Download/criu/1.4

Revision as of 09:38, 1 December 2014 by Xemul (talk | contribs)
Tarball: criu-1.4.tar.bz2
Version: 1.4
Released: 1 Dec 2014
GIT tag: v1.4

New features

  • Dump and check cpuinfo. Needed to make sure CPU is capable to run the images after restore, e.g. during live migration
  • Initial support for user namespaces
    • Use memfd to restore shared memory segments
    • New (slightly faster) API for mm stuff restore via prctl
    • [UG]ID-s are dumped from parasite, not from /proc files
  • The docker_cr.sh script to show how Docker container C/R should (will) look like
  • New API for writing plugins (old one is still possible)
  • Service workers change their title to better look in ps output
  • Ability to feed socket for pre-dump and page-server in swrk mode
  • Page-server can auto-bind its port
  • Ability to perform several actions during one connection to RPC service
  • C/R of opened /proc/$pid/foo files of dead tasks
  • C/R of /dev/console
  • C/R of virtualized devtmpfs (openvz and future upstream kernels)
  • C/R of empty mqueue fs (posix message queues)
  • C/R of shared bind-mounts

Optimizations

  • BFD engine
    • Faster that glibc's FILE * buffered read from /proc files
    • Buffered image files IO
  • Faster parasite/restorer unload
    • Use HW breakpoints
    • Less ptrace GETREGS calls sometimes
    • Wake pie after sending the FINI command to socket
  • Merged some pairs of images into one
    • eventpoll and -tfd
    • inotify and -wd
    • fsnotify and -mark
  • Less setns()-s on dump is much faster on older kernels
  • Faster access to /proc/self files -- cached fd of /proc/self and openat(this_cache)

Fixes

  • Sibling restore mode didn't set up CRIU signals properly
  • Unpredictable sibling/child root task restore. Fixed with explicit CLI option
  • Validation for leaf mount points was skipped
  • Mount options were corrupted on dump, which resulted in errors bind mounts detection
  • Uninitialized properties of some cgroups prevented moving tasks into them (e.g. empty cpuset masks and low memcg limit)
  • File locks could belong to task with different pid (inherited on fork) blocked the dump
  • Bogus error printed in logs about SIGCHLD catch (was caused by thread dump using traps)
  • Irmap engine accessed freed root_task on pre-dump
  • Restore of net namespace could always fail (pid mismatch on fork) if kernel thread was created on netns setup
  • Cgroups service descriptor was closed too early and failed restore
  • Auto-loaded *diag modules caused audit netlink socket to contain data on dump (dump fails in this case)
  • The "(deleted)" prefix accumulated in unlinked files while doing C/R
  • The devpts filesystem and ptmx file were only dumped when found on /dev/pts and /dev respectively
  • Data in netlink socket and fanotify was lost after C/R (now dump is aborted if data found in it)
  • Fanotify mark was restore in different mount namespace
  • Images were writable by group. Not secure when user-dump was requested
  • Rootfs has parent id equal to self. CRIU didn't expect this and failed the dump
  • Shared mount of the --root path failed the restore
  • Absence (e.g. not compiled in) of any namespace in the kernel failed the dump
  • Page-server incremental dump didn't detect new tasks properly and failed the stage
  • Big TCP queues sometimes failed to get restored