This page lists recent CRIU releases.
With 2.x, we decided to make several technologies available as standalone projects (e.g. Compel) and release new stuff faster than once every 3 months (see release schedule).
v. 2.7
Tarball: | criu-2.7.tar.bz2 |
Version: | 2.7 "Rubber Owl" |
Released: | 17 Oct 2016 |
GIT tag: | v2.7 |
New features
- Option
--cgroup-root
now makes sense on dump too - CLOCK_BOOTTIME timer supported
Optimizations/improvements
- Output of iptables command leaked into logs for no use
- Helper dev environment installation script for Debian
- Man-page updated and prettified :)
Fixes
- Unmounted binfmt_misc with rules wasn't dumped at all
- Malloc() error could result in crash
- Device cgroup restore could fail restoring empty record
- Some entries in device cgroups were restored twice
- Potential crash when dumping cgroup bindmounts
- Sign error caused dump to fail on btrfs partitions
- Shared mounts with the same mount path failed the dump
- Threads were restored with unshared FS (cwd and root)
- Shared memory changes tracking disabled (regression found)
- Restore of autofs can hang
- LSM profile propagation could be lost
- Mountpoint with lots of options blocked the dump (too small buffer for parsing)
- External slave mount (with external master) blocked the dump
- Mounts with STRICTATIME restored with others flags dropped
Deprecated
- No reg-file entry for TTYs
v. 2.6
Tarball: | criu-2.6.tar.bz2 |
Version: | 2.6 "Paper Crane" |
Released: | 12 Sep 2016 |
GIT tag: | v2.6 |
New features
- Ability to leave process stopped after restore
- Memory changes tracking for anonymous shared memory
- Shared memory images deduplication too, as a part of it
- Deprecation option/environment
- First error message is reported back via RPC
- C/R of
- More IPCNS sysctls
- xIDs of PTYs
- TMEM on PPC64LE
Optimizations/improvements
- Use service FD for transport sockets on restore
- Ability to turn pagemap-cache off (some kernels are buggy)
- The
criu --help
text has become better
Fixes
- R/O-mounted root could block the dump
- Restore of cgroup.mm.oom_control could fail
- Cgroup fs bind mounts were detected with error
- Unaligned futex-es in parasite could cause dump to crash
- When compiled with gcc-4.9 parasite code crashed
- Failure to freeze cgroup didn't result in aborting of dump
- Wrong ns list was parsed when dumping userns (invisible since nesting works only for mntns)
- Non-inheritable non-tty as stdin caused shell-job restore to erroneously fail
- Error path in
criu dedup
could crash
Deprecated
- Per-pid rlimit, itimers and posix-timers
- Separate image for epoll tfds (target file descriptors)
v. 2.5
Tarball: | criu-2.5.tar.bz2 |
Version: | 2.5 "Concrete Oriole" |
Released: | 15 Aug 2016 |
GIT tag: | v2.5 |
New features
- C/R
- fs.mqueue.msg*_default sysctls
- Unix sockets with overwritten paths
- Link-remap files in removed directories
Optimizations/improvements
- Micro-optimization on namespace ID evaluation
- Restoring shared files uses one socket instead of per-fd ones
- More verbosity when refusing to dump a file descriptor
Fixes
- Restore could fail on openat() with ENXIO when multiple mnt namespaces get restored
- The criu exec action got broken
- Link-remap and ghost files remained on FS after restore failure
- TCP window could remain clamped after restore resulting in connection lockup/slowdown
- Dump could stuck when injecting a parasite
- The
--timeout
option wasn't taken into account when freezing tasks using freezecg - Race in freezeing/seizing could result in lost tasks
- Memory leaks here and there on error paths
- Double free in xvstrcat (crash)
- VDSO length was mis-calculated
- Symlink on
--root
path could make restore erroneously fail - Potential memory corruption on reading mntns images
- When restoring on systems with low pid_max limit restore could fail
- RO-protected SysV shmem segments could be restored with PROT_EXEC
- File mode of mapped file was evaluated with errors
- Restore of cgroups' mem.swappines and ..use_hierarchy blocked sub-groups creation
- Impossible to restore cgoup mem.swappines default value
- Zombies living in orphan sessions/groups failed the restore
v. 2.4
Tarball: | criu-2.4.tar.bz2 |
Version: | 2.4 "Marble Lark" |
Released: | 11 Jul 2016 |
GIT tag: | v2.4 |
New features
- Generate core from images
- Ability to forcibly drop half-open TCP connections on C/R
- Ability to specify cgroup ctls to dump via API
- Opened/mapped files' mode is compared between dump and restore times
- C/R of
- AutoFS mountpoints
- New cgroups (perf_event, net_cls, net_prio and pids)
- Memcgroup optional properties
- Devices cgroup
Optimizations/improvements
- Pagemap image entries are cached in memory
Fixes
- Configured kmem cgroup limit restore failed
- Mem cgroup oom_control
- Cgroup's pids.max was not C/R-ed
- Failure to write cgroup property was ignored
- No init PID in pre-dump action script
- Sigactions inheritance didn't work on ARM
- Opened "/proc" dir blocked the dump
- Working with iptables was racy
- Sibling mounts detection error on dump
- Devconf accept_redirects devconf could be restored with errors
- "All" devconfs could be overridden by "Default"
- Name-less unix sockets got auto-bound
- Mode was lost for PTY device file on restore
- Newer protobuf compilers didn't recognize PB files
- External mounts could be remounted with MS_PRIVATE
- Build fail on Alpine Linux
Deprecated/removed
- Per-pid file locks images
- Per-pid fdinfo images
- Ancient pagemap/pages images
v. 2.3
Tarball: | criu-2.3.tar.bz2 |
Version: | 2.3 "Wooden Duck" |
Released: | 14 Jun 2016 |
GIT tag: | v2.3 |
New features
- Ability not to show payload for some objects in CRIT
- Pidfile is written at the end of restore
- Ability to join existing namespaces on restore
- C/R of
- Data sitting in TTYs
- Partially write-protected SysVIPC segments
- Debugfs and tracefs mounts
- Overmounted tmpfs
- IPv6 devconf sysctls
- External block devices
- Unix sockets with mismatched shutdown state
Optimizations/improvements
- Relaxed calculation of AIO ring size
- Tree-based search of tasks by real pid
- Less mem-to-mem copies on restore
- Saner devconf image format
- More verbose explanation of why task cannot be seized
- PID is printed in PIE logs
Fixes
- Too many mmap-ed files blocked the dump
- Potential memory corruption when working with IPv6 sockets
- Overmounted bind mounts could cause restore to fail
- Overmounted bind mounts could result in badly restored mount tree
- Incomplete restoration of RO bind mounts options
Deprecated/removed
- Greedy mode of pagemap (non-root) caused dump to fail (disabled)
v. 2.2
Tarball: | criu-2.2.tar.bz2 |
Version: | 2.2 "Carbon Nightingale" |
Released: | 16 May 2016 |
GIT tag: | v2.2 |
New features
- Uninstall action in Makfilefile
- "Post-resume" added to action scripts
- Root task's PID in environment for action scripts
- C/R of
- Devconfs drop_gratuitous_arp and drop_unicast_in_l2_multicast
- * Serial ttys
Optimizations/improvements
- Lighter link-remaps restore on newer kernels
Fixes
- Race when restoring userns vs setting ns' maps
- Tasks with zero fds failed the dump
- Restore of TCP recv queue could fail due to kernel mem alloc constraints
- No errors were written to logs when launching helper (tar/iptables) app in userns restore
- User-mode dumped no memory pages sometimes
- Bind mounts considered not as bind sometimes
- Two mounts in the same directory blocked the dump
- Off-by in on /dev/tty{1,63} dumping
- Forking of cgroupns task was done with screwed clone flags
Deprecated/removed
- Greedy mode of pagemap dumping (on some kernels we do not support user-mode)
- Removed the --namespaces option
v. 2.1
Tarball: | criu-2.1.tar.bz2 |
Version: | 2.1 "Steel Lapwing" |
Released: | 11 Apr 2016 |
GIT tag: | v2.1 |
New features
- Checking now classifies features to important/extra/experimental
- Ability to bring some disk files into images. See $source/scripts/tmp-files.sh
- C/R of
- Completed AIO requests
- Fallback gre and gretap net devices
Optimizations/improvements
- Code coverage collecting now works
- Use native rtnl library for netlink messages processing
- Using
--output -
now results in stdout as log, not a file with the name "-" - Signals are printed by names in logs
Fixes
Make tar
generated tarbal with bad name- CG restore code lacked rollback in some places
- Error code from raw syscalls was treated with errors resulting in wrong
criu check
reports - Dumping task with HUGE amount of file descriptors failed
- Task could be stopped after pre-dump if respective option was used
- A /proc/pid directory from dead process conflicting with a new alive one could cause dump to fail
- Zombie from alien session/process group caused restore to fail
- CGroup fs was wrongly mounted in CGNS on restore
- Irmap scan was mis-checking devices numbers
- Use-after-free in irmap scan
- Btrfs bindmounts detection was mistaken due to 'subvol=' options met
- Propagation of mountpoint's shared groups was lost for propagated mounts
- Unaligned allocations of restore shared memory could result in codedumps when used by futexes
- Temporary mountpoints could result in spurious propagations
- When aborting the dump criu could crash on use-after-free objects
- Locking the network could stuck doing the DNS resolve
- Several build fixes
Deprecated/removed
- The images from criu prior to 0.4 are deprecated
- The
--namespaces
option makes no sense and is also deprecated - The
--ms
option for check action is deprecated
v. 2.0
Tarball: | criu-2.0.tar.bz2 |
Version: | 2.0 |
Released: | 7 Mar 2016 |
GIT tag: | v2.0 |
New features
- New code layout for sub-projects (e.g. Compel)
- Unprivileged dump
- Dump/check cpuinfo support for PPC
- Explorers for CRIT
- Added "post-setup-namespaces" to action scripts
- Added timeout for dump procedure (5 sec by default)
- Ability to override LSM profile on restore with CLI/RPC option
- External bind mounts can be fs-root mounts too
- Skip netns' internals on dump and restore (for Docker integration)
- Advanced support for external files
- C/R for
- Mode and uid/gid of cgroup files and dirs
- Freeze cgroup state (frozen/thawed)
- Task's loginuid and oom score
- Per-thread credentials
- Filter mode of seccomp
- Ghost file in removed directory
- Ghost files lutimes
- Binfmt-misc FS contents
- Netfilter conntracks and expectations
- Multi-headed cgroups
- CGroup namespaces (no nesting)
Optimizations/improvements
- Align parasite stack on 16 bits for correctness
- Compilation with native libc syscall wrappers and helpers
- Parasite code injection done via memfd system call
- Make vaddr to pfn conversion with one less syscall
- CRIT shows device numbers in "maj:min" manner
- CRIT shows mmap's status in verbose
- Docker files for builds on all supported arches
Fixes
- Absent readlink syscall on ARM (use readlinkat instead) could cause dump to fail
- Wrong argument to timer_create system call could cause restore to crash
- Extra tasks in freeze cgroup caused dump to fail/hand/crash
- Unaligned restore-time object allocations caused lock operations to fail
- Opened /proc/pid dir of dead task failed the dump
- Unaligned stacks caused criu to fail on aarch64
- Changed device numbers on restore side could cause random failures
- Fixes in mount points sharing/slavery/propagation restore
- Race between mntns creation and fds closing in different tasks could cause restore to fail
- Hard kernel limit on TCP repair recv queue restore could cause big queue restore to fail
- Unconnected dgram UNIX socket with data lost packets on restore
- CRIT didn't show IPC objects
- CRIT didn't convert IP addresses in images
- Logs from PIE code contained corrupted addresses and sizes
- Not loaded netfilter modules could cause dump/restore to stuck on dumping netlink socket
- Shared external mounts were restored with error
Security
- User-mode
- When checking for namespaces' CRIU entered userns with host creds
Deprecated/removed
- Completely removed 'show' action. Use CRIT instead.