skipped 4 lines 5 5 #include <string.h> 6 6 #include <errno.h> 7 7 #include <stdbool.h> 8 - #include <limits.h> 9 8 #include <signal.h> 10 9 #include <unistd.h> 11 10 #include <dirent.h> skipped 5 lines 17 16 #include <sys/param.h> 18 17 #include <sys/types.h> 19 18 #include <sys/ptrace.h> 20 - #include <sys/time.h> 21 - #include <sys/resource.h> 22 19 #include <sys/stat.h> 23 20 #include <sys/mman.h> 24 21 #include <sys/wait.h> skipped 4 lines 29 26 #include <sched.h> 30 27 #include <ctype.h> 31 28 32 - #include "bitops.h" 33 29 #include "page.h" 34 - #include "common/compiler.h" 35 - #include "common/list.h" 36 30 #include "util.h" 37 - #include "rst-malloc.h" 38 31 #include "image.h" 39 32 #include "vma.h" 40 33 #include "mem.h" skipped 2 lines 43 36 44 37 #include "clone-noasan.h" 45 38 #include "cr_options.h" 46 - #include "servicefd.h" 47 39 #include "cr-service.h" 48 40 #include "files.h" 49 41 #include "pstree.h" skipped 370 lines 420 412 va_end(args); 421 413 422 414 return openat(dirfd, path, flags); 423 - } 424 - 425 - /* Max potentially possible fd to be open by criu process */ 426 - int service_fd_rlim_cur; 427 - /* Base of current process service fds set */ 428 - static int service_fd_base; 429 - /* Id of current process in shared fdt */ 430 - static int service_fd_id = 0; 431 - 432 - int init_service_fd(void) 433 - { 434 - struct rlimit64 rlimit; 435 - 436 - /* 437 - * Service FDs are those that most likely won't 438 - * conflict with any 'real-life' ones 439 - */ 440 - 441 - if (syscall(__NR_prlimit64, getpid(), RLIMIT_NOFILE, NULL, &rlimit)) { 442 - pr_perror("Can't get rlimit"); 443 - return -1; 444 - } 445 - 446 - service_fd_rlim_cur = (int)rlimit.rlim_cur; 447 - 448 - return 0; 449 - } 450 - 451 - static int __get_service_fd(enum sfd_type type, int service_fd_id) 452 - { 453 - return service_fd_base - type - SERVICE_FD_MAX * service_fd_id; 454 - } 455 - 456 - int service_fd_min_fd(struct pstree_item *item) 457 - { 458 - struct fdt *fdt = rsti(item)->fdt; 459 - int id = 0; 460 - 461 - if (fdt) 462 - id = fdt->nr - 1; 463 - return service_fd_rlim_cur - (SERVICE_FD_MAX - 1) - SERVICE_FD_MAX * id; 464 - } 465 - 466 - static DECLARE_BITMAP(sfd_map, SERVICE_FD_MAX); 467 - static int sfd_arr[SERVICE_FD_MAX]; 468 - /* 469 - * Variable for marking areas of code, where service fds modifications 470 - * are prohibited. It's used to safe them from reusing their numbers 471 - * by ordinary files. See install_service_fd() and close_service_fd(). 472 - */ 473 - bool sfds_protected = false; 474 - 475 - static void sfds_protection_bug(enum sfd_type type) 476 - { 477 - pr_err("Service fd %u is being modified in protected context\n", type); 478 - print_stack_trace(current ? vpid(current) : 0); 479 - BUG(); 480 - } 481 - 482 - int install_service_fd(enum sfd_type type, int fd) 483 - { 484 - int sfd = __get_service_fd(type, service_fd_id); 485 - 486 - BUG_ON((int)type <= SERVICE_FD_MIN || (int)type >= SERVICE_FD_MAX); 487 - if (sfds_protected && !test_bit(type, sfd_map)) 488 - sfds_protection_bug(type); 489 - 490 - if (service_fd_base == 0) { 491 - if (test_bit(type, sfd_map)) 492 - close(sfd_arr[type]); 493 - sfd_arr[type] = fd; 494 - set_bit(type, sfd_map); 495 - return fd; 496 - } 497 - 498 - if (dup3(fd, sfd, O_CLOEXEC) != sfd) { 499 - pr_perror("Dup %d -> %d failed", fd, sfd); 500 - close(fd); 501 - return -1; 502 - } 503 - 504 - set_bit(type, sfd_map); 505 - close(fd); 506 - return sfd; 507 - } 508 - 509 - int get_service_fd(enum sfd_type type) 510 - { 511 - BUG_ON((int)type <= SERVICE_FD_MIN || (int)type >= SERVICE_FD_MAX); 512 - 513 - if (!test_bit(type, sfd_map)) 514 - return -1; 515 - 516 - if (service_fd_base == 0) 517 - return sfd_arr[type]; 518 - 519 - return __get_service_fd(type, service_fd_id); 520 - } 521 - 522 - int criu_get_image_dir(void) 523 - { 524 - return get_service_fd(IMG_FD_OFF); 525 - } 526 - 527 - int close_service_fd(enum sfd_type type) 528 - { 529 - int fd; 530 - 531 - if (sfds_protected) 532 - sfds_protection_bug(type); 533 - 534 - fd = get_service_fd(type); 535 - if (fd < 0) 536 - return 0; 537 - 538 - if (close_safe(&fd)) 539 - return -1; 540 - 541 - clear_bit(type, sfd_map); 542 - return 0; 543 - } 544 - 545 - static void move_service_fd(struct pstree_item *me, int type, int new_id, int new_base) 546 - { 547 - int old = get_service_fd(type); 548 - int new = new_base - type - SERVICE_FD_MAX * new_id; 549 - int ret; 550 - 551 - if (old < 0) 552 - return; 553 - ret = dup2(old, new); 554 - if (ret == -1) { 555 - if (errno != EBADF) 556 - pr_perror("Unable to clone %d->%d", old, new); 557 - } else if (!(rsti(me)->clone_flags & CLONE_FILES)) 558 - close(old); 559 - } 560 - 561 - static int choose_service_fd_base(struct pstree_item *me) 562 - { 563 - int nr, real_nr, fdt_nr = 1, id = rsti(me)->service_fd_id; 564 - 565 - if (rsti(me)->fdt) { 566 - /* The base is set by owner of fdt (id 0) */ 567 - if (id != 0) 568 - return service_fd_base; 569 - fdt_nr = rsti(me)->fdt->nr; 570 - } 571 - /* Now find process's max used fd number */ 572 - if (!list_empty(&rsti(me)->fds)) 573 - nr = list_entry(rsti(me)->fds.prev, 574 - struct fdinfo_list_entry, ps_list)->fe->fd; 575 - else 576 - nr = -1; 577 - 578 - nr = max(nr, inh_fd_max); 579 - /* 580 - * Service fds go after max fd near right border of alignment: 581 - * 582 - * ...|max_fd|max_fd+1|...|sfd first|...|sfd last (aligned)| 583 - * 584 - * So, they take maximum numbers of area allocated by kernel. 585 - * See linux alloc_fdtable() for details. 586 - */ 587 - nr += (SERVICE_FD_MAX - SERVICE_FD_MIN) * fdt_nr; 588 - nr += 16; /* Safety pad */ 589 - real_nr = nr; 590 - 591 - nr /= (1024 / sizeof(void *)); 592 - if (nr) 593 - nr = 1 << (32 - __builtin_clz(nr)); 594 - else 595 - nr = 1; 596 - nr *= (1024 / sizeof(void *)); 597 - 598 - if (nr > service_fd_rlim_cur) { 599 - /* Right border is bigger, than rlim. OK, then just aligned value is enough */ 600 - nr = round_down(service_fd_rlim_cur, (1024 / sizeof(void *))); 601 - if (nr < real_nr) { 602 - pr_err("Can't chose service_fd_base: %d %d\n", nr, real_nr); 603 - return -1; 604 - } 605 - } 606 - 607 - return nr; 608 - } 609 - 610 - int clone_service_fd(struct pstree_item *me) 611 - { 612 - int id, new_base, i, ret = -1; 613 - 614 - new_base = choose_service_fd_base(me); 615 - id = rsti(me)->service_fd_id; 616 - 617 - if (new_base == -1) 618 - return -1; 619 - if (service_fd_base == new_base && service_fd_id == id) 620 - return 0; 621 - 622 - /* Dup sfds in memmove() style: they may overlap */ 623 - if (get_service_fd(LOG_FD_OFF) < new_base - LOG_FD_OFF - SERVICE_FD_MAX * id) 624 - for (i = SERVICE_FD_MIN + 1; i < SERVICE_FD_MAX; i++) 625 - move_service_fd(me, i, id, new_base); 626 - else 627 - for (i = SERVICE_FD_MAX - 1; i > SERVICE_FD_MIN; i--) 628 - move_service_fd(me, i, id, new_base); 629 - 630 - service_fd_base = new_base; 631 - service_fd_id = id; 632 - ret = 0; 633 - 634 - return ret; 635 - } 636 - 637 - bool is_any_service_fd(int fd) 638 - { 639 - int sfd_min_fd = __get_service_fd(SERVICE_FD_MAX, service_fd_id); 640 - int sfd_max_fd = __get_service_fd(SERVICE_FD_MIN, service_fd_id); 641 - 642 - if (fd > sfd_min_fd && fd < sfd_max_fd) { 643 - int type = SERVICE_FD_MAX - (fd - sfd_min_fd); 644 - if (type > SERVICE_FD_MIN && type < SERVICE_FD_MAX) 645 - return !!test_bit(type, sfd_map); 646 - } 647 - 648 - return false; 649 - } 650 - 651 - bool is_service_fd(int fd, enum sfd_type type) 652 - { 653 - return fd == get_service_fd(type); 654 415 } 655 416 656 417 int copy_file(int fd_in, int fd_out, size_t bytes) skipped 951 lines