github.com/ttpreport/gvisor-ligolo@v0.0.0-20240123134145-a858404967ba/pkg/sentry/state/state.go (about) 1 // Copyright 2018 The gVisor Authors. 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 // Package state provides high-level state wrappers. 16 package state 17 18 import ( 19 "fmt" 20 "io" 21 22 "github.com/ttpreport/gvisor-ligolo/pkg/context" 23 "github.com/ttpreport/gvisor-ligolo/pkg/errors/linuxerr" 24 "github.com/ttpreport/gvisor-ligolo/pkg/log" 25 "github.com/ttpreport/gvisor-ligolo/pkg/sentry/inet" 26 "github.com/ttpreport/gvisor-ligolo/pkg/sentry/kernel" 27 "github.com/ttpreport/gvisor-ligolo/pkg/sentry/time" 28 "github.com/ttpreport/gvisor-ligolo/pkg/sentry/vfs" 29 "github.com/ttpreport/gvisor-ligolo/pkg/sentry/watchdog" 30 "github.com/ttpreport/gvisor-ligolo/pkg/state/statefile" 31 ) 32 33 var previousMetadata map[string]string 34 35 // ErrStateFile is returned when an error is encountered writing the statefile 36 // (which may occur during open or close calls in addition to write). 37 type ErrStateFile struct { 38 err error 39 } 40 41 // Error implements error.Error(). 42 func (e ErrStateFile) Error() string { 43 return fmt.Sprintf("statefile error: %v", e.err) 44 } 45 46 // SaveOpts contains save-related options. 47 type SaveOpts struct { 48 // Destination is the save target. 49 Destination io.Writer 50 51 // Key is used for state integrity check. 52 Key []byte 53 54 // Metadata is save metadata. 55 Metadata map[string]string 56 57 // Callback is called prior to unpause, with any save error. 58 Callback func(err error) 59 } 60 61 // Save saves the system state. 62 func (opts SaveOpts) Save(ctx context.Context, k *kernel.Kernel, w *watchdog.Watchdog) error { 63 log.Infof("Sandbox save started, pausing all tasks.") 64 k.Pause() 65 k.ReceiveTaskStates() 66 defer func() { 67 k.Unpause() 68 log.Infof("Tasks resumed after save.") 69 }() 70 71 w.Stop() 72 defer w.Start() 73 74 // Supplement the metadata. 75 if opts.Metadata == nil { 76 opts.Metadata = make(map[string]string) 77 } 78 addSaveMetadata(opts.Metadata) 79 80 // Open the statefile. 81 wc, err := statefile.NewWriter(opts.Destination, opts.Key, opts.Metadata) 82 if err != nil { 83 err = ErrStateFile{err} 84 } else { 85 // Save the kernel. 86 err = k.SaveTo(ctx, wc) 87 88 // ENOSPC is a state file error. This error can only come from 89 // writing the state file, and not from fs.FileOperations.Fsync 90 // because we wrap those in kernel.TaskSet.flushWritesToFiles. 91 if linuxerr.Equals(linuxerr.ENOSPC, err) { 92 err = ErrStateFile{err} 93 } 94 95 if closeErr := wc.Close(); err == nil && closeErr != nil { 96 err = ErrStateFile{closeErr} 97 } 98 } 99 opts.Callback(err) 100 return err 101 } 102 103 // LoadOpts contains load-related options. 104 type LoadOpts struct { 105 // Destination is the load source. 106 Source io.Reader 107 108 // Key is used for state integrity check. 109 Key []byte 110 } 111 112 // Load loads the given kernel, setting the provided platform and stack. 113 func (opts LoadOpts) Load(ctx context.Context, k *kernel.Kernel, timeReady chan struct{}, n inet.Stack, clocks time.Clocks, vfsOpts *vfs.CompleteRestoreOptions) error { 114 // Open the file. 115 r, m, err := statefile.NewReader(opts.Source, opts.Key) 116 if err != nil { 117 return ErrStateFile{err} 118 } 119 120 previousMetadata = m 121 122 // Restore the Kernel object graph. 123 return k.LoadFrom(ctx, r, timeReady, n, clocks, vfsOpts) 124 }