple. Should
> the ABI change we will need to use the same size as specified during
> sys_set_robust_list() and hence some new means of determining the length
> of this userspace structure in sys_checkpoint would be required.
>
> Rather than rewrite the logic that checks and handles the ABI we reuse
> sys_set_robust_list() by factoring out the body of the function and
> calling it during restart.
>
The approach looks sound to me. I presume there is no way for the task
to wake and set the robust list to something else after the checkpoint
has started?
Couple of comments re documentation below.
Thanks,
Darren
> Changelog [v19]:
> - Keep __u32s in even groups for 32-64 bit compatibility
>
> Cc: Darren Hart <dvhltc@us.ibm.com>
> Cc: Thomas Gleixner <tglx@linutronix.de>
> Cc: Peter Zijlstra <peterz@infradead.org>
> Cc: Ingo Molnar <mingo@elte.hu>
> Cc: Eric Dumazet <eric.dumazet@gmail.com>
> Signed-off-by: Matt Helsley <matthltc@us.ibm.com>
> Acked-by: Oren Laadan <orenl@cs.columbia.edu>
> Acked-by: Serge E. Hallyn <serue@us.ibm.com>
> Tested-by: Serge E. Hallyn <serue@us.ibm.com>
> ---
> include/linux/checkpoint_hdr.h | 5 ++++
> include/linux/compat.h | 3 +-
> include/linux/futex.h | 1 +
> kernel/checkpoint/process.c | 49 ++++++++++++++++++++++++++++++++++++++++
> kernel/futex.c | 19 +++++++++-----
> kernel/futex_compat.c | 13 ++++++++--
> 6 files changed, 79 insertions(+), 11 deletions(-)
>
> diff --git a/include/linux/checkpoint_hdr.h b/include/linux/checkpoint_hdr.h
> index 68ee0f3..c7d34a6 100644
> --- a/include/linux/checkpoint_hdr.h
> +++ b/include/linux/checkpoint_hdr.h
> @@ -167,6 +167,11 @@ struct ckpt_hdr_task {
> __u32 exit_signal;
> __u32 pdeath_signal;
>
> + __u32 compat_robust_futex_head_len;
> + __u32 compat_robust_futex_list; /* a compat __user ptr */
> + __u32 robust_futex_head_len;
> + __u64 robust_futex_list; /* a __user ptr */
> +
> __u64 set_child_tid;
> __u64 clear_child_tid;
> } __attribute__((aligned(8)));
> diff --git a/include/linux/compat.h b/include/linux/compat.h
> index 717c691..89125dd 100644
> --- a/include/linux/compat.h
> +++ b/include/linux/compat.h
> @@ -210,7 +210,8 @@ struct compat_robust_list_head {
> };
>
> extern void compat_exit_robust_list(struct task_struct *curr);
> -
> +extern long do_compat_set_robust_list(struct compat_robust_list_head __user *head,
> + compat_size_t len);
> asmlinkage long
> compat_sys_set_robust_list(struct compat_robust_list_head __user *head,
> compat_size_t len);
> diff --git a/include/linux/futex.h b/include/linux/futex.h
> index ae755f6..c825790 100644
> --- a/include/linux/futex.h
> +++ b/include/linux/futex.h
> @@ -185,6 +185,7 @@ union futex_key {
> #define FUTEX_KEY_INIT (union futex_key) { .both = { .ptr = NULL } }
>
> #ifdef CONFIG_FUTEX
> +extern long do_set_robust_list(struct robust_list_head __user *head, size_t len);
> extern void exit_robust_list(struct task_struct *curr);
> extern void exit_pi_state_list(struct task_struct *curr);
> extern int futex_cmpxchg_enabled;
> diff --git a/kernel/checkpoint/process.c b/kernel/checkpoint/process.c
> index ce009cb..aabefb6 100644
> --- a/kernel/checkpoint/process.c
> +++ b/kernel/checkpoint/process.c
> @@ -14,9 +14,56 @@
> #include <linux/sched.h>
> #include <linux/posix-timers.h>
> #include <linux/futex.h>
> +#include <linux/compat.h>
> #include <linux/poll.h>
> #include <linux/checkpoint.h>
>
> +
> +#ifdef CONFIG_FUTEX
> +static void save_task_robust_futex_list(struct ckpt_hdr_task *h,
> + struct task_struct *t)
> +{
> + /*
> + * These are __user pointers and thus can be saved without
> + * the objhash.
> + */
> + h->robust_futex_list = (unsigned long)t->robust_list;
> + h->robust_futex_head_len = sizeof(*t->robust_list);
> +#ifdef CONFIG_COMPAT
> + h->compat_robust_futex_list = ptr_to_compat(t->compat_robust_list);
> + h->compat_robust_futex_head_len = sizeof(*t->compat_robust_list);
> +#endif
> +}
> +
> +static void restore_task_robust_futex_list(struct ckpt_hdr_task *h)
> +{
> + /* Since we restore the memory map the address remains the same and
> + * this is safe. This is the same as [compat_]sys_set_robust_list() */
> + if (h->robust_futex_list) {
> + struct robust_list_head __user *rfl;
> + rfl = (void __user *)(unsigned long) h->robust_futex_list;
> + do_set_robust_list(rfl, h->robust_futex_head_len);
> + }
> +#ifdef CONFIG_COMPAT
> + if (h->compat_robust_futex_list) {
> + struct compat_robust_list_head __user *crfl;
> + crfl = compat_ptr(h->compat_robust_futex_list);
> + do_compat_set_robust_list(crfl, h->compat_robust_futex_head_len);
> + }
> +#endif
> +}
> +#else /* !CONFIG_FUTEX */
> +static inline void save_task_robust_futex_list(struct ckpt_hdr_task *h,
> + struct task_struct *t)
> +{
> +}
> +
> +static inline void restore_task_robust_futex_list(struct ckpt_hdr_task *h)
> +{
> +}
> +#endif /* CONFIG_FUTEX */
> +
> +
> /***********************************************************************
> * Checkpoint
> */
> @@ -45,6 +92,7 @@ static int checkpoint_task_struct(struct ckpt_ctx *ctx, struct task_struct *t)
>
> h->set_child_tid = (unsigned long) t->set_child_tid;
> h->clear_child_tid = (unsigned long) t->clear_child_tid;
> + save_task_robust_futex_list(h, t);
> }
>
> ret = ckpt_write_obj(ctx, &h->h);
> @@ -248,6 +296,7 @@ static int restore_task_struct(struct ckpt_ctx *ctx)
> (int __user *) (unsigned long) h->set_child_tid;
> t->clear_child_tid =
> (int __user *) (unsigned long) h->clear_child_tid;
> + restore_task_robust_futex_list(h);
> }
>
> memset(t->comm, 0, TASK_COMM_LEN);
> diff --git a/kernel/futex.c b/kernel/futex.c
> index 23419c9..baaecb4 100644
> --- a/kernel/futex.c
> +++ b/kernel/futex.c
> @@ -2342,13 +2342,7 @@ out:
> * the list. There can only be one such pending lock.
> */
>
> -/**
> - * sys_set_robust_list() - Set the robust-futex list head of a task
> - * @head: pointer to the list-head
> - * @len: length of the list-head, as userspace expects
> - */
> -SYSCALL_DEFINE2(set_robust_list, struct robust_list_head __user *, head,
> - size_t, len)
> +long do_set_robust_list(struct robust_list_head __user *head, size_t len)
Please provide a full kerneldoc header for the new function.
> {
> if (!futex_cmpxchg_enabled)
> return -ENOSYS;
> @@ -2364,6 +2358,17 @@ SYSCALL_DEFINE2(set_robust_list, struct robust_list_head __user *, head,
> }
>
> /**
> + * sys_set_robust_list() - Set the robust-futex list head of a task
> + * @head: pointer to the list-head
> + * @len: length of the list-head, as userspace expects
> + */
> +SYSCALL_DEFINE2(set_robust_list, struct robust_list_head __user *, head,
> + size_t, len)
> +{
> + return do_set_robust_list(head, len);
> +}
> +
> +/**
> * sys_get_robust_list() - Get the robust-futex list head of a task
> * @pid: pid of the process [zero for current task]
> * @head_ptr: pointer to a list-head pointer, the kernel fills it in
> diff --git a/kernel/futex_compat.c b/kernel/futex_compat.c
> index d49afb2..900bb2b 100644
> --- a/kernel/futex_compat.c
> +++ b/kernel/futex_compat.c
> @@ -114,9 +114,9 @@ void compat_exit_robust_list(struct task_struct *curr)
> }
> }
>
> -asmlinkage long
> -compat_sys_set_robust_list(struct compat_robust_list_head __user *head,
> - compat_size_t len)
> +long
> +do_compat_set_robust_list(struct compat_robust_list_head __user *head,
I know futex_compat.c doesn't have as much kerneldoc as futex.c does,
but I'd like to see that improved. Please include a kerneldoc here too.
> + compat_size_t len)
> {
> if (!futex_cmpxchg_enabled)
> return -ENOSYS;
> @@ -130,6 +130,13 @@ compat_sys_set_robust_list(struct compat_robust_list_head __user *head,
> }
>
> asmlinkage long
> +compat_sys_set_robust_list(struct compat_robust_list_head __user *head,
> + compat_size_t len)
> +{
> + return do_compat_set_robust_list(head, len);
> +}
> +
> +asmlinkage long
> compat_sys_get_robust_list(int pid, compat_uptr_t __user *head_ptr,
> compat_size_t __user *len_ptr)
> {
--
Darren Hart
IBM Linux Technology Center
Real-Time Linux Team
^ permalink raw reply [flat|nested] 137+ messages in thread* Re: [PATCH v21 032/100] c/r: Save and restore the [compat_]robust_list member of the task struct
2010-05-03 16:10 ` Darren Hart
@ 2010-05-03 18:02 ` Matt Helsley
0 siblings, 0 replies; 137+ messages in thread
From: Matt Helsley @ 2010-05-03 18:02 UTC (permalink / raw)
To: Darren Hart
Cc: Oren Laadan, Andrew Morton, containers, linux-kernel,
Serge Hallyn, Matt Helsley, Pavel Emelyanov, Thomas Gleixner,
Peter Zijlstra, Ingo Molnar, Eric Dumazet
On Mon, May 03, 2010 at 09:10:42AM -0700, Darren Hart wrote:
> Oren Laadan wrote:
> >From: Matt Helsley <matthltc@us.ibm.com>
> >
> >These lists record which futexes the task holds. To keep the overhead of
> >robust futexes low the list is kept in userspace. When the task exits the
> >kernel carefully walks these lists to recover held futexes that
> >other tasks may be attempting to acquire with FUTEX_WAIT.
> >
> >Because they point to userspace memory that is saved/restored by
> >checkpoint/restart saving the list pointers themselves is safe.
> >
> >While saving the pointers is safe during checkpoint, restart is tricky
> >because the robust futex ABI contains provisions for changes based on
> >checking the size of the list head. So we need to save the length of
> >the list head too in order to make sure that the kernel used during
> >restart is capable of handling that ABI. Since there is only one ABI
> >supported at the moment taking the list head's size is simple. Should
> >the ABI change we will need to use the same size as specified during
> >sys_set_robust_list() and hence some new means of determining the length
> >of this userspace structure in sys_checkpoint would be required.
> >
> >Rather than rewrite the logic that checks and handles the ABI we reuse
> >sys_set_robust_list() by factoring out the body of the function and
> >calling it during restart.
> >
>
> The approach looks sound to me. I presume there is no way for the
> task to wake and set the robust list to something else after the
> checkpoint has started?
Hi Darren,
sys_checkpoint verifies that the tasks are frozen in the same
cgroup throughout the checkpoint.
The cgroup freezer can be in the FROZEN state, which means that
all the tasks in the group are in TASK_UNINTERRUPTIBLE and cannot be
moved out of the group. Leaving the FROZEN state requires writing THAWED
to group/freezer.state and can be done from userspace.
Patch 16 - Adds the CHECKPOINTING cgroup state which ensures that
userspace can't move the cgroup out of the frozen state.
Patch 25 - Calls a function to move the cgroup into the CHECKPOINTING
state then checks that the tasks to-be-checkpointed share the
same freezer cgroup.
Inside do_checkpoint() we have:
+ if (ctx->root_freezer) {
+ ret = cgroup_freezer_begin_checkpoint(ctx->root_freezer);
+ if (ret < 0)
+ return ret;
+ }
Inside may_checkpoint_task(struct ckpt_ctx *ctx, struct task_struct *t)
we check that tasks must be frozen for the duration of checkpoint
by ensuring they are in the same cgroup freezer:
+ /* verify that all tasks belongs to same freezer cgroup */
+ if (t != current && !in_same_cgroup_freezer(t, ctx->root_freezer)) {
+ _ckpt_err(ctx, -EBUSY, "%(T)Not frozen or wrong cgroup\n");
+ return -EBUSY;
+ }
(Call stack:
do_checkpoint -> build_tree -> walk_task_subtree
-> tree_count_tasks -> __tree_count_tasks -> may_checkpoint
and build_tree() is called after
cgroup_freezer_begin_checkpoint(ctx->root_freezer))
At the end of do_checkpoint() we have the corresponding:
out:
+ if (ctx->root_freezer)
+ cgroup_freezer_end_checkpoint(ctx->root_freezer);
return ret;
>
> Couple of comments re documentation below.
>
> Thanks,
>
> Darren
>
> >Changelog [v19]:
> > - Keep __u32s in even groups for 32-64 bit compatibility
> >
> >Cc: Darren Hart <dvhltc@us.ibm.com>
> >Cc: Thomas Gleixner <tglx@linutronix.de>
> >Cc: Peter Zijlstra <peterz@infradead.org>
> >Cc: Ingo Molnar <mingo@elte.hu>
> >Cc: Eric Dumazet <eric.dumazet@gmail.com>
> >Signed-off-by: Matt Helsley <matthltc@us.ibm.com>
> >Acked-by: Oren Laadan <orenl@cs.columbia.edu>
> >Acked-by: Serge E. Hallyn <serue@us.ibm.com>
> >Tested-by: Serge E. Hallyn <serue@us.ibm.com>
> >---
> > include/linux/checkpoint_hdr.h | 5 ++++
> > include/linux/compat.h | 3 +-
> > include/linux/futex.h | 1 +
> > kernel/checkpoint/process.c | 49 ++++++++++++++++++++++++++++++++++++++++
> > kernel/futex.c | 19 +++++++++-----
> > kernel/futex_compat.c | 13 ++++++++--
> > 6 files changed, 79 insertions(+), 11 deletions(-)
> >
> >diff --git a/include/linux/checkpoint_hdr.h b/include/linux/checkpoint_hdr.h
> >index 68ee0f3..c7d34a6 100644
> >--- a/include/linux/checkpoint_hdr.h
> >+++ b/include/linux/checkpoint_hdr.h
> >@@ -167,6 +167,11 @@ struct ckpt_hdr_task {
> > __u32 exit_signal;
> > __u32 pdeath_signal;
> >
> >+ __u32 compat_robust_futex_head_len;
> >+ __u32 compat_robust_futex_list; /* a compat __user ptr */
> >+ __u32 robust_futex_head_len;
> >+ __u64 robust_futex_list; /* a __user ptr */
> >+
> > __u64 set_child_tid;
> > __u64 clear_child_tid;
> > } __attribute__((aligned(8)));
> >diff --git a/include/linux/compat.h b/include/linux/compat.h
> >index 717c691..89125dd 100644
> >--- a/include/linux/compat.h
> >+++ b/include/linux/compat.h
> >@@ -210,7 +210,8 @@ struct compat_robust_list_head {
> > };
> >
> > extern void compat_exit_robust_list(struct task_struct *curr);
> >-
> >+extern long do_compat_set_robust_list(struct compat_robust_list_head __user *head,
> >+ compat_size_t len);
> > asmlinkage long
> > compat_sys_set_robust_list(struct compat_robust_list_head __user *head,
> > compat_size_t len);
> >diff --git a/include/linux/futex.h b/include/linux/futex.h
> >index ae755f6..c825790 100644
> >--- a/include/linux/futex.h
> >+++ b/include/linux/futex.h
> >@@ -185,6 +185,7 @@ union futex_key {
> > #define FUTEX_KEY_INIT (union futex_key) { .both = { .ptr = NULL } }
> >
> > #ifdef CONFIG_FUTEX
> >+extern long do_set_robust_list(struct robust_list_head __user *head, size_t len);
> > extern void exit_robust_list(struct task_struct *curr);
> > extern void exit_pi_state_list(struct task_struct *curr);
> > extern int futex_cmpxchg_enabled;
> >diff --git a/kernel/checkpoint/process.c b/kernel/checkpoint/process.c
> >index ce009cb..aabefb6 100644
> >--- a/kernel/checkpoint/process.c
> >+++ b/kernel/checkpoint/process.c
> >@@ -14,9 +14,56 @@
> > #include <linux/sched.h>
> > #include <linux/posix-timers.h>
> > #include <linux/futex.h>
> >+#include <linux/compat.h>
> > #include <linux/poll.h>
> > #include <linux/checkpoint.h>
> >
> >+
> >+#ifdef CONFIG_FUTEX
> >+static void save_task_robust_futex_list(struct ckpt_hdr_task *h,
> >+ struct task_struct *t)
> >+{
> >+ /*
> >+ * These are __user pointers and thus can be saved without
> >+ * the objhash.
> >+ */
> >+ h->robust_futex_list = (unsigned long)t->robust_list;
> >+ h->robust_futex_head_len = sizeof(*t->robust_list);
> >+#ifdef CONFIG_COMPAT
> >+ h->compat_robust_futex_list = ptr_to_compat(t->compat_robust_list);
> >+ h->compat_robust_futex_head_len = sizeof(*t->compat_robust_list);
> >+#endif
> >+}
> >+
> >+static void restore_task_robust_futex_list(struct ckpt_hdr_task *h)
> >+{
> >+ /* Since we restore the memory map the address remains the same and
> >+ * this is safe. This is the same as [compat_]sys_set_robust_list() */
> >+ if (h->robust_futex_list) {
> >+ struct robust_list_head __user *rfl;
> >+ rfl = (void __user *)(unsigned long) h->robust_futex_list;
> >+ do_set_robust_list(rfl, h->robust_futex_head_len);
> >+ }
> >+#ifdef CONFIG_COMPAT
> >+ if (h->compat_robust_futex_list) {
> >+ struct compat_robust_list_head __user *crfl;
> >+ crfl = compat_ptr(h->compat_robust_futex_list);
> >+ do_compat_set_robust_list(crfl, h->compat_robust_futex_head_len);
> >+ }
> >+#endif
> >+}
> >+#else /* !CONFIG_FUTEX */
> >+static inline void save_task_robust_futex_list(struct ckpt_hdr_task *h,
> >+ struct task_struct *t)
> >+{
> >+}
> >+
> >+static inline void restore_task_robust_futex_list(struct ckpt_hdr_task *h)
> >+{
> >+}
> >+#endif /* CONFIG_FUTEX */
> >+
> >+
> > /***********************************************************************
> > * Checkpoint
> > */
> >@@ -45,6 +92,7 @@ static int checkpoint_task_struct(struct ckpt_ctx *ctx, struct task_struct *t)
> >
> > h->set_child_tid = (unsigned long) t->set_child_tid;
> > h->clear_child_tid = (unsigned long) t->clear_child_tid;
> >+ save_task_robust_futex_list(h, t);
> > }
> >
> > ret = ckpt_write_obj(ctx, &h->h);
> >@@ -248,6 +296,7 @@ static int restore_task_struct(struct ckpt_ctx *ctx)
> > (int __user *) (unsigned long) h->set_child_tid;
> > t->clear_child_tid =
> > (int __user *) (unsigned long) h->clear_child_tid;
> >+ restore_task_robust_futex_list(h);
> > }
> >
> > memset(t->comm, 0, TASK_COMM_LEN);
> >diff --git a/kernel/futex.c b/kernel/futex.c
> >index 23419c9..baaecb4 100644
> >--- a/kernel/futex.c
> >+++ b/kernel/futex.c
> >@@ -2342,13 +2342,7 @@ out:
> > * the list. There can only be one such pending lock.
> > */
> >
> >-/**
> >- * sys_set_robust_list() - Set the robust-futex list head of a task
> >- * @head: pointer to the list-head
> >- * @len: length of the list-head, as userspace expects
> >- */
> >-SYSCALL_DEFINE2(set_robust_list, struct robust_list_head __user *, head,
> >- size_t, len)
> >+long do_set_robust_list(struct robust_list_head __user *head, size_t len)
>
>
> Please provide a full kerneldoc header for the new function.
OK, will do. It'll be almost exactly the same as what precedes the
SYSCALL_DEFINE.
> > {
> > if (!futex_cmpxchg_enabled)
> > return -ENOSYS;
> >@@ -2364,6 +2358,17 @@ SYSCALL_DEFINE2(set_robust_list, struct robust_list_head __user *, head,
> > }
> >
> > /**
> >+ * sys_set_robust_list() - Set the robust-futex list head of a task
> >+ * @head: pointer to the list-head
> >+ * @len: length of the list-head, as userspace expects
> >+ */
> >+SYSCALL_DEFINE2(set_robust_list, struct robust_list_head __user *, head,
> >+ size_t, len)
> >+{
> >+ return do_set_robust_list(head, len);
> >+}
> >+
> >+/**
> > * sys_get_robust_list() - Get the robust-futex list head of a task
> > * @pid: pid of the process [zero for current task]
> > * @head_ptr: pointer to a list-head pointer, the kernel fills it in
> >diff --git a/kernel/futex_compat.c b/kernel/futex_compat.c
> >index d49afb2..900bb2b 100644
> >--- a/kernel/futex_compat.c
> >+++ b/kernel/futex_compat.c
> >@@ -114,9 +114,9 @@ void compat_exit_robust_list(struct task_struct *curr)
> > }
> > }
> >
> >-asmlinkage long
> >-compat_sys_set_robust_list(struct compat_robust_list_head __user *head,
> >- compat_size_t len)
> >+long
> >+do_compat_set_robust_list(struct compat_robust_list_head __user *head,
>
>
> I know futex_compat.c doesn't have as much kerneldoc as futex.c
> does, but I'd like to see that improved. Please include a kerneldoc
> here too.
OK, sounds good to me.
Thanks for the review!
Cheers,
-Matt Helsley
^ permalink raw reply [flat|nested] 137+ messages in thread
* [PATCH v21 033/100] c/r: infrastructure for shared objects
2010-05-01 14:14 [PATCH v21 00/100] Kernel based checkpoint/restart Oren Laadan
` (31 preceding siblings ...)
2010-05-01 14:15 ` [PATCH v21 032/100] c/r: Save and restore the [compat_]robust_list member of the task struct Oren Laadan
@ 2010-05-01 14:15 ` Oren Laadan
2010-05-01 14:15 ` [PATCH v21 034/100] c/r: detect resource leaks for whole-container checkpoint Oren Laadan
` (68 subsequent siblings)
101 siblings, 0 replies; 137+ messages in thread
From: Oren Laadan @ 2010-05-01 14:15 UTC (permalink / raw)
To: Andrew Morton
Cc: containers, linux-kernel, Serge Hallyn, Matt Helsley,
Pavel Emelyanov, Oren Laadan, Ingo Molnar
The state of shared objects is saved once. On the first encounter,
the state is dumped and the object is assigned a unique identifier
(objref) and also stored in a hash table (indexed by its physical
kernel address). From then on the object will be found in the hash
and only its identifier is saved.
On restart the identifier is looked up in the hash table; if not found
then the state is read, the object is created, and added to the hash
table (this time indexed by its identifier). Otherwise, the object in
the hash table is used.
The hash is "one-way": objects added to it are never deleted until the
hash it discarded. The hash is discarded at the end of checkpoint or
restart, whether successful or not.
The hash keeps a reference to every object that is added to it,
matching the object's type, and maintains this reference during its
lifetime. Therefore, it is always safe to use an object that is
stored in the hash.
Changelog[v21]:
- Do not include checkpoint_hdr.h explicitly
- Restore_obj() to tolerate a preexisting object in the hash
- Add ckpt_obj_del() to objhash for handling error conditions
- [Serge Hallyn] Replace BUG_ON() in obj_new with error returns to be
more informative with obj_new errors.
Changelog[v20]:
- Export key symbols to enable c/r from kernel modules
- Avoid crash if incoming object doesn't have .restore
Changelog[v19-rc1]:
- Define ckpt_obj_try_fetch
- Disallow zero or negative objref during restart
- [Matt Helsley] Add cpp definitions for enums
- [Serge Hallyn] Use ckpt_err() in ckpt_obj_fetch()
- [Serge Hallyn] Use ckpt_err() in ckpt_read_obj_type()
- Factor out objref handling from {_,}ckpt_read_obj()
Changelog[v18]:
- Add ckpt_obj_reserve()
- Change ref_drop() to accept a @lastref argument (useful for
cleanup)
- Disallow multiple objects with same objref in restart
- Allow _ckpt_read_obj_type() to read object header only (w/o
payload)
Changelog[v17]:
- Add ckpt_obj->flags with CKPT_OBJ_CHECKPOINTED flag
- Add prototype of ckpt_obj_lookup
- Complain on attempt to add NULL ptr to objhash
- Prepare for 'leaks detection'
Changelog[v16]:
- Introduce ckpt_obj_lookup() to find an object by its ptr
Changelog[v14]:
- Introduce 'struct ckpt_obj_ops' to better modularize shared
objs.
- Replace long 'switch' statements with table lookups and
callbacks.
- Introduce checkpoint_obj() and restart_obj() helpers
- Shared objects now dumped/saved right before they are
referenced
- Cleanup interface of shared objects
Changelog[v13]:
- Use hash_long() with 'unsigned long' cast to support 64bit
archs
(Nathan Lynch <ntl@pobox.com>)
Changelog[v11]:
- Doc: be explicit about grabbing a reference and object
lifetime
Changelog[v4]:
- Fix calculation of hash table size
Changelog[v3]:
- Use standard hlist_... for hash table
Cc: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Oren Laadan <orenl@cs.columbia.edu>
Acked-by: Serge E. Hallyn <serue@us.ibm.com>
Tested-by: Serge E. Hallyn <serue@us.ibm.com>
---
include/linux/checkpoint.h | 33 +++
include/linux/checkpoint_hdr.h | 17 ++
include/linux/checkpoint_types.h | 13 +
kernel/checkpoint/Makefile | 1 +
kernel/checkpoint/objhash.c | 518 ++++++++++++++++++++++++++++++++++++++
kernel/checkpoint/restart.c | 81 +++++--
kernel/checkpoint/sys.c | 7 +
7 files changed, 652 insertions(+), 18 deletions(-)
create mode 100644 kernel/checkpoint/objhash.c
diff --git a/include/linux/checkpoint.h b/include/linux/checkpoint.h
index 2d32c17..2f5af3c 100644
--- a/include/linux/checkpoint.h
+++ b/include/linux/checkpoint.h
@@ -106,6 +106,27 @@ static inline int ckpt_get_error(struct ckpt_ctx *ctx)
extern void restore_notify_error(struct ckpt_ctx *ctx);
+/* obj_hash */
+extern void ckpt_obj_hash_free(struct ckpt_ctx *ctx);
+extern int ckpt_obj_hash_alloc(struct ckpt_ctx *ctx);
+
+extern int restore_obj(struct ckpt_ctx *ctx, struct ckpt_hdr_objref *h);
+extern int checkpoint_obj(struct ckpt_ctx *ctx, void *ptr,
+ enum obj_type type);
+extern int ckpt_obj_lookup(struct ckpt_ctx *ctx, void *ptr,
+ enum obj_type type);
+extern int ckpt_obj_lookup_add(struct ckpt_ctx *ctx, void *ptr,
+ enum obj_type type, int *first);
+extern void *ckpt_obj_try_fetch(struct ckpt_ctx *ctx, int objref,
+ enum obj_type type);
+extern void *ckpt_obj_fetch(struct ckpt_ctx *ctx, int objref,
+ enum obj_type type);
+extern int ckpt_obj_insert(struct ckpt_ctx *ctx, void *ptr, int objref,
+ enum obj_type type);
+extern int ckpt_obj_reserve(struct ckpt_ctx *ctx);
+extern int ckpt_obj_delete(struct ckpt_ctx *ctx, int objref,
+ enum obj_type type);
+
extern struct ckpt_ctx *ckpt_ctx_get(struct ckpt_ctx *ctx);
extern void ckpt_ctx_put(struct ckpt_ctx *ctx);
@@ -139,6 +160,7 @@ static inline int ckpt_validate_errno(int errno)
#define CKPT_DBASE 0x1 /* anything */
#define CKPT_DSYS 0x2 /* generic (system) */
#define CKPT_DRW 0x4 /* image read/write */
+#define CKPT_DOBJ 0x8 /* shared objects */
#define CKPT_DDEFAULT 0xffff /* default debug level */
@@ -260,6 +282,17 @@ extern void _ckpt_msg_complete(struct ckpt_ctx *ctx);
_do_ckpt_msg(ctx, err, "[E @ %s:%d]" fmt, __func__, __LINE__, ##args); \
} while (0)
+struct ckpt_obj_ops;
+extern int register_checkpoint_obj(const struct ckpt_obj_ops *ops);
+
+#else /* CONFIG_CHEKCPOINT */
+
+struct ckpt_obj_ops;
+static inline int register_checkpoint_obj(const struct ckpt_obj_ops *ops)
+{
+ return 0;
+}
+
#endif /* CONFIG_CHECKPOINT */
#endif /* __KERNEL__ */
diff --git a/include/linux/checkpoint_hdr.h b/include/linux/checkpoint_hdr.h
index c7d34a6..5545ef6 100644
--- a/include/linux/checkpoint_hdr.h
+++ b/include/linux/checkpoint_hdr.h
@@ -69,6 +69,8 @@ enum {
#define CKPT_HDR_BUFFER CKPT_HDR_BUFFER
CKPT_HDR_STRING,
#define CKPT_HDR_STRING CKPT_HDR_STRING
+ CKPT_HDR_OBJREF,
+#define CKPT_HDR_OBJREF CKPT_HDR_OBJREF
CKPT_HDR_TREE = 101,
#define CKPT_HDR_TREE CKPT_HDR_TREE
@@ -98,6 +100,21 @@ enum {
#define CKPT_ARCH_X86_64 CKPT_ARCH_X86_64
};
+/* shared objrects (objref) */
+struct ckpt_hdr_objref {
+ struct ckpt_hdr h;
+ __u32 objtype;
+ __s32 objref;
+} __attribute__((aligned(8)));
+
+/* shared objects types */
+enum obj_type {
+ CKPT_OBJ_IGNORE = 0,
+#define CKPT_OBJ_IGNORE CKPT_OBJ_IGNORE
+ CKPT_OBJ_MAX
+#define CKPT_OBJ_MAX CKPT_OBJ_MAX
+};
+
/* kernel constants */
struct ckpt_const {
/* task */
diff --git a/include/linux/checkpoint_types.h b/include/linux/checkpoint_types.h
index afe76ad..912e06a 100644
--- a/include/linux/checkpoint_types.h
+++ b/include/linux/checkpoint_types.h
@@ -39,6 +39,8 @@ struct ckpt_ctx {
atomic_t refcount;
+ struct ckpt_obj_hash *obj_hash; /* repository for shared objects */
+
struct task_struct *tsk;/* checkpoint: current target task */
char err_string[256]; /* checkpoint: error string */
@@ -69,6 +71,17 @@ struct ckpt_ctx {
#endif
};
+/* object operations */
+struct ckpt_obj_ops {
+ char *obj_name;
+ int obj_type;
+ void (*ref_drop)(void *ptr, int lastref);
+ int (*ref_grab)(void *ptr);
+ int (*checkpoint)(struct ckpt_ctx *ctx, void *ptr);
+ void *(*restore)(struct ckpt_ctx *ctx);
+};
+
+
#endif /* __KERNEL__ */
#endif /* _LINUX_CHECKPOINT_TYPES_H_ */
diff --git a/kernel/checkpoint/Makefile b/kernel/checkpoint/Makefile
index 99364cc..5aa6a75 100644
--- a/kernel/checkpoint/Makefile
+++ b/kernel/checkpoint/Makefile
@@ -4,6 +4,7 @@
obj-$(CONFIG_CHECKPOINT) += \
sys.o \
+ objhash.o \
checkpoint.o \
restart.o \
process.o
diff --git a/kernel/checkpoint/objhash.c b/kernel/checkpoint/objhash.c
new file mode 100644
index 0000000..1ee06d0
--- /dev/null
+++ b/kernel/checkpoint/objhash.c
@@ -0,0 +1,518 @@
+/*
+ * Checkpoint-restart - object hash infrastructure to manage shared objects
+ *
+ * Copyright (C) 2008-2009 Oren Laadan
+ *
+ * This file is subject to the terms and conditions of the GNU General Public
+ * License. See the file COPYING in the main directory of the Linux
+ * distribution for more details.
+ */
+
+/* default debug level for output */
+#define CKPT_DFLAG CKPT_DOBJ
+
+#include <linux/kernel.h>
+#include <linux/module.h>
+#include <linux/slab.h>
+#include <linux/hash.h>
+#include <linux/checkpoint.h>
+
+struct ckpt_obj {
+ int objref;
+ int flags;
+ void *ptr;
+ const struct ckpt_obj_ops *ops;
+ struct hlist_node hash;
+};
+
+/* object internal flags */
+#define CKPT_OBJ_CHECKPOINTED 0x1 /* object already checkpointed */
+
+struct ckpt_obj_hash {
+ struct hlist_head *head;
+ int next_free_objref;
+};
+
+/* ignored object */
+static const struct ckpt_obj_ops ckpt_obj_ignored_ops = {
+ .obj_name = "IGNORED",
+ .obj_type = CKPT_OBJ_IGNORE,
+ .ref_drop = NULL,
+ .ref_grab = NULL,
+};
+
+static const struct ckpt_obj_ops *ckpt_obj_ops[CKPT_OBJ_MAX] = {
+ [CKPT_OBJ_IGNORE] = &ckpt_obj_ignored_ops,
+};
+
+int register_checkpoint_obj(const struct ckpt_obj_ops *ops)
+{
+ if (ops->obj_type < 0 || ops->obj_type >= CKPT_OBJ_MAX)
+ return -EINVAL;
+ if (ckpt_obj_ops[ops->obj_type] != NULL)
+ return -EINVAL;
+ ckpt_obj_ops[ops->obj_type] = ops;
+ return 0;
+}
+EXPORT_SYMBOL(register_checkpoint_obj);
+
+#define CKPT_OBJ_HASH_NBITS 10
+#define CKPT_OBJ_HASH_TOTAL (1UL << CKPT_OBJ_HASH_NBITS)
+
+static void obj_hash_clear(struct ckpt_obj_hash *obj_hash)
+{
+ struct hlist_head *h = obj_hash->head;
+ struct hlist_node *n, *t;
+ struct ckpt_obj *obj;
+ int i;
+
+ for (i = 0; i < CKPT_OBJ_HASH_TOTAL; i++) {
+ hlist_for_each_entry_safe(obj, n, t, &h[i], hash) {
+ if (obj->ops->ref_drop)
+ obj->ops->ref_drop(obj->ptr, 1);
+ kfree(obj);
+ }
+ }
+}
+
+void ckpt_obj_hash_free(struct ckpt_ctx *ctx)
+{
+ struct ckpt_obj_hash *obj_hash = ctx->obj_hash;
+
+ if (obj_hash) {
+ obj_hash_clear(obj_hash);
+ kfree(obj_hash->head);
+ kfree(ctx->obj_hash);
+ ctx->obj_hash = NULL;
+ }
+}
+
+int ckpt_obj_hash_alloc(struct ckpt_ctx *ctx)
+{
+ struct ckpt_obj_hash *obj_hash;
+ struct hlist_head *head;
+
+ obj_hash = kzalloc(sizeof(*obj_hash), GFP_KERNEL);
+ if (!obj_hash)
+ return -ENOMEM;
+ head = kzalloc(CKPT_OBJ_HASH_TOTAL * sizeof(*head), GFP_KERNEL);
+ if (!head) {
+ kfree(obj_hash);
+ return -ENOMEM;
+ }
+
+ obj_hash->head = head;
+ obj_hash->next_free_objref = 1;
+
+ ctx->obj_hash = obj_hash;
+ return 0;
+}
+
+static struct ckpt_obj *obj_find_by_ptr(struct ckpt_ctx *ctx, void *ptr)
+{
+ struct hlist_head *h;
+ struct hlist_node *n;
+ struct ckpt_obj *obj;
+
+ h = &ctx->obj_hash->head[hash_long((unsigned long) ptr,
+ CKPT_OBJ_HASH_NBITS)];
+ hlist_for_each_entry(obj, n, h, hash)
+ if (obj->ptr == ptr)
+ return obj;
+ return NULL;
+}
+
+static struct ckpt_obj *obj_find_by_objref(struct ckpt_ctx *ctx, int objref)
+{
+ struct hlist_head *h;
+ struct hlist_node *n;
+ struct ckpt_obj *obj;
+
+ h = &ctx->obj_hash->head[hash_long((unsigned long) objref,
+ CKPT_OBJ_HASH_NBITS)];
+ hlist_for_each_entry(obj, n, h, hash)
+ if (obj->objref == objref)
+ return obj;
+ return NULL;
+}
+
+static inline int obj_alloc_objref(struct ckpt_ctx *ctx)
+{
+ return ctx->obj_hash->next_free_objref++;
+}
+
+/**
+ * ckpt_obj_new - add an object to the obj_hash
+ * @ctx: checkpoint context
+ * @ptr: pointer to object
+ * @objref: object unique id
+ * @ops: object operations
+ *
+ * Add the object to the obj_hash. If @objref is zero, assign a unique
+ * object id and use @ptr as a hash key [checkpoint]. Else use @objref
+ * as a key [restart].
+ */
+static struct ckpt_obj *obj_new(struct ckpt_ctx *ctx, void *ptr,
+ int objref, enum obj_type type)
+{
+ const struct ckpt_obj_ops *ops = ckpt_obj_ops[type];
+ struct ckpt_obj *obj;
+ int i, ret;
+
+ /* explicitly disallow null pointers */
+ if (!ptr) {
+ ckpt_err(ctx, -EINVAL, "checkpointing NULL type %d\n", type);
+ return ERR_PTR(-EINVAL);
+ }
+
+ /* make sure we don't change this accidentally */
+ if (ops->obj_type != type) {
+ ckpt_err(ctx, -EINVAL, "type mismatch: %d->ops->obj_type %d\n",
+ type, ops->obj_type);
+ return ERR_PTR(-EINVAL);
+ }
+
+ obj = kzalloc(sizeof(*obj), GFP_KERNEL);
+ if (!obj)
+ return ERR_PTR(-ENOMEM);
+
+ obj->ptr = ptr;
+ obj->ops = ops;
+
+ if (!objref) {
+ /* use @obj->ptr to index, assign objref (checkpoint) */
+ obj->objref = obj_alloc_objref(ctx);
+ i = hash_long((unsigned long) ptr, CKPT_OBJ_HASH_NBITS);
+ } else {
+ /* use @obj->objref to index (restart) */
+ obj->objref = objref;
+ i = hash_long((unsigned long) objref, CKPT_OBJ_HASH_NBITS);
+ }
+
+ ret = ops->ref_grab ? ops->ref_grab(obj->ptr) : 0;
+ if (ret < 0) {
+ kfree(obj);
+ obj = ERR_PTR(ret);
+ } else {
+ hlist_add_head(&obj->hash, &ctx->obj_hash->head[i]);
+ }
+
+ return obj;
+}
+
+/**
+ * ckpt_obj_del - delete an object from the obj_hash
+ * @ctx: checkpoint context
+ * @obj: object pointer
+ *
+ * Delete the object @obj from the obj_hash. This is not something
+ * that I would expect to be used in normal situations, but it makes
+ * the error path of codependent network interfaces much smoother.
+ */
+static void ckpt_obj_del(struct ckpt_ctx *ctx, struct ckpt_obj *obj)
+{
+ hlist_del(&obj->hash);
+ if (obj->ops->ref_drop)
+ obj->ops->ref_drop(obj->ptr, 1);
+ kfree(obj);
+}
+
+/**************************************************************************
+ * Checkpoint
+ */
+
+/**
+ * obj_lookup_add - lookup object and add if not in objhash
+ * @ctx: checkpoint context
+ * @ptr: pointer to object
+ * @type: object type
+ * @first: [output] first encounter (added to table)
+ *
+ * Look up the object pointed to by @ptr in the hash table. If it isn't
+ * already found there, add the object, and allocate a unique object
+ * id. Grab a reference to every object that is added, and maintain the
+ * reference until the entire hash is freed.
+ */
+static struct ckpt_obj *obj_lookup_add(struct ckpt_ctx *ctx, void *ptr,
+ enum obj_type type, int *first)
+{
+ struct ckpt_obj *obj;
+
+ obj = obj_find_by_ptr(ctx, ptr);
+ if (!obj) {
+ obj = obj_new(ctx, ptr, 0, type);
+ *first = 1;
+ } else {
+ BUG_ON(obj->ops->obj_type != type);
+ *first = 0;
+ }
+ return obj;
+}
+
+/**
+ * ckpt_obj_lookup - lookup object (by pointer) in objhash
+ * @ctx: checkpoint context
+ * @ptr: pointer to object
+ * @type: object type
+ *
+ * [used during checkpoint].
+ * Return: objref (or zero if not found)
+ */
+int ckpt_obj_lookup(struct ckpt_ctx *ctx, void *ptr, enum obj_type type)
+{
+ struct ckpt_obj *obj;
+
+ obj = obj_find_by_ptr(ctx, ptr);
+ BUG_ON(obj && obj->ops->obj_type != type);
+ if (obj)
+ ckpt_debug("%s objref %d\n", obj->ops->obj_name, obj->objref);
+ return obj ? obj->objref : 0;
+}
+EXPORT_SYMBOL(ckpt_obj_lookup);
+
+/**
+ * ckpt_obj_lookup_add - lookup object and add if not in objhash
+ * @ctx: checkpoint context
+ * @ptr: pointer to object
+ * @type: object type
+ * @first: [output] first encoutner (added to table)
+ *
+ * [used during checkpoint].
+ * Return: objref
+ */
+int ckpt_obj_lookup_add(struct ckpt_ctx *ctx, void *ptr,
+ enum obj_type type, int *first)
+{
+ struct ckpt_obj *obj;
+
+ obj = obj_lookup_add(ctx, ptr, type, first);
+ if (IS_ERR(obj))
+ return PTR_ERR(obj);
+ ckpt_debug("%s objref %d first %d\n",
+ obj->ops->obj_name, obj->objref, *first);
+ obj->flags |= CKPT_OBJ_CHECKPOINTED;
+ return obj->objref;
+}
+EXPORT_SYMBOL(ckpt_obj_lookup_add);
+
+/**
+ * ckpt_obj_reserve - reserve an objref
+ * @ctx: checkpoint context
+ *
+ * The reserved objref will not be used for subsequent objects. This
+ * gives an objref that can be safely used during restart without a
+ * matching object in checkpoint. [used during checkpoint].
+ */
+int ckpt_obj_reserve(struct ckpt_ctx *ctx)
+{
+ return obj_alloc_objref(ctx);
+}
+EXPORT_SYMBOL(ckpt_obj_reserve);
+
+/**
+ * checkpoint_obj - if not already in hash, add object and checkpoint
+ * @ctx: checkpoint context
+ * @ptr: pointer to object
+ * @type: object type
+ *
+ * Use obj_lookup_add() to lookup (and possibly add) the object to the
+ * hash table. If the CKPT_OBJ_CHECKPOINTED flag isn't set, then also
+ * save the object's state using its ops->checkpoint().
+ *
+ * [This is used during checkpoint].
+ * Returns: objref
+ */
+int checkpoint_obj(struct ckpt_ctx *ctx, void *ptr, enum obj_type type)
+{
+ struct ckpt_hdr_objref *h;
+ struct ckpt_obj *obj;
+ int new, ret = 0;
+
+ obj = obj_lookup_add(ctx, ptr, type, &new);
+ if (IS_ERR(obj))
+ return PTR_ERR(obj);
+
+ if (!(obj->flags & CKPT_OBJ_CHECKPOINTED)) {
+ h = ckpt_hdr_get_type(ctx, sizeof(*h), CKPT_HDR_OBJREF);
+ if (!h)
+ return -ENOMEM;
+
+ h->objtype = type;
+ h->objref = obj->objref;
+ ret = ckpt_write_obj(ctx, &h->h);
+ ckpt_hdr_put(ctx, h);
+
+ if (ret < 0)
+ return ret;
+
+ /* invoke callback to actually dump the state */
+ if (obj->ops->checkpoint)
+ ret = obj->ops->checkpoint(ctx, ptr);
+
+ obj->flags |= CKPT_OBJ_CHECKPOINTED;
+ }
+ return (ret < 0 ? ret : obj->objref);
+}
+EXPORT_SYMBOL(checkpoint_obj);
+
+/**************************************************************************
+ * Restart
+ */
+
+/**
+ * restore_obj - read in and restore a (first seen) shared object
+ * @ctx: checkpoint context
+ * @h: ckpt_hdr of shared object
+ *
+ * Read in the header payload (struct ckpt_hdr_objref). Lookup the
+ * object to verify it isn't there. Then restore the object's state
+ * and add it to the objash. No need to explicitly grab a reference -
+ * we hold the initial instance of this object. (Object maintained
+ * until the entire hash is free).
+ *
+ * [This is used during restart].
+ */
+int restore_obj(struct ckpt_ctx *ctx, struct ckpt_hdr_objref *h)
+{
+ const struct ckpt_obj_ops *ops;
+ struct ckpt_obj *obj;
+ void *ptr = ERR_PTR(-EINVAL);
+
+ ckpt_debug("len %d ref %d type %d\n", h->h.len, h->objref, h->objtype);
+ if (h->objtype >= CKPT_OBJ_MAX)
+ return -EINVAL;
+ if (h->objref <= 0)
+ return -EINVAL;
+
+ ops = ckpt_obj_ops[h->objtype];
+ if (!ops)
+ return -ENOSYS;
+
+ BUG_ON(ops->obj_type != h->objtype);
+
+ if (ops->restore)
+ ptr = ops->restore(ctx);
+ if (IS_ERR(ptr))
+ return PTR_ERR(ptr);
+
+ obj = obj_find_by_objref(ctx, h->objref);
+ if (!obj) {
+ obj = obj_new(ctx, ptr, h->objref, h->objtype);
+ /*
+ * Drop an extra reference to the object returned by
+ * ops->restore to balance the one taken by obj_new()
+ */
+ if (!IS_ERR(obj) && ops->ref_drop)
+ ops->ref_drop(ptr, 0);
+ } else if ((obj->ptr != ptr) || (obj->ops->obj_type != h->objtype)) {
+ /* Normally, we expect an object to not already exist
+ * in the hash. However, for some special scenarios
+ * where we're restoring sets of objects that must be
+ * co-allocated (such, as veth netdev pairs) we need
+ * to tolerate this case if the second restore returns
+ * the correct type and pointer, as specified in the
+ * existing object. If either of those don't match,
+ * we fail.
+ */
+ obj = ERR_PTR(-EINVAL);
+ }
+
+ if (IS_ERR(obj)) {
+ /* This releases our final reference on the object
+ * returned by ops->restore()
+ */
+ if (ops->ref_drop)
+ ops->ref_drop(ptr, 1);
+ return PTR_ERR(obj);
+ }
+ return obj->objref;
+}
+
+/**
+ * ckpt_obj_insert - add an object with a given objref to obj_hash
+ * @ctx: checkpoint context
+ * @ptr: pointer to object
+ * @objref: unique object id
+ * @type: object type
+ *
+ * Add the object pointer to by @ptr and identified by unique object id
+ * @objref to the hash table (indexed by @objref). Grab a reference to
+ * every object added, and maintain it until the entire hash is freed.
+ *
+ * [This is used during restart].
+ */
+int ckpt_obj_insert(struct ckpt_ctx *ctx, void *ptr,
+ int objref, enum obj_type type)
+{
+ struct ckpt_obj *obj;
+
+ if (objref <= 0)
+ return -EINVAL;
+ if (obj_find_by_objref(ctx, objref))
+ return -EINVAL;
+ obj = obj_new(ctx, ptr, objref, type);
+ if (IS_ERR(obj))
+ return PTR_ERR(obj);
+ ckpt_debug("%s objref %d\n", obj->ops->obj_name, objref);
+ return obj->objref;
+}
+EXPORT_SYMBOL(ckpt_obj_insert);
+
+/**
+ * ckpt_obj_del - delete object (by pointer) in objhash
+ * @ctx: checkpoint context
+ * @ref: object reference
+ * @type: object type
+ *
+ * Return: nonzero on failure
+ */
+int ckpt_obj_delete(struct ckpt_ctx *ctx, int objref, enum obj_type type)
+{
+ struct ckpt_obj *obj;
+
+ obj = obj_find_by_objref(ctx, objref);
+ BUG_ON(obj && obj->ops->obj_type != type);
+ if (obj) {
+ ckpt_debug("%s deleted from hash\n", obj->ops->obj_name);
+ ckpt_obj_del(ctx, obj);
+ }
+
+ return obj ? 0 : -ESRCH;
+}
+EXPORT_SYMBOL(ckpt_obj_delete);
+
+/**
+ * ckpt_obj_try_fetch - fetch an object by its identifier
+ * @ctx: checkpoint context
+ * @objref: object id
+ * @type: object type
+ *
+ * Lookup the objref identifier by @objref in the hash table. Return
+ * an error not found.
+ *
+ * [This is used during restart].
+ */
+void *ckpt_obj_try_fetch(struct ckpt_ctx *ctx, int objref, enum obj_type type)
+{
+ struct ckpt_obj *obj;
+
+ obj = obj_find_by_objref(ctx, objref);
+ if (!obj)
+ return ERR_PTR(-EINVAL);
+ ckpt_debug("%s ref %d\n", obj->ops->obj_name, obj->objref);
+ if (obj->ops->obj_type == type)
+ return obj->ptr;
+ return ERR_PTR(-ENOMSG);
+}
+EXPORT_SYMBOL(ckpt_obj_try_fetch);
+
+void *ckpt_obj_fetch(struct ckpt_ctx *ctx, int objref, enum obj_type type)
+{
+ void *ret = ckpt_obj_try_fetch(ctx, objref, type);
+
+ if (unlikely(IS_ERR(ret)))
+ ckpt_err(ctx, PTR_ERR(ret), "%(O)Fetching object (type %d)\n",
+ objref, type);
+ return ret;
+}
+EXPORT_SYMBOL(ckpt_obj_fetch);
diff --git a/kernel/checkpoint/restart.c b/kernel/checkpoint/restart.c
index 18b3815..437de4f 100644
--- a/kernel/checkpoint/restart.c
+++ b/kernel/checkpoint/restart.c
@@ -212,6 +212,63 @@ static int _ckpt_read_err(struct ckpt_ctx *ctx, struct ckpt_hdr *h)
}
/**
+ * _ckpt_read_objref - dispatch handling of a shared object
+ * @ctx: checkpoint context
+ * @hh: objrect descriptor
+ */
+static int _ckpt_read_objref(struct ckpt_ctx *ctx, struct ckpt_hdr *hh)
+{
+ struct ckpt_hdr *h;
+ int ret;
+
+ h = ckpt_hdr_get(ctx, hh->len);
+ if (!h)
+ return -ENOMEM;
+
+ *h = *hh; /* yay ! */
+
+ _ckpt_debug(CKPT_DOBJ, "shared len %d type %d\n", h->len, h->type);
+ ret = ckpt_kread(ctx, (h + 1), hh->len - sizeof(struct ckpt_hdr));
+ if (ret < 0)
+ goto out;
+
+ ret = restore_obj(ctx, (struct ckpt_hdr_objref *) h);
+ out:
+ ckpt_hdr_put(ctx, h);
+ return ret;
+}
+
+/**
+ * ckpt_read_obj_dispatch - dispatch ERRORs and OBJREFs; don't return them
+ * @ctx: checkpoint context
+ * @h: desired ckpt_hdr
+ */
+static int ckpt_read_obj_dispatch(struct ckpt_ctx *ctx, struct ckpt_hdr *h)
+{
+ int ret;
+
+ while (1) {
+ ret = ckpt_kread(ctx, h, sizeof(*h));
+ if (ret < 0)
+ return ret;
+ _ckpt_debug(CKPT_DRW, "type %d len %d\n", h->type, h->len);
+ if (h->len < sizeof(*h))
+ return -EINVAL;
+
+ if (h->type == CKPT_HDR_ERROR) {
+ ret = _ckpt_read_err(ctx, h);
+ if (ret < 0)
+ return ret;
+ } else if (h->type == CKPT_HDR_OBJREF) {
+ ret = _ckpt_read_objref(ctx, h);
+ if (ret < 0)
+ return ret;
+ } else
+ return 0;
+ }
+}
+
+/**
* _ckpt_read_obj - read an object (ckpt_hdr followed by payload)
* @ctx: checkpoint context
* @h: desired ckpt_hdr
@@ -226,21 +283,11 @@ static int _ckpt_read_obj(struct ckpt_ctx *ctx, struct ckpt_hdr *h,
{
int ret;
- again:
- ret = ckpt_kread(ctx, h, sizeof(*h));
+ ret = ckpt_read_obj_dispatch(ctx, h);
if (ret < 0)
return ret;
_ckpt_debug(CKPT_DRW, "type %d len %d(%d,%d)\n",
h->type, h->len, len, max);
- if (h->len < sizeof(*h))
- return -EINVAL;
-
- if (h->type == CKPT_HDR_ERROR) {
- ret = _ckpt_read_err(ctx, h);
- if (ret < 0)
- return ret;
- goto again;
- }
/* if len specified, enforce, else if maximum specified, enforce */
if ((len && h->len != len) || (!len && max && h->len > max))
@@ -332,13 +379,12 @@ static void *ckpt_read_obj(struct ckpt_ctx *ctx, int len, int max)
struct ckpt_hdr *h;
int ret;
- ret = ckpt_kread(ctx, &hh, sizeof(hh));
+ ret = ckpt_read_obj_dispatch(ctx, &hh);
if (ret < 0)
return ERR_PTR(ret);
_ckpt_debug(CKPT_DRW, "type %d len %d(%d,%d)\n",
hh.type, hh.len, len, max);
- if (hh.len < sizeof(*h))
- return ERR_PTR(-EINVAL);
+
/* if len specified, enforce, else if maximum specified, enforce */
if ((len && hh.len != len) || (!len && max && hh.len > max))
return ERR_PTR(-EINVAL);
@@ -374,15 +420,14 @@ void *ckpt_read_obj_type(struct ckpt_ctx *ctx, int len, int type)
h = ckpt_read_obj(ctx, len, len);
if (IS_ERR(h)) {
- ckpt_err(ctx, PTR_ERR(h), "Looking for type %d in ckptfile\n",
- type);
+ ckpt_err(ctx, PTR_ERR(h), "Expecting to read type %d\n", type);
return h;
}
if (h->type != type) {
ckpt_hdr_put(ctx, h);
- ckpt_err(ctx, -EINVAL, "Next object was type %d, not %d\n",
- h->type, type);
+ ckpt_err(ctx, -EINVAL, "Expected type %d but got %d\n",
+ h->type, type);
h = ERR_PTR(-EINVAL);
}
diff --git a/kernel/checkpoint/sys.c b/kernel/checkpoint/sys.c
index 224c0c9..5e84915 100644
--- a/kernel/checkpoint/sys.c
+++ b/kernel/checkpoint/sys.c
@@ -203,6 +203,8 @@ static void ckpt_ctx_free(struct ckpt_ctx *ctx)
if (ctx->logfile)
fput(ctx->logfile);
+ ckpt_obj_hash_free(ctx);
+
if (ctx->tasks_arr)
task_arr_free(ctx);
@@ -254,7 +256,12 @@ static struct ckpt_ctx *ckpt_ctx_alloc(int fd, unsigned long uflags,
ctx->logfile = fget(logfd);
if (!ctx->logfile)
goto err;
+
nolog:
+ err = -ENOMEM;
+ if (ckpt_obj_hash_alloc(ctx) < 0)
+ goto err;
+
atomic_inc(&ctx->refcount);
return ctx;
err:
--
1.6.3.3
^ permalink raw reply related [flat|nested] 137+ messages in thread* [PATCH v21 034/100] c/r: detect resource leaks for whole-container checkpoint
2010-05-01 14:14 [PATCH v21 00/100] Kernel based checkpoint/restart Oren Laadan
` (32 preceding siblings ...)
2010-05-01 14:15 ` [PATCH v21 033/100] c/r: infrastructure for shared objects Oren Laadan
@ 2010-05-01 14:15 ` Oren Laadan
2010-05-01 14:15 ` [PATCH v21 035/100] deferqueue: generic queue to defer work Oren Laadan
` (67 subsequent siblings)
101 siblings, 0 replies; 137+ messages in thread
From: Oren Laadan @ 2010-05-01 14:15 UTC (permalink / raw)
To: Andrew Morton
Cc: containers, linux-kernel, Serge Hallyn, Matt Helsley,
Pavel Emelyanov, Oren Laadan, Ingo Molnar, Alexey Dobriyan
Add a 'users' count to objhash items, and, for a !CHECKPOINT_SUBTREE
checkpoint, return an error code if the actual objects' counts are
higher, indicating leaks (references to the objects from a task not
being checkpointed).
The comparison of the objhash user counts to object refcounts as a
basis for checking for leaks comes from Alexey's OpenVZ-based c/r
patchset.
"Leak detection" occurs _before_ any real state is saved, as a
pre-step. This prevents races due to sharing with outside world where
the sharing ceases before the leak test takes place, thus protecting
the checkpoint image from inconsistencies.
Once leak testing concludes, checkpoint will proceed. Because objects
are already in the objhash, checkpoint_obj() cannot distinguish
between the first and subsequent encounters. This is solved with a
flag (CKPT_OBJ_CHECKPOINTED) per object.
Two additional checks take place during checkpoint: for objects that
were created during, and objects destroyed, while the leak-detection
pre-step took place. (By the time this occurs part of the checkpoint
image has been written out to disk, so this is purely advisory).
Changelog[v20]:
- Export key symbols to enable c/r from kernel modules
Changelog[v18]:
- [Dan Smith] Fix ckpt_obj_lookup_add() leak detection logic
- Replace some EAGAIN with EBUSY
- Add a few more ckpt_write_err()s
- Introduce CKPT_OBJ_VISITED
- ckpt_obj_collect() returns objref for new objects, 0 otherwise
- Rename ckpt_obj_checkpointed() to ckpt_obj_visited()
- Introduce ckpt_obj_visit() to mark objects as visited
- Set the CHECKPOINTED flag on objects before calling checkpoint
Changelog[v17]:
- Leak detection is performed in two-steps
- Detect reverse-leaks (objects disappearing unexpectedly)
- Skip reverse-leak detection if ops->ref_users isn't defined
Cc: Ingo Molnar <mingo@elte.hu>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: Oren Laadan <orenl@cs.columbia.edu>
Acked-by: Serge E. Hallyn <serue@us.ibm.com>
Tested-by: Serge E. Hallyn <serue@us.ibm.com>
---
include/linux/checkpoint.h | 7 ++
include/linux/checkpoint_types.h | 1 +
kernel/checkpoint/checkpoint.c | 41 +++++++++
kernel/checkpoint/objhash.c | 186 +++++++++++++++++++++++++++++++++++++-
kernel/checkpoint/process.c | 5 +
5 files changed, 237 insertions(+), 3 deletions(-)
diff --git a/include/linux/checkpoint.h b/include/linux/checkpoint.h
index 2f5af3c..d438d08 100644
--- a/include/linux/checkpoint.h
+++ b/include/linux/checkpoint.h
@@ -113,6 +113,12 @@ extern int ckpt_obj_hash_alloc(struct ckpt_ctx *ctx);
extern int restore_obj(struct ckpt_ctx *ctx, struct ckpt_hdr_objref *h);
extern int checkpoint_obj(struct ckpt_ctx *ctx, void *ptr,
enum obj_type type);
+extern int ckpt_obj_collect(struct ckpt_ctx *ctx, void *ptr,
+ enum obj_type type);
+extern int ckpt_obj_contained(struct ckpt_ctx *ctx);
+extern int ckpt_obj_visited(struct ckpt_ctx *ctx);
+extern int ckpt_obj_visit(struct ckpt_ctx *ctx, void *ptr,
+ enum obj_type type);
extern int ckpt_obj_lookup(struct ckpt_ctx *ctx, void *ptr,
enum obj_type type);
extern int ckpt_obj_lookup_add(struct ckpt_ctx *ctx, void *ptr,
@@ -135,6 +141,7 @@ extern long do_restart(struct ckpt_ctx *ctx, pid_t pid);
/* task */
extern int ckpt_activate_next(struct ckpt_ctx *ctx);
+extern int ckpt_collect_task(struct ckpt_ctx *ctx, struct task_struct *t);
extern int checkpoint_task(struct ckpt_ctx *ctx, struct task_struct *t);
extern int restore_task(struct ckpt_ctx *ctx);
diff --git a/include/linux/checkpoint_types.h b/include/linux/checkpoint_types.h
index 912e06a..ce68f54 100644
--- a/include/linux/checkpoint_types.h
+++ b/include/linux/checkpoint_types.h
@@ -77,6 +77,7 @@ struct ckpt_obj_ops {
int obj_type;
void (*ref_drop)(void *ptr, int lastref);
int (*ref_grab)(void *ptr);
+ int (*ref_users)(void *ptr);
int (*checkpoint)(struct ckpt_ctx *ctx, void *ptr);
void *(*restore)(struct ckpt_ctx *ctx);
};
diff --git a/kernel/checkpoint/checkpoint.c b/kernel/checkpoint/checkpoint.c
index f451f8f..4640e80 100644
--- a/kernel/checkpoint/checkpoint.c
+++ b/kernel/checkpoint/checkpoint.c
@@ -315,6 +315,24 @@ static int checkpoint_pids(struct ckpt_ctx *ctx)
return ret;
}
+static int collect_objects(struct ckpt_ctx *ctx)
+{
+ int n, ret = 0;
+
+ for (n = 0; n < ctx->nr_tasks; n++) {
+ ckpt_debug("dumping task #%d\n", n);
+ ret = ckpt_collect_task(ctx, ctx->tasks_arr[n]);
+ if (ret < 0) {
+ ctx->tsk = ctx->tasks_arr[n];
+ ckpt_err(ctx, ret, "%(T)Collect failed\n");
+ ctx->tsk = NULL;
+ break;
+ }
+ }
+
+ return ret;
+}
+
struct ckpt_cnt_tasks {
struct ckpt_ctx *ctx;
int nr;
@@ -537,6 +555,21 @@ long do_checkpoint(struct ckpt_ctx *ctx, pid_t pid)
if (ret < 0)
goto out;
+ if (!(ctx->uflags & CHECKPOINT_SUBTREE)) {
+ /*
+ * Verify that all objects are contained (no leaks):
+ * First collect them all into the while counting users
+ * and then compare to the objects' real user counts.
+ */
+ ret = collect_objects(ctx);
+ if (ret < 0)
+ goto out;
+ if (!ckpt_obj_contained(ctx)) {
+ ret = -EBUSY;
+ goto out;
+ }
+ }
+
ret = checkpoint_write_header(ctx);
if (ret < 0)
goto out;
@@ -549,6 +582,14 @@ long do_checkpoint(struct ckpt_ctx *ctx, pid_t pid)
ret = checkpoint_all_tasks(ctx);
if (ret < 0)
goto out;
+
+ /* verify that all objects were indeed visited */
+ if (!ckpt_obj_visited(ctx)) {
+ ckpt_err(ctx, -EBUSY, "Leak: unvisited\n");
+ ret = -EBUSY;
+ goto out;
+ }
+
ret = checkpoint_write_tail(ctx);
if (ret < 0)
goto out;
diff --git a/kernel/checkpoint/objhash.c b/kernel/checkpoint/objhash.c
index 1ee06d0..75bf2da 100644
--- a/kernel/checkpoint/objhash.c
+++ b/kernel/checkpoint/objhash.c
@@ -18,18 +18,22 @@
#include <linux/checkpoint.h>
struct ckpt_obj {
+ int users;
int objref;
int flags;
void *ptr;
const struct ckpt_obj_ops *ops;
struct hlist_node hash;
+ struct hlist_node next;
};
/* object internal flags */
#define CKPT_OBJ_CHECKPOINTED 0x1 /* object already checkpointed */
+#define CKPT_OBJ_VISITED 0x2 /* object already visited */
struct ckpt_obj_hash {
struct hlist_head *head;
+ struct hlist_head list;
int next_free_objref;
};
@@ -103,6 +107,7 @@ int ckpt_obj_hash_alloc(struct ckpt_ctx *ctx)
obj_hash->head = head;
obj_hash->next_free_objref = 1;
+ INIT_HLIST_HEAD(&obj_hash->list);
ctx->obj_hash = obj_hash;
return 0;
@@ -178,6 +183,7 @@ static struct ckpt_obj *obj_new(struct ckpt_ctx *ctx, void *ptr,
obj->ptr = ptr;
obj->ops = ops;
+ obj->users = 2; /* extra reference that objhash itself takes */
if (!objref) {
/* use @obj->ptr to index, assign objref (checkpoint) */
@@ -195,6 +201,7 @@ static struct ckpt_obj *obj_new(struct ckpt_ctx *ctx, void *ptr,
obj = ERR_PTR(ret);
} else {
hlist_add_head(&obj->hash, &ctx->obj_hash->head[i]);
+ hlist_add_head(&obj->next, &ctx->obj_hash->list);
}
return obj;
@@ -212,6 +219,7 @@ static struct ckpt_obj *obj_new(struct ckpt_ctx *ctx, void *ptr,
static void ckpt_obj_del(struct ckpt_ctx *ctx, struct ckpt_obj *obj)
{
hlist_del(&obj->hash);
+ hlist_del(&obj->next);
if (obj->ops->ref_drop)
obj->ops->ref_drop(obj->ptr, 1);
kfree(obj);
@@ -244,12 +252,35 @@ static struct ckpt_obj *obj_lookup_add(struct ckpt_ctx *ctx, void *ptr,
*first = 1;
} else {
BUG_ON(obj->ops->obj_type != type);
+ obj->users++;
*first = 0;
}
return obj;
}
/**
+ * ckpt_obj_collect - collect object into objhash
+ * @ctx: checkpoint context
+ * @ptr: pointer to object
+ * @type: object type
+ *
+ * [used during checkpoint].
+ * Return: objref if object is new, 0 otherwise, or an error
+ */
+int ckpt_obj_collect(struct ckpt_ctx *ctx, void *ptr, enum obj_type type)
+{
+ struct ckpt_obj *obj;
+ int first;
+
+ obj = obj_lookup_add(ctx, ptr, type, &first);
+ if (IS_ERR(obj))
+ return PTR_ERR(obj);
+ ckpt_debug("%s objref %d first %d\n",
+ obj->ops->obj_name, obj->objref, first);
+ return first ? obj->objref : 0;
+}
+
+/**
* ckpt_obj_lookup - lookup object (by pointer) in objhash
* @ctx: checkpoint context
* @ptr: pointer to object
@@ -270,6 +301,21 @@ int ckpt_obj_lookup(struct ckpt_ctx *ctx, void *ptr, enum obj_type type)
}
EXPORT_SYMBOL(ckpt_obj_lookup);
+static inline int obj_reverse_leak(struct ckpt_ctx *ctx, struct ckpt_obj *obj)
+{
+ /*
+ * A "reverse" leak ? All objects should already be in the
+ * objhash by now. But an outside task may have created an
+ * object while we were collecting, which we didn't catch.
+ */
+ if (obj->ops->ref_users && !(ctx->uflags & CHECKPOINT_SUBTREE)) {
+ ckpt_err(ctx, -EBUSY, "%(O)%(P)Leak: reverse added late (%s)\n",
+ obj->objref, obj->ptr, obj->ops->obj_name);
+ return -EBUSY;
+ }
+ return 0;
+}
+
/**
* ckpt_obj_lookup_add - lookup object and add if not in objhash
* @ctx: checkpoint context
@@ -290,7 +336,11 @@ int ckpt_obj_lookup_add(struct ckpt_ctx *ctx, void *ptr,
return PTR_ERR(obj);
ckpt_debug("%s objref %d first %d\n",
obj->ops->obj_name, obj->objref, *first);
- obj->flags |= CKPT_OBJ_CHECKPOINTED;
+
+ if (*first && obj_reverse_leak(ctx, obj))
+ return -EBUSY;
+
+ obj->flags |= CKPT_OBJ_VISITED;
return obj->objref;
}
EXPORT_SYMBOL(ckpt_obj_lookup_add);
@@ -332,6 +382,9 @@ int checkpoint_obj(struct ckpt_ctx *ctx, void *ptr, enum obj_type type)
if (IS_ERR(obj))
return PTR_ERR(obj);
+ if (new && obj_reverse_leak(ctx, obj))
+ return -EBUSY;
+
if (!(obj->flags & CKPT_OBJ_CHECKPOINTED)) {
h = ckpt_hdr_get_type(ctx, sizeof(*h), CKPT_HDR_OBJREF);
if (!h)
@@ -346,15 +399,142 @@ int checkpoint_obj(struct ckpt_ctx *ctx, void *ptr, enum obj_type type)
return ret;
/* invoke callback to actually dump the state */
- if (obj->ops->checkpoint)
- ret = obj->ops->checkpoint(ctx, ptr);
+ BUG_ON(!obj->ops->checkpoint);
obj->flags |= CKPT_OBJ_CHECKPOINTED;
+ ret = obj->ops->checkpoint(ctx, ptr);
}
+
+ obj->flags |= CKPT_OBJ_VISITED;
return (ret < 0 ? ret : obj->objref);
}
EXPORT_SYMBOL(checkpoint_obj);
+/**
+ * ckpt_obj_visit - mark object as visited
+ * @ctx: checkpoint context
+ * @ptr: pointer to object
+ * @type: object type
+ *
+ * [used during checkpoint].
+ * Marks the object as visited, or fail if not found
+ */
+int ckpt_obj_visit(struct ckpt_ctx *ctx, void *ptr, enum obj_type type)
+{
+ struct ckpt_obj *obj;
+
+ obj = obj_find_by_ptr(ctx, ptr);
+ BUG_ON(obj && obj->ops->obj_type != type);
+
+ if (!obj) {
+ if (!(ctx->uflags & CHECKPOINT_SUBTREE)) {
+ /* if not found report reverse leak (full container) */
+ ckpt_err(ctx, -EBUSY,
+ "%(O)%(P)Leak: reverse unknown (%s)\n",
+ obj->objref, obj->ptr, obj->ops->obj_name);
+ return -EBUSY;
+ }
+ } else {
+ ckpt_debug("visit %s objref %d\n",
+ obj->ops->obj_name, obj->objref);
+ obj->flags |= CKPT_OBJ_VISITED;
+ }
+ return 0;
+}
+EXPORT_SYMBOL(ckpt_obj_visit);
+
+/* increment the 'users' count of an object */
+static void ckpt_obj_users_inc(struct ckpt_ctx *ctx, void *ptr, int increment)
+{
+ struct ckpt_obj *obj;
+
+ obj = obj_find_by_ptr(ctx, ptr);
+ if (obj)
+ obj->users += increment;
+}
+
+/*
+ * "Leak detection" - to guarantee a consistent checkpoint of a full
+ * container we verify that all resources are confined and isolated in
+ * that container:
+ *
+ * c/r code first walks through all tasks and collects all shared
+ * resources into the objhash, while counting the references to them;
+ * then, it compares this count to the object's real reference count,
+ * and if they don't match it means that an object has "leaked" to the
+ * outside.
+ *
+ * Otherwise, it is guaranteed that there are no references outside
+ * (of container). c/r code now proceeds to walk through all tasks,
+ * again, and checkpoints the resources. It ensures that all resources
+ * are already in the objhash, and that all of them are checkpointed.
+ * Otherwise it means that due to a race, an object was created or
+ * destroyed during the first walk but not accounted for.
+ *
+ * For instance, consider an outside task A that shared files_struct
+ * with inside task B. Then, after B's files where collected, A opens
+ * or closes a file, and immediately exits - before the first leak
+ * test is performed, such that the test passes.
+ */
+
+/**
+ * ckpt_obj_contained - test if shared objects are contained in checkpoint
+ * @ctx: checkpoint context
+ *
+ * Loops through all objects in the table and compares the number of
+ * references accumulated during checkpoint, with the reference count
+ * reported by the kernel.
+ *
+ * Return 1 if respective counts match for all objects, 0 otherwise.
+ */
+int ckpt_obj_contained(struct ckpt_ctx *ctx)
+{
+ struct ckpt_obj *obj;
+ struct hlist_node *node;
+
+ /* account for ctx->{file,logfile} (if in the table already) */
+ ckpt_obj_users_inc(ctx, ctx->file, 1);
+ if (ctx->logfile)
+ ckpt_obj_users_inc(ctx, ctx->logfile, 1);
+
+ hlist_for_each_entry(obj, node, &ctx->obj_hash->list, next) {
+ if (!obj->ops->ref_users)
+ continue;
+ if (obj->ops->ref_users(obj->ptr) != obj->users) {
+ ckpt_err(ctx, -EBUSY,
+ "%(O)%(P)%(S)Usage leak (%d != %d)\n",
+ obj->objref, obj->ptr, obj->ops->obj_name,
+ obj->ops->ref_users(obj->ptr), obj->users);
+ return 0;
+ }
+ }
+
+ return 1;
+}
+
+/**
+ * ckpt_obj_visited - test that all shared objects were visited
+ * @ctx: checkpoint context
+ *
+ * Return 1 if all objects where visited, 0 otherwise.
+ */
+int ckpt_obj_visited(struct ckpt_ctx *ctx)
+{
+ struct ckpt_obj *obj;
+ struct hlist_node *node;
+
+ hlist_for_each_entry(obj, node, &ctx->obj_hash->list, next) {
+ if (!(obj->flags & CKPT_OBJ_VISITED)) {
+ ckpt_err(ctx, -EBUSY,
+ "%(O)%(P)%(S)Leak: not visited\n",
+ obj->objref, obj->ptr, obj->ops->obj_name);
+ return 0;
+ }
+ }
+
+ return 1;
+}
+
/**************************************************************************
* Restart
*/
diff --git a/kernel/checkpoint/process.c b/kernel/checkpoint/process.c
index aabefb6..f17f040 100644
--- a/kernel/checkpoint/process.c
+++ b/kernel/checkpoint/process.c
@@ -244,6 +244,11 @@ int checkpoint_task(struct ckpt_ctx *ctx, struct task_struct *t)
return ret;
}
+int ckpt_collect_task(struct ckpt_ctx *ctx, struct task_struct *t)
+{
+ return 0;
+}
+
/***********************************************************************
* Restart
*/
--
1.6.3.3
^ permalink raw reply related [flat|nested] 137+ messages in thread* [PATCH v21 035/100] deferqueue: generic queue to defer work
2010-05-01 14:14 [PATCH v21 00/100] Kernel based checkpoint/restart Oren Laadan
` (33 preceding siblings ...)
2010-05-01 14:15 ` [PATCH v21 034/100] c/r: detect resource leaks for whole-container checkpoint Oren Laadan
@ 2010-05-01 14:15 ` Oren Laadan
2010-05-01 14:15 ` [PATCH v21 036/100] c/r: introduce vfs_fcntl() Oren Laadan
` (66 subsequent siblings)
101 siblings, 0 replies; 137+ messages in thread
From: Oren Laadan @ 2010-05-01 14:15 UTC (permalink / raw)
To: Andrew Morton
Cc: containers, linux-kernel, Serge Hallyn, Matt Helsley,
Pavel Emelyanov, Oren Laadan
Add a interface to postpone an action until the end of the entire
checkpoint or restart operation. This is useful when during the
scan of tasks an operation cannot be performed in place, to avoid
the need for a second scan.
One use case is when restoring an ipc shared memory region that has
been deleted (but is still attached), during restart it needs to be
create, attached and then deleted. However, creation and attachment
are performed in distinct locations, so deletion can not be performed
on the spot. Instead, this work (delete) is deferred until later.
(This example is in one of the following patches).
This interface allows chronic procrastination in the kernel:
deferqueue_create(void):
Allocates and returns a new deferqueue.
deferqueue_run(deferqueue):
Executes all the pending works in the queue. Returns the number
of works executed, or an error upon the first error reported by
a deferred work.
deferqueue_add(deferqueue, data, size, func, dtor):
Enqueue a deferred work. @function is the callback function to
do the work, which will be called with @data as an argument.
@size tells the size of data. @dtor is a destructor callback
that is invoked for deferred works remaining in the queue when
the queue is destroyed. NOTE: for a given deferred work, @dtor
is _not_ called if @func was already called (regardless of the
return value of the latter).
deferqueue_destroy(deferqueue):
Free the deferqueue and any queued items while invoking the
@dtor callback for each queued item.
Why aren't we using the existing kernel workqueue mechanism? We need
to defer to work until the end of the operation: not earlier, since we
need other things to be in place; not later, to not block waiting for
it. However, the workqueue schedules the work for 'some time later'.
Also, the kernel workqueue may run in any task context, but we require
many times that an operation be run in the context of some specific
restarting task (e.g., restoring IPC state of a certain ipc_ns).
Instead, this mechanism is a simple way for the c/r operation as a
whole, and later a task in particular, to defer some action until
later (but not arbitrarily later) _in the restore_ operation.
Changelog[v19-rc1]
- [Matt Helsley] Check for valid destructor before calling it
Changelog[v18]
- Interface to pass simple pointers as data with deferqueue
Changelog[v17]
- Fix deferqueue_add() function
Signed-off-by: Oren Laadan <orenl@cs.columbia.edu>
Acked-by: Serge E. Hallyn <serue@us.ibm.com>
Tested-by: Serge E. Hallyn <serue@us.ibm.com>
---
include/linux/deferqueue.h | 78 +++++++++++++++++++++++++++++++
kernel/Makefile | 1 +
kernel/checkpoint/Kconfig | 5 ++
kernel/deferqueue.c | 110 ++++++++++++++++++++++++++++++++++++++++++++
4 files changed, 194 insertions(+), 0 deletions(-)
create mode 100644 include/linux/deferqueue.h
create mode 100644 kernel/deferqueue.c
diff --git a/include/linux/deferqueue.h b/include/linux/deferqueue.h
new file mode 100644
index 0000000..51bfd68
--- /dev/null
+++ b/include/linux/deferqueue.h
@@ -0,0 +1,78 @@
+/*
+ * deferqueue.h --- deferred work queue handling for Linux.
+ */
+
+#ifndef _LINUX_DEFERQUEUE_H
+#define _LINUX_DEFERQUEUE_H
+
+#include <linux/list.h>
+#include <linux/slab.h>
+#include <linux/spinlock.h>
+
+/*
+ * This interface allows chronic procrastination in the kernel:
+ *
+ * deferqueue_create(void):
+ * Allocates and returns a new deferqueue.
+ *
+ * deferqueue_run(deferqueue):
+ * Executes all the pending works in the queue. Returns the number
+ * of works executed, or an error upon the first error reported by
+ * a deferred work.
+ *
+ * deferqueue_add(deferqueue, data, size, func, dtor):
+ * Enqueue a deferred work. @function is the callback function to
+ * do the work, which will be called with @data as an argument.
+ * @size tells the size of data. @dtor is a destructor callback
+ * that is invoked for deferred works remaining in the queue when
+ * the queue is destroyed. NOTE: for a given deferred work, @dtor
+ * is _not_ called if @func was already called (regardless of the
+ * return value of the latter).
+ *
+ * deferqueue_destroy(deferqueue):
+ * Free the deferqueue and any queued items while invoking the
+ * @dtor callback for each queued item.
+ *
+ * The following helpers are useful when @data is a simple pointer:
+ *
+ * deferqueue_add_ptr(deferqueue, ptr, func, dtor):
+ * Enqueue a deferred work whos data is @ptr.
+ *
+ * deferqueue_data_ptr(data):
+ * Convert a deferqueue @data to a void * pointer.
+ */
+
+
+typedef int (*deferqueue_func_t)(void *);
+
+struct deferqueue_entry {
+ deferqueue_func_t function;
+ deferqueue_func_t destructor;
+ struct list_head list;
+ char data[0];
+};
+
+struct deferqueue_head {
+ spinlock_t lock;
+ struct list_head list;
+};
+
+struct deferqueue_head *deferqueue_create(void);
+void deferqueue_destroy(struct deferqueue_head *head);
+int deferqueue_add(struct deferqueue_head *head, void *data, int size,
+ deferqueue_func_t func, deferqueue_func_t dtor);
+int deferqueue_run(struct deferqueue_head *head);
+
+static inline int deferqueue_add_ptr(struct deferqueue_head *head, void *ptr,
+ deferqueue_func_t func,
+ deferqueue_func_t dtor)
+{
+ return deferqueue_add(head, &ptr, sizeof(ptr), func, dtor);
+}
+
+static inline void *deferqueue_data_ptr(void *data)
+{
+ return *((void **) data);
+}
+
+#endif
diff --git a/kernel/Makefile b/kernel/Makefile
index 1b78cca..67159cd 100644
--- a/kernel/Makefile
+++ b/kernel/Makefile
@@ -25,6 +25,7 @@ CFLAGS_REMOVE_sched_clock.o = -pg
CFLAGS_REMOVE_perf_event.o = -pg
endif
+obj-$(CONFIG_DEFERQUEUE) += deferqueue.o
obj-$(CONFIG_FREEZER) += freezer.o
obj-$(CONFIG_PROFILING) += profile.o
obj-$(CONFIG_SYSCTL_SYSCALL_CHECK) += sysctl_check.o
diff --git a/kernel/checkpoint/Kconfig b/kernel/checkpoint/Kconfig
index 21fc86b..4a2c845 100644
--- a/kernel/checkpoint/Kconfig
+++ b/kernel/checkpoint/Kconfig
@@ -2,10 +2,15 @@
# implemented the hooks for processor state etc. needed by the
# core checkpoint/restart code.
+config DEFERQUEUE
+ bool
+ default n
+
config CHECKPOINT
bool "Checkpoint/restart (EXPERIMENTAL)"
depends on CHECKPOINT_SUPPORT && EXPERIMENTAL
depends on CGROUP_FREEZER
+ select DEFERQUEUE
help
Application checkpoint/restart is the ability to save the
state of a running application so that it can later resume
diff --git a/kernel/deferqueue.c b/kernel/deferqueue.c
new file mode 100644
index 0000000..1204c8b
--- /dev/null
+++ b/kernel/deferqueue.c
@@ -0,0 +1,110 @@
+/*
+ * Infrastructure to manage deferred work
+ *
+ * This differs from a workqueue in that the work must be deferred
+ * until specifically run by the caller.
+ *
+ * As the only user currently is checkpoint/restart, which has
+ * very simple usage, the locking is kept simple. Adding rules
+ * is protected by the head->lock. But deferqueue_run() is only
+ * called once, after all entries have been added. So it is not
+ * protected. Similarly, _destroy is only called once when the
+ * ckpt_ctx is releeased, so it is not locked or refcounted. These
+ * can of course be added if needed by other users.
+ *
+ * Why not use workqueue ? We need to defer work until the end of an
+ * operation: not earlier, since we need other things to be in place;
+ * not later, to not block waiting for it. However, the workqueue
+ * schedules the work for 'some time later'. Also, workqueue may run
+ * in any task context, but we require many times that an operation
+ * be run in the context of some specific restarting task (e.g.,
+ * restoring IPC state of a certain ipc_ns).
+ *
+ * Instead, this mechanism is a simple way for the c/r operation as a
+ * whole, and later a task in particular, to defer some action until
+ * later (but not arbitrarily later) _in the restore_ operation.
+ *
+ * Copyright (C) 2009 Oren Laadan
+ *
+ * This file is subject to the terms and conditions of the GNU General Public
+ * License. See the file COPYING in the main directory of the Linux
+ * distribution for more details.
+ *
+ */
+
+#include <linux/module.h>
+#include <linux/kernel.h>
+#include <linux/deferqueue.h>
+
+struct deferqueue_head *deferqueue_create(void)
+{
+ struct deferqueue_head *h = kmalloc(sizeof(*h), GFP_KERNEL);
+ if (h) {
+ spin_lock_init(&h->lock);
+ INIT_LIST_HEAD(&h->list);
+ }
+ return h;
+}
+
+void deferqueue_destroy(struct deferqueue_head *h)
+{
+ if (!list_empty(&h->list)) {
+ struct deferqueue_entry *dq, *n;
+
+ pr_debug("%s: freeing non-empty queue\n", __func__);
+ list_for_each_entry_safe(dq, n, &h->list, list) {
+ if (dq->destructor)
+ dq->destructor(dq->data);
+ list_del(&dq->list);
+ kfree(dq);
+ }
+ }
+ kfree(h);
+}
+
+int deferqueue_add(struct deferqueue_head *head, void *data, int size,
+ deferqueue_func_t func, deferqueue_func_t dtor)
+{
+ struct deferqueue_entry *dq;
+
+ dq = kmalloc(sizeof(*dq) + size, GFP_KERNEL);
+ if (!dq)
+ return -ENOMEM;
+
+ dq->function = func;
+ dq->destructor = dtor;
+ memcpy(dq->data, data, size);
+
+ pr_debug("%s: adding work %p func %p dtor %p\n",
+ __func__, dq, func, dtor);
+ spin_lock(&head->lock);
+ list_add_tail(&dq->list, &head->list);
+ spin_unlock(&head->lock);
+ return 0;
+}
+
+/*
+ * deferqueue_run - perform all work in the work queue
+ * @head: deferqueue_head from which to run
+ *
+ * returns: number of works performed, or < 0 on error
+ */
+int deferqueue_run(struct deferqueue_head *head)
+{
+ struct deferqueue_entry *dq, *n;
+ int nr = 0;
+ int ret;
+
+ list_for_each_entry_safe(dq, n, &head->list, list) {
+ pr_debug("doing work %p function %p\n", dq, dq->function);
+ /* don't call destructor - function callback should do it */
+ ret = dq->function(dq->data);
+ if (ret < 0)
+ pr_debug("wq function failed %d\n", ret);
+ list_del(&dq->list);
+ kfree(dq);
+ nr++;
+ }
+
+ return nr;
+}
--
1.6.3.3
^ permalink raw reply related [flat|nested] 137+ messages in thread* [PATCH v21 036/100] c/r: introduce vfs_fcntl()
2010-05-01 14:14 [PATCH v21 00/100] Kernel based checkpoint/restart Oren Laadan
` (34 preceding siblings ...)
2010-05-01 14:15 ` [PATCH v21 035/100] deferqueue: generic queue to defer work Oren Laadan
@ 2010-05-01 14:15 ` Oren Laadan
2010-05-01 14:15 ` [PATCH v21 037/100] c/r: introduce new 'file_operations': ->checkpoint, ->collect() Oren Laadan
` (65 subsequent siblings)
101 siblings, 0 replies; 137+ messages in thread
From: Oren Laadan @ 2010-05-01 14:15 UTC (permalink / raw)
To: Andrew Morton
Cc: containers, linux-kernel, Serge Hallyn, Matt Helsley,
Pavel Emelyanov, Oren Laadan, linux-fsdevel
This patch introduces vfs_fcntl() so that it can be called from
restart (see patch adding restart of files).
Cc: linux-fsdevel@vger.kernel.org
Signed-off-by: Oren Laadan <orenl@cs.columbia.edu>
Acked-by: Serge E. Hallyn <serue@us.ibm.com>
Tested-by: Serge E. Hallyn <serue@us.ibm.com>
---
fs/fcntl.c | 21 +++++++++++++--------
include/linux/fs.h | 2 ++
2 files changed, 15 insertions(+), 8 deletions(-)
diff --git a/fs/fcntl.c b/fs/fcntl.c
index 452d02f..2079af0 100644
--- a/fs/fcntl.c
+++ b/fs/fcntl.c
@@ -418,6 +418,18 @@ static long do_fcntl(int fd, unsigned int cmd, unsigned long arg,
return err;
}
+int vfs_fcntl(int fd, unsigned int cmd, unsigned long arg, struct file *filp)
+{
+ int err;
+
+ err = security_file_fcntl(filp, cmd, arg);
+ if (err)
+ goto out;
+ err = do_fcntl(fd, cmd, arg, filp);
+ out:
+ return err;
+}
+
SYSCALL_DEFINE3(fcntl, unsigned int, fd, unsigned int, cmd, unsigned long, arg)
{
struct file *filp;
@@ -427,14 +439,7 @@ SYSCALL_DEFINE3(fcntl, unsigned int, fd, unsigned int, cmd, unsigned long, arg)
if (!filp)
goto out;
- err = security_file_fcntl(filp, cmd, arg);
- if (err) {
- fput(filp);
- return err;
- }
-
- err = do_fcntl(fd, cmd, arg, filp);
-
+ err = vfs_fcntl(fd, cmd, arg, filp);
fput(filp);
out:
return err;
diff --git a/include/linux/fs.h b/include/linux/fs.h
index 9e8b171..65ffe9c 100644
--- a/include/linux/fs.h
+++ b/include/linux/fs.h
@@ -1096,6 +1096,8 @@ struct file_lock {
#include <linux/fcntl.h>
+extern int vfs_fcntl(int fd, unsigned cmd, unsigned long arg, struct file *fp);
+
extern void send_sigio(struct fown_struct *fown, int fd, int band);
#ifdef CONFIG_FILE_LOCKING
--
1.6.3.3
^ permalink raw reply related [flat|nested] 137+ messages in thread* [PATCH v21 037/100] c/r: introduce new 'file_operations': ->checkpoint, ->collect()
2010-05-01 14:14 [PATCH v21 00/100] Kernel based checkpoint/restart Oren Laadan
` (35 preceding siblings ...)
2010-05-01 14:15 ` [PATCH v21 036/100] c/r: introduce vfs_fcntl() Oren Laadan
@ 2010-05-01 14:15 ` Oren Laadan
2010-05-01 14:15 ` [PATCH v21 038/100] c/r: checkpoint and restart open file descriptors Oren Laadan
` (64 subsequent siblings)
101 siblings, 0 replies; 137+ messages in thread
From: Oren Laadan @ 2010-05-01 14:15 UTC (permalink / raw)
To: Andrew Morton
Cc: containers, linux-kernel, Serge Hallyn, Matt Helsley,
Pavel Emelyanov, Oren Laadan, linux-fsdevel
While we assume all normal files and directories can be checkpointed,
there are, as usual in the VFS, specialized places that will always
need an ability to override these defaults. Although we could do this
completely in the checkpoint code, that would bitrot quickly.
This adds a new 'file_operations' function for checkpointing a file.
It is assumed that there should be a dirt-simple way to make something
(un)checkpointable that fits in with current code.
As you can see in the ext[234] patches down the road, all that we have
to do to make something simple be supported is add a single "generic"
f_op entry.
Also adds a new 'file_operations' function for 'collecting' a file for
leak-detection during full-container checkpoint. This is useful for
those files that hold references to other "collectable" objects. Two
examples are pty files that point to corresponding tty objects, and
eventpoll files that refer to the files they are monitoring.
Finally, this patch introduces vfs_fcntl() so that it can be called
from restart (see patch adding restart of files).
Changelog[v21]
- Update Documentation/filesystem/vfs.txt
- Put file_ops->checkpoint under CONFIG_CHECKPOINT
Changelog[v17]
- Introduce 'collect' method
Changelog[v17]
- Forward-declare 'ckpt_ctx' et-al, don't use checkpoint_types.h
Cc: linux-fsdevel@vger.kernel.org
Signed-off-by: Oren Laadan <orenl@cs.columbia.edu>
Acked-by: Serge E. Hallyn <serue@us.ibm.com>
Tested-by: Serge E. Hallyn <serue@us.ibm.com>
---
Documentation/filesystems/vfs.txt | 13 ++++++++++++-
include/linux/fs.h | 5 +++++
2 files changed, 17 insertions(+), 1 deletions(-)
diff --git a/Documentation/filesystems/vfs.txt b/Documentation/filesystems/vfs.txt
index 3de2f32..a78355d 100644
--- a/Documentation/filesystems/vfs.txt
+++ b/Documentation/filesystems/vfs.txt
@@ -711,7 +711,7 @@ struct file_operations
----------------------
This describes how the VFS can manipulate an open file. As of kernel
-2.6.22, the following members are defined:
+2.6.34, the following members are defined:
struct file_operations {
struct module *owner;
@@ -742,6 +742,10 @@ struct file_operations {
int (*flock) (struct file *, int, struct file_lock *);
ssize_t (*splice_write)(struct pipe_inode_info *, struct file *, size_t, unsigned int);
ssize_t (*splice_read)(struct file *, struct pipe_inode_info *, size_t, unsigned int);
+#ifdef CONFIG_CHECKPOINT
+ int (*checkpoint)(struct ckpt_ctx *, struct file *);
+ int (*collect)(struct ckpt_ctx *, struct file *);
+#endif
};
Again, all methods are called without any locks being held, unless
@@ -813,6 +817,13 @@ otherwise noted.
splice_read: called by the VFS to splice data from file to a pipe. This
method is used by the splice(2) system call
+ checkpoint: called by checkpoint(2) system call to checkpoint the
+ state of a file descriptor.
+
+ collect: called by the checkpoint(2) system call to track references to
+ file descriptors, to detect leaks in full-container checkpoint
+ (see Documentation/checkpoint/readme.txt).
+
Note that the file operations are implemented by the specific
filesystem in which the inode resides. When opening a device node
(character or block special) most filesystems will call special
diff --git a/include/linux/fs.h b/include/linux/fs.h
index 65ffe9c..c06c157 100644
--- a/include/linux/fs.h
+++ b/include/linux/fs.h
@@ -397,6 +397,7 @@ struct kstatfs;
struct vm_area_struct;
struct vfsmount;
struct cred;
+struct ckpt_ctx;
extern void __init inode_init(void);
extern void __init inode_init_early(void);
@@ -1511,6 +1512,10 @@ struct file_operations {
ssize_t (*splice_write)(struct pipe_inode_info *, struct file *, loff_t *, size_t, unsigned int);
ssize_t (*splice_read)(struct file *, loff_t *, struct pipe_inode_info *, size_t, unsigned int);
int (*setlease)(struct file *, long, struct file_lock **);
+#ifdef CONFIG_CHECKPOINT
+ int (*checkpoint)(struct ckpt_ctx *, struct file *);
+ int (*collect)(struct ckpt_ctx *, struct file *);
+#endif
};
struct inode_operations {
--
1.6.3.3
^ permalink raw reply related [flat|nested] 137+ messages in thread* [PATCH v21 038/100] c/r: checkpoint and restart open file descriptors
2010-05-01 14:14 [PATCH v21 00/100] Kernel based checkpoint/restart Oren Laadan
` (36 preceding siblings ...)
2010-05-01 14:15 ` [PATCH v21 037/100] c/r: introduce new 'file_operations': ->checkpoint, ->collect() Oren Laadan
@ 2010-05-01 14:15 ` Oren Laadan
2010-05-01 14:15 ` [PATCH v21 039/100] c/r: introduce method '->checkpoint()' in struct vm_operations_struct Oren Laadan
` (63 subsequent siblings)
101 siblings, 0 replies; 137+ messages in thread
From: Oren Laadan @ 2010-05-01 14:15 UTC (permalink / raw)
To: Andrew Morton
Cc: containers, linux-kernel, Serge Hallyn, Matt Helsley,
Pavel Emelyanov, Oren Laadan, linux-fsdevel
Checkpoint: dump the file table with 'struct ckpt_hdr_file_table,
followed by all open file descriptors. Because the 'struct file'
corresponding to an fd can be shared, they are assigned an objref and
registered in the object hash. A reference to the 'file *' is kept for
as long as it lives in the hash (the hash is only cleaned up at the
end of the checkpoint).
Also provide generic_checkpoint_file() and generic_restore_file()
which is good for normal files and directories. It does not support
yet unlinked files or directories.
Restart: for each fd read 'struct ckpt_hdr_file_desc' and lookup
objref in the hash table; If not found in the hash table, (first
occurence), read in 'struct ckpt_hdr_file', create a new file and
register in the hash. Otherwise attach the file pointer from the hash
as an FD.
Changelog[v21]:
- Do not include checkpoint_hdr.h explicitly
- Replace __initcall() with late_initcall()
- [Serge] Print out full path of file which crossed mnt_ns
- Reorganize code into fs/*
- Merge files dump/restore into a single patch
- Put file_ops->checkpoint under CONFIG_CHECKPOINT
Changelog[v19]:
- Fix false negative of test for unlinked files at checkpoint
Changelog[v19-rc3]:
- [Serge Hallyn] Rename fs_mnt to root_fs_path
- [Dave Hansen] Error out on file locks and leases
- [Serge Hallyn] Refuse checkpoint of file with f_owner
Changelog[v19-rc1]:
- Fix lockdep complaint in restore_obj_files()
- [Matt Helsley] Add cpp definitions for enums
- Restore thread/cpu state early
- Ensure null-termination of file names read from image
- Fix compile warning in restore_open_fname()
Changelog[v18]:
- Add a few more ckpt_write_err()s
- [Dan Smith] Export fill_fname() as ckpt_fill_fname()
- Introduce ckpt_collect_file() that also uses file->collect method
- In collect_file_stabl() use retval from ckpt_obj_collect() to
test for first-time-object
- Invoke set_close_on_exec() unconditionally on restart
Changelog[v17]:
- Validate f_mode after restore against saved f_mode
- Fail if f_flags have O_CREAT|O_EXCL|O_NOCTTY|O_TRUNC
- Reorder patch (move earlier in series)
- Handle shared files_struct objects
- Only collect sub-objects of files_struct once
- Better file error debugging
- Use (new) d_unlinked()
Changelog[v16]:
- Fix compile warning in checkpoint_bad()
Changelog[v16]:
- Reorder patch (move earlier in series)
- Handle shared files_struct objects
Changelog[v14]:
- File objects are dumped/restored prior to the first reference
- Introduce a per file-type restore() callback
- Use struct file_operations->checkpoint()
- Put code for generic file descriptors in a separate function
- Use one CKPT_FILE_GENERIC for both regular files and dirs
- Revert change to pr_debug(), back to ckpt_debug()
- Use only unsigned fields in checkpoint headers
- Rename: ckpt_write_files() => checkpoint_fd_table()
- Rename: ckpt_write_fd_data() => checkpoint_file()
- Rename: ckpt_read_fd_data() => restore_file()
- Rename: restore_files() => restore_fd_table()
- Check whether calls to ckpt_hbuf_get() fail
- Discard field 'h->parent'
Changelog[v12]:
- Replace obsolete ckpt_debug() with pr_debug()
Changelog[v11]:
- Discard handling of opened symlinks (there is no such thing)
- ckpt_scan_fds() retries from scratch if hits size limits
Changelog[v9]:
- Fix a couple of leaks in ckpt_write_files()
- Drop useless kfree from ckpt_scan_fds()
Changelog[v8]:
- initialize 'coe' to workaround gcc false warning
Changelog[v6]:
- Balance all calls to ckpt_hbuf_get() with matching ckpt_hbuf_put()
(even though it's not really needed)
Cc: linux-fsdevel@vger.kernel.org
Signed-off-by: Oren Laadan <orenl@cs.columbia.edu>
Acked-by: Serge E. Hallyn <serue@us.ibm.com>
Tested-by: Serge E. Hallyn <serue@us.ibm.com>
---
fs/Makefile | 1 +
fs/checkpoint.c | 816 ++++++++++++++++++++++++++++++++++++++
fs/locks.c | 35 ++
include/linux/checkpoint.h | 22 +
include/linux/checkpoint_hdr.h | 59 +++
include/linux/checkpoint_types.h | 5 +
include/linux/fs.h | 10 +
kernel/checkpoint/checkpoint.c | 11 +
kernel/checkpoint/process.c | 53 +++-
kernel/checkpoint/sys.c | 9 +
10 files changed, 1020 insertions(+), 1 deletions(-)
create mode 100644 fs/checkpoint.c
diff --git a/fs/Makefile b/fs/Makefile
index 97f340f..aa25755 100644
--- a/fs/Makefile
+++ b/fs/Makefile
@@ -29,6 +29,7 @@ obj-$(CONFIG_EVENTFD) += eventfd.o
obj-$(CONFIG_AIO) += aio.o
obj-$(CONFIG_FILE_LOCKING) += locks.o
obj-$(CONFIG_COMPAT) += compat.o compat_ioctl.o
+obj-$(CONFIG_CHECKPOINT) += checkpoint.o
nfsd-$(CONFIG_NFSD) := nfsctl.o
obj-y += $(nfsd-y) $(nfsd-m)
diff --git a/fs/checkpoint.c b/fs/checkpoint.c
new file mode 100644
index 0000000..95a51e9
--- /dev/null
+++ b/fs/checkpoint.c
@@ -0,0 +1,816 @@
+/*
+ * Checkpoint file descriptors
+ *
+ * Copyright (C) 2008-2009 Oren Laadan
+ *
+ * This file is subject to the terms and conditions of the GNU General Public
+ * License. See the file COPYING in the main directory of the Linux
+ * distribution for more details.
+ */
+
+/* default debug level for output */
+#define CKPT_DFLAG CKPT_DFILE
+
+#include <linux/kernel.h>
+#include <linux/module.h>
+#include <linux/sched.h>
+#include <linux/file.h>
+#include <linux/fdtable.h>
+#include <linux/fsnotify.h>
+#include <linux/syscalls.h>
+#include <linux/deferqueue.h>
+#include <linux/checkpoint.h>
+
+/**************************************************************************
+ * Checkpoint
+ */
+
+/**
+ * ckpt_fill_fname - return pathname of a given file
+ * @path: path name
+ * @root: relative root
+ * @buf: buffer for pathname
+ * @len: buffer length (in) and pathname length (out)
+ */
+char *ckpt_fill_fname(struct path *path, struct path *root, char *buf, int *len)
+{
+ struct path tmp = *root;
+ char *fname;
+
+ BUG_ON(!buf);
+ spin_lock(&dcache_lock);
+ fname = __d_path(path, &tmp, buf, *len);
+ spin_unlock(&dcache_lock);
+ if (IS_ERR(fname))
+ return fname;
+ *len = (buf + (*len) - fname);
+ /*
+ * FIX: if __d_path() changed these, it must have stepped out of
+ * init's namespace. Since currently we require a unified namespace
+ * within the container: simply fail.
+ */
+ if (tmp.mnt != root->mnt || tmp.dentry != root->dentry) {
+ ckpt_debug("file %s was opened in an alien mnt_ns\n", fname);
+ fname = ERR_PTR(-EBADF);
+ }
+
+ return fname;
+}
+
+/**
+ * checkpoint_fname - write a file name
+ * @ctx: checkpoint context
+ * @path: path name
+ * @root: relative root
+ */
+int checkpoint_fname(struct ckpt_ctx *ctx, struct path *path, struct path *root)
+{
+ char *buf, *fname;
+ int ret, flen;
+
+ /*
+ * FIXME: we can optimize and save memory (and storage) if we
+ * share strings (through objhash) and reference them instead
+ */
+
+ flen = PATH_MAX;
+ buf = kmalloc(flen, GFP_KERNEL);
+ if (!buf)
+ return -ENOMEM;
+
+ fname = ckpt_fill_fname(path, root, buf, &flen);
+ if (!IS_ERR(fname)) {
+ ret = ckpt_write_obj_type(ctx, fname, flen,
+ CKPT_HDR_FILE_NAME);
+ } else {
+ ret = PTR_ERR(fname);
+ ckpt_err(ctx, ret, "%(T)%(S)Obtain filename\n",
+ path->dentry->d_name.name);
+ }
+
+ kfree(buf);
+ return ret;
+}
+
+#define CKPT_DEFAULT_FDTABLE 256 /* an initial guess */
+
+/**
+ * scan_fds - scan file table and construct array of open fds
+ * @files: files_struct pointer
+ * @fdtable: (output) array of open fds
+ *
+ * Returns the number of open fds found, and also the file table
+ * array via *fdtable. The caller should free the array.
+ *
+ * The caller must validate the file descriptors collected in the
+ * array before using them, e.g. by using fcheck_files(), in case
+ * the task's fdtable changes in the meantime.
+ */
+static int scan_fds(struct files_struct *files, int **fdtable)
+{
+ struct fdtable *fdt;
+ int *fds = NULL;
+ int i = 0, n = 0;
+ int tot = CKPT_DEFAULT_FDTABLE;
+
+ /*
+ * We assume that all tasks possibly sharing the file table are
+ * frozen (or we are a single process and we checkpoint ourselves).
+ * Therefore, we can safely proceed after krealloc() from where we
+ * left off. Otherwise the file table may be modified by another
+ * task after we scan it. The behavior is this case is undefined,
+ * and either checkpoint or restart will likely fail.
+ */
+ retry:
+ fds = krealloc(fds, tot * sizeof(*fds), GFP_KERNEL);
+ if (!fds)
+ return -ENOMEM;
+
+ rcu_read_lock();
+ fdt = files_fdtable(files);
+ for (/**/; i < fdt->max_fds; i++) {
+ if (!fcheck_files(files, i))
+ continue;
+ if (n == tot) {
+ rcu_read_unlock();
+ tot *= 2; /* won't overflow: kmalloc will fail */
+ goto retry;
+ }
+ fds[n++] = i;
+ }
+ rcu_read_unlock();
+
+ *fdtable = fds;
+ return n;
+}
+
+int checkpoint_file_common(struct ckpt_ctx *ctx, struct file *file,
+ struct ckpt_hdr_file *h)
+{
+ h->f_flags = file->f_flags;
+ h->f_mode = file->f_mode;
+ h->f_pos = file->f_pos;
+ h->f_version = file->f_version;
+
+ ckpt_debug("file %s", file->f_dentry->d_name.name);
+
+ /* FIX: need also file->uid, file->gid, file->f_owner, etc */
+
+ return 0;
+}
+
+int generic_file_checkpoint(struct ckpt_ctx *ctx, struct file *file)
+{
+ struct ckpt_hdr_file_generic *h;
+ int ret;
+
+ /*
+ * FIXME: when we'll add support for unlinked files/dirs, we'll
+ * need to distinguish between unlinked filed and unlinked dirs.
+ */
+ if (d_unlinked(file->f_dentry)) {
+ ckpt_err(ctx, -EBADF, "%(T)%(P)Unlinked files unsupported\n",
+ file);
+ return -EBADF;
+ }
+
+ h = ckpt_hdr_get_type(ctx, sizeof(*h), CKPT_HDR_FILE);
+ if (!h)
+ return -ENOMEM;
+
+ h->common.f_type = CKPT_FILE_GENERIC;
+
+ ret = checkpoint_file_common(ctx, file, &h->common);
+ if (ret < 0)
+ goto out;
+ ret = ckpt_write_obj(ctx, &h->common.h);
+ if (ret < 0)
+ goto out;
+ ret = checkpoint_fname(ctx, &file->f_path, &ctx->root_fs_path);
+ out:
+ ckpt_hdr_put(ctx, h);
+ return ret;
+}
+EXPORT_SYMBOL(generic_file_checkpoint);
+
+/* checkpoint callback for file pointer */
+static int checkpoint_file(struct ckpt_ctx *ctx, void *ptr)
+{
+ struct file *file = (struct file *) ptr;
+ int ret;
+
+ if (!file->f_op || !file->f_op->checkpoint) {
+ ckpt_err(ctx, -EBADF, "%(T)%(P)%(V)f_op lacks checkpoint\n",
+ file, file->f_op);
+ return -EBADF;
+ }
+
+ ret = file->f_op->checkpoint(ctx, file);
+ if (ret < 0)
+ ckpt_err(ctx, ret, "%(T)%(P)file checkpoint failed\n", file);
+ return ret;
+}
+
+/**
+ * ckpt_write_file_desc - dump the state of a given file descriptor
+ * @ctx: checkpoint context
+ * @files: files_struct pointer
+ * @fd: file descriptor
+ *
+ * Saves the state of the file descriptor; looks up the actual file
+ * pointer in the hash table, and if found saves the matching objref,
+ * otherwise calls ckpt_write_file to dump the file pointer too.
+ */
+static int checkpoint_file_desc(struct ckpt_ctx *ctx,
+ struct files_struct *files, int fd)
+{
+ struct ckpt_hdr_file_desc *h;
+ struct file *file = NULL;
+ struct fdtable *fdt;
+ int objref, ret;
+ int coe = 0; /* avoid gcc warning */
+ pid_t pid;
+
+ h = ckpt_hdr_get_type(ctx, sizeof(*h), CKPT_HDR_FILE_DESC);
+ if (!h)
+ return -ENOMEM;
+
+ rcu_read_lock();
+ fdt = files_fdtable(files);
+ file = fcheck_files(files, fd);
+ if (file) {
+ coe = FD_ISSET(fd, fdt->close_on_exec);
+ get_file(file);
+ }
+ rcu_read_unlock();
+
+ ret = find_locks_with_owner(file, files);
+ /*
+ * find_locks_with_owner() returns an error when there
+ * are no locks found, so we *want* it to return an error
+ * code. Its success means we have to fail the checkpoint.
+ */
+ if (!ret) {
+ ret = -EBADF;
+ ckpt_err(ctx, ret, "%(T)fd %d has file lock or lease\n", fd);
+ goto out;
+ }
+
+ /* sanity check (although this shouldn't happen) */
+ ret = -EBADF;
+ if (!file) {
+ ckpt_err(ctx, ret, "%(T)fd %d gone?\n", fd);
+ goto out;
+ }
+
+ /*
+ * TODO: Implement c/r of fowner and f_sigio. Should be
+ * trivial, but for now we just refuse its checkpoint
+ */
+ pid = f_getown(file);
+ if (pid) {
+ ret = -EBUSY;
+ ckpt_err(ctx, ret, "%(T)fd %d has an owner (%d)\n", fd);
+ goto out;
+ }
+
+ /*
+ * if seen first time, this will add 'file' to the objhash, keep
+ * a reference to it, dump its state while at it.
+ */
+ objref = checkpoint_obj(ctx, file, CKPT_OBJ_FILE);
+ ckpt_debug("fd %d objref %d file %p coe %d)\n", fd, objref, file, coe);
+ if (objref < 0) {
+ ret = objref;
+ goto out;
+ }
+
+ h->fd_objref = objref;
+ h->fd_descriptor = fd;
+ h->fd_close_on_exec = coe;
+
+ ret = ckpt_write_obj(ctx, &h->h);
+out:
+ ckpt_hdr_put(ctx, h);
+ if (file)
+ fput(file);
+ return ret;
+}
+
+/* checkpoint callback for file table */
+static int checkpoint_file_table(struct ckpt_ctx *ctx, void *ptr)
+{
+ struct files_struct *files = ptr;
+ struct ckpt_hdr_file_table *h;
+ int *fdtable = NULL;
+ int nfds, n, ret;
+
+ h = ckpt_hdr_get_type(ctx, sizeof(*h), CKPT_HDR_FILE_TABLE);
+ if (!h)
+ return -ENOMEM;
+
+ nfds = scan_fds(files, &fdtable);
+ if (nfds < 0) {
+ ret = nfds;
+ goto out;
+ }
+
+ h->fdt_nfds = nfds;
+
+ ret = ckpt_write_obj(ctx, &h->h);
+ ckpt_hdr_put(ctx, h);
+ if (ret < 0)
+ goto out;
+
+ ckpt_debug("nfds %d\n", nfds);
+ for (n = 0; n < nfds; n++) {
+ ret = checkpoint_file_desc(ctx, files, fdtable[n]);
+ if (ret < 0)
+ goto out;
+ }
+
+ ret = deferqueue_run(ctx->files_deferq);
+ ckpt_debug("files_deferq ran %d entries\n", ret);
+ if (ret > 0)
+ ret = 0;
+ out:
+ kfree(fdtable);
+ return ret;
+}
+
+/* checkpoint wrapper for file table */
+int checkpoint_obj_file_table(struct ckpt_ctx *ctx, struct task_struct *t)
+{
+ struct files_struct *files;
+ int objref;
+
+ files = get_files_struct(t);
+ if (!files)
+ return -EBUSY;
+ objref = checkpoint_obj(ctx, files, CKPT_OBJ_FILE_TABLE);
+ put_files_struct(files);
+
+ return objref;
+}
+
+/***********************************************************************
+ * Collect
+ */
+
+int ckpt_collect_file(struct ckpt_ctx *ctx, struct file *file)
+{
+ int ret;
+
+ ret = ckpt_obj_collect(ctx, file, CKPT_OBJ_FILE);
+ if (ret <= 0)
+ return ret;
+ /* if first time for this file (ret > 0), invoke ->collect() */
+ if (file->f_op->collect)
+ ret = file->f_op->collect(ctx, file);
+ if (ret < 0)
+ ckpt_err(ctx, ret, "%(T)%(P)File collect\n", file);
+ return ret;
+}
+
+static int collect_file_desc(struct ckpt_ctx *ctx,
+ struct files_struct *files, int fd)
+{
+ struct fdtable *fdt;
+ struct file *file;
+ int ret;
+
+ rcu_read_lock();
+ fdt = files_fdtable(files);
+ file = fcheck_files(files, fd);
+ if (file)
+ get_file(file);
+ rcu_read_unlock();
+
+ if (!file) {
+ ckpt_err(ctx, -EBUSY, "%(T)%(P)File removed\n", file);
+ return -EBUSY;
+ }
+
+ ret = ckpt_collect_file(ctx, file);
+ fput(file);
+
+ return ret;
+}
+
+static int collect_file_table(struct ckpt_ctx *ctx, struct files_struct *files)
+{
+ int *fdtable;
+ int nfds, n;
+ int ret;
+
+ /* if already exists (ret == 0), nothing to do */
+ ret = ckpt_obj_collect(ctx, files, CKPT_OBJ_FILE_TABLE);
+ if (ret <= 0)
+ return ret;
+
+ /* if first time for this file table (ret > 0), proceed inside */
+ nfds = scan_fds(files, &fdtable);
+ if (nfds < 0)
+ return nfds;
+
+ for (n = 0; n < nfds; n++) {
+ ret = collect_file_desc(ctx, files, fdtable[n]);
+ if (ret < 0)
+ break;
+ }
+
+ kfree(fdtable);
+ return ret;
+}
+
+int ckpt_collect_file_table(struct ckpt_ctx *ctx, struct task_struct *t)
+{
+ struct files_struct *files;
+ int ret;
+
+ files = get_files_struct(t);
+ if (!files) {
+ ckpt_err(ctx, -EBUSY, "%(T)files_struct missing\n");
+ return -EBUSY;
+ }
+ ret = collect_file_table(ctx, files);
+ put_files_struct(files);
+
+ return ret;
+}
+
+/**************************************************************************
+ * Restart
+ */
+
+/**
+ * restore_open_fname - read a file name and open a file
+ * @ctx: checkpoint context
+ * @flags: file flags
+ */
+struct file *restore_open_fname(struct ckpt_ctx *ctx, int flags)
+{
+ struct file *file;
+ char *fname;
+ int len;
+
+ /* prevent bad input from doing bad things */
+ if (flags & (O_CREAT | O_EXCL | O_NOCTTY | O_TRUNC))
+ return ERR_PTR(-EINVAL);
+
+ len = ckpt_read_payload(ctx, (void **) &fname,
+ PATH_MAX, CKPT_HDR_FILE_NAME);
+ if (len < 0)
+ return ERR_PTR(len);
+ fname[len - 1] = '\0'; /* always play if safe */
+ ckpt_debug("fname '%s' flags %#x\n", fname, flags);
+
+ file = filp_open(fname, flags, 0);
+ kfree(fname);
+
+ return file;
+}
+
+static int close_all_fds(struct files_struct *files)
+{
+ int *fdtable;
+ int nfds;
+
+ nfds = scan_fds(files, &fdtable);
+ if (nfds < 0)
+ return nfds;
+ while (nfds--)
+ sys_close(fdtable[nfds]);
+ kfree(fdtable);
+ return 0;
+}
+
+/**
+ * attach_file - attach a lonely file ptr to a file descriptor
+ * @file: lonely file pointer
+ */
+static int attach_file(struct file *file)
+{
+ int fd = get_unused_fd_flags(0);
+
+ if (fd >= 0) {
+ get_file(file);
+ fsnotify_open(file->f_path.dentry);
+ fd_install(fd, file);
+ }
+ return fd;
+}
+
+#define CKPT_SETFL_MASK \
+ (O_APPEND | O_NONBLOCK | O_NDELAY | FASYNC | O_DIRECT | O_NOATIME)
+
+int restore_file_common(struct ckpt_ctx *ctx, struct file *file,
+ struct ckpt_hdr_file *h)
+{
+ fmode_t new_mode = file->f_mode;
+ fmode_t saved_mode = (__force fmode_t) h->f_mode;
+ int ret;
+
+ /* FIX: need to restore uid, gid, owner etc */
+
+ /* safe to set 1st arg (fd) to 0, as command is F_SETFL */
+ ret = vfs_fcntl(0, F_SETFL, h->f_flags & CKPT_SETFL_MASK, file);
+ if (ret < 0)
+ return ret;
+
+ /*
+ * Normally f_mode is set by open, and modified only via
+ * fcntl(), so its value now should match that at checkpoint.
+ * However, a file may be downgraded from (read-)write to
+ * read-only, e.g:
+ * - mark_files_ro() unsets FMODE_WRITE
+ * - nfs4_file_downgrade() too, and also sert FMODE_READ
+ * Validate the new f_mode against saved f_mode, allowing:
+ * - new with FMODE_WRITE, saved without FMODE_WRITE
+ * - new without FMODE_READ, saved with FMODE_READ
+ */
+ if ((new_mode & FMODE_WRITE) && !(saved_mode & FMODE_WRITE)) {
+ new_mode &= ~FMODE_WRITE;
+ if (!(new_mode & FMODE_READ) && (saved_mode & FMODE_READ))
+ new_mode |= FMODE_READ;
+ }
+ /* finally, at this point new mode should match saved mode */
+ if (new_mode ^ saved_mode)
+ return -EINVAL;
+
+ if (file->f_mode & FMODE_LSEEK)
+ ret = vfs_llseek(file, h->f_pos, SEEK_SET);
+
+ return ret;
+}
+
+static struct file *generic_file_restore(struct ckpt_ctx *ctx,
+ struct ckpt_hdr_file *ptr)
+{
+ struct file *file;
+ int ret;
+
+ if (ptr->h.type != CKPT_HDR_FILE ||
+ ptr->h.len != sizeof(*ptr) || ptr->f_type != CKPT_FILE_GENERIC)
+ return ERR_PTR(-EINVAL);
+
+ file = restore_open_fname(ctx, ptr->f_flags);
+ if (IS_ERR(file))
+ return file;
+
+ ret = restore_file_common(ctx, file, ptr);
+ if (ret < 0) {
+ fput(file);
+ file = ERR_PTR(ret);
+ }
+ return file;
+}
+
+struct restore_file_ops {
+ char *file_name;
+ enum file_type file_type;
+ struct file * (*restore) (struct ckpt_ctx *ctx,
+ struct ckpt_hdr_file *ptr);
+};
+
+static struct restore_file_ops restore_file_ops[] = {
+ /* ignored file */
+ {
+ .file_name = "IGNORE",
+ .file_type = CKPT_FILE_IGNORE,
+ .restore = NULL,
+ },
+ /* regular file/directory */
+ {
+ .file_name = "GENERIC",
+ .file_type = CKPT_FILE_GENERIC,
+ .restore = generic_file_restore,
+ },
+};
+
+static void *restore_file(struct ckpt_ctx *ctx)
+{
+ struct restore_file_ops *ops;
+ struct ckpt_hdr_file *h;
+ struct file *file = ERR_PTR(-EINVAL);
+
+ /*
+ * All 'struct ckpt_hdr_file_...' begin with ckpt_hdr_file,
+ * but the actual object depends on the file type. The length
+ * should never be more than page.
+ */
+ h = ckpt_read_buf_type(ctx, PAGE_SIZE, CKPT_HDR_FILE);
+ if (IS_ERR(h))
+ return (void *)h;
+ ckpt_debug("flags %#x mode %#x type %d\n",
+ h->f_flags, h->f_mode, h->f_type);
+
+ if (h->f_type >= CKPT_FILE_MAX)
+ goto out;
+
+ ops = &restore_file_ops[h->f_type];
+ BUG_ON(ops->file_type != h->f_type);
+
+ if (ops->restore)
+ file = ops->restore(ctx, h);
+ out:
+ ckpt_hdr_put(ctx, h);
+ return (void *)file;
+}
+
+/**
+ * ckpt_read_file_desc - restore the state of a given file descriptor
+ * @ctx: checkpoint context
+ *
+ * Restores the state of a file descriptor; looks up the objref (in the
+ * header) in the hash table, and if found picks the matching file and
+ * use it; otherwise calls restore_file to restore the file too.
+ */
+static int restore_file_desc(struct ckpt_ctx *ctx)
+{
+ struct ckpt_hdr_file_desc *h;
+ struct file *file;
+ int newfd, ret;
+
+ h = ckpt_read_obj_type(ctx, sizeof(*h), CKPT_HDR_FILE_DESC);
+ if (IS_ERR(h))
+ return PTR_ERR(h);
+ ckpt_debug("ref %d fd %d c.o.e %d\n",
+ h->fd_objref, h->fd_descriptor, h->fd_close_on_exec);
+
+ ret = -EINVAL;
+ if (h->fd_objref <= 0 || h->fd_descriptor < 0)
+ goto out;
+
+ file = ckpt_obj_fetch(ctx, h->fd_objref, CKPT_OBJ_FILE);
+ if (IS_ERR(file)) {
+ ret = PTR_ERR(file);
+ goto out;
+ }
+
+ newfd = attach_file(file);
+ if (newfd < 0) {
+ ret = newfd;
+ goto out;
+ }
+
+ ckpt_debug("newfd got %d wanted %d\n", newfd, h->fd_descriptor);
+
+ /* reposition if newfd isn't desired fd */
+ if (newfd != h->fd_descriptor) {
+ ret = sys_dup2(newfd, h->fd_descriptor);
+ if (ret < 0)
+ goto out;
+ sys_close(newfd);
+ }
+
+ set_close_on_exec(h->fd_descriptor, h->fd_close_on_exec);
+ ret = 0;
+ out:
+ ckpt_hdr_put(ctx, h);
+ return ret;
+}
+
+/* restore callback for file table */
+static void *restore_file_table(struct ckpt_ctx *ctx)
+{
+ struct ckpt_hdr_file_table *h;
+ struct files_struct *files;
+ int i, ret;
+
+ h = ckpt_read_obj_type(ctx, sizeof(*h), CKPT_HDR_FILE_TABLE);
+ if (IS_ERR(h))
+ return (void *)h;
+
+ ckpt_debug("nfds %d\n", h->fdt_nfds);
+
+ ret = -EMFILE;
+ if (h->fdt_nfds < 0 || h->fdt_nfds > sysctl_nr_open)
+ goto out;
+
+ /*
+ * We assume that restarting tasks, as created in user-space,
+ * have distinct files_struct objects each. If not, we need to
+ * call dup_fd() to make sure we don't overwrite an already
+ * restored one.
+ */
+
+ /* point of no return -- close all file descriptors */
+ ret = close_all_fds(current->files);
+ if (ret < 0)
+ goto out;
+
+ for (i = 0; i < h->fdt_nfds; i++) {
+ ret = restore_file_desc(ctx);
+ if (ret < 0)
+ goto out;
+ }
+
+ ret = deferqueue_run(ctx->files_deferq);
+ ckpt_debug("files_deferq ran %d entries\n", ret);
+ if (ret > 0)
+ ret = 0;
+ out:
+ ckpt_hdr_put(ctx, h);
+ if (!ret) {
+ files = current->files;
+ atomic_inc(&files->count);
+ } else {
+ files = ERR_PTR(ret);
+ }
+ return (void *)files;
+}
+
+int restore_obj_file_table(struct ckpt_ctx *ctx, int files_objref)
+{
+ struct files_struct *files;
+
+ files = ckpt_obj_fetch(ctx, files_objref, CKPT_OBJ_FILE_TABLE);
+ if (IS_ERR(files))
+ return PTR_ERR(files);
+
+ if (files != current->files) {
+ struct files_struct *prev;
+
+ task_lock(current);
+ prev = current->files;
+ current->files = files;
+ atomic_inc(&files->count);
+ task_unlock(current);
+
+ put_files_struct(prev);
+ }
+
+ return 0;
+}
+
+/*
+ * fs-related checkpoint objects
+ */
+static int obj_file_table_grab(void *ptr)
+{
+ atomic_inc(&((struct files_struct *) ptr)->count);
+ return 0;
+}
+
+static void obj_file_table_drop(void *ptr, int lastref)
+{
+ put_files_struct((struct files_struct *) ptr);
+}
+
+static int obj_file_table_users(void *ptr)
+{
+ return atomic_read(&((struct files_struct *) ptr)->count);
+}
+
+static int obj_file_grab(void *ptr)
+{
+ get_file((struct file *) ptr);
+ return 0;
+}
+
+static void obj_file_drop(void *ptr, int lastref)
+{
+ fput((struct file *) ptr);
+}
+
+static int obj_file_users(void *ptr)
+{
+ return atomic_long_read(&((struct file *) ptr)->f_count);
+}
+
+/* files_struct object */
+static const struct ckpt_obj_ops ckpt_obj_files_struct_ops = {
+ .obj_name = "FILE_TABLE",
+ .obj_type = CKPT_OBJ_FILE_TABLE,
+ .ref_drop = obj_file_table_drop,
+ .ref_grab = obj_file_table_grab,
+ .ref_users = obj_file_table_users,
+ .checkpoint = checkpoint_file_table,
+ .restore = restore_file_table,
+};
+
+/* file object */
+static const struct ckpt_obj_ops ckpt_obj_file_ops = {
+ .obj_name = "FILE",
+ .obj_type = CKPT_OBJ_FILE,
+ .ref_drop = obj_file_drop,
+ .ref_grab = obj_file_grab,
+ .ref_users = obj_file_users,
+ .checkpoint = checkpoint_file,
+ .restore = restore_file,
+};
+
+static __init int checkpoint_register_fs(void)
+{
+ int ret;
+
+ ret = register_checkpoint_obj(&ckpt_obj_files_struct_ops);
+ if (ret < 0)
+ return ret;
+ ret = register_checkpoint_obj(&ckpt_obj_file_ops);
+ if (ret < 0)
+ return ret;
+ return 0;
+}
+late_initcall(checkpoint_register_fs);
diff --git a/fs/locks.c b/fs/locks.c
index ab24d49..9cd859e 100644
--- a/fs/locks.c
+++ b/fs/locks.c
@@ -1995,6 +1995,41 @@ void locks_remove_posix(struct file *filp, fl_owner_t owner)
EXPORT_SYMBOL(locks_remove_posix);
+int find_locks_with_owner(struct file *filp, fl_owner_t owner)
+{
+ struct inode *inode = filp->f_path.dentry->d_inode;
+ struct file_lock **inode_fl;
+ int ret = -EEXIST;
+
+ lock_kernel();
+ for_each_lock(inode, inode_fl) {
+ struct file_lock *fl = *inode_fl;
+ /*
+ * We could use posix_same_owner() along with a 'fake'
+ * file_lock. But, the fake file will never have the
+ * same fl_lmops as the fl that we are looking for and
+ * posix_same_owner() would just fall back to this
+ * check anyway.
+ */
+ if (IS_POSIX(fl)) {
+ if (fl->fl_owner == owner) {
+ ret = 0;
+ break;
+ }
+ } else if (IS_FLOCK(fl) || IS_LEASE(fl)) {
+ if (fl->fl_file == filp) {
+ ret = 0;
+ break;
+ }
+ } else {
+ WARN(1, "unknown file lock type, fl_flags: %x",
+ fl->fl_flags);
+ }
+ }
+ unlock_kernel();
+ return ret;
+}
+
/*
* This function is called on the last close of an open file.
*/
diff --git a/include/linux/checkpoint.h b/include/linux/checkpoint.h
index d438d08..f07209c 100644
--- a/include/linux/checkpoint.h
+++ b/include/linux/checkpoint.h
@@ -80,6 +80,9 @@ extern int ckpt_read_payload(struct ckpt_ctx *ctx,
extern char *ckpt_read_string(struct ckpt_ctx *ctx, int max);
extern int ckpt_read_consume(struct ckpt_ctx *ctx, int len, int type);
+extern char *ckpt_fill_fname(struct path *path, struct path *root,
+ char *buf, int *len);
+
/* ckpt kflags */
#define ckpt_set_ctx_kflag(__ctx, __kflag) \
set_bit(__kflag##_BIT, &(__ctx)->kflags)
@@ -158,6 +161,24 @@ extern int checkpoint_restart_block(struct ckpt_ctx *ctx,
struct task_struct *t);
extern int restore_restart_block(struct ckpt_ctx *ctx);
+/* file table */
+extern int ckpt_collect_file_table(struct ckpt_ctx *ctx, struct task_struct *t);
+extern int checkpoint_obj_file_table(struct ckpt_ctx *ctx,
+ struct task_struct *t);
+extern int restore_obj_file_table(struct ckpt_ctx *ctx, int files_objref);
+
+/* files */
+extern int checkpoint_fname(struct ckpt_ctx *ctx,
+ struct path *path, struct path *root);
+extern struct file *restore_open_fname(struct ckpt_ctx *ctx, int flags);
+
+extern int ckpt_collect_file(struct ckpt_ctx *ctx, struct file *file);
+
+extern int checkpoint_file_common(struct ckpt_ctx *ctx, struct file *file,
+ struct ckpt_hdr_file *h);
+extern int restore_file_common(struct ckpt_ctx *ctx, struct file *file,
+ struct ckpt_hdr_file *h);
+
static inline int ckpt_validate_errno(int errno)
{
return (errno >= 0) && (errno < MAX_ERRNO);
@@ -168,6 +189,7 @@ static inline int ckpt_validate_errno(int errno)
#define CKPT_DSYS 0x2 /* generic (system) */
#define CKPT_DRW 0x4 /* image read/write */
#define CKPT_DOBJ 0x8 /* shared objects */
+#define CKPT_DFILE 0x10 /* files and filesystem */
#define CKPT_DDEFAULT 0xffff /* default debug level */
diff --git a/include/linux/checkpoint_hdr.h b/include/linux/checkpoint_hdr.h
index 5545ef6..ec3257a 100644
--- a/include/linux/checkpoint_hdr.h
+++ b/include/linux/checkpoint_hdr.h
@@ -76,6 +76,8 @@ enum {
#define CKPT_HDR_TREE CKPT_HDR_TREE
CKPT_HDR_TASK,
#define CKPT_HDR_TASK CKPT_HDR_TASK
+ CKPT_HDR_TASK_OBJS,
+#define CKPT_HDR_TASK_OBJS CKPT_HDR_TASK_OBJS
CKPT_HDR_RESTART_BLOCK,
#define CKPT_HDR_RESTART_BLOCK CKPT_HDR_RESTART_BLOCK
CKPT_HDR_THREAD,
@@ -85,6 +87,15 @@ enum {
/* 201-299: reserved for arch-dependent */
+ CKPT_HDR_FILE_TABLE = 301,
+#define CKPT_HDR_FILE_TABLE CKPT_HDR_FILE_TABLE
+ CKPT_HDR_FILE_DESC,
+#define CKPT_HDR_FILE_DESC CKPT_HDR_FILE_DESC
+ CKPT_HDR_FILE_NAME,
+#define CKPT_HDR_FILE_NAME CKPT_HDR_FILE_NAME
+ CKPT_HDR_FILE,
+#define CKPT_HDR_FILE CKPT_HDR_FILE
+
CKPT_HDR_TAIL = 9001,
#define CKPT_HDR_TAIL CKPT_HDR_TAIL
@@ -111,6 +122,10 @@ struct ckpt_hdr_objref {
enum obj_type {
CKPT_OBJ_IGNORE = 0,
#define CKPT_OBJ_IGNORE CKPT_OBJ_IGNORE
+ CKPT_OBJ_FILE_TABLE,
+#define CKPT_OBJ_FILE_TABLE CKPT_OBJ_FILE_TABLE
+ CKPT_OBJ_FILE,
+#define CKPT_OBJ_FILE CKPT_OBJ_FILE
CKPT_OBJ_MAX
#define CKPT_OBJ_MAX CKPT_OBJ_MAX
};
@@ -193,6 +208,12 @@ struct ckpt_hdr_task {
__u64 clear_child_tid;
} __attribute__((aligned(8)));
+/* task's shared resources */
+struct ckpt_hdr_task_objs {
+ struct ckpt_hdr h;
+ __s32 files_objref;
+} __attribute__((aligned(8)));
+
/* restart blocks */
struct ckpt_hdr_restart_block {
struct ckpt_hdr h;
@@ -225,4 +246,42 @@ enum restart_block_type {
#define CKPT_RESTART_BLOCK_FUTEX CKPT_RESTART_BLOCK_FUTEX
};
+/* file system */
+struct ckpt_hdr_file_table {
+ struct ckpt_hdr h;
+ __s32 fdt_nfds;
+} __attribute__((aligned(8)));
+
+/* file descriptors */
+struct ckpt_hdr_file_desc {
+ struct ckpt_hdr h;
+ __s32 fd_objref;
+ __s32 fd_descriptor;
+ __u32 fd_close_on_exec;
+} __attribute__((aligned(8)));
+
+enum file_type {
+ CKPT_FILE_IGNORE = 0,
+#define CKPT_FILE_IGNORE CKPT_FILE_IGNORE
+ CKPT_FILE_GENERIC,
+#define CKPT_FILE_GENERIC CKPT_FILE_GENERIC
+ CKPT_FILE_MAX
+#define CKPT_FILE_MAX CKPT_FILE_MAX
+};
+
+/* file objects */
+struct ckpt_hdr_file {
+ struct ckpt_hdr h;
+ __u32 f_type;
+ __u32 f_mode;
+ __u32 f_flags;
+ __u32 _padding;
+ __u64 f_pos;
+ __u64 f_version;
+} __attribute__((aligned(8)));
+
+struct ckpt_hdr_file_generic {
+ struct ckpt_hdr_file common;
+} __attribute__((aligned(8)));
+
#endif /* _CHECKPOINT_CKPT_HDR_H_ */
diff --git a/include/linux/checkpoint_types.h b/include/linux/checkpoint_types.h
index ce68f54..ce46a59 100644
--- a/include/linux/checkpoint_types.h
+++ b/include/linux/checkpoint_types.h
@@ -14,6 +14,8 @@
#include <linux/sched.h>
#include <linux/nsproxy.h>
+#include <linux/list.h>
+#include <linux/path.h>
#include <linux/fs.h>
#include <linux/ktime.h>
#include <linux/wait.h>
@@ -40,6 +42,9 @@ struct ckpt_ctx {
atomic_t refcount;
struct ckpt_obj_hash *obj_hash; /* repository for shared objects */
+ struct deferqueue_head *files_deferq; /* deferred file-table work */
+
+ struct path root_fs_path; /* container root (FIXME) */
struct task_struct *tsk;/* checkpoint: current target task */
char err_string[256]; /* checkpoint: error string */
diff --git a/include/linux/fs.h b/include/linux/fs.h
index c06c157..c0a59ea 100644
--- a/include/linux/fs.h
+++ b/include/linux/fs.h
@@ -1123,6 +1123,7 @@ extern void locks_remove_posix(struct file *, fl_owner_t);
extern void locks_remove_flock(struct file *);
extern void locks_release_private(struct file_lock *);
extern void posix_test_lock(struct file *, struct file_lock *);
+extern int find_locks_with_owner(struct file *filp, fl_owner_t owner);
extern int posix_lock_file(struct file *, struct file_lock *, struct file_lock *);
extern int posix_lock_file_wait(struct file *, struct file_lock *);
extern int posix_unblock_lock(struct file *, struct file_lock *);
@@ -1191,6 +1192,11 @@ static inline void locks_remove_posix(struct file *filp, fl_owner_t owner)
return;
}
+static inline int find_locks_with_owner(struct file *filp, fl_owner_t owner)
+{
+ return -ENOENT;
+}
+
static inline void locks_remove_flock(struct file *filp)
{
return;
@@ -2323,6 +2329,10 @@ void inode_sub_bytes(struct inode *inode, loff_t bytes);
loff_t inode_get_bytes(struct inode *inode);
void inode_set_bytes(struct inode *inode, loff_t bytes);
+#ifdef CONFIG_CHECKPOINT
+extern int generic_file_checkpoint(struct ckpt_ctx *ctx, struct file *file);
+#endif
+
extern int vfs_readdir(struct file *, filldir_t, void *);
extern int vfs_stat(char __user *, struct kstat *);
diff --git a/kernel/checkpoint/checkpoint.c b/kernel/checkpoint/checkpoint.c
index 4640e80..a4f6854 100644
--- a/kernel/checkpoint/checkpoint.c
+++ b/kernel/checkpoint/checkpoint.c
@@ -20,6 +20,7 @@
#include <linux/time.h>
#include <linux/fs.h>
#include <linux/file.h>
+#include <linux/fs_struct.h>
#include <linux/dcache.h>
#include <linux/mount.h>
#include <linux/utsname.h>
@@ -491,6 +492,7 @@ static int init_checkpoint_ctx(struct ckpt_ctx *ctx, pid_t pid)
{
struct task_struct *task;
struct nsproxy *nsproxy;
+ struct fs_struct *fs;
/*
* No need for explicit cleanup here, because if an error
@@ -532,6 +534,15 @@ static int init_checkpoint_ctx(struct ckpt_ctx *ctx, pid_t pid)
return -EINVAL; /* cleanup by ckpt_ctx_free() */
}
+ /* root vfs (FIX: WILL CHANGE with mnt-ns etc */
+ task_lock(ctx->root_task);
+ fs = ctx->root_task->fs;
+ read_lock(&fs->lock);
+ ctx->root_fs_path = fs->root;
+ path_get(&ctx->root_fs_path);
+ read_unlock(&fs->lock);
+ task_unlock(ctx->root_task);
+
return 0;
}
diff --git a/kernel/checkpoint/process.c b/kernel/checkpoint/process.c
index f17f040..3880fa6 100644
--- a/kernel/checkpoint/process.c
+++ b/kernel/checkpoint/process.c
@@ -103,6 +103,29 @@ static int checkpoint_task_struct(struct ckpt_ctx *ctx, struct task_struct *t)
return ckpt_write_string(ctx, t->comm, TASK_COMM_LEN);
}
+static int checkpoint_task_objs(struct ckpt_ctx *ctx, struct task_struct *t)
+{
+ struct ckpt_hdr_task_objs *h;
+ int files_objref;
+ int ret;
+
+ files_objref = checkpoint_obj_file_table(ctx, t);
+ ckpt_debug("files: objref %d\n", files_objref);
+ if (files_objref < 0) {
+ ckpt_err(ctx, files_objref, "%(T)files_struct\n");
+ return files_objref;
+ }
+
+ h = ckpt_hdr_get_type(ctx, sizeof(*h), CKPT_HDR_TASK_OBJS);
+ if (!h)
+ return -ENOMEM;
+ h->files_objref = files_objref;
+ ret = ckpt_write_obj(ctx, &h->h);
+ ckpt_hdr_put(ctx, h);
+
+ return ret;
+}
+
/* dump the task_struct of a given task */
int checkpoint_restart_block(struct ckpt_ctx *ctx, struct task_struct *t)
{
@@ -239,6 +262,10 @@ int checkpoint_task(struct ckpt_ctx *ctx, struct task_struct *t)
goto out;
ret = checkpoint_cpu(ctx, t);
ckpt_debug("cpu %d\n", ret);
+ if (ret < 0)
+ goto out;
+ ret = checkpoint_task_objs(ctx, t);
+ ckpt_debug("objs %d\n", ret);
out:
ctx->tsk = NULL;
return ret;
@@ -246,7 +273,11 @@ int checkpoint_task(struct ckpt_ctx *ctx, struct task_struct *t)
int ckpt_collect_task(struct ckpt_ctx *ctx, struct task_struct *t)
{
- return 0;
+ int ret;
+
+ ret = ckpt_collect_file_table(ctx, t);
+
+ return ret;
}
/***********************************************************************
@@ -316,6 +347,22 @@ static int restore_task_struct(struct ckpt_ctx *ctx)
return ret;
}
+static int restore_task_objs(struct ckpt_ctx *ctx)
+{
+ struct ckpt_hdr_task_objs *h;
+ int ret;
+
+ h = ckpt_read_obj_type(ctx, sizeof(*h), CKPT_HDR_TASK_OBJS);
+ if (IS_ERR(h))
+ return PTR_ERR(h);
+
+ ret = restore_obj_file_table(ctx, h->files_objref);
+ ckpt_debug("file_table: ret %d (%p)\n", ret, current->files);
+
+ ckpt_hdr_put(ctx, h);
+ return ret;
+}
+
int restore_restart_block(struct ckpt_ctx *ctx)
{
struct ckpt_hdr_restart_block *h;
@@ -445,6 +492,10 @@ int restore_task(struct ckpt_ctx *ctx)
goto out;
ret = restore_cpu(ctx);
ckpt_debug("cpu %d\n", ret);
+ if (ret < 0)
+ goto out;
+ ret = restore_task_objs(ctx);
+ ckpt_debug("objs %d\n", ret);
out:
return ret;
}
diff --git a/kernel/checkpoint/sys.c b/kernel/checkpoint/sys.c
index 5e84915..0f4a74f 100644
--- a/kernel/checkpoint/sys.c
+++ b/kernel/checkpoint/sys.c
@@ -22,6 +22,7 @@
#include <linux/file.h>
#include <linux/uaccess.h>
#include <linux/capability.h>
+#include <linux/deferqueue.h>
#include <linux/checkpoint.h>
/*
@@ -198,12 +199,16 @@ static void ckpt_ctx_free(struct ckpt_ctx *ctx)
if (ctx->kflags & CKPT_CTX_RESTART)
restore_debug_free(ctx);
+ if (ctx->files_deferq)
+ deferqueue_destroy(ctx->files_deferq);
+
if (ctx->file)
fput(ctx->file);
if (ctx->logfile)
fput(ctx->logfile);
ckpt_obj_hash_free(ctx);
+ path_put(&ctx->root_fs_path);
if (ctx->tasks_arr)
task_arr_free(ctx);
@@ -262,6 +267,10 @@ static struct ckpt_ctx *ckpt_ctx_alloc(int fd, unsigned long uflags,
if (ckpt_obj_hash_alloc(ctx) < 0)
goto err;
+ ctx->files_deferq = deferqueue_create();
+ if (!ctx->files_deferq)
+ goto err;
+
atomic_inc(&ctx->refcount);
return ctx;
err:
--
1.6.3.3
^ permalink raw reply related [flat|nested] 137+ messages in thread* [PATCH v21 039/100] c/r: introduce method '->checkpoint()' in struct vm_operations_struct
2010-05-01 14:14 [PATCH v21 00/100] Kernel based checkpoint/restart Oren Laadan
` (37 preceding siblings ...)
2010-05-01 14:15 ` [PATCH v21 038/100] c/r: checkpoint and restart open file descriptors Oren Laadan
@ 2010-05-01 14:15 ` Oren Laadan
2010-05-01 14:15 ` [PATCH v21 040/100] Introduce FOLL_DIRTY to follow_page() for "dirty" pages Oren Laadan
` (62 subsequent siblings)
101 siblings, 0 replies; 137+ messages in thread
From: Oren Laadan @ 2010-05-01 14:15 UTC (permalink / raw)
To: Andrew Morton
Cc: containers, linux-kernel, Serge Hallyn, Matt Helsley,
Pavel Emelyanov, Oren Laadan, linux-fsdevel, linux-mm
Changelog[v17]
- Forward-declare 'ckpt_ctx et-al, don't use checkpoint_types.h
Cc: linux-fsdevel@vger.kernel.org
Cc: linux-mm@kvack.org
Signed-off-by: Oren Laadan <orenl@cs.columbia.edu>
Acked-by: Serge E. Hallyn <serue@us.ibm.com>
Tested-by: Serge E. Hallyn <serue@us.ibm.com>
---
include/linux/mm.h | 4 ++++
1 files changed, 4 insertions(+), 0 deletions(-)
diff --git a/include/linux/mm.h b/include/linux/mm.h
index 462acaf..4dfaf69 100644
--- a/include/linux/mm.h
+++ b/include/linux/mm.h
@@ -20,6 +20,7 @@ struct file_ra_state;
struct user_struct;
struct writeback_control;
struct rlimit;
+struct ckpt_ctx;
#ifndef CONFIG_DISCONTIGMEM /* Don't use mapnrs, do it properly */
extern unsigned long max_mapnr;
@@ -221,6 +222,9 @@ struct vm_operations_struct {
int (*migrate)(struct vm_area_struct *vma, const nodemask_t *from,
const nodemask_t *to, unsigned long flags);
#endif
+#ifdef CONFIG_CHECKPOINT
+ int (*checkpoint)(struct ckpt_ctx *ctx, struct vm_area_struct *vma);
+#endif
};
struct mmu_gather;
--
1.6.3.3
^ permalink raw reply related [flat|nested] 137+ messages in thread* [PATCH v21 040/100] Introduce FOLL_DIRTY to follow_page() for "dirty" pages
2010-05-01 14:14 [PATCH v21 00/100] Kernel based checkpoint/restart Oren Laadan
` (38 preceding siblings ...)
2010-05-01 14:15 ` [PATCH v21 039/100] c/r: introduce method '->checkpoint()' in struct vm_operations_struct Oren Laadan
@ 2010-05-01 14:15 ` Oren Laadan
2010-05-01 14:15 ` [PATCH v21 041/100] c/r: dump memory address space (private memory) Oren Laadan
` (61 subsequent siblings)
101 siblings, 0 replies; 137+ messages in thread
From: Oren Laadan @ 2010-05-01 14:15 UTC (permalink / raw)
To: Andrew Morton
Cc: containers, linux-kernel, Serge Hallyn, Matt Helsley,
Pavel Emelyanov, Oren Laadan, linux-mm
This is a preparatory patch necessary for checkpoint/restart (next
two patches) of memory to work correctly.
The patch introduces a new FOLL_DIRTY flag which tells follow_page()
to return -EFAULT also for not-present file-backed pages.
In 2.6.32 follow_page() changes its behavior due to this commit:
mm: FOLL_DUMP replace FOLL_ANON
8e4b9a60718970bbc02dfd3abd0b956ab65af231
Also introduce __get_dirty_page() that returns a page only if it's
"dirty", that is that has been modified before, and otherwise returns
NULL. It uses FOLL_DUMP | FOLL_DIRTY and converts the error value
EFAULT to NULL - telling the caller that the page in question is
clean.
(This also optimizes for checkpoint in the next patch: before, if a
file-backed page was not-present we would first fault it in (read from
disk) and then detect that it was virgin. Instead, now we detect that
the page is clean earlier without needing to fault it in).
To see why it's needed, consider these scenarios:
1. Task maps a file beyond it's limit, never touches those
extra page (if it did, it would get EFAULT/Bus error)
2. Task maps a file and writes the last page, then the file gets
truncated (by at least a page). A subsequent access to the page will
cause bus error (VM_FAULT_SIGBUS).
3. If the file size is extended back (using truncate) and the task
accesses that page, then the task will get a fresh page (losing data
it had written to that address before).
[Before kernel 2.6.32, that page would become anonymous once it was
dirtied, such that accesses in case #2 are valid, and in case #3 the
task would see the old page regardless of the file contents.]
--CHECKPOINT: before we used FOLL_ANON flags to tell follow_page() to
return the zero-page for case#1. For case#2, the actual page was
returned. Without this patch, In kernel 2.3.32, FOLL_DUMP would make
follow_page() return NULL and then fault handler would have returned
VM_FAULT_SIGBUS in case#1 (and depending on arch, case#2 too), and
checkpoint would fails.
--RESTART: case #1 works, because mmap() works as before, and those
pages that were never touched will not be restored either, they will
remain untouched. The same holds for case#2 (as of kernel 2.6.32),
because at checkpoint it would decide that the page is clean and not
save the contents, and therefore it will not try to restore the
contents at restart. This is consistent with the expected behavior
after restart: if the file remains as is, subsequent accesses will
trigger a bus error, and if the file is extended, then the user will
observe a fresh page.
Cc: linux-mm@kvack.org
Signed-off-by: Oren Laadan <orenl@cs.columbia.edu>
Acked-by: Serge E. Hallyn <serue@us.ibm.com>
Tested-by: Serge E. Hallyn <serue@us.ibm.com>
---
include/linux/mm.h | 2 +
mm/memory.c | 95 +++++++++++++++++++++++++++++++++++++++++++++++++++-
2 files changed, 96 insertions(+), 1 deletions(-)
diff --git a/include/linux/mm.h b/include/linux/mm.h
index 4dfaf69..5e9ad0d 100644
--- a/include/linux/mm.h
+++ b/include/linux/mm.h
@@ -846,6 +846,7 @@ int get_user_pages(struct task_struct *tsk, struct mm_struct *mm,
int get_user_pages_fast(unsigned long start, int nr_pages, int write,
struct page **pages);
struct page *get_dump_page(unsigned long addr);
+struct page *__get_dirty_page(struct vm_area_struct *vma, unsigned long addr);
extern int try_to_release_page(struct page * page, gfp_t gfp_mask);
extern void do_invalidatepage(struct page *page, unsigned long offset);
@@ -1373,6 +1374,7 @@ struct page *follow_page(struct vm_area_struct *, unsigned long address,
#define FOLL_GET 0x04 /* do get_page on page */
#define FOLL_DUMP 0x08 /* give error on hole if it would be zero */
#define FOLL_FORCE 0x10 /* get_user_pages read/write w/o permission */
+#define FOLL_DIRTY 0x20 /* give error on non-present file mapped */
typedef int (*pte_fn_t)(pte_t *pte, pgtable_t token, unsigned long addr,
void *data);
diff --git a/mm/memory.c b/mm/memory.c
index 833952d..21de72d 100644
--- a/mm/memory.c
+++ b/mm/memory.c
@@ -1314,8 +1314,17 @@ bad_page:
no_page:
pte_unmap_unlock(ptep, ptl);
- if (!pte_none(pte))
+ if (!pte_none(pte)) {
+ /*
+ * When checkpointing we only care about dirty pages.
+ * If a file-backed page is missing, then return an
+ * error to tell __get_dirty_page() that it's clean,
+ * so it won't try to demand page it into memory.
+ */
+ if ((flags & FOLL_DIRTY) && pte_file(pte))
+ page = ERR_PTR(-EFAULT);
return page;
+ }
no_page_table:
/*
@@ -1329,6 +1338,16 @@ no_page_table:
if ((flags & FOLL_DUMP) &&
(!vma->vm_ops || !vma->vm_ops->fault))
return ERR_PTR(-EFAULT);
+
+ /*
+ * When checkpointing we only care about dirty pages. If there
+ * is no page table for a non-anonymous page, we return an
+ * error to tell __get_dirty_page() that the page is clean, so
+ * it won't allocate page tables and the page unnecessarily.
+ */
+ if ((flags & FOLL_DIRTY) && vma->vm_ops)
+ return ERR_PTR(-EFAULT);
+
return page;
}
@@ -1586,6 +1605,80 @@ pte_t *get_locked_pte(struct mm_struct *mm, unsigned long addr,
return NULL;
}
+/**
+ * __get_dirty_page - return page pointer for dirty user page
+ * @vma - target vma
+ * @addr - page address
+ *
+ * Looks up the page that correspond to the address in the vma, and
+ * return the page if it was modified (and grabs a reference to it),
+ * or otherwise returns NULL or error.
+ *
+ * Should only be called for private vma.
+ * Must be called with mmap_sem held for read or write.
+ */
+struct page *__get_dirty_page(struct vm_area_struct *vma, unsigned long addr)
+{
+ struct page *page;
+
+ BUG_ON(vma->vm_flags & (VM_SHARED | VM_MAYSHARE));
+
+ /*
+ * FOLL_DUMP tells follow_page() to return -EFAULT for either
+ * non-present anonymous pages, or memory "holes".
+ * FOLL_DIRTY tells follow_page() to return -EFAULT also for
+ * non-present file-mapped pages.
+ * Otherwise, follow_page() returns the page, or NULL if the
+ * page is swapped out.
+ */
+
+ cond_resched();
+ while (!(page = follow_page(vma, addr,
+ FOLL_GET | FOLL_DUMP | FOLL_DIRTY))) {
+ int ret;
+
+ /* the page is swapped out - bring it in (optimize ?) */
+ ret = handle_mm_fault(vma->vm_mm, vma, addr, 0);
+ if (ret & VM_FAULT_ERROR) {
+ if (ret & VM_FAULT_OOM)
+ return ERR_PTR(-ENOMEM);
+ else if (ret & VM_FAULT_SIGBUS)
+ return ERR_PTR(-EFAULT);
+ else
+ BUG();
+ break;
+ }
+ cond_resched();
+ }
+
+ /* -EFAULT means that the page is clean (see above) */
+ if (PTR_ERR(page) == -EFAULT)
+ return NULL;
+ else if (IS_ERR(page))
+ return page;
+
+ /*
+ * Only care about dirty pages: either anonymous non-zero pages,
+ * or file-backed COW (copy-on-write) pages that were modified.
+ * A clean COW page is not interesting because its contents are
+ * identical to the backing file; ignore such pages.
+ * A file-backed broken COW is identified by its page_mapping()
+ * being unset (NULL) because the page will no longer be mapped
+ * to the original file after having been modified.
+ */
+ if (is_zero_pfn(page_to_pfn(page))) {
+ /* this is the zero page: ignore */
+ page_cache_release(page);
+ page = NULL;
+ } else if (vma->vm_file && (page_mapping(page) != NULL)) {
+ /* file backed clean cow: ignore */
+ page_cache_release(page);
+ page = NULL;
+ }
+
+ return page;
+}
+
/*
* This is the old fallback for page remapping.
*
--
1.6.3.3
^ permalink raw reply related [flat|nested] 137+ messages in thread* [PATCH v21 041/100] c/r: dump memory address space (private memory)
2010-05-01 14:14 [PATCH v21 00/100] Kernel based checkpoint/restart Oren Laadan
` (39 preceding siblings ...)
2010-05-01 14:15 ` [PATCH v21 040/100] Introduce FOLL_DIRTY to follow_page() for "dirty" pages Oren Laadan
@ 2010-05-01 14:15 ` Oren Laadan
2010-05-01 14:15 ` [PATCH v21 042/100] c/r: add generic '->checkpoint' f_op to ext fses Oren Laadan
` (60 subsequent siblings)
101 siblings, 0 replies; 137+ messages in thread
From: Oren Laadan @ 2010-05-01 14:15 UTC (permalink / raw)
To: Andrew Morton
Cc: containers, linux-kernel, Serge Hallyn, Matt Helsley,
Pavel Emelyanov, Oren Laadan, linux-mm, linux-fsdevel
For each vma, there is a 'struct ckpt_vma'; Then comes the actual
contents, in one or more chunk: each chunk begins with a header that
specifies how many pages it holds, then the virtual addresses of all
the dumped pages in that chunk, followed by the actual contents of all
dumped pages. A header with zero number of pages marks the end of the
contents. Then comes the next vma and so on.
To checkpoint a vma, call the ops->checkpoint() method of that vma.
Normally the per-vma function will invoke generic_vma_checkpoint()
which first writes the vma description, followed by the specific
logic to dump the contents of the pages.
Currently for private mapped memory we save the pathname of the file
that is mapped (restart will use it to re-open it and then map it).
Later we change that to reference a file object.
Restoring the memory address space begins with nuking the existing one
of the current process, and then reading the vma state and contents.
Call do_mmap_pgoffset() for each vma and then read in the data.
Changelog[v21]:
- Do not include checkpoint_hdr.h explicitly
- Replace __initcall() with late_initcall()
- Merge mm dump/restore into a single patch
- Put file_ops->checkpoint under CONFIG_CHECKPOINT
Changelog[v20]:
- Only use arch_setup_additional_pages() if supported by arch
Changelog[v19]:
- [Serge Hallyn] Checkpoint saved_auxv as u64s
- [Serge Hallyn] do_munmap(): remove unused local vars
Changelog[v19-rc3]:
- Separate __get_dirty_page() into its own patch
- Export filemap_checkpoint()
- [Serge Hallyn] Disallow checkpoint of tasks with aio requests
- Fix compilation failure when !CONFIG_CHEKCPOINT (regression)
- [Serge Hallyn] move destroy_mm into mmap.c and remove size check
- [Serge Hallyn] fill vdso (syscall32_setup_pages) for TIF_IA32/x86_64
- Do not hold mmap_sem when reading memory pages on restart
Changelog[v19-rc2]:
- Expose page write functions
- Take mmap_sem() around vma_fill_pgarr() (fix regression)
- Move consider_private_page() to mm/memory.c:__get_dirty_page()
- Expose page write functions
- [Serge Hallyn] Fix return value of read_pages_contents()
Changelog[v19-rc1]:
- [Matt Helsley] Add cpp definitions for enums
- Do not hold mmap_sem while checkpointing vma's
Changelog[v18]:
- Tighten checks on supported vma to checkpoint or restart
- Add a few more ckpt_write_err()s
- [Serge Hallyn] Export filemap_checkpoint() (used later for ext4)
- Use ckpt_collect_file() instead of ckpt_obj_collect() for files
- In collect_mm() use retval from ckpt_obj_collect() to test for
first-time-object
- Tighten checks on supported vma to checkpoint or restart
Changelog[v17]:
- Only collect sub-objects of mm_struct once
- Save mm->{flags,def_flags,saved_auxv}
- Restore mm->{flags,def_flags,saved_auxv}
- Fix bogus warning in do_restore_mm()
Changelog[v16]:
- Precede vaddrs/pages with a buffer header
- Checkpoint mm->exe_file
- Handle shared task->mm
- Restore mm->exe_file
Changelog[v14]:
- Modify the ops->checkpoint method to be much more powerful
- Improve support for VDSO (with special_mapping checkpoint callback)
- Save new field 'vdso' in mm_context
- Revert change to pr_debug(), back to ckpt_debug()
- Check whether calls to ckpt_hbuf_get() fail
- Discard field 'h->parent'
- Introduce per vma-type restore() function
- Merge restart code into same file as checkpoint (memory.c)
- Compare saved 'vdso' field of mm_context with current value
Changelog[v13]:
- pgprot_t is an abstract type; use the proper accessor (fix for
64-bit powerpc (Nathan Lynch <ntl@pobox.com>)
- Avoid access to hh->vma_type after the header is freed (restart)
- Test for no vma's in exit_mmap() before calling unmap_vma() (or
it may crash if restart fails after having removed all vma's)
Changelog[v12]:
- Hide pgarr management inside ckpt_private_vma_fill_pgarr()
- Fix management of pgarr chain reset and alloc/expand: keep empty
pgarr in a pool chain
- Replace obsolete ckpt_debug() with pr_debug()
Changelog[v11]:
- Copy contents of 'init->fs->root' instead of pointing to them.
- Add missing test for VM_MAYSHARE when dumping memory
Changelog[v10]:
- Acquire dcache_lock around call to __d_path() in ckpt_fill_name()
Changelog[v9]:
- Introduce ckpt_ctx_checkpoint() for checkpoint-specific ctx setup
- Test if __d_path() changes mnt/dentry (when crossing filesystem
namespace boundary). for now ckpt_fill_fname() fails the checkpoint.
Changelog[v7]:
- Fix argument given to kunmap_atomic() in memory dump/restore
Changelog[v6]:
- Balance all calls to ckpt_hbuf_get() with matching ckpt_hbuf_put()
(even though it's not really needed)
Changelog[v5]:
- Improve memory dump code (following Dave Hansen's comments)
- Change dump format (and code) to allow chunks of <vaddrs, pages>
instead of one long list of each
- Fix use of follow_page() to avoid faulting in non-present pages
- Memory restore now maps user pages explicitly to copy data into them,
instead of reading directly to user space; got rid of mprotect_fixup()
Changelog[v4]:
- Use standard list_... for ckpt_pgarr
Cc: linux-mm@kvack.org
Cc: linux-fsdevel@vger.kernel.org
Signed-off-by: Oren Laadan <orenl@cs.columbia.edu>
Acked-by: Serge E. Hallyn <serue@us.ibm.com>
Tested-by: Serge E. Hallyn <serue@us.ibm.com>
---
arch/x86/include/asm/checkpoint_hdr.h | 9 +
arch/x86/include/asm/ldt.h | 7 +
arch/x86/kernel/checkpoint.c | 95 +++
fs/aio.c | 17 +
fs/exec.c | 2 +-
include/linux/aio.h | 2 +
include/linux/checkpoint.h | 34 +
include/linux/checkpoint_hdr.h | 62 ++
include/linux/checkpoint_types.h | 7 +
include/linux/mm.h | 19 +
kernel/checkpoint/checkpoint.c | 2 +
kernel/checkpoint/process.c | 15 +
kernel/checkpoint/restart.c | 3 +
kernel/checkpoint/sys.c | 9 +
mm/Makefile | 1 +
mm/checkpoint.c | 1226 +++++++++++++++++++++++++++++++++
mm/filemap.c | 45 ++
mm/mmap.c | 101 +++-
18 files changed, 1650 insertions(+), 6 deletions(-)
create mode 100644 mm/checkpoint.c
diff --git a/arch/x86/include/asm/checkpoint_hdr.h b/arch/x86/include/asm/checkpoint_hdr.h
index 6f600dd..292bf50 100644
--- a/arch/x86/include/asm/checkpoint_hdr.h
+++ b/arch/x86/include/asm/checkpoint_hdr.h
@@ -48,6 +48,8 @@
enum {
CKPT_HDR_CPU_FPU = 201,
#define CKPT_HDR_CPU_FPU CKPT_HDR_CPU_FPU
+ CKPT_HDR_MM_CONTEXT_LDT,
+#define CKPT_HDR_MM_CONTEXT_LDT CKPT_HDR_MM_CONTEXT_LDT
};
struct ckpt_hdr_header_arch {
@@ -115,4 +117,11 @@ struct ckpt_hdr_cpu {
#define CKPT_X86_SEG_TLS 0x4000 /* 0100 0000 0000 00xx */
#define CKPT_X86_SEG_LDT 0x8000 /* 100x xxxx xxxx xxxx */
+struct ckpt_hdr_mm_context {
+ struct ckpt_hdr h;
+ __u64 vdso;
+ __u32 ldt_entry_size;
+ __u32 nldt;
+} __attribute__((aligned(8)));
+
#endif /* __ASM_X86_CKPT_HDR__H */
diff --git a/arch/x86/include/asm/ldt.h b/arch/x86/include/asm/ldt.h
index 46727eb..f2845f9 100644
--- a/arch/x86/include/asm/ldt.h
+++ b/arch/x86/include/asm/ldt.h
@@ -37,4 +37,11 @@ struct user_desc {
#define MODIFY_LDT_CONTENTS_CODE 2
#endif /* !__ASSEMBLY__ */
+
+#ifdef __KERNEL__
+#include <linux/linkage.h>
+asmlinkage int sys_modify_ldt(int func, void __user *ptr,
+ unsigned long bytecount);
+#endif
+
#endif /* _ASM_X86_LDT_H */
diff --git a/arch/x86/kernel/checkpoint.c b/arch/x86/kernel/checkpoint.c
index 3976318..0258245 100644
--- a/arch/x86/kernel/checkpoint.c
+++ b/arch/x86/kernel/checkpoint.c
@@ -13,6 +13,7 @@
#include <asm/desc.h>
#include <asm/i387.h>
+#include <asm/elf.h>
#include <linux/checkpoint.h>
@@ -206,6 +207,37 @@ int checkpoint_write_header_arch(struct ckpt_ctx *ctx)
return ret;
}
+/* dump the mm->context state */
+int checkpoint_mm_context(struct ckpt_ctx *ctx, struct mm_struct *mm)
+{
+ struct ckpt_hdr_mm_context *h;
+ int ret;
+
+ h = ckpt_hdr_get_type(ctx, sizeof(*h), CKPT_HDR_MM_CONTEXT);
+ if (!h)
+ return -ENOMEM;
+
+ mutex_lock(&mm->context.lock);
+
+ h->vdso = (unsigned long) mm->context.vdso;
+ h->ldt_entry_size = LDT_ENTRY_SIZE;
+ h->nldt = mm->context.size;
+
+ ckpt_debug("nldt %d vdso %#llx\n", h->nldt, h->vdso);
+
+ ret = ckpt_write_obj(ctx, &h->h);
+ ckpt_hdr_put(ctx, h);
+ if (ret < 0)
+ goto out;
+
+ ret = ckpt_write_obj_type(ctx, mm->context.ldt,
+ mm->context.size * LDT_ENTRY_SIZE,
+ CKPT_HDR_MM_CONTEXT_LDT);
+ out:
+ mutex_unlock(&mm->context.lock);
+ return ret;
+}
+
/**************************************************************************
* Restart
*/
@@ -432,3 +464,66 @@ int restore_read_header_arch(struct ckpt_ctx *ctx)
ckpt_hdr_put(ctx, h);
return ret;
}
+
+int restore_mm_context(struct ckpt_ctx *ctx, struct mm_struct *mm)
+{
+ struct ckpt_hdr_mm_context *h;
+ unsigned int n;
+ int ret;
+
+ h = ckpt_read_obj_type(ctx, sizeof(*h), CKPT_HDR_MM_CONTEXT);
+ if (IS_ERR(h))
+ return PTR_ERR(h);
+
+ ckpt_debug("nldt %d vdso %#lx (%p)\n",
+ h->nldt, (unsigned long) h->vdso, mm->context.vdso);
+
+ ret = -EINVAL;
+ if (h->vdso != (unsigned long) mm->context.vdso)
+ goto out;
+ if (h->ldt_entry_size != LDT_ENTRY_SIZE)
+ goto out;
+
+ ret = _ckpt_read_obj_type(ctx, NULL,
+ h->nldt * LDT_ENTRY_SIZE,
+ CKPT_HDR_MM_CONTEXT_LDT);
+ if (ret < 0)
+ goto out;
+
+ /*
+ * to utilize the syscall modify_ldt() we first convert the data
+ * in the checkpoint image from 'struct desc_struct' to 'struct
+ * user_desc' with reverse logic of include/asm/desc.h:fill_ldt()
+ */
+ for (n = 0; n < h->nldt; n++) {
+ struct user_desc info;
+ struct desc_struct desc;
+ mm_segment_t old_fs;
+
+ ret = ckpt_kread(ctx, &desc, LDT_ENTRY_SIZE);
+ if (ret < 0)
+ break;
+
+ info.entry_number = n;
+ info.base_addr = desc.base0 | (desc.base1 << 16);
+ info.limit = desc.limit0;
+ info.seg_32bit = desc.d;
+ info.contents = desc.type >> 2;
+ info.read_exec_only = (desc.type >> 1) ^ 1;
+ info.limit_in_pages = desc.g;
+ info.seg_not_present = desc.p ^ 1;
+ info.useable = desc.avl;
+
+ old_fs = get_fs();
+ set_fs(get_ds());
+ ret = sys_modify_ldt(1, (struct user_desc __user *) &info,
+ sizeof(info));
+ set_fs(old_fs);
+
+ if (ret < 0)
+ break;
+ }
+ out:
+ ckpt_hdr_put(ctx, h);
+ return ret;
+}
diff --git a/fs/aio.c b/fs/aio.c
index 1cf12b3..b3e1532 100644
--- a/fs/aio.c
+++ b/fs/aio.c
@@ -1806,3 +1806,20 @@ SYSCALL_DEFINE5(io_getevents, aio_context_t, ctx_id,
asmlinkage_protect(5, ret, ctx_id, min_nr, nr, events, timeout);
return ret;
}
+
+int check_for_outstanding_aio(struct mm_struct *mm)
+{
+ struct kioctx *ctx;
+ struct hlist_node *n;
+ int ret = 0;
+
+ rcu_read_lock();
+ hlist_for_each_entry_rcu(ctx, n, &mm->ioctx_list, list) {
+ if (!ctx->dead) {
+ ret = -EBUSY;
+ break;
+ }
+ }
+ rcu_read_unlock();
+ return ret;
+}
diff --git a/fs/exec.c b/fs/exec.c
index 7bacb6a..06f93d8 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -769,7 +769,7 @@ ssize_t kernel_write(struct file *file, loff_t offset,
EXPORT_SYMBOL(kernel_write);
-static int exec_mmap(struct mm_struct *mm)
+int exec_mmap(struct mm_struct *mm)
{
struct task_struct *tsk;
struct mm_struct * old_mm, *active_mm;
diff --git a/include/linux/aio.h b/include/linux/aio.h
index 811dbb3..e0b1808 100644
--- a/include/linux/aio.h
+++ b/include/linux/aio.h
@@ -212,6 +212,7 @@ extern void kick_iocb(struct kiocb *iocb);
extern int aio_complete(struct kiocb *iocb, long res, long res2);
struct mm_struct;
extern void exit_aio(struct mm_struct *mm);
+extern int check_for_outstanding_aio(struct mm_struct *mm);
#else
static inline ssize_t wait_on_sync_kiocb(struct kiocb *iocb) { return 0; }
static inline int aio_put_req(struct kiocb *iocb) { return 0; }
@@ -219,6 +220,7 @@ static inline void kick_iocb(struct kiocb *iocb) { }
static inline int aio_complete(struct kiocb *iocb, long res, long res2) { return 0; }
struct mm_struct;
static inline void exit_aio(struct mm_struct *mm) { }
+static inline int check_for_outstanding_aio(struct mm_struct *mm) { return 0; }
#endif /* CONFIG_AIO */
static inline struct kiocb *list_kiocb(struct list_head *h)
diff --git a/include/linux/checkpoint.h b/include/linux/checkpoint.h
index f07209c..c9efeb3 100644
--- a/include/linux/checkpoint.h
+++ b/include/linux/checkpoint.h
@@ -83,6 +83,9 @@ extern int ckpt_read_consume(struct ckpt_ctx *ctx, int len, int type);
extern char *ckpt_fill_fname(struct path *path, struct path *root,
char *buf, int *len);
+extern int checkpoint_dump_page(struct ckpt_ctx *ctx, struct page *page);
+extern int restore_read_page(struct ckpt_ctx *ctx, struct page *page);
+
/* ckpt kflags */
#define ckpt_set_ctx_kflag(__ctx, __kflag) \
set_bit(__kflag##_BIT, &(__ctx)->kflags)
@@ -152,10 +155,12 @@ extern int restore_task(struct ckpt_ctx *ctx);
extern int checkpoint_write_header_arch(struct ckpt_ctx *ctx);
extern int checkpoint_thread(struct ckpt_ctx *ctx, struct task_struct *t);
extern int checkpoint_cpu(struct ckpt_ctx *ctx, struct task_struct *t);
+extern int checkpoint_mm_context(struct ckpt_ctx *ctx, struct mm_struct *mm);
extern int restore_read_header_arch(struct ckpt_ctx *ctx);
extern int restore_thread(struct ckpt_ctx *ctx);
extern int restore_cpu(struct ckpt_ctx *ctx);
+extern int restore_mm_context(struct ckpt_ctx *ctx, struct mm_struct *mm);
extern int checkpoint_restart_block(struct ckpt_ctx *ctx,
struct task_struct *t);
@@ -179,6 +184,33 @@ extern int checkpoint_file_common(struct ckpt_ctx *ctx, struct file *file,
extern int restore_file_common(struct ckpt_ctx *ctx, struct file *file,
struct ckpt_hdr_file *h);
+/* memory */
+extern void ckpt_pgarr_free(struct ckpt_ctx *ctx);
+
+extern int generic_vma_checkpoint(struct ckpt_ctx *ctx,
+ struct vm_area_struct *vma,
+ enum vma_type type,
+ int vma_objref);
+extern int private_vma_checkpoint(struct ckpt_ctx *ctx,
+ struct vm_area_struct *vma,
+ enum vma_type type,
+ int vma_objref);
+
+extern int checkpoint_obj_mm(struct ckpt_ctx *ctx, struct task_struct *t);
+extern int restore_obj_mm(struct ckpt_ctx *ctx, int mm_objref);
+
+extern int ckpt_collect_mm(struct ckpt_ctx *ctx, struct task_struct *t);
+
+extern int private_vma_restore(struct ckpt_ctx *ctx, struct mm_struct *mm,
+ struct file *file, struct ckpt_hdr_vma *h);
+
+
+#define CKPT_VMA_NOT_SUPPORTED \
+ (VM_SHARED | VM_MAYSHARE | VM_IO | VM_HUGETLB | \
+ VM_NONLINEAR | VM_PFNMAP | VM_RESERVED | VM_NORESERVE \
+ | VM_HUGETLB | VM_NONLINEAR | VM_MAPPED_COPY | \
+ VM_INSERTPAGE | VM_MIXEDMAP | VM_SAO)
+
static inline int ckpt_validate_errno(int errno)
{
return (errno >= 0) && (errno < MAX_ERRNO);
@@ -190,6 +222,8 @@ static inline int ckpt_validate_errno(int errno)
#define CKPT_DRW 0x4 /* image read/write */
#define CKPT_DOBJ 0x8 /* shared objects */
#define CKPT_DFILE 0x10 /* files and filesystem */
+#define CKPT_DMEM 0x20 /* memory state */
+#define CKPT_DPAGE 0x40 /* memory pages */
#define CKPT_DDEFAULT 0xffff /* default debug level */
diff --git a/include/linux/checkpoint_hdr.h b/include/linux/checkpoint_hdr.h
index ec3257a..f2c67ee 100644
--- a/include/linux/checkpoint_hdr.h
+++ b/include/linux/checkpoint_hdr.h
@@ -96,6 +96,15 @@ enum {
CKPT_HDR_FILE,
#define CKPT_HDR_FILE CKPT_HDR_FILE
+ CKPT_HDR_MM = 401,
+#define CKPT_HDR_MM CKPT_HDR_MM
+ CKPT_HDR_VMA,
+#define CKPT_HDR_VMA CKPT_HDR_VMA
+ CKPT_HDR_PGARR,
+#define CKPT_HDR_PGARR CKPT_HDR_PGARR
+ CKPT_HDR_MM_CONTEXT,
+#define CKPT_HDR_MM_CONTEXT CKPT_HDR_MM_CONTEXT
+
CKPT_HDR_TAIL = 9001,
#define CKPT_HDR_TAIL CKPT_HDR_TAIL
@@ -126,6 +135,8 @@ enum obj_type {
#define CKPT_OBJ_FILE_TABLE CKPT_OBJ_FILE_TABLE
CKPT_OBJ_FILE,
#define CKPT_OBJ_FILE CKPT_OBJ_FILE
+ CKPT_OBJ_MM,
+#define CKPT_OBJ_MM CKPT_OBJ_MM
CKPT_OBJ_MAX
#define CKPT_OBJ_MAX CKPT_OBJ_MAX
};
@@ -134,6 +145,8 @@ enum obj_type {
struct ckpt_const {
/* task */
__u16 task_comm_len;
+ /* mm */
+ __u16 at_vector_size;
/* uts */
__u16 uts_release_len;
__u16 uts_version_len;
@@ -212,6 +225,7 @@ struct ckpt_hdr_task {
struct ckpt_hdr_task_objs {
struct ckpt_hdr h;
__s32 files_objref;
+ __s32 mm_objref;
} __attribute__((aligned(8)));
/* restart blocks */
@@ -284,4 +298,52 @@ struct ckpt_hdr_file_generic {
struct ckpt_hdr_file common;
} __attribute__((aligned(8)));
+/* memory layout */
+struct ckpt_hdr_mm {
+ struct ckpt_hdr h;
+ __u32 map_count;
+ __s32 exe_objref;
+
+ __u64 def_flags;
+ __u64 flags;
+
+ __u64 start_code, end_code, start_data, end_data;
+ __u64 start_brk, brk, start_stack;
+ __u64 arg_start, arg_end, env_start, env_end;
+} __attribute__((aligned(8)));
+
+/* vma subtypes - index into restore_vma_dispatch[] */
+enum vma_type {
+ CKPT_VMA_IGNORE = 0,
+#define CKPT_VMA_IGNORE CKPT_VMA_IGNORE
+ CKPT_VMA_VDSO, /* special vdso vma */
+#define CKPT_VMA_VDSO CKPT_VMA_VDSO
+ CKPT_VMA_ANON, /* private anonymous */
+#define CKPT_VMA_ANON CKPT_VMA_ANON
+ CKPT_VMA_FILE, /* private mapped file */
+#define CKPT_VMA_FILE CKPT_VMA_FILE
+ CKPT_VMA_MAX
+#define CKPT_VMA_MAX CKPT_VMA_MAX
+};
+
+/* vma descriptor */
+struct ckpt_hdr_vma {
+ struct ckpt_hdr h;
+ __u32 vma_type;
+ __s32 vma_objref; /* objref of backing file */
+
+ __u64 vm_start;
+ __u64 vm_end;
+ __u64 vm_page_prot;
+ __u64 vm_flags;
+ __u64 vm_pgoff;
+} __attribute__((aligned(8)));
+
+/* page array */
+struct ckpt_hdr_pgarr {
+ struct ckpt_hdr h;
+ __u64 nr_pages; /* number of pages to saved */
+} __attribute__((aligned(8)));
+
+
#endif /* _CHECKPOINT_CKPT_HDR_H_ */
diff --git a/include/linux/checkpoint_types.h b/include/linux/checkpoint_types.h
index ce46a59..e150182 100644
--- a/include/linux/checkpoint_types.h
+++ b/include/linux/checkpoint_types.h
@@ -15,6 +15,8 @@
#include <linux/sched.h>
#include <linux/nsproxy.h>
#include <linux/list.h>
+#include <linux/sched.h>
+#include <linux/nsproxy.h>
#include <linux/path.h>
#include <linux/fs.h>
#include <linux/ktime.h>
@@ -52,6 +54,11 @@ struct ckpt_ctx {
int errno; /* errno that caused failure */
struct completion errno_sync; /* protect errno setting */
+ struct list_head pgarr_list; /* page array to dump VMA contents */
+ struct list_head pgarr_pool; /* pool of empty page arrays chain */
+
+ void *scratch_page; /* scratch buffer for page I/O */
+
/* [multi-process checkpoint] */
struct task_struct **tasks_arr; /* array of all tasks [checkpoint] */
int nr_tasks; /* size of tasks array */
diff --git a/include/linux/mm.h b/include/linux/mm.h
index 5e9ad0d..913c7fe 100644
--- a/include/linux/mm.h
+++ b/include/linux/mm.h
@@ -1287,9 +1287,13 @@ out:
}
extern int do_munmap(struct mm_struct *, unsigned long, size_t);
+extern int destroy_mm(struct mm_struct *);
extern unsigned long do_brk(unsigned long, unsigned long);
+/* fs/exec.c */
+extern int exec_mmap(struct mm_struct *mm);
+
/* filemap.c */
extern unsigned long page_unuse(struct page *);
extern void truncate_inode_pages(struct address_space *, loff_t);
@@ -1299,10 +1303,25 @@ extern void truncate_inode_pages_range(struct address_space *,
/* generic vm_area_ops exported for stackable file systems */
extern int filemap_fault(struct vm_area_struct *, struct vm_fault *);
+#ifdef CONFIG_CHECKPOINT
+/* generic vm_area_ops exported for mapped files checkpoint */
+extern int filemap_checkpoint(struct ckpt_ctx *, struct vm_area_struct *);
+#endif
+
/* mm/page-writeback.c */
int write_one_page(struct page *page, int wait);
void task_dirty_inc(struct task_struct *tsk);
+
+/* checkpoint/restart */
+#ifdef CONFIG_CHECKPOINT
+struct ckpt_hdr_vma;
+extern int filemap_restore(struct ckpt_ctx *ctx, struct mm_struct *mm,
+ struct ckpt_hdr_vma *hh);
+extern int special_mapping_restore(struct ckpt_ctx *ctx, struct mm_struct *mm,
+ struct ckpt_hdr_vma *hh);
+#endif
+
/* readahead.c */
#define VM_MAX_READAHEAD 128 /* kbytes */
#define VM_MIN_READAHEAD 16 /* kbytes (includes current page) */
diff --git a/kernel/checkpoint/checkpoint.c b/kernel/checkpoint/checkpoint.c
index a4f6854..0f83cca 100644
--- a/kernel/checkpoint/checkpoint.c
+++ b/kernel/checkpoint/checkpoint.c
@@ -111,6 +111,8 @@ static void fill_kernel_const(struct ckpt_const *h)
/* task */
h->task_comm_len = sizeof(tsk->comm);
+ /* mm->saved_auxv size */
+ h->at_vector_size = AT_VECTOR_SIZE;
/* uts */
h->uts_release_len = sizeof(uts->release);
h->uts_version_len = sizeof(uts->version);
diff --git a/kernel/checkpoint/process.c b/kernel/checkpoint/process.c
index 3880fa6..1ec5c6a 100644
--- a/kernel/checkpoint/process.c
+++ b/kernel/checkpoint/process.c
@@ -107,6 +107,7 @@ static int checkpoint_task_objs(struct ckpt_ctx *ctx, struct task_struct *t)
{
struct ckpt_hdr_task_objs *h;
int files_objref;
+ int mm_objref;
int ret;
files_objref = checkpoint_obj_file_table(ctx, t);
@@ -116,10 +117,18 @@ static int checkpoint_task_objs(struct ckpt_ctx *ctx, struct task_struct *t)
return files_objref;
}
+ mm_objref = checkpoint_obj_mm(ctx, t);
+ ckpt_debug("mm: objref %d\n", mm_objref);
+ if (mm_objref < 0) {
+ ckpt_err(ctx, mm_objref, "%(T)mm_struct\n");
+ return mm_objref;
+ }
+
h = ckpt_hdr_get_type(ctx, sizeof(*h), CKPT_HDR_TASK_OBJS);
if (!h)
return -ENOMEM;
h->files_objref = files_objref;
+ h->mm_objref = mm_objref;
ret = ckpt_write_obj(ctx, &h->h);
ckpt_hdr_put(ctx, h);
@@ -276,6 +285,9 @@ int ckpt_collect_task(struct ckpt_ctx *ctx, struct task_struct *t)
int ret;
ret = ckpt_collect_file_table(ctx, t);
+ if (ret < 0)
+ return ret;
+ ret = ckpt_collect_mm(ctx, t);
return ret;
}
@@ -359,6 +371,9 @@ static int restore_task_objs(struct ckpt_ctx *ctx)
ret = restore_obj_file_table(ctx, h->files_objref);
ckpt_debug("file_table: ret %d (%p)\n", ret, current->files);
+ ret = restore_obj_mm(ctx, h->mm_objref);
+ ckpt_debug("mm: ret %d (%p)\n", ret, current->mm);
+
ckpt_hdr_put(ctx, h);
return ret;
}
diff --git a/kernel/checkpoint/restart.c b/kernel/checkpoint/restart.c
index 437de4f..c0fe147 100644
--- a/kernel/checkpoint/restart.c
+++ b/kernel/checkpoint/restart.c
@@ -565,6 +565,9 @@ static int check_kernel_const(struct ckpt_const *h)
/* task */
if (h->task_comm_len != sizeof(tsk->comm))
return -EINVAL;
+ /* mm->saved_auxv size */
+ if (h->at_vector_size != AT_VECTOR_SIZE)
+ return -EINVAL;
/* uts */
if (h->uts_release_len != sizeof(uts->release))
return -EINVAL;
diff --git a/kernel/checkpoint/sys.c b/kernel/checkpoint/sys.c
index 0f4a74f..b258874 100644
--- a/kernel/checkpoint/sys.c
+++ b/kernel/checkpoint/sys.c
@@ -209,6 +209,7 @@ static void ckpt_ctx_free(struct ckpt_ctx *ctx)
ckpt_obj_hash_free(ctx);
path_put(&ctx->root_fs_path);
+ ckpt_pgarr_free(ctx);
if (ctx->tasks_arr)
task_arr_free(ctx);
@@ -220,6 +221,8 @@ static void ckpt_ctx_free(struct ckpt_ctx *ctx)
if (ctx->root_freezer)
put_task_struct(ctx->root_freezer);
+ free_page((unsigned long) ctx->scratch_page);
+
kfree(ctx->pids_arr);
kfree(ctx);
@@ -240,6 +243,8 @@ static struct ckpt_ctx *ckpt_ctx_alloc(int fd, unsigned long uflags,
ctx->ktime_begin = ktime_get();
atomic_set(&ctx->refcount, 0);
+ INIT_LIST_HEAD(&ctx->pgarr_list);
+ INIT_LIST_HEAD(&ctx->pgarr_pool);
init_waitqueue_head(&ctx->waitq);
init_completion(&ctx->complete);
@@ -271,6 +276,10 @@ static struct ckpt_ctx *ckpt_ctx_alloc(int fd, unsigned long uflags,
if (!ctx->files_deferq)
goto err;
+ ctx->scratch_page = (void *) __get_free_page(GFP_KERNEL);
+ if (!ctx->scratch_page)
+ goto err;
+
atomic_inc(&ctx->refcount);
return ctx;
err:
diff --git a/mm/Makefile b/mm/Makefile
index 6c2a73a..e779b69 100644
--- a/mm/Makefile
+++ b/mm/Makefile
@@ -38,6 +38,7 @@ obj-y += percpu.o
else
obj-y += percpu_up.o
endif
+obj-$(CONFIG_CHECKPOINT) += checkpoint.o
obj-$(CONFIG_QUICKLIST) += quicklist.o
obj-$(CONFIG_CGROUP_MEM_RES_CTLR) += memcontrol.o page_cgroup.o
obj-$(CONFIG_MEMORY_FAILURE) += memory-failure.o
diff --git a/mm/checkpoint.c b/mm/checkpoint.c
new file mode 100644
index 0000000..d53025b
--- /dev/null
+++ b/mm/checkpoint.c
@@ -0,0 +1,1226 @@
+/*
+ * Checkpoint/restart memory contents
+ *
+ * Copyright (C) 2008-2009 Oren Laadan
+ *
+ * This file is subject to the terms and conditions of the GNU General Public
+ * License. See the file COPYING in the main directory of the Linux
+ * distribution for more details.
+ */
+
+/* default debug level for output */
+#define CKPT_DFLAG CKPT_DMEM
+
+#include <linux/kernel.h>
+#include <linux/sched.h>
+#include <linux/slab.h>
+#include <linux/file.h>
+#include <linux/aio.h>
+#include <linux/err.h>
+#include <linux/mm.h>
+#include <linux/mman.h>
+#include <linux/pagemap.h>
+#include <linux/mm_types.h>
+#include <linux/proc_fs.h>
+#include <linux/checkpoint.h>
+
+/*
+ * page-array chains: each ckpt_pgarr describes a set of <struct page *,vaddr>
+ * tuples (where vaddr is the virtual address of a page in a particular mm).
+ * Specifically, we use separate arrays so that all vaddrs can be written
+ * and read at once.
+ */
+
+struct ckpt_pgarr {
+ unsigned long *vaddrs;
+ struct page **pages;
+ unsigned int nr_used;
+ struct list_head list;
+};
+
+#define CKPT_PGARR_TOTAL (PAGE_SIZE / sizeof(void *))
+#define CKPT_PGARR_BATCH (16 * CKPT_PGARR_TOTAL)
+
+static inline int pgarr_is_full(struct ckpt_pgarr *pgarr)
+{
+ return (pgarr->nr_used == CKPT_PGARR_TOTAL);
+}
+
+static inline int pgarr_nr_free(struct ckpt_pgarr *pgarr)
+{
+ return CKPT_PGARR_TOTAL - pgarr->nr_used;
+}
+
+/*
+ * utilities to alloc, free, and handle 'struct ckpt_pgarr' (page-arrays)
+ * (common to ckpt_mem.c and rstr_mem.c).
+ *
+ * The checkpoint context structure has two members for page-arrays:
+ * ctx->pgarr_list: list head of populated page-array chain
+ * ctx->pgarr_pool: list head of empty page-array pool chain
+ *
+ * During checkpoint (and restart) the chain tracks the dirty pages (page
+ * pointer and virtual address) of each MM. For a particular MM, these are
+ * always added to the head of the page-array chain (ctx->pgarr_list).
+ * Before the next chunk of pages, the chain is reset (by dereferencing
+ * all pages) but not freed; instead, empty descsriptors are kept in pool.
+ *
+ * The head of the chain page-array ("current") advances as necessary. When
+ * it gets full, a new page-array descriptor is pushed in front of it. The
+ * new descriptor is taken from first empty descriptor (if one exists, for
+ * instance, after a chain reset), or allocated on-demand.
+ *
+ * When dumping the data, the chain is traversed in reverse order.
+ */
+
+/* return first page-array in the chain */
+static inline struct ckpt_pgarr *pgarr_first(struct ckpt_ctx *ctx)
+{
+ if (list_empty(&ctx->pgarr_list))
+ return NULL;
+ return list_first_entry(&ctx->pgarr_list, struct ckpt_pgarr, list);
+}
+
+/* return (and detach) first empty page-array in the pool, if exists */
+static inline struct ckpt_pgarr *pgarr_from_pool(struct ckpt_ctx *ctx)
+{
+ struct ckpt_pgarr *pgarr;
+
+ if (list_empty(&ctx->pgarr_pool))
+ return NULL;
+ pgarr = list_first_entry(&ctx->pgarr_pool, struct ckpt_pgarr, list);
+ list_del(&pgarr->list);
+ return pgarr;
+}
+
+/* release pages referenced by a page-array */
+static void pgarr_release_pages(struct ckpt_pgarr *pgarr)
+{
+ ckpt_debug("total pages %d\n", pgarr->nr_used);
+ /*
+ * both checkpoint and restart use 'nr_used', however we only
+ * collect pages during checkpoint; in restart we simply return
+ * because pgarr->pages remains NULL.
+ */
+ if (pgarr->pages) {
+ struct page **pages = pgarr->pages;
+ int nr = pgarr->nr_used;
+
+ while (nr--)
+ page_cache_release(pages[nr]);
+ }
+
+ pgarr->nr_used = 0;
+}
+
+/* free a single page-array object */
+static void pgarr_free_one(struct ckpt_pgarr *pgarr)
+{
+ pgarr_release_pages(pgarr);
+ kfree(pgarr->pages);
+ kfree(pgarr->vaddrs);
+ kfree(pgarr);
+}
+
+/* free the chains of page-arrays (populated and empty pool) */
+void ckpt_pgarr_free(struct ckpt_ctx *ctx)
+{
+ struct ckpt_pgarr *pgarr, *tmp;
+
+ list_for_each_entry_safe(pgarr, tmp, &ctx->pgarr_list, list) {
+ list_del(&pgarr->list);
+ pgarr_free_one(pgarr);
+ }
+
+ list_for_each_entry_safe(pgarr, tmp, &ctx->pgarr_pool, list) {
+ list_del(&pgarr->list);
+ pgarr_free_one(pgarr);
+ }
+}
+
+/* allocate a single page-array object */
+static struct ckpt_pgarr *pgarr_alloc_one(unsigned long flags)
+{
+ struct ckpt_pgarr *pgarr;
+
+ pgarr = kzalloc(sizeof(*pgarr), GFP_KERNEL);
+ if (!pgarr)
+ return NULL;
+ pgarr->vaddrs = kmalloc(CKPT_PGARR_TOTAL * sizeof(unsigned long),
+ GFP_KERNEL);
+ if (!pgarr->vaddrs)
+ goto nomem;
+
+ /* pgarr->pages is needed only for checkpoint */
+ if (flags & CKPT_CTX_CHECKPOINT) {
+ pgarr->pages = kmalloc(CKPT_PGARR_TOTAL *
+ sizeof(struct page *), GFP_KERNEL);
+ if (!pgarr->pages)
+ goto nomem;
+ }
+
+ return pgarr;
+ nomem:
+ pgarr_free_one(pgarr);
+ return NULL;
+}
+
+/* pgarr_current - return the next available page-array in the chain
+ * @ctx: checkpoint context
+ *
+ * Returns the first page-array in the list that has space. Otherwise,
+ * try the next page-array after the last non-empty one, and move it to
+ * the front of the chain. Extends the list if none has space.
+ */
+static struct ckpt_pgarr *pgarr_current(struct ckpt_ctx *ctx)
+{
+ struct ckpt_pgarr *pgarr;
+
+ pgarr = pgarr_first(ctx);
+ if (pgarr && !pgarr_is_full(pgarr))
+ return pgarr;
+
+ pgarr = pgarr_from_pool(ctx);
+ if (!pgarr)
+ pgarr = pgarr_alloc_one(ctx->kflags);
+ if (!pgarr)
+ return NULL;
+
+ list_add(&pgarr->list, &ctx->pgarr_list);
+ return pgarr;
+}
+
+/* reset the page-array chain (dropping page references if necessary) */
+static void pgarr_reset_all(struct ckpt_ctx *ctx)
+{
+ struct ckpt_pgarr *pgarr;
+
+ list_for_each_entry(pgarr, &ctx->pgarr_list, list)
+ pgarr_release_pages(pgarr);
+ list_splice_init(&ctx->pgarr_list, &ctx->pgarr_pool);
+}
+
+/**************************************************************************
+ * Checkpoint
+ *
+ * Checkpoint is outside the context of the checkpointee, so one cannot
+ * simply read pages from user-space. Instead, we scan the address space
+ * of the target to cherry-pick pages of interest. Selected pages are
+ * enlisted in a page-array chain (attached to the checkpoint context).
+ * To save their contents, each page is mapped to kernel memory and then
+ * dumped to the file descriptor.
+ */
+
+/**
+ * consider_private_page - return page pointer for dirty pages
+ * @vma - target vma
+ * @addr - page address
+ *
+ * Looks up the page that correspond to the address in the vma, and
+ * returns the page if it was modified (and grabs a reference to it),
+ * or otherwise returns NULL (or error).
+ */
+static struct page *consider_private_page(struct vm_area_struct *vma,
+ unsigned long addr)
+{
+ return __get_dirty_page(vma, addr);
+}
+
+/**
+ * vma_fill_pgarr - fill a page-array with addr/page tuples
+ * @ctx - checkpoint context
+ * @vma - vma to scan
+ * @start - start address (updated)
+ *
+ * Returns the number of pages collected
+ */
+static int vma_fill_pgarr(struct ckpt_ctx *ctx,
+ struct vm_area_struct *vma,
+ unsigned long *start)
+{
+ unsigned long end = vma->vm_end;
+ unsigned long addr = *start;
+ struct ckpt_pgarr *pgarr;
+ int nr_used;
+ int cnt = 0;
+
+ BUG_ON(vma->vm_flags & (VM_SHARED | VM_MAYSHARE));
+
+ if (vma)
+ down_read(&vma->vm_mm->mmap_sem);
+ do {
+ pgarr = pgarr_current(ctx);
+ if (!pgarr) {
+ cnt = -ENOMEM;
+ goto out;
+ }
+
+ nr_used = pgarr->nr_used;
+
+ while (addr < end) {
+ struct page *page;
+
+ page = consider_private_page(vma, addr);
+ if (IS_ERR(page)) {
+ cnt = PTR_ERR(page);
+ goto out;
+ }
+
+ if (page) {
+ _ckpt_debug(CKPT_DPAGE,
+ "got page %#lx\n", addr);
+ pgarr->pages[pgarr->nr_used] = page;
+ pgarr->vaddrs[pgarr->nr_used] = addr;
+ pgarr->nr_used++;
+ }
+
+ addr += PAGE_SIZE;
+
+ if (pgarr_is_full(pgarr))
+ break;
+ }
+
+ cnt += pgarr->nr_used - nr_used;
+
+ } while ((cnt < CKPT_PGARR_BATCH) && (addr < end));
+ out:
+ if (vma)
+ up_read(&vma->vm_mm->mmap_sem);
+ *start = addr;
+ return cnt;
+}
+
+/* dump contents of a pages: use kmap_atomic() to avoid TLB flush */
+int checkpoint_dump_page(struct ckpt_ctx *ctx, struct page *page)
+{
+ void *ptr;
+
+ ptr = kmap_atomic(page, KM_USER1);
+ memcpy(ctx->scratch_page, ptr, PAGE_SIZE);
+ kunmap_atomic(ptr, KM_USER1);
+
+ return ckpt_kwrite(ctx, ctx->scratch_page, PAGE_SIZE);
+}
+
+/**
+ * vma_dump_pages - dump pages listed in the ctx page-array chain
+ * @ctx - checkpoint context
+ * @total - total number of pages
+ *
+ * First dump all virtual addresses, followed by the contents of all pages
+ */
+static int vma_dump_pages(struct ckpt_ctx *ctx, int total)
+{
+ struct ckpt_pgarr *pgarr;
+ int i, ret = 0;
+
+ if (!total)
+ return 0;
+
+ i = total * (sizeof(unsigned long) + PAGE_SIZE);
+ ret = ckpt_write_obj_type(ctx, NULL, i, CKPT_HDR_BUFFER);
+ if (ret < 0)
+ return ret;
+
+ list_for_each_entry_reverse(pgarr, &ctx->pgarr_list, list) {
+ ret = ckpt_kwrite(ctx, pgarr->vaddrs,
+ pgarr->nr_used * sizeof(unsigned long));
+ if (ret < 0)
+ return ret;
+ }
+
+ list_for_each_entry_reverse(pgarr, &ctx->pgarr_list, list) {
+ for (i = 0; i < pgarr->nr_used; i++) {
+ ret = checkpoint_dump_page(ctx, pgarr->pages[i]);
+ if (ret < 0)
+ return ret;
+ }
+ }
+
+ return ret;
+}
+
+/**
+ * checkpoint_memory_contents - dump contents of a VMA with private memory
+ * @ctx - checkpoint context
+ * @vma - vma to scan
+ *
+ * Collect lists of pages that needs to be dumped, and corresponding
+ * virtual addresses into ctx->pgarr_list page-array chain. Then dump
+ * the addresses, followed by the page contents.
+ */
+static int checkpoint_memory_contents(struct ckpt_ctx *ctx,
+ struct vm_area_struct *vma)
+{
+ struct ckpt_hdr_pgarr *h;
+ unsigned long addr, end;
+ int cnt, ret;
+
+ addr = vma->vm_start;
+ end = vma->vm_end;
+
+ /*
+ * Work iteratively, collecting and dumping at most CKPT_PGARR_BATCH
+ * in each round. Each iterations is divided into two steps:
+ *
+ * (1) scan: scan through the PTEs of the vma to collect the pages
+ * to dump (later we'll also make them COW), while keeping a list
+ * of pages and their corresponding addresses on ctx->pgarr_list.
+ *
+ * (2) dump: write out a header specifying how many pages, followed
+ * by the addresses of all pages in ctx->pgarr_list, followed by
+ * the actual contents of all pages. (Then, release the references
+ * to the pages and reset the page-array chain).
+ *
+ * (This split makes the logic simpler by first counting the pages
+ * that need saving. More importantly, it allows for a future
+ * optimization that will reduce application downtime by deferring
+ * the actual write-out of the data to after the application is
+ * allowed to resume execution).
+ *
+ * After dumping the entire contents, conclude with a header that
+ * specifies 0 pages to mark the end of the contents.
+ */
+
+ while (addr < end) {
+ cnt = vma_fill_pgarr(ctx, vma, &addr);
+ if (cnt == 0)
+ break;
+ else if (cnt < 0)
+ return cnt;
+
+ ckpt_debug("collected %d pages\n", cnt);
+
+ h = ckpt_hdr_get_type(ctx, sizeof(*h), CKPT_HDR_PGARR);
+ if (!h)
+ return -ENOMEM;
+
+ h->nr_pages = cnt;
+ ret = ckpt_write_obj(ctx, &h->h);
+ ckpt_hdr_put(ctx, h);
+ if (ret < 0)
+ return ret;
+
+ ret = vma_dump_pages(ctx, cnt);
+ if (ret < 0)
+ return ret;
+
+ pgarr_reset_all(ctx);
+ }
+
+ /* mark end of contents with header saying "0" pages */
+ h = ckpt_hdr_get_type(ctx, sizeof(*h), CKPT_HDR_PGARR);
+ if (!h)
+ return -ENOMEM;
+ h->nr_pages = 0;
+ ret = ckpt_write_obj(ctx, &h->h);
+ ckpt_hdr_put(ctx, h);
+
+ return ret;
+}
+
+/**
+ * generic_vma_checkpoint - dump metadata of vma
+ * @ctx: checkpoint context
+ * @vma: vma object
+ * @type: vma type
+ * @vma_objref: vma objref
+ */
+int generic_vma_checkpoint(struct ckpt_ctx *ctx, struct vm_area_struct *vma,
+ enum vma_type type, int vma_objref)
+{
+ struct ckpt_hdr_vma *h;
+ int ret;
+
+ ckpt_debug("vma %#lx-%#lx flags %#lx type %d\n",
+ vma->vm_start, vma->vm_end, vma->vm_flags, type);
+
+ h = ckpt_hdr_get_type(ctx, sizeof(*h), CKPT_HDR_VMA);
+ if (!h)
+ return -ENOMEM;
+
+ h->vma_type = type;
+ h->vma_objref = vma_objref;
+ h->vm_start = vma->vm_start;
+ h->vm_end = vma->vm_end;
+ h->vm_page_prot = pgprot_val(vma->vm_page_prot);
+ h->vm_flags = vma->vm_flags;
+ h->vm_pgoff = vma->vm_pgoff;
+
+ ret = ckpt_write_obj(ctx, &h->h);
+ ckpt_hdr_put(ctx, h);
+
+ return ret;
+}
+
+/**
+ * private_vma_checkpoint - dump contents of private (anon, file) vma
+ * @ctx: checkpoint context
+ * @vma: vma object
+ * @type: vma type
+ * @vma_objref: vma objref
+ */
+int private_vma_checkpoint(struct ckpt_ctx *ctx,
+ struct vm_area_struct *vma,
+ enum vma_type type, int vma_objref)
+{
+ int ret;
+
+ BUG_ON(vma->vm_flags & (VM_SHARED | VM_MAYSHARE));
+
+ ret = generic_vma_checkpoint(ctx, vma, type, vma_objref);
+ if (ret < 0)
+ goto out;
+ ret = checkpoint_memory_contents(ctx, vma);
+ out:
+ return ret;
+}
+
+/**
+ * anonymous_checkpoint - dump contents of private-anonymous vma
+ * @ctx: checkpoint context
+ * @vma: vma object
+ */
+static int anonymous_checkpoint(struct ckpt_ctx *ctx,
+ struct vm_area_struct *vma)
+{
+ /* should be private anonymous ... verify that this is the case */
+ BUG_ON(vma->vm_flags & VM_MAYSHARE);
+ BUG_ON(vma->vm_file);
+
+ return private_vma_checkpoint(ctx, vma, CKPT_VMA_ANON, 0);
+}
+
+static int checkpoint_vmas(struct ckpt_ctx *ctx, struct mm_struct *mm)
+{
+ struct vm_area_struct *vma, *next;
+ int map_count = 0;
+ int ret = 0;
+
+ vma = kzalloc(sizeof(*vma), GFP_KERNEL);
+ if (!vma)
+ return -ENOMEM;
+
+ /*
+ * Must not hold mm->mmap_sem when writing to image file, so
+ * can't simply traverse the vma list. Instead, use find_vma()
+ * to get the @next and make a local "copy" of it.
+ */
+ while (1) {
+ down_read(&mm->mmap_sem);
+ next = find_vma(mm, vma->vm_end);
+ if (!next) {
+ up_read(&mm->mmap_sem);
+ break;
+ }
+ if (vma->vm_file)
+ fput(vma->vm_file);
+ *vma = *next;
+ if (vma->vm_file)
+ get_file(vma->vm_file);
+ up_read(&mm->mmap_sem);
+
+ map_count++;
+
+ ckpt_debug("vma %#lx-%#lx flags %#lx\n",
+ vma->vm_start, vma->vm_end, vma->vm_flags);
+
+ if (vma->vm_flags & CKPT_VMA_NOT_SUPPORTED) {
+ ckpt_err(ctx, -ENOSYS, "%(T)vma: bad flags (%#lx)\n",
+ vma->vm_flags);
+ ret = -ENOSYS;
+ break;
+ }
+
+ if (!vma->vm_ops)
+ ret = anonymous_checkpoint(ctx, vma);
+ else if (vma->vm_ops->checkpoint)
+ ret = (*vma->vm_ops->checkpoint)(ctx, vma);
+ else
+ ret = -ENOSYS;
+ if (ret < 0) {
+ ckpt_err(ctx, ret, "%(T)vma: failed\n");
+ break;
+ }
+ /*
+ * The file was collected, but not always checkpointed;
+ * be safe and mark as visited to appease leak detection
+ */
+ if (vma->vm_file && !(ctx->uflags & CHECKPOINT_SUBTREE)) {
+ ret = ckpt_obj_visit(ctx, vma->vm_file, CKPT_OBJ_FILE);
+ if (ret < 0)
+ break;
+ }
+ }
+
+ if (vma->vm_file)
+ fput(vma->vm_file);
+
+ kfree(vma);
+
+ return ret < 0 ? ret : map_count;
+}
+
+#define CKPT_AT_SZ (AT_VECTOR_SIZE * sizeof(u64))
+/*
+ * We always write saved_auxv out as an array of u64s, though it is
+ * an array of u32s on 32-bit arch.
+ */
+static int ckpt_write_auxv(struct ckpt_ctx *ctx, struct mm_struct *mm)
+{
+ int i, ret;
+ u64 *buf = kzalloc(CKPT_AT_SZ, GFP_KERNEL);
+
+ if (!buf)
+ return -ENOMEM;
+ for (i = 0; i < AT_VECTOR_SIZE; i++)
+ buf[i] = mm->saved_auxv[i];
+ ret = ckpt_write_buffer(ctx, buf, CKPT_AT_SZ);
+ kfree(buf);
+ return ret;
+}
+
+static int checkpoint_mm(struct ckpt_ctx *ctx, void *ptr)
+{
+ struct mm_struct *mm = ptr;
+ struct ckpt_hdr_mm *h;
+ struct file *exe_file = NULL;
+ int ret;
+
+ if (check_for_outstanding_aio(mm)) {
+ ckpt_err(ctx, -EBUSY, "(%T)Outstanding aio\n");
+ return -EBUSY;
+ }
+
+ h = ckpt_hdr_get_type(ctx, sizeof(*h), CKPT_HDR_MM);
+ if (!h)
+ return -ENOMEM;
+
+ down_read(&mm->mmap_sem);
+
+ h->flags = mm->flags;
+ h->def_flags = mm->def_flags;
+
+ h->start_code = mm->start_code;
+ h->end_code = mm->end_code;
+ h->start_data = mm->start_data;
+ h->end_data = mm->end_data;
+ h->start_brk = mm->start_brk;
+ h->brk = mm->brk;
+ h->start_stack = mm->start_stack;
+ h->arg_start = mm->arg_start;
+ h->arg_end = mm->arg_end;
+ h->env_start = mm->env_start;
+ h->env_end = mm->env_end;
+
+ h->map_count = mm->map_count;
+
+ if (mm->exe_file) { /* checkpoint the ->exe_file */
+ exe_file = mm->exe_file;
+ get_file(exe_file);
+ }
+
+ /*
+ * Drop mm->mmap_sem before writing data to checkpoint image
+ * to avoid reverse locking order (inode must come before mm).
+ */
+ up_read(&mm->mmap_sem);
+
+ if (exe_file) {
+ h->exe_objref = checkpoint_obj(ctx, exe_file, CKPT_OBJ_FILE);
+ if (h->exe_objref < 0) {
+ ret = h->exe_objref;
+ goto out;
+ }
+ }
+
+ ret = ckpt_write_obj(ctx, &h->h);
+ if (ret < 0)
+ goto out;
+
+ ret = ckpt_write_auxv(ctx, mm);
+ if (ret < 0)
+ return ret;
+
+ ret = checkpoint_vmas(ctx, mm);
+ if (ret != h->map_count && ret >= 0)
+ ret = -EBUSY; /* checkpoint mm leak */
+ if (ret < 0)
+ goto out;
+
+ ret = checkpoint_mm_context(ctx, mm);
+ out:
+ if (exe_file)
+ fput(exe_file);
+ ckpt_hdr_put(ctx, h);
+ return ret;
+}
+
+int checkpoint_obj_mm(struct ckpt_ctx *ctx, struct task_struct *t)
+{
+ struct mm_struct *mm;
+ int objref;
+
+ mm = get_task_mm(t);
+ objref = checkpoint_obj(ctx, mm, CKPT_OBJ_MM);
+ mmput(mm);
+
+ return objref;
+}
+
+/***********************************************************************
+ * Collect
+ */
+
+static int collect_mm(struct ckpt_ctx *ctx, struct mm_struct *mm)
+{
+ struct vm_area_struct *vma;
+ struct file *file;
+ int ret;
+
+ /* if already exists (ret == 0), nothing to do */
+ ret = ckpt_obj_collect(ctx, mm, CKPT_OBJ_MM);
+ if (ret <= 0)
+ return ret;
+
+ /* if first time for this mm (ret > 0), proceed inside */
+ down_read(&mm->mmap_sem);
+ if (mm->exe_file) {
+ ret = ckpt_collect_file(ctx, mm->exe_file);
+ if (ret < 0) {
+ ckpt_err(ctx, ret, "%(T)mm: collect exe_file\n");
+ goto out;
+ }
+ }
+ for (vma = mm->mmap; vma; vma = vma->vm_next) {
+ file = vma->vm_file;
+ if (!file)
+ continue;
+ ret = ckpt_collect_file(ctx, file);
+ if (ret < 0) {
+ ckpt_err(ctx, ret, "%(T)mm: collect vm_file\n");
+ break;
+ }
+ }
+ out:
+ up_read(&mm->mmap_sem);
+ return ret;
+
+}
+
+int ckpt_collect_mm(struct ckpt_ctx *ctx, struct task_struct *t)
+{
+ struct mm_struct *mm;
+ int ret;
+
+ mm = get_task_mm(t);
+ ret = collect_mm(ctx, mm);
+ mmput(mm);
+
+ return ret;
+}
+
+/***********************************************************************
+ * Restart
+ *
+ * Unlike checkpoint, restart is executed in the context of each restarting
+ * process: vma regions are restored via a call to mmap(), and the data is
+ * read into the address space of the current process.
+ */
+
+/**
+ * read_pages_vaddrs - read addresses of pages to page-array chain
+ * @ctx - restart context
+ * @nr_pages - number of address to read
+ */
+static int read_pages_vaddrs(struct ckpt_ctx *ctx, unsigned long nr_pages)
+{
+ struct ckpt_pgarr *pgarr;
+ unsigned long *vaddrp;
+ int nr, ret;
+
+ while (nr_pages) {
+ pgarr = pgarr_current(ctx);
+ if (!pgarr)
+ return -ENOMEM;
+ nr = pgarr_nr_free(pgarr);
+ if (nr > nr_pages)
+ nr = nr_pages;
+ vaddrp = &pgarr->vaddrs[pgarr->nr_used];
+ ret = ckpt_kread(ctx, vaddrp, nr * sizeof(unsigned long));
+ if (ret < 0)
+ return ret;
+ pgarr->nr_used += nr;
+ nr_pages -= nr;
+ }
+ return 0;
+}
+
+int restore_read_page(struct ckpt_ctx *ctx, struct page *page)
+{
+ void *ptr;
+ int ret;
+
+ ret = ckpt_kread(ctx, ctx->scratch_page, PAGE_SIZE);
+ if (ret < 0)
+ return ret;
+
+ ptr = kmap_atomic(page, KM_USER1);
+ memcpy(ptr, ctx->scratch_page, PAGE_SIZE);
+ kunmap_atomic(ptr, KM_USER1);
+
+ return 0;
+}
+
+/**
+ * read_pages_contents - read in data of pages in page-array chain
+ * @ctx - restart context
+ */
+static int read_pages_contents(struct ckpt_ctx *ctx)
+{
+ struct mm_struct *mm = current->mm;
+ struct ckpt_pgarr *pgarr;
+ unsigned long *vaddrs;
+ int i, ret = 0;
+
+ list_for_each_entry_reverse(pgarr, &ctx->pgarr_list, list) {
+ vaddrs = pgarr->vaddrs;
+ for (i = 0; i < pgarr->nr_used; i++) {
+ struct page *page;
+
+ /* TODO: do in chunks to reduce mmap_sem overhead */
+ _ckpt_debug(CKPT_DPAGE, "got page %#lx\n", vaddrs[i]);
+ down_read(¤t->mm->mmap_sem);
+ ret = get_user_pages(current, mm, vaddrs[i],
+ 1, 1, 1, &page, NULL);
+ up_read(¤t->mm->mmap_sem);
+ if (ret < 0)
+ return ret;
+
+ ret = restore_read_page(ctx, page);
+ page_cache_release(page);
+
+ if (ret < 0)
+ return ret;
+ }
+ }
+ return ret;
+}
+
+/**
+ * restore_memory_contents - restore contents of a VMA with private memory
+ * @ctx - restart context
+ *
+ * Reads a header that specifies how many pages will follow, then reads
+ * a list of virtual addresses into ctx->pgarr_list page-array chain,
+ * followed by the actual contents of the corresponding pages. Iterates
+ * these steps until reaching a header specifying "0" pages, which marks
+ * the end of the contents.
+ */
+static int restore_memory_contents(struct ckpt_ctx *ctx)
+{
+ struct ckpt_hdr_pgarr *h;
+ unsigned long nr_pages;
+ int len, ret = 0;
+
+ while (1) {
+ h = ckpt_read_obj_type(ctx, sizeof(*h), CKPT_HDR_PGARR);
+ if (IS_ERR(h))
+ break;
+
+ ckpt_debug("total pages %ld\n", (unsigned long) h->nr_pages);
+
+ nr_pages = h->nr_pages;
+ ckpt_hdr_put(ctx, h);
+
+ if (!nr_pages)
+ break;
+
+ len = nr_pages * (sizeof(unsigned long) + PAGE_SIZE);
+ ret = _ckpt_read_buffer(ctx, NULL, len);
+ if (ret < 0)
+ break;
+
+ ret = read_pages_vaddrs(ctx, nr_pages);
+ if (ret < 0)
+ break;
+ ret = read_pages_contents(ctx);
+ if (ret < 0)
+ break;
+ pgarr_reset_all(ctx);
+ }
+
+ return ret;
+}
+
+/**
+ * calc_map_prot_bits - convert vm_flags to mmap protection
+ * orig_vm_flags: source vm_flags
+ */
+static unsigned long calc_map_prot_bits(unsigned long orig_vm_flags)
+{
+ unsigned long vm_prot = 0;
+
+ if (orig_vm_flags & VM_READ)
+ vm_prot |= PROT_READ;
+ if (orig_vm_flags & VM_WRITE)
+ vm_prot |= PROT_WRITE;
+ if (orig_vm_flags & VM_EXEC)
+ vm_prot |= PROT_EXEC;
+ if (orig_vm_flags & PROT_SEM) /* only (?) with IPC-SHM */
+ vm_prot |= PROT_SEM;
+
+ return vm_prot;
+}
+
+/**
+ * calc_map_flags_bits - convert vm_flags to mmap flags
+ * orig_vm_flags: source vm_flags
+ */
+static unsigned long calc_map_flags_bits(unsigned long orig_vm_flags)
+{
+ unsigned long vm_flags = 0;
+
+ vm_flags = MAP_FIXED;
+ if (orig_vm_flags & VM_GROWSDOWN)
+ vm_flags |= MAP_GROWSDOWN;
+ if (orig_vm_flags & VM_DENYWRITE)
+ vm_flags |= MAP_DENYWRITE;
+ if (orig_vm_flags & VM_EXECUTABLE)
+ vm_flags |= MAP_EXECUTABLE;
+ if (orig_vm_flags & VM_MAYSHARE)
+ vm_flags |= MAP_SHARED;
+ else
+ vm_flags |= MAP_PRIVATE;
+
+ return vm_flags;
+}
+
+/**
+ * generic_vma_restore - restore a vma
+ * @mm - address space
+ * @file - file to map (NULL for anonymous)
+ * @h - vma header data
+ */
+static unsigned long generic_vma_restore(struct mm_struct *mm,
+ struct file *file,
+ struct ckpt_hdr_vma *h)
+{
+ unsigned long vm_size, vm_start, vm_flags, vm_prot, vm_pgoff;
+ unsigned long addr;
+
+ if (h->vm_end < h->vm_start)
+ return -EINVAL;
+ if (h->vma_objref < 0)
+ return -EINVAL;
+
+ vm_start = h->vm_start;
+ vm_pgoff = h->vm_pgoff;
+ vm_size = h->vm_end - h->vm_start;
+ vm_prot = calc_map_prot_bits(h->vm_flags);
+ vm_flags = calc_map_flags_bits(h->vm_flags);
+
+ down_write(&mm->mmap_sem);
+ addr = do_mmap_pgoff(file, vm_start, vm_size,
+ vm_prot, vm_flags, vm_pgoff);
+ up_write(&mm->mmap_sem);
+ ckpt_debug("size %#lx prot %#lx flag %#lx pgoff %#lx => %#lx\n",
+ vm_size, vm_prot, vm_flags, vm_pgoff, addr);
+
+ return addr;
+}
+
+/**
+ * private_vma_restore - read vma data, recreate it and read contents
+ * @ctx: checkpoint context
+ * @mm: memory address space
+ * @file: file to use for mapping
+ * @h - vma header data
+ */
+int private_vma_restore(struct ckpt_ctx *ctx, struct mm_struct *mm,
+ struct file *file, struct ckpt_hdr_vma *h)
+{
+ unsigned long addr;
+
+ if (h->vm_flags & (VM_SHARED | VM_MAYSHARE))
+ return -EINVAL;
+
+ addr = generic_vma_restore(mm, file, h);
+ if (IS_ERR((void *) addr))
+ return PTR_ERR((void *) addr);
+
+ return restore_memory_contents(ctx);
+}
+
+/**
+ * anon_private_restore - read vma data, recreate it and read contents
+ * @ctx: checkpoint context
+ * @mm: memory address space
+ * @h - vma header data
+ */
+static int anon_private_restore(struct ckpt_ctx *ctx,
+ struct mm_struct *mm,
+ struct ckpt_hdr_vma *h)
+{
+ /*
+ * vm_pgoff for anonymous mapping is the "global" page
+ * offset (namely from addr 0x0), so we force a zero
+ */
+ h->vm_pgoff = 0;
+
+ return private_vma_restore(ctx, mm, NULL, h);
+}
+
+/* callbacks to restore vma per its type: */
+struct restore_vma_ops {
+ char *vma_name;
+ enum vma_type vma_type;
+ int (*restore) (struct ckpt_ctx *ctx,
+ struct mm_struct *mm,
+ struct ckpt_hdr_vma *ptr);
+};
+
+static struct restore_vma_ops restore_vma_ops[] = {
+ /* ignored vma */
+ {
+ .vma_name = "IGNORE",
+ .vma_type = CKPT_VMA_IGNORE,
+ .restore = NULL,
+ },
+ /* special mapping (vdso) */
+ {
+ .vma_name = "VDSO",
+ .vma_type = CKPT_VMA_VDSO,
+ .restore = special_mapping_restore,
+ },
+ /* anonymous private */
+ {
+ .vma_name = "ANON PRIVATE",
+ .vma_type = CKPT_VMA_ANON,
+ .restore = anon_private_restore,
+ },
+ /* file-mapped private */
+ {
+ .vma_name = "FILE PRIVATE",
+ .vma_type = CKPT_VMA_FILE,
+ .restore = filemap_restore,
+ },
+};
+
+/**
+ * restore_vma - read vma data, recreate it and read contents
+ * @ctx: checkpoint context
+ * @mm: memory address space
+ */
+static int restore_vma(struct ckpt_ctx *ctx, struct mm_struct *mm)
+{
+ struct ckpt_hdr_vma *h;
+ struct restore_vma_ops *ops;
+ int ret;
+
+ h = ckpt_read_obj_type(ctx, sizeof(*h), CKPT_HDR_VMA);
+ if (IS_ERR(h))
+ return PTR_ERR(h);
+
+ ckpt_debug("vma %#lx-%#lx flags %#lx type %d vmaref %d\n",
+ (unsigned long) h->vm_start, (unsigned long) h->vm_end,
+ (unsigned long) h->vm_flags, (int) h->vma_type,
+ (int) h->vma_objref);
+
+ ret = -EINVAL;
+ if (h->vm_end < h->vm_start)
+ goto out;
+ if (h->vma_objref < 0)
+ goto out;
+ if (h->vma_type >= CKPT_VMA_MAX)
+ goto out;
+ if (h->vm_flags & CKPT_VMA_NOT_SUPPORTED)
+ return -ENOSYS;
+
+ ops = &restore_vma_ops[h->vma_type];
+
+ /* make sure we don't change this accidentally */
+ BUG_ON(ops->vma_type != h->vma_type);
+
+ if (ops->restore) {
+ ckpt_debug("vma type %s\n", ops->vma_name);
+ ret = ops->restore(ctx, mm, h);
+ } else {
+ ckpt_debug("vma ignored\n");
+ ret = 0;
+ }
+ out:
+ ckpt_hdr_put(ctx, h);
+ return ret;
+}
+
+static int ckpt_read_auxv(struct ckpt_ctx *ctx, struct mm_struct *mm)
+{
+ int i, ret;
+ u64 *buf = kmalloc(CKPT_AT_SZ, GFP_KERNEL);
+
+ if (!buf)
+ return -ENOMEM;
+ ret = _ckpt_read_buffer(ctx, buf, CKPT_AT_SZ);
+ if (ret < 0)
+ goto out;
+
+ ret = -E2BIG;
+ for (i = 0; i < AT_VECTOR_SIZE; i++)
+ if (buf[i] > (u64) ULONG_MAX)
+ goto out;
+
+ for (i = 0; i < AT_VECTOR_SIZE - 1; i++)
+ mm->saved_auxv[i] = buf[i];
+ /* sanitize the input: force AT_NULL in last entry */
+ mm->saved_auxv[AT_VECTOR_SIZE - 1] = AT_NULL;
+
+ ret = 0;
+ out:
+ kfree(buf);
+ return ret;
+}
+
+static void *restore_mm(struct ckpt_ctx *ctx)
+{
+ struct ckpt_hdr_mm *h;
+ struct mm_struct *mm = NULL;
+ struct file *file;
+ unsigned int nr;
+ int ret;
+
+ h = ckpt_read_obj_type(ctx, sizeof(*h), CKPT_HDR_MM);
+ if (IS_ERR(h))
+ return (void *) h;
+
+ ckpt_debug("map_count %d\n", h->map_count);
+
+ /* XXX need more sanity checks */
+
+ ret = -EINVAL;
+ if ((h->start_code > h->end_code) ||
+ (h->start_data > h->end_data))
+ goto out;
+ if (h->exe_objref < 0)
+ goto out;
+ if (h->def_flags & ~VM_LOCKED)
+ goto out;
+ if (h->flags & ~(MMF_DUMP_FILTER_MASK |
+ ((1 << MMF_DUMP_FILTER_BITS) - 1)))
+ goto out;
+
+ mm = current->mm;
+
+ /* point of no return -- destruct current mm */
+ down_write(&mm->mmap_sem);
+ ret = destroy_mm(mm);
+ if (ret < 0) {
+ up_write(&mm->mmap_sem);
+ goto out;
+ }
+
+ mm->flags = h->flags;
+ mm->def_flags = h->def_flags;
+
+ mm->start_code = h->start_code;
+ mm->end_code = h->end_code;
+ mm->start_data = h->start_data;
+ mm->end_data = h->end_data;
+ mm->start_brk = h->start_brk;
+ mm->brk = h->brk;
+ mm->start_stack = h->start_stack;
+ mm->arg_start = h->arg_start;
+ mm->arg_end = h->arg_end;
+ mm->env_start = h->env_start;
+ mm->env_end = h->env_end;
+
+ /* restore the ->exe_file */
+ if (h->exe_objref) {
+ file = ckpt_obj_fetch(ctx, h->exe_objref, CKPT_OBJ_FILE);
+ if (IS_ERR(file)) {
+ up_write(&mm->mmap_sem);
+ ret = PTR_ERR(file);
+ goto out;
+ }
+ set_mm_exe_file(mm, file);
+ }
+ up_write(&mm->mmap_sem);
+
+ ret = ckpt_read_auxv(ctx, mm);
+ if (ret < 0) {
+ ckpt_err(ctx, ret, "Error restoring auxv\n");
+ goto out;
+ }
+
+ for (nr = h->map_count; nr; nr--) {
+ ret = restore_vma(ctx, mm);
+ if (ret < 0)
+ goto out;
+ }
+
+ ret = restore_mm_context(ctx, mm);
+ out:
+ ckpt_hdr_put(ctx, h);
+ if (ret < 0)
+ return ERR_PTR(ret);
+ /* restore_obj() expect an extra reference */
+ atomic_inc(&mm->mm_users);
+ return (void *)mm;
+}
+
+int restore_obj_mm(struct ckpt_ctx *ctx, int mm_objref)
+{
+ struct mm_struct *mm;
+ int ret;
+
+ mm = ckpt_obj_fetch(ctx, mm_objref, CKPT_OBJ_MM);
+ if (IS_ERR(mm))
+ return PTR_ERR(mm);
+
+ if (mm == current->mm)
+ return 0;
+
+ ret = exec_mmap(mm);
+ if (ret < 0)
+ return ret;
+
+ atomic_inc(&mm->mm_users);
+ return 0;
+}
+
+/*
+ * mm-related checkpoint objects
+ */
+
+static int obj_mm_grab(void *ptr)
+{
+ atomic_inc(&((struct mm_struct *) ptr)->mm_users);
+ return 0;
+}
+
+static void obj_mm_drop(void *ptr, int lastref)
+{
+ mmput((struct mm_struct *) ptr);
+}
+
+static int obj_mm_users(void *ptr)
+{
+ return atomic_read(&((struct mm_struct *) ptr)->mm_users);
+}
+
+/* mm object */
+static const struct ckpt_obj_ops ckpt_obj_mm_ops = {
+ .obj_name = "MM",
+ .obj_type = CKPT_OBJ_MM,
+ .ref_drop = obj_mm_drop,
+ .ref_grab = obj_mm_grab,
+ .ref_users = obj_mm_users,
+ .checkpoint = checkpoint_mm,
+ .restore = restore_mm,
+};
+
+static int __init checkpoint_register_mm(void)
+{
+ return register_checkpoint_obj(&ckpt_obj_mm_ops);
+}
+late_initcall(checkpoint_register_mm);
diff --git a/mm/filemap.c b/mm/filemap.c
index 140ebda..24d4c54 100644
--- a/mm/filemap.c
+++ b/mm/filemap.c
@@ -34,6 +34,7 @@
#include <linux/hardirq.h> /* for BUG_ON(!in_atomic()) only */
#include <linux/memcontrol.h>
#include <linux/mm_inline.h> /* for page_is_file_cache() */
+#include <linux/checkpoint.h>
#include "internal.h"
/*
@@ -1590,8 +1591,52 @@ page_not_uptodate:
}
EXPORT_SYMBOL(filemap_fault);
+#ifdef CONFIG_CHECKPOINT
+int filemap_checkpoint(struct ckpt_ctx *ctx, struct vm_area_struct *vma)
+{
+ struct file *file = vma->vm_file;
+ int vma_objref;
+
+ if (vma->vm_flags & CKPT_VMA_NOT_SUPPORTED) {
+ pr_warning("c/r: unsupported VMA %#lx\n", vma->vm_flags);
+ return -ENOSYS;
+ }
+
+ BUG_ON(!file);
+
+ vma_objref = checkpoint_obj(ctx, file, CKPT_OBJ_FILE);
+ if (vma_objref < 0)
+ return vma_objref;
+
+ return private_vma_checkpoint(ctx, vma, CKPT_VMA_FILE, vma_objref);
+}
+EXPORT_SYMBOL(filemap_checkpoint);
+
+int filemap_restore(struct ckpt_ctx *ctx,
+ struct mm_struct *mm,
+ struct ckpt_hdr_vma *h)
+{
+ struct file *file;
+ int ret;
+
+ if (h->vma_type == CKPT_VMA_FILE &&
+ (h->vm_flags & (VM_SHARED | VM_MAYSHARE)))
+ return -EINVAL;
+
+ file = ckpt_obj_fetch(ctx, h->vma_objref, CKPT_OBJ_FILE);
+ if (IS_ERR(file))
+ return PTR_ERR(file);
+
+ ret = private_vma_restore(ctx, mm, file, h);
+ return ret;
+}
+#endif
+
const struct vm_operations_struct generic_file_vm_ops = {
.fault = filemap_fault,
+#ifdef CONFIG_CHECKPOINT
+ .checkpoint = filemap_checkpoint,
+#endif
};
/* This is used for a general mmap of a disk file */
diff --git a/mm/mmap.c b/mm/mmap.c
index f90ea92..9d4891f 100644
--- a/mm/mmap.c
+++ b/mm/mmap.c
@@ -28,6 +28,7 @@
#include <linux/rmap.h>
#include <linux/mmu_notifier.h>
#include <linux/perf_event.h>
+#include <linux/checkpoint.h>
#include <asm/uaccess.h>
#include <asm/cacheflush.h>
@@ -2009,14 +2010,11 @@ int split_vma(struct mm_struct *mm, struct vm_area_struct *vma,
* work. This now handles partial unmappings.
* Jeremy Fitzhardinge <jeremy@goop.org>
*/
-int do_munmap(struct mm_struct *mm, unsigned long start, size_t len)
+int do_munmap_nocheck(struct mm_struct *mm, unsigned long start, size_t len)
{
unsigned long end;
struct vm_area_struct *vma, *prev, *last;
- if ((start & ~PAGE_MASK) || start > TASK_SIZE || len > TASK_SIZE-start)
- return -EINVAL;
-
if ((len = PAGE_ALIGN(len)) == 0)
return -EINVAL;
@@ -2090,8 +2088,39 @@ int do_munmap(struct mm_struct *mm, unsigned long start, size_t len)
return 0;
}
+int do_munmap(struct mm_struct *mm, unsigned long start, size_t len)
+{
+ if ((start & ~PAGE_MASK) || start > TASK_SIZE || len > TASK_SIZE-start)
+ return -EINVAL;
+
+ return do_munmap_nocheck(mm, start, len);
+}
+
EXPORT_SYMBOL(do_munmap);
+/*
+ * called with mm->mmap-sem held
+ * only called from checkpoint/memory.c:restore_mm()
+ */
+int destroy_mm(struct mm_struct *mm)
+{
+ struct vm_area_struct *vmnext = mm->mmap;
+ struct vm_area_struct *vma;
+ int ret;
+
+ while (vmnext) {
+ vma = vmnext;
+ vmnext = vmnext->vm_next;
+ ret = do_munmap_nocheck(mm, vma->vm_start,
+ vma->vm_end-vma->vm_start);
+ if (ret < 0) {
+ pr_warning("%s: failed munmap (%d)\n", __func__, ret);
+ return ret;
+ }
+ }
+ return 0;
+}
+
SYSCALL_DEFINE2(munmap, unsigned long, addr, size_t, len)
{
int ret;
@@ -2248,7 +2277,7 @@ void exit_mmap(struct mm_struct *mm)
tlb = tlb_gather_mmu(mm, 1);
/* update_hiwater_rss(mm) here? but nobody should be looking */
/* Use -1 here to ensure all VMAs in the mm are unmapped */
- end = unmap_vmas(&tlb, vma, 0, -1, &nr_accounted, NULL);
+ end = vma ? unmap_vmas(&tlb, vma, 0, -1, &nr_accounted, NULL) : 0;
vm_unacct_memory(nr_accounted);
free_pgtables(tlb, vma, FIRST_USER_ADDRESS, 0);
@@ -2414,9 +2443,71 @@ static void special_mapping_close(struct vm_area_struct *vma)
{
}
+#ifdef CONFIG_CHECKPOINT
+/*
+ * FIX:
+ * - checkpoint vdso pages (once per distinct vdso is enough)
+ * - check for compatilibility between saved and current vdso
+ * - accommodate for dynamic kernel data in vdso page
+ *
+ * Current, we require COMPAT_VDSO which somewhat mitigates the issue
+ */
+static int special_mapping_checkpoint(struct ckpt_ctx *ctx,
+ struct vm_area_struct *vma)
+{
+ const char *name;
+
+ /*
+ * FIX:
+ * Currently, we only handle VDSO/vsyscall special handling.
+ * Even that, is very basic - we just skip the contents and
+ * hope for the best in terms of compatilibity upon restart.
+ */
+
+ if (vma->vm_flags & CKPT_VMA_NOT_SUPPORTED)
+ return -ENOSYS;
+
+ name = arch_vma_name(vma);
+ if (!name || strcmp(name, "[vdso]"))
+ return -ENOSYS;
+
+ return generic_vma_checkpoint(ctx, vma, CKPT_VMA_VDSO, 0);
+}
+
+int special_mapping_restore(struct ckpt_ctx *ctx,
+ struct mm_struct *mm,
+ struct ckpt_hdr_vma *h)
+{
+ int ret = 0;
+
+ /*
+ * FIX:
+ * Currently, we only handle VDSO/vsyscall special handling.
+ * Even that, is very basic - call arch_setup_additional_pages
+ * requiring the same mapping (start address) as before.
+ */
+
+ BUG_ON(h->vma_type != CKPT_VMA_VDSO);
+
+#ifdef ARCH_HAS_SETUP_ADDITIONAL_PAGES
+#if defined(CONFIG_X86_64) && defined(CONFIG_COMPAT)
+ if (test_thread_flag(TIF_IA32))
+ ret = syscall32_setup_pages(NULL, h->vm_start, 0);
+ else
+#endif
+ ret = arch_setup_additional_pages(NULL, h->vm_start, 0);
+#endif
+
+ return ret;
+}
+#endif
+
static const struct vm_operations_struct special_mapping_vmops = {
.close = special_mapping_close,
.fault = special_mapping_fault,
+#ifdef CONFIG_CHECKPOINT
+ .checkpoint = special_mapping_checkpoint,
+#endif
};
/*
--
1.6.3.3
^ permalink raw reply related [flat|nested] 137+ messages in thread* [PATCH v21 042/100] c/r: add generic '->checkpoint' f_op to ext fses
2010-05-01 14:14 [PATCH v21 00/100] Kernel based checkpoint/restart Oren Laadan
` (40 preceding siblings ...)
2010-05-01 14:15 ` [PATCH v21 041/100] c/r: dump memory address space (private memory) Oren Laadan
@ 2010-05-01 14:15 ` Oren Laadan
2010-05-01 14:15 ` [PATCH v21 043/100] c/r: add generic '->checkpoint()' f_op to simple devices Oren Laadan
` (59 subsequent siblings)
101 siblings, 0 replies; 137+ messages in thread
From: Oren Laadan @ 2010-05-01 14:15 UTC (permalink / raw)
To: Andrew Morton
Cc: containers, linux-kernel, Serge Hallyn, Matt Helsley,
Pavel Emelyanov, Dave Hansen, linux-ext4, linux-fsdevel,
Oren Laadan
From: Dave Hansen <dave@linux.vnet.ibm.com>
This marks ext[234] as being checkpointable. There will be many
more to do this to, but this is a start.
Changelog[ckpt-v21]:
- Put file_ops->checkpoint under CONFIG_CHECKPOINT
Changelog[ckpt-v19-rc3]:
- Rebase to kernel 2.6.33 (ext2)
Changelog[v1]:
- [Serge Hallyn] Use filemap_checkpoint() in ext4_file_vm_ops
Cc: linux-ext4@vger.kernel.org
Cc: linux-fsdevel@vger.kernel.org
Signed-off-by: Dave Hansen <dave@linux.vnet.ibm.com>
Signed-off-by: Oren Laadan <orenl@cs.columbia.edu>
Acked-by: Serge E. Hallyn <serue@us.ibm.com>
Tested-by: Serge E. Hallyn <serue@us.ibm.com>
---
fs/ext2/dir.c | 3 +++
fs/ext2/file.c | 6 ++++++
fs/ext3/dir.c | 3 +++
fs/ext3/file.c | 3 +++
fs/ext4/dir.c | 3 +++
fs/ext4/file.c | 6 ++++++
6 files changed, 24 insertions(+), 0 deletions(-)
diff --git a/fs/ext2/dir.c b/fs/ext2/dir.c
index 7516957..cdcb065 100644
--- a/fs/ext2/dir.c
+++ b/fs/ext2/dir.c
@@ -722,4 +722,7 @@ const struct file_operations ext2_dir_operations = {
.compat_ioctl = ext2_compat_ioctl,
#endif
.fsync = ext2_fsync,
+#ifdef CONFIG_CHECKPOINT
+ .checkpoint = generic_file_checkpoint,
+#endif
};
diff --git a/fs/ext2/file.c b/fs/ext2/file.c
index 5d198d0..975ea9c 100644
--- a/fs/ext2/file.c
+++ b/fs/ext2/file.c
@@ -76,6 +76,9 @@ const struct file_operations ext2_file_operations = {
.fsync = ext2_fsync,
.splice_read = generic_file_splice_read,
.splice_write = generic_file_splice_write,
+#ifdef CONFIG_CHECKPOINT
+ .checkpoint = generic_file_checkpoint,
+#endif /* CONFIG_CHECKPOINT */
};
#ifdef CONFIG_EXT2_FS_XIP
@@ -91,6 +94,9 @@ const struct file_operations ext2_xip_file_operations = {
.open = dquot_file_open,
.release = ext2_release_file,
.fsync = ext2_fsync,
+#ifdef CONFIG_CHECKPOINT
+ .checkpoint = generic_file_checkpoint,
+#endif /* CONFIG_CHECKPOINT */
};
#endif
diff --git a/fs/ext3/dir.c b/fs/ext3/dir.c
index 373fa90..a4ef201 100644
--- a/fs/ext3/dir.c
+++ b/fs/ext3/dir.c
@@ -48,6 +48,9 @@ const struct file_operations ext3_dir_operations = {
#endif
.fsync = ext3_sync_file, /* BKL held */
.release = ext3_release_dir,
+#ifdef CONFIG_CHECKPOINT
+ .checkpoint = generic_file_checkpoint,
+#endif
};
diff --git a/fs/ext3/file.c b/fs/ext3/file.c
index f55df0e..2cf4ef2 100644
--- a/fs/ext3/file.c
+++ b/fs/ext3/file.c
@@ -68,6 +68,9 @@ const struct file_operations ext3_file_operations = {
.fsync = ext3_sync_file,
.splice_read = generic_file_splice_read,
.splice_write = generic_file_splice_write,
+#ifdef CONFIG_CHECKPOINT
+ .checkpoint = generic_file_checkpoint,
+#endif
};
const struct inode_operations ext3_file_inode_operations = {
diff --git a/fs/ext4/dir.c b/fs/ext4/dir.c
index 86cb6d8..9681c2f 100644
--- a/fs/ext4/dir.c
+++ b/fs/ext4/dir.c
@@ -48,6 +48,9 @@ const struct file_operations ext4_dir_operations = {
#endif
.fsync = ext4_sync_file,
.release = ext4_release_dir,
+#ifdef CONFIG_CHECKPOINT
+ .checkpoint = generic_file_checkpoint,
+#endif
};
diff --git a/fs/ext4/file.c b/fs/ext4/file.c
index d0776e4..7c7e120 100644
--- a/fs/ext4/file.c
+++ b/fs/ext4/file.c
@@ -85,6 +85,9 @@ ext4_file_write(struct kiocb *iocb, const struct iovec *iov,
static const struct vm_operations_struct ext4_file_vm_ops = {
.fault = filemap_fault,
.page_mkwrite = ext4_page_mkwrite,
+#ifdef CONFIG_CHECKPOINT
+ .checkpoint = filemap_checkpoint,
+#endif
};
static int ext4_file_mmap(struct file *file, struct vm_area_struct *vma)
@@ -145,6 +148,9 @@ const struct file_operations ext4_file_operations = {
.fsync = ext4_sync_file,
.splice_read = generic_file_splice_read,
.splice_write = generic_file_splice_write,
+#ifdef CONFIG_CHECKPOINT
+ .checkpoint = generic_file_checkpoint,
+#endif
};
const struct inode_operations ext4_file_inode_operations = {
--
1.6.3.3
^ permalink raw reply related [flat|nested] 137+ messages in thread* [PATCH v21 043/100] c/r: add generic '->checkpoint()' f_op to simple devices
2010-05-01 14:14 [PATCH v21 00/100] Kernel based checkpoint/restart Oren Laadan
` (41 preceding siblings ...)
2010-05-01 14:15 ` [PATCH v21 042/100] c/r: add generic '->checkpoint' f_op to ext fses Oren Laadan
@ 2010-05-01 14:15 ` Oren Laadan
2010-05-01 14:15 ` [PATCH v21 044/100] c/r: add checkpoint operation for opened files of generic filesystems Oren Laadan
` (58 subsequent siblings)
101 siblings, 0 replies; 137+ messages in thread
From: Oren Laadan @ 2010-05-01 14:15 UTC (permalink / raw)
To: Andrew Morton
Cc: containers, linux-kernel, Serge Hallyn, Matt Helsley,
Pavel Emelyanov, Oren Laadan, linux-fsdevel
* /dev/null
* /dev/zero
* /dev/random
* /dev/urandom
Changelog [v21]:
- Put file_ops->checkpoint under CONFIG_CHECKPOINT
Cc: linux-fsdevel@vger.kernel.org
Signed-off-by: Oren Laadan <orenl@cs.columbia.edu>
Acked-by: Serge E. Hallyn <serue@us.ibm.com>
Tested-by: Serge E. Hallyn <serue@us.ibm.com>
---
drivers/char/mem.c | 6 ++++++
drivers/char/random.c | 6 ++++++
2 files changed, 12 insertions(+), 0 deletions(-)
diff --git a/drivers/char/mem.c b/drivers/char/mem.c
index f54dab8..4e48384 100644
--- a/drivers/char/mem.c
+++ b/drivers/char/mem.c
@@ -767,6 +767,9 @@ static const struct file_operations null_fops = {
.read = read_null,
.write = write_null,
.splice_write = splice_write_null,
+#ifdef CONFIG_CHECKPOINT
+ .checkpoint = generic_file_checkpoint,
+#endif
};
#ifdef CONFIG_DEVPORT
@@ -783,6 +786,9 @@ static const struct file_operations zero_fops = {
.read = read_zero,
.write = write_zero,
.mmap = mmap_zero,
+#ifdef CONFIG_CHECKPOINT
+ .checkpoint = generic_file_checkpoint,
+#endif
};
/*
diff --git a/drivers/char/random.c b/drivers/char/random.c
index 2fd3d39..47a224c 100644
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -1169,6 +1169,9 @@ const struct file_operations random_fops = {
.poll = random_poll,
.unlocked_ioctl = random_ioctl,
.fasync = random_fasync,
+#ifdef CONFIG_CHECKPOINT
+ .checkpoint = generic_file_checkpoint,
+#endif
};
const struct file_operations urandom_fops = {
@@ -1176,6 +1179,9 @@ const struct file_operations urandom_fops = {
.write = random_write,
.unlocked_ioctl = random_ioctl,
.fasync = random_fasync,
+#ifdef CONFIG_CHECKPOINT
+ .checkpoint = generic_file_checkpoint,
+#endif
};
/***************************************************************
--
1.6.3.3
^ permalink raw reply related [flat|nested] 137+ messages in thread* [PATCH v21 044/100] c/r: add checkpoint operation for opened files of generic filesystems
2010-05-01 14:14 [PATCH v21 00/100] Kernel based checkpoint/restart Oren Laadan
` (42 preceding siblings ...)
2010-05-01 14:15 ` [PATCH v21 043/100] c/r: add generic '->checkpoint()' f_op to simple devices Oren Laadan
@ 2010-05-01 14:15 ` Oren Laadan
2010-05-01 14:15 ` [PATCH v21 045/100] c/r: export shmem_getpage() to support shared memory Oren Laadan
` (57 subsequent siblings)
101 siblings, 0 replies; 137+ messages in thread
From: Oren Laadan @ 2010-05-01 14:15 UTC (permalink / raw)
To: Andrew Morton
Cc: containers, linux-kernel, Serge Hallyn, Matt Helsley,
Pavel Emelyanov, linux-fsdevel
From: Matt Helsley <matthltc@us.ibm.com>
These patches extend the use of the generic file checkpoint operation to
non-extX filesystems which have lseek operations that ensure we can save
and restore the files for later use. Note that this does not include
things like FUSE, network filesystems, or pseudo-filesystem kernel
interfaces.
Only compile and boot tested (on x86-32).
[Oren Laadan] Folded patch series into a single patch; original post
included 36 separate patches for individual filesystems:
[PATCH 01/36] Add the checkpoint operation for affs files and directories.
[PATCH 02/36] Add the checkpoint operation for befs directories.
[PATCH 03/36] Add the checkpoint operation for bfs files and directories.
[PATCH 04/36] Add the checkpoint operation for btrfs files and directories.
[PATCH 05/36] Add the checkpoint operation for cramfs directories.
[PATCH 06/36] Add the checkpoint operation for ecryptfs files and directories.
[PATCH 07/36] Add the checkpoint operation for fat files and directories.
[PATCH 08/36] Add the checkpoint operation for freevxfs directories.
[PATCH 09/36] Add the checkpoint operation for hfs files and directories.
[PATCH 10/36] Add the checkpoint operation for hfsplus files and directories.
[PATCH 11/36] Add the checkpoint operation for hpfs files and directories.
[PATCH 12/36] Add the checkpoint operation for hppfs files and directories.
[PATCH 13/36] Add the checkpoint operation for iso directories.
[PATCH 14/36] Add the checkpoint operation for jffs2 files and directories.
[PATCH 15/36] Add the checkpoint operation for jfs files and directories.
[PATCH 16/36] Add the checkpoint operation for regular nfs files and directories. Skip the various /proc files for now.
[PATCH 17/36] Add the checkpoint operation for ntfs directories.
[PATCH 18/36] Add the checkpoint operation for openromfs directories. Explicitly skip the properties for now.
[PATCH 19/36] Add the checkpoint operation for qnx4 files and directories.
[PATCH 20/36] Add the checkpoint operation for reiserfs files and directories.
[PATCH 21/36] Add the checkpoint operation for romfs directories.
[PATCH 22/36] Add the checkpoint operation for squashfs directories.
[PATCH 23/36] Add the checkpoint operation for sysv filesystem files and directories.
[PATCH 24/36] Add the checkpoint operation for ubifs files and directories.
[PATCH 25/36] Add the checkpoint operation for udf filesystem files and directories.
[PATCH 26/36] Add the checkpoint operation for xfs files and directories.
[PATCH 27/36] Add checkpoint operation for efs directories.
[PATCH 28/36] Add the checkpoint operation for generic, read-only files. At present, some/all files of the following filesystems use this generic definition:
[PATCH 29/36] Add checkpoint operation for minix filesystem files and directories.
[PATCH 30/36] Add checkpoint operations for omfs files and directories.
[PATCH 31/36] Add checkpoint operations for ufs files and directories.
[PATCH 32/36] Add checkpoint operations for ramfs files. NOTE: since simple_dir_operations are shared between multiple filesystems including ramfs, it's not currently possible to checkpoint open ramfs directories.
[PATCH 33/36] Add the checkpoint operation for adfs files and directories.
[PATCH 34/36] Add the checkpoint operation to exofs files and directories.
[PATCH 35/36] Add the checkpoint operation to nilfs2 files and directories.
[PATCH 36/36] Add checkpoint operations for UML host filesystem files and directories.
Changelog[v21]:
- Put file_ops->checkpoint under CONFIG_CHECKPOINT
Changelog[v19-rc3]:
- [Suka] Enable C/R while executing over NFS
Cc: linux-fsdevel@vger.kernel.org
Signed-off-by: Matt Helsley <matthltc@us.ibm.com>
Acked-by: Oren Laadan <orenl@cs.columbia.edu>
Acked-by: Serge E. Hallyn <serue@us.ibm.com>
Tested-by: Serge E. Hallyn <serue@us.ibm.com>
---
fs/adfs/dir.c | 3 +++
fs/adfs/file.c | 3 +++
fs/affs/dir.c | 3 +++
fs/affs/file.c | 3 +++
fs/befs/linuxvfs.c | 3 +++
fs/bfs/dir.c | 3 +++
fs/bfs/file.c | 3 +++
fs/btrfs/file.c | 3 +++
fs/btrfs/inode.c | 3 +++
fs/btrfs/super.c | 3 +++
fs/cramfs/inode.c | 3 +++
fs/ecryptfs/file.c | 6 ++++++
fs/ecryptfs/miscdev.c | 3 +++
fs/efs/dir.c | 3 +++
fs/exofs/dir.c | 3 +++
fs/exofs/file.c | 3 +++
fs/fat/dir.c | 3 +++
fs/fat/file.c | 3 +++
fs/freevxfs/vxfs_lookup.c | 3 +++
fs/hfs/dir.c | 3 +++
fs/hfs/inode.c | 3 +++
fs/hfsplus/dir.c | 3 +++
fs/hfsplus/inode.c | 3 +++
fs/hostfs/hostfs_kern.c | 6 ++++++
fs/hpfs/dir.c | 3 +++
fs/hpfs/file.c | 3 +++
fs/hppfs/hppfs.c | 6 ++++++
fs/isofs/dir.c | 3 +++
fs/jffs2/dir.c | 3 +++
fs/jffs2/file.c | 3 +++
fs/jfs/file.c | 3 +++
fs/jfs/namei.c | 3 +++
fs/minix/dir.c | 3 +++
fs/minix/file.c | 3 +++
fs/nfs/dir.c | 3 +++
fs/nfs/file.c | 6 ++++++
fs/nilfs2/dir.c | 4 +++-
fs/nilfs2/file.c | 3 +++
fs/ntfs/dir.c | 3 +++
fs/ntfs/file.c | 5 ++++-
fs/omfs/dir.c | 3 +++
fs/omfs/file.c | 3 +++
fs/openpromfs/inode.c | 6 ++++++
fs/qnx4/dir.c | 3 +++
fs/ramfs/file-mmu.c | 3 +++
fs/ramfs/file-nommu.c | 3 +++
fs/read_write.c | 3 +++
fs/reiserfs/dir.c | 3 +++
fs/reiserfs/file.c | 3 +++
fs/romfs/mmap-nommu.c | 3 +++
fs/romfs/super.c | 3 +++
fs/squashfs/dir.c | 5 ++++-
fs/sysv/dir.c | 3 +++
fs/sysv/file.c | 3 +++
fs/ubifs/debug.c | 3 +++
fs/ubifs/dir.c | 3 +++
fs/ubifs/file.c | 3 +++
fs/udf/dir.c | 3 +++
fs/udf/file.c | 3 +++
fs/ufs/dir.c | 3 +++
fs/ufs/file.c | 3 +++
fs/xfs/linux-2.6/xfs_file.c | 6 ++++++
62 files changed, 206 insertions(+), 3 deletions(-)
diff --git a/fs/adfs/dir.c b/fs/adfs/dir.c
index 23aa52f..c205b40 100644
--- a/fs/adfs/dir.c
+++ b/fs/adfs/dir.c
@@ -198,6 +198,9 @@ const struct file_operations adfs_dir_operations = {
.llseek = generic_file_llseek,
.readdir = adfs_readdir,
.fsync = simple_fsync,
+#ifdef CONFIG_CHECKPOINT
+ .checkpoint = generic_file_checkpoint,
+#endif
};
static int
diff --git a/fs/adfs/file.c b/fs/adfs/file.c
index 005ea34..09ce6c7 100644
--- a/fs/adfs/file.c
+++ b/fs/adfs/file.c
@@ -30,6 +30,9 @@ const struct file_operations adfs_file_operations = {
.write = do_sync_write,
.aio_write = generic_file_aio_write,
.splice_read = generic_file_splice_read,
+#ifdef CONFIG_CHECKPOINT
+ .checkpoint = generic_file_checkpoint,
+#endif
};
const struct inode_operations adfs_file_inode_operations = {
diff --git a/fs/affs/dir.c b/fs/affs/dir.c
index 8ca8f3a..02511bf 100644
--- a/fs/affs/dir.c
+++ b/fs/affs/dir.c
@@ -22,6 +22,9 @@ const struct file_operations affs_dir_operations = {
.llseek = generic_file_llseek,
.readdir = affs_readdir,
.fsync = affs_file_fsync,
+#ifdef CONFIG_CHECKPOINT
+ .checkpoint = generic_file_checkpoint,
+#endif
};
/*
diff --git a/fs/affs/file.c b/fs/affs/file.c
index 184e55c..22577fa 100644
--- a/fs/affs/file.c
+++ b/fs/affs/file.c
@@ -36,6 +36,9 @@ const struct file_operations affs_file_operations = {
.release = affs_file_release,
.fsync = affs_file_fsync,
.splice_read = generic_file_splice_read,
+#ifdef CONFIG_CHECKPOINT
+ .checkpoint = generic_file_checkpoint,
+#endif
};
const struct inode_operations affs_file_inode_operations = {
diff --git a/fs/befs/linuxvfs.c b/fs/befs/linuxvfs.c
index 34ddda8..71488ba 100644
--- a/fs/befs/linuxvfs.c
+++ b/fs/befs/linuxvfs.c
@@ -67,6 +67,9 @@ static const struct file_operations befs_dir_operations = {
.read = generic_read_dir,
.readdir = befs_readdir,
.llseek = generic_file_llseek,
+#ifdef CONFIG_CHECKPOINT
+ .checkpoint = generic_file_checkpoint,
+#endif
};
static const struct inode_operations befs_dir_inode_operations = {
diff --git a/fs/bfs/dir.c b/fs/bfs/dir.c
index 1e41aad..18bea30 100644
--- a/fs/bfs/dir.c
+++ b/fs/bfs/dir.c
@@ -80,6 +80,9 @@ const struct file_operations bfs_dir_operations = {
.readdir = bfs_readdir,
.fsync = simple_fsync,
.llseek = generic_file_llseek,
+#ifdef CONFIG_CHECKPOINT
+ .checkpoint = generic_file_checkpoint,
+#endif
};
extern void dump_imap(const char *, struct super_block *);
diff --git a/fs/bfs/file.c b/fs/bfs/file.c
index 88b9a3f..844ff41 100644
--- a/fs/bfs/file.c
+++ b/fs/bfs/file.c
@@ -29,6 +29,9 @@ const struct file_operations bfs_file_operations = {
.aio_write = generic_file_aio_write,
.mmap = generic_file_mmap,
.splice_read = generic_file_splice_read,
+#ifdef CONFIG_CHECKPOINT
+ .checkpoint = generic_file_checkpoint,
+#endif
};
static int bfs_move_block(unsigned long from, unsigned long to,
diff --git a/fs/btrfs/file.c b/fs/btrfs/file.c
index 29ff749..be325e1 100644
--- a/fs/btrfs/file.c
+++ b/fs/btrfs/file.c
@@ -1170,4 +1170,7 @@ const struct file_operations btrfs_file_operations = {
#ifdef CONFIG_COMPAT
.compat_ioctl = btrfs_ioctl,
#endif
+#ifdef CONFIG_CHECKPOINT
+ .checkpoint = generic_file_checkpoint,
+#endif
};
diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c
index 2bfdc64..7ee1a98 100644
--- a/fs/btrfs/inode.c
+++ b/fs/btrfs/inode.c
@@ -5954,6 +5954,9 @@ static const struct file_operations btrfs_dir_file_operations = {
#endif
.release = btrfs_release_file,
.fsync = btrfs_sync_file,
+#ifdef CONFIG_CHECKPOINT
+ .checkpoint = generic_file_checkpoint,
+#endif
};
static struct extent_io_ops btrfs_extent_io_ops = {
diff --git a/fs/btrfs/super.c b/fs/btrfs/super.c
index 1866dff..2e31e14 100644
--- a/fs/btrfs/super.c
+++ b/fs/btrfs/super.c
@@ -829,6 +829,9 @@ static const struct file_operations btrfs_ctl_fops = {
.unlocked_ioctl = btrfs_control_ioctl,
.compat_ioctl = btrfs_control_ioctl,
.owner = THIS_MODULE,
+#ifdef CONFIG_CHECKPOINT
+ .checkpoint = generic_file_checkpoint,
+#endif
};
static struct miscdevice btrfs_misc = {
diff --git a/fs/cramfs/inode.c b/fs/cramfs/inode.c
index dd3634e..01ee36d 100644
--- a/fs/cramfs/inode.c
+++ b/fs/cramfs/inode.c
@@ -532,6 +532,9 @@ static const struct file_operations cramfs_directory_operations = {
.llseek = generic_file_llseek,
.read = generic_read_dir,
.readdir = cramfs_readdir,
+#ifdef CONFIG_CHECKPOINT
+ .checkpoint = generic_file_checkpoint,
+#endif
};
static const struct inode_operations cramfs_dir_inode_operations = {
diff --git a/fs/ecryptfs/file.c b/fs/ecryptfs/file.c
index e7440a6..e34e59a 100644
--- a/fs/ecryptfs/file.c
+++ b/fs/ecryptfs/file.c
@@ -306,6 +306,9 @@ const struct file_operations ecryptfs_dir_fops = {
.fsync = ecryptfs_fsync,
.fasync = ecryptfs_fasync,
.splice_read = generic_file_splice_read,
+#ifdef CONFIG_CHECKPOINT
+ .checkpoint = generic_file_checkpoint,
+#endif
};
const struct file_operations ecryptfs_main_fops = {
@@ -323,6 +326,9 @@ const struct file_operations ecryptfs_main_fops = {
.fsync = ecryptfs_fsync,
.fasync = ecryptfs_fasync,
.splice_read = generic_file_splice_read,
+#ifdef CONFIG_CHECKPOINT
+ .checkpoint = generic_file_checkpoint,
+#endif
};
static int
diff --git a/fs/ecryptfs/miscdev.c b/fs/ecryptfs/miscdev.c
index 3745f61..9aa5d8b 100644
--- a/fs/ecryptfs/miscdev.c
+++ b/fs/ecryptfs/miscdev.c
@@ -482,6 +482,9 @@ static const struct file_operations ecryptfs_miscdev_fops = {
.read = ecryptfs_miscdev_read,
.write = ecryptfs_miscdev_write,
.release = ecryptfs_miscdev_release,
+#ifdef CONFIG_CHECKPOINT
+ .checkpoint = generic_file_checkpoint,
+#endif
};
static struct miscdevice ecryptfs_miscdev = {
diff --git a/fs/efs/dir.c b/fs/efs/dir.c
index 7ee6f7e..ff08a3b 100644
--- a/fs/efs/dir.c
+++ b/fs/efs/dir.c
@@ -13,6 +13,9 @@ const struct file_operations efs_dir_operations = {
.llseek = generic_file_llseek,
.read = generic_read_dir,
.readdir = efs_readdir,
+#ifdef CONFIG_CHECKPOINT
+ .checkpoint = generic_file_checkpoint,
+#endif
};
const struct inode_operations efs_dir_inode_operations = {
diff --git a/fs/exofs/dir.c b/fs/exofs/dir.c
index 4cfab1c..62347ff 100644
--- a/fs/exofs/dir.c
+++ b/fs/exofs/dir.c
@@ -667,4 +667,7 @@ const struct file_operations exofs_dir_operations = {
.llseek = generic_file_llseek,
.read = generic_read_dir,
.readdir = exofs_readdir,
+#ifdef CONFIG_CHECKPOINT
+ .checkpoint = generic_file_checkpoint,
+#endif
};
diff --git a/fs/exofs/file.c b/fs/exofs/file.c
index 839b9dc..ec7e15a 100644
--- a/fs/exofs/file.c
+++ b/fs/exofs/file.c
@@ -84,6 +84,9 @@ const struct file_operations exofs_file_operations = {
.flush = exofs_flush,
.splice_read = generic_file_splice_read,
.splice_write = generic_file_splice_write,
+#ifdef CONFIG_CHECKPOINT
+ .checkpoint = generic_file_checkpoint,
+#endif
};
const struct inode_operations exofs_file_inode_operations = {
diff --git a/fs/fat/dir.c b/fs/fat/dir.c
index 530b4ca..4a4c7bb 100644
--- a/fs/fat/dir.c
+++ b/fs/fat/dir.c
@@ -841,6 +841,9 @@ const struct file_operations fat_dir_operations = {
.compat_ioctl = fat_compat_dir_ioctl,
#endif
.fsync = fat_file_fsync,
+#ifdef CONFIG_CHECKPOINT
+ .checkpoint = generic_file_checkpoint,
+#endif
};
static int fat_get_short_entry(struct inode *dir, loff_t *pos,
diff --git a/fs/fat/file.c b/fs/fat/file.c
index e8c159d..38132c2 100644
--- a/fs/fat/file.c
+++ b/fs/fat/file.c
@@ -162,6 +162,9 @@ const struct file_operations fat_file_operations = {
.ioctl = fat_generic_ioctl,
.fsync = fat_file_fsync,
.splice_read = generic_file_splice_read,
+#ifdef CONFIG_CHECKPOINT
+ .checkpoint = generic_file_checkpoint,
+#endif
};
static int fat_cont_expand(struct inode *inode, loff_t size)
diff --git a/fs/freevxfs/vxfs_lookup.c b/fs/freevxfs/vxfs_lookup.c
index aee049c..41dfea9 100644
--- a/fs/freevxfs/vxfs_lookup.c
+++ b/fs/freevxfs/vxfs_lookup.c
@@ -58,6 +58,9 @@ const struct inode_operations vxfs_dir_inode_ops = {
const struct file_operations vxfs_dir_operations = {
.readdir = vxfs_readdir,
+#ifdef CONFIG_CHECKPOINT
+ .checkpoint = generic_file_checkpoint,
+#endif
};
diff --git a/fs/hfs/dir.c b/fs/hfs/dir.c
index 2b3b861..f4dafc5 100644
--- a/fs/hfs/dir.c
+++ b/fs/hfs/dir.c
@@ -329,6 +329,9 @@ const struct file_operations hfs_dir_operations = {
.readdir = hfs_readdir,
.llseek = generic_file_llseek,
.release = hfs_dir_release,
+#ifdef CONFIG_CHECKPOINT
+ .checkpoint = generic_file_checkpoint,
+#endif
};
const struct inode_operations hfs_dir_inode_operations = {
diff --git a/fs/hfs/inode.c b/fs/hfs/inode.c
index 14f5cb1..3b10d84 100644
--- a/fs/hfs/inode.c
+++ b/fs/hfs/inode.c
@@ -607,6 +607,9 @@ static const struct file_operations hfs_file_operations = {
.fsync = file_fsync,
.open = hfs_file_open,
.release = hfs_file_release,
+#ifdef CONFIG_CHECKPOINT
+ .checkpoint = generic_file_checkpoint,
+#endif
};
static const struct inode_operations hfs_file_inode_operations = {
diff --git a/fs/hfsplus/dir.c b/fs/hfsplus/dir.c
index 5f40236..7656143 100644
--- a/fs/hfsplus/dir.c
+++ b/fs/hfsplus/dir.c
@@ -497,4 +497,7 @@ const struct file_operations hfsplus_dir_operations = {
.ioctl = hfsplus_ioctl,
.llseek = generic_file_llseek,
.release = hfsplus_dir_release,
+#ifdef CONFIG_CHECKPOINT
+ .checkpoint = generic_file_checkpoint,
+#endif
};
diff --git a/fs/hfsplus/inode.c b/fs/hfsplus/inode.c
index 1bcf597..43a6da2 100644
--- a/fs/hfsplus/inode.c
+++ b/fs/hfsplus/inode.c
@@ -286,6 +286,9 @@ static const struct file_operations hfsplus_file_operations = {
.open = hfsplus_file_open,
.release = hfsplus_file_release,
.ioctl = hfsplus_ioctl,
+#ifdef CONFIG_CHECKPOINT
+ .checkpoint = generic_file_checkpoint,
+#endif
};
struct inode *hfsplus_new_inode(struct super_block *sb, int mode)
diff --git a/fs/hostfs/hostfs_kern.c b/fs/hostfs/hostfs_kern.c
index 3a029d8..1514aee 100644
--- a/fs/hostfs/hostfs_kern.c
+++ b/fs/hostfs/hostfs_kern.c
@@ -427,12 +427,18 @@ static const struct file_operations hostfs_file_fops = {
.open = hostfs_file_open,
.release = NULL,
.fsync = hostfs_fsync,
+#ifdef CONFIG_CHECKPOINT
+ .checkpoint = generic_file_checkpoint,
+#endif
};
static const struct file_operations hostfs_dir_fops = {
.llseek = generic_file_llseek,
.readdir = hostfs_readdir,
.read = generic_read_dir,
+#ifdef CONFIG_CHECKPOINT
+ .checkpoint = generic_file_checkpoint,
+#endif
};
int hostfs_writepage(struct page *page, struct writeback_control *wbc)
diff --git a/fs/hpfs/dir.c b/fs/hpfs/dir.c
index 2338130..a2e95fe 100644
--- a/fs/hpfs/dir.c
+++ b/fs/hpfs/dir.c
@@ -323,4 +323,7 @@ const struct file_operations hpfs_dir_ops =
.readdir = hpfs_readdir,
.release = hpfs_dir_release,
.fsync = hpfs_file_fsync,
+#ifdef CONFIG_CHECKPOINT
+ .checkpoint = generic_file_checkpoint,
+#endif
};
diff --git a/fs/hpfs/file.c b/fs/hpfs/file.c
index 3efabff..7a78261 100644
--- a/fs/hpfs/file.c
+++ b/fs/hpfs/file.c
@@ -139,6 +139,9 @@ const struct file_operations hpfs_file_ops =
.release = hpfs_file_release,
.fsync = hpfs_file_fsync,
.splice_read = generic_file_splice_read,
+#ifdef CONFIG_CHECKPOINT
+ .checkpoint = generic_file_checkpoint,
+#endif
};
const struct inode_operations hpfs_file_iops =
diff --git a/fs/hppfs/hppfs.c b/fs/hppfs/hppfs.c
index 2e4dfa8..d059b38 100644
--- a/fs/hppfs/hppfs.c
+++ b/fs/hppfs/hppfs.c
@@ -546,6 +546,9 @@ static const struct file_operations hppfs_file_fops = {
.read = hppfs_read,
.write = hppfs_write,
.open = hppfs_open,
+#ifdef CONFIG_CHECKPOINT
+ .checkpoint = generic_file_checkpoint,
+#endif
};
struct hppfs_dirent {
@@ -597,6 +600,9 @@ static const struct file_operations hppfs_dir_fops = {
.readdir = hppfs_readdir,
.open = hppfs_dir_open,
.fsync = hppfs_fsync,
+#ifdef CONFIG_CHECKPOINT
+ .checkpoint = generic_file_checkpoint,
+#endif
};
static int hppfs_statfs(struct dentry *dentry, struct kstatfs *sf)
diff --git a/fs/isofs/dir.c b/fs/isofs/dir.c
index b9ab69b..fe41d7f 100644
--- a/fs/isofs/dir.c
+++ b/fs/isofs/dir.c
@@ -274,6 +274,9 @@ const struct file_operations isofs_dir_operations =
{
.read = generic_read_dir,
.readdir = isofs_readdir,
+#ifdef CONFIG_CHECKPOINT
+ .checkpoint = generic_file_checkpoint,
+#endif
};
/*
diff --git a/fs/jffs2/dir.c b/fs/jffs2/dir.c
index 7aa4417..482e34a 100644
--- a/fs/jffs2/dir.c
+++ b/fs/jffs2/dir.c
@@ -41,6 +41,9 @@ const struct file_operations jffs2_dir_operations =
.unlocked_ioctl=jffs2_ioctl,
.fsync = jffs2_fsync,
.llseek = generic_file_llseek,
+#ifdef CONFIG_CHECKPOINT
+ .checkpoint = generic_file_checkpoint,
+#endif
};
diff --git a/fs/jffs2/file.c b/fs/jffs2/file.c
index e7291c1..c2bcb4d 100644
--- a/fs/jffs2/file.c
+++ b/fs/jffs2/file.c
@@ -49,6 +49,9 @@ const struct file_operations jffs2_file_operations =
.mmap = generic_file_readonly_mmap,
.fsync = jffs2_fsync,
.splice_read = generic_file_splice_read,
+#ifdef CONFIG_CHECKPOINT
+ .checkpoint = generic_file_checkpoint,
+#endif
};
/* jffs2_file_inode_operations */
diff --git a/fs/jfs/file.c b/fs/jfs/file.c
index 14ba982..cda38cb 100644
--- a/fs/jfs/file.c
+++ b/fs/jfs/file.c
@@ -143,4 +143,7 @@ const struct file_operations jfs_file_operations = {
#ifdef CONFIG_COMPAT
.compat_ioctl = jfs_compat_ioctl,
#endif
+#ifdef CONFIG_CHECKPOINT
+ .checkpoint = generic_file_checkpoint,
+#endif
};
diff --git a/fs/jfs/namei.c b/fs/jfs/namei.c
index 4a3e9f3..83f2490 100644
--- a/fs/jfs/namei.c
+++ b/fs/jfs/namei.c
@@ -1571,6 +1571,9 @@ const struct file_operations jfs_dir_operations = {
.compat_ioctl = jfs_compat_ioctl,
#endif
.llseek = generic_file_llseek,
+#ifdef CONFIG_CHECKPOINT
+ .checkpoint = generic_file_checkpoint,
+#endif
};
static int jfs_ci_hash(struct dentry *dir, struct qstr *this)
diff --git a/fs/minix/dir.c b/fs/minix/dir.c
index 6198731..715dd03 100644
--- a/fs/minix/dir.c
+++ b/fs/minix/dir.c
@@ -23,6 +23,9 @@ const struct file_operations minix_dir_operations = {
.read = generic_read_dir,
.readdir = minix_readdir,
.fsync = simple_fsync,
+#ifdef CONFIG_CHECKPOINT
+ .checkpoint = generic_file_checkpoint,
+#endif
};
static inline void dir_put_page(struct page *page)
diff --git a/fs/minix/file.c b/fs/minix/file.c
index 3eec3e6..8e8f6a9 100644
--- a/fs/minix/file.c
+++ b/fs/minix/file.c
@@ -21,6 +21,9 @@ const struct file_operations minix_file_operations = {
.mmap = generic_file_mmap,
.fsync = simple_fsync,
.splice_read = generic_file_splice_read,
+#ifdef CONFIG_CHECKPOINT
+ .checkpoint = generic_file_checkpoint,
+#endif
};
const struct inode_operations minix_file_inode_operations = {
diff --git a/fs/nfs/dir.c b/fs/nfs/dir.c
index be46f26..ac4c291 100644
--- a/fs/nfs/dir.c
+++ b/fs/nfs/dir.c
@@ -63,6 +63,9 @@ const struct file_operations nfs_dir_operations = {
.open = nfs_opendir,
.release = nfs_release,
.fsync = nfs_fsync_dir,
+#ifdef CONFIG_CHECKPOINT
+ .checkpoint = generic_file_checkpoint,
+#endif
};
const struct inode_operations nfs_dir_inode_operations = {
diff --git a/fs/nfs/file.c b/fs/nfs/file.c
index 8d965bd..456e861 100644
--- a/fs/nfs/file.c
+++ b/fs/nfs/file.c
@@ -78,6 +78,9 @@ const struct file_operations nfs_file_operations = {
.splice_write = nfs_file_splice_write,
.check_flags = nfs_check_flags,
.setlease = nfs_setlease,
+#ifdef CONFIG_CHECKPOINT
+ .checkpoint = generic_file_checkpoint,
+#endif
};
const struct inode_operations nfs_file_inode_operations = {
@@ -583,6 +586,9 @@ out_unlock:
static const struct vm_operations_struct nfs_file_vm_ops = {
.fault = filemap_fault,
.page_mkwrite = nfs_vm_page_mkwrite,
+#ifdef CONFIG_CHECKPOINT
+ .checkpoint = filemap_checkpoint,
+#endif
};
static int nfs_need_sync_write(struct file *filp, struct inode *inode)
diff --git a/fs/nilfs2/dir.c b/fs/nilfs2/dir.c
index 85c89df..d677449 100644
--- a/fs/nilfs2/dir.c
+++ b/fs/nilfs2/dir.c
@@ -702,5 +702,7 @@ const struct file_operations nilfs_dir_operations = {
.compat_ioctl = nilfs_ioctl,
#endif /* CONFIG_COMPAT */
.fsync = nilfs_sync_file,
-
+#ifdef CONFIG_CHECKPOINT
+ .checkpoint = generic_file_checkpoint,
+#endif
};
diff --git a/fs/nilfs2/file.c b/fs/nilfs2/file.c
index 30292df..9306d6f 100644
--- a/fs/nilfs2/file.c
+++ b/fs/nilfs2/file.c
@@ -149,6 +149,9 @@ const struct file_operations nilfs_file_operations = {
/* .release = nilfs_release_file, */
.fsync = nilfs_sync_file,
.splice_read = generic_file_splice_read,
+#ifdef CONFIG_CHECKPOINT
+ .checkpoint = generic_file_checkpoint,
+#endif
};
const struct inode_operations nilfs_file_inode_operations = {
diff --git a/fs/ntfs/dir.c b/fs/ntfs/dir.c
index fe44d3f..229d00b 100644
--- a/fs/ntfs/dir.c
+++ b/fs/ntfs/dir.c
@@ -1573,4 +1573,7 @@ const struct file_operations ntfs_dir_ops = {
/*.ioctl = ,*/ /* Perform function on the
mounted filesystem. */
.open = ntfs_dir_open, /* Open directory. */
+#ifdef CONFIG_CHECKPOINT
+ .checkpoint = generic_file_checkpoint,
+#endif
};
diff --git a/fs/ntfs/file.c b/fs/ntfs/file.c
index 8804f09..303ee8e 100644
--- a/fs/ntfs/file.c
+++ b/fs/ntfs/file.c
@@ -2225,7 +2225,7 @@ const struct file_operations ntfs_file_ops = {
mounted filesystem. */
.mmap = generic_file_mmap, /* Mmap file. */
.open = ntfs_file_open, /* Open file. */
- .splice_read = generic_file_splice_read /* Zero-copy data send with
+ .splice_read = generic_file_splice_read, /* Zero-copy data send with
the data source being on
the ntfs partition. We do
not need to care about the
@@ -2235,6 +2235,9 @@ const struct file_operations ntfs_file_ops = {
on the ntfs partition. We
do not need to care about
the data source. */
+#ifdef CONFIG_CHECKPOINT
+ .checkpoint = generic_file_checkpoint,
+#endif
};
const struct inode_operations ntfs_file_inode_ops = {
diff --git a/fs/omfs/dir.c b/fs/omfs/dir.c
index b42d624..3b08c84 100644
--- a/fs/omfs/dir.c
+++ b/fs/omfs/dir.c
@@ -502,4 +502,7 @@ const struct file_operations omfs_dir_operations = {
.read = generic_read_dir,
.readdir = omfs_readdir,
.llseek = generic_file_llseek,
+#ifdef CONFIG_CHECKPOINT
+ .checkpoint = generic_file_checkpoint,
+#endif
};
diff --git a/fs/omfs/file.c b/fs/omfs/file.c
index 399487c..fb5fa02 100644
--- a/fs/omfs/file.c
+++ b/fs/omfs/file.c
@@ -331,6 +331,9 @@ const struct file_operations omfs_file_operations = {
.mmap = generic_file_mmap,
.fsync = simple_fsync,
.splice_read = generic_file_splice_read,
+#ifdef CONFIG_CHECKPOINT
+ .checkpoint = generic_file_checkpoint,
+#endif
};
const struct inode_operations omfs_file_inops = {
diff --git a/fs/openpromfs/inode.c b/fs/openpromfs/inode.c
index ffcd04f..f5e4649 100644
--- a/fs/openpromfs/inode.c
+++ b/fs/openpromfs/inode.c
@@ -160,6 +160,9 @@ static const struct file_operations openpromfs_prop_ops = {
.read = seq_read,
.llseek = seq_lseek,
.release = seq_release,
+#ifdef CONFIG_CHECKPOINT
+ .checkpoint = NULL,
+#endif
};
static int openpromfs_readdir(struct file *, void *, filldir_t);
@@ -168,6 +171,9 @@ static const struct file_operations openprom_operations = {
.read = generic_read_dir,
.readdir = openpromfs_readdir,
.llseek = generic_file_llseek,
+#ifdef CONFIG_CHECKPOINT
+ .checkpoint = generic_file_checkpoint,
+#endif
};
static struct dentry *openpromfs_lookup(struct inode *, struct dentry *, struct nameidata *);
diff --git a/fs/qnx4/dir.c b/fs/qnx4/dir.c
index 6f30c3d..3414bf8 100644
--- a/fs/qnx4/dir.c
+++ b/fs/qnx4/dir.c
@@ -80,6 +80,9 @@ const struct file_operations qnx4_dir_operations =
.read = generic_read_dir,
.readdir = qnx4_readdir,
.fsync = simple_fsync,
+#ifdef CONFIG_CHECKPOINT
+ .checkpoint = generic_file_checkpoint,
+#endif
};
const struct inode_operations qnx4_dir_inode_operations =
diff --git a/fs/ramfs/file-mmu.c b/fs/ramfs/file-mmu.c
index 78f613c..34dc7f2 100644
--- a/fs/ramfs/file-mmu.c
+++ b/fs/ramfs/file-mmu.c
@@ -47,6 +47,9 @@ const struct file_operations ramfs_file_operations = {
.splice_read = generic_file_splice_read,
.splice_write = generic_file_splice_write,
.llseek = generic_file_llseek,
+#ifdef CONFIG_CHECKPOINT
+ .checkpoint = generic_file_checkpoint,
+#endif
};
const struct inode_operations ramfs_file_inode_operations = {
diff --git a/fs/ramfs/file-nommu.c b/fs/ramfs/file-nommu.c
index 5ea4ad8..7aa0d43 100644
--- a/fs/ramfs/file-nommu.c
+++ b/fs/ramfs/file-nommu.c
@@ -46,6 +46,9 @@ const struct file_operations ramfs_file_operations = {
.splice_read = generic_file_splice_read,
.splice_write = generic_file_splice_write,
.llseek = generic_file_llseek,
+#ifdef CONFIG_CHECKPOINT
+ .checkpoint = generic_file_checkpoint,
+#endif
};
const struct inode_operations ramfs_file_inode_operations = {
diff --git a/fs/read_write.c b/fs/read_write.c
index 67b7d83..d566214 100644
--- a/fs/read_write.c
+++ b/fs/read_write.c
@@ -27,6 +27,9 @@ const struct file_operations generic_ro_fops = {
.aio_read = generic_file_aio_read,
.mmap = generic_file_readonly_mmap,
.splice_read = generic_file_splice_read,
+#ifdef CONFIG_CHECKPOINT
+ .checkpoint = generic_file_checkpoint,
+#endif
};
EXPORT_SYMBOL(generic_ro_fops);
diff --git a/fs/reiserfs/dir.c b/fs/reiserfs/dir.c
index f8a6075..1fb4ce6 100644
--- a/fs/reiserfs/dir.c
+++ b/fs/reiserfs/dir.c
@@ -25,6 +25,9 @@ const struct file_operations reiserfs_dir_operations = {
#ifdef CONFIG_COMPAT
.compat_ioctl = reiserfs_compat_ioctl,
#endif
+#ifdef CONFIG_CHECKPOINT
+ .checkpoint = generic_file_checkpoint,
+#endif
};
static int reiserfs_dir_fsync(struct file *filp, struct dentry *dentry,
diff --git a/fs/reiserfs/file.c b/fs/reiserfs/file.c
index 1d9c127..5b2d720 100644
--- a/fs/reiserfs/file.c
+++ b/fs/reiserfs/file.c
@@ -297,6 +297,9 @@ const struct file_operations reiserfs_file_operations = {
.splice_read = generic_file_splice_read,
.splice_write = generic_file_splice_write,
.llseek = generic_file_llseek,
+#ifdef CONFIG_CHECKPOINT
+ .checkpoint = generic_file_checkpoint,
+#endif
};
const struct inode_operations reiserfs_file_inode_operations = {
diff --git a/fs/romfs/mmap-nommu.c b/fs/romfs/mmap-nommu.c
index f0511e8..f488a8a 100644
--- a/fs/romfs/mmap-nommu.c
+++ b/fs/romfs/mmap-nommu.c
@@ -72,4 +72,7 @@ const struct file_operations romfs_ro_fops = {
.splice_read = generic_file_splice_read,
.mmap = romfs_mmap,
.get_unmapped_area = romfs_get_unmapped_area,
+#ifdef CONFIG_CHECKPOINT
+ .checkpoint = generic_file_checkpoint,
+#endif
};
diff --git a/fs/romfs/super.c b/fs/romfs/super.c
index 42d2135..6a07e29 100644
--- a/fs/romfs/super.c
+++ b/fs/romfs/super.c
@@ -282,6 +282,9 @@ error:
static const struct file_operations romfs_dir_operations = {
.read = generic_read_dir,
.readdir = romfs_readdir,
+#ifdef CONFIG_CHECKPOINT
+ .checkpoint = generic_file_checkpoint,
+#endif
};
static const struct inode_operations romfs_dir_inode_operations = {
diff --git a/fs/squashfs/dir.c b/fs/squashfs/dir.c
index 12b933a..1bc7cc0 100644
--- a/fs/squashfs/dir.c
+++ b/fs/squashfs/dir.c
@@ -230,5 +230,8 @@ failed_read:
const struct file_operations squashfs_dir_ops = {
.read = generic_read_dir,
- .readdir = squashfs_readdir
+ .readdir = squashfs_readdir,
+#ifdef CONFIG_CHECKPOINT
+ .checkpoint = generic_file_checkpoint,
+#endif
};
diff --git a/fs/sysv/dir.c b/fs/sysv/dir.c
index 4e50286..e1030d4 100644
--- a/fs/sysv/dir.c
+++ b/fs/sysv/dir.c
@@ -25,6 +25,9 @@ const struct file_operations sysv_dir_operations = {
.read = generic_read_dir,
.readdir = sysv_readdir,
.fsync = simple_fsync,
+#ifdef CONFIG_CHECKPOINT
+ .checkpoint = generic_file_checkpoint,
+#endif
};
static inline void dir_put_page(struct page *page)
diff --git a/fs/sysv/file.c b/fs/sysv/file.c
index 96340c0..78b7e65 100644
--- a/fs/sysv/file.c
+++ b/fs/sysv/file.c
@@ -28,6 +28,9 @@ const struct file_operations sysv_file_operations = {
.mmap = generic_file_mmap,
.fsync = simple_fsync,
.splice_read = generic_file_splice_read,
+#ifdef CONFIG_CHECKPOINT
+ .checkpoint = generic_file_checkpoint,
+#endif
};
const struct inode_operations sysv_file_inode_operations = {
diff --git a/fs/ubifs/debug.c b/fs/ubifs/debug.c
index c2a68ba..b357ca3 100644
--- a/fs/ubifs/debug.c
+++ b/fs/ubifs/debug.c
@@ -2625,6 +2625,9 @@ static const struct file_operations dfs_fops = {
.open = open_debugfs_file,
.write = write_debugfs_file,
.owner = THIS_MODULE,
+#ifdef CONFIG_CHECKPOINT
+ .checkpoint = generic_file_checkpoint,
+#endif
};
/**
diff --git a/fs/ubifs/dir.c b/fs/ubifs/dir.c
index 401e503..a72070e 100644
--- a/fs/ubifs/dir.c
+++ b/fs/ubifs/dir.c
@@ -1228,4 +1228,7 @@ const struct file_operations ubifs_dir_operations = {
#ifdef CONFIG_COMPAT
.compat_ioctl = ubifs_compat_ioctl,
#endif
+#ifdef CONFIG_CHECKPOINT
+ .checkpoint = generic_file_checkpoint,
+#endif
};
diff --git a/fs/ubifs/file.c b/fs/ubifs/file.c
index 5692cf7..566e172 100644
--- a/fs/ubifs/file.c
+++ b/fs/ubifs/file.c
@@ -1583,4 +1583,7 @@ const struct file_operations ubifs_file_operations = {
#ifdef CONFIG_COMPAT
.compat_ioctl = ubifs_compat_ioctl,
#endif
+#ifdef CONFIG_CHECKPOINT
+ .checkpoint = generic_file_checkpoint,
+#endif
};
diff --git a/fs/udf/dir.c b/fs/udf/dir.c
index f0f2a43..43bf889 100644
--- a/fs/udf/dir.c
+++ b/fs/udf/dir.c
@@ -211,4 +211,7 @@ const struct file_operations udf_dir_operations = {
.readdir = udf_readdir,
.ioctl = udf_ioctl,
.fsync = simple_fsync,
+#ifdef CONFIG_CHECKPOINT
+ .checkpoint = generic_file_checkpoint,
+#endif
};
diff --git a/fs/udf/file.c b/fs/udf/file.c
index 4b6a46c..0c73a47 100644
--- a/fs/udf/file.c
+++ b/fs/udf/file.c
@@ -216,6 +216,9 @@ const struct file_operations udf_file_operations = {
.fsync = simple_fsync,
.splice_read = generic_file_splice_read,
.llseek = generic_file_llseek,
+#ifdef CONFIG_CHECKPOINT
+ .checkpoint = generic_file_checkpoint,
+#endif
};
int udf_setattr(struct dentry *dentry, struct iattr *iattr)
diff --git a/fs/ufs/dir.c b/fs/ufs/dir.c
index 317a0d4..9841034 100644
--- a/fs/ufs/dir.c
+++ b/fs/ufs/dir.c
@@ -668,4 +668,7 @@ const struct file_operations ufs_dir_operations = {
.readdir = ufs_readdir,
.fsync = simple_fsync,
.llseek = generic_file_llseek,
+#ifdef CONFIG_CHECKPOINT
+ .checkpoint = generic_file_checkpoint,
+#endif
};
diff --git a/fs/ufs/file.c b/fs/ufs/file.c
index a8962ce..f180014 100644
--- a/fs/ufs/file.c
+++ b/fs/ufs/file.c
@@ -44,4 +44,7 @@ const struct file_operations ufs_file_operations = {
.open = dquot_file_open,
.fsync = simple_fsync,
.splice_read = generic_file_splice_read,
+#ifdef CONFIG_CHECKPOINT
+ .checkpoint = generic_file_checkpoint,
+#endif
};
diff --git a/fs/xfs/linux-2.6/xfs_file.c b/fs/xfs/linux-2.6/xfs_file.c
index 42dd3bc..8aea381 100644
--- a/fs/xfs/linux-2.6/xfs_file.c
+++ b/fs/xfs/linux-2.6/xfs_file.c
@@ -1015,6 +1015,9 @@ const struct file_operations xfs_file_operations = {
#ifdef HAVE_FOP_OPEN_EXEC
.open_exec = xfs_file_open_exec,
#endif
+#ifdef CONFIG_CHECKPOINT
+ .checkpoint = generic_file_checkpoint,
+#endif
};
const struct file_operations xfs_dir_file_operations = {
@@ -1027,6 +1030,9 @@ const struct file_operations xfs_dir_file_operations = {
.compat_ioctl = xfs_file_compat_ioctl,
#endif
.fsync = xfs_file_fsync,
+#ifdef CONFIG_CHECKPOINT
+ .checkpoint = generic_file_checkpoint,
+#endif
};
static const struct vm_operations_struct xfs_file_vm_ops = {
--
1.6.3.3
^ permalink raw reply related [flat|nested] 137+ messages in thread* [PATCH v21 045/100] c/r: export shmem_getpage() to support shared memory
2010-05-01 14:14 [PATCH v21 00/100] Kernel based checkpoint/restart Oren Laadan
` (43 preceding siblings ...)
2010-05-01 14:15 ` [PATCH v21 044/100] c/r: add checkpoint operation for opened files of generic filesystems Oren Laadan
@ 2010-05-01 14:15 ` Oren Laadan
2010-05-01 14:15 ` [PATCH v21 046/100] c/r: dump anonymous- and file-mapped- " Oren Laadan
` (56 subsequent siblings)
101 siblings, 0 replies; 137+ messages in thread
From: Oren Laadan @ 2010-05-01 14:15 UTC (permalink / raw)
To: Andrew Morton
Cc: containers, linux-kernel, Serge Hallyn, Matt Helsley,
Pavel Emelyanov, Oren Laadan, linux-mm
Export functionality to retrieve specific pages from shared memory
given an inode in shmem-fs; this will be used in the next two patches
to provide support for c/r of shared memory.
mm/shmem.c:
- shmem_getpage() and 'enum sgp_type' moved to linux/mm.h
Cc: linux-mm@kvack.org
Signed-off-by: Oren Laadan <orenl@cs.columbia.edu>
Acked-by: Serge E. Hallyn <serue@us.ibm.com>
Tested-by: Serge E. Hallyn <serue@us.ibm.com>
---
include/linux/mm.h | 11 +++++++++++
mm/shmem.c | 15 ++-------------
2 files changed, 13 insertions(+), 13 deletions(-)
diff --git a/include/linux/mm.h b/include/linux/mm.h
index 913c7fe..5ebb781 100644
--- a/include/linux/mm.h
+++ b/include/linux/mm.h
@@ -340,6 +340,17 @@ void put_pages_list(struct list_head *pages);
void split_page(struct page *page, unsigned int order);
+/* Flag allocation requirements to shmem_getpage and shmem_swp_alloc */
+enum sgp_type {
+ SGP_READ, /* don't exceed i_size, don't allocate page */
+ SGP_CACHE, /* don't exceed i_size, may allocate page */
+ SGP_DIRTY, /* like SGP_CACHE, but set new page dirty */
+ SGP_WRITE, /* may exceed i_size, may allocate page */
+};
+
+extern int shmem_getpage(struct inode *inode, unsigned long idx,
+ struct page **pagep, enum sgp_type sgp, int *type);
+
/*
* Compound pages have a destructor function. Provide a
* prototype for that function and accessor functions.
diff --git a/mm/shmem.c b/mm/shmem.c
index eef4ebe..d93c394 100644
--- a/mm/shmem.c
+++ b/mm/shmem.c
@@ -98,14 +98,6 @@ static struct vfsmount *shm_mnt;
/* Pretend that each entry is of this size in directory's i_size */
#define BOGO_DIRENT_SIZE 20
-/* Flag allocation requirements to shmem_getpage and shmem_swp_alloc */
-enum sgp_type {
- SGP_READ, /* don't exceed i_size, don't allocate page */
- SGP_CACHE, /* don't exceed i_size, may allocate page */
- SGP_DIRTY, /* like SGP_CACHE, but set new page dirty */
- SGP_WRITE, /* may exceed i_size, may allocate page */
-};
-
#ifdef CONFIG_TMPFS
static unsigned long shmem_default_max_blocks(void)
{
@@ -118,9 +110,6 @@ static unsigned long shmem_default_max_inodes(void)
}
#endif
-static int shmem_getpage(struct inode *inode, unsigned long idx,
- struct page **pagep, enum sgp_type sgp, int *type);
-
static inline struct page *shmem_dir_alloc(gfp_t gfp_mask)
{
/*
@@ -1213,8 +1202,8 @@ static inline struct mempolicy *shmem_get_sbmpol(struct shmem_sb_info *sbinfo)
* vm. If we swap it in we mark it dirty since we also free the swap
* entry since a page cannot live in both the swap and page cache
*/
-static int shmem_getpage(struct inode *inode, unsigned long idx,
- struct page **pagep, enum sgp_type sgp, int *type)
+int shmem_getpage(struct inode *inode, unsigned long idx,
+ struct page **pagep, enum sgp_type sgp, int *type)
{
struct address_space *mapping = inode->i_mapping;
struct shmem_inode_info *info = SHMEM_I(inode);
--
1.6.3.3
^ permalink raw reply related [flat|nested] 137+ messages in thread* [PATCH v21 046/100] c/r: dump anonymous- and file-mapped- shared memory
2010-05-01 14:14 [PATCH v21 00/100] Kernel based checkpoint/restart Oren Laadan
` (44 preceding siblings ...)
2010-05-01 14:15 ` [PATCH v21 045/100] c/r: export shmem_getpage() to support shared memory Oren Laadan
@ 2010-05-01 14:15 ` Oren Laadan
2010-05-01 14:15 ` [PATCH v21 047/100] splice: export pipe/file-to-pipe/file functionality Oren Laadan
` (55 subsequent siblings)
101 siblings, 0 replies; 137+ messages in thread
From: Oren Laadan @ 2010-05-01 14:15 UTC (permalink / raw)
To: Andrew Morton
Cc: containers, linux-kernel, Serge Hallyn, Matt Helsley,
Pavel Emelyanov, Oren Laadan, linux-mm, linux-fsdevel
We now handle anonymous and file-mapped shared memory. Support for IPC
shared memory requires support for IPC first. We extend ckpt_write_vma()
to detect shared memory VMAs and handle it separately than private
memory.
There is not much to do for file-mapped shared memory, except to force
msync() on the region to ensure that the file system is consistent
with the checkpoint image. Use our internal type CKPT_VMA_SHM_FILE.
Anonymous shared memory is always backed by inode in shmem filesystem.
We use that inode to look up the VMA in the objhash and register it if
not found (on first encounter). In this case, the type of the VMA is
CKPT_VMA_SHM_ANON, and we dump the contents. On the other hand, if it is
found there, we must have already saved it before, so we change the
type to CKPT_VMA_SHM_ANON_SKIP and skip it.
To dump the contents of a shmem VMA, we loop through the pages of the
inode in the shmem filesystem, and dump the contents of each dirty
(allocated) page - unallocated pages must be clean.
Note that we save the original size of a shmem VMA because it may have
been re-mapped partially. The format itself remains like with private
VMAs, except that instead of addresses we record _indices_ (page nr)
into the backing inode.
During restore, the bulk of the work is in ckpt_read_vma(), which has
been refactored: the part that create the suitable 'struct file *' for
the mapping is now larger and moved to a separate function. What's
left is to read the VMA description, get the file pointer, create the
mapping, and proceed to read the contents in.
Both anonymous shared VMAs that have been read earlier (as indicated
by a look up to objhash) and file-mapped shared VMAs are skipped.
Anonymous shared VMAs seen for the first time have their contents read
in directly to the backing inode, as indexed by the page numbers (as
opposed to virtual addresses).
Changelog[v21]:
- Replace __initcall() with late_initcall()
- Merge shmem dump/restore into a single patch
- [Serge Hallyn] s390: Register inode checkpoint ops in a separate
__initcall since we don't need to be in the early init paths.
Also fixes a bug on s390 where CKPT_OBJ_INODE wouldn't get
registered because of early return predicated on hashdist.
Changelog[v19-rc3]:
- Rebase to kernel 2.6.33
Changelog[v19-rc1]:
- [Matt Helsley] Add cpp definitions for enums
Changelog[v18]:
- Mark the backing file as visited at chekcpoint
Cc: linux-mm@kvack.org
Cc: linux-fsdevel@vger.kernel.org
Signed-off-by: Oren Laadan <orenl@cs.columbia.edu>
Acked-by: Serge E. Hallyn <serue@us.ibm.com>
Tested-by: Serge E. Hallyn <serue@us.ibm.com>
---
fs/inode.c | 26 +++++
include/linux/checkpoint.h | 21 +++-
include/linux/checkpoint_hdr.h | 12 +++
include/linux/mm.h | 2 +
kernel/checkpoint/objhash.c | 2 +
mm/checkpoint.c | 209 +++++++++++++++++++++++++++++++++-------
mm/filemap.c | 52 ++++++++++-
mm/mmap.c | 2 +-
mm/shmem.c | 84 ++++++++++++++++
9 files changed, 368 insertions(+), 42 deletions(-)
diff --git a/fs/inode.c b/fs/inode.c
index 407bf39..3496c51 100644
--- a/fs/inode.c
+++ b/fs/inode.c
@@ -25,6 +25,7 @@
#include <linux/mount.h>
#include <linux/async.h>
#include <linux/posix_acl.h>
+#include <linux/checkpoint.h>
/*
* This is needed for the following functions:
@@ -1560,6 +1561,31 @@ void __init inode_init_early(void)
INIT_HLIST_HEAD(&inode_hashtable[loop]);
}
+#ifdef CONFIG_CHECKPOINT
+static int obj_inode_grab(void *ptr)
+{
+ return igrab((struct inode *) ptr) ? 0 : -EBADF;
+}
+
+static void obj_inode_drop(void *ptr, int lastref)
+{
+ iput((struct inode *) ptr);
+}
+
+static const struct ckpt_obj_ops ckpt_obj_inode_ops = {
+ .obj_name = "INODE",
+ .obj_type = CKPT_OBJ_INODE,
+ .ref_drop = obj_inode_drop,
+ .ref_grab = obj_inode_grab,
+};
+
+static int __init inode_checkpoint_init(void)
+{
+ return register_checkpoint_obj(&ckpt_obj_inode_ops);
+}
+late_initcall(inode_checkpoint_init);
+#endif
+
void __init inode_init(void)
{
int loop;
diff --git a/include/linux/checkpoint.h b/include/linux/checkpoint.h
index c9efeb3..24ad717 100644
--- a/include/linux/checkpoint.h
+++ b/include/linux/checkpoint.h
@@ -190,26 +190,35 @@ extern void ckpt_pgarr_free(struct ckpt_ctx *ctx);
extern int generic_vma_checkpoint(struct ckpt_ctx *ctx,
struct vm_area_struct *vma,
enum vma_type type,
- int vma_objref);
+ int vma_objref, int ino_objref);
extern int private_vma_checkpoint(struct ckpt_ctx *ctx,
struct vm_area_struct *vma,
enum vma_type type,
int vma_objref);
+extern int shmem_vma_checkpoint(struct ckpt_ctx *ctx,
+ struct vm_area_struct *vma,
+ enum vma_type type,
+ int ino_objref);
extern int checkpoint_obj_mm(struct ckpt_ctx *ctx, struct task_struct *t);
extern int restore_obj_mm(struct ckpt_ctx *ctx, int mm_objref);
extern int ckpt_collect_mm(struct ckpt_ctx *ctx, struct task_struct *t);
+extern unsigned long generic_vma_restore(struct mm_struct *mm,
+ struct file *file,
+ struct ckpt_hdr_vma *h);
+
extern int private_vma_restore(struct ckpt_ctx *ctx, struct mm_struct *mm,
struct file *file, struct ckpt_hdr_vma *h);
+extern int restore_memory_contents(struct ckpt_ctx *ctx, struct inode *inode);
+
-#define CKPT_VMA_NOT_SUPPORTED \
- (VM_SHARED | VM_MAYSHARE | VM_IO | VM_HUGETLB | \
- VM_NONLINEAR | VM_PFNMAP | VM_RESERVED | VM_NORESERVE \
- | VM_HUGETLB | VM_NONLINEAR | VM_MAPPED_COPY | \
- VM_INSERTPAGE | VM_MIXEDMAP | VM_SAO)
+#define CKPT_VMA_NOT_SUPPORTED \
+ (VM_IO | VM_HUGETLB | VM_NONLINEAR | VM_PFNMAP | \
+ VM_RESERVED | VM_NORESERVE | VM_HUGETLB | VM_NONLINEAR | \
+ VM_MAPPED_COPY | VM_INSERTPAGE | VM_MIXEDMAP | VM_SAO)
static inline int ckpt_validate_errno(int errno)
{
diff --git a/include/linux/checkpoint_hdr.h b/include/linux/checkpoint_hdr.h
index f2c67ee..86cab42 100644
--- a/include/linux/checkpoint_hdr.h
+++ b/include/linux/checkpoint_hdr.h
@@ -131,6 +131,8 @@ struct ckpt_hdr_objref {
enum obj_type {
CKPT_OBJ_IGNORE = 0,
#define CKPT_OBJ_IGNORE CKPT_OBJ_IGNORE
+ CKPT_OBJ_INODE,
+#define CKPT_OBJ_INODE CKPT_OBJ_INODE
CKPT_OBJ_FILE_TABLE,
#define CKPT_OBJ_FILE_TABLE CKPT_OBJ_FILE_TABLE
CKPT_OBJ_FILE,
@@ -224,6 +226,7 @@ struct ckpt_hdr_task {
/* task's shared resources */
struct ckpt_hdr_task_objs {
struct ckpt_hdr h;
+
__s32 files_objref;
__s32 mm_objref;
} __attribute__((aligned(8)));
@@ -322,6 +325,12 @@ enum vma_type {
#define CKPT_VMA_ANON CKPT_VMA_ANON
CKPT_VMA_FILE, /* private mapped file */
#define CKPT_VMA_FILE CKPT_VMA_FILE
+ CKPT_VMA_SHM_ANON, /* shared anonymous */
+#define CKPT_VMA_SHM_ANON CKPT_VMA_SHM_ANON
+ CKPT_VMA_SHM_ANON_SKIP, /* shared anonymous (skip contents) */
+#define CKPT_VMA_SHM_ANON_SKIP CKPT_VMA_SHM_ANON_SKIP
+ CKPT_VMA_SHM_FILE, /* shared mapped file, only msync */
+#define CKPT_VMA_SHM_FILE CKPT_VMA_SHM_FILE
CKPT_VMA_MAX
#define CKPT_VMA_MAX CKPT_VMA_MAX
};
@@ -331,6 +340,9 @@ struct ckpt_hdr_vma {
struct ckpt_hdr h;
__u32 vma_type;
__s32 vma_objref; /* objref of backing file */
+ __s32 ino_objref; /* objref of shared segment */
+ __u32 _padding;
+ __u64 ino_size; /* size of shared segment */
__u64 vm_start;
__u64 vm_end;
diff --git a/include/linux/mm.h b/include/linux/mm.h
index 5ebb781..31520e5 100644
--- a/include/linux/mm.h
+++ b/include/linux/mm.h
@@ -1331,6 +1331,8 @@ extern int filemap_restore(struct ckpt_ctx *ctx, struct mm_struct *mm,
struct ckpt_hdr_vma *hh);
extern int special_mapping_restore(struct ckpt_ctx *ctx, struct mm_struct *mm,
struct ckpt_hdr_vma *hh);
+extern int shmem_restore(struct ckpt_ctx *ctx, struct mm_struct *mm,
+ struct ckpt_hdr_vma *hh);
#endif
/* readahead.c */
diff --git a/kernel/checkpoint/objhash.c b/kernel/checkpoint/objhash.c
index 75bf2da..1d78dbf 100644
--- a/kernel/checkpoint/objhash.c
+++ b/kernel/checkpoint/objhash.c
@@ -15,6 +15,7 @@
#include <linux/module.h>
#include <linux/slab.h>
#include <linux/hash.h>
+#include <linux/file.h>
#include <linux/checkpoint.h>
struct ckpt_obj {
@@ -45,6 +46,7 @@ static const struct ckpt_obj_ops ckpt_obj_ignored_ops = {
.ref_grab = NULL,
};
+/* objects array */
static const struct ckpt_obj_ops *ckpt_obj_ops[CKPT_OBJ_MAX] = {
[CKPT_OBJ_IGNORE] = &ckpt_obj_ignored_ops,
};
diff --git a/mm/checkpoint.c b/mm/checkpoint.c
index d53025b..6d71180 100644
--- a/mm/checkpoint.c
+++ b/mm/checkpoint.c
@@ -22,6 +22,7 @@
#include <linux/pagemap.h>
#include <linux/mm_types.h>
#include <linux/proc_fs.h>
+#include <linux/swap.h>
#include <linux/checkpoint.h>
/*
@@ -227,6 +228,54 @@ static struct page *consider_private_page(struct vm_area_struct *vma,
}
/**
+ * consider_shared_page - return page pointer for dirty pages
+ * @ino - inode of shmem object
+ * @idx - page index in shmem object
+ *
+ * Looks up the page that corresponds to the index in the shmem object,
+ * and returns the page if it was modified (and grabs a reference to it),
+ * or otherwise returns NULL (or error).
+ */
+static struct page *consider_shared_page(struct inode *ino, unsigned long idx)
+{
+ struct page *page = NULL;
+ int ret;
+
+ /*
+ * Inspired by do_shmem_file_read(): very simplified version.
+ *
+ * FIXME: consolidate with do_shmem_file_read()
+ */
+
+ ret = shmem_getpage(ino, idx, &page, SGP_READ, NULL);
+ if (ret < 0)
+ return ERR_PTR(ret);
+
+ /*
+ * Only care about dirty pages; shmem_getpage() only returns
+ * pages that have been allocated, so they must be dirty. The
+ * pages returned are locked and referenced.
+ */
+
+ if (page) {
+ unlock_page(page);
+ /*
+ * If users can be writing to this page using arbitrary
+ * virtual addresses, take care about potential aliasing
+ * before reading the page on the kernel side.
+ */
+ if (mapping_writably_mapped(ino->i_mapping))
+ flush_dcache_page(page);
+ /*
+ * Mark the page accessed if we read the beginning.
+ */
+ mark_page_accessed(page);
+ }
+
+ return page;
+}
+
+/**
* vma_fill_pgarr - fill a page-array with addr/page tuples
* @ctx - checkpoint context
* @vma - vma to scan
@@ -235,16 +284,15 @@ static struct page *consider_private_page(struct vm_area_struct *vma,
* Returns the number of pages collected
*/
static int vma_fill_pgarr(struct ckpt_ctx *ctx,
- struct vm_area_struct *vma,
- unsigned long *start)
+ struct vm_area_struct *vma, struct inode *inode,
+ unsigned long *start, unsigned long end)
{
- unsigned long end = vma->vm_end;
unsigned long addr = *start;
struct ckpt_pgarr *pgarr;
int nr_used;
int cnt = 0;
- BUG_ON(vma->vm_flags & (VM_SHARED | VM_MAYSHARE));
+ BUG_ON(inode && vma);
if (vma)
down_read(&vma->vm_mm->mmap_sem);
@@ -260,7 +308,11 @@ static int vma_fill_pgarr(struct ckpt_ctx *ctx,
while (addr < end) {
struct page *page;
- page = consider_private_page(vma, addr);
+ if (vma)
+ page = consider_private_page(vma, addr);
+ else
+ page = consider_shared_page(inode, addr);
+
if (IS_ERR(page)) {
cnt = PTR_ERR(page);
goto out;
@@ -274,7 +326,10 @@ static int vma_fill_pgarr(struct ckpt_ctx *ctx,
pgarr->nr_used++;
}
- addr += PAGE_SIZE;
+ if (vma)
+ addr += PAGE_SIZE;
+ else
+ addr++;
if (pgarr_is_full(pgarr))
break;
@@ -341,23 +396,32 @@ static int vma_dump_pages(struct ckpt_ctx *ctx, int total)
}
/**
- * checkpoint_memory_contents - dump contents of a VMA with private memory
+ * checkpoint_memory_contents - dump contents of a memory region
* @ctx - checkpoint context
- * @vma - vma to scan
+ * @vma - vma to scan (--or--)
+ * @inode - inode to scan
*
* Collect lists of pages that needs to be dumped, and corresponding
* virtual addresses into ctx->pgarr_list page-array chain. Then dump
* the addresses, followed by the page contents.
*/
static int checkpoint_memory_contents(struct ckpt_ctx *ctx,
- struct vm_area_struct *vma)
+ struct vm_area_struct *vma,
+ struct inode *inode)
{
struct ckpt_hdr_pgarr *h;
unsigned long addr, end;
int cnt, ret;
- addr = vma->vm_start;
- end = vma->vm_end;
+ BUG_ON(vma && inode);
+
+ if (vma) {
+ addr = vma->vm_start;
+ end = vma->vm_end;
+ } else {
+ addr = 0;
+ end = PAGE_ALIGN(i_size_read(inode)) >> PAGE_CACHE_SHIFT;
+ }
/*
* Work iteratively, collecting and dumping at most CKPT_PGARR_BATCH
@@ -383,7 +447,7 @@ static int checkpoint_memory_contents(struct ckpt_ctx *ctx,
*/
while (addr < end) {
- cnt = vma_fill_pgarr(ctx, vma, &addr);
+ cnt = vma_fill_pgarr(ctx, vma, inode, &addr, end);
if (cnt == 0)
break;
else if (cnt < 0)
@@ -427,7 +491,7 @@ static int checkpoint_memory_contents(struct ckpt_ctx *ctx,
* @vma_objref: vma objref
*/
int generic_vma_checkpoint(struct ckpt_ctx *ctx, struct vm_area_struct *vma,
- enum vma_type type, int vma_objref)
+ enum vma_type type, int vma_objref, int ino_objref)
{
struct ckpt_hdr_vma *h;
int ret;
@@ -441,6 +505,13 @@ int generic_vma_checkpoint(struct ckpt_ctx *ctx, struct vm_area_struct *vma,
h->vma_type = type;
h->vma_objref = vma_objref;
+ h->ino_objref = ino_objref;
+
+ if (vma->vm_file)
+ h->ino_size = i_size_read(vma->vm_file->f_dentry->d_inode);
+ else
+ h->ino_size = 0;
+
h->vm_start = vma->vm_start;
h->vm_end = vma->vm_end;
h->vm_page_prot = pgprot_val(vma->vm_page_prot);
@@ -468,10 +539,37 @@ int private_vma_checkpoint(struct ckpt_ctx *ctx,
BUG_ON(vma->vm_flags & (VM_SHARED | VM_MAYSHARE));
- ret = generic_vma_checkpoint(ctx, vma, type, vma_objref);
+ ret = generic_vma_checkpoint(ctx, vma, type, vma_objref, 0);
+ if (ret < 0)
+ goto out;
+ ret = checkpoint_memory_contents(ctx, vma, NULL);
+ out:
+ return ret;
+}
+
+/**
+ * shmem_vma_checkpoint - dump contents of private (anon, file) vma
+ * @ctx: checkpoint context
+ * @vma: vma object
+ * @type: vma type
+ * @objref: vma object id
+ */
+int shmem_vma_checkpoint(struct ckpt_ctx *ctx, struct vm_area_struct *vma,
+ enum vma_type type, int ino_objref)
+{
+ struct file *file = vma->vm_file;
+ int ret;
+
+ ckpt_debug("type %d, ino_ref %d\n", type, ino_objref);
+ BUG_ON(!(vma->vm_flags & (VM_SHARED | VM_MAYSHARE)));
+ BUG_ON(!file);
+
+ ret = generic_vma_checkpoint(ctx, vma, type, 0, ino_objref);
if (ret < 0)
goto out;
- ret = checkpoint_memory_contents(ctx, vma);
+ if (type == CKPT_VMA_SHM_ANON_SKIP)
+ goto out;
+ ret = checkpoint_memory_contents(ctx, NULL, file->f_dentry->d_inode);
out:
return ret;
}
@@ -772,16 +870,39 @@ int restore_read_page(struct ckpt_ctx *ctx, struct page *page)
return 0;
}
+static struct page *bring_private_page(unsigned long addr)
+{
+ struct page *page;
+ int ret;
+
+ ret = get_user_pages(current, current->mm, addr, 1, 1, 1, &page, NULL);
+ if (ret < 0)
+ page = ERR_PTR(ret);
+ return page;
+}
+
+static struct page *bring_shared_page(unsigned long idx, struct inode *ino)
+{
+ struct page *page = NULL;
+ int ret;
+
+ ret = shmem_getpage(ino, idx, &page, SGP_WRITE, NULL);
+ if (ret < 0)
+ return ERR_PTR(ret);
+ if (page)
+ unlock_page(page);
+ return page;
+}
+
/**
* read_pages_contents - read in data of pages in page-array chain
* @ctx - restart context
*/
-static int read_pages_contents(struct ckpt_ctx *ctx)
+static int read_pages_contents(struct ckpt_ctx *ctx, struct inode *inode)
{
- struct mm_struct *mm = current->mm;
struct ckpt_pgarr *pgarr;
unsigned long *vaddrs;
- int i, ret = 0;
+ int i, ret;
list_for_each_entry_reverse(pgarr, &ctx->pgarr_list, list) {
vaddrs = pgarr->vaddrs;
@@ -791,11 +912,14 @@ static int read_pages_contents(struct ckpt_ctx *ctx)
/* TODO: do in chunks to reduce mmap_sem overhead */
_ckpt_debug(CKPT_DPAGE, "got page %#lx\n", vaddrs[i]);
down_read(¤t->mm->mmap_sem);
- ret = get_user_pages(current, mm, vaddrs[i],
- 1, 1, 1, &page, NULL);
+ if (inode)
+ page = bring_shared_page(vaddrs[i], inode);
+ else
+ page = bring_private_page(vaddrs[i]);
up_read(¤t->mm->mmap_sem);
- if (ret < 0)
- return ret;
+
+ if (IS_ERR(page))
+ return PTR_ERR(page);
ret = restore_read_page(ctx, page);
page_cache_release(page);
@@ -804,12 +928,13 @@ static int read_pages_contents(struct ckpt_ctx *ctx)
return ret;
}
}
- return ret;
+ return 0;
}
/**
- * restore_memory_contents - restore contents of a VMA with private memory
+ * restore_memory_contents - restore contents of a memory region
* @ctx - restart context
+ * @inode - backing inode
*
* Reads a header that specifies how many pages will follow, then reads
* a list of virtual addresses into ctx->pgarr_list page-array chain,
@@ -817,7 +942,7 @@ static int read_pages_contents(struct ckpt_ctx *ctx)
* these steps until reaching a header specifying "0" pages, which marks
* the end of the contents.
*/
-static int restore_memory_contents(struct ckpt_ctx *ctx)
+int restore_memory_contents(struct ckpt_ctx *ctx, struct inode *inode)
{
struct ckpt_hdr_pgarr *h;
unsigned long nr_pages;
@@ -844,7 +969,7 @@ static int restore_memory_contents(struct ckpt_ctx *ctx)
ret = read_pages_vaddrs(ctx, nr_pages);
if (ret < 0)
break;
- ret = read_pages_contents(ctx);
+ ret = read_pages_contents(ctx, inode);
if (ret < 0)
break;
pgarr_reset_all(ctx);
@@ -902,9 +1027,9 @@ static unsigned long calc_map_flags_bits(unsigned long orig_vm_flags)
* @file - file to map (NULL for anonymous)
* @h - vma header data
*/
-static unsigned long generic_vma_restore(struct mm_struct *mm,
- struct file *file,
- struct ckpt_hdr_vma *h)
+unsigned long generic_vma_restore(struct mm_struct *mm,
+ struct file *file,
+ struct ckpt_hdr_vma *h)
{
unsigned long vm_size, vm_start, vm_flags, vm_prot, vm_pgoff;
unsigned long addr;
@@ -949,7 +1074,7 @@ int private_vma_restore(struct ckpt_ctx *ctx, struct mm_struct *mm,
if (IS_ERR((void *) addr))
return PTR_ERR((void *) addr);
- return restore_memory_contents(ctx);
+ return restore_memory_contents(ctx, NULL);
}
/**
@@ -1005,6 +1130,24 @@ static struct restore_vma_ops restore_vma_ops[] = {
.vma_type = CKPT_VMA_FILE,
.restore = filemap_restore,
},
+ /* anonymous shared */
+ {
+ .vma_name = "ANON SHARED",
+ .vma_type = CKPT_VMA_SHM_ANON,
+ .restore = shmem_restore,
+ },
+ /* anonymous shared (skipped) */
+ {
+ .vma_name = "ANON SHARED (skip)",
+ .vma_type = CKPT_VMA_SHM_ANON_SKIP,
+ .restore = shmem_restore,
+ },
+ /* file-mapped shared */
+ {
+ .vma_name = "FILE SHARED",
+ .vma_type = CKPT_VMA_SHM_FILE,
+ .restore = filemap_restore,
+ },
};
/**
@@ -1022,15 +1165,15 @@ static int restore_vma(struct ckpt_ctx *ctx, struct mm_struct *mm)
if (IS_ERR(h))
return PTR_ERR(h);
- ckpt_debug("vma %#lx-%#lx flags %#lx type %d vmaref %d\n",
+ ckpt_debug("vma %#lx-%#lx flags %#lx type %d vmaref %d inoref %d\n",
(unsigned long) h->vm_start, (unsigned long) h->vm_end,
(unsigned long) h->vm_flags, (int) h->vma_type,
- (int) h->vma_objref);
+ (int) h->vma_objref, (int) h->ino_objref);
ret = -EINVAL;
if (h->vm_end < h->vm_start)
goto out;
- if (h->vma_objref < 0)
+ if (h->vma_objref < 0 || h->ino_objref < 0)
goto out;
if (h->vma_type >= CKPT_VMA_MAX)
goto out;
diff --git a/mm/filemap.c b/mm/filemap.c
index 24d4c54..3d6c497 100644
--- a/mm/filemap.c
+++ b/mm/filemap.c
@@ -1596,6 +1596,8 @@ int filemap_checkpoint(struct ckpt_ctx *ctx, struct vm_area_struct *vma)
{
struct file *file = vma->vm_file;
int vma_objref;
+ int ino_objref;
+ int first, ret;
if (vma->vm_flags & CKPT_VMA_NOT_SUPPORTED) {
pr_warning("c/r: unsupported VMA %#lx\n", vma->vm_flags);
@@ -1608,7 +1610,42 @@ int filemap_checkpoint(struct ckpt_ctx *ctx, struct vm_area_struct *vma)
if (vma_objref < 0)
return vma_objref;
- return private_vma_checkpoint(ctx, vma, CKPT_VMA_FILE, vma_objref);
+ if (vma->vm_flags & (VM_SHARED | VM_MAYSHARE)) {
+ /*
+ * Citing mmap(2): "Updates to the mapping are visible
+ * to other processes that map this file, and are
+ * carried through to the underlying file. The file
+ * may not actually be updated until msync(2) or
+ * munmap(2) is called"
+ *
+ * Citing msync(2): "Without use of this call there is
+ * no guarantee that changes are written back before
+ * munmap(2) is called."
+ *
+ * Force msync for region of shared mapped files, to
+ * ensure that that the file system is consistent with
+ * the checkpoint image. (inspired by sys_msync).
+ */
+
+ ino_objref = ckpt_obj_lookup_add(ctx, file->f_dentry->d_inode,
+ CKPT_OBJ_INODE, &first);
+ if (ino_objref < 0)
+ return ino_objref;
+
+ if (first) {
+ ret = vfs_fsync(file, file->f_path.dentry, 0);
+ if (ret < 0)
+ return ret;
+ }
+
+ ret = generic_vma_checkpoint(ctx, vma, CKPT_VMA_SHM_FILE,
+ vma_objref, ino_objref);
+ } else {
+ ret = private_vma_checkpoint(ctx, vma, CKPT_VMA_FILE,
+ vma_objref);
+ }
+
+ return ret;
}
EXPORT_SYMBOL(filemap_checkpoint);
@@ -1617,17 +1654,28 @@ int filemap_restore(struct ckpt_ctx *ctx,
struct ckpt_hdr_vma *h)
{
struct file *file;
+ unsigned long addr;
int ret;
if (h->vma_type == CKPT_VMA_FILE &&
(h->vm_flags & (VM_SHARED | VM_MAYSHARE)))
return -EINVAL;
+ if (h->vma_type == CKPT_VMA_SHM_FILE &&
+ !(h->vm_flags & (VM_SHARED | VM_MAYSHARE)))
+ return -EINVAL;
file = ckpt_obj_fetch(ctx, h->vma_objref, CKPT_OBJ_FILE);
if (IS_ERR(file))
return PTR_ERR(file);
- ret = private_vma_restore(ctx, mm, file, h);
+ if (h->vma_type == CKPT_VMA_FILE) {
+ /* private mapped file */
+ ret = private_vma_restore(ctx, mm, file, h);
+ } else {
+ /* shared mapped file */
+ addr = generic_vma_restore(mm, file, h);
+ ret = (IS_ERR((void *) addr) ? PTR_ERR((void *) addr) : 0);
+ }
return ret;
}
#endif
diff --git a/mm/mmap.c b/mm/mmap.c
index 9d4891f..ddbe589 100644
--- a/mm/mmap.c
+++ b/mm/mmap.c
@@ -2471,7 +2471,7 @@ static int special_mapping_checkpoint(struct ckpt_ctx *ctx,
if (!name || strcmp(name, "[vdso]"))
return -ENOSYS;
- return generic_vma_checkpoint(ctx, vma, CKPT_VMA_VDSO, 0);
+ return generic_vma_checkpoint(ctx, vma, CKPT_VMA_VDSO, 0, 0);
}
int special_mapping_restore(struct ckpt_ctx *ctx,
diff --git a/mm/shmem.c b/mm/shmem.c
index d93c394..1f361a6 100644
--- a/mm/shmem.c
+++ b/mm/shmem.c
@@ -29,6 +29,7 @@
#include <linux/mm.h>
#include <linux/module.h>
#include <linux/swap.h>
+#include <linux/checkpoint.h>
static struct vfsmount *shm_mnt;
@@ -2393,6 +2394,86 @@ static void shmem_destroy_inode(struct inode *inode)
kmem_cache_free(shmem_inode_cachep, SHMEM_I(inode));
}
+#ifdef CONFIG_CHECKPOINT
+static int shmem_checkpoint(struct ckpt_ctx *ctx, struct vm_area_struct *vma)
+{
+ enum vma_type vma_type;
+ int ino_objref;
+ int ret, first;
+
+ /* should be private anonymous ... verify that this is the case */
+ if (vma->vm_flags & CKPT_VMA_NOT_SUPPORTED) {
+ pr_warning("c/r: unsupported VMA %#lx\n", vma->vm_flags);
+ return -ENOSYS;
+ }
+
+ BUG_ON(!vma->vm_file);
+
+ /* we collected the file but we don't checkpoint it per-se */
+ ret = ckpt_obj_visit(ctx, vma->vm_file, CKPT_OBJ_FILE);
+ if (ret < 0)
+ return ret;
+
+ ino_objref = ckpt_obj_lookup_add(ctx, vma->vm_file->f_dentry->d_inode,
+ CKPT_OBJ_INODE, &first);
+ if (ino_objref < 0)
+ return ino_objref;
+
+ vma_type = (first ? CKPT_VMA_SHM_ANON : CKPT_VMA_SHM_ANON_SKIP);
+
+ return shmem_vma_checkpoint(ctx, vma, vma_type, ino_objref);
+}
+
+int shmem_restore(struct ckpt_ctx *ctx,
+ struct mm_struct *mm, struct ckpt_hdr_vma *h)
+{
+ unsigned long addr;
+ struct file *file;
+ int ret = 0;
+
+ file = ckpt_obj_try_fetch(ctx, h->ino_objref, CKPT_OBJ_FILE);
+ if (PTR_ERR(file) == -EINVAL)
+ file = NULL;
+ if (IS_ERR(file))
+ return PTR_ERR(file);
+
+ /* if file is NULL, this is the premiere - create and insert */
+ if (!file) {
+ if (h->vma_type != CKPT_VMA_SHM_ANON)
+ return -EINVAL;
+ /*
+ * in theory could pass NULL to mmap and let it create
+ * the file. But, if 'shm_size != vm_end - vm_start',
+ * or if 'vm_pgoff != 0', then the vma reflects only a
+ * portion of the shm object and we need to "manually"
+ * create the full shm object.
+ */
+ file = shmem_file_setup("/dev/zero", h->ino_size, h->vm_flags);
+ if (IS_ERR(file))
+ return PTR_ERR(file);
+ ret = ckpt_obj_insert(ctx, file, h->ino_objref, CKPT_OBJ_FILE);
+ if (ret < 0)
+ goto out;
+ } else {
+ if (h->vma_type != CKPT_VMA_SHM_ANON_SKIP)
+ return -EINVAL;
+ /* Already need fput() for the file above; keep path simple */
+ get_file(file);
+ }
+
+ addr = generic_vma_restore(mm, file, h);
+ if (IS_ERR((void *) addr))
+ return PTR_ERR((void *) addr);
+
+ if (h->vma_type == CKPT_VMA_SHM_ANON)
+ ret = restore_memory_contents(ctx, file->f_dentry->d_inode);
+ out:
+ fput(file);
+ return ret;
+}
+
+#endif /* CONFIG_CHECKPOINT */
+
static void init_once(void *foo)
{
struct shmem_inode_info *p = (struct shmem_inode_info *) foo;
@@ -2505,6 +2586,9 @@ static const struct vm_operations_struct shmem_vm_ops = {
.set_policy = shmem_set_policy,
.get_policy = shmem_get_policy,
#endif
+#ifdef CONFIG_CHECKPOINT
+ .checkpoint = shmem_checkpoint,
+#endif
};
--
1.6.3.3
^ permalink raw reply related [flat|nested] 137+ messages in thread* [PATCH v21 047/100] splice: export pipe/file-to-pipe/file functionality
2010-05-01 14:14 [PATCH v21 00/100] Kernel based checkpoint/restart Oren Laadan
` (45 preceding siblings ...)
2010-05-01 14:15 ` [PATCH v21 046/100] c/r: dump anonymous- and file-mapped- " Oren Laadan
@ 2010-05-01 14:15 ` Oren Laadan
2010-05-01 14:15 ` [PATCH v21 048/100] c/r: support for open pipes Oren Laadan
` (54 subsequent siblings)
101 siblings, 0 replies; 137+ messages in thread
From: Oren Laadan @ 2010-05-01 14:15 UTC (permalink / raw)
To: Andrew Morton
Cc: containers, linux-kernel, Serge Hallyn, Matt Helsley,
Pavel Emelyanov, Oren Laadan, linux-fsdevel
During pipes c/r pipes we need to save and restore pipe buffers. But
do_splice() requires two file descriptors, therefore we can't use it,
as we always have one file descriptor (checkpoint image) and one
pipe_inode_info.
This patch exports interfaces that work at the pipe_inode_info level,
namely link_pipe(), do_splice_to() and do_splice_from(). They are used
in the following patch to to save and restore pipe buffers without
unnecessary data copy.
It slightly modifies both do_splice_to() and do_splice_from() to
detect the case of pipe-to-pipe transfer, in which case they invoke
splice_pipe_to_pipe() directly.
Cc: linux-fsdevel@vger.kernel.org
Signed-off-by: Oren Laadan <orenl@cs.columbia.edu>
Acked-by: Serge E. Hallyn <serue@us.ibm.com>
Tested-by: Serge E. Hallyn <serue@us.ibm.com>
---
fs/splice.c | 61 ++++++++++++++++++++++++++++++++---------------
include/linux/splice.h | 9 +++++++
2 files changed, 50 insertions(+), 20 deletions(-)
diff --git a/fs/splice.c b/fs/splice.c
index 188e17d..ed91d7a 100644
--- a/fs/splice.c
+++ b/fs/splice.c
@@ -1037,18 +1037,43 @@ ssize_t generic_splice_sendpage(struct pipe_inode_info *pipe, struct file *out,
EXPORT_SYMBOL(generic_splice_sendpage);
/*
+ * After the inode slimming patch, i_pipe/i_bdev/i_cdev share the same
+ * location, so checking ->i_pipe is not enough to verify that this is a
+ * pipe.
+ */
+static inline struct pipe_inode_info *pipe_info(struct inode *inode)
+{
+ if (S_ISFIFO(inode->i_mode))
+ return inode->i_pipe;
+
+ return NULL;
+}
+
+static int splice_pipe_to_pipe(struct pipe_inode_info *ipipe,
+ struct pipe_inode_info *opipe,
+ size_t len, unsigned int flags);
+
+/*
* Attempt to initiate a splice from pipe to file.
*/
-static long do_splice_from(struct pipe_inode_info *pipe, struct file *out,
- loff_t *ppos, size_t len, unsigned int flags)
+long do_splice_from(struct pipe_inode_info *pipe, struct file *out,
+ loff_t *ppos, size_t len, unsigned int flags)
{
ssize_t (*splice_write)(struct pipe_inode_info *, struct file *,
loff_t *, size_t, unsigned int);
+ struct pipe_inode_info *opipe;
int ret;
if (unlikely(!(out->f_mode & FMODE_WRITE)))
return -EBADF;
+ /* When called directly (e.g. from c/r) output may be a pipe */
+ opipe = pipe_info(out->f_path.dentry->d_inode);
+ if (opipe) {
+ BUG_ON(opipe == pipe);
+ return splice_pipe_to_pipe(pipe, opipe, len, flags);
+ }
+
if (unlikely(out->f_flags & O_APPEND))
return -EINVAL;
@@ -1067,17 +1092,25 @@ static long do_splice_from(struct pipe_inode_info *pipe, struct file *out,
/*
* Attempt to initiate a splice from a file to a pipe.
*/
-static long do_splice_to(struct file *in, loff_t *ppos,
- struct pipe_inode_info *pipe, size_t len,
- unsigned int flags)
+long do_splice_to(struct file *in, loff_t *ppos,
+ struct pipe_inode_info *pipe, size_t len,
+ unsigned int flags)
{
ssize_t (*splice_read)(struct file *, loff_t *,
struct pipe_inode_info *, size_t, unsigned int);
+ struct pipe_inode_info *ipipe;
int ret;
if (unlikely(!(in->f_mode & FMODE_READ)))
return -EBADF;
+ /* When called firectly (e.g. from c/r) input may be a pipe */
+ ipipe = pipe_info(in->f_path.dentry->d_inode);
+ if (ipipe) {
+ BUG_ON(ipipe == pipe);
+ return splice_pipe_to_pipe(ipipe, pipe, len, flags);
+ }
+
ret = rw_verify_area(READ, in, ppos, len);
if (unlikely(ret < 0))
return ret;
@@ -1257,18 +1290,6 @@ long do_splice_direct(struct file *in, loff_t *ppos, struct file *out,
static int splice_pipe_to_pipe(struct pipe_inode_info *ipipe,
struct pipe_inode_info *opipe,
size_t len, unsigned int flags);
-/*
- * After the inode slimming patch, i_pipe/i_bdev/i_cdev share the same
- * location, so checking ->i_pipe is not enough to verify that this is a
- * pipe.
- */
-static inline struct pipe_inode_info *pipe_info(struct inode *inode)
-{
- if (S_ISFIFO(inode->i_mode))
- return inode->i_pipe;
-
- return NULL;
-}
/*
* Determine where to splice to/from.
@@ -1873,9 +1894,9 @@ retry:
/*
* Link contents of ipipe to opipe.
*/
-static int link_pipe(struct pipe_inode_info *ipipe,
- struct pipe_inode_info *opipe,
- size_t len, unsigned int flags)
+int link_pipe(struct pipe_inode_info *ipipe,
+ struct pipe_inode_info *opipe,
+ size_t len, unsigned int flags)
{
struct pipe_buffer *ibuf, *obuf;
int ret = 0, i = 0, nbuf;
diff --git a/include/linux/splice.h b/include/linux/splice.h
index 18e7c7c..431662c 100644
--- a/include/linux/splice.h
+++ b/include/linux/splice.h
@@ -82,4 +82,13 @@ extern ssize_t splice_to_pipe(struct pipe_inode_info *,
extern ssize_t splice_direct_to_actor(struct file *, struct splice_desc *,
splice_direct_actor *);
+extern int link_pipe(struct pipe_inode_info *ipipe,
+ struct pipe_inode_info *opipe,
+ size_t len, unsigned int flags);
+extern long do_splice_to(struct file *in, loff_t *ppos,
+ struct pipe_inode_info *pipe, size_t len,
+ unsigned int flags);
+extern long do_splice_from(struct pipe_inode_info *pipe, struct file *out,
+ loff_t *ppos, size_t len, unsigned int flags);
+
#endif
--
1.6.3.3
^ permalink raw reply related [flat|nested] 137+ messages in thread* [PATCH v21 048/100] c/r: support for open pipes
2010-05-01 14:14 [PATCH v21 00/100] Kernel based checkpoint/restart Oren Laadan
` (46 preceding siblings ...)
2010-05-01 14:15 ` [PATCH v21 047/100] splice: export pipe/file-to-pipe/file functionality Oren Laadan
@ 2010-05-01 14:15 ` Oren Laadan
2010-05-01 14:15 ` [PATCH v21 049/100] c/r: checkpoint and restore FIFOs Oren Laadan
` (53 subsequent siblings)
101 siblings, 0 replies; 137+ messages in thread
From: Oren Laadan @ 2010-05-01 14:15 UTC (permalink / raw)
To: Andrew Morton
Cc: containers, linux-kernel, Serge Hallyn, Matt Helsley,
Pavel Emelyanov, Oren Laadan, linux-fsdevel
A pipe is a double-headed inode with a buffer attached to it. We
checkpoint the pipe buffer only once, as soon as we hit one side of
the pipe, regardless whether it is read- or write- end.
To checkpoint a file descriptor that refers to a pipe (either end), we
first lookup the inode in the hash table: If not found, it is the
first encounter of this pipe. Besides the file descriptor, we also (a)
save the pipe data, and (b) register the pipe inode in the hash. If
found, it is the second encounter of this pipe, namely, as we hit the
other end of the same pipe. In both cases we write the pipe-objref of
the inode.
To restore, create a new pipe and thus have two file pointers (read-
and write- ends). We only use one of them, depending on which side was
checkpointed first. We register the file pointer of the other end in
the hash table, with the pipe_objref given for this pipe from the
checkpoint, to be used later when the other arrives. At this point we
also restore the contents of the pipe buffers.
To save the pipe buffer, given a source pipe, use do_tee() to clone
its contents into a temporary 'struct pipe_inode_info', and then use
do_splice_from() to transfer it directly to the checkpoint image file.
To restore the pipe buffer, with a fresh newly allocated target pipe,
use do_splice_to() to splice the data directly between the checkpoint
image file and the pipe.
Changelog[v21]:
- Put file_ops->checkpoint under CONFIG_CHECKPOINT
Changelog[v19-rc1]:
- Switch to ckpt_obj_try_fetch()
- [Matt Helsley] Add cpp definitions for enums
Changelog[v18]:
- Adjust format of pipe buffer to include the mandatory pre-header
Changelog[v17]:
- Forward-declare 'ckpt_ctx' et-al, don't use checkpoint_types.h
Cc: linux-fsdevel@vger.kernel.org
Signed-off-by: Oren Laadan <orenl@cs.columbia.edu>
Acked-by: Serge E. Hallyn <serue@us.ibm.com>
Tested-by: Serge E. Hallyn <serue@us.ibm.com>
---
fs/checkpoint.c | 7 ++
fs/pipe.c | 161 ++++++++++++++++++++++++++++++++++++++++
include/linux/checkpoint_hdr.h | 9 ++
include/linux/pipe_fs_i.h | 8 ++
4 files changed, 185 insertions(+), 0 deletions(-)
diff --git a/fs/checkpoint.c b/fs/checkpoint.c
index 95a51e9..e840d8a 100644
--- a/fs/checkpoint.c
+++ b/fs/checkpoint.c
@@ -17,6 +17,7 @@
#include <linux/file.h>
#include <linux/fdtable.h>
#include <linux/fsnotify.h>
+#include <linux/pipe_fs_i.h>
#include <linux/syscalls.h>
#include <linux/deferqueue.h>
#include <linux/checkpoint.h>
@@ -586,6 +587,12 @@ static struct restore_file_ops restore_file_ops[] = {
.file_type = CKPT_FILE_GENERIC,
.restore = generic_file_restore,
},
+ /* pipes */
+ {
+ .file_name = "PIPE",
+ .file_type = CKPT_FILE_PIPE,
+ .restore = pipe_file_restore,
+ },
};
static void *restore_file(struct ckpt_ctx *ctx)
diff --git a/fs/pipe.c b/fs/pipe.c
index 37ba29f..801aad9 100644
--- a/fs/pipe.c
+++ b/fs/pipe.c
@@ -13,11 +13,13 @@
#include <linux/fs.h>
#include <linux/mount.h>
#include <linux/pipe_fs_i.h>
+#include <linux/splice.h>
#include <linux/uio.h>
#include <linux/highmem.h>
#include <linux/pagemap.h>
#include <linux/audit.h>
#include <linux/syscalls.h>
+#include <linux/checkpoint.h>
#include <asm/uaccess.h>
#include <asm/ioctls.h>
@@ -828,6 +830,156 @@ pipe_rdwr_open(struct inode *inode, struct file *filp)
return ret;
}
+#ifdef CONFIG_CHECKPOINT
+static int checkpoint_pipe(struct ckpt_ctx *ctx, struct inode *inode)
+{
+ struct pipe_inode_info *pipe;
+ int len, ret = -ENOMEM;
+
+ pipe = alloc_pipe_info(NULL);
+ if (!pipe)
+ return ret;
+
+ pipe->readers = 1; /* bluff link_pipe() below */
+ len = link_pipe(inode->i_pipe, pipe, INT_MAX, SPLICE_F_NONBLOCK);
+ if (len == -EAGAIN)
+ len = 0;
+ if (len < 0) {
+ ret = len;
+ goto out;
+ }
+
+ ret = ckpt_write_obj_type(ctx, NULL, len, CKPT_HDR_PIPE_BUF);
+ if (ret < 0)
+ goto out;
+
+ ret = do_splice_from(pipe, ctx->file, &ctx->file->f_pos, len, 0);
+ if (ret < 0)
+ goto out;
+ if (ret != len)
+ ret = -EPIPE; /* can occur due to an error in target file */
+ out:
+ __free_pipe_info(pipe);
+ return ret;
+}
+
+static int pipe_file_checkpoint(struct ckpt_ctx *ctx, struct file *file)
+{
+ struct ckpt_hdr_file_pipe *h;
+ struct inode *inode = file->f_dentry->d_inode;
+ int objref, first, ret;
+
+ objref = ckpt_obj_lookup_add(ctx, inode, CKPT_OBJ_INODE, &first);
+ if (objref < 0)
+ return objref;
+
+ h = ckpt_hdr_get_type(ctx, sizeof(*h), CKPT_HDR_FILE);
+ if (!h)
+ return -ENOMEM;
+
+ h->common.f_type = CKPT_FILE_PIPE;
+ h->pipe_objref = objref;
+
+ ret = checkpoint_file_common(ctx, file, &h->common);
+ if (ret < 0)
+ goto out;
+ ret = ckpt_write_obj(ctx, &h->common.h);
+ if (ret < 0)
+ goto out;
+
+ if (first)
+ ret = checkpoint_pipe(ctx, inode);
+ out:
+ ckpt_hdr_put(ctx, h);
+ return ret;
+}
+
+static int restore_pipe(struct ckpt_ctx *ctx, struct file *file)
+{
+ struct pipe_inode_info *pipe;
+ int len, ret;
+
+ len = _ckpt_read_obj_type(ctx, NULL, 0, CKPT_HDR_PIPE_BUF);
+ if (len < 0)
+ return len;
+
+ pipe = file->f_dentry->d_inode->i_pipe;
+ ret = do_splice_to(ctx->file, &ctx->file->f_pos, pipe, len, 0);
+
+ if (ret >= 0 && ret != len)
+ ret = -EPIPE; /* can occur due to an error in source file */
+
+ return ret;
+}
+
+struct file *pipe_file_restore(struct ckpt_ctx *ctx, struct ckpt_hdr_file *ptr)
+{
+ struct ckpt_hdr_file_pipe *h = (struct ckpt_hdr_file_pipe *) ptr;
+ struct file *file;
+ int fds[2], which, ret;
+
+ if (ptr->h.type != CKPT_HDR_FILE ||
+ ptr->h.len != sizeof(*h) || ptr->f_type != CKPT_FILE_PIPE)
+ return ERR_PTR(-EINVAL);
+
+ if (h->pipe_objref <= 0)
+ return ERR_PTR(-EINVAL);
+
+ file = ckpt_obj_try_fetch(ctx, h->pipe_objref, CKPT_OBJ_FILE);
+ /*
+ * If ckpt_obj_try_fetch() returned ERR_PTR(-EINVAL), then this is
+ * the first time we see this pipe so need to restore the
+ * contents. Otherwise, use the file pointer skip forward.
+ */
+ if (!IS_ERR(file)) {
+ get_file(file);
+ } else if (PTR_ERR(file) == -EINVAL) {
+ /* first encounter of this pipe: create it */
+ ret = do_pipe_flags(fds, 0);
+ if (ret < 0)
+ return file;
+
+ which = (ptr->f_flags & O_WRONLY ? 1 : 0);
+ /*
+ * Below we return the file corersponding to one side
+ * of the pipe for our caller to use. Now insert the
+ * other side of the pipe to the hash, to be picked up
+ * when that side is restored.
+ */
+ file = fget(fds[1-which]); /* the 'other' side */
+ if (!file) /* this should _never_ happen ! */
+ return ERR_PTR(-EBADF);
+ ret = ckpt_obj_insert(ctx, file, h->pipe_objref, CKPT_OBJ_FILE);
+ if (ret < 0)
+ goto out;
+
+ ret = restore_pipe(ctx, file);
+ fput(file);
+ if (ret < 0)
+ return ERR_PTR(ret);
+
+ file = fget(fds[which]); /* 'this' side */
+ if (!file) /* this should _never_ happen ! */
+ return ERR_PTR(-EBADF);
+
+ /* get rid of the file descriptors (caller sets that) */
+ sys_close(fds[which]);
+ sys_close(fds[1-which]);
+ } else {
+ return file;
+ }
+
+ ret = restore_file_common(ctx, file, ptr);
+ out:
+ if (ret < 0) {
+ fput(file);
+ file = ERR_PTR(ret);
+ }
+
+ return file;
+}
+#endif /* CONFIG_CHECKPOINT */
+
/*
* The file_operations structs are not static because they
* are also used in linux/fs/fifo.c to do operations on FIFOs.
@@ -844,6 +996,9 @@ const struct file_operations read_pipefifo_fops = {
.open = pipe_read_open,
.release = pipe_read_release,
.fasync = pipe_read_fasync,
+#ifdef CONFIG_CHECKPOINT
+ .checkpoint = pipe_file_checkpoint,
+#endif
};
const struct file_operations write_pipefifo_fops = {
@@ -856,6 +1011,9 @@ const struct file_operations write_pipefifo_fops = {
.open = pipe_write_open,
.release = pipe_write_release,
.fasync = pipe_write_fasync,
+#ifdef CONFIG_CHECKPOINT
+ .checkpoint = pipe_file_checkpoint,
+#endif
};
const struct file_operations rdwr_pipefifo_fops = {
@@ -869,6 +1027,9 @@ const struct file_operations rdwr_pipefifo_fops = {
.open = pipe_rdwr_open,
.release = pipe_rdwr_release,
.fasync = pipe_rdwr_fasync,
+#ifdef CONFIG_CHECKPOINT
+ .checkpoint = pipe_file_checkpoint,
+#endif
};
struct pipe_inode_info * alloc_pipe_info(struct inode *inode)
diff --git a/include/linux/checkpoint_hdr.h b/include/linux/checkpoint_hdr.h
index 86cab42..50ef2b6 100644
--- a/include/linux/checkpoint_hdr.h
+++ b/include/linux/checkpoint_hdr.h
@@ -95,6 +95,8 @@ enum {
#define CKPT_HDR_FILE_NAME CKPT_HDR_FILE_NAME
CKPT_HDR_FILE,
#define CKPT_HDR_FILE CKPT_HDR_FILE
+ CKPT_HDR_PIPE_BUF,
+#define CKPT_HDR_PIPE_BUF CKPT_HDR_PIPE_BUF
CKPT_HDR_MM = 401,
#define CKPT_HDR_MM CKPT_HDR_MM
@@ -282,6 +284,8 @@ enum file_type {
#define CKPT_FILE_IGNORE CKPT_FILE_IGNORE
CKPT_FILE_GENERIC,
#define CKPT_FILE_GENERIC CKPT_FILE_GENERIC
+ CKPT_FILE_PIPE,
+#define CKPT_FILE_PIPE CKPT_FILE_PIPE
CKPT_FILE_MAX
#define CKPT_FILE_MAX CKPT_FILE_MAX
};
@@ -301,6 +305,11 @@ struct ckpt_hdr_file_generic {
struct ckpt_hdr_file common;
} __attribute__((aligned(8)));
+struct ckpt_hdr_file_pipe {
+ struct ckpt_hdr_file common;
+ __s32 pipe_objref;
+} __attribute__((aligned(8)));
+
/* memory layout */
struct ckpt_hdr_mm {
struct ckpt_hdr h;
diff --git a/include/linux/pipe_fs_i.h b/include/linux/pipe_fs_i.h
index b43a9e0..e526a12 100644
--- a/include/linux/pipe_fs_i.h
+++ b/include/linux/pipe_fs_i.h
@@ -154,4 +154,12 @@ int generic_pipe_buf_confirm(struct pipe_inode_info *, struct pipe_buffer *);
int generic_pipe_buf_steal(struct pipe_inode_info *, struct pipe_buffer *);
void generic_pipe_buf_release(struct pipe_inode_info *, struct pipe_buffer *);
+/* checkpoint/restart */
+#ifdef CONFIG_CHECKPOINT
+struct ckpt_ctx;
+struct ckpt_hdr_file;
+extern struct file *pipe_file_restore(struct ckpt_ctx *ctx,
+ struct ckpt_hdr_file *ptr);
+#endif
+
#endif
--
1.6.3.3
^ permalink raw reply related [flat|nested] 137+ messages in thread* [PATCH v21 049/100] c/r: checkpoint and restore FIFOs
2010-05-01 14:14 [PATCH v21 00/100] Kernel based checkpoint/restart Oren Laadan
` (47 preceding siblings ...)
2010-05-01 14:15 ` [PATCH v21 048/100] c/r: support for open pipes Oren Laadan
@ 2010-05-01 14:15 ` Oren Laadan
2010-05-01 14:15 ` [PATCH v21 050/100] c/r: refuse to checkpoint if monitoring directories with dnotify Oren Laadan
` (52 subsequent siblings)
101 siblings, 0 replies; 137+ messages in thread
From: Oren Laadan @ 2010-05-01 14:15 UTC (permalink / raw)
To: Andrew Morton
Cc: containers, linux-kernel, Serge Hallyn, Matt Helsley,
Pavel Emelyanov, Oren Laadan, linux-fsdevel
FIFOs are almost like pipes.
Checkpoints adds the FIFO pathname. The first time the FIFO is found
it also assigns an @objref and dumps the contents in the buffers.
To restore, use the @objref only to determine whether a particular
FIFO has already been restored earlier. Note that it ignores the file
pointer that matches that @objref (unlike with pipes, where that file
corresponds to the other end of the pipe). Instead, it creates a new
FIFO using the saved pathname.
Changelog [v21]:
- Put file_ops->checkpoint under CONFIG_CHECKPOINT
Changelog [v19-rc3]:
- Rebase to kernel 2.6.33
Changelog [v19-rc1]:
- Switch to ckpt_obj_try_fetch()
- [Matt Helsley] Add cpp definitions for enums
Cc: linux-fsdevel@vger.kernel.org
Signed-off-by: Oren Laadan <orenl@cs.columbia.edu>
Acked-by: Serge E. Hallyn <serue@us.ibm.com>
Tested-by: Serge E. Hallyn <serue@us.ibm.com>
---
fs/checkpoint.c | 6 +++
fs/pipe.c | 80 +++++++++++++++++++++++++++++++++++++++-
include/linux/checkpoint_hdr.h | 2 +
include/linux/pipe_fs_i.h | 2 +
4 files changed, 89 insertions(+), 1 deletions(-)
diff --git a/fs/checkpoint.c b/fs/checkpoint.c
index e840d8a..06f1130 100644
--- a/fs/checkpoint.c
+++ b/fs/checkpoint.c
@@ -593,6 +593,12 @@ static struct restore_file_ops restore_file_ops[] = {
.file_type = CKPT_FILE_PIPE,
.restore = pipe_file_restore,
},
+ /* fifo */
+ {
+ .file_name = "FIFO",
+ .file_type = CKPT_FILE_FIFO,
+ .restore = fifo_file_restore,
+ },
};
static void *restore_file(struct ckpt_ctx *ctx)
diff --git a/fs/pipe.c b/fs/pipe.c
index 801aad9..7f00e58 100644
--- a/fs/pipe.c
+++ b/fs/pipe.c
@@ -830,6 +830,8 @@ pipe_rdwr_open(struct inode *inode, struct file *filp)
return ret;
}
+static struct vfsmount *pipe_mnt __read_mostly;
+
#ifdef CONFIG_CHECKPOINT
static int checkpoint_pipe(struct ckpt_ctx *ctx, struct inode *inode)
{
@@ -877,7 +879,11 @@ static int pipe_file_checkpoint(struct ckpt_ctx *ctx, struct file *file)
if (!h)
return -ENOMEM;
- h->common.f_type = CKPT_FILE_PIPE;
+ /* fifo and pipe are similar at checkpoint, differ on restore */
+ if (inode->i_sb == pipe_mnt->mnt_sb)
+ h->common.f_type = CKPT_FILE_PIPE;
+ else
+ h->common.f_type = CKPT_FILE_FIFO;
h->pipe_objref = objref;
ret = checkpoint_file_common(ctx, file, &h->common);
@@ -887,6 +893,13 @@ static int pipe_file_checkpoint(struct ckpt_ctx *ctx, struct file *file)
if (ret < 0)
goto out;
+ /* FIFO also needs a file name */
+ if (h->common.f_type == CKPT_FILE_FIFO) {
+ ret = checkpoint_fname(ctx, &file->f_path, &ctx->root_fs_path);
+ if (ret < 0)
+ goto out;
+ }
+
if (first)
ret = checkpoint_pipe(ctx, inode);
out:
@@ -978,6 +991,71 @@ struct file *pipe_file_restore(struct ckpt_ctx *ctx, struct ckpt_hdr_file *ptr)
return file;
}
+
+struct file *fifo_file_restore(struct ckpt_ctx *ctx, struct ckpt_hdr_file *ptr)
+{
+ struct ckpt_hdr_file_pipe *h = (struct ckpt_hdr_file_pipe *) ptr;
+ struct file *file;
+ int first, ret;
+
+ if (ptr->h.type != CKPT_HDR_FILE ||
+ ptr->h.len != sizeof(*h) || ptr->f_type != CKPT_FILE_FIFO)
+ return ERR_PTR(-EINVAL);
+
+ if (h->pipe_objref <= 0)
+ return ERR_PTR(-EINVAL);
+
+ /*
+ * If ckpt_obj_try_fetch() returned ERR_PTR(-EINVAL), this is the
+ * first time for this fifo.
+ */
+ file = ckpt_obj_try_fetch(ctx, h->pipe_objref, CKPT_OBJ_FILE);
+ if (!IS_ERR(file))
+ first = 0;
+ else if (PTR_ERR(file) == -EINVAL)
+ first = 1;
+ else
+ return file;
+
+ /*
+ * To avoid blocking, always open the fifo with O_RDWR;
+ * then fix flags below.
+ */
+ file = restore_open_fname(ctx, (ptr->f_flags & ~O_ACCMODE) | O_RDWR);
+ if (IS_ERR(file))
+ return file;
+
+ if ((ptr->f_flags & O_ACCMODE) == O_RDONLY) {
+ file->f_flags = (file->f_flags & ~O_ACCMODE) | O_RDONLY;
+ file->f_mode &= ~FMODE_WRITE;
+ } else if ((ptr->f_flags & O_ACCMODE) == O_WRONLY) {
+ file->f_flags = (file->f_flags & ~O_ACCMODE) | O_WRONLY;
+ file->f_mode &= ~FMODE_READ;
+ } else if ((ptr->f_flags & O_ACCMODE) != O_RDWR) {
+ ret = -EINVAL;
+ goto out;
+ }
+
+ /* first time: add to objhash and restore fifo's contents */
+ if (first) {
+ ret = ckpt_obj_insert(ctx, file, h->pipe_objref, CKPT_OBJ_FILE);
+ if (ret < 0)
+ goto out;
+
+ ret = restore_pipe(ctx, file);
+ if (ret < 0)
+ goto out;
+ }
+
+ ret = restore_file_common(ctx, file, ptr);
+ out:
+ if (ret < 0) {
+ fput(file);
+ file = ERR_PTR(ret);
+ }
+
+ return file;
+}
#endif /* CONFIG_CHECKPOINT */
/*
diff --git a/include/linux/checkpoint_hdr.h b/include/linux/checkpoint_hdr.h
index 50ef2b6..fbcbee7 100644
--- a/include/linux/checkpoint_hdr.h
+++ b/include/linux/checkpoint_hdr.h
@@ -286,6 +286,8 @@ enum file_type {
#define CKPT_FILE_GENERIC CKPT_FILE_GENERIC
CKPT_FILE_PIPE,
#define CKPT_FILE_PIPE CKPT_FILE_PIPE
+ CKPT_FILE_FIFO,
+#define CKPT_FILE_FIFO CKPT_FILE_FIFO
CKPT_FILE_MAX
#define CKPT_FILE_MAX CKPT_FILE_MAX
};
diff --git a/include/linux/pipe_fs_i.h b/include/linux/pipe_fs_i.h
index e526a12..596403e 100644
--- a/include/linux/pipe_fs_i.h
+++ b/include/linux/pipe_fs_i.h
@@ -160,6 +160,8 @@ struct ckpt_ctx;
struct ckpt_hdr_file;
extern struct file *pipe_file_restore(struct ckpt_ctx *ctx,
struct ckpt_hdr_file *ptr);
+extern struct file *fifo_file_restore(struct ckpt_ctx *ctx,
+ struct ckpt_hdr_file *ptr);
#endif
#endif
--
1.6.3.3
^ permalink raw reply related [flat|nested] 137+ messages in thread* [PATCH v21 050/100] c/r: refuse to checkpoint if monitoring directories with dnotify
2010-05-01 14:14 [PATCH v21 00/100] Kernel based checkpoint/restart Oren Laadan
` (48 preceding siblings ...)
2010-05-01 14:15 ` [PATCH v21 049/100] c/r: checkpoint and restore FIFOs Oren Laadan
@ 2010-05-01 14:15 ` Oren Laadan
2010-05-01 14:15 ` [PATCH v21 051/100] c/r: make ckpt_may_checkpoint_task() check each namespace individually Oren Laadan
` (51 subsequent siblings)
101 siblings, 0 replies; 137+ messages in thread
From: Oren Laadan @ 2010-05-01 14:15 UTC (permalink / raw)
To: Andrew Morton
Cc: containers, linux-kernel, Serge Hallyn, Matt Helsley,
Pavel Emelyanov, linux-fsdevel
From: Matt Helsley <matthltc@us.ibm.com>
We do not support restarting fsnotify watches. inotify and fanotify utilize
anon_inodes for pseudofiles which lack the .checkpoint operation. So they
already cleanly prevent checkpoint. dnotify on the other hand registers
its watches using fcntl() which does not require the userspace task to
hold an fd with an empty .checkpoint operation. This means userspace
could use dnotify to set up fsnotify watches which won't be re-created during
restart.
Check for fsnotify watches created with dnotify and reject checkpoint
if there are any.
Changelog [v21]:
- [Stanislav O. Bezzubtsev] Fix omitted parameter name error
Cc: linux-fsdevel@vger.kernel.org
Signed-off-by: Matt Helsley <matthltc@us.ibm.com>
Acked-by: Oren Laadan <orenl@cs.columbia.edu>
Acked-by: Serge E. Hallyn <serue@us.ibm.com>
Tested-by: Serge E. Hallyn <serue@us.ibm.com>
---
fs/checkpoint.c | 5 +++++
fs/notify/dnotify/dnotify.c | 18 ++++++++++++++++++
include/linux/dnotify.h | 6 ++++++
3 files changed, 29 insertions(+), 0 deletions(-)
diff --git a/fs/checkpoint.c b/fs/checkpoint.c
index 06f1130..874be00 100644
--- a/fs/checkpoint.c
+++ b/fs/checkpoint.c
@@ -206,6 +206,11 @@ static int checkpoint_file(struct ckpt_ctx *ctx, void *ptr)
return -EBADF;
}
+ if (is_dnotify_attached(file)) {
+ ckpt_err(ctx, -EBADF, "%(T)%(P)dnotify unsupported\n", file);
+ return -EBADF;
+ }
+
ret = file->f_op->checkpoint(ctx, file);
if (ret < 0)
ckpt_err(ctx, ret, "%(T)%(P)file checkpoint failed\n", file);
diff --git a/fs/notify/dnotify/dnotify.c b/fs/notify/dnotify/dnotify.c
index 7e54e52..0a63bf6 100644
--- a/fs/notify/dnotify/dnotify.c
+++ b/fs/notify/dnotify/dnotify.c
@@ -289,6 +289,24 @@ static int attach_dn(struct dnotify_struct *dn, struct dnotify_mark_entry *dnent
return 0;
}
+int is_dnotify_attached(struct file *filp)
+{
+ struct fsnotify_mark_entry *entry;
+ struct inode *inode;
+
+ inode = filp->f_path.dentry->d_inode;
+ if (!S_ISDIR(inode->i_mode))
+ return 0;
+
+ spin_lock(&inode->i_lock);
+ entry = fsnotify_find_mark_entry(dnotify_group, inode);
+ spin_unlock(&inode->i_lock);
+ if (!entry)
+ return 0;
+ fsnotify_put_mark(entry);
+ return 1;
+}
+
/*
* When a process calls fcntl to attach a dnotify watch to a directory it ends
* up here. Allocate both a mark for fsnotify to add and a dnotify_struct to be
diff --git a/include/linux/dnotify.h b/include/linux/dnotify.h
index ecc0628..7093052 100644
--- a/include/linux/dnotify.h
+++ b/include/linux/dnotify.h
@@ -29,6 +29,7 @@ struct dnotify_struct {
FS_MOVED_FROM | FS_MOVED_TO)
extern void dnotify_flush(struct file *, fl_owner_t);
+extern int is_dnotify_attached(struct file *);
extern int fcntl_dirnotify(int, struct file *, unsigned long);
#else
@@ -37,6 +38,11 @@ static inline void dnotify_flush(struct file *filp, fl_owner_t id)
{
}
+static inline int is_dnotify_attached(struct file *filp)
+{
+ return 0;
+}
+
static inline int fcntl_dirnotify(int fd, struct file *filp, unsigned long arg)
{
return -EINVAL;
--
1.6.3.3
^ permalink raw reply related [flat|nested] 137+ messages in thread* [PATCH v21 051/100] c/r: make ckpt_may_checkpoint_task() check each namespace individually
2010-05-01 14:14 [PATCH v21 00/100] Kernel based checkpoint/restart Oren Laadan
` (49 preceding siblings ...)
2010-05-01 14:15 ` [PATCH v21 050/100] c/r: refuse to checkpoint if monitoring directories with dnotify Oren Laadan
@ 2010-05-01 14:15 ` Oren Laadan
2010-05-01 14:15 ` [PATCH v21 052/100] c/r: support for UTS namespace Oren Laadan
` (50 subsequent siblings)
101 siblings, 0 replies; 137+ messages in thread
From: Oren Laadan @ 2010-05-01 14:15 UTC (permalink / raw)
To: Andrew Morton
Cc: containers, linux-kernel, Serge Hallyn, Matt Helsley,
Pavel Emelyanov, Oren Laadan
For a given namespace type, say XXX, if a checkpoint was taken on a
CONFIG_XXX_NS system, is restarted on a !CONFIG_XXX_NS, then ensure
that:
1) The global settings of the global (init) namespace do not get
overwritten. Creating new objects in that namespace is ok, as long as
the request identifier is available.
2) All restarting tasks use a single namespace - because it is
impossible to create additional namespaces to accommodate for what had
been checkpointed.
Original patch introducing nsproxy c/r by Dan Smith <danms@us.ibm.com>
Chagnelog[v19]:
- Restart to handle checkpoint images lacking {uts,ipc}-ns
Chagnelog[v19-rc1]:
- [Matt Helsley] Add cpp definitions for enums
Chagnelog[v18]:
- Add a few more ckpt_write_err()s
Chagnelog[v17]:
- Only collect sub-objects of struct_nsproxy once.
- Restore namespace pieces directly instead of using sys_unshare()
- Proper handling of restart from namespace(s) without namespace(s)
Signed-off-by: Oren Laadan <orenl@cs.columbia.edu>
Acked-by: Serge E. Hallyn <serue@us.ibm.com>
Tested-by: Serge E. Hallyn <serue@us.ibm.com>
---
include/linux/checkpoint.h | 3 +
include/linux/checkpoint_hdr.h | 16 +++++
kernel/checkpoint/checkpoint.c | 29 +++++++-
kernel/checkpoint/objhash.c | 2 +
kernel/checkpoint/process.c | 81 ++++++++++++++++++++++++
kernel/nsproxy.c | 136 ++++++++++++++++++++++++++++++++++++++++
6 files changed, 263 insertions(+), 4 deletions(-)
diff --git a/include/linux/checkpoint.h b/include/linux/checkpoint.h
index 24ad717..2b6d0c7 100644
--- a/include/linux/checkpoint.h
+++ b/include/linux/checkpoint.h
@@ -166,6 +166,9 @@ extern int checkpoint_restart_block(struct ckpt_ctx *ctx,
struct task_struct *t);
extern int restore_restart_block(struct ckpt_ctx *ctx);
+/* namespaces */
+extern int ckpt_collect_ns(struct ckpt_ctx *ctx, struct task_struct *t);
+
/* file table */
extern int ckpt_collect_file_table(struct ckpt_ctx *ctx, struct task_struct *t);
extern int checkpoint_obj_file_table(struct ckpt_ctx *ctx,
diff --git a/include/linux/checkpoint_hdr.h b/include/linux/checkpoint_hdr.h
index fbcbee7..f119991 100644
--- a/include/linux/checkpoint_hdr.h
+++ b/include/linux/checkpoint_hdr.h
@@ -76,6 +76,8 @@ enum {
#define CKPT_HDR_TREE CKPT_HDR_TREE
CKPT_HDR_TASK,
#define CKPT_HDR_TASK CKPT_HDR_TASK
+ CKPT_HDR_TASK_NS,
+#define CKPT_HDR_TASK_NS CKPT_HDR_TASK_NS
CKPT_HDR_TASK_OBJS,
#define CKPT_HDR_TASK_OBJS CKPT_HDR_TASK_OBJS
CKPT_HDR_RESTART_BLOCK,
@@ -84,6 +86,8 @@ enum {
#define CKPT_HDR_THREAD CKPT_HDR_THREAD
CKPT_HDR_CPU,
#define CKPT_HDR_CPU CKPT_HDR_CPU
+ CKPT_HDR_NS,
+#define CKPT_HDR_NS CKPT_HDR_NS
/* 201-299: reserved for arch-dependent */
@@ -141,6 +145,8 @@ enum obj_type {
#define CKPT_OBJ_FILE CKPT_OBJ_FILE
CKPT_OBJ_MM,
#define CKPT_OBJ_MM CKPT_OBJ_MM
+ CKPT_OBJ_NS,
+#define CKPT_OBJ_NS CKPT_OBJ_NS
CKPT_OBJ_MAX
#define CKPT_OBJ_MAX CKPT_OBJ_MAX
};
@@ -225,6 +231,16 @@ struct ckpt_hdr_task {
__u64 clear_child_tid;
} __attribute__((aligned(8)));
+/* namespaces */
+struct ckpt_hdr_task_ns {
+ struct ckpt_hdr h;
+ __s32 ns_objref;
+} __attribute__((aligned(8)));
+
+struct ckpt_hdr_ns {
+ struct ckpt_hdr h;
+} __attribute__((aligned(8)));
+
/* task's shared resources */
struct ckpt_hdr_task_objs {
struct ckpt_hdr h;
diff --git a/kernel/checkpoint/checkpoint.c b/kernel/checkpoint/checkpoint.c
index 0f83cca..ab1081c 100644
--- a/kernel/checkpoint/checkpoint.c
+++ b/kernel/checkpoint/checkpoint.c
@@ -219,6 +219,8 @@ static int checkpoint_all_tasks(struct ckpt_ctx *ctx)
static int may_checkpoint_task(struct ckpt_ctx *ctx, struct task_struct *t)
{
struct task_struct *root = ctx->root_task;
+ struct nsproxy *nsproxy;
+ int ret = 0;
ckpt_debug("check %d\n", task_pid_nr_ns(t, ctx->root_nsproxy->pid_ns));
@@ -258,11 +260,30 @@ static int may_checkpoint_task(struct ckpt_ctx *ctx, struct task_struct *t)
return -EINVAL;
}
- /* FIX: change this when namespaces are added */
- if (task_nsproxy(t) != ctx->root_nsproxy)
- return -EPERM;
+ rcu_read_lock();
+ nsproxy = task_nsproxy(t);
+ if (nsproxy->uts_ns != ctx->root_nsproxy->uts_ns)
+ ret = -EPERM;
+ if (nsproxy->ipc_ns != ctx->root_nsproxy->ipc_ns)
+ ret = -EPERM;
+ /* no support for >1 private mntns */
+ if (nsproxy->mnt_ns != ctx->root_nsproxy->mnt_ns) {
+ _ckpt_err(ctx, -EPERM, "%(T)Nested mnt_ns unsupported\n");
+ ret = -EPERM;
+ }
+ /* no support for >1 private netns */
+ if (nsproxy->net_ns != ctx->root_nsproxy->net_ns) {
+ _ckpt_err(ctx, -EPERM, "%(T)Nested net_ns unsupported\n");
+ ret = -EPERM;
+ }
+ /* no support for >1 private pidns */
+ if (nsproxy->pid_ns != ctx->root_nsproxy->pid_ns) {
+ _ckpt_err(ctx, -EPERM, "%(T)Nested pid_ns unsupported\n");
+ ret = -EPERM;
+ }
+ rcu_read_unlock();
- return 0;
+ return ret;
}
#define CKPT_HDR_PIDS_CHUNK 256
diff --git a/kernel/checkpoint/objhash.c b/kernel/checkpoint/objhash.c
index 1d78dbf..d504568 100644
--- a/kernel/checkpoint/objhash.c
+++ b/kernel/checkpoint/objhash.c
@@ -498,6 +498,8 @@ int ckpt_obj_contained(struct ckpt_ctx *ctx)
ckpt_obj_users_inc(ctx, ctx->file, 1);
if (ctx->logfile)
ckpt_obj_users_inc(ctx, ctx->logfile, 1);
+ /* account for ctx->root_nsproxy (if in the table already) */
+ ckpt_obj_users_inc(ctx, ctx->root_nsproxy, 1);
hlist_for_each_entry(obj, node, &ctx->obj_hash->list, next) {
if (!obj->ops->ref_users)
diff --git a/kernel/checkpoint/process.c b/kernel/checkpoint/process.c
index 1ec5c6a..22fb938 100644
--- a/kernel/checkpoint/process.c
+++ b/kernel/checkpoint/process.c
@@ -12,6 +12,7 @@
#define CKPT_DFLAG CKPT_DSYS
#include <linux/sched.h>
+#include <linux/nsproxy.h>
#include <linux/posix-timers.h>
#include <linux/futex.h>
#include <linux/compat.h>
@@ -103,6 +104,35 @@ static int checkpoint_task_struct(struct ckpt_ctx *ctx, struct task_struct *t)
return ckpt_write_string(ctx, t->comm, TASK_COMM_LEN);
}
+static int checkpoint_task_ns(struct ckpt_ctx *ctx, struct task_struct *t)
+{
+ struct ckpt_hdr_task_ns *h;
+ struct nsproxy *nsproxy;
+ int ns_objref;
+ int ret;
+
+ rcu_read_lock();
+ nsproxy = task_nsproxy(t);
+ get_nsproxy(nsproxy);
+ rcu_read_unlock();
+
+ ns_objref = checkpoint_obj(ctx, nsproxy, CKPT_OBJ_NS);
+ put_nsproxy(nsproxy);
+
+ ckpt_debug("nsproxy: objref %d\n", ns_objref);
+ if (ns_objref < 0)
+ return ns_objref;
+
+ h = ckpt_hdr_get_type(ctx, sizeof(*h), CKPT_HDR_TASK_NS);
+ if (!h)
+ return -ENOMEM;
+ h->ns_objref = ns_objref;
+ ret = ckpt_write_obj(ctx, &h->h);
+ ckpt_hdr_put(ctx, h);
+
+ return ret;
+}
+
static int checkpoint_task_objs(struct ckpt_ctx *ctx, struct task_struct *t)
{
struct ckpt_hdr_task_objs *h;
@@ -110,6 +140,19 @@ static int checkpoint_task_objs(struct ckpt_ctx *ctx, struct task_struct *t)
int mm_objref;
int ret;
+ /*
+ * Shared objects may have dependencies among them: task->mm
+ * depends on task->nsproxy (by ipc_ns). Therefore first save
+ * the namespaces, and then the remaining shared objects.
+ * During restart a task will already have its namespaces
+ * restored when it gets to restore, e.g. its memory.
+ */
+
+ ret = checkpoint_task_ns(ctx, t);
+ ckpt_debug("ns: objref %d\n", ret);
+ if (ret < 0)
+ return ret;
+
files_objref = checkpoint_obj_file_table(ctx, t);
ckpt_debug("files: objref %d\n", files_objref);
if (files_objref < 0) {
@@ -284,6 +327,9 @@ int ckpt_collect_task(struct ckpt_ctx *ctx, struct task_struct *t)
{
int ret;
+ ret = ckpt_collect_ns(ctx, t);
+ if (ret < 0)
+ return ret;
ret = ckpt_collect_file_table(ctx, t);
if (ret < 0)
return ret;
@@ -359,11 +405,46 @@ static int restore_task_struct(struct ckpt_ctx *ctx)
return ret;
}
+static int restore_task_ns(struct ckpt_ctx *ctx)
+{
+ struct ckpt_hdr_task_ns *h;
+ struct nsproxy *nsproxy;
+ int ret = 0;
+
+ h = ckpt_read_obj_type(ctx, sizeof(*h), CKPT_HDR_TASK_NS);
+ if (IS_ERR(h))
+ return PTR_ERR(h);
+
+ nsproxy = ckpt_obj_fetch(ctx, h->ns_objref, CKPT_OBJ_NS);
+ if (IS_ERR(nsproxy)) {
+ ret = PTR_ERR(nsproxy);
+ goto out;
+ }
+
+ if (nsproxy != task_nsproxy(current)) {
+ get_nsproxy(nsproxy);
+ switch_task_namespaces(current, nsproxy);
+ }
+ out:
+ ckpt_debug("nsproxy: ret %d (%p)\n", ret, task_nsproxy(current));
+ ckpt_hdr_put(ctx, h);
+ return ret;
+}
+
static int restore_task_objs(struct ckpt_ctx *ctx)
{
struct ckpt_hdr_task_objs *h;
int ret;
+ /*
+ * Namespaces come first, because ->mm depends on ->nsproxy,
+ * and because shared objects are restored before they are
+ * referenced. See comment in checkpoint_task_objs.
+ */
+ ret = restore_task_ns(ctx);
+ if (ret < 0)
+ return ret;
+
h = ckpt_read_obj_type(ctx, sizeof(*h), CKPT_HDR_TASK_OBJS);
if (IS_ERR(h))
return PTR_ERR(h);
diff --git a/kernel/nsproxy.c b/kernel/nsproxy.c
index f74e6c0..7082283 100644
--- a/kernel/nsproxy.c
+++ b/kernel/nsproxy.c
@@ -22,6 +22,7 @@
#include <linux/pid_namespace.h>
#include <net/net_namespace.h>
#include <linux/ipc_namespace.h>
+#include <linux/checkpoint.h>
static struct kmem_cache *nsproxy_cachep;
@@ -233,10 +234,145 @@ void exit_task_namespaces(struct task_struct *p)
switch_task_namespaces(p, NULL);
}
+#ifdef CONFIG_CHECKPOINT
+int ckpt_collect_ns(struct ckpt_ctx *ctx, struct task_struct *t)
+{
+ struct nsproxy *nsproxy;
+ int exists;
+ int ret;
+
+ rcu_read_lock();
+ nsproxy = task_nsproxy(t);
+ if (nsproxy)
+ get_nsproxy(nsproxy);
+ rcu_read_unlock();
+
+ if (!nsproxy)
+ return 0;
+
+ /* if already exists, don't proceed inside the struct */
+ exists = ckpt_obj_lookup(ctx, nsproxy, CKPT_OBJ_NS);
+
+ ret = ckpt_obj_collect(ctx, nsproxy, CKPT_OBJ_NS);
+ if (ret < 0 || exists)
+ goto out;
+
+ /* TODO: collect other namespaces here */
+ out:
+ put_nsproxy(nsproxy);
+ return ret;
+}
+
+static int checkpoint_ns(struct ckpt_ctx *ctx, void *ptr)
+{
+ struct nsproxy *nsproxy = ptr;
+ struct ckpt_hdr_ns *h;
+ int ret;
+
+ h = ckpt_hdr_get_type(ctx, sizeof(*h), CKPT_HDR_NS);
+ if (!h)
+ return -ENOMEM;
+
+ /* TODO: Write other namespaces here */
+
+ ret = ckpt_write_obj(ctx, &h->h);
+ ckpt_hdr_put(ctx, h);
+ return ret;
+}
+
+static void *restore_ns(struct ckpt_ctx *ctx)
+{
+ struct ckpt_hdr_ns *h;
+ struct nsproxy *nsproxy = NULL;
+ struct uts_namespace *uts_ns;
+ struct ipc_namespace *ipc_ns;
+ struct mnt_namespace *mnt_ns;
+ struct net *net_ns;
+ int ret = 0;
+
+ h = ckpt_read_obj_type(ctx, sizeof(*h), CKPT_HDR_NS);
+ if (IS_ERR(h))
+ return (void *) h;
+
+ uts_ns = ctx->root_nsproxy->uts_ns;
+ ipc_ns = ctx->root_nsproxy->ipc_ns;
+ mnt_ns = ctx->root_nsproxy->mnt_ns;
+ net_ns = ctx->root_nsproxy->net_ns;
+
+ if (uts_ns == current->nsproxy->uts_ns &&
+ ipc_ns == current->nsproxy->ipc_ns &&
+ mnt_ns == current->nsproxy->mnt_ns &&
+ net_ns == current->nsproxy->net_ns) {
+ /* all xxx-ns are identical: reuse nsproxy */
+ nsproxy = current->nsproxy;
+ get_nsproxy(nsproxy);
+ } else {
+ nsproxy = create_nsproxy();
+ if (!nsproxy) {
+ ret = -ENOMEM;
+ goto out;
+ }
+
+ get_uts_ns(uts_ns);
+ nsproxy->uts_ns = uts_ns;
+ get_ipc_ns(ipc_ns);
+ nsproxy->ipc_ns = ipc_ns;
+ get_mnt_ns(mnt_ns);
+ nsproxy->mnt_ns = mnt_ns;
+ get_net(net_ns);
+ nsproxy->net_ns = net_ns;
+
+ get_pid_ns(current->nsproxy->pid_ns);
+ nsproxy->pid_ns = current->nsproxy->pid_ns;
+ }
+ out:
+ if (ret < 0)
+ nsproxy = ERR_PTR(ret);
+ ckpt_hdr_put(ctx, h);
+ return (void *) nsproxy;
+}
+
+static int obj_ns_grab(void *ptr)
+{
+ get_nsproxy((struct nsproxy *) ptr);
+ return 0;
+}
+
+static void obj_ns_drop(void *ptr, int lastref)
+{
+ put_nsproxy((struct nsproxy *) ptr);
+}
+
+static int obj_ns_users(void *ptr)
+{
+ return atomic_read(&((struct nsproxy *) ptr)->count);
+}
+
+/* ns object */
+static const struct ckpt_obj_ops ckpt_obj_nsproxy_ops = {
+ .obj_name = "NSPROXY",
+ .obj_type = CKPT_OBJ_NS,
+ .ref_drop = obj_ns_drop,
+ .ref_grab = obj_ns_grab,
+ .ref_users = obj_ns_users,
+ .checkpoint = checkpoint_ns,
+ .restore = restore_ns,
+};
+
+static inline int checkpoint_register_nsproxy(void)
+{
+ return register_checkpoint_obj(&ckpt_obj_nsproxy_ops);
+}
+#endif /* CONFIG_CHECKPOINT */
+
static int __init nsproxy_cache_init(void)
{
nsproxy_cachep = KMEM_CACHE(nsproxy, SLAB_PANIC);
+#ifdef CONFIG_CHECKPOINT
+ return checkpoint_register_nsproxy();
+#else
return 0;
+#endif
}
module_init(nsproxy_cache_init);
--
1.6.3.3
^ permalink raw reply related [flat|nested] 137+ messages in thread* [PATCH v21 052/100] c/r: support for UTS namespace
2010-05-01 14:14 [PATCH v21 00/100] Kernel based checkpoint/restart Oren Laadan
` (50 preceding siblings ...)
2010-05-01 14:15 ` [PATCH v21 051/100] c/r: make ckpt_may_checkpoint_task() check each namespace individually Oren Laadan
@ 2010-05-01 14:15 ` Oren Laadan
2010-05-01 14:15 ` [PATCH v21 053/100] c/r (ipc): allow allocation of a desired ipc identifier Oren Laadan
` (49 subsequent siblings)
101 siblings, 0 replies; 137+ messages in thread
From: Oren Laadan @ 2010-05-01 14:15 UTC (permalink / raw)
To: Andrew Morton
Cc: containers, linux-kernel, Serge Hallyn, Matt Helsley,
Pavel Emelyanov, Dan Smith, Oren Laadan
From: Dan Smith <danms@us.ibm.com>
This patch adds a "phase" of checkpoint that saves out information about any
namespaces the task(s) may have. Do this by tracking the namespace objects
of the tasks and making sure that tasks with the same namespace that follow
get properly referenced in the checkpoint stream.
Changes[v21]:
- Do not include checkpoint_hdr.h explicitly
- Move utsns c/r code from checkpoint/namespace.c to kernel/utsname*.c
- [Serge Hallyn] Remove namespace.o from kernel/checkpoint/Makefile
Changes[v20]:
- Make uts_ns=n compile
Changes[v19]:
- Restart to handle checkpoint images lacking {uts,ipc}-ns
Changes[v19-rc1]:
- [Matt Helsley] Add cpp definitions for enums
Changes[v17]:
- Collect nsproxy->uts_ns
- Save uts string lengths once in ckpt_hdr_const
- Save and restore all fields of uts-ns
- Don't overwrite global uts-ns if !CONFIG_UTS_NS
- Replace sys_unshare() with create_uts_ns()
- Take uts_sem around access to uts data
Changes:
- Remove the kernel restore path
- Punt on nested namespaces
- Use __NEW_UTS_LEN in nodename and domainname buffers
- Add a note to Documentation/checkpoint/internals.txt to indicate where
in the save/restore process the UTS information is kept
- Store (and track) the objref of the namespace itself instead of the
nsproxy (based on comments from Dave on IRC)
- Remove explicit check for non-root nsproxy
- Store the nodename and domainname lengths and use ckpt_write_string()
to store the actual name strings
- Catch failure of ckpt_obj_add_ptr() in ckpt_write_namespaces()
- Remove "types" bitfield and use the "is this new" flag to determine
whether or not we should write out a new ns descriptor
- Replace kernel restore path
- Move the namespace information to be directly after the task
information record
- Update Documentation to reflect new location of namespace info
- Support checkpoint and restart of nested UTS namespaces
Signed-off-by: Dan Smith <danms@us.ibm.com>
Signed-off-by: Oren Laadan <orenl@cs.columbia.edu>
Acked-by: Serge E. Hallyn <serue@us.ibm.com>
Tested-by: Serge E. Hallyn <serue@us.ibm.com>
---
include/linux/checkpoint_hdr.h | 29 ++++++++-
include/linux/checkpoint_types.h | 6 ++
include/linux/utsname.h | 1 +
kernel/checkpoint/checkpoint.c | 5 +-
kernel/checkpoint/process.c | 2 +
kernel/checkpoint/restart.c | 6 ++
kernel/nsproxy.c | 19 +++++-
kernel/utsname.c | 3 +-
kernel/utsname_sysctl.c | 130 ++++++++++++++++++++++++++++++++++++++
9 files changed, 195 insertions(+), 6 deletions(-)
diff --git a/include/linux/checkpoint_hdr.h b/include/linux/checkpoint_hdr.h
index f119991..b97217f 100644
--- a/include/linux/checkpoint_hdr.h
+++ b/include/linux/checkpoint_hdr.h
@@ -24,8 +24,6 @@
#endif
-#include <linux/utsname.h>
-
/*
* To maintain compatibility between 32-bit and 64-bit architecture flavors,
* keep data 64-bit aligned: use padding for structure members, and use
@@ -88,6 +86,8 @@ enum {
#define CKPT_HDR_CPU CKPT_HDR_CPU
CKPT_HDR_NS,
#define CKPT_HDR_NS CKPT_HDR_NS
+ CKPT_HDR_UTS_NS,
+#define CKPT_HDR_UTS_NS CKPT_HDR_UTS_NS
/* 201-299: reserved for arch-dependent */
@@ -147,6 +147,8 @@ enum obj_type {
#define CKPT_OBJ_MM CKPT_OBJ_MM
CKPT_OBJ_NS,
#define CKPT_OBJ_NS CKPT_OBJ_NS
+ CKPT_OBJ_UTS_NS,
+#define CKPT_OBJ_UTS_NS CKPT_OBJ_UTS_NS
CKPT_OBJ_MAX
#define CKPT_OBJ_MAX CKPT_OBJ_MAX
};
@@ -158,9 +160,12 @@ struct ckpt_const {
/* mm */
__u16 at_vector_size;
/* uts */
+ __u16 uts_sysname_len;
+ __u16 uts_nodename_len;
__u16 uts_release_len;
__u16 uts_version_len;
__u16 uts_machine_len;
+ __u16 uts_domainname_len;
} __attribute__((aligned(8)));
/* checkpoint image header */
@@ -239,6 +244,26 @@ struct ckpt_hdr_task_ns {
struct ckpt_hdr_ns {
struct ckpt_hdr h;
+ __s32 uts_objref;
+} __attribute__((aligned(8)));
+
+/* cannot include <linux/tty.h> from userspace, so define: */
+#define CKPT_NEW_UTS_LEN 64
+#ifdef __KERNEL__
+#include <linux/utsname.h>
+#if CKPT_NEW_UTS_LEN != __NEW_UTS_LEN
+#error CKPT_NEW_UTS_LEN size is wrong per linux/utsname.h
+#endif
+#endif
+
+struct ckpt_hdr_utsns {
+ struct ckpt_hdr h;
+ char sysname[CKPT_NEW_UTS_LEN + 1];
+ char nodename[CKPT_NEW_UTS_LEN + 1];
+ char release[CKPT_NEW_UTS_LEN + 1];
+ char version[CKPT_NEW_UTS_LEN + 1];
+ char machine[CKPT_NEW_UTS_LEN + 1];
+ char domainname[CKPT_NEW_UTS_LEN + 1];
} __attribute__((aligned(8)));
/* task's shared resources */
diff --git a/include/linux/checkpoint_types.h b/include/linux/checkpoint_types.h
index e150182..86f3a06 100644
--- a/include/linux/checkpoint_types.h
+++ b/include/linux/checkpoint_types.h
@@ -22,6 +22,10 @@
#include <linux/ktime.h>
#include <linux/wait.h>
+struct ckpt_stats {
+ int uts_ns;
+};
+
struct ckpt_ctx {
int crid; /* unique checkpoint id */
@@ -71,6 +75,8 @@ struct ckpt_ctx {
struct completion complete; /* container root and other tasks on */
wait_queue_head_t waitq; /* start, end, and restart ordering */
+ struct ckpt_stats stats; /* statistics */
+
#define CKPT_MSG_LEN 1024
char fmt[CKPT_MSG_LEN];
char msg[CKPT_MSG_LEN];
diff --git a/include/linux/utsname.h b/include/linux/utsname.h
index 69f3997..774001d 100644
--- a/include/linux/utsname.h
+++ b/include/linux/utsname.h
@@ -49,6 +49,7 @@ static inline void get_uts_ns(struct uts_namespace *ns)
kref_get(&ns->kref);
}
+extern struct uts_namespace *create_uts_ns(void);
extern struct uts_namespace *copy_utsname(unsigned long flags,
struct uts_namespace *ns);
extern void free_uts_ns(struct kref *kref);
diff --git a/kernel/checkpoint/checkpoint.c b/kernel/checkpoint/checkpoint.c
index ab1081c..3736475 100644
--- a/kernel/checkpoint/checkpoint.c
+++ b/kernel/checkpoint/checkpoint.c
@@ -114,9 +114,12 @@ static void fill_kernel_const(struct ckpt_const *h)
/* mm->saved_auxv size */
h->at_vector_size = AT_VECTOR_SIZE;
/* uts */
+ h->uts_sysname_len = sizeof(uts->sysname);
+ h->uts_nodename_len = sizeof(uts->nodename);
h->uts_release_len = sizeof(uts->release);
h->uts_version_len = sizeof(uts->version);
h->uts_machine_len = sizeof(uts->machine);
+ h->uts_domainname_len = sizeof(uts->domainname);
}
/* write the checkpoint header */
@@ -262,8 +265,6 @@ static int may_checkpoint_task(struct ckpt_ctx *ctx, struct task_struct *t)
rcu_read_lock();
nsproxy = task_nsproxy(t);
- if (nsproxy->uts_ns != ctx->root_nsproxy->uts_ns)
- ret = -EPERM;
if (nsproxy->ipc_ns != ctx->root_nsproxy->ipc_ns)
ret = -EPERM;
/* no support for >1 private mntns */
diff --git a/kernel/checkpoint/process.c b/kernel/checkpoint/process.c
index 22fb938..68539bd 100644
--- a/kernel/checkpoint/process.c
+++ b/kernel/checkpoint/process.c
@@ -17,6 +17,8 @@
#include <linux/futex.h>
#include <linux/compat.h>
#include <linux/poll.h>
+#include <linux/utsname.h>
+#include <linux/syscalls.h>
#include <linux/checkpoint.h>
diff --git a/kernel/checkpoint/restart.c b/kernel/checkpoint/restart.c
index c0fe147..e43c300 100644
--- a/kernel/checkpoint/restart.c
+++ b/kernel/checkpoint/restart.c
@@ -569,12 +569,18 @@ static int check_kernel_const(struct ckpt_const *h)
if (h->at_vector_size != AT_VECTOR_SIZE)
return -EINVAL;
/* uts */
+ if (h->uts_sysname_len != sizeof(uts->sysname))
+ return -EINVAL;
+ if (h->uts_nodename_len != sizeof(uts->nodename))
+ return -EINVAL;
if (h->uts_release_len != sizeof(uts->release))
return -EINVAL;
if (h->uts_version_len != sizeof(uts->version))
return -EINVAL;
if (h->uts_machine_len != sizeof(uts->machine))
return -EINVAL;
+ if (h->uts_domainname_len != sizeof(uts->domainname))
+ return -EINVAL;
return 0;
}
diff --git a/kernel/nsproxy.c b/kernel/nsproxy.c
index 7082283..84693e9 100644
--- a/kernel/nsproxy.c
+++ b/kernel/nsproxy.c
@@ -257,6 +257,10 @@ int ckpt_collect_ns(struct ckpt_ctx *ctx, struct task_struct *t)
if (ret < 0 || exists)
goto out;
+ ret = ckpt_obj_collect(ctx, nsproxy->uts_ns, CKPT_OBJ_UTS_NS);
+ if (ret < 0)
+ goto out;
+
/* TODO: collect other namespaces here */
out:
put_nsproxy(nsproxy);
@@ -273,9 +277,14 @@ static int checkpoint_ns(struct ckpt_ctx *ctx, void *ptr)
if (!h)
return -ENOMEM;
+ ret = checkpoint_obj(ctx, nsproxy->uts_ns, CKPT_OBJ_UTS_NS);
+ if (ret <= 0)
+ goto out;
+ h->uts_objref = ret;
/* TODO: Write other namespaces here */
ret = ckpt_write_obj(ctx, &h->h);
+ out:
ckpt_hdr_put(ctx, h);
return ret;
}
@@ -294,7 +303,15 @@ static void *restore_ns(struct ckpt_ctx *ctx)
if (IS_ERR(h))
return (void *) h;
- uts_ns = ctx->root_nsproxy->uts_ns;
+ if (h->uts_objref == 0)
+ uts_ns = ctx->root_nsproxy->uts_ns;
+ else
+ uts_ns = ckpt_obj_fetch(ctx, h->uts_objref, CKPT_OBJ_UTS_NS);
+ if (IS_ERR(uts_ns)) {
+ ret = PTR_ERR(uts_ns);
+ goto out;
+ }
+
ipc_ns = ctx->root_nsproxy->ipc_ns;
mnt_ns = ctx->root_nsproxy->mnt_ns;
net_ns = ctx->root_nsproxy->net_ns;
diff --git a/kernel/utsname.c b/kernel/utsname.c
index 8a82b4b..c82ed83 100644
--- a/kernel/utsname.c
+++ b/kernel/utsname.c
@@ -14,8 +14,9 @@
#include <linux/utsname.h>
#include <linux/err.h>
#include <linux/slab.h>
+#include <linux/checkpoint.h>
-static struct uts_namespace *create_uts_ns(void)
+struct uts_namespace *create_uts_ns(void)
{
struct uts_namespace *uts_ns;
diff --git a/kernel/utsname_sysctl.c b/kernel/utsname_sysctl.c
index a2cd77e..f29c1d4 100644
--- a/kernel/utsname_sysctl.c
+++ b/kernel/utsname_sysctl.c
@@ -14,6 +14,10 @@
#include <linux/utsname.h>
#include <linux/sysctl.h>
+#define CKPT_DFLAG CKPT_DSYS
+#include <linux/nsproxy.h>
+#include <linux/checkpoint.h>
+
static void *get_uts(ctl_table *table, int write)
{
char *which = table->data;
@@ -105,9 +109,135 @@ static struct ctl_table uts_root_table[] = {
{}
};
+#ifdef CONFIG_CHECKPOINT
+/*
+ * uts_ns - this needs to compile even for !CONFIG_UTS_NS, so
+ * the code may not reside in kernel/utsname.c (which wouldn't
+ * compile then).
+ */
+static int checkpoint_uts_ns(struct ckpt_ctx *ctx, void *ptr)
+{
+ struct uts_namespace *uts_ns = ptr;
+ struct ckpt_hdr_utsns *h;
+ struct new_utsname *name;
+ int ret;
+
+ h = ckpt_hdr_get_type(ctx, sizeof(*h), CKPT_HDR_UTS_NS);
+ if (!h)
+ return -ENOMEM;
+
+ down_read(&uts_sem);
+ name = &uts_ns->name;
+ memcpy(h->sysname, name->sysname, sizeof(name->sysname));
+ memcpy(h->nodename, name->nodename, sizeof(name->nodename));
+ memcpy(h->release, name->release, sizeof(name->release));
+ memcpy(h->version, name->version, sizeof(name->version));
+ memcpy(h->machine, name->machine, sizeof(name->machine));
+ memcpy(h->domainname, name->domainname, sizeof(name->domainname));
+ up_read(&uts_sem);
+
+ ret = ckpt_write_obj(ctx, &h->h);
+ ckpt_hdr_put(ctx, h);
+ return ret;
+}
+
+#ifdef CONFIG_UTS_NS
+static inline struct uts_namespace *ckpt_do_copy_uts_ns(struct ckpt_ctx *ctx,
+ struct ckpt_hdr_utsns *h)
+{
+ struct new_utsname *name = NULL;
+ struct uts_namespace *uts_ns;
+
+ uts_ns = create_uts_ns();
+ if (!uts_ns)
+ return ERR_PTR(-ENOMEM);
+
+ down_read(&uts_sem);
+ name = &uts_ns->name;
+ memcpy(name->sysname, h->sysname, sizeof(name->sysname));
+ memcpy(name->nodename, h->nodename, sizeof(name->nodename));
+ memcpy(name->release, h->release, sizeof(name->release));
+ memcpy(name->version, h->version, sizeof(name->version));
+ memcpy(name->machine, h->machine, sizeof(name->machine));
+ memcpy(name->domainname, h->domainname, sizeof(name->domainname));
+ up_read(&uts_sem);
+ return uts_ns;
+}
+#else
+static inline struct uts_namespace *ckpt_do_copy_uts_ns(struct ckpt_ctx *ctx,
+ struct ckpt_hdr_utsns *h)
+{
+ struct uts_namespace *uts_ns;
+
+ /* complain if image contains multiple namespaces */
+ if (ctx->stats.uts_ns)
+ return ERR_PTR(-EEXIST);
+
+ uts_ns = current->nsproxy->uts_ns;
+ get_uts_ns(uts_ns);
+ return uts_ns;
+}
+#endif
+
+static void *restore_uts_ns(struct ckpt_ctx *ctx)
+{
+ struct ckpt_hdr_utsns *h;
+ struct uts_namespace *uts_ns;
+
+ h = ckpt_read_obj_type(ctx, sizeof(*h), CKPT_HDR_UTS_NS);
+ if (IS_ERR(h))
+ return (void *) h;
+
+ uts_ns = ckpt_do_copy_uts_ns(ctx, h);
+ if (IS_ERR(uts_ns))
+ goto out;
+
+ ctx->stats.uts_ns++;
+out:
+ ckpt_hdr_put(ctx, h);
+ return (void *)uts_ns;
+}
+
+
+static int obj_uts_ns_grab(void *ptr)
+{
+ get_uts_ns((struct uts_namespace *) ptr);
+ return 0;
+}
+
+static void obj_uts_ns_drop(void *ptr, int lastref)
+{
+ put_uts_ns((struct uts_namespace *) ptr);
+}
+
+static int obj_uts_ns_users(void *ptr)
+{
+ return atomic_read(&((struct uts_namespace *) ptr)->kref.refcount);
+}
+
+/* uts_ns object */
+static struct ckpt_obj_ops ckpt_obj_utsns_ops = {
+ .obj_name = "UTS_NS",
+ .obj_type = CKPT_OBJ_UTS_NS,
+ .ref_drop = obj_uts_ns_drop,
+ .ref_grab = obj_uts_ns_grab,
+ .ref_users = obj_uts_ns_users,
+ .checkpoint = checkpoint_uts_ns,
+ .restore = restore_uts_ns,
+};
+
+static int __init checkpoint_register_utsname(void)
+{
+ return register_checkpoint_obj(&ckpt_obj_utsns_ops);
+}
+#endif
+
static int __init utsname_sysctl_init(void)
{
register_sysctl_table(uts_root_table);
+#ifdef CONFIG_CHECKPOINT
+ checkpoint_register_utsname();
+#endif
return 0;
}
--
1.6.3.3
^ permalink raw reply related [flat|nested] 137+ messages in thread* [PATCH v21 053/100] c/r (ipc): allow allocation of a desired ipc identifier
2010-05-01 14:14 [PATCH v21 00/100] Kernel based checkpoint/restart Oren Laadan
` (51 preceding siblings ...)
2010-05-01 14:15 ` [PATCH v21 052/100] c/r: support for UTS namespace Oren Laadan
@ 2010-05-01 14:15 ` Oren Laadan
2010-05-07 16:32 ` Manfred Spraul
2010-05-01 14:15 ` [PATCH v21 054/100] c/r: save and restore sysvipc namespace basics Oren Laadan
` (48 subsequent siblings)
101 siblings, 1 reply; 137+ messages in thread
From: Oren Laadan @ 2010-05-01 14:15 UTC (permalink / raw)
To: Andrew Morton
Cc: containers, linux-kernel, Serge Hallyn, Matt Helsley,
Pavel Emelyanov, Oren Laadan, Oleg Nesterov, Manfred Spraul
During restart, we need to allocate ipc objects that with the same
identifiers as recorded during checkpoint. Modify the allocation
code allow an in-kernel caller to request a specific ipc identifier.
The system call interface remains unchanged.
Cc: Oleg Nesterov <oleg@redhat.com>
Cc: Manfred Spraul <manfred@colorfullife.com>
Signed-off-by: Oren Laadan <orenl@cs.columbia.edu>
Acked-by: Serge E. Hallyn <serue@us.ibm.com>
Tested-by: Serge E. Hallyn <serue@us.ibm.com>
---
ipc/msg.c | 17 ++++++++++++-----
ipc/sem.c | 17 ++++++++++++-----
ipc/shm.c | 19 +++++++++++++------
ipc/util.c | 42 +++++++++++++++++++++++++++++-------------
ipc/util.h | 9 +++++----
5 files changed, 71 insertions(+), 33 deletions(-)
diff --git a/ipc/msg.c b/ipc/msg.c
index 9547cb7..c884908 100644
--- a/ipc/msg.c
+++ b/ipc/msg.c
@@ -72,7 +72,7 @@ struct msg_sender {
#define msg_unlock(msq) ipc_unlock(&(msq)->q_perm)
static void freeque(struct ipc_namespace *, struct kern_ipc_perm *);
-static int newque(struct ipc_namespace *, struct ipc_params *);
+static int newque(struct ipc_namespace *, struct ipc_params *, int);
#ifdef CONFIG_PROC_FS
static int sysvipc_msg_proc_show(struct seq_file *s, void *it);
#endif
@@ -174,10 +174,12 @@ static inline void msg_rmid(struct ipc_namespace *ns, struct msg_queue *s)
* newque - Create a new msg queue
* @ns: namespace
* @params: ptr to the structure that contains the key and msgflg
+ * @req_id: request desired id if available (-1 if don't care)
*
* Called with msg_ids.rw_mutex held (writer)
*/
-static int newque(struct ipc_namespace *ns, struct ipc_params *params)
+static int
+newque(struct ipc_namespace *ns, struct ipc_params *params, int req_id)
{
struct msg_queue *msq;
int id, retval;
@@ -201,7 +203,7 @@ static int newque(struct ipc_namespace *ns, struct ipc_params *params)
/*
* ipc_addid() locks msq
*/
- id = ipc_addid(&msg_ids(ns), &msq->q_perm, ns->msg_ctlmni);
+ id = ipc_addid(&msg_ids(ns), &msq->q_perm, ns->msg_ctlmni, req_id);
if (id < 0) {
security_msg_queue_free(msq);
ipc_rcu_putref(msq);
@@ -309,7 +311,7 @@ static inline int msg_security(struct kern_ipc_perm *ipcp, int msgflg)
return security_msg_queue_associate(msq, msgflg);
}
-SYSCALL_DEFINE2(msgget, key_t, key, int, msgflg)
+int do_msgget(key_t key, int msgflg, int req_id)
{
struct ipc_namespace *ns;
struct ipc_ops msg_ops;
@@ -324,7 +326,12 @@ SYSCALL_DEFINE2(msgget, key_t, key, int, msgflg)
msg_params.key = key;
msg_params.flg = msgflg;
- return ipcget(ns, &msg_ids(ns), &msg_ops, &msg_params);
+ return ipcget(ns, &msg_ids(ns), &msg_ops, &msg_params, req_id);
+}
+
+SYSCALL_DEFINE2(msgget, key_t, key, int, msgflg)
+{
+ return do_msgget(key, msgflg, -1);
}
static inline unsigned long
diff --git a/ipc/sem.c b/ipc/sem.c
index dbef95b..faed3a3 100644
--- a/ipc/sem.c
+++ b/ipc/sem.c
@@ -92,7 +92,7 @@
#define sem_unlock(sma) ipc_unlock(&(sma)->sem_perm)
#define sem_checkid(sma, semid) ipc_checkid(&sma->sem_perm, semid)
-static int newary(struct ipc_namespace *, struct ipc_params *);
+static int newary(struct ipc_namespace *, struct ipc_params *, int);
static void freeary(struct ipc_namespace *, struct kern_ipc_perm *);
#ifdef CONFIG_PROC_FS
static int sysvipc_sem_proc_show(struct seq_file *s, void *it);
@@ -228,11 +228,13 @@ static inline void sem_rmid(struct ipc_namespace *ns, struct sem_array *s)
* newary - Create a new semaphore set
* @ns: namespace
* @params: ptr to the structure that contains key, semflg and nsems
+ * @req_id: request desired id if available (-1 if don't care)
*
* Called with sem_ids.rw_mutex held (as a writer)
*/
-static int newary(struct ipc_namespace *ns, struct ipc_params *params)
+static int
+newary(struct ipc_namespace *ns, struct ipc_params *params, int req_id)
{
int id;
int retval;
@@ -265,7 +267,7 @@ static int newary(struct ipc_namespace *ns, struct ipc_params *params)
return retval;
}
- id = ipc_addid(&sem_ids(ns), &sma->sem_perm, ns->sc_semmni);
+ id = ipc_addid(&sem_ids(ns), &sma->sem_perm, ns->sc_semmni, req_id);
if (id < 0) {
security_sem_free(sma);
ipc_rcu_putref(sma);
@@ -315,7 +317,7 @@ static inline int sem_more_checks(struct kern_ipc_perm *ipcp,
return 0;
}
-SYSCALL_DEFINE3(semget, key_t, key, int, nsems, int, semflg)
+int do_semget(key_t key, int nsems, int semflg, int req_id)
{
struct ipc_namespace *ns;
struct ipc_ops sem_ops;
@@ -334,7 +336,12 @@ SYSCALL_DEFINE3(semget, key_t, key, int, nsems, int, semflg)
sem_params.flg = semflg;
sem_params.u.nsems = nsems;
- return ipcget(ns, &sem_ids(ns), &sem_ops, &sem_params);
+ return ipcget(ns, &sem_ids(ns), &sem_ops, &sem_params, req_id);
+}
+
+SYSCALL_DEFINE3(semget, key_t, key, int, nsems, int, semflg)
+{
+ return do_semget(key, nsems, semflg, -1);
}
/*
diff --git a/ipc/shm.c b/ipc/shm.c
index 1a314c8..76c3585 100644
--- a/ipc/shm.c
+++ b/ipc/shm.c
@@ -61,7 +61,7 @@ static const struct vm_operations_struct shm_vm_ops;
#define shm_unlock(shp) \
ipc_unlock(&(shp)->shm_perm)
-static int newseg(struct ipc_namespace *, struct ipc_params *);
+static int newseg(struct ipc_namespace *, struct ipc_params *, int);
static void shm_open(struct vm_area_struct *vma);
static void shm_close(struct vm_area_struct *vma);
static void shm_destroy (struct ipc_namespace *ns, struct shmid_kernel *shp);
@@ -82,7 +82,7 @@ void shm_init_ns(struct ipc_namespace *ns)
* Called with shm_ids.rw_mutex (writer) and the shp structure locked.
* Only shm_ids.rw_mutex remains locked on exit.
*/
-static void do_shm_rmid(struct ipc_namespace *ns, struct kern_ipc_perm *ipcp)
+void do_shm_rmid(struct ipc_namespace *ns, struct kern_ipc_perm *ipcp)
{
struct shmid_kernel *shp;
shp = container_of(ipcp, struct shmid_kernel, shm_perm);
@@ -329,11 +329,13 @@ static const struct vm_operations_struct shm_vm_ops = {
* newseg - Create a new shared memory segment
* @ns: namespace
* @params: ptr to the structure that contains key, size and shmflg
+ * @req_id: request desired id if available (-1 if don't care)
*
* Called with shm_ids.rw_mutex held as a writer.
*/
-static int newseg(struct ipc_namespace *ns, struct ipc_params *params)
+static int
+newseg(struct ipc_namespace *ns, struct ipc_params *params, int req_id)
{
key_t key = params->key;
int shmflg = params->flg;
@@ -388,7 +390,7 @@ static int newseg(struct ipc_namespace *ns, struct ipc_params *params)
if (IS_ERR(file))
goto no_file;
- id = ipc_addid(&shm_ids(ns), &shp->shm_perm, ns->shm_ctlmni);
+ id = ipc_addid(&shm_ids(ns), &shp->shm_perm, ns->shm_ctlmni, req_id);
if (id < 0) {
error = id;
goto no_id;
@@ -448,7 +450,7 @@ static inline int shm_more_checks(struct kern_ipc_perm *ipcp,
return 0;
}
-SYSCALL_DEFINE3(shmget, key_t, key, size_t, size, int, shmflg)
+int do_shmget(key_t key, size_t size, int shmflg, int req_id)
{
struct ipc_namespace *ns;
struct ipc_ops shm_ops;
@@ -464,7 +466,12 @@ SYSCALL_DEFINE3(shmget, key_t, key, size_t, size, int, shmflg)
shm_params.flg = shmflg;
shm_params.u.size = size;
- return ipcget(ns, &shm_ids(ns), &shm_ops, &shm_params);
+ return ipcget(ns, &shm_ids(ns), &shm_ops, &shm_params, req_id);
+}
+
+SYSCALL_DEFINE3(shmget, key_t, key, size_t, size, int, shmflg)
+{
+ return do_shmget(key, size, shmflg, -1);
}
static inline unsigned long copy_shmid_to_user(void __user *buf, struct shmid64_ds *in, int version)
diff --git a/ipc/util.c b/ipc/util.c
index 79ce84e..c4ce60d 100644
--- a/ipc/util.c
+++ b/ipc/util.c
@@ -247,10 +247,12 @@ int ipc_get_maxid(struct ipc_ids *ids)
* Called with ipc_ids.rw_mutex held as a writer.
*/
-int ipc_addid(struct ipc_ids* ids, struct kern_ipc_perm* new, int size)
+int
+ipc_addid(struct ipc_ids *ids, struct kern_ipc_perm *new, int size, int req_id)
{
uid_t euid;
gid_t egid;
+ int lid = 0;
int id, err;
if (size > IPCMNI)
@@ -259,28 +261,41 @@ int ipc_addid(struct ipc_ids* ids, struct kern_ipc_perm* new, int size)
if (ids->in_use >= size)
return -ENOSPC;
+ if (req_id >= 0)
+ lid = ipcid_to_idx(req_id);
+
spin_lock_init(&new->lock);
new->deleted = 0;
rcu_read_lock();
spin_lock(&new->lock);
- err = idr_get_new(&ids->ipcs_idr, new, &id);
+ err = idr_get_new_above(&ids->ipcs_idr, new, lid, &id);
if (err) {
spin_unlock(&new->lock);
rcu_read_unlock();
return err;
}
+ if (req_id >= 0) {
+ if (id != lid) {
+ idr_remove(&ids->ipcs_idr, id);
+ spin_unlock(&new->lock);
+ rcu_read_unlock();
+ return -EBUSY;
+ }
+ new->seq = req_id / SEQ_MULTIPLIER;
+ } else {
+ new->seq = ids->seq++;
+ if (ids->seq > ids->seq_max)
+ ids->seq = 0;
+ }
+
ids->in_use++;
current_euid_egid(&euid, &egid);
new->cuid = new->uid = euid;
new->gid = new->cgid = egid;
- new->seq = ids->seq++;
- if(ids->seq > ids->seq_max)
- ids->seq = 0;
-
new->id = ipc_buildid(id, new->seq);
return id;
}
@@ -296,7 +311,7 @@ int ipc_addid(struct ipc_ids* ids, struct kern_ipc_perm* new, int size)
* when the key is IPC_PRIVATE.
*/
static int ipcget_new(struct ipc_namespace *ns, struct ipc_ids *ids,
- struct ipc_ops *ops, struct ipc_params *params)
+ struct ipc_ops *ops, struct ipc_params *params, int req_id)
{
int err;
retry:
@@ -306,7 +321,7 @@ retry:
return -ENOMEM;
down_write(&ids->rw_mutex);
- err = ops->getnew(ns, params);
+ err = ops->getnew(ns, params, req_id);
up_write(&ids->rw_mutex);
if (err == -EAGAIN)
@@ -351,6 +366,7 @@ static int ipc_check_perms(struct kern_ipc_perm *ipcp, struct ipc_ops *ops,
* @ids: IPC identifer set
* @ops: the actual creation routine to call
* @params: its parameters
+ * @req_id: request desired id if available (-1 if don't care)
*
* This routine is called by sys_msgget, sys_semget() and sys_shmget()
* when the key is not IPC_PRIVATE.
@@ -360,7 +376,7 @@ static int ipc_check_perms(struct kern_ipc_perm *ipcp, struct ipc_ops *ops,
* On success, the ipc id is returned.
*/
static int ipcget_public(struct ipc_namespace *ns, struct ipc_ids *ids,
- struct ipc_ops *ops, struct ipc_params *params)
+ struct ipc_ops *ops, struct ipc_params *params, int req_id)
{
struct kern_ipc_perm *ipcp;
int flg = params->flg;
@@ -381,7 +397,7 @@ retry:
else if (!err)
err = -ENOMEM;
else
- err = ops->getnew(ns, params);
+ err = ops->getnew(ns, params, req_id);
} else {
/* ipc object has been locked by ipc_findkey() */
@@ -742,12 +758,12 @@ struct kern_ipc_perm *ipc_lock_check(struct ipc_ids *ids, int id)
* Common routine called by sys_msgget(), sys_semget() and sys_shmget().
*/
int ipcget(struct ipc_namespace *ns, struct ipc_ids *ids,
- struct ipc_ops *ops, struct ipc_params *params)
+ struct ipc_ops *ops, struct ipc_params *params, int req_id)
{
if (params->key == IPC_PRIVATE)
- return ipcget_new(ns, ids, ops, params);
+ return ipcget_new(ns, ids, ops, params, req_id);
else
- return ipcget_public(ns, ids, ops, params);
+ return ipcget_public(ns, ids, ops, params, req_id);
}
/**
diff --git a/ipc/util.h b/ipc/util.h
index 764b51a..159a73c 100644
--- a/ipc/util.h
+++ b/ipc/util.h
@@ -71,7 +71,7 @@ struct ipc_params {
* . routine to call for an extra check if needed
*/
struct ipc_ops {
- int (*getnew) (struct ipc_namespace *, struct ipc_params *);
+ int (*getnew) (struct ipc_namespace *, struct ipc_params *, int);
int (*associate) (struct kern_ipc_perm *, int);
int (*more_checks) (struct kern_ipc_perm *, struct ipc_params *);
};
@@ -94,7 +94,7 @@ void __init ipc_init_proc_interface(const char *path, const char *header,
#define ipcid_to_idx(id) ((id) % SEQ_MULTIPLIER)
/* must be called with ids->rw_mutex acquired for writing */
-int ipc_addid(struct ipc_ids *, struct kern_ipc_perm *, int);
+int ipc_addid(struct ipc_ids *, struct kern_ipc_perm *, int, int);
/* must be called with ids->rw_mutex acquired for reading */
int ipc_get_maxid(struct ipc_ids *);
@@ -171,7 +171,8 @@ static inline void ipc_unlock(struct kern_ipc_perm *perm)
struct kern_ipc_perm *ipc_lock_check(struct ipc_ids *ids, int id);
int ipcget(struct ipc_namespace *ns, struct ipc_ids *ids,
- struct ipc_ops *ops, struct ipc_params *params);
+ struct ipc_ops *ops, struct ipc_params *params, int req_id);
void free_ipcs(struct ipc_namespace *ns, struct ipc_ids *ids,
- void (*free)(struct ipc_namespace *, struct kern_ipc_perm *));
+ void (*free)(struct ipc_namespace *, struct kern_ipc_perm *));
+
#endif
--
1.6.3.3
^ permalink raw reply related [flat|nested] 137+ messages in thread* Re: [PATCH v21 053/100] c/r (ipc): allow allocation of a desired ipc identifier
2010-05-01 14:15 ` [PATCH v21 053/100] c/r (ipc): allow allocation of a desired ipc identifier Oren Laadan
@ 2010-05-07 16:32 ` Manfred Spraul
2010-05-07 17:08 ` Oren Laadan
0 siblings, 1 reply; 137+ messages in thread
From: Manfred Spraul @ 2010-05-07 16:32 UTC (permalink / raw)
To: Oren Laadan
Cc: Andrew Morton, containers, linux-kernel, Serge Hallyn,
Matt Helsley, Pavel Emelyanov, Oleg Nesterov
Hi Oren,
On 05/01/2010 04:15 PM, Oren Laadan wrote:
> @@ -82,7 +82,7 @@ void shm_init_ns(struct ipc_namespace *ns)
> * Called with shm_ids.rw_mutex (writer) and the shp structure locked.
> * Only shm_ids.rw_mutex remains locked on exit.
> */
> -static void do_shm_rmid(struct ipc_namespace *ns, struct kern_ipc_perm *ipcp)
> +void do_shm_rmid(struct ipc_namespace *ns, struct kern_ipc_perm *ipcp)
> {
> struct shmid_kernel *shp;
> shp = container_of(ipcp, struct shmid_kernel, shm_perm);
>
This hunk appears to be unrelated to the main patch.
Is it intentional or a left-over from debugging?
--
Manfred
^ permalink raw reply [flat|nested] 137+ messages in thread* Re: [PATCH v21 053/100] c/r (ipc): allow allocation of a desired ipc identifier
2010-05-07 16:32 ` Manfred Spraul
@ 2010-05-07 17:08 ` Oren Laadan
0 siblings, 0 replies; 137+ messages in thread
From: Oren Laadan @ 2010-05-07 17:08 UTC (permalink / raw)
To: Manfred Spraul
Cc: Andrew Morton, containers, linux-kernel, Serge Hallyn,
Matt Helsley, Pavel Emelyanov, Oleg Nesterov
Manfred Spraul wrote:
> Hi Oren,
>
>
> On 05/01/2010 04:15 PM, Oren Laadan wrote:
>> @@ -82,7 +82,7 @@ void shm_init_ns(struct ipc_namespace *ns)
>> * Called with shm_ids.rw_mutex (writer) and the shp structure locked.
>> * Only shm_ids.rw_mutex remains locked on exit.
>> */
>> -static void do_shm_rmid(struct ipc_namespace *ns, struct
>> kern_ipc_perm *ipcp)
>> +void do_shm_rmid(struct ipc_namespace *ns, struct kern_ipc_perm *ipcp)
>> {
>> struct shmid_kernel *shp;
>> shp = container_of(ipcp, struct shmid_kernel, shm_perm);
>>
> This hunk appears to be unrelated to the main patch.
> Is it intentional or a left-over from debugging?
>
Good catch: it belongs in patch 55: "c/r: support shared memory
sysv-ipc". Will move it there. Thanks for the review.
Oren.
^ permalink raw reply [flat|nested] 137+ messages in thread
* [PATCH v21 054/100] c/r: save and restore sysvipc namespace basics
2010-05-01 14:14 [PATCH v21 00/100] Kernel based checkpoint/restart Oren Laadan
` (52 preceding siblings ...)
2010-05-01 14:15 ` [PATCH v21 053/100] c/r (ipc): allow allocation of a desired ipc identifier Oren Laadan
@ 2010-05-01 14:15 ` Oren Laadan
2010-05-01 14:15 ` [PATCH v21 055/100] c/r: support share-memory sysv-ipc Oren Laadan
` (47 subsequent siblings)
101 siblings, 0 replies; 137+ messages in thread
From: Oren Laadan @ 2010-05-01 14:15 UTC (permalink / raw)
To: Andrew Morton
Cc: containers, linux-kernel, Serge Hallyn, Matt Helsley,
Pavel Emelyanov, Oren Laadan, Manfred Spraul
Add the helpers to checkpoint and restore the contents of 'struct
kern_ipc_perm'. Add header structures for ipc state. Put place-holders
to save and restore ipc state.
Save and restores the common state (parameters) of ipc namespace.
Generic code to iterate through the objects of sysvipc shared memory,
message queues and semaphores. The logic to save and restore the state
of these objects will be added in the next few patches.
Right now, we return -EPERM if the user calling sys_restart() isn't
allowed to create an object with the checkpointed uid. We may prefer
to simply use the caller's uid in that case - but that could lead to
subtle userspace bugs? Unsure, so going for the stricter behavior.
TODO: restore kern_ipc_perms->security.
Changelog[v21]:
- Do not include checkpoint_hdr.h explicitly
- [Serge Hallyn] handle CONFIG_SYSVIPC=n, CONFIG_SYSVIPC=n, and
CONFIG_POSIX_MQUEUE=n using a 0 objref in the checkpoint image
to signify sharing any existing ipc namespace on restart.
Changelog[v20]:
- Fix "scheduling while atomic" in ipc c/r
- Cleanup: no need to restore perm->{id,key,seq}
- Fix sysvipc=n compile
Changelog[v19]:
- Restart to handle checkpoint images lacking {uts,ipc}-ns
Changelog[v19-rc3]:
- ipc_objref should be s32 like all objrefs
Changelog[v19-rc1]:
- [Matt Helsley] Add cpp definitions for enums
- [Serge Hallyn] Fix compile with !CONFIG_CHECKPOINT_DEBUG
Changelog[v17]:
- Fix include: use checkpoint.h not checkpoint_hdr.h
- Collect nsproxy->ipc_ns
- Restore objects in the right namespace
- If !CONFIG_IPC_NS only restore objects, not global settings
- Don't overwrite global ipc-ns if !CONFIG_IPC_NS
- Reset the checkpointed uid and gid info on ipc objects
- Fix compilation with CONFIG_SYSVIPC=n
Changelog [Dan Smith <danms@us.ibm.com>]
- Fix compilation with CONFIG_SYSVIPC=n
- Update to match UTS changes
Cc: Manfred Spraul <manfred@colorfullife.com>
Signed-off-by: Oren Laadan <orenl@cs.columbia.edu>
Acked-by: Serge E. Hallyn <serue@us.ibm.com>
Tested-by: Serge E. Hallyn <serue@us.ibm.com>
---
include/linux/checkpoint.h | 4 +
include/linux/checkpoint_hdr.h | 60 ++++++
include/linux/checkpoint_types.h | 1 +
init/Kconfig | 6 +
ipc/Makefile | 2 +-
ipc/checkpoint.c | 366 ++++++++++++++++++++++++++++++++++++++
ipc/namespace.c | 2 +-
ipc/util.h | 10 +
kernel/checkpoint/checkpoint.c | 2 -
kernel/checkpoint/objhash.c | 1 +
kernel/nsproxy.c | 26 +++-
11 files changed, 475 insertions(+), 5 deletions(-)
create mode 100644 ipc/checkpoint.c
diff --git a/include/linux/checkpoint.h b/include/linux/checkpoint.h
index 2b6d0c7..e43f7a9 100644
--- a/include/linux/checkpoint.h
+++ b/include/linux/checkpoint.h
@@ -25,6 +25,9 @@
#ifdef __KERNEL__
#ifdef CONFIG_CHECKPOINT
+#include <linux/sched.h>
+#include <linux/nsproxy.h>
+#include <linux/ipc_namespace.h>
#include <linux/checkpoint_types.h>
#include <linux/checkpoint_hdr.h>
#include <linux/err.h>
@@ -236,6 +239,7 @@ static inline int ckpt_validate_errno(int errno)
#define CKPT_DFILE 0x10 /* files and filesystem */
#define CKPT_DMEM 0x20 /* memory state */
#define CKPT_DPAGE 0x40 /* memory pages */
+#define CKPT_DIPC 0x80 /* sysvipc */
#define CKPT_DDEFAULT 0xffff /* default debug level */
diff --git a/include/linux/checkpoint_hdr.h b/include/linux/checkpoint_hdr.h
index b97217f..78d5996 100644
--- a/include/linux/checkpoint_hdr.h
+++ b/include/linux/checkpoint_hdr.h
@@ -88,6 +88,8 @@ enum {
#define CKPT_HDR_NS CKPT_HDR_NS
CKPT_HDR_UTS_NS,
#define CKPT_HDR_UTS_NS CKPT_HDR_UTS_NS
+ CKPT_HDR_IPC_NS,
+#define CKPT_HDR_IPC_NS CKPT_HDR_IPC_NS
/* 201-299: reserved for arch-dependent */
@@ -111,6 +113,15 @@ enum {
CKPT_HDR_MM_CONTEXT,
#define CKPT_HDR_MM_CONTEXT CKPT_HDR_MM_CONTEXT
+ CKPT_HDR_IPC = 501,
+#define CKPT_HDR_IPC CKPT_HDR_IPC
+ CKPT_HDR_IPC_SHM,
+#define CKPT_HDR_IPC_SHM CKPT_HDR_IPC_SHM
+ CKPT_HDR_IPC_MSG,
+#define CKPT_HDR_IPC_MSG CKPT_HDR_IPC_MSG
+ CKPT_HDR_IPC_SEM,
+#define CKPT_HDR_IPC_SEM CKPT_HDR_IPC_SEM
+
CKPT_HDR_TAIL = 9001,
#define CKPT_HDR_TAIL CKPT_HDR_TAIL
@@ -149,6 +160,8 @@ enum obj_type {
#define CKPT_OBJ_NS CKPT_OBJ_NS
CKPT_OBJ_UTS_NS,
#define CKPT_OBJ_UTS_NS CKPT_OBJ_UTS_NS
+ CKPT_OBJ_IPC_NS,
+#define CKPT_OBJ_IPC_NS CKPT_OBJ_IPC_NS
CKPT_OBJ_MAX
#define CKPT_OBJ_MAX CKPT_OBJ_MAX
};
@@ -245,6 +258,7 @@ struct ckpt_hdr_task_ns {
struct ckpt_hdr_ns {
struct ckpt_hdr h;
__s32 uts_objref;
+ __s32 ipc_objref;
} __attribute__((aligned(8)));
/* cannot include <linux/tty.h> from userspace, so define: */
@@ -410,4 +424,50 @@ struct ckpt_hdr_pgarr {
} __attribute__((aligned(8)));
+/* ipc commons */
+struct ckpt_hdr_ipcns {
+ struct ckpt_hdr h;
+ __u64 shm_ctlmax;
+ __u64 shm_ctlall;
+ __s32 shm_ctlmni;
+
+ __s32 msg_ctlmax;
+ __s32 msg_ctlmnb;
+ __s32 msg_ctlmni;
+
+ __s32 sem_ctl_msl;
+ __s32 sem_ctl_mns;
+ __s32 sem_ctl_opm;
+ __s32 sem_ctl_mni;
+} __attribute__((aligned(8)));
+
+struct ckpt_hdr_ipc {
+ struct ckpt_hdr h;
+ __u32 ipc_type;
+ __u32 ipc_count;
+} __attribute__((aligned(8)));
+
+struct ckpt_hdr_ipc_perms {
+ __s32 id;
+ __u32 key;
+ __u32 uid;
+ __u32 gid;
+ __u32 cuid;
+ __u32 cgid;
+ __u32 mode;
+ __u32 _padding;
+ __u64 seq;
+} __attribute__((aligned(8)));
+
+
+#define CKPT_TST_OVERFLOW_16(a, b) \
+ ((sizeof(a) > sizeof(b)) && ((a) > SHORT_MAX))
+
+#define CKPT_TST_OVERFLOW_32(a, b) \
+ ((sizeof(a) > sizeof(b)) && ((a) > INT_MAX))
+
+#define CKPT_TST_OVERFLOW_64(a, b) \
+ ((sizeof(a) > sizeof(b)) && ((a) > LONG_MAX))
+
+
#endif /* _CHECKPOINT_CKPT_HDR_H_ */
diff --git a/include/linux/checkpoint_types.h b/include/linux/checkpoint_types.h
index 86f3a06..cff2eb1 100644
--- a/include/linux/checkpoint_types.h
+++ b/include/linux/checkpoint_types.h
@@ -24,6 +24,7 @@
struct ckpt_stats {
int uts_ns;
+ int ipc_ns;
};
struct ckpt_ctx {
diff --git a/init/Kconfig b/init/Kconfig
index 2345902..424d5b6 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -201,6 +201,12 @@ config SYSVIPC
section 6.4 of the Linux Programmer's Guide, available from
<http://www.tldp.org/guides.html>.
+config SYSVIPC_CHECKPOINT
+ bool
+ depends on SYSVIPC
+ depends on CHECKPOINT
+ default y
+
config SYSVIPC_SYSCTL
bool
depends on SYSVIPC
diff --git a/ipc/Makefile b/ipc/Makefile
index 9075e17..553c6d5 100644
--- a/ipc/Makefile
+++ b/ipc/Makefile
@@ -9,4 +9,4 @@ obj_mq-$(CONFIG_COMPAT) += compat_mq.o
obj-$(CONFIG_POSIX_MQUEUE) += mqueue.o msgutil.o $(obj_mq-y)
obj-$(CONFIG_IPC_NS) += namespace.o
obj-$(CONFIG_POSIX_MQUEUE_SYSCTL) += mq_sysctl.o
-
+obj-$(CONFIG_SYSVIPC_CHECKPOINT) += checkpoint.o
diff --git a/ipc/checkpoint.c b/ipc/checkpoint.c
new file mode 100644
index 0000000..6ff2ea7
--- /dev/null
+++ b/ipc/checkpoint.c
@@ -0,0 +1,366 @@
+/*
+ * Checkpoint logic and helpers
+ *
+ * Copyright (C) 2009 Oren Laadan
+ *
+ * This file is subject to the terms and conditions of the GNU General Public
+ * License. See the file COPYING in the main directory of the Linux
+ * distribution for more details.
+ */
+
+/* default debug level for output */
+#define CKPT_DFLAG CKPT_DIPC
+
+#include <linux/ipc.h>
+#include <linux/msg.h>
+#include <linux/sched.h>
+#include <linux/ipc_namespace.h>
+#include <linux/checkpoint.h>
+
+#include "util.h"
+
+/* for ckpt_debug */
+#ifdef CONFIG_CHECKPOINT_DEBUG
+static char *ipc_ind_to_str[] = { "sem", "msg", "shm" };
+#endif
+
+#define shm_ids(ns) ((ns)->ids[IPC_SHM_IDS])
+#define msg_ids(ns) ((ns)->ids[IPC_MSG_IDS])
+#define sem_ids(ns) ((ns)->ids[IPC_SEM_IDS])
+
+/**************************************************************************
+ * Checkpoint
+ */
+
+/*
+ * Requires that ids->rw_mutex be held; this is sufficient because:
+ *
+ * (a) The data accessed either may not change at all (e.g. id, key,
+ * sqe), or may only change by ipc_update_perm() (e.g. uid, cuid, gid,
+ * cgid, mode), which is only called with the mutex write-held.
+ *
+ * (b) The function ipcperms() relies solely on the latter (uid, vuid,
+ * gid, cgid, mode)
+ *
+ * (c) The security context perm->security also may only change when the
+ * mutex is taken.
+ */
+int checkpoint_fill_ipc_perms(struct ckpt_hdr_ipc_perms *h,
+ struct kern_ipc_perm *perm)
+{
+ if (ipcperms(perm, S_IROTH))
+ return -EACCES;
+
+ h->id = perm->id;
+ h->key = perm->key;
+ h->uid = perm->uid;
+ h->gid = perm->gid;
+ h->cuid = perm->cuid;
+ h->cgid = perm->cgid;
+ h->mode = perm->mode & S_IRWXUGO;
+ h->seq = perm->seq;
+
+ return 0;
+}
+
+static int checkpoint_ipc_any(struct ckpt_ctx *ctx,
+ struct ipc_namespace *ipc_ns,
+ int ipc_ind, int ipc_type,
+ int (*func)(int id, void *p, void *data))
+{
+ struct ckpt_hdr_ipc *h;
+ struct ipc_ids *ipc_ids = &ipc_ns->ids[ipc_ind];
+ int ret = -ENOMEM;
+
+ down_read(&ipc_ids->rw_mutex);
+ h = ckpt_hdr_get_type(ctx, sizeof(*h), CKPT_HDR_IPC);
+ if (!h)
+ goto out;
+
+ h->ipc_type = ipc_type;
+ h->ipc_count = ipc_ids->in_use;
+ ckpt_debug("ipc-%s count %d\n", ipc_ind_to_str[ipc_ind], h->ipc_count);
+
+ ret = ckpt_write_obj(ctx, &h->h);
+ ckpt_hdr_put(ctx, h);
+ if (ret < 0)
+ goto out;
+
+ ret = idr_for_each(&ipc_ids->ipcs_idr, func, ctx);
+ ckpt_debug("ipc-%s ret %d\n", ipc_ind_to_str[ipc_ind], ret);
+ out:
+ up_read(&ipc_ids->rw_mutex);
+ return ret;
+}
+
+static int checkpoint_ipc_ns(struct ckpt_ctx *ctx, void *ptr)
+{
+ struct ipc_namespace *ipc_ns = ptr;
+ struct ckpt_hdr_ipcns *h;
+ int ret;
+
+ h = ckpt_hdr_get_type(ctx, sizeof(*h), CKPT_HDR_IPC_NS);
+ if (!h)
+ return -ENOMEM;
+
+ down_read(&shm_ids(ipc_ns).rw_mutex);
+ h->shm_ctlmax = ipc_ns->shm_ctlmax;
+ h->shm_ctlall = ipc_ns->shm_ctlall;
+ h->shm_ctlmni = ipc_ns->shm_ctlmni;
+ up_read(&shm_ids(ipc_ns).rw_mutex);
+
+ down_read(&msg_ids(ipc_ns).rw_mutex);
+ h->msg_ctlmax = ipc_ns->msg_ctlmax;
+ h->msg_ctlmnb = ipc_ns->msg_ctlmnb;
+ h->msg_ctlmni = ipc_ns->msg_ctlmni;
+ up_read(&msg_ids(ipc_ns).rw_mutex);
+
+ down_read(&sem_ids(ipc_ns).rw_mutex);
+ h->sem_ctl_msl = ipc_ns->sem_ctls[0];
+ h->sem_ctl_mns = ipc_ns->sem_ctls[1];
+ h->sem_ctl_opm = ipc_ns->sem_ctls[2];
+ h->sem_ctl_mni = ipc_ns->sem_ctls[3];
+ up_read(&sem_ids(ipc_ns).rw_mutex);
+
+ ret = ckpt_write_obj(ctx, &h->h);
+ ckpt_hdr_put(ctx, h);
+ if (ret < 0)
+ return ret;
+
+#if 0 /* NEXT FEW PATCHES */
+ ret = checkpoint_ipc_any(ctx, ipc_ns, IPC_SHM_IDS,
+ CKPT_HDR_IPC_SHM, checkpoint_ipc_shm);
+ if (ret < 0)
+ return ret;
+ ret = checkpoint_ipc_any(ctx, ipc_ns, IPC_MSG_IDS,
+ CKPT_HDR_IPC_MSG, checkpoint_ipc_msg);
+ if (ret < 0)
+ return ret;
+ ret = checkpoint_ipc_any(ctx, ipc_ns, IPC_SEM_IDS,
+ CKPT_HDR_IPC_SEM, checkpoint_ipc_sem);
+#endif
+ return ret;
+}
+
+/**************************************************************************
+ * Restart
+ */
+
+/*
+ * check whether current task may create ipc object with
+ * checkpointed uids and gids.
+ * Return 1 if ok, 0 if not.
+ */
+static int validate_created_perms(struct ckpt_hdr_ipc_perms *h)
+{
+ const struct cred *cred = current_cred();
+ uid_t uid = cred->uid, euid = cred->euid;
+
+ /* actually I don't know - is CAP_IPC_OWNER the right one? */
+ if (((h->uid != uid && h->uid == euid) ||
+ (h->cuid != uid && h->cuid != euid) ||
+ !in_group_p(h->cgid) ||
+ !in_group_p(h->gid)) &&
+ !capable(CAP_IPC_OWNER))
+ return 0;
+ return 1;
+}
+
+/*
+ * Requires that ids->rw_mutex be held; this is sufficient because:
+ *
+ * (a) The data accessed either may only change by ipc_update_perm()
+ * or by security hooks (perm->security), all of which are only called
+ * with the mutex write-held.
+ *
+ * (b) During restart, we are guarantted to be using a brand new
+ * ipc-ns, only accessible to us, so there will be no attempt for
+ * access validation while we restore the state (by other tasks).
+ */
+int restore_load_ipc_perms(struct ckpt_hdr_ipc_perms *h,
+ struct kern_ipc_perm *perm)
+{
+ if (h->id < 0)
+ return -EINVAL;
+ if (CKPT_TST_OVERFLOW_16(h->uid, perm->uid) ||
+ CKPT_TST_OVERFLOW_16(h->gid, perm->gid) ||
+ CKPT_TST_OVERFLOW_16(h->cuid, perm->cuid) ||
+ CKPT_TST_OVERFLOW_16(h->cgid, perm->cgid) ||
+ CKPT_TST_OVERFLOW_16(h->mode, perm->mode))
+ return -EINVAL;
+ if (h->seq >= USHORT_MAX)
+ return -EINVAL;
+ if (h->mode & ~S_IRWXUGO)
+ return -EINVAL;
+
+ /* FIX: verify the ->mode field makes sense */
+
+ if (!validate_created_perms(h))
+ return -EPERM;
+ perm->uid = h->uid;
+ perm->gid = h->gid;
+ perm->cuid = h->cuid;
+ perm->cgid = h->cgid;
+ perm->mode = h->mode;
+
+ /*
+ * Todo: restore perm->security.
+ * At the moment it gets set by security_x_alloc() called through
+ * ipcget()->ipcget_public()->ops-.getnew (->nequeue for instance)
+ * We will want to ask the LSM to consider resetting the
+ * checkpointed ->security, based on current_security(),
+ * the checkpointed ->security, and the checkpoint file context.
+ */
+
+ return 0;
+}
+
+static int restore_ipc_any(struct ckpt_ctx *ctx, struct ipc_namespace *ipc_ns,
+ int ipc_ind, int ipc_type,
+ int (*func)(struct ckpt_ctx *ctx,
+ struct ipc_namespace *ns))
+{
+ struct ckpt_hdr_ipc *h;
+ int n, ret;
+
+ h = ckpt_read_obj_type(ctx, sizeof(*h), CKPT_HDR_IPC);
+ if (IS_ERR(h))
+ return PTR_ERR(h);
+
+ ckpt_debug("ipc-%s: count %d\n", ipc_ind_to_str[ipc_ind], h->ipc_count);
+
+ ret = -EINVAL;
+ if (h->ipc_type != ipc_type)
+ goto out;
+
+ ret = 0;
+ for (n = 0; n < h->ipc_count; n++) {
+ ret = (*func)(ctx, ipc_ns);
+ if (ret < 0)
+ goto out;
+ }
+ out:
+ ckpt_debug("ipc-%s: ret %d\n", ipc_ind_to_str[ipc_ind], ret);
+ ckpt_hdr_put(ctx, h);
+ return ret;
+}
+
+static void *restore_ipc_ns(struct ckpt_ctx *ctx)
+{
+ struct ipc_namespace *ipc_ns = NULL;
+ struct ckpt_hdr_ipcns *h;
+ int ret;
+
+ h = ckpt_read_obj_type(ctx, sizeof(*h), CKPT_HDR_IPC_NS);
+ if (IS_ERR(h))
+ return ERR_PTR(PTR_ERR(h));
+
+ ret = -EINVAL;
+ if (h->shm_ctlmax < 0 || h->shm_ctlall < 0 || h->shm_ctlmni < 0)
+ goto out;
+ if (h->msg_ctlmax < 0 || h->msg_ctlmnb < 0 || h->msg_ctlmni < 0)
+ goto out;
+ if (h->sem_ctl_msl < 0 || h->sem_ctl_mns < 0 ||
+ h->sem_ctl_opm < 0 || h->sem_ctl_mni < 0)
+ goto out;
+
+ /*
+ * If !CONFIG_IPC_NS, do not restore the global IPC state, as
+ * it is used by other processes. It is ok to try to restore
+ * the {shm,msg,sem} objects: in the worst case the requested
+ * identifiers will be in use.
+ */
+#ifdef CONFIG_IPC_NS
+ ret = -ENOMEM;
+ ipc_ns = create_ipc_ns();
+ if (!ipc_ns)
+ goto out;
+
+ down_read(&shm_ids(ipc_ns).rw_mutex);
+ ipc_ns->shm_ctlmax = h->shm_ctlmax;
+ ipc_ns->shm_ctlall = h->shm_ctlall;
+ ipc_ns->shm_ctlmni = h->shm_ctlmni;
+ up_read(&shm_ids(ipc_ns).rw_mutex);
+
+ down_read(&msg_ids(ipc_ns).rw_mutex);
+ ipc_ns->msg_ctlmax = h->msg_ctlmax;
+ ipc_ns->msg_ctlmnb = h->msg_ctlmnb;
+ ipc_ns->msg_ctlmni = h->msg_ctlmni;
+ up_read(&msg_ids(ipc_ns).rw_mutex);
+
+ down_read(&sem_ids(ipc_ns).rw_mutex);
+ ipc_ns->sem_ctls[0] = h->sem_ctl_msl;
+ ipc_ns->sem_ctls[1] = h->sem_ctl_mns;
+ ipc_ns->sem_ctls[2] = h->sem_ctl_opm;
+ ipc_ns->sem_ctls[3] = h->sem_ctl_mni;
+ up_read(&sem_ids(ipc_ns).rw_mutex);
+#else
+ ret = -EEXIST;
+ /* complain if image contains multiple namespaces */
+ if (ctx->stats.ipc_ns)
+ goto out;
+ ipc_ns = current->nsproxy->ipc_ns;
+ get_ipc_ns(ipc_ns);
+#endif
+
+#if 0 /* NEXT FEW PATCHES */
+ ret = restore_ipc_any(ctx, ipc_ns, IPC_SHM_IDS,
+ CKPT_HDR_IPC_SHM, restore_ipc_shm);
+ if (ret < 0)
+ goto out;
+ ret = restore_ipc_any(ctx, ipc_ns, IPC_MSG_IDS,
+ CKPT_HDR_IPC_MSG, restore_ipc_msg);
+ if (ret < 0)
+ goto out;
+ ret = restore_ipc_any(ctx, ipc_ns, IPC_SEM_IDS,
+ CKPT_HDR_IPC_SEM, restore_ipc_sem);
+#endif
+ if (ret < 0)
+ goto out;
+
+ ctx->stats.ipc_ns++;
+ out:
+ ckpt_hdr_put(ctx, h);
+ if (ret < 0) {
+ put_ipc_ns(ipc_ns);
+ ipc_ns = ERR_PTR(ret);
+ }
+ return (void *)ipc_ns;
+}
+
+/*
+ * ipc-related checkpoint objects
+ */
+
+static int obj_ipc_ns_grab(void *ptr)
+{
+ get_ipc_ns((struct ipc_namespace *) ptr);
+ return 0;
+}
+
+static void obj_ipc_ns_drop(void *ptr, int lastref)
+{
+ put_ipc_ns((struct ipc_namespace *) ptr);
+}
+
+static int obj_ipc_ns_users(void *ptr)
+{
+ return atomic_read(&((struct ipc_namespace *) ptr)->count);
+}
+
+/* ipc_ns object */
+static struct ckpt_obj_ops ckpt_obj_ipcns_ops = {
+ .obj_name = "IPC_NS",
+ .obj_type = CKPT_OBJ_IPC_NS,
+ .ref_drop = obj_ipc_ns_drop,
+ .ref_grab = obj_ipc_ns_grab,
+ .ref_users = obj_ipc_ns_users,
+ .checkpoint = checkpoint_ipc_ns,
+ .restore = restore_ipc_ns,
+};
+
+static int __init checkpoint_register_ipcns(void)
+{
+ return register_checkpoint_obj(&ckpt_obj_ipcns_ops);
+}
+module_init(checkpoint_register_ipcns);
diff --git a/ipc/namespace.c b/ipc/namespace.c
index a1094ff..8e5ea32 100644
--- a/ipc/namespace.c
+++ b/ipc/namespace.c
@@ -14,7 +14,7 @@
#include "util.h"
-static struct ipc_namespace *create_ipc_ns(void)
+struct ipc_namespace *create_ipc_ns(void)
{
struct ipc_namespace *ns;
int err;
diff --git a/ipc/util.h b/ipc/util.h
index 159a73c..8ae1f8e 100644
--- a/ipc/util.h
+++ b/ipc/util.h
@@ -12,6 +12,7 @@
#include <linux/unistd.h>
#include <linux/err.h>
+#include <linux/checkpoint.h>
#define SEQ_MULTIPLIER (IPCMNI)
@@ -175,4 +176,13 @@ int ipcget(struct ipc_namespace *ns, struct ipc_ids *ids,
void free_ipcs(struct ipc_namespace *ns, struct ipc_ids *ids,
void (*free)(struct ipc_namespace *, struct kern_ipc_perm *));
+struct ipc_namespace *create_ipc_ns(void);
+
+#ifdef CONFIG_CHECKPOINT
+extern int checkpoint_fill_ipc_perms(struct ckpt_hdr_ipc_perms *h,
+ struct kern_ipc_perm *perm);
+extern int restore_load_ipc_perms(struct ckpt_hdr_ipc_perms *h,
+ struct kern_ipc_perm *perm);
+#endif
+
#endif
diff --git a/kernel/checkpoint/checkpoint.c b/kernel/checkpoint/checkpoint.c
index 3736475..51ddce5 100644
--- a/kernel/checkpoint/checkpoint.c
+++ b/kernel/checkpoint/checkpoint.c
@@ -265,8 +265,6 @@ static int may_checkpoint_task(struct ckpt_ctx *ctx, struct task_struct *t)
rcu_read_lock();
nsproxy = task_nsproxy(t);
- if (nsproxy->ipc_ns != ctx->root_nsproxy->ipc_ns)
- ret = -EPERM;
/* no support for >1 private mntns */
if (nsproxy->mnt_ns != ctx->root_nsproxy->mnt_ns) {
_ckpt_err(ctx, -EPERM, "%(T)Nested mnt_ns unsupported\n");
diff --git a/kernel/checkpoint/objhash.c b/kernel/checkpoint/objhash.c
index d504568..0fe741b 100644
--- a/kernel/checkpoint/objhash.c
+++ b/kernel/checkpoint/objhash.c
@@ -16,6 +16,7 @@
#include <linux/slab.h>
#include <linux/hash.h>
#include <linux/file.h>
+#include <linux/sched.h>
#include <linux/checkpoint.h>
struct ckpt_obj {
diff --git a/kernel/nsproxy.c b/kernel/nsproxy.c
index 84693e9..17f5a93 100644
--- a/kernel/nsproxy.c
+++ b/kernel/nsproxy.c
@@ -260,6 +260,9 @@ int ckpt_collect_ns(struct ckpt_ctx *ctx, struct task_struct *t)
ret = ckpt_obj_collect(ctx, nsproxy->uts_ns, CKPT_OBJ_UTS_NS);
if (ret < 0)
goto out;
+#ifdef CONFIG_IPC_NS
+ ret = ckpt_obj_collect(ctx, nsproxy->ipc_ns, CKPT_OBJ_IPC_NS);
+#endif
/* TODO: collect other namespaces here */
out:
@@ -281,6 +284,15 @@ static int checkpoint_ns(struct ckpt_ctx *ctx, void *ptr)
if (ret <= 0)
goto out;
h->uts_objref = ret;
+#ifdef CONFIG_IPC_NS
+ ret = checkpoint_obj(ctx, nsproxy->ipc_ns, CKPT_OBJ_IPC_NS);
+ if (ret < 0)
+ goto out;
+#else /* CONFIG_IPC_NS */
+ ret = 0;
+#endif /* CONFIG_IPC_NS */
+ h->ipc_objref = ret;
+
/* TODO: Write other namespaces here */
ret = ckpt_write_obj(ctx, &h->h);
@@ -312,7 +324,19 @@ static void *restore_ns(struct ckpt_ctx *ctx)
goto out;
}
- ipc_ns = ctx->root_nsproxy->ipc_ns;
+ if (h->ipc_objref == 0)
+ ipc_ns = ctx->root_nsproxy->ipc_ns;
+ else
+#ifdef CONFIG_IPC_NS
+ ipc_ns = ckpt_obj_fetch(ctx, h->ipc_objref, CKPT_OBJ_IPC_NS);
+#else
+ ipc_ns = ERR_PTR(-EINVAL);
+#endif
+ if (IS_ERR(ipc_ns)) {
+ ret = PTR_ERR(ipc_ns);
+ goto out;
+ }
+
mnt_ns = ctx->root_nsproxy->mnt_ns;
net_ns = ctx->root_nsproxy->net_ns;
--
1.6.3.3
^ permalink raw reply related [flat|nested] 137+ messages in thread* [PATCH v21 055/100] c/r: support share-memory sysv-ipc
2010-05-01 14:14 [PATCH v21 00/100] Kernel based checkpoint/restart Oren Laadan
` (53 preceding siblings ...)
2010-05-01 14:15 ` [PATCH v21 054/100] c/r: save and restore sysvipc namespace basics Oren Laadan
@ 2010-05-01 14:15 ` Oren Laadan
2010-05-01 14:15 ` [PATCH v21 056/100] c/r: support message-queues sysv-ipc Oren Laadan
` (46 subsequent siblings)
101 siblings, 0 replies; 137+ messages in thread
From: Oren Laadan @ 2010-05-01 14:15 UTC (permalink / raw)
To: Andrew Morton
Cc: containers, linux-kernel, Serge Hallyn, Matt Helsley,
Pavel Emelyanov, Oren Laadan, Oleg Nesterov, Manfred Spraul
Checkpoint of sysvipc shared memory is performed in two steps: first,
the entire ipc namespace is dumped as a whole by iterating through all
shm objects and dumping the contents of each one. The shmem inode is
registered in the objhash. Second, for each vma that refers to ipc
shared memory we find the inode in the objhash, and save the objref.
(If we find a new inode, that indicates that the ipc namespace is not
entirely frozen and someone must have manipulated it since step 1).
Handling of shm objects that have been deleted (via IPC_RMID) is left
to a later patch in this series.
Changelog[v21]:
- Do not include checkpoint_hdr.h explicitly
Changelog[v20]:
- Fix "scheduling in atomic" while restoring ipc shm
Changelog[v19-rc3]:
- Rebase to kernel 2.6.33
Changelog[v19-rc1]:
- [Matt Helsley] Add cpp definitions for enums
Changelog[v18]:
- Collect files used by shm objects
- Use file instead of inode as shared object during checkpoint
Changelog[v17]:
- Restore objects in the right namespace
- Properly initialize ctx->deferqueue
- Fix compilation with CONFIG_CHECKPOINT=n
Cc: Oleg Nesterov <oleg@redhat.com>
Cc: Manfred Spraul <manfred@colorfullife.com>
Signed-off-by: Oren Laadan <orenl@cs.columbia.edu>
Acked-by: Serge E. Hallyn <serue@us.ibm.com>
Tested-by: Serge E. Hallyn <serue@us.ibm.com>
---
include/linux/checkpoint.h | 15 ++
include/linux/checkpoint_hdr.h | 21 +++-
include/linux/checkpoint_types.h | 1 +
include/linux/shm.h | 15 ++
ipc/Makefile | 2 +-
ipc/checkpoint.c | 25 +++-
ipc/checkpoint_shm.c | 305 ++++++++++++++++++++++++++++++++++++++
ipc/shm.c | 84 ++++++++++-
ipc/util.h | 9 +
kernel/checkpoint/checkpoint.c | 5 +
kernel/checkpoint/restart.c | 6 +
kernel/checkpoint/sys.c | 7 +
kernel/nsproxy.c | 8 +
mm/checkpoint.c | 28 +++-
14 files changed, 517 insertions(+), 14 deletions(-)
create mode 100644 ipc/checkpoint_shm.c
diff --git a/include/linux/checkpoint.h b/include/linux/checkpoint.h
index e43f7a9..2f72a6a 100644
--- a/include/linux/checkpoint.h
+++ b/include/linux/checkpoint.h
@@ -172,6 +172,18 @@ extern int restore_restart_block(struct ckpt_ctx *ctx);
/* namespaces */
extern int ckpt_collect_ns(struct ckpt_ctx *ctx, struct task_struct *t);
+/* ipc-ns */
+#ifdef CONFIG_SYSVIPC
+extern int ckpt_collect_ipc_ns(struct ckpt_ctx *ctx,
+ struct ipc_namespace *ipc_ns);
+#else
+static inline int ckpt_collect_ipc_ns(struct ckpt_ctx *ctx,
+ struct ipc_namespace *ipc_ns)
+{
+ return 0;
+}
+#endif /* CONFIG_SYSVIPC */
+
/* file table */
extern int ckpt_collect_file_table(struct ckpt_ctx *ctx, struct task_struct *t);
extern int checkpoint_obj_file_table(struct ckpt_ctx *ctx,
@@ -218,6 +230,9 @@ extern unsigned long generic_vma_restore(struct mm_struct *mm,
extern int private_vma_restore(struct ckpt_ctx *ctx, struct mm_struct *mm,
struct file *file, struct ckpt_hdr_vma *h);
+extern int checkpoint_memory_contents(struct ckpt_ctx *ctx,
+ struct vm_area_struct *vma,
+ struct inode *inode);
extern int restore_memory_contents(struct ckpt_ctx *ctx, struct inode *inode);
diff --git a/include/linux/checkpoint_hdr.h b/include/linux/checkpoint_hdr.h
index 78d5996..e9983b4 100644
--- a/include/linux/checkpoint_hdr.h
+++ b/include/linux/checkpoint_hdr.h
@@ -397,7 +397,11 @@ enum vma_type {
#define CKPT_VMA_SHM_ANON_SKIP CKPT_VMA_SHM_ANON_SKIP
CKPT_VMA_SHM_FILE, /* shared mapped file, only msync */
#define CKPT_VMA_SHM_FILE CKPT_VMA_SHM_FILE
- CKPT_VMA_MAX
+ CKPT_VMA_SHM_IPC, /* shared sysvipc */
+#define CKPT_VMA_SHM_IPC CKPT_VMA_SHM_IPC
+ CKPT_VMA_SHM_IPC_SKIP, /* shared sysvipc (skip contents) */
+#define CKPT_VMA_SHM_IPC_SKIP CKPT_VMA_SHM_IPC_SKIP
+ CKPT_VMA_MAX,
#define CKPT_VMA_MAX CKPT_VMA_MAX
};
@@ -448,6 +452,7 @@ struct ckpt_hdr_ipc {
} __attribute__((aligned(8)));
struct ckpt_hdr_ipc_perms {
+ struct ckpt_hdr h;
__s32 id;
__u32 key;
__u32 uid;
@@ -459,6 +464,20 @@ struct ckpt_hdr_ipc_perms {
__u64 seq;
} __attribute__((aligned(8)));
+struct ckpt_hdr_ipc_shm {
+ struct ckpt_hdr h;
+ struct ckpt_hdr_ipc_perms perms;
+ __u64 shm_segsz;
+ __u64 shm_atim;
+ __u64 shm_dtim;
+ __u64 shm_ctim;
+ __s32 shm_cprid;
+ __s32 shm_lprid;
+ __u32 mlock_uid;
+ __u32 flags;
+ __u32 objref;
+} __attribute__((aligned(8)));
+
#define CKPT_TST_OVERFLOW_16(a, b) \
((sizeof(a) > sizeof(b)) && ((a) > SHORT_MAX))
diff --git a/include/linux/checkpoint_types.h b/include/linux/checkpoint_types.h
index cff2eb1..d1b893c 100644
--- a/include/linux/checkpoint_types.h
+++ b/include/linux/checkpoint_types.h
@@ -49,6 +49,7 @@ struct ckpt_ctx {
atomic_t refcount;
struct ckpt_obj_hash *obj_hash; /* repository for shared objects */
+ struct deferqueue_head *deferqueue; /* deferred c/r work */
struct deferqueue_head *files_deferq; /* deferred file-table work */
struct path root_fs_path; /* container root (FIXME) */
diff --git a/include/linux/shm.h b/include/linux/shm.h
index eca6235..94ac1a7 100644
--- a/include/linux/shm.h
+++ b/include/linux/shm.h
@@ -118,6 +118,21 @@ static inline int is_file_shm_hugepages(struct file *file)
}
#endif
+struct ipc_namespace;
+extern int shmctl_down(struct ipc_namespace *ns, int shmid, int cmd,
+ struct shmid_ds __user *buf, int version);
+
+#ifdef CONFIG_CHECKPOINT
+#ifdef CONFIG_SYSVIPC
+struct ckpt_ctx;
+struct ckpt_hdr_vma;
+extern int ipcshm_restore(struct ckpt_ctx *ctx, struct mm_struct *mm,
+ struct ckpt_hdr_vma *h);
+#else
+#define ipcshm_restore NULL
+#endif
+#endif
+
#endif /* __KERNEL__ */
#endif /* _LINUX_SHM_H_ */
diff --git a/ipc/Makefile b/ipc/Makefile
index 553c6d5..8fdc6c1 100644
--- a/ipc/Makefile
+++ b/ipc/Makefile
@@ -9,4 +9,4 @@ obj_mq-$(CONFIG_COMPAT) += compat_mq.o
obj-$(CONFIG_POSIX_MQUEUE) += mqueue.o msgutil.o $(obj_mq-y)
obj-$(CONFIG_IPC_NS) += namespace.o
obj-$(CONFIG_POSIX_MQUEUE_SYSCTL) += mq_sysctl.o
-obj-$(CONFIG_SYSVIPC_CHECKPOINT) += checkpoint.o
+obj-$(CONFIG_SYSVIPC_CHECKPOINT) += checkpoint.o checkpoint_shm.o
diff --git a/ipc/checkpoint.c b/ipc/checkpoint.c
index 6ff2ea7..18ae99d 100644
--- a/ipc/checkpoint.c
+++ b/ipc/checkpoint.c
@@ -127,9 +127,9 @@ static int checkpoint_ipc_ns(struct ckpt_ctx *ctx, void *ptr)
if (ret < 0)
return ret;
-#if 0 /* NEXT FEW PATCHES */
ret = checkpoint_ipc_any(ctx, ipc_ns, IPC_SHM_IDS,
CKPT_HDR_IPC_SHM, checkpoint_ipc_shm);
+#if 0 /* NEXT FEW PATCHES */
if (ret < 0)
return ret;
ret = checkpoint_ipc_any(ctx, ipc_ns, IPC_MSG_IDS,
@@ -143,6 +143,27 @@ static int checkpoint_ipc_ns(struct ckpt_ctx *ctx, void *ptr)
}
/**************************************************************************
+ * Collect
+ */
+
+int ckpt_collect_ipc_ns(struct ckpt_ctx *ctx, struct ipc_namespace *ipc_ns)
+{
+ struct ipc_ids *ipc_ids;
+ int ret;
+
+ /*
+ * Each shm object holds a reference to a file pointer, so
+ * collect them. Nothing to do for msg and sem.
+ */
+ ipc_ids = &ipc_ns->ids[IPC_SHM_IDS];
+ down_read(&ipc_ids->rw_mutex);
+ ret = idr_for_each(&ipc_ids->ipcs_idr, ckpt_collect_ipc_shm, ctx);
+ up_read(&ipc_ids->rw_mutex);
+
+ return ret;
+}
+
+/**************************************************************************
* Restart
*/
@@ -303,9 +324,9 @@ static void *restore_ipc_ns(struct ckpt_ctx *ctx)
get_ipc_ns(ipc_ns);
#endif
-#if 0 /* NEXT FEW PATCHES */
ret = restore_ipc_any(ctx, ipc_ns, IPC_SHM_IDS,
CKPT_HDR_IPC_SHM, restore_ipc_shm);
+#if 0 /* NEXT FEW PATCHES */
if (ret < 0)
goto out;
ret = restore_ipc_any(ctx, ipc_ns, IPC_MSG_IDS,
diff --git a/ipc/checkpoint_shm.c b/ipc/checkpoint_shm.c
new file mode 100644
index 0000000..0e8a140
--- /dev/null
+++ b/ipc/checkpoint_shm.c
@@ -0,0 +1,305 @@
+/*
+ * Checkpoint/restart - dump state of sysvipc shm
+ *
+ * Copyright (C) 2009 Oren Laadan
+ *
+ * This file is subject to the terms and conditions of the GNU General Public
+ * License. See the file COPYING in the main directory of the Linux
+ * distribution for more details.
+ */
+
+/* default debug level for output */
+#define CKPT_DFLAG CKPT_DIPC
+
+#include <linux/mm.h>
+#include <linux/shm.h>
+#include <linux/shmem_fs.h>
+#include <linux/hugetlb.h>
+#include <linux/rwsem.h>
+#include <linux/sched.h>
+#include <linux/file.h>
+#include <linux/syscalls.h>
+#include <linux/nsproxy.h>
+#include <linux/ipc_namespace.h>
+#include <linux/deferqueue.h>
+
+#include <linux/msg.h> /* needed for util.h that uses 'struct msg_msg' */
+#include "util.h"
+
+#include <linux/checkpoint.h>
+
+/************************************************************************
+ * ipc checkpoint
+ */
+
+/* called with the msgids->rw_mutex is read-held */
+static int fill_ipc_shm_hdr(struct ckpt_ctx *ctx,
+ struct ckpt_hdr_ipc_shm *h,
+ struct shmid_kernel *shp)
+{
+ int ret = 0;
+
+ ret = checkpoint_fill_ipc_perms(&h->perms, &shp->shm_perm);
+ if (ret < 0)
+ return ret;
+
+ ipc_lock_by_ptr(&shp->shm_perm);
+
+ h->shm_segsz = shp->shm_segsz;
+ h->shm_atim = shp->shm_atim;
+ h->shm_dtim = shp->shm_dtim;
+ h->shm_ctim = shp->shm_ctim;
+ h->shm_cprid = shp->shm_cprid;
+ h->shm_lprid = shp->shm_lprid;
+
+ if (shp->mlock_user)
+ h->mlock_uid = shp->mlock_user->uid;
+ else
+ h->mlock_uid = (unsigned int) -1;
+
+ h->flags = 0;
+ /* check if shm was setup with SHM_NORESERVE */
+ if (SHMEM_I(shp->shm_file->f_dentry->d_inode)->flags & VM_NORESERVE)
+ h->flags |= SHM_NORESERVE;
+ /* check if shm was setup with SHM_HUGETLB (unsupported yet) */
+ if (is_file_hugepages(shp->shm_file)) {
+ pr_warning("c/r: unsupported SHM_HUGETLB\n");
+ ret = -ENOSYS;
+ }
+
+ ipc_unlock(&shp->shm_perm);
+
+ ckpt_debug("shm: cprid %d lprid %d segsz %lld mlock %d\n",
+ h->shm_cprid, h->shm_lprid, h->shm_segsz, h->mlock_uid);
+
+ return ret;
+}
+
+/* called with the msgids->rw_mutex is read-held */
+int checkpoint_ipc_shm(int id, void *p, void *data)
+{
+ struct ckpt_hdr_ipc_shm *h;
+ struct ckpt_ctx *ctx = (struct ckpt_ctx *) data;
+ struct kern_ipc_perm *perm = (struct kern_ipc_perm *) p;
+ struct shmid_kernel *shp;
+ struct inode *inode;
+ int first, objref;
+ int ret;
+
+ shp = container_of(perm, struct shmid_kernel, shm_perm);
+ inode = shp->shm_file->f_dentry->d_inode;
+
+ /* we collected the file but we don't checkpoint it per-se */
+ ret = ckpt_obj_visit(ctx, shp->shm_file, CKPT_OBJ_FILE);
+ if (ret < 0)
+ return ret;
+
+ objref = ckpt_obj_lookup_add(ctx, inode, CKPT_OBJ_INODE, &first);
+ if (objref < 0)
+ return objref;
+
+ h = ckpt_hdr_get_type(ctx, sizeof(*h), CKPT_HDR_IPC_SHM);
+ if (!h)
+ return -ENOMEM;
+
+ ret = fill_ipc_shm_hdr(ctx, h, shp);
+ if (ret < 0)
+ goto out;
+
+ h->objref = objref;
+ ckpt_debug("shm: objref %d\n", h->objref);
+
+ ret = ckpt_write_obj(ctx, &h->h);
+ if (ret < 0)
+ goto out;
+
+ ret = checkpoint_memory_contents(ctx, NULL, inode);
+ out:
+ ckpt_hdr_put(ctx, h);
+ return ret;
+}
+
+/************************************************************************
++ * ipc collect
++ */
+int ckpt_collect_ipc_shm(int id, void *p, void *data)
+{
+ struct ckpt_ctx *ctx = (struct ckpt_ctx *) data;
+ struct kern_ipc_perm *perm = (struct kern_ipc_perm *) p;
+ struct shmid_kernel *shp;
+
+ shp = container_of(perm, struct shmid_kernel, shm_perm);
+ return ckpt_collect_file(ctx, shp->shm_file);
+}
+
+/************************************************************************
+ * ipc restart
+ */
+
+struct dq_ipcshm_del {
+ /*
+ * XXX: always keep ->ipcns first so that put_ipc_ns() can
+ * be safely provided as the dtor for this deferqueue object
+ */
+ struct ipc_namespace *ipcns;
+ int id;
+};
+
+static int _ipc_shm_delete(struct ipc_namespace *ns, int id)
+{
+ mm_segment_t old_fs;
+ int ret;
+
+ old_fs = get_fs();
+ set_fs(get_ds());
+ ret = shmctl_down(ns, id, IPC_RMID, NULL, 0);
+ set_fs(old_fs);
+
+ return ret;
+}
+
+static int ipc_shm_delete(void *data)
+{
+ struct dq_ipcshm_del *dq = (struct dq_ipcshm_del *) data;
+ int ret;
+
+ ret = _ipc_shm_delete(dq->ipcns, dq->id);
+ put_ipc_ns(dq->ipcns);
+
+ return ret;
+}
+
+/* called with the msgids->rw_mutex is write-held */
+static int load_ipc_shm_hdr(struct ckpt_ctx *ctx,
+ struct ckpt_hdr_ipc_shm *h,
+ struct shmid_kernel *shp)
+{
+ int ret;
+
+ ret = restore_load_ipc_perms(&h->perms, &shp->shm_perm);
+ if (ret < 0)
+ return ret;
+
+ ckpt_debug("shm: cprid %d lprid %d segsz %lld mlock %d\n",
+ h->shm_cprid, h->shm_lprid, h->shm_segsz, h->mlock_uid);
+
+ if (h->shm_cprid < 0 || h->shm_lprid < 0)
+ return -EINVAL;
+
+ shp->shm_atim = h->shm_atim;
+ shp->shm_dtim = h->shm_dtim;
+ shp->shm_ctim = h->shm_ctim;
+ shp->shm_cprid = h->shm_cprid;
+ shp->shm_lprid = h->shm_lprid;
+
+ return 0;
+}
+
+int restore_ipc_shm(struct ckpt_ctx *ctx, struct ipc_namespace *ns)
+{
+ struct ckpt_hdr_ipc_shm *h;
+ struct kern_ipc_perm *ipc;
+ struct shmid_kernel *shp;
+ struct ipc_ids *shm_ids = &ns->ids[IPC_SHM_IDS];
+ struct file *file;
+ int shmflag;
+ int ret;
+
+ h = ckpt_read_obj_type(ctx, sizeof(*h), CKPT_HDR_IPC_SHM);
+ if (IS_ERR(h))
+ return PTR_ERR(h);
+
+ ret = -EINVAL;
+ if (h->perms.id < 0)
+ goto out;
+
+#define CKPT_SHMFL_MASK (SHM_NORESERVE | SHM_HUGETLB)
+ if (h->flags & ~CKPT_SHMFL_MASK)
+ goto out;
+
+ ret = -ENOSYS;
+ if (h->mlock_uid != (unsigned int) -1) /* FIXME: support SHM_LOCK */
+ goto out;
+ if (h->flags & SHM_HUGETLB) /* FIXME: support SHM_HUGETLB */
+ goto out;
+
+ shmflag = h->flags | h->perms.mode | IPC_CREAT | IPC_EXCL;
+ ckpt_debug("shm: do_shmget size %lld flag %#x id %d\n",
+ h->shm_segsz, shmflag, h->perms.id);
+ ret = do_shmget(ns, h->perms.key, h->shm_segsz, shmflag, h->perms.id);
+ ckpt_debug("shm: do_shmget ret %d\n", ret);
+ if (ret < 0)
+ goto out;
+
+ /*
+ * SHM_DEST means that the shm is to be deleted after creation.
+ * However, deleting before it's actually attached is quite silly.
+ * Instead, we defer this task to until restart has succeeded.
+ */
+ if (h->perms.mode & SHM_DEST) {
+ struct dq_ipcshm_del dq;
+
+ /* to not confuse the rest of the code */
+ h->perms.mode &= ~SHM_DEST;
+
+ dq.id = h->perms.id;
+ dq.ipcns = ns;
+ get_ipc_ns(ns);
+
+ ret = deferqueue_add(ctx->deferqueue, &dq, sizeof(dq),
+ (deferqueue_func_t) ipc_shm_delete,
+ (deferqueue_func_t) ipc_shm_delete);
+ if (ret < 0) {
+ ipc_shm_delete((void *) &dq);
+ goto out;
+ }
+ }
+
+ down_write(&shm_ids->rw_mutex);
+
+ /*
+ * We are the sole owners/users of this brand new ipc-ns, so:
+ *
+ * 1) The shmid could not have been deleted between its creation
+ * and taking the rw_mutex above.
+ * 2) No unauthorized task will attempt to gain access to it,
+ * so it is safe to do away with ipc_lock(). This is useful
+ * because we can call functions that sleep.
+ * 3) Likewise, we only restore the security bits further below,
+ * so it is safe to ignore this (theoretical only!) race.
+ *
+ * If/when we allow to restore the ipc state within the parent's
+ * ipc-ns, we will need to re-examine this.
+ */
+ ipc = ipc_lock(shm_ids, h->perms.id);
+ BUG_ON(IS_ERR(ipc));
+
+ shp = container_of(ipc, struct shmid_kernel, shm_perm);
+ file = shp->shm_file;
+ get_file(file);
+
+ /* this is safe because no unauthorized access is possible */
+ ipc_unlock(ipc);
+
+ ret = load_ipc_shm_hdr(ctx, h, shp);
+ if (ret < 0)
+ goto mutex;
+
+ /* deposit in objhash and read contents in */
+ ret = ckpt_obj_insert(ctx, file, h->objref, CKPT_OBJ_FILE);
+ if (ret < 0)
+ goto mutex;
+ ret = restore_memory_contents(ctx, file->f_dentry->d_inode);
+ mutex:
+ fput(file);
+ up_write(&shm_ids->rw_mutex);
+
+ /* discard this shmid if error and deferqueue wasn't set */
+ if (ret < 0 && !(h->perms.mode & SHM_DEST)) {
+ ckpt_debug("shm: need to remove (%d)\n", ret);
+ _ipc_shm_delete(ns, h->perms.id);
+ }
+ out:
+ ckpt_hdr_put(ctx, h);
+ return ret;
+}
diff --git a/ipc/shm.c b/ipc/shm.c
index 76c3585..5a5dfb5 100644
--- a/ipc/shm.c
+++ b/ipc/shm.c
@@ -39,6 +39,7 @@
#include <linux/nsproxy.h>
#include <linux/mount.h>
#include <linux/ipc_namespace.h>
+#include <linux/checkpoint.h>
#include <asm/uaccess.h>
@@ -294,6 +295,74 @@ static unsigned long shm_get_unmapped_area(struct file *file,
pgoff, flags);
}
+#ifdef CONFIG_CHECKPOINT
+static int ipcshm_checkpoint(struct ckpt_ctx *ctx, struct vm_area_struct *vma)
+{
+ int ino_objref;
+ int first;
+
+ ino_objref = ckpt_obj_lookup_add(ctx, vma->vm_file->f_dentry->d_inode,
+ CKPT_OBJ_INODE, &first);
+ if (ino_objref < 0)
+ return ino_objref;
+
+ /*
+ * This shouldn't happen, because all IPC regions should have
+ * been already dumped by now via ipc namespaces; It means
+ * the ipc_ns has been modified recently during checkpoint.
+ */
+ if (first)
+ return -EBUSY;
+
+ return generic_vma_checkpoint(ctx, vma, CKPT_VMA_SHM_IPC_SKIP,
+ 0, ino_objref);
+}
+
+int ipcshm_restore(struct ckpt_ctx *ctx, struct mm_struct *mm,
+ struct ckpt_hdr_vma *h)
+{
+ struct file *file;
+ int shmid, shmflg = 0;
+ mm_segment_t old_fs;
+ unsigned long start;
+ unsigned long addr;
+ int ret;
+
+ if (!h->ino_objref)
+ return -EINVAL;
+ /* FIX: verify the vm_flags too */
+
+ file = ckpt_obj_fetch(ctx, h->ino_objref, CKPT_OBJ_FILE);
+ if (IS_ERR(file))
+ PTR_ERR(file);
+
+ shmid = file->f_dentry->d_inode->i_ino;
+
+ if (!(h->vm_flags & VM_WRITE))
+ shmflg |= SHM_RDONLY;
+
+ /*
+ * FIX: do_shmat() has limited interface: all-or-nothing
+ * mapping. If the vma, however, reflects a partial mapping
+ * then we need to modify that function to accomplish the
+ * desired outcome. Partial mapping can exist due to the user
+ * call shmat() and then unmapping part of the region.
+ * Currently, we at least detect this and call it a foul play.
+ */
+ if (((h->vm_end - h->vm_start) != h->ino_size) || h->vm_pgoff)
+ return -ENOSYS;
+
+ old_fs = get_fs();
+ set_fs(get_ds());
+ start = h->vm_start;
+ ret = do_shmat(shmid, (char __user *) start, shmflg, &addr);
+ set_fs(old_fs);
+
+ BUG_ON(ret >= 0 && addr != h->vm_start);
+ return ret;
+}
+#endif
+
static const struct file_operations shm_file_operations = {
.mmap = shm_mmap,
.fsync = shm_fsync,
@@ -323,6 +392,9 @@ static const struct vm_operations_struct shm_vm_ops = {
.set_policy = shm_set_policy,
.get_policy = shm_get_policy,
#endif
+#if defined(CONFIG_CHECKPOINT)
+ .checkpoint = ipcshm_checkpoint,
+#endif
};
/**
@@ -450,14 +522,12 @@ static inline int shm_more_checks(struct kern_ipc_perm *ipcp,
return 0;
}
-int do_shmget(key_t key, size_t size, int shmflg, int req_id)
+int do_shmget(struct ipc_namespace *ns, key_t key, size_t size,
+ int shmflg, int req_id)
{
- struct ipc_namespace *ns;
struct ipc_ops shm_ops;
struct ipc_params shm_params;
- ns = current->nsproxy->ipc_ns;
-
shm_ops.getnew = newseg;
shm_ops.associate = shm_security;
shm_ops.more_checks = shm_more_checks;
@@ -471,7 +541,7 @@ int do_shmget(key_t key, size_t size, int shmflg, int req_id)
SYSCALL_DEFINE3(shmget, key_t, key, size_t, size, int, shmflg)
{
- return do_shmget(key, size, shmflg, -1);
+ return do_shmget(current->nsproxy->ipc_ns, key, size, shmflg, -1);
}
static inline unsigned long copy_shmid_to_user(void __user *buf, struct shmid64_ds *in, int version)
@@ -602,8 +672,8 @@ static void shm_get_stat(struct ipc_namespace *ns, unsigned long *rss,
* to be held in write mode.
* NOTE: no locks must be held, the rw_mutex is taken inside this function.
*/
-static int shmctl_down(struct ipc_namespace *ns, int shmid, int cmd,
- struct shmid_ds __user *buf, int version)
+int shmctl_down(struct ipc_namespace *ns, int shmid, int cmd,
+ struct shmid_ds __user *buf, int version)
{
struct kern_ipc_perm *ipcp;
struct shmid64_ds shmid64;
diff --git a/ipc/util.h b/ipc/util.h
index 8ae1f8e..e0007dc 100644
--- a/ipc/util.h
+++ b/ipc/util.h
@@ -178,11 +178,20 @@ void free_ipcs(struct ipc_namespace *ns, struct ipc_ids *ids,
struct ipc_namespace *create_ipc_ns(void);
+int do_shmget(struct ipc_namespace *ns, key_t key, size_t size, int shmflg,
+ int req_id);
+void do_shm_rmid(struct ipc_namespace *ns, struct kern_ipc_perm *ipcp);
+
+
#ifdef CONFIG_CHECKPOINT
extern int checkpoint_fill_ipc_perms(struct ckpt_hdr_ipc_perms *h,
struct kern_ipc_perm *perm);
extern int restore_load_ipc_perms(struct ckpt_hdr_ipc_perms *h,
struct kern_ipc_perm *perm);
+
+extern int ckpt_collect_ipc_shm(int id, void *p, void *data);
+extern int checkpoint_ipc_shm(int id, void *p, void *data);
+extern int restore_ipc_shm(struct ckpt_ctx *ctx, struct ipc_namespace *ns);
#endif
#endif
diff --git a/kernel/checkpoint/checkpoint.c b/kernel/checkpoint/checkpoint.c
index 51ddce5..9743866 100644
--- a/kernel/checkpoint/checkpoint.c
+++ b/kernel/checkpoint/checkpoint.c
@@ -26,6 +26,7 @@
#include <linux/utsname.h>
#include <linux/magic.h>
#include <linux/hrtimer.h>
+#include <linux/deferqueue.h>
#include <linux/checkpoint.h>
/* unique checkpoint identifier (FIXME: should be per-container ?) */
@@ -616,6 +617,10 @@ long do_checkpoint(struct ckpt_ctx *ctx, pid_t pid)
if (ret < 0)
goto out;
+ ret = deferqueue_run(ctx->deferqueue); /* run deferred work */
+ if (ret < 0)
+ goto out;
+
/* verify that all objects were indeed visited */
if (!ckpt_obj_visited(ctx)) {
ckpt_err(ctx, -EBUSY, "Leak: unvisited\n");
diff --git a/kernel/checkpoint/restart.c b/kernel/checkpoint/restart.c
index e43c300..a511fda 100644
--- a/kernel/checkpoint/restart.c
+++ b/kernel/checkpoint/restart.c
@@ -22,6 +22,7 @@
#include <linux/magic.h>
#include <linux/utsname.h>
#include <linux/elf.h>
+#include <linux/deferqueue.h>
#include <linux/checkpoint.h>
#include <asm/syscall.h>
@@ -1179,6 +1180,11 @@ static int do_restore_coord(struct ckpt_ctx *ctx, pid_t pid)
goto out;
}
+ ret = deferqueue_run(ctx->deferqueue); /* run deferred work */
+ ckpt_debug("restore deferqueue: %d\n", ret);
+ if (ret < 0)
+ goto out;
+
ret = restore_read_tail(ctx);
ckpt_debug("restore tail: %d\n", ret);
if (ret < 0)
diff --git a/kernel/checkpoint/sys.c b/kernel/checkpoint/sys.c
index b258874..73d84bd 100644
--- a/kernel/checkpoint/sys.c
+++ b/kernel/checkpoint/sys.c
@@ -24,6 +24,7 @@
#include <linux/capability.h>
#include <linux/deferqueue.h>
#include <linux/checkpoint.h>
+#include <linux/deferqueue.h>
/*
* ckpt_unpriv_allowed - sysctl controlled.
@@ -199,6 +200,9 @@ static void ckpt_ctx_free(struct ckpt_ctx *ctx)
if (ctx->kflags & CKPT_CTX_RESTART)
restore_debug_free(ctx);
+ if (ctx->deferqueue)
+ deferqueue_destroy(ctx->deferqueue);
+
if (ctx->files_deferq)
deferqueue_destroy(ctx->files_deferq);
@@ -271,6 +275,9 @@ static struct ckpt_ctx *ckpt_ctx_alloc(int fd, unsigned long uflags,
err = -ENOMEM;
if (ckpt_obj_hash_alloc(ctx) < 0)
goto err;
+ ctx->deferqueue = deferqueue_create();
+ if (!ctx->deferqueue)
+ goto err;
ctx->files_deferq = deferqueue_create();
if (!ctx->files_deferq)
diff --git a/kernel/nsproxy.c b/kernel/nsproxy.c
index 17f5a93..67a1456 100644
--- a/kernel/nsproxy.c
+++ b/kernel/nsproxy.c
@@ -262,6 +262,14 @@ int ckpt_collect_ns(struct ckpt_ctx *ctx, struct task_struct *t)
goto out;
#ifdef CONFIG_IPC_NS
ret = ckpt_obj_collect(ctx, nsproxy->ipc_ns, CKPT_OBJ_IPC_NS);
+ if (ret < 0)
+ goto out;
+ /*
+ * ipc_ns (shm) may keep references to files: if this is the
+ * first time we see this ipc_ns (ret > 0), proceed inside.
+ */
+ if (ret)
+ ret = ckpt_collect_ipc_ns(ctx, nsproxy->ipc_ns);
#endif
/* TODO: collect other namespaces here */
diff --git a/mm/checkpoint.c b/mm/checkpoint.c
index 6d71180..d1d0bcb 100644
--- a/mm/checkpoint.c
+++ b/mm/checkpoint.c
@@ -21,6 +21,7 @@
#include <linux/mman.h>
#include <linux/pagemap.h>
#include <linux/mm_types.h>
+#include <linux/shm.h>
#include <linux/proc_fs.h>
#include <linux/swap.h>
#include <linux/checkpoint.h>
@@ -405,9 +406,9 @@ static int vma_dump_pages(struct ckpt_ctx *ctx, int total)
* virtual addresses into ctx->pgarr_list page-array chain. Then dump
* the addresses, followed by the page contents.
*/
-static int checkpoint_memory_contents(struct ckpt_ctx *ctx,
- struct vm_area_struct *vma,
- struct inode *inode)
+int checkpoint_memory_contents(struct ckpt_ctx *ctx,
+ struct vm_area_struct *vma,
+ struct inode *inode)
{
struct ckpt_hdr_pgarr *h;
unsigned long addr, end;
@@ -1096,6 +1097,13 @@ static int anon_private_restore(struct ckpt_ctx *ctx,
return private_vma_restore(ctx, mm, NULL, h);
}
+static int bad_vma_restore(struct ckpt_ctx *ctx,
+ struct mm_struct *mm,
+ struct ckpt_hdr_vma *h)
+{
+ return -EINVAL;
+}
+
/* callbacks to restore vma per its type: */
struct restore_vma_ops {
char *vma_name;
@@ -1148,6 +1156,20 @@ static struct restore_vma_ops restore_vma_ops[] = {
.vma_type = CKPT_VMA_SHM_FILE,
.restore = filemap_restore,
},
+ /* sysvipc shared */
+ {
+ .vma_name = "IPC SHARED",
+ .vma_type = CKPT_VMA_SHM_IPC,
+ /* ipc inode itself is restore by restore_ipc_ns()... */
+ .restore = bad_vma_restore,
+
+ },
+ /* sysvipc shared (skip) */
+ {
+ .vma_name = "IPC SHARED (skip)",
+ .vma_type = CKPT_VMA_SHM_IPC_SKIP,
+ .restore = ipcshm_restore,
+ },
};
/**
--
1.6.3.3
^ permalink raw reply related [flat|nested] 137+ messages in thread* [PATCH v21 056/100] c/r: support message-queues sysv-ipc
2010-05-01 14:14 [PATCH v21 00/100] Kernel based checkpoint/restart Oren Laadan
` (54 preceding siblings ...)
2010-05-01 14:15 ` [PATCH v21 055/100] c/r: support share-memory sysv-ipc Oren Laadan
@ 2010-05-01 14:15 ` Oren Laadan
2010-05-01 14:15 ` [PATCH v21 057/100] c/r: support semaphore sysv-ipc Oren Laadan
` (45 subsequent siblings)
101 siblings, 0 replies; 137+ messages in thread
From: Oren Laadan @ 2010-05-01 14:15 UTC (permalink / raw)
To: Andrew Morton
Cc: containers, linux-kernel, Serge Hallyn, Matt Helsley,
Pavel Emelyanov, Oren Laadan, Oleg Nesterov
Checkpoint of sysvipc message-queues is performed by iterating through
all 'msq' objects and dumping the contents of each one. The message
queued on each 'msq' are dumped with that object.
Message of a specific queue get written one by one. The queue lock
cannot be held while dumping them, but the loop must be protected from
someone (who ?) writing or reading. To do that we grab the lock, then
hijack the entire chain of messages from the queue, drop the lock,
and then safely dump them in a loop. Finally, with the lock held, we
re-attach the chain while verifying that there isn't other (new) data
on that queue.
Writing the message contents themselves is straight forward. The code
is similar to that in ipc/msgutil.c, the main difference being that
we deal with kernel memory and not user memory.
Changelog[v21]:
- Do not include checkpoint_hdr.h explicitly
Changelog[v20]:
- Fix "scheduling in atomic" while restoring ipc ms
Changelog[v19-rc3]:
- [Serge Hallyn] Change m_type to long, not int
Changelog[v19-rc1]:
- [Matt Helsley] Add cpp definitions for enums
Changelog[v17]:
- Allocate security context for msg_msg
- Restore objects in the right namespace
- Don't unlock ipc before freeing
Cc: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Oren Laadan <orenl@cs.columbia.edu>
Acked-by: Serge E. Hallyn <serue@us.ibm.com>
Tested-by: Serge E. Hallyn <serue@us.ibm.com>
---
include/linux/checkpoint_hdr.h | 21 +++
ipc/Makefile | 3 +-
ipc/checkpoint.c | 2 +-
ipc/checkpoint_msg.c | 379 ++++++++++++++++++++++++++++++++++++++++
ipc/msg.c | 10 +-
ipc/msgutil.c | 8 -
ipc/util.h | 13 ++
7 files changed, 419 insertions(+), 17 deletions(-)
create mode 100644 ipc/checkpoint_msg.c
diff --git a/include/linux/checkpoint_hdr.h b/include/linux/checkpoint_hdr.h
index e9983b4..0349c9a 100644
--- a/include/linux/checkpoint_hdr.h
+++ b/include/linux/checkpoint_hdr.h
@@ -119,6 +119,8 @@ enum {
#define CKPT_HDR_IPC_SHM CKPT_HDR_IPC_SHM
CKPT_HDR_IPC_MSG,
#define CKPT_HDR_IPC_MSG CKPT_HDR_IPC_MSG
+ CKPT_HDR_IPC_MSG_MSG,
+#define CKPT_HDR_IPC_MSG_MSG CKPT_HDR_IPC_MSG_MSG
CKPT_HDR_IPC_SEM,
#define CKPT_HDR_IPC_SEM CKPT_HDR_IPC_SEM
@@ -478,6 +480,25 @@ struct ckpt_hdr_ipc_shm {
__u32 objref;
} __attribute__((aligned(8)));
+struct ckpt_hdr_ipc_msg {
+ struct ckpt_hdr h;
+ struct ckpt_hdr_ipc_perms perms;
+ __u64 q_stime;
+ __u64 q_rtime;
+ __u64 q_ctime;
+ __u64 q_cbytes;
+ __u64 q_qnum;
+ __u64 q_qbytes;
+ __s32 q_lspid;
+ __s32 q_lrpid;
+} __attribute__((aligned(8)));
+
+struct ckpt_hdr_ipc_msg_msg {
+ struct ckpt_hdr h;
+ __s64 m_type;
+ __u32 m_ts;
+} __attribute__((aligned(8)));
+
#define CKPT_TST_OVERFLOW_16(a, b) \
((sizeof(a) > sizeof(b)) && ((a) > SHORT_MAX))
diff --git a/ipc/Makefile b/ipc/Makefile
index 8fdc6c1..ed46f37 100644
--- a/ipc/Makefile
+++ b/ipc/Makefile
@@ -9,4 +9,5 @@ obj_mq-$(CONFIG_COMPAT) += compat_mq.o
obj-$(CONFIG_POSIX_MQUEUE) += mqueue.o msgutil.o $(obj_mq-y)
obj-$(CONFIG_IPC_NS) += namespace.o
obj-$(CONFIG_POSIX_MQUEUE_SYSCTL) += mq_sysctl.o
-obj-$(CONFIG_SYSVIPC_CHECKPOINT) += checkpoint.o checkpoint_shm.o
+obj-$(CONFIG_SYSVIPC_CHECKPOINT) += checkpoint.o \
+ checkpoint_shm.o checkpoint_msg.o
diff --git a/ipc/checkpoint.c b/ipc/checkpoint.c
index 18ae99d..dec8d6e 100644
--- a/ipc/checkpoint.c
+++ b/ipc/checkpoint.c
@@ -129,11 +129,11 @@ static int checkpoint_ipc_ns(struct ckpt_ctx *ctx, void *ptr)
ret = checkpoint_ipc_any(ctx, ipc_ns, IPC_SHM_IDS,
CKPT_HDR_IPC_SHM, checkpoint_ipc_shm);
-#if 0 /* NEXT FEW PATCHES */
if (ret < 0)
return ret;
ret = checkpoint_ipc_any(ctx, ipc_ns, IPC_MSG_IDS,
CKPT_HDR_IPC_MSG, checkpoint_ipc_msg);
+#if 0 /* NEXT FEW PATCHES */
if (ret < 0)
return ret;
ret = checkpoint_ipc_any(ctx, ipc_ns, IPC_SEM_IDS,
diff --git a/ipc/checkpoint_msg.c b/ipc/checkpoint_msg.c
new file mode 100644
index 0000000..fba12e1
--- /dev/null
+++ b/ipc/checkpoint_msg.c
@@ -0,0 +1,379 @@
+/*
+ * Checkpoint/restart - dump state of sysvipc msg
+ *
+ * Copyright (C) 2009 Oren Laadan
+ *
+ * This file is subject to the terms and conditions of the GNU General Public
+ * License. See the file COPYING in the main directory of the Linux
+ * distribution for more details.
+ */
+
+/* default debug level for output */
+#define CKPT_DFLAG CKPT_DIPC
+
+#include <linux/mm.h>
+#include <linux/msg.h>
+#include <linux/rwsem.h>
+#include <linux/sched.h>
+#include <linux/syscalls.h>
+#include <linux/nsproxy.h>
+#include <linux/security.h>
+#include <linux/ipc_namespace.h>
+
+#include "util.h"
+
+#include <linux/checkpoint.h>
+
+/************************************************************************
+ * ipc checkpoint
+ */
+
+/* called with the msgids->rw_mutex is read-held */
+static int fill_ipc_msg_hdr(struct ckpt_ctx *ctx,
+ struct ckpt_hdr_ipc_msg *h,
+ struct msg_queue *msq)
+{
+ int ret;
+
+ ret = checkpoint_fill_ipc_perms(&h->perms, &msq->q_perm);
+ if (ret < 0)
+ return ret;
+
+ ipc_lock_by_ptr(&msq->q_perm);
+ h->q_stime = msq->q_stime;
+ h->q_rtime = msq->q_rtime;
+ h->q_ctime = msq->q_ctime;
+ h->q_cbytes = msq->q_cbytes;
+ h->q_qnum = msq->q_qnum;
+ h->q_qbytes = msq->q_qbytes;
+ h->q_lspid = msq->q_lspid;
+ h->q_lrpid = msq->q_lrpid;
+ ipc_unlock(&msq->q_perm);
+
+ ckpt_debug("msg: lspid %d rspid %d qnum %lld qbytes %lld\n",
+ h->q_lspid, h->q_lrpid, h->q_qnum, h->q_qbytes);
+
+ return 0;
+}
+
+static int checkpoint_msg_contents(struct ckpt_ctx *ctx, struct msg_msg *msg)
+{
+ struct ckpt_hdr_ipc_msg_msg *h;
+ struct msg_msgseg *seg;
+ int total, len;
+ int ret;
+
+ h = ckpt_hdr_get_type(ctx, sizeof(*h), CKPT_HDR_IPC_MSG_MSG);
+ if (!h)
+ return -ENOMEM;
+
+ h->m_type = msg->m_type;
+ h->m_ts = msg->m_ts;
+
+ ret = ckpt_write_obj(ctx, &h->h);
+ ckpt_hdr_put(ctx, h);
+ if (ret < 0)
+ return ret;
+
+ total = msg->m_ts;
+ len = min(total, (int) DATALEN_MSG);
+ ret = ckpt_write_buffer(ctx, (msg + 1), len);
+ if (ret < 0)
+ return ret;
+
+ seg = msg->next;
+ total -= len;
+
+ while (total) {
+ len = min(total, (int) DATALEN_SEG);
+ ret = ckpt_write_buffer(ctx, (seg + 1), len);
+ if (ret < 0)
+ break;
+ seg = seg->next;
+ total -= len;
+ }
+
+ return ret;
+}
+
+static int checkpoint_msg_queue(struct ckpt_ctx *ctx, struct msg_queue *msq)
+{
+ struct list_head messages;
+ struct msg_msg *msg;
+ int ret = -EBUSY;
+
+ /*
+ * Scanning the msq requires the lock, but then we can't write
+ * data out from inside. Instead, we grab the lock, remove all
+ * messages to our own list, drop the lock, write the messages,
+ * and finally re-attach the them to the msq with the lock taken.
+ */
+ ipc_lock_by_ptr(&msq->q_perm);
+ if (!list_empty(&msq->q_receivers))
+ goto unlock;
+ if (!list_empty(&msq->q_senders))
+ goto unlock;
+ if (list_empty(&msq->q_messages))
+ goto unlock;
+ /* temporarily take out all messages */
+ INIT_LIST_HEAD(&messages);
+ list_splice_init(&msq->q_messages, &messages);
+ unlock:
+ ipc_unlock(&msq->q_perm);
+
+ list_for_each_entry(msg, &messages, m_list) {
+ ret = checkpoint_msg_contents(ctx, msg);
+ if (ret < 0)
+ break;
+ }
+
+ /* put all the messages back in */
+ ipc_lock_by_ptr(&msq->q_perm);
+ list_splice(&messages, &msq->q_messages);
+ ipc_unlock(&msq->q_perm);
+
+ return ret;
+}
+
+/* called with the msgids->rw_mutex is read-held */
+int checkpoint_ipc_msg(int id, void *p, void *data)
+{
+ struct ckpt_hdr_ipc_msg *h;
+ struct ckpt_ctx *ctx = (struct ckpt_ctx *) data;
+ struct kern_ipc_perm *perm = (struct kern_ipc_perm *) p;
+ struct msg_queue *msq;
+ int ret;
+
+ msq = container_of(perm, struct msg_queue, q_perm);
+
+ h = ckpt_hdr_get_type(ctx, sizeof(*h), CKPT_HDR_IPC_MSG);
+ if (!h)
+ return -ENOMEM;
+
+ ret = fill_ipc_msg_hdr(ctx, h, msq);
+ if (ret < 0)
+ goto out;
+
+ ret = ckpt_write_obj(ctx, &h->h);
+ if (ret < 0)
+ goto out;
+
+ if (h->q_qnum)
+ ret = checkpoint_msg_queue(ctx, msq);
+ out:
+ ckpt_hdr_put(ctx, h);
+ return ret;
+}
+
+
+/************************************************************************
+ * ipc restart
+ */
+
+/* called with the msgids->rw_mutex is write-held */
+static int load_ipc_msg_hdr(struct ckpt_ctx *ctx,
+ struct ckpt_hdr_ipc_msg *h,
+ struct msg_queue *msq)
+{
+ int ret = 0;
+
+ ret = restore_load_ipc_perms(&h->perms, &msq->q_perm);
+ if (ret < 0)
+ return ret;
+
+ ckpt_debug("msq: lspid %d lrpid %d qnum %lld qbytes %lld\n",
+ h->q_lspid, h->q_lrpid, h->q_qnum, h->q_qbytes);
+
+ if (h->q_lspid < 0 || h->q_lrpid < 0)
+ return -EINVAL;
+
+ msq->q_stime = h->q_stime;
+ msq->q_rtime = h->q_rtime;
+ msq->q_ctime = h->q_ctime;
+ msq->q_lspid = h->q_lspid;
+ msq->q_lrpid = h->q_lrpid;
+
+ return 0;
+}
+
+static struct msg_msg *restore_msg_contents_one(struct ckpt_ctx *ctx, int *clen)
+{
+ struct ckpt_hdr_ipc_msg_msg *h;
+ struct msg_msg *msg = NULL;
+ struct msg_msgseg *seg, **pseg;
+ int total, len;
+ int ret;
+
+ h = ckpt_read_obj_type(ctx, sizeof(*h), CKPT_HDR_IPC_MSG_MSG);
+ if (IS_ERR(h))
+ return (struct msg_msg *) h;
+
+ ret = -EINVAL;
+ if (h->m_type < 1)
+ goto out;
+ if (h->m_ts > current->nsproxy->ipc_ns->msg_ctlmax)
+ goto out;
+
+ total = h->m_ts;
+ len = min(total, (int) DATALEN_MSG);
+ msg = kmalloc(sizeof(*msg) + len, GFP_KERNEL);
+ if (!msg) {
+ ret = -ENOMEM;
+ goto out;
+ }
+ msg->next = NULL;
+ pseg = &msg->next;
+
+ ret = _ckpt_read_buffer(ctx, (msg + 1), len);
+ if (ret < 0)
+ goto out;
+
+ total -= len;
+ while (total) {
+ len = min(total, (int) DATALEN_SEG);
+ seg = kmalloc(sizeof(*seg) + len, GFP_KERNEL);
+ if (!seg) {
+ ret = -ENOMEM;
+ goto out;
+ }
+ seg->next = NULL;
+ *pseg = seg;
+ pseg = &seg->next;
+
+ ret = _ckpt_read_buffer(ctx, (seg + 1), len);
+ if (ret < 0)
+ goto out;
+ total -= len;
+ }
+
+ msg->m_type = h->m_type;
+ msg->m_ts = h->m_ts;
+ *clen = h->m_ts;
+ ret = security_msg_msg_alloc(msg);
+ out:
+ if (ret < 0 && msg) {
+ free_msg(msg);
+ msg = ERR_PTR(ret);
+ }
+ ckpt_hdr_put(ctx, h);
+ return msg;
+}
+
+static inline void free_msg_list(struct list_head *queue)
+{
+ struct msg_msg *msg, *tmp;
+
+ list_for_each_entry_safe(msg, tmp, queue, m_list)
+ free_msg(msg);
+}
+
+static int restore_msg_contents(struct ckpt_ctx *ctx, struct list_head *queue,
+ unsigned long qnum, unsigned long *cbytes)
+{
+ struct msg_msg *msg;
+ int clen = 0;
+ int ret = 0;
+
+ INIT_LIST_HEAD(queue);
+
+ *cbytes = 0;
+ while (qnum--) {
+ msg = restore_msg_contents_one(ctx, &clen);
+ if (IS_ERR(msg))
+ goto fail;
+ list_add_tail(&msg->m_list, queue);
+ *cbytes += clen;
+ }
+ return 0;
+ fail:
+ ret = PTR_ERR(msg);
+ free_msg_list(queue);
+ return ret;
+}
+
+int restore_ipc_msg(struct ckpt_ctx *ctx, struct ipc_namespace *ns)
+{
+ struct ckpt_hdr_ipc_msg *h;
+ struct kern_ipc_perm *ipc;
+ struct msg_queue *msq;
+ struct ipc_ids *msg_ids = &ns->ids[IPC_MSG_IDS];
+ struct list_head messages;
+ unsigned long cbytes;
+ int msgflag;
+ int ret;
+
+ INIT_LIST_HEAD(&messages);
+
+ h = ckpt_read_obj_type(ctx, sizeof(*h), CKPT_HDR_IPC_MSG);
+ if (IS_ERR(h))
+ return PTR_ERR(h);
+
+ ret = -EINVAL;
+ if (h->perms.id < 0)
+ goto out;
+
+ /* read queued messages into temporary queue */
+ ret = restore_msg_contents(ctx, &messages, h->q_qnum, &cbytes);
+ if (ret < 0)
+ goto out;
+
+ ret = -EINVAL;
+ if (h->q_cbytes != cbytes)
+ goto out;
+
+ /* restore the message queue */
+ msgflag = h->perms.mode | IPC_CREAT | IPC_EXCL;
+ ckpt_debug("msg: do_msgget key %d flag %#x id %d\n",
+ h->perms.key, msgflag, h->perms.id);
+ ret = do_msgget(ns, h->perms.key, msgflag, h->perms.id);
+ ckpt_debug("msg: do_msgget ret %d\n", ret);
+ if (ret < 0)
+ goto out;
+
+ down_write(&msg_ids->rw_mutex);
+
+ /*
+ * We are the sole owners/users of this brand new ipc-ns, so:
+ *
+ * 1) The msgid could not have been deleted between its creation
+ * and taking the rw_mutex above.
+ *
+ * 2) No unauthorized task will have attempted to gain access
+ * to it either, not even until we restore the security bit
+ * further below, so the theoretical security race is void.
+ *
+ * If/when we allow to restore the ipc state within the parent's
+ * ipc-ns, we will need to re-examine this.
+ */
+ ipc = ipc_lock(msg_ids, h->perms.id);
+ BUG_ON(IS_ERR(ipc));
+
+ msq = container_of(ipc, struct msg_queue, q_perm);
+ BUG_ON(!list_empty(&msq->q_messages));
+
+ /* attach queued messages we read before */
+ list_splice_init(&messages, &msq->q_messages);
+
+ /* adjust msq and namespace statistics */
+ atomic_add(h->q_cbytes, &ns->msg_bytes);
+ atomic_add(h->q_qnum, &ns->msg_hdrs);
+ msq->q_cbytes = h->q_cbytes;
+ msq->q_qbytes = h->q_qbytes;
+ msq->q_qnum = h->q_qnum;
+
+ /* this is safe because no unauthorized access is possible */
+ ipc_unlock(ipc);
+
+ ret = load_ipc_msg_hdr(ctx, h, msq);
+ if (ret < 0) {
+ ckpt_debug("msq: need to remove (%d)\n", ret);
+ ipc_lock_by_ptr(&msq->q_perm);
+ freeque(ns, ipc);
+ ipc_unlock(ipc);
+ }
+ up_write(&msg_ids->rw_mutex);
+ out:
+ free_msg_list(&messages); /* no-op if all ok, else cleanup msgs */
+ ckpt_hdr_put(ctx, h);
+ return ret;
+}
diff --git a/ipc/msg.c b/ipc/msg.c
index c884908..9ef6a5e 100644
--- a/ipc/msg.c
+++ b/ipc/msg.c
@@ -71,7 +71,6 @@ struct msg_sender {
#define msg_unlock(msq) ipc_unlock(&(msq)->q_perm)
-static void freeque(struct ipc_namespace *, struct kern_ipc_perm *);
static int newque(struct ipc_namespace *, struct ipc_params *, int);
#ifdef CONFIG_PROC_FS
static int sysvipc_msg_proc_show(struct seq_file *s, void *it);
@@ -278,7 +277,7 @@ static void expunge_all(struct msg_queue *msq, int res)
* msg_ids.rw_mutex (writer) and the spinlock for this message queue are held
* before freeque() is called. msg_ids.rw_mutex remains locked on exit.
*/
-static void freeque(struct ipc_namespace *ns, struct kern_ipc_perm *ipcp)
+void freeque(struct ipc_namespace *ns, struct kern_ipc_perm *ipcp)
{
struct list_head *tmp;
struct msg_queue *msq = container_of(ipcp, struct msg_queue, q_perm);
@@ -311,14 +310,11 @@ static inline int msg_security(struct kern_ipc_perm *ipcp, int msgflg)
return security_msg_queue_associate(msq, msgflg);
}
-int do_msgget(key_t key, int msgflg, int req_id)
+int do_msgget(struct ipc_namespace *ns, key_t key, int msgflg, int req_id)
{
- struct ipc_namespace *ns;
struct ipc_ops msg_ops;
struct ipc_params msg_params;
- ns = current->nsproxy->ipc_ns;
-
msg_ops.getnew = newque;
msg_ops.associate = msg_security;
msg_ops.more_checks = NULL;
@@ -331,7 +327,7 @@ int do_msgget(key_t key, int msgflg, int req_id)
SYSCALL_DEFINE2(msgget, key_t, key, int, msgflg)
{
- return do_msgget(key, msgflg, -1);
+ return do_msgget(current->nsproxy->ipc_ns, key, msgflg, -1);
}
static inline unsigned long
diff --git a/ipc/msgutil.c b/ipc/msgutil.c
index f095ee2..e119243 100644
--- a/ipc/msgutil.c
+++ b/ipc/msgutil.c
@@ -36,14 +36,6 @@ struct ipc_namespace init_ipc_ns = {
atomic_t nr_ipc_ns = ATOMIC_INIT(1);
-struct msg_msgseg {
- struct msg_msgseg* next;
- /* the next part of the message follows immediately */
-};
-
-#define DATALEN_MSG (PAGE_SIZE-sizeof(struct msg_msg))
-#define DATALEN_SEG (PAGE_SIZE-sizeof(struct msg_msgseg))
-
struct msg_msg *load_msg(const void __user *src, int len)
{
struct msg_msg *msg;
diff --git a/ipc/util.h b/ipc/util.h
index e0007dc..8a223f0 100644
--- a/ipc/util.h
+++ b/ipc/util.h
@@ -141,6 +141,14 @@ extern void free_msg(struct msg_msg *msg);
extern struct msg_msg *load_msg(const void __user *src, int len);
extern int store_msg(void __user *dest, struct msg_msg *msg, int len);
+struct msg_msgseg {
+ struct msg_msgseg *next;
+ /* the next part of the message follows immediately */
+};
+
+#define DATALEN_MSG (PAGE_SIZE-sizeof(struct msg_msg))
+#define DATALEN_SEG (PAGE_SIZE-sizeof(struct msg_msgseg))
+
extern void recompute_msgmni(struct ipc_namespace *);
static inline int ipc_buildid(int id, int seq)
@@ -182,6 +190,8 @@ int do_shmget(struct ipc_namespace *ns, key_t key, size_t size, int shmflg,
int req_id);
void do_shm_rmid(struct ipc_namespace *ns, struct kern_ipc_perm *ipcp);
+int do_msgget(struct ipc_namespace *ns, key_t key, int msgflg, int req_id);
+void freeque(struct ipc_namespace *ns, struct kern_ipc_perm *ipcp);
#ifdef CONFIG_CHECKPOINT
extern int checkpoint_fill_ipc_perms(struct ckpt_hdr_ipc_perms *h,
@@ -192,6 +202,9 @@ extern int restore_load_ipc_perms(struct ckpt_hdr_ipc_perms *h,
extern int ckpt_collect_ipc_shm(int id, void *p, void *data);
extern int checkpoint_ipc_shm(int id, void *p, void *data);
extern int restore_ipc_shm(struct ckpt_ctx *ctx, struct ipc_namespace *ns);
+
+extern int checkpoint_ipc_msg(int id, void *p, void *data);
+extern int restore_ipc_msg(struct ckpt_ctx *ctx, struct ipc_namespace *ns);
#endif
#endif
--
1.6.3.3
^ permalink raw reply related [flat|nested] 137+ messages in thread* [PATCH v21 057/100] c/r: support semaphore sysv-ipc
2010-05-01 14:14 [PATCH v21 00/100] Kernel based checkpoint/restart Oren Laadan
` (55 preceding siblings ...)
2010-05-01 14:15 ` [PATCH v21 056/100] c/r: support message-queues sysv-ipc Oren Laadan
@ 2010-05-01 14:15 ` Oren Laadan
2010-05-01 14:15 ` [PATCH v21 058/100] c/r: (s390): expose a constant for the number of words (CRs) Oren Laadan
` (44 subsequent siblings)
101 siblings, 0 replies; 137+ messages in thread
From: Oren Laadan @ 2010-05-01 14:15 UTC (permalink / raw)
To: Andrew Morton
Cc: containers, linux-kernel, Serge Hallyn, Matt Helsley,
Pavel Emelyanov, Oren Laadan, Oleg Nesterov
Checkpoint of sysvipc semaphores is performed by iterating through all
sem objects and dumping the contents of each one. The semaphore array
of each sem is dumped with that object.
The semaphore array (sem->sem_base) holds an array of 'struct sem',
which is a {int, int}. Because this translates into the same format
on 32- and 64-bit architectures, the checkpoint format is simply the
dump of this array as is.
TODO: this patch does not handle semaphore-undo -- this data should be
saved per-task while iterating through the tasks.
Changelog[v21]:
- Do not include checkpoint_hdr.h explicitly
Changelog[v20]:
- Fix "scheduling in atomic" while restoring ipc sem
Changelog[v19-rc3]:
- Don't free sma if it's an error on restore
Changelog[v18]:
- Handle kmalloc failure in restore_sem_array()
Changelog[v17]:
- Restore objects in the right namespace
- Forward declare struct msg_msg (instead of include linux/msg.h)
- Fix typo in comment
- Don't unlock ipc before calling freeary in error path
Cc: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Oren Laadan <orenl@cs.columbia.edu>
Acked-by: Serge E. Hallyn <serue@us.ibm.com>
Tested-by: Serge E. Hallyn <serue@us.ibm.com>
---
include/linux/checkpoint_hdr.h | 8 ++
ipc/Makefile | 2 +-
ipc/checkpoint.c | 4 -
ipc/checkpoint_sem.c | 240 ++++++++++++++++++++++++++++++++++++++++
ipc/sem.c | 11 +-
ipc/util.h | 8 ++
6 files changed, 261 insertions(+), 12 deletions(-)
create mode 100644 ipc/checkpoint_sem.c
diff --git a/include/linux/checkpoint_hdr.h b/include/linux/checkpoint_hdr.h
index 0349c9a..3ae2d7d 100644
--- a/include/linux/checkpoint_hdr.h
+++ b/include/linux/checkpoint_hdr.h
@@ -499,6 +499,14 @@ struct ckpt_hdr_ipc_msg_msg {
__u32 m_ts;
} __attribute__((aligned(8)));
+struct ckpt_hdr_ipc_sem {
+ struct ckpt_hdr h;
+ struct ckpt_hdr_ipc_perms perms;
+ __u64 sem_otime;
+ __u64 sem_ctime;
+ __u32 sem_nsems;
+} __attribute__((aligned(8)));
+
#define CKPT_TST_OVERFLOW_16(a, b) \
((sizeof(a) > sizeof(b)) && ((a) > SHORT_MAX))
diff --git a/ipc/Makefile b/ipc/Makefile
index ed46f37..55e38d4 100644
--- a/ipc/Makefile
+++ b/ipc/Makefile
@@ -10,4 +10,4 @@ obj-$(CONFIG_POSIX_MQUEUE) += mqueue.o msgutil.o $(obj_mq-y)
obj-$(CONFIG_IPC_NS) += namespace.o
obj-$(CONFIG_POSIX_MQUEUE_SYSCTL) += mq_sysctl.o
obj-$(CONFIG_SYSVIPC_CHECKPOINT) += checkpoint.o \
- checkpoint_shm.o checkpoint_msg.o
+ checkpoint_shm.o checkpoint_msg.o checkpoint_sem.o
diff --git a/ipc/checkpoint.c b/ipc/checkpoint.c
index dec8d6e..fa40e01 100644
--- a/ipc/checkpoint.c
+++ b/ipc/checkpoint.c
@@ -133,12 +133,10 @@ static int checkpoint_ipc_ns(struct ckpt_ctx *ctx, void *ptr)
return ret;
ret = checkpoint_ipc_any(ctx, ipc_ns, IPC_MSG_IDS,
CKPT_HDR_IPC_MSG, checkpoint_ipc_msg);
-#if 0 /* NEXT FEW PATCHES */
if (ret < 0)
return ret;
ret = checkpoint_ipc_any(ctx, ipc_ns, IPC_SEM_IDS,
CKPT_HDR_IPC_SEM, checkpoint_ipc_sem);
-#endif
return ret;
}
@@ -326,7 +324,6 @@ static void *restore_ipc_ns(struct ckpt_ctx *ctx)
ret = restore_ipc_any(ctx, ipc_ns, IPC_SHM_IDS,
CKPT_HDR_IPC_SHM, restore_ipc_shm);
-#if 0 /* NEXT FEW PATCHES */
if (ret < 0)
goto out;
ret = restore_ipc_any(ctx, ipc_ns, IPC_MSG_IDS,
@@ -335,7 +332,6 @@ static void *restore_ipc_ns(struct ckpt_ctx *ctx)
goto out;
ret = restore_ipc_any(ctx, ipc_ns, IPC_SEM_IDS,
CKPT_HDR_IPC_SEM, restore_ipc_sem);
-#endif
if (ret < 0)
goto out;
diff --git a/ipc/checkpoint_sem.c b/ipc/checkpoint_sem.c
new file mode 100644
index 0000000..cfd6f96
--- /dev/null
+++ b/ipc/checkpoint_sem.c
@@ -0,0 +1,240 @@
+/*
+ * Checkpoint/restart - dump state of sysvipc sem
+ *
+ * Copyright (C) 2009 Oren Laadan
+ *
+ * This file is subject to the terms and conditions of the GNU General Public
+ * License. See the file COPYING in the main directory of the Linux
+ * distribution for more details.
+ */
+
+/* default debug level for output */
+#define CKPT_DFLAG CKPT_DIPC
+
+#include <linux/mm.h>
+#include <linux/sem.h>
+#include <linux/rwsem.h>
+#include <linux/sched.h>
+#include <linux/slab.h>
+#include <linux/syscalls.h>
+#include <linux/nsproxy.h>
+#include <linux/ipc_namespace.h>
+
+struct msg_msg;
+#include "util.h"
+
+#include <linux/checkpoint.h>
+
+/************************************************************************
+ * ipc checkpoint
+ */
+
+/* called with the msgids->rw_mutex is read-held */
+static int fill_ipc_sem_hdr(struct ckpt_ctx *ctx,
+ struct ckpt_hdr_ipc_sem *h,
+ struct sem_array *sem)
+{
+ int ret = 0;
+
+ ret = checkpoint_fill_ipc_perms(&h->perms, &sem->sem_perm);
+ if (ret < 0)
+ return ret;
+
+ ipc_lock_by_ptr(&sem->sem_perm);
+ h->sem_otime = sem->sem_otime;
+ h->sem_ctime = sem->sem_ctime;
+ h->sem_nsems = sem->sem_nsems;
+ ipc_unlock(&sem->sem_perm);
+
+ ckpt_debug("sem: nsems %u\n", h->sem_nsems);
+
+ return 0;
+}
+
+/**
+ * ckpt_write_sem_array - dump the state of a semaphore array
+ * @ctx: checkpoint context
+ * @sem: semphore array
+ *
+ * The state of a sempahore is an array of 'struct sem'. This structure
+ * is {int, int}, which translates to the same format {32 bits, 32 bits}
+ * on both 32- and 64-bit architectures. So we simply dump the array.
+ *
+ * The sem-undo information is not saved per ipc_ns, but rather per task.
+ */
+static int checkpoint_sem_array(struct ckpt_ctx *ctx, struct sem_array *sem)
+{
+ /* this is a "best-effort" test, so lock not needed */
+ if (!list_empty(&sem->sem_pending))
+ return -EBUSY;
+
+ /* our caller holds the mutex, so this is safe */
+ return ckpt_write_buffer(ctx, sem->sem_base,
+ sem->sem_nsems * sizeof(*sem->sem_base));
+}
+
+/* called with the msgids->rw_mutex is read-held */
+int checkpoint_ipc_sem(int id, void *p, void *data)
+{
+ struct ckpt_hdr_ipc_sem *h;
+ struct ckpt_ctx *ctx = (struct ckpt_ctx *) data;
+ struct kern_ipc_perm *perm = (struct kern_ipc_perm *) p;
+ struct sem_array *sem;
+ int ret;
+
+ sem = container_of(perm, struct sem_array, sem_perm);
+
+ h = ckpt_hdr_get_type(ctx, sizeof(*h), CKPT_HDR_IPC_SEM);
+ if (!h)
+ return -ENOMEM;
+
+ ret = fill_ipc_sem_hdr(ctx, h, sem);
+ if (ret < 0)
+ goto out;
+
+ ret = ckpt_write_obj(ctx, &h->h);
+ if (ret < 0)
+ goto out;
+
+ if (h->sem_nsems)
+ ret = checkpoint_sem_array(ctx, sem);
+ out:
+ ckpt_hdr_put(ctx, h);
+ return ret;
+}
+
+/************************************************************************
+ * ipc restart
+ */
+
+/* called with the msgids->rw_mutex is write-held */
+static int load_ipc_sem_hdr(struct ckpt_ctx *ctx,
+ struct ckpt_hdr_ipc_sem *h,
+ struct sem_array *sem)
+{
+ int ret = 0;
+
+ ret = restore_load_ipc_perms(&h->perms, &sem->sem_perm);
+ if (ret < 0)
+ return ret;
+
+ ckpt_debug("sem: nsems %u\n", h->sem_nsems);
+
+ sem->sem_otime = h->sem_otime;
+ sem->sem_ctime = h->sem_ctime;
+ sem->sem_nsems = h->sem_nsems;
+
+ return 0;
+}
+
+/**
+ * ckpt_read_sem_array - read the state of a semaphore array
+ * @ctx: checkpoint context
+ * @sem: semphore array
+ *
+ * Expect the data in an array of 'struct sem': {32 bit, 32 bit}.
+ * See comment in ckpt_write_sem_array().
+ *
+ * The sem-undo information is not restored per ipc_ns, but rather per task.
+ */
+static struct sem *restore_sem_array(struct ckpt_ctx *ctx, int nsems)
+{
+ struct sem *sma;
+ int i, ret;
+
+ sma = kmalloc(nsems * sizeof(*sma), GFP_KERNEL);
+ if (!sma)
+ return ERR_PTR(-ENOMEM);
+ ret = _ckpt_read_buffer(ctx, sma, nsems * sizeof(*sma));
+ if (ret < 0)
+ goto out;
+
+ /* validate sem array contents */
+ for (i = 0; i < nsems; i++) {
+ if (sma[i].semval < 0 || sma[i].sempid < 0) {
+ ret = -EINVAL;
+ break;
+ }
+ }
+ out:
+ if (ret < 0) {
+ kfree(sma);
+ sma = ERR_PTR(ret);
+ }
+ return sma;
+}
+
+int restore_ipc_sem(struct ckpt_ctx *ctx, struct ipc_namespace *ns)
+{
+ struct ckpt_hdr_ipc_sem *h;
+ struct kern_ipc_perm *ipc;
+ struct sem_array *sem;
+ struct sem *sma = NULL;
+ struct ipc_ids *sem_ids = &ns->ids[IPC_SEM_IDS];
+ int semflag, ret;
+
+ h = ckpt_read_obj_type(ctx, sizeof(*h), CKPT_HDR_IPC_SEM);
+ if (IS_ERR(h))
+ return PTR_ERR(h);
+
+ ret = -EINVAL;
+ if (h->perms.id < 0)
+ goto out;
+ if (h->sem_nsems < 0)
+ goto out;
+
+ /* read sempahore array state */
+ sma = restore_sem_array(ctx, h->sem_nsems);
+ if (IS_ERR(sma)) {
+ ret = PTR_ERR(sma);
+ sma = NULL;
+ goto out;
+ }
+
+ /* restore the message queue now */
+ semflag = h->perms.mode | IPC_CREAT | IPC_EXCL;
+ ckpt_debug("sem: do_semget key %d flag %#x id %d\n",
+ h->perms.key, semflag, h->perms.id);
+ ret = do_semget(ns, h->perms.key, h->sem_nsems, semflag, h->perms.id);
+ ckpt_debug("sem: do_semget ret %d\n", ret);
+ if (ret < 0)
+ goto out;
+
+ down_write(&sem_ids->rw_mutex);
+
+ /*
+ * We are the sole owners/users of this brand new ipc-ns, so:
+ *
+ * 1) The semid could not have been deleted between its creation
+ * and taking the rw_mutex above.
+ * 2) No unauthorized task will attempt to gain access to it,
+ * so it is safe to do away with ipc_lock(). This is useful
+ * because we can call functions that sleep.
+ * 3) Likewise, we only restore the security bits further below,
+ * so it is safe to ignore this (theoretical only!) race.
+ *
+ * If/when we allow to restore the ipc state within the parent's
+ * ipc-ns, we will need to re-examine this.
+ */
+ ipc = ipc_lock(sem_ids, h->perms.id);
+ BUG_ON(IS_ERR(ipc));
+
+ sem = container_of(ipc, struct sem_array, sem_perm);
+ memcpy(sem->sem_base, sma, sem->sem_nsems * sizeof(*sma));
+
+ /* this is safe because no unauthorized access is possible */
+ ipc_unlock(ipc);
+
+ ret = load_ipc_sem_hdr(ctx, h, sem);
+ if (ret < 0) {
+ ipc_lock_by_ptr(&sem->sem_perm);
+ ckpt_debug("sem: need to remove (%d)\n", ret);
+ freeary(ns, ipc);
+ ipc_unlock(ipc);
+ }
+ up_write(&sem_ids->rw_mutex);
+ out:
+ kfree(sma);
+ ckpt_hdr_put(ctx, h);
+ return ret;
+}
diff --git a/ipc/sem.c b/ipc/sem.c
index faed3a3..37da85e 100644
--- a/ipc/sem.c
+++ b/ipc/sem.c
@@ -93,7 +93,6 @@
#define sem_checkid(sma, semid) ipc_checkid(&sma->sem_perm, semid)
static int newary(struct ipc_namespace *, struct ipc_params *, int);
-static void freeary(struct ipc_namespace *, struct kern_ipc_perm *);
#ifdef CONFIG_PROC_FS
static int sysvipc_sem_proc_show(struct seq_file *s, void *it);
#endif
@@ -317,14 +316,12 @@ static inline int sem_more_checks(struct kern_ipc_perm *ipcp,
return 0;
}
-int do_semget(key_t key, int nsems, int semflg, int req_id)
+int do_semget(struct ipc_namespace *ns, key_t key, int nsems,
+ int semflg, int req_id)
{
- struct ipc_namespace *ns;
struct ipc_ops sem_ops;
struct ipc_params sem_params;
- ns = current->nsproxy->ipc_ns;
-
if (nsems < 0 || nsems > ns->sc_semmsl)
return -EINVAL;
@@ -341,7 +338,7 @@ int do_semget(key_t key, int nsems, int semflg, int req_id)
SYSCALL_DEFINE3(semget, key_t, key, int, nsems, int, semflg)
{
- return do_semget(key, nsems, semflg, -1);
+ return do_semget(current->nsproxy->ipc_ns, key, nsems, semflg, -1);
}
/*
@@ -574,7 +571,7 @@ static void free_un(struct rcu_head *head)
* as a writer and the spinlock for this semaphore set hold. sem_ids.rw_mutex
* remains locked on exit.
*/
-static void freeary(struct ipc_namespace *ns, struct kern_ipc_perm *ipcp)
+void freeary(struct ipc_namespace *ns, struct kern_ipc_perm *ipcp)
{
struct sem_undo *un, *tu;
struct sem_queue *q, *tq;
diff --git a/ipc/util.h b/ipc/util.h
index 8a223f0..ba080de 100644
--- a/ipc/util.h
+++ b/ipc/util.h
@@ -193,6 +193,11 @@ void do_shm_rmid(struct ipc_namespace *ns, struct kern_ipc_perm *ipcp);
int do_msgget(struct ipc_namespace *ns, key_t key, int msgflg, int req_id);
void freeque(struct ipc_namespace *ns, struct kern_ipc_perm *ipcp);
+int do_semget(struct ipc_namespace *ns, key_t key, int nsems, int semflg,
+ int req_id);
+void freeary(struct ipc_namespace *ns, struct kern_ipc_perm *ipcp);
+
+
#ifdef CONFIG_CHECKPOINT
extern int checkpoint_fill_ipc_perms(struct ckpt_hdr_ipc_perms *h,
struct kern_ipc_perm *perm);
@@ -205,6 +210,9 @@ extern int restore_ipc_shm(struct ckpt_ctx *ctx, struct ipc_namespace *ns);
extern int checkpoint_ipc_msg(int id, void *p, void *data);
extern int restore_ipc_msg(struct ckpt_ctx *ctx, struct ipc_namespace *ns);
+
+extern int checkpoint_ipc_sem(int id, void *p, void *data);
+extern int restore_ipc_sem(struct ckpt_ctx *ctx, struct ipc_namespace *ns);
#endif
#endif
--
1.6.3.3
^ permalink raw reply related [flat|nested] 137+ messages in thread* [PATCH v21 058/100] c/r: (s390): expose a constant for the number of words (CRs)
2010-05-01 14:14 [PATCH v21 00/100] Kernel based checkpoint/restart Oren Laadan
` (56 preceding siblings ...)
2010-05-01 14:15 ` [PATCH v21 057/100] c/r: support semaphore sysv-ipc Oren Laadan
@ 2010-05-01 14:15 ` Oren Laadan
2010-05-01 14:15 ` [PATCH v21 059/100] c/r: add CKPT_COPY() macro Oren Laadan
` (43 subsequent siblings)
101 siblings, 0 replies; 137+ messages in thread
From: Oren Laadan @ 2010-05-01 14:15 UTC (permalink / raw)
To: Andrew Morton
Cc: containers, linux-kernel, Serge Hallyn, Matt Helsley,
Pavel Emelyanov, Oren Laadan, linux-s390, Dan Smith
We need to use this value in the checkpoint/restart code and would like to
have a constant instead of a magic '3'.
Changelog:
Jan 20:
. Define s390x sys_restart wrapper
Mar 30:
. Add CHECKPOINT_SUPPORT in Kconfig (Nathan Lynch)
Mar 03:
. Picked up additional use of magic '3' in ptrace.h
Cc: linux-s390@vger.kernel.org
Signed-off-by: Dan Smith <danms@us.ibm.com>
Acked-by: Serge E. Hallyn <serue@us.ibm.com>
Tested-by: Serge E. Hallyn <serue@us.ibm.com>
---
arch/s390/Kconfig | 4 ++++
arch/s390/kernel/process.c | 8 ++++++++
2 files changed, 12 insertions(+), 0 deletions(-)
diff --git a/arch/s390/Kconfig b/arch/s390/Kconfig
index 0d8cd9b..b358e63 100644
--- a/arch/s390/Kconfig
+++ b/arch/s390/Kconfig
@@ -49,6 +49,10 @@ config GENERIC_TIME_VSYSCALL
config GENERIC_CLOCKEVENTS
def_bool y
+config CHECKPOINT_SUPPORT
+ bool
+ default y if 64BIT
+
config GENERIC_BUG
bool
depends on BUG
diff --git a/arch/s390/kernel/process.c b/arch/s390/kernel/process.c
index 799cbb0..15f5719 100644
--- a/arch/s390/kernel/process.c
+++ b/arch/s390/kernel/process.c
@@ -240,6 +240,14 @@ SYSCALL_DEFINE4(clone, unsigned long, newsp, unsigned long, clone_flags,
parent_tidptr, child_tidptr);
}
+#ifdef CONFIG_CHECKPOINT
+SYSCALL_DEFINE4(restart, pid_t, pid, int, fd, unsigned long, flags,
+ int, logfd)
+{
+ return do_sys_restart(pid, fd, flags, logfd);
+}
+#endif
+
SYSCALL_DEFINE4(eclone, unsigned int, flags_low, struct clone_args __user *,
uca, int, args_size, pid_t __user *, pids)
{
--
1.6.3.3
^ permalink raw reply related [flat|nested] 137+ messages in thread* [PATCH v21 059/100] c/r: add CKPT_COPY() macro
2010-05-01 14:14 [PATCH v21 00/100] Kernel based checkpoint/restart Oren Laadan
` (57 preceding siblings ...)
2010-05-01 14:15 ` [PATCH v21 058/100] c/r: (s390): expose a constant for the number of words (CRs) Oren Laadan
@ 2010-05-01 14:15 ` Oren Laadan
2010-05-01 14:15 ` [PATCH v21 060/100] c/r: define s390-specific checkpoint-restart code Oren Laadan
` (42 subsequent siblings)
101 siblings, 0 replies; 137+ messages in thread
From: Oren Laadan @ 2010-05-01 14:15 UTC (permalink / raw)
To: Andrew Morton
Cc: containers, linux-kernel, Serge Hallyn, Matt Helsley,
Pavel Emelyanov, Dan Smith, linux-s390, Oren Laadan
From: Dan Smith <danms@us.ibm.com>
As suggested by Dave[1], this provides us a way to make the copy-in and
copy-out processes symmetric. CKPT_COPY_ARRAY() provides us a way to do
the same thing but for arrays. It's not critical, but it helps us unify
the checkpoint and restart paths for some things.
Changelog:
Mar 04:
. Removed semicolons
. Added build-time check for __must_be_array in CKPT_COPY_ARRAY
Feb 27:
. Changed CKPT_COPY() to use assignment, eliminating the need
for the CKPT_COPY_BIT() macro
. Add CKPT_COPY_ARRAY() macro to help copying register arrays,
etc
. Move the macro definitions inside the CR #ifdef
Feb 25:
. Changed WARN_ON() to BUILD_BUG_ON()
Cc: linux-s390@vger.kernel.org
Signed-off-by: Dan Smith <danms@us.ibm.com>
Signed-off-by: Oren Laadan <orenl@cs.columbia.edu>
Acked-by: Serge E. Hallyn <serue@us.ibm.com>
Tested-by: Serge E. Hallyn <serue@us.ibm.com>
1: https://lists.linux-foundation.org/pipermail/containers/2009-February/015821.html (all the way at the bottom)
---
include/linux/checkpoint.h | 28 ++++++++++++++++++++++++++++
1 files changed, 28 insertions(+), 0 deletions(-)
diff --git a/include/linux/checkpoint.h b/include/linux/checkpoint.h
index 2f72a6a..cd76f70 100644
--- a/include/linux/checkpoint.h
+++ b/include/linux/checkpoint.h
@@ -246,6 +246,34 @@ static inline int ckpt_validate_errno(int errno)
return (errno >= 0) && (errno < MAX_ERRNO);
}
+/* useful macros to copy fields and buffers to/from ckpt_hdr_xxx structures */
+#define CKPT_CPT 1
+#define CKPT_RST 2
+
+#define CKPT_COPY(op, SAVE, LIVE) \
+ do { \
+ if (op == CKPT_CPT) \
+ SAVE = LIVE; \
+ else \
+ LIVE = SAVE; \
+ } while (0)
+
+/*
+ * Copy @count items from @LIVE to @SAVE if op is CKPT_CPT (otherwise,
+ * copy in the reverse direction)
+ */
+#define CKPT_COPY_ARRAY(op, SAVE, LIVE, count) \
+ do { \
+ (void)__must_be_array(SAVE); \
+ (void)__must_be_array(LIVE); \
+ BUILD_BUG_ON(sizeof(*SAVE) != sizeof(*LIVE)); \
+ if (op == CKPT_CPT) \
+ memcpy(SAVE, LIVE, count * sizeof(*SAVE)); \
+ else \
+ memcpy(LIVE, SAVE, count * sizeof(*SAVE)); \
+ } while (0)
+
+
/* debugging flags */
#define CKPT_DBASE 0x1 /* anything */
#define CKPT_DSYS 0x2 /* generic (system) */
--
1.6.3.3
^ permalink raw reply related [flat|nested] 137+ messages in thread* [PATCH v21 060/100] c/r: define s390-specific checkpoint-restart code
2010-05-01 14:14 [PATCH v21 00/100] Kernel based checkpoint/restart Oren Laadan
` (58 preceding siblings ...)
2010-05-01 14:15 ` [PATCH v21 059/100] c/r: add CKPT_COPY() macro Oren Laadan
@ 2010-05-01 14:15 ` Oren Laadan
2010-05-01 14:15 ` [PATCH v21 061/100] c/r: capabilities: define checkpoint and restore fns Oren Laadan
` (41 subsequent siblings)
101 siblings, 0 replies; 137+ messages in thread
From: Oren Laadan @ 2010-05-01 14:15 UTC (permalink / raw)
To: Andrew Morton
Cc: containers, linux-kernel, Serge Hallyn, Matt Helsley,
Pavel Emelyanov, Dan Smith, linux-s390
From: Dan Smith <danms@us.ibm.com>
Implement the s390 arch-specific checkpoint/restart helpers. This
is on top of Oren Laadan's c/r code.
With these, I am able to checkpoint and restart simple programs as per
Oren's patch intro. While on x86 I never had to freeze a single task
to checkpoint it, on s390 I do need to. That is a prereq for consistent
snapshots (esp with multiple processes) anyway so I don't see that as
a problem.
Changelog [v21]:
- Do not include checkpoint_hdr.h explicitly
Changelog [v20]:
- [Serge Hallyn] save_access_regs for self-checkpoint
- [Serge Hallyn] send uses_interp=1 to arch_setup_additional_pages
Changelog [v19]:
- [Serge Hallyn] Move get_signal_to_deliver() up in do_signal
Changelog [v19-rc3]:
- [Serge Hallyn] Ue simpler test_task_thread to test current ti flags
- [Serge Hallyn] Fix 31-bit s390 checkpoint/restart wrappers
- [Serge Hallyn] Update sys_checkpoint (do_sys_checkpoint on all archs)
- [Oren Laadan] Move checkpoint.c from arch/s390/mm->arch/s390/kernel
Changelog [v19-rc1]:
- [Matt Helsley] Add cpp definitions for enums
Changelog:
Jun 15:
. Fix checkpoint and restart compat wrappers
May 28:
. Export asm/checkpoint_hdr.h to userspace
. Define CKPT_ARCH_ID for S390
Apr 11:
. Introduce ckpt_arch_vdso()
Feb 27:
. Add checkpoint_s390.h
. Fixed up save and restore of PSW, with the non-address bits
properly masked out
Feb 25:
. Make checkpoint_hdr.h safe for inclusion in userspace
. Replace comment about vsdo code
. Add comment about restoring access registers
. Write and read an empty ckpt_hdr_head_arch record to appease
code (mktree) that expects it to be there
. Utilize NUM_CKPT_WORDS in checkpoint_hdr.h
Feb 24:
. Use CKPT_COPY() to unify the un/loading of cpu and mm state
. Fix fprs definition in ckpt_hdr_cpu
. Remove debug WARN_ON() from checkpoint.c
Feb 23:
. Macro-ize the un/packing of trace flags
. Fix the crash when externally-linked
. Break out the restart functions into restart.c
. Remove unneeded s390_enable_sie() call
Jan 30:
. Switched types in ckpt_hdr_cpu to __u64 etc.
(Per Oren suggestion)
. Replaced direct inclusion of structs in
ckpt_hdr_cpu with the struct members.
(Per Oren suggestion)
. Also ended up adding a bunch of new things
into restart (mm_segment, ksp, etc) in vain
attempt to get code using fpu to not segfault
after restart.
Cc: linux-s390@vger.kernel.org
Signed-off-by: Serge E. Hallyn <serue@us.ibm.com>
Signed-off-by: Dan Smith <danms@us.ibm.com>
Acked-by: Oren Laadan <orenl@cs.columbia.edu>
---
arch/s390/include/asm/Kbuild | 1 +
arch/s390/include/asm/checkpoint_hdr.h | 98 ++++++++++++
arch/s390/include/asm/thread_info.h | 2 +
arch/s390/include/asm/unistd.h | 4 +-
arch/s390/kernel/Makefile | 1 +
arch/s390/kernel/checkpoint.c | 254 ++++++++++++++++++++++++++++++++
arch/s390/kernel/compat_wrapper.S | 16 ++
arch/s390/kernel/process.c | 19 +++
arch/s390/kernel/signal.c | 16 ++
arch/s390/kernel/syscalls.S | 2 +
arch/s390/mm/Makefile | 1 +
arch/s390/mm/checkpoint_s390.h | 23 +++
include/linux/checkpoint_hdr.h | 3 +
mm/mmap.c | 9 +-
14 files changed, 447 insertions(+), 2 deletions(-)
create mode 100644 arch/s390/include/asm/checkpoint_hdr.h
create mode 100644 arch/s390/kernel/checkpoint.c
create mode 100644 arch/s390/mm/checkpoint_s390.h
diff --git a/arch/s390/include/asm/Kbuild b/arch/s390/include/asm/Kbuild
index 63a2341..3282a6e 100644
--- a/arch/s390/include/asm/Kbuild
+++ b/arch/s390/include/asm/Kbuild
@@ -8,6 +8,7 @@ header-y += ucontext.h
header-y += vtoc.h
header-y += zcrypt.h
header-y += chsc.h
+header-y += checkpoint_hdr.h
unifdef-y += cmb.h
unifdef-y += debug.h
diff --git a/arch/s390/include/asm/checkpoint_hdr.h b/arch/s390/include/asm/checkpoint_hdr.h
new file mode 100644
index 0000000..e3312c0
--- /dev/null
+++ b/arch/s390/include/asm/checkpoint_hdr.h
@@ -0,0 +1,98 @@
+#ifndef __ASM_S390_CKPT_HDR_H
+#define __ASM_S390_CKPT_HDR_H
+/*
+ * Checkpoint/restart - architecture specific headers s/390
+ *
+ * Copyright IBM Corp. 2009
+ *
+ * This file is subject to the terms and conditions of the GNU General Public
+ * License. See the file COPYING in the main directory of the Linux
+ * distribution for more details.
+ */
+
+#ifndef _CHECKPOINT_CKPT_HDR_H_
+#error asm/checkpoint_hdr.h included directly
+#endif
+
+#include <linux/types.h>
+#include <asm/ptrace.h>
+
+#ifdef __KERNEL__
+#include <asm/processor.h>
+#endif
+
+#ifdef CONFIG_64BIT
+#define CKPT_ARCH_ID CKPT_ARCH_S390X
+/* else - if we ever support 32bit - CKPT_ARCH_S390 */
+#endif
+
+/*
+ * Notes
+ * NUM_GPRS defined in <asm/ptrace.h> to be 16
+ * NUM_FPRS defined in <asm/ptrace.h> to be 16
+ * NUM_APRS defined in <asm/ptrace.h> to be 16
+ * NUM_CR_WORDS defined in <asm/ptrace.h> to be 3
+ * but is not yet in glibc headers.
+ */
+
+#ifndef NUM_CR_WORDS
+#define NUM_CR_WORDS 3
+#endif
+
+struct ckpt_hdr_cpu {
+ struct ckpt_hdr h;
+ __u64 args[1];
+ __u64 gprs[NUM_GPRS];
+ __u64 orig_gpr2;
+ __u16 svcnr;
+ __u16 ilc;
+ __u32 acrs[NUM_ACRS];
+ __u64 ieee_instruction_pointer;
+
+ /* psw_t */
+ __u64 psw_t_mask;
+ __u64 psw_t_addr;
+
+ /* s390_fp_regs_t */
+ __u32 fpc;
+ union {
+ float f;
+ double d;
+ __u64 ui;
+ struct {
+ __u32 fp_hi;
+ __u32 fp_lo;
+ } fp;
+ } fprs[NUM_FPRS];
+
+ /* per_struct */
+ __u64 per_control_regs[NUM_CR_WORDS];
+ __u64 starting_addr;
+ __u64 ending_addr;
+ __u64 address;
+ __u16 perc_atmid;
+ __u8 access_id;
+ __u8 single_step;
+ __u8 instruction_fetch;
+};
+
+struct ckpt_hdr_thread {
+ struct ckpt_hdr h;
+ __u64 thread_info_flags;
+};
+
+struct ckpt_hdr_mm_context {
+ struct ckpt_hdr h;
+ unsigned long vdso_base;
+ int noexec;
+ int has_pgste;
+ int alloc_pgste;
+ unsigned long asce_bits;
+ unsigned long asce_limit;
+};
+
+struct ckpt_hdr_header_arch {
+ struct ckpt_hdr h;
+};
+
+#endif /* __ASM_S390_CKPT_HDR__H */
diff --git a/arch/s390/include/asm/thread_info.h b/arch/s390/include/asm/thread_info.h
index 34f0873..60f932e 100644
--- a/arch/s390/include/asm/thread_info.h
+++ b/arch/s390/include/asm/thread_info.h
@@ -99,6 +99,7 @@ static inline struct thread_info *current_thread_info(void)
#define TIF_MEMDIE 18
#define TIF_RESTORE_SIGMASK 19 /* restore signal mask in do_signal() */
#define TIF_FREEZE 20 /* thread is freezing for suspend */
+#define TIF_SIG_RESTARTBLOCK 23 /* restart must set TIF_RESTART_SVC */
#define _TIF_NOTIFY_RESUME (1<<TIF_NOTIFY_RESUME)
#define _TIF_RESTORE_SIGMASK (1<<TIF_RESTORE_SIGMASK)
@@ -114,6 +115,7 @@ static inline struct thread_info *current_thread_info(void)
#define _TIF_POLLING_NRFLAG (1<<TIF_POLLING_NRFLAG)
#define _TIF_31BIT (1<<TIF_31BIT)
#define _TIF_FREEZE (1<<TIF_FREEZE)
+#define _TIF_SIG_RESTARTBLOCK (1<<TIF_SIG_RESTARTBLOCK)
#endif /* __KERNEL__ */
diff --git a/arch/s390/include/asm/unistd.h b/arch/s390/include/asm/unistd.h
index ff13be1..79a4178 100644
--- a/arch/s390/include/asm/unistd.h
+++ b/arch/s390/include/asm/unistd.h
@@ -270,7 +270,9 @@
#define __NR_rt_tgsigqueueinfo 330
#define __NR_perf_event_open 331
#define __NR_eclone 332
-#define NR_syscalls 333
+#define __NR_checkpoint 333
+#define __NR_restart 334
+#define NR_syscalls 335
/*
* There are some system calls that are not present on 64 bit, some
diff --git a/arch/s390/kernel/Makefile b/arch/s390/kernel/Makefile
index 64230bc..b472855 100644
--- a/arch/s390/kernel/Makefile
+++ b/arch/s390/kernel/Makefile
@@ -36,6 +36,7 @@ obj-$(CONFIG_SMP) += smp.o topology.o
obj-$(CONFIG_SMP) += $(if $(CONFIG_64BIT),switch_cpu64.o, \
switch_cpu.o)
obj-$(CONFIG_HIBERNATION) += suspend.o swsusp_asm64.o
+obj-$(CONFIG_CHECKPOINT) += checkpoint.o
obj-$(CONFIG_AUDIT) += audit.o
compat-obj-$(CONFIG_AUDIT) += compat_audit.o
obj-$(CONFIG_COMPAT) += compat_linux.o compat_signal.o \
diff --git a/arch/s390/kernel/checkpoint.c b/arch/s390/kernel/checkpoint.c
new file mode 100644
index 0000000..c0de4cd
--- /dev/null
+++ b/arch/s390/kernel/checkpoint.c
@@ -0,0 +1,254 @@
+/*
+ * Checkpoint/restart - architecture specific support for s390
+ *
+ * Copyright IBM Corp. 2009
+ *
+ * This file is subject to the terms and conditions of the GNU General Public
+ * License. See the file COPYING in the main directory of the Linux
+ * distribution for more details.
+ */
+
+#include <linux/kernel.h>
+#include <asm/system.h>
+#include <asm/pgtable.h>
+#include <asm/elf.h>
+#include <asm/unistd.h>
+
+#include <linux/checkpoint.h>
+
+/**************************************************************************
+ * Checkpoint
+ */
+
+static void s390_copy_regs(int op, struct ckpt_hdr_cpu *h,
+ struct task_struct *t)
+{
+ struct pt_regs *regs = task_pt_regs(t);
+ struct thread_struct *thr = &t->thread;
+
+ /* Save the whole PSW to facilitate forensic debugging, but only
+ * restore the address portion to avoid letting userspace do
+ * bad things by manipulating its value.
+ */
+ if (op == CKPT_CPT) {
+ CKPT_COPY(op, h->psw_t_addr, regs->psw.addr);
+ } else {
+ regs->psw.addr &= ~PSW_ADDR_INSN;
+ regs->psw.addr |= h->psw_t_addr;
+ }
+
+ CKPT_COPY(op, h->args[0], regs->args[0]);
+ CKPT_COPY(op, h->orig_gpr2, regs->orig_gpr2);
+ CKPT_COPY(op, h->svcnr, regs->svcnr);
+ CKPT_COPY(op, h->ilc, regs->ilc);
+ CKPT_COPY(op, h->ieee_instruction_pointer,
+ thr->ieee_instruction_pointer);
+ CKPT_COPY(op, h->psw_t_mask, regs->psw.mask);
+ CKPT_COPY(op, h->fpc, thr->fp_regs.fpc);
+ CKPT_COPY(op, h->starting_addr, thr->per_info.starting_addr);
+ CKPT_COPY(op, h->ending_addr, thr->per_info.ending_addr);
+ CKPT_COPY(op, h->address, thr->per_info.lowcore.words.address);
+ CKPT_COPY(op, h->perc_atmid, thr->per_info.lowcore.words.perc_atmid);
+ CKPT_COPY(op, h->access_id, thr->per_info.lowcore.words.access_id);
+ CKPT_COPY(op, h->single_step, thr->per_info.single_step);
+ CKPT_COPY(op, h->instruction_fetch, thr->per_info.instruction_fetch);
+
+ CKPT_COPY_ARRAY(op, h->gprs, regs->gprs, NUM_GPRS);
+ /*
+ * for checkpoint in process context (from within a container),
+ * the actual syscall is taking place at this very moment; so
+ * we (optimistically) subtitute the future return value (0) of
+ * this syscall into the orig_eax, so that upon restart it will
+ * succeed (or it will endlessly retry checkpoint...)
+ */
+ if (op == CKPT_CPT && t == current) {
+ BUG_ON(h->gprs[2] < 0);
+ h->gprs[2] = 0;
+ }
+
+ /*
+ * if a checkpoint was taken while interrupted from a restartable
+ * syscall, then treat this as though signr==0 (since we did not
+ * handle the signal) and finish the last part of do_signal
+ */
+ if (op == CKPT_RST && test_thread_flag(TIF_SIG_RESTARTBLOCK)) {
+ regs->gprs[2] = __NR_restart_syscall;
+ set_thread_flag(TIF_RESTART_SVC);
+ clear_thread_flag(TIF_SIG_RESTARTBLOCK);
+ }
+
+ CKPT_COPY_ARRAY(op, h->fprs, thr->fp_regs.fprs, NUM_FPRS);
+ if (op == CKPT_CPT && t == current)
+ save_access_regs(h->acrs);
+ else
+ CKPT_COPY_ARRAY(op, h->acrs, thr->acrs, NUM_ACRS);
+ CKPT_COPY_ARRAY(op, h->per_control_regs,
+ thr->per_info.control_regs.words.cr, NUM_CR_WORDS);
+}
+
+static void s390_mm(int op, struct ckpt_hdr_mm_context *h,
+ struct mm_struct *mm)
+{
+ CKPT_COPY(op, h->noexec, mm->context.noexec);
+ CKPT_COPY(op, h->has_pgste, mm->context.has_pgste);
+ CKPT_COPY(op, h->alloc_pgste, mm->context.alloc_pgste);
+ CKPT_COPY(op, h->asce_bits, mm->context.asce_bits);
+ CKPT_COPY(op, h->asce_limit, mm->context.asce_limit);
+}
+
+int checkpoint_thread(struct ckpt_ctx *ctx, struct task_struct *t)
+{
+ struct ckpt_hdr_thread *h;
+ int ret;
+
+ /* we will eventually support this, as we do on x86-64 */
+ if (test_tsk_thread_flag(t, TIF_31BIT)) {
+ ckpt_err(ctx, -EINVAL, "checkpoint of 31-bit task\n");
+ return -EINVAL;
+ }
+
+ h = ckpt_hdr_get_type(ctx, sizeof(*h), CKPT_HDR_THREAD);
+ if (!h)
+ return -ENOMEM;
+
+ h->thread_info_flags = task_thread_info(t)->flags;
+ ret = ckpt_write_obj(ctx, &h->h);
+ ckpt_hdr_put(ctx, h);
+
+ return ret;
+}
+
+/* dump the cpu state and registers of a given task */
+int checkpoint_cpu(struct ckpt_ctx *ctx, struct task_struct *t)
+{
+ struct ckpt_hdr_cpu *h;
+ int ret;
+
+ h = ckpt_hdr_get_type(ctx, sizeof(*h), CKPT_HDR_CPU);
+ if (!h)
+ return -ENOMEM;
+
+ s390_copy_regs(CKPT_CPT, h, t);
+
+ ret = ckpt_write_obj(ctx, (struct ckpt_hdr *) h);
+ ckpt_hdr_put(ctx, h);
+
+ return ret;
+}
+
+/* Write an empty header since it is assumed to be there */
+int checkpoint_write_header_arch(struct ckpt_ctx *ctx)
+{
+ struct ckpt_hdr_header_arch *h;
+ int ret;
+
+ h = ckpt_hdr_get_type(ctx, sizeof(*h), CKPT_HDR_HEADER_ARCH);
+ if (!h)
+ return -ENOMEM;
+
+ ret = ckpt_write_obj(ctx, (struct ckpt_hdr *) h);
+ ckpt_hdr_put(ctx, h);
+
+ return ret;
+}
+
+int checkpoint_mm_context(struct ckpt_ctx *ctx, struct mm_struct *mm)
+{
+ struct ckpt_hdr_mm_context *h;
+ int ret;
+
+ h = ckpt_hdr_get_type(ctx, sizeof(*h), CKPT_HDR_MM_CONTEXT);
+ if (!h)
+ return -ENOMEM;
+
+ s390_mm(CKPT_CPT, h, mm);
+
+ ret = ckpt_write_obj(ctx, (struct ckpt_hdr *) h);
+ ckpt_hdr_put(ctx, h);
+
+ return ret;
+}
+
+/**************************************************************************
+ * Restart
+ */
+
+int restore_thread(struct ckpt_ctx *ctx)
+{
+ struct ckpt_hdr_thread *h;
+
+ /* a 31-bit task cannot call sys_restart right now */
+ if (test_thread_flag(TIF_31BIT)) {
+ ckpt_err(ctx, -EINVAL, "restart from 31-bit task\n");
+ return -EINVAL;
+ }
+
+ h = ckpt_read_obj_type(ctx, sizeof(*h), CKPT_HDR_THREAD);
+ if (IS_ERR(h))
+ return PTR_ERR(h);
+
+ /*
+ * If we were checkpointed while do_signal() interrupted a
+ * syscall with restart blocks, then we have some cleanup to
+ * do at end of restart, in order to finish our pretense of
+ * having handled signr==0. (See last part of do_signal).
+ *
+ * We can't set gprs[2] here bc we haven't copied registers
+ * yet, that happens later in restore_cpu(). So re-set the
+ * TIF_SIG_RESTARTBLOCK thread flag so we can detect it
+ * at restore_cpu()->s390_copy_regs() and do the right thing.
+ */
+ if (h->thread_info_flags & _TIF_SIG_RESTARTBLOCK)
+ set_thread_flag(TIF_SIG_RESTARTBLOCK);
+
+ ckpt_hdr_put(ctx, h);
+
+ return 0;
+}
+
+int restore_cpu(struct ckpt_ctx *ctx)
+{
+ struct ckpt_hdr_cpu *h;
+
+ h = ckpt_read_obj_type(ctx, sizeof(*h), CKPT_HDR_CPU);
+ if (IS_ERR(h))
+ return PTR_ERR(h);
+
+ s390_copy_regs(CKPT_RST, h, current);
+
+ /* s390 does not restore the access registers after a syscall,
+ * but does on a task switch. Since we're switching tasks (in
+ * a way), we need to replicate that behavior here.
+ */
+ restore_access_regs(h->acrs);
+
+ ckpt_hdr_put(ctx, h);
+ return 0;
+}
+
+int restore_read_header_arch(struct ckpt_ctx *ctx)
+{
+ struct ckpt_hdr_header_arch *h;
+
+ h = ckpt_read_obj_type(ctx, sizeof(*h), CKPT_HDR_HEADER_ARCH);
+ if (IS_ERR(h))
+ return PTR_ERR(h);
+
+ ckpt_hdr_put(ctx, h);
+ return 0;
+}
+
+
+int restore_mm_context(struct ckpt_ctx *ctx, struct mm_struct *mm)
+{
+ struct ckpt_hdr_mm_context *h;
+
+ h = ckpt_read_obj_type(ctx, sizeof(*h), CKPT_HDR_MM_CONTEXT);
+ if (IS_ERR(h))
+ return PTR_ERR(h);
+
+ s390_mm(CKPT_RST, h, mm);
+
+ ckpt_hdr_put(ctx, h);
+ return 0;
+}
diff --git a/arch/s390/kernel/compat_wrapper.S b/arch/s390/kernel/compat_wrapper.S
index b7bedfa..d57e5e0 100644
--- a/arch/s390/kernel/compat_wrapper.S
+++ b/arch/s390/kernel/compat_wrapper.S
@@ -1861,3 +1861,19 @@ sys32_execve_wrapper:
llgtr %r3,%r3 # compat_uptr_t *
llgtr %r4,%r4 # compat_uptr_t *
jg sys32_execve # branch to system call
+
+ .globl sys_checkpoint_wrapper
+sys_checkpoint_wrapper:
+ lgfr %r2,%r2 # pid_t
+ lgfr %r3,%r3 # int
+ llgfr %r4,%r4 # unsigned long
+ lgfr %r5,%r5 # int
+ jg sys_checkpoint
+
+ .globl sys_restart_wrapper
+sys_restart_wrapper:
+ lgfr %r2,%r2 # pid_t
+ lgfr %r3,%r3 # int
+ llgfr %r4,%r4 # unsigned long
+ lgfr %r5,%r5 # int
+ jg sys_restart
diff --git a/arch/s390/kernel/process.c b/arch/s390/kernel/process.c
index 15f5719..efc7e8a 100644
--- a/arch/s390/kernel/process.c
+++ b/arch/s390/kernel/process.c
@@ -32,6 +32,7 @@
#include <linux/kernel_stat.h>
#include <linux/syscalls.h>
#include <linux/compat.h>
+#include <linux/checkpoint.h>
#include <asm/compat.h>
#include <asm/uaccess.h>
#include <asm/pgtable.h>
@@ -241,11 +242,29 @@ SYSCALL_DEFINE4(clone, unsigned long, newsp, unsigned long, clone_flags,
}
#ifdef CONFIG_CHECKPOINT
+SYSCALL_DEFINE4(checkpoint, pid_t, pid, int, fd, unsigned long, flags,
+ int, logfd)
+{
+ return do_sys_checkpoint(pid, fd, flags, logfd);
+}
+
SYSCALL_DEFINE4(restart, pid_t, pid, int, fd, unsigned long, flags,
int, logfd)
{
return do_sys_restart(pid, fd, flags, logfd);
}
+#else
+SYSCALL_DEFINE4(checkpoint, pid_t, pid, int, fd, unsigned long, flags,
+ int, logfd)
+{
+ return -ENOSYS;
+}
+
+SYSCALL_DEFINE4(restart, pid_t, pid, int, fd, unsigned long, flags,
+ int, logfd)
+{
+ return -ENOSYS;
+}
#endif
SYSCALL_DEFINE4(eclone, unsigned int, flags_low, struct clone_args __user *,
diff --git a/arch/s390/kernel/signal.c b/arch/s390/kernel/signal.c
index 6289945..83425b1 100644
--- a/arch/s390/kernel/signal.c
+++ b/arch/s390/kernel/signal.c
@@ -459,6 +459,16 @@ void do_signal(struct pt_regs *regs)
break;
case -ERESTART_RESTARTBLOCK:
regs->gprs[2] = -EINTR;
+ /*
+ * This condition is the only one which requires
+ * special care after handling a signr==0. So if
+ * we get frozen and checkpointed at the
+ * get_signal_to_deliver() below, then we need
+ * to convey this condition to sys_restart() so it
+ * can set the restored thread up to run the restart
+ * block.
+ */
+ set_thread_flag(TIF_SIG_RESTARTBLOCK);
}
regs->svcnr = 0; /* Don't deal with this again. */
}
@@ -467,6 +477,12 @@ void do_signal(struct pt_regs *regs)
the debugger may change all our registers ... */
signr = get_signal_to_deliver(&info, &ka, regs, NULL);
+ /*
+ * we won't get frozen past this so clear the thread flag hinting
+ * to sys_restart that TIF_RESTART_SVC must be set.
+ */
+ clear_thread_flag(TIF_SIG_RESTARTBLOCK);
+
/* Depending on the signal settings we may need to revert the
decision to restart the system call. */
if (signr > 0 && regs->psw.addr == restart_addr) {
diff --git a/arch/s390/kernel/syscalls.S b/arch/s390/kernel/syscalls.S
index 08eab1d..9f1f28e 100644
--- a/arch/s390/kernel/syscalls.S
+++ b/arch/s390/kernel/syscalls.S
@@ -341,3 +341,5 @@ SYSCALL(sys_pwritev,sys_pwritev,compat_sys_pwritev_wrapper)
SYSCALL(sys_rt_tgsigqueueinfo,sys_rt_tgsigqueueinfo,compat_sys_rt_tgsigqueueinfo_wrapper) /* 330 */
SYSCALL(sys_perf_event_open,sys_perf_event_open,sys_perf_event_open_wrapper)
SYSCALL(sys_eclone,sys_eclone,sys_eclone_wrapper)
+SYSCALL(sys_checkpoint,sys_checkpoint,sys_checkpoint_wrapper)
+SYSCALL(sys_restart,sys_restart,sys_restart_wrapper)
diff --git a/arch/s390/mm/Makefile b/arch/s390/mm/Makefile
index eec0544..359a3bc 100644
--- a/arch/s390/mm/Makefile
+++ b/arch/s390/mm/Makefile
@@ -6,3 +6,4 @@ obj-y := init.o fault.o extmem.o mmap.o vmem.o pgtable.o maccess.o \
page-states.o
obj-$(CONFIG_CMM) += cmm.o
obj-$(CONFIG_HUGETLB_PAGE) += hugetlbpage.o
+obj-$(CONFIG_PAGE_STATES) += page-states.o
diff --git a/arch/s390/mm/checkpoint_s390.h b/arch/s390/mm/checkpoint_s390.h
new file mode 100644
index 0000000..c3bf24d
--- /dev/null
+++ b/arch/s390/mm/checkpoint_s390.h
@@ -0,0 +1,23 @@
+/*
+ * Checkpoint/restart - architecture specific support for s390
+ *
+ * Copyright IBM Corp. 2009
+ *
+ * This file is subject to the terms and conditions of the GNU General Public
+ * License. See the file COPYING in the main directory of the Linux
+ * distribution for more details.
+ */
+
+#ifndef _S390_CHECKPOINT_H
+#define _S390_CHECKPOINT_H
+
+#include <linux/checkpoint_hdr.h>
+#include <linux/sched.h>
+#include <linux/mm_types.h>
+
+extern void checkpoint_s390_regs(int op, struct ckpt_hdr_cpu *h,
+ struct task_struct *t);
+extern void checkpoint_s390_mm(int op, struct ckpt_hdr_mm_context *h,
+ struct mm_struct *mm);
+
+#endif /* _S390_CHECKPOINT_H */
diff --git a/include/linux/checkpoint_hdr.h b/include/linux/checkpoint_hdr.h
index 3ae2d7d..8f81da1 100644
--- a/include/linux/checkpoint_hdr.h
+++ b/include/linux/checkpoint_hdr.h
@@ -133,10 +133,13 @@ enum {
/* architecture */
enum {
+ /* do not change order (will break ABI) */
CKPT_ARCH_X86_32 = 1,
#define CKPT_ARCH_X86_32 CKPT_ARCH_X86_32
CKPT_ARCH_X86_64,
#define CKPT_ARCH_X86_64 CKPT_ARCH_X86_64
+ CKPT_ARCH_S390X,
+#define CKPT_ARCH_S390X CKPT_ARCH_S390X
};
/* shared objrects (objref) */
diff --git a/mm/mmap.c b/mm/mmap.c
index ddbe589..4b36b2a 100644
--- a/mm/mmap.c
+++ b/mm/mmap.c
@@ -2495,7 +2495,14 @@ int special_mapping_restore(struct ckpt_ctx *ctx,
ret = syscall32_setup_pages(NULL, h->vm_start, 0);
else
#endif
- ret = arch_setup_additional_pages(NULL, h->vm_start, 0);
+ /*
+ * Pass uses_interp=1 to arch_setup_additional_pages because
+ * s390 won't set up vdso if it is 0. Here it's safe to assume
+ * that there is a vdso in the checkpoint image, and therefore
+ * the checkpointed program was dynamically linked. The other
+ * architectures ignore uses_interp altogether.
+ */
+ ret = arch_setup_additional_pages(NULL, h->vm_start, 1);
#endif
return ret;
--
1.6.3.3
^ permalink raw reply related [flat|nested] 137+ messages in thread* [PATCH v21 061/100] c/r: capabilities: define checkpoint and restore fns
2010-05-01 14:14 [PATCH v21 00/100] Kernel based checkpoint/restart Oren Laadan
` (59 preceding siblings ...)
2010-05-01 14:15 ` [PATCH v21 060/100] c/r: define s390-specific checkpoint-restart code Oren Laadan
@ 2010-05-01 14:15 ` Oren Laadan
2010-05-01 14:15 ` [PATCH v21 062/100] c/r: checkpoint and restore task credentials Oren Laadan
` (40 subsequent siblings)
101 siblings, 0 replies; 137+ messages in thread
From: Oren Laadan @ 2010-05-01 14:15 UTC (permalink / raw)
To: Andrew Morton
Cc: containers, linux-kernel, Serge Hallyn, Matt Helsley,
Pavel Emelyanov, Andrew Morgan
From: Serge E. Hallyn <serue@us.ibm.com>
[ Andrew: I am punting on dealing with the subsystem cooperation
issues in this version, in favor of trying to get LSM issues
straightened out ]
An application checkpoint image will store capability sets
(and the bounding set) as __u64s. Define checkpoint and
restart functions to translate between those and kernel_cap_t's.
Define a common function do_capset_tocred() which applies capability
set changes to a passed-in struct cred.
The restore function uses do_capset_tocred() to apply the restored
capabilities to the struct cred being crafted, subject to the
current task's (task executing sys_restart()) permissions.
Changelog [v21]:
- [Serge Hallyn] CONFIG_SECURITY_FILE_CAPABILITIES has been gone awhile
Changelog [v19-rc1]:
- [Matt Helsley] Add cpp definitions for enums
Changelog:
Jun 09: Can't choose securebits or drop bounding set if
file capabilities aren't compiled into the kernel.
Also just store caps in __u32s (looks cleaner).
Jun 01: Made the checkpoint and restore functions and the
ckpt_hdr_capabilities struct more opaque to the
rest of the c/r code, as suggested by Andrew Morgan,
and using naming suggested by Oren.
Jun 01: Add commented BUILD_BUG_ON() to point out that the
current implementation depends on 64-bit capabilities.
(Andrew Morgan and Alexey Dobriyan).
May 28: add helpers to c/r securebits
Cc: Andrew Morgan <morgan@kernel.org>
Signed-off-by: Serge E. Hallyn <serue@us.ibm.com>
Acked-by: Oren Laadan <orenl@cs.columbia.edu>
---
include/linux/capability.h | 6 ++
include/linux/checkpoint_hdr.h | 12 +++
kernel/capability.c | 148 +++++++++++++++++++++++++++++++++++++---
security/commoncap.c | 19 +-----
4 files changed, 157 insertions(+), 28 deletions(-)
diff --git a/include/linux/capability.h b/include/linux/capability.h
index 39e5ff5..5abd86c 100644
--- a/include/linux/capability.h
+++ b/include/linux/capability.h
@@ -566,6 +566,12 @@ extern int capable(int cap);
struct dentry;
extern int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data *cpu_caps);
+struct cred;
+int apply_securebits(unsigned securebits, struct cred *new);
+struct ckpt_capabilities;
+int restore_capabilities(struct ckpt_capabilities *h, struct cred *new);
+void checkpoint_capabilities(struct ckpt_capabilities *h, struct cred * cred);
+
#endif /* __KERNEL__ */
#endif /* !_LINUX_CAPABILITY_H */
diff --git a/include/linux/checkpoint_hdr.h b/include/linux/checkpoint_hdr.h
index 8f81da1..9d725db 100644
--- a/include/linux/checkpoint_hdr.h
+++ b/include/linux/checkpoint_hdr.h
@@ -90,6 +90,8 @@ enum {
#define CKPT_HDR_UTS_NS CKPT_HDR_UTS_NS
CKPT_HDR_IPC_NS,
#define CKPT_HDR_IPC_NS CKPT_HDR_IPC_NS
+ CKPT_HDR_CAPABILITIES,
+#define CKPT_HDR_CAPABILITIES CKPT_HDR_CAPABILITIES
/* 201-299: reserved for arch-dependent */
@@ -254,6 +256,16 @@ struct ckpt_hdr_task {
__u64 clear_child_tid;
} __attribute__((aligned(8)));
+/* Posix capabilities */
+struct ckpt_capabilities {
+ __u32 cap_i_0, cap_i_1; /* inheritable set */
+ __u32 cap_p_0, cap_p_1; /* permitted set */
+ __u32 cap_e_0, cap_e_1; /* effective set */
+ __u32 cap_b_0, cap_b_1; /* bounding set */
+ __u32 securebits;
+ __u32 padding;
+} __attribute__((aligned(8)));
+
/* namespaces */
struct ckpt_hdr_task_ns {
struct ckpt_hdr h;
diff --git a/kernel/capability.c b/kernel/capability.c
index 9e4697e..c39d6b0 100644
--- a/kernel/capability.c
+++ b/kernel/capability.c
@@ -14,6 +14,8 @@
#include <linux/security.h>
#include <linux/syscalls.h>
#include <linux/pid_namespace.h>
+#include <linux/securebits.h>
+#include <linux/checkpoint.h>
#include <asm/uaccess.h>
#include "cred-internals.h"
@@ -215,6 +217,45 @@ SYSCALL_DEFINE2(capget, cap_user_header_t, header, cap_user_data_t, dataptr)
return ret;
}
+static int do_capset_tocred(kernel_cap_t *effective, kernel_cap_t *inheritable,
+ kernel_cap_t *permitted, struct cred *new)
+{
+ int ret;
+
+ ret = security_capset(new, current_cred(),
+ effective, inheritable, permitted);
+ if (ret < 0)
+ return ret;
+
+ /*
+ * for checkpoint-restart, do we want to wait until end of restart?
+ * not sure we care */
+ audit_log_capset(current->pid, new, current_cred());
+
+ return 0;
+}
+
+static int do_capset(kernel_cap_t *effective, kernel_cap_t *inheritable,
+ kernel_cap_t *permitted)
+{
+ struct cred *new;
+ int ret;
+
+ new = prepare_creds();
+ if (!new)
+ return -ENOMEM;
+
+ ret = do_capset_tocred(effective, inheritable, permitted, new);
+ if (ret < 0)
+ goto error;
+
+ return commit_creds(new);
+
+error:
+ abort_creds(new);
+ return ret;
+}
+
/**
* sys_capset - set capabilities for a process or (*) a group of processes
* @header: pointer to struct that contains capability version and
@@ -238,7 +279,6 @@ SYSCALL_DEFINE2(capset, cap_user_header_t, header, const cap_user_data_t, data)
struct __user_cap_data_struct kdata[_KERNEL_CAPABILITY_U32S];
unsigned i, tocopy, copybytes;
kernel_cap_t inheritable, permitted, effective;
- struct cred *new;
int ret;
pid_t pid;
@@ -272,23 +312,109 @@ SYSCALL_DEFINE2(capset, cap_user_header_t, header, const cap_user_data_t, data)
i++;
}
- new = prepare_creds();
- if (!new)
- return -ENOMEM;
+ return do_capset(&effective, &inheritable, &permitted);
- ret = security_capset(new, current_cred(),
- &effective, &inheritable, &permitted);
+}
+
+int apply_securebits(unsigned securebits, struct cred *new)
+{
+ if ((((new->securebits & SECURE_ALL_LOCKS) >> 1)
+ & (new->securebits ^ securebits)) /*[1]*/
+ || ((new->securebits & SECURE_ALL_LOCKS & ~securebits)) /*[2]*/
+ || (securebits & ~(SECURE_ALL_LOCKS | SECURE_ALL_BITS)) /*[3]*/
+ || (cap_capable(current, current_cred(), CAP_SETPCAP,
+ SECURITY_CAP_AUDIT) != 0) /*[4]*/
+ /*
+ * [1] no changing of bits that are locked
+ * [2] no unlocking of locks
+ * [3] no setting of unsupported bits
+ * [4] doing anything requires privilege (go read about
+ * the "sendmail capabilities bug")
+ */
+ )
+ /* cannot change a locked bit */
+ return -EPERM;
+ new->securebits = securebits;
+ return 0;
+}
+
+static void do_capbset_drop(struct cred *cred, int cap)
+{
+ cap_lower(cred->cap_bset, cap);
+}
+
+static inline int restore_cap_bset(kernel_cap_t bset, struct cred *cred)
+{
+ int i, may_dropbcap = capable(CAP_SETPCAP);
+
+ for (i = 0; i < CAP_LAST_CAP; i++) {
+ if (cap_raised(bset, i))
+ continue;
+ if (!cap_raised(current_cred()->cap_bset, i))
+ continue;
+ if (!may_dropbcap)
+ return -EPERM;
+ do_capbset_drop(cred, i);
+ }
+
+ return 0;
+}
+
+#ifdef CONFIG_CHECKPOINT
+static int do_restore_caps(struct ckpt_capabilities *h, struct cred *cred)
+{
+ kernel_cap_t effective, inheritable, permitted, bset;
+ int ret;
+
+ effective.cap[0] = h->cap_e_0;
+ effective.cap[1] = h->cap_e_1;
+ inheritable.cap[0] = h->cap_i_0;
+ inheritable.cap[1] = h->cap_i_1;
+ permitted.cap[0] = h->cap_p_0;
+ permitted.cap[1] = h->cap_p_1;
+ bset.cap[0] = h->cap_b_0;
+ bset.cap[1] = h->cap_b_1;
+
+ ret = do_capset_tocred(&effective, &inheritable, &permitted, cred);
if (ret < 0)
- goto error;
+ return ret;
- audit_log_capset(pid, new, current_cred());
+ ret = restore_cap_bset(bset, cred);
+ return ret;
+}
- return commit_creds(new);
+void checkpoint_capabilities(struct ckpt_capabilities *h, struct cred * cred)
+{
+ BUILD_BUG_ON(CAP_LAST_CAP >= 64);
+ h->securebits = cred->securebits;
+ h->cap_i_0 = cred->cap_inheritable.cap[0];
+ h->cap_i_1 = cred->cap_inheritable.cap[1];
+ h->cap_p_0 = cred->cap_permitted.cap[0];
+ h->cap_p_1 = cred->cap_permitted.cap[1];
+ h->cap_e_0 = cred->cap_effective.cap[0];
+ h->cap_e_1 = cred->cap_effective.cap[1];
+ h->cap_b_0 = cred->cap_bset.cap[0];
+ h->cap_b_1 = cred->cap_bset.cap[1];
+}
+
+/*
+ * restore_capabilities: called by restore_creds() to set the
+ * restored capabilities (if permitted) in a new struct cred which
+ * will be attached at the end of the sys_restart().
+ * struct cred *new is prepared by caller (using prepare_creds())
+ * (and aborted by caller on error)
+ * return 0 on success, < 0 on error
+ */
+int restore_capabilities(struct ckpt_capabilities *h, struct cred *new)
+{
+ int ret = do_restore_caps(h, new);
+
+ if (!ret)
+ ret = apply_securebits(h->securebits, new);
-error:
- abort_creds(new);
return ret;
}
+#endif /* CONFIG_CHECKPOINT */
/**
* capable - Determine if the current task has a superior capability in effect
diff --git a/security/commoncap.c b/security/commoncap.c
index 6166973..532b971 100644
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -828,24 +828,9 @@ int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3,
* capability-based-privilege environment.
*/
case PR_SET_SECUREBITS:
- error = -EPERM;
- if ((((new->securebits & SECURE_ALL_LOCKS) >> 1)
- & (new->securebits ^ arg2)) /*[1]*/
- || ((new->securebits & SECURE_ALL_LOCKS & ~arg2)) /*[2]*/
- || (arg2 & ~(SECURE_ALL_LOCKS | SECURE_ALL_BITS)) /*[3]*/
- || (cap_capable(current, current_cred(), CAP_SETPCAP,
- SECURITY_CAP_AUDIT) != 0) /*[4]*/
- /*
- * [1] no changing of bits that are locked
- * [2] no unlocking of locks
- * [3] no setting of unsupported bits
- * [4] doing anything requires privilege (go read about
- * the "sendmail capabilities bug")
- */
- )
- /* cannot change a locked bit */
+ error = apply_securebits(arg2, new);
+ if (error)
goto error;
- new->securebits = arg2;
goto changed;
case PR_GET_SECUREBITS:
--
1.6.3.3
^ permalink raw reply related [flat|nested] 137+ messages in thread* [PATCH v21 062/100] c/r: checkpoint and restore task credentials
2010-05-01 14:14 [PATCH v21 00/100] Kernel based checkpoint/restart Oren Laadan
` (60 preceding siblings ...)
2010-05-01 14:15 ` [PATCH v21 061/100] c/r: capabilities: define checkpoint and restore fns Oren Laadan
@ 2010-05-01 14:15 ` Oren Laadan
2010-05-01 14:15 ` [PATCH v21 063/100] c/r: restore file->f_cred Oren Laadan
` (39 subsequent siblings)
101 siblings, 0 replies; 137+ messages in thread
From: Oren Laadan @ 2010-05-01 14:15 UTC (permalink / raw)
To: Andrew Morton
Cc: containers, linux-kernel, Serge Hallyn, Matt Helsley,
Pavel Emelyanov, David Howells
From: Serge E. Hallyn <serue@us.ibm.com>
This patch adds the checkpointing and restart of credentials
(uids, gids, and capabilities) to Oren's c/r patchset (on top
of v14). It goes to great pains to re-use (and define when
needed) common helpers, in order to make sure that as security
code is modified, the cr code will be updated. Some of the
helpers should still be moved (i.e. _creds() functions should
be in kernel/cred.c).
When building the credentials for the restarted process, I
1. create a new struct cred as a copy of the running task's
cred (using prepare_cred())
2. always authorize any changes to the new struct cred
based on the permissions of current_cred() (not the current
transient state of the new cred).
While this may mean that certain transient_cred1->transient_cred2
states are allowed which otherwise wouldn't be allowed, the
fact remains that current_cred() is allowed to transition to
transient_cred2.
The reconstructed creds are applied to the task at the very
end of the sys_restart call. This ensures that any objects which
need to be re-created (file, socket, etc) are re-created using
the creds of the task calling sys_restart - preventing an unpriv
user from creating a privileged object, and ensuring that a
root task can restart a process which had started out privileged,
created some privileged objects, then dropped its privilege.
With these patches, the root user can restart checkpoint images
(created by either hallyn or root) of user hallyn's tasks,
resulting in a program owned by hallyn.
Changelog [v21]:
- Do not include checkpoint_hdr.h explicitly
- Replace __initcall() with late_initcall()
- Move userns c/r code from checkpoint/namespace.c to
kernel/{user,cred,user_namespace}.c
- [Serge Hallyn] Remove [] following individual ops definitions.
- [Serge Hallyn] Add prototypes for c/r funcs in user_namespace.c in
user.c when CONFIG_USER_NS=y
Changelog [v19-rc1]:
- [Matt Helsley] Add cpp definitions for enums
Changelog:
Sep 08: [NTL] discard const from struct cred * where appropriate
Jun 15: Fix user_ns handling when !CONFIG_USER_N
Set creator_ref=0 for root_ns (discard @flags)
Don't overwrite global user-ns if CONFIG_USER_NS
Jun 10: Merge with ckpt-v16-dev (Oren Laadan)
Jun 01: Don't check ordering of groups in group_info, bc
set_groups() will sort it for us.
May 28: 1. Restore securebits
2. Address Alexey's comments: move prototypes out of
sched.h, validate ngroups < NGROUPS_MAX, validate
groups are sorted, and get rid of ckpt_hdr_cred->version.
3. remove bogus unused flag RESTORE_CREATE_USERNS
May 26: Move group, user, userns, creds c/r functions out
of checkpoint/process.c and into the appropriate files.
May 26: Define struct ckpt_hdr_task_creds and move task cred
objref c/r into {checkpoint_restore}_task_shared().
May 26: Take cred refs around checkpoint_write_creds()
May 20: Remove the limit on number of groups in groupinfo
at checkpoint time
May 20: Remove the depth limit on empty user namespaces
May 20: Better document checkpoint_user
May 18: fix more refcounting: if (userns 5, uid 0) had
no active tasks or child user_namespaces, then
it shouldn't exist at restart or it, its namespace,
and its whole chain of creators will be leaked.
May 14: fix some refcounting:
1. a new user_ns needs a ref to remain pinned
by its root user
2. current_user_ns needs an extra ref bc objhash
drops two on restart
3. cred needs a ref for the real credentials bc
commit_creds eats one ref.
May 13: folded in fix to userns refcounting.
Cc: David Howells <dhowells@redhat.com>
Signed-off-by: Serge E. Hallyn <serue@us.ibm.com>
Acked-by: Oren Laadan <orenl@cs.columbia.edu>
[orenl@cs.columbia.edu: merge with ckpt-v16-dev]
---
include/linux/capability.h | 6 +-
include/linux/checkpoint.h | 1 +
include/linux/checkpoint_hdr.h | 67 ++++++++++
include/linux/checkpoint_types.h | 2 +
kernel/checkpoint/process.c | 128 ++++++++++++++++++-
kernel/cred.c | 144 +++++++++++++++++++++
kernel/groups.c | 86 +++++++++++++
kernel/user.c | 261 ++++++++++++++++++++++++++++++++++++++
kernel/user_namespace.c | 85 ++++++++++++
9 files changed, 774 insertions(+), 6 deletions(-)
diff --git a/include/linux/capability.h b/include/linux/capability.h
index 5abd86c..fe29a7d 100644
--- a/include/linux/capability.h
+++ b/include/linux/capability.h
@@ -567,10 +567,10 @@ struct dentry;
extern int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data *cpu_caps);
struct cred;
-int apply_securebits(unsigned securebits, struct cred *new);
+extern int apply_securebits(unsigned securebits, struct cred *new);
struct ckpt_capabilities;
-int restore_capabilities(struct ckpt_capabilities *h, struct cred *new);
-void checkpoint_capabilities(struct ckpt_capabilities *h, struct cred * cred);
+extern int restore_capabilities(struct ckpt_capabilities *h, struct cred *new);
+extern void checkpoint_capabilities(struct ckpt_capabilities *h, struct cred *cred);
#endif /* __KERNEL__ */
diff --git a/include/linux/checkpoint.h b/include/linux/checkpoint.h
index cd76f70..776de99 100644
--- a/include/linux/checkpoint.h
+++ b/include/linux/checkpoint.h
@@ -28,6 +28,7 @@
#include <linux/sched.h>
#include <linux/nsproxy.h>
#include <linux/ipc_namespace.h>
+#include <linux/user_namespace.h>
#include <linux/checkpoint_types.h>
#include <linux/checkpoint_hdr.h>
#include <linux/err.h>
diff --git a/include/linux/checkpoint_hdr.h b/include/linux/checkpoint_hdr.h
index 9d725db..8598eb5 100644
--- a/include/linux/checkpoint_hdr.h
+++ b/include/linux/checkpoint_hdr.h
@@ -92,6 +92,16 @@ enum {
#define CKPT_HDR_IPC_NS CKPT_HDR_IPC_NS
CKPT_HDR_CAPABILITIES,
#define CKPT_HDR_CAPABILITIES CKPT_HDR_CAPABILITIES
+ CKPT_HDR_USER_NS,
+#define CKPT_HDR_USER_NS CKPT_HDR_USER_NS
+ CKPT_HDR_CRED,
+#define CKPT_HDR_CRED CKPT_HDR_CRED
+ CKPT_HDR_USER,
+#define CKPT_HDR_USER CKPT_HDR_USER
+ CKPT_HDR_GROUPINFO,
+#define CKPT_HDR_GROUPINFO CKPT_HDR_GROUPINFO
+ CKPT_HDR_TASK_CREDS,
+#define CKPT_HDR_TASK_CREDS CKPT_HDR_TASK_CREDS
/* 201-299: reserved for arch-dependent */
@@ -169,6 +179,14 @@ enum obj_type {
#define CKPT_OBJ_UTS_NS CKPT_OBJ_UTS_NS
CKPT_OBJ_IPC_NS,
#define CKPT_OBJ_IPC_NS CKPT_OBJ_IPC_NS
+ CKPT_OBJ_USER_NS,
+#define CKPT_OBJ_USER_NS CKPT_OBJ_USER_NS
+ CKPT_OBJ_CRED,
+#define CKPT_OBJ_CRED CKPT_OBJ_CRED
+ CKPT_OBJ_USER,
+#define CKPT_OBJ_USER CKPT_OBJ_USER
+ CKPT_OBJ_GROUPINFO,
+#define CKPT_OBJ_GROUPINFO CKPT_OBJ_GROUPINFO
CKPT_OBJ_MAX
#define CKPT_OBJ_MAX CKPT_OBJ_MAX
};
@@ -252,6 +270,11 @@ struct ckpt_hdr_task {
__u32 robust_futex_head_len;
__u64 robust_futex_list; /* a __user ptr */
+#ifdef CONFIG_AUDITSYSCALL
+ /* would audit want to track the checkpointed ids,
+ or (more likely) who actually restarted? */
+#endif
+
__u64 set_child_tid;
__u64 clear_child_tid;
} __attribute__((aligned(8)));
@@ -266,6 +289,50 @@ struct ckpt_capabilities {
__u32 padding;
} __attribute__((aligned(8)));
+struct ckpt_hdr_task_creds {
+ struct ckpt_hdr h;
+ __s32 cred_ref;
+ __s32 ecred_ref;
+} __attribute__((aligned(8)));
+
+struct ckpt_hdr_cred {
+ struct ckpt_hdr h;
+ __u32 uid, suid, euid, fsuid;
+ __u32 gid, sgid, egid, fsgid;
+ __s32 user_ref;
+ __s32 groupinfo_ref;
+ struct ckpt_capabilities cap_s;
+} __attribute__((aligned(8)));
+
+struct ckpt_hdr_groupinfo {
+ struct ckpt_hdr h;
+ __u32 ngroups;
+ /*
+ * This is followed by ngroups __u32s
+ */
+ __u32 groups[0];
+} __attribute__((aligned(8)));
+
+/*
+ * todo - keyrings and LSM
+ * These may be better done with userspace help though
+ */
+struct ckpt_hdr_user_struct {
+ struct ckpt_hdr h;
+ __u32 uid;
+ __s32 userns_ref;
+} __attribute__((aligned(8)));
+
+/*
+ * The user-struct mostly tracks system resource usage.
+ * Most of it's contents therefore will simply be set
+ * correctly as restart opens resources
+ */
+struct ckpt_hdr_user_ns {
+ struct ckpt_hdr h;
+ __s32 creator_ref;
+} __attribute__((aligned(8)));
+
/* namespaces */
struct ckpt_hdr_task_ns {
struct ckpt_hdr h;
diff --git a/include/linux/checkpoint_types.h b/include/linux/checkpoint_types.h
index d1b893c..fe20842 100644
--- a/include/linux/checkpoint_types.h
+++ b/include/linux/checkpoint_types.h
@@ -25,6 +25,7 @@
struct ckpt_stats {
int uts_ns;
int ipc_ns;
+ int user_ns;
};
struct ckpt_ctx {
@@ -76,6 +77,7 @@ struct ckpt_ctx {
int active_pid; /* (next) position in pids array */
struct completion complete; /* container root and other tasks on */
wait_queue_head_t waitq; /* start, end, and restart ordering */
+ struct cred *realcred, *ecred; /* tmp storage for cred at restart */
struct ckpt_stats stats; /* statistics */
diff --git a/kernel/checkpoint/process.c b/kernel/checkpoint/process.c
index 68539bd..4bc76e0 100644
--- a/kernel/checkpoint/process.c
+++ b/kernel/checkpoint/process.c
@@ -19,6 +19,7 @@
#include <linux/poll.h>
#include <linux/utsname.h>
#include <linux/syscalls.h>
+#include <linux/user_namespace.h>
#include <linux/checkpoint.h>
@@ -135,6 +136,45 @@ static int checkpoint_task_ns(struct ckpt_ctx *ctx, struct task_struct *t)
return ret;
}
+static int checkpoint_task_creds(struct ckpt_ctx *ctx, struct task_struct *t)
+{
+ int realcred_ref, ecred_ref;
+ struct cred *rcred, *ecred;
+ struct ckpt_hdr_task_creds *h;
+ int ret;
+
+ rcred = (struct cred *) get_cred(t->real_cred);
+ ecred = (struct cred *) get_cred(t->cred);
+
+ realcred_ref = checkpoint_obj(ctx, rcred, CKPT_OBJ_CRED);
+ if (realcred_ref < 0) {
+ ret = realcred_ref;
+ goto error;
+ }
+
+ ecred_ref = checkpoint_obj(ctx, ecred, CKPT_OBJ_CRED);
+ if (ecred_ref < 0) {
+ ret = ecred_ref;
+ goto error;
+ }
+
+ h = ckpt_hdr_get_type(ctx, sizeof(*h), CKPT_HDR_TASK_CREDS);
+ if (!h) {
+ ret = -ENOMEM;
+ goto error;
+ }
+
+ h->cred_ref = realcred_ref;
+ h->ecred_ref = ecred_ref;
+ ret = ckpt_write_obj(ctx, (struct ckpt_hdr *) h);
+ ckpt_hdr_put(ctx, h);
+
+error:
+ put_cred(rcred);
+ put_cred(ecred);
+ return ret;
+}
+
static int checkpoint_task_objs(struct ckpt_ctx *ctx, struct task_struct *t)
{
struct ckpt_hdr_task_objs *h;
@@ -150,10 +190,19 @@ static int checkpoint_task_objs(struct ckpt_ctx *ctx, struct task_struct *t)
* restored when it gets to restore, e.g. its memory.
*/
+ ret = checkpoint_task_creds(ctx, t);
+ ckpt_debug("cred: objref %d\n", ret);
+ if (ret < 0) {
+ ckpt_err(ctx, ret, "%(T)process credentials\n");
+ return ret;
+ }
+
ret = checkpoint_task_ns(ctx, t);
ckpt_debug("ns: objref %d\n", ret);
- if (ret < 0)
+ if (ret < 0) {
+ ckpt_err(ctx, ret, "%(T)process namespaces\n");
return ret;
+ }
files_objref = checkpoint_obj_file_table(ctx, t);
ckpt_debug("files: objref %d\n", files_objref);
@@ -433,6 +482,39 @@ static int restore_task_ns(struct ckpt_ctx *ctx)
return ret;
}
+static int restore_task_creds(struct ckpt_ctx *ctx)
+{
+ struct ckpt_hdr_task_creds *h;
+ struct cred *realcred, *ecred;
+ int ret = 0;
+
+ h = ckpt_read_obj_type(ctx, sizeof(*h), CKPT_HDR_TASK_CREDS);
+ if (IS_ERR(h))
+ return PTR_ERR(h);
+
+ realcred = ckpt_obj_fetch(ctx, h->cred_ref, CKPT_OBJ_CRED);
+ if (IS_ERR(realcred)) {
+ ckpt_debug("Error %ld fetching realcred (ref %d)\n",
+ PTR_ERR(realcred), h->cred_ref);
+ ret = PTR_ERR(realcred);
+ goto out;
+ }
+ ecred = ckpt_obj_fetch(ctx, h->ecred_ref, CKPT_OBJ_CRED);
+ if (IS_ERR(ecred)) {
+ ckpt_debug("Error %ld fetching ecred (ref %d)\n",
+ PTR_ERR(ecred), h->ecred_ref);
+ ret = PTR_ERR(ecred);
+ goto out;
+ }
+ ctx->realcred = realcred;
+ ctx->ecred = ecred;
+
+out:
+ ckpt_debug("Returning %d\n", ret);
+ ckpt_hdr_put(ctx, h);
+ return ret;
+}
+
static int restore_task_objs(struct ckpt_ctx *ctx)
{
struct ckpt_hdr_task_objs *h;
@@ -443,13 +525,22 @@ static int restore_task_objs(struct ckpt_ctx *ctx)
* and because shared objects are restored before they are
* referenced. See comment in checkpoint_task_objs.
*/
+ ret = restore_task_creds(ctx);
+ if (ret < 0) {
+ ckpt_debug("restore_task_creds returned %d\n", ret);
+ return ret;
+ }
ret = restore_task_ns(ctx);
- if (ret < 0)
+ if (ret < 0) {
+ ckpt_debug("restore_task_ns returned %d\n", ret);
return ret;
+ }
h = ckpt_read_obj_type(ctx, sizeof(*h), CKPT_HDR_TASK_OBJS);
- if (IS_ERR(h))
+ if (IS_ERR(h)) {
+ ckpt_debug("Error fetching task obj\n");
return PTR_ERR(h);
+ }
ret = restore_obj_file_table(ctx, h->files_objref);
ckpt_debug("file_table: ret %d (%p)\n", ret, current->files);
@@ -461,6 +552,33 @@ static int restore_task_objs(struct ckpt_ctx *ctx)
return ret;
}
+static int restore_creds(struct ckpt_ctx *ctx)
+{
+ int ret;
+ const struct cred *old;
+ struct cred *rcred, *ecred;
+
+ rcred = ctx->realcred;
+ ecred = ctx->ecred;
+
+ /* commit_creds will take one ref for the eff creds, but
+ * expects us to hold a ref for the obj creds, so take a
+ * ref here */
+ get_cred(rcred);
+ ret = commit_creds(rcred);
+ if (ret)
+ return ret;
+
+ if (ecred == rcred)
+ return 0;
+
+ old = override_creds(ecred); /* override_creds otoh takes new ref */
+ put_cred(old);
+
+ ctx->realcred = ctx->ecred = NULL;
+ return 0;
+}
+
int restore_restart_block(struct ckpt_ctx *ctx)
{
struct ckpt_hdr_restart_block *h;
@@ -594,6 +712,10 @@ int restore_task(struct ckpt_ctx *ctx)
goto out;
ret = restore_task_objs(ctx);
ckpt_debug("objs %d\n", ret);
+ if (ret < 0)
+ goto out;
+ ret = restore_creds(ctx);
+ ckpt_debug("creds: ret %d\n", ret);
out:
return ret;
}
diff --git a/kernel/cred.c b/kernel/cred.c
index fbd1750..a8013c8 100644
--- a/kernel/cred.c
+++ b/kernel/cred.c
@@ -17,6 +17,7 @@
#include <linux/init_task.h>
#include <linux/security.h>
#include <linux/cn_proc.h>
+#include <linux/checkpoint.h>
#include "cred-internals.h"
#if 0
@@ -1009,3 +1010,146 @@ int cred_setfsgid(struct cred *new, gid_t gid, gid_t *old_fsgid)
}
return -EPERM;
}
+
+#ifdef CONFIG_CHECKPOINT
+static int checkpoint_cred(struct ckpt_ctx *ctx, void *ptr)
+{
+ struct cred *cred = ptr;
+ struct ckpt_hdr_cred *h;
+ int groupinfo_ref, user_ref;
+ int ret;
+
+ groupinfo_ref = checkpoint_obj(ctx, cred->group_info,
+ CKPT_OBJ_GROUPINFO);
+ if (groupinfo_ref < 0)
+ return groupinfo_ref;
+ user_ref = checkpoint_obj(ctx, cred->user, CKPT_OBJ_USER);
+ if (user_ref < 0)
+ return user_ref;
+
+ h = ckpt_hdr_get_type(ctx, sizeof(*h), CKPT_HDR_CRED);
+ if (!h)
+ return -ENOMEM;
+
+ ckpt_debug("cred uid %d fsuid %d gid %d\n", cred->uid, cred->fsuid,
+ cred->gid);
+
+ h->uid = cred->uid;
+ h->suid = cred->suid;
+ h->euid = cred->euid;
+ h->fsuid = cred->fsuid;
+
+ h->gid = cred->gid;
+ h->sgid = cred->sgid;
+ h->egid = cred->egid;
+ h->fsgid = cred->fsgid;
+
+ checkpoint_capabilities(&h->cap_s, cred);
+
+ h->user_ref = user_ref;
+ h->groupinfo_ref = groupinfo_ref;
+
+ ret = ckpt_write_obj(ctx, (struct ckpt_hdr *) h);
+ ckpt_hdr_put(ctx, h);
+
+ return ret;
+}
+
+static void *restore_cred(struct ckpt_ctx *ctx)
+{
+ struct cred *cred;
+ struct ckpt_hdr_cred *h;
+ struct user_struct *user;
+ struct group_info *groupinfo;
+ int ret = -EINVAL;
+ uid_t olduid;
+ gid_t oldgid;
+ int i;
+
+ h = ckpt_read_obj_type(ctx, sizeof(*h), CKPT_HDR_CRED);
+ if (IS_ERR(h))
+ return ERR_PTR(PTR_ERR(h));
+
+ cred = prepare_creds();
+ if (!cred)
+ goto error;
+
+
+ /* Do we care if the target user and target group were compatible?
+ * Probably. But then, we can't do any setuid without CAP_SETUID,
+ * so we must have been privileged to abuse it... */
+ groupinfo = ckpt_obj_fetch(ctx, h->groupinfo_ref, CKPT_OBJ_GROUPINFO);
+ if (IS_ERR(groupinfo))
+ goto err_putcred;
+ user = ckpt_obj_fetch(ctx, h->user_ref, CKPT_OBJ_USER);
+ if (IS_ERR(user))
+ goto err_putcred;
+
+ /*
+ * TODO: this check should go into the common helper in
+ * kernel/sys.c, and should account for user namespaces
+ */
+ if (!capable(CAP_SETGID))
+ for (i = 0; i < groupinfo->ngroups; i++) {
+ if (!in_egroup_p(GROUP_AT(groupinfo, i)))
+ goto err_putcred;
+ }
+ ret = set_groups(cred, groupinfo);
+ if (ret < 0)
+ goto err_putcred;
+ free_uid(cred->user);
+ cred->user = get_uid(user);
+ ret = cred_setresuid(cred, h->uid, h->euid, h->suid);
+ if (ret < 0)
+ goto err_putcred;
+ ret = cred_setfsuid(cred, h->fsuid, &olduid);
+ if (olduid != h->fsuid && ret < 0)
+ goto err_putcred;
+ ret = cred_setresgid(cred, h->gid, h->egid, h->sgid);
+ if (ret < 0)
+ goto err_putcred;
+ ret = cred_setfsgid(cred, h->fsgid, &oldgid);
+ if (oldgid != h->fsgid && ret < 0)
+ goto err_putcred;
+ ret = restore_capabilities(&h->cap_s, cred);
+ if (ret)
+ goto err_putcred;
+
+ ckpt_hdr_put(ctx, h);
+ return (void *) cred;
+
+err_putcred:
+ abort_creds(cred);
+error:
+ ckpt_hdr_put(ctx, h);
+ return ERR_PTR(ret);
+}
+
+static int obj_cred_grab(void *ptr)
+{
+ get_cred((struct cred *) ptr);
+ return 0;
+}
+
+static void obj_cred_drop(void *ptr, int lastref)
+{
+ put_cred((struct cred *) ptr);
+}
+
+/* struct cred */
+static const struct ckpt_obj_ops ckpt_obj_cred_ops = {
+ .obj_name = "CRED",
+ .obj_type = CKPT_OBJ_CRED,
+ .ref_drop = obj_cred_drop,
+ .ref_grab = obj_cred_grab,
+ .checkpoint = checkpoint_cred,
+ .restore = restore_cred,
+};
+
+static int __init checkpoint_register_cred(void)
+{
+ return register_checkpoint_obj(&ckpt_obj_cred_ops);
+}
+
+late_initcall(checkpoint_register_cred);
+#endif
diff --git a/kernel/groups.c b/kernel/groups.c
index 2b45b2e..185efb3 100644
--- a/kernel/groups.c
+++ b/kernel/groups.c
@@ -6,6 +6,7 @@
#include <linux/slab.h>
#include <linux/security.h>
#include <linux/syscalls.h>
+#include <linux/checkpoint.h>
#include <asm/uaccess.h>
/* init to 2 - one for init_task, one to ensure it is never freed */
@@ -286,3 +287,88 @@ int in_egroup_p(gid_t grp)
}
EXPORT_SYMBOL(in_egroup_p);
+
+#ifdef CONFIG_CHECKPOINT
+static int checkpoint_groupinfo(struct ckpt_ctx *ctx, void *ptr)
+{
+ struct group_info *g = ptr;
+ struct ckpt_hdr_groupinfo *h;
+ int ret, i, size;
+
+ size = sizeof(*h) + g->ngroups * sizeof(__u32);
+ h = ckpt_hdr_get_type(ctx, size, CKPT_HDR_GROUPINFO);
+ if (!h)
+ return -ENOMEM;
+
+ h->ngroups = g->ngroups;
+ for (i = 0; i < g->ngroups; i++)
+ h->groups[i] = GROUP_AT(g, i);
+
+ ret = ckpt_write_obj(ctx, (struct ckpt_hdr *) h);
+ ckpt_hdr_put(ctx, h);
+
+ return ret;
+}
+
+/*
+ * TODO - switch to reading in smaller blocks?
+ */
+#define MAX_GROUPINFO_SIZE (sizeof(*h)+NGROUPS_MAX*sizeof(gid_t))
+static void *restore_groupinfo(struct ckpt_ctx *ctx)
+{
+ struct group_info *g;
+ struct ckpt_hdr_groupinfo *h;
+ int i;
+
+ h = ckpt_read_buf_type(ctx, MAX_GROUPINFO_SIZE, CKPT_HDR_GROUPINFO);
+ if (IS_ERR(h))
+ return ERR_PTR(PTR_ERR(h));
+
+ g = ERR_PTR(-EINVAL);
+ if (h->ngroups > NGROUPS_MAX)
+ goto out;
+
+ for (i = 1; i < h->ngroups; i++)
+ if (h->groups[i-1] >= h->groups[i])
+ goto out;
+
+ g = groups_alloc(h->ngroups);
+ if (!g) {
+ g = ERR_PTR(-ENOMEM);
+ goto out;
+ }
+ for (i = 0; i < h->ngroups; i++)
+ GROUP_AT(g, i) = h->groups[i];
+
+out:
+ ckpt_hdr_put(ctx, h);
+ return g;
+}
+
+static int obj_groupinfo_grab(void *ptr)
+{
+ get_group_info((struct group_info *) ptr);
+ return 0;
+}
+
+static void obj_groupinfo_drop(void *ptr, int lastref)
+{
+ put_group_info((struct group_info *) ptr);
+}
+
+static const struct ckpt_obj_ops ckpt_obj_groupinfo_ops = {
+ .obj_name = "GROUPINFO",
+ .obj_type = CKPT_OBJ_GROUPINFO,
+ .ref_drop = obj_groupinfo_drop,
+ .ref_grab = obj_groupinfo_grab,
+ .checkpoint = checkpoint_groupinfo,
+ .restore = restore_groupinfo,
+};
+
+static int __init checkpoint_register_groupinfo(void)
+{
+ return register_checkpoint_obj(&ckpt_obj_groupinfo_ops);
+}
+
+late_initcall(checkpoint_register_groupinfo);
+#endif
diff --git a/kernel/user.c b/kernel/user.c
index 766467b..4d1fda6 100644
--- a/kernel/user.c
+++ b/kernel/user.c
@@ -16,6 +16,7 @@
#include <linux/interrupt.h>
#include <linux/module.h>
#include <linux/user_namespace.h>
+#include <linux/checkpoint.h>
#include "cred-internals.h"
struct user_namespace init_user_ns = {
@@ -184,6 +185,262 @@ out_unlock:
return NULL;
}
+#ifdef CONFIG_CHECKPOINT
+/*
+ * write the user struct
+ * TODO keyring will need to be dumped
+ *
+ * Here is what we're doing. Remember a task can do clone(CLONE_NEWUSER)
+ * resulting in a cloned task in a new user namespace, with uid 0 in that
+ * new user_ns. In that case, the parent's user (uid+user_ns) is the
+ * 'creator' of the new user_ns.
+ * Here, we call the user_ns of the ctx->root_task the 'root_ns'. When we
+ * checkpoint a user-struct, we must store the chain of creators. We
+ * must not do so recursively, this being the kernel. In
+ * checkpoint_write_user() we walk and record in memory the list of creators up
+ * to either the latest user_struct which has already been saved, or the
+ * root_ns. Then we walk that chain backward, writing out the user_ns and
+ * user_struct to the checkpoint image.
+ */
+#define UNSAVED_STRIDE 50
+static int do_checkpoint_user(struct ckpt_ctx *ctx, struct user_struct *u)
+{
+ struct user_namespace *ns, *root_ns;
+ struct ckpt_hdr_user_struct *h;
+ int ns_objref;
+ int ret, i, unsaved_ns_nr = 0;
+ struct user_struct *save_u;
+ struct user_struct **unsaved_creators;
+ int step = 1, size;
+
+ /* if we've already saved the userns, then life is good */
+ ns_objref = ckpt_obj_lookup(ctx, u->user_ns, CKPT_OBJ_USER_NS);
+ if (ns_objref)
+ goto write_user;
+
+ root_ns = task_cred_xxx(ctx->root_task, user)->user_ns;
+
+ if (u->user_ns == root_ns)
+ goto save_last_ns;
+
+ size = UNSAVED_STRIDE*sizeof(struct user_struct *);
+ unsaved_creators = kmalloc(size, GFP_KERNEL);
+ if (!unsaved_creators)
+ return -ENOMEM;
+ save_u = u;
+ do {
+ ns = save_u->user_ns;
+ save_u = ns->creator;
+ if (ckpt_obj_lookup(ctx, save_u, CKPT_OBJ_USER))
+ goto found;
+ unsaved_creators[unsaved_ns_nr++] = save_u;
+ if (unsaved_ns_nr == step * UNSAVED_STRIDE) {
+ step++;
+ size = step*UNSAVED_STRIDE*sizeof(struct user_struct *);
+ unsaved_creators = krealloc(unsaved_creators, size,
+ GFP_KERNEL);
+ if (!unsaved_creators)
+ return -ENOMEM;
+ }
+ } while (ns != root_ns);
+
+found:
+ for (i = unsaved_ns_nr-1; i >= 0; i--) {
+ ret = checkpoint_obj(ctx, unsaved_creators[i], CKPT_OBJ_USER);
+ if (ret < 0) {
+ kfree(unsaved_creators);
+ return ret;
+ }
+ }
+ kfree(unsaved_creators);
+
+save_last_ns:
+ ns_objref = checkpoint_obj(ctx, u->user_ns, CKPT_OBJ_USER_NS);
+ if (ns_objref < 0)
+ return ns_objref;
+
+write_user:
+ h = ckpt_hdr_get_type(ctx, sizeof(*h), CKPT_HDR_USER);
+ if (!h)
+ return -ENOMEM;
+
+ h->uid = u->uid;
+ h->userns_ref = ns_objref;
+
+ /* write out the user_struct */
+ ret = ckpt_write_obj(ctx, (struct ckpt_hdr *) h);
+ ckpt_hdr_put(ctx, h);
+
+ return ret;
+}
+
+static int checkpoint_user(struct ckpt_ctx *ctx, void *ptr)
+{
+ return do_checkpoint_user(ctx, (struct user_struct *) ptr);
+}
+
+static int may_setuid(struct user_namespace *ns, uid_t uid)
+{
+ /*
+ * this next check will one day become
+ * if capable(CAP_SETUID, ns) return 1;
+ * followed by uid_equiv(current_userns, current_uid, ns, uid)
+ * instead of just uids.
+ */
+ if (capable(CAP_SETUID))
+ return 1;
+
+ /*
+ * this may be overly strict, but since we might end up
+ * restarting a privileged program here, we do not want
+ * someone with only CAP_SYS_ADMIN but no CAP_SETUID to
+ * be able to create random userids even in a userns he
+ * created.
+ */
+ if (current_user()->user_ns != ns)
+ return 0;
+ if (current_uid() == uid ||
+ current_euid() == uid ||
+ current_suid() == uid)
+ return 1;
+ return 0;
+}
+
+static struct user_struct *do_restore_user(struct ckpt_ctx *ctx)
+{
+ struct user_struct *u;
+ struct user_namespace *ns;
+ struct ckpt_hdr_user_struct *h;
+
+ h = ckpt_read_obj_type(ctx, sizeof(*h), CKPT_HDR_USER);
+ if (IS_ERR(h))
+ return ERR_PTR(PTR_ERR(h));
+
+ ns = ckpt_obj_fetch(ctx, h->userns_ref, CKPT_OBJ_USER_NS);
+ if (IS_ERR(ns)) {
+ u = ERR_PTR(PTR_ERR(ns));
+ goto out;
+ }
+
+ if (!may_setuid(ns, h->uid)) {
+ u = ERR_PTR(-EPERM);
+ goto out;
+ }
+ u = alloc_uid(ns, h->uid);
+ if (!u)
+ u = ERR_PTR(-EINVAL);
+
+out:
+ ckpt_hdr_put(ctx, h);
+ return u;
+}
+
+static void *restore_user(struct ckpt_ctx *ctx)
+{
+ return (void *) do_restore_user(ctx);
+}
+
+static int obj_user_grab(void *ptr)
+{
+ struct user_struct *u = ptr;
+ (void) get_uid(u);
+ return 0;
+}
+
+static void obj_user_drop(void *ptr, int lastref)
+{
+ free_uid((struct user_struct *) ptr);
+}
+
+/* user object */
+static const struct ckpt_obj_ops ckpt_obj_user_ops = {
+ .obj_name = "USER",
+ .obj_type = CKPT_OBJ_USER,
+ .ref_drop = obj_user_drop,
+ .ref_grab = obj_user_grab,
+ .checkpoint = checkpoint_user,
+ .restore = restore_user,
+};
+
+#ifdef CONFIG_USER_NS
+extern int checkpoint_userns(struct ckpt_ctx *ctx, void *ptr);
+extern void *restore_userns(struct ckpt_ctx *ctx);
+#else
+/*
+ * user_ns - trivial checkpoint/restore for !CONFIG_USER_NS case
+ */
+static int checkpoint_userns(struct ckpt_ctx *ctx, void *ptr)
+{
+ struct ckpt_hdr_user_ns *h;
+ int ret;
+
+ h = ckpt_hdr_get_type(ctx, sizeof(*h), CKPT_HDR_USER_NS);
+ if (!h)
+ return -ENOMEM;
+ ret = ckpt_write_obj(ctx, (struct ckpt_hdr *) h);
+ ckpt_hdr_put(ctx, h);
+ return ret;
+}
+
+static void *restore_userns(struct ckpt_ctx *ctx)
+{
+ struct ckpt_hdr_user_ns *h;
+ struct user_namespace *ns;
+
+ /* complain if image contains multiple namespaces */
+ if (ctx->stats.user_ns)
+ return ERR_PTR(-EEXIST);
+
+ h = ckpt_read_obj_type(ctx, sizeof(*h), CKPT_HDR_USER_NS);
+ if (IS_ERR(h))
+ return ERR_PTR(PTR_ERR(h));
+
+ if (h->creator_ref)
+ ns = ERR_PTR(-EINVAL);
+ else
+ ns = get_user_ns(current_user_ns());
+
+ ctx->stats.user_ns++;
+ ckpt_hdr_put(ctx, h);
+ return ns;
+}
+#endif
+
+static int obj_userns_grab(void *ptr)
+{
+ get_user_ns((struct user_namespace *) ptr);
+ return 0;
+}
+
+static void obj_userns_drop(void *ptr, int lastref)
+{
+ put_user_ns((struct user_namespace *) ptr);
+}
+
+/* user_ns object */
+static const struct ckpt_obj_ops ckpt_obj_userns_ops = {
+ .obj_name = "USER_NS",
+ .obj_type = CKPT_OBJ_USER_NS,
+ .ref_drop = obj_userns_drop,
+ .ref_grab = obj_userns_grab,
+ .checkpoint = checkpoint_userns,
+ .restore = restore_userns,
+};
+
+static int __init checkpoint_register_userns(void)
+{
+ int ret;
+
+ ret = register_checkpoint_obj(&ckpt_obj_userns_ops);
+ if (ret < 0)
+ return ret;
+ ret = register_checkpoint_obj(&ckpt_obj_user_ops);
+ if (ret < 0)
+ return ret;
+ return 0;
+}
+#endif
+
static int __init uid_cache_init(void)
{
int n;
@@ -199,7 +456,11 @@ static int __init uid_cache_init(void)
uid_hash_insert(&root_user, uidhashentry(&init_user_ns, 0));
spin_unlock_irq(&uidhash_lock);
+#ifdef CONFIG_CHECKPOINT
+ return checkpoint_register_userns();
+#else
return 0;
+#endif
}
module_init(uid_cache_init);
diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
index e624b0f..abed3fa 100644
--- a/kernel/user_namespace.c
+++ b/kernel/user_namespace.c
@@ -9,6 +9,7 @@
#include <linux/nsproxy.h>
#include <linux/slab.h>
#include <linux/user_namespace.h>
+#include <linux/checkpoint.h>
#include <linux/cred.h>
static struct user_namespace *_new_user_ns(struct user_struct *creator,
@@ -103,3 +104,87 @@ void free_user_ns(struct kref *kref)
schedule_work(&ns->destroyer);
}
EXPORT_SYMBOL(free_user_ns);
+
+#ifdef CONFIG_CHECKPOINT
+/*
+ * do_checkpoint_userns() is only called from do_checkpoint_user().
+ * When called, we always know that either:
+ * 1. This is the root_ns (user_ns of the ctx->root_task),
+ * in which case we set h->creator_ref = 0.
+ * or
+ * 2. The creator has already been written out to the
+ * checkpoint image (and saved in the objhash)
+ */
+int checkpoint_userns(struct ckpt_ctx *ctx, void *ptr)
+{
+ struct user_namespace *ns = ptr;
+ struct ckpt_hdr_user_ns *h;
+ struct user_namespace *root_ns;
+ int creator_ref = 0;
+ int ret;
+
+ root_ns = task_cred_xxx(ctx->root_task, user)->user_ns;
+ if (ns != root_ns) {
+ creator_ref = ckpt_obj_lookup(ctx, ns->creator, CKPT_OBJ_USER);
+ if (!creator_ref)
+ return -EINVAL;
+ }
+
+ h = ckpt_hdr_get_type(ctx, sizeof(*h), CKPT_HDR_USER_NS);
+ if (!h)
+ return -ENOMEM;
+ h->creator_ref = creator_ref;
+ ret = ckpt_write_obj(ctx, (struct ckpt_hdr *) h);
+ ckpt_hdr_put(ctx, h);
+
+ return ret;
+}
+
+void *restore_userns(struct ckpt_ctx *ctx)
+{
+ struct ckpt_hdr_user_ns *h;
+ struct user_namespace *ns;
+ struct user_struct *new_root, *creator;
+
+ h = ckpt_read_obj_type(ctx, sizeof(*h), CKPT_HDR_USER_NS);
+ if (IS_ERR(h))
+ return ERR_PTR(PTR_ERR(h));
+
+ if (!h->creator_ref) {
+ ns = get_user_ns(current_user_ns());
+ goto out;
+ }
+
+ creator = ckpt_obj_fetch(ctx, h->creator_ref, CKPT_OBJ_USER);
+ if (IS_ERR(creator)) {
+ ns = ERR_PTR(-EINVAL);
+ goto out;
+ }
+
+ ns = new_user_ns(creator, &new_root);
+ if (IS_ERR(ns))
+ goto out;
+
+ /* ns only referenced from new_root, which we discard below */
+ get_user_ns(ns);
+
+ /* new_user_ns() doesn't bump creator's refcount */
+ get_uid(creator);
+
+ /*
+ * Free the new root user. If we actually needed it,
+ * then it will show up later in the checkpoint image
+ * The objhash will keep the userns pinned until then.
+ */
+ free_uid(new_root);
+out:
+ ctx->stats.user_ns++;
+ ckpt_hdr_put(ctx, h);
+ return ns;
+}
+
+/*
+ * The checkpoint ops for userns are registered from user.c in order to handle
+ * the !CONFIG_USER_NS case.
+ */
+#endif
--
1.6.3.3
^ permalink raw reply related [flat|nested] 137+ messages in thread* [PATCH v21 063/100] c/r: restore file->f_cred
2010-05-01 14:14 [PATCH v21 00/100] Kernel based checkpoint/restart Oren Laadan
` (61 preceding siblings ...)
2010-05-01 14:15 ` [PATCH v21 062/100] c/r: checkpoint and restore task credentials Oren Laadan
@ 2010-05-01 14:15 ` Oren Laadan
2010-05-01 14:15 ` [PATCH v21 064/100] c/r: checkpoint and restore (shared) task's sighand_struct Oren Laadan
` (38 subsequent siblings)
101 siblings, 0 replies; 137+ messages in thread
From: Oren Laadan @ 2010-05-01 14:15 UTC (permalink / raw)
To: Andrew Morton
Cc: containers, linux-kernel, Serge Hallyn, Matt Helsley,
Pavel Emelyanov, linux-fsdevel, David Howells
From: Serge E. Hallyn <serue@us.ibm.com>
Restore a file's f_cred. This is set to the cred of the task doing
the open, so often it will be the same as that of the restarted task.
Changelog[v1]:
- [Nathan Lynch] discard const from struct cred * where appropriate
Signed-off-by: Serge E. Hallyn <serue@us.ibm.com>
Acked-by: Oren Laadan <orenl@cs.columbia.edu>
Cc: linux-fsdevel@vger.kernel.org
Cc: David Howells <dhowells@redhat.com>
---
fs/checkpoint.c | 21 ++++++++++++++++++---
include/linux/checkpoint_hdr.h | 2 +-
2 files changed, 19 insertions(+), 4 deletions(-)
diff --git a/fs/checkpoint.c b/fs/checkpoint.c
index 874be00..783c920 100644
--- a/fs/checkpoint.c
+++ b/fs/checkpoint.c
@@ -148,14 +148,21 @@ static int scan_fds(struct files_struct *files, int **fdtable)
int checkpoint_file_common(struct ckpt_ctx *ctx, struct file *file,
struct ckpt_hdr_file *h)
{
+ struct cred *f_cred = (struct cred *) file->f_cred;
+
h->f_flags = file->f_flags;
h->f_mode = file->f_mode;
h->f_pos = file->f_pos;
h->f_version = file->f_version;
- ckpt_debug("file %s", file->f_dentry->d_name.name);
+ h->f_credref = checkpoint_obj(ctx, f_cred, CKPT_OBJ_CRED);
+ if (h->f_credref < 0)
+ return h->f_credref;
+
+ ckpt_debug("file %s credref %d", file->f_dentry->d_name.name,
+ h->f_credref);
- /* FIX: need also file->uid, file->gid, file->f_owner, etc */
+ /* FIX: need also file->f_owner, etc */
return 0;
}
@@ -516,8 +523,16 @@ int restore_file_common(struct ckpt_ctx *ctx, struct file *file,
fmode_t new_mode = file->f_mode;
fmode_t saved_mode = (__force fmode_t) h->f_mode;
int ret;
+ struct cred *cred;
+
+ /* FIX: need to restore owner etc */
- /* FIX: need to restore uid, gid, owner etc */
+ /* restore the cred */
+ cred = ckpt_obj_fetch(ctx, h->f_credref, CKPT_OBJ_CRED);
+ if (IS_ERR(cred))
+ return PTR_ERR(cred);
+ put_cred(file->f_cred);
+ file->f_cred = get_cred(cred);
/* safe to set 1st arg (fd) to 0, as command is F_SETFL */
ret = vfs_fcntl(0, F_SETFL, h->f_flags & CKPT_SETFL_MASK, file);
diff --git a/include/linux/checkpoint_hdr.h b/include/linux/checkpoint_hdr.h
index 8598eb5..261badb 100644
--- a/include/linux/checkpoint_hdr.h
+++ b/include/linux/checkpoint_hdr.h
@@ -437,7 +437,7 @@ struct ckpt_hdr_file {
__u32 f_type;
__u32 f_mode;
__u32 f_flags;
- __u32 _padding;
+ __s32 f_credref;
__u64 f_pos;
__u64 f_version;
} __attribute__((aligned(8)));
--
1.6.3.3
^ permalink raw reply related [flat|nested] 137+ messages in thread* [PATCH v21 064/100] c/r: checkpoint and restore (shared) task's sighand_struct
2010-05-01 14:14 [PATCH v21 00/100] Kernel based checkpoint/restart Oren Laadan
` (62 preceding siblings ...)
2010-05-01 14:15 ` [PATCH v21 063/100] c/r: restore file->f_cred Oren Laadan
@ 2010-05-01 14:15 ` Oren Laadan
2010-05-01 14:15 ` [PATCH v21 065/100] c/r: [signal 1/4] blocked and template for shared signals Oren Laadan
` (37 subsequent siblings)
101 siblings, 0 replies; 137+ messages in thread
From: Oren Laadan @ 2010-05-01 14:15 UTC (permalink / raw)
To: Andrew Morton
Cc: containers, linux-kernel, Serge Hallyn, Matt Helsley,
Pavel Emelyanov, Oren Laadan, Oleg Nesterov, Roland McGrath
This patch adds the checkpointing and restart of signal handling
state - 'struct sighand_struct'. Since the contents of this state
only affect userspace, no input validation is required.
Add _NSIG to kernel constants saved/tested with image header.
Number of signals (_NSIG) is arch-dependent, but is within __KERNEL__
and not visibile to userspace compile. Therefore, define per arch
CKPT_ARCH_NSIG in <asm/checkpoint_hdr.h>.
Changelog[v21]:
- Do not include checkpoint_hdr.h explicitly
- [Matt Helsley] Move the signal handler c/r code into kernel/signal.c
Changelog[v19-rc1]:
- [Matt Helsley] Add cpp definitions for enums
Changelog[v1]:
- Rename headerless struct ckpt_hdr_* to struct ckpt_*
Cc: Oleg Nesterov <oleg@redhat.com>
Cc: Roland McGrath <roland@redhat.com>
Signed-off-by: Oren Laadan <orenl@cs.columbia.edu>
Acked-by: Serge E. Hallyn <serue@us.ibm.com>
Tested-by: Serge E. Hallyn <serue@us.ibm.com>
---
arch/s390/include/asm/checkpoint_hdr.h | 8 ++
arch/x86/include/asm/checkpoint_hdr.h | 8 ++
include/linux/checkpoint.h | 6 +
include/linux/checkpoint_hdr.h | 24 +++++
kernel/checkpoint/checkpoint.c | 2 +
kernel/checkpoint/process.c | 19 ++++
kernel/checkpoint/restart.c | 3 +
kernel/signal.c | 179 ++++++++++++++++++++++++++++++++
8 files changed, 249 insertions(+), 0 deletions(-)
diff --git a/arch/s390/include/asm/checkpoint_hdr.h b/arch/s390/include/asm/checkpoint_hdr.h
index e3312c0..7d30317 100644
--- a/arch/s390/include/asm/checkpoint_hdr.h
+++ b/arch/s390/include/asm/checkpoint_hdr.h
@@ -91,6 +91,14 @@ struct ckpt_hdr_mm_context {
unsigned long asce_limit;
};
+#define CKPT_ARCH_NSIG 64
+#ifdef __KERNEL__
+#include <asm/signal.h>
+#if CKPT_ARCH_NSIG != _SIGCONTEXT_NSIG
+#error CKPT_ARCH_NSIG size is wrong (asm/sigcontext.h and asm/checkpoint_hdr.h)
+#endif
+#endif
+
struct ckpt_hdr_header_arch {
struct ckpt_hdr h;
};
diff --git a/arch/x86/include/asm/checkpoint_hdr.h b/arch/x86/include/asm/checkpoint_hdr.h
index 292bf50..44737b8 100644
--- a/arch/x86/include/asm/checkpoint_hdr.h
+++ b/arch/x86/include/asm/checkpoint_hdr.h
@@ -52,6 +52,14 @@ enum {
#define CKPT_HDR_MM_CONTEXT_LDT CKPT_HDR_MM_CONTEXT_LDT
};
+#define CKPT_ARCH_NSIG 64
+#ifdef __KERNEL__
+#include <asm/signal.h>
+#if CKPT_ARCH_NSIG != _NSIG
+#error CKPT_ARCH_NSIG size is wrong per asm/signal.h and asm/checkpoint_hdr.h
+#endif
+#endif
+
struct ckpt_hdr_header_arch {
struct ckpt_hdr h;
/* FIXME: add HAVE_HWFP */
diff --git a/include/linux/checkpoint.h b/include/linux/checkpoint.h
index 776de99..8e8cf6e 100644
--- a/include/linux/checkpoint.h
+++ b/include/linux/checkpoint.h
@@ -242,6 +242,12 @@ extern int restore_memory_contents(struct ckpt_ctx *ctx, struct inode *inode);
VM_RESERVED | VM_NORESERVE | VM_HUGETLB | VM_NONLINEAR | \
VM_MAPPED_COPY | VM_INSERTPAGE | VM_MIXEDMAP | VM_SAO)
+/* signals */
+extern int checkpoint_obj_sighand(struct ckpt_ctx *ctx, struct task_struct *t);
+extern int restore_obj_sighand(struct ckpt_ctx *ctx, int sighand_objref);
+
+extern int ckpt_collect_sighand(struct ckpt_ctx *ctx, struct task_struct *t);
+
static inline int ckpt_validate_errno(int errno)
{
return (errno >= 0) && (errno < MAX_ERRNO);
diff --git a/include/linux/checkpoint_hdr.h b/include/linux/checkpoint_hdr.h
index 261badb..2dea11e 100644
--- a/include/linux/checkpoint_hdr.h
+++ b/include/linux/checkpoint_hdr.h
@@ -136,6 +136,9 @@ enum {
CKPT_HDR_IPC_SEM,
#define CKPT_HDR_IPC_SEM CKPT_HDR_IPC_SEM
+ CKPT_HDR_SIGHAND = 601,
+#define CKPT_HDR_SIGHAND CKPT_HDR_SIGHAND
+
CKPT_HDR_TAIL = 9001,
#define CKPT_HDR_TAIL CKPT_HDR_TAIL
@@ -173,6 +176,8 @@ enum obj_type {
#define CKPT_OBJ_FILE CKPT_OBJ_FILE
CKPT_OBJ_MM,
#define CKPT_OBJ_MM CKPT_OBJ_MM
+ CKPT_OBJ_SIGHAND,
+#define CKPT_OBJ_SIGHAND CKPT_OBJ_SIGHAND
CKPT_OBJ_NS,
#define CKPT_OBJ_NS CKPT_OBJ_NS
CKPT_OBJ_UTS_NS,
@@ -197,6 +202,8 @@ struct ckpt_const {
__u16 task_comm_len;
/* mm */
__u16 at_vector_size;
+ /* signal */
+ __u16 signal_nsig;
/* uts */
__u16 uts_sysname_len;
__u16 uts_nodename_len;
@@ -370,6 +377,7 @@ struct ckpt_hdr_task_objs {
__s32 files_objref;
__s32 mm_objref;
+ __s32 sighand_objref;
} __attribute__((aligned(8)));
/* restart blocks */
@@ -511,6 +519,22 @@ struct ckpt_hdr_pgarr {
__u64 nr_pages; /* number of pages to saved */
} __attribute__((aligned(8)));
+/* signals */
+struct ckpt_sigset {
+ __u8 sigset[CKPT_ARCH_NSIG / 8];
+} __attribute__((aligned(8)));
+
+struct ckpt_sigaction {
+ __u64 _sa_handler;
+ __u64 sa_flags;
+ __u64 sa_restorer;
+ struct ckpt_sigset sa_mask;
+} __attribute__((aligned(8)));
+
+struct ckpt_hdr_sighand {
+ struct ckpt_hdr h;
+ struct ckpt_sigaction action[0];
+} __attribute__((aligned(8)));
/* ipc commons */
struct ckpt_hdr_ipcns {
diff --git a/kernel/checkpoint/checkpoint.c b/kernel/checkpoint/checkpoint.c
index 9743866..d75f753 100644
--- a/kernel/checkpoint/checkpoint.c
+++ b/kernel/checkpoint/checkpoint.c
@@ -114,6 +114,8 @@ static void fill_kernel_const(struct ckpt_const *h)
h->task_comm_len = sizeof(tsk->comm);
/* mm->saved_auxv size */
h->at_vector_size = AT_VECTOR_SIZE;
+ /* signal */
+ h->signal_nsig = _NSIG;
/* uts */
h->uts_sysname_len = sizeof(uts->sysname);
h->uts_nodename_len = sizeof(uts->nodename);
diff --git a/kernel/checkpoint/process.c b/kernel/checkpoint/process.c
index 4bc76e0..5927b7b 100644
--- a/kernel/checkpoint/process.c
+++ b/kernel/checkpoint/process.c
@@ -180,6 +180,7 @@ static int checkpoint_task_objs(struct ckpt_ctx *ctx, struct task_struct *t)
struct ckpt_hdr_task_objs *h;
int files_objref;
int mm_objref;
+ int sighand_objref;
int ret;
/*
@@ -218,11 +219,19 @@ static int checkpoint_task_objs(struct ckpt_ctx *ctx, struct task_struct *t)
return mm_objref;
}
+ sighand_objref = checkpoint_obj_sighand(ctx, t);
+ ckpt_debug("sighand: objref %d\n", sighand_objref);
+ if (sighand_objref < 0) {
+ ckpt_err(ctx, sighand_objref, "%(T)sighand_struct\n");
+ return sighand_objref;
+ }
+
h = ckpt_hdr_get_type(ctx, sizeof(*h), CKPT_HDR_TASK_OBJS);
if (!h)
return -ENOMEM;
h->files_objref = files_objref;
h->mm_objref = mm_objref;
+ h->sighand_objref = sighand_objref;
ret = ckpt_write_obj(ctx, &h->h);
ckpt_hdr_put(ctx, h);
@@ -385,6 +394,9 @@ int ckpt_collect_task(struct ckpt_ctx *ctx, struct task_struct *t)
if (ret < 0)
return ret;
ret = ckpt_collect_mm(ctx, t);
+ if (ret < 0)
+ return ret;
+ ret = ckpt_collect_sighand(ctx, t);
return ret;
}
@@ -544,10 +556,17 @@ static int restore_task_objs(struct ckpt_ctx *ctx)
ret = restore_obj_file_table(ctx, h->files_objref);
ckpt_debug("file_table: ret %d (%p)\n", ret, current->files);
+ if (ret < 0)
+ goto out;
ret = restore_obj_mm(ctx, h->mm_objref);
ckpt_debug("mm: ret %d (%p)\n", ret, current->mm);
+ if (ret < 0)
+ goto out;
+ ret = restore_obj_sighand(ctx, h->sighand_objref);
+ ckpt_debug("sighand: ret %d (%p)\n", ret, current->sighand);
+ out:
ckpt_hdr_put(ctx, h);
return ret;
}
diff --git a/kernel/checkpoint/restart.c b/kernel/checkpoint/restart.c
index a511fda..c9a667d 100644
--- a/kernel/checkpoint/restart.c
+++ b/kernel/checkpoint/restart.c
@@ -569,6 +569,9 @@ static int check_kernel_const(struct ckpt_const *h)
/* mm->saved_auxv size */
if (h->at_vector_size != AT_VECTOR_SIZE)
return -EINVAL;
+ /* signal */
+ if (h->signal_nsig != _NSIG)
+ return -EINVAL;
/* uts */
if (h->uts_sysname_len != sizeof(uts->sysname))
return -EINVAL;
diff --git a/kernel/signal.c b/kernel/signal.c
index be447c8..fdd760a 100644
--- a/kernel/signal.c
+++ b/kernel/signal.c
@@ -30,6 +30,9 @@
#include <linux/nsproxy.h>
#define CREATE_TRACE_POINTS
#include <trace/events/signal.h>
+#define CKPT_DFLAG CKPT_DSYS
+#include <linux/errno.h>
+#include <linux/checkpoint.h>
#include <asm/param.h>
#include <asm/uaccess.h>
@@ -2735,7 +2738,183 @@ __attribute__((weak)) const char *arch_vma_name(struct vm_area_struct *vma)
return NULL;
}
+#ifdef CONFIG_CHECKPOINT
+static inline void fill_sigset(struct ckpt_sigset *h, sigset_t *sigset)
+{
+ memcpy(&h->sigset, sigset, sizeof(*sigset));
+}
+
+static inline void load_sigset(sigset_t *sigset, struct ckpt_sigset *h)
+{
+ memcpy(sigset, &h->sigset, sizeof(*sigset));
+}
+
+/***********************************************************************
+ * sighand checkpoint/collect/restart
+ */
+
+static int checkpoint_sighand(struct ckpt_ctx *ctx, void *ptr)
+{
+ struct sighand_struct *sighand = ptr;
+ struct ckpt_hdr_sighand *h;
+ struct ckpt_sigaction *hh;
+ struct sigaction *sa;
+ int i, ret;
+
+ h = ckpt_hdr_get_type(ctx, _NSIG * sizeof(*hh) + sizeof(*h),
+ CKPT_HDR_SIGHAND);
+ if (!h)
+ return -ENOMEM;
+
+ hh = h->action;
+ spin_lock_irq(&sighand->siglock);
+ for (i = 0; i < _NSIG; i++) {
+ sa = &sighand->action[i].sa;
+ hh[i]._sa_handler = (unsigned long) sa->sa_handler;
+ hh[i].sa_flags = sa->sa_flags;
+ hh[i].sa_restorer = (unsigned long) sa->sa_restorer;
+ fill_sigset(&hh[i].sa_mask, &sa->sa_mask);
+ }
+ spin_unlock_irq(&sighand->siglock);
+
+ ret = ckpt_write_obj(ctx, &h->h);
+ ckpt_hdr_put(ctx, h);
+
+ return ret;
+}
+
+int checkpoint_obj_sighand(struct ckpt_ctx *ctx, struct task_struct *t)
+{
+ struct sighand_struct *sighand;
+ int objref;
+
+ read_lock(&tasklist_lock);
+ sighand = rcu_dereference(t->sighand);
+ atomic_inc(&sighand->count);
+ read_unlock(&tasklist_lock);
+
+ objref = checkpoint_obj(ctx, sighand, CKPT_OBJ_SIGHAND);
+ __cleanup_sighand(sighand);
+
+ return objref;
+}
+
+int ckpt_collect_sighand(struct ckpt_ctx *ctx, struct task_struct *t)
+{
+ struct sighand_struct *sighand;
+ int ret;
+
+ read_lock(&tasklist_lock);
+ sighand = rcu_dereference(t->sighand);
+ atomic_inc(&sighand->count);
+ read_unlock(&tasklist_lock);
+
+ ret = ckpt_obj_collect(ctx, sighand, CKPT_OBJ_SIGHAND);
+ __cleanup_sighand(sighand);
+
+ return ret;
+}
+
+static void *restore_sighand(struct ckpt_ctx *ctx)
+{
+ struct ckpt_hdr_sighand *h;
+ struct ckpt_sigaction *hh;
+ struct sighand_struct *sighand;
+ struct sigaction *sa;
+ int i;
+
+ h = ckpt_read_obj_type(ctx, _NSIG * sizeof(*hh) + sizeof(*h),
+ CKPT_HDR_SIGHAND);
+ if (IS_ERR(h))
+ return ERR_PTR(PTR_ERR(h));
+
+ sighand = kmem_cache_alloc(sighand_cachep, GFP_KERNEL);
+ if (!sighand) {
+ sighand = ERR_PTR(-ENOMEM);
+ goto out;
+ }
+ atomic_set(&sighand->count, 1);
+
+ hh = h->action;
+ for (i = 0; i < _NSIG; i++) {
+ sa = &sighand->action[i].sa;
+ sa->sa_handler = (void *) (unsigned long) hh[i]._sa_handler;
+ sa->sa_flags = hh[i].sa_flags;
+ sa->sa_restorer = (void *) (unsigned long) hh[i].sa_restorer;
+ load_sigset(&sa->sa_mask, &hh[i].sa_mask);
+ }
+ out:
+ ckpt_hdr_put(ctx, h);
+ return (void *) sighand;
+}
+
+int restore_obj_sighand(struct ckpt_ctx *ctx, int sighand_objref)
+{
+ struct sighand_struct *sighand;
+ struct sighand_struct *old_sighand;
+
+ sighand = ckpt_obj_fetch(ctx, sighand_objref, CKPT_OBJ_SIGHAND);
+ if (IS_ERR(sighand))
+ return PTR_ERR(sighand);
+
+ if (sighand == current->sighand)
+ return 0;
+
+ atomic_inc(&sighand->count);
+
+ /* manipulate tsk->sighand with tasklist lock write-held */
+ write_lock_irq(&tasklist_lock);
+ old_sighand = rcu_dereference(current->sighand);
+ spin_lock(&old_sighand->siglock);
+ rcu_assign_pointer(current->sighand, sighand);
+ spin_unlock(&old_sighand->siglock);
+ write_unlock_irq(&tasklist_lock);
+ __cleanup_sighand(old_sighand);
+
+ return 0;
+}
+
+/*
+ * signal-related checkpoint objects
+ */
+
+static int obj_sighand_grab(void *ptr)
+{
+ atomic_inc(&((struct sighand_struct *) ptr)->count);
+ return 0;
+}
+
+static void obj_sighand_drop(void *ptr, int lastref)
+{
+ __cleanup_sighand((struct sighand_struct *) ptr);
+}
+
+static int obj_sighand_users(void *ptr)
+{
+ return atomic_read(&((struct sighand_struct *) ptr)->count);
+}
+
+/* sighand object */
+static const struct ckpt_obj_ops ckpt_obj_sighand_ops = {
+ .obj_name = "SIGHAND",
+ .obj_type = CKPT_OBJ_SIGHAND,
+ .ref_drop = obj_sighand_drop,
+ .ref_grab = obj_sighand_grab,
+ .ref_users = obj_sighand_users,
+ .checkpoint = checkpoint_sighand,
+ .restore = restore_sighand,
+};
+
+static int __init checkpoint_register_signal(void)
+{
+ return register_checkpoint_obj(&ckpt_obj_sighand_ops);
+}
+#endif /* CONFIG_CHECKPOINT */
+
void __init signals_init(void)
{
sigqueue_cachep = KMEM_CACHE(sigqueue, SLAB_PANIC);
+#ifdef CONFIG_CHECKPOINT
+ checkpoint_register_signal();
+#endif
}
--
1.6.3.3
^ permalink raw reply related [flat|nested] 137+ messages in thread* [PATCH v21 065/100] c/r: [signal 1/4] blocked and template for shared signals
2010-05-01 14:14 [PATCH v21 00/100] Kernel based checkpoint/restart Oren Laadan
` (63 preceding siblings ...)
2010-05-01 14:15 ` [PATCH v21 064/100] c/r: checkpoint and restore (shared) task's sighand_struct Oren Laadan
@ 2010-05-01 14:15 ` Oren Laadan
2010-05-01 14:15 ` [PATCH v21 066/100] c/r: [signal 2/4] checkpoint/restart of rlimit Oren Laadan
` (36 subsequent siblings)
101 siblings, 0 replies; 137+ messages in thread
From: Oren Laadan @ 2010-05-01 14:15 UTC (permalink / raw)
To: Andrew Morton
Cc: containers, linux-kernel, Serge Hallyn, Matt Helsley,
Pavel Emelyanov, Oren Laadan, Oleg Nesterov, Roland McGrath
This patch adds checkpoint/restart of blocked signals mask
(t->blocked) and a template for shared signals (t->signal).
Because t->signal sharing is tied to threads, we ensure proper sharing
of t->signal (struct signal_struct) for threads only.
Access to t->signal is protected by locking t->sighand->lock.
Therefore, the usual checkpoint_obj() invoking the callback
checkpoint_signal(ctx, signal) is insufficient because the task
pointer is unavailable.
Instead, handling of t->signal sharing is explicit using helpers
like ckpt_obj_lookup_add(), ckpt_obj_fetch() and ckpt_obj_insert().
The actual state is saved (if needed) _after_ the task_objs data.
To prevent tasks from handling restored signals during restart,
set their mask to block all signals and only restore the original
mask at the very end (before the last sync point).
Introduce per-task pointer 'ckpt_data' to temporary store data
for restore actions that are deferred to the end (like restoring
the signal block mask).
Changelog [ckpt-v19]:
- Use task->saves_sigmask and drop task->checkpoint_data
- [Serge Hallyn] Handle saved_sigmask at checkpoint
Changelog [ckpt-v19-rc1]:
- Defer restore of blocked signals mask during restart
- [Matt Helsley] Add cpp definitions for enums
Cc: Oleg Nesterov <oleg@redhat.com>
Cc: Roland McGrath <roland@redhat.com>
Signed-off-by: Oren Laadan <orenl@cs.columbia.edu>
Acked-by: Louis Rilling <Louis.Rilling@kerlabs.com>
Acked-by: Serge E. Hallyn <serue@us.ibm.com>
Tested-by: Serge E. Hallyn <serue@us.ibm.com>
---
arch/s390/kernel/signal.c | 5 ++
arch/x86/kernel/signal.c | 5 ++
include/linux/checkpoint.h | 8 +++
include/linux/checkpoint_hdr.h | 16 +++++
include/linux/signal.h | 3 +
kernel/checkpoint/process.c | 71 ++++++++++++++++++++++-
kernel/checkpoint/restart.c | 13 ++++
kernel/fork.c | 3 +
kernel/signal.c | 124 +++++++++++++++++++++++++++++++++++++++-
9 files changed, 246 insertions(+), 2 deletions(-)
diff --git a/arch/s390/kernel/signal.c b/arch/s390/kernel/signal.c
index 83425b1..41e03d3 100644
--- a/arch/s390/kernel/signal.c
+++ b/arch/s390/kernel/signal.c
@@ -540,6 +540,11 @@ void do_signal(struct pt_regs *regs)
}
}
+int task_has_saved_sigmask(struct task_struct *task)
+{
+ return !!(test_tsk_thread_flag(task, TIF_RESTORE_SIGMASK));
+}
+
void do_notify_resume(struct pt_regs *regs)
{
clear_thread_flag(TIF_NOTIFY_RESUME);
diff --git a/arch/x86/kernel/signal.c b/arch/x86/kernel/signal.c
index 4fd173c..eb63d59 100644
--- a/arch/x86/kernel/signal.c
+++ b/arch/x86/kernel/signal.c
@@ -831,6 +831,11 @@ static void do_signal(struct pt_regs *regs)
}
}
+int task_has_saved_sigmask(struct task_struct *task)
+{
+ return !!(task_thread_info(task)->status & TS_RESTORE_SIGMASK);
+}
+
/*
* notification of userspace execution resumption
* - triggered by the TIF_WORK_MASK flags
diff --git a/include/linux/checkpoint.h b/include/linux/checkpoint.h
index 8e8cf6e..92a0df0 100644
--- a/include/linux/checkpoint.h
+++ b/include/linux/checkpoint.h
@@ -154,6 +154,8 @@ extern int ckpt_activate_next(struct ckpt_ctx *ctx);
extern int ckpt_collect_task(struct ckpt_ctx *ctx, struct task_struct *t);
extern int checkpoint_task(struct ckpt_ctx *ctx, struct task_struct *t);
extern int restore_task(struct ckpt_ctx *ctx);
+extern int pre_restore_task(void);
+extern void post_restore_task(void);
/* arch hooks */
extern int checkpoint_write_header_arch(struct ckpt_ctx *ctx);
@@ -248,6 +250,12 @@ extern int restore_obj_sighand(struct ckpt_ctx *ctx, int sighand_objref);
extern int ckpt_collect_sighand(struct ckpt_ctx *ctx, struct task_struct *t);
+extern int checkpoint_obj_signal(struct ckpt_ctx *ctx, struct task_struct *t);
+extern int restore_obj_signal(struct ckpt_ctx *ctx, int signal_objref);
+
+extern int checkpoint_task_signal(struct ckpt_ctx *ctx, struct task_struct *t);
+extern int restore_task_signal(struct ckpt_ctx *ctx);
+
static inline int ckpt_validate_errno(int errno)
{
return (errno >= 0) && (errno < MAX_ERRNO);
diff --git a/include/linux/checkpoint_hdr.h b/include/linux/checkpoint_hdr.h
index 2dea11e..19c778b 100644
--- a/include/linux/checkpoint_hdr.h
+++ b/include/linux/checkpoint_hdr.h
@@ -138,6 +138,10 @@ enum {
CKPT_HDR_SIGHAND = 601,
#define CKPT_HDR_SIGHAND CKPT_HDR_SIGHAND
+ CKPT_HDR_SIGNAL,
+#define CKPT_HDR_SIGNAL CKPT_HDR_SIGNAL
+ CKPT_HDR_SIGNAL_TASK,
+#define CKPT_HDR_SIGNAL_TASK CKPT_HDR_SIGNAL_TASK
CKPT_HDR_TAIL = 9001,
#define CKPT_HDR_TAIL CKPT_HDR_TAIL
@@ -178,6 +182,8 @@ enum obj_type {
#define CKPT_OBJ_MM CKPT_OBJ_MM
CKPT_OBJ_SIGHAND,
#define CKPT_OBJ_SIGHAND CKPT_OBJ_SIGHAND
+ CKPT_OBJ_SIGNAL,
+#define CKPT_OBJ_SIGNAL CKPT_OBJ_SIGNAL
CKPT_OBJ_NS,
#define CKPT_OBJ_NS CKPT_OBJ_NS
CKPT_OBJ_UTS_NS,
@@ -378,6 +384,7 @@ struct ckpt_hdr_task_objs {
__s32 files_objref;
__s32 mm_objref;
__s32 sighand_objref;
+ __s32 signal_objref;
} __attribute__((aligned(8)));
/* restart blocks */
@@ -536,6 +543,15 @@ struct ckpt_hdr_sighand {
struct ckpt_sigaction action[0];
} __attribute__((aligned(8)));
+struct ckpt_hdr_signal {
+ struct ckpt_hdr h;
+} __attribute__((aligned(8)));
+
+struct ckpt_hdr_signal_task {
+ struct ckpt_hdr h;
+ struct ckpt_sigset blocked;
+} __attribute__((aligned(8)));
+
/* ipc commons */
struct ckpt_hdr_ipcns {
struct ckpt_hdr h;
diff --git a/include/linux/signal.h b/include/linux/signal.h
index fcd2b14..031784c 100644
--- a/include/linux/signal.h
+++ b/include/linux/signal.h
@@ -378,6 +378,9 @@ int unhandled_signal(struct task_struct *tsk, int sig);
void signals_init(void);
+/* [arch] checkpoint: should saved_sigmask be used in place of blocked */
+int task_has_saved_sigmask(struct task_struct *task);
+
#endif /* __KERNEL__ */
#endif /* _LINUX_SIGNAL_H */
diff --git a/kernel/checkpoint/process.c b/kernel/checkpoint/process.c
index 5927b7b..8cb88ae 100644
--- a/kernel/checkpoint/process.c
+++ b/kernel/checkpoint/process.c
@@ -181,7 +181,8 @@ static int checkpoint_task_objs(struct ckpt_ctx *ctx, struct task_struct *t)
int files_objref;
int mm_objref;
int sighand_objref;
- int ret;
+ int signal_objref;
+ int first, ret;
/*
* Shared objects may have dependencies among them: task->mm
@@ -226,14 +227,38 @@ static int checkpoint_task_objs(struct ckpt_ctx *ctx, struct task_struct *t)
return sighand_objref;
}
+ /*
+ * Handle t->signal differently because the checkpoint method
+ * for t->signal needs access to owning task_struct to access
+ * t->sighand (to lock/unlock). First explicitly determine if
+ * need to save, and only below invoke checkpoint_obj_signal()
+ * if needed.
+ */
+ signal_objref = ckpt_obj_lookup_add(ctx, t->signal,
+ CKPT_OBJ_SIGNAL, &first);
+ ckpt_debug("signal: objref %d\n", signal_objref);
+ if (signal_objref < 0) {
+ ckpt_err(ctx, signal_objref, "%(T)process signals\n");
+ return signal_objref;
+ }
+
h = ckpt_hdr_get_type(ctx, sizeof(*h), CKPT_HDR_TASK_OBJS);
if (!h)
return -ENOMEM;
h->files_objref = files_objref;
h->mm_objref = mm_objref;
h->sighand_objref = sighand_objref;
+ h->signal_objref = signal_objref;
ret = ckpt_write_obj(ctx, &h->h);
ckpt_hdr_put(ctx, h);
+ if (ret < 0)
+ return ret;
+
+ /* actually save t->signal, if need to */
+ if (first)
+ ret = checkpoint_obj_signal(ctx, t);
+ if (ret < 0)
+ ckpt_err(ctx, ret, "%(T)signal_struct\n");
return ret;
}
@@ -378,6 +403,10 @@ int checkpoint_task(struct ckpt_ctx *ctx, struct task_struct *t)
goto out;
ret = checkpoint_task_objs(ctx, t);
ckpt_debug("objs %d\n", ret);
+ if (ret < 0)
+ goto out;
+ ret = checkpoint_task_signal(ctx, t);
+ ckpt_debug("task-signal %d\n", ret);
out:
ctx->tsk = NULL;
return ret;
@@ -566,6 +595,11 @@ static int restore_task_objs(struct ckpt_ctx *ctx)
ret = restore_obj_sighand(ctx, h->sighand_objref);
ckpt_debug("sighand: ret %d (%p)\n", ret, current->sighand);
+ if (ret < 0)
+ goto out;
+
+ ret = restore_obj_signal(ctx, h->signal_objref);
+ ckpt_debug("signal: ret %d (%p)\n", ret, current->signal);
out:
ckpt_hdr_put(ctx, h);
return ret;
@@ -703,6 +737,37 @@ int restore_restart_block(struct ckpt_ctx *ctx)
return ret;
}
+/* prepare the task for restore */
+int pre_restore_task(void)
+{
+ sigset_t sigset;
+
+ /*
+ * Block task's signals to avoid interruptions due to signals,
+ * say, from restored timers, file descriptors etc. Signals
+ * will be unblocked when restore completes.
+ *
+ * NOTE: tasks with file descriptors set to send a SIGKILL as
+ * i/o notification may fail the restart if a signal occurs
+ * before that task completed its restore. FIX ?
+ */
+ current->saved_sigmask = current->blocked;
+
+ sigfillset(&sigset);
+ sigdelset(&sigset, SIGKILL);
+ sigdelset(&sigset, SIGSTOP);
+ sigprocmask(SIG_SETMASK, &sigset, NULL);
+
+ return 0;
+}
+
+/* finish up task restore */
+void post_restore_task(void)
+{
+ /* only now is it safe to unblock the restored task's signals */
+ sigprocmask(SIG_SETMASK, ¤t->saved_sigmask, NULL);
+}
+
/* read the entire state of the current task */
int restore_task(struct ckpt_ctx *ctx)
{
@@ -735,6 +800,10 @@ int restore_task(struct ckpt_ctx *ctx)
goto out;
ret = restore_creds(ctx);
ckpt_debug("creds: ret %d\n", ret);
+ if (ret < 0)
+ goto out;
+ ret = restore_task_signal(ctx);
+ ckpt_debug("signal: ret %d\n", ret);
out:
return ret;
}
diff --git a/kernel/checkpoint/restart.c b/kernel/checkpoint/restart.c
index c9a667d..92d3e00 100644
--- a/kernel/checkpoint/restart.c
+++ b/kernel/checkpoint/restart.c
@@ -935,6 +935,10 @@ static int do_restore_task(void)
restore_debug_running(ctx);
+ ret = pre_restore_task();
+ if (ret < 0)
+ goto out;
+
zombie = restore_task(ctx);
if (zombie < 0) {
ret = zombie;
@@ -948,6 +952,7 @@ static int do_restore_task(void)
*/
if (zombie) {
restore_debug_exit(ctx);
+ post_restore_task();
ckpt_ctx_put(ctx);
do_exit(current->exit_code);
}
@@ -959,6 +964,7 @@ static int do_restore_task(void)
if (ret < 0)
ckpt_err(ctx, ret, "task restart failed\n");
+ post_restore_task();
current->flags &= ~PF_RESTARTING;
clear_task_ctx(current);
ckpt_ctx_put(ctx);
@@ -1166,6 +1172,10 @@ static int do_restore_coord(struct ckpt_ctx *ctx, pid_t pid)
*/
if (ctx->uflags & RESTART_TASKSELF) {
+ ret = pre_restore_task();
+ ckpt_debug("pre restore task: %d\n", ret);
+ if (ret < 0)
+ goto out;
ret = restore_task(ctx);
ckpt_debug("restore task: %d\n", ret);
if (ret < 0)
@@ -1198,6 +1208,9 @@ static int do_restore_coord(struct ckpt_ctx *ctx, pid_t pid)
ckpt_debug("freezing restart tasks ... %d\n", ret);
}
out:
+ if (ctx->uflags & RESTART_TASKSELF)
+ post_restore_task();
+
restore_debug_error(ctx, ret);
if (ret < 0)
ckpt_err(ctx, ret, "restart failed (coordinator)\n");
diff --git a/kernel/fork.c b/kernel/fork.c
index 5d88ee6..86ced8c 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -887,6 +887,9 @@ static int copy_signal(unsigned long clone_flags, struct task_struct *tsk)
sig->oom_adj = current->signal->oom_adj;
+#ifdef CONFIG_CHECKPOINT
+ atomic_set(&sig->restart_count, 0);
+#endif
return 0;
}
diff --git a/kernel/signal.c b/kernel/signal.c
index fdd760a..0e71eee 100644
--- a/kernel/signal.c
+++ b/kernel/signal.c
@@ -2905,9 +2905,131 @@ static const struct ckpt_obj_ops ckpt_obj_sighand_ops = {
.restore = restore_sighand,
};
+
+/***********************************************************************
+ * signal checkpoint/restart
+ */
+
+static int checkpoint_signal(struct ckpt_ctx *ctx, struct task_struct *t)
+{
+ struct ckpt_hdr_signal *h;
+ int ret;
+
+ h = ckpt_hdr_get_type(ctx, sizeof(*h), CKPT_HDR_SIGNAL);
+ if (!h)
+ return -ENOMEM;
+
+ /* fill in later */
+
+ ret = ckpt_write_obj(ctx, &h->h);
+ ckpt_hdr_put(ctx, h);
+ return ret;
+}
+
+int checkpoint_obj_signal(struct ckpt_ctx *ctx, struct task_struct *t)
+{
+ BUG_ON(t->flags & PF_EXITING);
+ return checkpoint_signal(ctx, t);
+}
+
+static int restore_signal(struct ckpt_ctx *ctx)
+{
+ struct ckpt_hdr_signal *h;
+
+ h = ckpt_read_obj_type(ctx, sizeof(*h), CKPT_HDR_SIGNAL);
+ if (IS_ERR(h))
+ return PTR_ERR(h);
+
+ /* fill in later */
+
+ ckpt_hdr_put(ctx, h);
+ return 0;
+}
+
+int restore_obj_signal(struct ckpt_ctx *ctx, int signal_objref)
+{
+ struct signal_struct *signal;
+ int ret = 0;
+
+ signal = ckpt_obj_fetch(ctx, signal_objref, CKPT_OBJ_SIGNAL);
+ if (!IS_ERR(signal)) {
+ /*
+ * signal_struct is already shared properly as it is
+ * tied to thread groups. Since thread relationships
+ * are already restore now, t->signal must match.
+ */
+ if (signal != current->signal)
+ ret = -EINVAL;
+ } else if (PTR_ERR(signal) == -EINVAL) {
+ /* first timer: add to hash and restore our t->signal */
+ ret = ckpt_obj_insert(ctx, current->signal,
+ signal_objref, CKPT_OBJ_SIGNAL);
+ if (ret >= 0)
+ ret = restore_signal(ctx);
+ } else {
+ ret = PTR_ERR(signal);
+ }
+
+ return ret;
+}
+
+int checkpoint_task_signal(struct ckpt_ctx *ctx, struct task_struct *t)
+{
+ struct ckpt_hdr_signal_task *h;
+ int ret;
+
+ h = ckpt_hdr_get_type(ctx, sizeof(*h), CKPT_HDR_SIGNAL_TASK);
+ if (!h)
+ return -ENOMEM;
+
+ if (task_has_saved_sigmask(t))
+ fill_sigset(&h->blocked, &t->saved_sigmask);
+ else
+ fill_sigset(&h->blocked, &t->blocked);
+
+ ret = ckpt_write_obj(ctx, &h->h);
+ ckpt_hdr_put(ctx, h);
+ return ret;
+}
+
+int restore_task_signal(struct ckpt_ctx *ctx)
+{
+ struct ckpt_hdr_signal_task *h;
+ sigset_t blocked;
+
+ h = ckpt_read_obj_type(ctx, sizeof(*h), CKPT_HDR_SIGNAL_TASK);
+ if (IS_ERR(h))
+ return PTR_ERR(h);
+
+ load_sigset(&blocked, &h->blocked);
+ /* silently remove SIGKILL, SIGSTOP */
+ sigdelset(&blocked, SIGKILL);
+ sigdelset(&blocked, SIGSTOP);
+
+ /*
+ * Unblocking signals now may affect us in wait_task_sync().
+ * Instead, save blocked mask in current->saved_sigmaks for
+ * post_restore_task().
+ */
+ current->saved_sigmask = blocked;
+
+ ckpt_hdr_put(ctx, h);
+ return 0;
+}
+
+static const struct ckpt_obj_ops ckpt_obj_signal_ops = {
+ .obj_name = "SIGNAL",
+ .obj_type = CKPT_OBJ_SIGNAL,
+};
+
static int __init checkpoint_register_signal(void)
{
- return register_checkpoint_obj(&ckpt_obj_sighand_ops);
+ int ret;
+
+ ret = register_checkpoint_obj(&ckpt_obj_sighand_ops);
+ if (ret < 0)
+ return ret;
+ return register_checkpoint_obj(&ckpt_obj_signal_ops);
}
#endif /* CONFIG_CHECKPOINT */
--
1.6.3.3
^ permalink raw reply related [flat|nested] 137+ messages in thread* [PATCH v21 066/100] c/r: [signal 2/4] checkpoint/restart of rlimit
2010-05-01 14:14 [PATCH v21 00/100] Kernel based checkpoint/restart Oren Laadan
` (64 preceding siblings ...)
2010-05-01 14:15 ` [PATCH v21 065/100] c/r: [signal 1/4] blocked and template for shared signals Oren Laadan
@ 2010-05-01 14:15 ` Oren Laadan
2010-05-01 14:15 ` [PATCH v21 067/100] c/r: [signal 3/4] pending signals (private, shared) Oren Laadan
` (35 subsequent siblings)
101 siblings, 0 replies; 137+ messages in thread
From: Oren Laadan @ 2010-05-01 14:15 UTC (permalink / raw)
To: Andrew Morton
Cc: containers, linux-kernel, Serge Hallyn, Matt Helsley,
Pavel Emelyanov, Oren Laadan, Oleg Nesterov, Roland McGrath
This patch adds checkpoint and restart of rlimit information
that is part of shared signal_struct.
Changelog[v21]:
- [Matt Helsley] Move the signal c/r changes to kernel/signal.c
Remove the "out" label in restore_signal(). It won't be
used until a subsequent patch.
Changelog[v19-rc3]:
- Rebase to kernel 2.6.33
Cc: Oleg Nesterov <oleg@redhat.com>
Cc: Roland McGrath <roland@redhat.com>
Signed-off-by: Oren Laadan <orenl@cs.columbia.edu>
Acked-by: Louis Rilling <Louis.Rilling@kerlabs.com>
Acked-by: Serge E. Hallyn <serue@us.ibm.com>
Tested-by: Serge E. Hallyn <serue@us.ibm.com>
---
include/linux/checkpoint_hdr.h | 17 +++++++++++++++++
include/linux/resource.h | 1 +
kernel/checkpoint/checkpoint.c | 2 ++
kernel/checkpoint/restart.c | 3 +++
kernel/signal.c | 28 +++++++++++++++++++++++-----
kernel/sys.c | 36 +++++++++++++++++++++++-------------
6 files changed, 69 insertions(+), 18 deletions(-)
diff --git a/include/linux/checkpoint_hdr.h b/include/linux/checkpoint_hdr.h
index 19c778b..0320bfa 100644
--- a/include/linux/checkpoint_hdr.h
+++ b/include/linux/checkpoint_hdr.h
@@ -217,6 +217,8 @@ struct ckpt_const {
__u16 uts_version_len;
__u16 uts_machine_len;
__u16 uts_domainname_len;
+ /* rlimit */
+ __u16 rlimit_nlimits;
} __attribute__((aligned(8)));
/* checkpoint image header */
@@ -543,8 +545,23 @@ struct ckpt_hdr_sighand {
struct ckpt_sigaction action[0];
} __attribute__((aligned(8)));
+struct ckpt_rlimit {
+ __u64 rlim_cur;
+ __u64 rlim_max;
+} __attribute__((aligned(8)));
+
+/* cannot include <linux/resource.h> from userspace, so define: */
+#define CKPT_RLIM_NLIMITS 16
+#ifdef __KERNEL__
+#include <linux/resource.h>
+#if CKPT_RLIM_NLIMITS != RLIM_NLIMITS
+#error CKPT_RLIM_NLIMIT size is wrong per asm-generic/resource.h
+#endif
+#endif
+
struct ckpt_hdr_signal {
struct ckpt_hdr h;
+ struct ckpt_rlimit rlim[CKPT_RLIM_NLIMITS];
} __attribute__((aligned(8)));
struct ckpt_hdr_signal_task {
diff --git a/include/linux/resource.h b/include/linux/resource.h
index f1e914e..35f6163 100644
--- a/include/linux/resource.h
+++ b/include/linux/resource.h
@@ -73,6 +73,7 @@ struct rlimit {
struct task_struct;
int getrusage(struct task_struct *p, int who, struct rusage __user *ru);
+int do_setrlimit(unsigned int resource, struct rlimit *rlim);
#endif /* __KERNEL__ */
diff --git a/kernel/checkpoint/checkpoint.c b/kernel/checkpoint/checkpoint.c
index d75f753..f72458d 100644
--- a/kernel/checkpoint/checkpoint.c
+++ b/kernel/checkpoint/checkpoint.c
@@ -123,6 +123,8 @@ static void fill_kernel_const(struct ckpt_const *h)
h->uts_version_len = sizeof(uts->version);
h->uts_machine_len = sizeof(uts->machine);
h->uts_domainname_len = sizeof(uts->domainname);
+ /* rlimit */
+ h->rlimit_nlimits = RLIM_NLIMITS;
}
/* write the checkpoint header */
diff --git a/kernel/checkpoint/restart.c b/kernel/checkpoint/restart.c
index 92d3e00..3b2593d 100644
--- a/kernel/checkpoint/restart.c
+++ b/kernel/checkpoint/restart.c
@@ -585,6 +585,9 @@ static int check_kernel_const(struct ckpt_const *h)
return -EINVAL;
if (h->uts_domainname_len != sizeof(uts->domainname))
return -EINVAL;
+ /* rlimit */
+ if (h->rlimit_nlimits != RLIM_NLIMITS)
+ return -EINVAL;
return 0;
}
diff --git a/kernel/signal.c b/kernel/signal.c
index 0e71eee..aae1f73 100644
--- a/kernel/signal.c
+++ b/kernel/signal.c
@@ -32,6 +32,7 @@
#include <trace/events/signal.h>
#define CKPT_DFLAG CKPT_DSYS
#include <linux/errno.h>
+#include <linux/resource.h>
#include <linux/checkpoint.h>
#include <asm/param.h>
@@ -2913,13 +2914,22 @@ static const struct ckpt_obj_ops ckpt_obj_sighand_ops = {
static int checkpoint_signal(struct ckpt_ctx *ctx, struct task_struct *t)
{
struct ckpt_hdr_signal *h;
- int ret;
+ struct signal_struct *signal;
+ struct rlimit *rlim;
+ int i, ret;
h = ckpt_hdr_get_type(ctx, sizeof(*h), CKPT_HDR_SIGNAL);
if (!h)
return -ENOMEM;
- /* fill in later */
+ signal = t->signal;
+ rlim = signal->rlim;
+
+ /* rlimit */
+ for (i = 0; i < RLIM_NLIMITS; i++) {
+ h->rlim[i].rlim_cur = rlim[i].rlim_cur;
+ h->rlim[i].rlim_max = rlim[i].rlim_max;
+ }
ret = ckpt_write_obj(ctx, &h->h);
ckpt_hdr_put(ctx, h);
@@ -2935,15 +2945,23 @@ int checkpoint_obj_signal(struct ckpt_ctx *ctx, struct task_struct *t)
static int restore_signal(struct ckpt_ctx *ctx)
{
struct ckpt_hdr_signal *h;
+ struct rlimit rlim;
+ int i, ret;
h = ckpt_read_obj_type(ctx, sizeof(*h), CKPT_HDR_SIGNAL);
if (IS_ERR(h))
return PTR_ERR(h);
- /* fill in later */
-
+ /* rlimit */
+ for (i = 0; i < RLIM_NLIMITS; i++) {
+ rlim.rlim_cur = h->rlim[i].rlim_cur;
+ rlim.rlim_max = h->rlim[i].rlim_max;
+ ret = do_setrlimit(i, &rlim);
+ if (ret < 0)
+ break;
+ }
ckpt_hdr_put(ctx, h);
- return 0;
+ return ret;
}
int restore_obj_signal(struct ckpt_ctx *ctx, int signal_objref)
diff --git a/kernel/sys.c b/kernel/sys.c
index ec11a3f..9a98d05 100644
--- a/kernel/sys.c
+++ b/kernel/sys.c
@@ -1211,40 +1211,39 @@ SYSCALL_DEFINE2(old_getrlimit, unsigned int, resource,
#endif
-SYSCALL_DEFINE2(setrlimit, unsigned int, resource, struct rlimit __user *, rlim)
+int do_setrlimit(unsigned int resource, struct rlimit *new_rlim)
{
- struct rlimit new_rlim, *old_rlim;
+ struct rlimit *old_rlim;
int retval;
if (resource >= RLIM_NLIMITS)
return -EINVAL;
- if (copy_from_user(&new_rlim, rlim, sizeof(*rlim)))
- return -EFAULT;
- if (new_rlim.rlim_cur > new_rlim.rlim_max)
+ if (new_rlim->rlim_cur > new_rlim->rlim_max)
return -EINVAL;
+
old_rlim = current->signal->rlim + resource;
- if ((new_rlim.rlim_max > old_rlim->rlim_max) &&
+ if ((new_rlim->rlim_max > old_rlim->rlim_max) &&
!capable(CAP_SYS_RESOURCE))
return -EPERM;
- if (resource == RLIMIT_NOFILE && new_rlim.rlim_max > sysctl_nr_open)
+ if (resource == RLIMIT_NOFILE && new_rlim->rlim_max > sysctl_nr_open)
return -EPERM;
- retval = security_task_setrlimit(resource, &new_rlim);
+ retval = security_task_setrlimit(resource, new_rlim);
if (retval)
return retval;
- if (resource == RLIMIT_CPU && new_rlim.rlim_cur == 0) {
+ if (resource == RLIMIT_CPU && new_rlim->rlim_cur == 0) {
/*
* The caller is asking for an immediate RLIMIT_CPU
* expiry. But we use the zero value to mean "it was
* never set". So let's cheat and make it one second
* instead
*/
- new_rlim.rlim_cur = 1;
+ new_rlim->rlim_cur = 1;
}
task_lock(current->group_leader);
- *old_rlim = new_rlim;
+ *old_rlim = *new_rlim;
task_unlock(current->group_leader);
if (resource != RLIMIT_CPU)
@@ -1256,14 +1255,25 @@ SYSCALL_DEFINE2(setrlimit, unsigned int, resource, struct rlimit __user *, rlim)
* very long-standing error, and fixing it now risks breakage of
* applications, so we live with it
*/
- if (new_rlim.rlim_cur == RLIM_INFINITY)
+ if (new_rlim->rlim_cur == RLIM_INFINITY)
goto out;
- update_rlimit_cpu(new_rlim.rlim_cur);
+ update_rlimit_cpu(new_rlim->rlim_cur);
out:
return 0;
}
+SYSCALL_DEFINE2(setrlimit, unsigned int, resource, struct rlimit __user *, rlim)
+{
+ struct rlimit new_rlim;
+
+ if (resource >= RLIM_NLIMITS)
+ return -EINVAL;
+ if (copy_from_user(&new_rlim, rlim, sizeof(*rlim)))
+ return -EFAULT;
+ return do_setrlimit(resource, &new_rlim);
+}
+
/*
* It would make sense to put struct rusage in the task_struct,
* except that would make the task_struct be *really big*. After
--
1.6.3.3
^ permalink raw reply related [flat|nested] 137+ messages in thread* [PATCH v21 067/100] c/r: [signal 3/4] pending signals (private, shared)
2010-05-01 14:14 [PATCH v21 00/100] Kernel based checkpoint/restart Oren Laadan
` (65 preceding siblings ...)
2010-05-01 14:15 ` [PATCH v21 066/100] c/r: [signal 2/4] checkpoint/restart of rlimit Oren Laadan
@ 2010-05-01 14:15 ` Oren Laadan
2010-05-01 14:15 ` [PATCH v21 068/100] c/r: [signal 4/4] support for real/virt/prof itimers Oren Laadan
` (34 subsequent siblings)
101 siblings, 0 replies; 137+ messages in thread
From: Oren Laadan @ 2010-05-01 14:15 UTC (permalink / raw)
To: Andrew Morton
Cc: containers, linux-kernel, Serge Hallyn, Matt Helsley,
Pavel Emelyanov, Oren Laadan, Oleg Nesterov, Roland McGrath
This patch adds checkpoint and restart of pending signals queues:
struct sigpending, both per-task t->sigpending and shared (per-
thread-group) t->signal->shared_sigpending.
To checkpoint pending signals (private/shared) we first detach the
signal queue (and copy the mask) to a separate struct sigpending.
This separate structure can be iterated through without locking.
Once the state is saved, we re-attaches (prepends) the original signal
queue back to the original struct sigpending.
Signals that arrive(d) in the meantime will be suitably queued after
these (for real-time signals). Repeated non-realtime signals will not
be queued because they will already be marked in the pending mask,
that remains as is. This is the expected behavior of non-realtime
signals.
Changelog[v21]:
- [Matt Helsley] Move the signal c/r changes to kernel/signal.c
Changelog [v19-rc1]:
- Switch to ckpt_obj_try_fetch()
- [Matt Helsley] Add cpp definitions for enums
Changelog [v4]:
- Rename headerless struct ckpt_hdr_* to struct ckpt_*
Changelog [v3]:
- [Dan Smith] Sanity check for number of pending signals in buffer
Changelog [v2]:
- Validate si_errno from checkpoint image
Changelog [v1]:
- Fix compilation warnings
- [Louis Rilling] Remove SIGQUEUE_PREALLOC flag from queued signals
- [Louis Rilling] Fail if task has posix-timers or SI_TIMER signal
Cc: Oleg Nesterov <oleg@redhat.com>
Cc: Roland McGrath <roland@redhat.com>
Signed-off-by: Oren Laadan <orenl@cs.columbia.edu>
Acked-by: Louis Rilling <Louis.Rilling@kerlabs.com>
Acked-by: Serge E. Hallyn <serue@us.ibm.com>
Tested-by: Serge E. Hallyn <serue@us.ibm.com>
---
include/linux/checkpoint_hdr.h | 24 ++++
kernel/signal.c | 279 +++++++++++++++++++++++++++++++++++++++-
2 files changed, 301 insertions(+), 2 deletions(-)
diff --git a/include/linux/checkpoint_hdr.h b/include/linux/checkpoint_hdr.h
index 0320bfa..3e6b49b 100644
--- a/include/linux/checkpoint_hdr.h
+++ b/include/linux/checkpoint_hdr.h
@@ -142,6 +142,8 @@ enum {
#define CKPT_HDR_SIGNAL CKPT_HDR_SIGNAL
CKPT_HDR_SIGNAL_TASK,
#define CKPT_HDR_SIGNAL_TASK CKPT_HDR_SIGNAL_TASK
+ CKPT_HDR_SIGPENDING,
+#define CKPT_HDR_SIGPENDING CKPT_HDR_SIGPENDING
CKPT_HDR_TAIL = 9001,
#define CKPT_HDR_TAIL CKPT_HDR_TAIL
@@ -545,6 +547,28 @@ struct ckpt_hdr_sighand {
struct ckpt_sigaction action[0];
} __attribute__((aligned(8)));
+#ifndef HAVE_ARCH_SIGINFO_T
+struct ckpt_siginfo {
+ __u32 signo;
+ __u32 _errno;
+ __u32 code;
+
+ __u32 pid;
+ __s32 uid;
+ __u32 sigval_int;
+ __u64 sigval_ptr;
+ __u64 utime;
+ __u64 stime;
+} __attribute__((aligned(8)));
+#endif
+
+struct ckpt_hdr_sigpending {
+ struct ckpt_hdr h;
+ __u32 nr_pending;
+ struct ckpt_sigset signal;
+ struct ckpt_siginfo siginfo[0];
+} __attribute__((aligned(8)));
+
struct ckpt_rlimit {
__u64 rlim_cur;
__u64 rlim_max;
diff --git a/kernel/signal.c b/kernel/signal.c
index aae1f73..11f54ad 100644
--- a/kernel/signal.c
+++ b/kernel/signal.c
@@ -2911,11 +2911,155 @@ static const struct ckpt_obj_ops ckpt_obj_sighand_ops = {
* signal checkpoint/restart
*/
+static void fill_siginfo(struct ckpt_siginfo *si, siginfo_t *info)
+{
+ si->signo = info->si_signo;
+ si->_errno = info->si_errno;
+ si->code = info->si_code;
+
+ /* TODO: convert info->si_uid to uid_objref */
+
+ switch (info->si_code & __SI_MASK) {
+ case __SI_TIMER:
+ si->pid = info->si_tid;
+ si->uid = info->si_overrun;
+ si->sigval_int = info->si_int;
+ si->utime = info->si_sys_private;
+ break;
+ case __SI_POLL:
+ si->pid = info->si_band;
+ si->sigval_int = info->si_fd;
+ break;
+ case __SI_FAULT:
+ si->sigval_ptr = (unsigned long) info->si_addr;
+#ifdef __ARCH_SI_TRAPNO
+ si->sigval_int = info->si_trapno;
+#endif
+ break;
+ case __SI_CHLD:
+ si->pid = info->si_pid;
+ si->uid = info->si_uid;
+ si->sigval_int = info->si_status;
+ si->stime = info->si_stime;
+ si->utime = info->si_utime;
+ break;
+ case __SI_KILL:
+ case __SI_RT:
+ case __SI_MESGQ:
+ si->pid = info->si_pid;
+ si->uid = info->si_uid;
+ si->sigval_ptr = (unsigned long) info->si_ptr;
+ break;
+ default:
+ BUG();
+ }
+}
+
+static int load_siginfo(siginfo_t *info, struct ckpt_siginfo *si)
+{
+ if (!valid_signal(si->signo))
+ return -EINVAL;
+ if (!ckpt_validate_errno(si->_errno))
+ return -EINVAL;
+
+ info->si_signo = si->signo;
+ info->si_errno = si->_errno;
+ info->si_code = si->code;
+
+ /* TODO: validate remaining signal fields */
+
+ switch (info->si_code & __SI_MASK) {
+ case __SI_TIMER:
+ info->si_tid = si->pid;
+ info->si_overrun = si->uid;
+ info->si_int = si->sigval_int;
+ info->si_sys_private = si->utime;
+ break;
+ case __SI_POLL:
+ info->si_band = si->pid;
+ info->si_fd = si->sigval_int;
+ break;
+ case __SI_FAULT:
+ info->si_addr = (void __user *) (unsigned long) si->sigval_ptr;
+#ifdef __ARCH_SI_TRAPNO
+ info->si_trapno = si->sigval_int;
+#endif
+ break;
+ case __SI_CHLD:
+ info->si_pid = si->pid;
+ info->si_uid = si->uid;
+ info->si_status = si->sigval_int;
+ info->si_stime = si->stime;
+ info->si_utime = si->utime;
+ break;
+ case __SI_KILL:
+ case __SI_RT:
+ case __SI_MESGQ:
+ info->si_pid = si->pid;
+ info->si_uid = si->uid;
+ info->si_ptr = (void __user *) (unsigned long) si->sigval_ptr;
+ break;
+ default:
+ return -EINVAL;
+ }
+
+ return 0;
+}
+
+/*
+ * To checkpoint pending signals (private/shared) the caller moves the
+ * signal queue (and copies the mask) to a separate struct sigpending,
+ * therefore we can iterate through it without locking.
+ * After we return, the caller re-attaches (prepends) the original
+ * signal queue to the original struct sigpending. Thus, signals that
+ * arrive(d) in the meantime will be suitably queued after these.
+ * Finally, repeated non-realtime signals will not be queued because
+ * they will already be marked in the pending mask, that remains as is.
+ * This is the expected behavior of non-realtime signals.
+ */
+static int checkpoint_sigpending(struct ckpt_ctx *ctx,
+ struct sigpending *pending)
+{
+ struct ckpt_hdr_sigpending *h;
+ struct ckpt_siginfo *si;
+ struct sigqueue *q;
+ int nr_pending = 0;
+ int ret;
+
+ list_for_each_entry(q, &pending->list, list) {
+ /* TODO: remove after adding support for posix-timers */
+ if ((q->info.si_code & __SI_MASK) == __SI_TIMER) {
+ ckpt_err(ctx, -ENOTSUPP, "%(T)signal SI_TIMER\n");
+ return -ENOTSUPP;
+ }
+ nr_pending++;
+ }
+
+ h = ckpt_hdr_get_type(ctx, nr_pending * sizeof(*si) + sizeof(*h),
+ CKPT_HDR_SIGPENDING);
+ if (!h)
+ return -ENOMEM;
+
+ h->nr_pending = nr_pending;
+ fill_sigset(&h->signal, &pending->signal);
+
+ si = h->siginfo;
+ list_for_each_entry(q, &pending->list, list)
+ fill_siginfo(si++, &q->info);
+
+ ret = ckpt_write_obj(ctx, &h->h);
+ ckpt_hdr_put(ctx, h);
+
+ return ret;
+}
+
static int checkpoint_signal(struct ckpt_ctx *ctx, struct task_struct *t)
{
struct ckpt_hdr_signal *h;
struct signal_struct *signal;
+ struct sigpending shared_pending;
struct rlimit *rlim;
+ unsigned long flags;
int i, ret;
h = ckpt_hdr_get_type(ctx, sizeof(*h), CKPT_HDR_SIGNAL);
@@ -2925,13 +3069,46 @@ static int checkpoint_signal(struct ckpt_ctx *ctx, struct task_struct *t)
signal = t->signal;
rlim = signal->rlim;
+ INIT_LIST_HEAD(&shared_pending.list);
+
+ /* temporarily borrow signal queue - see chekcpoint_sigpending() */
+ if (!lock_task_sighand(t, &flags)) {
+ ckpt_err(ctx, -EBUSY, "%(T)c/r: [pid %d] without sighand\n",
+ task_pid_vnr(t));
+ ret = -EBUSY;
+ goto out;
+ }
+
+ /* TODO: remove after adding support for posix-timers */
+ if (!list_empty(&signal->posix_timers)) {
+ unlock_task_sighand(t, &flags);
+ ckpt_err(ctx, -ENOTSUPP, "%(T)%(P)posix-timers\n", signal);
+ ret = -ENOTSUPP;
+ goto out;
+ }
+
+ list_splice_init(&signal->shared_pending.list, &shared_pending.list);
+ shared_pending.signal = signal->shared_pending.signal;
+
/* rlimit */
for (i = 0; i < RLIM_NLIMITS; i++) {
h->rlim[i].rlim_cur = rlim[i].rlim_cur;
h->rlim[i].rlim_max = rlim[i].rlim_max;
}
+ unlock_task_sighand(t, &flags);
ret = ckpt_write_obj(ctx, &h->h);
+ if (!ret)
+ ret = checkpoint_sigpending(ctx, &shared_pending);
+
+ /* return the borrowed queue */
+ if (!lock_task_sighand(t, &flags)) {
+ pr_warning("c/r: [%d] sighand disappeared\n", task_pid_vnr(t));
+ goto out;
+ }
+ list_splice(&shared_pending.list, &signal->shared_pending.list);
+ unlock_task_sighand(t, &flags);
+ out:
ckpt_hdr_put(ctx, h);
return ret;
}
@@ -2942,9 +3119,55 @@ int checkpoint_obj_signal(struct ckpt_ctx *ctx, struct task_struct *t)
return checkpoint_signal(ctx, t);
}
+static int restore_sigpending(struct ckpt_ctx *ctx, struct sigpending *pending)
+{
+ struct ckpt_hdr_sigpending *h;
+ struct ckpt_siginfo *si;
+ struct sigqueue *q;
+ int ret = 0;
+
+ h = ckpt_read_buf_type(ctx, 0, CKPT_HDR_SIGPENDING);
+ if (IS_ERR(h))
+ return PTR_ERR(h);
+
+ if (h->h.len != h->nr_pending * sizeof(*si) + sizeof(*h)) {
+ ret = -EINVAL;
+ goto out;
+ }
+
+ INIT_LIST_HEAD(&pending->list);
+ load_sigset(&pending->signal, &h->signal);
+
+ si = h->siginfo;
+ while (h->nr_pending--) {
+ q = sigqueue_alloc();
+ if (!q) {
+ ret = -ENOMEM;
+ break;
+ }
+
+ ret = load_siginfo(&q->info, si++);
+ if (ret < 0) {
+ sigqueue_free(q);
+ break;
+ }
+
+ q->flags &= ~SIGQUEUE_PREALLOC;
+ list_add_tail(&pending->list, &q->list);
+ }
+
+ if (ret < 0)
+ flush_sigqueue(pending);
+ out:
+ ckpt_hdr_put(ctx, h);
+ return ret;
+}
+
static int restore_signal(struct ckpt_ctx *ctx)
{
struct ckpt_hdr_signal *h;
+ struct sigpending new_pending;
+ struct sigpending *pending;
struct rlimit rlim;
int i, ret;
@@ -2958,8 +3181,20 @@ static int restore_signal(struct ckpt_ctx *ctx)
rlim.rlim_max = h->rlim[i].rlim_max;
ret = do_setrlimit(i, &rlim);
if (ret < 0)
- break;
+ goto out;
}
+
+ ret = restore_sigpending(ctx, &new_pending);
+ if (ret < 0)
+ goto out;
+
+ spin_lock_irq(¤t->sighand->siglock);
+ pending = ¤t->signal->shared_pending;
+ flush_sigqueue(pending);
+ pending->signal = new_pending.signal;
+ list_splice_init(&new_pending.list, &pending->list);
+ spin_unlock_irq(¤t->sighand->siglock);
+out:
ckpt_hdr_put(ctx, h);
return ret;
}
@@ -2969,7 +3204,7 @@ int restore_obj_signal(struct ckpt_ctx *ctx, int signal_objref)
struct signal_struct *signal;
int ret = 0;
- signal = ckpt_obj_fetch(ctx, signal_objref, CKPT_OBJ_SIGNAL);
+ signal = ckpt_obj_try_fetch(ctx, signal_objref, CKPT_OBJ_SIGNAL);
if (!IS_ERR(signal)) {
/*
* signal_struct is already shared properly as it is
@@ -2994,8 +3229,34 @@ int restore_obj_signal(struct ckpt_ctx *ctx, int signal_objref)
int checkpoint_task_signal(struct ckpt_ctx *ctx, struct task_struct *t)
{
struct ckpt_hdr_signal_task *h;
+ struct sigpending pending;
+ unsigned long flags;
int ret;
+ INIT_LIST_HEAD(&pending.list);
+
+ /* temporarily borrow signal queue - see chekcpoint_sigpending() */
+ if (!lock_task_sighand(t, &flags)) {
+ ckpt_err(ctx, -EBUSY, "%(T)signand missing\n");
+ return -EBUSY;
+ }
+ list_splice_init(&t->pending.list, &pending.list);
+ pending.signal = t->pending.signal;
+ unlock_task_sighand(t, &flags);
+
+ ret = checkpoint_sigpending(ctx, &pending);
+
+ /* re-attach the borrowed queue */
+ if (!lock_task_sighand(t, &flags)) {
+ ckpt_err(ctx, -EBUSY, "%(T)signand missing\n");
+ return -EBUSY;
+ }
+ list_splice(&pending.list, &t->pending.list);
+ unlock_task_sighand(t, &flags);
+
+ if (ret < 0)
+ return ret;
+
h = ckpt_hdr_get_type(ctx, sizeof(*h), CKPT_HDR_SIGNAL_TASK);
if (!h)
return -ENOMEM;
@@ -3013,7 +3274,21 @@ int checkpoint_task_signal(struct ckpt_ctx *ctx, struct task_struct *t)
int restore_task_signal(struct ckpt_ctx *ctx)
{
struct ckpt_hdr_signal_task *h;
+ struct sigpending new_pending;
+ struct sigpending *pending;
sigset_t blocked;
+ int ret;
+
+ ret = restore_sigpending(ctx, &new_pending);
+ if (ret < 0)
+ return ret;
+
+ spin_lock_irq(¤t->sighand->siglock);
+ pending = ¤t->pending;
+ flush_sigqueue(pending);
+ pending->signal = new_pending.signal;
+ list_splice_init(&new_pending.list, &pending->list);
+ spin_unlock_irq(¤t->sighand->siglock);
h = ckpt_read_obj_type(ctx, sizeof(*h), CKPT_HDR_SIGNAL_TASK);
if (IS_ERR(h))
--
1.6.3.3
^ permalink raw reply related [flat|nested] 137+ messages in thread* [PATCH v21 068/100] c/r: [signal 4/4] support for real/virt/prof itimers
2010-05-01 14:14 [PATCH v21 00/100] Kernel based checkpoint/restart Oren Laadan
` (66 preceding siblings ...)
2010-05-01 14:15 ` [PATCH v21 067/100] c/r: [signal 3/4] pending signals (private, shared) Oren Laadan
@ 2010-05-01 14:15 ` Oren Laadan
2010-05-01 14:15 ` [PATCH v21 069/100] Expose may_setuid() in user.h and add may_setgid() (v2) Oren Laadan
` (33 subsequent siblings)
101 siblings, 0 replies; 137+ messages in thread
From: Oren Laadan @ 2010-05-01 14:15 UTC (permalink / raw)
To: Andrew Morton
Cc: containers, linux-kernel, Serge Hallyn, Matt Helsley,
Pavel Emelyanov, Oren Laadan, Oleg Nesterov, Roland McGrath
This patch adds support for real/virt/prof itimers.
Expiry and the interval values are both saved in nanoseconds.
Changelog[v19-rc2]:
- Adjust virt/prof itimer code for kernel 2.6.32
Changelog[v1]:
- [Louis Rilling] Fix saving of signal->it_real_incr if not expired
- Fix restoring of signal->it_real_incr if expire is zero
- Save virt/prof expire relative to process accumulated time
Cc: Oleg Nesterov <oleg@redhat.com>
Cc: Roland McGrath <roland@redhat.com>
Signed-off-by: Oren Laadan <orenl@cs.columbia.edu>
Acked-by: Louis Rilling <Louis.Rilling@kerlabs.com>
Acked-by: Serge E. Hallyn <serue@us.ibm.com>
Tested-by: Serge E. Hallyn <serue@us.ibm.com>
---
include/linux/checkpoint_hdr.h | 6 +++
include/linux/posix-timers.h | 9 ++++
kernel/posix-cpu-timers.c | 9 ----
kernel/signal.c | 90 ++++++++++++++++++++++++++++++++++++++++
4 files changed, 105 insertions(+), 9 deletions(-)
diff --git a/include/linux/checkpoint_hdr.h b/include/linux/checkpoint_hdr.h
index 3e6b49b..01f7493 100644
--- a/include/linux/checkpoint_hdr.h
+++ b/include/linux/checkpoint_hdr.h
@@ -586,6 +586,12 @@ struct ckpt_rlimit {
struct ckpt_hdr_signal {
struct ckpt_hdr h;
struct ckpt_rlimit rlim[CKPT_RLIM_NLIMITS];
+ __u64 it_real_value;
+ __u64 it_real_incr;
+ __u64 it_virt_value;
+ __u64 it_virt_incr;
+ __u64 it_prof_value;
+ __u64 it_prof_incr;
} __attribute__((aligned(8)));
struct ckpt_hdr_signal_task {
diff --git a/include/linux/posix-timers.h b/include/linux/posix-timers.h
index d0d6a66..7dd69c3 100644
--- a/include/linux/posix-timers.h
+++ b/include/linux/posix-timers.h
@@ -125,4 +125,13 @@ void update_rlimit_cpu(unsigned long rlim_new);
int invalid_clockid(const clockid_t which_clock);
+static inline cputime_t prof_ticks(struct task_struct *p)
+{
+ return cputime_add(p->utime, p->stime);
+}
+static inline cputime_t virt_ticks(struct task_struct *p)
+{
+ return p->utime;
+}
+
#endif
diff --git a/kernel/posix-cpu-timers.c b/kernel/posix-cpu-timers.c
index bc7704b..fd35ef1 100644
--- a/kernel/posix-cpu-timers.c
+++ b/kernel/posix-cpu-timers.c
@@ -168,15 +168,6 @@ static void bump_cpu_timer(struct k_itimer *timer,
}
}
-static inline cputime_t prof_ticks(struct task_struct *p)
-{
- return cputime_add(p->utime, p->stime);
-}
-static inline cputime_t virt_ticks(struct task_struct *p)
-{
- return p->utime;
-}
-
int posix_cpu_clock_getres(const clockid_t which_clock, struct timespec *tp)
{
int error = check_clock(which_clock);
diff --git a/kernel/signal.c b/kernel/signal.c
index 11f54ad..1d511e7 100644
--- a/kernel/signal.c
+++ b/kernel/signal.c
@@ -33,6 +33,8 @@
#define CKPT_DFLAG CKPT_DSYS
#include <linux/errno.h>
#include <linux/resource.h>
+#include <linux/timer.h>
+#include <linux/posix-timers.h>
#include <linux/checkpoint.h>
#include <asm/param.h>
@@ -3058,7 +3060,10 @@ static int checkpoint_signal(struct ckpt_ctx *ctx, struct task_struct *t)
struct ckpt_hdr_signal *h;
struct signal_struct *signal;
struct sigpending shared_pending;
+ struct timeval tval;
struct rlimit *rlim;
+ struct cpu_itimer *it;
+ cputime_t cputime;
unsigned long flags;
int i, ret;
@@ -3095,6 +3100,53 @@ static int checkpoint_signal(struct ckpt_ctx *ctx, struct task_struct *t)
h->rlim[i].rlim_cur = rlim[i].rlim_cur;
h->rlim[i].rlim_max = rlim[i].rlim_max;
}
+
+ /* real/virt/prof itimers */
+ if (hrtimer_active(&signal->real_timer)) {
+ /* For an active timer compute the time delta */
+ ktime_t delta = hrtimer_get_remaining(&signal->real_timer);
+ /*
+ * If the timer expired after the the test above, then
+ * set the expire to the minimum possible (because by
+ * now the pending signal have been saved already, but
+ * the signal from this very expiry won't be sent before
+ * we release t->sighand->siglock).
+ */
+ ckpt_debug("active ! %lld\n", delta.tv64);
+ if (delta.tv64 <= 0)
+ delta.tv64 = NSEC_PER_USEC;
+ h->it_real_value = ktime_to_ns(delta);
+ } else {
+ /*
+ * Timer is inactive; if @it_real_incr is 0 the timer
+ * will not be re-armed. Beacuse we hold siglock, if
+ * @it_real_incr > 0, the timer must have just expired
+ * but not yet re-armed, and we have a SIGALRM pending
+ * - that will trigger timer re-arm after restart.
+ */
+ h->it_real_value = 0;
+ }
+ h->it_real_incr = ktime_to_ns(signal->it_real_incr);
+
+ /* for prof/virt, ignore error and incr_error */
+ it = &signal->it[CPUCLOCK_VIRT];
+ cputime = it->expires;
+ if (!cputime_eq(cputime, cputime_zero))
+ cputime = cputime_sub(it->expires, virt_ticks(t));
+ cputime_to_timeval(cputime, &tval);
+ h->it_virt_value = timeval_to_ns(&tval);
+ cputime_to_timeval(it->incr, &tval);
+ h->it_virt_incr = timeval_to_ns(&tval);
+
+ it = &signal->it[CPUCLOCK_PROF];
+ cputime = it->expires;
+ if (!cputime_eq(cputime, cputime_zero))
+ cputime = cputime_sub(it->expires, prof_ticks(t));
+ cputime_to_timeval(cputime, &tval);
+ h->it_prof_value = timeval_to_ns(&tval);
+ cputime_to_timeval(it->incr, &tval);
+ h->it_prof_incr = timeval_to_ns(&tval);
+
unlock_task_sighand(t, &flags);
ret = ckpt_write_obj(ctx, &h->h);
@@ -3165,6 +3217,7 @@ static int restore_sigpending(struct ckpt_ctx *ctx, struct sigpending *pending)
static int restore_signal(struct ckpt_ctx *ctx)
{
+ struct itimerval itimer;
struct ckpt_hdr_signal *h;
struct sigpending new_pending;
struct sigpending *pending;
@@ -3188,12 +3241,49 @@ static int restore_signal(struct ckpt_ctx *ctx)
if (ret < 0)
goto out;
+ /*
+ * Reset real/virt/prof itimer (in case they were set), to
+ * prevent unwanted signals after flushing current signals
+ * and before restoring original real/virt/prof itimer.
+ */
+ itimer.it_value = (struct timeval) { .tv_sec = 0, .tv_usec = 0 };
+ itimer.it_interval = (struct timeval) { .tv_sec = 0, .tv_usec = 0 };
+ do_setitimer(ITIMER_REAL, &itimer, NULL);
+ do_setitimer(ITIMER_VIRTUAL, &itimer, NULL);
+ do_setitimer(ITIMER_PROF, &itimer, NULL);
+
spin_lock_irq(¤t->sighand->siglock);
pending = ¤t->signal->shared_pending;
flush_sigqueue(pending);
pending->signal = new_pending.signal;
list_splice_init(&new_pending.list, &pending->list);
spin_unlock_irq(¤t->sighand->siglock);
+
+ /* real/virt/prof itimers */
+ itimer.it_value = ns_to_timeval(h->it_real_value);
+ itimer.it_interval = ns_to_timeval(h->it_real_incr);
+ ret = do_setitimer(ITIMER_REAL, &itimer, NULL);
+ if (ret < 0)
+ goto out;
+ /*
+ * If expire is 0 but incr > 0 then we have a SIGALRM pending.
+ * It should re-arm the timer when handled. But do_setitimer()
+ * above already ignored @it_real_incr because @it_real_value
+ * that was zero. So we set it manually. (This is safe against
+ * malicious input, because in the worst case will generate an
+ * unexpected SIGALRM to this process).
+ */
+ if (!h->it_real_value && h->it_real_incr)
+ current->signal->it_real_incr = ns_to_ktime(h->it_real_incr);
+
+ itimer.it_value = ns_to_timeval(h->it_virt_value);
+ itimer.it_interval = ns_to_timeval(h->it_virt_incr);
+ ret = do_setitimer(ITIMER_VIRTUAL, &itimer, NULL);
+ if (ret < 0)
+ goto out;
+ itimer.it_value = ns_to_timeval(h->it_prof_value);
+ itimer.it_interval = ns_to_timeval(h->it_prof_incr);
+ ret = do_setitimer(ITIMER_PROF, &itimer, NULL);
out:
ckpt_hdr_put(ctx, h);
return ret;
--
1.6.3.3
^ permalink raw reply related [flat|nested] 137+ messages in thread* [PATCH v21 069/100] Expose may_setuid() in user.h and add may_setgid() (v2)
2010-05-01 14:14 [PATCH v21 00/100] Kernel based checkpoint/restart Oren Laadan
` (67 preceding siblings ...)
2010-05-01 14:15 ` [PATCH v21 068/100] c/r: [signal 4/4] support for real/virt/prof itimers Oren Laadan
@ 2010-05-01 14:15 ` Oren Laadan
2010-05-01 14:15 ` [PATCH v21 070/100] c/r: correctly restore pgid Oren Laadan
` (32 subsequent siblings)
101 siblings, 0 replies; 137+ messages in thread
From: Oren Laadan @ 2010-05-01 14:15 UTC (permalink / raw)
To: Andrew Morton
Cc: containers, linux-kernel, Serge Hallyn, Matt Helsley,
Pavel Emelyanov, Dan Smith
From: Dan Smith <danms@us.ibm.com>
Make these helpers available to others.
Changes in v2:
- Avoid checking the groupinfo in ctx->realcred against the current in
may_setgid()
Signed-off-by: Dan Smith <danms@us.ibm.com>
Acked-by: Serge E. Hallyn <serue@us.ibm.com>
Tested-by: Serge E. Hallyn <serue@us.ibm.com>
---
include/linux/user.h | 9 +++++++++
kernel/user.c | 13 ++++++++++++-
2 files changed, 21 insertions(+), 1 deletions(-)
diff --git a/include/linux/user.h b/include/linux/user.h
index 68daf84..c231e9c 100644
--- a/include/linux/user.h
+++ b/include/linux/user.h
@@ -1 +1,10 @@
+#ifndef _LINUX_USER_H
+#define _LINUX_USER_H
+
#include <asm/user.h>
+#include <linux/sched.h>
+
+extern int may_setuid(struct user_namespace *ns, uid_t uid);
+extern int may_setgid(gid_t gid);
+
+#endif
diff --git a/kernel/user.c b/kernel/user.c
index 4d1fda6..c546fee 100644
--- a/kernel/user.c
+++ b/kernel/user.c
@@ -279,7 +279,7 @@ static int checkpoint_user(struct ckpt_ctx *ctx, void *ptr)
return do_checkpoint_user(ctx, (struct user_struct *) ptr);
}
-static int may_setuid(struct user_namespace *ns, uid_t uid)
+int may_setuid(struct user_namespace *ns, uid_t uid)
{
/*
* this next check will one day become
@@ -306,6 +306,17 @@ static int may_setuid(struct user_namespace *ns, uid_t uid)
return 0;
}
+int may_setgid(gid_t gid)
+{
+ if (capable(CAP_SETGID))
+ return 1;
+
+ if (in_egroup_p(gid))
+ return 1;
+
+ return 0;
+}
+
static struct user_struct *do_restore_user(struct ckpt_ctx *ctx)
{
struct user_struct *u;
--
1.6.3.3
^ permalink raw reply related [flat|nested] 137+ messages in thread* [PATCH v21 070/100] c/r: correctly restore pgid
2010-05-01 14:14 [PATCH v21 00/100] Kernel based checkpoint/restart Oren Laadan
` (68 preceding siblings ...)
2010-05-01 14:15 ` [PATCH v21 069/100] Expose may_setuid() in user.h and add may_setgid() (v2) Oren Laadan
@ 2010-05-01 14:15 ` Oren Laadan
2010-05-01 14:15 ` [PATCH v21 071/100] Add common socket helpers to unify the security hooks Oren Laadan
` (31 subsequent siblings)
101 siblings, 0 replies; 137+ messages in thread
From: Oren Laadan @ 2010-05-01 14:15 UTC (permalink / raw)
To: Andrew Morton
Cc: containers, linux-kernel, Serge Hallyn, Matt Helsley,
Pavel Emelyanov, Oren Laadan, Oleg Nesterov
The main challenge with restoring the pgid of tasks is that the
original "owner" (the process with that pid) might have exited
already. I call these "ghost" pgids. 'mktree' does create these
processes, but they then exit without participating in the restart.
To solve this, this patch introduces a RESTART_GHOST flag, used for
"ghost" owners that are created only to pass their pgid to other
tasks. ('mktree' now makes them call restart(2) instead of exiting).
When a "ghost" task calls restart(2), it will be placed on a wait
queue until the restart completes and then exit. This guarantees that
the pgid that it owns remains available for all (regular) restarting
tasks for when they need it.
Regular tasks perform the restart as before, except that they also
now restore their old pgrp, which is guaranteed to exist.
Changelog [v19-rc1]:
- Simplify logic of tracking restarting tasks
- Debug final process-tree state on restart
- [Matt Helsley] Add cpp definitions for enums
- Self-restart to tolerate missing pgid
Changelog [v3]:
- Fix leak of ckpt_ctx when restoring "ghost" tasks
Changelog [v2]:
- Call change_pid() only if new pgrp differs from current one
Changelog [v1]:
- Verify that pgid owner is a thread-group-leader.
- Handle the case of pgid/sid == 0 using root's parent pid-ns
Cc: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Oren Laadan <orenl@cs.columbia.edu>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Tested-by: Serge E. Hallyn <serue@us.ibm.com>
---
include/linux/checkpoint.h | 11 +++-
include/linux/checkpoint_hdr.h | 3 +
include/linux/checkpoint_types.h | 7 ++-
kernel/checkpoint/process.c | 102 ++++++++++++++++++++++++++++++++++++++
kernel/checkpoint/restart.c | 59 +++++++++++++++++++---
kernel/checkpoint/sys.c | 3 +-
6 files changed, 172 insertions(+), 13 deletions(-)
diff --git a/include/linux/checkpoint.h b/include/linux/checkpoint.h
index 92a0df0..549f133 100644
--- a/include/linux/checkpoint.h
+++ b/include/linux/checkpoint.h
@@ -18,6 +18,7 @@
/* restart user flags */
#define RESTART_TASKSELF 0x1
#define RESTART_FROZEN 0x2
+#define RESTART_GHOST 0x4
/* misc user visible */
#define CHECKPOINT_FD_NONE -1
@@ -52,7 +53,10 @@ extern long do_sys_restart(pid_t pid, int fd,
/* ckpt_ctx: uflags */
#define CHECKPOINT_USER_FLAGS CHECKPOINT_SUBTREE
-#define RESTART_USER_FLAGS (RESTART_TASKSELF | RESTART_FROZEN)
+#define RESTART_USER_FLAGS \
+ (RESTART_TASKSELF | \
+ RESTART_FROZEN | \
+ RESTART_GHOST)
extern int walk_task_subtree(struct task_struct *task,
int (*func)(struct task_struct *, void *),
@@ -90,6 +94,9 @@ extern char *ckpt_fill_fname(struct path *path, struct path *root,
extern int checkpoint_dump_page(struct ckpt_ctx *ctx, struct page *page);
extern int restore_read_page(struct ckpt_ctx *ctx, struct page *page);
+/* pids */
+extern pid_t ckpt_pid_nr(struct ckpt_ctx *ctx, struct pid *pid);
+
/* ckpt kflags */
#define ckpt_set_ctx_kflag(__ctx, __kflag) \
set_bit(__kflag##_BIT, &(__ctx)->kflags)
@@ -147,7 +154,7 @@ extern struct ckpt_ctx *ckpt_ctx_get(struct ckpt_ctx *ctx);
extern void ckpt_ctx_put(struct ckpt_ctx *ctx);
extern long do_checkpoint(struct ckpt_ctx *ctx, pid_t pid);
-extern long do_restart(struct ckpt_ctx *ctx, pid_t pid);
+extern long do_restart(struct ckpt_ctx *ctx, pid_t pid, unsigned long flags);
/* task */
extern int ckpt_activate_next(struct ckpt_ctx *ctx);
diff --git a/include/linux/checkpoint_hdr.h b/include/linux/checkpoint_hdr.h
index 01f7493..e706636 100644
--- a/include/linux/checkpoint_hdr.h
+++ b/include/linux/checkpoint_hdr.h
@@ -273,6 +273,9 @@ struct ckpt_pids {
__s32 vsid;
} __attribute__((aligned(8)));
+/* pids */
+#define CKPT_PID_NULL -1
+
/* task data */
struct ckpt_hdr_task {
struct ckpt_hdr h;
diff --git a/include/linux/checkpoint_types.h b/include/linux/checkpoint_types.h
index fe20842..d69b795 100644
--- a/include/linux/checkpoint_types.h
+++ b/include/linux/checkpoint_types.h
@@ -73,10 +73,11 @@ struct ckpt_ctx {
/* [multi-process restart] */
struct ckpt_pids *pids_arr; /* array of all pids [restart] */
int nr_pids; /* size of pids array */
- atomic_t nr_total; /* total tasks count */
+ atomic_t nr_total; /* total tasks count (with ghosts) */
int active_pid; /* (next) position in pids array */
- struct completion complete; /* container root and other tasks on */
- wait_queue_head_t waitq; /* start, end, and restart ordering */
+ struct completion complete; /* completion for container root */
+ wait_queue_head_t waitq; /* waitqueue for restarting tasks */
+ wait_queue_head_t ghostq; /* waitqueue for ghost tasks */
struct cred *realcred, *ecred; /* tmp storage for cred at restart */
struct ckpt_stats stats; /* statistics */
diff --git a/kernel/checkpoint/process.c b/kernel/checkpoint/process.c
index 8cb88ae..fa08616 100644
--- a/kernel/checkpoint/process.c
+++ b/kernel/checkpoint/process.c
@@ -20,9 +20,61 @@
#include <linux/utsname.h>
#include <linux/syscalls.h>
#include <linux/user_namespace.h>
+#include <linux/syscalls.h>
+#include <linux/security.h> /* security_task_setpgid() */
#include <linux/checkpoint.h>
+pid_t ckpt_pid_nr(struct ckpt_ctx *ctx, struct pid *pid)
+{
+ return pid ? pid_nr_ns(pid, ctx->root_nsproxy->pid_ns) : CKPT_PID_NULL;
+}
+
+/* must be called with tasklist_lock or rcu_read_lock() held */
+struct pid *_ckpt_find_pgrp(struct ckpt_ctx *ctx, pid_t pgid)
+{
+ struct task_struct *p;
+ struct pid *pgrp;
+
+ if (pgid == 0) {
+ /*
+ * At checkpoint the pgid owner lived in an ancestor
+ * pid-ns. The best we can do (sanely and safely) is
+ * to examine the parent of this restart's root: if in
+ * a distinct pid-ns, use its pgrp; otherwise fail.
+ */
+ p = ctx->root_task->real_parent;
+ if (p->nsproxy->pid_ns == current->nsproxy->pid_ns)
+ return NULL;
+ pgrp = task_pgrp(p);
+ } else {
+ /*
+ * Find the owner process of this pgid (it must exist
+ * if pgrp exists). It must be a thread group leader.
+ */
+ pgrp = find_vpid(pgid);
+ p = pid_task(pgrp, PIDTYPE_PID);
+ if (!p || !thread_group_leader(p))
+ return NULL;
+ /*
+ * The pgrp must "belong" to our restart tree (compare
+ * p->checkpoint_ctx to ours). This prevents malicious
+ * input from (guessing and) using unrelated pgrps. If
+ * the owner is dead, then it doesn't have a context,
+ * so instead compare against its (real) parent's.
+ */
+ if (p->exit_state == EXIT_ZOMBIE)
+ p = p->real_parent;
+ if (p->checkpoint_ctx != ctx)
+ return NULL;
+ }
+
+ if (task_session(current) != task_session(p))
+ return NULL;
+
+ return pgrp;
+}
+
#ifdef CONFIG_FUTEX
static void save_task_robust_futex_list(struct ckpt_hdr_task *h,
struct task_struct *t)
@@ -737,6 +789,53 @@ int restore_restart_block(struct ckpt_ctx *ctx)
return ret;
}
+static int restore_task_pgid(struct ckpt_ctx *ctx)
+{
+ struct task_struct *task = current;
+ struct pid *pgrp;
+ pid_t pgid;
+ int ret;
+
+ /*
+ * We enforce the following restrictions on restoring pgrp:
+ * 1) Only thread group leaders restore pgrp
+ * 2) Session leader cannot change own pgrp
+ * 3) Owner of pgrp must belong to same restart tree
+ * 4) Must have same session as other tasks in same pgrp
+ * 5) Change must pass setpgid security callback
+ *
+ * TODO - check if we need additional restrictions ?
+ */
+
+ if (!thread_group_leader(task)) /* (1) */
+ return 0;
+
+ pgid = ctx->pids_arr[ctx->active_pid].vpgid;
+
+ if (pgid == task_pgrp_vnr(task)) /* nothing to do */
+ return 0;
+
+ if (task->signal->leader) /* (2) */
+ return -EINVAL;
+
+ ret = -EINVAL;
+
+ write_lock_irq(&tasklist_lock);
+ pgrp = _ckpt_find_pgrp(ctx, pgid); /* (3) and (4) */
+ if (pgrp && task_pgrp(task) != pgrp) {
+ ret = security_task_setpgid(task, pgid); /* (5) */
+ if (!ret)
+ change_pid(task, PIDTYPE_PGID, pgrp);
+ }
+ write_unlock_irq(&tasklist_lock);
+
+ /* self-restart: be tolerant if old pgid isn't found */
+ if (ctx->uflags & RESTART_TASKSELF)
+ ret = 0;
+
+ return ret;
+}
+
/* prepare the task for restore */
int pre_restore_task(void)
{
@@ -782,6 +881,9 @@ int restore_task(struct ckpt_ctx *ctx)
if (ret)
goto out;
+ ret = restore_task_pgid(ctx);
+ if (ret < 0)
+ goto out;
ret = restore_thread(ctx);
ckpt_debug("thread %d\n", ret);
if (ret < 0)
diff --git a/kernel/checkpoint/restart.c b/kernel/checkpoint/restart.c
index 3b2593d..e7a5b5b 100644
--- a/kernel/checkpoint/restart.c
+++ b/kernel/checkpoint/restart.c
@@ -737,6 +737,7 @@ void restore_notify_error(struct ckpt_ctx *ctx)
{
complete(&ctx->complete);
wake_up_all(&ctx->waitq);
+ wake_up_all(&ctx->ghostq);
}
static inline struct ckpt_ctx *get_task_ctx(struct task_struct *task)
@@ -812,6 +813,9 @@ static int restore_activate_next(struct ckpt_ctx *ctx)
ckpt_err(ctx, -ESRCH, "task %d not found\n", pid);
return -ESRCH;
}
+ } else {
+ /* wake up ghosts tasks so that they can terminate */
+ wake_up_all(&ctx->ghostq);
}
return 0;
@@ -869,6 +873,38 @@ static struct ckpt_ctx *wait_checkpoint_ctx(void)
return ctx;
}
+static int do_ghost_task(void)
+{
+ struct ckpt_ctx *ctx;
+ int ret;
+
+ ctx = wait_checkpoint_ctx();
+ if (IS_ERR(ctx))
+ return PTR_ERR(ctx);
+
+ ret = restore_debug_task(ctx, RESTART_DBG_GHOST);
+ if (ret < 0)
+ goto out;
+
+ current->flags |= PF_RESTARTING;
+ restore_debug_running(ctx);
+
+ ret = wait_event_interruptible(ctx->ghostq,
+ all_tasks_activated(ctx) ||
+ ckpt_test_error(ctx));
+ out:
+ restore_debug_error(ctx, ret);
+ if (ret < 0)
+ ckpt_err(ctx, ret, "ghost restart failed\n");
+
+ current->exit_signal = -1;
+ restore_debug_exit(ctx);
+ ckpt_ctx_put(ctx);
+ do_exit(0);
+
+ /* NOT REACHED */
+}
+
/*
* Ensure that all members of a thread group are in sys_restart before
* restoring any of them. Otherwise, restore may modify shared state
@@ -948,10 +984,15 @@ static int do_restore_task(void)
goto out;
}
+ ret = restore_activate_next(ctx);
+ if (ret < 0)
+ goto out;
+
/*
* zombie: we're done here; do_exit() will notice the @ctx on
- * our current->checkpoint_ctx (and our PF_RESTARTING) - it
- * will call restore_activate_next() and release the @ctx.
+ * our current->checkpoint_ctx (and our PF_RESTARTING), will
+ * call restore_task_done() and release the @ctx. This ensures
+ * that we only report done after we really become zombie.
*/
if (zombie) {
restore_debug_exit(ctx);
@@ -1033,8 +1074,11 @@ static int prepare_descendants(struct ckpt_ctx *ctx, struct task_struct *root)
if (nr_pids < 0)
return nr_pids;
- /* fail unless number of processes matches */
- if (nr_pids != ctx->nr_pids)
+ /*
+ * Actual tasks count may exceed ctx->nr_pids due of 'dead'
+ * tasks used as place-holders for PGIDs, but not fall short.
+ */
+ if (nr_pids < ctx->nr_pids)
return -ESRCH;
atomic_set(&ctx->nr_total, nr_pids);
@@ -1280,12 +1324,14 @@ static long restore_retval(void)
return syscall_get_return_value(current, regs);
}
-long do_restart(struct ckpt_ctx *ctx, pid_t pid)
+long do_restart(struct ckpt_ctx *ctx, pid_t pid, unsigned long flags)
{
long ret;
if (ctx)
ret = do_restore_coord(ctx, pid);
+ else if (flags & RESTART_GHOST)
+ ret = do_ghost_task();
else
ret = do_restore_task();
@@ -1333,8 +1379,7 @@ void exit_checkpoint(struct task_struct *tsk)
/* restarting zombies will activate next task in restart */
if (tsk->flags & PF_RESTARTING) {
BUG_ON(ctx->active_pid == -1);
- if (restore_activate_next(ctx) < 0)
- pr_warning("c/r: [%d] failed zombie exit\n", tsk->pid);
+ restore_task_done(ctx);
}
ckpt_ctx_put(ctx);
diff --git a/kernel/checkpoint/sys.c b/kernel/checkpoint/sys.c
index 73d84bd..86dabfa 100644
--- a/kernel/checkpoint/sys.c
+++ b/kernel/checkpoint/sys.c
@@ -250,6 +250,7 @@ static struct ckpt_ctx *ckpt_ctx_alloc(int fd, unsigned long uflags,
INIT_LIST_HEAD(&ctx->pgarr_list);
INIT_LIST_HEAD(&ctx->pgarr_pool);
init_waitqueue_head(&ctx->waitq);
+ init_waitqueue_head(&ctx->ghostq);
init_completion(&ctx->complete);
init_completion(&ctx->errno_sync);
@@ -658,7 +659,7 @@ long do_sys_restart(pid_t pid, int fd, unsigned long flags, int logfd)
if (IS_ERR(ctx))
return PTR_ERR(ctx);
- ret = do_restart(ctx, pid);
+ ret = do_restart(ctx, pid, flags);
ckpt_ctx_put(ctx);
return ret;
--
1.6.3.3
^ permalink raw reply related [flat|nested] 137+ messages in thread* [PATCH v21 071/100] Add common socket helpers to unify the security hooks
2010-05-01 14:14 [PATCH v21 00/100] Kernel based checkpoint/restart Oren Laadan
` (69 preceding siblings ...)
2010-05-01 14:15 ` [PATCH v21 070/100] c/r: correctly restore pgid Oren Laadan
@ 2010-05-01 14:15 ` Oren Laadan
2010-05-01 14:15 ` [PATCH v21 072/100] c/r: introduce checkpoint/restore methods to struct proto_ops Oren Laadan
` (30 subsequent siblings)
101 siblings, 0 replies; 137+ messages in thread
From: Oren Laadan @ 2010-05-01 14:15 UTC (permalink / raw)
To: Andrew Morton
Cc: containers, linux-kernel, Serge Hallyn, Matt Helsley,
Pavel Emelyanov, Dan Smith, netdev
From: Dan Smith <danms@us.ibm.com>
This moves the meat out of the bind(), getsockname(), and getpeername() syscalls
into helper functions that performs security_socket_bind() and then the
sock->ops->call(). This allows a unification of this behavior between the
syscalls and the pending socket restart logic.
Cc: netdev@vger.kernel.org
Signed-off-by: Dan Smith <danms@us.ibm.com>
Acked-by: Serge E. Hallyn <serue@us.ibm.com>
Tested-by: Serge E. Hallyn <serue@us.ibm.com>
---
include/net/sock.h | 48 ++++++++++++++++++++++++++++++++++++++++++++++++
net/socket.c | 29 ++++++-----------------------
2 files changed, 54 insertions(+), 23 deletions(-)
diff --git a/include/net/sock.h b/include/net/sock.h
index b4603cd..3cf7de4 100644
--- a/include/net/sock.h
+++ b/include/net/sock.h
@@ -1645,6 +1645,54 @@ extern void sock_enable_timestamp(struct sock *sk, int flag);
extern int sock_get_timestamp(struct sock *, struct timeval __user *);
extern int sock_get_timestampns(struct sock *, struct timespec __user *);
+/* bind() helper shared between any callers needing to perform a bind on
+ * behalf of userspace (syscall and restart) with the security hooks.
+ */
+static inline int sock_bind(struct socket *sock,
+ struct sockaddr *addr,
+ int addr_len)
+{
+ int err;
+
+ err = security_socket_bind(sock, addr, addr_len);
+ if (err)
+ return err;
+ else
+ return sock->ops->bind(sock, addr, addr_len);
+}
+
+/* getname() helper shared between any callers needing to perform a getname on
+ * behalf of userspace (syscall and restart) with the security hooks.
+ */
+static inline int sock_getname(struct socket *sock,
+ struct sockaddr *addr,
+ int *addr_len)
+{
+ int err;
+
+ err = security_socket_getsockname(sock);
+ if (err)
+ return err;
+ else
+ return sock->ops->getname(sock, addr, addr_len, 0);
+}
+
+/* getpeer() helper shared between any callers needing to perform a getpeer on
+ * behalf of userspace (syscall and restart) with the security hooks.
+ */
+static inline int sock_getpeer(struct socket *sock,
+ struct sockaddr *addr,
+ int *addr_len)
+{
+ int err;
+
+ err = security_socket_getpeername(sock);
+ if (err)
+ return err;
+ else
+ return sock->ops->getname(sock, addr, addr_len, 1);
+}
+
/*
* Enable debug/info messages
*/
diff --git a/net/socket.c b/net/socket.c
index 5e8d0af..b9f421b 100644
--- a/net/socket.c
+++ b/net/socket.c
@@ -1422,15 +1422,10 @@ SYSCALL_DEFINE3(bind, int, fd, struct sockaddr __user *, umyaddr, int, addrlen)
sock = sockfd_lookup_light(fd, &err, &fput_needed);
if (sock) {
err = move_addr_to_kernel(umyaddr, addrlen, (struct sockaddr *)&address);
- if (err >= 0) {
- err = security_socket_bind(sock,
- (struct sockaddr *)&address,
- addrlen);
- if (!err)
- err = sock->ops->bind(sock,
- (struct sockaddr *)
- &address, addrlen);
- }
+ if (err >= 0)
+ err = sock_bind(sock,
+ (struct sockaddr *)&address,
+ addrlen);
fput_light(sock->file, fput_needed);
}
return err;
@@ -1609,11 +1604,7 @@ SYSCALL_DEFINE3(getsockname, int, fd, struct sockaddr __user *, usockaddr,
if (!sock)
goto out;
- err = security_socket_getsockname(sock);
- if (err)
- goto out_put;
-
- err = sock->ops->getname(sock, (struct sockaddr *)&address, &len, 0);
+ err = sock_getname(sock, (struct sockaddr *)&address, &len);
if (err)
goto out_put;
err = move_addr_to_user((struct sockaddr *)&address, len, usockaddr, usockaddr_len);
@@ -1638,15 +1629,7 @@ SYSCALL_DEFINE3(getpeername, int, fd, struct sockaddr __user *, usockaddr,
sock = sockfd_lookup_light(fd, &err, &fput_needed);
if (sock != NULL) {
- err = security_socket_getpeername(sock);
- if (err) {
- fput_light(sock->file, fput_needed);
- return err;
- }
-
- err =
- sock->ops->getname(sock, (struct sockaddr *)&address, &len,
- 1);
+ err = sock_getpeer(sock, (struct sockaddr *)&address, &len);
if (!err)
err = move_addr_to_user((struct sockaddr *)&address, len, usockaddr,
usockaddr_len);
--
1.6.3.3
^ permalink raw reply related [flat|nested] 137+ messages in thread* [PATCH v21 072/100] c/r: introduce checkpoint/restore methods to struct proto_ops
2010-05-01 14:14 [PATCH v21 00/100] Kernel based checkpoint/restart Oren Laadan
` (70 preceding siblings ...)
2010-05-01 14:15 ` [PATCH v21 071/100] Add common socket helpers to unify the security hooks Oren Laadan
@ 2010-05-01 14:15 ` Oren Laadan
2010-05-01 14:15 ` [PATCH v21 073/100] c/r: Add AF_UNIX support (v12) Oren Laadan
` (29 subsequent siblings)
101 siblings, 0 replies; 137+ messages in thread
From: Oren Laadan @ 2010-05-01 14:15 UTC (permalink / raw)
To: Andrew Morton
Cc: containers, linux-kernel, Serge Hallyn, Matt Helsley,
Pavel Emelyanov, Oren Laadan, netdev
This adds new 'proto_ops' function for checkpointing and restoring
sockets. This allows the checkpoint/restart code to compile nicely
when, e.g., AF_UNIX sockets are selected as a module.
It also adds a function 'collecting' a socket for leak-detection
during full-container checkpoint. This is useful for those sockets
that hold references to other "collectable" objects. Two examples are
AF_UNIX buffers which reference the socket of origin, and sockets that
have file descriptors in-transit.
Cc: netdev@vger.kernel.org
Signed-off-by: Oren Laadan <orenl@cs.columbia.edu>
Acked-by: Serge E. Hallyn <serue@us.ibm.com>
Tested-by: Serge E. Hallyn <serue@us.ibm.com>
---
include/linux/net.h | 9 +++++++++
1 files changed, 9 insertions(+), 0 deletions(-)
diff --git a/include/linux/net.h b/include/linux/net.h
index 4157b5d..1f32c70 100644
--- a/include/linux/net.h
+++ b/include/linux/net.h
@@ -153,6 +153,9 @@ struct sockaddr;
struct msghdr;
struct module;
+struct ckpt_ctx;
+struct ckpt_hdr_socket;
+
struct proto_ops {
int family;
struct module *owner;
@@ -201,6 +204,12 @@ struct proto_ops {
int offset, size_t size, int flags);
ssize_t (*splice_read)(struct socket *sock, loff_t *ppos,
struct pipe_inode_info *pipe, size_t len, unsigned int flags);
+ int (*checkpoint)(struct ckpt_ctx *ctx,
+ struct socket *sock);
+ int (*collect)(struct ckpt_ctx *ctx,
+ struct socket *sock);
+ int (*restore)(struct ckpt_ctx *ctx, struct socket *sock,
+ struct ckpt_hdr_socket *h);
};
#define DECLARE_SOCKADDR(type, dst, src) \
--
1.6.3.3
^ permalink raw reply related [flat|nested] 137+ messages in thread* [PATCH v21 073/100] c/r: Add AF_UNIX support (v12)
2010-05-01 14:14 [PATCH v21 00/100] Kernel based checkpoint/restart Oren Laadan
` (71 preceding siblings ...)
2010-05-01 14:15 ` [PATCH v21 072/100] c/r: introduce checkpoint/restore methods to struct proto_ops Oren Laadan
@ 2010-05-01 14:15 ` Oren Laadan
2010-05-01 14:15 ` [PATCH v21 074/100] c/r: add support for listening INET sockets (v2) Oren Laadan
` (28 subsequent siblings)
101 siblings, 0 replies; 137+ messages in thread
From: Oren Laadan @ 2010-05-01 14:15 UTC (permalink / raw)
To: Andrew Morton
Cc: containers, linux-kernel, Serge Hallyn, Matt Helsley,
Pavel Emelyanov, Dan Smith, Alexey Dobriyan, netdev, Oren Laadan
From: Dan Smith <danms@us.ibm.com>
This patch adds basic checkpoint/restart support for AF_UNIX sockets. It
has been tested with a single and multiple processes, and with data inflight
at the time of checkpoint. It supports socketpair()s, path-based, and
abstract sockets.
Changes in ckpt-v21:
- Do not include checkpoint_hdr.h explicitly
- [Dan Smith] Disable softirqs when taking the socket queue lock
Changes in ckpt-v19:
- [Serge Hallyn] skb->tail can be offset
Changes in ckpt-v19-rc3:
- Rebase to kernel 2.6.33: export and leverage sock_alloc_file()
- [Nathan Lynch] Fix net/checkpoint.c for 64-bit
Changes in ckpt-v19-rc2:
- Change select uses of ckpt_debug() to ckpt_err() in net c/r
- [Dan Smith] Unify skb read/write functions and handle fragmented buffers
- [Dan Smith] Update buffer restore code to match the new format
Changes in ckpt-v19-rc1:
- [Dan Smith] Fix compile issue with CONFIG_CHECKPOINT=n
- [Dan Smith] Remove an unnecessary check on socket restart
- [Matt Helsley] Add cpp definitions for enums
- [Dan Smith] Pass the stored sock->protocol into sock_create() on restore
Changes in v12:
- Collect sockets for leak-detection
- Adjust socket reference count during leak detection phase
Changes in v11:
- Create a struct socket for orphan socket during checkpoint
- Make sockets proper objhash objects and use checkpoint_obj() on them
- Rename headerless struct ckpt_hdr_* to struct ckpt_*
- Remove struct timeval from socket header
- Save and restore UNIX socket peer credentials
- Set socket flags on restore using sock_setsockopt() where possible
- Fail on the TIMESTAMPING_* flags for the moment (with a TODO)
- Remove other explicit flag checks that are no longer copied blindly
- Changed functions/variables names to follow existing conventions
- Use proto_ops->{checkpoint,restart} methods for af_unix
- Cleanup sock_file_restore()/sock_file_checkpoint()
- Make ckpt_hdr_socket be part of ckpt_hdr_file_socket
- Fold do_sock_file_checkpoint() into sock_file_checkpoint()
- Fold do_sock_file_restore() into sock_file_restore()
- Move sock_file_{checkpoint,restore} to net/checkpoint.c
- Properly define sock_file_{checkpoint,restore} in header file
- sock_file_restore() now calls restore_file_common()
Changes in v10:
- Moved header structure definitions back to checkpoint_hdr.h
- Moved AF_UNIX checkpoint/restart code to net/unix/checkpoint.c
- Make sock_unix_*() functions only compile if CONFIG_UNIX=y
- Add TODO for CONFIG_UNIX=m case
Changes in v9:
- Fix double-free of skb's in the list and target holding queue in the
error path of sock_copy_buffers()
- Adjust use of ckpt_read_string() to match new signature
Changes in v8:
- Fix stale dev_alloc_skb() from before the conversion to skb_clone()
- Fix a couple of broken error paths
- Fix memory leak of kvec.iov_base on successful return from sendmsg()
- Fix condition for deciding when to run sock_cptrst_verify()
- Fix buffer queue copy algorithm to hold the lock during walk(s)
- Log the errno when either getname() or getpeer() fails
- Add comments about ancillary messages in the UNIX queue
- Add TODO comments for credential restore and flags via setsockopt()
- Add TODO comment about strangely-connected dgram sockets and the use
of sendmsg(peer)
Changes in v7:
- Fix failure to free iov_base in error path of sock_read_buffer()
- Change sock_read_buffer() to use _ckpt_read_obj_type() to get the
header length and then use ckpt_kread() directly to read the payload
- Change sock_read_buffers() to sock_unix_read_buffers() and break out
some common functionality to better accommodate the subsequent INET
patch
- Generalize sock_unix_getnames() into sock_getnames() so INET can use it
- Change skb_morph() to skb_clone() which uses the more common path and
still avoids the copy
- Add check to validate the socket type before creating socket
on restore
- Comment the CAP_NET_ADMIN override in sock_read_buffer_hdr
- Strengthen the comment about priming the buffer limits
- Change the objhash functions to deny direct checkpoint of sockets and
remove the reference counting function
- Change SOCKET_BUFFERS to SOCKET_QUEUE
- Change this,peer objrefs to signed integers
- Remove names from internal socket structures
- Fix handling of sock_copy_buffers() result
- Use ckpt_fill_fname() instead of d_path() for writing CWD
- Use sock_getname() and sock_getpeer() for proper security hookage
- Return -ENOSYS for unsupported socket families in checkpoint and restart
- Use sock_setsockopt() and sock_getsockopt() where possible to save and
restore socket option values
- Check for SOCK_DESTROY flag in the global verify function because none
of our supported socket types use it
- Check for SOCK_USE_WRITE_QUEUE in AF_UNIX restore function because
that flag should not be used on such a socket
- Check socket state in UNIX restart path to validate the subset of valid
values
Changes in v6:
- Moved the socket addresses to the per-type header
- Eliminated the HASCWD flag
- Remove use of ckpt_write_err() in restart paths
- Change the order in which buffers are read so that we can set the
socket's limit equal to the size of the image's buffers (if appropriate)
and then restore the original values afterwards.
- Use the ckpt_validate_errno() helper
- Add a check to make sure that we didn't restore a (UNIX) socket with
any skb's in the send buffer
- Fix up sock_unix_join() to not leave addr uninitialized for socketpair
- Remove inclusion of checkpoint_hdr.h in the socket files
- Make sock_unix_write_cwd() use ckpt_write_string() and use the new
ckpt_read_string() for reading the cwd
- Use the restored realcred credentials in sock_unix_join()
- Fix error path of the chdir_and_bind
- Change the algorithm for reloading the socket buffers to use sendmsg()
on the socket's peer for better accounting
- For DGRAM sockets, check the backlog value against the system max
to avoid letting a restart bypass the overloaded queue length
- Use sock_bind() instead of sock->ops->bind() to gain the security hook
- Change "restart" to "restore" in some of the function names
Changes in v5:
- Change laddr and raddr buffers in socket header to be long enough
for INET6 addresses
- Place socket.c and sock.h function definitions inside #ifdef
CONFIG_CHECKPOINT
- Add explicit check in sock_unix_makeaddr() to refuse if the
checkpoint image specifies an addr length of 0
- Split sock_unix_restart() into a few pieces to facilitate:
- Changed behavior of the unix restore code so that unlinked LISTEN
sockets don't do a bind()...unlink()
- Save the base path of a bound socket's path so that we can chdir()
to the base before bind() if it is a relative path
- Call bind() for any socket that is not established but has a
non-zero-length local address
- Enforce the current sysctl limit on socket buffer size during restart
unless the user holds CAP_NET_ADMIN
- Unlink a path-based socket before calling bind()
Changes in v4:
- Changed the signdness of rcvlowat, rcvtimeo, sndtimeo, and backlog
to match their struct sock definitions. This should avoid issues
with sign extension.
- Add a sock_cptrst_verify() function to be run at restore time to
validate several of the values in the checkpoint image against
limits, flag masks, etc.
- Write an error string with ctk_write_err() in the obscure cases
- Don't write socket buffers for listen sockets
- Sanity check address lengths before we agree to allocate memory
- Check the result of inserting the peer object in the objhash on
restart
- Check return value of sock_cptrst() on restart
- Change logic in remote getname() phase of checkpoint to not fail for
closed (et al) sockets
- Eliminate the memory copy while reading socket buffers on restart
Changes in v3:
- Move sock_file_checkpoint() above sock_file_restore()
- Change __sock_file_*() functions to do_sock_file_*()
- Adjust some of the struct cr_hdr_socket alignment
- Improve the sock_copy_buffers() algorithm to avoid locking the source
queue for the entire operation
- Fix alignment in the socket header struct(s)
- Move the per-protocol structure (ckpt_hdr_socket_un) out of the
common socket header and read/write it separately
- Fix missing call to sock_cptrst() in restore path
- Break out the socket joining into another function
- Fix failure to restore the socket address thus fixing getname()
- Check the state values on restart
- Fix case of state being TCP_CLOSE, which allows dgram sockets to be
properly connected (if appropriate) to their peer and maintain the
sockaddr for getname() operation
- Fix restoring a listening socket that has been unlink()'d
- Fix checkpointing sockets with an in-flight FD-passing SKB. Fail
with EBUSY.
- Fix checkpointing listening sockets with an unaccepted connection.
Fail with EBUSY.
- Changed 'un' to 'unix' in function and structure names
Changes in v2:
- Change GFP_KERNEL to GFP_ATOMIC in sock_copy_buffers() (this seems
to be rather common in other uses of skb_copy())
- Move the ckpt_hdr_socket structure definition to linux/socket.h
- Fix whitespace issue
- Move sock_file_checkpoint() to net/socket.c for symmetry
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: netdev@vger.kernel.org
Acked-by: Serge Hallyn <serue@us.ibm.com>
Acked-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Dan Smith <danms@us.ibm.com>
Signed-off-by: Oren Laadan <orenl@cs.columbia.edu>
---
fs/checkpoint.c | 7 +
include/linux/checkpoint.h | 8 +
include/linux/checkpoint_hdr.h | 119 +++++-
include/linux/net.h | 2 +
include/net/af_unix.h | 15 +
include/net/sock.h | 10 +
kernel/checkpoint/objhash.c | 26 +-
net/Makefile | 2 +
net/checkpoint.c | 1028 ++++++++++++++++++++++++++++++++++++++++
net/socket.c | 6 +-
net/unix/Makefile | 1 +
net/unix/af_unix.c | 9 +
net/unix/checkpoint.c | 646 +++++++++++++++++++++++++
13 files changed, 1872 insertions(+), 7 deletions(-)
create mode 100644 net/checkpoint.c
create mode 100644 net/unix/checkpoint.c
diff --git a/fs/checkpoint.c b/fs/checkpoint.c
index 783c920..23ec4de 100644
--- a/fs/checkpoint.c
+++ b/fs/checkpoint.c
@@ -21,6 +21,7 @@
#include <linux/syscalls.h>
#include <linux/deferqueue.h>
#include <linux/checkpoint.h>
+#include <net/sock.h>
/**************************************************************************
* Checkpoint
@@ -619,6 +620,12 @@ static struct restore_file_ops restore_file_ops[] = {
.file_type = CKPT_FILE_FIFO,
.restore = fifo_file_restore,
},
+ /* socket */
+ {
+ .file_name = "SOCKET",
+ .file_type = CKPT_FILE_SOCKET,
+ .restore = sock_file_restore,
+ },
};
static void *restore_file(struct ckpt_ctx *ctx)
diff --git a/include/linux/checkpoint.h b/include/linux/checkpoint.h
index 549f133..25275af 100644
--- a/include/linux/checkpoint.h
+++ b/include/linux/checkpoint.h
@@ -33,6 +33,7 @@
#include <linux/checkpoint_types.h>
#include <linux/checkpoint_hdr.h>
#include <linux/err.h>
+#include <net/sock.h>
/* sycall helpers */
extern long do_sys_checkpoint(pid_t pid, int fd,
@@ -97,6 +98,13 @@ extern int restore_read_page(struct ckpt_ctx *ctx, struct page *page);
/* pids */
extern pid_t ckpt_pid_nr(struct ckpt_ctx *ctx, struct pid *pid);
+/* socket functions */
+extern int ckpt_sock_getnames(struct ckpt_ctx *ctx,
+ struct socket *socket,
+ struct sockaddr *loc, unsigned *loc_len,
+ struct sockaddr *rem, unsigned *rem_len);
+extern struct sk_buff *sock_restore_skb(struct ckpt_ctx *ctx);
+
/* ckpt kflags */
#define ckpt_set_ctx_kflag(__ctx, __kflag) \
set_bit(__kflag##_BIT, &(__ctx)->kflags)
diff --git a/include/linux/checkpoint_hdr.h b/include/linux/checkpoint_hdr.h
index e706636..2be2d2c 100644
--- a/include/linux/checkpoint_hdr.h
+++ b/include/linux/checkpoint_hdr.h
@@ -10,18 +10,22 @@
* distribution for more details.
*/
-#ifndef __KERNEL__
-#include <sys/types.h>
-#include <linux/types.h>
-#endif
-
#ifdef __KERNEL__
#include <linux/types.h>
+#include <linux/socket.h>
+#include <linux/un.h>
#ifndef CONFIG_CHECKPOINT
#error linux/checkpoint_hdr.h included directly (without CONFIG_CHECKPOINT)
#endif
+#else /* __KERNEL__ */
+
+#include <sys/types.h>
+#include <linux/types.h>
+#include <sys/socket.h>
+#include <sys/un.h>
+
#endif
/*
@@ -145,6 +149,17 @@ enum {
CKPT_HDR_SIGPENDING,
#define CKPT_HDR_SIGPENDING CKPT_HDR_SIGPENDING
+ CKPT_HDR_SOCKET = 701,
+#define CKPT_HDR_SOCKET CKPT_HDR_SOCKET
+ CKPT_HDR_SOCKET_QUEUE,
+#define CKPT_HDR_SOCKET_QUEUE CKPT_HDR_SOCKET_QUEUE
+ CKPT_HDR_SOCKET_BUFFER,
+#define CKPT_HDR_SOCKET_BUFFER CKPT_HDR_SOCKET_BUFFER
+ CKPT_HDR_SOCKET_FRAG,
+#define CKPT_HDR_SOCKET_FRAG CKPT_HDR_SOCKET_FRAG
+ CKPT_HDR_SOCKET_UNIX,
+#define CKPT_HDR_SOCKET_UNIX CKPT_HDR_SOCKET_UNIX
+
CKPT_HDR_TAIL = 9001,
#define CKPT_HDR_TAIL CKPT_HDR_TAIL
@@ -200,6 +215,8 @@ enum obj_type {
#define CKPT_OBJ_USER CKPT_OBJ_USER
CKPT_OBJ_GROUPINFO,
#define CKPT_OBJ_GROUPINFO CKPT_OBJ_GROUPINFO
+ CKPT_OBJ_SOCK,
+#define CKPT_OBJ_SOCK CKPT_OBJ_SOCK
CKPT_OBJ_MAX
#define CKPT_OBJ_MAX CKPT_OBJ_MAX
};
@@ -449,6 +466,8 @@ enum file_type {
#define CKPT_FILE_PIPE CKPT_FILE_PIPE
CKPT_FILE_FIFO,
#define CKPT_FILE_FIFO CKPT_FILE_FIFO
+ CKPT_FILE_SOCKET,
+#define CKPT_FILE_SOCKET CKPT_FILE_SOCKET
CKPT_FILE_MAX
#define CKPT_FILE_MAX CKPT_FILE_MAX
};
@@ -473,6 +492,96 @@ struct ckpt_hdr_file_pipe {
__s32 pipe_objref;
} __attribute__((aligned(8)));
+/* socket */
+struct ckpt_hdr_socket {
+ struct ckpt_hdr h;
+
+ struct { /* struct socket */
+ __u64 flags;
+ __u8 state;
+ } socket __attribute__ ((aligned(8)));
+
+ struct { /* struct sock_common */
+ __u32 bound_dev_if;
+ __u32 reuse;
+ __u16 family;
+ __u8 state;
+ } sock_common __attribute__ ((aligned(8)));
+
+ struct { /* struct sock */
+ __s64 rcvlowat;
+ __u64 flags;
+
+ __s64 rcvtimeo;
+ __s64 sndtimeo;
+
+ __u32 err;
+ __u32 err_soft;
+ __u32 priority;
+ __s32 rcvbuf;
+ __s32 sndbuf;
+ __u16 type;
+ __s16 backlog;
+
+ __u8 protocol;
+ __u8 state;
+ __u8 shutdown;
+ __u8 userlocks;
+ __u8 no_check;
+
+ struct linger linger;
+ } sock __attribute__ ((aligned(8)));
+} __attribute__ ((aligned(8)));
+
+struct ckpt_hdr_socket_queue {
+ struct ckpt_hdr h;
+ __u32 skb_count;
+ __u32 total_bytes;
+} __attribute__ ((aligned(8)));
+
+struct ckpt_hdr_socket_buffer {
+ struct ckpt_hdr h;
+ __u32 transport_header;
+ __u32 network_header;
+ __u32 mac_header;
+ __u32 lin_len; /* Length of linear data */
+ __u32 frg_len; /* Length of fragment data */
+ __u32 skb_len; /* Length of skb (adjusted) */
+ __u32 hdr_len; /* Length of skipped header */
+ __u32 mac_len;
+ __u32 data_offset; /* Offset of data pointer from head */
+ __s32 sk_objref;
+ __s32 pr_objref;
+ __u16 protocol;
+ __u16 nr_frags;
+ __u8 cb[48];
+};
+
+struct ckpt_hdr_socket_buffer_frag {
+ struct ckpt_hdr h;
+ __u32 size;
+ __u32 offset;
+};
+
+#define CKPT_UNIX_LINKED 1
+struct ckpt_hdr_socket_unix {
+ struct ckpt_hdr h;
+ __s32 this;
+ __s32 peer;
+ __u32 peercred_uid;
+ __u32 peercred_gid;
+ __u32 flags;
+ __u32 laddr_len;
+ __u32 raddr_len;
+ struct sockaddr_un laddr;
+ struct sockaddr_un raddr;
+} __attribute__ ((aligned(8)));
+
+struct ckpt_hdr_file_socket {
+ struct ckpt_hdr_file common;
+ __s32 sock_objref;
+} __attribute__((aligned(8)));
+
/* memory layout */
struct ckpt_hdr_mm {
struct ckpt_hdr h;
diff --git a/include/linux/net.h b/include/linux/net.h
index 1f32c70..6ffe827 100644
--- a/include/linux/net.h
+++ b/include/linux/net.h
@@ -246,6 +246,8 @@ extern int sock_sendmsg(struct socket *sock, struct msghdr *msg,
size_t len);
extern int sock_recvmsg(struct socket *sock, struct msghdr *msg,
size_t size, int flags);
+extern int sock_alloc_file(struct socket *sock, struct file **f,
+ int flags);
extern int sock_map_fd(struct socket *sock, int flags);
extern struct socket *sockfd_lookup(int fd, int *err);
#define sockfd_put(sock) fput(sock->file)
diff --git a/include/net/af_unix.h b/include/net/af_unix.h
index 1614d78..ee423d1 100644
--- a/include/net/af_unix.h
+++ b/include/net/af_unix.h
@@ -68,4 +68,19 @@ static inline int unix_sysctl_register(struct net *net) { return 0; }
static inline void unix_sysctl_unregister(struct net *net) {}
#endif
#endif
+
+#ifdef CONFIG_CHECKPOINT
+struct ckpt_ctx;
+struct ckpt_hdr_socket;
+extern int unix_checkpoint(struct ckpt_ctx *ctx, struct socket *sock);
+extern int unix_restore(struct ckpt_ctx *ctx, struct socket *sock,
+ struct ckpt_hdr_socket *h);
+extern int unix_collect(struct ckpt_ctx *ctx, struct socket *sock);
+
+#else
+#define unix_checkpoint NULL
+#define unix_restore NULL
+#define unix_collect NULL
+#endif /* CONFIG_CHECKPOINT */
+
#endif
diff --git a/include/net/sock.h b/include/net/sock.h
index 3cf7de4..1c7665a 100644
--- a/include/net/sock.h
+++ b/include/net/sock.h
@@ -1713,4 +1713,14 @@ extern int sysctl_optmem_max;
extern __u32 sysctl_wmem_default;
extern __u32 sysctl_rmem_default;
+#ifdef CONFIG_CHECKPOINT
+/* Checkpoint/Restart Functions */
+struct ckpt_ctx;
+struct ckpt_hdr_file;
+extern int sock_file_checkpoint(struct ckpt_ctx *ctx, struct file *file);
+extern struct file *sock_file_restore(struct ckpt_ctx *ctx,
+ struct ckpt_hdr_file *h);
+extern int sock_file_collect(struct ckpt_ctx *ctx, struct file *file);
+#endif
+
#endif /* _SOCK_H */
diff --git a/kernel/checkpoint/objhash.c b/kernel/checkpoint/objhash.c
index 0fe741b..4960c25 100644
--- a/kernel/checkpoint/objhash.c
+++ b/kernel/checkpoint/objhash.c
@@ -29,7 +29,7 @@ struct ckpt_obj {
struct hlist_node next;
};
-/* object internal flags */
+/*` object internal flags */
#define CKPT_OBJ_CHECKPOINTED 0x1 /* object already checkpointed */
#define CKPT_OBJ_VISITED 0x2 /* object already visited */
@@ -481,6 +481,26 @@ static void ckpt_obj_users_inc(struct ckpt_ctx *ctx, void *ptr, int increment)
*/
/**
+ * obj_sock_adjust_users - remove implicit reference on DEAD sockets
+ * @obj: CKPT_OBJ_SOCK object to adjust
+ *
+ * Sockets that have been disconnected from their struct file have
+ * a reference count one less than normal sockets. The objhash's
+ * assumption of such a reference is therefore incorrect, so we correct
+ * it here.
+ */
+static inline void obj_sock_adjust_users(struct ckpt_obj *obj)
+{
+ struct sock *sk = (struct sock *)obj->ptr;
+
+ if (sock_flag(sk, SOCK_DEAD)) {
+ obj->users--;
+ ckpt_debug("Adjusting SOCK %i count to %i\n",
+ obj->objref, obj->users);
+ }
+}
+
+/**
* ckpt_obj_contained - test if shared objects are contained in checkpoint
* @ctx: checkpoint context
*
@@ -505,6 +525,10 @@ int ckpt_obj_contained(struct ckpt_ctx *ctx)
hlist_for_each_entry(obj, node, &ctx->obj_hash->list, next) {
if (!obj->ops->ref_users)
continue;
+
+ if (obj->ops->obj_type == CKPT_OBJ_SOCK)
+ obj_sock_adjust_users(obj);
+
if (obj->ops->ref_users(obj->ptr) != obj->users) {
ckpt_err(ctx, -EBUSY,
"%(O)%(P)%(S)Usage leak (%d != %d)\n",
diff --git a/net/Makefile b/net/Makefile
index 1542e72..74b038f 100644
--- a/net/Makefile
+++ b/net/Makefile
@@ -65,3 +65,5 @@ ifeq ($(CONFIG_NET),y)
obj-$(CONFIG_SYSCTL) += sysctl_net.o
endif
obj-$(CONFIG_WIMAX) += wimax/
+
+obj-$(CONFIG_CHECKPOINT) += checkpoint.o
diff --git a/net/checkpoint.c b/net/checkpoint.c
new file mode 100644
index 0000000..9116d7a
--- /dev/null
+++ b/net/checkpoint.c
@@ -0,0 +1,1028 @@
+/*
+ * Copyright 2009 IBM Corporation
+ *
+ * Author(s): Dan Smith <danms@us.ibm.com>
+ * Oren Laadan <orenl@cs.columbia.edu>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation, version 2 of the
+ * License.
+ */
+
+#include <linux/socket.h>
+#include <linux/mount.h>
+#include <linux/file.h>
+#include <linux/namei.h>
+#include <linux/syscalls.h>
+#include <linux/sched.h>
+#include <linux/fs_struct.h>
+#include <linux/highmem.h>
+
+#include <net/af_unix.h>
+#include <net/tcp_states.h>
+#include <net/tcp.h>
+
+#include <linux/deferqueue.h>
+#include <linux/checkpoint.h>
+
+struct dq_buffers {
+ struct ckpt_ctx *ctx;
+ struct sock *sk;
+};
+
+static int sock_copy_buffers(struct sk_buff_head *from,
+ struct sk_buff_head *to,
+ uint32_t *total_bytes)
+{
+ int count1 = 0;
+ int count2 = 0;
+ int i;
+ struct sk_buff *skb;
+ struct sk_buff **skbs;
+
+ *total_bytes = 0;
+
+ spin_lock_bh(&from->lock);
+ skb_queue_walk(from, skb)
+ count1++;
+ spin_unlock_bh(&from->lock);
+
+ skbs = kzalloc(sizeof(*skbs) * count1, GFP_KERNEL);
+ if (!skbs)
+ return -ENOMEM;
+
+ for (i = 0; i < count1; i++) {
+ skbs[i] = dev_alloc_skb(0);
+ if (!skbs[i])
+ goto err;
+ }
+
+ i = 0;
+ spin_lock_bh(&from->lock);
+ skb_queue_walk(from, skb) {
+ if (++count2 > count1)
+ break; /* The queue changed as we read it */
+
+ skb_morph(skbs[i], skb);
+ skbs[i]->sk = skb->sk;
+ skb_queue_tail(to, skbs[i]);
+
+ *total_bytes += skb->len;
+ i++;
+ }
+ spin_unlock_bh(&from->lock);
+
+ if (count1 != count2)
+ goto err;
+
+ kfree(skbs);
+
+ return count1;
+ err:
+ while (skb_dequeue(to))
+ ; /* Pull all the buffers out of the queue */
+ for (i = 0; i < count1; i++)
+ kfree_skb(skbs[i]);
+ kfree(skbs);
+
+ return -EAGAIN;
+}
+
+static void sock_record_header_info(struct sk_buff *skb,
+ struct ckpt_hdr_socket_buffer *h)
+{
+
+ h->mac_len = skb->mac_len;
+ h->skb_len = skb->len;
+ h->hdr_len = skb->data - skb->head;
+ h->frg_len = skb->data_len;
+ h->data_offset = (skb->data - skb->head);
+
+#ifdef NET_SKBUFF_DATA_USES_OFFSET
+ h->transport_header = skb->transport_header;
+ h->network_header = skb->network_header;
+ h->mac_header = skb->mac_header;
+ h->lin_len = (unsigned long) skb->tail;
+#else
+ h->transport_header = skb->transport_header - skb->head;
+ h->network_header = skb->network_header - skb->head;
+ h->mac_header = skb->mac_header - skb->head;
+ h->lin_len = ((unsigned long) skb->tail - (unsigned long) skb->head);
+#endif
+
+ memcpy(h->cb, skb->cb, sizeof(skb->cb));
+ h->nr_frags = skb_shinfo(skb)->nr_frags;
+}
+
+int sock_restore_header_info(struct ckpt_ctx *ctx,
+ struct sk_buff *skb,
+ struct ckpt_hdr_socket_buffer *h)
+{
+ if (h->mac_header + h->mac_len != h->network_header) {
+ ckpt_err(ctx, -EINVAL,
+ "skb mac_header %u+%u != network header %u\n",
+ h->mac_header, h->mac_len, h->network_header);
+ return -EINVAL;
+ }
+
+ if (h->network_header > h->lin_len) {
+ ckpt_err(ctx, -EINVAL,
+ "skb network header %u > linear length %u\n",
+ h->network_header, h->lin_len);
+ return -EINVAL;
+ }
+
+ if (h->transport_header > h->lin_len) {
+ ckpt_err(ctx, -EINVAL,
+ "skb transport header %u > linear length %u\n",
+ h->transport_header, h->lin_len);
+ return -EINVAL;
+ }
+
+ if (h->data_offset > h->lin_len) {
+ ckpt_err(ctx, -EINVAL,
+ "skb data offset %u > linear length %u\n",
+ h->data_offset, h->lin_len);
+ return -EINVAL;
+ }
+
+ if (h->skb_len > SKB_MAX_ALLOC) {
+ ckpt_err(ctx, -EINVAL,
+ "skb total length %u larger than max of %lu\n",
+ h->skb_len, SKB_MAX_ALLOC);
+ return -EINVAL;
+ }
+
+ skb_set_transport_header(skb, h->transport_header);
+ skb_set_network_header(skb, h->network_header);
+ skb_set_mac_header(skb, h->mac_header);
+ skb->mac_len = h->mac_len;
+
+ /* FIXME: This should probably be sanitized per-protocol to
+ * make sure nothing bad happens if it is hijacked. For the
+ * current set of protocols that we restore this way, the data
+ * contained within is not very risky (flags and sequence
+ * numbers) but could still be evalutated from a
+ * could-the-user- have-set-these-flags point of view.
+ */
+ memcpy(skb->cb, h->cb, sizeof(skb->cb));
+
+ skb->data = skb->head + h->data_offset;
+ skb->len = h->skb_len;
+
+ return 0;
+}
+
+static int sock_restore_skb_frag(struct ckpt_ctx *ctx,
+ struct sk_buff *skb,
+ int frag_idx)
+{
+ struct ckpt_hdr_socket_buffer_frag *h;
+ struct page *page;
+ int ret = 0;
+
+ h = ckpt_read_obj_type(ctx, sizeof(*h), CKPT_HDR_SOCKET_FRAG);
+ if (IS_ERR(h)) {
+ ckpt_err(ctx, PTR_ERR(h), "failed to read buffer object\n");
+ return PTR_ERR(h);
+ }
+
+ if ((h->size > PAGE_SIZE) || (h->offset >= PAGE_SIZE)) {
+ ret = -EINVAL;
+ ckpt_err(ctx, ret, "skb frag size=%i,offset=%i > PAGE_SIZE\n",
+ h->size, h->offset);
+ goto out;
+ }
+
+ page = alloc_page(GFP_KERNEL);
+ if (!page) {
+ ret = -ENOMEM;
+ goto out;
+ }
+
+ ret = restore_read_page(ctx, page);
+ if (ret) {
+ ckpt_err(ctx, ret, "failed to read fragment: %i\n", ret);
+ __free_page(page);
+ } else {
+ ckpt_debug("read %i+%i for fragment %i\n",
+ h->offset, h->size, frag_idx);
+ skb_add_rx_frag(skb, frag_idx, page, h->offset, h->size);
+ ret = h->size;
+ }
+ out:
+ ckpt_hdr_put(ctx, h);
+ return ret;
+}
+
+struct sk_buff *sock_restore_skb(struct ckpt_ctx *ctx)
+{
+ struct ckpt_hdr_socket_buffer *h;
+ struct sk_buff *skb = NULL;
+ int i, ret;
+
+ h = ckpt_read_obj_type(ctx, sizeof(*h), CKPT_HDR_SOCKET_BUFFER);
+ if (IS_ERR(h))
+ return (struct sk_buff *)h;
+
+ ret = -ENOSPC;
+ if (h->lin_len > SKB_MAX_ALLOC) {
+ ckpt_err(ctx, ret, "socket linear buffer too big (%u > %lu)\n",
+ h->lin_len, SKB_MAX_ALLOC);
+ goto out;
+ } else if (h->frg_len > SKB_MAX_ALLOC) {
+ ckpt_err(ctx, ret, "socket frag size too big (%u > %lu\n",
+ h->frg_len, SKB_MAX_ALLOC);
+ goto out;
+ } else if (h->nr_frags >= MAX_SKB_FRAGS) {
+ ckpt_err(ctx, ret, "socket frag count too big (%u > %lu\n",
+ h->nr_frags, MAX_SKB_FRAGS);
+ goto out;
+ }
+
+ skb = alloc_skb(h->lin_len, GFP_KERNEL);
+ if (!skb) {
+ ret = -ENOMEM;
+ goto out;
+ }
+
+ ret = _ckpt_read_obj_type(ctx, skb_put(skb, h->lin_len),
+ h->lin_len, CKPT_HDR_BUFFER);
+ ckpt_debug("read linear skb length %u: %i\n", h->lin_len, ret);
+ if (ret < 0)
+ goto out;
+
+ for (i = 0; i < h->nr_frags; i++) {
+ ret = sock_restore_skb_frag(ctx, skb, i);
+ ckpt_debug("read skb frag %i/%i: %i\n",
+ i + 1, h->nr_frags, ret);
+ if (ret < 0)
+ goto out;
+ h->frg_len -= ret;
+ }
+
+ if (h->frg_len != 0) {
+ ret = -EINVAL;
+ ckpt_err(ctx, ret, "length %u remaining after reading frags\n",
+ h->frg_len);
+ goto out;
+ }
+
+ sock_restore_header_info(ctx, skb, h);
+ out:
+ ckpt_hdr_put(ctx, h);
+ if (ret < 0) {
+ kfree_skb(skb);
+ skb = ERR_PTR(ret);
+ }
+
+ return skb;
+}
+
+static int __sock_write_skb_frag(struct ckpt_ctx *ctx, skb_frag_t *frag)
+{
+ struct ckpt_hdr_socket_buffer_frag *h;
+ int ret;
+
+ h = ckpt_hdr_get_type(ctx, sizeof(*h), CKPT_HDR_SOCKET_FRAG);
+ if (!h)
+ return -ENOMEM;
+
+ h->size = frag->size;
+ h->offset = frag->page_offset;
+
+ ret = ckpt_write_obj(ctx, (struct ckpt_hdr *)h);
+ ckpt_hdr_put(ctx, h);
+ if (ret < 0)
+ return ret;
+
+ ret = checkpoint_dump_page(ctx, frag->page);
+ ckpt_debug("writing frag page: %i\n", ret);
+ return ret;
+}
+
+static int __sock_write_skb(struct ckpt_ctx *ctx,
+ struct sk_buff *skb,
+ int dst_objref)
+{
+ struct ckpt_hdr_socket_buffer *h;
+ int ret = 0;
+ int i;
+
+ h = ckpt_hdr_get_type(ctx, sizeof(*h), CKPT_HDR_SOCKET_BUFFER);
+ if (!h)
+ return -ENOMEM;
+
+ if (dst_objref > 0) {
+ BUG_ON(!skb->sk);
+ ret = checkpoint_obj(ctx, skb->sk, CKPT_OBJ_SOCK);
+ if (ret < 0)
+ goto out;
+ h->sk_objref = ret;
+ h->pr_objref = dst_objref;
+ }
+
+ sock_record_header_info(skb, h);
+
+ ret = ckpt_write_obj(ctx, (struct ckpt_hdr *) h);
+ if (ret < 0)
+ goto out;
+
+ ret = ckpt_write_obj_type(ctx, skb->head, h->lin_len, CKPT_HDR_BUFFER);
+ ckpt_debug("writing skb linear region %u: %i\n", h->lin_len, ret);
+ if (ret < 0)
+ goto out;
+
+ for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) {
+ skb_frag_t *frag = &skb_shinfo(skb)->frags[i];
+
+ ret = __sock_write_skb_frag(ctx, frag);
+ ckpt_debug("writing buffer fragment %i/%i (%i)\n",
+ i + 1, h->nr_frags, ret);
+ if (ret < 0)
+ goto out;
+ h->frg_len -= frag->size;
+ }
+
+ WARN_ON(h->frg_len != 0);
+ out:
+ ckpt_hdr_put(ctx, h);
+ return ret;
+}
+
+static int __sock_write_buffers(struct ckpt_ctx *ctx,
+ struct sk_buff_head *queue,
+ uint16_t family,
+ int dst_objref)
+{
+ struct sk_buff *skb;
+
+ skb_queue_walk(queue, skb) {
+ int ret = 0;
+
+ if (UNIXCB(skb).fp) {
+ ckpt_err(ctx, -EBUSY, "%(T)af_unix: pass fd\n");
+ return -EBUSY;
+ }
+
+ /* The other ancillary messages UNIX are always
+ * present unlike descriptors. Even though we can't
+ * detect them and fail the checkpoint, we're not at
+ * risk because we don't restore the control
+ * information in the UNIX code.
+ */
+
+ ret = __sock_write_skb(ctx, skb, dst_objref);
+ if (ret < 0)
+ return ret;
+ }
+
+ return 0;
+}
+
+static int sock_write_buffers(struct ckpt_ctx *ctx,
+ struct sk_buff_head *queue,
+ uint16_t family,
+ int dst_objref)
+{
+ struct ckpt_hdr_socket_queue *h;
+ struct sk_buff_head tmpq;
+ int ret = -ENOMEM;
+
+ h = ckpt_hdr_get_type(ctx, sizeof(*h), CKPT_HDR_SOCKET_QUEUE);
+ if (!h)
+ return -ENOMEM;
+
+ skb_queue_head_init(&tmpq);
+
+ ret = sock_copy_buffers(queue, &tmpq, &h->total_bytes);
+ if (ret < 0)
+ goto out;
+
+ h->skb_count = ret;
+ ret = ckpt_write_obj(ctx, (struct ckpt_hdr *) h);
+ if (!ret)
+ ret = __sock_write_buffers(ctx, &tmpq, family, dst_objref);
+
+ out:
+ ckpt_hdr_put(ctx, h);
+ __skb_queue_purge(&tmpq);
+
+ return ret;
+}
+
+int sock_deferred_write_buffers(void *data)
+{
+ struct dq_buffers *dq = (struct dq_buffers *)data;
+ struct ckpt_ctx *ctx = dq->ctx;
+ int ret;
+ int dst_objref;
+
+ dst_objref = ckpt_obj_lookup(ctx, dq->sk, CKPT_OBJ_SOCK);
+ if (dst_objref < 0) {
+ ckpt_err(ctx, dst_objref, "%(T)socket: owner gone?\n");
+ return dst_objref;
+ }
+
+ ret = sock_write_buffers(ctx, &dq->sk->sk_receive_queue,
+ dq->sk->sk_family, dst_objref);
+ ckpt_debug("write recv buffers: %i\n", ret);
+ if (ret < 0)
+ return ret;
+
+ ret = sock_write_buffers(ctx, &dq->sk->sk_write_queue,
+ dq->sk->sk_family, dst_objref);
+ ckpt_debug("write send buffers: %i\n", ret);
+
+ return ret;
+}
+
+int sock_defer_write_buffers(struct ckpt_ctx *ctx, struct sock *sk)
+{
+ struct dq_buffers dq;
+
+ dq.ctx = ctx;
+ dq.sk = sk;
+
+ /* NB: This is safe to do inside deferqueue_run() since it uses
+ * list_for_each_safe()
+ */
+ return deferqueue_add(ctx->files_deferq, &dq, sizeof(dq),
+ sock_deferred_write_buffers, NULL);
+}
+
+int ckpt_sock_getnames(struct ckpt_ctx *ctx, struct socket *sock,
+ struct sockaddr *loc, unsigned *loc_len,
+ struct sockaddr *rem, unsigned *rem_len)
+{
+ int ret;
+
+ ret = sock_getname(sock, loc, loc_len);
+ if (ret) {
+ ckpt_err(ctx, ret, "%(T)%(P)socket: getname local\n", sock);
+ return -EINVAL;
+ }
+
+ ret = sock_getpeer(sock, rem, rem_len);
+ if (ret) {
+ if ((sock->sk->sk_type != SOCK_DGRAM) &&
+ (sock->sk->sk_state == TCP_ESTABLISHED)) {
+ ckpt_err(ctx, ret, "%(T)%(P)socket: getname peer\n",
+ sock);
+ return -EINVAL;
+ }
+ *rem_len = 0;
+ }
+
+ return 0;
+}
+
+static int sock_cptrst_verify(struct ckpt_hdr_socket *h)
+{
+ uint8_t userlocks_mask =
+ SOCK_SNDBUF_LOCK | SOCK_RCVBUF_LOCK |
+ SOCK_BINDADDR_LOCK | SOCK_BINDPORT_LOCK;
+
+ if (h->sock.shutdown & ~SHUTDOWN_MASK)
+ return -EINVAL;
+ if (h->sock.userlocks & ~userlocks_mask)
+ return -EINVAL;
+ if (!ckpt_validate_errno(h->sock.err))
+ return -EINVAL;
+
+ return 0;
+}
+
+static int sock_cptrst_opt(int op, struct socket *sock,
+ int optname, char *opt, int len)
+{
+ mm_segment_t fs;
+ int ret;
+
+ fs = get_fs();
+ set_fs(KERNEL_DS);
+
+ if (op == CKPT_CPT)
+ ret = sock_getsockopt(sock, SOL_SOCKET, optname, opt, &len);
+ else
+ ret = sock_setsockopt(sock, SOL_SOCKET, optname, opt, len);
+
+ set_fs(fs);
+
+ return ret;
+}
+
+#define CKPT_COPY_SOPT(op, sk, name, opt) \
+ sock_cptrst_opt(op, sk->sk_socket, name, (char *)opt, sizeof(*opt))
+
+static int sock_cptrst_bufopts(int op, struct sock *sk,
+ struct ckpt_hdr_socket *h)
+{
+ if (CKPT_COPY_SOPT(op, sk, SO_RCVBUF, &h->sock.rcvbuf))
+ if ((op == CKPT_RST) &&
+ CKPT_COPY_SOPT(op, sk, SO_RCVBUFFORCE, &h->sock.rcvbuf)) {
+ ckpt_debug("Failed to set SO_RCVBUF");
+ return -EINVAL;
+ }
+
+ if (CKPT_COPY_SOPT(op, sk, SO_SNDBUF, &h->sock.sndbuf))
+ if ((op == CKPT_RST) &&
+ CKPT_COPY_SOPT(op, sk, SO_SNDBUFFORCE, &h->sock.sndbuf)) {
+ ckpt_debug("Failed to set SO_SNDBUF");
+ return -EINVAL;
+ }
+
+ /* It's silly that we have to fight ourselves here, but
+ * sock_setsockopt() doubles the initial value, so divide here
+ * to store the user's value and avoid doubling on restart
+ */
+ if ((op == CKPT_CPT) && (h->sock.rcvbuf != SOCK_MIN_RCVBUF))
+ h->sock.rcvbuf >>= 1;
+
+ if ((op == CKPT_CPT) && (h->sock.sndbuf != SOCK_MIN_SNDBUF))
+ h->sock.sndbuf >>= 1;
+
+ return 0;
+}
+
+struct sock_flag_mapping {
+ int opt;
+ int flag;
+};
+
+struct sock_flag_mapping sk_flag_map[] = {
+ {SO_OOBINLINE, SOCK_URGINLINE},
+ {SO_KEEPALIVE, SOCK_KEEPOPEN},
+ {SO_BROADCAST, SOCK_BROADCAST},
+ {SO_TIMESTAMP, SOCK_RCVTSTAMP},
+ {SO_TIMESTAMPNS, SOCK_RCVTSTAMPNS},
+ {SO_DEBUG, SOCK_DBG},
+ {SO_DONTROUTE, SOCK_LOCALROUTE},
+};
+
+struct sock_flag_mapping sock_flag_map[] = {
+ {SO_PASSCRED, SOCK_PASSCRED},
+};
+
+static int sock_restore_flag(struct socket *sock,
+ unsigned long *flags,
+ int flag,
+ int option)
+{
+ int v = 1;
+ int ret = 0;
+
+ if (test_and_clear_bit(flag, flags))
+ ret = sock_setsockopt(sock, SOL_SOCKET, option,
+ (char *)&v, sizeof(v));
+
+ return ret;
+}
+
+
+static int sock_restore_flags(struct socket *sock, struct ckpt_hdr_socket *h)
+{
+ unsigned long sk_flags = h->sock.flags;
+ unsigned long sock_flags = h->socket.flags;
+ int ret;
+ int i;
+
+ for (i = 0; i < ARRAY_SIZE(sk_flag_map); i++) {
+ int opt = sk_flag_map[i].opt;
+ int flag = sk_flag_map[i].flag;
+ ret = sock_restore_flag(sock, &sk_flags, flag, opt);
+ if (ret) {
+ ckpt_debug("Failed to set skopt %i: %i\n", opt, ret);
+ return ret;
+ }
+ }
+
+ for (i = 0; i < ARRAY_SIZE(sock_flag_map); i++) {
+ int opt = sock_flag_map[i].opt;
+ int flag = sock_flag_map[i].flag;
+ ret = sock_restore_flag(sock, &sock_flags, flag, opt);
+ if (ret) {
+ ckpt_debug("Failed to set sockopt %i: %i\n", opt, ret);
+ return ret;
+ }
+ }
+
+ /* TODO: Handle SOCK_TIMESTAMPING_* flags */
+ if (test_bit(SOCK_TIMESTAMPING_TX_HARDWARE, &sk_flags) ||
+ test_bit(SOCK_TIMESTAMPING_TX_SOFTWARE, &sk_flags) ||
+ test_bit(SOCK_TIMESTAMPING_RX_HARDWARE, &sk_flags) ||
+ test_bit(SOCK_TIMESTAMPING_RX_SOFTWARE, &sk_flags) ||
+ test_bit(SOCK_TIMESTAMPING_SOFTWARE, &sk_flags) ||
+ test_bit(SOCK_TIMESTAMPING_RAW_HARDWARE, &sk_flags) ||
+ test_bit(SOCK_TIMESTAMPING_SYS_HARDWARE, &sk_flags)) {
+ ckpt_debug("SOF_TIMESTAMPING_* flags are not supported\n");
+ return -ENOSYS;
+ }
+
+ if (test_and_clear_bit(SOCK_DEAD, &sk_flags))
+ sock_set_flag(sock->sk, SOCK_DEAD);
+
+
+ /* Anything that is still set in the flags that isn't part of
+ * our protocol's default set, indicates an error
+ */
+ if (sk_flags & ~sock->sk->sk_flags) {
+ ckpt_debug("Unhandled sock flags: %lx\n", sk_flags);
+ return -EINVAL;
+ }
+
+ return 0;
+}
+
+static int sock_copy_timeval(int op, struct sock *sk,
+ int sockopt, __s64 *saved)
+{
+ struct timeval tv;
+
+ if (op == CKPT_CPT) {
+ if (CKPT_COPY_SOPT(op, sk, sockopt, &tv))
+ return -EINVAL;
+ *saved = timeval_to_ns(&tv);
+ } else {
+ tv = ns_to_timeval(*saved);
+ if (CKPT_COPY_SOPT(op, sk, sockopt, &tv))
+ return -EINVAL;
+ }
+
+ return 0;
+}
+
+static int sock_cptrst(struct ckpt_ctx *ctx, struct sock *sk,
+ struct ckpt_hdr_socket *h, int op)
+{
+ if (sk->sk_socket)
+ CKPT_COPY(op, h->socket.state, sk->sk_socket->state);
+
+ CKPT_COPY(op, h->sock_common.bound_dev_if, sk->sk_bound_dev_if);
+ CKPT_COPY(op, h->sock_common.family, sk->sk_family);
+
+ CKPT_COPY(op, h->sock.shutdown, sk->sk_shutdown);
+ CKPT_COPY(op, h->sock.userlocks, sk->sk_userlocks);
+ CKPT_COPY(op, h->sock.no_check, sk->sk_no_check);
+ CKPT_COPY(op, h->sock.protocol, sk->sk_protocol);
+ CKPT_COPY(op, h->sock.err, sk->sk_err);
+ CKPT_COPY(op, h->sock.err_soft, sk->sk_err_soft);
+ CKPT_COPY(op, h->sock.type, sk->sk_type);
+ CKPT_COPY(op, h->sock.state, sk->sk_state);
+ CKPT_COPY(op, h->sock.backlog, sk->sk_max_ack_backlog);
+
+ if (sock_cptrst_bufopts(op, sk, h))
+ return -EINVAL;
+
+ if (CKPT_COPY_SOPT(op, sk, SO_REUSEADDR, &h->sock_common.reuse)) {
+ ckpt_err(ctx, -EINVAL, "Failed to set SO_REUSEADDR");
+
+ return -EINVAL;
+ }
+
+ if (CKPT_COPY_SOPT(op, sk, SO_PRIORITY, &h->sock.priority)) {
+ ckpt_err(ctx, -EINVAL, "Failed to set SO_PRIORITY");
+ return -EINVAL;
+ }
+
+ if (CKPT_COPY_SOPT(op, sk, SO_RCVLOWAT, &h->sock.rcvlowat)) {
+ ckpt_err(ctx, -EINVAL, "Failed to set SO_RCVLOWAT");
+ return -EINVAL;
+ }
+
+ if (CKPT_COPY_SOPT(op, sk, SO_LINGER, &h->sock.linger)) {
+ ckpt_err(ctx, -EINVAL, "Failed to set SO_LINGER");
+ return -EINVAL;
+ }
+
+ if (sock_copy_timeval(op, sk, SO_SNDTIMEO, &h->sock.sndtimeo)) {
+ ckpt_err(ctx, -EINVAL, "Failed to set SO_SNDTIMEO");
+ return -EINVAL;
+ }
+
+ if (sock_copy_timeval(op, sk, SO_RCVTIMEO, &h->sock.rcvtimeo)) {
+ ckpt_err(ctx, -EINVAL, "Failed to set SO_RCVTIMEO");
+ return -EINVAL;
+ }
+
+ if (op == CKPT_CPT) {
+ h->sock.flags = sk->sk_flags;
+ h->socket.flags = sk->sk_socket->flags;
+ } else {
+ int ret;
+ mm_segment_t old_fs;
+
+ old_fs = get_fs();
+ set_fs(KERNEL_DS);
+ ret = sock_restore_flags(sk->sk_socket, h);
+ set_fs(old_fs);
+ if (ret)
+ return ret;
+ }
+
+ if ((h->socket.state == SS_CONNECTED) &&
+ (h->sock.state != TCP_ESTABLISHED)) {
+ ckpt_err(ctx, -EINVAL, "sock/et in inconsistent state: %i/%i",
+ h->socket.state, h->sock.state);
+ return -EINVAL;
+ } else if ((h->sock.state < TCP_ESTABLISHED) ||
+ (h->sock.state >= TCP_MAX_STATES)) {
+ ckpt_err(ctx, -EINVAL,
+ "sock in invalid state: %i", h->sock.state);
+ return -EINVAL;
+ } else if (h->socket.state > SS_DISCONNECTING) {
+ ckpt_err(ctx, -EINVAL, "socket in invalid state: %i",
+ h->socket.state);
+ return -EINVAL;
+ }
+
+ if (op == CKPT_RST)
+ return sock_cptrst_verify(h);
+ else
+ return 0;
+}
+
+static int __do_sock_checkpoint(struct ckpt_ctx *ctx, struct sock *sk)
+{
+ struct socket *sock = sk->sk_socket;
+ struct ckpt_hdr_socket *h;
+ int ret;
+
+ if (!sock->ops->checkpoint) {
+ ckpt_err(ctx, -ENOSYS, "%(T)%(V)%(P)socket: proto_ops\n",
+ sock->ops, sock);
+ return -ENOSYS;
+ }
+
+ h = ckpt_hdr_get_type(ctx, sizeof(*h), CKPT_HDR_SOCKET);
+ if (!h)
+ return -ENOMEM;
+
+ /* part I: common to all sockets */
+ ret = sock_cptrst(ctx, sk, h, CKPT_CPT);
+ if (ret < 0)
+ goto out;
+
+ ret = ckpt_write_obj(ctx, (struct ckpt_hdr *) h);
+ if (ret < 0)
+ goto out;
+
+ /* part II: per socket type state */
+ ret = sock->ops->checkpoint(ctx, sock);
+ if (ret < 0)
+ goto out;
+
+ /* part III: socket buffers */
+ if ((sk->sk_state != TCP_LISTEN) && (!sock_flag(sk, SOCK_DEAD)))
+ ret = sock_defer_write_buffers(ctx, sk);
+ out:
+ ckpt_hdr_put(ctx, h);
+ return ret;
+}
+
+static int checkpoint_sock(struct ckpt_ctx *ctx, void *ptr)
+{
+ struct sock *sk = ptr;
+ struct socket *sock;
+ int ret;
+
+ if (sk->sk_socket)
+ return __do_sock_checkpoint(ctx, sk);
+
+ /* Temporarily adopt this orphan socket */
+ ret = sock_create(sk->sk_family, sk->sk_type, 0, &sock);
+ if (ret < 0)
+ return ret;
+ sock_graft(sk, sock);
+
+ ret = __do_sock_checkpoint(ctx, sk);
+
+ sock_orphan(sk);
+ sock->sk = NULL;
+ sock_release(sock);
+
+ return ret;
+}
+
+int sock_file_checkpoint(struct ckpt_ctx *ctx, struct file *file)
+{
+ struct ckpt_hdr_file_socket *h;
+ struct socket *sock = file->private_data;
+ struct sock *sk = sock->sk;
+ int ret;
+
+ h = ckpt_hdr_get_type(ctx, sizeof(*h), CKPT_HDR_FILE);
+ if (!h)
+ return -ENOMEM;
+
+ h->common.f_type = CKPT_FILE_SOCKET;
+
+ h->sock_objref = checkpoint_obj(ctx, sk, CKPT_OBJ_SOCK);
+ if (h->sock_objref < 0) {
+ ret = h->sock_objref;
+ goto out;
+ }
+
+ ret = checkpoint_file_common(ctx, file, &h->common);
+ if (ret < 0)
+ goto out;
+
+ ret = ckpt_write_obj(ctx, (struct ckpt_hdr *) h);
+ out:
+ ckpt_hdr_put(ctx, h);
+ return ret;
+}
+
+static int sock_collect_skbs(struct ckpt_ctx *ctx, struct sk_buff_head *queue)
+{
+ struct sk_buff_head tmpq;
+ struct sk_buff *skb;
+ int ret = 0;
+ int bytes;
+
+ skb_queue_head_init(&tmpq);
+
+ ret = sock_copy_buffers(queue, &tmpq, &bytes);
+ if (ret < 0)
+ return ret;
+
+ skb_queue_walk(&tmpq, skb) {
+ /* Socket buffers do not maintain a ref count on their
+ * owning sock because they're counted in sock_wmem_alloc.
+ * So, we only need to collect sockets from the queue that
+ * won't be collected any other way (i.e. DEAD sockets that
+ * are hanging around only because they're waiting for us
+ * to process their skb.
+ */
+
+ if (!ckpt_obj_lookup(ctx, skb->sk, CKPT_OBJ_SOCK) &&
+ sock_flag(skb->sk, SOCK_DEAD)) {
+ ret = ckpt_obj_collect(ctx, skb->sk, CKPT_OBJ_SOCK);
+ if (ret < 0)
+ break;
+ }
+ }
+
+ __skb_queue_purge(&tmpq);
+
+ return ret;
+}
+
+int sock_file_collect(struct ckpt_ctx *ctx, struct file *file)
+{
+ struct socket *sock = file->private_data;
+ struct sock *sk = sock->sk;
+ int ret;
+
+ ret = sock_collect_skbs(ctx, &sk->sk_write_queue);
+ if (ret < 0)
+ return ret;
+
+ ret = sock_collect_skbs(ctx, &sk->sk_receive_queue);
+ if (ret < 0)
+ return ret;
+
+ ret = ckpt_obj_collect(ctx, sk, CKPT_OBJ_SOCK);
+ if (ret < 0)
+ return ret;
+
+ if (sock->ops->collect)
+ ret = sock->ops->collect(ctx, sock);
+
+ return ret;
+}
+
+static void *restore_sock(struct ckpt_ctx *ctx)
+{
+ struct ckpt_hdr_socket *h;
+ struct socket *sock;
+ int ret;
+
+ h = ckpt_read_obj_type(ctx, sizeof(*h), CKPT_HDR_SOCKET);
+ if (IS_ERR(h))
+ return ERR_PTR(PTR_ERR(h));
+
+ /* silently clear flags, e.g. SOCK_NONBLOCK or SOCK_CLOEXEC */
+ h->sock.type &= SOCK_TYPE_MASK;
+
+ ret = sock_create(h->sock_common.family, h->sock.type,
+ h->sock.protocol, &sock);
+ if (ret < 0)
+ goto err;
+
+ if (!sock->ops->restore) {
+ ret = -EINVAL;
+ ckpt_err(ctx, ret, "proto_ops lacks restore %pS\n", sock->ops);
+ goto err;
+ }
+
+ /*
+ * part II: per socket type state
+ * (also takes care of part III: socket buffer)
+ */
+ ret = sock->ops->restore(ctx, sock, h);
+ if (ret < 0)
+ goto err;
+
+ /* part I: common to all sockets */
+ ret = sock_cptrst(ctx, sock->sk, h, CKPT_RST);
+ if (ret < 0)
+ goto err;
+
+ ckpt_hdr_put(ctx, h);
+ return sock->sk;
+ err:
+ ckpt_hdr_put(ctx, h);
+ sock_release(sock);
+ return ERR_PTR(ret);
+}
+
+struct file *sock_file_restore(struct ckpt_ctx *ctx, struct ckpt_hdr_file *ptr)
+{
+ struct ckpt_hdr_file_socket *h = (struct ckpt_hdr_file_socket *)ptr;
+ struct sock *sk;
+ struct file *file;
+ int fd, ret;
+
+ if (ptr->h.type != CKPT_HDR_FILE || ptr->f_type != CKPT_FILE_SOCKET)
+ return ERR_PTR(-EINVAL);
+
+ sk = ckpt_obj_fetch(ctx, h->sock_objref, CKPT_OBJ_SOCK);
+ if (IS_ERR(sk))
+ return ERR_PTR(PTR_ERR(sk));
+
+ fd = sock_alloc_file(sk->sk_socket, &file, O_RDWR);
+ if (fd < 0)
+ return ERR_PTR(fd);
+ put_unused_fd(fd); /* We'll let the checkpoint code re-allocate this */
+
+ /* Since objhash assumes the initial reference for a socket,
+ * we bump it here for this descriptor, unlike other places in
+ * the socket code which assume the descriptor is the owner.
+ */
+ sock_hold(sk);
+
+ ret = restore_file_common(ctx, file, ptr);
+ if (ret < 0) {
+ fput(file);
+ return ERR_PTR(ret);
+ }
+
+ return file;
+}
+
+/*
+ * sock-related checkpoint objects
+ */
+
+static int obj_sock_grab(void *ptr)
+{
+ sock_hold((struct sock *) ptr);
+ return 0;
+}
+
+static void obj_sock_drop(void *ptr, int lastref)
+{
+ struct sock *sk = (struct sock *) ptr;
+
+ /*
+ * Sockets created during restart are graft()ed, i.e. have a
+ * valid @sk->sk_socket. Because only an fput() results in the
+ * necessary sock_release(), we may leak the struct socket of
+ * sockets that were not attached to a file. Therefore, if
+ * @lastref is set, we hereby invoke sock_release() on sockets
+ * that we have put into the objhash but were never attached
+ * to a file.
+ */
+ if (lastref && sk->sk_socket && !sk->sk_socket->file) {
+ struct socket *sock = sk->sk_socket;
+ sock_orphan(sk);
+ sock->sk = NULL;
+ sock_release(sock);
+ }
+
+ sock_put((struct sock *) ptr);
+}
+
+static int obj_sock_users(void *ptr)
+{
+ return atomic_read(&((struct sock *) ptr)->sk_refcnt);
+}
+
+/* sock object */
+static const struct ckpt_obj_ops ckpt_obj_sock_ops = {
+ .obj_name = "SOCKET",
+ .obj_type = CKPT_OBJ_SOCK,
+ .ref_drop = obj_sock_drop,
+ .ref_grab = obj_sock_grab,
+ .ref_users = obj_sock_users,
+ .checkpoint = checkpoint_sock,
+ .restore = restore_sock,
+};
+
+static int __init checkpoint_register_sock(void)
+{
+ return register_checkpoint_obj(&ckpt_obj_sock_ops);
+}
+module_init(checkpoint_register_sock);
diff --git a/net/socket.c b/net/socket.c
index b9f421b..da2864f 100644
--- a/net/socket.c
+++ b/net/socket.c
@@ -148,6 +148,10 @@ static const struct file_operations socket_file_ops = {
.sendpage = sock_sendpage,
.splice_write = generic_splice_sendpage,
.splice_read = sock_splice_read,
+#ifdef CONFIG_CHECKPOINT
+ .checkpoint = sock_file_checkpoint,
+ .collect = sock_file_collect,
+#endif
};
/*
@@ -343,7 +347,7 @@ static const struct dentry_operations sockfs_dentry_operations = {
* but we take care of internal coherence yet.
*/
-static int sock_alloc_file(struct socket *sock, struct file **f, int flags)
+int sock_alloc_file(struct socket *sock, struct file **f, int flags)
{
struct qstr name = { .name = "" };
struct path path;
diff --git a/net/unix/Makefile b/net/unix/Makefile
index b852a2b..fbff1e6 100644
--- a/net/unix/Makefile
+++ b/net/unix/Makefile
@@ -6,3 +6,4 @@ obj-$(CONFIG_UNIX) += unix.o
unix-y := af_unix.o garbage.o
unix-$(CONFIG_SYSCTL) += sysctl_net_unix.o
+unix-$(CONFIG_CHECKPOINT) += checkpoint.o
diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
index 3d9122e..a7d0cff 100644
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c
@@ -523,6 +523,9 @@ static const struct proto_ops unix_stream_ops = {
.recvmsg = unix_stream_recvmsg,
.mmap = sock_no_mmap,
.sendpage = sock_no_sendpage,
+ .checkpoint = unix_checkpoint,
+ .restore = unix_restore,
+ .collect = unix_collect,
};
static const struct proto_ops unix_dgram_ops = {
@@ -544,6 +547,9 @@ static const struct proto_ops unix_dgram_ops = {
.recvmsg = unix_dgram_recvmsg,
.mmap = sock_no_mmap,
.sendpage = sock_no_sendpage,
+ .checkpoint = unix_checkpoint,
+ .restore = unix_restore,
+ .collect = unix_collect,
};
static const struct proto_ops unix_seqpacket_ops = {
@@ -565,6 +571,9 @@ static const struct proto_ops unix_seqpacket_ops = {
.recvmsg = unix_dgram_recvmsg,
.mmap = sock_no_mmap,
.sendpage = sock_no_sendpage,
+ .checkpoint = unix_checkpoint,
+ .restore = unix_restore,
+ .collect = unix_collect,
};
static struct proto unix_proto = {
diff --git a/net/unix/checkpoint.c b/net/unix/checkpoint.c
new file mode 100644
index 0000000..c90a497
--- /dev/null
+++ b/net/unix/checkpoint.c
@@ -0,0 +1,646 @@
+#include <linux/namei.h>
+#include <linux/file.h>
+#include <linux/fs_struct.h>
+#include <linux/deferqueue.h>
+#include <linux/checkpoint.h>
+#include <linux/user.h>
+#include <net/af_unix.h>
+#include <net/tcp_states.h>
+
+struct dq_join {
+ struct ckpt_ctx *ctx;
+ int src_objref;
+ int dst_objref;
+};
+
+struct dq_buffers {
+ struct ckpt_ctx *ctx;
+ int sk_objref; /* objref of the socket these buffers belong to */
+};
+
+#define UNIX_ADDR_EMPTY(a) (a <= sizeof(short))
+
+static inline int unix_need_cwd(struct sockaddr_un *addr, unsigned long len)
+{
+ return (!UNIX_ADDR_EMPTY(len)) &&
+ addr->sun_path[0] &&
+ (addr->sun_path[0] != '/');
+}
+
+static int unix_join(struct sock *src, struct sock *dst)
+{
+ if (unix_sk(src)->peer != NULL)
+ return 0; /* We're second */
+
+ sock_hold(dst);
+ unix_sk(src)->peer = dst;
+
+ return 0;
+
+}
+
+static int unix_deferred_join(void *data)
+{
+ struct dq_join *dq = (struct dq_join *)data;
+ struct ckpt_ctx *ctx = dq->ctx;
+ struct sock *src;
+ struct sock *dst;
+
+ src = ckpt_obj_fetch(ctx, dq->src_objref, CKPT_OBJ_SOCK);
+ if (!src) {
+ ckpt_err(ctx, -EINVAL, "%(O)Bad src sock\n", dq->src_objref);
+ return -EINVAL;
+ }
+
+ dst = ckpt_obj_fetch(ctx, dq->dst_objref, CKPT_OBJ_SOCK);
+ if (!dst) {
+ ckpt_err(ctx, -EINVAL, "%(O)Bad dst sock\n", dq->dst_objref);
+ return -EINVAL;
+ }
+
+ return unix_join(src, dst);
+}
+
+static int unix_defer_join(struct ckpt_ctx *ctx,
+ int src_objref,
+ int dst_objref)
+{
+ struct dq_join dq;
+
+ dq.ctx = ctx;
+ dq.src_objref = src_objref;
+ dq.dst_objref = dst_objref;
+
+ /* NB: This is safe to do inside deferqueue_run() since it uses
+ * list_for_each_safe()
+ */
+ return deferqueue_add(ctx->files_deferq, &dq, sizeof(dq),
+ unix_deferred_join, NULL);
+}
+
+static int unix_write_cwd(struct ckpt_ctx *ctx,
+ struct sock *sk, const char *sockpath)
+{
+ struct path path;
+ char *buf;
+ char *fqpath;
+ int offset;
+ int len = PATH_MAX;
+ int ret = -ENOENT;
+
+ buf = kmalloc(len, GFP_KERNEL);
+ if (!buf)
+ return -ENOMEM;
+
+ path.dentry = unix_sk(sk)->dentry;
+ path.mnt = unix_sk(sk)->mnt;
+
+ fqpath = ckpt_fill_fname(&path, &ctx->root_fs_path, buf, &len);
+ if (IS_ERR(fqpath)) {
+ ret = PTR_ERR(fqpath);
+ goto out;
+ }
+
+ offset = strlen(fqpath) - strlen(sockpath);
+ if (offset <= 0) {
+ ret = -EINVAL;
+ goto out;
+ }
+
+ fqpath[offset] = '\0';
+
+ ckpt_debug("writing socket directory: %s\n", fqpath);
+ ret = ckpt_write_string(ctx, fqpath, offset + 1);
+ out:
+ kfree(buf);
+ return ret;
+}
+
+int unix_checkpoint(struct ckpt_ctx *ctx, struct socket *sock)
+{
+ struct unix_sock *sk = unix_sk(sock->sk);
+ struct ckpt_hdr_socket_unix *un;
+ int new;
+ int ret = -ENOMEM;
+
+ if ((sock->sk->sk_state == TCP_LISTEN) &&
+ !skb_queue_empty(&sock->sk->sk_receive_queue)) {
+ ckpt_err(ctx, -EBUSY,
+ "%(T)%(E)%(P)af_unix: listen with pending peers\n",
+ sock);
+ return -EBUSY;
+ }
+
+ un = ckpt_hdr_get_type(ctx, sizeof(*un), CKPT_HDR_SOCKET_UNIX);
+ if (!un)
+ return -EINVAL;
+
+ ret = ckpt_sock_getnames(ctx, sock,
+ (struct sockaddr *)&un->laddr, &un->laddr_len,
+ (struct sockaddr *)&un->raddr, &un->raddr_len);
+ if (ret)
+ goto out;
+
+ if (sk->dentry && (sk->dentry->d_inode->i_nlink > 0))
+ un->flags |= CKPT_UNIX_LINKED;
+
+ un->this = ckpt_obj_lookup_add(ctx, sk, CKPT_OBJ_SOCK, &new);
+ if (un->this < 0)
+ goto out;
+
+ if (sk->peer)
+ un->peer = checkpoint_obj(ctx, sk->peer, CKPT_OBJ_SOCK);
+ else
+ un->peer = 0;
+
+ if (un->peer < 0) {
+ ret = un->peer;
+ goto out;
+ }
+
+ un->peercred_uid = sock->sk->sk_peercred.uid;
+ un->peercred_gid = sock->sk->sk_peercred.gid;
+
+ ret = ckpt_write_obj(ctx, (struct ckpt_hdr *) un);
+ if (ret < 0)
+ goto out;
+
+ if (unix_need_cwd(&un->laddr, un->laddr_len))
+ ret = unix_write_cwd(ctx, sock->sk, un->laddr.sun_path);
+ out:
+ ckpt_hdr_put(ctx, un);
+
+ return ret;
+}
+
+int unix_collect(struct ckpt_ctx *ctx, struct socket *sock)
+{
+ struct unix_sock *sk = unix_sk(sock->sk);
+ int ret;
+
+ ret = ckpt_obj_collect(ctx, sock->sk, CKPT_OBJ_SOCK);
+ if (ret < 0)
+ return ret;
+
+ if (sk->peer)
+ ret = ckpt_obj_collect(ctx, sk->peer, CKPT_OBJ_SOCK);
+
+ return 0;
+}
+
+static int sock_read_buffer_sendmsg(struct ckpt_ctx *ctx,
+ struct sockaddr *addr,
+ unsigned int addrlen)
+{
+ struct ckpt_hdr_socket_buffer *h;
+ struct sock *sk;
+ struct msghdr msg;
+ struct kvec kvec;
+ uint8_t sock_shutdown;
+ uint8_t peer_shutdown = 0;
+ void *buf = NULL;
+ int sndbuf;
+ int ret;
+
+ memset(&msg, 0, sizeof(msg));
+
+ h = ckpt_read_obj_type(ctx, sizeof(*h), CKPT_HDR_SOCKET_BUFFER);
+ if (IS_ERR(h))
+ return PTR_ERR(h);
+
+ ret = -EINVAL;
+ if (h->lin_len > SKB_MAX_ALLOC) {
+ ckpt_err(ctx, ret, "socket buffer too big (%u > %lu)\n",
+ h->lin_len, SKB_MAX_ALLOC);
+ goto out;
+ } else if (h->nr_frags != 0) {
+ ckpt_err(ctx, ret, "unix socket claims to have fragments\n");
+ goto out;
+ }
+
+ buf = kmalloc(h->lin_len, GFP_KERNEL);
+ if (!buf) {
+ ret = -ENOMEM;
+ goto out;
+ }
+
+ kvec.iov_len = h->lin_len;
+ kvec.iov_base = buf;
+ ret = _ckpt_read_obj_type(ctx, kvec.iov_base,
+ h->lin_len, CKPT_HDR_BUFFER);
+ ckpt_debug("read unix socket buffer %u: %i\n", h->lin_len, ret);
+ if (ret < h->lin_len) {
+ ret = -EINVAL;
+ goto out;
+ }
+
+ sk = ckpt_obj_fetch(ctx, h->sk_objref, CKPT_OBJ_SOCK);
+ if (IS_ERR(sk)) {
+ ret = PTR_ERR(sk);
+ goto out;
+ }
+
+ /* If we don't have a destination or a peer and we know the
+ * destination of this skb, then we must need to join with our
+ * peer
+ */
+ if (!addrlen && !unix_sk(sk)->peer) {
+ struct sock *pr;
+ pr = ckpt_obj_fetch(ctx, h->pr_objref, CKPT_OBJ_SOCK);
+ if (IS_ERR(pr)) {
+ ret = PTR_ERR(pr);
+ ckpt_err(ctx, ret, "Failed to fetch peer\n");
+ goto out;
+ }
+ ret = unix_join(sk, pr);
+ if (ret < 0) {
+ ckpt_err(ctx, ret, "Failed to join sockets\n");
+ goto out;
+ }
+ }
+
+ msg.msg_name = addr;
+ msg.msg_namelen = addrlen;
+
+ /* If peer is shutdown, unshutdown it for this process */
+ sock_shutdown = sk->sk_shutdown;
+ sk->sk_shutdown &= ~SHUTDOWN_MASK;
+
+ /* Unshutdown peer too, if necessary */
+ if (unix_sk(sk)->peer) {
+ peer_shutdown = unix_sk(sk)->peer->sk_shutdown;
+ unix_sk(sk)->peer->sk_shutdown &= ~SHUTDOWN_MASK;
+ }
+
+ /* Make sure there's room in the send buffer: Worst case, we
+ * give them the benefit of the doubt and set the buffer limit
+ * to the system default. This should cover the case where
+ * the user set the limit low after loading up the buffer.
+ *
+ * However, if there isn't room in the buffer and the system
+ * default won't accommodate them either, then increase the
+ * limit as needed, only if they have CAP_NET_ADMIN.
+ */
+ sndbuf = sk->sk_sndbuf;
+ if (((sk->sk_sndbuf - atomic_read(&sk->sk_wmem_alloc)) < h->lin_len) &&
+ (h->lin_len > sysctl_wmem_max) &&
+ capable(CAP_NET_ADMIN))
+ sk->sk_sndbuf += h->lin_len;
+ else
+ sk->sk_sndbuf = sysctl_wmem_max;
+
+ ret = kernel_sendmsg(sk->sk_socket, &msg, &kvec, 1, h->lin_len);
+ ckpt_debug("kernel_sendmsg(%i,%u): %i\n",
+ h->sk_objref, h->lin_len, ret);
+ if ((ret > 0) && (ret != h->lin_len))
+ ret = -ENOMEM;
+
+ sk->sk_sndbuf = sndbuf;
+ sk->sk_shutdown = sock_shutdown;
+ if (peer_shutdown)
+ unix_sk(sk)->peer->sk_shutdown = peer_shutdown;
+ out:
+ ckpt_hdr_put(ctx, h);
+ kfree(buf);
+ return ret;
+}
+
+static int unix_read_buffers(struct ckpt_ctx *ctx,
+ struct sockaddr *addr,
+ unsigned int addrlen)
+{
+ struct ckpt_hdr_socket_queue *h;
+ int ret = 0;
+ int i;
+
+ h = ckpt_read_obj_type(ctx, sizeof(*h), CKPT_HDR_SOCKET_QUEUE);
+ if (IS_ERR(h))
+ return PTR_ERR(h);
+
+ for (i = 0; i < h->skb_count; i++) {
+ ret = sock_read_buffer_sendmsg(ctx, addr, addrlen);
+ ckpt_debug("read_buffer_sendmsg(%i): %i\n", i, ret);
+ if (ret < 0)
+ goto out;
+
+ if (ret > h->total_bytes) {
+ ret = -EINVAL;
+ ckpt_err(ctx, ret, "Buffers exceeded claim");
+ goto out;
+ }
+
+ h->total_bytes -= ret;
+ }
+
+ ret = h->skb_count;
+ out:
+ ckpt_hdr_put(ctx, h);
+ return ret;
+}
+
+static int unix_deferred_restore_buffers(void *data)
+{
+ struct dq_buffers *dq = (struct dq_buffers *)data;
+ struct ckpt_ctx *ctx = dq->ctx;
+ struct sock *sk;
+ struct sockaddr *addr = NULL;
+ unsigned int addrlen = 0;
+ int ret;
+
+ sk = ckpt_obj_fetch(ctx, dq->sk_objref, CKPT_OBJ_SOCK);
+ if (!sk) {
+ ckpt_err(ctx, -EINVAL, "%(O) missing sock\n", dq->sk_objref);
+ return -EINVAL;
+ }
+
+ if ((sk->sk_type == SOCK_DGRAM) && (unix_sk(sk)->addr != NULL)) {
+ addr = (struct sockaddr *)&unix_sk(sk)->addr->name;
+ addrlen = unix_sk(sk)->addr->len;
+ }
+
+ ret = unix_read_buffers(ctx, addr, addrlen);
+ ckpt_debug("read recv buffers: %i\n", ret);
+ if (ret < 0)
+ return ret;
+
+ ret = unix_read_buffers(ctx, addr, addrlen);
+ ckpt_debug("read send buffers: %i\n", ret);
+ if (ret > 0)
+ ret = -EINVAL; /* No send buffers for UNIX sockets */
+
+ return ret;
+}
+
+static int unix_defer_restore_buffers(struct ckpt_ctx *ctx, int sk_objref)
+{
+ struct dq_buffers dq;
+
+ dq.ctx = ctx;
+ dq.sk_objref = sk_objref;
+
+ /* NB: This is safe to do inside deferqueue_run() since it uses
+ * list_for_each_safe()
+ */
+ return deferqueue_add(ctx->files_deferq, &dq, sizeof(dq),
+ unix_deferred_restore_buffers, NULL);
+}
+
+static struct unix_address *unix_makeaddr(struct sockaddr_un *sun_addr,
+ unsigned len)
+{
+ struct unix_address *addr;
+
+ if (len > sizeof(struct sockaddr_un))
+ return ERR_PTR(-EINVAL);
+
+ addr = kmalloc(sizeof(*addr) + len, GFP_KERNEL);
+ if (!addr)
+ return ERR_PTR(-ENOMEM);
+
+ memcpy(addr->name, sun_addr, len);
+ addr->len = len;
+ atomic_set(&addr->refcnt, 1);
+
+ return addr;
+}
+
+static int unix_restore_connected(struct ckpt_ctx *ctx,
+ struct ckpt_hdr_socket *h,
+ struct ckpt_hdr_socket_unix *un,
+ struct socket *sock)
+{
+ struct sock *sk = sock->sk;
+ struct sockaddr *addr = NULL;
+ unsigned long flags = h->sock.flags;
+ unsigned int addrlen = 0;
+ int dead = test_bit(SOCK_DEAD, &flags);
+ int ret = 0;
+
+
+ if (un->peer == 0) {
+ /* These get propagated to the msghdr, so only set them
+ * if we're not connected to a peer, else we'll get an error
+ * when we sendmsg()
+ */
+ addr = (struct sockaddr *)&un->laddr;
+ addrlen = un->laddr_len;
+ }
+
+ sk->sk_peercred.pid = task_tgid_vnr(current);
+
+ if (may_setuid(ctx->realcred->user->user_ns, un->peercred_uid) &&
+ may_setgid(un->peercred_gid)) {
+ sk->sk_peercred.uid = un->peercred_uid;
+ sk->sk_peercred.gid = un->peercred_gid;
+ } else {
+ ckpt_err(ctx, -EPERM, "peercred %i:%i would require setuid",
+ un->peercred_uid, un->peercred_gid);
+ return -EPERM;
+ }
+
+ if (!dead && (un->peer > 0)) {
+ ret = unix_defer_join(ctx, un->this, un->peer);
+ ckpt_debug("unix_defer_join: %i\n", ret);
+ }
+
+ if (!dead && !ret)
+ ret = unix_defer_restore_buffers(ctx, un->this);
+
+ return ret;
+}
+
+static int unix_unlink(const char *name)
+{
+ struct path spath;
+ struct path ppath;
+ int ret;
+
+ ret = kern_path(name, 0, &spath);
+ if (ret)
+ return ret;
+
+ ret = kern_path(name, LOOKUP_PARENT, &ppath);
+ if (ret)
+ goto out_s;
+
+ if (!spath.dentry) {
+ ckpt_debug("No dentry found for %s\n", name);
+ ret = -ENOENT;
+ goto out_p;
+ }
+
+ if (!ppath.dentry || !ppath.dentry->d_inode) {
+ ckpt_debug("No inode for parent of %s\n", name);
+ ret = -ENOENT;
+ goto out_p;
+ }
+
+ ret = vfs_unlink(ppath.dentry->d_inode, spath.dentry);
+ out_p:
+ path_put(&ppath);
+ out_s:
+ path_put(&spath);
+
+ return ret;
+}
+
+/* Call bind() for socket, optionally changing (temporarily) to @path first
+ * if non-NULL
+ */
+static int unix_chdir_and_bind(struct socket *sock,
+ const char *path,
+ struct sockaddr *addr,
+ unsigned long addrlen)
+{
+ struct sockaddr_un *un = (struct sockaddr_un *)addr;
+ struct path cur = { .mnt = NULL, .dentry = NULL };
+ struct path dir = { .mnt = NULL, .dentry = NULL };
+ int ret;
+
+ if (path) {
+ ckpt_debug("switching to cwd %s for unix bind", path);
+
+ ret = kern_path(path, 0, &dir);
+ if (ret)
+ return ret;
+
+ ret = inode_permission(dir.dentry->d_inode,
+ MAY_EXEC | MAY_ACCESS);
+ if (ret)
+ goto out;
+
+ write_lock(¤t->fs->lock);
+ cur = current->fs->pwd;
+ current->fs->pwd = dir;
+ write_unlock(¤t->fs->lock);
+ }
+
+ ret = unix_unlink(un->sun_path);
+ ckpt_debug("unlink(%s): %i\n", un->sun_path, ret);
+ if ((ret == 0) || (ret == -ENOENT))
+ ret = sock_bind(sock, addr, addrlen);
+
+ if (path) {
+ write_lock(¤t->fs->lock);
+ current->fs->pwd = cur;
+ write_unlock(¤t->fs->lock);
+ }
+ out:
+ if (path)
+ path_put(&dir);
+
+ return ret;
+}
+
+static int unix_fakebind(struct socket *sock,
+ struct sockaddr_un *addr, unsigned long len)
+{
+ struct unix_address *uaddr;
+
+ uaddr = unix_makeaddr(addr, len);
+ if (IS_ERR(uaddr))
+ return PTR_ERR(uaddr);
+
+ unix_sk(sock->sk)->addr = uaddr;
+
+ return 0;
+}
+
+static int unix_restore_bind(struct ckpt_hdr_socket *h,
+ struct ckpt_hdr_socket_unix *un,
+ struct socket *sock,
+ const char *path)
+{
+ struct sockaddr *addr = (struct sockaddr *)&un->laddr;
+ unsigned long len = un->laddr_len;
+ unsigned long flags = h->sock.flags;
+ int dead = test_bit(SOCK_DEAD, &flags);
+
+ if (dead)
+ return unix_fakebind(sock, &un->laddr, len);
+ else if (!un->laddr.sun_path[0])
+ return sock_bind(sock, addr, len);
+ else if (!(un->flags & CKPT_UNIX_LINKED))
+ return unix_fakebind(sock, &un->laddr, len);
+ else
+ return unix_chdir_and_bind(sock, path, addr, len);
+}
+
+/* Some easy pre-flight checks before we get underway */
+static int unix_precheck(struct socket *sock, struct ckpt_hdr_socket *h)
+{
+ struct net *net = sock_net(sock->sk);
+ unsigned long sk_flags = h->sock.flags;
+
+ if ((h->socket.state == SS_CONNECTING) ||
+ (h->socket.state == SS_DISCONNECTING) ||
+ (h->socket.state == SS_FREE)) {
+ ckpt_debug("AF_UNIX socket can't be SS_(DIS)CONNECTING");
+ return -EINVAL;
+ }
+
+ /* AF_UNIX overloads the backlog setting to define the maximum
+ * queue length for DGRAM sockets. Make sure we don't let the
+ * caller exceed that value on restart.
+ */
+ if ((h->sock.type == SOCK_DGRAM) &&
+ (h->sock.backlog > net->unx.sysctl_max_dgram_qlen)) {
+ ckpt_debug("DGRAM backlog of %i exceeds system max of %i\n",
+ h->sock.backlog, net->unx.sysctl_max_dgram_qlen);
+ return -EINVAL;
+ }
+
+ if (test_bit(SOCK_USE_WRITE_QUEUE, &sk_flags)) {
+ ckpt_debug("AF_UNIX socket has SOCK_USE_WRITE_QUEUE set");
+ return -EINVAL;
+ }
+
+ return 0;
+}
+
+int unix_restore(struct ckpt_ctx *ctx, struct socket *sock,
+ struct ckpt_hdr_socket *h)
+
+{
+ struct ckpt_hdr_socket_unix *un;
+ int ret = -EINVAL;
+ char *cwd = NULL;
+
+ ret = unix_precheck(sock, h);
+ if (ret)
+ return ret;
+
+ un = ckpt_read_obj_type(ctx, sizeof(*un), CKPT_HDR_SOCKET_UNIX);
+ if (IS_ERR(un))
+ return PTR_ERR(un);
+
+ if (un->peer < 0)
+ goto out;
+
+ if (unix_need_cwd(&un->laddr, un->laddr_len)) {
+ cwd = ckpt_read_string(ctx, PATH_MAX);
+ if (IS_ERR(cwd)) {
+ ret = PTR_ERR(cwd);
+ goto out;
+ }
+ }
+
+ if ((h->sock.state != TCP_ESTABLISHED) &&
+ !UNIX_ADDR_EMPTY(un->laddr_len)) {
+ ret = unix_restore_bind(h, un, sock, cwd);
+ if (ret)
+ goto out;
+ }
+
+ if ((h->sock.state == TCP_ESTABLISHED) || (h->sock.state == TCP_CLOSE))
+ ret = unix_restore_connected(ctx, h, un, sock);
+ else if (h->sock.state == TCP_LISTEN)
+ ret = sock->ops->listen(sock, h->sock.backlog);
+ else
+ ckpt_err(ctx, ret, "bad af_unix state %i\n", h->sock.state);
+
+ out:
+ ckpt_hdr_put(ctx, un);
+ kfree(cwd);
+ return ret;
+}
--
1.6.3.3
^ permalink raw reply related [flat|nested] 137+ messages in thread* [PATCH v21 074/100] c/r: add support for listening INET sockets (v2)
2010-05-01 14:14 [PATCH v21 00/100] Kernel based checkpoint/restart Oren Laadan
` (72 preceding siblings ...)
2010-05-01 14:15 ` [PATCH v21 073/100] c/r: Add AF_UNIX support (v12) Oren Laadan
@ 2010-05-01 14:15 ` Oren Laadan
2010-05-01 14:15 ` [PATCH v21 075/100] c/r: add support for connected INET sockets (v5) Oren Laadan
` (27 subsequent siblings)
101 siblings, 0 replies; 137+ messages in thread
From: Oren Laadan @ 2010-05-01 14:15 UTC (permalink / raw)
To: Andrew Morton
Cc: containers, linux-kernel, Serge Hallyn, Matt Helsley,
Pavel Emelyanov, Dan Smith, netdev, Andrew Morton
From: Dan Smith <danms@us.ibm.com>
This is an incremental step towards supporting checkpoint/restart on
AF_INET sockets. In this scenario, any sockets that were in TCP_LISTEN
state are restored as they were. Any that were connected are forced to
TCP_CLOSE. This should cover a range of use cases that involve
applications that are tolerant of such an interruption.
Changelog [v21]:
- Do not include checkpoint_hdr.h explicitly
Changelog [v19-rc1]:
- [Matt Helsley] Add cpp definitions for enums
Changes in v2:
- Fix whitespace
- Fix return in inet_checkpoint() on failed ckpt_hdr_get_type()
- Fix garbage free on error path of inet_read_buffer()
- Fix unnecessary ret=0 in inet_read_buffers()
- Add inet_precheck() (like unix) to validate the address lengths (and
more later)
Cc: netdev@vger.kernel.org
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Dan Smith <danms@us.ibm.com>
Acked-by: Oren Laadan <orenl@cs.columbia.edu>
Acked-by: Serge E. Hallyn <serue@us.ibm.com>
Tested-by: Serge E. Hallyn <serue@us.ibm.com>
---
Documentation/checkpoint/readme.txt | 21 ++++
include/linux/checkpoint_hdr.h | 15 +++
include/net/inet_common.h | 13 +++
net/checkpoint.c | 9 ++
net/ipv4/Makefile | 1 +
net/ipv4/af_inet.c | 6 +
net/ipv4/checkpoint.c | 189 +++++++++++++++++++++++++++++++++++
7 files changed, 254 insertions(+), 0 deletions(-)
create mode 100644 net/ipv4/checkpoint.c
diff --git a/Documentation/checkpoint/readme.txt b/Documentation/checkpoint/readme.txt
index 4fa5560..2548bb4 100644
--- a/Documentation/checkpoint/readme.txt
+++ b/Documentation/checkpoint/readme.txt
@@ -344,6 +344,27 @@ we will be forced to more carefully review each of those features.
However, this can be controlled with a sysctl-variable.
+Sockets
+=======
+
+For AF_UNIX sockets, both endpoints must be within the checkpointed
+task set to maintain a connected state after restart. UNIX sockets
+that are in the process of passing a descriptor will cause the
+checkpoint to fail with -EBUSY indicating a transient state that
+cannot be checkpointed. Listening sockets with an unaccepted peer
+will also cause an -EBUSY result.
+
+AF_INET sockets with endpoints outside the checkpointed task set may
+remain open if care is taken to avoid TCP timeouts and resets.
+Careful use of a virtual IP address can help avoid emission of an RST
+to the non-checkpointed endpoint. If desired, the
+RESTART_SOCK_LISTENONLY flag may be passed to the restart syscall
+which will cause all connected AF_INET sockets to be closed during the
+restore process. Listening sockets will still be restored to their
+original state, which makes this mode a candidate for something like
+an HTTP server.
+
+
Kernel interfaces
=================
diff --git a/include/linux/checkpoint_hdr.h b/include/linux/checkpoint_hdr.h
index 2be2d2c..07934ee 100644
--- a/include/linux/checkpoint_hdr.h
+++ b/include/linux/checkpoint_hdr.h
@@ -14,6 +14,7 @@
#include <linux/types.h>
#include <linux/socket.h>
#include <linux/un.h>
+#include <linux/in.h>
#ifndef CONFIG_CHECKPOINT
#error linux/checkpoint_hdr.h included directly (without CONFIG_CHECKPOINT)
@@ -21,10 +22,14 @@
#else /* __KERNEL__ */
+#else
+
#include <sys/types.h>
#include <linux/types.h>
#include <sys/socket.h>
#include <sys/un.h>
+#include <sys/un.h>
+#include <netinet/in.h>
#endif
@@ -159,6 +164,8 @@ enum {
#define CKPT_HDR_SOCKET_FRAG CKPT_HDR_SOCKET_FRAG
CKPT_HDR_SOCKET_UNIX,
#define CKPT_HDR_SOCKET_UNIX CKPT_HDR_SOCKET_UNIX
+ CKPT_HDR_SOCKET_INET,
+#define CKPT_HDR_SOCKET_INET CKPT_HDR_SOCKET_INET
CKPT_HDR_TAIL = 9001,
#define CKPT_HDR_TAIL CKPT_HDR_TAIL
@@ -577,6 +584,14 @@ struct ckpt_hdr_socket_unix {
struct sockaddr_un raddr;
} __attribute__ ((aligned(8)));
+struct ckpt_hdr_socket_inet {
+ struct ckpt_hdr h;
+ __u32 laddr_len;
+ __u32 raddr_len;
+ struct sockaddr_in laddr;
+ struct sockaddr_in raddr;
+} __attribute__((aligned(8)));
+
struct ckpt_hdr_file_socket {
struct ckpt_hdr_file common;
__s32 sock_objref;
diff --git a/include/net/inet_common.h b/include/net/inet_common.h
index 18c7732..bf04e6e 100644
--- a/include/net/inet_common.h
+++ b/include/net/inet_common.h
@@ -45,6 +45,19 @@ extern int inet_ctl_sock_create(struct sock **sk,
unsigned char protocol,
struct net *net);
+#ifdef CONFIG_CHECKPOINT
+struct ckpt_ctx;
+struct ckpt_hdr_socket;
+extern int inet_checkpoint(struct ckpt_ctx *ctx, struct socket *sock);
+extern int inet_collect(struct ckpt_ctx *ctx, struct socket *sock);
+extern int inet_restore(struct ckpt_ctx *cftx, struct socket *sock,
+ struct ckpt_hdr_socket *h);
+#else
+#define inet_checkpoint NULL
+#define inet_collect NULL
+#define inet_restore NULL
+#endif /* CONFIG_CHECKPOINT */
+
static inline void inet_ctl_sock_destroy(struct sock *sk)
{
sk_release_kernel(sk);
diff --git a/net/checkpoint.c b/net/checkpoint.c
index 9116d7a..d972044 100644
--- a/net/checkpoint.c
+++ b/net/checkpoint.c
@@ -930,6 +930,15 @@ static void *restore_sock(struct ckpt_ctx *ctx)
if (ret < 0)
goto err;
+ if ((h->sock_common.family == AF_INET) &&
+ (h->sock.state != TCP_LISTEN)) {
+ /* Temporary hack to enable restore of TCP_LISTEN sockets
+ * while forcing anything else to a closed state
+ */
+ sock->sk->sk_state = TCP_CLOSE;
+ sock->state = SS_UNCONNECTED;
+ }
+
ckpt_hdr_put(ctx, h);
return sock->sk;
err:
diff --git a/net/ipv4/Makefile b/net/ipv4/Makefile
index 80ff87c..c00d8ce 100644
--- a/net/ipv4/Makefile
+++ b/net/ipv4/Makefile
@@ -49,6 +49,7 @@ obj-$(CONFIG_TCP_CONG_LP) += tcp_lp.o
obj-$(CONFIG_TCP_CONG_YEAH) += tcp_yeah.o
obj-$(CONFIG_TCP_CONG_ILLINOIS) += tcp_illinois.o
obj-$(CONFIG_NETLABEL) += cipso_ipv4.o
+obj-$(CONFIG_CHECKPOINT) += checkpoint.o
obj-$(CONFIG_XFRM) += xfrm4_policy.o xfrm4_state.o xfrm4_input.o \
xfrm4_output.o
diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c
index f713574..8b7d3dd 100644
--- a/net/ipv4/af_inet.c
+++ b/net/ipv4/af_inet.c
@@ -876,6 +876,9 @@ const struct proto_ops inet_stream_ops = {
.mmap = sock_no_mmap,
.sendpage = tcp_sendpage,
.splice_read = tcp_splice_read,
+ .checkpoint = inet_checkpoint,
+ .restore = inet_restore,
+ .collect = inet_collect,
#ifdef CONFIG_COMPAT
.compat_setsockopt = compat_sock_common_setsockopt,
.compat_getsockopt = compat_sock_common_getsockopt,
@@ -902,6 +905,9 @@ const struct proto_ops inet_dgram_ops = {
.recvmsg = sock_common_recvmsg,
.mmap = sock_no_mmap,
.sendpage = inet_sendpage,
+ .checkpoint = inet_checkpoint,
+ .restore = inet_restore,
+ .collect = inet_collect,
#ifdef CONFIG_COMPAT
.compat_setsockopt = compat_sock_common_setsockopt,
.compat_getsockopt = compat_sock_common_getsockopt,
diff --git a/net/ipv4/checkpoint.c b/net/ipv4/checkpoint.c
new file mode 100644
index 0000000..0b62a15
--- /dev/null
+++ b/net/ipv4/checkpoint.c
@@ -0,0 +1,189 @@
+/*
+ * Copyright 2009 IBM Corporation
+ *
+ * Author(s): Dan Smith <danms@us.ibm.com>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation, version 2 of the
+ * License.
+ */
+
+#include <linux/namei.h>
+#include <linux/tcp.h>
+#include <linux/in.h>
+#include <linux/deferqueue.h>
+#include <linux/checkpoint.h>
+#include <net/tcp_states.h>
+#include <net/tcp.h>
+
+struct dq_sock {
+ struct ckpt_ctx *ctx;
+ struct sock *sk;
+};
+
+struct dq_buffers {
+ struct ckpt_ctx *ctx;
+ struct sock *sk;
+};
+
+int inet_checkpoint(struct ckpt_ctx *ctx, struct socket *sock)
+{
+ struct ckpt_hdr_socket_inet *in;
+ int ret;
+
+ in = ckpt_hdr_get_type(ctx, sizeof(*in), CKPT_HDR_SOCKET_INET);
+ if (!in)
+ return -EINVAL;
+
+ ret = ckpt_sock_getnames(ctx, sock,
+ (struct sockaddr *)&in->laddr, &in->laddr_len,
+ (struct sockaddr *)&in->raddr, &in->raddr_len);
+ if (ret)
+ goto out;
+
+ ret = ckpt_write_obj(ctx, (struct ckpt_hdr *) in);
+ out:
+ ckpt_hdr_put(ctx, in);
+
+ return ret;
+}
+
+int inet_collect(struct ckpt_ctx *ctx, struct socket *sock)
+{
+ return ckpt_obj_collect(ctx, sock->sk, CKPT_OBJ_SOCK);
+}
+
+static int inet_read_buffer(struct ckpt_ctx *ctx, struct sk_buff_head *queue)
+{
+ struct sk_buff *skb = NULL;
+
+ skb = sock_restore_skb(ctx);
+ if (IS_ERR(skb))
+ return PTR_ERR(skb);
+
+ skb_queue_tail(queue, skb);
+ return skb->len;
+}
+
+static int inet_read_buffers(struct ckpt_ctx *ctx, struct sk_buff_head *queue)
+{
+ struct ckpt_hdr_socket_queue *h;
+ int ret = 0;
+ int i;
+
+ h = ckpt_read_obj_type(ctx, sizeof(*h), CKPT_HDR_SOCKET_QUEUE);
+ if (IS_ERR(h))
+ return PTR_ERR(h);
+
+ for (i = 0; i < h->skb_count; i++) {
+ ret = inet_read_buffer(ctx, queue);
+ ckpt_debug("read inet buffer %i: %i", i, ret);
+ if (ret < 0)
+ goto out;
+
+ if (ret > h->total_bytes) {
+ ret = -EINVAL;
+ ckpt_err(ctx, ret, "Buffers exceeded claim");
+ goto out;
+ }
+
+ h->total_bytes -= ret;
+ }
+
+ ret = h->skb_count;
+ out:
+ ckpt_hdr_put(ctx, h);
+
+ return ret;
+}
+
+static int inet_deferred_restore_buffers(void *data)
+{
+ struct dq_buffers *dq = (struct dq_buffers *)data;
+ struct ckpt_ctx *ctx = dq->ctx;
+ struct sock *sk = dq->sk;
+ int ret;
+
+ ret = inet_read_buffers(ctx, &sk->sk_receive_queue);
+ ckpt_debug("(R) inet_read_buffers: %i\n", ret);
+ if (ret < 0)
+ return ret;
+
+ ret = inet_read_buffers(ctx, &sk->sk_write_queue);
+ ckpt_debug("(W) inet_read_buffers: %i\n", ret);
+
+ return ret;
+}
+
+static int inet_defer_restore_buffers(struct ckpt_ctx *ctx, struct sock *sk)
+{
+ struct dq_buffers dq;
+
+ dq.ctx = ctx;
+ dq.sk = sk;
+
+ return deferqueue_add(ctx->files_deferq, &dq, sizeof(dq),
+ inet_deferred_restore_buffers, NULL);
+}
+
+static int inet_precheck(struct socket *sock, struct ckpt_hdr_socket_inet *in)
+{
+ if (in->laddr_len > sizeof(struct sockaddr_in)) {
+ ckpt_debug("laddr_len is too big\n");
+ return -EINVAL;
+ }
+
+ if (in->raddr_len > sizeof(struct sockaddr_in)) {
+ ckpt_debug("raddr_len is too big\n");
+ return -EINVAL;
+ }
+
+ return 0;
+}
+
+int inet_restore(struct ckpt_ctx *ctx,
+ struct socket *sock,
+ struct ckpt_hdr_socket *h)
+{
+ struct ckpt_hdr_socket_inet *in;
+ int ret = 0;
+
+ in = ckpt_read_obj_type(ctx, sizeof(*in), CKPT_HDR_SOCKET_INET);
+ if (IS_ERR(in))
+ return PTR_ERR(in);
+
+ ret = inet_precheck(sock, in);
+ if (ret < 0)
+ goto out;
+
+ /* Listening sockets and those that are closed but have a local
+ * address need to call bind()
+ */
+ if ((h->sock.state == TCP_LISTEN) ||
+ ((h->sock.state == TCP_CLOSE) && (in->laddr_len > 0))) {
+ sock->sk->sk_reuse = 2;
+ inet_sk(sock->sk)->freebind = 1;
+ ret = sock->ops->bind(sock,
+ (struct sockaddr *)&in->laddr,
+ in->laddr_len);
+ ckpt_debug("inet bind: %i\n", ret);
+ if (ret < 0)
+ goto out;
+
+ if (h->sock.state == TCP_LISTEN) {
+ ret = sock->ops->listen(sock, h->sock.backlog);
+ ckpt_debug("inet listen: %i\n", ret);
+ if (ret < 0)
+ goto out;
+ }
+ } else {
+ if (!sock_flag(sock->sk, SOCK_DEAD))
+ ret = inet_defer_restore_buffers(ctx, sock->sk);
+ }
+ out:
+ ckpt_hdr_put(ctx, in);
+
+ return ret;
+}
+
--
1.6.3.3
^ permalink raw reply related [flat|nested] 137+ messages in thread* [PATCH v21 075/100] c/r: add support for connected INET sockets (v5)
2010-05-01 14:14 [PATCH v21 00/100] Kernel based checkpoint/restart Oren Laadan
` (73 preceding siblings ...)
2010-05-01 14:15 ` [PATCH v21 074/100] c/r: add support for listening INET sockets (v2) Oren Laadan
@ 2010-05-01 14:15 ` Oren Laadan
2010-05-01 14:15 ` [PATCH v21 076/100] c/r: [pty 1/2] allow allocation of desired pty slave Oren Laadan
` (26 subsequent siblings)
101 siblings, 0 replies; 137+ messages in thread
From: Oren Laadan @ 2010-05-01 14:15 UTC (permalink / raw)
To: Andrew Morton
Cc: containers, linux-kernel, Serge Hallyn, Matt Helsley,
Pavel Emelyanov, Dan Smith, netdev
From: Dan Smith <danms@us.ibm.com>
This patch adds basic support for C/R of open INET sockets. I think that
all the important bits of the TCP and ICSK socket structures is saved,
but I think there is still some additional IPv6 stuff that needs to be
handled.
With this patch applied, the following script can be used to demonstrate
the functionality:
https://lists.linux-foundation.org/pipermail/containers/2009-October/021239.html
It shows that this enables migration of a sendmail process with open
connections from one machine to another without dropping.
We probably need comments from the netdev people about the quality of
sanity checking we do on the values in the ckpt_hdr_socket_inet
structure on restart.
Note that this still doesn't address lingering sockets yet.
Changelog [v21]:
- [Dan Smith] Fix build when CONFIG_INET=n
Changelog [v19-rc3]:
- Rebase to kernel 2.6.33 (add 'inet_' prefix to some sk fields)
- Relax tcp.window_clamp value in INET restore
Changelog [v19-rc2]:
- Restore gso_type fields on sockets and buffers, so that they're
properly handled on incoming path. Use the proper value from the
socket (instead of storing that per-buffer) to avoid needing to
detect (e.g.) the user restore a UDP buffer into a TCP socket.
Changes in v5:
- Change ckpt_write_err() to ckpt_err()
Changes in v4:
- Use the new socket buffer restore functions introduced in the
previous patch
- Move listen_sockets list under the restart items in ckpt_ctx
- Rename RESTART_SOCK_LISTENONLY to RESTART_CONN_RESET
Changes in v3:
- Prevent restart from allowing a bind on a <1024 port unless the
user is granted that capability
- Add some sanity checking in the inet_precheck() function to make sure
the values read from the checkpoint image are within acceptable ranges
- Check the result of sock_restore_header_info() and fail if needed
Changes in v2:
- Restore saddr, rcv_saddr, daddr, sport, and dport from the sockaddr
structure instead of saving them separately
- Fix 'sock' naming in sock_cptrst()
- Don't take the queue lock before skb_queue_tail() since it is
done for us
- Allow "listen only" restore behavior if RESTART_SOCK_LISTENONLY
flag is specified on sys_restart()
- Pull the implementation of the list of listening sockets back into
this patch
- Fix dangling printk
- Add some comments around the parent/child restore logic
Cc: netdev@vger.kernel.org
Signed-off-by: Dan Smith <danms@us.ibm.com>
Acked-by: Oren Laadan <orenl@cs.columbia.edu>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Tested-by: Serge E. Hallyn <serue@us.ibm.com>
---
Documentation/checkpoint/usage.txt | 1 +
include/linux/checkpoint.h | 7 +-
include/linux/checkpoint_hdr.h | 97 +++++++++-
include/linux/checkpoint_types.h | 1 +
kernel/checkpoint/sys.c | 6 +
net/checkpoint.c | 19 +-
net/ipv4/checkpoint.c | 373 +++++++++++++++++++++++++++++++++++-
7 files changed, 484 insertions(+), 20 deletions(-)
diff --git a/Documentation/checkpoint/usage.txt b/Documentation/checkpoint/usage.txt
index c6fc045..239c162 100644
--- a/Documentation/checkpoint/usage.txt
+++ b/Documentation/checkpoint/usage.txt
@@ -35,6 +35,7 @@ The API consists of three new system calls:
- RESTART_TASKSELF : (self) restart of a single process
- RESTART_FROEZN : processes remain frozen once restart completes
- RESTART_GHOST : process is a ghost (placeholder for a pid)
+ - RESTART_CONN_RESET : reset previously open sockets to be closed
(Note that this argument may mean 'ckptid' to identify an in-kernel
checkpoint image, with some @flags in the future).
diff --git a/include/linux/checkpoint.h b/include/linux/checkpoint.h
index 25275af..abf8cb5 100644
--- a/include/linux/checkpoint.h
+++ b/include/linux/checkpoint.h
@@ -19,6 +19,7 @@
#define RESTART_TASKSELF 0x1
#define RESTART_FROZEN 0x2
#define RESTART_GHOST 0x4
+#define RESTART_CONN_RESET 0x10
/* misc user visible */
#define CHECKPOINT_FD_NONE -1
@@ -57,7 +58,8 @@ extern long do_sys_restart(pid_t pid, int fd,
#define RESTART_USER_FLAGS \
(RESTART_TASKSELF | \
RESTART_FROZEN | \
- RESTART_GHOST)
+ RESTART_GHOST | \
+ RESTART_CONN_RESET)
extern int walk_task_subtree(struct task_struct *task,
int (*func)(struct task_struct *, void *),
@@ -103,7 +105,8 @@ extern int ckpt_sock_getnames(struct ckpt_ctx *ctx,
struct socket *socket,
struct sockaddr *loc, unsigned *loc_len,
struct sockaddr *rem, unsigned *rem_len);
-extern struct sk_buff *sock_restore_skb(struct ckpt_ctx *ctx);
+extern struct sk_buff *sock_restore_skb(struct ckpt_ctx *ctx, struct sock *sk);
+extern void sock_listening_list_free(struct list_head *head);
/* ckpt kflags */
#define ckpt_set_ctx_kflag(__ctx, __kflag) \
diff --git a/include/linux/checkpoint_hdr.h b/include/linux/checkpoint_hdr.h
index 07934ee..1820f07 100644
--- a/include/linux/checkpoint_hdr.h
+++ b/include/linux/checkpoint_hdr.h
@@ -15,6 +15,7 @@
#include <linux/socket.h>
#include <linux/un.h>
#include <linux/in.h>
+#include <linux/in6.h>
#ifndef CONFIG_CHECKPOINT
#error linux/checkpoint_hdr.h included directly (without CONFIG_CHECKPOINT)
@@ -22,8 +23,6 @@
#else /* __KERNEL__ */
-#else
-
#include <sys/types.h>
#include <linux/types.h>
#include <sys/socket.h>
@@ -586,6 +585,100 @@ struct ckpt_hdr_socket_unix {
struct ckpt_hdr_socket_inet {
struct ckpt_hdr h;
+ __u32 daddr;
+ __u32 rcv_saddr;
+ __u32 saddr;
+ __u16 dport;
+ __u16 num;
+ __u16 sport;
+ __s16 uc_ttl;
+ __u16 cmsg_flags;
+
+ struct {
+ __u64 timeout;
+ __u32 ato;
+ __u32 lrcvtime;
+ __u16 last_seg_size;
+ __u16 rcv_mss;
+ __u8 pending;
+ __u8 quick;
+ __u8 pingpong;
+ __u8 blocked;
+ } icsk_ack __attribute__ ((aligned(8)));
+
+ /* FIXME: Skipped opt, tos, multicast, cork settings */
+
+ struct {
+ __u32 rcv_nxt;
+ __u32 copied_seq;
+ __u32 rcv_wup;
+ __u32 snd_nxt;
+ __u32 snd_una;
+ __u32 snd_sml;
+ __u32 rcv_tstamp;
+ __u32 lsndtime;
+
+ __u32 snd_wl1;
+ __u32 snd_wnd;
+ __u32 max_window;
+ __u32 mss_cache;
+ __u32 window_clamp;
+ __u32 rcv_ssthresh;
+ __u32 frto_highmark;
+
+ __u32 srtt;
+ __u32 mdev;
+ __u32 mdev_max;
+ __u32 rttvar;
+ __u32 rtt_seq;
+
+ __u32 packets_out;
+ __u32 retrans_out;
+
+ __u32 snd_up;
+ __u32 rcv_wnd;
+ __u32 write_seq;
+ __u32 pushed_seq;
+ __u32 lost_out;
+ __u32 sacked_out;
+ __u32 fackets_out;
+ __u32 tso_deferred;
+ __u32 bytes_acked;
+
+ __s32 lost_cnt_hint;
+ __u32 retransmit_high;
+
+ __u32 lost_retrans_low;
+
+ __u32 prior_ssthresh;
+ __u32 high_seq;
+
+ __u32 retrans_stamp;
+ __u32 undo_marker;
+ __s32 undo_retrans;
+ __u32 total_retrans;
+
+ __u32 urg_seq;
+ __u32 keepalive_time;
+ __u32 keepalive_intvl;
+
+ __u16 urg_data;
+ __u16 advmss;
+ __u8 frto_counter;
+ __u8 nonagle;
+
+ __u8 ecn_flags;
+ __u8 reordering;
+
+ __u8 keepalive_probes;
+ } tcp __attribute__ ((aligned(8)));
+
+ struct {
+ struct in6_addr saddr;
+ struct in6_addr rcv_saddr;
+ struct in6_addr daddr;
+ } inet6 __attribute__ ((aligned(8)));
+
__u32 laddr_len;
__u32 raddr_len;
struct sockaddr_in laddr;
diff --git a/include/linux/checkpoint_types.h b/include/linux/checkpoint_types.h
index d69b795..79c6394 100644
--- a/include/linux/checkpoint_types.h
+++ b/include/linux/checkpoint_types.h
@@ -79,6 +79,7 @@ struct ckpt_ctx {
wait_queue_head_t waitq; /* waitqueue for restarting tasks */
wait_queue_head_t ghostq; /* waitqueue for ghost tasks */
struct cred *realcred, *ecred; /* tmp storage for cred at restart */
+ struct list_head listen_sockets;/* listening parent sockets */
struct ckpt_stats stats; /* statistics */
diff --git a/kernel/checkpoint/sys.c b/kernel/checkpoint/sys.c
index 86dabfa..b8369e4 100644
--- a/kernel/checkpoint/sys.c
+++ b/kernel/checkpoint/sys.c
@@ -229,6 +229,10 @@ static void ckpt_ctx_free(struct ckpt_ctx *ctx)
kfree(ctx->pids_arr);
+#ifdef CONFIG_NETNS_CHECKPOINT
+ sock_listening_list_free(&ctx->listen_sockets);
+#endif
+
kfree(ctx);
}
@@ -262,6 +266,8 @@ static struct ckpt_ctx *ckpt_ctx_alloc(int fd, unsigned long uflags,
mutex_init(&ctx->msg_mutex);
+ INIT_LIST_HEAD(&ctx->listen_sockets);
+
err = -EBADF;
ctx->file = fget(fd);
if (!ctx->file)
diff --git a/net/checkpoint.c b/net/checkpoint.c
index d972044..03c1224 100644
--- a/net/checkpoint.c
+++ b/net/checkpoint.c
@@ -115,9 +115,9 @@ static void sock_record_header_info(struct sk_buff *skb,
h->nr_frags = skb_shinfo(skb)->nr_frags;
}
-int sock_restore_header_info(struct ckpt_ctx *ctx,
- struct sk_buff *skb,
- struct ckpt_hdr_socket_buffer *h)
+static int sock_restore_header_info(struct ckpt_ctx *ctx,
+ struct sock *sk, struct sk_buff *skb,
+ struct ckpt_hdr_socket_buffer *h)
{
if (h->mac_header + h->mac_len != h->network_header) {
ckpt_err(ctx, -EINVAL,
@@ -171,6 +171,8 @@ int sock_restore_header_info(struct ckpt_ctx *ctx,
skb->data = skb->head + h->data_offset;
skb->len = h->skb_len;
+ skb_shinfo(skb)->gso_type = sk->sk_gso_type;
+
return 0;
}
@@ -216,7 +218,7 @@ static int sock_restore_skb_frag(struct ckpt_ctx *ctx,
return ret;
}
-struct sk_buff *sock_restore_skb(struct ckpt_ctx *ctx)
+struct sk_buff *sock_restore_skb(struct ckpt_ctx *ctx, struct sock *sk)
{
struct ckpt_hdr_socket_buffer *h;
struct sk_buff *skb = NULL;
@@ -269,7 +271,7 @@ struct sk_buff *sock_restore_skb(struct ckpt_ctx *ctx)
goto out;
}
- sock_restore_header_info(ctx, skb, h);
+ sock_restore_header_info(ctx, sk, skb, h);
out:
ckpt_hdr_put(ctx, h);
if (ret < 0) {
@@ -931,10 +933,9 @@ static void *restore_sock(struct ckpt_ctx *ctx)
goto err;
if ((h->sock_common.family == AF_INET) &&
- (h->sock.state != TCP_LISTEN)) {
- /* Temporary hack to enable restore of TCP_LISTEN sockets
- * while forcing anything else to a closed state
- */
+ (h->sock.state != TCP_LISTEN) &&
+ (ctx->uflags & RESTART_CONN_RESET)) {
+ ckpt_debug("Forcing open socket closed\n");
sock->sk->sk_state = TCP_CLOSE;
sock->state = SS_UNCONNECTED;
}
diff --git a/net/ipv4/checkpoint.c b/net/ipv4/checkpoint.c
index 0b62a15..bc4c998 100644
--- a/net/ipv4/checkpoint.c
+++ b/net/ipv4/checkpoint.c
@@ -16,6 +16,7 @@
#include <linux/checkpoint.h>
#include <net/tcp_states.h>
#include <net/tcp.h>
+#include <net/ipv6.h>
struct dq_sock {
struct ckpt_ctx *ctx;
@@ -27,6 +28,248 @@ struct dq_buffers {
struct sock *sk;
};
+struct listen_item {
+ struct sock *sk;
+ struct list_head list;
+};
+
+void sock_listening_list_free(struct list_head *head)
+{
+ struct listen_item *item, *tmp;
+
+ list_for_each_entry_safe(item, tmp, head, list) {
+ list_del(&item->list);
+ kfree(item);
+ }
+}
+
+static int sock_listening_list_add(struct ckpt_ctx *ctx, struct sock *sk)
+{
+ struct listen_item *item;
+
+ item = kmalloc(sizeof(*item), GFP_KERNEL);
+ if (!item)
+ return -ENOMEM;
+
+ item->sk = sk;
+ list_add(&item->list, &ctx->listen_sockets);
+
+ return 0;
+}
+
+static struct sock *sock_get_parent(struct ckpt_ctx *ctx, struct sock *sk)
+{
+ struct listen_item *item;
+
+ list_for_each_entry(item, &ctx->listen_sockets, list) {
+ if (inet_sk(sk)->inet_sport == inet_sk(item->sk)->inet_sport)
+ return item->sk;
+ }
+
+ return NULL;
+}
+
+static int sock_hash_parent(void *data)
+{
+ struct dq_sock *dq = (struct dq_sock *)data;
+ struct sock *parent;
+
+ ckpt_debug("INET post-restart hash\n");
+
+ dq->sk->sk_prot->hash(dq->sk);
+
+ /* If there is a listening socket with the same source port,
+ * then become a child of that socket [we are the result of an
+ * accept()]. Otherwise hash ourselves directly in [we are
+ * the result of a connect()]
+ */
+
+ parent = sock_get_parent(dq->ctx, dq->sk);
+ if (parent) {
+ inet_sk(dq->sk)->inet_num = ntohs(inet_sk(dq->sk)->inet_sport);
+ local_bh_disable();
+ __inet_inherit_port(parent, dq->sk);
+ local_bh_enable();
+ } else {
+ inet_sk(dq->sk)->inet_num = 0;
+ inet_hash_connect(&tcp_death_row, dq->sk);
+ inet_sk(dq->sk)->inet_num = ntohs(inet_sk(dq->sk)->inet_sport);
+ }
+
+ return 0;
+}
+
+static int sock_defer_hash(struct ckpt_ctx *ctx, struct sock *sock)
+{
+ struct dq_sock dq;
+
+ dq.sk = sock;
+ dq.ctx = ctx;
+
+ return deferqueue_add(ctx->deferqueue, &dq, sizeof(dq),
+ sock_hash_parent, NULL);
+}
+
+static int sock_inet_tcp_cptrst(struct ckpt_ctx *ctx,
+ struct tcp_sock *sk,
+ struct ckpt_hdr_socket_inet *hh,
+ int op)
+{
+ CKPT_COPY(op, hh->tcp.rcv_nxt, sk->rcv_nxt);
+ CKPT_COPY(op, hh->tcp.copied_seq, sk->copied_seq);
+ CKPT_COPY(op, hh->tcp.rcv_wup, sk->rcv_wup);
+ CKPT_COPY(op, hh->tcp.snd_nxt, sk->snd_nxt);
+ CKPT_COPY(op, hh->tcp.snd_una, sk->snd_una);
+ CKPT_COPY(op, hh->tcp.snd_sml, sk->snd_sml);
+ CKPT_COPY(op, hh->tcp.rcv_tstamp, sk->rcv_tstamp);
+ CKPT_COPY(op, hh->tcp.lsndtime, sk->lsndtime);
+
+ CKPT_COPY(op, hh->tcp.snd_wl1, sk->snd_wl1);
+ CKPT_COPY(op, hh->tcp.snd_wnd, sk->snd_wnd);
+ CKPT_COPY(op, hh->tcp.max_window, sk->max_window);
+ CKPT_COPY(op, hh->tcp.mss_cache, sk->mss_cache);
+ CKPT_COPY(op, hh->tcp.window_clamp, sk->window_clamp);
+ CKPT_COPY(op, hh->tcp.rcv_ssthresh, sk->rcv_ssthresh);
+ CKPT_COPY(op, hh->tcp.frto_highmark, sk->frto_highmark);
+ CKPT_COPY(op, hh->tcp.advmss, sk->advmss);
+ CKPT_COPY(op, hh->tcp.frto_counter, sk->frto_counter);
+ CKPT_COPY(op, hh->tcp.nonagle, sk->nonagle);
+
+ CKPT_COPY(op, hh->tcp.srtt, sk->srtt);
+ CKPT_COPY(op, hh->tcp.mdev, sk->mdev);
+ CKPT_COPY(op, hh->tcp.mdev_max, sk->mdev_max);
+ CKPT_COPY(op, hh->tcp.rttvar, sk->rttvar);
+ CKPT_COPY(op, hh->tcp.rtt_seq, sk->rtt_seq);
+
+ CKPT_COPY(op, hh->tcp.packets_out, sk->packets_out);
+ CKPT_COPY(op, hh->tcp.retrans_out, sk->retrans_out);
+
+ CKPT_COPY(op, hh->tcp.urg_data, sk->urg_data);
+ CKPT_COPY(op, hh->tcp.ecn_flags, sk->ecn_flags);
+ CKPT_COPY(op, hh->tcp.reordering, sk->reordering);
+ CKPT_COPY(op, hh->tcp.snd_up, sk->snd_up);
+
+ CKPT_COPY(op, hh->tcp.keepalive_probes, sk->keepalive_probes);
+
+ CKPT_COPY(op, hh->tcp.rcv_wnd, sk->rcv_wnd);
+ CKPT_COPY(op, hh->tcp.write_seq, sk->write_seq);
+ CKPT_COPY(op, hh->tcp.pushed_seq, sk->pushed_seq);
+ CKPT_COPY(op, hh->tcp.lost_out, sk->lost_out);
+ CKPT_COPY(op, hh->tcp.sacked_out, sk->sacked_out);
+ CKPT_COPY(op, hh->tcp.fackets_out, sk->fackets_out);
+ CKPT_COPY(op, hh->tcp.tso_deferred, sk->tso_deferred);
+ CKPT_COPY(op, hh->tcp.bytes_acked, sk->bytes_acked);
+
+ CKPT_COPY(op, hh->tcp.lost_cnt_hint, sk->lost_cnt_hint);
+ CKPT_COPY(op, hh->tcp.retransmit_high, sk->retransmit_high);
+
+ CKPT_COPY(op, hh->tcp.lost_retrans_low, sk->lost_retrans_low);
+
+ CKPT_COPY(op, hh->tcp.prior_ssthresh, sk->prior_ssthresh);
+ CKPT_COPY(op, hh->tcp.high_seq, sk->high_seq);
+
+ CKPT_COPY(op, hh->tcp.retrans_stamp, sk->retrans_stamp);
+ CKPT_COPY(op, hh->tcp.undo_marker, sk->undo_marker);
+ CKPT_COPY(op, hh->tcp.undo_retrans, sk->undo_retrans);
+ CKPT_COPY(op, hh->tcp.total_retrans, sk->total_retrans);
+
+ CKPT_COPY(op, hh->tcp.urg_seq, sk->urg_seq);
+ CKPT_COPY(op, hh->tcp.keepalive_time, sk->keepalive_time);
+ CKPT_COPY(op, hh->tcp.keepalive_intvl, sk->keepalive_intvl);
+
+ if (!skb_queue_empty(&sk->ucopy.prequeue))
+ printk(KERN_ERR "PREQUEUE!\n");
+
+ return 0;
+}
+
+static int sock_inet_restore_connection(struct sock *sk,
+ struct ckpt_hdr_socket_inet *hh)
+{
+ struct inet_sock *inet = inet_sk(sk);
+ int tcp_gso = sk->sk_family == AF_INET ? SKB_GSO_TCPV4 : SKB_GSO_TCPV6;
+
+ inet->inet_daddr = hh->raddr.sin_addr.s_addr;
+ inet->inet_saddr = hh->laddr.sin_addr.s_addr;
+ inet->inet_rcv_saddr = inet->inet_saddr;
+
+ inet->inet_dport = hh->raddr.sin_port;
+ inet->inet_sport = hh->laddr.sin_port;
+
+ if (sk->sk_protocol == IPPROTO_TCP)
+ sk->sk_gso_type = tcp_gso;
+ else if (sk->sk_protocol == IPPROTO_UDP)
+ sk->sk_gso_type = SKB_GSO_UDP;
+ else {
+ ckpt_debug("Unsupported socket type while setting GSO\n");
+ return -EINVAL;
+ }
+
+ return 0;
+}
+
+static int sock_inet_cptrst(struct ckpt_ctx *ctx,
+ struct sock *sk,
+ struct ckpt_hdr_socket_inet *hh,
+ int op)
+{
+ struct inet_sock *inet = inet_sk(sk);
+ struct inet_connection_sock *icsk = inet_csk(sk);
+ int ret;
+
+ if (op == CKPT_CPT) {
+ CKPT_COPY(op, hh->daddr, inet->inet_daddr);
+ CKPT_COPY(op, hh->rcv_saddr, inet->inet_rcv_saddr);
+ CKPT_COPY(op, hh->dport, inet->inet_dport);
+ CKPT_COPY(op, hh->saddr, inet->inet_saddr);
+ CKPT_COPY(op, hh->sport, inet->inet_sport);
+ } else {
+ ret = sock_inet_restore_connection(sk, hh);
+ if (ret)
+ return ret;
+ }
+
+ CKPT_COPY(op, hh->num, inet->inet_num);
+ CKPT_COPY(op, hh->uc_ttl, inet->uc_ttl);
+ CKPT_COPY(op, hh->cmsg_flags, inet->cmsg_flags);
+
+ CKPT_COPY(op, hh->icsk_ack.pending, icsk->icsk_ack.pending);
+ CKPT_COPY(op, hh->icsk_ack.quick, icsk->icsk_ack.quick);
+ CKPT_COPY(op, hh->icsk_ack.pingpong, icsk->icsk_ack.pingpong);
+ CKPT_COPY(op, hh->icsk_ack.blocked, icsk->icsk_ack.blocked);
+ CKPT_COPY(op, hh->icsk_ack.ato, icsk->icsk_ack.ato);
+ CKPT_COPY(op, hh->icsk_ack.timeout, icsk->icsk_ack.timeout);
+ CKPT_COPY(op, hh->icsk_ack.lrcvtime, icsk->icsk_ack.lrcvtime);
+ CKPT_COPY(op,
+ hh->icsk_ack.last_seg_size, icsk->icsk_ack.last_seg_size);
+ CKPT_COPY(op, hh->icsk_ack.rcv_mss, icsk->icsk_ack.rcv_mss);
+
+ if (sk->sk_protocol == IPPROTO_TCP)
+ ret = sock_inet_tcp_cptrst(ctx, tcp_sk(sk), hh, op);
+ else if (sk->sk_protocol == IPPROTO_UDP)
+ ret = 0;
+ else {
+ ret = -EINVAL;
+ ckpt_err(ctx, ret, "unknown socket protocol %d",
+ sk->sk_protocol);
+ }
+
+ if (sk->sk_family == AF_INET6) {
+ struct ipv6_pinfo *inet6 = inet6_sk(sk);
+ if (op == CKPT_CPT) {
+ ipv6_addr_copy(&hh->inet6.saddr, &inet6->saddr);
+ ipv6_addr_copy(&hh->inet6.rcv_saddr, &inet6->rcv_saddr);
+ ipv6_addr_copy(&hh->inet6.daddr, &inet6->daddr);
+ } else {
+ ipv6_addr_copy(&inet6->saddr, &hh->inet6.saddr);
+ ipv6_addr_copy(&inet6->rcv_saddr, &hh->inet6.rcv_saddr);
+ ipv6_addr_copy(&inet6->daddr, &hh->inet6.daddr);
+ }
+ }
+
+ return ret;
+}
+
int inet_checkpoint(struct ckpt_ctx *ctx, struct socket *sock)
{
struct ckpt_hdr_socket_inet *in;
@@ -42,6 +285,10 @@ int inet_checkpoint(struct ckpt_ctx *ctx, struct socket *sock)
if (ret)
goto out;
+ ret = sock_inet_cptrst(ctx, sock->sk, in, CKPT_CPT);
+ if (ret < 0)
+ goto out;
+
ret = ckpt_write_obj(ctx, (struct ckpt_hdr *) in);
out:
ckpt_hdr_put(ctx, in);
@@ -54,11 +301,13 @@ int inet_collect(struct ckpt_ctx *ctx, struct socket *sock)
return ckpt_obj_collect(ctx, sock->sk, CKPT_OBJ_SOCK);
}
-static int inet_read_buffer(struct ckpt_ctx *ctx, struct sk_buff_head *queue)
+static int inet_read_buffer(struct ckpt_ctx *ctx,
+ struct sk_buff_head *queue,
+ struct sock *sk)
{
struct sk_buff *skb = NULL;
- skb = sock_restore_skb(ctx);
+ skb = sock_restore_skb(ctx, sk);
if (IS_ERR(skb))
return PTR_ERR(skb);
@@ -66,7 +315,9 @@ static int inet_read_buffer(struct ckpt_ctx *ctx, struct sk_buff_head *queue)
return skb->len;
}
-static int inet_read_buffers(struct ckpt_ctx *ctx, struct sk_buff_head *queue)
+static int inet_read_buffers(struct ckpt_ctx *ctx,
+ struct sk_buff_head *queue,
+ struct sock *sk)
{
struct ckpt_hdr_socket_queue *h;
int ret = 0;
@@ -77,7 +328,7 @@ static int inet_read_buffers(struct ckpt_ctx *ctx, struct sk_buff_head *queue)
return PTR_ERR(h);
for (i = 0; i < h->skb_count; i++) {
- ret = inet_read_buffer(ctx, queue);
+ ret = inet_read_buffer(ctx, queue, sk);
ckpt_debug("read inet buffer %i: %i", i, ret);
if (ret < 0)
goto out;
@@ -105,12 +356,12 @@ static int inet_deferred_restore_buffers(void *data)
struct sock *sk = dq->sk;
int ret;
- ret = inet_read_buffers(ctx, &sk->sk_receive_queue);
+ ret = inet_read_buffers(ctx, &sk->sk_receive_queue, sk);
ckpt_debug("(R) inet_read_buffers: %i\n", ret);
if (ret < 0)
return ret;
- ret = inet_read_buffers(ctx, &sk->sk_write_queue);
+ ret = inet_read_buffers(ctx, &sk->sk_write_queue, sk);
ckpt_debug("(W) inet_read_buffers: %i\n", ret);
return ret;
@@ -129,6 +380,19 @@ static int inet_defer_restore_buffers(struct ckpt_ctx *ctx, struct sock *sk)
static int inet_precheck(struct socket *sock, struct ckpt_hdr_socket_inet *in)
{
+ __u8 icsk_ack_mask = ICSK_ACK_SCHED | ICSK_ACK_TIMER |
+ ICSK_ACK_PUSHED | ICSK_ACK_PUSHED2;
+ __u16 urg_mask = TCP_URG_VALID | TCP_URG_NOTYET | TCP_URG_READ;
+ __u8 nonagle_mask = TCP_NAGLE_OFF | TCP_NAGLE_CORK | TCP_NAGLE_PUSH;
+ __u8 ecn_mask = TCP_ECN_OK | TCP_ECN_QUEUE_CWR | TCP_ECN_DEMAND_CWR;
+
+ if ((htons(in->laddr.sin_port) < PROT_SOCK) &&
+ !capable(CAP_NET_BIND_SERVICE)) {
+ ckpt_debug("unable to bind to port %hu\n",
+ htons(in->laddr.sin_port));
+ return -EINVAL;
+ }
+
if (in->laddr_len > sizeof(struct sockaddr_in)) {
ckpt_debug("laddr_len is too big\n");
return -EINVAL;
@@ -139,6 +403,75 @@ static int inet_precheck(struct socket *sock, struct ckpt_hdr_socket_inet *in)
return -EINVAL;
}
+ /* Set ato to the default */
+ in->icsk_ack.ato = TCP_ATO_MIN;
+
+ /* No quick acks are scheduled after a restart */
+ in->icsk_ack.quick = 0;
+
+ if (in->icsk_ack.pending & ~icsk_ack_mask) {
+ ckpt_debug("invalid pending flags 0x%x\n",
+ in->icsk_ack.pending & ~icsk_ack_mask);
+ return -EINVAL;
+ }
+
+ if (in->icsk_ack.pingpong > 1) {
+ ckpt_debug("invalid icsk_ack.pingpong value\n");
+ return -EINVAL;
+ }
+
+ if (in->icsk_ack.blocked > 1) {
+ ckpt_debug("invalid icsk_ack.blocked value\n");
+ return -EINVAL;
+ }
+
+ /* do_tcp_setsockopt() quietly makes this coercion */
+ if (in->tcp.window_clamp < (SOCK_MIN_RCVBUF / 2))
+ in->tcp.window_clamp = SOCK_MIN_RCVBUF / 2;
+ else
+ in->tcp.window_clamp = min(in->tcp.window_clamp, 65535U);
+
+ if (in->tcp.rcv_ssthresh > (4U * in->tcp.advmss))
+ in->tcp.rcv_ssthresh = 4U * in->tcp.advmss;
+
+ /* These will all be recalculated on the next call to
+ * tcp_rtt_estimator()
+ */
+ in->tcp.srtt = in->tcp.mdev = in->tcp.mdev_max = 0;
+ in->tcp.rttvar = in->tcp.rtt_seq = 0;
+
+ /* Might want to set packets_out to zero ? */
+
+ if (in->tcp.rcv_wnd > MAX_TCP_WINDOW)
+ in->tcp.rcv_wnd = MAX_TCP_WINDOW;
+
+ if (in->tcp.keepalive_intvl > MAX_TCP_KEEPINTVL) {
+ ckpt_debug("keepalive_intvl %i out of range\n",
+ in->tcp.keepalive_intvl);
+ return -EINVAL;
+ }
+
+ if (in->tcp.keepalive_probes > MAX_TCP_KEEPCNT) {
+ ckpt_debug("Invalid keepalive_probes value %i\n",
+ in->tcp.keepalive_probes);
+ return -EINVAL;
+ }
+
+ if (in->tcp.urg_data & ~urg_mask) {
+ ckpt_debug("Invalid urg_data value\n");
+ return -EINVAL;
+ }
+
+ if (in->tcp.nonagle & ~nonagle_mask) {
+ ckpt_debug("Invalid nonagle value\n");
+ return -EINVAL;
+ }
+
+ if (in->tcp.ecn_flags & ~ecn_mask) {
+ ckpt_debug("Invalid ecn_flags value\n");
+ return -EINVAL;
+ }
+
return 0;
}
@@ -176,8 +509,35 @@ int inet_restore(struct ckpt_ctx *ctx,
ckpt_debug("inet listen: %i\n", ret);
if (ret < 0)
goto out;
+
+ /* We are a listening socket, so add ourselves
+ * to the list of parent sockets. This will
+ * allow our children to find us later and
+ * link up
+ */
+
+ ret = sock_listening_list_add(ctx, sock->sk);
+ if (ret < 0)
+ goto out;
}
} else {
+ ret = sock_inet_cptrst(ctx, sock->sk, in, CKPT_RST);
+ if (ret)
+ goto out;
+
+ if ((h->sock.state == TCP_ESTABLISHED) &&
+ (h->sock.protocol == IPPROTO_TCP)) {
+ /* A connected socket that was spawned from an
+ * accept() needs to be hashed with its parent
+ * listening socket in order to receive
+ * traffic on the original port. Since we may
+ * not have restarted the parent yet, we defer
+ * this until later when we know we have all
+ * the listening sockets accounted for.
+ */
+ ret = sock_defer_hash(ctx, sock->sk);
+ }
+
if (!sock_flag(sock->sk, SOCK_DEAD))
ret = inet_defer_restore_buffers(ctx, sock->sk);
}
@@ -186,4 +546,3 @@ int inet_restore(struct ckpt_ctx *ctx,
return ret;
}
-
--
1.6.3.3
^ permalink raw reply related [flat|nested] 137+ messages in thread* [PATCH v21 076/100] c/r: [pty 1/2] allow allocation of desired pty slave
2010-05-01 14:14 [PATCH v21 00/100] Kernel based checkpoint/restart Oren Laadan
` (74 preceding siblings ...)
2010-05-01 14:15 ` [PATCH v21 075/100] c/r: add support for connected INET sockets (v5) Oren Laadan
@ 2010-05-01 14:15 ` Oren Laadan
2010-05-01 14:15 ` [PATCH v21 077/100] c/r: [pty 2/2] support for pseudo terminals Oren Laadan
` (25 subsequent siblings)
101 siblings, 0 replies; 137+ messages in thread
From: Oren Laadan @ 2010-05-01 14:15 UTC (permalink / raw)
To: Andrew Morton
Cc: containers, linux-kernel, Serge Hallyn, Matt Helsley,
Pavel Emelyanov, Oren Laadan, Greg Kroah-Hartman, Alan Cox
During restart, we need to allocate pty slaves with the same
identifiers as recorded during checkpoint. Modify the allocation code
to allow an in-kernel caller to request a specific slave identifier.
For this, add a new field to task_struct - 'required_id'. It will
hold the desired identifier when restoring a (master) pty.
The code in ptmx_open() will use this value only for tasks that try to
open /dev/ptmx that are restarting (PF_RESTARTING), and if the value
isn't CKPT_REQUIRED_NONE (-1).
Changelog[v19-rc3]:
- Rebase to kernel 2.6.33
Cc: Greg Kroah-Hartman <gregkh@suse.de>
Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>
Signed-off-by: Oren Laadan <orenl@cs.columbia.edu>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Tested-by: Serge E. Hallyn <serue@us.ibm.com>
---
drivers/char/pty.c | 66 +++++++++++++++++++++++++++++++++++++++++---
fs/devpts/inode.c | 13 +++++++--
include/linux/devpts_fs.h | 6 +++-
include/linux/tty.h | 1 -
4 files changed, 76 insertions(+), 10 deletions(-)
diff --git a/drivers/char/pty.c b/drivers/char/pty.c
index d83a431..cfe77c8 100644
--- a/drivers/char/pty.c
+++ b/drivers/char/pty.c
@@ -28,6 +28,7 @@
#include <linux/device.h>
#include <linux/uaccess.h>
#include <linux/bitops.h>
+#include <linux/file.h>
#include <linux/devpts_fs.h>
#include <linux/slab.h>
@@ -615,9 +616,10 @@ static const struct tty_operations pty_unix98_ops = {
};
/**
- * ptmx_open - open a unix 98 pty master
+ * __ptmx_open - open a unix 98 pty master
* @inode: inode of device file
* @filp: file pointer to tty
+ * @index: desired slave index
*
* Allocate a unix98 pty master device from the ptmx driver.
*
@@ -626,16 +628,15 @@ static const struct tty_operations pty_unix98_ops = {
* allocated_ptys_lock handles the list of free pty numbers
*/
-static int __ptmx_open(struct inode *inode, struct file *filp)
+static int __ptmx_open(struct inode *inode, struct file *filp, int index)
{
struct tty_struct *tty;
int retval;
- int index;
nonseekable_open(inode, filp);
/* find a device that is not in use. */
- index = devpts_new_index(inode);
+ index = devpts_new_index(inode, index);
if (index < 0)
return index;
@@ -671,12 +672,66 @@ static int ptmx_open(struct inode *inode, struct file *filp)
{
int ret;
+#ifdef CONFIG_CHECKPOINT
+ /*
+ * If current task is restarting, we skip the actual open.
+ * Instead, leave it up to the caller (restart code) to invoke
+ * __ptmx_open() with the desired pty index request.
+ *
+ * NOTE: this gives a half-baked file that has ptmx f_op but
+ * the tty (private_data) is NULL. It is the responsibility of
+ * the _caller_ to ensure proper initialization before
+ * allowing it to be used (ptmx_release() tolerates NULL tty).
+ */
+ if (current->flags & PF_RESTARTING)
+ return 0;
+#endif
+
lock_kernel();
- ret = __ptmx_open(inode, filp);
+ ret = __ptmx_open(inode, filp, UNSPECIFIED_PTY_INDEX);
unlock_kernel();
return ret;
}
+static int ptmx_release(struct inode *inode, struct file *filp)
+{
+#ifdef CONFIG_CHECKPOINT
+ /*
+ * It is possible for a restart to create a half-baked
+ * ptmx file - see ptmx_open(). In that case there is no
+ * tty (private_data) and nothing to do.
+ */
+ if (!filp->private_data)
+ return 0;
+#endif
+
+ return tty_release(inode, filp);
+}
+
+struct file *pty_open_by_index(char *ptmxpath, int index)
+{
+ struct file *ptmxfile;
+ int ret;
+
+ /*
+ * We need to pick a way to specify which devpts mountpoint to
+ * use. For now, we'll just use whatever /dev/ptmx points to.
+ */
+ ptmxfile = filp_open(ptmxpath, O_RDWR|O_NOCTTY, 0);
+ if (IS_ERR(ptmxfile))
+ return ptmxfile;
+
+ lock_kernel();
+ ret = __ptmx_open(ptmxfile->f_dentry->d_inode, ptmxfile, index);
+ unlock_kernel();
+ if (ret) {
+ fput(ptmxfile);
+ return ERR_PTR(ret);
+ }
+
+ return ptmxfile;
+}
+
static struct file_operations ptmx_fops;
static void __init unix98_pty_init(void)
@@ -733,6 +788,7 @@ static void __init unix98_pty_init(void)
/* Now create the /dev/ptmx special device */
tty_default_fops(&ptmx_fops);
ptmx_fops.open = ptmx_open;
+ ptmx_fops.release = ptmx_release;
cdev_init(&ptmx_cdev, &ptmx_fops);
if (cdev_add(&ptmx_cdev, MKDEV(TTYAUX_MAJOR, 2), 1) ||
diff --git a/fs/devpts/inode.c b/fs/devpts/inode.c
index 0120247..75fb8c5 100644
--- a/fs/devpts/inode.c
+++ b/fs/devpts/inode.c
@@ -433,11 +433,11 @@ static struct file_system_type devpts_fs_type = {
* to the System V naming convention
*/
-int devpts_new_index(struct inode *ptmx_inode)
+int devpts_new_index(struct inode *ptmx_inode, int req_idx)
{
struct super_block *sb = pts_sb_from_inode(ptmx_inode);
struct pts_fs_info *fsi = DEVPTS_SB(sb);
- int index;
+ int index = req_idx;
int ida_ret;
retry:
@@ -445,7 +445,9 @@ retry:
return -ENOMEM;
mutex_lock(&allocated_ptys_lock);
- ida_ret = ida_get_new(&fsi->allocated_ptys, &index);
+ if (index == UNSPECIFIED_PTY_INDEX)
+ index = 0;
+ ida_ret = ida_get_new_above(&fsi->allocated_ptys, index, &index);
if (ida_ret < 0) {
mutex_unlock(&allocated_ptys_lock);
if (ida_ret == -EAGAIN)
@@ -453,6 +455,11 @@ retry:
return -EIO;
}
+ if (req_idx != UNSPECIFIED_PTY_INDEX && index != req_idx) {
+ ida_remove(&fsi->allocated_ptys, index);
+ mutex_unlock(&allocated_ptys_lock);
+ return -EBUSY;
+ }
if (index >= pty_limit) {
ida_remove(&fsi->allocated_ptys, index);
mutex_unlock(&allocated_ptys_lock);
diff --git a/include/linux/devpts_fs.h b/include/linux/devpts_fs.h
index 5ce0e5f..163a70e 100644
--- a/include/linux/devpts_fs.h
+++ b/include/linux/devpts_fs.h
@@ -15,9 +15,13 @@
#include <linux/errno.h>
+#define UNSPECIFIED_PTY_INDEX -1
+
#ifdef CONFIG_UNIX98_PTYS
-int devpts_new_index(struct inode *ptmx_inode);
+struct file *pty_open_by_index(char *ptmxpath, int index);
+
+int devpts_new_index(struct inode *ptmx_inode, int req_idx);
void devpts_kill_index(struct inode *ptmx_inode, int idx);
/* mknod in devpts */
int devpts_pty_new(struct inode *ptmx_inode, struct tty_struct *tty);
diff --git a/include/linux/tty.h b/include/linux/tty.h
index 4409967..d0cbcec 100644
--- a/include/linux/tty.h
+++ b/include/linux/tty.h
@@ -513,7 +513,6 @@ extern void tty_ldisc_begin(void);
/* This last one is just for the tty layer internals and shouldn't be used elsewhere */
extern void tty_ldisc_enable(struct tty_struct *tty);
-
/* n_tty.c */
extern struct tty_ldisc_ops tty_ldisc_N_TTY;
extern void n_tty_inherit_ops(struct tty_ldisc_ops *ops);
--
1.6.3.3
^ permalink raw reply related [flat|nested] 137+ messages in thread* [PATCH v21 077/100] c/r: [pty 2/2] support for pseudo terminals
2010-05-01 14:14 [PATCH v21 00/100] Kernel based checkpoint/restart Oren Laadan
` (75 preceding siblings ...)
2010-05-01 14:15 ` [PATCH v21 076/100] c/r: [pty 1/2] allow allocation of desired pty slave Oren Laadan
@ 2010-05-01 14:15 ` Oren Laadan
2010-05-01 14:16 ` [PATCH v21 078/100] c/r: support for controlling terminal and job control Oren Laadan
` (24 subsequent siblings)
101 siblings, 0 replies; 137+ messages in thread
From: Oren Laadan @ 2010-05-01 14:15 UTC (permalink / raw)
To: Andrew Morton
Cc: containers, linux-kernel, Serge Hallyn, Matt Helsley,
Pavel Emelyanov, Oren Laadan, Greg Kroah-Hartman, Alan Cox
This patch adds support for checkpoint and restart of pseudo terminals
(PTYs). Since PTYs are shared (pointed to by file, and signal), they
are managed via objhash.
PTYs are master/slave pairs; The code arranges for the master to
always be checkpointed first, followed by the slave. This is important
since during restart both ends are created when restoring the master.
In this patch only UNIX98 style PTYs are supported.
Currently only PTYs that are referenced by open files are handled.
Thus PTYs checkpoint starts with a file in tty_file_checkpoint(). It
will first checkpoint the master and slave PTYs via tty_checkpoint(),
and then complete the saving of the file descriptor. This means that
in the image file, the order of objects is: master-tty, slave-tty,
file-desc.
During restart, to restore the master side, we open the /dev/ptmx
device and get a file handle. But at this point we don't know the
designated objref for this file, because the file is due later on in
the image stream. On the other hand, we can't just fput() the file
because it will close the PTY too.
Instead, when we checkpoint the master PTY, we _reserve_ an objref
for the file (which won't be further used in checkpoint). Then at
restart, use it to insert the file to objhash.
TODO:
* Better sanitize input from checkpoint image on restore
* Check the locking when saving/restoring tty_struct state
* Echo position/buffer isn't saved (is it needed ?)
* Handle multiple devpts mounts (namespaces)
* Paths of ptmx and slaves are hard coded (/dev/ptmx, /dev/pts/...)
Changelog[v21]:
- Put file_ops->checkpoint under CONFIG_CHECKPOINT
Changelog[v19-rc1]:
- [Matt Helsley] Add cpp definitions for enums
Changelog[v4]:
- Fix error path(s) in restore_tty_ldisc()
- Fix memory leak in restore_tty_ldisc()
Changelog[v3]:
- [Serge Hallyn] Set tty on error path
Changelog[v2]:
- Don't save/restore tty->{session,pgrp}
- Fix leak: drop file reference after ckpt_obj_insert()
- Move get_file() inside locked clause (fix race)
Changelog[v1]:
- Adjust include/asm/checkpoint_hdr.h for s390 architecture
- Add NCC to kernel constants header (ckpt_hdr_const)
- [Serge Hallyn] fix calculation of canon_datalen
Cc: Greg Kroah-Hartman <gregkh@suse.de>
Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>
Signed-off-by: Oren Laadan <orenl@cs.columbia.edu>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Tested-by: Serge E. Hallyn <serue@us.ibm.com>
---
arch/s390/include/asm/checkpoint_hdr.h | 11 +
arch/x86/include/asm/checkpoint_hdr.h | 11 +
drivers/char/pty.c | 1 +
drivers/char/tty_io.c | 536 ++++++++++++++++++++++++++++++++
fs/checkpoint.c | 6 +
include/linux/checkpoint.h | 1 +
include/linux/checkpoint_hdr.h | 89 ++++++
include/linux/tty.h | 7 +
kernel/checkpoint/checkpoint.c | 3 +
kernel/checkpoint/restart.c | 6 +
10 files changed, 671 insertions(+), 0 deletions(-)
diff --git a/arch/s390/include/asm/checkpoint_hdr.h b/arch/s390/include/asm/checkpoint_hdr.h
index 7d30317..fd8be2a 100644
--- a/arch/s390/include/asm/checkpoint_hdr.h
+++ b/arch/s390/include/asm/checkpoint_hdr.h
@@ -92,13 +92,24 @@ struct ckpt_hdr_mm_context {
};
#define CKPT_ARCH_NSIG 64
+#define CKPT_TTY_NCC 8
+
+/* arch dependent constants */
#ifdef __KERNEL__
+
#include <asm/signal.h>
#if CKPT_ARCH_NSIG != _SIGCONTEXT_NSIG
#error CKPT_ARCH_NSIG size is wrong (asm/sigcontext.h and asm/checkpoint_hdr.h)
#endif
+
+#include <linux/tty.h>
+#if CKPT_TTY_NCC != NCC
+#error CKPT_TTY_NCC size is wrong per asm-generic/termios.h
#endif
+#endif /* __KERNEL__ */
+
+
struct ckpt_hdr_header_arch {
struct ckpt_hdr h;
};
diff --git a/arch/x86/include/asm/checkpoint_hdr.h b/arch/x86/include/asm/checkpoint_hdr.h
index 44737b8..535a9c6 100644
--- a/arch/x86/include/asm/checkpoint_hdr.h
+++ b/arch/x86/include/asm/checkpoint_hdr.h
@@ -52,14 +52,25 @@ enum {
#define CKPT_HDR_MM_CONTEXT_LDT CKPT_HDR_MM_CONTEXT_LDT
};
+/* arch dependent constants */
#define CKPT_ARCH_NSIG 64
+#define CKPT_TTY_NCC 8
+
#ifdef __KERNEL__
+
#include <asm/signal.h>
#if CKPT_ARCH_NSIG != _NSIG
#error CKPT_ARCH_NSIG size is wrong per asm/signal.h and asm/checkpoint_hdr.h
#endif
+
+#include <linux/tty.h>
+#if CKPT_TTY_NCC != NCC
+#error CKPT_TTY_NCC size is wrong per asm-generic/termios.h
#endif
+#endif /* __KERNEL__ */
+
+
struct ckpt_hdr_header_arch {
struct ckpt_hdr h;
/* FIXME: add HAVE_HWFP */
diff --git a/drivers/char/pty.c b/drivers/char/pty.c
index cfe77c8..f4bb90f 100644
--- a/drivers/char/pty.c
+++ b/drivers/char/pty.c
@@ -15,6 +15,7 @@
#include <linux/errno.h>
#include <linux/interrupt.h>
+#include <linux/file.h>
#include <linux/tty.h>
#include <linux/tty_flip.h>
#include <linux/fcntl.h>
diff --git a/drivers/char/tty_io.c b/drivers/char/tty_io.c
index 6da962c..093f522 100644
--- a/drivers/char/tty_io.c
+++ b/drivers/char/tty_io.c
@@ -106,6 +106,7 @@
#include <linux/kmod.h>
#include <linux/nsproxy.h>
+#include <linux/checkpoint.h>
#undef TTY_DEBUG_HANGUP
@@ -150,6 +151,10 @@ static long tty_compat_ioctl(struct file *file, unsigned int cmd,
#define tty_compat_ioctl NULL
#endif
static int tty_fasync(int fd, struct file *filp, int on);
+#ifdef CONFIG_CHECKPOINT
+static int tty_file_checkpoint(struct ckpt_ctx *ctx, struct file *file);
+static int tty_file_collect(struct ckpt_ctx *ctx, struct file *file);
+#endif /* CONFIG_CHECKPOINT */
static void release_tty(struct tty_struct *tty, int idx);
static void __proc_set_tty(struct task_struct *tsk, struct tty_struct *tty);
static void proc_set_tty(struct task_struct *tsk, struct tty_struct *tty);
@@ -416,6 +421,10 @@ static const struct file_operations tty_fops = {
.open = tty_open,
.release = tty_release,
.fasync = tty_fasync,
+#ifdef CONFIG_CHECKPOINT
+ .checkpoint = tty_file_checkpoint,
+ .collect = tty_file_collect,
+#endif
};
static const struct file_operations console_fops = {
@@ -438,6 +447,10 @@ static const struct file_operations hung_up_tty_fops = {
.unlocked_ioctl = hung_up_tty_ioctl,
.compat_ioctl = hung_up_tty_compat_ioctl,
.release = tty_release,
+#ifdef CONFIG_CHECKPOINT
+ .checkpoint = tty_file_checkpoint,
+ .collect = tty_file_collect,
+#endif
};
static DEFINE_SPINLOCK(redirect_lock);
@@ -2628,6 +2641,525 @@ static long tty_compat_ioctl(struct file *file, unsigned int cmd,
}
#endif
+#ifdef CONFIG_CHECKPOINT
+static int tty_can_checkpoint(struct ckpt_ctx *ctx, struct tty_struct *tty)
+{
+ /* only support pty driver */
+ if (tty->driver->type != TTY_DRIVER_TYPE_PTY) {
+ ckpt_err(ctx, -ENOSYS,
+ "%(T)%(S)%(P)tty: unknown driverv type %d\n",
+ tty->driver, tty, tty->driver->type);
+ return 0;
+ }
+ /* only support unix98 style */
+ if (tty->driver->major != UNIX98_PTY_MASTER_MAJOR &&
+ tty->driver->major != UNIX98_PTY_SLAVE_MAJOR) {
+ ckpt_err(ctx, -ENOSYS, "%(T)%(P)tty: legacy pty\n", tty);
+ return 0;
+ }
+ /* only support n_tty ldisc */
+ if (tty->ldisc->ops->num != N_TTY) {
+ ckpt_err(ctx, -ENOSYS,
+ "%(T)%(S)%(P)tty: unknown ldisc type %d\n",
+ tty->ldisc->ops, tty, tty->ldisc->ops->num);
+ return 0;
+ }
+
+ return 1;
+}
+
+static int tty_file_checkpoint(struct ckpt_ctx *ctx, struct file *file)
+{
+ struct ckpt_hdr_file_tty *h;
+ struct tty_struct *tty, *real_tty;
+ struct inode *inode;
+ int master_objref, slave_objref;
+ int ret;
+
+ tty = (struct tty_struct *)file->private_data;
+ inode = file->f_path.dentry->d_inode;
+ if (tty_paranoia_check(tty, inode, "tty_file_checkpoint"))
+ return -EIO;
+
+ if (!tty_can_checkpoint(ctx, tty))
+ return -ENOSYS;
+
+ /*
+ * If we ever support more than PTYs, this would be tty-type
+ * specific (and probably called via tty_operations).
+ */
+
+ real_tty = tty_pair_get_tty(tty);
+ ckpt_debug("tty: %p, real_tty: %p\n", tty, real_tty);
+
+ master_objref = checkpoint_obj(ctx, real_tty->link, CKPT_OBJ_TTY);
+ if (master_objref < 0)
+ return master_objref;
+ slave_objref = checkpoint_obj(ctx, real_tty, CKPT_OBJ_TTY);
+ if (slave_objref < 0)
+ return slave_objref;
+ ckpt_debug("master %p %d, slave %p %d\n",
+ real_tty->link, master_objref, real_tty, slave_objref);
+
+ h = ckpt_hdr_get_type(ctx, sizeof(*h), CKPT_HDR_FILE);
+ if (!h)
+ return -ENOMEM;
+
+ h->common.f_type = CKPT_FILE_TTY;
+ h->tty_objref = (tty == real_tty ? slave_objref : master_objref);
+
+ ret = checkpoint_file_common(ctx, file, &h->common);
+ if (!ret)
+ ret = ckpt_write_obj(ctx, &h->common.h);
+
+ ckpt_hdr_put(ctx, h);
+ return ret;
+}
+
+static int tty_file_collect(struct ckpt_ctx *ctx, struct file *file)
+{
+ struct tty_struct *tty;
+ struct inode *inode;
+ int ret;
+
+ tty = (struct tty_struct *)file->private_data;
+ inode = file->f_path.dentry->d_inode;
+ if (tty_paranoia_check(tty, inode, "tty_collect"))
+ return -EIO;
+
+ if (!tty_can_checkpoint(ctx, tty))
+ return -ENOSYS;
+
+ ckpt_debug("collecting tty: %p\n", tty);
+ ret = ckpt_obj_collect(ctx, tty, CKPT_OBJ_TTY);
+ if (ret < 0)
+ return ret;
+
+ if (tty->driver->subtype == PTY_TYPE_MASTER) {
+ if (!tty->link) {
+ ckpt_err(ctx, -EIO, "%(T)%(P)tty: missing link\n\n",
+ tty);
+ return -EIO;
+ }
+ ckpt_debug("collecting slave tty: %p\n", tty->link);
+ ret = ckpt_obj_collect(ctx, tty->link, CKPT_OBJ_TTY);
+ }
+
+ return ret;
+}
+
+#define CKPT_LDISC_BAD (1 << TTY_LDISC_CHANGING)
+#define CKPT_LDISC_GOOD ((1 << TTY_LDISC_OPEN) | (1 << TTY_LDISC))
+#define CKPT_LDISC_FLAGS (CKPT_LDISC_GOOD | CKPT_LDISC_BAD)
+
+static int checkpoint_tty_ldisc(struct ckpt_ctx *ctx, struct tty_struct *tty)
+{
+ struct ckpt_hdr_ldisc_n_tty *h;
+ int datalen, read_tail;
+ int n, ret;
+
+ /* shouldn't reach here unless ldisc is n_tty */
+ BUG_ON(tty->ldisc->ops->num != N_TTY);
+
+ if ((tty->flags & CKPT_LDISC_FLAGS) != CKPT_LDISC_GOOD) {
+ ckpt_err(ctx, -EBUSY, "%(T)%(P)tty: bad ldisc flags %#lx\n",
+ tty, tty->flags);
+ return -EBUSY;
+ }
+
+ h = ckpt_hdr_get_type(ctx, sizeof(*h), CKPT_HDR_TTY_LDISC);
+ if (!h)
+ return -ENOMEM;
+
+ spin_lock_irq(&tty->read_lock);
+ h->column = tty->column;
+ h->datalen = tty->read_cnt;
+ h->canon_column = tty->canon_column;
+ h->canon_datalen = tty->canon_head;
+ if (tty->canon_head > tty->read_tail)
+ h->canon_datalen -= tty->read_tail;
+ else
+ h->canon_datalen += N_TTY_BUF_SIZE - tty->read_tail;
+ h->canon_data = tty->canon_data;
+
+ datalen = tty->read_cnt;
+ read_tail = tty->read_tail;
+ spin_unlock_irq(&tty->read_lock);
+
+ h->minimum_to_wake = tty->minimum_to_wake;
+
+ h->stopped = tty->stopped;
+ h->hw_stopped = tty->hw_stopped;
+ h->flow_stopped = tty->flow_stopped;
+ h->packet = tty->packet;
+ h->ctrl_status = tty->ctrl_status;
+ h->lnext = tty->lnext;
+ h->erasing = tty->erasing;
+ h->raw = tty->raw;
+ h->real_raw = tty->real_raw;
+ h->icanon = tty->icanon;
+ h->closing = tty->closing;
+
+ BUILD_BUG_ON(sizeof(h->read_flags) != sizeof(tty->read_flags));
+ memcpy(h->read_flags, tty->read_flags, sizeof(tty->read_flags));
+
+ ret = ckpt_write_obj(ctx, &h->h);
+ ckpt_hdr_put(ctx, h);
+ if (ret < 0)
+ return ret;
+
+ ckpt_debug("datalen %d\n", datalen);
+ if (datalen) {
+ ret = ckpt_write_buffer(ctx, NULL, datalen);
+ if (ret < 0)
+ return ret;
+ n = min(datalen, N_TTY_BUF_SIZE - read_tail);
+ ret = ckpt_kwrite(ctx, &tty->read_buf[read_tail], n);
+ if (ret < 0)
+ return ret;
+ n = datalen - n;
+ ret = ckpt_kwrite(ctx, tty->read_buf, n);
+ }
+
+ return ret;
+}
+
+#define CKPT_TTY_BAD ((1 << TTY_CLOSING) | (1 << TTY_FLUSHING))
+#define CKPT_TTY_GOOD 0
+
+static int checkpoint_tty(struct ckpt_ctx *ctx, void *ptr)
+{
+ struct tty_struct *tty = ptr;
+ struct ckpt_hdr_tty *h;
+ int link_objref;
+ int master = 0;
+ int ret;
+
+ if ((tty->flags & (CKPT_TTY_BAD | CKPT_TTY_GOOD)) != CKPT_TTY_GOOD) {
+ ckpt_err(ctx, -EBUSY, "%(T)%(P)tty: bad flags %#lx\n",
+ tty, tty->flags);
+ return -EBUSY;
+ }
+
+ /*
+ * If we ever support more than PTYs, this would be tty-type
+ * specific (and probably called via tty_operations).
+ */
+ link_objref = ckpt_obj_lookup(ctx, tty->link, CKPT_OBJ_TTY);
+
+ if (tty->driver->subtype == PTY_TYPE_MASTER)
+ master = 1;
+
+ /* tty is master if-and-only-if link_objref is zero */
+ BUG_ON(master ^ !link_objref);
+
+ h = ckpt_hdr_get_type(ctx, sizeof(*h), CKPT_HDR_TTY);
+ if (!h)
+ return -ENOMEM;
+
+ h->driver_type = tty->driver->type;
+ h->driver_subtype = tty->driver->subtype;
+
+ h->link_objref = link_objref;
+
+ /* if master, reserve an objref (see do_restore_tty) */
+ h->file_objref = (master ? ckpt_obj_reserve(ctx) : 0);
+ ckpt_debug("link %d file %d\n", h->link_objref, h->file_objref);
+
+ h->index = tty->index;
+ h->ldisc = tty->ldisc->ops->num;
+ h->flags = tty->flags;
+
+ mutex_lock(&tty->termios_mutex);
+ h->termios.c_line = tty->termios->c_line;
+ h->termios.c_iflag = tty->termios->c_iflag;
+ h->termios.c_oflag = tty->termios->c_oflag;
+ h->termios.c_cflag = tty->termios->c_cflag;
+ h->termios.c_lflag = tty->termios->c_lflag;
+ memcpy(h->termios.c_cc, tty->termios->c_cc, NCC);
+ h->winsize.ws_row = tty->winsize.ws_row;
+ h->winsize.ws_col = tty->winsize.ws_col;
+ h->winsize.ws_ypixel = tty->winsize.ws_ypixel;
+ h->winsize.ws_xpixel = tty->winsize.ws_xpixel;
+ mutex_unlock(&tty->termios_mutex);
+
+ ret = ckpt_write_obj(ctx, &h->h);
+ ckpt_hdr_put(ctx, h);
+ if (ret < 0)
+ return ret;
+
+ /* save line discipline data (also writes buffer) */
+ if (!test_bit(TTY_HUPPED, &tty->flags))
+ ret = checkpoint_tty_ldisc(ctx, tty);
+
+ return ret;
+}
+
+struct file *tty_file_restore(struct ckpt_ctx *ctx, struct ckpt_hdr_file *ptr)
+{
+ struct ckpt_hdr_file_tty *h = (struct ckpt_hdr_file_tty *) ptr;
+ struct tty_struct *tty;
+ struct file *file;
+ char slavepath[16]; /* "/dev/pts/###" */
+ int slavelock;
+ int ret;
+
+ if (ptr->h.type != CKPT_HDR_FILE ||
+ ptr->h.len != sizeof(*h) || ptr->f_type != CKPT_FILE_TTY)
+ return ERR_PTR(-EINVAL);
+
+ if (h->tty_objref <= 0)
+ return ERR_PTR(-EINVAL);
+
+ tty = ckpt_obj_fetch(ctx, h->tty_objref, CKPT_OBJ_TTY);
+ ckpt_debug("tty %p objref %d\n", tty, h->tty_objref);
+
+ /* at this point the tty should have been restore already */
+ if (IS_ERR(tty))
+ return (struct file *) tty;
+
+ /*
+ * If we ever support more than PTYs, this would be tty-type
+ * specific (and probably called via tty_operations).
+ */
+
+ /*
+ * If this tty is master, get the corresponding file from
+ * tty->tty_file. Otherwise, open the slave device.
+ */
+ if (tty->driver->subtype == PTY_TYPE_MASTER) {
+ file_list_lock();
+ file = list_first_entry(&tty->tty_files,
+ typeof(*file), f_u.fu_list);
+ get_file(file);
+ file_list_unlock();
+ ckpt_debug("master file %p\n", file);
+ } else {
+ sprintf(slavepath, "/dev/pts/%d", tty->index);
+ slavelock = test_bit(TTY_PTY_LOCK, &tty->link->flags);
+ clear_bit(TTY_PTY_LOCK, &tty->link->flags);
+ file = filp_open(slavepath, O_RDWR | O_NOCTTY, 0);
+ ckpt_debug("slave file %p (idnex %d)\n", file, tty->index);
+ if (IS_ERR(file))
+ return file;
+ if (slavelock)
+ set_bit(TTY_PTY_LOCK, &tty->link->flags);
+ }
+
+ ret = restore_file_common(ctx, file, ptr);
+ if (ret < 0) {
+ fput(file);
+ file = ERR_PTR(ret);
+ }
+
+ return file;
+}
+
+static int restore_tty_ldisc(struct ckpt_ctx *ctx,
+ struct tty_struct *tty,
+ struct ckpt_hdr_tty *hh)
+{
+ struct ckpt_hdr_ldisc_n_tty *h;
+ int ret = -EINVAL;
+
+ h = ckpt_read_obj_type(ctx, sizeof(*h), CKPT_HDR_TTY_LDISC);
+ if (IS_ERR(h))
+ return PTR_ERR(h);
+
+ /* this is unfair shortcut, because we know ldisc is n_tty */
+ if (hh->ldisc != N_TTY)
+ goto out;
+ if ((hh->flags & CKPT_LDISC_FLAGS) != CKPT_LDISC_GOOD)
+ goto out;
+
+ if (h->datalen > N_TTY_BUF_SIZE)
+ goto out;
+ if (h->canon_datalen > N_TTY_BUF_SIZE)
+ goto out;
+
+ if (h->datalen) {
+ ret = _ckpt_read_buffer(ctx, tty->read_buf, h->datalen);
+ if (ret < 0)
+ goto out;
+ }
+
+ /* TODO: sanitize all these values ? */
+
+ spin_lock_irq(&tty->read_lock);
+ tty->column = h->column;
+ tty->read_cnt = h->datalen;
+ tty->read_head = h->datalen;
+ tty->read_tail = 0;
+ tty->canon_column = h->canon_column;
+ tty->canon_head = h->canon_datalen;
+ tty->canon_data = h->canon_data;
+ spin_unlock_irq(&tty->read_lock);
+
+ tty->minimum_to_wake = h->minimum_to_wake;
+
+ tty->stopped = h->stopped;
+ tty->hw_stopped = h->hw_stopped;
+ tty->flow_stopped = h->flow_stopped;
+ tty->packet = h->packet;
+ tty->ctrl_status = h->ctrl_status;
+ tty->lnext = h->lnext;
+ tty->erasing = h->erasing;
+ tty->raw = h->raw;
+ tty->real_raw = h->real_raw;
+ tty->icanon = h->icanon;
+ tty->closing = h->closing;
+
+ BUILD_BUG_ON(sizeof(h->read_flags) != sizeof(tty->read_flags));
+ memcpy(tty->read_flags, h->read_flags, sizeof(tty->read_flags));
+ out:
+ ckpt_hdr_put(ctx, h);
+ return 0;
+}
+
+#define CKPT_PTMX_PATH "/dev/ptmx"
+
+static struct tty_struct *do_restore_tty(struct ckpt_ctx *ctx)
+{
+ struct ckpt_hdr_tty *h;
+ struct tty_struct *tty = ERR_PTR(-EINVAL);
+ struct file *file = NULL;
+ int master, ret;
+
+ h = ckpt_read_obj_type(ctx, sizeof(*h), CKPT_HDR_TTY);
+ if (IS_ERR(h))
+ return (struct tty_struct *) h;
+
+ if (h->driver_type != TTY_DRIVER_TYPE_PTY)
+ goto out;
+ if (h->driver_subtype == PTY_TYPE_MASTER)
+ master = 1;
+ else if (h->driver_subtype == PTY_TYPE_SLAVE)
+ master = 0;
+ else
+ goto out;
+ /* @link_object is positive if-and-only-if tty is not master */
+ if (h->link_objref < 0 || (master ^ !h->link_objref))
+ goto out;
+ /* @file_object is positive if-and-only-if tty is master */
+ if (h->file_objref < 0 || (master ^ !!h->file_objref))
+ goto out;
+ if (h->flags & CKPT_TTY_BAD)
+ goto out;
+ /* hung-up tty cannot be master, or have session or pgrp */
+ if (test_bit(TTY_HUPPED, (unsigned long *) &h->flags) && master)
+ goto out;
+
+ ckpt_debug("sanity checks passed, link %d\n", h->link_objref);
+
+ /*
+ * If we ever support more than PTYs, this would be tty-type
+ * specific (and probably called via tty_operations).
+ */
+ if (master) {
+ file = pty_open_by_index("/dev/ptmx", h->index);
+ if (IS_ERR(file)) {
+ int ret = PTR_ERR(file);
+ ckpt_err(ctx, ret, "%(T)Open ptmx\n");
+ tty = ERR_PTR(ret);
+ goto out;
+ }
+
+ /*
+ * Add file to objhash to ensure proper cleanup later
+ * (it isn't referenced elsewhere). Use h->file_objref
+ * which was explicitly during checkpoint for this.
+ */
+ ret = ckpt_obj_insert(ctx, file, h->file_objref, CKPT_OBJ_FILE);
+ fput(file); /* even on succes (referenced in objash) */
+ if (ret < 0) {
+ tty = ERR_PTR(ret);
+ goto out;
+ }
+
+ tty = file->private_data;
+ } else {
+ tty = ckpt_obj_fetch(ctx, h->link_objref, CKPT_OBJ_TTY);
+ if (IS_ERR(tty))
+ goto out;
+ tty = tty->link;
+ }
+
+ ckpt_debug("tty %p (hup %d)\n",
+ tty, test_bit(TTY_HUPPED, (unsigned long *) &h->flags));
+
+ /* we now have the desired tty: restore its state as per @h */
+
+ mutex_lock(&tty->termios_mutex);
+ tty->termios->c_line = h->termios.c_line;
+ tty->termios->c_iflag = h->termios.c_iflag;
+ tty->termios->c_oflag = h->termios.c_oflag;
+ tty->termios->c_cflag = h->termios.c_cflag;
+ tty->termios->c_lflag = h->termios.c_lflag;
+ memcpy(tty->termios->c_cc, h->termios.c_cc, NCC);
+ tty->winsize.ws_row = h->winsize.ws_row;
+ tty->winsize.ws_col = h->winsize.ws_col;
+ tty->winsize.ws_ypixel = h->winsize.ws_ypixel;
+ tty->winsize.ws_xpixel = h->winsize.ws_xpixel;
+ mutex_unlock(&tty->termios_mutex);
+
+ if (test_bit(TTY_HUPPED, (unsigned long *) &h->flags))
+ tty_vhangup(tty);
+ else {
+ ret = restore_tty_ldisc(ctx, tty, h);
+ if (ret < 0) {
+ tty = ERR_PTR(ret);
+ goto out;
+ }
+ }
+
+ tty_kref_get(tty);
+ out:
+ ckpt_hdr_put(ctx, h);
+ return tty;
+}
+
+static void *restore_tty(struct ckpt_ctx *ctx)
+{
+#ifdef CONFIG_UNIX98_PTYS
+ return (void *) do_restore_tty(ctx);
+#else
+ return ERR_PTR(-ENOSYS);
+#endif
+}
+
+static int obj_tty_grab(void *ptr)
+{
+ tty_kref_get((struct tty_struct *) ptr);
+ return 0;
+}
+
+static void obj_tty_drop(void *ptr, int lastref)
+{
+ tty_kref_put((struct tty_struct *) ptr);
+}
+
+static int obj_tty_users(void *ptr)
+{
+ return atomic_read(&((struct tty_struct *) ptr)->kref.refcount);
+}
+
+/* struct tty_struct */
+static const struct ckpt_obj_ops tty_ckpt_obj_ops = {
+ .obj_name = "TTY",
+ .obj_type = CKPT_OBJ_TTY,
+ .ref_drop = obj_tty_drop,
+ .ref_grab = obj_tty_grab,
+ .ref_users = obj_tty_users,
+ .checkpoint = checkpoint_tty,
+ .restore = restore_tty,
+};
+
+static inline int checkpoint_register_tty(void)
+{
+ return register_checkpoint_obj(&tty_ckpt_obj_ops);
+}
+#endif /* CONFIG_CHECKPOINT */
+
/*
* This implements the "Secure Attention Key" --- the idea is to
* prevent trojan horses by killing all processes associated with this
@@ -3146,6 +3678,10 @@ static int __init tty_init(void)
#ifdef CONFIG_VT
vty_init(&console_fops);
#endif
+#ifdef CONFIG_CHECKPOINT
+ return checkpoint_register_tty();
+#else
return 0;
+#endif
}
module_init(tty_init);
diff --git a/fs/checkpoint.c b/fs/checkpoint.c
index 23ec4de..9b29a26 100644
--- a/fs/checkpoint.c
+++ b/fs/checkpoint.c
@@ -626,6 +626,12 @@ static struct restore_file_ops restore_file_ops[] = {
.file_type = CKPT_FILE_SOCKET,
.restore = sock_file_restore,
},
+ /* tty */
+ {
+ .file_name = "TTY",
+ .file_type = CKPT_FILE_TTY,
+ .restore = tty_file_restore,
+ },
};
static void *restore_file(struct ckpt_ctx *ctx)
diff --git a/include/linux/checkpoint.h b/include/linux/checkpoint.h
index abf8cb5..adf5ca6 100644
--- a/include/linux/checkpoint.h
+++ b/include/linux/checkpoint.h
@@ -274,6 +274,7 @@ extern int restore_obj_signal(struct ckpt_ctx *ctx, int signal_objref);
extern int checkpoint_task_signal(struct ckpt_ctx *ctx, struct task_struct *t);
extern int restore_task_signal(struct ckpt_ctx *ctx);
+
static inline int ckpt_validate_errno(int errno)
{
return (errno >= 0) && (errno < MAX_ERRNO);
diff --git a/include/linux/checkpoint_hdr.h b/include/linux/checkpoint_hdr.h
index 1820f07..50138a0 100644
--- a/include/linux/checkpoint_hdr.h
+++ b/include/linux/checkpoint_hdr.h
@@ -123,6 +123,10 @@ enum {
#define CKPT_HDR_FILE CKPT_HDR_FILE
CKPT_HDR_PIPE_BUF,
#define CKPT_HDR_PIPE_BUF CKPT_HDR_PIPE_BUF
+ CKPT_HDR_TTY,
+#define CKPT_HDR_TTY CKPT_HDR_TTY
+ CKPT_HDR_TTY_LDISC,
+#define CKPT_HDR_TTY_LDISC CKPT_HDR_TTY_LDISC
CKPT_HDR_MM = 401,
#define CKPT_HDR_MM CKPT_HDR_MM
@@ -223,6 +227,8 @@ enum obj_type {
#define CKPT_OBJ_GROUPINFO CKPT_OBJ_GROUPINFO
CKPT_OBJ_SOCK,
#define CKPT_OBJ_SOCK CKPT_OBJ_SOCK
+ CKPT_OBJ_TTY,
+#define CKPT_OBJ_TTY CKPT_OBJ_TTY
CKPT_OBJ_MAX
#define CKPT_OBJ_MAX CKPT_OBJ_MAX
};
@@ -244,6 +250,9 @@ struct ckpt_const {
__u16 uts_domainname_len;
/* rlimit */
__u16 rlimit_nlimits;
+ /* tty */
+ __u16 n_tty_buf_size;
+ __u16 tty_termios_ncc;
} __attribute__((aligned(8)));
/* checkpoint image header */
@@ -474,6 +483,8 @@ enum file_type {
#define CKPT_FILE_FIFO CKPT_FILE_FIFO
CKPT_FILE_SOCKET,
#define CKPT_FILE_SOCKET CKPT_FILE_SOCKET
+ CKPT_FILE_TTY,
+#define CKPT_FILE_TTY CKPT_FILE_TTY
CKPT_FILE_MAX
#define CKPT_FILE_MAX CKPT_FILE_MAX
};
@@ -897,6 +908,84 @@ struct ckpt_hdr_ipc_sem {
} __attribute__((aligned(8)));
+/* devices */
+struct ckpt_hdr_file_tty {
+ struct ckpt_hdr_file common;
+ __s32 tty_objref;
+};
+
+struct ckpt_hdr_tty {
+ struct ckpt_hdr h;
+
+ __u16 driver_type;
+ __u16 driver_subtype;
+
+ __s32 link_objref;
+ __s32 file_objref;
+ __u32 _padding;
+
+ __u32 index;
+ __u32 ldisc;
+ __u64 flags;
+
+ /* termios */
+ struct {
+ __u16 c_iflag;
+ __u16 c_oflag;
+ __u16 c_cflag;
+ __u16 c_lflag;
+ __u8 c_line;
+ __u8 c_cc[CKPT_TTY_NCC];
+ } __attribute__((aligned(8))) termios;
+
+ /* winsize */
+ struct {
+ __u16 ws_row;
+ __u16 ws_col;
+ __u16 ws_xpixel;
+ __u16 ws_ypixel;
+ } __attribute__((aligned(8))) winsize;
+} __attribute__((aligned(8)));
+
+/* cannot include <linux/tty.h> from userspace, so define: */
+#define CKPT_N_TTY_BUF_SIZE 4096
+#ifdef __KERNEL__
+#include <linux/tty.h>
+#if CKPT_N_TTY_BUF_SIZE != N_TTY_BUF_SIZE
+#error CKPT_N_TTY_BUF_SIZE size is wrong per linux/tty.h
+#endif
+#endif
+
+struct ckpt_hdr_ldisc_n_tty {
+ struct ckpt_hdr h;
+
+ __u32 column;
+ __u32 datalen;
+ __u32 canon_column;
+ __u32 canon_datalen;
+ __u32 canon_data;
+
+ __u16 minimum_to_wake;
+
+ __u8 stopped;
+ __u8 hw_stopped;
+ __u8 flow_stopped;
+ __u8 packet;
+ __u8 ctrl_status;
+ __u8 lnext;
+ __u8 erasing;
+ __u8 raw;
+ __u8 real_raw;
+ __u8 icanon;
+ __u8 closing;
+ __u8 padding[3];
+
+ __u8 read_flags[CKPT_N_TTY_BUF_SIZE / 8];
+
+ /* if @datalen > 0, buffer contents follow (next object) */
+} __attribute__((aligned(8)));
+
+
#define CKPT_TST_OVERFLOW_16(a, b) \
((sizeof(a) > sizeof(b)) && ((a) > SHORT_MAX))
diff --git a/include/linux/tty.h b/include/linux/tty.h
index d0cbcec..3b7d8eb 100644
--- a/include/linux/tty.h
+++ b/include/linux/tty.h
@@ -513,6 +513,13 @@ extern void tty_ldisc_begin(void);
/* This last one is just for the tty layer internals and shouldn't be used elsewhere */
extern void tty_ldisc_enable(struct tty_struct *tty);
+#ifdef CONFIG_CHECKPOINT
+struct ckpt_ctx;
+struct ckpt_hdr_file;
+extern struct file *tty_file_restore(struct ckpt_ctx *ctx,
+ struct ckpt_hdr_file *ptr);
+#endif
+
/* n_tty.c */
extern struct tty_ldisc_ops tty_ldisc_N_TTY;
extern void n_tty_inherit_ops(struct tty_ldisc_ops *ops);
diff --git a/kernel/checkpoint/checkpoint.c b/kernel/checkpoint/checkpoint.c
index f72458d..72a706e 100644
--- a/kernel/checkpoint/checkpoint.c
+++ b/kernel/checkpoint/checkpoint.c
@@ -125,6 +125,9 @@ static void fill_kernel_const(struct ckpt_const *h)
h->uts_domainname_len = sizeof(uts->domainname);
/* rlimit */
h->rlimit_nlimits = RLIM_NLIMITS;
+ /* tty */
+ h->n_tty_buf_size = N_TTY_BUF_SIZE;
+ h->tty_termios_ncc = NCC;
}
/* write the checkpoint header */
diff --git a/kernel/checkpoint/restart.c b/kernel/checkpoint/restart.c
index e7a5b5b..7c38c1a 100644
--- a/kernel/checkpoint/restart.c
+++ b/kernel/checkpoint/restart.c
@@ -21,6 +21,7 @@
#include <linux/freezer.h>
#include <linux/magic.h>
#include <linux/utsname.h>
+#include <linux/termios.h>
#include <linux/elf.h>
#include <linux/deferqueue.h>
#include <linux/checkpoint.h>
@@ -588,6 +589,11 @@ static int check_kernel_const(struct ckpt_const *h)
/* rlimit */
if (h->rlimit_nlimits != RLIM_NLIMITS)
return -EINVAL;
+ /* tty */
+ if (h->n_tty_buf_size != N_TTY_BUF_SIZE)
+ return -EINVAL;
+ if (h->tty_termios_ncc != NCC)
+ return -EINVAL;
return 0;
}
--
1.6.3.3
^ permalink raw reply related [flat|nested] 137+ messages in thread* [PATCH v21 078/100] c/r: support for controlling terminal and job control
2010-05-01 14:14 [PATCH v21 00/100] Kernel based checkpoint/restart Oren Laadan
` (76 preceding siblings ...)
2010-05-01 14:15 ` [PATCH v21 077/100] c/r: [pty 2/2] support for pseudo terminals Oren Laadan
@ 2010-05-01 14:16 ` Oren Laadan
2010-05-01 14:16 ` [PATCH v21 079/100] c/r: checkpoint/restart epoll sets Oren Laadan
` (23 subsequent siblings)
101 siblings, 0 replies; 137+ messages in thread
From: Oren Laadan @ 2010-05-01 14:16 UTC (permalink / raw)
To: Andrew Morton
Cc: containers, linux-kernel, Serge Hallyn, Matt Helsley,
Pavel Emelyanov, Oren Laadan, Greg Kroah-Hartman, Alan Cox
Add checkpoint/restart of controlling terminal: current->signal->tty.
This is only done for session leaders.
If the session leader belongs to the ancestor pid-ns, then checkpoint
skips this tty; On restart, it will not be restored, and whatever tty
is in place from parent pid-ns (at restart) will be inherited.
Chagnelog [v1]:
- Don't restore tty_old_pgrp it pgid is CKPT_PID_NULL
- Initialize pgrp to NULL in restore_signal
Cc: Greg Kroah-Hartman <gregkh@suse.de>
Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>
Signed-off-by: Oren Laadan <orenl@cs.columbia.edu>
Acked-by: Serge E. Hallyn <serue@us.ibm.com>
Tested-by: Serge E. Hallyn <serue@us.ibm.com>
---
drivers/char/tty_io.c | 33 +++++++++++++----
include/linux/checkpoint.h | 1 +
include/linux/checkpoint_hdr.h | 6 +++
include/linux/tty.h | 5 +++
kernel/signal.c | 79 +++++++++++++++++++++++++++++++++++++++-
5 files changed, 115 insertions(+), 9 deletions(-)
diff --git a/drivers/char/tty_io.c b/drivers/char/tty_io.c
index 093f522..d264000 100644
--- a/drivers/char/tty_io.c
+++ b/drivers/char/tty_io.c
@@ -2175,7 +2175,7 @@ static int fionbio(struct file *file, int __user *p)
* Takes ->siglock() when updating signal->tty
*/
-static int tiocsctty(struct tty_struct *tty, int arg)
+int tiocsctty(struct tty_struct *tty, int arg)
{
int ret = 0;
if (current->signal->leader && (task_session(current) == tty->session))
@@ -2264,10 +2264,10 @@ static int tiocgpgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t
}
/**
- * tiocspgrp - attempt to set process group
+ * do_tiocspgrp - attempt to set process group
* @tty: tty passed by user
* @real_tty: tty side device matching tty passed by user
- * @p: pid pointer
+ * @pid: pgrp_nr
*
* Set the process group of the tty to the session passed. Only
* permitted where the tty session is our session.
@@ -2275,10 +2275,10 @@ static int tiocgpgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t
* Locking: RCU, ctrl lock
*/
-static int tiocspgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
+int do_tiocspgrp(struct tty_struct *tty,
+ struct tty_struct *real_tty, pid_t pgrp_nr)
{
struct pid *pgrp;
- pid_t pgrp_nr;
int retval = tty_check_change(real_tty);
unsigned long flags;
@@ -2290,8 +2290,6 @@ static int tiocspgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t
(current->signal->tty != real_tty) ||
(real_tty->session != task_session(current)))
return -ENOTTY;
- if (get_user(pgrp_nr, p))
- return -EFAULT;
if (pgrp_nr < 0)
return -EINVAL;
rcu_read_lock();
@@ -2313,6 +2311,27 @@ out_unlock:
}
/**
+ * tiocspgrp - attempt to set process group
+ * @tty: tty passed by user
+ * @real_tty: tty side device matching tty passed by user
+ * @p: pid pointer
+ *
+ * Set the process group of the tty to the session passed. Only
+ * permitted where the tty session is our session.
+ *
+ * Locking: RCU, ctrl lock
+ */
+
+static int tiocspgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
+{
+ pid_t pgrp_nr;
+
+ if (get_user(pgrp_nr, p))
+ return -EFAULT;
+ return do_tiocspgrp(tty, real_tty, pgrp_nr);
+}
+
+/**
* tiocgsid - get session id
* @tty: tty passed by user
* @real_tty: tty side of the tty pased by the user if a pty else the tty
diff --git a/include/linux/checkpoint.h b/include/linux/checkpoint.h
index adf5ca6..09fbb59 100644
--- a/include/linux/checkpoint.h
+++ b/include/linux/checkpoint.h
@@ -99,6 +99,7 @@ extern int restore_read_page(struct ckpt_ctx *ctx, struct page *page);
/* pids */
extern pid_t ckpt_pid_nr(struct ckpt_ctx *ctx, struct pid *pid);
+extern struct pid *_ckpt_find_pgrp(struct ckpt_ctx *ctx, pid_t pgid);
/* socket functions */
extern int ckpt_sock_getnames(struct ckpt_ctx *ctx,
diff --git a/include/linux/checkpoint_hdr.h b/include/linux/checkpoint_hdr.h
index 50138a0..79e8e2d 100644
--- a/include/linux/checkpoint_hdr.h
+++ b/include/linux/checkpoint_hdr.h
@@ -816,13 +816,19 @@ struct ckpt_rlimit {
struct ckpt_hdr_signal {
struct ckpt_hdr h;
+ /* rlimit */
struct ckpt_rlimit rlim[CKPT_RLIM_NLIMITS];
+ /* itimer */
__u64 it_real_value;
__u64 it_real_incr;
__u64 it_virt_value;
__u64 it_virt_incr;
__u64 it_prof_value;
__u64 it_prof_incr;
+ /* tty */
+ __s32 tty_objref;
+ __s32 tty_pgrp;
+ __s32 tty_old_pgrp;
} __attribute__((aligned(8)));
struct ckpt_hdr_signal_task {
diff --git a/include/linux/tty.h b/include/linux/tty.h
index 3b7d8eb..b511c7f 100644
--- a/include/linux/tty.h
+++ b/include/linux/tty.h
@@ -513,6 +513,11 @@ extern void tty_ldisc_begin(void);
/* This last one is just for the tty layer internals and shouldn't be used elsewhere */
extern void tty_ldisc_enable(struct tty_struct *tty);
+/* These are for checkpoint/restart */
+extern int tiocsctty(struct tty_struct *tty, int arg);
+extern int do_tiocspgrp(struct tty_struct *tty,
+ struct tty_struct *real_tty, pid_t pgrp_nr);
+
#ifdef CONFIG_CHECKPOINT
struct ckpt_ctx;
struct ckpt_hdr_file;
diff --git a/kernel/signal.c b/kernel/signal.c
index 1d511e7..e4ca9a6 100644
--- a/kernel/signal.c
+++ b/kernel/signal.c
@@ -3063,9 +3063,10 @@ static int checkpoint_signal(struct ckpt_ctx *ctx, struct task_struct *t)
struct timeval tval;
struct rlimit *rlim;
struct cpu_itimer *it;
+ struct tty_struct *tty = NULL;
cputime_t cputime;
unsigned long flags;
- int i, ret;
+ int i, ret = 0;
h = ckpt_hdr_get_type(ctx, sizeof(*h), CKPT_HDR_SIGNAL);
if (!h)
@@ -3147,9 +3148,34 @@ static int checkpoint_signal(struct ckpt_ctx *ctx, struct task_struct *t)
cputime_to_timeval(it->incr, &tval);
h->it_prof_incr = timeval_to_ns(&tval);
+ /* tty */
+ if (signal->leader) {
+ h->tty_old_pgrp = ckpt_pid_nr(ctx, signal->tty_old_pgrp);
+ tty = tty_kref_get(signal->tty);
+ if (tty) {
+ /* irq is already disabled */
+ spin_lock(&tty->ctrl_lock);
+ h->tty_pgrp = ckpt_pid_nr(ctx, tty->pgrp);
+ spin_unlock(&tty->ctrl_lock);
+ tty_kref_put(tty);
+ }
+ }
+
unlock_task_sighand(t, &flags);
- ret = ckpt_write_obj(ctx, &h->h);
+ /*
+ * If the session is in an ancestor namespace, skip this tty
+ * and set tty_objref = 0. It will not be explicitly restored,
+ * but rather inherited from parent pid-ns at restart time.
+ */
+ if (tty && ckpt_pid_nr(ctx, tty->session) > 0) {
+ h->tty_objref = checkpoint_obj(ctx, tty, CKPT_OBJ_TTY);
+ if (h->tty_objref < 0)
+ ret = h->tty_objref;
+ }
+
+ if (!ret)
+ ret = ckpt_write_obj(ctx, &h->h);
if (!ret)
ret = checkpoint_sigpending(ctx, &shared_pending);
@@ -3221,6 +3247,8 @@ static int restore_signal(struct ckpt_ctx *ctx)
struct ckpt_hdr_signal *h;
struct sigpending new_pending;
struct sigpending *pending;
+ struct tty_struct *tty = NULL;
+ struct pid *pgrp = NULL;
struct rlimit rlim;
int i, ret;
@@ -3241,6 +3269,40 @@ static int restore_signal(struct ckpt_ctx *ctx)
if (ret < 0)
goto out;
+ /* tty - session */
+ if (h->tty_objref) {
+ tty = ckpt_obj_fetch(ctx, h->tty_objref, CKPT_OBJ_TTY);
+ if (IS_ERR(tty)) {
+ ret = PTR_ERR(tty);
+ goto out;
+ }
+ /* this will fail unless we're the session leader */
+ ret = tiocsctty(tty, 0);
+ if (ret < 0)
+ goto out;
+ /* now restore the foreground group (job control) */
+ if (h->tty_pgrp) {
+ /*
+ * If tty_pgrp == CKPT_PID_NULL, below will
+ * fail, so no need for explicit test
+ */
+ ret = do_tiocspgrp(tty, tty_pair_get_tty(tty),
+ h->tty_pgrp);
+ if (ret < 0)
+ goto out;
+ }
+ } else {
+ /*
+ * If tty_objref isn't set, we _keep_ whatever tty we
+ * already have as a ctty. Why does this make sense ?
+ * - If our session is "within" the restart context,
+ * then that session has no controlling terminal.
+ * - If out session is "outside" the restart context,
+ * then we're like to keep whatever we inherit from
+ * the parent pid-ns.
+ */
+ }
+
/*
* Reset real/virt/prof itimer (in case they were set), to
* prevent unwanted signals after flushing current signals
@@ -3252,7 +3314,20 @@ static int restore_signal(struct ckpt_ctx *ctx)
do_setitimer(ITIMER_VIRTUAL, &itimer, NULL);
do_setitimer(ITIMER_PROF, &itimer, NULL);
+ /* tty - tty_old_pgrp */
+ if (current->signal->leader && h->tty_old_pgrp != CKPT_PID_NULL) {
+ rcu_read_lock();
+ pgrp = get_pid(_ckpt_find_pgrp(ctx, h->tty_old_pgrp));
+ rcu_read_unlock();
+ if (!pgrp)
+ goto out;
+ }
+
spin_lock_irq(¤t->sighand->siglock);
+ /* tty - tty_old_pgrp */
+ put_pid(current->signal->tty_old_pgrp);
+ current->signal->tty_old_pgrp = pgrp;
+ /* pending signals */
pending = ¤t->signal->shared_pending;
flush_sigqueue(pending);
pending->signal = new_pending.signal;
--
1.6.3.3
^ permalink raw reply related [flat|nested] 137+ messages in thread* [PATCH v21 079/100] c/r: checkpoint/restart epoll sets
2010-05-01 14:14 [PATCH v21 00/100] Kernel based checkpoint/restart Oren Laadan
` (77 preceding siblings ...)
2010-05-01 14:16 ` [PATCH v21 078/100] c/r: support for controlling terminal and job control Oren Laadan
@ 2010-05-01 14:16 ` Oren Laadan
2010-05-01 14:16 ` [PATCH v21 080/100] c/r: checkpoint/restart eventfd Oren Laadan
` (22 subsequent siblings)
101 siblings, 0 replies; 137+ messages in thread
From: Oren Laadan @ 2010-05-01 14:16 UTC (permalink / raw)
To: Andrew Morton
Cc: containers, linux-kernel, Serge Hallyn, Matt Helsley,
Pavel Emelyanov, Davide Libenzi, linux-fsdevel
From: Matt Helsley <matthltc@us.ibm.com>
Save/restore epoll items during checkpoint/restart respectively.
Output the epoll header and items separately. Chunk the output much
like the pid array gets chunked. This ensures that even sub-order 0
allocations will enable checkpoint of large epoll sets. A subsequent
patch will do something similar for the restore path.
On restart, we grab a piece of memory suitable to store a "chunk" of
items for input. Read the input one chunk at a time and add epoll
items for each item in the chunk.
Changelog [v21]:
- Put file_ops->checkpoint under CONFIG_CHECKPOINT
Changelog [v19]:
- [Oren Laadan] Fix broken compilation for no-c/r architectures
Changelog [v19-rc1]:
- [Oren Laadan] Return -EBUSY (not BUG_ON) if fd is gone on restart
- [Oren Laadan] Fix the chunk size instead of auto-tune
Changelog v5:
Fix potential recursion during collect.
Replace call to ckpt_obj_collect() with ckpt_collect_file().
[Oren]
Fix checkpoint leak detection when there are more items than
expected.
Cleanup/simplify error write paths. (will complicate in a later
patch) [Oren]
Remove files_deferq bits. [Oren]
Remove extra newline. [Oren]
Remove aggregate check on number of watches added. [Oren]
This is OK since these will be done individually anyway.
Remove check for negative objrefs during restart. [Oren]
Fixup comment regarding race that indicates checkpoint leaks.
[Oren]
s/ckpt_read_obj/ckpt_read_buf_type/ [Oren]
Patch for lots of epoll items follows.
Moved sys_close(epfd) right under fget(). [Oren]
Use CKPT_HDR_BUFFER rather than custome ckpt_read/write_*
This makes it more similar to the pid array code. [Oren]
It also simplifies the error recovery paths.
Tested polling a pipe and 50,000 UNIX sockets.
Changelog v4: ckpt-v18
Use files_deferq as submitted by Dan Smith
Cleanup to only report >= 1 items when debugging.
Changelog v3: [unposted]
Removed most of the TODOs -- the remainder will be removed by
subsequent patches.
Fixed missing ep_file_collect() [Serge]
Rather than include checkpoint_hdr.h declare (but do not define)
the two structs needed in eventpoll.h [Oren]
Complain with ckpt_write_err() when we detect checkpoint obj
leaks. [Oren]
Remove redundant is_epoll_file() check in collect. [Oren]
Move epfile_objref lookup to simplify error handling. [Oren]
Simplify error handling with early return in
ep_eventpoll_checkpoint(). [Oren]
Cleaned up a comment. [Oren]
Shorten CKPT_HDR_FILE_EPOLL_ITEMS (-FILE) [Oren]
Renumbered to indicate that it follows the file table.
Renamed the epoll struct in checkpoint_hdr.h [Oren]
Also renamed substruct.
Fixup return of empty ep_file_restore(). [Oren]
Changed some error returns. [Oren]
Changed some tests to BUG_ON(). [Oren]
Factored out watch insert with epoll_ctl() into do_epoll_ctl().
[Cedric, Oren]
Cc: Davide Libenzi <davidel@xmailserver.org>
Cc: linux-fsdevel@vger.kernel.org
Signed-off-by: Matt Helsley <matthltc@us.ibm.com>
Acked-by: Oren Laadan <orenl@cs.columbia.edu>
Acked-by: Serge Hallyn <serue@us.ibm.com>
---
fs/checkpoint.c | 7 +
fs/eventpoll.c | 334 ++++++++++++++++++++++++++++++++++++----
include/linux/checkpoint_hdr.h | 18 ++
include/linux/eventpoll.h | 17 ++-
4 files changed, 347 insertions(+), 29 deletions(-)
diff --git a/fs/checkpoint.c b/fs/checkpoint.c
index 9b29a26..3bfa692 100644
--- a/fs/checkpoint.c
+++ b/fs/checkpoint.c
@@ -21,6 +21,7 @@
#include <linux/syscalls.h>
#include <linux/deferqueue.h>
#include <linux/checkpoint.h>
+#include <linux/eventpoll.h>
#include <net/sock.h>
/**************************************************************************
@@ -632,6 +633,12 @@ static struct restore_file_ops restore_file_ops[] = {
.file_type = CKPT_FILE_TTY,
.restore = tty_file_restore,
},
+ /* epoll */
+ {
+ .file_name = "EPOLL",
+ .file_type = CKPT_FILE_EPOLL,
+ .restore = ep_file_restore,
+ },
};
static void *restore_file(struct ckpt_ctx *ctx)
diff --git a/fs/eventpoll.c b/fs/eventpoll.c
index bd056a5..99920d2 100644
--- a/fs/eventpoll.c
+++ b/fs/eventpoll.c
@@ -39,6 +39,9 @@
#include <asm/mman.h>
#include <asm/atomic.h>
+#include <linux/checkpoint.h>
+#include <linux/deferqueue.h>
+
/*
* LOCKING:
* There are three level of locking required by epoll :
@@ -671,10 +674,19 @@ static unsigned int ep_eventpoll_poll(struct file *file, poll_table *wait)
return pollflags != -1 ? pollflags : 0;
}
+#ifdef CONFIG_CHECKPOINT
+static int ep_eventpoll_checkpoint(struct ckpt_ctx *ctx, struct file *file);
+static int ep_file_collect(struct ckpt_ctx *ctx, struct file *file);
+#endif
+
/* File callbacks that implement the eventpoll file behaviour */
static const struct file_operations eventpoll_fops = {
.release = ep_eventpoll_release,
- .poll = ep_eventpoll_poll
+ .poll = ep_eventpoll_poll,
+#ifdef CONFIG_CHECKPOINT
+ .checkpoint = ep_eventpoll_checkpoint,
+ .collect = ep_file_collect,
+#endif
};
/* Fast test to see if the file is an evenpoll file */
@@ -1226,35 +1238,18 @@ SYSCALL_DEFINE1(epoll_create, int, size)
* the eventpoll file that enables the insertion/removal/change of
* file descriptors inside the interest set.
*/
-SYSCALL_DEFINE4(epoll_ctl, int, epfd, int, op, int, fd,
- struct epoll_event __user *, event)
+int do_epoll_ctl(int op, int fd,
+ struct file *file, struct file *tfile,
+ struct epoll_event *epds)
{
int error;
- struct file *file, *tfile;
struct eventpoll *ep;
struct epitem *epi;
- struct epoll_event epds;
-
- error = -EFAULT;
- if (ep_op_has_event(op) &&
- copy_from_user(&epds, event, sizeof(struct epoll_event)))
- goto error_return;
-
- /* Get the "struct file *" for the eventpoll file */
- error = -EBADF;
- file = fget(epfd);
- if (!file)
- goto error_return;
-
- /* Get the "struct file *" for the target file */
- tfile = fget(fd);
- if (!tfile)
- goto error_fput;
/* The target file descriptor must support poll */
error = -EPERM;
if (!tfile->f_op || !tfile->f_op->poll)
- goto error_tgt_fput;
+ return error;
/*
* We have to check that the file structure underneath the file descriptor
@@ -1263,7 +1258,7 @@ SYSCALL_DEFINE4(epoll_ctl, int, epfd, int, op, int, fd,
*/
error = -EINVAL;
if (file == tfile || !is_file_epoll(file))
- goto error_tgt_fput;
+ return error;
/*
* At this point it is safe to assume that the "private_data" contains
@@ -1284,8 +1279,8 @@ SYSCALL_DEFINE4(epoll_ctl, int, epfd, int, op, int, fd,
switch (op) {
case EPOLL_CTL_ADD:
if (!epi) {
- epds.events |= POLLERR | POLLHUP;
- error = ep_insert(ep, &epds, tfile, fd);
+ epds->events |= POLLERR | POLLHUP;
+ error = ep_insert(ep, epds, tfile, fd);
} else
error = -EEXIST;
break;
@@ -1297,15 +1292,46 @@ SYSCALL_DEFINE4(epoll_ctl, int, epfd, int, op, int, fd,
break;
case EPOLL_CTL_MOD:
if (epi) {
- epds.events |= POLLERR | POLLHUP;
- error = ep_modify(ep, epi, &epds);
+ epds->events |= POLLERR | POLLHUP;
+ error = ep_modify(ep, epi, epds);
} else
error = -ENOENT;
break;
}
mutex_unlock(&ep->mtx);
-error_tgt_fput:
+ return error;
+}
+
+/*
+ * The following function implements the controller interface for
+ * the eventpoll file that enables the insertion/removal/change of
+ * file descriptors inside the interest set.
+ */
+SYSCALL_DEFINE4(epoll_ctl, int, epfd, int, op, int, fd,
+ struct epoll_event __user *, event)
+{
+ int error;
+ struct file *file, *tfile;
+ struct epoll_event epds;
+
+ error = -EFAULT;
+ if (ep_op_has_event(op) &&
+ copy_from_user(&epds, event, sizeof(struct epoll_event)))
+ goto error_return;
+
+ /* Get the "struct file *" for the eventpoll file */
+ error = -EBADF;
+ file = fget(epfd);
+ if (!file)
+ goto error_return;
+
+ /* Get the "struct file *" for the target file */
+ tfile = fget(fd);
+ if (!tfile)
+ goto error_fput;
+
+ error = do_epoll_ctl(op, fd, file, tfile, &epds);
fput(tfile);
error_fput:
fput(file);
@@ -1413,6 +1439,258 @@ SYSCALL_DEFINE6(epoll_pwait, int, epfd, struct epoll_event __user *, events,
#endif /* HAVE_SET_RESTORE_SIGMASK */
+#ifdef CONFIG_CHECKPOINT
+static int ep_file_collect(struct ckpt_ctx *ctx, struct file *file)
+{
+ struct rb_node *rbp;
+ struct eventpoll *ep;
+ int ret = 0;
+
+ ep = file->private_data;
+ mutex_lock(&ep->mtx);
+ for (rbp = rb_first(&ep->rbr); rbp; rbp = rb_next(rbp)) {
+ struct epitem *epi;
+
+ epi = rb_entry(rbp, struct epitem, rbn);
+ if (is_file_epoll(epi->ffd.file))
+ continue; /* Don't recurse */
+ ret = ckpt_collect_file(ctx, epi->ffd.file);
+ if (ret < 0)
+ break;
+ }
+ mutex_unlock(&ep->mtx);
+ return ret;
+}
+
+struct epoll_deferq_entry {
+ struct ckpt_ctx *ctx;
+ struct file *epfile;
+};
+
+#define CKPT_EPOLL_CHUNK (8096 / (int) sizeof(struct ckpt_eventpoll_item))
+
+static int ep_items_checkpoint(void *data)
+{
+ struct epoll_deferq_entry *dq_entry = data;
+ struct ckpt_ctx *ctx;
+ struct ckpt_hdr_eventpoll_items *h;
+ struct ckpt_eventpoll_item *items;
+ struct rb_node *rbp;
+ struct eventpoll *ep;
+ __s32 epfile_objref;
+ int num_items = 0, ret;
+
+ ctx = dq_entry->ctx;
+
+ epfile_objref = ckpt_obj_lookup(ctx, dq_entry->epfile, CKPT_OBJ_FILE);
+ BUG_ON(epfile_objref <= 0);
+
+ ep = dq_entry->epfile->private_data;
+ mutex_lock(&ep->mtx);
+ for (rbp = rb_first(&ep->rbr); rbp; rbp = rb_next(rbp))
+ num_items++;
+ mutex_unlock(&ep->mtx);
+
+ h = ckpt_hdr_get_type(ctx, sizeof(*h), CKPT_HDR_EPOLL_ITEMS);
+ if (!h)
+ return -ENOMEM;
+ h->num_items = num_items;
+ h->epfile_objref = epfile_objref;
+ ret = ckpt_write_obj(ctx, &h->h);
+ ckpt_hdr_put(ctx, h);
+ if (ret || !num_items)
+ return ret;
+
+ ret = ckpt_write_obj_type(ctx, NULL, sizeof(*items)*num_items,
+ CKPT_HDR_BUFFER);
+ if (ret < 0)
+ return ret;
+
+ items = kzalloc(sizeof(*items) * CKPT_EPOLL_CHUNK, GFP_KERNEL);
+ if (!items)
+ return -ENOMEM;
+
+ /*
+ * Walk the rbtree copying items into the chunk of memory and then
+ * writing them to the checkpoint image
+ */
+ ret = 0;
+ mutex_lock(&ep->mtx);
+ rbp = rb_first(&ep->rbr);
+ while ((num_items > 0) && rbp) {
+ int n = min(num_items, CKPT_EPOLL_CHUNK);
+ int j;
+
+ for (j = 0; rbp && j < n; j++, rbp = rb_next(rbp)) {
+ struct epitem *epi;
+ int objref;
+
+ epi = rb_entry(rbp, struct epitem, rbn);
+ items[j].fd = epi->ffd.fd;
+ items[j].events = epi->event.events;
+ items[j].data = epi->event.data;
+ objref = ckpt_obj_lookup(ctx, epi->ffd.file,
+ CKPT_OBJ_FILE);
+ if (objref <= 0)
+ goto unlock;
+ items[j].file_objref = objref;
+ }
+ ret = ckpt_kwrite(ctx, items, n*sizeof(*items));
+ if (ret < 0)
+ break;
+ num_items -= n;
+ }
+unlock:
+ mutex_unlock(&ep->mtx);
+ kfree(items);
+ if (num_items != 0 || (num_items == 0 && rbp))
+ ret = -EBUSY; /* extra item(s) -- checkpoint obj leak */
+ if (ret)
+ ckpt_err(ctx, ret, "Checkpointing epoll items.\n");
+ return ret;
+}
+
+static int ep_eventpoll_checkpoint(struct ckpt_ctx *ctx, struct file *file)
+{
+ struct ckpt_hdr_file *h;
+ struct epoll_deferq_entry dq_entry;
+ int ret = -ENOMEM;
+
+ h = ckpt_hdr_get_type(ctx, sizeof(*h), CKPT_HDR_FILE);
+ if (!h)
+ return -ENOMEM;
+ h->f_type = CKPT_FILE_EPOLL;
+ ret = checkpoint_file_common(ctx, file, h);
+ if (ret < 0)
+ goto out;
+ ret = ckpt_write_obj(ctx, &h->h);
+ if (ret < 0)
+ goto out;
+
+ /*
+ * Defer saving the epoll items until all of the ffd.file pointers
+ * have an objref; after the file table has been checkpointed.
+ */
+ dq_entry.ctx = ctx;
+ dq_entry.epfile = file;
+ ret = deferqueue_add(ctx->files_deferq, &dq_entry,
+ sizeof(dq_entry), ep_items_checkpoint, NULL);
+out:
+ ckpt_hdr_put(ctx, h);
+ return ret;
+}
+
+static int ep_items_restore(void *data)
+{
+ struct ckpt_ctx *ctx = deferqueue_data_ptr(data);
+ struct ckpt_hdr_eventpoll_items *h;
+ struct ckpt_eventpoll_item *items = NULL;
+ struct eventpoll *ep;
+ struct file *epfile = NULL;
+ int ret, num_items;
+
+ h = ckpt_read_obj_type(ctx, sizeof(*h), CKPT_HDR_EPOLL_ITEMS);
+ if (IS_ERR(h))
+ return PTR_ERR(h);
+ num_items = h->num_items;
+ epfile = ckpt_obj_fetch(ctx, h->epfile_objref, CKPT_OBJ_FILE);
+ ckpt_hdr_put(ctx, h);
+
+ /* Make sure userspace didn't give us a ref to a non-epoll file. */
+ if (IS_ERR(epfile))
+ return PTR_ERR(epfile);
+ if (!is_file_epoll(epfile))
+ return -EINVAL;
+ if (!num_items)
+ return 0;
+
+ ret = _ckpt_read_obj_type(ctx, NULL, 0, CKPT_HDR_BUFFER);
+ if (ret < 0)
+ return ret;
+ /* Make sure the items match the size we expect */
+ if (num_items != (ret / sizeof(*items)))
+ return -EINVAL;
+
+ items = kzalloc(sizeof(*items) * CKPT_EPOLL_CHUNK, GFP_KERNEL);
+ if (!items)
+ return -ENOMEM;
+
+ ep = epfile->private_data;
+
+ while (num_items > 0) {
+ int n = min(num_items, CKPT_EPOLL_CHUNK);
+ int j;
+
+ ret = ckpt_kread(ctx, items, n*sizeof(*items));
+ if (ret < 0)
+ break;
+
+ /* Restore the epoll items/watches */
+ for (j = 0; !ret && j < n; j++) {
+ struct epoll_event epev;
+ struct file *tfile;
+
+ tfile = ckpt_obj_fetch(ctx, items[j].file_objref,
+ CKPT_OBJ_FILE);
+ if (IS_ERR(tfile)) {
+ ret = PTR_ERR(tfile);
+ goto out;
+ }
+ epev.events = items[j].events;
+ epev.data = items[j].data;
+ ret = do_epoll_ctl(EPOLL_CTL_ADD, items[j].fd,
+ epfile, tfile, &epev);
+ }
+ num_items -= n;
+ }
+out:
+ kfree(items);
+ return ret;
+}
+
+struct file *ep_file_restore(struct ckpt_ctx *ctx,
+ struct ckpt_hdr_file *h)
+{
+ struct file *epfile;
+ int epfd, ret;
+
+ if (h->h.type != CKPT_HDR_FILE ||
+ h->h.len != sizeof(*h) ||
+ h->f_type != CKPT_FILE_EPOLL)
+ return ERR_PTR(-EINVAL);
+
+ epfd = sys_epoll_create1(h->f_flags & EPOLL_CLOEXEC);
+ if (epfd < 0)
+ return ERR_PTR(epfd);
+ epfile = fget(epfd);
+ sys_close(epfd); /* harmless even if an error occured */
+ if (!epfile) /* can happen with a malicious user */
+ return ERR_PTR(-EBUSY);
+
+ /*
+ * Needed before we can properly restore the watches and enforce the
+ * limit on watch numbers.
+ */
+ ret = restore_file_common(ctx, epfile, h);
+ if (ret < 0)
+ goto fput_out;
+
+ /*
+ * Defer restoring the epoll items until the file table is
+ * fully restored. Ensures that valid file objrefs will resolve.
+ */
+ ret = deferqueue_add_ptr(ctx->files_deferq, ctx,
+ ep_items_restore, NULL);
+ if (ret < 0) {
+fput_out:
+ fput(epfile);
+ epfile = ERR_PTR(ret);
+ }
+ return epfile;
+}
+
+#endif /* CONFIG_CHECKPOINT */
+
static int __init eventpoll_init(void)
{
struct sysinfo si;
diff --git a/include/linux/checkpoint_hdr.h b/include/linux/checkpoint_hdr.h
index 79e8e2d..21540d7 100644
--- a/include/linux/checkpoint_hdr.h
+++ b/include/linux/checkpoint_hdr.h
@@ -127,6 +127,8 @@ enum {
#define CKPT_HDR_TTY CKPT_HDR_TTY
CKPT_HDR_TTY_LDISC,
#define CKPT_HDR_TTY_LDISC CKPT_HDR_TTY_LDISC
+ CKPT_HDR_EPOLL_ITEMS, /* must be after file-table */
+#define CKPT_HDR_EPOLL_ITEMS CKPT_HDR_EPOLL_ITEMS
CKPT_HDR_MM = 401,
#define CKPT_HDR_MM CKPT_HDR_MM
@@ -485,6 +487,8 @@ enum file_type {
#define CKPT_FILE_SOCKET CKPT_FILE_SOCKET
CKPT_FILE_TTY,
#define CKPT_FILE_TTY CKPT_FILE_TTY
+ CKPT_FILE_EPOLL,
+#define CKPT_FILE_EPOLL CKPT_FILE_EPOLL
CKPT_FILE_MAX
#define CKPT_FILE_MAX CKPT_FILE_MAX
};
@@ -701,6 +705,20 @@ struct ckpt_hdr_file_socket {
__s32 sock_objref;
} __attribute__((aligned(8)));
+struct ckpt_hdr_eventpoll_items {
+ struct ckpt_hdr h;
+ __s32 epfile_objref;
+ __u32 num_items;
+} __attribute__((aligned(8)));
+
+/* Contained in a CKPT_HDR_BUFFER following the ckpt_hdr_eventpoll_items */
+struct ckpt_eventpoll_item {
+ __u64 data;
+ __u32 fd;
+ __s32 file_objref;
+ __u32 events;
+} __attribute__((aligned(8)));
+
/* memory layout */
struct ckpt_hdr_mm {
struct ckpt_hdr h;
diff --git a/include/linux/eventpoll.h b/include/linux/eventpoll.h
index f6856a5..52282ae 100644
--- a/include/linux/eventpoll.h
+++ b/include/linux/eventpoll.h
@@ -56,6 +56,9 @@ struct file;
#ifdef CONFIG_EPOLL
+struct ckpt_ctx;
+struct ckpt_hdr_file;
+
/* Used to initialize the epoll bits inside the "struct file" */
static inline void eventpoll_init_file(struct file *file)
@@ -95,11 +98,23 @@ static inline void eventpoll_release(struct file *file)
eventpoll_release_file(file);
}
-#else
+#ifdef CONFIG_CHECKPOINT
+extern struct file *ep_file_restore(struct ckpt_ctx *ctx,
+ struct ckpt_hdr_file *h);
+#endif
+#else
+/* !defined(CONFIG_EPOLL) */
static inline void eventpoll_init_file(struct file *file) {}
static inline void eventpoll_release(struct file *file) {}
+#ifdef CONFIG_CHECKPOINT
+static inline struct file *ep_file_restore(struct ckpt_ctx *ctx,
+ struct ckpt_hdr_file *ptr)
+{
+ return ERR_PTR(-ENOSYS);
+}
+#endif
#endif
#endif /* #ifdef __KERNEL__ */
--
1.6.3.3
^ permalink raw reply related [flat|nested] 137+ messages in thread* [PATCH v21 080/100] c/r: checkpoint/restart eventfd
2010-05-01 14:14 [PATCH v21 00/100] Kernel based checkpoint/restart Oren Laadan
` (78 preceding siblings ...)
2010-05-01 14:16 ` [PATCH v21 079/100] c/r: checkpoint/restart epoll sets Oren Laadan
@ 2010-05-01 14:16 ` Oren Laadan
2010-05-01 14:16 ` [PATCH v21 081/100] c/r: restore task fs_root and pwd (v3) Oren Laadan
` (21 subsequent siblings)
101 siblings, 0 replies; 137+ messages in thread
From: Oren Laadan @ 2010-05-01 14:16 UTC (permalink / raw)
To: Andrew Morton
Cc: containers, linux-kernel, Serge Hallyn, Matt Helsley,
Pavel Emelyanov, Davide Libenzi, linux-fsdevel
From: Matt Helsley <matthltc@us.ibm.com>
Save/restore eventfd files. These are anon_inodes just like epoll
but instead of a set of files to poll they are a 64-bit counter
and a flag value. Used for AIO.
[Oren Laadan] Added #ifdef's around checkpoint/restart to compile even
without CONFIG_CHECKPOINT
Changelog[v21]:
- Add missing spin locks around eventfd checkpoint
- Put file_ops->checkpoint under CONFIG_CHECKPOINT
Changelog[v19]:
- Fix broken compilation for architectures that don't support c/r
Cc: Davide Libenzi <davidel@xmailserver.org>
Cc: linux-fsdevel@vger.kernel.org
Signed-off-by: Matt Helsley <matthltc@us.ibm.com>
Acked-by: Oren Laadan <orenl@cs.columbia.edu>
Acked-by: Serge E. Hallyn <serue@us.ibm.com>
Tested-by: Serge E. Hallyn <serue@us.ibm.com>
---
fs/checkpoint.c | 7 +++++
fs/eventfd.c | 57 ++++++++++++++++++++++++++++++++++++++++
include/linux/checkpoint_hdr.h | 8 +++++
include/linux/eventfd.h | 10 +++++++
4 files changed, 82 insertions(+), 0 deletions(-)
diff --git a/fs/checkpoint.c b/fs/checkpoint.c
index 3bfa692..e0f8a15 100644
--- a/fs/checkpoint.c
+++ b/fs/checkpoint.c
@@ -22,6 +22,7 @@
#include <linux/deferqueue.h>
#include <linux/checkpoint.h>
#include <linux/eventpoll.h>
+#include <linux/eventfd.h>
#include <net/sock.h>
/**************************************************************************
@@ -639,6 +640,12 @@ static struct restore_file_ops restore_file_ops[] = {
.file_type = CKPT_FILE_EPOLL,
.restore = ep_file_restore,
},
+ /* eventfd */
+ {
+ .file_name = "EVENTFD",
+ .file_type = CKPT_FILE_EVENTFD,
+ .restore = eventfd_restore,
+ },
};
static void *restore_file(struct ckpt_ctx *ctx)
diff --git a/fs/eventfd.c b/fs/eventfd.c
index 6bd3f76..307beca 100644
--- a/fs/eventfd.c
+++ b/fs/eventfd.c
@@ -19,6 +19,7 @@
#include <linux/module.h>
#include <linux/kref.h>
#include <linux/eventfd.h>
+#include <linux/checkpoint.h>
struct eventfd_ctx {
struct kref kref;
@@ -288,11 +289,67 @@ static ssize_t eventfd_write(struct file *file, const char __user *buf, size_t c
return res;
}
+#ifdef CONFIG_CHECKPOINT
+static int eventfd_checkpoint(struct ckpt_ctx *ckpt_ctx, struct file *file)
+{
+ struct eventfd_ctx *ctx;
+ struct ckpt_hdr_file_eventfd *h;
+ int ret = -ENOMEM;
+
+ h = ckpt_hdr_get_type(ckpt_ctx, sizeof(*h), CKPT_HDR_FILE);
+ if (!h)
+ return -ENOMEM;
+ h->common.f_type = CKPT_FILE_EVENTFD;
+ ret = checkpoint_file_common(ckpt_ctx, file, &h->common);
+ if (ret < 0)
+ goto out;
+ ctx = file->private_data;
+ spin_lock_irq(&ctx->wqh.lock);
+ h->count = ctx->count;
+ h->flags = ctx->flags;
+ spin_unlock_irq(&ctx->wqh.lock);
+ ret = ckpt_write_obj(ckpt_ctx, &h->common.h);
+out:
+ ckpt_hdr_put(ckpt_ctx, h);
+ return ret;
+}
+
+struct file *eventfd_restore(struct ckpt_ctx *ckpt_ctx,
+ struct ckpt_hdr_file *ptr)
+{
+ struct ckpt_hdr_file_eventfd *h = (struct ckpt_hdr_file_eventfd *) ptr;
+ struct file *evfile;
+ int evfd, ret;
+
+ /* Already know type == CKPT_HDR_FILE and f_type == CKPT_FILE_EVENTFD */
+ if (h->common.h.len != sizeof(*h))
+ return ERR_PTR(-EINVAL);
+
+ evfd = sys_eventfd2(h->count, h->flags);
+ if (evfd < 0)
+ return ERR_PTR(evfd);
+ evfile = fget(evfd);
+ sys_close(evfd);
+ if (!evfile)
+ return ERR_PTR(-EBUSY);
+
+ ret = restore_file_common(ckpt_ctx, evfile, &h->common);
+ if (ret < 0) {
+ fput(evfile);
+ return ERR_PTR(ret);
+ }
+ return evfile;
+}
+#endif
+
static const struct file_operations eventfd_fops = {
.release = eventfd_release,
.poll = eventfd_poll,
.read = eventfd_read,
.write = eventfd_write,
+#ifdef CONFIG_CHECKPOINT
+ .checkpoint = eventfd_checkpoint,
+#endif
};
/**
diff --git a/include/linux/checkpoint_hdr.h b/include/linux/checkpoint_hdr.h
index 21540d7..e89fbf9 100644
--- a/include/linux/checkpoint_hdr.h
+++ b/include/linux/checkpoint_hdr.h
@@ -489,6 +489,8 @@ enum file_type {
#define CKPT_FILE_TTY CKPT_FILE_TTY
CKPT_FILE_EPOLL,
#define CKPT_FILE_EPOLL CKPT_FILE_EPOLL
+ CKPT_FILE_EVENTFD,
+#define CKPT_FILE_EVENTFD CKPT_FILE_EVENTFD
CKPT_FILE_MAX
#define CKPT_FILE_MAX CKPT_FILE_MAX
};
@@ -513,6 +515,12 @@ struct ckpt_hdr_file_pipe {
__s32 pipe_objref;
} __attribute__((aligned(8)));
+struct ckpt_hdr_file_eventfd {
+ struct ckpt_hdr_file common;
+ __u64 count;
+ __u32 flags;
+} __attribute__((aligned(8)));
+
/* socket */
struct ckpt_hdr_socket {
struct ckpt_hdr h;
diff --git a/include/linux/eventfd.h b/include/linux/eventfd.h
index 91bb4f2..e8238cc 100644
--- a/include/linux/eventfd.h
+++ b/include/linux/eventfd.h
@@ -39,6 +39,14 @@ ssize_t eventfd_ctx_read(struct eventfd_ctx *ctx, int no_wait, __u64 *cnt);
int eventfd_ctx_remove_wait_queue(struct eventfd_ctx *ctx, wait_queue_t *wait,
__u64 *cnt);
+#ifdef CONFIG_CHECKPOINT
+struct ckpt_ctx;
+struct ckpt_hdr_file;
+
+struct file *eventfd_restore(struct ckpt_ctx *ckpt_ctx,
+ struct ckpt_hdr_file *ptr);
+#endif
+
#else /* CONFIG_EVENTFD */
/*
@@ -77,6 +85,8 @@ static inline int eventfd_ctx_remove_wait_queue(struct eventfd_ctx *ctx,
return -ENOSYS;
}
+#define eventfd_restore NULL
+
#endif
#endif /* _LINUX_EVENTFD_H */
--
1.6.3.3
^ permalink raw reply related [flat|nested] 137+ messages in thread* [PATCH v21 081/100] c/r: restore task fs_root and pwd (v3)
2010-05-01 14:14 [PATCH v21 00/100] Kernel based checkpoint/restart Oren Laadan
` (79 preceding siblings ...)
2010-05-01 14:16 ` [PATCH v21 080/100] c/r: checkpoint/restart eventfd Oren Laadan
@ 2010-05-01 14:16 ` Oren Laadan
2010-05-01 14:16 ` [PATCH v21 082/100] c/r: preliminary support mounts namespace Oren Laadan
` (20 subsequent siblings)
101 siblings, 0 replies; 137+ messages in thread
From: Oren Laadan @ 2010-05-01 14:16 UTC (permalink / raw)
To: Andrew Morton
Cc: containers, linux-kernel, Serge Hallyn, Matt Helsley,
Pavel Emelyanov, Oren Laadan, Al Viro, linux-fsdevel
Checkpoint and restore task->fs. Tasks sharing task->fs will
share them again after restart.
Original patch by Serge Hallyn <serue@us.ibm.com>
Changelog:
Jan 25: [orenl] Addressed comments by .. myself:
- add leak detection
- change order of save/restore of chroot and cwd
- save/restore fs only after file-table and mm
- rename functions to adapt existing conventions
Dec 28: [serge] Addressed comments by Oren (and Dave)
- define and use {get,put}_fs_struct helpers
- fix locking comment
- define ckpt_read_fname() and use in checkpoint/files.c
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: linux-fsdevel@vger.kernel.org
Signed-off-by: Oren Laadan <orenl@cs.columbia.edu>
Signed-off-by: Serge Hallyn <serue@us.ibm.com>
---
fs/checkpoint.c | 232 +++++++++++++++++++++++++++++++++++++++-
fs/fs_struct.c | 21 ++++
fs/open.c | 58 ++++++----
include/linux/checkpoint.h | 6 +-
include/linux/checkpoint_hdr.h | 12 ++
include/linux/fs.h | 5 +
include/linux/fs_struct.h | 2 +
kernel/checkpoint/process.c | 17 +++
8 files changed, 325 insertions(+), 28 deletions(-)
diff --git a/fs/checkpoint.c b/fs/checkpoint.c
index e0f8a15..61b68da 100644
--- a/fs/checkpoint.c
+++ b/fs/checkpoint.c
@@ -15,6 +15,9 @@
#include <linux/module.h>
#include <linux/sched.h>
#include <linux/file.h>
+#include <linux/namei.h>
+#include <linux/fs_struct.h>
+#include <linux/fs.h>
#include <linux/fdtable.h>
#include <linux/fsnotify.h>
#include <linux/pipe_fs_i.h>
@@ -369,6 +372,58 @@ int checkpoint_obj_file_table(struct ckpt_ctx *ctx, struct task_struct *t)
return objref;
}
+int checkpoint_obj_fs(struct ckpt_ctx *ctx, struct task_struct *t)
+{
+ struct fs_struct *fs;
+ int fs_objref;
+
+ task_lock(current);
+ fs = t->fs;
+ get_fs_struct(fs);
+ task_unlock(current);
+
+ fs_objref = checkpoint_obj(ctx, fs, CKPT_OBJ_FS);
+ put_fs_struct(fs);
+
+ return fs_objref;
+}
+
+/* called with fs refcount bumped so it won't disappear */
+static int checkpoint_fs(struct ckpt_ctx *ctx, void *ptr)
+{
+ struct fs_struct *fs = ptr;
+ struct ckpt_hdr_fs *h;
+ struct fs_struct *fscopy;
+ int ret;
+
+ h = ckpt_hdr_get_type(ctx, sizeof(*h), CKPT_HDR_FS);
+ if (!h)
+ return -ENOMEM;
+ ret = ckpt_write_obj(ctx, &h->h);
+ ckpt_hdr_put(ctx, h);
+ if (ret)
+ return ret;
+
+ fscopy = copy_fs_struct(fs);
+ if (!fs)
+ return -ENOMEM;
+
+ ret = checkpoint_fname(ctx, &fscopy->pwd, &ctx->root_fs_path);
+ if (ret < 0) {
+ ckpt_err(ctx, ret, "%(T)writing path of cwd");
+ goto out;
+ }
+ ret = checkpoint_fname(ctx, &fscopy->root, &ctx->root_fs_path);
+ if (ret < 0) {
+ ckpt_err(ctx, ret, "%(T)writing path of fs root");
+ goto out;
+ }
+ ret = 0;
+ out:
+ free_fs_struct(fscopy);
+ return ret;
+}
+
/***********************************************************************
* Collect
*/
@@ -455,10 +510,41 @@ int ckpt_collect_file_table(struct ckpt_ctx *ctx, struct task_struct *t)
return ret;
}
+int ckpt_collect_fs(struct ckpt_ctx *ctx, struct task_struct *t)
+{
+ struct fs_struct *fs;
+ int ret;
+
+ task_lock(t);
+ fs = t->fs;
+ get_fs_struct(fs);
+ task_unlock(t);
+
+ ret = ckpt_obj_collect(ctx, fs, CKPT_OBJ_FS);
+
+ put_fs_struct(fs);
+ return ret;
+}
+
/**************************************************************************
* Restart
*/
+static int ckpt_read_fname(struct ckpt_ctx *ctx, char **fname)
+{
+ int len;
+
+ len = ckpt_read_payload(ctx, (void **) fname,
+ PATH_MAX, CKPT_HDR_FILE_NAME);
+ if (len < 0)
+ return len;
+
+ (*fname)[len - 1] = '\0'; /* always play if safe */
+ ckpt_debug("read filename '%s'\n", *fname);
+
+ return len;
+}
+
/**
* restore_open_fname - read a file name and open a file
* @ctx: checkpoint context
@@ -474,11 +560,9 @@ struct file *restore_open_fname(struct ckpt_ctx *ctx, int flags)
if (flags & (O_CREAT | O_EXCL | O_NOCTTY | O_TRUNC))
return ERR_PTR(-EINVAL);
- len = ckpt_read_payload(ctx, (void **) &fname,
- PATH_MAX, CKPT_HDR_FILE_NAME);
+ len = ckpt_read_fname(ctx, &fname);
if (len < 0)
return ERR_PTR(len);
- fname[len - 1] = '\0'; /* always play if safe */
ckpt_debug("fname '%s' flags %#x\n", fname, flags);
file = filp_open(fname, flags, 0);
@@ -805,8 +889,136 @@ int restore_obj_file_table(struct ckpt_ctx *ctx, int files_objref)
}
/*
+ * Called by task restore code to set the restarted task's
+ * current->fs to an entry on the hash
+ */
+int restore_obj_fs(struct ckpt_ctx *ctx, int fs_objref)
+{
+ struct fs_struct *newfs, *oldfs;
+
+ newfs = ckpt_obj_fetch(ctx, fs_objref, CKPT_OBJ_FS);
+ if (IS_ERR(newfs))
+ return PTR_ERR(newfs);
+
+ task_lock(current);
+ get_fs_struct(newfs);
+ oldfs = current->fs;
+ current->fs = newfs;
+ task_unlock(current);
+ put_fs_struct(oldfs);
+
+ return 0;
+}
+
+static int restore_chroot(struct ckpt_ctx *ctx, struct fs_struct *fs, char *name)
+{
+ struct nameidata nd;
+ int ret;
+
+ ckpt_debug("attempting chroot to %s\n", name);
+ ret = path_lookup(name, LOOKUP_FOLLOW | LOOKUP_DIRECTORY, &nd);
+ if (ret) {
+ ckpt_err(ctx, ret, "%(T)Opening chroot dir %s", name);
+ return ret;
+ }
+ ret = do_chroot(fs, &nd.path);
+ path_put(&nd.path);
+ if (ret) {
+ ckpt_err(ctx, ret, "%(T)Setting chroot %s", name);
+ return ret;
+ }
+ return 0;
+}
+
+static int restore_cwd(struct ckpt_ctx *ctx, struct fs_struct *fs, char *name)
+{
+ struct nameidata nd;
+ int ret;
+
+ ckpt_debug("attempting chdir to %s\n", name);
+ ret = path_lookup(name, LOOKUP_FOLLOW | LOOKUP_DIRECTORY, &nd);
+ if (ret) {
+ ckpt_err(ctx, ret, "%(T)Opening cwd %s", name);
+ return ret;
+ }
+ ret = do_chdir(fs, &nd.path);
+ path_put(&nd.path);
+ if (ret) {
+ ckpt_err(ctx, ret, "%(T)Setting cwd %s", name);
+ return ret;
+ }
+ return 0;
+}
+
+/*
+ * Called by objhash when it runs into a CKPT_OBJ_FS entry. Creates
+ * an fs_struct with desired chroot/cwd and places it in the hash.
+ */
+static void *restore_fs(struct ckpt_ctx *ctx)
+{
+ struct ckpt_hdr_fs *h;
+ struct fs_struct *fs;
+ char *path;
+ int ret = 0;
+
+ h = ckpt_read_obj_type(ctx, sizeof(*h), CKPT_HDR_FS);
+ if (IS_ERR(h))
+ return ERR_PTR(PTR_ERR(h));
+ ckpt_hdr_put(ctx, h);
+
+ fs = copy_fs_struct(current->fs);
+ if (!fs)
+ return ERR_PTR(-ENOMEM);
+
+ ret = ckpt_read_fname(ctx, &path);
+ if (ret < 0)
+ goto out;
+ ret = restore_cwd(ctx, fs, path);
+ kfree(path);
+ if (ret)
+ goto out;
+
+ ret = ckpt_read_fname(ctx, &path);
+ if (ret < 0)
+ goto out;
+ ret = restore_chroot(ctx, fs, path);
+ kfree(path);
+
+out:
+ if (ret) {
+ free_fs_struct(fs);
+ return ERR_PTR(ret);
+ }
+ return fs;
+}
+
+/*
* fs-related checkpoint objects
*/
+
+static int obj_fs_grab(void *ptr)
+{
+ get_fs_struct((struct fs_struct *) ptr);
+ return 0;
+}
+
+static void obj_fs_drop(void *ptr, int lastref)
+{
+ put_fs_struct((struct fs_struct *) ptr);
+}
+
+static int obj_fs_users(void *ptr)
+{
+ /*
+ * It's safe to not use fs->lock because the fs referenced.
+ * It's also sufficient for leak detection: with no leak the
+ * count can't change; with a leak it will be too big already
+ * (even if it's about to grow), and if it's about to shrink
+ * then it's as if we sampled the count a bit earlier.
+ */
+ return ((struct fs_struct *) ptr)->users;
+}
+
static int obj_file_table_grab(void *ptr)
{
atomic_inc(&((struct files_struct *) ptr)->count);
@@ -839,6 +1051,17 @@ static int obj_file_users(void *ptr)
return atomic_long_read(&((struct file *) ptr)->f_count);
}
+/* fs object */
+static const struct ckpt_obj_ops ckpt_obj_fs_ops = {
+ .obj_name = "FS",
+ .obj_type = CKPT_OBJ_FS,
+ .ref_drop = obj_fs_drop,
+ .ref_grab = obj_fs_grab,
+ .ref_users = obj_fs_users,
+ .checkpoint = checkpoint_fs,
+ .restore = restore_fs,
+};
+
/* files_struct object */
static const struct ckpt_obj_ops ckpt_obj_files_struct_ops = {
.obj_name = "FILE_TABLE",
@@ -865,6 +1088,9 @@ static __init int checkpoint_register_fs(void)
{
int ret;
+ ret = register_checkpoint_obj(&ckpt_obj_fs_ops);
+ if (ret < 0)
+ return ret;
ret = register_checkpoint_obj(&ckpt_obj_files_struct_ops);
if (ret < 0)
return ret;
diff --git a/fs/fs_struct.c b/fs/fs_struct.c
index eee0590..2a4c6f5 100644
--- a/fs/fs_struct.c
+++ b/fs/fs_struct.c
@@ -6,6 +6,27 @@
#include <linux/fs_struct.h>
/*
+ * call with owning task locked
+ */
+void get_fs_struct(struct fs_struct *fs)
+{
+ write_lock(&fs->lock);
+ fs->users++;
+ write_unlock(&fs->lock);
+}
+
+void put_fs_struct(struct fs_struct *fs)
+{
+ int kill;
+
+ write_lock(&fs->lock);
+ kill = !--fs->users;
+ write_unlock(&fs->lock);
+ if (kill)
+ free_fs_struct(fs);
+}
+
+/*
* Replace the fs->{rootmnt,root} with {mnt,dentry}. Put the old values.
* It can block.
*/
diff --git a/fs/open.c b/fs/open.c
index 74e5cd9..e9d5626 100644
--- a/fs/open.c
+++ b/fs/open.c
@@ -524,6 +524,18 @@ SYSCALL_DEFINE2(access, const char __user *, filename, int, mode)
return sys_faccessat(AT_FDCWD, filename, mode);
}
+int do_chdir(struct fs_struct *fs, struct path *path)
+{
+ int error;
+
+ error = inode_permission(path->dentry->d_inode, MAY_EXEC | MAY_ACCESS);
+ if (error)
+ return error;
+
+ set_fs_pwd(fs, path);
+ return 0;
+}
+
SYSCALL_DEFINE1(chdir, const char __user *, filename)
{
struct path path;
@@ -531,17 +543,10 @@ SYSCALL_DEFINE1(chdir, const char __user *, filename)
error = user_path_dir(filename, &path);
if (error)
- goto out;
-
- error = inode_permission(path.dentry->d_inode, MAY_EXEC | MAY_ACCESS);
- if (error)
- goto dput_and_out;
-
- set_fs_pwd(current->fs, &path);
+ return error;
-dput_and_out:
+ error = do_chdir(current->fs, &path);
path_put(&path);
-out:
return error;
}
@@ -571,31 +576,36 @@ out:
return error;
}
-SYSCALL_DEFINE1(chroot, const char __user *, filename)
+int do_chroot(struct fs_struct *fs, struct path *path)
{
- struct path path;
int error;
- error = user_path_dir(filename, &path);
+ error = inode_permission(path->dentry->d_inode, MAY_EXEC | MAY_ACCESS);
if (error)
- goto out;
+ return error;
+
+ if (!capable(CAP_SYS_CHROOT))
+ return -EPERM;
- error = inode_permission(path.dentry->d_inode, MAY_EXEC | MAY_ACCESS);
+ error = security_path_chroot(path);
if (error)
- goto dput_and_out;
+ return error;
- error = -EPERM;
- if (!capable(CAP_SYS_CHROOT))
- goto dput_and_out;
- error = security_path_chroot(&path);
+ set_fs_root(fs, path);
+ return 0;
+}
+
+SYSCALL_DEFINE1(chroot, const char __user *, filename)
+{
+ struct path path;
+ int error;
+
+ error = user_path_dir(filename, &path);
if (error)
- goto dput_and_out;
+ return error;
- set_fs_root(current->fs, &path);
- error = 0;
-dput_and_out:
+ error = do_chroot(current->fs, &path);
path_put(&path);
-out:
return error;
}
diff --git a/include/linux/checkpoint.h b/include/linux/checkpoint.h
index 09fbb59..c1079b7 100644
--- a/include/linux/checkpoint.h
+++ b/include/linux/checkpoint.h
@@ -10,7 +10,7 @@
* distribution for more details.
*/
-#define CHECKPOINT_VERSION 3
+#define CHECKPOINT_VERSION 4
/* checkpoint user flags */
#define CHECKPOINT_SUBTREE 0x1
@@ -224,6 +224,10 @@ extern int checkpoint_file_common(struct ckpt_ctx *ctx, struct file *file,
extern int restore_file_common(struct ckpt_ctx *ctx, struct file *file,
struct ckpt_hdr_file *h);
+extern int ckpt_collect_fs(struct ckpt_ctx *ctx, struct task_struct *t);
+extern int checkpoint_obj_fs(struct ckpt_ctx *ctx, struct task_struct *t);
+extern int restore_obj_fs(struct ckpt_ctx *ctx, int fs_objref);
+
/* memory */
extern void ckpt_pgarr_free(struct ckpt_ctx *ctx);
diff --git a/include/linux/checkpoint_hdr.h b/include/linux/checkpoint_hdr.h
index e89fbf9..8dbd6e9 100644
--- a/include/linux/checkpoint_hdr.h
+++ b/include/linux/checkpoint_hdr.h
@@ -139,6 +139,9 @@ enum {
CKPT_HDR_MM_CONTEXT,
#define CKPT_HDR_MM_CONTEXT CKPT_HDR_MM_CONTEXT
+ CKPT_HDR_FS = 451, /* must be after file-table, mm */
+#define CKPT_HDR_FS CKPT_HDR_FS
+
CKPT_HDR_IPC = 501,
#define CKPT_HDR_IPC CKPT_HDR_IPC
CKPT_HDR_IPC_SHM,
@@ -209,6 +212,8 @@ enum obj_type {
#define CKPT_OBJ_FILE CKPT_OBJ_FILE
CKPT_OBJ_MM,
#define CKPT_OBJ_MM CKPT_OBJ_MM
+ CKPT_OBJ_FS,
+#define CKPT_OBJ_FS CKPT_OBJ_FS
CKPT_OBJ_SIGHAND,
#define CKPT_OBJ_SIGHAND CKPT_OBJ_SIGHAND
CKPT_OBJ_SIGNAL,
@@ -424,6 +429,7 @@ struct ckpt_hdr_task_objs {
__s32 files_objref;
__s32 mm_objref;
+ __s32 fs_objref;
__s32 sighand_objref;
__s32 signal_objref;
} __attribute__((aligned(8)));
@@ -461,6 +467,12 @@ enum restart_block_type {
};
/* file system */
+struct ckpt_hdr_fs {
+ struct ckpt_hdr h;
+ /* char *fs_root */
+ /* char *fs_pwd */
+} __attribute__((aligned(8)));
+
struct ckpt_hdr_file_table {
struct ckpt_hdr h;
__s32 fdt_nfds;
diff --git a/include/linux/fs.h b/include/linux/fs.h
index c0a59ea..ee725ff 100644
--- a/include/linux/fs.h
+++ b/include/linux/fs.h
@@ -1826,6 +1826,11 @@ extern int iterate_mounts(int (*)(struct vfsmount *, void *), void *,
struct vfsmount *);
extern int vfs_statfs(struct dentry *, struct kstatfs *);
+struct fs_struct;
+extern int do_chdir(struct fs_struct *fs, struct path *path);
+extern int do_chroot(struct fs_struct *fs, struct path *path);
+
+
extern int current_umask(void);
/* /sys/fs */
diff --git a/include/linux/fs_struct.h b/include/linux/fs_struct.h
index 78a05bf..a73cbcb 100644
--- a/include/linux/fs_struct.h
+++ b/include/linux/fs_struct.h
@@ -20,5 +20,7 @@ extern struct fs_struct *copy_fs_struct(struct fs_struct *);
extern void free_fs_struct(struct fs_struct *);
extern void daemonize_fs_struct(void);
extern int unshare_fs_struct(void);
+extern void get_fs_struct(struct fs_struct *);
+extern void put_fs_struct(struct fs_struct *);
#endif /* _LINUX_FS_STRUCT_H */
diff --git a/kernel/checkpoint/process.c b/kernel/checkpoint/process.c
index fa08616..922287b 100644
--- a/kernel/checkpoint/process.c
+++ b/kernel/checkpoint/process.c
@@ -232,6 +232,7 @@ static int checkpoint_task_objs(struct ckpt_ctx *ctx, struct task_struct *t)
struct ckpt_hdr_task_objs *h;
int files_objref;
int mm_objref;
+ int fs_objref;
int sighand_objref;
int signal_objref;
int first, ret;
@@ -272,6 +273,13 @@ static int checkpoint_task_objs(struct ckpt_ctx *ctx, struct task_struct *t)
return mm_objref;
}
+ /* note: this must come *after* file-table and mm */
+ fs_objref = checkpoint_obj_fs(ctx, t);
+ if (fs_objref < 0) {
+ ckpt_err(ctx, fs_objref, "%(T)process fs\n");
+ return fs_objref;
+ }
+
sighand_objref = checkpoint_obj_sighand(ctx, t);
ckpt_debug("sighand: objref %d\n", sighand_objref);
if (sighand_objref < 0) {
@@ -299,6 +307,7 @@ static int checkpoint_task_objs(struct ckpt_ctx *ctx, struct task_struct *t)
return -ENOMEM;
h->files_objref = files_objref;
h->mm_objref = mm_objref;
+ h->fs_objref = fs_objref;
h->sighand_objref = sighand_objref;
h->signal_objref = signal_objref;
ret = ckpt_write_obj(ctx, &h->h);
@@ -477,6 +486,9 @@ int ckpt_collect_task(struct ckpt_ctx *ctx, struct task_struct *t)
ret = ckpt_collect_mm(ctx, t);
if (ret < 0)
return ret;
+ ret = ckpt_collect_fs(ctx, t);
+ if (ret < 0)
+ return ret;
ret = ckpt_collect_sighand(ctx, t);
return ret;
@@ -645,6 +657,11 @@ static int restore_task_objs(struct ckpt_ctx *ctx)
if (ret < 0)
goto out;
+ ret = restore_obj_fs(ctx, h->fs_objref);
+ ckpt_debug("fs: ret %d (%p)\n", ret, current->fs);
+ if (ret < 0)
+ return ret;
+
ret = restore_obj_sighand(ctx, h->sighand_objref);
ckpt_debug("sighand: ret %d (%p)\n", ret, current->sighand);
if (ret < 0)
--
1.6.3.3
^ permalink raw reply related [flat|nested] 137+ messages in thread* [PATCH v21 082/100] c/r: preliminary support mounts namespace
2010-05-01 14:14 [PATCH v21 00/100] Kernel based checkpoint/restart Oren Laadan
` (80 preceding siblings ...)
2010-05-01 14:16 ` [PATCH v21 081/100] c/r: restore task fs_root and pwd (v3) Oren Laadan
@ 2010-05-01 14:16 ` Oren Laadan
2010-05-01 14:16 ` [PATCH v21 083/100] c/r: nested pid namespaces (v3) Oren Laadan
` (19 subsequent siblings)
101 siblings, 0 replies; 137+ messages in thread
From: Oren Laadan @ 2010-05-01 14:16 UTC (permalink / raw)
To: Andrew Morton
Cc: containers, linux-kernel, Serge Hallyn, Matt Helsley,
Pavel Emelyanov, Oren Laadan, Al Viro, linux-fsdevel
We only allow c/r when all processes shared a single mounts ns.
We do intend to implement c/r of mounts and mounts namespaces in the
kernel. It shouldn't be ugly or complicate locking to do so. Just
haven't gotten around to it. A more complete solution is more than we
want to take on now for v19.
But we'd like as much as possible for everything which we don't
support, to not be checkpointable, since not doing so has in the past
invited slanderous accusations of being a toy implementation :)
Meanwhile, we get the following:
1) Checkpoint bails if not all tasks share the same mnt-ns
2) Leak detection works for full container checkpoint
On restart, all tasks inherit the same mnt-ns of the coordinator, by
default. A follow-up patch to user-cr will add a new switch to the
'restart' to request a CLONE_NEWMNT flag when creating the root-task
of the restart.
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: linux-fsdevel@vger.kernel.org
Signed-off-by: Serge E. Hallyn <serue@us.ibm.com>
Acked-by: Oren Laadan <orenl@cs.columbia.edu>
---
fs/namespace.c | 63 +++++++++++++++++++++++++++++----------
include/linux/checkpoint.h | 2 +-
include/linux/checkpoint_hdr.h | 4 ++
kernel/nsproxy.c | 16 ++++++++--
4 files changed, 65 insertions(+), 20 deletions(-)
diff --git a/fs/namespace.c b/fs/namespace.c
index 8174c8a..e335285 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -29,6 +29,7 @@
#include <linux/log2.h>
#include <linux/idr.h>
#include <linux/fs_struct.h>
+#include <linux/checkpoint.h>
#include <asm/uaccess.h>
#include <asm/unistd.h>
#include "pnode.h"
@@ -2318,6 +2319,49 @@ static void __init init_mount_tree(void)
set_fs_root(current->fs, &root);
}
+void put_mnt_ns(struct mnt_namespace *ns)
+{
+ LIST_HEAD(umount_list);
+
+ if (!atomic_dec_and_test(&ns->count))
+ return;
+ down_write(&namespace_sem);
+ spin_lock(&vfsmount_lock);
+ umount_tree(ns->root, 0, &umount_list);
+ spin_unlock(&vfsmount_lock);
+ up_write(&namespace_sem);
+ release_mounts(&umount_list);
+ kfree(ns);
+}
+EXPORT_SYMBOL(put_mnt_ns);
+
+#ifdef CONFIG_CHECKPOINT
+static int obj_mnt_ns_grab(void *ptr)
+{
+ get_mnt_ns((struct mnt_namespace *) ptr);
+ return 0;
+}
+
+static void obj_mnt_ns_drop(void *ptr, int lastref)
+{
+ put_mnt_ns((struct mnt_namespace *) ptr);
+}
+
+static int obj_mnt_ns_users(void *ptr)
+{
+ return atomic_read(&((struct mnt_namespace *) ptr)->count);
+}
+
+/* mnt_ns object */
+static const struct ckpt_obj_ops ckpt_obj_mntns_ops = {
+ .obj_name = "MOUNTS NS",
+ .obj_type = CKPT_OBJ_MNT_NS,
+ .ref_grab = obj_mnt_ns_grab,
+ .ref_drop = obj_mnt_ns_drop,
+ .ref_users = obj_mnt_ns_users,
+};
+#endif /* CONFIG_CHECKPOINT */
+
void __init mnt_init(void)
{
unsigned u;
@@ -2347,20 +2391,7 @@ void __init mnt_init(void)
printk(KERN_WARNING "%s: kobj create error\n", __func__);
init_rootfs();
init_mount_tree();
+#ifdef CONFIG_CHECKPOINT
+ register_checkpoint_obj(&ckpt_obj_mntns_ops);
+#endif
}
-
-void put_mnt_ns(struct mnt_namespace *ns)
-{
- LIST_HEAD(umount_list);
-
- if (!atomic_dec_and_test(&ns->count))
- return;
- down_write(&namespace_sem);
- spin_lock(&vfsmount_lock);
- umount_tree(ns->root, 0, &umount_list);
- spin_unlock(&vfsmount_lock);
- up_write(&namespace_sem);
- release_mounts(&umount_list);
- kfree(ns);
-}
-EXPORT_SYMBOL(put_mnt_ns);
diff --git a/include/linux/checkpoint.h b/include/linux/checkpoint.h
index c1079b7..6560f63 100644
--- a/include/linux/checkpoint.h
+++ b/include/linux/checkpoint.h
@@ -10,7 +10,7 @@
* distribution for more details.
*/
-#define CHECKPOINT_VERSION 4
+#define CHECKPOINT_VERSION 5
/* checkpoint user flags */
#define CHECKPOINT_SUBTREE 0x1
diff --git a/include/linux/checkpoint_hdr.h b/include/linux/checkpoint_hdr.h
index 8dbd6e9..e74d668 100644
--- a/include/linux/checkpoint_hdr.h
+++ b/include/linux/checkpoint_hdr.h
@@ -98,6 +98,8 @@ enum {
#define CKPT_HDR_UTS_NS CKPT_HDR_UTS_NS
CKPT_HDR_IPC_NS,
#define CKPT_HDR_IPC_NS CKPT_HDR_IPC_NS
+ CKPT_HDR_MNT_NS,
+#define CKPT_HDR_MNT_NS CKPT_HDR_MNT_NS
CKPT_HDR_CAPABILITIES,
#define CKPT_HDR_CAPABILITIES CKPT_HDR_CAPABILITIES
CKPT_HDR_USER_NS,
@@ -224,6 +226,8 @@ enum obj_type {
#define CKPT_OBJ_UTS_NS CKPT_OBJ_UTS_NS
CKPT_OBJ_IPC_NS,
#define CKPT_OBJ_IPC_NS CKPT_OBJ_IPC_NS
+ CKPT_OBJ_MNT_NS,
+#define CKPT_OBJ_MNT_NS CKPT_OBJ_MNT_NS
CKPT_OBJ_USER_NS,
#define CKPT_OBJ_USER_NS CKPT_OBJ_USER_NS
CKPT_OBJ_CRED,
diff --git a/kernel/nsproxy.c b/kernel/nsproxy.c
index 67a1456..5bdce9e 100644
--- a/kernel/nsproxy.c
+++ b/kernel/nsproxy.c
@@ -268,11 +268,18 @@ int ckpt_collect_ns(struct ckpt_ctx *ctx, struct task_struct *t)
* ipc_ns (shm) may keep references to files: if this is the
* first time we see this ipc_ns (ret > 0), proceed inside.
*/
- if (ret)
+ if (ret) {
ret = ckpt_collect_ipc_ns(ctx, nsproxy->ipc_ns);
+ if (ret < 0)
+ goto out;
+ }
#endif
- /* TODO: collect other namespaces here */
+ ret = ckpt_obj_collect(ctx, nsproxy->mnt_ns, CKPT_OBJ_MNT_NS);
+ if (ret < 0)
+ goto out;
+
+ ret = 0;
out:
put_nsproxy(nsproxy);
return ret;
@@ -301,7 +308,10 @@ static int checkpoint_ns(struct ckpt_ctx *ctx, void *ptr)
#endif /* CONFIG_IPC_NS */
h->ipc_objref = ret;
- /* TODO: Write other namespaces here */
+ /* FIXME: for now, only marked visited to pacify leaks */
+ ret = ckpt_obj_visit(ctx, nsproxy->mnt_ns, CKPT_OBJ_MNT_NS);
+ if (ret < 0)
+ goto out;
ret = ckpt_write_obj(ctx, &h->h);
out:
--
1.6.3.3
^ permalink raw reply related [flat|nested] 137+ messages in thread* [PATCH v21 083/100] c/r: nested pid namespaces (v3)
2010-05-01 14:14 [PATCH v21 00/100] Kernel based checkpoint/restart Oren Laadan
` (81 preceding siblings ...)
2010-05-01 14:16 ` [PATCH v21 082/100] c/r: preliminary support mounts namespace Oren Laadan
@ 2010-05-01 14:16 ` Oren Laadan
2010-05-01 14:16 ` [PATCH v21 084/100] powerpc: reserve checkpoint arch identifiers Oren Laadan
` (18 subsequent siblings)
101 siblings, 0 replies; 137+ messages in thread
From: Oren Laadan @ 2010-05-01 14:16 UTC (permalink / raw)
To: Andrew Morton
Cc: containers, linux-kernel, Serge Hallyn, Matt Helsley,
Pavel Emelyanov, Oleg Nesterov
From: Serge E. Hallyn <serue@us.ibm.com>
Support checkpoint and restart of tasks in nested pid namespaces. We
keep the original single pids_array to minimize memory allocations.
The pids array entries are augmented with a pidns depth (relative to
the container init's pidns. If any tasks are in nested pid namespace,
another single array will hold all of the vpids. At restart those are
used by userspace to determine how to call eclone(). Kernel ignores
them.
Changelog:
Mar 31:
Oren: Get rid of ckpt_hdr_vpids - can be inferred at restart
Mar 29:
Oren: Remove portion of patch that adds 'rpid'
Mar 22:
Use Louis Rilling's smarter ckpt_vpids algorithm
verbatim, to handle pid_ns depths > CKPT_HDR_PIDS_CHUNK,
as well as fix an apparent bug in my original code.
As Louis suggested, use task_active_pid_ns() rather than
task->nsproxy->pid_ns. In fact it's a must, bc the
checkpointed task may be dead and have NULL
task->nsproxy->pid_ns.
Oren: Add spinlock for nsproxy->pidns; use
ckpt_read_consume() to consume vpids; and use __s32 instead
of ckpt_vpid struct
Cc: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Serge E. Hallyn <serue@us.ibm.com>
Acked-by: Oren Laadan <orenl@cs.columbia.edu>
---
include/linux/checkpoint.h | 2 +-
include/linux/checkpoint_hdr.h | 2 +
include/linux/checkpoint_types.h | 3 +
kernel/checkpoint/checkpoint.c | 111 +++++++++++++++++++++++++++++++++----
kernel/checkpoint/process.c | 22 ++++++--
kernel/checkpoint/restart.c | 39 ++++++++++++--
kernel/checkpoint/sys.c | 4 ++
kernel/nsproxy.c | 9 +++-
8 files changed, 169 insertions(+), 23 deletions(-)
diff --git a/include/linux/checkpoint.h b/include/linux/checkpoint.h
index 6560f63..b7d7258 100644
--- a/include/linux/checkpoint.h
+++ b/include/linux/checkpoint.h
@@ -10,7 +10,7 @@
* distribution for more details.
*/
-#define CHECKPOINT_VERSION 5
+#define CHECKPOINT_VERSION 6
/* checkpoint user flags */
#define CHECKPOINT_SUBTREE 0x1
diff --git a/include/linux/checkpoint_hdr.h b/include/linux/checkpoint_hdr.h
index e74d668..f2779d1 100644
--- a/include/linux/checkpoint_hdr.h
+++ b/include/linux/checkpoint_hdr.h
@@ -309,11 +309,13 @@ struct ckpt_hdr_tree {
} __attribute__((aligned(8)));
struct ckpt_pids {
+ /* These pids are in the root_nsproxy's pid ns */
__s32 vpid;
__s32 vppid;
__s32 vtgid;
__s32 vpgid;
__s32 vsid;
+ __s32 depth; /* pid namespace depth relative to container init */
} __attribute__((aligned(8)));
/* pids */
diff --git a/include/linux/checkpoint_types.h b/include/linux/checkpoint_types.h
index 79c6394..b27312b 100644
--- a/include/linux/checkpoint_types.h
+++ b/include/linux/checkpoint_types.h
@@ -70,6 +70,9 @@ struct ckpt_ctx {
struct task_struct **tasks_arr; /* array of all tasks [checkpoint] */
int nr_tasks; /* size of tasks array */
+ int nr_vpids;
+ struct pid_namespace *coord_pidns; /* coordinator pid_ns */
+
/* [multi-process restart] */
struct ckpt_pids *pids_arr; /* array of all pids [restart] */
int nr_pids; /* size of pids array */
diff --git a/kernel/checkpoint/checkpoint.c b/kernel/checkpoint/checkpoint.c
index 72a706e..ccc5367 100644
--- a/kernel/checkpoint/checkpoint.c
+++ b/kernel/checkpoint/checkpoint.c
@@ -28,6 +28,7 @@
#include <linux/hrtimer.h>
#include <linux/deferqueue.h>
#include <linux/checkpoint.h>
+#include <linux/pid_namespace.h>
/* unique checkpoint identifier (FIXME: should be per-container ?) */
static atomic_t ctx_count = ATOMIC_INIT(0);
@@ -232,6 +233,7 @@ static int may_checkpoint_task(struct ckpt_ctx *ctx, struct task_struct *t)
struct task_struct *root = ctx->root_task;
struct nsproxy *nsproxy;
int ret = 0;
+ struct pid_namespace *pidns;
ckpt_debug("check %d\n", task_pid_nr_ns(t, ctx->root_nsproxy->pid_ns));
@@ -283,10 +285,15 @@ static int may_checkpoint_task(struct ckpt_ctx *ctx, struct task_struct *t)
_ckpt_err(ctx, -EPERM, "%(T)Nested net_ns unsupported\n");
ret = -EPERM;
}
- /* no support for >1 private pidns */
- if (nsproxy->pid_ns != ctx->root_nsproxy->pid_ns) {
- _ckpt_err(ctx, -EPERM, "%(T)Nested pid_ns unsupported\n");
- ret = -EPERM;
+ /* pidns must be descendent of root_nsproxy */
+ pidns = nsproxy->pid_ns;
+ while (pidns != ctx->root_nsproxy->pid_ns) {
+ if (pidns == &init_pid_ns) {
+ ret = -EPERM;
+ _ckpt_err(ctx, ret, "%(T)stranger pid_ns\n");
+ break;
+ }
+ pidns = pidns->parent;
}
rcu_read_unlock();
@@ -295,15 +302,19 @@ static int may_checkpoint_task(struct ckpt_ctx *ctx, struct task_struct *t)
#define CKPT_HDR_PIDS_CHUNK 256
+/*
+ * Write the pids in ctx->root_nsproxy->pidns. This info is
+ * needed at restart to unambiguously dereference tasks.
+ */
static int checkpoint_pids(struct ckpt_ctx *ctx)
{
struct ckpt_pids *h;
- struct pid_namespace *ns;
+ struct pid_namespace *root_pidns;
struct task_struct *task;
struct task_struct **tasks_arr;
int nr_tasks, n, pos = 0, ret = 0;
- ns = ctx->root_nsproxy->pid_ns;
+ root_pidns = ctx->root_nsproxy->pid_ns;
tasks_arr = ctx->tasks_arr;
nr_tasks = ctx->nr_tasks;
BUG_ON(nr_tasks <= 0);
@@ -321,15 +332,21 @@ static int checkpoint_pids(struct ckpt_ctx *ctx)
do {
rcu_read_lock();
for (n = 0; n < min(nr_tasks, CKPT_HDR_PIDS_CHUNK); n++) {
+ struct pid_namespace *task_pidns;
task = tasks_arr[pos];
- h[n].vpid = task_pid_nr_ns(task, ns);
- h[n].vtgid = task_tgid_nr_ns(task, ns);
- h[n].vpgid = task_pgrp_nr_ns(task, ns);
- h[n].vsid = task_session_nr_ns(task, ns);
- h[n].vppid = task_tgid_nr_ns(task->real_parent, ns);
+ h[n].vpid = task_pid_nr_ns(task, root_pidns);
+ h[n].vtgid = task_tgid_nr_ns(task, root_pidns);
+ h[n].vpgid = task_pgrp_nr_ns(task, root_pidns);
+ h[n].vsid = task_session_nr_ns(task, root_pidns);
+ h[n].vppid = task_tgid_nr_ns(task->real_parent,
+ root_pidns);
+ task_pidns = task_active_pid_ns(task);
+ h[n].depth = task_pidns->level - root_pidns->level;
+
ckpt_debug("task[%d]: vpid %d vtgid %d parent %d\n",
pos, h[n].vpid, h[n].vtgid, h[n].vppid);
+ ctx->nr_vpids += h[n].depth;
pos++;
}
rcu_read_unlock();
@@ -346,6 +363,70 @@ static int checkpoint_pids(struct ckpt_ctx *ctx)
return ret;
}
+static int checkpoint_vpids(struct ckpt_ctx *ctx)
+{
+ __s32 *h; /* vpid array */
+ struct pid_namespace *root_pidns, *task_pidns = NULL, *active_pidns;
+ struct task_struct *task;
+ int ret, nr_tasks = ctx->nr_tasks;
+ int tidx = 0; /* index into task array */
+ int hidx = 0; /* pids written into current __s32 chunk */
+ int vidx = 0; /* vpid index for current task */
+
+ root_pidns = ctx->root_nsproxy->pid_ns;
+ nr_tasks = ctx->nr_tasks;
+
+ ret = ckpt_write_obj_type(ctx, NULL,
+ sizeof(*h) * ctx->nr_vpids,
+ CKPT_HDR_BUFFER);
+ if (ret < 0)
+ return ret;
+
+ h = ckpt_hdr_get(ctx, sizeof(*h) * CKPT_HDR_PIDS_CHUNK);
+ if (!h)
+ return -ENOMEM;
+
+ do {
+ rcu_read_lock();
+ while (tidx < nr_tasks && hidx < CKPT_HDR_PIDS_CHUNK) {
+ int nsdelta;
+
+ task = ctx->tasks_arr[tidx];
+ active_pidns = task_active_pid_ns(task);
+ nsdelta = active_pidns->level - root_pidns->level;
+ if (hidx + nsdelta - vidx > CKPT_HDR_PIDS_CHUNK)
+ /*
+ * We will release rcu before recording the
+ * remaining vpids, but neither task nor its
+ * pid can disappear.
+ */
+ nsdelta = CKPT_HDR_PIDS_CHUNK - hidx + vidx;
+
+ if (vidx == 0)
+ task_pidns = active_pidns;
+ while (vidx++ < nsdelta) {
+ h[hidx++] = task_pid_nr_ns(task, task_pidns);
+ task_pidns = task_pidns->parent;
+ }
+
+ if (task_pidns == root_pidns) {
+ tidx++;
+ vidx = 0;
+ }
+ }
+ rcu_read_unlock();
+
+ ret = ckpt_kwrite(ctx, h, hidx * sizeof(*h));
+ if (ret < 0)
+ break;
+
+ hidx = 0;
+ } while (tidx < nr_tasks);
+
+ _ckpt_hdr_put(ctx, h, sizeof(*h) * CKPT_HDR_PIDS_CHUNK);
+ return ret;
+}
+
static int collect_objects(struct ckpt_ctx *ctx)
{
int n, ret = 0;
@@ -470,7 +551,13 @@ static int checkpoint_tree(struct ckpt_ctx *ctx)
return ret;
ret = checkpoint_pids(ctx);
- return ret;
+ if (ret < 0)
+ return ret;
+
+ if (ctx->nr_vpids == 0)
+ return 0;
+
+ return checkpoint_vpids(ctx);
}
static struct task_struct *get_freezer_task(struct task_struct *root_task)
diff --git a/kernel/checkpoint/process.c b/kernel/checkpoint/process.c
index 922287b..f6f3771 100644
--- a/kernel/checkpoint/process.c
+++ b/kernel/checkpoint/process.c
@@ -23,7 +23,7 @@
#include <linux/syscalls.h>
#include <linux/security.h> /* security_task_setpgid() */
#include <linux/checkpoint.h>
-
+#include <linux/pid_namespace.h>
pid_t ckpt_pid_nr(struct ckpt_ctx *ctx, struct pid *pid)
{
@@ -52,7 +52,7 @@ struct pid *_ckpt_find_pgrp(struct ckpt_ctx *ctx, pid_t pgid)
* Find the owner process of this pgid (it must exist
* if pgrp exists). It must be a thread group leader.
*/
- pgrp = find_vpid(pgid);
+ pgrp = find_pid_ns(pgid, ctx->root_nsproxy->pid_ns);
p = pid_task(pgrp, PIDTYPE_PID);
if (!p || !thread_group_leader(p))
return NULL;
@@ -561,6 +561,13 @@ static int restore_task_struct(struct ckpt_ctx *ctx)
return ret;
}
+/*
+ * restart is currently serialized, but if/when that changes we want
+ * to make sure that setting nsproxy->pidns in restore_task_ns() is only
+ * done once. That's what checkpoint_nslock is for
+ */
+DEFINE_SPINLOCK(checkpoint_nslock);
+
static int restore_task_ns(struct ckpt_ctx *ctx)
{
struct ckpt_hdr_task_ns *h;
@@ -578,6 +585,10 @@ static int restore_task_ns(struct ckpt_ctx *ctx)
}
if (nsproxy != task_nsproxy(current)) {
+ spin_lock(&checkpoint_nslock);
+ if (!nsproxy->pid_ns)
+ nsproxy->pid_ns = get_pid_ns(current->nsproxy->pid_ns);
+ spin_unlock(&checkpoint_nslock);
get_nsproxy(nsproxy);
switch_task_namespaces(current, nsproxy);
}
@@ -829,8 +840,8 @@ static int restore_task_pgid(struct ckpt_ctx *ctx)
pgid = ctx->pids_arr[ctx->active_pid].vpgid;
- if (pgid == task_pgrp_vnr(task)) /* nothing to do */
- return 0;
+ if (pgid == task_pgrp_nr_ns(task, ctx->root_nsproxy->pid_ns))
+ return 0; /* nothing to do */
if (task->signal->leader) /* (2) */
return -EINVAL;
@@ -850,6 +861,9 @@ static int restore_task_pgid(struct ckpt_ctx *ctx)
if (ctx->uflags & RESTART_TASKSELF)
ret = 0;
+ if (ret < 0)
+ ckpt_err(ctx, ret, "setting pgid\n");
+
return ret;
}
diff --git a/kernel/checkpoint/restart.c b/kernel/checkpoint/restart.c
index 7c38c1a..2314f7d 100644
--- a/kernel/checkpoint/restart.c
+++ b/kernel/checkpoint/restart.c
@@ -24,6 +24,7 @@
#include <linux/termios.h>
#include <linux/elf.h>
#include <linux/deferqueue.h>
+#include <linux/pid_namespace.h>
#include <linux/checkpoint.h>
#include <asm/syscall.h>
@@ -719,6 +720,29 @@ static int restore_read_tree(struct ckpt_ctx *ctx)
return ret;
}
+/*
+ * read all the vpids - we don't actually care about them,
+ * userspace did
+ */
+static int restore_slurp_vpids(struct ckpt_ctx *ctx)
+{
+ int size, ret, i;
+
+ for (i = 0; i < ctx->nr_pids; i++)
+ ctx->nr_vpids += ctx->pids_arr[i].depth;
+
+ if (ctx->nr_vpids == 0)
+ return 0;
+
+ size = sizeof(__s32) * ctx->nr_vpids;
+ if (size < 0) /* overflow ? */
+ return -EINVAL;
+
+ ret = ckpt_read_consume(ctx, size + sizeof(struct ckpt_hdr),
+ CKPT_HDR_BUFFER);
+ return ret;
+}
+
static inline int all_tasks_activated(struct ckpt_ctx *ctx)
{
return (ctx->active_pid == ctx->nr_pids);
@@ -807,7 +831,8 @@ static int restore_activate_next(struct ckpt_ctx *ctx)
pid = get_active_pid(ctx);
rcu_read_lock();
- task = find_task_by_pid_ns(pid, ctx->root_nsproxy->pid_ns);
+ task = find_task_by_pid_ns(pid,
+ task_active_pid_ns(ctx->root_task));
/* target task must have same restart context */
if (task && task->checkpoint_ctx == ctx)
wake_up_process(task);
@@ -829,7 +854,7 @@ static int restore_activate_next(struct ckpt_ctx *ctx)
static int wait_task_active(struct ckpt_ctx *ctx)
{
- pid_t pid = task_pid_vnr(current);
+ pid_t pid = task_pid_nr_ns(current, task_active_pid_ns(ctx->root_task));
int ret;
ckpt_debug("pid %d waiting\n", pid);
@@ -845,7 +870,8 @@ static int wait_task_active(struct ckpt_ctx *ctx)
static int wait_task_sync(struct ckpt_ctx *ctx)
{
- ckpt_debug("pid %d syncing\n", task_pid_vnr(current));
+ ckpt_debug("pid %d syncing\n",
+ task_pid_nr_ns(current, task_active_pid_ns(ctx->root_task)));
wait_event_interruptible(ctx->waitq, ckpt_test_complete(ctx));
ckpt_debug("task sync done (errno %d)\n", ctx->errno);
if (ckpt_test_error(ctx))
@@ -1119,7 +1145,7 @@ static struct task_struct *choose_root_task(struct ckpt_ctx *ctx, pid_t pid)
read_lock(&tasklist_lock);
list_for_each_entry(task, ¤t->children, sibling) {
- if (task_pid_vnr(task) == pid) {
+ if (task_pid_nr_ns(task, ctx->coord_pidns) == pid) {
get_task_struct(task);
ctx->root_task = task;
ctx->root_pid = pid;
@@ -1196,6 +1222,11 @@ static int do_restore_coord(struct ckpt_ctx *ctx, pid_t pid)
if (ret < 0)
return ret;
+ ret = restore_slurp_vpids(ctx);
+ ckpt_debug("read vpids %d\n", ret);
+ if (ret < 0)
+ return ret;
+
if ((ctx->uflags & RESTART_TASKSELF) && ctx->nr_pids != 1)
return -EINVAL;
diff --git a/kernel/checkpoint/sys.c b/kernel/checkpoint/sys.c
index b8369e4..a20ce9f 100644
--- a/kernel/checkpoint/sys.c
+++ b/kernel/checkpoint/sys.c
@@ -25,6 +25,7 @@
#include <linux/deferqueue.h>
#include <linux/checkpoint.h>
#include <linux/deferqueue.h>
+#include <linux/pid_namespace.h>
/*
* ckpt_unpriv_allowed - sysctl controlled.
@@ -218,6 +219,8 @@ static void ckpt_ctx_free(struct ckpt_ctx *ctx)
if (ctx->tasks_arr)
task_arr_free(ctx);
+ if (ctx->coord_pidns)
+ put_pid_ns(ctx->coord_pidns);
if (ctx->root_nsproxy)
put_nsproxy(ctx->root_nsproxy);
if (ctx->root_task)
@@ -249,6 +252,7 @@ static struct ckpt_ctx *ckpt_ctx_alloc(int fd, unsigned long uflags,
ctx->uflags = uflags;
ctx->kflags = kflags;
ctx->ktime_begin = ktime_get();
+ ctx->coord_pidns = get_pid_ns(current->nsproxy->pid_ns);
atomic_set(&ctx->refcount, 0);
INIT_LIST_HEAD(&ctx->pgarr_list);
diff --git a/kernel/nsproxy.c b/kernel/nsproxy.c
index 5bdce9e..7fb3cea 100644
--- a/kernel/nsproxy.c
+++ b/kernel/nsproxy.c
@@ -381,8 +381,13 @@ static void *restore_ns(struct ckpt_ctx *ctx)
get_net(net_ns);
nsproxy->net_ns = net_ns;
- get_pid_ns(current->nsproxy->pid_ns);
- nsproxy->pid_ns = current->nsproxy->pid_ns;
+ /*
+ * The pid_ns will get assigned the first time that we
+ * assign the nsproxy to a task. The task had unshared
+ * its pid_ns in userspace before calling restart, and
+ * we want to keep using that pid_ns.
+ */
+ nsproxy->pid_ns = NULL;
}
out:
if (ret < 0)
--
1.6.3.3
^ permalink raw reply related [flat|nested] 137+ messages in thread* [PATCH v21 084/100] powerpc: reserve checkpoint arch identifiers
2010-05-01 14:14 [PATCH v21 00/100] Kernel based checkpoint/restart Oren Laadan
` (82 preceding siblings ...)
2010-05-01 14:16 ` [PATCH v21 083/100] c/r: nested pid namespaces (v3) Oren Laadan
@ 2010-05-01 14:16 ` Oren Laadan
2010-05-01 14:16 ` [PATCH v21 085/100] powerpc: provide APIs for validating and updating DABR Oren Laadan
` (17 subsequent siblings)
101 siblings, 0 replies; 137+ messages in thread
From: Oren Laadan @ 2010-05-01 14:16 UTC (permalink / raw)
To: Andrew Morton
Cc: containers, linux-kernel, Serge Hallyn, Matt Helsley,
Pavel Emelyanov, Nathan Lynch, linuxppc-dev
From: Nathan Lynch <ntl@pobox.com>
Changelog [v19-rc1]:
- [Matt Helsley] Add cpp definitions for enums
Cc: linuxppc-dev@ozlabs.org
Signed-off-by: Nathan Lynch <ntl@pobox.com>
Acked-by: Serge E. Hallyn <serue@us.ibm.com>
Tested-by: Serge E. Hallyn <serue@us.ibm.com>
---
include/linux/checkpoint_hdr.h | 4 ++++
1 files changed, 4 insertions(+), 0 deletions(-)
diff --git a/include/linux/checkpoint_hdr.h b/include/linux/checkpoint_hdr.h
index f2779d1..90cbc15 100644
--- a/include/linux/checkpoint_hdr.h
+++ b/include/linux/checkpoint_hdr.h
@@ -193,6 +193,10 @@ enum {
#define CKPT_ARCH_X86_64 CKPT_ARCH_X86_64
CKPT_ARCH_S390X,
#define CKPT_ARCH_S390X CKPT_ARCH_S390X
+ CKPT_ARCH_PPC32,
+#define CKPT_ARCH_PPC32 CKPT_ARCH_PPC32
+ CKPT_ARCH_PPC64,
+#define CKPT_ARCH_PPC64 CKPT_ARCH_PPC64
};
/* shared objrects (objref) */
--
1.6.3.3
^ permalink raw reply related [flat|nested] 137+ messages in thread* [PATCH v21 085/100] powerpc: provide APIs for validating and updating DABR
2010-05-01 14:14 [PATCH v21 00/100] Kernel based checkpoint/restart Oren Laadan
` (83 preceding siblings ...)
2010-05-01 14:16 ` [PATCH v21 084/100] powerpc: reserve checkpoint arch identifiers Oren Laadan
@ 2010-05-01 14:16 ` Oren Laadan
2010-05-01 14:16 ` [PATCH v21 086/100] powerpc: checkpoint/restart implementation Oren Laadan
` (16 subsequent siblings)
101 siblings, 0 replies; 137+ messages in thread
From: Oren Laadan @ 2010-05-01 14:16 UTC (permalink / raw)
To: Andrew Morton
Cc: containers, linux-kernel, Serge Hallyn, Matt Helsley,
Pavel Emelyanov, Nathan Lynch, linuxppc-dev
From: Nathan Lynch <ntl@pobox.com>
A checkpointed task image may specify a value for the DABR (Data
Access Breakpoint Register). The restart code needs to validate this
value before making any changes to the current task.
ptrace_set_debugreg encapsulates the bounds checking and platform
dependencies of programming the DABR. Split this into "validate"
(debugreg_valid) and "update" (debugreg_update) functions, and make
them available for use outside of the ptrace code.
Also ptrace_set_debugreg has extern linkage, but no users outside of
ptrace.c. Make it static.
Cc: linuxppc-dev@ozlabs.org
Signed-off-by: Nathan Lynch <ntl@pobox.com>
Acked-by: Serge E. Hallyn <serue@us.ibm.com>
---
arch/powerpc/include/asm/ptrace.h | 7 +++
arch/powerpc/kernel/ptrace.c | 83 ++++++++++++++++++++++++++-----------
2 files changed, 66 insertions(+), 24 deletions(-)
diff --git a/arch/powerpc/include/asm/ptrace.h b/arch/powerpc/include/asm/ptrace.h
index 9e2d84c..a88d711 100644
--- a/arch/powerpc/include/asm/ptrace.h
+++ b/arch/powerpc/include/asm/ptrace.h
@@ -87,6 +87,8 @@ struct pt_regs {
#ifndef __ASSEMBLY__
+#include <linux/types.h>
+
#define instruction_pointer(regs) ((regs)->nip)
#define user_stack_pointer(regs) ((regs)->gpr[1])
#define regs_return_value(regs) ((regs)->gpr[3])
@@ -141,6 +143,11 @@ do { \
#define arch_has_block_step() (!cpu_has_feature(CPU_FTR_601))
#define ARCH_HAS_USER_SINGLE_STEP_INFO
+/* for reprogramming DABR/DAC during restart of a checkpointed task */
+extern bool debugreg_valid(unsigned long val, unsigned int index);
+extern void debugreg_update(struct task_struct *task, unsigned long val,
+ unsigned int index);
+
#endif /* __ASSEMBLY__ */
#endif /* __KERNEL__ */
diff --git a/arch/powerpc/kernel/ptrace.c b/arch/powerpc/kernel/ptrace.c
index ed2cfe1..972e6a1 100644
--- a/arch/powerpc/kernel/ptrace.c
+++ b/arch/powerpc/kernel/ptrace.c
@@ -763,19 +763,23 @@ void user_disable_single_step(struct task_struct *task)
clear_tsk_thread_flag(task, TIF_SINGLESTEP);
}
-int ptrace_set_debugreg(struct task_struct *task, unsigned long addr,
- unsigned long data)
+/**
+ * debugreg_valid() - validate the value to be written to a debug register
+ * @val: The prospective contents of the register.
+ * @index: Must be zero.
+ *
+ * Returns true if @val is an acceptable value for the register indicated by
+ * @index, false otherwise.
+ */
+bool debugreg_valid(unsigned long val, unsigned int index)
{
- /* For ppc64 we support one DABR and no IABR's at the moment (ppc64).
- * For embedded processors we support one DAC and no IAC's at the
- * moment.
- */
- if (addr > 0)
- return -EINVAL;
+ /* We support only one debug register for now */
+ if (index != 0)
+ return false;
/* The bottom 3 bits in dabr are flags */
- if ((data & ~0x7UL) >= TASK_SIZE)
- return -EIO;
+ if ((val & ~0x7UL) >= TASK_SIZE)
+ return false;
#ifndef CONFIG_PPC_ADV_DEBUG_REGS
/* For processors using DABR (i.e. 970), the bottom 3 bits are flags.
@@ -791,19 +795,38 @@ int ptrace_set_debugreg(struct task_struct *task, unsigned long addr,
*/
/* Ensure breakpoint translation bit is set */
- if (data && !(data & DABR_TRANSLATION))
- return -EIO;
-
- /* Move contents to the DABR register */
- task->thread.dabr = data;
-#else /* CONFIG_PPC_ADV_DEBUG_REGS */
+ if (val && !(val & DABR_TRANSLATION))
+ return false;
+#else
/* As described above, it was assumed 3 bits were passed with the data
* address, but we will assume only the mode bits will be passed
* as to not cause alignment restrictions for DAC-based processors.
*/
+ /* Read or Write bits must be set */
+ if (!(val & 0x3UL))
+ return -EINVAL;
+#endif
+ return true;
+}
+
+/**
+ * debugreg_update() - update a debug register associated with a task
+ * @task: The task whose register state is to be modified.
+ * @val: The value to be written to the debug register.
+ * @index: Specifies the debug register. Currently unused.
+ *
+ * Set a task's DABR/DAC to @val, which should be validated with
+ * debugreg_valid() beforehand.
+ */
+void debugreg_update(struct task_struct *task, unsigned long val,
+ unsigned int index)
+{
+#ifndef CONFIG_PPC_ADV_DEBUG_REGS
+ task->thread.dabr = val;
+#else
/* DAC's hold the whole address without any mode flags */
- task->thread.dac1 = data & ~0x3UL;
+ task->thread.dabr = val & ~0x3UL;
if (task->thread.dac1 == 0) {
dbcr_dac(task) &= ~(DBCR_DAC1R | DBCR_DAC1W);
@@ -812,13 +835,8 @@ int ptrace_set_debugreg(struct task_struct *task, unsigned long addr,
task->thread.regs->msr &= ~MSR_DE;
task->thread.dbcr0 &= ~DBCR0_IDM;
}
- return 0;
}
- /* Read or Write bits must be set */
-
- if (!(data & 0x3UL))
- return -EINVAL;
/* Set the Internal Debugging flag (IDM bit 1) for the DBCR0
register */
@@ -827,12 +845,29 @@ int ptrace_set_debugreg(struct task_struct *task, unsigned long addr,
/* Check for write and read flags and set DBCR0
accordingly */
dbcr_dac(task) &= ~(DBCR_DAC1R|DBCR_DAC1W);
- if (data & 0x1UL)
+ if (val & 0x1UL)
dbcr_dac(task) |= DBCR_DAC1R;
- if (data & 0x2UL)
+ if (val & 0x2UL)
dbcr_dac(task) |= DBCR_DAC1W;
task->thread.regs->msr |= MSR_DE;
#endif /* CONFIG_PPC_ADV_DEBUG_REGS */
+}
+
+static int ptrace_set_debugreg(struct task_struct *task, unsigned long addr,
+ unsigned long data)
+{
+ /* For ppc64 we support one DABR and no IABR's at the moment (ppc64).
+ * For embedded processors we support one DAC and no IAC's at the
+ * moment.
+ */
+ if (addr > 0)
+ return -EINVAL;
+
+ if (!debugreg_valid(data, 0))
+ return -EIO;
+
+ debugreg_update(task, data, 0);
+
return 0;
}
--
1.6.3.3
^ permalink raw reply related [flat|nested] 137+ messages in thread* [PATCH v21 086/100] powerpc: checkpoint/restart implementation
2010-05-01 14:14 [PATCH v21 00/100] Kernel based checkpoint/restart Oren Laadan
` (84 preceding siblings ...)
2010-05-01 14:16 ` [PATCH v21 085/100] powerpc: provide APIs for validating and updating DABR Oren Laadan
@ 2010-05-01 14:16 ` Oren Laadan
2010-05-01 14:16 ` [PATCH v21 087/100] powerpc: wire up checkpoint and restart syscalls Oren Laadan
` (15 subsequent siblings)
101 siblings, 0 replies; 137+ messages in thread
From: Oren Laadan @ 2010-05-01 14:16 UTC (permalink / raw)
To: Andrew Morton
Cc: containers, linux-kernel, Serge Hallyn, Matt Helsley,
Pavel Emelyanov, Nathan Lynch, linuxppc-dev
From: Nathan Lynch <ntl@pobox.com>
Support for checkpointing and restarting GPRs, FPU state, DABR, and
Altivec state.
The portion of the checkpoint image manipulated by this code begins
with a bitmask of features indicating the various contexts saved.
Fields in image that can vary depending on kernel configuration
(e.g. FP regs due to VSX) have their sizes explicitly recorded, except
for GPRS, so migrating between ppc32 and ppc64 won't work yet.
The restart code ensures that the task is not modified until the
checkpoint image is validated against the current kernel configuration
and hardware features (e.g. can't restart a task using Altivec on
non-Altivec systems).
What works:
* self and external checkpoint of simple (single thread, one open
file) 32- and 64-bit processes on a ppc64 kernel
What doesn't work:
* restarting a 32-bit task from a 64-bit task and vice versa
Untested:
* ppc32 (but it builds)
Changelog[v21]:
- Do not include checkpoint_hdr.h explicitly
Changelog[v19]:
- [Serge Hallyn] Add hook task_has_saved_sigmask()
Changelog[v19-rc3]:
- [Oren Laadan] Move checkpoint.c from arch/powerpc/{mm->kernel}
- [Nathan Lynch] Warn if full register state unavailable
Cc: linuxppc-dev@ozlabs.org
Signed-off-by: Nathan Lynch <ntl@pobox.com>
Acked-by: Serge E. Hallyn <serue@us.ibm.com>
[Oren Laadan <orenl@cs.columbia.edu>] Add arch-specific tty support
---
arch/powerpc/include/asm/Kbuild | 1 +
arch/powerpc/include/asm/checkpoint_hdr.h | 37 ++
arch/powerpc/kernel/Makefile | 1 +
arch/powerpc/kernel/checkpoint.c | 532 +++++++++++++++++++++++++++++
arch/powerpc/kernel/signal.c | 6 +
5 files changed, 577 insertions(+), 0 deletions(-)
create mode 100644 arch/powerpc/include/asm/checkpoint_hdr.h
create mode 100644 arch/powerpc/kernel/checkpoint.c
diff --git a/arch/powerpc/include/asm/Kbuild b/arch/powerpc/include/asm/Kbuild
index 5ab7d7f..20379f1 100644
--- a/arch/powerpc/include/asm/Kbuild
+++ b/arch/powerpc/include/asm/Kbuild
@@ -12,6 +12,7 @@ header-y += shmbuf.h
header-y += socket.h
header-y += termbits.h
header-y += fcntl.h
+header-y += checkpoint_hdr.h
header-y += poll.h
header-y += sockios.h
header-y += ucontext.h
diff --git a/arch/powerpc/include/asm/checkpoint_hdr.h b/arch/powerpc/include/asm/checkpoint_hdr.h
new file mode 100644
index 0000000..fbb1705
--- /dev/null
+++ b/arch/powerpc/include/asm/checkpoint_hdr.h
@@ -0,0 +1,37 @@
+#ifndef __ASM_POWERPC_CKPT_HDR_H
+#define __ASM_POWERPC_CKPT_HDR_H
+
+#include <linux/types.h>
+
+/* arch dependent constants */
+#define CKPT_ARCH_NSIG 64
+#define CKPT_TTY_NCC 10
+
+#ifdef __KERNEL__
+
+#include <asm/signal.h>
+#if CKPT_ARCH_NSIG != _NSIG
+#error CKPT_ARCH_NSIG size is wrong per asm/signal.h and asm/checkpoint_hdr.h
+#endif
+
+#include <linux/tty.h>
+#if CKPT_TTY_NCC != NCC
+#error CKPT_TTY_NCC size is wrong per asm-generic/termios.h
+#endif
+
+#endif /* __KERNEL__ */
+
+#ifdef __KERNEL__
+#ifdef CONFIG_PPC64
+#define CKPT_ARCH_ID CKPT_ARCH_PPC64
+#else
+#define CKPT_ARCH_ID CKPT_ARCH_PPC32
+#endif
+#endif
+
+struct ckpt_hdr_header_arch {
+ struct ckpt_hdr h;
+ __u32 what;
+} __attribute__((aligned(8)));
+
+#endif /* __ASM_POWERPC_CKPT_HDR_H */
diff --git a/arch/powerpc/kernel/Makefile b/arch/powerpc/kernel/Makefile
index 8773263..6d294a4 100644
--- a/arch/powerpc/kernel/Makefile
+++ b/arch/powerpc/kernel/Makefile
@@ -63,6 +63,7 @@ obj64-$(CONFIG_HIBERNATION) += swsusp_asm64.o
obj-$(CONFIG_MODULES) += module.o module_$(CONFIG_WORD_SIZE).o
obj-$(CONFIG_44x) += cpu_setup_44x.o
obj-$(CONFIG_FSL_BOOKE) += cpu_setup_fsl_booke.o dbell.o
+obj-$(CONFIG_CHECKPOINT) += checkpoint.o
extra-y := head_$(CONFIG_WORD_SIZE).o
extra-$(CONFIG_PPC_BOOK3E_32) := head_new_booke.o
diff --git a/arch/powerpc/kernel/checkpoint.c b/arch/powerpc/kernel/checkpoint.c
new file mode 100644
index 0000000..492c604
--- /dev/null
+++ b/arch/powerpc/kernel/checkpoint.c
@@ -0,0 +1,532 @@
+/*
+ * PowerPC architecture support for checkpoint/restart.
+ * Based on x86 implementation.
+ *
+ * Copyright (C) 2008 Oren Laadan
+ * Copyright 2009 IBM Corp.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License version
+ * 2 as published by the Free Software Foundation.
+ */
+
+#if 0
+#define DEBUG
+#endif
+
+#include <linux/checkpoint.h>
+#include <linux/kernel.h>
+#include <asm/processor.h>
+#include <asm/ptrace.h>
+#include <asm/system.h>
+
+enum ckpt_cpu_feature {
+ CKPT_USED_FP,
+ CKPT_USED_DEBUG,
+ CKPT_USED_ALTIVEC,
+ CKPT_USED_SPE,
+ CKPT_USED_VSX,
+ CKPT_FTR_END = 31,
+};
+
+#define x(ftr) (1UL << ftr)
+
+/* features this kernel can handle for restart */
+enum {
+ CKPT_FTRS_POSSIBLE =
+#ifdef CONFIG_PPC_FPU
+ x(CKPT_USED_FP) |
+#endif
+ x(CKPT_USED_DEBUG) |
+#ifdef CONFIG_ALTIVEC
+ x(CKPT_USED_ALTIVEC) |
+#endif
+#ifdef CONFIG_SPE
+ x(CKPT_USED_SPE) |
+#endif
+#ifdef CONFIG_VSX
+ x(CKPT_USED_VSX) |
+#endif
+ 0,
+};
+
+#undef x
+
+struct ckpt_hdr_cpu {
+ struct ckpt_hdr h;
+ u32 features_used;
+ u32 pt_regs_size;
+ u32 fpr_size;
+ u64 orig_gpr3;
+ struct pt_regs pt_regs;
+ /* relevant fields from thread_struct */
+ double fpr[32][TS_FPRWIDTH];
+ u32 fpscr;
+ s32 fpexc_mode;
+ u64 dabr;
+ /* Altivec/VMX state */
+ vector128 vr[32];
+ vector128 vscr;
+ u64 vrsave;
+ /* SPE state */
+ u32 evr[32];
+ u64 acc;
+ u32 spefscr;
+};
+
+/**************************************************************************
+ * Checkpoint
+ */
+
+static void ckpt_cpu_feature_set(struct ckpt_hdr_cpu *hdr,
+ enum ckpt_cpu_feature ftr)
+{
+ hdr->features_used |= 1ULL << ftr;
+}
+
+static bool ckpt_cpu_feature_isset(const struct ckpt_hdr_cpu *hdr,
+ enum ckpt_cpu_feature ftr)
+{
+ return hdr->features_used & (1ULL << ftr);
+}
+
+/* determine whether an image has feature bits set that this kernel
+ * does not support */
+static bool ckpt_cpu_features_unknown(const struct ckpt_hdr_cpu *hdr)
+{
+ return hdr->features_used & ~CKPT_FTRS_POSSIBLE;
+}
+
+static void checkpoint_gprs(struct ckpt_hdr_cpu *cpu_hdr,
+ struct task_struct *task)
+{
+ struct pt_regs *pt_regs;
+
+ pr_debug("%s: saving GPRs\n", __func__);
+
+ cpu_hdr->pt_regs_size = sizeof(*pt_regs);
+ pt_regs = task_pt_regs(task);
+ WARN_ON(!FULL_REGS(pt_regs));
+
+ cpu_hdr->pt_regs = *pt_regs;
+
+ if (task == current)
+ cpu_hdr->pt_regs.gpr[3] = 0;
+
+ cpu_hdr->orig_gpr3 = pt_regs->orig_gpr3;
+}
+
+#ifdef CONFIG_PPC_FPU
+static void checkpoint_fpu(struct ckpt_hdr_cpu *cpu_hdr,
+ struct task_struct *task)
+{
+ /* easiest to save FP state unconditionally */
+
+ pr_debug("%s: saving FPU state\n", __func__);
+
+ if (task == current)
+ flush_fp_to_thread(task);
+
+ cpu_hdr->fpr_size = sizeof(cpu_hdr->fpr);
+ cpu_hdr->fpscr = task->thread.fpscr.val;
+ cpu_hdr->fpexc_mode = task->thread.fpexc_mode;
+
+ memcpy(cpu_hdr->fpr, task->thread.fpr, sizeof(cpu_hdr->fpr));
+
+ ckpt_cpu_feature_set(cpu_hdr, CKPT_USED_FP);
+}
+#else
+static void checkpoint_fpu(struct ckpt_hdr_cpu *cpu_hdr,
+ struct task_struct *task)
+{
+ return;
+}
+#endif
+
+#ifdef CONFIG_ALTIVEC
+static void checkpoint_altivec(struct ckpt_hdr_cpu *cpu_hdr,
+ struct task_struct *task)
+{
+ if (!cpu_has_feature(CPU_FTR_ALTIVEC))
+ return;
+
+ if (!task->thread.used_vr)
+ return;
+
+ pr_debug("%s: saving Altivec state\n", __func__);
+
+ if (task == current)
+ flush_altivec_to_thread(task);
+
+ cpu_hdr->vrsave = task->thread.vrsave;
+ memcpy(cpu_hdr->vr, task->thread.vr, sizeof(cpu_hdr->vr));
+ ckpt_cpu_feature_set(cpu_hdr, CKPT_USED_ALTIVEC);
+}
+#else
+static void checkpoint_altivec(struct ckpt_hdr_cpu *cpu_hdr,
+ struct task_struct *task)
+{
+ return;
+}
+#endif
+
+#ifdef CONFIG_SPE
+static void checkpoint_spe(struct ckpt_hdr_cpu *cpu_hdr,
+ struct task_struct *task)
+{
+ if (!cpu_has_feature(CPU_FTR_SPE))
+ return;
+
+ if (!task->thread.used_spe)
+ return;
+
+ pr_debug("%s: saving SPE state\n", __func__);
+
+ if (task == current)
+ flush_spe_to_thread(task);
+
+ cpu_hdr->acc = task->thread.acc;
+ cpu_hdr->spefscr = task->thread.spefscr;
+ memcpy(cpu_hdr->evr, task->thread.evr, sizeof(cpu_hdr->evr));
+ ckpt_cpu_feature_set(cpu_hdr, CKPT_USED_SPE);
+}
+#else
+static void checkpoint_spe(struct ckpt_hdr_cpu *cpu_hdr,
+ struct task_struct *task)
+{
+ return;
+}
+#endif
+
+static void checkpoint_dabr(struct ckpt_hdr_cpu *cpu_hdr,
+ const struct task_struct *task)
+{
+ if (!task->thread.dabr)
+ return;
+
+ cpu_hdr->dabr = task->thread.dabr;
+ ckpt_cpu_feature_set(cpu_hdr, CKPT_USED_DEBUG);
+}
+
+/* dump the thread_struct of a given task */
+int checkpoint_thread(struct ckpt_ctx *ctx, struct task_struct *t)
+{
+ return 0;
+}
+
+/* dump the cpu state and registers of a given task */
+int checkpoint_cpu(struct ckpt_ctx *ctx, struct task_struct *t)
+{
+ struct ckpt_hdr_cpu *cpu_hdr;
+ int rc;
+
+ rc = -ENOMEM;
+ cpu_hdr = ckpt_hdr_get_type(ctx, sizeof(*cpu_hdr), CKPT_HDR_CPU);
+ if (!cpu_hdr)
+ goto err;
+
+ checkpoint_gprs(cpu_hdr, t);
+ checkpoint_fpu(cpu_hdr, t);
+ checkpoint_dabr(cpu_hdr, t);
+ checkpoint_altivec(cpu_hdr, t);
+ checkpoint_spe(cpu_hdr, t);
+
+ rc = ckpt_write_obj(ctx, (struct ckpt_hdr *) cpu_hdr);
+err:
+ ckpt_hdr_put(ctx, cpu_hdr);
+ return rc;
+}
+
+int checkpoint_write_header_arch(struct ckpt_ctx *ctx)
+{
+ struct ckpt_hdr_header_arch *arch_hdr;
+ int ret;
+
+ arch_hdr = ckpt_hdr_get_type(ctx, sizeof(*arch_hdr),
+ CKPT_HDR_HEADER_ARCH);
+ if (!arch_hdr)
+ return -ENOMEM;
+
+ arch_hdr->what = 0xdeadbeef;
+
+ ret = ckpt_write_obj(ctx, &arch_hdr->h);
+ ckpt_hdr_put(ctx, arch_hdr);
+
+ return ret;
+}
+
+/* dump the mm->context state */
+int checkpoint_mm_context(struct ckpt_ctx *ctx, struct mm_struct *mm)
+{
+ return 0;
+}
+
+/**************************************************************************
+ * Restart
+ */
+
+/* read the thread_struct into the current task */
+int restore_thread(struct ckpt_ctx *ctx)
+{
+ return 0;
+}
+
+/* Based on the MSR value from a checkpoint image, produce an MSR
+ * value that is appropriate for the restored task. Right now we only
+ * check for MSR_SF (64-bit) for PPC64.
+ */
+static unsigned long sanitize_msr(unsigned long msr_ckpt)
+{
+#ifdef CONFIG_PPC32
+ return MSR_USER;
+#else
+ if (msr_ckpt & MSR_SF)
+ return MSR_USER64;
+ return MSR_USER32;
+#endif
+}
+
+static int restore_gprs(const struct ckpt_hdr_cpu *cpu_hdr,
+ struct task_struct *task, bool update)
+{
+ struct pt_regs *regs;
+ int rc;
+
+ rc = -EINVAL;
+ if (cpu_hdr->pt_regs_size != sizeof(*regs))
+ goto out;
+
+ rc = 0;
+ if (!update)
+ goto out;
+
+ regs = task_pt_regs(task);
+ *regs = cpu_hdr->pt_regs;
+
+ regs->orig_gpr3 = cpu_hdr->orig_gpr3;
+
+ regs->msr = sanitize_msr(regs->msr);
+out:
+ return rc;
+}
+
+#ifdef CONFIG_PPC_FPU
+static int restore_fpu(const struct ckpt_hdr_cpu *cpu_hdr,
+ struct task_struct *task, bool update)
+{
+ int rc;
+
+ rc = -EINVAL;
+ if (cpu_hdr->fpr_size != sizeof(task->thread.fpr))
+ goto out;
+
+ rc = 0;
+ if (!update || !ckpt_cpu_feature_isset(cpu_hdr, CKPT_USED_FP))
+ goto out;
+
+ task->thread.fpscr.val = cpu_hdr->fpscr;
+ task->thread.fpexc_mode = cpu_hdr->fpexc_mode;
+
+ memcpy(task->thread.fpr, cpu_hdr->fpr, sizeof(task->thread.fpr));
+out:
+ return rc;
+}
+#else
+static int restore_fpu(const struct ckpt_hdr_cpu *cpu_hdr,
+ struct task_struct *task, bool update)
+{
+ WARN_ON_ONCE(ckpt_cpu_feature_isset(cpu_hdr, CKPT_USED_FP));
+ return 0;
+}
+#endif
+
+static int restore_dabr(const struct ckpt_hdr_cpu *cpu_hdr,
+ struct task_struct *task, bool update)
+{
+ int rc;
+
+ rc = 0;
+ if (!ckpt_cpu_feature_isset(cpu_hdr, CKPT_USED_DEBUG))
+ goto out;
+
+ rc = -EINVAL;
+ if (!debugreg_valid(cpu_hdr->dabr, 0))
+ goto out;
+
+ rc = 0;
+ if (!update)
+ goto out;
+
+ debugreg_update(task, cpu_hdr->dabr, 0);
+out:
+ return rc;
+}
+
+#ifdef CONFIG_ALTIVEC
+static int restore_altivec(const struct ckpt_hdr_cpu *cpu_hdr,
+ struct task_struct *task, bool update)
+{
+ int rc;
+
+ rc = 0;
+ if (!ckpt_cpu_feature_isset(cpu_hdr, CKPT_USED_ALTIVEC))
+ goto out;
+
+ rc = -EINVAL;
+ if (!cpu_has_feature(CPU_FTR_ALTIVEC))
+ goto out;
+
+ rc = 0;
+ if (!update)
+ goto out;
+
+ task->thread.vrsave = cpu_hdr->vrsave;
+ task->thread.used_vr = 1;
+
+ memcpy(task->thread.vr, cpu_hdr->vr, sizeof(cpu_hdr->vr));
+out:
+ return rc;
+}
+#else
+static int restore_altivec(const struct ckpt_hdr_cpu *cpu_hdr,
+ struct task_struct *task, bool update)
+{
+ WARN_ON_ONCE(ckpt_cpu_feature_isset(CKPT_USED_ALTIVEC));
+ return 0;
+}
+#endif
+
+#ifdef CONFIG_SPE
+static int restore_spe(const struct ckpt_hdr_cpu *cpu_hdr,
+ struct task_struct *task, bool update)
+{
+ int rc;
+
+ rc = 0;
+ if (!ckpt_cpu_feature_isset(cpu_hdr, CKPT_USED_SPE))
+ goto out;
+
+ rc = -EINVAL;
+ if (!cpu_has_feature(CPU_FTR_SPE))
+ goto out;
+
+ rc = 0;
+ if (!update)
+ goto out;
+
+ task->thread.acc = cpu_hdr->acc;
+ task->thread.spefscr = cpu_hdr->spefscr;
+ task->thread.used_spe = 1;
+
+ memcpy(task->thread.evr, cpu_hdr->evr, sizeof(cpu_hdr->evr));
+out:
+ return rc;
+}
+#else
+static int restore_spe(const struct ckpt_hdr_cpu *cpu_hdr,
+ struct task_struct *task, bool update)
+{
+ WARN_ON_ONCE(ckpt_cpu_feature_isset(cpu_hdr, CKPT_USED_SPE));
+ return 0;
+}
+#endif
+
+struct restore_func_desc {
+ int (*func)(const struct ckpt_hdr_cpu *, struct task_struct *, bool);
+ const char *info;
+};
+
+typedef int (*restore_func_t)(const struct ckpt_hdr_cpu *,
+ struct task_struct *, bool);
+
+static const restore_func_t restore_funcs[] = {
+ restore_gprs,
+ restore_fpu,
+ restore_dabr,
+ restore_altivec,
+ restore_spe,
+};
+
+static bool bitness_match(const struct ckpt_hdr_cpu *cpu_hdr,
+ const struct task_struct *task)
+{
+ /* 64-bit image */
+ if (cpu_hdr->pt_regs.msr & MSR_SF) {
+ if (task->thread.regs->msr & MSR_SF)
+ return true;
+ else
+ return false;
+ }
+
+ /* 32-bit image */
+ if (task->thread.regs->msr & MSR_SF)
+ return false;
+
+ return true;
+}
+
+int restore_cpu(struct ckpt_ctx *ctx)
+{
+ struct ckpt_hdr_cpu *cpu_hdr;
+ bool update;
+ int rc;
+ int i;
+
+ cpu_hdr = ckpt_read_obj_type(ctx, sizeof(*cpu_hdr), CKPT_HDR_CPU);
+ if (IS_ERR(cpu_hdr))
+ return PTR_ERR(cpu_hdr);
+
+ rc = -EINVAL;
+ if (ckpt_cpu_features_unknown(cpu_hdr))
+ goto err;
+
+ /* temporary: restoring a 32-bit image from a 64-bit task and
+ * vice-versa is known not to work (probably not restoring
+ * thread_info correctly); detect this and fail gracefully.
+ */
+ if (!bitness_match(cpu_hdr, current))
+ goto err;
+
+ /* We want to determine whether there's anything wrong with
+ * the checkpoint image before changing the task at all. Run
+ * a "check" phase (update = false) first.
+ */
+ update = false;
+commit:
+ for (i = 0; i < ARRAY_SIZE(restore_funcs); i++) {
+ rc = restore_funcs[i](cpu_hdr, current, update);
+ if (rc == 0)
+ continue;
+ pr_debug("%s: restore_func[%i] failed\n", __func__, i);
+ WARN_ON_ONCE(update);
+ goto err;
+ }
+
+ if (!update) {
+ update = true;
+ goto commit;
+ }
+
+err:
+ ckpt_hdr_put(ctx, cpu_hdr);
+ return rc;
+}
+
+int restore_read_header_arch(struct ckpt_ctx *ctx)
+{
+ struct ckpt_hdr_header_arch *arch_hdr;
+
+ arch_hdr = ckpt_read_obj_type(ctx, sizeof(*arch_hdr),
+ CKPT_HDR_HEADER_ARCH);
+ if (IS_ERR(arch_hdr))
+ return PTR_ERR(arch_hdr);
+
+ ckpt_hdr_put(ctx, arch_hdr);
+
+ return 0;
+}
+
+int restore_mm_context(struct ckpt_ctx *ctx, struct mm_struct *mm)
+{
+ return 0;
+}
diff --git a/arch/powerpc/kernel/signal.c b/arch/powerpc/kernel/signal.c
index a0afb55..b3337ad 100644
--- a/arch/powerpc/kernel/signal.c
+++ b/arch/powerpc/kernel/signal.c
@@ -186,6 +186,12 @@ static int do_signal_pending(sigset_t *oldset, struct pt_regs *regs)
return ret;
}
+int task_has_saved_sigmask(struct task_struct *task)
+{
+ struct thread_info *ti = task_thread_info(task);
+ return !!(ti->local_flags & _TLF_RESTORE_SIGMASK);
+}
+
void do_signal(struct pt_regs *regs, unsigned long thread_info_flags)
{
if (thread_info_flags & _TIF_SIGPENDING)
--
1.6.3.3
^ permalink raw reply related [flat|nested] 137+ messages in thread* [PATCH v21 087/100] powerpc: wire up checkpoint and restart syscalls
2010-05-01 14:14 [PATCH v21 00/100] Kernel based checkpoint/restart Oren Laadan
` (85 preceding siblings ...)
2010-05-01 14:16 ` [PATCH v21 086/100] powerpc: checkpoint/restart implementation Oren Laadan
@ 2010-05-01 14:16 ` Oren Laadan
2010-05-01 14:16 ` [PATCH v21 088/100] powerpc: enable checkpoint support in Kconfig Oren Laadan
` (14 subsequent siblings)
101 siblings, 0 replies; 137+ messages in thread
From: Oren Laadan @ 2010-05-01 14:16 UTC (permalink / raw)
To: Andrew Morton
Cc: containers, linux-kernel, Serge Hallyn, Matt Helsley,
Pavel Emelyanov, Nathan Lynch, linuxppc-dev
From: Nathan Lynch <ntl@pobox.com>
Changelog [v21]:
- Fix build break with CONFIG_CHECKPOINT=n
Changelog [v19]:
- Checkpoint/powerpc: fix up checkpoint syscall, tidy restart
Cc: linuxppc-dev@ozlabs.org
Signed-off-by: Nathan Lynch <ntl@pobox.com>
Acked-by: Serge E. Hallyn <serue@us.ibm.com>
---
arch/powerpc/include/asm/systbl.h | 2 ++
arch/powerpc/include/asm/unistd.h | 4 +++-
arch/powerpc/kernel/checkpoint.c | 18 ++++++++++++++++++
arch/powerpc/kernel/entry_32.S | 23 +++++++++++++++++++++++
arch/powerpc/kernel/entry_64.S | 16 ++++++++++++++++
arch/powerpc/kernel/process.c | 1 +
6 files changed, 63 insertions(+), 1 deletions(-)
diff --git a/arch/powerpc/include/asm/systbl.h b/arch/powerpc/include/asm/systbl.h
index f94fc43..b5afba3 100644
--- a/arch/powerpc/include/asm/systbl.h
+++ b/arch/powerpc/include/asm/systbl.h
@@ -327,3 +327,5 @@ COMPAT_SYS_SPU(preadv)
COMPAT_SYS_SPU(pwritev)
COMPAT_SYS(rt_tgsigqueueinfo)
PPC_SYS(eclone)
+PPC_SYS(checkpoint)
+PPC_SYS(restart)
diff --git a/arch/powerpc/include/asm/unistd.h b/arch/powerpc/include/asm/unistd.h
index 4cdbd5c..54f6ecb 100644
--- a/arch/powerpc/include/asm/unistd.h
+++ b/arch/powerpc/include/asm/unistd.h
@@ -346,10 +346,12 @@
#define __NR_pwritev 321
#define __NR_rt_tgsigqueueinfo 322
#define __NR_eclone 323
+#define __NR_checkpoint 324
+#define __NR_restart 325
#ifdef __KERNEL__
-#define __NR_syscalls 324
+#define __NR_syscalls 326
#define __NR__exit __NR_exit
#define NR_syscalls __NR_syscalls
diff --git a/arch/powerpc/kernel/checkpoint.c b/arch/powerpc/kernel/checkpoint.c
index 492c604..9aeab89 100644
--- a/arch/powerpc/kernel/checkpoint.c
+++ b/arch/powerpc/kernel/checkpoint.c
@@ -530,3 +530,21 @@ int restore_mm_context(struct ckpt_ctx *ctx, struct mm_struct *mm)
{
return 0;
}
+
+int sys_checkpoint(unsigned long pid, unsigned long fd, unsigned long flags,
+ unsigned long logfd, unsigned long p5, unsigned long p6,
+ struct pt_regs *regs)
+{
+ CHECK_FULL_REGS(regs);
+
+ return do_sys_checkpoint(pid, fd, flags, logfd);
+}
+
+int sys_restart(unsigned long pid, unsigned long fd, unsigned long flags,
+ unsigned long logfd, unsigned long p5, unsigned long p6,
+ struct pt_regs *regs)
+{
+ CHECK_FULL_REGS(regs);
+
+ return do_sys_restart(pid, fd, flags, logfd);
+}
diff --git a/arch/powerpc/kernel/entry_32.S b/arch/powerpc/kernel/entry_32.S
index 579f1da..853814b 100644
--- a/arch/powerpc/kernel/entry_32.S
+++ b/arch/powerpc/kernel/entry_32.S
@@ -594,6 +594,29 @@ ppc_eclone:
stw r0,_TRAP(r1) /* register set saved */
b sys_eclone
+/* To handle self-checkpoint we must save nvpgprs */
+ .globl ppc_checkpoint
+ppc_checkpoint:
+ SAVE_NVGPRS(r1)
+ lwz r0,_TRAP(r1)
+ rlwinm r0,r0,0,0,30 /* clear LSB to indicate full */
+ stw r0,_TRAP(r1) /* register set saved */
+ b sys_checkpoint
+
+/* The full register set must be restored upon return from restart.
+ * Save nvgprs unconditionally so the caller's state is
+ * restored correctly in case of error.
+ */
+ .globl ppc_restart
+ppc_restart:
+ SAVE_NVGPRS(r1)
+ lwz r0,_TRAP(r1)
+ rlwinm r0,r0,0,0,30 /* clear LSB to indicate full */
+ stw r0,_TRAP(r1) /* register set saved */
+ bl sys_restart
+ REST_NVGPRS(r1)
+ b ret_from_syscall
+
.globl ppc_swapcontext
ppc_swapcontext:
SAVE_NVGPRS(r1)
diff --git a/arch/powerpc/kernel/entry_64.S b/arch/powerpc/kernel/entry_64.S
index b763340..228f592 100644
--- a/arch/powerpc/kernel/entry_64.S
+++ b/arch/powerpc/kernel/entry_64.S
@@ -349,6 +349,22 @@ _GLOBAL(ppc_eclone)
bl .sys_eclone
b syscall_exit
+/* To handle self-checkpoint we must save nvpgprs */
+_GLOBAL(ppc_checkpoint)
+ bl .save_nvgprs
+ bl .sys_checkpoint
+ b syscall_exit
+
+/* The full register set must be restored upon return from restart.
+ * Save nvgprs unconditionally so the caller's state is
+ * restored correctly in case of error.
+ */
+_GLOBAL(ppc_restart)
+ bl .save_nvgprs
+ bl .sys_restart
+ REST_NVGPRS(r1)
+ b syscall_exit
+
_GLOBAL(ppc32_swapcontext)
bl .save_nvgprs
bl .compat_sys_swapcontext
diff --git a/arch/powerpc/kernel/process.c b/arch/powerpc/kernel/process.c
index b183287..1664586 100644
--- a/arch/powerpc/kernel/process.c
+++ b/arch/powerpc/kernel/process.c
@@ -30,6 +30,7 @@
#include <linux/init_task.h>
#include <linux/module.h>
#include <linux/kallsyms.h>
+#include <linux/checkpoint.h>
#include <linux/mqueue.h>
#include <linux/hardirq.h>
#include <linux/utsname.h>
--
1.6.3.3
^ permalink raw reply related [flat|nested] 137+ messages in thread* [PATCH v21 088/100] powerpc: enable checkpoint support in Kconfig
2010-05-01 14:14 [PATCH v21 00/100] Kernel based checkpoint/restart Oren Laadan
` (86 preceding siblings ...)
2010-05-01 14:16 ` [PATCH v21 087/100] powerpc: wire up checkpoint and restart syscalls Oren Laadan
@ 2010-05-01 14:16 ` Oren Laadan
2010-05-01 14:16 ` [PATCH v21 089/100] c/r: add lsm name and lsm_info (policy header) to container info Oren Laadan
` (13 subsequent siblings)
101 siblings, 0 replies; 137+ messages in thread
From: Oren Laadan @ 2010-05-01 14:16 UTC (permalink / raw)
To: Andrew Morton
Cc: containers, linux-kernel, Serge Hallyn, Matt Helsley,
Pavel Emelyanov, Nathan Lynch, linuxppc-dev
From: Nathan Lynch <ntl@pobox.com>
Cc: linuxppc-dev@ozlabs.org
Signed-off-by: Nathan Lynch <ntl@pobox.com>
Acked-by: Serge E. Hallyn <serue@us.ibm.com>
---
arch/powerpc/Kconfig | 3 +++
1 files changed, 3 insertions(+), 0 deletions(-)
diff --git a/arch/powerpc/Kconfig b/arch/powerpc/Kconfig
index 2e19500..16416b0 100644
--- a/arch/powerpc/Kconfig
+++ b/arch/powerpc/Kconfig
@@ -26,6 +26,9 @@ config MMU
bool
default y
+config CHECKPOINT_SUPPORT
+ def_bool y
+
config GENERIC_CMOS_UPDATE
def_bool y
--
1.6.3.3
^ permalink raw reply related [flat|nested] 137+ messages in thread* [PATCH v21 089/100] c/r: add lsm name and lsm_info (policy header) to container info
2010-05-01 14:14 [PATCH v21 00/100] Kernel based checkpoint/restart Oren Laadan
` (87 preceding siblings ...)
2010-05-01 14:16 ` [PATCH v21 088/100] powerpc: enable checkpoint support in Kconfig Oren Laadan
@ 2010-05-01 14:16 ` Oren Laadan
2010-05-01 14:16 ` [PATCH v21 090/100] c/r: add generic LSM c/r support (v7) Oren Laadan
` (12 subsequent siblings)
101 siblings, 0 replies; 137+ messages in thread
From: Oren Laadan @ 2010-05-01 14:16 UTC (permalink / raw)
To: Andrew Morton
Cc: containers, linux-kernel, Serge Hallyn, Matt Helsley,
Pavel Emelyanov, linux-security-module, Kentaro Takeda,
David Howells
From: Serge E. Hallyn <serue@us.ibm.com>
The LSM name is 'selinux', 'smack', 'tomoyo', or 'dummy'. We
add that to the container configuration section. We also add
a LSM policy configuration section. That is placed after the LSM
name. It is written by the LSM in security_checkpoint_header(),
called during checkpoint container(), and read by the LSM during
security_may_restart(), which is called from restore_lsm() in
restore_container().
Cc: linux-security-module@vger.kernel.org
Cc: Kentaro Takeda <takedakn@nttdata.co.jp>
Cc: David Howells <dhowells@redhat.com>
Signed-off-by: Serge E. Hallyn <serue@us.ibm.com>
Acked-by: Oren Laadan <orenl@cs.columbia.edu>
---
Documentation/checkpoint/readme.txt | 24 ++++++++++++++
Documentation/checkpoint/usage.txt | 2 +
include/linux/checkpoint.h | 6 +++
include/linux/checkpoint_hdr.h | 16 +++++++++
include/linux/checkpoint_types.h | 2 +
include/linux/security.h | 61 +++++++++++++++++++++++++++++++++++
kernel/checkpoint/checkpoint.c | 13 +++++++-
kernel/checkpoint/restart.c | 41 +++++++++++++++++++++++
kernel/checkpoint/sys.c | 22 ++++++++++++
security/capability.c | 25 ++++++++++++++
security/security.c | 26 +++++++++++++++
11 files changed, 237 insertions(+), 1 deletions(-)
diff --git a/Documentation/checkpoint/readme.txt b/Documentation/checkpoint/readme.txt
index 2548bb4..030a001 100644
--- a/Documentation/checkpoint/readme.txt
+++ b/Documentation/checkpoint/readme.txt
@@ -343,6 +343,30 @@ So that's why we don't want CAP_SYS_ADMIN required up-front. That way
we will be forced to more carefully review each of those features.
However, this can be controlled with a sysctl-variable.
+LSM
+===
+
+Security modules use custom labels on subjects and objects to
+further mediate access decisions beyond DAC controls. When
+checkpoint applications, these labels are [ work in progress ]
+checkpointed along with the objects. At restart, the
+RESTART_KEEP_LSM flag tells the kernel whether re-created objects
+whould keep their checkpointed labels, or get automatically
+recalculated labels. Since checkpointed labels will only make
+sense to the same LSM which was active at checkpoint time,
+sys_restart() with the RESTART_KEEP_LSM flag will fail with
+-EINVAL if the LSM active at restart is not the same as that
+active at checkpoint. If RESTART_KEEP_LSM is not specified,
+then objects will be given whatever default labels the LSM and
+their optional policy decide. Of course, when RESTART_KEEP_LSM
+is specified, the LSM may choose a different label than the
+checkpointed one, or fail the entire restart if the caller
+does not have permission to create objects with the checkpointed
+label.
+
+It should always be safe to take a checkpoint of an application
+under LSM_1, and restart it without the RESTART_KEEP_LSM flag
+under LSM_2.
Sockets
=======
diff --git a/Documentation/checkpoint/usage.txt b/Documentation/checkpoint/usage.txt
index 239c162..d697ed1 100644
--- a/Documentation/checkpoint/usage.txt
+++ b/Documentation/checkpoint/usage.txt
@@ -36,6 +36,8 @@ The API consists of three new system calls:
- RESTART_FROEZN : processes remain frozen once restart completes
- RESTART_GHOST : process is a ghost (placeholder for a pid)
- RESTART_CONN_RESET : reset previously open sockets to be closed
+ - RESTART_KEEP_LSM : re-created objects keep their checkpointed
+ labels (or otherwise get automatically recalculated labels).
(Note that this argument may mean 'ckptid' to identify an in-kernel
checkpoint image, with some @flags in the future).
diff --git a/include/linux/checkpoint.h b/include/linux/checkpoint.h
index b7d7258..c56ece7 100644
--- a/include/linux/checkpoint.h
+++ b/include/linux/checkpoint.h
@@ -19,6 +19,7 @@
#define RESTART_TASKSELF 0x1
#define RESTART_FROZEN 0x2
#define RESTART_GHOST 0x4
+#define RESTART_KEEP_LSM 0x8
#define RESTART_CONN_RESET 0x10
/* misc user visible */
@@ -59,8 +60,11 @@ extern long do_sys_restart(pid_t pid, int fd,
(RESTART_TASKSELF | \
RESTART_FROZEN | \
RESTART_GHOST | \
+ RESTART_KEEP_LSM | \
RESTART_CONN_RESET)
+#define CKPT_LSM_INFO_LEN 200
+
extern int walk_task_subtree(struct task_struct *task,
int (*func)(struct task_struct *, void *),
void *data);
@@ -73,6 +77,8 @@ extern void _ckpt_hdr_put(struct ckpt_ctx *ctx, void *ptr, int n);
extern void ckpt_hdr_put(struct ckpt_ctx *ctx, void *ptr);
extern void *ckpt_hdr_get(struct ckpt_ctx *ctx, int n);
extern void *ckpt_hdr_get_type(struct ckpt_ctx *ctx, int n, int type);
+extern int ckpt_write_dummy_lsm_info(struct ckpt_ctx *ctx);
+extern void ckpt_snarf_lsm_info(struct ckpt_ctx *ctx);
extern int ckpt_write_obj(struct ckpt_ctx *ctx, struct ckpt_hdr *h);
extern int ckpt_write_obj_type(struct ckpt_ctx *ctx,
diff --git a/include/linux/checkpoint_hdr.h b/include/linux/checkpoint_hdr.h
index 90cbc15..9bf8eeb 100644
--- a/include/linux/checkpoint_hdr.h
+++ b/include/linux/checkpoint_hdr.h
@@ -33,6 +33,15 @@
#endif
/*
+ * /usr/include/linux/security.h is not exported to userspace, so
+ * we need this value here for userspace restart.c to read.
+ *
+ * CHECKPOINT_LSM_NAME_MAX should be SECURITY_NAME_MAX
+ * security_may_restart() has a BUILD_BUG_ON to enforce that.
+ */
+#define CHECKPOINT_LSM_NAME_MAX 10
+
+/*
* To maintain compatibility between 32-bit and 64-bit architecture flavors,
* keep data 64-bit aligned: use padding for structure members, and use
* __attribute__((aligned (8))) for the entire structure.
@@ -77,6 +86,8 @@ enum {
#define CKPT_HDR_STRING CKPT_HDR_STRING
CKPT_HDR_OBJREF,
#define CKPT_HDR_OBJREF CKPT_HDR_OBJREF
+ CKPT_HDR_LSM_INFO,
+#define CKPT_HDR_LSM_INFO CKPT_HDR_LSM_INFO
CKPT_HDR_TREE = 101,
#define CKPT_HDR_TREE CKPT_HDR_TREE
@@ -304,6 +315,11 @@ struct ckpt_hdr_tail {
/* container configuration section header */
struct ckpt_hdr_container {
struct ckpt_hdr h;
+ /*
+ * the header is followed by the string:
+ * char lsm_name[SECURITY_NAME_MAX + 1]
+ * plus the CKPT_HDR_LSM_INFO section
+ */
} __attribute__((aligned(8)));;
/* task tree */
diff --git a/include/linux/checkpoint_types.h b/include/linux/checkpoint_types.h
index b27312b..955a18c 100644
--- a/include/linux/checkpoint_types.h
+++ b/include/linux/checkpoint_types.h
@@ -21,6 +21,7 @@
#include <linux/fs.h>
#include <linux/ktime.h>
#include <linux/wait.h>
+#include <linux/security.h>
struct ckpt_stats {
int uts_ns;
@@ -38,6 +39,7 @@ struct ckpt_ctx {
struct task_struct *root_task; /* [container] root task */
struct nsproxy *root_nsproxy; /* [container] root nsproxy */
struct task_struct *root_freezer; /* [container] root task */
+ char lsm_name[SECURITY_NAME_MAX + 1]; /* security module at ckpt */
unsigned long kflags; /* kerenl flags */
unsigned long uflags; /* user flags */
diff --git a/include/linux/security.h b/include/linux/security.h
index 3158dd9..e45bd0f 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -145,6 +145,13 @@ extern int mmap_min_addr_handler(struct ctl_table *table, int write,
void __user *buffer, size_t *lenp, loff_t *ppos);
#endif
+#ifdef CONFIG_CHECKPOINT
+struct ckpt_ctx;
+
+void ckpt_snarf_lsm_info(struct ckpt_ctx *ctx);
+int ckpt_write_dummy_lsm_info(struct ckpt_ctx *ctx);
+#endif
+
#ifdef CONFIG_SECURITY
struct security_mnt_opts {
@@ -1379,6 +1386,28 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
* @secdata contains the security context.
* @seclen contains the length of the security context.
*
+ * Security hooks for Checkpoint/restart
+ * (In addition to *_checkpoint and *_restore)
+ *
+ * @may_restart:
+ * Authorize sys_restart().
+ * Note that all construction of kernel resources, credentials,
+ * etc is already authorized per the caller's credentials. This
+ * hook is intended for the LSM to make further decisions about
+ * a task not being allowed to restart at all, for instance if
+ * the policy has changed since checkpoint.
+ * @ctx is the checkpoint/restart context (see <linux/checkpoint_types.h>)
+ * Return 0 if allowed, <0 on error.
+ *
+ * @checkpoint_header:
+ * Optionally write out a LSM-specific checkpoint header. This is
+ * a chance to write out policy information, for instance. The same
+ * LSM on restart can then use the info in security_may_restart() to
+ * refuse restart (for instance) across policy changes.
+ * The info is to be written as a an object of type CKPT_HDR_LSM_INFO.
+ * @ctx is the checkpoint/restart context (see <linux/checkpoint_types.h>)
+ * Return 0 on success, <0 on error.
+ *
* Security hooks for Audit
*
* @audit_rule_init:
@@ -1661,6 +1690,11 @@ struct security_operations {
int (*inode_setsecctx)(struct dentry *dentry, void *ctx, u32 ctxlen);
int (*inode_getsecctx)(struct inode *inode, void **ctx, u32 *ctxlen);
+#ifdef CONFIG_CHECKPOINT
+ int (*may_restart) (struct ckpt_ctx *ctx);
+ int (*checkpoint_header) (struct ckpt_ctx *ctx);
+#endif
+
#ifdef CONFIG_SECURITY_NETWORK
int (*unix_stream_connect) (struct socket *sock,
struct socket *other, struct sock *newsk);
@@ -1913,6 +1947,14 @@ void security_release_secctx(char *secdata, u32 seclen);
int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen);
int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen);
int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen);
+
+#ifdef CONFIG_CHECKPOINT
+int security_may_restart(struct ckpt_ctx *ctx);
+int security_checkpoint_header(struct ckpt_ctx *ctx);
+#endif /* CONFIG_CHECKPOINT */
+
+char *security_get_lsm_name(void);
+
#else /* CONFIG_SECURITY */
struct security_mnt_opts {
};
@@ -1935,6 +1977,12 @@ static inline int security_init(void)
return 0;
}
+#define DEFAULT_LSM_NAME "lsm_none"
+static inline char *security_get_lsm_name(void)
+{
+ return DEFAULT_LSM_NAME;
+}
+
static inline int security_ptrace_access_check(struct task_struct *child,
unsigned int mode)
{
@@ -2682,6 +2730,19 @@ static inline int security_inode_getsecctx(struct inode *inode, void **ctx, u32
{
return -EOPNOTSUPP;
}
+
+#ifdef CONFIG_CHECKPOINT
+static inline int security_may_restart(struct ckpt_ctx *ctx)
+{
+ ckpt_snarf_lsm_info(ctx);
+ return 0;
+}
+static inline int security_checkpoint_header(struct ckpt_ctx *ctx)
+{
+ return ckpt_write_dummy_lsm_info(ctx);
+}
+#endif /* CONFIG_CHECKPOINT */
+
#endif /* CONFIG_SECURITY */
#ifdef CONFIG_SECURITY_NETWORK
diff --git a/kernel/checkpoint/checkpoint.c b/kernel/checkpoint/checkpoint.c
index ccc5367..7a4f1ce 100644
--- a/kernel/checkpoint/checkpoint.c
+++ b/kernel/checkpoint/checkpoint.c
@@ -193,7 +193,18 @@ static int checkpoint_container(struct ckpt_ctx *ctx)
ret = ckpt_write_obj(ctx, &h->h);
ckpt_hdr_put(ctx, h);
- return ret;
+ if (ret < 0)
+ return ret;
+
+ memset(ctx->lsm_name, 0, CHECKPOINT_LSM_NAME_MAX + 1);
+ strlcpy(ctx->lsm_name, security_get_lsm_name(),
+ CHECKPOINT_LSM_NAME_MAX + 1);
+ ret = ckpt_write_buffer(ctx, ctx->lsm_name,
+ CHECKPOINT_LSM_NAME_MAX + 1);
+ if (ret < 0)
+ return ret;
+
+ return security_checkpoint_header(ctx);
}
/* write the checkpoint trailer */
diff --git a/kernel/checkpoint/restart.c b/kernel/checkpoint/restart.c
index 2314f7d..6605597 100644
--- a/kernel/checkpoint/restart.c
+++ b/kernel/checkpoint/restart.c
@@ -659,6 +659,42 @@ static int restore_read_header(struct ckpt_ctx *ctx)
return ret;
}
+/* read the LSM configuration section */
+static int restore_lsm(struct ckpt_ctx *ctx)
+{
+ int ret;
+ char *cur_lsm = security_get_lsm_name();
+
+ ret = _ckpt_read_buffer(ctx, ctx->lsm_name,
+ CHECKPOINT_LSM_NAME_MAX + 1);
+ if (ret < 0) {
+ ckpt_debug("Error %d reading lsm name\n", ret);
+ return ret;
+ }
+
+ if (!(ctx->uflags & RESTART_KEEP_LSM))
+ goto skip_lsm;
+
+ if (strncmp(cur_lsm, ctx->lsm_name, CHECKPOINT_LSM_NAME_MAX + 1) != 0) {
+ ckpt_debug("c/r: checkpointed LSM %s, current is %s.\n",
+ ctx->lsm_name, cur_lsm);
+ return -EPERM;
+ }
+
+ if (strcmp(ctx->lsm_name, "lsm_none") != 0 &&
+ strcmp(ctx->lsm_name, "default") != 0) {
+ ckpt_debug("c/r: RESTART_KEEP_LSM unsupported for %s\n",
+ ctx->lsm_name);
+ return -ENOSYS;
+ }
+
+skip_lsm:
+ ret = security_may_restart(ctx);
+ if (ret < 0)
+ ckpt_debug("security_may_restart returned %d\n", ret);
+ return ret;
+}
+
/* read the container configuration section */
static int restore_container(struct ckpt_ctx *ctx)
{
@@ -670,6 +706,11 @@ static int restore_container(struct ckpt_ctx *ctx)
return PTR_ERR(h);
ckpt_hdr_put(ctx, h);
+ /* read the LSM name and info which follow ("are a part of")
+ * the ckpt_hdr_container */
+ ret = restore_lsm(ctx);
+ if (ret < 0)
+ ckpt_debug("Error %d on LSM configuration\n", ret);
return ret;
}
diff --git a/kernel/checkpoint/sys.c b/kernel/checkpoint/sys.c
index a20ce9f..23073e4 100644
--- a/kernel/checkpoint/sys.c
+++ b/kernel/checkpoint/sys.c
@@ -175,6 +175,28 @@ void *ckpt_hdr_get_type(struct ckpt_ctx *ctx, int len, int type)
}
EXPORT_SYMBOL(ckpt_hdr_get_type);
+#define DUMMY_LSM_INFO "dummy"
+
+int ckpt_write_dummy_lsm_info(struct ckpt_ctx *ctx)
+{
+ return ckpt_write_obj_type(ctx, DUMMY_LSM_INFO,
+ strlen(DUMMY_LSM_INFO), CKPT_HDR_LSM_INFO);
+}
+
+/*
+ * ckpt_snarf_lsm_info
+ * If there is a CKPT_HDR_LSM_INFO field, toss it.
+ * Used when the current LSM doesn't care about this field.
+ */
+void ckpt_snarf_lsm_info(struct ckpt_ctx *ctx)
+{
+ struct ckpt_hdr *h;
+
+ h = ckpt_read_buf_type(ctx, CKPT_LSM_INFO_LEN, CKPT_HDR_LSM_INFO);
+ if (!IS_ERR(h))
+ ckpt_hdr_put(ctx, h);
+}
+
/*
* Helpers to manage c/r contexts: allocated for each checkpoint and/or
* restart operation, and persists until the operation is completed.
diff --git a/security/capability.c b/security/capability.c
index 4875142..72e4c00 100644
--- a/security/capability.c
+++ b/security/capability.c
@@ -852,6 +852,27 @@ static int cap_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
{
return 0;
}
+
+#ifdef CONFIG_CHECKPOINT
+static int cap_may_restart(struct ckpt_ctx *ctx)
+{
+ /*
+ * Note that all construction of kernel resources, credentials,
+ * etc is already authorized per the caller's credentials. This
+ * hook is intended for the LSM to make further decisions about
+ * a task not being allowed to restart at all, for instance if
+ * the policy has changed since checkpoint.
+ */
+ ckpt_snarf_lsm_info(ctx);
+ return 0;
+}
+
+static int cap_checkpoint_header(struct ckpt_ctx *ctx)
+{
+ return ckpt_write_dummy_lsm_info(ctx);
+}
+#endif
+
#ifdef CONFIG_KEYS
static int cap_key_alloc(struct key *key, const struct cred *cred,
unsigned long flags)
@@ -1064,6 +1085,10 @@ void security_fixup_ops(struct security_operations *ops)
set_to_cap_if_null(ops, inode_notifysecctx);
set_to_cap_if_null(ops, inode_setsecctx);
set_to_cap_if_null(ops, inode_getsecctx);
+#ifdef CONFIG_CHECKPOINT
+ set_to_cap_if_null(ops, may_restart);
+ set_to_cap_if_null(ops, checkpoint_header);
+#endif
#ifdef CONFIG_SECURITY_NETWORK
set_to_cap_if_null(ops, unix_stream_connect);
set_to_cap_if_null(ops, unix_may_send);
diff --git a/security/security.c b/security/security.c
index 687c6fd..2d6ca52 100644
--- a/security/security.c
+++ b/security/security.c
@@ -17,6 +17,9 @@
#include <linux/kernel.h>
#include <linux/security.h>
#include <linux/ima.h>
+#ifdef CONFIG_CHECKPOINT
+#include <linux/checkpoint.h>
+#endif
/* Boot-time LSM user choice */
static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1] =
@@ -133,6 +136,11 @@ int register_security(struct security_operations *ops)
return 0;
}
+char *security_get_lsm_name(void)
+{
+ return security_ops->name;
+}
+
/* Security operations */
int security_ptrace_access_check(struct task_struct *child, unsigned int mode)
@@ -1042,6 +1050,24 @@ int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
}
EXPORT_SYMBOL(security_inode_getsecctx);
+#ifdef CONFIG_CHECKPOINT
+int security_may_restart(struct ckpt_ctx *ctx)
+{
+ /*
+ * SECURITY_NAME_MAX is defined in linux/security.h,
+ * CHECKPOINT_LSM_NAME_MAX in linux/checkpoint_hdr.h
+ */
+ BUILD_BUG_ON(CHECKPOINT_LSM_NAME_MAX != SECURITY_NAME_MAX);
+
+ return security_ops->may_restart(ctx);
+}
+
+int security_checkpoint_header(struct ckpt_ctx *ctx)
+{
+ return security_ops->checkpoint_header(ctx);
+}
+#endif
+
#ifdef CONFIG_SECURITY_NETWORK
int security_unix_stream_connect(struct socket *sock, struct socket *other,
--
1.6.3.3
^ permalink raw reply related [flat|nested] 137+ messages in thread* [PATCH v21 090/100] c/r: add generic LSM c/r support (v7)
2010-05-01 14:14 [PATCH v21 00/100] Kernel based checkpoint/restart Oren Laadan
` (88 preceding siblings ...)
2010-05-01 14:16 ` [PATCH v21 089/100] c/r: add lsm name and lsm_info (policy header) to container info Oren Laadan
@ 2010-05-01 14:16 ` Oren Laadan
2010-05-01 14:16 ` [PATCH v21 091/100] c/r: add smack support to lsm c/r (v4) Oren Laadan
` (11 subsequent siblings)
101 siblings, 0 replies; 137+ messages in thread
From: Oren Laadan @ 2010-05-01 14:16 UTC (permalink / raw)
To: Andrew Morton
Cc: containers, linux-kernel, Serge Hallyn, Matt Helsley,
Pavel Emelyanov, linux-security-module, Kentaro Takeda,
David Howells
From: Serge E. Hallyn <serue@us.ibm.com>
Documentation/checkpoint/readme.txt begins:
"""
Application checkpoint/restart is the ability to save the state
of a running application so that it can later resume its execution
from the time at which it was checkpointed.
"""
This patch adds generic support for c/r of LSM credentials. Support
for Smack and SELinux (and TOMOYO if appropriate) will be added later.
Capabilities is already supported through generic creds code.
This patch supports ipc_perm, msg_msg, cred (task) and file ->security
fields. Inodes, superblocks, netif, and xfrm currently are restored
not through sys_restart() but through container creation, and so the
security fields should be done then as well. Network should be added
when network c/r is added.
Briefly, all security fields must be exported by the LSM as a simple
null-terminated string. They are checkpointed through the
security_checkpoint_obj() helper, because we must pass it an extra
sectype field. Splitting SECURITY_OBJ_SEC into one type per object
type would not work because, in Smack, one void* security is used for
all object types. But we must pass the sectype field because in
SELinux a different type of structure is stashed in each object type.
The RESTART_KEEP_LSM flag indicates that the LSM should
attempt to reuse checkpointed security labels. It is always
invalid when the LSM at restart differs from that at checkpoint.
It is currently only usable for capabilities.
(For capabilities, restart without RESTART_KEEP_LSM is technically
not implemented. There actually might be a use case for that,
but the safety of it is dubious so for now we always re-create
checkpointed capability sets whether RESTART_KEEP_LSM is
specified or not)
Changelog[v20]
- Replace __initcall() with late_initcall()
Changelog[v20]
- [Serge Hallyn] Fix unlabeled restore case
- [Serge Hallyn] Always restore msg_msg label
- [Serge Hallyn] Selinux prevents msgrcv on restore message queues?
Changelog:
sep 3: fix memory leak on LSM restore error path
Sep 3: provide 2 hooks, may_restart and checkpoint_header, to facilitate
an LSM tracking policy changes.
sep 10: merge RESTART_KEEP_LSM patch with basic LSM c/r
support patches.
sep 10: rename security_xyz_get_ctx() to security_xyz_checkpoint(),
in order to avoid confusing with the various other 'context'
helpers in the security_ namespace, relating to secids and
sysfs xattrs.
sep 10: pass context file to security_cred_restore. SELinux will
want the file's security context to authorize it as an
entrypoint for the new process context.
oct 01: roll up some generic c/r debug hunks from selinux patch.
oct 05: address set of Oren comments, including:
1. fix memleak in restore_msg_contents_one
2. use a separate container checkpoint image section
3. define SECURITY_CTX_NONE
4. allocate the right size to l in security_checkpoint_obj
5. fix ckpt_hdr_lsm alignment
oct 09: at checkpoint, key on the void*security in the objhash,
and don't cache the ckpt_stored_lsm at all. At restart,
do_restore_security (now moved to security/security.c)
creates and caches the ckpt_stored_lsm.
oct 19: At checkpoint, we insert the void* security into the
objhash. The first time that we do so, we next write out
the string representation of the context to the checkpoint
image, along with the value of the objref for the void*
security, and insert that into the objhash. Then at
restart, when we read a LSM context, we read the objref
which the void* security had at checkpoint, and we then
insert the string context with that objref as well.
oct 19: Address a bunch of Oren comments: add ckpt_write_err()s,
more commenting, use -ENOSYS not -EOPNOTSUPP. The biggest
change is always failing restart when RESTART_KEEP_LSM is
used but one of the security_XYZ_restore() returns -ENOSYS.
oct 20: SECURITY_CTX_NONE becomes 0 (from -1) and security_checkpoint_obj
returns an objref or SECURITY_CTX_NONE on success.
nov 11: update ckpt_write_err->ckpt_err.
Cc: linux-security-module@vger.kernel.org
Cc: Kentaro Takeda <takedakn@nttdata.co.jp>
Cc: David Howells <dhowells@redhat.com>
Signed-off-by: Serge E. Hallyn <serue@us.ibm.com>
Acked-by: Oren Laadan <orenl@cs.columbia.edu>
---
fs/checkpoint.c | 31 ++++-
include/linux/checkpoint.h | 4 +
include/linux/checkpoint_hdr.h | 19 ++
include/linux/checkpoint_types.h | 8 +
include/linux/security.h | 170 +++++++++++++++++++
ipc/checkpoint.c | 26 ++--
ipc/checkpoint_msg.c | 25 +++-
ipc/checkpoint_sem.c | 4 +-
ipc/checkpoint_shm.c | 4 +-
ipc/util.h | 6 +-
kernel/cred.c | 28 +++-
security/capability.c | 48 ++++++
security/security.c | 337 +++++++++++++++++++++++++++++++++++++-
13 files changed, 682 insertions(+), 28 deletions(-)
diff --git a/fs/checkpoint.c b/fs/checkpoint.c
index 61b68da..e036a7a 100644
--- a/fs/checkpoint.c
+++ b/fs/checkpoint.c
@@ -151,6 +151,19 @@ static int scan_fds(struct files_struct *files, int **fdtable)
return n;
}
+#ifdef CONFIG_SECURITY
+int checkpoint_file_security(struct ckpt_ctx *ctx, struct file *file)
+{
+ return security_checkpoint_obj(ctx, file->f_security,
+ CKPT_SECURITY_FILE);
+}
+#else
+int checkpoint_file_security(struct ckpt_ctx *ctx, struct file *file)
+{
+ return SECURITY_CTX_NONE;
+}
+#endif
+
int checkpoint_file_common(struct ckpt_ctx *ctx, struct file *file,
struct ckpt_hdr_file *h)
{
@@ -165,8 +178,14 @@ int checkpoint_file_common(struct ckpt_ctx *ctx, struct file *file,
if (h->f_credref < 0)
return h->f_credref;
- ckpt_debug("file %s credref %d", file->f_dentry->d_name.name,
- h->f_credref);
+ h->f_secref = checkpoint_file_security(ctx, file);
+ if (h->f_secref < 0) {
+ ckpt_err(ctx, h->f_secref, "%(T)file->f_security");
+ return h->f_secref;
+ }
+
+ ckpt_debug("file %s credref %d secref %d\n",
+ file->f_dentry->d_name.name, h->f_credref, h->f_secref);
/* FIX: need also file->f_owner, etc */
@@ -621,6 +640,14 @@ int restore_file_common(struct ckpt_ctx *ctx, struct file *file,
put_cred(file->f_cred);
file->f_cred = get_cred(cred);
+ ret = security_restore_obj(ctx, (void *) file, CKPT_SECURITY_FILE,
+ h->f_secref);
+ if (ret < 0) {
+ ckpt_err(ctx, ret, "file secref %(O)%(P)\n", h->f_secref,
+ file);
+ return ret;
+ }
+
/* safe to set 1st arg (fd) to 0, as command is F_SETFL */
ret = vfs_fcntl(0, F_SETFL, h->f_flags & CKPT_SETFL_MASK, file);
if (ret < 0)
diff --git a/include/linux/checkpoint.h b/include/linux/checkpoint.h
index c56ece7..43d67ce 100644
--- a/include/linux/checkpoint.h
+++ b/include/linux/checkpoint.h
@@ -64,6 +64,7 @@ extern long do_sys_restart(pid_t pid, int fd,
RESTART_CONN_RESET)
#define CKPT_LSM_INFO_LEN 200
+#define CKPT_LSM_STRING_MAX 1024
extern int walk_task_subtree(struct task_struct *task,
int (*func)(struct task_struct *, void *),
@@ -107,6 +108,9 @@ extern int restore_read_page(struct ckpt_ctx *ctx, struct page *page);
extern pid_t ckpt_pid_nr(struct ckpt_ctx *ctx, struct pid *pid);
extern struct pid *_ckpt_find_pgrp(struct ckpt_ctx *ctx, pid_t pgid);
+/* defined in objhash.c and also used in security/security.c */
+extern void lsm_string_free(struct kref *kref);
+
/* socket functions */
extern int ckpt_sock_getnames(struct ckpt_ctx *ctx,
struct socket *socket,
diff --git a/include/linux/checkpoint_hdr.h b/include/linux/checkpoint_hdr.h
index 9bf8eeb..1564726 100644
--- a/include/linux/checkpoint_hdr.h
+++ b/include/linux/checkpoint_hdr.h
@@ -88,6 +88,8 @@ enum {
#define CKPT_HDR_OBJREF CKPT_HDR_OBJREF
CKPT_HDR_LSM_INFO,
#define CKPT_HDR_LSM_INFO CKPT_HDR_LSM_INFO
+ CKPT_HDR_SECURITY,
+#define CKPT_HDR_SECURITY CKPT_HDR_SECURITY
CKPT_HDR_TREE = 101,
#define CKPT_HDR_TREE CKPT_HDR_TREE
@@ -255,6 +257,10 @@ enum obj_type {
#define CKPT_OBJ_SOCK CKPT_OBJ_SOCK
CKPT_OBJ_TTY,
#define CKPT_OBJ_TTY CKPT_OBJ_TTY
+ CKPT_OBJ_SECURITY_PTR,
+#define CKPT_OBJ_SECURITY_PTR CKPT_OBJ_SECURITY_PTR
+ CKPT_OBJ_SECURITY,
+#define CKPT_OBJ_SECURITY CKPT_OBJ_SECURITY
CKPT_OBJ_MAX
#define CKPT_OBJ_MAX CKPT_OBJ_MAX
};
@@ -386,6 +392,7 @@ struct ckpt_hdr_cred {
__u32 gid, sgid, egid, fsgid;
__s32 user_ref;
__s32 groupinfo_ref;
+ __s32 sec_ref;
struct ckpt_capabilities cap_s;
} __attribute__((aligned(8)));
@@ -398,6 +405,15 @@ struct ckpt_hdr_groupinfo {
__u32 groups[0];
} __attribute__((aligned(8)));
+struct ckpt_hdr_lsm {
+ struct ckpt_hdr h;
+ __s32 ptrref;
+ __u8 sectype;
+ /*
+ * This is followed by a string of size len+1,
+ * null-terminated
+ */
+} __attribute__((aligned(8)));
/*
* todo - keyrings and LSM
* These may be better done with userspace help though
@@ -542,6 +558,7 @@ struct ckpt_hdr_file {
__s32 f_credref;
__u64 f_pos;
__u64 f_version;
+ __s32 f_secref;
} __attribute__((aligned(8)));
struct ckpt_hdr_file_generic {
@@ -934,6 +951,7 @@ struct ckpt_hdr_ipc_perms {
__u32 mode;
__u32 _padding;
__u64 seq;
+ __s32 sec_ref;
} __attribute__((aligned(8)));
struct ckpt_hdr_ipc_shm {
@@ -967,6 +985,7 @@ struct ckpt_hdr_ipc_msg_msg {
struct ckpt_hdr h;
__s64 m_type;
__u32 m_ts;
+ __s32 sec_ref;
} __attribute__((aligned(8)));
struct ckpt_hdr_ipc_sem {
diff --git a/include/linux/checkpoint_types.h b/include/linux/checkpoint_types.h
index 955a18c..eb3fdac 100644
--- a/include/linux/checkpoint_types.h
+++ b/include/linux/checkpoint_types.h
@@ -112,6 +112,14 @@ struct ckpt_obj_ops {
};
+/* stored on hashtable */
+struct ckpt_lsm_string {
+ struct kref kref;
+ int sectype; /* Containing object (file,cred,&c) */
+ int ptrref; /* the objref for the void* security */
+ char *string;
+};
+
#endif /* __KERNEL__ */
#endif /* _LINUX_CHECKPOINT_TYPES_H_ */
diff --git a/include/linux/security.h b/include/linux/security.h
index e45bd0f..f641ad4 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -43,6 +43,9 @@
#define SECURITY_CAP_NOAUDIT 0
#define SECURITY_CAP_AUDIT 1
+/* checkpoint 'N/A' in a checkpoint image for a security context */
+#define SECURITY_CTX_NONE 0
+
struct ctl_table;
struct audit_krule;
@@ -606,6 +609,15 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
* created.
* @file contains the file structure to secure.
* Return 0 if the hook is successful and permission is granted.
+ * @file_checkpoint:
+ * Return a string representing the security context on a file.
+ * @security contains the security field.
+ * Returns a char* which the caller will free, or -error on error.
+ * @file_restore:
+ * Set a security context on a file according to the checkpointed context.
+ * @file contains the file.
+ * @ctx contains a string representation of the checkpointed context.
+ * Returns 0 on success, -error on failure.
* @file_free_security:
* Deallocate and free any security structures stored in file->f_security.
* @file contains the file structure being modified.
@@ -690,6 +702,17 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
* @gfp indicates the atomicity of any memory allocations.
* Only allocate sufficient memory and attach to @cred such that
* cred_transfer() will not get ENOMEM.
+ * @cred_checkpoint:
+ * Return a string representing the security context on the task cred.
+ * @security contains the security field.
+ * Returns a char* which the caller will free, or -error on error.
+ * @cred_restore:
+ * Set a security context on a task cred according to the checkpointed
+ * context.
+ * @file contains the checkpoint file
+ * @cred contains the cred.
+ * @ctx contains a string representation of the checkpointed context.
+ * Returns 0 on success, -error on failure.
* @cred_free:
* @cred points to the credentials.
* Deallocate and clear the cred->security field in a set of credentials.
@@ -1166,6 +1189,19 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
* @ipcp contains the kernel IPC permission structure.
* @secid contains a pointer to the location where result will be saved.
* In case of failure, @secid will be set to zero.
+ * @ipc_checkpoint:
+ * Return a string representing the security context on the IPC
+ * permission structure.
+ * @security contains the security field.
+ * Returns a char* which the caller will free, or -error on error.
+ * @ipc_restore:
+ * Set a security context on a IPC permission structure according to
+ * the checkpointed context.
+ * @ipcp contains the IPC permission structure, which will have
+ * already been allocated and initialized when the IPC structure was
+ * created.
+ * @ctx contains a string representation of the checkpointed context.
+ * Returns 0 on success, -error on failure.
*
* Security hooks for individual messages held in System V IPC message queues
* @msg_msg_alloc_security:
@@ -1174,6 +1210,16 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
* created.
* @msg contains the message structure to be modified.
* Return 0 if operation was successful and permission is granted.
+ * @msg_msg_checkpoint:
+ * Return a string representing the security context on an msg_msg
+ * struct.
+ * @security contains the security field
+ * Returns a char* which the caller will free, or -error on error.
+ * @msg_msg_restore:
+ * Set msg_msg->security according to the checkpointed context.
+ * @msg contains the message structure to be modified.
+ * @ctx contains a string representation of the checkpointed context.
+ * Return 0 on success, -error on failure.
* @msg_msg_free_security:
* Deallocate the security structure for this message.
* @msg contains the message structure to be modified.
@@ -1590,6 +1636,8 @@ struct security_operations {
int (*file_permission) (struct file *file, int mask);
int (*file_alloc_security) (struct file *file);
+ char *(*file_checkpoint) (void *security);
+ int (*file_restore) (struct file *file, char *ctx);
void (*file_free_security) (struct file *file);
int (*file_ioctl) (struct file *file, unsigned int cmd,
unsigned long arg);
@@ -1611,6 +1659,10 @@ struct security_operations {
int (*task_create) (unsigned long clone_flags);
int (*cred_alloc_blank) (struct cred *cred, gfp_t gfp);
+
+ char *(*cred_checkpoint) (void *security);
+ int (*cred_restore) (struct file *file, struct cred *cred, char *ctx);
+
void (*cred_free) (struct cred *cred);
int (*cred_prepare)(struct cred *new, const struct cred *old,
gfp_t gfp);
@@ -1646,8 +1698,12 @@ struct security_operations {
int (*ipc_permission) (struct kern_ipc_perm *ipcp, short flag);
void (*ipc_getsecid) (struct kern_ipc_perm *ipcp, u32 *secid);
+ char *(*ipc_checkpoint) (void *security);
+ int (*ipc_restore) (struct kern_ipc_perm *ipcp, char *ctx);
int (*msg_msg_alloc_security) (struct msg_msg *msg);
+ char *(*msg_msg_checkpoint) (void *security);
+ int (*msg_msg_restore) (struct msg_msg *msg, char *ctx);
void (*msg_msg_free_security) (struct msg_msg *msg);
int (*msg_queue_alloc_security) (struct msg_queue *msq);
@@ -1866,6 +1922,8 @@ int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer
void security_inode_getsecid(const struct inode *inode, u32 *secid);
int security_file_permission(struct file *file, int mask);
int security_file_alloc(struct file *file);
+char *security_file_checkpoint(void *security);
+int security_file_restore(struct file *file, char *ctx);
void security_file_free(struct file *file);
int security_file_ioctl(struct file *file, unsigned int cmd, unsigned long arg);
int security_file_mmap(struct file *file, unsigned long reqprot,
@@ -1882,6 +1940,8 @@ int security_file_receive(struct file *file);
int security_dentry_open(struct file *file, const struct cred *cred);
int security_task_create(unsigned long clone_flags);
int security_cred_alloc_blank(struct cred *cred, gfp_t gfp);
+char *security_cred_checkpoint(void *security);
+int security_cred_restore(struct file *file, struct cred *cred, char *ctx);
void security_cred_free(struct cred *cred);
int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp);
void security_commit_creds(struct cred *new, const struct cred *old);
@@ -1914,7 +1974,11 @@ int security_task_prctl(int option, unsigned long arg2, unsigned long arg3,
void security_task_to_inode(struct task_struct *p, struct inode *inode);
int security_ipc_permission(struct kern_ipc_perm *ipcp, short flag);
void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid);
+char *security_ipc_checkpoint(void *security);
+int security_ipc_restore(struct kern_ipc_perm *ipcp, char *ctx);
int security_msg_msg_alloc(struct msg_msg *msg);
+char *security_msg_msg_checkpoint(void *security);
+int security_msg_msg_restore(struct msg_msg *msg, char *ctx);
void security_msg_msg_free(struct msg_msg *msg);
int security_msg_queue_alloc(struct msg_queue *msq);
void security_msg_queue_free(struct msg_queue *msq);
@@ -2367,6 +2431,19 @@ static inline int security_file_alloc(struct file *file)
return 0;
}
+static inline char *security_file_checkpoint(void *security)
+{
+ /* this shouldn't ever get called if SECURITY=n */
+ return ERR_PTR(-EINVAL);
+}
+
+static inline int security_file_restore(struct file *file, char *ctx)
+{
+ /* we're asked to recreate security contexts for an LSM which had
+ * contexts, but CONFIG_SECURITY=n now! */
+ return -EINVAL;
+}
+
static inline void security_file_free(struct file *file)
{ }
@@ -2436,6 +2513,20 @@ static inline int security_cred_alloc_blank(struct cred *cred, gfp_t gfp)
return 0;
}
+static inline char *security_cred_checkpoint(void *security)
+{
+ /* this shouldn't ever get called if SECURITY=n */
+ return ERR_PTR(-EINVAL);
+}
+
+static inline int security_cred_restore(struct file *file, struct cred *cred,
+ char *ctx)
+{
+ /* we're asked to recreate security contexts for an LSM which had
+ * contexts, but CONFIG_SECURITY=n now! */
+ return -EINVAL;
+}
+
static inline void security_cred_free(struct cred *cred)
{ }
@@ -2588,11 +2679,37 @@ static inline void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid)
*secid = 0;
}
+static inline char *security_ipc_checkpoint(void *security)
+{
+ /* this shouldn't ever get called if SECURITY=n */
+ return ERR_PTR(-EINVAL);
+}
+
+static inline int security_ipc_restore(struct kern_ipc_perm *ipcp, char *ctx)
+{
+ /* we're asked to recreate security contexts for an LSM which had
+ * contexts, but CONFIG_SECURITY=n now! */
+ return -EINVAL;
+}
+
static inline int security_msg_msg_alloc(struct msg_msg *msg)
{
return 0;
}
+static inline char *security_msg_msg_checkpoint(void *security)
+{
+ /* this shouldn't ever get called if SECURITY=n */
+ return ERR_PTR(-EINVAL);
+}
+
+static inline int security_msg_msg_restore(struct msg_msg *msg, char *ctx)
+{
+ /* we're asked to recreate security contexts for an LSM which had
+ * contexts, but CONFIG_SECURITY=n now! */
+ return -EINVAL;
+}
+
static inline void security_msg_msg_free(struct msg_msg *msg)
{ }
@@ -3251,5 +3368,58 @@ static inline void free_secdata(void *secdata)
{ }
#endif /* CONFIG_SECURITY */
+#ifdef CONFIG_CHECKPOINT
+#define CKPT_SECURITY_MSG_MSG 1
+#define CKPT_SECURITY_IPC 2
+#define CKPT_SECURITY_FILE 3
+#define CKPT_SECURITY_CRED 4
+#define CKPT_SECURITY_MAX 4
+
+#ifdef CONFIG_SECURITY
+/*
+ * @security_checkpoint_obj:
+ * Checkpoint a LSM security context. The context is written out
+ * as a string. A positive integer objref uniquely representing the
+ * security context in this checkpoint image will be returned.
+ * If the security context has already been written out, then the
+ * objref of that already written-out context will be used.
+ * @ctx: the checkpoint context.
+ * @security: the void*security being checkpointed.
+ * @sectype: represents the type of object which contained the
+ * void *security.
+ * Return 0 or a valid objref on success, or -error on error.
+ */
+int security_checkpoint_obj(struct ckpt_ctx *ctx, void *security, int sectype);
+/*
+ * @security_restore_obj:
+ * Re-create a checkpointed LSM security context. The LSM will decide
+ * based upon the string representation which actual security context
+ * to assign.
+ * @ctx: the checkpoint context.
+ * @obj: The object containing the security context to be restored (cast
+ * to a void *).
+ * @sectype: represents the type of object which contained the
+ * void *security.
+ * @secref: an integer objref for the string representation of the
+ * security context to be restored.
+ * Return 0 on success, or -error on error.
+ */
+int security_restore_obj(struct ckpt_ctx *ctx, void *obj,
+ int sectype, int secref);
+#else
+static inline int security_checkpoint_obj(struct ckpt_ctx *ctx, void *security,
+ int sectype)
+{
+ return SECURITY_CTX_NONE;
+}
+static inline int security_restore_obj(struct ckpt_ctx *ctx, void *obj,
+ int sectype, int secref)
+{
+ return 0;
+}
+#endif /* CONFIG_SECURITY */
+
+#endif /* CONFIG_CHECKPOINT */
+
#endif /* ! __LINUX_SECURITY_H */
diff --git a/ipc/checkpoint.c b/ipc/checkpoint.c
index fa40e01..2ebd306 100644
--- a/ipc/checkpoint.c
+++ b/ipc/checkpoint.c
@@ -45,7 +45,8 @@ static char *ipc_ind_to_str[] = { "sem", "msg", "shm" };
* (c) The security context perm->security also may only change when the
* mutex is taken.
*/
-int checkpoint_fill_ipc_perms(struct ckpt_hdr_ipc_perms *h,
+int checkpoint_fill_ipc_perms(struct ckpt_ctx *ctx,
+ struct ckpt_hdr_ipc_perms *h,
struct kern_ipc_perm *perm)
{
if (ipcperms(perm, S_IROTH))
@@ -60,6 +61,13 @@ int checkpoint_fill_ipc_perms(struct ckpt_hdr_ipc_perms *h,
h->mode = perm->mode & S_IRWXUGO;
h->seq = perm->seq;
+ h->sec_ref = security_checkpoint_obj(ctx, perm->security,
+ CKPT_SECURITY_IPC);
+ if (h->sec_ref < 0) {
+ ckpt_err(ctx, h->sec_ref, "%(T)ipc_perm->security\n");
+ return h->sec_ref;
+ }
+
return 0;
}
@@ -196,7 +204,8 @@ static int validate_created_perms(struct ckpt_hdr_ipc_perms *h)
* ipc-ns, only accessible to us, so there will be no attempt for
* access validation while we restore the state (by other tasks).
*/
-int restore_load_ipc_perms(struct ckpt_hdr_ipc_perms *h,
+int restore_load_ipc_perms(struct ckpt_ctx *ctx,
+ struct ckpt_hdr_ipc_perms *h,
struct kern_ipc_perm *perm)
{
if (h->id < 0)
@@ -222,16 +231,9 @@ int restore_load_ipc_perms(struct ckpt_hdr_ipc_perms *h,
perm->cgid = h->cgid;
perm->mode = h->mode;
- /*
- * Todo: restore perm->security.
- * At the moment it gets set by security_x_alloc() called through
- * ipcget()->ipcget_public()->ops-.getnew (->nequeue for instance)
- * We will want to ask the LSM to consider resetting the
- * checkpointed ->security, based on current_security(),
- * the checkpointed ->security, and the checkpoint file context.
- */
-
- return 0;
+ return security_restore_obj(ctx, (void *)perm,
+ CKPT_SECURITY_IPC,
+ h->sec_ref);
}
static int restore_ipc_any(struct ckpt_ctx *ctx, struct ipc_namespace *ipc_ns,
diff --git a/ipc/checkpoint_msg.c b/ipc/checkpoint_msg.c
index fba12e1..9204cd2 100644
--- a/ipc/checkpoint_msg.c
+++ b/ipc/checkpoint_msg.c
@@ -35,7 +35,7 @@ static int fill_ipc_msg_hdr(struct ckpt_ctx *ctx,
{
int ret;
- ret = checkpoint_fill_ipc_perms(&h->perms, &msq->q_perm);
+ ret = checkpoint_fill_ipc_perms(ctx, &h->perms, &msq->q_perm);
if (ret < 0)
return ret;
@@ -61,14 +61,21 @@ static int checkpoint_msg_contents(struct ckpt_ctx *ctx, struct msg_msg *msg)
struct ckpt_hdr_ipc_msg_msg *h;
struct msg_msgseg *seg;
int total, len;
- int ret;
+ int secref, ret;
+ secref = security_checkpoint_obj(ctx, msg->security,
+ CKPT_SECURITY_MSG_MSG);
+ if (secref < 0) {
+ ckpt_err(ctx, secref, "%(T)msg_msg->security");
+ return secref;
+ }
h = ckpt_hdr_get_type(ctx, sizeof(*h), CKPT_HDR_IPC_MSG_MSG);
if (!h)
return -ENOMEM;
h->m_type = msg->m_type;
h->m_ts = msg->m_ts;
+ h->sec_ref = secref;
ret = ckpt_write_obj(ctx, &h->h);
ckpt_hdr_put(ctx, h);
@@ -177,7 +184,7 @@ static int load_ipc_msg_hdr(struct ckpt_ctx *ctx,
{
int ret = 0;
- ret = restore_load_ipc_perms(&h->perms, &msq->q_perm);
+ ret = restore_load_ipc_perms(ctx, &h->perms, &msq->q_perm);
if (ret < 0)
return ret;
@@ -224,6 +231,17 @@ static struct msg_msg *restore_msg_contents_one(struct ckpt_ctx *ctx, int *clen)
msg->next = NULL;
pseg = &msg->next;
+ /* set default MAC attributes */
+ ret = security_msg_msg_alloc(msg);
+ if (ret < 0)
+ goto out;
+
+ /* if requested and allowed, reset checkpointed MAC attributes */
+ ret = security_restore_obj(ctx, (void *) msg, CKPT_SECURITY_MSG_MSG,
+ h->sec_ref);
+ if (ret < 0)
+ goto out;
+
ret = _ckpt_read_buffer(ctx, (msg + 1), len);
if (ret < 0)
goto out;
@@ -249,7 +267,6 @@ static struct msg_msg *restore_msg_contents_one(struct ckpt_ctx *ctx, int *clen)
msg->m_type = h->m_type;
msg->m_ts = h->m_ts;
*clen = h->m_ts;
- ret = security_msg_msg_alloc(msg);
out:
if (ret < 0 && msg) {
free_msg(msg);
diff --git a/ipc/checkpoint_sem.c b/ipc/checkpoint_sem.c
index cfd6f96..ab1830e 100644
--- a/ipc/checkpoint_sem.c
+++ b/ipc/checkpoint_sem.c
@@ -36,7 +36,7 @@ static int fill_ipc_sem_hdr(struct ckpt_ctx *ctx,
{
int ret = 0;
- ret = checkpoint_fill_ipc_perms(&h->perms, &sem->sem_perm);
+ ret = checkpoint_fill_ipc_perms(ctx, &h->perms, &sem->sem_perm);
if (ret < 0)
return ret;
@@ -114,7 +114,7 @@ static int load_ipc_sem_hdr(struct ckpt_ctx *ctx,
{
int ret = 0;
- ret = restore_load_ipc_perms(&h->perms, &sem->sem_perm);
+ ret = restore_load_ipc_perms(ctx, &h->perms, &sem->sem_perm);
if (ret < 0)
return ret;
diff --git a/ipc/checkpoint_shm.c b/ipc/checkpoint_shm.c
index 0e8a140..c8247ce 100644
--- a/ipc/checkpoint_shm.c
+++ b/ipc/checkpoint_shm.c
@@ -39,7 +39,7 @@ static int fill_ipc_shm_hdr(struct ckpt_ctx *ctx,
{
int ret = 0;
- ret = checkpoint_fill_ipc_perms(&h->perms, &shp->shm_perm);
+ ret = checkpoint_fill_ipc_perms(ctx, &h->perms, &shp->shm_perm);
if (ret < 0)
return ret;
@@ -176,7 +176,7 @@ static int load_ipc_shm_hdr(struct ckpt_ctx *ctx,
{
int ret;
- ret = restore_load_ipc_perms(&h->perms, &shp->shm_perm);
+ ret = restore_load_ipc_perms(ctx, &h->perms, &shp->shm_perm);
if (ret < 0)
return ret;
diff --git a/ipc/util.h b/ipc/util.h
index ba080de..ce34de0 100644
--- a/ipc/util.h
+++ b/ipc/util.h
@@ -199,9 +199,11 @@ void freeary(struct ipc_namespace *ns, struct kern_ipc_perm *ipcp);
#ifdef CONFIG_CHECKPOINT
-extern int checkpoint_fill_ipc_perms(struct ckpt_hdr_ipc_perms *h,
+extern int checkpoint_fill_ipc_perms(struct ckpt_ctx *ctx,
+ struct ckpt_hdr_ipc_perms *h,
struct kern_ipc_perm *perm);
-extern int restore_load_ipc_perms(struct ckpt_hdr_ipc_perms *h,
+extern int restore_load_ipc_perms(struct ckpt_ctx *ctx,
+ struct ckpt_hdr_ipc_perms *h,
struct kern_ipc_perm *perm);
extern int ckpt_collect_ipc_shm(int id, void *p, void *data);
diff --git a/kernel/cred.c b/kernel/cred.c
index a8013c8..1bee37d 100644
--- a/kernel/cred.c
+++ b/kernel/cred.c
@@ -1012,11 +1012,23 @@ int cred_setfsgid(struct cred *new, gid_t gid, gid_t *old_fsgid)
}
#ifdef CONFIG_CHECKPOINT
+#ifdef CONFIG_SECURITY
+int checkpoint_cred_security(struct ckpt_ctx *ctx, struct cred *cred)
+{
+ return security_checkpoint_obj(ctx, cred->security, CKPT_SECURITY_CRED);
+}
+#else
+int checkpoint_cred_security(struct ckpt_ctx *ctx, struct cred *cred)
+{
+ return SECURITY_CTX_NONE;
+}
+#endif
+
static int checkpoint_cred(struct ckpt_ctx *ctx, void *ptr)
{
struct cred *cred = ptr;
struct ckpt_hdr_cred *h;
- int groupinfo_ref, user_ref;
+ int groupinfo_ref, user_ref, secref;
int ret;
groupinfo_ref = checkpoint_obj(ctx, cred->group_info,
@@ -1026,13 +1038,18 @@ static int checkpoint_cred(struct ckpt_ctx *ctx, void *ptr)
user_ref = checkpoint_obj(ctx, cred->user, CKPT_OBJ_USER);
if (user_ref < 0)
return user_ref;
+ secref = checkpoint_cred_security(ctx, cred);
+ if (secref < 0) {
+ ckpt_err(ctx, secref, "%(T)cred->security");
+ return secref;
+ }
h = ckpt_hdr_get_type(ctx, sizeof(*h), CKPT_HDR_CRED);
if (!h)
return -ENOMEM;
- ckpt_debug("cred uid %d fsuid %d gid %d\n", cred->uid, cred->fsuid,
- cred->gid);
+ ckpt_debug("cred uid %d fsuid %d gid %d secref %d\n", cred->uid,
+ cred->fsuid, cred->gid, secref);
h->uid = cred->uid;
h->suid = cred->suid;
@@ -1043,6 +1060,7 @@ static int checkpoint_cred(struct ckpt_ctx *ctx, void *ptr)
h->sgid = cred->sgid;
h->egid = cred->egid;
h->fsgid = cred->fsgid;
+ h->sec_ref = secref;
checkpoint_capabilities(&h->cap_s, cred);
@@ -1111,6 +1129,10 @@ static void *restore_cred(struct ckpt_ctx *ctx)
ret = cred_setfsgid(cred, h->fsgid, &oldgid);
if (oldgid != h->fsgid && ret < 0)
goto err_putcred;
+ ret = security_restore_obj(ctx, (void *) cred, CKPT_SECURITY_CRED,
+ h->sec_ref);
+ if (ret)
+ goto err_putcred;
ret = restore_capabilities(&h->cap_s, cred);
if (ret)
goto err_putcred;
diff --git a/security/capability.c b/security/capability.c
index 72e4c00..8165a30 100644
--- a/security/capability.c
+++ b/security/capability.c
@@ -331,6 +331,16 @@ static int cap_file_permission(struct file *file, int mask)
return 0;
}
+static inline char *cap_file_checkpoint(void *security)
+{
+ return ERR_PTR(-ENOSYS);
+}
+
+static int cap_file_restore(struct file *file, char *ctx)
+{
+ return -ENOSYS;
+}
+
static int cap_file_alloc_security(struct file *file)
{
return 0;
@@ -394,6 +404,16 @@ static int cap_cred_alloc_blank(struct cred *cred, gfp_t gfp)
return 0;
}
+static char *cap_cred_checkpoint(void *security)
+{
+ return ERR_PTR(-ENOSYS);
+}
+
+static int cap_cred_restore(struct file *file, struct cred *cred, char *ctx)
+{
+ return -ENOSYS;
+}
+
static void cap_cred_free(struct cred *cred)
{
}
@@ -506,11 +526,31 @@ static void cap_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid)
*secid = 0;
}
+static char *cap_ipc_checkpoint(void *security)
+{
+ return ERR_PTR(-ENOSYS);
+}
+
+static int cap_ipc_restore(struct kern_ipc_perm *ipcp, char *ctx)
+{
+ return -ENOSYS;
+}
+
static int cap_msg_msg_alloc_security(struct msg_msg *msg)
{
return 0;
}
+static inline char *cap_msg_msg_checkpoint(void *security)
+{
+ return ERR_PTR(-ENOSYS);
+}
+
+static int cap_msg_msg_restore(struct msg_msg *msg, char *ctx)
+{
+ return -ENOSYS;
+}
+
static void cap_msg_msg_free_security(struct msg_msg *msg)
{
}
@@ -1015,6 +1055,8 @@ void security_fixup_ops(struct security_operations *ops)
set_to_cap_if_null(ops, path_chroot);
#endif
set_to_cap_if_null(ops, file_permission);
+ set_to_cap_if_null(ops, file_checkpoint);
+ set_to_cap_if_null(ops, file_restore);
set_to_cap_if_null(ops, file_alloc_security);
set_to_cap_if_null(ops, file_free_security);
set_to_cap_if_null(ops, file_ioctl);
@@ -1028,6 +1070,8 @@ void security_fixup_ops(struct security_operations *ops)
set_to_cap_if_null(ops, dentry_open);
set_to_cap_if_null(ops, task_create);
set_to_cap_if_null(ops, cred_alloc_blank);
+ set_to_cap_if_null(ops, cred_checkpoint);
+ set_to_cap_if_null(ops, cred_restore);
set_to_cap_if_null(ops, cred_free);
set_to_cap_if_null(ops, cred_prepare);
set_to_cap_if_null(ops, cred_commit);
@@ -1056,7 +1100,11 @@ void security_fixup_ops(struct security_operations *ops)
set_to_cap_if_null(ops, task_to_inode);
set_to_cap_if_null(ops, ipc_permission);
set_to_cap_if_null(ops, ipc_getsecid);
+ set_to_cap_if_null(ops, ipc_checkpoint);
+ set_to_cap_if_null(ops, ipc_restore);
set_to_cap_if_null(ops, msg_msg_alloc_security);
+ set_to_cap_if_null(ops, msg_msg_checkpoint);
+ set_to_cap_if_null(ops, msg_msg_restore);
set_to_cap_if_null(ops, msg_msg_free_security);
set_to_cap_if_null(ops, msg_queue_alloc_security);
set_to_cap_if_null(ops, msg_queue_free_security);
diff --git a/security/security.c b/security/security.c
index 2d6ca52..d807ab7 100644
--- a/security/security.c
+++ b/security/security.c
@@ -678,6 +678,16 @@ int security_file_alloc(struct file *file)
return security_ops->file_alloc_security(file);
}
+char *security_file_checkpoint(void *security)
+{
+ return security_ops->file_checkpoint(security);
+}
+
+int security_file_restore(struct file *file, char *ctx)
+{
+ return security_ops->file_restore(file, ctx);
+}
+
void security_file_free(struct file *file)
{
security_ops->file_free_security(file);
@@ -747,6 +757,16 @@ int security_cred_alloc_blank(struct cred *cred, gfp_t gfp)
return security_ops->cred_alloc_blank(cred, gfp);
}
+char *security_cred_checkpoint(void *security)
+{
+ return security_ops->cred_checkpoint(security);
+}
+
+int security_cred_restore(struct file *file, struct cred *cred, char *ctx)
+{
+ return security_ops->cred_restore(file, cred, ctx);
+}
+
void security_cred_free(struct cred *cred)
{
security_ops->cred_free(cred);
@@ -892,11 +912,31 @@ void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid)
security_ops->ipc_getsecid(ipcp, secid);
}
+char *security_ipc_checkpoint(void *security)
+{
+ return security_ops->ipc_checkpoint(security);
+}
+
+int security_ipc_restore(struct kern_ipc_perm *ipcp, char *ctx)
+{
+ return security_ops->ipc_restore(ipcp, ctx);
+}
+
int security_msg_msg_alloc(struct msg_msg *msg)
{
return security_ops->msg_msg_alloc_security(msg);
}
+char *security_msg_msg_checkpoint(void *security)
+{
+ return security_ops->msg_msg_checkpoint(security);
+}
+
+int security_msg_msg_restore(struct msg_msg *msg, char *ctx)
+{
+ return security_ops->msg_msg_restore(msg, ctx);
+}
+
void security_msg_msg_free(struct msg_msg *msg)
{
security_ops->msg_msg_free_security(msg);
@@ -1066,7 +1106,149 @@ int security_checkpoint_header(struct ckpt_ctx *ctx)
{
return security_ops->checkpoint_header(ctx);
}
-#endif
+
+/*
+ * checkpoint a security context string. This is done by
+ * security/security.c:security_checkpoint_obj() when it checkpoints
+ * a void*security whose context string has not yet been written out.
+ * The objref for the void*security (which is not itself written out
+ * to the checkpoint image) is stored alongside the context string,
+ * as is the type of object which contained the void* security, i.e.
+ * struct file, struct cred, etc.
+ */
+static int checkpoint_lsm_string(struct ckpt_ctx *ctx, void *ptr)
+{
+ struct ckpt_hdr_lsm *h;
+ struct ckpt_lsm_string *l = ptr;
+ int ret;
+
+ h = ckpt_hdr_get_type(ctx, sizeof(*h), CKPT_HDR_SECURITY);
+ if (!h)
+ return -ENOMEM;
+ h->sectype = l->sectype;
+ h->ptrref = l->ptrref;
+ ret = ckpt_write_obj(ctx, &h->h);
+ ckpt_hdr_put(ctx, h);
+
+ if (ret < 0)
+ return ret;
+ return ckpt_write_string(ctx, l->string, strlen(l->string)+1);
+}
+
+/*
+ * callback invoked when a security context string is found in a
+ * checkpoint image at restart. The context string is saved in the object
+ * hash. The objref under which the void* security was inserted in the
+ * objhash at checkpoint is also found here, and we re-insert this context
+ * string a second time under that objref. This is because objects which
+ * had this context will have the objref of the void*security, not of the
+ * context string.
+ */
+static struct ckpt_lsm_string *restore_lsm_string(struct ckpt_ctx *ctx)
+{
+ struct ckpt_hdr_lsm *h;
+ struct ckpt_lsm_string *l;
+
+ h = ckpt_read_obj_type(ctx, sizeof(*h), CKPT_HDR_SECURITY);
+ if (IS_ERR(h)) {
+ ckpt_debug("ckpt_read_obj_type returned %ld\n", PTR_ERR(h));
+ return ERR_PTR(PTR_ERR(h));
+ }
+
+ l = kzalloc(sizeof(*l), GFP_KERNEL);
+ if (!l) {
+ l = ERR_PTR(-ENOMEM);
+ goto out;
+ }
+ l->string = ckpt_read_string(ctx, CKPT_LSM_STRING_MAX);
+ if (IS_ERR(l->string)) {
+ void *s = l->string;
+ ckpt_debug("ckpt_read_string returned %ld\n", PTR_ERR(s));
+ kfree(l);
+ l = s;
+ goto out;
+ }
+ kref_init(&l->kref);
+ l->sectype = h->sectype;
+ /* l is just a placeholder, don't grab a ref */
+ ckpt_obj_insert(ctx, l, h->ptrref, CKPT_OBJ_SECURITY);
+
+out:
+ ckpt_hdr_put(ctx, h);
+ return l;
+}
+
+void lsm_string_free(struct kref *kref)
+{
+ struct ckpt_lsm_string *s = container_of(kref, struct ckpt_lsm_string,
+ kref);
+ kfree(s->string);
+ kfree(s);
+}
+
+static int lsm_string_grab(void *ptr)
+{
+ struct ckpt_lsm_string *s = ptr;
+ kref_get(&s->kref);
+ return 0;
+}
+
+static void lsm_string_drop(void *ptr, int lastref)
+{
+ struct ckpt_lsm_string *s = ptr;
+ kref_put(&s->kref, lsm_string_free);
+}
+
+static void *restore_lsm_string_wrap(struct ckpt_ctx *ctx)
+{
+ return (void *)restore_lsm_string(ctx);
+}
+
+/* lsm security ptr object */
+static const struct ckpt_obj_ops ckpt_obj_security_ptr_ops = {
+ /*
+ * LSM void *security on objhash - at checkpoint
+ * We don't take a ref because we won't be doing
+ * anything more with this void* - unless we happen
+ * to run into it again through some other objects's
+ * ->security (in which case that object has it pinned).
+ */
+ .obj_name = "SECURITY PTR",
+ .obj_type = CKPT_OBJ_SECURITY_PTR,
+};
+
+/* lsm security string object */
+static const struct ckpt_obj_ops ckpt_obj_security_str_ops = {
+ /*
+ * LSM security strings - at restart
+ * This is a struct which we malloc during restart and
+ * must be freed (by objhash cleanup) at the end of
+ * restart
+ */
+ .obj_name = "SECURITY STRING",
+ .obj_type = CKPT_OBJ_SECURITY,
+ .ref_grab = lsm_string_grab,
+ .ref_drop = lsm_string_drop,
+ .checkpoint = checkpoint_lsm_string,
+ .restore = restore_lsm_string_wrap,
+};
+
+static int checkpoint_register_security(void)
+{
+ int ret;
+
+ ret = register_checkpoint_obj(&ckpt_obj_security_ptr_ops);
+ if (ret < 0)
+ return ret;
+ ret = register_checkpoint_obj(&ckpt_obj_security_str_ops);
+ if (ret < 0)
+ return ret;
+ return 0;
+}
+
+late_initcall(checkpoint_register_security);
+#endif /* CONFIG_CHECKPOINT */
+
#ifdef CONFIG_SECURITY_NETWORK
@@ -1378,3 +1560,156 @@ int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule,
}
#endif /* CONFIG_AUDIT */
+
+#ifdef CONFIG_CHECKPOINT
+
+/**
+ * security_checkpoint_obj - called during application checkpoint to
+ * record the security context of objects.
+ *
+ * First we add the void*security address to the objhash as a type
+ * CKPT_OBJ_SECURITY_PTR. This records the fact that we've seen this
+ * context. If we've seen the context before, then we simply place the
+ * recorded objref in *secref and return success.
+
+ * If this is the first time we've seen this context for this checkpoint
+ * image, then we
+ * 1. ask the LSM for a string representation of the context
+ * 2. create a struct ckpt_lsm_string pointing to the string and to the
+ * objref which we got for the void*security in the objhash.
+ * 3. write that out to the checkpoint image as a CKPT_OBJ_SECURITY. it
+ * will be freed when the objhash is cleared.
+ *
+ * Returns 0 or a valid objref on success, or -error on error.
+ *
+ * This is only used at checkpoint of course.
+ */
+int security_checkpoint_obj(struct ckpt_ctx *ctx, void *security, int sectype)
+{
+ int new, ret = -ENOMEM;
+ char *str;
+ struct ckpt_lsm_string *l;
+ int secref;
+
+ if (!security)
+ return SECURITY_CTX_NONE;
+
+ secref = ckpt_obj_lookup_add(ctx, security, CKPT_OBJ_SECURITY_PTR,
+ &new);
+ if (!new)
+ return secref;
+
+ /*
+ * Ask the LSM for a string representation
+ */
+ switch (sectype) {
+ case CKPT_SECURITY_MSG_MSG:
+ str = security_msg_msg_checkpoint(security);
+ break;
+ case CKPT_SECURITY_IPC:
+ str = security_ipc_checkpoint(security);
+ break;
+ case CKPT_SECURITY_FILE:
+ str = security_file_checkpoint(security);
+ break;
+ case CKPT_SECURITY_CRED:
+ str = security_cred_checkpoint(security);
+ break;
+ default:
+ str = ERR_PTR(-EINVAL);
+ break;
+ }
+
+ if (IS_ERR(str)) {
+ if (PTR_ERR(str) == -ENOSYS)
+ return SECURITY_CTX_NONE;
+ return PTR_ERR(str);
+ }
+
+ l = kzalloc(sizeof(*l), GFP_KERNEL);
+ if (!l) {
+ kfree(str);
+ return -ENOMEM;
+ }
+ l->ptrref = secref;
+ l->sectype = sectype;
+ l->string = str;
+ kref_init(&l->kref);
+ ret = checkpoint_obj(ctx, l, CKPT_OBJ_SECURITY);
+ kref_put(&l->kref, lsm_string_free);
+ if (ret < 0)
+ return ret;
+
+ return secref;
+}
+
+/*
+ * Choose a security context for an object being restored during
+ * application restart. @v is an object (file, cred, etc) containing
+ * a security context and being re-created. It has been type-cast
+ * to a void*. @sectype tells us what sort of object v is. @secref
+ * is the objhash id representing the security context.
+ *
+ * If sys_restart() was called without the RESTART_KEEP_LSM flag,
+ * then default security contexts will be assigned to the re-created
+ * object (in fact, they already have by this point). Otherwise, the
+ * LSM is expected to use the string context representation to assign
+ * the same security context to this object (if allowed).
+ *
+ * At checkpoint time, @secref was the objref for the void*security
+ * (which was not written to disk). The
+ * checkpoint/objhash.c:restore_lsm_string() function should, before we
+ * get here, have read the context string in the checkpoint image, and
+ * inserted a second copy of the struct ckpt_lsm_string on the objhash,
+ * with this objref.
+ *
+ * Returns 0 on success, -error on error.
+ */
+int security_restore_obj(struct ckpt_ctx *ctx, void *v, int sectype,
+ int secref)
+{
+ struct ckpt_lsm_string *l;
+ int ret;
+
+ /* return if caller didn't want to restore checkpointed labels */
+ if (!(ctx->uflags & RESTART_KEEP_LSM))
+ /* though msg_msg label must always be restored */
+ if (sectype != CKPT_SECURITY_MSG_MSG)
+ return 0;
+
+ /* return if checkpointed label was "Not Applicable" */
+ if (secref == SECURITY_CTX_NONE)
+ return 0;
+
+ l = ckpt_obj_fetch(ctx, secref, CKPT_OBJ_SECURITY);
+ if (IS_ERR(l))
+ return PTR_ERR(l);
+
+ /* Ask the LSM to apply a void*security to the object
+ * based on the checkpointed context string */
+ switch (sectype) {
+ case CKPT_SECURITY_IPC:
+ ret = security_ipc_restore((struct kern_ipc_perm *) v,
+ l->string);
+ break;
+ case CKPT_SECURITY_MSG_MSG:
+ ret = security_msg_msg_restore((struct msg_msg *) v,
+ l->string);
+ break;
+ case CKPT_SECURITY_FILE:
+ ret = security_file_restore((struct file *) v, l->string);
+ break;
+ case CKPT_SECURITY_CRED:
+ ret = security_cred_restore(ctx->file, (struct cred *) v,
+ l->string);
+ break;
+ default:
+ ret = -EINVAL;
+ }
+ if (ret)
+ ckpt_err(ctx, ret, "%(O)sectype %d lsm restore hook error\n",
+ secref, sectype);
+
+ return ret;
+}
+#endif
--
1.6.3.3
^ permalink raw reply related [flat|nested] 137+ messages in thread* [PATCH v21 091/100] c/r: add smack support to lsm c/r (v4)
2010-05-01 14:14 [PATCH v21 00/100] Kernel based checkpoint/restart Oren Laadan
` (89 preceding siblings ...)
2010-05-01 14:16 ` [PATCH v21 090/100] c/r: add generic LSM c/r support (v7) Oren Laadan
@ 2010-05-01 14:16 ` Oren Laadan
2010-05-01 14:16 ` [PATCH v21 092/100] c/r: add selinux support (v6) Oren Laadan
` (10 subsequent siblings)
101 siblings, 0 replies; 137+ messages in thread
From: Oren Laadan @ 2010-05-01 14:16 UTC (permalink / raw)
To: Andrew Morton
Cc: containers, linux-kernel, Serge Hallyn, Matt Helsley,
Pavel Emelyanov, linux-security-module, Kentaro Takeda,
David Howells
From: Serge E. Hallyn <serue@us.ibm.com>
Documentation/checkpoint/readme.txt begins:
"""
Application checkpoint/restart is the ability to save the state
of a running application so that it can later resume its execution
from the time at which it was checkpointed.
"""
This patch implements checkpoint and restore of Smack security
labels. The rules are the same as in previous versions:
1. when objects are created during restore() they are
automatically labeled with current_security().
2. if there was a label checkpointed with the object,
and that label != current_security() (which is the
same as obj->security), then the object is relabeled
if the sys_restart() caller has CAP_MAC_ADMIN.
Otherwise we return -EPERM.
This has been tested by checkpointing tasks under labels
_, vs1, and vs2, and restarting from tasks under _, vs1,
and vs2, with and without CAP_MAC_ADMIN in the bounding
set, and with and without the '-k' (keep_lsm) flag to mktree.
Expected results:
#shell 1:
echo vs1 > /proc/self/attr/current
ckpt > out
echo vs2 > /proc/self/attr/current
mktree -F /cgroup/2 < out
(frozen)
# shell 2:
cat /proc/`pidof ckpt`/attr/current
vs2
echo THAWED > /cgroup/2/freezer.state
# shell 1:
mktree -k -F /cgroup/2 < out
(frozen)
# shell 2:
cat /proc/`pidof ckpt`/attr/current
vs1
echo THAWED > /cgroup/2/freezer.state
# shell 1:
capsh --drop=cap_mac_admin --
mktree -k -F /cgroup/2 < out
(permission denied)
There are testcases in git://git.sr71.net/~hallyn/cr_tests.git
under cr_tests/smack, which automate the above (and pass).
Changelog:
sep 3: add a version to smack lsm, accessible through
/smack/version (Casey and Serge)
sep 10: rename xyz_get_ctx() to xyz_checkpoint()
Cc: linux-security-module@vger.kernel.org
Cc: Kentaro Takeda <takedakn@nttdata.co.jp>
Cc: David Howells <dhowells@redhat.com>
Signed-off-by: Serge E. Hallyn <serue@us.ibm.com>
Acked-by: Casey Schaufler <casey@schaufler-ca.com>
Acked-by: Oren Laadan <orenl@cs.columbia.edu>
---
kernel/checkpoint/restart.c | 1 +
security/smack/smack.h | 1 +
security/smack/smack_lsm.c | 144 +++++++++++++++++++++++++++++++++++++++++++
security/smack/smackfs.c | 83 +++++++++++++++++++++++++
4 files changed, 229 insertions(+), 0 deletions(-)
diff --git a/kernel/checkpoint/restart.c b/kernel/checkpoint/restart.c
index 6605597..3aa69e4 100644
--- a/kernel/checkpoint/restart.c
+++ b/kernel/checkpoint/restart.c
@@ -682,6 +682,7 @@ static int restore_lsm(struct ckpt_ctx *ctx)
}
if (strcmp(ctx->lsm_name, "lsm_none") != 0 &&
+ strcmp(ctx->lsm_name, "smack") != 0 &&
strcmp(ctx->lsm_name, "default") != 0) {
ckpt_debug("c/r: RESTART_KEEP_LSM unsupported for %s\n",
ctx->lsm_name);
diff --git a/security/smack/smack.h b/security/smack/smack.h
index c6e9aca..a8917b0 100644
--- a/security/smack/smack.h
+++ b/security/smack/smack.h
@@ -216,6 +216,7 @@ u32 smack_to_secid(const char *);
extern int smack_cipso_direct;
extern char *smack_net_ambient;
extern char *smack_onlycap;
+extern char *smack_version;
extern const char *smack_cipso_option;
extern struct smack_known smack_known_floor;
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index fdfeaa2..6f01f6d 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -28,6 +28,7 @@
#include <linux/slab.h>
#include <linux/mutex.h>
#include <linux/pipe_fs_i.h>
+#include <linux/checkpoint.h>
#include <net/netlabel.h>
#include <net/cipso_ipv4.h>
#include <linux/audit.h>
@@ -887,6 +888,28 @@ static int smack_file_permission(struct file *file, int mask)
return 0;
}
+static inline char *smack_file_checkpoint(void *security)
+{
+ return kstrdup((char *)security, GFP_KERNEL);
+}
+
+static inline int smack_file_restore(struct file *file, char *ctx)
+{
+ char *newsmack = smk_import(ctx, 0);
+
+ if (newsmack == NULL)
+ return -EINVAL;
+ /* I think by definition, file->f_security == current_security
+ * right now, but let's assume somehow it might not be */
+ if (newsmack == file->f_security)
+ return 0;
+ if (!capable(CAP_MAC_ADMIN))
+ return -EPERM;
+ file->f_security = newsmack;
+
+ return 0;
+}
+
/**
* smack_file_alloc_security - assign a file security blob
* @file: the object
@@ -1074,6 +1097,27 @@ static int smack_file_receive(struct file *file)
* Task hooks
*/
+static inline char *smack_cred_checkpoint(void *security)
+{
+ return kstrdup((char *)security, GFP_KERNEL);
+}
+
+static inline int smack_cred_restore(struct file *file, struct cred *cred,
+ char *ctx)
+{
+ char *newsmack = smk_import(ctx, 0);
+
+ if (newsmack == NULL)
+ return -EINVAL;
+ if (newsmack == cred->security)
+ return 0;
+ if (!capable(CAP_MAC_ADMIN))
+ return -EPERM;
+ cred->security = newsmack;
+
+ return 0;
+}
+
/**
* smack_cred_alloc_blank - "allocate" blank task-level security credentials
* @new: the new credentials
@@ -1766,6 +1810,26 @@ static int smack_msg_msg_alloc_security(struct msg_msg *msg)
return 0;
}
+static inline char *smack_msg_msg_checkpoint(void *security)
+{
+ return kstrdup((char *)security, GFP_KERNEL);
+}
+
+static inline int smack_msg_msg_restore(struct msg_msg *msg, char *ctx)
+{
+ char *newsmack = smk_import(ctx, 0);
+
+ if (newsmack == NULL)
+ return -EINVAL;
+ if (newsmack == msg->security)
+ return 0;
+ if (!capable(CAP_MAC_ADMIN))
+ return -EPERM;
+ msg->security = newsmack;
+
+ return 0;
+}
+
/**
* smack_msg_msg_free_security - Clear the security blob for msg_msg
* @msg: the object
@@ -2199,6 +2263,26 @@ static void smack_ipc_getsecid(struct kern_ipc_perm *ipp, u32 *secid)
*secid = smack_to_secid(smack);
}
+static inline char *smack_ipc_checkpoint(void *security)
+{
+ return kstrdup((char *)security, GFP_KERNEL);
+}
+
+static inline int smack_ipc_restore(struct kern_ipc_perm *ipcp, char *ctx)
+{
+ char *newsmack = smk_import(ctx, 0);
+
+ if (newsmack == NULL)
+ return -EINVAL;
+ if (newsmack == ipcp->security)
+ return 0;
+ if (!capable(CAP_MAC_ADMIN))
+ return -EPERM;
+ ipcp->security = newsmack;
+
+ return 0;
+}
+
/**
* smack_d_instantiate - Make sure the blob is correct on an inode
* @opt_dentry: unused
@@ -3074,6 +3158,51 @@ static int smack_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
return 0;
}
+#ifdef CONFIG_CHECKPOINT
+
+static int smack_may_restart(struct ckpt_ctx *ctx)
+{
+ struct ckpt_hdr *chp;
+ char *saved_version;
+ int ret = 0;
+
+ chp = ckpt_read_buf_type(ctx, CKPT_LSM_INFO_LEN, CKPT_HDR_LSM_INFO);
+ if (IS_ERR(chp))
+ return PTR_ERR(chp);
+
+ /*
+ * After the checkpoint header comes the null terminated
+ * Smack "policy" version. This will usually be the
+ * floor label "_".
+ */
+ saved_version = (char *)(chp + 1);
+
+ /*
+ * Of course, it is possible that a "policy" version mismatch
+ * is not considered threatening.
+ */
+ if (!(ctx->uflags & RESTART_KEEP_LSM))
+ goto skip;
+
+ if (strcmp(saved_version, smack_version) != 0) {
+ ckpt_debug("Smack version at checkpoint was"
+ "\"%s\", now is \"%s\".\n",
+ saved_version, smack_version);
+ ret = -EINVAL;
+ }
+skip:
+ ckpt_hdr_put(ctx, chp);
+ return ret;
+}
+
+static int smack_checkpoint_header(struct ckpt_ctx *ctx)
+{
+ return ckpt_write_obj_type(ctx, smack_version,
+ strlen(smack_version) + 1,
+ CKPT_HDR_LSM_INFO);
+}
+#endif
+
struct security_operations smack_ops = {
.name = "smack",
@@ -3109,6 +3238,8 @@ struct security_operations smack_ops = {
.inode_getsecid = smack_inode_getsecid,
.file_permission = smack_file_permission,
+ .file_checkpoint = smack_file_checkpoint,
+ .file_restore = smack_file_restore,
.file_alloc_security = smack_file_alloc_security,
.file_free_security = smack_file_free_security,
.file_ioctl = smack_file_ioctl,
@@ -3119,6 +3250,10 @@ struct security_operations smack_ops = {
.file_receive = smack_file_receive,
.cred_alloc_blank = smack_cred_alloc_blank,
+
+ .cred_checkpoint = smack_cred_checkpoint,
+ .cred_restore = smack_cred_restore,
+
.cred_free = smack_cred_free,
.cred_prepare = smack_cred_prepare,
.cred_commit = smack_cred_commit,
@@ -3141,8 +3276,12 @@ struct security_operations smack_ops = {
.ipc_permission = smack_ipc_permission,
.ipc_getsecid = smack_ipc_getsecid,
+ .ipc_checkpoint = smack_ipc_checkpoint,
+ .ipc_restore = smack_ipc_restore,
.msg_msg_alloc_security = smack_msg_msg_alloc_security,
+ .msg_msg_checkpoint = smack_msg_msg_checkpoint,
+ .msg_msg_restore = smack_msg_msg_restore,
.msg_msg_free_security = smack_msg_msg_free_security,
.msg_queue_alloc_security = smack_msg_queue_alloc_security,
@@ -3205,6 +3344,11 @@ struct security_operations smack_ops = {
.inode_notifysecctx = smack_inode_notifysecctx,
.inode_setsecctx = smack_inode_setsecctx,
.inode_getsecctx = smack_inode_getsecctx,
+
+#ifdef CONFIG_CHECKPOINT
+ .may_restart = smack_may_restart,
+ .checkpoint_header = smack_checkpoint_header,
+#endif
};
diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c
index a2b72d7..2a551b2 100644
--- a/security/smack/smackfs.c
+++ b/security/smack/smackfs.c
@@ -43,6 +43,7 @@ enum smk_inos {
SMK_NETLBLADDR = 8, /* single label hosts */
SMK_ONLYCAP = 9, /* the only "capable" label */
SMK_LOGGING = 10, /* logging */
+ SMK_VERSION = 11, /* logging */
};
/*
@@ -52,6 +53,7 @@ static DEFINE_MUTEX(smack_list_lock);
static DEFINE_MUTEX(smack_cipso_lock);
static DEFINE_MUTEX(smack_ambient_lock);
static DEFINE_MUTEX(smk_netlbladdr_lock);
+static DEFINE_MUTEX(smack_version_lock);
/*
* This is the "ambient" label for network traffic.
@@ -61,6 +63,16 @@ static DEFINE_MUTEX(smk_netlbladdr_lock);
char *smack_net_ambient = smack_known_floor.smk_known;
/*
+ * This is the policy version. In the interest of simplicity the
+ * policy version is a string that meets all of the requirements
+ * of a Smack label. This is enforced by the expedient of
+ * importing it like a label. The policy version is thus always
+ * also a valid label on the system. This may prove useful under
+ * some as yet undiscovered circumstance.
+ */
+char *smack_version = smack_known_floor.smk_known;
+
+/*
* This is the level in a CIPSO header that indicates a
* smack label is contained directly in the category set.
* It can be reset via smackfs/direct
@@ -1256,6 +1268,75 @@ static const struct file_operations smk_logging_ops = {
.read = smk_read_logging,
.write = smk_write_logging,
};
+
+#define SMK_VERSIONLEN 12
+/**
+ * smk_read_version - read() for /smack/version
+ * @filp: file pointer, not actually used
+ * @buf: where to put the result
+ * @cn: maximum to send along
+ * @ppos: where to start
+ *
+ * Returns number of bytes read or error code, as appropriate
+ */
+static ssize_t smk_read_version(struct file *filp, char __user *buf,
+ size_t count, loff_t *ppos)
+{
+ int rc;
+
+ if (*ppos != 0)
+ return 0;
+
+ mutex_lock(&smack_version_lock);
+
+ rc = simple_read_from_buffer(buf, count, ppos, smack_version,
+ strlen(smack_version) + 1);
+
+ mutex_unlock(&smack_version_lock);
+
+ return rc;
+}
+
+/**
+ * smk_write_version - write() for /smack/version
+ * @file: file pointer, not actually used
+ * @buf: where to get the data from
+ * @count: bytes sent
+ * @ppos: where to start
+ *
+ * Returns number of bytes written or error code, as appropriate
+ */
+static ssize_t smk_write_version(struct file *file, const char __user *buf,
+ size_t count, loff_t *ppos)
+{
+ char *smack;
+ char in[SMK_LABELLEN];
+
+ if (!capable(CAP_MAC_ADMIN))
+ return -EPERM;
+
+ if (count >= SMK_LABELLEN)
+ return -EINVAL;
+
+ if (copy_from_user(in, buf, count) != 0)
+ return -EFAULT;
+
+ smack = smk_import(in, count);
+ if (smack == NULL)
+ return -EINVAL;
+
+ mutex_lock(&smack_version_lock);
+ smack_version = smack;
+ mutex_unlock(&smack_version_lock);
+
+ return count;
+}
+
+static const struct file_operations smk_version_ops = {
+ .read = smk_read_version,
+ .write = smk_write_version,
+};
+
/**
* smk_fill_super - fill the /smackfs superblock
* @sb: the empty superblock
@@ -1288,6 +1369,8 @@ static int smk_fill_super(struct super_block *sb, void *data, int silent)
{"onlycap", &smk_onlycap_ops, S_IRUGO|S_IWUSR},
[SMK_LOGGING] =
{"logging", &smk_logging_ops, S_IRUGO|S_IWUSR},
+ [SMK_VERSION] =
+ {"version", &smk_version_ops, S_IRUGO|S_IWUSR},
/* last one */ {""}
};
--
1.6.3.3
^ permalink raw reply related [flat|nested] 137+ messages in thread* [PATCH v21 092/100] c/r: add selinux support (v6)
2010-05-01 14:14 [PATCH v21 00/100] Kernel based checkpoint/restart Oren Laadan
` (90 preceding siblings ...)
2010-05-01 14:16 ` [PATCH v21 091/100] c/r: add smack support to lsm c/r (v4) Oren Laadan
@ 2010-05-01 14:16 ` Oren Laadan
2010-05-01 14:16 ` [PATCH v21 093/100] c/r: Add checkpoint and collect hooks to net_device_ops Oren Laadan
` (9 subsequent siblings)
101 siblings, 0 replies; 137+ messages in thread
From: Oren Laadan @ 2010-05-01 14:16 UTC (permalink / raw)
To: Andrew Morton
Cc: containers, linux-kernel, Serge Hallyn, Matt Helsley,
Pavel Emelyanov, linux-security-module, Kentaro Takeda,
David Howells
From: Serge E. Hallyn <serue@us.ibm.com>
Documentation/checkpoint/readme.txt begins:
"""
Application checkpoint/restart is the ability to save the state
of a running application so that it can later resume its execution
from the time at which it was checkpointed.
"""
This patch adds the ability to checkpoint and restore selinux
contexts for tasks, open files, and sysvipc objects. Contexts
are checkpointed as strings. For tasks and files, where a security
struct actually points to several contexts, all contexts are
written out in one string, separated by ':::'.
The default behaviors are to checkpoint contexts, but not to
restore them. To attempt to restore them, sys_restart() must
be given the RESTART_KEEP_LSM flag. If this is given then
the caller of sys_restart() must have the new 'restore' permission
to the target objclass, or for instance PROCESS__SETFSCREATE to
itself to specify a create_sid.
There are some tests under cr_tests/selinux at
git://git.sr71.net/~hallyn/cr_tests.git.
A corresponding simple refpolicy (and /usr/share/selinux/devel/include)
patch is needed.
The programs to checkpoint and restart (called 'checkpoint' and
'restart') come from git://git.ncl.cs.columbia.edu/pub/git/user-cr.git.
This patch applies against the checkpoint/restart-enabled kernel
tree at git://git.ncl.cs.columbia.edu/pub/git/linux-cr.git/.
Changelog:
Feb 02: [orenl] rebase to kernel 2.6.33
* add tags in classmap.h (includes files autogenerated)
Dec 09: update to use common_audit_data.
oct 09: fix memory overrun in selinux_cred_checkpoint.
oct 02: (Stephen Smalley suggestions):
1. s/__u32/u32/
2. enable the fown sid restoration
3. use process_restore to authorize resetting osid
4. don't make new hooks inline.
oct 01: Remove some debugging that is redundant with
avc log data.
sep 10: (Most addressing suggestions by Stephen Smalley)
1. change xyz_get_ctx() to xyz_checkpoint().
2. check entrypoint permission on cred_restore
3. always dec context length by 1
4. don't allow SECSID_NULL when that's not valid
5. when SECSID_NULL is valid, restore it
6. c/r task->osid
7. Just print nothing instead of 'null' for SECSID_NULL
8. sids are __u32, as are lenghts passed to sid_to_context.
Cc: linux-security-module@vger.kernel.org
Cc: Kentaro Takeda <takedakn@nttdata.co.jp>
Cc: David Howells <dhowells@redhat.com>
Signed-off-by: Serge E. Hallyn <serue@us.ibm.com>
Acked-by: Oren Laadan <orenl@cs.columbia.edu>
---
kernel/checkpoint/restart.c | 1 +
security/selinux/hooks.c | 369 +++++++++++++++++++++++++++++++++++
security/selinux/include/classmap.h | 9 +-
3 files changed, 375 insertions(+), 4 deletions(-)
diff --git a/kernel/checkpoint/restart.c b/kernel/checkpoint/restart.c
index 3aa69e4..8455c76 100644
--- a/kernel/checkpoint/restart.c
+++ b/kernel/checkpoint/restart.c
@@ -683,6 +683,7 @@ static int restore_lsm(struct ckpt_ctx *ctx)
if (strcmp(ctx->lsm_name, "lsm_none") != 0 &&
strcmp(ctx->lsm_name, "smack") != 0 &&
+ strcmp(ctx->lsm_name, "selinux") != 0 &&
strcmp(ctx->lsm_name, "default") != 0) {
ckpt_debug("c/r: RESTART_KEEP_LSM unsupported for %s\n",
ctx->lsm_name);
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 5feecb4..bce383c 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -77,6 +77,10 @@
#include <linux/mutex.h>
#include <linux/posix-timers.h>
#include <linux/syslog.h>
+#include <linux/checkpoint.h>
+
+#include "flask.h"
+#include "av_permissions.h"
#include "avc.h"
#include "objsec.h"
@@ -2973,6 +2977,104 @@ static int selinux_file_permission(struct file *file, int mask)
return selinux_revalidate_file_permission(file, mask);
}
+/*
+ * for file context, we print both the fsec->sid and fsec->fown_sid
+ * as string representations, separated by ':::'
+ * We don't touch isid - if you wanted that set you shoulda set up the
+ * fs correctly.
+ */
+static char *selinux_file_checkpoint(void *security)
+{
+ struct file_security_struct *fsec = security;
+ char *s1 = NULL, *s2 = NULL, *sfull;
+ u32 len1, len2, lenfull;
+ int ret;
+
+ if (fsec->sid == 0 || fsec->fown_sid == 0)
+ return ERR_PTR(-EINVAL);
+
+ ret = security_sid_to_context(fsec->sid, &s1, &len1);
+ if (ret)
+ return ERR_PTR(ret);
+ len1--;
+ ret = security_sid_to_context(fsec->fown_sid, &s2, &len2);
+ if (ret) {
+ kfree(s1);
+ return ERR_PTR(ret);
+ }
+ len2--;
+ lenfull = len1 + len2 + 3;
+ sfull = kmalloc(lenfull + 1, GFP_KERNEL);
+ if (!sfull) {
+ sfull = ERR_PTR(-ENOMEM);
+ goto out;
+ }
+ sfull[lenfull] = '\0';
+ sprintf(sfull, "%s:::%s", s1, s2);
+
+out:
+ kfree(s1);
+ kfree(s2);
+ return sfull;
+}
+
+static int selinux_file_restore(struct file *file, char *ctx)
+{
+ char *s1, *s2;
+ u32 sid1 = 0, sid2 = 0;
+ int ret = -EINVAL;
+ struct file_security_struct *fsec = file->f_security;
+
+ /*
+ * Objhash made sure the string is null-terminated.
+ * We make a copy so we can mangle it.
+ */
+ s1 = kstrdup(ctx, GFP_KERNEL);
+ if (!s1)
+ return -ENOMEM;
+ s2 = strstr(s1, ":::");
+ if (!s2)
+ goto out;
+
+ *s2 = '\0';
+ s2 += 3;
+ if (*s2 == '\0')
+ goto out;
+
+ /* SECSID_NULL is not valid for file sids */
+ if (strlen(s1) == 0 || strlen(s2) == 0)
+ goto out;
+
+ ret = security_context_to_sid(s1, strlen(s1), &sid1);
+ if (ret)
+ goto out;
+ ret = security_context_to_sid(s2, strlen(s2), &sid2);
+ if (ret)
+ goto out;
+
+ if (sid1 && fsec->sid != sid1) {
+ ret = avc_has_perm(current_sid(), sid1, SECCLASS_FILE,
+ FILE__RESTORE, NULL);
+ if (ret)
+ goto out;
+ fsec->sid = sid1;
+ }
+
+ if (sid2 && fsec->fown_sid != sid2) {
+ ret = avc_has_perm(current_sid(), sid2, SECCLASS_FILE,
+ FILE__FOWN_RESTORE, NULL);
+ if (ret)
+ goto out;
+ fsec->fown_sid = sid2;
+ }
+
+ ret = 0;
+
+out:
+ kfree(s1);
+ return ret;
+}
+
static int selinux_file_alloc_security(struct file *file)
{
return file_alloc_security(file);
@@ -3231,6 +3333,186 @@ static int selinux_task_create(unsigned long clone_flags)
return current_has_perm(current, PROCESS__FORK);
}
+#define NUMTASKSIDS 6
+/*
+ * for cred context, we print:
+ * osid, sid, exec_sid, create_sid, keycreate_sid, sockcreate_sid;
+ * as string representations, separated by ':::'
+ */
+static char *selinux_cred_checkpoint(void *security)
+{
+ struct task_security_struct *tsec = security;
+ char *stmp, *sfull = NULL;
+ u32 slen, runlen;
+ int i, ret;
+ u32 sids[NUMTASKSIDS] = { tsec->osid, tsec->sid, tsec->exec_sid,
+ tsec->create_sid, tsec->keycreate_sid, tsec->sockcreate_sid };
+
+ if (sids[0] == 0 || sids[1] == 0)
+ /* SECSID_NULL is not valid for osid or sid */
+ return ERR_PTR(-EINVAL);
+
+ ret = security_sid_to_context(sids[0], &sfull, &runlen);
+ if (ret)
+ return ERR_PTR(ret);
+ runlen--;
+
+ for (i = 1; i < NUMTASKSIDS; i++) {
+ if (sids[i] == 0) {
+ stmp = NULL;
+ slen = 0;
+ } else {
+ ret = security_sid_to_context(sids[i], &stmp, &slen);
+ if (ret) {
+ kfree(sfull);
+ return ERR_PTR(ret);
+ }
+ slen--;
+ }
+ /* slen + runlen + ':::' + \0 */
+ sfull = krealloc(sfull, slen + runlen + 3 + 1,
+ GFP_KERNEL);
+ if (!sfull) {
+ kfree(stmp);
+ return ERR_PTR(-ENOMEM);
+ }
+ sprintf(sfull+runlen, ":::%s", stmp ? stmp : "");
+ runlen += slen + 3;
+ kfree(stmp);
+ }
+
+ return sfull;
+}
+
+static inline int credrestore_nullvalid(int which)
+{
+ int valid_array[NUMTASKSIDS] = {
+ 0, /* task osid */
+ 0, /* task sid */
+ 1, /* exec sid */
+ 1, /* create sid */
+ 1, /* keycreate_sid */
+ 1, /* sockcreate_sid */
+ };
+
+ return valid_array[which];
+}
+
+static int selinux_cred_restore(struct file *file, struct cred *cred,
+ char *ctx)
+{
+ char *s, *s1, *s2 = NULL;
+ int ret = -EINVAL;
+ struct task_security_struct *tsec = cred->security;
+ int i;
+ u32 sids[NUMTASKSIDS];
+ struct inode *ctx_inode = file->f_dentry->d_inode;
+ struct common_audit_data ad;
+
+ /*
+ * objhash made sure the string is null-terminated
+ * now we want our own copy so we can chop it up with \0's
+ */
+ s = kstrdup(ctx, GFP_KERNEL);
+ if (!s)
+ return -ENOMEM;
+
+ s1 = s;
+ for (i = 0; i < NUMTASKSIDS; i++) {
+ if (i < NUMTASKSIDS-1) {
+ ret = -EINVAL;
+ s2 = strstr(s1, ":::");
+ if (!s2)
+ goto out;
+ *s2 = '\0';
+ s2 += 3;
+ }
+ if (strlen(s1) == 0) {
+ ret = -EINVAL;
+ if (credrestore_nullvalid(i))
+ sids[i] = 0;
+ else
+ goto out;
+ } else {
+ ret = security_context_to_sid(s1, strlen(s1), &sids[i]);
+ if (ret)
+ goto out;
+ }
+ s1 = s2;
+ }
+
+ /*
+ * Check that these transitions are allowed, and effect them.
+ * XXX: Do these checks suffice?
+ */
+ if (tsec->osid != sids[0]) {
+ ret = avc_has_perm(current_sid(), sids[0], SECCLASS_PROCESS,
+ PROCESS__RESTORE, NULL);
+ if (ret)
+ goto out;
+ tsec->osid = sids[0];
+ }
+
+ if (tsec->sid != sids[1]) {
+ struct inode_security_struct *isec;
+ ret = avc_has_perm(current_sid(), sids[1], SECCLASS_PROCESS,
+ PROCESS__RESTORE, NULL);
+ if (ret)
+ goto out;
+
+ /* check whether checkpoint file type is a valid entry
+ * point to the new domain: we may want a specific
+ * 'restore_entrypoint' permission for this, but let's
+ * see if just entrypoint is deemed sufficient
+ */
+
+ COMMON_AUDIT_DATA_INIT(&ad, FS);
+ ad.u.fs.path = file->f_path;
+
+ isec = ctx_inode->i_security;
+ ret = avc_has_perm(sids[1], isec->sid, SECCLASS_FILE,
+ FILE__ENTRYPOINT, &ad);
+ if (ret)
+ goto out;
+ /* TODO: do we need to check for shared state? */
+ tsec->sid = sids[1];
+ }
+
+ ret = -EPERM;
+ if (sids[2] != tsec->exec_sid) {
+ if (!current_has_perm(current, PROCESS__SETEXEC))
+ goto out;
+ tsec->exec_sid = sids[2];
+ }
+
+ if (sids[3] != tsec->create_sid) {
+ if (!current_has_perm(current, PROCESS__SETFSCREATE))
+ goto out;
+ tsec->create_sid = sids[3];
+ }
+
+ if (tsec->keycreate_sid != sids[4]) {
+ if (!current_has_perm(current, PROCESS__SETKEYCREATE))
+ goto out;
+ if (!may_create_key(sids[4], current))
+ goto out;
+ tsec->keycreate_sid = sids[4];
+ }
+
+ if (tsec->sockcreate_sid != sids[5]) {
+ if (!current_has_perm(current, PROCESS__SETSOCKCREATE))
+ goto out;
+ tsec->sockcreate_sid = sids[5];
+ }
+
+ ret = 0;
+
+out:
+ kfree(s);
+ return ret;
+}
+
+
/*
* allocate the SELinux part of blank credentials
*/
@@ -4762,6 +5044,44 @@ static void ipc_free_security(struct kern_ipc_perm *perm)
kfree(isec);
}
+static char *selinux_msg_msg_checkpoint(void *security)
+{
+ struct msg_security_struct *msec = security;
+ char *s;
+ u32 len;
+ int ret;
+
+ if (msec->sid == 0)
+ return ERR_PTR(-EINVAL);
+
+ ret = security_sid_to_context(msec->sid, &s, &len);
+ if (ret)
+ return ERR_PTR(ret);
+ return s;
+}
+
+static int selinux_msg_msg_restore(struct msg_msg *msg, char *ctx)
+{
+ struct msg_security_struct *msec = msg->security;
+ int ret;
+ u32 sid = 0;
+
+ ret = security_context_to_sid(ctx, strlen(ctx), &sid);
+ if (ret)
+ return ret;
+
+ if (msec->sid == sid)
+ return 0;
+
+ ret = avc_has_perm(current_sid(), sid, SECCLASS_MSG,
+ MSG__RESTORE, NULL);
+ if (ret)
+ return ret;
+
+ msec->sid = sid;
+ return 0;
+}
+
static int msg_msg_alloc_security(struct msg_msg *msg)
{
struct msg_security_struct *msec;
@@ -5165,6 +5485,47 @@ static void selinux_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid)
*secid = isec->sid;
}
+static char *selinux_ipc_checkpoint(void *security)
+{
+ struct ipc_security_struct *isec = security;
+ char *s;
+ u32 len;
+ int ret;
+
+ if (isec->sid == 0)
+ return ERR_PTR(-EINVAL);
+
+ ret = security_sid_to_context(isec->sid, &s, &len);
+ if (ret)
+ return ERR_PTR(ret);
+ return s;
+}
+
+static int selinux_ipc_restore(struct kern_ipc_perm *ipcp, char *ctx)
+{
+ struct ipc_security_struct *isec = ipcp->security;
+ int ret;
+ u32 sid = 0;
+ struct common_audit_data ad;
+
+ ret = security_context_to_sid(ctx, strlen(ctx), &sid);
+ if (ret)
+ return ret;
+
+ if (isec->sid == sid)
+ return 0;
+
+ COMMON_AUDIT_DATA_INIT(&ad, IPC);
+ ad.u.ipc_id = ipcp->key;
+ ret = avc_has_perm(current_sid(), sid, SECCLASS_IPC,
+ IPC__RESTORE, &ad);
+ if (ret)
+ return ret;
+
+ isec->sid = sid;
+ return 0;
+}
+
static void selinux_d_instantiate(struct dentry *dentry, struct inode *inode)
{
if (inode)
@@ -5512,6 +5873,8 @@ static struct security_operations selinux_ops = {
.inode_getsecid = selinux_inode_getsecid,
.file_permission = selinux_file_permission,
+ .file_checkpoint = selinux_file_checkpoint,
+ .file_restore = selinux_file_restore,
.file_alloc_security = selinux_file_alloc_security,
.file_free_security = selinux_file_free_security,
.file_ioctl = selinux_file_ioctl,
@@ -5527,6 +5890,8 @@ static struct security_operations selinux_ops = {
.task_create = selinux_task_create,
.cred_alloc_blank = selinux_cred_alloc_blank,
+ .cred_checkpoint = selinux_cred_checkpoint,
+ .cred_restore = selinux_cred_restore,
.cred_free = selinux_cred_free,
.cred_prepare = selinux_cred_prepare,
.cred_transfer = selinux_cred_transfer,
@@ -5550,8 +5915,12 @@ static struct security_operations selinux_ops = {
.ipc_permission = selinux_ipc_permission,
.ipc_getsecid = selinux_ipc_getsecid,
+ .ipc_checkpoint = selinux_ipc_checkpoint,
+ .ipc_restore = selinux_ipc_restore,
.msg_msg_alloc_security = selinux_msg_msg_alloc_security,
+ .msg_msg_checkpoint = selinux_msg_msg_checkpoint,
+ .msg_msg_restore = selinux_msg_msg_restore,
.msg_msg_free_security = selinux_msg_msg_free_security,
.msg_queue_alloc_security = selinux_msg_queue_alloc_security,
diff --git a/security/selinux/include/classmap.h b/security/selinux/include/classmap.h
index 8b32e95..b1cde03 100644
--- a/security/selinux/include/classmap.h
+++ b/security/selinux/include/classmap.h
@@ -24,7 +24,7 @@ struct security_class_mapping secclass_map[] = {
"getattr", "setexec", "setfscreate", "noatsecure", "siginh",
"setrlimit", "rlimitinh", "dyntransition", "setcurrent",
"execmem", "execstack", "execheap", "setkeycreate",
- "setsockcreate", NULL } },
+ "setsockcreate", "restore", NULL } },
{ "system",
{ "ipc_info", "syslog_read", "syslog_mod",
"syslog_console", "module_request", NULL } },
@@ -43,7 +43,8 @@ struct security_class_mapping secclass_map[] = {
"quotaget", NULL } },
{ "file",
{ COMMON_FILE_PERMS,
- "execute_no_trans", "entrypoint", "execmod", "open", NULL } },
+ "execute_no_trans", "entrypoint", "execmod", "open",
+ "restore", "fown_restore", NULL } },
{ "dir",
{ COMMON_FILE_PERMS, "add_name", "remove_name",
"reparent", "search", "rmdir", "open", NULL } },
@@ -93,13 +94,13 @@ struct security_class_mapping secclass_map[] = {
} },
{ "sem",
{ COMMON_IPC_PERMS, NULL } },
- { "msg", { "send", "receive", NULL } },
+ { "msg", { "send", "receive", "restore", NULL } },
{ "msgq",
{ COMMON_IPC_PERMS, "enqueue", NULL } },
{ "shm",
{ COMMON_IPC_PERMS, "lock", NULL } },
{ "ipc",
- { COMMON_IPC_PERMS, NULL } },
+ { COMMON_IPC_PERMS, "restore", NULL } },
{ "netlink_route_socket",
{ COMMON_SOCK_PERMS,
"nlmsg_read", "nlmsg_write", NULL } },
--
1.6.3.3
^ permalink raw reply related [flat|nested] 137+ messages in thread* [PATCH v21 093/100] c/r: Add checkpoint and collect hooks to net_device_ops
2010-05-01 14:14 [PATCH v21 00/100] Kernel based checkpoint/restart Oren Laadan
` (91 preceding siblings ...)
2010-05-01 14:16 ` [PATCH v21 092/100] c/r: add selinux support (v6) Oren Laadan
@ 2010-05-01 14:16 ` Oren Laadan
2010-05-01 14:16 ` [PATCH v21 094/100] c/r: Basic support for network namespaces and devices (v6) Oren Laadan
` (8 subsequent siblings)
101 siblings, 0 replies; 137+ messages in thread
From: Oren Laadan @ 2010-05-01 14:16 UTC (permalink / raw)
To: Andrew Morton
Cc: containers, linux-kernel, Serge Hallyn, Matt Helsley,
Pavel Emelyanov, Dan Smith, netdev
From: Dan Smith <danms@us.ibm.com>
These will be implemented per-driver by those that support such
operations.
Cc: netdev@vger.kernel.org
Signed-off-by: Dan Smith <danms@us.ibm.com>
Acked-by: David S. Miller <davem@davemloft.net>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Acked-by: Oren Laadan <orenl@cs.columbia.edu>
---
include/linux/netdevice.h | 6 ++++++
1 files changed, 6 insertions(+), 0 deletions(-)
diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h
index fa8b476..9f6de34 100644
--- a/include/linux/netdevice.h
+++ b/include/linux/netdevice.h
@@ -691,6 +691,12 @@ struct net_device_ops {
int (*ndo_fcoe_get_wwn)(struct net_device *dev,
u64 *wwn, int type);
#endif
+#ifdef CONFIG_CHECKPOINT
+ int (*ndo_collect)(struct ckpt_ctx *ctx,
+ struct net_device *dev);
+ int (*ndo_checkpoint)(struct ckpt_ctx *ctx,
+ struct net_device *dev);
+#endif
};
/*
--
1.6.3.3
^ permalink raw reply related [flat|nested] 137+ messages in thread* [PATCH v21 094/100] c/r: Basic support for network namespaces and devices (v6)
2010-05-01 14:14 [PATCH v21 00/100] Kernel based checkpoint/restart Oren Laadan
` (92 preceding siblings ...)
2010-05-01 14:16 ` [PATCH v21 093/100] c/r: Add checkpoint and collect hooks to net_device_ops Oren Laadan
@ 2010-05-01 14:16 ` Oren Laadan
2010-05-01 14:16 ` [PATCH v21 095/100] c/r: Add rtnl_dellink() helper Oren Laadan
` (7 subsequent siblings)
101 siblings, 0 replies; 137+ messages in thread
From: Oren Laadan @ 2010-05-01 14:16 UTC (permalink / raw)
To: Andrew Morton
Cc: containers, linux-kernel, Serge Hallyn, Matt Helsley,
Pavel Emelyanov, Dan Smith, netdev
From: Dan Smith <danms@us.ibm.com>
When checkpointing a task tree with network namespaces, we hook into
do_checkpoint_ns() along with the others. Any devices in a given namespace
are checkpointed (including their peer, in the case of veth) sequentially.
Each network device stores a list of protocol addresses, as well as other
information, such as hardware address.
This patch supports veth pairs, as well as the loopback adapter. The
loopback support is there to make sure that any additional addresses and
state (such as up/down) is copied to the loopback adapter that we are
given in the new network namespace.
On restart, we instantiate new network namespaces and veth pairs as
necessary. Any device we encounter that isn't in a network namespace
that was checkpointed as part of a task is left in the namespace of the
restarting process. This will be the case for a veth half that exists
in the init netns to provide network access to a container.
Still to do are:
1. Routes
2. Netfilter rules
3. IPv6 addresses
4. Other virtual device types (e.g. bridges)
5. Multicast
6. Device config info (ipv4_devconf)
7. Additional ipv4 address attributes
Changelog[v21]:
- Do not include checkpoint_hdr.h explicitly
- Fix acquiring socket lock before reading RTNETLINK response
- Skip down interfaces (v2)
- Export net checkpoint fns
- Add CHECKPOINT_NETNS flag
- Rename CONFIG_CHECKPOINT_NETNS -> CONFIG_NETNS_CHECKPOINT
- Netdev restore function dispatching from a table
- Added a comment about the controverial determination of "initial netns"
- Simplify the E2BIG error handling
- Remove a redundant check for checkpoint support per-device
Changes in v6:
- Store addresses in network byte order, per Dave's recommendation
Changes in v5:
- Rebase
- Remove checkpoint_container() noise
- Factor out some common bits of the RTNL newlink operations
- Add macvlan support
Changes in v4:
- Fix allocation under lock in ckpt_netdev_inet_addrs()
- Add comment for case where there is no netns info in checkpoint image
- Fix inner structure alignment in netdev_addr header
- Fix instances of kfree(skb)
- Remove init_netns_ref from container header and checkpoint context
- Add 'extern' to checkpoint.h prototypes
- Swizzle do_restore_netns() to handle netns more like the others
- Return E2BIG for failure case when collecting inet addrs
- Report case where device doesn't support checkpoint
- Remove nested netns check from may_checkpoint_task()
- Move veth-specific netdev attributes into unioned struct to set an
example for specific attributes of additional device types
- Add 'sit' device restore path that doesn't really do anything
- Fail instead of skip when encountering a device with no checkpoint
support
Changes in v3:
- Use dev->checkpoint() for per-device checkpoint operation
- Use RTNL for veth pair creation on restart
- Export some of the functions that will be needed by dev->ndo_checkpoint()
Changes in v2:
- Add CONFIG_CHECKPOINT_NETNS that is dependent on NET, NET_NS, and
CHECKPOINT. Conditionally compile the checkpoint_dev code based on it.
- Updated comment on should_checkpoint_netdev()
- Updated checkpoint_netdev() to explicitly check for "veth" in name
- Changed checkpoint_netns() to use BUG() for impossible condition
- Fixed a bug on restart with all devices in the init netns
- Lock the dev_base_lock while traversing interface addresses
- Collect all addresses for an interface before writing out in one
single pass
Cc: netdev@vger.kernel.org
Signed-off-by: Dan Smith <danms@us.ibm.com>
Acked-by: David S. Miller <davem@davemloft.net>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Acked-by: Oren Laadan <orenl@cs.columbia.edu>
---
Documentation/checkpoint/usage.txt | 1 +
include/linux/checkpoint.h | 29 ++-
include/linux/checkpoint_hdr.h | 58 +++
kernel/checkpoint/checkpoint.c | 5 -
kernel/nsproxy.c | 24 +-
net/Kconfig | 4 +
net/Makefile | 1 +
net/checkpoint.c | 63 +++-
net/checkpoint_dev.c | 818 ++++++++++++++++++++++++++++++++++++
9 files changed, 995 insertions(+), 8 deletions(-)
create mode 100644 net/checkpoint_dev.c
diff --git a/Documentation/checkpoint/usage.txt b/Documentation/checkpoint/usage.txt
index d697ed1..5700448 100644
--- a/Documentation/checkpoint/usage.txt
+++ b/Documentation/checkpoint/usage.txt
@@ -15,6 +15,7 @@ The API consists of three new system calls:
an open file to which error and debug messages are written. @flags
may be one or more of:
- CHECKPOINT_SUBTREE : allow checkpoint of sub-container
+ - CHECKPOINT_NETNS : include network namespaces and devices
(other value are not allowed).
Returns: a positive checkpoint identifier (ckptid) upon success, 0 if
diff --git a/include/linux/checkpoint.h b/include/linux/checkpoint.h
index 43d67ce..84bb7a9 100644
--- a/include/linux/checkpoint.h
+++ b/include/linux/checkpoint.h
@@ -14,6 +14,7 @@
/* checkpoint user flags */
#define CHECKPOINT_SUBTREE 0x1
+#define CHECKPOINT_NETNS 0x2
/* restart user flags */
#define RESTART_TASKSELF 0x1
@@ -35,6 +36,7 @@
#include <linux/checkpoint_types.h>
#include <linux/checkpoint_hdr.h>
#include <linux/err.h>
+#include <linux/inetdevice.h>
#include <net/sock.h>
/* sycall helpers */
@@ -55,7 +57,10 @@ extern long do_sys_restart(pid_t pid, int fd,
#define CKPT_CTX_ERROR (1 << CKPT_CTX_ERROR_BIT)
/* ckpt_ctx: uflags */
-#define CHECKPOINT_USER_FLAGS CHECKPOINT_SUBTREE
+#define CHECKPOINT_USER_FLAGS \
+ (CHECKPOINT_SUBTREE | \
+ CHECKPOINT_NETNS)
+
#define RESTART_USER_FLAGS \
(RESTART_TASKSELF | \
RESTART_FROZEN | \
@@ -119,6 +124,28 @@ extern int ckpt_sock_getnames(struct ckpt_ctx *ctx,
extern struct sk_buff *sock_restore_skb(struct ckpt_ctx *ctx, struct sock *sk);
extern void sock_listening_list_free(struct list_head *head);
+#ifdef CONFIG_NETNS_CHECKPOINT
+extern int checkpoint_netns(struct ckpt_ctx *ctx, void *ptr);
+extern void *restore_netns(struct ckpt_ctx *ctx);
+extern int checkpoint_netdev(struct ckpt_ctx *ctx, void *ptr);
+extern void *restore_netdev(struct ckpt_ctx *ctx);
+
+extern int ckpt_netdev_in_init_netns(struct ckpt_ctx *ctx,
+ struct net_device *dev);
+extern int ckpt_netdev_inet_addrs(struct in_device *indev,
+ struct ckpt_netdev_addr *list[]);
+extern int ckpt_netdev_hwaddr(struct net_device *dev,
+ struct ckpt_hdr_netdev *h);
+extern struct ckpt_hdr_netdev *ckpt_netdev_base(struct ckpt_ctx *ctx,
+ struct net_device *dev,
+ struct ckpt_netdev_addr *addrs[]);
+#else
+# define checkpoint_netns NULL
+# define restore_netns NULL
+# define checkpoint_netdev NULL
+# define restore_netdev NULL
+#endif
+
/* ckpt kflags */
#define ckpt_set_ctx_kflag(__ctx, __kflag) \
set_bit(__kflag##_BIT, &(__ctx)->kflags)
diff --git a/include/linux/checkpoint_hdr.h b/include/linux/checkpoint_hdr.h
index 1564726..eb5e1b4 100644
--- a/include/linux/checkpoint_hdr.h
+++ b/include/linux/checkpoint_hdr.h
@@ -189,6 +189,12 @@ enum {
#define CKPT_HDR_SOCKET_UNIX CKPT_HDR_SOCKET_UNIX
CKPT_HDR_SOCKET_INET,
#define CKPT_HDR_SOCKET_INET CKPT_HDR_SOCKET_INET
+ CKPT_HDR_NET_NS,
+#define CKPT_HDR_NET_NS CKPT_HDR_NET_NS
+ CKPT_HDR_NETDEV,
+#define CKPT_HDR_NETDEV CKPT_HDR_NETDEV
+ CKPT_HDR_NETDEV_ADDR,
+#define CKPT_HDR_NETDEV_ADDR CKPT_HDR_NETDEV_ADDR
CKPT_HDR_TAIL = 9001,
#define CKPT_HDR_TAIL CKPT_HDR_TAIL
@@ -261,6 +267,10 @@ enum obj_type {
#define CKPT_OBJ_SECURITY_PTR CKPT_OBJ_SECURITY_PTR
CKPT_OBJ_SECURITY,
#define CKPT_OBJ_SECURITY CKPT_OBJ_SECURITY
+ CKPT_OBJ_NET_NS,
+#define CKPT_OBJ_NET_NS CKPT_OBJ_NET_NS
+ CKPT_OBJ_NETDEV,
+#define CKPT_OBJ_NETDEV CKPT_OBJ_NETDEV
CKPT_OBJ_MAX
#define CKPT_OBJ_MAX CKPT_OBJ_MAX
};
@@ -444,6 +454,7 @@ struct ckpt_hdr_ns {
struct ckpt_hdr h;
__s32 uts_objref;
__s32 ipc_objref;
+ __s32 net_objref;
} __attribute__((aligned(8)));
/* cannot include <linux/tty.h> from userspace, so define: */
@@ -768,6 +779,53 @@ struct ckpt_hdr_file_socket {
__s32 sock_objref;
} __attribute__((aligned(8)));
+struct ckpt_hdr_netns {
+ struct ckpt_hdr h;
+ __s32 this_ref;
+} __attribute__((aligned(8)));
+
+enum ckpt_netdev_types {
+ CKPT_NETDEV_LO,
+ CKPT_NETDEV_VETH,
+ CKPT_NETDEV_SIT,
+ CKPT_NETDEV_MACVLAN,
+ CKPT_NETDEV_MAX,
+};
+
+struct ckpt_hdr_netdev {
+ struct ckpt_hdr h;
+ __s32 netns_ref;
+ union {
+ struct {
+ __s32 this_ref;
+ __s32 peer_ref;
+ } veth;
+ struct {
+ __u32 mode;
+ } macvlan;
+ };
+ __u32 inet_addrs;
+ __u16 type;
+ __u16 flags;
+ __u8 hwaddr[6];
+} __attribute__((aligned(8)));
+
+enum ckpt_netdev_addr_types {
+ CKPT_NETDEV_ADDR_IPV4,
+};
+
+struct ckpt_netdev_addr {
+ __u16 type;
+ union {
+ struct {
+ __be32 inet4_local;
+ __be32 inet4_address;
+ __be32 inet4_mask;
+ __be32 inet4_broadcast;
+ };
+ } __attribute__((aligned(8)));
+} __attribute__((aligned(8)));
+
struct ckpt_hdr_eventpoll_items {
struct ckpt_hdr h;
__s32 epfile_objref;
diff --git a/kernel/checkpoint/checkpoint.c b/kernel/checkpoint/checkpoint.c
index 7a4f1ce..4059c28 100644
--- a/kernel/checkpoint/checkpoint.c
+++ b/kernel/checkpoint/checkpoint.c
@@ -291,11 +291,6 @@ static int may_checkpoint_task(struct ckpt_ctx *ctx, struct task_struct *t)
_ckpt_err(ctx, -EPERM, "%(T)Nested mnt_ns unsupported\n");
ret = -EPERM;
}
- /* no support for >1 private netns */
- if (nsproxy->net_ns != ctx->root_nsproxy->net_ns) {
- _ckpt_err(ctx, -EPERM, "%(T)Nested net_ns unsupported\n");
- ret = -EPERM;
- }
/* pidns must be descendent of root_nsproxy */
pidns = nsproxy->pid_ns;
while (pidns != ctx->root_nsproxy->pid_ns) {
diff --git a/kernel/nsproxy.c b/kernel/nsproxy.c
index 7fb3cea..d4af91d 100644
--- a/kernel/nsproxy.c
+++ b/kernel/nsproxy.c
@@ -260,6 +260,12 @@ int ckpt_collect_ns(struct ckpt_ctx *ctx, struct task_struct *t)
ret = ckpt_obj_collect(ctx, nsproxy->uts_ns, CKPT_OBJ_UTS_NS);
if (ret < 0)
goto out;
+#ifdef CONFIG_NETNS_CHECKPOINT
+ if (ctx->uflags & CHECKPOINT_NETNS)
+ ret = ckpt_obj_collect(ctx, nsproxy->net_ns, CKPT_OBJ_NET_NS);
+ if (ret < 0)
+ goto out;
+#endif
#ifdef CONFIG_IPC_NS
ret = ckpt_obj_collect(ctx, nsproxy->ipc_ns, CKPT_OBJ_IPC_NS);
if (ret < 0)
@@ -308,6 +314,15 @@ static int checkpoint_ns(struct ckpt_ctx *ctx, void *ptr)
#endif /* CONFIG_IPC_NS */
h->ipc_objref = ret;
+#ifdef CONFIG_NETNS_CHECKPOINT
+ if (ctx->uflags & CHECKPOINT_NETNS)
+ ret = checkpoint_obj(ctx, nsproxy->net_ns, CKPT_OBJ_NET_NS);
+ else
+ ret = 0;
+ if (ret < 0)
+ goto out;
+ h->net_objref = ret;
+#endif
/* FIXME: for now, only marked visited to pacify leaks */
ret = ckpt_obj_visit(ctx, nsproxy->mnt_ns, CKPT_OBJ_MNT_NS);
if (ret < 0)
@@ -341,6 +356,14 @@ static void *restore_ns(struct ckpt_ctx *ctx)
ret = PTR_ERR(uts_ns);
goto out;
}
+ if (h->net_objref == 0)
+ net_ns = current->nsproxy->net_ns;
+ else
+ net_ns = ckpt_obj_fetch(ctx, h->net_objref, CKPT_OBJ_NET_NS);
+ if (IS_ERR(net_ns)) {
+ ret = PTR_ERR(net_ns);
+ goto out;
+ }
if (h->ipc_objref == 0)
ipc_ns = ctx->root_nsproxy->ipc_ns;
@@ -356,7 +379,6 @@ static void *restore_ns(struct ckpt_ctx *ctx)
}
mnt_ns = ctx->root_nsproxy->mnt_ns;
- net_ns = ctx->root_nsproxy->net_ns;
if (uts_ns == current->nsproxy->uts_ns &&
ipc_ns == current->nsproxy->ipc_ns &&
diff --git a/net/Kconfig b/net/Kconfig
index 041c35e..c1cb774 100644
--- a/net/Kconfig
+++ b/net/Kconfig
@@ -276,4 +276,8 @@ source "net/wimax/Kconfig"
source "net/rfkill/Kconfig"
source "net/9p/Kconfig"
+config NETNS_CHECKPOINT
+ bool
+ default y if NET && NET_NS && CHECKPOINT
+
endif # if NET
diff --git a/net/Makefile b/net/Makefile
index 74b038f..b7d78f4 100644
--- a/net/Makefile
+++ b/net/Makefile
@@ -67,3 +67,4 @@ endif
obj-$(CONFIG_WIMAX) += wimax/
obj-$(CONFIG_CHECKPOINT) += checkpoint.o
+obj-$(CONFIG_NETNS_CHECKPOINT) += checkpoint_dev.o
diff --git a/net/checkpoint.c b/net/checkpoint.c
index 03c1224..b1f56bf 100644
--- a/net/checkpoint.c
+++ b/net/checkpoint.c
@@ -986,6 +986,56 @@ struct file *sock_file_restore(struct ckpt_ctx *ctx, struct ckpt_hdr_file *ptr)
* sock-related checkpoint objects
*/
+static int netns_grab(void *ptr)
+{
+ struct net *net = ptr;
+
+ get_net(net);
+ return 0;
+}
+
+static void netns_drop(void *ptr, int lastref)
+{
+ struct net *net = ptr;
+
+ put_net(net);
+}
+
+/* netns object */
+static const struct ckpt_obj_ops ckpt_obj_netns_ops = {
+ .obj_name = "NET_NS",
+ .obj_type = CKPT_OBJ_NET_NS,
+ .ref_grab = netns_grab,
+ .ref_drop = netns_drop,
+ .checkpoint = checkpoint_netns,
+ .restore = restore_netns,
+};
+
+static int netdev_grab(void *ptr)
+{
+ struct net_device *dev = ptr;
+
+ dev_hold(dev);
+ return 0;
+}
+
+static void netdev_drop(void *ptr, int lastref)
+{
+ struct net_device *dev = ptr;
+
+ dev_put(dev);
+}
+
+/* netdev object */
+static const struct ckpt_obj_ops ckpt_obj_netdev_ops = {
+ .obj_name = "NET_DEV",
+ .obj_type = CKPT_OBJ_NETDEV,
+ .ref_grab = netdev_grab,
+ .ref_drop = netdev_drop,
+ .checkpoint = checkpoint_netdev,
+ .restore = restore_netdev,
+};
+
static int obj_sock_grab(void *ptr)
{
sock_hold((struct sock *) ptr);
@@ -1033,6 +1083,17 @@ static const struct ckpt_obj_ops ckpt_obj_sock_ops = {
static int __init checkpoint_register_sock(void)
{
- return register_checkpoint_obj(&ckpt_obj_sock_ops);
+ int ret;
+
+ ret = register_checkpoint_obj(&ckpt_obj_sock_ops);
+ if (ret < 0)
+ return ret;
+ ret = register_checkpoint_obj(&ckpt_obj_netns_ops);
+ if (ret < 0)
+ return ret;
+ ret = register_checkpoint_obj(&ckpt_obj_netdev_ops);
+ if (ret < 0)
+ return ret;
+ return 0;
}
module_init(checkpoint_register_sock);
diff --git a/net/checkpoint_dev.c b/net/checkpoint_dev.c
new file mode 100644
index 0000000..34a6bdb
--- /dev/null
+++ b/net/checkpoint_dev.c
@@ -0,0 +1,818 @@
+/*
+ * Copyright 2010 IBM Corporation
+ *
+ * Author(s): Dan Smith <danms@us.ibm.com>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation, version 2 of the
+ * License.
+ */
+
+#include <linux/sched.h>
+#include <linux/if.h>
+#include <linux/if_arp.h>
+#include <linux/inetdevice.h>
+#include <linux/veth.h>
+#include <linux/checkpoint.h>
+#include <linux/deferqueue.h>
+
+#include <net/net_namespace.h>
+#include <net/sch_generic.h>
+
+struct dq_netdev {
+ struct net_device *dev;
+ struct ckpt_ctx *ctx;
+};
+
+struct veth_newlink {
+ char *peer;
+};
+
+struct mvl_newlink {
+ char this[IFNAMSIZ+1];
+ char base[IFNAMSIZ+1];
+ int mode;
+ __u8 *hwaddr;
+};
+
+typedef int (*new_link_fn)(struct sk_buff *, void *);
+
+static int __kern_devinet_ioctl(struct net *net, unsigned int cmd, void *arg)
+{
+ mm_segment_t fs;
+ int ret;
+
+ fs = get_fs();
+ set_fs(KERNEL_DS);
+ ret = devinet_ioctl(net, cmd, arg);
+ set_fs(fs);
+
+ return ret;
+}
+
+static int __kern_dev_ioctl(struct net *net, unsigned int cmd, void *arg)
+{
+ mm_segment_t fs;
+ int ret;
+
+ fs = get_fs();
+ set_fs(KERNEL_DS);
+ ret = dev_ioctl(net, cmd, arg);
+ set_fs(fs);
+
+ return ret;
+}
+
+static struct socket *rtnl_open(void)
+{
+ struct socket *sock;
+ int ret;
+
+ ret = sock_create(AF_NETLINK, SOCK_DGRAM, NETLINK_ROUTE, &sock);
+ if (ret < 0)
+ return ERR_PTR(ret);
+
+ return sock;
+}
+
+static int rtnl_close(struct socket *rtnl)
+{
+ if (rtnl)
+ return kernel_sock_shutdown(rtnl, SHUT_RDWR);
+ else
+ return 0;
+}
+
+static struct nlmsghdr *rtnl_get_response(struct socket *rtnl,
+ struct sk_buff **skb)
+{
+ int ret;
+ long timeo = MAX_SCHEDULE_TIMEOUT;
+ struct nlmsghdr *nlh;
+
+ *skb = NULL;
+
+ lock_sock(rtnl->sk);
+ ret = sk_wait_data(rtnl->sk, &timeo);
+ if (ret)
+ *skb = skb_dequeue(&rtnl->sk->sk_receive_queue);
+ release_sock(rtnl->sk);
+
+ if (!*skb)
+ return ERR_PTR(-EPIPE);
+
+ ret = -EINVAL;
+ nlh = nlmsg_hdr(*skb);
+ if (!nlh)
+ goto err;
+
+ if (nlh->nlmsg_type == NLMSG_ERROR) {
+ struct nlmsgerr *errmsg = nlmsg_data(nlh);
+ ret = errmsg->error;
+ goto err;
+ }
+
+ return nlh;
+ err:
+ kfree_skb(*skb);
+ *skb = NULL;
+
+ return ERR_PTR(ret);
+}
+
+int ckpt_netdev_in_init_netns(struct ckpt_ctx *ctx, struct net_device *dev)
+{
+ /*
+ * Currently, we treat the "initial network namespace" as that
+ * of the process doing the checkpoint. This gives us a
+ * consistent view of the container and its layout from the
+ * perspective of the "agent" doing the checkpoint and
+ * restore.
+ */
+ return dev->nd_net == current->nsproxy->net_ns;
+}
+EXPORT_SYMBOL_GPL(ckpt_netdev_in_init_netns);
+
+int ckpt_netdev_hwaddr(struct net_device *dev, struct ckpt_hdr_netdev *h)
+{
+ struct net *net = dev->nd_net;
+ struct ifreq req;
+ int ret;
+
+ memcpy(req.ifr_name, dev->name, IFNAMSIZ);
+ ret = __kern_dev_ioctl(net, SIOCGIFFLAGS, &req);
+ if (ret < 0)
+ return ret;
+ h->flags = req.ifr_flags;
+
+ ret = __kern_dev_ioctl(net, SIOCGIFHWADDR, &req);
+ if (ret < 0)
+ return ret;
+
+ memcpy(h->hwaddr, req.ifr_hwaddr.sa_data, sizeof(h->hwaddr));
+
+ return 0;
+}
+
+int ckpt_netdev_inet_addrs(struct in_device *indev,
+ struct ckpt_netdev_addr *_abuf[])
+{
+ struct ckpt_netdev_addr *abuf = NULL;
+ struct in_ifaddr *addr = indev->ifa_list;
+ int addrs = 0;
+ int max = 32;
+
+ retry:
+ *_abuf = krealloc(abuf, max * sizeof(*abuf), GFP_KERNEL);
+ if (*_abuf == NULL) {
+ addrs = -ENOMEM;
+ goto out;
+ }
+ abuf = *_abuf;
+
+ read_lock(&dev_base_lock);
+
+ while (addr) {
+ abuf[addrs].type = CKPT_NETDEV_ADDR_IPV4; /* Only IPv4 now */
+ abuf[addrs].inet4_local = htonl(addr->ifa_local);
+ abuf[addrs].inet4_address = htonl(addr->ifa_address);
+ abuf[addrs].inet4_mask = htonl(addr->ifa_mask);
+ abuf[addrs].inet4_broadcast = htonl(addr->ifa_broadcast);
+
+ addr = addr->ifa_next;
+ if (++addrs >= max) {
+ read_unlock(&dev_base_lock);
+ max *= 2;
+ goto retry;
+ }
+ }
+
+ read_unlock(&dev_base_lock);
+ out:
+ if (addrs < 0) {
+ kfree(abuf);
+ *_abuf = NULL;
+ }
+
+ return addrs;
+}
+
+struct ckpt_hdr_netdev *ckpt_netdev_base(struct ckpt_ctx *ctx,
+ struct net_device *dev,
+ struct ckpt_netdev_addr *addrs[])
+{
+ struct ckpt_hdr_netdev *h;
+ int ret;
+
+ h = ckpt_hdr_get_type(ctx, sizeof(*h), CKPT_HDR_NETDEV);
+ if (!h)
+ return ERR_PTR(-ENOMEM);
+
+ ret = ckpt_netdev_hwaddr(dev, h);
+ if (ret < 0)
+ goto out;
+
+ *addrs = NULL;
+ ret = h->inet_addrs = ckpt_netdev_inet_addrs(dev->ip_ptr, addrs);
+ if (ret < 0)
+ goto out;
+
+ if (ckpt_netdev_in_init_netns(ctx, dev))
+ ret = h->netns_ref = 0;
+ else
+ ret = h->netns_ref = checkpoint_obj(ctx, dev->nd_net,
+ CKPT_OBJ_NET_NS);
+ out:
+ if (ret < 0) {
+ ckpt_hdr_put(ctx, h);
+ h = ERR_PTR(ret);
+ kfree(*addrs);
+ }
+
+ return h;
+}
+EXPORT_SYMBOL_GPL(ckpt_netdev_base);
+
+int checkpoint_netdev(struct ckpt_ctx *ctx, void *ptr)
+{
+ struct net_device *dev = (struct net_device *)ptr;
+ int ret;
+
+ if (!dev->netdev_ops->ndo_checkpoint) {
+ ckpt_err(ctx, -ENOSYS,
+ "Device %s does not support checkpoint\n", dev->name);
+ return -ENOSYS;
+ }
+
+ ckpt_debug("checkpointing netdev %s\n", dev->name);
+
+ ret = dev->netdev_ops->ndo_checkpoint(ctx, dev);
+ if (ret < 0)
+ ckpt_err(ctx, ret, "Failed to checkpoint netdev %s: %i\n",
+ dev->name, ret);
+
+ return ret;
+}
+
+int checkpoint_netns(struct ckpt_ctx *ctx, void *ptr)
+{
+ struct net *net = ptr;
+ struct net_device *dev;
+ struct ckpt_hdr_netns *h;
+ int ret;
+
+ h = ckpt_hdr_get_type(ctx, sizeof(*h), CKPT_HDR_NET_NS);
+ if (!h)
+ return -ENOMEM;
+
+ h->this_ref = ckpt_obj_lookup(ctx, net, CKPT_OBJ_NET_NS);
+ BUG_ON(h->this_ref <= 0);
+
+ ret = ckpt_write_obj(ctx, (struct ckpt_hdr *) h);
+ if (ret < 0)
+ goto out;
+
+ for_each_netdev(net, dev) {
+ if (dev->netdev_ops->ndo_checkpoint)
+ ret = checkpoint_obj(ctx, dev, CKPT_OBJ_NETDEV);
+ else if (dev->flags & IFF_UP)
+ ret = -ENOSYS;
+ else
+ /* TODO: There should be a flag to attempt a
+ * checkpoint of downed interfaces, regardless
+ * of whether they support checkpoint or not.
+ */
+ ret = 0;
+ if (ret < 0)
+ break;
+ }
+ out:
+ ckpt_hdr_put(ctx, h);
+
+ return ret;
+}
+
+static int restore_in_addrs(struct ckpt_ctx *ctx,
+ __u32 naddrs,
+ struct net *net,
+ struct net_device *dev)
+{
+ __u32 i;
+ int ret = 0;
+ int len = naddrs * sizeof(struct ckpt_netdev_addr);
+ struct ckpt_netdev_addr *addrs = NULL;
+
+ ret = ckpt_read_payload(ctx, (void **)&addrs, len, CKPT_HDR_BUFFER);
+ if (ret < 0)
+ goto out;
+
+ for (i = 0; i < naddrs; i++) {
+ struct ckpt_netdev_addr *addr = &addrs[i];
+ struct ifreq req;
+ struct sockaddr_in *inaddr;
+
+ if (addr->type != CKPT_NETDEV_ADDR_IPV4) {
+ ret = -EINVAL;
+ ckpt_err(ctx, ret, "Unsupported netdev addr type %i\n",
+ addr->type);
+ break;
+ }
+
+ ckpt_debug("restoring %s: %x/%x/%x\n", dev->name,
+ addr->inet4_address,
+ addr->inet4_mask,
+ addr->inet4_broadcast);
+
+ memcpy(req.ifr_name, dev->name, IFNAMSIZ);
+
+ inaddr = (struct sockaddr_in *)&req.ifr_addr;
+ inaddr->sin_addr.s_addr = ntohl(addr->inet4_address);
+ inaddr->sin_family = AF_INET;
+ ret = __kern_devinet_ioctl(net, SIOCSIFADDR, &req);
+ if (ret < 0) {
+ ckpt_err(ctx, ret, "Failed to set address\n");
+ break;
+ }
+
+ inaddr = (struct sockaddr_in *)&req.ifr_addr;
+ inaddr->sin_addr.s_addr = ntohl(addr->inet4_mask);
+ inaddr->sin_family = AF_INET;
+ ret = __kern_devinet_ioctl(net, SIOCSIFNETMASK, &req);
+ if (ret < 0) {
+ ckpt_err(ctx, ret, "Failed to set netmask\n");
+ break;
+ }
+
+ inaddr = (struct sockaddr_in *)&req.ifr_addr;
+ inaddr->sin_addr.s_addr = ntohl(addr->inet4_broadcast);
+ inaddr->sin_family = AF_INET;
+ ret = __kern_devinet_ioctl(net, SIOCSIFBRDADDR, &req);
+ if (ret < 0) {
+ ckpt_err(ctx, ret, "Failed to set broadcast\n");
+ break;
+ }
+ }
+
+ out:
+ kfree(addrs);
+
+ return ret;
+}
+
+static int veth_new_link_msg(struct sk_buff *skb, void *data)
+{
+ struct nlattr *linkinfo;
+ struct nlattr *linkdata;
+ struct ifinfomsg ifm;
+ int ret = -ENOMEM;
+ struct veth_newlink *d = data;
+
+ linkinfo = nla_nest_start(skb, IFLA_LINKINFO);
+ if (!linkinfo)
+ goto out;
+
+ ret = nla_put_string(skb, IFLA_INFO_KIND, "veth");
+ if (ret)
+ goto out;
+
+ linkdata = nla_nest_start(skb, IFLA_INFO_DATA);
+ if (!linkdata) {
+ ret = -ENOMEM;
+ goto out;
+ }
+
+ ret = nla_put(skb, VETH_INFO_PEER, sizeof(ifm), &ifm);
+ if (!ret)
+ ret = nla_put_string(skb, IFLA_IFNAME, d->peer);
+
+ nla_nest_end(skb, linkdata);
+ out:
+ nla_nest_end(skb, linkinfo);
+
+ return ret;
+}
+
+static int mvl_new_link_msg(struct sk_buff *skb, void *data)
+{
+ struct mvl_newlink *d = data;
+ struct nlattr *linkinfo;
+ struct nlattr *linkdata;
+ struct net_device *lowerdev;
+ int ret;
+
+ lowerdev = dev_get_by_name(current->nsproxy->net_ns, d->base);
+ if (!lowerdev)
+ return -ENOENT;
+
+ ret = nla_put(skb, IFLA_ADDRESS, ETH_ALEN, d->hwaddr);
+ if (ret)
+ goto out_put;
+
+ ret = nla_put_u32(skb, IFLA_LINK, lowerdev->ifindex);
+ if (ret)
+ goto out_put;
+
+ linkinfo = nla_nest_start(skb, IFLA_LINKINFO);
+ if (!linkinfo) {
+ ret = -ENOMEM;
+ goto out_put;
+ }
+
+ ret = nla_put_string(skb, IFLA_INFO_KIND, "macvlan");
+ if (ret)
+ goto out;
+
+ linkdata = nla_nest_start(skb, IFLA_INFO_DATA);
+ if (!linkdata) {
+ ret = -ENOMEM;
+ goto out;
+ }
+
+ ret = nla_put_u32(skb, IFLA_MACVLAN_MODE, d->mode);
+ nla_nest_end(skb, linkdata);
+ out:
+ nla_nest_end(skb, linkinfo);
+ out_put:
+ dev_put(lowerdev);
+
+ return ret;
+}
+
+static struct sk_buff *new_link_msg(new_link_fn fn, void *data, char *name)
+{
+ int ret = -ENOMEM;
+ int flags = NLM_F_REQUEST | NLM_F_CREATE | NLM_F_ACK;
+ struct nlmsghdr *nlh;
+ struct sk_buff *skb;
+ struct ifinfomsg *ifm;
+
+ skb = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
+ if (!skb)
+ goto out;
+
+ nlh = nlmsg_put(skb, 0, 0, RTM_NEWLINK, sizeof(*ifm), flags);
+ if (!nlh)
+ goto out;
+
+ ifm = nlmsg_data(nlh);
+ memset(ifm, 0, sizeof(*ifm));
+
+ ret = nla_put_string(skb, IFLA_IFNAME, name);
+ if (ret)
+ goto out;
+
+ ret = fn(skb, data);
+
+ nlmsg_end(skb, nlh);
+
+ out:
+ if (ret < 0) {
+ kfree_skb(skb);
+ skb = ERR_PTR(ret);
+ }
+
+ return skb;
+}
+
+static struct net_device *rtnl_newlink(new_link_fn fn, void *data, char *name)
+{
+ int ret = -ENOMEM;
+ struct socket *rtnl = NULL;
+ struct sk_buff *skb = NULL;
+ struct nlmsghdr *nlh;
+ struct msghdr msg;
+ struct kvec kvec;
+
+ skb = new_link_msg(fn, data, name);
+ if (IS_ERR(skb)) {
+ ckpt_debug("failed to create new link message: %li\n",
+ PTR_ERR(skb));
+ return ERR_PTR(PTR_ERR(skb));
+ }
+
+ memset(&msg, 0, sizeof(msg));
+ kvec.iov_len = skb->len;
+ kvec.iov_base = skb->head;
+
+ rtnl = rtnl_open();
+ if (IS_ERR(rtnl)) {
+ ret = PTR_ERR(rtnl);
+ ckpt_debug("Unable to open rtnetlink socket: %i\n", ret);
+ goto out_noclose;
+ }
+
+ ret = kernel_sendmsg(rtnl, &msg, &kvec, 1, kvec.iov_len);
+ if (ret < 0)
+ goto out;
+ else if (ret != skb->len) {
+ ret = -EIO;
+ goto out;
+ }
+
+ /* Free the send skb to make room for the receive skb */
+ kfree_skb(skb);
+
+ nlh = rtnl_get_response(rtnl, &skb);
+ if (IS_ERR(nlh)) {
+ ret = PTR_ERR(nlh);
+ ckpt_debug("RTNETLINK said: %i\n", ret);
+ }
+ out:
+ rtnl_close(rtnl);
+ out_noclose:
+ kfree_skb(skb);
+
+ if (ret < 0)
+ return ERR_PTR(ret);
+ else
+ return dev_get_by_name(current->nsproxy->net_ns, name);
+}
+
+static int netdev_noop(void *data)
+{
+ return 0;
+}
+
+static int netdev_cleanup(void *data)
+{
+ struct dq_netdev *dq = data;
+
+ dev_put(dq->dev);
+
+ if (dq->ctx->errno) {
+ ckpt_debug("Unregistering netdev %s\n", dq->dev->name);
+ unregister_netdev(dq->dev);
+ }
+
+ return 0;
+}
+
+static struct net_device *restore_veth(struct ckpt_ctx *ctx,
+ struct ckpt_hdr_netdev *h,
+ struct net *net)
+{
+ int ret;
+ char this_name[IFNAMSIZ];
+ char peer_name[IFNAMSIZ];
+ struct net_device *dev;
+ struct net_device *peer;
+ struct ifreq req;
+ struct dq_netdev dq;
+
+ dq.ctx = ctx;
+
+ ret = _ckpt_read_buffer(ctx, this_name, IFNAMSIZ);
+ if (ret < 0)
+ return ERR_PTR(ret);
+
+ ret = _ckpt_read_buffer(ctx, peer_name, IFNAMSIZ);
+ if (ret < 0)
+ return ERR_PTR(ret);
+
+ ckpt_debug("restored veth netdev %s:%s\n", this_name, peer_name);
+
+ peer = ckpt_obj_try_fetch(ctx, h->veth.peer_ref, CKPT_OBJ_NETDEV);
+ if (IS_ERR(peer)) {
+ struct veth_newlink veth = {
+ .peer = peer_name,
+ };
+
+ dev = rtnl_newlink(veth_new_link_msg, &veth, this_name);
+ if (IS_ERR(dev))
+ return dev;
+
+ peer = dev_get_by_name(current->nsproxy->net_ns, peer_name);
+ if (!peer) {
+ ret = -EINVAL;
+ goto err_dev;
+ }
+
+ dq.dev = peer;
+ ret = deferqueue_add(ctx->deferqueue, &dq, sizeof(dq),
+ netdev_noop, netdev_cleanup);
+ if (ret)
+ goto err_peer;
+
+ ret = ckpt_obj_insert(ctx, peer, h->veth.peer_ref,
+ CKPT_OBJ_NETDEV);
+ if (ret < 0)
+ /* Can't recall peer dq, so let it cleanup peer */
+ goto err_dev;
+ dev_put(peer);
+
+ dq.dev = dev;
+ ret = deferqueue_add(ctx->deferqueue, &dq, sizeof(dq),
+ netdev_noop, netdev_cleanup);
+ if (ret)
+ /* Can't recall peer dq, so let it cleanup peer */
+ goto err_dev;
+
+ } else {
+ /* We're second: get our dev from the hash */
+ dev = ckpt_obj_fetch(ctx, h->veth.this_ref, CKPT_OBJ_NETDEV);
+ if (IS_ERR(dev))
+ return dev;
+ }
+
+ /* Move to our new netns */
+ rtnl_lock();
+ ret = dev_change_net_namespace(dev, net, dev->name);
+ rtnl_unlock();
+ if (ret < 0)
+ goto out;
+
+ /* Restore MAC address */
+ memcpy(req.ifr_name, dev->name, IFNAMSIZ);
+ memcpy(req.ifr_hwaddr.sa_data, h->hwaddr, sizeof(h->hwaddr));
+ req.ifr_hwaddr.sa_family = ARPHRD_ETHER;
+ ret = __kern_dev_ioctl(net, SIOCSIFHWADDR, &req);
+ out:
+ if (ret)
+ dev = ERR_PTR(ret);
+
+ return dev;
+
+ err_peer:
+ dev_put(peer);
+ unregister_netdev(peer);
+ err_dev:
+ dev_put(dev);
+ unregister_netdev(dev);
+
+ return ERR_PTR(ret);
+}
+
+static struct net_device *restore_lo(struct ckpt_ctx *ctx,
+ struct ckpt_hdr_netdev *h,
+ struct net *net)
+{
+ struct net_device *dev;
+ char name[IFNAMSIZ+1];
+ int ret;
+
+ dev = dev_get_by_name(net, "lo");
+ if (!dev)
+ return ERR_PTR(-EINVAL);
+
+ ret = _ckpt_read_buffer(ctx, name, IFNAMSIZ);
+ if (ret < 0)
+ goto err;
+
+ if (strncmp(dev->name, name, IFNAMSIZ) != 0) {
+ ret = dev_change_name(dev, name);
+ if (ret < 0)
+ goto err;
+ }
+
+ return dev;
+ err:
+ dev_put(dev);
+
+ return ERR_PTR(ret);
+}
+
+static struct net_device *restore_sit(struct ckpt_ctx *ctx,
+ struct ckpt_hdr_netdev *h,
+ struct net *net)
+{
+ /* Don't actually do anything for SIT devices yet */
+ return dev_get_by_name(net, "sit0");
+}
+
+static struct net_device *restore_macvlan(struct ckpt_ctx *ctx,
+ struct ckpt_hdr_netdev *h,
+ struct net *net)
+{
+ struct net_device *dev;
+ struct mvl_newlink mvl = {
+ .mode = h->macvlan.mode,
+ .hwaddr = h->hwaddr,
+ };
+ int ret;
+
+ ret = _ckpt_read_buffer(ctx, mvl.this, IFNAMSIZ);
+ if (ret < 0)
+ return ERR_PTR(ret);
+
+ ret = _ckpt_read_buffer(ctx, mvl.base, IFNAMSIZ);
+ if (ret < 0)
+ return ERR_PTR(ret);
+
+ dev = rtnl_newlink(mvl_new_link_msg, &mvl, mvl.this);
+ if (IS_ERR(dev)) {
+ ckpt_err(ctx, PTR_ERR(dev),
+ "Failed to create macvlan device %s:%s",
+ mvl.this, mvl.base);
+ goto out;
+ }
+
+ rtnl_lock();
+ ret = dev_change_net_namespace(dev, net, dev->name);
+ rtnl_unlock();
+
+ if (ret) {
+ ckpt_err(ctx, ret, "Failed to change netns of %s:%s\n",
+ mvl.this, mvl.base);
+ dev_put(dev);
+ unregister_netdev(dev);
+ dev = ERR_PTR(ret);
+ }
+ out:
+ return dev;
+}
+
+typedef struct net_device *(*restore_netdev_fn)(struct ckpt_ctx *,
+ struct ckpt_hdr_netdev *,
+ struct net *);
+
+restore_netdev_fn restore_netdev_functions[] = {
+ restore_lo, /* CKPT_NETDEV_LO */
+ restore_veth, /* CKPT_NETDEV_VETH */
+ restore_sit, /* CKPT_NETDEV_SIT */
+ restore_macvlan, /* CKPT_NETDEV_MACVLAN */
+};
+
+void *restore_netdev(struct ckpt_ctx *ctx)
+{
+ struct ckpt_hdr_netdev *h;
+ struct net_device *dev = NULL;
+ struct ifreq req;
+ struct net *net;
+ int ret;
+ restore_netdev_fn restore_fn = NULL;
+
+ h = ckpt_read_obj_type(ctx, sizeof(*h), CKPT_HDR_NETDEV);
+ if (IS_ERR(h))
+ return h;
+
+ if (h->netns_ref != 0) {
+ net = ckpt_obj_try_fetch(ctx, h->netns_ref, CKPT_OBJ_NET_NS);
+ if (IS_ERR(net)) {
+ ckpt_debug("failed to get net for %i\n", h->netns_ref);
+ ret = PTR_ERR(net);
+ goto out;
+ }
+ } else
+ net = current->nsproxy->net_ns;
+
+ if (h->type >= CKPT_NETDEV_MAX) {
+ ret = -EINVAL;
+ ckpt_err(ctx, ret, "Invalid netdev type %i\n", h->type);
+ goto out;
+ }
+
+ restore_fn = restore_netdev_functions[h->type];
+
+ dev = restore_fn(ctx, h, net);
+ if (IS_ERR(dev)) {
+ ret = PTR_ERR(dev);
+ ckpt_err(ctx, ret, "Netdev type %i not supported\n", h->type);
+ goto out;
+ }
+
+ /* Restore flags (which will likely bring the interface up) */
+ memcpy(req.ifr_name, dev->name, IFNAMSIZ);
+ req.ifr_flags = h->flags;
+ ret = __kern_dev_ioctl(net, SIOCSIFFLAGS, &req);
+ if (ret < 0)
+ goto out;
+
+ if (h->inet_addrs > 0)
+ ret = restore_in_addrs(ctx, h->inet_addrs, net, dev);
+ out:
+ if (ret) {
+ ckpt_err(ctx, ret, "Failed to restore netdevice\n");
+ if ((h->type == CKPT_NETDEV_VETH) && !IS_ERR(dev))
+ dev_put(dev);
+ dev = ERR_PTR(ret);
+ } else
+ ckpt_debug("restored netdev %s\n", dev->name);
+
+ ckpt_hdr_put(ctx, h);
+
+ return dev;
+}
+
+void *restore_netns(struct ckpt_ctx *ctx)
+{
+ struct ckpt_hdr_netns *h;
+ struct net *net;
+
+ h = ckpt_read_obj_type(ctx, sizeof(*h), CKPT_HDR_NET_NS);
+ if (IS_ERR(h)) {
+ ckpt_err(ctx, PTR_ERR(h), "failed to read netns\n");
+ return h;
+ }
+
+ if (h->this_ref != 0) {
+ net = copy_net_ns(CLONE_NEWNET, current->nsproxy->net_ns);
+ if (IS_ERR(net))
+ goto out;
+ } else
+ net = current->nsproxy->net_ns;
+ out:
+ ckpt_hdr_put(ctx, h);
+
+ return net;
+}
--
1.6.3.3
^ permalink raw reply related [flat|nested] 137+ messages in thread* [PATCH v21 095/100] c/r: Add rtnl_dellink() helper
2010-05-01 14:14 [PATCH v21 00/100] Kernel based checkpoint/restart Oren Laadan
` (93 preceding siblings ...)
2010-05-01 14:16 ` [PATCH v21 094/100] c/r: Basic support for network namespaces and devices (v6) Oren Laadan
@ 2010-05-01 14:16 ` Oren Laadan
2010-05-01 14:16 ` [PATCH v21 096/100] c/r: Add checkpoint support for veth devices (v2) Oren Laadan
` (6 subsequent siblings)
101 siblings, 0 replies; 137+ messages in thread
From: Oren Laadan @ 2010-05-01 14:16 UTC (permalink / raw)
To: Andrew Morton
Cc: containers, linux-kernel, Serge Hallyn, Matt Helsley,
Pavel Emelyanov, Dan Smith, netdev
From: Dan Smith <danms@us.ibm.com>
This is the kernel equivalent of "ip link del $name" and matches the
existing rtnl_newlink() equivalent of "ip link add $name". It factors
out the message creation and dispatch code a little further into
rtnl_do() before adding the new function.
Cc: netdev@vger.kernel.org
Signed-off-by: Dan Smith <danms@us.ibm.com>
---
net/checkpoint_dev.c | 86 +++++++++++++++++++++++++++++++++++++++++--------
1 files changed, 72 insertions(+), 14 deletions(-)
diff --git a/net/checkpoint_dev.c b/net/checkpoint_dev.c
index 34a6bdb..5097011 100644
--- a/net/checkpoint_dev.c
+++ b/net/checkpoint_dev.c
@@ -475,22 +475,49 @@ static struct sk_buff *new_link_msg(new_link_fn fn, void *data, char *name)
return skb;
}
-static struct net_device *rtnl_newlink(new_link_fn fn, void *data, char *name)
+static struct sk_buff *del_link_msg(char *name)
+{
+ int ret = -ENOMEM;
+ int flags = NLM_F_REQUEST | NLM_F_CREATE | NLM_F_ACK;
+ struct nlmsghdr *nlh;
+ struct sk_buff *skb;
+ struct ifinfomsg *ifm;
+
+ skb = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
+ if (!skb)
+ return ERR_PTR(-ENOMEM);
+
+ nlh = nlmsg_put(skb, 0, 0, RTM_DELLINK, sizeof(*ifm), flags);
+ if (!nlh)
+ goto out;
+
+ ifm = nlmsg_data(nlh);
+ memset(ifm, 0, sizeof(*ifm));
+
+ ret = nla_put_string(skb, IFLA_IFNAME, name);
+ if (ret)
+ goto out;
+
+ nlmsg_end(skb, nlh);
+
+ out:
+ if (ret < 0) {
+ kfree_skb(skb);
+ skb = ERR_PTR(ret);
+ }
+
+ return skb;
+}
+
+static int rtnl_do(struct sk_buff *skb)
{
int ret = -ENOMEM;
struct socket *rtnl = NULL;
- struct sk_buff *skb = NULL;
+ struct sk_buff *rskb = NULL;
struct nlmsghdr *nlh;
struct msghdr msg;
struct kvec kvec;
- skb = new_link_msg(fn, data, name);
- if (IS_ERR(skb)) {
- ckpt_debug("failed to create new link message: %li\n",
- PTR_ERR(skb));
- return ERR_PTR(PTR_ERR(skb));
- }
-
memset(&msg, 0, sizeof(msg));
kvec.iov_len = skb->len;
kvec.iov_base = skb->head;
@@ -510,25 +537,56 @@ static struct net_device *rtnl_newlink(new_link_fn fn, void *data, char *name)
goto out;
}
- /* Free the send skb to make room for the receive skb */
- kfree_skb(skb);
-
- nlh = rtnl_get_response(rtnl, &skb);
+ nlh = rtnl_get_response(rtnl, &rskb);
if (IS_ERR(nlh)) {
ret = PTR_ERR(nlh);
ckpt_debug("RTNETLINK said: %i\n", ret);
}
out:
rtnl_close(rtnl);
+ kfree_skb(rskb);
out_noclose:
- kfree_skb(skb);
+ return ret;
+}
+static struct net_device *rtnl_newlink(new_link_fn fn, void *data, char *name)
+{
+ struct sk_buff *skb;
+ int ret;
+
+ skb = new_link_msg(fn, data, name);
+ if (IS_ERR(skb)) {
+ ckpt_debug("failed to create new link message: %li\n",
+ PTR_ERR(skb));
+ return ERR_PTR(PTR_ERR(skb));
+ }
+
+ ret = rtnl_do(skb);
+ kfree_skb(skb);
if (ret < 0)
return ERR_PTR(ret);
else
return dev_get_by_name(current->nsproxy->net_ns, name);
}
+static int rtnl_dellink(char *name)
+{
+ struct sk_buff *skb;
+ int ret;
+
+ skb = del_link_msg(name);
+ if (IS_ERR(skb)) {
+ ckpt_debug("failed to create del link message: %li\n",
+ PTR_ERR(skb));
+ return PTR_ERR(skb);
+ }
+
+ ret = rtnl_do(skb);
+ kfree_skb(skb);
+
+ return ret;
+}
+
static int netdev_noop(void *data)
{
return 0;
--
1.6.3.3
^ permalink raw reply related [flat|nested] 137+ messages in thread* [PATCH v21 096/100] c/r: Add checkpoint support for veth devices (v2)
2010-05-01 14:14 [PATCH v21 00/100] Kernel based checkpoint/restart Oren Laadan
` (94 preceding siblings ...)
2010-05-01 14:16 ` [PATCH v21 095/100] c/r: Add rtnl_dellink() helper Oren Laadan
@ 2010-05-01 14:16 ` Oren Laadan
2010-05-01 14:16 ` [PATCH v21 097/100] c/r: Add loopback checkpoint support (v2) Oren Laadan
` (5 subsequent siblings)
101 siblings, 0 replies; 137+ messages in thread
From: Oren Laadan @ 2010-05-01 14:16 UTC (permalink / raw)
To: Andrew Morton
Cc: containers, linux-kernel, Serge Hallyn, Matt Helsley,
Pavel Emelyanov, Dan Smith, netdev
From: Dan Smith <danms@us.ibm.com>
Adds an ndo_checkpoint() handler for veth devices to checkpoint themselves.
Writes out the pairing information, addresses, and initiates a checkpoint
on the peer if the peer won't be reached from another netns. Throws an
error of our peer's netns isn't already in the hash (i.e., a tree leak).
Changelog[v21]
- Unbreak compiling with CONFIG_CHECKPOINT=n or CONFIG_NET_NS=n
- Clean up the error path in restore_veth()
Changes in v2:
- Fix check detecting if peer is in the init netns
Cc: netdev@vger.kernel.org
Signed-off-by: Dan Smith <danms@us.ibm.com>
Acked-by: David S. Miller <davem@davemloft.net>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Acked-by: Oren Laadan <orenl@cs.columbia.edu>
---
drivers/net/veth.c | 76 +++++++++++++++++++++++++++++++++++++++++++
net/checkpoint_dev.c | 87 +++++++++++++++++--------------------------------
2 files changed, 106 insertions(+), 57 deletions(-)
diff --git a/drivers/net/veth.c b/drivers/net/veth.c
index f9f0730..d76b5e0 100644
--- a/drivers/net/veth.c
+++ b/drivers/net/veth.c
@@ -285,6 +285,79 @@ static void veth_dev_free(struct net_device *dev)
free_netdev(dev);
}
+#ifdef CONFIG_NETNS_CHECKPOINT
+#include <linux/checkpoint.h>
+#include <linux/checkpoint_hdr.h>
+
+static int veth_checkpoint(struct ckpt_ctx *ctx, struct net_device *dev)
+{
+ struct ckpt_hdr_netdev *h;
+ struct veth_priv *priv = netdev_priv(dev);
+ struct net_device *peer = priv->peer;
+ struct ckpt_netdev_addr *addrs;
+ int ret;
+ int n;
+
+ if (!peer) {
+ ckpt_err(ctx, -EINVAL, "veth device has no peer!\n");
+ return -EINVAL;
+ }
+
+ h = ckpt_netdev_base(ctx, dev, &addrs);
+ if (IS_ERR(h))
+ return PTR_ERR(h);
+
+ h->type = CKPT_NETDEV_VETH;
+
+ ret = h->veth.this_ref = ckpt_obj_lookup_add(ctx, dev,
+ CKPT_OBJ_NETDEV, &n);
+ if (ret < 0)
+ goto out;
+
+ ret = h->veth.peer_ref = ckpt_obj_lookup_add(ctx, peer,
+ CKPT_OBJ_NETDEV, &n);
+ if (ret < 0)
+ goto out;
+
+ ret = ckpt_write_obj(ctx, (struct ckpt_hdr *)h);
+ if (ret < 0)
+ goto out;
+
+ ret = ckpt_write_buffer(ctx, dev->name, IFNAMSIZ);
+ if (ret < 0)
+ goto out;
+
+ ret = ckpt_write_buffer(ctx, peer->name, IFNAMSIZ);
+ if (ret < 0)
+ goto out;
+
+ if (h->inet_addrs > 0) {
+ int len = (sizeof(struct ckpt_netdev_addr) * h->inet_addrs);
+ ret = ckpt_write_buffer(ctx, addrs, len);
+ if (ret)
+ goto out;
+ }
+
+ /* Only checkpoint peer if we're not going to arrive at it
+ * via another task's netns. Fail if the pipe exits
+ * our container to a netns not already in the hash
+ */
+ if (ckpt_netdev_in_init_netns(ctx, peer))
+ ret = checkpoint_obj(ctx, peer, CKPT_OBJ_NETDEV);
+ else if (!ckpt_obj_lookup(ctx, peer->nd_net, CKPT_OBJ_NET_NS)) {
+ ret = -EINVAL;
+ ckpt_err(ctx, ret,
+ "Peer %s of %s not in checkpointed namespaces\n",
+ peer->name, dev->name);
+ }
+ out:
+ ckpt_hdr_put(ctx, h);
+ kfree(addrs);
+
+ return ret;
+}
+#endif
+
static const struct net_device_ops veth_netdev_ops = {
.ndo_init = veth_dev_init,
.ndo_open = veth_open,
@@ -293,6 +366,9 @@ static const struct net_device_ops veth_netdev_ops = {
.ndo_change_mtu = veth_change_mtu,
.ndo_get_stats = veth_get_stats,
.ndo_set_mac_address = eth_mac_addr,
+#ifdef CONFIG_NETNS_CHECKPOINT
+ .ndo_checkpoint = veth_checkpoint,
+#endif
};
static void veth_setup(struct net_device *dev)
diff --git a/net/checkpoint_dev.c b/net/checkpoint_dev.c
index 5097011..a8e3341 100644
--- a/net/checkpoint_dev.c
+++ b/net/checkpoint_dev.c
@@ -20,11 +20,6 @@
#include <net/net_namespace.h>
#include <net/sch_generic.h>
-struct dq_netdev {
- struct net_device *dev;
- struct ckpt_ctx *ctx;
-};
-
struct veth_newlink {
char *peer;
};
@@ -587,25 +582,6 @@ static int rtnl_dellink(char *name)
return ret;
}
-static int netdev_noop(void *data)
-{
- return 0;
-}
-
-static int netdev_cleanup(void *data)
-{
- struct dq_netdev *dq = data;
-
- dev_put(dq->dev);
-
- if (dq->ctx->errno) {
- ckpt_debug("Unregistering netdev %s\n", dq->dev->name);
- unregister_netdev(dq->dev);
- }
-
- return 0;
-}
-
static struct net_device *restore_veth(struct ckpt_ctx *ctx,
struct ckpt_hdr_netdev *h,
struct net *net)
@@ -616,9 +592,6 @@ static struct net_device *restore_veth(struct ckpt_ctx *ctx,
struct net_device *dev;
struct net_device *peer;
struct ifreq req;
- struct dq_netdev dq;
-
- dq.ctx = ctx;
ret = _ckpt_read_buffer(ctx, this_name, IFNAMSIZ);
if (ret < 0)
@@ -640,37 +613,31 @@ static struct net_device *restore_veth(struct ckpt_ctx *ctx,
if (IS_ERR(dev))
return dev;
+ ret = ckpt_obj_insert(ctx, dev, h->veth.this_ref,
+ CKPT_OBJ_NETDEV);
+ dev_put(dev);
+ if (ret < 0)
+ goto err;
+
peer = dev_get_by_name(current->nsproxy->net_ns, peer_name);
if (!peer) {
ret = -EINVAL;
- goto err_dev;
+ goto err;
}
- dq.dev = peer;
- ret = deferqueue_add(ctx->deferqueue, &dq, sizeof(dq),
- netdev_noop, netdev_cleanup);
- if (ret)
- goto err_peer;
-
ret = ckpt_obj_insert(ctx, peer, h->veth.peer_ref,
CKPT_OBJ_NETDEV);
- if (ret < 0)
- /* Can't recall peer dq, so let it cleanup peer */
- goto err_dev;
dev_put(peer);
-
- dq.dev = dev;
- ret = deferqueue_add(ctx->deferqueue, &dq, sizeof(dq),
- netdev_noop, netdev_cleanup);
- if (ret)
- /* Can't recall peer dq, so let it cleanup peer */
- goto err_dev;
+ if (ret < 0)
+ goto err;
} else {
/* We're second: get our dev from the hash */
dev = ckpt_obj_fetch(ctx, h->veth.this_ref, CKPT_OBJ_NETDEV);
- if (IS_ERR(dev))
- return dev;
+ if (IS_ERR(dev)) {
+ ret = PTR_ERR(dev);
+ goto err;
+ }
}
/* Move to our new netns */
@@ -678,25 +645,31 @@ static struct net_device *restore_veth(struct ckpt_ctx *ctx,
ret = dev_change_net_namespace(dev, net, dev->name);
rtnl_unlock();
if (ret < 0)
- goto out;
+ goto err;
/* Restore MAC address */
memcpy(req.ifr_name, dev->name, IFNAMSIZ);
memcpy(req.ifr_hwaddr.sa_data, h->hwaddr, sizeof(h->hwaddr));
req.ifr_hwaddr.sa_family = ARPHRD_ETHER;
ret = __kern_dev_ioctl(net, SIOCSIFHWADDR, &req);
- out:
- if (ret)
- dev = ERR_PTR(ret);
+ if (ret < 0)
+ goto err;
return dev;
-
- err_peer:
- dev_put(peer);
- unregister_netdev(peer);
- err_dev:
- dev_put(dev);
- unregister_netdev(dev);
+ err:
+ /* Delete from hash to drop reference */
+ ckpt_obj_delete(ctx, h->veth.this_ref, CKPT_OBJ_NETDEV);
+ ckpt_obj_delete(ctx, h->veth.peer_ref, CKPT_OBJ_NETDEV);
+
+ /* This will fail to delete the interface if we get here
+ * because of a failed attempt at setting the hardware
+ * address, since the device has been moved to another netns.
+ * This is not a problem, however, because the death of that
+ * netns will take the device (and its peer) down with it
+ * cleanly.
+ */
+ if (rtnl_dellink(this_name) < 0)
+ ckpt_debug("failed to delete interfaces on error\n");
return ERR_PTR(ret);
}
--
1.6.3.3
^ permalink raw reply related [flat|nested] 137+ messages in thread* [PATCH v21 097/100] c/r: Add loopback checkpoint support (v2)
2010-05-01 14:14 [PATCH v21 00/100] Kernel based checkpoint/restart Oren Laadan
` (95 preceding siblings ...)
2010-05-01 14:16 ` [PATCH v21 096/100] c/r: Add checkpoint support for veth devices (v2) Oren Laadan
@ 2010-05-01 14:16 ` Oren Laadan
2010-05-01 14:16 ` [PATCH v21 098/100] c/r: Add a checkpoint handler to the 'sit' device Oren Laadan
` (4 subsequent siblings)
101 siblings, 0 replies; 137+ messages in thread
From: Oren Laadan @ 2010-05-01 14:16 UTC (permalink / raw)
To: Andrew Morton
Cc: containers, linux-kernel, Serge Hallyn, Matt Helsley,
Pavel Emelyanov, Dan Smith, netdev
From: Dan Smith <danms@us.ibm.com>
Adds a small ndo_checkpoint() handler for loopback devices to write the
name and addresses like other interfaces.
Changelog[v21]:
- Unbreak compiling with CONFIG_CHECKPOINT=n or CONFIG_NET_NS=n
Changes in v2:
- Add CONFIG_CHECKPOINT around the handler
Cc: netdev@vger.kernel.org
Signed-off-by: Dan Smith <danms@us.ibm.com>
Acked-by: David S. Miller <davem@davemloft.net>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Acked-by: Oren Laadan <orenl@cs.columbia.edu>
---
drivers/net/loopback.c | 45 ++++++++++++++++++++++++++++++++++++++++++---
1 files changed, 42 insertions(+), 3 deletions(-)
diff --git a/drivers/net/loopback.c b/drivers/net/loopback.c
index 72b7949..9a958a8 100644
--- a/drivers/net/loopback.c
+++ b/drivers/net/loopback.c
@@ -155,10 +155,49 @@ static void loopback_dev_free(struct net_device *dev)
free_netdev(dev);
}
+#ifdef CONFIG_NETNS_CHECKPOINT
+#include <linux/checkpoint.h>
+#include <linux/checkpoint_hdr.h>
+
+static int loopback_checkpoint(struct ckpt_ctx *ctx, struct net_device *dev)
+{
+ struct ckpt_hdr_netdev *h;
+ struct ckpt_netdev_addr *addrs;
+ int ret;
+
+ h = ckpt_netdev_base(ctx, dev, &addrs);
+ if (IS_ERR(h))
+ return PTR_ERR(h);
+
+ h->type = CKPT_NETDEV_LO;
+
+ ret = ckpt_write_obj(ctx, (struct ckpt_hdr *)h);
+ if (ret < 0)
+ goto out;
+
+ ret = ckpt_write_buffer(ctx, dev->name, IFNAMSIZ);
+ if (ret < 0)
+ goto out;
+
+ if (h->inet_addrs > 0) {
+ int len = (sizeof(struct ckpt_netdev_addr) * h->inet_addrs);
+ ret = ckpt_write_buffer(ctx, addrs, len);
+ }
+
+ out:
+ ckpt_hdr_put(ctx, h);
+ kfree(addrs);
+
+ return ret;
+}
+#endif
static const struct net_device_ops loopback_ops = {
- .ndo_init = loopback_dev_init,
- .ndo_start_xmit= loopback_xmit,
- .ndo_get_stats = loopback_get_stats,
+ .ndo_init = loopback_dev_init,
+ .ndo_start_xmit = loopback_xmit,
+ .ndo_get_stats = loopback_get_stats,
+#ifdef CONFIG_NETNS_CHECKPOINT
+ .ndo_checkpoint = loopback_checkpoint,
+#endif
};
/*
--
1.6.3.3
^ permalink raw reply related [flat|nested] 137+ messages in thread* [PATCH v21 098/100] c/r: Add a checkpoint handler to the 'sit' device
2010-05-01 14:14 [PATCH v21 00/100] Kernel based checkpoint/restart Oren Laadan
` (96 preceding siblings ...)
2010-05-01 14:16 ` [PATCH v21 097/100] c/r: Add loopback checkpoint support (v2) Oren Laadan
@ 2010-05-01 14:16 ` Oren Laadan
2010-05-01 14:16 ` [PATCH v21 099/100] c/r: Add checkpoint support to macvlan driver Oren Laadan
` (3 subsequent siblings)
101 siblings, 0 replies; 137+ messages in thread
From: Oren Laadan @ 2010-05-01 14:16 UTC (permalink / raw)
To: Andrew Morton
Cc: containers, linux-kernel, Serge Hallyn, Matt Helsley,
Pavel Emelyanov, Dan Smith, netdev
From: Dan Smith <danms@us.ibm.com>
This handler doesn't really do much to checkpoint the device, other
than the minimum required to support the restart process. When we
add IPv6 support to this, then we can fill this out.
This allows us to avoid skipping unsupported interfaces on a normal
system.
Changelog[v21]:
- Do not include checkpoint_hdr.h explicitly
- Unbreak compiling with CONFIG_CHECKPOINT=n or CONFIG_NET_NS=n
Cc: netdev@vger.kernel.org
Signed-off-by: Dan Smith <danms@us.ibm.com>
Acked-by: David S. Miller <davem@davemloft.net>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Acked-by: Oren Laadan <orenl@cs.columbia.edu>
---
net/ipv6/sit.c | 34 ++++++++++++++++++++++++++++++++++
1 files changed, 34 insertions(+), 0 deletions(-)
diff --git a/net/ipv6/sit.c b/net/ipv6/sit.c
index 5abae10..5ecbe56 100644
--- a/net/ipv6/sit.c
+++ b/net/ipv6/sit.c
@@ -1084,11 +1084,45 @@ static int ipip6_tunnel_change_mtu(struct net_device *dev, int new_mtu)
return 0;
}
+#include <linux/checkpoint.h>
+
+#ifdef CONFIG_NETNS_CHECKPOINT
+static int ipip6_checkpoint(struct ckpt_ctx *ctx, struct net_device *dev)
+{
+ struct ckpt_hdr_netdev *h;
+ struct ckpt_netdev_addr *addrs;
+ int ret;
+
+ h = ckpt_netdev_base(ctx, dev, &addrs);
+ if (IS_ERR(h))
+ return PTR_ERR(h);
+
+ h->type = CKPT_NETDEV_SIT;
+
+ ret = ckpt_write_obj(ctx, (struct ckpt_hdr *) h);
+ if (ret < 0)
+ goto out;
+
+ if (h->inet_addrs > 0) {
+ int len = (sizeof(struct ckpt_netdev_addr) * h->inet_addrs);
+ ret = ckpt_write_buffer(ctx, addrs, len);
+ }
+ out:
+ ckpt_hdr_put(ctx, h);
+ kfree(addrs);
+
+ return ret;
+}
+#endif
+
static const struct net_device_ops ipip6_netdev_ops = {
.ndo_uninit = ipip6_tunnel_uninit,
.ndo_start_xmit = ipip6_tunnel_xmit,
.ndo_do_ioctl = ipip6_tunnel_ioctl,
.ndo_change_mtu = ipip6_tunnel_change_mtu,
+#ifdef CONFIG_NETNS_CHECKPOINT
+ .ndo_checkpoint = ipip6_checkpoint,
+#endif
};
static void ipip6_tunnel_setup(struct net_device *dev)
--
1.6.3.3
^ permalink raw reply related [flat|nested] 137+ messages in thread* [PATCH v21 099/100] c/r: Add checkpoint support to macvlan driver
2010-05-01 14:14 [PATCH v21 00/100] Kernel based checkpoint/restart Oren Laadan
` (97 preceding siblings ...)
2010-05-01 14:16 ` [PATCH v21 098/100] c/r: Add a checkpoint handler to the 'sit' device Oren Laadan
@ 2010-05-01 14:16 ` Oren Laadan
2010-05-01 14:16 ` [PATCH v21 100/100] c/r: add an entry for checkpoint/restart in MAINTAINERS Oren Laadan
` (2 subsequent siblings)
101 siblings, 0 replies; 137+ messages in thread
From: Oren Laadan @ 2010-05-01 14:16 UTC (permalink / raw)
To: Andrew Morton
Cc: containers, linux-kernel, Serge Hallyn, Matt Helsley,
Pavel Emelyanov, Dan Smith, netdev
From: Dan Smith <danms@us.ibm.com>
Changelog[v21]:
- Do not include checkpoint_hdr.h explicitly
- Unbreak compiling with CONFIG_CHECKPOINT=n or CONFIG_NET_NS=n
Cc: netdev@vger.kernel.org
Signed-off-by: Dan Smith <danms@us.ibm.com>
Acked-by: David S. Miller <davem@davemloft.net>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Acked-by: Oren Laadan <oreln@cs.columbia.edu>
---
drivers/net/macvlan.c | 48 ++++++++++++++++++++++++++++++++++++++++++++++++
1 files changed, 48 insertions(+), 0 deletions(-)
diff --git a/drivers/net/macvlan.c b/drivers/net/macvlan.c
index 40faa36..360828e 100644
--- a/drivers/net/macvlan.c
+++ b/drivers/net/macvlan.c
@@ -455,6 +455,51 @@ static struct net_device_stats *macvlan_dev_get_stats(struct net_device *dev)
return stats;
}
+#include <linux/checkpoint.h>
+
+#ifdef CONFIG_NETNS_CHECKPOINT
+static int macvlan_checkpoint(struct ckpt_ctx *ctx, struct net_device *dev)
+{
+ struct macvlan_dev *vlan = netdev_priv(dev);
+ struct ckpt_hdr_netdev *h;
+ struct ckpt_netdev_addr *addrs;
+ int ret;
+
+ ckpt_debug("Checkpointing macvlan %s:%s\n",
+ dev->name, vlan->lowerdev->name);
+
+ h = ckpt_netdev_base(ctx, dev, &addrs);
+ if (IS_ERR(h))
+ return PTR_ERR(h);
+
+ h->type = CKPT_NETDEV_MACVLAN;
+
+ h->macvlan.mode = vlan->mode;
+
+ ret = ckpt_write_obj(ctx, (struct ckpt_hdr *)h);
+ if (ret < 0)
+ goto out;
+
+ ret = ckpt_write_buffer(ctx, dev->name, IFNAMSIZ);
+ if (ret < 0)
+ goto out;
+
+ ret = ckpt_write_buffer(ctx, vlan->lowerdev->name, IFNAMSIZ);
+ if (ret < 0)
+ goto out;
+
+ if (h->inet_addrs > 0) {
+ int len = (sizeof(struct ckpt_netdev_addr) * h->inet_addrs);
+ ret = ckpt_write_buffer(ctx, addrs, len);
+ }
+ out:
+ ckpt_hdr_put(ctx, h);
+ kfree(addrs);
+
+ return ret;
+}
+#endif
+
static void macvlan_ethtool_get_drvinfo(struct net_device *dev,
struct ethtool_drvinfo *drvinfo)
{
@@ -501,6 +546,9 @@ static const struct net_device_ops macvlan_netdev_ops = {
.ndo_set_multicast_list = macvlan_set_multicast_list,
.ndo_get_stats = macvlan_dev_get_stats,
.ndo_validate_addr = eth_validate_addr,
+#ifdef CONFIG_NETNS_CHECKPOINT
+ .ndo_checkpoint = macvlan_checkpoint,
+#endif
};
static void macvlan_setup(struct net_device *dev)
--
1.6.3.3
^ permalink raw reply related [flat|nested] 137+ messages in thread* [PATCH v21 100/100] c/r: add an entry for checkpoint/restart in MAINTAINERS
2010-05-01 14:14 [PATCH v21 00/100] Kernel based checkpoint/restart Oren Laadan
` (98 preceding siblings ...)
2010-05-01 14:16 ` [PATCH v21 099/100] c/r: Add checkpoint support to macvlan driver Oren Laadan
@ 2010-05-01 14:16 ` Oren Laadan
2010-05-01 15:17 ` [PATCH v21 00/100] Kernel based checkpoint/restart Oren Laadan
2010-05-04 14:43 ` [PATCH v21 001/100] eclone (1/11): Factor out code to allocate pidmap page David Howells
101 siblings, 0 replies; 137+ messages in thread
From: Oren Laadan @ 2010-05-01 14:16 UTC (permalink / raw)
To: Andrew Morton
Cc: containers, linux-kernel, Serge Hallyn, Matt Helsley,
Pavel Emelyanov, Oren Laadan
Signed-off-by: Oren Laadan <orenl@cs.columbia.edu>
---
MAINTAINERS | 12 ++++++++++++
1 files changed, 12 insertions(+), 0 deletions(-)
diff --git a/MAINTAINERS b/MAINTAINERS
index a0e3c3a..e4494d2 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -1501,6 +1501,18 @@ M: Andy Whitcroft <apw@canonical.com>
S: Supported
F: scripts/checkpatch.pl
+CHECKPOINT-RESTART
+M: Oren Laadan <orenl@cs.columbia.edu>
+M: Serge E. Hallyn <serue@us.ibm.com>
+L: containers@lists.linux-foundation.org
+W: http://ckpt.wiki.kernel.org/index.php/Main_Page
+S: Maintained
+F: *checkpoint*
+K: checkpoint
+K: restore
+K: ckpt
+K: c/r
+
CISCO 10G ETHERNET DRIVER
M: Scott Feldman <scofeldm@cisco.com>
M: Joe Eykholt <jeykholt@cisco.com>
--
1.6.3.3
^ permalink raw reply related [flat|nested] 137+ messages in thread* Re: [PATCH v21 00/100] Kernel based checkpoint/restart
2010-05-01 14:14 [PATCH v21 00/100] Kernel based checkpoint/restart Oren Laadan
` (99 preceding siblings ...)
2010-05-01 14:16 ` [PATCH v21 100/100] c/r: add an entry for checkpoint/restart in MAINTAINERS Oren Laadan
@ 2010-05-01 15:17 ` Oren Laadan
2010-05-04 14:43 ` [PATCH v21 001/100] eclone (1/11): Factor out code to allocate pidmap page David Howells
101 siblings, 0 replies; 137+ messages in thread
From: Oren Laadan @ 2010-05-01 15:17 UTC (permalink / raw)
To: Andrew Morton
Cc: containers, linux-kernel, Serge Hallyn, Matt Helsley,
Pavel Emelyanov
Forgot to mention - based on 2.6.34-rc5.
Oren.
Oren Laadan wrote:
> Hi Andrew,
>
> Here is the next version of the checkpoint/restart patchset. This
> version moves portions of checkpoint code closer to where they belong.
>
> As a convenience we've collected a rough table of contents showing
> places to start for some reviewers with limited time and/or scope
> (see below).
>
> Thanks to Jamie, Nick, Andreas, and all who helped review the last few
> versions, and thanks in advance for comments on this version.
>
> We'll be very grateful if this can get a spin in -mm to get some wider
> testing in the meantime.
>
> Thanks,
>
> The Checkpoint/Restart developers.
>
> ---
>
> Linux Checkpoint-Restart:
> web, wiki: http://www.linux-cr.org
> bug track: https://www.linux-cr.org/redmine
>
> The repositories for the project are in:
> kernel: http://www.linux-cr.org/git/?p=linux-cr.git;a=summary
> user tools: http://www.linux-cr.org/git/?p=user-cr.git;a=summary
> tests suite: http://www.linux-cr.org/git/?p=tests-cr.git;a=summary
>
> ---
>
> TABLE OF CONTENTS
>
> Patches Area/Role
> -------------------------------------------------------------------------
> 11,20 Documentation (eclone, c/r)
> 8-11,21,22,27,28 Syscall gluey bits
>
> 12 Arch Maintainers
> 8,22-24 x86-32/64
> 9,58,60 s390
> 10,84-88 powerpc
>
> 14,61-63,69,70, Security
> 71,89-92,
>
> 33,34,35 Generic c/r
> (shared "object" hash, leak detection, deferqueues)
>
> 25,27-31 Processes
> 5-7 fork (eclone)
> 39-41,45,46 memory
> 13,18,51,52,54, namespaces
> 81-83,94
> 53-57 ipc
> 64-67 signals
> 1-4,70,83 pids, pgids, tids, tgids (eclone or pidns)
> 14,61,62,69 creds, capabilities, uids, gids
> 71 sockets
> 76-78 terminals (specifically pty)
> 27,28,32 futexes (27,28 relate to futex syscalls restart)
>
> 39-41,45,46,55 mm (basically process memory)
>
> 15-17 Cgroups
>
> 71-75,93-99 Networking
>
> 19,36-38,42-44, Filesystems (also pseudo-filesystems, anon_inodes)
> 47-50,63,76-77,
> 79-82
>
> Some patches show up in multiple places because they are functionally
> related even though they cross Area/Role boundaries. While we've done our
> best to make the table above comprehensive, it's entirely conceivable that
> we've neglected a small piece of a largely unrelated patch. Please feel
> free to point these out to Matt Helsley <matthltc@us.ibm.com> since he's
> largely responsible for this table.
>
> ---
>
> CHANGELOG:
>
> [2010-Apr-30] v21
> - Add relevant maintainers/lists as Cc: in patch descriptions
> - Reorganize code: move checkpoint/* to kernel/checkpoint/*
> - Reorganize filesystem code into fs/*
> - Merge files dump/restore into a single patch
> - Merge mm dump/restore into a single patch
> - Move utsns c/r code from checkpoint/namespace.c to kernel/utsname*.c
> - [Matt Helsley] Move the signal c/r changes to kernel/signal.c
> - Move userns c/r code from to kernel/{user,cred,user_namespace}.c
> - Assorted fixes to bisectability of patchset
> - Do not include checkpoint_hdr.h explicitly
> - Subsystems/modules register shared objects types for c/r
> - [Serge Hallyn] CONFIG_SECURITY_FILE_CAPABILITIES has been gone awhile
> - [Dan Smith] Unbreak compiling with CONFIG_CHECKPOINT=n or CONFIG_NET_NS=n
> - [Dan Smith] Clean up the error path in restore_veth()
> - [Dan Smith] Fix acquiring socket lock before reading RTNETLINK response
> - [Dan Smith] Skip down interfaces (v2)
> - [Dan Smith] Export net checkpoint fns
> - [Dan Smith] Add CHECKPOINT_NETNS flag
> - [Dan Smith] Netdev restore function dispatching from a table
> - [Dan Smith] Comment on controverial determination of "initial netns"
> - [Dan Smith] Simplify the E2BIG error handling in netdev c/r
> - [Dan Smith] Remove a redundant check for checkpoint support per-device
> - [Nathan Lynch] powerpc: fix build break with CONFIG_CHECKPOINT=n
> - [Matt Helsley] Eventfd: add missing spin locks around eventfd checkpoint
> - [Matt Helsley] Put file_ops->checkpoint under CONFIG_CHECKPOINT
> - [Dan Smith] Fix build when CONFIG_INET=n
> - [Dan Smith] Disable softirqs when taking the socket queue lock
> - Replace __initcall() with late_initcall()
> - [Serge Hallyn] Remove [] following individual ops definitions.
> - [Serge Hallyn] Fix compilation for when CONFIG_USER_NS=y
> - [Serge Hallyn] handle CONFIG_{SYSVIPC,SYSVIPC,POSIX_MQUEUE}=n
> - [Serge Hallyn] Remove namespace.o from kernel/checkpoint/Makefile
> - [Stanislav O. Bezzubtsev] Fix omitted parameter name error
> - Put file_ops->checkpoint under CONFIG_CHECKPOINT
> - [Serge] Print out full path of file which crossed mnt_ns
> - Update Documentation/filesystem/vfs.txt
> - Restore_obj() to tolerate a preexisting object in the hash
> - Add ckpt_obj_del() to objhash for handling error conditions
> - [Serge Hallyn] Replace BUG_ON() in obj_new with error returns
> - [Matt Helsley] Move CKPT_CTX_ERROR* definitions to first use.
> - [Nathan Lynch] x86: use task_user_gs to checkpoint gs
> - Complain if checkpoint_hdr.h included without CONFIG_CHECKPOINT
> - Introduce kernel_write(), fix kernel_read()
> - Consolidate ckpt_read/write with kernel_read/write
> - [Christoffer Dall] Fix trivial bug in ckpt_msg macro
> - [Serge Hallyn] user/group: address dhowells feedback
>
> [2010-Mar-16] v20
> BUG FIXES (only)
> - [Serge Hallyn] Fix unlabeled restore case
> - [Serge Hallyn] Always restore msg_msg label
> - [Serge Hallyn] Selinux prevents msgrcv on restore message queues?
> - [Serge Hallyn] save_access_regs for self-checkpoint
> - [Serge Hallyn] send uses_interp=1 to arch_setup_additional_pages
> - Fix "scheduling in atomic" while restoring ipc (sem, shm, msg)
> - Cleanup: no need to restore perm->{id,key,seq}
> - Fix sysvipc=n compile
> - Make uts_ns=n compile
> - Only use arch_setup_additional_pages() if supported by arch
> - Export key symbols to enable c/r from kernel modules
> - Avoid crash if incoming object doesn't have .restore
> - Replace error_sem with an event completion
> - [Serge Hallyn] Change sysctl and default for unprivileged use
> - [Nathan Lynch] Use syscall_get_error
> - Add entry for checkpoint/restart in MAINTAINERS
>
> [2010-Feb-19] v19
> NEW FEATURES
> - Support for x86-64 architecture
> - Support for c/r of LSM (smack, selinux)
> - Support for c/r of task fs_root and pwd
> - Support for c/r of epoll
> - Support for c/r of eventfd
> - Enable C/R while executing over NFS
> - Preliminary c/r of mounts namespace
> - Add @logfd argument to sys_{checkpoint,restart} prototypes
> - Define new api for error and debug logging
> - Restart to handle checkpoint images lacking {uts,ipc}-ns
> - Refuse to checkpoint if monitoring directories with dnotify
> - Refuse to checkpoint if file locks and leases are held
> - Refuse to checkpoint files with f_owner
> OTHER CHANGES
> - Rebase to kernel 2.6.33-rc8
> - Settled version of new sys_eclone()
> - [Serge Hallyn] Fix potential use-before-set return (vdso)
> - Update documentation and examples for new syscalls API (doc)
> - [Liu Alexander] Fix typos (doc)
> - [Serge Hallyn] Update checkpoint image format (doc)
> - [Serge Hallyn] Use ckpt_err() to for bad header values
> - sys_{checkpoint,restart} to use ptregs prototype
> - Set ctx->errno in do_ckpt_msg() if needed
> - Fix up headers so we can munge them for use by userspace
> - Multiple fixes to _ckpt_write_err() and friends
> - [Matt Helsley] Add cpp definitions for enums
> - [Serge Hallyn] Add global section container to image format
> - [Matt Helsley] Fix total byte read/write count for large images
> - ckpt_read_buf_type() to accept max payload (excludes ckpt_hdr)
> - [Serge Hallyn] Use ckpt_err() for arch incompatbilities
> - Introduce walk_task_subtree() to iterate through descendants
> - Call restore_notify_error for restart (not checkpoint !)
> - Make kread/kwrite() abort if CKPT_CTX_ERROR is set
> - [Serge Hallyn] Move init_completion(&ctx->complete) to ctx_alloc
> - Simplify logic of tracking restarting tasks (->ctx)
> - Coordinator kills descendants on failure for proper cleanup
> - Prepare descendants needs PTRACE_MODE_ATTACH permissions
> - Threads wait for entire thread group before restoring
> - Add debug process-tree status during restart
> - Fix handling of bogus pid arg to sys_restart
> - In reparent_thread() test for PF_RESTARTING on parent
> - Keep __u32s in even groups for 32-64 bit compatibility
> - Define ckpt_obj_try_fetch
> - Disallow zero or negative objref during restart
> - Check for valid destructor before calling it (deferqueue)
> - Fix false negative of test for unlinked files at checkpoint
> - [Serge Hallyn] Rename fs_mnt to root_fs_path
> - Restore thread/cpu state early
> - Ensure null-termination of file names read from image
> - Fix compile warning in restore_open_fname()
> - Introduce FOLL_DIRTY to follow_page() for "dirty" pages
> - [Serge Hallyn] Checkpoint saved_auxv as u64s
> - Export filemap_checkpoint()
> - [Serge Hallyn] Disallow checkpoint of tasks with aio requests
> - Fix compilation failure when !CONFIG_CHEKCPOINT (regression)
> - Expose page write functions
> - Do not hold mmap_sem while checkpointing vma's
> - Do not hold mmap_sem when reading memory pages on restart
> - Move consider_private_page() to mm/memory.c:__get_dirty_page()
> - [Serge Hallyn] move destroy_mm into mmap.c and remove size check
> - [Serge Hallyn] fill vdso (syscall32_setup_pages) for TIF_IA32/x86_64
> - [Serge Hallyn] Fix return value of read_pages_contents()
> - [Serge Hallyn] Change m_type to long, not int (ipc)
> - Don't free sma if it's an error on restore
> - Use task->saves_sigmask and drop task->checkpoint_data
> - [Serge Hallyn] Handle saved_sigmask at checkpoint
> - Defer restore of blocked signals mask during restart
> - Self-restart to tolerate missing PGIDs
> - [Serge Hallyn] skb->tail can be offset
> - Export and leverage sock_alloc_file()
> - [Nathan Lynch] Fix net/checkpoint.c for 64-bit
> - [Dan Smith] Unify skb read/write functions and handle fragmented buffers
> - [Dan Smith] Update buffer restore code to match the new format
> - [Dan Smith] Fix compile issue with CONFIG_CHECKPOINT=n
> - [Dan Smith] Remove an unnecessary check on socket restart
> - [Dan Smith] Pass the stored sock->protocol into sock_create() on restore
> - Relax tcp.window_clamp value in INET restore
> - Restore gso_type fields on sockets and buffers for proper operation
> - Fix broken compilation for no-c/r architectures
> - Return -EBUSY (not BUG_ON) if fd is gone on restart
> - Fix the chunk size instead of auto-tune (epoll)
> ARCH: x86 (32,64)
> - Use PTREGSCALL4 for sys_{checkpoint,restart}
> - Remove debug-reg support (need to redo with perf_events)
> - [Serge Hallyn] Support for ia32 (checkpoint, restart)
> - Split arch/x86/checkpoint.c to generic and 32bit specific parts
> - sys_{checkpoint,restore} to use ptregs
> - Allow X86_EFLAGS_RF on restart
> - [Serge Hallyn] Only allow 'restart' with same bit-ness as image.
> - Move checkpoint.c from arch/x86/mm->arch/x86/kernel
> ARCH: s390 [Serge Hallyn]
> - Define s390x sys_restart wrapper
> - Fixes to restart-blocks logic and signal path
> - Fix checkpoint and restart compat wrappers
> - sys_{checkpoint,restore} to use ptregs
> - Use simpler test_task_thread to test current ti flags
> - Fix 31-bit s390 checkpoint/restart wrappers
> - Update sys_checkpoint (do_sys_checkpoint on all archs)
> - [Oren Laadan] Move checkpoint.c from arch/s390/mm->arch/s390/kernel
> ARCH: powerpc [Nathan Lynch]
> - [Serge Hallyn] Add hook task_has_saved_sigmask()
> - Warn if full register state unavailable
> - Fix up checkpoint syscall, tidy restart
> - [Oren Laadan] Move checkpoint.c from arch/powerpc/{mm->kernel}
>
> [2009-Sep-22] v18
> NEW FEATURES
> - [Nathan Lynch] Re-introduce powerpc support
> - Save/restore pseudo-terminals
> - Save/restore (pty) controlling terminals
> - Save/restore restore PGIDs
> - [Dan Smith] Save/restore unix domain sockets
> - Save/restore FIFOs
> - Save/restore pending signals
> - Save/restore rlimits
> - Save/restore itimers
> - [Matt Helsley] Handle many non-pseudo file-systems
> OTHER CHANGES
> - Rename headerless struct ckpt_hdr_* to struct ckpt_*
> - [Nathan Lynch] discard const from struct cred * where appropriate
> - [Serge Hallyn][s390] Set return value for self-checkpoint
> - Handle kmalloc failure in restore_sem_array()
> - [IPC] Collect files used by shm objects
> - [IPC] Use file (not inode) as shared object on checkpoint of shm
> - More ckpt_write_err()s to give information on checkpoint failure
> - Adjust format of pipe buffer to include the mandatory pre-header
> - [LEAKS] Mark the backing file as visited at chekcpoint
> - Tighten checks on supported vma to checkpoint or restart
> - [Serge Hallyn] Export filemap_checkpoint() (used for ext4)
> - Introduce ckpt_collect_file() that also uses file->collect method
> - Use ckpt_collect_file() instead of ckpt_obj_collect() for files
> - Fix leak-detection issue in collect_mm() (test for first-time obj)
> - Invoke set_close_on_exec() unconditionally on restart
> - [Dan Smith] Export fill_fname() as ckpt_fill_fname()
> - Interface to pass simple pointers as data with deferqueue
> - [Dan Smith] Fix ckpt_obj_lookup_add() leak detection logic
> - Replace EAGAIN with EBUSY where necessary
> - Introduce CKPT_OBJ_VISITED in leak detection
> - ckpt_obj_collect() returns objref for new objects, 0 otherwise
> - Rename ckpt_obj_checkpointed() to ckpt_obj_visited()
> - Introduce ckpt_obj_visit() to mark objects as visited
> - Set the CHECKPOINTED flag on objects before calling checkpoint
> - Introduce ckpt_obj_reserve()
> - Change ref_drop() to accept a @lastref argument (for cleanup)
> - Disallow multiple objects with same objref in restart
> - Allow _ckpt_read_obj_type() to read header only (w/o payload)
> - Fix leak of ckpt_ctx when restoring zombie tasks
> - Fix race of prepare_descendant() with an ongoing fork()
> - Track and report the first error if restart fails
> - Tighten logic to protect against bogus pids in input
> - [Matt Helsley] Improve debug output from ckpt_notify_error()
> - [Nathan Lynch] fix compilation errors with CONFIG_COMPAT=y
> - Detect error-headers in input data on restart, and abort.
> - Standard format for checkpoint error strings (and documentation)
> - [Dan Smith] Add an errno validation function
> - Add ckpt_read_payload(): read a variable-length object (no header)
> - Add ckpt_read_string(): same for strings (ensures null-terminated)
> - Add ckpt_read_consume(): consumes next object without processing
> - [John Dykstra] Fix no-dot-config-targets pattern in linux/Makefile
>
> [2009-Jul-21] v17
> - Introduce syscall clone_with_pids() to restore original pids
> - Support threads and zombies
> - Save/restore task->files
> - Save/restore task->sighand
> - Save/restore futex
> - Save/restore credentials
> - Introduce PF_RESTARTING to skip notifications on task exit
> - restart(2) allow caller to ask to freeze tasks after restart
> - restart(2) isn't idempotent: return -EINTR if interrupted
> - Improve debugging output handling
> - Make multi-process restart logic more robust and complete
> - Correctly select return value for restarting tasks on success
> - Tighten ptrace test for checkpoint to PTRACE_MODE_ATTACH
> - Use CHECKPOINTING state for frozen checkpointed tasks
> - Fix compilation without CONFIG_CHECKPOINT
> - Fix compilation with CONFIG_COMPAT
> - Fix headers includes and exports
> - Leak detection performed in two steps
> - Detect "inverse" leaks of objects (dis)appearing unexpectedly
> - Memory: save/restore mm->{flags,def_flags,saved_auxv}
> - Memory: only collect sub-objects of mm once (leak detection)
> - Files: validate f_mode after restore
> - Namespaces: leak detection for nsproxy sub-components
> - Namespaces: proper restart from namespace(s) without namespace(s)
> - Save global constants in header instead of per-object
> - IPC: replace sys_unshare() with create_ipc_ns()
> - IPC: restore objects in suitable namespace
> - IPC: correct behavior under !CONFIG_IPC_NS
> - UTS: save/restore all fields
> - UTS: replace sys_unshare() with create_uts_ns()
> - X86_32: sanitize cpu, debug, and segment registers on restart
> - cgroup_freezer: add CHECKPOINTING state to safeguard checkpoint
> - cgroup_freezer: add interface to freeze a cgroup (given a task)
>
> [2009-May-27] v16
> - Privilege checks for IPC checkpoint
> - Fix error string generation during checkpoint
> - Use kzalloc for header allocation
> - Restart blocks are arch-independent
> - Redo pipe c/r using splice
> - Fixes to s390 arch
> - Remove powerpc arch (temporary)
> - Explicitly restore ->nsproxy
> - All objects in image are precedeed by 'struct ckpt_hdr'
> - Fix leaks detection (and leaks)
> - Reorder of patchset
> - Misc bugs and compilation fixes
>
> [2009-Apr-12] v15
> - Minor fixes
>
> [2009-Apr-28] v14
> - Tested against kernel v2.6.30-rc3 on x86_32.
> - Refactor files chekpoint to use f_ops (file operations)
> - Refactor mm/vma to use vma_ops
> - Explicitly handle VDSO vma (and require compat mode)
> - Added code to c/r restat-blocks (restart timeout related syscalls)
> - Added code to c/r namespaces: uts, ipc (with Dan Smith)
> - Added code to c/r sysvipc (shm, msg, sem)
> - Support for VM_CLONE shared memory
> - Added resource leak detection for whole-container checkpoint
> - Added sysctl gauge to allow unprivileged restart/checkpoint
> - Improve and simplify the code and logic of shared objects
> - Rework image format: shared objects appear prior to their use
> - Merge checkpoint and restart functionality into same files
> - Massive renaming of functions: prefix "ckpt_" for generics,
> "checkpoint_" for checkpoint, and "restore_" for restart.
> - Report checkpoint errors as a valid (string record) in the output
> - Merged PPC architecture (by Nathan Lunch),
> - Requires updates to userspace tools too.
> - Misc nits and bug fixes
>
> [2009-Mar-31] v14-rc2
> - Change along Dave's suggestion to use f_ops->checkpoint() for files
> - Merge patch simplifying Kconfig, with CONFIG_CHECKPOINT_SUPPORT
> - Merge support for PPC arch (Nathan Lynch)
> - Misc cleanups and fixes in response to comments
>
> [2009-Mar-20] v14-rc1:
> - The 'h.parent' field of 'struct cr_hdr' isn't used - discard
> - Check whether calls to cr_hbuf_get() succeed or fail.
> - Fixed of pipe c/r code
> - Prevent deadlock by refusing c/r when a pipe inode == ctx->file inode
> - Refuse non-self checkpoint if a task isn't frozen
> - Use unsigned fields in checkpoint headers unless otherwise required
> - Rename functions in files c/r to better reflect their role
> - Add support for anonymous shared memory
> - Merge support for s390 arch (Dan Smith, Serge Hallyn)
>
> [2008-Dec-03] v13:
> - Cleanups of 'struct cr_ctx' - remove unused fields
> - Misc fixes for comments
>
> [2008-Dec-17] v12:
> - Fix re-alloc/reset of pgarr chain to correctly reuse buffers
> (empty pgarr are saves in a separate pool chain)
> - Add a couple of missed calls to cr_hbuf_put()
> - cr_kwrite/cr_kread() again use vfs_read(), vfs_write() (safer)
> - Split cr_write/cr_read() to two parts: _cr_write/read() helper
> - Befriend with sparse: explicit conversion to 'void __user *'
> - Redrefine 'pr_fmt' ind replace cr_debug() with pr_debug()
>
> [2008-Dec-05] v11:
> - Use contents of 'init->fs->root' instead of pointing to it
> - Ignore symlinks (there is no such thing as an open symlink)
> - cr_scan_fds() retries from scratch if it hits size limits
> - Add missing test for VM_MAYSHARE when dumping memory
> - Improve documentation about: behavior when tasks aren't fronen,
> life span of the object hash, references to objects in the hash
>
> [2008-Nov-26] v10:
> - Grab vfs root of container init, rather than current process
> - Acquire dcache_lock around call to __d_path() in cr_fill_name()
> - Force end-of-string in cr_read_string() (fix possible DoS)
> - Introduce cr_write_buffer(), cr_read_buffer() and cr_read_buf_type()
>
> [2008-Nov-10] v9:
> - Support multiple processes c/r
> - Extend checkpoint header with archtiecture dependent header
> - Misc bug fixes (see individual changelogs)
> - Rebase to v2.6.28-rc3.
>
> [2008-Oct-29] v8:
> - Support "external" checkpoint
> - Include Dave Hansen's 'deny-checkpoint' patch
> - Split docs in Documentation/checkpoint/..., and improve contents
>
> [2008-Oct-17] v7:
> - Fix save/restore state of FPU
> - Fix argument given to kunmap_atomic() in memory dump/restore
>
> [2008-Oct-07] v6:
> - Balance all calls to cr_hbuf_get() with matching cr_hbuf_put()
> (even though it's not really needed)
> - Add assumptions and what's-missing to documentation
> - Misc fixes and cleanups
>
> [2008-Sep-11] v5:
> - Config is now 'def_bool n' by default
> - Improve memory dump/restore code (following Dave Hansen's comments)
> - Change dump format (and code) to allow chunks of <vaddrs, pages>
> instead of one long list of each
> - Fix use of follow_page() to avoid faulting in non-present pages
> - Memory restore now maps user pages explicitly to copy data into them,
> instead of reading directly to user space; got rid of mprotect_fixup()
> - Remove preempt_disable() when restoring debug registers
> - Rename headers files s/ckpt/checkpoint/
> - Fix misc bugs in files dump/restore
> - Fixes and cleanups on some error paths
> - Fix misc coding style
>
> [2008-Sep-09] v4:
> - Various fixes and clean-ups
> - Fix calculation of hash table size
> - Fix header structure alignment
> - Use stand list_... for cr_pgarr
>
> [2008-Aug-29] v3:
> - Various fixes and clean-ups
> - Use standard hlist_... for hash table
> - Better use of standard kmalloc/kfree
>
> [2008-Aug-20] v2:
> - Added Dump and restore of open files (regular and directories)
> - Added basic handling of shared objects, and improve handling of
> 'parent tag' concept
> - Added documentation
> - Improved ABI, 64bit padding for image data
> - Improved locking when saving/restoring memory
> - Added UTS information to header (release, version, machine)
> - Cleanup extraction of filename from a file pointer
> - Refactor to allow easier reviewing
> - Remove requirement for CAPS_SYS_ADMIN until we come up with a
> security policy (this means that file restore may fail)
> - Other cleanup and response to comments for v1
>
> [2008-Jul-29] v1:
> - Initial version: support a single task with address space of only
> private anonymous or file-mapped VMAs; syscalls ignore pid/crid
> argument and act on current process.
>
>
^ permalink raw reply [flat|nested] 137+ messages in thread* Re: [PATCH v21 001/100] eclone (1/11): Factor out code to allocate pidmap page
2010-05-01 14:14 [PATCH v21 00/100] Kernel based checkpoint/restart Oren Laadan
` (100 preceding siblings ...)
2010-05-01 15:17 ` [PATCH v21 00/100] Kernel based checkpoint/restart Oren Laadan
@ 2010-05-04 14:43 ` David Howells
2010-05-05 15:13 ` Oren Laadan
101 siblings, 1 reply; 137+ messages in thread
From: David Howells @ 2010-05-04 14:43 UTC (permalink / raw)
To: Oren Laadan
Cc: dhowells, Andrew Morton, linux-s390, linux-api, containers, x86,
linux-kernel, linuxppc-dev, Matt Helsley, Serge Hallyn,
Sukadev Bhattiprolu, Pavel Emelyanov
With a huge patch series like this, can you post a cover note at the front
(usually patch 0) saying what the point of the whole series is?
David
^ permalink raw reply [flat|nested] 137+ messages in thread* Re: [PATCH v21 001/100] eclone (1/11): Factor out code to allocate pidmap page
2010-05-04 14:43 ` [PATCH v21 001/100] eclone (1/11): Factor out code to allocate pidmap page David Howells
@ 2010-05-05 15:13 ` Oren Laadan
0 siblings, 0 replies; 137+ messages in thread
From: Oren Laadan @ 2010-05-05 15:13 UTC (permalink / raw)
To: David Howells
Cc: Andrew Morton, linux-s390, linux-api, containers, x86,
linux-kernel, linuxppc-dev, Matt Helsley, Serge Hallyn,
Sukadev Bhattiprolu, Pavel Emelyanov
Hi David,
I suppose you are looking for more details than those found in the
current patch-0 (http://lkml.org/lkml/2010/5/1/140).
We omitted them for brevity sake; here is a link to patch-0 of a
previous post of the patchset: http://lkml.org/lkml/2009/9/23/423
Thanks,
Oren.
David Howells wrote:
> With a huge patch series like this, can you post a cover note at the front
> (usually patch 0) saying what the point of the whole series is?
>
> David
>
^ permalink raw reply [flat|nested] 137+ messages in thread