79
edits
Changes
Jump to navigation
Jump to search
Line 78:
Line 78: − + − + − + − + − + − We can try to use sys_read_process_vm() syscall to mitigate all of the above. To do this we+ − + − + + Line 92:
Line 93: + − + Line 120:
Line 122: + Line 171:
Line 174: + + + + + + + + + + + + + + + +
no edit summary
Current [[CLI/cmd/pre-dump|pre-dump]] mode is used to write task memory contents into image
Current [[CLI/cmd/pre-dump|pre-dump]] mode is used to write task memory contents into image
files w/o stopping the task for too long. It does this by stopping the task, infecting it and
files w/o stopping the task for too long. It does this by stopping the task, infecting it and
draining all the memory into a set of pipes. Then the task is cured and resumed and the pipes'
draining all the memory into a set of pipes. Then the task is cured, resumed and the pipes'
contents is written into images (maybe a [[page server]]). This approach creates a big stress
contents is written into images (maybe a [[page server]]). Unfortunately, this approach creates
on memory subsystem, as keeping all the memory in pipes creates a lot of unreclaimable memory
a big stress on the memory subsystem, as keeping all memory in pipes creates a lot of unreclaimable
(pages in pipes are not swappable), as well as the number of pipes themselves can be buge (as
memory (pages in pipes are not swappable), as well as the number of pipes themselves can be huge, as
one pipe doesn't store more than a fixed certain amount of data).
one pipe doesn't store more than a fixed amount of data (see pipe(7) man page).
A solution for this problem is to use a sys_read_process_vm() syscall, which will mitigate
need to allocate a temporary buffer in criu, then walk the target process vm by copying the
all of the above. To do this we need to allocate a temporary buffer in criu, then walk the
memory piece-by-piece into it, then flush the data into image (or page server), then repeat.
target process vm by copying the memory piece-by-piece into it, then flush the data into image
(or page server), and repeat.
Ideally there should be sys_splice_process_vm() syscall in the kernel, that does the same as
Ideally there should be sys_splice_process_vm() syscall in the kernel, that does the same as
'''Links:'''
'''Links:'''
* [[Memory pre dump]]
* https://github.com/checkpoint-restore/criu/issues/351
* https://github.com/checkpoint-restore/criu/issues/351
* [[Memory dumping and restoring]], [[Memory changes tracking]]
* [[Memory dumping and restoring]], [[Memory changes tracking]]
* [http://man7.org/linux/man-pages/man2/process_vm_readv.2.html process_vm_readv(2)] [http://man7.org/linux/man-pages/man2/vmsplice.2.html vmsplice(2)] [https://lkml.org/lkml/2017/11/22/527 RFC for splice_process_vm syscall]
* [http://man7.org/linux/man-pages/man2/process_vm_readv.2.html process_vm_readv(2)] [http://man7.org/linux/man-pages/man2/vmsplice.2.html vmsplice(2)] [https://lkml.org/lkml/2018/1/9/32 RFC for splice_process_vm syscall]
'''Details:'''
'''Details:'''
'''Links:'''
'''Links:'''
* [[Anonymize image files]]
* https://github.com/checkpoint-restore/criu/issues/360
* https://github.com/checkpoint-restore/criu/issues/360
* [[CRIT]], [[Images]]
* [[CRIT]], [[Images]]
* Mentor: Mike Rapoport <rppt@linux.ibm.com>
* Mentor: Mike Rapoport <rppt@linux.ibm.com>
* Suggested by: Mike Rapoport <rppt@linux.ibm.com>
* Suggested by: Mike Rapoport <rppt@linux.ibm.com>
=== Use eBPF to lock and unlock the network ===
'''Summary:''' Use ePBF instead of external iptables-restore tool for network lock and unlock.
During checkpointing and restoring CRIU locks the network to make sure no network packets are accepted by the network stack during the time the process is checkpointed. Currently CRIU calls out to iptables-restore to create and delete the corresponding iptables rules. Another approach which avoids calling out to the external binary iptables-restore would be to directly inject eBPF rules. There have been reports from users that iptables-restore fails in some way and eBPF could avoid this external dependency.
'''Links:'''
* https://www.criu.org/TCP_connection#Checkpoint_and_restore_TCP_connection
* https://github.com/systemd/systemd/blob/master/src/core/bpf-firewall.c
'''Details:'''
* Skill level: intermediate
* Language: C
* Mentor: Adrian Reber <areber@redhat.com>
* Suggested by: Adrian Reber <areber@redhat.com>
[[Category:GSoC]]
[[Category:GSoC]]
[[Category:Development]]
[[Category:Development]]