Google Summer of Code (GSoC) is a global program that offers post-secondary students an opportunity to be paid for contributing to an open source project over a three month period.
This page contains project ideas for upcoming Google Summer of Code.
Contacts
Please contact the respective mentor for the idea you are interested in. For general questions feel free to send an email to the mailing list or write in gitter.
Project ideas
Optimize logging engine
Summary: CRIU puts a lots of logs when doing its job. Logging is done with simple fprintf function. They are typically useless, but if some operation fails -- the logs are the only way to find what was the reason for failure.
At the same time the printf family of functions is known to take some time to work -- they need to scan the format string for %-s and then convert the arguments into strings. If comparing criu dump with and without logs the time difference is notable (15%-20%), so speeding the logs up will help improve criu performance.
One of the solutions to the problem might be binary logging. The problem with binary logs is the amount of efforts to convert existing logs to binary form. Preferably, the switch to binary logging either keeps existing log() calls intact, either has some automatics to convert them.
The option to keep log() calls intact might be in pre-compilation pass of the sources. In this pass each log(fmt, ...)
call gets translated into a call to a binary log function that saves fmt
identifier copies all the args as is into the log file. The binary log decode utility, required in this case, should then find the fmt string by its ID in the log file and print the resulting message.
Links:
Details:
- Skill level: intermediate
- Language: C, though decoder/preprocessor can be in any language
- Mentor: Pavel Emelyanov <xemul@openvz.org>
- Suggested by: Andrei Vagin <avagin@gmail.com>
Add support for checkpoint/restore of CORK-ed UDP socket
Summary: Support C/R of corked UDP socket
There's UDP_CORK option for sockets. As man page says:
If this option is enabled, then all data output on this socket is accumulated into a single datagram that is transmitted when the option is disabled. This option should not be used in code intended to be portable.
Currently criu refuses to dump this case, so it's effectively a bug. Supporting this will need extending the kernel API to allow criu read back the write queue of the socket (see how it's done for TCP sockets, for example). Then the queue is written into the image and is restored into the socket (with the CORK bit set too).
Links:
Details:
- Skill level: intermediate (+linux kernel)
- Language: C
- Mentor: Pavel Emelianov <xemul@virtuozzo.com>
- Suggested by: Pavel Emelianov <xemul@virtuozzo.com>
Anonymise image files
Summary: Teach CRIT to remove sensitive information from images
When reporting a BUG it may be not acceptable for the reporter to send us raw images, as they may contain sensitive data. Need to teach CRIT to "anonymise" images for publication.
List of data to shred:
- Memory contents. For the sake of investigation, all the memory contents can be just removed. Only the sizes of pages*.img files are enough.
- Paths to files. Here we should keep the paths relations to each other. The simplest way seem to be replacing file names with "random" (or sequential) strings, BUT (!) keeping an eye on making this mapping be 1:1. Note, that file paths may also sit in sk-unix.img.
- Registers.
- Process names. (But relations should be kept).
- Contents of streams, i.e. pipe/fifo data, sk-queue, tcp-stream, tty data.
- Ghost files.
- Tarballs with tmpfs-s.
- IP addresses in sk-inet-s, ip tool dumps and net*.img.
Links:
- Anonymize image files
- https://github.com/checkpoint-restore/criu/issues/360
- CRIT, Images
- External links to mailing lists or web sites
Details:
- Skill level: beginner
- Language: Python
- Mentor: Pavel Emelianov <xemul@virtuozzo.com>
- Suggested by: Pavel Emelianov <xemul@virtuozzo.com>
Porting crit functionalities in GO
Summary: Implement image view and manipulation in Go
CRIU's checkpoint images are stored on disk using protobuf. For easier analysis of checkpoint files CRIU has a tool called CRiu Image Tool (CRIT). It can display/decode CRIU image files from binary protobuf to JSON as well as encode JSON files back to the binary format. With closer integration of CRIU in container runtimes it becomes important to be able to view the CRIU output files. Either for manipulation before restoring or for reading checkpoint statistics (memory pages written to disk, memory pages skipped, process downtime).
Currently CRIT is implemented in Python, for easier integration in other Go projects it is important to have image manipulation and analysis available from GO. This means we need a Go based library to read/modify/write/encode/decode CRIU's image files. Based on this library a Go based implementation of CRIT would be useful.
Links:
- CRIT
- Possible use case see LXD: https://github.com/lxc/lxd/blob/cb55b1c5a484a43e0c21c6ae8c4a2e30b4d45be3/lxd/migrate_container.go#L179
- https://github.com/lxc/lxd/pull/4072
- https://github.com/checkpoint-restore/go-criu/blob/master/phaul/stats.go
Details:
- Skill level: beginner
- Language: Go
- Mentor: Radostin Stoyanov <rstoyanov@fedoraproject.org>, Adrian Reber <areber@redhat.com>
- Suggested by: Adrian Reber <areber@redhat.com>
Use eBPF to lock and unlock the network
Summary: Use ePBF instead of external iptables-restore tool for network lock and unlock.
During checkpointing and restoring CRIU locks the network to make sure no network packets are accepted by the network stack during the time the process is checkpointed. Currently CRIU calls out to iptables-restore to create and delete the corresponding iptables rules. Another approach which avoids calling out to the external binary iptables-restore would be to directly inject eBPF rules. There have been reports from users that iptables-restore fails in some way and eBPF could avoid this external dependency.
Links:
- https://www.criu.org/TCP_connection#Checkpoint_and_restore_TCP_connection
- https://github.com/systemd/systemd/blob/master/src/core/bpf-firewall.c
Details:
- Skill level: intermediate
- Language: C
- Mentor: Radostin Stoyanov <rstoyanov@fedoraproject.org>, Adrian Reber <areber@redhat.com>
- Suggested by: Adrian Reber <areber@redhat.com>
Add support for SPFS
Summary: The SPFS is a special filesystem that allows checkpoint and restore of such things as NFS and FUSE
NFS support is already implemented in Virtuozzo CRIU, but it's very beneficial to port it to mainline CRIU. The importaint part of it is the need to implement the integration of Stub-Proxy File System (SPFS) with LXC/yet_another_containers_environment.
Links
- https://github.com/checkpoint-restore/criu/issues/60
- https://github.com/checkpoint-restore/criu/issues/53
- https://github.com/skinsbursky/spfs
- https://patchwork.criu.org/series/137/
Details:
- Skill level: expert
- Language: C
- Mentor: Alexander Mikhalitsyn <alexander@mihalicyn.com> / <alexander.mikhalitsyn@virtuozzo.com>
- Suggested by: Alexander Mikhalitsyn <alexander.mikhalitsyn@virtuozzo.com>
IOUring support
- Suggested by: Pavel Emelyanov <xemul@openvz.org>
CGroup-v2 support
- Suggested by: Andrei Vagin <avagin@gmail.com>
Dump shmem in user-mode
- Suggested by: Andrei Vagin <avagin@gmail.com>
- Suggested by: Pavel Emelyanov <xemul@openvz.org>