Difference between revisions of "Todo"

From CRIU
Jump to navigation Jump to search
(+ selinux)
Line 6: Line 6:
 
! potential/willing assignee
 
! potential/willing assignee
 
! comments
 
! comments
 +
|-
 +
| crtools || Make dump and restore work under [[selinux]] || medium || - || Selinux imposes more restrictions on the stuff we typically do.
 
|-
 
|-
 
| crtools || Inherit resources, not restore || medium || - || Sigactions are restored for every task before it fork()-s. Then children check for the sa_action from their image matches to one it got from parent. Need to do the same for rlimits, maybe other resources too.
 
| crtools || Inherit resources, not restore || medium || - || Sigactions are restored for every task before it fork()-s. Then children check for the sa_action from their image matches to one it got from parent. Need to do the same for rlimits, maybe other resources too.

Revision as of 17:38, 10 March 2015

component task complexity potential/willing assignee comments
crtools Make dump and restore work under selinux medium - Selinux imposes more restrictions on the stuff we typically do.
crtools Inherit resources, not restore medium - Sigactions are restored for every task before it fork()-s. Then children check for the sa_action from their image matches to one it got from parent. Need to do the same for rlimits, maybe other resources too.
crtools Implement restorer v2 hard (v2) -
crtools New images format medium (v2) - See what's bad with V1 images
crtools Eliminate empty images easy - When dumping CRIU opens many image files and then checks whether or not to write data into them. If there's no objects of some type, the respective image file resides "empty", i.e. -- with only 4 bytes of magic number. Need to produce dump that doesn't have such things.
crtools Make RPC "swrk" mode public medium xemul There's an "swrk" action in CRIU CLI API. This turns CRIU into service worker accepting RPC commands. This mode is not documented. Need to standartify one and make public.
kernel/crtools Tune the start-time of tasks medium - When we restore tasks their start-time goes forward (since we create the new task effectively). Need to address this somehow, most likely with the time namespace.
crtools Support chroot-ed mount namespace medium - If the root task lives in another mount namespace and has its root moved (with chroot()) CRIU dump fails with errors about inability to resolve files' paths. This is because CRIU treats the mount namespace's root as the init task's root which should be "/".
crtools Non-stop memory (first?) pre-dump medium - When reading only the memory we can avoid freezing tasks and draining memory with parasite. There's a system call named "read_process_vm" which can help us accessing the other task's memory. The disadvantage of this approach is the need for additional memory. We may control this behaviour by reading memory in chunks and not allocating to much of additional buffers.
kernel/crtools Speed up fetching info about tasks medium Andrey Vagin Using proc to get info about tasks is nice but too slow. We have measured that having socket-based engine that would fetch info about tasks from the kernel speeds things up significantly. So Andrey is working on the Task-diag patchset that would implement that.
kernel Make pipes swappable hard - When pre-dumping memory we pull all the task's memory into pipe with vmsplice and then send it via network splicing the pages into socket. During this period all the memory is effectively pinned as pages in pipe are not swappable.
crtools Deduplication for shmem memory dumps easy - We have dedup action and --auto-dedup option for dump/restore which only works for pid pagemaps. Need the same for shmem.
kernel/crtools Adjust per-task/-container timers offsets medium - Absolute timers differ on different nodes. When live migrating a task/container this difference may (and will) screw the timers up.
crtools Shift timers' timeouts according to the actual C-to-R delay medium - If we pause tasks between C and R we, probably, need to adjust timers respectively. "Medium" complexity is because it's unclear what to do, not how.
crtools Show what was left in the system after dump easy - When we use --link-remap option or --tcp-established one CRIU leaves some traces in the system, in particular -- temporary hard links in the former case and iptables rules in the latter. Need some way to show these to the user.
crtools Decode flags from images into symbolic names easy - When we print images contents with CRIT the flags fields are shown in decimal/hex numbers. It would be nice to print the symbolic names for known flags in some form.
crtools Leases support easy - The F_SETLEASE/F_GETLEASE API is not currently supported, but doesn't differ much from regular locks.
kernel/crtools Make proper "check lock present" API in the kernel medium - Currently we detect where a file lock belongs to by locking the file again with the alternative lock type and check how kernel reacts on that. This is not nice as it may tune the lock state on a file. Instead we need the "check lock on fd" call in the kernel.
kernel/crtools Put call to mmap into VDSO easy Cyrill To put the parasite code into target process we modify its code to call the mmap() system call (and the unmodify it back) and put the parasite into new area. Oleg Nesterov suggests not to patch victim, but to always have one on VDSO.
crtools Integration with other projects hard - CRIU is not working great by itself. There's alway some specific about what user wants to dump. Integrating CRIU with other projects will make CRIU work at its best.
crtools Restore tasks into fresh new pid namespace easy Kuprieiev Ruslan When we dumped processes, it can be hard to restore it back, if they didn't live in a pid namespace, due to PIDs conflict. It would be nice to have the ability to ask CRIU to create the pid namespace for those guys and restore them there. A thing to worry about is this new namespace's init task.
crtools Rollback tree state medium - When we checkpointed process tree with -R option (let them run after checkpoint) we might want to return the tasks into checkpointed state on the same machine. Currently this can only be done by killing the processes and restoring them from scratch. If we could ask CRIU to restore the images into the ready processes that could speed things up, especially if carefully caring about memory changes tracking.
crtools AIO with pending events medium - When we dump AIO ring we check it not to contain events inside and abort the dump otherwise. Need to dump events too and put them back on restore.
crtools Restore arbitrary mountpoints tree hard - Linux kernel can construct tricky knows with mount points. We don't support arbitrary configuration of such things, only those that are in active use by software. Need to fix them up.
crtools Lazy restore using userfaultfd medium xemul It might make sense to restore tasks w/o putting all the memory into respective places. Instead, the VMAs in question can be marked as "lazy" and pages will get filled into them in the background and, upon demand, in the out-of-order manner. The functionality is related to lazy migration and seamless kernel update tasks.
crtools Lazy migration using userfaultfd medium xemul Lazy migration is when we move all the tasks on another node, but leave theirs memory on the source one. Not to allow tasks read garbage from empty address space we protect all of it as inaccessible. When tasks start reading/writing the mem they got page-fault-ed. With the userfaultfd technology it can be possible to intercept the #PF, pull the page from source node and map it into expected address.
crtools Dump tasks from cgroup easy - Currently criu dumps a subtree from given pid. It makes sense to request CRIU to dump a set of tasks from given cgroup.
crtools Speed up logging medium Cyrill Synchronous formatting and writes into log files slow things down. On the other hand turning logs off make it impossible to troubleshoot.
crtools Sanitize logging messages hard - Currently log messages are printed w/o any logic, it's hard to analize what has happened when CRIU fails. Need to improve that by, e.g. categorizing images and explaining them in more details.
crtools Support OFD posix locks easy - These are still rarely used, but exist. Might make sense to support them in advance, it looks like kernel API allows for that.
crtools Optimize kcmp calls medium - CRIU build kcmp trees to find out IDs of such objects as MM, FDT and others. Currently we kcmp all tasks to get the ID, but we can improve that by pre-generating ID based on objects that live on MM, FS, etc. If pre-ID of two tasks matches, then we call kcmp, if not -- objects are different.
crtools Shmem changes tracking medium - Memory changes tracker works on anonymous private mappings only. Anonymous shmem is not in active use by server applications, so we don't support one currently. Supporting it should be done by tracking the changes from all the tasks that could write into the segment. For anon shared memory and sysvipc segment inside IPC namespace this works reliably.
crtools Page transfer filters medium - The page-xfer engine just splices the pages from stealing pipes into socket. Packing or encrypting the data would be nice. Maybe it's purely for P.Haul?
crtools FUSE mount points hard - When dumping mountpoints we explicitly check the filesystem mounted. The thing is -- not all filesystems can be just ignored on dump. E.g. FUSE mount involves a user-space daemon that is responsible for the files tree contents. If we just kill one on dump we might not be able to restore it. Need to special-care one.
crtools 32-bit tasks hard Cyrill For x86 we only dump and restore 64-bit tasks. Doing 32-bit should also be done, but keep in mind, that not only 64-bit tree OR 32-bit tree should be supported. There can be mixed 64-and-32-bit trees out there and CRIU should support those too.
crtools Generate task's core file out of images with CRIT medium Ruslan Kuprieiev Nothing special -- just take core.img, mm.img and pagemap.img and produce the canonical core image out of those.
crtools Modify restored resources run-time in CRIT daemon medium - Sometimes it might make sense to tune the objects fro images on restore. E.g. -- change the IP address of sockets from task above or fix file paths to be "chroot-ed". The best solution seems to be in launching CRIT in daemon mode, telling it what images and how to modify and teaching CRIU to "filter" the pb objects read from images through this daemon.
crtools TCP socket migration with changed IP medium - It might make sense to migrate a tcp connection on a box with changed IP address _if_ both boxes are NAT-ed to the destination. We will then have to go to NAT box and fix the conntracks in that case and use CRIT images modifucation facilities.
crtools Applying images hard (v2) xemul@ w/ students Think about ability to take images and apply them to a living task(s). Like it was described in the "rollback" feature above. Another exampl -- repopulate fdtable according to data from image. Yet another use-case -- when doing partial migration (see below) we'll need to modify one part to switch from pipes to sockets. What else? With constant replication of tree state we can do incremental dumps on source node and apply those increments on pre-created replicas on the destination node.
crtools Partial migration hard - If tasks subtree has connections to the rest of the tree (e.g. with pipes of unix sockets) we try to detect this and refuse the dump. It should be possible to take part of the tree, migrating it somewhere and recreating the mentioned links with some other appropriate IPC channel. E.g. pipes with sockets, shared memory with distributed shared memory and so on.
crtools Shared objects (mm/fs) support medium - Things created with CLONE_FOO flags are not supported now (exception -- full threads). Now we have the kcmp syscall and can do it. The shared fdtable (CLONE_FILES) is supported, the next candidate is mm sharing, as we do know, that MySQL does so sometimes.
crtools Smart paths resolution hard - Files can be overmounted. In this case CRIU will refuse the dump saying that file is not alive but inaccessible by its name. Need a way to resolve paths to such. There are two ways: 1. Move mounts, that overlap the desired path temporarily, then open the file, then move the mountpoint back. 2. When creating a new mount pre-open an fd keeping the mountpoint. Later, do accurate path resolve and call openat() on proper mountpoint fd.
kernel/crtools TCP repair fixes hard - We can dump and restore live TCP connection. There are some issues with it, that should be fixed.
kernel?/crtools TCP conntrack-ed connections medium - When a container uses conntracks inside, we cannot just dump and restore alive TCP connection. Otherwise on restore the resurrected packets will be blocked by connection tracker as they would not be recognized as established connection. Need to check whether connection tracking is ON, dump the needed conntrack info and put the tracker back.
crtools Bridges in container medium - The bridge device state should be read, saved and restored.
crtools VLANs in containers medium - Vlan (802.1q) device state should be read, saved and restored.
crtools PPP support medium - PPP consists of several things, not just ppp devices. If container uses PPP we should take care of it, currently CRIU just aborts.
crtools/kernel NFS mount points support hard - NFS mount points from inside container cannot be easily restored. The thing is -- if we want to restore opened file we will go ahead and call the open system call. If the file in question resides on NFS, the latter might need to go to network to check whether the file actually exists and set up the handle. But if the networking is still not restored this operation would fail and we'll have to fail the whole restore. In order to untie this chicken-and-egg problem we may go in two directions.
kernel Seamless kernel upgrade hard xemul Briefly -- dump tasks (into memory), change the kernel w/ kexec, then restore tasks back. From the tasks and remote client perspective tasks has just stopped and then resumed on the newer kernel. Can be a good complement to the classic live-patching technology.
crtools Validate .img files easy - CRIT sub-task. For a given set of image files check, that they are in "restorable" shape, i.e. contain valid data and no pieces are missing.
crtools Restore arbitrary process tree hard - Need to restore any process tree, which could be created with help PR_SET_CHILD_SUBREAPER and CLONE_PARENT. Processes can share other resources clone(2). Look at session02. The task of resolving the given images into operations we might need to perform seem to be NP (not proven though).
crtools C/R X applications hard Ruslan Kuprieiev Dump/restore of graphical applications (see about integration). In case of X app part of its state is stored into the X-server. Need the way to fetch this state during dump and put this state back into the server on restore. Requires fixing the X-server software too.
crtools/kernel Undo semaphores medium Cyrill Gorcunov These are SysVIPC objects created with semctl() and SEM_UNDO flag. Shame on us, we don't even detect these are created. Fortunately they are not in active use. Need to do it -- dump and restore. Requires modifications from both sides -- criu and kernel.
crtools More detailed RPC fail codes easy - Currently only 3 typical errors are reported(see include/cr-errno.h). Need to extend this set as currently it's hard to understand what has happened w/o analysing CRIU log files.
kernel/criu FS-notify queues hard - We dump Fsnotify files, but when they contain events inside -- just ignore those. Need to fetch then and put back on restore. The difficulty here is that while dumping/restoring CRIU may touch files that are monitored and thus produce unwanted events into queue.