Download/criu

Revision as of 23:56, 4 October 2016 by Kir (talk | contribs) (move release schedule to intro, rephrase it)

This page lists recent CRIU releases. With 2.x we decided to make several technologies available as standalone projects (e.g. Compel) and release new stuff faster than once every 3 months (see release schedule).

v. 2.6

Tarball: criu-2.6.tar.bz2
Version: 2.6 "Paper Crane"
Released: 12 Sep 2016
GIT tag: v2.6

New features

Optimizations/improvements

  • Use service FD for transport sockets on restore
  • Ability to turn pagemap-cache off (some kernels are buggy)
  • The criu --help text has become better

Fixes

  • R/O-mounted root could block the dump
  • Restore of cgroup.mm.oom_control could fail
  • Cgroup fs bind mounts were detected with error
  • Unaligned futex-es in parasite could cause dump to crash
  • When compiled with gcc-4.9 parasite code crashed
  • Failure to freeze cgroup didn't result in aborting of dump
  • Wrong ns list was parsed when dumping userns (invisible since nesting works only for mntns)
  • Non-inheritable non-tty as stdin caused shell-job restore to erroneously fail
  • Error path in criu dedup could crash

Deprecated

  • Per-pid rlimit, itimers and posix-timers
  • Separate image for epoll tfds (target file descriptors)

v. 2.5

Tarball: criu-2.5.tar.bz2
Version: 2.5 "Concrete Oriole"
Released: 15 Aug 2016
GIT tag: v2.5

New features

  • C/R
    • fs.mqueue.msg*_default sysctls
    • Unix sockets with overwritten paths
    • Link-remap files in removed directories

Optimizations/improvements

  • Micro-optimization on namespace ID evaluation
  • Restoring shared files uses one socket instead of per-fd ones
  • More verbosity when refusing to dump a file descriptor

Fixes

  • Restore could fail on openat() with ENXIO when multiple mnt namespaces get restored
  • The criu exec action got broken
  • Link-remap and ghost files remained on FS after restore failure
  • TCP window could remain clamped after restore resulting in connection lockup/slowdown
  • Dump could stuck when injecting a parasite
  • The --timeout option wasn't taken into account when freezing tasks using freezecg
  • Race in freezeing/seizing could result in lost tasks
  • Memory leaks here and there on error paths
  • Double free in xvstrcat (crash)
  • VDSO length was mis-calculated
  • Symlink on --root path could make restore erroneously fail
  • Potential memory corruption on reading mntns images
  • When restoring on systems with low pid_max limit restore could fail
  • RO-protected SysV shmem segments could be restored with PROT_EXEC
  • File mode of mapped file was evaluated with errors
  • Restore of cgroups' mem.swappines and ..use_hierarchy blocked sub-groups creation
  • Impossible to restore cgoup mem.swappines default value
  • Zombies living in orphan sessions/groups failed the restore

v. 2.4

Tarball: criu-2.4.tar.bz2
Version: 2.4 "Marble Lark"
Released: 11 Jul 2016
GIT tag: v2.4

New features

  • Generate core from images
  • Ability to forcibly drop half-open TCP connections on C/R
  • Ability to specify cgroup ctls to dump via API
  • Opened/mapped files' mode is compared between dump and restore times
  • C/R of
    • AutoFS mountpoints
    • New cgroups (perf_event, net_cls, net_prio and pids)
    • Memcgroup optional properties
    • Devices cgroup

Optimizations/improvements

  • Pagemap image entries are cached in memory

Fixes

  • Configured kmem cgroup limit restore failed
  • Mem cgroup oom_control
  • Cgroup's pids.max was not C/R-ed
  • Failure to write cgroup property was ignored
  • No init PID in pre-dump action script
  • Sigactions inheritance didn't work on ARM
  • Opened "/proc" dir blocked the dump
  • Working with iptables was racy
  • Sibling mounts detection error on dump
  • Devconf accept_redirects devconf could be restored with errors
  • "All" devconfs could be overridden by "Default"
  • Name-less unix sockets got auto-bound
  • Mode was lost for PTY device file on restore
  • Newer protobuf compilers didn't recognize PB files
  • External mounts could be remounted with MS_PRIVATE
  • Build fail on Alpine Linux

Deprecated/removed

  • Per-pid file locks images
  • Per-pid fdinfo images
  • Ancient pagemap/pages images

v. 2.3

Tarball: criu-2.3.tar.bz2
Version: 2.3 "Wooden Duck"
Released: 14 Jun 2016
GIT tag: v2.3

New features

  • Ability not to show payload for some objects in CRIT
  • Pidfile is written at the end of restore
  • Ability to join existing namespaces on restore
  • C/R of
    • Data sitting in TTYs
    • Partially write-protected SysVIPC segments
    • Debugfs and tracefs mounts
    • Overmounted tmpfs
    • IPv6 devconf sysctls
    • External block devices
    • Unix sockets with mismatched shutdown state

Optimizations/improvements

  • Relaxed calculation of AIO ring size
  • Tree-based search of tasks by real pid
  • Less mem-to-mem copies on restore
  • Saner devconf image format
  • More verbose explanation of why task cannot be seized
  • PID is printed in PIE logs

Fixes

  • Too many mmap-ed files blocked the dump
  • Potential memory corruption when working with IPv6 sockets
  • Overmounted bind mounts could cause restore to fail
  • Overmounted bind mounts could result in badly restored mount tree
  • Incomplete restoration of RO bind mounts options

Deprecated/removed

  • Greedy mode of pagemap (non-root) caused dump to fail (disabled)

v. 2.2

Tarball: criu-2.2.tar.bz2
Version: 2.2 "Carbon Nightingale"
Released: 16 May 2016
GIT tag: v2.2

New features

  • Uninstall action in Makfilefile
  • "Post-resume" added to action scripts
  • Root task's PID in environment for action scripts
  • C/R of
    • Devconfs drop_gratuitous_arp and drop_unicast_in_l2_multicast
  • * Serial ttys

Optimizations/improvements

  • Lighter link-remaps restore on newer kernels

Fixes

  • Race when restoring userns vs setting ns' maps
  • Tasks with zero fds failed the dump
  • Restore of TCP recv queue could fail due to kernel mem alloc constraints
  • No errors were written to logs when launching helper (tar/iptables) app in userns restore
  • User-mode dumped no memory pages sometimes
  • Bind mounts considered not as bind sometimes
  • Two mounts in the same directory blocked the dump
  • Off-by in on /dev/tty{1,63} dumping
  • Forking of cgroupns task was done with screwed clone flags

Deprecated/removed

  • Greedy mode of pagemap dumping (on some kernels we do not support user-mode)
  • Removed the --namespaces option

v. 2.1

Tarball: criu-2.1.tar.bz2
Version: 2.1 "Steel Lapwing"
Released: 11 Apr 2016
GIT tag: v2.1

New features

  • Checking now classifies features to important/extra/experimental
  • Ability to bring some disk files into images. See $source/scripts/tmp-files.sh
  • C/R of
    • Completed AIO requests
    • Fallback gre and gretap net devices

Optimizations/improvements

  • Code coverage collecting now works
  • Use native rtnl library for netlink messages processing
  • Using --output - now results in stdout as log, not a file with the name "-"
  • Signals are printed by names in logs

Fixes

  • Make tar generated tarbal with bad name
  • CG restore code lacked rollback in some places
  • Error code from raw syscalls was treated with errors resulting in wrong criu check reports
  • Dumping task with HUGE amount of file descriptors failed
  • Task could be stopped after pre-dump if respective option was used
  • A /proc/pid directory from dead process conflicting with a new alive one could cause dump to fail
  • Zombie from alien session/process group caused restore to fail
  • CGroup fs was wrongly mounted in CGNS on restore
  • Irmap scan was mis-checking devices numbers
  • Use-after-free in irmap scan
  • Btrfs bindmounts detection was mistaken due to 'subvol=' options met
  • Propagation of mountpoint's shared groups was lost for propagated mounts
  • Unaligned allocations of restore shared memory could result in codedumps when used by futexes
  • Temporary mountpoints could result in spurious propagations
  • When aborting the dump criu could crash on use-after-free objects
  • Locking the network could stuck doing the DNS resolve
  • Several build fixes

Deprecated/removed

  • The images from criu prior to 0.4 are deprecated
  • The --namespaces option makes no sense and is also deprecated
  • The --ms option for check action is deprecated

v. 2.0

Tarball: criu-2.0.tar.bz2
Version: 2.0
Released: 7 Mar 2016
GIT tag: v2.0

New features

  • New code layout for sub-projects (e.g. Compel)
  • Unprivileged dump
  • Dump/check cpuinfo support for PPC
  • Explorers for CRIT
  • Added "post-setup-namespaces" to action scripts
  • Added timeout for dump procedure (5 sec by default)
  • Ability to override LSM profile on restore with CLI/RPC option
  • External bind mounts can be fs-root mounts too
  • Skip netns' internals on dump and restore (for Docker integration)
  • Advanced support for external files
  • C/R for
    • Mode and uid/gid of cgroup files and dirs
    • Freeze cgroup state (frozen/thawed)
    • Task's loginuid and oom score
    • Per-thread credentials
    • Filter mode of seccomp
    • Ghost file in removed directory
    • Ghost files lutimes
    • Binfmt-misc FS contents
    • Netfilter conntracks and expectations
    • Multi-headed cgroups
    • CGroup namespaces (no nesting)

Optimizations/improvements

  • Align parasite stack on 16 bits for correctness
  • Compilation with native libc syscall wrappers and helpers
  • Parasite code injection done via memfd system call
  • Make vaddr to pfn conversion with one less syscall
  • CRIT shows device numbers in "maj:min" manner
  • CRIT shows mmap's status in verbose
  • Docker files for builds on all supported arches

Fixes

  • Absent readlink syscall on ARM (use readlinkat instead) could cause dump to fail
  • Wrong argument to timer_create system call could cause restore to crash
  • Extra tasks in freeze cgroup caused dump to fail/hand/crash
  • Unaligned restore-time object allocations caused lock operations to fail
  • Opened /proc/pid dir of dead task failed the dump
  • Unaligned stacks caused criu to fail on aarch64
  • Changed device numbers on restore side could cause random failures
  • Fixes in mount points sharing/slavery/propagation restore
  • Race between mntns creation and fds closing in different tasks could cause restore to fail
  • Hard kernel limit on TCP repair recv queue restore could cause big queue restore to fail
  • Unconnected dgram UNIX socket with data lost packets on restore
  • CRIT didn't show IPC objects
  • CRIT didn't convert IP addresses in images
  • Logs from PIE code contained corrupted addresses and sizes
  • Not loaded netfilter modules could cause dump/restore to stuck on dumping netlink socket
  • Shared external mounts were restored with error

Security

  • User-mode
  • When checking for namespaces' CRIU entered userns with host creds

Deprecated/removed

  • Completely removed 'show' action. Use CRIT instead.

Older releases