pycriu: Fix self-dump failure with explicit PID

When `opts.pid` is explicitly set to `os.getpid()`, `pycriu` fails to
daemonize the `criu` process. This causes `criu` to run as a child of
the dumped process, leading to the error "The criu itself is within
dumped tree".

This can be fixed by modifying `_send_req_and_recv_resp` to check if the
target PID matches the current process PID. If so, it enables daemon
mode, ensuring `criu` is detached and the dump succeeds.

Signed-off-by: unichronic <ishuvam.pal@gmail.com>

.circleci/config.yml

@@ -2,7 +2,7 @@ version: 2.1
 jobs:
   test-local-gcc:
     machine:
-      image: ubuntu-2004:202010-01
+      image: default
     working_directory: ~/criu
     steps:
       - checkout
@@ -11,7 +11,7 @@ jobs:
           command: sudo -E make -C scripts/ci local
   test-local-clang:
     machine:
-      image: ubuntu-2004:202010-01
+      image: default
     working_directory: ~/criu
     steps:
       - checkout

.cirrus.yml

@@ -13,67 +13,89 @@ task:
     nested_virtualization: true
 
   setup_script: |
-    scripts/ci/apt-install make gcc pkg-config git perl-modules iproute2 kmod wget cpu-checker
+    contrib/apt-install make gcc pkg-config git perl-modules iproute2 kmod wget cpu-checker
     sudo kvm-ok
-    ln -sf /usr/include/google/protobuf/descriptor.proto images/google/protobuf/descriptor.proto
   build_script: |
     make -C scripts/ci vagrant-fedora-no-vdso
 
 task:
-  name: CentOS 8 based test
+  name: CentOS Stream 9 based test
   environment:
     HOME: "/root"
     CIRRUS_WORKING_DIR: "/tmp/criu"
 
   compute_engine_instance:
     image_project: centos-cloud
-    image: family/centos-8
+    image: family/centos-stream-9
     platform: linux
     cpu: 4
     memory: 8G
 
   setup_script: |
-    ln -sf /usr/include/google/protobuf/descriptor.proto images/google/protobuf/descriptor.proto
-    yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm dnf-plugins-core
-    yum config-manager --set-enabled powertools
-    yum install -y --allowerasing asciidoc gcc git gnutls-devel libaio-devel libasan libcap-devel libnet-devel libnl3-devel libselinux-devel make protobuf-c-devel protobuf-devel python3-devel python3-flake8 python3-PyYAML python3-future python3-protobuf xmlto
-    alternatives --set python /usr/bin/python3
+    dnf config-manager --set-enabled crb # Same as CentOS 8 powertools
+    dnf -y install epel-release epel-next-release
+    contrib/dependencies/dnf-packages.sh
+    # The image has a too old version of nettle which does not work with gnutls.
+    # Just upgrade to the latest to make the error go away.
+    dnf -y upgrade nettle nettle-devel
     systemctl stop sssd
-    # Even with selinux in permissive mode the selinux tests will be executed
+    # Even with selinux in permissive mode the selinux tests will be executed.
     # The Cirrus CI user runs as a service from selinux point of view and is
-    # much more restricted than a normal shell (system_u:system_r:unconfined_service_t:s0)
-    # The test case above (vagrant-fedora-no-vdso) should run selinux tests in enforcing mode
+    # much more restricted than a normal shell (system_u:system_r:unconfined_service_t:s0).
+    # The test case above (vagrant-fedora-no-vdso) should run selinux tests in enforcing mode.
     setenforce 0
-    pip3 install junit_xml
 
   build_script: |
-    make -C scripts/ci local SKIP_CI_PREP=1 CC=gcc CD_TO_TOP=1
+    make -C scripts/ci local SKIP_CI_PREP=1 CC=gcc CD_TO_TOP=1 ZDTM_OPTS="-x zdtm/static/socket-raw"
 
 task:
-  name: CentOS 7 based test
+  name: Vagrant Fedora Rawhide based test
   environment:
     HOME: "/root"
     CIRRUS_WORKING_DIR: "/tmp/criu"
 
   compute_engine_instance:
-    image_project: centos-cloud
-    image: family/centos-7
+    image_project: cirrus-images
+    image: family/docker-kvm
     platform: linux
     cpu: 4
-    memory: 8G
+    memory: 16G
+    nested_virtualization: true
 
   setup_script: |
-    ln -sf /usr/include/google/protobuf/descriptor.proto images/google/protobuf/descriptor.proto
-    yum install -y findutils gcc git gnutls-devel iproute iptables libaio-devel libasan libcap-devel libnet-devel libnl3-devel make procps-ng protobuf-c-devel protobuf-devel protobuf-python python python-flake8 python-ipaddress python2-future python2-junit_xml python-yaml python-six sudo tar which e2fsprogs python2-pip rubygem-asciidoctor libselinux-devel
-    # Even with selinux in permissive mode the selinux tests will be executed
-    # The Cirrus CI user runs as a service from selinux point of view and is
-    # much more restricted than a normal shell (system_u:system_r:unconfined_service_t:s0)
-    # The test case above (vagrant-fedora-no-vdso) should run selinux tests in enforcing mode
-    setenforce 0
-    # Enable user namespaces on CentOS 7
-    echo 10000 > /proc/sys/user/max_user_namespaces
-    # Adapt sudoers to our needs
-    echo 'root ALL=(ALL:ALL) ALL' | EDITOR='tee -a' visudo
-
+    contrib/apt-install make gcc pkg-config git perl-modules iproute2 kmod wget cpu-checker
+    sudo kvm-ok
   build_script: |
-    make -C scripts/ci local SKIP_CI_PREP=1 CC=gcc CD_TO_TOP=1 ZDTM_IGNORE_TAINT=1 ZDTM_OPTS="-x zdtm/static/socket-raw -x zdtm/static/child_subreaper_existing_child -x zdtm/static/fifo_upon_unix_socket01 -x zdtm/static/overmount_sock -x zdtm/static/tempfs_overmounted"
+    make -C scripts/ci vagrant-fedora-rawhide
+
+task:
+  name: Vagrant Fedora based test (non-root)
+  environment:
+    HOME: "/root"
+    CIRRUS_WORKING_DIR: "/tmp/criu"
+
+  compute_engine_instance:
+    image_project: cirrus-images
+    image: family/docker-kvm
+    platform: linux
+    cpu: 4
+    memory: 16G
+    nested_virtualization: true
+
+  setup_script: |
+    contrib/apt-install make gcc pkg-config git perl-modules iproute2 kmod wget cpu-checker
+    sudo kvm-ok
+  build_script: |
+    make -C scripts/ci vagrant-fedora-non-root
+
+task:
+  name: aarch64 Fedora Rawhide
+  arm_container:
+    image: registry.fedoraproject.org/fedora:rawhide
+    cpu: 4
+    memory: 4G
+  script: uname -a
+  build_script: |
+    scripts/ci/prepare-for-fedora-rawhide.sh
+    make -C scripts/ci/ local CC=gcc SKIP_CI_PREP=1 SKIP_CI_TEST=1 CD_TO_TOP=1
+    make -C test/zdtm -j 4

.clang-format

@@ -15,7 +15,7 @@ AlignConsecutiveAssignments: false
 AlignConsecutiveDeclarations: false
 AlignEscapedNewlines: Left # Unknown to clang-format-4.0
 AlignOperands: true
-AlignTrailingComments: false
+AlignTrailingComments: true
 AlignConsecutiveMacros: true
 AllowAllParametersOfDeclarationOnNextLine: false
 AllowShortBlocksOnASingleLine: false
@@ -53,7 +53,7 @@ BreakConstructorInitializersBeforeComma: false
 BreakConstructorInitializers: BeforeComma # Unknown to clang-format-4.0
 BreakAfterJavaFieldAnnotations: false
 BreakStringLiterals: false
-ColumnLimit: 120
+ColumnLimit: 0
 CommentPragmas: '^ IWYU pragma:'
 CompactNamespaces: false # Unknown to clang-format-4.0
 ConstructorInitializerAllOnOneLineOrOnePerLine: false
@@ -71,6 +71,7 @@ FixNamespaceComments: false # Unknown to clang-format-4.0
 #   | sort | uniq
 ForEachMacros:
   - 'for_each_pstree_item'
+  - 'for_each_bit'
   - 'apei_estatus_for_each_section'
   - 'ata_for_each_dev'
   - 'ata_for_each_link'
@@ -515,6 +516,7 @@ IncludeCategories:
     Priority: 1
 IncludeIsMainRegex: '(Test)?$'
 IndentCaseLabels: false
+IndentGotoLabels: false
 IndentPPDirectives: None # Unknown to clang-format-5.0
 IndentWidth: 8
 IndentWrappedFunctionNames: false

.codespellrc

@@ -0,0 +1,3 @@
+[codespell]
+skip = ./.git,./test/pki,./tags,./plugins/amdgpu/amdgpu_drm.h,./plugins/amdgpu/drm.h,./plugins/amdgpu/drm_mode.h
+ignore-words-list = creat,fpr,fle,ue,bord,parms,nd,te,testng,inh,wronly,renderd,bui,clen,sems

.drone.yml

@@ -1,82 +0,0 @@
----
-kind: pipeline
-type: docker
-name: aarch64 build GCC (native)
-
-platform:
-  os: linux
-  arch: arm64
-
-steps:
-- name: build
-  image: ubuntu:focal
-  commands:
-  - scripts/ci/apt-install make
-  - make -C scripts/ci local
-
----
-kind: pipeline
-type: docker
-name: aarch64 build CLANG (native)
-
-platform:
-  os: linux
-  arch: arm64
-
-steps:
-- name: build
-  image: ubuntu:focal
-  commands:
-  - scripts/ci/apt-install make
-  - make -C scripts/ci local CLANG=1
-
----
-kind: pipeline
-type: docker
-name: armhf build GCC (native)
-
-platform:
-  os: linux
-  arch: arm
-
-steps:
-- name: build
-  # At the time of setting up focal did not work
-  image: ubuntu:bionic
-  commands:
-  - scripts/ci/apt-install make
-  - make -C scripts/ci local
-
----
-kind: pipeline
-type: docker
-name: armhf build CLANG (native)
-
-platform:
-  os: linux
-  arch: arm
-
-steps:
-- name: build
-  # At the time of setting up focal did not work
-  image: ubuntu:bionic
-  commands:
-  - scripts/ci/apt-install make
-  - make -C scripts/ci local CLANG=1
-
----
-kind: pipeline
-type: docker
-name: aarch64 Fedora Rawhide
-
-platform:
-  os: linux
-  arch: arm64
-
-steps:
-- name: build
-  image: registry.fedoraproject.org/fedora:rawhide
-  commands:
-  - scripts/ci/prepare-for-fedora-rawhide.sh
-  - make -C scripts/ci/ local CC=gcc SKIP_CI_PREP=1 SKIP_CI_TEST=1 CD_TO_TOP=1
-  - make -C test/zdtm -j 4

.github/workflows/aarch64-test.yaml

@@ -0,0 +1,34 @@
+name: aarch64 test
+
+on: [push, pull_request]
+
+# Cancel any preceding run on the pull request.
+concurrency:
+  group: aarch64-test-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: ${{ github.ref != 'refs/heads/criu-dev' }}
+
+jobs:
+  build:
+    strategy:
+      matrix:
+        os: [ubuntu-24.04-arm, ubuntu-22.04-arm]
+        target: [GCC=1, CLANG=1]
+
+    runs-on: ${{ matrix.os }}
+
+    steps:
+    - uses: actions/checkout@v4
+    - name: Run Tests ${{ matrix.target }} on ${{ matrix.os }}
+      # Following tests are failing on the VMs:
+      #  ./change_mnt_context --pidfile=change_mnt_context.pid --outfile=change_mnt_context.out
+      #   45: ERR: change_mnt_context.c:23: mount (errno = 22 (Invalid argument))
+      #
+      # In combination with '--remote-lazy-pages' following error occurs:
+      #  138: FAIL: maps05.c:84: Data corrupted at page 1639 (errno = 11 (Resource temporarily unavailable))
+      run: |
+        # The 'sched_policy00' needs the following:
+        sudo sysctl -w kernel.sched_rt_runtime_us=-1
+        # etc/hosts entry is needed for netns_lock_iptables
+        echo "127.0.0.1   localhost" | sudo tee -a /etc/hosts
+        sudo -E make -C scripts/ci local ${{ matrix.target }} RUN_TESTS=1 \
+          ZDTM_OPTS="-x zdtm/static/change_mnt_context -x zdtm/static/maps05"

.github/workflows/alpine-test.yml

@@ -2,14 +2,20 @@ name: Alpine Test
 
 on: [push, pull_request]
 
+# Cancel any preceding run on the pull request.
+concurrency:
+  group: alpine-test-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: ${{ github.ref != 'refs/heads/criu-dev' }}
+
 jobs:
   build:
-    runs-on: ubuntu-20.04
     strategy:
       matrix:
+        os: [ubuntu-22.04, ubuntu-22.04-arm]
         target: [GCC=1, CLANG=1]
+    runs-on: ${{ matrix.os }}
 
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
     - name: Run Alpine ${{ matrix.target }} Test
       run: sudo -E make -C scripts/ci alpine ${{ matrix.target }}

.github/workflows/archlinux-test.yml

@@ -2,10 +2,15 @@ name: Arch Linux Test
 
 on: [push, pull_request]
 
+# Cancel any preceding run on the pull request.
+concurrency:
+  group: archlinux-test-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: ${{ github.ref != 'refs/heads/criu-dev' }}
+
 jobs:
   build:
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
     - name: Run Arch Linux Test
       run: sudo -E make -C scripts/ci archlinux

.github/workflows/check-commits.yml

@@ -0,0 +1,30 @@
+name: Verify self-contained commits
+
+on: pull_request
+
+# Cancel any preceding run on the pull request
+concurrency:
+  group: commit-test-${{ github.event.pull_request.number }}
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    # Check if pull request does not have label "not-selfcontained-ok"
+    if: "!contains(github.event.pull_request.labels.*.name, 'not-selfcontained-ok')"
+    steps:
+    - uses: actions/checkout@v4
+      with:
+        # Needed to rebase against the base branch
+        fetch-depth: 0
+        # Checkout pull request HEAD commit instead of merge commit
+        ref: ${{ github.event.pull_request.head.sha }}
+    - name: Install dependencies
+      run: sudo contrib/apt-install libprotobuf-dev libprotobuf-c-dev protobuf-c-compiler protobuf-compiler python3-protobuf libnl-3-dev libnet-dev libcap-dev uuid-dev
+    - name: Configure git user details
+      run: |
+        git config --global user.email "checkpoint-restore@users.noreply.github.com"
+        git config --global user.name "checkpoint-restore"
+    - name: Configure base branch without switching current branch
+      run: git fetch origin ${{ github.base_ref }}:${{ github.base_ref }}
+    - name: Build each commit
+      run: git rebase ${{ github.base_ref }} -x "make -C scripts/ci check-commit"

.github/workflows/codeql.yml

@@ -0,0 +1,50 @@
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ "criu-dev", "master" ]
+  pull_request:
+    branches: [ "criu-dev" ]
+  schedule:
+    - cron: "11 6 * * 3"
+
+# Cancel any preceding run on the pull request.
+concurrency:
+  group: codeql-test-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: ${{ github.ref != 'refs/heads/criu-dev' }}
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ python, cpp ]
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Install Packages (cpp)
+        if: ${{ matrix.language == 'cpp' }}
+        run: |
+          sudo contrib/apt-install protobuf-c-compiler libprotobuf-c-dev libprotobuf-dev build-essential libprotobuf-dev libprotobuf-c-dev protobuf-c-compiler protobuf-compiler python3-protobuf libnet-dev pkg-config libnl-3-dev libbsd0 libbsd-dev iproute2 libcap-dev libaio-dev libbsd-dev python3-yaml libnl-route-3-dev gnutls-dev
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v3
+        with:
+          languages: ${{ matrix.language }}
+          queries: +security-and-quality
+
+      - name: Autobuild
+        uses: github/codeql-action/autobuild@v3
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v3
+        with:
+          category: "/language:${{ matrix.language }}"

.github/workflows/compat-test.yml

@@ -2,15 +2,20 @@ name: Compat Tests
 
 on: [push, pull_request]
 
+# Cancel any preceding run on the pull request.
+concurrency:
+  group: compat-test-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: ${{ github.ref != 'refs/heads/criu-dev' }}
+
 jobs:
   build:
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
     strategy:
       matrix:
         target: [GCC, CLANG]
 
 
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
     - name: Run Compat Tests (${{ matrix.target }})
       run: sudo -E make -C scripts/ci local COMPAT_TEST=y ${{ matrix.target }}=1

.github/workflows/cross-compile-daily.yml

@@ -10,11 +10,11 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        target: [armv7-cross, aarch64-cross, ppc64-cross, mips64el-cross]
+        target: [armv7-stable-cross, aarch64-stable-cross, ppc64-stable-cross, mips64el-stable-cross, riscv64-stable-cross]
         branches: [criu-dev, master]
 
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
       with:
         ref: ${{ matrix.branches }}
     - name: Run Cross Compilation Targets

.github/workflows/cross-compile.yml

@@ -2,16 +2,39 @@ name: Cross Compile Tests
 
 on: [push, pull_request]
 
+# Cancel any preceding run on the pull request.
+concurrency:
+  group: cross-compile-test-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: ${{ github.ref != 'refs/heads/criu-dev' }}
+
 jobs:
   build:
 
     runs-on: ubuntu-latest
+    continue-on-error: ${{ matrix.experimental }}
     strategy:
+      fail-fast: false
       matrix:
-        target: [armv7-cross, aarch64-cross, ppc64-cross, mips64el-cross]
+        experimental: [false]
+        target: [
+          armv7-stable-cross,
+          aarch64-stable-cross,
+          ppc64-stable-cross,
+          mips64el-stable-cross,
+          riscv64-stable-cross,
+        ]
+        include:
+          - experimental: true
+            target: armv7-unstable-cross
+          - experimental: true
+            target: aarch64-unstable-cross
+          - experimental: true
+            target: ppc64-unstable-cross
+          - experimental: true
+            target: mips64el-unstable-cross
 
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
     - name: Run Cross Compilation Targets
       run: >
         sudo make -C scripts/ci ${{ matrix.target }}

.github/workflows/docker-test.yml

@@ -2,13 +2,18 @@ name: Docker Test
 
 on: [push, pull_request]
 
+# Cancel any preceding run on the pull request.
+concurrency:
+  group: docker-test-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: ${{ github.ref != 'refs/heads/criu-dev' }}
+
 jobs:
   build:
     runs-on: ${{ matrix.os }}
     strategy:
       matrix:
-        os: [ubuntu-20.04]
+        os: [ubuntu-22.04]
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
     - name: Run Docker Test (${{ matrix.os }})
       run: sudo make -C scripts/ci docker-test

.github/workflows/fedora-asan-test.yml

@@ -2,11 +2,16 @@ name: Fedora ASAN Test
 
 on: [push, pull_request]
 
+# Cancel any preceding run on the pull request.
+concurrency:
+  group: fedora-asan-test-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: ${{ github.ref != 'refs/heads/criu-dev' }}
+
 jobs:
   build:
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
 
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
     - name: Run Fedora ASAN Test
       run: sudo -E make -C scripts/ci fedora-asan

.github/workflows/fedora-rawhide-test.yml

@@ -2,11 +2,20 @@ name: Fedora Rawhide Test
 
 on: [push, pull_request]
 
+# Cancel any preceding run on the pull request.
+concurrency:
+  group: fedora-rawhide-test-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: ${{ github.ref != 'refs/heads/criu-dev' }}
+
 jobs:
   build:
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
 
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
     - name: Run Fedora Rawhide Test
-      run: sudo -E make -C scripts/ci fedora-rawhide CONTAINER_RUNTIME=podman BUILD_OPTIONS="--security-opt seccomp=unconfined"
+      # We need to pass environment variables from the CI environment to
+      # distinguish between CI environments. However, we need to make sure that
+      # XDG_RUNTIME_DIR environment variable is not set due to a bug in Podman.
+      # FIXME: https://github.com/containers/podman/issues/14920
+      run: sudo -E XDG_RUNTIME_DIR= make -C scripts/ci fedora-rawhide CONTAINER_RUNTIME=podman BUILD_OPTIONS="--security-opt seccomp=unconfined"

.github/workflows/gcov-test.yml

@@ -2,13 +2,20 @@ name: Coverage Tests
 
 on: [push, pull_request]
 
+# Cancel any preceding run on the pull request.
+concurrency:
+  group: gcov-test-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: ${{ github.ref != 'refs/heads/criu-dev' }}
+
 jobs:
   build:
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
 
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
     - name: Run Coverage Tests
       run: sudo -E make -C scripts/ci local GCOV=1
+    - name: Run gcov
+      run: sudo -E find . -name '*gcda' -type f -print0 | sudo -E xargs --null --max-args 128 --max-procs 4 gcov
     - name: Run Coverage Analysis
       run: sudo -E make codecov

.github/workflows/java-test.yml

@@ -0,0 +1,16 @@
+name: Java Test
+
+on: [push, pull_request]
+
+# Cancel any preceding run on the pull request.
+concurrency:
+  group: java-test-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: ${{ github.ref != 'refs/heads/criu-dev' }}
+
+jobs:
+  build:
+    runs-on: ubuntu-22.04
+    steps:
+    - uses: actions/checkout@v4
+    - name: Run Java Test
+      run: sudo make -C scripts/ci java-test

.github/workflows/lint.yml

@@ -2,6 +2,11 @@ name: Run code linter
 
 on: [push, pull_request]
 
+# Cancel any preceding run on the pull request.
+concurrency:
+  group: lint-test-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: ${{ github.ref != 'refs/heads/criu-dev' }}
+
 jobs:
   build:
     runs-on: ubuntu-latest
@@ -9,18 +14,27 @@ jobs:
       image: registry.fedoraproject.org/fedora:latest
     steps:
     - name: Install tools
-      run: sudo dnf -y install git make python3-flake8 ShellCheck clang-tools-extra which findutils
-    - uses: actions/checkout@v2
+      run: sudo dnf -y install git make ruff xz clang-tools-extra codespell git-clang-format ShellCheck
+
+    - uses: actions/checkout@v4
+
+    - name: Set git safe directory
+      # https://github.com/actions/checkout/issues/760
+      run: git config --global --add safe.directory "$GITHUB_WORKSPACE"
+
     - name: Run make lint
       run: make lint
+
     - name: Run make indent
-      run: >
-        make indent &&
-        STATUS=$(git status --porcelain) &&
-        if [ ! -z "$STATUS" ]; then
-          echo "FAIL: some files are not correctly formatted.";
-          echo "$STATUS"
-          git diff
-          echo "FAIL: please run 'make indent'";
-          exit 1;
+      continue-on-error: true
+      run: |
+        if [ -z "${{github.base_ref}}" ]; then
+          git fetch --deepen=1
+          make indent
+        else
+          git fetch origin ${{github.base_ref}}
+          make indent BASE=origin/${{github.base_ref}}
         fi
+    - name: Raise in-line make indent warnings
+      run: |
+        git diff | ./scripts/github-indent-warnings.py

.github/workflows/loongarch64-qemu-test.yml

@@ -0,0 +1,15 @@
+name: LoongArch64 Qemu Test
+
+on: [push, pull_request]
+
+# Cancel any preceding run on the pull request.
+concurrency:
+  group: loongarch64-qemu-test-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: ${{ github.ref != 'refs/heads/criu-dev' }}
+
+jobs:
+  build:
+    runs-on: ubuntu-22.04
+    steps:
+      - uses: actions/checkout@v4
+      - run: sudo make -C scripts/ci loongarch64-qemu-test

.github/workflows/manage-labels.yml

@@ -0,0 +1,14 @@
+name: Remove labels
+on: [issue_comment, pull_request_review_comment]
+jobs:
+  remove-labels-on-comments:
+    name: Remove labels on comments
+    if: github.event_name == 'issue_comment'
+    runs-on: ubuntu-latest
+    steps:
+      - uses: mondeja/remove-labels-gh-action@v1
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          labels: |
+            changes requested
+            awaiting reply

.github/workflows/nftables-test.yml

@@ -0,0 +1,24 @@
+name: Nftables bases testing
+
+on: [push, pull_request]
+
+# Cancel any preceding run on the pull request.
+concurrency:
+  group: nftables-test-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: ${{ github.ref != 'refs/heads/criu-dev' }}
+
+jobs:
+  build:
+    runs-on: ubuntu-24.04
+    steps:
+    - uses: actions/checkout@v4
+    - name: Remove iptables
+      run: sudo apt remove -y iptables
+    - name: Install libnftables-dev
+      run: sudo contrib/apt-install libnftables-dev
+    - name: chmod 755 /home/runner
+      # CRIU's tests are sometimes running as some random user and need
+      # to be able to access the test files.
+      run: sudo chmod 755 /home/runner
+    - name: Build with nftables network locking backend
+      run: sudo make -C scripts/ci local COMPILE_FLAGS="NETWORK_LOCK_DEFAULT=NETWORK_LOCK_NFTABLES"

.github/workflows/openj9-test.yml

@@ -1,11 +0,0 @@
-name: OpenJ9 Test
-
-on: [push, pull_request]
-
-jobs:
-  build:
-    runs-on: ubuntu-20.04
-    steps:
-    - uses: actions/checkout@v2
-    - name: Run OpenJ9 Test
-      run: sudo make -C scripts/ci openj9-test

.github/workflows/podman-test.yml

@@ -2,10 +2,15 @@ name: Podman Test
 
 on: [push, pull_request]
 
+# Cancel any preceding run on the pull request.
+concurrency:
+  group: podman-test-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: ${{ github.ref != 'refs/heads/criu-dev' }}
+
 jobs:
   build:
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
     - name: Run Podman Test
       run: sudo make -C scripts/ci podman-test

.github/workflows/stale.yml

@@ -13,7 +13,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/stale@v1
+    - uses: actions/stale@v5
       with:
         repo-token: ${{ secrets.GITHUB_TOKEN }}
         stale-issue-message: 'A friendly reminder that this issue had no activity for 30 days.'

.github/workflows/stream-test.yml

@@ -2,11 +2,16 @@ name: CRIU Image Streamer Test
 
 on: [push, pull_request]
 
+# Cancel any preceding run on the pull request.
+concurrency:
+  group: stream-test-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: ${{ github.ref != 'refs/heads/criu-dev' }}
+
 jobs:
   build:
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
 
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
     - name: Run CRIU Image Streamer Test
       run: sudo -E make -C scripts/ci local STREAM_TEST=1

.github/workflows/x86-64-clang-test.yml

@@ -2,10 +2,15 @@ name: X86_64 CLANG Test
 
 on: [push, pull_request]
 
+# Cancel any preceding run on the pull request.
+concurrency:
+  group: clang-test-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: ${{ github.ref != 'refs/heads/criu-dev' }}
+
 jobs:
   build:
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
     - name: Run X86_64 CLANG Test
       run: sudo make -C scripts/ci x86_64 CLANG=1

.github/workflows/x86-64-gcc-test.yml

@@ -2,10 +2,15 @@ name: X86_64 GCC Test
 
 on: [push, pull_request]
 
+# Cancel any preceding run on the pull request.
+concurrency:
+  group: gcc-test-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: ${{ github.ref != 'refs/heads/criu-dev' }}
+
 jobs:
   build:
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
     - name: Run X86_64 GCC Test
       run: sudo make -C scripts/ci x86_64

.gitignore

@@ -20,26 +20,16 @@ compel/compel
 compel/compel-host-bin
 images/*.c
 images/*.h
-images/google/protobuf/*.c
-images/google/protobuf/*.h
 .gitid
 criu/criu
 criu/unittest/unittest
-crit/crit
-criu/arch/*/sys-exec-tbl*.c
-# x86 syscalls-table is not generated
-!criu/arch/x86/sys-exec-tbl.c
-criu/arch/*/syscalls*.S
-criu/include/syscall-codes*.h
-criu/include/syscall*.h
 criu/include/version.h
 criu/pie/restorer-blob.h
 criu/pie/parasite-blob.h
 criu/protobuf-desc-gen.h
 lib/build/
 lib/c/criu.pc
-lib/.crit-setup.files
 compel/include/asm
 include/common/asm
 include/common/config.h
-build/
+build/**

.lgtm.yml

@@ -0,0 +1,25 @@
+extraction:
+  cpp:
+    prepare:
+      packages:
+      - "protobuf-c-compiler"
+      - "libprotobuf-c-dev"
+      - "libprotobuf-dev"
+      - "build-essential"
+      - "libprotobuf-dev"
+      - "libprotobuf-c-dev"
+      - "protobuf-c-compiler"
+      - "protobuf-compiler"
+      - "python3-protobuf"
+      - "libnet-dev"
+      - "pkg-config"
+      - "libnl-3-dev"
+      - "libbsd0"
+      - "libbsd-dev"
+      - "iproute2"
+      - "libcap-dev"
+      - "libaio-dev"
+      - "libbsd-dev"
+      - "python3-yaml"
+      - "libnl-route-3-dev"
+      - "gnutls-dev"

.mailmap

@@ -6,3 +6,5 @@ Andrei Vagin <avagin@gmail.com> <avagin@virtuozzo.com>
 Andrei Vagin <avagin@gmail.com> <avagin@odin.com>
 Andrei Vagin <avagin@gmail.com> <avagin@google.com>
 Cyrill Gorcunov <gorcunov@openvz.org> <gorcunov@gmail.com>
+Alexander Mikhalitsyn <alexander@mihalicyn.com> <alexander.mikhalitsyn@virtuozzo.com>
+Alexander Mikhalitsyn <alexander@mihalicyn.com> <aleksandr.mikhalitsyn@canonical.com>

.travis.yml

@@ -1,35 +0,0 @@
-language: c
-os: linux
-dist: bionic
-services:
-  - docker
-jobs:
-  include:
-    - os: linux
-      arch: ppc64le
-      env: TR_ARCH=local
-      dist: bionic
-    - os: linux
-      arch: ppc64le
-      env: TR_ARCH=local CLANG=1
-      dist: bionic
-    - os: linux
-      arch: s390x
-      env: TR_ARCH=local
-      dist: bionic
-    - os: linux
-      arch: arm64-graviton2
-      env: TR_ARCH=local RUN_TESTS=1
-      dist: focal
-      group: edge
-      virt: vm
-    - os: linux
-      arch: arm64-graviton2
-      env: TR_ARCH=local CLANG=1 RUN_TESTS=1
-      group: edge
-      virt: vm
-      dist: bionic
-script:
-  - sudo make -C scripts/ci $TR_ARCH
-after_success:
-  - make -C scripts/ci after_success

CLAUDE.md

@@ -0,0 +1 @@
+GEMINI.md

CONTRIBUTING.md

@@ -1,8 +1,3 @@
-[![master](https://travis-ci.org/checkpoint-restore/criu.svg?branch=master)](https://travis-ci.org/checkpoint-restore/criu)
-[![development](https://travis-ci.org/checkpoint-restore/criu.svg?branch=criu-dev)](https://travis-ci.org/checkpoint-restore/criu)
-[![Codacy Badge](https://api.codacy.com/project/badge/Grade/55251ec7db28421da4481fc7c1cb0cee)](https://www.codacy.com/app/xemul/criu?utm_source=github.com&utm_medium=referral&utm_content=xemul/criu&utm_campaign=Badge_Grade)
-<p align="center"><img src="https://criu.org/w/images/1/1c/CRIU.svg" width="128px"/></p>
-
 ## How to contribute to CRIU
 
 CRIU project is (almost) the never-ending story, because we have to always keep up with the
@@ -13,8 +8,8 @@ Here are some useful hints to get involved.
 * We have both -- [very simple](https://github.com/checkpoint-restore/criu/issues?q=is%3Aissue+is%3Aopen+label%3Aenhancement) and [more sophisticated](https://github.com/checkpoint-restore/criu/issues?q=is%3Aissue+is%3Aopen+label%3A%22new+feature%22) coding tasks;
 * CRIU does need [extensive testing](https://github.com/checkpoint-restore/criu/issues?q=is%3Aissue+is%3Aopen+label%3Atesting);
 * Documentation is always hard, we have [some information](https://criu.org/Category:Empty_articles) that is to be extracted from people's heads into wiki pages as well as [some texts](https://criu.org/Category:Editor_help_needed) that all need to be converted into useful articles;
-* Feedback is expected on the GitHub issues page and on the [mailing list](https://lists.openvz.org/mailman/listinfo/criu);
-* We accept GitHub pull requests and this is the preferred way to contribute to CRIU. If you prefer to send patches by email, you are welcome to send them to [CRIU development mailing list](https://lists.openvz.org/mailman/listinfo/criu).
+* Feedback is expected on the GitHub issues page and on the [mailing list](https://lore.kernel.org/criu);
+* We accept GitHub pull requests and this is the preferred way to contribute to CRIU. If you prefer to send patches by email, you are welcome to send them to [CRIU development mailing list](https://lore.kernel.org/criu).
 Below we describe in more detail recommend practices for CRIU development.
 * Spread the word about CRIU in [social networks](http://criu.org/Contacts);
 * If you're giving a talk about CRIU -- let us know, we'll mention it on the [wiki main page](https://criu.org/News/events);
@@ -32,54 +27,137 @@ The repository may contain multiple branches. Development happens in the **criu-
 To clone CRIU repo and switch to the proper branch, run:
 
 ```
-        git clone https://github.com/checkpoint-restore/criu criu
-        cd criu
-        git checkout criu-dev
+git clone https://github.com/checkpoint-restore/criu criu
+cd criu
+git checkout criu-dev
 ```
 
-### Compile
+### Building from source
 
-First, you need to install compile-time dependencies. Check [Installation dependencies](https://criu.org/Installation#Dependencies) for more info.
+Follow these steps to compile CRIU from source code.
 
-To compile CRIU, run:
+#### Installing build dependencies
+
+First, you need to install the required build dependencies. We provide scripts to simplify this process for several Linux distributions in [contrib/dependencies](contrib/dependencies). For a complete list of dependencies, please refer to the [installation guide](https://criu.org/Installation).
+
+##### On Ubuntu/Debian-based systems:
 
 ```
-        make
+./contrib/dependencies/apt-packages.sh
+```
+
+##### On Fedora/CentOS-based systems:
+
+```
+./contrib/dependencies/dnf-packages.sh
+```
+
+##### Using Nix:
+
+```
+nix develop
+```
+
+#### Compiling CRIU
+
+Once the dependencies are installed, you can compile CRIU by running the `make` command from the root of the source directory:
+
+```
+make
 ```
 
 This should create the `./criu/criu` executable.
 
 ## Edit the source code
 
-If you use ctags, you can generate the ctags file by running
-
-```
-        make tags
-```
-
 When you change the source code, please keep in mind the following code conventions:
 
+* code is written to be read, so the code readability is the most important thing you need to have in mind when preparing patches
 * we prefer tabs and indentations to be 8 characters width
-* CRIU mostly follows [Linux kernel coding style](https://www.kernel.org/doc/Documentation/process/coding-style.rst), but we are less strict than the kernel community.
+* we prefer line length of 80 characters or less, more is allowed if it helps with code readability
+* CRIU mostly follows [Linux kernel coding style](https://www.kernel.org/doc/Documentation/process/coding-style.rst), but we are less strict than the kernel community
 
-Other conventions can be learned from the source code itself. In short, make sure your new code
-looks similar to what is already there.
+Other conventions can be learned from the source code itself. In short, make sure your new code looks similar to what is already there.
+
+## Automatic tools to fix coding-style
+
+Important: These tools are there to advise you, but should not be considered as a "source of truth", as tools also make nasty mistakes from time to time which can completely break code readability.
+
+The following command can be used to automatically run a code linter for Python files (ruff), Shell scripts (shellcheck),
+text spelling (codespell), and a number of CRIU-specific checks (usage of print macros and EOL whitespace for C files).
+
+```
+make lint
+```
+
+In addition, we have adopted a [clang-format configuration file](https://www.kernel.org/doc/Documentation/process/clang-format.rst)
+based on the kernel source tree. However, compliance with the clang-format autoformat rules is optional. If the automatic code formatting
+results in decreased readability, we may choose to ignore these errors.
+
+Run the following command to check if your changes are compliant with the clang-format rules:
+
+```
+make indent
+```
+
+This command is built upon the `git-clang-format` tool and supports two options `BASE` and `OPTS`. The `BASE` option allows you to
+specify a range of commits to check for coding style issues. By default, it is set to `HEAD~1`, so that only the last commit is checked.
+If you are developing on top of the criu-dev branch and want to check all your commits for compliance with the clang-format rules, you
+can use `BASE=origin/criu-dev`. The `OPTS` option can be used to pass additional options to `git-clang-format`. For example, if you want
+to check the last *N* commits for formatting errors, without applying the changes to the codebase you can use the following command.
+
+```
+make indent OPTS=--diff BASE=HEAD~N
+```
+
+Note that for pull requests, the "Run code linter" workflow runs these checks for all commits. If a clang-format error is detected
+we need to review the suggested changes and decide if they should be fixed before merging.
+
+Here are some bad examples of clang-format-ing:
+
+* if clang-format tries to force 120 characters and breaks readability - it is wrong:
+
+```
+@@ -58,8 +59,7 @@ static int register_membarriers(void)
+         }
+
+         if (!all_ok) {
+-                fail("can't register membarrier()s - tried %#x, kernel %#x",
+-                     barriers_registered, barriers_supported);
++                fail("can't register membarrier()s - tried %#x, kernel %#x", barriers_registered, barriers_supported);
+                 return -1;
+         }
+```
+
+* if clang-format breaks your beautiful readability friendly alignment in structures, comments or defines - it is wrong:
+
+```
+--- a/test/zdtm/static/membarrier.c
++++ b/test/zdtm/static/membarrier.c
+@@ -27,9 +27,10 @@ static const struct {
+        int register_cmd;
+        int execute_cmd;
+ } membarrier_cmds[] = {
+-       { "",           MEMBARRIER_CMD_REGISTER_PRIVATE_EXPEDITED,           MEMBARRIER_CMD_PRIVATE_EXPEDITED },
+-       { "_SYNC_CORE", MEMBARRIER_CMD_REGISTER_PRIVATE_EXPEDITED_SYNC_CORE, MEMBARRIER_CMD_PRIVATE_EXPEDITED_SYNC_CORE },
+-       { "_RSEQ",      MEMBARRIER_CMD_REGISTER_PRIVATE_EXPEDITED_RSEQ,      MEMBARRIER_CMD_PRIVATE_EXPEDITED_RSEQ },
++       { "", MEMBARRIER_CMD_REGISTER_PRIVATE_EXPEDITED, MEMBARRIER_CMD_PRIVATE_EXPEDITED },
++       { "_SYNC_CORE", MEMBARRIER_CMD_REGISTER_PRIVATE_EXPEDITED_SYNC_CORE,
++         MEMBARRIER_CMD_PRIVATE_EXPEDITED_SYNC_CORE },
++       { "_RSEQ", MEMBARRIER_CMD_REGISTER_PRIVATE_EXPEDITED_RSEQ, MEMBARRIER_CMD_PRIVATE_EXPEDITED_RSEQ },
+ };
+```
 
 ## Test your changes
 
 CRIU comes with an extensive test suite. To check whether your changes introduce any regressions, run
 
 ```
-         make test
+make test
 ```
 
 The command runs [ZDTM Test Suite](https://criu.org/ZDTM_Test_Suite). Check for any error messages produced by it.
 
-In case you'd rather have someone else run the tests, you can use travis-ci for your
-own GitHub fork of CRIU. It will check the compilation for various supported platforms,
-as well as run most of the tests from the suite. See https://travis-ci.org/checkpoint-restore/criu
-for more details.
-
 ## Describe your changes
 
 Describe your problem.  Whether your change is a one-line bug fix or
@@ -107,21 +185,21 @@ If your change fixes a bug in a specific commit, e.g. you found an issue using
 the SHA-1 ID, and the one line summary. For example:
 
 ```
-	Fixes: 9433b7b9db3e ("make: use cflags/ldflags for config.h detection mechanism")
+Fixes: 9433b7b9db3e ("make: use cflags/ldflags for config.h detection mechanism")
 ```
 
 The following `git config` settings can be used to add a pretty format for
 outputting the above style in the `git log` or `git show` commands:
 
 ```
-	[pretty]
-		fixes = Fixes: %h (\"%s\")
+[pretty]
+    fixes = Fixes: %h (\"%s\")
 ```
 
 If your change address an issue listed in GitHub, please use `Fixes:` tag with the number of the issue. For instance:
 
 ```
-	Fixes: #339
+Fixes: #339
 ```
 
 The `Fixes:` tags should be put at the end of the detailed description.
@@ -204,7 +282,7 @@ can certify the below:
 then you just add a line saying
 
 ```
-        Signed-off-by: Random J Developer <random at developer.example.org>
+Signed-off-by: Random J Developer <random at developer.example.org>
 ```
 
 using your real name (please, no pseudonyms or anonymous contributions if
@@ -216,14 +294,14 @@ commit message. To append such line to a commit you already made, use
 
 ```
  From: Random J Developer <random at developer.example.org>
- Subject: [PATCH] component: Short patch description
+Subject: [PATCH] component: Short patch description
 
- Long patch description (could be skipped if patch
- is trivial enough)
+Long patch description (could be skipped if patch
+is trivial enough)
 
- Signed-off-by: Random J Developer <random at developer.example.org>
- ---
- Patch body here
+Signed-off-by: Random J Developer <random at developer.example.org>
+---
+Patch body here
 ```
 
 ## Submit your work upstream
@@ -257,8 +335,8 @@ contains the following:
   revisions should be listed. For example:
 
 ```
-	v3: rebase on the current criu-dev
-	v2: add commit to foo() and update bar() coding style
+v3: rebase on the current criu-dev
+v2: add commit to foo() and update bar() coding style
 ```
 
 If there are only minor updates to the commits in a pull request, it is
@@ -276,7 +354,7 @@ Historically, CRIU worked with mailing lists and patches so if you still prefer
 To create a patch, run
 
 ```
-    git format-patch --signoff origin/criu-dev
+git format-patch --signoff origin/criu-dev
 ```
 
 You might need to read GIT documentation on how to prepare patches
@@ -287,8 +365,8 @@ at all.
 We recommend to post patches using `git send-email`
 
 ```
-  git send-email --cover-letter --no-chain-reply-to --annotate \
-                 --confirm=always --to=criu@openvz.org criu-dev
+git send-email --cover-letter --no-chain-reply-to --annotate \
+               --confirm=always --to=criu@lists.linux.dev criu-dev
 ```
 
 Note that the `git send-email` subcommand may not be in
@@ -300,14 +378,14 @@ If this is your first time using git send-email, you might need to
 configure it to point it to your SMTP server with something like:
 
 ```
-    git config --global sendemail.smtpServer stmp.example.net
+git config --global sendemail.smtpServer stmp.example.net
 ```
 
-If you get tired of typing `--to=criu@openvz.org` all the time,
+If you get tired of typing `--to=criu@lists.linux.dev` all the time,
 you can configure that to be automatically handled as well:
 
 ```
-    git config sendemail.to criu@openvz.org
+git config sendemail.to criu@lists.linux.dev
 ```
 
 If a developer is sending another version of the patch (e.g. to address
@@ -320,7 +398,7 @@ version if needed though).
 
 ### Mail patches
 
-The patches should be sent to CRIU development mailing list, `criu AT openvz.org`. Note that you need to be subscribed first in order to post. The list web interface is available at https://openvz.org/mailman/listinfo/criu; you can also use standard mailman aliases to work with it.
+The patches should be sent to CRIU development mailing list, `criu AT lists.linux.dev`. Note that you need to be subscribed first in order to post. The list web interface is available at https://lore.kernel.org/criu; you can also use standard mailman aliases to work with it.
 
 Please make sure the email client you're using doesn't screw your patch (line wrapping and so on).
 
@@ -337,5 +415,3 @@ sometimes a patch may fly around a week before it gets reviewed.
 Wiki article: [Continuous integration](https://criu.org/Continuous_integration)
 
 CRIU tests are run for each series sent to the mailing list. If you get a message from our patchwork that patches failed to pass the tests, you have to investigate what is wrong.
-
-We also recommend you to [enable Travis CI for your repo](https://criu.org/Continuous_integration#Enable_Travis_CI_for_your_repo) to check patches in your git branch, before sending them to the mailing list.

Documentation/Makefile

@@ -14,6 +14,7 @@ FOOTER		:= footer.txt
 SRC1		+= crit.txt
 SRC1		+= criu-ns.txt
 SRC1		+= compel.txt
+SRC1		+= criu-amdgpu-plugin.txt
 SRC8		+= criu.txt
 SRC		:= $(SRC1) $(SRC8)
 XMLS		:= $(patsubst %.txt,%.xml,$(SRC))

Documentation/compel.txt

@@ -90,14 +90,17 @@ The parasitic code is compiled and converted to a header using *compel*, and inc
 
 *#include "parasite.h"*
 
-Following steps are perfomed to infect the victim process:
+Following steps are performed to infect the victim process:
 
     - stop the task: *int compel_stop_task(int pid);*
     - prepare infection handler: *struct parasite_ctl *compel_prepare(int pid);*
     - execute system call: *int compel_syscall(ctl, int syscall_nr, long *ret, int arg ...);*
     - infect victim: *int compel_infect(ctl, nr_thread, size_of_args_area);*
     - cure the victim: *int compel_cure(ctl);* //ctl pointer is freed by this call
-    - Resume victim: *int compel_resume_task(pid, orig_state, state);*
+    - Resume victim: *int compel_resume_task(pid, orig_state, state)* or
+    *int compel_resume_task_sig(pid, orig_state, state, stop_signo).*
+    //compel_resume_task_sig() could be used in case when victim is in stopped state.
+    stop_signo could be read by calling compel_parse_stop_signo().
 
 *ctl* must be configured with blob information by calling *PREFIX_setup_c_header()*, with ctl as its argument.
 *PREFIX* is the argument given to *-p* when calling hgen, else it is deduced from file name.

Documentation/criu-amdgpu-plugin.txt

@@ -0,0 +1,114 @@
+ROCM Support(1)
+===============
+
+NAME
+----
+criu-amdgpu-plugin - A plugin extension to CRIU to support checkpoint/restore in
+userspace for AMD GPUs.
+
+
+CURRENT SUPPORT
+---------------
+Single and Multi GPU systems (Gfx9)
+Checkpoint / Restore on different system
+Checkpoint / Restore inside a docker container
+Pytorch
+Tensorflow
+Using CRIU Image Streamer
+Parallel Restore
+
+DESCRIPTION
+-----------
+Though *criu* is a great tool for checkpointing and restoring running
+applications, it has certain limitations such as it cannot handle
+applications that have device files open. In order to support *ROCm* based
+workloads with *criu* we need to augment criu's core functionality with a
+plugin based extension mechanism. *criu-amdgpu-plugin* provides the necessary support
+to criu to allow Checkpoint / Restore with ROCm.
+
+
+Dependencies
+------------
+*amdkfd support*::
+    In order to snapshot the *VRAM* and other *GPU* device states, we require
+    an updated version of amdkfd(amdgpu) driver.
+
+OPTIONS
+-------
+Optional parameters can be passed in as environment variables before
+executing criu command.
+
+*KFD_FW_VER_CHECK*::
+    Enable or disable firmware version check.
+    If enabled, firmware version on restored gpu needs to be greater than or
+    equal firmware version on checkpointed GPU. Default:Enabled
+
+    E.g:
+    KFD_FW_VER_CHECK=0
+
+*KFD_SDMA_FW_VER_CHECK*::
+    Enable or disable SDMA firmware version check.
+    If enabled, SDMA firmware version on restored gpu needs to be greater than or
+    equal firmware version on checkpointed GPU. Default:Enabled
+
+    E.g:
+    KFD_SDMA_FW_VER_CHECK=0
+
+*KFD_CACHES_COUNT_CHECK*::
+    Enable or disable caches count check. If enabled, the caches count on
+    restored GPU needs to be greater than or equal caches count on checkpointed
+    GPU. Default:Enabled
+
+    E.g:
+    KFD_CACHES_COUNT_CHECK=0
+
+*KFD_NUM_GWS_CHECK*::
+    Enable or disable num_gws check. If enabled, the num_gws on
+    restored GPU needs to be greater than or equal num_gws on checkpointed
+    GPU. Default:Enabled
+
+    E.g:
+    KFD_NUM_GWS_CHECK=0
+
+*KFD_VRAM_SIZE_CHECK*::
+    Enable or disable VRAM size check. If enabled, the VRAM size on
+    restored GPU needs to be greater than or equal VRAM size on checkpointed
+    GPU. Default:Enabled
+
+    E.g:
+    KFD_VRAM_SIZE_CHECK=0
+
+*KFD_NUMA_CHECK*::
+    Enable or disable NUMA CPU region check. If enabled, the plugin will restore
+    GPUs that belong to one CPU NUMA region to the same CPU NUMA region.
+    Default:Enabled
+
+    E.g:
+    KFD_NUMA_CHECK=1
+
+*KFD_CAPABILITY_CHECK*::
+    Enable or disable capability check. If enabled, the capability on
+    restored GPU needs to be equal to the capability on the checkpointed GPU.
+    Default:Enabled
+
+    E.g:
+    KFD_CAPABILITY_CHECK=1
+
+*KFD_MAX_BUFFER_SIZE*::
+    On some systems, VRAM sizes may exceed RAM sizes, and so buffers for dumping
+    and restoring VRAM may be unable to fit. Set to a nonzero value (in bytes)
+    to set a limit on the plugin's memory usage.
+    Default:0 (Disabled)
+
+    E.g:
+    KFD_MAX_BUFFER_SIZE="2G"
+
+
+AUTHOR
+------
+The AMDKFD team.
+
+
+COPYRIGHT
+---------
+Copyright \(C) 2020-2021, Advanced Micro Devices, Inc. (AMD)

Documentation/criu.txt

@@ -106,7 +106,7 @@ be restored with *mount(src, mountpoint, flags, options)*. When used,
 *dump* is expected to always succeed if a mountpoint is to be
 auto-detected, however *restore* may fail (or do something wrong)
 if the assumption for restore logic is incorrect. This option is
-not compatable with *--external* *dev*.
+not compatible with *--external* *dev*.
 
 *--action-script* 'script'::
     Add an external action script to be executed at certain stages.
@@ -155,6 +155,17 @@ not compatable with *--external* *dev*.
             notification message contains a file descriptor for
             the master pty
 
+        *query-ext-files*:::
+            called after the process tree is stopped and network is locked.
+            This hook is used only in the RPC mode. The notification reply
+            contains file ids to be added to external file list (may be empty).
+
+*--unprivileged*::
+    This option tells *criu* to accept the limitations when running
+    as non-root. Running as non-root requires *criu* at least to have
+    *CAP_SYS_ADMIN* or *CAP_CHECKPOINT_RESTORE*. For details about running
+    *criu* as non-root please consult the *NON-ROOT* section.
+
 *-V*, *--version*::
     Print program version and exit.
 
@@ -242,6 +253,12 @@ In other words, do not use it unless really needed.
     Tell *criu* that one end of a pair of UNIX sockets (created by
     *socketpair*(2)) with the given _id_ is OK to be disconnected.
 
+*--external* **net[**__inode__**]:**__name__::
+    Mark a network namespace as external and do not include it in the
+    checkpoint. The label 'name' can be used with *--inherit-fd* during
+    restore to specify a file descriptor to a preconfigured network
+    namespace.
+
 *--external* **pid[**__inode__**]:**__name__::
     Mark a PID namespace as external. This can be later used to restore
     a process into an existing PID namespace. The label 'name' can be
@@ -328,7 +345,8 @@ mount -t cgroup -o devices,freezer none devices,freezer
     Checkpoint established TCP connections.
 
 *--tcp-close*::
-    Don't dump the state of, or block, established tcp connections.
+    Don't dump the state of, or block, established tcp connections
+    (including the connection is once established but now closed).
     This is useful when tcp connections are not going to be restored.
 
 *--skip-in-flight*::
@@ -360,6 +378,10 @@ mount -t cgroup -o devices,freezer none devices,freezer
     Allows to link unlinked files back, if possible (modifies filesystem
     during *restore*).
 
+*--timeout* 'number'::
+    Set a time limit in seconds for collecting tasks during the
+    dump operation. The timeout is 10 seconds by default.
+
 *--ghost-limit* 'size'::
     Set the maximum size of deleted file to be carried inside image.
     By default, up to 1M file is allowed. Using this
@@ -367,6 +389,13 @@ mount -t cgroup -o devices,freezer none devices,freezer
     'size' may be postfixed with a *K*, *M* or *G*, which stands for kilo-,
     mega, and gigabytes, accordingly.
 
+*--ghost-fiemap*::
+    Enable an optimization based on fiemap ioctl that can reduce the
+    number of system calls used when checkpointing highly sparse ghost
+    files. This option is enabled by default, and it can be disabled
+    with *--no-ghost-fiemap*. An automatic fallback to SEEK_HOLE/SEEK_DATA
+    is used when fiemap is not supported.
+
 *-j*, *--shell-job*::
     Allow one to dump shell jobs. This implies the restored task will
     inherit session and process group ID from the *criu* itself.
@@ -408,7 +437,7 @@ By default the option is set to *fpu* and *ins*.
     Set the method to be used to validate open files. Validation is done
     to ensure that the version of the file being restored is the same
     version when it was dumped.
-
++
 The 'mode' may be one of the following:
 
     *filesize*:::
@@ -433,6 +462,33 @@ The 'mode' may be one of the following:
 
     *nftables*::: Use nftables rules to drop the packets.
 
+    *skip*::: Don't lock the network. If *--tcp-close* is not used, the network
+    must be locked externally to allow CRIU to dump TCP connections.
+
+*--allow-uprobes*::
+    Allow dumping when uprobes vma is present. When used on dump, this option is
+    required on restore as well.
+
+    A uprobes vma is automatically created by the kernel once a uprobe is
+    triggered. This mapping is not removed even once the uprobe is deleted. So,
+    even if a process once had uprobes attached to it, and they're removed by
+    the time the process is dumped, this option is still required because criu
+    has no way of knowing whether there are active uprobes or not.
+
+    When using this option on restore, make sure the uprobes (if any) active on
+    the dumped processes are still active. Otherwise, when execution reaches
+    a uprobe'd location in any of the restored processes, that process will be
+    sent a SIGTRAP.
+
+    As an example, say a uprobe is set at function foo in the executable of the
+    process p_bar. Whenever execution in p_bar reaches function foo, the uprobe
+    is triggered. If the uprobe has been triggered at least once, then the kernel
+    will have created the uprobes vma. To dump p_bar, this option is
+    necessary. After dumping, say the uprobe is deleted. Now, on restoring with
+    this option, once execution reaches function foo, SIGTRAP will be sent to
+    the restored p_bar. Unless it has a signal handler installed for SIGTRAP,
+    it will be terminated and core dumped.
+
 *restore*
 ~~~~~~~~~
 Restores previously checkpointed processes.
@@ -446,8 +502,8 @@ Restores previously checkpointed processes.
 The 'resource' argument can be one of the following:
 +
     - **tty[**__rdev__**:**__dev__**]**
-    - **pipe[**__inode__**]**
-    - **socket[**__inode__*]*
+    - **pipe:[**__inode__**]**
+    - **socket:[**__inode__*]*
     - **file[**__mnt_id__**:**__inode__**]**
     - 'path/to/file'
 
@@ -521,7 +577,7 @@ usually need to be escaped from shell.
     Restore cgroups configuration associated with a task from the image.
     Controllers are always restored in an optimistic way -- if already present
     in system, *criu* reuses it, otherwise it will be created.
-
++
 The 'mode' may be one of the following:
 
     *none*:::   Do not restore cgroup properties but require cgroup to
@@ -645,7 +701,7 @@ are not adequate, but this can be suppressed by using *--cpu-cap=none*.
     Set the method to be used to validate open files. Validation is done
     to ensure that the version of the file being restored is the same
     version when it was dumped.
-
++
 The 'mode' may be one of the following:
 
     *filesize*:::
@@ -657,6 +713,13 @@ The 'mode' may be one of the following:
                 build-ID cannot be obtained, 'chksm-first' method will be
                 used. This is the default if mode is unspecified.
 
+*--skip-file-rwx-check*::
+    Skip checking file permissions (r/w/x for u/g/o) on restore.
+
+*--allow-uprobes*::
+    Required when dumped with this option. Refer to this option in the section
+    on dumping for more details.
+
 *check*
 ~~~~~~~
 Checks whether the kernel supports the features needed by *criu* to
@@ -863,6 +926,42 @@ configuration file will overwrite all other configuration file settings
 or RPC options. *This can lead to undesired behavior of criu and
 should only be used carefully.*
 
+NON-ROOT
+--------
+*criu* can be used as non-root with either the *CAP_SYS_ADMIN* capability
+or with the *CAP_CHECKPOINT_RESTORE* capability introduces in Linux kernel 5.9.
+*CAP_CHECKPOINT_RESTORE* is the minimum that is required.
+
+*criu* also needs either *CAP_SYS_PTRACE* or a value of 0 in
+*/proc/sys/kernel/yama/ptrace_scope* (see *ptrace*(2)) to be able to interrupt
+the process for dumping.
+
+Running *criu* as non-root has many limitations and depending on the process
+to checkpoint and restore it may not be possible.
+
+In addition to *CAP_CHECKPOINT_RESTORE* it is possible to give *criu* additional
+capabilities to enable additional features in non-root mode.
+
+Currently *criu* can benefit from the following additional capabilities:
+
+    - *CAP_NET_ADMIN*
+    - *CAP_SYS_CHROOT*
+    - *CAP_SETUID*
+    - *CAP_SYS_RESOURCE*
+
+Note that for some operations, having a capability in a namespace other than
+the init namespace (i.e. the default/root namespace) is not sufficient. For
+example, in order to read symlinks in proc/[pid]/map_files CRIU requires
+CAP_CHECKPOINT_RESTORE in the init namespace; having CAP_CHECKPOINT_RESTORE
+while running in another user namespace (e.g. in a container) does not allow
+CRIU to read symlinks in /proc/[pid]/map_files.
+
+Without access to /proc/[pid]/map_files checkpointing/restoring processes
+that have mapped deleted files may not be possible.
+
+Independent of the capabilities it is always necessary to use "*--unprivileged*" to
+accept *criu*'s limitation in non-root mode.
+
 EXAMPLES
 --------
 To checkpoint a program with pid of *1234* and write all image files into

Documentation/logo.svg

@@ -0,0 +1,136 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Generator: Adobe Illustrator 16.0.1, SVG Export Plug-In . SVG Version: 6.00 Build 0)  -->
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
+	 width="560px" height="560px" viewBox="0 0 560 560" enable-background="new 0 0 560 560" xml:space="preserve">
+<path opacity="0.3" fill="#990000" d="M315.137,360.271c-18.771-7.159-41.548-8.85-68.479-8.85c-16.661,0-46.255,2.939-74.654,3.38
+	c11.209-4.884,20.734-10.265,24.842-16.87c14.531-23.346,17.645-65.893,17.645-65.893l-20.758,3.114c0,0-2.591,35.8-16.085,47.733
+	c-5.35,4.736-15.96,7.834-27.916,10.856c2.447-26.071,29.477-57.552,29.477-57.552l-14.874-3.966l-5.88-7.448
+	c0,0-3.011,1.761-7.588,5.315c-18.298,4.208-75.946,20.443-75.946,57.983c0,15.292,5.77,26.308,14.768,34.244
+	c-22.858,26.966-20.755,61.618-20.755,61.618s-8.945,16.61-8.021,31.254c2.083,32.973,34.931,25.097,44.313,26.374
+	c9.644,1.313,34.313-4.18,34.313-4.18s-16.276-2.639-15.329-18.562c0.5-8.369-0.947-27.628-21.404-37.307
+	c-1.13-10.066,2.111-18.309,6.379-28.015c18.452,45.263,92.601,53.97,92.601,53.97c0.393-0.097-10.269,20.047,0.221,35.632
+	c4.652,6.915,18.284,10.019,22.436,19.356c4.151,9.341,2.199,30.354,2.199,30.354s21.267-16.864,27.239-30.18
+	c3.334-7.432,25.989,0.926,25.989-34.047c0-14.077-12.26-26.841-13.675-29.815c-20.858-20.334-5.427-4.743,2.677-8.236
+	c12.758-5.499,35.412,11.657,35.412,11.657s-10.402-20.119-11.437-31.013c-0.795-8.335-4.537-16.816-16.624-30.042
+	c7.166-0.752,20.362,2.327,20.362,2.327s-5.202,11.251-0.879,25.515c3.588,11.84,7.193,7.193,14.736,14.737
+	c6.599,6.598,3.146,26.284,3.146,26.284s4.674-4.513,18.081-18.235c9.072-9.29,23.645-16.717,23.645-47.86
+	C355.312,365.969,334.97,360.979,315.137,360.271z M134.108,285.901c-11.5,13.048-23.667,32.329-28.23,58.293
+	c-4.821-3.519-7.613-8.1-7.613-14.043C98.265,309.699,117.078,295.016,134.108,285.901z"/>
+<path fill="#990000" d="M382.184,115.435c3.654,1.208,7.327,2.37,10.968,3.444c14.16,4.183,26.745-9.798,26.745-9.798
+	s-8.785-2.243-17.857-3.497c12.173-2.653,21.085-18.66,21.085-18.66s-17.366,4.819-27.224,5.087
+	c-2.042,0.057-4.107,0.118-6.189,0.186c2.464-0.37,4.925-0.847,7.361-1.485c14.201-3.714,21.505-23.382,21.505-23.382
+	s-15.411,6.743-24.951,9.239c-2.694,0.703-5.438,1.437-8.197,2.185c3.038-1.071,6.008-2.306,8.815-3.82
+	c12.922-6.965,12.241-29.347,12.241-29.347s-10.162,11.926-18.844,16.605c-3.557,1.916-7.199,3.904-10.846,5.911
+	c3.798-2.277,7.45-4.743,10.596-7.569c10.918-9.814,7.722-29.605,7.722-29.605s-9.801,12.54-17.135,19.131
+	c-8.939,8.037-18.775,14.104-27.014,21.81c-6.427,6.011-25.14,35.236-36.812,46.283c-11.671,11.047-18.301,12.476-19.159,14.388
+	c-0.863,1.913,1.006,30.46-14.078,39.145c-16.476-21.583-50.565-44.007-53.101-72.033c-2.079-22.959,5.209-34.055,19.149-35.316
+	c14.994-1.359,15.998,24.507,15.998,24.507s-1.379,1.064-1.708,6.391c-0.097,0.629-0.145,1.272-0.083,1.934
+	c0.004,0.031,0.008,0.06,0.011,0.091c-0.014,1.674,0.065,3.664,0.278,6.039c1.131,12.474,4.53,14.574,4.53,14.574l2.075-0.722
+	c0,0-2.24-4.079-2.554-7.529c-0.172-1.917-0.187-3.556-0.079-4.977c0.45,0.067,0.949,0.081,1.506,0.031
+	c4.398-0.399,6.049-4.141,5.65-8.539c-0.042-0.45-0.069-0.885-0.094-1.316c2.485-26.032-1.756-29.637,4.788-41.391
+	c9.032-16.218,17.279-16.015,17.279-16.015l1.402-8.155c0,0-6.817,2.462-14.819,13.652c-8.833,12.354-8.983,26.229-9.066,47.958
+	c-0.188-0.761-0.502-1.37-1.017-1.784c-2.457-11.192-9.087-32.13-24.112-30.77c-16.72,1.514-29.419,14.974-26.773,44.171
+	c3.609,39.832,26.186,52.701,29.829,80.84c-13.47-2.349-23.883-10.656-30.866-20.282c-7.803-10.749-7.297-22.949-8.324-24.779
+	c-1.027-1.829-7.761-2.662-20.367-12.627c-12.605-9.965-33.845-37.41-40.78-42.824c-8.895-6.942-19.229-12.111-28.848-19.32
+	c-7.892-5.915-18.769-17.531-18.769-17.531s-1.419,19.995,10.323,28.8c3.386,2.536,7.246,4.665,11.229,6.597
+	c-3.808-1.674-7.616-3.33-11.327-4.925c-9.062-3.887-20.246-14.861-20.246-14.861s1.31,22.353,14.803,28.143
+	c2.931,1.257,6,2.223,9.12,3.019c-2.818-0.5-5.615-0.985-8.357-1.447c-9.728-1.636-25.677-6.981-25.677-6.981
+	s9.025,18.94,23.5,21.376c2.485,0.417,4.975,0.674,7.466,0.822c-2.08,0.118-4.148,0.242-6.183,0.368
+	c-9.843,0.61-27.566-2.645-27.566-2.645S85.667,120.333,110,120c-8.922,2.057-25.678,6.008-25.678,6.008s13.778,12.806,27.508,7.38
+	c3.533-1.394,7.087-2.876,10.62-4.404c-3.726,1.804-7.424,3.581-11.005,5.273c-8.963,4.243-19.428,10.176-19.428,10.176
+	s15.069,9.759,27.305,1.497c0.558-0.378,3.121-1.76,3.678-2.143c-7.904,5.808-19.754,14.937-19.754,14.937
+	s15.802,6.027,27.092-3.354c4.663-3.875,8.104-7.185,12.238-11.618c-3.773,4.55-6.699,8.018-10.634,12.106
+	c-6.839,7.104-13.06,19.791-13.06,19.791s15.597,0.39,24.359-11.388c4.488-6.035,7.482-11.633,10.974-18.191
+	c-3.113,6.479-5.468,11.95-8.911,17.788c-5.018,8.49-7.574,22.624-7.574,22.624s15.342-3.655,21.07-17.17
+	c2.231-5.266,2.107-9.783,3.694-15.291c-1.257,5.272-0.666,9.475-2.24,14.319c-3.045,9.379,0.011,25.554,0.011,25.554
+	s9.713-5.855,10.359-20.52c0.006-0.153,0.5-8.47,0.5-8.625L171,171.496c0,9.917,6.295,23.276,6.295,23.276
+	s11.459-10.649,9.369-25.266c-0.188-1.31-0.1-2.627-0.305-3.947c0.408,1.507,0.998,3.016,1.493,4.524
+	c3.075,9.429,3.5,15.957,3.5,15.957s6.483,1.251,8.73-1.594c0.764,5.625-0.843,10.2-0.843,10.2s5.471-1.1,8.893-3.756
+	c0.705,5.331,0.155,8.789,0.155,8.789s5.106-1.603,8.419-4.323c0.611,4.642,1.764,7.542,1.764,7.542s6.398-0.88,9.021-5.393
+	c0.199,0.038,0.395,0.079,0.59,0.117c2.269,4.875,1.438,8.517,1.438,8.517s7.492-2.14,9.492-6.14c0.003,0,0.007,0,0.01,0
+	c1.798,4,2.727,6.102,2.727,6.102s4.853-2.349,7.093-6.064c0.189,0.009,0.364-0.093,0.547-0.086
+	c-4.702,19.629-23.62,29.658-42.207,42.764c-1.392,0.981-2.712,1.925-3.97,2.884c-2.891,1.512-6.788,3.495-11.311,5.724
+	c-9.829,3.363-23.7,6.057-41.038,4.084c-9.798-1.115-21.037,10.02-21.037,10.02s6.87,4.843,16.565,5.028
+	c-8.819,3.621-17.438,12.632-17.438,12.632s0.045,0.019,0.069,0.029c-27.096,11.688-51.621,29.917-47.651,57.105
+	c2.375,16.27,14.692,25.475,31.704,30.254c-17.81,14.742-32.921,36.129-30.707,60.59c0.134,1.487,0.309,2.916,0.508,4.311
+	c-2.209,5.6-3.288,17.842-2.674,24.886c0.949,10.838,13.686,8.662,18.219,6.729c14.139,12.202,32.258,10.252,32.258,10.252
+	s-17.301,1.211-30.306-11.156c5.551-2.659,6.424-3.925,6.788-11.579c0.36-7.61-9.104-20.759-20.57-21.966
+	c-1.25-20.07,9.861-43.32,30.603-60.203c0.02,0.249,0.023,0.491,0.048,0.742c4.248,46.957,30.584,54.634,81.148,63.26
+	c12.603,2.15,22.04,5.821,29.042,10.457c-3.844,5.388-5.706,21.559-2.895,32.325c3.045,11.655,12.647,14.53,19.429,14.955
+	c-3.304,16.035-11.235,29.024-11.235,29.024s10.015-11.628,15.04-29.016c0.48-0.031,0.928-0.069,1.319-0.114
+	c10.922-1.262,16.17-11.338,14.743-23.071c-1.195-9.826-13.974-24.54-28.598-25.992c-33.117-21.52-109.104-9.05-113.877-61.769
+	c-0.341-3.746-0.517-7.367-0.571-10.888c5.709,1.111,11.782,1.844,18.104,2.244c14.111,28.517,62.158,22.269,95.818,20.694
+	c1.764,3.09,7.043,7.064,13.929,9.779c11.751,4.633,14.889,3.742,18.869,1.502c1.484-0.835,2.828-1.92,3.979-3.155
+	c10.822,10.456,25.37,30.251,25.37,30.251s-12.29-22.284-22.733-33.97c2.601-4.923,2.433-10.619-2.559-13.297
+	c-6.956-3.732-31.321,1.581-36.316,4.981c-30.811,1.668-71.853,6.551-89.576-16.474c41.005,1.192,88.786-9.133,102.385-10.365
+	c21.726-1.966,47.319,1.367,64.887,8.228c-0.783,5.681,1.867,18.47,4.641,25.318c3.316,8.197,11.561,5.887,16.562,3.028
+	c-0.588,13.3-4.495,22.638-4.495,22.638s7.86-14.125,9.117-26.183c4.354-4.041,4.774-5.562,2.904-12.887
+	c-1.849-7.24-14.317-16.821-25.47-15.096c-21.855-8.906-54.594-11.087-75.74-9.175c-18.253,1.653-61.404,10.802-97.611,10.237
+	c-1.895-3.338-3.402-7.122-4.412-11.479c5.113-2.364,10.551-4.388,16.307-5.975c30.999-8.551,40.97-29.258,42.943-48.579
+	c1.127,1.303,1.938,2.069,1.938,2.069s7.087-12.679,5.522-27.275c-0.264-2.469-0.429-4.737-0.553-6.911
+	c2.499,6.741,7.778,13.001,7.778,13.001s16.438-20.208,5.846-27.268c-11.583-7.714-6.836-13.283-4.31-15.299
+	c3.354-1.984,6.973-3.94,10.859-5.817c26.561-12.817,59.903-20.002,64.443-40.039c0.265-1.172,0.388-2.34,0.443-3.507
+	c3.701,2.396,9.165,2.053,9.165,2.053s-0.367-2.88-0.601-7.556c3.747,2.081,8.874,1.758,8.874,1.758s-0.986-2.319-1.255-7.689
+	c3.846,1.998,8.434,2.278,8.434,2.278s-0.725-2.246-1.24-5.573c3.788,0.719,8.84,0.419,8.84,0.419s-3.543-7.302-1.316-16.965
+	c0.357-1.547,0.666-3.09,0.938-4.626c-0.087,1.332-0.169,2.662-0.238,3.985c-0.783,14.742,10.85,24.47,10.85,24.47
+	S337,172.178,337,162.303c0-0.021,0-0.042,0-0.061c0,0.153-0.804,0.309-0.782,0.46c1.951,14.548,13.499,20.839,13.499,20.839
+	s2.388-16.471-1.478-25.542c-1.998-4.686-3.966-9.742-5.688-14.881c2.068,5.344,4.374,10.673,7.067,15.72
+	c6.909,12.952,20.498,15.406,20.498,15.406s-1.832-14.029-7.581-22.041c-3.952-5.505-7.874-11.654-11.551-17.83
+	c4.059,6.22,8.622,12.438,13.631,18.048c9.774,10.953,25.27,9.178,25.27,9.178s-7.323-12.085-14.767-18.552
+	c-4.283-3.722-8.589-7.824-12.754-12.019c4.513,4.047,9.319,7.944,14.31,11.39c12.077,8.341,27.281,0.931,27.281,0.931
+	s-10.533-7.219-18.926-12.302c0.595,0.332,1.186,0.662,1.777,0.988c12.922,7.14,28.146-3.013,28.146-3.013
+	s-12.036-5.887-21.343-9.313C389.896,118.341,386.055,116.903,382.184,115.435z M116.917,367.418
+	c-0.172,0.131-0.344,0.268-0.516,0.398c-17.301-3.899-29.646-12.415-31.124-28.752c-2.244-24.777,21.669-42.631,47.562-54.59
+	c3.553,1,9.203,1.919,15.541,0.503c-4.694,4.817-7.998,9.859-7.998,9.859s2.076,0.564,5.3,0.733
+	C133.582,308.673,115.917,333.715,116.917,367.418z M146.295,295.598c1.834,0.062,3.979-0.014,6.326-0.386
+	c-0.141,0.365-0.274,0.72-0.401,1.069c-10.511,14.57-18.745,34.363-17.404,59.912c-4.522,2.267-9.248,5.074-13.939,8.343
+	C122.237,330.3,136.218,307.613,146.295,295.598z M121.776,368.86c4.131-2.979,8.589-5.697,13.361-8.115
+	c0.358,3.527,1.032,6.741,2.025,9.634C131.805,370.131,126.629,369.657,121.776,368.86z M150.478,350.278
+	c-3.791,0.864-8.16,2.403-12.812,4.546c-0.062-0.425-0.168-0.803-0.224-1.236c-2.557-19.875,3.873-37.276,13.005-51.347
+	c0,0.005-0.007,0.032-0.007,0.032s13.533-3.395,23.088-14.017c-1.715,7.205,0.158,14.79,0.158,14.79s9.774-5.185,16.654-15.216
+	c-0.131,5.548,2.84,10.803,5.451,14.331C193.303,321.731,182.711,342.934,150.478,350.278z M259.516,275.357
+	c0.846-4.127,1.649-8.135,2.42-12.012c2.199-4.002,5.203-6.524,9.011-7.55c3.808-1.04,7.78-1.559,11.919-1.559l1.739-17.042
+	c-5.942,0.378-11.657,1.419-17.144,3.105c-5.492,1.672-10.946,3.611-16.369,5.8c-4.526,4.131-7.915,8.875-10.169,14.237
+	c-2.262,5.359-3.755,11.051-4.655,17.055c-0.906,6.007-1.268,12.17-1.268,18.489v18.209c0,3.23,0.201,6.368,0.779,9.393
+	c0.584,3.045,1.728,5.66,3.543,7.85c3.614,2.588,7.203,3.85,10.822,3.771c3.619-0.066,7.224-0.712,10.842-1.925
+	c3.611-1.23,7.162-2.757,10.647-4.558c3.484-1.811,6.904-3.293,10.266-4.457l7.159-14.521c-2.066,0.505-4.2,1.23-6.394,2.127
+	c-2.199,0.9-4.453,1.643-6.777,2.224c-2.322,0.585-4.649,0.773-6.977,0.585c-2.322-0.189-4.649-1.2-6.976-2.994
+	c-2.063-3.626-3.355-7.475-3.87-11.541c-0.519-4.065-0.612-8.165-0.289-12.296C258.1,283.619,258.674,279.488,259.516,275.357z
+	 M367.6,320.582c-0.196-3.025-1.001-5.908-2.42-8.623c-1.031-3.608-2.649-6.588-4.846-8.905c-2.193-2.333-4.682-4.162-7.458-5.516
+	c-2.773-1.358-5.712-2.364-8.812-3.014c-3.098-0.643-6.004-1.056-8.717-1.259c-2.711-0.188-5.101-0.285-7.166-0.285
+	s-3.419-0.062-4.064-0.189c0.25-1.037,0.449-2.302,0.574-3.783c0.133-1.481,0.322-2.866,0.584-4.162
+	c0.258-1.419,0.512-2.977,0.773-4.65c6.326,0,12.073-0.581,17.242-1.749c5.165-1.148,9.688-3.059,13.558-5.705
+	c3.876-2.646,7.135-6.131,9.781-10.469c2.649-4.318,4.558-9.583,5.715-15.776c-5.684,0-11.596,0.029-17.727,0.093
+	s-12.328,0.158-18.593,0.284c-6.266,0.143-12.431,0.332-18.5,0.583c-6.066,0.27-11.812,0.584-17.236,0.979
+	c0.128,0,0.221,1.387,0.293,4.161c0.062,2.775,0.062,6.465,0,11.035c-0.072,4.588-0.2,9.788-0.386,15.589
+	c-0.199,5.819-0.49,11.73-0.875,17.734c-0.386,6.007-0.878,11.901-1.451,17.72c-0.584,5.815-1.262,10.908-2.035,15.304
+	c5.552-0.268,11.432-0.488,17.624-0.677c2.162-0.065,4.33-0.127,6.503-0.176l1.247-5.547c0.385-2.192,0.708-4.776,0.969-7.739
+	c0.259-2.979,0.513-5.754,0.773-8.338c0.259-3.093,0.386-6.196,0.386-9.286c0.646-0.127,1.677-0.206,3.103-0.206
+	c1.547,0,3.225,0.269,5.039,0.773c1.804,0.519,3.68,1.292,5.612,2.334c1.938,1.041,3.615,2.522,5.034,4.46
+	c1.42,1.925,2.45,4.352,3.104,7.252c0.638,2.914,0.638,6.495,0,10.75l0.631,5.39c1.609,0.033,3.207,0.079,4.796,0.144
+	c6.068,0.189,11.812,0.471,17.234,0.866C367.891,326.747,367.795,323.609,367.6,320.582z M327.506,263.345
+	c0.707-4.397,1.323-8.133,1.835-11.238c1.168-0.521,2.522-0.835,4.069-0.962c1.549-0.125,3.103-0.205,4.65-0.205
+	c1.677,0,3.291,0.031,4.845,0.112c1.547,0.062,2.901,0.093,4.069,0.093c0,1.151-0.041,2.586-0.103,4.256
+	c-0.066,1.688-0.189,3.42-0.389,5.232c-0.189,1.815-0.512,3.578-0.97,5.331c-0.446,1.732-1.127,3.182-2.034,4.347
+	c-0.896,0.918-2.128,1.657-3.681,2.224c-1.543,0.584-3.159,1.042-4.84,1.357c-1.677,0.33-3.291,0.55-4.838,0.677
+	c-1.555,0.141-2.78,0.207-3.682,0.207C326.439,271.542,326.798,267.727,327.506,263.345z M393.035,246.385
+	c-2.517,0.33-4.84,0.584-6.97,0.773c-2.135,0.205-3.781,0.172-4.939-0.096l3.678,2.711c0.899,5.423,1.356,11.051,1.356,16.851
+	c0,5.818-0.195,11.695-0.584,17.642c-0.385,5.941-0.872,11.805-1.45,17.624c-0.581,5.801-1,11.427-1.261,16.85
+	c-0.907,4.522-1.519,9.238-1.835,14.139c-0.331,4.901-0.843,9.713-1.554,14.425c-0.708,4.712-1.812,9.3-3.297,13.761
+	c-1.48,4.443-3.773,8.481-6.869,12.107l-2.908,1.543c0.513,0.52,1.323,0.993,2.42,1.45c1.093,0.457,1.842,0.678,2.23,0.678
+	c2.708-3.23,4.712-6.558,6.004-9.978c1.286-3.419,2.64-6.746,4.069-9.963c1.544-2.711,2.969-5.626,4.261-8.716
+	c1.286-3.107,2.774-6.008,4.455-8.719c1.671-2.708,3.681-5.045,6.008-6.984c2.322-1.938,5.285-3.15,8.903-3.67
+	c0.386-6.319,0.836-13.114,1.354-20.335c0.517-7.235,1.001-14.534,1.451-21.896c0.457-7.361,0.846-14.596,1.168-21.689
+	c0.323-7.111,0.482-13.684,0.482-19.769c-2.713,0-5.458,0.143-8.229,0.394C398.196,245.785,395.553,246.07,393.035,246.385z
+	 M483.002,245c0,4-0.061,5.618-0.188,7.038c-0.135,1.419-0.323,3.525-0.581,5.259c-0.261,1.751-0.584,4.166-0.972,6.752
+	c-0.386,2.584-0.843,6.388-1.354,11.165c-0.519,4.791-1.135,11.551-1.839,19.167c-0.715,7.612-1.519,18.619-2.427,29.619h-32.15
+	c0-15,1.065-26.686,3.192-39.535c2.138-12.847,4.101-25.911,5.911-38.695c-5.034,0.52-9.85,1.042-14.427,1.812
+	c-4.589,0.773-9.136,0.898-13.662,0.52c-0.513,13.682-1.543,27.507-3.097,41.521c-1.553,13.998-3.23,27.586-5.038,40.749
+	c4.52,0,9.396-0.166,14.631-0.496c5.224-0.316,10.292-0.479,15.2-0.479c0.649,1.152,1.285,2.776,1.942,4.838
+	c0.638,2.065,1.22,4.318,1.738,6.779c0.517,2.457,0.997,5.027,1.454,7.753c0.447,2.715,0.873,5.424,1.258,8.135
+	c0.9,6.32,1.681,13.102,2.327,20.336c2.192-6.196,4.454-12.28,6.777-18.209c1.938-5.045,4.004-10.262,6.196-15.699
+	c2.199-5.423,4.327-10.073,6.393-13.936c2.323,0.254,4.649,0.316,6.974,0.188c2.326-0.124,4.681-0.25,7.071-0.392
+	c2.386-0.127,4.775-0.127,7.163,0c2.389,0.142,4.681,0.52,6.88,1.165c-0.257-6.716-0.164-13.619,0.293-20.728
+	c0.449-7.093,1.096-14.204,1.932-21.297c0.841-7.111,1.707-15.14,2.615-22.062c0.907-6.901,1.742-13.27,2.522-21.27H483.002z"/>
+</svg>

GEMINI.md

@@ -0,0 +1,136 @@
+# CRIU (Checkpoint/Restore In User-space)
+
+CRIU is a tool for saving the state of a running application to a set of files
+(checkpointing) and restoring it back to a live state. It is primarily used for
+live migration of containers, in-place updates, and fast application startup.
+
+It is implemented as a command-line tool called `criu`. The two primary commands
+are `dump` and `restore`.
+
+- `dump`: Saves a process tree and all its related resources (file
+  descriptors, IPC, sockets, namespaces, etc.) into a collection of image
+  files.
+- `restore`: Restores processes from image files to the same state they were
+  in before the dump.
+
+## Quick Start
+
+To get a feel for `criu`, you can try checkpointing and restoring a simple
+process.
+
+1.  **Run a simple process:**
+    Open a terminal and run a command that will run for a while. Find its PID.
+    ```bash
+    sleep 1000 &
+    [1] 12345
+    ```
+
+2.  **Dump the process:**
+    As root, use `criu dump` with the process ID (`-t`) and a directory for the
+    image files (`-D`).
+    ```bash
+    sudo criu dump -t 12345 -D /tmp/sleep_images -v4 --shell-job
+    ```
+    The `sleep` process will no longer be running.
+
+3.  **Restore the process:**
+    Use `criu restore` to bring the process back to life from the images.
+    ```bash
+    sudo criu restore -D /tmp/sleep_images -v4 --shell-job
+    ```
+    The `sleep` process will be running again as if nothing happened.
+
+# For Developers and Contributors
+
+This section contains more technical details about CRIU's internals and
+development process.
+
+## Dump Process
+
+On dump, CRIU uses available kernel interfaces to collect information about
+processes. For properties that can only be retrieved from within the process
+itself, CRIU injects a binary blob (called a "parasite") into the process's
+address space and executes it in the context of one of the process's threads.
+This injection is handled by a subproject called **Compel**.
+
+## Restore Process
+
+On restore, CRIU reads the image files to reconstruct the processes. The goal is
+to restore them to the exact state they were in before the dump. The restore
+process is divided into several stages (defined as `CR_STATE_*` in
+`./criu/include/restorer.h`).
+
+The main `criu` process acts as a coordinator. It first restores resources with
+inter-process dependencies (file descriptors, sockets, shared memory,
+namespaces, etc.). It then forks the process tree and sets up namespaces.
+Finally, it restores process-specific resources like file descriptors and memory
+mappings.
+
+A key step involves a small, self-contained binary called the "restorer". All
+restored processes switch to executing this code, which unmaps the CRIU-specific
+memory and restores the application's original memory mappings. On the final
+step, the restorer calls `sigreturn` on a prepared signal frame to resume the
+process with the state it had at the moment of the dump.
+
+## Compel
+
+Compel is a subproject responsible for generating the binary blobs used for the
+parasite code (for dumping) and the restorer code (for restoring). It provides a
+library for injecting and executing this code within the target process's
+address space. It is a separate project because the logic for generating and
+injecting Position-Independent Executable (PIE) code is complex and
+self-contained.
+
+## Coding Style
+
+The C code in the CRIU project follows the
+[Linux Kernel Coding Style](https://www.kernel.org/doc/html/latest/process/coding-style.html).
+Here are some of the main points:
+
+-   **Indentation**: Use tabs, which are set to 8 characters.
+-   **Line Length**: The preferred line limit is 80 characters, but it can be
+    extended to 120 if it improves code readability.
+-   **Braces**:
+    -   The opening brace for a function goes on a new line.
+    -   The opening brace for a block (like `if`, `for`, `while`, `switch`) goes
+        on the same line.
+-   **Spaces**: Use spaces around operators (`+`, `-`, `*`, `/`, `%`, `<`, `>`,
+    `=`, etc.).
+-   **Naming**: Use descriptive names for functions and variables.
+-   **Comments**: Use C-style comments (`/* ... */`). For multi-line comments,
+    the preferred format is:
+    ```c
+    /*
+     * This is a multi-line
+     * comment.
+     */
+    ```
+
+## Code Layout
+
+The code is organized into the following directories:
+
+-   `./compel`: The Compel sub-project.
+-   `./criu`: The main `criu` tool source code.
+-   `./images`: Protobuf descriptions for the image files.
+-   `./test`: All tests.
+-   `./test/zdtm`: The Zero-Downtime Migration (ZDTM) test suite.
+-   `./test/zdtm.py`: The executor script for ZDTM tests.
+-   `./scripts`: Helper scripts.
+-   `./scripts/build`: Docker image files used for CI and cross-compilation
+    checks.
+-   `./crit`: A tool to inspect and manipulate CRIU image files.
+-   `./soccr`: A library for TCP socket checkpoint/restore.
+
+## Tests
+
+The main test suite is ZDTM. Here is an example of how to run a single test:
+
+```bash
+sudo ./test/zdtm.py run -t zdtm/static/env00
+```
+
+Each ZDTM test has three stages: preparation, C/R, and results checks. During
+the test, a process calls `test_daemon()` to signal it is ready for C/R, then
+calls `test_waitsig()` to wait for the C/R stage to complete. After being
+restored, the test checks that all its resources are still in a valid state.

INSTALL.md

@@ -1,11 +1,31 @@
+## Building CRIU from source code
+
+First, you need to install compile-time dependencies. Check [Installation dependencies](https://criu.org/Installation#Dependencies) for more info.
+
+To compile CRIU, run:
+```
+make
+```
+This should create the `./criu/criu` executable.
+
+To change the default behaviour of CRIU, the following variables can be passed
+to the make command:
+
+ * **NETWORK_LOCK_DEFAULT**, can be set to one of the following
+   values: `NETWORK_LOCK_IPTABLES`, `NETWORK_LOCK_NFTABLES`,
+   `NETWORK_LOCK_SKIP`. CRIU defaults to `NETWORK_LOCK_IPTABLES`
+   if nothing is specified. If another network locking backend is
+   needed, `make` can be called like this:
+   `make NETWORK_LOCK_DEFAULT=NETWORK_LOCK_NFTABLES`
+
 ## Installing CRIU from source code
 
 Once CRIU is built one can easily setup the complete CRIU package
 (which includes executable itself, CRIT tool, libraries, manual
 and etc) simply typing
-
-    make install
-
+```
+make install
+```
 this command accepts the following variables:
 
  * **DESTDIR**, to specify global root where all components will be placed under (empty by default);
@@ -16,17 +36,17 @@ this command accepts the following variables:
  * **LIBDIR**, to specify directory where to put libraries (guess the correct path  by default).
 
 Thus one can type
-
-    make DESTDIR=/some/new/place install
-
+```
+make DESTDIR=/some/new/place install
+```
 and get everything installed under `/some/new/place`.
 
 ## Uninstalling CRIU
 
 To clean up previously installed CRIU instance one can type
-
-    make uninstall
-
+```
+make uninstall
+```
 and everything should be removed. Note though that if some variable (**DESTDIR**, **BINDIR**
 and such) has been used during installation procedure, the same *must* be passed with
 uninstall action.

MAINTAINERS

@@ -4,3 +4,5 @@ Mike Rapoport <rppt@kernel.org>
 Dmitry Safonov <0x7f454c46@gmail.com>
 Adrian Reber <areber@redhat.com>
 Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
+Radostin Stoyanov <rstoyanov@fedoraproject.org>
+Alexander Mikhalitsyn <alexander@mihalicyn.com>

MAINTAINERS_GUIDE.md

@@ -103,7 +103,7 @@ architecture changes should be reviewed by the chief maintainer.
 Also the chief maintainer has the veto power on any change submitted
 to any branch. Naturally, a change in the criu-dev branch can be reverted
 after a chief maintainer veto, a change in the master branch must be
-carefully reviwed by the chief maintainer and vetoed in advance.
+carefully reviewed by the chief maintainer and vetoed in advance.
 
 ### How are maintainers added (and removed)?
 

Makefile

@@ -19,7 +19,7 @@ endif
 
 #
 # Supported Architectures
-ifneq ($(filter-out x86 arm aarch64 ppc64 s390 mips,$(ARCH)),)
+ifneq ($(filter-out x86 arm aarch64 ppc64 s390 mips loongarch64 riscv64,$(ARCH)),)
         $(error "The architecture $(ARCH) isn't supported")
 endif
 
@@ -35,18 +35,18 @@ ifeq ($(ARCH),arm)
         ARMV		:= $(shell echo $(SUBARCH) | sed -nr 's/armv([[:digit:]]).*/\1/p; t; i7')
 
         ifeq ($(ARMV),6)
-                USERCFLAGS += -march=armv6
+                ARCHCFLAGS += -march=armv6
         endif
 
         ifeq ($(ARMV),7)
-                USERCFLAGS += -march=armv7-a
+                ARCHCFLAGS += -march=armv7-a+fp
         endif
 
         ifeq ($(ARMV),8)
-                # Running 'setarch linux32 uname -m' returns armv8l on travis aarch64.
+                # Running 'setarch linux32 uname -m' returns armv8l on aarch64.
                 # This tells CRIU to handle armv8l just as armv7hf. Right now this is
                 # only used for compile testing. No further verification of armv8l exists.
-                USERCFLAGS += -march=armv7-a
+                ARCHCFLAGS += -march=armv7-a
                 ARMV := 7
         endif
 
@@ -64,6 +64,8 @@ endif
 
 ifeq ($(ARCH),aarch64)
         DEFINES		:= -DCONFIG_AARCH64
+        CC_MBRANCH_PROT := $(shell $(CC) -c -x c /dev/null -mbranch-protection=none -o /dev/null >/dev/null 2>&1 && echo "-mbranch-protection=none")
+        CFLAGS_PIE	:= $(CC_MBRANCH_PROT)
 endif
 
 ifeq ($(ARCH),ppc64)
@@ -80,6 +82,14 @@ ifeq ($(ARCH),mips)
         DEFINES		:= -DCONFIG_MIPS
 endif
 
+ifeq ($(ARCH),loongarch64)
+        DEFINES		:= -DCONFIG_LOONGARCH64
+endif
+
+ifeq ($(ARCH),riscv64)
+        DEFINES		:= -DCONFIG_RISCV64
+endif
+
 #
 # CFLAGS_PIE:
 #
@@ -102,10 +112,20 @@ export PROTOUFIX DEFINES
 #
 # Independent options for all tools.
 DEFINES			+= -D_FILE_OFFSET_BITS=64
+DEFINES			+= -D_LARGEFILE64_SOURCE
 DEFINES			+= -D_GNU_SOURCE
 
 WARNINGS		:= -Wall -Wformat-security -Wdeclaration-after-statement -Wstrict-prototypes
 
+# -Wdangling-pointer results in false warning when we add a list element to
+# local list head variable. It is false positive because before leaving the
+# function we always check that local list head variable is empty, thus
+# insuring that pointer to it is not dangling anywhere, but gcc can't
+# understand it.
+# Note: There is similar problem with kernel list, where this warning is also
+# disabled: https://github.com/torvalds/linux/commit/49beadbd47c2
+WARNINGS		+= -Wno-dangling-pointer -Wno-unknown-warning-option
+
 CFLAGS-GCOV		:= --coverage -fno-exceptions -fno-inline -fprofile-update=atomic
 export CFLAGS-GCOV
 
@@ -113,11 +133,19 @@ ifeq ($(ARCH),mips)
 WARNINGS		:= -rdynamic
 endif
 
+ifeq ($(ARCH),loongarch64)
+WARNINGS		+= -Wno-implicit-function-declaration
+endif
+
 ifneq ($(GCOV),)
         LDFLAGS         += -lgcov
         CFLAGS          += $(CFLAGS-GCOV)
 endif
 
+ifneq ($(NETWORK_LOCK_DEFAULT),)
+	CFLAGS		+= -DNETWORK_LOCK_DEFAULT=$(NETWORK_LOCK_DEFAULT)
+endif
+
 ifeq ($(ASAN),1)
 	CFLAGS-ASAN	:= -fsanitize=address
 	export		CFLAGS-ASAN
@@ -142,12 +170,12 @@ export GMON GMONLDOPT
 endif
 
 AFLAGS			+= -D__ASSEMBLY__
-CFLAGS			+= $(USERCFLAGS) $(WARNINGS) $(DEFINES) -iquote include/
+CFLAGS			+= $(USERCFLAGS) $(ARCHCFLAGS) $(WARNINGS) $(DEFINES) -iquote include/
 HOSTCFLAGS		+= $(WARNINGS) $(DEFINES) -iquote include/
 export AFLAGS CFLAGS USERCLFAGS HOSTCFLAGS
 
 # Default target
-all: criu lib crit
+all: criu lib crit cuda_plugin
 .PHONY: all
 
 #
@@ -250,26 +278,19 @@ criu: $(criu-deps)
 	$(Q) $(MAKE) $(build)=criu all
 .PHONY: criu
 
-crit/Makefile: ;
-crit/%: criu .FORCE
-	$(Q) $(MAKE) $(build)=crit $@
-crit: criu
-	$(Q) $(MAKE) $(build)=crit all
-.PHONY: crit
-
 unittest: $(criu-deps)
 	$(Q) $(MAKE) $(build)=criu unittest
 .PHONY: unittest
 
 
 #
-# Libraries next once crit it ready
+# Libraries next once criu is ready
 # (we might generate headers and such
 # when building criu itself).
 lib/Makefile: ;
-lib/%: crit .FORCE
+lib/%: criu .FORCE
 	$(Q) $(MAKE) $(build)=lib $@
-lib: crit
+lib: criu
 	$(Q) $(MAKE) $(build)=lib all
 .PHONY: lib
 
@@ -278,21 +299,28 @@ clean mrproper:
 	$(Q) $(MAKE) $(build)=criu $@
 	$(Q) $(MAKE) $(build)=soccr $@
 	$(Q) $(MAKE) $(build)=lib $@
+	$(Q) $(MAKE) $(build)=crit $@
 	$(Q) $(MAKE) $(build)=compel $@
 	$(Q) $(MAKE) $(build)=compel/plugins $@
-	$(Q) $(MAKE) $(build)=lib $@
-	$(Q) $(MAKE) $(build)=crit $@
 .PHONY: clean mrproper
 
+clean-amdgpu_plugin:
+	$(Q) $(MAKE) -C plugins/amdgpu clean
+.PHONY: clean-amdgpu_plugin
+
+clean-cuda_plugin:
+	$(Q) $(MAKE) -C plugins/cuda clean
+.PHONY: clean-cuda_plugin
+
 clean-top:
 	$(Q) $(MAKE) -C Documentation clean
 	$(Q) $(MAKE) $(build)=test/compel clean
 	$(Q) $(RM) .gitid
 .PHONY: clean-top
 
-clean: clean-top
+clean: clean-top clean-amdgpu_plugin clean-cuda_plugin
 
-mrproper-top: clean-top
+mrproper-top: clean-top clean-amdgpu_plugin clean-cuda_plugin
 	$(Q) $(RM) $(CONFIG_HEADER)
 	$(Q) $(RM) $(VERSION_HEADER)
 	$(Q) $(RM) $(COMPEL_VERSION_HEADER)
@@ -320,6 +348,18 @@ test: zdtm
 	$(Q) $(MAKE) -C test
 .PHONY: test
 
+amdgpu_plugin: criu
+	$(Q) $(MAKE) -C plugins/amdgpu all
+.PHONY: amdgpu_plugin
+
+cuda_plugin: criu
+	$(Q) $(MAKE) -C plugins/cuda all
+.PHONY: cuda_plugin
+
+crit: lib
+	$(Q) $(MAKE) -C crit
+.PHONY: crit
+
 #
 # Generating tar requires tag matched CRIU_VERSION.
 # If not found then simply use GIT's describe with
@@ -385,6 +425,7 @@ help:
 	@echo '    Targets:'
 	@echo '      all             - Build all [*] targets'
 	@echo '    * criu            - Build criu'
+	@echo '    * crit            - Build crit'
 	@echo '      zdtm            - Build zdtm test-suite'
 	@echo '      docs            - Build documentation'
 	@echo '      install         - Install CRIU (see INSTALL.md)'
@@ -400,43 +441,72 @@ help:
 	@echo '      unittest        - Run unit tests'
 	@echo '      lint            - Run code linters'
 	@echo '      indent          - Indent C code'
+	@echo '      amdgpu_plugin   - Make AMD GPU plugin'
+	@echo '      cuda_plugin     - Make NVIDIA CUDA plugin'
 .PHONY: help
 
-lint:
-	flake8 --version
-	flake8 --config=scripts/flake8.cfg test/zdtm.py
-	flake8 --config=scripts/flake8.cfg test/inhfd/*.py
-	flake8 --config=scripts/flake8.cfg test/others/rpc/config_file.py
-	flake8 --config=scripts/flake8.cfg lib/py/images/pb2dict.py
-	flake8 --config=scripts/flake8.cfg scripts/criu-ns
+ruff:
+	@ruff --version
+	ruff check ${RUFF_FLAGS} --config=scripts/ruff.toml \
+		test/zdtm.py \
+		test/inhfd/*.py \
+		test/others/rpc/config_file.py \
+		test/others/action-script/check_actions.py \
+		test/others/pycriu/*.py \
+		lib/pycriu/criu.py \
+		lib/pycriu/__init__.py \
+		lib/pycriu/images/pb2dict.py \
+		lib/pycriu/images/images.py \
+		scripts/criu-ns \
+		test/others/criu-ns/run.py \
+		crit/*.py \
+		crit/crit/*.py \
+		scripts/uninstall_module.py \
+		coredump/ coredump/coredump \
+		scripts/github-indent-warnings.py
+
+shellcheck:
 	shellcheck --version
 	shellcheck scripts/*.sh
-	shellcheck scripts/ci/*.sh scripts/ci/apt-install
-	shellcheck test/others/crit/*.sh
-	shellcheck test/others/config-file/*.sh
-	# Do not append \n to pr_perror or fail
-	! git --no-pager grep -E '^\s*\<(pr_perror|fail)\>.*\\n"'
-	# Do not use %m with pr_perror or fail
-	! git --no-pager grep -E '^\s*\<(pr_perror|fail)\>.*%m'
-	# Do not use errno with pr_perror or fail
-	! git --no-pager grep -E '^\s*\<(pr_perror|fail)\>\(".*".*errno'
+	shellcheck scripts/ci/*.sh
+	shellcheck contrib/apt-install contrib/dependencies/*.sh
+	shellcheck -x test/others/crit/*.sh
+	shellcheck -x test/others/libcriu/*.sh
+	shellcheck -x test/others/crit/*.sh test/others/criu-coredump/*.sh
+	shellcheck -x test/others/config-file/*.sh
+	shellcheck -x test/others/action-script/*.sh
+
+codespell:
+	codespell
+
+lint: ruff shellcheck codespell
+	# Do not append \n to pr_perror, pr_pwarn or fail
+	! git --no-pager grep -E '^\s*\<(pr_perror|pr_pwarn|fail)\>.*\\n"'
+	# Do not use %m with pr_* or fail
+	! git --no-pager grep -E '^\s*\<(pr_(err|perror|warn|pwarn|debug|info|msg)|fail)\>.*%m'
+	# Do not use errno with pr_perror, pr_pwarn or fail
+	! git --no-pager grep -E '^\s*\<(pr_perror|pr_pwarn|fail)\>\(".*".*errno'
 	# End pr_(err|warn|msg|info|debug) with \n
 	! git --no-pager grep -En '^\s*\<pr_(err|warn|msg|info|debug)\>.*);$$' | grep -v '\\n'
 	# No EOL whitespace for C files
 	! git --no-pager grep -E '\s+$$' \*.c \*.h
-.PHONY: lint
+.PHONY: lint ruff shellcheck codespell
 
-codecov: SHELL := $(shell which bash)
+codecov: SHELL := $(shell command -v bash)
 codecov:
-	bash <(curl -s https://codecov.io/bash)
+	curl -Os https://uploader.codecov.io/latest/linux/codecov
+	chmod +x codecov
+	./codecov
 .PHONY: codecov
 
 fetch-clang-format: .FORCE
 	$(E) ".clang-format"
 	$(Q) scripts/fetch-clang-format.sh
 
+BASE ?= "HEAD~1"
+OPTS ?= "--quiet"
 indent:
-	find . -name '*.[ch]' -type f -print0 | xargs --null --max-args 128 --max-procs 4 clang-format -i
+	git clang-format --style file --extensions c,h $(OPTS) $(BASE)
 .PHONY: indent
 
 include Makefile.install

Makefile.compel

@@ -50,8 +50,8 @@ compel/plugins/%: $(compel-deps) .FORCE
 
 #
 # GNU make 4.x supports targets matching via wide
-# match targeting, where GNU make 3.x series (used on
-# Travis) is not, so we have to write them here explicitly.
+# match targeting, where GNU make 3.x series is not,
+# so we have to write them here explicitly.
 compel/plugins/std.lib.a: $(compel-deps) .FORCE
 	$(Q) $(MAKE) $(build)=compel/plugins $@
 

Makefile.config

@@ -2,12 +2,15 @@ include $(__nmk_dir)utils.mk
 include $(__nmk_dir)msg.mk
 include scripts/feature-tests.mak
 
+# This is a kludge for $(info ...) to not eat spaces.
+S :=
+
 ifeq ($(call try-cc,$(FEATURE_TEST_LIBBSD_DEV),-lbsd),true)
         LIBS_FEATURES	+= -lbsd
         FEATURE_DEFINES	+= -DCONFIG_HAS_LIBBSD
 else
-        $(info Note: Building without setproctitle() and strlcpy() support.)
-        $(info $(info)      To enable these features, please install libbsd-devel (RPM) / libbsd-dev (DEB).)
+        $(info Note: Building without setproctitle() support.)
+        $(info $S      Install libbsd-devel (RPM) / libbsd-dev (DEB) to fix.)
 endif
 
 ifeq ($(call pkg-config-check,libselinux),y)
@@ -21,12 +24,21 @@ ifeq ($(call pkg-config-check,libbpf),y)
         export CONFIG_HAS_LIBBPF := y
 endif
 
+ifeq ($(call pkg-config-check,libdrm),y)
+        export CONFIG_AMDGPU := y
+        $(info Note: Building with amdgpu_plugin.)
+else
+        $(info Note: Building without amdgpu_plugin.)
+        $(info $S      Install libdrm-devel (RPM) or libdrm-dev (DEB) to fix.)
+endif
+
 ifeq ($(NO_GNUTLS)x$(call pkg-config-check,gnutls),xy)
         LIBS_FEATURES	+= -lgnutls
         export CONFIG_GNUTLS := y
         FEATURE_DEFINES	+= -DCONFIG_GNUTLS
 else
-        $(info Note: Building without GnuTLS support)
+        $(info Note: Building without GnuTLS support.)
+        $(info $S      Install gnutls-devel (RPM) or gnutls-dev (DEB) to fix.)
 endif
 
 ifeq ($(call pkg-config-check,libnftables),y)
@@ -38,16 +50,19 @@ ifeq ($(call pkg-config-check,libnftables),y)
                 LIBS_FEATURES	+= $(LIB_NFTABLES)
                 FEATURE_DEFINES	+= -DCONFIG_HAS_NFTABLES_LIB_API_1
         else
-                $(warning Warn: you have libnftables installed but it has incompatible API)
-                $(warning Warn: Building without nftables support)
+                $(info Warn: Building without nftables support (incompatible API version).)
         endif
 else
-        $(warning Warn: you have no libnftables installed)
-        $(warning Warn: Building without nftables support)
+        $(info Warn: Building without nftables support.)
+        $(info $S      Install nftables-devel (RPM) or libnftables-dev (DEB) to fix.)
 endif
 
 export LIBS += $(LIBS_FEATURES)
 
+ifneq ($(PLUGINDIR),)
+                FEATURE_DEFINES	+= -DCR_PLUGIN_DEFAULT="\"$(PLUGINDIR)\""
+endif
+
 CONFIG_FILE = .config
 
 $(CONFIG_FILE):
@@ -59,24 +74,26 @@ ifeq ($(call try-asm,$(FEATURE_TEST_X86_COMPAT)),true)
         export CONFIG_COMPAT := y
         FEATURE_DEFINES	+= -DCONFIG_COMPAT
 else
-        $(info Note: Building without ia32 C/R, missed ia32 support in gcc)
-        $(info $(info)      That may be related to missing gcc-multilib in your)
-        $(info $(info)      distribution or you may have Debian with buggy toolchain)
-        $(info $(info)      (issue https://github.com/checkpoint-restore/criu/issues/315))
+        $(info Note: Building without ia32 C/R, missing ia32 support in gcc.)
+        $(info $S      It may be related to missing gcc-multilib in your)
+        $(info $S      distribution, or you may have Debian with buggy toolchain.)
+        $(info $S      See https://github.com/checkpoint-restore/criu/issues/315.)
 endif
 endif
 
 export DEFINES += $(FEATURE_DEFINES)
 export CFLAGS += $(FEATURE_DEFINES)
 
-FEATURES_LIST	:= TCP_REPAIR STRLCPY STRLCAT PTRACE_PEEKSIGINFO \
-	SETPROCTITLE_INIT MEMFD TCP_REPAIR_WINDOW FSCONFIG MEMFD_CREATE
+FEATURES_LIST	:= TCP_REPAIR PTRACE_PEEKSIGINFO \
+	SETPROCTITLE_INIT TCP_REPAIR_WINDOW MEMFD_CREATE \
+	OPENAT2 NO_LIBC_RSEQ_DEFS
 
 # $1 - config name
 define gen-feature-test
 ifeq ($$(call try-cc,$$(FEATURE_TEST_$(1)),$$(LIBS_FEATURES),$$(DEFINES)),true)
 	$(Q) echo '#define CONFIG_HAS_$(1)' >> $$@
-	$(Q) echo '' >> $$@
+else
+	$(Q) echo '// CONFIG_HAS_$(1) is not set' >> $$@
 endif
 endef
 

Makefile.install

@@ -7,6 +7,7 @@ MANDIR		?= $(PREFIX)/share/man
 INCLUDEDIR	?= $(PREFIX)/include
 LIBEXECDIR	?= $(PREFIX)/libexec
 RUNDIR		?= /run
+PLUGINDIR	?= $(PREFIX)/lib/criu
 
 #
 # For recent Debian/Ubuntu with multiarch support.
@@ -26,7 +27,34 @@ endif
 LIBDIR ?= $(PREFIX)/lib
 
 export PREFIX BINDIR SBINDIR MANDIR RUNDIR
-export LIBDIR INCLUDEDIR LIBEXECDIR
+export LIBDIR INCLUDEDIR LIBEXECDIR PLUGINDIR
+
+# Detect externally managed Python environment (PEP 668).
+PYTHON_EXTERNALLY_MANAGED := $(shell $(PYTHON) -c 'import os, sysconfig; print(int(os.path.isfile(os.path.join(sysconfig.get_path("stdlib"), "EXTERNALLY-MANAGED"))))')
+PIP_BREAK_SYSTEM_PACKAGES ?= 0
+
+# If Python environment is externally managed and PIP_BREAK_SYSTEM_PACKAGES is not set, skip pip install.
+SKIP_PIP_INSTALL := 0
+ifeq ($(PYTHON_EXTERNALLY_MANAGED),1)
+ifeq ($(PIP_BREAK_SYSTEM_PACKAGES),0)
+
+SKIP_PIP_INSTALL := 1
+$(info Warn: Externally managed python environment)
+$(info Consider using PIP_BREAK_SYSTEM_PACKAGES=1)
+
+endif
+endif
+
+# Default flags for pip install:
+# --ignore-installed: Overwrite already installed pycriu/crit packages
+# --no-build-isolation: Use current Python environment to build pycriu/crit packages
+# --no-deps: Don't install any dependencies
+# --no-index: Don't use PyPI index to find packages
+# --progress-bar: Cleaner output
+# --upgrade: Treat the install as an upgrade when replacing the installed version
+PIPFLAGS ?= --ignore-installed --no-build-isolation --no-deps --no-index --progress-bar off --upgrade
+
+export SKIP_PIP_INSTALL PIPFLAGS
 
 install-man:
 	$(Q) $(MAKE) -C Documentation install
@@ -36,22 +64,37 @@ install-lib: lib
 	$(Q) $(MAKE) $(build)=lib install
 .PHONY: install-lib
 
+install-crit: lib
+	$(Q) $(MAKE) $(build)=crit install
+.PHONY: install-crit
+
 install-criu: criu
 	$(Q) $(MAKE) $(build)=criu install
 .PHONY: install-criu
 
+install-amdgpu_plugin: amdgpu_plugin
+	$(Q) $(MAKE) -C plugins/amdgpu install
+.PHONY: install-amdgpu_plugin
+
+install-cuda_plugin: cuda_plugin
+	$(Q) $(MAKE) -C plugins/cuda install
+.PHONY: install-cuda_plugin
+
 install-compel: $(compel-install-targets)
 	$(Q) $(MAKE) $(build)=compel install
 	$(Q) $(MAKE) $(build)=compel/plugins install
 .PHONY: install-compel
 
-install: install-man install-lib install-criu install-compel ;
+install: install-man install-lib install-crit install-criu install-compel install-amdgpu_plugin install-cuda_plugin ;
 .PHONY: install
 
 uninstall:
 	$(Q) $(MAKE) -C Documentation $@
 	$(Q) $(MAKE) $(build)=lib $@
+	$(Q) $(MAKE) $(build)=crit $@
 	$(Q) $(MAKE) $(build)=criu $@
 	$(Q) $(MAKE) $(build)=compel $@
 	$(Q) $(MAKE) $(build)=compel/plugins $@
+	$(Q) $(MAKE) -C plugins/amdgpu $@
+	$(Q) $(MAKE) -C plugins/cuda $@
 .PHONY: uninstall

Makefile.versions

@@ -1,10 +1,10 @@
 #
 # CRIU version.
-CRIU_VERSION_MAJOR	:= 3
-CRIU_VERSION_MINOR	:= 16
+CRIU_VERSION_MAJOR	:= 4
+CRIU_VERSION_MINOR	:= 2
 CRIU_VERSION_SUBLEVEL	:=
 CRIU_VERSION_EXTRA	:=
-CRIU_VERSION_NAME	:= Petrified Puffin
+CRIU_VERSION_NAME	:= CRIUTIBILITY
 CRIU_VERSION		:= $(CRIU_VERSION_MAJOR)$(if $(CRIU_VERSION_MINOR),.$(CRIU_VERSION_MINOR))$(if $(CRIU_VERSION_SUBLEVEL),.$(CRIU_VERSION_SUBLEVEL))$(if $(CRIU_VERSION_EXTRA),.$(CRIU_VERSION_EXTRA))
 
 export CRIU_VERSION_MAJOR CRIU_VERSION_MINOR CRIU_VERSION_SUBLEVEL

README.md

@@ -1,8 +1,13 @@
-![X86_64 GCC Test](https://github.com/checkpoint-restore/criu/workflows/X86_64%20GCC%20Test/badge.svg)
-![Podman Test](https://github.com/checkpoint-restore/criu/workflows/Podman%20Test/badge.svg)
-[![CircleCI](https://circleci.com/gh/checkpoint-restore/criu.svg?style=svg)](https://circleci.com/gh/checkpoint-restore/criu)
+[![X86_64 GCC Test](https://github.com/checkpoint-restore/criu/workflows/X86_64%20GCC%20Test/badge.svg)](
+    https://github.com/checkpoint-restore/criu/actions/workflows/x86-64-gcc-test.yml)
+[![Docker Test](https://github.com/checkpoint-restore/criu/actions/workflows/docker-test.yml/badge.svg)](
+    https://github.com/checkpoint-restore/criu/actions/workflows/docker-test.yml)
+[![Podman Test](https://github.com/checkpoint-restore/criu/actions/workflows/podman-test.yml/badge.svg)](
+    https://github.com/checkpoint-restore/criu/actions/workflows/podman-test.yml)
+[![CircleCI](https://circleci.com/gh/checkpoint-restore/criu.svg?style=svg)](
+    https://circleci.com/gh/checkpoint-restore/criu)
 
-<p align="center"><img src="https://criu.org/w/images/1/1c/CRIU.svg" width="256px"/></p>
+<p align="center"><img src="Documentation/logo.svg" width="256px"/></p>
 
 ## CRIU -- A project to implement checkpoint/restore functionality for Linux
 
@@ -30,10 +35,10 @@ Pages worth starting with are:
 - [Installation instructions](http://criu.org/Installation)
 - [A simple example of usage](http://criu.org/Simple_loop)
 - [Examples of more advanced usage](https://criu.org/Category:HOWTO)
-- Troubleshooting can be hard, some help can be found [here](https://criu.org/When_C/R_fails), [here](https://criu.org/What_cannot_be_checkpointed) and [here](https://criu.org/FAQ)
+- Troubleshooting can be hard, some help can be found [here](https://criu.org/When_C/R_fails), [here](https://criu.org/What_cannot_be_checkpointed) and [here](https://criu.org/index.php?title=FAQ)
 
 ### Checkpoint and restore of simple loop process
-[<p align="center"><img src="https://asciinema.org/a/232445.png" width="572px" height="412px"/></p>](https://asciinema.org/a/232445)
+<p align="center"><a href="https://asciinema.org/a/232445"><img src="https://asciinema.org/a/232445.png" width="572px" height="412px"/></a></p>
 
 ## Advanced features
 

compel/.gitignore

@@ -4,6 +4,9 @@ arch/arm/plugins/std/syscalls/syscalls.S
 arch/aarch64/plugins/std/syscalls/syscalls.S
 arch/s390/plugins/std/syscalls/syscalls.S
 arch/ppc64/plugins/std/syscalls/syscalls.S
+arch/mips/plugins/std/syscalls/syscalls-64.S
+arch/loongarch64/plugins/std/syscalls/syscalls-64.S
+arch/riscv64/plugins/std/syscalls/syscalls.S
 include/version.h
 plugins/include/uapi/std/asm/syscall-types.h
 plugins/include/uapi/std/syscall-64.h

compel/Makefile

@@ -32,8 +32,8 @@ ifeq ($(ARCH),x86)
 lib-y			+= arch/$(ARCH)/src/lib/thread_area.o
 endif
 
-# handle_elf() has no support of ELF relocations on ARM (yet?)
-ifneq ($(filter arm aarch64,$(ARCH)),)
+# handle_elf() has no support of ELF relocations on ARM and RISCV64 (yet?)
+ifneq ($(filter arm aarch64 loongarch64 riscv64,$(ARCH)),)
 CFLAGS			+= -DNO_RELOCS
 HOSTCFLAGS		+= -DNO_RELOCS
 endif

compel/arch/aarch64/src/lib/include/uapi/asm/breakpoints.h

@@ -2,14 +2,41 @@
 #define __COMPEL_BREAKPOINTS_H__
 #define ARCH_SI_TRAP TRAP_BRKPT
 
-static inline int ptrace_set_breakpoint(pid_t pid, void *addr)
-{
-	return 0;
-}
+#include <sys/types.h>
+#include <stdbool.h>
 
-static inline int ptrace_flush_breakpoints(pid_t pid)
-{
-	return 0;
-}
+struct hwbp_cap {
+	char arch;
+	char bp_count;
+};
+
+/* copied from `linux/arch/arm64/include/asm/hw_breakpoint.h` */
+/* Lengths */
+#define ARM_BREAKPOINT_LEN_1 0x1
+#define ARM_BREAKPOINT_LEN_2 0x3
+#define ARM_BREAKPOINT_LEN_3 0x7
+#define ARM_BREAKPOINT_LEN_4 0xf
+#define ARM_BREAKPOINT_LEN_5 0x1f
+#define ARM_BREAKPOINT_LEN_6 0x3f
+#define ARM_BREAKPOINT_LEN_7 0x7f
+#define ARM_BREAKPOINT_LEN_8 0xff
+
+/* Privilege Levels */
+#define AARCH64_BREAKPOINT_EL1 1
+#define AARCH64_BREAKPOINT_EL0 2
+
+/* Breakpoint */
+#define ARM_BREAKPOINT_EXECUTE 0
+
+/* Watchpoints */
+#define ARM_BREAKPOINT_LOAD	1
+#define ARM_BREAKPOINT_STORE	2
+#define AARCH64_ESR_ACCESS_MASK (1 << 6)
+
+#define DISABLE_HBP 0
+#define ENABLE_HBP  1
+
+int ptrace_set_breakpoint(pid_t pid, void *addr);
+int ptrace_flush_breakpoints(pid_t pid);
 
 #endif

compel/arch/aarch64/src/lib/include/uapi/asm/gcs-types.h

@@ -0,0 +1,47 @@
+#ifndef __UAPI_ASM_GCS_TYPES_H__
+#define __UAPI_ASM_GCS_TYPES_H__
+
+#ifndef NT_ARM_GCS
+#define NT_ARM_GCS 0x410 /* ARM GCS state */
+#endif
+
+/* Shadow Stack/Guarded Control Stack interface */
+#define PR_GET_SHADOW_STACK_STATUS	74
+#define PR_SET_SHADOW_STACK_STATUS	75
+#define PR_LOCK_SHADOW_STACK_STATUS	76
+
+/* When set PR_SHADOW_STACK_ENABLE flag allocates a Guarded Control Stack */
+#ifndef PR_SHADOW_STACK_ENABLE
+#define PR_SHADOW_STACK_ENABLE		(1UL << 0)
+#endif
+
+/* Allows explicit GCS stores (eg. using GCSSTR) */
+#ifndef PR_SHADOW_STACK_WRITE
+#define PR_SHADOW_STACK_WRITE		(1UL << 1)
+#endif
+
+/* Allows explicit GCS pushes (eg. using GCSPUSHM) */
+#ifndef PR_SHADOW_STACK_PUSH
+#define PR_SHADOW_STACK_PUSH		(1UL << 2)
+#endif
+
+#ifndef SHADOW_STACK_SET_TOKEN
+#define SHADOW_STACK_SET_TOKEN 0x1     /* Set up a restore token in the shadow stack */
+#endif
+
+#define PR_SHADOW_STACK_ALL_MODES \
+	PR_SHADOW_STACK_ENABLE | PR_SHADOW_STACK_WRITE | PR_SHADOW_STACK_PUSH
+
+/* copied from: arch/arm64/include/asm/sysreg.h */
+#define GCS_CAP_VALID_TOKEN 0x1
+#define GCS_CAP_ADDR_MASK 0xFFFFFFFFFFFFF000ULL
+#define GCS_CAP(x) ((((unsigned long)x) & GCS_CAP_ADDR_MASK) | GCS_CAP_VALID_TOKEN)
+#define GCS_SIGNAL_CAP(addr) (((unsigned long)addr) & GCS_CAP_ADDR_MASK)
+
+#include <asm/hwcap.h>
+
+#ifndef HWCAP_GCS
+#define HWCAP_GCS (1UL << 32)
+#endif
+
+#endif /* __UAPI_ASM_GCS_TYPES_H__ */

compel/arch/aarch64/src/lib/include/uapi/asm/infect-types.h

@@ -2,6 +2,7 @@
 #define UAPI_COMPEL_ASM_TYPES_H__
 
 #include <stdint.h>
+#include <stdbool.h>
 #include <signal.h>
 #include <sys/mman.h>
 #include <asm/ptrace.h>
@@ -16,17 +17,35 @@
  */
 
 typedef struct user_pt_regs user_regs_struct_t;
-typedef struct user_fpsimd_state user_fpregs_struct_t;
+
+/*
+ * GCS (Guarded Control Stack)
+ *
+ * This mirrors the kernel definition but renamed to cr_user_gcs
+ * to avoid conflict with kernel headers (/usr/include/asm/ptrace.h).
+ */
+struct cr_user_gcs {
+	__u64 features_enabled;
+	__u64 features_locked;
+	__u64 gcspr_el0;
+};
+
+struct user_fpregs_struct {
+	struct user_fpsimd_state fpstate;
+	struct cr_user_gcs gcs;
+};
+typedef struct user_fpregs_struct user_fpregs_struct_t;
 
 #define __compel_arch_fetch_thread_area(tid, th) 0
 #define compel_arch_fetch_thread_area(tctl)	 0
 #define compel_arch_get_tls_task(ctl, tls)
 #define compel_arch_get_tls_thread(tctl, tls)
 
-#define REG_RES(r)	  ((uint64_t)(r).regs[0])
-#define REG_IP(r)	  ((uint64_t)(r).pc)
-#define REG_SP(r)	  ((uint64_t)((r).sp))
-#define REG_SYSCALL_NR(r) ((uint64_t)(r).regs[8])
+#define REG_RES(r)	   ((uint64_t)(r).regs[0])
+#define REG_IP(r)	   ((uint64_t)(r).pc)
+#define SET_REG_IP(r, val) ((r).pc = (val))
+#define REG_SP(r)	   ((uint64_t)((r).sp))
+#define REG_SYSCALL_NR(r)  ((uint64_t)(r).regs[8])
 
 #define user_regs_native(pregs) true
 
@@ -38,4 +57,12 @@ typedef struct user_fpsimd_state user_fpregs_struct_t;
 		__NR_##syscall; \
 	})
 
+extern bool __compel_host_supports_gcs(void);
+#define compel_host_supports_gcs __compel_host_supports_gcs
+
+struct parasite_ctl;
+extern int __parasite_setup_shstk(struct parasite_ctl *ctl,
+				  user_fpregs_struct_t *ext_regs);
+#define parasite_setup_shstk __parasite_setup_shstk
+
 #endif /* UAPI_COMPEL_ASM_TYPES_H__ */

compel/arch/aarch64/src/lib/include/uapi/asm/sigframe.h

@@ -1,24 +1,34 @@
 #ifndef UAPI_COMPEL_ASM_SIGFRAME_H__
 #define UAPI_COMPEL_ASM_SIGFRAME_H__
 
-#include <asm/sigcontext.h>
+#include <signal.h>
 #include <sys/ucontext.h>
 
 #include <stdint.h>
+#include <asm/types.h>
 
 /* Copied from the kernel header arch/arm64/include/uapi/asm/sigcontext.h */
 
 #define FPSIMD_MAGIC 0x46508001
+#define GCS_MAGIC    0x47435300
 
 typedef struct fpsimd_context fpu_state_t;
 
+struct gcs_context {
+	struct _aarch64_ctx head;
+	__u64 gcspr;
+	__u64 features_enabled;
+	__u64 reserved;
+};
+
 struct aux_context {
 	struct fpsimd_context fpsimd;
+	struct gcs_context gcs;
 	/* additional context to be added before "end" */
 	struct _aarch64_ctx end;
 };
 
-// XXX: the idetifier rt_sigcontext is expected to be struct by the CRIU code
+// XXX: the identifier rt_sigcontext is expected to be struct by the CRIU code
 #define rt_sigcontext sigcontext
 
 #include <compel/sigframe-common.h>
@@ -62,6 +72,7 @@ struct cr_sigcontext {
 #define RT_SIGFRAME_AUX_CONTEXT(rt_sigframe) ((struct aux_context *)&(RT_SIGFRAME_SIGCONTEXT(rt_sigframe)->__reserved))
 #define RT_SIGFRAME_FPU(rt_sigframe)	     (&RT_SIGFRAME_AUX_CONTEXT(rt_sigframe)->fpsimd)
 #define RT_SIGFRAME_OFFSET(rt_sigframe)	     0
+#define RT_SIGFRAME_GCS(rt_sigframe)	     (&RT_SIGFRAME_AUX_CONTEXT(rt_sigframe)->gcs)
 
 #define rt_sigframe_erase_sigset(sigframe)	memset(&sigframe->uc.uc_sigmask, 0, sizeof(k_rtsigset_t))
 #define rt_sigframe_copy_sigset(sigframe, from) memcpy(&sigframe->uc.uc_sigmask, from, sizeof(k_rtsigset_t))

compel/arch/aarch64/src/lib/infect.c

@@ -2,7 +2,9 @@
 #include <sys/ptrace.h>
 #include <sys/types.h>
 #include <sys/uio.h>
-#include <linux/elf.h>
+#include <sys/auxv.h>
+#include <asm/ptrace.h>
+
 #include <compel/plugins/std/syscall-codes.h>
 #include "common/page.h"
 #include "uapi/compel/asm/infect-types.h"
@@ -10,6 +12,9 @@
 #include "errno.h"
 #include "infect.h"
 #include "infect-priv.h"
+#include "asm/breakpoints.h"
+#include "asm/gcs-types.h"
+#include <linux/prctl.h>
 
 unsigned __page_size = 0;
 unsigned __page_shift = 0;
@@ -19,7 +24,7 @@ unsigned __page_shift = 0;
  */
 const char code_syscall[] = {
 	0x01, 0x00, 0x00, 0xd4, /* SVC #0 */
-	0x00, 0x00, 0x20, 0xd4 /* BRK #0 */
+	0x00, 0x00, 0x20, 0xd4	/* BRK #0 */
 };
 
 static const int code_syscall_aligned = round_up(sizeof(code_syscall), sizeof(long));
@@ -30,24 +35,54 @@ static inline void __always_unused __check_code_syscall(void)
 	BUILD_BUG_ON(!is_log2(sizeof(code_syscall)));
 }
 
+bool __compel_host_supports_gcs(void)
+{
+	unsigned long hwcap = getauxval(AT_HWCAP);
+	return (hwcap & HWCAP_GCS) != 0;
+}
+
+static bool __compel_gcs_enabled(struct cr_user_gcs *gcs)
+{
+	if (!compel_host_supports_gcs())
+		return false;
+
+	return gcs && (gcs->features_enabled & PR_SHADOW_STACK_ENABLE) != 0;
+}
+
 int sigreturn_prep_regs_plain(struct rt_sigframe *sigframe, user_regs_struct_t *regs, user_fpregs_struct_t *fpregs)
 {
 	struct fpsimd_context *fpsimd = RT_SIGFRAME_FPU(sigframe);
+	struct gcs_context *gcs = RT_SIGFRAME_GCS(sigframe);
 
 	memcpy(sigframe->uc.uc_mcontext.regs, regs->regs, sizeof(regs->regs));
 
+	pr_debug("sigreturn_prep_regs_plain: sp %lx pc %lx\n", (long)regs->sp, (long)regs->pc);
+
 	sigframe->uc.uc_mcontext.sp = regs->sp;
 	sigframe->uc.uc_mcontext.pc = regs->pc;
 	sigframe->uc.uc_mcontext.pstate = regs->pstate;
 
-	memcpy(fpsimd->vregs, fpregs->vregs, 32 * sizeof(__uint128_t));
+	memcpy(fpsimd->vregs, fpregs->fpstate.vregs, 32 * sizeof(__uint128_t));
 
-	fpsimd->fpsr = fpregs->fpsr;
-	fpsimd->fpcr = fpregs->fpcr;
+	fpsimd->fpsr = fpregs->fpstate.fpsr;
+	fpsimd->fpcr = fpregs->fpstate.fpcr;
 
 	fpsimd->head.magic = FPSIMD_MAGIC;
 	fpsimd->head.size = sizeof(*fpsimd);
 
+	if (__compel_gcs_enabled(&fpregs->gcs)) {
+		gcs->head.magic = GCS_MAGIC;
+		gcs->head.size = sizeof(*gcs);
+		gcs->reserved = 0;
+		gcs->gcspr = fpregs->gcs.gcspr_el0 - 8;
+		gcs->features_enabled = fpregs->gcs.features_enabled;
+
+		pr_debug("sigframe gcspr=%llx features_enabled=%llx\n", fpregs->gcs.gcspr_el0 - 8, fpregs->gcs.features_enabled);
+	} else {
+		pr_debug("sigframe gcspr=[disabled]\n");
+		memset(gcs, 0, sizeof(*gcs));
+	}
+
 	return 0;
 }
 
@@ -59,7 +94,6 @@ int sigreturn_prep_fpu_frame_plain(struct rt_sigframe *sigframe, struct rt_sigfr
 int compel_get_task_regs(pid_t pid, user_regs_struct_t *regs, user_fpregs_struct_t *ext_regs, save_regs_t save,
 			 void *arg, __maybe_unused unsigned long flags)
 {
-	user_fpregs_struct_t tmp, *fpsimd = ext_regs ? ext_regs : &tmp;
 	struct iovec iov;
 	int ret;
 
@@ -72,14 +106,28 @@ int compel_get_task_regs(pid_t pid, user_regs_struct_t *regs, user_fpregs_struct
 		goto err;
 	}
 
-	iov.iov_base = fpsimd;
-	iov.iov_len = sizeof(*fpsimd);
+	iov.iov_base = &ext_regs->fpstate;
+	iov.iov_len = sizeof(ext_regs->fpstate);
 	if ((ret = ptrace(PTRACE_GETREGSET, pid, NT_PRFPREG, &iov))) {
 		pr_perror("Failed to obtain FPU registers for %d", pid);
 		goto err;
 	}
 
-	ret = save(arg, regs, fpsimd);
+	memset(&ext_regs->gcs, 0, sizeof(ext_regs->gcs));
+
+	iov.iov_base = &ext_regs->gcs;
+	iov.iov_len = sizeof(ext_regs->gcs);
+	if (ptrace(PTRACE_GETREGSET, pid, NT_ARM_GCS, &iov) == 0) {
+		pr_info("gcs: GCSPR_EL0 for %d: 0x%llx, features: 0x%llx\n",
+			pid, ext_regs->gcs.gcspr_el0, ext_regs->gcs.features_enabled);
+
+		if (!__compel_gcs_enabled(&ext_regs->gcs))
+			pr_info("gcs: GCS is NOT enabled\n");
+	} else {
+		pr_info("gcs: GCS state not available for %d\n", pid);
+	}
+
+	ret = save(pid, arg, regs, ext_regs);
 err:
 	return ret;
 }
@@ -88,14 +136,44 @@ int compel_set_task_ext_regs(pid_t pid, user_fpregs_struct_t *ext_regs)
 {
 	struct iovec iov;
 
+	struct cr_user_gcs gcs;
+	struct iovec gcs_iov = { .iov_base = &gcs, .iov_len = sizeof(gcs) };
+
 	pr_info("Restoring GP/FPU registers for %d\n", pid);
 
-	iov.iov_base = ext_regs;
-	iov.iov_len = sizeof(*ext_regs);
+	iov.iov_base = &ext_regs->fpstate;
+	iov.iov_len = sizeof(ext_regs->fpstate);
 	if (ptrace(PTRACE_SETREGSET, pid, NT_PRFPREG, &iov)) {
 		pr_perror("Failed to set FPU registers for %d", pid);
 		return -1;
 	}
+
+	if (ptrace(PTRACE_GETREGSET, pid, NT_ARM_GCS, &gcs_iov) < 0) {
+		pr_warn("gcs: Failed to get GCS for %d\n", pid);
+	} else {
+		ext_regs->gcs = gcs;
+		compel_set_task_gcs_regs(pid, ext_regs);
+	}
+
+	return 0;
+}
+
+int compel_set_task_gcs_regs(pid_t pid, user_fpregs_struct_t *ext_regs)
+{
+	struct iovec iov;
+
+	pr_info("gcs: restoring GCS registers for %d\n", pid);
+	pr_info("gcs: restoring GCS: gcspr=%llx features=%llx\n",
+		ext_regs->gcs.gcspr_el0, ext_regs->gcs.features_enabled);
+
+	iov.iov_base = &ext_regs->gcs;
+	iov.iov_len = sizeof(ext_regs->gcs);
+
+	if (ptrace(PTRACE_SETREGSET, pid, NT_ARM_GCS, &iov)) {
+		pr_perror("gcs: Failed to set GCS registers for %d", pid);
+		return -1;
+	}
+
 	return 0;
 }
 
@@ -176,3 +254,176 @@ unsigned long compel_task_size(void)
 			break;
 	return task_size;
 }
+
+static struct hwbp_cap *ptrace_get_hwbp_cap(pid_t pid)
+{
+	static struct hwbp_cap info;
+	static int available = -1;
+
+	if (available == -1) {
+		unsigned int val;
+		struct iovec iovec = {
+			.iov_base = &val,
+			.iov_len = sizeof(val),
+		};
+
+		if (ptrace(PTRACE_GETREGSET, pid, NT_ARM_HW_BREAK, &iovec) < 0)
+			available = 0;
+		else {
+			info.arch = (char)((val >> 8) & 0xff);
+			info.bp_count = (char)(val & 0xff);
+
+			available = (info.arch != 0);
+		}
+	}
+
+	return available == 1 ? &info : NULL;
+}
+
+int ptrace_set_breakpoint(pid_t pid, void *addr)
+{
+	k_rtsigset_t block;
+	struct hwbp_cap *info = ptrace_get_hwbp_cap(pid);
+	struct user_hwdebug_state regs = {};
+	unsigned int ctrl = 0;
+	struct iovec iovec;
+
+	if (info == NULL || info->bp_count == 0)
+		return 0;
+
+	/*
+	 * The struct is copied from `arch/arm64/include/asm/hw_breakpoint.h` in
+	 * linux kernel:
+	 *  struct arch_hw_breakpoint_ctrl {
+	 *  	__u32 __reserved        : 19,
+	 *  	len             : 8,
+	 *  	type            : 2,
+	 *  	privilege       : 2,
+	 *  	enabled         : 1;
+	 *  };
+	 *
+	 * The part of `struct arch_hw_breakpoint_ctrl` bits meaning is defined
+	 * in <<ARM Architecture Reference Manual for A-profile architecture>>,
+	 * D13.3.2 DBGBCR<n>_EL1, Debug Breakpoint Control Registers.
+	 */
+	ctrl = ARM_BREAKPOINT_LEN_4;
+	ctrl = (ctrl << 2) | ARM_BREAKPOINT_EXECUTE;
+	ctrl = (ctrl << 2) | AARCH64_BREAKPOINT_EL0;
+	ctrl = (ctrl << 1) | ENABLE_HBP;
+	regs.dbg_regs[0].addr = (__u64)addr;
+	regs.dbg_regs[0].ctrl = ctrl;
+	iovec.iov_base = &regs;
+	iovec.iov_len = (offsetof(struct user_hwdebug_state, dbg_regs) + sizeof(regs.dbg_regs[0]));
+
+	if (ptrace(PTRACE_SETREGSET, pid, NT_ARM_HW_BREAK, &iovec))
+		return -1;
+
+	/*
+	 * FIXME(issues/1429): SIGTRAP can't be blocked, otherwise its handler
+	 * will be reset to the default one.
+	 */
+	ksigfillset(&block);
+	ksigdelset(&block, SIGTRAP);
+	if (ptrace(PTRACE_SETSIGMASK, pid, sizeof(k_rtsigset_t), &block)) {
+		pr_perror("Can't block signals for %d", pid);
+		return -1;
+	}
+
+	if (ptrace(PTRACE_CONT, pid, NULL, NULL) != 0) {
+		pr_perror("Unable to restart the  stopped tracee process %d", pid);
+		return -1;
+	}
+
+	return 1;
+}
+
+int ptrace_flush_breakpoints(pid_t pid)
+{
+	struct hwbp_cap *info = ptrace_get_hwbp_cap(pid);
+	struct user_hwdebug_state regs = {};
+	unsigned int ctrl = 0;
+	struct iovec iovec;
+
+	if (info == NULL || info->bp_count == 0)
+		return 0;
+
+	ctrl = ARM_BREAKPOINT_LEN_4;
+	ctrl = (ctrl << 2) | ARM_BREAKPOINT_EXECUTE;
+	ctrl = (ctrl << 2) | AARCH64_BREAKPOINT_EL0;
+	ctrl = (ctrl << 1) | DISABLE_HBP;
+	regs.dbg_regs[0].addr = 0ul;
+	regs.dbg_regs[0].ctrl = ctrl;
+
+	iovec.iov_base = &regs;
+	iovec.iov_len = (offsetof(struct user_hwdebug_state, dbg_regs) + sizeof(regs.dbg_regs[0]));
+
+	if (ptrace(PTRACE_SETREGSET, pid, NT_ARM_HW_BREAK, &iovec))
+		return -1;
+
+	return 0;
+}
+
+int inject_gcs_cap_token(struct parasite_ctl *ctl, pid_t pid, struct cr_user_gcs *gcs)
+{
+	struct iovec gcs_iov = { .iov_base = gcs, .iov_len = sizeof(*gcs) };
+
+	uint64_t token_addr = gcs->gcspr_el0 - 8;
+	uint64_t sigtramp_addr = gcs->gcspr_el0 - 16;
+
+	uint64_t cap_token = ALIGN_DOWN(GCS_SIGNAL_CAP(token_addr), 8);
+	unsigned long restorer_addr;
+
+	pr_info("gcs: (setup) CAP token: 0x%lx at addr: 0x%lx\n", cap_token, token_addr);
+
+	/* Inject capability token at gcspr_el0 - 8 */
+	if (ptrace(PTRACE_POKEDATA, pid, (void *)token_addr, cap_token)) {
+		pr_perror("gcs: (setup) Inject GCS cap token failed");
+		return -1;
+	}
+
+	/* Inject restorer trampoline address (gcspr_el0 - 16) */
+	restorer_addr = ctl->parasite_ip;
+	if (ptrace(PTRACE_POKEDATA, pid, (void *)sigtramp_addr, restorer_addr)) {
+		pr_perror("gcs: (setup) Inject GCS restorer failed");
+		return -1;
+	}
+
+	/* Update GCSPR_EL0 */
+	gcs->gcspr_el0 = token_addr;
+	if (ptrace(PTRACE_SETREGSET, pid, NT_ARM_GCS, &gcs_iov)) {
+		pr_perror("gcs: PTRACE_SETREGS FAILED");
+		return -1;
+	}
+
+	pr_debug("gcs: parasite_ip=%#lx sp=%#llx gcspr_el0=%#llx\n",
+		 ctl->parasite_ip, ctl->orig.regs.sp, gcs->gcspr_el0);
+
+	return 0;
+}
+
+int parasite_setup_shstk(struct parasite_ctl *ctl, user_fpregs_struct_t *ext_regs)
+{
+	struct cr_user_gcs gcs;
+	struct iovec gcs_iov = { .iov_base = &gcs, .iov_len = sizeof(gcs) };
+	pid_t pid = ctl->rpid;
+
+	if(!__compel_host_supports_gcs())
+		return 0;
+
+	if (ptrace(PTRACE_GETREGSET, pid, NT_ARM_GCS, &gcs_iov) != 0) {
+		pr_perror("GCS state not available for %d", pid);
+		return -1;
+	}
+
+	if (!__compel_gcs_enabled(&gcs))
+		return 0;
+
+	if (inject_gcs_cap_token(ctl, pid, &gcs)) {
+		pr_perror("Failed to inject GCS cap token for %d", pid);
+		return -1;
+	}
+
+	pr_info("gcs: GCS enabled for %d\n", pid);
+
+	return 0;
+}

compel/arch/arm/plugins/std/syscalls/syscall.def

@@ -39,7 +39,7 @@ recvfrom			207	292	(int sockfd, void *ubuf, size_t size, unsigned int flags, str
 sendmsg				211	296	(int sockfd, const struct msghdr *msg, int flags)
 recvmsg				212	297	(int sockfd, struct msghdr *msg, int flags)
 shutdown			210	293	(int sockfd, int how)
-bind				235	282	(int sockfd, const struct sockaddr *addr, int addrlen)
+bind				200	282	(int sockfd, const struct sockaddr *addr, int addrlen)
 setsockopt			208	294	(int sockfd, int level, int optname, const void *optval, socklen_t optlen)
 getsockopt			209	295	(int sockfd, int level, int optname, const void *optval, socklen_t *optlen)
 clone				220	120	(unsigned long flags, void *child_stack, void *parent_tid, unsigned long newtls, void *child_tid)
@@ -85,7 +85,7 @@ timer_settime			110	258	(kernel_timer_t timer_id, int flags, const struct itimer
 timer_gettime			108	259	(int timer_id, const struct itimerspec *setting)
 timer_getoverrun		109	260	(int timer_id)
 timer_delete			111	261	(kernel_timer_t timer_id)
-clock_gettime			113	263	(const clockid_t which_clock, const struct timespec *tp)
+clock_gettime			113	263	(clockid_t which_clock, struct timespec *tp)
 exit_group			94	248	(int error_code)
 set_robust_list			99	338	(struct robust_list_head *head, size_t len)
 get_robust_list			100	339	(int pid, struct robust_list_head **head_ptr, size_t *len_ptr)
@@ -112,9 +112,16 @@ userfaultfd			282	388	(int flags)
 fallocate			47	352	(int fd, int mode, loff_t offset, loff_t len)
 cacheflush			!	983042	(void *start, void *end, int flags)
 ppoll				73	336	(struct pollfd *fds, unsigned int nfds, const struct timespec *tmo, const sigset_t *sigmask, size_t sigsetsize)
+open_tree			428	428	(int dirfd, const char *pathname, unsigned int flags)
+move_mount			429	429	(int from_dfd, const char *from_pathname, int to_dfd, const char *to_pathname, int flags)
 fsopen				430	430	(char *fsname, unsigned int flags)
 fsconfig			431	431	(int fd, unsigned int cmd, const char *key, const char *value, int aux)
 fsmount				432	432	(int fd, unsigned int flags, unsigned int attr_flags)
 clone3				435	435	(struct clone_args *uargs, size_t size)
+close_range			436	436	(unsigned int fd, unsigned int max_fd, unsigned int flags)
 pidfd_open			434	434	(pid_t pid, unsigned int flags)
+openat2				437	437	(int dirfd, char *pathname, struct open_how *how, size_t size)
 pidfd_getfd			438	438	(int pidfd, int targetfd, unsigned int flags)
+rseq				293	398	(void *rseq, uint32_t rseq_len, int flags, uint32_t sig)
+membarrier 			283	389	(int cmd, unsigned int flags, int cpu_id)
+map_shadow_stack		453	!	(unsigned long addr, unsigned long size, unsigned int flags)

compel/arch/arm/src/lib/include/uapi/asm/infect-types.h

@@ -56,10 +56,11 @@ struct user_vfp_exc {
 	unsigned long fpinst2;
 };
 
-#define REG_RES(regs)	     ((regs).ARM_r0)
-#define REG_IP(regs)	     ((regs).ARM_pc)
-#define REG_SP(regs)	     ((regs).ARM_sp)
-#define REG_SYSCALL_NR(regs) ((regs).ARM_r7)
+#define REG_RES(regs)	      ((regs).ARM_r0)
+#define REG_IP(regs)	      ((regs).ARM_pc)
+#define SET_REG_IP(regs, val) ((regs).ARM_pc = (val))
+#define REG_SP(regs)	      ((regs).ARM_sp)
+#define REG_SYSCALL_NR(regs)  ((regs).ARM_r7)
 
 #define user_regs_native(pregs) true
 

compel/arch/arm/src/lib/infect.c

@@ -18,7 +18,7 @@
  */
 const char code_syscall[] = {
 	0x00, 0x00, 0x00, 0xef, /* SVC #0  */
-	0xf0, 0x01, 0xf0, 0xe7 /* UDF #32 */
+	0xf0, 0x01, 0xf0, 0xe7	/* UDF #32 */
 };
 
 static const int code_syscall_aligned = round_up(sizeof(code_syscall), sizeof(long));
@@ -65,10 +65,9 @@ int sigreturn_prep_fpu_frame_plain(struct rt_sigframe *sigframe, struct rt_sigfr
 }
 
 #define PTRACE_GETVFPREGS 27
-int compel_get_task_regs(pid_t pid, user_regs_struct_t *regs, user_fpregs_struct_t *ext_regs, save_regs_t save,
+int compel_get_task_regs(pid_t pid, user_regs_struct_t *regs, user_fpregs_struct_t *vfp, save_regs_t save,
 			 void *arg, __maybe_unused unsigned long flags)
 {
-	user_fpregs_struct_t tmp, *vfp = ext_regs ? ext_regs : &tmp;
 	int ret = -1;
 
 	pr_info("Dumping GP/FPU registers for %d\n", pid);
@@ -95,7 +94,7 @@ int compel_get_task_regs(pid_t pid, user_regs_struct_t *regs, user_fpregs_struct
 		}
 	}
 
-	ret = save(arg, regs, vfp);
+	ret = save(pid, arg, regs, vfp);
 err:
 	return ret;
 }

compel/arch/loongarch64/plugins/include/asm/prologue.h

@@ -0,0 +1,35 @@
+#ifndef __ASM_PROLOGUE_H__
+#define __ASM_PROLOGUE_H__
+
+#ifndef __ASSEMBLY__
+
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <sys/un.h>
+
+#include <errno.h>
+
+#define sys_recv(sockfd, ubuf, size, flags) sys_recvfrom(sockfd, ubuf, size, flags, NULL, NULL)
+
+typedef struct prologue_init_args {
+	struct sockaddr_un ctl_sock_addr;
+	unsigned int ctl_sock_addr_len;
+
+	unsigned int arg_s;
+	void *arg_p;
+
+	void *sigframe;
+} prologue_init_args_t;
+
+#endif /* __ASSEMBLY__ */
+
+/*
+ * Reserve enough space for sigframe.
+ *
+ * FIXME It is rather should be taken from sigframe header.
+ */
+#define PROLOGUE_SGFRAME_SIZE 4096
+
+#define PROLOGUE_INIT_ARGS_SIZE 1024
+
+#endif /* __ASM_PROLOGUE_H__ */

compel/arch/loongarch64/plugins/include/asm/syscall-types.h

@@ -0,0 +1,30 @@
+#ifndef COMPEL_ARCH_SYSCALL_TYPES_H__
+#define COMPEL_ARCH_SYSCALL_TYPES_H__
+
+#include <common/asm/bitsperlong.h>
+/* Types for sigaction, sigprocmask syscalls */
+typedef void rt_signalfn_t(int, siginfo_t *, void *);
+typedef rt_signalfn_t *rt_sighandler_t;
+
+typedef void rt_restorefn_t(void);
+typedef rt_restorefn_t *rt_sigrestore_t;
+
+/* refer to arch/loongarch/include/uapi/asm/signal.h */
+#define _KNSIG	     64
+#define _NSIG_BPW    BITS_PER_LONG
+#define _KNSIG_WORDS (_KNSIG / _NSIG_BPW)
+
+typedef struct {
+	uint64_t sig[_KNSIG_WORDS];
+} k_rtsigset_t;
+
+typedef struct {
+	rt_sighandler_t rt_sa_handler;
+	unsigned long rt_sa_flags;
+	rt_sigrestore_t rt_sa_restorer;
+	k_rtsigset_t rt_sa_mask;
+} rt_sigaction_t;
+
+#define SA_RESTORER 0x04000000
+
+#endif /* COMPEL_ARCH_SYSCALL_TYPES_H__ */

compel/arch/loongarch64/plugins/include/features.h

@@ -0,0 +1,4 @@
+#ifndef __COMPEL_ARCH_FEATURES_H
+#define __COMPEL_ARCH_FEATURES_H
+
+#endif /* __COMPEL_ARCH_FEATURES_H */

compel/arch/loongarch64/plugins/std/parasite-head.S

@@ -0,0 +1,9 @@
+
+#include "common/asm/linkage.h"
+
+	.section .head.text, "ax"
+ENTRY(__export_parasite_head_start)
+	bl	parasite_service;
+	break 0;
+END(__export_parasite_head_start)
+

compel/arch/loongarch64/plugins/std/syscalls/Makefile.syscalls

@@ -0,0 +1,117 @@
+std-lib-y		+= ./$(PLUGIN_ARCH_DIR)/std/syscalls-64.o
+sys-proto-types		:= $(obj)/include/uapi/std/syscall-types.h
+sys-proto-generic	:= $(obj)/include/uapi/std/syscall.h
+sys-codes-generic	:= $(obj)/include/uapi/std/syscall-codes.h
+sys-codes		 = $(obj)/include/uapi/std/syscall-codes-$(1).h
+sys-proto		 = $(obj)/include/uapi/std/syscall-$(1).h
+sys-def			 = $(PLUGIN_ARCH_DIR)/std/syscalls/syscall_$(1).tbl
+sys-asm			 = $(PLUGIN_ARCH_DIR)/std/syscalls-$(1).S
+sys-asm-common-name	 = std/syscalls/syscall-common-loongarch-$(1).S
+sys-asm-common		 = $(PLUGIN_ARCH_DIR)/$(sys-asm-common-name)
+sys-asm-types		:= $(obj)/include/uapi/std/asm/syscall-types.h
+sys-exec-tbl		 = $(PLUGIN_ARCH_DIR)/std/sys-exec-tbl-$(1).c
+
+sys-bits		:= 64
+
+AV			:= $$$$
+
+define gen-rule-sys-codes
+$(sys-codes): $(sys-def) $(sys-proto-types)
+	$(call msg-gen, $$@)
+	$(Q) echo "/* Autogenerated, don't edit */"					>  $$@
+	$(Q) echo "#ifndef ASM_SYSCALL_CODES_H_$(1)__"					>> $$@
+	$(Q) echo "#define ASM_SYSCALL_CODES_H_$(1)__"					>> $$@
+	$(Q) cat $$< | awk '/^__NR/{SYSN=$(AV)1;					\
+		sub("^__NR", "SYS", SYSN);						\
+		print "\n#ifndef ", $(AV)1;						\
+		print "#define", $(AV)1, $(AV)2;					\
+		print "#endif";								\
+		print "\n#ifndef ", SYSN;						\
+		print "#define ", SYSN, $(AV)1;						\
+		print "#endif";}'							>> $$@
+	$(Q) echo "#endif /* ASM_SYSCALL_CODES_H_$(1)__ */"				>> $$@
+endef
+
+define gen-rule-sys-proto
+$(sys-proto): $(sys-def) $(sys-proto-types)
+	$(call msg-gen, $$@)
+	$(Q) echo "/* Autogenerated, don't edit */"					>  $$@
+	$(Q) echo "#ifndef ASM_SYSCALL_PROTO_H_$(1)__"					>> $$@
+	$(Q) echo "#define ASM_SYSCALL_PROTO_H_$(1)__"					>> $$@
+	$(Q) echo '#include <compel/plugins/std/syscall-codes-$(1).h>'			>> $$@
+	$(Q) echo '#include <compel/plugins/std/syscall-types.h>'			>> $$@
+ifeq ($(1),32)
+	$(Q) echo '#include "asm/syscall32.h"'						>> $$@
+endif
+	$(Q) cat $$< | awk '/^__NR/{print "extern long", $(AV)3,			\
+			substr($(AV)0, index($(AV)0,$(AV)4)), ";"}'			>> $$@
+	$(Q) echo "#endif /* ASM_SYSCALL_PROTO_H_$(1)__ */"				>> $$@
+endef
+
+define gen-rule-sys-asm
+$(sys-asm): $(sys-def) $(sys-asm-common) $(sys-codes) $(sys-proto) $(sys-proto-types)
+	$(call msg-gen, $$@)
+	$(Q) echo "/* Autogenerated, don't edit */"					>  $$@
+	$(Q) echo '#include <compel/plugins/std/syscall-codes-$(1).h>'			>> $$@
+	$(Q) echo '#include "$(sys-asm-common-name)"'					>> $$@
+	$(Q) cat $$< | awk '/^__NR/{print "SYSCALL(", $(AV)3, ",", $(AV)2, ")"}'	>> $$@
+endef
+
+define gen-rule-sys-exec-tbl
+$(sys-exec-tbl): $(sys-def) $(sys-codes) $(sys-proto) $(sys-proto-generic) $(sys-proto-types)
+	$(call msg-gen, $$@)
+	$(Q) echo "/* Autogenerated, don't edit */"					>  $$@
+	$(Q) cat $$< | awk '/^__NR/{print						\
+		"SYSCALL(", substr($(AV)3, 5), ",", $(AV)2, ")"}'			>> $$@
+endef
+
+$(sys-codes-generic): $(sys-proto-types)
+	$(call msg-gen, $@)
+	$(Q) echo "/* Autogenerated, don't edit */"			>  $@
+	$(Q) echo "#ifndef __ASM_CR_SYSCALL_CODES_H__"			>> $@
+	$(Q) echo "#define __ASM_CR_SYSCALL_CODES_H__"			>> $@
+	$(Q) echo '#include <compel/plugins/std/syscall-codes-64.h>'	>> $@
+	$(Q) cat $< | awk '/^__NR/{NR32=$$1;				\
+		sub("^__NR", "__NR32", NR32);				\
+		print "\n#ifndef ", NR32;				\
+		print "#define ", NR32, $$2;				\
+		print "#endif";}'					>> $@
+	$(Q) echo "#endif /* __ASM_CR_SYSCALL_CODES_H__ */"		>> $@
+mrproper-y += $(sys-codes-generic)
+
+$(sys-proto-generic): $(strip $(call map,sys-proto,$(sys-bits))) $(sys-proto-types)
+	$(call msg-gen, $@)
+	$(Q) echo "/* Autogenerated, don't edit */"			>  $@
+	$(Q) echo "#ifndef __ASM_CR_SYSCALL_PROTO_H__"			>> $@
+	$(Q) echo "#define __ASM_CR_SYSCALL_PROTO_H__"			>> $@
+	$(Q) echo ""							>> $@
+	$(Q) echo '#include <compel/plugins/std/syscall-64.h>'		>> $@
+	$(Q) echo ""							>> $@
+	$(Q) echo "#endif /* __ASM_CR_SYSCALL_PROTO_H__ */"		>> $@
+mrproper-y += $(sys-proto-generic)
+
+define gen-rule-sys-exec-tbl
+$(sys-exec-tbl): $(sys-def) $(sys-codes) $(sys-proto) $(sys-proto-generic)
+	$(call msg-gen, $$@)
+	$(Q) echo "/* Autogenerated, don't edit */"			>  $$@
+	$(Q) cat $$< | awk '/^__NR/{print				\
+		"SYSCALL(", substr($(AV)3, 5), ",", $(AV)2, ")"}'	>> $$@
+endef
+
+$(eval $(call map,gen-rule-sys-codes,$(sys-bits)))
+$(eval $(call map,gen-rule-sys-proto,$(sys-bits)))
+$(eval $(call map,gen-rule-sys-asm,$(sys-bits)))
+$(eval $(call map,gen-rule-sys-exec-tbl,$(sys-bits)))
+
+$(sys-asm-types): $(PLUGIN_ARCH_DIR)/include/asm/syscall-types.h
+	$(call msg-gen, $@)
+	$(Q) ln -s ../../../../../../$(PLUGIN_ARCH_DIR)/include/asm/syscall-types.h $(sys-asm-types)
+
+std-headers-deps	+= $(call sys-codes,$(sys-bits))
+std-headers-deps	+= $(call sys-proto,$(sys-bits))
+std-headers-deps	+= $(call sys-asm,$(sys-bits))
+std-headers-deps	+= $(call sys-exec-tbl,$(sys-bits))
+std-headers-deps	+= $(sys-codes-generic)
+std-headers-deps	+= $(sys-proto-generic)
+std-headers-deps	+= $(sys-asm-types)
+mrproper-y		+= $(std-headers-deps)

compel/arch/loongarch64/plugins/std/syscalls/syscall-common-loongarch-64.S

@@ -0,0 +1,44 @@
+#include "common/asm/linkage.h"
+
+#define SYSCALL(name, opcode)		\
+ENTRY(name);					\
+	addi.d	$a7, $zero, opcode;	\
+	syscall 0;					\
+	jirl	$r0, $r1, 0;		\
+END(name)
+
+#ifndef AT_FDCWD
+#define AT_FDCWD	-100
+#endif
+
+#ifndef AT_REMOVEDIR
+#define AT_REMOVEDIR	0x200
+#endif
+
+ENTRY(sys_open)
+	or		$a3, $zero, $a2
+	or		$a2, $zero, $a1
+	or		$a1, $zero, $a0
+	addi.d	$a0, $zero, AT_FDCWD
+	b		sys_openat
+END(sys_open)
+
+ENTRY(sys_mkdir)
+	or		$a3, $zero, $a2
+	or		$a2, $zero, $a1
+	or		$a1, $zero, $a0
+	addi.d	$a0, $zero, AT_FDCWD
+	b		sys_mkdirat
+END(sys_mkdir)
+
+ENTRY(sys_rmdir)
+	addi.d	$a2, $zero, AT_REMOVEDIR
+	or		$a1, $zero, $a0
+	addi.d	$a0, $zero, AT_FDCWD
+	b		sys_unlinkat
+END(sys_rmdir)
+
+ENTRY(__cr_restore_rt)
+	addi.d	$a7, $zero, __NR_rt_sigreturn
+	syscall	0
+END(__cr_restore_rt)

compel/arch/loongarch64/plugins/std/syscalls/syscall_64.tbl

@@ -0,0 +1,122 @@
+#
+# System calls table, please make sure the table consist only the syscalls
+# really used somewhere in project.
+# from kernel/linux-3.10.84/arch/mips/include/uapi/asm/unistd.h Linux 64-bit syscalls are in the range from 5000 to 5999.
+#
+# __NR_name			code		name			arguments
+# -------------------------------------------------------------------------------------------------------------------------------------------------------------
+__NR_io_setup			0	sys_io_setup		(unsigned nr_events, aio_context_t *ctx)
+__NR_io_submit			2	sys_io_submit		(aio_context_t ctx, long nr, struct iocb **iocbpp)
+__NR_io_getevents		4	sys_io_getevents	(aio_context_t ctx, long min_nr, long nr, struct io_event *evs, struct timespec *tmo)
+__NR_fcntl			25	sys_fcntl		(int fd, int type, long arg)
+__NR_ioctl			29	sys_ioctl		(unsigned int fd, unsigned int cmd, unsigned long arg)
+__NR_flock			32	sys_flock		(int fd, unsigned long cmd)
+__NR_mkdirat			34	sys_mkdirat             (int dfd, const char *pathname, int flag)
+__NR_unlinkat			35	sys_unlinkat            (int dfd, const char *pathname, int flag)
+__NR_umount2			39	sys_umount2		(char *name, int flags)
+__NR_mount			40	sys_mount		(char *dev_nmae, char *dir_name, char *type, unsigned long flags, void *data)
+__NR_fallocate			47	sys_fallocate		(int fd, int mode, loff_t offset, loff_t len)
+__NR_close			57	sys_close		(int fd)
+__NR_openat			56	sys_openat		(int dfd, const char *filename, int flags, int mode)
+__NR_lseek			62	sys_lseek		(int fd, unsigned long offset, unsigned long origin)
+__NR_read			63	sys_read		(int fd, void *buf, unsigned long count)
+__NR_write			64	sys_write		(int fd, const void *buf, unsigned long count)
+__NR_pread64			67	sys_pread		(unsigned int fd, char *buf, size_t count, loff_t pos)
+__NR_preadv			69	sys_preadv_raw		(int fd, struct iovec *iov, unsigned long nr, unsigned long pos_l, unsigned long pos_h)
+__NR_ppoll			73	sys_ppoll		(struct pollfd *fds, unsigned int nfds, const struct timespec *tmo, const sigset_t *sigmask, size_t sigsetsize)
+__NR_signalfd4			74	sys_signalfd		(int fd, k_rtsigset_t *mask, size_t sizemask, int flags)
+__NR_vmsplice			75	sys_vmsplice		(int fd, const struct iovec *iov, unsigned long nr_segs, unsigned int flags)
+__NR_readlinkat			78	sys_readlinkat		(int fd, const char *path, char *buf, int bufsize)
+__NR_timerfd_settime		86	sys_timerfd_settime	(int ufd, int flags, const struct itimerspec *utmr, struct itimerspec *otmr)
+__NR_capget			90	sys_capget		(struct cap_header *h, struct cap_data *d)
+__NR_capset			91	sys_capset		(struct cap_header *h, struct cap_data *d)
+__NR_personality		92	sys_personality		(unsigned int personality)
+__NR_exit			93	sys_exit		(unsigned long error_code)
+__NR_exit_group			94	sys_exit_group		(int error_code)
+__NR_waitid			95	sys_waitid		(int which, pid_t pid, struct siginfo *infop, int options, struct rusage *ru)
+__NR_set_tid_address		96	sys_set_tid_address	(int *tid_addr)
+__NR_futex			98	sys_futex		(uint32_t *uaddr, int op, uint32_t val, struct timespec *utime, uint32_t *uaddr2, uint32_t val3)
+__NR_set_robust_list		99	sys_set_robust_list	(struct robust_list_head *head, size_t len)
+__NR_get_robust_list		100	sys_get_robust_list	(int pid, struct robust_list_head **head_ptr, size_t *len_ptr)
+__NR_nanosleep			101	sys_nanosleep		(struct timespec *req, struct timespec *rem)
+__NR_getitimer			102	sys_getitimer		(int which, const struct itimerval *val)
+__NR_setitimer			103	sys_setitimer		(int which, const struct itimerval *val, struct itimerval *old)
+__NR_sys_timer_create		107	sys_timer_create	(clockid_t which_clock, struct sigevent *timer_event_spec, kernel_timer_t *created_timer_id)
+__NR_sys_timer_gettime		108	sys_timer_gettime	(int timer_id, const struct itimerspec *setting)
+__NR_sys_timer_getoverrun	109	sys_timer_getoverrun	(int timer_id)
+__NR_sys_timer_settime		110	sys_timer_settime	(kernel_timer_t timer_id, int flags, const struct itimerspec *new_setting, struct itimerspec *old_setting)
+__NR_sys_timer_delete		111	sys_timer_delete	(kernel_timer_t timer_id)
+__NR_clock_gettime		113	sys_clock_gettime	(clockid_t which_clock, struct timespec *tp)
+__NR_sched_setscheduler		119	sys_sched_setscheduler	(int pid, int policy, struct sched_param *p)
+__NR_restart_syscall		128	sys_restart_syscall	(void)
+__NR_kill			129	sys_kill		(long pid, int sig)
+__NR_sigaltstack		132	sys_sigaltstack		(const void *uss, void *uoss)
+__NR_rt_sigaction		134	sys_sigaction		(int signum, const rt_sigaction_t *act, rt_sigaction_t *oldact, size_t sigsetsize)
+__NR_rt_sigprocmask		135	sys_sigprocmask		(int how, k_rtsigset_t *set, k_rtsigset_t *old, size_t sigsetsize)
+__NR_rt_sigqueueinfo		138	sys_rt_sigqueueinfo	(pid_t pid, int sig, siginfo_t *info)
+__NR_rt_sigreturn		139	sys_rt_sigreturn	(void)
+__NR_setpriority		140	sys_setpriority		(int which, int who, int nice)
+__NR_setresuid			147	sys_setresuid		(int uid, int euid, int suid)
+__NR_getresuid			148	sys_getresuid		(int *uid, int *euid, int *suid)
+__NR_setresgid			149	sys_setresgid		(int gid, int egid, int sgid)
+__NR_getresgid			150	sys_getresgid		(int *gid, int *egid, int *sgid)
+__NR_getpgid			155	sys_getpgid		(pid_t pid)
+__NR_setfsuid			151	sys_setfsuid		(int fsuid)
+__NR_setfsgid			152	sys_setfsgid		(int fsgid)
+__NR_getsid			156	sys_getsid		(void)
+__NR_getgroups			158	sys_getgroups		(int gsize, unsigned int *groups)
+__NR_setgroups			159	sys_setgroups		(int gsize, unsigned int *groups)
+__NR_setrlimit			164	sys_setrlimit		(int resource, struct krlimit *rlim)
+__NR_umask			166	sys_umask		(int mask)
+__NR_prctl			167	sys_prctl		(int option, unsigned long arg2, unsigned long arg3, unsigned long arg4, unsigned long arg5)
+__NR_gettimeofday		169	sys_gettimeofday	(struct timeval *tv, struct timezone *tz)
+__NR_getpid			172	sys_getpid		(void)
+__NR_ptrace			177	sys_ptrace		(long request, pid_t pid, void *addr, void *data)
+__NR_gettid			178	sys_gettid		(void)
+__NR_shmat			196	sys_shmat		(int shmid, void *shmaddr, int shmflag)
+__NR_socket			198	sys_socket		(int domain, int type, int protocol)
+__NR_bind			200	sys_bind		(int sockfd, const struct sockaddr *addr, int addrlen)
+__NR_connect			203	sys_connect		(int sockfd, struct sockaddr *addr, int addrlen)
+__NR_sendto			206	sys_sendto		(int sockfd, void *buff, size_t len, unsigned int flags, struct sockaddr *addr, int addr_len)
+__NR_recvfrom			207	sys_recvfrom		(int sockfd, void *ubuf, size_t size, unsigned int flags, struct sockaddr *addr, int *addr_len)
+__NR_setsockopt			208	sys_setsockopt		(int sockfd, int level, int optname, const void *optval, socklen_t optlen)
+__NR_getsockopt			209	sys_getsockopt		(int sockfd, int level, int optname, const void *optval, socklen_t *optlen)
+__NR_shutdown			210	sys_shutdown		(int sockfd, int how)
+__NR_sendmsg			211	sys_sendmsg		(int sockfd, const struct msghdr *msg, int flags)
+__NR_recvmsg			212	sys_recvmsg		(int sockfd, struct msghdr *msg, int flags)
+__NR_brk			214	sys_brk			(void *addr)
+__NR_munmap			215	sys_munmap		(void *addr, unsigned long len)
+__NR_mremap			216	sys_mremap		(unsigned long addr, unsigned long old_len, unsigned long new_len, unsigned long flags, unsigned long new_addr)
+__NR_clone			220	sys_clone		(unsigned long flags, void *child_stack, void *parent_tid, unsigned long newtls, void *child_tid)
+__NR_mmap			222	sys_mmap		(void *addr, unsigned long len, unsigned long prot, unsigned long flags, unsigned long fd, unsigned long offset)
+__NR_mprotect			226	sys_mprotect		(const void *addr, unsigned long len, unsigned long prot)
+__NR_mincore			232	sys_mincore		(void *addr, unsigned long size, unsigned char *vec)
+__NR_madvise			233	sys_madvise		(unsigned long start, size_t len, int behavior)
+__NR_rt_tgsigqueueinfo		240	sys_rt_tgsigqueueinfo	(pid_t tgid, pid_t pid, int sig, siginfo_t *info)
+__NR_wait4			260	sys_wait4		(int pid, int *status, int options, struct rusage *ru)
+__NR_fanotify_init		262	sys_fanotify_init	(unsigned int flags, unsigned int event_f_flags)
+__NR_fanotify_mark		263	sys_fanotify_mark	(int fanotify_fd, unsigned int flags, uint64_t mask, int dfd, const char *pathname)
+__NR_open_by_handle_at		265	sys_open_by_handle_at	(int mountdirfd, struct file_handle *handle, int flags)
+__NR_setns			268	sys_setns		(int fd, int nstype)
+__NR_kcmp			272	sys_kcmp		(pid_t pid1, pid_t pid2, int type, unsigned long idx1, unsigned long idx2)
+__NR_seccomp			277	sys_seccomp		(unsigned int op, unsigned int flags, const char *uargs)
+__NR_memfd_create		279	sys_memfd_create	(const char *name, unsigned int flags)
+__NR_userfaultfd		282	sys_userfaultfd		(int flags)
+__NR_membarrier			283	sys_membarrier		(int cmd, unsigned int flags, int cpu_id)
+__NR_rseq			293	sys_rseq		(void *rseq, uint32_t rseq_len, int flags, uint32_t sig)
+__NR_open_tree			428	sys_open_tree		(int dirfd, const char *pathname, unsigned int flags)
+__NR_move_mount			429	sys_move_mount		(int from_dfd, const char *from_pathname, int to_dfd, const char *to_pathname, int flags)
+__NR_fsopen			430	sys_fsopen		(char *fsname, unsigned int flags)
+__NR_fsconfig			431	sys_fsconfig		(int fd, unsigned int cmd, const char *key, const char *value, int aux)
+__NR_fsmount			432	sys_fsmount		(int fd, unsigned int flags, unsigned int attr_flags)
+__NR_pidfd_open			434	sys_pidfd_open		(pid_t pid, unsigned int flags)
+__NR_clone3			435	sys_clone3		(struct clone_args *uargs, size_t size)
+__NR_openat2			437	sys_openat2		(int dirfd, char *pathname, struct open_how *how, size_t size)
+__NR_pidfd_getfd		438	sys_pidfd_getfd		(int pidfd, int targetfd, unsigned int flags)
+#__NR_dup2			!	sys_dup2		(int oldfd, int newfd)
+#__NR_rmdir			!	sys_rmdir		(const char *name)
+#__NR_unlink			!	sys_unlink		(char *pathname)
+#__NR_cacheflush		!	sys_cacheflush		(char *addr, int nbytes, int cache)
+#__NR_set_thread_area		!	sys_set_thread_area	(unsigned long *addr)
+#__NR_mkdir			!	sys_mkdir		(const char *name, int mode)
+#__NR_open			!	sys_open		(const char *filename, unsigned long flags, unsigned long mode)

compel/arch/loongarch64/scripts/compel-pack.lds.S

@@ -0,0 +1,32 @@
+OUTPUT_ARCH(loongarch)
+EXTERN(__export_parasite_head_start)
+
+SECTIONS
+{
+	.crblob 0x0 : {
+		*(.head.text)
+		ASSERT(DEFINED(__export_parasite_head_start),
+			"Symbol __export_parasite_head_start is missing");
+		*(.text*)
+		. = ALIGN(32);
+		*(.data*)
+		. = ALIGN(32);
+		*(.rodata*)
+		. = ALIGN(32);
+		*(.bss*)
+		. = ALIGN(32);
+		*(.got*)
+		. = ALIGN(32);
+		*(.toc*)
+		. = ALIGN(32);
+	} =0x00000000,
+
+	/DISCARD/ : {
+		*(.debug*)
+		*(.comment*)
+		*(.note*)
+		*(.group*)
+		*(.eh_frame*)
+		*(*)
+	}
+}

compel/arch/loongarch64/src/lib/cpu.c

@@ -0,0 +1,41 @@
+#include <string.h>
+#include <stdbool.h>
+
+#include "compel-cpu.h"
+#include "common/bitops.h"
+#include "common/compiler.h"
+#include "log.h"
+
+#undef LOG_PREFIX
+#define LOG_PREFIX "cpu: "
+
+static compel_cpuinfo_t rt_info;
+static bool rt_info_done = false;
+
+void compel_set_cpu_cap(compel_cpuinfo_t *c, unsigned int feature)
+{
+}
+
+void compel_clear_cpu_cap(compel_cpuinfo_t *c, unsigned int feature)
+{
+}
+
+int compel_test_cpu_cap(compel_cpuinfo_t *c, unsigned int feature)
+{
+	return 0;
+}
+
+int compel_cpuid(compel_cpuinfo_t *c)
+{
+	return 0;
+}
+
+bool compel_cpu_has_feature(unsigned int feature)
+{
+	if (!rt_info_done) {
+		compel_cpuid(&rt_info);
+		rt_info_done = true;
+	}
+
+	return compel_test_cpu_cap(&rt_info, feature);
+}

compel/arch/loongarch64/src/lib/handle-elf-host.c

@@ -0,0 +1,22 @@
+#include <string.h>
+#include <errno.h>
+
+#include "handle-elf.h"
+#include "piegen.h"
+#include "log.h"
+
+static const unsigned char __maybe_unused elf_ident_64_le[EI_NIDENT] = {
+	0x7f, 0x45, 0x4c, 0x46, 0x02, 0x01, 0x01, 0x00, /* clang-format */
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+};
+
+extern int __handle_elf(void *mem, size_t size);
+
+int handle_binary(void *mem, size_t size)
+{
+	if (memcmp(mem, elf_ident_64_le, sizeof(elf_ident_64_le)) == 0)
+		return __handle_elf(mem, size);
+
+	pr_err("Unsupported Elf format detected\n");
+	return -EINVAL;
+}

compel/arch/loongarch64/src/lib/handle-elf.c

@@ -0,0 +1,22 @@
+#include <string.h>
+#include <errno.h>
+
+#include "handle-elf.h"
+#include "piegen.h"
+#include "log.h"
+
+static const unsigned char __maybe_unused elf_ident_64_le[EI_NIDENT] = {
+	0x7f, 0x45, 0x4c, 0x46, 0x02, 0x01, 0x01, 0x00, /* clang-format */
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+};
+
+extern int __handle_elf(void *mem, size_t size);
+
+int handle_binary(void *mem, size_t size)
+{
+	if (memcmp(mem, elf_ident_64_le, sizeof(elf_ident_64_le)) == 0)
+		return __handle_elf(mem, size);
+
+	pr_err("Unsupported Elf format detected\n");
+	return -EINVAL;
+}

compel/arch/loongarch64/src/lib/include/handle-elf.h

@@ -0,0 +1,8 @@
+#ifndef COMPEL_HANDLE_ELF_H__
+#define COMPEL_HANDLE_ELF_H__
+
+#include "elf64-types.h"
+
+#define arch_is_machine_supported(e_machine) (e_machine == EM_LOONGARCH)
+
+#endif /* COMPEL_HANDLE_ELF_H__ */

compel/arch/loongarch64/src/lib/include/syscall.h

@@ -0,0 +1,8 @@
+#ifndef __COMPEL_SYSCALL_H__
+#define __COMPEL_SYSCALL_H__
+
+#ifndef SIGSTKFLT
+#define SIGSTKFLT 16
+#endif
+
+#endif

compel/arch/loongarch64/src/lib/include/uapi/asm/breakpoints.h

@@ -0,0 +1,6 @@
+#ifndef __COMPEL_BREAKPOINTS_H__
+#define __COMPEL_BREAKPOINTS_H__
+#define ARCH_SI_TRAP TRAP_BRKPT
+extern int ptrace_set_breakpoint(pid_t pid, void *addr);
+extern int ptrace_flush_breakpoints(pid_t pid);
+#endif

compel/arch/loongarch64/src/lib/include/uapi/asm/cpu.h

@@ -0,0 +1,6 @@
+#ifndef __CR_ASM_CPU_H__
+#define __CR_ASM_CPU_H__
+
+typedef struct {
+} compel_cpuinfo_t;
+#endif /* __CR_ASM_CPU_H__ */

compel/arch/loongarch64/src/lib/include/uapi/asm/fpu.h

@@ -0,0 +1,4 @@
+#ifndef __CR_ASM_FPU_H__
+#define __CR_ASM_FPU_H__
+
+#endif /* __CR_ASM_FPU_H__ */

compel/arch/loongarch64/src/lib/include/uapi/asm/infect-types.h

@@ -0,0 +1,67 @@
+#ifndef UAPI_COMPEL_ASM_TYPES_H__
+#define UAPI_COMPEL_ASM_TYPES_H__
+
+#include <stdint.h>
+
+#define SIGMAX	   64
+#define SIGMAX_OLD 31
+
+/*
+ * From the Linux kernel header arch/loongarch/include/uapi/asm/ptrace.h
+ *
+ * A thread LoongArch CPU context
+ *
+ * struct user_fp_state {
+ *     uint64_t    fpr[32];
+ *     uint64_t    fcc;
+ *     uint32_t    fcsr;
+ * };
+ *
+ * struct user_pt_regs {
+ *     unsigned long regs[32];
+ *     unsigned long csr_era;
+ *     unsigned long csr_badv;
+ *     unsigned long reserved[11];
+ * };
+ */
+
+struct user_gp_regs {
+	uint64_t regs[32];
+	uint64_t orig_a0;
+	uint64_t pc;
+	uint64_t csr_badv;
+	uint64_t reserved[10];
+} __attribute__((aligned(8)));
+
+struct user_fp_regs {
+	uint64_t regs[32];
+	uint64_t fcc;
+	uint32_t fcsr;
+};
+
+typedef struct user_gp_regs user_regs_struct_t;
+typedef struct user_fp_regs user_fpregs_struct_t;
+
+#define user_regs_native(regs) true
+
+#define __compel_arch_fetch_thread_area(tid, th) 0
+#define compel_arch_fetch_thread_area(tctl)	 0
+#define compel_arch_get_tls_task(ctl, tls)
+#define compel_arch_get_tls_thread(tctl, tls)
+
+#define REG_RES(r)	   ((uint64_t)(r).regs[4])
+#define REG_IP(r)	   ((uint64_t)(r).pc)
+#define REG_SP(r)	   ((uint64_t)(r).regs[3])
+#define REG_SYSCALL_NR(r)  ((uint64_t)(r).regs[11])
+#define SET_REG_IP(r, val) ((r).pc = (val))
+
+#define GPR_NUM 32
+#define FPR_NUM 32
+
+#define __NR(syscall, compat)   \
+	({                      \
+		(void)compat;   \
+		__NR_##syscall; \
+	})
+
+#endif /* UAPI_COMPEL_ASM_TYPES_H__ */

compel/arch/loongarch64/src/lib/include/uapi/asm/sigframe.h

@@ -0,0 +1,86 @@
+#ifndef UAPI_COMPEL_ASM_SIGFRAME_H__
+#define UAPI_COMPEL_ASM_SIGFRAME_H__
+
+#include <stdint.h>
+#include <stdbool.h>
+#include <stdlib.h>
+
+#include <compel/asm/fpu.h>
+#include <compel/plugins/std/syscall-codes.h>
+
+#include <asm/types.h>
+
+#define rt_sigcontext sigcontext
+/* sigcontext defined in usr/include/uapi/asm/sigcontext.h*/
+#include <compel/sigframe-common.h>
+typedef __u32 u32;
+
+typedef struct sigcontext_t {
+	__u64 pc;
+	__u64 regs[32];
+	__u32 flags;
+	__u64 extcontext[0] __attribute__((__aligned__(16)));
+} sigcontext_t;
+
+typedef struct context_info_t {
+	__u32 magic;
+	__u32 size;
+	__u64 padding;
+} context_info_t;
+
+#define FPU_CTX_MAGIC 0x46505501
+#define FPU_CTX_ALIGN 8
+typedef struct fpu_context_t {
+	__u64 regs[32];
+	__u64 fcc;
+	__u64 fcsr;
+} fpu_context_t;
+
+typedef struct ucontext {
+	unsigned long uc_flags;
+	struct ucontext *uc_link;
+	stack_t uc_stack;
+	sigset_t uc_sigmask;
+	__u8 __unused[1024 / 8 - sizeof(sigset_t)];
+	sigcontext_t uc_mcontext;
+} ucontext;
+
+/* Copy from the kernel source arch/loongarch/kernel/signal.c */
+struct rt_sigframe {
+	rt_siginfo_t rs_info;
+	ucontext rs_uc;
+};
+
+#define RT_SIGFRAME_UC(rt_sigframe)	 (&(rt_sigframe->rs_uc))
+#define RT_SIGFRAME_SIGMASK(rt_sigframe) ((k_rtsigset_t *)&RT_SIGFRAME_UC(rt_sigframe)->uc_sigmask)
+#define RT_SIGFRAME_SIGCTX(rt_sigframe)	 (&(RT_SIGFRAME_UC(rt_sigframe)->uc_mcontext))
+#define RT_SIGFRAME_REGIP(rt_sigframe)	 ((long unsigned int)(RT_SIGFRAME_SIGCTX(rt_sigframe)->pc))
+#define RT_SIGFRAME_HAS_FPU(rt_sigframe) (1)
+
+#define RT_SIGFRAME_FPU(rt_sigframe)                                                                 \
+	({                                                                                           \
+		context_info_t *ctx = (context_info_t *)RT_SIGFRAME_SIGCTX(rt_sigframe)->extcontext; \
+		ctx->magic = FPU_CTX_MAGIC;                                                          \
+		ctx->size = sizeof(context_info_t) + sizeof(fpu_context_t);                          \
+		(fpu_context_t *)((char *)ctx + sizeof(context_info_t));                             \
+	})
+
+#define RT_SIGFRAME_OFFSET(rt_sigframe) 0
+
+/* clang-format off */
+#define ARCH_RT_SIGRETURN(new_sp, rt_sigframe)  \
+    asm volatile(                               \
+            "addi.d $sp, %0, 0 \n"              \
+            "addi.d $a7, $zero, "__stringify(__NR_rt_sigreturn)"    \n" \
+            "syscall   0"                       \
+            :                                   \
+            :"r"(new_sp)                        \
+            : "$a7", "memory")
+/* clang-format on */
+
+int sigreturn_prep_fpu_frame(struct rt_sigframe *sigframe, struct rt_sigframe *rsigframe);
+
+#define rt_sigframe_erase_sigset(sigframe)	memset(RT_SIGFRAME_SIGMASK(sigframe), 0, sizeof(k_rtsigset_t))
+#define rt_sigframe_copy_sigset(sigframe, from) memcpy(RT_SIGFRAME_SIGMASK(sigframe), from, sizeof(k_rtsigset_t))
+
+#endif /* UAPI_COMPEL_ASM_SIGFRAME_H__ */

compel/arch/loongarch64/src/lib/infect.c

@@ -0,0 +1,204 @@
+#include <sys/types.h>
+#include <sys/uio.h>
+#include <sys/auxv.h>
+#include <sys/mman.h>
+#include <errno.h>
+
+#include <compel/asm/fpu.h>
+#include <compel/cpu.h>
+#include "errno.h"
+#include <compel/plugins/std/syscall-codes.h>
+#include <compel/plugins/std/syscall.h>
+#include "common/err.h"
+#include "common/page.h"
+#include "asm/infect-types.h"
+#include "ptrace.h"
+#include "infect.h"
+#include "infect-priv.h"
+#include "log.h"
+#include "common/bug.h"
+
+/*
+ * Injected syscall instruction
+ * loongarch64 is Little Endian
+ */
+const char code_syscall[] = {
+	0x00, 0x00, 0x2b, 0x00, /* syscall    */
+	0x00, 0x00, 0x2a, 0x00	/*  break      */
+};
+
+int sigreturn_prep_regs_plain(struct rt_sigframe *sigframe, user_regs_struct_t *regs, user_fpregs_struct_t *fpregs)
+{
+	sigcontext_t *sc;
+	fpu_context_t *fpu;
+
+	sc = RT_SIGFRAME_SIGCTX(sigframe);
+	memcpy(sc->regs, regs->regs, sizeof(regs->regs));
+	sc->pc = regs->pc;
+
+	fpu = RT_SIGFRAME_FPU(sigframe);
+	memcpy(fpu->regs, fpregs->regs, sizeof(fpregs->regs));
+	fpu->fcc = fpregs->fcc;
+	fpu->fcsr = fpregs->fcsr;
+	return 0;
+}
+
+int sigreturn_prep_fpu_frame_plain(struct rt_sigframe *sigframe, struct rt_sigframe *rsigframe)
+{
+	return 0;
+}
+
+int compel_get_task_regs(pid_t pid, user_regs_struct_t *regs, user_fpregs_struct_t *ext_regs, save_regs_t save,
+			 void *arg, __maybe_unused unsigned long flags)
+{
+	user_fpregs_struct_t tmp, *fpregs = ext_regs ? ext_regs : &tmp;
+	struct iovec iov;
+	int ret;
+
+	pr_info("Dumping GP/FPU registers for %d\n", pid);
+
+	iov.iov_base = regs;
+	iov.iov_len = sizeof(user_regs_struct_t);
+	if ((ret = ptrace(PTRACE_GETREGSET, pid, NT_PRSTATUS, &iov))) {
+		pr_perror("Failed to obtain CPU registers for %d", pid);
+		goto err;
+	}
+
+	/*
+	 * Refer to Linux kernel arch/loongarch/kernel/signal.c
+	 */
+	if (regs->regs[0]) {
+		switch (regs->regs[4]) {
+		case -ERESTARTNOHAND:
+		case -ERESTARTSYS:
+		case -ERESTARTNOINTR:
+			regs->regs[4] = regs->orig_a0;
+			regs->pc -= 4;
+			break;
+		case -ERESTART_RESTARTBLOCK:
+			regs->regs[4] = regs->orig_a0;
+			regs->regs[11] = __NR_restart_syscall;
+			regs->pc -= 4;
+			break;
+		}
+		regs->regs[0] = 0; /* Don't deal with this again.  */
+	}
+
+	iov.iov_base = fpregs;
+	iov.iov_len = sizeof(user_fpregs_struct_t);
+	if ((ret = ptrace(PTRACE_GETREGSET, pid, NT_PRFPREG, &iov))) {
+		pr_perror("Failed to obtain FPU registers for %d", pid);
+		goto err;
+	}
+
+	ret = save(pid, arg, regs, fpregs);
+err:
+	return 0;
+}
+
+int compel_set_task_ext_regs(pid_t pid, user_fpregs_struct_t *ext_regs)
+{
+	struct iovec iov;
+
+	pr_info("Restoring GP/FPU registers for %d\n", pid);
+
+	iov.iov_base = ext_regs;
+	iov.iov_len = sizeof(*ext_regs);
+	if (ptrace(PTRACE_SETREGSET, pid, NT_PRFPREG, &iov)) {
+		pr_perror("Failed to set FPU registers for %d", pid);
+		return -1;
+	}
+	return 0;
+}
+
+/*
+ * Registers $4 ~ $11 represents arguments a0 ~ a7, especially a7 is
+ * used as syscall number.
+ */
+int compel_syscall(struct parasite_ctl *ctl, int nr, long *ret, unsigned long arg1, unsigned long arg2,
+		   unsigned long arg3, unsigned long arg4, unsigned long arg5, unsigned long arg6)
+{
+	int err;
+	user_regs_struct_t regs = ctl->orig.regs;
+
+	regs.regs[11] = (unsigned long)nr;
+	regs.regs[4] = arg1;
+	regs.regs[5] = arg2;
+	regs.regs[6] = arg3;
+	regs.regs[7] = arg4;
+	regs.regs[8] = arg5;
+	regs.regs[9] = arg6;
+	err = compel_execute_syscall(ctl, &regs, code_syscall);
+
+	*ret = regs.regs[4];
+
+	return err;
+}
+
+void *remote_mmap(struct parasite_ctl *ctl, void *addr, size_t length, int prot, int flags, int fd, off_t offset)
+{
+	long map;
+	int err;
+
+	err = compel_syscall(ctl, __NR_mmap, &map, (unsigned long)addr, length, prot, flags, fd, offset >> PAGE_SHIFT);
+
+	if (err < 0 || IS_ERR_VALUE(map)) {
+		pr_err("remote mmap() failed: %s\n", strerror(-map));
+		return NULL;
+	}
+
+	return (void *)map;
+}
+
+/*
+ * regs must be inited when calling this function from original context
+ */
+void parasite_setup_regs(unsigned long new_ip, void *stack, user_regs_struct_t *regs)
+{
+	regs->pc = new_ip;
+	if (stack)
+		regs->regs[4] = (unsigned long)stack;
+}
+
+bool arch_can_dump_task(struct parasite_ctl *ctl)
+{
+	return true;
+}
+
+int arch_fetch_sas(struct parasite_ctl *ctl, struct rt_sigframe *s)
+{
+	long ret;
+	int err;
+
+	err = compel_syscall(ctl, __NR_sigaltstack, &ret, 0, (unsigned long)&s->rs_uc.uc_stack, 0, 0, 0, 0);
+	return err ? err : ret;
+}
+
+/*
+ * TODO: add feature
+ */
+int ptrace_set_breakpoint(pid_t pid, void *addr)
+{
+	return 0;
+}
+
+int ptrace_flush_breakpoints(pid_t pid)
+{
+	return 0;
+}
+
+/*
+ * Refer to Linux kernel arch/loongarch/include/asm/processor.h
+ */
+#define TASK_SIZE32	(1UL) << 31
+#define TASK_SIZE64_MIN (1UL) << 40
+#define TASK_SIZE64_MAX (1UL) << 48
+
+unsigned long compel_task_size(void)
+{
+	unsigned long task_size;
+	for (task_size = TASK_SIZE64_MIN; task_size < TASK_SIZE64_MAX; task_size <<= 1)
+		if (munmap((void *)task_size, page_size()))
+			break;
+	return task_size;
+}

compel/arch/mips/plugins/std/syscalls/syscall_64.tbl

@@ -84,7 +84,7 @@ __NR_sys_timer_settime		5217		sys_timer_settime	(kernel_timer_t timer_id, int fl
 __NR_sys_timer_gettime		5218		sys_timer_gettime	(int timer_id, const struct itimerspec *setting)
 __NR_sys_timer_getoverrun	5219		sys_timer_getoverrun	(int timer_id)
 __NR_sys_timer_delete		5220		sys_timer_delete	(kernel_timer_t timer_id)
-__NR_clock_gettime		5222		sys_clock_gettime	(const clockid_t which_clock, const struct timespec *tp)
+__NR_clock_gettime		5222		sys_clock_gettime	(clockid_t which_clock, struct timespec *tp)
 __NR_exit_group			5205		sys_exit_group		(int error_code)
 __NR_set_thread_area		5242		sys_set_thread_area	(unsigned long *addr)
 __NR_openat			5247		sys_openat		(int dfd, const char *filename, int flags, int mode)
@@ -109,9 +109,15 @@ __NR_memfd_create		5314		sys_memfd_create	(const char *name, unsigned int flags)
 __NR_userfaultfd		5317		sys_userfaultfd		(int flags)
 
 ##TODO for kernel
+__NR_open_tree			5428		sys_open_tree		(int dirfd, const char *pathname, unsigned int flags)
+__NR_move_mount			5429		sys_move_mount		(int from_dfd, const char *from_pathname, int to_dfd, const char *to_pathname, int flags)
 __NR_fsopen			5430		sys_fsopen		(char *fsname, unsigned int flags)
 __NR_fsconfig			5431		sys_fsconfig		(int fd, unsigned int cmd, const char *key, const char *value, int aux)
 __NR_fsmount			5432		sys_fsmount		(int fd, unsigned int flags, unsigned int attr_flags)
 __NR_clone3			5435		sys_clone3		(struct clone_args *uargs, size_t size)
+__NR_close_range		5436		sys_close_range		(unsigned int fd, unsigned int max_fd, unsigned int flags)
 __NR_pidfd_open			5434		sys_pidfd_open		(pid_t pid, unsigned int flags)
+__NR_openat2			5437		sys_openat2		(int dirfd, char *pathname, struct open_how *how, size_t size)
 __NR_pidfd_getfd		5438		sys_pidfd_getfd		(int pidfd, int targetfd, unsigned int flags)
+__NR_rseq		        5327		sys_rseq		(void *rseq, uint32_t rseq_len, int flags, uint32_t sig)
+__NR_membarrier 		5318		sys_membarrier		(int cmd, unsigned int flags, int cpu_id)

compel/arch/mips/src/lib/handle-elf.c

@@ -5,18 +5,31 @@
 #include "piegen.h"
 #include "log.h"
 
-static const unsigned char __maybe_unused elf_ident_64_le[EI_NIDENT] = {
-	0x7f, 0x45, 0x4c, 0x46, 0x02, 0x01, 0x01, 0x00, /* clang-format */
-	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-};
-
 extern int __handle_elf(void *mem, size_t size);
 
 int handle_binary(void *mem, size_t size)
 {
-	if (memcmp(mem, elf_ident_64_le, sizeof(elf_ident_64_le)) == 0)
-		return __handle_elf(mem, size);
+	Elf64_Ehdr *ehdr = (Elf64_Ehdr *)mem;
 
-	pr_err("Unsupported Elf format detected\n");
-	return -EINVAL;
+	/* check ELF magic */
+	if (ehdr->e_ident[EI_MAG0] != ELFMAG0 ||
+	    ehdr->e_ident[EI_MAG1] != ELFMAG1 ||
+	    ehdr->e_ident[EI_MAG2] != ELFMAG2 ||
+	    ehdr->e_ident[EI_MAG3] != ELFMAG3) {
+		pr_err("Invalid ELF magic\n");
+		return -EINVAL;
+	}
+
+	/* check ELF class and data encoding */
+	if (ehdr->e_ident[EI_CLASS] != ELFCLASS64 ||
+	    ehdr->e_ident[EI_DATA] != ELFDATA2LSB) {
+		pr_err("Unsupported ELF class or data encoding\n");
+		return -EINVAL;
+	}
+
+	if (ehdr->e_ident[EI_ABIVERSION] != 0) {
+		pr_warn("Unusual ABI version: %d\n", ehdr->e_ident[EI_ABIVERSION]);
+	}
+
+	return __handle_elf(mem, size);
 }

compel/arch/mips/src/lib/include/ldsodefs.h

@@ -69,8 +69,8 @@ struct La_mips_64_retval;
 /* An entry in a 64 bit SHT_REL section.  */
 
 typedef struct {
-	Elf32_Word r_sym; /* Symbol index */
-	unsigned char r_ssym; /* Special symbol for 2nd relocation */
+	Elf32_Word r_sym;      /* Symbol index */
+	unsigned char r_ssym;  /* Special symbol for 2nd relocation */
 	unsigned char r_type3; /* 3rd relocation type */
 	unsigned char r_type2; /* 2nd relocation type */
 	unsigned char r_type1; /* 1st relocation type */
@@ -82,14 +82,14 @@ typedef union {
 } _Elf64_Mips_R_Info_union;
 
 typedef struct {
-	Elf64_Addr r_offset; /* Address */
+	Elf64_Addr r_offset;		 /* Address */
 	_Elf64_Mips_R_Info_union r_info; /* Relocation type and symbol index */
 } Elf64_Mips_Rel;
 
 typedef struct {
-	Elf64_Addr r_offset; /* Address */
+	Elf64_Addr r_offset;		 /* Address */
 	_Elf64_Mips_R_Info_union r_info; /* Relocation type and symbol index */
-	Elf64_Sxword r_addend; /* Addend */
+	Elf64_Sxword r_addend;		 /* Addend */
 } Elf64_Mips_Rela;
 
 #define ELF64_MIPS_R_SYM(i) ((__extension__(_Elf64_Mips_R_Info_union)(i)).r_info_fields.r_sym)

compel/arch/mips/src/lib/include/uapi/asm/infect-types.h

@@ -56,10 +56,11 @@ static inline bool user_regs_native(user_regs_struct_t *pregs)
 #define compel_arch_get_tls_task(ctl, tls)
 #define compel_arch_get_tls_thread(tctl, tls)
 
-#define REG_RES(regs)	     ((regs).MIPS_v0)
-#define REG_IP(regs)	     ((regs).cp0_epc)
-#define REG_SP(regs)	     ((regs).MIPS_sp)
-#define REG_SYSCALL_NR(regs) ((regs).MIPS_v0)
+#define REG_RES(regs)	      ((regs).MIPS_v0)
+#define REG_IP(regs)	      ((regs).cp0_epc)
+#define SET_REG_IP(regs, val) ((regs).cp0_epc = (val))
+#define REG_SP(regs)	      ((regs).MIPS_sp)
+#define REG_SYSCALL_NR(regs)  ((regs).MIPS_v0)
 
 //#define __NR(syscall, compat)	((compat) ? __NR32_##syscall : __NR_##syscall)
 #define __NR(syscall, compat) __NR_##syscall

compel/arch/mips/src/lib/include/uapi/asm/siginfo.h

@@ -52,14 +52,14 @@ typedef struct siginfo {
 
 		/* kill() */
 		struct {
-			__kernel_pid_t _pid; /* sender's pid */
+			__kernel_pid_t _pid;  /* sender's pid */
 			__ARCH_SI_UID_T _uid; /* sender's uid */
 		} _kill;
 
 		/* POSIX.1b timers */
 		struct {
 			__kernel_timer_t _tid; /* timer id */
-			int _overrun; /* overrun count */
+			int _overrun;	       /* overrun count */
 			char _pad[sizeof(__ARCH_SI_UID_T) - sizeof(int)];
 			sigval_t _sigval; /* same as below */
 			int _sys_private; /* not to be passed to user */
@@ -67,16 +67,16 @@ typedef struct siginfo {
 
 		/* POSIX.1b signals */
 		struct {
-			__kernel_pid_t _pid; /* sender's pid */
+			__kernel_pid_t _pid;  /* sender's pid */
 			__ARCH_SI_UID_T _uid; /* sender's uid */
 			sigval_t _sigval;
 		} _rt;
 
 		/* SIGCHLD */
 		struct {
-			__kernel_pid_t _pid; /* which child */
+			__kernel_pid_t _pid;  /* which child */
 			__ARCH_SI_UID_T _uid; /* sender's uid */
-			int _status; /* exit code */
+			int _status;	      /* exit code */
 			__ARCH_SI_CLOCK_T _utime;
 			__ARCH_SI_CLOCK_T _stime;
 		} _sigchld;
@@ -104,8 +104,8 @@ typedef struct siginfo {
 
 		/* SIGSYS */
 		struct {
-			void *_call_addr; /* calling user insn */
-			int _syscall; /* triggering system call number */
+			void *_call_addr;   /* calling user insn */
+			int _syscall;	    /* triggering system call number */
 			unsigned int _arch; /* AUDIT_ARCH_* of syscall */
 		} _sigsys;
 	} _sifields;

compel/arch/mips/src/lib/infect.c

@@ -24,7 +24,7 @@
  */
 const char code_syscall[] = {
 	0x0c, 0x00, 0x00, 0x00, /* syscall    */
-	0x0d, 0x00, 0x00, 0x00 /*  break      */
+	0x0d, 0x00, 0x00, 0x00	/*  break      */
 };
 
 /* 10-byte legacy floating point register */
@@ -119,10 +119,9 @@ int sigreturn_prep_fpu_frame_plain(struct rt_sigframe *sigframe, struct rt_sigfr
 	return 0;
 }
 
-int compel_get_task_regs(pid_t pid, user_regs_struct_t *regs, user_fpregs_struct_t *ext_regs, save_regs_t save,
+int compel_get_task_regs(pid_t pid, user_regs_struct_t *regs, user_fpregs_struct_t *xs, save_regs_t save,
 			 void *arg, __maybe_unused unsigned long flags)
 {
-	user_fpregs_struct_t xsave = {}, *xs = ext_regs ? ext_regs : &xsave;
 	int ret = -1;
 
 	pr_info("Dumping GP/FPU registers for %d\n", pid);
@@ -150,7 +149,7 @@ int compel_get_task_regs(pid_t pid, user_regs_struct_t *regs, user_fpregs_struct
 		regs->regs[0] = 0;
 	}
 
-	ret = save(arg, regs, xs);
+	ret = save(pid, arg, regs, xs);
 	return ret;
 }
 

compel/arch/ppc64/plugins/std/syscalls/syscall-ppc64.tbl

@@ -82,7 +82,7 @@ __NR_sys_timer_settime	241		sys_timer_settime	(kernel_timer_t timer_id, int flag
 __NR_sys_timer_gettime	242		sys_timer_gettime	(int timer_id, const struct itimerspec *setting)
 __NR_sys_timer_getoverrun	243		sys_timer_getoverrun	(int timer_id)
 __NR_sys_timer_delete	244		sys_timer_delete	(kernel_timer_t timer_id)
-__NR_clock_gettime	246		sys_clock_gettime	(const clockid_t which_clock, const struct timespec *tp)
+__NR_clock_gettime	246		sys_clock_gettime	(clockid_t which_clock, struct timespec *tp)
 __NR_exit_group		234		sys_exit_group		(int error_code)
 __NR_waitid		272		sys_waitid		(int which, pid_t pid, struct siginfo *infop, int options, struct rusage *ru)
 __NR_set_robust_list	300		sys_set_robust_list	(struct robust_list_head *head, size_t len)
@@ -108,9 +108,15 @@ __NR_gettimeofday	78		sys_gettimeofday	(struct timeval *tv, struct timezone *tz)
 __NR_preadv		320		sys_preadv_raw		(int fd, struct iovec *iov, unsigned long nr, unsigned long pos_l, unsigned long pos_h)
 __NR_userfaultfd	364		sys_userfaultfd		(int flags)
 __NR_ppoll		281		sys_ppoll		(struct pollfd *fds, unsigned int nfds, const struct timespec *tmo, const sigset_t *sigmask, size_t sigsetsize)
+__NR_open_tree		428		sys_open_tree		(int dirfd, const char *pathname, unsigned int flags)
+__NR_move_mount		429		sys_move_mount		(int from_dfd, const char *from_pathname, int to_dfd, const char *to_pathname, int flags)
 __NR_fsopen		430		sys_fsopen		(char *fsname, unsigned int flags)
 __NR_fsconfig		431		sys_fsconfig		(int fd, unsigned int cmd, const char *key, const char *value, int aux)
 __NR_fsmount		432		sys_fsmount		(int fd, unsigned int flags, unsigned int attr_flags)
 __NR_clone3		435		sys_clone3		(struct clone_args *uargs, size_t size)
+__NR_close_range	436		sys_close_range		(unsigned int fd, unsigned int max_fd, unsigned int flags)
 __NR_pidfd_open		434		sys_pidfd_open		(pid_t pid, unsigned int flags)
+__NR_openat2		437		sys_openat2		(int dirfd, char *pathname, struct open_how *how, size_t size)
 __NR_pidfd_getfd	438		sys_pidfd_getfd		(int pidfd, int targetfd, unsigned int flags)
+__NR_rseq       	387		sys_rseq		(void *rseq, uint32_t rseq_len, int flags, uint32_t sig)
+__NR_membarrier 	365		sys_membarrier		(int cmd, unsigned int flags, int cpu_id)

compel/arch/ppc64/src/lib/include/uapi/asm/infect-types.h

@@ -21,13 +21,13 @@ typedef struct {
 	unsigned long xer;
 	unsigned long ccr;
 	unsigned long softe; /* Soft enabled/disabled */
-	unsigned long trap; /* Reason for being here */
+	unsigned long trap;  /* Reason for being here */
 	/*
 	 * N.B. for critical exceptions on 4xx, the dar and dsisr
 	 * fields are overloaded to hold srr0 and srr1.
 	 */
-	unsigned long dar; /* Fault registers */
-	unsigned long dsisr; /* on 4xx/Book-E used for ESR */
+	unsigned long dar;    /* Fault registers */
+	unsigned long dsisr;  /* on 4xx/Book-E used for ESR */
 	unsigned long result; /* Result of a system call */
 } user_regs_struct_t;
 
@@ -72,10 +72,11 @@ typedef struct {
 	} tm;
 } user_fpregs_struct_t;
 
-#define REG_RES(regs)	     ((uint64_t)(regs).gpr[3])
-#define REG_IP(regs)	     ((uint64_t)(regs).nip)
-#define REG_SP(regs)	     ((uint64_t)(regs).gpr[1])
-#define REG_SYSCALL_NR(regs) ((uint64_t)(regs).gpr[0])
+#define REG_RES(regs)	      ((uint64_t)(regs).gpr[3])
+#define REG_IP(regs)	      ((uint64_t)(regs).nip)
+#define SET_REG_IP(regs, val) ((regs).nip = (val))
+#define REG_SP(regs)	      ((uint64_t)(regs).gpr[1])
+#define REG_SYSCALL_NR(regs)  ((uint64_t)(regs).gpr[0])
 
 #define user_regs_native(pregs) true
 

compel/arch/ppc64/src/lib/include/uapi/asm/sigframe.h

@@ -14,7 +14,7 @@
  */
 #include <signal.h>
 
-// XXX: the idetifier rt_sigcontext is expected to be struct by the CRIU code
+// XXX: the identifier rt_sigcontext is expected to be struct by the CRIU code
 #define rt_sigcontext sigcontext
 
 #include <compel/sigframe-common.h>
@@ -23,6 +23,11 @@
 
 /* Copied from the Linux kernel header arch/powerpc/include/asm/ptrace.h */
 #define USER_REDZONE_SIZE 512
+#if _CALL_ELF != 2
+#error Only supporting ABIv2.
+#else
+#define STACK_FRAME_MIN_SIZE 32
+#endif
 
 /* Copied from the Linux kernel source file arch/powerpc/kernel/signal_64.c */
 #define TRAMP_SIZE 6

compel/arch/ppc64/src/lib/infect.c

@@ -11,6 +11,7 @@
 #include "log.h"
 #include "common/bug.h"
 #include "common/page.h"
+#include "common/err.h"
 #include "infect.h"
 #include "infect-priv.h"
 
@@ -30,7 +31,7 @@ unsigned __page_shift = 0;
  */
 const uint32_t code_syscall[] = {
 	0x44000002, /* sc 		*/
-	0x0fe00000 /* twi 31,0,0	*/
+	0x0fe00000  /* twi 31,0,0	*/
 };
 
 static inline __always_unused void __check_code_syscall(void)
@@ -303,34 +304,59 @@ out_free:
 	return -1; /* still failing the checkpoint */
 }
 
-static int __get_task_regs(pid_t pid, user_regs_struct_t *regs, user_fpregs_struct_t *fpregs)
-{
-	pr_info("Dumping GP/FPU registers for %d\n", pid);
+/*
+ * This is inspired by kernel function check_syscall_restart in
+ * arch/powerpc/kernel/signal.c
+ */
 
-	/*
-	 * This is inspired by kernel function check_syscall_restart in
-	 * arch/powerpc/kernel/signal.c
-	 */
 #ifndef TRAP
 #define TRAP(r) ((r).trap & ~0xF)
 #endif
 
-	if (TRAP(*regs) == 0x0C00 && regs->ccr & 0x10000000) {
-		/* Restart the system call */
-		switch (regs->gpr[3]) {
-		case ERESTARTNOHAND:
-		case ERESTARTSYS:
-		case ERESTARTNOINTR:
-			regs->gpr[3] = regs->orig_gpr3;
-			regs->nip -= 4;
-			break;
-		case ERESTART_RESTARTBLOCK:
-			pr_warn("Will restore %d with interrupted system call\n", pid);
-			regs->gpr[3] = EINTR;
-			break;
-		}
+static bool trap_is_scv(user_regs_struct_t *regs)
+{
+	return TRAP(*regs) == 0x3000;
+}
+
+static bool trap_is_syscall(user_regs_struct_t *regs)
+{
+	return trap_is_scv(regs) || TRAP(*regs) == 0x0C00;
+}
+
+static void handle_syscall(pid_t pid, user_regs_struct_t *regs)
+{
+	unsigned long ret = regs->gpr[3];
+
+	if (trap_is_scv(regs)) {
+		if (!IS_ERR_VALUE(ret))
+			return;
+		ret = -ret;
+	} else if (!(regs->ccr & 0x10000000)) {
+		return;
 	}
 
+	/* Restart or interrupt the system call */
+	switch (ret) {
+	case ERESTARTNOHAND:
+	case ERESTARTSYS:
+	case ERESTARTNOINTR:
+		regs->gpr[3] = regs->orig_gpr3;
+		regs->nip -= 4;
+		break;
+	case ERESTART_RESTARTBLOCK:
+		pr_warn("Will restore %d with interrupted system call\n", pid);
+		regs->gpr[3] = trap_is_scv(regs) ? -EINTR : EINTR;
+		break;
+	}
+}
+
+static int __get_task_regs(pid_t pid, user_regs_struct_t *regs, user_fpregs_struct_t *fpregs)
+{
+	pr_info("Dumping GP/FPU registers for %d\n", pid);
+
+	if (trap_is_syscall(regs))
+		handle_syscall(pid, regs);
+
 	/* Resetting trap since we are now coming from user space. */
 	regs->trap = 0;
 
@@ -365,17 +391,16 @@ static int __get_task_regs(pid_t pid, user_regs_struct_t *regs, user_fpregs_stru
 	return 0;
 }
 
-int compel_get_task_regs(pid_t pid, user_regs_struct_t *regs, user_fpregs_struct_t *ext_regs, save_regs_t save,
+int compel_get_task_regs(pid_t pid, user_regs_struct_t *regs, user_fpregs_struct_t *fpregs, save_regs_t save,
 			 void *arg, __maybe_unused unsigned long flags)
 {
-	user_fpregs_struct_t tmp, *fpregs = ext_regs ? ext_regs : &tmp;
 	int ret;
 
 	ret = __get_task_regs(pid, regs, fpregs);
 	if (ret)
 		return ret;
 
-	return save(arg, regs, fpregs);
+	return save(pid, arg, regs, fpregs);
 }
 
 int compel_set_task_ext_regs(pid_t pid, user_fpregs_struct_t *ext_regs)
@@ -441,13 +466,13 @@ void *remote_mmap(struct parasite_ctl *ctl, void *addr, size_t length, int prot,
 void parasite_setup_regs(unsigned long new_ip, void *stack, user_regs_struct_t *regs)
 {
 	/*
-	 * OpenPOWER ABI requires that r12 is set to the calling function addressi
+	 * OpenPOWER ABI requires that r12 is set to the calling function address
 	 * to compute the TOC pointer.
 	 */
 	regs->gpr[12] = new_ip;
 	regs->nip = new_ip;
 	if (stack)
-		regs->gpr[1] = (unsigned long)stack;
+		regs->gpr[1] = (unsigned long)stack - STACK_FRAME_MIN_SIZE;
 	regs->trap = 0;
 }
 

compel/arch/riscv64/plugins/include/asm/prologue.h

@@ -0,0 +1,35 @@
+#ifndef __ASM_PROLOGUE_H__
+#define __ASM_PROLOGUE_H__
+
+#ifndef __ASSEMBLY__
+
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <sys/un.h>
+
+#include <errno.h>
+
+#define sys_recv(sockfd, ubuf, size, flags) sys_recvfrom(sockfd, ubuf, size, flags, NULL, NULL)
+
+typedef struct prologue_init_args {
+	struct sockaddr_un ctl_sock_addr;
+	unsigned int ctl_sock_addr_len;
+
+	unsigned int arg_s;
+	void *arg_p;
+
+	void *sigframe;
+} prologue_init_args_t;
+
+#endif /* __ASSEMBLY__ */
+
+/*
+ * Reserve enough space for sigframe.
+ *
+ * FIXME It is rather should be taken from sigframe header.
+ */
+#define PROLOGUE_SGFRAME_SIZE 4096
+
+#define PROLOGUE_INIT_ARGS_SIZE 1024
+
+#endif /* __ASM_PROLOGUE_H__ */

compel/arch/riscv64/plugins/include/asm/syscall-types.h

@@ -0,0 +1,28 @@
+#ifndef COMPEL_ARCH_SYSCALL_TYPES_H__
+#define COMPEL_ARCH_SYSCALL_TYPES_H__
+
+#define SA_RESTORER 0x04000000
+
+typedef void rt_signalfn_t(int, siginfo_t *, void *);
+typedef rt_signalfn_t *rt_sighandler_t;
+
+typedef void rt_restorefn_t(void);
+typedef rt_restorefn_t *rt_sigrestore_t;
+
+#define _KNSIG	  64 // number of signals
+#define _NSIG_BPW 64 // number of signals per word
+
+#define _KNSIG_WORDS (_KNSIG / _NSIG_BPW)
+
+typedef struct {
+	unsigned long sig[_KNSIG_WORDS];
+} k_rtsigset_t;
+
+typedef struct {
+	rt_sighandler_t rt_sa_handler;
+	unsigned long rt_sa_flags;
+	rt_sigrestore_t rt_sa_restorer;
+	k_rtsigset_t rt_sa_mask;
+} rt_sigaction_t;
+
+#endif /* COMPEL_ARCH_SYSCALL_TYPES_H__ */

compel/arch/riscv64/plugins/include/features.h

@@ -0,0 +1,4 @@
+#ifndef __COMPEL_ARCH_FEATURES_H
+#define __COMPEL_ARCH_FEATURES_H
+
+#endif /* __COMPEL_ARCH_FEATURES_H */

compel/arch/riscv64/plugins/std/parasite-head.S

@@ -0,0 +1,7 @@
+#include "common/asm/linkage.h"
+
+	.section .head.text, "ax"
+ENTRY(__export_parasite_head_start)
+	jal parasite_service
+	ebreak
+END(__export_parasite_head_start)

compel/arch/riscv64/plugins/std/syscalls/Makefile.syscalls

@@ -0,0 +1,59 @@
+ccflags-y		+= -iquote $(PLUGIN_ARCH_DIR)/std/syscalls/
+asflags-y		+= -iquote $(PLUGIN_ARCH_DIR)/std/syscalls/
+
+sys-types		:= $(obj)/include/uapi/std/syscall-types.h
+sys-codes		:= $(obj)/include/uapi/std/syscall-codes.h
+sys-proto		:= $(obj)/include/uapi/std/syscall.h
+
+sys-def			:= $(PLUGIN_ARCH_DIR)/std/syscalls/syscall.def
+sys-asm-common-name	:= std/syscalls/syscall-common.S
+sys-asm-common		:= $(PLUGIN_ARCH_DIR)/$(sys-asm-common-name)
+sys-asm-types		:= $(obj)/include/uapi/std/asm/syscall-types.h
+sys-exec-tbl		 = $(PLUGIN_ARCH_DIR)/std/sys-exec-tbl.c
+
+sys-gen			:= $(PLUGIN_ARCH_DIR)/std/syscalls/gen-syscalls.pl
+sys-gen-tbl		:= $(PLUGIN_ARCH_DIR)/std/syscalls/gen-sys-exec-tbl.pl
+
+sys-asm			:= ./$(PLUGIN_ARCH_DIR)/std/syscalls/syscalls.S
+std-lib-y		+= $(sys-asm:.S=).o
+
+ifeq ($(ARCH),arm)
+arch_bits		:= 32
+else
+arch_bits		:= 64
+endif
+
+sys-exec-tbl		:= sys-exec-tbl.c
+
+$(sys-asm) $(sys-types) $(sys-codes) $(sys-proto): $(sys-gen) $(sys-def) $(sys-asm-common) $(sys-asm-types)
+	$(E) "  GEN     " $@
+	$(Q) perl				\
+		$(sys-gen)			\
+		$(sys-def)			\
+		$(sys-codes)			\
+		$(sys-proto)			\
+		$(sys-asm)			\
+		$(sys-asm-common-name)		\
+		$(sys-types)			\
+		$(arch_bits)
+
+$(sys-asm:.S=).o: $(sys-asm)
+
+$(sys-exec-tbl): $(sys-gen-tbl) $(sys-def)
+	$(E) "  GEN     " $@
+	$(Q) perl				\
+		$(sys-gen-tbl)			\
+		$(sys-def)			\
+		$(sys-exec-tbl)			\
+		$(arch_bits)
+
+$(sys-asm-types): $(PLUGIN_ARCH_DIR)/include/asm/syscall-types.h
+	$(call msg-gen, $@)
+	$(Q) ln -s ../../../../../../$(PLUGIN_ARCH_DIR)/include/asm/syscall-types.h $(sys-asm-types)
+	$(Q) ln -s ../../../../../$(PLUGIN_ARCH_DIR)/std/syscalls/syscall-aux.S $(obj)/include/uapi/std/syscall-aux.S
+	$(Q) ln -s ../../../../../$(PLUGIN_ARCH_DIR)/std/syscalls/syscall-aux.h $(obj)/include/uapi/std/syscall-aux.h
+
+std-headers-deps	+= $(sys-asm) $(sys-codes) $(sys-proto) $(sys-asm-types) $(sys-codes)
+mrproper-y		+= $(std-headers-deps)
+mrproper-y		+= $(obj)/include/uapi/std/syscall-aux.S
+mrproper-y		+= $(obj)/include/uapi/std/syscall-aux.h

compel/arch/riscv64/plugins/std/syscalls/gen-sys-exec-tbl.pl

@@ -0,0 +1,43 @@
+#!/usr/bin/perl
+
+use strict;
+use warnings;
+
+my $in		= $ARGV[0];
+my $tblout	= $ARGV[1];
+my $bits	= $ARGV[2];
+
+my $code	= "code$bits";
+
+open TBLOUT,	">", $tblout	or die $!;
+open IN,		"<", $in		or die $!;
+
+print TBLOUT "/* Autogenerated, don't edit */\n";
+print TBLOUT "static struct syscall_exec_desc sc_exec_table[] = {\n";
+
+for (<IN>) {
+	if ($_ =~ /\#/) {
+		next;
+	}
+
+	my $sys_name;
+	my $sys_num;
+
+	if (/(?<name>\S+)\s+(?<alias>\S+)\s+(?<code64>\d+|\!)\s+(?<code32>(?:\d+|\!))\s+\((?<args>.+)\)/) {
+		$sys_name = $+{alias};
+	} elsif (/(?<name>\S+)\s+(?<code64>\d+|\!)\s+(?<code32>(?:\d+|\!))\s+\((?<args>.+)\)/) {
+		$sys_name = $+{name};
+	} else {
+		unlink $tblout;
+		die "Invalid syscall definition file: invalid entry $_\n";
+	}
+
+	$sys_num = $+{$code};
+
+	if ($sys_num ne "!") {
+		print TBLOUT "SYSCALL($sys_name, $sys_num)\n";
+	}
+}
+
+print TBLOUT " 	{ }, /* terminator */";
+print TBLOUT "};"

compel/arch/riscv64/plugins/std/syscalls/gen-syscalls.pl

@@ -0,0 +1,99 @@
+#!/usr/bin/perl
+
+use strict;
+use warnings;
+
+my $in         = $ARGV[0];
+my $codesout   = $ARGV[1];
+my $codes      = $ARGV[1];
+$codes         =~ s/.*include\/uapi\//compel\/plugins\//g;
+my $protosout  = $ARGV[2];
+my $protos     = $ARGV[2];
+$protos        =~ s/.*include\/uapi\//compel\/plugins\//g;
+my $asmout     = $ARGV[3];
+my $asmcommon  = $ARGV[4];
+my $prototypes = $ARGV[5];
+$prototypes    =~ s/.*include\/uapi\//compel\/plugins\//g;
+my $bits       = $ARGV[6];
+
+my $codesdef   = $codes;
+$codesdef      =~ tr/.\-\//_/;
+my $protosdef  = $protos;
+$protosdef     =~ tr/.\-\//_/;
+my $code       = "code$bits";
+my $need_aux   = 0;
+
+unlink $codesout;
+unlink $protosout;
+unlink $asmout;
+
+open CODESOUT,	">", $codesout	or die $!;
+open PROTOSOUT, ">", $protosout or die $!;
+open ASMOUT,	">", $asmout	or die $!;
+open IN,	"<", $in	or die $!;
+
+print CODESOUT <<"END";
+/* Autogenerated, don't edit */
+#ifndef $codesdef
+#define $codesdef
+END
+
+print PROTOSOUT <<"END";
+/* Autogenerated, don't edit */
+#ifndef $protosdef
+#define $protosdef
+#include <$prototypes>
+#include <$codes>
+END
+
+print ASMOUT <<"END";
+/* Autogenerated, don't edit */
+#include <$codes>
+#include "$asmcommon"
+END
+
+
+for (<IN>) {
+	if ($_ =~ /\#/) {
+		next;
+	}
+
+	my $code_macro;
+	my $sys_macro;
+	my $sys_name;
+
+	if (/(?<name>\S+)\s+(?<alias>\S+)\s+(?<code64>\d+|\!)\s+(?<code32>(?:\d+|\!))\s+\((?<args>.+)\)/) {
+		$code_macro = "__NR_$+{name}";
+		$sys_macro  = "SYS_$+{name}";
+		$sys_name   = "sys_$+{alias}";
+	} elsif (/(?<name>\S+)\s+(?<code64>\d+|\!)\s+(?<code32>(?:\d+|\!))\s+\((?<args>.+)\)/) {
+		$code_macro = "__NR_$+{name}";
+		$sys_macro  = "SYS_$+{name}";
+		$sys_name   = "sys_$+{name}";
+	} else {
+		unlink $codesout;
+		unlink $protosout;
+		unlink $asmout;
+
+		die "Invalid syscall definition file: invalid entry $_\n";
+	}
+
+	if ($+{$code} ne "!") {
+		print CODESOUT "#ifndef $code_macro\n#define $code_macro $+{$code}\n#endif\n";
+		print CODESOUT "#ifndef $sys_macro\n#define $sys_macro $code_macro\n#endif\n";
+		print ASMOUT "syscall $sys_name, $code_macro\n";
+
+	} else {
+		$need_aux = 1;
+	}
+
+	print PROTOSOUT "extern long $sys_name($+{args});\n";
+}
+
+if ($need_aux == 1) {
+	print ASMOUT   "#include <compel/plugins/std/syscall-aux.S>\n";
+	print CODESOUT "#include <compel/plugins/std/syscall-aux.h>\n";
+}
+
+print CODESOUT  "#endif /* $codesdef */";
+print PROTOSOUT "#endif /* $protosdef */";

compel/arch/riscv64/plugins/std/syscalls/syscall-aux.S

@@ -0,0 +1,37 @@
+/**
+ * This source contains emulation of syscalls
+ * that are not implemented in the riscv64 Linux kernel
+ */
+
+ENTRY(sys_open)
+	add a3, x0, a2
+	add a2, x0, a1
+	add a1, x0, a0
+	addi a0, x0, -100
+	j   sys_openat
+END(sys_open)
+
+
+ENTRY(sys_mkdir)
+	add a3,x0, a2
+	add a2, x0, a1
+	add a1, x0, a0
+	addi a0, x0, -100
+	j   sys_mkdirat
+END(sys_mkdir)
+
+
+ENTRY(sys_rmdir)
+	addi a2, x0, 0x200		// flags = AT_REMOVEDIR
+	add a1, x0, a0
+	addi a0, x0, -100
+	j   sys_unlinkat
+END(sys_rmdir)
+
+
+ENTRY(sys_unlink)
+	addi a2, x0, 0		// flags = 0
+	add a1, x0, a0
+	addi a0, x0, -100
+	j   sys_unlinkat
+END(sys_unlink)

compel/arch/riscv64/plugins/std/syscalls/syscall-aux.h

@@ -0,0 +1,3 @@
+#ifndef __NR_openat
+#define __NR_openat 56
+#endif

compel/arch/riscv64/plugins/std/syscalls/syscall-common.S

@@ -0,0 +1,17 @@
+#include "common/asm/linkage.h"
+
+syscall_common:
+	ecall
+	ret
+
+.macro syscall name, nr
+	ENTRY(\name)
+		li	a7, \nr
+		j	syscall_common
+	END(\name)
+.endm
+
+ENTRY(__cr_restore_rt)
+	li	a7, __NR_rt_sigreturn
+	ecall
+END(__cr_restore_rt)

compel/arch/riscv64/plugins/std/syscalls/syscall.def

@@ -0,0 +1,125 @@
+#
+# System calls table, please make sure the table consists of only the syscalls
+# really used somewhere in the project.
+#
+# The template is (name and arguments are optional if you need only __NR_x
+# defined, but no real entry point in syscalls lib).
+#
+# name/alias			code64	code32	arguments
+# -----------------------------------------------------------------------
+#
+read				63	3	(int fd, void *buf, unsigned long count)
+write				64	4	(int fd, const void *buf, unsigned long count)
+open				!	5	(const char *filename, unsigned long flags, unsigned long mode)
+close				57	6	(int fd)
+lseek				62	19	(int fd, unsigned long offset, unsigned long origin)
+mmap				222	!	(void *addr, unsigned long len, unsigned long prot, unsigned long flags, unsigned long fd, unsigned long offset)
+mprotect			226	125	(const void *addr, unsigned long len, unsigned long prot)
+munmap				215	91	(void *addr, unsigned long len)
+brk				214	45	(void *addr)
+rt_sigaction	sigaction	134	174	(int signum, const rt_sigaction_t *act, rt_sigaction_t *oldact, size_t sigsetsize)
+rt_sigprocmask	sigprocmask	135	175	(int how, k_rtsigset_t *set, k_rtsigset_t *old, size_t sigsetsize)
+rt_sigreturn			139	173	(void)
+ioctl				29	54	(unsigned int fd, unsigned int cmd, unsigned long arg)
+pread64				67	180	(unsigned int fd, char *buf, size_t count, loff_t pos)
+ptrace				117	26	(long request, pid_t pid, void *addr, void *data)
+mremap				216	163	(unsigned long addr, unsigned long old_len, unsigned long new_len, unsigned long flag, unsigned long new_addr)
+mincore				232	219	(void *addr, unsigned long size, unsigned char *vec)
+madvise				233	220	(unsigned long start, size_t len, int behavior)
+shmat				196	305	(int shmid, void *shmaddr, int shmflag)
+pause				1061	29	(void)
+nanosleep			101	162	(struct timespec *req, struct timespec *rem)
+getitimer			102	105	(int which, const struct itimerval *val)
+setitimer			103	104	(int which, const struct itimerval *val, struct itimerval *old)
+getpid				172	20	(void)
+socket				198	281	(int domain, int type, int protocol)
+connect				203	283	(int sockfd, struct sockaddr *addr, int addrlen)
+sendto				206	290	(int sockfd, void *buff, size_t len, unsigned int flags, struct sockaddr *addr, int addr_len)
+recvfrom			207	292	(int sockfd, void *ubuf, size_t size, unsigned int flags, struct sockaddr *addr, int *addr_len)
+sendmsg				211	296	(int sockfd, const struct msghdr *msg, int flags)
+recvmsg				212	297	(int sockfd, struct msghdr *msg, int flags)
+shutdown			210	293	(int sockfd, int how)
+bind				235	282	(int sockfd, const struct sockaddr *addr, int addrlen)
+setsockopt			208	294	(int sockfd, int level, int optname, const void *optval, socklen_t optlen)
+getsockopt			209	295	(int sockfd, int level, int optname, const void *optval, socklen_t *optlen)
+clone				220	120	(unsigned long flags, void *child_stack, void *parent_tid, unsigned long newtls, void *child_tid)
+exit				93	1	(unsigned long error_code)
+wait4				260	114	(int pid, int *status, int options, struct rusage *ru)
+waitid				95	280	(int which, pid_t pid, struct siginfo *infop, int options, struct rusage *ru)
+kill				129	37	(long pid, int sig)
+fcntl				25	55	(int fd, int type, long arg)
+flock				32	143	(int fd, unsigned long cmd)
+mkdir				!	39	(const char *name, int mode)
+rmdir				!	40	(const char *name)
+unlink				!	10	(char *pathname)
+readlinkat			78	332	(int fd, const char *path, char *buf, int bufsize)
+umask				166	60	(int mask)
+getgroups			158	205	(int gsize, unsigned int *groups)
+setgroups			159	206	(int gsize, unsigned int *groups)
+setresuid			147	164	(int uid, int euid, int suid)
+getresuid			148	165	(int *uid, int *euid, int *suid)
+setresgid			149	170	(int gid, int egid, int sgid)
+getresgid			150	171	(int *gid, int *egid, int *sgid)
+getpgid				155	132	(pid_t pid)
+setfsuid			151	138	(int fsuid)
+setfsgid			152	139	(int fsgid)
+getsid				156	147	(void)
+capget				90	184	(struct cap_header *h, struct cap_data *d)
+capset				91	185	(struct cap_header *h, struct cap_data *d)
+rt_sigqueueinfo			138	178	(pid_t pid, int sig, siginfo_t *info)
+setpriority			140	97	(int which, int who, int nice)
+sched_setscheduler		119	156	(int pid, int policy, struct sched_param *p)
+sigaltstack			132	186	(const void *uss, void *uoss)
+personality			92	136	(unsigned int personality)
+prctl				167	172	(int option, unsigned long arg2, unsigned long arg3, unsigned long arg4, unsigned long arg5)
+arch_prctl			!	17	(int option, unsigned long addr)
+setrlimit			164	75	(int resource, struct krlimit *rlim)
+mount				40	21	(char *dev_nmae, char *dir_name, char *type, unsigned long flags, void *data)
+umount2				39	52	(char *name, int flags)
+gettid				178	224	(void)
+futex				98	240	(uint32_t *uaddr, int op, uint32_t val, struct timespec *utime, uint32_t *uaddr2, uint32_t val3)
+set_tid_address			96	256	(int *tid_addr)
+restart_syscall			128	0	(void)
+timer_create			107	257	(clockid_t which_clock, struct sigevent *timer_event_spec, kernel_timer_t *created_timer_id)
+timer_settime			110	258	(kernel_timer_t timer_id, int flags, const struct itimerspec *new_setting, struct itimerspec *old_setting)
+timer_gettime			108	259	(int timer_id, const struct itimerspec *setting)
+timer_getoverrun		109	260	(int timer_id)
+timer_delete			111	261	(kernel_timer_t timer_id)
+clock_gettime			113	263	(clockid_t which_clock, struct timespec *tp)
+exit_group			94	248	(int error_code)
+set_robust_list			99	338	(struct robust_list_head *head, size_t len)
+get_robust_list			100	339	(int pid, struct robust_list_head **head_ptr, size_t *len_ptr)
+signalfd4			74	355	(int fd, k_rtsigset_t *mask, size_t sizemask, int flags)
+rt_tgsigqueueinfo		240	363	(pid_t tgid, pid_t pid, int sig, siginfo_t *info)
+vmsplice			75	343	(int fd, const struct iovec *iov, unsigned long nr_segs, unsigned int flags)
+timerfd_settime			86	353	(int ufd, int flags, const struct itimerspec *utmr, struct itimerspec *otmr)
+fanotify_init			262	367	(unsigned int flags, unsigned int event_f_flags)
+fanotify_mark			263	368	(int fanotify_fd, unsigned int flags, uint64_t mask, int dfd, const char *pathname)
+open_by_handle_at		265	371	(int mountdirfd, struct file_handle *handle, int flags)
+setns				268	375	(int fd, int nstype)
+kcmp				272	378	(pid_t pid1, pid_t pid2, int type, unsigned long idx1, unsigned long idx2)
+openat				56	322	(int dirfd, const char *pathname, int flags, mode_t mode)
+mkdirat				34	323	(int dirfd, const char *pathname, mode_t mode)
+unlinkat			35	328	(int dirfd, const char *pathname, int flags)
+memfd_create			279	385	(const char *name, unsigned int flags)
+io_setup			0	243	(unsigned nr_events, aio_context_t *ctx)
+io_submit			2	246	(aio_context_t ctx_id, long nr, struct iocb **iocbpp)
+io_getevents			4	245	(aio_context_t ctx, long min_nr, long nr, struct io_event *evs, struct timespec *tmo)
+seccomp				277	383	(unsigned int op, unsigned int flags, const char *uargs)
+gettimeofday			169	78	(struct timeval *tv, struct timezone *tz)
+preadv_raw			69	361	(int fd, struct iovec *iov, unsigned long nr, unsigned long pos_l, unsigned long pos_h)
+userfaultfd			282	388	(int flags)
+fallocate			47	352	(int fd, int mode, loff_t offset, loff_t len)
+cacheflush			!	983042	(void *start, void *end, int flags)
+ppoll				73	336	(struct pollfd *fds, unsigned int nfds, const struct timespec *tmo, const sigset_t *sigmask, size_t sigsetsize)
+fsopen				430	430	(char *fsname, unsigned int flags)
+fsconfig			431	431	(int fd, unsigned int cmd, const char *key, const char *value, int aux)
+fsmount				432	432	(int fd, unsigned int flags, unsigned int attr_flags)
+clone3				435	435	(struct clone_args *uargs, size_t size)
+pidfd_open			434	434	(pid_t pid, unsigned int flags)
+pidfd_getfd			438	438	(int pidfd, int targetfd, unsigned int flags)
+rseq				293 	293 	(void *rseq, uint32_t rseq_len, int flags, uint32_t sig)
+move_mount          		429	429	(int from_dfd, const char *from_pathname, int to_dfd, const char *to_pathname, int flags)
+open_tree			428	428	(int dirfd, const char *pathname, unsigned int flags)
+openat2				437	437	(int dirfd, char *pathname, struct open_how *how, size_t size)
+membarrier 			283	283	(int cmd, unsigned int flags, int cpu_id)

compel/arch/riscv64/scripts/compel-pack.lds.S

@@ -0,0 +1,32 @@
+OUTPUT_ARCH(riscv)
+EXTERN(__export_parasite_head_start)
+
+SECTIONS
+{
+	.crblob 0x0 : {
+		*(.head.text)
+		ASSERT(DEFINED(__export_parasite_head_start),
+			"Symbol __export_parasite_head_start is missing");
+		*(.text*)
+		. = ALIGN(32);
+		*(.data*)
+		. = ALIGN(32);
+		*(.rodata*)
+		. = ALIGN(32);
+		*(.bss*)
+		. = ALIGN(32);
+		*(.got*)
+		. = ALIGN(32);
+		*(.toc*)
+		. = ALIGN(32);
+	} =0x00000000,
+
+	/DISCARD/ : {
+		*(.debug*)
+		*(.comment*)
+		*(.note*)
+		*(.group*)
+		*(.eh_frame*)
+		*(*)
+	}
+}