Download/criu/1.x
Jump to navigation
Jump to search
This page lists older (1.x) CRIU releases. For recent releases, see Download/criu.
v. 1.8
Tarball: | criu-1.8.tar.bz2 |
Version: | 1.8 |
Released: | 7 Dec 2015 |
GIT tag: | v1.8 |
New features
- Ability to check CRIU features via RPC
- New zdtm.py test suite
- Pre-dump and pre-restore action scripts
- The "info" action in CRIT showing stats about image file
- More user-friendly output by CRIT
- Python API -- pycriu
- Ability to add custom paths to irmap scan
- C/R of
- read-only bind mounts
- IPv6 routes and iptables rules
- ip rules (it ip tool supports such)
- ignore_routes_with_linkdown netns devconf
- empty bridges in netns
- FILTER mode of seccomp
- IP_FREEBIND socket option
Optimizations/improvements
- Shared pie/non-pie .c files are built two times with proper flags
- VDSO code re-shuffled for better re-use between arches
- Failures of action scripts are reported in logs
- OpenVZ's VENET handling is tuned to fit the current kernel state
- Do not use hardcoded /dev/rts maj:min numbers
- Unsupported socket protocols are reported at expected place
- Slightly faster access to /proc files by using O_PATH open mode
- Improved page-server dump speed by keeping control over the Nagle algorithm
- Read pages.img in more optimal manner rather than page-by-page
- Less "Error"-s in logs, that actually don't lead to errors
- Slightly faster /proc/pid/status parsing
- Dead/live-locks on internal criu locks now emits a warning into logs
Fixes
- Page server flooded node with tw buckets during migration
- Turned off cgroups controllers weren't detected as such
- Netns sysctls from old images weren't properly restored
- Running process could be mistakenly stopped after --leave-running dump
- Helper processes run by CRIU produced fake error messages in logs
- Error code from sigaction restore could be missed
- Several potential buffers overruns due to missed '\0' after strcpy-s existed
- Killed processes after dump survived in zombie state for some time holding PIDs and resources
- If task had MANY children, the latter could be skipped on dump
- Task dying while being frozen could fail the dump
- On Aarch64 the upper limit for user memory was not properly detected sometimes
- Guess for TCP buffer max segment size was too optimistic (could fail the restore on low-mem machines)
- CRIT didn't decode userns images
- Ghost files were left in the FS tree after failed restore (blocking the next restore attempt)
- Some log messages from pie code were lost
- Some net/ipc/uts sysctls failed to restore in userns
- Move tasks int cgroups failed in userns
- Unsupported filesystems silently failed the dump
- External tmpfs (and some other) mounts generated tarballs with their contents
- Privately mapped files were picked from wrong mount namespace
- Controlling tty could be restored on wrong tty end
- Tmpfs mount of sub-namespace was restored from wrong image file
- Potential stack overflow in libcriu
- Partially-restored tasks could be left after failed restore
- In-container TCP connection sometimes failed to restore
- Race in sending SIGSTOP vs dump might cause dump to fail
- Post-restore actions could generate stats files in wrong directories
- Freeze-cgroup didn't take sub-cgroups' tasks into account
- Tentative state in IPv6 sockets binding prevented socket from being bound immediately
- Restoring from images with files pointing to /proc file of dead tasks could crash
- Tasks with STOP in queue (i.e. -- not yet stopped) were CONT-ed in case of --leave-running dump
- Stopped task with one more STOP in queue caused dump to stuck
- If parent task left the MNT namespace it created for children restore could BUG()
- Link-local IPv6 addresses sometimes failed to bind() at restore
Security
- Service run as root could allow users to violate ptrace policies
- Service run as root could give users access to privileged files and directories
v. 1.7.2
Tarball: | criu-1.7.2.tar.bz2 |
Version: | 1.7.2 |
Released: | 28 Oct 2015 |
GIT tag: | v1.7.2 |
Fixes
- Mounting container root on restore could sometimes switch to wrong root path
- The slave/shared option for CT root was lost on restore
- Duplicate slave mount points could appear on restore
- Fanotifies (inotifies) could be restored in wrong mount namespace (though on correct inode)
- Fanotifies (inotifies) on bind-mount-ed tmpfs file could fail the dump
- Kernel threads found in tree (OpenVZ containers case) blocked the dump
- Flat user namespace (0; \infty) restore failed
- Off-by-one in unix socket name handling
- IPC objects' UIDs and GIDs were not treated as userns ones
- Rcv and Snd buffers for sockets grew 2 times on restore
v. 1.7
Tarball: | criu-1.7.tar.bz2 |
Version: | 1.7 |
Released: | 7 Sep 2015 |
GIT tag: | v1.7 |
New features
- More flexible CGroups managing on restore
- Support for seccomp strict mode
- Support for stream unix sockets inheritance
- Support uid/gid-restricted mounts in userns
- Support deleted bind-mounts
- Freezer cgroups can be used on dump to freeze fast-spawning processes
- Ability to specify maximum ghost file size
- OverlayFS support
- Support relative unix sockets' bind paths
- In libcriu
- New set of calls using non-global opts
- Ability to pass existing connection to service
- Ability to start criu in swrk mode for all requests
- Arch-specific improvements
- Altivec and PSX support for PPC
- Small PIE loader
- Preparations for 32-bit x86
Optimizations/improvements
- Temporary proc mountpoint is mounted with nosuid, noexec and nodev
- Less memory copies when preparing restorer binary
- CRIT action "show" for less keystrokes on common use-case
- Fsnotify log messages now use hex everywhere :)
- CRIT output doesn't mix fields any more
Fixes
- CRIU binary couldn't be installed independently from man pages
- Root dir ignored in install: target
- Bug in restoring PPC floating point register
- SYSVIPC shmem was not attached on restore with PPC
- AIO ring ID was erroneously close()-d
- After dump+kill tasks remained in zombie states
- Race in zombies vs proc proxy tasks deaths resulted in restore spurious failure
- Restore got stuck when CRIU was called with blocked SIGCHILD
- Wrong page size value could be used on some ARM compilations
- Potential memory corruption when restoring an LSM profile
- Opened /dev/kmsg in WRONLY mode failed the restore
- Weird paths on tmpfs caused tar to fail
- Temporary cgroup mount set (cgyard) got propagated into the host tree
- Restore of inherited shared pipe failed
- Spaces, tabs and backslashes in mountpoints' paths caused dump to fail
- Tmpfs mounted with empty source caused dump to fail
- The criu.pc file contained bad version when built from tarball
- Deprecated -n option found in docs
- On aarch64 the maximum virtual address available for user-space was wrongly hardcoded
v. 1.6.1
Tarball: | criu-1.6.1.tar.bz2 |
Version: | 1.6.1 |
Released: | 12 Aug 2015 |
GIT tag: | v1.6.1 |
New features
- Support for relative paths for unix sockets
Fixes
- Crash when restoring netns from older images
- Race between unix sockets' connect and listen may cause restore to fail
- Multiple unix datagram clients restored server queue multiple times
v. 1.6
Tarball: | criu-1.6.tar.bz2 |
Version: | 1.6 |
Released: | 1 Jun 2015 |
GIT tag: | v1.6 |
New features
- PowerPC 64bit LE support
- Makefile.local for 3-rd party build rules
- Ability to "enable" filesystem on dump (--enable-fs)
- Ability to skip mountpoint on dump (--skip-mnt)
- Prepare to deprecate "criu show" command
- External mounts auto-detection
- External siblings resolving
- External sharing resolving
- /dev/tty (current terminal) support
- Netdev and netns (all/default) confs C/R
- Images v1.1 with extra magic at head
- Support fusectl (only ctl) mountpoint
- Sub-version format is now as of git-describe
- Apparamor labels C/R support
Optimizations
- Empty image files are not generated in image dir
- /proc/pid/fd/locks support for faster and non-intrusive locks dump
Fixes
- Cscope scanned symlinks on make tags
- Compilation with clang failed
- Improper PAGE_SIZE constant was used on Aarch64
- Selinux blocks attempt to inject parasite w/o any reasonable message
- Error code masked on some error paths
- O_APPEND files' changed size aborted restore
- Errno value could be overwritten by logging
- Mount namespace w/o /tmp could not be dumped
- Stats file generated in wrong dir sometimes
- MS_STRICTATIME mountpoint option was dropped on dump
- Read-only tmpfs mount failed to restore
- Some files were put into wrong places upon install target
- Service couldn't be enabled via systemd ctl after manual installation
- Parent's /proc/self files could be accessed by criu processes on restore
- When meeting unknown image file CRIT exited with exception instead of printing sane error message
v. 1.5.2
Tarball: | criu-1.5.2.tar.bz2 |
Version: | 1.5.2 |
Released: | 28 Apr 2015 |
GIT tag: | v1.5.2 |
Fixes
- Mutli-threaded tasks restored with error when --restore-sibling (Docker and LXC cases)
- Service (and swrk) couldn't receive too big RPC messages
v. 1.5.1
Tarball: | criu-1.5.1.tar.bz2 |
Version: | 1.5.1 |
Released: | 31 Mar 2015 |
GIT tag: | v1.5.1 |
New features
- Inheriting FDs now work in "swrk" RPC mode
- Restored pid is reported in post-restore RPC notification
Fixes
- Uninitialized ss in sigframe causes C/R failures on 4.0 kernel
- Cgroups' properties are initialized too late on restore
- Cgroups' destruction isn't performed in non detached mode
- Cgroups' destruction can fail on error paths
v. 1.5
Tarball: | criu-1.5.tar.bz2 |
Version: | 1.5 |
Released: | 2 Mar 2015 |
GIT tag: | v1.5 |
New features
- CRIT tool
- Ability to request CPU compatibility on instructions level only
- C/R of empty AIO rings
- More detailed errno report via RPC
- Per-feature "criu check"
- Inheriting FDs on restore
- Ability to automatically move veth device to host-side bridge on netns restore
- VT terminals support
- More user namespaces C/R stuff
- Sockets full support
- Invisible files
- TTYs
- FSnotifies
Optimizations
- TCP send queue is restored in the maximal portions allowed by the kernel
- Pre-loading sock-diag modules now happens in a more elegant way
Fixes
- Multi-threaded tasks on 64bit ARM could segfault upon restore
- When doing "check" CRIU could leave un-killed piggie task
- The --cpu-cap option argument was parsed with errors
- Incorrect handling of --cpu-cap fpu compatibility mode on restore
- Criu ignored trailing CLI arguments that resulted in usage confusions
- Irmap hints didn't include common "/" path
- When run per user request, CRIU left log and pid files belonging to root
- Mappings on AUFS could be looked up on wrong mount point
- Fixed compilation on Centos6.5
- Wrong /proc was used when reading the list of FDs to close on restore
- Race in restoring TCP established and listening sockets results in failed bind() on the latter
- Legacy ttys errorneously treated as unix98
- TTY pairs slavery setup could pick wrong peer
- For user-dump the log and pid files still belonged to root
- Task could die while being frozen thus causing dump to fail or save wrong task state
- Failures in mount points validation and sharing resolving didn't abort the dump (error arose on restore)
v. 1.4
Tarball: | criu-1.4.tar.bz2 |
Version: | 1.4 |
Released: | 1 Dec 2014 |
GIT tag: | v1.4 |
New features
- Dump and check cpuinfo. Needed to make sure CPU is capable to run the images after restore, e.g. during live migration
- Initial support for user namespaces
- Use memfd to restore shared memory segments
- New (slightly faster) API for mm stuff restore via prctl
- [UG]ID-s are dumped from parasite, not from /proc files
- The docker_cr.sh script to show how Docker container C/R should (will) look like
- New API for writing plugins (old one is still possible)
- Service workers change their title to better look in ps output
- Ability to feed socket for pre-dump and page-server in swrk mode
- Page-server can auto-bind its port
- Ability to perform several actions during one connection to RPC service
- C/R of opened /proc/$pid/foo files of dead tasks
- C/R of /dev/console
- C/R of virtualized devtmpfs (openvz and future upstream kernels)
- C/R of empty mqueue fs (posix message queues)
- C/R of shared bind-mounts
Optimizations
- BFD engine
- Faster that glibc's FILE * buffered read from /proc files
- Buffered image files IO
- Faster parasite/restorer unload
- Use HW breakpoints
- Less ptrace GETREGS calls sometimes
- Wake pie after sending the FINI command to socket
- Merged some pairs of images into one
- eventpoll and -tfd
- inotify and -wd
- fsnotify and -mark
- Less setns()-s on dump is much faster on older kernels
- Faster access to /proc/self files -- cached fd of /proc/self and openat(this_cache)
Fixes
- Sibling restore mode didn't set up CRIU signals properly
- Unpredictable sibling/child root task restore. Fixed with explicit CLI option
- Validation for leaf mount points was skipped
- Mount options were corrupted on dump, which resulted in errors bind mounts detection
- Uninitialized properties of some cgroups prevented moving tasks into them (e.g. empty cpuset masks and low memcg limit)
- File locks could belong to task with different pid (inherited on fork) blocked the dump
- Bogus error printed in logs about SIGCHLD catch (was caused by thread dump using traps)
- Irmap engine accessed freed root_task on pre-dump
- Restore of net namespace could always fail (pid mismatch on fork) if kernel thread was created on netns setup
- Cgroups service descriptor was closed too early and failed restore
- Auto-loaded *diag modules caused audit netlink socket to contain data on dump (dump fails in this case)
- The "(deleted)" prefix accumulated in unlinked files while doing C/R
- The devpts filesystem and ptmx file were only dumped when found on /dev/pts and /dev respectively
- Data in netlink socket and fanotify was lost after C/R (now dump is aborted if data found in it)
- Fanotify mark was restore in different mount namespace
- Images were writable by group. Not secure when user-dump was requested
- Rootfs has parent id equal to self. CRIU didn't expect this and failed the dump
- Shared mount of the --root path failed the restore
- Absence (e.g. not compiled in) of any namespace in the kernel failed the dump
- Page-server incremental dump didn't detect new tasks properly and failed the stage
- Big TCP queues sometimes failed to get restored
- Incremental pre-dump could lose track of memory changes by task
v. 1.3.1
Tarball: | criu-1.3.1.tar.bz2 |
Version: | 1.3.1 |
Released: | 12 Sep 2014 |
GIT tag: | v1.3.1 |
Fixes
- Sibling restore mode didn't set up CRIU signals properly
- Unpredictable sibling/child root task restore. Fixed with explicit CLI option
- Validation for leaf mount points was skipped
- Mount options were corrupted on dump, which resulted in errors bind mounts detection
v. 1.3
Tarball: | criu-1.3.tar.bz2 |
Version: | 1.3 |
Released: | 1 Sep 2014 |
GIT tag: | v1.3 |
New features
- TimerFD support
- VVAR area (newer kernels' part of VDSO) support
- CGroups hierarchies support
- AUFS support (for Docker)
- PDeathSig support
- Check for opened file's size on dump and restore is the same
- Ability to restore tasks as children using libcriu (
criu_restore_child
) - Add pkgconfig file for libcriu
- CRTOOLS_IMAGE_DIR variable available in action scripts
Optimizations
- Merged images with pending signal into core
- Per-task images with file locks are merged into one big image
- Smaller tasks orchestration memory area on restore
- Sigactions are inherited on restore when possible, not overwritten
- ZDTM suite now executes tests in parallel
Fixes
- Dump failed if robust lists were off
- Link remaps on tmpfs mounts were not dumped
- Non root tasks with custom groups couldn't dump its peers (Security)
- Opened and unlinked FIFOs, dirs and devices were restored as regular files
- Files opened from alien mount namespace were restored in the local one
- Link remap name sometimes was generated with error
- Opened and removed cwd couldn't be restored
- Sysctl kernel.msgmni was overwritten by subsequent auto_msgmni
- Library and RPC APIs didn't match the CLI one
- Some external mounts were constantly "postponed" and never got mounted
- The self.mm_dumpable prlctl value of 2 caused restore to fail
- Errors when writing sysctls with tail \n
- The
criu show
printed nested repeated fields corrupted - Dump stats were initialized with garbage
- Restore sometimes stuck on waiting for inet socket port bind
- Spurious SIGHUP when restoring slave ttys
- Restore wasn't aborted if sub-task failed early
v. 1.3-rc2
Tarball: | criu-1.3-rc2.tar.bz2 |
Version: | 1.3-rc2 |
Released: | 18 Jun 2014 |
GIT tag: | v1.3-rc2 |
New features
- Native (w/o plugins) c/r of external bind mounts
- C/R of the info in which cgroups tasks live
- C/R of task's dumpable flag
- Dump pstore, securityfs, fusectl and debugfs mountpoints
Fixes
- VDSO was searched on stack's guard page
- Mount namespace w/o /proc mount blocked the restore
- Several misses in searching for COW VMA resulted in sub-optimal pages sharing on restore
- FIFO-s path was restored in wrong mount namespace
- Mountpoint fsnotify could be restored on a bind-mount
- One tmpfs mounted several times was dumped several times
- Bind-mount's root path of the top mount was calculated with error
- Fix device number calculation out of major:minor on some distros
- Devpts mount options got lost on dump
- Page-pipes grew endlessly resulting in dump failures on big VMAs
- IO and PF mappings were tried to be dumped
- Two merged MAP_GROWSDOWN VMAs got dumped with overlapping guard page
- Too small shared area was used to fetch tasks mappings that resulted in failed dump of huge mappings
- Many fixes in build system
- Zdtm's COW test sometimes ignored COW failures
v. 1.3-rc1
Tarball: | criu-1.3-rc1.tar.bz2 |
Version: | 1.3-rc1 |
Released: | 25 Apr 2014 |
GIT tag: | v1.3-rc1 |
New features
- AArch64
- Multiple mount namespaces
- FPU state restore control
- Restore old FPU state on newer CPUs
- Ability to ignore FPU restoration
- Support stopped multi-threaded tasks
- CRIU now can execv() other binary right after restore is complete
- Inode-reverse mapping can be enforced to allow live-migration with FS copying
- Gold linker can now be used to compile CRIU
- "Berserker" test to check CRIU scalability
- Punch pages from mem images on restore (optimizes live-migration)
Optimizations
- Batched deduplication of memory images
- Packed rlimits into core image
- Packed timers into core image
Fixes
- Bad checks for
kcmp()
ret codes resulted in errors in file sharing detection - Multiple mmaps of same files with different flags blocked the restore
- Integer overflow in huge mapping restore caused restoration failure
- devpts's
newinstance
option was lost during dump - Subsequent dump could try to find old mem dump for newly forked task
- Bad detection of overmounted mountpoints on fsnotify restore
- Page-server could read partial message and failed
- Errors in dumping of two subsequent anon VMAs in some cases
- Irmap mis-compared devices for disk FSs
- TMPFS handles always change during dump/restore
- Pre-dump sometimes hangs on FIFOs
- Post-restore script fails too late (if does it)
v. 1.2
Tarball: | criu-1.2.tar.bz2 |
Version: | 1.2 |
Released: | 26 Feb 2014 |
GIT tag: | v1.2 |
New features
- Performance improvements
- Shared entries in reg-files image
- Less accesses to
/proc/$pid/map_files
links - Cache for
/proc/$pid/pagemap
reads - VDSO page is seeked only in anonymous mappings
- Task's auxv is read in one call
- Merged mm and vma image files for better packing
- NFS inodes' path resolution (for fsnotify) cache
- One
readlink()
call when checking anon inodes - Don't dump kernel's zero-page
- Parse fast
/proc/self/maps
when searching for hole for restorer - A bit faster write into image files with
writev()
- Library versioning
- RPC API got closer to CLI
- Suitable for live migration project
- Action-scripts via RPC notification messages
- New "post-restore" call in action scripts
- Logrotate rules file
- Default log file for service when starting via systemd
Fixes
- A lot for ARM cross-compile
- Fsnotifies dumping didn't work on NFS
- Images auto-deduplication only worked one level up
- Packet socket ID was treated as file-descriptor and close()-d
- Badly counted pages stats on restore
- Linked remap name conflict when dump and restore on NFS
- Sporadic failures in memory draining due to huge pipes used
- Broken
criu show
of repeated fields - Failure to open mountpoint in foreign pid namespace
- Unlinked bound unix socket dump error
- Small memory leak when writing to incremental image(s)
- Restoring fsnotify for links results in ELOOP
- Host's PATH is not suitable when execv-ing tar/ip/iptable to restore namespace (workaround, proper fix will be in 1.3)
- Using subdirs in log file name via RPC breaks security
v. 1.1
Tarball: | criu-1.1.tar.bz2 |
Version: | 1.1 |
Released: | 28 Jan 2014 |
GIT tag: | v1.1 |
Fixes
- Errors from memory dumping are not handled resulting in corrupted dumps
- EOF detection in stacked images is done with error
- Stacked images don't work on non-shared FS (missing pagemap-s)
v. 1.1-rc2
Tarball: | criu-1.1-rc2.tar.bz2 |
Version: | 1.1-rc2 |
Released: | 20 Jan 2014 |
GIT tag: | v1.1-rc2 |
Fixes
- Crash in
criu check
- RPC check always fail on 3.11 kernel
- Failed fork() didn't abort restore
- Dump fail not reported via RPC
- RPC client disconnect wasn't handled
- Page server could connect to self for writing images
- Hang on pre-dumping task livig in net-namespace
- VDSO page mis-handle on pre-dump
- FPU state loss on pre-dump
- Memory tracking turns ON w/o request
- Various fixes (and improvements) in build system
v. 1.1-rc1
Tarball: | criu-1.1-rc1.tar.bz2 |
Version: | 1.1-rc1 |
Released: | 30 Dec 2013 |
GIT tag: | v1.1-rc1 |
New features
- libcriu.so -- wrapper library for RPC clients
- Plugins
- External unix sockets
- External bind mounts
- External net devices
- Unknown file types
- Images deduplication in incremental dumps
- Integration with systemd
- Filtering of
criu show
output
Note: The API defined in the first two items above may change after -rc1 |
Fixes
- Errors in unlinked files/sockets detection on BTRFS
- NFS silly-rename files are not treated as unlinked
- Freezer fail to seize quickly forking/pthread_create-ing tasks
- Extra stop signal queued for stopped tasks after pre-dump
- Wrong dying task state detection
- Lost RPC dump response
- Crash when reporting restore error via RPC
- Negative return code into shell
- Tasks left in wrong states after failed dump
- A little bit more verbose check action
- Coverity checks fail here and there
v. 1.0
Tarball: | criu-1.0.tar.bz2 |
Version: | 1.0 |
Released: | 25 Nov 2013 |
GIT tag: | v1.0 |
Fixes
- After --leave-running linked remaps were not cleaned
- TCP was left locked after --leave-running
- Weak criteria in memory COW detection
- Private mapping's premmapped address overwrote file ID
- Restorer memory could overlap with timers/signals arrays
- RPC worker reused options from service task
- Suboptimal memory utilization by restorer arguments
- TCP unsent/unacked data boundary was lost
- Wrong dev_t decoding on 64 bit
- Unpredictable daemons (service and page-service) working dir
- Parasite stack could be corrupted by its arguments
- Error from exe link restore was ignored
- Artificial small limit on the number of shared memory segments to restore
- Bug in ARM VFP restore
- VDSO proxy was unmapped at the very end of restore
New features
- -W option to specify working dir
- CHECK request in RPC
- Optimized headers
- More info in logs about undumpable files
- More comments about tricky dump/restore places
- Generic memory allocation for restorer
See also
- Download/criu for recent releases
- Download/criu/0.x for pre-1.x releases