Difference between revisions of "Download/criu"

From CRIU
Jump to navigation Jump to search
(move release schedule to intro, rephrase it)
(separate intro into two paragraphs)
Line 1: Line 1:
This page lists recent CRIU releases. With 2.x we decided to make
+
This page lists recent CRIU releases.
several technologies available as standalone projects (e.g. [[Compel]])
+
 
 +
With 2.x, we decided to make several technologies available as standalone projects (e.g. [[Compel]])
 
and release new stuff faster than once every 3 months (see [[release schedule]]).
 
and release new stuff faster than once every 3 months (see [[release schedule]]).
  

Revision as of 23:57, 4 October 2016

This page lists recent CRIU releases.

With 2.x, we decided to make several technologies available as standalone projects (e.g. Compel) and release new stuff faster than once every 3 months (see release schedule).

v. 2.6

Tarball: criu-2.6.tar.bz2
Version: 2.6 "Paper Crane"
Released: 12 Sep 2016
GIT tag: v2.6

New features

Optimizations/improvements

  • Use service FD for transport sockets on restore
  • Ability to turn pagemap-cache off (some kernels are buggy)
  • The criu --help text has become better

Fixes

  • R/O-mounted root could block the dump
  • Restore of cgroup.mm.oom_control could fail
  • Cgroup fs bind mounts were detected with error
  • Unaligned futex-es in parasite could cause dump to crash
  • When compiled with gcc-4.9 parasite code crashed
  • Failure to freeze cgroup didn't result in aborting of dump
  • Wrong ns list was parsed when dumping userns (invisible since nesting works only for mntns)
  • Non-inheritable non-tty as stdin caused shell-job restore to erroneously fail
  • Error path in criu dedup could crash

Deprecated

  • Per-pid rlimit, itimers and posix-timers
  • Separate image for epoll tfds (target file descriptors)

v. 2.5

Tarball: criu-2.5.tar.bz2
Version: 2.5 "Concrete Oriole"
Released: 15 Aug 2016
GIT tag: v2.5

New features

  • C/R
    • fs.mqueue.msg*_default sysctls
    • Unix sockets with overwritten paths
    • Link-remap files in removed directories

Optimizations/improvements

  • Micro-optimization on namespace ID evaluation
  • Restoring shared files uses one socket instead of per-fd ones
  • More verbosity when refusing to dump a file descriptor

Fixes

  • Restore could fail on openat() with ENXIO when multiple mnt namespaces get restored
  • The criu exec action got broken
  • Link-remap and ghost files remained on FS after restore failure
  • TCP window could remain clamped after restore resulting in connection lockup/slowdown
  • Dump could stuck when injecting a parasite
  • The --timeout option wasn't taken into account when freezing tasks using freezecg
  • Race in freezeing/seizing could result in lost tasks
  • Memory leaks here and there on error paths
  • Double free in xvstrcat (crash)
  • VDSO length was mis-calculated
  • Symlink on --root path could make restore erroneously fail
  • Potential memory corruption on reading mntns images
  • When restoring on systems with low pid_max limit restore could fail
  • RO-protected SysV shmem segments could be restored with PROT_EXEC
  • File mode of mapped file was evaluated with errors
  • Restore of cgroups' mem.swappines and ..use_hierarchy blocked sub-groups creation
  • Impossible to restore cgoup mem.swappines default value
  • Zombies living in orphan sessions/groups failed the restore

v. 2.4

Tarball: criu-2.4.tar.bz2
Version: 2.4 "Marble Lark"
Released: 11 Jul 2016
GIT tag: v2.4

New features

  • Generate core from images
  • Ability to forcibly drop half-open TCP connections on C/R
  • Ability to specify cgroup ctls to dump via API
  • Opened/mapped files' mode is compared between dump and restore times
  • C/R of
    • AutoFS mountpoints
    • New cgroups (perf_event, net_cls, net_prio and pids)
    • Memcgroup optional properties
    • Devices cgroup

Optimizations/improvements

  • Pagemap image entries are cached in memory

Fixes

  • Configured kmem cgroup limit restore failed
  • Mem cgroup oom_control
  • Cgroup's pids.max was not C/R-ed
  • Failure to write cgroup property was ignored
  • No init PID in pre-dump action script
  • Sigactions inheritance didn't work on ARM
  • Opened "/proc" dir blocked the dump
  • Working with iptables was racy
  • Sibling mounts detection error on dump
  • Devconf accept_redirects devconf could be restored with errors
  • "All" devconfs could be overridden by "Default"
  • Name-less unix sockets got auto-bound
  • Mode was lost for PTY device file on restore
  • Newer protobuf compilers didn't recognize PB files
  • External mounts could be remounted with MS_PRIVATE
  • Build fail on Alpine Linux

Deprecated/removed

  • Per-pid file locks images
  • Per-pid fdinfo images
  • Ancient pagemap/pages images

v. 2.3

Tarball: criu-2.3.tar.bz2
Version: 2.3 "Wooden Duck"
Released: 14 Jun 2016
GIT tag: v2.3

New features

  • Ability not to show payload for some objects in CRIT
  • Pidfile is written at the end of restore
  • Ability to join existing namespaces on restore
  • C/R of
    • Data sitting in TTYs
    • Partially write-protected SysVIPC segments
    • Debugfs and tracefs mounts
    • Overmounted tmpfs
    • IPv6 devconf sysctls
    • External block devices
    • Unix sockets with mismatched shutdown state

Optimizations/improvements

  • Relaxed calculation of AIO ring size
  • Tree-based search of tasks by real pid
  • Less mem-to-mem copies on restore
  • Saner devconf image format
  • More verbose explanation of why task cannot be seized
  • PID is printed in PIE logs

Fixes

  • Too many mmap-ed files blocked the dump
  • Potential memory corruption when working with IPv6 sockets
  • Overmounted bind mounts could cause restore to fail
  • Overmounted bind mounts could result in badly restored mount tree
  • Incomplete restoration of RO bind mounts options

Deprecated/removed

  • Greedy mode of pagemap (non-root) caused dump to fail (disabled)

v. 2.2

Tarball: criu-2.2.tar.bz2
Version: 2.2 "Carbon Nightingale"
Released: 16 May 2016
GIT tag: v2.2

New features

  • Uninstall action in Makfilefile
  • "Post-resume" added to action scripts
  • Root task's PID in environment for action scripts
  • C/R of
    • Devconfs drop_gratuitous_arp and drop_unicast_in_l2_multicast
  • * Serial ttys

Optimizations/improvements

  • Lighter link-remaps restore on newer kernels

Fixes

  • Race when restoring userns vs setting ns' maps
  • Tasks with zero fds failed the dump
  • Restore of TCP recv queue could fail due to kernel mem alloc constraints
  • No errors were written to logs when launching helper (tar/iptables) app in userns restore
  • User-mode dumped no memory pages sometimes
  • Bind mounts considered not as bind sometimes
  • Two mounts in the same directory blocked the dump
  • Off-by in on /dev/tty{1,63} dumping
  • Forking of cgroupns task was done with screwed clone flags

Deprecated/removed

  • Greedy mode of pagemap dumping (on some kernels we do not support user-mode)
  • Removed the --namespaces option

v. 2.1

Tarball: criu-2.1.tar.bz2
Version: 2.1 "Steel Lapwing"
Released: 11 Apr 2016
GIT tag: v2.1

New features

  • Checking now classifies features to important/extra/experimental
  • Ability to bring some disk files into images. See $source/scripts/tmp-files.sh
  • C/R of
    • Completed AIO requests
    • Fallback gre and gretap net devices

Optimizations/improvements

  • Code coverage collecting now works
  • Use native rtnl library for netlink messages processing
  • Using --output - now results in stdout as log, not a file with the name "-"
  • Signals are printed by names in logs

Fixes

  • Make tar generated tarbal with bad name
  • CG restore code lacked rollback in some places
  • Error code from raw syscalls was treated with errors resulting in wrong criu check reports
  • Dumping task with HUGE amount of file descriptors failed
  • Task could be stopped after pre-dump if respective option was used
  • A /proc/pid directory from dead process conflicting with a new alive one could cause dump to fail
  • Zombie from alien session/process group caused restore to fail
  • CGroup fs was wrongly mounted in CGNS on restore
  • Irmap scan was mis-checking devices numbers
  • Use-after-free in irmap scan
  • Btrfs bindmounts detection was mistaken due to 'subvol=' options met
  • Propagation of mountpoint's shared groups was lost for propagated mounts
  • Unaligned allocations of restore shared memory could result in codedumps when used by futexes
  • Temporary mountpoints could result in spurious propagations
  • When aborting the dump criu could crash on use-after-free objects
  • Locking the network could stuck doing the DNS resolve
  • Several build fixes

Deprecated/removed

  • The images from criu prior to 0.4 are deprecated
  • The --namespaces option makes no sense and is also deprecated
  • The --ms option for check action is deprecated

v. 2.0

Tarball: criu-2.0.tar.bz2
Version: 2.0
Released: 7 Mar 2016
GIT tag: v2.0

New features

  • New code layout for sub-projects (e.g. Compel)
  • Unprivileged dump
  • Dump/check cpuinfo support for PPC
  • Explorers for CRIT
  • Added "post-setup-namespaces" to action scripts
  • Added timeout for dump procedure (5 sec by default)
  • Ability to override LSM profile on restore with CLI/RPC option
  • External bind mounts can be fs-root mounts too
  • Skip netns' internals on dump and restore (for Docker integration)
  • Advanced support for external files
  • C/R for
    • Mode and uid/gid of cgroup files and dirs
    • Freeze cgroup state (frozen/thawed)
    • Task's loginuid and oom score
    • Per-thread credentials
    • Filter mode of seccomp
    • Ghost file in removed directory
    • Ghost files lutimes
    • Binfmt-misc FS contents
    • Netfilter conntracks and expectations
    • Multi-headed cgroups
    • CGroup namespaces (no nesting)

Optimizations/improvements

  • Align parasite stack on 16 bits for correctness
  • Compilation with native libc syscall wrappers and helpers
  • Parasite code injection done via memfd system call
  • Make vaddr to pfn conversion with one less syscall
  • CRIT shows device numbers in "maj:min" manner
  • CRIT shows mmap's status in verbose
  • Docker files for builds on all supported arches

Fixes

  • Absent readlink syscall on ARM (use readlinkat instead) could cause dump to fail
  • Wrong argument to timer_create system call could cause restore to crash
  • Extra tasks in freeze cgroup caused dump to fail/hand/crash
  • Unaligned restore-time object allocations caused lock operations to fail
  • Opened /proc/pid dir of dead task failed the dump
  • Unaligned stacks caused criu to fail on aarch64
  • Changed device numbers on restore side could cause random failures
  • Fixes in mount points sharing/slavery/propagation restore
  • Race between mntns creation and fds closing in different tasks could cause restore to fail
  • Hard kernel limit on TCP repair recv queue restore could cause big queue restore to fail
  • Unconnected dgram UNIX socket with data lost packets on restore
  • CRIT didn't show IPC objects
  • CRIT didn't convert IP addresses in images
  • Logs from PIE code contained corrupted addresses and sizes
  • Not loaded netfilter modules could cause dump/restore to stuck on dumping netlink socket
  • Shared external mounts were restored with error

Security

  • User-mode
  • When checking for namespaces' CRIU entered userns with host creds

Deprecated/removed

  • Completely removed 'show' action. Use CRIT instead.

Older releases