Major changes:
* plugins/amdgpu: Implement parallel restore
* Handle processes with uprobes vma
* Fix: getsockopt usage for SO_PASSCRED/SO_PASSSEC on Linux 6.16
* Relax ELF magic check to support MIPS libraries
* pagemap: prevent integer overflow in pagemap_len
This release's name is a nod to the growing challenge we face in
maintaining compatibility across the rapidly evolving Linux kernel
ecosystem.
The full changelog can be found here: https://criu.org/Download/criu/4.2.
Signed-off-by: Andrei Vagin <avagin@gmail.com>
This release of CRIU (4.1.1) addresses a critical compatibility issue
introduced in the Linux kernel and back-ported to all stable releases.
The kernel commit (12f147ddd6de "do_change_type(): refuse to operate on
unmounted/not ours mounts") addressed the security issue introduced
almost 20 years ago. Unfortunately, this change inadvertently broke the
restore functionality of mount namespaces within CRIU. Users attempting
to restore a container on updated kernels would encounter the error:
"mnt-v2: Failed to make mount 476 slave: Invalid argument."
This release contains the necessary adjustments to CRIU, allowing it to
work seamlessly with kernels incorporating this security change.
Signed-off-by: Andrei Vagin <avagin@gmail.com>
Major changes:
* RISC-V Support
* PIDFD Support
* CUDA Enhancements
* Fixes here and there
The full changelog can be found here: https://criu.org/Download/criu/4.1.
Signed-off-by: Andrei Vagin <avagin@google.com>
Major changes:
* CUDA plugin to support checkpointing and restoring NVIDIA CUDA applications.
* Shadow stack support
* Pagemap cache: Added support for PAGEMAP_SCAN ioctl
The full changelog can be found here: https://criu.org/Download/criu/4.0.
Signed-off-by: Andrei Vagin <avagin@gmail.com>
Two major highlights of this release:
* LoongArch64 support
* A lot of fixes and improvments form the Google backlog.
The full changelog can be found here: https://criu.org/Download/criu/3.19.
This marks the final release of the 3.x series. The upcoming version
will be 4.0! Additionally, the naming pattern will be changed. Any ideas
are welcome.
Signed-off-by: Andrei Vagin <avagin@gmail.com>
The highlight feature of this release is the ability to use CRIU for
non-root users. Adrian Reber implemented the kernel part and created the
initial version of CRIU changes. Then Younes Manton joined the effort
and pushed it to the finish line.
The full change log is here: https://criu.org/Download/criu/3.18
Signed-off-by: Andrei Vagin <avagin@gmail.com>
* Fixes for pre-dump read mode
* Fixes for mount-v2
* amdgpu plugin build and installation fixes
* Some minor CI related fixes
Signed-off-by: Adrian Reber <areber@redhat.com>
Amongst a huge number of fixes all over the place this release introduces:
* mount-v2 engine
* support for MAP_HUGETLB mappings
* support for Linux Restartable Sequences
* support for SOCK_SEQPACKET unix sockets
* CRIU AMD GPU plugin
* setsockopt(SO_BUF_LOCK) support for tcp sockets
Signed-off-by: Adrian Reber <areber@redhat.com>
* Switch criu-ns from unversioned 'python' to 'python3'
for easier distribution packaging
* Add '--join-ns' interface to libcriu to allow joining
namespaces via libcriu like CLI and RPC already allow
Signed-off-by: Adrian Reber <areber@redhat.com>
Amongst a huge number of fixes all over the place and the move away from
Travis this release introduces:
* better support for restoring containers into existing pods
* pidfd based pid reuse detection for RPC clients
* allow restoring of precreated veth devices
* license change for all files in the images/ directory to MIT
* criu-ns helper script
* use clang-format for automatic code indentation
* support checkpoint/restore of stacked apparmor profiles
* [GSoC] Add nftables based network locking/unlocking (Zeyad Yasser)
Signed-off-by: Adrian Reber <areber@redhat.com>
This is yet another big release with many new features in it:
* Introduced criu-image-streamer
* Added MIPS support.
* Allow checkpointing out of existing PID namespace and
restoring into existing PID namespace.
* Added additional file validation mechanisms
* Added support to checkpoint and restore BPF hash maps and array maps.
* Initial cgroup2 support
Signed-off-by: Andrei Vagin <avagin@gmail.com>
The long-tempting release with lots of new features on board.
We have finally the time namespace support, great improvment of
the pre-dump memory consumption, new clone3 support and many
more.
Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Here we have some bugfixes, huuuge *.py patch for coding style
and nice set of new features like 32bit for ARM, TLS for page
server and new mode for CGroups.
Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Suddenly it's a feature-reach release. We have support for Android build
and several tempting C/R things -- raw sockets, selinux labels and ro
ghost files.
And a couple of fixes, of course.
libcriu.so used to have the SONAME
$ readelf -d lib/c/libcriu.so | grep SONAME
0x000000000000000e (SONAME) Library soname: [libcriu.so.1]
The recent changes to libcriu (removed and added functions, changes from
`char *`-args to `const char *`) are breaking ABI and API. This requires
a new SONAME of 2. This patch changes the SONAME to 2:
$ readelf -d lib/c/libcriu.so | grep SONAME
0x000000000000000e (SONAME) Library soname: [libcriu.so.2]
Signed-off-by: Adrian Reber <areber@redhat.com>
So here it is -- the release with lots of new stuff and bugfixes.
Mainly, the new code is for integration with Docker and to support
modern hardware.
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
We've slowed down a little, but still new features and bugfixes appear.
This time we've improved lazy migration, completed SCM messages support,
added nesting netns support (now we have two of them -- net and mnt)
and did many small fixes here and there.
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
This time we shifted the update one month, due to the amount of
changes not being very big. And got pretty big update, including
a set of bugfixes and new functionality.
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
As usually -- many bugfixes and several new features. The s390x stuff
goes well too. The most tempting new feature is the ability to dump
and restore files sent over unix sockets (SCM_RIGHTS).
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
So, the long-running task with lazy restore is (almost) finished :) Some
issues are still to be resolved, but the heaviest lift has been done.
Another notable thing is VDSO C/R rework. It's now more robust and fast.
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
The biggest new thing this time is s390x arch support!
Also we have several improvements and a set of bugfixes
as usual.
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
Most of the changes this time are preparation for future
new features and optimizations, that hasn't yet been well
tested and polished.
However, we have several new features. The most important
one is the --tcp-close option to help migration of Docker
containers, that constantly change their IP address.
And, as usually, a set of bugfixes.
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
This is a hot-fix with a regression fix and an urgent
support for the latest-n-greatest kernel API change.
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
This is the no-new-features release :) We have several bugfixes,
memory restore optimization and a little bit more.
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
So, we've done a HUUGE rework in this release, that's why it's 3.0.
Two biggest changes are:
* Compel library -- the framwork for parasite code injection.
* 32bit x86 support. Note, that it's neither x32 support, not 32-bit
criu. It's purely the ability to dump 32-bit tasks on 64-bit host.
With compel at hands the 'criu exec' is removed.
Main set of kudos go to Cyrill and Dima for this heavy lifting :)
Other things include shutdown-ed UDP sockets, bind-mounts to external
bind mounts, ASAN, extentions to RPC, rework of SysVIPC shmem dump
format and some bugfixes and beautifications in CRIT.
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
The compel component is a replacement for several aspects of CRIU
functionality: binary blobs generation for PIE parasite/restore code,
and a library for parasite code injection and execution (to be implemented).
In the commit we rather shuffle compel into own directory and
use it for
1) Fetching cflags when compiling PIE blobs
2) Use its "piegen" functionality to generate blobs themselves.
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
In 2.11 we've had several got bronek:
- page-server start via RPC
- Fedora build
- ppc64le restorer switch
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
This is a bugfix-mostly release. Interesting new features include
the huge rework of files restoring engine which fixed us bugs we
haven't seen in reality :) but have proven they exist. Als this
rework opens the way for scm-rigts c/r we need for nginx.
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
So, this time we had TCP transitional states support, but it was
in semi-finished libsoccr library :) And in order to have the TCP
C/R fixed we fixed the library and are now ready to release them
both.
Said that, two main features of the Waxwing release are
* libsoccr -- the library for TCP sockets C/R
* TCP transitional states C/R
Also we have a set of bugfixes, caught performance issue on Xen
and a little bit more.
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
For now build the .a library not to produce criu wrappers.
Next version should include the .so library as well.
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
This is quite a tiny bigfix mostly release.
One interesting thing, though, is that CRIU can now be built with
clang on all the supported architectures :)
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
So, this time we've mostly have a lot of code rework for
compel. A big portion of it is still in criu-dev, but
some has been merged into master.
Other than this and a bunch of bugfixes -- .config file,
support for Tun-Tap devices and deprecation of several
CLI and RPC options by the --external one.
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
Not a lot this time, just a bunch of bugfixes and improvements.
A lot has happened in -dev branch around compel, hopefully the
next release will have it.
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
So, this time we have quite a lot of new features for a monthly
release cadence, including --leave-stopped on restore, TMEM for
PPC and shmem changes tracking.
Also bugfixes, of course, and a little bit more deprecations.
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
Bug-fix mostly release.
We've also came very close in -dev branch to having x86 32bit
support, so hopefully we'll have it in 2.6/2.7. Lazy restore
now in test-able state, but still we want kernel patches to
leave maintainer's tree, so we still wait.
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
This time we have a bunch of new features, such as more
cgroup stuff, AutoFS, coredump out of images, etc.
Virtuozzo guys have released vz7-rtm, and fixed a lot
of bugs in criu while doing it :)
Plus some ancient stuff removed.
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
So, we have some nice new features, again aimed at better integration,
also have massive restorer blob preparation rework and several nasty
bugfixes in mounts code.
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
We use in our PCS7 packaging and I think it's
suitable for everything else as well.
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Reviewed-by: Dmitry Safonov <dsafonov@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
This is bugfix mostly release again.
Also did some tunes for better integration with OpenVZ (action scripts),
updated to support newer kernels improvements and removed pagemap greedy
mode and --namespaces option.
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
Here's the first once-a-month release with whatever is there in
the master branch. We have quite a few new features, but a lot of
bugifxes :)
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
So, here it is. We planned not only to re-shuffle the code, but
also to provide compel thing to people, but have only managed to
do the former. OK, the compel then would go in 2.1 :)
But, we also change the dev-n-release model, so from now on we
have 2 branches and release stable one every month to show new
stuff earlier.
Have fun!
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
