++static inline int __vx_cres_avail(struct vx_info *vxi,
++ int res, int num, char *_file, int _line)
++{
++ struct _vx_limit *limit;
++ rlim_t value;
++
++ if (VXD_RLIMIT_COND(res))
++ vxlprintk(1, "vx_cres_avail[%5d,%s,%2d]: %5ld/%5ld > %5ld + %5d",
++ (vxi ? vxi->vx_id : -1), vlimit_name[res], res,
++ (vxi ? (long)__rlim_soft(&vxi->limit, res) : -1),
++ (vxi ? (long)__rlim_hard(&vxi->limit, res) : -1),
++ (vxi ? (long)__rlim_get(&vxi->limit, res) : 0),
++ num, _file, _line);
++ if (!vxi)
++ return 1;
++
++ limit = &vxi->limit;
++ value = __rlim_get(limit, res);
++
++ if (!__vx_cres_adjust_max(limit, res, value))
++ __vx_cres_adjust_min(limit, res, value);
++
++ if (num == 0)
++ return 1;
++
++ if (__rlim_soft(limit, res) == RLIM_INFINITY)
++ return -1;
++ if (value + num <= __rlim_soft(limit, res))
++ return -1;
++
++ if (__rlim_hard(limit, res) == RLIM_INFINITY)
++ return 1;
++ if (value + num <= __rlim_hard(limit, res))
++ return 1;
++
++ __rlim_hit(limit, res);
++ return 0;
++}
++
++
++static const int VLA_RSS[] = { RLIMIT_RSS, VLIMIT_ANON, VLIMIT_MAPPED, 0 };
++
++static inline
++rlim_t __vx_cres_array_sum(struct _vx_limit *limit, const int *array)
++{
++ rlim_t value, sum = 0;
++ int res;
++
++ while ((res = *array++)) {
++ value = __rlim_get(limit, res);
++ __vx_cres_fixup(limit, res, value);
++ sum += value;
++ }
++ return sum;
++}
++
++static inline
++rlim_t __vx_cres_array_fixup(struct _vx_limit *limit, const int *array)
++{
++ rlim_t value = __vx_cres_array_sum(limit, array + 1);
++ int res = *array;
++
++ if (value == __rlim_get(limit, res))
++ return value;
++
++ __rlim_set(limit, res, value);
++ /* now adjust min/max */
++ if (!__vx_cres_adjust_max(limit, res, value))
++ __vx_cres_adjust_min(limit, res, value);
++
++ return value;
++}
++
++static inline int __vx_cres_array_avail(struct vx_info *vxi,
++ const int *array, int num, char *_file, int _line)
++{
++ struct _vx_limit *limit;
++ rlim_t value = 0;
++ int res;
++
++ if (num == 0)
++ return 1;
++ if (!vxi)
++ return 1;
++
++ limit = &vxi->limit;
++ res = *array;
++ value = __vx_cres_array_sum(limit, array + 1);
++
++ __rlim_set(limit, res, value);
++ __vx_cres_fixup(limit, res, value);
++
++ return __vx_cres_avail(vxi, res, num, _file, _line);
++}
++
++
++static inline void vx_limit_fixup(struct _vx_limit *limit, int id)
++{
++ rlim_t value;
++ int res;
++
++ /* complex resources first */
++ if ((id < 0) || (id == RLIMIT_RSS))
++ __vx_cres_array_fixup(limit, VLA_RSS);
++
++ for (res = 0; res < NUM_LIMITS; res++) {
++ if ((id > 0) && (res != id))
++ continue;
++
++ value = __rlim_get(limit, res);
++ __vx_cres_fixup(limit, res, value);
++
++ /* not supposed to happen, maybe warn? */
++ if (__rlim_rmax(limit, res) > __rlim_hard(limit, res))
++ __rlim_rmax(limit, res) = __rlim_hard(limit, res);
++ }
++}
++
++
++#endif /* _VSERVER_LIMIT_INT_H */
+diff -urNp -x '*.orig' linux-4.9/include/linux/vserver/monitor.h linux-4.9/include/linux/vserver/monitor.h
+--- linux-4.9/include/linux/vserver/monitor.h 1970-01-01 01:00:00.000000000 +0100
++++ linux-4.9/include/linux/vserver/monitor.h 2021-02-24 15:47:45.097743096 +0100
+@@ -0,0 +1,6 @@
++#ifndef _VSERVER_MONITOR_H
++#define _VSERVER_MONITOR_H
++
++#include <uapi/vserver/monitor.h>
++
++#endif /* _VSERVER_MONITOR_H */
+diff -urNp -x '*.orig' linux-4.9/include/linux/vserver/network.h linux-4.9/include/linux/vserver/network.h
+--- linux-4.9/include/linux/vserver/network.h 1970-01-01 01:00:00.000000000 +0100
++++ linux-4.9/include/linux/vserver/network.h 2021-02-24 15:47:45.097743096 +0100
+@@ -0,0 +1,76 @@
++#ifndef _VSERVER_NETWORK_H
++#define _VSERVER_NETWORK_H
++
++
++#include <linux/list.h>
++#include <linux/spinlock.h>
++#include <linux/rcupdate.h>
++#include <linux/in.h>
++#include <linux/in6.h>
++#include <asm/atomic.h>
++#include <uapi/vserver/network.h>
++
++struct nx_addr_v4 {
++ struct nx_addr_v4 *next;
++ struct in_addr ip[2];
++ struct in_addr mask;
++ uint16_t type;
++ uint16_t flags;
++};
++
++struct nx_addr_v6 {
++ struct nx_addr_v6 *next;
++ struct in6_addr ip;
++ struct in6_addr mask;
++ uint32_t prefix;
++ uint16_t type;
++ uint16_t flags;
++};
++
++struct nx_info {
++ struct hlist_node nx_hlist; /* linked list of nxinfos */
++ vnid_t nx_id; /* vnet id */
++ atomic_t nx_usecnt; /* usage count */
++ atomic_t nx_tasks; /* tasks count */
++ int nx_state; /* context state */
++
++ uint64_t nx_flags; /* network flag word */
++ uint64_t nx_ncaps; /* network capabilities */
++
++ spinlock_t addr_lock; /* protect address changes */
++ struct in_addr v4_lback; /* Loopback address */
++ struct in_addr v4_bcast; /* Broadcast address */
++ struct nx_addr_v4 v4; /* First/Single ipv4 address */
++#ifdef CONFIG_IPV6
++ struct nx_addr_v6 v6; /* First/Single ipv6 address */
++#endif
++ char nx_name[65]; /* network context name */
++};
++
++
++/* status flags */
++
++#define NXS_HASHED 0x0001
++#define NXS_SHUTDOWN 0x0100
++#define NXS_RELEASED 0x8000
++
++extern struct nx_info *lookup_nx_info(int);
++
++extern int get_nid_list(int, unsigned int *, int);
++extern int nid_is_hashed(vnid_t);
++
++extern int nx_migrate_task(struct task_struct *, struct nx_info *);
++
++extern long vs_net_change(struct nx_info *, unsigned int);
++
++struct sock;
++
++
++#define NX_IPV4(n) ((n)->v4.type != NXA_TYPE_NONE)
++#ifdef CONFIG_IPV6
++#define NX_IPV6(n) ((n)->v6.type != NXA_TYPE_NONE)
++#else
++#define NX_IPV6(n) (0)
++#endif
++
++#endif /* _VSERVER_NETWORK_H */
+diff -urNp -x '*.orig' linux-4.9/include/linux/vserver/network_cmd.h linux-4.9/include/linux/vserver/network_cmd.h
+--- linux-4.9/include/linux/vserver/network_cmd.h 1970-01-01 01:00:00.000000000 +0100
++++ linux-4.9/include/linux/vserver/network_cmd.h 2021-02-24 15:47:45.097743096 +0100
+@@ -0,0 +1,37 @@
++#ifndef _VSERVER_NETWORK_CMD_H
++#define _VSERVER_NETWORK_CMD_H
++
++#include <uapi/vserver/network_cmd.h>
++
++extern int vc_task_nid(uint32_t);
++
++extern int vc_nx_info(struct nx_info *, void __user *);
++
++extern int vc_net_create(uint32_t, void __user *);
++extern int vc_net_migrate(struct nx_info *, void __user *);
++
++extern int vc_net_add(struct nx_info *, void __user *);
++extern int vc_net_remove(struct nx_info *, void __user *);
++
++extern int vc_net_add_ipv4_v1(struct nx_info *, void __user *);
++extern int vc_net_add_ipv4(struct nx_info *, void __user *);
++
++extern int vc_net_rem_ipv4_v1(struct nx_info *, void __user *);
++extern int vc_net_rem_ipv4(struct nx_info *, void __user *);
++
++extern int vc_net_add_ipv6(struct nx_info *, void __user *);
++extern int vc_net_remove_ipv6(struct nx_info *, void __user *);
++
++extern int vc_add_match_ipv4(struct nx_info *, void __user *);
++extern int vc_get_match_ipv4(struct nx_info *, void __user *);
++
++extern int vc_add_match_ipv6(struct nx_info *, void __user *);
++extern int vc_get_match_ipv6(struct nx_info *, void __user *);
++
++extern int vc_get_nflags(struct nx_info *, void __user *);
++extern int vc_set_nflags(struct nx_info *, void __user *);
++
++extern int vc_get_ncaps(struct nx_info *, void __user *);
++extern int vc_set_ncaps(struct nx_info *, void __user *);
++
++#endif /* _VSERVER_CONTEXT_CMD_H */
+diff -urNp -x '*.orig' linux-4.9/include/linux/vserver/percpu.h linux-4.9/include/linux/vserver/percpu.h
+--- linux-4.9/include/linux/vserver/percpu.h 1970-01-01 01:00:00.000000000 +0100
++++ linux-4.9/include/linux/vserver/percpu.h 2021-02-24 15:47:45.097743096 +0100
+@@ -0,0 +1,14 @@
++#ifndef _VSERVER_PERCPU_H
++#define _VSERVER_PERCPU_H
++
++#include "cvirt_def.h"
++#include "sched_def.h"
++
++struct _vx_percpu {
++ struct _vx_cvirt_pc cvirt;
++ struct _vx_sched_pc sched;
++};
++
++#define PERCPU_PERCTX (sizeof(struct _vx_percpu))
++
++#endif /* _VSERVER_PERCPU_H */
+diff -urNp -x '*.orig' linux-4.9/include/linux/vserver/pid.h linux-4.9/include/linux/vserver/pid.h
+--- linux-4.9/include/linux/vserver/pid.h 1970-01-01 01:00:00.000000000 +0100
++++ linux-4.9/include/linux/vserver/pid.h 2021-02-24 15:47:45.097743096 +0100
+@@ -0,0 +1,51 @@
++#ifndef _VSERVER_PID_H
++#define _VSERVER_PID_H
++
++/* pid faking stuff */
++
++#define vx_info_map_pid(v, p) \
++ __vx_info_map_pid((v), (p), __func__, __FILE__, __LINE__)
++#define vx_info_map_tgid(v,p) vx_info_map_pid(v,p)
++#define vx_map_pid(p) vx_info_map_pid(current_vx_info(), p)
++#define vx_map_tgid(p) vx_map_pid(p)
++
++static inline int __vx_info_map_pid(struct vx_info *vxi, int pid,
++ const char *func, const char *file, int line)
++{
++ if (vx_info_flags(vxi, VXF_INFO_INIT, 0)) {
++ vxfprintk(VXD_CBIT(cvirt, 2),
++ "vx_map_tgid: %p/%llx: %d -> %d",
++ vxi, (long long)vxi->vx_flags, pid,
++ (pid && pid == vxi->vx_initpid) ? 1 : pid,
++ func, file, line);
++ if (pid == 0)
++ return 0;
++ if (pid == vxi->vx_initpid)
++ return 1;
++ }
++ return pid;
++}
++
++#define vx_info_rmap_pid(v, p) \
++ __vx_info_rmap_pid((v), (p), __func__, __FILE__, __LINE__)
++#define vx_rmap_pid(p) vx_info_rmap_pid(current_vx_info(), p)
++#define vx_rmap_tgid(p) vx_rmap_pid(p)
++
++static inline int __vx_info_rmap_pid(struct vx_info *vxi, int pid,
++ const char *func, const char *file, int line)
++{
++ if (vx_info_flags(vxi, VXF_INFO_INIT, 0)) {
++ vxfprintk(VXD_CBIT(cvirt, 2),
++ "vx_rmap_tgid: %p/%llx: %d -> %d",
++ vxi, (long long)vxi->vx_flags, pid,
++ (pid == 1) ? vxi->vx_initpid : pid,
++ func, file, line);
++ if ((pid == 1) && vxi->vx_initpid)
++ return vxi->vx_initpid;
++ if (pid == vxi->vx_initpid)
++ return ~0U;
++ }
++ return pid;
++}
++
++#endif
+diff -urNp -x '*.orig' linux-4.9/include/linux/vserver/sched.h linux-4.9/include/linux/vserver/sched.h
+--- linux-4.9/include/linux/vserver/sched.h 1970-01-01 01:00:00.000000000 +0100
++++ linux-4.9/include/linux/vserver/sched.h 2021-02-24 15:47:45.097743096 +0100
+@@ -0,0 +1,23 @@
++#ifndef _VSERVER_SCHED_H
++#define _VSERVER_SCHED_H
++
++
++#ifdef __KERNEL__
++
++struct timespec;
++
++void vx_vsi_uptime(struct timespec *, struct timespec *);
++
++
++struct vx_info;
++
++void vx_update_load(struct vx_info *);
++
++
++void vx_update_sched_param(struct _vx_sched *sched,
++ struct _vx_sched_pc *sched_pc);
++
++#endif /* __KERNEL__ */
++#else /* _VSERVER_SCHED_H */
++#warning duplicate inclusion
++#endif /* _VSERVER_SCHED_H */
+diff -urNp -x '*.orig' linux-4.9/include/linux/vserver/sched_cmd.h linux-4.9/include/linux/vserver/sched_cmd.h
+--- linux-4.9/include/linux/vserver/sched_cmd.h 1970-01-01 01:00:00.000000000 +0100
++++ linux-4.9/include/linux/vserver/sched_cmd.h 2021-02-24 15:47:45.097743096 +0100
+@@ -0,0 +1,11 @@
++#ifndef _VSERVER_SCHED_CMD_H
++#define _VSERVER_SCHED_CMD_H
++
++
++#include <linux/compiler.h>
++#include <uapi/vserver/sched_cmd.h>
++
++extern int vc_set_prio_bias(struct vx_info *, void __user *);
++extern int vc_get_prio_bias(struct vx_info *, void __user *);
++
++#endif /* _VSERVER_SCHED_CMD_H */
+diff -urNp -x '*.orig' linux-4.9/include/linux/vserver/sched_def.h linux-4.9/include/linux/vserver/sched_def.h
+--- linux-4.9/include/linux/vserver/sched_def.h 1970-01-01 01:00:00.000000000 +0100
++++ linux-4.9/include/linux/vserver/sched_def.h 2021-02-24 15:47:45.097743096 +0100
+@@ -0,0 +1,38 @@
++#ifndef _VSERVER_SCHED_DEF_H
++#define _VSERVER_SCHED_DEF_H
++
++#include <linux/spinlock.h>
++#include <linux/jiffies.h>
++#include <linux/cpumask.h>
++#include <asm/atomic.h>
++#include <asm/param.h>
++
++
++/* context sub struct */
++
++struct _vx_sched {
++ int prio_bias; /* bias offset for priority */
++
++ cpumask_t update; /* CPUs which should update */
++};
++
++struct _vx_sched_pc {
++ int prio_bias; /* bias offset for priority */
++
++ uint64_t user_ticks; /* token tick events */
++ uint64_t sys_ticks; /* token tick events */
++ uint64_t hold_ticks; /* token ticks paused */
++};
++
++
++#ifdef CONFIG_VSERVER_DEBUG
++
++static inline void __dump_vx_sched(struct _vx_sched *sched)
++{
++ printk("\t_vx_sched:\n");
++ printk("\t priority = %4d\n", sched->prio_bias);
++}
++
++#endif
++
++#endif /* _VSERVER_SCHED_DEF_H */
+diff -urNp -x '*.orig' linux-4.9/include/linux/vserver/signal.h linux-4.9/include/linux/vserver/signal.h
+--- linux-4.9/include/linux/vserver/signal.h 1970-01-01 01:00:00.000000000 +0100
++++ linux-4.9/include/linux/vserver/signal.h 2021-02-24 15:47:45.097743096 +0100
+@@ -0,0 +1,14 @@
++#ifndef _VSERVER_SIGNAL_H
++#define _VSERVER_SIGNAL_H
++
++
++#ifdef __KERNEL__
++
++struct vx_info;
++
++int vx_info_kill(struct vx_info *, int, int);
++
++#endif /* __KERNEL__ */
++#else /* _VSERVER_SIGNAL_H */
++#warning duplicate inclusion
++#endif /* _VSERVER_SIGNAL_H */
+diff -urNp -x '*.orig' linux-4.9/include/linux/vserver/signal_cmd.h linux-4.9/include/linux/vserver/signal_cmd.h
+--- linux-4.9/include/linux/vserver/signal_cmd.h 1970-01-01 01:00:00.000000000 +0100
++++ linux-4.9/include/linux/vserver/signal_cmd.h 2021-02-24 15:47:45.097743096 +0100
+@@ -0,0 +1,14 @@
++#ifndef _VSERVER_SIGNAL_CMD_H
++#define _VSERVER_SIGNAL_CMD_H
++
++#include <uapi/vserver/signal_cmd.h>
++
++
++extern int vc_ctx_kill(struct vx_info *, void __user *);
++extern int vc_wait_exit(struct vx_info *, void __user *);
++
++
++extern int vc_get_pflags(uint32_t pid, void __user *);
++extern int vc_set_pflags(uint32_t pid, void __user *);
++
++#endif /* _VSERVER_SIGNAL_CMD_H */
+diff -urNp -x '*.orig' linux-4.9/include/linux/vserver/space.h linux-4.9/include/linux/vserver/space.h
+--- linux-4.9/include/linux/vserver/space.h 1970-01-01 01:00:00.000000000 +0100
++++ linux-4.9/include/linux/vserver/space.h 2021-02-24 15:47:45.097743096 +0100
+@@ -0,0 +1,12 @@
++#ifndef _VSERVER_SPACE_H
++#define _VSERVER_SPACE_H
++
++#include <linux/types.h>
++
++struct vx_info;
++
++int vx_set_space(struct vx_info *vxi, unsigned long mask, unsigned index);
++
++#else /* _VSERVER_SPACE_H */
++#warning duplicate inclusion
++#endif /* _VSERVER_SPACE_H */
+diff -urNp -x '*.orig' linux-4.9/include/linux/vserver/space_cmd.h linux-4.9/include/linux/vserver/space_cmd.h
+--- linux-4.9/include/linux/vserver/space_cmd.h 1970-01-01 01:00:00.000000000 +0100
++++ linux-4.9/include/linux/vserver/space_cmd.h 2021-02-24 15:47:45.097743096 +0100
+@@ -0,0 +1,13 @@
++#ifndef _VSERVER_SPACE_CMD_H
++#define _VSERVER_SPACE_CMD_H
++
++#include <uapi/vserver/space_cmd.h>
++
++
++extern int vc_enter_space_v1(struct vx_info *, void __user *);
++extern int vc_set_space_v1(struct vx_info *, void __user *);
++extern int vc_enter_space(struct vx_info *, void __user *);
++extern int vc_set_space(struct vx_info *, void __user *);
++extern int vc_get_space_mask(void __user *, int);
++
++#endif /* _VSERVER_SPACE_CMD_H */
+diff -urNp -x '*.orig' linux-4.9/include/linux/vserver/switch.h linux-4.9/include/linux/vserver/switch.h
+--- linux-4.9/include/linux/vserver/switch.h 1970-01-01 01:00:00.000000000 +0100
++++ linux-4.9/include/linux/vserver/switch.h 2021-02-24 15:47:45.097743096 +0100
+@@ -0,0 +1,8 @@
++#ifndef _VSERVER_SWITCH_H
++#define _VSERVER_SWITCH_H
++
++
++#include <linux/errno.h>
++#include <uapi/vserver/switch.h>
++
++#endif /* _VSERVER_SWITCH_H */
+diff -urNp -x '*.orig' linux-4.9/include/linux/vserver/tag.h linux-4.9/include/linux/vserver/tag.h
+--- linux-4.9/include/linux/vserver/tag.h 1970-01-01 01:00:00.000000000 +0100
++++ linux-4.9/include/linux/vserver/tag.h 2021-02-24 15:47:45.097743096 +0100
+@@ -0,0 +1,160 @@
++#ifndef _DX_TAG_H
++#define _DX_TAG_H
++
++#include <linux/types.h>
++#include <linux/uidgid.h>
++
++
++#define DX_TAG(in) (IS_TAGGED(in))
++
++
++#ifdef CONFIG_TAG_NFSD
++#define DX_TAG_NFSD 1
++#else
++#define DX_TAG_NFSD 0
++#endif
++
++
++#ifdef CONFIG_TAGGING_NONE
++
++#define MAX_UID 0xFFFFFFFF
++#define MAX_GID 0xFFFFFFFF
++
++#define INOTAG_TAG(cond, uid, gid, tag) (0)
++
++#define TAGINO_UID(cond, uid, tag) (uid)
++#define TAGINO_GID(cond, gid, tag) (gid)
++
++#endif
++
++
++#ifdef CONFIG_TAGGING_GID16
++
++#define MAX_UID 0xFFFFFFFF
++#define MAX_GID 0x0000FFFF
++
++#define INOTAG_TAG(cond, uid, gid, tag) \
++ ((cond) ? (((gid) >> 16) & 0xFFFF) : 0)
++
++#define TAGINO_UID(cond, uid, tag) (uid)
++#define TAGINO_GID(cond, gid, tag) \
++ ((cond) ? (((gid) & 0xFFFF) | ((tag) << 16)) : (gid))
++
++#endif
++
++
++#ifdef CONFIG_TAGGING_ID24
++
++#define MAX_UID 0x00FFFFFF
++#define MAX_GID 0x00FFFFFF
++
++#define INOTAG_TAG(cond, uid, gid, tag) \
++ ((cond) ? ((((uid) >> 16) & 0xFF00) | (((gid) >> 24) & 0xFF)) : 0)
++
++#define TAGINO_UID(cond, uid, tag) \
++ ((cond) ? (((uid) & 0xFFFFFF) | (((tag) & 0xFF00) << 16)) : (uid))
++#define TAGINO_GID(cond, gid, tag) \
++ ((cond) ? (((gid) & 0xFFFFFF) | (((tag) & 0x00FF) << 24)) : (gid))
++
++#endif
++
++
++#ifdef CONFIG_TAGGING_UID16
++
++#define MAX_UID 0x0000FFFF
++#define MAX_GID 0xFFFFFFFF
++
++#define INOTAG_TAG(cond, uid, gid, tag) \
++ ((cond) ? (((uid) >> 16) & 0xFFFF) : 0)
++
++#define TAGINO_UID(cond, uid, tag) \
++ ((cond) ? (((uid) & 0xFFFF) | ((tag) << 16)) : (uid))
++#define TAGINO_GID(cond, gid, tag) (gid)
++
++#endif
++
++
++#ifdef CONFIG_TAGGING_INTERN
++
++#define MAX_UID 0xFFFFFFFF
++#define MAX_GID 0xFFFFFFFF
++
++#define INOTAG_TAG(cond, uid, gid, tag) \
++ ((cond) ? (tag) : 0)
++
++#define TAGINO_UID(cond, uid, tag) (uid)
++#define TAGINO_GID(cond, gid, tag) (gid)
++
++#endif
++
++
++#ifndef CONFIG_TAGGING_NONE
++#define dx_current_fstag(sb) \
++ ((sb)->s_flags & MS_TAGGED ? dx_current_tag() : 0)
++#else
++#define dx_current_fstag(sb) (0)
++#endif
++
++#ifndef CONFIG_TAGGING_INTERN
++#define TAGINO_TAG(cond, tag) (0)
++#else
++#define TAGINO_TAG(cond, tag) ((cond) ? (tag) : 0)
++#endif
++
++#define TAGINO_KUID(cond, kuid, ktag) \
++ KUIDT_INIT(TAGINO_UID(cond, __kuid_val(kuid), __ktag_val(ktag)))
++#define TAGINO_KGID(cond, kgid, ktag) \
++ KGIDT_INIT(TAGINO_GID(cond, __kgid_val(kgid), __ktag_val(ktag)))
++#define TAGINO_KTAG(cond, ktag) \
++ KTAGT_INIT(TAGINO_TAG(cond, __ktag_val(ktag)))
++
++
++#define INOTAG_UID(cond, uid, gid) \
++ ((cond) ? ((uid) & MAX_UID) : (uid))
++#define INOTAG_GID(cond, uid, gid) \
++ ((cond) ? ((gid) & MAX_GID) : (gid))
++
++#define INOTAG_KUID(cond, kuid, kgid) \
++ KUIDT_INIT(INOTAG_UID(cond, __kuid_val(kuid), __kgid_val(kgid)))
++#define INOTAG_KGID(cond, kuid, kgid) \
++ KGIDT_INIT(INOTAG_GID(cond, __kuid_val(kuid), __kgid_val(kgid)))
++#define INOTAG_KTAG(cond, kuid, kgid, ktag) \
++ KTAGT_INIT(INOTAG_TAG(cond, \
++ __kuid_val(kuid), __kgid_val(kgid), __ktag_val(ktag)))
++
++
++static inline uid_t dx_map_uid(uid_t uid)
++{
++ if ((uid > MAX_UID) && (uid != -1))
++ uid = -2;
++ return (uid & MAX_UID);
++}
++
++static inline gid_t dx_map_gid(gid_t gid)
++{
++ if ((gid > MAX_GID) && (gid != -1))
++ gid = -2;
++ return (gid & MAX_GID);
++}
++
++struct peer_tag {
++ int32_t xid;
++ int32_t nid;
++};
++
++#define dx_notagcheck(sb) ((sb) && ((sb)->s_flags & MS_NOTAGCHECK))
++
++int dx_parse_tag(char *string, vtag_t *tag, int remove, int *mnt_flags,
++ unsigned long *flags);
++
++#ifdef CONFIG_PROPAGATE
++
++void __dx_propagate_tag(struct nameidata *nd, struct inode *inode);
++
++#define dx_propagate_tag(n, i) __dx_propagate_tag(n, i)
++
++#else
++#define dx_propagate_tag(n, i) do { } while (0)
++#endif
++
++#endif /* _DX_TAG_H */
+diff -urNp -x '*.orig' linux-4.9/include/linux/vserver/tag_cmd.h linux-4.9/include/linux/vserver/tag_cmd.h
+--- linux-4.9/include/linux/vserver/tag_cmd.h 1970-01-01 01:00:00.000000000 +0100
++++ linux-4.9/include/linux/vserver/tag_cmd.h 2021-02-24 15:47:45.097743096 +0100
+@@ -0,0 +1,10 @@
++#ifndef _VSERVER_TAG_CMD_H
++#define _VSERVER_TAG_CMD_H
++
++#include <uapi/vserver/tag_cmd.h>
++
++extern int vc_task_tag(uint32_t);
++
++extern int vc_tag_migrate(uint32_t);
++
++#endif /* _VSERVER_TAG_CMD_H */
+diff -urNp -x '*.orig' linux-4.9/include/net/addrconf.h linux-4.9/include/net/addrconf.h
+--- linux-4.9/include/net/addrconf.h 2021-02-24 15:47:32.424013281 +0100
++++ linux-4.9/include/net/addrconf.h 2021-02-24 15:47:45.101076533 +0100
+@@ -85,7 +85,7 @@ struct inet6_ifaddr *ipv6_get_ifaddr(str
+
+ int ipv6_dev_get_saddr(struct net *net, const struct net_device *dev,
+ const struct in6_addr *daddr, unsigned int srcprefs,
+- struct in6_addr *saddr);
++ struct in6_addr *saddr, struct nx_info *nxi);
+ int __ipv6_get_lladdr(struct inet6_dev *idev, struct in6_addr *addr,
+ u32 banned_flags);
+ int ipv6_get_lladdr(struct net_device *dev, struct in6_addr *addr,
+diff -urNp -x '*.orig' linux-4.9/include/net/af_unix.h linux-4.9/include/net/af_unix.h
+--- linux-4.9/include/net/af_unix.h 2016-12-11 20:17:54.000000000 +0100
++++ linux-4.9/include/net/af_unix.h 2021-02-24 15:47:45.101076533 +0100
+@@ -4,6 +4,7 @@
+ #include <linux/socket.h>
+ #include <linux/un.h>
+ #include <linux/mutex.h>
++// #include <linux/vs_base.h>
+ #include <net/sock.h>
+
+ void unix_inflight(struct user_struct *user, struct file *fp);
+diff -urNp -x '*.orig' linux-4.9/include/net/inet_timewait_sock.h linux-4.9/include/net/inet_timewait_sock.h
+--- linux-4.9/include/net/inet_timewait_sock.h 2021-02-24 15:47:32.427346719 +0100
++++ linux-4.9/include/net/inet_timewait_sock.h 2021-02-24 15:47:45.101076533 +0100
+@@ -72,6 +72,10 @@ struct inet_timewait_sock {
+ #define tw_num __tw_common.skc_num
+ #define tw_cookie __tw_common.skc_cookie
+ #define tw_dr __tw_common.skc_tw_dr
++#define tw_xid __tw_common.skc_xid
++#define tw_vx_info __tw_common.skc_vx_info
++#define tw_nid __tw_common.skc_nid
++#define tw_nx_info __tw_common.skc_nx_info
+
+ int tw_timeout;
+ volatile unsigned char tw_substate;
+diff -urNp -x '*.orig' linux-4.9/include/net/ip6_route.h linux-4.9/include/net/ip6_route.h
+--- linux-4.9/include/net/ip6_route.h 2021-02-24 15:47:32.427346719 +0100
++++ linux-4.9/include/net/ip6_route.h 2021-02-24 15:47:45.101076533 +0100
+@@ -26,6 +26,7 @@ struct route_info {
+ #include <linux/ip.h>
+ #include <linux/ipv6.h>
+ #include <linux/route.h>
++#include <linux/vs_inet6.h>
+
+ #define RT6_LOOKUP_F_IFACE 0x00000001
+ #define RT6_LOOKUP_F_REACHABLE 0x00000002
+@@ -98,17 +99,19 @@ int ip6_del_rt(struct rt6_info *);
+ static inline int ip6_route_get_saddr(struct net *net, struct rt6_info *rt,
+ const struct in6_addr *daddr,
+ unsigned int prefs,
+- struct in6_addr *saddr)
++ struct in6_addr *saddr,
++ struct nx_info *nxi)
+ {
+ struct inet6_dev *idev =
+ rt ? ip6_dst_idev((struct dst_entry *)rt) : NULL;
+ int err = 0;
+
+- if (rt && rt->rt6i_prefsrc.plen)
++ if (rt && rt->rt6i_prefsrc.plen && (!nxi ||
++ v6_addr_in_nx_info(nxi, &rt->rt6i_prefsrc.addr, NXA_TYPE_ADDR)))
+ *saddr = rt->rt6i_prefsrc.addr;
+ else
+ err = ipv6_dev_get_saddr(net, idev ? idev->dev : NULL,
+- daddr, prefs, saddr);
++ daddr, prefs, saddr, nxi);
+
+ return err;
+ }
+diff -urNp -x '*.orig' linux-4.9/include/net/route.h linux-4.9/include/net/route.h
+--- linux-4.9/include/net/route.h 2021-02-24 15:47:32.434013594 +0100
++++ linux-4.9/include/net/route.h 2021-02-24 15:47:45.101076533 +0100
+@@ -226,6 +226,9 @@ static inline void ip_rt_put(struct rtab
+ dst_release(&rt->dst);
+ }
+
++#include <linux/vs_base.h>
++#include <linux/vs_inet.h>
++
+ #define IPTOS_RT_MASK (IPTOS_TOS_MASK & ~3)
+
+ extern const __u8 ip_tos2prio[16];
+@@ -273,6 +276,9 @@ static inline void ip_route_connect_init
+ protocol, flow_flags, dst, src, dport, sport);
+ }
+
++extern struct rtable *ip_v4_find_src(struct net *net, struct nx_info *,
++ struct flowi4 *);
++
+ static inline struct rtable *ip_route_connect(struct flowi4 *fl4,
+ __be32 dst, __be32 src, u32 tos,
+ int oif, u8 protocol,
+@@ -281,11 +287,25 @@ static inline struct rtable *ip_route_co
+ {
+ struct net *net = sock_net(sk);
+ struct rtable *rt;
++ struct nx_info *nx_info = current_nx_info();
+
+ ip_route_connect_init(fl4, dst, src, tos, oif, protocol,
+ sport, dport, sk);
+
+- if (!dst || !src) {
++ if (sk)
++ nx_info = sk->sk_nx_info;
++
++ vxdprintk(VXD_CBIT(net, 4),
++ "ip_route_connect(%p) %p,%p;%lx",
++ sk, nx_info, sk->sk_socket,
++ (sk->sk_socket?sk->sk_socket->flags:0));
++
++ rt = ip_v4_find_src(net, nx_info, fl4);
++ if (IS_ERR(rt))
++ return rt;
++ ip_rt_put(rt);
++
++ if (!fl4->daddr || !fl4->saddr) {
+ rt = __ip_route_output_key(net, fl4);
+ if (IS_ERR(rt))
+ return rt;
+diff -urNp -x '*.orig' linux-4.9/include/net/sock.h linux-4.9/include/net/sock.h
+--- linux-4.9/include/net/sock.h 2021-02-24 15:47:32.434013594 +0100
++++ linux-4.9/include/net/sock.h 2021-02-24 15:47:45.101076533 +0100
+@@ -187,6 +187,10 @@ struct sock_common {
+ struct in6_addr skc_v6_daddr;
+ struct in6_addr skc_v6_rcv_saddr;
+ #endif
++ vxid_t skc_xid;
++ struct vx_info *skc_vx_info;
++ vnid_t skc_nid;
++ struct nx_info *skc_nx_info;
+
+ atomic64_t skc_cookie;
+
+@@ -337,8 +341,12 @@ struct sock {
+ #define sk_prot __sk_common.skc_prot
+ #define sk_net __sk_common.skc_net
+ #define sk_v6_daddr __sk_common.skc_v6_daddr
+-#define sk_v6_rcv_saddr __sk_common.skc_v6_rcv_saddr
++#define sk_v6_rcv_saddr __sk_common.skc_v6_rcv_saddr
+ #define sk_cookie __sk_common.skc_cookie
++#define sk_xid __sk_common.skc_xid
++#define sk_vx_info __sk_common.skc_vx_info
++#define sk_nid __sk_common.skc_nid
++#define sk_nx_info __sk_common.skc_nx_info
+ #define sk_incoming_cpu __sk_common.skc_incoming_cpu
+ #define sk_flags __sk_common.skc_flags
+ #define sk_rxhash __sk_common.skc_rxhash
+diff -urNp -x '*.orig' linux-4.9/include/uapi/Kbuild linux-4.9/include/uapi/Kbuild
+--- linux-4.9/include/uapi/Kbuild 2016-12-11 20:17:54.000000000 +0100
++++ linux-4.9/include/uapi/Kbuild 2021-02-24 15:47:45.101076533 +0100
+@@ -13,3 +13,4 @@ header-y += drm/
+ header-y += xen/
+ header-y += scsi/
+ header-y += misc/
++header-y += vserver/
+diff -urNp -x '*.orig' linux-4.9/include/uapi/linux/btrfs_tree.h linux-4.9/include/uapi/linux/btrfs_tree.h
+--- linux-4.9/include/uapi/linux/btrfs_tree.h 2021-02-24 15:47:32.444013907 +0100
++++ linux-4.9/include/uapi/linux/btrfs_tree.h 2021-02-24 15:47:45.101076533 +0100
+@@ -566,11 +566,14 @@ struct btrfs_inode_item {
+ /* modification sequence number for NFS */
+ __le64 sequence;
+
++ __le16 tag;
+ /*
+ * a little future expansion, for more than this we can
+ * just grow the inode item and version it
+ */
+- __le64 reserved[4];
++ __le16 reserved16;
++ __le32 reserved32;
++ __le64 reserved[3];
+ struct btrfs_timespec atime;
+ struct btrfs_timespec ctime;
+ struct btrfs_timespec mtime;
+diff -urNp -x '*.orig' linux-4.9/include/uapi/linux/capability.h linux-4.9/include/uapi/linux/capability.h
+--- linux-4.9/include/uapi/linux/capability.h 2016-12-11 20:17:54.000000000 +0100
++++ linux-4.9/include/uapi/linux/capability.h 2021-02-24 15:47:45.101076533 +0100
+@@ -257,6 +257,7 @@ struct vfs_cap_data {
+ arbitrary SCSI commands */
+ /* Allow setting encryption key on loopback filesystem */
+ /* Allow setting zone reclaim policy */
++/* Allow the selection of a security context */
+
+ #define CAP_SYS_ADMIN 21
+
+@@ -352,7 +353,12 @@ struct vfs_cap_data {
+
+ #define CAP_LAST_CAP CAP_AUDIT_READ
+
+-#define cap_valid(x) ((x) >= 0 && (x) <= CAP_LAST_CAP)
++/* Allow context manipulations */
++/* Allow changing context info on files */
++
++#define CAP_CONTEXT 63
++
++#define cap_valid(x) ((x) >= 0 && ((x) <= CAP_LAST_CAP || (x) == CAP_CONTEXT))
+
+ /*
+ * Bit location of each capability (used by user-space library and kernel)
+diff -urNp -x '*.orig' linux-4.9/include/uapi/linux/fs.h linux-4.9/include/uapi/linux/fs.h
+--- linux-4.9/include/uapi/linux/fs.h 2021-02-24 15:47:32.444013907 +0100
++++ linux-4.9/include/uapi/linux/fs.h 2021-02-24 15:47:45.101076533 +0100
+@@ -130,6 +130,9 @@ struct inodes_stat_t {
+ #define MS_I_VERSION (1<<23) /* Update inode I_version field */
+ #define MS_STRICTATIME (1<<24) /* Always perform atime updates */
+ #define MS_LAZYTIME (1<<25) /* Update the on-disk [acm]times lazily */
++#define MS_TAGGED (1<<8) /* use generic inode tagging */
++#define MS_NOTAGCHECK (1<<9) /* don't check tags */
++#define MS_TAGID (1<<26) /* use specific tag for this mount */
+
+ /* These sb flags are internal to the kernel */
+ #define MS_SUBMOUNT (1<<26)
+@@ -313,13 +316,16 @@ struct fscrypt_policy {
+ #define FS_EA_INODE_FL 0x00200000 /* Inode used for large EA */
+ #define FS_EOFBLOCKS_FL 0x00400000 /* Reserved for ext4 */
+ #define FS_NOCOW_FL 0x00800000 /* Do not cow file */
++#define FS_IXUNLINK_FL 0x08000000 /* Immutable invert on unlink */
+ #define FS_INLINE_DATA_FL 0x10000000 /* Reserved for ext4 */
+ #define FS_PROJINHERIT_FL 0x20000000 /* Create with parents projid */
+ #define FS_RESERVED_FL 0x80000000 /* reserved for ext2 lib */
+
+-#define FS_FL_USER_VISIBLE 0x0003DFFF /* User visible flags */
+-#define FS_FL_USER_MODIFIABLE 0x000380FF /* User modifiable flags */
++#define FS_BARRIER_FL 0x04000000 /* Barrier for chroot() */
++#define FS_COW_FL 0x20000000 /* Copy on Write marker */
+
++#define FS_FL_USER_VISIBLE 0x0103DFFF /* User visible flags */
++#define FS_FL_USER_MODIFIABLE 0x010380FF /* User modifiable flags */
+
+ #define SYNC_FILE_RANGE_WAIT_BEFORE 1
+ #define SYNC_FILE_RANGE_WRITE 2
+diff -urNp -x '*.orig' linux-4.9/include/uapi/linux/gfs2_ondisk.h linux-4.9/include/uapi/linux/gfs2_ondisk.h
+--- linux-4.9/include/uapi/linux/gfs2_ondisk.h 2016-12-11 20:17:54.000000000 +0100
++++ linux-4.9/include/uapi/linux/gfs2_ondisk.h 2021-02-24 15:47:45.104409971 +0100
+@@ -225,6 +225,9 @@ enum {
+ gfs2fl_Sync = 8,
+ gfs2fl_System = 9,
+ gfs2fl_TopLevel = 10,
++ gfs2fl_IXUnlink = 16,
++ gfs2fl_Barrier = 17,
++ gfs2fl_Cow = 18,
+ gfs2fl_TruncInProg = 29,
+ gfs2fl_InheritDirectio = 30,
+ gfs2fl_InheritJdata = 31,
+@@ -242,6 +245,9 @@ enum {
+ #define GFS2_DIF_SYNC 0x00000100
+ #define GFS2_DIF_SYSTEM 0x00000200 /* New in gfs2 */
+ #define GFS2_DIF_TOPDIR 0x00000400 /* New in gfs2 */
++#define GFS2_DIF_IXUNLINK 0x00010000
++#define GFS2_DIF_BARRIER 0x00020000
++#define GFS2_DIF_COW 0x00040000
+ #define GFS2_DIF_TRUNC_IN_PROG 0x20000000 /* New in gfs2 */
+ #define GFS2_DIF_INHERIT_DIRECTIO 0x40000000 /* only in gfs1 */
+ #define GFS2_DIF_INHERIT_JDATA 0x80000000
+diff -urNp -x '*.orig' linux-4.9/include/uapi/linux/if_tun.h linux-4.9/include/uapi/linux/if_tun.h
+--- linux-4.9/include/uapi/linux/if_tun.h 2016-12-11 20:17:54.000000000 +0100
++++ linux-4.9/include/uapi/linux/if_tun.h 2021-02-24 15:47:45.104409971 +0100
+@@ -56,6 +56,7 @@
+ */
+ #define TUNSETVNETBE _IOW('T', 222, int)
+ #define TUNGETVNETBE _IOR('T', 223, int)
++#define TUNSETNID _IOW('T', 224, int)
+
+ /* TUNSETIFF ifr flags */
+ #define IFF_TUN 0x0001
+diff -urNp -x '*.orig' linux-4.9/include/uapi/linux/major.h linux-4.9/include/uapi/linux/major.h
+--- linux-4.9/include/uapi/linux/major.h 2016-12-11 20:17:54.000000000 +0100
++++ linux-4.9/include/uapi/linux/major.h 2021-02-24 15:47:45.104409971 +0100
+@@ -15,6 +15,7 @@
+ #define HD_MAJOR IDE0_MAJOR
+ #define PTY_SLAVE_MAJOR 3
+ #define TTY_MAJOR 4
++#define VROOT_MAJOR 4
+ #define TTYAUX_MAJOR 5
+ #define LP_MAJOR 6
+ #define VCS_MAJOR 7
+diff -urNp -x '*.orig' linux-4.9/include/uapi/linux/nfs_mount.h linux-4.9/include/uapi/linux/nfs_mount.h
+--- linux-4.9/include/uapi/linux/nfs_mount.h 2016-12-11 20:17:54.000000000 +0100
++++ linux-4.9/include/uapi/linux/nfs_mount.h 2021-02-24 15:47:45.104409971 +0100
+@@ -63,7 +63,8 @@ struct nfs_mount_data {
+ #define NFS_MOUNT_SECFLAVOUR 0x2000 /* 5 non-text parsed mount data only */
+ #define NFS_MOUNT_NORDIRPLUS 0x4000 /* 5 */
+ #define NFS_MOUNT_UNSHARED 0x8000 /* 5 */
+-#define NFS_MOUNT_FLAGMASK 0xFFFF
++#define NFS_MOUNT_TAGGED 0x10000 /* context tagging */
++#define NFS_MOUNT_FLAGMASK 0x1FFFF
+
+ /* The following are for internal use only */
+ #define NFS_MOUNT_LOOKUP_CACHE_NONEG 0x10000
+diff -urNp -x '*.orig' linux-4.9/include/uapi/linux/reboot.h linux-4.9/include/uapi/linux/reboot.h
+--- linux-4.9/include/uapi/linux/reboot.h 2016-12-11 20:17:54.000000000 +0100
++++ linux-4.9/include/uapi/linux/reboot.h 2021-02-24 15:47:45.104409971 +0100
+@@ -33,7 +33,7 @@
+ #define LINUX_REBOOT_CMD_RESTART2 0xA1B2C3D4
+ #define LINUX_REBOOT_CMD_SW_SUSPEND 0xD000FCE2
+ #define LINUX_REBOOT_CMD_KEXEC 0x45584543
+-
++#define LINUX_REBOOT_CMD_OOM 0xDEADBEEF
+
+
+ #endif /* _UAPI_LINUX_REBOOT_H */
+diff -urNp -x '*.orig' linux-4.9/include/uapi/linux/sysctl.h linux-4.9/include/uapi/linux/sysctl.h
+--- linux-4.9/include/uapi/linux/sysctl.h 2021-02-24 15:47:32.450680782 +0100
++++ linux-4.9/include/uapi/linux/sysctl.h 2021-02-24 15:47:45.104409971 +0100
+@@ -58,6 +58,7 @@ enum
+ CTL_ABI=9, /* Binary emulation */
+ CTL_CPU=10, /* CPU stuff (speed scaling, etc) */
+ CTL_ARLAN=254, /* arlan wireless driver */
++ CTL_VSERVER=4242, /* Linux-VServer debug */
+ CTL_S390DBF=5677, /* s390 debug */
+ CTL_SUNRPC=7249, /* sunrpc debug */
+ CTL_PM=9899, /* frv power management */
+@@ -92,6 +93,7 @@ enum
+
+ KERN_PANIC=15, /* int: panic timeout */
+ KERN_REALROOTDEV=16, /* real root device to mount after initrd */
++ KERN_VSHELPER=17, /* string: path to vshelper policy agent */
+
+ KERN_SPARC_REBOOT=21, /* reboot command on Sparc */
+ KERN_CTLALTDEL=22, /* int: allow ctl-alt-del to reboot */
+diff -urNp -x '*.orig' linux-4.9/include/uapi/vserver/Kbuild linux-4.9/include/uapi/vserver/Kbuild
+--- linux-4.9/include/uapi/vserver/Kbuild 1970-01-01 01:00:00.000000000 +0100
++++ linux-4.9/include/uapi/vserver/Kbuild 2021-02-24 15:47:45.104409971 +0100
+@@ -0,0 +1,9 @@
++
++header-y += context_cmd.h network_cmd.h space_cmd.h \
++ cacct_cmd.h cvirt_cmd.h limit_cmd.h dlimit_cmd.h \
++ inode_cmd.h tag_cmd.h sched_cmd.h signal_cmd.h \
++ debug_cmd.h device_cmd.h
++
++header-y += switch.h context.h network.h monitor.h \
++ limit.h inode.h device.h
++
+diff -urNp -x '*.orig' linux-4.9/include/uapi/vserver/cacct_cmd.h linux-4.9/include/uapi/vserver/cacct_cmd.h
+--- linux-4.9/include/uapi/vserver/cacct_cmd.h 1970-01-01 01:00:00.000000000 +0100
++++ linux-4.9/include/uapi/vserver/cacct_cmd.h 2021-02-24 15:47:45.104409971 +0100
+@@ -0,0 +1,15 @@
++#ifndef _UAPI_VS_CACCT_CMD_H
++#define _UAPI_VS_CACCT_CMD_H
++
++
++/* virtual host info name commands */
++
++#define VCMD_sock_stat VC_CMD(VSTAT, 5, 0)
++
++struct vcmd_sock_stat_v0 {
++ uint32_t field;
++ uint32_t count[3];
++ uint64_t total[3];
++};
++
++#endif /* _UAPI_VS_CACCT_CMD_H */
+diff -urNp -x '*.orig' linux-4.9/include/uapi/vserver/context.h linux-4.9/include/uapi/vserver/context.h
+--- linux-4.9/include/uapi/vserver/context.h 1970-01-01 01:00:00.000000000 +0100
++++ linux-4.9/include/uapi/vserver/context.h 2021-02-24 15:47:45.104409971 +0100
+@@ -0,0 +1,81 @@
++#ifndef _UAPI_VS_CONTEXT_H
++#define _UAPI_VS_CONTEXT_H
++
++#include <linux/types.h>
++#include <linux/capability.h>
++
++
++/* context flags */
++
++#define VXF_INFO_SCHED 0x00000002
++#define VXF_INFO_NPROC 0x00000004
++#define VXF_INFO_PRIVATE 0x00000008
++
++#define VXF_INFO_INIT 0x00000010
++#define VXF_INFO_HIDE 0x00000020
++#define VXF_INFO_ULIMIT 0x00000040
++#define VXF_INFO_NSPACE 0x00000080
++
++#define VXF_SCHED_HARD 0x00000100
++#define VXF_SCHED_PRIO 0x00000200
++#define VXF_SCHED_PAUSE 0x00000400
++
++#define VXF_VIRT_MEM 0x00010000
++#define VXF_VIRT_UPTIME 0x00020000
++#define VXF_VIRT_CPU 0x00040000
++#define VXF_VIRT_LOAD 0x00080000
++#define VXF_VIRT_TIME 0x00100000
++
++#define VXF_HIDE_MOUNT 0x01000000
++/* was VXF_HIDE_NETIF 0x02000000 */
++#define VXF_HIDE_VINFO 0x04000000
++
++#define VXF_STATE_SETUP (1ULL << 32)
++#define VXF_STATE_INIT (1ULL << 33)
++#define VXF_STATE_ADMIN (1ULL << 34)
++
++#define VXF_SC_HELPER (1ULL << 36)
++#define VXF_REBOOT_KILL (1ULL << 37)
++#define VXF_PERSISTENT (1ULL << 38)
++
++#define VXF_FORK_RSS (1ULL << 48)
++#define VXF_PROLIFIC (1ULL << 49)
++
++#define VXF_IGNEG_NICE (1ULL << 52)
++
++#define VXF_ONE_TIME (0x0007ULL << 32)
++
++#define VXF_INIT_SET (VXF_STATE_SETUP | VXF_STATE_INIT | VXF_STATE_ADMIN)
++
++
++/* context migration */
++
++#define VXM_SET_INIT 0x00000001
++#define VXM_SET_REAPER 0x00000002
++
++/* context caps */
++
++#define VXC_SET_UTSNAME 0x00000001
++#define VXC_SET_RLIMIT 0x00000002
++#define VXC_FS_SECURITY 0x00000004
++#define VXC_FS_TRUSTED 0x00000008
++#define VXC_TIOCSTI 0x00000010
++
++/* was VXC_RAW_ICMP 0x00000100 */
++#define VXC_SYSLOG 0x00001000
++#define VXC_OOM_ADJUST 0x00002000
++#define VXC_AUDIT_CONTROL 0x00004000
++
++#define VXC_SECURE_MOUNT 0x00010000
++/* #define VXC_SECURE_REMOUNT 0x00020000 */
++#define VXC_BINARY_MOUNT 0x00040000
++#define VXC_DEV_MOUNT 0x00080000
++
++#define VXC_QUOTA_CTL 0x00100000
++#define VXC_ADMIN_MAPPER 0x00200000
++#define VXC_ADMIN_CLOOP 0x00400000
++
++#define VXC_KTHREAD 0x01000000
++#define VXC_NAMESPACE 0x02000000
++
++#endif /* _UAPI_VS_CONTEXT_H */
+diff -urNp -x '*.orig' linux-4.9/include/uapi/vserver/context_cmd.h linux-4.9/include/uapi/vserver/context_cmd.h
+--- linux-4.9/include/uapi/vserver/context_cmd.h 1970-01-01 01:00:00.000000000 +0100
++++ linux-4.9/include/uapi/vserver/context_cmd.h 2021-02-24 15:47:45.104409971 +0100
+@@ -0,0 +1,115 @@
++#ifndef _UAPI_VS_CONTEXT_CMD_H
++#define _UAPI_VS_CONTEXT_CMD_H
++
++
++/* vinfo commands */
++
++#define VCMD_task_xid VC_CMD(VINFO, 1, 0)
++
++
++#define VCMD_vx_info VC_CMD(VINFO, 5, 0)
++
++struct vcmd_vx_info_v0 {
++ uint32_t xid;
++ uint32_t initpid;
++ /* more to come */
++};
++
++
++#define VCMD_ctx_stat VC_CMD(VSTAT, 0, 0)
++
++struct vcmd_ctx_stat_v0 {
++ uint32_t usecnt;
++ uint32_t tasks;
++ /* more to come */
++};
++
++
++/* context commands */
++
++#define VCMD_ctx_create_v0 VC_CMD(VPROC, 1, 0)
++#define VCMD_ctx_create VC_CMD(VPROC, 1, 1)
++
++struct vcmd_ctx_create {
++ uint64_t flagword;
++};
++
++#define VCMD_ctx_migrate_v0 VC_CMD(PROCMIG, 1, 0)
++#define VCMD_ctx_migrate VC_CMD(PROCMIG, 1, 1)
++
++struct vcmd_ctx_migrate {
++ uint64_t flagword;
++};
++
++
++
++/* flag commands */
++
++#define VCMD_get_cflags VC_CMD(FLAGS, 1, 0)
++#define VCMD_set_cflags VC_CMD(FLAGS, 2, 0)
++
++struct vcmd_ctx_flags_v0 {
++ uint64_t flagword;
++ uint64_t mask;
++};
++
++
++
++/* context caps commands */
++
++#define VCMD_get_ccaps VC_CMD(FLAGS, 3, 1)
++#define VCMD_set_ccaps VC_CMD(FLAGS, 4, 1)
++
++struct vcmd_ctx_caps_v1 {
++ uint64_t ccaps;
++ uint64_t cmask;
++};
++
++
++
++/* bcaps commands */
++
++#define VCMD_get_bcaps VC_CMD(FLAGS, 9, 0)
++#define VCMD_set_bcaps VC_CMD(FLAGS, 10, 0)
++
++struct vcmd_bcaps {
++ uint64_t bcaps;
++ uint64_t bmask;
++};
++
++
++
++/* umask commands */
++
++#define VCMD_get_umask VC_CMD(FLAGS, 13, 0)
++#define VCMD_set_umask VC_CMD(FLAGS, 14, 0)
++
++struct vcmd_umask {
++ uint64_t umask;
++ uint64_t mask;
++};
++
++
++
++/* wmask commands */
++
++#define VCMD_get_wmask VC_CMD(FLAGS, 15, 0)
++#define VCMD_set_wmask VC_CMD(FLAGS, 16, 0)
++
++struct vcmd_wmask {
++ uint64_t wmask;
++ uint64_t mask;
++};
++
++
++
++/* OOM badness */
++
++#define VCMD_get_badness VC_CMD(MEMCTRL, 5, 0)
++#define VCMD_set_badness VC_CMD(MEMCTRL, 6, 0)
++
++struct vcmd_badness_v0 {
++ int64_t bias;
++};
++
++#endif /* _UAPI_VS_CONTEXT_CMD_H */
+diff -urNp -x '*.orig' linux-4.9/include/uapi/vserver/cvirt_cmd.h linux-4.9/include/uapi/vserver/cvirt_cmd.h
+--- linux-4.9/include/uapi/vserver/cvirt_cmd.h 1970-01-01 01:00:00.000000000 +0100
++++ linux-4.9/include/uapi/vserver/cvirt_cmd.h 2021-02-24 15:47:45.104409971 +0100
+@@ -0,0 +1,41 @@
++#ifndef _UAPI_VS_CVIRT_CMD_H
++#define _UAPI_VS_CVIRT_CMD_H
++
++
++/* virtual host info name commands */
++
++#define VCMD_set_vhi_name VC_CMD(VHOST, 1, 0)
++#define VCMD_get_vhi_name VC_CMD(VHOST, 2, 0)
++
++struct vcmd_vhi_name_v0 {
++ uint32_t field;
++ char name[65];
++};
++
++
++enum vhi_name_field {
++ VHIN_CONTEXT = 0,
++ VHIN_SYSNAME,
++ VHIN_NODENAME,
++ VHIN_RELEASE,
++ VHIN_VERSION,
++ VHIN_MACHINE,
++ VHIN_DOMAINNAME,
++};
++
++
++
++#define VCMD_virt_stat VC_CMD(VSTAT, 3, 0)
++
++struct vcmd_virt_stat_v0 {
++ uint64_t offset;
++ uint64_t uptime;
++ uint32_t nr_threads;
++ uint32_t nr_running;
++ uint32_t nr_uninterruptible;
++ uint32_t nr_onhold;
++ uint32_t nr_forks;
++ uint32_t load[3];
++};
++
++#endif /* _UAPI_VS_CVIRT_CMD_H */
+diff -urNp -x '*.orig' linux-4.9/include/uapi/vserver/debug_cmd.h linux-4.9/include/uapi/vserver/debug_cmd.h
+--- linux-4.9/include/uapi/vserver/debug_cmd.h 1970-01-01 01:00:00.000000000 +0100
++++ linux-4.9/include/uapi/vserver/debug_cmd.h 2021-02-24 15:47:45.104409971 +0100
+@@ -0,0 +1,24 @@
++#ifndef _UAPI_VS_DEBUG_CMD_H
++#define _UAPI_VS_DEBUG_CMD_H
++
++
++/* debug commands */
++
++#define VCMD_dump_history VC_CMD(DEBUG, 1, 0)
++
++#define VCMD_read_history VC_CMD(DEBUG, 5, 0)
++#define VCMD_read_monitor VC_CMD(DEBUG, 6, 0)
++
++struct vcmd_read_history_v0 {
++ uint32_t index;
++ uint32_t count;
++ char __user *data;
++};
++
++struct vcmd_read_monitor_v0 {
++ uint32_t index;
++ uint32_t count;
++ char __user *data;
++};
++
++#endif /* _UAPI_VS_DEBUG_CMD_H */
+diff -urNp -x '*.orig' linux-4.9/include/uapi/vserver/device.h linux-4.9/include/uapi/vserver/device.h
+--- linux-4.9/include/uapi/vserver/device.h 1970-01-01 01:00:00.000000000 +0100
++++ linux-4.9/include/uapi/vserver/device.h 2021-02-24 15:47:45.104409971 +0100
+@@ -0,0 +1,12 @@
++#ifndef _UAPI_VS_DEVICE_H
++#define _UAPI_VS_DEVICE_H
++
++
++#define DATTR_CREATE 0x00000001
++#define DATTR_OPEN 0x00000002
++
++#define DATTR_REMAP 0x00000010
++
++#define DATTR_MASK 0x00000013
++
++#endif /* _UAPI_VS_DEVICE_H */
+diff -urNp -x '*.orig' linux-4.9/include/uapi/vserver/device_cmd.h linux-4.9/include/uapi/vserver/device_cmd.h
+--- linux-4.9/include/uapi/vserver/device_cmd.h 1970-01-01 01:00:00.000000000 +0100
++++ linux-4.9/include/uapi/vserver/device_cmd.h 2021-02-24 15:47:45.104409971 +0100
+@@ -0,0 +1,16 @@
++#ifndef _UAPI_VS_DEVICE_CMD_H
++#define _UAPI_VS_DEVICE_CMD_H
++
++
++/* device vserver commands */
++
++#define VCMD_set_mapping VC_CMD(DEVICE, 1, 0)
++#define VCMD_unset_mapping VC_CMD(DEVICE, 2, 0)
++
++struct vcmd_set_mapping_v0 {
++ const char __user *device;
++ const char __user *target;
++ uint32_t flags;
++};
++
++#endif /* _UAPI_VS_DEVICE_CMD_H */
+diff -urNp -x '*.orig' linux-4.9/include/uapi/vserver/dlimit_cmd.h linux-4.9/include/uapi/vserver/dlimit_cmd.h
+--- linux-4.9/include/uapi/vserver/dlimit_cmd.h 1970-01-01 01:00:00.000000000 +0100
++++ linux-4.9/include/uapi/vserver/dlimit_cmd.h 2021-02-24 15:47:45.104409971 +0100
+@@ -0,0 +1,67 @@
++#ifndef _UAPI_VS_DLIMIT_CMD_H
++#define _UAPI_VS_DLIMIT_CMD_H
++
++
++/* dlimit vserver commands */
++
++#define VCMD_add_dlimit VC_CMD(DLIMIT, 1, 0)
++#define VCMD_rem_dlimit VC_CMD(DLIMIT, 2, 0)
++
++#define VCMD_set_dlimit VC_CMD(DLIMIT, 5, 0)
++#define VCMD_get_dlimit VC_CMD(DLIMIT, 6, 0)
++
++struct vcmd_ctx_dlimit_base_v0 {
++ const char __user *name;
++ uint32_t flags;
++};
++
++struct vcmd_ctx_dlimit_v0 {
++ const char __user *name;
++ uint32_t space_used; /* used space in kbytes */
++ uint32_t space_total; /* maximum space in kbytes */
++ uint32_t inodes_used; /* used inodes */
++ uint32_t inodes_total; /* maximum inodes */
++ uint32_t reserved; /* reserved for root in % */
++ uint32_t flags;
++};
++
++#define CDLIM_UNSET ((uint32_t)0UL)
++#define CDLIM_INFINITY ((uint32_t)~0UL)
++#define CDLIM_KEEP ((uint32_t)~1UL)
++
++#define DLIME_UNIT 0
++#define DLIME_KILO 1
++#define DLIME_MEGA 2
++#define DLIME_GIGA 3
++
++#define DLIMF_SHIFT 0x10
++
++#define DLIMS_USED 0
++#define DLIMS_TOTAL 2
++
++static inline
++uint64_t dlimit_space_32to64(uint32_t val, uint32_t flags, int shift)
++{
++ int exp = (flags & DLIMF_SHIFT) ?
++ (flags >> shift) & DLIME_GIGA : DLIME_KILO;
++ return ((uint64_t)val) << (10 * exp);
++}
++
++static inline
++uint32_t dlimit_space_64to32(uint64_t val, uint32_t *flags, int shift)