rseq() c/r support

[mihalicyn]

This is patchset provides the rseq() C/R support

There are four patches which provide desired support:
cr-dump: handle rseq/rseq_cs flags properly

Userspace may configure rseq cs abort policy by
setting RSEQ_CS_FLAG_NO_RESTART_ON_* flags.

In ("cr-dump: fixup thread IP when inside rseq cs") we have supported
the case when process was caught by CRIU during rseq cs execution by
fixing up IP to abort_ip. Thats a common case, but there is special flag
called RSEQ_CS_FLAG_NO_RESTART_ON_SIGNAL, in this case we have to leave
process IP as it was before CRIU seized it. Unfortunately, that's not
all that we need here. We also must preserve (struct rseq)->rseq_cs field.

You may ask like "why we need to preserve it by hands? CRIU is dumping
all process memory and restores it". That's true. But not so easy. The problem
here is that the kernel performs this field cleanup when it realized that
the process gets out of rseq cs. But during dump/restore procedures we are
executing parasite/restorer from the process context. It means that process
will get out of rseq cs in any case and (struct rseq)->rseq_cs will be cleared
by the kernel. So we need to restore this field by hands at the *last* stage
of restore just before releasing processes.

cr-dump: fixup thread IP when inside rseq cs

If we caught the process when it's inside rseq
critical section we have to handle it properly.

From the kernel side of view, if the process
is executing inside the rseq cs and gets a signal,
rseq critical section execution will be interrupted
and after signal handler execution, we will proceed
to rseq cs abort handler instead of continuing normal
rseq cs execution (if RSEQ_CS_FLAG_NO_RESTART_ON_SIGNAL
isn't set).

When CRIU seizes processes that's the same thing as
getting signal from the rseq point of view. So we need
to fixup instruction pointer to rseq cs abort handler
address.

rseq: fail dump if rseq is used but host doesn't support get_rseq_conf feature

A lot of kernel versions lacks support for ptrace(PTRACE_GET_RSEQ_CONFIGURATION).
But the userspace may be fresh (for instance containers with fresh Fedora runs
on CentOS 7 host). Consider two scenarious:

- kernel has no ptrace(PTRACE_GET_RSEQ_CONFIGURATION) support

1. there is a process which use rseq => fail dump
2. there is no process which use rseq => we can dump without any problems

But how to determine if process use rseq or not without get_rseq_conf feature?
Let's just try to do rseq registration from the parasite. If rseq is already
registered then we'll got EBUSY error. If not we'll success in registration.

rseq: initial support

Support basic rseq C/R scenario. Assume that:
- there are no processes with IP inside the rseq critical section (CS)
- kernel has ptrace(PTRACE_GET_RSEQ_CONFIGURATION) support

On dump:
1. use ptrace(PTRACE_GET_RSEQ_CONFIGURATION) to get
struct rseq pointer, rseq size and signature from the kernel.
2. save to the image

On restore:
1. get rseq ptr, size, signature from the image
2. register it back using rseq() from the restorer parasite

Have done:

• basic case support (just dump/restore task_struct rseq-related fields)
• basic zdtm static test for amd64
• support kernels where rseq() syscall is present but ptrace(PTRACE_GET_RSEQ_CONFIGURATION) is not.
• fix cross-compile issues
• prepare CI for fedora rawhide env + kernel >= 5.13
• fix an issue when CRIU was compiled against new glibc (with rseq support)
• fix COMPAT segfault
• support "transitional" states
• support for RSEQ_CS_* flags
• write transition test

Fixes #1696

https://criu.org/Rseq

[adrianreber]

You can run tests in CI with a kernel >= 5.13 if you use our KVM based setup which we use for vdso=0 testing. If you start a rawhide container on the Fedora Vagrant VM you should be able to get latest glibc with a new enough kernel.

[codecov-commenter]

Codecov Report

Merging #1706 (a381fb0) into criu-dev (7d7d25f) will decrease coverage by 0.05%.
The diff coverage is 65.85%.

❗ Current head a381fb0 differs from pull request most recent head da6a243. Consider uploading reports for the commit da6a243 to get more accurate results

@@             Coverage Diff              @@
##           criu-dev    #1706      +/-   ##
============================================
- Coverage     69.35%   69.30%   -0.06%     
============================================
  Files           128      128              
  Lines         32087    32213     +126     
============================================
+ Hits          22255    22326      +71     
- Misses         9832     9887      +55     

Impacted Files	Coverage Δ
criu/arch/x86/include/asm/types.h	100.00% <ø> (ø)
criu/include/parasite.h	100.00% <ø> (ø)
criu/include/pstree.h	100.00% <ø> (ø)
criu/include/rst_info.h	100.00% <ø> (ø)
criu/include/util.h	100.00% <ø> (ø)
criu/util.c	60.32% <40.54%> (-0.78%)	⬇️
criu/cr-check.c	62.94% <60.00%> (+1.00%)	⬆️
criu/cr-restore.c	67.06% <65.78%> (-0.23%)	⬇️
criu/cr-dump.c	75.30% <72.13%> (-0.21%)	⬇️
criu/pstree.c	85.26% <86.66%> (+0.03%)	⬆️
... and 4 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 7d7d25f...da6a243. Read the comment docs.

[mihalicyn]

Hehe, great. We have CentOS 8 working. That's good news because it's the corner case when we have rseq() syscall but lacks ptrace(PTRACE_GET_RSEQ_CONFIGURATION).
Fedora novdso (with fresh kernel) passes too! Fine.

[mihalicyn]

You can run tests in CI with a kernel >= 5.13 if you use our KVM based setup which we use for vdso=0 testing. If you start a rawhide container on the Fedora Vagrant VM you should be able to get latest glibc with a new enough kernel.

Yes, thanks for pointing it out. I've taken a look at scripts/ci/vagrant.sh it looks like for our needs can just adjust FEDORA_VERSION / FEDORA_BOX_VERSION variables. But unfortunately, on https://app.vagrantup.com/fedora repository there is no image for fedora-rawhide. :(

[adrianreber]

You can run tests in CI with a kernel >= 5.13 if you use our KVM based setup which we use for vdso=0 testing. If you start a rawhide container on the Fedora Vagrant VM you should be able to get latest glibc with a new enough kernel.

Yes, thanks for pointing it out. I've taken a look at scripts/ci/vagrant.sh it looks like for our needs can just adjust FEDORA_VERSION / FEDORA_BOX_VERSION variables. But unfortunately, on https://app.vagrantup.com/fedora repository there is no image for fedora-rawhide. :(

Just run a rawhide container via Podman on the vagrant VM. You can basically re-use our rawhide on GitHub Actions setup in the VM and you should have everything you need.

[mihalicyn]

You can run tests in CI with a kernel >= 5.13 if you use our KVM based setup which we use for vdso=0 testing. If you start a rawhide container on the Fedora Vagrant VM you should be able to get latest glibc with a new enough kernel.

Yes, thanks for pointing it out. I've taken a look at scripts/ci/vagrant.sh it looks like for our needs can just adjust FEDORA_VERSION / FEDORA_BOX_VERSION variables. But unfortunately, on https://app.vagrantup.com/fedora repository there is no image for fedora-rawhide. :(

Just run a rawhide container via Podman on the vagrant VM. You can basically re-use our rawhide on GitHub Actions setup in the VM and you should have everything you need.

thanks, Adrian ;) Will try!

[mihalicyn]

I have a fix in #1738

great! Let's reopen that PR?

[figiel]

@mihalicyn OK, I'll try to review this tomorrow.

[mihalicyn]

Dear friends,
zdtm/transition/rseq01 on Alpine Linux was fixed. Thanks to Mathieu @compudj for looking into this.
I've shot myself in the foot by corrupting the stack by an unpaired fldl instruction. That's really strange that we've got crashes only on musl-libc.

Andrei suggests using the simpler and better approach to make the rseq cs section execution time larger by using the pause instruction. I will do that in the later version but let's keep the current version with FPU instructions in memory of the hours spent in searching for mistake. :D

[mihalicyn]

JFYI: I'm working on the article https://criu.org/Rseq