Difference between revisions of "Download/criu/1.4"

From CRIU
Jump to navigation Jump to search
(Created page with "{{Release|1.4|1 Dec 2014}} === New features === * Dump and check cpuinfo (needed to make sure CPU is capable to run the images after restore) * Initial support for [[user...")
 
Line 2: Line 2:
  
 
=== New features ===
 
=== New features ===
* Dump and check [[cpuinfo]] (needed to make sure CPU is capable to run the images after restore)
+
* Dump and check [[cpuinfo]]. Needed to make sure CPU is capable to run the images after restore, e.g. during [[live migration]]
 
* Initial support for [[userns|user namespaces]]
 
* Initial support for [[userns|user namespaces]]
 
** Use memfd to restore shared memory segments
 
** Use memfd to restore shared memory segments
Line 8: Line 8:
 
** [UG]ID-s are dumped from parasite, not from /proc files
 
** [UG]ID-s are dumped from parasite, not from /proc files
 
* The docker_cr.sh script to show how Docker container C/R should (will) look like
 
* The docker_cr.sh script to show how Docker container C/R should (will) look like
* New API for writing [[plugins]] (old one is still possible))
+
* New API for writing [[plugins]] (old one is still possible)
* C/R of opened /proc/$pid/foo files of dead tasks
 
 
* Service workers change their title to better look in ps output
 
* Service workers change their title to better look in ps output
 
* Ability to feed socket for pre-dump and page-server in swrk mode
 
* Ability to feed socket for pre-dump and page-server in swrk mode
 
* Page-server can auto-bind its port
 
* Page-server can auto-bind its port
 
* Ability to perform several actions during one connection to RPC service
 
* Ability to perform several actions during one connection to RPC service
* Support C/R of /dev/console
+
* C/R of opened /proc/$pid/foo files of dead tasks
* Virtualized devtmpfs C/R (openvz and future upstream kernels)
+
* C/R of /dev/console
 +
* C/R of virtualized devtmpfs (openvz and future upstream kernels)
 
* C/R of empty mqueue fs (posix message queues)
 
* C/R of empty mqueue fs (posix message queues)
 +
* C/R of shared bind-mounts
  
 
=== Optimizations ===
 
=== Optimizations ===

Revision as of 15:57, 14 November 2014

Tarball: criu-1.4.tar.bz2
Version: 1.4
Released: 1 Dec 2014
GIT tag: v1.4

New features

  • Dump and check cpuinfo. Needed to make sure CPU is capable to run the images after restore, e.g. during live migration
  • Initial support for user namespaces
    • Use memfd to restore shared memory segments
    • New (slightly faster) API for mm stuff restore via prctl
    • [UG]ID-s are dumped from parasite, not from /proc files
  • The docker_cr.sh script to show how Docker container C/R should (will) look like
  • New API for writing plugins (old one is still possible)
  • Service workers change their title to better look in ps output
  • Ability to feed socket for pre-dump and page-server in swrk mode
  • Page-server can auto-bind its port
  • Ability to perform several actions during one connection to RPC service
  • C/R of opened /proc/$pid/foo files of dead tasks
  • C/R of /dev/console
  • C/R of virtualized devtmpfs (openvz and future upstream kernels)
  • C/R of empty mqueue fs (posix message queues)
  • C/R of shared bind-mounts

Optimizations

  • BFD engine
    • Faster that glibc's FILE * buffered read from /proc files
    • Buffered image files IO
  • Faster parasite/restorer unload
    • Use HW breakpoints
    • Less ptrace GETREGS calls sometimes
    • Wake pie after sending the FINI command to socket
  • Merged some pairs of images into one
    • eventpoll and -tfd
    • inotify and -wd
    • fsnotify and -mark
  • Less setns()-s on dump is much faster on older kernels
  • Faster access to /proc/self files -- cached fd of /proc/self and openat(this_cache)

Fixes

  • Sibling restore mode didn't set up CRIU signals properly
  • Unpredictable sibling/child root task restore. Fixed with explicit CLI option
  • Validation for leaf mount points was skipped
  • Mount options were corrupted on dump, which resulted in errors bind mounts detection
  • Uninitialized properties of some cgroups prevented moving tasks into them (e.g. empty cpuset masks and low memcg limit)
  • File locks could belong to task with different pid (inherited on fork) blocked the dump
  • Bogus error printed in logs about SIGCHLD catch (was caused by thread dump using traps)
  • Irmap engine accessed freed root_task on pre-dump
  • Restore of net namespace could always fail (pid mismatch on fork) if kernel thread was created on netns setup
  • Cgroups service descriptor was closed too early and failed restore
  • Auto-loaded *diag modules caused audit netlink socket to contain data on dump (dump fails in this case)
  • The "(deleted)" prefix accumulated in unlinked files while doing C/R
  • The devpts filesystem and ptmx file were only dumped when found on /dev/pts and /dev respectively
  • Data in netlink socket and fanotify was lost after C/R (now dump is aborted if data found in it)
  • Fanotify mark was restore in different mount namespace
  • Images were writable by group. Not secure when user-dump was requested
  • Rootfs has parent id equal to self. CRIU didn't expect this and failed the dump
  • Shared mount of the --root path failed the restore
  • Absence (e.g. not compiled in) of any namespace in the kernel failed the dump
  • Page-server incremental dump didn't detect new tasks properly and failed the stage