278
edits
Changes
mLine 1:
Line 1: − + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Line 40:
Line 76: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Add support for memfd_secret file descriptors
[[Category:GSoC]]
=== Add support for memfd_secret file descriptors ===
'''Summary:''' Support C/R of memfd_secret descriptors
There is memfd_secret syscall which allows user to open
special memfd which is backed by special memory range which
is inaccessible by another processes (and the kernel too!).
At the moment CRIU can't dump processes that have memfd_secret's opened.
'''Links:'''
* https://lwn.net/Articles/865256/
* https://warusadura.github.io/gsoc23-final-report.html
* https://github.com/checkpoint-restore/criu/pull/2247
'''Details:'''
* Skill level: intermediate
* Language: C
* Expected size: 350 hours
* Mentors: Alexander Mikhalitsyn <alexander@mihalicyn.com>, Mike Rapoport <mike.rapoport@gmail.com>
* Suggested by: Alexander Mikhalitsyn <alexander@mihalicyn.com>
=== Forensic analysis of container checkpoints ===
'''Summary:''' Extending go-crit with capabilities for forensic analysis
'''Merged:''' https://github.com/checkpoint-restore/checkpointctl
The go-crit tool was created during GSoC 2022 to enable analysis of CRIU [[images]] with tools written in Go. It allows container management tools such as [https://github.com/checkpoint-restore/checkpointctl checkpointctl] and Podman to provide capabilities similar to CRIT. The goal of this project is to extend go-crit with functionality for forensic analysis of container checkpoints to provide a better user experience.
The go-crit tool is still in its early stages of development. To effectively utilise this new feature, the checkpointctl tool would be extended to display information about the processes included in a container checkpoint and their runtime state (e.g., memory, open files, sockets, etc).
'''Links:'''
* https://criu.org/CRIT_(Go_library)
* https://github.com/checkpoint-restore/go-criu/tree/master/crit
* https://kubernetes.io/blog/2022/12/05/forensic-container-checkpointing-alpha/
=== Restrict checks for open/mmaped files ===
=== Restrict checks for open/mmaped files ===
* [[Memory dumping and restoring]], [[Memory changes tracking]]
* [[Memory dumping and restoring]], [[Memory changes tracking]]
* [http://man7.org/linux/man-pages/man2/process_vm_readv.2.html process_vm_readv(2)] [http://man7.org/linux/man-pages/man2/vmsplice.2.html vmsplice(2)] [https://lkml.org/lkml/2018/1/9/32 RFC for splice_process_vm syscall]
* [http://man7.org/linux/man-pages/man2/process_vm_readv.2.html process_vm_readv(2)] [http://man7.org/linux/man-pages/man2/vmsplice.2.html vmsplice(2)] [https://lkml.org/lkml/2018/1/9/32 RFC for splice_process_vm syscall]
=== Porting crit functionalities in GO ===
'''Summary:''' Implement image view and manipulation in Go
'''Merged:''' https://github.com/checkpoint-restore/go-criu/pull/66
CRIU's checkpoint images are stored on disk using protobuf. For easier analysis of checkpoint files CRIU has a tool called [[CRIT|CRiu Image Tool (CRIT)]]. It can display/decode CRIU image files from binary protobuf to JSON as well as encode JSON files back to the binary format. With closer integration of CRIU in container runtimes it becomes important to be able to view the CRIU output files. Either for manipulation before restoring or for reading checkpoint statistics (memory pages written to disk, memory pages skipped, process downtime).
Currently CRIT is implemented in Python, for easier integration in other Go projects it is important to have image manipulation and analysis available from GO. This means we need a Go based library to read/modify/write/encode/decode CRIU's image files. Based on this library a Go based implementation of CRIT would be useful.
'''Links:'''
* [[CRIT (Go library)]]
* https://github.com/snprajwal/gsoc-2022
=== Support sparse ghosts ===
'''Summary:''' While sparse ghost files were in part supported for quiet some time, we still was not able to handle big sparse ghost files and highly fragmented sparse ghost files effectively.
'''Merged:''' https://github.com/checkpoint-restore/criu/pull/1944 https://github.com/checkpoint-restore/criu/pull/1963
When criu dumps processes it also dumps files that are opened by them. It does this by saving file names by which the files are accessible. But sometimes files can have no names. It may happen if a task opened a file and then removed it. To dump this file criu cannot save its name (because the name doesn't exist). Instead criu saves the whole file. This is called "ghost file". Since saving the whole file is very expensive (copying lots of data on disk) criu limits the maximum size of a ghost file. The latter is also not good, because there are "sparse" files, that are large in size, but may be small from the real disk usage perspective. The goal of the task is to support sparse ghost files, i.e. limit the size of the ghost not by its length but by disk usage and when copying the data detect the used blocks and save only those.
'''Links:'''
*[https://en.wikipedia.org/wiki/Sparse_file Sparse files]
*[[Dumping files]]
*[[Invisible files]]
*[https://www.kernel.org/doc/html/latest/filesystems/fiemap.html Fiemap ioctl]
[[Category:GSoC]]