runsc: Move checkpoint options to sandbox.CheckpointOpts.

This change gets rid of `statefile.Options`, which was housing a lot of
non-statefile related options. Compression is the only statefile related option
today.

This way we can have all checkpoint-related options in one place.

PiperOrigin-RevId: 785682760

Author: ayushr2

pkg/state/statefile/statefile.go

@@ -107,33 +107,9 @@ func (c CompressionLevel) String() string {
 	return string(c)
 }
 
-// Options is statefile options.
-type Options struct {
-	// Compression is an image compression type/level.
-	Compression CompressionLevel
-
-	// Resume indicates if the sandbox process should continue running
-	// after checkpointing.
-	Resume bool
-
-	// SaveRestoreExecArgv is the argv of the save/restore binary split by spaces.
-	// The first element is the path to the binary.
-	SaveRestoreExecArgv string
-
-	// SaveRestoreExecTimeout is the timeout for waiting for the save/restore
-	// binary.
-	SaveRestoreExecTimeout time.Duration
-
-	// SaveRestoreExecContainerID is the ID of the container that the
-	// save/restore binary executes in.
-	SaveRestoreExecContainerID string
-}
-
-// WriteToMetadata save options to the metadata storage.  Method returns the
-// reference to the original metadata map to allow to be used in the chain calls.
-func (o Options) WriteToMetadata(metadata map[string]string) map[string]string {
-	metadata[CompressionKey] = string(o.Compression)
-	return metadata
+// ToMetadata returns the compression level as a metadata map.
+func (c CompressionLevel) ToMetadata() map[string]string {
+	return map[string]string{CompressionKey: string(c)}
 }
 
 // CompressionLevelFromString parses a string into the CompressionLevel.

pkg/state/statefile/statefile_test.go

@@ -212,7 +212,7 @@ func benchmark(b *testing.B, size int, write bool, compressible bool) {
 	var stateBuf bytes.Buffer
 	writeState := func() {
 		stateBuf.Reset()
-		w, err := NewWriter(&stateBuf, key, Options{Compression: CompressionLevelFlateBestSpeed}.WriteToMetadata(map[string]string{}))
+		w, err := NewWriter(&stateBuf, key, CompressionLevelFlateBestSpeed.ToMetadata())
 		if err != nil {
 			b.Fatalf("error creating writer: %v", err)
 		}

runsc/cmd/BUILD

@@ -116,6 +116,7 @@ go_library(
         "//runsc/metricserver/containermetrics",
         "//runsc/mitigate",
         "//runsc/profile",
+        "//runsc/sandbox",
         "//runsc/specutils",
         "//runsc/starttime",
         "@com_github_google_subcommands//:go_default_library",

runsc/cmd/checkpoint.go

@@ -22,12 +22,12 @@ import (
 
 	"github.com/google/subcommands"
 	"gvisor.dev/gvisor/pkg/sentry/control"
-	"gvisor.dev/gvisor/pkg/sentry/pgalloc"
 	"gvisor.dev/gvisor/pkg/state/statefile"
 	"gvisor.dev/gvisor/runsc/cmd/util"
 	"gvisor.dev/gvisor/runsc/config"
 	"gvisor.dev/gvisor/runsc/container"
 	"gvisor.dev/gvisor/runsc/flag"
+	"gvisor.dev/gvisor/runsc/sandbox"
 )
 
 // Checkpoint implements subcommands.Command for the "checkpoint" command.
@@ -100,22 +100,17 @@ func (c *Checkpoint) Execute(_ context.Context, f *flag.FlagSet, args ...any) su
 		util.Fatalf("making directories at path provided: %v", err)
 	}
 
-	sOpts := statefile.Options{
+	opts := sandbox.CheckpointOpts{
 		Compression:                c.compression.Level(),
+		Resume:                     c.leaveRunning,
+		Direct:                     c.direct,
+		ExcludeCommittedZeroPages:  c.excludeCommittedZeroPages,
 		SaveRestoreExecArgv:        c.saveRestoreExecArgv,
 		SaveRestoreExecTimeout:     c.saveRestoreExecTimeout,
 		SaveRestoreExecContainerID: id,
 	}
-	mfOpts := pgalloc.SaveOpts{
-		ExcludeCommittedZeroPages: c.excludeCommittedZeroPages,
-	}
-
-	if c.leaveRunning {
-		// Do not destroy the sandbox after saving.
-		sOpts.Resume = true
-	}
 
-	if err := cont.Checkpoint(c.imagePath, c.direct, sOpts, mfOpts); err != nil {
+	if err := cont.Checkpoint(c.imagePath, opts); err != nil {
 		util.Fatalf("checkpoint failed: %v", err)
 	}
 

runsc/container/BUILD

@@ -27,7 +27,6 @@ go_library(
         "//pkg/sentry/fsimpl/tmpfs",
         "//pkg/sentry/pgalloc",
         "//pkg/sighandling",
-        "//pkg/state/statefile",
         "//pkg/sync",
         "//pkg/unet",
         "//pkg/urpc",
@@ -84,7 +83,6 @@ go_test(
         "//pkg/sentry/kernel",
         "//pkg/sentry/kernel/auth",
         "//pkg/sentry/limits",
-        "//pkg/sentry/pgalloc",
         "//pkg/sentry/platform",
         "//pkg/sentry/seccheck",
         "//pkg/sentry/seccheck/points:points_go_proto",
@@ -97,6 +95,7 @@ go_test(
         "//runsc/cgroup",
         "//runsc/config",
         "//runsc/flag",
+        "//runsc/sandbox",
         "//runsc/specutils",
         "//test/metricclient",
         "@com_github_cenkalti_backoff//:go_default_library",

runsc/container/container.go

@@ -40,7 +40,6 @@ import (
 	"gvisor.dev/gvisor/pkg/sentry/fsimpl/tmpfs"
 	"gvisor.dev/gvisor/pkg/sentry/pgalloc"
 	"gvisor.dev/gvisor/pkg/sighandling"
-	"gvisor.dev/gvisor/pkg/state/statefile"
 	"gvisor.dev/gvisor/pkg/unet"
 	"gvisor.dev/gvisor/pkg/urpc"
 	"gvisor.dev/gvisor/runsc/boot"
@@ -702,12 +701,12 @@ func (c *Container) ForwardSignals(pid int32, fgProcess bool) func() {
 
 // Checkpoint sends the checkpoint call to the container.
 // The statefile will be written to f, the file at the specified image-path.
-func (c *Container) Checkpoint(imagePath string, direct bool, sfOpts statefile.Options, mfOpts pgalloc.SaveOpts) error {
+func (c *Container) Checkpoint(imagePath string, opts sandbox.CheckpointOpts) error {
 	log.Debugf("Checkpoint container, cid: %s", c.ID)
 	if err := c.requireStatus("checkpoint", Created, Running, Paused); err != nil {
 		return err
 	}
-	return c.Sandbox.Checkpoint(c.ID, imagePath, direct, sfOpts, mfOpts)
+	return c.Sandbox.Checkpoint(c.ID, imagePath, opts)
 }
 
 // Pause suspends the container and its kernel.

runsc/container/container_test.go

@@ -42,7 +42,6 @@ import (
 	"gvisor.dev/gvisor/pkg/sentry/fsimpl/erofs"
 	"gvisor.dev/gvisor/pkg/sentry/kernel"
 	"gvisor.dev/gvisor/pkg/sentry/kernel/auth"
-	"gvisor.dev/gvisor/pkg/sentry/pgalloc"
 	"gvisor.dev/gvisor/pkg/sentry/platform"
 	"gvisor.dev/gvisor/pkg/state/statefile"
 	"gvisor.dev/gvisor/pkg/sync"
@@ -51,6 +50,7 @@ import (
 	"gvisor.dev/gvisor/runsc/cgroup"
 	"gvisor.dev/gvisor/runsc/config"
 	"gvisor.dev/gvisor/runsc/flag"
+	"gvisor.dev/gvisor/runsc/sandbox"
 	"gvisor.dev/gvisor/runsc/specutils"
 )
 
@@ -1063,7 +1063,7 @@ func testCheckpointRestore(t *testing.T, conf *config.Config, compression statef
 	}
 
 	// Checkpoint running container; save state into new file.
-	if err := cont.Checkpoint(dir, false /* direct */, statefile.Options{Compression: compression}, pgalloc.SaveOpts{}); err != nil {
+	if err := cont.Checkpoint(dir, sandbox.CheckpointOpts{Compression: compression}); err != nil {
 		t.Fatalf("error checkpointing container to empty file: %v", err)
 	}
 
@@ -1267,7 +1267,7 @@ func TestCheckpointRestoreExecKilled(t *testing.T) {
 	}
 
 	// Checkpoint running container.
-	if err := cont.Checkpoint(dir, false /* direct */, statefile.Options{Compression: statefile.CompressionLevelFlateBestSpeed}, pgalloc.SaveOpts{}); err != nil {
+	if err := cont.Checkpoint(dir, sandbox.CheckpointOpts{Compression: statefile.CompressionLevelFlateBestSpeed}); err != nil {
 		t.Fatalf("error checkpointing container: %v", err)
 	}
 	cont.Destroy()
@@ -1346,7 +1346,7 @@ func TestCheckpointRestoreCreateMountPoint(t *testing.T) {
 	}
 
 	// Checkpoint running container; save state into new file.
-	if err := cont.Checkpoint(dir, false, statefile.Options{Compression: statefile.CompressionLevelDefault}, pgalloc.SaveOpts{}); err != nil {
+	if err := cont.Checkpoint(dir, sandbox.CheckpointOpts{Compression: statefile.CompressionLevelDefault}); err != nil {
 		t.Fatalf("error checkpointing container to file: %v", err)
 	}
 
@@ -1445,7 +1445,7 @@ func TestUnixDomainSockets(t *testing.T) {
 			}
 
 			// Checkpoint running container; save state into new file.
-			if err := cont.Checkpoint(dir, false /* direct */, statefile.Options{Compression: statefile.CompressionLevelDefault}, pgalloc.SaveOpts{}); err != nil {
+			if err := cont.Checkpoint(dir, sandbox.CheckpointOpts{Compression: statefile.CompressionLevelDefault}); err != nil {
 				t.Fatalf("error checkpointing container to empty file: %v", err)
 			}
 
@@ -2829,7 +2829,7 @@ func TestUsageFD(t *testing.T) {
 	}
 
 	// Checkpoint running container.
-	if err := cont.Checkpoint(dir, false /* direct */, statefile.Options{Compression: statefile.CompressionLevelDefault}, pgalloc.SaveOpts{}); err != nil {
+	if err := cont.Checkpoint(dir, sandbox.CheckpointOpts{Compression: statefile.CompressionLevelDefault}); err != nil {
 		t.Fatalf("error checkpointing container: %v", err)
 	}
 	cont.Destroy()
@@ -3954,7 +3954,7 @@ func TestSpecValidation(t *testing.T) {
 				t.Fatalf("error chmoding file: %q, %v", dir, err)
 			}
 			// Checkpoint running container; save state into new file.
-			if err := cont.Checkpoint(dir, false /* direct */, statefile.Options{Compression: statefile.CompressionLevelFlateBestSpeed}, pgalloc.SaveOpts{}); err != nil {
+			if err := cont.Checkpoint(dir, sandbox.CheckpointOpts{Compression: statefile.CompressionLevelFlateBestSpeed}); err != nil {
 				t.Fatalf("error checkpointing container to empty file: %v", err)
 			}
 
@@ -4148,11 +4148,8 @@ func TestCheckpointResume(t *testing.T) {
 				t.Fatalf("Failed to wait for output file: %v", err)
 			}
 
-			sfOpts := statefile.Options{
-				Resume: true,
-			}
 			// Checkpoint running container; save state into new file.
-			if err := cont.Checkpoint(dir, false /* direct */, sfOpts, pgalloc.SaveOpts{}); err != nil {
+			if err := cont.Checkpoint(dir, sandbox.CheckpointOpts{Resume: true}); err != nil {
 				t.Fatalf("error checkpointing container to empty file: %v", err)
 			}
 

runsc/container/multi_container_test.go

@@ -32,12 +32,12 @@ import (
 	"gvisor.dev/gvisor/pkg/cleanup"
 	"gvisor.dev/gvisor/pkg/sentry/control"
 	"gvisor.dev/gvisor/pkg/sentry/kernel"
-	"gvisor.dev/gvisor/pkg/sentry/pgalloc"
 	"gvisor.dev/gvisor/pkg/state/statefile"
 	"gvisor.dev/gvisor/pkg/sync"
 	"gvisor.dev/gvisor/pkg/test/testutil"
 	"gvisor.dev/gvisor/runsc/boot"
 	"gvisor.dev/gvisor/runsc/config"
+	"gvisor.dev/gvisor/runsc/sandbox"
 	"gvisor.dev/gvisor/runsc/specutils"
 )
 
@@ -2782,7 +2782,7 @@ func testMultiContainerCheckpointRestore(t *testing.T, conf *config.Config, comp
 	}()
 
 	// Checkpoint root container; save state into new file.
-	if err := conts[0].Checkpoint(dir, false /* direct */, statefile.Options{Compression: compression}, pgalloc.SaveOpts{}); err != nil {
+	if err := conts[0].Checkpoint(dir, sandbox.CheckpointOpts{Compression: compression}); err != nil {
 		t.Fatalf("error checkpointing container to empty file: %v", err)
 	}
 

runsc/sandbox/sandbox.go

@@ -43,7 +43,6 @@ import (
 	"gvisor.dev/gvisor/pkg/coverage"
 	"gvisor.dev/gvisor/pkg/fd"
 	"gvisor.dev/gvisor/pkg/log"
-	metricpb "gvisor.dev/gvisor/pkg/metric/metric_go_proto"
 	"gvisor.dev/gvisor/pkg/prometheus"
 	"gvisor.dev/gvisor/pkg/sentry/control"
 	"gvisor.dev/gvisor/pkg/sentry/devices/nvproxy"
@@ -65,6 +64,8 @@ import (
 	"gvisor.dev/gvisor/runsc/profile"
 	"gvisor.dev/gvisor/runsc/specutils"
 	"gvisor.dev/gvisor/runsc/starttime"
+
+	metricpb "gvisor.dev/gvisor/pkg/metric/metric_go_proto"
 )
 
 const (
@@ -1448,12 +1449,25 @@ func (s *Sandbox) SignalProcess(cid string, pid int32, sig unix.Signal, fgProces
 	return nil
 }
 
+// CheckpointOpts contains the options for checkpointing a sandbox.
+type CheckpointOpts struct {
+	Compression               statefile.CompressionLevel
+	Resume                    bool
+	Direct                    bool
+	ExcludeCommittedZeroPages bool
+
+	// Save/restore exec options.
+	SaveRestoreExecArgv        string
+	SaveRestoreExecTimeout     time.Duration
+	SaveRestoreExecContainerID string
+}
+
 // Checkpoint sends the checkpoint call for a container in the sandbox.
 // The statefile will be written to f.
-func (s *Sandbox) Checkpoint(cid string, imagePath string, direct bool, sfOpts statefile.Options, mfOpts pgalloc.SaveOpts) error {
-	log.Debugf("Checkpoint sandbox %q, statefile options %+v, MemoryFile options %+v", s.ID, sfOpts, mfOpts)
+func (s *Sandbox) Checkpoint(cid string, imagePath string, opts CheckpointOpts) error {
+	log.Debugf("Checkpoint sandbox %q, imagePath %q, opts %+v", s.ID, imagePath, opts)
 
-	files, err := createSaveFiles(imagePath, direct, sfOpts.Compression)
+	files, err := createSaveFiles(imagePath, opts.Direct, opts.Compression)
 	if err != nil {
 		return err
 	}
@@ -1464,16 +1478,16 @@ func (s *Sandbox) Checkpoint(cid string, imagePath string, direct bool, sfOpts s
 	}()
 
 	opt := control.SaveOpts{
-		Metadata:           sfOpts.WriteToMetadata(map[string]string{}),
-		MemoryFileSaveOpts: mfOpts,
+		Metadata:           opts.Compression.ToMetadata(),
+		MemoryFileSaveOpts: pgalloc.SaveOpts{ExcludeCommittedZeroPages: opts.ExcludeCommittedZeroPages},
 		FilePayload: urpc.FilePayload{
 			Files: files,
 		},
 		HavePagesFile:              len(files) > 1,
-		Resume:                     sfOpts.Resume,
-		SaveRestoreExecArgv:        sfOpts.SaveRestoreExecArgv,
-		SaveRestoreExecTimeout:     sfOpts.SaveRestoreExecTimeout,
-		SaveRestoreExecContainerID: sfOpts.SaveRestoreExecContainerID,
+		Resume:                     opts.Resume,
+		SaveRestoreExecArgv:        opts.SaveRestoreExecArgv,
+		SaveRestoreExecTimeout:     opts.SaveRestoreExecTimeout,
+		SaveRestoreExecContainerID: opts.SaveRestoreExecContainerID,
 	}
 
 	if err := s.call(boot.ContMgrCheckpoint, &opt, nil); err != nil {