[CRIU] [PATCH] restore: Defer new net-namespace creation until forked
Andrew Vagin
avagin at parallels.com
Mon Oct 27 13:02:04 PDT 2014
On Mon, Oct 27, 2014 at 07:19:03PM +0300, Cyrill Gorcunov wrote:
> Some kernel modules such as pktgen runs kthred upon
> new-net creation taking last_pid we were requested.
> Lets workaround this problem using clone + unshare
> bundle.
>
> Signed-off-by: Cyrill Gorcunov <gorcunov at openvz.org>
> ---
> cr-restore.c | 18 +++++++++++++++++-
> 1 file changed, 17 insertions(+), 1 deletion(-)
>
> diff --git a/cr-restore.c b/cr-restore.c
> index d046f4bd0921..d3811cb7b5d7 100644
> --- a/cr-restore.c
> +++ b/cr-restore.c
> @@ -1086,8 +1086,16 @@ static inline int fork_with_pid(struct pstree_item *item)
> if (netns_pre_create())
> goto err_unlock;
>
> + /*
> + * Some kernel modules, such as netwrok packet generator
> + * run kernel thread upon net-namespace creattion taking
> + * the @pid we've been requeting via LAST_PID_PATH interface
> + * so that we can't restore a take with pid needed.
> + *
> + * Here is an idea -- unhare net namespace in callee instead.
> + */
> ret = clone(restore_task_with_children, ca.stack_ptr,
> - ca.clone_flags | SIGCHLD, &ca);
> + (ca.clone_flags & ~CLONE_NEWNET) | SIGCHLD, &ca);
>
> if (ret < 0) {
> pr_perror("Can't fork for %d", pid);
> @@ -1395,6 +1403,14 @@ static int restore_task_with_children(void *_arg)
> if ( !(ca->clone_flags & CLONE_FILES))
> close_safe(&ca->fd);
>
> + if (ca->clone_flags & CLONE_NEWNET) {
> + ret = unshare(CLONE_NEWNET);
> + if (ret) {
> + pr_perror("Can't unshare net-namespace");
> + goto err;
> + }
> + }
I would prefer to move this code after:
if (current->pid.virt != pid) {
pr_err("Pid %d do not match expected %d\n", pid, current->pid.virt);
goto err;
}
And now we doesn't support nested net namespaces, so we can have it in
the "Restore root task" blob.
> +
> if (current->state != TASK_HELPER) {
> ret = clone_service_fd(rsti(current)->service_fd_id);
> if (ret)
> --
> 1.9.3
>
More information about the CRIU
mailing list