Download/criu
Jump to navigation
Jump to search
This page lists recent CRIU releases.
With 2.x, we decided to make several technologies available as standalone projects (e.g. Compel) and release new stuff faster than once every 3 months (see release schedule).
v. 2.8
Tarball: | criu-2.8.tar.bz2 |
Version: | 2.8 "Bronze Siskin" |
Released: | 14 Nov 2016 |
GIT tag: | v2.8 |
New features
- Ability to configure CRIU build
- Show statistics on the screen with
--display-stats
- C/R of Mac-Vlan devices
Optimizations/improvements
- x86 can now be built with clang
- When dumping files useless garbage was sent with descriptors from parasite
- The clear_tid_address and regs are printed in hex with CRIT
- Big code rework for compel (part 1)
- Removed duplicate error messages from opening /proc files
Fixes
- Restoring cgroup NS could use old path prefix
criu check
crashed on btrfs mounts- RO external mounts in userns couldn't be restored
- Unmounted on host binfmt_misc could cause dump to fail
- Off-by-one could cause criu crash when dumping shared / bind-mount
- Mount namespace' roots could have flags changed on restore
- Dying tasks could erroneously be tried to dump
- Swapped shared memory pages were not dumped
- Errno value can be sometimes spoiled by RPC
- Restore of netns with newer iproute2 tool could fail
Deprecated
v. 2.7
Tarball: | criu-2.7.tar.bz2 |
Version: | 2.7 "Rubber Owl" |
Released: | 17 Oct 2016 |
GIT tag: | v2.7 |
New features
- Option
--cgroup-root
now makes sense on dump too - CLOCK_BOOTTIME timer supported
Optimizations/improvements
- Output of iptables command leaked into logs for no use
- Helper dev environment installation script for Debian
- Man-page updated and prettified :)
Fixes
- Unmounted binfmt_misc with rules wasn't dumped at all
- Malloc() error could result in crash
- Device cgroup restore could fail restoring empty record
- Some entries in device cgroups were restored twice
- Potential crash when dumping cgroup bindmounts
- Sign error caused dump to fail on btrfs partitions
- Shared mounts with the same mount path failed the dump
- Threads were restored with unshared FS (cwd and root)
- Shared memory changes tracking disabled (regression found)
- Restore of autofs can hang
- LSM profile propagation could be lost
- Mountpoint with lots of options blocked the dump (too small buffer for parsing)
- External slave mount (with external master) blocked the dump
- Mounts with STRICTATIME restored with others flags dropped
Deprecated
- No reg-file entry for TTYs
v. 2.6
Tarball: | criu-2.6.tar.bz2 |
Version: | 2.6 "Paper Crane" |
Released: | 12 Sep 2016 |
GIT tag: | v2.6 |
New features
- Ability to leave process stopped after restore
- Memory changes tracking for anonymous shared memory
- Shared memory images deduplication too, as a part of it
- Deprecation option/environment
- First error message is reported back via RPC
- C/R of
- More IPCNS sysctls
- xIDs of PTYs
- TMEM on PPC64LE
Optimizations/improvements
- Use service FD for transport sockets on restore
- Ability to turn pagemap-cache off (some kernels are buggy)
- The
criu --help
text has become better
Fixes
- R/O-mounted root could block the dump
- Restore of cgroup.mm.oom_control could fail
- Cgroup fs bind mounts were detected with error
- Unaligned futex-es in parasite could cause dump to crash
- When compiled with gcc-4.9 parasite code crashed
- Failure to freeze cgroup didn't result in aborting of dump
- Wrong ns list was parsed when dumping userns (invisible since nesting works only for mntns)
- Non-inheritable non-tty as stdin caused shell-job restore to erroneously fail
- Error path in
criu dedup
could crash
Deprecated
- Per-pid rlimit, itimers and posix-timers
- Separate image for epoll tfds (target file descriptors)
v. 2.5
Tarball: | criu-2.5.tar.bz2 |
Version: | 2.5 "Concrete Oriole" |
Released: | 15 Aug 2016 |
GIT tag: | v2.5 |
New features
- C/R
- fs.mqueue.msg*_default sysctls
- Unix sockets with overwritten paths
- Link-remap files in removed directories
Optimizations/improvements
- Micro-optimization on namespace ID evaluation
- Restoring shared files uses one socket instead of per-fd ones
- More verbosity when refusing to dump a file descriptor
Fixes
- Restore could fail on openat() with ENXIO when multiple mnt namespaces get restored
- The criu exec action got broken
- Link-remap and ghost files remained on FS after restore failure
- TCP window could remain clamped after restore resulting in connection lockup/slowdown
- Dump could stuck when injecting a parasite
- The
--timeout
option wasn't taken into account when freezing tasks using freezecg - Race in freezeing/seizing could result in lost tasks
- Memory leaks here and there on error paths
- Double free in xvstrcat (crash)
- VDSO length was mis-calculated
- Symlink on
--root
path could make restore erroneously fail - Potential memory corruption on reading mntns images
- When restoring on systems with low pid_max limit restore could fail
- RO-protected SysV shmem segments could be restored with PROT_EXEC
- File mode of mapped file was evaluated with errors
- Restore of cgroups' mem.swappines and ..use_hierarchy blocked sub-groups creation
- Impossible to restore cgoup mem.swappines default value
- Zombies living in orphan sessions/groups failed the restore
v. 2.4
Tarball: | criu-2.4.tar.bz2 |
Version: | 2.4 "Marble Lark" |
Released: | 11 Jul 2016 |
GIT tag: | v2.4 |
New features
- Generate core from images
- Ability to forcibly drop half-open TCP connections on C/R
- Ability to specify cgroup ctls to dump via API
- Opened/mapped files' mode is compared between dump and restore times
- C/R of
- AutoFS mountpoints
- New cgroups (perf_event, net_cls, net_prio and pids)
- Memcgroup optional properties
- Devices cgroup
Optimizations/improvements
- Pagemap image entries are cached in memory
Fixes
- Configured kmem cgroup limit restore failed
- Mem cgroup oom_control
- Cgroup's pids.max was not C/R-ed
- Failure to write cgroup property was ignored
- No init PID in pre-dump action script
- Sigactions inheritance didn't work on ARM
- Opened "/proc" dir blocked the dump
- Working with iptables was racy
- Sibling mounts detection error on dump
- Devconf accept_redirects devconf could be restored with errors
- "All" devconfs could be overridden by "Default"
- Name-less unix sockets got auto-bound
- Mode was lost for PTY device file on restore
- Newer protobuf compilers didn't recognize PB files
- External mounts could be remounted with MS_PRIVATE
- Build fail on Alpine Linux
Deprecated/removed
- Per-pid file locks images
- Per-pid fdinfo images
- Ancient pagemap/pages images
v. 2.3
Tarball: | criu-2.3.tar.bz2 |
Version: | 2.3 "Wooden Duck" |
Released: | 14 Jun 2016 |
GIT tag: | v2.3 |
New features
- Ability not to show payload for some objects in CRIT
- Pidfile is written at the end of restore
- Ability to join existing namespaces on restore
- C/R of
- Data sitting in TTYs
- Partially write-protected SysVIPC segments
- Debugfs and tracefs mounts
- Overmounted tmpfs
- IPv6 devconf sysctls
- External block devices
- Unix sockets with mismatched shutdown state
Optimizations/improvements
- Relaxed calculation of AIO ring size
- Tree-based search of tasks by real pid
- Less mem-to-mem copies on restore
- Saner devconf image format
- More verbose explanation of why task cannot be seized
- PID is printed in PIE logs
Fixes
- Too many mmap-ed files blocked the dump
- Potential memory corruption when working with IPv6 sockets
- Overmounted bind mounts could cause restore to fail
- Overmounted bind mounts could result in badly restored mount tree
- Incomplete restoration of RO bind mounts options
Deprecated/removed
- Greedy mode of pagemap (non-root) caused dump to fail (disabled)
v. 2.2
Tarball: | criu-2.2.tar.bz2 |
Version: | 2.2 "Carbon Nightingale" |
Released: | 16 May 2016 |
GIT tag: | v2.2 |
New features
- Uninstall action in Makfilefile
- "Post-resume" added to action scripts
- Root task's PID in environment for action scripts
- C/R of
- Devconfs drop_gratuitous_arp and drop_unicast_in_l2_multicast
- * Serial ttys
Optimizations/improvements
- Lighter link-remaps restore on newer kernels
Fixes
- Race when restoring userns vs setting ns' maps
- Tasks with zero fds failed the dump
- Restore of TCP recv queue could fail due to kernel mem alloc constraints
- No errors were written to logs when launching helper (tar/iptables) app in userns restore
- User-mode dumped no memory pages sometimes
- Bind mounts considered not as bind sometimes
- Two mounts in the same directory blocked the dump
- Off-by in on /dev/tty{1,63} dumping
- Forking of cgroupns task was done with screwed clone flags
Deprecated/removed
- Greedy mode of pagemap dumping (on some kernels we do not support user-mode)
- Removed the --namespaces option
v. 2.1
Tarball: | criu-2.1.tar.bz2 |
Version: | 2.1 "Steel Lapwing" |
Released: | 11 Apr 2016 |
GIT tag: | v2.1 |
New features
- Checking now classifies features to important/extra/experimental
- Ability to bring some disk files into images. See $source/scripts/tmp-files.sh
- C/R of
- Completed AIO requests
- Fallback gre and gretap net devices
Optimizations/improvements
- Code coverage collecting now works
- Use native rtnl library for netlink messages processing
- Using
--output -
now results in stdout as log, not a file with the name "-" - Signals are printed by names in logs
Fixes
Make tar
generated tarbal with bad name- CG restore code lacked rollback in some places
- Error code from raw syscalls was treated with errors resulting in wrong
criu check
reports - Dumping task with HUGE amount of file descriptors failed
- Task could be stopped after pre-dump if respective option was used
- A /proc/pid directory from dead process conflicting with a new alive one could cause dump to fail
- Zombie from alien session/process group caused restore to fail
- CGroup fs was wrongly mounted in CGNS on restore
- Irmap scan was mis-checking devices numbers
- Use-after-free in irmap scan
- Btrfs bindmounts detection was mistaken due to 'subvol=' options met
- Propagation of mountpoint's shared groups was lost for propagated mounts
- Unaligned allocations of restore shared memory could result in codedumps when used by futexes
- Temporary mountpoints could result in spurious propagations
- When aborting the dump criu could crash on use-after-free objects
- Locking the network could stuck doing the DNS resolve
- Several build fixes
Deprecated/removed
- The images from criu prior to 0.4 are deprecated
- The
--namespaces
option makes no sense and is also deprecated - The
--ms
option for check action is deprecated
v. 2.0
Tarball: | criu-2.0.tar.bz2 |
Version: | 2.0 |
Released: | 7 Mar 2016 |
GIT tag: | v2.0 |
New features
- New code layout for sub-projects (e.g. Compel)
- Unprivileged dump
- Dump/check cpuinfo support for PPC
- Explorers for CRIT
- Added "post-setup-namespaces" to action scripts
- Added timeout for dump procedure (5 sec by default)
- Ability to override LSM profile on restore with CLI/RPC option
- External bind mounts can be fs-root mounts too
- Skip netns' internals on dump and restore (for Docker integration)
- Advanced support for external files
- C/R for
- Mode and uid/gid of cgroup files and dirs
- Freeze cgroup state (frozen/thawed)
- Task's loginuid and oom score
- Per-thread credentials
- Filter mode of seccomp
- Ghost file in removed directory
- Ghost files lutimes
- Binfmt-misc FS contents
- Netfilter conntracks and expectations
- Multi-headed cgroups
- CGroup namespaces (no nesting)
Optimizations/improvements
- Align parasite stack on 16 bits for correctness
- Compilation with native libc syscall wrappers and helpers
- Parasite code injection done via memfd system call
- Make vaddr to pfn conversion with one less syscall
- CRIT shows device numbers in "maj:min" manner
- CRIT shows mmap's status in verbose
- Docker files for builds on all supported arches
Fixes
- Absent readlink syscall on ARM (use readlinkat instead) could cause dump to fail
- Wrong argument to timer_create system call could cause restore to crash
- Extra tasks in freeze cgroup caused dump to fail/hand/crash
- Unaligned restore-time object allocations caused lock operations to fail
- Opened /proc/pid dir of dead task failed the dump
- Unaligned stacks caused criu to fail on aarch64
- Changed device numbers on restore side could cause random failures
- Fixes in mount points sharing/slavery/propagation restore
- Race between mntns creation and fds closing in different tasks could cause restore to fail
- Hard kernel limit on TCP repair recv queue restore could cause big queue restore to fail
- Unconnected dgram UNIX socket with data lost packets on restore
- CRIT didn't show IPC objects
- CRIT didn't convert IP addresses in images
- Logs from PIE code contained corrupted addresses and sizes
- Not loaded netfilter modules could cause dump/restore to stuck on dumping netlink socket
- Shared external mounts were restored with error
Security
- User-mode
- When checking for namespaces' CRIU entered userns with host creds
Deprecated/removed
- Completely removed 'show' action. Use CRIT instead.