pycriu: Fix self-dump failure with explicit PID

When `opts.pid` is explicitly set to `os.getpid()`, `pycriu` fails to
daemonize the `criu` process. This causes `criu` to run as a child of
the dumped process, leading to the error "The criu itself is within
dumped tree".

This can be fixed by modifying `_send_req_and_recv_resp` to check if the
target PID matches the current process PID. If so, it enables daemon
mode, ensuring `criu` is detached and the dump succeeds.

Signed-off-by: unichronic <ishuvam.pal@gmail.com>

.circleci/config.yml

@@ -0,0 +1,27 @@
+version: 2.1
+jobs:
+  test-local-gcc:
+    machine:
+      image: default
+    working_directory: ~/criu
+    steps:
+      - checkout
+      - run:
+          name: "Test local with GCC"
+          command: sudo -E make -C scripts/ci local
+  test-local-clang:
+    machine:
+      image: default
+    working_directory: ~/criu
+    steps:
+      - checkout
+      - run:
+          name: "Test local with CLANG"
+          command: sudo -E make -C scripts/ci local CLANG=1
+
+workflows:
+  version: 2
+  builds:
+    jobs:
+      - test-local-gcc
+      - test-local-clang

.cirrus.yml

@@ -0,0 +1,101 @@
+task:
+  name: Vagrant Fedora based test (no VDSO)
+  environment:
+    HOME: "/root"
+    CIRRUS_WORKING_DIR: "/tmp/criu"
+
+  compute_engine_instance:
+    image_project: cirrus-images
+    image: family/docker-kvm
+    platform: linux
+    cpu: 4
+    memory: 16G
+    nested_virtualization: true
+
+  setup_script: |
+    contrib/apt-install make gcc pkg-config git perl-modules iproute2 kmod wget cpu-checker
+    sudo kvm-ok
+  build_script: |
+    make -C scripts/ci vagrant-fedora-no-vdso
+
+task:
+  name: CentOS Stream 9 based test
+  environment:
+    HOME: "/root"
+    CIRRUS_WORKING_DIR: "/tmp/criu"
+
+  compute_engine_instance:
+    image_project: centos-cloud
+    image: family/centos-stream-9
+    platform: linux
+    cpu: 4
+    memory: 8G
+
+  setup_script: |
+    dnf config-manager --set-enabled crb # Same as CentOS 8 powertools
+    dnf -y install epel-release epel-next-release
+    contrib/dependencies/dnf-packages.sh
+    # The image has a too old version of nettle which does not work with gnutls.
+    # Just upgrade to the latest to make the error go away.
+    dnf -y upgrade nettle nettle-devel
+    systemctl stop sssd
+    # Even with selinux in permissive mode the selinux tests will be executed.
+    # The Cirrus CI user runs as a service from selinux point of view and is
+    # much more restricted than a normal shell (system_u:system_r:unconfined_service_t:s0).
+    # The test case above (vagrant-fedora-no-vdso) should run selinux tests in enforcing mode.
+    setenforce 0
+
+  build_script: |
+    make -C scripts/ci local SKIP_CI_PREP=1 CC=gcc CD_TO_TOP=1 ZDTM_OPTS="-x zdtm/static/socket-raw"
+
+task:
+  name: Vagrant Fedora Rawhide based test
+  environment:
+    HOME: "/root"
+    CIRRUS_WORKING_DIR: "/tmp/criu"
+
+  compute_engine_instance:
+    image_project: cirrus-images
+    image: family/docker-kvm
+    platform: linux
+    cpu: 4
+    memory: 16G
+    nested_virtualization: true
+
+  setup_script: |
+    contrib/apt-install make gcc pkg-config git perl-modules iproute2 kmod wget cpu-checker
+    sudo kvm-ok
+  build_script: |
+    make -C scripts/ci vagrant-fedora-rawhide
+
+task:
+  name: Vagrant Fedora based test (non-root)
+  environment:
+    HOME: "/root"
+    CIRRUS_WORKING_DIR: "/tmp/criu"
+
+  compute_engine_instance:
+    image_project: cirrus-images
+    image: family/docker-kvm
+    platform: linux
+    cpu: 4
+    memory: 16G
+    nested_virtualization: true
+
+  setup_script: |
+    contrib/apt-install make gcc pkg-config git perl-modules iproute2 kmod wget cpu-checker
+    sudo kvm-ok
+  build_script: |
+    make -C scripts/ci vagrant-fedora-non-root
+
+task:
+  name: aarch64 Fedora Rawhide
+  arm_container:
+    image: registry.fedoraproject.org/fedora:rawhide
+    cpu: 4
+    memory: 4G
+  script: uname -a
+  build_script: |
+    scripts/ci/prepare-for-fedora-rawhide.sh
+    make -C scripts/ci/ local CC=gcc SKIP_CI_PREP=1 SKIP_CI_TEST=1 CD_TO_TOP=1
+    make -C test/zdtm -j 4

.clang-format

@@ -0,0 +1,565 @@
+# SPDX-License-Identifier: GPL-2.0
+#
+# clang-format configuration file. Intended for clang-format >= 11.
+#
+# For more information, see:
+#
+#   Documentation/process/clang-format.rst
+#   https://clang.llvm.org/docs/ClangFormat.html
+#   https://clang.llvm.org/docs/ClangFormatStyleOptions.html
+#
+---
+AccessModifierOffset: -4
+AlignAfterOpenBracket: Align
+AlignConsecutiveAssignments: false
+AlignConsecutiveDeclarations: false
+AlignEscapedNewlines: Left # Unknown to clang-format-4.0
+AlignOperands: true
+AlignTrailingComments: true
+AlignConsecutiveMacros: true
+AllowAllParametersOfDeclarationOnNextLine: false
+AllowShortBlocksOnASingleLine: false
+AllowShortCaseLabelsOnASingleLine: false
+AllowShortFunctionsOnASingleLine: None
+AllowShortIfStatementsOnASingleLine: false
+AllowShortLoopsOnASingleLine: false
+AlwaysBreakAfterDefinitionReturnType: None
+AlwaysBreakAfterReturnType: None
+AlwaysBreakBeforeMultilineStrings: false
+AlwaysBreakTemplateDeclarations: false
+BinPackArguments: true
+BinPackParameters: true
+BraceWrapping:
+  AfterClass: false
+  AfterControlStatement: false
+  AfterEnum: false
+  AfterFunction: true
+  AfterNamespace: true
+  AfterObjCDeclaration: false
+  AfterStruct: false
+  AfterUnion: false
+  AfterExternBlock: false # Unknown to clang-format-5.0
+  BeforeCatch: false
+  BeforeElse: false
+  IndentBraces: false
+  SplitEmptyFunction: true # Unknown to clang-format-4.0
+  SplitEmptyRecord: true # Unknown to clang-format-4.0
+  SplitEmptyNamespace: true # Unknown to clang-format-4.0
+BreakBeforeBinaryOperators: None
+BreakBeforeBraces: Custom
+BreakBeforeInheritanceComma: false # Unknown to clang-format-4.0
+BreakBeforeTernaryOperators: false
+BreakConstructorInitializersBeforeComma: false
+BreakConstructorInitializers: BeforeComma # Unknown to clang-format-4.0
+BreakAfterJavaFieldAnnotations: false
+BreakStringLiterals: false
+ColumnLimit: 0
+CommentPragmas: '^ IWYU pragma:'
+CompactNamespaces: false # Unknown to clang-format-4.0
+ConstructorInitializerAllOnOneLineOrOnePerLine: false
+ConstructorInitializerIndentWidth: 8
+ContinuationIndentWidth: 8
+Cpp11BracedListStyle: false
+DerivePointerAlignment: false
+DisableFormat: false
+ExperimentalAutoDetectBinPacking: false
+FixNamespaceComments: false # Unknown to clang-format-4.0
+
+# Taken from:
+#   git grep -h '^#define [^[:space:]]*for_each[^[:space:]]*(' include/ \
+#   | sed "s,^#define \([^[:space:]]*for_each[^[:space:]]*\)(.*$,  - '\1'," \
+#   | sort | uniq
+ForEachMacros:
+  - 'for_each_pstree_item'
+  - 'for_each_bit'
+  - 'apei_estatus_for_each_section'
+  - 'ata_for_each_dev'
+  - 'ata_for_each_link'
+  - '__ata_qc_for_each'
+  - 'ata_qc_for_each'
+  - 'ata_qc_for_each_raw'
+  - 'ata_qc_for_each_with_internal'
+  - 'ax25_for_each'
+  - 'ax25_uid_for_each'
+  - '__bio_for_each_bvec'
+  - 'bio_for_each_bvec'
+  - 'bio_for_each_bvec_all'
+  - 'bio_for_each_integrity_vec'
+  - '__bio_for_each_segment'
+  - 'bio_for_each_segment'
+  - 'bio_for_each_segment_all'
+  - 'bio_list_for_each'
+  - 'bip_for_each_vec'
+  - 'bitmap_for_each_clear_region'
+  - 'bitmap_for_each_set_region'
+  - 'blkg_for_each_descendant_post'
+  - 'blkg_for_each_descendant_pre'
+  - 'blk_queue_for_each_rl'
+  - 'bond_for_each_slave'
+  - 'bond_for_each_slave_rcu'
+  - 'bpf_for_each_spilled_reg'
+  - 'btree_for_each_safe128'
+  - 'btree_for_each_safe32'
+  - 'btree_for_each_safe64'
+  - 'btree_for_each_safel'
+  - 'card_for_each_dev'
+  - 'cgroup_taskset_for_each'
+  - 'cgroup_taskset_for_each_leader'
+  - 'cpufreq_for_each_entry'
+  - 'cpufreq_for_each_entry_idx'
+  - 'cpufreq_for_each_valid_entry'
+  - 'cpufreq_for_each_valid_entry_idx'
+  - 'css_for_each_child'
+  - 'css_for_each_descendant_post'
+  - 'css_for_each_descendant_pre'
+  - 'device_for_each_child_node'
+  - 'displayid_iter_for_each'
+  - 'dma_fence_chain_for_each'
+  - 'do_for_each_ftrace_op'
+  - 'drm_atomic_crtc_for_each_plane'
+  - 'drm_atomic_crtc_state_for_each_plane'
+  - 'drm_atomic_crtc_state_for_each_plane_state'
+  - 'drm_atomic_for_each_plane_damage'
+  - 'drm_client_for_each_connector_iter'
+  - 'drm_client_for_each_modeset'
+  - 'drm_connector_for_each_possible_encoder'
+  - 'drm_for_each_bridge_in_chain'
+  - 'drm_for_each_connector_iter'
+  - 'drm_for_each_crtc'
+  - 'drm_for_each_crtc_reverse'
+  - 'drm_for_each_encoder'
+  - 'drm_for_each_encoder_mask'
+  - 'drm_for_each_fb'
+  - 'drm_for_each_legacy_plane'
+  - 'drm_for_each_plane'
+  - 'drm_for_each_plane_mask'
+  - 'drm_for_each_privobj'
+  - 'drm_mm_for_each_hole'
+  - 'drm_mm_for_each_node'
+  - 'drm_mm_for_each_node_in_range'
+  - 'drm_mm_for_each_node_safe'
+  - 'flow_action_for_each'
+  - 'for_each_acpi_dev_match'
+  - 'for_each_active_dev_scope'
+  - 'for_each_active_drhd_unit'
+  - 'for_each_active_iommu'
+  - 'for_each_aggr_pgid'
+  - 'for_each_available_child_of_node'
+  - 'for_each_bio'
+  - 'for_each_board_func_rsrc'
+  - 'for_each_bvec'
+  - 'for_each_card_auxs'
+  - 'for_each_card_auxs_safe'
+  - 'for_each_card_components'
+  - 'for_each_card_dapms'
+  - 'for_each_card_pre_auxs'
+  - 'for_each_card_prelinks'
+  - 'for_each_card_rtds'
+  - 'for_each_card_rtds_safe'
+  - 'for_each_card_widgets'
+  - 'for_each_card_widgets_safe'
+  - 'for_each_cgroup_storage_type'
+  - 'for_each_child_of_node'
+  - 'for_each_clear_bit'
+  - 'for_each_clear_bit_from'
+  - 'for_each_cmsghdr'
+  - 'for_each_compatible_node'
+  - 'for_each_component_dais'
+  - 'for_each_component_dais_safe'
+  - 'for_each_comp_order'
+  - 'for_each_console'
+  - 'for_each_cpu'
+  - 'for_each_cpu_and'
+  - 'for_each_cpu_not'
+  - 'for_each_cpu_wrap'
+  - 'for_each_dapm_widgets'
+  - 'for_each_dev_addr'
+  - 'for_each_dev_scope'
+  - 'for_each_dma_cap_mask'
+  - 'for_each_dpcm_be'
+  - 'for_each_dpcm_be_rollback'
+  - 'for_each_dpcm_be_safe'
+  - 'for_each_dpcm_fe'
+  - 'for_each_drhd_unit'
+  - 'for_each_dss_dev'
+  - 'for_each_dtpm_table'
+  - 'for_each_efi_memory_desc'
+  - 'for_each_efi_memory_desc_in_map'
+  - 'for_each_element'
+  - 'for_each_element_extid'
+  - 'for_each_element_id'
+  - 'for_each_endpoint_of_node'
+  - 'for_each_evictable_lru'
+  - 'for_each_fib6_node_rt_rcu'
+  - 'for_each_fib6_walker_rt'
+  - 'for_each_free_mem_pfn_range_in_zone'
+  - 'for_each_free_mem_pfn_range_in_zone_from'
+  - 'for_each_free_mem_range'
+  - 'for_each_free_mem_range_reverse'
+  - 'for_each_func_rsrc'
+  - 'for_each_hstate'
+  - 'for_each_if'
+  - 'for_each_iommu'
+  - 'for_each_ip_tunnel_rcu'
+  - 'for_each_irq_nr'
+  - 'for_each_link_codecs'
+  - 'for_each_link_cpus'
+  - 'for_each_link_platforms'
+  - 'for_each_lru'
+  - 'for_each_matching_node'
+  - 'for_each_matching_node_and_match'
+  - 'for_each_member'
+  - 'for_each_memcg_cache_index'
+  - 'for_each_mem_pfn_range'
+  - '__for_each_mem_range'
+  - 'for_each_mem_range'
+  - '__for_each_mem_range_rev'
+  - 'for_each_mem_range_rev'
+  - 'for_each_mem_region'
+  - 'for_each_migratetype_order'
+  - 'for_each_msi_entry'
+  - 'for_each_msi_entry_safe'
+  - 'for_each_msi_vector'
+  - 'for_each_net'
+  - 'for_each_net_continue_reverse'
+  - 'for_each_netdev'
+  - 'for_each_netdev_continue'
+  - 'for_each_netdev_continue_rcu'
+  - 'for_each_netdev_continue_reverse'
+  - 'for_each_netdev_feature'
+  - 'for_each_netdev_in_bond_rcu'
+  - 'for_each_netdev_rcu'
+  - 'for_each_netdev_reverse'
+  - 'for_each_netdev_safe'
+  - 'for_each_net_rcu'
+  - 'for_each_new_connector_in_state'
+  - 'for_each_new_crtc_in_state'
+  - 'for_each_new_mst_mgr_in_state'
+  - 'for_each_new_plane_in_state'
+  - 'for_each_new_private_obj_in_state'
+  - 'for_each_node'
+  - 'for_each_node_by_name'
+  - 'for_each_node_by_type'
+  - 'for_each_node_mask'
+  - 'for_each_node_state'
+  - 'for_each_node_with_cpus'
+  - 'for_each_node_with_property'
+  - 'for_each_nonreserved_multicast_dest_pgid'
+  - 'for_each_of_allnodes'
+  - 'for_each_of_allnodes_from'
+  - 'for_each_of_cpu_node'
+  - 'for_each_of_pci_range'
+  - 'for_each_old_connector_in_state'
+  - 'for_each_old_crtc_in_state'
+  - 'for_each_old_mst_mgr_in_state'
+  - 'for_each_oldnew_connector_in_state'
+  - 'for_each_oldnew_crtc_in_state'
+  - 'for_each_oldnew_mst_mgr_in_state'
+  - 'for_each_oldnew_plane_in_state'
+  - 'for_each_oldnew_plane_in_state_reverse'
+  - 'for_each_oldnew_private_obj_in_state'
+  - 'for_each_old_plane_in_state'
+  - 'for_each_old_private_obj_in_state'
+  - 'for_each_online_cpu'
+  - 'for_each_online_node'
+  - 'for_each_online_pgdat'
+  - 'for_each_pci_bridge'
+  - 'for_each_pci_dev'
+  - 'for_each_pci_msi_entry'
+  - 'for_each_pcm_streams'
+  - 'for_each_physmem_range'
+  - 'for_each_populated_zone'
+  - 'for_each_possible_cpu'
+  - 'for_each_present_cpu'
+  - 'for_each_prime_number'
+  - 'for_each_prime_number_from'
+  - 'for_each_process'
+  - 'for_each_process_thread'
+  - 'for_each_prop_codec_conf'
+  - 'for_each_prop_dai_codec'
+  - 'for_each_prop_dai_cpu'
+  - 'for_each_prop_dlc_codecs'
+  - 'for_each_prop_dlc_cpus'
+  - 'for_each_prop_dlc_platforms'
+  - 'for_each_property_of_node'
+  - 'for_each_registered_fb'
+  - 'for_each_requested_gpio'
+  - 'for_each_requested_gpio_in_range'
+  - 'for_each_reserved_mem_range'
+  - 'for_each_reserved_mem_region'
+  - 'for_each_rtd_codec_dais'
+  - 'for_each_rtd_components'
+  - 'for_each_rtd_cpu_dais'
+  - 'for_each_rtd_dais'
+  - 'for_each_set_bit'
+  - 'for_each_set_bit_from'
+  - 'for_each_set_clump8'
+  - 'for_each_sg'
+  - 'for_each_sg_dma_page'
+  - 'for_each_sg_page'
+  - 'for_each_sgtable_dma_page'
+  - 'for_each_sgtable_dma_sg'
+  - 'for_each_sgtable_page'
+  - 'for_each_sgtable_sg'
+  - 'for_each_sibling_event'
+  - 'for_each_subelement'
+  - 'for_each_subelement_extid'
+  - 'for_each_subelement_id'
+  - '__for_each_thread'
+  - 'for_each_thread'
+  - 'for_each_unicast_dest_pgid'
+  - 'for_each_vsi'
+  - 'for_each_wakeup_source'
+  - 'for_each_zone'
+  - 'for_each_zone_zonelist'
+  - 'for_each_zone_zonelist_nodemask'
+  - 'fwnode_for_each_available_child_node'
+  - 'fwnode_for_each_child_node'
+  - 'fwnode_graph_for_each_endpoint'
+  - 'gadget_for_each_ep'
+  - 'genradix_for_each'
+  - 'genradix_for_each_from'
+  - 'hash_for_each'
+  - 'hash_for_each_possible'
+  - 'hash_for_each_possible_rcu'
+  - 'hash_for_each_possible_rcu_notrace'
+  - 'hash_for_each_possible_safe'
+  - 'hash_for_each_rcu'
+  - 'hash_for_each_safe'
+  - 'hctx_for_each_ctx'
+  - 'hlist_bl_for_each_entry'
+  - 'hlist_bl_for_each_entry_rcu'
+  - 'hlist_bl_for_each_entry_safe'
+  - 'hlist_for_each'
+  - 'hlist_for_each_entry'
+  - 'hlist_for_each_entry_continue'
+  - 'hlist_for_each_entry_continue_rcu'
+  - 'hlist_for_each_entry_continue_rcu_bh'
+  - 'hlist_for_each_entry_from'
+  - 'hlist_for_each_entry_from_rcu'
+  - 'hlist_for_each_entry_rcu'
+  - 'hlist_for_each_entry_rcu_bh'
+  - 'hlist_for_each_entry_rcu_notrace'
+  - 'hlist_for_each_entry_safe'
+  - 'hlist_for_each_entry_srcu'
+  - '__hlist_for_each_rcu'
+  - 'hlist_for_each_safe'
+  - 'hlist_nulls_for_each_entry'
+  - 'hlist_nulls_for_each_entry_from'
+  - 'hlist_nulls_for_each_entry_rcu'
+  - 'hlist_nulls_for_each_entry_safe'
+  - 'i3c_bus_for_each_i2cdev'
+  - 'i3c_bus_for_each_i3cdev'
+  - 'ide_host_for_each_port'
+  - 'ide_port_for_each_dev'
+  - 'ide_port_for_each_present_dev'
+  - 'idr_for_each_entry'
+  - 'idr_for_each_entry_continue'
+  - 'idr_for_each_entry_continue_ul'
+  - 'idr_for_each_entry_ul'
+  - 'in_dev_for_each_ifa_rcu'
+  - 'in_dev_for_each_ifa_rtnl'
+  - 'inet_bind_bucket_for_each'
+  - 'inet_lhash2_for_each_icsk_rcu'
+  - 'key_for_each'
+  - 'key_for_each_safe'
+  - 'klp_for_each_func'
+  - 'klp_for_each_func_safe'
+  - 'klp_for_each_func_static'
+  - 'klp_for_each_object'
+  - 'klp_for_each_object_safe'
+  - 'klp_for_each_object_static'
+  - 'kunit_suite_for_each_test_case'
+  - 'kvm_for_each_memslot'
+  - 'kvm_for_each_vcpu'
+  - 'list_for_each'
+  - 'list_for_each_codec'
+  - 'list_for_each_codec_safe'
+  - 'list_for_each_continue'
+  - 'list_for_each_entry'
+  - 'list_for_each_entry_continue'
+  - 'list_for_each_entry_continue_rcu'
+  - 'list_for_each_entry_continue_reverse'
+  - 'list_for_each_entry_from'
+  - 'list_for_each_entry_from_rcu'
+  - 'list_for_each_entry_from_reverse'
+  - 'list_for_each_entry_lockless'
+  - 'list_for_each_entry_rcu'
+  - 'list_for_each_entry_reverse'
+  - 'list_for_each_entry_safe'
+  - 'list_for_each_entry_safe_continue'
+  - 'list_for_each_entry_safe_from'
+  - 'list_for_each_entry_safe_reverse'
+  - 'list_for_each_entry_srcu'
+  - 'list_for_each_prev'
+  - 'list_for_each_prev_safe'
+  - 'list_for_each_safe'
+  - 'llist_for_each'
+  - 'llist_for_each_entry'
+  - 'llist_for_each_entry_safe'
+  - 'llist_for_each_safe'
+  - 'mci_for_each_dimm'
+  - 'media_device_for_each_entity'
+  - 'media_device_for_each_intf'
+  - 'media_device_for_each_link'
+  - 'media_device_for_each_pad'
+  - 'nanddev_io_for_each_page'
+  - 'netdev_for_each_lower_dev'
+  - 'netdev_for_each_lower_private'
+  - 'netdev_for_each_lower_private_rcu'
+  - 'netdev_for_each_mc_addr'
+  - 'netdev_for_each_uc_addr'
+  - 'netdev_for_each_upper_dev_rcu'
+  - 'netdev_hw_addr_list_for_each'
+  - 'nft_rule_for_each_expr'
+  - 'nla_for_each_attr'
+  - 'nla_for_each_nested'
+  - 'nlmsg_for_each_attr'
+  - 'nlmsg_for_each_msg'
+  - 'nr_neigh_for_each'
+  - 'nr_neigh_for_each_safe'
+  - 'nr_node_for_each'
+  - 'nr_node_for_each_safe'
+  - 'of_for_each_phandle'
+  - 'of_property_for_each_string'
+  - 'of_property_for_each_u32'
+  - 'pci_bus_for_each_resource'
+  - 'pcl_for_each_chunk'
+  - 'pcl_for_each_segment'
+  - 'pcm_for_each_format'
+  - 'ping_portaddr_for_each_entry'
+  - 'plist_for_each'
+  - 'plist_for_each_continue'
+  - 'plist_for_each_entry'
+  - 'plist_for_each_entry_continue'
+  - 'plist_for_each_entry_safe'
+  - 'plist_for_each_safe'
+  - 'pnp_for_each_card'
+  - 'pnp_for_each_dev'
+  - 'protocol_for_each_card'
+  - 'protocol_for_each_dev'
+  - 'queue_for_each_hw_ctx'
+  - 'radix_tree_for_each_slot'
+  - 'radix_tree_for_each_tagged'
+  - 'rb_for_each'
+  - 'rbtree_postorder_for_each_entry_safe'
+  - 'rdma_for_each_block'
+  - 'rdma_for_each_port'
+  - 'rdma_umem_for_each_dma_block'
+  - 'resource_list_for_each_entry'
+  - 'resource_list_for_each_entry_safe'
+  - 'rhl_for_each_entry_rcu'
+  - 'rhl_for_each_rcu'
+  - 'rht_for_each'
+  - 'rht_for_each_entry'
+  - 'rht_for_each_entry_from'
+  - 'rht_for_each_entry_rcu'
+  - 'rht_for_each_entry_rcu_from'
+  - 'rht_for_each_entry_safe'
+  - 'rht_for_each_from'
+  - 'rht_for_each_rcu'
+  - 'rht_for_each_rcu_from'
+  - '__rq_for_each_bio'
+  - 'rq_for_each_bvec'
+  - 'rq_for_each_segment'
+  - 'scsi_for_each_prot_sg'
+  - 'scsi_for_each_sg'
+  - 'sctp_for_each_hentry'
+  - 'sctp_skb_for_each'
+  - 'shdma_for_each_chan'
+  - '__shost_for_each_device'
+  - 'shost_for_each_device'
+  - 'sk_for_each'
+  - 'sk_for_each_bound'
+  - 'sk_for_each_entry_offset_rcu'
+  - 'sk_for_each_from'
+  - 'sk_for_each_rcu'
+  - 'sk_for_each_safe'
+  - 'sk_nulls_for_each'
+  - 'sk_nulls_for_each_from'
+  - 'sk_nulls_for_each_rcu'
+  - 'snd_array_for_each'
+  - 'snd_pcm_group_for_each_entry'
+  - 'snd_soc_dapm_widget_for_each_path'
+  - 'snd_soc_dapm_widget_for_each_path_safe'
+  - 'snd_soc_dapm_widget_for_each_sink_path'
+  - 'snd_soc_dapm_widget_for_each_source_path'
+  - 'tb_property_for_each'
+  - 'tcf_exts_for_each_action'
+  - 'udp_portaddr_for_each_entry'
+  - 'udp_portaddr_for_each_entry_rcu'
+  - 'usb_hub_for_each_child'
+  - 'v4l2_device_for_each_subdev'
+  - 'v4l2_m2m_for_each_dst_buf'
+  - 'v4l2_m2m_for_each_dst_buf_safe'
+  - 'v4l2_m2m_for_each_src_buf'
+  - 'v4l2_m2m_for_each_src_buf_safe'
+  - 'virtio_device_for_each_vq'
+  - 'while_for_each_ftrace_op'
+  - 'xa_for_each'
+  - 'xa_for_each_marked'
+  - 'xa_for_each_range'
+  - 'xa_for_each_start'
+  - 'xas_for_each'
+  - 'xas_for_each_conflict'
+  - 'xas_for_each_marked'
+  - 'xbc_array_for_each_value'
+  - 'xbc_for_each_key_value'
+  - 'xbc_node_for_each_array_value'
+  - 'xbc_node_for_each_child'
+  - 'xbc_node_for_each_key_value'
+  - 'zorro_for_each_dev'
+
+IncludeBlocks: Preserve # Unknown to clang-format-5.0
+IncludeCategories:
+  - Regex: '.*'
+    Priority: 1
+IncludeIsMainRegex: '(Test)?$'
+IndentCaseLabels: false
+IndentGotoLabels: false
+IndentPPDirectives: None # Unknown to clang-format-5.0
+IndentWidth: 8
+IndentWrappedFunctionNames: false
+JavaScriptQuotes: Leave
+JavaScriptWrapImports: true
+KeepEmptyLinesAtTheStartOfBlocks: false
+MacroBlockBegin: ''
+MacroBlockEnd: ''
+MaxEmptyLinesToKeep: 1
+NamespaceIndentation: None
+ObjCBinPackProtocolList: Auto # Unknown to clang-format-5.0
+ObjCBlockIndentWidth: 8
+ObjCSpaceAfterProperty: true
+ObjCSpaceBeforeProtocolList: true
+
+# Taken from git's rules
+PenaltyBreakAssignment: 10 # Unknown to clang-format-4.0
+PenaltyBreakBeforeFirstCallParameter: 30
+PenaltyBreakComment: 10
+PenaltyBreakFirstLessLess: 0
+PenaltyBreakString: 10
+PenaltyExcessCharacter: 100
+PenaltyReturnTypeOnItsOwnLine: 60
+
+PointerAlignment: Right
+ReflowComments: false
+SortIncludes: false
+SortUsingDeclarations: false # Unknown to clang-format-4.0
+SpaceAfterCStyleCast: false
+SpaceAfterTemplateKeyword: true
+SpaceBeforeAssignmentOperators: true
+SpaceBeforeCtorInitializerColon: true # Unknown to clang-format-5.0
+SpaceBeforeInheritanceColon: true # Unknown to clang-format-5.0
+SpaceBeforeParens: ControlStatementsExceptForEachMacros
+SpaceBeforeRangeBasedForLoopColon: true # Unknown to clang-format-5.0
+SpaceInEmptyParentheses: false
+SpacesBeforeTrailingComments: 1
+SpacesInAngles: false
+SpacesInContainerLiterals: false
+SpacesInCStyleCastParentheses: false
+SpacesInParentheses: false
+SpacesInSquareBrackets: false
+Standard: Cpp03
+TabWidth: 8
+UseTab: Always
+...

.codespellrc

@@ -0,0 +1,3 @@
+[codespell]
+skip = ./.git,./test/pki,./tags,./plugins/amdgpu/amdgpu_drm.h,./plugins/amdgpu/drm.h,./plugins/amdgpu/drm_mode.h
+ignore-words-list = creat,fpr,fle,ue,bord,parms,nd,te,testng,inh,wronly,renderd,bui,clen,sems

.github/ISSUE_TEMPLATE.md

@@ -0,0 +1,63 @@
+<!--
+Before reporting a new issue, please make sure that it's not a duplicate.
+
+If you suspect your issue is a bug, please provide information as shown below. If your issue is a feature request, this information is not always necessary.
+-->
+
+**Description**
+
+<!--
+Briefly describe the problem you are having in a few paragraphs.
+-->
+
+**Steps to reproduce the issue:**
+1.
+2.
+3.
+
+**Describe the results you received:**
+
+
+**Describe the results you expected:**
+
+
+**Additional information you deem important (e.g. issue happens only occasionally):**
+
+
+**CRIU logs and information:**
+
+<!--
+You can either attach logs as files to the issue or put them under details
+-->
+
+<details><summary>CRIU full dump/restore logs:</summary>
+<p>
+
+```
+(paste your output here)
+```
+
+</p>
+</details>
+
+<details><summary>Output of `criu --version`:</summary>
+<p>
+
+```
+(paste your output here)
+```
+
+</p>
+</details>
+
+<details><summary>Output of `criu check --all`:</summary>
+<p>
+
+```
+(paste your output here)
+```
+
+</p>
+</details>
+
+**Additional environment details:**

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,18 @@
+<!--
+Please make sure you've read and understood our contributing guidelines:
+https://github.com/checkpoint-restore/criu/blob/criu-dev/CONTRIBUTING.md
+
+In short you need to:
+
+- Describe What you do and How you do it;
+- Separate each logical change into a separate commit;
+- Add a "Signed-off-by:" line identifying that you certify your work with DCO;
+- If you fix some specific bug or commit, please add "Fixes: ..." line;
+- Review fixes should be made by amending the original commits. For example:
+  a) fix the code (e.g. this fixes commit with hash aaa1111)
+  b) git commit -a --fixup aaa1111
+  c) git rebase --interactive --autosquash aaa1111^
+- Pull request integration tests should generally be passing;
+- If you change something non-obvious, please consider adding a ZDTM test for it;
+
+-->

.github/workflows/aarch64-test.yaml

@@ -0,0 +1,34 @@
+name: aarch64 test
+
+on: [push, pull_request]
+
+# Cancel any preceding run on the pull request.
+concurrency:
+  group: aarch64-test-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: ${{ github.ref != 'refs/heads/criu-dev' }}
+
+jobs:
+  build:
+    strategy:
+      matrix:
+        os: [ubuntu-24.04-arm, ubuntu-22.04-arm]
+        target: [GCC=1, CLANG=1]
+
+    runs-on: ${{ matrix.os }}
+
+    steps:
+    - uses: actions/checkout@v4
+    - name: Run Tests ${{ matrix.target }} on ${{ matrix.os }}
+      # Following tests are failing on the VMs:
+      #  ./change_mnt_context --pidfile=change_mnt_context.pid --outfile=change_mnt_context.out
+      #   45: ERR: change_mnt_context.c:23: mount (errno = 22 (Invalid argument))
+      #
+      # In combination with '--remote-lazy-pages' following error occurs:
+      #  138: FAIL: maps05.c:84: Data corrupted at page 1639 (errno = 11 (Resource temporarily unavailable))
+      run: |
+        # The 'sched_policy00' needs the following:
+        sudo sysctl -w kernel.sched_rt_runtime_us=-1
+        # etc/hosts entry is needed for netns_lock_iptables
+        echo "127.0.0.1   localhost" | sudo tee -a /etc/hosts
+        sudo -E make -C scripts/ci local ${{ matrix.target }} RUN_TESTS=1 \
+          ZDTM_OPTS="-x zdtm/static/change_mnt_context -x zdtm/static/maps05"

.github/workflows/alpine-test.yml

@@ -0,0 +1,21 @@
+name: Alpine Test
+
+on: [push, pull_request]
+
+# Cancel any preceding run on the pull request.
+concurrency:
+  group: alpine-test-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: ${{ github.ref != 'refs/heads/criu-dev' }}
+
+jobs:
+  build:
+    strategy:
+      matrix:
+        os: [ubuntu-22.04, ubuntu-22.04-arm]
+        target: [GCC=1, CLANG=1]
+    runs-on: ${{ matrix.os }}
+
+    steps:
+    - uses: actions/checkout@v4
+    - name: Run Alpine ${{ matrix.target }} Test
+      run: sudo -E make -C scripts/ci alpine ${{ matrix.target }}

.github/workflows/archlinux-test.yml

@@ -0,0 +1,16 @@
+name: Arch Linux Test
+
+on: [push, pull_request]
+
+# Cancel any preceding run on the pull request.
+concurrency:
+  group: archlinux-test-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: ${{ github.ref != 'refs/heads/criu-dev' }}
+
+jobs:
+  build:
+    runs-on: ubuntu-22.04
+    steps:
+    - uses: actions/checkout@v4
+    - name: Run Arch Linux Test
+      run: sudo -E make -C scripts/ci archlinux

.github/workflows/check-commits.yml

@@ -0,0 +1,30 @@
+name: Verify self-contained commits
+
+on: pull_request
+
+# Cancel any preceding run on the pull request
+concurrency:
+  group: commit-test-${{ github.event.pull_request.number }}
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    # Check if pull request does not have label "not-selfcontained-ok"
+    if: "!contains(github.event.pull_request.labels.*.name, 'not-selfcontained-ok')"
+    steps:
+    - uses: actions/checkout@v4
+      with:
+        # Needed to rebase against the base branch
+        fetch-depth: 0
+        # Checkout pull request HEAD commit instead of merge commit
+        ref: ${{ github.event.pull_request.head.sha }}
+    - name: Install dependencies
+      run: sudo contrib/apt-install libprotobuf-dev libprotobuf-c-dev protobuf-c-compiler protobuf-compiler python3-protobuf libnl-3-dev libnet-dev libcap-dev uuid-dev
+    - name: Configure git user details
+      run: |
+        git config --global user.email "checkpoint-restore@users.noreply.github.com"
+        git config --global user.name "checkpoint-restore"
+    - name: Configure base branch without switching current branch
+      run: git fetch origin ${{ github.base_ref }}:${{ github.base_ref }}
+    - name: Build each commit
+      run: git rebase ${{ github.base_ref }} -x "make -C scripts/ci check-commit"

.github/workflows/codeql.yml

@@ -0,0 +1,50 @@
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ "criu-dev", "master" ]
+  pull_request:
+    branches: [ "criu-dev" ]
+  schedule:
+    - cron: "11 6 * * 3"
+
+# Cancel any preceding run on the pull request.
+concurrency:
+  group: codeql-test-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: ${{ github.ref != 'refs/heads/criu-dev' }}
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ python, cpp ]
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Install Packages (cpp)
+        if: ${{ matrix.language == 'cpp' }}
+        run: |
+          sudo contrib/apt-install protobuf-c-compiler libprotobuf-c-dev libprotobuf-dev build-essential libprotobuf-dev libprotobuf-c-dev protobuf-c-compiler protobuf-compiler python3-protobuf libnet-dev pkg-config libnl-3-dev libbsd0 libbsd-dev iproute2 libcap-dev libaio-dev libbsd-dev python3-yaml libnl-route-3-dev gnutls-dev
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v3
+        with:
+          languages: ${{ matrix.language }}
+          queries: +security-and-quality
+
+      - name: Autobuild
+        uses: github/codeql-action/autobuild@v3
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v3
+        with:
+          category: "/language:${{ matrix.language }}"

.github/workflows/compat-test.yml

@@ -0,0 +1,21 @@
+name: Compat Tests
+
+on: [push, pull_request]
+
+# Cancel any preceding run on the pull request.
+concurrency:
+  group: compat-test-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: ${{ github.ref != 'refs/heads/criu-dev' }}
+
+jobs:
+  build:
+    runs-on: ubuntu-22.04
+    strategy:
+      matrix:
+        target: [GCC, CLANG]
+
+
+    steps:
+    - uses: actions/checkout@v4
+    - name: Run Compat Tests (${{ matrix.target }})
+      run: sudo -E make -C scripts/ci local COMPAT_TEST=y ${{ matrix.target }}=1

.github/workflows/cross-compile-daily.yml

@@ -0,0 +1,22 @@
+name: Daily Cross Compile Tests
+
+on:
+  schedule:
+    - cron:  '30 12 * * *'
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        target: [armv7-stable-cross, aarch64-stable-cross, ppc64-stable-cross, mips64el-stable-cross, riscv64-stable-cross]
+        branches: [criu-dev, master]
+
+    steps:
+    - uses: actions/checkout@v4
+      with:
+        ref: ${{ matrix.branches }}
+    - name: Run Cross Compilation Targets
+      run: >
+        sudo make -C scripts/ci ${{ matrix.target }}

.github/workflows/cross-compile.yml

@@ -0,0 +1,40 @@
+name: Cross Compile Tests
+
+on: [push, pull_request]
+
+# Cancel any preceding run on the pull request.
+concurrency:
+  group: cross-compile-test-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: ${{ github.ref != 'refs/heads/criu-dev' }}
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+    continue-on-error: ${{ matrix.experimental }}
+    strategy:
+      fail-fast: false
+      matrix:
+        experimental: [false]
+        target: [
+          armv7-stable-cross,
+          aarch64-stable-cross,
+          ppc64-stable-cross,
+          mips64el-stable-cross,
+          riscv64-stable-cross,
+        ]
+        include:
+          - experimental: true
+            target: armv7-unstable-cross
+          - experimental: true
+            target: aarch64-unstable-cross
+          - experimental: true
+            target: ppc64-unstable-cross
+          - experimental: true
+            target: mips64el-unstable-cross
+
+    steps:
+    - uses: actions/checkout@v4
+    - name: Run Cross Compilation Targets
+      run: >
+        sudo make -C scripts/ci ${{ matrix.target }}

.github/workflows/docker-test.yml

@@ -0,0 +1,19 @@
+name: Docker Test
+
+on: [push, pull_request]
+
+# Cancel any preceding run on the pull request.
+concurrency:
+  group: docker-test-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: ${{ github.ref != 'refs/heads/criu-dev' }}
+
+jobs:
+  build:
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        os: [ubuntu-22.04]
+    steps:
+    - uses: actions/checkout@v4
+    - name: Run Docker Test (${{ matrix.os }})
+      run: sudo make -C scripts/ci docker-test

.github/workflows/fedora-asan-test.yml

@@ -0,0 +1,17 @@
+name: Fedora ASAN Test
+
+on: [push, pull_request]
+
+# Cancel any preceding run on the pull request.
+concurrency:
+  group: fedora-asan-test-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: ${{ github.ref != 'refs/heads/criu-dev' }}
+
+jobs:
+  build:
+    runs-on: ubuntu-22.04
+
+    steps:
+    - uses: actions/checkout@v4
+    - name: Run Fedora ASAN Test
+      run: sudo -E make -C scripts/ci fedora-asan

.github/workflows/fedora-rawhide-test.yml

@@ -0,0 +1,21 @@
+name: Fedora Rawhide Test
+
+on: [push, pull_request]
+
+# Cancel any preceding run on the pull request.
+concurrency:
+  group: fedora-rawhide-test-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: ${{ github.ref != 'refs/heads/criu-dev' }}
+
+jobs:
+  build:
+    runs-on: ubuntu-22.04
+
+    steps:
+    - uses: actions/checkout@v4
+    - name: Run Fedora Rawhide Test
+      # We need to pass environment variables from the CI environment to
+      # distinguish between CI environments. However, we need to make sure that
+      # XDG_RUNTIME_DIR environment variable is not set due to a bug in Podman.
+      # FIXME: https://github.com/containers/podman/issues/14920
+      run: sudo -E XDG_RUNTIME_DIR= make -C scripts/ci fedora-rawhide CONTAINER_RUNTIME=podman BUILD_OPTIONS="--security-opt seccomp=unconfined"

.github/workflows/gcov-test.yml

@@ -0,0 +1,21 @@
+name: Coverage Tests
+
+on: [push, pull_request]
+
+# Cancel any preceding run on the pull request.
+concurrency:
+  group: gcov-test-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: ${{ github.ref != 'refs/heads/criu-dev' }}
+
+jobs:
+  build:
+    runs-on: ubuntu-22.04
+
+    steps:
+    - uses: actions/checkout@v4
+    - name: Run Coverage Tests
+      run: sudo -E make -C scripts/ci local GCOV=1
+    - name: Run gcov
+      run: sudo -E find . -name '*gcda' -type f -print0 | sudo -E xargs --null --max-args 128 --max-procs 4 gcov
+    - name: Run Coverage Analysis
+      run: sudo -E make codecov

.github/workflows/java-test.yml

@@ -0,0 +1,16 @@
+name: Java Test
+
+on: [push, pull_request]
+
+# Cancel any preceding run on the pull request.
+concurrency:
+  group: java-test-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: ${{ github.ref != 'refs/heads/criu-dev' }}
+
+jobs:
+  build:
+    runs-on: ubuntu-22.04
+    steps:
+    - uses: actions/checkout@v4
+    - name: Run Java Test
+      run: sudo make -C scripts/ci java-test

.github/workflows/lint.yml

@@ -0,0 +1,40 @@
+name: Run code linter
+
+on: [push, pull_request]
+
+# Cancel any preceding run on the pull request.
+concurrency:
+  group: lint-test-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: ${{ github.ref != 'refs/heads/criu-dev' }}
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    container:
+      image: registry.fedoraproject.org/fedora:latest
+    steps:
+    - name: Install tools
+      run: sudo dnf -y install git make ruff xz clang-tools-extra codespell git-clang-format ShellCheck
+
+    - uses: actions/checkout@v4
+
+    - name: Set git safe directory
+      # https://github.com/actions/checkout/issues/760
+      run: git config --global --add safe.directory "$GITHUB_WORKSPACE"
+
+    - name: Run make lint
+      run: make lint
+
+    - name: Run make indent
+      continue-on-error: true
+      run: |
+        if [ -z "${{github.base_ref}}" ]; then
+          git fetch --deepen=1
+          make indent
+        else
+          git fetch origin ${{github.base_ref}}
+          make indent BASE=origin/${{github.base_ref}}
+        fi
+    - name: Raise in-line make indent warnings
+      run: |
+        git diff | ./scripts/github-indent-warnings.py

.github/workflows/loongarch64-qemu-test.yml

@@ -0,0 +1,15 @@
+name: LoongArch64 Qemu Test
+
+on: [push, pull_request]
+
+# Cancel any preceding run on the pull request.
+concurrency:
+  group: loongarch64-qemu-test-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: ${{ github.ref != 'refs/heads/criu-dev' }}
+
+jobs:
+  build:
+    runs-on: ubuntu-22.04
+    steps:
+      - uses: actions/checkout@v4
+      - run: sudo make -C scripts/ci loongarch64-qemu-test

.github/workflows/manage-labels.yml

@@ -0,0 +1,14 @@
+name: Remove labels
+on: [issue_comment, pull_request_review_comment]
+jobs:
+  remove-labels-on-comments:
+    name: Remove labels on comments
+    if: github.event_name == 'issue_comment'
+    runs-on: ubuntu-latest
+    steps:
+      - uses: mondeja/remove-labels-gh-action@v1
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          labels: |
+            changes requested
+            awaiting reply

.github/workflows/nftables-test.yml

@@ -0,0 +1,24 @@
+name: Nftables bases testing
+
+on: [push, pull_request]
+
+# Cancel any preceding run on the pull request.
+concurrency:
+  group: nftables-test-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: ${{ github.ref != 'refs/heads/criu-dev' }}
+
+jobs:
+  build:
+    runs-on: ubuntu-24.04
+    steps:
+    - uses: actions/checkout@v4
+    - name: Remove iptables
+      run: sudo apt remove -y iptables
+    - name: Install libnftables-dev
+      run: sudo contrib/apt-install libnftables-dev
+    - name: chmod 755 /home/runner
+      # CRIU's tests are sometimes running as some random user and need
+      # to be able to access the test files.
+      run: sudo chmod 755 /home/runner
+    - name: Build with nftables network locking backend
+      run: sudo make -C scripts/ci local COMPILE_FLAGS="NETWORK_LOCK_DEFAULT=NETWORK_LOCK_NFTABLES"

.github/workflows/podman-test.yml

@@ -0,0 +1,16 @@
+name: Podman Test
+
+on: [push, pull_request]
+
+# Cancel any preceding run on the pull request.
+concurrency:
+  group: podman-test-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: ${{ github.ref != 'refs/heads/criu-dev' }}
+
+jobs:
+  build:
+    runs-on: ubuntu-22.04
+    steps:
+    - uses: actions/checkout@v4
+    - name: Run Podman Test
+      run: sudo make -C scripts/ci podman-test

.github/workflows/stale.yml

@@ -0,0 +1,27 @@
+name: Mark stale issues and pull requests
+
+# Please refer to https://github.com/actions/stale/blob/master/action.yml
+# to see all config knobs of the stale action.
+
+on:
+  schedule:
+  - cron: "0 0 * * *"
+
+jobs:
+  stale:
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/stale@v5
+      with:
+        repo-token: ${{ secrets.GITHUB_TOKEN }}
+        stale-issue-message: 'A friendly reminder that this issue had no activity for 30 days.'
+        stale-pr-message: 'A friendly reminder that this PR had no activity for 30 days.'
+        stale-issue-label: 'stale-issue'
+        stale-pr-label: 'stale-pr'
+        days-before-stale: 30
+        days-before-close: 365
+        remove-stale-when-updated: true
+        exempt-pr-labels: 'no-auto-close'
+        exempt-issue-labels: 'no-auto-close,new feature,enhancement'

.github/workflows/stream-test.yml

@@ -0,0 +1,17 @@
+name: CRIU Image Streamer Test
+
+on: [push, pull_request]
+
+# Cancel any preceding run on the pull request.
+concurrency:
+  group: stream-test-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: ${{ github.ref != 'refs/heads/criu-dev' }}
+
+jobs:
+  build:
+    runs-on: ubuntu-22.04
+
+    steps:
+    - uses: actions/checkout@v4
+    - name: Run CRIU Image Streamer Test
+      run: sudo -E make -C scripts/ci local STREAM_TEST=1

.github/workflows/x86-64-clang-test.yml

@@ -0,0 +1,16 @@
+name: X86_64 CLANG Test
+
+on: [push, pull_request]
+
+# Cancel any preceding run on the pull request.
+concurrency:
+  group: clang-test-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: ${{ github.ref != 'refs/heads/criu-dev' }}
+
+jobs:
+  build:
+    runs-on: ubuntu-22.04
+    steps:
+    - uses: actions/checkout@v4
+    - name: Run X86_64 CLANG Test
+      run: sudo make -C scripts/ci x86_64 CLANG=1

.github/workflows/x86-64-gcc-test.yml

@@ -0,0 +1,16 @@
+name: X86_64 GCC Test
+
+on: [push, pull_request]
+
+# Cancel any preceding run on the pull request.
+concurrency:
+  group: gcc-test-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: ${{ github.ref != 'refs/heads/criu-dev' }}
+
+jobs:
+  build:
+    runs-on: ubuntu-22.04
+    steps:
+    - uses: actions/checkout@v4
+    - name: Run X86_64 GCC Test
+      run: sudo make -C scripts/ci x86_64

.gitignore

@@ -20,25 +20,16 @@ compel/compel
 compel/compel-host-bin
 images/*.c
 images/*.h
-images/google/protobuf/*.c
-images/google/protobuf/*.h
 .gitid
 criu/criu
-crit/crit
-criu/arch/*/sys-exec-tbl*.c
-# x86 syscalls-table is not generated
-!criu/arch/x86/sys-exec-tbl.c
-criu/arch/*/syscalls*.S
-criu/include/syscall-codes*.h
-criu/include/syscall*.h
+criu/unittest/unittest
 criu/include/version.h
 criu/pie/restorer-blob.h
 criu/pie/parasite-blob.h
 criu/protobuf-desc-gen.h
 lib/build/
 lib/c/criu.pc
-scripts/build/qemu-user-static/*
-lib/.crit-setup.files
 compel/include/asm
 include/common/asm
 include/common/config.h
+build/**

.lgtm.yml

@@ -0,0 +1,25 @@
+extraction:
+  cpp:
+    prepare:
+      packages:
+      - "protobuf-c-compiler"
+      - "libprotobuf-c-dev"
+      - "libprotobuf-dev"
+      - "build-essential"
+      - "libprotobuf-dev"
+      - "libprotobuf-c-dev"
+      - "protobuf-c-compiler"
+      - "protobuf-compiler"
+      - "python3-protobuf"
+      - "libnet-dev"
+      - "pkg-config"
+      - "libnl-3-dev"
+      - "libbsd0"
+      - "libbsd-dev"
+      - "iproute2"
+      - "libcap-dev"
+      - "libaio-dev"
+      - "libbsd-dev"
+      - "python3-yaml"
+      - "libnl-route-3-dev"
+      - "gnutls-dev"

.mailmap

@@ -1,6 +1,10 @@
 Stanislav Kinsbursky <skinsbursky@parallels.com> <skinsbursky@openvz.org>
 Pavel Emelyanov <xemul@parallels.com> <xemul@openvz.org>
-Andrey Vagin <avagin@parallels.com> <avagin@openvz.org>
-Andrey Vagin <avagin@parallels.com> <avagin@gmail.com>
-Andrey Vagin <avagin@parallels.com> Andrew Vagin <avagin@parallels.com>
+Andrei Vagin <avagin@gmail.com> <avagin@openvz.org>
+Andrei Vagin <avagin@gmail.com> <avagin@parallels.com>
+Andrei Vagin <avagin@gmail.com> <avagin@virtuozzo.com>
+Andrei Vagin <avagin@gmail.com> <avagin@odin.com>
+Andrei Vagin <avagin@gmail.com> <avagin@google.com>
 Cyrill Gorcunov <gorcunov@openvz.org> <gorcunov@gmail.com>
+Alexander Mikhalitsyn <alexander@mihalicyn.com> <alexander.mikhalitsyn@virtuozzo.com>
+Alexander Mikhalitsyn <alexander@mihalicyn.com> <aleksandr.mikhalitsyn@canonical.com>

.travis.yml

@@ -1,43 +0,0 @@
-language: c
-sudo: required
-dist: xenial
-cache: ccache
-services:
-  - docker
-env:
-  - TR_ARCH=local
-  - TR_ARCH=local       CLANG=1
-  - TR_ARCH=local       COMPAT_TEST=y
-  - TR_ARCH=local       CLANG=1 COMPAT_TEST=y
-  - TR_ARCH=alpine
-  - TR_ARCH=fedora-asan
-  - TR_ARCH=x86_64
-  - TR_ARCH=x86_64      CLANG=1
-  - TR_ARCH=armv7hf
-  - TR_ARCH=aarch64
-  - TR_ARCH=ppc64le
-  - TR_ARCH=s390x
-  - TR_ARCH=armv7hf     CLANG=1
-  - TR_ARCH=aarch64     CLANG=1
-  - TR_ARCH=ppc64le     CLANG=1
-  - TR_ARCH=alpine      CLANG=1
-  - TR_ARCH=docker-test
-  - TR_ARCH=fedora-rawhide
-  - TR_ARCH=fedora-rawhide-aarch64
-  - TR_ARCH=centos
-  - TR_ARCH=podman-test
-matrix:
-  allow_failures:
-    - env: TR_ARCH=docker-test
-    - env: TR_ARCH=fedora-rawhide
-    - env: TR_ARCH=fedora-rawhide-aarch64
-    - env: TR_ARCH=s390x
-    - env: TR_ARCH=local       GCOV=1
-    - env: TR_ARCH=local       COMPAT_TEST=y
-    - env: TR_ARCH=local       CLANG=1 COMPAT_TEST=y
-script:
-  - sudo make CCACHE=1 -C scripts/travis $TR_ARCH
-after_success:
-  - ccache -s
-  - make -C scripts/travis after_success
-group: deprecated-2017Q2

CLAUDE.md

@@ -0,0 +1 @@
+GEMINI.md

CONTRIBUTING.md

@@ -0,0 +1,417 @@
+## How to contribute to CRIU
+
+CRIU project is (almost) the never-ending story, because we have to always keep up with the
+Linux kernel supporting checkpoint and restore for all the features it provides. Thus we're
+looking for contributors of all kinds -- feedback, bug reports, testing, coding, writing, etc.
+Here are some useful hints to get involved.
+
+* We have both -- [very simple](https://github.com/checkpoint-restore/criu/issues?q=is%3Aissue+is%3Aopen+label%3Aenhancement) and [more sophisticated](https://github.com/checkpoint-restore/criu/issues?q=is%3Aissue+is%3Aopen+label%3A%22new+feature%22) coding tasks;
+* CRIU does need [extensive testing](https://github.com/checkpoint-restore/criu/issues?q=is%3Aissue+is%3Aopen+label%3Atesting);
+* Documentation is always hard, we have [some information](https://criu.org/Category:Empty_articles) that is to be extracted from people's heads into wiki pages as well as [some texts](https://criu.org/Category:Editor_help_needed) that all need to be converted into useful articles;
+* Feedback is expected on the GitHub issues page and on the [mailing list](https://lore.kernel.org/criu);
+* We accept GitHub pull requests and this is the preferred way to contribute to CRIU. If you prefer to send patches by email, you are welcome to send them to [CRIU development mailing list](https://lore.kernel.org/criu).
+Below we describe in more detail recommend practices for CRIU development.
+* Spread the word about CRIU in [social networks](http://criu.org/Contacts);
+* If you're giving a talk about CRIU -- let us know, we'll mention it on the [wiki main page](https://criu.org/News/events);
+
+### Setting up the development environment
+
+Although `criu` could be run as non-root (see [Security](https://criu.org/Security)), development is better to be done as root. For example, some tests require root. So, it would be a good idea to set up some recent Linux distro on a virtual machine.
+
+### Get the source code
+
+The CRIU sources are tracked by Git. Official CRIU repo is at https://github.com/checkpoint-restore/criu.
+
+The repository may contain multiple branches. Development happens in the **criu-dev** branch.
+
+To clone CRIU repo and switch to the proper branch, run:
+
+```
+git clone https://github.com/checkpoint-restore/criu criu
+cd criu
+git checkout criu-dev
+```
+
+### Building from source
+
+Follow these steps to compile CRIU from source code.
+
+#### Installing build dependencies
+
+First, you need to install the required build dependencies. We provide scripts to simplify this process for several Linux distributions in [contrib/dependencies](contrib/dependencies). For a complete list of dependencies, please refer to the [installation guide](https://criu.org/Installation).
+
+##### On Ubuntu/Debian-based systems:
+
+```
+./contrib/dependencies/apt-packages.sh
+```
+
+##### On Fedora/CentOS-based systems:
+
+```
+./contrib/dependencies/dnf-packages.sh
+```
+
+##### Using Nix:
+
+```
+nix develop
+```
+
+#### Compiling CRIU
+
+Once the dependencies are installed, you can compile CRIU by running the `make` command from the root of the source directory:
+
+```
+make
+```
+
+This should create the `./criu/criu` executable.
+
+## Edit the source code
+
+When you change the source code, please keep in mind the following code conventions:
+
+* code is written to be read, so the code readability is the most important thing you need to have in mind when preparing patches
+* we prefer tabs and indentations to be 8 characters width
+* we prefer line length of 80 characters or less, more is allowed if it helps with code readability
+* CRIU mostly follows [Linux kernel coding style](https://www.kernel.org/doc/Documentation/process/coding-style.rst), but we are less strict than the kernel community
+
+Other conventions can be learned from the source code itself. In short, make sure your new code looks similar to what is already there.
+
+## Automatic tools to fix coding-style
+
+Important: These tools are there to advise you, but should not be considered as a "source of truth", as tools also make nasty mistakes from time to time which can completely break code readability.
+
+The following command can be used to automatically run a code linter for Python files (ruff), Shell scripts (shellcheck),
+text spelling (codespell), and a number of CRIU-specific checks (usage of print macros and EOL whitespace for C files).
+
+```
+make lint
+```
+
+In addition, we have adopted a [clang-format configuration file](https://www.kernel.org/doc/Documentation/process/clang-format.rst)
+based on the kernel source tree. However, compliance with the clang-format autoformat rules is optional. If the automatic code formatting
+results in decreased readability, we may choose to ignore these errors.
+
+Run the following command to check if your changes are compliant with the clang-format rules:
+
+```
+make indent
+```
+
+This command is built upon the `git-clang-format` tool and supports two options `BASE` and `OPTS`. The `BASE` option allows you to
+specify a range of commits to check for coding style issues. By default, it is set to `HEAD~1`, so that only the last commit is checked.
+If you are developing on top of the criu-dev branch and want to check all your commits for compliance with the clang-format rules, you
+can use `BASE=origin/criu-dev`. The `OPTS` option can be used to pass additional options to `git-clang-format`. For example, if you want
+to check the last *N* commits for formatting errors, without applying the changes to the codebase you can use the following command.
+
+```
+make indent OPTS=--diff BASE=HEAD~N
+```
+
+Note that for pull requests, the "Run code linter" workflow runs these checks for all commits. If a clang-format error is detected
+we need to review the suggested changes and decide if they should be fixed before merging.
+
+Here are some bad examples of clang-format-ing:
+
+* if clang-format tries to force 120 characters and breaks readability - it is wrong:
+
+```
+@@ -58,8 +59,7 @@ static int register_membarriers(void)
+         }
+
+         if (!all_ok) {
+-                fail("can't register membarrier()s - tried %#x, kernel %#x",
+-                     barriers_registered, barriers_supported);
++                fail("can't register membarrier()s - tried %#x, kernel %#x", barriers_registered, barriers_supported);
+                 return -1;
+         }
+```
+
+* if clang-format breaks your beautiful readability friendly alignment in structures, comments or defines - it is wrong:
+
+```
+--- a/test/zdtm/static/membarrier.c
++++ b/test/zdtm/static/membarrier.c
+@@ -27,9 +27,10 @@ static const struct {
+        int register_cmd;
+        int execute_cmd;
+ } membarrier_cmds[] = {
+-       { "",           MEMBARRIER_CMD_REGISTER_PRIVATE_EXPEDITED,           MEMBARRIER_CMD_PRIVATE_EXPEDITED },
+-       { "_SYNC_CORE", MEMBARRIER_CMD_REGISTER_PRIVATE_EXPEDITED_SYNC_CORE, MEMBARRIER_CMD_PRIVATE_EXPEDITED_SYNC_CORE },
+-       { "_RSEQ",      MEMBARRIER_CMD_REGISTER_PRIVATE_EXPEDITED_RSEQ,      MEMBARRIER_CMD_PRIVATE_EXPEDITED_RSEQ },
++       { "", MEMBARRIER_CMD_REGISTER_PRIVATE_EXPEDITED, MEMBARRIER_CMD_PRIVATE_EXPEDITED },
++       { "_SYNC_CORE", MEMBARRIER_CMD_REGISTER_PRIVATE_EXPEDITED_SYNC_CORE,
++         MEMBARRIER_CMD_PRIVATE_EXPEDITED_SYNC_CORE },
++       { "_RSEQ", MEMBARRIER_CMD_REGISTER_PRIVATE_EXPEDITED_RSEQ, MEMBARRIER_CMD_PRIVATE_EXPEDITED_RSEQ },
+ };
+```
+
+## Test your changes
+
+CRIU comes with an extensive test suite. To check whether your changes introduce any regressions, run
+
+```
+make test
+```
+
+The command runs [ZDTM Test Suite](https://criu.org/ZDTM_Test_Suite). Check for any error messages produced by it.
+
+## Describe your changes
+
+Describe your problem.  Whether your change is a one-line bug fix or
+5000 lines of a new feature, there must be an underlying problem that
+motivated you to do this work.  Convince the reviewer that there is a
+problem worth fixing and that it makes sense for them to read past the
+first paragraph.
+
+Once the problem is established, describe what you are actually doing
+about it in technical detail. It's important to describe the change
+in plain English for the reviewer to verify that the code is behaving
+as you intend it to.
+
+Solve only one problem per commit. If your description starts to get
+long, that's a sign that you probably need to split up your commit.
+See [Separate your changes](#separate-your-changes).
+
+Describe your changes in imperative mood, e.g. "make xyzzy do frotz"
+instead of "[This commit] makes xyzzy do frotz" or "[I] changed xyzzy
+to do frotz", as if you are giving orders to the codebase to change
+its behaviour.
+
+If your change fixes a bug in a specific commit, e.g. you found an issue using
+`git bisect`, please use the `Fixes:` tag with the abbreviation of
+the SHA-1 ID, and the one line summary. For example:
+
+```
+Fixes: 9433b7b9db3e ("make: use cflags/ldflags for config.h detection mechanism")
+```
+
+The following `git config` settings can be used to add a pretty format for
+outputting the above style in the `git log` or `git show` commands:
+
+```
+[pretty]
+    fixes = Fixes: %h (\"%s\")
+```
+
+If your change address an issue listed in GitHub, please use `Fixes:` tag with the number of the issue. For instance:
+
+```
+Fixes: #339
+```
+
+The `Fixes:` tags should be put at the end of the detailed description.
+
+Please add a prefix to your commit subject line describing the part of the
+project your change is related to. This can be either the name of the file or
+directory you changed, or just a general word. If your patch is touching
+multiple components you may separate prefixes with "/"-es. Here are some good
+examples of subject lines from git log:
+
+```
+criu-ns: Convert to python3 style print() syntax
+compel: Calculate sh_addr if not provided by linker
+style: Enforce kernel style -Wstrict-prototypes
+rpc/libcriu: Add lsm-profile option
+```
+
+You may refer to [How to Write a Git Commit
+Message](https://chris.beams.io/posts/git-commit/) article for
+recommendations for good commit message.
+
+## Separate your changes
+
+Separate each **logical change** into a separate commit.
+
+For example, if your changes include both bug fixes and performance
+enhancements for a single driver, separate those changes into two
+or more commits.  If your changes include an API update, and a new
+driver which uses that new API, separate those into two commits.
+
+On the other hand, if you make a single change to numerous files,
+group those changes into a single commit.  Thus a single logical change
+is contained within a single commit.
+
+The point to remember is that each commit should make an easily understood
+change that can be verified by reviewers.  Each commit should be justifiable
+on its own merits.
+
+When dividing your change into a series of commits, take special care to
+ensure that CRIU builds and runs properly after each commit in the
+series.  Developers using `git bisect` to track down a problem can end up
+splitting your patch series at any point; they will not thank you if you
+introduce bugs in the middle.
+
+## Sign your work
+
+To improve tracking of who did what, we ask you to sign off the commits in
+your fork of CRIU or the patches that are to be emailed.
+
+The sign-off is a simple line at the end of the explanation for the
+patch, which certifies that you wrote it or otherwise have the right to
+pass it on as an open-source patch.  The rules are pretty simple: if you
+can certify the below:
+
+### Developer's Certificate of Origin 1.1
+    By making a contribution to this project, I certify that:
+
+    (a) The contribution was created in whole or in part by me and I
+        have the right to submit it under the open source license
+        indicated in the file; or
+
+    (b) The contribution is based upon previous work that, to the best
+        of my knowledge, is covered under an appropriate open source
+        license and I have the right under that license to submit that
+        work with modifications, whether created in whole or in part
+        by me, under the same open source license (unless I am
+        permitted to submit under a different license), as indicated
+        in the file; or
+
+    (c) The contribution was provided directly to me by some other
+        person who certified (a), (b) or (c) and I have not modified
+        it.
+
+    (d) I understand and agree that this project and the contribution
+        are public and that a record of the contribution (including all
+        personal information I submit with it, including my sign-off) is
+        maintained indefinitely and may be redistributed consistent with
+        this project or the open source license(s) involved.
+
+then you just add a line saying
+
+```
+Signed-off-by: Random J Developer <random at developer.example.org>
+```
+
+using your real name (please, no pseudonyms or anonymous contributions if
+it possible).
+
+Hint: you can use `git commit -s` to add Signed-off-by line to your
+commit message. To append such line to a commit you already made, use
+`git commit --amend -s`.
+
+```
+ From: Random J Developer <random at developer.example.org>
+Subject: [PATCH] component: Short patch description
+
+Long patch description (could be skipped if patch
+is trivial enough)
+
+Signed-off-by: Random J Developer <random at developer.example.org>
+---
+Patch body here
+```
+
+## Submit your work upstream
+
+We accept GitHub pull requests and this is the preferred way to contribute to CRIU.
+For that you should push your work to your fork of CRIU at [GitHub](https://github.com) and create a [pull request](https://help.github.com/en/github/collaborating-with-issues-and-pull-requests/about-pull-requests)
+
+### Pull request guidelines
+
+Pull request comment should contain description of the problem your changes
+solve and a brief outline of the changes included in the pull request.
+
+Please avoid pushing fixup commits to an existent pull request. Each commit
+should be self contained and there should not be fixup commits in a patch
+series. Pull requests that contain one commit which breaks something
+and another commit which fixes it, will be rejected.
+
+Please merge the fixup commits into the commits that has introduced the
+problem before creating a pull request.
+
+It may happen that the reviewers were not completely happy with your
+changes and requested changes to your patches. After you updated your
+changes please close the old pull request and create a new one that
+contains the following:
+
+* Description of the problem your changes solve and a brief outline of the
+  changes
+* Link to the previous version of the pull request
+* Brief description of the changes between old and new versions of the pull
+  request. If there were more than one previous pull request, all the
+  revisions should be listed. For example:
+
+```
+v3: rebase on the current criu-dev
+v2: add commit to foo() and update bar() coding style
+```
+
+If there are only minor updates to the commits in a pull request, it is
+possible to force-push them into an existing pull request. This only applies
+to small changes and should be used with care. If you update an existing
+pull request, remember to add the description of the changes from the
+previous version.
+
+### Mailing list submission
+
+Historically, CRIU worked with mailing lists and patches so if you still prefer this way continue reading till the end of this section.
+
+### Make a patch
+
+To create a patch, run
+
+```
+git format-patch --signoff origin/criu-dev
+```
+
+You might need to read GIT documentation on how to prepare patches
+for mail submission. Take a look at http://book.git-scm.com/ and/or
+http://git-scm.com/documentation for details. It should not be hard
+at all.
+
+We recommend to post patches using `git send-email`
+
+```
+git send-email --cover-letter --no-chain-reply-to --annotate \
+               --confirm=always --to=criu@lists.linux.dev criu-dev
+```
+
+Note that the `git send-email` subcommand may not be in
+the main git package and using it may require installation of a
+separate package, for example the "git-email" package in Fedora and
+Debian.
+
+If this is your first time using git send-email, you might need to
+configure it to point it to your SMTP server with something like:
+
+```
+git config --global sendemail.smtpServer stmp.example.net
+```
+
+If you get tired of typing `--to=criu@lists.linux.dev` all the time,
+you can configure that to be automatically handled as well:
+
+```
+git config sendemail.to criu@lists.linux.dev
+```
+
+If a developer is sending another version of the patch (e.g. to address
+review comments), they are advised to note differences to previous versions
+after the `---` line in the patch so that it helps reviewers but
+doesn't become part of git history. Moreover, such patch needs to be prefixed
+correctly with `--subject-prefix=PATCHv2` appended to
+`git send-email` (substitute `v2` with the correct
+version if needed though).
+
+### Mail patches
+
+The patches should be sent to CRIU development mailing list, `criu AT lists.linux.dev`. Note that you need to be subscribed first in order to post. The list web interface is available at https://lore.kernel.org/criu; you can also use standard mailman aliases to work with it.
+
+Please make sure the email client you're using doesn't screw your patch (line wrapping and so on).
+
+>  **Note:** When sending a patch set that consists of more than one patch, please, push your changes in your local repo and provide the URL of the branch in the cover-letter
+
+### Wait for response
+
+Be patient. Most CRIU developers are pretty busy people so if
+there is no immediate response on your patch — don't be surprised,
+sometimes a patch may fly around a week before it gets reviewed.
+
+## Continuous integration
+
+Wiki article: [Continuous integration](https://criu.org/Continuous_integration)
+
+CRIU tests are run for each series sent to the mailing list. If you get a message from our patchwork that patches failed to pass the tests, you have to investigate what is wrong.

Documentation/HOWTO.cross-compile

@@ -1,4 +1,10 @@
-This HOWTO explains how to cross-compile CRIU on x86
+How to cross-compile CRIU on x86:
+
+Use the Dockerfile provided:
+   scripts/build/Dockerfile.armv7-cross
+
+Historical guide how-to do it without docker container:
+[Unsupported, may not work anymore!]
 
  1. Download the protobuf sources.
  2. Apply the patch http://16918.selcdn.ru/crtools/aarch64/0001-protobuf-added-the-support-for-the-acrchitecture-AAr.patch

Documentation/Makefile

@@ -12,7 +12,9 @@ endif
 
 FOOTER		:= footer.txt
 SRC1		+= crit.txt
+SRC1		+= criu-ns.txt
 SRC1		+= compel.txt
+SRC1		+= criu-amdgpu-plugin.txt
 SRC8		+= criu.txt
 SRC		:= $(SRC1) $(SRC8)
 XMLS		:= $(patsubst %.txt,%.xml,$(SRC))
@@ -54,7 +56,7 @@ ifneq ($(USE_ASCIIDOCTOR),)
 	$(Q) $(ASCIIDOC) -b manpage -d manpage -o $@ $<
 else
 	$(Q) $(ASCIIDOC) -b docbook -d manpage -o $(patsubst %.1,%.xml,$@) $<
-	$(Q) $(XMLTO) man -m custom.xsl $(patsubst %.1,%.xml,$@) 2>/dev/null
+	$(Q) $(XMLTO) man -m custom.xsl $(patsubst %.1,%.xml,$@)
 endif
 
 %.8: %.txt $(FOOTER) custom.xsl
@@ -63,7 +65,7 @@ ifneq ($(USE_ASCIIDOCTOR),)
 	$(Q) $(ASCIIDOC) -b manpage -d manpage -o $@ $<
 else
 	$(Q) $(ASCIIDOC) -b docbook -d manpage -o $(patsubst %.8,%.xml,$@) $<
-	$(Q) $(XMLTO) man -m custom.xsl $(patsubst %.8,%.xml,$@) 2>/dev/null
+	$(Q) $(XMLTO) man -m custom.xsl $(patsubst %.8,%.xml,$@)
 endif
 
 %.ps: %.1

Documentation/compel.txt

@@ -86,18 +86,21 @@ Infecting code
 ~~~~~~~~~~~~~~
 The parasitic code is compiled and converted to a header using *compel*, and included here.
 
-*#include <compel/compel.h>*
+*#include <compel/infect.h>*
 
 *#include "parasite.h"*
 
-Following steps are perfomed to infect the victim process:
+Following steps are performed to infect the victim process:
 
     - stop the task: *int compel_stop_task(int pid);*
     - prepare infection handler: *struct parasite_ctl *compel_prepare(int pid);*
     - execute system call: *int compel_syscall(ctl, int syscall_nr, long *ret, int arg ...);*
     - infect victim: *int compel_infect(ctl, nr_thread, size_of_args_area);*
     - cure the victim: *int compel_cure(ctl);* //ctl pointer is freed by this call
-    - Resume victim: *int compel_resume_task(pid, orig_state, state);*
+    - Resume victim: *int compel_resume_task(pid, orig_state, state)* or
+    *int compel_resume_task_sig(pid, orig_state, state, stop_signo).*
+    //compel_resume_task_sig() could be used in case when victim is in stopped state.
+    stop_signo could be read by calling compel_parse_stop_signo().
 
 *ctl* must be configured with blob information by calling *PREFIX_setup_c_header()*, with ctl as its argument.
 *PREFIX* is the argument given to *-p* when calling hgen, else it is deduced from file name.

Documentation/criu-amdgpu-plugin.txt

@@ -0,0 +1,114 @@
+ROCM Support(1)
+===============
+
+NAME
+----
+criu-amdgpu-plugin - A plugin extension to CRIU to support checkpoint/restore in
+userspace for AMD GPUs.
+
+
+CURRENT SUPPORT
+---------------
+Single and Multi GPU systems (Gfx9)
+Checkpoint / Restore on different system
+Checkpoint / Restore inside a docker container
+Pytorch
+Tensorflow
+Using CRIU Image Streamer
+Parallel Restore
+
+DESCRIPTION
+-----------
+Though *criu* is a great tool for checkpointing and restoring running
+applications, it has certain limitations such as it cannot handle
+applications that have device files open. In order to support *ROCm* based
+workloads with *criu* we need to augment criu's core functionality with a
+plugin based extension mechanism. *criu-amdgpu-plugin* provides the necessary support
+to criu to allow Checkpoint / Restore with ROCm.
+
+
+Dependencies
+------------
+*amdkfd support*::
+    In order to snapshot the *VRAM* and other *GPU* device states, we require
+    an updated version of amdkfd(amdgpu) driver.
+
+OPTIONS
+-------
+Optional parameters can be passed in as environment variables before
+executing criu command.
+
+*KFD_FW_VER_CHECK*::
+    Enable or disable firmware version check.
+    If enabled, firmware version on restored gpu needs to be greater than or
+    equal firmware version on checkpointed GPU. Default:Enabled
+
+    E.g:
+    KFD_FW_VER_CHECK=0
+
+*KFD_SDMA_FW_VER_CHECK*::
+    Enable or disable SDMA firmware version check.
+    If enabled, SDMA firmware version on restored gpu needs to be greater than or
+    equal firmware version on checkpointed GPU. Default:Enabled
+
+    E.g:
+    KFD_SDMA_FW_VER_CHECK=0
+
+*KFD_CACHES_COUNT_CHECK*::
+    Enable or disable caches count check. If enabled, the caches count on
+    restored GPU needs to be greater than or equal caches count on checkpointed
+    GPU. Default:Enabled
+
+    E.g:
+    KFD_CACHES_COUNT_CHECK=0
+
+*KFD_NUM_GWS_CHECK*::
+    Enable or disable num_gws check. If enabled, the num_gws on
+    restored GPU needs to be greater than or equal num_gws on checkpointed
+    GPU. Default:Enabled
+
+    E.g:
+    KFD_NUM_GWS_CHECK=0
+
+*KFD_VRAM_SIZE_CHECK*::
+    Enable or disable VRAM size check. If enabled, the VRAM size on
+    restored GPU needs to be greater than or equal VRAM size on checkpointed
+    GPU. Default:Enabled
+
+    E.g:
+    KFD_VRAM_SIZE_CHECK=0
+
+*KFD_NUMA_CHECK*::
+    Enable or disable NUMA CPU region check. If enabled, the plugin will restore
+    GPUs that belong to one CPU NUMA region to the same CPU NUMA region.
+    Default:Enabled
+
+    E.g:
+    KFD_NUMA_CHECK=1
+
+*KFD_CAPABILITY_CHECK*::
+    Enable or disable capability check. If enabled, the capability on
+    restored GPU needs to be equal to the capability on the checkpointed GPU.
+    Default:Enabled
+
+    E.g:
+    KFD_CAPABILITY_CHECK=1
+
+*KFD_MAX_BUFFER_SIZE*::
+    On some systems, VRAM sizes may exceed RAM sizes, and so buffers for dumping
+    and restoring VRAM may be unable to fit. Set to a nonzero value (in bytes)
+    to set a limit on the plugin's memory usage.
+    Default:0 (Disabled)
+
+    E.g:
+    KFD_MAX_BUFFER_SIZE="2G"
+
+
+AUTHOR
+------
+The AMDKFD team.
+
+
+COPYRIGHT
+---------
+Copyright \(C) 2020-2021, Advanced Micro Devices, Inc. (AMD)

Documentation/criu-ns.txt

@@ -0,0 +1,32 @@
+CRIU-NS(1)
+==========
+include::footer.txt[]
+
+NAME
+----
+criu-ns - run criu in different namespaces
+
+SYNOPSIS
+--------
+*criu-ns* 'dump' -t PID [<options>]
+
+*criu-ns* 'pre-dump' -t PID [<options>]
+
+*criu-ns* 'restore' [<options>]
+
+*criu-ns* 'check' [<options>]
+
+DESCRIPTION
+-----------
+The *criu-ns* command executes 'criu' in a new PID and mount namespace.
+The purpose of this wrapper script is to enable restoring a process tree
+that might require a specific PID that is already used on the system;
+so called "PID mismatch" problem.
+
+SEE ALSO
+--------
+nsenter(1) namespaces(7) criu(8)
+
+AUTHOR
+------
+The CRIU team

Documentation/criu.txt

@@ -24,8 +24,8 @@ on a different system, or both.
 OPTIONS
 -------
 
-Most of the true / false long options (the ones without arguments) can be
-prefixed with *--no-* to negate the option (example: *--display-stats*
+Most of the long flags can be
+prefixed with *no-* to negate the option (example: *--display-stats*
 and *--no-display-stats*).
 
 Common options
@@ -33,12 +33,11 @@ Common options
 Common options are applicable to any 'command'.
 
 *-v*[*v*...], *--verbosity*::
-    Increase verbosity up from the default level. Multiple *v* can be used,
-    each increasing verbosity by one level. Using long option without argument
-    increases verbosity by one level.
+    Increase verbosity up from the default level. In case of short option,
+    multiple *v* can be used, each increasing verbosity by one.
 
-*-v*'num', *--verbosity*='num'::
-    Set verbosity level to 'num'. The higher the level, the more output
+**-v**__num__, **--verbosity=**__num__::
+    Set verbosity level to _num_. The higher the level, the more output
     is produced.
     +
 The following levels are available:
@@ -57,26 +56,31 @@ The following levels are available:
     Pass a specific configuration file to criu.
 
 *--no-default-config*::
-    Forbid parsing of default configuration files.
+    Disable parsing of default configuration files.
 
 *--pidfile* 'file'::
     Write root task, service or page-server pid into a 'file'.
 
 *-o*, *--log-file* 'file'::
-    Write logging messages to 'file'.
+    Write logging messages to a 'file'.
 
 *--display-stats*::
-    During dump as well as during restore *criu* collects information
-    like the time required to dump or restore the process or the
+    During dump, as well as during restore, *criu* collects some statistics,
+    like the time required to dump or restore the process, or the
     number of pages dumped or restored. This information is always
-    written to the files 'stats-dump' and 'stats-restore' and can
-    be easily displayed using *crit*. The option *--display-stats*
-    additionally prints out this information on the console at the end
-    of a dump or a restore.
+    saved to the *stats-dump* and *stats-restore* files, and can
+    be shown using *crit*(1). The option *--display-stats*
+    prints out this information on the console at the end
+    of a dump or restore operation.
 
 *-D*, *--images-dir* 'path'::
     Use 'path' as a base directory where to look for sets of image files.
 
+*--stream*::
+    dump/restore images using criu-image-streamer.
+    See https://github.com/checkpoint-restore/criu-image-streamer for detailed
+    usage.
+
 *--prev-images-dir* 'path'::
     Use 'path' as a parent directory where to look for sets of image files.
     This option makes sense in case of incremental dumps.
@@ -91,6 +95,19 @@ The following levels are available:
 *-L*, *--libdir* 'path'::
     Path to plugins directory.
 
+*--enable-fs* ['fs'[,'fs'...]]::
+    Specify a comma-separated list of filesystem names that should
+    be auto-detected. The value 'all' enables auto-detection for
+    all filesystems.
++
+Note: This option is not safe, use at your own risk.
+Auto-detecting a filesystem mount assumes that the mountpoint can
+be restored with *mount(src, mountpoint, flags, options)*. When used,
+*dump* is expected to always succeed if a mountpoint is to be
+auto-detected, however *restore* may fail (or do something wrong)
+if the assumption for restore logic is incorrect. This option is
+not compatible with *--external* *dev*.
+
 *--action-script* 'script'::
     Add an external action script to be executed at certain stages.
     The environment variable *CRTOOLS_SCRIPT_ACTION* is available
@@ -138,6 +155,17 @@ The following levels are available:
             notification message contains a file descriptor for
             the master pty
 
+        *query-ext-files*:::
+            called after the process tree is stopped and network is locked.
+            This hook is used only in the RPC mode. The notification reply
+            contains file ids to be added to external file list (may be empty).
+
+*--unprivileged*::
+    This option tells *criu* to accept the limitations when running
+    as non-root. Running as non-root requires *criu* at least to have
+    *CAP_SYS_ADMIN* or *CAP_CHECKPOINT_RESTORE*. For details about running
+    *criu* as non-root please consult the *NON-ROOT* section.
+
 *-V*, *--version*::
     Print program version and exit.
 
@@ -156,6 +184,12 @@ In addition, *page-server* options may be specified.
     Turn on memory changes tracker in the kernel. If the option is
     not passed the memory tracker get turned on implicitly.
 
+*--pre-dump-mode*='mode'::
+    There are two 'mode' to operate pre-dump algorithm. The 'splice' mode
+    is parasite based, whereas 'read' mode is based on process_vm_readv
+    syscall. The 'read' mode incurs reduced frozen time and reduced
+    memory pressure as compared to 'splice' mode. Default is 'splice' mode.
+
 *dump*
 ~~~~~~
 Performs a checkpoint procedure.
@@ -179,7 +213,7 @@ In other words, do not use it unless really needed.
 *-s*, *--leave-stopped*::
     Leave tasks in stopped state after checkpoint, instead of killing.
 
-*--external* 'type'*[*'id'*]:*'value'::
+*--external* __type__**[**__id__**]:**__value__::
     Dump an instance of an external resource. The generic syntax is
     'type' of resource, followed by resource 'id' (enclosed in literal
     square brackets), and optional 'value' (prepended by a literal colon).
@@ -188,35 +222,48 @@ In other words, do not use it unless really needed.
     Note to restore external resources, either *--external* or *--inherit-fd*
     is used, depending on resource type.
 
-*--external mnt[*'mountpoint'*]:*'name'::
+*--external* **mnt[**__mountpoint__**]:**__name__::
     Dump an external bind mount referenced by 'mountpoint', saving it
     to image under the identifier 'name'.
 
-*--external mnt[]:*'flags'::
+*--external* **mnt[]:**__flags__::
     Dump all external bind mounts, autodetecting those. Optional 'flags'
     can contain *m* to also dump external master mounts, *s* to also
     dump external shared mounts (default behavior is to abort dumping
     if such mounts are found). If 'flags' are not provided, colon
     is optional.
 
-*--external dev[*'major'*/*'minor'*]:*'name'::
+*--external* **dev[**__major__**/**__minor__**]:**__name__::
     Allow to dump a mount namespace having a real block device mounted.
     A block device is identified by its 'major' and 'minor' numbers,
     and *criu* saves its information to image under the identifier 'name'.
 
-*--external file[*'mnt_id'*:*'inode'*]*::
+*--external* **file[**__mnt_id__**:**__inode__**]**::
     Dump an external file, i.e. an opened file that is can not be resolved
     from the current mount namespace, which can not be dumped without using
     this option. The file is identified by 'mnt_id' (a field obtained from
-    */proc/*'pid'*/fdinfo/*'N') and 'inode' (as returned by *stat*(2)).
+    **/proc/**__pid__**/fdinfo/**__N__) and 'inode' (as returned by
+    *stat*(2)).
 
-*--external tty[*'rdev'*:*'dev'*]*::
+*--external* **tty[**__rdev__**:**__dev__**]**::
     Dump an external TTY, identified by *st_rdev* and *st_dev* fields
     returned by *stat*(2).
 
-*--external unix[*'id'*]*::
+*--external* **unix[**__id__**]**::
     Tell *criu* that one end of a pair of UNIX sockets (created by
-    *socketpair*(2)) with 'id' is OK to be disconnected.
+    *socketpair*(2)) with the given _id_ is OK to be disconnected.
+
+*--external* **net[**__inode__**]:**__name__::
+    Mark a network namespace as external and do not include it in the
+    checkpoint. The label 'name' can be used with *--inherit-fd* during
+    restore to specify a file descriptor to a preconfigured network
+    namespace.
+
+*--external* **pid[**__inode__**]:**__name__::
+    Mark a PID namespace as external. This can be later used to restore
+    a process into an existing PID namespace. The label 'name' can be
+    used to assign another PID namespace during restore with the help
+    of *--inherit-fd*.
 
 *--freeze-cgroup*::
    Use cgroup freezer to collect processes.
@@ -266,14 +313,42 @@ For example, the command line for the above example should look like this:
     discovered automatically (usually via */proc*). This option is
     useful when one needs *criu* to skip some controllers.
 
-*--cgroup-props-ignore-default*::
-    When combined with *--cgroup-props*, makes *criu* substitute
-    a predefined controller property with the new one shipped. If the option
-    is not used, the predefined properties are merged with the provided ones.
+*--cgroup-yard* 'path'::
+    Instead of trying to mount cgroups in CRIU, provide a path to a directory
+    with already created cgroup yard. Useful if you don't want to grant
+    CAP_SYS_ADMIN to CRIU. For every cgroup mount there should be exactly one
+    directory. If there is only one controller in this mount, the dir's name
+    should be just the name of the controller. If there are multiple controllers
+    comounted, the directory name should have them be separated by a comma.
++
+For example, if */proc/cgroups* looks like this:
++
+----------
+#subsys_name hierarchy num_cgroups enabled
+cpu          1         1           1
+devices      2         2           1
+freezer      2         2           1
+----------
++
+then you can create the cgroup yard by the following commands:
++
+----------
+mkdir private_yard
+cd private_yard
+mkdir cpu
+mount -t cgroup -o cpu none cpu
+mkdir devices,freezer
+mount -t cgroup -o devices,freezer none devices,freezer
+----------
 
 *--tcp-established*::
     Checkpoint established TCP connections.
 
+*--tcp-close*::
+    Don't dump the state of, or block, established tcp connections
+    (including the connection is once established but now closed).
+    This is useful when tcp connections are not going to be restored.
+
 *--skip-in-flight*::
     This option skips in-flight TCP connections. If any TCP connections
     that are not yet completely established are found, *criu* ignores
@@ -303,6 +378,10 @@ For example, the command line for the above example should look like this:
     Allows to link unlinked files back, if possible (modifies filesystem
     during *restore*).
 
+*--timeout* 'number'::
+    Set a time limit in seconds for collecting tasks during the
+    dump operation. The timeout is 10 seconds by default.
+
 *--ghost-limit* 'size'::
     Set the maximum size of deleted file to be carried inside image.
     By default, up to 1M file is allowed. Using this
@@ -310,6 +389,13 @@ For example, the command line for the above example should look like this:
     'size' may be postfixed with a *K*, *M* or *G*, which stands for kilo-,
     mega, and gigabytes, accordingly.
 
+*--ghost-fiemap*::
+    Enable an optimization based on fiemap ioctl that can reduce the
+    number of system calls used when checkpointing highly sparse ghost
+    files. This option is enabled by default, and it can be disabled
+    with *--no-ghost-fiemap*. An automatic fallback to SEEK_HOLE/SEEK_DATA
+    is used when fiemap is not supported.
+
 *-j*, *--shell-job*::
     Allow one to dump shell jobs. This implies the restored task will
     inherit session and process group ID from the *criu* itself.
@@ -347,22 +433,78 @@ By default the option is set to *fpu* and *ins*.
     option is intended for post-copy (lazy) migration and should be
     used in conjunction with *restore* with appropriate options.
 
+*--file-validation* ['mode']::
+    Set the method to be used to validate open files. Validation is done
+    to ensure that the version of the file being restored is the same
+    version when it was dumped.
++
+The 'mode' may be one of the following:
+
+    *filesize*:::
+                To explicitly use only the file size check all the time.
+                This is the fastest and least intensive check.
+
+    *buildid*:::
+                To validate ELF files with their build-ID. If the
+                build-ID cannot be obtained, 'chksm-first' method will be
+                used. This is the default if mode is unspecified.
+
+*--network-lock* ['mode']::
+    Set the method to be used for network locking/unlocking. Locking is done
+    to ensure that tcp packets are dropped between dump and restore. This is
+    done to avoid the kernel sending RST when a packet arrives destined for
+    the dumped process.
++
+The 'mode' may be one of the following:
+
+    *iptables*::: Use iptables rules to drop the packets.
+    This is the default if 'mode' is not specified.
+
+    *nftables*::: Use nftables rules to drop the packets.
+
+    *skip*::: Don't lock the network. If *--tcp-close* is not used, the network
+    must be locked externally to allow CRIU to dump TCP connections.
+
+*--allow-uprobes*::
+    Allow dumping when uprobes vma is present. When used on dump, this option is
+    required on restore as well.
+
+    A uprobes vma is automatically created by the kernel once a uprobe is
+    triggered. This mapping is not removed even once the uprobe is deleted. So,
+    even if a process once had uprobes attached to it, and they're removed by
+    the time the process is dumped, this option is still required because criu
+    has no way of knowing whether there are active uprobes or not.
+
+    When using this option on restore, make sure the uprobes (if any) active on
+    the dumped processes are still active. Otherwise, when execution reaches
+    a uprobe'd location in any of the restored processes, that process will be
+    sent a SIGTRAP.
+
+    As an example, say a uprobe is set at function foo in the executable of the
+    process p_bar. Whenever execution in p_bar reaches function foo, the uprobe
+    is triggered. If the uprobe has been triggered at least once, then the kernel
+    will have created the uprobes vma. To dump p_bar, this option is
+    necessary. After dumping, say the uprobe is deleted. Now, on restoring with
+    this option, once execution reaches function foo, SIGTRAP will be sent to
+    the restored p_bar. Unless it has a signal handler installed for SIGTRAP,
+    it will be terminated and core dumped.
+
 *restore*
 ~~~~~~~~~
 Restores previously checkpointed processes.
 
-*--inherit-fd* *fd[*'N'*]:*'resource'::
+*--inherit-fd* **fd[**__N__**]:**__resource__::
     Inherit a file descriptor. This option lets *criu* use an already opened
     file descriptor 'N' for restoring a file identified by 'resource'.
     This option can be used to restore an external resource dumped
-    with the help of *--external* *file*, *tty*, and *unix* options.
+    with the help of *--external* *file*, *tty*, *pid* and *unix* options.
 +
 The 'resource' argument can be one of the following:
 +
-    - *tty[*'rdev'*:*'dev'*]*
-    - *pipe[*'inode'*]*
-    - *socket[*'inode'*]*
-    - *file[*'mnt_id'*:*'inode'*]*
+    - **tty[**__rdev__**:**__dev__**]**
+    - **pipe:[**__inode__**]**
+    - **socket:[**__inode__*]*
+    - **file[**__mnt_id__**:**__inode__**]**
     - 'path/to/file'
 
 +
@@ -385,8 +527,10 @@ usually need to be escaped from shell.
 
 *-r*, *--root* 'path'::
     Change the root filesystem to 'path' (when run in a mount namespace).
+    This option is required to restore a mount namespace. The directory
+    'path' must be a mount point and its parent must not be overmounted.
 
-*--external* 'type'*[*'id'*]:*'value'::
+*--external* __type__**[**__id__**]:**__value__::
     Restore an instance of an external resource. The generic syntax is
     'type' of resource, followed by resource 'id' (enclosed in literal
     square brackets), and optional 'value' (prepended by a literal colon).
@@ -396,7 +540,7 @@ usually need to be escaped from shell.
     the help of *--external* *file*, *tty*, and *unix* options), option
     *--inherit-fd* should be used.
 
-*--external mnt[*'name'*]:*'mountpoint'::
+*--external* **mnt[**__name__**]:**__mountpoint__::
     Restore an external bind mount referenced in the image by 'name',
     bind-mounting it from the host 'mountpoint' to a proper mount point.
 
@@ -404,26 +548,36 @@ usually need to be escaped from shell.
     Restore all external bind mounts (dumped with the help of
     *--external mnt[]* auto-detection).
 
-*--external dev[*'name'*]:*'/dev/path'::
+*--external* **dev[**__name__**]:**__/dev/path__::
     Restore an external mount device, identified in the image by 'name',
     using the existing block device '/dev/path'.
 
-*--external veth[*'inner_dev'*]:*'outer_dev'*@*'bridge'::
+*--external* **veth[**__inner_dev__**]:**__outer_dev__**@**__bridge__::
     Set the outer VETH device name (corresponding to 'inner_dev' being
-    restored) to 'outer_dev'. If optional *@*'bridge' is specified,
+    restored) to 'outer_dev'. If optional **@**_bridge_ is specified,
     'outer_dev' is added to that bridge. If the option is not used,
     'outer_dev' will be autogenerated by the kernel.
 
-*--external macvlan[*'inner_dev'*]:*'outer_dev'::
+*--external* **macvlan[**__inner_dev__**]:**__outer_dev__::
     When restoring an image that have a MacVLAN device in it, this option
     must be used to specify to which 'outer_dev' (an existing network device
     in CRIU namespace) the restored 'inner_dev' should be bound to.
 
+*-J*, *--join-ns* **NS**:{**PID**|**NS_FILE**}[,**EXTRA_OPTS**]::
+    Restore process tree inside an existing namespace. The namespace can
+    be specified in 'PID' or 'NS_FILE' path format (example:
+    *--join-ns net:12345* or *--join-ns net:/foo/bar*). Currently supported
+    values for **NS** are: *ipc*, *net*, *time*, *user*, and *uts*.
+    This option doesn't support joining a PID namespace, however, this is
+    possible using *--external* and *--inheritfd*. 'EXTRA_OPTS' is optional
+    and can be used to specify UID and GID for user namespace (e.g.,
+    *--join-ns user:PID,UID,GID*).
+
 *--manage-cgroups* ['mode']::
     Restore cgroups configuration associated with a task from the image.
     Controllers are always restored in an optimistic way -- if already present
     in system, *criu* reuses it, otherwise it will be created.
-
++
 The 'mode' may be one of the following:
 
     *none*:::   Do not restore cgroup properties but require cgroup to
@@ -433,7 +587,7 @@ The 'mode' may be one of the following:
 
     *soft*:::   Restore cgroup properties if only cgroup has been created
                 by *criu*, otherwise do not restore properties. This is the
-		default if mode is unspecified.
+                default if mode is unspecified.
 
     *full*:::   Always restore all cgroups and their properties.
 
@@ -442,6 +596,11 @@ The 'mode' may be one of the following:
 
     *ignore*::: Don't deal with cgroups and pretend that they don't exist.
 
+*--cgroup-yard* 'path'::
+    Instead of trying to mount cgroups in CRIU, provide a path to a directory
+    with already created cgroup yard. For more information look in the *dump*
+    section.
+
 *--cgroup-root* ['controller'*:*]/'newroot'::
     Change the root cgroup the controller will be installed into. No controller
     means that root is the default for all controllers not specified.
@@ -454,16 +613,38 @@ The 'mode' may be one of the following:
 *--tcp-close*::
     Restore connected TCP sockets in closed state.
 
-*--veth-pair* 'IN'*=*'OUT'::
+*--veth-pair* __IN__**=**__OUT__::
     Correspondence between outside and inside names of veth devices.
 
 *-l*, *--file-locks*::
     Restore file locks from the image.
 
-*--lsm-profile* 'type'*:*'name'::
-    Specify an LSM profile to be used during restore. The `type` can be
+*--lsm-profile* __type__**:**__name__::
+    Specify an LSM profile to be used during restore. The _type_ can be
     either *apparmor* or *selinux*.
 
+*--lsm-mount-context* 'context'::
+    Specify a new mount context to be used during restore.
++
+This option will only replace existing mount context information
+with the one specified with this option. Mounts without the
+'context=' option will not be changed.
++
+If a mountpoint has been checkpointed with an option like
+
+    context="system_u:object_r:container_file_t:s0:c82,c137"
++
+it is possible to change this option using
+
+    --lsm-mount-context "system_u:object_r:container_file_t:s0:c204,c495"
++
+which will result that the mountpoint will be restored
+with the new 'context='.
++
+This option is useful if using *selinux* and if the *selinux*
+labels need to be changed on restore like if a container is
+restored into an existing Pod.
+
 *--auto-dedup*::
     As soon as a page is restored it get punched out from image.
 
@@ -516,6 +697,29 @@ are not adequate, but this can be suppressed by using *--cpu-cap=none*.
    restored process.
    This option requires running *lazy-pages* daemon.
 
+*--file-validation* ['mode']::
+    Set the method to be used to validate open files. Validation is done
+    to ensure that the version of the file being restored is the same
+    version when it was dumped.
++
+The 'mode' may be one of the following:
+
+    *filesize*:::
+                To explicitly use only the file size check all the time.
+                This is the fastest and least intensive check.
+
+    *buildid*:::
+                To validate ELF files with their build-ID. If the
+                build-ID cannot be obtained, 'chksm-first' method will be
+                used. This is the default if mode is unspecified.
+
+*--skip-file-rwx-check*::
+    Skip checking file permissions (r/w/x for u/g/o) on restore.
+
+*--allow-uprobes*::
+    Required when dumped with this option. Refer to this option in the section
+    on dumping for more details.
+
 *check*
 ~~~~~~~
 Checks whether the kernel supports the features needed by *criu* to
@@ -526,17 +730,17 @@ check* always checks Category 1 features unless *--feature* is specified
 which only checks a specified feature.
 
 *Category 1*::: Absolutely required. These are features like support for
-		*/proc/PID/map_files*, *NETLINK_SOCK_DIAG* socket
-		monitoring, */proc/sys/kernel/ns_last_pid* etc.
+        */proc/PID/map_files*, *NETLINK_SOCK_DIAG* socket
+        monitoring, */proc/sys/kernel/ns_last_pid* etc.
 
 *Category 2*::: Required only for specific cases. These are features
-		like AIO remap, */dev/net/tun* and others that are only
-		required if a process being dumped or restored
-		is using those.
+        like AIO remap, */dev/net/tun* and others that are only
+        required if a process being dumped or restored
+        is using those.
 
 *Category 3*::: Experimental. These are features like *task-diag* that
-		are used for experimental purposes (mostly
-		during development).
+        are used for experimental purposes (mostly
+        during development).
 
 If there are no errors or warnings, *criu* prints "Looks good." and its
 exit code is 0.
@@ -722,6 +926,42 @@ configuration file will overwrite all other configuration file settings
 or RPC options. *This can lead to undesired behavior of criu and
 should only be used carefully.*
 
+NON-ROOT
+--------
+*criu* can be used as non-root with either the *CAP_SYS_ADMIN* capability
+or with the *CAP_CHECKPOINT_RESTORE* capability introduces in Linux kernel 5.9.
+*CAP_CHECKPOINT_RESTORE* is the minimum that is required.
+
+*criu* also needs either *CAP_SYS_PTRACE* or a value of 0 in
+*/proc/sys/kernel/yama/ptrace_scope* (see *ptrace*(2)) to be able to interrupt
+the process for dumping.
+
+Running *criu* as non-root has many limitations and depending on the process
+to checkpoint and restore it may not be possible.
+
+In addition to *CAP_CHECKPOINT_RESTORE* it is possible to give *criu* additional
+capabilities to enable additional features in non-root mode.
+
+Currently *criu* can benefit from the following additional capabilities:
+
+    - *CAP_NET_ADMIN*
+    - *CAP_SYS_CHROOT*
+    - *CAP_SETUID*
+    - *CAP_SYS_RESOURCE*
+
+Note that for some operations, having a capability in a namespace other than
+the init namespace (i.e. the default/root namespace) is not sufficient. For
+example, in order to read symlinks in proc/[pid]/map_files CRIU requires
+CAP_CHECKPOINT_RESTORE in the init namespace; having CAP_CHECKPOINT_RESTORE
+while running in another user namespace (e.g. in a container) does not allow
+CRIU to read symlinks in /proc/[pid]/map_files.
+
+Without access to /proc/[pid]/map_files checkpointing/restoring processes
+that have mapped deleted files may not be possible.
+
+Independent of the capabilities it is always necessary to use "*--unprivileged*" to
+accept *criu*'s limitation in non-root mode.
+
 EXAMPLES
 --------
 To checkpoint a program with pid of *1234* and write all image files into

Documentation/logo.svg

@@ -0,0 +1,136 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Generator: Adobe Illustrator 16.0.1, SVG Export Plug-In . SVG Version: 6.00 Build 0)  -->
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
+	 width="560px" height="560px" viewBox="0 0 560 560" enable-background="new 0 0 560 560" xml:space="preserve">
+<path opacity="0.3" fill="#990000" d="M315.137,360.271c-18.771-7.159-41.548-8.85-68.479-8.85c-16.661,0-46.255,2.939-74.654,3.38
+	c11.209-4.884,20.734-10.265,24.842-16.87c14.531-23.346,17.645-65.893,17.645-65.893l-20.758,3.114c0,0-2.591,35.8-16.085,47.733
+	c-5.35,4.736-15.96,7.834-27.916,10.856c2.447-26.071,29.477-57.552,29.477-57.552l-14.874-3.966l-5.88-7.448
+	c0,0-3.011,1.761-7.588,5.315c-18.298,4.208-75.946,20.443-75.946,57.983c0,15.292,5.77,26.308,14.768,34.244
+	c-22.858,26.966-20.755,61.618-20.755,61.618s-8.945,16.61-8.021,31.254c2.083,32.973,34.931,25.097,44.313,26.374
+	c9.644,1.313,34.313-4.18,34.313-4.18s-16.276-2.639-15.329-18.562c0.5-8.369-0.947-27.628-21.404-37.307
+	c-1.13-10.066,2.111-18.309,6.379-28.015c18.452,45.263,92.601,53.97,92.601,53.97c0.393-0.097-10.269,20.047,0.221,35.632
+	c4.652,6.915,18.284,10.019,22.436,19.356c4.151,9.341,2.199,30.354,2.199,30.354s21.267-16.864,27.239-30.18
+	c3.334-7.432,25.989,0.926,25.989-34.047c0-14.077-12.26-26.841-13.675-29.815c-20.858-20.334-5.427-4.743,2.677-8.236
+	c12.758-5.499,35.412,11.657,35.412,11.657s-10.402-20.119-11.437-31.013c-0.795-8.335-4.537-16.816-16.624-30.042
+	c7.166-0.752,20.362,2.327,20.362,2.327s-5.202,11.251-0.879,25.515c3.588,11.84,7.193,7.193,14.736,14.737
+	c6.599,6.598,3.146,26.284,3.146,26.284s4.674-4.513,18.081-18.235c9.072-9.29,23.645-16.717,23.645-47.86
+	C355.312,365.969,334.97,360.979,315.137,360.271z M134.108,285.901c-11.5,13.048-23.667,32.329-28.23,58.293
+	c-4.821-3.519-7.613-8.1-7.613-14.043C98.265,309.699,117.078,295.016,134.108,285.901z"/>
+<path fill="#990000" d="M382.184,115.435c3.654,1.208,7.327,2.37,10.968,3.444c14.16,4.183,26.745-9.798,26.745-9.798
+	s-8.785-2.243-17.857-3.497c12.173-2.653,21.085-18.66,21.085-18.66s-17.366,4.819-27.224,5.087
+	c-2.042,0.057-4.107,0.118-6.189,0.186c2.464-0.37,4.925-0.847,7.361-1.485c14.201-3.714,21.505-23.382,21.505-23.382
+	s-15.411,6.743-24.951,9.239c-2.694,0.703-5.438,1.437-8.197,2.185c3.038-1.071,6.008-2.306,8.815-3.82
+	c12.922-6.965,12.241-29.347,12.241-29.347s-10.162,11.926-18.844,16.605c-3.557,1.916-7.199,3.904-10.846,5.911
+	c3.798-2.277,7.45-4.743,10.596-7.569c10.918-9.814,7.722-29.605,7.722-29.605s-9.801,12.54-17.135,19.131
+	c-8.939,8.037-18.775,14.104-27.014,21.81c-6.427,6.011-25.14,35.236-36.812,46.283c-11.671,11.047-18.301,12.476-19.159,14.388
+	c-0.863,1.913,1.006,30.46-14.078,39.145c-16.476-21.583-50.565-44.007-53.101-72.033c-2.079-22.959,5.209-34.055,19.149-35.316
+	c14.994-1.359,15.998,24.507,15.998,24.507s-1.379,1.064-1.708,6.391c-0.097,0.629-0.145,1.272-0.083,1.934
+	c0.004,0.031,0.008,0.06,0.011,0.091c-0.014,1.674,0.065,3.664,0.278,6.039c1.131,12.474,4.53,14.574,4.53,14.574l2.075-0.722
+	c0,0-2.24-4.079-2.554-7.529c-0.172-1.917-0.187-3.556-0.079-4.977c0.45,0.067,0.949,0.081,1.506,0.031
+	c4.398-0.399,6.049-4.141,5.65-8.539c-0.042-0.45-0.069-0.885-0.094-1.316c2.485-26.032-1.756-29.637,4.788-41.391
+	c9.032-16.218,17.279-16.015,17.279-16.015l1.402-8.155c0,0-6.817,2.462-14.819,13.652c-8.833,12.354-8.983,26.229-9.066,47.958
+	c-0.188-0.761-0.502-1.37-1.017-1.784c-2.457-11.192-9.087-32.13-24.112-30.77c-16.72,1.514-29.419,14.974-26.773,44.171
+	c3.609,39.832,26.186,52.701,29.829,80.84c-13.47-2.349-23.883-10.656-30.866-20.282c-7.803-10.749-7.297-22.949-8.324-24.779
+	c-1.027-1.829-7.761-2.662-20.367-12.627c-12.605-9.965-33.845-37.41-40.78-42.824c-8.895-6.942-19.229-12.111-28.848-19.32
+	c-7.892-5.915-18.769-17.531-18.769-17.531s-1.419,19.995,10.323,28.8c3.386,2.536,7.246,4.665,11.229,6.597
+	c-3.808-1.674-7.616-3.33-11.327-4.925c-9.062-3.887-20.246-14.861-20.246-14.861s1.31,22.353,14.803,28.143
+	c2.931,1.257,6,2.223,9.12,3.019c-2.818-0.5-5.615-0.985-8.357-1.447c-9.728-1.636-25.677-6.981-25.677-6.981
+	s9.025,18.94,23.5,21.376c2.485,0.417,4.975,0.674,7.466,0.822c-2.08,0.118-4.148,0.242-6.183,0.368
+	c-9.843,0.61-27.566-2.645-27.566-2.645S85.667,120.333,110,120c-8.922,2.057-25.678,6.008-25.678,6.008s13.778,12.806,27.508,7.38
+	c3.533-1.394,7.087-2.876,10.62-4.404c-3.726,1.804-7.424,3.581-11.005,5.273c-8.963,4.243-19.428,10.176-19.428,10.176
+	s15.069,9.759,27.305,1.497c0.558-0.378,3.121-1.76,3.678-2.143c-7.904,5.808-19.754,14.937-19.754,14.937
+	s15.802,6.027,27.092-3.354c4.663-3.875,8.104-7.185,12.238-11.618c-3.773,4.55-6.699,8.018-10.634,12.106
+	c-6.839,7.104-13.06,19.791-13.06,19.791s15.597,0.39,24.359-11.388c4.488-6.035,7.482-11.633,10.974-18.191
+	c-3.113,6.479-5.468,11.95-8.911,17.788c-5.018,8.49-7.574,22.624-7.574,22.624s15.342-3.655,21.07-17.17
+	c2.231-5.266,2.107-9.783,3.694-15.291c-1.257,5.272-0.666,9.475-2.24,14.319c-3.045,9.379,0.011,25.554,0.011,25.554
+	s9.713-5.855,10.359-20.52c0.006-0.153,0.5-8.47,0.5-8.625L171,171.496c0,9.917,6.295,23.276,6.295,23.276
+	s11.459-10.649,9.369-25.266c-0.188-1.31-0.1-2.627-0.305-3.947c0.408,1.507,0.998,3.016,1.493,4.524
+	c3.075,9.429,3.5,15.957,3.5,15.957s6.483,1.251,8.73-1.594c0.764,5.625-0.843,10.2-0.843,10.2s5.471-1.1,8.893-3.756
+	c0.705,5.331,0.155,8.789,0.155,8.789s5.106-1.603,8.419-4.323c0.611,4.642,1.764,7.542,1.764,7.542s6.398-0.88,9.021-5.393
+	c0.199,0.038,0.395,0.079,0.59,0.117c2.269,4.875,1.438,8.517,1.438,8.517s7.492-2.14,9.492-6.14c0.003,0,0.007,0,0.01,0
+	c1.798,4,2.727,6.102,2.727,6.102s4.853-2.349,7.093-6.064c0.189,0.009,0.364-0.093,0.547-0.086
+	c-4.702,19.629-23.62,29.658-42.207,42.764c-1.392,0.981-2.712,1.925-3.97,2.884c-2.891,1.512-6.788,3.495-11.311,5.724
+	c-9.829,3.363-23.7,6.057-41.038,4.084c-9.798-1.115-21.037,10.02-21.037,10.02s6.87,4.843,16.565,5.028
+	c-8.819,3.621-17.438,12.632-17.438,12.632s0.045,0.019,0.069,0.029c-27.096,11.688-51.621,29.917-47.651,57.105
+	c2.375,16.27,14.692,25.475,31.704,30.254c-17.81,14.742-32.921,36.129-30.707,60.59c0.134,1.487,0.309,2.916,0.508,4.311
+	c-2.209,5.6-3.288,17.842-2.674,24.886c0.949,10.838,13.686,8.662,18.219,6.729c14.139,12.202,32.258,10.252,32.258,10.252
+	s-17.301,1.211-30.306-11.156c5.551-2.659,6.424-3.925,6.788-11.579c0.36-7.61-9.104-20.759-20.57-21.966
+	c-1.25-20.07,9.861-43.32,30.603-60.203c0.02,0.249,0.023,0.491,0.048,0.742c4.248,46.957,30.584,54.634,81.148,63.26
+	c12.603,2.15,22.04,5.821,29.042,10.457c-3.844,5.388-5.706,21.559-2.895,32.325c3.045,11.655,12.647,14.53,19.429,14.955
+	c-3.304,16.035-11.235,29.024-11.235,29.024s10.015-11.628,15.04-29.016c0.48-0.031,0.928-0.069,1.319-0.114
+	c10.922-1.262,16.17-11.338,14.743-23.071c-1.195-9.826-13.974-24.54-28.598-25.992c-33.117-21.52-109.104-9.05-113.877-61.769
+	c-0.341-3.746-0.517-7.367-0.571-10.888c5.709,1.111,11.782,1.844,18.104,2.244c14.111,28.517,62.158,22.269,95.818,20.694
+	c1.764,3.09,7.043,7.064,13.929,9.779c11.751,4.633,14.889,3.742,18.869,1.502c1.484-0.835,2.828-1.92,3.979-3.155
+	c10.822,10.456,25.37,30.251,25.37,30.251s-12.29-22.284-22.733-33.97c2.601-4.923,2.433-10.619-2.559-13.297
+	c-6.956-3.732-31.321,1.581-36.316,4.981c-30.811,1.668-71.853,6.551-89.576-16.474c41.005,1.192,88.786-9.133,102.385-10.365
+	c21.726-1.966,47.319,1.367,64.887,8.228c-0.783,5.681,1.867,18.47,4.641,25.318c3.316,8.197,11.561,5.887,16.562,3.028
+	c-0.588,13.3-4.495,22.638-4.495,22.638s7.86-14.125,9.117-26.183c4.354-4.041,4.774-5.562,2.904-12.887
+	c-1.849-7.24-14.317-16.821-25.47-15.096c-21.855-8.906-54.594-11.087-75.74-9.175c-18.253,1.653-61.404,10.802-97.611,10.237
+	c-1.895-3.338-3.402-7.122-4.412-11.479c5.113-2.364,10.551-4.388,16.307-5.975c30.999-8.551,40.97-29.258,42.943-48.579
+	c1.127,1.303,1.938,2.069,1.938,2.069s7.087-12.679,5.522-27.275c-0.264-2.469-0.429-4.737-0.553-6.911
+	c2.499,6.741,7.778,13.001,7.778,13.001s16.438-20.208,5.846-27.268c-11.583-7.714-6.836-13.283-4.31-15.299
+	c3.354-1.984,6.973-3.94,10.859-5.817c26.561-12.817,59.903-20.002,64.443-40.039c0.265-1.172,0.388-2.34,0.443-3.507
+	c3.701,2.396,9.165,2.053,9.165,2.053s-0.367-2.88-0.601-7.556c3.747,2.081,8.874,1.758,8.874,1.758s-0.986-2.319-1.255-7.689
+	c3.846,1.998,8.434,2.278,8.434,2.278s-0.725-2.246-1.24-5.573c3.788,0.719,8.84,0.419,8.84,0.419s-3.543-7.302-1.316-16.965
+	c0.357-1.547,0.666-3.09,0.938-4.626c-0.087,1.332-0.169,2.662-0.238,3.985c-0.783,14.742,10.85,24.47,10.85,24.47
+	S337,172.178,337,162.303c0-0.021,0-0.042,0-0.061c0,0.153-0.804,0.309-0.782,0.46c1.951,14.548,13.499,20.839,13.499,20.839
+	s2.388-16.471-1.478-25.542c-1.998-4.686-3.966-9.742-5.688-14.881c2.068,5.344,4.374,10.673,7.067,15.72
+	c6.909,12.952,20.498,15.406,20.498,15.406s-1.832-14.029-7.581-22.041c-3.952-5.505-7.874-11.654-11.551-17.83
+	c4.059,6.22,8.622,12.438,13.631,18.048c9.774,10.953,25.27,9.178,25.27,9.178s-7.323-12.085-14.767-18.552
+	c-4.283-3.722-8.589-7.824-12.754-12.019c4.513,4.047,9.319,7.944,14.31,11.39c12.077,8.341,27.281,0.931,27.281,0.931
+	s-10.533-7.219-18.926-12.302c0.595,0.332,1.186,0.662,1.777,0.988c12.922,7.14,28.146-3.013,28.146-3.013
+	s-12.036-5.887-21.343-9.313C389.896,118.341,386.055,116.903,382.184,115.435z M116.917,367.418
+	c-0.172,0.131-0.344,0.268-0.516,0.398c-17.301-3.899-29.646-12.415-31.124-28.752c-2.244-24.777,21.669-42.631,47.562-54.59
+	c3.553,1,9.203,1.919,15.541,0.503c-4.694,4.817-7.998,9.859-7.998,9.859s2.076,0.564,5.3,0.733
+	C133.582,308.673,115.917,333.715,116.917,367.418z M146.295,295.598c1.834,0.062,3.979-0.014,6.326-0.386
+	c-0.141,0.365-0.274,0.72-0.401,1.069c-10.511,14.57-18.745,34.363-17.404,59.912c-4.522,2.267-9.248,5.074-13.939,8.343
+	C122.237,330.3,136.218,307.613,146.295,295.598z M121.776,368.86c4.131-2.979,8.589-5.697,13.361-8.115
+	c0.358,3.527,1.032,6.741,2.025,9.634C131.805,370.131,126.629,369.657,121.776,368.86z M150.478,350.278
+	c-3.791,0.864-8.16,2.403-12.812,4.546c-0.062-0.425-0.168-0.803-0.224-1.236c-2.557-19.875,3.873-37.276,13.005-51.347
+	c0,0.005-0.007,0.032-0.007,0.032s13.533-3.395,23.088-14.017c-1.715,7.205,0.158,14.79,0.158,14.79s9.774-5.185,16.654-15.216
+	c-0.131,5.548,2.84,10.803,5.451,14.331C193.303,321.731,182.711,342.934,150.478,350.278z M259.516,275.357
+	c0.846-4.127,1.649-8.135,2.42-12.012c2.199-4.002,5.203-6.524,9.011-7.55c3.808-1.04,7.78-1.559,11.919-1.559l1.739-17.042
+	c-5.942,0.378-11.657,1.419-17.144,3.105c-5.492,1.672-10.946,3.611-16.369,5.8c-4.526,4.131-7.915,8.875-10.169,14.237
+	c-2.262,5.359-3.755,11.051-4.655,17.055c-0.906,6.007-1.268,12.17-1.268,18.489v18.209c0,3.23,0.201,6.368,0.779,9.393
+	c0.584,3.045,1.728,5.66,3.543,7.85c3.614,2.588,7.203,3.85,10.822,3.771c3.619-0.066,7.224-0.712,10.842-1.925
+	c3.611-1.23,7.162-2.757,10.647-4.558c3.484-1.811,6.904-3.293,10.266-4.457l7.159-14.521c-2.066,0.505-4.2,1.23-6.394,2.127
+	c-2.199,0.9-4.453,1.643-6.777,2.224c-2.322,0.585-4.649,0.773-6.977,0.585c-2.322-0.189-4.649-1.2-6.976-2.994
+	c-2.063-3.626-3.355-7.475-3.87-11.541c-0.519-4.065-0.612-8.165-0.289-12.296C258.1,283.619,258.674,279.488,259.516,275.357z
+	 M367.6,320.582c-0.196-3.025-1.001-5.908-2.42-8.623c-1.031-3.608-2.649-6.588-4.846-8.905c-2.193-2.333-4.682-4.162-7.458-5.516
+	c-2.773-1.358-5.712-2.364-8.812-3.014c-3.098-0.643-6.004-1.056-8.717-1.259c-2.711-0.188-5.101-0.285-7.166-0.285
+	s-3.419-0.062-4.064-0.189c0.25-1.037,0.449-2.302,0.574-3.783c0.133-1.481,0.322-2.866,0.584-4.162
+	c0.258-1.419,0.512-2.977,0.773-4.65c6.326,0,12.073-0.581,17.242-1.749c5.165-1.148,9.688-3.059,13.558-5.705
+	c3.876-2.646,7.135-6.131,9.781-10.469c2.649-4.318,4.558-9.583,5.715-15.776c-5.684,0-11.596,0.029-17.727,0.093
+	s-12.328,0.158-18.593,0.284c-6.266,0.143-12.431,0.332-18.5,0.583c-6.066,0.27-11.812,0.584-17.236,0.979
+	c0.128,0,0.221,1.387,0.293,4.161c0.062,2.775,0.062,6.465,0,11.035c-0.072,4.588-0.2,9.788-0.386,15.589
+	c-0.199,5.819-0.49,11.73-0.875,17.734c-0.386,6.007-0.878,11.901-1.451,17.72c-0.584,5.815-1.262,10.908-2.035,15.304
+	c5.552-0.268,11.432-0.488,17.624-0.677c2.162-0.065,4.33-0.127,6.503-0.176l1.247-5.547c0.385-2.192,0.708-4.776,0.969-7.739
+	c0.259-2.979,0.513-5.754,0.773-8.338c0.259-3.093,0.386-6.196,0.386-9.286c0.646-0.127,1.677-0.206,3.103-0.206
+	c1.547,0,3.225,0.269,5.039,0.773c1.804,0.519,3.68,1.292,5.612,2.334c1.938,1.041,3.615,2.522,5.034,4.46
+	c1.42,1.925,2.45,4.352,3.104,7.252c0.638,2.914,0.638,6.495,0,10.75l0.631,5.39c1.609,0.033,3.207,0.079,4.796,0.144
+	c6.068,0.189,11.812,0.471,17.234,0.866C367.891,326.747,367.795,323.609,367.6,320.582z M327.506,263.345
+	c0.707-4.397,1.323-8.133,1.835-11.238c1.168-0.521,2.522-0.835,4.069-0.962c1.549-0.125,3.103-0.205,4.65-0.205
+	c1.677,0,3.291,0.031,4.845,0.112c1.547,0.062,2.901,0.093,4.069,0.093c0,1.151-0.041,2.586-0.103,4.256
+	c-0.066,1.688-0.189,3.42-0.389,5.232c-0.189,1.815-0.512,3.578-0.97,5.331c-0.446,1.732-1.127,3.182-2.034,4.347
+	c-0.896,0.918-2.128,1.657-3.681,2.224c-1.543,0.584-3.159,1.042-4.84,1.357c-1.677,0.33-3.291,0.55-4.838,0.677
+	c-1.555,0.141-2.78,0.207-3.682,0.207C326.439,271.542,326.798,267.727,327.506,263.345z M393.035,246.385
+	c-2.517,0.33-4.84,0.584-6.97,0.773c-2.135,0.205-3.781,0.172-4.939-0.096l3.678,2.711c0.899,5.423,1.356,11.051,1.356,16.851
+	c0,5.818-0.195,11.695-0.584,17.642c-0.385,5.941-0.872,11.805-1.45,17.624c-0.581,5.801-1,11.427-1.261,16.85
+	c-0.907,4.522-1.519,9.238-1.835,14.139c-0.331,4.901-0.843,9.713-1.554,14.425c-0.708,4.712-1.812,9.3-3.297,13.761
+	c-1.48,4.443-3.773,8.481-6.869,12.107l-2.908,1.543c0.513,0.52,1.323,0.993,2.42,1.45c1.093,0.457,1.842,0.678,2.23,0.678
+	c2.708-3.23,4.712-6.558,6.004-9.978c1.286-3.419,2.64-6.746,4.069-9.963c1.544-2.711,2.969-5.626,4.261-8.716
+	c1.286-3.107,2.774-6.008,4.455-8.719c1.671-2.708,3.681-5.045,6.008-6.984c2.322-1.938,5.285-3.15,8.903-3.67
+	c0.386-6.319,0.836-13.114,1.354-20.335c0.517-7.235,1.001-14.534,1.451-21.896c0.457-7.361,0.846-14.596,1.168-21.689
+	c0.323-7.111,0.482-13.684,0.482-19.769c-2.713,0-5.458,0.143-8.229,0.394C398.196,245.785,395.553,246.07,393.035,246.385z
+	 M483.002,245c0,4-0.061,5.618-0.188,7.038c-0.135,1.419-0.323,3.525-0.581,5.259c-0.261,1.751-0.584,4.166-0.972,6.752
+	c-0.386,2.584-0.843,6.388-1.354,11.165c-0.519,4.791-1.135,11.551-1.839,19.167c-0.715,7.612-1.519,18.619-2.427,29.619h-32.15
+	c0-15,1.065-26.686,3.192-39.535c2.138-12.847,4.101-25.911,5.911-38.695c-5.034,0.52-9.85,1.042-14.427,1.812
+	c-4.589,0.773-9.136,0.898-13.662,0.52c-0.513,13.682-1.543,27.507-3.097,41.521c-1.553,13.998-3.23,27.586-5.038,40.749
+	c4.52,0,9.396-0.166,14.631-0.496c5.224-0.316,10.292-0.479,15.2-0.479c0.649,1.152,1.285,2.776,1.942,4.838
+	c0.638,2.065,1.22,4.318,1.738,6.779c0.517,2.457,0.997,5.027,1.454,7.753c0.447,2.715,0.873,5.424,1.258,8.135
+	c0.9,6.32,1.681,13.102,2.327,20.336c2.192-6.196,4.454-12.28,6.777-18.209c1.938-5.045,4.004-10.262,6.196-15.699
+	c2.199-5.423,4.327-10.073,6.393-13.936c2.323,0.254,4.649,0.316,6.974,0.188c2.326-0.124,4.681-0.25,7.071-0.392
+	c2.386-0.127,4.775-0.127,7.163,0c2.389,0.142,4.681,0.52,6.88,1.165c-0.257-6.716-0.164-13.619,0.293-20.728
+	c0.449-7.093,1.096-14.204,1.932-21.297c0.841-7.111,1.707-15.14,2.615-22.062c0.907-6.901,1.742-13.27,2.522-21.27H483.002z"/>
+</svg>

GEMINI.md

@@ -0,0 +1,136 @@
+# CRIU (Checkpoint/Restore In User-space)
+
+CRIU is a tool for saving the state of a running application to a set of files
+(checkpointing) and restoring it back to a live state. It is primarily used for
+live migration of containers, in-place updates, and fast application startup.
+
+It is implemented as a command-line tool called `criu`. The two primary commands
+are `dump` and `restore`.
+
+- `dump`: Saves a process tree and all its related resources (file
+  descriptors, IPC, sockets, namespaces, etc.) into a collection of image
+  files.
+- `restore`: Restores processes from image files to the same state they were
+  in before the dump.
+
+## Quick Start
+
+To get a feel for `criu`, you can try checkpointing and restoring a simple
+process.
+
+1.  **Run a simple process:**
+    Open a terminal and run a command that will run for a while. Find its PID.
+    ```bash
+    sleep 1000 &
+    [1] 12345
+    ```
+
+2.  **Dump the process:**
+    As root, use `criu dump` with the process ID (`-t`) and a directory for the
+    image files (`-D`).
+    ```bash
+    sudo criu dump -t 12345 -D /tmp/sleep_images -v4 --shell-job
+    ```
+    The `sleep` process will no longer be running.
+
+3.  **Restore the process:**
+    Use `criu restore` to bring the process back to life from the images.
+    ```bash
+    sudo criu restore -D /tmp/sleep_images -v4 --shell-job
+    ```
+    The `sleep` process will be running again as if nothing happened.
+
+# For Developers and Contributors
+
+This section contains more technical details about CRIU's internals and
+development process.
+
+## Dump Process
+
+On dump, CRIU uses available kernel interfaces to collect information about
+processes. For properties that can only be retrieved from within the process
+itself, CRIU injects a binary blob (called a "parasite") into the process's
+address space and executes it in the context of one of the process's threads.
+This injection is handled by a subproject called **Compel**.
+
+## Restore Process
+
+On restore, CRIU reads the image files to reconstruct the processes. The goal is
+to restore them to the exact state they were in before the dump. The restore
+process is divided into several stages (defined as `CR_STATE_*` in
+`./criu/include/restorer.h`).
+
+The main `criu` process acts as a coordinator. It first restores resources with
+inter-process dependencies (file descriptors, sockets, shared memory,
+namespaces, etc.). It then forks the process tree and sets up namespaces.
+Finally, it restores process-specific resources like file descriptors and memory
+mappings.
+
+A key step involves a small, self-contained binary called the "restorer". All
+restored processes switch to executing this code, which unmaps the CRIU-specific
+memory and restores the application's original memory mappings. On the final
+step, the restorer calls `sigreturn` on a prepared signal frame to resume the
+process with the state it had at the moment of the dump.
+
+## Compel
+
+Compel is a subproject responsible for generating the binary blobs used for the
+parasite code (for dumping) and the restorer code (for restoring). It provides a
+library for injecting and executing this code within the target process's
+address space. It is a separate project because the logic for generating and
+injecting Position-Independent Executable (PIE) code is complex and
+self-contained.
+
+## Coding Style
+
+The C code in the CRIU project follows the
+[Linux Kernel Coding Style](https://www.kernel.org/doc/html/latest/process/coding-style.html).
+Here are some of the main points:
+
+-   **Indentation**: Use tabs, which are set to 8 characters.
+-   **Line Length**: The preferred line limit is 80 characters, but it can be
+    extended to 120 if it improves code readability.
+-   **Braces**:
+    -   The opening brace for a function goes on a new line.
+    -   The opening brace for a block (like `if`, `for`, `while`, `switch`) goes
+        on the same line.
+-   **Spaces**: Use spaces around operators (`+`, `-`, `*`, `/`, `%`, `<`, `>`,
+    `=`, etc.).
+-   **Naming**: Use descriptive names for functions and variables.
+-   **Comments**: Use C-style comments (`/* ... */`). For multi-line comments,
+    the preferred format is:
+    ```c
+    /*
+     * This is a multi-line
+     * comment.
+     */
+    ```
+
+## Code Layout
+
+The code is organized into the following directories:
+
+-   `./compel`: The Compel sub-project.
+-   `./criu`: The main `criu` tool source code.
+-   `./images`: Protobuf descriptions for the image files.
+-   `./test`: All tests.
+-   `./test/zdtm`: The Zero-Downtime Migration (ZDTM) test suite.
+-   `./test/zdtm.py`: The executor script for ZDTM tests.
+-   `./scripts`: Helper scripts.
+-   `./scripts/build`: Docker image files used for CI and cross-compilation
+    checks.
+-   `./crit`: A tool to inspect and manipulate CRIU image files.
+-   `./soccr`: A library for TCP socket checkpoint/restore.
+
+## Tests
+
+The main test suite is ZDTM. Here is an example of how to run a single test:
+
+```bash
+sudo ./test/zdtm.py run -t zdtm/static/env00
+```
+
+Each ZDTM test has three stages: preparation, C/R, and results checks. During
+the test, a process calls `test_daemon()` to signal it is ready for C/R, then
+calls `test_waitsig()` to wait for the C/R stage to complete. After being
+restored, the test checks that all its resources are still in a valid state.

INSTALL.md

@@ -1,11 +1,31 @@
+## Building CRIU from source code
+
+First, you need to install compile-time dependencies. Check [Installation dependencies](https://criu.org/Installation#Dependencies) for more info.
+
+To compile CRIU, run:
+```
+make
+```
+This should create the `./criu/criu` executable.
+
+To change the default behaviour of CRIU, the following variables can be passed
+to the make command:
+
+ * **NETWORK_LOCK_DEFAULT**, can be set to one of the following
+   values: `NETWORK_LOCK_IPTABLES`, `NETWORK_LOCK_NFTABLES`,
+   `NETWORK_LOCK_SKIP`. CRIU defaults to `NETWORK_LOCK_IPTABLES`
+   if nothing is specified. If another network locking backend is
+   needed, `make` can be called like this:
+   `make NETWORK_LOCK_DEFAULT=NETWORK_LOCK_NFTABLES`
+
 ## Installing CRIU from source code
 
 Once CRIU is built one can easily setup the complete CRIU package
 (which includes executable itself, CRIT tool, libraries, manual
 and etc) simply typing
-
-    make install
-
+```
+make install
+```
 this command accepts the following variables:
 
  * **DESTDIR**, to specify global root where all components will be placed under (empty by default);
@@ -16,17 +36,17 @@ this command accepts the following variables:
  * **LIBDIR**, to specify directory where to put libraries (guess the correct path  by default).
 
 Thus one can type
-
-    make DESTDIR=/some/new/place install
-
+```
+make DESTDIR=/some/new/place install
+```
 and get everything installed under `/some/new/place`.
 
 ## Uninstalling CRIU
 
 To clean up previously installed CRIU instance one can type
-
-    make uninstall
-
+```
+make uninstall
+```
 and everything should be removed. Note though that if some variable (**DESTDIR**, **BINDIR**
 and such) has been used during installation procedure, the same *must* be passed with
 uninstall action.

MAINTAINERS

@@ -0,0 +1,8 @@
+Pavel Emelyanov <ovzxemul@gmail.com> (chief)
+Andrey Vagin <avagin@gmail.com>
+Mike Rapoport <rppt@kernel.org>
+Dmitry Safonov <0x7f454c46@gmail.com>
+Adrian Reber <areber@redhat.com>
+Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
+Radostin Stoyanov <rstoyanov@fedoraproject.org>
+Alexander Mikhalitsyn <alexander@mihalicyn.com>

MAINTAINERS_GUIDE.md

@@ -0,0 +1,136 @@
+## Introduction
+
+Dear maintainer. Thank you for investing the time and energy to help
+make CRIU as useful as possible. Maintaining a project is difficult,
+sometimes unrewarding work. Sure, you will contribute cool features
+to the project, but most of your time will be spent reviewing patches,
+cleaning things up, documenting, answering questions, justifying design
+decisions - while everyone else will just have fun! But remember -- the
+quality of the maintainers work is what distinguishes the good projects
+from the great. So please be proud of your work, even the unglamorous
+parts, and encourage a culture of appreciation and respect for *every*
+aspect of improving the project -- not just the hot new features.
+
+Being a maintainer is a time consuming commitment and should not be
+taken lightly. This document is a manual for maintainers old and new.
+It explains what is expected of maintainers, how they should work, and
+what tools are available to them.
+
+This is a living document - if you see something out of date or missing,
+speak up!
+
+## What are a maintainer's responsibility?
+
+Part of a healthy project is to have active maintainers to support the
+community in contributions and perform tasks to keep the project running.
+It is every maintainer's responsibility to:
+
+  * Keep the community a friendly place
+  * Deliver prompt feedback and decisions on pull requests and mailing
+    list threads
+  * Encourage other members to help each other, especially in cases the
+    maintainer is overloaded or feels the lack of needed expertise
+  * Make sure the changes made respects the philosophy, design and
+    roadmap of the project
+
+## How are decisions made?
+
+CRIU is an open-source project with an open design philosophy. This
+means that the repository is the source of truth for EVERY aspect of the
+project. *If it's part of the project, it's in the repo. It's in the
+repo, it's part of the project.*
+
+All decisions affecting CRIU, big and small, follow the same 3 steps:
+
+  * Submit a change. Anyone can do this
+
+  * Discuss it. Anyone can and is encouraged to do this
+
+  * Accept or decline it. Only maintainers do this
+
+*I'm a maintainer, should I make pull requests / send patches too?*
+
+Yes. Nobody should ever push to the repository directly. All changes
+should be made through submitting (and accepting) the change.
+
+### Two-steps decision making ###
+
+Since CRIU is extremely complex piece of software we try double hard
+not to make mistakes, that would be hard to fix in the future. In order
+to facilitate this, the "final" decision is made in two stages:
+
+  * We definitely want to try something out
+
+  * We think that the attempt was successful
+
+Respectively, new features get accepted first into the *criu-dev* branch and
+after they have been validated they are merged into the *master* branch. Yet,
+urgent bug fixes may land directly in the master branch. If a change in
+the criu-dev branch is considered to be bad (whatever it means), then it
+can be reverted without propagation to the master branch. Reverting from
+the master branch is expected not to happen at all, but if such an
+extraordinary case occurs, the impact of this step, especially the question
+of backward compatibility, should be considered in the most careful manner.
+
+## Who decides what?
+
+All decisions can be expressed as changes to the repository (either in the
+form of pull requests, or patches sent to the mailing list), and maintainers
+make decisions by merging or rejecting them. Review and approval or
+disagreement can be done by anyone and is denoted by adding a respective
+comment in the pull request. However, merging the change into either branch
+only happens after approvals from maintainers.
+
+In order for a patch to be merged into the criu-dev branch at least two
+maintainers should accept it. In order for a patch to be merged into the
+master branch the majority of maintainers should decide that (then prepare
+a pull request, submit it, etc.).
+
+Overall the maintainer system works because of mutual respect across the
+maintainers of the project. The maintainers trust one another to make
+decisions in the best interests of the project. Sometimes maintainers
+can disagree and this is part of a healthy project to represent the point
+of views of various people. In the case where maintainers cannot find
+agreement on a specific change the role of a Chief Maintainer comes into
+play.
+
+### Chief maintainer
+
+The chief maintainer for the project is responsible for overall architecture
+of the project to maintain conceptual integrity. Large decisions and
+architecture changes should be reviewed by the chief maintainer.
+
+Also the chief maintainer has the veto power on any change submitted
+to any branch. Naturally, a change in the criu-dev branch can be reverted
+after a chief maintainer veto, a change in the master branch must be
+carefully reviewed by the chief maintainer and vetoed in advance.
+
+### How are maintainers added (and removed)?
+
+The best maintainers have a vested interest in the project. Maintainers
+are first and foremost contributors that have shown they are committed to
+the long term success of the project. Contributors wanting to become
+maintainers are expected to be deeply involved in contributing code,
+patches review, and paying needed attention to the issues in the project.
+Just contributing does not make you a maintainer, it is about building trust
+with the current maintainers of the project and being a person that they can
+rely on and trust to make decisions in the best interest of the project.
+
+When a contributor wants to become a maintainer or nominate someone as a
+maintainer, one can submit a "nomination", which technically is the
+respective modification to the `MAINTAINERS` file. When a maintainer feels
+they is unable to perform the required duties, or someone else wants to draw
+the community attention to this fact, one can submit a "(self-)removing"
+change.
+
+The final vote to add or to remove a maintainer is to be approved by the
+majority of current maintainers (with the chief maintainer having veto power
+on that too).
+
+One might have noticed, that the chief maintainer (re-)assignment is not
+regulated by this document. That's true :) However, this can be done. If
+the community decides that the chief maintainer needs to be changed the
+respective "decision making rules" are to be prepared, submitted and
+accepted into this file first.
+
+Good luck!

Makefile

@@ -17,34 +17,41 @@ ifeq ($(origin HOSTCFLAGS), undefined)
         HOSTCFLAGS := $(CFLAGS) $(USERCFLAGS)
 endif
 
-UNAME-M := $(shell uname -m)
-
 #
 # Supported Architectures
-ifneq ($(filter-out x86 arm aarch64 ppc64 s390,$(ARCH)),)
+ifneq ($(filter-out x86 arm aarch64 ppc64 s390 mips loongarch64 riscv64,$(ARCH)),)
         $(error "The architecture $(ARCH) isn't supported")
 endif
 
 # The PowerPC 64 bits architecture could be big or little endian.
 # They are handled in the same way.
-ifeq ($(UNAME-M),ppc64)
+ifeq ($(SUBARCH),ppc64)
         error := $(error ppc64 big endian is not yet supported)
 endif
 
 #
 # Architecture specific options.
 ifeq ($(ARCH),arm)
-        ARMV		:= $(shell echo $(UNAME-M) | sed -nr 's/armv([[:digit:]]).*/\1/p; t; i7')
-        DEFINES		:= -DCONFIG_ARMV$(ARMV) -DCONFIG_VDSO_32
+        ARMV		:= $(shell echo $(SUBARCH) | sed -nr 's/armv([[:digit:]]).*/\1/p; t; i7')
 
         ifeq ($(ARMV),6)
-                USERCFLAGS += -march=armv6
+                ARCHCFLAGS += -march=armv6
         endif
 
         ifeq ($(ARMV),7)
-                USERCFLAGS += -march=armv7-a
+                ARCHCFLAGS += -march=armv7-a+fp
         endif
 
+        ifeq ($(ARMV),8)
+                # Running 'setarch linux32 uname -m' returns armv8l on aarch64.
+                # This tells CRIU to handle armv8l just as armv7hf. Right now this is
+                # only used for compile testing. No further verification of armv8l exists.
+                ARCHCFLAGS += -march=armv7-a
+                ARMV := 7
+        endif
+
+        DEFINES		:= -DCONFIG_ARMV$(ARMV) -DCONFIG_VDSO_32
+
         PROTOUFIX	:= y
 	# For simplicity - compile code in Arm mode without interwork.
 	# We could choose Thumb mode as default instead - but a dirty
@@ -57,6 +64,8 @@ endif
 
 ifeq ($(ARCH),aarch64)
         DEFINES		:= -DCONFIG_AARCH64
+        CC_MBRANCH_PROT := $(shell $(CC) -c -x c /dev/null -mbranch-protection=none -o /dev/null >/dev/null 2>&1 && echo "-mbranch-protection=none")
+        CFLAGS_PIE	:= $(CC_MBRANCH_PROT)
 endif
 
 ifeq ($(ARCH),ppc64)
@@ -69,6 +78,18 @@ ifeq ($(ARCH),x86)
         DEFINES		:= -DCONFIG_X86_64
 endif
 
+ifeq ($(ARCH),mips)
+        DEFINES		:= -DCONFIG_MIPS
+endif
+
+ifeq ($(ARCH),loongarch64)
+        DEFINES		:= -DCONFIG_LOONGARCH64
+endif
+
+ifeq ($(ARCH),riscv64)
+        DEFINES		:= -DCONFIG_RISCV64
+endif
+
 #
 # CFLAGS_PIE:
 #
@@ -77,7 +98,6 @@ endif
 # commit "S/390: Fix 64 bit sibcall".
 ifeq ($(ARCH),s390)
         ARCH		:= s390
-        SRCARCH		:= s390
         DEFINES		:= -DCONFIG_S390
         CFLAGS_PIE	:= -fno-optimize-sibling-calls
 endif
@@ -85,25 +105,47 @@ endif
 CFLAGS_PIE		+= -DCR_NOGLIBC
 export CFLAGS_PIE
 
-LDARCH ?= $(SRCARCH)
+LDARCH ?= $(ARCH)
 export LDARCH
 export PROTOUFIX DEFINES
 
 #
 # Independent options for all tools.
 DEFINES			+= -D_FILE_OFFSET_BITS=64
+DEFINES			+= -D_LARGEFILE64_SOURCE
 DEFINES			+= -D_GNU_SOURCE
 
-WARNINGS		:= -Wall -Wformat-security
+WARNINGS		:= -Wall -Wformat-security -Wdeclaration-after-statement -Wstrict-prototypes
+
+# -Wdangling-pointer results in false warning when we add a list element to
+# local list head variable. It is false positive because before leaving the
+# function we always check that local list head variable is empty, thus
+# insuring that pointer to it is not dangling anywhere, but gcc can't
+# understand it.
+# Note: There is similar problem with kernel list, where this warning is also
+# disabled: https://github.com/torvalds/linux/commit/49beadbd47c2
+WARNINGS		+= -Wno-dangling-pointer -Wno-unknown-warning-option
 
 CFLAGS-GCOV		:= --coverage -fno-exceptions -fno-inline -fprofile-update=atomic
 export CFLAGS-GCOV
 
+ifeq ($(ARCH),mips)
+WARNINGS		:= -rdynamic
+endif
+
+ifeq ($(ARCH),loongarch64)
+WARNINGS		+= -Wno-implicit-function-declaration
+endif
+
 ifneq ($(GCOV),)
         LDFLAGS         += -lgcov
         CFLAGS          += $(CFLAGS-GCOV)
 endif
 
+ifneq ($(NETWORK_LOCK_DEFAULT),)
+	CFLAGS		+= -DNETWORK_LOCK_DEFAULT=$(NETWORK_LOCK_DEFAULT)
+endif
+
 ifeq ($(ASAN),1)
 	CFLAGS-ASAN	:= -fsanitize=address
 	export		CFLAGS-ASAN
@@ -128,12 +170,12 @@ export GMON GMONLDOPT
 endif
 
 AFLAGS			+= -D__ASSEMBLY__
-CFLAGS			+= $(USERCFLAGS) $(WARNINGS) $(DEFINES) -iquote include/
+CFLAGS			+= $(USERCFLAGS) $(ARCHCFLAGS) $(WARNINGS) $(DEFINES) -iquote include/
 HOSTCFLAGS		+= $(WARNINGS) $(DEFINES) -iquote include/
 export AFLAGS CFLAGS USERCLFAGS HOSTCFLAGS
 
 # Default target
-all: criu lib crit
+all: criu lib crit cuda_plugin
 .PHONY: all
 
 #
@@ -188,12 +230,13 @@ criu-deps	+= include/common/asm
 #
 # Configure variables.
 export CONFIG_HEADER := include/common/config.h
-ifeq ($(filter tags etags cscope clean mrproper,$(MAKECMDGOALS)),)
+ifeq ($(filter tags etags cscope clean lint indent fetch-clang-format help mrproper,$(MAKECMDGOALS)),)
 include Makefile.config
 else
 # To clean all files, enable make/build options here
 export CONFIG_COMPAT := y
 export CONFIG_GNUTLS := y
+export CONFIG_HAS_LIBBPF := y
 endif
 
 #
@@ -235,22 +278,19 @@ criu: $(criu-deps)
 	$(Q) $(MAKE) $(build)=criu all
 .PHONY: criu
 
-crit/Makefile: ;
-crit/%: criu .FORCE
-	$(Q) $(MAKE) $(build)=crit $@
-crit: criu
-	$(Q) $(MAKE) $(build)=crit all
-.PHONY: crit
+unittest: $(criu-deps)
+	$(Q) $(MAKE) $(build)=criu unittest
+.PHONY: unittest
 
 
 #
-# Libraries next once crit it ready
+# Libraries next once criu is ready
 # (we might generate headers and such
 # when building criu itself).
 lib/Makefile: ;
-lib/%: crit .FORCE
+lib/%: criu .FORCE
 	$(Q) $(MAKE) $(build)=lib $@
-lib: crit
+lib: criu
 	$(Q) $(MAKE) $(build)=lib all
 .PHONY: lib
 
@@ -259,21 +299,28 @@ clean mrproper:
 	$(Q) $(MAKE) $(build)=criu $@
 	$(Q) $(MAKE) $(build)=soccr $@
 	$(Q) $(MAKE) $(build)=lib $@
+	$(Q) $(MAKE) $(build)=crit $@
 	$(Q) $(MAKE) $(build)=compel $@
 	$(Q) $(MAKE) $(build)=compel/plugins $@
-	$(Q) $(MAKE) $(build)=lib $@
-	$(Q) $(MAKE) $(build)=crit $@
 .PHONY: clean mrproper
 
+clean-amdgpu_plugin:
+	$(Q) $(MAKE) -C plugins/amdgpu clean
+.PHONY: clean-amdgpu_plugin
+
+clean-cuda_plugin:
+	$(Q) $(MAKE) -C plugins/cuda clean
+.PHONY: clean-cuda_plugin
+
 clean-top:
 	$(Q) $(MAKE) -C Documentation clean
 	$(Q) $(MAKE) $(build)=test/compel clean
 	$(Q) $(RM) .gitid
 .PHONY: clean-top
 
-clean: clean-top
+clean: clean-top clean-amdgpu_plugin clean-cuda_plugin
 
-mrproper-top: clean-top
+mrproper-top: clean-top clean-amdgpu_plugin clean-cuda_plugin
 	$(Q) $(RM) $(CONFIG_HEADER)
 	$(Q) $(RM) $(VERSION_HEADER)
 	$(Q) $(RM) $(COMPEL_VERSION_HEADER)
@@ -301,6 +348,18 @@ test: zdtm
 	$(Q) $(MAKE) -C test
 .PHONY: test
 
+amdgpu_plugin: criu
+	$(Q) $(MAKE) -C plugins/amdgpu all
+.PHONY: amdgpu_plugin
+
+cuda_plugin: criu
+	$(Q) $(MAKE) -C plugins/cuda all
+.PHONY: cuda_plugin
+
+crit: lib
+	$(Q) $(MAKE) -C crit
+.PHONY: crit
+
 #
 # Generating tar requires tag matched CRIU_VERSION.
 # If not found then simply use GIT's describe with
@@ -354,17 +413,19 @@ gcov:
 .PHONY: gcov
 
 docker-build:
-	$(MAKE) -C scripts/build/ x86_64 
+	$(MAKE) -C scripts/build/ x86_64
 .PHONY: docker-build
 
 docker-test:
-	docker run --rm -it --privileged criu-x86_64 ./test/zdtm.py run -a -x tcp6 -x tcpbuf6 -x static/rtc -x cgroup
+	docker run --rm --privileged -v /lib/modules:/lib/modules --network=host --cgroupns=host criu-x86_64 \
+		./test/zdtm.py run -a --keep-going --ignore-taint
 .PHONY: docker-test
 
 help:
 	@echo '    Targets:'
 	@echo '      all             - Build all [*] targets'
 	@echo '    * criu            - Build criu'
+	@echo '    * crit            - Build crit'
 	@echo '      zdtm            - Build zdtm test-suite'
 	@echo '      docs            - Build documentation'
 	@echo '      install         - Install CRIU (see INSTALL.md)'
@@ -377,14 +438,76 @@ help:
 	@echo '      cscope          - Generate cscope database'
 	@echo '      test            - Run zdtm test-suite'
 	@echo '      gcov            - Make code coverage report'
+	@echo '      unittest        - Run unit tests'
+	@echo '      lint            - Run code linters'
+	@echo '      indent          - Indent C code'
+	@echo '      amdgpu_plugin   - Make AMD GPU plugin'
+	@echo '      cuda_plugin     - Make NVIDIA CUDA plugin'
 .PHONY: help
 
-lint:
-	flake8 --version
-	flake8 --config=scripts/flake8.cfg test/zdtm.py
-	flake8 --config=scripts/flake8.cfg test/inhfd/*.py
-	flake8 --config=scripts/flake8.cfg test/others/rpc/config_file.py
-	flake8 --config=scripts/flake8.cfg lib/py/images/pb2dict.py
+ruff:
+	@ruff --version
+	ruff check ${RUFF_FLAGS} --config=scripts/ruff.toml \
+		test/zdtm.py \
+		test/inhfd/*.py \
+		test/others/rpc/config_file.py \
+		test/others/action-script/check_actions.py \
+		test/others/pycriu/*.py \
+		lib/pycriu/criu.py \
+		lib/pycriu/__init__.py \
+		lib/pycriu/images/pb2dict.py \
+		lib/pycriu/images/images.py \
+		scripts/criu-ns \
+		test/others/criu-ns/run.py \
+		crit/*.py \
+		crit/crit/*.py \
+		scripts/uninstall_module.py \
+		coredump/ coredump/coredump \
+		scripts/github-indent-warnings.py
+
+shellcheck:
+	shellcheck --version
+	shellcheck scripts/*.sh
+	shellcheck scripts/ci/*.sh
+	shellcheck contrib/apt-install contrib/dependencies/*.sh
+	shellcheck -x test/others/crit/*.sh
+	shellcheck -x test/others/libcriu/*.sh
+	shellcheck -x test/others/crit/*.sh test/others/criu-coredump/*.sh
+	shellcheck -x test/others/config-file/*.sh
+	shellcheck -x test/others/action-script/*.sh
+
+codespell:
+	codespell
+
+lint: ruff shellcheck codespell
+	# Do not append \n to pr_perror, pr_pwarn or fail
+	! git --no-pager grep -E '^\s*\<(pr_perror|pr_pwarn|fail)\>.*\\n"'
+	# Do not use %m with pr_* or fail
+	! git --no-pager grep -E '^\s*\<(pr_(err|perror|warn|pwarn|debug|info|msg)|fail)\>.*%m'
+	# Do not use errno with pr_perror, pr_pwarn or fail
+	! git --no-pager grep -E '^\s*\<(pr_perror|pr_pwarn|fail)\>\(".*".*errno'
+	# End pr_(err|warn|msg|info|debug) with \n
+	! git --no-pager grep -En '^\s*\<pr_(err|warn|msg|info|debug)\>.*);$$' | grep -v '\\n'
+	# No EOL whitespace for C files
+	! git --no-pager grep -E '\s+$$' \*.c \*.h
+.PHONY: lint ruff shellcheck codespell
+
+codecov: SHELL := $(shell command -v bash)
+codecov:
+	curl -Os https://uploader.codecov.io/latest/linux/codecov
+	chmod +x codecov
+	./codecov
+.PHONY: codecov
+
+fetch-clang-format: .FORCE
+	$(E) ".clang-format"
+	$(Q) scripts/fetch-clang-format.sh
+
+BASE ?= "HEAD~1"
+OPTS ?= "--quiet"
+indent:
+	git clang-format --style file --extensions c,h $(OPTS) $(BASE)
+.PHONY: indent
 
 include Makefile.install
 

Makefile.compel

@@ -50,8 +50,8 @@ compel/plugins/%: $(compel-deps) .FORCE
 
 #
 # GNU make 4.x supports targets matching via wide
-# match targeting, where GNU make 3.x series (used on
-# Travis) is not, so we have to write them here explicitly.
+# match targeting, where GNU make 3.x series is not,
+# so we have to write them here explicitly.
 compel/plugins/std.lib.a: $(compel-deps) .FORCE
 	$(Q) $(MAKE) $(build)=compel/plugins $@
 

Makefile.config

@@ -2,12 +2,15 @@ include $(__nmk_dir)utils.mk
 include $(__nmk_dir)msg.mk
 include scripts/feature-tests.mak
 
+# This is a kludge for $(info ...) to not eat spaces.
+S :=
+
 ifeq ($(call try-cc,$(FEATURE_TEST_LIBBSD_DEV),-lbsd),true)
         LIBS_FEATURES	+= -lbsd
         FEATURE_DEFINES	+= -DCONFIG_HAS_LIBBSD
 else
-        $(info Note: Building without setproctitle() and strlcpy() support.)
-        $(info $(info)      To enable these features, please install libbsd-devel (RPM) / libbsd-dev (DEB).)
+        $(info Note: Building without setproctitle() support.)
+        $(info $S      Install libbsd-devel (RPM) / libbsd-dev (DEB) to fix.)
 endif
 
 ifeq ($(call pkg-config-check,libselinux),y)
@@ -15,45 +18,82 @@ ifeq ($(call pkg-config-check,libselinux),y)
         FEATURE_DEFINES	+= -DCONFIG_HAS_SELINUX
 endif
 
+ifeq ($(call pkg-config-check,libbpf),y)
+        LIBS_FEATURES	+= -lbpf
+        FEATURE_DEFINES	+= -DCONFIG_HAS_LIBBPF
+        export CONFIG_HAS_LIBBPF := y
+endif
+
+ifeq ($(call pkg-config-check,libdrm),y)
+        export CONFIG_AMDGPU := y
+        $(info Note: Building with amdgpu_plugin.)
+else
+        $(info Note: Building without amdgpu_plugin.)
+        $(info $S      Install libdrm-devel (RPM) or libdrm-dev (DEB) to fix.)
+endif
+
 ifeq ($(NO_GNUTLS)x$(call pkg-config-check,gnutls),xy)
         LIBS_FEATURES	+= -lgnutls
         export CONFIG_GNUTLS := y
         FEATURE_DEFINES	+= -DCONFIG_GNUTLS
 else
-        $(info Note: Building without GnuTLS support)
+        $(info Note: Building without GnuTLS support.)
+        $(info $S      Install gnutls-devel (RPM) or gnutls-dev (DEB) to fix.)
+endif
+
+ifeq ($(call pkg-config-check,libnftables),y)
+        LIB_NFTABLES	:= $(shell $(PKG_CONFIG) --libs libnftables)
+        ifeq ($(call try-cc,$(FEATURE_TEST_NFTABLES_LIB_API_0),$(LIB_NFTABLES)),true)
+                LIBS_FEATURES	+= $(LIB_NFTABLES)
+                FEATURE_DEFINES	+= -DCONFIG_HAS_NFTABLES_LIB_API_0
+        else ifeq ($(call try-cc,$(FEATURE_TEST_NFTABLES_LIB_API_1),$(LIB_NFTABLES)),true)
+                LIBS_FEATURES	+= $(LIB_NFTABLES)
+                FEATURE_DEFINES	+= -DCONFIG_HAS_NFTABLES_LIB_API_1
+        else
+                $(info Warn: Building without nftables support (incompatible API version).)
+        endif
+else
+        $(info Warn: Building without nftables support.)
+        $(info $S      Install nftables-devel (RPM) or libnftables-dev (DEB) to fix.)
 endif
 
 export LIBS += $(LIBS_FEATURES)
 
+ifneq ($(PLUGINDIR),)
+                FEATURE_DEFINES	+= -DCR_PLUGIN_DEFAULT="\"$(PLUGINDIR)\""
+endif
+
 CONFIG_FILE = .config
 
 $(CONFIG_FILE):
 	touch $(CONFIG_FILE)
 
-ifeq ($(SRCARCH),x86)
+ifeq ($(ARCH),x86)
 # CONFIG_COMPAT is only for x86 now, no need for compile-test other archs
 ifeq ($(call try-asm,$(FEATURE_TEST_X86_COMPAT)),true)
         export CONFIG_COMPAT := y
         FEATURE_DEFINES	+= -DCONFIG_COMPAT
 else
-        $(info Note: Building without ia32 C/R, missed ia32 support in gcc)
-        $(info $(info)      That may be related to missing gcc-multilib in your)
-        $(info $(info)      distribution or you may have Debian with buggy toolchain)
-        $(info $(info)      (issue https://github.com/checkpoint-restore/criu/issues/315))
+        $(info Note: Building without ia32 C/R, missing ia32 support in gcc.)
+        $(info $S      It may be related to missing gcc-multilib in your)
+        $(info $S      distribution, or you may have Debian with buggy toolchain.)
+        $(info $S      See https://github.com/checkpoint-restore/criu/issues/315.)
 endif
 endif
 
 export DEFINES += $(FEATURE_DEFINES)
 export CFLAGS += $(FEATURE_DEFINES)
 
-FEATURES_LIST	:= TCP_REPAIR STRLCPY STRLCAT PTRACE_PEEKSIGINFO \
-	SETPROCTITLE_INIT MEMFD TCP_REPAIR_WINDOW
+FEATURES_LIST	:= TCP_REPAIR PTRACE_PEEKSIGINFO \
+	SETPROCTITLE_INIT TCP_REPAIR_WINDOW MEMFD_CREATE \
+	OPENAT2 NO_LIBC_RSEQ_DEFS
 
 # $1 - config name
 define gen-feature-test
 ifeq ($$(call try-cc,$$(FEATURE_TEST_$(1)),$$(LIBS_FEATURES),$$(DEFINES)),true)
 	$(Q) echo '#define CONFIG_HAS_$(1)' >> $$@
-	$(Q) echo '' >> $$@
+else
+	$(Q) echo '// CONFIG_HAS_$(1) is not set' >> $$@
 endif
 endef
 

Makefile.install

@@ -7,6 +7,7 @@ MANDIR		?= $(PREFIX)/share/man
 INCLUDEDIR	?= $(PREFIX)/include
 LIBEXECDIR	?= $(PREFIX)/libexec
 RUNDIR		?= /run
+PLUGINDIR	?= $(PREFIX)/lib/criu
 
 #
 # For recent Debian/Ubuntu with multiarch support.
@@ -26,7 +27,34 @@ endif
 LIBDIR ?= $(PREFIX)/lib
 
 export PREFIX BINDIR SBINDIR MANDIR RUNDIR
-export LIBDIR INCLUDEDIR LIBEXECDIR
+export LIBDIR INCLUDEDIR LIBEXECDIR PLUGINDIR
+
+# Detect externally managed Python environment (PEP 668).
+PYTHON_EXTERNALLY_MANAGED := $(shell $(PYTHON) -c 'import os, sysconfig; print(int(os.path.isfile(os.path.join(sysconfig.get_path("stdlib"), "EXTERNALLY-MANAGED"))))')
+PIP_BREAK_SYSTEM_PACKAGES ?= 0
+
+# If Python environment is externally managed and PIP_BREAK_SYSTEM_PACKAGES is not set, skip pip install.
+SKIP_PIP_INSTALL := 0
+ifeq ($(PYTHON_EXTERNALLY_MANAGED),1)
+ifeq ($(PIP_BREAK_SYSTEM_PACKAGES),0)
+
+SKIP_PIP_INSTALL := 1
+$(info Warn: Externally managed python environment)
+$(info Consider using PIP_BREAK_SYSTEM_PACKAGES=1)
+
+endif
+endif
+
+# Default flags for pip install:
+# --ignore-installed: Overwrite already installed pycriu/crit packages
+# --no-build-isolation: Use current Python environment to build pycriu/crit packages
+# --no-deps: Don't install any dependencies
+# --no-index: Don't use PyPI index to find packages
+# --progress-bar: Cleaner output
+# --upgrade: Treat the install as an upgrade when replacing the installed version
+PIPFLAGS ?= --ignore-installed --no-build-isolation --no-deps --no-index --progress-bar off --upgrade
+
+export SKIP_PIP_INSTALL PIPFLAGS
 
 install-man:
 	$(Q) $(MAKE) -C Documentation install
@@ -36,22 +64,37 @@ install-lib: lib
 	$(Q) $(MAKE) $(build)=lib install
 .PHONY: install-lib
 
+install-crit: lib
+	$(Q) $(MAKE) $(build)=crit install
+.PHONY: install-crit
+
 install-criu: criu
 	$(Q) $(MAKE) $(build)=criu install
 .PHONY: install-criu
 
+install-amdgpu_plugin: amdgpu_plugin
+	$(Q) $(MAKE) -C plugins/amdgpu install
+.PHONY: install-amdgpu_plugin
+
+install-cuda_plugin: cuda_plugin
+	$(Q) $(MAKE) -C plugins/cuda install
+.PHONY: install-cuda_plugin
+
 install-compel: $(compel-install-targets)
 	$(Q) $(MAKE) $(build)=compel install
 	$(Q) $(MAKE) $(build)=compel/plugins install
 .PHONY: install-compel
 
-install: install-man install-lib install-criu install-compel ;
+install: install-man install-lib install-crit install-criu install-compel install-amdgpu_plugin install-cuda_plugin ;
 .PHONY: install
 
 uninstall:
 	$(Q) $(MAKE) -C Documentation $@
 	$(Q) $(MAKE) $(build)=lib $@
+	$(Q) $(MAKE) $(build)=crit $@
 	$(Q) $(MAKE) $(build)=criu $@
 	$(Q) $(MAKE) $(build)=compel $@
 	$(Q) $(MAKE) $(build)=compel/plugins $@
+	$(Q) $(MAKE) -C plugins/amdgpu $@
+	$(Q) $(MAKE) -C plugins/cuda $@
 .PHONY: uninstall

Makefile.versions

@@ -1,10 +1,10 @@
 #
 # CRIU version.
-CRIU_VERSION_MAJOR	:= 3
-CRIU_VERSION_MINOR	:= 13
+CRIU_VERSION_MAJOR	:= 4
+CRIU_VERSION_MINOR	:= 2
 CRIU_VERSION_SUBLEVEL	:=
 CRIU_VERSION_EXTRA	:=
-CRIU_VERSION_NAME	:= Silicon Willet
+CRIU_VERSION_NAME	:= CRIUTIBILITY
 CRIU_VERSION		:= $(CRIU_VERSION_MAJOR)$(if $(CRIU_VERSION_MINOR),.$(CRIU_VERSION_MINOR))$(if $(CRIU_VERSION_SUBLEVEL),.$(CRIU_VERSION_SUBLEVEL))$(if $(CRIU_VERSION_EXTRA),.$(CRIU_VERSION_EXTRA))
 
 export CRIU_VERSION_MAJOR CRIU_VERSION_MINOR CRIU_VERSION_SUBLEVEL

README.md

@@ -1,22 +1,33 @@
-[![master](https://travis-ci.org/checkpoint-restore/criu.svg?branch=master)](https://travis-ci.org/checkpoint-restore/criu)
-[![development](https://travis-ci.org/checkpoint-restore/criu.svg?branch=criu-dev)](https://travis-ci.org/checkpoint-restore/criu)
-[![Codacy Badge](https://api.codacy.com/project/badge/Grade/55251ec7db28421da4481fc7c1cb0cee)](https://www.codacy.com/app/xemul/criu?utm_source=github.com&utm_medium=referral&utm_content=xemul/criu&utm_campaign=Badge_Grade)
-<p align="center"><img src="https://criu.org/w/images/1/1c/CRIU.svg" width="256px"/></p>
+[![X86_64 GCC Test](https://github.com/checkpoint-restore/criu/workflows/X86_64%20GCC%20Test/badge.svg)](
+    https://github.com/checkpoint-restore/criu/actions/workflows/x86-64-gcc-test.yml)
+[![Docker Test](https://github.com/checkpoint-restore/criu/actions/workflows/docker-test.yml/badge.svg)](
+    https://github.com/checkpoint-restore/criu/actions/workflows/docker-test.yml)
+[![Podman Test](https://github.com/checkpoint-restore/criu/actions/workflows/podman-test.yml/badge.svg)](
+    https://github.com/checkpoint-restore/criu/actions/workflows/podman-test.yml)
+[![CircleCI](https://circleci.com/gh/checkpoint-restore/criu.svg?style=svg)](
+    https://circleci.com/gh/checkpoint-restore/criu)
+
+<p align="center"><img src="Documentation/logo.svg" width="256px"/></p>
 
 ## CRIU -- A project to implement checkpoint/restore functionality for Linux
 
 CRIU (stands for Checkpoint and Restore in Userspace) is a utility to checkpoint/restore Linux tasks.
 
-Using this tool, you can freeze a running application (or part of it) and checkpoint 
+Using this tool, you can freeze a running application (or part of it) and checkpoint
 it to a hard drive as a collection of files. You can then use the files to restore and run the
 application from the point it was frozen at. The distinctive feature of the CRIU
 project is that it is mainly implemented in user space. There are some more projects
-doing C/R for Linux, and so far CRIU [appears to be](https://criu.org/Comparison_to_other_CR_projects) 
+doing C/R for Linux, and so far CRIU [appears to be](https://criu.org/Comparison_to_other_CR_projects)
 the most feature-rich and up-to-date with the kernel.
 
+CRIU project is (almost) the never-ending story, because we have to always keep up with the
+Linux kernel supporting checkpoint and restore for all the features it provides. Thus we're
+looking for contributors of all kinds -- feedback, bug reports, testing, coding, writing, etc.
+Please refer to [CONTRIBUTING.md](CONTRIBUTING.md) if you would like to get involved.
+
 The project [started](https://criu.org/History) as the way to do live migration for OpenVZ
-Linux containers, but later grew to more sophisticated and flexible tool. It is currently 
-used by (integrated into) OpenVZ, LXC/LXD, Docker, and other software, project gets tremendous 
+Linux containers, but later grew to more sophisticated and flexible tool. It is currently
+used by (integrated into) OpenVZ, LXC/LXD, Docker, and other software, project gets tremendous
 help from the community, and its packages are included into many Linux distributions.
 
 The project home is at http://criu.org. This wiki contains all the knowledge base for CRIU we have.
@@ -24,15 +35,15 @@ Pages worth starting with are:
 - [Installation instructions](http://criu.org/Installation)
 - [A simple example of usage](http://criu.org/Simple_loop)
 - [Examples of more advanced usage](https://criu.org/Category:HOWTO)
-- Troubleshooting can be hard, some help can be found [here](https://criu.org/When_C/R_fails), [here](https://criu.org/What_cannot_be_checkpointed) and [here](https://criu.org/FAQ)
+- Troubleshooting can be hard, some help can be found [here](https://criu.org/When_C/R_fails), [here](https://criu.org/What_cannot_be_checkpointed) and [here](https://criu.org/index.php?title=FAQ)
 
-### Checkpoint and restore of simple loop process 
-[<p align="center"><img src="https://asciinema.org/a/232445.png" width="572px" height="412px"/></p>](https://asciinema.org/a/232445)
+### Checkpoint and restore of simple loop process
+<p align="center"><a href="https://asciinema.org/a/232445"><img src="https://asciinema.org/a/232445.png" width="572px" height="412px"/></a></p>
 
 ## Advanced features
 
 As main usage for CRIU is live migration, there's a library for it called P.Haul. Also the
-project exposes two cool core features as standalone libraries. These are libcompel for parasite code 
+project exposes two cool core features as standalone libraries. These are libcompel for parasite code
 injection and libsoccr for TCP connections checkpoint-restore.
 
 ### Live migration
@@ -56,21 +67,9 @@ One of the CRIU features is the ability to save and restore state of a TCP socke
 without breaking the connection. This functionality is considered to be useful by
 itself, and we have it available as the [libsoccr library](https://criu.org/Libsoccr).
 
-## How to contribute
-
-CRIU project is (almost) the never-ending story, because we have to always keep up with the
-Linux kernel supporting checkpoint and restore for all the features it provides. Thus we're
-looking for contributors of all kinds -- feedback, bug reports, testing, coding, writing, etc.
-Here are some useful hints to get involved.
-
-* We have both -- [very simple](https://checkpoint-restore/criu/issues?q=is%3Aissue+is%3Aopen+label%3Aenhancement) and [more sophisticated](https://checkpoint-restore/criu/issues?q=is%3Aissue+is%3Aopen+label%3A%22new+feature%22) coding tasks;
-* CRIU does need [extensive testing](https://checkpoint-restore/criu/issues?q=is%3Aissue+is%3Aopen+label%3Atesting);
-* Documentation is always hard, we have [some information](https://criu.org/Category:Empty_articles) that is to be extracted from people's heads into wiki pages as well as [some texts](https://criu.org/Category:Editor_help_needed) that all need to be converted into useful articles;
-* Feedback is expected on the github issues page and on the [mailing list](https://lists.openvz.org/mailman/listinfo/criu);
-* For historical reasons we do not accept PRs, instead [patches are welcome](http://criu.org/How_to_submit_patches);
-* Spread the word about CRIU in [social networks](http://criu.org/Contacts);
-* If you're giving a talk about CRIU -- let us know, we'll mention it on the [wiki main page](https://criu.org/News/events);
-
 ## Licence
 
 The project is licensed under GPLv2 (though files sitting in the lib/ directory are LGPLv2.1).
+
+All files in the images/ directory are licensed under the Expat license (so-called MIT).
+See the images/LICENSE file.

compel/.gitignore

@@ -4,6 +4,9 @@ arch/arm/plugins/std/syscalls/syscalls.S
 arch/aarch64/plugins/std/syscalls/syscalls.S
 arch/s390/plugins/std/syscalls/syscalls.S
 arch/ppc64/plugins/std/syscalls/syscalls.S
+arch/mips/plugins/std/syscalls/syscalls-64.S
+arch/loongarch64/plugins/std/syscalls/syscalls-64.S
+arch/riscv64/plugins/std/syscalls/syscalls.S
 include/version.h
 plugins/include/uapi/std/asm/syscall-types.h
 plugins/include/uapi/std/syscall-64.h

compel/Makefile

@@ -28,8 +28,12 @@ lib-y			+= src/lib/infect-util.o
 lib-y			+= src/lib/infect.o
 lib-y			+= src/lib/ptrace.o
 
-# handle_elf() has no support of ELF relocations on ARM (yet?)
-ifneq ($(filter arm aarch64,$(ARCH)),)
+ifeq ($(ARCH),x86)
+lib-y			+= arch/$(ARCH)/src/lib/thread_area.o
+endif
+
+# handle_elf() has no support of ELF relocations on ARM and RISCV64 (yet?)
+ifneq ($(filter arm aarch64 loongarch64 riscv64,$(ARCH)),)
 CFLAGS			+= -DNO_RELOCS
 HOSTCFLAGS		+= -DNO_RELOCS
 endif

compel/arch/aarch64/plugins/include/asm/syscall-types.h

@@ -1,7 +1,7 @@
 #ifndef COMPEL_ARCH_SYSCALL_TYPES_H__
 #define COMPEL_ARCH_SYSCALL_TYPES_H__
 
-#define SA_RESTORER   0x04000000
+#define SA_RESTORER 0x04000000
 
 typedef void rt_signalfn_t(int, siginfo_t *, void *);
 typedef rt_signalfn_t *rt_sighandler_t;
@@ -9,20 +9,20 @@ typedef rt_signalfn_t *rt_sighandler_t;
 typedef void rt_restorefn_t(void);
 typedef rt_restorefn_t *rt_sigrestore_t;
 
-#define _KNSIG		64
-#define _NSIG_BPW	64
+#define _KNSIG	  64
+#define _NSIG_BPW 64
 
-#define _KNSIG_WORDS	(_KNSIG / _NSIG_BPW)
+#define _KNSIG_WORDS (_KNSIG / _NSIG_BPW)
 
 typedef struct {
 	unsigned long sig[_KNSIG_WORDS];
 } k_rtsigset_t;
 
 typedef struct {
-	rt_sighandler_t	rt_sa_handler;
-	unsigned long	rt_sa_flags;
-	rt_sigrestore_t	rt_sa_restorer;
-	k_rtsigset_t	rt_sa_mask;
+	rt_sighandler_t rt_sa_handler;
+	unsigned long rt_sa_flags;
+	rt_sigrestore_t rt_sa_restorer;
+	k_rtsigset_t rt_sa_mask;
 } rt_sigaction_t;
 
 #endif /* COMPEL_ARCH_SYSCALL_TYPES_H__ */

compel/arch/aarch64/plugins/std/parasite-head.S

@@ -2,19 +2,6 @@
 
 	.section .head.text, "ax"
 ENTRY(__export_parasite_head_start)
-	adr	x2, __export_parasite_head_start	// get the address of this instruction
-
-	ldr	x0, __export_parasite_cmd
-
-	ldr	x1, parasite_args_ptr
-	add	x1, x1, x2				// fixup __export_parasite_args
-
 	bl	parasite_service
 	brk	#0					// the instruction BRK #0 generates the signal SIGTRAP in Linux
-
-parasite_args_ptr:
-	.quad	__export_parasite_args
-
-__export_parasite_cmd:
-	.quad	0
 END(__export_parasite_head_start)

compel/arch/aarch64/plugins/std/syscalls/syscall-aux.h

@@ -1,3 +1,3 @@
 #ifndef __NR_openat
-# define __NR_openat 56
+#define __NR_openat 56
 #endif

compel/arch/aarch64/scripts/compel-pack.lds.S

@@ -29,8 +29,4 @@ SECTIONS
 		*(.eh_frame*)
 		*(*)
 	}
-
-/* Parasite args should have 4 bytes align, as we have futex inside. */
-. = ALIGN(4);
-__export_parasite_args = .;
 }

compel/arch/aarch64/src/lib/cpu.c

@@ -7,7 +7,7 @@
 
 #include "log.h"
 
-#undef	LOG_PREFIX
+#undef LOG_PREFIX
 #define LOG_PREFIX "cpu: "
 
 static compel_cpuinfo_t rt_info;
@@ -22,11 +22,24 @@ static void fetch_rt_cpuinfo(void)
 	}
 }
 
-void compel_set_cpu_cap(compel_cpuinfo_t *info, unsigned int feature) { }
-void compel_clear_cpu_cap(compel_cpuinfo_t *info, unsigned int feature) { }
-int compel_test_cpu_cap(compel_cpuinfo_t *info, unsigned int feature) { return 0; }
-int compel_test_fpu_cap(compel_cpuinfo_t *info, unsigned int feature) { return 0; }
-int compel_cpuid(compel_cpuinfo_t *info) { return 0; }
+void compel_set_cpu_cap(compel_cpuinfo_t *info, unsigned int feature)
+{
+}
+void compel_clear_cpu_cap(compel_cpuinfo_t *info, unsigned int feature)
+{
+}
+int compel_test_cpu_cap(compel_cpuinfo_t *info, unsigned int feature)
+{
+	return 0;
+}
+int compel_test_fpu_cap(compel_cpuinfo_t *info, unsigned int feature)
+{
+	return 0;
+}
+int compel_cpuid(compel_cpuinfo_t *info)
+{
+	return 0;
+}
 
 bool compel_cpu_has_feature(unsigned int feature)
 {

compel/arch/aarch64/src/lib/handle-elf.c

@@ -1,20 +1,17 @@
 #include <string.h>
-
-#include "uapi/compel.h"
+#include <errno.h>
 
 #include "handle-elf.h"
 #include "piegen.h"
 #include "log.h"
 
-static const unsigned char __maybe_unused
-elf_ident_64_le[EI_NIDENT] = {
-	0x7f, 0x45, 0x4c, 0x46, 0x02, 0x01, 0x01, 0x00,
+static const unsigned char __maybe_unused elf_ident_64_le[EI_NIDENT] = {
+	0x7f, 0x45, 0x4c, 0x46, 0x02, 0x01, 0x01, 0x00, /* clang-format */
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 };
 
-static const unsigned char __maybe_unused
-elf_ident_64_be[EI_NIDENT] = {
-	0x7f, 0x45, 0x4c, 0x46, 0x02, 0x02, 0x01, 0x00,
+static const unsigned char __maybe_unused elf_ident_64_be[EI_NIDENT] = {
+	0x7f, 0x45, 0x4c, 0x46, 0x02, 0x02, 0x01, 0x00, /* clang-format */
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 };
 

compel/arch/aarch64/src/lib/include/handle-elf.h

@@ -3,8 +3,8 @@
 
 #include "elf64-types.h"
 
-#define __handle_elf				handle_elf_aarch64
-#define arch_is_machine_supported(e_machine)   (e_machine == EM_AARCH64)
+#define __handle_elf			     handle_elf_aarch64
+#define arch_is_machine_supported(e_machine) (e_machine == EM_AARCH64)
 
 extern int handle_elf_aarch64(void *mem, size_t size);
 

compel/arch/aarch64/src/lib/include/syscall.h

@@ -1,4 +1,8 @@
 #ifndef __COMPEL_SYSCALL_H__
 #define __COMPEL_SYSCALL_H__
-#define __NR(syscall, compat)	__NR_##syscall
+#define __NR(syscall, compat)   \
+	({                      \
+		(void)compat;   \
+		__NR_##syscall; \
+	})
 #endif

compel/arch/aarch64/src/lib/include/uapi/asm/breakpoints.h

@@ -2,14 +2,41 @@
 #define __COMPEL_BREAKPOINTS_H__
 #define ARCH_SI_TRAP TRAP_BRKPT
 
-static inline int ptrace_set_breakpoint(pid_t pid, void *addr)
-{
-	return 0;
-}
+#include <sys/types.h>
+#include <stdbool.h>
 
-static inline int ptrace_flush_breakpoints(pid_t pid)
-{
-	return 0;
-}
+struct hwbp_cap {
+	char arch;
+	char bp_count;
+};
+
+/* copied from `linux/arch/arm64/include/asm/hw_breakpoint.h` */
+/* Lengths */
+#define ARM_BREAKPOINT_LEN_1 0x1
+#define ARM_BREAKPOINT_LEN_2 0x3
+#define ARM_BREAKPOINT_LEN_3 0x7
+#define ARM_BREAKPOINT_LEN_4 0xf
+#define ARM_BREAKPOINT_LEN_5 0x1f
+#define ARM_BREAKPOINT_LEN_6 0x3f
+#define ARM_BREAKPOINT_LEN_7 0x7f
+#define ARM_BREAKPOINT_LEN_8 0xff
+
+/* Privilege Levels */
+#define AARCH64_BREAKPOINT_EL1 1
+#define AARCH64_BREAKPOINT_EL0 2
+
+/* Breakpoint */
+#define ARM_BREAKPOINT_EXECUTE 0
+
+/* Watchpoints */
+#define ARM_BREAKPOINT_LOAD	1
+#define ARM_BREAKPOINT_STORE	2
+#define AARCH64_ESR_ACCESS_MASK (1 << 6)
+
+#define DISABLE_HBP 0
+#define ENABLE_HBP  1
+
+int ptrace_set_breakpoint(pid_t pid, void *addr);
+int ptrace_flush_breakpoints(pid_t pid);
 
 #endif

compel/arch/aarch64/src/lib/include/uapi/asm/cpu.h

@@ -1,6 +1,7 @@
 #ifndef UAPI_COMPEL_ASM_CPU_H__
 #define UAPI_COMPEL_ASM_CPU_H__
 
-typedef struct { } compel_cpuinfo_t;
+typedef struct {
+} compel_cpuinfo_t;
 
 #endif /* UAPI_COMPEL_ASM_CPU_H__ */

compel/arch/aarch64/src/lib/include/uapi/asm/gcs-types.h

@@ -0,0 +1,47 @@
+#ifndef __UAPI_ASM_GCS_TYPES_H__
+#define __UAPI_ASM_GCS_TYPES_H__
+
+#ifndef NT_ARM_GCS
+#define NT_ARM_GCS 0x410 /* ARM GCS state */
+#endif
+
+/* Shadow Stack/Guarded Control Stack interface */
+#define PR_GET_SHADOW_STACK_STATUS	74
+#define PR_SET_SHADOW_STACK_STATUS	75
+#define PR_LOCK_SHADOW_STACK_STATUS	76
+
+/* When set PR_SHADOW_STACK_ENABLE flag allocates a Guarded Control Stack */
+#ifndef PR_SHADOW_STACK_ENABLE
+#define PR_SHADOW_STACK_ENABLE		(1UL << 0)
+#endif
+
+/* Allows explicit GCS stores (eg. using GCSSTR) */
+#ifndef PR_SHADOW_STACK_WRITE
+#define PR_SHADOW_STACK_WRITE		(1UL << 1)
+#endif
+
+/* Allows explicit GCS pushes (eg. using GCSPUSHM) */
+#ifndef PR_SHADOW_STACK_PUSH
+#define PR_SHADOW_STACK_PUSH		(1UL << 2)
+#endif
+
+#ifndef SHADOW_STACK_SET_TOKEN
+#define SHADOW_STACK_SET_TOKEN 0x1     /* Set up a restore token in the shadow stack */
+#endif
+
+#define PR_SHADOW_STACK_ALL_MODES \
+	PR_SHADOW_STACK_ENABLE | PR_SHADOW_STACK_WRITE | PR_SHADOW_STACK_PUSH
+
+/* copied from: arch/arm64/include/asm/sysreg.h */
+#define GCS_CAP_VALID_TOKEN 0x1
+#define GCS_CAP_ADDR_MASK 0xFFFFFFFFFFFFF000ULL
+#define GCS_CAP(x) ((((unsigned long)x) & GCS_CAP_ADDR_MASK) | GCS_CAP_VALID_TOKEN)
+#define GCS_SIGNAL_CAP(addr) (((unsigned long)addr) & GCS_CAP_ADDR_MASK)
+
+#include <asm/hwcap.h>
+
+#ifndef HWCAP_GCS
+#define HWCAP_GCS (1UL << 32)
+#endif
+
+#endif /* __UAPI_ASM_GCS_TYPES_H__ */

compel/arch/aarch64/src/lib/include/uapi/asm/infect-types.h

@@ -2,12 +2,13 @@
 #define UAPI_COMPEL_ASM_TYPES_H__
 
 #include <stdint.h>
+#include <stdbool.h>
 #include <signal.h>
 #include <sys/mman.h>
 #include <asm/ptrace.h>
 
-#define SIGMAX			64
-#define SIGMAX_OLD		31
+#define SIGMAX	   64
+#define SIGMAX_OLD 31
 
 /*
  * Copied from the Linux kernel header arch/arm64/include/uapi/asm/ptrace.h
@@ -15,18 +16,53 @@
  * A thread ARM CPU context
  */
 
-typedef struct user_pt_regs		user_regs_struct_t;
-typedef struct user_fpsimd_state	user_fpregs_struct_t;
+typedef struct user_pt_regs user_regs_struct_t;
 
-#define REG_RES(r)			((uint64_t)(r).regs[0])
-#define REG_IP(r)			((uint64_t)(r).pc)
-#define REG_SP(r)			((uint64_t)((r).sp))
-#define REG_SYSCALL_NR(r)		((uint64_t)(r).regs[8])
+/*
+ * GCS (Guarded Control Stack)
+ *
+ * This mirrors the kernel definition but renamed to cr_user_gcs
+ * to avoid conflict with kernel headers (/usr/include/asm/ptrace.h).
+ */
+struct cr_user_gcs {
+	__u64 features_enabled;
+	__u64 features_locked;
+	__u64 gcspr_el0;
+};
 
-#define user_regs_native(pregs)			true
+struct user_fpregs_struct {
+	struct user_fpsimd_state fpstate;
+	struct cr_user_gcs gcs;
+};
+typedef struct user_fpregs_struct user_fpregs_struct_t;
 
-#define ARCH_SI_TRAP		TRAP_BRKPT
+#define __compel_arch_fetch_thread_area(tid, th) 0
+#define compel_arch_fetch_thread_area(tctl)	 0
+#define compel_arch_get_tls_task(ctl, tls)
+#define compel_arch_get_tls_thread(tctl, tls)
 
-#define __NR(syscall, compat)	__NR_##syscall
+#define REG_RES(r)	   ((uint64_t)(r).regs[0])
+#define REG_IP(r)	   ((uint64_t)(r).pc)
+#define SET_REG_IP(r, val) ((r).pc = (val))
+#define REG_SP(r)	   ((uint64_t)((r).sp))
+#define REG_SYSCALL_NR(r)  ((uint64_t)(r).regs[8])
+
+#define user_regs_native(pregs) true
+
+#define ARCH_SI_TRAP TRAP_BRKPT
+
+#define __NR(syscall, compat)   \
+	({                      \
+		(void)compat;   \
+		__NR_##syscall; \
+	})
+
+extern bool __compel_host_supports_gcs(void);
+#define compel_host_supports_gcs __compel_host_supports_gcs
+
+struct parasite_ctl;
+extern int __parasite_setup_shstk(struct parasite_ctl *ctl,
+				  user_fpregs_struct_t *ext_regs);
+#define parasite_setup_shstk __parasite_setup_shstk
 
 #endif /* UAPI_COMPEL_ASM_TYPES_H__ */

compel/arch/aarch64/src/lib/include/uapi/asm/sigframe.h

@@ -1,37 +1,48 @@
 #ifndef UAPI_COMPEL_ASM_SIGFRAME_H__
 #define UAPI_COMPEL_ASM_SIGFRAME_H__
 
-#include <asm/sigcontext.h>
+#include <signal.h>
 #include <sys/ucontext.h>
 
 #include <stdint.h>
+#include <asm/types.h>
 
 /* Copied from the kernel header arch/arm64/include/uapi/asm/sigcontext.h */
 
-#define FPSIMD_MAGIC			0x46508001
+#define FPSIMD_MAGIC 0x46508001
+#define GCS_MAGIC    0x47435300
 
-typedef struct fpsimd_context		fpu_state_t;
+typedef struct fpsimd_context fpu_state_t;
 
-struct aux_context {
-	struct fpsimd_context		fpsimd;
-	/* additional context to be added before "end" */
-	struct _aarch64_ctx		end;
+struct gcs_context {
+	struct _aarch64_ctx head;
+	__u64 gcspr;
+	__u64 features_enabled;
+	__u64 reserved;
 };
 
-// XXX: the idetifier rt_sigcontext is expected to be struct by the CRIU code
-#define rt_sigcontext			sigcontext
+struct aux_context {
+	struct fpsimd_context fpsimd;
+	struct gcs_context gcs;
+	/* additional context to be added before "end" */
+	struct _aarch64_ctx end;
+};
+
+// XXX: the identifier rt_sigcontext is expected to be struct by the CRIU code
+#define rt_sigcontext sigcontext
 
 #include <compel/sigframe-common.h>
 
 /* Copied from the kernel source arch/arm64/kernel/signal.c */
 
 struct rt_sigframe {
-	siginfo_t			info;
-	ucontext_t			uc;
-	uint64_t			fp;
-	uint64_t			lr;
+	siginfo_t info;
+	ucontext_t uc;
+	uint64_t fp;
+	uint64_t lr;
 };
 
+/* clang-format off */
 #define ARCH_RT_SIGRETURN(new_sp, rt_sigframe)					\
 	asm volatile(								\
 			"mov sp, %0					\n"	\
@@ -40,30 +51,30 @@ struct rt_sigframe {
 			:							\
 			: "r"(new_sp)						\
 			: "x8", "memory")
+/* clang-format on */
 
 /* cr_sigcontext is copied from arch/arm64/include/uapi/asm/sigcontext.h */
 struct cr_sigcontext {
-        __u64 fault_address;
-        /* AArch64 registers */
-        __u64 regs[31];
-        __u64 sp;
-        __u64 pc;
-        __u64 pstate;
-        /* 4K reserved for FP/SIMD state and future expansion */
-        __u8 __reserved[4096] __attribute__((__aligned__(16)));
+	__u64 fault_address;
+	/* AArch64 registers */
+	__u64 regs[31];
+	__u64 sp;
+	__u64 pc;
+	__u64 pstate;
+	/* 4K reserved for FP/SIMD state and future expansion */
+	__u8 __reserved[4096] __attribute__((__aligned__(16)));
 };
 
-#define RT_SIGFRAME_UC(rt_sigframe)		(&rt_sigframe->uc)
-#define RT_SIGFRAME_REGIP(rt_sigframe)		((long unsigned int)(rt_sigframe)->uc.uc_mcontext.pc)
-#define RT_SIGFRAME_HAS_FPU(rt_sigframe)	(1)
-#define RT_SIGFRAME_SIGCONTEXT(rt_sigframe)	((struct cr_sigcontext *)&(rt_sigframe)->uc.uc_mcontext)
-#define RT_SIGFRAME_AUX_CONTEXT(rt_sigframe)	((struct aux_context*)&(RT_SIGFRAME_SIGCONTEXT(rt_sigframe)->__reserved))
-#define RT_SIGFRAME_FPU(rt_sigframe)		(&RT_SIGFRAME_AUX_CONTEXT(rt_sigframe)->fpsimd)
-#define RT_SIGFRAME_OFFSET(rt_sigframe)		0
+#define RT_SIGFRAME_UC(rt_sigframe)	     (&rt_sigframe->uc)
+#define RT_SIGFRAME_REGIP(rt_sigframe)	     ((long unsigned int)(rt_sigframe)->uc.uc_mcontext.pc)
+#define RT_SIGFRAME_HAS_FPU(rt_sigframe)     (1)
+#define RT_SIGFRAME_SIGCONTEXT(rt_sigframe)  ((struct cr_sigcontext *)&(rt_sigframe)->uc.uc_mcontext)
+#define RT_SIGFRAME_AUX_CONTEXT(rt_sigframe) ((struct aux_context *)&(RT_SIGFRAME_SIGCONTEXT(rt_sigframe)->__reserved))
+#define RT_SIGFRAME_FPU(rt_sigframe)	     (&RT_SIGFRAME_AUX_CONTEXT(rt_sigframe)->fpsimd)
+#define RT_SIGFRAME_OFFSET(rt_sigframe)	     0
+#define RT_SIGFRAME_GCS(rt_sigframe)	     (&RT_SIGFRAME_AUX_CONTEXT(rt_sigframe)->gcs)
 
-#define rt_sigframe_erase_sigset(sigframe)				\
-	memset(&sigframe->uc.uc_sigmask, 0, sizeof(k_rtsigset_t))
-#define rt_sigframe_copy_sigset(sigframe, from)				\
-	memcpy(&sigframe->uc.uc_sigmask, from, sizeof(k_rtsigset_t))
+#define rt_sigframe_erase_sigset(sigframe)	memset(&sigframe->uc.uc_sigmask, 0, sizeof(k_rtsigset_t))
+#define rt_sigframe_copy_sigset(sigframe, from) memcpy(&sigframe->uc.uc_sigmask, from, sizeof(k_rtsigset_t))
 
 #endif /* UAPI_COMPEL_ASM_SIGFRAME_H__ */

compel/arch/aarch64/src/lib/infect.c

@@ -2,7 +2,9 @@
 #include <sys/ptrace.h>
 #include <sys/types.h>
 #include <sys/uio.h>
-#include <linux/elf.h>
+#include <sys/auxv.h>
+#include <asm/ptrace.h>
+
 #include <compel/plugins/std/syscall-codes.h>
 #include "common/page.h"
 #include "uapi/compel/asm/infect-types.h"
@@ -10,6 +12,9 @@
 #include "errno.h"
 #include "infect.h"
 #include "infect-priv.h"
+#include "asm/breakpoints.h"
+#include "asm/gcs-types.h"
+#include <linux/prctl.h>
 
 unsigned __page_size = 0;
 unsigned __page_shift = 0;
@@ -18,12 +23,11 @@ unsigned __page_shift = 0;
  * Injected syscall instruction
  */
 const char code_syscall[] = {
-	0x01, 0x00, 0x00, 0xd4,		/* SVC #0 */
-	0x00, 0x00, 0x20, 0xd4		/* BRK #0 */
+	0x01, 0x00, 0x00, 0xd4, /* SVC #0 */
+	0x00, 0x00, 0x20, 0xd4	/* BRK #0 */
 };
 
-static const int
-code_syscall_aligned = round_up(sizeof(code_syscall), sizeof(long));
+static const int code_syscall_aligned = round_up(sizeof(code_syscall), sizeof(long));
 
 static inline void __always_unused __check_code_syscall(void)
 {
@@ -31,40 +35,66 @@ static inline void __always_unused __check_code_syscall(void)
 	BUILD_BUG_ON(!is_log2(sizeof(code_syscall)));
 }
 
-int sigreturn_prep_regs_plain(struct rt_sigframe *sigframe,
-			      user_regs_struct_t *regs,
-			      user_fpregs_struct_t *fpregs)
+bool __compel_host_supports_gcs(void)
+{
+	unsigned long hwcap = getauxval(AT_HWCAP);
+	return (hwcap & HWCAP_GCS) != 0;
+}
+
+static bool __compel_gcs_enabled(struct cr_user_gcs *gcs)
+{
+	if (!compel_host_supports_gcs())
+		return false;
+
+	return gcs && (gcs->features_enabled & PR_SHADOW_STACK_ENABLE) != 0;
+}
+
+int sigreturn_prep_regs_plain(struct rt_sigframe *sigframe, user_regs_struct_t *regs, user_fpregs_struct_t *fpregs)
 {
 	struct fpsimd_context *fpsimd = RT_SIGFRAME_FPU(sigframe);
+	struct gcs_context *gcs = RT_SIGFRAME_GCS(sigframe);
 
 	memcpy(sigframe->uc.uc_mcontext.regs, regs->regs, sizeof(regs->regs));
 
-	sigframe->uc.uc_mcontext.sp	= regs->sp;
-	sigframe->uc.uc_mcontext.pc	= regs->pc;
-	sigframe->uc.uc_mcontext.pstate	= regs->pstate;
+	pr_debug("sigreturn_prep_regs_plain: sp %lx pc %lx\n", (long)regs->sp, (long)regs->pc);
 
-	memcpy(fpsimd->vregs, fpregs->vregs, 32 * sizeof(__uint128_t));
+	sigframe->uc.uc_mcontext.sp = regs->sp;
+	sigframe->uc.uc_mcontext.pc = regs->pc;
+	sigframe->uc.uc_mcontext.pstate = regs->pstate;
 
-	fpsimd->fpsr = fpregs->fpsr;
-	fpsimd->fpcr = fpregs->fpcr;
+	memcpy(fpsimd->vregs, fpregs->fpstate.vregs, 32 * sizeof(__uint128_t));
+
+	fpsimd->fpsr = fpregs->fpstate.fpsr;
+	fpsimd->fpcr = fpregs->fpstate.fpcr;
 
 	fpsimd->head.magic = FPSIMD_MAGIC;
 	fpsimd->head.size = sizeof(*fpsimd);
 
+	if (__compel_gcs_enabled(&fpregs->gcs)) {
+		gcs->head.magic = GCS_MAGIC;
+		gcs->head.size = sizeof(*gcs);
+		gcs->reserved = 0;
+		gcs->gcspr = fpregs->gcs.gcspr_el0 - 8;
+		gcs->features_enabled = fpregs->gcs.features_enabled;
+
+		pr_debug("sigframe gcspr=%llx features_enabled=%llx\n", fpregs->gcs.gcspr_el0 - 8, fpregs->gcs.features_enabled);
+	} else {
+		pr_debug("sigframe gcspr=[disabled]\n");
+		memset(gcs, 0, sizeof(*gcs));
+	}
+
 	return 0;
 }
 
-int sigreturn_prep_fpu_frame_plain(struct rt_sigframe *sigframe,
-				   struct rt_sigframe *rsigframe)
+int sigreturn_prep_fpu_frame_plain(struct rt_sigframe *sigframe, struct rt_sigframe *rsigframe)
 {
 	return 0;
 }
 
-int get_task_regs(pid_t pid, user_regs_struct_t *regs, save_regs_t save,
-		  void *arg, __maybe_unused unsigned long flags)
+int compel_get_task_regs(pid_t pid, user_regs_struct_t *regs, user_fpregs_struct_t *ext_regs, save_regs_t save,
+			 void *arg, __maybe_unused unsigned long flags)
 {
 	struct iovec iov;
-	user_fpregs_struct_t fpsimd;
 	int ret;
 
 	pr_info("Dumping GP/FPU registers for %d\n", pid);
@@ -76,25 +106,79 @@ int get_task_regs(pid_t pid, user_regs_struct_t *regs, save_regs_t save,
 		goto err;
 	}
 
-	iov.iov_base = &fpsimd;
-	iov.iov_len = sizeof(fpsimd);
+	iov.iov_base = &ext_regs->fpstate;
+	iov.iov_len = sizeof(ext_regs->fpstate);
 	if ((ret = ptrace(PTRACE_GETREGSET, pid, NT_PRFPREG, &iov))) {
 		pr_perror("Failed to obtain FPU registers for %d", pid);
 		goto err;
 	}
 
-	ret = save(arg, regs, &fpsimd);
+	memset(&ext_regs->gcs, 0, sizeof(ext_regs->gcs));
+
+	iov.iov_base = &ext_regs->gcs;
+	iov.iov_len = sizeof(ext_regs->gcs);
+	if (ptrace(PTRACE_GETREGSET, pid, NT_ARM_GCS, &iov) == 0) {
+		pr_info("gcs: GCSPR_EL0 for %d: 0x%llx, features: 0x%llx\n",
+			pid, ext_regs->gcs.gcspr_el0, ext_regs->gcs.features_enabled);
+
+		if (!__compel_gcs_enabled(&ext_regs->gcs))
+			pr_info("gcs: GCS is NOT enabled\n");
+	} else {
+		pr_info("gcs: GCS state not available for %d\n", pid);
+	}
+
+	ret = save(pid, arg, regs, ext_regs);
 err:
 	return ret;
 }
 
-int compel_syscall(struct parasite_ctl *ctl, int nr, long *ret,
-					unsigned long arg1,
-					unsigned long arg2,
-					unsigned long arg3,
-					unsigned long arg4,
-					unsigned long arg5,
-					unsigned long arg6)
+int compel_set_task_ext_regs(pid_t pid, user_fpregs_struct_t *ext_regs)
+{
+	struct iovec iov;
+
+	struct cr_user_gcs gcs;
+	struct iovec gcs_iov = { .iov_base = &gcs, .iov_len = sizeof(gcs) };
+
+	pr_info("Restoring GP/FPU registers for %d\n", pid);
+
+	iov.iov_base = &ext_regs->fpstate;
+	iov.iov_len = sizeof(ext_regs->fpstate);
+	if (ptrace(PTRACE_SETREGSET, pid, NT_PRFPREG, &iov)) {
+		pr_perror("Failed to set FPU registers for %d", pid);
+		return -1;
+	}
+
+	if (ptrace(PTRACE_GETREGSET, pid, NT_ARM_GCS, &gcs_iov) < 0) {
+		pr_warn("gcs: Failed to get GCS for %d\n", pid);
+	} else {
+		ext_regs->gcs = gcs;
+		compel_set_task_gcs_regs(pid, ext_regs);
+	}
+
+	return 0;
+}
+
+int compel_set_task_gcs_regs(pid_t pid, user_fpregs_struct_t *ext_regs)
+{
+	struct iovec iov;
+
+	pr_info("gcs: restoring GCS registers for %d\n", pid);
+	pr_info("gcs: restoring GCS: gcspr=%llx features=%llx\n",
+		ext_regs->gcs.gcspr_el0, ext_regs->gcs.features_enabled);
+
+	iov.iov_base = &ext_regs->gcs;
+	iov.iov_len = sizeof(ext_regs->gcs);
+
+	if (ptrace(PTRACE_SETREGSET, pid, NT_ARM_GCS, &iov)) {
+		pr_perror("gcs: Failed to set GCS registers for %d", pid);
+		return -1;
+	}
+
+	return 0;
+}
+
+int compel_syscall(struct parasite_ctl *ctl, int nr, long *ret, unsigned long arg1, unsigned long arg2,
+		   unsigned long arg3, unsigned long arg4, unsigned long arg5, unsigned long arg6)
 {
 	user_regs_struct_t regs = ctl->orig.regs;
 	int err;
@@ -115,15 +199,12 @@ int compel_syscall(struct parasite_ctl *ctl, int nr, long *ret,
 	return err;
 }
 
-void *remote_mmap(struct parasite_ctl *ctl,
-		void *addr, size_t length, int prot,
-		int flags, int fd, off_t offset)
+void *remote_mmap(struct parasite_ctl *ctl, void *addr, size_t length, int prot, int flags, int fd, off_t offset)
 {
 	long map;
 	int err;
 
-	err = compel_syscall(ctl, __NR_mmap, &map,
-			(unsigned long)addr, length, prot, flags, fd, offset);
+	err = compel_syscall(ctl, __NR_mmap, &map, (unsigned long)addr, length, prot, flags, fd, offset);
 	if (err < 0 || (long)map < 0)
 		map = 0;
 
@@ -150,9 +231,7 @@ int arch_fetch_sas(struct parasite_ctl *ctl, struct rt_sigframe *s)
 	long ret;
 	int err;
 
-	err = compel_syscall(ctl, __NR_sigaltstack,
-			     &ret, 0, (unsigned long)&s->uc.uc_stack,
-			     0, 0, 0, 0);
+	err = compel_syscall(ctl, __NR_sigaltstack, &ret, 0, (unsigned long)&s->uc.uc_stack, 0, 0, 0, 0);
 	return err ? err : ret;
 }
 
@@ -176,3 +255,175 @@ unsigned long compel_task_size(void)
 	return task_size;
 }
 
+static struct hwbp_cap *ptrace_get_hwbp_cap(pid_t pid)
+{
+	static struct hwbp_cap info;
+	static int available = -1;
+
+	if (available == -1) {
+		unsigned int val;
+		struct iovec iovec = {
+			.iov_base = &val,
+			.iov_len = sizeof(val),
+		};
+
+		if (ptrace(PTRACE_GETREGSET, pid, NT_ARM_HW_BREAK, &iovec) < 0)
+			available = 0;
+		else {
+			info.arch = (char)((val >> 8) & 0xff);
+			info.bp_count = (char)(val & 0xff);
+
+			available = (info.arch != 0);
+		}
+	}
+
+	return available == 1 ? &info : NULL;
+}
+
+int ptrace_set_breakpoint(pid_t pid, void *addr)
+{
+	k_rtsigset_t block;
+	struct hwbp_cap *info = ptrace_get_hwbp_cap(pid);
+	struct user_hwdebug_state regs = {};
+	unsigned int ctrl = 0;
+	struct iovec iovec;
+
+	if (info == NULL || info->bp_count == 0)
+		return 0;
+
+	/*
+	 * The struct is copied from `arch/arm64/include/asm/hw_breakpoint.h` in
+	 * linux kernel:
+	 *  struct arch_hw_breakpoint_ctrl {
+	 *  	__u32 __reserved        : 19,
+	 *  	len             : 8,
+	 *  	type            : 2,
+	 *  	privilege       : 2,
+	 *  	enabled         : 1;
+	 *  };
+	 *
+	 * The part of `struct arch_hw_breakpoint_ctrl` bits meaning is defined
+	 * in <<ARM Architecture Reference Manual for A-profile architecture>>,
+	 * D13.3.2 DBGBCR<n>_EL1, Debug Breakpoint Control Registers.
+	 */
+	ctrl = ARM_BREAKPOINT_LEN_4;
+	ctrl = (ctrl << 2) | ARM_BREAKPOINT_EXECUTE;
+	ctrl = (ctrl << 2) | AARCH64_BREAKPOINT_EL0;
+	ctrl = (ctrl << 1) | ENABLE_HBP;
+	regs.dbg_regs[0].addr = (__u64)addr;
+	regs.dbg_regs[0].ctrl = ctrl;
+	iovec.iov_base = &regs;
+	iovec.iov_len = (offsetof(struct user_hwdebug_state, dbg_regs) + sizeof(regs.dbg_regs[0]));
+
+	if (ptrace(PTRACE_SETREGSET, pid, NT_ARM_HW_BREAK, &iovec))
+		return -1;
+
+	/*
+	 * FIXME(issues/1429): SIGTRAP can't be blocked, otherwise its handler
+	 * will be reset to the default one.
+	 */
+	ksigfillset(&block);
+	ksigdelset(&block, SIGTRAP);
+	if (ptrace(PTRACE_SETSIGMASK, pid, sizeof(k_rtsigset_t), &block)) {
+		pr_perror("Can't block signals for %d", pid);
+		return -1;
+	}
+
+	if (ptrace(PTRACE_CONT, pid, NULL, NULL) != 0) {
+		pr_perror("Unable to restart the  stopped tracee process %d", pid);
+		return -1;
+	}
+
+	return 1;
+}
+
+int ptrace_flush_breakpoints(pid_t pid)
+{
+	struct hwbp_cap *info = ptrace_get_hwbp_cap(pid);
+	struct user_hwdebug_state regs = {};
+	unsigned int ctrl = 0;
+	struct iovec iovec;
+
+	if (info == NULL || info->bp_count == 0)
+		return 0;
+
+	ctrl = ARM_BREAKPOINT_LEN_4;
+	ctrl = (ctrl << 2) | ARM_BREAKPOINT_EXECUTE;
+	ctrl = (ctrl << 2) | AARCH64_BREAKPOINT_EL0;
+	ctrl = (ctrl << 1) | DISABLE_HBP;
+	regs.dbg_regs[0].addr = 0ul;
+	regs.dbg_regs[0].ctrl = ctrl;
+
+	iovec.iov_base = &regs;
+	iovec.iov_len = (offsetof(struct user_hwdebug_state, dbg_regs) + sizeof(regs.dbg_regs[0]));
+
+	if (ptrace(PTRACE_SETREGSET, pid, NT_ARM_HW_BREAK, &iovec))
+		return -1;
+
+	return 0;
+}
+
+int inject_gcs_cap_token(struct parasite_ctl *ctl, pid_t pid, struct cr_user_gcs *gcs)
+{
+	struct iovec gcs_iov = { .iov_base = gcs, .iov_len = sizeof(*gcs) };
+
+	uint64_t token_addr = gcs->gcspr_el0 - 8;
+	uint64_t sigtramp_addr = gcs->gcspr_el0 - 16;
+
+	uint64_t cap_token = ALIGN_DOWN(GCS_SIGNAL_CAP(token_addr), 8);
+	unsigned long restorer_addr;
+
+	pr_info("gcs: (setup) CAP token: 0x%lx at addr: 0x%lx\n", cap_token, token_addr);
+
+	/* Inject capability token at gcspr_el0 - 8 */
+	if (ptrace(PTRACE_POKEDATA, pid, (void *)token_addr, cap_token)) {
+		pr_perror("gcs: (setup) Inject GCS cap token failed");
+		return -1;
+	}
+
+	/* Inject restorer trampoline address (gcspr_el0 - 16) */
+	restorer_addr = ctl->parasite_ip;
+	if (ptrace(PTRACE_POKEDATA, pid, (void *)sigtramp_addr, restorer_addr)) {
+		pr_perror("gcs: (setup) Inject GCS restorer failed");
+		return -1;
+	}
+
+	/* Update GCSPR_EL0 */
+	gcs->gcspr_el0 = token_addr;
+	if (ptrace(PTRACE_SETREGSET, pid, NT_ARM_GCS, &gcs_iov)) {
+		pr_perror("gcs: PTRACE_SETREGS FAILED");
+		return -1;
+	}
+
+	pr_debug("gcs: parasite_ip=%#lx sp=%#llx gcspr_el0=%#llx\n",
+		 ctl->parasite_ip, ctl->orig.regs.sp, gcs->gcspr_el0);
+
+	return 0;
+}
+
+int parasite_setup_shstk(struct parasite_ctl *ctl, user_fpregs_struct_t *ext_regs)
+{
+	struct cr_user_gcs gcs;
+	struct iovec gcs_iov = { .iov_base = &gcs, .iov_len = sizeof(gcs) };
+	pid_t pid = ctl->rpid;
+
+	if(!__compel_host_supports_gcs())
+		return 0;
+
+	if (ptrace(PTRACE_GETREGSET, pid, NT_ARM_GCS, &gcs_iov) != 0) {
+		pr_perror("GCS state not available for %d", pid);
+		return -1;
+	}
+
+	if (!__compel_gcs_enabled(&gcs))
+		return 0;
+
+	if (inject_gcs_cap_token(ctl, pid, &gcs)) {
+		pr_perror("Failed to inject GCS cap token for %d", pid);
+		return -1;
+	}
+
+	pr_info("gcs: GCS enabled for %d\n", pid);
+
+	return 0;
+}

compel/arch/arm/plugins/include/asm/syscall-types.h

@@ -1,7 +1,7 @@
 #ifndef COMPEL_ARCH_SYSCALL_TYPES_H__
 #define COMPEL_ARCH_SYSCALL_TYPES_H__
 
-#define SA_RESTORER   0x04000000
+#define SA_RESTORER 0x04000000
 
 typedef void rt_signalfn_t(int, siginfo_t *, void *);
 typedef rt_signalfn_t *rt_sighandler_t;
@@ -9,20 +9,20 @@ typedef rt_signalfn_t *rt_sighandler_t;
 typedef void rt_restorefn_t(void);
 typedef rt_restorefn_t *rt_sigrestore_t;
 
-#define _KNSIG		64
-#define _NSIG_BPW	32
+#define _KNSIG	  64
+#define _NSIG_BPW 32
 
-#define _KNSIG_WORDS	(_KNSIG / _NSIG_BPW)
+#define _KNSIG_WORDS (_KNSIG / _NSIG_BPW)
 
 typedef struct {
 	unsigned long sig[_KNSIG_WORDS];
 } k_rtsigset_t;
 
 typedef struct {
-	rt_sighandler_t	rt_sa_handler;
-	unsigned long	rt_sa_flags;
-	rt_sigrestore_t	rt_sa_restorer;
-	k_rtsigset_t	rt_sa_mask;
+	rt_sighandler_t rt_sa_handler;
+	unsigned long rt_sa_flags;
+	rt_sigrestore_t rt_sa_restorer;
+	k_rtsigset_t rt_sa_mask;
 } rt_sigaction_t;
 
 #endif /* COMPEL_ARCH_SYSCALL_TYPES_H__ */

compel/arch/arm/plugins/std/parasite-head.S

@@ -2,21 +2,7 @@
 
 	.section .head.text, "ax"
 ENTRY(__export_parasite_head_start)
-	sub	r2, pc, #8			@ get the address of this instruction
-
-	adr     r0, __export_parasite_cmd
-	ldr	r0, [r0]
-
-	adr     r1, parasite_args_ptr
-	ldr	r1, [r1]
-	add	r1, r1, r2			@ fixup __export_parasite_args
-
 	bl	parasite_service
 	.byte   0xf0, 0x01, 0xf0, 0xe7		@ the instruction UDF #32 generates the signal SIGTRAP in Linux
 
-parasite_args_ptr:
-	.long __export_parasite_args
-
-__export_parasite_cmd:
-	.long 0
 END(__export_parasite_head_start)

compel/arch/arm/plugins/std/syscalls/syscall-aux.h

@@ -1,27 +1,27 @@
 #ifndef __NR_mmap2
-# define __NR_mmap2 192
+#define __NR_mmap2 192
 #endif
 
 #ifndef __ARM_NR_BASE
-# define __ARM_NR_BASE			0x0f0000
+#define __ARM_NR_BASE 0x0f0000
 #endif
 
 #ifndef __ARM_NR_breakpoint
-# define __ARM_NR_breakpoint		(__ARM_NR_BASE+1)
+#define __ARM_NR_breakpoint (__ARM_NR_BASE + 1)
 #endif
 
 #ifndef __ARM_NR_cacheflush
-# define __ARM_NR_cacheflush		(__ARM_NR_BASE+2)
+#define __ARM_NR_cacheflush (__ARM_NR_BASE + 2)
 #endif
 
 #ifndef __ARM_NR_usr26
-# define __ARM_NR_usr26			(__ARM_NR_BASE+3)
+#define __ARM_NR_usr26 (__ARM_NR_BASE + 3)
 #endif
 
 #ifndef __ARM_NR_usr32
-# define __ARM_NR_usr32			(__ARM_NR_BASE+4)
+#define __ARM_NR_usr32 (__ARM_NR_BASE + 4)
 #endif
 
 #ifndef __ARM_NR_set_tls
-# define __ARM_NR_set_tls		(__ARM_NR_BASE+5)
+#define __ARM_NR_set_tls (__ARM_NR_BASE + 5)
 #endif

compel/arch/arm/plugins/std/syscalls/syscall.def

@@ -39,7 +39,7 @@ recvfrom			207	292	(int sockfd, void *ubuf, size_t size, unsigned int flags, str
 sendmsg				211	296	(int sockfd, const struct msghdr *msg, int flags)
 recvmsg				212	297	(int sockfd, struct msghdr *msg, int flags)
 shutdown			210	293	(int sockfd, int how)
-bind				235	282	(int sockfd, const struct sockaddr *addr, int addrlen)
+bind				200	282	(int sockfd, const struct sockaddr *addr, int addrlen)
 setsockopt			208	294	(int sockfd, int level, int optname, const void *optval, socklen_t optlen)
 getsockopt			209	295	(int sockfd, int level, int optname, const void *optval, socklen_t *optlen)
 clone				220	120	(unsigned long flags, void *child_stack, void *parent_tid, unsigned long newtls, void *child_tid)
@@ -85,7 +85,7 @@ timer_settime			110	258	(kernel_timer_t timer_id, int flags, const struct itimer
 timer_gettime			108	259	(int timer_id, const struct itimerspec *setting)
 timer_getoverrun		109	260	(int timer_id)
 timer_delete			111	261	(kernel_timer_t timer_id)
-clock_gettime			113	263	(const clockid_t which_clock, const struct timespec *tp)
+clock_gettime			113	263	(clockid_t which_clock, struct timespec *tp)
 exit_group			94	248	(int error_code)
 set_robust_list			99	338	(struct robust_list_head *head, size_t len)
 get_robust_list			100	339	(int pid, struct robust_list_head **head_ptr, size_t *len_ptr)
@@ -112,3 +112,16 @@ userfaultfd			282	388	(int flags)
 fallocate			47	352	(int fd, int mode, loff_t offset, loff_t len)
 cacheflush			!	983042	(void *start, void *end, int flags)
 ppoll				73	336	(struct pollfd *fds, unsigned int nfds, const struct timespec *tmo, const sigset_t *sigmask, size_t sigsetsize)
+open_tree			428	428	(int dirfd, const char *pathname, unsigned int flags)
+move_mount			429	429	(int from_dfd, const char *from_pathname, int to_dfd, const char *to_pathname, int flags)
+fsopen				430	430	(char *fsname, unsigned int flags)
+fsconfig			431	431	(int fd, unsigned int cmd, const char *key, const char *value, int aux)
+fsmount				432	432	(int fd, unsigned int flags, unsigned int attr_flags)
+clone3				435	435	(struct clone_args *uargs, size_t size)
+close_range			436	436	(unsigned int fd, unsigned int max_fd, unsigned int flags)
+pidfd_open			434	434	(pid_t pid, unsigned int flags)
+openat2				437	437	(int dirfd, char *pathname, struct open_how *how, size_t size)
+pidfd_getfd			438	438	(int pidfd, int targetfd, unsigned int flags)
+rseq				293	398	(void *rseq, uint32_t rseq_len, int flags, uint32_t sig)
+membarrier 			283	389	(int cmd, unsigned int flags, int cpu_id)
+map_shadow_stack		453	!	(unsigned long addr, unsigned long size, unsigned int flags)

compel/arch/arm/scripts/compel-pack.lds.S

@@ -29,8 +29,4 @@ SECTIONS
 		*(.eh_frame*)
 		*(*)
 	}
-
-/* Parasite args should have 4 bytes align, as we have futex inside. */
-. = ALIGN(4);
-__export_parasite_args = .;
 }

compel/arch/arm/src/lib/handle-elf.c

@@ -1,14 +1,12 @@
 #include <string.h>
-
-#include "uapi/compel.h"
+#include <errno.h>
 
 #include "handle-elf.h"
 #include "piegen.h"
 #include "log.h"
 
-static const unsigned char __maybe_unused
-elf_ident_32[EI_NIDENT] = {
-	0x7f, 0x45, 0x4c, 0x46, 0x01, 0x01, 0x01, 0x00,
+static const unsigned char __maybe_unused elf_ident_32[EI_NIDENT] = {
+	0x7f, 0x45, 0x4c, 0x46, 0x01, 0x01, 0x01, 0x00, /* clang-format */
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 };
 

compel/arch/arm/src/lib/include/handle-elf.h

@@ -3,8 +3,8 @@
 
 #include "elf32-types.h"
 
-#define __handle_elf				handle_elf_arm
-#define arch_is_machine_supported(e_machine)   (e_machine == EM_ARM)
+#define __handle_elf			     handle_elf_arm
+#define arch_is_machine_supported(e_machine) (e_machine == EM_ARM)
 
 extern int handle_elf_arm(void *mem, size_t size);
 

compel/arch/arm/src/lib/include/syscall.h

@@ -1,4 +1,8 @@
 #ifndef __COMPEL_SYSCALL_H__
 #define __COMPEL_SYSCALL_H__
-#define __NR(syscall, compat)	__NR_##syscall
+#define __NR(syscall, compat)   \
+	({                      \
+		(void)compat;   \
+		__NR_##syscall; \
+	})
 #endif

compel/arch/arm/src/lib/include/uapi/asm/cpu.h

@@ -1,6 +1,7 @@
 #ifndef UAPI_COMPEL_ASM_CPU_H__
 #define UAPI_COMPEL_ASM_CPU_H__
 
-typedef struct { } compel_cpuinfo_t;
+typedef struct {
+} compel_cpuinfo_t;
 
 #endif /* UAPI_COMPEL_ASM_CPU_H__ */

compel/arch/arm/src/lib/include/uapi/asm/infect-types.h

@@ -4,8 +4,8 @@
 #include <stdint.h>
 #include <sys/mman.h>
 
-#define SIGMAX			64
-#define SIGMAX_OLD		31
+#define SIGMAX	   64
+#define SIGMAX_OLD 31
 
 /*
  * Copied from the Linux kernel header arch/arm/include/asm/ptrace.h
@@ -14,53 +14,62 @@
  */
 
 typedef struct {
-	long			uregs[18];
+	long uregs[18];
 } user_regs_struct_t;
 
-typedef struct user_vfp		user_fpregs_struct_t;
+#define __compel_arch_fetch_thread_area(tid, th) 0
+#define compel_arch_fetch_thread_area(tctl)	 0
+#define compel_arch_get_tls_task(ctl, tls)
+#define compel_arch_get_tls_thread(tctl, tls)
 
-#define ARM_cpsr		uregs[16]
-#define ARM_pc			uregs[15]
-#define ARM_lr			uregs[14]
-#define ARM_sp			uregs[13]
-#define ARM_ip			uregs[12]
-#define ARM_fp			uregs[11]
-#define ARM_r10			uregs[10]
-#define ARM_r9			uregs[9]
-#define ARM_r8			uregs[8]
-#define ARM_r7			uregs[7]
-#define ARM_r6			uregs[6]
-#define ARM_r5			uregs[5]
-#define ARM_r4			uregs[4]
-#define ARM_r3			uregs[3]
-#define ARM_r2			uregs[2]
-#define ARM_r1			uregs[1]
-#define ARM_r0			uregs[0]
-#define ARM_ORIG_r0		uregs[17]
+typedef struct user_vfp user_fpregs_struct_t;
 
+#define ARM_cpsr    uregs[16]
+#define ARM_pc	    uregs[15]
+#define ARM_lr	    uregs[14]
+#define ARM_sp	    uregs[13]
+#define ARM_ip	    uregs[12]
+#define ARM_fp	    uregs[11]
+#define ARM_r10	    uregs[10]
+#define ARM_r9	    uregs[9]
+#define ARM_r8	    uregs[8]
+#define ARM_r7	    uregs[7]
+#define ARM_r6	    uregs[6]
+#define ARM_r5	    uregs[5]
+#define ARM_r4	    uregs[4]
+#define ARM_r3	    uregs[3]
+#define ARM_r2	    uregs[2]
+#define ARM_r1	    uregs[1]
+#define ARM_r0	    uregs[0]
+#define ARM_ORIG_r0 uregs[17]
 
 /* Copied from arch/arm/include/asm/user.h */
 
 struct user_vfp {
-	unsigned long long	fpregs[32];
-	unsigned long		fpscr;
+	unsigned long long fpregs[32];
+	unsigned long fpscr;
 };
 
 struct user_vfp_exc {
-	unsigned long		fpexc;
-	unsigned long		fpinst;
-	unsigned long		fpinst2;
+	unsigned long fpexc;
+	unsigned long fpinst;
+	unsigned long fpinst2;
 };
 
-#define REG_RES(regs)		((regs).ARM_r0)
-#define REG_IP(regs)		((regs).ARM_pc)
-#define REG_SP(regs)		((regs).ARM_sp)
-#define REG_SYSCALL_NR(regs)	((regs).ARM_r7)
+#define REG_RES(regs)	      ((regs).ARM_r0)
+#define REG_IP(regs)	      ((regs).ARM_pc)
+#define SET_REG_IP(regs, val) ((regs).ARM_pc = (val))
+#define REG_SP(regs)	      ((regs).ARM_sp)
+#define REG_SYSCALL_NR(regs)  ((regs).ARM_r7)
 
-#define user_regs_native(pregs)			true
+#define user_regs_native(pregs) true
 
-#define ARCH_SI_TRAP		TRAP_BRKPT
+#define ARCH_SI_TRAP TRAP_BRKPT
 
-#define __NR(syscall, compat)	__NR_##syscall
+#define __NR(syscall, compat)   \
+	({                      \
+		(void)compat;   \
+		__NR_##syscall; \
+	})
 
 #endif /* UAPI_COMPEL_ASM_TYPES_H__ */

compel/arch/arm/src/lib/include/uapi/asm/processor-flags.h

@@ -6,37 +6,37 @@
 /*
  * PSR bits
  */
-#define USR26_MODE	0x00000000
-#define FIQ26_MODE	0x00000001
-#define IRQ26_MODE	0x00000002
-#define SVC26_MODE	0x00000003
-#define USR_MODE	0x00000010
-#define FIQ_MODE	0x00000011
-#define IRQ_MODE	0x00000012
-#define SVC_MODE	0x00000013
-#define ABT_MODE	0x00000017
-#define UND_MODE	0x0000001b
-#define SYSTEM_MODE	0x0000001f
-#define MODE32_BIT	0x00000010
-#define MODE_MASK	0x0000001f
-#define PSR_T_BIT	0x00000020
-#define PSR_F_BIT	0x00000040
-#define PSR_I_BIT	0x00000080
-#define PSR_A_BIT	0x00000100
-#define PSR_E_BIT	0x00000200
-#define PSR_J_BIT	0x01000000
-#define PSR_Q_BIT	0x08000000
-#define PSR_V_BIT	0x10000000
-#define PSR_C_BIT	0x20000000
-#define PSR_Z_BIT	0x40000000
-#define PSR_N_BIT	0x80000000
+#define USR26_MODE  0x00000000
+#define FIQ26_MODE  0x00000001
+#define IRQ26_MODE  0x00000002
+#define SVC26_MODE  0x00000003
+#define USR_MODE    0x00000010
+#define FIQ_MODE    0x00000011
+#define IRQ_MODE    0x00000012
+#define SVC_MODE    0x00000013
+#define ABT_MODE    0x00000017
+#define UND_MODE    0x0000001b
+#define SYSTEM_MODE 0x0000001f
+#define MODE32_BIT  0x00000010
+#define MODE_MASK   0x0000001f
+#define PSR_T_BIT   0x00000020
+#define PSR_F_BIT   0x00000040
+#define PSR_I_BIT   0x00000080
+#define PSR_A_BIT   0x00000100
+#define PSR_E_BIT   0x00000200
+#define PSR_J_BIT   0x01000000
+#define PSR_Q_BIT   0x08000000
+#define PSR_V_BIT   0x10000000
+#define PSR_C_BIT   0x20000000
+#define PSR_Z_BIT   0x40000000
+#define PSR_N_BIT   0x80000000
 
 /*
  * Groups of PSR bits
  */
-#define PSR_f		0xff000000	/* Flags	*/
-#define PSR_s		0x00ff0000	/* Status	*/
-#define PSR_x		0x0000ff00	/* Extension	*/
-#define PSR_c		0x000000ff	/* Control	*/
+#define PSR_f 0xff000000 /* Flags	*/
+#define PSR_s 0x00ff0000 /* Status	*/
+#define PSR_x 0x0000ff00 /* Extension	*/
+#define PSR_c 0x000000ff /* Control	*/
 
 #endif

compel/arch/arm/src/lib/include/uapi/asm/sigframe.h

@@ -6,42 +6,42 @@
 /* Copied from the Linux kernel header arch/arm/include/asm/sigcontext.h */
 
 struct rt_sigcontext {
-	unsigned long		trap_no;
-	unsigned long		error_code;
-	unsigned long		oldmask;
-	unsigned long		arm_r0;
-	unsigned long		arm_r1;
-	unsigned long		arm_r2;
-	unsigned long		arm_r3;
-	unsigned long		arm_r4;
-	unsigned long		arm_r5;
-	unsigned long		arm_r6;
-	unsigned long		arm_r7;
-	unsigned long		arm_r8;
-	unsigned long		arm_r9;
-	unsigned long		arm_r10;
-	unsigned long		arm_fp;
-	unsigned long		arm_ip;
-	unsigned long		arm_sp;
-	unsigned long		arm_lr;
-	unsigned long		arm_pc;
-	unsigned long		arm_cpsr;
-	unsigned long		fault_address;
+	unsigned long trap_no;
+	unsigned long error_code;
+	unsigned long oldmask;
+	unsigned long arm_r0;
+	unsigned long arm_r1;
+	unsigned long arm_r2;
+	unsigned long arm_r3;
+	unsigned long arm_r4;
+	unsigned long arm_r5;
+	unsigned long arm_r6;
+	unsigned long arm_r7;
+	unsigned long arm_r8;
+	unsigned long arm_r9;
+	unsigned long arm_r10;
+	unsigned long arm_fp;
+	unsigned long arm_ip;
+	unsigned long arm_sp;
+	unsigned long arm_lr;
+	unsigned long arm_pc;
+	unsigned long arm_cpsr;
+	unsigned long fault_address;
 };
 
 /* Copied from the Linux kernel header arch/arm/include/asm/ucontext.h */
 
-#define VFP_MAGIC		0x56465001
-#define VFP_STORAGE_SIZE	sizeof(struct vfp_sigframe)
+#define VFP_MAGIC	 0x56465001
+#define VFP_STORAGE_SIZE sizeof(struct vfp_sigframe)
 
 struct vfp_sigframe {
-	unsigned long		magic;
-	unsigned long		size;
-	struct user_vfp		ufp;
-	struct user_vfp_exc	ufp_exc;
+	unsigned long magic;
+	unsigned long size;
+	struct user_vfp ufp;
+	struct user_vfp_exc ufp_exc;
 };
 
-typedef struct vfp_sigframe	fpu_state_t;
+typedef struct vfp_sigframe fpu_state_t;
 
 struct aux_sigframe {
 	/*
@@ -49,23 +49,23 @@ struct aux_sigframe {
 	struct iwmmxt_sigframe  iwmmxt;
 	*/
 
-	struct vfp_sigframe	vfp;
-	unsigned long		end_magic;
+	struct vfp_sigframe vfp;
+	unsigned long end_magic;
 } __attribute__((aligned(8)));
 
 #include <compel/sigframe-common.h>
 
 struct sigframe {
-	struct rt_ucontext	uc;
-	unsigned long		retcode[2];
+	struct rt_ucontext uc;
+	unsigned long retcode[2];
 };
 
 struct rt_sigframe {
-	struct rt_siginfo	info;
-	struct sigframe		sig;
+	struct rt_siginfo info;
+	struct sigframe sig;
 };
 
-
+/* clang-format off */
 #define ARCH_RT_SIGRETURN(new_sp, rt_sigframe)				\
 	asm volatile(							\
 		     "mov sp, %0				    \n"	\
@@ -74,17 +74,16 @@ struct rt_sigframe {
 		     :							\
 		     : "r"(new_sp)					\
 		     : "memory")
+/* clang-format on */
 
-#define RT_SIGFRAME_UC(rt_sigframe)		(&rt_sigframe->sig.uc)
-#define RT_SIGFRAME_REGIP(rt_sigframe)		(rt_sigframe)->sig.uc.uc_mcontext.arm_ip
-#define RT_SIGFRAME_HAS_FPU(rt_sigframe)	1
-#define RT_SIGFRAME_AUX_SIGFRAME(rt_sigframe)	((struct aux_sigframe *)&(rt_sigframe)->sig.uc.uc_regspace)
-#define RT_SIGFRAME_FPU(rt_sigframe)		(&RT_SIGFRAME_AUX_SIGFRAME(rt_sigframe)->vfp)
-#define RT_SIGFRAME_OFFSET(rt_sigframe)		0
+#define RT_SIGFRAME_UC(rt_sigframe)	      (&rt_sigframe->sig.uc)
+#define RT_SIGFRAME_REGIP(rt_sigframe)	      (rt_sigframe)->sig.uc.uc_mcontext.arm_ip
+#define RT_SIGFRAME_HAS_FPU(rt_sigframe)      1
+#define RT_SIGFRAME_AUX_SIGFRAME(rt_sigframe) ((struct aux_sigframe *)&(rt_sigframe)->sig.uc.uc_regspace)
+#define RT_SIGFRAME_FPU(rt_sigframe)	      (&RT_SIGFRAME_AUX_SIGFRAME(rt_sigframe)->vfp)
+#define RT_SIGFRAME_OFFSET(rt_sigframe)	      0
 
-#define rt_sigframe_erase_sigset(sigframe)				\
-	memset(&sigframe->sig.uc.uc_sigmask, 0, sizeof(k_rtsigset_t))
-#define rt_sigframe_copy_sigset(sigframe, from)				\
-	memcpy(&sigframe->sig.uc.uc_sigmask, from, sizeof(k_rtsigset_t))
+#define rt_sigframe_erase_sigset(sigframe)	memset(&sigframe->sig.uc.uc_sigmask, 0, sizeof(k_rtsigset_t))
+#define rt_sigframe_copy_sigset(sigframe, from) memcpy(&sigframe->sig.uc.uc_sigmask, from, sizeof(k_rtsigset_t))
 
 #endif /* UAPI_COMPEL_ASM_SIGFRAME_H__ */

compel/arch/arm/src/lib/infect.c

@@ -1,8 +1,11 @@
 #include <stdlib.h>
 #include <sys/ptrace.h>
 #include <sys/types.h>
+#include <string.h>
 #include <compel/plugins/std/syscall-codes.h>
 #include <compel/asm/processor-flags.h>
+#include <errno.h>
+
 #include "common/page.h"
 #include "uapi/compel/asm/infect-types.h"
 #include "log.h"
@@ -14,12 +17,11 @@
  * Injected syscall instruction
  */
 const char code_syscall[] = {
-	0x00, 0x00, 0x00, 0xef,         /* SVC #0  */
-	0xf0, 0x01, 0xf0, 0xe7          /* UDF #32 */
+	0x00, 0x00, 0x00, 0xef, /* SVC #0  */
+	0xf0, 0x01, 0xf0, 0xe7	/* UDF #32 */
 };
 
-static const int
-code_syscall_aligned = round_up(sizeof(code_syscall), sizeof(long));
+static const int code_syscall_aligned = round_up(sizeof(code_syscall), sizeof(long));
 
 static inline __always_unused void __check_code_syscall(void)
 {
@@ -27,9 +29,7 @@ static inline __always_unused void __check_code_syscall(void)
 	BUILD_BUG_ON(!is_log2(sizeof(code_syscall)));
 }
 
-int sigreturn_prep_regs_plain(struct rt_sigframe *sigframe,
-			      user_regs_struct_t *regs,
-			      user_fpregs_struct_t *fpregs)
+int sigreturn_prep_regs_plain(struct rt_sigframe *sigframe, user_regs_struct_t *regs, user_fpregs_struct_t *fpregs)
 {
 	struct aux_sigframe *aux = (struct aux_sigframe *)(void *)&sigframe->sig.uc.uc_regspace;
 
@@ -59,22 +59,20 @@ int sigreturn_prep_regs_plain(struct rt_sigframe *sigframe,
 	return 0;
 }
 
-int sigreturn_prep_fpu_frame_plain(struct rt_sigframe *sigframe,
-				   struct rt_sigframe *rsigframe)
+int sigreturn_prep_fpu_frame_plain(struct rt_sigframe *sigframe, struct rt_sigframe *rsigframe)
 {
 	return 0;
 }
 
 #define PTRACE_GETVFPREGS 27
-int get_task_regs(pid_t pid, user_regs_struct_t *regs, save_regs_t save,
-		  void *arg, __maybe_unused unsigned long flags)
+int compel_get_task_regs(pid_t pid, user_regs_struct_t *regs, user_fpregs_struct_t *vfp, save_regs_t save,
+			 void *arg, __maybe_unused unsigned long flags)
 {
-	user_fpregs_struct_t vfp;
 	int ret = -1;
 
 	pr_info("Dumping GP/FPU registers for %d\n", pid);
 
-	if (ptrace(PTRACE_GETVFPREGS, pid, NULL, &vfp)) {
+	if (ptrace(PTRACE_GETVFPREGS, pid, NULL, vfp)) {
 		pr_perror("Can't obtain FPU registers for %d", pid);
 		goto err;
 	}
@@ -90,24 +88,30 @@ int get_task_regs(pid_t pid, user_regs_struct_t *regs, save_regs_t save,
 			regs->ARM_pc -= 4;
 			break;
 		case -ERESTART_RESTARTBLOCK:
-			regs->ARM_r0 = __NR_restart_syscall;
-			regs->ARM_pc -= 4;
+			pr_warn("Will restore %d with interrupted system call\n", pid);
+			regs->ARM_r0 = -EINTR;
 			break;
 		}
 	}
 
-	ret = save(arg, regs, &vfp);
+	ret = save(pid, arg, regs, vfp);
 err:
 	return ret;
 }
 
-int compel_syscall(struct parasite_ctl *ctl, int nr, long *ret,
-		unsigned long arg1,
-		unsigned long arg2,
-		unsigned long arg3,
-		unsigned long arg4,
-		unsigned long arg5,
-		unsigned long arg6)
+int compel_set_task_ext_regs(pid_t pid, user_fpregs_struct_t *ext_regs)
+{
+	pr_info("Restoring GP/FPU registers for %d\n", pid);
+
+	if (ptrace(PTRACE_SETVFPREGS, pid, NULL, ext_regs)) {
+		pr_perror("Can't set FPU registers for %d", pid);
+		return -1;
+	}
+	return 0;
+}
+
+int compel_syscall(struct parasite_ctl *ctl, int nr, long *ret, unsigned long arg1, unsigned long arg2,
+		   unsigned long arg3, unsigned long arg4, unsigned long arg5, unsigned long arg6)
 {
 	user_regs_struct_t regs = ctl->orig.regs;
 	int err;
@@ -126,9 +130,7 @@ int compel_syscall(struct parasite_ctl *ctl, int nr, long *ret,
 	return err;
 }
 
-void *remote_mmap(struct parasite_ctl *ctl,
-		  void *addr, size_t length, int prot,
-		  int flags, int fd, off_t offset)
+void *remote_mmap(struct parasite_ctl *ctl, void *addr, size_t length, int prot, int flags, int fd, off_t offset)
 {
 	long map;
 	int err;
@@ -136,8 +138,7 @@ void *remote_mmap(struct parasite_ctl *ctl,
 	if (offset & ~PAGE_MASK)
 		return 0;
 
-	err = compel_syscall(ctl, __NR_mmap2, &map,
-			(unsigned long)addr, length, prot, flags, fd, offset >> 12);
+	err = compel_syscall(ctl, __NR_mmap2, &map, (unsigned long)addr, length, prot, flags, fd, offset >> 12);
 	if (err < 0 || map > ctl->ictx.task_size)
 		map = 0;
 
@@ -167,9 +168,7 @@ int arch_fetch_sas(struct parasite_ctl *ctl, struct rt_sigframe *s)
 	long ret;
 	int err;
 
-	err = compel_syscall(ctl, __NR_sigaltstack,
-			     &ret, 0, (unsigned long)&s->sig.uc.uc_stack,
-			     0, 0, 0, 0);
+	err = compel_syscall(ctl, __NR_sigaltstack, &ret, 0, (unsigned long)&s->sig.uc.uc_stack, 0, 0, 0, 0);
 	return err ? err : ret;
 }
 
@@ -178,9 +177,9 @@ int arch_fetch_sas(struct parasite_ctl *ctl, struct rt_sigframe *s)
  *   arch/arm/include/asm/memory.h
  *   arch/arm/Kconfig (PAGE_OFFSET values in Memory split section)
  */
-#define TASK_SIZE_MIN		0x3f000000
-#define TASK_SIZE_MAX		0xbf000000
-#define SZ_1G			0x40000000
+#define TASK_SIZE_MIN 0x3f000000
+#define TASK_SIZE_MAX 0xbf000000
+#define SZ_1G	      0x40000000
 
 unsigned long compel_task_size(void)
 {
@@ -192,4 +191,3 @@ unsigned long compel_task_size(void)
 
 	return task_size;
 }
-

compel/arch/loongarch64/plugins/include/asm/prologue.h

@@ -0,0 +1,35 @@
+#ifndef __ASM_PROLOGUE_H__
+#define __ASM_PROLOGUE_H__
+
+#ifndef __ASSEMBLY__
+
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <sys/un.h>
+
+#include <errno.h>
+
+#define sys_recv(sockfd, ubuf, size, flags) sys_recvfrom(sockfd, ubuf, size, flags, NULL, NULL)
+
+typedef struct prologue_init_args {
+	struct sockaddr_un ctl_sock_addr;
+	unsigned int ctl_sock_addr_len;
+
+	unsigned int arg_s;
+	void *arg_p;
+
+	void *sigframe;
+} prologue_init_args_t;
+
+#endif /* __ASSEMBLY__ */
+
+/*
+ * Reserve enough space for sigframe.
+ *
+ * FIXME It is rather should be taken from sigframe header.
+ */
+#define PROLOGUE_SGFRAME_SIZE 4096
+
+#define PROLOGUE_INIT_ARGS_SIZE 1024
+
+#endif /* __ASM_PROLOGUE_H__ */

compel/arch/loongarch64/plugins/include/asm/syscall-types.h

@@ -0,0 +1,30 @@
+#ifndef COMPEL_ARCH_SYSCALL_TYPES_H__
+#define COMPEL_ARCH_SYSCALL_TYPES_H__
+
+#include <common/asm/bitsperlong.h>
+/* Types for sigaction, sigprocmask syscalls */
+typedef void rt_signalfn_t(int, siginfo_t *, void *);
+typedef rt_signalfn_t *rt_sighandler_t;
+
+typedef void rt_restorefn_t(void);
+typedef rt_restorefn_t *rt_sigrestore_t;
+
+/* refer to arch/loongarch/include/uapi/asm/signal.h */
+#define _KNSIG	     64
+#define _NSIG_BPW    BITS_PER_LONG
+#define _KNSIG_WORDS (_KNSIG / _NSIG_BPW)
+
+typedef struct {
+	uint64_t sig[_KNSIG_WORDS];
+} k_rtsigset_t;
+
+typedef struct {
+	rt_sighandler_t rt_sa_handler;
+	unsigned long rt_sa_flags;
+	rt_sigrestore_t rt_sa_restorer;
+	k_rtsigset_t rt_sa_mask;
+} rt_sigaction_t;
+
+#define SA_RESTORER 0x04000000
+
+#endif /* COMPEL_ARCH_SYSCALL_TYPES_H__ */

compel/arch/loongarch64/plugins/include/features.h

@@ -0,0 +1,4 @@
+#ifndef __COMPEL_ARCH_FEATURES_H
+#define __COMPEL_ARCH_FEATURES_H
+
+#endif /* __COMPEL_ARCH_FEATURES_H */

compel/arch/loongarch64/plugins/std/parasite-head.S

@@ -0,0 +1,9 @@
+
+#include "common/asm/linkage.h"
+
+	.section .head.text, "ax"
+ENTRY(__export_parasite_head_start)
+	bl	parasite_service;
+	break 0;
+END(__export_parasite_head_start)
+

compel/arch/loongarch64/plugins/std/syscalls/Makefile.syscalls

@@ -0,0 +1,117 @@
+std-lib-y		+= ./$(PLUGIN_ARCH_DIR)/std/syscalls-64.o
+sys-proto-types		:= $(obj)/include/uapi/std/syscall-types.h
+sys-proto-generic	:= $(obj)/include/uapi/std/syscall.h
+sys-codes-generic	:= $(obj)/include/uapi/std/syscall-codes.h
+sys-codes		 = $(obj)/include/uapi/std/syscall-codes-$(1).h
+sys-proto		 = $(obj)/include/uapi/std/syscall-$(1).h
+sys-def			 = $(PLUGIN_ARCH_DIR)/std/syscalls/syscall_$(1).tbl
+sys-asm			 = $(PLUGIN_ARCH_DIR)/std/syscalls-$(1).S
+sys-asm-common-name	 = std/syscalls/syscall-common-loongarch-$(1).S
+sys-asm-common		 = $(PLUGIN_ARCH_DIR)/$(sys-asm-common-name)
+sys-asm-types		:= $(obj)/include/uapi/std/asm/syscall-types.h
+sys-exec-tbl		 = $(PLUGIN_ARCH_DIR)/std/sys-exec-tbl-$(1).c
+
+sys-bits		:= 64
+
+AV			:= $$$$
+
+define gen-rule-sys-codes
+$(sys-codes): $(sys-def) $(sys-proto-types)
+	$(call msg-gen, $$@)
+	$(Q) echo "/* Autogenerated, don't edit */"					>  $$@
+	$(Q) echo "#ifndef ASM_SYSCALL_CODES_H_$(1)__"					>> $$@
+	$(Q) echo "#define ASM_SYSCALL_CODES_H_$(1)__"					>> $$@
+	$(Q) cat $$< | awk '/^__NR/{SYSN=$(AV)1;					\
+		sub("^__NR", "SYS", SYSN);						\
+		print "\n#ifndef ", $(AV)1;						\
+		print "#define", $(AV)1, $(AV)2;					\
+		print "#endif";								\
+		print "\n#ifndef ", SYSN;						\
+		print "#define ", SYSN, $(AV)1;						\
+		print "#endif";}'							>> $$@
+	$(Q) echo "#endif /* ASM_SYSCALL_CODES_H_$(1)__ */"				>> $$@
+endef
+
+define gen-rule-sys-proto
+$(sys-proto): $(sys-def) $(sys-proto-types)
+	$(call msg-gen, $$@)
+	$(Q) echo "/* Autogenerated, don't edit */"					>  $$@
+	$(Q) echo "#ifndef ASM_SYSCALL_PROTO_H_$(1)__"					>> $$@
+	$(Q) echo "#define ASM_SYSCALL_PROTO_H_$(1)__"					>> $$@
+	$(Q) echo '#include <compel/plugins/std/syscall-codes-$(1).h>'			>> $$@
+	$(Q) echo '#include <compel/plugins/std/syscall-types.h>'			>> $$@
+ifeq ($(1),32)
+	$(Q) echo '#include "asm/syscall32.h"'						>> $$@
+endif
+	$(Q) cat $$< | awk '/^__NR/{print "extern long", $(AV)3,			\
+			substr($(AV)0, index($(AV)0,$(AV)4)), ";"}'			>> $$@
+	$(Q) echo "#endif /* ASM_SYSCALL_PROTO_H_$(1)__ */"				>> $$@
+endef
+
+define gen-rule-sys-asm
+$(sys-asm): $(sys-def) $(sys-asm-common) $(sys-codes) $(sys-proto) $(sys-proto-types)
+	$(call msg-gen, $$@)
+	$(Q) echo "/* Autogenerated, don't edit */"					>  $$@
+	$(Q) echo '#include <compel/plugins/std/syscall-codes-$(1).h>'			>> $$@
+	$(Q) echo '#include "$(sys-asm-common-name)"'					>> $$@
+	$(Q) cat $$< | awk '/^__NR/{print "SYSCALL(", $(AV)3, ",", $(AV)2, ")"}'	>> $$@
+endef
+
+define gen-rule-sys-exec-tbl
+$(sys-exec-tbl): $(sys-def) $(sys-codes) $(sys-proto) $(sys-proto-generic) $(sys-proto-types)
+	$(call msg-gen, $$@)
+	$(Q) echo "/* Autogenerated, don't edit */"					>  $$@
+	$(Q) cat $$< | awk '/^__NR/{print						\
+		"SYSCALL(", substr($(AV)3, 5), ",", $(AV)2, ")"}'			>> $$@
+endef
+
+$(sys-codes-generic): $(sys-proto-types)
+	$(call msg-gen, $@)
+	$(Q) echo "/* Autogenerated, don't edit */"			>  $@
+	$(Q) echo "#ifndef __ASM_CR_SYSCALL_CODES_H__"			>> $@
+	$(Q) echo "#define __ASM_CR_SYSCALL_CODES_H__"			>> $@
+	$(Q) echo '#include <compel/plugins/std/syscall-codes-64.h>'	>> $@
+	$(Q) cat $< | awk '/^__NR/{NR32=$$1;				\
+		sub("^__NR", "__NR32", NR32);				\
+		print "\n#ifndef ", NR32;				\
+		print "#define ", NR32, $$2;				\
+		print "#endif";}'					>> $@
+	$(Q) echo "#endif /* __ASM_CR_SYSCALL_CODES_H__ */"		>> $@
+mrproper-y += $(sys-codes-generic)
+
+$(sys-proto-generic): $(strip $(call map,sys-proto,$(sys-bits))) $(sys-proto-types)
+	$(call msg-gen, $@)
+	$(Q) echo "/* Autogenerated, don't edit */"			>  $@
+	$(Q) echo "#ifndef __ASM_CR_SYSCALL_PROTO_H__"			>> $@
+	$(Q) echo "#define __ASM_CR_SYSCALL_PROTO_H__"			>> $@
+	$(Q) echo ""							>> $@
+	$(Q) echo '#include <compel/plugins/std/syscall-64.h>'		>> $@
+	$(Q) echo ""							>> $@
+	$(Q) echo "#endif /* __ASM_CR_SYSCALL_PROTO_H__ */"		>> $@
+mrproper-y += $(sys-proto-generic)
+
+define gen-rule-sys-exec-tbl
+$(sys-exec-tbl): $(sys-def) $(sys-codes) $(sys-proto) $(sys-proto-generic)
+	$(call msg-gen, $$@)
+	$(Q) echo "/* Autogenerated, don't edit */"			>  $$@
+	$(Q) cat $$< | awk '/^__NR/{print				\
+		"SYSCALL(", substr($(AV)3, 5), ",", $(AV)2, ")"}'	>> $$@
+endef
+
+$(eval $(call map,gen-rule-sys-codes,$(sys-bits)))
+$(eval $(call map,gen-rule-sys-proto,$(sys-bits)))
+$(eval $(call map,gen-rule-sys-asm,$(sys-bits)))
+$(eval $(call map,gen-rule-sys-exec-tbl,$(sys-bits)))
+
+$(sys-asm-types): $(PLUGIN_ARCH_DIR)/include/asm/syscall-types.h
+	$(call msg-gen, $@)
+	$(Q) ln -s ../../../../../../$(PLUGIN_ARCH_DIR)/include/asm/syscall-types.h $(sys-asm-types)
+
+std-headers-deps	+= $(call sys-codes,$(sys-bits))
+std-headers-deps	+= $(call sys-proto,$(sys-bits))
+std-headers-deps	+= $(call sys-asm,$(sys-bits))
+std-headers-deps	+= $(call sys-exec-tbl,$(sys-bits))
+std-headers-deps	+= $(sys-codes-generic)
+std-headers-deps	+= $(sys-proto-generic)
+std-headers-deps	+= $(sys-asm-types)
+mrproper-y		+= $(std-headers-deps)

compel/arch/loongarch64/plugins/std/syscalls/syscall-common-loongarch-64.S

@@ -0,0 +1,44 @@
+#include "common/asm/linkage.h"
+
+#define SYSCALL(name, opcode)		\
+ENTRY(name);					\
+	addi.d	$a7, $zero, opcode;	\
+	syscall 0;					\
+	jirl	$r0, $r1, 0;		\
+END(name)
+
+#ifndef AT_FDCWD
+#define AT_FDCWD	-100
+#endif
+
+#ifndef AT_REMOVEDIR
+#define AT_REMOVEDIR	0x200
+#endif
+
+ENTRY(sys_open)
+	or		$a3, $zero, $a2
+	or		$a2, $zero, $a1
+	or		$a1, $zero, $a0
+	addi.d	$a0, $zero, AT_FDCWD
+	b		sys_openat
+END(sys_open)
+
+ENTRY(sys_mkdir)
+	or		$a3, $zero, $a2
+	or		$a2, $zero, $a1
+	or		$a1, $zero, $a0
+	addi.d	$a0, $zero, AT_FDCWD
+	b		sys_mkdirat
+END(sys_mkdir)
+
+ENTRY(sys_rmdir)
+	addi.d	$a2, $zero, AT_REMOVEDIR
+	or		$a1, $zero, $a0
+	addi.d	$a0, $zero, AT_FDCWD
+	b		sys_unlinkat
+END(sys_rmdir)
+
+ENTRY(__cr_restore_rt)
+	addi.d	$a7, $zero, __NR_rt_sigreturn
+	syscall	0
+END(__cr_restore_rt)

compel/arch/loongarch64/plugins/std/syscalls/syscall_64.tbl

@@ -0,0 +1,122 @@
+#
+# System calls table, please make sure the table consist only the syscalls
+# really used somewhere in project.
+# from kernel/linux-3.10.84/arch/mips/include/uapi/asm/unistd.h Linux 64-bit syscalls are in the range from 5000 to 5999.
+#
+# __NR_name			code		name			arguments
+# -------------------------------------------------------------------------------------------------------------------------------------------------------------
+__NR_io_setup			0	sys_io_setup		(unsigned nr_events, aio_context_t *ctx)
+__NR_io_submit			2	sys_io_submit		(aio_context_t ctx, long nr, struct iocb **iocbpp)
+__NR_io_getevents		4	sys_io_getevents	(aio_context_t ctx, long min_nr, long nr, struct io_event *evs, struct timespec *tmo)
+__NR_fcntl			25	sys_fcntl		(int fd, int type, long arg)
+__NR_ioctl			29	sys_ioctl		(unsigned int fd, unsigned int cmd, unsigned long arg)
+__NR_flock			32	sys_flock		(int fd, unsigned long cmd)
+__NR_mkdirat			34	sys_mkdirat             (int dfd, const char *pathname, int flag)
+__NR_unlinkat			35	sys_unlinkat            (int dfd, const char *pathname, int flag)
+__NR_umount2			39	sys_umount2		(char *name, int flags)
+__NR_mount			40	sys_mount		(char *dev_nmae, char *dir_name, char *type, unsigned long flags, void *data)
+__NR_fallocate			47	sys_fallocate		(int fd, int mode, loff_t offset, loff_t len)
+__NR_close			57	sys_close		(int fd)
+__NR_openat			56	sys_openat		(int dfd, const char *filename, int flags, int mode)
+__NR_lseek			62	sys_lseek		(int fd, unsigned long offset, unsigned long origin)
+__NR_read			63	sys_read		(int fd, void *buf, unsigned long count)
+__NR_write			64	sys_write		(int fd, const void *buf, unsigned long count)
+__NR_pread64			67	sys_pread		(unsigned int fd, char *buf, size_t count, loff_t pos)
+__NR_preadv			69	sys_preadv_raw		(int fd, struct iovec *iov, unsigned long nr, unsigned long pos_l, unsigned long pos_h)
+__NR_ppoll			73	sys_ppoll		(struct pollfd *fds, unsigned int nfds, const struct timespec *tmo, const sigset_t *sigmask, size_t sigsetsize)
+__NR_signalfd4			74	sys_signalfd		(int fd, k_rtsigset_t *mask, size_t sizemask, int flags)
+__NR_vmsplice			75	sys_vmsplice		(int fd, const struct iovec *iov, unsigned long nr_segs, unsigned int flags)
+__NR_readlinkat			78	sys_readlinkat		(int fd, const char *path, char *buf, int bufsize)
+__NR_timerfd_settime		86	sys_timerfd_settime	(int ufd, int flags, const struct itimerspec *utmr, struct itimerspec *otmr)
+__NR_capget			90	sys_capget		(struct cap_header *h, struct cap_data *d)
+__NR_capset			91	sys_capset		(struct cap_header *h, struct cap_data *d)
+__NR_personality		92	sys_personality		(unsigned int personality)
+__NR_exit			93	sys_exit		(unsigned long error_code)
+__NR_exit_group			94	sys_exit_group		(int error_code)
+__NR_waitid			95	sys_waitid		(int which, pid_t pid, struct siginfo *infop, int options, struct rusage *ru)
+__NR_set_tid_address		96	sys_set_tid_address	(int *tid_addr)
+__NR_futex			98	sys_futex		(uint32_t *uaddr, int op, uint32_t val, struct timespec *utime, uint32_t *uaddr2, uint32_t val3)
+__NR_set_robust_list		99	sys_set_robust_list	(struct robust_list_head *head, size_t len)
+__NR_get_robust_list		100	sys_get_robust_list	(int pid, struct robust_list_head **head_ptr, size_t *len_ptr)
+__NR_nanosleep			101	sys_nanosleep		(struct timespec *req, struct timespec *rem)
+__NR_getitimer			102	sys_getitimer		(int which, const struct itimerval *val)
+__NR_setitimer			103	sys_setitimer		(int which, const struct itimerval *val, struct itimerval *old)
+__NR_sys_timer_create		107	sys_timer_create	(clockid_t which_clock, struct sigevent *timer_event_spec, kernel_timer_t *created_timer_id)
+__NR_sys_timer_gettime		108	sys_timer_gettime	(int timer_id, const struct itimerspec *setting)
+__NR_sys_timer_getoverrun	109	sys_timer_getoverrun	(int timer_id)
+__NR_sys_timer_settime		110	sys_timer_settime	(kernel_timer_t timer_id, int flags, const struct itimerspec *new_setting, struct itimerspec *old_setting)
+__NR_sys_timer_delete		111	sys_timer_delete	(kernel_timer_t timer_id)
+__NR_clock_gettime		113	sys_clock_gettime	(clockid_t which_clock, struct timespec *tp)
+__NR_sched_setscheduler		119	sys_sched_setscheduler	(int pid, int policy, struct sched_param *p)
+__NR_restart_syscall		128	sys_restart_syscall	(void)
+__NR_kill			129	sys_kill		(long pid, int sig)
+__NR_sigaltstack		132	sys_sigaltstack		(const void *uss, void *uoss)
+__NR_rt_sigaction		134	sys_sigaction		(int signum, const rt_sigaction_t *act, rt_sigaction_t *oldact, size_t sigsetsize)
+__NR_rt_sigprocmask		135	sys_sigprocmask		(int how, k_rtsigset_t *set, k_rtsigset_t *old, size_t sigsetsize)
+__NR_rt_sigqueueinfo		138	sys_rt_sigqueueinfo	(pid_t pid, int sig, siginfo_t *info)
+__NR_rt_sigreturn		139	sys_rt_sigreturn	(void)
+__NR_setpriority		140	sys_setpriority		(int which, int who, int nice)
+__NR_setresuid			147	sys_setresuid		(int uid, int euid, int suid)
+__NR_getresuid			148	sys_getresuid		(int *uid, int *euid, int *suid)
+__NR_setresgid			149	sys_setresgid		(int gid, int egid, int sgid)
+__NR_getresgid			150	sys_getresgid		(int *gid, int *egid, int *sgid)
+__NR_getpgid			155	sys_getpgid		(pid_t pid)
+__NR_setfsuid			151	sys_setfsuid		(int fsuid)
+__NR_setfsgid			152	sys_setfsgid		(int fsgid)
+__NR_getsid			156	sys_getsid		(void)
+__NR_getgroups			158	sys_getgroups		(int gsize, unsigned int *groups)
+__NR_setgroups			159	sys_setgroups		(int gsize, unsigned int *groups)
+__NR_setrlimit			164	sys_setrlimit		(int resource, struct krlimit *rlim)
+__NR_umask			166	sys_umask		(int mask)
+__NR_prctl			167	sys_prctl		(int option, unsigned long arg2, unsigned long arg3, unsigned long arg4, unsigned long arg5)
+__NR_gettimeofday		169	sys_gettimeofday	(struct timeval *tv, struct timezone *tz)
+__NR_getpid			172	sys_getpid		(void)
+__NR_ptrace			177	sys_ptrace		(long request, pid_t pid, void *addr, void *data)
+__NR_gettid			178	sys_gettid		(void)
+__NR_shmat			196	sys_shmat		(int shmid, void *shmaddr, int shmflag)
+__NR_socket			198	sys_socket		(int domain, int type, int protocol)
+__NR_bind			200	sys_bind		(int sockfd, const struct sockaddr *addr, int addrlen)
+__NR_connect			203	sys_connect		(int sockfd, struct sockaddr *addr, int addrlen)
+__NR_sendto			206	sys_sendto		(int sockfd, void *buff, size_t len, unsigned int flags, struct sockaddr *addr, int addr_len)
+__NR_recvfrom			207	sys_recvfrom		(int sockfd, void *ubuf, size_t size, unsigned int flags, struct sockaddr *addr, int *addr_len)
+__NR_setsockopt			208	sys_setsockopt		(int sockfd, int level, int optname, const void *optval, socklen_t optlen)
+__NR_getsockopt			209	sys_getsockopt		(int sockfd, int level, int optname, const void *optval, socklen_t *optlen)
+__NR_shutdown			210	sys_shutdown		(int sockfd, int how)
+__NR_sendmsg			211	sys_sendmsg		(int sockfd, const struct msghdr *msg, int flags)
+__NR_recvmsg			212	sys_recvmsg		(int sockfd, struct msghdr *msg, int flags)
+__NR_brk			214	sys_brk			(void *addr)
+__NR_munmap			215	sys_munmap		(void *addr, unsigned long len)
+__NR_mremap			216	sys_mremap		(unsigned long addr, unsigned long old_len, unsigned long new_len, unsigned long flags, unsigned long new_addr)
+__NR_clone			220	sys_clone		(unsigned long flags, void *child_stack, void *parent_tid, unsigned long newtls, void *child_tid)
+__NR_mmap			222	sys_mmap		(void *addr, unsigned long len, unsigned long prot, unsigned long flags, unsigned long fd, unsigned long offset)
+__NR_mprotect			226	sys_mprotect		(const void *addr, unsigned long len, unsigned long prot)
+__NR_mincore			232	sys_mincore		(void *addr, unsigned long size, unsigned char *vec)
+__NR_madvise			233	sys_madvise		(unsigned long start, size_t len, int behavior)
+__NR_rt_tgsigqueueinfo		240	sys_rt_tgsigqueueinfo	(pid_t tgid, pid_t pid, int sig, siginfo_t *info)
+__NR_wait4			260	sys_wait4		(int pid, int *status, int options, struct rusage *ru)
+__NR_fanotify_init		262	sys_fanotify_init	(unsigned int flags, unsigned int event_f_flags)
+__NR_fanotify_mark		263	sys_fanotify_mark	(int fanotify_fd, unsigned int flags, uint64_t mask, int dfd, const char *pathname)
+__NR_open_by_handle_at		265	sys_open_by_handle_at	(int mountdirfd, struct file_handle *handle, int flags)
+__NR_setns			268	sys_setns		(int fd, int nstype)
+__NR_kcmp			272	sys_kcmp		(pid_t pid1, pid_t pid2, int type, unsigned long idx1, unsigned long idx2)
+__NR_seccomp			277	sys_seccomp		(unsigned int op, unsigned int flags, const char *uargs)
+__NR_memfd_create		279	sys_memfd_create	(const char *name, unsigned int flags)
+__NR_userfaultfd		282	sys_userfaultfd		(int flags)
+__NR_membarrier			283	sys_membarrier		(int cmd, unsigned int flags, int cpu_id)
+__NR_rseq			293	sys_rseq		(void *rseq, uint32_t rseq_len, int flags, uint32_t sig)
+__NR_open_tree			428	sys_open_tree		(int dirfd, const char *pathname, unsigned int flags)
+__NR_move_mount			429	sys_move_mount		(int from_dfd, const char *from_pathname, int to_dfd, const char *to_pathname, int flags)
+__NR_fsopen			430	sys_fsopen		(char *fsname, unsigned int flags)
+__NR_fsconfig			431	sys_fsconfig		(int fd, unsigned int cmd, const char *key, const char *value, int aux)
+__NR_fsmount			432	sys_fsmount		(int fd, unsigned int flags, unsigned int attr_flags)
+__NR_pidfd_open			434	sys_pidfd_open		(pid_t pid, unsigned int flags)
+__NR_clone3			435	sys_clone3		(struct clone_args *uargs, size_t size)
+__NR_openat2			437	sys_openat2		(int dirfd, char *pathname, struct open_how *how, size_t size)
+__NR_pidfd_getfd		438	sys_pidfd_getfd		(int pidfd, int targetfd, unsigned int flags)
+#__NR_dup2			!	sys_dup2		(int oldfd, int newfd)
+#__NR_rmdir			!	sys_rmdir		(const char *name)
+#__NR_unlink			!	sys_unlink		(char *pathname)
+#__NR_cacheflush		!	sys_cacheflush		(char *addr, int nbytes, int cache)
+#__NR_set_thread_area		!	sys_set_thread_area	(unsigned long *addr)
+#__NR_mkdir			!	sys_mkdir		(const char *name, int mode)
+#__NR_open			!	sys_open		(const char *filename, unsigned long flags, unsigned long mode)

compel/arch/loongarch64/scripts/compel-pack.lds.S

@@ -0,0 +1,32 @@
+OUTPUT_ARCH(loongarch)
+EXTERN(__export_parasite_head_start)
+
+SECTIONS
+{
+	.crblob 0x0 : {
+		*(.head.text)
+		ASSERT(DEFINED(__export_parasite_head_start),
+			"Symbol __export_parasite_head_start is missing");
+		*(.text*)
+		. = ALIGN(32);
+		*(.data*)
+		. = ALIGN(32);
+		*(.rodata*)
+		. = ALIGN(32);
+		*(.bss*)
+		. = ALIGN(32);
+		*(.got*)
+		. = ALIGN(32);
+		*(.toc*)
+		. = ALIGN(32);
+	} =0x00000000,
+
+	/DISCARD/ : {
+		*(.debug*)
+		*(.comment*)
+		*(.note*)
+		*(.group*)
+		*(.eh_frame*)
+		*(*)
+	}
+}

compel/arch/loongarch64/src/lib/cpu.c

@@ -0,0 +1,41 @@
+#include <string.h>
+#include <stdbool.h>
+
+#include "compel-cpu.h"
+#include "common/bitops.h"
+#include "common/compiler.h"
+#include "log.h"
+
+#undef LOG_PREFIX
+#define LOG_PREFIX "cpu: "
+
+static compel_cpuinfo_t rt_info;
+static bool rt_info_done = false;
+
+void compel_set_cpu_cap(compel_cpuinfo_t *c, unsigned int feature)
+{
+}
+
+void compel_clear_cpu_cap(compel_cpuinfo_t *c, unsigned int feature)
+{
+}
+
+int compel_test_cpu_cap(compel_cpuinfo_t *c, unsigned int feature)
+{
+	return 0;
+}
+
+int compel_cpuid(compel_cpuinfo_t *c)
+{
+	return 0;
+}
+
+bool compel_cpu_has_feature(unsigned int feature)
+{
+	if (!rt_info_done) {
+		compel_cpuid(&rt_info);
+		rt_info_done = true;
+	}
+
+	return compel_test_cpu_cap(&rt_info, feature);
+}

compel/arch/loongarch64/src/lib/handle-elf-host.c

@@ -0,0 +1,22 @@
+#include <string.h>
+#include <errno.h>
+
+#include "handle-elf.h"
+#include "piegen.h"
+#include "log.h"
+
+static const unsigned char __maybe_unused elf_ident_64_le[EI_NIDENT] = {
+	0x7f, 0x45, 0x4c, 0x46, 0x02, 0x01, 0x01, 0x00, /* clang-format */
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+};
+
+extern int __handle_elf(void *mem, size_t size);
+
+int handle_binary(void *mem, size_t size)
+{
+	if (memcmp(mem, elf_ident_64_le, sizeof(elf_ident_64_le)) == 0)
+		return __handle_elf(mem, size);
+
+	pr_err("Unsupported Elf format detected\n");
+	return -EINVAL;
+}

compel/arch/loongarch64/src/lib/handle-elf.c

@@ -0,0 +1,22 @@
+#include <string.h>
+#include <errno.h>
+
+#include "handle-elf.h"
+#include "piegen.h"
+#include "log.h"
+
+static const unsigned char __maybe_unused elf_ident_64_le[EI_NIDENT] = {
+	0x7f, 0x45, 0x4c, 0x46, 0x02, 0x01, 0x01, 0x00, /* clang-format */
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+};
+
+extern int __handle_elf(void *mem, size_t size);
+
+int handle_binary(void *mem, size_t size)
+{
+	if (memcmp(mem, elf_ident_64_le, sizeof(elf_ident_64_le)) == 0)
+		return __handle_elf(mem, size);
+
+	pr_err("Unsupported Elf format detected\n");
+	return -EINVAL;
+}

compel/arch/loongarch64/src/lib/include/handle-elf.h

@@ -0,0 +1,8 @@
+#ifndef COMPEL_HANDLE_ELF_H__
+#define COMPEL_HANDLE_ELF_H__
+
+#include "elf64-types.h"
+
+#define arch_is_machine_supported(e_machine) (e_machine == EM_LOONGARCH)
+
+#endif /* COMPEL_HANDLE_ELF_H__ */

compel/arch/loongarch64/src/lib/include/syscall.h

@@ -0,0 +1,8 @@
+#ifndef __COMPEL_SYSCALL_H__
+#define __COMPEL_SYSCALL_H__
+
+#ifndef SIGSTKFLT
+#define SIGSTKFLT 16
+#endif
+
+#endif

compel/arch/loongarch64/src/lib/include/uapi/asm/breakpoints.h

@@ -0,0 +1,6 @@
+#ifndef __COMPEL_BREAKPOINTS_H__
+#define __COMPEL_BREAKPOINTS_H__
+#define ARCH_SI_TRAP TRAP_BRKPT
+extern int ptrace_set_breakpoint(pid_t pid, void *addr);
+extern int ptrace_flush_breakpoints(pid_t pid);
+#endif

compel/arch/loongarch64/src/lib/include/uapi/asm/cpu.h

@@ -0,0 +1,6 @@
+#ifndef __CR_ASM_CPU_H__
+#define __CR_ASM_CPU_H__
+
+typedef struct {
+} compel_cpuinfo_t;
+#endif /* __CR_ASM_CPU_H__ */

compel/arch/loongarch64/src/lib/include/uapi/asm/fpu.h

@@ -0,0 +1,4 @@
+#ifndef __CR_ASM_FPU_H__
+#define __CR_ASM_FPU_H__
+
+#endif /* __CR_ASM_FPU_H__ */

compel/arch/loongarch64/src/lib/include/uapi/asm/infect-types.h

@@ -0,0 +1,67 @@
+#ifndef UAPI_COMPEL_ASM_TYPES_H__
+#define UAPI_COMPEL_ASM_TYPES_H__
+
+#include <stdint.h>
+
+#define SIGMAX	   64
+#define SIGMAX_OLD 31
+
+/*
+ * From the Linux kernel header arch/loongarch/include/uapi/asm/ptrace.h
+ *
+ * A thread LoongArch CPU context
+ *
+ * struct user_fp_state {
+ *     uint64_t    fpr[32];
+ *     uint64_t    fcc;
+ *     uint32_t    fcsr;
+ * };
+ *
+ * struct user_pt_regs {
+ *     unsigned long regs[32];
+ *     unsigned long csr_era;
+ *     unsigned long csr_badv;
+ *     unsigned long reserved[11];
+ * };
+ */
+
+struct user_gp_regs {
+	uint64_t regs[32];
+	uint64_t orig_a0;
+	uint64_t pc;
+	uint64_t csr_badv;
+	uint64_t reserved[10];
+} __attribute__((aligned(8)));
+
+struct user_fp_regs {
+	uint64_t regs[32];
+	uint64_t fcc;
+	uint32_t fcsr;
+};
+
+typedef struct user_gp_regs user_regs_struct_t;
+typedef struct user_fp_regs user_fpregs_struct_t;
+
+#define user_regs_native(regs) true
+
+#define __compel_arch_fetch_thread_area(tid, th) 0
+#define compel_arch_fetch_thread_area(tctl)	 0
+#define compel_arch_get_tls_task(ctl, tls)
+#define compel_arch_get_tls_thread(tctl, tls)
+
+#define REG_RES(r)	   ((uint64_t)(r).regs[4])
+#define REG_IP(r)	   ((uint64_t)(r).pc)
+#define REG_SP(r)	   ((uint64_t)(r).regs[3])
+#define REG_SYSCALL_NR(r)  ((uint64_t)(r).regs[11])
+#define SET_REG_IP(r, val) ((r).pc = (val))
+
+#define GPR_NUM 32
+#define FPR_NUM 32
+
+#define __NR(syscall, compat)   \
+	({                      \
+		(void)compat;   \
+		__NR_##syscall; \
+	})
+
+#endif /* UAPI_COMPEL_ASM_TYPES_H__ */

compel/arch/loongarch64/src/lib/include/uapi/asm/sigframe.h

@@ -0,0 +1,86 @@
+#ifndef UAPI_COMPEL_ASM_SIGFRAME_H__
+#define UAPI_COMPEL_ASM_SIGFRAME_H__
+
+#include <stdint.h>
+#include <stdbool.h>
+#include <stdlib.h>
+
+#include <compel/asm/fpu.h>
+#include <compel/plugins/std/syscall-codes.h>
+
+#include <asm/types.h>
+
+#define rt_sigcontext sigcontext
+/* sigcontext defined in usr/include/uapi/asm/sigcontext.h*/
+#include <compel/sigframe-common.h>
+typedef __u32 u32;
+
+typedef struct sigcontext_t {
+	__u64 pc;
+	__u64 regs[32];
+	__u32 flags;
+	__u64 extcontext[0] __attribute__((__aligned__(16)));
+} sigcontext_t;
+
+typedef struct context_info_t {
+	__u32 magic;
+	__u32 size;
+	__u64 padding;
+} context_info_t;
+
+#define FPU_CTX_MAGIC 0x46505501
+#define FPU_CTX_ALIGN 8
+typedef struct fpu_context_t {
+	__u64 regs[32];
+	__u64 fcc;
+	__u64 fcsr;
+} fpu_context_t;
+
+typedef struct ucontext {
+	unsigned long uc_flags;
+	struct ucontext *uc_link;
+	stack_t uc_stack;
+	sigset_t uc_sigmask;
+	__u8 __unused[1024 / 8 - sizeof(sigset_t)];
+	sigcontext_t uc_mcontext;
+} ucontext;
+
+/* Copy from the kernel source arch/loongarch/kernel/signal.c */
+struct rt_sigframe {
+	rt_siginfo_t rs_info;
+	ucontext rs_uc;
+};
+
+#define RT_SIGFRAME_UC(rt_sigframe)	 (&(rt_sigframe->rs_uc))
+#define RT_SIGFRAME_SIGMASK(rt_sigframe) ((k_rtsigset_t *)&RT_SIGFRAME_UC(rt_sigframe)->uc_sigmask)
+#define RT_SIGFRAME_SIGCTX(rt_sigframe)	 (&(RT_SIGFRAME_UC(rt_sigframe)->uc_mcontext))
+#define RT_SIGFRAME_REGIP(rt_sigframe)	 ((long unsigned int)(RT_SIGFRAME_SIGCTX(rt_sigframe)->pc))
+#define RT_SIGFRAME_HAS_FPU(rt_sigframe) (1)
+
+#define RT_SIGFRAME_FPU(rt_sigframe)                                                                 \
+	({                                                                                           \
+		context_info_t *ctx = (context_info_t *)RT_SIGFRAME_SIGCTX(rt_sigframe)->extcontext; \
+		ctx->magic = FPU_CTX_MAGIC;                                                          \
+		ctx->size = sizeof(context_info_t) + sizeof(fpu_context_t);                          \
+		(fpu_context_t *)((char *)ctx + sizeof(context_info_t));                             \
+	})
+
+#define RT_SIGFRAME_OFFSET(rt_sigframe) 0
+
+/* clang-format off */
+#define ARCH_RT_SIGRETURN(new_sp, rt_sigframe)  \
+    asm volatile(                               \
+            "addi.d $sp, %0, 0 \n"              \
+            "addi.d $a7, $zero, "__stringify(__NR_rt_sigreturn)"    \n" \
+            "syscall   0"                       \
+            :                                   \
+            :"r"(new_sp)                        \
+            : "$a7", "memory")
+/* clang-format on */
+
+int sigreturn_prep_fpu_frame(struct rt_sigframe *sigframe, struct rt_sigframe *rsigframe);
+
+#define rt_sigframe_erase_sigset(sigframe)	memset(RT_SIGFRAME_SIGMASK(sigframe), 0, sizeof(k_rtsigset_t))
+#define rt_sigframe_copy_sigset(sigframe, from) memcpy(RT_SIGFRAME_SIGMASK(sigframe), from, sizeof(k_rtsigset_t))
+
+#endif /* UAPI_COMPEL_ASM_SIGFRAME_H__ */

compel/arch/loongarch64/src/lib/infect.c

@@ -0,0 +1,204 @@
+#include <sys/types.h>
+#include <sys/uio.h>
+#include <sys/auxv.h>
+#include <sys/mman.h>
+#include <errno.h>
+
+#include <compel/asm/fpu.h>
+#include <compel/cpu.h>
+#include "errno.h"
+#include <compel/plugins/std/syscall-codes.h>
+#include <compel/plugins/std/syscall.h>
+#include "common/err.h"
+#include "common/page.h"
+#include "asm/infect-types.h"
+#include "ptrace.h"
+#include "infect.h"
+#include "infect-priv.h"
+#include "log.h"
+#include "common/bug.h"
+
+/*
+ * Injected syscall instruction
+ * loongarch64 is Little Endian
+ */
+const char code_syscall[] = {
+	0x00, 0x00, 0x2b, 0x00, /* syscall    */
+	0x00, 0x00, 0x2a, 0x00	/*  break      */
+};
+
+int sigreturn_prep_regs_plain(struct rt_sigframe *sigframe, user_regs_struct_t *regs, user_fpregs_struct_t *fpregs)
+{
+	sigcontext_t *sc;
+	fpu_context_t *fpu;
+
+	sc = RT_SIGFRAME_SIGCTX(sigframe);
+	memcpy(sc->regs, regs->regs, sizeof(regs->regs));
+	sc->pc = regs->pc;
+
+	fpu = RT_SIGFRAME_FPU(sigframe);
+	memcpy(fpu->regs, fpregs->regs, sizeof(fpregs->regs));
+	fpu->fcc = fpregs->fcc;
+	fpu->fcsr = fpregs->fcsr;
+	return 0;
+}
+
+int sigreturn_prep_fpu_frame_plain(struct rt_sigframe *sigframe, struct rt_sigframe *rsigframe)
+{
+	return 0;
+}
+
+int compel_get_task_regs(pid_t pid, user_regs_struct_t *regs, user_fpregs_struct_t *ext_regs, save_regs_t save,
+			 void *arg, __maybe_unused unsigned long flags)
+{
+	user_fpregs_struct_t tmp, *fpregs = ext_regs ? ext_regs : &tmp;
+	struct iovec iov;
+	int ret;
+
+	pr_info("Dumping GP/FPU registers for %d\n", pid);
+
+	iov.iov_base = regs;
+	iov.iov_len = sizeof(user_regs_struct_t);
+	if ((ret = ptrace(PTRACE_GETREGSET, pid, NT_PRSTATUS, &iov))) {
+		pr_perror("Failed to obtain CPU registers for %d", pid);
+		goto err;
+	}
+
+	/*
+	 * Refer to Linux kernel arch/loongarch/kernel/signal.c
+	 */
+	if (regs->regs[0]) {
+		switch (regs->regs[4]) {
+		case -ERESTARTNOHAND:
+		case -ERESTARTSYS:
+		case -ERESTARTNOINTR:
+			regs->regs[4] = regs->orig_a0;
+			regs->pc -= 4;
+			break;
+		case -ERESTART_RESTARTBLOCK:
+			regs->regs[4] = regs->orig_a0;
+			regs->regs[11] = __NR_restart_syscall;
+			regs->pc -= 4;
+			break;
+		}
+		regs->regs[0] = 0; /* Don't deal with this again.  */
+	}
+
+	iov.iov_base = fpregs;
+	iov.iov_len = sizeof(user_fpregs_struct_t);
+	if ((ret = ptrace(PTRACE_GETREGSET, pid, NT_PRFPREG, &iov))) {
+		pr_perror("Failed to obtain FPU registers for %d", pid);
+		goto err;
+	}
+
+	ret = save(pid, arg, regs, fpregs);
+err:
+	return 0;
+}
+
+int compel_set_task_ext_regs(pid_t pid, user_fpregs_struct_t *ext_regs)
+{
+	struct iovec iov;
+
+	pr_info("Restoring GP/FPU registers for %d\n", pid);
+
+	iov.iov_base = ext_regs;
+	iov.iov_len = sizeof(*ext_regs);
+	if (ptrace(PTRACE_SETREGSET, pid, NT_PRFPREG, &iov)) {
+		pr_perror("Failed to set FPU registers for %d", pid);
+		return -1;
+	}
+	return 0;
+}
+
+/*
+ * Registers $4 ~ $11 represents arguments a0 ~ a7, especially a7 is
+ * used as syscall number.
+ */
+int compel_syscall(struct parasite_ctl *ctl, int nr, long *ret, unsigned long arg1, unsigned long arg2,
+		   unsigned long arg3, unsigned long arg4, unsigned long arg5, unsigned long arg6)
+{
+	int err;
+	user_regs_struct_t regs = ctl->orig.regs;
+
+	regs.regs[11] = (unsigned long)nr;
+	regs.regs[4] = arg1;
+	regs.regs[5] = arg2;
+	regs.regs[6] = arg3;
+	regs.regs[7] = arg4;
+	regs.regs[8] = arg5;
+	regs.regs[9] = arg6;
+	err = compel_execute_syscall(ctl, &regs, code_syscall);
+
+	*ret = regs.regs[4];
+
+	return err;
+}
+
+void *remote_mmap(struct parasite_ctl *ctl, void *addr, size_t length, int prot, int flags, int fd, off_t offset)
+{
+	long map;
+	int err;
+
+	err = compel_syscall(ctl, __NR_mmap, &map, (unsigned long)addr, length, prot, flags, fd, offset >> PAGE_SHIFT);
+
+	if (err < 0 || IS_ERR_VALUE(map)) {
+		pr_err("remote mmap() failed: %s\n", strerror(-map));
+		return NULL;
+	}
+
+	return (void *)map;
+}
+
+/*
+ * regs must be inited when calling this function from original context
+ */
+void parasite_setup_regs(unsigned long new_ip, void *stack, user_regs_struct_t *regs)
+{
+	regs->pc = new_ip;
+	if (stack)
+		regs->regs[4] = (unsigned long)stack;
+}
+
+bool arch_can_dump_task(struct parasite_ctl *ctl)
+{
+	return true;
+}
+
+int arch_fetch_sas(struct parasite_ctl *ctl, struct rt_sigframe *s)
+{
+	long ret;
+	int err;
+
+	err = compel_syscall(ctl, __NR_sigaltstack, &ret, 0, (unsigned long)&s->rs_uc.uc_stack, 0, 0, 0, 0);
+	return err ? err : ret;
+}
+
+/*
+ * TODO: add feature
+ */
+int ptrace_set_breakpoint(pid_t pid, void *addr)
+{
+	return 0;
+}
+
+int ptrace_flush_breakpoints(pid_t pid)
+{
+	return 0;
+}
+
+/*
+ * Refer to Linux kernel arch/loongarch/include/asm/processor.h
+ */
+#define TASK_SIZE32	(1UL) << 31
+#define TASK_SIZE64_MIN (1UL) << 40
+#define TASK_SIZE64_MAX (1UL) << 48
+
+unsigned long compel_task_size(void)
+{
+	unsigned long task_size;
+	for (task_size = TASK_SIZE64_MIN; task_size < TASK_SIZE64_MAX; task_size <<= 1)
+		if (munmap((void *)task_size, page_size()))
+			break;
+	return task_size;
+}

compel/arch/mips/plugins/include/asm/prologue.h

@@ -0,0 +1,35 @@
+#ifndef __ASM_PROLOGUE_H__
+#define __ASM_PROLOGUE_H__
+
+#ifndef __ASSEMBLY__
+
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <sys/un.h>
+
+#include <errno.h>
+
+#define sys_recv(sockfd, ubuf, size, flags) sys_recvfrom(sockfd, ubuf, size, flags, NULL, NULL)
+
+typedef struct prologue_init_args {
+	struct sockaddr_un ctl_sock_addr;
+	unsigned int ctl_sock_addr_len;
+
+	unsigned int arg_s;
+	void *arg_p;
+
+	void *sigframe;
+} prologue_init_args_t;
+
+#endif /* __ASSEMBLY__ */
+
+/*
+ * Reserve enough space for sigframe.
+ *
+ * FIXME It is rather should be taken from sigframe header.
+ */
+#define PROLOGUE_SGFRAME_SIZE 4096
+
+#define PROLOGUE_INIT_ARGS_SIZE 1024
+
+#endif /* __ASM_PROLOGUE_H__ */