>From 3b5b5488e4c25a1fff223c9b98883f17af4a40e2 Mon Sep 17 00:00:00 2001
From: Serge Hallyn <serue@us.ibm.com>
Date: Wed, 16 Jul 2008 14:33:31 -0400
Subject: [PATCH 1/1] sys_checkpoint: first attempt at exploiting

First attempt at using the sys_checkpoint and binfmt_cr.c
functionality.

Signed-off-by: Serge Hallyn <serue@us.ibm.com>
---
 cr.c  |   13 +++++++++++--
 sci.h |    5 +++++
 2 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/cr.c b/cr.c
index ffb7b0b..82ba813 100644
--- a/cr.c
+++ b/cr.c
@@ -932,6 +932,11 @@ static int save_process_data(pid_t pid, int fd, lh_list_t *ptree)
 		write_item(fd, "sigpend", &sigpend, sizeof(sigpend));
 	}
 
+	/* Write the ckpt image */
+	snprintf(fname, sizeof(fname), "%u.kckpt", syscallpid);
+	PT_CKPT(syscallpid, fname);
+	write_item(fd, "ckpt_file", fname, strlen(fname));
+
 	/* file descriptors */
 	write_item(fd, "FD", NULL, 0);
 	t_d(pi->nf);
@@ -1094,6 +1099,7 @@ pid_t restart_first_proc(int fd, char *exe, char *sargv, int la, char *senv,
 		WARN("set_proc_file(%d) errno=%d: %s\n", next_pid,
 			errno, strerror(errno));
 
+	DEBUG("executing the file %s with args %s\n", exe, sargv);
 	if ((pid = fork()) == 0) {
 		if (ptrace_traceme() == -1) exit(1);
 		close(fd);
@@ -1877,6 +1883,7 @@ static int process_restart(int fd, int mode)
 	void *buf = NULL;
 	int ret, la = 0, le = 0;
 	size_t bufsz;
+	char *ckpt_file = NULL;
 	lh_list_t *ptree = NULL, *pt;
 	lh_hash_t hpid;
 	pid_t *pid = NULL, *ppid = NULL, npid = 0;
@@ -1912,6 +1919,7 @@ static int process_restart(int fd, int mode)
 			Free(sigact);
 			Free(sigmask);
 			Free(sigpend);
+			Free(ckpt_file);
 		}
 
 		/* fillup process fields */
@@ -1919,6 +1927,7 @@ static int process_restart(int fd, int mode)
 		else ITEM_SET(ppid, pid_t);
 		else ITEM_SET(exitsig, int);
 		else ITEM_SET(exe, char);
+		else ITEM_SET(ckpt_file, char);
 		else ITEM_SET(cwd, char);
 		else ITEM_SET(regs, struct user_regs_struct);
 		else ITEM_SET(fpregs, struct user_fpregs_struct);
@@ -1931,13 +1940,13 @@ static int process_restart(int fd, int mode)
 		else if (ITEM_IS("FD")) {
 			/* all previous necessary fields ok, ready to fork */
 			if (! ptree) {
-				t_d(npid = restart_first_proc(fd, exe, sargv, la, senv, le, *pid));
+				t_d(npid = restart_first_proc(fd, ckpt_file ? ckpt_file : exe, sargv, la, senv, le, *pid));
 			} else {
 				lh_list_t *p = lh_hash_lookup(&hpid, (unsigned int)*ppid);
 				pid_t nppid = p ? (pid_t) p->data : 0;
 				
 				if (*exitsig == SIGCHLD)
-					t_d(npid = restart_proc(fd, nppid, exe, sargv, la, senv, le, *pid));
+					t_d(npid = restart_proc(fd, nppid, ckpt_file ? ckpt_file : exe, sargv, la, senv, le, *pid));
 				else
 					t_d(npid = restart_thread(nppid, *exitsig, regs->esp));
 			}
diff --git a/sci.h b/sci.h
index 0b32ae4..8717350 100644
--- a/sci.h
+++ b/sci.h
@@ -132,6 +132,11 @@ int call_func(pid_t pid, int scratch, int flag, int funcaddr, int argc, ...);
 			-3, 0, buf,		\
 			0, 0, n)
 
+#define SYS_ckpt 327
+#define PT_CKPT(p, path) \
+	ptrace_syscall(p, 0, 0, SYS_ckpt, 1,	\
+			STRLEN_PTR, 0, path)
+
 #define PT_LSEEK(p, fd, off, w) \
 	ptrace_syscall(p, 0, 0, SYS_lseek, 3,	\
 			0, 0, fd,		\
-- 
1.5.5.1