-diff -NurpP --minimal linux-2.6.35.4/arch/alpha/Kconfig linux-2.6.35.4-vs2.3.0.36.32/arch/alpha/Kconfig
---- linux-2.6.35.4/arch/alpha/Kconfig 2010-08-02 16:51:53.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/arch/alpha/Kconfig 2010-08-02 17:05:05.000000000 +0200
-@@ -681,6 +681,8 @@ config DUMMY_CONSOLE
+diff -NurpP --minimal linux-3.9.4/Documentation/vserver/debug.txt linux-3.9.4-vs2.3.6.2/Documentation/vserver/debug.txt
+--- linux-3.9.4/Documentation/vserver/debug.txt 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/Documentation/vserver/debug.txt 2013-05-31 14:47:10.000000000 +0000
+@@ -0,0 +1,154 @@
++
++debug_cvirt:
++
++ 2 4 "vx_map_tgid: %p/%llx: %d -> %d"
++ "vx_rmap_tgid: %p/%llx: %d -> %d"
++
++debug_dlim:
++
++ 0 1 "ALLOC (%p,#%d)%c inode (%d)"
++ "FREE (%p,#%d)%c inode"
++ 1 2 "ALLOC (%p,#%d)%c %lld bytes (%d)"
++ "FREE (%p,#%d)%c %lld bytes"
++ 2 4 "ADJUST: %lld,%lld on %ld,%ld [mult=%d]"
++ 3 8 "ext3_has_free_blocks(%p): %lu<%lu+1, %c, %u!=%u r=%d"
++ "ext3_has_free_blocks(%p): free=%lu, root=%lu"
++ "rcu_free_dl_info(%p)"
++ 4 10 "alloc_dl_info(%p,%d) = %p"
++ "dealloc_dl_info(%p)"
++ "get_dl_info(%p[#%d.%d])"
++ "put_dl_info(%p[#%d.%d])"
++ 5 20 "alloc_dl_info(%p,%d)*"
++ 6 40 "__hash_dl_info: %p[#%d]"
++ "__unhash_dl_info: %p[#%d]"
++ 7 80 "locate_dl_info(%p,#%d) = %p"
++
++debug_misc:
++
++ 0 1 "destroy_dqhash: %p [#0x%08x] c=%d"
++ "new_dqhash: %p [#0x%08x]"
++ "vroot[%d]_clr_dev: dev=%p[%lu,%d:%d]"
++ "vroot[%d]_get_real_bdev: dev=%p[%lu,%d:%d]"
++ "vroot[%d]_set_dev: dev=%p[%lu,%d:%d]"
++ "vroot_get_real_bdev not set"
++ 1 2 "cow_break_link(»%s«)"
++ "temp copy »%s«"
++ 2 4 "dentry_open(new): %p"
++ "dentry_open(old): %p"
++ "lookup_create(new): %p"
++ "old path »%s«"
++ "path_lookup(old): %d"
++ "vfs_create(new): %d"
++ "vfs_rename: %d"
++ "vfs_sendfile: %d"
++ 3 8 "fput(new_file=%p[#%d])"
++ "fput(old_file=%p[#%d])"
++ 4 10 "vx_info_kill(%p[#%d],%d,%d) = %d"
++ "vx_info_kill(%p[#%d],%d,%d)*"
++ 5 20 "vs_reboot(%p[#%d],%d)"
++ 6 40 "dropping task %p[#%u,%u] for %p[#%u,%u]"
++
++debug_net:
++
++ 2 4 "nx_addr_conflict(%p,%p) %d.%d,%d.%d"
++ 3 8 "inet_bind(%p) %d.%d.%d.%d, %d.%d.%d.%d, %d.%d.%d.%d"
++ "inet_bind(%p)* %p,%p;%lx %d.%d.%d.%d"
++ 4 10 "ip_route_connect(%p) %p,%p;%lx"
++ 5 20 "__addr_in_socket(%p,%d.%d.%d.%d) %p:%d.%d.%d.%d %p;%lx"
++ 6 40 "sk,egf: %p [#%d] (from %d)"
++ "sk,egn: %p [#%d] (from %d)"
++ "sk,req: %p [#%d] (from %d)"
++ "sk: %p [#%d] (from %d)"
++ "tw: %p [#%d] (from %d)"
++ 7 80 "__sock_recvmsg: %p[%p,%p,%p;%d]:%d/%d"
++ "__sock_sendmsg: %p[%p,%p,%p;%d]:%d/%d"
++
++debug_nid:
++
++ 0 1 "__lookup_nx_info(#%u): %p[#%u]"
++ "alloc_nx_info(%d) = %p"
++ "create_nx_info(%d) (dynamic rejected)"
++ "create_nx_info(%d) = %p (already there)"
++ "create_nx_info(%d) = %p (new)"
++ "dealloc_nx_info(%p)"
++ 1 2 "alloc_nx_info(%d)*"
++ "create_nx_info(%d)*"
++ 2 4 "get_nx_info(%p[#%d.%d])"
++ "put_nx_info(%p[#%d.%d])"
++ 3 8 "claim_nx_info(%p[#%d.%d.%d]) %p"
++ "clr_nx_info(%p[#%d.%d])"
++ "init_nx_info(%p[#%d.%d])"
++ "release_nx_info(%p[#%d.%d.%d]) %p"
++ "set_nx_info(%p[#%d.%d])"
++ 4 10 "__hash_nx_info: %p[#%d]"
++ "__nx_dynamic_id: [#%d]"
++ "__unhash_nx_info: %p[#%d.%d.%d]"
++ 5 20 "moved task %p into nxi:%p[#%d]"
++ "nx_migrate_task(%p,%p[#%d.%d.%d])"
++ "task_get_nx_info(%p)"
++ 6 40 "nx_clear_persistent(%p[#%d])"
++
++debug_quota:
++
++ 0 1 "quota_sync_dqh(%p,%d) discard inode %p"
++ 1 2 "quota_sync_dqh(%p,%d)"
++ "sync_dquots(%p,%d)"
++ "sync_dquots_dqh(%p,%d)"
++ 3 8 "do_quotactl(%p,%d,cmd=%d,id=%d,%p)"
++
++debug_switch:
++
++ 0 1 "vc: VCMD_%02d_%d[%d], %d,%p [%d,%d,%x,%x]"
++ 1 2 "vc: VCMD_%02d_%d[%d] = %08lx(%ld) [%d,%d]"
++ 4 10 "%s: (%s %s) returned %s with %d"
++
++debug_tag:
++
++ 7 80 "dx_parse_tag(»%s«): %d:#%d"
++ "dx_propagate_tag(%p[#%lu.%d]): %d,%d"
++
++debug_xid:
++
++ 0 1 "__lookup_vx_info(#%u): %p[#%u]"
++ "alloc_vx_info(%d) = %p"
++ "alloc_vx_info(%d)*"
++ "create_vx_info(%d) (dynamic rejected)"
++ "create_vx_info(%d) = %p (already there)"
++ "create_vx_info(%d) = %p (new)"
++ "dealloc_vx_info(%p)"
++ "loc_vx_info(%d) = %p (found)"
++ "loc_vx_info(%d) = %p (new)"
++ "loc_vx_info(%d) = %p (not available)"
++ 1 2 "create_vx_info(%d)*"
++ "loc_vx_info(%d)*"
++ 2 4 "get_vx_info(%p[#%d.%d])"
++ "put_vx_info(%p[#%d.%d])"
++ 3 8 "claim_vx_info(%p[#%d.%d.%d]) %p"
++ "clr_vx_info(%p[#%d.%d])"
++ "init_vx_info(%p[#%d.%d])"
++ "release_vx_info(%p[#%d.%d.%d]) %p"
++ "set_vx_info(%p[#%d.%d])"
++ 4 10 "__hash_vx_info: %p[#%d]"
++ "__unhash_vx_info: %p[#%d.%d.%d]"
++ "__vx_dynamic_id: [#%d]"
++ 5 20 "enter_vx_info(%p[#%d],%p) %p[#%d,%p]"
++ "leave_vx_info(%p[#%d,%p]) %p[#%d,%p]"
++ "moved task %p into vxi:%p[#%d]"
++ "task_get_vx_info(%p)"
++ "vx_migrate_task(%p,%p[#%d.%d])"
++ 6 40 "vx_clear_persistent(%p[#%d])"
++ "vx_exit_init(%p[#%d],%p[#%d,%d,%d])"
++ "vx_set_init(%p[#%d],%p[#%d,%d,%d])"
++ "vx_set_persistent(%p[#%d])"
++ "vx_set_reaper(%p[#%d],%p[#%d,%d])"
++ 7 80 "vx_child_reaper(%p[#%u,%u]) = %p[#%u,%u]"
++
++
++debug_limit:
++
++ n 2^n "vx_acc_cres[%5d,%s,%2d]: %5d%s"
++ "vx_cres_avail[%5d,%s,%2d]: %5ld > %5d + %5d"
++
++ m 2^m "vx_acc_page[%5d,%s,%2d]: %5d%s"
++ "vx_acc_pages[%5d,%s,%2d]: %5d += %5d"
++ "vx_pages_avail[%5d,%s,%2d]: %5ld > %5d + %5d"
+diff -NurpP --minimal linux-3.9.4/arch/alpha/Kconfig linux-3.9.4-vs2.3.6.2/arch/alpha/Kconfig
+--- linux-3.9.4/arch/alpha/Kconfig 2013-05-31 13:44:28.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/arch/alpha/Kconfig 2013-05-31 14:47:10.000000000 +0000
+@@ -669,6 +669,8 @@ config DUMMY_CONSOLE
depends on VGA_HOSE
default y
source "security/Kconfig"
source "crypto/Kconfig"
-diff -NurpP --minimal linux-2.6.35.4/arch/alpha/kernel/entry.S linux-2.6.35.4-vs2.3.0.36.32/arch/alpha/kernel/entry.S
---- linux-2.6.35.4/arch/alpha/kernel/entry.S 2009-06-11 17:11:46.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/arch/alpha/kernel/entry.S 2010-08-02 17:05:05.000000000 +0200
-@@ -874,24 +874,15 @@ sys_getxgid:
- .globl sys_getxpid
- .ent sys_getxpid
- sys_getxpid:
-+ lda $sp, -16($sp)
-+ stq $26, 0($sp)
- .prologue 0
-- ldq $2, TI_TASK($8)
-
-- /* See linux/kernel/timer.c sys_getppid for discussion
-- about this loop. */
-- ldq $3, TASK_GROUP_LEADER($2)
-- ldq $4, TASK_REAL_PARENT($3)
-- ldl $0, TASK_TGID($2)
--1: ldl $1, TASK_TGID($4)
--#ifdef CONFIG_SMP
-- mov $4, $5
-- mb
-- ldq $3, TASK_GROUP_LEADER($2)
-- ldq $4, TASK_REAL_PARENT($3)
-- cmpeq $4, $5, $5
-- beq $5, 1b
--#endif
-- stq $1, 80($sp)
-+ lda $16, 96($sp)
-+ jsr $26, do_getxpid
-+ ldq $26, 0($sp)
-+
-+ lda $sp, 16($sp)
- ret
- .end sys_getxpid
-
-diff -NurpP --minimal linux-2.6.35.4/arch/alpha/kernel/osf_sys.c linux-2.6.35.4-vs2.3.0.36.32/arch/alpha/kernel/osf_sys.c
---- linux-2.6.35.4/arch/alpha/kernel/osf_sys.c 2010-07-07 18:30:51.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/arch/alpha/kernel/osf_sys.c 2010-08-02 17:05:05.000000000 +0200
-@@ -866,7 +866,7 @@ SYSCALL_DEFINE2(osf_gettimeofday, struct
- {
- if (tv) {
- struct timeval ktv;
-- do_gettimeofday(&ktv);
-+ vx_gettimeofday(&ktv);
- if (put_tv32(tv, &ktv))
- return -EFAULT;
- }
-diff -NurpP --minimal linux-2.6.35.4/arch/alpha/kernel/ptrace.c linux-2.6.35.4-vs2.3.0.36.32/arch/alpha/kernel/ptrace.c
---- linux-2.6.35.4/arch/alpha/kernel/ptrace.c 2010-07-07 18:30:51.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/arch/alpha/kernel/ptrace.c 2010-08-02 17:05:05.000000000 +0200
-@@ -13,6 +13,7 @@
- #include <linux/user.h>
- #include <linux/security.h>
- #include <linux/signal.h>
-+#include <linux/vs_base.h>
-
- #include <asm/uaccess.h>
- #include <asm/pgtable.h>
-diff -NurpP --minimal linux-2.6.35.4/arch/alpha/kernel/systbls.S linux-2.6.35.4-vs2.3.0.36.32/arch/alpha/kernel/systbls.S
---- linux-2.6.35.4/arch/alpha/kernel/systbls.S 2010-02-25 11:51:19.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/arch/alpha/kernel/systbls.S 2010-08-02 17:05:05.000000000 +0200
+diff -NurpP --minimal linux-3.9.4/arch/alpha/kernel/systbls.S linux-3.9.4-vs2.3.6.2/arch/alpha/kernel/systbls.S
+--- linux-3.9.4/arch/alpha/kernel/systbls.S 2013-02-19 13:56:11.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/arch/alpha/kernel/systbls.S 2013-05-31 14:47:11.000000000 +0000
@@ -446,7 +446,7 @@ sys_call_table:
.quad sys_stat64 /* 425 */
.quad sys_lstat64
.quad sys_ni_syscall /* sys_mbind */
.quad sys_ni_syscall /* sys_get_mempolicy */
.quad sys_ni_syscall /* sys_set_mempolicy */
-diff -NurpP --minimal linux-2.6.35.4/arch/alpha/kernel/traps.c linux-2.6.35.4-vs2.3.0.36.32/arch/alpha/kernel/traps.c
---- linux-2.6.35.4/arch/alpha/kernel/traps.c 2010-07-07 18:30:51.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/arch/alpha/kernel/traps.c 2010-08-02 17:05:05.000000000 +0200
+diff -NurpP --minimal linux-3.9.4/arch/alpha/kernel/traps.c linux-3.9.4-vs2.3.6.2/arch/alpha/kernel/traps.c
+--- linux-3.9.4/arch/alpha/kernel/traps.c 2013-05-31 13:44:28.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/arch/alpha/kernel/traps.c 2013-05-31 14:47:11.000000000 +0000
@@ -184,7 +184,8 @@ die_if_kernel(char * str, struct pt_regs
#ifdef CONFIG_SMP
printk("CPU %d ", hard_smp_processor_id());
+ printk("%s(%d[#%u]): %s %ld\n", current->comm,
+ task_pid_nr(current), current->xid, str, err);
dik_show_regs(regs, r9_15);
- add_taint(TAINT_DIE);
+ add_taint(TAINT_DIE, LOCKDEP_NOW_UNRELIABLE);
dik_show_trace((unsigned long *)(regs+1));
-diff -NurpP --minimal linux-2.6.35.4/arch/arm/include/asm/tlb.h linux-2.6.35.4-vs2.3.0.36.32/arch/arm/include/asm/tlb.h
---- linux-2.6.35.4/arch/arm/include/asm/tlb.h 2009-09-10 15:25:15.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/arch/arm/include/asm/tlb.h 2010-08-02 17:05:05.000000000 +0200
-@@ -27,6 +27,7 @@
-
- #else /* !CONFIG_MMU */
-
-+#include <linux/vs_memory.h>
- #include <asm/pgalloc.h>
-
- /*
-diff -NurpP --minimal linux-2.6.35.4/arch/arm/Kconfig linux-2.6.35.4-vs2.3.0.36.32/arch/arm/Kconfig
---- linux-2.6.35.4/arch/arm/Kconfig 2010-09-05 01:41:56.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/arch/arm/Kconfig 2010-08-14 18:19:32.000000000 +0200
-@@ -1685,6 +1685,8 @@ source "fs/Kconfig"
+diff -NurpP --minimal linux-3.9.4/arch/arm/Kconfig linux-3.9.4-vs2.3.6.2/arch/arm/Kconfig
+--- linux-3.9.4/arch/arm/Kconfig 2013-05-31 13:44:29.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/arch/arm/Kconfig 2013-05-31 14:47:11.000000000 +0000
+@@ -2353,6 +2353,8 @@ source "fs/Kconfig"
source "arch/arm/Kconfig.debug"
source "security/Kconfig"
source "crypto/Kconfig"
-diff -NurpP --minimal linux-2.6.35.4/arch/arm/kernel/calls.S linux-2.6.35.4-vs2.3.0.36.32/arch/arm/kernel/calls.S
---- linux-2.6.35.4/arch/arm/kernel/calls.S 2010-07-07 18:30:52.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/arch/arm/kernel/calls.S 2010-08-02 17:05:05.000000000 +0200
+diff -NurpP --minimal linux-3.9.4/arch/arm/kernel/calls.S linux-3.9.4-vs2.3.6.2/arch/arm/kernel/calls.S
+--- linux-3.9.4/arch/arm/kernel/calls.S 2013-05-31 13:44:29.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/arch/arm/kernel/calls.S 2013-05-31 14:47:11.000000000 +0000
@@ -322,7 +322,7 @@
/* 310 */ CALL(sys_request_key)
CALL(sys_keyctl)
CALL(sys_ioprio_set)
/* 315 */ CALL(sys_ioprio_get)
CALL(sys_inotify_init)
-diff -NurpP --minimal linux-2.6.35.4/arch/arm/kernel/process.c linux-2.6.35.4-vs2.3.0.36.32/arch/arm/kernel/process.c
---- linux-2.6.35.4/arch/arm/kernel/process.c 2010-08-02 16:51:55.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/arch/arm/kernel/process.c 2010-08-02 17:05:05.000000000 +0200
-@@ -269,7 +269,8 @@ void __show_regs(struct pt_regs *regs)
+diff -NurpP --minimal linux-3.9.4/arch/arm/kernel/process.c linux-3.9.4-vs2.3.6.2/arch/arm/kernel/process.c
+--- linux-3.9.4/arch/arm/kernel/process.c 2013-05-31 13:44:29.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/arch/arm/kernel/process.c 2013-05-31 14:47:11.000000000 +0000
+@@ -332,7 +332,8 @@ void __show_regs(struct pt_regs *regs)
void show_regs(struct pt_regs * regs)
{
printk("\n");
+ printk("Pid: %d[#%u], comm: %20s\n",
+ task_pid_nr(current), current->xid, current->comm);
__show_regs(regs);
- __backtrace();
+ dump_stack();
}
-diff -NurpP --minimal linux-2.6.35.4/arch/arm/kernel/traps.c linux-2.6.35.4-vs2.3.0.36.32/arch/arm/kernel/traps.c
---- linux-2.6.35.4/arch/arm/kernel/traps.c 2010-07-07 18:30:52.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/arch/arm/kernel/traps.c 2010-08-02 17:05:05.000000000 +0200
-@@ -243,8 +243,8 @@ static int __die(const char *str, int er
+diff -NurpP --minimal linux-3.9.4/arch/arm/kernel/traps.c linux-3.9.4-vs2.3.6.2/arch/arm/kernel/traps.c
+--- linux-3.9.4/arch/arm/kernel/traps.c 2013-05-31 13:44:29.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/arch/arm/kernel/traps.c 2013-05-31 14:47:11.000000000 +0000
+@@ -249,8 +249,8 @@ static int __die(const char *str, int er
print_modules();
__show_regs(regs);
- printk(KERN_EMERG "Process %.*s (pid: %d, stack limit = 0x%p)\n",
-- TASK_COMM_LEN, tsk->comm, task_pid_nr(tsk), thread + 1);
+- TASK_COMM_LEN, tsk->comm, task_pid_nr(tsk), end_of_stack(tsk));
+ printk(KERN_EMERG "Process %.*s (pid: %d:#%u, stack limit = 0x%p)\n",
-+ TASK_COMM_LEN, tsk->comm, task_pid_nr(tsk), tsk->xid, thread + 1);
++ TASK_COMM_LEN, tsk->comm, task_pid_nr(tsk), tsk->xid, end_of_stack(tsk));
if (!user_mode(regs) || in_interrupt()) {
dump_mem(KERN_EMERG, "Stack: ", regs->ARM_sp,
-diff -NurpP --minimal linux-2.6.35.4/arch/avr32/mm/fault.c linux-2.6.35.4-vs2.3.0.36.32/arch/avr32/mm/fault.c
---- linux-2.6.35.4/arch/avr32/mm/fault.c 2009-09-10 15:25:20.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/arch/avr32/mm/fault.c 2010-08-02 17:05:05.000000000 +0200
-@@ -216,7 +216,8 @@ out_of_memory:
- down_read(&mm->mmap_sem);
- goto survive;
- }
-- printk("VM: Killing process %s\n", tsk->comm);
-+ printk("VM: Killing process %s(%d:#%u)\n",
-+ tsk->comm, task_pid_nr(tsk), tsk->xid);
- if (user_mode(regs))
- do_group_exit(SIGKILL);
- goto no_context;
-diff -NurpP --minimal linux-2.6.35.4/arch/cris/Kconfig linux-2.6.35.4-vs2.3.0.36.32/arch/cris/Kconfig
---- linux-2.6.35.4/arch/cris/Kconfig 2010-08-02 16:52:03.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/arch/cris/Kconfig 2010-08-02 17:05:05.000000000 +0200
-@@ -694,6 +694,8 @@ source "drivers/staging/Kconfig"
+diff -NurpP --minimal linux-3.9.4/arch/cris/Kconfig linux-3.9.4-vs2.3.6.2/arch/cris/Kconfig
+--- linux-3.9.4/arch/cris/Kconfig 2013-05-31 13:44:37.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/arch/cris/Kconfig 2013-05-31 14:47:11.000000000 +0000
+@@ -674,6 +674,8 @@ source "drivers/staging/Kconfig"
source "arch/cris/Kconfig.debug"
source "security/Kconfig"
source "crypto/Kconfig"
-diff -NurpP --minimal linux-2.6.35.4/arch/cris/mm/fault.c linux-2.6.35.4-vs2.3.0.36.32/arch/cris/mm/fault.c
---- linux-2.6.35.4/arch/cris/mm/fault.c 2010-02-25 11:51:26.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/arch/cris/mm/fault.c 2010-08-02 17:05:05.000000000 +0200
-@@ -245,7 +245,8 @@ do_page_fault(unsigned long address, str
-
- out_of_memory:
- up_read(&mm->mmap_sem);
-- printk("VM: killing process %s\n", tsk->comm);
-+ printk("VM: killing process %s(%d:#%u)\n",
-+ tsk->comm, task_pid_nr(tsk), tsk->xid);
- if (user_mode(regs))
- do_exit(SIGKILL);
- goto no_context;
-diff -NurpP --minimal linux-2.6.35.4/arch/frv/kernel/kernel_thread.S linux-2.6.35.4-vs2.3.0.36.32/arch/frv/kernel/kernel_thread.S
---- linux-2.6.35.4/arch/frv/kernel/kernel_thread.S 2008-12-25 00:26:37.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/arch/frv/kernel/kernel_thread.S 2010-08-02 17:05:05.000000000 +0200
-@@ -37,7 +37,7 @@ kernel_thread:
-
- # start by forking the current process, but with shared VM
- setlos.p #__NR_clone,gr7 ; syscall number
-- ori gr10,#CLONE_VM,gr8 ; first syscall arg [clone_flags]
-+ ori gr10,#CLONE_KT,gr8 ; first syscall arg [clone_flags]
- sethi.p #0xe4e4,gr9 ; second syscall arg [newsp]
- setlo #0xe4e4,gr9
- setlos.p #0,gr10 ; third syscall arg [parent_tidptr]
-diff -NurpP --minimal linux-2.6.35.4/arch/h8300/Kconfig linux-2.6.35.4-vs2.3.0.36.32/arch/h8300/Kconfig
---- linux-2.6.35.4/arch/h8300/Kconfig 2010-02-25 11:51:26.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/arch/h8300/Kconfig 2010-08-02 17:05:05.000000000 +0200
-@@ -230,6 +230,8 @@ source "fs/Kconfig"
+diff -NurpP --minimal linux-3.9.4/arch/h8300/Kconfig linux-3.9.4-vs2.3.6.2/arch/h8300/Kconfig
+--- linux-3.9.4/arch/h8300/Kconfig 2013-05-31 13:44:38.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/arch/h8300/Kconfig 2013-05-31 14:47:11.000000000 +0000
+@@ -221,6 +221,8 @@ source "fs/Kconfig"
source "arch/h8300/Kconfig.debug"
source "security/Kconfig"
source "crypto/Kconfig"
-diff -NurpP --minimal linux-2.6.35.4/arch/ia64/include/asm/tlb.h linux-2.6.35.4-vs2.3.0.36.32/arch/ia64/include/asm/tlb.h
---- linux-2.6.35.4/arch/ia64/include/asm/tlb.h 2010-02-25 11:51:26.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/arch/ia64/include/asm/tlb.h 2010-08-02 17:05:05.000000000 +0200
-@@ -40,6 +40,7 @@
- #include <linux/mm.h>
- #include <linux/pagemap.h>
- #include <linux/swap.h>
-+#include <linux/vs_memory.h>
-
- #include <asm/pgalloc.h>
- #include <asm/processor.h>
-diff -NurpP --minimal linux-2.6.35.4/arch/ia64/Kconfig linux-2.6.35.4-vs2.3.0.36.32/arch/ia64/Kconfig
---- linux-2.6.35.4/arch/ia64/Kconfig 2010-08-02 16:52:03.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/arch/ia64/Kconfig 2010-08-02 17:05:05.000000000 +0200
-@@ -676,6 +676,8 @@ source "fs/Kconfig"
+diff -NurpP --minimal linux-3.9.4/arch/ia64/Kconfig linux-3.9.4-vs2.3.6.2/arch/ia64/Kconfig
+--- linux-3.9.4/arch/ia64/Kconfig 2013-05-31 13:44:38.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/arch/ia64/Kconfig 2013-05-31 14:47:11.000000000 +0000
+@@ -645,6 +645,8 @@ source "fs/Kconfig"
source "arch/ia64/Kconfig.debug"
source "security/Kconfig"
source "crypto/Kconfig"
-diff -NurpP --minimal linux-2.6.35.4/arch/ia64/kernel/entry.S linux-2.6.35.4-vs2.3.0.36.32/arch/ia64/kernel/entry.S
---- linux-2.6.35.4/arch/ia64/kernel/entry.S 2010-07-07 18:31:01.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/arch/ia64/kernel/entry.S 2010-08-02 17:05:05.000000000 +0200
-@@ -1714,7 +1714,7 @@ sys_call_table:
+diff -NurpP --minimal linux-3.9.4/arch/ia64/kernel/entry.S linux-3.9.4-vs2.3.6.2/arch/ia64/kernel/entry.S
+--- linux-3.9.4/arch/ia64/kernel/entry.S 2013-05-31 13:44:38.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/arch/ia64/kernel/entry.S 2013-05-31 14:47:11.000000000 +0000
+@@ -1719,7 +1719,7 @@ sys_call_table:
data8 sys_mq_notify
data8 sys_mq_getsetattr
data8 sys_kexec_load
data8 sys_waitid // 1270
data8 sys_add_key
data8 sys_request_key
-diff -NurpP --minimal linux-2.6.35.4/arch/ia64/kernel/perfmon.c linux-2.6.35.4-vs2.3.0.36.32/arch/ia64/kernel/perfmon.c
---- linux-2.6.35.4/arch/ia64/kernel/perfmon.c 2010-07-07 18:31:01.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/arch/ia64/kernel/perfmon.c 2010-08-02 17:05:05.000000000 +0200
-@@ -42,6 +42,7 @@
- #include <linux/completion.h>
- #include <linux/tracehook.h>
- #include <linux/slab.h>
-+#include <linux/vs_memory.h>
-
- #include <asm/errno.h>
- #include <asm/intrinsics.h>
-diff -NurpP --minimal linux-2.6.35.4/arch/ia64/kernel/process.c linux-2.6.35.4-vs2.3.0.36.32/arch/ia64/kernel/process.c
---- linux-2.6.35.4/arch/ia64/kernel/process.c 2010-07-07 18:31:01.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/arch/ia64/kernel/process.c 2010-08-02 17:05:05.000000000 +0200
-@@ -113,8 +113,8 @@ show_regs (struct pt_regs *regs)
+diff -NurpP --minimal linux-3.9.4/arch/ia64/kernel/process.c linux-3.9.4-vs2.3.6.2/arch/ia64/kernel/process.c
+--- linux-3.9.4/arch/ia64/kernel/process.c 2013-05-31 13:44:38.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/arch/ia64/kernel/process.c 2013-05-31 14:47:11.000000000 +0000
+@@ -109,8 +109,8 @@ show_regs (struct pt_regs *regs)
unsigned long ip = regs->cr_iip + ia64_psr(regs)->ri;
print_modules();
printk("psr : %016lx ifs : %016lx ip : [<%016lx>] %s (%s)\n",
regs->cr_ipsr, regs->cr_ifs, ip, print_tainted(),
init_utsname()->release);
-diff -NurpP --minimal linux-2.6.35.4/arch/ia64/kernel/ptrace.c linux-2.6.35.4-vs2.3.0.36.32/arch/ia64/kernel/ptrace.c
---- linux-2.6.35.4/arch/ia64/kernel/ptrace.c 2010-08-02 16:52:04.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/arch/ia64/kernel/ptrace.c 2010-08-02 17:05:05.000000000 +0200
+diff -NurpP --minimal linux-3.9.4/arch/ia64/kernel/ptrace.c linux-3.9.4-vs2.3.6.2/arch/ia64/kernel/ptrace.c
+--- linux-3.9.4/arch/ia64/kernel/ptrace.c 2013-02-19 13:56:51.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/arch/ia64/kernel/ptrace.c 2013-05-31 14:47:11.000000000 +0000
@@ -21,6 +21,7 @@
#include <linux/regset.h>
#include <linux/elf.h>
#include <asm/pgtable.h>
#include <asm/processor.h>
-diff -NurpP --minimal linux-2.6.35.4/arch/ia64/kernel/traps.c linux-2.6.35.4-vs2.3.0.36.32/arch/ia64/kernel/traps.c
---- linux-2.6.35.4/arch/ia64/kernel/traps.c 2010-07-07 18:31:01.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/arch/ia64/kernel/traps.c 2010-08-02 17:05:05.000000000 +0200
-@@ -59,8 +59,9 @@ die (const char *str, struct pt_regs *re
+diff -NurpP --minimal linux-3.9.4/arch/ia64/kernel/traps.c linux-3.9.4-vs2.3.6.2/arch/ia64/kernel/traps.c
+--- linux-3.9.4/arch/ia64/kernel/traps.c 2013-05-31 13:44:38.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/arch/ia64/kernel/traps.c 2013-05-31 14:47:11.000000000 +0000
+@@ -60,8 +60,9 @@ die (const char *str, struct pt_regs *re
put_cpu();
if (++die.lock_owner_depth < 3) {
if (notify_die(DIE_OOPS, str, regs, err, 255, SIGSEGV)
!= NOTIFY_STOP)
show_regs(regs);
-@@ -323,8 +324,9 @@ handle_fpu_swa (int fp_fault, struct pt_
+@@ -324,8 +325,9 @@ handle_fpu_swa (int fp_fault, struct pt_
if ((last.count & 15) < 5 && (ia64_fetchadd(1, &last.count, acq) & 15) < 5) {
last.time = current_jiffies + 5 * HZ;
printk(KERN_WARNING
}
}
}
-diff -NurpP --minimal linux-2.6.35.4/arch/ia64/mm/fault.c linux-2.6.35.4-vs2.3.0.36.32/arch/ia64/mm/fault.c
---- linux-2.6.35.4/arch/ia64/mm/fault.c 2010-08-02 16:52:04.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/arch/ia64/mm/fault.c 2010-08-02 17:05:05.000000000 +0200
-@@ -10,6 +10,7 @@
- #include <linux/interrupt.h>
- #include <linux/kprobes.h>
- #include <linux/kdebug.h>
-+#include <linux/vs_memory.h>
-
- #include <asm/pgtable.h>
- #include <asm/processor.h>
-diff -NurpP --minimal linux-2.6.35.4/arch/m32r/kernel/traps.c linux-2.6.35.4-vs2.3.0.36.32/arch/m32r/kernel/traps.c
---- linux-2.6.35.4/arch/m32r/kernel/traps.c 2009-12-03 20:01:57.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/arch/m32r/kernel/traps.c 2010-08-02 17:05:05.000000000 +0200
-@@ -196,8 +196,9 @@ static void show_registers(struct pt_reg
+diff -NurpP --minimal linux-3.9.4/arch/m32r/kernel/traps.c linux-3.9.4-vs2.3.6.2/arch/m32r/kernel/traps.c
+--- linux-3.9.4/arch/m32r/kernel/traps.c 2012-12-11 03:30:57.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/arch/m32r/kernel/traps.c 2013-05-31 14:47:11.000000000 +0000
+@@ -195,8 +195,9 @@ static void show_registers(struct pt_reg
} else {
printk("SPI: %08lx\n", sp);
}
/*
* When in-kernel, we also print out the stack and code at the
-diff -NurpP --minimal linux-2.6.35.4/arch/m68k/Kconfig linux-2.6.35.4-vs2.3.0.36.32/arch/m68k/Kconfig
---- linux-2.6.35.4/arch/m68k/Kconfig 2010-08-02 16:52:04.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/arch/m68k/Kconfig 2010-08-02 17:05:05.000000000 +0200
-@@ -619,6 +619,8 @@ source "fs/Kconfig"
+diff -NurpP --minimal linux-3.9.4/arch/m68k/Kconfig linux-3.9.4-vs2.3.6.2/arch/m68k/Kconfig
+--- linux-3.9.4/arch/m68k/Kconfig 2013-05-31 13:44:38.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/arch/m68k/Kconfig 2013-05-31 14:47:11.000000000 +0000
+@@ -137,6 +137,8 @@ source "fs/Kconfig"
source "arch/m68k/Kconfig.debug"
source "security/Kconfig"
source "crypto/Kconfig"
-diff -NurpP --minimal linux-2.6.35.4/arch/m68k/kernel/ptrace.c linux-2.6.35.4-vs2.3.0.36.32/arch/m68k/kernel/ptrace.c
---- linux-2.6.35.4/arch/m68k/kernel/ptrace.c 2010-07-07 18:31:02.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/arch/m68k/kernel/ptrace.c 2010-08-02 17:05:05.000000000 +0200
-@@ -18,6 +18,7 @@
- #include <linux/ptrace.h>
- #include <linux/user.h>
- #include <linux/signal.h>
-+#include <linux/vs_base.h>
-
- #include <asm/uaccess.h>
- #include <asm/page.h>
-@@ -254,6 +255,8 @@ long arch_ptrace(struct task_struct *chi
- ret = ptrace_request(child, request, addr, data);
- break;
- }
-+ if (!vx_check(vx_task_xid(child), VS_WATCH_P | VS_IDENT))
-+ goto out_tsk;
-
- return ret;
- out_eio:
-diff -NurpP --minimal linux-2.6.35.4/arch/m68k/kernel/traps.c linux-2.6.35.4-vs2.3.0.36.32/arch/m68k/kernel/traps.c
---- linux-2.6.35.4/arch/m68k/kernel/traps.c 2010-08-02 16:52:04.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/arch/m68k/kernel/traps.c 2010-08-02 17:05:05.000000000 +0200
-@@ -906,8 +906,8 @@ void show_registers(struct pt_regs *regs
- printk("d4: %08lx d5: %08lx a0: %08lx a1: %08lx\n",
- regs->d4, regs->d5, regs->a0, regs->a1);
-
-- printk("Process %s (pid: %d, task=%p)\n",
-- current->comm, task_pid_nr(current), current);
-+ printk("Process %s (pid: %d[#%u], task=%p)\n",
-+ current->comm, task_pid_nr(current), current->xid, current);
- addr = (unsigned long)&fp->un;
- printk("Frame format=%X ", regs->format);
- switch (regs->format) {
-diff -NurpP --minimal linux-2.6.35.4/arch/m68knommu/Kconfig linux-2.6.35.4-vs2.3.0.36.32/arch/m68knommu/Kconfig
---- linux-2.6.35.4/arch/m68knommu/Kconfig 2010-08-02 16:52:04.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/arch/m68knommu/Kconfig 2010-08-02 17:05:05.000000000 +0200
-@@ -734,6 +734,8 @@ source "fs/Kconfig"
-
- source "arch/m68knommu/Kconfig.debug"
-
-+source "kernel/vserver/Kconfig"
-+
- source "security/Kconfig"
-
- source "crypto/Kconfig"
-diff -NurpP --minimal linux-2.6.35.4/arch/m68knommu/kernel/traps.c linux-2.6.35.4-vs2.3.0.36.32/arch/m68knommu/kernel/traps.c
---- linux-2.6.35.4/arch/m68knommu/kernel/traps.c 2009-09-10 15:25:23.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/arch/m68knommu/kernel/traps.c 2010-08-02 17:05:05.000000000 +0200
-@@ -78,8 +78,9 @@ void die_if_kernel(char *str, struct pt_
- printk(KERN_EMERG "d4: %08lx d5: %08lx a0: %08lx a1: %08lx\n",
- fp->d4, fp->d5, fp->a0, fp->a1);
-
-- printk(KERN_EMERG "Process %s (pid: %d, stackpage=%08lx)\n",
-- current->comm, current->pid, PAGE_SIZE+(unsigned long)current);
-+ printk(KERN_EMERG "Process %s (pid: %d[#%u], stackpage=%08lx)\n",
-+ current->comm, task_pid_nr(current), current->xid,
-+ PAGE_SIZE+(unsigned long)current);
- show_stack(NULL, (unsigned long *)(fp + 1));
- add_taint(TAINT_DIE);
- do_exit(SIGSEGV);
-diff -NurpP --minimal linux-2.6.35.4/arch/mips/Kconfig linux-2.6.35.4-vs2.3.0.36.32/arch/mips/Kconfig
---- linux-2.6.35.4/arch/mips/Kconfig 2010-08-02 16:52:05.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/arch/mips/Kconfig 2010-08-02 17:05:05.000000000 +0200
-@@ -2253,6 +2253,8 @@ source "fs/Kconfig"
+diff -NurpP --minimal linux-3.9.4/arch/mips/Kconfig linux-3.9.4-vs2.3.6.2/arch/mips/Kconfig
+--- linux-3.9.4/arch/mips/Kconfig 2013-05-31 13:44:39.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/arch/mips/Kconfig 2013-05-31 14:47:11.000000000 +0000
+@@ -2550,6 +2550,8 @@ source "fs/Kconfig"
source "arch/mips/Kconfig.debug"
source "security/Kconfig"
source "crypto/Kconfig"
-diff -NurpP --minimal linux-2.6.35.4/arch/mips/kernel/ptrace.c linux-2.6.35.4-vs2.3.0.36.32/arch/mips/kernel/ptrace.c
---- linux-2.6.35.4/arch/mips/kernel/ptrace.c 2010-07-07 18:31:04.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/arch/mips/kernel/ptrace.c 2010-08-02 17:05:05.000000000 +0200
+diff -NurpP --minimal linux-3.9.4/arch/mips/kernel/ptrace.c linux-3.9.4-vs2.3.6.2/arch/mips/kernel/ptrace.c
+--- linux-3.9.4/arch/mips/kernel/ptrace.c 2013-05-31 13:44:42.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/arch/mips/kernel/ptrace.c 2013-05-31 14:47:11.000000000 +0000
@@ -25,6 +25,7 @@
#include <linux/security.h>
#include <linux/audit.h>
#include <asm/byteorder.h>
#include <asm/cpu.h>
-@@ -259,6 +260,9 @@ long arch_ptrace(struct task_struct *chi
- {
- int ret;
+@@ -262,6 +263,9 @@ long arch_ptrace(struct task_struct *chi
+ void __user *datavp = (void __user *) data;
+ unsigned long __user *datalp = (void __user *) data;
+ if (!vx_check(vx_task_xid(child), VS_WATCH_P | VS_IDENT))
+ goto out;
switch (request) {
/* when I and D space are separate, these will need to be fixed. */
case PTRACE_PEEKTEXT: /* read word at location addr. */
-diff -NurpP --minimal linux-2.6.35.4/arch/mips/kernel/scall32-o32.S linux-2.6.35.4-vs2.3.0.36.32/arch/mips/kernel/scall32-o32.S
---- linux-2.6.35.4/arch/mips/kernel/scall32-o32.S 2010-02-25 11:51:28.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/arch/mips/kernel/scall32-o32.S 2010-08-02 17:05:05.000000000 +0200
-@@ -525,7 +525,7 @@ einval: li v0, -ENOSYS
+diff -NurpP --minimal linux-3.9.4/arch/mips/kernel/scall32-o32.S linux-3.9.4-vs2.3.6.2/arch/mips/kernel/scall32-o32.S
+--- linux-3.9.4/arch/mips/kernel/scall32-o32.S 2013-05-31 13:44:42.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/arch/mips/kernel/scall32-o32.S 2013-05-31 14:47:11.000000000 +0000
+@@ -512,7 +512,7 @@ einval: li v0, -ENOSYS
sys sys_mq_timedreceive 5
sys sys_mq_notify 2 /* 4275 */
sys sys_mq_getsetattr 3
sys sys_waitid 5
sys sys_ni_syscall 0 /* available, was setaltroot */
sys sys_add_key 5 /* 4280 */
-diff -NurpP --minimal linux-2.6.35.4/arch/mips/kernel/scall64-64.S linux-2.6.35.4-vs2.3.0.36.32/arch/mips/kernel/scall64-64.S
---- linux-2.6.35.4/arch/mips/kernel/scall64-64.S 2010-02-25 11:51:28.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/arch/mips/kernel/scall64-64.S 2010-08-02 17:05:05.000000000 +0200
-@@ -362,7 +362,7 @@ sys_call_table:
+diff -NurpP --minimal linux-3.9.4/arch/mips/kernel/scall64-64.S linux-3.9.4-vs2.3.6.2/arch/mips/kernel/scall64-64.S
+--- linux-3.9.4/arch/mips/kernel/scall64-64.S 2013-05-31 13:44:42.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/arch/mips/kernel/scall64-64.S 2013-05-31 14:47:11.000000000 +0000
+@@ -351,7 +351,7 @@ sys_call_table:
PTR sys_mq_timedreceive
PTR sys_mq_notify
PTR sys_mq_getsetattr /* 5235 */
PTR sys_waitid
PTR sys_ni_syscall /* available, was setaltroot */
PTR sys_add_key
-diff -NurpP --minimal linux-2.6.35.4/arch/mips/kernel/scall64-n32.S linux-2.6.35.4-vs2.3.0.36.32/arch/mips/kernel/scall64-n32.S
---- linux-2.6.35.4/arch/mips/kernel/scall64-n32.S 2010-08-02 16:52:05.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/arch/mips/kernel/scall64-n32.S 2010-08-02 17:05:05.000000000 +0200
-@@ -360,7 +360,7 @@ EXPORT(sysn32_call_table)
+diff -NurpP --minimal linux-3.9.4/arch/mips/kernel/scall64-n32.S linux-3.9.4-vs2.3.6.2/arch/mips/kernel/scall64-n32.S
+--- linux-3.9.4/arch/mips/kernel/scall64-n32.S 2013-05-31 13:44:42.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/arch/mips/kernel/scall64-n32.S 2013-05-31 14:47:11.000000000 +0000
+@@ -344,7 +344,7 @@ EXPORT(sysn32_call_table)
PTR compat_sys_mq_timedreceive
PTR compat_sys_mq_notify
PTR compat_sys_mq_getsetattr
PTR compat_sys_waitid
PTR sys_ni_syscall /* available, was setaltroot */
PTR sys_add_key
-diff -NurpP --minimal linux-2.6.35.4/arch/mips/kernel/scall64-o32.S linux-2.6.35.4-vs2.3.0.36.32/arch/mips/kernel/scall64-o32.S
---- linux-2.6.35.4/arch/mips/kernel/scall64-o32.S 2010-07-07 18:31:04.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/arch/mips/kernel/scall64-o32.S 2010-08-02 17:05:05.000000000 +0200
-@@ -480,7 +480,7 @@ sys_call_table:
+diff -NurpP --minimal linux-3.9.4/arch/mips/kernel/scall64-o32.S linux-3.9.4-vs2.3.6.2/arch/mips/kernel/scall64-o32.S
+--- linux-3.9.4/arch/mips/kernel/scall64-o32.S 2013-05-31 13:44:42.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/arch/mips/kernel/scall64-o32.S 2013-05-31 15:07:53.000000000 +0000
+@@ -469,7 +469,7 @@ sys_call_table:
PTR compat_sys_mq_timedreceive
PTR compat_sys_mq_notify /* 4275 */
PTR compat_sys_mq_getsetattr
- PTR sys_ni_syscall /* sys_vserver */
+ PTR sys32_vserver
- PTR sys_32_waitid
+ PTR compat_sys_waitid
PTR sys_ni_syscall /* available, was setaltroot */
PTR sys_add_key /* 4280 */
-diff -NurpP --minimal linux-2.6.35.4/arch/mips/kernel/traps.c linux-2.6.35.4-vs2.3.0.36.32/arch/mips/kernel/traps.c
---- linux-2.6.35.4/arch/mips/kernel/traps.c 2010-08-02 16:52:05.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/arch/mips/kernel/traps.c 2010-08-02 17:05:05.000000000 +0200
-@@ -340,9 +340,10 @@ void show_registers(const struct pt_regs
+diff -NurpP --minimal linux-3.9.4/arch/mips/kernel/traps.c linux-3.9.4-vs2.3.6.2/arch/mips/kernel/traps.c
+--- linux-3.9.4/arch/mips/kernel/traps.c 2013-05-31 13:44:42.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/arch/mips/kernel/traps.c 2013-05-31 14:47:11.000000000 +0000
+@@ -348,9 +348,10 @@ void show_registers(struct pt_regs *regs
__show_regs(regs);
print_modules();
if (cpu_has_userlocal) {
unsigned long tls;
-diff -NurpP --minimal linux-2.6.35.4/arch/parisc/Kconfig linux-2.6.35.4-vs2.3.0.36.32/arch/parisc/Kconfig
---- linux-2.6.35.4/arch/parisc/Kconfig 2010-08-02 16:52:06.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/arch/parisc/Kconfig 2010-08-02 17:05:05.000000000 +0200
-@@ -299,6 +299,8 @@ source "fs/Kconfig"
+diff -NurpP --minimal linux-3.9.4/arch/parisc/Kconfig linux-3.9.4-vs2.3.6.2/arch/parisc/Kconfig
+--- linux-3.9.4/arch/parisc/Kconfig 2013-05-31 13:44:44.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/arch/parisc/Kconfig 2013-05-31 14:47:11.000000000 +0000
+@@ -308,6 +308,8 @@ source "fs/Kconfig"
source "arch/parisc/Kconfig.debug"
source "security/Kconfig"
source "crypto/Kconfig"
-diff -NurpP --minimal linux-2.6.35.4/arch/parisc/kernel/syscall_table.S linux-2.6.35.4-vs2.3.0.36.32/arch/parisc/kernel/syscall_table.S
---- linux-2.6.35.4/arch/parisc/kernel/syscall_table.S 2010-07-07 18:31:04.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/arch/parisc/kernel/syscall_table.S 2010-08-02 17:05:05.000000000 +0200
-@@ -361,7 +361,7 @@
+diff -NurpP --minimal linux-3.9.4/arch/parisc/kernel/syscall_table.S linux-3.9.4-vs2.3.6.2/arch/parisc/kernel/syscall_table.S
+--- linux-3.9.4/arch/parisc/kernel/syscall_table.S 2013-05-31 13:44:44.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/arch/parisc/kernel/syscall_table.S 2013-05-31 14:47:11.000000000 +0000
+@@ -358,7 +358,7 @@
ENTRY_COMP(mbind) /* 260 */
ENTRY_COMP(get_mempolicy)
ENTRY_COMP(set_mempolicy)
ENTRY_SAME(add_key)
ENTRY_SAME(request_key) /* 265 */
ENTRY_SAME(keyctl)
-diff -NurpP --minimal linux-2.6.35.4/arch/parisc/kernel/traps.c linux-2.6.35.4-vs2.3.0.36.32/arch/parisc/kernel/traps.c
---- linux-2.6.35.4/arch/parisc/kernel/traps.c 2009-09-10 15:25:40.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/arch/parisc/kernel/traps.c 2010-08-02 17:05:05.000000000 +0200
-@@ -236,8 +236,9 @@ void die_if_kernel(char *str, struct pt_
+diff -NurpP --minimal linux-3.9.4/arch/parisc/kernel/traps.c linux-3.9.4-vs2.3.6.2/arch/parisc/kernel/traps.c
+--- linux-3.9.4/arch/parisc/kernel/traps.c 2013-05-31 13:44:44.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/arch/parisc/kernel/traps.c 2013-05-31 14:47:11.000000000 +0000
+@@ -235,8 +235,9 @@ void die_if_kernel(char *str, struct pt_
if (err == 0)
return; /* STFU */
#ifdef PRINT_USER_FAULTS
/* XXX for debugging only */
show_regs(regs);
-@@ -270,8 +271,8 @@ void die_if_kernel(char *str, struct pt_
+@@ -269,8 +270,8 @@ void die_if_kernel(char *str, struct pt_
pdc_console_restart();
if (err)
/* Wot's wrong wif bein' racy? */
if (current->thread.flags & PARISC_KERNEL_DEATH) {
-diff -NurpP --minimal linux-2.6.35.4/arch/parisc/mm/fault.c linux-2.6.35.4-vs2.3.0.36.32/arch/parisc/mm/fault.c
---- linux-2.6.35.4/arch/parisc/mm/fault.c 2010-08-02 16:52:06.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/arch/parisc/mm/fault.c 2010-08-02 17:05:05.000000000 +0200
-@@ -237,8 +237,9 @@ bad_area:
+diff -NurpP --minimal linux-3.9.4/arch/parisc/mm/fault.c linux-3.9.4-vs2.3.6.2/arch/parisc/mm/fault.c
+--- linux-3.9.4/arch/parisc/mm/fault.c 2013-05-31 13:44:44.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/arch/parisc/mm/fault.c 2013-05-31 14:47:11.000000000 +0000
+@@ -257,8 +257,9 @@ bad_area:
#ifdef PRINT_USER_FAULTS
printk(KERN_DEBUG "\n");
if (vma) {
printk(KERN_DEBUG "vm_start = 0x%08lx, vm_end = 0x%08lx\n",
vma->vm_start, vma->vm_end);
-diff -NurpP --minimal linux-2.6.35.4/arch/powerpc/include/asm/unistd.h linux-2.6.35.4-vs2.3.0.36.32/arch/powerpc/include/asm/unistd.h
---- linux-2.6.35.4/arch/powerpc/include/asm/unistd.h 2010-07-07 18:31:05.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/arch/powerpc/include/asm/unistd.h 2010-08-02 17:05:05.000000000 +0200
+diff -NurpP --minimal linux-3.9.4/arch/powerpc/Kconfig linux-3.9.4-vs2.3.6.2/arch/powerpc/Kconfig
+--- linux-3.9.4/arch/powerpc/Kconfig 2013-05-31 13:44:44.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/arch/powerpc/Kconfig 2013-05-31 14:47:11.000000000 +0000
+@@ -1027,6 +1027,8 @@ source "lib/Kconfig"
+
+ source "arch/powerpc/Kconfig.debug"
+
++source "kernel/vserver/Kconfig"
++
+ source "security/Kconfig"
+
+ config KEYS_COMPAT
+diff -NurpP --minimal linux-3.9.4/arch/powerpc/include/uapi/asm/unistd.h linux-3.9.4-vs2.3.6.2/arch/powerpc/include/uapi/asm/unistd.h
+--- linux-3.9.4/arch/powerpc/include/uapi/asm/unistd.h 2013-05-31 13:44:44.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/arch/powerpc/include/uapi/asm/unistd.h 2013-05-31 14:47:11.000000000 +0000
@@ -275,7 +275,7 @@
#endif
#define __NR_rtas 255
#define __NR_migrate_pages 258
#define __NR_mbind 259
#define __NR_get_mempolicy 260
-diff -NurpP --minimal linux-2.6.35.4/arch/powerpc/Kconfig linux-2.6.35.4-vs2.3.0.36.32/arch/powerpc/Kconfig
---- linux-2.6.35.4/arch/powerpc/Kconfig 2010-08-02 16:52:06.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/arch/powerpc/Kconfig 2010-08-02 17:05:05.000000000 +0200
-@@ -990,6 +990,8 @@ source "lib/Kconfig"
-
- source "arch/powerpc/Kconfig.debug"
-
-+source "kernel/vserver/Kconfig"
-+
- source "security/Kconfig"
-
- config KEYS_COMPAT
-diff -NurpP --minimal linux-2.6.35.4/arch/powerpc/kernel/process.c linux-2.6.35.4-vs2.3.0.36.32/arch/powerpc/kernel/process.c
---- linux-2.6.35.4/arch/powerpc/kernel/process.c 2010-08-02 16:52:07.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/arch/powerpc/kernel/process.c 2010-08-02 17:05:05.000000000 +0200
-@@ -605,8 +605,9 @@ void show_regs(struct pt_regs * regs)
+diff -NurpP --minimal linux-3.9.4/arch/powerpc/kernel/process.c linux-3.9.4-vs2.3.6.2/arch/powerpc/kernel/process.c
+--- linux-3.9.4/arch/powerpc/kernel/process.c 2013-05-31 13:44:44.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/arch/powerpc/kernel/process.c 2013-05-31 14:47:11.000000000 +0000
+@@ -850,8 +850,9 @@ void show_regs(struct pt_regs * regs)
#else
- printk("DAR: "REG", DSISR: "REG"\n", regs->dar, regs->dsisr);
+ printk("DAR: "REG", DSISR: %08lx\n", regs->dar, regs->dsisr);
#endif
- printk("TASK = %p[%d] '%s' THREAD: %p",
- current, task_pid_nr(current), current->comm, task_thread_info(current));
#ifdef CONFIG_SMP
printk(" CPU: %d", raw_smp_processor_id());
-diff -NurpP --minimal linux-2.6.35.4/arch/powerpc/kernel/traps.c linux-2.6.35.4-vs2.3.0.36.32/arch/powerpc/kernel/traps.c
---- linux-2.6.35.4/arch/powerpc/kernel/traps.c 2010-08-02 16:52:07.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/arch/powerpc/kernel/traps.c 2010-08-02 17:05:05.000000000 +0200
-@@ -1053,8 +1053,9 @@ void nonrecoverable_exception(struct pt_
+diff -NurpP --minimal linux-3.9.4/arch/powerpc/kernel/traps.c linux-3.9.4-vs2.3.6.2/arch/powerpc/kernel/traps.c
+--- linux-3.9.4/arch/powerpc/kernel/traps.c 2013-05-31 14:22:26.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/arch/powerpc/kernel/traps.c 2013-05-31 14:47:11.000000000 +0000
+@@ -1167,8 +1167,9 @@ void nonrecoverable_exception(struct pt_
void trace_syscall(struct pt_regs *regs)
{
regs->ccr&0x10000000?"Error=":"", regs->gpr[3], print_tainted());
}
-diff -NurpP --minimal linux-2.6.35.4/arch/powerpc/kernel/vdso.c linux-2.6.35.4-vs2.3.0.36.32/arch/powerpc/kernel/vdso.c
---- linux-2.6.35.4/arch/powerpc/kernel/vdso.c 2010-08-02 16:52:07.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/arch/powerpc/kernel/vdso.c 2010-08-02 17:43:41.000000000 +0200
-@@ -23,6 +23,7 @@
- #include <linux/security.h>
- #include <linux/bootmem.h>
- #include <linux/memblock.h>
-+#include <linux/vs_memory.h>
+diff -NurpP --minimal linux-3.9.4/arch/s390/Kconfig linux-3.9.4-vs2.3.6.2/arch/s390/Kconfig
+--- linux-3.9.4/arch/s390/Kconfig 2013-05-31 13:44:45.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/arch/s390/Kconfig 2013-05-31 14:47:11.000000000 +0000
+@@ -592,6 +592,8 @@ source "fs/Kconfig"
- #include <asm/pgtable.h>
- #include <asm/system.h>
-diff -NurpP --minimal linux-2.6.35.4/arch/s390/include/asm/tlb.h linux-2.6.35.4-vs2.3.0.36.32/arch/s390/include/asm/tlb.h
---- linux-2.6.35.4/arch/s390/include/asm/tlb.h 2009-09-10 15:25:43.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/arch/s390/include/asm/tlb.h 2010-08-02 17:05:05.000000000 +0200
-@@ -23,6 +23,8 @@
+ source "arch/s390/Kconfig.debug"
+
++source "kernel/vserver/Kconfig"
++
+ source "security/Kconfig"
+ source "crypto/Kconfig"
+diff -NurpP --minimal linux-3.9.4/arch/s390/include/asm/tlb.h linux-3.9.4-vs2.3.6.2/arch/s390/include/asm/tlb.h
+--- linux-3.9.4/arch/s390/include/asm/tlb.h 2012-12-11 03:30:57.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/arch/s390/include/asm/tlb.h 2013-05-31 14:47:11.000000000 +0000
+@@ -24,6 +24,7 @@
#include <linux/mm.h>
+ #include <linux/pagemap.h>
#include <linux/swap.h>
-+#include <linux/vs_memory.h>
+
#include <asm/processor.h>
#include <asm/pgalloc.h>
- #include <asm/smp.h>
-diff -NurpP --minimal linux-2.6.35.4/arch/s390/include/asm/unistd.h linux-2.6.35.4-vs2.3.0.36.32/arch/s390/include/asm/unistd.h
---- linux-2.6.35.4/arch/s390/include/asm/unistd.h 2010-07-07 18:31:06.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/arch/s390/include/asm/unistd.h 2010-08-02 17:05:05.000000000 +0200
-@@ -202,7 +202,7 @@
+ #include <asm/tlbflush.h>
+diff -NurpP --minimal linux-3.9.4/arch/s390/include/uapi/asm/unistd.h linux-3.9.4-vs2.3.6.2/arch/s390/include/uapi/asm/unistd.h
+--- linux-3.9.4/arch/s390/include/uapi/asm/unistd.h 2013-02-19 13:57:16.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/arch/s390/include/uapi/asm/unistd.h 2013-05-31 14:47:11.000000000 +0000
+@@ -200,7 +200,7 @@
#define __NR_clock_gettime (__NR_timer_create+6)
#define __NR_clock_getres (__NR_timer_create+7)
#define __NR_clock_nanosleep (__NR_timer_create+8)
#define __NR_statfs64 265
#define __NR_fstatfs64 266
#define __NR_remap_file_pages 267
-diff -NurpP --minimal linux-2.6.35.4/arch/s390/Kconfig linux-2.6.35.4-vs2.3.0.36.32/arch/s390/Kconfig
---- linux-2.6.35.4/arch/s390/Kconfig 2010-08-02 16:52:08.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/arch/s390/Kconfig 2010-08-02 17:05:05.000000000 +0200
-@@ -623,6 +623,8 @@ source "fs/Kconfig"
-
- source "arch/s390/Kconfig.debug"
-
-+source "kernel/vserver/Kconfig"
-+
- source "security/Kconfig"
-
- source "crypto/Kconfig"
-diff -NurpP --minimal linux-2.6.35.4/arch/s390/kernel/ptrace.c linux-2.6.35.4-vs2.3.0.36.32/arch/s390/kernel/ptrace.c
---- linux-2.6.35.4/arch/s390/kernel/ptrace.c 2010-08-02 16:52:09.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/arch/s390/kernel/ptrace.c 2010-08-02 17:05:05.000000000 +0200
-@@ -36,6 +36,7 @@
- #include <linux/regset.h>
+diff -NurpP --minimal linux-3.9.4/arch/s390/kernel/ptrace.c linux-3.9.4-vs2.3.6.2/arch/s390/kernel/ptrace.c
+--- linux-3.9.4/arch/s390/kernel/ptrace.c 2012-12-11 03:30:57.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/arch/s390/kernel/ptrace.c 2013-05-31 14:47:11.000000000 +0000
+@@ -21,6 +21,7 @@
#include <linux/tracehook.h>
#include <linux/seccomp.h>
+ #include <linux/compat.h>
+#include <linux/vs_base.h>
#include <trace/syscall.h>
- #include <asm/compat.h>
#include <asm/segment.h>
-diff -NurpP --minimal linux-2.6.35.4/arch/s390/kernel/syscalls.S linux-2.6.35.4-vs2.3.0.36.32/arch/s390/kernel/syscalls.S
---- linux-2.6.35.4/arch/s390/kernel/syscalls.S 2010-07-07 18:31:07.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/arch/s390/kernel/syscalls.S 2010-08-02 17:05:05.000000000 +0200
+ #include <asm/page.h>
+diff -NurpP --minimal linux-3.9.4/arch/s390/kernel/syscalls.S linux-3.9.4-vs2.3.6.2/arch/s390/kernel/syscalls.S
+--- linux-3.9.4/arch/s390/kernel/syscalls.S 2013-05-31 13:44:45.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/arch/s390/kernel/syscalls.S 2013-05-31 14:47:11.000000000 +0000
@@ -271,7 +271,7 @@ SYSCALL(sys_clock_settime,sys_clock_sett
SYSCALL(sys_clock_gettime,sys_clock_gettime,sys32_clock_gettime_wrapper) /* 260 */
SYSCALL(sys_clock_getres,sys_clock_getres,sys32_clock_getres_wrapper)
SYSCALL(sys_s390_fadvise64_64,sys_ni_syscall,sys32_fadvise64_64_wrapper)
SYSCALL(sys_statfs64,sys_statfs64,compat_sys_statfs64_wrapper)
SYSCALL(sys_fstatfs64,sys_fstatfs64,compat_sys_fstatfs64_wrapper)
-diff -NurpP --minimal linux-2.6.35.4/arch/sh/Kconfig linux-2.6.35.4-vs2.3.0.36.32/arch/sh/Kconfig
---- linux-2.6.35.4/arch/sh/Kconfig 2010-08-02 16:52:09.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/arch/sh/Kconfig 2010-08-02 17:05:05.000000000 +0200
-@@ -881,6 +881,8 @@ source "fs/Kconfig"
+diff -NurpP --minimal linux-3.9.4/arch/sh/Kconfig linux-3.9.4-vs2.3.6.2/arch/sh/Kconfig
+--- linux-3.9.4/arch/sh/Kconfig 2013-05-31 13:44:45.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/arch/sh/Kconfig 2013-05-31 14:47:11.000000000 +0000
+@@ -951,6 +951,8 @@ source "fs/Kconfig"
source "arch/sh/Kconfig.debug"
source "security/Kconfig"
source "crypto/Kconfig"
-diff -NurpP --minimal linux-2.6.35.4/arch/sh/kernel/irq.c linux-2.6.35.4-vs2.3.0.36.32/arch/sh/kernel/irq.c
---- linux-2.6.35.4/arch/sh/kernel/irq.c 2010-08-02 16:52:10.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/arch/sh/kernel/irq.c 2010-08-02 17:41:50.000000000 +0200
-@@ -13,6 +13,7 @@
- #include <linux/seq_file.h>
+diff -NurpP --minimal linux-3.9.4/arch/sh/kernel/irq.c linux-3.9.4-vs2.3.6.2/arch/sh/kernel/irq.c
+--- linux-3.9.4/arch/sh/kernel/irq.c 2012-12-11 03:30:57.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/arch/sh/kernel/irq.c 2013-05-31 14:47:11.000000000 +0000
+@@ -14,6 +14,7 @@
#include <linux/ftrace.h>
#include <linux/delay.h>
+ #include <linux/ratelimit.h>
+// #include <linux/vs_context.h>
#include <asm/processor.h>
#include <asm/machvec.h>
#include <asm/uaccess.h>
-diff -NurpP --minimal linux-2.6.35.4/arch/sh/kernel/vsyscall/vsyscall.c linux-2.6.35.4-vs2.3.0.36.32/arch/sh/kernel/vsyscall/vsyscall.c
---- linux-2.6.35.4/arch/sh/kernel/vsyscall/vsyscall.c 2010-07-07 18:31:10.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/arch/sh/kernel/vsyscall/vsyscall.c 2010-08-02 17:05:05.000000000 +0200
-@@ -18,6 +18,7 @@
- #include <linux/elf.h>
- #include <linux/sched.h>
- #include <linux/err.h>
-+#include <linux/vs_memory.h>
+diff -NurpP --minimal linux-3.9.4/arch/sparc/Kconfig linux-3.9.4-vs2.3.6.2/arch/sparc/Kconfig
+--- linux-3.9.4/arch/sparc/Kconfig 2013-05-31 13:44:47.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/arch/sparc/Kconfig 2013-05-31 14:47:11.000000000 +0000
+@@ -559,6 +559,8 @@ source "fs/Kconfig"
- /*
- * Should the kernel map a VDSO page into processes and pass its
-diff -NurpP --minimal linux-2.6.35.4/arch/sparc/include/asm/tlb_64.h linux-2.6.35.4-vs2.3.0.36.32/arch/sparc/include/asm/tlb_64.h
---- linux-2.6.35.4/arch/sparc/include/asm/tlb_64.h 2009-09-10 15:25:45.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/arch/sparc/include/asm/tlb_64.h 2010-08-02 17:05:05.000000000 +0200
-@@ -3,6 +3,7 @@
+ source "arch/sparc/Kconfig.debug"
- #include <linux/swap.h>
- #include <linux/pagemap.h>
-+#include <linux/vs_memory.h>
- #include <asm/pgalloc.h>
- #include <asm/tlbflush.h>
- #include <asm/mmu_context.h>
-diff -NurpP --minimal linux-2.6.35.4/arch/sparc/include/asm/unistd.h linux-2.6.35.4-vs2.3.0.36.32/arch/sparc/include/asm/unistd.h
---- linux-2.6.35.4/arch/sparc/include/asm/unistd.h 2010-07-07 18:31:10.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/arch/sparc/include/asm/unistd.h 2010-08-02 17:05:05.000000000 +0200
-@@ -335,7 +335,7 @@
- #define __NR_timer_getoverrun 264
++source "kernel/vserver/Kconfig"
++
+ source "security/Kconfig"
+
+ source "crypto/Kconfig"
+diff -NurpP --minimal linux-3.9.4/arch/sparc/include/uapi/asm/unistd.h linux-3.9.4-vs2.3.6.2/arch/sparc/include/uapi/asm/unistd.h
+--- linux-3.9.4/arch/sparc/include/uapi/asm/unistd.h 2013-02-19 13:57:17.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/arch/sparc/include/uapi/asm/unistd.h 2013-05-31 14:47:11.000000000 +0000
+@@ -332,7 +332,7 @@
+ #define __NR_timer_getoverrun 264
#define __NR_timer_delete 265
#define __NR_timer_create 266
-/* #define __NR_vserver 267 Reserved for VSERVER */
#define __NR_io_setup 268
#define __NR_io_destroy 269
#define __NR_io_submit 270
-diff -NurpP --minimal linux-2.6.35.4/arch/sparc/Kconfig linux-2.6.35.4-vs2.3.0.36.32/arch/sparc/Kconfig
---- linux-2.6.35.4/arch/sparc/Kconfig 2010-08-02 16:52:10.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/arch/sparc/Kconfig 2010-08-02 17:05:05.000000000 +0200
-@@ -570,6 +570,8 @@ source "fs/Kconfig"
-
- source "arch/sparc/Kconfig.debug"
-
-+source "kernel/vserver/Kconfig"
-+
- source "security/Kconfig"
-
- source "crypto/Kconfig"
-diff -NurpP --minimal linux-2.6.35.4/arch/sparc/kernel/systbls_32.S linux-2.6.35.4-vs2.3.0.36.32/arch/sparc/kernel/systbls_32.S
---- linux-2.6.35.4/arch/sparc/kernel/systbls_32.S 2010-02-25 11:51:34.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/arch/sparc/kernel/systbls_32.S 2010-08-02 17:05:05.000000000 +0200
+diff -NurpP --minimal linux-3.9.4/arch/sparc/kernel/systbls_32.S linux-3.9.4-vs2.3.6.2/arch/sparc/kernel/systbls_32.S
+--- linux-3.9.4/arch/sparc/kernel/systbls_32.S 2013-05-31 13:44:48.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/arch/sparc/kernel/systbls_32.S 2013-05-31 14:47:11.000000000 +0000
@@ -70,7 +70,7 @@ sys_call_table:
- /*250*/ .long sys_mremap, sys_sysctl, sys_getsid, sys_fdatasync, sys_nfsservctl
+ /*250*/ .long sys_mremap, sys_sysctl, sys_getsid, sys_fdatasync, sys_ni_syscall
/*255*/ .long sys_sync_file_range, sys_clock_settime, sys_clock_gettime, sys_clock_getres, sys_clock_nanosleep
/*260*/ .long sys_sched_getaffinity, sys_sched_setaffinity, sys_timer_settime, sys_timer_gettime, sys_timer_getoverrun
-/*265*/ .long sys_timer_delete, sys_timer_create, sys_nis_syscall, sys_io_setup, sys_io_destroy
/*270*/ .long sys_io_submit, sys_io_cancel, sys_io_getevents, sys_mq_open, sys_mq_unlink
/*275*/ .long sys_mq_timedsend, sys_mq_timedreceive, sys_mq_notify, sys_mq_getsetattr, sys_waitid
/*280*/ .long sys_tee, sys_add_key, sys_request_key, sys_keyctl, sys_openat
-diff -NurpP --minimal linux-2.6.35.4/arch/sparc/kernel/systbls_64.S linux-2.6.35.4-vs2.3.0.36.32/arch/sparc/kernel/systbls_64.S
---- linux-2.6.35.4/arch/sparc/kernel/systbls_64.S 2010-07-07 18:31:10.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/arch/sparc/kernel/systbls_64.S 2010-08-02 17:05:05.000000000 +0200
+diff -NurpP --minimal linux-3.9.4/arch/sparc/kernel/systbls_64.S linux-3.9.4-vs2.3.6.2/arch/sparc/kernel/systbls_64.S
+--- linux-3.9.4/arch/sparc/kernel/systbls_64.S 2013-05-31 13:44:48.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/arch/sparc/kernel/systbls_64.S 2013-05-31 14:47:11.000000000 +0000
@@ -71,7 +71,7 @@ sys_call_table32:
- /*250*/ .word sys_mremap, compat_sys_sysctl, sys32_getsid, sys_fdatasync, sys32_nfsservctl
+ /*250*/ .word sys_mremap, compat_sys_sysctl, sys_getsid, sys_fdatasync, sys_nis_syscall
.word sys32_sync_file_range, compat_sys_clock_settime, compat_sys_clock_gettime, compat_sys_clock_getres, sys32_clock_nanosleep
/*260*/ .word compat_sys_sched_getaffinity, compat_sys_sched_setaffinity, sys32_timer_settime, compat_sys_timer_gettime, sys_timer_getoverrun
- .word sys_timer_delete, compat_sys_timer_create, sys_ni_syscall, compat_sys_io_setup, sys_io_destroy
+ .word sys_timer_delete, compat_sys_timer_create, sys32_vserver, compat_sys_io_setup, sys_io_destroy
/*270*/ .word sys32_io_submit, sys_io_cancel, compat_sys_io_getevents, sys32_mq_open, sys_mq_unlink
.word compat_sys_mq_timedsend, compat_sys_mq_timedreceive, compat_sys_mq_notify, compat_sys_mq_getsetattr, compat_sys_waitid
- /*280*/ .word sys32_tee, sys_add_key, sys_request_key, sys_keyctl, compat_sys_openat
-@@ -146,7 +146,7 @@ sys_call_table:
- /*250*/ .word sys_64_mremap, sys_sysctl, sys_getsid, sys_fdatasync, sys_nfsservctl
+ /*280*/ .word sys_tee, sys_add_key, sys_request_key, compat_sys_keyctl, compat_sys_openat
+@@ -149,7 +149,7 @@ sys_call_table:
+ /*250*/ .word sys_64_mremap, sys_sysctl, sys_getsid, sys_fdatasync, sys_nis_syscall
.word sys_sync_file_range, sys_clock_settime, sys_clock_gettime, sys_clock_getres, sys_clock_nanosleep
/*260*/ .word sys_sched_getaffinity, sys_sched_setaffinity, sys_timer_settime, sys_timer_gettime, sys_timer_getoverrun
- .word sys_timer_delete, sys_timer_create, sys_ni_syscall, sys_io_setup, sys_io_destroy
/*270*/ .word sys_io_submit, sys_io_cancel, sys_io_getevents, sys_mq_open, sys_mq_unlink
.word sys_mq_timedsend, sys_mq_timedreceive, sys_mq_notify, sys_mq_getsetattr, sys_waitid
/*280*/ .word sys_tee, sys_add_key, sys_request_key, sys_keyctl, sys_openat
-diff -NurpP --minimal linux-2.6.35.4/arch/um/include/asm/tlb.h linux-2.6.35.4-vs2.3.0.36.32/arch/um/include/asm/tlb.h
---- linux-2.6.35.4/arch/um/include/asm/tlb.h 2009-09-10 15:25:46.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/arch/um/include/asm/tlb.h 2010-08-02 17:05:05.000000000 +0200
-@@ -3,6 +3,7 @@
-
- #include <linux/pagemap.h>
- #include <linux/swap.h>
-+#include <linux/vs_memory.h>
- #include <asm/percpu.h>
- #include <asm/pgalloc.h>
- #include <asm/tlbflush.h>
-diff -NurpP --minimal linux-2.6.35.4/arch/um/include/shared/kern_constants.h linux-2.6.35.4-vs2.3.0.36.32/arch/um/include/shared/kern_constants.h
---- linux-2.6.35.4/arch/um/include/shared/kern_constants.h 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/arch/um/include/shared/kern_constants.h 2010-08-02 17:05:05.000000000 +0200
-@@ -0,0 +1 @@
-+#include "../../../../include/generated/asm-offsets.h"
-diff -NurpP --minimal linux-2.6.35.4/arch/um/include/shared/user_constants.h linux-2.6.35.4-vs2.3.0.36.32/arch/um/include/shared/user_constants.h
---- linux-2.6.35.4/arch/um/include/shared/user_constants.h 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/arch/um/include/shared/user_constants.h 2010-08-02 17:05:05.000000000 +0200
-@@ -0,0 +1,40 @@
-+/*
-+ * DO NOT MODIFY.
-+ *
-+ * This file was generated by arch/um/Makefile
-+ *
-+ */
-+
-+#define HOST_SC_CR2 176 /* offsetof(struct sigcontext, cr2) # */
-+#define HOST_SC_ERR 152 /* offsetof(struct sigcontext, err) # */
-+#define HOST_SC_TRAPNO 160 /* offsetof(struct sigcontext, trapno) # */
-+#define HOST_FP_SIZE 64 /* sizeof(struct _fpstate) / sizeof(unsigned long) # */
-+#define HOST_RBX 5 /* RBX # */
-+#define HOST_RCX 11 /* RCX # */
-+#define HOST_RDI 14 /* RDI # */
-+#define HOST_RSI 13 /* RSI # */
-+#define HOST_RDX 12 /* RDX # */
-+#define HOST_RBP 4 /* RBP # */
-+#define HOST_RAX 10 /* RAX # */
-+#define HOST_R8 9 /* R8 # */
-+#define HOST_R9 8 /* R9 # */
-+#define HOST_R10 7 /* R10 # */
-+#define HOST_R11 6 /* R11 # */
-+#define HOST_R12 3 /* R12 # */
-+#define HOST_R13 2 /* R13 # */
-+#define HOST_R14 1 /* R14 # */
-+#define HOST_R15 0 /* R15 # */
-+#define HOST_ORIG_RAX 15 /* ORIG_RAX # */
-+#define HOST_CS 17 /* CS # */
-+#define HOST_SS 20 /* SS # */
-+#define HOST_EFLAGS 18 /* EFLAGS # */
-+#define HOST_IP 16 /* RIP # */
-+#define HOST_SP 19 /* RSP # */
-+#define UM_FRAME_SIZE 216 /* sizeof(struct user_regs_struct) # */
-+#define UM_POLLIN 1 /* POLLIN # */
-+#define UM_POLLPRI 2 /* POLLPRI # */
-+#define UM_POLLOUT 4 /* POLLOUT # */
-+#define UM_PROT_READ 1 /* PROT_READ # */
-+#define UM_PROT_WRITE 2 /* PROT_WRITE # */
-+#define UM_PROT_EXEC 4 /* PROT_EXEC # */
-+
-diff -NurpP --minimal linux-2.6.35.4/arch/um/Kconfig.rest linux-2.6.35.4-vs2.3.0.36.32/arch/um/Kconfig.rest
---- linux-2.6.35.4/arch/um/Kconfig.rest 2009-06-11 17:12:19.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/arch/um/Kconfig.rest 2010-08-02 17:05:05.000000000 +0200
-@@ -18,6 +18,8 @@ source "drivers/connector/Kconfig"
+diff -NurpP --minimal linux-3.9.4/arch/um/Kconfig.rest linux-3.9.4-vs2.3.6.2/arch/um/Kconfig.rest
+--- linux-3.9.4/arch/um/Kconfig.rest 2012-12-11 03:30:57.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/arch/um/Kconfig.rest 2013-05-31 14:47:11.000000000 +0000
+@@ -12,6 +12,8 @@ source "arch/um/Kconfig.net"
source "fs/Kconfig"
source "security/Kconfig"
source "crypto/Kconfig"
-diff -NurpP --minimal linux-2.6.35.4/arch/x86/ia32/ia32entry.S linux-2.6.35.4-vs2.3.0.36.32/arch/x86/ia32/ia32entry.S
---- linux-2.6.35.4/arch/x86/ia32/ia32entry.S 2010-07-07 18:31:11.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/arch/x86/ia32/ia32entry.S 2010-08-02 17:05:05.000000000 +0200
-@@ -777,7 +777,7 @@ ia32_sys_call_table:
- .quad sys_tgkill /* 270 */
- .quad compat_sys_utimes
- .quad sys32_fadvise64_64
-- .quad quiet_ni_syscall /* sys_vserver */
-+ .quad sys32_vserver
- .quad sys_mbind
- .quad compat_sys_get_mempolicy /* 275 */
- .quad sys_set_mempolicy
-diff -NurpP --minimal linux-2.6.35.4/arch/x86/include/asm/unistd_64.h linux-2.6.35.4-vs2.3.0.36.32/arch/x86/include/asm/unistd_64.h
---- linux-2.6.35.4/arch/x86/include/asm/unistd_64.h 2010-07-07 18:31:11.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/arch/x86/include/asm/unistd_64.h 2010-08-02 17:05:05.000000000 +0200
-@@ -535,7 +535,7 @@ __SYSCALL(__NR_tgkill, sys_tgkill)
- #define __NR_utimes 235
- __SYSCALL(__NR_utimes, sys_utimes)
- #define __NR_vserver 236
--__SYSCALL(__NR_vserver, sys_ni_syscall)
-+__SYSCALL(__NR_vserver, sys_vserver)
- #define __NR_mbind 237
- __SYSCALL(__NR_mbind, sys_mbind)
- #define __NR_set_mempolicy 238
-diff -NurpP --minimal linux-2.6.35.4/arch/x86/Kconfig linux-2.6.35.4-vs2.3.0.36.32/arch/x86/Kconfig
---- linux-2.6.35.4/arch/x86/Kconfig 2010-09-05 01:41:56.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/arch/x86/Kconfig 2010-09-06 02:59:52.000000000 +0200
-@@ -2128,6 +2128,8 @@ source "fs/Kconfig"
+diff -NurpP --minimal linux-3.9.4/arch/x86/Kconfig linux-3.9.4-vs2.3.6.2/arch/x86/Kconfig
+--- linux-3.9.4/arch/x86/Kconfig 2013-05-31 14:22:26.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/arch/x86/Kconfig 2013-05-31 14:47:11.000000000 +0000
+@@ -2341,6 +2341,8 @@ source "fs/Kconfig"
source "arch/x86/Kconfig.debug"
source "security/Kconfig"
source "crypto/Kconfig"
-diff -NurpP --minimal linux-2.6.35.4/arch/x86/kernel/syscall_table_32.S linux-2.6.35.4-vs2.3.0.36.32/arch/x86/kernel/syscall_table_32.S
---- linux-2.6.35.4/arch/x86/kernel/syscall_table_32.S 2010-07-07 18:31:12.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/arch/x86/kernel/syscall_table_32.S 2010-08-02 17:05:05.000000000 +0200
-@@ -272,7 +272,7 @@ ENTRY(sys_call_table)
- .long sys_tgkill /* 270 */
- .long sys_utimes
- .long sys_fadvise64_64
-- .long sys_ni_syscall /* sys_vserver */
-+ .long sys_vserver
- .long sys_mbind
- .long sys_get_mempolicy
- .long sys_set_mempolicy
-diff -NurpP --minimal linux-2.6.35.4/Documentation/vserver/debug.txt linux-2.6.35.4-vs2.3.0.36.32/Documentation/vserver/debug.txt
---- linux-2.6.35.4/Documentation/vserver/debug.txt 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/Documentation/vserver/debug.txt 2010-08-02 17:05:05.000000000 +0200
-@@ -0,0 +1,154 @@
-+
-+debug_cvirt:
-+
-+ 2 4 "vx_map_tgid: %p/%llx: %d -> %d"
-+ "vx_rmap_tgid: %p/%llx: %d -> %d"
-+
-+debug_dlim:
-+
-+ 0 1 "ALLOC (%p,#%d)%c inode (%d)"
-+ "FREE (%p,#%d)%c inode"
-+ 1 2 "ALLOC (%p,#%d)%c %lld bytes (%d)"
-+ "FREE (%p,#%d)%c %lld bytes"
-+ 2 4 "ADJUST: %lld,%lld on %ld,%ld [mult=%d]"
-+ 3 8 "ext3_has_free_blocks(%p): %lu<%lu+1, %c, %u!=%u r=%d"
-+ "ext3_has_free_blocks(%p): free=%lu, root=%lu"
-+ "rcu_free_dl_info(%p)"
-+ 4 10 "alloc_dl_info(%p,%d) = %p"
-+ "dealloc_dl_info(%p)"
-+ "get_dl_info(%p[#%d.%d])"
-+ "put_dl_info(%p[#%d.%d])"
-+ 5 20 "alloc_dl_info(%p,%d)*"
-+ 6 40 "__hash_dl_info: %p[#%d]"
-+ "__unhash_dl_info: %p[#%d]"
-+ 7 80 "locate_dl_info(%p,#%d) = %p"
-+
-+debug_misc:
-+
-+ 0 1 "destroy_dqhash: %p [#0x%08x] c=%d"
-+ "new_dqhash: %p [#0x%08x]"
-+ "vroot[%d]_clr_dev: dev=%p[%lu,%d:%d]"
-+ "vroot[%d]_get_real_bdev: dev=%p[%lu,%d:%d]"
-+ "vroot[%d]_set_dev: dev=%p[%lu,%d:%d]"
-+ "vroot_get_real_bdev not set"
-+ 1 2 "cow_break_link(»%s«)"
-+ "temp copy »%s«"
-+ 2 4 "dentry_open(new): %p"
-+ "dentry_open(old): %p"
-+ "lookup_create(new): %p"
-+ "old path »%s«"
-+ "path_lookup(old): %d"
-+ "vfs_create(new): %d"
-+ "vfs_rename: %d"
-+ "vfs_sendfile: %d"
-+ 3 8 "fput(new_file=%p[#%d])"
-+ "fput(old_file=%p[#%d])"
-+ 4 10 "vx_info_kill(%p[#%d],%d,%d) = %d"
-+ "vx_info_kill(%p[#%d],%d,%d)*"
-+ 5 20 "vs_reboot(%p[#%d],%d)"
-+ 6 40 "dropping task %p[#%u,%u] for %p[#%u,%u]"
-+
-+debug_net:
-+
-+ 2 4 "nx_addr_conflict(%p,%p) %d.%d,%d.%d"
-+ 3 8 "inet_bind(%p) %d.%d.%d.%d, %d.%d.%d.%d, %d.%d.%d.%d"
-+ "inet_bind(%p)* %p,%p;%lx %d.%d.%d.%d"
-+ 4 10 "ip_route_connect(%p) %p,%p;%lx"
-+ 5 20 "__addr_in_socket(%p,%d.%d.%d.%d) %p:%d.%d.%d.%d %p;%lx"
-+ 6 40 "sk,egf: %p [#%d] (from %d)"
-+ "sk,egn: %p [#%d] (from %d)"
-+ "sk,req: %p [#%d] (from %d)"
-+ "sk: %p [#%d] (from %d)"
-+ "tw: %p [#%d] (from %d)"
-+ 7 80 "__sock_recvmsg: %p[%p,%p,%p;%d]:%d/%d"
-+ "__sock_sendmsg: %p[%p,%p,%p;%d]:%d/%d"
-+
-+debug_nid:
-+
-+ 0 1 "__lookup_nx_info(#%u): %p[#%u]"
-+ "alloc_nx_info(%d) = %p"
-+ "create_nx_info(%d) (dynamic rejected)"
-+ "create_nx_info(%d) = %p (already there)"
-+ "create_nx_info(%d) = %p (new)"
-+ "dealloc_nx_info(%p)"
-+ 1 2 "alloc_nx_info(%d)*"
-+ "create_nx_info(%d)*"
-+ 2 4 "get_nx_info(%p[#%d.%d])"
-+ "put_nx_info(%p[#%d.%d])"
-+ 3 8 "claim_nx_info(%p[#%d.%d.%d]) %p"
-+ "clr_nx_info(%p[#%d.%d])"
-+ "init_nx_info(%p[#%d.%d])"
-+ "release_nx_info(%p[#%d.%d.%d]) %p"
-+ "set_nx_info(%p[#%d.%d])"
-+ 4 10 "__hash_nx_info: %p[#%d]"
-+ "__nx_dynamic_id: [#%d]"
-+ "__unhash_nx_info: %p[#%d.%d.%d]"
-+ 5 20 "moved task %p into nxi:%p[#%d]"
-+ "nx_migrate_task(%p,%p[#%d.%d.%d])"
-+ "task_get_nx_info(%p)"
-+ 6 40 "nx_clear_persistent(%p[#%d])"
-+
-+debug_quota:
-+
-+ 0 1 "quota_sync_dqh(%p,%d) discard inode %p"
-+ 1 2 "quota_sync_dqh(%p,%d)"
-+ "sync_dquots(%p,%d)"
-+ "sync_dquots_dqh(%p,%d)"
-+ 3 8 "do_quotactl(%p,%d,cmd=%d,id=%d,%p)"
-+
-+debug_switch:
-+
-+ 0 1 "vc: VCMD_%02d_%d[%d], %d,%p [%d,%d,%x,%x]"
-+ 1 2 "vc: VCMD_%02d_%d[%d] = %08lx(%ld) [%d,%d]"
-+ 4 10 "%s: (%s %s) returned %s with %d"
-+
-+debug_tag:
-+
-+ 7 80 "dx_parse_tag(»%s«): %d:#%d"
-+ "dx_propagate_tag(%p[#%lu.%d]): %d,%d"
-+
-+debug_xid:
-+
-+ 0 1 "__lookup_vx_info(#%u): %p[#%u]"
-+ "alloc_vx_info(%d) = %p"
-+ "alloc_vx_info(%d)*"
-+ "create_vx_info(%d) (dynamic rejected)"
-+ "create_vx_info(%d) = %p (already there)"
-+ "create_vx_info(%d) = %p (new)"
-+ "dealloc_vx_info(%p)"
-+ "loc_vx_info(%d) = %p (found)"
-+ "loc_vx_info(%d) = %p (new)"
-+ "loc_vx_info(%d) = %p (not available)"
-+ 1 2 "create_vx_info(%d)*"
-+ "loc_vx_info(%d)*"
-+ 2 4 "get_vx_info(%p[#%d.%d])"
-+ "put_vx_info(%p[#%d.%d])"
-+ 3 8 "claim_vx_info(%p[#%d.%d.%d]) %p"
-+ "clr_vx_info(%p[#%d.%d])"
-+ "init_vx_info(%p[#%d.%d])"
-+ "release_vx_info(%p[#%d.%d.%d]) %p"
-+ "set_vx_info(%p[#%d.%d])"
-+ 4 10 "__hash_vx_info: %p[#%d]"
-+ "__unhash_vx_info: %p[#%d.%d.%d]"
-+ "__vx_dynamic_id: [#%d]"
-+ 5 20 "enter_vx_info(%p[#%d],%p) %p[#%d,%p]"
-+ "leave_vx_info(%p[#%d,%p]) %p[#%d,%p]"
-+ "moved task %p into vxi:%p[#%d]"
-+ "task_get_vx_info(%p)"
-+ "vx_migrate_task(%p,%p[#%d.%d])"
-+ 6 40 "vx_clear_persistent(%p[#%d])"
-+ "vx_exit_init(%p[#%d],%p[#%d,%d,%d])"
-+ "vx_set_init(%p[#%d],%p[#%d,%d,%d])"
-+ "vx_set_persistent(%p[#%d])"
-+ "vx_set_reaper(%p[#%d],%p[#%d,%d])"
-+ 7 80 "vx_child_reaper(%p[#%u,%u]) = %p[#%u,%u]"
-+
-+
-+debug_limit:
-+
-+ n 2^n "vx_acc_cres[%5d,%s,%2d]: %5d%s"
-+ "vx_cres_avail[%5d,%s,%2d]: %5ld > %5d + %5d"
-+
-+ m 2^m "vx_acc_page[%5d,%s,%2d]: %5d%s"
-+ "vx_acc_pages[%5d,%s,%2d]: %5d += %5d"
-+ "vx_pages_avail[%5d,%s,%2d]: %5ld > %5d + %5d"
-diff -NurpP --minimal linux-2.6.35.4/drivers/block/Kconfig linux-2.6.35.4-vs2.3.0.36.32/drivers/block/Kconfig
---- linux-2.6.35.4/drivers/block/Kconfig 2010-08-02 16:52:14.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/drivers/block/Kconfig 2010-08-02 17:05:05.000000000 +0200
-@@ -273,6 +273,13 @@ config BLK_DEV_CRYPTOLOOP
+diff -NurpP --minimal linux-3.9.4/arch/x86/syscalls/syscall_32.tbl linux-3.9.4-vs2.3.6.2/arch/x86/syscalls/syscall_32.tbl
+--- linux-3.9.4/arch/x86/syscalls/syscall_32.tbl 2013-05-31 13:44:50.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/arch/x86/syscalls/syscall_32.tbl 2013-05-31 14:47:11.000000000 +0000
+@@ -279,7 +279,7 @@
+ 270 i386 tgkill sys_tgkill
+ 271 i386 utimes sys_utimes compat_sys_utimes
+ 272 i386 fadvise64_64 sys_fadvise64_64 sys32_fadvise64_64
+-273 i386 vserver
++273 i386 vserver sys_vserver sys32_vserver
+ 274 i386 mbind sys_mbind
+ 275 i386 get_mempolicy sys_get_mempolicy compat_sys_get_mempolicy
+ 276 i386 set_mempolicy sys_set_mempolicy
+diff -NurpP --minimal linux-3.9.4/arch/x86/syscalls/syscall_64.tbl linux-3.9.4-vs2.3.6.2/arch/x86/syscalls/syscall_64.tbl
+--- linux-3.9.4/arch/x86/syscalls/syscall_64.tbl 2013-05-31 13:44:50.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/arch/x86/syscalls/syscall_64.tbl 2013-05-31 14:47:11.000000000 +0000
+@@ -242,7 +242,7 @@
+ 233 common epoll_ctl sys_epoll_ctl
+ 234 common tgkill sys_tgkill
+ 235 common utimes sys_utimes
+-236 64 vserver
++236 64 vserver sys_vserver
+ 237 common mbind sys_mbind
+ 238 common set_mempolicy sys_set_mempolicy
+ 239 common get_mempolicy sys_get_mempolicy
+diff -NurpP --minimal linux-3.9.4/drivers/block/Kconfig linux-3.9.4-vs2.3.6.2/drivers/block/Kconfig
+--- linux-3.9.4/drivers/block/Kconfig 2013-05-31 13:44:51.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/drivers/block/Kconfig 2013-05-31 14:47:11.000000000 +0000
+@@ -278,6 +278,13 @@ config BLK_DEV_CRYPTOLOOP
source "drivers/block/drbd/Kconfig"
config BLK_DEV_NBD
tristate "Network block device support"
depends on NET
-diff -NurpP --minimal linux-2.6.35.4/drivers/block/loop.c linux-2.6.35.4-vs2.3.0.36.32/drivers/block/loop.c
---- linux-2.6.35.4/drivers/block/loop.c 2010-08-02 16:52:14.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/drivers/block/loop.c 2010-08-02 17:05:05.000000000 +0200
-@@ -73,6 +73,7 @@
- #include <linux/highmem.h>
- #include <linux/kthread.h>
- #include <linux/splice.h>
+diff -NurpP --minimal linux-3.9.4/drivers/block/Makefile linux-3.9.4-vs2.3.6.2/drivers/block/Makefile
+--- linux-3.9.4/drivers/block/Makefile 2013-05-31 13:44:51.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/drivers/block/Makefile 2013-05-31 14:47:11.000000000 +0000
+@@ -33,6 +33,7 @@ obj-$(CONFIG_VIRTIO_BLK) += virtio_blk.o
+ obj-$(CONFIG_VIODASD) += viodasd.o
+ obj-$(CONFIG_BLK_DEV_SX8) += sx8.o
+ obj-$(CONFIG_BLK_DEV_HD) += hd.o
++obj-$(CONFIG_BLK_DEV_VROOT) += vroot.o
+
+ obj-$(CONFIG_XEN_BLKDEV_FRONTEND) += xen-blkfront.o
+ obj-$(CONFIG_XEN_BLKDEV_BACKEND) += xen-blkback/
+diff -NurpP --minimal linux-3.9.4/drivers/block/loop.c linux-3.9.4-vs2.3.6.2/drivers/block/loop.c
+--- linux-3.9.4/drivers/block/loop.c 2013-05-31 13:44:51.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/drivers/block/loop.c 2013-05-31 14:47:11.000000000 +0000
+@@ -76,6 +76,7 @@
+ #include <linux/sysfs.h>
+ #include <linux/miscdevice.h>
+ #include <linux/falloc.h>
+#include <linux/vs_context.h>
#include <asm/uaccess.h>
-@@ -813,6 +814,7 @@ static int loop_set_fd(struct loop_devic
+@@ -882,6 +883,7 @@ static int loop_set_fd(struct loop_devic
lo->lo_blocksize = lo_blocksize;
lo->lo_device = bdev;
lo->lo_flags = lo_flags;
lo->lo_backing_file = file;
lo->transfer = transfer_none;
lo->ioctl = NULL;
-@@ -941,6 +943,7 @@ static int loop_clr_fd(struct loop_devic
+@@ -1033,6 +1035,7 @@ static int loop_clr_fd(struct loop_devic
+ lo->lo_sizelimit = 0;
lo->lo_encrypt_key_size = 0;
- lo->lo_flags = 0;
lo->lo_thread = NULL;
+ lo->lo_xid = 0;
memset(lo->lo_encrypt_key, 0, LO_KEY_SIZE);
memset(lo->lo_crypt_name, 0, LO_NAME_SIZE);
memset(lo->lo_file_name, 0, LO_NAME_SIZE);
-@@ -978,7 +981,7 @@ loop_set_status(struct loop_device *lo,
+@@ -1076,7 +1079,7 @@ loop_set_status(struct loop_device *lo,
if (lo->lo_encrypt_key_size &&
- lo->lo_key_owner != uid &&
+ !uid_eq(lo->lo_key_owner, uid) &&
- !capable(CAP_SYS_ADMIN))
+ !vx_capable(CAP_SYS_ADMIN, VXC_ADMIN_CLOOP))
return -EPERM;
if (lo->lo_state != Lo_bound)
return -ENXIO;
-@@ -1062,7 +1065,8 @@ loop_get_status(struct loop_device *lo,
+@@ -1166,7 +1169,8 @@ loop_get_status(struct loop_device *lo,
memcpy(info->lo_crypt_name, lo->lo_crypt_name, LO_NAME_SIZE);
info->lo_encrypt_type =
lo->lo_encryption ? lo->lo_encryption->number : 0;
info->lo_encrypt_key_size = lo->lo_encrypt_key_size;
memcpy(info->lo_encrypt_key, lo->lo_encrypt_key,
lo->lo_encrypt_key_size);
-@@ -1408,6 +1412,9 @@ static int lo_open(struct block_device *
- {
- struct loop_device *lo = bdev->bd_disk->private_data;
+@@ -1508,6 +1512,11 @@ static int lo_open(struct block_device *
+ goto out;
+ }
-+ if (!vx_check(lo->lo_xid, VS_IDENT|VS_HOSTID|VS_ADMIN_P))
-+ return -EACCES;
++ if (!vx_check(lo->lo_xid, VS_IDENT|VS_HOSTID|VS_ADMIN_P)) {
++ err = -EACCES;
++ goto out;
++ }
+
mutex_lock(&lo->lo_ctl_mutex);
lo->lo_refcnt++;
mutex_unlock(&lo->lo_ctl_mutex);
-diff -NurpP --minimal linux-2.6.35.4/drivers/block/Makefile linux-2.6.35.4-vs2.3.0.36.32/drivers/block/Makefile
---- linux-2.6.35.4/drivers/block/Makefile 2010-02-25 11:51:36.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/drivers/block/Makefile 2010-08-02 17:05:05.000000000 +0200
-@@ -34,6 +34,7 @@ obj-$(CONFIG_VIODASD) += viodasd.o
- obj-$(CONFIG_BLK_DEV_SX8) += sx8.o
- obj-$(CONFIG_BLK_DEV_UB) += ub.o
- obj-$(CONFIG_BLK_DEV_HD) += hd.o
-+obj-$(CONFIG_BLK_DEV_VROOT) += vroot.o
-
- obj-$(CONFIG_XEN_BLKDEV_FRONTEND) += xen-blkfront.o
- obj-$(CONFIG_BLK_DEV_DRBD) += drbd/
-diff -NurpP --minimal linux-2.6.35.4/drivers/block/vroot.c linux-2.6.35.4-vs2.3.0.36.32/drivers/block/vroot.c
---- linux-2.6.35.4/drivers/block/vroot.c 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/drivers/block/vroot.c 2010-08-02 17:05:05.000000000 +0200
-@@ -0,0 +1,282 @@
+diff -NurpP --minimal linux-3.9.4/drivers/block/vroot.c linux-3.9.4-vs2.3.6.2/drivers/block/vroot.c
+--- linux-3.9.4/drivers/block/vroot.c 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/drivers/block/vroot.c 2013-05-31 14:47:11.000000000 +0000
+@@ -0,0 +1,291 @@
+/*
+ * linux/drivers/block/vroot.c
+ *
+ .ioctl = vr_ioctl,
+};
+
++static void vroot_make_request(struct request_queue *q, struct bio *bio)
++{
++ printk("vroot_make_request %p, %p\n", q, bio);
++ bio_io_error(bio);
++}
++
+struct block_device *__vroot_get_real_bdev(struct block_device *bdev)
+{
+ struct inode *inode = bdev->bd_inode;
+ return real_bdev;
+}
+
++
++
+/*
+ * And now the modules code and kernel interface.
+ */
+ disks[i]->queue = blk_alloc_queue(GFP_KERNEL);
+ if (!disks[i]->queue)
+ goto out_mem3;
++ blk_queue_make_request(disks[i]->queue, vroot_make_request);
+ }
+
+ for (i = 0; i < max_vroot; i++) {
+ struct gendisk *disk = disks[i];
+
+ memset(vr, 0, sizeof(*vr));
-+ init_MUTEX(&vr->vr_ctl_mutex);
++ sema_init(&vr->vr_ctl_mutex, 1);
+ vr->vr_number = i;
+ disk->major = VROOT_MAJOR;
+ disk->first_minor = i;
+
+#endif
+
-diff -NurpP --minimal linux-2.6.35.4/drivers/char/sysrq.c linux-2.6.35.4-vs2.3.0.36.32/drivers/char/sysrq.c
---- linux-2.6.35.4/drivers/char/sysrq.c 2010-08-02 16:52:15.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/drivers/char/sysrq.c 2010-08-02 17:39:50.000000000 +0200
-@@ -42,6 +42,7 @@
- #include <linux/oom.h>
- #include <linux/slab.h>
- #include <linux/input.h>
-+#include <linux/vserver/debug.h>
+diff -NurpP --minimal linux-3.9.4/drivers/infiniband/Kconfig linux-3.9.4-vs2.3.6.2/drivers/infiniband/Kconfig
+--- linux-3.9.4/drivers/infiniband/Kconfig 2012-12-11 03:30:57.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/drivers/infiniband/Kconfig 2013-05-31 14:47:11.000000000 +0000
+@@ -39,7 +39,7 @@ config INFINIBAND_USER_MEM
+ config INFINIBAND_ADDR_TRANS
+ bool
+ depends on INET
+- depends on !(INFINIBAND = y && IPV6 = m)
++ depends on !(INFINIBAND = y && IPV6 = y)
+ default y
- #include <asm/ptrace.h>
- #include <asm/irq_regs.h>
-@@ -396,6 +397,21 @@ static struct sysrq_key_op sysrq_unrt_op
- .enable_mask = SYSRQ_ENABLE_RTNICE,
- };
+ source "drivers/infiniband/hw/mthca/Kconfig"
+diff -NurpP --minimal linux-3.9.4/drivers/infiniband/core/addr.c linux-3.9.4-vs2.3.6.2/drivers/infiniband/core/addr.c
+--- linux-3.9.4/drivers/infiniband/core/addr.c 2012-12-11 03:30:57.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/drivers/infiniband/core/addr.c 2013-05-31 14:47:11.000000000 +0000
+@@ -261,7 +261,7 @@ static int addr6_resolve(struct sockaddr
-+
-+#ifdef CONFIG_VSERVER_DEBUG
-+static void sysrq_handle_vxinfo(int key, struct tty_struct *tty)
-+{
-+ dump_vx_info_inactive((key == 'x')?0:1);
-+}
-+
-+static struct sysrq_key_op sysrq_showvxinfo_op = {
-+ .handler = sysrq_handle_vxinfo,
-+ .help_msg = "conteXt",
-+ .action_msg = "Show Context Info",
-+ .enable_mask = SYSRQ_ENABLE_DUMP,
-+};
-+#endif
-+
- /* Key Operations table and lock */
- static DEFINE_SPINLOCK(sysrq_key_table_lock);
+ if (ipv6_addr_any(&fl6.saddr)) {
+ ret = ipv6_dev_get_saddr(&init_net, ip6_dst_idev(dst)->dev,
+- &fl6.daddr, 0, &fl6.saddr);
++ &fl6.daddr, 0, &fl6.saddr, NULL);
+ if (ret)
+ goto put;
-@@ -450,7 +466,11 @@ static struct sysrq_key_op *sysrq_key_ta
- NULL, /* v */
- &sysrq_showstate_blocked_op, /* w */
- /* x: May be registered on ppc/powerpc for xmon */
-+#ifdef CONFIG_VSERVER_DEBUG
-+ &sysrq_showvxinfo_op, /* x */
-+#else
- NULL, /* x */
-+#endif
- /* y: May be registered on sparc64 for global register dump */
- NULL, /* y */
- &sysrq_ftrace_dump_op, /* z */
-@@ -465,6 +485,8 @@ static int sysrq_key_table_key2index(int
- retval = key - '0';
- else if ((key >= 'a') && (key <= 'z'))
- retval = key + 10 - 'a';
-+ else if ((key >= 'A') && (key <= 'Z'))
-+ retval = key + 10 - 'A';
- else
- retval = -1;
- return retval;
-diff -NurpP --minimal linux-2.6.35.4/drivers/char/tty_io.c linux-2.6.35.4-vs2.3.0.36.32/drivers/char/tty_io.c
---- linux-2.6.35.4/drivers/char/tty_io.c 2010-09-05 01:41:56.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/drivers/char/tty_io.c 2010-09-06 02:59:52.000000000 +0200
-@@ -106,6 +106,7 @@
+diff -NurpP --minimal linux-3.9.4/drivers/md/dm-ioctl.c linux-3.9.4-vs2.3.6.2/drivers/md/dm-ioctl.c
+--- linux-3.9.4/drivers/md/dm-ioctl.c 2013-05-31 13:44:59.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/drivers/md/dm-ioctl.c 2013-05-31 14:47:11.000000000 +0000
+@@ -16,6 +16,7 @@
+ #include <linux/dm-ioctl.h>
+ #include <linux/hdreg.h>
+ #include <linux/compat.h>
++#include <linux/vs_context.h>
- #include <linux/kmod.h>
- #include <linux/nsproxy.h>
-+#include <linux/vs_pid.h>
+ #include <asm/uaccess.h>
- #undef TTY_DEBUG_HANGUP
+@@ -106,7 +107,8 @@ static struct hash_cell *__get_name_cell
+ unsigned int h = hash_str(str);
-@@ -1992,7 +1993,8 @@ static int tiocsti(struct tty_struct *tt
- char ch, mbz = 0;
- struct tty_ldisc *ld;
+ list_for_each_entry (hc, _name_buckets + h, name_list)
+- if (!strcmp(hc->name, str)) {
++ if (vx_check(dm_get_xid(hc->md), VS_WATCH_P | VS_IDENT) &&
++ !strcmp(hc->name, str)) {
+ dm_get(hc->md);
+ return hc;
+ }
+@@ -120,7 +122,8 @@ static struct hash_cell *__get_uuid_cell
+ unsigned int h = hash_str(str);
-- if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN))
-+ if (((current->signal->tty != tty) &&
-+ !vx_capable(CAP_SYS_ADMIN, VXC_TIOCSTI)))
- return -EPERM;
- if (get_user(ch, p))
- return -EFAULT;
-@@ -2280,6 +2282,7 @@ static int tiocspgrp(struct tty_struct *
- return -ENOTTY;
- if (get_user(pgrp_nr, p))
- return -EFAULT;
-+ pgrp_nr = vx_rmap_pid(pgrp_nr);
- if (pgrp_nr < 0)
- return -EINVAL;
- rcu_read_lock();
-diff -NurpP --minimal linux-2.6.35.4/drivers/gpu/drm/radeon/r100_reg_safe.h linux-2.6.35.4-vs2.3.0.36.32/drivers/gpu/drm/radeon/r100_reg_safe.h
---- linux-2.6.35.4/drivers/gpu/drm/radeon/r100_reg_safe.h 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/drivers/gpu/drm/radeon/r100_reg_safe.h 2010-08-02 17:05:05.000000000 +0200
-@@ -0,0 +1,28 @@
-+static const unsigned r100_reg_safe_bm[102] = {
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0x17FF1FFF, 0xFFFFFFFC, 0xFFFFFFFF, 0xFF30FFBF,
-+ 0xFFFFFFF8, 0xC3E6FFFF, 0xFFFFF6DF, 0xFFFFFFFF,
-+ 0xFFFFFFCF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFF9F, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0x38E7FE1F, 0xFFC3FF8E, 0x7FF8FFFF, 0xFFFF803C,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFEFFFF, 0xFFFFFFFF,
-+ 0x00000000, 0xFFFFFFFD, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFCFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFEF,
-+};
-diff -NurpP --minimal linux-2.6.35.4/drivers/gpu/drm/radeon/r200_reg_safe.h linux-2.6.35.4-vs2.3.0.36.32/drivers/gpu/drm/radeon/r200_reg_safe.h
---- linux-2.6.35.4/drivers/gpu/drm/radeon/r200_reg_safe.h 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/drivers/gpu/drm/radeon/r200_reg_safe.h 2010-08-02 17:05:05.000000000 +0200
-@@ -0,0 +1,28 @@
-+static const unsigned r200_reg_safe_bm[102] = {
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0x17FF1FFF, 0xFFFFFFFC, 0xFFFFFFFF, 0xFF30FFBF,
-+ 0xFFFFFFF8, 0xC3E6FFFF, 0xFFFFF6DF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFE7FE1F, 0xF003FFFF, 0x7EFFFFFF, 0xFFFF803C,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFEFCE, 0xFFFEFFFF, 0xFFFFFFFE,
-+ 0x020E0FF0, 0xFFCC83FD, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFBFFFF, 0xEFFCFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xDFDFDFDF, 0x3FFDDFDF, 0xFFFFFFFF, 0xFFFFFF7F,
-+ 0xFFFFFFFF, 0x00FFFFFF, 0x00000000, 0x00000000,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFE3F, 0xFFFFFFEF,
-+};
-diff -NurpP --minimal linux-2.6.35.4/drivers/gpu/drm/radeon/r300_reg_safe.h linux-2.6.35.4-vs2.3.0.36.32/drivers/gpu/drm/radeon/r300_reg_safe.h
---- linux-2.6.35.4/drivers/gpu/drm/radeon/r300_reg_safe.h 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/drivers/gpu/drm/radeon/r300_reg_safe.h 2010-08-02 17:05:05.000000000 +0200
-@@ -0,0 +1,42 @@
-+static const unsigned r300_reg_safe_bm[159] = {
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0x17FF1FFF, 0xFFFFFFFC, 0xFFFFFFFF, 0xFF30FFBF,
-+ 0xFFFFFFF8, 0xC3E6FFFF, 0xFFFFF6DF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFF03F,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFEFCE, 0xF00EBFFF, 0x007C0000,
-+ 0xF0000078, 0xFF000009, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFF7FF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFC78, 0xFFFFFFFF, 0xFFFFFFFE, 0xFFFFFFFF,
-+ 0x38FF8F50, 0xFFF88082, 0xF000000C, 0xFAE009FF,
-+ 0x0000FFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000000,
-+ 0x00000000, 0x0000C100, 0x00000000, 0x00000000,
-+ 0x00000000, 0x00000000, 0x00000000, 0x00000000,
-+ 0x00000000, 0xFFFF0000, 0xFFFFFFFF, 0xFF80FFFF,
-+ 0x00000000, 0x00000000, 0x00000000, 0x00000000,
-+ 0x0003FC01, 0xFFFFFCF8, 0xFF800B19,
-+};
-diff -NurpP --minimal linux-2.6.35.4/drivers/gpu/drm/radeon/r420_reg_safe.h linux-2.6.35.4-vs2.3.0.36.32/drivers/gpu/drm/radeon/r420_reg_safe.h
---- linux-2.6.35.4/drivers/gpu/drm/radeon/r420_reg_safe.h 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/drivers/gpu/drm/radeon/r420_reg_safe.h 2010-08-02 17:05:05.000000000 +0200
-@@ -0,0 +1,42 @@
-+static const unsigned r420_reg_safe_bm[159] = {
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0x17FF1FFF, 0xFFFFFFFC, 0xFFFFFFFF, 0xFF30FFBF,
-+ 0xFFFFFFF8, 0xC3E6FFFF, 0xFFFFF6DF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFF03F,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFEFCE, 0xF00EBFFF, 0x007C0000,
-+ 0xF0000078, 0xFF000009, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFF7FF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFC78, 0xFFFFFFFF, 0xFFFFFFFE, 0xFFFFFFFF,
-+ 0x38FF8F50, 0xFFF88082, 0xF000000C, 0xFAE009FF,
-+ 0x0000FFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000000,
-+ 0x00000000, 0x00000100, 0x00000000, 0x00000000,
-+ 0x00000000, 0x00000000, 0x00000000, 0x00000000,
-+ 0x00000000, 0x00000000, 0x00000000, 0xFF800000,
-+ 0x00000000, 0x00000000, 0x00000000, 0x00000000,
-+ 0x0003FC01, 0xFFFFFCF8, 0xFF800B19,
-+};
-diff -NurpP --minimal linux-2.6.35.4/drivers/gpu/drm/radeon/rn50_reg_safe.h linux-2.6.35.4-vs2.3.0.36.32/drivers/gpu/drm/radeon/rn50_reg_safe.h
---- linux-2.6.35.4/drivers/gpu/drm/radeon/rn50_reg_safe.h 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/drivers/gpu/drm/radeon/rn50_reg_safe.h 2010-08-02 17:05:05.000000000 +0200
-@@ -0,0 +1,28 @@
-+static const unsigned rn50_reg_safe_bm[102] = {
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0x17FF1FFF, 0xFFFFFFFC, 0xFFFFFFFF, 0xFF30FFBF,
-+ 0xFFFFFFF8, 0xC3E6FFFF, 0xFFFFF6DF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF,
-+};
-diff -NurpP --minimal linux-2.6.35.4/drivers/gpu/drm/radeon/rs600_reg_safe.h linux-2.6.35.4-vs2.3.0.36.32/drivers/gpu/drm/radeon/rs600_reg_safe.h
---- linux-2.6.35.4/drivers/gpu/drm/radeon/rs600_reg_safe.h 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/drivers/gpu/drm/radeon/rs600_reg_safe.h 2010-08-02 17:05:05.000000000 +0200
-@@ -0,0 +1,57 @@
-+static const unsigned rs600_reg_safe_bm[219] = {
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0x17FF1FFF, 0xFFFFFFFC, 0xFFFFFFFF, 0xFF30FFBF,
-+ 0xFFFFFFF8, 0xC3E6FFFF, 0xFFFFF6DF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFF03F,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFEFCE, 0xF00EBFFF, 0x007C0000,
-+ 0xF0000078, 0xFF000009, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFF7FF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFC78, 0xFFFFFFFF, 0xFFFFFFFE, 0xFFFFFFFF,
-+ 0x38FF8F50, 0xFFF88082, 0xF000000C, 0xFAE009FF,
-+ 0x0000FFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000000,
-+ 0x00000000, 0x00000100, 0x00000000, 0x00000000,
-+ 0x00000000, 0x00000000, 0x00000000, 0x00000000,
-+ 0x00000000, 0x00000000, 0x00000000, 0xFF800000,
-+ 0x00000000, 0x00000000, 0x00000000, 0x00000000,
-+ 0x0003FC01, 0xFFFFFCF8, 0xFF800B19, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+};
-diff -NurpP --minimal linux-2.6.35.4/drivers/gpu/drm/radeon/rv515_reg_safe.h linux-2.6.35.4-vs2.3.0.36.32/drivers/gpu/drm/radeon/rv515_reg_safe.h
---- linux-2.6.35.4/drivers/gpu/drm/radeon/rv515_reg_safe.h 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/drivers/gpu/drm/radeon/rv515_reg_safe.h 2010-08-02 17:05:05.000000000 +0200
-@@ -0,0 +1,57 @@
-+static const unsigned rv515_reg_safe_bm[219] = {
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0x17FF1FFF, 0xFFFFFFFC, 0xFFFFFFFF, 0xFF30FFBF,
-+ 0xFFFFFFF8, 0xC3E6FFFF, 0xFFFFF6DF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFF03F,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFEFCE, 0xF00EBFFF, 0x007C0000,
-+ 0xF0000038, 0xFF000009, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0x00000000, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFF7FF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0x1FFFF878, 0xFFFFE000, 0xFFFFFE1E, 0xFFFFFFFF,
-+ 0x388F8F50, 0xFFF88082, 0xFF0000FC, 0xFAE009FF,
-+ 0x0000FFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000000,
-+ 0xFFFF8CFC, 0xFFFFC1FF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFF80FFFF,
-+ 0x00000000, 0x00000000, 0x00000000, 0x00000000,
-+ 0x0003FC01, 0x3FFFFCF8, 0xFF800B19, 0xFFDFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-+};
-diff -NurpP --minimal linux-2.6.35.4/drivers/infiniband/core/addr.c linux-2.6.35.4-vs2.3.0.36.32/drivers/infiniband/core/addr.c
---- linux-2.6.35.4/drivers/infiniband/core/addr.c 2010-07-07 18:31:18.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/drivers/infiniband/core/addr.c 2010-08-02 17:05:05.000000000 +0200
-@@ -252,7 +252,7 @@ static int addr6_resolve(struct sockaddr
+ list_for_each_entry (hc, _uuid_buckets + h, uuid_list)
+- if (!strcmp(hc->uuid, str)) {
++ if (vx_check(dm_get_xid(hc->md), VS_WATCH_P | VS_IDENT) &&
++ !strcmp(hc->uuid, str)) {
+ dm_get(hc->md);
+ return hc;
+ }
+@@ -131,13 +134,15 @@ static struct hash_cell *__get_uuid_cell
+ static struct hash_cell *__get_dev_cell(uint64_t dev)
+ {
+ struct mapped_device *md;
+- struct hash_cell *hc;
++ struct hash_cell *hc = NULL;
- if (ipv6_addr_any(&fl.fl6_src)) {
- ret = ipv6_dev_get_saddr(&init_net, ip6_dst_idev(dst)->dev,
-- &fl.fl6_dst, 0, &fl.fl6_src);
-+ &fl.fl6_dst, 0, &fl.fl6_src, NULL);
- if (ret)
- goto put;
+ md = dm_get_md(huge_decode_dev(dev));
+ if (!md)
+ return NULL;
-diff -NurpP --minimal linux-2.6.35.4/drivers/infiniband/hw/ipath/ipath_user_pages.c linux-2.6.35.4-vs2.3.0.36.32/drivers/infiniband/hw/ipath/ipath_user_pages.c
---- linux-2.6.35.4/drivers/infiniband/hw/ipath/ipath_user_pages.c 2010-07-07 18:31:19.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/drivers/infiniband/hw/ipath/ipath_user_pages.c 2010-08-02 17:05:05.000000000 +0200
-@@ -35,6 +35,7 @@
- #include <linux/device.h>
- #include <linux/slab.h>
- #include <linux/sched.h>
-+#include <linux/vs_memory.h>
+- hc = dm_get_mdptr(md);
++ if (vx_check(dm_get_xid(md), VS_WATCH_P | VS_IDENT))
++ hc = dm_get_mdptr(md);
++
+ if (!hc) {
+ dm_put(md);
+ return NULL;
+@@ -445,6 +450,9 @@ typedef int (*ioctl_fn)(struct dm_ioctl
+
+ static int remove_all(struct dm_ioctl *param, size_t param_size)
+ {
++ if (!vx_check(0, VS_ADMIN))
++ return -EPERM;
++
+ dm_hash_remove_all(1);
+ param->data_size = 0;
+ return 0;
+@@ -492,6 +500,8 @@ static int list_devices(struct dm_ioctl
+ */
+ for (i = 0; i < NUM_BUCKETS; i++) {
+ list_for_each_entry (hc, _name_buckets + i, name_list) {
++ if (!vx_check(dm_get_xid(hc->md), VS_WATCH_P | VS_IDENT))
++ continue;
+ needed += sizeof(struct dm_name_list);
+ needed += strlen(hc->name) + 1;
+ needed += ALIGN_MASK;
+@@ -515,6 +525,8 @@ static int list_devices(struct dm_ioctl
+ */
+ for (i = 0; i < NUM_BUCKETS; i++) {
+ list_for_each_entry (hc, _name_buckets + i, name_list) {
++ if (!vx_check(dm_get_xid(hc->md), VS_WATCH_P | VS_IDENT))
++ continue;
+ if (old_nl)
+ old_nl->next = (uint32_t) ((void *) nl -
+ (void *) old_nl);
+@@ -1722,8 +1734,8 @@ static int ctl_ioctl(uint command, struc
+ size_t input_param_size;
+ struct dm_ioctl param_kernel;
- #include "ipath_kernel.h"
+- /* only root can play with this */
+- if (!capable(CAP_SYS_ADMIN))
++ /* only root and certain contexts can play with this */
++ if (!vx_capable(CAP_SYS_ADMIN, VXC_ADMIN_MAPPER))
+ return -EACCES;
-diff -NurpP --minimal linux-2.6.35.4/drivers/md/dm.c linux-2.6.35.4-vs2.3.0.36.32/drivers/md/dm.c
---- linux-2.6.35.4/drivers/md/dm.c 2010-09-05 01:41:56.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/drivers/md/dm.c 2010-09-06 03:00:12.000000000 +0200
-@@ -20,6 +20,7 @@
+ if (_IOC_TYPE(command) != DM_IOCTL)
+diff -NurpP --minimal linux-3.9.4/drivers/md/dm.c linux-3.9.4-vs2.3.6.2/drivers/md/dm.c
+--- linux-3.9.4/drivers/md/dm.c 2013-05-31 13:44:59.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/drivers/md/dm.c 2013-05-31 14:47:11.000000000 +0000
+@@ -19,6 +19,7 @@
#include <linux/idr.h>
#include <linux/hdreg.h>
#include <linux/delay.h>
#include <trace/events/block.h>
-@@ -120,6 +121,7 @@ struct mapped_device {
+@@ -125,6 +126,7 @@ struct mapped_device {
rwlock_t map_lock;
atomic_t holders;
atomic_t open_count;
unsigned long flags;
-@@ -338,6 +340,7 @@ int dm_deleting_md(struct mapped_device
+@@ -317,6 +319,7 @@ int dm_deleting_md(struct mapped_device
static int dm_blk_open(struct block_device *bdev, fmode_t mode)
{
struct mapped_device *md;
spin_lock(&_minor_lock);
-@@ -346,18 +349,19 @@ static int dm_blk_open(struct block_devi
+@@ -325,18 +328,19 @@ static int dm_blk_open(struct block_devi
goto out;
if (test_bit(DMF_FREEING, &md->flags) ||
}
static int dm_blk_close(struct gendisk *disk, fmode_t mode)
-@@ -575,6 +579,14 @@ int dm_set_geometry(struct mapped_device
+@@ -547,6 +551,14 @@ int dm_set_geometry(struct mapped_device
return 0;
}
/*-----------------------------------------------------------------
* CRUD START:
* A more elegant soln is in the works that uses the queue
-@@ -1887,6 +1899,7 @@ static struct mapped_device *alloc_dev(i
+@@ -1884,6 +1896,7 @@ static struct mapped_device *alloc_dev(i
INIT_LIST_HEAD(&md->uevent_list);
spin_lock_init(&md->uevent_lock);
+ md->xid = vx_current_xid();
- md->queue = blk_init_queue(dm_request_fn, NULL);
+ md->queue = blk_alloc_queue(GFP_KERNEL);
if (!md->queue)
goto bad_queue;
-diff -NurpP --minimal linux-2.6.35.4/drivers/md/dm.h linux-2.6.35.4-vs2.3.0.36.32/drivers/md/dm.h
---- linux-2.6.35.4/drivers/md/dm.h 2010-09-05 01:41:56.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/drivers/md/dm.h 2010-09-06 02:59:52.000000000 +0200
-@@ -41,6 +41,8 @@ struct dm_dev_internal {
+diff -NurpP --minimal linux-3.9.4/drivers/md/dm.h linux-3.9.4-vs2.3.6.2/drivers/md/dm.h
+--- linux-3.9.4/drivers/md/dm.h 2013-02-19 13:57:51.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/drivers/md/dm.h 2013-05-31 14:47:11.000000000 +0000
+@@ -46,6 +46,8 @@ struct dm_dev_internal {
struct dm_table;
struct dm_md_mempools;
/*-----------------------------------------------------------------
* Internal table functions.
*---------------------------------------------------------------*/
-diff -NurpP --minimal linux-2.6.35.4/drivers/md/dm-ioctl.c linux-2.6.35.4-vs2.3.0.36.32/drivers/md/dm-ioctl.c
---- linux-2.6.35.4/drivers/md/dm-ioctl.c 2010-09-05 01:41:56.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/drivers/md/dm-ioctl.c 2010-09-06 02:59:52.000000000 +0200
-@@ -16,6 +16,7 @@
- #include <linux/dm-ioctl.h>
- #include <linux/hdreg.h>
- #include <linux/compat.h>
-+#include <linux/vs_context.h>
-
- #include <asm/uaccess.h>
-
-@@ -106,7 +107,8 @@ static struct hash_cell *__get_name_cell
- unsigned int h = hash_str(str);
-
- list_for_each_entry (hc, _name_buckets + h, name_list)
-- if (!strcmp(hc->name, str)) {
-+ if (vx_check(dm_get_xid(hc->md), VS_WATCH_P | VS_IDENT) &&
-+ !strcmp(hc->name, str)) {
- dm_get(hc->md);
- return hc;
- }
-@@ -120,7 +122,8 @@ static struct hash_cell *__get_uuid_cell
- unsigned int h = hash_str(str);
-
- list_for_each_entry (hc, _uuid_buckets + h, uuid_list)
-- if (!strcmp(hc->uuid, str)) {
-+ if (vx_check(dm_get_xid(hc->md), VS_WATCH_P | VS_IDENT) &&
-+ !strcmp(hc->uuid, str)) {
- dm_get(hc->md);
- return hc;
- }
-@@ -375,6 +378,9 @@ typedef int (*ioctl_fn)(struct dm_ioctl
-
- static int remove_all(struct dm_ioctl *param, size_t param_size)
- {
-+ if (!vx_check(0, VS_ADMIN))
-+ return -EPERM;
-+
- dm_hash_remove_all(1);
- param->data_size = 0;
- return 0;
-@@ -422,6 +428,8 @@ static int list_devices(struct dm_ioctl
- */
- for (i = 0; i < NUM_BUCKETS; i++) {
- list_for_each_entry (hc, _name_buckets + i, name_list) {
-+ if (!vx_check(dm_get_xid(hc->md), VS_WATCH_P | VS_IDENT))
-+ continue;
- needed += sizeof(struct dm_name_list);
- needed += strlen(hc->name) + 1;
- needed += ALIGN_MASK;
-@@ -445,6 +453,8 @@ static int list_devices(struct dm_ioctl
- */
- for (i = 0; i < NUM_BUCKETS; i++) {
- list_for_each_entry (hc, _name_buckets + i, name_list) {
-+ if (!vx_check(dm_get_xid(hc->md), VS_WATCH_P | VS_IDENT))
-+ continue;
- if (old_nl)
- old_nl->next = (uint32_t) ((void *) nl -
- (void *) old_nl);
-@@ -680,10 +690,11 @@ static struct hash_cell *__find_device_h
- if (!md)
- goto out;
-
-- mdptr = dm_get_mdptr(md);
-+ if (vx_check(dm_get_xid(md), VS_WATCH_P | VS_IDENT))
-+ mdptr = dm_get_mdptr(md);
-+
- if (!mdptr)
- dm_put(md);
--
- out:
- return mdptr;
- }
-@@ -1526,8 +1537,8 @@ static int ctl_ioctl(uint command, struc
- ioctl_fn fn = NULL;
- size_t param_size;
-
-- /* only root can play with this */
-- if (!capable(CAP_SYS_ADMIN))
-+ /* only root and certain contexts can play with this */
-+ if (!vx_capable(CAP_SYS_ADMIN, VXC_ADMIN_MAPPER))
- return -EACCES;
-
- if (_IOC_TYPE(command) != DM_IOCTL)
-diff -NurpP --minimal linux-2.6.35.4/drivers/net/tun.c linux-2.6.35.4-vs2.3.0.36.32/drivers/net/tun.c
---- linux-2.6.35.4/drivers/net/tun.c 2010-08-02 16:52:27.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/drivers/net/tun.c 2010-08-02 17:05:05.000000000 +0200
-@@ -62,6 +62,7 @@
+diff -NurpP --minimal linux-3.9.4/drivers/net/tun.c linux-3.9.4-vs2.3.6.2/drivers/net/tun.c
+--- linux-3.9.4/drivers/net/tun.c 2013-05-31 14:22:27.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/drivers/net/tun.c 2013-05-31 20:01:45.000000000 +0000
+@@ -64,6 +64,7 @@
#include <linux/nsproxy.h>
#include <linux/virtio_net.h>
#include <linux/rcupdate.h>
#include <net/net_namespace.h>
#include <net/netns/generic.h>
#include <net/rtnetlink.h>
-@@ -103,6 +104,7 @@ struct tun_struct {
+@@ -164,6 +165,7 @@ struct tun_struct {
unsigned int flags;
- uid_t owner;
- gid_t group;
+ kuid_t owner;
+ kgid_t group;
+ nid_t nid;
struct net_device *dev;
- struct fasync_struct *fasync;
-@@ -851,6 +853,7 @@ static void tun_setup(struct net_device
+ netdev_features_t set_features;
+@@ -380,6 +382,7 @@ static inline bool tun_not_capable(struc
+ return ((uid_valid(tun->owner) && !uid_eq(cred->euid, tun->owner)) ||
+ (gid_valid(tun->group) && !in_egroup_p(tun->group))) &&
+ !ns_capable(net->user_ns, CAP_NET_ADMIN);
++ /* !cap_raised(current_cap(), CAP_NET_ADMIN) */
+ }
+
+ static void tun_set_real_num_queues(struct tun_struct *tun)
+@@ -1404,6 +1407,7 @@ static void tun_setup(struct net_device
- tun->owner = -1;
- tun->group = -1;
-+ tun->nid = current->nid;
+ tun->owner = INVALID_UID;
+ tun->group = INVALID_GID;
++ tun->nid = nx_current_nid();
dev->ethtool_ops = &tun_ethtool_ops;
dev->destructor = tun_free_netdev;
-@@ -1001,7 +1004,7 @@ static int tun_set_iff(struct net *net,
-
- if (((tun->owner != -1 && cred->euid != tun->owner) ||
- (tun->group != -1 && !in_egroup_p(tun->group))) &&
-- !capable(CAP_NET_ADMIN))
-+ !cap_raised(current_cap(), CAP_NET_ADMIN))
- return -EPERM;
- err = security_tun_dev_attach(tun->socket.sk);
- if (err < 0)
-@@ -1015,7 +1018,7 @@ static int tun_set_iff(struct net *net,
- char *name;
- unsigned long flags = 0;
-
-- if (!capable(CAP_NET_ADMIN))
-+ if (!nx_capable(CAP_NET_ADMIN, NXC_TUN_CREATE))
- return -EPERM;
- err = security_tun_dev_create();
+@@ -1591,6 +1595,9 @@ static int tun_set_iff(struct net *net,
if (err < 0)
-@@ -1085,6 +1088,9 @@ static int tun_set_iff(struct net *net,
-
- sk->sk_destruct = tun_sock_destruct;
+ return err;
+ if (!nx_check(tun->nid, VS_IDENT | VS_HOSTID | VS_ADMIN_P))
+ return -EPERM;
+
err = tun_attach(tun, file);
if (err < 0)
- goto failed;
-@@ -1276,6 +1282,16 @@ static long __tun_chr_ioctl(struct file
- DBG(KERN_INFO "%s: group set to %d\n", tun->dev->name, tun->group);
+ return err;
+@@ -1605,7 +1612,7 @@ static int tun_set_iff(struct net *net,
+ int queues = ifr->ifr_flags & IFF_MULTI_QUEUE ?
+ MAX_TAP_QUEUES : 1;
+
+- if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
++ if (!vx_ns_capable(net->user_ns, CAP_NET_ADMIN, NXC_TUN_CREATE))
+ return -EPERM;
+ err = security_tun_dev_create();
+ if (err < 0)
+@@ -1950,6 +1957,16 @@ static long __tun_chr_ioctl(struct file
+ from_kgid(&init_user_ns, tun->group));
break;
+ case TUNSETNID:
+ /* Set nid owner of the device */
+ tun->nid = (nid_t) arg;
+
-+ DBG(KERN_INFO "%s: nid owner set to %u\n", tun->dev->name, tun->nid);
++ tun_debug(KERN_INFO, tun, "nid owner set to %u\n", tun->nid);
+ break;
+
case TUNSETLINK:
/* Only allow setting the type when the interface is down */
if (tun->dev->flags & IFF_UP) {
-diff -NurpP --minimal linux-2.6.35.4/fs/attr.c linux-2.6.35.4-vs2.3.0.36.32/fs/attr.c
---- linux-2.6.35.4/fs/attr.c 2010-08-02 16:52:47.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/attr.c 2010-08-02 21:00:32.000000000 +0200
-@@ -13,6 +13,9 @@
- #include <linux/fsnotify.h>
- #include <linux/fcntl.h>
- #include <linux/security.h>
-+#include <linux/proc_fs.h>
-+#include <linux/devpts_fs.h>
-+#include <linux/vs_tag.h>
-
- /* Taken over from the old code... */
-
-@@ -54,6 +57,10 @@ int inode_change_ok(const struct inode *
- if (!is_owner_or_cap(inode))
- goto error;
- }
-+
-+ if (dx_permission(inode, MAY_WRITE))
-+ goto error;
-+
- fine:
- retval = 0;
- error:
-@@ -127,6 +134,8 @@ void generic_setattr(struct inode *inode
- inode->i_uid = attr->ia_uid;
- if (ia_valid & ATTR_GID)
- inode->i_gid = attr->ia_gid;
-+ if ((ia_valid & ATTR_TAG) && IS_TAGGED(inode))
-+ inode->i_tag = attr->ia_tag;
- if (ia_valid & ATTR_ATIME)
- inode->i_atime = timespec_trunc(attr->ia_atime,
- inode->i_sb->s_time_gran);
-@@ -179,7 +188,8 @@ int notify_change(struct dentry * dentry
- struct timespec now;
- unsigned int ia_valid = attr->ia_valid;
+diff -NurpP --minimal linux-3.9.4/drivers/staging/csr/csr_wifi_hip_xbv.c linux-3.9.4-vs2.3.6.2/drivers/staging/csr/csr_wifi_hip_xbv.c
+--- linux-3.9.4/drivers/staging/csr/csr_wifi_hip_xbv.c 2013-02-19 13:58:32.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/drivers/staging/csr/csr_wifi_hip_xbv.c 2013-05-31 14:47:11.000000000 +0000
+@@ -55,7 +55,7 @@ typedef struct
+ {
+ char t_name[4];
+ u32 t_len;
+-} tag_t;
++} ctag_t;
+
+
+ #define TAG_EQ(i, v) (((i)[0] == (v)[0]) && \
+@@ -90,7 +90,7 @@ typedef struct
+ u32 ptr;
+ } xbv_stack_t;
+
+-static s32 read_tag(card_t *card, ct_t *ct, tag_t *tag);
++static s32 read_tag(card_t *card, ct_t *ct, ctag_t *tag);
+ static s32 read_bytes(card_t *card, ct_t *ct, void *buf, u32 len);
+ static s32 read_uint(card_t *card, ct_t *ct, u32 *u, u32 len);
+ static s32 xbv_check(xbv1_t *fwinfo, const xbv_stack_t *stack,
+@@ -160,7 +160,7 @@ static u32 write_fwdl_to_ptdl(void *buf,
+ CsrResult xbv1_parse(card_t *card, fwreadfn_t readfn, void *dlpriv, xbv1_t *fwinfo)
+ {
+ ct_t ct;
+- tag_t tag;
++ ctag_t tag;
+ xbv_stack_t stack;
-- if (ia_valid & (ATTR_MODE | ATTR_UID | ATTR_GID | ATTR_TIMES_SET)) {
-+ if (ia_valid & (ATTR_MODE | ATTR_UID | ATTR_GID |
-+ ATTR_TAG | ATTR_TIMES_SET)) {
- if (IS_IMMUTABLE(inode) || IS_APPEND(inode))
- return -EPERM;
- }
-diff -NurpP --minimal linux-2.6.35.4/fs/binfmt_aout.c linux-2.6.35.4-vs2.3.0.36.32/fs/binfmt_aout.c
---- linux-2.6.35.4/fs/binfmt_aout.c 2010-07-07 18:31:50.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/binfmt_aout.c 2010-08-02 17:05:05.000000000 +0200
-@@ -25,6 +25,7 @@
- #include <linux/init.h>
- #include <linux/coredump.h>
- #include <linux/slab.h>
-+#include <linux/vs_memory.h>
+ ct.dlpriv = dlpriv;
+@@ -505,7 +505,7 @@ static u32 xbv2uint(u8 *ptr, s32 len)
+ }
- #include <asm/system.h>
- #include <asm/uaccess.h>
-diff -NurpP --minimal linux-2.6.35.4/fs/binfmt_elf.c linux-2.6.35.4-vs2.3.0.36.32/fs/binfmt_elf.c
---- linux-2.6.35.4/fs/binfmt_elf.c 2010-07-07 18:31:50.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/binfmt_elf.c 2010-08-02 17:05:05.000000000 +0200
-@@ -32,6 +32,7 @@
- #include <linux/elf.h>
- #include <linux/utsname.h>
- #include <linux/coredump.h>
-+#include <linux/vs_memory.h>
- #include <asm/uaccess.h>
- #include <asm/param.h>
- #include <asm/page.h>
-diff -NurpP --minimal linux-2.6.35.4/fs/binfmt_flat.c linux-2.6.35.4-vs2.3.0.36.32/fs/binfmt_flat.c
---- linux-2.6.35.4/fs/binfmt_flat.c 2010-08-02 16:52:47.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/binfmt_flat.c 2010-08-02 17:05:05.000000000 +0200
-@@ -35,6 +35,7 @@
- #include <linux/init.h>
- #include <linux/flat.h>
- #include <linux/syscalls.h>
-+#include <linux/vs_memory.h>
- #include <asm/byteorder.h>
- #include <asm/system.h>
-diff -NurpP --minimal linux-2.6.35.4/fs/binfmt_som.c linux-2.6.35.4-vs2.3.0.36.32/fs/binfmt_som.c
---- linux-2.6.35.4/fs/binfmt_som.c 2010-02-25 11:52:04.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/binfmt_som.c 2010-08-02 17:05:05.000000000 +0200
-@@ -28,6 +28,7 @@
- #include <linux/shm.h>
- #include <linux/personality.h>
- #include <linux/init.h>
-+#include <linux/vs_memory.h>
+-static s32 read_tag(card_t *card, ct_t *ct, tag_t *tag)
++static s32 read_tag(card_t *card, ct_t *ct, ctag_t *tag)
+ {
+ u8 buf[8];
+ s32 n;
+diff -NurpP --minimal linux-3.9.4/drivers/tty/sysrq.c linux-3.9.4-vs2.3.6.2/drivers/tty/sysrq.c
+--- linux-3.9.4/drivers/tty/sysrq.c 2013-05-31 13:45:19.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/drivers/tty/sysrq.c 2013-05-31 15:08:19.000000000 +0000
+@@ -43,6 +43,7 @@
+ #include <linux/input.h>
+ #include <linux/uaccess.h>
+ #include <linux/moduleparam.h>
++#include <linux/vserver/debug.h>
- #include <asm/uaccess.h>
- #include <asm/pgtable.h>
-diff -NurpP --minimal linux-2.6.35.4/fs/block_dev.c linux-2.6.35.4-vs2.3.0.36.32/fs/block_dev.c
---- linux-2.6.35.4/fs/block_dev.c 2010-09-05 01:41:57.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/block_dev.c 2010-08-14 18:19:32.000000000 +0200
-@@ -26,6 +26,7 @@
- #include <linux/namei.h>
- #include <linux/log2.h>
- #include <linux/kmemleak.h>
-+#include <linux/vs_device.h>
- #include <asm/uaccess.h>
- #include "internal.h"
+ #include <asm/ptrace.h>
+ #include <asm/irq_regs.h>
+@@ -401,6 +402,21 @@ static struct sysrq_key_op sysrq_unrt_op
+ .enable_mask = SYSRQ_ENABLE_RTNICE,
+ };
-@@ -529,6 +530,7 @@ struct block_device *bdget(dev_t dev)
- bdev->bd_invalidated = 0;
- inode->i_mode = S_IFBLK;
- inode->i_rdev = dev;
-+ inode->i_mdev = dev;
- inode->i_bdev = bdev;
- inode->i_data.a_ops = &def_blk_aops;
- mapping_set_gfp_mask(&inode->i_data, GFP_USER);
-@@ -575,6 +577,11 @@ EXPORT_SYMBOL(bdput);
- static struct block_device *bd_acquire(struct inode *inode)
- {
- struct block_device *bdev;
-+ dev_t mdev;
+
-+ if (!vs_map_blkdev(inode->i_rdev, &mdev, DATTR_OPEN))
-+ return NULL;
-+ inode->i_mdev = mdev;
-
- spin_lock(&bdev_lock);
- bdev = inode->i_bdev;
++#ifdef CONFIG_VSERVER_DEBUG
++static void sysrq_handle_vxinfo(int key)
++{
++ dump_vx_info_inactive((key == 'x') ? 0 : 1);
++}
++
++static struct sysrq_key_op sysrq_showvxinfo_op = {
++ .handler = sysrq_handle_vxinfo,
++ .help_msg = "conteXt",
++ .action_msg = "Show Context Info",
++ .enable_mask = SYSRQ_ENABLE_DUMP,
++};
++#endif
++
+ /* Key Operations table and lock */
+ static DEFINE_SPINLOCK(sysrq_key_table_lock);
+
+@@ -456,7 +472,11 @@ static struct sysrq_key_op *sysrq_key_ta
+ &sysrq_showstate_blocked_op, /* w */
+ /* x: May be registered on ppc/powerpc for xmon */
+ /* x: May be registered on sparc64 for global PMU dump */
++#ifdef CONFIG_VSERVER_DEBUG
++ &sysrq_showvxinfo_op, /* x */
++#else
+ NULL, /* x */
++#endif
+ /* y: May be registered on sparc64 for global register dump */
+ NULL, /* y */
+ &sysrq_ftrace_dump_op, /* z */
+@@ -471,6 +491,8 @@ static int sysrq_key_table_key2index(int
+ retval = key - '0';
+ else if ((key >= 'a') && (key <= 'z'))
+ retval = key + 10 - 'a';
++ else if ((key >= 'A') && (key <= 'Z'))
++ retval = key + 10 - 'A';
+ else
+ retval = -1;
+ return retval;
+diff -NurpP --minimal linux-3.9.4/drivers/tty/tty_io.c linux-3.9.4-vs2.3.6.2/drivers/tty/tty_io.c
+--- linux-3.9.4/drivers/tty/tty_io.c 2013-05-31 14:22:27.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/drivers/tty/tty_io.c 2013-05-31 14:47:11.000000000 +0000
+@@ -104,6 +104,7 @@
+
+ #include <linux/kmod.h>
+ #include <linux/nsproxy.h>
++#include <linux/vs_pid.h>
+
+ #undef TTY_DEBUG_HANGUP
+
+@@ -2144,7 +2145,8 @@ static int tiocsti(struct tty_struct *tt
+ char ch, mbz = 0;
+ struct tty_ldisc *ld;
+
+- if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN))
++ if (((current->signal->tty != tty) &&
++ !vx_capable(CAP_SYS_ADMIN, VXC_TIOCSTI)))
+ return -EPERM;
+ if (get_user(ch, p))
+ return -EFAULT;
+@@ -2432,6 +2434,7 @@ static int tiocspgrp(struct tty_struct *
+ return -ENOTTY;
+ if (get_user(pgrp_nr, p))
+ return -EFAULT;
++ pgrp_nr = vx_rmap_pid(pgrp_nr);
+ if (pgrp_nr < 0)
+ return -EINVAL;
+ rcu_read_lock();
+diff -NurpP --minimal linux-3.9.4/fs/attr.c linux-3.9.4-vs2.3.6.2/fs/attr.c
+--- linux-3.9.4/fs/attr.c 2013-02-19 13:58:46.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/attr.c 2013-05-31 14:47:11.000000000 +0000
+@@ -15,6 +15,9 @@
+ #include <linux/security.h>
+ #include <linux/evm.h>
+ #include <linux/ima.h>
++#include <linux/proc_fs.h>
++#include <linux/devpts_fs.h>
++#include <linux/vs_tag.h>
+
+ /**
+ * inode_change_ok - check if attribute changes to an inode are allowed
+@@ -77,6 +80,10 @@ int inode_change_ok(const struct inode *
+ return -EPERM;
+ }
+
++ /* check for inode tag permission */
++ if (dx_permission(inode, MAY_WRITE))
++ return -EACCES;
++
+ return 0;
+ }
+ EXPORT_SYMBOL(inode_change_ok);
+@@ -147,6 +154,8 @@ void setattr_copy(struct inode *inode, c
+ inode->i_uid = attr->ia_uid;
+ if (ia_valid & ATTR_GID)
+ inode->i_gid = attr->ia_gid;
++ if ((ia_valid & ATTR_TAG) && IS_TAGGED(inode))
++ inode->i_tag = attr->ia_tag;
+ if (ia_valid & ATTR_ATIME)
+ inode->i_atime = timespec_trunc(attr->ia_atime,
+ inode->i_sb->s_time_gran);
+@@ -177,7 +186,8 @@ int notify_change(struct dentry * dentry
+
+ WARN_ON_ONCE(!mutex_is_locked(&inode->i_mutex));
+
+- if (ia_valid & (ATTR_MODE | ATTR_UID | ATTR_GID | ATTR_TIMES_SET)) {
++ if (ia_valid & (ATTR_MODE | ATTR_UID | ATTR_GID |
++ ATTR_TAG | ATTR_TIMES_SET)) {
+ if (IS_IMMUTABLE(inode) || IS_APPEND(inode))
+ return -EPERM;
+ }
+diff -NurpP --minimal linux-3.9.4/fs/block_dev.c linux-3.9.4-vs2.3.6.2/fs/block_dev.c
+--- linux-3.9.4/fs/block_dev.c 2013-05-31 13:45:22.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/block_dev.c 2013-05-31 14:47:11.000000000 +0000
+@@ -27,6 +27,7 @@
+ #include <linux/namei.h>
+ #include <linux/log2.h>
+ #include <linux/cleancache.h>
++#include <linux/vs_device.h>
+ #include <asm/uaccess.h>
+ #include "internal.h"
+
+@@ -528,6 +529,7 @@ struct block_device *bdget(dev_t dev)
+ bdev->bd_invalidated = 0;
+ inode->i_mode = S_IFBLK;
+ inode->i_rdev = dev;
++ inode->i_mdev = dev;
+ inode->i_bdev = bdev;
+ inode->i_data.a_ops = &def_blk_aops;
+ mapping_set_gfp_mask(&inode->i_data, GFP_USER);
+@@ -575,6 +577,11 @@ EXPORT_SYMBOL(bdput);
+ static struct block_device *bd_acquire(struct inode *inode)
+ {
+ struct block_device *bdev;
++ dev_t mdev;
++
++ if (!vs_map_blkdev(inode->i_rdev, &mdev, DATTR_OPEN))
++ return NULL;
++ inode->i_mdev = mdev;
+
+ spin_lock(&bdev_lock);
+ bdev = inode->i_bdev;
@@ -585,7 +592,7 @@ static struct block_device *bd_acquire(s
}
spin_unlock(&bdev_lock);
if (bdev) {
spin_lock(&bdev_lock);
if (!inode->i_bdev) {
-diff -NurpP --minimal linux-2.6.35.4/fs/btrfs/ctree.h linux-2.6.35.4-vs2.3.0.36.32/fs/btrfs/ctree.h
---- linux-2.6.35.4/fs/btrfs/ctree.h 2010-08-02 16:52:47.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/btrfs/ctree.h 2010-08-02 17:05:05.000000000 +0200
-@@ -551,11 +551,14 @@ struct btrfs_inode_item {
+diff -NurpP --minimal linux-3.9.4/fs/btrfs/ctree.h linux-3.9.4-vs2.3.6.2/fs/btrfs/ctree.h
+--- linux-3.9.4/fs/btrfs/ctree.h 2013-05-31 13:45:22.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/btrfs/ctree.h 2013-05-31 14:47:11.000000000 +0000
+@@ -705,11 +705,14 @@ struct btrfs_inode_item {
/* modification sequence number for NFS */
__le64 sequence;
struct btrfs_timespec atime;
struct btrfs_timespec ctime;
struct btrfs_timespec mtime;
-@@ -1193,6 +1196,8 @@ struct btrfs_root {
- #define BTRFS_MOUNT_DISCARD (1 << 10)
- #define BTRFS_MOUNT_FORCE_COMPRESS (1 << 11)
+@@ -1901,6 +1904,8 @@ struct btrfs_ioctl_defrag_range_args {
+ #define BTRFS_MOUNT_CHECK_INTEGRITY_INCLUDING_EXTENT_DATA (1 << 21)
+ #define BTRFS_MOUNT_PANIC_ON_FATAL_ERROR (1 << 22)
+#define BTRFS_MOUNT_TAGGED (1 << 24)
+
#define btrfs_clear_opt(o, opt) ((o) &= ~BTRFS_MOUNT_##opt)
#define btrfs_set_opt(o, opt) ((o) |= BTRFS_MOUNT_##opt)
- #define btrfs_test_opt(root, opt) ((root)->fs_info->mount_opt & \
-@@ -1413,6 +1418,7 @@ BTRFS_SETGET_FUNCS(inode_block_group, st
+ #define btrfs_raw_test_opt(o, opt) ((o) & BTRFS_MOUNT_##opt)
+@@ -2170,6 +2175,7 @@ BTRFS_SETGET_FUNCS(inode_block_group, st
BTRFS_SETGET_FUNCS(inode_nlink, struct btrfs_inode_item, nlink, 32);
BTRFS_SETGET_FUNCS(inode_uid, struct btrfs_inode_item, uid, 32);
BTRFS_SETGET_FUNCS(inode_gid, struct btrfs_inode_item, gid, 32);
BTRFS_SETGET_FUNCS(inode_mode, struct btrfs_inode_item, mode, 32);
BTRFS_SETGET_FUNCS(inode_rdev, struct btrfs_inode_item, rdev, 64);
BTRFS_SETGET_FUNCS(inode_flags, struct btrfs_inode_item, flags, 64);
-@@ -1474,6 +1480,10 @@ BTRFS_SETGET_FUNCS(extent_flags, struct
+@@ -2223,6 +2229,10 @@ BTRFS_SETGET_FUNCS(extent_flags, struct
BTRFS_SETGET_FUNCS(extent_refs_v0, struct btrfs_extent_item_v0, refs, 32);
BTRFS_SETGET_FUNCS(tree_block_level, struct btrfs_tree_block_info, level, 8);
-@@ -2432,6 +2442,7 @@ extern const struct dentry_operations bt
+@@ -3581,6 +3591,7 @@ extern const struct dentry_operations bt
long btrfs_ioctl(struct file *file, unsigned int cmd, unsigned long arg);
void btrfs_update_iflags(struct inode *inode);
void btrfs_inherit_iflags(struct inode *inode, struct inode *dir);
+int btrfs_sync_flags(struct inode *inode, int, int);
-
- /* file.c */
- int btrfs_sync_file(struct file *file, int datasync);
-diff -NurpP --minimal linux-2.6.35.4/fs/btrfs/disk-io.c linux-2.6.35.4-vs2.3.0.36.32/fs/btrfs/disk-io.c
---- linux-2.6.35.4/fs/btrfs/disk-io.c 2010-08-02 16:52:47.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/btrfs/disk-io.c 2010-08-02 17:05:05.000000000 +0200
-@@ -1707,6 +1707,9 @@ struct btrfs_root *open_ctree(struct sup
- goto fail_iput;
+ int btrfs_defrag_file(struct inode *inode, struct file *file,
+ struct btrfs_ioctl_defrag_range_args *range,
+ u64 newer_than, unsigned long max_pages);
+diff -NurpP --minimal linux-3.9.4/fs/btrfs/disk-io.c linux-3.9.4-vs2.3.6.2/fs/btrfs/disk-io.c
+--- linux-3.9.4/fs/btrfs/disk-io.c 2013-05-31 13:45:22.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/btrfs/disk-io.c 2013-05-31 14:47:11.000000000 +0000
+@@ -2258,6 +2258,9 @@ int open_ctree(struct super_block *sb,
+ goto fail_alloc;
}
+ if (btrfs_test_opt(tree_root, TAGGED))
features = btrfs_super_incompat_flags(disk_super) &
~BTRFS_FEATURE_INCOMPAT_SUPP;
if (features) {
-diff -NurpP --minimal linux-2.6.35.4/fs/btrfs/inode.c linux-2.6.35.4-vs2.3.0.36.32/fs/btrfs/inode.c
---- linux-2.6.35.4/fs/btrfs/inode.c 2010-08-02 16:52:47.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/btrfs/inode.c 2010-08-02 17:05:05.000000000 +0200
-@@ -37,6 +37,8 @@
- #include <linux/posix_acl.h>
- #include <linux/falloc.h>
- #include <linux/slab.h>
+diff -NurpP --minimal linux-3.9.4/fs/btrfs/inode.c linux-3.9.4-vs2.3.6.2/fs/btrfs/inode.c
+--- linux-3.9.4/fs/btrfs/inode.c 2013-05-31 14:22:27.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/btrfs/inode.c 2013-05-31 20:42:33.000000000 +0000
+@@ -41,6 +41,7 @@
+ #include <linux/mount.h>
+ #include <linux/btrfs.h>
+ #include <linux/blkdev.h>
+#include <linux/vs_tag.h>
-+
#include "compat.h"
#include "ctree.h"
#include "disk-io.h"
-@@ -2415,6 +2417,8 @@ static void btrfs_read_locked_inode(stru
+@@ -3312,6 +3313,8 @@ static void btrfs_read_locked_inode(stru
+ struct btrfs_key location;
int maybe_acls;
- u64 alloc_group_block;
u32 rdev;
+ uid_t uid;
+ gid_t gid;
int ret;
+ bool filled = false;
- path = btrfs_alloc_path();
-@@ -2431,8 +2435,13 @@ static void btrfs_read_locked_inode(stru
-
+@@ -3339,8 +3342,13 @@ static void btrfs_read_locked_inode(stru
+ struct btrfs_inode_item);
inode->i_mode = btrfs_inode_mode(leaf, inode_item);
- inode->i_nlink = btrfs_inode_nlink(leaf, inode_item);
-- inode->i_uid = btrfs_inode_uid(leaf, inode_item);
-- inode->i_gid = btrfs_inode_gid(leaf, inode_item);
+ set_nlink(inode, btrfs_inode_nlink(leaf, inode_item));
+- i_uid_write(inode, btrfs_inode_uid(leaf, inode_item));
+- i_gid_write(inode, btrfs_inode_gid(leaf, inode_item));
+
+ uid = btrfs_inode_uid(leaf, inode_item);
+ gid = btrfs_inode_gid(leaf, inode_item);
-+ inode->i_uid = INOTAG_UID(DX_TAG(inode), uid, gid);
-+ inode->i_gid = INOTAG_GID(DX_TAG(inode), uid, gid);
-+ inode->i_tag = INOTAG_TAG(DX_TAG(inode), uid, gid,
-+ btrfs_inode_tag(leaf, inode_item));
++ i_uid_write(inode, INOTAG_UID(DX_TAG(inode), uid, gid));
++ i_gid_write(inode, INOTAG_GID(DX_TAG(inode), uid, gid));
++ i_tag_write(inode, INOTAG_TAG(DX_TAG(inode), uid, gid,
++ btrfs_inode_tag(leaf, inode_item)));
btrfs_i_size_write(inode, btrfs_inode_size(leaf, inode_item));
tspec = btrfs_inode_atime(inode_item);
-@@ -2514,8 +2523,15 @@ static void fill_inode_item(struct btrfs
- struct btrfs_inode_item *item,
+@@ -3431,11 +3439,18 @@ static void fill_inode_item(struct btrfs
struct inode *inode)
{
-- btrfs_set_inode_uid(leaf, item, inode->i_uid);
-- btrfs_set_inode_gid(leaf, item, inode->i_gid);
-+ uid_t uid = TAGINO_UID(DX_TAG(inode), inode->i_uid, inode->i_tag);
-+ gid_t gid = TAGINO_GID(DX_TAG(inode), inode->i_gid, inode->i_tag);
-+
-+ btrfs_set_inode_uid(leaf, item, uid);
-+ btrfs_set_inode_gid(leaf, item, gid);
+ struct btrfs_map_token token;
++ uid_t uid = TAGINO_UID(DX_TAG(inode),
++ i_uid_read(inode), i_tag_read(inode));
++ gid_t gid = TAGINO_GID(DX_TAG(inode),
++ i_gid_read(inode), i_tag_read(inode));
+
+ btrfs_init_map_token(&token);
+
+- btrfs_set_token_inode_uid(leaf, item, i_uid_read(inode), &token);
+- btrfs_set_token_inode_gid(leaf, item, i_gid_read(inode), &token);
++ btrfs_set_token_inode_uid(leaf, item, uid, &token);
++ btrfs_set_token_inode_gid(leaf, item, gid, &token);
+#ifdef CONFIG_TAGGING_INTERN
-+ btrfs_set_inode_tag(leaf, item, inode->i_tag);
++ btrfs_set_token_inode_tag(leaf, item, i_tag_read(inode), &token);
+#endif
-+
- btrfs_set_inode_size(leaf, item, BTRFS_I(inode)->disk_i_size);
- btrfs_set_inode_mode(leaf, item, inode->i_mode);
- btrfs_set_inode_nlink(leaf, item, inode->i_nlink);
-@@ -6940,6 +6956,7 @@ static const struct inode_operations btr
+ btrfs_set_token_inode_size(leaf, item, BTRFS_I(inode)->disk_i_size,
+ &token);
+ btrfs_set_token_inode_mode(leaf, item, inode->i_mode, &token);
+@@ -8683,11 +8698,13 @@ static const struct inode_operations btr
.listxattr = btrfs_listxattr,
.removexattr = btrfs_removexattr,
.permission = btrfs_permission,
+ .sync_flags = btrfs_sync_flags,
+ .get_acl = btrfs_get_acl,
};
static const struct inode_operations btrfs_dir_ro_inode_operations = {
.lookup = btrfs_lookup,
-@@ -7015,6 +7032,7 @@ static const struct inode_operations btr
.permission = btrfs_permission,
- .fallocate = btrfs_fallocate,
- .fiemap = btrfs_fiemap,
+ .sync_flags = btrfs_sync_flags,
+ .get_acl = btrfs_get_acl,
};
- static const struct inode_operations btrfs_special_inode_operations = {
- .getattr = btrfs_getattr,
-diff -NurpP --minimal linux-2.6.35.4/fs/btrfs/ioctl.c linux-2.6.35.4-vs2.3.0.36.32/fs/btrfs/ioctl.c
---- linux-2.6.35.4/fs/btrfs/ioctl.c 2010-08-02 16:52:47.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/btrfs/ioctl.c 2010-08-02 17:05:05.000000000 +0200
-@@ -68,10 +68,13 @@ static unsigned int btrfs_flags_to_ioctl
+
+diff -NurpP --minimal linux-3.9.4/fs/btrfs/ioctl.c linux-3.9.4-vs2.3.6.2/fs/btrfs/ioctl.c
+--- linux-3.9.4/fs/btrfs/ioctl.c 2013-05-31 14:22:27.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/btrfs/ioctl.c 2013-05-31 14:47:11.000000000 +0000
+@@ -75,10 +75,13 @@ static unsigned int btrfs_flags_to_ioctl
{
unsigned int iflags = 0;
if (flags & BTRFS_INODE_APPEND)
iflags |= FS_APPEND_FL;
if (flags & BTRFS_INODE_NODUMP)
-@@ -81,28 +84,78 @@ static unsigned int btrfs_flags_to_ioctl
- if (flags & BTRFS_INODE_DIRSYNC)
- iflags |= FS_DIRSYNC_FL;
+@@ -95,28 +98,78 @@ static unsigned int btrfs_flags_to_ioctl
+ else if (flags & BTRFS_INODE_NOCOMPRESS)
+ iflags |= FS_NOCOMP_FL;
+ if (flags & BTRFS_INODE_BARRIER)
+ iflags |= FS_BARRIER_FL;
}
/*
-@@ -120,7 +173,7 @@ void btrfs_inherit_iflags(struct inode *
- flags = BTRFS_I(dir)->flags;
+@@ -132,6 +185,7 @@ void btrfs_inherit_iflags(struct inode *
+ return;
- if (S_ISREG(inode->i_mode))
-- flags &= ~BTRFS_INODE_DIRSYNC;
-+ flags &= ~(BTRFS_INODE_DIRSYNC | BTRFS_INODE_BARRIER);
- else if (!S_ISDIR(inode->i_mode))
- flags &= (BTRFS_INODE_NODUMP | BTRFS_INODE_NOATIME);
+ flags = BTRFS_I(dir)->flags;
++ flags &= ~BTRFS_INODE_BARRIER;
-@@ -128,6 +181,30 @@ void btrfs_inherit_iflags(struct inode *
+ if (flags & BTRFS_INODE_NOCOMPRESS) {
+ BTRFS_I(inode)->flags &= ~BTRFS_INODE_COMPRESS;
+@@ -150,6 +204,30 @@ void btrfs_inherit_iflags(struct inode *
btrfs_update_iflags(inode);
}
+ struct btrfs_trans_handle *trans;
+ int ret;
+
-+ trans = btrfs_join_transaction(root, 1);
++ trans = btrfs_join_transaction(root);
+ BUG_ON(!trans);
+
+ inode->i_flags = flags;
+
static int btrfs_ioctl_getflags(struct file *file, void __user *arg)
{
- struct btrfs_inode *ip = BTRFS_I(file->f_path.dentry->d_inode);
-@@ -150,6 +227,7 @@ static int btrfs_ioctl_setflags(struct f
- if (copy_from_user(&flags, arg, sizeof(flags)))
- return -EFAULT;
-
-+ /* maybe add FS_IXUNLINK_FL ? */
- if (flags & ~(FS_IMMUTABLE_FL | FS_APPEND_FL | \
- FS_NOATIME_FL | FS_NODUMP_FL | \
- FS_SYNC_FL | FS_DIRSYNC_FL))
-@@ -162,7 +240,8 @@ static int btrfs_ioctl_setflags(struct f
+ struct btrfs_inode *ip = BTRFS_I(file_inode(file));
+@@ -212,21 +290,27 @@ static int btrfs_ioctl_setflags(struct f
flags = btrfs_mask_flags(inode->i_mode, flags);
oldflags = btrfs_flags_to_ioctl(ip->flags);
if (!capable(CAP_LINUX_IMMUTABLE)) {
ret = -EPERM;
goto out_unlock;
-@@ -173,14 +252,19 @@ static int btrfs_ioctl_setflags(struct f
- if (ret)
- goto out_unlock;
+ }
+ }
- if (flags & FS_SYNC_FL)
- ip->flags |= BTRFS_INODE_SYNC;
if (flags & FS_APPEND_FL)
ip->flags |= BTRFS_INODE_APPEND;
else
-diff -NurpP --minimal linux-2.6.35.4/fs/btrfs/super.c linux-2.6.35.4-vs2.3.0.36.32/fs/btrfs/super.c
---- linux-2.6.35.4/fs/btrfs/super.c 2010-08-02 16:52:47.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/btrfs/super.c 2010-08-02 17:05:05.000000000 +0200
-@@ -68,7 +68,7 @@ enum {
- Opt_nodatacow, Opt_max_inline, Opt_alloc_start, Opt_nobarrier, Opt_ssd,
- Opt_nossd, Opt_ssd_spread, Opt_thread_pool, Opt_noacl, Opt_compress,
- Opt_compress_force, Opt_notreelog, Opt_ratio, Opt_flushoncommit,
-- Opt_discard, Opt_err,
-+ Opt_tag, Opt_notag, Opt_tagid, Opt_discard, Opt_err,
+diff -NurpP --minimal linux-3.9.4/fs/btrfs/super.c linux-3.9.4-vs2.3.6.2/fs/btrfs/super.c
+--- linux-3.9.4/fs/btrfs/super.c 2013-05-31 13:45:22.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/btrfs/super.c 2013-05-31 14:47:11.000000000 +0000
+@@ -321,7 +321,7 @@ enum {
+ Opt_no_space_cache, Opt_recovery, Opt_skip_balance,
+ Opt_check_integrity, Opt_check_integrity_including_extent_data,
+ Opt_check_integrity_print_mask, Opt_fatal_errors,
+- Opt_err,
++ Opt_tag, Opt_notag, Opt_tagid, Opt_err,
};
static match_table_t tokens = {
-@@ -92,6 +92,9 @@ static match_table_t tokens = {
- {Opt_flushoncommit, "flushoncommit"},
- {Opt_ratio, "metadata_ratio=%d"},
- {Opt_discard, "discard"},
+@@ -361,6 +361,9 @@ static match_table_t tokens = {
+ {Opt_check_integrity_including_extent_data, "check_int_data"},
+ {Opt_check_integrity_print_mask, "check_int_print_mask=%d"},
+ {Opt_fatal_errors, "fatal_errors=%s"},
+ {Opt_tag, "tag"},
+ {Opt_notag, "notag"},
+ {Opt_tagid, "tagid=%u"},
{Opt_err, NULL},
};
-@@ -235,6 +238,22 @@ int btrfs_parse_options(struct btrfs_roo
- case Opt_discard:
- btrfs_set_opt(info->mount_opt, DISCARD);
+@@ -626,6 +629,22 @@ int btrfs_parse_options(struct btrfs_roo
+ goto out;
+ }
break;
+#ifndef CONFIG_TAGGING_NONE
+ case Opt_tag:
case Opt_err:
printk(KERN_INFO "btrfs: unrecognized mount option "
"'%s'\n", p);
-@@ -681,6 +700,12 @@ static int btrfs_remount(struct super_bl
- if (ret)
- return -EINVAL;
+@@ -1258,6 +1277,12 @@ static int btrfs_remount(struct super_bl
+ btrfs_resize_thread_pool(fs_info,
+ fs_info->thread_pool_size, old_thread_pool_size);
+ if (btrfs_test_opt(root, TAGGED) && !(sb->s_flags & MS_TAGGED)) {
+ printk("btrfs: %s: tagging not permitted on remount.\n",
+ }
+
if ((*flags & MS_RDONLY) == (sb->s_flags & MS_RDONLY))
- return 0;
+ goto out;
-diff -NurpP --minimal linux-2.6.35.4/fs/char_dev.c linux-2.6.35.4-vs2.3.0.36.32/fs/char_dev.c
---- linux-2.6.35.4/fs/char_dev.c 2010-09-05 01:41:57.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/char_dev.c 2010-09-06 03:00:30.000000000 +0200
+diff -NurpP --minimal linux-3.9.4/fs/char_dev.c linux-3.9.4-vs2.3.6.2/fs/char_dev.c
+--- linux-3.9.4/fs/char_dev.c 2012-12-11 03:30:57.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/char_dev.c 2013-05-31 14:47:11.000000000 +0000
@@ -21,6 +21,8 @@
#include <linux/mutex.h>
#include <linux/backing-dev.h>
#include "internal.h"
-@@ -369,14 +371,21 @@ static int chrdev_open(struct inode *ino
+@@ -371,14 +373,21 @@ static int chrdev_open(struct inode *ino
struct cdev *p;
struct cdev *new = NULL;
int ret = 0;
if (!kobj)
return -ENXIO;
new = container_of(kobj, struct cdev, kobj);
-diff -NurpP --minimal linux-2.6.35.4/fs/dcache.c linux-2.6.35.4-vs2.3.0.36.32/fs/dcache.c
---- linux-2.6.35.4/fs/dcache.c 2010-08-02 16:52:48.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/dcache.c 2010-08-02 17:05:05.000000000 +0200
-@@ -33,6 +33,7 @@
- #include <linux/bootmem.h>
- #include <linux/fs_struct.h>
- #include <linux/hardirq.h>
+diff -NurpP --minimal linux-3.9.4/fs/dcache.c linux-3.9.4-vs2.3.6.2/fs/dcache.c
+--- linux-3.9.4/fs/dcache.c 2013-05-31 14:22:27.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/dcache.c 2013-05-31 14:47:11.000000000 +0000
+@@ -37,6 +37,7 @@
+ #include <linux/rculist_bl.h>
+ #include <linux/prefetch.h>
+ #include <linux/ratelimit.h>
+#include <linux/vs_limit.h>
#include "internal.h"
+ #include "mount.h"
- int sysctl_vfs_cache_pressure __read_mostly = 100;
-@@ -230,6 +231,8 @@ repeat:
- return;
+@@ -593,6 +594,8 @@ int d_invalidate(struct dentry * dentry)
+ spin_lock(&dentry->d_lock);
}
+ vx_dentry_dec(dentry);
+
/*
- * AV: ->d_delete() is _NOT_ allowed to block now.
- */
-@@ -323,6 +326,7 @@ static inline struct dentry * __dget_loc
+ * Somebody else still using it?
+ *
+@@ -622,6 +625,7 @@ EXPORT_SYMBOL(d_invalidate);
+ static inline void __dget_dlock(struct dentry *dentry)
{
- atomic_inc(&dentry->d_count);
- dentry_lru_del_init(dentry);
+ dentry->d_count++;
+ vx_dentry_inc(dentry);
- return dentry;
}
-@@ -926,6 +930,9 @@ struct dentry *d_alloc(struct dentry * p
+ static inline void __dget(struct dentry *dentry)
+@@ -1252,6 +1256,9 @@ struct dentry *__d_alloc(struct super_bl
struct dentry *dentry;
char *dname;
dentry = kmem_cache_alloc(dentry_cache, GFP_KERNEL);
if (!dentry)
return NULL;
-@@ -971,6 +978,7 @@ struct dentry *d_alloc(struct dentry * p
- if (parent)
- list_add(&dentry->d_u.d_child, &parent->d_subdirs);
- dentry_stat.nr_dentry++;
-+ vx_dentry_inc(dentry);
- spin_unlock(&dcache_lock);
+@@ -1284,6 +1291,7 @@ struct dentry *__d_alloc(struct super_bl
- return dentry;
-@@ -1420,6 +1428,7 @@ struct dentry * __d_lookup(struct dentry
+ dentry->d_count = 1;
+ dentry->d_flags = 0;
++ vx_dentry_inc(dentry);
+ spin_lock_init(&dentry->d_lock);
+ seqcount_init(&dentry->d_seq);
+ dentry->d_inode = NULL;
+@@ -1984,6 +1992,7 @@ struct dentry *__d_lookup(const struct d
}
- atomic_inc(&dentry->d_count);
+ dentry->d_count++;
+ vx_dentry_inc(dentry);
found = dentry;
spin_unlock(&dentry->d_lock);
break;
-diff -NurpP --minimal linux-2.6.35.4/fs/devpts/inode.c linux-2.6.35.4-vs2.3.0.36.32/fs/devpts/inode.c
---- linux-2.6.35.4/fs/devpts/inode.c 2010-08-02 16:52:48.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/devpts/inode.c 2010-08-02 17:05:05.000000000 +0200
+diff -NurpP --minimal linux-3.9.4/fs/devpts/inode.c linux-3.9.4-vs2.3.6.2/fs/devpts/inode.c
+--- linux-3.9.4/fs/devpts/inode.c 2013-05-31 13:45:23.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/devpts/inode.c 2013-05-31 15:42:25.000000000 +0000
@@ -25,6 +25,7 @@
#include <linux/parser.h>
#include <linux/fsnotify.h>
#define DEVPTS_DEFAULT_MODE 0600
/*
-@@ -36,6 +37,20 @@
+@@ -36,6 +37,21 @@
#define DEVPTS_DEFAULT_PTMX_MODE 0000
#define PTMX_MINOR 2
+ int ret = -EACCES;
+
+ /* devpts is xid tagged */
-+ if (vx_check((xid_t)inode->i_tag, VS_WATCH_P | VS_IDENT))
-+ ret = generic_permission(inode, mask, NULL);
++ if (vx_check((xid_t)i_tag_read(inode), VS_WATCH_P | VS_IDENT))
++ ret = generic_permission(inode, mask);
+ return ret;
+}
+
+ .permission = devpts_permission,
+};
+
- extern int pty_limit; /* Config limit on Unix98 ptys */
- static DEFINE_MUTEX(allocated_ptys_lock);
-
-@@ -263,6 +278,25 @@ static int devpts_show_options(struct se
++
+ /*
+ * sysctl support for setting limits on the number of Unix98 ptys allocated.
+ * Otherwise one can eat up all kernel memory by opening /dev/ptmx repeatedly.
+@@ -345,6 +361,34 @@ static int devpts_show_options(struct se
return 0;
}
+static int devpts_filter(struct dentry *de)
+{
++ xid_t xid = 0;
++
+ /* devpts is xid tagged */
-+ return vx_check((xid_t)de->d_inode->i_tag, VS_WATCH_P | VS_IDENT);
++ if (de && de->d_inode)
++ xid = (xid_t)i_tag_read(de->d_inode);
++#ifdef CONFIG_VSERVER_WARN_DEVPTS
++ else
++ vxwprintk_task(1, "devpts " VS_Q("%.*s") " without inode.",
++ de->d_name.len, de->d_name.name);
++#endif
++ return vx_check(xid, VS_WATCH_P | VS_IDENT);
+}
+
+static int devpts_readdir(struct file * filp, void * dirent, filldir_t filldir)
static const struct super_operations devpts_sops = {
.statfs = simple_statfs,
.remount_fs = devpts_remount,
-@@ -302,12 +336,15 @@ devpts_fill_super(struct super_block *s,
- inode = new_inode(s);
- if (!inode)
- goto free_fsi;
-+
- inode->i_ino = 1;
+@@ -388,8 +432,10 @@ devpts_fill_super(struct super_block *s,
inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME;
inode->i_mode = S_IFDIR | S_IRUGO | S_IXUGO | S_IWUSR;
inode->i_op = &simple_dir_inode_operations;
- inode->i_fop = &simple_dir_operations;
+ inode->i_fop = &devpts_dir_operations;
- inode->i_nlink = 2;
+ set_nlink(inode, 2);
+ /* devpts is xid tagged */
-+ inode->i_tag = (tag_t)vx_current_xid();
++ i_tag_write(inode, (tag_t)vx_current_xid());
- s->s_root = d_alloc_root(inode);
+ s->s_root = d_make_root(inode);
if (s->s_root)
-@@ -495,6 +532,9 @@ int devpts_pty_new(struct inode *ptmx_in
+@@ -592,6 +638,9 @@ struct inode *devpts_pty_new(struct inod
inode->i_gid = opts->setgid ? opts->gid : current_fsgid();
inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME;
init_special_inode(inode, S_IFCHR|opts->mode, device);
+ /* devpts is xid tagged */
-+ inode->i_tag = (tag_t)vx_current_xid();
++ i_tag_write(inode, (tag_t)vx_current_xid());
+ inode->i_op = &devpts_file_inode_operations;
- inode->i_private = tty;
- tty->driver_data = inode;
-
-diff -NurpP --minimal linux-2.6.35.4/fs/exec.c linux-2.6.35.4-vs2.3.0.36.32/fs/exec.c
---- linux-2.6.35.4/fs/exec.c 2010-08-02 16:52:48.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/exec.c 2010-08-02 17:05:05.000000000 +0200
-@@ -1506,7 +1506,7 @@ static int format_corename(char *corenam
- /* UNIX time of coredump */
- case 't': {
- struct timeval tv;
-- do_gettimeofday(&tv);
-+ vx_gettimeofday(&tv);
- rc = snprintf(out_ptr, out_end - out_ptr,
- "%lu", tv.tv_sec);
- if (rc > out_end - out_ptr)
-diff -NurpP --minimal linux-2.6.35.4/fs/ext2/balloc.c linux-2.6.35.4-vs2.3.0.36.32/fs/ext2/balloc.c
---- linux-2.6.35.4/fs/ext2/balloc.c 2010-08-02 16:52:48.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/ext2/balloc.c 2010-08-02 17:05:05.000000000 +0200
-@@ -702,7 +702,6 @@ ext2_try_to_allocate(struct super_block
+ inode->i_private = priv;
+
+ sprintf(s, "%d", index);
+diff -NurpP --minimal linux-3.9.4/fs/ext2/balloc.c linux-3.9.4-vs2.3.6.2/fs/ext2/balloc.c
+--- linux-3.9.4/fs/ext2/balloc.c 2013-05-31 13:45:23.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/ext2/balloc.c 2013-05-31 14:47:11.000000000 +0000
+@@ -693,7 +693,6 @@ ext2_try_to_allocate(struct super_block
start = 0;
end = EXT2_BLOCKS_PER_GROUP(sb);
}
BUG_ON(start > EXT2_BLOCKS_PER_GROUP(sb));
repeat:
-diff -NurpP --minimal linux-2.6.35.4/fs/ext2/ext2.h linux-2.6.35.4-vs2.3.0.36.32/fs/ext2/ext2.h
---- linux-2.6.35.4/fs/ext2/ext2.h 2010-08-02 16:52:48.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/ext2/ext2.h 2010-08-02 17:05:05.000000000 +0200
-@@ -130,6 +130,7 @@ extern int ext2_fiemap(struct inode *ino
- int __ext2_write_begin(struct file *file, struct address_space *mapping,
- loff_t pos, unsigned len, unsigned flags,
- struct page **pagep, void **fsdata);
+diff -NurpP --minimal linux-3.9.4/fs/ext2/ext2.h linux-3.9.4-vs2.3.6.2/fs/ext2/ext2.h
+--- linux-3.9.4/fs/ext2/ext2.h 2012-12-11 03:30:57.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/ext2/ext2.h 2013-05-31 14:47:11.000000000 +0000
+@@ -244,8 +244,12 @@ struct ext2_group_desc
+ #define EXT2_NOTAIL_FL FS_NOTAIL_FL /* file tail should not be merged */
+ #define EXT2_DIRSYNC_FL FS_DIRSYNC_FL /* dirsync behaviour (directories only) */
+ #define EXT2_TOPDIR_FL FS_TOPDIR_FL /* Top of directory hierarchies*/
++#define EXT2_IXUNLINK_FL FS_IXUNLINK_FL /* Immutable invert on unlink */
+ #define EXT2_RESERVED_FL FS_RESERVED_FL /* reserved for ext2 lib */
+
++#define EXT2_BARRIER_FL FS_BARRIER_FL /* Barrier for chroot() */
++#define EXT2_COW_FL FS_COW_FL /* Copy on Write marker */
++
+ #define EXT2_FL_USER_VISIBLE FS_FL_USER_VISIBLE /* User visible flags */
+ #define EXT2_FL_USER_MODIFIABLE FS_FL_USER_MODIFIABLE /* User modifiable flags */
+
+@@ -329,7 +333,8 @@ struct ext2_inode {
+ __u16 i_pad1;
+ __le16 l_i_uid_high; /* these 2 fields */
+ __le16 l_i_gid_high; /* were reserved2[0] */
+- __u32 l_i_reserved2;
++ __le16 l_i_tag; /* Context Tag */
++ __u16 l_i_reserved2;
+ } linux2;
+ struct {
+ __u8 h_i_frag; /* Fragment number */
+@@ -357,6 +362,7 @@ struct ext2_inode {
+ #define i_gid_low i_gid
+ #define i_uid_high osd2.linux2.l_i_uid_high
+ #define i_gid_high osd2.linux2.l_i_gid_high
++#define i_raw_tag osd2.linux2.l_i_tag
+ #define i_reserved2 osd2.linux2.l_i_reserved2
+
+ /*
+@@ -384,6 +390,7 @@ struct ext2_inode {
+ #define EXT2_MOUNT_USRQUOTA 0x020000 /* user quota */
+ #define EXT2_MOUNT_GRPQUOTA 0x040000 /* group quota */
+ #define EXT2_MOUNT_RESERVATION 0x080000 /* Preallocation */
++#define EXT2_MOUNT_TAGGED (1<<24) /* Enable Context Tags */
+
+
+ #define clear_opt(o, opt) o &= ~EXT2_MOUNT_##opt
+@@ -757,6 +764,7 @@ extern void ext2_set_inode_flags(struct
+ extern void ext2_get_inode_flags(struct ext2_inode_info *);
+ extern int ext2_fiemap(struct inode *inode, struct fiemap_extent_info *fieinfo,
+ u64 start, u64 len);
+extern int ext2_sync_flags(struct inode *, int, int);
/* ioctl.c */
extern long ext2_ioctl(struct file *, unsigned int, unsigned long);
-diff -NurpP --minimal linux-2.6.35.4/fs/ext2/file.c linux-2.6.35.4-vs2.3.0.36.32/fs/ext2/file.c
---- linux-2.6.35.4/fs/ext2/file.c 2010-08-02 16:52:48.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/ext2/file.c 2010-08-02 17:05:05.000000000 +0200
+diff -NurpP --minimal linux-3.9.4/fs/ext2/file.c linux-3.9.4-vs2.3.6.2/fs/ext2/file.c
+--- linux-3.9.4/fs/ext2/file.c 2012-12-11 03:30:57.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/ext2/file.c 2013-05-31 14:47:11.000000000 +0000
@@ -104,4 +104,5 @@ const struct inode_operations ext2_file_
.setattr = ext2_setattr,
- .check_acl = ext2_check_acl,
+ .get_acl = ext2_get_acl,
.fiemap = ext2_fiemap,
+ .sync_flags = ext2_sync_flags,
};
-diff -NurpP --minimal linux-2.6.35.4/fs/ext2/ialloc.c linux-2.6.35.4-vs2.3.0.36.32/fs/ext2/ialloc.c
---- linux-2.6.35.4/fs/ext2/ialloc.c 2010-08-02 16:52:48.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/ext2/ialloc.c 2010-08-02 18:15:12.000000000 +0200
+diff -NurpP --minimal linux-3.9.4/fs/ext2/ialloc.c linux-3.9.4-vs2.3.6.2/fs/ext2/ialloc.c
+--- linux-3.9.4/fs/ext2/ialloc.c 2013-05-31 13:45:23.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/ext2/ialloc.c 2013-06-01 09:31:28.000000000 +0000
@@ -17,6 +17,7 @@
#include <linux/backing-dev.h>
#include <linux/buffer_head.h>
#include "ext2.h"
#include "xattr.h"
#include "acl.h"
-@@ -553,6 +554,7 @@ got:
+@@ -546,6 +547,8 @@ got:
inode->i_mode = mode;
inode->i_uid = current_fsuid();
inode->i_gid = dir->i_gid;
-+ inode->i_tag = dx_current_fstag(sb);
++ inode->i_tag = make_ktag(&init_user_ns,
++ dx_current_fstag(sb));
} else
inode_init_owner(inode, dir, mode);
-diff -NurpP --minimal linux-2.6.35.4/fs/ext2/inode.c linux-2.6.35.4-vs2.3.0.36.32/fs/ext2/inode.c
---- linux-2.6.35.4/fs/ext2/inode.c 2010-08-02 16:52:48.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/ext2/inode.c 2010-08-02 17:05:05.000000000 +0200
-@@ -32,6 +32,7 @@
+diff -NurpP --minimal linux-3.9.4/fs/ext2/inode.c linux-3.9.4-vs2.3.6.2/fs/ext2/inode.c
+--- linux-3.9.4/fs/ext2/inode.c 2013-05-31 13:45:23.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/ext2/inode.c 2013-05-31 14:47:11.000000000 +0000
+@@ -31,6 +31,7 @@
#include <linux/mpage.h>
#include <linux/fiemap.h>
#include <linux/namei.h>
#include "ext2.h"
#include "acl.h"
#include "xip.h"
-@@ -1164,7 +1165,7 @@ static void ext2_truncate_blocks(struct
+@@ -1179,7 +1180,7 @@ static void ext2_truncate_blocks(struct
return;
if (ext2_inode_is_fast_symlink(inode))
return;
return;
__ext2_truncate_blocks(inode, offset);
}
-@@ -1261,36 +1262,61 @@ void ext2_set_inode_flags(struct inode *
+@@ -1270,36 +1271,61 @@ void ext2_set_inode_flags(struct inode *
{
unsigned int flags = EXT2_I(inode)->i_flags;
}
struct inode *ext2_iget (struct super_block *sb, unsigned long ino)
-@@ -1300,6 +1326,8 @@ struct inode *ext2_iget (struct super_bl
- struct ext2_inode *raw_inode;
- struct inode *inode;
- long ret = -EIO;
-+ uid_t uid;
-+ gid_t gid;
- int n;
-
- inode = iget_locked(sb, ino);
-@@ -1318,12 +1346,17 @@ struct inode *ext2_iget (struct super_bl
- }
-
- inode->i_mode = le16_to_cpu(raw_inode->i_mode);
-- inode->i_uid = (uid_t)le16_to_cpu(raw_inode->i_uid_low);
-- inode->i_gid = (gid_t)le16_to_cpu(raw_inode->i_gid_low);
-+ uid = (uid_t)le16_to_cpu(raw_inode->i_uid_low);
-+ gid = (gid_t)le16_to_cpu(raw_inode->i_gid_low);
- if (!(test_opt (inode->i_sb, NO_UID32))) {
-- inode->i_uid |= le16_to_cpu(raw_inode->i_uid_high) << 16;
-- inode->i_gid |= le16_to_cpu(raw_inode->i_gid_high) << 16;
-+ uid |= le16_to_cpu(raw_inode->i_uid_high) << 16;
-+ gid |= le16_to_cpu(raw_inode->i_gid_high) << 16;
+@@ -1335,8 +1361,10 @@ struct inode *ext2_iget (struct super_bl
+ i_uid |= le16_to_cpu(raw_inode->i_uid_high) << 16;
+ i_gid |= le16_to_cpu(raw_inode->i_gid_high) << 16;
}
-+ inode->i_uid = INOTAG_UID(DX_TAG(inode), uid, gid);
-+ inode->i_gid = INOTAG_GID(DX_TAG(inode), uid, gid);
-+ inode->i_tag = INOTAG_TAG(DX_TAG(inode), uid, gid,
-+ le16_to_cpu(raw_inode->i_raw_tag));
-+
- inode->i_nlink = le16_to_cpu(raw_inode->i_links_count);
+- i_uid_write(inode, i_uid);
+- i_gid_write(inode, i_gid);
++ i_uid_write(inode, INOTAG_UID(DX_TAG(inode), i_uid, i_gid));
++ i_gid_write(inode, INOTAG_GID(DX_TAG(inode), i_uid, i_gid));
++ i_tag_write(inode, INOTAG_TAG(DX_TAG(inode), i_uid, i_gid,
++ le16_to_cpu(raw_inode->i_raw_tag)));
+ set_nlink(inode, le16_to_cpu(raw_inode->i_links_count));
inode->i_size = le32_to_cpu(raw_inode->i_size);
inode->i_atime.tv_sec = (signed)le32_to_cpu(raw_inode->i_atime);
-@@ -1421,8 +1454,8 @@ static int __ext2_write_inode(struct ino
+@@ -1434,8 +1462,10 @@ static int __ext2_write_inode(struct ino
struct ext2_inode_info *ei = EXT2_I(inode);
struct super_block *sb = inode->i_sb;
ino_t ino = inode->i_ino;
-- uid_t uid = inode->i_uid;
-- gid_t gid = inode->i_gid;
-+ uid_t uid = TAGINO_UID(DX_TAG(inode), inode->i_uid, inode->i_tag);
-+ gid_t gid = TAGINO_GID(DX_TAG(inode), inode->i_gid, inode->i_tag);
+- uid_t uid = i_uid_read(inode);
+- gid_t gid = i_gid_read(inode);
++ uid_t uid = TAGINO_UID(DX_TAG(inode),
++ i_uid_read(inode), i_tag_read(inode));
++ gid_t gid = TAGINO_GID(DX_TAG(inode),
++ i_gid_read(inode), i_tag_read(inode));
struct buffer_head * bh;
struct ext2_inode * raw_inode = ext2_get_inode(sb, ino, &bh);
int n;
-@@ -1458,6 +1491,9 @@ static int __ext2_write_inode(struct ino
+@@ -1471,6 +1501,9 @@ static int __ext2_write_inode(struct ino
raw_inode->i_uid_high = 0;
raw_inode->i_gid_high = 0;
}
+#ifdef CONFIG_TAGGING_INTERN
-+ raw_inode->i_raw_tag = cpu_to_le16(inode->i_tag);
++ raw_inode->i_raw_tag = cpu_to_le16(i_tag_read(inode));
+#endif
raw_inode->i_links_count = cpu_to_le16(inode->i_nlink);
raw_inode->i_size = cpu_to_le32(inode->i_size);
raw_inode->i_atime = cpu_to_le32(inode->i_atime.tv_sec);
-@@ -1547,7 +1583,8 @@ int ext2_setattr(struct dentry *dentry,
+@@ -1551,7 +1584,8 @@ int ext2_setattr(struct dentry *dentry,
if (is_quota_modification(inode, iattr))
dquot_initialize(inode);
- if ((iattr->ia_valid & ATTR_UID && iattr->ia_uid != inode->i_uid) ||
-- (iattr->ia_valid & ATTR_GID && iattr->ia_gid != inode->i_gid)) {
-+ (iattr->ia_valid & ATTR_GID && iattr->ia_gid != inode->i_gid) ||
-+ (iattr->ia_valid & ATTR_TAG && iattr->ia_tag != inode->i_tag)) {
+ if ((iattr->ia_valid & ATTR_UID && !uid_eq(iattr->ia_uid, inode->i_uid)) ||
+- (iattr->ia_valid & ATTR_GID && !gid_eq(iattr->ia_gid, inode->i_gid))) {
++ (iattr->ia_valid & ATTR_GID && !gid_eq(iattr->ia_gid, inode->i_gid)) ||
++ (iattr->ia_valid & ATTR_TAG && !tag_eq(iattr->ia_tag, inode->i_tag))) {
error = dquot_transfer(inode, iattr);
if (error)
return error;
-diff -NurpP --minimal linux-2.6.35.4/fs/ext2/ioctl.c linux-2.6.35.4-vs2.3.0.36.32/fs/ext2/ioctl.c
---- linux-2.6.35.4/fs/ext2/ioctl.c 2009-09-10 15:26:21.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/ext2/ioctl.c 2010-08-02 17:05:05.000000000 +0200
+diff -NurpP --minimal linux-3.9.4/fs/ext2/ioctl.c linux-3.9.4-vs2.3.6.2/fs/ext2/ioctl.c
+--- linux-3.9.4/fs/ext2/ioctl.c 2013-05-31 13:45:23.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/ext2/ioctl.c 2013-05-31 14:47:11.000000000 +0000
@@ -17,6 +17,16 @@
#include <asm/uaccess.h>
+
long ext2_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
{
- struct inode *inode = filp->f_dentry->d_inode;
+ struct inode *inode = file_inode(filp);
@@ -51,6 +61,11 @@ long ext2_ioctl(struct file *filp, unsig
flags = ext2_mask_flags(inode->i_mode, flags);
+ flags &= EXT2_FL_USER_MODIFIABLE;
flags |= oldflags & ~EXT2_FL_USER_MODIFIABLE;
ei->i_flags = flags;
- mutex_unlock(&inode->i_mutex);
-diff -NurpP --minimal linux-2.6.35.4/fs/ext2/namei.c linux-2.6.35.4-vs2.3.0.36.32/fs/ext2/namei.c
---- linux-2.6.35.4/fs/ext2/namei.c 2010-07-07 18:31:51.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/ext2/namei.c 2010-08-02 17:05:05.000000000 +0200
+
+diff -NurpP --minimal linux-3.9.4/fs/ext2/namei.c linux-3.9.4-vs2.3.6.2/fs/ext2/namei.c
+--- linux-3.9.4/fs/ext2/namei.c 2012-12-11 03:30:57.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/ext2/namei.c 2013-05-31 14:47:11.000000000 +0000
@@ -32,6 +32,7 @@
#include <linux/pagemap.h>
#include "ext2.h"
#include "xattr.h"
#include "acl.h"
-@@ -75,6 +76,7 @@ static struct dentry *ext2_lookup(struct
- return ERR_PTR(-EIO);
- } else {
- return ERR_CAST(inode);
-+ dx_propagate_tag(nd, inode);
- }
+@@ -73,6 +74,7 @@ static struct dentry *ext2_lookup(struct
+ (unsigned long) ino);
+ return ERR_PTR(-EIO);
}
++ dx_propagate_tag(nd, inode);
}
-@@ -418,6 +420,7 @@ const struct inode_operations ext2_dir_i
+ return d_splice_alias(inode, dentry);
+ }
+@@ -397,6 +399,7 @@ const struct inode_operations ext2_dir_i
+ .removexattr = generic_removexattr,
#endif
.setattr = ext2_setattr,
- .check_acl = ext2_check_acl,
+ .sync_flags = ext2_sync_flags,
+ .get_acl = ext2_get_acl,
};
- const struct inode_operations ext2_special_inode_operations = {
-diff -NurpP --minimal linux-2.6.35.4/fs/ext2/super.c linux-2.6.35.4-vs2.3.0.36.32/fs/ext2/super.c
---- linux-2.6.35.4/fs/ext2/super.c 2010-08-02 16:52:48.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/ext2/super.c 2010-08-02 17:05:05.000000000 +0200
-@@ -390,7 +390,8 @@ enum {
+diff -NurpP --minimal linux-3.9.4/fs/ext2/super.c linux-3.9.4-vs2.3.6.2/fs/ext2/super.c
+--- linux-3.9.4/fs/ext2/super.c 2013-05-31 13:45:23.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/ext2/super.c 2013-05-31 14:47:11.000000000 +0000
+@@ -395,7 +395,8 @@ enum {
Opt_err_ro, Opt_nouid32, Opt_nocheck, Opt_debug,
Opt_oldalloc, Opt_orlov, Opt_nobh, Opt_user_xattr, Opt_nouser_xattr,
Opt_acl, Opt_noacl, Opt_xip, Opt_ignore, Opt_err, Opt_quota,
};
static const match_table_t tokens = {
-@@ -418,6 +419,9 @@ static const match_table_t tokens = {
+@@ -423,6 +424,9 @@ static const match_table_t tokens = {
{Opt_acl, "acl"},
{Opt_noacl, "noacl"},
{Opt_xip, "xip"},
{Opt_grpquota, "grpquota"},
{Opt_ignore, "noquota"},
{Opt_quota, "quota"},
-@@ -488,6 +492,20 @@ static int parse_options(char *options,
+@@ -506,6 +510,20 @@ static int parse_options(char *options,
case Opt_nouid32:
set_opt (sbi->s_mount_opt, NO_UID32);
break;
case Opt_nocheck:
clear_opt (sbi->s_mount_opt, CHECK);
break;
-@@ -845,6 +863,8 @@ static int ext2_fill_super(struct super_
+@@ -864,6 +882,8 @@ static int ext2_fill_super(struct super_
if (!parse_options((char *) data, sb))
goto failed_mount;
sb->s_flags = (sb->s_flags & ~MS_POSIXACL) |
((EXT2_SB(sb)->s_mount_opt & EXT2_MOUNT_POSIX_ACL) ?
MS_POSIXACL : 0);
-@@ -1217,6 +1237,14 @@ static int ext2_remount (struct super_bl
+@@ -1269,6 +1289,14 @@ static int ext2_remount (struct super_bl
+ err = -EINVAL;
goto restore_opts;
}
-
++
+ if ((sbi->s_mount_opt & EXT2_MOUNT_TAGGED) &&
+ !(sb->s_flags & MS_TAGGED)) {
+ printk("EXT2-fs: %s: tagging not permitted on remount.\n",
+ err = -EINVAL;
+ goto restore_opts;
+ }
-+
+
sb->s_flags = (sb->s_flags & ~MS_POSIXACL) |
((sbi->s_mount_opt & EXT2_MOUNT_POSIX_ACL) ? MS_POSIXACL : 0);
+diff -NurpP --minimal linux-3.9.4/fs/ext3/ext3.h linux-3.9.4-vs2.3.6.2/fs/ext3/ext3.h
+--- linux-3.9.4/fs/ext3/ext3.h 2012-12-11 03:30:57.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/ext3/ext3.h 2013-05-31 14:47:11.000000000 +0000
+@@ -151,10 +151,14 @@ struct ext3_group_desc
+ #define EXT3_NOTAIL_FL 0x00008000 /* file tail should not be merged */
+ #define EXT3_DIRSYNC_FL 0x00010000 /* dirsync behaviour (directories only) */
+ #define EXT3_TOPDIR_FL 0x00020000 /* Top of directory hierarchies*/
++#define EXT3_IXUNLINK_FL 0x08000000 /* Immutable invert on unlink */
+ #define EXT3_RESERVED_FL 0x80000000 /* reserved for ext3 lib */
-diff -NurpP --minimal linux-2.6.35.4/fs/ext3/file.c linux-2.6.35.4-vs2.3.0.36.32/fs/ext3/file.c
---- linux-2.6.35.4/fs/ext3/file.c 2010-07-07 18:31:51.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/ext3/file.c 2010-08-02 17:05:05.000000000 +0200
-@@ -81,5 +81,6 @@ const struct inode_operations ext3_file_
- #endif
- .check_acl = ext3_check_acl,
- .fiemap = ext3_fiemap,
-+ .sync_flags = ext3_sync_flags,
- };
-
-diff -NurpP --minimal linux-2.6.35.4/fs/ext3/ialloc.c linux-2.6.35.4-vs2.3.0.36.32/fs/ext3/ialloc.c
---- linux-2.6.35.4/fs/ext3/ialloc.c 2010-08-02 16:52:48.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/ext3/ialloc.c 2010-08-02 18:14:48.000000000 +0200
-@@ -23,6 +23,7 @@
- #include <linux/buffer_head.h>
- #include <linux/random.h>
- #include <linux/bitops.h>
-+#include <linux/vs_tag.h>
+-#define EXT3_FL_USER_VISIBLE 0x0003DFFF /* User visible flags */
+-#define EXT3_FL_USER_MODIFIABLE 0x000380FF /* User modifiable flags */
++#define EXT3_BARRIER_FL 0x04000000 /* Barrier for chroot() */
++#define EXT3_COW_FL 0x20000000 /* Copy on Write marker */
++
++#define EXT3_FL_USER_VISIBLE 0x0103DFFF /* User visible flags */
++#define EXT3_FL_USER_MODIFIABLE 0x010380FF /* User modifiable flags */
- #include <asm/byteorder.h>
+ /* Flags that should be inherited by new inodes from their parent. */
+ #define EXT3_FL_INHERITED (EXT3_SECRM_FL | EXT3_UNRM_FL | EXT3_COMPR_FL |\
+@@ -290,7 +294,8 @@ struct ext3_inode {
+ __u16 i_pad1;
+ __le16 l_i_uid_high; /* these 2 fields */
+ __le16 l_i_gid_high; /* were reserved2[0] */
+- __u32 l_i_reserved2;
++ __le16 l_i_tag; /* Context Tag */
++ __u16 l_i_reserved2;
+ } linux2;
+ struct {
+ __u8 h_i_frag; /* Fragment number */
+@@ -320,6 +325,7 @@ struct ext3_inode {
+ #define i_gid_low i_gid
+ #define i_uid_high osd2.linux2.l_i_uid_high
+ #define i_gid_high osd2.linux2.l_i_gid_high
++#define i_raw_tag osd2.linux2.l_i_tag
+ #define i_reserved2 osd2.linux2.l_i_reserved2
-@@ -543,6 +544,7 @@ got:
- inode->i_mode = mode;
- inode->i_uid = current_fsuid();
+ /*
+@@ -364,6 +370,7 @@ struct ext3_inode {
+ #define EXT3_MOUNT_GRPQUOTA 0x200000 /* "old" group quota */
+ #define EXT3_MOUNT_DATA_ERR_ABORT 0x400000 /* Abort on file data write
+ * error in ordered mode */
++#define EXT3_MOUNT_TAGGED (1<<24) /* Enable Context Tags */
+
+ /* Compatibility, for having both ext2_fs.h and ext3_fs.h included at once */
+ #ifndef _LINUX_EXT2_FS_H
+@@ -1061,6 +1068,7 @@ extern void ext3_get_inode_flags(struct
+ extern void ext3_set_aops(struct inode *inode);
+ extern int ext3_fiemap(struct inode *inode, struct fiemap_extent_info *fieinfo,
+ u64 start, u64 len);
++extern int ext3_sync_flags(struct inode *, int, int);
+
+ /* ioctl.c */
+ extern long ext3_ioctl(struct file *, unsigned int, unsigned long);
+diff -NurpP --minimal linux-3.9.4/fs/ext3/file.c linux-3.9.4-vs2.3.6.2/fs/ext3/file.c
+--- linux-3.9.4/fs/ext3/file.c 2012-12-11 03:30:57.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/ext3/file.c 2013-05-31 14:47:11.000000000 +0000
+@@ -76,5 +76,6 @@ const struct inode_operations ext3_file_
+ #endif
+ .get_acl = ext3_get_acl,
+ .fiemap = ext3_fiemap,
++ .sync_flags = ext3_sync_flags,
+ };
+
+diff -NurpP --minimal linux-3.9.4/fs/ext3/ialloc.c linux-3.9.4-vs2.3.6.2/fs/ext3/ialloc.c
+--- linux-3.9.4/fs/ext3/ialloc.c 2012-12-11 03:30:57.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/ext3/ialloc.c 2013-06-01 09:40:15.000000000 +0000
+@@ -14,6 +14,7 @@
+
+ #include <linux/quotaops.h>
+ #include <linux/random.h>
++#include <linux/vs_tag.h>
+
+ #include "ext3.h"
+ #include "xattr.h"
+@@ -469,6 +470,8 @@ got:
+ inode->i_mode = mode;
+ inode->i_uid = current_fsuid();
inode->i_gid = dir->i_gid;
-+ inode->i_tag = dx_current_fstag(sb);
++ inode->i_tag = make_ktag(&init_user_ns,
++ dx_current_fstag(sb));
} else
inode_init_owner(inode, dir, mode);
-diff -NurpP --minimal linux-2.6.35.4/fs/ext3/inode.c linux-2.6.35.4-vs2.3.0.36.32/fs/ext3/inode.c
---- linux-2.6.35.4/fs/ext3/inode.c 2010-08-02 16:52:48.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/ext3/inode.c 2010-08-02 17:05:05.000000000 +0200
-@@ -38,6 +38,7 @@
- #include <linux/bio.h>
- #include <linux/fiemap.h>
+diff -NurpP --minimal linux-3.9.4/fs/ext3/inode.c linux-3.9.4-vs2.3.6.2/fs/ext3/inode.c
+--- linux-3.9.4/fs/ext3/inode.c 2013-05-31 13:45:23.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/ext3/inode.c 2013-05-31 14:47:11.000000000 +0000
+@@ -27,6 +27,8 @@
+ #include <linux/writeback.h>
+ #include <linux/mpage.h>
#include <linux/namei.h>
+#include <linux/vs_tag.h>
++
+ #include "ext3.h"
#include "xattr.h"
#include "acl.h"
-
-@@ -2354,7 +2355,7 @@ static void ext3_free_branches(handle_t
-
- int ext3_can_truncate(struct inode *inode)
- {
-- if (IS_APPEND(inode) || IS_IMMUTABLE(inode))
-+ if (IS_APPEND(inode) || IS_IXORUNLINK(inode))
- return 0;
- if (S_ISREG(inode->i_mode))
- return 1;
-@@ -2739,36 +2740,60 @@ void ext3_set_inode_flags(struct inode *
+@@ -2851,36 +2853,60 @@ void ext3_set_inode_flags(struct inode *
{
unsigned int flags = EXT3_I(inode)->i_flags;
}
struct inode *ext3_iget(struct super_block *sb, unsigned long ino)
-@@ -2782,6 +2807,8 @@ struct inode *ext3_iget(struct super_blo
- transaction_t *transaction;
- long ret;
- int block;
-+ uid_t uid;
-+ gid_t gid;
-
- inode = iget_locked(sb, ino);
- if (!inode)
-@@ -2798,12 +2825,17 @@ struct inode *ext3_iget(struct super_blo
- bh = iloc.bh;
- raw_inode = ext3_raw_inode(&iloc);
- inode->i_mode = le16_to_cpu(raw_inode->i_mode);
-- inode->i_uid = (uid_t)le16_to_cpu(raw_inode->i_uid_low);
-- inode->i_gid = (gid_t)le16_to_cpu(raw_inode->i_gid_low);
-+ uid = (uid_t)le16_to_cpu(raw_inode->i_uid_low);
-+ gid = (gid_t)le16_to_cpu(raw_inode->i_gid_low);
- if(!(test_opt (inode->i_sb, NO_UID32))) {
-- inode->i_uid |= le16_to_cpu(raw_inode->i_uid_high) << 16;
-- inode->i_gid |= le16_to_cpu(raw_inode->i_gid_high) << 16;
-+ uid |= le16_to_cpu(raw_inode->i_uid_high) << 16;
-+ gid |= le16_to_cpu(raw_inode->i_gid_high) << 16;
+@@ -2918,8 +2944,10 @@ struct inode *ext3_iget(struct super_blo
+ i_uid |= le16_to_cpu(raw_inode->i_uid_high) << 16;
+ i_gid |= le16_to_cpu(raw_inode->i_gid_high) << 16;
}
-+ inode->i_uid = INOTAG_UID(DX_TAG(inode), uid, gid);
-+ inode->i_gid = INOTAG_GID(DX_TAG(inode), uid, gid);
-+ inode->i_tag = INOTAG_TAG(DX_TAG(inode), uid, gid,
-+ le16_to_cpu(raw_inode->i_raw_tag));
-+
- inode->i_nlink = le16_to_cpu(raw_inode->i_links_count);
+- i_uid_write(inode, i_uid);
+- i_gid_write(inode, i_gid);
++ i_uid_write(inode, INOTAG_UID(DX_TAG(inode), i_uid, i_gid));
++ i_gid_write(inode, INOTAG_GID(DX_TAG(inode), i_uid, i_gid));
++ i_tag_write(inode, INOTAG_TAG(DX_TAG(inode), i_uid, i_gid,
++ le16_to_cpu(raw_inode->i_raw_tag)));
+ set_nlink(inode, le16_to_cpu(raw_inode->i_links_count));
inode->i_size = le32_to_cpu(raw_inode->i_size);
inode->i_atime.tv_sec = (signed)le32_to_cpu(raw_inode->i_atime);
-@@ -2958,6 +2990,8 @@ static int ext3_do_update_inode(handle_t
- struct ext3_inode *raw_inode = ext3_raw_inode(iloc);
- struct ext3_inode_info *ei = EXT3_I(inode);
- struct buffer_head *bh = iloc->bh;
-+ uid_t uid = TAGINO_UID(DX_TAG(inode), inode->i_uid, inode->i_tag);
-+ gid_t gid = TAGINO_GID(DX_TAG(inode), inode->i_gid, inode->i_tag);
- int err = 0, rc, block;
-
- again:
-@@ -2972,29 +3006,32 @@ again:
+@@ -3091,8 +3119,10 @@ again:
+
ext3_get_inode_flags(ei);
raw_inode->i_mode = cpu_to_le16(inode->i_mode);
+- i_uid = i_uid_read(inode);
+- i_gid = i_gid_read(inode);
++ i_uid = TAGINO_UID(DX_TAG(inode),
++ i_uid_read(inode), i_tag_read(inode));
++ i_gid = TAGINO_GID(DX_TAG(inode),
++ i_gid_read(inode), i_tag_read(inode));
if(!(test_opt(inode->i_sb, NO_UID32))) {
-- raw_inode->i_uid_low = cpu_to_le16(low_16_bits(inode->i_uid));
-- raw_inode->i_gid_low = cpu_to_le16(low_16_bits(inode->i_gid));
-+ raw_inode->i_uid_low = cpu_to_le16(low_16_bits(uid));
-+ raw_inode->i_gid_low = cpu_to_le16(low_16_bits(gid));
- /*
- * Fix up interoperability with old kernels. Otherwise, old inodes get
- * re-used with the upper 16 bits of the uid/gid intact
- */
- if(!ei->i_dtime) {
- raw_inode->i_uid_high =
-- cpu_to_le16(high_16_bits(inode->i_uid));
-+ cpu_to_le16(high_16_bits(uid));
- raw_inode->i_gid_high =
-- cpu_to_le16(high_16_bits(inode->i_gid));
-+ cpu_to_le16(high_16_bits(gid));
- } else {
- raw_inode->i_uid_high = 0;
- raw_inode->i_gid_high = 0;
- }
- } else {
- raw_inode->i_uid_low =
-- cpu_to_le16(fs_high2lowuid(inode->i_uid));
-+ cpu_to_le16(fs_high2lowuid(uid));
- raw_inode->i_gid_low =
-- cpu_to_le16(fs_high2lowgid(inode->i_gid));
-+ cpu_to_le16(fs_high2lowgid(gid));
+ raw_inode->i_uid_low = cpu_to_le16(low_16_bits(i_uid));
+ raw_inode->i_gid_low = cpu_to_le16(low_16_bits(i_gid));
+@@ -3117,6 +3147,9 @@ again:
raw_inode->i_uid_high = 0;
raw_inode->i_gid_high = 0;
}
+#ifdef CONFIG_TAGGING_INTERN
-+ raw_inode->i_raw_tag = cpu_to_le16(inode->i_tag);
++ raw_inode->i_raw_tag = cpu_to_le16(i_tag_read(inode));
+#endif
raw_inode->i_links_count = cpu_to_le16(inode->i_nlink);
- raw_inode->i_size = cpu_to_le32(ei->i_disksize);
- raw_inode->i_atime = cpu_to_le32(inode->i_atime.tv_sec);
-@@ -3154,7 +3191,8 @@ int ext3_setattr(struct dentry *dentry,
+ disksize = cpu_to_le32(ei->i_disksize);
+ if (disksize != raw_inode->i_size) {
+@@ -3285,7 +3318,8 @@ int ext3_setattr(struct dentry *dentry,
if (is_quota_modification(inode, attr))
dquot_initialize(inode);
- if ((ia_valid & ATTR_UID && attr->ia_uid != inode->i_uid) ||
-- (ia_valid & ATTR_GID && attr->ia_gid != inode->i_gid)) {
-+ (ia_valid & ATTR_GID && attr->ia_gid != inode->i_gid) ||
-+ (ia_valid & ATTR_TAG && attr->ia_tag != inode->i_tag)) {
+ if ((ia_valid & ATTR_UID && !uid_eq(attr->ia_uid, inode->i_uid)) ||
+- (ia_valid & ATTR_GID && !gid_eq(attr->ia_gid, inode->i_gid))) {
++ (ia_valid & ATTR_GID && !gid_eq(attr->ia_gid, inode->i_gid)) ||
++ (ia_valid & ATTR_TAG && !tag_eq(attr->ia_tag, inode->i_tag))) {
handle_t *handle;
/* (user+group)*(old+new) structure, inode write (sb,
-@@ -3176,6 +3214,8 @@ int ext3_setattr(struct dentry *dentry,
+@@ -3307,6 +3341,8 @@ int ext3_setattr(struct dentry *dentry,
inode->i_uid = attr->ia_uid;
if (attr->ia_valid & ATTR_GID)
inode->i_gid = attr->ia_gid;
error = ext3_mark_inode_dirty(handle, inode);
ext3_journal_stop(handle);
}
-diff -NurpP --minimal linux-2.6.35.4/fs/ext3/ioctl.c linux-2.6.35.4-vs2.3.0.36.32/fs/ext3/ioctl.c
---- linux-2.6.35.4/fs/ext3/ioctl.c 2009-06-11 17:13:03.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/ext3/ioctl.c 2010-08-02 17:05:05.000000000 +0200
-@@ -8,6 +8,7 @@
- */
-
- #include <linux/fs.h>
-+#include <linux/mount.h>
- #include <linux/jbd.h>
- #include <linux/capability.h>
- #include <linux/ext3_fs.h>
-@@ -17,6 +18,34 @@
- #include <linux/compat.h>
+diff -NurpP --minimal linux-3.9.4/fs/ext3/ioctl.c linux-3.9.4-vs2.3.6.2/fs/ext3/ioctl.c
+--- linux-3.9.4/fs/ext3/ioctl.c 2013-05-31 13:45:23.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/ext3/ioctl.c 2013-05-31 14:47:11.000000000 +0000
+@@ -12,6 +12,34 @@
#include <asm/uaccess.h>
+ #include "ext3.h"
+
+int ext3_sync_flags(struct inode *inode, int flags, int vflags)
+
long ext3_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
{
- struct inode *inode = filp->f_dentry->d_inode;
-@@ -50,6 +79,11 @@ long ext3_ioctl(struct file *filp, unsig
+ struct inode *inode = file_inode(filp);
+@@ -45,6 +73,11 @@ long ext3_ioctl(struct file *filp, unsig
flags = ext3_mask_flags(inode->i_mode, flags);
mutex_lock(&inode->i_mutex);
/* Is it quota file? Do not allow user to mess with it */
-@@ -68,7 +102,9 @@ long ext3_ioctl(struct file *filp, unsig
+@@ -63,7 +96,9 @@ long ext3_ioctl(struct file *filp, unsig
*
* This test looks nicer. Thanks to Pauline Middelink
*/
if (!capable(CAP_LINUX_IMMUTABLE))
goto flags_out;
}
-@@ -93,7 +129,7 @@ long ext3_ioctl(struct file *filp, unsig
+@@ -88,7 +123,7 @@ long ext3_ioctl(struct file *filp, unsig
if (err)
goto flags_err;
flags |= oldflags & ~EXT3_FL_USER_MODIFIABLE;
ei->i_flags = flags;
-diff -NurpP --minimal linux-2.6.35.4/fs/ext3/namei.c linux-2.6.35.4-vs2.3.0.36.32/fs/ext3/namei.c
---- linux-2.6.35.4/fs/ext3/namei.c 2010-07-07 18:31:51.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/ext3/namei.c 2010-08-02 17:05:05.000000000 +0200
-@@ -36,6 +36,7 @@
+diff -NurpP --minimal linux-3.9.4/fs/ext3/namei.c linux-3.9.4-vs2.3.6.2/fs/ext3/namei.c
+--- linux-3.9.4/fs/ext3/namei.c 2013-05-31 13:45:23.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/ext3/namei.c 2013-05-31 14:47:11.000000000 +0000
+@@ -25,6 +25,8 @@
+ */
+
#include <linux/quotaops.h>
- #include <linux/buffer_head.h>
- #include <linux/bio.h>
+#include <linux/vs_tag.h>
-
++
+ #include "ext3.h"
#include "namei.h"
#include "xattr.h"
-@@ -912,6 +913,7 @@ restart:
- if (bh)
- ll_rw_block(READ_META, 1, &bh);
- }
+@@ -918,6 +920,7 @@ restart:
+ submit_bh(READ | REQ_META | REQ_PRIO,
+ bh);
+ }
+ dx_propagate_tag(nd, inode);
+ }
}
if ((bh = bh_use[ra_ptr++]) == NULL)
- goto next;
-@@ -2466,6 +2468,7 @@ const struct inode_operations ext3_dir_i
+@@ -2527,6 +2530,7 @@ const struct inode_operations ext3_dir_i
+ .listxattr = ext3_listxattr,
.removexattr = generic_removexattr,
#endif
- .check_acl = ext3_check_acl,
+ .sync_flags = ext3_sync_flags,
+ .get_acl = ext3_get_acl,
};
- const struct inode_operations ext3_special_inode_operations = {
-diff -NurpP --minimal linux-2.6.35.4/fs/ext3/super.c linux-2.6.35.4-vs2.3.0.36.32/fs/ext3/super.c
---- linux-2.6.35.4/fs/ext3/super.c 2010-08-02 16:52:48.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/ext3/super.c 2010-08-02 18:14:19.000000000 +0200
-@@ -817,7 +817,8 @@ enum {
+diff -NurpP --minimal linux-3.9.4/fs/ext3/super.c linux-3.9.4-vs2.3.6.2/fs/ext3/super.c
+--- linux-3.9.4/fs/ext3/super.c 2013-05-31 13:45:23.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/ext3/super.c 2013-05-31 14:47:11.000000000 +0000
+@@ -816,7 +816,8 @@ enum {
Opt_usrjquota, Opt_grpjquota, Opt_offusrjquota, Opt_offgrpjquota,
Opt_jqfmt_vfsold, Opt_jqfmt_vfsv0, Opt_jqfmt_vfsv1, Opt_quota,
Opt_noquota, Opt_ignore, Opt_barrier, Opt_nobarrier, Opt_err,
};
static const match_table_t tokens = {
-@@ -874,6 +875,9 @@ static const match_table_t tokens = {
+@@ -873,6 +874,9 @@ static const match_table_t tokens = {
{Opt_barrier, "barrier"},
{Opt_nobarrier, "nobarrier"},
{Opt_resize, "resize"},
{Opt_err, NULL},
};
-@@ -1026,6 +1030,20 @@ static int parse_options (char *options,
+@@ -1040,6 +1044,20 @@ static int parse_options (char *options,
case Opt_nouid32:
set_opt (sbi->s_mount_opt, NO_UID32);
break;
case Opt_nocheck:
clear_opt (sbi->s_mount_opt, CHECK);
break;
-@@ -1712,6 +1730,9 @@ static int ext3_fill_super (struct super
+@@ -1737,6 +1755,9 @@ static int ext3_fill_super (struct super
NULL, 0))
goto failed_mount;
sb->s_flags = (sb->s_flags & ~MS_POSIXACL) |
(test_opt(sb, POSIX_ACL) ? MS_POSIXACL : 0);
-@@ -2585,6 +2606,14 @@ static int ext3_remount (struct super_bl
+@@ -2633,6 +2654,14 @@ static int ext3_remount (struct super_bl
if (test_opt(sb, ABORT))
ext3_abort(sb, __func__, "Abort forced by user");
sb->s_flags = (sb->s_flags & ~MS_POSIXACL) |
(test_opt(sb, POSIX_ACL) ? MS_POSIXACL : 0);
-diff -NurpP --minimal linux-2.6.35.4/fs/ext4/ext4.h linux-2.6.35.4-vs2.3.0.36.32/fs/ext4/ext4.h
---- linux-2.6.35.4/fs/ext4/ext4.h 2010-08-02 16:52:48.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/ext4/ext4.h 2010-08-02 17:05:05.000000000 +0200
-@@ -318,8 +318,12 @@ struct flex_groups {
+diff -NurpP --minimal linux-3.9.4/fs/ext4/ext4.h linux-3.9.4-vs2.3.6.2/fs/ext4/ext4.h
+--- linux-3.9.4/fs/ext4/ext4.h 2013-05-31 13:45:23.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/ext4/ext4.h 2013-05-31 16:22:49.000000000 +0000
+@@ -399,7 +399,10 @@ struct flex_groups {
#define EXT4_EXTENTS_FL 0x00080000 /* Inode uses extents */
#define EXT4_EA_INODE_FL 0x00200000 /* Inode used for large EA */
#define EXT4_EOFBLOCKS_FL 0x00400000 /* Blocks allocated beyond EOF */
++#define EXT4_BARRIER_FL 0x04000000 /* Barrier for chroot() */
+#define EXT4_IXUNLINK_FL 0x08000000 /* Immutable invert on unlink */
+ #define EXT4_INLINE_DATA_FL 0x10000000 /* Inode has inline data. */
++#define EXT4_COW_FL 0x20000000 /* Copy on Write marker */
#define EXT4_RESERVED_FL 0x80000000 /* reserved for ext4 lib */
-+#define EXT4_BARRIER_FL 0x04000000 /* Barrier for chroot() */
-+#define EXT4_COW_FL 0x20000000 /* Copy on Write marker */
-+
#define EXT4_FL_USER_VISIBLE 0x004BDFFF /* User visible flags */
- #define EXT4_FL_USER_MODIFIABLE 0x004B80FF /* User modifiable flags */
-
-@@ -588,7 +592,8 @@ struct ext4_inode {
- __le16 l_i_file_acl_high;
+@@ -674,7 +677,7 @@ struct ext4_inode {
__le16 l_i_uid_high; /* these 2 fields */
__le16 l_i_gid_high; /* were reserved2[0] */
-- __u32 l_i_reserved2;
+ __le16 l_i_checksum_lo;/* crc32c(uuid+inum+inode) LE */
+- __le16 l_i_reserved;
+ __le16 l_i_tag; /* Context Tag */
-+ __u16 l_i_reserved2;
} linux2;
struct {
__le16 h_i_reserved1; /* Obsoleted fragment number/size which are removed in ext4 */
-@@ -702,6 +707,7 @@ do { \
+@@ -792,6 +795,7 @@ do { \
#define i_gid_low i_gid
#define i_uid_high osd2.linux2.l_i_uid_high
#define i_gid_high osd2.linux2.l_i_gid_high
+#define i_raw_tag osd2.linux2.l_i_tag
- #define i_reserved2 osd2.linux2.l_i_reserved2
+ #define i_checksum_lo osd2.linux2.l_i_checksum_lo
#elif defined(__GNU__)
-@@ -881,6 +887,7 @@ struct ext4_inode_info {
- #define EXT4_MOUNT_JOURNAL_CHECKSUM 0x800000 /* Journal checksums */
- #define EXT4_MOUNT_JOURNAL_ASYNC_COMMIT 0x1000000 /* Journal Async Commit */
- #define EXT4_MOUNT_I_VERSION 0x2000000 /* i_version support */
-+#define EXT4_MOUNT_TAGGED 0x4000000 /* Enable Context Tags */
- #define EXT4_MOUNT_DELALLOC 0x8000000 /* Delalloc support */
- #define EXT4_MOUNT_DATA_ERR_ABORT 0x10000000 /* Abort on file data write */
- #define EXT4_MOUNT_BLOCK_VALIDITY 0x20000000 /* Block validity checking */
-@@ -1910,6 +1917,7 @@ extern int ext4_get_blocks(handle_t *han
- struct buffer_head *bh, int flags);
- extern int ext4_fiemap(struct inode *inode, struct fiemap_extent_info *fieinfo,
- __u64 start, __u64 len);
+@@ -969,6 +973,7 @@ struct ext4_inode_info {
+ #define EXT4_MOUNT_POSIX_ACL 0x08000 /* POSIX Access Control Lists */
+ #define EXT4_MOUNT_NO_AUTO_DA_ALLOC 0x10000 /* No auto delalloc mapping */
+ #define EXT4_MOUNT_BARRIER 0x20000 /* Use block barriers */
++#define EXT4_MOUNT_TAGGED 0x40000 /* Enable Context Tags */
+ #define EXT4_MOUNT_QUOTA 0x80000 /* Some quota option set */
+ #define EXT4_MOUNT_USRQUOTA 0x100000 /* "old" user quota */
+ #define EXT4_MOUNT_GRPQUOTA 0x200000 /* "old" group quota */
+@@ -2527,6 +2532,7 @@ extern struct buffer_head *ext4_get_firs
+ extern int ext4_inline_data_fiemap(struct inode *inode,
+ struct fiemap_extent_info *fieinfo,
+ int *has_inline);
+extern int ext4_sync_flags(struct inode *, int, int);
- /* move_extent.c */
- extern int ext4_move_extents(struct file *o_filp, struct file *d_filp,
- __u64 start_orig, __u64 start_donor,
-diff -NurpP --minimal linux-2.6.35.4/fs/ext4/file.c linux-2.6.35.4-vs2.3.0.36.32/fs/ext4/file.c
---- linux-2.6.35.4/fs/ext4/file.c 2010-08-02 16:52:48.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/ext4/file.c 2010-08-02 17:05:05.000000000 +0200
-@@ -160,5 +160,6 @@ const struct inode_operations ext4_file_
- .check_acl = ext4_check_acl,
- .fallocate = ext4_fallocate,
+ extern int ext4_try_to_evict_inline_data(handle_t *handle,
+ struct inode *inode,
+ int needed);
+diff -NurpP --minimal linux-3.9.4/fs/ext4/file.c linux-3.9.4-vs2.3.6.2/fs/ext4/file.c
+--- linux-3.9.4/fs/ext4/file.c 2013-05-31 13:45:23.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/ext4/file.c 2013-05-31 14:47:11.000000000 +0000
+@@ -650,5 +650,6 @@ const struct inode_operations ext4_file_
+ .removexattr = generic_removexattr,
+ .get_acl = ext4_get_acl,
.fiemap = ext4_fiemap,
+ .sync_flags = ext4_sync_flags,
};
-diff -NurpP --minimal linux-2.6.35.4/fs/ext4/ialloc.c linux-2.6.35.4-vs2.3.0.36.32/fs/ext4/ialloc.c
---- linux-2.6.35.4/fs/ext4/ialloc.c 2010-08-02 16:52:48.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/ext4/ialloc.c 2010-08-02 18:12:48.000000000 +0200
+diff -NurpP --minimal linux-3.9.4/fs/ext4/ialloc.c linux-3.9.4-vs2.3.6.2/fs/ext4/ialloc.c
+--- linux-3.9.4/fs/ext4/ialloc.c 2013-05-31 13:45:23.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/ext4/ialloc.c 2013-06-01 09:46:49.000000000 +0000
@@ -22,6 +22,7 @@
#include <linux/random.h>
#include <linux/bitops.h>
#include <asm/byteorder.h>
#include "ext4.h"
-@@ -976,6 +977,7 @@ got:
+@@ -859,6 +860,8 @@ got:
inode->i_mode = mode;
inode->i_uid = current_fsuid();
inode->i_gid = dir->i_gid;
-+ inode->i_tag = dx_current_fstag(sb);
++ inode->i_tag = make_ktag(&init_user_ns,
++ dx_current_fstag(sb));
} else
inode_init_owner(inode, dir, mode);
-diff -NurpP --minimal linux-2.6.35.4/fs/ext4/inode.c linux-2.6.35.4-vs2.3.0.36.32/fs/ext4/inode.c
---- linux-2.6.35.4/fs/ext4/inode.c 2010-08-02 16:52:48.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/ext4/inode.c 2010-08-02 18:11:10.000000000 +0200
-@@ -40,6 +40,7 @@
- #include <linux/workqueue.h>
- #include <linux/kernel.h>
+diff -NurpP --minimal linux-3.9.4/fs/ext4/inode.c linux-3.9.4-vs2.3.6.2/fs/ext4/inode.c
+--- linux-3.9.4/fs/ext4/inode.c 2013-05-31 14:22:27.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/ext4/inode.c 2013-05-31 14:47:11.000000000 +0000
+@@ -37,6 +37,7 @@
+ #include <linux/printk.h>
#include <linux/slab.h>
+ #include <linux/ratelimit.h>
+#include <linux/vs_tag.h>
#include "ext4_jbd2.h"
#include "xattr.h"
-@@ -4575,7 +4576,7 @@ static void ext4_free_branches(handle_t
-
- int ext4_can_truncate(struct inode *inode)
- {
-- if (IS_APPEND(inode) || IS_IMMUTABLE(inode))
-+ if (IS_APPEND(inode) || IS_IXORUNLINK(inode))
- return 0;
- if (S_ISREG(inode->i_mode))
- return 1;
-@@ -4926,41 +4927,64 @@ void ext4_set_inode_flags(struct inode *
+@@ -3870,41 +3871,64 @@ void ext4_set_inode_flags(struct inode *
{
unsigned int flags = EXT4_I(inode)->i_flags;
} while (cmpxchg(&ei->i_flags, old_fl, new_fl) != old_fl);
}
-@@ -4996,6 +5020,8 @@ struct inode *ext4_iget(struct super_blo
- journal_t *journal = EXT4_SB(sb)->s_journal;
- long ret;
- int block;
-+ uid_t uid;
-+ gid_t gid;
-
- inode = iget_locked(sb, ino);
- if (!inode)
-@@ -5011,12 +5037,16 @@ struct inode *ext4_iget(struct super_blo
- goto bad_inode;
- raw_inode = ext4_raw_inode(&iloc);
- inode->i_mode = le16_to_cpu(raw_inode->i_mode);
-- inode->i_uid = (uid_t)le16_to_cpu(raw_inode->i_uid_low);
-- inode->i_gid = (gid_t)le16_to_cpu(raw_inode->i_gid_low);
-+ uid = (uid_t)le16_to_cpu(raw_inode->i_uid_low);
-+ gid = (gid_t)le16_to_cpu(raw_inode->i_gid_low);
- if (!(test_opt(inode->i_sb, NO_UID32))) {
-- inode->i_uid |= le16_to_cpu(raw_inode->i_uid_high) << 16;
-- inode->i_gid |= le16_to_cpu(raw_inode->i_gid_high) << 16;
-+ uid |= le16_to_cpu(raw_inode->i_uid_high) << 16;
-+ gid |= le16_to_cpu(raw_inode->i_gid_high) << 16;
+@@ -4009,8 +4033,10 @@ struct inode *ext4_iget(struct super_blo
+ i_uid |= le16_to_cpu(raw_inode->i_uid_high) << 16;
+ i_gid |= le16_to_cpu(raw_inode->i_gid_high) << 16;
}
-+ inode->i_uid = INOTAG_UID(DX_TAG(inode), uid, gid);
-+ inode->i_gid = INOTAG_GID(DX_TAG(inode), uid, gid);
-+ inode->i_tag = INOTAG_TAG(DX_TAG(inode), uid, gid,
-+ le16_to_cpu(raw_inode->i_raw_tag));
- inode->i_nlink = le16_to_cpu(raw_inode->i_links_count);
-
- ei->i_state_flags = 0;
-@@ -5235,6 +5265,8 @@ static int ext4_do_update_inode(handle_t
- struct ext4_inode *raw_inode = ext4_raw_inode(iloc);
- struct ext4_inode_info *ei = EXT4_I(inode);
- struct buffer_head *bh = iloc->bh;
-+ uid_t uid = TAGINO_UID(DX_TAG(inode), inode->i_uid, inode->i_tag);
-+ gid_t gid = TAGINO_GID(DX_TAG(inode), inode->i_gid, inode->i_tag);
- int err = 0, rc, block;
-
- /* For fields not not tracking in the in-memory inode,
-@@ -5245,29 +5277,32 @@ static int ext4_do_update_inode(handle_t
+- i_uid_write(inode, i_uid);
+- i_gid_write(inode, i_gid);
++ i_uid_write(inode, INOTAG_UID(DX_TAG(inode), i_uid, i_gid));
++ i_gid_write(inode, INOTAG_GID(DX_TAG(inode), i_uid, i_gid));
++ i_tag_write(inode, INOTAG_TAG(DX_TAG(inode), i_uid, i_gid,
++ le16_to_cpu(raw_inode->i_raw_tag)));
+ set_nlink(inode, le16_to_cpu(raw_inode->i_links_count));
+
+ ext4_clear_state_flags(ei); /* Only relevant on 32-bit archs */
+@@ -4233,8 +4259,10 @@ static int ext4_do_update_inode(handle_t
+
ext4_get_inode_flags(ei);
raw_inode->i_mode = cpu_to_le16(inode->i_mode);
+- i_uid = i_uid_read(inode);
+- i_gid = i_gid_read(inode);
++ i_uid = TAGINO_UID(DX_TAG(inode),
++ i_uid_read(inode), i_tag_read(inode));
++ i_gid = TAGINO_GID(DX_TAG(inode),
++ i_gid_read(inode), i_tag_read(inode));
if (!(test_opt(inode->i_sb, NO_UID32))) {
-- raw_inode->i_uid_low = cpu_to_le16(low_16_bits(inode->i_uid));
-- raw_inode->i_gid_low = cpu_to_le16(low_16_bits(inode->i_gid));
-+ raw_inode->i_uid_low = cpu_to_le16(low_16_bits(uid));
-+ raw_inode->i_gid_low = cpu_to_le16(low_16_bits(gid));
- /*
- * Fix up interoperability with old kernels. Otherwise, old inodes get
- * re-used with the upper 16 bits of the uid/gid intact
- */
- if (!ei->i_dtime) {
- raw_inode->i_uid_high =
-- cpu_to_le16(high_16_bits(inode->i_uid));
-+ cpu_to_le16(high_16_bits(uid));
- raw_inode->i_gid_high =
-- cpu_to_le16(high_16_bits(inode->i_gid));
-+ cpu_to_le16(high_16_bits(gid));
- } else {
- raw_inode->i_uid_high = 0;
- raw_inode->i_gid_high = 0;
- }
- } else {
- raw_inode->i_uid_low =
-- cpu_to_le16(fs_high2lowuid(inode->i_uid));
-+ cpu_to_le16(fs_high2lowuid(uid));
- raw_inode->i_gid_low =
-- cpu_to_le16(fs_high2lowgid(inode->i_gid));
-+ cpu_to_le16(fs_high2lowgid(gid));
+ raw_inode->i_uid_low = cpu_to_le16(low_16_bits(i_uid));
+ raw_inode->i_gid_low = cpu_to_le16(low_16_bits(i_gid));
+@@ -4257,6 +4285,9 @@ static int ext4_do_update_inode(handle_t
raw_inode->i_uid_high = 0;
raw_inode->i_gid_high = 0;
}
+#ifdef CONFIG_TAGGING_INTERN
-+ raw_inode->i_raw_tag = cpu_to_le16(inode->i_tag);
++ raw_inode->i_raw_tag = cpu_to_le16(i_tag_read(inode));
+#endif
raw_inode->i_links_count = cpu_to_le16(inode->i_nlink);
EXT4_INODE_SET_XTIME(i_ctime, inode, raw_inode);
-@@ -5453,7 +5488,8 @@ int ext4_setattr(struct dentry *dentry,
+@@ -4487,7 +4518,8 @@ int ext4_setattr(struct dentry *dentry,
if (is_quota_modification(inode, attr))
dquot_initialize(inode);
- if ((ia_valid & ATTR_UID && attr->ia_uid != inode->i_uid) ||
-- (ia_valid & ATTR_GID && attr->ia_gid != inode->i_gid)) {
-+ (ia_valid & ATTR_GID && attr->ia_gid != inode->i_gid) ||
-+ (ia_valid & ATTR_TAG && attr->ia_tag != inode->i_tag)) {
+ if ((ia_valid & ATTR_UID && !uid_eq(attr->ia_uid, inode->i_uid)) ||
+- (ia_valid & ATTR_GID && !gid_eq(attr->ia_gid, inode->i_gid))) {
++ (ia_valid & ATTR_GID && !gid_eq(attr->ia_gid, inode->i_gid)) ||
++ (ia_valid & ATTR_TAG && !tag_eq(attr->ia_tag, inode->i_tag))) {
handle_t *handle;
/* (user+group)*(old+new) structure, inode write (sb,
-@@ -5475,6 +5511,8 @@ int ext4_setattr(struct dentry *dentry,
+@@ -4510,6 +4542,8 @@ int ext4_setattr(struct dentry *dentry,
inode->i_uid = attr->ia_uid;
if (attr->ia_valid & ATTR_GID)
inode->i_gid = attr->ia_gid;
error = ext4_mark_inode_dirty(handle, inode);
ext4_journal_stop(handle);
}
-diff -NurpP --minimal linux-2.6.35.4/fs/ext4/ioctl.c linux-2.6.35.4-vs2.3.0.36.32/fs/ext4/ioctl.c
---- linux-2.6.35.4/fs/ext4/ioctl.c 2010-08-02 16:52:48.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/ext4/ioctl.c 2010-08-02 17:05:05.000000000 +0200
-@@ -14,10 +14,39 @@
+diff -NurpP --minimal linux-3.9.4/fs/ext4/ioctl.c linux-3.9.4-vs2.3.6.2/fs/ext4/ioctl.c
+--- linux-3.9.4/fs/ext4/ioctl.c 2013-05-31 13:45:23.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/ext4/ioctl.c 2013-05-31 19:50:08.000000000 +0000
+@@ -14,12 +14,40 @@
#include <linux/compat.h>
#include <linux/mount.h>
#include <linux/file.h>
#include "ext4_jbd2.h"
#include "ext4.h"
-+
+ #define MAX_32_NUM ((((unsigned long long) 1) << 32) - 1)
+
+int ext4_sync_flags(struct inode *inode, int flags, int vflags)
+{
+ handle_t *handle = NULL;
+ struct ext4_iloc iloc;
+ int err;
+
-+ handle = ext4_journal_start(inode, 1);
++ handle = ext4_journal_start(inode, EXT4_HT_INODE, 1);
+ if (IS_ERR(handle))
+ return PTR_ERR(handle);
+
+
long ext4_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
{
- struct inode *inode = filp->f_dentry->d_inode;
-@@ -50,6 +79,11 @@ long ext4_ioctl(struct file *filp, unsig
+ struct inode *inode = file_inode(filp);
+@@ -53,6 +81,11 @@ long ext4_ioctl(struct file *filp, unsig
flags = ext4_mask_flags(inode->i_mode, flags);
err = -EPERM;
mutex_lock(&inode->i_mutex);
/* Is it quota file? Do not allow user to mess with it */
-@@ -67,7 +101,9 @@ long ext4_ioctl(struct file *filp, unsig
+@@ -70,7 +103,9 @@ long ext4_ioctl(struct file *filp, unsig
*
* This test looks nicer. Thanks to Pauline Middelink
*/
if (!capable(CAP_LINUX_IMMUTABLE))
goto flags_out;
}
-diff -NurpP --minimal linux-2.6.35.4/fs/ext4/namei.c linux-2.6.35.4-vs2.3.0.36.32/fs/ext4/namei.c
---- linux-2.6.35.4/fs/ext4/namei.c 2010-08-02 16:52:48.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/ext4/namei.c 2010-08-02 17:05:05.000000000 +0200
+diff -NurpP --minimal linux-3.9.4/fs/ext4/namei.c linux-3.9.4-vs2.3.6.2/fs/ext4/namei.c
+--- linux-3.9.4/fs/ext4/namei.c 2013-05-31 13:45:23.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/ext4/namei.c 2013-05-31 14:47:11.000000000 +0000
@@ -34,6 +34,7 @@
#include <linux/quotaops.h>
#include <linux/buffer_head.h>
#include "ext4.h"
#include "ext4_jbd2.h"
-@@ -937,6 +938,7 @@ restart:
- if (bh)
- ll_rw_block(READ_META, 1, &bh);
+@@ -1290,6 +1291,7 @@ restart:
+ ll_rw_block(READ | REQ_META | REQ_PRIO,
+ 1, &bh);
}
+ dx_propagate_tag(nd, inode);
}
if ((bh = bh_use[ra_ptr++]) == NULL)
goto next;
-@@ -2550,6 +2552,7 @@ const struct inode_operations ext4_dir_i
- #endif
- .check_acl = ext4_check_acl,
+@@ -3190,6 +3192,7 @@ const struct inode_operations ext4_dir_i
+ .removexattr = generic_removexattr,
+ .get_acl = ext4_get_acl,
.fiemap = ext4_fiemap,
+ .sync_flags = ext4_sync_flags,
};
const struct inode_operations ext4_special_inode_operations = {
-diff -NurpP --minimal linux-2.6.35.4/fs/ext4/super.c linux-2.6.35.4-vs2.3.0.36.32/fs/ext4/super.c
---- linux-2.6.35.4/fs/ext4/super.c 2010-09-05 01:41:57.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/ext4/super.c 2010-08-14 18:19:32.000000000 +0200
-@@ -1161,6 +1161,7 @@ enum {
+diff -NurpP --minimal linux-3.9.4/fs/ext4/super.c linux-3.9.4-vs2.3.6.2/fs/ext4/super.c
+--- linux-3.9.4/fs/ext4/super.c 2013-05-31 14:22:27.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/ext4/super.c 2013-05-31 14:47:11.000000000 +0000
+@@ -1131,7 +1131,7 @@ enum {
Opt_inode_readahead_blks, Opt_journal_ioprio,
Opt_dioread_nolock, Opt_dioread_lock,
- Opt_discard, Opt_nodiscard,
-+ Opt_tag, Opt_notag, Opt_tagid
+ Opt_discard, Opt_nodiscard, Opt_init_itable, Opt_noinit_itable,
+- Opt_max_dir_size_kb,
++ Opt_max_dir_size_kb, Opt_tag, Opt_notag, Opt_tagid
};
static const match_table_t tokens = {
-@@ -1231,6 +1232,9 @@ static const match_table_t tokens = {
- {Opt_dioread_lock, "dioread_lock"},
- {Opt_discard, "discard"},
- {Opt_nodiscard, "nodiscard"},
+@@ -1211,6 +1211,9 @@ static const match_table_t tokens = {
+ {Opt_removed, "reservation"}, /* mount option from ext2/3 */
+ {Opt_removed, "noreservation"}, /* mount option from ext2/3 */
+ {Opt_removed, "journal=%u"}, /* mount option from ext2/3 */
+ {Opt_tag, "tag"},
+ {Opt_notag, "notag"},
+ {Opt_tagid, "tagid=%u"},
{Opt_err, NULL},
};
-@@ -1399,6 +1403,20 @@ static int parse_options(char *options,
- case Opt_nouid32:
- set_opt(sbi->s_mount_opt, NO_UID32);
- break;
+@@ -1441,6 +1444,20 @@ static int handle_mount_opt(struct super
+ case Opt_i_version:
+ sb->s_flags |= MS_I_VERSION;
+ return 1;
+#ifndef CONFIG_TAGGING_NONE
-+ case Opt_tag:
-+ set_opt (sbi->s_mount_opt, TAGGED);
-+ break;
-+ case Opt_notag:
-+ clear_opt (sbi->s_mount_opt, TAGGED);
-+ break;
++ case Opt_tag:
++ set_opt(sb, TAGGED);
++ return 1;
++ case Opt_notag:
++ clear_opt(sb, TAGGED);
++ return 1;
+#endif
+#ifdef CONFIG_PROPAGATE
-+ case Opt_tagid:
-+ /* use args[0] */
-+ set_opt (sbi->s_mount_opt, TAGGED);
-+ break;
++ case Opt_tagid:
++ /* use args[0] */
++ set_opt(sb, TAGGED);
++ return 1;
+#endif
- case Opt_debug:
- set_opt(sbi->s_mount_opt, DEBUG);
- break;
-@@ -2566,6 +2584,9 @@ static int ext4_fill_super(struct super_
- &journal_ioprio, NULL, 0))
- goto failed_mount;
+ }
+
+ for (m = ext4_mount_opts; m->token != Opt_err; m++)
+@@ -3401,6 +3418,9 @@ static int ext4_fill_super(struct super_
+ clear_opt(sb, DELALLOC);
+ }
+ if (EXT4_SB(sb)->s_mount_opt & EXT4_MOUNT_TAGGED)
+ sb->s_flags |= MS_TAGGED;
sb->s_flags = (sb->s_flags & ~MS_POSIXACL) |
(test_opt(sb, POSIX_ACL) ? MS_POSIXACL : 0);
-@@ -3618,6 +3639,14 @@ static int ext4_remount(struct super_blo
+@@ -4587,6 +4607,14 @@ static int ext4_remount(struct super_blo
if (sbi->s_mount_flags & EXT4_MF_FS_ABORTED)
- ext4_abort(sb, __func__, "Abort forced by user");
+ ext4_abort(sb, "Abort forced by user");
+ if ((sbi->s_mount_opt & EXT4_MOUNT_TAGGED) &&
+ !(sb->s_flags & MS_TAGGED)) {
sb->s_flags = (sb->s_flags & ~MS_POSIXACL) |
(test_opt(sb, POSIX_ACL) ? MS_POSIXACL : 0);
-diff -NurpP --minimal linux-2.6.35.4/fs/fcntl.c linux-2.6.35.4-vs2.3.0.36.32/fs/fcntl.c
---- linux-2.6.35.4/fs/fcntl.c 2010-08-02 16:52:49.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/fcntl.c 2010-08-02 17:05:06.000000000 +0200
-@@ -20,6 +20,7 @@
- #include <linux/signal.h>
+diff -NurpP --minimal linux-3.9.4/fs/fcntl.c linux-3.9.4-vs2.3.6.2/fs/fcntl.c
+--- linux-3.9.4/fs/fcntl.c 2013-05-31 13:45:23.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/fcntl.c 2013-05-31 14:47:11.000000000 +0000
+@@ -21,6 +21,7 @@
#include <linux/rcupdate.h>
#include <linux/pid_namespace.h>
+ #include <linux/user_namespace.h>
+#include <linux/vs_limit.h>
#include <asm/poll.h>
#include <asm/siginfo.h>
-@@ -103,6 +104,8 @@ SYSCALL_DEFINE3(dup3, unsigned int, oldf
-
- if (tofree)
- filp_close(tofree, files);
-+ else
-+ vx_openfd_inc(newfd); /* fd was unused */
-
- return newfd;
+@@ -378,6 +379,8 @@ SYSCALL_DEFINE3(fcntl64, unsigned int, f
-@@ -434,6 +437,8 @@ SYSCALL_DEFINE3(fcntl, unsigned int, fd,
- filp = fget(fd);
- if (!filp)
+ if (!f.file)
goto out;
+ if (!vx_files_avail(1))
+ goto out;
- err = security_file_fcntl(filp, cmd, arg);
- if (err) {
-diff -NurpP --minimal linux-2.6.35.4/fs/file.c linux-2.6.35.4-vs2.3.0.36.32/fs/file.c
---- linux-2.6.35.4/fs/file.c 2010-07-07 18:31:51.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/file.c 2010-08-02 17:05:06.000000000 +0200
-@@ -20,6 +20,7 @@
+ if (unlikely(f.file->f_mode & FMODE_PATH)) {
+ if (!check_fcntl_cmd(cmd))
+diff -NurpP --minimal linux-3.9.4/fs/file.c linux-3.9.4-vs2.3.6.2/fs/file.c
+--- linux-3.9.4/fs/file.c 2013-05-31 13:45:23.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/file.c 2013-05-31 14:47:11.000000000 +0000
+@@ -22,6 +22,7 @@
#include <linux/spinlock.h>
#include <linux/rcupdate.h>
#include <linux/workqueue.h>
struct fdtable_defer {
spinlock_t lock;
-@@ -368,6 +369,8 @@ struct files_struct *dup_fd(struct files
+@@ -364,6 +365,8 @@ struct files_struct *dup_fd(struct files
struct file *f = *old_fds++;
if (f) {
get_file(f);
} else {
/*
* The fd may be claimed in the fd bitmap but not yet
-@@ -476,6 +479,7 @@ repeat:
+@@ -429,9 +432,11 @@ static void close_files(struct files_str
+ filp_close(file, files);
+ cond_resched();
+ }
++ vx_openfd_dec(i);
+ }
+ i++;
+ set >>= 1;
++ cond_resched();
+ }
+ }
+ }
+@@ -567,6 +572,7 @@ repeat:
else
- FD_CLR(fd, fdt->close_on_exec);
+ __clear_close_on_exec(fd, fdt);
error = fd;
+ vx_openfd_inc(fd);
#if 1
/* Sanity check */
if (rcu_dereference_raw(fdt->fd[fd]) != NULL) {
-diff -NurpP --minimal linux-2.6.35.4/fs/file_table.c linux-2.6.35.4-vs2.3.0.36.32/fs/file_table.c
---- linux-2.6.35.4/fs/file_table.c 2010-08-02 16:52:49.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/file_table.c 2010-08-02 17:05:06.000000000 +0200
-@@ -22,6 +22,8 @@
- #include <linux/sysctl.h>
- #include <linux/percpu_counter.h>
+@@ -597,6 +603,7 @@ static void __put_unused_fd(struct files
+ __clear_open_fd(fd, fdt);
+ if (fd < files->next_fd)
+ files->next_fd = fd;
++ vx_openfd_dec(fd);
+ }
+
+ void put_unused_fd(unsigned int fd)
+@@ -876,6 +883,8 @@ static int do_dup2(struct files_struct *
+
+ if (tofree)
+ filp_close(tofree, files);
++ else
++ vx_openfd_inc(fd); /* fd was unused */
+
+ return fd;
+
+diff -NurpP --minimal linux-3.9.4/fs/file_table.c linux-3.9.4-vs2.3.6.2/fs/file_table.c
+--- linux-3.9.4/fs/file_table.c 2013-05-31 13:45:23.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/file_table.c 2013-05-31 14:47:11.000000000 +0000
+@@ -26,6 +26,8 @@
+ #include <linux/hardirq.h>
+ #include <linux/task_work.h>
#include <linux/ima.h>
+#include <linux/vs_limit.h>
+#include <linux/vs_context.h>
- #include <asm/atomic.h>
+ #include <linux/atomic.h>
-@@ -133,6 +135,8 @@ struct file *get_empty_filp(void)
+@@ -140,6 +142,8 @@ struct file *get_empty_filp(void)
spin_lock_init(&f->f_lock);
eventpoll_init_file(f);
/* f->f_version: 0 */
return f;
over:
-@@ -249,6 +253,8 @@ static void __fput(struct file *file)
- cdev_put(inode->i_cdev);
- fops_put(file->f_op);
- put_pid(file->f_owner.pid);
-+ vx_files_dec(file);
-+ file->f_xid = 0;
- file_kill(file);
+@@ -257,6 +261,8 @@ static void __fput(struct file *file)
+ i_readcount_dec(inode);
if (file->f_mode & FMODE_WRITE)
drop_file_write_access(file);
-@@ -324,6 +330,8 @@ void put_filp(struct file *file)
++ vx_files_dec(file);
++ file->f_xid = 0;
+ file->f_path.dentry = NULL;
+ file->f_path.mnt = NULL;
+ file->f_inode = NULL;
+@@ -344,6 +350,8 @@ void put_filp(struct file *file)
{
if (atomic_long_dec_and_test(&file->f_count)) {
security_file_free(file);
+ vx_files_dec(file);
+ file->f_xid = 0;
- file_kill(file);
+ file_sb_list_del(file);
file_free(file);
}
-diff -NurpP --minimal linux-2.6.35.4/fs/fs_struct.c linux-2.6.35.4-vs2.3.0.36.32/fs/fs_struct.c
---- linux-2.6.35.4/fs/fs_struct.c 2009-06-11 17:13:04.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/fs_struct.c 2010-08-02 17:05:06.000000000 +0200
+diff -NurpP --minimal linux-3.9.4/fs/fs_struct.c linux-3.9.4-vs2.3.6.2/fs/fs_struct.c
+--- linux-3.9.4/fs/fs_struct.c 2013-05-31 13:45:23.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/fs_struct.c 2013-05-31 14:47:11.000000000 +0000
@@ -4,6 +4,7 @@
#include <linux/path.h>
#include <linux/slab.h>
#include <linux/fs_struct.h>
+#include <linux/vserver/global.h>
+ #include "internal.h"
/*
- * Replace the fs->{rootmnt,root} with {mnt,dentry}. Put the old values.
-@@ -77,6 +78,7 @@ void free_fs_struct(struct fs_struct *fs
+@@ -87,6 +88,7 @@ void free_fs_struct(struct fs_struct *fs
{
path_put(&fs->root);
path_put(&fs->pwd);
kmem_cache_free(fs_cachep, fs);
}
-@@ -112,6 +114,7 @@ struct fs_struct *copy_fs_struct(struct
+@@ -124,6 +126,7 @@ struct fs_struct *copy_fs_struct(struct
fs->pwd = old->pwd;
- path_get(&old->pwd);
- read_unlock(&old->lock);
+ path_get(&fs->pwd);
+ spin_unlock(&old->lock);
+ atomic_inc(&vs_global_fs);
}
return fs;
}
-diff -NurpP --minimal linux-2.6.35.4/fs/gfs2/file.c linux-2.6.35.4-vs2.3.0.36.32/fs/gfs2/file.c
---- linux-2.6.35.4/fs/gfs2/file.c 2010-08-02 16:52:49.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/gfs2/file.c 2010-08-02 17:05:06.000000000 +0200
-@@ -132,6 +132,9 @@ static const u32 fsflags_to_gfs2[32] = {
- [7] = GFS2_DIF_NOATIME,
+diff -NurpP --minimal linux-3.9.4/fs/gfs2/file.c linux-3.9.4-vs2.3.6.2/fs/gfs2/file.c
+--- linux-3.9.4/fs/gfs2/file.c 2013-05-31 13:45:23.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/gfs2/file.c 2013-05-31 19:54:27.000000000 +0000
+@@ -143,6 +143,9 @@ static const u32 fsflags_to_gfs2[32] = {
[12] = GFS2_DIF_EXHASH,
[14] = GFS2_DIF_INHERIT_JDATA,
+ [17] = GFS2_DIF_TOPDIR,
+ [27] = GFS2_DIF_IXUNLINK,
+ [26] = GFS2_DIF_BARRIER,
+ [29] = GFS2_DIF_COW,
};
static const u32 gfs2_to_fsflags[32] = {
-@@ -141,6 +144,9 @@ static const u32 gfs2_to_fsflags[32] = {
- [gfs2fl_NoAtime] = FS_NOATIME_FL,
+@@ -153,6 +156,9 @@ static const u32 gfs2_to_fsflags[32] = {
[gfs2fl_ExHash] = FS_INDEX_FL,
+ [gfs2fl_TopLevel] = FS_TOPDIR_FL,
[gfs2fl_InheritJdata] = FS_JOURNAL_DATA_FL,
+ [gfs2fl_IXUnlink] = FS_IXUNLINK_FL,
+ [gfs2fl_Barrier] = FS_BARRIER_FL,
};
static int gfs2_get_flags(struct file *filp, u32 __user *ptr)
-@@ -171,10 +177,16 @@ void gfs2_set_inode_flags(struct inode *
+@@ -183,12 +189,18 @@ void gfs2_set_inode_flags(struct inode *
{
struct gfs2_inode *ip = GFS2_I(inode);
unsigned int flags = inode->i_flags;
+ unsigned int vflags = inode->i_vflags;
+
+ flags &= ~(S_IMMUTABLE | S_IXUNLINK |
-+ S_SYNC | S_APPEND | S_NOATIME | S_DIRSYNC);
++ S_SYNC | S_APPEND | S_NOATIME | S_DIRSYNC | S_NOSEC);
-- flags &= ~(S_SYNC|S_APPEND|S_IMMUTABLE|S_NOATIME|S_DIRSYNC);
+- flags &= ~(S_SYNC|S_APPEND|S_IMMUTABLE|S_NOATIME|S_DIRSYNC|S_NOSEC);
+ if ((ip->i_eattr == 0) && !is_sxid(inode->i_mode))
+ inode->i_flags |= S_NOSEC;
if (ip->i_diskflags & GFS2_DIF_IMMUTABLE)
flags |= S_IMMUTABLE;
+ if (ip->i_diskflags & GFS2_DIF_IXUNLINK)
if (ip->i_diskflags & GFS2_DIF_APPENDONLY)
flags |= S_APPEND;
if (ip->i_diskflags & GFS2_DIF_NOATIME)
-@@ -182,6 +194,43 @@ void gfs2_set_inode_flags(struct inode *
+@@ -196,6 +208,43 @@ void gfs2_set_inode_flags(struct inode *
if (ip->i_diskflags & GFS2_DIF_SYNC)
flags |= S_SYNC;
inode->i_flags = flags;
}
/* Flags that can be set by user space */
-@@ -293,6 +342,37 @@ static int gfs2_set_flags(struct file *f
+@@ -309,6 +358,37 @@ static int gfs2_set_flags(struct file *f
return do_gfs2_set_flags(filp, gfsflags, ~GFS2_DIF_JDATA);
}
+ error = gfs2_meta_inode_buffer(ip, &bh);
+ if (error)
+ goto out_trans_end;
-+ gfs2_trans_add_bh(ip->i_gl, bh, 1);
++ gfs2_trans_add_meta(ip->i_gl, bh);
+ inode->i_flags = flags;
+ inode->i_vflags = vflags;
+ gfs2_get_inode_flags(inode);
static long gfs2_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
{
switch(cmd) {
-diff -NurpP --minimal linux-2.6.35.4/fs/gfs2/inode.h linux-2.6.35.4-vs2.3.0.36.32/fs/gfs2/inode.h
---- linux-2.6.35.4/fs/gfs2/inode.h 2010-08-02 16:52:49.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/gfs2/inode.h 2010-08-02 17:05:06.000000000 +0200
-@@ -109,6 +109,7 @@ extern const struct file_operations gfs2
+diff -NurpP --minimal linux-3.9.4/fs/gfs2/inode.h linux-3.9.4-vs2.3.6.2/fs/gfs2/inode.h
+--- linux-3.9.4/fs/gfs2/inode.h 2012-12-11 03:30:57.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/gfs2/inode.h 2013-05-31 14:47:11.000000000 +0000
+@@ -117,6 +117,7 @@ extern const struct file_operations gfs2
extern const struct file_operations gfs2_dir_fops_nolock;
extern void gfs2_set_inode_flags(struct inode *inode);
#ifdef CONFIG_GFS2_FS_LOCKING_DLM
extern const struct file_operations gfs2_file_fops;
-diff -NurpP --minimal linux-2.6.35.4/fs/gfs2/ops_inode.c linux-2.6.35.4-vs2.3.0.36.32/fs/gfs2/ops_inode.c
---- linux-2.6.35.4/fs/gfs2/ops_inode.c 2010-08-02 16:52:49.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/gfs2/ops_inode.c 2010-08-02 17:05:06.000000000 +0200
-@@ -1346,6 +1346,7 @@ const struct inode_operations gfs2_file_
- .listxattr = gfs2_listxattr,
- .removexattr = gfs2_removexattr,
- .fiemap = gfs2_fiemap,
-+ .sync_flags = gfs2_sync_flags,
- };
-
- const struct inode_operations gfs2_dir_iops = {
-@@ -1366,6 +1367,7 @@ const struct inode_operations gfs2_dir_i
- .listxattr = gfs2_listxattr,
- .removexattr = gfs2_removexattr,
- .fiemap = gfs2_fiemap,
-+ .sync_flags = gfs2_sync_flags,
- };
-
- const struct inode_operations gfs2_symlink_iops = {
-diff -NurpP --minimal linux-2.6.35.4/fs/hfsplus/ioctl.c linux-2.6.35.4-vs2.3.0.36.32/fs/hfsplus/ioctl.c
---- linux-2.6.35.4/fs/hfsplus/ioctl.c 2010-08-02 16:52:49.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/hfsplus/ioctl.c 2010-08-02 17:48:55.000000000 +0200
-@@ -18,6 +18,7 @@
- #include <linux/sched.h>
- #include <linux/xattr.h>
- #include <linux/smp_lock.h>
-+// #include <linux/mount.h>
- #include <asm/uaccess.h>
- #include "hfsplus_fs.h"
-
-diff -NurpP --minimal linux-2.6.35.4/fs/inode.c linux-2.6.35.4-vs2.3.0.36.32/fs/inode.c
---- linux-2.6.35.4/fs/inode.c 2010-08-02 16:52:49.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/inode.c 2010-08-02 19:08:57.000000000 +0200
-@@ -25,6 +25,7 @@
- #include <linux/mount.h>
- #include <linux/async.h>
- #include <linux/posix_acl.h>
+diff -NurpP --minimal linux-3.9.4/fs/hostfs/hostfs.h linux-3.9.4-vs2.3.6.2/fs/hostfs/hostfs.h
+--- linux-3.9.4/fs/hostfs/hostfs.h 2012-12-11 03:30:57.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/hostfs/hostfs.h 2013-05-31 14:47:11.000000000 +0000
+@@ -42,6 +42,7 @@ struct hostfs_iattr {
+ unsigned short ia_mode;
+ uid_t ia_uid;
+ gid_t ia_gid;
++ tag_t ia_tag;
+ loff_t ia_size;
+ struct timespec ia_atime;
+ struct timespec ia_mtime;
+diff -NurpP --minimal linux-3.9.4/fs/inode.c linux-3.9.4-vs2.3.6.2/fs/inode.c
+--- linux-3.9.4/fs/inode.c 2013-05-31 13:45:24.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/inode.c 2013-06-01 09:01:48.000000000 +0000
+@@ -17,6 +17,7 @@
+ #include <linux/prefetch.h>
+ #include <linux/buffer_head.h> /* for inode_has_buffers */
+ #include <linux/ratelimit.h>
+#include <linux/vs_tag.h>
+ #include "internal.h"
/*
- * This is needed for the following functions:
-@@ -131,6 +132,9 @@ int inode_init_always(struct super_block
+@@ -128,6 +129,8 @@ int inode_init_always(struct super_block
struct address_space *const mapping = &inode->i_data;
inode->i_sb = sb;
+
+ /* essential because of inode slab reuse */
-+ inode->i_tag = 0;
inode->i_blkbits = sb->s_blocksize_bits;
inode->i_flags = 0;
atomic_set(&inode->i_count, 1);
-@@ -151,6 +155,7 @@ int inode_init_always(struct super_block
+@@ -137,6 +140,7 @@ int inode_init_always(struct super_block
+ inode->i_opflags = 0;
+ i_uid_write(inode, 0);
+ i_gid_write(inode, 0);
++ i_tag_write(inode, 0);
+ atomic_set(&inode->i_writecount, 0);
+ inode->i_size = 0;
+ inode->i_blocks = 0;
+@@ -149,6 +153,7 @@ int inode_init_always(struct super_block
inode->i_bdev = NULL;
inode->i_cdev = NULL;
inode->i_rdev = 0;
inode->dirtied_when = 0;
if (security_inode_alloc(inode))
-@@ -294,6 +299,8 @@ void __iget(struct inode *inode)
- inodes_stat.nr_unused--;
+@@ -483,6 +488,8 @@ void __insert_inode_hash(struct inode *i
}
+ EXPORT_SYMBOL(__insert_inode_hash);
+EXPORT_SYMBOL_GPL(__iget);
+
/**
- * clear_inode - clear an inode
- * @inode: inode to clear
-@@ -1593,9 +1600,11 @@ void init_special_inode(struct inode *in
+ * __remove_inode_hash - remove an inode from the hash
+ * @inode: inode to unhash
+@@ -1799,9 +1806,11 @@ void init_special_inode(struct inode *in
if (S_ISCHR(mode)) {
inode->i_fop = &def_chr_fops;
inode->i_rdev = rdev;
} else if (S_ISFIFO(mode))
inode->i_fop = &def_fifo_fops;
else if (S_ISSOCK(mode))
-@@ -1624,5 +1633,6 @@ void inode_init_owner(struct inode *inod
+@@ -1830,6 +1839,7 @@ void inode_init_owner(struct inode *inod
} else
inode->i_gid = current_fsgid();
inode->i_mode = mode;
-+ inode->i_tag = dx_current_fstag(inode->i_sb);
++ i_tag_write(inode, dx_current_fstag(inode->i_sb));
}
EXPORT_SYMBOL(inode_init_owner);
-diff -NurpP --minimal linux-2.6.35.4/fs/ioctl.c linux-2.6.35.4-vs2.3.0.36.32/fs/ioctl.c
---- linux-2.6.35.4/fs/ioctl.c 2010-08-02 16:52:49.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/ioctl.c 2010-08-02 17:05:06.000000000 +0200
-@@ -16,6 +16,9 @@
+
+diff -NurpP --minimal linux-3.9.4/fs/ioctl.c linux-3.9.4-vs2.3.6.2/fs/ioctl.c
+--- linux-3.9.4/fs/ioctl.c 2013-05-31 13:45:24.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/ioctl.c 2013-05-31 14:47:11.000000000 +0000
+@@ -15,6 +15,9 @@
#include <linux/writeback.h>
#include <linux/buffer_head.h>
#include <linux/falloc.h>
#include <asm/ioctls.h>
-diff -NurpP --minimal linux-2.6.35.4/fs/ioprio.c linux-2.6.35.4-vs2.3.0.36.32/fs/ioprio.c
---- linux-2.6.35.4/fs/ioprio.c 2010-07-07 18:31:52.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/ioprio.c 2010-08-02 17:05:06.000000000 +0200
-@@ -27,6 +27,7 @@
+diff -NurpP --minimal linux-3.9.4/fs/ioprio.c linux-3.9.4-vs2.3.6.2/fs/ioprio.c
+--- linux-3.9.4/fs/ioprio.c 2012-12-11 03:30:57.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/ioprio.c 2013-05-31 14:47:11.000000000 +0000
+@@ -28,6 +28,7 @@
#include <linux/syscalls.h>
#include <linux/security.h>
#include <linux/pid_namespace.h>
int set_task_ioprio(struct task_struct *task, int ioprio)
{
-@@ -124,6 +125,8 @@ SYSCALL_DEFINE3(ioprio_set, int, which,
+@@ -105,6 +106,8 @@ SYSCALL_DEFINE3(ioprio_set, int, which,
else
pgrp = find_vpid(who);
do_each_pid_thread(pgrp, PIDTYPE_PGID, p) {
ret = set_task_ioprio(p, ioprio);
if (ret)
break;
-@@ -213,6 +216,8 @@ SYSCALL_DEFINE2(ioprio_get, int, which,
+@@ -198,6 +201,8 @@ SYSCALL_DEFINE2(ioprio_get, int, which,
else
pgrp = find_vpid(who);
do_each_pid_thread(pgrp, PIDTYPE_PGID, p) {
tmpio = get_task_ioprio(p);
if (tmpio < 0)
continue;
-diff -NurpP --minimal linux-2.6.35.4/fs/jfs/file.c linux-2.6.35.4-vs2.3.0.36.32/fs/jfs/file.c
---- linux-2.6.35.4/fs/jfs/file.c 2010-08-02 16:52:49.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/jfs/file.c 2010-08-02 17:05:06.000000000 +0200
-@@ -101,7 +101,8 @@ int jfs_setattr(struct dentry *dentry, s
+diff -NurpP --minimal linux-3.9.4/fs/jfs/file.c linux-3.9.4-vs2.3.6.2/fs/jfs/file.c
+--- linux-3.9.4/fs/jfs/file.c 2013-02-19 13:58:48.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/jfs/file.c 2013-05-31 14:47:11.000000000 +0000
+@@ -109,7 +109,8 @@ int jfs_setattr(struct dentry *dentry, s
if (is_quota_modification(inode, iattr))
dquot_initialize(inode);
- if ((iattr->ia_valid & ATTR_UID && iattr->ia_uid != inode->i_uid) ||
-- (iattr->ia_valid & ATTR_GID && iattr->ia_gid != inode->i_gid)) {
-+ (iattr->ia_valid & ATTR_GID && iattr->ia_gid != inode->i_gid) ||
-+ (iattr->ia_valid & ATTR_TAG && iattr->ia_tag != inode->i_tag)) {
+ if ((iattr->ia_valid & ATTR_UID && !uid_eq(iattr->ia_uid, inode->i_uid)) ||
+- (iattr->ia_valid & ATTR_GID && !gid_eq(iattr->ia_gid, inode->i_gid))) {
++ (iattr->ia_valid & ATTR_GID && !gid_eq(iattr->ia_gid, inode->i_gid)) ||
++ (iattr->ia_valid & ATTR_TAG && !tag_eq(iattr->ia_tag, inode->i_tag))) {
rc = dquot_transfer(inode, iattr);
if (rc)
return rc;
-@@ -125,6 +126,7 @@ const struct inode_operations jfs_file_i
+@@ -144,6 +145,7 @@ const struct inode_operations jfs_file_i
#ifdef CONFIG_JFS_POSIX_ACL
- .check_acl = jfs_check_acl,
+ .get_acl = jfs_get_acl,
#endif
+ .sync_flags = jfs_sync_flags,
};
const struct file_operations jfs_file_operations = {
-diff -NurpP --minimal linux-2.6.35.4/fs/jfs/ioctl.c linux-2.6.35.4-vs2.3.0.36.32/fs/jfs/ioctl.c
---- linux-2.6.35.4/fs/jfs/ioctl.c 2008-12-25 00:26:37.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/jfs/ioctl.c 2010-08-02 17:05:06.000000000 +0200
-@@ -11,6 +11,7 @@
- #include <linux/mount.h>
+diff -NurpP --minimal linux-3.9.4/fs/jfs/ioctl.c linux-3.9.4-vs2.3.6.2/fs/jfs/ioctl.c
+--- linux-3.9.4/fs/jfs/ioctl.c 2013-05-31 13:45:24.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/jfs/ioctl.c 2013-05-31 14:47:11.000000000 +0000
+@@ -12,6 +12,7 @@
#include <linux/time.h>
#include <linux/sched.h>
+ #include <linux/blkdev.h>
+#include <linux/mount.h>
#include <asm/current.h>
#include <asm/uaccess.h>
-@@ -52,6 +53,16 @@ static long jfs_map_ext2(unsigned long f
+@@ -56,6 +57,16 @@ static long jfs_map_ext2(unsigned long f
}
+
long jfs_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
{
- struct inode *inode = filp->f_dentry->d_inode;
-@@ -85,6 +96,11 @@ long jfs_ioctl(struct file *filp, unsign
+ struct inode *inode = file_inode(filp);
+@@ -89,6 +100,11 @@ long jfs_ioctl(struct file *filp, unsign
if (!S_ISDIR(inode->i_mode))
flags &= ~JFS_DIRSYNC_FL;
/* Is it quota file? Do not allow user to mess with it */
if (IS_NOQUOTA(inode)) {
err = -EPERM;
-@@ -102,8 +118,8 @@ long jfs_ioctl(struct file *filp, unsign
+@@ -106,8 +122,8 @@ long jfs_ioctl(struct file *filp, unsign
* the relevant capability.
*/
if ((oldflags & JFS_IMMUTABLE_FL) ||
if (!capable(CAP_LINUX_IMMUTABLE)) {
mutex_unlock(&inode->i_mutex);
err = -EPERM;
-@@ -111,7 +127,7 @@ long jfs_ioctl(struct file *filp, unsign
+@@ -115,7 +131,7 @@ long jfs_ioctl(struct file *filp, unsign
}
}
flags |= oldflags & ~JFS_FL_USER_MODIFIABLE;
jfs_inode->mode2 = flags;
-diff -NurpP --minimal linux-2.6.35.4/fs/jfs/jfs_dinode.h linux-2.6.35.4-vs2.3.0.36.32/fs/jfs/jfs_dinode.h
---- linux-2.6.35.4/fs/jfs/jfs_dinode.h 2008-12-25 00:26:37.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/jfs/jfs_dinode.h 2010-08-02 17:05:06.000000000 +0200
+diff -NurpP --minimal linux-3.9.4/fs/jfs/jfs_dinode.h linux-3.9.4-vs2.3.6.2/fs/jfs/jfs_dinode.h
+--- linux-3.9.4/fs/jfs/jfs_dinode.h 2012-12-11 03:30:57.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/jfs/jfs_dinode.h 2013-05-31 14:47:11.000000000 +0000
@@ -161,9 +161,13 @@ struct dinode {
#define JFS_APPEND_FL 0x01000000 /* writes to file may only append */
#define JFS_FL_INHERIT 0x03C80000
/* These are identical to EXT[23]_IOC_GETFLAGS/SETFLAGS */
-diff -NurpP --minimal linux-2.6.35.4/fs/jfs/jfs_filsys.h linux-2.6.35.4-vs2.3.0.36.32/fs/jfs/jfs_filsys.h
---- linux-2.6.35.4/fs/jfs/jfs_filsys.h 2008-12-25 00:26:37.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/jfs/jfs_filsys.h 2010-08-02 17:05:06.000000000 +0200
-@@ -263,6 +263,7 @@
+diff -NurpP --minimal linux-3.9.4/fs/jfs/jfs_filsys.h linux-3.9.4-vs2.3.6.2/fs/jfs/jfs_filsys.h
+--- linux-3.9.4/fs/jfs/jfs_filsys.h 2012-12-11 03:30:57.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/jfs/jfs_filsys.h 2013-05-31 14:47:11.000000000 +0000
+@@ -266,6 +266,7 @@
#define JFS_NAME_MAX 255
#define JFS_PATH_MAX BPSIZE
/*
* file system state (superblock state)
-diff -NurpP --minimal linux-2.6.35.4/fs/jfs/jfs_imap.c linux-2.6.35.4-vs2.3.0.36.32/fs/jfs/jfs_imap.c
---- linux-2.6.35.4/fs/jfs/jfs_imap.c 2010-07-07 18:31:52.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/jfs/jfs_imap.c 2010-08-02 17:05:06.000000000 +0200
+diff -NurpP --minimal linux-3.9.4/fs/jfs/jfs_imap.c linux-3.9.4-vs2.3.6.2/fs/jfs/jfs_imap.c
+--- linux-3.9.4/fs/jfs/jfs_imap.c 2012-12-11 03:30:57.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/jfs/jfs_imap.c 2013-05-31 14:47:11.000000000 +0000
@@ -46,6 +46,7 @@
#include <linux/pagemap.h>
#include <linux/quotaops.h>
#include "jfs_incore.h"
#include "jfs_inode.h"
-@@ -3060,6 +3061,8 @@ static int copy_from_dinode(struct dinod
+@@ -3058,6 +3059,8 @@ static int copy_from_dinode(struct dinod
{
struct jfs_inode_info *jfs_ip = JFS_IP(ip);
struct jfs_sb_info *sbi = JFS_SBI(ip->i_sb);
-+ uid_t uid;
-+ gid_t gid;
++ kuid_t uid;
++ kgid_t gid;
jfs_ip->fileset = le32_to_cpu(dip->di_fileset);
jfs_ip->mode2 = le32_to_cpu(dip->di_mode);
-@@ -3080,14 +3083,18 @@ static int copy_from_dinode(struct dinod
+@@ -3078,14 +3081,19 @@ static int copy_from_dinode(struct dinod
}
- ip->i_nlink = le32_to_cpu(dip->di_nlink);
+ set_nlink(ip, le32_to_cpu(dip->di_nlink));
-- jfs_ip->saved_uid = le32_to_cpu(dip->di_uid);
-+ uid = le32_to_cpu(dip->di_uid);
-+ gid = le32_to_cpu(dip->di_gid);
-+ ip->i_tag = INOTAG_TAG(DX_TAG(ip), uid, gid, 0);
+- jfs_ip->saved_uid = make_kuid(&init_user_ns, le32_to_cpu(dip->di_uid));
++ uid = make_kuid(&init_user_ns, le32_to_cpu(dip->di_uid));
++ gid = make_kgid(&init_user_ns, le32_to_cpu(dip->di_gid));
++ ip->i_tag = make_ktag(&init_user_ns,
++ INOTAG_TAG(DX_TAG(ip), uid, gid, 0));
+
+ jfs_ip->saved_uid = INOTAG_UID(DX_TAG(ip), uid, gid);
- if (sbi->uid == -1)
+ if (!uid_valid(sbi->uid))
ip->i_uid = jfs_ip->saved_uid;
else {
ip->i_uid = sbi->uid;
}
-- jfs_ip->saved_gid = le32_to_cpu(dip->di_gid);
+- jfs_ip->saved_gid = make_kgid(&init_user_ns, le32_to_cpu(dip->di_gid));
+ jfs_ip->saved_gid = INOTAG_GID(DX_TAG(ip), uid, gid);
- if (sbi->gid == -1)
+ if (!gid_valid(sbi->gid))
ip->i_gid = jfs_ip->saved_gid;
else {
-@@ -3152,14 +3159,12 @@ static void copy_to_dinode(struct dinode
+@@ -3150,16 +3158,14 @@ static void copy_to_dinode(struct dinode
dip->di_size = cpu_to_le64(ip->i_size);
dip->di_nblocks = cpu_to_le64(PBLK2LBLK(ip->i_sb, ip->i_blocks));
dip->di_nlink = cpu_to_le32(ip->i_nlink);
-- if (sbi->uid == -1)
-- dip->di_uid = cpu_to_le32(ip->i_uid);
+- if (!uid_valid(sbi->uid))
+- dip->di_uid = cpu_to_le32(i_uid_read(ip));
- else
-- dip->di_uid = cpu_to_le32(jfs_ip->saved_uid);
-- if (sbi->gid == -1)
-- dip->di_gid = cpu_to_le32(ip->i_gid);
+- dip->di_uid =cpu_to_le32(from_kuid(&init_user_ns,
+- jfs_ip->saved_uid));
+- if (!gid_valid(sbi->gid))
+- dip->di_gid = cpu_to_le32(i_gid_read(ip));
- else
-- dip->di_gid = cpu_to_le32(jfs_ip->saved_gid);
-+
-+ dip->di_uid = cpu_to_le32(TAGINO_UID(DX_TAG(ip),
-+ (sbi->uid == -1) ? ip->i_uid : jfs_ip->saved_uid, ip->i_tag));
-+ dip->di_gid = cpu_to_le32(TAGINO_GID(DX_TAG(ip),
-+ (sbi->gid == -1) ? ip->i_gid : jfs_ip->saved_gid, ip->i_tag));
-+
+- dip->di_gid = cpu_to_le32(from_kgid(&init_user_ns,
+- jfs_ip->saved_gid));
++ dip->di_uid = cpu_to_le32(from_kuid(&init_user_ns,
++ TAGINO_UID(DX_TAG(ip),
++ !uid_valid(sbi->uid) ? ip->i_uid : jfs_ip->saved_uid,
++ ip->i_tag)));
++ dip->di_gid = cpu_to_le32(from_kuid(&init_user_ns,
++ TAGINO_GID(DX_TAG(ip),
++ !gid_valid(sbi->gid) ? ip->i_gid : jfs_ip->saved_gid,
++ ip->i_tag)));
jfs_get_inode_flags(jfs_ip);
/*
* mode2 is only needed for storing the higher order bits.
-diff -NurpP --minimal linux-2.6.35.4/fs/jfs/jfs_inode.c linux-2.6.35.4-vs2.3.0.36.32/fs/jfs/jfs_inode.c
---- linux-2.6.35.4/fs/jfs/jfs_inode.c 2010-08-02 16:52:49.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/jfs/jfs_inode.c 2010-08-02 17:05:06.000000000 +0200
+diff -NurpP --minimal linux-3.9.4/fs/jfs/jfs_inode.c linux-3.9.4-vs2.3.6.2/fs/jfs/jfs_inode.c
+--- linux-3.9.4/fs/jfs/jfs_inode.c 2012-12-11 03:30:57.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/jfs/jfs_inode.c 2013-05-31 14:47:11.000000000 +0000
@@ -18,6 +18,7 @@
#include <linux/fs.h>
}
/*
-diff -NurpP --minimal linux-2.6.35.4/fs/jfs/jfs_inode.h linux-2.6.35.4-vs2.3.0.36.32/fs/jfs/jfs_inode.h
---- linux-2.6.35.4/fs/jfs/jfs_inode.h 2010-08-02 16:52:49.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/jfs/jfs_inode.h 2010-08-02 17:05:06.000000000 +0200
+diff -NurpP --minimal linux-3.9.4/fs/jfs/jfs_inode.h linux-3.9.4-vs2.3.6.2/fs/jfs/jfs_inode.h
+--- linux-3.9.4/fs/jfs/jfs_inode.h 2012-12-11 03:30:57.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/jfs/jfs_inode.h 2013-05-31 14:47:11.000000000 +0000
@@ -39,6 +39,7 @@ extern struct dentry *jfs_fh_to_dentry(s
extern struct dentry *jfs_fh_to_parent(struct super_block *sb, struct fid *fid,
int fh_len, int fh_type);
extern int jfs_get_block(struct inode *, sector_t, struct buffer_head *, int);
extern int jfs_setattr(struct dentry *, struct iattr *);
-diff -NurpP --minimal linux-2.6.35.4/fs/jfs/namei.c linux-2.6.35.4-vs2.3.0.36.32/fs/jfs/namei.c
---- linux-2.6.35.4/fs/jfs/namei.c 2010-07-07 18:31:52.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/jfs/namei.c 2010-08-02 17:05:06.000000000 +0200
-@@ -21,6 +21,7 @@
+diff -NurpP --minimal linux-3.9.4/fs/jfs/namei.c linux-3.9.4-vs2.3.6.2/fs/jfs/namei.c
+--- linux-3.9.4/fs/jfs/namei.c 2012-12-11 03:30:57.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/jfs/namei.c 2013-05-31 14:47:11.000000000 +0000
+@@ -22,6 +22,7 @@
#include <linux/ctype.h>
#include <linux/quotaops.h>
#include <linux/exportfs.h>
#include "jfs_incore.h"
#include "jfs_superblock.h"
#include "jfs_inode.h"
-@@ -1491,6 +1492,7 @@ static struct dentry *jfs_lookup(struct
- return ERR_CAST(ip);
+@@ -1461,6 +1462,7 @@ static struct dentry *jfs_lookup(struct
+ jfs_err("jfs_lookup: iget failed on inum %d", (uint)inum);
}
+ dx_propagate_tag(nd, ip);
- dentry = d_splice_alias(ip, dentry);
+ return d_splice_alias(ip, dentry);
+ }
- if (dentry && (JFS_SBI(dip->i_sb)->mntflag & JFS_OS2))
-@@ -1560,6 +1562,7 @@ const struct inode_operations jfs_dir_in
+@@ -1525,6 +1527,7 @@ const struct inode_operations jfs_dir_in
#ifdef CONFIG_JFS_POSIX_ACL
- .check_acl = jfs_check_acl,
+ .get_acl = jfs_get_acl,
#endif
+ .sync_flags = jfs_sync_flags,
};
const struct file_operations jfs_dir_operations = {
-diff -NurpP --minimal linux-2.6.35.4/fs/jfs/super.c linux-2.6.35.4-vs2.3.0.36.32/fs/jfs/super.c
---- linux-2.6.35.4/fs/jfs/super.c 2010-08-02 16:52:49.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/jfs/super.c 2010-08-02 17:05:06.000000000 +0200
-@@ -200,7 +200,8 @@ static void jfs_put_super(struct super_b
- enum {
+diff -NurpP --minimal linux-3.9.4/fs/jfs/super.c linux-3.9.4-vs2.3.6.2/fs/jfs/super.c
+--- linux-3.9.4/fs/jfs/super.c 2013-05-31 13:45:24.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/jfs/super.c 2013-05-31 14:47:11.000000000 +0000
+@@ -199,7 +199,8 @@ enum {
Opt_integrity, Opt_nointegrity, Opt_iocharset, Opt_resize,
Opt_resize_nosize, Opt_errors, Opt_ignore, Opt_err, Opt_quota,
-- Opt_usrquota, Opt_grpquota, Opt_uid, Opt_gid, Opt_umask
-+ Opt_usrquota, Opt_grpquota, Opt_uid, Opt_gid, Opt_umask,
+ Opt_usrquota, Opt_grpquota, Opt_uid, Opt_gid, Opt_umask,
+- Opt_discard, Opt_nodiscard, Opt_discard_minblk
++ Opt_discard, Opt_nodiscard, Opt_discard_minblk,
+ Opt_tag, Opt_notag, Opt_tagid
};
static const match_table_t tokens = {
-@@ -210,6 +211,10 @@ static const match_table_t tokens = {
+@@ -209,6 +210,10 @@ static const match_table_t tokens = {
{Opt_resize, "resize=%u"},
{Opt_resize_nosize, "resize"},
{Opt_errors, "errors=%s"},
{Opt_ignore, "noquota"},
{Opt_ignore, "quota"},
{Opt_usrquota, "usrquota"},
-@@ -344,6 +349,20 @@ static int parse_options(char *options,
+@@ -385,7 +390,20 @@ static int parse_options(char *options,
}
break;
}
+-
+#ifndef CONFIG_TAGGING_NONE
+ case Opt_tag:
+ *flag |= JFS_TAGGED;
default:
printk("jfs: Unrecognized mount option \"%s\" "
" or missing value\n", p);
-@@ -374,6 +393,12 @@ static int jfs_remount(struct super_bloc
- if (!parse_options(data, sb, &newLVSize, &flag)) {
+@@ -417,6 +435,12 @@ static int jfs_remount(struct super_bloc
return -EINVAL;
}
+
+ if ((flag & JFS_TAGGED) && !(sb->s_flags & MS_TAGGED)) {
+ printk(KERN_ERR "JFS: %s: tagging not permitted on remount.\n",
+ sb->s_id);
+ return -EINVAL;
+ }
+
- lock_kernel();
if (newLVSize) {
if (sb->s_flags & MS_RDONLY) {
-@@ -465,6 +490,9 @@ static int jfs_fill_super(struct super_b
+ pr_err("JFS: resize requires volume" \
+@@ -502,6 +526,9 @@ static int jfs_fill_super(struct super_b
#ifdef CONFIG_JFS_POSIX_ACL
sb->s_flags |= MS_POSIXACL;
#endif
+ sb->s_flags |= MS_TAGGED;
if (newLVSize) {
- printk(KERN_ERR "resize option for remount only\n");
-diff -NurpP --minimal linux-2.6.35.4/fs/libfs.c linux-2.6.35.4-vs2.3.0.36.32/fs/libfs.c
---- linux-2.6.35.4/fs/libfs.c 2010-08-02 16:52:49.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/libfs.c 2010-08-02 17:05:06.000000000 +0200
-@@ -124,7 +124,8 @@ static inline unsigned char dt_type(stru
+ pr_err("resize option for remount only\n");
+diff -NurpP --minimal linux-3.9.4/fs/libfs.c linux-3.9.4-vs2.3.6.2/fs/libfs.c
+--- linux-3.9.4/fs/libfs.c 2013-02-19 13:58:48.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/libfs.c 2013-05-31 14:47:11.000000000 +0000
+@@ -135,7 +135,8 @@ static inline unsigned char dt_type(stru
* both impossible due to the lock on directory.
*/
{
struct dentry *dentry = filp->f_path.dentry;
struct dentry *cursor = filp->private_data;
-@@ -157,6 +158,8 @@ int dcache_readdir(struct file * filp, v
+@@ -166,6 +167,8 @@ int dcache_readdir(struct file * filp, v
+ for (p=q->next; p != &dentry->d_subdirs; p=p->next) {
+ struct dentry *next;
next = list_entry(p, struct dentry, d_u.d_child);
- if (d_unhashed(next) || !next->d_inode)
- continue;
+ if (filter && !filter(next))
+ continue;
-
- spin_unlock(&dcache_lock);
- if (filldir(dirent, next->d_name.name,
-@@ -175,6 +178,18 @@ int dcache_readdir(struct file * filp, v
+ spin_lock_nested(&next->d_lock, DENTRY_D_LOCK_NESTED);
+ if (!simple_positive(next)) {
+ spin_unlock(&next->d_lock);
+@@ -192,6 +195,17 @@ int dcache_readdir(struct file * filp, v
return 0;
}
+{
+ return do_dcache_readdir_filter(filp, dirent, filldir, filter);
+}
-+
+
ssize_t generic_read_dir(struct file *filp, char __user *buf, size_t siz, loff_t *ppos)
{
return -EISDIR;
-@@ -967,6 +982,7 @@ EXPORT_SYMBOL(dcache_dir_close);
+@@ -981,6 +995,7 @@ EXPORT_SYMBOL(dcache_dir_close);
EXPORT_SYMBOL(dcache_dir_lseek);
EXPORT_SYMBOL(dcache_dir_open);
EXPORT_SYMBOL(dcache_readdir);
+EXPORT_SYMBOL(dcache_readdir_filter);
EXPORT_SYMBOL(generic_read_dir);
- EXPORT_SYMBOL(get_sb_pseudo);
+ EXPORT_SYMBOL(mount_pseudo);
EXPORT_SYMBOL(simple_write_begin);
-diff -NurpP --minimal linux-2.6.35.4/fs/locks.c linux-2.6.35.4-vs2.3.0.36.32/fs/locks.c
---- linux-2.6.35.4/fs/locks.c 2010-07-07 18:31:52.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/locks.c 2010-08-02 17:05:06.000000000 +0200
-@@ -127,6 +127,8 @@
+diff -NurpP --minimal linux-3.9.4/fs/locks.c linux-3.9.4-vs2.3.6.2/fs/locks.c
+--- linux-3.9.4/fs/locks.c 2013-05-31 13:45:24.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/locks.c 2013-05-31 15:53:57.000000000 +0000
+@@ -126,6 +126,8 @@
#include <linux/time.h>
#include <linux/rcupdate.h>
#include <linux/pid_namespace.h>
#include <asm/uaccess.h>
-@@ -148,6 +150,8 @@ static struct kmem_cache *filelock_cache
+@@ -184,11 +186,17 @@ static void locks_init_lock_heads(struct
/* Allocate an empty lock structure. */
- static struct file_lock *locks_alloc_lock(void)
+ struct file_lock *locks_alloc_lock(void)
{
+- struct file_lock *fl = kmem_cache_zalloc(filelock_cache, GFP_KERNEL);
++ struct file_lock *fl;
+
+- if (fl)
+- locks_init_lock_heads(fl);
+ if (!vx_locks_avail(1))
+ return NULL;
- return kmem_cache_alloc(filelock_cache, GFP_KERNEL);
- }
-@@ -174,6 +178,7 @@ static void locks_free_lock(struct file_
++ fl = kmem_cache_zalloc(filelock_cache, GFP_KERNEL);
++
++ if (fl) {
++ locks_init_lock_heads(fl);
++ fl->fl_xid = -1;
++ }
+ return fl;
+ }
+ EXPORT_SYMBOL_GPL(locks_alloc_lock);
+@@ -212,6 +220,7 @@ void locks_free_lock(struct file_lock *f
BUG_ON(!list_empty(&fl->fl_block));
BUG_ON(!list_empty(&fl->fl_link));
locks_release_private(fl);
kmem_cache_free(filelock_cache, fl);
}
-@@ -194,6 +199,7 @@ void locks_init_lock(struct file_lock *f
- fl->fl_start = fl->fl_end = 0;
- fl->fl_ops = NULL;
- fl->fl_lmops = NULL;
+@@ -221,6 +230,7 @@ void locks_init_lock(struct file_lock *f
+ {
+ memset(fl, 0, sizeof(struct file_lock));
+ locks_init_lock_heads(fl);
+ fl->fl_xid = -1;
}
EXPORT_SYMBOL(locks_init_lock);
-@@ -248,6 +254,7 @@ void locks_copy_lock(struct file_lock *n
+@@ -261,6 +271,7 @@ void locks_copy_lock(struct file_lock *n
new->fl_file = fl->fl_file;
new->fl_ops = fl->fl_ops;
new->fl_lmops = fl->fl_lmops;
locks_copy_private(new, fl);
}
-@@ -286,6 +293,11 @@ static int flock_make_lock(struct file *
+@@ -299,6 +310,11 @@ static int flock_make_lock(struct file *
fl->fl_flags = FL_FLOCK;
fl->fl_type = type;
fl->fl_end = OFFSET_MAX;
*lock = fl;
return 0;
-@@ -451,6 +463,7 @@ static int lease_init(struct file *filp,
+@@ -438,6 +454,7 @@ static int lease_init(struct file *filp,
fl->fl_owner = current->files;
fl->fl_pid = current->tgid;
fl->fl_file = filp;
fl->fl_flags = FL_LEASE;
-@@ -470,6 +483,11 @@ static struct file_lock *lease_alloc(str
+@@ -457,6 +474,11 @@ static struct file_lock *lease_alloc(str
if (fl == NULL)
return ERR_PTR(error);
error = lease_init(filp, type, fl);
if (error) {
locks_free_lock(fl);
-@@ -770,6 +788,7 @@ static int flock_lock_file(struct file *
- if (found)
- cond_resched();
+@@ -753,6 +775,7 @@ static int flock_lock_file(struct file *
+ lock_flocks();
+ }
+ new_fl->fl_xid = -1;
find_conflict:
for_each_lock(inode, before) {
struct file_lock *fl = *before;
-@@ -790,6 +809,7 @@ find_conflict:
+@@ -773,6 +796,7 @@ find_conflict:
goto out;
locks_copy_lock(new_fl, request);
locks_insert_lock(before, new_fl);
new_fl = NULL;
error = 0;
-@@ -800,7 +820,8 @@ out:
+@@ -783,7 +807,8 @@ out:
return error;
}
{
struct file_lock *fl;
struct file_lock *new_fl = NULL;
-@@ -810,6 +831,8 @@ static int __posix_lock_file(struct inod
+@@ -793,6 +818,8 @@ static int __posix_lock_file(struct inod
struct file_lock **before;
int error, added = 0;
/*
* We may need two file_lock structures for this operation,
* so we get them in advance to avoid races.
-@@ -820,7 +843,11 @@ static int __posix_lock_file(struct inod
+@@ -803,7 +830,11 @@ static int __posix_lock_file(struct inod
(request->fl_type != F_UNLCK ||
request->fl_start != 0 || request->fl_end != OFFSET_MAX)) {
new_fl = locks_alloc_lock();
+ vx_locks_inc(new_fl2);
}
- lock_kernel();
-@@ -1019,7 +1046,8 @@ static int __posix_lock_file(struct inod
+ lock_flocks();
+@@ -1002,7 +1033,8 @@ static int __posix_lock_file(struct inod
int posix_lock_file(struct file *filp, struct file_lock *fl,
struct file_lock *conflock)
{
-- return __posix_lock_file(filp->f_path.dentry->d_inode, fl, conflock);
-+ return __posix_lock_file(filp->f_path.dentry->d_inode,
+- return __posix_lock_file(file_inode(filp), fl, conflock);
++ return __posix_lock_file(file_inode(filp),
+ fl, conflock, filp->f_xid);
}
EXPORT_SYMBOL(posix_lock_file);
-@@ -1109,7 +1137,7 @@ int locks_mandatory_area(int read_write,
+@@ -1092,7 +1124,7 @@ int locks_mandatory_area(int read_write,
fl.fl_end = offset + count - 1;
for (;;) {
if (error != FILE_LOCK_DEFERRED)
break;
error = wait_event_interruptible(fl.fl_wait, !fl.fl_next);
-@@ -1425,6 +1453,7 @@ int generic_setlease(struct file *filp,
-
- locks_copy_lock(new_fl, lease);
- locks_insert_lock(before, new_fl);
-+ vx_locks_inc(new_fl);
+@@ -1397,6 +1429,7 @@ int generic_add_lease(struct file *filp,
+ goto out;
- *flp = new_fl;
+ locks_insert_lock(before, lease);
++ vx_locks_inc(lease);
return 0;
-@@ -1780,6 +1809,11 @@ int fcntl_setlk(unsigned int fd, struct
+
+ out:
+@@ -1836,6 +1869,11 @@ int fcntl_setlk(unsigned int fd, struct
if (file_lock == NULL)
return -ENOLCK;
/*
* This might block, so we do it before checking the inode.
*/
-@@ -1898,6 +1932,11 @@ int fcntl_setlk64(unsigned int fd, struc
+@@ -1954,6 +1992,11 @@ int fcntl_setlk64(unsigned int fd, struc
if (file_lock == NULL)
return -ENOLCK;
/*
* This might block, so we do it before checking the inode.
*/
-@@ -2163,8 +2202,11 @@ static int locks_show(struct seq_file *f
+@@ -2219,8 +2262,11 @@ static int locks_show(struct seq_file *f
- lock_get_status(f, fl, (long)f->private, "");
+ lock_get_status(f, fl, *((loff_t *)f->private), "");
- list_for_each_entry(bfl, &fl->fl_block, fl_block)
+ list_for_each_entry(bfl, &fl->fl_block, fl_block) {
+ if (!vx_check(fl->fl_xid, VS_WATCH_P | VS_IDENT))
+ continue;
- lock_get_status(f, bfl, (long)f->private, " ->");
+ lock_get_status(f, bfl, *((loff_t *)f->private), " ->");
+ }
- f->private++;
return 0;
-diff -NurpP --minimal linux-2.6.35.4/fs/namei.c linux-2.6.35.4-vs2.3.0.36.32/fs/namei.c
---- linux-2.6.35.4/fs/namei.c 2010-08-02 16:52:50.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/namei.c 2010-08-14 17:03:20.000000000 +0200
-@@ -32,6 +32,14 @@
- #include <linux/fcntl.h>
+ }
+diff -NurpP --minimal linux-3.9.4/fs/mount.h linux-3.9.4-vs2.3.6.2/fs/mount.h
+--- linux-3.9.4/fs/mount.h 2013-02-19 13:58:48.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/mount.h 2013-05-31 14:47:11.000000000 +0000
+@@ -49,6 +49,7 @@ struct mount {
+ int mnt_expiry_mark; /* true if marked for expiry */
+ int mnt_pinned;
+ int mnt_ghosts;
++ tag_t mnt_tag; /* tagging used for vfsmount */
+ };
+
+ #define MNT_NS_INTERNAL ERR_PTR(-EINVAL) /* distinct from any mnt_namespace */
+diff -NurpP --minimal linux-3.9.4/fs/namei.c linux-3.9.4-vs2.3.6.2/fs/namei.c
+--- linux-3.9.4/fs/namei.c 2013-05-31 14:22:27.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/namei.c 2013-06-01 09:00:16.000000000 +0000
+@@ -34,6 +34,14 @@
#include <linux/device_cgroup.h>
#include <linux/fs_struct.h>
+ #include <linux/posix_acl.h>
+#include <linux/proc_fs.h>
+#include <linux/vserver/inode.h>
+#include <linux/vs_base.h>
#include <asm/uaccess.h>
#include "internal.h"
-@@ -166,6 +174,77 @@ void putname(const char *name)
- EXPORT_SYMBOL(putname);
- #endif
+@@ -266,6 +274,89 @@ static int check_acl(struct inode *inode
+ return -EAGAIN;
+ }
+static inline int dx_barrier(const struct inode *inode)
+{
+ if (inode->i_sb->s_magic == DEVPTS_SUPER_MAGIC) {
+ /* devpts is xid tagged */
+ if (S_ISDIR(inode->i_mode) ||
-+ vx_check((xid_t)inode->i_tag, VS_IDENT | VS_WATCH_P))
++ vx_check((xid_t)i_tag_read(inode), VS_IDENT | VS_WATCH_P))
+ return 0;
++
++ /* just pretend we didn't find anything */
++ return -ENOENT;
+ }
+ else if (inode->i_sb->s_magic == PROC_SUPER_MAGIC) {
+ struct proc_dir_entry *de = PDE(inode);
+ if (!pid)
+ goto out;
+
++ rcu_read_lock();
+ tsk = pid_task(pid, PIDTYPE_PID);
+ vxdprintk(VXD_CBIT(tag, 0), "accessing %p[#%u]",
+ tsk, (tsk ? vx_task_xid(tsk) : 0));
-+ if (tsk && vx_check(vx_task_xid(tsk), VS_IDENT | VS_WATCH_P))
++ if (tsk &&
++ vx_check(vx_task_xid(tsk), VS_IDENT | VS_WATCH_P)) {
++ rcu_read_unlock();
+ return 0;
++ }
++ rcu_read_unlock();
+ }
+ else {
+ /* FIXME: Should we block some entries here? */
+ }
+ else {
+ if (dx_notagcheck(inode->i_sb) ||
-+ dx_check(inode->i_tag, DX_HOSTID | DX_ADMIN | DX_WATCH |
-+ DX_IDENT))
++ dx_check((xid_t)i_tag_read(inode),
++ DX_HOSTID | DX_ADMIN | DX_WATCH | DX_IDENT))
+ return 0;
+ }
+
+{
+ int ret = __dx_permission(inode, mask);
+ if (unlikely(ret)) {
-+ vxwprintk_task(1, "denied %x access to %s:%p[#%d,%lu]",
-+ mask, inode->i_sb->s_id, inode, inode->i_tag,
-+ inode->i_ino);
++#ifndef CONFIG_VSERVER_WARN_DEVPTS
++ if (inode->i_sb->s_magic != DEVPTS_SUPER_MAGIC)
++#endif
++ vxwprintk_task(1,
++ "denied [0x%x] access to inode %s:%p[#%d,%lu]",
++ mask, inode->i_sb->s_id, inode,
++ i_tag_read(inode), inode->i_ino);
+ }
+ return ret;
+}
+
/*
- * This does basic POSIX ACL permission checking
+ * This does the basic permission checking
*/
-@@ -266,10 +345,14 @@ int inode_permission(struct inode *inode
+@@ -388,10 +479,14 @@ int __inode_permission(struct inode *ino
/*
* Nobody gets write access to an immutable file.
*/
+ if (retval)
+ return retval;
+
- if (inode->i_op->permission)
- retval = inode->i_op->permission(inode, mask);
- else
-@@ -464,6 +547,9 @@ static int exec_permission(struct inode
- {
- int ret;
-
-+ if (dx_barrier(inode))
-+ return -EACCES;
-+
- if (inode->i_op->permission) {
- ret = inode->i_op->permission(inode, MAY_EXEC);
- if (!ret)
-@@ -677,7 +763,8 @@ static __always_inline void follow_dotdo
+ retval = do_inode_permission(inode, mask);
+ if (retval)
+ return retval;
+@@ -1238,7 +1333,8 @@ static void follow_dotdot(struct nameida
if (nd->path.dentry == nd->root.dentry &&
nd->path.mnt == nd->root.mnt) {
}
if (nd->path.dentry != nd->path.mnt->mnt_root) {
/* rare case of legitimate dget_parent()... */
-@@ -701,7 +788,7 @@ static int do_lookup(struct nameidata *n
- {
- struct vfsmount *mnt = nd->path.mnt;
- struct dentry *dentry, *parent;
-- struct inode *dir;
-+ struct inode *dir, *inode;
- /*
- * See if the low-level filesystem might want
- * to use its own hash..
-@@ -717,12 +804,26 @@ static int do_lookup(struct nameidata *n
- goto need_lookup;
- if (dentry->d_op && dentry->d_op->d_revalidate)
- goto need_revalidate;
-+
-+ inode = dentry->d_inode;
-+ if (!inode)
-+ goto done;
+@@ -1383,6 +1479,9 @@ static int lookup_fast(struct nameidata
+ goto unlazy;
+ }
+ }
++
++ /* FIXME: check dx permission */
++
+ path->mnt = mnt;
+ path->dentry = dentry;
+ if (unlikely(!__follow_mount_rcu(nd, path, inode)))
+@@ -1413,6 +1512,8 @@ unlazy:
+ }
+ }
+
++ /* FIXME: check dx permission */
+
-+ if (__dx_permission(inode, MAY_ACCESS))
-+ goto hidden;
- done:
path->mnt = mnt;
path->dentry = dentry;
- __follow_mount(path);
- return 0;
-
-+hidden:
-+ vxwprintk_task(1, "did lookup hidden %s:%p[#%d,%lu] »%s/%.*s«.",
-+ inode->i_sb->s_id, inode, inode->i_tag, inode->i_ino,
-+ vxd_path(&nd->path), name->len, name->name);
-+ dput(dentry);
-+ return -ENOENT;
-+
- need_lookup:
- parent = nd->path.dentry;
- dir = parent->d_inode;
-@@ -1326,7 +1427,7 @@ static int may_delete(struct inode *dir,
+ err = follow_managed(path, nd->flags);
+@@ -2237,7 +2338,7 @@ static int may_delete(struct inode *dir,
if (IS_APPEND(dir))
return -EPERM;
if (check_sticky(dir, victim->d_inode)||IS_APPEND(victim->d_inode)||
return -EPERM;
if (isdir) {
if (!S_ISDIR(victim->d_inode->i_mode))
-@@ -1449,6 +1550,14 @@ int may_open(struct path *path, int acc_
- break;
- }
+@@ -2316,19 +2417,25 @@ int vfs_create(struct inode *dir, struct
+ bool want_excl)
+ {
+ int error = may_create(dir, dentry);
+- if (error)
++ if (error) {
++ vxdprintk(VXD_CBIT(misc, 3), "may_create failed with %d", error);
+ return error;
++ }
+
+ if (!dir->i_op->create)
+ return -EACCES; /* shouldn't it be ENOSYS? */
+ mode &= S_IALLUGO;
+ mode |= S_IFREG;
+ error = security_inode_create(dir, dentry, mode);
+- if (error)
++ if (error) {
++ vxdprintk(VXD_CBIT(misc, 3), "security_inode_create failed with %d", error);
+ return error;
++ }
+ error = dir->i_op->create(dir, dentry, mode, want_excl);
+ if (!error)
+ fsnotify_create(dir, dentry);
++ else
++ vxdprintk(VXD_CBIT(misc, 3), "i_op->create failed with %d", error);
+ return error;
+ }
+
+@@ -2363,6 +2470,15 @@ static int may_open(struct path *path, i
+ break;
+ }
+#ifdef CONFIG_VSERVER_COWBL
-+ if (IS_COW(inode) && (flag & FMODE_WRITE)) {
++ if (IS_COW(inode) &&
++ ((flag & O_ACCMODE) != O_RDONLY)) {
+ if (IS_COW_LINK(inode))
+ return -EMLINK;
+ inode->i_flags &= ~(S_IXUNLINK|S_IMMUTABLE);
error = inode_permission(inode, acc_mode);
if (error)
return error;
-@@ -1558,7 +1667,8 @@ static int open_will_truncate(int flag,
- }
-
- static struct file *finish_open(struct nameidata *nd,
-- int open_flag, int acc_mode)
-+ int open_flag, int acc_mode,
-+ const char *pathname)
- {
- struct file *filp;
- int will_truncate;
-@@ -1571,6 +1681,23 @@ static struct file *finish_open(struct n
- goto exit;
+@@ -2865,6 +2981,16 @@ finish_open:
}
+ finish_open_created:
error = may_open(&nd->path, acc_mode, open_flag);
+#ifdef CONFIG_VSERVER_COWBL
+ if (error == -EMLINK) {
+ struct dentry *dentry;
-+ dentry = cow_break_link(pathname);
-+ if (IS_ERR(dentry)) {
++ dentry = cow_break_link(name->name);
++ if (IS_ERR(dentry))
+ error = PTR_ERR(dentry);
-+ goto exit_cow;
-+ }
-+ dput(dentry);
-+ if (will_truncate)
-+ mnt_drop_write(nd->path.mnt);
-+ release_open_intent(nd);
-+ path_put(&nd->path);
-+ return ERR_PTR(-EMLINK);
++ else
++ dput(dentry);
+ }
-+exit_cow:
-+#endif
- if (error) {
- if (will_truncate)
- mnt_drop_write(nd->path.mnt);
-@@ -1739,7 +1866,7 @@ static struct file *do_last(struct namei
- if (S_ISDIR(path->dentry->d_inode->i_mode))
- goto exit;
- ok:
-- filp = finish_open(nd, open_flag, acc_mode);
-+ filp = finish_open(nd, open_flag, acc_mode, pathname);
- return filp;
-
- exit_mutex_unlock:
-@@ -1768,7 +1895,11 @@ struct file *do_filp_open(int dfd, const
- int count = 0;
- int flag = open_to_namei_flags(open_flag);
- int force_reval = 0;
--
-+#ifdef CONFIG_VSERVER_COWBL
-+ int rflag = flag;
-+ int rmode = mode;
-+restart:
+#endif
- if (!(open_flag & O_CREAT))
- mode = 0;
+ if (error)
+ goto out;
+ file->f_path.mnt = nd->path.mnt;
+@@ -2929,6 +3055,7 @@ static struct file *path_openat(int dfd,
+ int opened = 0;
+ int error;
-@@ -1834,6 +1965,13 @@ reval:
- if (!(open_flag & O_NOFOLLOW))
- nd.flags |= LOOKUP_FOLLOW;
- filp = do_last(&nd, &path, open_flag, acc_mode, mode, pathname);
++restart:
+ file = get_empty_filp();
+ if (IS_ERR(file))
+ return file;
+@@ -2965,6 +3092,16 @@ static struct file *path_openat(int dfd,
+ error = do_last(nd, &path, file, op, &opened, pathname);
+ put_link(nd, &link, cookie);
+ }
++
+#ifdef CONFIG_VSERVER_COWBL
-+ if (unlikely(IS_ERR(filp) && PTR_ERR(filp) == -EMLINK)) {
-+ flag = rflag;
-+ mode = rmode;
++ if (error == -EMLINK) {
++ if (nd->root.mnt && !(nd->flags & LOOKUP_ROOT))
++ path_put(&nd->root);
++ if (base)
++ fput(base);
+ goto restart;
+ }
+#endif
- while (unlikely(!filp)) { /* trailing symlink */
- struct path holder;
- struct inode *inode = path.dentry->d_inode;
-@@ -1872,6 +2010,13 @@ reval:
- holder = path;
- nd.flags &= ~LOOKUP_PARENT;
- filp = do_last(&nd, &path, open_flag, acc_mode, mode, pathname);
-+#ifdef CONFIG_VSERVER_COWBL
-+ if (unlikely(IS_ERR(filp) && PTR_ERR(filp) == -EMLINK)) {
-+ flag = rflag;
-+ mode = rmode;
-+ goto restart;
-+ }
-+#endif
- if (inode->i_op->put_link)
- inode->i_op->put_link(holder.dentry, &nd, cookie);
- path_put(&holder);
-@@ -1972,9 +2117,17 @@ int vfs_mknod(struct inode *dir, struct
- if (error)
- return error;
-
-- if ((S_ISCHR(mode) || S_ISBLK(mode)) && !capable(CAP_MKNOD))
-+ if (!(S_ISCHR(mode) || S_ISBLK(mode)))
-+ goto okay;
-+
-+ if (!capable(CAP_MKNOD))
- return -EPERM;
-
-+ if (S_ISCHR(mode) && !vs_chrdev_perm(dev, DATTR_CREATE))
-+ return -EPERM;
-+ if (S_ISBLK(mode) && !vs_blkdev_perm(dev, DATTR_CREATE))
-+ return -EPERM;
-+okay:
- if (!dir->i_op->mknod)
- return -EPERM;
-
-@@ -2439,7 +2592,7 @@ int vfs_link(struct dentry *old_dentry,
+ out:
+ if (nd->root.mnt && !(nd->flags & LOOKUP_ROOT))
+ path_put(&nd->root);
+@@ -3079,6 +3216,11 @@ struct dentry *kern_path_create(int dfd,
+ goto fail;
+ }
+ *path = nd.path;
++ vxdprintk(VXD_CBIT(misc, 3), "kern_path_create path.dentry = %p (%.*s), dentry = %p (%.*s), d_inode = %p",
++ path->dentry, path->dentry->d_name.len,
++ path->dentry->d_name.name, dentry,
++ dentry->d_name.len, dentry->d_name.name,
++ path->dentry->d_inode);
+ return dentry;
+ fail:
+ dput(dentry);
+@@ -3573,7 +3715,7 @@ int vfs_link(struct dentry *old_dentry,
/*
* A link to an append-only or immutable file cannot be created.
*/
return -EPERM;
if (!dir->i_op->link)
return -EPERM;
-@@ -2811,6 +2964,219 @@ int vfs_follow_link(struct nameidata *nd
+@@ -3976,6 +4118,286 @@ int vfs_follow_link(struct nameidata *nd
return __vfs_follow_link(nd, link);
}
+
+#ifdef CONFIG_VSERVER_COWBL
+
-+#include <linux/file.h>
-+
+static inline
+long do_cow_splice(struct file *in, struct file *out, size_t len)
+{
+
+struct dentry *cow_break_link(const char *pathname)
+{
-+ int ret, mode, pathlen, redo = 0;
++ int ret, mode, pathlen, redo = 0, drop = 1;
+ struct nameidata old_nd, dir_nd;
-+ struct path old_path, new_path;
-+ struct dentry *dir, *res = NULL;
++ struct path dir_path, *old_path, *new_path;
++ struct dentry *dir, *old_dentry, *new_dentry = NULL;
+ struct file *old_file;
+ struct file *new_file;
+ char *to, *path, pad='\251';
+ loff_t size;
+
-+ vxdprintk(VXD_CBIT(misc, 1), "cow_break_link(»%s«)", pathname);
++ vxdprintk(VXD_CBIT(misc, 1),
++ "cow_break_link(" VS_Q("%s") ")", pathname);
++
+ path = kmalloc(PATH_MAX, GFP_KERNEL);
+ ret = -ENOMEM;
+ if (!path)
+ goto out;
+
-+ /* old_nd will have refs to dentry and mnt */
-+ ret = path_lookup(pathname, LOOKUP_FOLLOW, &old_nd);
-+ vxdprintk(VXD_CBIT(misc, 2), "path_lookup(old): %d", ret);
++ /* old_nd.path will have refs to dentry and mnt */
++ ret = do_path_lookup(AT_FDCWD, pathname, LOOKUP_FOLLOW, &old_nd);
++ vxdprintk(VXD_CBIT(misc, 2),
++ "do_path_lookup(old): %d", ret);
+ if (ret < 0)
+ goto out_free_path;
+
-+ old_path = old_nd.path;
-+ mode = old_path.dentry->d_inode->i_mode;
++ /* dentry/mnt refs handed over to old_path */
++ old_path = &old_nd.path;
++ /* no explicit reference for old_dentry here */
++ old_dentry = old_path->dentry;
+
-+ to = d_path(&old_path, path, PATH_MAX-2);
++ mode = old_dentry->d_inode->i_mode;
++ to = d_path(old_path, path, PATH_MAX-2);
+ pathlen = strlen(to);
-+ vxdprintk(VXD_CBIT(misc, 2), "old path »%s« [»%.*s«:%d]", to,
-+ old_path.dentry->d_name.len, old_path.dentry->d_name.name,
-+ old_path.dentry->d_name.len);
++ vxdprintk(VXD_CBIT(misc, 2),
++ "old path " VS_Q("%s") " [%p:" VS_Q("%.*s") ":%d]", to,
++ old_dentry,
++ old_dentry->d_name.len, old_dentry->d_name.name,
++ old_dentry->d_name.len);
+
+ to[pathlen + 1] = 0;
+retry:
++ new_dentry = NULL;
+ to[pathlen] = pad--;
-+ ret = -EMLINK;
++ ret = -ELOOP;
+ if (pad <= '\240')
+ goto out_rel_old;
+
-+ vxdprintk(VXD_CBIT(misc, 1), "temp copy »%s«", to);
-+ /* dir_nd will have refs to dentry and mnt */
-+ ret = path_lookup(to,
++ vxdprintk(VXD_CBIT(misc, 1), "temp copy " VS_Q("%s"), to);
++
++ /* dir_nd.path will have refs to dentry and mnt */
++ ret = do_path_lookup(AT_FDCWD, to,
+ LOOKUP_PARENT | LOOKUP_OPEN | LOOKUP_CREATE, &dir_nd);
-+ vxdprintk(VXD_CBIT(misc, 2),
-+ "path_lookup(new): %d", ret);
++ vxdprintk(VXD_CBIT(misc, 2), "do_path_lookup(new): %d", ret);
+ if (ret < 0)
+ goto retry;
+
-+ /* this puppy downs the inode mutex */
-+ new_path.dentry = lookup_create(&dir_nd, 0);
-+ if (!new_path.dentry || IS_ERR(new_path.dentry)) {
-+ vxdprintk(VXD_CBIT(misc, 2),
-+ "lookup_create(new): %p", new_path.dentry);
-+ mutex_unlock(&dir_nd.path.dentry->d_inode->i_mutex);
++ /* this puppy downs the dir inode mutex if successful.
++ dir_path will hold refs to dentry and mnt and
++ we'll have write access to the mnt */
++ new_dentry = kern_path_create(AT_FDCWD, to, &dir_path, 0);
++ if (!new_dentry || IS_ERR(new_dentry)) {
+ path_put(&dir_nd.path);
++ vxdprintk(VXD_CBIT(misc, 2),
++ "kern_path_create(new) failed with %ld",
++ PTR_ERR(new_dentry));
+ goto retry;
+ }
+ vxdprintk(VXD_CBIT(misc, 2),
-+ "lookup_create(new): %p [»%.*s«:%d]", new_path.dentry,
-+ new_path.dentry->d_name.len, new_path.dentry->d_name.name,
-+ new_path.dentry->d_name.len);
++ "kern_path_create(new): %p [" VS_Q("%.*s") ":%d]",
++ new_dentry,
++ new_dentry->d_name.len, new_dentry->d_name.name,
++ new_dentry->d_name.len);
++
++ /* take a reference on new_dentry */
++ dget(new_dentry);
++
++ /* dentry/mnt refs handed over to new_path */
++ new_path = &dir_path;
++
++ /* dentry for old/new dir */
+ dir = dir_nd.path.dentry;
+
-+ ret = vfs_create(dir_nd.path.dentry->d_inode, new_path.dentry, mode, &dir_nd);
++ /* give up reference on dir */
++ dput(new_path->dentry);
++
++ /* new_dentry already has a reference */
++ new_path->dentry = new_dentry;
++
++ ret = vfs_create(dir->d_inode, new_dentry, mode, 1);
+ vxdprintk(VXD_CBIT(misc, 2),
+ "vfs_create(new): %d", ret);
+ if (ret == -EEXIST) {
-+ mutex_unlock(&dir->d_inode->i_mutex);
-+ dput(new_path.dentry);
+ path_put(&dir_nd.path);
++ mutex_unlock(&dir->d_inode->i_mutex);
++ mnt_drop_write(new_path->mnt);
++ path_put(new_path);
++ new_dentry = NULL;
+ goto retry;
+ }
+ else if (ret < 0)
+
+ /* drop out early, ret passes ENOENT */
+ ret = -ENOENT;
-+ if ((redo = d_unhashed(old_path.dentry)))
++ if ((redo = d_unhashed(old_dentry)))
+ goto out_unlock_new;
+
-+ new_path.mnt = dir_nd.path.mnt;
-+ dget(old_path.dentry);
-+ mntget(old_path.mnt);
-+ /* this one cleans up the dentry/mnt in case of failure */
-+ old_file = dentry_open(old_path.dentry, old_path.mnt,
-+ O_RDONLY, current_cred());
++ /* doesn't change refs for old_path */
++ old_file = dentry_open(old_path, O_RDONLY, current_cred());
+ vxdprintk(VXD_CBIT(misc, 2),
+ "dentry_open(old): %p", old_file);
-+ if (!old_file || IS_ERR(old_file)) {
-+ res = IS_ERR(old_file) ? (void *) old_file : res;
++ if (IS_ERR(old_file)) {
++ ret = PTR_ERR(old_file);
+ goto out_unlock_new;
+ }
+
-+ dget(new_path.dentry);
-+ mntget(new_path.mnt);
-+ /* this one cleans up the dentry/mnt in case of failure */
-+ new_file = dentry_open(new_path.dentry, new_path.mnt,
-+ O_WRONLY, current_cred());
++ /* doesn't change refs for new_path */
++ new_file = dentry_open(new_path, O_WRONLY, current_cred());
+ vxdprintk(VXD_CBIT(misc, 2),
+ "dentry_open(new): %p", new_file);
-+
-+ ret = IS_ERR(new_file) ? PTR_ERR(new_file) : -ENOENT;
-+ if (!new_file || IS_ERR(new_file))
++ if (IS_ERR(new_file)) {
++ ret = PTR_ERR(new_file);
+ goto out_fput_old;
++ }
++
++ /* unlock the inode mutex from kern_path_create() */
++ mutex_unlock(&dir->d_inode->i_mutex);
++
++ /* drop write access to mnt */
++ mnt_drop_write(new_path->mnt);
++
++ drop = 0;
+
+ size = i_size_read(old_file->f_dentry->d_inode);
+ ret = do_cow_splice(old_file, new_file, size);
+ ret = -ENOSPC;
+ goto out_fput_both;
+ } else {
-+ struct inode *old_inode = old_path.dentry->d_inode;
-+ struct inode *new_inode = new_path.dentry->d_inode;
++ struct inode *old_inode = old_dentry->d_inode;
++ struct inode *new_inode = new_dentry->d_inode;
+ struct iattr attr = {
+ .ia_uid = old_inode->i_uid,
+ .ia_gid = old_inode->i_gid,
+ .ia_valid = ATTR_UID | ATTR_GID
+ };
+
-+ ret = inode_setattr(new_inode, &attr);
-+ if (ret)
-+ goto out_fput_both;
++ setattr_copy(new_inode, &attr);
++ mark_inode_dirty(new_inode);
+ }
+
-+ mutex_lock(&old_path.dentry->d_inode->i_sb->s_vfs_rename_mutex);
++ /* lock rename mutex */
++ mutex_lock(&old_dentry->d_inode->i_sb->s_vfs_rename_mutex);
+
+ /* drop out late */
+ ret = -ENOENT;
-+ if ((redo = d_unhashed(old_path.dentry)))
++ if ((redo = d_unhashed(old_dentry)))
+ goto out_unlock;
+
+ vxdprintk(VXD_CBIT(misc, 2),
-+ "vfs_rename: [»%*s«:%d] -> [»%*s«:%d]",
-+ new_path.dentry->d_name.len, new_path.dentry->d_name.name,
-+ new_path.dentry->d_name.len,
-+ old_path.dentry->d_name.len, old_path.dentry->d_name.name,
-+ old_path.dentry->d_name.len);
-+ ret = vfs_rename(dir_nd.path.dentry->d_inode, new_path.dentry,
-+ old_nd.path.dentry->d_parent->d_inode, old_path.dentry);
++ "vfs_rename: [" VS_Q("%*s") ":%d] -> [" VS_Q("%*s") ":%d]",
++ new_dentry->d_name.len, new_dentry->d_name.name,
++ new_dentry->d_name.len,
++ old_dentry->d_name.len, old_dentry->d_name.name,
++ old_dentry->d_name.len);
++ ret = vfs_rename(dir_nd.path.dentry->d_inode, new_dentry,
++ old_dentry->d_parent->d_inode, old_dentry);
+ vxdprintk(VXD_CBIT(misc, 2), "vfs_rename: %d", ret);
-+ res = new_path.dentry;
+
+out_unlock:
-+ mutex_unlock(&old_path.dentry->d_inode->i_sb->s_vfs_rename_mutex);
++ mutex_unlock(&old_dentry->d_inode->i_sb->s_vfs_rename_mutex);
+
+out_fput_both:
+ vxdprintk(VXD_CBIT(misc, 3),
+ fput(old_file);
+
+out_unlock_new:
-+ mutex_unlock(&dir->d_inode->i_mutex);
++ /* drop references from dir_nd.path */
++ path_put(&dir_nd.path);
++
++ if (drop) {
++ /* unlock the inode mutex from kern_path_create() */
++ mutex_unlock(&dir->d_inode->i_mutex);
++
++ /* drop write access to mnt */
++ mnt_drop_write(new_path->mnt);
++ }
++
+ if (!ret)
+ goto out_redo;
+
+ /* error path cleanup */
-+ vfs_unlink(dir->d_inode, new_path.dentry);
-+ dput(new_path.dentry);
++ vfs_unlink(dir->d_inode, new_dentry);
+
+out_redo:
+ if (!redo)
+ goto out_rel_both;
-+ /* lookup dentry once again */
-+ path_put(&old_nd.path);
-+ ret = path_lookup(pathname, LOOKUP_FOLLOW, &old_nd);
++
++ /* lookup dentry once again
++ old_nd.path will be freed as old_path in out_rel_old */
++ ret = do_path_lookup(AT_FDCWD, pathname, LOOKUP_FOLLOW, &old_nd);
+ if (ret)
+ goto out_rel_both;
+
-+ new_path.dentry = old_nd.path.dentry;
++ /* drop reference on new_dentry */
++ dput(new_dentry);
++ new_dentry = old_path->dentry;
++ dget(new_dentry);
+ vxdprintk(VXD_CBIT(misc, 2),
-+ "path_lookup(redo): %p [»%.*s«:%d]", new_path.dentry,
-+ new_path.dentry->d_name.len, new_path.dentry->d_name.name,
-+ new_path.dentry->d_name.len);
-+ dget(new_path.dentry);
-+ res = new_path.dentry;
++ "do_path_lookup(redo): %p [" VS_Q("%.*s") ":%d]",
++ new_dentry,
++ new_dentry->d_name.len, new_dentry->d_name.name,
++ new_dentry->d_name.len);
+
+out_rel_both:
-+ path_put(&dir_nd.path);
++ if (new_path)
++ path_put(new_path);
+out_rel_old:
-+ path_put(&old_nd.path);
++ path_put(old_path);
+out_free_path:
+ kfree(path);
+out:
-+ if (ret)
-+ res = ERR_PTR(ret);
-+ return res;
++ if (ret) {
++ dput(new_dentry);
++ new_dentry = ERR_PTR(ret);
++ }
++ vxdprintk(VXD_CBIT(misc, 3),
++ "cow_break_link returning with %p", new_dentry);
++ return new_dentry;
+}
+
+#endif
++
++int vx_info_mnt_namespace(struct mnt_namespace *ns, char *buffer)
++{
++ struct path path;
++ struct vfsmount *vmnt;
++ char *pstr, *root;
++ int length = 0;
++
++ pstr = kmalloc(PATH_MAX, GFP_KERNEL);
++ if (!pstr)
++ return 0;
++
++ vmnt = &ns->root->mnt;
++ path.mnt = vmnt;
++ path.dentry = vmnt->mnt_root;
++ root = d_path(&path, pstr, PATH_MAX - 2);
++ length = sprintf(buffer + length,
++ "Namespace:\t%p [#%u]\n"
++ "RootPath:\t%s\n",
++ ns, atomic_read(&ns->count),
++ root);
++ kfree(pstr);
++ return length;
++}
+
/* get the link contents into pagecache */
static char *page_getlink(struct dentry * dentry, struct page **ppage)
{
-diff -NurpP --minimal linux-2.6.35.4/fs/namespace.c linux-2.6.35.4-vs2.3.0.36.32/fs/namespace.c
---- linux-2.6.35.4/fs/namespace.c 2010-09-05 01:41:57.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/namespace.c 2010-08-14 18:21:13.000000000 +0200
-@@ -29,6 +29,11 @@
- #include <linux/log2.h>
- #include <linux/idr.h>
- #include <linux/fs_struct.h>
+@@ -4099,3 +4521,4 @@ EXPORT_SYMBOL(vfs_symlink);
+ EXPORT_SYMBOL(vfs_unlink);
+ EXPORT_SYMBOL(dentry_unhash);
+ EXPORT_SYMBOL(generic_readlink);
++EXPORT_SYMBOL(vx_info_mnt_namespace);
+diff -NurpP --minimal linux-3.9.4/fs/namespace.c linux-3.9.4-vs2.3.6.2/fs/namespace.c
+--- linux-3.9.4/fs/namespace.c 2013-05-31 14:22:27.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/namespace.c 2013-05-31 18:47:18.000000000 +0000
+@@ -22,6 +22,11 @@
+ #include <linux/fsnotify.h> /* fsnotify_vfsmount_delete */
+ #include <linux/uaccess.h>
+ #include <linux/proc_fs.h>
+#include <linux/vs_base.h>
+#include <linux/vs_context.h>
+#include <linux/vs_tag.h>
+#include <linux/vserver/space.h>
+#include <linux/vserver/global.h>
- #include <asm/uaccess.h>
- #include <asm/unistd.h>
#include "pnode.h"
-@@ -567,6 +572,7 @@ static struct vfsmount *clone_mnt(struct
- mnt->mnt_root = dget(root);
- mnt->mnt_mountpoint = mnt->mnt_root;
- mnt->mnt_parent = mnt;
-+ mnt->mnt_tag = old->mnt_tag;
-
- if (flag & CL_SLAVE) {
- list_add(&mnt->mnt_slave, &old->mnt_slave_list);
-@@ -660,6 +666,31 @@ static inline void mangle(struct seq_fil
- seq_escape(m, s, " \t\n\\");
- }
-
-+static int mnt_is_reachable(struct vfsmount *mnt)
-+{
-+ struct path root;
-+ struct dentry *point;
-+ int ret;
-+
-+ if (mnt == mnt->mnt_ns->root)
-+ return 1;
-+
-+ spin_lock(&vfsmount_lock);
-+ root = current->fs->root;
-+ point = root.dentry;
-+
-+ while ((mnt != mnt->mnt_parent) && (mnt != root.mnt)) {
-+ point = mnt->mnt_mountpoint;
-+ mnt = mnt->mnt_parent;
-+ }
-+
-+ ret = (mnt == root.mnt) && is_subdir(point, root.dentry);
-+
-+ spin_unlock(&vfsmount_lock);
-+
-+ return ret;
-+}
-+
- /*
- * Simple .show_options callback for filesystems which don't want to
- * implement more complex mount option showing.
-@@ -762,6 +793,8 @@ static int show_sb_opts(struct seq_file
- { MS_SYNCHRONOUS, ",sync" },
- { MS_DIRSYNC, ",dirsync" },
- { MS_MANDLOCK, ",mand" },
-+ { MS_TAGGED, ",tag" },
-+ { MS_NOTAGCHECK, ",notagcheck" },
- { 0, NULL }
- };
- const struct proc_fs_info *fs_infop;
-@@ -809,10 +842,20 @@ static int show_vfsmnt(struct seq_file *
- int err = 0;
- struct path mnt_path = { .dentry = mnt->mnt_root, .mnt = mnt };
-
-- mangle(m, mnt->mnt_devname ? mnt->mnt_devname : "none");
-- seq_putc(m, ' ');
-- seq_path(m, &mnt_path, " \t\n\\");
-- seq_putc(m, ' ');
-+ if (vx_flags(VXF_HIDE_MOUNT, 0))
-+ return SEQ_SKIP;
-+ if (!mnt_is_reachable(mnt) && !vx_check(0, VS_WATCH_P))
-+ return SEQ_SKIP;
-+
-+ if (!vx_check(0, VS_ADMIN|VS_WATCH) &&
-+ mnt == current->fs->root.mnt) {
-+ seq_puts(m, "/dev/root / ");
-+ } else {
-+ mangle(m, mnt->mnt_devname ? mnt->mnt_devname : "none");
-+ seq_putc(m, ' ');
-+ seq_path(m, &mnt_path, " \t\n\\");
-+ seq_putc(m, ' ');
-+ }
- show_type(m, mnt->mnt_sb);
- seq_puts(m, __mnt_is_readonly(mnt) ? " ro" : " rw");
- err = show_sb_opts(m, mnt->mnt_sb);
-@@ -842,6 +885,11 @@ static int show_mountinfo(struct seq_fil
- struct path root = p->root;
- int err = 0;
-
-+ if (vx_flags(VXF_HIDE_MOUNT, 0))
-+ return SEQ_SKIP;
-+ if (!mnt_is_reachable(mnt) && !vx_check(0, VS_WATCH_P))
-+ return SEQ_SKIP;
-+
- seq_printf(m, "%i %i %u:%u ", mnt->mnt_id, mnt->mnt_parent->mnt_id,
- MAJOR(sb->s_dev), MINOR(sb->s_dev));
- seq_dentry(m, mnt->mnt_root, " \t\n\\");
-@@ -900,17 +948,27 @@ static int show_vfsstat(struct seq_file
- struct path mnt_path = { .dentry = mnt->mnt_root, .mnt = mnt };
- int err = 0;
+ #include "internal.h"
-- /* device */
-- if (mnt->mnt_devname) {
-- seq_puts(m, "device ");
-- mangle(m, mnt->mnt_devname);
-- } else
-- seq_puts(m, "no device");
-+ if (vx_flags(VXF_HIDE_MOUNT, 0))
-+ return SEQ_SKIP;
-+ if (!mnt_is_reachable(mnt) && !vx_check(0, VS_WATCH_P))
-+ return SEQ_SKIP;
+@@ -751,6 +756,10 @@ vfs_kern_mount(struct file_system_type *
+ if (!type)
+ return ERR_PTR(-ENODEV);
-- /* mount point */
-- seq_puts(m, " mounted on ");
-- seq_path(m, &mnt_path, " \t\n\\");
-- seq_putc(m, ' ');
-+ if (!vx_check(0, VS_ADMIN|VS_WATCH) &&
-+ mnt == current->fs->root.mnt) {
-+ seq_puts(m, "device /dev/root mounted on / ");
-+ } else {
-+ /* device */
-+ if (mnt->mnt_devname) {
-+ seq_puts(m, "device ");
-+ mangle(m, mnt->mnt_devname);
-+ } else
-+ seq_puts(m, "no device");
++ if ((type->fs_flags & FS_BINARY_MOUNTDATA) &&
++ !vx_capable(CAP_SYS_ADMIN, VXC_BINARY_MOUNT))
++ return ERR_PTR(-EPERM);
+
-+ /* mount point */
-+ seq_puts(m, " mounted on ");
-+ seq_path(m, &mnt_path, " \t\n\\");
-+ seq_putc(m, ' ');
-+ }
-
- /* file system type */
- seq_puts(m, "with fstype ");
-@@ -1151,7 +1209,7 @@ SYSCALL_DEFINE2(umount, char __user *, n
- goto dput_and_out;
-
- retval = -EPERM;
-- if (!capable(CAP_SYS_ADMIN))
-+ if (!vx_capable(CAP_SYS_ADMIN, VXC_SECURE_MOUNT))
- goto dput_and_out;
-
- retval = do_umount(path.mnt, flags);
-@@ -1177,7 +1235,7 @@ SYSCALL_DEFINE1(oldumount, char __user *
-
- static int mount_is_safe(struct path *path)
- {
-- if (capable(CAP_SYS_ADMIN))
-+ if (vx_capable(CAP_SYS_ADMIN, VXC_SECURE_MOUNT))
- return 0;
- return -EPERM;
- #ifdef notyet
-@@ -1449,7 +1507,7 @@ static int do_change_type(struct path *p
- int type = flag & ~MS_REC;
- int err = 0;
-
-- if (!capable(CAP_SYS_ADMIN))
-+ if (!vx_capable(CAP_SYS_ADMIN, VXC_NAMESPACE))
- return -EPERM;
+ mnt = alloc_vfsmnt(name);
+ if (!mnt)
+ return ERR_PTR(-ENOMEM);
+@@ -807,6 +816,7 @@ static struct mount *clone_mnt(struct mo
+ mnt->mnt.mnt_root = dget(root);
+ mnt->mnt_mountpoint = mnt->mnt.mnt_root;
+ mnt->mnt_parent = mnt;
++ mnt->mnt_tag = old->mnt_tag;
+ br_write_lock(&vfsmount_lock);
+ list_add_tail(&mnt->mnt_instance, &sb->s_mounts);
+ br_write_unlock(&vfsmount_lock);
+@@ -1639,6 +1649,7 @@ static int do_change_type(struct path *p
+ if (err)
+ goto out_unlock;
+ }
++ // mnt->mnt_flags = mnt_flags;
- if (path->dentry != path->mnt->mnt_root)
-@@ -1476,11 +1534,13 @@ static int do_change_type(struct path *p
+ br_write_lock(&vfsmount_lock);
+ for (m = mnt; m; m = (recurse ? next_mnt(m, mnt) : NULL))
+@@ -1654,12 +1665,14 @@ static int do_change_type(struct path *p
* do loopback mount.
*/
- static int do_loopback(struct path *path, char *old_name,
+ static int do_loopback(struct path *path, const char *old_name,
- int recurse)
+ tag_t tag, unsigned long flags, int mnt_flags)
{
+ LIST_HEAD(umount_list);
struct path old_path;
- struct vfsmount *mnt = NULL;
- int err = mount_is_safe(path);
+ struct mount *mnt = NULL, *old;
+ int recurse = flags & MS_REC;
+ int err;
+
- if (err)
- return err;
if (!old_name || !*old_name)
-@@ -1514,6 +1574,7 @@ static int do_loopback(struct path *path
- spin_unlock(&vfsmount_lock);
- release_mounts(&umount_list);
- }
-+ mnt->mnt_flags = mnt_flags;
-
- out:
- up_write(&namespace_sem);
-@@ -1544,12 +1605,12 @@ static int change_mount_flags(struct vfs
+ return -EINVAL;
+ err = kern_path(old_name, LOOKUP_FOLLOW|LOOKUP_AUTOMOUNT, &old_path);
+@@ -1733,7 +1746,7 @@ static int change_mount_flags(struct vfs
* on it - tough luck.
*/
static int do_remount(struct path *path, int flags, int mnt_flags,
{
int err;
struct super_block *sb = path->mnt->mnt_sb;
+@@ -2046,7 +2059,6 @@ void mark_mounts_for_expiry(struct list_
+ }
+ br_write_unlock(&vfsmount_lock);
+ up_write(&namespace_sem);
+-
+ release_mounts(&umounts);
+ }
-- if (!capable(CAP_SYS_ADMIN))
-+ if (!vx_capable(CAP_SYS_ADMIN, VXC_SECURE_REMOUNT))
- return -EPERM;
-
- if (!check_mnt(path->mnt))
-@@ -1593,7 +1654,7 @@ static int do_move_mount(struct path *pa
- struct path old_path, parent_path;
- struct vfsmount *p;
- int err = 0;
-- if (!capable(CAP_SYS_ADMIN))
-+ if (!vx_capable(CAP_SYS_ADMIN, VXC_SECURE_MOUNT))
- return -EPERM;
- if (!old_name || !*old_name)
- return -EINVAL;
-@@ -1675,7 +1736,7 @@ static int do_new_mount(struct path *pat
- return -EINVAL;
-
- /* we need capabilities... */
-- if (!capable(CAP_SYS_ADMIN))
-+ if (!vx_capable(CAP_SYS_ADMIN, VXC_SECURE_MOUNT))
- return -EPERM;
-
- lock_kernel();
-@@ -1941,6 +2002,7 @@ long do_mount(char *dev_name, char *dir_
+@@ -2218,6 +2230,7 @@ long do_mount(const char *dev_name, cons
struct path path;
int retval = 0;
int mnt_flags = 0;
/* Discard magic */
if ((flags & MS_MGC_MSK) == MS_MGC_VAL)
-@@ -1968,6 +2030,12 @@ long do_mount(char *dev_name, char *dir_
+@@ -2247,6 +2260,12 @@ long do_mount(const char *dev_name, cons
if (!(flags & MS_NOATIME))
mnt_flags |= MNT_RELATIME;
/* Separate the per-mountpoint flags */
if (flags & MS_NOSUID)
mnt_flags |= MNT_NOSUID;
-@@ -1984,15 +2052,17 @@ long do_mount(char *dev_name, char *dir_
+@@ -2263,15 +2282,17 @@ long do_mount(const char *dev_name, cons
if (flags & MS_RDONLY)
mnt_flags |= MNT_READONLY;
-+ if (!capable(CAP_SYS_ADMIN))
++ if (!vx_capable(CAP_SYS_ADMIN, VXC_DEV_MOUNT))
+ mnt_flags |= MNT_NODEV;
flags &= ~(MS_NOSUID | MS_NOEXEC | MS_NODEV | MS_ACTIVE | MS_BORN |
MS_NOATIME | MS_NODIRATIME | MS_RELATIME| MS_KERNMOUNT |
else if (flags & (MS_SHARED | MS_PRIVATE | MS_SLAVE | MS_UNBINDABLE))
retval = do_change_type(&path, flags);
else if (flags & MS_MOVE)
-@@ -2071,6 +2141,7 @@ static struct mnt_namespace *dup_mnt_ns(
- q = next_mnt(q, new_ns->root);
+@@ -2380,6 +2401,7 @@ static struct mnt_namespace *dup_mnt_ns(
+ q = next_mnt(q, new);
}
up_write(&namespace_sem);
+ atomic_inc(&vs_global_mnt_ns);
if (rootmnt)
mntput(rootmnt);
-@@ -2215,9 +2286,10 @@ SYSCALL_DEFINE2(pivot_root, const char _
- down_write(&namespace_sem);
- mutex_lock(&old.dentry->d_inode->i_mutex);
+@@ -2575,9 +2597,10 @@ SYSCALL_DEFINE2(pivot_root, const char _
error = -EINVAL;
-- if (IS_MNT_SHARED(old.mnt) ||
-+ if ((IS_MNT_SHARED(old.mnt) ||
- IS_MNT_SHARED(new.mnt->mnt_parent) ||
-- IS_MNT_SHARED(root.mnt->mnt_parent))
-+ IS_MNT_SHARED(root.mnt->mnt_parent)) &&
+ new_mnt = real_mount(new.mnt);
+ root_mnt = real_mount(root.mnt);
+- if (IS_MNT_SHARED(real_mount(old.mnt)) ||
++ if ((IS_MNT_SHARED(real_mount(old.mnt)) ||
+ IS_MNT_SHARED(new_mnt->mnt_parent) ||
+- IS_MNT_SHARED(root_mnt->mnt_parent))
++ IS_MNT_SHARED(root_mnt->mnt_parent)) &&
+ !vx_flags(VXF_STATE_SETUP, 0))
- goto out2;
- if (!check_mnt(root.mnt))
- goto out2;
-@@ -2348,6 +2420,7 @@ void put_mnt_ns(struct mnt_namespace *ns
- spin_unlock(&vfsmount_lock);
+ goto out4;
+ if (!check_mnt(root_mnt) || !check_mnt(new_mnt))
+ goto out4;
+@@ -2703,6 +2726,7 @@ void put_mnt_ns(struct mnt_namespace *ns
+ br_write_unlock(&vfsmount_lock);
up_write(&namespace_sem);
release_mounts(&umount_list);
+ atomic_dec(&vs_global_mnt_ns);
- kfree(ns);
+ free_mnt_ns(ns);
}
- EXPORT_SYMBOL(put_mnt_ns);
-diff -NurpP --minimal linux-2.6.35.4/fs/nfs/client.c linux-2.6.35.4-vs2.3.0.36.32/fs/nfs/client.c
---- linux-2.6.35.4/fs/nfs/client.c 2010-08-02 16:52:50.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/nfs/client.c 2010-08-02 17:05:06.000000000 +0200
-@@ -739,6 +739,9 @@ static int nfs_init_server_rpcclient(str
+
+diff -NurpP --minimal linux-3.9.4/fs/nfs/client.c linux-3.9.4-vs2.3.6.2/fs/nfs/client.c
+--- linux-3.9.4/fs/nfs/client.c 2013-05-31 13:45:24.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/nfs/client.c 2013-05-31 14:47:11.000000000 +0000
+@@ -682,6 +682,9 @@ int nfs_init_server_rpcclient(struct nfs
if (server->flags & NFS_MOUNT_SOFT)
server->client->cl_softrtry = 1;
+ server->client->cl_tag = 1;
return 0;
}
-
-@@ -910,6 +913,10 @@ static void nfs_server_set_fsinfo(struct
+ EXPORT_SYMBOL_GPL(nfs_init_server_rpcclient);
+@@ -861,6 +864,10 @@ static void nfs_server_set_fsinfo(struct
server->acdirmin = server->acdirmax = 0;
}
+
server->maxfilesize = fsinfo->maxfilesize;
- /* We're airborne Set socket buffersize */
-diff -NurpP --minimal linux-2.6.35.4/fs/nfs/dir.c linux-2.6.35.4-vs2.3.0.36.32/fs/nfs/dir.c
---- linux-2.6.35.4/fs/nfs/dir.c 2010-09-05 01:41:57.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/nfs/dir.c 2010-09-06 02:59:52.000000000 +0200
-@@ -33,6 +33,7 @@
- #include <linux/namei.h>
- #include <linux/mount.h>
+ server->time_delta = fsinfo->time_delta;
+diff -NurpP --minimal linux-3.9.4/fs/nfs/dir.c linux-3.9.4-vs2.3.6.2/fs/nfs/dir.c
+--- linux-3.9.4/fs/nfs/dir.c 2013-05-31 13:45:24.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/nfs/dir.c 2013-05-31 14:47:11.000000000 +0000
+@@ -36,6 +36,7 @@
#include <linux/sched.h>
+ #include <linux/kmemleak.h>
+ #include <linux/xattr.h>
+#include <linux/vs_tag.h>
- #include "nfs4_fs.h"
#include "delegation.h"
-@@ -979,6 +980,7 @@ static struct dentry *nfs_lookup(struct
- if (IS_ERR(res))
- goto out_unblock_sillyrename;
+ #include "iostat.h"
+@@ -1300,6 +1301,7 @@ struct dentry *nfs_lookup(struct inode *
+ /* Success: notify readdir to use READDIRPLUS */
+ nfs_advise_use_readdirplus(dir);
+ dx_propagate_tag(nd, inode);
no_entry:
res = d_materialise_unique(dentry, inode);
if (res != NULL) {
-diff -NurpP --minimal linux-2.6.35.4/fs/nfs/inode.c linux-2.6.35.4-vs2.3.0.36.32/fs/nfs/inode.c
---- linux-2.6.35.4/fs/nfs/inode.c 2010-08-02 16:52:50.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/nfs/inode.c 2010-08-02 17:05:06.000000000 +0200
-@@ -37,6 +37,7 @@
- #include <linux/inet.h>
- #include <linux/nfs_xdr.h>
- #include <linux/slab.h>
+diff -NurpP --minimal linux-3.9.4/fs/nfs/inode.c linux-3.9.4-vs2.3.6.2/fs/nfs/inode.c
+--- linux-3.9.4/fs/nfs/inode.c 2013-05-31 13:45:24.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/nfs/inode.c 2013-05-31 20:37:45.000000000 +0000
+@@ -39,6 +39,7 @@
+ #include <linux/compat.h>
+ #include <linux/freezer.h>
+ #include <linux/crc32.h>
+#include <linux/vs_tag.h>
- #include <asm/system.h>
#include <asm/uaccess.h>
-@@ -260,6 +261,8 @@ nfs_fhget(struct super_block *sb, struct
+
+@@ -290,6 +291,8 @@ nfs_fhget(struct super_block *sb, struct
if (inode->i_state & I_NEW) {
struct nfs_inode *nfsi = NFS_I(inode);
unsigned long now = jiffies;
/* We set i_ino for the few things that still rely on it,
* such as stat(2) */
-@@ -308,8 +311,8 @@ nfs_fhget(struct super_block *sb, struct
- nfsi->change_attr = 0;
+@@ -334,8 +337,8 @@ nfs_fhget(struct super_block *sb, struct
+ inode->i_version = 0;
inode->i_size = 0;
- inode->i_nlink = 0;
-- inode->i_uid = -2;
-- inode->i_gid = -2;
-+ uid = -2;
-+ gid = -2;
+ clear_nlink(inode);
+- inode->i_uid = make_kuid(&init_user_ns, -2);
+- inode->i_gid = make_kgid(&init_user_ns, -2);
++ uid = make_kuid(&init_user_ns, -2);
++ gid = make_kgid(&init_user_ns, -2);
inode->i_blocks = 0;
memset(nfsi->cookieverf, 0, sizeof(nfsi->cookieverf));
-
-@@ -346,13 +349,13 @@ nfs_fhget(struct super_block *sb, struct
+ nfsi->write_io = 0;
+@@ -369,11 +372,11 @@ nfs_fhget(struct super_block *sb, struct
else if (nfs_server_capable(inode, NFS_CAP_NLINK))
nfsi->cache_validity |= NFS_INO_INVALID_ATTR;
if (fattr->valid & NFS_ATTR_FATTR_OWNER)
- inode->i_uid = fattr->uid;
+ uid = fattr->uid;
else if (nfs_server_capable(inode, NFS_CAP_OWNER))
- nfsi->cache_validity |= NFS_INO_INVALID_ATTR
- | NFS_INO_INVALID_ACCESS
- | NFS_INO_INVALID_ACL;
+ nfsi->cache_validity |= NFS_INO_INVALID_ATTR;
if (fattr->valid & NFS_ATTR_FATTR_GROUP)
- inode->i_gid = fattr->gid;
+ gid = fattr->gid;
else if (nfs_server_capable(inode, NFS_CAP_OWNER_GROUP))
- nfsi->cache_validity |= NFS_INO_INVALID_ATTR
- | NFS_INO_INVALID_ACCESS
-@@ -365,6 +368,11 @@ nfs_fhget(struct super_block *sb, struct
+ nfsi->cache_validity |= NFS_INO_INVALID_ATTR;
+ if (fattr->valid & NFS_ATTR_FATTR_BLOCKS_USED)
+@@ -384,6 +387,11 @@ nfs_fhget(struct super_block *sb, struct
*/
inode->i_blocks = nfs_calc_block_size(fattr->du.nfs3.used);
}
nfsi->attrtimeo = NFS_MINATTRTIMEO(inode);
nfsi->attrtimeo_timestamp = now;
nfsi->access_cache = RB_ROOT;
-@@ -483,6 +491,8 @@ void nfs_setattr_update_inode(struct ino
+@@ -505,6 +513,8 @@ void nfs_setattr_update_inode(struct ino
inode->i_uid = attr->ia_uid;
if ((attr->ia_valid & ATTR_GID) != 0)
inode->i_gid = attr->ia_gid;
NFS_I(inode)->cache_validity |= NFS_INO_INVALID_ACCESS|NFS_INO_INVALID_ACL;
spin_unlock(&inode->i_lock);
}
-@@ -856,6 +866,9 @@ static int nfs_check_inode_attributes(st
+@@ -980,6 +990,11 @@ static int nfs_check_inode_attributes(st
struct nfs_inode *nfsi = NFS_I(inode);
loff_t cur_size, new_isize;
unsigned long invalid = 0;
++ kuid_t kuid;
++ kgid_t kgid;
++ ktag_t ktag;
+ uid_t uid;
+ gid_t gid;
-+ tag_t tag;
- /* Has the inode gone and changed behind our back? */
-@@ -879,13 +892,18 @@ static int nfs_check_inode_attributes(st
+ if (nfs_have_delegated_attributes(inode))
+@@ -1005,13 +1020,21 @@ static int nfs_check_inode_attributes(st
invalid |= NFS_INO_INVALID_ATTR|NFS_INO_REVAL_PAGECACHE;
}
-+ uid = INOTAG_UID(DX_TAG(inode), fattr->uid, fattr->gid);
-+ gid = INOTAG_GID(DX_TAG(inode), fattr->uid, fattr->gid);
-+ tag = INOTAG_TAG(DX_TAG(inode), fattr->uid, fattr->gid, 0);
++ uid = from_kuid(&init_user_ns, fattr->uid);
++ gid = from_kgid(&init_user_ns, fattr->gid);
++
++ kuid = make_kuid(&init_user_ns, INOTAG_UID(DX_TAG(inode), uid, gid));
++ kgid = make_kgid(&init_user_ns, INOTAG_GID(DX_TAG(inode), uid, gid));
++ ktag = make_ktag(&init_user_ns, INOTAG_TAG(DX_TAG(inode), uid, gid, 0));
+
/* Have any file permissions changed? */
if ((fattr->valid & NFS_ATTR_FATTR_MODE) && (inode->i_mode & S_IALLUGO) != (fattr->mode & S_IALLUGO))
invalid |= NFS_INO_INVALID_ATTR | NFS_INO_INVALID_ACCESS | NFS_INO_INVALID_ACL;
-- if ((fattr->valid & NFS_ATTR_FATTR_OWNER) && inode->i_uid != fattr->uid)
-+ if ((fattr->valid & NFS_ATTR_FATTR_OWNER) && uid != fattr->uid)
+- if ((fattr->valid & NFS_ATTR_FATTR_OWNER) && !uid_eq(inode->i_uid, fattr->uid))
++ if ((fattr->valid & NFS_ATTR_FATTR_OWNER) && !uid_eq(inode->i_uid, kuid))
invalid |= NFS_INO_INVALID_ATTR | NFS_INO_INVALID_ACCESS | NFS_INO_INVALID_ACL;
-- if ((fattr->valid & NFS_ATTR_FATTR_GROUP) && inode->i_gid != fattr->gid)
-+ if ((fattr->valid & NFS_ATTR_FATTR_GROUP) && gid != fattr->gid)
+- if ((fattr->valid & NFS_ATTR_FATTR_GROUP) && !gid_eq(inode->i_gid, fattr->gid))
++ if ((fattr->valid & NFS_ATTR_FATTR_GROUP) && !gid_eq(inode->i_gid, kgid))
invalid |= NFS_INO_INVALID_ATTR | NFS_INO_INVALID_ACCESS | NFS_INO_INVALID_ACL;
+ /* maybe check for tag too? */
/* Has the link count changed? */
if ((fattr->valid & NFS_ATTR_FATTR_NLINK) && inode->i_nlink != fattr->nlink)
-@@ -1120,6 +1138,9 @@ static int nfs_update_inode(struct inode
+@@ -1317,6 +1340,9 @@ static int nfs_update_inode(struct inode
unsigned long invalid = 0;
unsigned long now = jiffies;
unsigned long save_cache_validity;
+ gid_t gid;
+ tag_t tag;
- dfprintk(VFS, "NFS: %s(%s/%ld ct=%d info=0x%x)\n",
+ dfprintk(VFS, "NFS: %s(%s/%ld fh_crc=0x%08x ct=%d info=0x%x)\n",
__func__, inode->i_sb->s_id, inode->i_ino,
-@@ -1222,6 +1243,9 @@ static int nfs_update_inode(struct inode
+@@ -1418,6 +1444,9 @@ static int nfs_update_inode(struct inode
| NFS_INO_REVAL_PAGECACHE
| NFS_INO_REVAL_FORCED);
-+ uid = INOTAG_UID(DX_TAG(inode), fattr->uid, fattr->gid);
-+ gid = INOTAG_GID(DX_TAG(inode), fattr->uid, fattr->gid);
-+ tag = INOTAG_TAG(DX_TAG(inode), fattr->uid, fattr->gid, 0);
++ uid = TAGINO_UID(DX_TAG(inode), inode->i_uid, inode->i_tag);
++ gid = TAGINO_GID(DX_TAG(inode), inode->i_gid, inode->i_tag);
++ tag = inode->i_tag;
if (fattr->valid & NFS_ATTR_FATTR_ATIME)
memcpy(&inode->i_atime, &fattr->atime, sizeof(inode->i_atime));
-@@ -1243,9 +1267,9 @@ static int nfs_update_inode(struct inode
- | NFS_INO_REVAL_FORCED);
-
- if (fattr->valid & NFS_ATTR_FATTR_OWNER) {
-- if (inode->i_uid != fattr->uid) {
-+ if (uid != fattr->uid) {
- invalid |= NFS_INO_INVALID_ATTR|NFS_INO_INVALID_ACCESS|NFS_INO_INVALID_ACL;
-- inode->i_uid = fattr->uid;
-+ uid = fattr->uid;
- }
- } else if (server->caps & NFS_CAP_OWNER)
- invalid |= save_cache_validity & (NFS_INO_INVALID_ATTR
-@@ -1254,9 +1278,9 @@ static int nfs_update_inode(struct inode
- | NFS_INO_REVAL_FORCED);
-
- if (fattr->valid & NFS_ATTR_FATTR_GROUP) {
-- if (inode->i_gid != fattr->gid) {
-+ if (gid != fattr->gid) {
- invalid |= NFS_INO_INVALID_ATTR|NFS_INO_INVALID_ACCESS|NFS_INO_INVALID_ACL;
-- inode->i_gid = fattr->gid;
-+ gid = fattr->gid;
- }
- } else if (server->caps & NFS_CAP_OWNER_GROUP)
- invalid |= save_cache_validity & (NFS_INO_INVALID_ATTR
-@@ -1264,6 +1288,10 @@ static int nfs_update_inode(struct inode
+@@ -1460,6 +1489,10 @@ static int nfs_update_inode(struct inode
| NFS_INO_INVALID_ACL
| NFS_INO_REVAL_FORCED);
-+ inode->i_uid = uid;
-+ inode->i_gid = gid;
-+ inode->i_tag = tag;
++ inode->i_uid = INOTAG_UID(DX_TAG(inode), uid, gid);
++ inode->i_gid = INOTAG_GID(DX_TAG(inode), uid, gid);
++ inode->i_tag = INOTAG_TAG(DX_TAG(inode), uid, gid, tag);
+
if (fattr->valid & NFS_ATTR_FATTR_NLINK) {
if (inode->i_nlink != fattr->nlink) {
invalid |= NFS_INO_INVALID_ATTR;
-diff -NurpP --minimal linux-2.6.35.4/fs/nfs/nfs3xdr.c linux-2.6.35.4-vs2.3.0.36.32/fs/nfs/nfs3xdr.c
---- linux-2.6.35.4/fs/nfs/nfs3xdr.c 2010-08-02 16:52:50.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/nfs/nfs3xdr.c 2010-08-02 17:05:06.000000000 +0200
+diff -NurpP --minimal linux-3.9.4/fs/nfs/nfs3xdr.c linux-3.9.4-vs2.3.6.2/fs/nfs/nfs3xdr.c
+--- linux-3.9.4/fs/nfs/nfs3xdr.c 2013-05-31 13:45:24.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/nfs/nfs3xdr.c 2013-05-31 15:33:48.000000000 +0000
@@ -20,6 +20,7 @@
#include <linux/nfs3.h>
#include <linux/nfs_fs.h>
#include "internal.h"
#define NFSDBG_FACILITY NFSDBG_XDR
-@@ -175,7 +176,7 @@ xdr_decode_fattr(__be32 *p, struct nfs_f
- }
-
- static inline __be32 *
--xdr_encode_sattr(__be32 *p, struct iattr *attr)
-+xdr_encode_sattr(__be32 *p, struct iattr *attr, int tag)
+@@ -558,7 +559,8 @@ static __be32 *xdr_decode_nfstime3(__be3
+ * set_mtime mtime;
+ * };
+ */
+-static void encode_sattr3(struct xdr_stream *xdr, const struct iattr *attr)
++static void encode_sattr3(struct xdr_stream *xdr,
++ const struct iattr *attr, int tag)
{
- if (attr->ia_valid & ATTR_MODE) {
- *p++ = xdr_one;
-@@ -183,15 +184,17 @@ xdr_encode_sattr(__be32 *p, struct iattr
- } else {
+ u32 nbytes;
+ __be32 *p;
+@@ -590,15 +592,19 @@ static void encode_sattr3(struct xdr_str
+ } else
*p++ = xdr_zero;
- }
+
- if (attr->ia_valid & ATTR_UID) {
+ if (attr->ia_valid & ATTR_UID ||
+ (tag && (attr->ia_valid & ATTR_TAG))) {
*p++ = xdr_one;
-- *p++ = htonl(attr->ia_uid);
-+ *p++ = htonl(TAGINO_UID(tag, attr->ia_uid, attr->ia_tag));
- } else {
+- *p++ = cpu_to_be32(from_kuid(&init_user_ns, attr->ia_uid));
++ *p++ = cpu_to_be32(TAGINO_UID(tag,
++ from_kuid(&init_user_ns, attr->ia_uid), attr->ia_tag));
+ } else
*p++ = xdr_zero;
- }
+
- if (attr->ia_valid & ATTR_GID) {
+ if (attr->ia_valid & ATTR_GID ||
+ (tag && (attr->ia_valid & ATTR_TAG))) {
*p++ = xdr_one;
-- *p++ = htonl(attr->ia_gid);
-+ *p++ = htonl(TAGINO_GID(tag, attr->ia_gid, attr->ia_tag));
- } else {
+- *p++ = cpu_to_be32(from_kgid(&init_user_ns, attr->ia_gid));
++ *p++ = cpu_to_be32(TAGINO_GID(tag,
++ from_kgid(&init_user_ns, attr->ia_gid), attr->ia_tag));
+ } else
*p++ = xdr_zero;
- }
-@@ -278,7 +281,8 @@ static int
- nfs3_xdr_sattrargs(struct rpc_rqst *req, __be32 *p, struct nfs3_sattrargs *args)
+
+@@ -887,7 +893,7 @@ static void nfs3_xdr_enc_setattr3args(st
+ const struct nfs3_sattrargs *args)
{
- p = xdr_encode_fhandle(p, args->fh);
-- p = xdr_encode_sattr(p, args->sattr);
-+ p = xdr_encode_sattr(p, args->sattr,
-+ req->rq_task->tk_client->cl_tag);
- *p++ = htonl(args->guard);
- if (args->guard)
- p = xdr_encode_time3(p, &args->guardtime);
-@@ -383,7 +387,8 @@ nfs3_xdr_createargs(struct rpc_rqst *req
- *p++ = args->verifier[0];
- *p++ = args->verifier[1];
- } else
-- p = xdr_encode_sattr(p, args->sattr);
-+ p = xdr_encode_sattr(p, args->sattr,
-+ req->rq_task->tk_client->cl_tag);
+ encode_nfs_fh3(xdr, args->fh);
+- encode_sattr3(xdr, args->sattr);
++ encode_sattr3(xdr, args->sattr, req->rq_task->tk_client->cl_tag);
+ encode_sattrguard3(xdr, args);
+ }
- req->rq_slen = xdr_adjust_iovec(req->rq_svec, p);
- return 0;
-@@ -397,7 +402,8 @@ nfs3_xdr_mkdirargs(struct rpc_rqst *req,
+@@ -1037,13 +1043,13 @@ static void nfs3_xdr_enc_write3args(stru
+ * };
+ */
+ static void encode_createhow3(struct xdr_stream *xdr,
+- const struct nfs3_createargs *args)
++ const struct nfs3_createargs *args, int tag)
{
- p = xdr_encode_fhandle(p, args->fh);
- p = xdr_encode_array(p, args->name, args->len);
-- p = xdr_encode_sattr(p, args->sattr);
-+ p = xdr_encode_sattr(p, args->sattr,
-+ req->rq_task->tk_client->cl_tag);
- req->rq_slen = xdr_adjust_iovec(req->rq_svec, p);
- return 0;
+ encode_uint32(xdr, args->createmode);
+ switch (args->createmode) {
+ case NFS3_CREATE_UNCHECKED:
+ case NFS3_CREATE_GUARDED:
+- encode_sattr3(xdr, args->sattr);
++ encode_sattr3(xdr, args->sattr, tag);
+ break;
+ case NFS3_CREATE_EXCLUSIVE:
+ encode_createverf3(xdr, args->verifier);
+@@ -1058,7 +1064,7 @@ static void nfs3_xdr_enc_create3args(str
+ const struct nfs3_createargs *args)
+ {
+ encode_diropargs3(xdr, args->fh, args->name, args->len);
+- encode_createhow3(xdr, args);
++ encode_createhow3(xdr, args, req->rq_task->tk_client->cl_tag);
}
-@@ -410,7 +416,8 @@ nfs3_xdr_symlinkargs(struct rpc_rqst *re
+
+ /*
+@@ -1074,7 +1080,7 @@ static void nfs3_xdr_enc_mkdir3args(stru
+ const struct nfs3_mkdirargs *args)
{
- p = xdr_encode_fhandle(p, args->fromfh);
- p = xdr_encode_array(p, args->fromname, args->fromlen);
-- p = xdr_encode_sattr(p, args->sattr);
-+ p = xdr_encode_sattr(p, args->sattr,
-+ req->rq_task->tk_client->cl_tag);
- *p++ = htonl(args->pathlen);
- req->rq_slen = xdr_adjust_iovec(req->rq_svec, p);
-
-@@ -428,7 +435,8 @@ nfs3_xdr_mknodargs(struct rpc_rqst *req,
- p = xdr_encode_fhandle(p, args->fh);
- p = xdr_encode_array(p, args->name, args->len);
- *p++ = htonl(args->type);
-- p = xdr_encode_sattr(p, args->sattr);
-+ p = xdr_encode_sattr(p, args->sattr,
-+ req->rq_task->tk_client->cl_tag);
- if (args->type == NF3CHR || args->type == NF3BLK) {
- *p++ = htonl(MAJOR(args->rdev));
- *p++ = htonl(MINOR(args->rdev));
-diff -NurpP --minimal linux-2.6.35.4/fs/nfs/nfsroot.c linux-2.6.35.4-vs2.3.0.36.32/fs/nfs/nfsroot.c
---- linux-2.6.35.4/fs/nfs/nfsroot.c 2010-08-02 16:52:50.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/nfs/nfsroot.c 2010-08-02 17:05:06.000000000 +0200
-@@ -122,12 +122,12 @@ static int mount_port __initdata = 0; /
- enum {
- /* Options that take integer arguments */
- Opt_port, Opt_rsize, Opt_wsize, Opt_timeo, Opt_retrans, Opt_acregmin,
-- Opt_acregmax, Opt_acdirmin, Opt_acdirmax,
-+ Opt_acregmax, Opt_acdirmin, Opt_acdirmax, Opt_tagid,
- /* Options that take no arguments */
- Opt_soft, Opt_hard, Opt_intr,
- Opt_nointr, Opt_posix, Opt_noposix, Opt_cto, Opt_nocto, Opt_ac,
- Opt_noac, Opt_lock, Opt_nolock, Opt_v2, Opt_v3, Opt_udp, Opt_tcp,
-- Opt_acl, Opt_noacl,
-+ Opt_acl, Opt_noacl, Opt_tag, Opt_notag,
- /* Error token */
- Opt_err
- };
-@@ -164,6 +164,9 @@ static const match_table_t tokens __init
- {Opt_tcp, "tcp"},
- {Opt_acl, "acl"},
- {Opt_noacl, "noacl"},
-+ {Opt_tag, "tag"},
-+ {Opt_notag, "notag"},
-+ {Opt_tagid, "tagid=%u"},
- {Opt_err, NULL}
-
- };
-@@ -275,6 +278,20 @@ static int __init root_nfs_parse(char *n
- case Opt_noacl:
- nfs_data.flags |= NFS_MOUNT_NOACL;
- break;
-+#ifndef CONFIG_TAGGING_NONE
-+ case Opt_tag:
-+ nfs_data.flags |= NFS_MOUNT_TAGGED;
-+ break;
-+ case Opt_notag:
-+ nfs_data.flags &= ~NFS_MOUNT_TAGGED;
-+ break;
-+#endif
-+#ifdef CONFIG_PROPAGATE
-+ case Opt_tagid:
-+ /* use args[0] */
-+ nfs_data.flags |= NFS_MOUNT_TAGGED;
-+ break;
-+#endif
- default:
- printk(KERN_WARNING "Root-NFS: unknown "
- "option: %s\n", p);
-diff -NurpP --minimal linux-2.6.35.4/fs/nfs/super.c linux-2.6.35.4-vs2.3.0.36.32/fs/nfs/super.c
---- linux-2.6.35.4/fs/nfs/super.c 2010-09-05 01:41:57.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/nfs/super.c 2010-09-06 02:59:52.000000000 +0200
-@@ -54,6 +54,7 @@
- #include <linux/nfs_xdr.h>
- #include <linux/magic.h>
+ encode_diropargs3(xdr, args->fh, args->name, args->len);
+- encode_sattr3(xdr, args->sattr);
++ encode_sattr3(xdr, args->sattr, req->rq_task->tk_client->cl_tag);
+ }
+
+ /*
+@@ -1091,9 +1097,9 @@ static void nfs3_xdr_enc_mkdir3args(stru
+ * };
+ */
+ static void encode_symlinkdata3(struct xdr_stream *xdr,
+- const struct nfs3_symlinkargs *args)
++ const struct nfs3_symlinkargs *args, int tag)
+ {
+- encode_sattr3(xdr, args->sattr);
++ encode_sattr3(xdr, args->sattr, tag);
+ encode_nfspath3(xdr, args->pages, args->pathlen);
+ }
+
+@@ -1102,7 +1108,7 @@ static void nfs3_xdr_enc_symlink3args(st
+ const struct nfs3_symlinkargs *args)
+ {
+ encode_diropargs3(xdr, args->fromfh, args->fromname, args->fromlen);
+- encode_symlinkdata3(xdr, args);
++ encode_symlinkdata3(xdr, args, req->rq_task->tk_client->cl_tag);
+ }
+
+ /*
+@@ -1130,24 +1136,24 @@ static void nfs3_xdr_enc_symlink3args(st
+ * };
+ */
+ static void encode_devicedata3(struct xdr_stream *xdr,
+- const struct nfs3_mknodargs *args)
++ const struct nfs3_mknodargs *args, int tag)
+ {
+- encode_sattr3(xdr, args->sattr);
++ encode_sattr3(xdr, args->sattr, tag);
+ encode_specdata3(xdr, args->rdev);
+ }
+
+ static void encode_mknoddata3(struct xdr_stream *xdr,
+- const struct nfs3_mknodargs *args)
++ const struct nfs3_mknodargs *args, int tag)
+ {
+ encode_ftype3(xdr, args->type);
+ switch (args->type) {
+ case NF3CHR:
+ case NF3BLK:
+- encode_devicedata3(xdr, args);
++ encode_devicedata3(xdr, args, tag);
+ break;
+ case NF3SOCK:
+ case NF3FIFO:
+- encode_sattr3(xdr, args->sattr);
++ encode_sattr3(xdr, args->sattr, tag);
+ break;
+ case NF3REG:
+ case NF3DIR:
+@@ -1162,7 +1168,7 @@ static void nfs3_xdr_enc_mknod3args(stru
+ const struct nfs3_mknodargs *args)
+ {
+ encode_diropargs3(xdr, args->fh, args->name, args->len);
+- encode_mknoddata3(xdr, args);
++ encode_mknoddata3(xdr, args, req->rq_task->tk_client->cl_tag);
+ }
+
+ /*
+diff -NurpP --minimal linux-3.9.4/fs/nfs/super.c linux-3.9.4-vs2.3.6.2/fs/nfs/super.c
+--- linux-3.9.4/fs/nfs/super.c 2013-05-31 13:45:24.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/nfs/super.c 2013-05-31 15:41:34.000000000 +0000
+@@ -55,6 +55,7 @@
#include <linux/parser.h>
+ #include <linux/nsproxy.h>
+ #include <linux/rcupdate.h>
+#include <linux/vs_tag.h>
- #include <asm/system.h>
#include <asm/uaccess.h>
-@@ -606,6 +607,7 @@ static void nfs_show_mount_options(struc
+
+@@ -103,6 +104,7 @@ enum {
+ Opt_mountport,
+ Opt_mountvers,
+ Opt_minorversion,
++ Opt_tagid,
+
+ /* Mount options that take string arguments */
+ Opt_nfsvers,
+@@ -115,6 +117,9 @@ enum {
+ /* Special mount options */
+ Opt_userspace, Opt_deprecated, Opt_sloppy,
+
++ /* Linux-VServer tagging options */
++ Opt_tag, Opt_notag,
++
+ Opt_err
+ };
+
+@@ -184,6 +189,10 @@ static const match_table_t nfs_mount_opt
+ { Opt_fscache_uniq, "fsc=%s" },
+ { Opt_local_lock, "local_lock=%s" },
+
++ { Opt_tag, "tag" },
++ { Opt_notag, "notag" },
++ { Opt_tagid, "tagid=%u" },
++
+ /* The following needs to be listed after all other options */
+ { Opt_nfsvers, "v%s" },
+
+@@ -635,6 +644,7 @@ static void nfs_show_mount_options(struc
{ NFS_MOUNT_NORDIRPLUS, ",nordirplus", "" },
{ NFS_MOUNT_UNSHARED, ",nosharecache", "" },
{ NFS_MOUNT_NORESVPORT, ",noresvport", "" },
{ 0, NULL, NULL }
};
const struct proc_nfs_info *nfs_infop;
-diff -NurpP --minimal linux-2.6.35.4/fs/nfsd/auth.c linux-2.6.35.4-vs2.3.0.36.32/fs/nfsd/auth.c
---- linux-2.6.35.4/fs/nfsd/auth.c 2010-02-25 11:52:05.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/nfsd/auth.c 2010-08-02 17:05:06.000000000 +0200
-@@ -1,6 +1,7 @@
- /* Copyright (C) 1995, 1996 Olaf Kirch <okir@monad.swb.de> */
+@@ -1261,6 +1271,14 @@ static int nfs_parse_mount_options(char
+ case Opt_nomigration:
+ mnt->options &= NFS_OPTION_MIGRATION;
+ break;
++#ifndef CONFIG_TAGGING_NONE
++ case Opt_tag:
++ mnt->flags |= NFS_MOUNT_TAGGED;
++ break;
++ case Opt_notag:
++ mnt->flags &= ~NFS_MOUNT_TAGGED;
++ break;
++#endif
+
+ /*
+ * options that take numeric values
+@@ -1347,6 +1365,12 @@ static int nfs_parse_mount_options(char
+ goto out_invalid_value;
+ mnt->minorversion = option;
+ break;
++#ifdef CONFIG_PROPAGATE
++ case Opt_tagid:
++ /* use args[0] */
++ nfs_data.flags |= NFS_MOUNT_TAGGED;
++ break;
++#endif
+
+ /*
+ * options that take text values
+diff -NurpP --minimal linux-3.9.4/fs/nfsd/auth.c linux-3.9.4-vs2.3.6.2/fs/nfsd/auth.c
+--- linux-3.9.4/fs/nfsd/auth.c 2013-05-31 13:45:24.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/nfsd/auth.c 2013-05-31 14:47:11.000000000 +0000
+@@ -2,6 +2,7 @@
#include <linux/sched.h>
+ #include <linux/user_namespace.h>
+#include <linux/vs_tag.h>
#include "nfsd.h"
#include "auth.h"
-@@ -36,6 +37,9 @@ int nfsd_setuser(struct svc_rqst *rqstp,
+@@ -37,6 +38,9 @@ int nfsd_setuser(struct svc_rqst *rqstp,
new->fsuid = rqstp->rq_cred.cr_uid;
new->fsgid = rqstp->rq_cred.cr_gid;
rqgi = rqstp->rq_cred.cr_group_info;
-diff -NurpP --minimal linux-2.6.35.4/fs/nfsd/nfs3xdr.c linux-2.6.35.4-vs2.3.0.36.32/fs/nfsd/nfs3xdr.c
---- linux-2.6.35.4/fs/nfsd/nfs3xdr.c 2010-02-25 11:52:05.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/nfsd/nfs3xdr.c 2010-08-02 17:05:06.000000000 +0200
-@@ -7,6 +7,7 @@
- */
+diff -NurpP --minimal linux-3.9.4/fs/nfsd/nfs3xdr.c linux-3.9.4-vs2.3.6.2/fs/nfsd/nfs3xdr.c
+--- linux-3.9.4/fs/nfsd/nfs3xdr.c 2013-05-31 13:45:24.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/nfsd/nfs3xdr.c 2013-05-31 16:17:38.000000000 +0000
+@@ -8,6 +8,7 @@
#include <linux/namei.h>
+ #include <linux/sunrpc/svc_xprt.h>
+#include <linux/vs_tag.h>
#include "xdr3.h"
#include "auth.h"
-
-@@ -95,6 +96,8 @@ static __be32 *
+ #include "netns.h"
+@@ -98,6 +99,8 @@ static __be32 *
decode_sattr3(__be32 *p, struct iattr *iap)
{
u32 tmp;
iap->ia_valid = 0;
-@@ -104,12 +107,15 @@ decode_sattr3(__be32 *p, struct iattr *i
+@@ -106,15 +109,18 @@ decode_sattr3(__be32 *p, struct iattr *i
+ iap->ia_mode = ntohl(*p++);
}
if (*p++) {
- iap->ia_valid |= ATTR_UID;
-- iap->ia_uid = ntohl(*p++);
-+ uid = ntohl(*p++);
+- iap->ia_uid = make_kuid(&init_user_ns, ntohl(*p++));
++ uid = make_kuid(&init_user_ns, ntohl(*p++));
+ if (uid_valid(iap->ia_uid))
+ iap->ia_valid |= ATTR_UID;
}
if (*p++) {
- iap->ia_valid |= ATTR_GID;
-- iap->ia_gid = ntohl(*p++);
-+ gid = ntohl(*p++);
+- iap->ia_gid = make_kgid(&init_user_ns, ntohl(*p++));
++ gid = make_kgid(&init_user_ns, ntohl(*p++));
+ if (gid_valid(iap->ia_gid))
+ iap->ia_valid |= ATTR_GID;
}
+ iap->ia_uid = INOTAG_UID(DX_TAG_NFSD, uid, gid);
+ iap->ia_gid = INOTAG_GID(DX_TAG_NFSD, uid, gid);
if (*p++) {
u64 newsize;
-@@ -165,8 +171,12 @@ encode_fattr3(struct svc_rqst *rqstp, __
+@@ -170,8 +176,12 @@ encode_fattr3(struct svc_rqst *rqstp, __
*p++ = htonl(nfs3_ftypes[(stat->mode & S_IFMT) >> 12]);
*p++ = htonl((u32) stat->mode);
*p++ = htonl((u32) stat->nlink);
-- *p++ = htonl((u32) nfsd_ruid(rqstp, stat->uid));
-- *p++ = htonl((u32) nfsd_rgid(rqstp, stat->gid));
-+ *p++ = htonl((u32) nfsd_ruid(rqstp,
+- *p++ = htonl((u32) from_kuid(&init_user_ns, stat->uid));
+- *p++ = htonl((u32) from_kgid(&init_user_ns, stat->gid));
++ *p++ = htonl((u32) from_kuid(&init_user_ns,
+ TAGINO_UID(0 /* FIXME: DX_TAG(dentry->d_inode) */,
+ stat->uid, stat->tag)));
-+ *p++ = htonl((u32) nfsd_rgid(rqstp,
++ *p++ = htonl((u32) from_kgid(&init_user_ns,
+ TAGINO_GID(0 /* FIXME: DX_TAG(dentry->d_inode) */,
+ stat->gid, stat->tag)));
if (S_ISLNK(stat->mode) && stat->size > NFS3_MAXPATHLEN) {
p = xdr_encode_hyper(p, (u64) NFS3_MAXPATHLEN);
} else {
-diff -NurpP --minimal linux-2.6.35.4/fs/nfsd/nfs4xdr.c linux-2.6.35.4-vs2.3.0.36.32/fs/nfsd/nfs4xdr.c
---- linux-2.6.35.4/fs/nfsd/nfs4xdr.c 2010-08-02 16:52:50.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/nfsd/nfs4xdr.c 2010-08-02 17:05:06.000000000 +0200
-@@ -47,6 +47,7 @@
- #include <linux/nfsd_idmap.h>
- #include <linux/nfs4_acl.h>
+diff -NurpP --minimal linux-3.9.4/fs/nfsd/nfs4xdr.c linux-3.9.4-vs2.3.6.2/fs/nfsd/nfs4xdr.c
+--- linux-3.9.4/fs/nfsd/nfs4xdr.c 2013-05-31 14:22:27.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/nfsd/nfs4xdr.c 2013-05-31 14:47:11.000000000 +0000
+@@ -46,6 +46,7 @@
+ #include <linux/utsname.h>
+ #include <linux/pagemap.h>
#include <linux/sunrpc/svcauth_gss.h>
+#include <linux/vs_tag.h>
- #include "xdr4.h"
- #include "vfs.h"
-@@ -2053,14 +2054,18 @@ out_acl:
+ #include "idmap.h"
+ #include "acl.h"
+@@ -2349,14 +2350,18 @@ out_acl:
WRITE32(stat.nlink);
}
if (bmval1 & FATTR4_WORD1_OWNER) {
if (status == nfserr_resource)
goto out_resource;
if (status)
-diff -NurpP --minimal linux-2.6.35.4/fs/nfsd/nfsxdr.c linux-2.6.35.4-vs2.3.0.36.32/fs/nfsd/nfsxdr.c
---- linux-2.6.35.4/fs/nfsd/nfsxdr.c 2010-02-25 11:52:05.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/nfsd/nfsxdr.c 2010-08-02 17:05:06.000000000 +0200
-@@ -6,6 +6,7 @@
-
+diff -NurpP --minimal linux-3.9.4/fs/nfsd/nfsxdr.c linux-3.9.4-vs2.3.6.2/fs/nfsd/nfsxdr.c
+--- linux-3.9.4/fs/nfsd/nfsxdr.c 2013-05-31 13:45:24.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/nfsd/nfsxdr.c 2013-05-31 16:20:53.000000000 +0000
+@@ -7,6 +7,7 @@
+ #include "vfs.h"
#include "xdr.h"
#include "auth.h"
+#include <linux/vs_tag.h>
#define NFSDDBG_FACILITY NFSDDBG_XDR
-@@ -88,6 +89,8 @@ static __be32 *
+@@ -89,6 +90,8 @@ static __be32 *
decode_sattr(__be32 *p, struct iattr *iap)
{
u32 tmp, tmp1;
iap->ia_valid = 0;
-@@ -101,12 +104,15 @@ decode_sattr(__be32 *p, struct iattr *ia
+@@ -101,15 +104,18 @@ decode_sattr(__be32 *p, struct iattr *ia
+ iap->ia_mode = tmp;
}
if ((tmp = ntohl(*p++)) != (u32)-1) {
- iap->ia_valid |= ATTR_UID;
-- iap->ia_uid = tmp;
-+ uid = tmp;
+- iap->ia_uid = make_kuid(&init_user_ns, tmp);
++ uid = make_kuid(&init_user_ns, tmp);
+ if (uid_valid(iap->ia_uid))
+ iap->ia_valid |= ATTR_UID;
}
if ((tmp = ntohl(*p++)) != (u32)-1) {
- iap->ia_valid |= ATTR_GID;
-- iap->ia_gid = tmp;
-+ gid = tmp;
+- iap->ia_gid = make_kgid(&init_user_ns, tmp);
++ gid = make_kgid(&init_user_ns, tmp);
+ if (gid_valid(iap->ia_gid))
+ iap->ia_valid |= ATTR_GID;
}
+ iap->ia_uid = INOTAG_UID(DX_TAG_NFSD, uid, gid);
+ iap->ia_gid = INOTAG_GID(DX_TAG_NFSD, uid, gid);
if ((tmp = ntohl(*p++)) != (u32)-1) {
iap->ia_valid |= ATTR_SIZE;
iap->ia_size = tmp;
-@@ -151,8 +157,10 @@ encode_fattr(struct svc_rqst *rqstp, __b
+@@ -154,8 +160,10 @@ encode_fattr(struct svc_rqst *rqstp, __b
*p++ = htonl(nfs_ftypes[type >> 12]);
*p++ = htonl((u32) stat->mode);
*p++ = htonl((u32) stat->nlink);
-- *p++ = htonl((u32) nfsd_ruid(rqstp, stat->uid));
-- *p++ = htonl((u32) nfsd_rgid(rqstp, stat->gid));
-+ *p++ = htonl((u32) nfsd_ruid(rqstp,
+- *p++ = htonl((u32) from_kuid(&init_user_ns, stat->uid));
+- *p++ = htonl((u32) from_kgid(&init_user_ns, stat->gid));
++ *p++ = htonl((u32) from_kuid(&init_user_ns,
+ TAGINO_UID(DX_TAG(dentry->d_inode), stat->uid, stat->tag)));
-+ *p++ = htonl((u32) nfsd_rgid(rqstp,
++ *p++ = htonl((u32) from_kgid(&init_user_ns,
+ TAGINO_GID(DX_TAG(dentry->d_inode), stat->gid, stat->tag)));
if (S_ISLNK(type) && stat->size > NFS_MAXPATHLEN) {
*p++ = htonl(NFS_MAXPATHLEN);
-diff -NurpP --minimal linux-2.6.35.4/fs/ocfs2/dlmglue.c linux-2.6.35.4-vs2.3.0.36.32/fs/ocfs2/dlmglue.c
---- linux-2.6.35.4/fs/ocfs2/dlmglue.c 2010-08-02 16:52:51.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/ocfs2/dlmglue.c 2010-08-02 17:05:06.000000000 +0200
-@@ -2114,6 +2114,7 @@ static void __ocfs2_stuff_meta_lvb(struc
+diff -NurpP --minimal linux-3.9.4/fs/ocfs2/dlmglue.c linux-3.9.4-vs2.3.6.2/fs/ocfs2/dlmglue.c
+--- linux-3.9.4/fs/ocfs2/dlmglue.c 2013-05-31 13:45:24.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/ocfs2/dlmglue.c 2013-05-31 15:47:29.000000000 +0000
+@@ -2047,6 +2047,7 @@ static void __ocfs2_stuff_meta_lvb(struc
lvb->lvb_iclusters = cpu_to_be32(oi->ip_clusters);
- lvb->lvb_iuid = cpu_to_be32(inode->i_uid);
- lvb->lvb_igid = cpu_to_be32(inode->i_gid);
+ lvb->lvb_iuid = cpu_to_be32(i_uid_read(inode));
+ lvb->lvb_igid = cpu_to_be32(i_gid_read(inode));
+ lvb->lvb_itag = cpu_to_be16(inode->i_tag);
lvb->lvb_imode = cpu_to_be16(inode->i_mode);
lvb->lvb_inlink = cpu_to_be16(inode->i_nlink);
lvb->lvb_iatime_packed =
-@@ -2168,6 +2169,7 @@ static void ocfs2_refresh_inode_from_lvb
+@@ -2097,6 +2098,7 @@ static void ocfs2_refresh_inode_from_lvb
- inode->i_uid = be32_to_cpu(lvb->lvb_iuid);
- inode->i_gid = be32_to_cpu(lvb->lvb_igid);
-+ inode->i_tag = be16_to_cpu(lvb->lvb_itag);
+ i_uid_write(inode, be32_to_cpu(lvb->lvb_iuid));
+ i_gid_write(inode, be32_to_cpu(lvb->lvb_igid));
++ i_tag_write(inode, be16_to_cpu(lvb->lvb_itag));
inode->i_mode = be16_to_cpu(lvb->lvb_imode);
- inode->i_nlink = be16_to_cpu(lvb->lvb_inlink);
+ set_nlink(inode, be16_to_cpu(lvb->lvb_inlink));
ocfs2_unpack_timespec(&inode->i_atime,
-diff -NurpP --minimal linux-2.6.35.4/fs/ocfs2/dlmglue.h linux-2.6.35.4-vs2.3.0.36.32/fs/ocfs2/dlmglue.h
---- linux-2.6.35.4/fs/ocfs2/dlmglue.h 2009-12-03 20:02:53.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/ocfs2/dlmglue.h 2010-08-02 17:05:06.000000000 +0200
+diff -NurpP --minimal linux-3.9.4/fs/ocfs2/dlmglue.h linux-3.9.4-vs2.3.6.2/fs/ocfs2/dlmglue.h
+--- linux-3.9.4/fs/ocfs2/dlmglue.h 2012-12-11 03:30:57.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/ocfs2/dlmglue.h 2013-05-31 14:47:11.000000000 +0000
@@ -46,7 +46,8 @@ struct ocfs2_meta_lvb {
__be16 lvb_inlink;
__be32 lvb_iattr;
};
#define OCFS2_QINFO_LVB_VERSION 1
-diff -NurpP --minimal linux-2.6.35.4/fs/ocfs2/file.c linux-2.6.35.4-vs2.3.0.36.32/fs/ocfs2/file.c
---- linux-2.6.35.4/fs/ocfs2/file.c 2010-08-02 16:52:51.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/ocfs2/file.c 2010-08-02 17:05:06.000000000 +0200
-@@ -1129,13 +1129,15 @@ int ocfs2_setattr(struct dentry *dentry,
- mlog(0, "uid change: %d\n", attr->ia_uid);
- if (attr->ia_valid & ATTR_GID)
- mlog(0, "gid change: %d\n", attr->ia_gid);
-+ if (attr->ia_valid & ATTR_TAG)
-+ mlog(0, "tag change: %d\n", attr->ia_tag);
- if (attr->ia_valid & ATTR_SIZE)
- mlog(0, "size change...\n");
- if (attr->ia_valid & (ATTR_ATIME | ATTR_MTIME | ATTR_CTIME))
- mlog(0, "time change...\n");
+diff -NurpP --minimal linux-3.9.4/fs/ocfs2/file.c linux-3.9.4-vs2.3.6.2/fs/ocfs2/file.c
+--- linux-3.9.4/fs/ocfs2/file.c 2013-05-31 13:45:24.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/ocfs2/file.c 2013-05-31 14:47:11.000000000 +0000
+@@ -1124,7 +1124,7 @@ int ocfs2_setattr(struct dentry *dentry,
+ attr->ia_valid &= ~ATTR_SIZE;
#define OCFS2_VALID_ATTRS (ATTR_ATIME | ATTR_MTIME | ATTR_CTIME | ATTR_SIZE \
- | ATTR_GID | ATTR_UID | ATTR_MODE)
+ | ATTR_GID | ATTR_UID | ATTR_TAG | ATTR_MODE)
- if (!(attr->ia_valid & OCFS2_VALID_ATTRS)) {
- mlog(0, "can't handle attrs: 0x%x\n", attr->ia_valid);
+ if (!(attr->ia_valid & OCFS2_VALID_ATTRS))
return 0;
-diff -NurpP --minimal linux-2.6.35.4/fs/ocfs2/inode.c linux-2.6.35.4-vs2.3.0.36.32/fs/ocfs2/inode.c
---- linux-2.6.35.4/fs/ocfs2/inode.c 2010-08-02 16:52:51.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/ocfs2/inode.c 2010-08-02 17:05:06.000000000 +0200
+
+diff -NurpP --minimal linux-3.9.4/fs/ocfs2/inode.c linux-3.9.4-vs2.3.6.2/fs/ocfs2/inode.c
+--- linux-3.9.4/fs/ocfs2/inode.c 2013-05-31 13:45:24.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/ocfs2/inode.c 2013-05-31 20:39:47.000000000 +0000
@@ -28,6 +28,7 @@
#include <linux/highmem.h>
#include <linux/pagemap.h>
#include <asm/byteorder.h>
-@@ -78,11 +79,13 @@ void ocfs2_set_inode_flags(struct inode
+@@ -78,11 +79,13 @@ void ocfs2_set_inode_flags(struct inode
{
unsigned int flags = OCFS2_I(inode)->ip_attr;
if (flags & OCFS2_SYNC_FL)
inode->i_flags |= S_SYNC;
-@@ -92,25 +95,44 @@ void ocfs2_set_inode_flags(struct inode
+@@ -92,25 +95,44 @@ void ocfs2_set_inode_flags(struct inode
inode->i_flags |= S_NOATIME;
if (flags & OCFS2_DIRSYNC_FL)
inode->i_flags |= S_DIRSYNC;
}
struct inode *ocfs2_ilookup(struct super_block *sb, u64 blkno)
-@@ -245,6 +267,8 @@ void ocfs2_populate_inode(struct inode *
+@@ -241,6 +263,8 @@ void ocfs2_populate_inode(struct inode *
struct super_block *sb;
struct ocfs2_super *osb;
int use_plocks = 1;
+ uid_t uid;
+ gid_t gid;
- mlog_entry("(0x%p, size:%llu)\n", inode,
- (unsigned long long)le64_to_cpu(fe->i_size));
-@@ -276,8 +300,12 @@ void ocfs2_populate_inode(struct inode *
+ sb = inode->i_sb;
+ osb = OCFS2_SB(sb);
+@@ -269,8 +293,12 @@ void ocfs2_populate_inode(struct inode *
inode->i_generation = le32_to_cpu(fe->i_generation);
inode->i_rdev = huge_decode_dev(le64_to_cpu(fe->id1.dev1.i_rdev));
inode->i_mode = le16_to_cpu(fe->i_mode);
-- inode->i_uid = le32_to_cpu(fe->i_uid);
-- inode->i_gid = le32_to_cpu(fe->i_gid);
+- i_uid_write(inode, le32_to_cpu(fe->i_uid));
+- i_gid_write(inode, le32_to_cpu(fe->i_gid));
+ uid = le32_to_cpu(fe->i_uid);
+ gid = le32_to_cpu(fe->i_gid);
-+ inode->i_uid = INOTAG_UID(DX_TAG(inode), uid, gid);
-+ inode->i_gid = INOTAG_GID(DX_TAG(inode), uid, gid);
-+ inode->i_tag = INOTAG_TAG(DX_TAG(inode), uid, gid,
-+ /* le16_to_cpu(raw_inode->i_raw_tag)i */ 0);
++ i_uid_write(inode, INOTAG_UID(DX_TAG(inode), uid, gid));
++ i_gid_write(inode, INOTAG_GID(DX_TAG(inode), uid, gid));
++ i_tag_write(inode, INOTAG_TAG(DX_TAG(inode), uid, gid,
++ /* le16_to_cpu(raw_inode->i_raw_tag) */ 0));
/* Fast symlinks will have i_size but no allocated clusters. */
- if (S_ISLNK(inode->i_mode) && !fe->i_clusters)
-diff -NurpP --minimal linux-2.6.35.4/fs/ocfs2/inode.h linux-2.6.35.4-vs2.3.0.36.32/fs/ocfs2/inode.h
---- linux-2.6.35.4/fs/ocfs2/inode.h 2010-08-02 16:52:51.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/ocfs2/inode.h 2010-08-02 17:05:06.000000000 +0200
+ if (S_ISLNK(inode->i_mode) && !fe->i_clusters) {
+diff -NurpP --minimal linux-3.9.4/fs/ocfs2/inode.h linux-3.9.4-vs2.3.6.2/fs/ocfs2/inode.h
+--- linux-3.9.4/fs/ocfs2/inode.h 2012-12-11 03:30:57.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/ocfs2/inode.h 2013-05-31 14:47:11.000000000 +0000
@@ -154,6 +154,7 @@ struct buffer_head *ocfs2_bread(struct i
void ocfs2_set_inode_flags(struct inode *inode);
static inline blkcnt_t ocfs2_inode_sector_count(struct inode *inode)
{
-diff -NurpP --minimal linux-2.6.35.4/fs/ocfs2/ioctl.c linux-2.6.35.4-vs2.3.0.36.32/fs/ocfs2/ioctl.c
---- linux-2.6.35.4/fs/ocfs2/ioctl.c 2010-02-25 11:52:06.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/ocfs2/ioctl.c 2010-08-02 17:05:06.000000000 +0200
-@@ -43,7 +43,41 @@ static int ocfs2_get_inode_attr(struct i
+diff -NurpP --minimal linux-3.9.4/fs/ocfs2/ioctl.c linux-3.9.4-vs2.3.6.2/fs/ocfs2/ioctl.c
+--- linux-3.9.4/fs/ocfs2/ioctl.c 2013-05-31 13:45:24.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/ocfs2/ioctl.c 2013-05-31 14:47:11.000000000 +0000
+@@ -76,7 +76,41 @@ static int ocfs2_get_inode_attr(struct i
return status;
}
unsigned mask)
{
struct ocfs2_inode_info *ocfs2_inode = OCFS2_I(inode);
-@@ -68,6 +102,11 @@ static int ocfs2_set_inode_attr(struct i
+@@ -101,6 +135,11 @@ static int ocfs2_set_inode_attr(struct i
if (!S_ISDIR(inode->i_mode))
flags &= ~OCFS2_DIRSYNC_FL;
handle = ocfs2_start_trans(osb, OCFS2_INODE_UPDATE_CREDITS);
if (IS_ERR(handle)) {
status = PTR_ERR(handle);
-@@ -109,6 +148,7 @@ bail:
+@@ -879,6 +918,7 @@ bail:
return status;
}
+
long ocfs2_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
{
- struct inode *inode = filp->f_path.dentry->d_inode;
-diff -NurpP --minimal linux-2.6.35.4/fs/ocfs2/namei.c linux-2.6.35.4-vs2.3.0.36.32/fs/ocfs2/namei.c
---- linux-2.6.35.4/fs/ocfs2/namei.c 2010-08-02 16:52:51.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/ocfs2/namei.c 2010-08-02 17:05:06.000000000 +0200
+ struct inode *inode = file_inode(filp);
+diff -NurpP --minimal linux-3.9.4/fs/ocfs2/namei.c linux-3.9.4-vs2.3.6.2/fs/ocfs2/namei.c
+--- linux-3.9.4/fs/ocfs2/namei.c 2013-05-31 13:45:24.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/ocfs2/namei.c 2013-05-31 15:52:25.000000000 +0000
@@ -41,6 +41,7 @@
#include <linux/slab.h>
#include <linux/highmem.h>
#include <linux/quotaops.h>
+#include <linux/vs_tag.h>
- #define MLOG_MASK_PREFIX ML_NAMEI
#include <cluster/masklog.h>
-@@ -487,6 +488,7 @@ static int ocfs2_mknod_locked(struct ocf
- u64 suballoc_loc, fe_blkno = 0;
- u16 suballoc_bit;
+
+@@ -475,6 +476,7 @@ static int __ocfs2_mknod_locked(struct i
+ struct ocfs2_dinode *fe = NULL;
+ struct ocfs2_extent_list *fel;
u16 feat;
+ tag_t tag;
*new_fe_bh = NULL;
-@@ -532,8 +534,11 @@ static int ocfs2_mknod_locked(struct ocf
+@@ -512,8 +514,11 @@ static int __ocfs2_mknod_locked(struct i
fe->i_suballoc_loc = cpu_to_le64(suballoc_loc);
fe->i_suballoc_bit = cpu_to_le16(suballoc_bit);
fe->i_suballoc_slot = cpu_to_le16(inode_ac->ac_alloc_slot);
-- fe->i_uid = cpu_to_le32(inode->i_uid);
-- fe->i_gid = cpu_to_le32(inode->i_gid);
+- fe->i_uid = cpu_to_le32(i_uid_read(inode));
+- fe->i_gid = cpu_to_le32(i_gid_read(inode));
+
+ tag = dx_current_fstag(osb->sb);
-+ fe->i_uid = cpu_to_le32(TAGINO_UID(DX_TAG(inode), inode->i_uid, tag));
-+ fe->i_gid = cpu_to_le32(TAGINO_GID(DX_TAG(inode), inode->i_gid, tag));
-+ inode->i_tag = tag;
++ fe->i_uid = cpu_to_le32(TAGINO_UID(DX_TAG(inode), i_uid_read(inode), tag));
++ fe->i_gid = cpu_to_le32(TAGINO_GID(DX_TAG(inode), i_gid_read(inode), tag));
++ inode->i_tag = tag; /* is this correct? */
fe->i_mode = cpu_to_le16(inode->i_mode);
if (S_ISCHR(inode->i_mode) || S_ISBLK(inode->i_mode))
fe->id1.dev1.i_rdev = cpu_to_le64(huge_encode_dev(dev));
-diff -NurpP --minimal linux-2.6.35.4/fs/ocfs2/ocfs2_fs.h linux-2.6.35.4-vs2.3.0.36.32/fs/ocfs2/ocfs2_fs.h
---- linux-2.6.35.4/fs/ocfs2/ocfs2_fs.h 2010-08-02 16:52:51.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/ocfs2/ocfs2_fs.h 2010-08-02 17:05:06.000000000 +0200
-@@ -235,18 +235,23 @@
- #define OCFS2_HAS_REFCOUNT_FL (0x0010)
-
- /* Inode attributes, keep in sync with EXT2 */
--#define OCFS2_SECRM_FL (0x00000001) /* Secure deletion */
--#define OCFS2_UNRM_FL (0x00000002) /* Undelete */
--#define OCFS2_COMPR_FL (0x00000004) /* Compress file */
--#define OCFS2_SYNC_FL (0x00000008) /* Synchronous updates */
--#define OCFS2_IMMUTABLE_FL (0x00000010) /* Immutable file */
--#define OCFS2_APPEND_FL (0x00000020) /* writes to file may only append */
--#define OCFS2_NODUMP_FL (0x00000040) /* do not dump file */
--#define OCFS2_NOATIME_FL (0x00000080) /* do not update atime */
--#define OCFS2_DIRSYNC_FL (0x00010000) /* dirsync behaviour (directories only) */
-+#define OCFS2_SECRM_FL FS_SECRM_FL /* Secure deletion */
-+#define OCFS2_UNRM_FL FS_UNRM_FL /* Undelete */
-+#define OCFS2_COMPR_FL FS_COMPR_FL /* Compress file */
-+#define OCFS2_SYNC_FL FS_SYNC_FL /* Synchronous updates */
-+#define OCFS2_IMMUTABLE_FL FS_IMMUTABLE_FL /* Immutable file */
-+#define OCFS2_APPEND_FL FS_APPEND_FL /* writes to file may only append */
-+#define OCFS2_NODUMP_FL FS_NODUMP_FL /* do not dump file */
-+#define OCFS2_NOATIME_FL FS_NOATIME_FL /* do not update atime */
-
--#define OCFS2_FL_VISIBLE (0x000100FF) /* User visible flags */
--#define OCFS2_FL_MODIFIABLE (0x000100FF) /* User modifiable flags */
-+#define OCFS2_DIRSYNC_FL FS_DIRSYNC_FL /* dirsync behaviour (directories only) */
-+#define OCFS2_IXUNLINK_FL FS_IXUNLINK_FL /* Immutable invert on unlink */
-+
-+#define OCFS2_BARRIER_FL FS_BARRIER_FL /* Barrier for chroot() */
-+#define OCFS2_COW_FL FS_COW_FL /* Copy on Write marker */
-+
-+#define OCFS2_FL_VISIBLE (0x010300FF) /* User visible flags */
-+#define OCFS2_FL_MODIFIABLE (0x010300FF) /* User modifiable flags */
-
- /*
- * Extent record flags (e_node.leaf.flags)
-diff -NurpP --minimal linux-2.6.35.4/fs/ocfs2/ocfs2.h linux-2.6.35.4-vs2.3.0.36.32/fs/ocfs2/ocfs2.h
---- linux-2.6.35.4/fs/ocfs2/ocfs2.h 2010-08-02 16:52:51.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/ocfs2/ocfs2.h 2010-08-02 17:05:06.000000000 +0200
-@@ -256,6 +256,7 @@ enum ocfs2_mount_options
- control lists */
- OCFS2_MOUNT_USRQUOTA = 1 << 10, /* We support user quotas */
- OCFS2_MOUNT_GRPQUOTA = 1 << 11, /* We support group quotas */
-+ OCFS2_MOUNT_TAGGED = 1 << 12, /* use tagging */
+diff -NurpP --minimal linux-3.9.4/fs/ocfs2/ocfs2.h linux-3.9.4-vs2.3.6.2/fs/ocfs2/ocfs2.h
+--- linux-3.9.4/fs/ocfs2/ocfs2.h 2012-12-11 03:30:57.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/ocfs2/ocfs2.h 2013-05-31 14:47:11.000000000 +0000
+@@ -272,6 +272,7 @@ enum ocfs2_mount_options
+ writes */
+ OCFS2_MOUNT_HB_NONE = 1 << 13, /* No heartbeat */
+ OCFS2_MOUNT_HB_GLOBAL = 1 << 14, /* Global heartbeat */
++ OCFS2_MOUNT_TAGGED = 1 << 15, /* use tagging */
};
#define OCFS2_OSB_SOFT_RO 0x0001
-diff -NurpP --minimal linux-2.6.35.4/fs/ocfs2/super.c linux-2.6.35.4-vs2.3.0.36.32/fs/ocfs2/super.c
---- linux-2.6.35.4/fs/ocfs2/super.c 2010-08-02 16:52:51.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/ocfs2/super.c 2010-08-02 18:00:11.000000000 +0200
-@@ -180,6 +180,7 @@ enum {
- Opt_grpquota,
+diff -NurpP --minimal linux-3.9.4/fs/ocfs2/ocfs2_fs.h linux-3.9.4-vs2.3.6.2/fs/ocfs2/ocfs2_fs.h
+--- linux-3.9.4/fs/ocfs2/ocfs2_fs.h 2012-12-11 03:30:57.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/ocfs2/ocfs2_fs.h 2013-05-31 14:47:11.000000000 +0000
+@@ -266,6 +266,11 @@
+ #define OCFS2_TOPDIR_FL FS_TOPDIR_FL /* Top of directory hierarchies*/
+ #define OCFS2_RESERVED_FL FS_RESERVED_FL /* reserved for ext2 lib */
+
++#define OCFS2_IXUNLINK_FL FS_IXUNLINK_FL /* Immutable invert on unlink */
++
++#define OCFS2_BARRIER_FL FS_BARRIER_FL /* Barrier for chroot() */
++#define OCFS2_COW_FL FS_COW_FL /* Copy on Write marker */
++
+ #define OCFS2_FL_VISIBLE FS_FL_USER_VISIBLE /* User visible flags */
+ #define OCFS2_FL_MODIFIABLE FS_FL_USER_MODIFIABLE /* User modifiable flags */
+
+diff -NurpP --minimal linux-3.9.4/fs/ocfs2/super.c linux-3.9.4-vs2.3.6.2/fs/ocfs2/super.c
+--- linux-3.9.4/fs/ocfs2/super.c 2013-05-31 13:45:25.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/ocfs2/super.c 2013-05-31 14:47:11.000000000 +0000
+@@ -185,6 +185,7 @@ enum {
+ Opt_coherency_full,
Opt_resv_level,
Opt_dir_resv_level,
+ Opt_tag, Opt_notag, Opt_tagid,
Opt_err,
};
-@@ -208,6 +209,9 @@ static const match_table_t tokens = {
- {Opt_grpquota, "grpquota"},
+@@ -216,6 +217,9 @@ static const match_table_t tokens = {
+ {Opt_coherency_full, "coherency=full"},
{Opt_resv_level, "resv_level=%u"},
{Opt_dir_resv_level, "dir_resv_level=%u"},
+ {Opt_tag, "tag"},
{Opt_err, NULL}
};
-@@ -618,6 +622,13 @@ static int ocfs2_remount(struct super_bl
+@@ -662,6 +666,13 @@ static int ocfs2_remount(struct super_bl
goto out;
}
+ goto out;
+ }
+
- if ((osb->s_mount_opt & OCFS2_MOUNT_HB_LOCAL) !=
- (parsed_options.mount_opt & OCFS2_MOUNT_HB_LOCAL)) {
- ret = -EINVAL;
-@@ -1154,6 +1165,9 @@ static int ocfs2_fill_super(struct super
+ /* We're going to/from readonly mode. */
+ if ((*flags & MS_RDONLY) != (sb->s_flags & MS_RDONLY)) {
+ /* Disable quota accounting before remounting RO */
+@@ -1177,6 +1188,9 @@ static int ocfs2_fill_super(struct super
ocfs2_complete_mount_recovery(osb);
if (ocfs2_mount_local(osb))
snprintf(nodestr, sizeof(nodestr), "local");
else
-@@ -1469,6 +1483,20 @@ static int ocfs2_parse_options(struct su
+@@ -1504,6 +1518,20 @@ static int ocfs2_parse_options(struct su
option < OCFS2_MAX_RESV_LEVEL)
mopt->dir_resv_level = option;
break;
default:
mlog(ML_ERROR,
"Unrecognized mount option \"%s\" "
-diff -NurpP --minimal linux-2.6.35.4/fs/open.c linux-2.6.35.4-vs2.3.0.36.32/fs/open.c
---- linux-2.6.35.4/fs/open.c 2010-08-02 16:52:51.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/open.c 2010-08-02 21:36:22.000000000 +0200
-@@ -29,6 +29,11 @@
- #include <linux/falloc.h>
- #include <linux/fs_struct.h>
+diff -NurpP --minimal linux-3.9.4/fs/open.c linux-3.9.4-vs2.3.6.2/fs/open.c
+--- linux-3.9.4/fs/open.c 2013-05-31 13:45:25.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/open.c 2013-06-01 08:41:29.000000000 +0000
+@@ -31,6 +31,11 @@
#include <linux/ima.h>
+ #include <linux/dnotify.h>
+ #include <linux/compat.h>
+#include <linux/vs_base.h>
+#include <linux/vs_limit.h>
+#include <linux/vs_tag.h>
#include "internal.h"
-@@ -481,6 +486,12 @@ SYSCALL_DEFINE3(fchmodat, int, dfd, cons
- error = user_path_at(dfd, filename, LOOKUP_FOLLOW, &path);
- if (error)
- goto out;
-+
+@@ -67,6 +72,11 @@ long vfs_truncate(struct path *path, lof
+ struct inode *inode;
+ long error;
+
+#ifdef CONFIG_VSERVER_COWBL
-+ error = cow_check_and_break(&path);
++ error = cow_check_and_break(path);
+ if (error)
-+ goto dput_and_out;
++ goto out;
+#endif
- inode = path.dentry->d_inode;
+ inode = path->dentry->d_inode;
- error = mnt_want_write(path.mnt);
-@@ -518,11 +529,11 @@ static int chown_common(struct path *pat
- newattrs.ia_valid = ATTR_CTIME;
- if (user != (uid_t) -1) {
+ /* For directories it's -EISDIR, for other non-regulars - -EINVAL */
+@@ -532,6 +542,13 @@ SYSCALL_DEFINE3(fchmodat, int, dfd, cons
+ unsigned int lookup_flags = LOOKUP_FOLLOW;
+ retry:
+ error = user_path_at(dfd, filename, lookup_flags, &path);
++#ifdef CONFIG_VSERVER_COWBL
++ if (!error) {
++ error = cow_check_and_break(&path);
++ if (error)
++ path_put(&path);
++ }
++#endif
+ if (!error) {
+ error = chmod_common(&path, mode);
+ path_put(&path);
+@@ -564,13 +581,15 @@ static int chown_common(struct path *pat
+ if (!uid_valid(uid))
+ return -EINVAL;
newattrs.ia_valid |= ATTR_UID;
-- newattrs.ia_uid = user;
-+ newattrs.ia_uid = dx_map_uid(user);
+- newattrs.ia_uid = uid;
++ newattrs.ia_uid = make_kuid(&init_user_ns,
++ dx_map_uid(user));
}
if (group != (gid_t) -1) {
+ if (!gid_valid(gid))
+ return -EINVAL;
newattrs.ia_valid |= ATTR_GID;
-- newattrs.ia_gid = group;
-+ newattrs.ia_gid = dx_map_gid(group);
+- newattrs.ia_gid = gid;
++ newattrs.ia_gid = make_kgid(&init_user_ns,
++ dx_map_gid(group));
}
if (!S_ISDIR(inode->i_mode))
newattrs.ia_valid |=
-@@ -547,6 +558,10 @@ SYSCALL_DEFINE3(chown, const char __user
+@@ -604,6 +623,18 @@ retry:
error = mnt_want_write(path.mnt);
if (error)
goto out_release;
+ error = cow_check_and_break(&path);
+ if (!error)
+#endif
- error = chown_common(&path, user, group);
- mnt_drop_write(path.mnt);
- out_release:
-@@ -572,6 +587,10 @@ SYSCALL_DEFINE5(fchownat, int, dfd, cons
- error = mnt_want_write(path.mnt);
- if (error)
- goto out_release;
+#ifdef CONFIG_VSERVER_COWBL
+ error = cow_check_and_break(&path);
+ if (!error)
+#endif
- error = chown_common(&path, user, group);
- mnt_drop_write(path.mnt);
- out_release:
-@@ -591,6 +610,10 @@ SYSCALL_DEFINE3(lchown, const char __use
- error = mnt_want_write(path.mnt);
- if (error)
- goto out_release;
+#ifdef CONFIG_VSERVER_COWBL
+ error = cow_check_and_break(&path);
+ if (!error)
error = chown_common(&path, user, group);
mnt_drop_write(path.mnt);
out_release:
-@@ -837,6 +860,7 @@ static void __put_unused_fd(struct files
- __FD_CLR(fd, fdt->open_fds);
- if (fd < files->next_fd)
- files->next_fd = fd;
-+ vx_openfd_dec(fd);
- }
-
- void put_unused_fd(unsigned int fd)
-diff -NurpP --minimal linux-2.6.35.4/fs/proc/array.c linux-2.6.35.4-vs2.3.0.36.32/fs/proc/array.c
---- linux-2.6.35.4/fs/proc/array.c 2010-08-02 16:52:51.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/proc/array.c 2010-08-02 17:05:06.000000000 +0200
-@@ -81,6 +81,8 @@
- #include <linux/pid_namespace.h>
+diff -NurpP --minimal linux-3.9.4/fs/proc/array.c linux-3.9.4-vs2.3.6.2/fs/proc/array.c
+--- linux-3.9.4/fs/proc/array.c 2013-05-31 13:45:25.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/proc/array.c 2013-05-31 14:47:11.000000000 +0000
+@@ -82,6 +82,8 @@
#include <linux/ptrace.h>
#include <linux/tracehook.h>
+ #include <linux/user_namespace.h>
+#include <linux/vs_context.h>
+#include <linux/vs_network.h>
#include <asm/pgtable.h>
#include <asm/processor.h>
-@@ -170,6 +172,9 @@ static inline void task_state(struct seq
+@@ -173,6 +175,9 @@ static inline void task_state(struct seq
rcu_read_lock();
ppid = pid_alive(p) ?
task_tgid_nr_ns(rcu_dereference(p->real_parent), ns) : 0;
+
tpid = 0;
if (pid_alive(p)) {
- struct task_struct *tracer = tracehook_tracer_task(p);
-@@ -287,7 +292,7 @@ static inline void task_sig(struct seq_f
+ struct task_struct *tracer = ptrace_parent(p);
+@@ -297,7 +302,7 @@ static inline void task_sig(struct seq_f
}
static void render_cap_t(struct seq_file *m, const char *header,
{
unsigned __capi;
-@@ -312,10 +317,11 @@ static inline void task_cap(struct seq_f
- cap_bset = cred->cap_bset;
- rcu_read_unlock();
+@@ -331,10 +336,11 @@ static inline void task_cap(struct seq_f
+ NORM_CAPS(cap_effective);
+ NORM_CAPS(cap_bset);
- render_cap_t(m, "CapInh:\t", &cap_inheritable);
- render_cap_t(m, "CapPrm:\t", &cap_permitted);
+ render_cap_t(m, "CapBnd:\t", p->vx_info, &cap_bset);
}
- static inline void task_context_switch_counts(struct seq_file *m,
-@@ -337,6 +343,42 @@ static void task_cpus_allowed(struct seq
- seq_printf(m, "\n");
+ static inline void task_seccomp(struct seq_file *m, struct task_struct *p)
+@@ -363,6 +369,42 @@ static void task_cpus_allowed(struct seq
+ seq_putc(m, '\n');
}
+int proc_pid_nsproxy(struct seq_file *m, struct pid_namespace *ns,
int proc_pid_status(struct seq_file *m, struct pid_namespace *ns,
struct pid *pid, struct task_struct *task)
{
-@@ -353,6 +395,7 @@ int proc_pid_status(struct seq_file *m,
- task_cap(m, task);
+@@ -380,6 +422,7 @@ int proc_pid_status(struct seq_file *m,
+ task_seccomp(m, task);
task_cpus_allowed(m, task);
cpuset_task_status_allowed(m, task);
+ task_vs_id(m, task);
- #if defined(CONFIG_S390)
- task_show_regs(m, task);
- #endif
-@@ -465,6 +508,17 @@ static int do_task_stat(struct seq_file
+ task_context_switch_counts(m, task);
+ return 0;
+ }
+@@ -489,6 +532,17 @@ static int do_task_stat(struct seq_file
/* convert nsec -> ticks */
start_time = nsec_to_clock_t(start_time);
+ start_time = 0;
+ }
+
- seq_printf(m, "%d (%s) %c %d %d %d %d %d %u %lu \
- %lu %lu %lu %lu %lu %ld %ld %ld %ld %d 0 %llu %lu %ld %lu %lu %lu %lu %lu \
- %lu %lu %lu %lu %lu %lu %lu %lu %d %d %u %u %llu %lu %ld\n",
-diff -NurpP --minimal linux-2.6.35.4/fs/proc/base.c linux-2.6.35.4-vs2.3.0.36.32/fs/proc/base.c
---- linux-2.6.35.4/fs/proc/base.c 2010-08-02 16:52:51.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/proc/base.c 2010-08-02 17:05:06.000000000 +0200
-@@ -82,6 +82,8 @@
- #include <linux/pid_namespace.h>
+ seq_printf(m, "%d (%s) %c", pid_nr_ns(pid, ns), tcomm, state);
+ seq_put_decimal_ll(m, ' ', ppid);
+ seq_put_decimal_ll(m, ' ', pgid);
+diff -NurpP --minimal linux-3.9.4/fs/proc/base.c linux-3.9.4-vs2.3.6.2/fs/proc/base.c
+--- linux-3.9.4/fs/proc/base.c 2013-05-31 13:45:25.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/proc/base.c 2013-05-31 14:47:11.000000000 +0000
+@@ -86,6 +86,8 @@
#include <linux/fs_struct.h>
#include <linux/slab.h>
+ #include <linux/flex_array.h>
+#include <linux/vs_context.h>
+#include <linux/vs_network.h>
- #include "internal.h"
-
- /* NOTE:
-@@ -1033,12 +1035,17 @@ static ssize_t oom_adjust_write(struct f
- return -ESRCH;
- }
-
-- if (oom_adjust < task->signal->oom_adj && !capable(CAP_SYS_RESOURCE)) {
-+ if (oom_adjust < task->signal->oom_adj &&
-+ !vx_capable(CAP_SYS_RESOURCE, VXC_OOM_ADJUST)) {
- unlock_task_sighand(task, &flags);
- put_task_struct(task);
- return -EACCES;
+ #ifdef CONFIG_HARDWALL
+ #include <asm/hardwall.h>
+ #endif
+@@ -944,11 +946,15 @@ static ssize_t oom_adj_write(struct file
+ oom_adj = (oom_adj * OOM_SCORE_ADJ_MAX) / -OOM_DISABLE;
+
+ if (oom_adj < task->signal->oom_score_adj &&
+- !capable(CAP_SYS_RESOURCE)) {
++ !vx_capable(CAP_SYS_RESOURCE, VXC_OOM_ADJUST)) {
+ err = -EACCES;
+ goto err_sighand;
}
+ /* prevent guest processes from circumventing the oom killer */
-+ if (vx_current_xid() && (oom_adjust == OOM_DISABLE))
-+ oom_adjust = OOM_ADJUST_MIN;
++ if (vx_current_xid() && (oom_adj == OOM_DISABLE))
++ oom_adj = OOM_ADJUST_MIN;
+
- task->signal->oom_adj = oom_adjust;
-
- unlock_task_sighand(task, &flags);
-@@ -1079,7 +1086,7 @@ static ssize_t proc_loginuid_write(struc
- ssize_t length;
- uid_t loginuid;
-
-- if (!capable(CAP_AUDIT_CONTROL))
-+ if (!vx_capable(CAP_AUDIT_CONTROL, VXC_AUDIT_CONTROL))
- return -EPERM;
-
- rcu_read_lock();
-@@ -1517,6 +1524,8 @@ static struct inode *proc_pid_make_inode
+ /*
+ * /proc/pid/oom_adj is provided for legacy purposes, ask users to use
+ * /proc/pid/oom_score_adj instead.
+@@ -1528,6 +1534,8 @@ struct inode *proc_pid_make_inode(struct
inode->i_gid = cred->egid;
rcu_read_unlock();
}
+ /* procfs is xid tagged */
-+ inode->i_tag = (tag_t)vx_task_xid(task);
++ i_tag_write(inode, (tag_t)vx_task_xid(task));
security_task_to_inode(task, inode);
out:
-@@ -2067,6 +2076,13 @@ static struct dentry *proc_pident_lookup
+@@ -1573,6 +1581,8 @@ int pid_getattr(struct vfsmount *mnt, st
+
+ /* dentry stuff */
+
++static unsigned name_to_int(struct dentry *dentry);
++
+ /*
+ * Exceptional case: normally we are not allowed to unhash a busy
+ * directory. In this case, however, we can do it - no aliasing problems
+@@ -1601,6 +1611,12 @@ int pid_revalidate(struct dentry *dentry
+ task = get_proc_task(inode);
+
+ if (task) {
++ unsigned pid = name_to_int(dentry);
++
++ if (pid != ~0U && pid != vx_map_pid(task->pid)) {
++ put_task_struct(task);
++ goto drop;
++ }
+ if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) ||
+ task_dumpable(task)) {
+ rcu_read_lock();
+@@ -1617,6 +1633,7 @@ int pid_revalidate(struct dentry *dentry
+ put_task_struct(task);
+ return 1;
+ }
++drop:
+ d_drop(dentry);
+ return 0;
+ }
+@@ -2059,6 +2076,13 @@ static struct dentry *proc_pident_lookup
if (!task)
goto out_no_task;
/*
* Yes, it does not scale. And it should not. Don't add
* new entries into /proc/<tgid>/ without very good reasons.
-@@ -2474,7 +2490,7 @@ out_iput:
- static struct dentry *proc_base_lookup(struct inode *dir, struct dentry *dentry)
- {
- struct dentry *error;
-- struct task_struct *task = get_proc_task(dir);
-+ struct task_struct *task = get_proc_task_real(dir);
- const struct pid_entry *p, *last;
-
- error = ERR_PTR(-ENOENT);
-@@ -2564,6 +2580,9 @@ static int proc_pid_personality(struct s
+@@ -2493,6 +2517,9 @@ static int proc_pid_personality(struct s
static const struct file_operations proc_task_operations;
static const struct inode_operations proc_task_inode_operations;
static const struct pid_entry tgid_base_stuff[] = {
DIR("task", S_IRUGO|S_IXUGO, proc_task_inode_operations, proc_task_operations),
DIR("fd", S_IRUSR|S_IXUSR, proc_fd_inode_operations, proc_fd_operations),
-@@ -2623,6 +2642,8 @@ static const struct pid_entry tgid_base_
+@@ -2559,6 +2586,8 @@ static const struct pid_entry tgid_base_
#ifdef CONFIG_CGROUPS
REG("cgroup", S_IRUGO, proc_cgroup_operations),
#endif
+ INF("vinfo", S_IRUGO, proc_pid_vx_info),
+ INF("ninfo", S_IRUGO, proc_pid_nx_info),
INF("oom_score", S_IRUGO, proc_oom_score),
- REG("oom_adj", S_IRUGO|S_IWUSR, proc_oom_adjust_operations),
- #ifdef CONFIG_AUDITSYSCALL
-@@ -2638,6 +2659,7 @@ static const struct pid_entry tgid_base_
- #ifdef CONFIG_TASK_IO_ACCOUNTING
- INF("io", S_IRUGO, proc_tgid_io_accounting),
+ REG("oom_adj", S_IRUGO|S_IWUSR, proc_oom_adj_operations),
+ REG("oom_score_adj", S_IRUGO|S_IWUSR, proc_oom_score_adj_operations),
+@@ -2583,6 +2612,7 @@ static const struct pid_entry tgid_base_
+ REG("gid_map", S_IRUGO|S_IWUSR, proc_gid_map_operations),
+ REG("projid_map", S_IRUGO|S_IWUSR, proc_projid_map_operations),
#endif
+ ONE("nsproxy", S_IRUGO, proc_pid_nsproxy),
};
static int proc_tgid_base_readdir(struct file * filp,
-@@ -2829,7 +2851,7 @@ retry:
+@@ -2770,7 +2800,7 @@ retry:
iter.task = NULL;
pid = find_ge_pid(iter.tgid, ns);
if (pid) {
iter.task = pid_task(pid, PIDTYPE_PID);
/* What we to know is if the pid we have find is the
* pid of a thread_group_leader. Testing for task
-@@ -2859,7 +2881,7 @@ static int proc_pid_fill_cache(struct fi
+@@ -2800,7 +2830,7 @@ static int proc_pid_fill_cache(struct fi
struct tgid_iter iter)
{
char name[PROC_NUMBUF];
return proc_fill_cache(filp, dirent, filldir, name, len,
proc_pid_instantiate, iter.task, NULL);
}
-@@ -2868,7 +2890,7 @@ static int proc_pid_fill_cache(struct fi
- int proc_pid_readdir(struct file * filp, void * dirent, filldir_t filldir)
- {
- unsigned int nr = filp->f_pos - FIRST_PROCESS_ENTRY;
-- struct task_struct *reaper = get_proc_task(filp->f_path.dentry->d_inode);
-+ struct task_struct *reaper = get_proc_task_real(filp->f_path.dentry->d_inode);
- struct tgid_iter iter;
- struct pid_namespace *ns;
-
-@@ -2888,6 +2910,8 @@ int proc_pid_readdir(struct file * filp,
- iter.task;
- iter.tgid += 1, iter = next_tgid(ns, iter)) {
+@@ -2833,6 +2863,8 @@ int proc_pid_readdir(struct file * filp,
+ __filldir = fake_filldir;
+
filp->f_pos = iter.tgid + TGID_OFFSET;
+ if (!vx_proc_task_visible(iter.task))
+ continue;
- if (proc_pid_fill_cache(filp, dirent, filldir, iter) < 0) {
+ if (proc_pid_fill_cache(filp, dirent, __filldir, iter) < 0) {
put_task_struct(iter.task);
goto out;
-@@ -3035,6 +3059,8 @@ static struct dentry *proc_task_lookup(s
+@@ -2993,6 +3025,8 @@ static struct dentry *proc_task_lookup(s
tid = name_to_int(dentry);
if (tid == ~0U)
goto out;
ns = dentry->d_sb->s_fs_info;
rcu_read_lock();
-diff -NurpP --minimal linux-2.6.35.4/fs/proc/generic.c linux-2.6.35.4-vs2.3.0.36.32/fs/proc/generic.c
---- linux-2.6.35.4/fs/proc/generic.c 2010-08-02 16:52:51.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/proc/generic.c 2010-08-02 17:05:06.000000000 +0200
-@@ -21,6 +21,7 @@
+diff -NurpP --minimal linux-3.9.4/fs/proc/generic.c linux-3.9.4-vs2.3.6.2/fs/proc/generic.c
+--- linux-3.9.4/fs/proc/generic.c 2013-05-31 13:45:25.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/proc/generic.c 2013-05-31 16:13:42.000000000 +0000
+@@ -23,6 +23,7 @@
#include <linux/bitops.h>
#include <linux/spinlock.h>
#include <linux/completion.h>
#include <asm/uaccess.h>
#include "internal.h"
-@@ -418,6 +419,8 @@ struct dentry *proc_lookup_de(struct pro
+@@ -409,6 +410,8 @@ struct dentry *proc_lookup_de(struct pro
for (de = de->subdir; de ; de = de->next) {
if (de->namelen != dentry->d_name.len)
continue;
-+ if (!vx_hide_check(0, de->vx_flags))
-+ continue;
++ if (!vx_hide_check(0, de->vx_flags))
++ continue;
if (!memcmp(dentry->d_name.name, de->name, de->namelen)) {
- unsigned int ino;
-
-@@ -426,6 +429,8 @@ struct dentry *proc_lookup_de(struct pro
+ pde_get(de);
spin_unlock(&proc_subdir_lock);
- error = -EINVAL;
- inode = proc_get_inode(dir->i_sb, ino, de);
-+ /* generic proc entries belong to the host */
-+ inode->i_tag = 0;
- goto out_unlock;
+@@ -417,6 +420,8 @@ struct dentry *proc_lookup_de(struct pro
+ return ERR_PTR(-ENOMEM);
+ d_set_d_op(dentry, &proc_dentry_operations);
+ d_add(dentry, inode);
++ /* generic proc entries belong to the host */
++ i_tag_write(inode, 0);
+ return NULL;
}
}
-@@ -503,6 +508,8 @@ int proc_readdir_de(struct proc_dir_entr
+@@ -485,6 +490,8 @@ int proc_readdir_de(struct proc_dir_entr
/* filldir passes info to user space */
pde_get(de);
spin_unlock(&proc_subdir_lock);
if (filldir(dirent, de->name, de->namelen, filp->f_pos,
de->low_ino, de->mode >> 12) < 0) {
-@@ -510,6 +517,7 @@ int proc_readdir_de(struct proc_dir_entr
+@@ -492,6 +499,7 @@ int proc_readdir_de(struct proc_dir_entr
goto out;
}
spin_lock(&proc_subdir_lock);
filp->f_pos++;
next = de->next;
pde_put(de);
-@@ -624,6 +632,7 @@ static struct proc_dir_entry *__proc_cre
+@@ -603,6 +611,7 @@ static struct proc_dir_entry *__proc_cre
+ ent->namelen = len;
+ ent->mode = mode;
ent->nlink = nlink;
- atomic_set(&ent->count, 1);
- ent->pde_users = 0;
+ ent->vx_flags = IATTR_PROC_DEFAULT;
+ atomic_set(&ent->count, 1);
spin_lock_init(&ent->pde_unload_lock);
- ent->pde_unload_completion = NULL;
INIT_LIST_HEAD(&ent->pde_openers);
-@@ -647,7 +656,8 @@ struct proc_dir_entry *proc_symlink(cons
+@@ -626,7 +635,8 @@ struct proc_dir_entry *proc_symlink(cons
kfree(ent->data);
kfree(ent);
ent = NULL;
} else {
kfree(ent);
ent = NULL;
-diff -NurpP --minimal linux-2.6.35.4/fs/proc/inode.c linux-2.6.35.4-vs2.3.0.36.32/fs/proc/inode.c
---- linux-2.6.35.4/fs/proc/inode.c 2010-08-02 16:52:51.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/proc/inode.c 2010-08-02 17:05:06.000000000 +0200
-@@ -437,6 +437,8 @@ struct inode *proc_get_inode(struct supe
+diff -NurpP --minimal linux-3.9.4/fs/proc/inode.c linux-3.9.4-vs2.3.6.2/fs/proc/inode.c
+--- linux-3.9.4/fs/proc/inode.c 2013-05-31 13:45:25.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/proc/inode.c 2013-05-31 14:47:11.000000000 +0000
+@@ -458,6 +458,8 @@ struct inode *proc_get_inode(struct supe
inode->i_uid = de->uid;
inode->i_gid = de->gid;
}
if (de->size)
inode->i_size = de->size;
if (de->nlink)
-diff -NurpP --minimal linux-2.6.35.4/fs/proc/internal.h linux-2.6.35.4-vs2.3.0.36.32/fs/proc/internal.h
---- linux-2.6.35.4/fs/proc/internal.h 2010-02-25 11:52:06.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/proc/internal.h 2010-08-02 17:05:06.000000000 +0200
-@@ -10,6 +10,7 @@
- */
-
+diff -NurpP --minimal linux-3.9.4/fs/proc/internal.h linux-3.9.4-vs2.3.6.2/fs/proc/internal.h
+--- linux-3.9.4/fs/proc/internal.h 2013-05-31 13:45:25.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/proc/internal.h 2013-05-31 16:04:34.000000000 +0000
+@@ -12,6 +12,8 @@
+ #include <linux/sched.h>
#include <linux/proc_fs.h>
+ #include <linux/binfmts.h>
+#include <linux/vs_pid.h>
++
+ struct ctl_table_header;
+ struct mempolicy;
- extern struct proc_dir_entry proc_root;
- #ifdef CONFIG_PROC_SYSCTL
-@@ -51,6 +52,9 @@ extern int proc_pid_status(struct seq_fi
+@@ -56,6 +58,9 @@ extern int proc_pid_status(struct seq_fi
struct pid *pid, struct task_struct *task);
extern int proc_pid_statm(struct seq_file *m, struct pid_namespace *ns,
struct pid *pid, struct task_struct *task);
+
extern loff_t mem_lseek(struct file *file, loff_t offset, int orig);
- extern const struct file_operations proc_maps_operations;
-@@ -68,11 +72,16 @@ static inline struct pid *proc_pid(struc
+ extern const struct file_operations proc_tid_children_operations;
+@@ -89,11 +94,16 @@ static inline struct pid *proc_pid(struc
return PROC_I(inode)->pid;
}
static inline int proc_fd(struct inode *inode)
{
return PROC_I(inode)->fd;
-diff -NurpP --minimal linux-2.6.35.4/fs/proc/loadavg.c linux-2.6.35.4-vs2.3.0.36.32/fs/proc/loadavg.c
---- linux-2.6.35.4/fs/proc/loadavg.c 2009-09-10 15:26:23.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/proc/loadavg.c 2010-08-02 17:05:06.000000000 +0200
+diff -NurpP --minimal linux-3.9.4/fs/proc/loadavg.c linux-3.9.4-vs2.3.6.2/fs/proc/loadavg.c
+--- linux-3.9.4/fs/proc/loadavg.c 2012-12-11 03:30:57.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/proc/loadavg.c 2013-05-31 14:47:11.000000000 +0000
@@ -12,15 +12,27 @@
static int loadavg_proc_show(struct seq_file *m, void *v)
task_active_pid_ns(current)->last_pid);
return 0;
}
-diff -NurpP --minimal linux-2.6.35.4/fs/proc/meminfo.c linux-2.6.35.4-vs2.3.0.36.32/fs/proc/meminfo.c
---- linux-2.6.35.4/fs/proc/meminfo.c 2009-12-03 20:02:53.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/proc/meminfo.c 2010-08-02 17:05:06.000000000 +0200
+diff -NurpP --minimal linux-3.9.4/fs/proc/meminfo.c linux-3.9.4-vs2.3.6.2/fs/proc/meminfo.c
+--- linux-3.9.4/fs/proc/meminfo.c 2013-05-31 13:45:25.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/proc/meminfo.c 2013-05-31 16:05:39.000000000 +0000
@@ -39,7 +39,8 @@ static int meminfo_proc_show(struct seq_
allowed = ((totalram_pages - hugetlb_total_pages())
* sysctl_overcommit_ratio / 100) + total_swap_pages;
- cached = global_page_state(NR_FILE_PAGES) -
+ cached = vx_flags(VXF_VIRT_MEM, 0) ?
+ vx_vsi_cached(&i) : global_page_state(NR_FILE_PAGES) -
- total_swapcache_pages - i.bufferram;
+ total_swapcache_pages() - i.bufferram;
if (cached < 0)
cached = 0;
-diff -NurpP --minimal linux-2.6.35.4/fs/proc/root.c linux-2.6.35.4-vs2.3.0.36.32/fs/proc/root.c
---- linux-2.6.35.4/fs/proc/root.c 2010-08-02 16:52:51.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/proc/root.c 2010-08-02 17:05:06.000000000 +0200
-@@ -18,9 +18,14 @@
- #include <linux/bitops.h>
+diff -NurpP --minimal linux-3.9.4/fs/proc/root.c linux-3.9.4-vs2.3.6.2/fs/proc/root.c
+--- linux-3.9.4/fs/proc/root.c 2013-05-31 13:45:25.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/proc/root.c 2013-05-31 14:47:11.000000000 +0000
+@@ -20,9 +20,14 @@
#include <linux/mount.h>
#include <linux/pid_namespace.h>
+ #include <linux/parser.h>
+#include <linux/vserver/inode.h>
#include "internal.h"
static int proc_test_super(struct super_block *sb, void *data)
{
return sb->s_fs_info == data;
-@@ -135,6 +140,7 @@ void __init proc_root_init(void)
+@@ -182,6 +187,7 @@ void __init proc_root_init(void)
#endif
proc_mkdir("bus", NULL);
proc_sys_init();
}
static int proc_root_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat
-@@ -202,6 +208,7 @@ struct proc_dir_entry proc_root = {
+@@ -248,6 +254,7 @@ struct proc_dir_entry proc_root = {
.proc_iops = &proc_root_inode_operations,
.proc_fops = &proc_root_operations,
.parent = &proc_root,
+ .vx_flags = IATTR_ADMIN | IATTR_WATCH,
+ .name = "/proc",
};
- int pid_ns_prepare_proc(struct pid_namespace *ns)
-diff -NurpP --minimal linux-2.6.35.4/fs/proc/uptime.c linux-2.6.35.4-vs2.3.0.36.32/fs/proc/uptime.c
---- linux-2.6.35.4/fs/proc/uptime.c 2009-12-03 20:02:53.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/proc/uptime.c 2010-08-02 17:05:06.000000000 +0200
-@@ -4,22 +4,22 @@
+diff -NurpP --minimal linux-3.9.4/fs/proc/self.c linux-3.9.4-vs2.3.6.2/fs/proc/self.c
+--- linux-3.9.4/fs/proc/self.c 2013-02-19 13:58:49.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/proc/self.c 2013-05-31 20:57:54.000000000 +0000
+@@ -1,6 +1,7 @@
+ #include <linux/proc_fs.h>
#include <linux/sched.h>
+ #include <linux/namei.h>
++#include <linux/vserver/inode.h>
+
+ /*
+ * /proc/self:
+@@ -56,4 +57,5 @@ void __init proc_self_init(void)
+ mode = S_IFLNK | S_IRWXUGO;
+ proc_self_symlink = proc_create("self", mode, NULL, NULL );
+ proc_self_symlink->proc_iops = &proc_self_inode_operations;
++ proc_self_symlink->vx_flags = IATTR_PROC_SYMLINK;
+ }
+diff -NurpP --minimal linux-3.9.4/fs/proc/stat.c linux-3.9.4-vs2.3.6.2/fs/proc/stat.c
+--- linux-3.9.4/fs/proc/stat.c 2012-12-11 03:30:57.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/proc/stat.c 2013-05-31 14:47:11.000000000 +0000
+@@ -9,8 +9,10 @@
+ #include <linux/slab.h>
+ #include <linux/time.h>
+ #include <linux/irqnr.h>
++#include <linux/vserver/cvirt.h>
+ #include <asm/cputime.h>
+ #include <linux/tick.h>
++#include <linux/cpuset.h>
+
+ #ifndef arch_irq_stat_cpu
+ #define arch_irq_stat_cpu(cpu) 0
+@@ -87,14 +89,26 @@ static int show_stat(struct seq_file *p,
+ u64 sum_softirq = 0;
+ unsigned int per_softirq_sums[NR_SOFTIRQS] = {0};
+ struct timespec boottime;
++ cpumask_var_t cpus_allowed;
++ bool virt_cpu = vx_flags(VXF_VIRT_CPU, 0);
+
+ user = nice = system = idle = iowait =
+ irq = softirq = steal = 0;
+ guest = guest_nice = 0;
+ getboottime(&boottime);
++
++ if (vx_flags(VXF_VIRT_UPTIME, 0))
++ vx_vsi_boottime(&boottime);
++
++ if (virt_cpu)
++ cpuset_cpus_allowed(current, cpus_allowed);
++
+ jif = boottime.tv_sec;
+
+ for_each_possible_cpu(i) {
++ if (virt_cpu && !cpumask_test_cpu(i, cpus_allowed))
++ continue;
++
+ user += kcpustat_cpu(i).cpustat[CPUTIME_USER];
+ nice += kcpustat_cpu(i).cpustat[CPUTIME_NICE];
+ system += kcpustat_cpu(i).cpustat[CPUTIME_SYSTEM];
+@@ -131,6 +145,9 @@ static int show_stat(struct seq_file *p,
+ seq_putc(p, '\n');
+
+ for_each_online_cpu(i) {
++ if (virt_cpu && !cpumask_test_cpu(i, cpus_allowed))
++ continue;
++
+ /* Copy values here to work around gcc-2.95.3, gcc-2.96 */
+ user = kcpustat_cpu(i).cpustat[CPUTIME_USER];
+ nice = kcpustat_cpu(i).cpustat[CPUTIME_NICE];
+diff -NurpP --minimal linux-3.9.4/fs/proc/uptime.c linux-3.9.4-vs2.3.6.2/fs/proc/uptime.c
+--- linux-3.9.4/fs/proc/uptime.c 2012-12-11 03:30:57.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/proc/uptime.c 2013-05-31 14:47:11.000000000 +0000
+@@ -5,6 +5,7 @@
#include <linux/seq_file.h>
#include <linux/time.h>
--#include <linux/kernel_stat.h>
+ #include <linux/kernel_stat.h>
+#include <linux/vserver/cvirt.h>
#include <asm/cputime.h>
static int uptime_proc_show(struct seq_file *m, void *v)
- {
- struct timespec uptime;
- struct timespec idle;
-- int i;
-- cputime_t idletime = cputime_zero;
--
-- for_each_possible_cpu(i)
-- idletime = cputime64_add(idletime, kstat_cpu(i).cpustat.idle);
-+ cputime_t idletime = cputime_add(init_task.utime, init_task.stime);
-
- do_posix_clock_monotonic_gettime(&uptime);
- monotonic_to_bootbased(&uptime);
- cputime_to_timespec(idletime, &idle);
+@@ -25,6 +26,10 @@ static int uptime_proc_show(struct seq_f
+ nsec = cputime64_to_jiffies64(idletime) * TICK_NSEC;
+ idle.tv_sec = div_u64_rem(nsec, NSEC_PER_SEC, &rem);
+ idle.tv_nsec = rem;
+
+ if (vx_flags(VXF_VIRT_UPTIME, 0))
+ vx_vsi_uptime(&uptime, &idle);
seq_printf(m, "%lu.%02lu %lu.%02lu\n",
(unsigned long) uptime.tv_sec,
(uptime.tv_nsec / (NSEC_PER_SEC / 100)),
-diff -NurpP --minimal linux-2.6.35.4/fs/quota/dquot.c linux-2.6.35.4-vs2.3.0.36.32/fs/quota/dquot.c
---- linux-2.6.35.4/fs/quota/dquot.c 2010-08-02 16:52:51.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/quota/dquot.c 2010-08-02 22:36:48.000000000 +0200
-@@ -1503,6 +1503,9 @@ int __dquot_alloc_space(struct inode *in
- int reserve = flags & DQUOT_SPACE_RESERVE;
- int nofail = flags & DQUOT_SPACE_NOFAIL;
-
-+ if ((ret = dl_alloc_space(inode, number)))
-+ return ret;
-+
- /*
- * First test before acquiring mutex - solves deadlocks when we
- * re-enter the quota code and are already holding the mutex
-@@ -1557,6 +1560,9 @@ int dquot_alloc_inode(const struct inode
- int cnt, ret = 0;
- char warntype[MAXQUOTAS];
+diff -NurpP --minimal linux-3.9.4/fs/proc_namespace.c linux-3.9.4-vs2.3.6.2/fs/proc_namespace.c
+--- linux-3.9.4/fs/proc_namespace.c 2012-12-11 03:30:57.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/proc_namespace.c 2013-05-31 17:17:53.000000000 +0000
+@@ -44,6 +44,8 @@ static int show_sb_opts(struct seq_file
+ { MS_SYNCHRONOUS, ",sync" },
+ { MS_DIRSYNC, ",dirsync" },
+ { MS_MANDLOCK, ",mand" },
++ { MS_TAGGED, ",tag" },
++ { MS_NOTAGCHECK, ",notagcheck" },
+ { 0, NULL }
+ };
+ const struct proc_fs_info *fs_infop;
+@@ -80,6 +82,40 @@ static inline void mangle(struct seq_fil
+ seq_escape(m, s, " \t\n\\");
+ }
-+ if ((ret = dl_alloc_inode(inode)))
-+ return ret;
++#ifdef CONFIG_VSERVER_EXTRA_MNT_CHECK
+
- /* First test before acquiring mutex - solves deadlocks when we
++static int mnt_is_reachable(struct vfsmount *vfsmnt)
++{
++ struct path root;
++ struct dentry *point;
++ struct mount *mnt = real_mount(vfsmnt);
++ struct mount *root_mnt;
++ int ret;
++
++ if (mnt == mnt->mnt_ns->root)
++ return 1;
++
++ br_read_lock(&vfsmount_lock);
++ root = current->fs->root;
++ root_mnt = real_mount(root.mnt);
++ point = root.dentry;
++
++ while ((mnt != mnt->mnt_parent) && (mnt != root_mnt)) {
++ point = mnt->mnt_mountpoint;
++ mnt = mnt->mnt_parent;
++ }
++
++ ret = (mnt == root_mnt) && is_subdir(point, root.dentry);
++
++ br_read_unlock(&vfsmount_lock);
++
++ return ret;
++}
++
++#else
++#define mnt_is_reachable(v) (1)
++#endif
++
+ static void show_type(struct seq_file *m, struct super_block *sb)
+ {
+ mangle(m, sb->s_type->name);
+@@ -96,6 +132,17 @@ static int show_vfsmnt(struct seq_file *
+ struct path mnt_path = { .dentry = mnt->mnt_root, .mnt = mnt };
+ struct super_block *sb = mnt_path.dentry->d_sb;
+
++ if (vx_flags(VXF_HIDE_MOUNT, 0))
++ return SEQ_SKIP;
++ if (!mnt_is_reachable(mnt) && !vx_check(0, VS_WATCH_P))
++ return SEQ_SKIP;
++
++ if (!vx_check(0, VS_ADMIN|VS_WATCH) &&
++ mnt == current->fs->root.mnt) {
++ seq_puts(m, "/dev/root / ");
++ goto type;
++ }
++
+ if (sb->s_op->show_devname) {
+ err = sb->s_op->show_devname(m, mnt_path.dentry);
+ if (err)
+@@ -106,6 +153,7 @@ static int show_vfsmnt(struct seq_file *
+ seq_putc(m, ' ');
+ seq_path(m, &mnt_path, " \t\n\\");
+ seq_putc(m, ' ');
++type:
+ show_type(m, sb);
+ seq_puts(m, __mnt_is_readonly(mnt) ? " ro" : " rw");
+ err = show_sb_opts(m, sb);
+@@ -128,6 +176,11 @@ static int show_mountinfo(struct seq_fil
+ struct path root = p->root;
+ int err = 0;
+
++ if (vx_flags(VXF_HIDE_MOUNT, 0))
++ return SEQ_SKIP;
++ if (!mnt_is_reachable(mnt) && !vx_check(0, VS_WATCH_P))
++ return SEQ_SKIP;
++
+ seq_printf(m, "%i %i %u:%u ", r->mnt_id, r->mnt_parent->mnt_id,
+ MAJOR(sb->s_dev), MINOR(sb->s_dev));
+ if (sb->s_op->show_path)
+@@ -187,6 +240,17 @@ static int show_vfsstat(struct seq_file
+ struct super_block *sb = mnt_path.dentry->d_sb;
+ int err = 0;
+
++ if (vx_flags(VXF_HIDE_MOUNT, 0))
++ return SEQ_SKIP;
++ if (!mnt_is_reachable(mnt) && !vx_check(0, VS_WATCH_P))
++ return SEQ_SKIP;
++
++ if (!vx_check(0, VS_ADMIN|VS_WATCH) &&
++ mnt == current->fs->root.mnt) {
++ seq_puts(m, "device /dev/root mounted on / ");
++ goto type;
++ }
++
+ /* device */
+ if (sb->s_op->show_devname) {
+ seq_puts(m, "device ");
+@@ -203,7 +267,7 @@ static int show_vfsstat(struct seq_file
+ seq_puts(m, " mounted on ");
+ seq_path(m, &mnt_path, " \t\n\\");
+ seq_putc(m, ' ');
+-
++type:
+ /* file system type */
+ seq_puts(m, "with fstype ");
+ show_type(m, sb);
+diff -NurpP --minimal linux-3.9.4/fs/quota/dquot.c linux-3.9.4-vs2.3.6.2/fs/quota/dquot.c
+--- linux-3.9.4/fs/quota/dquot.c 2013-05-31 13:45:25.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/quota/dquot.c 2013-05-31 14:47:11.000000000 +0000
+@@ -1585,6 +1585,9 @@ int __dquot_alloc_space(struct inode *in
+ struct dquot **dquots = inode->i_dquot;
+ int reserve = flags & DQUOT_SPACE_RESERVE;
+
++ if ((ret = dl_alloc_space(inode, number)))
++ return ret;
++
+ /*
+ * First test before acquiring mutex - solves deadlocks when we
+ * re-enter the quota code and are already holding the mutex
+@@ -1640,6 +1643,9 @@ int dquot_alloc_inode(const struct inode
+ struct dquot_warn warn[MAXQUOTAS];
+ struct dquot * const *dquots = inode->i_dquot;
+
++ if ((ret = dl_alloc_inode(inode)))
++ return ret;
++
+ /* First test before acquiring mutex - solves deadlocks when we
* re-enter the quota code and are already holding the mutex */
- if (!sb_any_quota_active(inode->i_sb) || IS_NOQUOTA(inode))
-@@ -1627,6 +1633,8 @@ void __dquot_free_space(struct inode *in
- char warntype[MAXQUOTAS];
+ if (!dquot_active(inode))
+@@ -1711,6 +1717,8 @@ void __dquot_free_space(struct inode *in
+ struct dquot **dquots = inode->i_dquot;
int reserve = flags & DQUOT_SPACE_RESERVE;
+ dl_free_space(inode, number);
+
/* First test before acquiring mutex - solves deadlocks when we
* re-enter the quota code and are already holding the mutex */
- if (!sb_any_quota_active(inode->i_sb) || IS_NOQUOTA(inode)) {
-@@ -1665,6 +1673,8 @@ void dquot_free_inode(const struct inode
- unsigned int cnt;
- char warntype[MAXQUOTAS];
+ if (!dquot_active(inode)) {
+@@ -1755,6 +1763,8 @@ void dquot_free_inode(const struct inode
+ struct dquot_warn warn[MAXQUOTAS];
+ struct dquot * const *dquots = inode->i_dquot;
+ dl_free_inode(inode);
+
/* First test before acquiring mutex - solves deadlocks when we
* re-enter the quota code and are already holding the mutex */
- if (!sb_any_quota_active(inode->i_sb) || IS_NOQUOTA(inode))
-diff -NurpP --minimal linux-2.6.35.4/fs/quota/quota.c linux-2.6.35.4-vs2.3.0.36.32/fs/quota/quota.c
---- linux-2.6.35.4/fs/quota/quota.c 2010-08-02 16:52:51.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/quota/quota.c 2010-08-02 17:05:06.000000000 +0200
+ if (!dquot_active(inode))
+diff -NurpP --minimal linux-3.9.4/fs/quota/quota.c linux-3.9.4-vs2.3.6.2/fs/quota/quota.c
+--- linux-3.9.4/fs/quota/quota.c 2013-02-19 13:58:49.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/quota/quota.c 2013-05-31 14:47:11.000000000 +0000
@@ -8,6 +8,7 @@
#include <linux/fs.h>
#include <linux/namei.h>
#include <linux/slab.h>
+#include <linux/vs_context.h>
#include <asm/current.h>
- #include <asm/uaccess.h>
+ #include <linux/uaccess.h>
#include <linux/kernel.h>
-@@ -38,7 +39,7 @@ static int check_quotactl_permission(str
+@@ -37,7 +38,7 @@ static int check_quotactl_permission(str
break;
/*FALLTHROUGH*/
default:
return -EPERM;
}
-@@ -296,6 +297,46 @@ static int do_quotactl(struct super_bloc
- }
- }
+@@ -309,6 +310,46 @@ static int do_quotactl(struct super_bloc
+
+ #ifdef CONFIG_BLOCK
+#if defined(CONFIG_BLK_DEV_VROOT) || defined(CONFIG_BLK_DEV_VROOT_MODULE)
+
+
+static vroot_grb_func *vroot_get_real_bdev = NULL;
+
-+static spinlock_t vroot_grb_lock = SPIN_LOCK_UNLOCKED;
++static DEFINE_SPINLOCK(vroot_grb_lock);
+
+int register_vroot_grb(vroot_grb_func *func) {
+ int ret = -EBUSY;
+
+#endif
+
- /*
- * look up a superblock on which quota ops will be performed
- * - use the name of a block device to find the superblock thereon
-@@ -313,6 +354,22 @@ static struct super_block *quotactl_bloc
+ /* Return 1 if 'cmd' will block on frozen filesystem */
+ static int quotactl_cmd_write(int cmd)
+ {
+@@ -343,6 +384,22 @@ static struct super_block *quotactl_bloc
putname(tmp);
if (IS_ERR(bdev))
return ERR_CAST(bdev);
+#if defined(CONFIG_BLK_DEV_VROOT) || defined(CONFIG_BLK_DEV_VROOT_MODULE)
+ if (bdev && bdev->bd_inode &&
-+ imajor(bdev->bd_inode) == VROOT_MAJOR) {
++ imajor(bdev->bd_inode) == VROOT_MAJOR) {
+ struct block_device *bdnew = (void *)-EINVAL;
+
+ if (vroot_get_real_bdev)
+ bdev = bdnew;
+ }
+#endif
- sb = get_super(bdev);
- bdput(bdev);
- if (!sb)
-diff -NurpP --minimal linux-2.6.35.4/fs/reiserfs/file.c linux-2.6.35.4-vs2.3.0.36.32/fs/reiserfs/file.c
---- linux-2.6.35.4/fs/reiserfs/file.c 2010-08-02 16:52:52.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/reiserfs/file.c 2010-08-02 17:05:06.000000000 +0200
-@@ -307,4 +307,5 @@ const struct inode_operations reiserfs_f
- .listxattr = reiserfs_listxattr,
- .removexattr = reiserfs_removexattr,
- .permission = reiserfs_permission,
-+ .sync_flags = reiserfs_sync_flags,
- };
-diff -NurpP --minimal linux-2.6.35.4/fs/reiserfs/inode.c linux-2.6.35.4-vs2.3.0.36.32/fs/reiserfs/inode.c
---- linux-2.6.35.4/fs/reiserfs/inode.c 2010-08-02 16:52:52.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/reiserfs/inode.c 2010-08-02 17:05:06.000000000 +0200
-@@ -19,6 +19,7 @@
- #include <linux/writeback.h>
- #include <linux/quotaops.h>
- #include <linux/swap.h>
-+#include <linux/vs_tag.h>
-
- int reiserfs_commit_write(struct file *f, struct page *page,
- unsigned from, unsigned to);
-@@ -1125,6 +1126,8 @@ static void init_inode(struct inode *ino
- struct buffer_head *bh;
- struct item_head *ih;
- __u32 rdev;
-+ uid_t uid;
-+ gid_t gid;
- //int version = ITEM_VERSION_1;
-
- bh = PATH_PLAST_BUFFER(path);
-@@ -1146,12 +1149,13 @@ static void init_inode(struct inode *ino
- (struct stat_data_v1 *)B_I_PITEM(bh, ih);
- unsigned long blocks;
-
-+ uid = sd_v1_uid(sd);
-+ gid = sd_v1_gid(sd);
-+
- set_inode_item_key_version(inode, KEY_FORMAT_3_5);
- set_inode_sd_version(inode, STAT_DATA_V1);
- inode->i_mode = sd_v1_mode(sd);
- inode->i_nlink = sd_v1_nlink(sd);
-- inode->i_uid = sd_v1_uid(sd);
-- inode->i_gid = sd_v1_gid(sd);
- inode->i_size = sd_v1_size(sd);
- inode->i_atime.tv_sec = sd_v1_atime(sd);
- inode->i_mtime.tv_sec = sd_v1_mtime(sd);
-@@ -1193,11 +1197,12 @@ static void init_inode(struct inode *ino
- // (directories and symlinks)
- struct stat_data *sd = (struct stat_data *)B_I_PITEM(bh, ih);
-
-+ uid = sd_v2_uid(sd);
-+ gid = sd_v2_gid(sd);
-+
- inode->i_mode = sd_v2_mode(sd);
- inode->i_nlink = sd_v2_nlink(sd);
-- inode->i_uid = sd_v2_uid(sd);
- inode->i_size = sd_v2_size(sd);
-- inode->i_gid = sd_v2_gid(sd);
- inode->i_mtime.tv_sec = sd_v2_mtime(sd);
- inode->i_atime.tv_sec = sd_v2_atime(sd);
- inode->i_ctime.tv_sec = sd_v2_ctime(sd);
-@@ -1227,6 +1232,10 @@ static void init_inode(struct inode *ino
- sd_attrs_to_i_attrs(sd_v2_attrs(sd), inode);
- }
-
-+ inode->i_uid = INOTAG_UID(DX_TAG(inode), uid, gid);
-+ inode->i_gid = INOTAG_GID(DX_TAG(inode), uid, gid);
-+ inode->i_tag = INOTAG_TAG(DX_TAG(inode), uid, gid, 0);
-+
- pathrelse(path);
- if (S_ISREG(inode->i_mode)) {
- inode->i_op = &reiserfs_file_inode_operations;
-@@ -1249,13 +1258,15 @@ static void init_inode(struct inode *ino
- static void inode2sd(void *sd, struct inode *inode, loff_t size)
- {
- struct stat_data *sd_v2 = (struct stat_data *)sd;
-+ uid_t uid = TAGINO_UID(DX_TAG(inode), inode->i_uid, inode->i_tag);
-+ gid_t gid = TAGINO_GID(DX_TAG(inode), inode->i_gid, inode->i_tag);
- __u16 flags;
-
-+ set_sd_v2_uid(sd_v2, uid);
-+ set_sd_v2_gid(sd_v2, gid);
- set_sd_v2_mode(sd_v2, inode->i_mode);
- set_sd_v2_nlink(sd_v2, inode->i_nlink);
-- set_sd_v2_uid(sd_v2, inode->i_uid);
- set_sd_v2_size(sd_v2, size);
-- set_sd_v2_gid(sd_v2, inode->i_gid);
- set_sd_v2_mtime(sd_v2, inode->i_mtime.tv_sec);
- set_sd_v2_atime(sd_v2, inode->i_atime.tv_sec);
- set_sd_v2_ctime(sd_v2, inode->i_ctime.tv_sec);
-@@ -2856,14 +2867,19 @@ int reiserfs_commit_write(struct file *f
- void sd_attrs_to_i_attrs(__u16 sd_attrs, struct inode *inode)
- {
- if (reiserfs_attrs(inode->i_sb)) {
-- if (sd_attrs & REISERFS_SYNC_FL)
-- inode->i_flags |= S_SYNC;
-- else
-- inode->i_flags &= ~S_SYNC;
- if (sd_attrs & REISERFS_IMMUTABLE_FL)
- inode->i_flags |= S_IMMUTABLE;
- else
- inode->i_flags &= ~S_IMMUTABLE;
-+ if (sd_attrs & REISERFS_IXUNLINK_FL)
-+ inode->i_flags |= S_IXUNLINK;
-+ else
-+ inode->i_flags &= ~S_IXUNLINK;
-+
-+ if (sd_attrs & REISERFS_SYNC_FL)
-+ inode->i_flags |= S_SYNC;
-+ else
-+ inode->i_flags &= ~S_SYNC;
- if (sd_attrs & REISERFS_APPEND_FL)
- inode->i_flags |= S_APPEND;
- else
-@@ -2876,6 +2892,15 @@ void sd_attrs_to_i_attrs(__u16 sd_attrs,
- REISERFS_I(inode)->i_flags |= i_nopack_mask;
- else
- REISERFS_I(inode)->i_flags &= ~i_nopack_mask;
-+
-+ if (sd_attrs & REISERFS_BARRIER_FL)
-+ inode->i_vflags |= V_BARRIER;
-+ else
-+ inode->i_vflags &= ~V_BARRIER;
-+ if (sd_attrs & REISERFS_COW_FL)
-+ inode->i_vflags |= V_COW;
-+ else
-+ inode->i_vflags &= ~V_COW;
- }
- }
-
-@@ -2886,6 +2911,11 @@ void i_attrs_to_sd_attrs(struct inode *i
- *sd_attrs |= REISERFS_IMMUTABLE_FL;
- else
- *sd_attrs &= ~REISERFS_IMMUTABLE_FL;
-+ if (inode->i_flags & S_IXUNLINK)
-+ *sd_attrs |= REISERFS_IXUNLINK_FL;
-+ else
-+ *sd_attrs &= ~REISERFS_IXUNLINK_FL;
-+
- if (inode->i_flags & S_SYNC)
- *sd_attrs |= REISERFS_SYNC_FL;
- else
-@@ -2898,6 +2928,15 @@ void i_attrs_to_sd_attrs(struct inode *i
- *sd_attrs |= REISERFS_NOTAIL_FL;
- else
- *sd_attrs &= ~REISERFS_NOTAIL_FL;
-+
-+ if (inode->i_vflags & V_BARRIER)
-+ *sd_attrs |= REISERFS_BARRIER_FL;
-+ else
-+ *sd_attrs &= ~REISERFS_BARRIER_FL;
-+ if (inode->i_vflags & V_COW)
-+ *sd_attrs |= REISERFS_COW_FL;
-+ else
-+ *sd_attrs &= ~REISERFS_COW_FL;
- }
- }
-
-@@ -3122,9 +3161,11 @@ int reiserfs_setattr(struct dentry *dent
- }
-
- error = inode_change_ok(inode, attr);
-+
- if (!error) {
- if ((ia_valid & ATTR_UID && attr->ia_uid != inode->i_uid) ||
-- (ia_valid & ATTR_GID && attr->ia_gid != inode->i_gid)) {
-+ (ia_valid & ATTR_GID && attr->ia_gid != inode->i_gid) ||
-+ (ia_valid & ATTR_TAG && attr->ia_tag != inode->i_tag)) {
- error = reiserfs_chown_xattrs(inode, attr);
-
- if (!error) {
-@@ -3153,6 +3194,9 @@ int reiserfs_setattr(struct dentry *dent
- inode->i_uid = attr->ia_uid;
- if (attr->ia_valid & ATTR_GID)
- inode->i_gid = attr->ia_gid;
-+ if ((attr->ia_valid & ATTR_TAG) &&
-+ IS_TAGGED(inode))
-+ inode->i_tag = attr->ia_tag;
- mark_inode_dirty(inode);
- error =
- journal_end(&th, inode->i_sb, jbegin_count);
-diff -NurpP --minimal linux-2.6.35.4/fs/reiserfs/ioctl.c linux-2.6.35.4-vs2.3.0.36.32/fs/reiserfs/ioctl.c
---- linux-2.6.35.4/fs/reiserfs/ioctl.c 2010-02-25 11:52:06.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/reiserfs/ioctl.c 2010-08-02 17:05:06.000000000 +0200
-@@ -7,11 +7,27 @@
- #include <linux/mount.h>
- #include <linux/reiserfs_fs.h>
- #include <linux/time.h>
-+#include <linux/mount.h>
- #include <asm/uaccess.h>
- #include <linux/pagemap.h>
- #include <linux/smp_lock.h>
- #include <linux/compat.h>
-
-+
-+int reiserfs_sync_flags(struct inode *inode, int flags, int vflags)
-+{
-+ __u16 sd_attrs = 0;
-+
-+ inode->i_flags = flags;
-+ inode->i_vflags = vflags;
-+
-+ i_attrs_to_sd_attrs(inode, &sd_attrs);
-+ REISERFS_I(inode)->i_attrs = sd_attrs;
-+ inode->i_ctime = CURRENT_TIME_SEC;
-+ mark_inode_dirty(inode);
-+ return 0;
-+}
-+
- /*
- * reiserfs_ioctl - handler for ioctl for inode
- * supported commands:
-@@ -23,7 +39,7 @@
- long reiserfs_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
- {
- struct inode *inode = filp->f_path.dentry->d_inode;
-- unsigned int flags;
-+ unsigned int flags, oldflags;
- int err = 0;
-
- reiserfs_write_lock(inode->i_sb);
-@@ -48,6 +64,7 @@ long reiserfs_ioctl(struct file *filp, u
-
- flags = REISERFS_I(inode)->i_attrs;
- i_attrs_to_sd_attrs(inode, (__u16 *) & flags);
-+ flags &= REISERFS_FL_USER_VISIBLE;
- err = put_user(flags, (int __user *)arg);
- break;
- case REISERFS_IOC_SETFLAGS:{
-@@ -68,6 +85,10 @@ long reiserfs_ioctl(struct file *filp, u
- err = -EFAULT;
- goto setflags_out;
- }
-+ if (IS_BARRIER(inode)) {
-+ vxwprintk_task(1, "messing with the barrier.");
-+ return -EACCES;
-+ }
- /*
- * Is it quota file? Do not allow user to mess with it
- */
-@@ -92,6 +113,10 @@ long reiserfs_ioctl(struct file *filp, u
- goto setflags_out;
- }
- }
-+
-+ oldflags = REISERFS_I(inode)->i_attrs;
-+ flags &= REISERFS_FL_USER_MODIFIABLE;
-+ flags |= oldflags & ~REISERFS_FL_USER_MODIFIABLE;
- sd_attrs_to_i_attrs(flags, inode);
- REISERFS_I(inode)->i_attrs = flags;
- inode->i_ctime = CURRENT_TIME_SEC;
-diff -NurpP --minimal linux-2.6.35.4/fs/reiserfs/namei.c linux-2.6.35.4-vs2.3.0.36.32/fs/reiserfs/namei.c
---- linux-2.6.35.4/fs/reiserfs/namei.c 2010-08-02 16:52:52.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/reiserfs/namei.c 2010-08-02 17:05:06.000000000 +0200
-@@ -18,6 +18,7 @@
- #include <linux/reiserfs_acl.h>
- #include <linux/reiserfs_xattr.h>
- #include <linux/quotaops.h>
-+#include <linux/vs_tag.h>
-
- #define INC_DIR_INODE_NLINK(i) if (i->i_nlink != 1) { inc_nlink(i); if (i->i_nlink >= REISERFS_LINK_MAX) i->i_nlink=1; }
- #define DEC_DIR_INODE_NLINK(i) if (i->i_nlink != 1) drop_nlink(i);
-@@ -362,6 +363,7 @@ static struct dentry *reiserfs_lookup(st
- if (retval == IO_ERROR) {
- return ERR_PTR(-EIO);
- }
-+ dx_propagate_tag(nd, inode);
-
- return d_splice_alias(inode, dentry);
- }
-@@ -1532,6 +1534,7 @@ const struct inode_operations reiserfs_d
- .listxattr = reiserfs_listxattr,
- .removexattr = reiserfs_removexattr,
- .permission = reiserfs_permission,
-+ .sync_flags = reiserfs_sync_flags,
- };
-
- /*
-diff -NurpP --minimal linux-2.6.35.4/fs/reiserfs/super.c linux-2.6.35.4-vs2.3.0.36.32/fs/reiserfs/super.c
---- linux-2.6.35.4/fs/reiserfs/super.c 2010-08-02 16:52:52.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/reiserfs/super.c 2010-08-02 17:05:06.000000000 +0200
-@@ -897,6 +897,14 @@ static int reiserfs_parse_options(struct
- {"user_xattr",.setmask = 1 << REISERFS_UNSUPPORTED_OPT},
- {"nouser_xattr",.clrmask = 1 << REISERFS_UNSUPPORTED_OPT},
- #endif
-+#ifndef CONFIG_TAGGING_NONE
-+ {"tagxid",.setmask = 1 << REISERFS_TAGGED},
-+ {"tag",.setmask = 1 << REISERFS_TAGGED},
-+ {"notag",.clrmask = 1 << REISERFS_TAGGED},
-+#endif
-+#ifdef CONFIG_PROPAGATE
-+ {"tag",.arg_required = 'T',.values = NULL},
-+#endif
- #ifdef CONFIG_REISERFS_FS_POSIX_ACL
- {"acl",.setmask = 1 << REISERFS_POSIXACL},
- {"noacl",.clrmask = 1 << REISERFS_POSIXACL},
-@@ -1206,6 +1214,14 @@ static int reiserfs_remount(struct super
- handle_quota_files(s, qf_names, &qfmt);
- #endif
-
-+ if ((mount_options & (1 << REISERFS_TAGGED)) &&
-+ !(s->s_flags & MS_TAGGED)) {
-+ reiserfs_warning(s, "super-vs01",
-+ "reiserfs: tagging not permitted on remount.");
-+ err = -EINVAL;
-+ goto out_err;
-+ }
-+
- handle_attrs(s);
-
- /* Add options that are safe here */
-@@ -1688,6 +1704,10 @@ static int reiserfs_fill_super(struct su
- goto error;
- }
-
-+ /* map mount option tagxid */
-+ if (REISERFS_SB(s)->s_mount_opt & (1 << REISERFS_TAGGED))
-+ s->s_flags |= MS_TAGGED;
-+
- rs = SB_DISK_SUPER_BLOCK(s);
- /* Let's do basic sanity check to verify that underlying device is not
- smaller than the filesystem. If the check fails then abort and scream,
-diff -NurpP --minimal linux-2.6.35.4/fs/reiserfs/xattr.c linux-2.6.35.4-vs2.3.0.36.32/fs/reiserfs/xattr.c
---- linux-2.6.35.4/fs/reiserfs/xattr.c 2010-08-02 16:52:52.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/reiserfs/xattr.c 2010-08-02 17:05:06.000000000 +0200
-@@ -40,6 +40,7 @@
- #include <linux/errno.h>
- #include <linux/gfp.h>
- #include <linux/fs.h>
-+#include <linux/mount.h>
- #include <linux/file.h>
- #include <linux/pagemap.h>
- #include <linux/xattr.h>
-diff -NurpP --minimal linux-2.6.35.4/fs/stat.c linux-2.6.35.4-vs2.3.0.36.32/fs/stat.c
---- linux-2.6.35.4/fs/stat.c 2010-02-25 11:52:06.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/stat.c 2010-08-02 17:05:06.000000000 +0200
+ if (quotactl_cmd_write(cmd))
+ sb = get_super_thawed(bdev);
+ else
+diff -NurpP --minimal linux-3.9.4/fs/stat.c linux-3.9.4-vs2.3.6.2/fs/stat.c
+--- linux-3.9.4/fs/stat.c 2013-05-31 13:45:25.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/stat.c 2013-06-01 08:53:01.000000000 +0000
@@ -26,6 +26,7 @@ void generic_fillattr(struct inode *inod
stat->nlink = inode->i_nlink;
stat->uid = inode->i_uid;
stat->gid = inode->i_gid;
+ stat->tag = inode->i_tag;
stat->rdev = inode->i_rdev;
+ stat->size = i_size_read(inode);
stat->atime = inode->i_atime;
- stat->mtime = inode->i_mtime;
-diff -NurpP --minimal linux-2.6.35.4/fs/statfs.c linux-2.6.35.4-vs2.3.0.36.32/fs/statfs.c
---- linux-2.6.35.4/fs/statfs.c 2010-08-02 16:52:52.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/statfs.c 2010-08-02 19:10:27.000000000 +0200
-@@ -6,22 +6,28 @@
+diff -NurpP --minimal linux-3.9.4/fs/statfs.c linux-3.9.4-vs2.3.6.2/fs/statfs.c
+--- linux-3.9.4/fs/statfs.c 2013-02-19 13:58:49.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/statfs.c 2013-05-31 14:47:11.000000000 +0000
+@@ -7,6 +7,8 @@
#include <linux/statfs.h>
#include <linux/security.h>
#include <linux/uaccess.h>
+#include <linux/vs_base.h>
+#include <linux/vs_dlimit.h>
+ #include "internal.h"
- int vfs_statfs(struct dentry *dentry, struct kstatfs *buf)
- {
- int retval = -ENODEV;
-
- if (dentry) {
-+ struct super_block *sb = dentry->d_sb;
-+
- retval = -ENOSYS;
-- if (dentry->d_sb->s_op->statfs) {
-+ if (sb->s_op->statfs) {
- memset(buf, 0, sizeof(*buf));
- retval = security_sb_statfs(dentry);
- if (retval)
- return retval;
-- retval = dentry->d_sb->s_op->statfs(dentry, buf);
-+ retval = sb->s_op->statfs(dentry, buf);
- if (retval == 0 && buf->f_frsize == 0)
- buf->f_frsize = buf->f_bsize;
- }
-+ if (!vx_check(0, VS_ADMIN|VS_WATCH))
-+ vx_vsi_statfs(sb, buf);
- }
+ static int flags_by_mnt(int mnt_flags)
+@@ -60,6 +62,8 @@ static int statfs_by_dentry(struct dentr
+ retval = dentry->d_sb->s_op->statfs(dentry, buf);
+ if (retval == 0 && buf->f_frsize == 0)
+ buf->f_frsize = buf->f_bsize;
++ if (!vx_check(0, VS_ADMIN|VS_WATCH))
++ vx_vsi_statfs(dentry->d_sb, buf);
return retval;
}
-diff -NurpP --minimal linux-2.6.35.4/fs/super.c linux-2.6.35.4-vs2.3.0.36.32/fs/super.c
---- linux-2.6.35.4/fs/super.c 2010-09-05 01:41:57.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/super.c 2010-08-14 18:20:34.000000000 +0200
-@@ -30,6 +30,9 @@
- #include <linux/idr.h>
- #include <linux/mutex.h>
- #include <linux/backing-dev.h>
-+#include <linux/devpts_fs.h>
-+#include <linux/proc_fs.h>
+
+diff -NurpP --minimal linux-3.9.4/fs/super.c linux-3.9.4-vs2.3.6.2/fs/super.c
+--- linux-3.9.4/fs/super.c 2013-05-31 13:45:25.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/super.c 2013-05-31 14:47:11.000000000 +0000
+@@ -34,6 +34,8 @@
+ #include <linux/cleancache.h>
+ #include <linux/fsnotify.h>
+ #include <linux/lockdep.h>
++#include <linux/magic.h>
+#include <linux/vs_context.h>
#include "internal.h"
-@@ -885,12 +888,18 @@ struct vfsmount *
- vfs_kern_mount(struct file_system_type *type, int flags, const char *name, void *data)
- {
- struct vfsmount *mnt;
-+ struct super_block *sb;
- char *secdata = NULL;
- int error;
-
- if (!type)
- return ERR_PTR(-ENODEV);
+@@ -1117,6 +1119,13 @@ mount_fs(struct file_system_type *type,
+ WARN_ON(sb->s_bdi == &default_backing_dev_info);
+ sb->s_flags |= MS_BORN;
+ error = -EPERM;
-+ if ((type->fs_flags & FS_BINARY_MOUNTDATA) &&
-+ !vx_capable(CAP_SYS_ADMIN, VXC_BINARY_MOUNT))
-+ goto out;
-+
- error = -ENOMEM;
- mnt = alloc_vfsmnt(name);
- if (!mnt)
-@@ -912,11 +921,19 @@ vfs_kern_mount(struct file_system_type *
- error = type->get_sb(type, flags, name, data, mnt);
- if (error < 0)
- goto out_free_secdata;
-- BUG_ON(!mnt->mnt_sb);
-- WARN_ON(!mnt->mnt_sb->s_bdi);
-+
-+ sb = mnt->mnt_sb;
-+ BUG_ON(!sb);
-+ WARN_ON(!sb->s_bdi);
- mnt->mnt_sb->s_flags |= MS_BORN;
-
-- error = security_sb_kern_mount(mnt->mnt_sb, flags, secdata);
-+ error = -EPERM;
-+ if (!vx_capable(CAP_SYS_ADMIN, VXC_BINARY_MOUNT) && !sb->s_bdev &&
++ if (!vx_capable(CAP_SYS_ADMIN, VXC_BINARY_MOUNT) &&
++ !sb->s_bdev &&
+ (sb->s_magic != PROC_SUPER_MAGIC) &&
+ (sb->s_magic != DEVPTS_SUPER_MAGIC))
+ goto out_sb;
+
-+ error = security_sb_kern_mount(sb, flags, secdata);
+ error = security_sb_kern_mount(sb, flags, secdata);
if (error)
goto out_sb;
-
-diff -NurpP --minimal linux-2.6.35.4/fs/sysfs/mount.c linux-2.6.35.4-vs2.3.0.36.32/fs/sysfs/mount.c
---- linux-2.6.35.4/fs/sysfs/mount.c 2010-08-02 16:52:52.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/sysfs/mount.c 2010-08-02 17:05:06.000000000 +0200
-@@ -47,7 +47,7 @@ static int sysfs_fill_super(struct super
+diff -NurpP --minimal linux-3.9.4/fs/sysfs/mount.c linux-3.9.4-vs2.3.6.2/fs/sysfs/mount.c
+--- linux-3.9.4/fs/sysfs/mount.c 2013-05-31 13:45:25.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/sysfs/mount.c 2013-05-31 14:47:11.000000000 +0000
+@@ -48,7 +48,7 @@ static int sysfs_fill_super(struct super
sb->s_blocksize = PAGE_CACHE_SIZE;
sb->s_blocksize_bits = PAGE_CACHE_SHIFT;
sb->s_op = &sysfs_ops;
sb->s_time_gran = 1;
-diff -NurpP --minimal linux-2.6.35.4/fs/utimes.c linux-2.6.35.4-vs2.3.0.36.32/fs/utimes.c
---- linux-2.6.35.4/fs/utimes.c 2009-03-24 14:22:37.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/utimes.c 2010-08-02 22:52:28.000000000 +0200
+diff -NurpP --minimal linux-3.9.4/fs/utimes.c linux-3.9.4-vs2.3.6.2/fs/utimes.c
+--- linux-3.9.4/fs/utimes.c 2013-02-19 13:58:49.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/utimes.c 2013-05-31 22:40:16.000000000 +0000
@@ -8,6 +8,8 @@
#include <linux/stat.h>
#include <linux/utime.h>
struct iattr newattrs;
- struct inode *inode = path->dentry->d_inode;
+ struct inode *inode;
++
++ error = cow_check_and_break(path);
++ if (error)
++ goto out;
error = mnt_want_write(path->mnt);
if (error)
goto out;
-+ error = cow_check_and_break(path);
-+ if (error)
-+ goto mnt_drop_write_and_out;
-+
+ inode = path->dentry->d_inode;
+
if (times && times[0].tv_nsec == UTIME_NOW &&
times[1].tv_nsec == UTIME_NOW)
times = NULL;
-diff -NurpP --minimal linux-2.6.35.4/fs/xattr.c linux-2.6.35.4-vs2.3.0.36.32/fs/xattr.c
---- linux-2.6.35.4/fs/xattr.c 2010-08-02 16:52:52.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/xattr.c 2010-08-02 17:05:06.000000000 +0200
-@@ -18,6 +18,7 @@
- #include <linux/module.h>
- #include <linux/fsnotify.h>
+diff -NurpP --minimal linux-3.9.4/fs/xattr.c linux-3.9.4-vs2.3.6.2/fs/xattr.c
+--- linux-3.9.4/fs/xattr.c 2013-02-19 13:58:49.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/xattr.c 2013-05-31 14:47:11.000000000 +0000
+@@ -21,6 +21,7 @@
#include <linux/audit.h>
+ #include <linux/vmalloc.h>
+ #include <linux/posix_acl_xattr.h>
+#include <linux/mount.h>
- #include <asm/uaccess.h>
+ #include <asm/uaccess.h>
-@@ -49,7 +50,7 @@ xattr_permission(struct inode *inode, co
- * The trusted.* namespace can only be accessed by a privileged user.
+@@ -52,7 +53,7 @@ xattr_permission(struct inode *inode, co
+ * The trusted.* namespace can only be accessed by privileged users.
*/
- if (!strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN))
-- return (capable(CAP_SYS_ADMIN) ? 0 : -EPERM);
-+ return (vx_capable(CAP_SYS_ADMIN, VXC_FS_TRUSTED) ? 0 : -EPERM);
-
- /* In user.* namespace, only regular files and directories can have
- * extended attributes. For sticky directories, only the owner and
-diff -NurpP --minimal linux-2.6.35.4/fs/xfs/linux-2.6/xfs_ioctl.c linux-2.6.35.4-vs2.3.0.36.32/fs/xfs/linux-2.6/xfs_ioctl.c
---- linux-2.6.35.4/fs/xfs/linux-2.6/xfs_ioctl.c 2010-08-02 16:52:52.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/xfs/linux-2.6/xfs_ioctl.c 2010-08-02 17:05:06.000000000 +0200
-@@ -34,7 +34,6 @@
- #include "xfs_dir2_sf.h"
- #include "xfs_dinode.h"
- #include "xfs_inode.h"
--#include "xfs_ioctl.h"
- #include "xfs_btree.h"
- #include "xfs_ialloc.h"
- #include "xfs_rtalloc.h"
-@@ -747,6 +746,10 @@ xfs_merge_ioc_xflags(
- xflags |= XFS_XFLAG_IMMUTABLE;
- else
- xflags &= ~XFS_XFLAG_IMMUTABLE;
-+ if (flags & FS_IXUNLINK_FL)
-+ xflags |= XFS_XFLAG_IXUNLINK;
-+ else
-+ xflags &= ~XFS_XFLAG_IXUNLINK;
- if (flags & FS_APPEND_FL)
- xflags |= XFS_XFLAG_APPEND;
- else
-@@ -775,6 +778,8 @@ xfs_di2lxflags(
-
- if (di_flags & XFS_DIFLAG_IMMUTABLE)
- flags |= FS_IMMUTABLE_FL;
-+ if (di_flags & XFS_DIFLAG_IXUNLINK)
-+ flags |= FS_IXUNLINK_FL;
- if (di_flags & XFS_DIFLAG_APPEND)
- flags |= FS_APPEND_FL;
- if (di_flags & XFS_DIFLAG_SYNC)
-@@ -833,6 +838,8 @@ xfs_set_diflags(
- di_flags = (ip->i_d.di_flags & XFS_DIFLAG_PREALLOC);
- if (xflags & XFS_XFLAG_IMMUTABLE)
- di_flags |= XFS_DIFLAG_IMMUTABLE;
-+ if (xflags & XFS_XFLAG_IXUNLINK)
-+ di_flags |= XFS_DIFLAG_IXUNLINK;
- if (xflags & XFS_XFLAG_APPEND)
- di_flags |= XFS_DIFLAG_APPEND;
- if (xflags & XFS_XFLAG_SYNC)
-@@ -875,6 +882,10 @@ xfs_diflags_to_linux(
- inode->i_flags |= S_IMMUTABLE;
- else
- inode->i_flags &= ~S_IMMUTABLE;
-+ if (xflags & XFS_XFLAG_IXUNLINK)
-+ inode->i_flags |= S_IXUNLINK;
-+ else
-+ inode->i_flags &= ~S_IXUNLINK;
- if (xflags & XFS_XFLAG_APPEND)
- inode->i_flags |= S_APPEND;
- else
-@@ -1351,10 +1362,18 @@ xfs_file_ioctl(
- case XFS_IOC_FSGETXATTRA:
- return xfs_ioc_fsgetxattr(ip, 1, arg);
- case XFS_IOC_FSSETXATTR:
-+ if (IS_BARRIER(inode)) {
-+ vxwprintk_task(1, "messing with the barrier.");
-+ return -XFS_ERROR(EACCES);
-+ }
- return xfs_ioc_fssetxattr(ip, filp, arg);
- case XFS_IOC_GETXFLAGS:
- return xfs_ioc_getxflags(ip, arg);
- case XFS_IOC_SETXFLAGS:
-+ if (IS_BARRIER(inode)) {
-+ vxwprintk_task(1, "messing with the barrier.");
-+ return -XFS_ERROR(EACCES);
-+ }
- return xfs_ioc_setxflags(ip, filp, arg);
-
- case XFS_IOC_FSSETDM: {
-diff -NurpP --minimal linux-2.6.35.4/fs/xfs/linux-2.6/xfs_ioctl.h linux-2.6.35.4-vs2.3.0.36.32/fs/xfs/linux-2.6/xfs_ioctl.h
---- linux-2.6.35.4/fs/xfs/linux-2.6/xfs_ioctl.h 2010-07-07 18:31:54.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/xfs/linux-2.6/xfs_ioctl.h 2010-08-02 17:05:06.000000000 +0200
-@@ -70,6 +70,12 @@ xfs_handle_to_dentry(
- void __user *uhandle,
- u32 hlen);
-
-+extern int
-+xfs_sync_flags(
-+ struct inode *inode,
-+ int flags,
-+ int vflags);
-+
- extern long
- xfs_file_ioctl(
- struct file *filp,
-diff -NurpP --minimal linux-2.6.35.4/fs/xfs/linux-2.6/xfs_iops.c linux-2.6.35.4-vs2.3.0.36.32/fs/xfs/linux-2.6/xfs_iops.c
---- linux-2.6.35.4/fs/xfs/linux-2.6/xfs_iops.c 2010-08-02 16:52:52.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/xfs/linux-2.6/xfs_iops.c 2010-08-02 17:05:06.000000000 +0200
-@@ -36,6 +36,7 @@
- #include "xfs_attr_sf.h"
- #include "xfs_dinode.h"
- #include "xfs_inode.h"
-+#include "xfs_ioctl.h"
- #include "xfs_bmap.h"
- #include "xfs_btree.h"
- #include "xfs_ialloc.h"
-@@ -57,6 +58,7 @@
- #include <linux/falloc.h>
- #include <linux/fiemap.h>
- #include <linux/slab.h>
-+#include <linux/vs_tag.h>
-
- /*
- * Bring the timestamps in the XFS inode uptodate.
-@@ -507,6 +509,7 @@ xfs_vn_getattr(
- stat->nlink = ip->i_d.di_nlink;
- stat->uid = ip->i_d.di_uid;
- stat->gid = ip->i_d.di_gid;
-+ stat->tag = ip->i_d.di_tag;
- stat->ino = ip->i_ino;
- stat->atime = inode->i_atime;
- stat->mtime = inode->i_mtime;
-@@ -711,6 +714,7 @@ static const struct inode_operations xfs
- .listxattr = xfs_vn_listxattr,
- .fallocate = xfs_vn_fallocate,
- .fiemap = xfs_vn_fiemap,
-+ .sync_flags = xfs_sync_flags,
- };
-
- static const struct inode_operations xfs_dir_inode_operations = {
-@@ -736,6 +740,7 @@ static const struct inode_operations xfs
- .getxattr = generic_getxattr,
- .removexattr = generic_removexattr,
- .listxattr = xfs_vn_listxattr,
-+ .sync_flags = xfs_sync_flags,
- };
-
- static const struct inode_operations xfs_dir_ci_inode_operations = {
-@@ -785,6 +790,10 @@ xfs_diflags_to_iflags(
- inode->i_flags |= S_IMMUTABLE;
- else
- inode->i_flags &= ~S_IMMUTABLE;
-+ if (ip->i_d.di_flags & XFS_DIFLAG_IXUNLINK)
-+ inode->i_flags |= S_IXUNLINK;
-+ else
-+ inode->i_flags &= ~S_IXUNLINK;
- if (ip->i_d.di_flags & XFS_DIFLAG_APPEND)
- inode->i_flags |= S_APPEND;
- else
-@@ -797,6 +806,15 @@ xfs_diflags_to_iflags(
- inode->i_flags |= S_NOATIME;
- else
- inode->i_flags &= ~S_NOATIME;
-+
-+ if (ip->i_d.di_vflags & XFS_DIVFLAG_BARRIER)
-+ inode->i_vflags |= V_BARRIER;
-+ else
-+ inode->i_vflags &= ~V_BARRIER;
-+ if (ip->i_d.di_vflags & XFS_DIVFLAG_COW)
-+ inode->i_vflags |= V_COW;
-+ else
-+ inode->i_vflags &= ~V_COW;
- }
-
- /*
-@@ -825,6 +843,7 @@ xfs_setup_inode(
- inode->i_nlink = ip->i_d.di_nlink;
- inode->i_uid = ip->i_d.di_uid;
- inode->i_gid = ip->i_d.di_gid;
-+ inode->i_tag = ip->i_d.di_tag;
-
- switch (inode->i_mode & S_IFMT) {
- case S_IFBLK:
-diff -NurpP --minimal linux-2.6.35.4/fs/xfs/linux-2.6/xfs_linux.h linux-2.6.35.4-vs2.3.0.36.32/fs/xfs/linux-2.6/xfs_linux.h
---- linux-2.6.35.4/fs/xfs/linux-2.6/xfs_linux.h 2010-07-07 18:31:54.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/xfs/linux-2.6/xfs_linux.h 2010-08-02 17:05:06.000000000 +0200
-@@ -117,6 +117,7 @@
-
- #define current_cpu() (raw_smp_processor_id())
- #define current_pid() (current->pid)
-+#define current_fstag(cred,vp) (dx_current_fstag((vp)->i_sb))
- #define current_test_flags(f) (current->flags & (f))
- #define current_set_flags_nested(sp, f) \
- (*(sp) = current->flags, current->flags |= (f))
-diff -NurpP --minimal linux-2.6.35.4/fs/xfs/linux-2.6/xfs_super.c linux-2.6.35.4-vs2.3.0.36.32/fs/xfs/linux-2.6/xfs_super.c
---- linux-2.6.35.4/fs/xfs/linux-2.6/xfs_super.c 2010-08-02 16:52:52.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/xfs/linux-2.6/xfs_super.c 2010-08-02 18:00:35.000000000 +0200
-@@ -121,6 +121,9 @@ mempool_t *xfs_ioend_pool;
- #define MNTOPT_DMI "dmi" /* DMI enabled (DMAPI / XDSM) */
- #define MNTOPT_DELAYLOG "delaylog" /* Delayed loging enabled */
- #define MNTOPT_NODELAYLOG "nodelaylog" /* Delayed loging disabled */
-+#define MNTOPT_TAGXID "tagxid" /* context tagging for inodes */
-+#define MNTOPT_TAGGED "tag" /* context tagging for inodes */
-+#define MNTOPT_NOTAGTAG "notag" /* do not use context tagging */
-
- /*
- * Table driven mount option parser.
-@@ -129,10 +132,14 @@ mempool_t *xfs_ioend_pool;
- * in the future, too.
- */
- enum {
-+ Opt_tag, Opt_notag,
- Opt_barrier, Opt_nobarrier, Opt_err
- };
-
- static const match_table_t tokens = {
-+ {Opt_tag, "tagxid"},
-+ {Opt_tag, "tag"},
-+ {Opt_notag, "notag"},
- {Opt_barrier, "barrier"},
- {Opt_nobarrier, "nobarrier"},
- {Opt_err, NULL}
-@@ -393,6 +400,19 @@ xfs_parseargs(
- } else if (!strcmp(this_char, "irixsgid")) {
- cmn_err(CE_WARN,
- "XFS: irixsgid is now a sysctl(2) variable, option is deprecated.");
-+#ifndef CONFIG_TAGGING_NONE
-+ } else if (!strcmp(this_char, MNTOPT_TAGGED)) {
-+ mp->m_flags |= XFS_MOUNT_TAGGED;
-+ } else if (!strcmp(this_char, MNTOPT_NOTAGTAG)) {
-+ mp->m_flags &= ~XFS_MOUNT_TAGGED;
-+ } else if (!strcmp(this_char, MNTOPT_TAGXID)) {
-+ mp->m_flags |= XFS_MOUNT_TAGGED;
-+#endif
-+#ifdef CONFIG_PROPAGATE
-+ } else if (!strcmp(this_char, MNTOPT_TAGGED)) {
-+ /* use value */
-+ mp->m_flags |= XFS_MOUNT_TAGGED;
-+#endif
- } else {
- cmn_err(CE_WARN,
- "XFS: unknown mount option [%s].", this_char);
-@@ -1376,6 +1396,16 @@ xfs_fs_remount(
- case Opt_nobarrier:
- mp->m_flags &= ~XFS_MOUNT_BARRIER;
- break;
-+ case Opt_tag:
-+ if (!(sb->s_flags & MS_TAGGED)) {
-+ printk(KERN_INFO
-+ "XFS: %s: tagging not permitted on remount.\n",
-+ sb->s_id);
-+ return -EINVAL;
-+ }
-+ break;
-+ case Opt_notag:
-+ break;
- default:
- /*
- * Logically we would return an error here to prevent
-@@ -1610,6 +1640,9 @@ xfs_fs_fill_super(
-
- XFS_SEND_MOUNT(mp, DM_RIGHT_NULL, mtpt, mp->m_fsname);
-
-+ if (mp->m_flags & XFS_MOUNT_TAGGED)
-+ sb->s_flags |= MS_TAGGED;
-+
- sb->s_magic = XFS_SB_MAGIC;
- sb->s_blocksize = mp->m_sb.sb_blocksize;
- sb->s_blocksize_bits = ffs(sb->s_blocksize) - 1;
-diff -NurpP --minimal linux-2.6.35.4/fs/xfs/xfs_dinode.h linux-2.6.35.4-vs2.3.0.36.32/fs/xfs/xfs_dinode.h
---- linux-2.6.35.4/fs/xfs/xfs_dinode.h 2009-06-11 17:13:09.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/xfs/xfs_dinode.h 2010-08-02 17:05:06.000000000 +0200
-@@ -50,7 +50,9 @@ typedef struct xfs_dinode {
- __be32 di_gid; /* owner's group id */
+ if (!strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN)) {
+- if (!capable(CAP_SYS_ADMIN))
++ if (!vx_capable(CAP_SYS_ADMIN, VXC_FS_TRUSTED))
+ return (mask & MAY_WRITE) ? -EPERM : -ENODATA;
+ return 0;
+ }
+diff -NurpP --minimal linux-3.9.4/fs/xfs/xfs_dinode.h linux-3.9.4-vs2.3.6.2/fs/xfs/xfs_dinode.h
+--- linux-3.9.4/fs/xfs/xfs_dinode.h 2012-12-11 03:30:57.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/xfs/xfs_dinode.h 2013-05-31 14:47:11.000000000 +0000
+@@ -51,7 +51,9 @@ typedef struct xfs_dinode {
__be32 di_nlink; /* number of links to file */
- __be16 di_projid; /* owner's project id */
-- __u8 di_pad[8]; /* unused, zeroed space */
+ __be16 di_projid_lo; /* lower part of owner's project id */
+ __be16 di_projid_hi; /* higher part owner's project id */
+- __u8 di_pad[6]; /* unused, zeroed space */
++ __u8 di_pad[2]; /* unused, zeroed space */
+ __be16 di_tag; /* context tagging */
+ __be16 di_vflags; /* vserver specific flags */
-+ __u8 di_pad[4]; /* unused, zeroed space */
__be16 di_flushiter; /* incremented on flush */
xfs_timestamp_t di_atime; /* time last accessed */
xfs_timestamp_t di_mtime; /* time last modified */
-@@ -183,6 +185,8 @@ static inline void xfs_dinode_put_rdev(s
+@@ -184,6 +186,8 @@ static inline void xfs_dinode_put_rdev(s
#define XFS_DIFLAG_EXTSZINHERIT_BIT 12 /* inherit inode extent size */
#define XFS_DIFLAG_NODEFRAG_BIT 13 /* do not reorganize/defragment */
#define XFS_DIFLAG_FILESTREAM_BIT 14 /* use filestream allocator */
#define XFS_DIFLAG_REALTIME (1 << XFS_DIFLAG_REALTIME_BIT)
#define XFS_DIFLAG_PREALLOC (1 << XFS_DIFLAG_PREALLOC_BIT)
#define XFS_DIFLAG_NEWRTBM (1 << XFS_DIFLAG_NEWRTBM_BIT)
-@@ -198,6 +202,7 @@ static inline void xfs_dinode_put_rdev(s
+@@ -199,6 +203,7 @@ static inline void xfs_dinode_put_rdev(s
#define XFS_DIFLAG_EXTSZINHERIT (1 << XFS_DIFLAG_EXTSZINHERIT_BIT)
#define XFS_DIFLAG_NODEFRAG (1 << XFS_DIFLAG_NODEFRAG_BIT)
#define XFS_DIFLAG_FILESTREAM (1 << XFS_DIFLAG_FILESTREAM_BIT)
#ifdef CONFIG_XFS_RT
#define XFS_IS_REALTIME_INODE(ip) ((ip)->i_d.di_flags & XFS_DIFLAG_REALTIME)
-@@ -210,6 +215,10 @@ static inline void xfs_dinode_put_rdev(s
+@@ -211,6 +216,10 @@ static inline void xfs_dinode_put_rdev(s
XFS_DIFLAG_IMMUTABLE | XFS_DIFLAG_APPEND | XFS_DIFLAG_SYNC | \
XFS_DIFLAG_NOATIME | XFS_DIFLAG_NODUMP | XFS_DIFLAG_RTINHERIT | \
XFS_DIFLAG_PROJINHERIT | XFS_DIFLAG_NOSYMLINKS | XFS_DIFLAG_EXTSIZE | \
+#define XFS_DIVFLAG_COW 0x02
#endif /* __XFS_DINODE_H__ */
-diff -NurpP --minimal linux-2.6.35.4/fs/xfs/xfs_fs.h linux-2.6.35.4-vs2.3.0.36.32/fs/xfs/xfs_fs.h
---- linux-2.6.35.4/fs/xfs/xfs_fs.h 2010-07-07 18:31:54.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/xfs/xfs_fs.h 2010-08-02 17:05:06.000000000 +0200
+diff -NurpP --minimal linux-3.9.4/fs/xfs/xfs_fs.h linux-3.9.4-vs2.3.6.2/fs/xfs/xfs_fs.h
+--- linux-3.9.4/fs/xfs/xfs_fs.h 2013-02-19 13:58:49.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/xfs/xfs_fs.h 2013-05-31 14:47:11.000000000 +0000
@@ -67,6 +67,9 @@ struct fsxattr {
#define XFS_XFLAG_EXTSZINHERIT 0x00001000 /* inherit inode extent size */
#define XFS_XFLAG_NODEFRAG 0x00002000 /* do not defragment */
#define XFS_XFLAG_HASATTR 0x80000000 /* no DIFLAG for this */
/*
-@@ -293,7 +296,8 @@ typedef struct xfs_bstat {
- __u32 bs_gen; /* generation count */
- __u16 bs_projid; /* project id */
+@@ -303,7 +306,8 @@ typedef struct xfs_bstat {
+ #define bs_projid bs_projid_lo /* (previously just bs_projid) */
__u16 bs_forkoff; /* inode fork offset in bytes */
-- unsigned char bs_pad[12]; /* pad space, unused */
+ __u16 bs_projid_hi; /* higher part of project id */
+- unsigned char bs_pad[10]; /* pad space, unused */
++ unsigned char bs_pad[8]; /* pad space, unused */
+ __u16 bs_tag; /* context tagging */
-+ unsigned char bs_pad[10]; /* pad space, unused */
__u32 bs_dmevmask; /* DMIG event mask */
__u16 bs_dmstate; /* DMIG state info */
__u16 bs_aextents; /* attribute number of extents */
-diff -NurpP --minimal linux-2.6.35.4/fs/xfs/xfs_ialloc.c linux-2.6.35.4-vs2.3.0.36.32/fs/xfs/xfs_ialloc.c
---- linux-2.6.35.4/fs/xfs/xfs_ialloc.c 2010-08-02 16:52:53.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/xfs/xfs_ialloc.c 2010-08-02 17:05:06.000000000 +0200
-@@ -41,7 +41,6 @@
+diff -NurpP --minimal linux-3.9.4/fs/xfs/xfs_ialloc.c linux-3.9.4-vs2.3.6.2/fs/xfs/xfs_ialloc.c
+--- linux-3.9.4/fs/xfs/xfs_ialloc.c 2013-05-31 13:45:25.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/xfs/xfs_ialloc.c 2013-05-31 14:47:11.000000000 +0000
+@@ -37,7 +37,6 @@
#include "xfs_error.h"
#include "xfs_bmap.h"
/*
* Allocation group level functions.
*/
-diff -NurpP --minimal linux-2.6.35.4/fs/xfs/xfs_inode.c linux-2.6.35.4-vs2.3.0.36.32/fs/xfs/xfs_inode.c
---- linux-2.6.35.4/fs/xfs/xfs_inode.c 2010-08-02 16:52:53.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/xfs/xfs_inode.c 2010-08-02 17:05:06.000000000 +0200
-@@ -249,6 +249,7 @@ xfs_inotobp(
- return 0;
- }
-
+diff -NurpP --minimal linux-3.9.4/fs/xfs/xfs_inode.c linux-3.9.4-vs2.3.6.2/fs/xfs/xfs_inode.c
+--- linux-3.9.4/fs/xfs/xfs_inode.c 2013-05-31 13:45:25.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/xfs/xfs_inode.c 2013-05-31 14:47:11.000000000 +0000
+@@ -16,6 +16,7 @@
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+ #include <linux/log2.h>
+#include <linux/vs_tag.h>
- /*
- * This routine is called to map an inode to the buffer containing
-@@ -654,15 +655,25 @@ xfs_iformat_btree(
+ #include "xfs.h"
+ #include "xfs_fs.h"
+@@ -835,15 +836,25 @@ xfs_iformat_btree(
STATIC void
xfs_dinode_from_disk(
xfs_icdinode_t *to,
- xfs_dinode_t *from)
+ xfs_dinode_t *from,
-+ int tagged)
++ int tagged)
{
+ uint32_t uid, gid, tag;
+
+ to->di_tag = INOTAG_TAG(tagged, uid, gid, tag);
+
to->di_nlink = be32_to_cpu(from->di_nlink);
- to->di_projid = be16_to_cpu(from->di_projid);
- memcpy(to->di_pad, from->di_pad, sizeof(to->di_pad));
-@@ -683,21 +694,26 @@ xfs_dinode_from_disk(
+ to->di_projid_lo = be16_to_cpu(from->di_projid_lo);
+ to->di_projid_hi = be16_to_cpu(from->di_projid_hi);
+@@ -865,21 +876,26 @@ xfs_dinode_from_disk(
to->di_dmevmask = be32_to_cpu(from->di_dmevmask);
to->di_dmstate = be16_to_cpu(from->di_dmstate);
to->di_flags = be16_to_cpu(from->di_flags);
xfs_dinode_t *to,
- xfs_icdinode_t *from)
+ xfs_icdinode_t *from,
-+ int tagged)
++ int tagged)
{
to->di_magic = cpu_to_be16(from->di_magic);
to->di_mode = cpu_to_be16(from->di_mode);
+ to->di_tag = cpu_to_be16(TAGINO_TAG(tagged, from->di_tag));
+
to->di_nlink = cpu_to_be32(from->di_nlink);
- to->di_projid = cpu_to_be16(from->di_projid);
- memcpy(to->di_pad, from->di_pad, sizeof(to->di_pad));
-@@ -718,12 +734,14 @@ xfs_dinode_to_disk(
+ to->di_projid_lo = cpu_to_be16(from->di_projid_lo);
+ to->di_projid_hi = cpu_to_be16(from->di_projid_hi);
+@@ -901,12 +917,14 @@ xfs_dinode_to_disk(
to->di_dmevmask = cpu_to_be32(from->di_dmevmask);
to->di_dmstate = cpu_to_be16(from->di_dmstate);
to->di_flags = cpu_to_be16(from->di_flags);
{
uint flags = 0;
-@@ -734,6 +752,8 @@ _xfs_dic2xflags(
+@@ -917,6 +935,8 @@ _xfs_dic2xflags(
flags |= XFS_XFLAG_PREALLOC;
if (di_flags & XFS_DIFLAG_IMMUTABLE)
flags |= XFS_XFLAG_IMMUTABLE;
if (di_flags & XFS_DIFLAG_APPEND)
flags |= XFS_XFLAG_APPEND;
if (di_flags & XFS_DIFLAG_SYNC)
-@@ -758,6 +778,10 @@ _xfs_dic2xflags(
+@@ -941,6 +961,10 @@ _xfs_dic2xflags(
flags |= XFS_XFLAG_FILESTREAM;
}
return flags;
}
-@@ -767,7 +791,7 @@ xfs_ip2xflags(
+@@ -950,7 +974,7 @@ xfs_ip2xflags(
{
xfs_icdinode_t *dic = &ip->i_d;
(XFS_IFORK_Q(ip) ? XFS_XFLAG_HASATTR : 0);
}
-@@ -775,7 +799,8 @@ uint
+@@ -958,7 +982,8 @@ uint
xfs_dic2xflags(
xfs_dinode_t *dip)
{
(XFS_DFORK_Q(dip) ? XFS_XFLAG_HASATTR : 0);
}
-@@ -808,7 +833,6 @@ xfs_iread(
- if (error)
- return error;
- dip = (xfs_dinode_t *)xfs_buf_offset(bp, ip->i_imap.im_boffset);
--
- /*
- * If we got something that isn't an inode it means someone
- * (nfs or dmi) has a stale handle.
-@@ -833,7 +857,8 @@ xfs_iread(
+@@ -1012,7 +1037,8 @@ xfs_iread(
* Otherwise, just get the truly permanent information.
*/
if (dip->di_mode) {
error = xfs_iformat(ip, dip);
if (error) {
#ifdef DEBUG
-@@ -1033,6 +1058,7 @@ xfs_ialloc(
+@@ -1199,6 +1225,7 @@ xfs_ialloc(
ASSERT(ip->i_d.di_nlink == nlink);
ip->i_d.di_uid = current_fsuid();
ip->i_d.di_gid = current_fsgid();
-+ ip->i_d.di_tag = current_fstag(cr, &ip->i_vnode);
- ip->i_d.di_projid = prid;
++ ip->i_d.di_tag = current_fstag(&ip->i_vnode);
+ xfs_set_projid(ip, prid);
memset(&(ip->i_d.di_pad[0]), 0, sizeof(ip->i_d.di_pad));
-@@ -1093,6 +1119,7 @@ xfs_ialloc(
+@@ -1258,6 +1285,7 @@ xfs_ialloc(
ip->i_d.di_dmevmask = 0;
ip->i_d.di_dmstate = 0;
ip->i_d.di_flags = 0;
flags = XFS_ILOG_CORE;
switch (mode & S_IFMT) {
case S_IFIFO:
-@@ -2116,6 +2143,7 @@ xfs_ifree(
+@@ -1952,6 +1980,7 @@ xfs_ifree(
}
ip->i_d.di_mode = 0; /* mark incore inode as free */
ip->i_d.di_flags = 0;
+ ip->i_d.di_vflags = 0;
ip->i_d.di_dmevmask = 0;
ip->i_d.di_forkoff = 0; /* mark the attr fork not in use */
- ip->i_df.if_ext_max =
-@@ -2985,7 +3013,8 @@ xfs_iflush_int(
+ ip->i_d.di_format = XFS_DINODE_FMT_EXTENTS;
+@@ -2118,7 +2147,6 @@ xfs_iroot_realloc(
+ return;
+ }
+
+-
+ /*
+ * This is called when the amount of space needed for if_data
+ * is increased or decreased. The change in size is indicated by
+@@ -2800,7 +2828,8 @@ xfs_iflush_int(
* because if the inode is dirty at all the core must
* be.
*/
/* Wrap, we never let the log put out DI_MAX_FLUSH */
if (ip->i_d.di_flushiter == DI_MAX_FLUSH)
-diff -NurpP --minimal linux-2.6.35.4/fs/xfs/xfs_inode.h linux-2.6.35.4-vs2.3.0.36.32/fs/xfs/xfs_inode.h
---- linux-2.6.35.4/fs/xfs/xfs_inode.h 2010-08-02 16:52:53.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/xfs/xfs_inode.h 2010-08-02 17:05:06.000000000 +0200
-@@ -135,7 +135,9 @@ typedef struct xfs_icdinode {
- __uint32_t di_gid; /* owner's group id */
+diff -NurpP --minimal linux-3.9.4/fs/xfs/xfs_inode.h linux-3.9.4-vs2.3.6.2/fs/xfs/xfs_inode.h
+--- linux-3.9.4/fs/xfs/xfs_inode.h 2013-05-31 13:45:25.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/xfs/xfs_inode.h 2013-05-31 14:47:11.000000000 +0000
+@@ -134,7 +134,9 @@ typedef struct xfs_icdinode {
__uint32_t di_nlink; /* number of links to file */
- __uint16_t di_projid; /* owner's project id */
-- __uint8_t di_pad[8]; /* unused, zeroed space */
+ __uint16_t di_projid_lo; /* lower part of owner's project id */
+ __uint16_t di_projid_hi; /* higher part of owner's project id */
+- __uint8_t di_pad[6]; /* unused, zeroed space */
++ __uint8_t di_pad[2]; /* unused, zeroed space */
+ __uint16_t di_tag; /* context tagging */
+ __uint16_t di_vflags; /* vserver specific flags */
-+ __uint8_t di_pad[4]; /* unused, zeroed space */
__uint16_t di_flushiter; /* incremented on flush */
xfs_ictimestamp_t di_atime; /* time last accessed */
xfs_ictimestamp_t di_mtime; /* time last modified */
-@@ -511,7 +513,7 @@ int xfs_itobp(struct xfs_mount *, struc
+@@ -556,7 +558,7 @@ int xfs_imap_to_bp(struct xfs_mount *,
int xfs_iread(struct xfs_mount *, struct xfs_trans *,
struct xfs_inode *, uint);
void xfs_dinode_to_disk(struct xfs_dinode *,
void xfs_idestroy_fork(struct xfs_inode *, int);
void xfs_idata_realloc(struct xfs_inode *, int, int);
void xfs_iroot_realloc(struct xfs_inode *, int, int);
-diff -NurpP --minimal linux-2.6.35.4/fs/xfs/xfs_itable.c linux-2.6.35.4-vs2.3.0.36.32/fs/xfs/xfs_itable.c
---- linux-2.6.35.4/fs/xfs/xfs_itable.c 2010-08-02 16:52:53.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/xfs/xfs_itable.c 2010-08-02 17:05:06.000000000 +0200
-@@ -100,6 +100,7 @@ xfs_bulkstat_one_int(
- buf->bs_mode = dic->di_mode;
- buf->bs_uid = dic->di_uid;
- buf->bs_gid = dic->di_gid;
-+ buf->bs_tag = dic->di_tag;
- buf->bs_size = dic->di_size;
-
- /*
-diff -NurpP --minimal linux-2.6.35.4/fs/xfs/xfs_log_recover.c linux-2.6.35.4-vs2.3.0.36.32/fs/xfs/xfs_log_recover.c
---- linux-2.6.35.4/fs/xfs/xfs_log_recover.c 2010-08-02 16:52:53.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/xfs/xfs_log_recover.c 2010-08-02 17:05:06.000000000 +0200
-@@ -2461,7 +2461,8 @@ xlog_recover_do_inode_trans(
- }
-
- /* The core is in in-core format */
-- xfs_dinode_to_disk(dip, (xfs_icdinode_t *)item->ri_buf[1].i_addr);
-+ xfs_dinode_to_disk(dip, (xfs_icdinode_t *)item->ri_buf[1].i_addr,
-+ mp->m_flags & XFS_MOUNT_TAGGED);
+diff -NurpP --minimal linux-3.9.4/fs/xfs/xfs_ioctl.c linux-3.9.4-vs2.3.6.2/fs/xfs/xfs_ioctl.c
+--- linux-3.9.4/fs/xfs/xfs_ioctl.c 2013-05-31 13:45:25.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/xfs/xfs_ioctl.c 2013-05-31 14:47:11.000000000 +0000
+@@ -26,7 +26,7 @@
+ #include "xfs_bmap_btree.h"
+ #include "xfs_dinode.h"
+ #include "xfs_inode.h"
+-#include "xfs_ioctl.h"
++// #include "xfs_ioctl.h"
+ #include "xfs_rtalloc.h"
+ #include "xfs_itable.h"
+ #include "xfs_error.h"
+@@ -763,6 +763,10 @@ xfs_merge_ioc_xflags(
+ xflags |= XFS_XFLAG_IMMUTABLE;
+ else
+ xflags &= ~XFS_XFLAG_IMMUTABLE;
++ if (flags & FS_IXUNLINK_FL)
++ xflags |= XFS_XFLAG_IXUNLINK;
++ else
++ xflags &= ~XFS_XFLAG_IXUNLINK;
+ if (flags & FS_APPEND_FL)
+ xflags |= XFS_XFLAG_APPEND;
+ else
+@@ -791,6 +795,8 @@ xfs_di2lxflags(
- /* the rest is in on-disk format */
- if (item->ri_buf[1].i_len > sizeof(struct xfs_icdinode)) {
-diff -NurpP --minimal linux-2.6.35.4/fs/xfs/xfs_mount.h linux-2.6.35.4-vs2.3.0.36.32/fs/xfs/xfs_mount.h
---- linux-2.6.35.4/fs/xfs/xfs_mount.h 2010-08-02 16:52:53.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/xfs/xfs_mount.h 2010-08-02 17:05:06.000000000 +0200
-@@ -302,6 +302,7 @@ typedef struct xfs_mount {
- allocator */
- #define XFS_MOUNT_NOATTR2 (1ULL << 25) /* disable use of attr2 format */
+ if (di_flags & XFS_DIFLAG_IMMUTABLE)
+ flags |= FS_IMMUTABLE_FL;
++ if (di_flags & XFS_DIFLAG_IXUNLINK)
++ flags |= FS_IXUNLINK_FL;
+ if (di_flags & XFS_DIFLAG_APPEND)
+ flags |= FS_APPEND_FL;
+ if (di_flags & XFS_DIFLAG_SYNC)
+@@ -851,6 +857,8 @@ xfs_set_diflags(
+ di_flags = (ip->i_d.di_flags & XFS_DIFLAG_PREALLOC);
+ if (xflags & XFS_XFLAG_IMMUTABLE)
+ di_flags |= XFS_DIFLAG_IMMUTABLE;
++ if (xflags & XFS_XFLAG_IXUNLINK)
++ di_flags |= XFS_DIFLAG_IXUNLINK;
+ if (xflags & XFS_XFLAG_APPEND)
+ di_flags |= XFS_DIFLAG_APPEND;
+ if (xflags & XFS_XFLAG_SYNC)
+@@ -893,6 +901,10 @@ xfs_diflags_to_linux(
+ inode->i_flags |= S_IMMUTABLE;
+ else
+ inode->i_flags &= ~S_IMMUTABLE;
++ if (xflags & XFS_XFLAG_IXUNLINK)
++ inode->i_flags |= S_IXUNLINK;
++ else
++ inode->i_flags &= ~S_IXUNLINK;
+ if (xflags & XFS_XFLAG_APPEND)
+ inode->i_flags |= S_APPEND;
+ else
+@@ -1397,10 +1409,18 @@ xfs_file_ioctl(
+ case XFS_IOC_FSGETXATTRA:
+ return xfs_ioc_fsgetxattr(ip, 1, arg);
+ case XFS_IOC_FSSETXATTR:
++ if (IS_BARRIER(inode)) {
++ vxwprintk_task(1, "messing with the barrier.");
++ return -XFS_ERROR(EACCES);
++ }
+ return xfs_ioc_fssetxattr(ip, filp, arg);
+ case XFS_IOC_GETXFLAGS:
+ return xfs_ioc_getxflags(ip, arg);
+ case XFS_IOC_SETXFLAGS:
++ if (IS_BARRIER(inode)) {
++ vxwprintk_task(1, "messing with the barrier.");
++ return -XFS_ERROR(EACCES);
++ }
+ return xfs_ioc_setxflags(ip, filp, arg);
-+#define XFS_MOUNT_TAGGED (1ULL << 31) /* context tagging */
+ case XFS_IOC_FSSETDM: {
+diff -NurpP --minimal linux-3.9.4/fs/xfs/xfs_ioctl.h linux-3.9.4-vs2.3.6.2/fs/xfs/xfs_ioctl.h
+--- linux-3.9.4/fs/xfs/xfs_ioctl.h 2012-12-11 03:30:57.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/xfs/xfs_ioctl.h 2013-05-31 14:47:11.000000000 +0000
+@@ -70,6 +70,12 @@ xfs_handle_to_dentry(
+ void __user *uhandle,
+ u32 hlen);
+
++extern int
++xfs_sync_flags(
++ struct inode *inode,
++ int flags,
++ int vflags);
++
+ extern long
+ xfs_file_ioctl(
+ struct file *filp,
+diff -NurpP --minimal linux-3.9.4/fs/xfs/xfs_iops.c linux-3.9.4-vs2.3.6.2/fs/xfs/xfs_iops.c
+--- linux-3.9.4/fs/xfs/xfs_iops.c 2013-02-19 13:58:49.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/xfs/xfs_iops.c 2013-05-31 14:47:11.000000000 +0000
+@@ -28,6 +28,7 @@
+ #include "xfs_bmap_btree.h"
+ #include "xfs_dinode.h"
+ #include "xfs_inode.h"
++#include "xfs_ioctl.h"
+ #include "xfs_bmap.h"
+ #include "xfs_rtalloc.h"
+ #include "xfs_error.h"
+@@ -47,6 +48,7 @@
+ #include <linux/security.h>
+ #include <linux/fiemap.h>
+ #include <linux/slab.h>
++#include <linux/vs_tag.h>
+
+ static int
+ xfs_initxattrs(
+@@ -422,6 +424,7 @@ xfs_vn_getattr(
+ stat->nlink = ip->i_d.di_nlink;
+ stat->uid = ip->i_d.di_uid;
+ stat->gid = ip->i_d.di_gid;
++ stat->tag = ip->i_d.di_tag;
+ stat->ino = ip->i_ino;
+ stat->atime = inode->i_atime;
+ stat->mtime = inode->i_mtime;
+@@ -1037,6 +1040,7 @@ static const struct inode_operations xfs
+ .listxattr = xfs_vn_listxattr,
+ .fiemap = xfs_vn_fiemap,
+ .update_time = xfs_vn_update_time,
++ .sync_flags = xfs_sync_flags,
+ };
+
+ static const struct inode_operations xfs_dir_inode_operations = {
+@@ -1063,6 +1067,7 @@ static const struct inode_operations xfs
+ .removexattr = generic_removexattr,
+ .listxattr = xfs_vn_listxattr,
+ .update_time = xfs_vn_update_time,
++ .sync_flags = xfs_sync_flags,
+ };
+
+ static const struct inode_operations xfs_dir_ci_inode_operations = {
+@@ -1114,6 +1119,10 @@ xfs_diflags_to_iflags(
+ inode->i_flags |= S_IMMUTABLE;
+ else
+ inode->i_flags &= ~S_IMMUTABLE;
++ if (ip->i_d.di_flags & XFS_DIFLAG_IXUNLINK)
++ inode->i_flags |= S_IXUNLINK;
++ else
++ inode->i_flags &= ~S_IXUNLINK;
+ if (ip->i_d.di_flags & XFS_DIFLAG_APPEND)
+ inode->i_flags |= S_APPEND;
+ else
+@@ -1126,6 +1135,15 @@ xfs_diflags_to_iflags(
+ inode->i_flags |= S_NOATIME;
+ else
+ inode->i_flags &= ~S_NOATIME;
++
++ if (ip->i_d.di_vflags & XFS_DIVFLAG_BARRIER)
++ inode->i_vflags |= V_BARRIER;
++ else
++ inode->i_vflags &= ~V_BARRIER;
++ if (ip->i_d.di_vflags & XFS_DIVFLAG_COW)
++ inode->i_vflags |= V_COW;
++ else
++ inode->i_vflags &= ~V_COW;
+ }
+
+ /*
+@@ -1157,6 +1175,7 @@ xfs_setup_inode(
+ set_nlink(inode, ip->i_d.di_nlink);
+ inode->i_uid = ip->i_d.di_uid;
+ inode->i_gid = ip->i_d.di_gid;
++ inode->i_tag = ip->i_d.di_tag;
+
+ switch (inode->i_mode & S_IFMT) {
+ case S_IFBLK:
+diff -NurpP --minimal linux-3.9.4/fs/xfs/xfs_itable.c linux-3.9.4-vs2.3.6.2/fs/xfs/xfs_itable.c
+--- linux-3.9.4/fs/xfs/xfs_itable.c 2013-02-19 13:58:49.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/xfs/xfs_itable.c 2013-05-31 14:47:11.000000000 +0000
+@@ -97,6 +97,7 @@ xfs_bulkstat_one_int(
+ buf->bs_mode = dic->di_mode;
+ buf->bs_uid = dic->di_uid;
+ buf->bs_gid = dic->di_gid;
++ buf->bs_tag = dic->di_tag;
+ buf->bs_size = dic->di_size;
+ buf->bs_atime.tv_sec = dic->di_atime.t_sec;
+ buf->bs_atime.tv_nsec = dic->di_atime.t_nsec;
+diff -NurpP --minimal linux-3.9.4/fs/xfs/xfs_linux.h linux-3.9.4-vs2.3.6.2/fs/xfs/xfs_linux.h
+--- linux-3.9.4/fs/xfs/xfs_linux.h 2013-02-19 13:58:49.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/xfs/xfs_linux.h 2013-05-31 14:47:11.000000000 +0000
+@@ -123,6 +123,7 @@
+
+ #define current_cpu() (raw_smp_processor_id())
+ #define current_pid() (current->pid)
++#define current_fstag(vp) (dx_current_fstag((vp)->i_sb))
+ #define current_test_flags(f) (current->flags & (f))
+ #define current_set_flags_nested(sp, f) \
+ (*(sp) = current->flags, current->flags |= (f))
+diff -NurpP --minimal linux-3.9.4/fs/xfs/xfs_log_recover.c linux-3.9.4-vs2.3.6.2/fs/xfs/xfs_log_recover.c
+--- linux-3.9.4/fs/xfs/xfs_log_recover.c 2013-05-31 13:45:25.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/xfs/xfs_log_recover.c 2013-05-31 14:47:11.000000000 +0000
+@@ -2361,7 +2361,8 @@ xlog_recover_inode_pass2(
+ }
+
+ /* The core is in in-core format */
+- xfs_dinode_to_disk(dip, item->ri_buf[1].i_addr);
++ xfs_dinode_to_disk(dip, item->ri_buf[1].i_addr,
++ mp->m_flags & XFS_MOUNT_TAGGED);
+
+ /* the rest is in on-disk format */
+ if (item->ri_buf[1].i_len > sizeof(struct xfs_icdinode)) {
+diff -NurpP --minimal linux-3.9.4/fs/xfs/xfs_mount.h linux-3.9.4-vs2.3.6.2/fs/xfs/xfs_mount.h
+--- linux-3.9.4/fs/xfs/xfs_mount.h 2013-05-31 13:45:25.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/xfs/xfs_mount.h 2013-05-31 14:47:11.000000000 +0000
+@@ -254,6 +254,7 @@ typedef struct xfs_mount {
+ allocator */
+ #define XFS_MOUNT_NOATTR2 (1ULL << 25) /* disable use of attr2 format */
+
++#define XFS_MOUNT_TAGGED (1ULL << 31) /* context tagging */
/*
* Default minimum read and write sizes.
-diff -NurpP --minimal linux-2.6.35.4/fs/xfs/xfs_vnodeops.c linux-2.6.35.4-vs2.3.0.36.32/fs/xfs/xfs_vnodeops.c
---- linux-2.6.35.4/fs/xfs/xfs_vnodeops.c 2010-08-02 16:52:53.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/xfs/xfs_vnodeops.c 2010-08-02 17:05:06.000000000 +0200
-@@ -55,6 +55,80 @@
- #include "xfs_vnodeops.h"
- #include "xfs_trace.h"
+diff -NurpP --minimal linux-3.9.4/fs/xfs/xfs_super.c linux-3.9.4-vs2.3.6.2/fs/xfs/xfs_super.c
+--- linux-3.9.4/fs/xfs/xfs_super.c 2013-05-31 13:45:25.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/xfs/xfs_super.c 2013-05-31 14:47:11.000000000 +0000
+@@ -114,6 +114,9 @@ mempool_t *xfs_ioend_pool;
+ #define MNTOPT_NODELAYLOG "nodelaylog" /* Delayed logging disabled */
+ #define MNTOPT_DISCARD "discard" /* Discard unused blocks */
+ #define MNTOPT_NODISCARD "nodiscard" /* Do not discard unused blocks */
++#define MNTOPT_TAGXID "tagxid" /* context tagging for inodes */
++#define MNTOPT_TAGGED "tag" /* context tagging for inodes */
++#define MNTOPT_NOTAGTAG "notag" /* do not use context tagging */
+
+ /*
+ * Table driven mount option parser.
+@@ -126,6 +129,8 @@ enum {
+ Opt_nobarrier,
+ Opt_inode64,
+ Opt_inode32,
++ Opt_tag,
++ Opt_notag,
+ Opt_err
+ };
+
+@@ -134,6 +139,9 @@ static const match_table_t tokens = {
+ {Opt_nobarrier, "nobarrier"},
+ {Opt_inode64, "inode64"},
+ {Opt_inode32, "inode32"},
++ {Opt_tag, "tagxid"},
++ {Opt_tag, "tag"},
++ {Opt_notag, "notag"},
+ {Opt_err, NULL}
+ };
+
+@@ -392,6 +400,19 @@ xfs_parseargs(
+ } else if (!strcmp(this_char, "irixsgid")) {
+ xfs_warn(mp,
+ "irixsgid is now a sysctl(2) variable, option is deprecated.");
++#ifndef CONFIG_TAGGING_NONE
++ } else if (!strcmp(this_char, MNTOPT_TAGGED)) {
++ mp->m_flags |= XFS_MOUNT_TAGGED;
++ } else if (!strcmp(this_char, MNTOPT_NOTAGTAG)) {
++ mp->m_flags &= ~XFS_MOUNT_TAGGED;
++ } else if (!strcmp(this_char, MNTOPT_TAGXID)) {
++ mp->m_flags |= XFS_MOUNT_TAGGED;
++#endif
++#ifdef CONFIG_PROPAGATE
++ } else if (!strcmp(this_char, MNTOPT_TAGGED)) {
++ /* use value */
++ mp->m_flags |= XFS_MOUNT_TAGGED;
++#endif
+ } else {
+ xfs_warn(mp, "unknown mount option [%s].", this_char);
+ return EINVAL;
+@@ -1238,6 +1259,16 @@ xfs_fs_remount(
+ case Opt_inode32:
+ mp->m_maxagi = xfs_set_inode32(mp);
+ break;
++ case Opt_tag:
++ if (!(sb->s_flags & MS_TAGGED)) {
++ printk(KERN_INFO
++ "XFS: %s: tagging not permitted on remount.\n",
++ sb->s_id);
++ return -EINVAL;
++ }
++ break;
++ case Opt_notag:
++ break;
+ default:
+ /*
+ * Logically we would return an error here to prevent
+@@ -1458,6 +1489,9 @@ xfs_fs_fill_super(
+ if (error)
+ goto out_free_sb;
+
++ if (mp->m_flags & XFS_MOUNT_TAGGED)
++ sb->s_flags |= MS_TAGGED;
++
+ /*
+ * we must configure the block size in the superblock before we run the
+ * full mount process as the mount process can lookup and cache inodes.
+diff -NurpP --minimal linux-3.9.4/fs/xfs/xfs_vnodeops.c linux-3.9.4-vs2.3.6.2/fs/xfs/xfs_vnodeops.c
+--- linux-3.9.4/fs/xfs/xfs_vnodeops.c 2013-05-31 13:45:25.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/fs/xfs/xfs_vnodeops.c 2013-05-31 14:47:11.000000000 +0000
+@@ -104,6 +104,77 @@ xfs_readlink_bmap(
+ return error;
+ }
+
+STATIC void
+ if (code)
+ goto error_out;
+
-+ lock_flags = XFS_ILOCK_EXCL;
-+ xfs_ilock(ip, lock_flags);
-+
-+ xfs_trans_ijoin(tp, ip, lock_flags);
-+ xfs_trans_ihold(tp, ip);
++ xfs_ilock(ip, XFS_ILOCK_EXCL);
++ xfs_trans_ijoin(tp, ip, 0);
+
+ inode->i_flags = flags;
+ inode->i_vflags = vflags;
+ xfs_get_inode_flags(ip);
+
+ xfs_trans_log_inode(tp, ip, XFS_ILOG_CORE);
-+ xfs_ichgtime(ip, XFS_ICHGTIME_CHG);
++ xfs_trans_ichgtime(tp, ip, XFS_ICHGTIME_CHG);
+
+ XFS_STATS_INC(xs_ig_attrchg);
+
+ if (mp->m_flags & XFS_MOUNT_WSYNC)
+ xfs_trans_set_sync(tp);
+ code = xfs_trans_commit(tp, 0);
-+ xfs_iunlock(ip, lock_flags);
++ xfs_iunlock(ip, XFS_ILOCK_EXCL);
+ return code;
+
+error_out:
+ xfs_trans_cancel(tp, 0);
+ if (lock_flags)
-+ xfs_iunlock(ip, lock_flags);
++ xfs_iunlock(ip, XFS_ILOCK_EXCL);
+ return code;
+}
+
+
int
- xfs_setattr(
- struct xfs_inode *ip,
-@@ -70,6 +144,7 @@ xfs_setattr(
- uint commit_flags=0;
- uid_t uid=0, iuid=0;
- gid_t gid=0, igid=0;
-+ tag_t tag=0, itag=0;
- struct xfs_dquot *udqp, *gdqp, *olddquot1, *olddquot2;
- int need_iolock = 1;
-
-@@ -162,7 +237,7 @@ xfs_setattr(
- /*
- * Change file ownership. Must be the owner or privileged.
- */
-- if (mask & (ATTR_UID|ATTR_GID)) {
-+ if (mask & (ATTR_UID|ATTR_GID|ATTR_TAG)) {
- /*
- * These IDs could have changed since we last looked at them.
- * But, we're assured that if the ownership did change
-@@ -171,8 +246,10 @@ xfs_setattr(
- */
- iuid = ip->i_d.di_uid;
- igid = ip->i_d.di_gid;
-+ itag = ip->i_d.di_tag;
- gid = (mask & ATTR_GID) ? iattr->ia_gid : igid;
- uid = (mask & ATTR_UID) ? iattr->ia_uid : iuid;
-+ tag = (mask & ATTR_TAG) ? iattr->ia_tag : itag;
-
- /*
- * Do a quota reservation only if uid/gid is actually
-@@ -180,7 +257,8 @@ xfs_setattr(
- */
- if (XFS_IS_QUOTA_RUNNING(mp) &&
- ((XFS_IS_UQUOTA_ON(mp) && iuid != uid) ||
-- (XFS_IS_GQUOTA_ON(mp) && igid != gid))) {
-+ (XFS_IS_GQUOTA_ON(mp) && igid != gid) ||
-+ (XFS_IS_GQUOTA_ON(mp) && itag != tag))) {
- ASSERT(tp);
- code = xfs_qm_vop_chown_reserve(tp, ip, udqp, gdqp,
- capable(CAP_FOWNER) ?
-@@ -341,7 +419,7 @@ xfs_setattr(
- /*
- * Change file ownership. Must be the owner or privileged.
- */
-- if (mask & (ATTR_UID|ATTR_GID)) {
-+ if (mask & (ATTR_UID|ATTR_GID|ATTR_TAG)) {
- /*
- * CAP_FSETID overrides the following restrictions:
- *
-@@ -357,6 +435,10 @@ xfs_setattr(
- * Change the ownerships and register quota modifications
- * in the transaction.
- */
-+ if (itag != tag) {
-+ ip->i_d.di_tag = tag;
-+ inode->i_tag = tag;
-+ }
- if (iuid != uid) {
- if (XFS_IS_QUOTA_RUNNING(mp) && XFS_IS_UQUOTA_ON(mp)) {
- ASSERT(mask & ATTR_UID);
-diff -NurpP --minimal linux-2.6.35.4/fs/xfs/xfs_vnodeops.h linux-2.6.35.4-vs2.3.0.36.32/fs/xfs/xfs_vnodeops.h
---- linux-2.6.35.4/fs/xfs/xfs_vnodeops.h 2010-07-07 18:31:54.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/fs/xfs/xfs_vnodeops.h 2010-08-02 17:05:06.000000000 +0200
-@@ -14,6 +14,7 @@ struct xfs_inode;
- struct xfs_iomap;
-
-
-+int xfs_sync_xflags(struct xfs_inode *ip);
- int xfs_setattr(struct xfs_inode *ip, struct iattr *vap, int flags);
- #define XFS_ATTR_DMI 0x01 /* invocation from a DMI function */
- #define XFS_ATTR_NONBLOCK 0x02 /* return EAGAIN if operation would block */
-diff -NurpP --minimal linux-2.6.35.4/include/asm-generic/tlb.h linux-2.6.35.4-vs2.3.0.36.32/include/asm-generic/tlb.h
---- linux-2.6.35.4/include/asm-generic/tlb.h 2009-09-10 15:26:24.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/include/asm-generic/tlb.h 2010-08-02 17:05:06.000000000 +0200
-@@ -14,6 +14,7 @@
- #define _ASM_GENERIC__TLB_H
-
- #include <linux/swap.h>
-+#include <linux/vs_memory.h>
- #include <asm/pgalloc.h>
- #include <asm/tlbflush.h>
-
-diff -NurpP --minimal linux-2.6.35.4/include/linux/capability.h linux-2.6.35.4-vs2.3.0.36.32/include/linux/capability.h
---- linux-2.6.35.4/include/linux/capability.h 2010-02-25 11:52:07.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/include/linux/capability.h 2010-08-02 17:05:06.000000000 +0200
-@@ -283,6 +283,7 @@ struct cpu_vfs_cap_data {
- arbitrary SCSI commands */
- /* Allow setting encryption key on loopback filesystem */
- /* Allow setting zone reclaim policy */
-+/* Allow the selection of a security context */
-
- #define CAP_SYS_ADMIN 21
-
-@@ -355,7 +356,13 @@ struct cpu_vfs_cap_data {
-
- #define CAP_MAC_ADMIN 33
+ xfs_readlink(
+ xfs_inode_t *ip,
+diff -NurpP --minimal linux-3.9.4/include/linux/cred.h linux-3.9.4-vs2.3.6.2/include/linux/cred.h
+--- linux-3.9.4/include/linux/cred.h 2013-02-19 13:58:50.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/linux/cred.h 2013-05-31 14:47:11.000000000 +0000
+@@ -143,6 +143,7 @@ extern void exit_creds(struct task_struc
+ extern int copy_creds(struct task_struct *, unsigned long);
+ extern const struct cred *get_task_cred(struct task_struct *);
+ extern struct cred *cred_alloc_blank(void);
++extern struct cred *__prepare_creds(const struct cred *);
+ extern struct cred *prepare_creds(void);
+ extern struct cred *prepare_exec_creds(void);
+ extern int commit_creds(struct cred *);
+@@ -196,6 +197,31 @@ static inline void validate_process_cred
+ }
+ #endif
--#define CAP_LAST_CAP CAP_MAC_ADMIN
-+/* Allow context manipulations */
-+/* Allow changing context info on files */
++static inline void set_cred_subscribers(struct cred *cred, int n)
++{
++#ifdef CONFIG_DEBUG_CREDENTIALS
++ atomic_set(&cred->subscribers, n);
++#endif
++}
+
-+#define CAP_CONTEXT 34
++static inline int read_cred_subscribers(const struct cred *cred)
++{
++#ifdef CONFIG_DEBUG_CREDENTIALS
++ return atomic_read(&cred->subscribers);
++#else
++ return 0;
++#endif
++}
+
++static inline void alter_cred_subscribers(const struct cred *_cred, int n)
++{
++#ifdef CONFIG_DEBUG_CREDENTIALS
++ struct cred *cred = (struct cred *) _cred;
+
-+#define CAP_LAST_CAP CAP_CONTEXT
-
- #define cap_valid(x) ((x) >= 0 && (x) <= CAP_LAST_CAP)
-
-diff -NurpP --minimal linux-2.6.35.4/include/linux/devpts_fs.h linux-2.6.35.4-vs2.3.0.36.32/include/linux/devpts_fs.h
---- linux-2.6.35.4/include/linux/devpts_fs.h 2008-12-25 00:26:37.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/include/linux/devpts_fs.h 2010-08-02 17:05:06.000000000 +0200
++ atomic_add(n, &cred->subscribers);
++#endif
++}
++
+ /**
+ * get_new_cred - Get a reference on a new set of credentials
+ * @cred: The new credentials to reference
+diff -NurpP --minimal linux-3.9.4/include/linux/devpts_fs.h linux-3.9.4-vs2.3.6.2/include/linux/devpts_fs.h
+--- linux-3.9.4/include/linux/devpts_fs.h 2013-02-19 13:58:50.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/linux/devpts_fs.h 2013-05-31 14:47:11.000000000 +0000
@@ -45,5 +45,4 @@ static inline void devpts_pty_kill(struc
#endif
-
#endif /* _LINUX_DEVPTS_FS_H */
-diff -NurpP --minimal linux-2.6.35.4/include/linux/ext2_fs.h linux-2.6.35.4-vs2.3.0.36.32/include/linux/ext2_fs.h
---- linux-2.6.35.4/include/linux/ext2_fs.h 2010-02-25 11:52:07.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/include/linux/ext2_fs.h 2010-08-02 17:05:06.000000000 +0200
-@@ -189,8 +189,12 @@ struct ext2_group_desc
- #define EXT2_NOTAIL_FL FS_NOTAIL_FL /* file tail should not be merged */
- #define EXT2_DIRSYNC_FL FS_DIRSYNC_FL /* dirsync behaviour (directories only) */
- #define EXT2_TOPDIR_FL FS_TOPDIR_FL /* Top of directory hierarchies*/
-+#define EXT2_IXUNLINK_FL FS_IXUNLINK_FL /* Immutable invert on unlink */
- #define EXT2_RESERVED_FL FS_RESERVED_FL /* reserved for ext2 lib */
+diff -NurpP --minimal linux-3.9.4/include/linux/fs.h linux-3.9.4-vs2.3.6.2/include/linux/fs.h
+--- linux-3.9.4/include/linux/fs.h 2013-05-31 13:45:27.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/linux/fs.h 2013-05-31 14:47:11.000000000 +0000
+@@ -211,6 +211,7 @@ typedef void (dio_iodone_t)(struct kiocb
+ #define ATTR_KILL_PRIV (1 << 14)
+ #define ATTR_OPEN (1 << 15) /* Truncating from open(O_TRUNC) */
+ #define ATTR_TIMES_SET (1 << 16)
++#define ATTR_TAG (1 << 17)
-+#define EXT2_BARRIER_FL FS_BARRIER_FL /* Barrier for chroot() */
-+#define EXT2_COW_FL FS_COW_FL /* Copy on Write marker */
-+
- #define EXT2_FL_USER_VISIBLE FS_FL_USER_VISIBLE /* User visible flags */
- #define EXT2_FL_USER_MODIFIABLE FS_FL_USER_MODIFIABLE /* User modifiable flags */
+ /*
+ * This is the Inode Attributes structure, used for notify_change(). It
+@@ -226,6 +227,7 @@ struct iattr {
+ umode_t ia_mode;
+ kuid_t ia_uid;
+ kgid_t ia_gid;
++ ktag_t ia_tag;
+ loff_t ia_size;
+ struct timespec ia_atime;
+ struct timespec ia_mtime;
+@@ -523,7 +525,9 @@ struct inode {
+ unsigned short i_opflags;
+ kuid_t i_uid;
+ kgid_t i_gid;
+- unsigned int i_flags;
++ ktag_t i_tag;
++ unsigned short i_flags;
++ unsigned short i_vflags;
-@@ -274,7 +278,8 @@ struct ext2_inode {
- __u16 i_pad1;
- __le16 l_i_uid_high; /* these 2 fields */
- __le16 l_i_gid_high; /* were reserved2[0] */
-- __u32 l_i_reserved2;
-+ __le16 l_i_tag; /* Context Tag */
-+ __u16 l_i_reserved2;
- } linux2;
- struct {
- __u8 h_i_frag; /* Fragment number */
-@@ -303,6 +308,7 @@ struct ext2_inode {
- #define i_gid_low i_gid
- #define i_uid_high osd2.linux2.l_i_uid_high
- #define i_gid_high osd2.linux2.l_i_gid_high
-+#define i_raw_tag osd2.linux2.l_i_tag
- #define i_reserved2 osd2.linux2.l_i_reserved2
- #endif
+ #ifdef CONFIG_FS_POSIX_ACL
+ struct posix_acl *i_acl;
+@@ -552,6 +556,7 @@ struct inode {
+ unsigned int __i_nlink;
+ };
+ dev_t i_rdev;
++ dev_t i_mdev;
+ loff_t i_size;
+ struct timespec i_atime;
+ struct timespec i_mtime;
+@@ -702,6 +707,11 @@ static inline gid_t i_gid_read(const str
+ return from_kgid(&init_user_ns, inode->i_gid);
+ }
-@@ -347,6 +353,7 @@ struct ext2_inode {
- #define EXT2_MOUNT_USRQUOTA 0x020000 /* user quota */
- #define EXT2_MOUNT_GRPQUOTA 0x040000 /* group quota */
- #define EXT2_MOUNT_RESERVATION 0x080000 /* Preallocation */
-+#define EXT2_MOUNT_TAGGED (1<<24) /* Enable Context Tags */
++static inline tag_t i_tag_read(const struct inode *inode)
++{
++ return from_ktag(&init_user_ns, inode->i_tag);
++}
++
+ static inline void i_uid_write(struct inode *inode, uid_t uid)
+ {
+ inode->i_uid = make_kuid(&init_user_ns, uid);
+@@ -712,14 +722,19 @@ static inline void i_gid_write(struct in
+ inode->i_gid = make_kgid(&init_user_ns, gid);
+ }
++static inline void i_tag_write(struct inode *inode, tag_t tag)
++{
++ inode->i_tag = make_ktag(&init_user_ns, tag);
++}
++
+ static inline unsigned iminor(const struct inode *inode)
+ {
+- return MINOR(inode->i_rdev);
++ return MINOR(inode->i_mdev);
+ }
- #define clear_opt(o, opt) o &= ~EXT2_MOUNT_##opt
-diff -NurpP --minimal linux-2.6.35.4/include/linux/ext3_fs.h linux-2.6.35.4-vs2.3.0.36.32/include/linux/ext3_fs.h
---- linux-2.6.35.4/include/linux/ext3_fs.h 2010-08-02 16:52:54.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/include/linux/ext3_fs.h 2010-08-02 17:05:06.000000000 +0200
-@@ -173,10 +173,14 @@ struct ext3_group_desc
- #define EXT3_NOTAIL_FL 0x00008000 /* file tail should not be merged */
- #define EXT3_DIRSYNC_FL 0x00010000 /* dirsync behaviour (directories only) */
- #define EXT3_TOPDIR_FL 0x00020000 /* Top of directory hierarchies*/
-+#define EXT3_IXUNLINK_FL 0x08000000 /* Immutable invert on unlink */
- #define EXT3_RESERVED_FL 0x80000000 /* reserved for ext3 lib */
-
--#define EXT3_FL_USER_VISIBLE 0x0003DFFF /* User visible flags */
--#define EXT3_FL_USER_MODIFIABLE 0x000380FF /* User modifiable flags */
-+#define EXT3_BARRIER_FL 0x04000000 /* Barrier for chroot() */
-+#define EXT3_COW_FL 0x20000000 /* Copy on Write marker */
-+
-+#define EXT3_FL_USER_VISIBLE 0x0103DFFF /* User visible flags */
-+#define EXT3_FL_USER_MODIFIABLE 0x010380FF /* User modifiable flags */
+ static inline unsigned imajor(const struct inode *inode)
+ {
+- return MAJOR(inode->i_rdev);
++ return MAJOR(inode->i_mdev);
+ }
- /* Flags that should be inherited by new inodes from their parent. */
- #define EXT3_FL_INHERITED (EXT3_SECRM_FL | EXT3_UNRM_FL | EXT3_COMPR_FL |\
-@@ -312,7 +316,8 @@ struct ext3_inode {
- __u16 i_pad1;
- __le16 l_i_uid_high; /* these 2 fields */
- __le16 l_i_gid_high; /* were reserved2[0] */
-- __u32 l_i_reserved2;
-+ __le16 l_i_tag; /* Context Tag */
-+ __u16 l_i_reserved2;
- } linux2;
- struct {
- __u8 h_i_frag; /* Fragment number */
-@@ -343,6 +348,7 @@ struct ext3_inode {
- #define i_gid_low i_gid
- #define i_uid_high osd2.linux2.l_i_uid_high
- #define i_gid_high osd2.linux2.l_i_gid_high
-+#define i_raw_tag osd2.linux2.l_i_tag
- #define i_reserved2 osd2.linux2.l_i_reserved2
+ extern struct block_device *I_BDEV(struct inode *inode);
+@@ -786,6 +801,7 @@ struct file {
+ loff_t f_pos;
+ struct fown_struct f_owner;
+ const struct cred *f_cred;
++ xid_t f_xid;
+ struct file_ra_state f_ra;
- #elif defined(__GNU__)
-@@ -406,6 +412,7 @@ struct ext3_inode {
- #define EXT3_MOUNT_GRPQUOTA 0x200000 /* "old" group quota */
- #define EXT3_MOUNT_DATA_ERR_ABORT 0x400000 /* Abort on file data write
- * error in ordered mode */
-+#define EXT3_MOUNT_TAGGED (1<<24) /* Enable Context Tags */
+ u64 f_version;
+@@ -937,6 +953,7 @@ struct file_lock {
+ struct file *fl_file;
+ loff_t fl_start;
+ loff_t fl_end;
++ xid_t fl_xid;
- /* Compatibility, for having both ext2_fs.h and ext3_fs.h included at once */
- #ifndef _LINUX_EXT2_FS_H
-@@ -909,6 +916,7 @@ extern void ext3_get_inode_flags(struct
- extern void ext3_set_aops(struct inode *inode);
- extern int ext3_fiemap(struct inode *inode, struct fiemap_extent_info *fieinfo,
- u64 start, u64 len);
-+extern int ext3_sync_flags(struct inode *, int, int);
+ struct fasync_struct * fl_fasync; /* for lease break notifications */
+ /* for lease breaks: */
+@@ -1567,6 +1584,7 @@ struct inode_operations {
+ ssize_t (*getxattr) (struct dentry *, const char *, void *, size_t);
+ ssize_t (*listxattr) (struct dentry *, char *, size_t);
+ int (*removexattr) (struct dentry *, const char *);
++ int (*sync_flags) (struct inode *, int, int);
+ int (*fiemap)(struct inode *, struct fiemap_extent_info *, u64 start,
+ u64 len);
+ int (*update_time)(struct inode *, struct timespec *, int);
+@@ -1579,6 +1597,7 @@ ssize_t rw_copy_check_uvector(int type,
+ unsigned long nr_segs, unsigned long fast_segs,
+ struct iovec *fast_pointer,
+ struct iovec **ret_pointer);
++ssize_t vfs_sendfile(struct file *, struct file *, loff_t *, size_t, loff_t);
- /* ioctl.c */
- extern long ext3_ioctl(struct file *, unsigned int, unsigned long);
-diff -NurpP --minimal linux-2.6.35.4/include/linux/fs.h linux-2.6.35.4-vs2.3.0.36.32/include/linux/fs.h
---- linux-2.6.35.4/include/linux/fs.h 2010-09-05 01:41:57.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/include/linux/fs.h 2010-08-14 18:21:44.000000000 +0200
-@@ -209,6 +209,9 @@ struct inodes_stat_t {
- #define MS_KERNMOUNT (1<<22) /* this is a kern_mount call */
- #define MS_I_VERSION (1<<23) /* Update inode I_version field */
- #define MS_STRICTATIME (1<<24) /* Always perform atime updates */
-+#define MS_TAGGED (1<<25) /* use generic inode tagging */
-+#define MS_TAGID (1<<26) /* use specific tag for this mount */
-+#define MS_NOTAGCHECK (1<<27) /* don't check tags */
- #define MS_BORN (1<<29)
- #define MS_ACTIVE (1<<30)
- #define MS_NOUSER (1<<31)
-@@ -236,6 +239,14 @@ struct inodes_stat_t {
- #define S_NOCMTIME 128 /* Do not update file c/mtime */
- #define S_SWAPFILE 256 /* Do not truncate: swapon got its bmaps */
- #define S_PRIVATE 512 /* Inode is fs-internal */
-+#define S_IXUNLINK 1024 /* Immutable Invert on unlink */
+ extern ssize_t vfs_read(struct file *, char __user *, size_t, loff_t *);
+ extern ssize_t vfs_write(struct file *, const char __user *, size_t, loff_t *);
+@@ -1632,6 +1651,14 @@ struct super_operations {
+ #define S_IMA 1024 /* Inode has an associated IMA struct */
+ #define S_AUTOMOUNT 2048 /* Automount/referral quasi-directory */
+ #define S_NOSEC 4096 /* no suid or xattr security attributes */
++#define S_IXUNLINK 8192 /* Immutable Invert on unlink */
+
+/* Linux-VServer related Inode flags */
+
/*
* Note that nosuid etc flags are inode-specific: setting some file-system
-@@ -258,12 +269,15 @@ struct inodes_stat_t {
- #define IS_DIRSYNC(inode) (__IS_FLG(inode, MS_SYNCHRONOUS|MS_DIRSYNC) || \
- ((inode)->i_flags & (S_SYNC|S_DIRSYNC)))
+@@ -1656,10 +1683,13 @@ struct super_operations {
#define IS_MANDLOCK(inode) __IS_FLG(inode, MS_MANDLOCK)
--#define IS_NOATIME(inode) __IS_FLG(inode, MS_RDONLY|MS_NOATIME)
--#define IS_I_VERSION(inode) __IS_FLG(inode, MS_I_VERSION)
-+#define IS_NOATIME(inode) __IS_FLG(inode, MS_RDONLY|MS_NOATIME)
-+#define IS_I_VERSION(inode) __IS_FLG(inode, MS_I_VERSION)
+ #define IS_NOATIME(inode) __IS_FLG(inode, MS_RDONLY|MS_NOATIME)
+ #define IS_I_VERSION(inode) __IS_FLG(inode, MS_I_VERSION)
+#define IS_TAGGED(inode) __IS_FLG(inode, MS_TAGGED)
#define IS_NOQUOTA(inode) ((inode)->i_flags & S_NOQUOTA)
#define IS_POSIXACL(inode) __IS_FLG(inode, MS_POSIXACL)
#define IS_DEADDIR(inode) ((inode)->i_flags & S_DEAD)
-@@ -271,6 +285,16 @@ struct inodes_stat_t {
- #define IS_SWAPFILE(inode) ((inode)->i_flags & S_SWAPFILE)
- #define IS_PRIVATE(inode) ((inode)->i_flags & S_PRIVATE)
+@@ -1670,6 +1700,16 @@ struct super_operations {
+ #define IS_AUTOMOUNT(inode) ((inode)->i_flags & S_AUTOMOUNT)
+ #define IS_NOSEC(inode) ((inode)->i_flags & S_NOSEC)
+#define IS_BARRIER(inode) (S_ISDIR((inode)->i_mode) && ((inode)->i_vflags & V_BARRIER))
+
+# define IS_COW_LINK(inode) (0)
+#endif
+
- /* the read-only stuff doesn't really belong here, but any other place is
- probably as bad and I don't want to create yet another include file. */
-
-@@ -353,11 +377,14 @@ struct inodes_stat_t {
- #define FS_TOPDIR_FL 0x00020000 /* Top of directory hierarchies*/
- #define FS_EXTENT_FL 0x00080000 /* Extents */
- #define FS_DIRECTIO_FL 0x00100000 /* Use direct i/o */
-+#define FS_IXUNLINK_FL 0x08000000 /* Immutable invert on unlink */
- #define FS_RESERVED_FL 0x80000000 /* reserved for ext2 lib */
-
--#define FS_FL_USER_VISIBLE 0x0003DFFF /* User visible flags */
--#define FS_FL_USER_MODIFIABLE 0x000380FF /* User modifiable flags */
-+#define FS_BARRIER_FL 0x04000000 /* Barrier for chroot() */
-+#define FS_COW_FL 0x20000000 /* Copy on Write marker */
-
-+#define FS_FL_USER_VISIBLE 0x0103DFFF /* User visible flags */
-+#define FS_FL_USER_MODIFIABLE 0x010380FF /* User modifiable flags */
-
- #define SYNC_FILE_RANGE_WAIT_BEFORE 1
- #define SYNC_FILE_RANGE_WRITE 2
-@@ -439,6 +466,7 @@ typedef void (dio_iodone_t)(struct kiocb
- #define ATTR_KILL_PRIV (1 << 14)
- #define ATTR_OPEN (1 << 15) /* Truncating from open(O_TRUNC) */
- #define ATTR_TIMES_SET (1 << 16)
-+#define ATTR_TAG (1 << 17)
-
/*
- * This is the Inode Attributes structure, used for notify_change(). It
-@@ -454,6 +482,7 @@ struct iattr {
- umode_t ia_mode;
- uid_t ia_uid;
- gid_t ia_gid;
-+ tag_t ia_tag;
- loff_t ia_size;
- struct timespec ia_atime;
- struct timespec ia_mtime;
-@@ -467,6 +496,9 @@ struct iattr {
- struct file *ia_file;
- };
+ * Inode state bits. Protected by inode->i_lock
+ *
+@@ -1898,6 +1938,9 @@ extern int rw_verify_area(int, struct fi
+ extern int locks_mandatory_locked(struct inode *);
+ extern int locks_mandatory_area(int, struct inode *, struct file *, loff_t, size_t);
+#define ATTR_FLAG_BARRIER 512 /* Barrier for chroot() */
+#define ATTR_FLAG_IXUNLINK 1024 /* Immutable invert on unlink */
+
/*
- * Includes for diskquotas.
- */
-@@ -733,7 +765,9 @@ struct inode {
- unsigned int i_nlink;
- uid_t i_uid;
- gid_t i_gid;
-+ tag_t i_tag;
- dev_t i_rdev;
-+ dev_t i_mdev;
- unsigned int i_blkbits;
- u64 i_version;
- loff_t i_size;
-@@ -780,7 +814,8 @@ struct inode {
- unsigned long i_state;
- unsigned long dirtied_when; /* jiffies of first dirtying */
-
-- unsigned int i_flags;
-+ unsigned short i_flags;
-+ unsigned short i_vflags;
-
- atomic_t i_writecount;
- #ifdef CONFIG_SECURITY
-@@ -868,12 +903,12 @@ static inline void i_size_write(struct i
-
- static inline unsigned iminor(const struct inode *inode)
- {
-- return MINOR(inode->i_rdev);
-+ return MINOR(inode->i_mdev);
- }
-
- static inline unsigned imajor(const struct inode *inode)
- {
-- return MAJOR(inode->i_rdev);
-+ return MAJOR(inode->i_mdev);
- }
-
- extern struct block_device *I_BDEV(struct inode *inode);
-@@ -932,6 +967,7 @@ struct file {
- loff_t f_pos;
- struct fown_struct f_owner;
- const struct cred *f_cred;
-+ xid_t f_xid;
- struct file_ra_state f_ra;
-
- u64 f_version;
-@@ -1074,6 +1110,7 @@ struct file_lock {
- struct file *fl_file;
- loff_t fl_start;
- loff_t fl_end;
-+ xid_t fl_xid;
-
- struct fasync_struct * fl_fasync; /* for lease break notifications */
- unsigned long fl_break_time; /* for nonblocking lease breaks */
-@@ -1535,6 +1572,7 @@ struct inode_operations {
- ssize_t (*getxattr) (struct dentry *, const char *, void *, size_t);
- ssize_t (*listxattr) (struct dentry *, char *, size_t);
- int (*removexattr) (struct dentry *, const char *);
-+ int (*sync_flags) (struct inode *, int, int);
- void (*truncate_range)(struct inode *, loff_t, loff_t);
- long (*fallocate)(struct inode *inode, int mode, loff_t offset,
- loff_t len);
-@@ -1555,6 +1593,7 @@ extern ssize_t vfs_readv(struct file *,
- unsigned long, loff_t *);
- extern ssize_t vfs_writev(struct file *, const struct iovec __user *,
- unsigned long, loff_t *);
-+ssize_t vfs_sendfile(struct file *, struct file *, loff_t *, size_t, loff_t);
-
- struct super_operations {
- struct inode *(*alloc_inode)(struct super_block *sb);
-@@ -2378,6 +2417,7 @@ extern int dcache_dir_open(struct inode
+ * Candidates for mandatory locking have the setgid bit set
+ * but no group execute bit - an otherwise meaningless combination.
+@@ -2509,6 +2552,7 @@ extern int dcache_dir_open(struct inode
extern int dcache_dir_close(struct inode *, struct file *);
extern loff_t dcache_dir_lseek(struct file *, loff_t, int);
extern int dcache_readdir(struct file *, void *, filldir_t);
extern int simple_setattr(struct dentry *, struct iattr *);
extern int simple_getattr(struct vfsmount *, struct dentry *, struct kstat *);
extern int simple_statfs(struct dentry *, struct kstatfs *);
-diff -NurpP --minimal linux-2.6.35.4/include/linux/gfs2_ondisk.h linux-2.6.35.4-vs2.3.0.36.32/include/linux/gfs2_ondisk.h
---- linux-2.6.35.4/include/linux/gfs2_ondisk.h 2010-07-07 18:31:55.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/include/linux/gfs2_ondisk.h 2010-08-02 17:05:06.000000000 +0200
-@@ -211,6 +211,9 @@ enum {
- gfs2fl_NoAtime = 7,
- gfs2fl_Sync = 8,
- gfs2fl_System = 9,
-+ gfs2fl_IXUnlink = 16,
-+ gfs2fl_Barrier = 17,
-+ gfs2fl_Cow = 18,
- gfs2fl_TruncInProg = 29,
- gfs2fl_InheritDirectio = 30,
- gfs2fl_InheritJdata = 31,
-@@ -227,6 +230,9 @@ enum {
- #define GFS2_DIF_NOATIME 0x00000080
- #define GFS2_DIF_SYNC 0x00000100
- #define GFS2_DIF_SYSTEM 0x00000200 /* New in gfs2 */
-+#define GFS2_DIF_IXUNLINK 0x00010000
-+#define GFS2_DIF_BARRIER 0x00020000
-+#define GFS2_DIF_COW 0x00040000
- #define GFS2_DIF_TRUNC_IN_PROG 0x20000000 /* New in gfs2 */
- #define GFS2_DIF_INHERIT_DIRECTIO 0x40000000
- #define GFS2_DIF_INHERIT_JDATA 0x80000000
-diff -NurpP --minimal linux-2.6.35.4/include/linux/if_tun.h linux-2.6.35.4-vs2.3.0.36.32/include/linux/if_tun.h
---- linux-2.6.35.4/include/linux/if_tun.h 2010-08-02 16:52:54.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/include/linux/if_tun.h 2010-08-02 18:17:46.000000000 +0200
-@@ -53,6 +53,7 @@
- #define TUNDETACHFILTER _IOW('T', 214, struct sock_fprog)
- #define TUNGETVNETHDRSZ _IOR('T', 215, int)
- #define TUNSETVNETHDRSZ _IOW('T', 216, int)
-+#define TUNSETNID _IOW('T', 217, int)
-
- /* TUNSETIFF ifr flags */
- #define IFF_TUN 0x0001
-diff -NurpP --minimal linux-2.6.35.4/include/linux/init_task.h linux-2.6.35.4-vs2.3.0.36.32/include/linux/init_task.h
---- linux-2.6.35.4/include/linux/init_task.h 2010-08-02 16:52:54.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/include/linux/init_task.h 2010-08-02 17:05:06.000000000 +0200
-@@ -172,6 +172,10 @@ extern struct cred init_cred;
- INIT_FTRACE_GRAPH \
- INIT_TRACE_RECURSION \
+diff -NurpP --minimal linux-3.9.4/include/linux/init_task.h linux-3.9.4-vs2.3.6.2/include/linux/init_task.h
+--- linux-3.9.4/include/linux/init_task.h 2013-05-31 13:45:27.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/linux/init_task.h 2013-05-31 14:53:41.000000000 +0000
+@@ -222,6 +222,10 @@ extern struct task_group root_task_group
INIT_TASK_RCU_PREEMPT(tsk) \
+ INIT_CPUSET_SEQ \
+ INIT_VTIME(tsk) \
+ .xid = 0, \
+ .vx_info = NULL, \
+ .nid = 0, \
}
-diff -NurpP --minimal linux-2.6.35.4/include/linux/ipc.h linux-2.6.35.4-vs2.3.0.36.32/include/linux/ipc.h
---- linux-2.6.35.4/include/linux/ipc.h 2009-12-03 20:02:55.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/include/linux/ipc.h 2010-08-02 17:05:06.000000000 +0200
-@@ -91,6 +91,7 @@ struct kern_ipc_perm
+diff -NurpP --minimal linux-3.9.4/include/linux/ipc.h linux-3.9.4-vs2.3.6.2/include/linux/ipc.h
+--- linux-3.9.4/include/linux/ipc.h 2012-12-11 03:30:57.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/linux/ipc.h 2013-05-31 14:47:11.000000000 +0000
+@@ -16,6 +16,7 @@ struct kern_ipc_perm
key_t key;
- uid_t uid;
- gid_t gid;
+ kuid_t uid;
+ kgid_t gid;
+ xid_t xid;
- uid_t cuid;
- gid_t cgid;
- mode_t mode;
-diff -NurpP --minimal linux-2.6.35.4/include/linux/Kbuild linux-2.6.35.4-vs2.3.0.36.32/include/linux/Kbuild
---- linux-2.6.35.4/include/linux/Kbuild 2010-09-05 01:41:57.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/include/linux/Kbuild 2010-08-14 18:19:32.000000000 +0200
-@@ -388,5 +388,8 @@ unifdef-y += xattr.h
- unifdef-y += xfrm.h
-
- objhdr-y += version.h
-+
-+header-y += vserver/
- header-y += wimax.h
- header-y += wimax/
-+
-diff -NurpP --minimal linux-2.6.35.4/include/linux/loop.h linux-2.6.35.4-vs2.3.0.36.32/include/linux/loop.h
---- linux-2.6.35.4/include/linux/loop.h 2009-09-10 15:26:25.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/include/linux/loop.h 2010-08-02 17:05:06.000000000 +0200
-@@ -45,6 +45,7 @@ struct loop_device {
+ kuid_t cuid;
+ kgid_t cgid;
+ umode_t mode;
+diff -NurpP --minimal linux-3.9.4/include/linux/loop.h linux-3.9.4-vs2.3.6.2/include/linux/loop.h
+--- linux-3.9.4/include/linux/loop.h 2013-02-19 13:58:51.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/linux/loop.h 2013-05-31 14:47:11.000000000 +0000
+@@ -41,6 +41,7 @@ struct loop_device {
struct loop_func_table *lo_encryption;
__u32 lo_init[2];
- uid_t lo_key_owner; /* Who set the key */
+ kuid_t lo_key_owner; /* Who set the key */
+ xid_t lo_xid;
int (*ioctl)(struct loop_device *, int cmd,
unsigned long arg);
-diff -NurpP --minimal linux-2.6.35.4/include/linux/magic.h linux-2.6.35.4-vs2.3.0.36.32/include/linux/magic.h
---- linux-2.6.35.4/include/linux/magic.h 2010-07-07 18:31:55.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/include/linux/magic.h 2010-08-02 17:05:06.000000000 +0200
-@@ -3,7 +3,7 @@
-
- #define ADFS_SUPER_MAGIC 0xadf5
- #define AFFS_SUPER_MAGIC 0xadff
--#define AFS_SUPER_MAGIC 0x5346414F
-+#define AFS_SUPER_MAGIC 0x5346414F
- #define AUTOFS_SUPER_MAGIC 0x0187
- #define CODA_SUPER_MAGIC 0x73757245
- #define CRAMFS_MAGIC 0x28cd3d45 /* some random number */
-@@ -38,6 +38,7 @@
- #define NFS_SUPER_MAGIC 0x6969
- #define OPENPROM_SUPER_MAGIC 0x9fa1
- #define PROC_SUPER_MAGIC 0x9fa0
-+#define DEVPTS_SUPER_MAGIC 0x1cd1
- #define QNX4_SUPER_MAGIC 0x002f /* qnx4 fs detection */
-
- #define REISERFS_SUPER_MAGIC 0x52654973 /* used by gcc */
-diff -NurpP --minimal linux-2.6.35.4/include/linux/major.h linux-2.6.35.4-vs2.3.0.36.32/include/linux/major.h
---- linux-2.6.35.4/include/linux/major.h 2009-09-10 15:26:25.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/include/linux/major.h 2010-08-02 17:05:06.000000000 +0200
-@@ -15,6 +15,7 @@
- #define HD_MAJOR IDE0_MAJOR
- #define PTY_SLAVE_MAJOR 3
- #define TTY_MAJOR 4
-+#define VROOT_MAJOR 4
- #define TTYAUX_MAJOR 5
- #define LP_MAJOR 6
- #define VCS_MAJOR 7
-diff -NurpP --minimal linux-2.6.35.4/include/linux/memcontrol.h linux-2.6.35.4-vs2.3.0.36.32/include/linux/memcontrol.h
---- linux-2.6.35.4/include/linux/memcontrol.h 2010-08-02 16:52:54.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/include/linux/memcontrol.h 2010-08-02 17:05:06.000000000 +0200
-@@ -77,6 +77,13 @@ int task_in_mem_cgroup(struct task_struc
- extern struct mem_cgroup *try_get_mem_cgroup_from_page(struct page *page);
- extern struct mem_cgroup *mem_cgroup_from_task(struct task_struct *p);
+diff -NurpP --minimal linux-3.9.4/include/linux/memcontrol.h linux-3.9.4-vs2.3.6.2/include/linux/memcontrol.h
+--- linux-3.9.4/include/linux/memcontrol.h 2013-05-31 13:45:28.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/linux/memcontrol.h 2013-05-31 14:47:11.000000000 +0000
+@@ -86,6 +86,13 @@ extern struct mem_cgroup *try_get_mem_cg
+ extern struct mem_cgroup *parent_mem_cgroup(struct mem_cgroup *memcg);
+ extern struct mem_cgroup *mem_cgroup_from_cont(struct cgroup *cont);
+extern u64 mem_cgroup_res_read_u64(struct mem_cgroup *mem, int member);
+extern u64 mem_cgroup_memsw_read_u64(struct mem_cgroup *mem, int member);
+extern s64 mem_cgroup_stat_read_mapped(struct mem_cgroup *mem);
+
static inline
- int mm_match_cgroup(const struct mm_struct *mm, const struct mem_cgroup *cgroup)
+ bool mm_match_cgroup(const struct mm_struct *mm, const struct mem_cgroup *memcg)
{
-diff -NurpP --minimal linux-2.6.35.4/include/linux/mm_types.h linux-2.6.35.4-vs2.3.0.36.32/include/linux/mm_types.h
---- linux-2.6.35.4/include/linux/mm_types.h 2010-09-05 01:41:57.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/include/linux/mm_types.h 2010-09-06 02:59:52.000000000 +0200
-@@ -269,6 +269,7 @@ struct mm_struct {
+diff -NurpP --minimal linux-3.9.4/include/linux/mm_types.h linux-3.9.4-vs2.3.6.2/include/linux/mm_types.h
+--- linux-3.9.4/include/linux/mm_types.h 2013-05-31 13:45:28.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/linux/mm_types.h 2013-05-31 14:47:11.000000000 +0000
+@@ -380,6 +380,7 @@ struct mm_struct {
/* Architecture-specific MM context */
mm_context_t context;
+ struct vx_info *mm_vx_info;
- /* Swap token stuff */
- /*
-diff -NurpP --minimal linux-2.6.35.4/include/linux/mount.h linux-2.6.35.4-vs2.3.0.36.32/include/linux/mount.h
---- linux-2.6.35.4/include/linux/mount.h 2010-07-07 18:31:56.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/include/linux/mount.h 2010-08-02 17:05:06.000000000 +0200
-@@ -47,6 +47,9 @@ struct mnt_namespace;
+ unsigned long flags; /* Must use atomic bitops to access the bits */
+
+diff -NurpP --minimal linux-3.9.4/include/linux/mount.h linux-3.9.4-vs2.3.6.2/include/linux/mount.h
+--- linux-3.9.4/include/linux/mount.h 2013-05-31 13:45:28.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/linux/mount.h 2013-05-31 14:47:11.000000000 +0000
+@@ -49,6 +49,9 @@ struct mnt_namespace;
- #define MNT_INTERNAL 0x4000
+ #define MNT_LOCK_READONLY 0x400000
+#define MNT_TAGID 0x10000
+#define MNT_NOTAG 0x20000
+
struct vfsmount {
- struct list_head mnt_hash;
- struct vfsmount *mnt_parent; /* fs we are mounted on */
-@@ -81,6 +84,7 @@ struct vfsmount {
- #else
- int mnt_writers;
- #endif
-+ tag_t mnt_tag; /* tagging used for vfsmount */
- };
-
- static inline int *get_mnt_writers_ptr(struct vfsmount *mnt)
-diff -NurpP --minimal linux-2.6.35.4/include/linux/net.h linux-2.6.35.4-vs2.3.0.36.32/include/linux/net.h
---- linux-2.6.35.4/include/linux/net.h 2010-08-02 16:52:55.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/include/linux/net.h 2010-08-02 17:05:06.000000000 +0200
-@@ -71,6 +71,7 @@ struct net;
- #define SOCK_NOSPACE 2
+ struct dentry *mnt_root; /* root of the mounted tree */
+ struct super_block *mnt_sb; /* pointer to superblock */
+diff -NurpP --minimal linux-3.9.4/include/linux/net.h linux-3.9.4-vs2.3.6.2/include/linux/net.h
+--- linux-3.9.4/include/linux/net.h 2012-12-11 03:30:57.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/linux/net.h 2013-05-31 14:47:11.000000000 +0000
+@@ -38,6 +38,7 @@ struct net;
#define SOCK_PASSCRED 3
#define SOCK_PASSSEC 4
-+#define SOCK_USER_SOCKET 5
+ #define SOCK_EXTERNALLY_ALLOCATED 5
++#define SOCK_USER_SOCKET 6
#ifndef ARCH_HAS_SOCKET_TYPES
/**
-diff -NurpP --minimal linux-2.6.35.4/include/linux/nfs_mount.h linux-2.6.35.4-vs2.3.0.36.32/include/linux/nfs_mount.h
---- linux-2.6.35.4/include/linux/nfs_mount.h 2009-03-24 14:22:43.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/include/linux/nfs_mount.h 2010-08-02 17:05:06.000000000 +0200
-@@ -63,7 +63,8 @@ struct nfs_mount_data {
- #define NFS_MOUNT_SECFLAVOUR 0x2000 /* 5 */
- #define NFS_MOUNT_NORDIRPLUS 0x4000 /* 5 */
- #define NFS_MOUNT_UNSHARED 0x8000 /* 5 */
--#define NFS_MOUNT_FLAGMASK 0xFFFF
-+#define NFS_MOUNT_TAGGED 0x10000 /* context tagging */
-+#define NFS_MOUNT_FLAGMASK 0x1FFFF
-
- /* The following are for internal use only */
- #define NFS_MOUNT_LOOKUP_CACHE_NONEG 0x10000
-diff -NurpP --minimal linux-2.6.35.4/include/linux/nsproxy.h linux-2.6.35.4-vs2.3.0.36.32/include/linux/nsproxy.h
---- linux-2.6.35.4/include/linux/nsproxy.h 2009-06-11 17:13:17.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/include/linux/nsproxy.h 2010-08-02 17:05:06.000000000 +0200
+diff -NurpP --minimal linux-3.9.4/include/linux/netdevice.h linux-3.9.4-vs2.3.6.2/include/linux/netdevice.h
+--- linux-3.9.4/include/linux/netdevice.h 2013-05-31 13:45:28.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/linux/netdevice.h 2013-05-31 14:47:11.000000000 +0000
+@@ -1688,6 +1688,7 @@ extern void netdev_resync_ops(struct ne
+
+ extern struct net_device *dev_get_by_index(struct net *net, int ifindex);
+ extern struct net_device *__dev_get_by_index(struct net *net, int ifindex);
++extern struct net_device *dev_get_by_index_real_rcu(struct net *net, int ifindex);
+ extern struct net_device *dev_get_by_index_rcu(struct net *net, int ifindex);
+ extern int dev_restart(struct net_device *dev);
+ #ifdef CONFIG_NETPOLL_TRAP
+diff -NurpP --minimal linux-3.9.4/include/linux/nsproxy.h linux-3.9.4-vs2.3.6.2/include/linux/nsproxy.h
+--- linux-3.9.4/include/linux/nsproxy.h 2013-02-19 13:58:51.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/linux/nsproxy.h 2013-05-31 17:17:53.000000000 +0000
@@ -3,6 +3,7 @@
#include <linux/spinlock.h>
struct mnt_namespace;
struct uts_namespace;
-@@ -63,22 +64,33 @@ static inline struct nsproxy *task_nspro
+@@ -63,6 +64,7 @@ static inline struct nsproxy *task_nspro
}
int copy_namespaces(unsigned long flags, struct task_struct *tsk);
void exit_task_namespaces(struct task_struct *tsk);
void switch_task_namespaces(struct task_struct *tsk, struct nsproxy *new);
void free_nsproxy(struct nsproxy *ns);
- int unshare_nsproxy_namespaces(unsigned long, struct nsproxy **,
- struct fs_struct *);
+@@ -70,16 +72,26 @@ int unshare_nsproxy_namespaces(unsigned
+ struct cred *, struct fs_struct *);
+ int __init nsproxy_cache_init(void);
-static inline void put_nsproxy(struct nsproxy *ns)
+#define get_nsproxy(n) __get_nsproxy(n, __FILE__, __LINE__)
+ }
}
- #ifdef CONFIG_CGROUP_NS
-diff -NurpP --minimal linux-2.6.35.4/include/linux/pid.h linux-2.6.35.4-vs2.3.0.36.32/include/linux/pid.h
---- linux-2.6.35.4/include/linux/pid.h 2009-03-24 14:22:43.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/include/linux/pid.h 2010-08-02 17:05:06.000000000 +0200
+ #endif
+diff -NurpP --minimal linux-3.9.4/include/linux/pid.h linux-3.9.4-vs2.3.6.2/include/linux/pid.h
+--- linux-3.9.4/include/linux/pid.h 2013-05-31 13:45:28.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/linux/pid.h 2013-05-31 14:47:11.000000000 +0000
@@ -8,7 +8,8 @@ enum pid_type
PIDTYPE_PID,
PIDTYPE_PGID,
};
/*
-@@ -160,6 +161,7 @@ static inline pid_t pid_nr(struct pid *p
+@@ -172,6 +173,7 @@ static inline pid_t pid_nr(struct pid *p
}
pid_t pid_nr_ns(struct pid *pid, struct pid_namespace *ns);
pid_t pid_vnr(struct pid *pid);
#define do_each_pid_task(pid, type, task) \
-diff -NurpP --minimal linux-2.6.35.4/include/linux/proc_fs.h linux-2.6.35.4-vs2.3.0.36.32/include/linux/proc_fs.h
---- linux-2.6.35.4/include/linux/proc_fs.h 2009-12-03 20:02:56.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/include/linux/proc_fs.h 2010-08-02 17:05:06.000000000 +0200
-@@ -56,6 +56,7 @@ struct proc_dir_entry {
+diff -NurpP --minimal linux-3.9.4/include/linux/proc_fs.h linux-3.9.4-vs2.3.6.2/include/linux/proc_fs.h
+--- linux-3.9.4/include/linux/proc_fs.h 2013-05-31 13:45:28.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/linux/proc_fs.h 2013-05-31 14:47:11.000000000 +0000
+@@ -58,6 +58,7 @@ struct proc_dir_entry {
nlink_t nlink;
- uid_t uid;
- gid_t gid;
+ kuid_t uid;
+ kgid_t gid;
+ int vx_flags;
loff_t size;
const struct inode_operations *proc_iops;
/*
-@@ -250,12 +251,18 @@ kclist_add(struct kcore_list *new, void
- extern void kclist_add(struct kcore_list *, void *, size_t, int type);
- #endif
+@@ -274,12 +275,18 @@ extern const struct proc_ns_operations p
+ extern const struct proc_ns_operations userns_operations;
+ extern const struct proc_ns_operations mntns_operations;
+struct vx_info;
+struct nx_info;
+
union proc_op {
- int (*proc_get_link)(struct inode *, struct path *);
+ int (*proc_get_link)(struct dentry *, struct path *);
int (*proc_read)(struct task_struct *task, char *page);
int (*proc_show)(struct seq_file *m,
struct pid_namespace *ns, struct pid *pid,
};
struct ctl_table_header;
-@@ -263,6 +270,7 @@ struct ctl_table;
+@@ -287,6 +294,7 @@ struct ctl_table;
struct proc_inode {
struct pid *pid;
int fd;
union proc_op op;
struct proc_dir_entry *pde;
-diff -NurpP --minimal linux-2.6.35.4/include/linux/quotaops.h linux-2.6.35.4-vs2.3.0.36.32/include/linux/quotaops.h
---- linux-2.6.35.4/include/linux/quotaops.h 2010-08-02 16:52:55.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/include/linux/quotaops.h 2010-08-02 22:35:47.000000000 +0200
+diff -NurpP --minimal linux-3.9.4/include/linux/quotaops.h linux-3.9.4-vs2.3.6.2/include/linux/quotaops.h
+--- linux-3.9.4/include/linux/quotaops.h 2012-12-11 03:30:57.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/linux/quotaops.h 2013-05-31 14:47:11.000000000 +0000
@@ -8,6 +8,7 @@
#define _LINUX_QUOTAOPS_
#define DQUOT_SPACE_WARN 0x1
#define DQUOT_SPACE_RESERVE 0x2
-@@ -209,11 +210,12 @@ static inline void dquot_drop(struct ino
+@@ -205,11 +206,12 @@ static inline void dquot_drop(struct ino
static inline int dquot_alloc_inode(const struct inode *inode)
{
}
static inline int dquot_transfer(struct inode *inode, struct iattr *iattr)
-@@ -224,6 +226,10 @@ static inline int dquot_transfer(struct
+@@ -220,6 +222,10 @@ static inline int dquot_transfer(struct
static inline int __dquot_alloc_space(struct inode *inode, qsize_t number,
int flags)
{
if (!(flags & DQUOT_SPACE_RESERVE))
inode_add_bytes(inode, number);
return 0;
-@@ -234,6 +240,7 @@ static inline void __dquot_free_space(st
+@@ -230,6 +236,7 @@ static inline void __dquot_free_space(st
{
if (!(flags & DQUOT_SPACE_RESERVE))
inode_sub_bytes(inode, number);
}
static inline int dquot_claim_space_nodirty(struct inode *inode, qsize_t number)
-diff -NurpP --minimal linux-2.6.35.4/include/linux/reboot.h linux-2.6.35.4-vs2.3.0.36.32/include/linux/reboot.h
---- linux-2.6.35.4/include/linux/reboot.h 2010-07-07 18:31:56.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/include/linux/reboot.h 2010-08-02 17:05:06.000000000 +0200
-@@ -33,6 +33,7 @@
- #define LINUX_REBOOT_CMD_RESTART2 0xA1B2C3D4
- #define LINUX_REBOOT_CMD_SW_SUSPEND 0xD000FCE2
- #define LINUX_REBOOT_CMD_KEXEC 0x45584543
-+#define LINUX_REBOOT_CMD_OOM 0xDEADBEEF
-
-
- #ifdef __KERNEL__
-diff -NurpP --minimal linux-2.6.35.4/include/linux/reiserfs_fs.h linux-2.6.35.4-vs2.3.0.36.32/include/linux/reiserfs_fs.h
---- linux-2.6.35.4/include/linux/reiserfs_fs.h 2010-07-07 18:31:56.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/include/linux/reiserfs_fs.h 2010-08-02 17:05:06.000000000 +0200
-@@ -977,6 +977,11 @@ struct stat_data_v1 {
- #define REISERFS_COMPR_FL FS_COMPR_FL
- #define REISERFS_NOTAIL_FL FS_NOTAIL_FL
-
-+/* unfortunately reiserfs sdattr is only 16 bit */
-+#define REISERFS_IXUNLINK_FL (FS_IXUNLINK_FL >> 16)
-+#define REISERFS_BARRIER_FL (FS_BARRIER_FL >> 16)
-+#define REISERFS_COW_FL (FS_COW_FL >> 16)
-+
- /* persistent flags that file inherits from the parent directory */
- #define REISERFS_INHERIT_MASK ( REISERFS_IMMUTABLE_FL | \
- REISERFS_SYNC_FL | \
-@@ -986,6 +991,9 @@ struct stat_data_v1 {
- REISERFS_COMPR_FL | \
- REISERFS_NOTAIL_FL )
-
-+#define REISERFS_FL_USER_VISIBLE 0x80FF
-+#define REISERFS_FL_USER_MODIFIABLE 0x80FF
-+
- /* Stat Data on disk (reiserfs version of UFS disk inode minus the
- address blocks) */
- struct stat_data {
-@@ -2071,6 +2079,7 @@ static inline void reiserfs_update_sd(st
- void sd_attrs_to_i_attrs(__u16 sd_attrs, struct inode *inode);
- void i_attrs_to_sd_attrs(struct inode *inode, __u16 * sd_attrs);
- int reiserfs_setattr(struct dentry *dentry, struct iattr *attr);
-+int reiserfs_sync_flags(struct inode *inode, int, int);
-
- /* namei.c */
- void set_de_name_and_namelen(struct reiserfs_dir_entry *de);
-diff -NurpP --minimal linux-2.6.35.4/include/linux/reiserfs_fs_sb.h linux-2.6.35.4-vs2.3.0.36.32/include/linux/reiserfs_fs_sb.h
---- linux-2.6.35.4/include/linux/reiserfs_fs_sb.h 2010-02-25 11:52:07.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/include/linux/reiserfs_fs_sb.h 2010-08-02 17:05:06.000000000 +0200
-@@ -476,6 +476,7 @@ enum reiserfs_mount_options {
- REISERFS_EXPOSE_PRIVROOT,
- REISERFS_BARRIER_NONE,
- REISERFS_BARRIER_FLUSH,
-+ REISERFS_TAGGED,
-
- /* Actions on error */
- REISERFS_ERROR_PANIC,
-diff -NurpP --minimal linux-2.6.35.4/include/linux/sched.h linux-2.6.35.4-vs2.3.0.36.32/include/linux/sched.h
---- linux-2.6.35.4/include/linux/sched.h 2010-09-05 01:41:57.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/include/linux/sched.h 2010-08-14 18:19:32.000000000 +0200
-@@ -1343,6 +1343,14 @@ struct task_struct {
+diff -NurpP --minimal linux-3.9.4/include/linux/sched.h linux-3.9.4-vs2.3.6.2/include/linux/sched.h
+--- linux-3.9.4/include/linux/sched.h 2013-05-31 14:22:27.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/linux/sched.h 2013-05-31 14:47:11.000000000 +0000
+@@ -1398,6 +1398,14 @@ struct task_struct {
#endif
- seccomp_t seccomp;
+ struct seccomp seccomp;
+/* vserver context data */
+ struct vx_info *vx_info;
/* Thread group tracking */
u32 parent_exec_id;
u32 self_exec_id;
-@@ -1577,6 +1585,11 @@ struct pid_namespace;
+@@ -1637,6 +1645,11 @@ struct pid_namespace;
pid_t __task_pid_nr_ns(struct task_struct *task, enum pid_type type,
struct pid_namespace *ns);
static inline pid_t task_pid_nr(struct task_struct *tsk)
{
return tsk->pid;
-@@ -1590,7 +1603,8 @@ static inline pid_t task_pid_nr_ns(struc
+@@ -1650,7 +1663,8 @@ static inline pid_t task_pid_nr_ns(struc
static inline pid_t task_pid_vnr(struct task_struct *tsk)
{
}
-@@ -1603,7 +1617,7 @@ pid_t task_tgid_nr_ns(struct task_struct
+@@ -1663,7 +1677,7 @@ pid_t task_tgid_nr_ns(struct task_struct
static inline pid_t task_tgid_vnr(struct task_struct *tsk)
{
}
-diff -NurpP --minimal linux-2.6.35.4/include/linux/shmem_fs.h linux-2.6.35.4-vs2.3.0.36.32/include/linux/shmem_fs.h
---- linux-2.6.35.4/include/linux/shmem_fs.h 2010-02-25 11:52:08.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/include/linux/shmem_fs.h 2010-08-02 17:05:06.000000000 +0200
-@@ -8,6 +8,9 @@
+diff -NurpP --minimal linux-3.9.4/include/linux/shmem_fs.h linux-3.9.4-vs2.3.6.2/include/linux/shmem_fs.h
+--- linux-3.9.4/include/linux/shmem_fs.h 2012-12-11 03:30:57.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/linux/shmem_fs.h 2013-05-31 14:47:11.000000000 +0000
+@@ -9,6 +9,9 @@
- #define SHMEM_NR_DIRECT 16
+ /* inode in-kernel data */
+#define TMPFS_SUPER_MAGIC 0x01021994
+
struct shmem_inode_info {
spinlock_t lock;
unsigned long flags;
-diff -NurpP --minimal linux-2.6.35.4/include/linux/stat.h linux-2.6.35.4-vs2.3.0.36.32/include/linux/stat.h
---- linux-2.6.35.4/include/linux/stat.h 2008-12-25 00:26:37.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/include/linux/stat.h 2010-08-02 17:05:06.000000000 +0200
-@@ -66,6 +66,7 @@ struct kstat {
+diff -NurpP --minimal linux-3.9.4/include/linux/stat.h linux-3.9.4-vs2.3.6.2/include/linux/stat.h
+--- linux-3.9.4/include/linux/stat.h 2012-12-11 03:30:57.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/linux/stat.h 2013-06-01 08:53:13.000000000 +0000
+@@ -25,6 +25,7 @@ struct kstat {
unsigned int nlink;
- uid_t uid;
- gid_t gid;
-+ tag_t tag;
+ kuid_t uid;
+ kgid_t gid;
++ ktag_t tag;
dev_t rdev;
loff_t size;
struct timespec atime;
-diff -NurpP --minimal linux-2.6.35.4/include/linux/sunrpc/auth.h linux-2.6.35.4-vs2.3.0.36.32/include/linux/sunrpc/auth.h
---- linux-2.6.35.4/include/linux/sunrpc/auth.h 2010-08-02 16:52:56.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/include/linux/sunrpc/auth.h 2010-08-02 17:05:06.000000000 +0200
-@@ -25,6 +25,7 @@
+diff -NurpP --minimal linux-3.9.4/include/linux/sunrpc/auth.h linux-3.9.4-vs2.3.6.2/include/linux/sunrpc/auth.h
+--- linux-3.9.4/include/linux/sunrpc/auth.h 2013-05-31 13:45:28.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/linux/sunrpc/auth.h 2013-05-31 14:52:57.000000000 +0000
+@@ -26,6 +26,7 @@
struct auth_cred {
- uid_t uid;
- gid_t gid;
-+ tag_t tag;
+ kuid_t uid;
+ kgid_t gid;
++ ktag_t tag;
struct group_info *group_info;
+ const char *principal;
unsigned char machine_cred : 1;
- };
-diff -NurpP --minimal linux-2.6.35.4/include/linux/sunrpc/clnt.h linux-2.6.35.4-vs2.3.0.36.32/include/linux/sunrpc/clnt.h
---- linux-2.6.35.4/include/linux/sunrpc/clnt.h 2009-12-03 20:02:56.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/include/linux/sunrpc/clnt.h 2010-08-02 17:05:06.000000000 +0200
+diff -NurpP --minimal linux-3.9.4/include/linux/sunrpc/clnt.h linux-3.9.4-vs2.3.6.2/include/linux/sunrpc/clnt.h
+--- linux-3.9.4/include/linux/sunrpc/clnt.h 2013-05-31 13:45:28.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/linux/sunrpc/clnt.h 2013-05-31 14:47:11.000000000 +0000
@@ -49,7 +49,8 @@ struct rpc_clnt {
unsigned int cl_softrtry : 1,/* soft timeouts */
cl_discrtry : 1,/* disconnect before retry */
struct rpc_rtt * cl_rtt; /* RTO estimator data */
const struct rpc_timeout *cl_timeout; /* Timeout strategy */
-diff -NurpP --minimal linux-2.6.35.4/include/linux/syscalls.h linux-2.6.35.4-vs2.3.0.36.32/include/linux/syscalls.h
---- linux-2.6.35.4/include/linux/syscalls.h 2010-08-02 16:52:56.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/include/linux/syscalls.h 2010-08-02 17:05:06.000000000 +0200
-@@ -479,6 +479,8 @@ asmlinkage long sys_symlink(const char _
- asmlinkage long sys_unlink(const char __user *pathname);
- asmlinkage long sys_rename(const char __user *oldname,
- const char __user *newname);
-+asmlinkage long sys_copyfile(const char __user *from, const char __user *to,
-+ umode_t mode);
- asmlinkage long sys_chmod(const char __user *filename, mode_t mode);
- asmlinkage long sys_fchmod(unsigned int fd, mode_t mode);
-
-diff -NurpP --minimal linux-2.6.35.4/include/linux/sysctl.h linux-2.6.35.4-vs2.3.0.36.32/include/linux/sysctl.h
---- linux-2.6.35.4/include/linux/sysctl.h 2010-08-02 16:52:56.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/include/linux/sysctl.h 2010-08-02 17:05:06.000000000 +0200
-@@ -60,6 +60,7 @@ enum
- CTL_ABI=9, /* Binary emulation */
- CTL_CPU=10, /* CPU stuff (speed scaling, etc) */
- CTL_ARLAN=254, /* arlan wireless driver */
-+ CTL_VSERVER=4242, /* Linux-VServer debug */
- CTL_S390DBF=5677, /* s390 debug */
- CTL_SUNRPC=7249, /* sunrpc debug */
- CTL_PM=9899, /* frv power management */
-@@ -94,6 +95,7 @@ enum
-
- KERN_PANIC=15, /* int: panic timeout */
- KERN_REALROOTDEV=16, /* real root device to mount after initrd */
-+ KERN_VSHELPER=17, /* string: path to vshelper policy agent */
-
- KERN_SPARC_REBOOT=21, /* reboot command on Sparc */
- KERN_CTLALTDEL=22, /* int: allow ctl-alt-del to reboot */
-diff -NurpP --minimal linux-2.6.35.4/include/linux/sysfs.h linux-2.6.35.4-vs2.3.0.36.32/include/linux/sysfs.h
---- linux-2.6.35.4/include/linux/sysfs.h 2010-08-02 16:52:56.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/include/linux/sysfs.h 2010-08-02 17:05:06.000000000 +0200
-@@ -18,6 +18,8 @@
- #include <linux/lockdep.h>
- #include <asm/atomic.h>
+diff -NurpP --minimal linux-3.9.4/include/linux/sysfs.h linux-3.9.4-vs2.3.6.2/include/linux/sysfs.h
+--- linux-3.9.4/include/linux/sysfs.h 2013-05-31 13:45:28.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/linux/sysfs.h 2013-05-31 14:47:11.000000000 +0000
+@@ -19,6 +19,8 @@
+ #include <linux/kobject_ns.h>
+ #include <linux/atomic.h>
+#define SYSFS_SUPER_MAGIC 0x62656572
+
struct kobject;
struct module;
enum kobj_ns_type;
-diff -NurpP --minimal linux-2.6.35.4/include/linux/time.h linux-2.6.35.4-vs2.3.0.36.32/include/linux/time.h
---- linux-2.6.35.4/include/linux/time.h 2010-08-02 16:52:56.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/include/linux/time.h 2010-08-02 17:05:06.000000000 +0200
-@@ -237,6 +237,9 @@ static __always_inline void timespec_add
- a->tv_sec += __iter_div_u64_rem(a->tv_nsec + ns, NSEC_PER_SEC, &ns);
- a->tv_nsec = ns;
- }
-+
-+#include <linux/vs_time.h>
-+
- #endif /* __KERNEL__ */
-
- #define NFDBITS __NFDBITS
-diff -NurpP --minimal linux-2.6.35.4/include/linux/types.h linux-2.6.35.4-vs2.3.0.36.32/include/linux/types.h
---- linux-2.6.35.4/include/linux/types.h 2010-08-02 16:52:56.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/include/linux/types.h 2010-08-02 17:05:06.000000000 +0200
-@@ -37,6 +37,9 @@ typedef __kernel_uid32_t uid_t;
+diff -NurpP --minimal linux-3.9.4/include/linux/types.h linux-3.9.4-vs2.3.6.2/include/linux/types.h
+--- linux-3.9.4/include/linux/types.h 2013-02-19 13:58:52.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/linux/types.h 2013-05-31 14:47:11.000000000 +0000
+@@ -32,6 +32,9 @@ typedef __kernel_uid32_t uid_t;
typedef __kernel_gid32_t gid_t;
typedef __kernel_uid16_t uid16_t;
typedef __kernel_gid16_t gid16_t;
typedef unsigned long uintptr_t;
-diff -NurpP --minimal linux-2.6.35.4/include/linux/vroot.h linux-2.6.35.4-vs2.3.0.36.32/include/linux/vroot.h
---- linux-2.6.35.4/include/linux/vroot.h 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/include/linux/vroot.h 2010-08-02 17:05:06.000000000 +0200
-@@ -0,0 +1,51 @@
+diff -NurpP --minimal linux-3.9.4/include/linux/uidgid.h linux-3.9.4-vs2.3.6.2/include/linux/uidgid.h
+--- linux-3.9.4/include/linux/uidgid.h 2012-12-11 03:30:57.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/linux/uidgid.h 2013-05-31 14:47:11.000000000 +0000
+@@ -23,13 +23,17 @@ typedef struct {
+ uid_t val;
+ } kuid_t;
+
+-
+ typedef struct {
+ gid_t val;
+ } kgid_t;
+
++typedef struct {
++ tag_t val;
++} ktag_t;
+
-+/*
-+ * include/linux/vroot.h
-+ *
-+ * written by Herbert Pötzl, 9/11/2002
-+ * ported to 2.6 by Herbert Pötzl, 30/12/2004
-+ *
-+ * Copyright (C) 2002-2007 by Herbert Pötzl.
-+ * Redistribution of this file is permitted under the
-+ * GNU General Public License.
-+ */
+ #define KUIDT_INIT(value) (kuid_t){ value }
+ #define KGIDT_INIT(value) (kgid_t){ value }
++#define KTAGT_INIT(value) (ktag_t){ value }
+
+ static inline uid_t __kuid_val(kuid_t uid)
+ {
+@@ -41,10 +45,16 @@ static inline gid_t __kgid_val(kgid_t gi
+ return gid.val;
+ }
+
++static inline tag_t __ktag_val(ktag_t tag)
++{
++ return tag.val;
++}
+
-+#ifndef _LINUX_VROOT_H
-+#define _LINUX_VROOT_H
+ #else
+
+ typedef uid_t kuid_t;
+ typedef gid_t kgid_t;
++typedef tag_t ktag_t;
+
+ static inline uid_t __kuid_val(kuid_t uid)
+ {
+@@ -56,16 +66,24 @@ static inline gid_t __kgid_val(kgid_t gi
+ return gid;
+ }
+
++static inline tag_t __ktag_val(ktag_t tag)
++{
++ return tag;
++}
+
+ #define KUIDT_INIT(value) ((kuid_t) value )
+ #define KGIDT_INIT(value) ((kgid_t) value )
++#define KTAGT_INIT(value) ((ktag_t) value )
+
+ #endif
+
+ #define GLOBAL_ROOT_UID KUIDT_INIT(0)
+ #define GLOBAL_ROOT_GID KGIDT_INIT(0)
++#define GLOBAL_ROOT_TAG KTAGT_INIT(0)
+
+ #define INVALID_UID KUIDT_INIT(-1)
+ #define INVALID_GID KGIDT_INIT(-1)
++#define INVALID_TAG KTAGT_INIT(-1)
+
+ static inline bool uid_eq(kuid_t left, kuid_t right)
+ {
+@@ -77,6 +95,11 @@ static inline bool gid_eq(kgid_t left, k
+ return __kgid_val(left) == __kgid_val(right);
+ }
+
++static inline bool tag_eq(ktag_t left, ktag_t right)
++{
++ return __ktag_val(left) == __ktag_val(right);
++}
+
-+#ifdef __KERNEL__
+ static inline bool uid_gt(kuid_t left, kuid_t right)
+ {
+ return __kuid_val(left) > __kuid_val(right);
+@@ -127,13 +150,21 @@ static inline bool gid_valid(kgid_t gid)
+ return !gid_eq(gid, INVALID_GID);
+ }
+
++static inline bool tag_valid(ktag_t tag)
++{
++ return !tag_eq(tag, INVALID_TAG);
++}
++
+ #ifdef CONFIG_USER_NS
+
+ extern kuid_t make_kuid(struct user_namespace *from, uid_t uid);
+ extern kgid_t make_kgid(struct user_namespace *from, gid_t gid);
++extern krag_t make_ktag(struct user_namespace *from, gid_t gid);
+
+ extern uid_t from_kuid(struct user_namespace *to, kuid_t uid);
+ extern gid_t from_kgid(struct user_namespace *to, kgid_t gid);
++extern tag_t from_ktag(struct user_namespace *to, ktag_t tag);
++
+ extern uid_t from_kuid_munged(struct user_namespace *to, kuid_t uid);
+ extern gid_t from_kgid_munged(struct user_namespace *to, kgid_t gid);
+
+@@ -159,6 +190,11 @@ static inline kgid_t make_kgid(struct us
+ return KGIDT_INIT(gid);
+ }
+
++static inline ktag_t make_ktag(struct user_namespace *from, tag_t tag)
++{
++ return KTAGT_INIT(tag);
++}
++
+ static inline uid_t from_kuid(struct user_namespace *to, kuid_t kuid)
+ {
+ return __kuid_val(kuid);
+@@ -169,6 +205,11 @@ static inline gid_t from_kgid(struct use
+ return __kgid_val(kgid);
+ }
+
++static inline tag_t from_ktag(struct user_namespace *to, ktag_t ktag)
++{
++ return __ktag_val(ktag);
++}
++
+ static inline uid_t from_kuid_munged(struct user_namespace *to, kuid_t kuid)
+ {
+ uid_t uid = from_kuid(to, kuid);
+diff -NurpP --minimal linux-3.9.4/include/linux/vroot.h linux-3.9.4-vs2.3.6.2/include/linux/vroot.h
+--- linux-3.9.4/include/linux/vroot.h 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/linux/vroot.h 2013-05-31 14:47:11.000000000 +0000
+@@ -0,0 +1,51 @@
++
++/*
++ * include/linux/vroot.h
++ *
++ * written by Herbert Pötzl, 9/11/2002
++ * ported to 2.6 by Herbert Pötzl, 30/12/2004
++ *
++ * Copyright (C) 2002-2007 by Herbert Pötzl.
++ * Redistribution of this file is permitted under the
++ * GNU General Public License.
++ */
++
++#ifndef _LINUX_VROOT_H
++#define _LINUX_VROOT_H
++
++
++#ifdef __KERNEL__
+
+/* Possible states of device */
+enum {
+#define VROOT_CLR_DEV 0x5601
+
+#endif /* _LINUX_VROOT_H */
-diff -NurpP --minimal linux-2.6.35.4/include/linux/vs_base.h linux-2.6.35.4-vs2.3.0.36.32/include/linux/vs_base.h
---- linux-2.6.35.4/include/linux/vs_base.h 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/include/linux/vs_base.h 2010-08-02 17:05:06.000000000 +0200
+diff -NurpP --minimal linux-3.9.4/include/linux/vs_base.h linux-3.9.4-vs2.3.6.2/include/linux/vs_base.h
+--- linux-3.9.4/include/linux/vs_base.h 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/linux/vs_base.h 2013-05-31 14:47:11.000000000 +0000
@@ -0,0 +1,10 @@
+#ifndef _VS_BASE_H
+#define _VS_BASE_H
+#else
+#warning duplicate inclusion
+#endif
-diff -NurpP --minimal linux-2.6.35.4/include/linux/vs_context.h linux-2.6.35.4-vs2.3.0.36.32/include/linux/vs_context.h
---- linux-2.6.35.4/include/linux/vs_context.h 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/include/linux/vs_context.h 2010-08-02 17:05:06.000000000 +0200
+diff -NurpP --minimal linux-3.9.4/include/linux/vs_context.h linux-3.9.4-vs2.3.6.2/include/linux/vs_context.h
+--- linux-3.9.4/include/linux/vs_context.h 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/linux/vs_context.h 2013-05-31 14:47:11.000000000 +0000
@@ -0,0 +1,242 @@
+#ifndef _VS_CONTEXT_H
+#define _VS_CONTEXT_H
+#else
+#warning duplicate inclusion
+#endif
-diff -NurpP --minimal linux-2.6.35.4/include/linux/vs_cowbl.h linux-2.6.35.4-vs2.3.0.36.32/include/linux/vs_cowbl.h
---- linux-2.6.35.4/include/linux/vs_cowbl.h 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/include/linux/vs_cowbl.h 2010-08-02 21:01:17.000000000 +0200
+diff -NurpP --minimal linux-3.9.4/include/linux/vs_cowbl.h linux-3.9.4-vs2.3.6.2/include/linux/vs_cowbl.h
+--- linux-3.9.4/include/linux/vs_cowbl.h 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/linux/vs_cowbl.h 2013-05-31 14:47:11.000000000 +0000
@@ -0,0 +1,48 @@
+#ifndef _VS_COWBL_H
+#define _VS_COWBL_H
+#else
+#warning duplicate inclusion
+#endif
-diff -NurpP --minimal linux-2.6.35.4/include/linux/vs_cvirt.h linux-2.6.35.4-vs2.3.0.36.32/include/linux/vs_cvirt.h
---- linux-2.6.35.4/include/linux/vs_cvirt.h 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/include/linux/vs_cvirt.h 2010-08-02 17:05:06.000000000 +0200
+diff -NurpP --minimal linux-3.9.4/include/linux/vs_cvirt.h linux-3.9.4-vs2.3.6.2/include/linux/vs_cvirt.h
+--- linux-3.9.4/include/linux/vs_cvirt.h 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/linux/vs_cvirt.h 2013-05-31 14:47:11.000000000 +0000
@@ -0,0 +1,50 @@
+#ifndef _VS_CVIRT_H
+#define _VS_CVIRT_H
+#else
+#warning duplicate inclusion
+#endif
-diff -NurpP --minimal linux-2.6.35.4/include/linux/vs_device.h linux-2.6.35.4-vs2.3.0.36.32/include/linux/vs_device.h
---- linux-2.6.35.4/include/linux/vs_device.h 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/include/linux/vs_device.h 2010-08-02 17:05:06.000000000 +0200
+diff -NurpP --minimal linux-3.9.4/include/linux/vs_device.h linux-3.9.4-vs2.3.6.2/include/linux/vs_device.h
+--- linux-3.9.4/include/linux/vs_device.h 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/linux/vs_device.h 2013-05-31 14:47:11.000000000 +0000
@@ -0,0 +1,45 @@
+#ifndef _VS_DEVICE_H
+#define _VS_DEVICE_H
+#else
+#warning duplicate inclusion
+#endif
-diff -NurpP --minimal linux-2.6.35.4/include/linux/vs_dlimit.h linux-2.6.35.4-vs2.3.0.36.32/include/linux/vs_dlimit.h
---- linux-2.6.35.4/include/linux/vs_dlimit.h 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/include/linux/vs_dlimit.h 2010-08-02 22:21:17.000000000 +0200
+diff -NurpP --minimal linux-3.9.4/include/linux/vs_dlimit.h linux-3.9.4-vs2.3.6.2/include/linux/vs_dlimit.h
+--- linux-3.9.4/include/linux/vs_dlimit.h 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/linux/vs_dlimit.h 2013-05-31 14:47:11.000000000 +0000
@@ -0,0 +1,215 @@
+#ifndef _VS_DLIMIT_H
+#define _VS_DLIMIT_H
+}
+
+#define dl_prealloc_space(in, bytes) \
-+ __dl_alloc_space((in)->i_sb, (in)->i_tag, (dlsize_t)(bytes), \
++ __dl_alloc_space((in)->i_sb, i_tag_read(in), (dlsize_t)(bytes), \
+ __FILE__, __LINE__ )
+
+#define dl_alloc_space(in, bytes) \
-+ __dl_alloc_space((in)->i_sb, (in)->i_tag, (dlsize_t)(bytes), \
++ __dl_alloc_space((in)->i_sb, i_tag_read(in), (dlsize_t)(bytes), \
+ __FILE__, __LINE__ )
+
+#define dl_reserve_space(in, bytes) \
-+ __dl_alloc_space((in)->i_sb, (in)->i_tag, (dlsize_t)(bytes), \
++ __dl_alloc_space((in)->i_sb, i_tag_read(in), (dlsize_t)(bytes), \
+ __FILE__, __LINE__ )
+
+#define dl_claim_space(in, bytes) (0)
+
+#define dl_release_space(in, bytes) \
-+ __dl_free_space((in)->i_sb, (in)->i_tag, (dlsize_t)(bytes), \
++ __dl_free_space((in)->i_sb, i_tag_read(in), (dlsize_t)(bytes), \
+ __FILE__, __LINE__ )
+
+#define dl_free_space(in, bytes) \
-+ __dl_free_space((in)->i_sb, (in)->i_tag, (dlsize_t)(bytes), \
++ __dl_free_space((in)->i_sb, i_tag_read(in), (dlsize_t)(bytes), \
+ __FILE__, __LINE__ )
+
+
+
+#define dl_alloc_inode(in) \
-+ __dl_alloc_inode((in)->i_sb, (in)->i_tag, __FILE__, __LINE__ )
++ __dl_alloc_inode((in)->i_sb, i_tag_read(in), __FILE__, __LINE__ )
+
+#define dl_free_inode(in) \
-+ __dl_free_inode((in)->i_sb, (in)->i_tag, __FILE__, __LINE__ )
++ __dl_free_inode((in)->i_sb, i_tag_read(in), __FILE__, __LINE__ )
+
+
+#define dl_adjust_block(sb, tag, fb, rb) \
+#else
+#warning duplicate inclusion
+#endif
-diff -NurpP --minimal linux-2.6.35.4/include/linux/vserver/base.h linux-2.6.35.4-vs2.3.0.36.32/include/linux/vserver/base.h
---- linux-2.6.35.4/include/linux/vserver/base.h 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/include/linux/vserver/base.h 2010-08-02 17:05:06.000000000 +0200
-@@ -0,0 +1,170 @@
-+#ifndef _VX_BASE_H
-+#define _VX_BASE_H
-+
-+
-+/* context state changes */
+diff -NurpP --minimal linux-3.9.4/include/linux/vs_inet.h linux-3.9.4-vs2.3.6.2/include/linux/vs_inet.h
+--- linux-3.9.4/include/linux/vs_inet.h 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/linux/vs_inet.h 2013-05-31 14:47:11.000000000 +0000
+@@ -0,0 +1,364 @@
++#ifndef _VS_INET_H
++#define _VS_INET_H
+
-+enum {
-+ VSC_STARTUP = 1,
-+ VSC_SHUTDOWN,
++#include "vserver/base.h"
++#include "vserver/network.h"
++#include "vserver/debug.h"
+
-+ VSC_NETUP,
-+ VSC_NETDOWN,
-+};
++#define IPI_LOOPBACK htonl(INADDR_LOOPBACK)
+
++#define NXAV4(a) NIPQUAD((a)->ip[0]), NIPQUAD((a)->ip[1]), \
++ NIPQUAD((a)->mask), (a)->type
++#define NXAV4_FMT "[" NIPQUAD_FMT "-" NIPQUAD_FMT "/" NIPQUAD_FMT ":%04x]"
+
++#define NIPQUAD(addr) \
++ ((unsigned char *)&addr)[0], \
++ ((unsigned char *)&addr)[1], \
++ ((unsigned char *)&addr)[2], \
++ ((unsigned char *)&addr)[3]
+
-+#define vx_task_xid(t) ((t)->xid)
++#define NIPQUAD_FMT "%u.%u.%u.%u"
+
-+#define vx_current_xid() vx_task_xid(current)
+
-+#define current_vx_info() (current->vx_info)
++static inline
++int v4_addr_match(struct nx_addr_v4 *nxa, __be32 addr, uint16_t tmask)
++{
++ __be32 ip = nxa->ip[0].s_addr;
++ __be32 mask = nxa->mask.s_addr;
++ __be32 bcast = ip | ~mask;
++ int ret = 0;
+
++ switch (nxa->type & tmask) {
++ case NXA_TYPE_MASK:
++ ret = (ip == (addr & mask));
++ break;
++ case NXA_TYPE_ADDR:
++ ret = 3;
++ if (addr == ip)
++ break;
++ /* fall through to broadcast */
++ case NXA_MOD_BCAST:
++ ret = ((tmask & NXA_MOD_BCAST) && (addr == bcast));
++ break;
++ case NXA_TYPE_RANGE:
++ ret = ((nxa->ip[0].s_addr <= addr) &&
++ (nxa->ip[1].s_addr > addr));
++ break;
++ case NXA_TYPE_ANY:
++ ret = 2;
++ break;
++ }
+
-+#define nx_task_nid(t) ((t)->nid)
++ vxdprintk(VXD_CBIT(net, 0),
++ "v4_addr_match(%p" NXAV4_FMT "," NIPQUAD_FMT ",%04x) = %d",
++ nxa, NXAV4(nxa), NIPQUAD(addr), tmask, ret);
++ return ret;
++}
+
-+#define nx_current_nid() nx_task_nid(current)
++static inline
++int v4_addr_in_nx_info(struct nx_info *nxi, __be32 addr, uint16_t tmask)
++{
++ struct nx_addr_v4 *nxa;
++ unsigned long irqflags;
++ int ret = 1;
+
-+#define current_nx_info() (current->nx_info)
++ if (!nxi)
++ goto out;
+
++ ret = 2;
++ /* allow 127.0.0.1 when remapping lback */
++ if ((tmask & NXA_LOOPBACK) &&
++ (addr == IPI_LOOPBACK) &&
++ nx_info_flags(nxi, NXF_LBACK_REMAP, 0))
++ goto out;
++ ret = 3;
++ /* check for lback address */
++ if ((tmask & NXA_MOD_LBACK) &&
++ (nxi->v4_lback.s_addr == addr))
++ goto out;
++ ret = 4;
++ /* check for broadcast address */
++ if ((tmask & NXA_MOD_BCAST) &&
++ (nxi->v4_bcast.s_addr == addr))
++ goto out;
++ ret = 5;
+
-+/* generic flag merging */
++ /* check for v4 addresses */
++ spin_lock_irqsave(&nxi->addr_lock, irqflags);
++ for (nxa = &nxi->v4; nxa; nxa = nxa->next)
++ if (v4_addr_match(nxa, addr, tmask))
++ goto out_unlock;
++ ret = 0;
++out_unlock:
++ spin_unlock_irqrestore(&nxi->addr_lock, irqflags);
++out:
++ vxdprintk(VXD_CBIT(net, 0),
++ "v4_addr_in_nx_info(%p[#%u]," NIPQUAD_FMT ",%04x) = %d",
++ nxi, nxi ? nxi->nx_id : 0, NIPQUAD(addr), tmask, ret);
++ return ret;
++}
+
-+#define vs_check_flags(v, m, f) (((v) & (m)) ^ (f))
++static inline
++int v4_nx_addr_match(struct nx_addr_v4 *nxa, struct nx_addr_v4 *addr, uint16_t mask)
++{
++ /* FIXME: needs full range checks */
++ return v4_addr_match(nxa, addr->ip[0].s_addr, mask);
++}
+
-+#define vs_mask_flags(v, f, m) (((v) & ~(m)) | ((f) & (m)))
++static inline
++int v4_nx_addr_in_nx_info(struct nx_info *nxi, struct nx_addr_v4 *nxa, uint16_t mask)
++{
++ struct nx_addr_v4 *ptr;
++ unsigned long irqflags;
++ int ret = 1;
+
-+#define vs_mask_mask(v, f, m) (((v) & ~(m)) | ((v) & (f) & (m)))
++ spin_lock_irqsave(&nxi->addr_lock, irqflags);
++ for (ptr = &nxi->v4; ptr; ptr = ptr->next)
++ if (v4_nx_addr_match(ptr, nxa, mask))
++ goto out_unlock;
++ ret = 0;
++out_unlock:
++ spin_unlock_irqrestore(&nxi->addr_lock, irqflags);
++ return ret;
++}
+
-+#define vs_check_bit(v, n) ((v) & (1LL << (n)))
++#include <net/inet_sock.h>
+
++/*
++ * Check if a given address matches for a socket
++ *
++ * nxi: the socket's nx_info if any
++ * addr: to be verified address
++ */
++static inline
++int v4_sock_addr_match (
++ struct nx_info *nxi,
++ struct inet_sock *inet,
++ __be32 addr)
++{
++ __be32 saddr = inet->inet_rcv_saddr;
++ __be32 bcast = nxi ? nxi->v4_bcast.s_addr : INADDR_BROADCAST;
+
-+/* context flags */
++ if (addr && (saddr == addr || bcast == addr))
++ return 1;
++ if (!saddr)
++ return v4_addr_in_nx_info(nxi, addr, NXA_MASK_BIND);
++ return 0;
++}
+
-+#define __vx_flags(v) ((v) ? (v)->vx_flags : 0)
+
-+#define vx_current_flags() __vx_flags(current_vx_info())
++/* inet related checks and helpers */
+
-+#define vx_info_flags(v, m, f) \
-+ vs_check_flags(__vx_flags(v), m, f)
+
-+#define task_vx_flags(t, m, f) \
-+ ((t) && vx_info_flags((t)->vx_info, m, f))
++struct in_ifaddr;
++struct net_device;
++struct sock;
+
-+#define vx_flags(m, f) vx_info_flags(current_vx_info(), m, f)
++#ifdef CONFIG_INET
+
++#include <linux/netdevice.h>
++#include <linux/inetdevice.h>
++#include <net/inet_sock.h>
++#include <net/inet_timewait_sock.h>
+
-+/* context caps */
+
-+#define __vx_ccaps(v) ((v) ? (v)->vx_ccaps : 0)
++int dev_in_nx_info(struct net_device *, struct nx_info *);
++int v4_dev_in_nx_info(struct net_device *, struct nx_info *);
++int nx_v4_addr_conflict(struct nx_info *, struct nx_info *);
+
-+#define vx_current_ccaps() __vx_ccaps(current_vx_info())
+
-+#define vx_info_ccaps(v, c) (__vx_ccaps(v) & (c))
++/*
++ * check if address is covered by socket
++ *
++ * sk: the socket to check against
++ * addr: the address in question (must be != 0)
++ */
+
-+#define vx_ccaps(c) vx_info_ccaps(current_vx_info(), (c))
++static inline
++int __v4_addr_match_socket(const struct sock *sk, struct nx_addr_v4 *nxa)
++{
++ struct nx_info *nxi = sk->sk_nx_info;
++ __be32 saddr = sk_rcv_saddr(sk);
+
++ vxdprintk(VXD_CBIT(net, 5),
++ "__v4_addr_in_socket(%p," NXAV4_FMT ") %p:" NIPQUAD_FMT " %p;%lx",
++ sk, NXAV4(nxa), nxi, NIPQUAD(saddr), sk->sk_socket,
++ (sk->sk_socket?sk->sk_socket->flags:0));
+
++ if (saddr) { /* direct address match */
++ return v4_addr_match(nxa, saddr, -1);
++ } else if (nxi) { /* match against nx_info */
++ return v4_nx_addr_in_nx_info(nxi, nxa, -1);
++ } else { /* unrestricted any socket */
++ return 1;
++ }
++}
+
-+/* network flags */
+
-+#define __nx_flags(n) ((n) ? (n)->nx_flags : 0)
+
-+#define nx_current_flags() __nx_flags(current_nx_info())
++static inline
++int nx_dev_visible(struct nx_info *nxi, struct net_device *dev)
++{
++ vxdprintk(VXD_CBIT(net, 1),
++ "nx_dev_visible(%p[#%u],%p " VS_Q("%s") ") %d",
++ nxi, nxi ? nxi->nx_id : 0, dev, dev->name,
++ nxi ? dev_in_nx_info(dev, nxi) : 0);
+
-+#define nx_info_flags(n, m, f) \
-+ vs_check_flags(__nx_flags(n), m, f)
++ if (!nx_info_flags(nxi, NXF_HIDE_NETIF, 0))
++ return 1;
++ if (dev_in_nx_info(dev, nxi))
++ return 1;
++ return 0;
++}
+
-+#define task_nx_flags(t, m, f) \
-+ ((t) && nx_info_flags((t)->nx_info, m, f))
+
-+#define nx_flags(m, f) nx_info_flags(current_nx_info(), m, f)
++static inline
++int v4_ifa_in_nx_info(struct in_ifaddr *ifa, struct nx_info *nxi)
++{
++ if (!nxi)
++ return 1;
++ if (!ifa)
++ return 0;
++ return v4_addr_in_nx_info(nxi, ifa->ifa_local, NXA_MASK_SHOW);
++}
+
++static inline
++int nx_v4_ifa_visible(struct nx_info *nxi, struct in_ifaddr *ifa)
++{
++ vxdprintk(VXD_CBIT(net, 1), "nx_v4_ifa_visible(%p[#%u],%p) %d",
++ nxi, nxi ? nxi->nx_id : 0, ifa,
++ nxi ? v4_ifa_in_nx_info(ifa, nxi) : 0);
+
-+/* network caps */
-+
-+#define __nx_ncaps(n) ((n) ? (n)->nx_ncaps : 0)
-+
-+#define nx_current_ncaps() __nx_ncaps(current_nx_info())
-+
-+#define nx_info_ncaps(n, c) (__nx_ncaps(n) & (c))
-+
-+#define nx_ncaps(c) nx_info_ncaps(current_nx_info(), c)
++ if (!nx_info_flags(nxi, NXF_HIDE_NETIF, 0))
++ return 1;
++ if (v4_ifa_in_nx_info(ifa, nxi))
++ return 1;
++ return 0;
++}
+
+
-+/* context mask capabilities */
++struct nx_v4_sock_addr {
++ __be32 saddr; /* Address used for validation */
++ __be32 baddr; /* Address used for socket bind */
++};
+
-+#define __vx_mcaps(v) ((v) ? (v)->vx_ccaps >> 32UL : ~0 )
++static inline
++int v4_map_sock_addr(struct inet_sock *inet, struct sockaddr_in *addr,
++ struct nx_v4_sock_addr *nsa)
++{
++ struct sock *sk = &inet->sk;
++ struct nx_info *nxi = sk->sk_nx_info;
++ __be32 saddr = addr->sin_addr.s_addr;
++ __be32 baddr = saddr;
+
-+#define vx_info_mcaps(v, c) (__vx_mcaps(v) & (c))
++ vxdprintk(VXD_CBIT(net, 3),
++ "inet_bind(%p)* %p,%p;%lx " NIPQUAD_FMT,
++ sk, sk->sk_nx_info, sk->sk_socket,
++ (sk->sk_socket ? sk->sk_socket->flags : 0),
++ NIPQUAD(saddr));
+
-+#define vx_mcaps(c) vx_info_mcaps(current_vx_info(), c)
++ if (nxi) {
++ if (saddr == INADDR_ANY) {
++ if (nx_info_flags(nxi, NXF_SINGLE_IP, 0))
++ baddr = nxi->v4.ip[0].s_addr;
++ } else if (saddr == IPI_LOOPBACK) {
++ if (nx_info_flags(nxi, NXF_LBACK_REMAP, 0))
++ baddr = nxi->v4_lback.s_addr;
++ } else if (!ipv4_is_multicast(saddr) ||
++ !nx_info_ncaps(nxi, NXC_MULTICAST)) {
++ /* normal address bind */
++ if (!v4_addr_in_nx_info(nxi, saddr, NXA_MASK_BIND))
++ return -EADDRNOTAVAIL;
++ }
++ }
+
++ vxdprintk(VXD_CBIT(net, 3),
++ "inet_bind(%p) " NIPQUAD_FMT ", " NIPQUAD_FMT,
++ sk, NIPQUAD(saddr), NIPQUAD(baddr));
+
-+/* context bcap mask */
++ nsa->saddr = saddr;
++ nsa->baddr = baddr;
++ return 0;
++}
+
-+#define __vx_bcaps(v) ((v)->vx_bcaps)
++static inline
++void v4_set_sock_addr(struct inet_sock *inet, struct nx_v4_sock_addr *nsa)
++{
++ inet->inet_saddr = nsa->baddr;
++ inet->inet_rcv_saddr = nsa->baddr;
++}
+
-+#define vx_current_bcaps() __vx_bcaps(current_vx_info())
+
++/*
++ * helper to simplify inet_lookup_listener
++ *
++ * nxi: the socket's nx_info if any
++ * addr: to be verified address
++ * saddr: socket address
++ */
++static inline int v4_inet_addr_match (
++ struct nx_info *nxi,
++ __be32 addr,
++ __be32 saddr)
++{
++ if (addr && (saddr == addr))
++ return 1;
++ if (!saddr)
++ return nxi ? v4_addr_in_nx_info(nxi, addr, NXA_MASK_BIND) : 1;
++ return 0;
++}
+
-+/* mask given bcaps */
++static inline __be32 nx_map_sock_lback(struct nx_info *nxi, __be32 addr)
++{
++ if (nx_info_flags(nxi, NXF_HIDE_LBACK, 0) &&
++ (addr == nxi->v4_lback.s_addr))
++ return IPI_LOOPBACK;
++ return addr;
++}
+
-+#define vx_info_mbcaps(v, c) ((v) ? cap_intersect(__vx_bcaps(v), c) : c)
++static inline
++int nx_info_has_v4(struct nx_info *nxi)
++{
++ if (!nxi)
++ return 1;
++ if (NX_IPV4(nxi))
++ return 1;
++ if (nx_info_flags(nxi, NXF_LBACK_REMAP, 0))
++ return 1;
++ return 0;
++}
+
-+#define vx_mbcaps(c) vx_info_mbcaps(current_vx_info(), c)
++#else /* CONFIG_INET */
+
++static inline
++int nx_dev_visible(struct nx_info *n, struct net_device *d)
++{
++ return 1;
++}
+
-+/* masked cap_bset */
++static inline
++int nx_v4_addr_conflict(struct nx_info *n, uint32_t a, const struct sock *s)
++{
++ return 1;
++}
+
-+#define vx_info_cap_bset(v) vx_info_mbcaps(v, current->cap_bset)
++static inline
++int v4_ifa_in_nx_info(struct in_ifaddr *a, struct nx_info *n)
++{
++ return 1;
++}
+
-+#define vx_current_cap_bset() vx_info_cap_bset(current_vx_info())
++static inline
++int nx_info_has_v4(struct nx_info *nxi)
++{
++ return 0;
++}
+
-+#if 0
-+#define vx_info_mbcap(v, b) \
-+ (!vx_info_flags(v, VXF_STATE_SETUP, 0) ? \
-+ vx_info_bcaps(v, b) : (b))
++#endif /* CONFIG_INET */
+
-+#define task_vx_mbcap(t, b) \
-+ vx_info_mbcap((t)->vx_info, (t)->b)
++#define current_nx_info_has_v4() \
++ nx_info_has_v4(current_nx_info())
+
-+#define vx_mbcap(b) task_vx_mbcap(current, b)
++#else
++// #warning duplicate inclusion
+#endif
+diff -NurpP --minimal linux-3.9.4/include/linux/vs_inet6.h linux-3.9.4-vs2.3.6.2/include/linux/vs_inet6.h
+--- linux-3.9.4/include/linux/vs_inet6.h 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/linux/vs_inet6.h 2013-05-31 14:47:11.000000000 +0000
+@@ -0,0 +1,257 @@
++#ifndef _VS_INET6_H
++#define _VS_INET6_H
+
-+#define vx_cap_raised(v, c, f) cap_raised(vx_info_mbcaps(v, c), f)
++#include "vserver/base.h"
++#include "vserver/network.h"
++#include "vserver/debug.h"
+
-+#define vx_capable(b, c) (capable(b) || \
-+ (cap_raised(current_cap(), b) && vx_ccaps(c)))
++#include <net/ipv6.h>
+
-+#define nx_capable(b, c) (capable(b) || \
-+ (cap_raised(current_cap(), b) && nx_ncaps(c)))
++#define NXAV6(a) &(a)->ip, &(a)->mask, (a)->prefix, (a)->type
++#define NXAV6_FMT "[%pI6/%pI6/%d:%04x]"
+
-+#define vx_task_initpid(t, n) \
-+ ((t)->vx_info && \
-+ ((t)->vx_info->vx_initpid == (n)))
+
-+#define vx_current_initpid(n) vx_task_initpid(current, n)
++#ifdef CONFIG_IPV6
+
++static inline
++int v6_addr_match(struct nx_addr_v6 *nxa,
++ const struct in6_addr *addr, uint16_t mask)
++{
++ int ret = 0;
+
-+/* context unshare mask */
++ switch (nxa->type & mask) {
++ case NXA_TYPE_MASK:
++ ret = ipv6_masked_addr_cmp(&nxa->ip, &nxa->mask, addr);
++ break;
++ case NXA_TYPE_ADDR:
++ ret = ipv6_addr_equal(&nxa->ip, addr);
++ break;
++ case NXA_TYPE_ANY:
++ ret = 1;
++ break;
++ }
++ vxdprintk(VXD_CBIT(net, 0),
++ "v6_addr_match(%p" NXAV6_FMT ",%pI6,%04x) = %d",
++ nxa, NXAV6(nxa), addr, mask, ret);
++ return ret;
++}
+
-+#define __vx_umask(v) ((v)->vx_umask)
++static inline
++int v6_addr_in_nx_info(struct nx_info *nxi,
++ const struct in6_addr *addr, uint16_t mask)
++{
++ struct nx_addr_v6 *nxa;
++ unsigned long irqflags;
++ int ret = 1;
+
-+#define vx_current_umask() __vx_umask(current_vx_info())
++ if (!nxi)
++ goto out;
+
-+#define vx_can_unshare(b, f) (capable(b) || \
-+ (cap_raised(current_cap(), b) && \
-+ !((f) & ~vx_current_umask())))
++ spin_lock_irqsave(&nxi->addr_lock, irqflags);
++ for (nxa = &nxi->v6; nxa; nxa = nxa->next)
++ if (v6_addr_match(nxa, addr, mask))
++ goto out_unlock;
++ ret = 0;
++out_unlock:
++ spin_unlock_irqrestore(&nxi->addr_lock, irqflags);
++out:
++ vxdprintk(VXD_CBIT(net, 0),
++ "v6_addr_in_nx_info(%p[#%u],%pI6,%04x) = %d",
++ nxi, nxi ? nxi->nx_id : 0, addr, mask, ret);
++ return ret;
++}
+
++static inline
++int v6_nx_addr_match(struct nx_addr_v6 *nxa, struct nx_addr_v6 *addr, uint16_t mask)
++{
++ /* FIXME: needs full range checks */
++ return v6_addr_match(nxa, &addr->ip, mask);
++}
+
-+#define __vx_state(v) ((v) ? ((v)->vx_state) : 0)
++static inline
++int v6_nx_addr_in_nx_info(struct nx_info *nxi, struct nx_addr_v6 *nxa, uint16_t mask)
++{
++ struct nx_addr_v6 *ptr;
++ unsigned long irqflags;
++ int ret = 1;
+
-+#define vx_info_state(v, m) (__vx_state(v) & (m))
++ spin_lock_irqsave(&nxi->addr_lock, irqflags);
++ for (ptr = &nxi->v6; ptr; ptr = ptr->next)
++ if (v6_nx_addr_match(ptr, nxa, mask))
++ goto out_unlock;
++ ret = 0;
++out_unlock:
++ spin_unlock_irqrestore(&nxi->addr_lock, irqflags);
++ return ret;
++}
+
+
-+#define __nx_state(n) ((n) ? ((n)->nx_state) : 0)
++/*
++ * Check if a given address matches for a socket
++ *
++ * nxi: the socket's nx_info if any
++ * addr: to be verified address
++ */
++static inline
++int v6_sock_addr_match (
++ struct nx_info *nxi,
++ struct inet_sock *inet,
++ struct in6_addr *addr)
++{
++ struct sock *sk = &inet->sk;
++ struct in6_addr *saddr = inet6_rcv_saddr(sk);
+
-+#define nx_info_state(n, m) (__nx_state(n) & (m))
++ if (!ipv6_addr_any(addr) &&
++ ipv6_addr_equal(saddr, addr))
++ return 1;
++ if (ipv6_addr_any(saddr))
++ return v6_addr_in_nx_info(nxi, addr, -1);
++ return 0;
++}
+
-+#endif
-diff -NurpP --minimal linux-2.6.35.4/include/linux/vserver/cacct_cmd.h linux-2.6.35.4-vs2.3.0.36.32/include/linux/vserver/cacct_cmd.h
---- linux-2.6.35.4/include/linux/vserver/cacct_cmd.h 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/include/linux/vserver/cacct_cmd.h 2010-08-02 17:05:06.000000000 +0200
-@@ -0,0 +1,23 @@
-+#ifndef _VX_CACCT_CMD_H
-+#define _VX_CACCT_CMD_H
++/*
++ * check if address is covered by socket
++ *
++ * sk: the socket to check against
++ * addr: the address in question (must be != 0)
++ */
+
++static inline
++int __v6_addr_match_socket(const struct sock *sk, struct nx_addr_v6 *nxa)
++{
++ struct nx_info *nxi = sk->sk_nx_info;
++ struct in6_addr *saddr = inet6_rcv_saddr(sk);
+
-+/* virtual host info name commands */
-+
-+#define VCMD_sock_stat VC_CMD(VSTAT, 5, 0)
-+
-+struct vcmd_sock_stat_v0 {
-+ uint32_t field;
-+ uint32_t count[3];
-+ uint64_t total[3];
-+};
++ vxdprintk(VXD_CBIT(net, 5),
++ "__v6_addr_in_socket(%p," NXAV6_FMT ") %p:%pI6 %p;%lx",
++ sk, NXAV6(nxa), nxi, saddr, sk->sk_socket,
++ (sk->sk_socket?sk->sk_socket->flags:0));
+
++ if (!ipv6_addr_any(saddr)) { /* direct address match */
++ return v6_addr_match(nxa, saddr, -1);
++ } else if (nxi) { /* match against nx_info */
++ return v6_nx_addr_in_nx_info(nxi, nxa, -1);
++ } else { /* unrestricted any socket */
++ return 1;
++ }
++}
+
-+#ifdef __KERNEL__
+
-+#include <linux/compiler.h>
++/* inet related checks and helpers */
+
-+extern int vc_sock_stat(struct vx_info *, void __user *);
+
-+#endif /* __KERNEL__ */
-+#endif /* _VX_CACCT_CMD_H */
-diff -NurpP --minimal linux-2.6.35.4/include/linux/vserver/cacct_def.h linux-2.6.35.4-vs2.3.0.36.32/include/linux/vserver/cacct_def.h
---- linux-2.6.35.4/include/linux/vserver/cacct_def.h 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/include/linux/vserver/cacct_def.h 2010-08-02 17:05:06.000000000 +0200
-@@ -0,0 +1,43 @@
-+#ifndef _VX_CACCT_DEF_H
-+#define _VX_CACCT_DEF_H
++struct in_ifaddr;
++struct net_device;
++struct sock;
+
-+#include <asm/atomic.h>
-+#include <linux/vserver/cacct.h>
+
++#include <linux/netdevice.h>
++#include <linux/inetdevice.h>
++#include <net/inet_timewait_sock.h>
+
-+struct _vx_sock_acc {
-+ atomic_long_t count;
-+ atomic_long_t total;
-+};
+
-+/* context sub struct */
++int dev_in_nx_info(struct net_device *, struct nx_info *);
++int v6_dev_in_nx_info(struct net_device *, struct nx_info *);
++int nx_v6_addr_conflict(struct nx_info *, struct nx_info *);
+
-+struct _vx_cacct {
-+ struct _vx_sock_acc sock[VXA_SOCK_SIZE][3];
-+ atomic_t slab[8];
-+ atomic_t page[6][8];
-+};
+
-+#ifdef CONFIG_VSERVER_DEBUG
+
-+static inline void __dump_vx_cacct(struct _vx_cacct *cacct)
++static inline
++int v6_ifa_in_nx_info(struct inet6_ifaddr *ifa, struct nx_info *nxi)
+{
-+ int i, j;
++ if (!nxi)
++ return 1;
++ if (!ifa)
++ return 0;
++ return v6_addr_in_nx_info(nxi, &ifa->addr, -1);
++}
+
-+ printk("\t_vx_cacct:");
-+ for (i = 0; i < 6; i++) {
-+ struct _vx_sock_acc *ptr = cacct->sock[i];
++static inline
++int nx_v6_ifa_visible(struct nx_info *nxi, struct inet6_ifaddr *ifa)
++{
++ vxdprintk(VXD_CBIT(net, 1), "nx_v6_ifa_visible(%p[#%u],%p) %d",
++ nxi, nxi ? nxi->nx_id : 0, ifa,
++ nxi ? v6_ifa_in_nx_info(ifa, nxi) : 0);
+
-+ printk("\t [%d] =", i);
-+ for (j = 0; j < 3; j++) {
-+ printk(" [%d] = %8lu, %8lu", j,
-+ atomic_long_read(&ptr[j].count),
-+ atomic_long_read(&ptr[j].total));
-+ }
-+ printk("\n");
-+ }
++ if (!nx_info_flags(nxi, NXF_HIDE_NETIF, 0))
++ return 1;
++ if (v6_ifa_in_nx_info(ifa, nxi))
++ return 1;
++ return 0;
+}
+
-+#endif
+
-+#endif /* _VX_CACCT_DEF_H */
-diff -NurpP --minimal linux-2.6.35.4/include/linux/vserver/cacct.h linux-2.6.35.4-vs2.3.0.36.32/include/linux/vserver/cacct.h
---- linux-2.6.35.4/include/linux/vserver/cacct.h 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/include/linux/vserver/cacct.h 2010-08-02 17:05:06.000000000 +0200
-@@ -0,0 +1,15 @@
-+#ifndef _VX_CACCT_H
-+#define _VX_CACCT_H
++struct nx_v6_sock_addr {
++ struct in6_addr saddr; /* Address used for validation */
++ struct in6_addr baddr; /* Address used for socket bind */
++};
+
++static inline
++int v6_map_sock_addr(struct inet_sock *inet, struct sockaddr_in6 *addr,
++ struct nx_v6_sock_addr *nsa)
++{
++ // struct sock *sk = &inet->sk;
++ // struct nx_info *nxi = sk->sk_nx_info;
++ struct in6_addr saddr = addr->sin6_addr;
++ struct in6_addr baddr = saddr;
+
-+enum sock_acc_field {
-+ VXA_SOCK_UNSPEC = 0,
-+ VXA_SOCK_UNIX,
-+ VXA_SOCK_INET,
-+ VXA_SOCK_INET6,
-+ VXA_SOCK_PACKET,
-+ VXA_SOCK_OTHER,
-+ VXA_SOCK_SIZE /* array size */
-+};
++ nsa->saddr = saddr;
++ nsa->baddr = baddr;
++ return 0;
++}
++
++static inline
++void v6_set_sock_addr(struct inet_sock *inet, struct nx_v6_sock_addr *nsa)
++{
++ // struct sock *sk = &inet->sk;
++ // struct in6_addr *saddr = inet6_rcv_saddr(sk);
+
-+#endif /* _VX_CACCT_H */
-diff -NurpP --minimal linux-2.6.35.4/include/linux/vserver/cacct_int.h linux-2.6.35.4-vs2.3.0.36.32/include/linux/vserver/cacct_int.h
---- linux-2.6.35.4/include/linux/vserver/cacct_int.h 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/include/linux/vserver/cacct_int.h 2010-08-02 17:05:06.000000000 +0200
-@@ -0,0 +1,21 @@
-+#ifndef _VX_CACCT_INT_H
-+#define _VX_CACCT_INT_H
++ // *saddr = nsa->baddr;
++ // inet->inet_saddr = nsa->baddr;
++}
+
++static inline
++int nx_info_has_v6(struct nx_info *nxi)
++{
++ if (!nxi)
++ return 1;
++ if (NX_IPV6(nxi))
++ return 1;
++ return 0;
++}
+
-+#ifdef __KERNEL__
++#else /* CONFIG_IPV6 */
+
+static inline
-+unsigned long vx_sock_count(struct _vx_cacct *cacct, int type, int pos)
++int nx_v6_dev_visible(struct nx_info *n, struct net_device *d)
+{
-+ return atomic_long_read(&cacct->sock[type][pos].count);
++ return 1;
+}
+
+
+static inline
-+unsigned long vx_sock_total(struct _vx_cacct *cacct, int type, int pos)
++int nx_v6_addr_conflict(struct nx_info *n, uint32_t a, const struct sock *s)
+{
-+ return atomic_long_read(&cacct->sock[type][pos].total);
++ return 1;
+}
+
-+#endif /* __KERNEL__ */
-+#endif /* _VX_CACCT_INT_H */
-diff -NurpP --minimal linux-2.6.35.4/include/linux/vserver/check.h linux-2.6.35.4-vs2.3.0.36.32/include/linux/vserver/check.h
---- linux-2.6.35.4/include/linux/vserver/check.h 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/include/linux/vserver/check.h 2010-08-02 17:05:06.000000000 +0200
-@@ -0,0 +1,89 @@
-+#ifndef _VS_CHECK_H
-+#define _VS_CHECK_H
++static inline
++int v6_ifa_in_nx_info(struct in_ifaddr *a, struct nx_info *n)
++{
++ return 1;
++}
++
++static inline
++int nx_info_has_v6(struct nx_info *nxi)
++{
++ return 0;
++}
+
++#endif /* CONFIG_IPV6 */
+
-+#define MAX_S_CONTEXT 65535 /* Arbitrary limit */
++#define current_nx_info_has_v6() \
++ nx_info_has_v6(current_nx_info())
+
-+#ifdef CONFIG_VSERVER_DYNAMIC_IDS
-+#define MIN_D_CONTEXT 49152 /* dynamic contexts start here */
+#else
-+#define MIN_D_CONTEXT 65536
++#warning duplicate inclusion
+#endif
+diff -NurpP --minimal linux-3.9.4/include/linux/vs_limit.h linux-3.9.4-vs2.3.6.2/include/linux/vs_limit.h
+--- linux-3.9.4/include/linux/vs_limit.h 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/linux/vs_limit.h 2013-05-31 14:47:11.000000000 +0000
+@@ -0,0 +1,140 @@
++#ifndef _VS_LIMIT_H
++#define _VS_LIMIT_H
+
-+/* check conditions */
++#include "vserver/limit.h"
++#include "vserver/base.h"
++#include "vserver/context.h"
++#include "vserver/debug.h"
++#include "vserver/context.h"
++#include "vserver/limit_int.h"
+
-+#define VS_ADMIN 0x0001
-+#define VS_WATCH 0x0002
-+#define VS_HIDE 0x0004
-+#define VS_HOSTID 0x0008
+
-+#define VS_IDENT 0x0010
-+#define VS_EQUIV 0x0020
-+#define VS_PARENT 0x0040
-+#define VS_CHILD 0x0080
++#define vx_acc_cres(v, d, p, r) \
++ __vx_acc_cres(v, r, d, p, __FILE__, __LINE__)
+
-+#define VS_ARG_MASK 0x00F0
++#define vx_acc_cres_cond(x, d, p, r) \
++ __vx_acc_cres(((x) == vx_current_xid()) ? current_vx_info() : 0, \
++ r, d, p, __FILE__, __LINE__)
+
-+#define VS_DYNAMIC 0x0100
-+#define VS_STATIC 0x0200
+
-+#define VS_ATR_MASK 0x0F00
++#define vx_add_cres(v, a, p, r) \
++ __vx_add_cres(v, r, a, p, __FILE__, __LINE__)
++#define vx_sub_cres(v, a, p, r) vx_add_cres(v, -(a), p, r)
+
-+#ifdef CONFIG_VSERVER_PRIVACY
-+#define VS_ADMIN_P (0)
-+#define VS_WATCH_P (0)
-+#else
-+#define VS_ADMIN_P VS_ADMIN
-+#define VS_WATCH_P VS_WATCH
-+#endif
++#define vx_add_cres_cond(x, a, p, r) \
++ __vx_add_cres(((x) == vx_current_xid()) ? current_vx_info() : 0, \
++ r, a, p, __FILE__, __LINE__)
++#define vx_sub_cres_cond(x, a, p, r) vx_add_cres_cond(x, -(a), p, r)
+
-+#define VS_HARDIRQ 0x1000
-+#define VS_SOFTIRQ 0x2000
-+#define VS_IRQ 0x4000
+
-+#define VS_IRQ_MASK 0xF000
++/* process and file limits */
+
-+#include <linux/hardirq.h>
++#define vx_nproc_inc(p) \
++ vx_acc_cres((p)->vx_info, 1, p, RLIMIT_NPROC)
+
-+/*
-+ * check current context for ADMIN/WATCH and
-+ * optionally against supplied argument
-+ */
-+static inline int __vs_check(int cid, int id, unsigned int mode)
-+{
-+ if (mode & VS_ARG_MASK) {
-+ if ((mode & VS_IDENT) && (id == cid))
-+ return 1;
-+ }
-+ if (mode & VS_ATR_MASK) {
-+ if ((mode & VS_DYNAMIC) &&
-+ (id >= MIN_D_CONTEXT) &&
-+ (id <= MAX_S_CONTEXT))
-+ return 1;
-+ if ((mode & VS_STATIC) &&
-+ (id > 1) && (id < MIN_D_CONTEXT))
-+ return 1;
-+ }
-+ if (mode & VS_IRQ_MASK) {
-+ if ((mode & VS_IRQ) && unlikely(in_interrupt()))
-+ return 1;
-+ if ((mode & VS_HARDIRQ) && unlikely(in_irq()))
-+ return 1;
-+ if ((mode & VS_SOFTIRQ) && unlikely(in_softirq()))
-+ return 1;
-+ }
-+ return (((mode & VS_ADMIN) && (cid == 0)) ||
-+ ((mode & VS_WATCH) && (cid == 1)) ||
-+ ((mode & VS_HOSTID) && (id == 0)));
-+}
++#define vx_nproc_dec(p) \
++ vx_acc_cres((p)->vx_info,-1, p, RLIMIT_NPROC)
+
-+#define vx_check(c, m) __vs_check(vx_current_xid(), c, (m) | VS_IRQ)
++#define vx_files_inc(f) \
++ vx_acc_cres_cond((f)->f_xid, 1, f, RLIMIT_NOFILE)
+
-+#define vx_weak_check(c, m) ((m) ? vx_check(c, m) : 1)
++#define vx_files_dec(f) \
++ vx_acc_cres_cond((f)->f_xid,-1, f, RLIMIT_NOFILE)
+
++#define vx_locks_inc(l) \
++ vx_acc_cres_cond((l)->fl_xid, 1, l, RLIMIT_LOCKS)
+
-+#define nx_check(c, m) __vs_check(nx_current_nid(), c, m)
++#define vx_locks_dec(l) \
++ vx_acc_cres_cond((l)->fl_xid,-1, l, RLIMIT_LOCKS)
+
-+#define nx_weak_check(c, m) ((m) ? nx_check(c, m) : 1)
++#define vx_openfd_inc(f) \
++ vx_acc_cres(current_vx_info(), 1, (void *)(long)(f), VLIMIT_OPENFD)
+
-+#endif
-diff -NurpP --minimal linux-2.6.35.4/include/linux/vserver/context_cmd.h linux-2.6.35.4-vs2.3.0.36.32/include/linux/vserver/context_cmd.h
---- linux-2.6.35.4/include/linux/vserver/context_cmd.h 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/include/linux/vserver/context_cmd.h 2010-08-02 17:05:06.000000000 +0200
-@@ -0,0 +1,145 @@
-+#ifndef _VX_CONTEXT_CMD_H
-+#define _VX_CONTEXT_CMD_H
++#define vx_openfd_dec(f) \
++ vx_acc_cres(current_vx_info(),-1, (void *)(long)(f), VLIMIT_OPENFD)
+
+
-+/* vinfo commands */
-+
-+#define VCMD_task_xid VC_CMD(VINFO, 1, 0)
++#define vx_cres_avail(v, n, r) \
++ __vx_cres_avail(v, r, n, __FILE__, __LINE__)
+
-+#ifdef __KERNEL__
-+extern int vc_task_xid(uint32_t);
+
-+#endif /* __KERNEL__ */
++#define vx_nproc_avail(n) \
++ vx_cres_avail(current_vx_info(), n, RLIMIT_NPROC)
+
-+#define VCMD_vx_info VC_CMD(VINFO, 5, 0)
++#define vx_files_avail(n) \
++ vx_cres_avail(current_vx_info(), n, RLIMIT_NOFILE)
+
-+struct vcmd_vx_info_v0 {
-+ uint32_t xid;
-+ uint32_t initpid;
-+ /* more to come */
-+};
++#define vx_locks_avail(n) \
++ vx_cres_avail(current_vx_info(), n, RLIMIT_LOCKS)
+
-+#ifdef __KERNEL__
-+extern int vc_vx_info(struct vx_info *, void __user *);
++#define vx_openfd_avail(n) \
++ vx_cres_avail(current_vx_info(), n, VLIMIT_OPENFD)
+
-+#endif /* __KERNEL__ */
+
-+#define VCMD_ctx_stat VC_CMD(VSTAT, 0, 0)
++/* dentry limits */
+
-+struct vcmd_ctx_stat_v0 {
-+ uint32_t usecnt;
-+ uint32_t tasks;
-+ /* more to come */
-+};
++#define vx_dentry_inc(d) do { \
++ if ((d)->d_count == 1) \
++ vx_acc_cres(current_vx_info(), 1, d, VLIMIT_DENTRY); \
++ } while (0)
+
-+#ifdef __KERNEL__
-+extern int vc_ctx_stat(struct vx_info *, void __user *);
++#define vx_dentry_dec(d) do { \
++ if ((d)->d_count == 0) \
++ vx_acc_cres(current_vx_info(),-1, d, VLIMIT_DENTRY); \
++ } while (0)
+
-+#endif /* __KERNEL__ */
++#define vx_dentry_avail(n) \
++ vx_cres_avail(current_vx_info(), n, VLIMIT_DENTRY)
+
-+/* context commands */
+
-+#define VCMD_ctx_create_v0 VC_CMD(VPROC, 1, 0)
-+#define VCMD_ctx_create VC_CMD(VPROC, 1, 1)
++/* socket limits */
+
-+struct vcmd_ctx_create {
-+ uint64_t flagword;
-+};
++#define vx_sock_inc(s) \
++ vx_acc_cres((s)->sk_vx_info, 1, s, VLIMIT_NSOCK)
+
-+#define VCMD_ctx_migrate_v0 VC_CMD(PROCMIG, 1, 0)
-+#define VCMD_ctx_migrate VC_CMD(PROCMIG, 1, 1)
++#define vx_sock_dec(s) \
++ vx_acc_cres((s)->sk_vx_info,-1, s, VLIMIT_NSOCK)
+
-+struct vcmd_ctx_migrate {
-+ uint64_t flagword;
-+};
++#define vx_sock_avail(n) \
++ vx_cres_avail(current_vx_info(), n, VLIMIT_NSOCK)
+
-+#ifdef __KERNEL__
-+extern int vc_ctx_create(uint32_t, void __user *);
-+extern int vc_ctx_migrate(struct vx_info *, void __user *);
+
-+#endif /* __KERNEL__ */
++/* ipc resource limits */
+
++#define vx_ipcmsg_add(v, u, a) \
++ vx_add_cres(v, a, u, RLIMIT_MSGQUEUE)
+
-+/* flag commands */
++#define vx_ipcmsg_sub(v, u, a) \
++ vx_sub_cres(v, a, u, RLIMIT_MSGQUEUE)
+
-+#define VCMD_get_cflags VC_CMD(FLAGS, 1, 0)
-+#define VCMD_set_cflags VC_CMD(FLAGS, 2, 0)
++#define vx_ipcmsg_avail(v, a) \
++ vx_cres_avail(v, a, RLIMIT_MSGQUEUE)
+
-+struct vcmd_ctx_flags_v0 {
-+ uint64_t flagword;
-+ uint64_t mask;
-+};
+
-+#ifdef __KERNEL__
-+extern int vc_get_cflags(struct vx_info *, void __user *);
-+extern int vc_set_cflags(struct vx_info *, void __user *);
++#define vx_ipcshm_add(v, k, a) \
++ vx_add_cres(v, a, (void *)(long)(k), VLIMIT_SHMEM)
+
-+#endif /* __KERNEL__ */
++#define vx_ipcshm_sub(v, k, a) \
++ vx_sub_cres(v, a, (void *)(long)(k), VLIMIT_SHMEM)
+
++#define vx_ipcshm_avail(v, a) \
++ vx_cres_avail(v, a, VLIMIT_SHMEM)
+
-+/* context caps commands */
+
-+#define VCMD_get_ccaps VC_CMD(FLAGS, 3, 1)
-+#define VCMD_set_ccaps VC_CMD(FLAGS, 4, 1)
++#define vx_semary_inc(a) \
++ vx_acc_cres(current_vx_info(), 1, a, VLIMIT_SEMARY)
+
-+struct vcmd_ctx_caps_v1 {
-+ uint64_t ccaps;
-+ uint64_t cmask;
-+};
++#define vx_semary_dec(a) \
++ vx_acc_cres(current_vx_info(), -1, a, VLIMIT_SEMARY)
+
-+#ifdef __KERNEL__
-+extern int vc_get_ccaps(struct vx_info *, void __user *);
-+extern int vc_set_ccaps(struct vx_info *, void __user *);
+
-+#endif /* __KERNEL__ */
++#define vx_nsems_add(a,n) \
++ vx_add_cres(current_vx_info(), n, a, VLIMIT_NSEMS)
+
++#define vx_nsems_sub(a,n) \
++ vx_sub_cres(current_vx_info(), n, a, VLIMIT_NSEMS)
+
-+/* bcaps commands */
+
-+#define VCMD_get_bcaps VC_CMD(FLAGS, 9, 0)
-+#define VCMD_set_bcaps VC_CMD(FLAGS, 10, 0)
++#else
++#warning duplicate inclusion
++#endif
+diff -NurpP --minimal linux-3.9.4/include/linux/vs_network.h linux-3.9.4-vs2.3.6.2/include/linux/vs_network.h
+--- linux-3.9.4/include/linux/vs_network.h 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/linux/vs_network.h 2013-05-31 14:47:11.000000000 +0000
+@@ -0,0 +1,169 @@
++#ifndef _NX_VS_NETWORK_H
++#define _NX_VS_NETWORK_H
+
-+struct vcmd_bcaps {
-+ uint64_t bcaps;
-+ uint64_t bmask;
-+};
++#include "vserver/context.h"
++#include "vserver/network.h"
++#include "vserver/base.h"
++#include "vserver/check.h"
++#include "vserver/debug.h"
+
-+#ifdef __KERNEL__
-+extern int vc_get_bcaps(struct vx_info *, void __user *);
-+extern int vc_set_bcaps(struct vx_info *, void __user *);
++#include <linux/sched.h>
+
-+#endif /* __KERNEL__ */
+
++#define get_nx_info(i) __get_nx_info(i, __FILE__, __LINE__)
+
-+/* umask commands */
++static inline struct nx_info *__get_nx_info(struct nx_info *nxi,
++ const char *_file, int _line)
++{
++ if (!nxi)
++ return NULL;
+
-+#define VCMD_get_umask VC_CMD(FLAGS, 13, 0)
-+#define VCMD_set_umask VC_CMD(FLAGS, 14, 0)
++ vxlprintk(VXD_CBIT(nid, 2), "get_nx_info(%p[#%d.%d])",
++ nxi, nxi ? nxi->nx_id : 0,
++ nxi ? atomic_read(&nxi->nx_usecnt) : 0,
++ _file, _line);
+
-+struct vcmd_umask {
-+ uint64_t umask;
-+ uint64_t mask;
-+};
++ atomic_inc(&nxi->nx_usecnt);
++ return nxi;
++}
+
-+#ifdef __KERNEL__
-+extern int vc_get_umask(struct vx_info *, void __user *);
-+extern int vc_set_umask(struct vx_info *, void __user *);
+
-+#endif /* __KERNEL__ */
++extern void free_nx_info(struct nx_info *);
+
++#define put_nx_info(i) __put_nx_info(i, __FILE__, __LINE__)
+
-+/* OOM badness */
++static inline void __put_nx_info(struct nx_info *nxi, const char *_file, int _line)
++{
++ if (!nxi)
++ return;
+
-+#define VCMD_get_badness VC_CMD(MEMCTRL, 5, 0)
-+#define VCMD_set_badness VC_CMD(MEMCTRL, 6, 0)
++ vxlprintk(VXD_CBIT(nid, 2), "put_nx_info(%p[#%d.%d])",
++ nxi, nxi ? nxi->nx_id : 0,
++ nxi ? atomic_read(&nxi->nx_usecnt) : 0,
++ _file, _line);
+
-+struct vcmd_badness_v0 {
-+ int64_t bias;
-+};
++ if (atomic_dec_and_test(&nxi->nx_usecnt))
++ free_nx_info(nxi);
++}
+
-+#ifdef __KERNEL__
-+extern int vc_get_badness(struct vx_info *, void __user *);
-+extern int vc_set_badness(struct vx_info *, void __user *);
+
-+#endif /* __KERNEL__ */
-+#endif /* _VX_CONTEXT_CMD_H */
-diff -NurpP --minimal linux-2.6.35.4/include/linux/vserver/context.h linux-2.6.35.4-vs2.3.0.36.32/include/linux/vserver/context.h
---- linux-2.6.35.4/include/linux/vserver/context.h 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/include/linux/vserver/context.h 2010-08-02 17:05:06.000000000 +0200
-@@ -0,0 +1,184 @@
-+#ifndef _VX_CONTEXT_H
-+#define _VX_CONTEXT_H
++#define init_nx_info(p, i) __init_nx_info(p, i, __FILE__, __LINE__)
+
-+#include <linux/types.h>
-+#include <linux/capability.h>
++static inline void __init_nx_info(struct nx_info **nxp, struct nx_info *nxi,
++ const char *_file, int _line)
++{
++ if (nxi) {
++ vxlprintk(VXD_CBIT(nid, 3),
++ "init_nx_info(%p[#%d.%d])",
++ nxi, nxi ? nxi->nx_id : 0,
++ nxi ? atomic_read(&nxi->nx_usecnt) : 0,
++ _file, _line);
+
++ atomic_inc(&nxi->nx_usecnt);
++ }
++ *nxp = nxi;
++}
+
-+/* context flags */
+
-+#define VXF_INFO_SCHED 0x00000002
-+#define VXF_INFO_NPROC 0x00000004
-+#define VXF_INFO_PRIVATE 0x00000008
++#define set_nx_info(p, i) __set_nx_info(p, i, __FILE__, __LINE__)
+
-+#define VXF_INFO_INIT 0x00000010
-+#define VXF_INFO_HIDE 0x00000020
-+#define VXF_INFO_ULIMIT 0x00000040
-+#define VXF_INFO_NSPACE 0x00000080
++static inline void __set_nx_info(struct nx_info **nxp, struct nx_info *nxi,
++ const char *_file, int _line)
++{
++ struct nx_info *nxo;
+
-+#define VXF_SCHED_HARD 0x00000100
-+#define VXF_SCHED_PRIO 0x00000200
-+#define VXF_SCHED_PAUSE 0x00000400
++ if (!nxi)
++ return;
+
-+#define VXF_VIRT_MEM 0x00010000
-+#define VXF_VIRT_UPTIME 0x00020000
-+#define VXF_VIRT_CPU 0x00040000
-+#define VXF_VIRT_LOAD 0x00080000
-+#define VXF_VIRT_TIME 0x00100000
++ vxlprintk(VXD_CBIT(nid, 3), "set_nx_info(%p[#%d.%d])",
++ nxi, nxi ? nxi->nx_id : 0,
++ nxi ? atomic_read(&nxi->nx_usecnt) : 0,
++ _file, _line);
+
-+#define VXF_HIDE_MOUNT 0x01000000
-+/* was VXF_HIDE_NETIF 0x02000000 */
-+#define VXF_HIDE_VINFO 0x04000000
++ atomic_inc(&nxi->nx_usecnt);
++ nxo = xchg(nxp, nxi);
++ BUG_ON(nxo);
++}
+
-+#define VXF_STATE_SETUP (1ULL << 32)
-+#define VXF_STATE_INIT (1ULL << 33)
-+#define VXF_STATE_ADMIN (1ULL << 34)
++#define clr_nx_info(p) __clr_nx_info(p, __FILE__, __LINE__)
+
-+#define VXF_SC_HELPER (1ULL << 36)
-+#define VXF_REBOOT_KILL (1ULL << 37)
-+#define VXF_PERSISTENT (1ULL << 38)
++static inline void __clr_nx_info(struct nx_info **nxp,
++ const char *_file, int _line)
++{
++ struct nx_info *nxo;
+
-+#define VXF_FORK_RSS (1ULL << 48)
-+#define VXF_PROLIFIC (1ULL << 49)
++ nxo = xchg(nxp, NULL);
++ if (!nxo)
++ return;
+
-+#define VXF_IGNEG_NICE (1ULL << 52)
++ vxlprintk(VXD_CBIT(nid, 3), "clr_nx_info(%p[#%d.%d])",
++ nxo, nxo ? nxo->nx_id : 0,
++ nxo ? atomic_read(&nxo->nx_usecnt) : 0,
++ _file, _line);
+
-+#define VXF_ONE_TIME (0x0007ULL << 32)
++ if (atomic_dec_and_test(&nxo->nx_usecnt))
++ free_nx_info(nxo);
++}
+
-+#define VXF_INIT_SET (VXF_STATE_SETUP | VXF_STATE_INIT | VXF_STATE_ADMIN)
+
++#define claim_nx_info(v, p) __claim_nx_info(v, p, __FILE__, __LINE__)
+
-+/* context migration */
++static inline void __claim_nx_info(struct nx_info *nxi,
++ struct task_struct *task, const char *_file, int _line)
++{
++ vxlprintk(VXD_CBIT(nid, 3), "claim_nx_info(%p[#%d.%d.%d]) %p",
++ nxi, nxi ? nxi->nx_id : 0,
++ nxi?atomic_read(&nxi->nx_usecnt):0,
++ nxi?atomic_read(&nxi->nx_tasks):0,
++ task, _file, _line);
+
-+#define VXM_SET_INIT 0x00000001
-+#define VXM_SET_REAPER 0x00000002
++ atomic_inc(&nxi->nx_tasks);
++}
+
-+/* context caps */
+
-+#define VXC_CAP_MASK 0x00000000
++extern void unhash_nx_info(struct nx_info *);
+
-+#define VXC_SET_UTSNAME 0x00000001
-+#define VXC_SET_RLIMIT 0x00000002
-+#define VXC_FS_SECURITY 0x00000004
-+#define VXC_FS_TRUSTED 0x00000008
-+#define VXC_TIOCSTI 0x00000010
++#define release_nx_info(v, p) __release_nx_info(v, p, __FILE__, __LINE__)
+
-+/* was VXC_RAW_ICMP 0x00000100 */
-+#define VXC_SYSLOG 0x00001000
-+#define VXC_OOM_ADJUST 0x00002000
-+#define VXC_AUDIT_CONTROL 0x00004000
++static inline void __release_nx_info(struct nx_info *nxi,
++ struct task_struct *task, const char *_file, int _line)
++{
++ vxlprintk(VXD_CBIT(nid, 3), "release_nx_info(%p[#%d.%d.%d]) %p",
++ nxi, nxi ? nxi->nx_id : 0,
++ nxi ? atomic_read(&nxi->nx_usecnt) : 0,
++ nxi ? atomic_read(&nxi->nx_tasks) : 0,
++ task, _file, _line);
+
-+#define VXC_SECURE_MOUNT 0x00010000
-+#define VXC_SECURE_REMOUNT 0x00020000
-+#define VXC_BINARY_MOUNT 0x00040000
++ might_sleep();
+
-+#define VXC_QUOTA_CTL 0x00100000
-+#define VXC_ADMIN_MAPPER 0x00200000
-+#define VXC_ADMIN_CLOOP 0x00400000
++ if (atomic_dec_and_test(&nxi->nx_tasks))
++ unhash_nx_info(nxi);
++}
+
-+#define VXC_KTHREAD 0x01000000
-+#define VXC_NAMESPACE 0x02000000
+
++#define task_get_nx_info(i) __task_get_nx_info(i, __FILE__, __LINE__)
+
-+#ifdef __KERNEL__
++static __inline__ struct nx_info *__task_get_nx_info(struct task_struct *p,
++ const char *_file, int _line)
++{
++ struct nx_info *nxi;
+
-+#include <linux/list.h>
-+#include <linux/spinlock.h>
-+#include <linux/rcupdate.h>
++ task_lock(p);
++ vxlprintk(VXD_CBIT(nid, 5), "task_get_nx_info(%p)",
++ p, _file, _line);
++ nxi = __get_nx_info(p->nx_info, _file, _line);
++ task_unlock(p);
++ return nxi;
++}
+
-+#include "limit_def.h"
-+#include "sched_def.h"
-+#include "cvirt_def.h"
-+#include "cacct_def.h"
-+#include "device_def.h"
+
-+#define VX_SPACES 2
++static inline void exit_nx_info(struct task_struct *p)
++{
++ if (p->nx_info)
++ release_nx_info(p->nx_info, p);
++}
+
-+struct _vx_info_pc {
-+ struct _vx_sched_pc sched_pc;
-+ struct _vx_cvirt_pc cvirt_pc;
-+};
+
-+struct vx_info {
-+ struct hlist_node vx_hlist; /* linked list of contexts */
-+ xid_t vx_id; /* context id */
-+ atomic_t vx_usecnt; /* usage count */
-+ atomic_t vx_tasks; /* tasks count */
-+ struct vx_info *vx_parent; /* parent context */
-+ int vx_state; /* context state */
++#else
++#warning duplicate inclusion
++#endif
+diff -NurpP --minimal linux-3.9.4/include/linux/vs_pid.h linux-3.9.4-vs2.3.6.2/include/linux/vs_pid.h
+--- linux-3.9.4/include/linux/vs_pid.h 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/linux/vs_pid.h 2013-05-31 14:47:11.000000000 +0000
+@@ -0,0 +1,50 @@
++#ifndef _VS_PID_H
++#define _VS_PID_H
+
-+ unsigned long vx_nsmask[VX_SPACES]; /* assignment mask */
-+ struct nsproxy *vx_nsproxy[VX_SPACES]; /* private namespaces */
-+ struct fs_struct *vx_fs[VX_SPACES]; /* private namespace fs */
++#include "vserver/base.h"
++#include "vserver/check.h"
++#include "vserver/context.h"
++#include "vserver/debug.h"
++#include "vserver/pid.h"
++#include <linux/pid_namespace.h>
+
-+ uint64_t vx_flags; /* context flags */
-+ uint64_t vx_ccaps; /* context caps (vserver) */
-+ kernel_cap_t vx_bcaps; /* bounding caps (system) */
-+ unsigned long vx_umask; /* unshare mask (guest) */
+
-+ struct task_struct *vx_reaper; /* guest reaper process */
-+ pid_t vx_initpid; /* PID of guest init */
-+ int64_t vx_badness_bias; /* OOM points bias */
++#define VXF_FAKE_INIT (VXF_INFO_INIT | VXF_STATE_INIT)
+
-+ struct _vx_limit limit; /* vserver limits */
-+ struct _vx_sched sched; /* vserver scheduler */
-+ struct _vx_cvirt cvirt; /* virtual/bias stuff */
-+ struct _vx_cacct cacct; /* context accounting */
++static inline
++int vx_proc_task_visible(struct task_struct *task)
++{
++ if ((task->pid == 1) &&
++ !vx_flags(VXF_FAKE_INIT, VXF_FAKE_INIT))
++ /* show a blend through init */
++ goto visible;
++ if (vx_check(vx_task_xid(task), VS_WATCH | VS_IDENT))
++ goto visible;
++ return 0;
++visible:
++ return 1;
++}
+
-+ struct _vx_device dmap; /* default device map targets */
++#define find_task_by_real_pid(pid) find_task_by_pid_ns(pid, &init_pid_ns)
+
-+#ifndef CONFIG_SMP
-+ struct _vx_info_pc info_pc; /* per cpu data */
-+#else
-+ struct _vx_info_pc *ptr_pc; /* per cpu array */
-+#endif
+
-+ wait_queue_head_t vx_wait; /* context exit waitqueue */
-+ int reboot_cmd; /* last sys_reboot() cmd */
-+ int exit_code; /* last process exit code */
++static inline
++struct task_struct *vx_get_proc_task(struct inode *inode, struct pid *pid)
++{
++ struct task_struct *task = get_pid_task(pid, PIDTYPE_PID);
++
++ if (task && !vx_proc_task_visible(task)) {
++ vxdprintk(VXD_CBIT(misc, 6),
++ "dropping task (get) %p[#%u,%u] for %p[#%u,%u]",
++ task, task->xid, task->pid,
++ current, current->xid, current->pid);
++ put_task_struct(task);
++ task = NULL;
++ }
++ return task;
++}
+
-+ char vx_name[65]; /* vserver name */
-+};
+
-+#ifndef CONFIG_SMP
-+#define vx_ptr_pc(vxi) (&(vxi)->info_pc)
-+#define vx_per_cpu(vxi, v, id) vx_ptr_pc(vxi)->v
+#else
-+#define vx_ptr_pc(vxi) ((vxi)->ptr_pc)
-+#define vx_per_cpu(vxi, v, id) per_cpu_ptr(vx_ptr_pc(vxi), id)->v
++#warning duplicate inclusion
+#endif
+diff -NurpP --minimal linux-3.9.4/include/linux/vs_sched.h linux-3.9.4-vs2.3.6.2/include/linux/vs_sched.h
+--- linux-3.9.4/include/linux/vs_sched.h 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/linux/vs_sched.h 2013-05-31 14:47:11.000000000 +0000
+@@ -0,0 +1,40 @@
++#ifndef _VS_SCHED_H
++#define _VS_SCHED_H
+
-+#define vx_cpu(vxi, v) vx_per_cpu(vxi, v, smp_processor_id())
-+
++#include "vserver/base.h"
++#include "vserver/context.h"
++#include "vserver/sched.h"
+
-+struct vx_info_save {
-+ struct vx_info *vxi;
-+ xid_t xid;
-+};
+
++#define MAX_PRIO_BIAS 20
++#define MIN_PRIO_BIAS -20
+
-+/* status flags */
++static inline
++int vx_adjust_prio(struct task_struct *p, int prio, int max_user)
++{
++ struct vx_info *vxi = p->vx_info;
+
-+#define VXS_HASHED 0x0001
-+#define VXS_PAUSED 0x0010
-+#define VXS_SHUTDOWN 0x0100
-+#define VXS_HELPER 0x1000
-+#define VXS_RELEASED 0x8000
++ if (vxi)
++ prio += vx_cpu(vxi, sched_pc).prio_bias;
++ return prio;
++}
+
++static inline void vx_account_user(struct vx_info *vxi,
++ cputime_t cputime, int nice)
++{
++ if (!vxi)
++ return;
++ vx_cpu(vxi, sched_pc).user_ticks += cputime;
++}
+
-+extern void claim_vx_info(struct vx_info *, struct task_struct *);
-+extern void release_vx_info(struct vx_info *, struct task_struct *);
++static inline void vx_account_system(struct vx_info *vxi,
++ cputime_t cputime, int idle)
++{
++ if (!vxi)
++ return;
++ vx_cpu(vxi, sched_pc).sys_ticks += cputime;
++}
+
-+extern struct vx_info *lookup_vx_info(int);
-+extern struct vx_info *lookup_or_create_vx_info(int);
++#else
++#warning duplicate inclusion
++#endif
+diff -NurpP --minimal linux-3.9.4/include/linux/vs_socket.h linux-3.9.4-vs2.3.6.2/include/linux/vs_socket.h
+--- linux-3.9.4/include/linux/vs_socket.h 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/linux/vs_socket.h 2013-05-31 14:47:11.000000000 +0000
+@@ -0,0 +1,67 @@
++#ifndef _VS_SOCKET_H
++#define _VS_SOCKET_H
+
-+extern int get_xid_list(int, unsigned int *, int);
-+extern int xid_is_hashed(xid_t);
++#include "vserver/debug.h"
++#include "vserver/base.h"
++#include "vserver/cacct.h"
++#include "vserver/context.h"
++#include "vserver/tag.h"
+
-+extern int vx_migrate_task(struct task_struct *, struct vx_info *, int);
+
-+extern long vs_state_change(struct vx_info *, unsigned int);
++/* socket accounting */
+
++#include <linux/socket.h>
+
-+#endif /* __KERNEL__ */
-+#endif /* _VX_CONTEXT_H */
-diff -NurpP --minimal linux-2.6.35.4/include/linux/vserver/cvirt_cmd.h linux-2.6.35.4-vs2.3.0.36.32/include/linux/vserver/cvirt_cmd.h
---- linux-2.6.35.4/include/linux/vserver/cvirt_cmd.h 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/include/linux/vserver/cvirt_cmd.h 2010-08-02 17:05:06.000000000 +0200
-@@ -0,0 +1,53 @@
-+#ifndef _VX_CVIRT_CMD_H
-+#define _VX_CVIRT_CMD_H
++static inline int vx_sock_type(int family)
++{
++ switch (family) {
++ case PF_UNSPEC:
++ return VXA_SOCK_UNSPEC;
++ case PF_UNIX:
++ return VXA_SOCK_UNIX;
++ case PF_INET:
++ return VXA_SOCK_INET;
++ case PF_INET6:
++ return VXA_SOCK_INET6;
++ case PF_PACKET:
++ return VXA_SOCK_PACKET;
++ default:
++ return VXA_SOCK_OTHER;
++ }
++}
+
++#define vx_acc_sock(v, f, p, s) \
++ __vx_acc_sock(v, f, p, s, __FILE__, __LINE__)
+
-+/* virtual host info name commands */
++static inline void __vx_acc_sock(struct vx_info *vxi,
++ int family, int pos, int size, char *file, int line)
++{
++ if (vxi) {
++ int type = vx_sock_type(family);
+
-+#define VCMD_set_vhi_name VC_CMD(VHOST, 1, 0)
-+#define VCMD_get_vhi_name VC_CMD(VHOST, 2, 0)
++ atomic_long_inc(&vxi->cacct.sock[type][pos].count);
++ atomic_long_add(size, &vxi->cacct.sock[type][pos].total);
++ }
++}
+
-+struct vcmd_vhi_name_v0 {
-+ uint32_t field;
-+ char name[65];
-+};
++#define vx_sock_recv(sk, s) \
++ vx_acc_sock((sk)->sk_vx_info, (sk)->sk_family, 0, s)
++#define vx_sock_send(sk, s) \
++ vx_acc_sock((sk)->sk_vx_info, (sk)->sk_family, 1, s)
++#define vx_sock_fail(sk, s) \
++ vx_acc_sock((sk)->sk_vx_info, (sk)->sk_family, 2, s)
+
+
-+enum vhi_name_field {
-+ VHIN_CONTEXT = 0,
-+ VHIN_SYSNAME,
-+ VHIN_NODENAME,
-+ VHIN_RELEASE,
-+ VHIN_VERSION,
-+ VHIN_MACHINE,
-+ VHIN_DOMAINNAME,
-+};
++#define sock_vx_init(s) do { \
++ (s)->sk_xid = 0; \
++ (s)->sk_vx_info = NULL; \
++ } while (0)
+
++#define sock_nx_init(s) do { \
++ (s)->sk_nid = 0; \
++ (s)->sk_nx_info = NULL; \
++ } while (0)
+
-+#ifdef __KERNEL__
++#else
++#warning duplicate inclusion
++#endif
+diff -NurpP --minimal linux-3.9.4/include/linux/vs_tag.h linux-3.9.4-vs2.3.6.2/include/linux/vs_tag.h
+--- linux-3.9.4/include/linux/vs_tag.h 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/linux/vs_tag.h 2013-05-31 14:47:11.000000000 +0000
+@@ -0,0 +1,47 @@
++#ifndef _VS_TAG_H
++#define _VS_TAG_H
+
-+#include <linux/compiler.h>
++#include <linux/vserver/tag.h>
+
-+extern int vc_set_vhi_name(struct vx_info *, void __user *);
-+extern int vc_get_vhi_name(struct vx_info *, void __user *);
++/* check conditions */
+
-+#endif /* __KERNEL__ */
++#define DX_ADMIN 0x0001
++#define DX_WATCH 0x0002
++#define DX_HOSTID 0x0008
+
-+#define VCMD_virt_stat VC_CMD(VSTAT, 3, 0)
++#define DX_IDENT 0x0010
+
-+struct vcmd_virt_stat_v0 {
-+ uint64_t offset;
-+ uint64_t uptime;
-+ uint32_t nr_threads;
-+ uint32_t nr_running;
-+ uint32_t nr_uninterruptible;
-+ uint32_t nr_onhold;
-+ uint32_t nr_forks;
-+ uint32_t load[3];
-+};
++#define DX_ARG_MASK 0x0010
+
-+#ifdef __KERNEL__
-+extern int vc_virt_stat(struct vx_info *, void __user *);
+
-+#endif /* __KERNEL__ */
-+#endif /* _VX_CVIRT_CMD_H */
-diff -NurpP --minimal linux-2.6.35.4/include/linux/vserver/cvirt_def.h linux-2.6.35.4-vs2.3.0.36.32/include/linux/vserver/cvirt_def.h
---- linux-2.6.35.4/include/linux/vserver/cvirt_def.h 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/include/linux/vserver/cvirt_def.h 2010-08-02 17:05:06.000000000 +0200
-@@ -0,0 +1,80 @@
-+#ifndef _VX_CVIRT_DEF_H
-+#define _VX_CVIRT_DEF_H
++#define dx_task_tag(t) ((t)->tag)
+
-+#include <linux/jiffies.h>
-+#include <linux/spinlock.h>
-+#include <linux/wait.h>
-+#include <linux/time.h>
-+#include <asm/atomic.h>
++#define dx_current_tag() dx_task_tag(current)
+
++#define dx_check(c, m) __dx_check(dx_current_tag(), c, m)
+
-+struct _vx_usage_stat {
-+ uint64_t user;
-+ uint64_t nice;
-+ uint64_t system;
-+ uint64_t softirq;
-+ uint64_t irq;
-+ uint64_t idle;
-+ uint64_t iowait;
-+};
++#define dx_weak_check(c, m) ((m) ? dx_check(c, m) : 1)
+
-+struct _vx_syslog {
-+ wait_queue_head_t log_wait;
-+ spinlock_t logbuf_lock; /* lock for the log buffer */
+
-+ unsigned long log_start; /* next char to be read by syslog() */
-+ unsigned long con_start; /* next char to be sent to consoles */
-+ unsigned long log_end; /* most-recently-written-char + 1 */
-+ unsigned long logged_chars; /* #chars since last read+clear operation */
++/*
++ * check current context for ADMIN/WATCH and
++ * optionally against supplied argument
++ */
++static inline int __dx_check(tag_t cid, tag_t id, unsigned int mode)
++{
++ if (mode & DX_ARG_MASK) {
++ if ((mode & DX_IDENT) && (id == cid))
++ return 1;
++ }
++ return (((mode & DX_ADMIN) && (cid == 0)) ||
++ ((mode & DX_WATCH) && (cid == 1)) ||
++ ((mode & DX_HOSTID) && (id == 0)));
++}
+
-+ char log_buf[1024];
-+};
++struct inode;
++int dx_permission(const struct inode *inode, int mask);
+
+
-+/* context sub struct */
++#else
++#warning duplicate inclusion
++#endif
+diff -NurpP --minimal linux-3.9.4/include/linux/vs_time.h linux-3.9.4-vs2.3.6.2/include/linux/vs_time.h
+--- linux-3.9.4/include/linux/vs_time.h 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/linux/vs_time.h 2013-05-31 14:47:11.000000000 +0000
+@@ -0,0 +1,19 @@
++#ifndef _VS_TIME_H
++#define _VS_TIME_H
+
-+struct _vx_cvirt {
-+ atomic_t nr_threads; /* number of current threads */
-+ atomic_t nr_running; /* number of running threads */
-+ atomic_t nr_uninterruptible; /* number of uninterruptible threads */
+
-+ atomic_t nr_onhold; /* processes on hold */
-+ uint32_t onhold_last; /* jiffies when put on hold */
++/* time faking stuff */
+
-+ struct timeval bias_tv; /* time offset to the host */
-+ struct timespec bias_idle;
-+ struct timespec bias_uptime; /* context creation point */
-+ uint64_t bias_clock; /* offset in clock_t */
++#ifdef CONFIG_VSERVER_VTIME
+
-+ spinlock_t load_lock; /* lock for the load averages */
-+ atomic_t load_updates; /* nr of load updates done so far */
-+ uint32_t load_last; /* last time load was calculated */
-+ uint32_t load[3]; /* load averages 1,5,15 */
++extern void vx_adjust_timespec(struct timespec *ts);
++extern int vx_settimeofday(const struct timespec *ts);
+
-+ atomic_t total_forks; /* number of forks so far */
++#else
++#define vx_adjust_timespec(t) do { } while (0)
++#define vx_settimeofday(t) do_settimeofday(t)
++#endif
+
-+ struct _vx_syslog syslog;
-+};
++#else
++#warning duplicate inclusion
++#endif
+diff -NurpP --minimal linux-3.9.4/include/linux/vserver/base.h linux-3.9.4-vs2.3.6.2/include/linux/vserver/base.h
+--- linux-3.9.4/include/linux/vserver/base.h 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/linux/vserver/base.h 2013-05-31 17:55:09.000000000 +0000
+@@ -0,0 +1,181 @@
++#ifndef _VSERVER_BASE_H
++#define _VSERVER_BASE_H
+
-+struct _vx_cvirt_pc {
-+ struct _vx_usage_stat cpustat;
-+};
+
++/* context state changes */
+
-+#ifdef CONFIG_VSERVER_DEBUG
++enum {
++ VSC_STARTUP = 1,
++ VSC_SHUTDOWN,
+
-+static inline void __dump_vx_cvirt(struct _vx_cvirt *cvirt)
-+{
-+ printk("\t_vx_cvirt:\n");
-+ printk("\t threads: %4d, %4d, %4d, %4d\n",
-+ atomic_read(&cvirt->nr_threads),
-+ atomic_read(&cvirt->nr_running),
-+ atomic_read(&cvirt->nr_uninterruptible),
-+ atomic_read(&cvirt->nr_onhold));
-+ /* add rest here */
-+ printk("\t total_forks = %d\n", atomic_read(&cvirt->total_forks));
-+}
++ VSC_NETUP,
++ VSC_NETDOWN,
++};
+
-+#endif
+
-+#endif /* _VX_CVIRT_DEF_H */
-diff -NurpP --minimal linux-2.6.35.4/include/linux/vserver/cvirt.h linux-2.6.35.4-vs2.3.0.36.32/include/linux/vserver/cvirt.h
---- linux-2.6.35.4/include/linux/vserver/cvirt.h 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/include/linux/vserver/cvirt.h 2010-08-02 17:05:06.000000000 +0200
-@@ -0,0 +1,20 @@
-+#ifndef _VX_CVIRT_H
-+#define _VX_CVIRT_H
+
++#define vx_task_xid(t) ((t)->xid)
+
-+#ifdef __KERNEL__
++#define vx_current_xid() vx_task_xid(current)
+
-+struct timespec;
++#define current_vx_info() (current->vx_info)
+
-+void vx_vsi_uptime(struct timespec *, struct timespec *);
+
++#define nx_task_nid(t) ((t)->nid)
+
-+struct vx_info;
++#define nx_current_nid() nx_task_nid(current)
+
-+void vx_update_load(struct vx_info *);
++#define current_nx_info() (current->nx_info)
+
+
-+int vx_do_syslog(int, char __user *, int);
++/* generic flag merging */
+
-+#endif /* __KERNEL__ */
-+#endif /* _VX_CVIRT_H */
-diff -NurpP --minimal linux-2.6.35.4/include/linux/vserver/debug_cmd.h linux-2.6.35.4-vs2.3.0.36.32/include/linux/vserver/debug_cmd.h
---- linux-2.6.35.4/include/linux/vserver/debug_cmd.h 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/include/linux/vserver/debug_cmd.h 2010-08-02 17:05:06.000000000 +0200
-@@ -0,0 +1,58 @@
-+#ifndef _VX_DEBUG_CMD_H
-+#define _VX_DEBUG_CMD_H
++#define vs_check_flags(v, m, f) (((v) & (m)) ^ (f))
+
++#define vs_mask_flags(v, f, m) (((v) & ~(m)) | ((f) & (m)))
+
-+/* debug commands */
++#define vs_mask_mask(v, f, m) (((v) & ~(m)) | ((v) & (f) & (m)))
+
-+#define VCMD_dump_history VC_CMD(DEBUG, 1, 0)
++#define vs_check_bit(v, n) ((v) & (1LL << (n)))
+
-+#define VCMD_read_history VC_CMD(DEBUG, 5, 0)
-+#define VCMD_read_monitor VC_CMD(DEBUG, 6, 0)
+
-+struct vcmd_read_history_v0 {
-+ uint32_t index;
-+ uint32_t count;
-+ char __user *data;
-+};
++/* context flags */
+
-+struct vcmd_read_monitor_v0 {
-+ uint32_t index;
-+ uint32_t count;
-+ char __user *data;
-+};
++#define __vx_flags(v) ((v) ? (v)->vx_flags : 0)
+
++#define vx_current_flags() __vx_flags(current_vx_info())
+
-+#ifdef __KERNEL__
++#define vx_info_flags(v, m, f) \
++ vs_check_flags(__vx_flags(v), m, f)
+
-+#ifdef CONFIG_COMPAT
++#define task_vx_flags(t, m, f) \
++ ((t) && vx_info_flags((t)->vx_info, m, f))
+
-+#include <asm/compat.h>
++#define vx_flags(m, f) vx_info_flags(current_vx_info(), m, f)
+
-+struct vcmd_read_history_v0_x32 {
-+ uint32_t index;
-+ uint32_t count;
-+ compat_uptr_t data_ptr;
-+};
+
-+struct vcmd_read_monitor_v0_x32 {
-+ uint32_t index;
-+ uint32_t count;
-+ compat_uptr_t data_ptr;
-+};
++/* context caps */
+
-+#endif /* CONFIG_COMPAT */
++#define __vx_ccaps(v) ((v) ? (v)->vx_ccaps : 0)
+
-+extern int vc_dump_history(uint32_t);
++#define vx_current_ccaps() __vx_ccaps(current_vx_info())
+
-+extern int vc_read_history(uint32_t, void __user *);
-+extern int vc_read_monitor(uint32_t, void __user *);
++#define vx_info_ccaps(v, c) (__vx_ccaps(v) & (c))
+
-+#ifdef CONFIG_COMPAT
++#define vx_ccaps(c) vx_info_ccaps(current_vx_info(), (c))
+
-+extern int vc_read_history_x32(uint32_t, void __user *);
-+extern int vc_read_monitor_x32(uint32_t, void __user *);
+
-+#endif /* CONFIG_COMPAT */
+
-+#endif /* __KERNEL__ */
-+#endif /* _VX_DEBUG_CMD_H */
-diff -NurpP --minimal linux-2.6.35.4/include/linux/vserver/debug.h linux-2.6.35.4-vs2.3.0.36.32/include/linux/vserver/debug.h
---- linux-2.6.35.4/include/linux/vserver/debug.h 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/include/linux/vserver/debug.h 2010-08-02 17:05:06.000000000 +0200
-@@ -0,0 +1,127 @@
-+#ifndef _VX_DEBUG_H
-+#define _VX_DEBUG_H
++/* network flags */
+
++#define __nx_flags(n) ((n) ? (n)->nx_flags : 0)
+
-+#define VXD_CBIT(n, m) (vx_debug_ ## n & (1 << (m)))
-+#define VXD_CMIN(n, m) (vx_debug_ ## n > (m))
-+#define VXD_MASK(n, m) (vx_debug_ ## n & (m))
++#define nx_current_flags() __nx_flags(current_nx_info())
+
-+#define VXD_DEV(d) (d), (d)->bd_inode->i_ino, \
-+ imajor((d)->bd_inode), iminor((d)->bd_inode)
-+#define VXF_DEV "%p[%lu,%d:%d]"
++#define nx_info_flags(n, m, f) \
++ vs_check_flags(__nx_flags(n), m, f)
+
++#define task_nx_flags(t, m, f) \
++ ((t) && nx_info_flags((t)->nx_info, m, f))
+
-+#define vxd_path(p) \
-+ ({ static char _buffer[PATH_MAX]; \
-+ d_path(p, _buffer, sizeof(_buffer)); })
++#define nx_flags(m, f) nx_info_flags(current_nx_info(), m, f)
+
-+#define vxd_cond_path(n) \
-+ ((n) ? vxd_path(&(n)->path) : "<null>" )
+
++/* network caps */
+
-+#ifdef CONFIG_VSERVER_DEBUG
++#define __nx_ncaps(n) ((n) ? (n)->nx_ncaps : 0)
+
-+extern unsigned int vx_debug_switch;
-+extern unsigned int vx_debug_xid;
-+extern unsigned int vx_debug_nid;
-+extern unsigned int vx_debug_tag;
-+extern unsigned int vx_debug_net;
-+extern unsigned int vx_debug_limit;
-+extern unsigned int vx_debug_cres;
-+extern unsigned int vx_debug_dlim;
-+extern unsigned int vx_debug_quota;
-+extern unsigned int vx_debug_cvirt;
-+extern unsigned int vx_debug_space;
-+extern unsigned int vx_debug_misc;
++#define nx_current_ncaps() __nx_ncaps(current_nx_info())
+
++#define nx_info_ncaps(n, c) (__nx_ncaps(n) & (c))
+
-+#define VX_LOGLEVEL "vxD: "
-+#define VX_PROC_FMT "%p: "
-+#define VX_PROCESS current
++#define nx_ncaps(c) nx_info_ncaps(current_nx_info(), c)
+
-+#define vxdprintk(c, f, x...) \
-+ do { \
-+ if (c) \
-+ printk(VX_LOGLEVEL VX_PROC_FMT f "\n", \
-+ VX_PROCESS , ##x); \
-+ } while (0)
+
-+#define vxlprintk(c, f, x...) \
-+ do { \
-+ if (c) \
-+ printk(VX_LOGLEVEL f " @%s:%d\n", x); \
-+ } while (0)
++/* context mask capabilities */
+
-+#define vxfprintk(c, f, x...) \
-+ do { \
-+ if (c) \
-+ printk(VX_LOGLEVEL f " %s@%s:%d\n", x); \
-+ } while (0)
++#define __vx_mcaps(v) ((v) ? (v)->vx_ccaps >> 32UL : ~0 )
+
++#define vx_info_mcaps(v, c) (__vx_mcaps(v) & (c))
+
-+struct vx_info;
++#define vx_mcaps(c) vx_info_mcaps(current_vx_info(), c)
+
-+void dump_vx_info(struct vx_info *, int);
-+void dump_vx_info_inactive(int);
+
-+#else /* CONFIG_VSERVER_DEBUG */
++/* context bcap mask */
+
-+#define vx_debug_switch 0
-+#define vx_debug_xid 0
-+#define vx_debug_nid 0
-+#define vx_debug_tag 0
-+#define vx_debug_net 0
-+#define vx_debug_limit 0
-+#define vx_debug_cres 0
-+#define vx_debug_dlim 0
-+#define vx_debug_cvirt 0
++#define __vx_bcaps(v) ((v)->vx_bcaps)
+
-+#define vxdprintk(x...) do { } while (0)
-+#define vxlprintk(x...) do { } while (0)
-+#define vxfprintk(x...) do { } while (0)
++#define vx_current_bcaps() __vx_bcaps(current_vx_info())
+
-+#endif /* CONFIG_VSERVER_DEBUG */
+
++/* mask given bcaps */
+
-+#ifdef CONFIG_VSERVER_WARN
++#define vx_info_mbcaps(v, c) ((v) ? cap_intersect(__vx_bcaps(v), c) : c)
+
-+#define VX_WARNLEVEL KERN_WARNING "vxW: "
-+#define VX_WARN_TASK "[»%s«,%u:#%u|%u|%u] "
-+#define VX_WARN_XID "[xid #%u] "
-+#define VX_WARN_NID "[nid #%u] "
-+#define VX_WARN_TAG "[tag #%u] "
++#define vx_mbcaps(c) vx_info_mbcaps(current_vx_info(), c)
+
-+#define vxwprintk(c, f, x...) \
-+ do { \
-+ if (c) \
-+ printk(VX_WARNLEVEL f "\n", ##x); \
-+ } while (0)
+
-+#else /* CONFIG_VSERVER_WARN */
++/* masked cap_bset */
+
-+#define vxwprintk(x...) do { } while (0)
++#define vx_info_cap_bset(v) vx_info_mbcaps(v, current->cap_bset)
+
-+#endif /* CONFIG_VSERVER_WARN */
++#define vx_current_cap_bset() vx_info_cap_bset(current_vx_info())
+
-+#define vxwprintk_task(c, f, x...) \
-+ vxwprintk(c, VX_WARN_TASK f, \
-+ current->comm, current->pid, \
-+ current->xid, current->nid, current->tag, ##x)
-+#define vxwprintk_xid(c, f, x...) \
-+ vxwprintk(c, VX_WARN_XID f, current->xid, x)
-+#define vxwprintk_nid(c, f, x...) \
-+ vxwprintk(c, VX_WARN_NID f, current->nid, x)
-+#define vxwprintk_tag(c, f, x...) \
-+ vxwprintk(c, VX_WARN_TAG f, current->tag, x)
++#if 0
++#define vx_info_mbcap(v, b) \
++ (!vx_info_flags(v, VXF_STATE_SETUP, 0) ? \
++ vx_info_bcaps(v, b) : (b))
+
-+#ifdef CONFIG_VSERVER_DEBUG
-+#define vxd_assert_lock(l) assert_spin_locked(l)
-+#define vxd_assert(c, f, x...) vxlprintk(!(c), \
-+ "assertion [" f "] failed.", ##x, __FILE__, __LINE__)
-+#else
-+#define vxd_assert_lock(l) do { } while (0)
-+#define vxd_assert(c, f, x...) do { } while (0)
++#define task_vx_mbcap(t, b) \
++ vx_info_mbcap((t)->vx_info, (t)->b)
++
++#define vx_mbcap(b) task_vx_mbcap(current, b)
+#endif
+
++#define vx_cap_raised(v, c, f) cap_raised(vx_info_mbcaps(v, c), f)
+
-+#endif /* _VX_DEBUG_H */
-diff -NurpP --minimal linux-2.6.35.4/include/linux/vserver/device_cmd.h linux-2.6.35.4-vs2.3.0.36.32/include/linux/vserver/device_cmd.h
---- linux-2.6.35.4/include/linux/vserver/device_cmd.h 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/include/linux/vserver/device_cmd.h 2010-08-02 17:05:06.000000000 +0200
-@@ -0,0 +1,44 @@
-+#ifndef _VX_DEVICE_CMD_H
-+#define _VX_DEVICE_CMD_H
++#define vx_capable(b, c) (capable(b) || \
++ (cap_raised(current_cap(), b) && vx_ccaps(c)))
+
++#define vx_ns_capable(n, b, c) (ns_capable(n, b) || \
++ (cap_raised(current_cap(), b) && vx_ccaps(c)))
+
-+/* device vserver commands */
++#define nx_capable(b, c) (capable(b) || \
++ (cap_raised(current_cap(), b) && nx_ncaps(c)))
+
-+#define VCMD_set_mapping VC_CMD(DEVICE, 1, 0)
-+#define VCMD_unset_mapping VC_CMD(DEVICE, 2, 0)
++#define vx_task_initpid(t, n) \
++ ((t)->vx_info && \
++ ((t)->vx_info->vx_initpid == (n)))
+
-+struct vcmd_set_mapping_v0 {
-+ const char __user *device;
-+ const char __user *target;
-+ uint32_t flags;
-+};
++#define vx_current_initpid(n) vx_task_initpid(current, n)
+
+
-+#ifdef __KERNEL__
++/* context unshare mask */
+
-+#ifdef CONFIG_COMPAT
++#define __vx_umask(v) ((v)->vx_umask)
+
-+#include <asm/compat.h>
++#define vx_current_umask() __vx_umask(current_vx_info())
+
-+struct vcmd_set_mapping_v0_x32 {
-+ compat_uptr_t device_ptr;
-+ compat_uptr_t target_ptr;
-+ uint32_t flags;
-+};
++#define vx_can_unshare(b, f) (capable(b) || \
++ (cap_raised(current_cap(), b) && \
++ !((f) & ~vx_current_umask())))
+
-+#endif /* CONFIG_COMPAT */
++#define vx_ns_can_unshare(n, b, f) (ns_capable(n, b) || \
++ (cap_raised(current_cap(), b) && \
++ !((f) & ~vx_current_umask())))
+
-+#include <linux/compiler.h>
++#define __vx_wmask(v) ((v)->vx_wmask)
+
-+extern int vc_set_mapping(struct vx_info *, void __user *);
-+extern int vc_unset_mapping(struct vx_info *, void __user *);
++#define vx_current_wmask() __vx_wmask(current_vx_info())
+
-+#ifdef CONFIG_COMPAT
+
-+extern int vc_set_mapping_x32(struct vx_info *, void __user *);
-+extern int vc_unset_mapping_x32(struct vx_info *, void __user *);
++#define __vx_state(v) ((v) ? ((v)->vx_state) : 0)
+
-+#endif /* CONFIG_COMPAT */
++#define vx_info_state(v, m) (__vx_state(v) & (m))
+
-+#endif /* __KERNEL__ */
-+#endif /* _VX_DEVICE_CMD_H */
-diff -NurpP --minimal linux-2.6.35.4/include/linux/vserver/device_def.h linux-2.6.35.4-vs2.3.0.36.32/include/linux/vserver/device_def.h
---- linux-2.6.35.4/include/linux/vserver/device_def.h 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/include/linux/vserver/device_def.h 2010-08-02 17:05:06.000000000 +0200
-@@ -0,0 +1,17 @@
-+#ifndef _VX_DEVICE_DEF_H
-+#define _VX_DEVICE_DEF_H
+
-+#include <linux/types.h>
++#define __nx_state(n) ((n) ? ((n)->nx_state) : 0)
+
-+struct vx_dmap_target {
-+ dev_t target;
-+ uint32_t flags;
-+};
++#define nx_info_state(n, m) (__nx_state(n) & (m))
+
-+struct _vx_device {
-+#ifdef CONFIG_VSERVER_DEVICE
-+ struct vx_dmap_target targets[2];
+#endif
-+};
-+
-+#endif /* _VX_DEVICE_DEF_H */
-diff -NurpP --minimal linux-2.6.35.4/include/linux/vserver/device.h linux-2.6.35.4-vs2.3.0.36.32/include/linux/vserver/device.h
---- linux-2.6.35.4/include/linux/vserver/device.h 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/include/linux/vserver/device.h 2010-08-02 17:05:06.000000000 +0200
+diff -NurpP --minimal linux-3.9.4/include/linux/vserver/cacct.h linux-3.9.4-vs2.3.6.2/include/linux/vserver/cacct.h
+--- linux-3.9.4/include/linux/vserver/cacct.h 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/linux/vserver/cacct.h 2013-05-31 14:47:11.000000000 +0000
@@ -0,0 +1,15 @@
-+#ifndef _VX_DEVICE_H
-+#define _VX_DEVICE_H
-+
++#ifndef _VSERVER_CACCT_H
++#define _VSERVER_CACCT_H
+
-+#define DATTR_CREATE 0x00000001
-+#define DATTR_OPEN 0x00000002
+
-+#define DATTR_REMAP 0x00000010
++enum sock_acc_field {
++ VXA_SOCK_UNSPEC = 0,
++ VXA_SOCK_UNIX,
++ VXA_SOCK_INET,
++ VXA_SOCK_INET6,
++ VXA_SOCK_PACKET,
++ VXA_SOCK_OTHER,
++ VXA_SOCK_SIZE /* array size */
++};
+
-+#define DATTR_MASK 0x00000013
++#endif /* _VSERVER_CACCT_H */
+diff -NurpP --minimal linux-3.9.4/include/linux/vserver/cacct_cmd.h linux-3.9.4-vs2.3.6.2/include/linux/vserver/cacct_cmd.h
+--- linux-3.9.4/include/linux/vserver/cacct_cmd.h 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/linux/vserver/cacct_cmd.h 2013-05-31 14:47:11.000000000 +0000
+@@ -0,0 +1,10 @@
++#ifndef _VSERVER_CACCT_CMD_H
++#define _VSERVER_CACCT_CMD_H
+
+
-+#else /* _VX_DEVICE_H */
-+#warning duplicate inclusion
-+#endif /* _VX_DEVICE_H */
-diff -NurpP --minimal linux-2.6.35.4/include/linux/vserver/dlimit_cmd.h linux-2.6.35.4-vs2.3.0.36.32/include/linux/vserver/dlimit_cmd.h
---- linux-2.6.35.4/include/linux/vserver/dlimit_cmd.h 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/include/linux/vserver/dlimit_cmd.h 2010-08-02 17:05:06.000000000 +0200
-@@ -0,0 +1,109 @@
-+#ifndef _VX_DLIMIT_CMD_H
-+#define _VX_DLIMIT_CMD_H
++#include <linux/compiler.h>
++#include <uapi/vserver/cacct_cmd.h>
+
++extern int vc_sock_stat(struct vx_info *, void __user *);
+
-+/* dlimit vserver commands */
++#endif /* _VSERVER_CACCT_CMD_H */
+diff -NurpP --minimal linux-3.9.4/include/linux/vserver/cacct_def.h linux-3.9.4-vs2.3.6.2/include/linux/vserver/cacct_def.h
+--- linux-3.9.4/include/linux/vserver/cacct_def.h 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/linux/vserver/cacct_def.h 2013-05-31 14:47:11.000000000 +0000
+@@ -0,0 +1,43 @@
++#ifndef _VSERVER_CACCT_DEF_H
++#define _VSERVER_CACCT_DEF_H
+
-+#define VCMD_add_dlimit VC_CMD(DLIMIT, 1, 0)
-+#define VCMD_rem_dlimit VC_CMD(DLIMIT, 2, 0)
++#include <asm/atomic.h>
++#include <linux/vserver/cacct.h>
+
-+#define VCMD_set_dlimit VC_CMD(DLIMIT, 5, 0)
-+#define VCMD_get_dlimit VC_CMD(DLIMIT, 6, 0)
+
-+struct vcmd_ctx_dlimit_base_v0 {
-+ const char __user *name;
-+ uint32_t flags;
++struct _vx_sock_acc {
++ atomic_long_t count;
++ atomic_long_t total;
+};
+
-+struct vcmd_ctx_dlimit_v0 {
-+ const char __user *name;
-+ uint32_t space_used; /* used space in kbytes */
-+ uint32_t space_total; /* maximum space in kbytes */
-+ uint32_t inodes_used; /* used inodes */
-+ uint32_t inodes_total; /* maximum inodes */
-+ uint32_t reserved; /* reserved for root in % */
-+ uint32_t flags;
++/* context sub struct */
++
++struct _vx_cacct {
++ struct _vx_sock_acc sock[VXA_SOCK_SIZE][3];
++ atomic_t slab[8];
++ atomic_t page[6][8];
+};
+
-+#define CDLIM_UNSET ((uint32_t)0UL)
-+#define CDLIM_INFINITY ((uint32_t)~0UL)
-+#define CDLIM_KEEP ((uint32_t)~1UL)
++#ifdef CONFIG_VSERVER_DEBUG
+
-+#define DLIME_UNIT 0
-+#define DLIME_KILO 1
-+#define DLIME_MEGA 2
-+#define DLIME_GIGA 3
++static inline void __dump_vx_cacct(struct _vx_cacct *cacct)
++{
++ int i, j;
+
-+#define DLIMF_SHIFT 0x10
++ printk("\t_vx_cacct:");
++ for (i = 0; i < 6; i++) {
++ struct _vx_sock_acc *ptr = cacct->sock[i];
+
-+#define DLIMS_USED 0
-+#define DLIMS_TOTAL 2
++ printk("\t [%d] =", i);
++ for (j = 0; j < 3; j++) {
++ printk(" [%d] = %8lu, %8lu", j,
++ atomic_long_read(&ptr[j].count),
++ atomic_long_read(&ptr[j].total));
++ }
++ printk("\n");
++ }
++}
++
++#endif
++
++#endif /* _VSERVER_CACCT_DEF_H */
+diff -NurpP --minimal linux-3.9.4/include/linux/vserver/cacct_int.h linux-3.9.4-vs2.3.6.2/include/linux/vserver/cacct_int.h
+--- linux-3.9.4/include/linux/vserver/cacct_int.h 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/linux/vserver/cacct_int.h 2013-05-31 14:47:11.000000000 +0000
+@@ -0,0 +1,17 @@
++#ifndef _VSERVER_CACCT_INT_H
++#define _VSERVER_CACCT_INT_H
+
+static inline
-+uint64_t dlimit_space_32to64(uint32_t val, uint32_t flags, int shift)
++unsigned long vx_sock_count(struct _vx_cacct *cacct, int type, int pos)
+{
-+ int exp = (flags & DLIMF_SHIFT) ?
-+ (flags >> shift) & DLIME_GIGA : DLIME_KILO;
-+ return ((uint64_t)val) << (10 * exp);
++ return atomic_long_read(&cacct->sock[type][pos].count);
+}
+
++
+static inline
-+uint32_t dlimit_space_64to32(uint64_t val, uint32_t *flags, int shift)
++unsigned long vx_sock_total(struct _vx_cacct *cacct, int type, int pos)
+{
-+ int exp = 0;
-+
-+ if (*flags & DLIMF_SHIFT) {
-+ while (val > (1LL << 32) && (exp < 3)) {
-+ val >>= 10;
-+ exp++;
-+ }
-+ *flags &= ~(DLIME_GIGA << shift);
-+ *flags |= exp << shift;
-+ } else
-+ val >>= 10;
-+ return val;
++ return atomic_long_read(&cacct->sock[type][pos].total);
+}
+
-+#ifdef __KERNEL__
++#endif /* _VSERVER_CACCT_INT_H */
+diff -NurpP --minimal linux-3.9.4/include/linux/vserver/check.h linux-3.9.4-vs2.3.6.2/include/linux/vserver/check.h
+--- linux-3.9.4/include/linux/vserver/check.h 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/linux/vserver/check.h 2013-05-31 14:47:11.000000000 +0000
+@@ -0,0 +1,89 @@
++#ifndef _VSERVER_CHECK_H
++#define _VSERVER_CHECK_H
+
-+#ifdef CONFIG_COMPAT
+
-+#include <asm/compat.h>
++#define MAX_S_CONTEXT 65535 /* Arbitrary limit */
+
-+struct vcmd_ctx_dlimit_base_v0_x32 {
-+ compat_uptr_t name_ptr;
-+ uint32_t flags;
-+};
++#ifdef CONFIG_VSERVER_DYNAMIC_IDS
++#define MIN_D_CONTEXT 49152 /* dynamic contexts start here */
++#else
++#define MIN_D_CONTEXT 65536
++#endif
+
-+struct vcmd_ctx_dlimit_v0_x32 {
-+ compat_uptr_t name_ptr;
-+ uint32_t space_used; /* used space in kbytes */
-+ uint32_t space_total; /* maximum space in kbytes */
-+ uint32_t inodes_used; /* used inodes */
-+ uint32_t inodes_total; /* maximum inodes */
-+ uint32_t reserved; /* reserved for root in % */
-+ uint32_t flags;
-+};
++/* check conditions */
+
-+#endif /* CONFIG_COMPAT */
++#define VS_ADMIN 0x0001
++#define VS_WATCH 0x0002
++#define VS_HIDE 0x0004
++#define VS_HOSTID 0x0008
+
-+#include <linux/compiler.h>
++#define VS_IDENT 0x0010
++#define VS_EQUIV 0x0020
++#define VS_PARENT 0x0040
++#define VS_CHILD 0x0080
+
-+extern int vc_add_dlimit(uint32_t, void __user *);
-+extern int vc_rem_dlimit(uint32_t, void __user *);
++#define VS_ARG_MASK 0x00F0
+
-+extern int vc_set_dlimit(uint32_t, void __user *);
-+extern int vc_get_dlimit(uint32_t, void __user *);
++#define VS_DYNAMIC 0x0100
++#define VS_STATIC 0x0200
+
-+#ifdef CONFIG_COMPAT
++#define VS_ATR_MASK 0x0F00
+
-+extern int vc_add_dlimit_x32(uint32_t, void __user *);
-+extern int vc_rem_dlimit_x32(uint32_t, void __user *);
++#ifdef CONFIG_VSERVER_PRIVACY
++#define VS_ADMIN_P (0)
++#define VS_WATCH_P (0)
++#else
++#define VS_ADMIN_P VS_ADMIN
++#define VS_WATCH_P VS_WATCH
++#endif
+
-+extern int vc_set_dlimit_x32(uint32_t, void __user *);
-+extern int vc_get_dlimit_x32(uint32_t, void __user *);
++#define VS_HARDIRQ 0x1000
++#define VS_SOFTIRQ 0x2000
++#define VS_IRQ 0x4000
+
-+#endif /* CONFIG_COMPAT */
++#define VS_IRQ_MASK 0xF000
+
-+#endif /* __KERNEL__ */
-+#endif /* _VX_DLIMIT_CMD_H */
-diff -NurpP --minimal linux-2.6.35.4/include/linux/vserver/dlimit.h linux-2.6.35.4-vs2.3.0.36.32/include/linux/vserver/dlimit.h
---- linux-2.6.35.4/include/linux/vserver/dlimit.h 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/include/linux/vserver/dlimit.h 2010-08-02 17:05:06.000000000 +0200
-@@ -0,0 +1,54 @@
-+#ifndef _VX_DLIMIT_H
-+#define _VX_DLIMIT_H
++#include <linux/hardirq.h>
+
-+#include "switch.h"
++/*
++ * check current context for ADMIN/WATCH and
++ * optionally against supplied argument
++ */
++static inline int __vs_check(int cid, int id, unsigned int mode)
++{
++ if (mode & VS_ARG_MASK) {
++ if ((mode & VS_IDENT) && (id == cid))
++ return 1;
++ }
++ if (mode & VS_ATR_MASK) {
++ if ((mode & VS_DYNAMIC) &&
++ (id >= MIN_D_CONTEXT) &&
++ (id <= MAX_S_CONTEXT))
++ return 1;
++ if ((mode & VS_STATIC) &&
++ (id > 1) && (id < MIN_D_CONTEXT))
++ return 1;
++ }
++ if (mode & VS_IRQ_MASK) {
++ if ((mode & VS_IRQ) && unlikely(in_interrupt()))
++ return 1;
++ if ((mode & VS_HARDIRQ) && unlikely(in_irq()))
++ return 1;
++ if ((mode & VS_SOFTIRQ) && unlikely(in_softirq()))
++ return 1;
++ }
++ return (((mode & VS_ADMIN) && (cid == 0)) ||
++ ((mode & VS_WATCH) && (cid == 1)) ||
++ ((mode & VS_HOSTID) && (id == 0)));
++}
+
++#define vx_check(c, m) __vs_check(vx_current_xid(), c, (m) | VS_IRQ)
+
-+#ifdef __KERNEL__
++#define vx_weak_check(c, m) ((m) ? vx_check(c, m) : 1)
+
-+/* keep in sync with CDLIM_INFINITY */
+
-+#define DLIM_INFINITY (~0ULL)
++#define nx_check(c, m) __vs_check(nx_current_nid(), c, m)
++
++#define nx_weak_check(c, m) ((m) ? nx_check(c, m) : 1)
++
++#endif
+diff -NurpP --minimal linux-3.9.4/include/linux/vserver/context.h linux-3.9.4-vs2.3.6.2/include/linux/vserver/context.h
+--- linux-3.9.4/include/linux/vserver/context.h 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/linux/vserver/context.h 2013-05-31 14:47:11.000000000 +0000
+@@ -0,0 +1,110 @@
++#ifndef _VSERVER_CONTEXT_H
++#define _VSERVER_CONTEXT_H
+
++
++#include <linux/list.h>
+#include <linux/spinlock.h>
+#include <linux/rcupdate.h>
++#include <uapi/vserver/context.h>
+
-+struct super_block;
++#include "limit_def.h"
++#include "sched_def.h"
++#include "cvirt_def.h"
++#include "cacct_def.h"
++#include "device_def.h"
+
-+struct dl_info {
-+ struct hlist_node dl_hlist; /* linked list of contexts */
-+ struct rcu_head dl_rcu; /* the rcu head */
-+ tag_t dl_tag; /* context tag */
-+ atomic_t dl_usecnt; /* usage count */
-+ atomic_t dl_refcnt; /* reference count */
++#define VX_SPACES 2
+
-+ struct super_block *dl_sb; /* associated superblock */
++struct _vx_info_pc {
++ struct _vx_sched_pc sched_pc;
++ struct _vx_cvirt_pc cvirt_pc;
++};
+
-+ spinlock_t dl_lock; /* protect the values */
++struct _vx_space {
++ unsigned long vx_nsmask; /* assignment mask */
++ struct nsproxy *vx_nsproxy; /* private namespaces */
++ struct fs_struct *vx_fs; /* private namespace fs */
++ const struct cred *vx_cred; /* task credentials */
++};
+
-+ unsigned long long dl_space_used; /* used space in bytes */
-+ unsigned long long dl_space_total; /* maximum space in bytes */
-+ unsigned long dl_inodes_used; /* used inodes */
-+ unsigned long dl_inodes_total; /* maximum inodes */
++struct vx_info {
++ struct hlist_node vx_hlist; /* linked list of contexts */
++ xid_t vx_id; /* context id */
++ atomic_t vx_usecnt; /* usage count */
++ atomic_t vx_tasks; /* tasks count */
++ struct vx_info *vx_parent; /* parent context */
++ int vx_state; /* context state */
+
-+ unsigned int dl_nrlmult; /* non root limit mult */
-+};
++ struct _vx_space space[VX_SPACES]; /* namespace store */
+
-+struct rcu_head;
++ uint64_t vx_flags; /* context flags */
++ uint64_t vx_ccaps; /* context caps (vserver) */
++ uint64_t vx_umask; /* unshare mask (guest) */
++ uint64_t vx_wmask; /* warn mask (guest) */
++ kernel_cap_t vx_bcaps; /* bounding caps (system) */
+
-+extern void rcu_free_dl_info(struct rcu_head *);
-+extern void unhash_dl_info(struct dl_info *);
++ struct task_struct *vx_reaper; /* guest reaper process */
++ pid_t vx_initpid; /* PID of guest init */
++ int64_t vx_badness_bias; /* OOM points bias */
+
-+extern struct dl_info *locate_dl_info(struct super_block *, tag_t);
++ struct _vx_limit limit; /* vserver limits */
++ struct _vx_sched sched; /* vserver scheduler */
++ struct _vx_cvirt cvirt; /* virtual/bias stuff */
++ struct _vx_cacct cacct; /* context accounting */
+
++ struct _vx_device dmap; /* default device map targets */
+
-+struct kstatfs;
++#ifndef CONFIG_SMP
++ struct _vx_info_pc info_pc; /* per cpu data */
++#else
++ struct _vx_info_pc *ptr_pc; /* per cpu array */
++#endif
+
-+extern void vx_vsi_statfs(struct super_block *, struct kstatfs *);
++ wait_queue_head_t vx_wait; /* context exit waitqueue */
++ int reboot_cmd; /* last sys_reboot() cmd */
++ int exit_code; /* last process exit code */
+
-+typedef uint64_t dlsize_t;
++ char vx_name[65]; /* vserver name */
++};
+
-+#endif /* __KERNEL__ */
-+#else /* _VX_DLIMIT_H */
-+#warning duplicate inclusion
-+#endif /* _VX_DLIMIT_H */
-diff -NurpP --minimal linux-2.6.35.4/include/linux/vserver/global.h linux-2.6.35.4-vs2.3.0.36.32/include/linux/vserver/global.h
---- linux-2.6.35.4/include/linux/vserver/global.h 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/include/linux/vserver/global.h 2010-08-02 17:05:06.000000000 +0200
-@@ -0,0 +1,19 @@
-+#ifndef _VX_GLOBAL_H
-+#define _VX_GLOBAL_H
++#ifndef CONFIG_SMP
++#define vx_ptr_pc(vxi) (&(vxi)->info_pc)
++#define vx_per_cpu(vxi, v, id) vx_ptr_pc(vxi)->v
++#else
++#define vx_ptr_pc(vxi) ((vxi)->ptr_pc)
++#define vx_per_cpu(vxi, v, id) per_cpu_ptr(vx_ptr_pc(vxi), id)->v
++#endif
+
++#define vx_cpu(vxi, v) vx_per_cpu(vxi, v, smp_processor_id())
+
-+extern atomic_t vx_global_ctotal;
-+extern atomic_t vx_global_cactive;
+
-+extern atomic_t nx_global_ctotal;
-+extern atomic_t nx_global_cactive;
++struct vx_info_save {
++ struct vx_info *vxi;
++ xid_t xid;
++};
+
-+extern atomic_t vs_global_nsproxy;
-+extern atomic_t vs_global_fs;
-+extern atomic_t vs_global_mnt_ns;
-+extern atomic_t vs_global_uts_ns;
-+extern atomic_t vs_global_user_ns;
-+extern atomic_t vs_global_pid_ns;
+
++/* status flags */
+
-+#endif /* _VX_GLOBAL_H */
-diff -NurpP --minimal linux-2.6.35.4/include/linux/vserver/history.h linux-2.6.35.4-vs2.3.0.36.32/include/linux/vserver/history.h
---- linux-2.6.35.4/include/linux/vserver/history.h 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/include/linux/vserver/history.h 2010-08-02 17:05:06.000000000 +0200
-@@ -0,0 +1,197 @@
-+#ifndef _VX_HISTORY_H
-+#define _VX_HISTORY_H
++#define VXS_HASHED 0x0001
++#define VXS_PAUSED 0x0010
++#define VXS_SHUTDOWN 0x0100
++#define VXS_HELPER 0x1000
++#define VXS_RELEASED 0x8000
+
+
-+enum {
-+ VXH_UNUSED = 0,
-+ VXH_THROW_OOPS = 1,
++extern void claim_vx_info(struct vx_info *, struct task_struct *);
++extern void release_vx_info(struct vx_info *, struct task_struct *);
+
-+ VXH_GET_VX_INFO,
-+ VXH_PUT_VX_INFO,
-+ VXH_INIT_VX_INFO,
-+ VXH_SET_VX_INFO,
-+ VXH_CLR_VX_INFO,
-+ VXH_CLAIM_VX_INFO,
-+ VXH_RELEASE_VX_INFO,
-+ VXH_ALLOC_VX_INFO,
-+ VXH_DEALLOC_VX_INFO,
-+ VXH_HASH_VX_INFO,
-+ VXH_UNHASH_VX_INFO,
-+ VXH_LOC_VX_INFO,
-+ VXH_LOOKUP_VX_INFO,
-+ VXH_CREATE_VX_INFO,
-+};
++extern struct vx_info *lookup_vx_info(int);
++extern struct vx_info *lookup_or_create_vx_info(int);
+
-+struct _vxhe_vxi {
-+ struct vx_info *ptr;
-+ unsigned xid;
-+ unsigned usecnt;
-+ unsigned tasks;
-+};
++extern int get_xid_list(int, unsigned int *, int);
++extern int xid_is_hashed(xid_t);
+
-+struct _vxhe_set_clr {
-+ void *data;
-+};
++extern int vx_migrate_task(struct task_struct *, struct vx_info *, int);
+
-+struct _vxhe_loc_lookup {
-+ unsigned arg;
-+};
++extern long vs_state_change(struct vx_info *, unsigned int);
+
-+struct _vx_hist_entry {
-+ void *loc;
-+ unsigned short seq;
-+ unsigned short type;
-+ struct _vxhe_vxi vxi;
-+ union {
-+ struct _vxhe_set_clr sc;
-+ struct _vxhe_loc_lookup ll;
-+ };
-+};
+
-+#ifdef CONFIG_VSERVER_HISTORY
++#endif /* _VSERVER_CONTEXT_H */
+diff -NurpP --minimal linux-3.9.4/include/linux/vserver/context_cmd.h linux-3.9.4-vs2.3.6.2/include/linux/vserver/context_cmd.h
+--- linux-3.9.4/include/linux/vserver/context_cmd.h 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/linux/vserver/context_cmd.h 2013-05-31 14:47:11.000000000 +0000
+@@ -0,0 +1,33 @@
++#ifndef _VSERVER_CONTEXT_CMD_H
++#define _VSERVER_CONTEXT_CMD_H
+
-+extern unsigned volatile int vxh_active;
++#include <uapi/vserver/context_cmd.h>
+
-+struct _vx_hist_entry *vxh_advance(void *loc);
++extern int vc_task_xid(uint32_t);
+
++extern int vc_vx_info(struct vx_info *, void __user *);
+
-+static inline
-+void __vxh_copy_vxi(struct _vx_hist_entry *entry, struct vx_info *vxi)
-+{
-+ entry->vxi.ptr = vxi;
-+ if (vxi) {
-+ entry->vxi.usecnt = atomic_read(&vxi->vx_usecnt);
-+ entry->vxi.tasks = atomic_read(&vxi->vx_tasks);
-+ entry->vxi.xid = vxi->vx_id;
-+ }
-+}
++extern int vc_ctx_stat(struct vx_info *, void __user *);
+
++extern int vc_ctx_create(uint32_t, void __user *);
++extern int vc_ctx_migrate(struct vx_info *, void __user *);
+
-+#define __HERE__ current_text_addr()
++extern int vc_get_cflags(struct vx_info *, void __user *);
++extern int vc_set_cflags(struct vx_info *, void __user *);
+
-+#define __VXH_BODY(__type, __data, __here) \
-+ struct _vx_hist_entry *entry; \
-+ \
-+ preempt_disable(); \
-+ entry = vxh_advance(__here); \
-+ __data; \
-+ entry->type = __type; \
-+ preempt_enable();
++extern int vc_get_ccaps(struct vx_info *, void __user *);
++extern int vc_set_ccaps(struct vx_info *, void __user *);
+
++extern int vc_get_bcaps(struct vx_info *, void __user *);
++extern int vc_set_bcaps(struct vx_info *, void __user *);
+
-+ /* pass vxi only */
++extern int vc_get_umask(struct vx_info *, void __user *);
++extern int vc_set_umask(struct vx_info *, void __user *);
+
-+#define __VXH_SMPL \
-+ __vxh_copy_vxi(entry, vxi)
++extern int vc_get_wmask(struct vx_info *, void __user *);
++extern int vc_set_wmask(struct vx_info *, void __user *);
+
-+static inline
-+void __vxh_smpl(struct vx_info *vxi, int __type, void *__here)
-+{
-+ __VXH_BODY(__type, __VXH_SMPL, __here)
-+}
++extern int vc_get_badness(struct vx_info *, void __user *);
++extern int vc_set_badness(struct vx_info *, void __user *);
+
-+ /* pass vxi and data (void *) */
++#endif /* _VSERVER_CONTEXT_CMD_H */
+diff -NurpP --minimal linux-3.9.4/include/linux/vserver/cvirt.h linux-3.9.4-vs2.3.6.2/include/linux/vserver/cvirt.h
+--- linux-3.9.4/include/linux/vserver/cvirt.h 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/linux/vserver/cvirt.h 2013-05-31 14:47:11.000000000 +0000
+@@ -0,0 +1,18 @@
++#ifndef _VSERVER_CVIRT_H
++#define _VSERVER_CVIRT_H
+
-+#define __VXH_DATA \
-+ __vxh_copy_vxi(entry, vxi); \
-+ entry->sc.data = data
++struct timespec;
+
-+static inline
-+void __vxh_data(struct vx_info *vxi, void *data,
-+ int __type, void *__here)
-+{
-+ __VXH_BODY(__type, __VXH_DATA, __here)
-+}
-+
-+ /* pass vxi and arg (long) */
-+
-+#define __VXH_LONG \
-+ __vxh_copy_vxi(entry, vxi); \
-+ entry->ll.arg = arg
-+
-+static inline
-+void __vxh_long(struct vx_info *vxi, long arg,
-+ int __type, void *__here)
-+{
-+ __VXH_BODY(__type, __VXH_LONG, __here)
-+}
++void vx_vsi_boottime(struct timespec *);
+
++void vx_vsi_uptime(struct timespec *, struct timespec *);
+
-+static inline
-+void __vxh_throw_oops(void *__here)
-+{
-+ __VXH_BODY(VXH_THROW_OOPS, {}, __here);
-+ /* prevent further acquisition */
-+ vxh_active = 0;
-+}
+
++struct vx_info;
+
-+#define vxh_throw_oops() __vxh_throw_oops(__HERE__);
++void vx_update_load(struct vx_info *);
+
-+#define __vxh_get_vx_info(v, h) __vxh_smpl(v, VXH_GET_VX_INFO, h);
-+#define __vxh_put_vx_info(v, h) __vxh_smpl(v, VXH_PUT_VX_INFO, h);
+
-+#define __vxh_init_vx_info(v, d, h) \
-+ __vxh_data(v, d, VXH_INIT_VX_INFO, h);
-+#define __vxh_set_vx_info(v, d, h) \
-+ __vxh_data(v, d, VXH_SET_VX_INFO, h);
-+#define __vxh_clr_vx_info(v, d, h) \
-+ __vxh_data(v, d, VXH_CLR_VX_INFO, h);
++int vx_do_syslog(int, char __user *, int);
+
-+#define __vxh_claim_vx_info(v, d, h) \
-+ __vxh_data(v, d, VXH_CLAIM_VX_INFO, h);
-+#define __vxh_release_vx_info(v, d, h) \
-+ __vxh_data(v, d, VXH_RELEASE_VX_INFO, h);
++#endif /* _VSERVER_CVIRT_H */
+diff -NurpP --minimal linux-3.9.4/include/linux/vserver/cvirt_cmd.h linux-3.9.4-vs2.3.6.2/include/linux/vserver/cvirt_cmd.h
+--- linux-3.9.4/include/linux/vserver/cvirt_cmd.h 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/linux/vserver/cvirt_cmd.h 2013-05-31 14:47:11.000000000 +0000
+@@ -0,0 +1,13 @@
++#ifndef _VSERVER_CVIRT_CMD_H
++#define _VSERVER_CVIRT_CMD_H
+
-+#define vxh_alloc_vx_info(v) \
-+ __vxh_smpl(v, VXH_ALLOC_VX_INFO, __HERE__);
-+#define vxh_dealloc_vx_info(v) \
-+ __vxh_smpl(v, VXH_DEALLOC_VX_INFO, __HERE__);
+
-+#define vxh_hash_vx_info(v) \
-+ __vxh_smpl(v, VXH_HASH_VX_INFO, __HERE__);
-+#define vxh_unhash_vx_info(v) \
-+ __vxh_smpl(v, VXH_UNHASH_VX_INFO, __HERE__);
++#include <linux/compiler.h>
++#include <uapi/vserver/cvirt_cmd.h>
+
-+#define vxh_loc_vx_info(v, l) \
-+ __vxh_long(v, l, VXH_LOC_VX_INFO, __HERE__);
-+#define vxh_lookup_vx_info(v, l) \
-+ __vxh_long(v, l, VXH_LOOKUP_VX_INFO, __HERE__);
-+#define vxh_create_vx_info(v, l) \
-+ __vxh_long(v, l, VXH_CREATE_VX_INFO, __HERE__);
++extern int vc_set_vhi_name(struct vx_info *, void __user *);
++extern int vc_get_vhi_name(struct vx_info *, void __user *);
+
-+extern void vxh_dump_history(void);
++extern int vc_virt_stat(struct vx_info *, void __user *);
+
++#endif /* _VSERVER_CVIRT_CMD_H */
+diff -NurpP --minimal linux-3.9.4/include/linux/vserver/cvirt_def.h linux-3.9.4-vs2.3.6.2/include/linux/vserver/cvirt_def.h
+--- linux-3.9.4/include/linux/vserver/cvirt_def.h 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/linux/vserver/cvirt_def.h 2013-05-31 14:47:11.000000000 +0000
+@@ -0,0 +1,80 @@
++#ifndef _VSERVER_CVIRT_DEF_H
++#define _VSERVER_CVIRT_DEF_H
+
-+#else /* CONFIG_VSERVER_HISTORY */
++#include <linux/jiffies.h>
++#include <linux/spinlock.h>
++#include <linux/wait.h>
++#include <linux/time.h>
++#include <asm/atomic.h>
+
-+#define __HERE__ 0
+
-+#define vxh_throw_oops() do { } while (0)
++struct _vx_usage_stat {
++ uint64_t user;
++ uint64_t nice;
++ uint64_t system;
++ uint64_t softirq;
++ uint64_t irq;
++ uint64_t idle;
++ uint64_t iowait;
++};
+
-+#define __vxh_get_vx_info(v, h) do { } while (0)
-+#define __vxh_put_vx_info(v, h) do { } while (0)
++struct _vx_syslog {
++ wait_queue_head_t log_wait;
++ spinlock_t logbuf_lock; /* lock for the log buffer */
+
-+#define __vxh_init_vx_info(v, d, h) do { } while (0)
-+#define __vxh_set_vx_info(v, d, h) do { } while (0)
-+#define __vxh_clr_vx_info(v, d, h) do { } while (0)
++ unsigned long log_start; /* next char to be read by syslog() */
++ unsigned long con_start; /* next char to be sent to consoles */
++ unsigned long log_end; /* most-recently-written-char + 1 */
++ unsigned long logged_chars; /* #chars since last read+clear operation */
+
-+#define __vxh_claim_vx_info(v, d, h) do { } while (0)
-+#define __vxh_release_vx_info(v, d, h) do { } while (0)
++ char log_buf[1024];
++};
+
-+#define vxh_alloc_vx_info(v) do { } while (0)
-+#define vxh_dealloc_vx_info(v) do { } while (0)
+
-+#define vxh_hash_vx_info(v) do { } while (0)
-+#define vxh_unhash_vx_info(v) do { } while (0)
++/* context sub struct */
+
-+#define vxh_loc_vx_info(v, l) do { } while (0)
-+#define vxh_lookup_vx_info(v, l) do { } while (0)
-+#define vxh_create_vx_info(v, l) do { } while (0)
++struct _vx_cvirt {
++ atomic_t nr_threads; /* number of current threads */
++ atomic_t nr_running; /* number of running threads */
++ atomic_t nr_uninterruptible; /* number of uninterruptible threads */
+
-+#define vxh_dump_history() do { } while (0)
++ atomic_t nr_onhold; /* processes on hold */
++ uint32_t onhold_last; /* jiffies when put on hold */
+
++ struct timespec bias_ts; /* time offset to the host */
++ struct timespec bias_idle;
++ struct timespec bias_uptime; /* context creation point */
++ uint64_t bias_clock; /* offset in clock_t */
+
-+#endif /* CONFIG_VSERVER_HISTORY */
++ spinlock_t load_lock; /* lock for the load averages */
++ atomic_t load_updates; /* nr of load updates done so far */
++ uint32_t load_last; /* last time load was calculated */
++ uint32_t load[3]; /* load averages 1,5,15 */
+
-+#endif /* _VX_HISTORY_H */
-diff -NurpP --minimal linux-2.6.35.4/include/linux/vserver/inode_cmd.h linux-2.6.35.4-vs2.3.0.36.32/include/linux/vserver/inode_cmd.h
---- linux-2.6.35.4/include/linux/vserver/inode_cmd.h 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/include/linux/vserver/inode_cmd.h 2010-08-02 17:05:06.000000000 +0200
-@@ -0,0 +1,59 @@
-+#ifndef _VX_INODE_CMD_H
-+#define _VX_INODE_CMD_H
++ atomic_t total_forks; /* number of forks so far */
+
++ struct _vx_syslog syslog;
++};
+
-+/* inode vserver commands */
++struct _vx_cvirt_pc {
++ struct _vx_usage_stat cpustat;
++};
+
-+#define VCMD_get_iattr VC_CMD(INODE, 1, 1)
-+#define VCMD_set_iattr VC_CMD(INODE, 2, 1)
+
-+#define VCMD_fget_iattr VC_CMD(INODE, 3, 0)
-+#define VCMD_fset_iattr VC_CMD(INODE, 4, 0)
++#ifdef CONFIG_VSERVER_DEBUG
+
-+struct vcmd_ctx_iattr_v1 {
-+ const char __user *name;
-+ uint32_t tag;
-+ uint32_t flags;
-+ uint32_t mask;
-+};
++static inline void __dump_vx_cvirt(struct _vx_cvirt *cvirt)
++{
++ printk("\t_vx_cvirt:\n");
++ printk("\t threads: %4d, %4d, %4d, %4d\n",
++ atomic_read(&cvirt->nr_threads),
++ atomic_read(&cvirt->nr_running),
++ atomic_read(&cvirt->nr_uninterruptible),
++ atomic_read(&cvirt->nr_onhold));
++ /* add rest here */
++ printk("\t total_forks = %d\n", atomic_read(&cvirt->total_forks));
++}
+
-+struct vcmd_ctx_fiattr_v0 {
-+ uint32_t tag;
-+ uint32_t flags;
-+ uint32_t mask;
-+};
++#endif
+
++#endif /* _VSERVER_CVIRT_DEF_H */
+diff -NurpP --minimal linux-3.9.4/include/linux/vserver/debug.h linux-3.9.4-vs2.3.6.2/include/linux/vserver/debug.h
+--- linux-3.9.4/include/linux/vserver/debug.h 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/linux/vserver/debug.h 2013-05-31 14:47:11.000000000 +0000
+@@ -0,0 +1,145 @@
++#ifndef _VSERVER_DEBUG_H
++#define _VSERVER_DEBUG_H
+
-+#ifdef __KERNEL__
+
++#define VXD_CBIT(n, m) (vs_debug_ ## n & (1 << (m)))
++#define VXD_CMIN(n, m) (vs_debug_ ## n > (m))
++#define VXD_MASK(n, m) (vs_debug_ ## n & (m))
+
-+#ifdef CONFIG_COMPAT
++#define VXD_DEV(d) (d), (d)->bd_inode->i_ino, \
++ imajor((d)->bd_inode), iminor((d)->bd_inode)
++#define VXF_DEV "%p[%lu,%d:%d]"
+
-+#include <asm/compat.h>
++#if defined(CONFIG_QUOTES_UTF8)
++#define VS_Q_LQM "\xc2\xbb"
++#define VS_Q_RQM "\xc2\xab"
++#elif defined(CONFIG_QUOTES_ASCII)
++#define VS_Q_LQM "\x27"
++#define VS_Q_RQM "\x27"
++#else
++#define VS_Q_LQM "\xbb"
++#define VS_Q_RQM "\xab"
++#endif
+
-+struct vcmd_ctx_iattr_v1_x32 {
-+ compat_uptr_t name_ptr;
-+ uint32_t tag;
-+ uint32_t flags;
-+ uint32_t mask;
-+};
++#define VS_Q(f) VS_Q_LQM f VS_Q_RQM
+
-+#endif /* CONFIG_COMPAT */
+
-+#include <linux/compiler.h>
++#define vxd_path(p) \
++ ({ static char _buffer[PATH_MAX]; \
++ d_path(p, _buffer, sizeof(_buffer)); })
+
-+extern int vc_get_iattr(void __user *);
-+extern int vc_set_iattr(void __user *);
++#define vxd_cond_path(n) \
++ ((n) ? vxd_path(&(n)->path) : "<null>" )
+
-+extern int vc_fget_iattr(uint32_t, void __user *);
-+extern int vc_fset_iattr(uint32_t, void __user *);
+
-+#ifdef CONFIG_COMPAT
++#ifdef CONFIG_VSERVER_DEBUG
+
-+extern int vc_get_iattr_x32(void __user *);
-+extern int vc_set_iattr_x32(void __user *);
++extern unsigned int vs_debug_switch;
++extern unsigned int vs_debug_xid;
++extern unsigned int vs_debug_nid;
++extern unsigned int vs_debug_tag;
++extern unsigned int vs_debug_net;
++extern unsigned int vs_debug_limit;
++extern unsigned int vs_debug_cres;
++extern unsigned int vs_debug_dlim;
++extern unsigned int vs_debug_quota;
++extern unsigned int vs_debug_cvirt;
++extern unsigned int vs_debug_space;
++extern unsigned int vs_debug_perm;
++extern unsigned int vs_debug_misc;
+
-+#endif /* CONFIG_COMPAT */
+
-+#endif /* __KERNEL__ */
-+#endif /* _VX_INODE_CMD_H */
-diff -NurpP --minimal linux-2.6.35.4/include/linux/vserver/inode.h linux-2.6.35.4-vs2.3.0.36.32/include/linux/vserver/inode.h
---- linux-2.6.35.4/include/linux/vserver/inode.h 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/include/linux/vserver/inode.h 2010-08-02 17:05:06.000000000 +0200
-@@ -0,0 +1,39 @@
-+#ifndef _VX_INODE_H
-+#define _VX_INODE_H
++#define VX_LOGLEVEL "vxD: "
++#define VX_PROC_FMT "%p: "
++#define VX_PROCESS current
+
++#define vxdprintk(c, f, x...) \
++ do { \
++ if (c) \
++ printk(VX_LOGLEVEL VX_PROC_FMT f "\n", \
++ VX_PROCESS , ##x); \
++ } while (0)
+
-+#define IATTR_TAG 0x01000000
++#define vxlprintk(c, f, x...) \
++ do { \
++ if (c) \
++ printk(VX_LOGLEVEL f " @%s:%d\n", x); \
++ } while (0)
+
-+#define IATTR_ADMIN 0x00000001
-+#define IATTR_WATCH 0x00000002
-+#define IATTR_HIDE 0x00000004
-+#define IATTR_FLAGS 0x00000007
++#define vxfprintk(c, f, x...) \
++ do { \
++ if (c) \
++ printk(VX_LOGLEVEL f " %s@%s:%d\n", x); \
++ } while (0)
+
-+#define IATTR_BARRIER 0x00010000
-+#define IATTR_IXUNLINK 0x00020000
-+#define IATTR_IMMUTABLE 0x00040000
-+#define IATTR_COW 0x00080000
+
-+#ifdef __KERNEL__
++struct vx_info;
+
++void dump_vx_info(struct vx_info *, int);
++void dump_vx_info_inactive(int);
+
-+#ifdef CONFIG_VSERVER_PROC_SECURE
-+#define IATTR_PROC_DEFAULT ( IATTR_ADMIN | IATTR_HIDE )
-+#define IATTR_PROC_SYMLINK ( IATTR_ADMIN )
-+#else
-+#define IATTR_PROC_DEFAULT ( IATTR_ADMIN )
-+#define IATTR_PROC_SYMLINK ( IATTR_ADMIN )
-+#endif
++#else /* CONFIG_VSERVER_DEBUG */
+
-+#define vx_hide_check(c, m) (((m) & IATTR_HIDE) ? vx_check(c, m) : 1)
++#define vs_debug_switch 0
++#define vs_debug_xid 0
++#define vs_debug_nid 0
++#define vs_debug_tag 0
++#define vs_debug_net 0
++#define vs_debug_limit 0
++#define vs_debug_cres 0
++#define vs_debug_dlim 0
++#define vs_debug_quota 0
++#define vs_debug_cvirt 0
++#define vs_debug_space 0
++#define vs_debug_perm 0
++#define vs_debug_misc 0
+
-+#endif /* __KERNEL__ */
++#define vxdprintk(x...) do { } while (0)
++#define vxlprintk(x...) do { } while (0)
++#define vxfprintk(x...) do { } while (0)
+
-+/* inode ioctls */
++#endif /* CONFIG_VSERVER_DEBUG */
+
-+#define FIOC_GETXFLG _IOR('x', 5, long)
-+#define FIOC_SETXFLG _IOW('x', 6, long)
+
-+#else /* _VX_INODE_H */
-+#warning duplicate inclusion
-+#endif /* _VX_INODE_H */
-diff -NurpP --minimal linux-2.6.35.4/include/linux/vserver/Kbuild linux-2.6.35.4-vs2.3.0.36.32/include/linux/vserver/Kbuild
---- linux-2.6.35.4/include/linux/vserver/Kbuild 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/include/linux/vserver/Kbuild 2010-08-02 17:05:06.000000000 +0200
-@@ -0,0 +1,8 @@
++#ifdef CONFIG_VSERVER_WARN
+
-+unifdef-y += context_cmd.h network_cmd.h space_cmd.h \
-+ cacct_cmd.h cvirt_cmd.h limit_cmd.h dlimit_cmd.h \
-+ inode_cmd.h tag_cmd.h sched_cmd.h signal_cmd.h \
-+ debug_cmd.h device_cmd.h
++#define VX_WARNLEVEL KERN_WARNING "vxW: "
++#define VX_WARN_TASK "[" VS_Q("%s") ",%u:#%u|%u|%u] "
++#define VX_WARN_XID "[xid #%u] "
++#define VX_WARN_NID "[nid #%u] "
++#define VX_WARN_TAG "[tag #%u] "
+
-+unifdef-y += switch.h network.h monitor.h inode.h device.h
++#define vxwprintk(c, f, x...) \
++ do { \
++ if (c) \
++ printk(VX_WARNLEVEL f "\n", ##x); \
++ } while (0)
+
-diff -NurpP --minimal linux-2.6.35.4/include/linux/vserver/limit_cmd.h linux-2.6.35.4-vs2.3.0.36.32/include/linux/vserver/limit_cmd.h
---- linux-2.6.35.4/include/linux/vserver/limit_cmd.h 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/include/linux/vserver/limit_cmd.h 2010-08-02 17:05:06.000000000 +0200
-@@ -0,0 +1,71 @@
-+#ifndef _VX_LIMIT_CMD_H
-+#define _VX_LIMIT_CMD_H
++#else /* CONFIG_VSERVER_WARN */
+
++#define vxwprintk(x...) do { } while (0)
+
-+/* rlimit vserver commands */
++#endif /* CONFIG_VSERVER_WARN */
+
-+#define VCMD_get_rlimit VC_CMD(RLIMIT, 1, 0)
-+#define VCMD_set_rlimit VC_CMD(RLIMIT, 2, 0)
-+#define VCMD_get_rlimit_mask VC_CMD(RLIMIT, 3, 0)
-+#define VCMD_reset_hits VC_CMD(RLIMIT, 7, 0)
-+#define VCMD_reset_minmax VC_CMD(RLIMIT, 9, 0)
++#define vxwprintk_task(c, f, x...) \
++ vxwprintk(c, VX_WARN_TASK f, \
++ current->comm, current->pid, \
++ current->xid, current->nid, current->tag, ##x)
++#define vxwprintk_xid(c, f, x...) \
++ vxwprintk(c, VX_WARN_XID f, current->xid, x)
++#define vxwprintk_nid(c, f, x...) \
++ vxwprintk(c, VX_WARN_NID f, current->nid, x)
++#define vxwprintk_tag(c, f, x...) \
++ vxwprintk(c, VX_WARN_TAG f, current->tag, x)
+
-+struct vcmd_ctx_rlimit_v0 {
-+ uint32_t id;
-+ uint64_t minimum;
-+ uint64_t softlimit;
-+ uint64_t maximum;
-+};
++#ifdef CONFIG_VSERVER_DEBUG
++#define vxd_assert_lock(l) assert_spin_locked(l)
++#define vxd_assert(c, f, x...) vxlprintk(!(c), \
++ "assertion [" f "] failed.", ##x, __FILE__, __LINE__)
++#else
++#define vxd_assert_lock(l) do { } while (0)
++#define vxd_assert(c, f, x...) do { } while (0)
++#endif
+
-+struct vcmd_ctx_rlimit_mask_v0 {
-+ uint32_t minimum;
-+ uint32_t softlimit;
-+ uint32_t maximum;
-+};
+
-+#define VCMD_rlimit_stat VC_CMD(VSTAT, 1, 0)
++#endif /* _VSERVER_DEBUG_H */
+diff -NurpP --minimal linux-3.9.4/include/linux/vserver/debug_cmd.h linux-3.9.4-vs2.3.6.2/include/linux/vserver/debug_cmd.h
+--- linux-3.9.4/include/linux/vserver/debug_cmd.h 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/linux/vserver/debug_cmd.h 2013-05-31 14:47:11.000000000 +0000
+@@ -0,0 +1,37 @@
++#ifndef _VSERVER_DEBUG_CMD_H
++#define _VSERVER_DEBUG_CMD_H
+
-+struct vcmd_rlimit_stat_v0 {
-+ uint32_t id;
-+ uint32_t hits;
-+ uint64_t value;
-+ uint64_t minimum;
-+ uint64_t maximum;
-+};
++#include <uapi/vserver/debug_cmd.h>
+
-+#define CRLIM_UNSET (0ULL)
-+#define CRLIM_INFINITY (~0ULL)
-+#define CRLIM_KEEP (~1ULL)
+
-+#ifdef __KERNEL__
++#ifdef CONFIG_COMPAT
+
-+#ifdef CONFIG_IA32_EMULATION
++#include <asm/compat.h>
+
-+struct vcmd_ctx_rlimit_v0_x32 {
-+ uint32_t id;
-+ uint64_t minimum;
-+ uint64_t softlimit;
-+ uint64_t maximum;
-+} __attribute__ ((packed));
++struct vcmd_read_history_v0_x32 {
++ uint32_t index;
++ uint32_t count;
++ compat_uptr_t data_ptr;
++};
+
-+#endif /* CONFIG_IA32_EMULATION */
++struct vcmd_read_monitor_v0_x32 {
++ uint32_t index;
++ uint32_t count;
++ compat_uptr_t data_ptr;
++};
+
-+#include <linux/compiler.h>
++#endif /* CONFIG_COMPAT */
+
-+extern int vc_get_rlimit_mask(uint32_t, void __user *);
-+extern int vc_get_rlimit(struct vx_info *, void __user *);
-+extern int vc_set_rlimit(struct vx_info *, void __user *);
-+extern int vc_reset_hits(struct vx_info *, void __user *);
-+extern int vc_reset_minmax(struct vx_info *, void __user *);
++extern int vc_dump_history(uint32_t);
+
-+extern int vc_rlimit_stat(struct vx_info *, void __user *);
++extern int vc_read_history(uint32_t, void __user *);
++extern int vc_read_monitor(uint32_t, void __user *);
+
-+#ifdef CONFIG_IA32_EMULATION
++#ifdef CONFIG_COMPAT
+
-+extern int vc_get_rlimit_x32(struct vx_info *, void __user *);
-+extern int vc_set_rlimit_x32(struct vx_info *, void __user *);
++extern int vc_read_history_x32(uint32_t, void __user *);
++extern int vc_read_monitor_x32(uint32_t, void __user *);
+
-+#endif /* CONFIG_IA32_EMULATION */
++#endif /* CONFIG_COMPAT */
+
-+#endif /* __KERNEL__ */
-+#endif /* _VX_LIMIT_CMD_H */
-diff -NurpP --minimal linux-2.6.35.4/include/linux/vserver/limit_def.h linux-2.6.35.4-vs2.3.0.36.32/include/linux/vserver/limit_def.h
---- linux-2.6.35.4/include/linux/vserver/limit_def.h 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/include/linux/vserver/limit_def.h 2010-08-02 17:05:06.000000000 +0200
-@@ -0,0 +1,47 @@
-+#ifndef _VX_LIMIT_DEF_H
-+#define _VX_LIMIT_DEF_H
++#endif /* _VSERVER_DEBUG_CMD_H */
+diff -NurpP --minimal linux-3.9.4/include/linux/vserver/device.h linux-3.9.4-vs2.3.6.2/include/linux/vserver/device.h
+--- linux-3.9.4/include/linux/vserver/device.h 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/linux/vserver/device.h 2013-05-31 14:47:11.000000000 +0000
+@@ -0,0 +1,9 @@
++#ifndef _VSERVER_DEVICE_H
++#define _VSERVER_DEVICE_H
+
-+#include <asm/atomic.h>
-+#include <asm/resource.h>
+
-+#include "limit.h"
++#include <uapi/vserver/device.h>
+
++#else /* _VSERVER_DEVICE_H */
++#warning duplicate inclusion
++#endif /* _VSERVER_DEVICE_H */
+diff -NurpP --minimal linux-3.9.4/include/linux/vserver/device_cmd.h linux-3.9.4-vs2.3.6.2/include/linux/vserver/device_cmd.h
+--- linux-3.9.4/include/linux/vserver/device_cmd.h 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/linux/vserver/device_cmd.h 2013-05-31 14:47:11.000000000 +0000
+@@ -0,0 +1,31 @@
++#ifndef _VSERVER_DEVICE_CMD_H
++#define _VSERVER_DEVICE_CMD_H
+
-+struct _vx_res_limit {
-+ rlim_t soft; /* Context soft limit */
-+ rlim_t hard; /* Context hard limit */
++#include <uapi/vserver/device_cmd.h>
+
-+ rlim_atomic_t rcur; /* Current value */
-+ rlim_t rmin; /* Context minimum */
-+ rlim_t rmax; /* Context maximum */
+
-+ atomic_t lhit; /* Limit hits */
-+};
++#ifdef CONFIG_COMPAT
+
-+/* context sub struct */
++#include <asm/compat.h>
+
-+struct _vx_limit {
-+ struct _vx_res_limit res[NUM_LIMITS];
++struct vcmd_set_mapping_v0_x32 {
++ compat_uptr_t device_ptr;
++ compat_uptr_t target_ptr;
++ uint32_t flags;
+};
+
-+#ifdef CONFIG_VSERVER_DEBUG
++#endif /* CONFIG_COMPAT */
+
-+static inline void __dump_vx_limit(struct _vx_limit *limit)
-+{
-+ int i;
++#include <linux/compiler.h>
+
-+ printk("\t_vx_limit:");
-+ for (i = 0; i < NUM_LIMITS; i++) {
-+ printk("\t [%2d] = %8lu %8lu/%8lu, %8ld/%8ld, %8d\n",
-+ i, (unsigned long)__rlim_get(limit, i),
-+ (unsigned long)__rlim_rmin(limit, i),
-+ (unsigned long)__rlim_rmax(limit, i),
-+ (long)__rlim_soft(limit, i),
-+ (long)__rlim_hard(limit, i),
-+ atomic_read(&__rlim_lhit(limit, i)));
-+ }
-+}
++extern int vc_set_mapping(struct vx_info *, void __user *);
++extern int vc_unset_mapping(struct vx_info *, void __user *);
++
++#ifdef CONFIG_COMPAT
+
++extern int vc_set_mapping_x32(struct vx_info *, void __user *);
++extern int vc_unset_mapping_x32(struct vx_info *, void __user *);
++
++#endif /* CONFIG_COMPAT */
++
++#endif /* _VSERVER_DEVICE_CMD_H */
+diff -NurpP --minimal linux-3.9.4/include/linux/vserver/device_def.h linux-3.9.4-vs2.3.6.2/include/linux/vserver/device_def.h
+--- linux-3.9.4/include/linux/vserver/device_def.h 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/linux/vserver/device_def.h 2013-05-31 14:47:11.000000000 +0000
+@@ -0,0 +1,17 @@
++#ifndef _VSERVER_DEVICE_DEF_H
++#define _VSERVER_DEVICE_DEF_H
++
++#include <linux/types.h>
++
++struct vx_dmap_target {
++ dev_t target;
++ uint32_t flags;
++};
++
++struct _vx_device {
++#ifdef CONFIG_VSERVER_DEVICE
++ struct vx_dmap_target targets[2];
+#endif
++};
+
-+#endif /* _VX_LIMIT_DEF_H */
-diff -NurpP --minimal linux-2.6.35.4/include/linux/vserver/limit.h linux-2.6.35.4-vs2.3.0.36.32/include/linux/vserver/limit.h
---- linux-2.6.35.4/include/linux/vserver/limit.h 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/include/linux/vserver/limit.h 2010-08-02 17:05:06.000000000 +0200
-@@ -0,0 +1,71 @@
-+#ifndef _VX_LIMIT_H
-+#define _VX_LIMIT_H
++#endif /* _VSERVER_DEVICE_DEF_H */
+diff -NurpP --minimal linux-3.9.4/include/linux/vserver/dlimit.h linux-3.9.4-vs2.3.6.2/include/linux/vserver/dlimit.h
+--- linux-3.9.4/include/linux/vserver/dlimit.h 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/linux/vserver/dlimit.h 2013-05-31 14:47:11.000000000 +0000
+@@ -0,0 +1,54 @@
++#ifndef _VSERVER_DLIMIT_H
++#define _VSERVER_DLIMIT_H
+
-+#define VLIMIT_NSOCK 16
-+#define VLIMIT_OPENFD 17
-+#define VLIMIT_ANON 18
-+#define VLIMIT_SHMEM 19
-+#define VLIMIT_SEMARY 20
-+#define VLIMIT_NSEMS 21
-+#define VLIMIT_DENTRY 22
-+#define VLIMIT_MAPPED 23
++#include "switch.h"
+
+
+#ifdef __KERNEL__
+
-+#define VLIM_NOCHECK ((1L << VLIMIT_DENTRY) | (1L << RLIMIT_RSS))
++/* keep in sync with CDLIM_INFINITY */
+
-+/* keep in sync with CRLIM_INFINITY */
++#define DLIM_INFINITY (~0ULL)
+
-+#define VLIM_INFINITY (~0ULL)
++#include <linux/spinlock.h>
++#include <linux/rcupdate.h>
+
-+#include <asm/atomic.h>
-+#include <asm/resource.h>
++struct super_block;
+
-+#ifndef RLIM_INFINITY
-+#warning RLIM_INFINITY is undefined
-+#endif
++struct dl_info {
++ struct hlist_node dl_hlist; /* linked list of contexts */
++ struct rcu_head dl_rcu; /* the rcu head */
++ tag_t dl_tag; /* context tag */
++ atomic_t dl_usecnt; /* usage count */
++ atomic_t dl_refcnt; /* reference count */
+
-+#define __rlim_val(l, r, v) ((l)->res[r].v)
++ struct super_block *dl_sb; /* associated superblock */
+
-+#define __rlim_soft(l, r) __rlim_val(l, r, soft)
-+#define __rlim_hard(l, r) __rlim_val(l, r, hard)
++ spinlock_t dl_lock; /* protect the values */
+
-+#define __rlim_rcur(l, r) __rlim_val(l, r, rcur)
-+#define __rlim_rmin(l, r) __rlim_val(l, r, rmin)
-+#define __rlim_rmax(l, r) __rlim_val(l, r, rmax)
++ unsigned long long dl_space_used; /* used space in bytes */
++ unsigned long long dl_space_total; /* maximum space in bytes */
++ unsigned long dl_inodes_used; /* used inodes */
++ unsigned long dl_inodes_total; /* maximum inodes */
+
-+#define __rlim_lhit(l, r) __rlim_val(l, r, lhit)
-+#define __rlim_hit(l, r) atomic_inc(&__rlim_lhit(l, r))
++ unsigned int dl_nrlmult; /* non root limit mult */
++};
+
-+typedef atomic_long_t rlim_atomic_t;
-+typedef unsigned long rlim_t;
++struct rcu_head;
+
-+#define __rlim_get(l, r) atomic_long_read(&__rlim_rcur(l, r))
-+#define __rlim_set(l, r, v) atomic_long_set(&__rlim_rcur(l, r), v)
-+#define __rlim_inc(l, r) atomic_long_inc(&__rlim_rcur(l, r))
-+#define __rlim_dec(l, r) atomic_long_dec(&__rlim_rcur(l, r))
-+#define __rlim_add(l, r, v) atomic_long_add(v, &__rlim_rcur(l, r))
-+#define __rlim_sub(l, r, v) atomic_long_sub(v, &__rlim_rcur(l, r))
++extern void rcu_free_dl_info(struct rcu_head *);
++extern void unhash_dl_info(struct dl_info *);
+
++extern struct dl_info *locate_dl_info(struct super_block *, tag_t);
+
-+#if (RLIM_INFINITY == VLIM_INFINITY)
-+#define VX_VLIM(r) ((long long)(long)(r))
-+#define VX_RLIM(v) ((rlim_t)(v))
-+#else
-+#define VX_VLIM(r) (((r) == RLIM_INFINITY) \
-+ ? VLIM_INFINITY : (long long)(r))
-+#define VX_RLIM(v) (((v) == VLIM_INFINITY) \
-+ ? RLIM_INFINITY : (rlim_t)(v))
-+#endif
+
-+struct sysinfo;
++struct kstatfs;
+
-+void vx_vsi_meminfo(struct sysinfo *);
-+void vx_vsi_swapinfo(struct sysinfo *);
-+long vx_vsi_cached(struct sysinfo *);
++extern void vx_vsi_statfs(struct super_block *, struct kstatfs *);
+
-+#define NUM_LIMITS 24
++typedef uint64_t dlsize_t;
+
+#endif /* __KERNEL__ */
-+#endif /* _VX_LIMIT_H */
-diff -NurpP --minimal linux-2.6.35.4/include/linux/vserver/limit_int.h linux-2.6.35.4-vs2.3.0.36.32/include/linux/vserver/limit_int.h
---- linux-2.6.35.4/include/linux/vserver/limit_int.h 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/include/linux/vserver/limit_int.h 2010-08-02 17:05:06.000000000 +0200
-@@ -0,0 +1,198 @@
-+#ifndef _VX_LIMIT_INT_H
-+#define _VX_LIMIT_INT_H
++#else /* _VSERVER_DLIMIT_H */
++#warning duplicate inclusion
++#endif /* _VSERVER_DLIMIT_H */
+diff -NurpP --minimal linux-3.9.4/include/linux/vserver/dlimit_cmd.h linux-3.9.4-vs2.3.6.2/include/linux/vserver/dlimit_cmd.h
+--- linux-3.9.4/include/linux/vserver/dlimit_cmd.h 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/linux/vserver/dlimit_cmd.h 2013-05-31 14:47:11.000000000 +0000
+@@ -0,0 +1,46 @@
++#ifndef _VSERVER_DLIMIT_CMD_H
++#define _VSERVER_DLIMIT_CMD_H
+
-+#include "context.h"
++#include <uapi/vserver/dlimit_cmd.h>
+
-+#ifdef __KERNEL__
+
-+#define VXD_RCRES_COND(r) VXD_CBIT(cres, r)
-+#define VXD_RLIMIT_COND(r) VXD_CBIT(limit, r)
++#ifdef CONFIG_COMPAT
+
-+extern const char *vlimit_name[NUM_LIMITS];
++#include <asm/compat.h>
+
-+static inline void __vx_acc_cres(struct vx_info *vxi,
-+ int res, int dir, void *_data, char *_file, int _line)
-+{
-+ if (VXD_RCRES_COND(res))
-+ vxlprintk(1, "vx_acc_cres[%5d,%s,%2d]: %5ld%s (%p)",
-+ (vxi ? vxi->vx_id : -1), vlimit_name[res], res,
-+ (vxi ? (long)__rlim_get(&vxi->limit, res) : 0),
-+ (dir > 0) ? "++" : "--", _data, _file, _line);
-+ if (!vxi)
-+ return;
++struct vcmd_ctx_dlimit_base_v0_x32 {
++ compat_uptr_t name_ptr;
++ uint32_t flags;
++};
+
-+ if (dir > 0)
-+ __rlim_inc(&vxi->limit, res);
-+ else
-+ __rlim_dec(&vxi->limit, res);
-+}
++struct vcmd_ctx_dlimit_v0_x32 {
++ compat_uptr_t name_ptr;
++ uint32_t space_used; /* used space in kbytes */
++ uint32_t space_total; /* maximum space in kbytes */
++ uint32_t inodes_used; /* used inodes */
++ uint32_t inodes_total; /* maximum inodes */
++ uint32_t reserved; /* reserved for root in % */
++ uint32_t flags;
++};
+
-+static inline void __vx_add_cres(struct vx_info *vxi,
-+ int res, int amount, void *_data, char *_file, int _line)
-+{
-+ if (VXD_RCRES_COND(res))
-+ vxlprintk(1, "vx_add_cres[%5d,%s,%2d]: %5ld += %5d (%p)",
-+ (vxi ? vxi->vx_id : -1), vlimit_name[res], res,
-+ (vxi ? (long)__rlim_get(&vxi->limit, res) : 0),
-+ amount, _data, _file, _line);
-+ if (amount == 0)
-+ return;
-+ if (!vxi)
-+ return;
-+ __rlim_add(&vxi->limit, res, amount);
-+}
-+
-+static inline
-+int __vx_cres_adjust_max(struct _vx_limit *limit, int res, rlim_t value)
-+{
-+ int cond = (value > __rlim_rmax(limit, res));
-+
-+ if (cond)
-+ __rlim_rmax(limit, res) = value;
-+ return cond;
-+}
++#endif /* CONFIG_COMPAT */
+
-+static inline
-+int __vx_cres_adjust_min(struct _vx_limit *limit, int res, rlim_t value)
-+{
-+ int cond = (value < __rlim_rmin(limit, res));
++#include <linux/compiler.h>
+
-+ if (cond)
-+ __rlim_rmin(limit, res) = value;
-+ return cond;
-+}
++extern int vc_add_dlimit(uint32_t, void __user *);
++extern int vc_rem_dlimit(uint32_t, void __user *);
+
-+static inline
-+void __vx_cres_fixup(struct _vx_limit *limit, int res, rlim_t value)
-+{
-+ if (!__vx_cres_adjust_max(limit, res, value))
-+ __vx_cres_adjust_min(limit, res, value);
-+}
++extern int vc_set_dlimit(uint32_t, void __user *);
++extern int vc_get_dlimit(uint32_t, void __user *);
+
++#ifdef CONFIG_COMPAT
+
-+/* return values:
-+ +1 ... no limit hit
-+ -1 ... over soft limit
-+ 0 ... over hard limit */
++extern int vc_add_dlimit_x32(uint32_t, void __user *);
++extern int vc_rem_dlimit_x32(uint32_t, void __user *);
+
-+static inline int __vx_cres_avail(struct vx_info *vxi,
-+ int res, int num, char *_file, int _line)
-+{
-+ struct _vx_limit *limit;
-+ rlim_t value;
++extern int vc_set_dlimit_x32(uint32_t, void __user *);
++extern int vc_get_dlimit_x32(uint32_t, void __user *);
+
-+ if (VXD_RLIMIT_COND(res))
-+ vxlprintk(1, "vx_cres_avail[%5d,%s,%2d]: %5ld/%5ld > %5ld + %5d",
-+ (vxi ? vxi->vx_id : -1), vlimit_name[res], res,
-+ (vxi ? (long)__rlim_soft(&vxi->limit, res) : -1),
-+ (vxi ? (long)__rlim_hard(&vxi->limit, res) : -1),
-+ (vxi ? (long)__rlim_get(&vxi->limit, res) : 0),
-+ num, _file, _line);
-+ if (!vxi)
-+ return 1;
++#endif /* CONFIG_COMPAT */
+
-+ limit = &vxi->limit;
-+ value = __rlim_get(limit, res);
++#endif /* _VSERVER_DLIMIT_CMD_H */
+diff -NurpP --minimal linux-3.9.4/include/linux/vserver/global.h linux-3.9.4-vs2.3.6.2/include/linux/vserver/global.h
+--- linux-3.9.4/include/linux/vserver/global.h 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/linux/vserver/global.h 2013-05-31 14:47:11.000000000 +0000
+@@ -0,0 +1,19 @@
++#ifndef _VSERVER_GLOBAL_H
++#define _VSERVER_GLOBAL_H
+
-+ if (!__vx_cres_adjust_max(limit, res, value))
-+ __vx_cres_adjust_min(limit, res, value);
+
-+ if (num == 0)
-+ return 1;
++extern atomic_t vx_global_ctotal;
++extern atomic_t vx_global_cactive;
+
-+ if (__rlim_soft(limit, res) == RLIM_INFINITY)
-+ return -1;
-+ if (value + num <= __rlim_soft(limit, res))
-+ return -1;
++extern atomic_t nx_global_ctotal;
++extern atomic_t nx_global_cactive;
+
-+ if (__rlim_hard(limit, res) == RLIM_INFINITY)
-+ return 1;
-+ if (value + num <= __rlim_hard(limit, res))
-+ return 1;
++extern atomic_t vs_global_nsproxy;
++extern atomic_t vs_global_fs;
++extern atomic_t vs_global_mnt_ns;
++extern atomic_t vs_global_uts_ns;
++extern atomic_t vs_global_user_ns;
++extern atomic_t vs_global_pid_ns;
+
-+ __rlim_hit(limit, res);
-+ return 0;
-+}
+
++#endif /* _VSERVER_GLOBAL_H */
+diff -NurpP --minimal linux-3.9.4/include/linux/vserver/history.h linux-3.9.4-vs2.3.6.2/include/linux/vserver/history.h
+--- linux-3.9.4/include/linux/vserver/history.h 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/linux/vserver/history.h 2013-05-31 14:47:11.000000000 +0000
+@@ -0,0 +1,197 @@
++#ifndef _VSERVER_HISTORY_H
++#define _VSERVER_HISTORY_H
+
-+static const int VLA_RSS[] = { RLIMIT_RSS, VLIMIT_ANON, VLIMIT_MAPPED, 0 };
+
-+static inline
-+rlim_t __vx_cres_array_sum(struct _vx_limit *limit, const int *array)
-+{
-+ rlim_t value, sum = 0;
-+ int res;
++enum {
++ VXH_UNUSED = 0,
++ VXH_THROW_OOPS = 1,
+
-+ while ((res = *array++)) {
-+ value = __rlim_get(limit, res);
-+ __vx_cres_fixup(limit, res, value);
-+ sum += value;
-+ }
-+ return sum;
-+}
++ VXH_GET_VX_INFO,
++ VXH_PUT_VX_INFO,
++ VXH_INIT_VX_INFO,
++ VXH_SET_VX_INFO,
++ VXH_CLR_VX_INFO,
++ VXH_CLAIM_VX_INFO,
++ VXH_RELEASE_VX_INFO,
++ VXH_ALLOC_VX_INFO,
++ VXH_DEALLOC_VX_INFO,
++ VXH_HASH_VX_INFO,
++ VXH_UNHASH_VX_INFO,
++ VXH_LOC_VX_INFO,
++ VXH_LOOKUP_VX_INFO,
++ VXH_CREATE_VX_INFO,
++};
+
-+static inline
-+rlim_t __vx_cres_array_fixup(struct _vx_limit *limit, const int *array)
-+{
-+ rlim_t value = __vx_cres_array_sum(limit, array + 1);
-+ int res = *array;
++struct _vxhe_vxi {
++ struct vx_info *ptr;
++ unsigned xid;
++ unsigned usecnt;
++ unsigned tasks;
++};
+
-+ if (value == __rlim_get(limit, res))
-+ return value;
++struct _vxhe_set_clr {
++ void *data;
++};
+
-+ __rlim_set(limit, res, value);
-+ /* now adjust min/max */
-+ if (!__vx_cres_adjust_max(limit, res, value))
-+ __vx_cres_adjust_min(limit, res, value);
++struct _vxhe_loc_lookup {
++ unsigned arg;
++};
+
-+ return value;
-+}
++struct _vx_hist_entry {
++ void *loc;
++ unsigned short seq;
++ unsigned short type;
++ struct _vxhe_vxi vxi;
++ union {
++ struct _vxhe_set_clr sc;
++ struct _vxhe_loc_lookup ll;
++ };
++};
+
-+static inline int __vx_cres_array_avail(struct vx_info *vxi,
-+ const int *array, int num, char *_file, int _line)
-+{
-+ struct _vx_limit *limit;
-+ rlim_t value = 0;
-+ int res;
++#ifdef CONFIG_VSERVER_HISTORY
+
-+ if (num == 0)
-+ return 1;
-+ if (!vxi)
-+ return 1;
++extern unsigned volatile int vxh_active;
+
-+ limit = &vxi->limit;
-+ res = *array;
-+ value = __vx_cres_array_sum(limit, array + 1);
++struct _vx_hist_entry *vxh_advance(void *loc);
+
-+ __rlim_set(limit, res, value);
-+ __vx_cres_fixup(limit, res, value);
+
-+ return __vx_cres_avail(vxi, res, num, _file, _line);
++static inline
++void __vxh_copy_vxi(struct _vx_hist_entry *entry, struct vx_info *vxi)
++{
++ entry->vxi.ptr = vxi;
++ if (vxi) {
++ entry->vxi.usecnt = atomic_read(&vxi->vx_usecnt);
++ entry->vxi.tasks = atomic_read(&vxi->vx_tasks);
++ entry->vxi.xid = vxi->vx_id;
++ }
+}
+
+
-+static inline void vx_limit_fixup(struct _vx_limit *limit, int id)
-+{
-+ rlim_t value;
-+ int res;
++#define __HERE__ current_text_addr()
+
-+ /* complex resources first */
-+ if ((id < 0) || (id == RLIMIT_RSS))
-+ __vx_cres_array_fixup(limit, VLA_RSS);
++#define __VXH_BODY(__type, __data, __here) \
++ struct _vx_hist_entry *entry; \
++ \
++ preempt_disable(); \
++ entry = vxh_advance(__here); \
++ __data; \
++ entry->type = __type; \
++ preempt_enable();
+
-+ for (res = 0; res < NUM_LIMITS; res++) {
-+ if ((id > 0) && (res != id))
-+ continue;
+
-+ value = __rlim_get(limit, res);
-+ __vx_cres_fixup(limit, res, value);
++ /* pass vxi only */
+
-+ /* not supposed to happen, maybe warn? */
-+ if (__rlim_rmax(limit, res) > __rlim_hard(limit, res))
-+ __rlim_rmax(limit, res) = __rlim_hard(limit, res);
-+ }
++#define __VXH_SMPL \
++ __vxh_copy_vxi(entry, vxi)
++
++static inline
++void __vxh_smpl(struct vx_info *vxi, int __type, void *__here)
++{
++ __VXH_BODY(__type, __VXH_SMPL, __here)
+}
+
++ /* pass vxi and data (void *) */
+
-+#endif /* __KERNEL__ */
-+#endif /* _VX_LIMIT_INT_H */
-diff -NurpP --minimal linux-2.6.35.4/include/linux/vserver/monitor.h linux-2.6.35.4-vs2.3.0.36.32/include/linux/vserver/monitor.h
---- linux-2.6.35.4/include/linux/vserver/monitor.h 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/include/linux/vserver/monitor.h 2010-08-02 17:05:06.000000000 +0200
-@@ -0,0 +1,96 @@
-+#ifndef _VX_MONITOR_H
-+#define _VX_MONITOR_H
++#define __VXH_DATA \
++ __vxh_copy_vxi(entry, vxi); \
++ entry->sc.data = data
+
-+#include <linux/types.h>
++static inline
++void __vxh_data(struct vx_info *vxi, void *data,
++ int __type, void *__here)
++{
++ __VXH_BODY(__type, __VXH_DATA, __here)
++}
+
-+enum {
-+ VXM_UNUSED = 0,
++ /* pass vxi and arg (long) */
+
-+ VXM_SYNC = 0x10,
++#define __VXH_LONG \
++ __vxh_copy_vxi(entry, vxi); \
++ entry->ll.arg = arg
+
-+ VXM_UPDATE = 0x20,
-+ VXM_UPDATE_1,
-+ VXM_UPDATE_2,
++static inline
++void __vxh_long(struct vx_info *vxi, long arg,
++ int __type, void *__here)
++{
++ __VXH_BODY(__type, __VXH_LONG, __here)
++}
+
-+ VXM_RQINFO_1 = 0x24,
-+ VXM_RQINFO_2,
+
-+ VXM_ACTIVATE = 0x40,
-+ VXM_DEACTIVATE,
-+ VXM_IDLE,
++static inline
++void __vxh_throw_oops(void *__here)
++{
++ __VXH_BODY(VXH_THROW_OOPS, {}, __here);
++ /* prevent further acquisition */
++ vxh_active = 0;
++}
+
-+ VXM_HOLD = 0x44,
-+ VXM_UNHOLD,
+
-+ VXM_MIGRATE = 0x48,
-+ VXM_RESCHED,
++#define vxh_throw_oops() __vxh_throw_oops(__HERE__);
+
-+ /* all other bits are flags */
-+ VXM_SCHED = 0x80,
-+};
++#define __vxh_get_vx_info(v, h) __vxh_smpl(v, VXH_GET_VX_INFO, h);
++#define __vxh_put_vx_info(v, h) __vxh_smpl(v, VXH_PUT_VX_INFO, h);
+
-+struct _vxm_update_1 {
-+ uint32_t tokens_max;
-+ uint32_t fill_rate;
-+ uint32_t interval;
-+};
++#define __vxh_init_vx_info(v, d, h) \
++ __vxh_data(v, d, VXH_INIT_VX_INFO, h);
++#define __vxh_set_vx_info(v, d, h) \
++ __vxh_data(v, d, VXH_SET_VX_INFO, h);
++#define __vxh_clr_vx_info(v, d, h) \
++ __vxh_data(v, d, VXH_CLR_VX_INFO, h);
+
-+struct _vxm_update_2 {
-+ uint32_t tokens_min;
-+ uint32_t fill_rate;
-+ uint32_t interval;
-+};
++#define __vxh_claim_vx_info(v, d, h) \
++ __vxh_data(v, d, VXH_CLAIM_VX_INFO, h);
++#define __vxh_release_vx_info(v, d, h) \
++ __vxh_data(v, d, VXH_RELEASE_VX_INFO, h);
+
-+struct _vxm_rqinfo_1 {
-+ uint16_t running;
-+ uint16_t onhold;
-+ uint16_t iowait;
-+ uint16_t uintr;
-+ uint32_t idle_tokens;
-+};
++#define vxh_alloc_vx_info(v) \
++ __vxh_smpl(v, VXH_ALLOC_VX_INFO, __HERE__);
++#define vxh_dealloc_vx_info(v) \
++ __vxh_smpl(v, VXH_DEALLOC_VX_INFO, __HERE__);
+
-+struct _vxm_rqinfo_2 {
-+ uint32_t norm_time;
-+ uint32_t idle_time;
-+ uint32_t idle_skip;
-+};
++#define vxh_hash_vx_info(v) \
++ __vxh_smpl(v, VXH_HASH_VX_INFO, __HERE__);
++#define vxh_unhash_vx_info(v) \
++ __vxh_smpl(v, VXH_UNHASH_VX_INFO, __HERE__);
+
-+struct _vxm_sched {
-+ uint32_t tokens;
-+ uint32_t norm_time;
-+ uint32_t idle_time;
-+};
++#define vxh_loc_vx_info(v, l) \
++ __vxh_long(v, l, VXH_LOC_VX_INFO, __HERE__);
++#define vxh_lookup_vx_info(v, l) \
++ __vxh_long(v, l, VXH_LOOKUP_VX_INFO, __HERE__);
++#define vxh_create_vx_info(v, l) \
++ __vxh_long(v, l, VXH_CREATE_VX_INFO, __HERE__);
+
-+struct _vxm_task {
-+ uint16_t pid;
-+ uint16_t state;
-+};
++extern void vxh_dump_history(void);
+
-+struct _vxm_event {
-+ uint32_t jif;
-+ union {
-+ uint32_t seq;
-+ uint32_t sec;
-+ };
-+ union {
-+ uint32_t tokens;
-+ uint32_t nsec;
-+ struct _vxm_task tsk;
-+ };
-+};
+
-+struct _vx_mon_entry {
-+ uint16_t type;
-+ uint16_t xid;
-+ union {
-+ struct _vxm_event ev;
-+ struct _vxm_sched sd;
-+ struct _vxm_update_1 u1;
-+ struct _vxm_update_2 u2;
-+ struct _vxm_rqinfo_1 q1;
-+ struct _vxm_rqinfo_2 q2;
-+ };
-+};
++#else /* CONFIG_VSERVER_HISTORY */
+
++#define __HERE__ 0
+
-+#endif /* _VX_MONITOR_H */
-diff -NurpP --minimal linux-2.6.35.4/include/linux/vserver/network_cmd.h linux-2.6.35.4-vs2.3.0.36.32/include/linux/vserver/network_cmd.h
---- linux-2.6.35.4/include/linux/vserver/network_cmd.h 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/include/linux/vserver/network_cmd.h 2010-08-02 17:05:06.000000000 +0200
-@@ -0,0 +1,150 @@
-+#ifndef _VX_NETWORK_CMD_H
-+#define _VX_NETWORK_CMD_H
++#define vxh_throw_oops() do { } while (0)
+
++#define __vxh_get_vx_info(v, h) do { } while (0)
++#define __vxh_put_vx_info(v, h) do { } while (0)
+
-+/* vinfo commands */
++#define __vxh_init_vx_info(v, d, h) do { } while (0)
++#define __vxh_set_vx_info(v, d, h) do { } while (0)
++#define __vxh_clr_vx_info(v, d, h) do { } while (0)
+
-+#define VCMD_task_nid VC_CMD(VINFO, 2, 0)
++#define __vxh_claim_vx_info(v, d, h) do { } while (0)
++#define __vxh_release_vx_info(v, d, h) do { } while (0)
+
-+#ifdef __KERNEL__
-+extern int vc_task_nid(uint32_t);
++#define vxh_alloc_vx_info(v) do { } while (0)
++#define vxh_dealloc_vx_info(v) do { } while (0)
+
-+#endif /* __KERNEL__ */
++#define vxh_hash_vx_info(v) do { } while (0)
++#define vxh_unhash_vx_info(v) do { } while (0)
+
-+#define VCMD_nx_info VC_CMD(VINFO, 6, 0)
++#define vxh_loc_vx_info(v, l) do { } while (0)
++#define vxh_lookup_vx_info(v, l) do { } while (0)
++#define vxh_create_vx_info(v, l) do { } while (0)
+
-+struct vcmd_nx_info_v0 {
-+ uint32_t nid;
-+ /* more to come */
-+};
++#define vxh_dump_history() do { } while (0)
+
-+#ifdef __KERNEL__
-+extern int vc_nx_info(struct nx_info *, void __user *);
+
-+#endif /* __KERNEL__ */
++#endif /* CONFIG_VSERVER_HISTORY */
+
-+#include <linux/in.h>
-+#include <linux/in6.h>
++#endif /* _VSERVER_HISTORY_H */
+diff -NurpP --minimal linux-3.9.4/include/linux/vserver/inode.h linux-3.9.4-vs2.3.6.2/include/linux/vserver/inode.h
+--- linux-3.9.4/include/linux/vserver/inode.h 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/linux/vserver/inode.h 2013-05-31 14:47:11.000000000 +0000
+@@ -0,0 +1,19 @@
++#ifndef _VSERVER_INODE_H
++#define _VSERVER_INODE_H
+
-+#define VCMD_net_create_v0 VC_CMD(VNET, 1, 0)
-+#define VCMD_net_create VC_CMD(VNET, 1, 1)
++#include <uapi/vserver/inode.h>
+
-+struct vcmd_net_create {
-+ uint64_t flagword;
-+};
+
-+#define VCMD_net_migrate VC_CMD(NETMIG, 1, 0)
++#ifdef CONFIG_VSERVER_PROC_SECURE
++#define IATTR_PROC_DEFAULT ( IATTR_ADMIN | IATTR_HIDE )
++#define IATTR_PROC_SYMLINK ( IATTR_ADMIN )
++#else
++#define IATTR_PROC_DEFAULT ( IATTR_ADMIN )
++#define IATTR_PROC_SYMLINK ( IATTR_ADMIN )
++#endif
+
-+#define VCMD_net_add VC_CMD(NETALT, 1, 0)
-+#define VCMD_net_remove VC_CMD(NETALT, 2, 0)
++#define vx_hide_check(c, m) (((m) & IATTR_HIDE) ? vx_check(c, m) : 1)
+
-+struct vcmd_net_addr_v0 {
-+ uint16_t type;
-+ uint16_t count;
-+ struct in_addr ip[4];
-+ struct in_addr mask[4];
-+};
++#else /* _VSERVER_INODE_H */
++#warning duplicate inclusion
++#endif /* _VSERVER_INODE_H */
+diff -NurpP --minimal linux-3.9.4/include/linux/vserver/inode_cmd.h linux-3.9.4-vs2.3.6.2/include/linux/vserver/inode_cmd.h
+--- linux-3.9.4/include/linux/vserver/inode_cmd.h 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/linux/vserver/inode_cmd.h 2013-05-31 14:47:11.000000000 +0000
+@@ -0,0 +1,36 @@
++#ifndef _VSERVER_INODE_CMD_H
++#define _VSERVER_INODE_CMD_H
+
-+#define VCMD_net_add_ipv4 VC_CMD(NETALT, 1, 1)
-+#define VCMD_net_remove_ipv4 VC_CMD(NETALT, 2, 1)
++#include <uapi/vserver/inode_cmd.h>
+
-+struct vcmd_net_addr_ipv4_v1 {
-+ uint16_t type;
-+ uint16_t flags;
-+ struct in_addr ip;
-+ struct in_addr mask;
-+};
+
-+#define VCMD_net_add_ipv6 VC_CMD(NETALT, 3, 1)
-+#define VCMD_net_remove_ipv6 VC_CMD(NETALT, 4, 1)
+
-+struct vcmd_net_addr_ipv6_v1 {
-+ uint16_t type;
-+ uint16_t flags;
-+ uint32_t prefix;
-+ struct in6_addr ip;
-+ struct in6_addr mask;
-+};
++#ifdef CONFIG_COMPAT
+
-+#define VCMD_add_match_ipv4 VC_CMD(NETALT, 5, 0)
-+#define VCMD_get_match_ipv4 VC_CMD(NETALT, 6, 0)
++#include <asm/compat.h>
+
-+struct vcmd_match_ipv4_v0 {
-+ uint16_t type;
-+ uint16_t flags;
-+ uint16_t parent;
-+ uint16_t prefix;
-+ struct in_addr ip;
-+ struct in_addr ip2;
-+ struct in_addr mask;
++struct vcmd_ctx_iattr_v1_x32 {
++ compat_uptr_t name_ptr;
++ uint32_t tag;
++ uint32_t flags;
++ uint32_t mask;
+};
+
-+#define VCMD_add_match_ipv6 VC_CMD(NETALT, 7, 0)
-+#define VCMD_get_match_ipv6 VC_CMD(NETALT, 8, 0)
++#endif /* CONFIG_COMPAT */
+
-+struct vcmd_match_ipv6_v0 {
-+ uint16_t type;
-+ uint16_t flags;
-+ uint16_t parent;
-+ uint16_t prefix;
-+ struct in6_addr ip;
-+ struct in6_addr ip2;
-+ struct in6_addr mask;
-+};
++#include <linux/compiler.h>
+
++extern int vc_get_iattr(void __user *);
++extern int vc_set_iattr(void __user *);
+
-+#ifdef __KERNEL__
-+extern int vc_net_create(uint32_t, void __user *);
-+extern int vc_net_migrate(struct nx_info *, void __user *);
++extern int vc_fget_iattr(uint32_t, void __user *);
++extern int vc_fset_iattr(uint32_t, void __user *);
+
-+extern int vc_net_add(struct nx_info *, void __user *);
-+extern int vc_net_remove(struct nx_info *, void __user *);
++#ifdef CONFIG_COMPAT
+
-+extern int vc_net_add_ipv4(struct nx_info *, void __user *);
-+extern int vc_net_remove_ipv4(struct nx_info *, void __user *);
++extern int vc_get_iattr_x32(void __user *);
++extern int vc_set_iattr_x32(void __user *);
+
-+extern int vc_net_add_ipv6(struct nx_info *, void __user *);
-+extern int vc_net_remove_ipv6(struct nx_info *, void __user *);
++#endif /* CONFIG_COMPAT */
+
-+extern int vc_add_match_ipv4(struct nx_info *, void __user *);
-+extern int vc_get_match_ipv4(struct nx_info *, void __user *);
++#endif /* _VSERVER_INODE_CMD_H */
+diff -NurpP --minimal linux-3.9.4/include/linux/vserver/limit.h linux-3.9.4-vs2.3.6.2/include/linux/vserver/limit.h
+--- linux-3.9.4/include/linux/vserver/limit.h 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/linux/vserver/limit.h 2013-05-31 14:47:11.000000000 +0000
+@@ -0,0 +1,61 @@
++#ifndef _VSERVER_LIMIT_H
++#define _VSERVER_LIMIT_H
+
-+extern int vc_add_match_ipv6(struct nx_info *, void __user *);
-+extern int vc_get_match_ipv6(struct nx_info *, void __user *);
++#include <uapi/vserver/limit.h>
+
-+#endif /* __KERNEL__ */
+
++#define VLIM_NOCHECK ((1L << VLIMIT_DENTRY) | (1L << RLIMIT_RSS))
+
-+/* flag commands */
++/* keep in sync with CRLIM_INFINITY */
+
-+#define VCMD_get_nflags VC_CMD(FLAGS, 5, 0)
-+#define VCMD_set_nflags VC_CMD(FLAGS, 6, 0)
++#define VLIM_INFINITY (~0ULL)
+
-+struct vcmd_net_flags_v0 {
-+ uint64_t flagword;
-+ uint64_t mask;
-+};
++#include <asm/atomic.h>
++#include <asm/resource.h>
+
-+#ifdef __KERNEL__
-+extern int vc_get_nflags(struct nx_info *, void __user *);
-+extern int vc_set_nflags(struct nx_info *, void __user *);
++#ifndef RLIM_INFINITY
++#warning RLIM_INFINITY is undefined
++#endif
+
-+#endif /* __KERNEL__ */
++#define __rlim_val(l, r, v) ((l)->res[r].v)
+
++#define __rlim_soft(l, r) __rlim_val(l, r, soft)
++#define __rlim_hard(l, r) __rlim_val(l, r, hard)
+
-+/* network caps commands */
++#define __rlim_rcur(l, r) __rlim_val(l, r, rcur)
++#define __rlim_rmin(l, r) __rlim_val(l, r, rmin)
++#define __rlim_rmax(l, r) __rlim_val(l, r, rmax)
+
-+#define VCMD_get_ncaps VC_CMD(FLAGS, 7, 0)
-+#define VCMD_set_ncaps VC_CMD(FLAGS, 8, 0)
++#define __rlim_lhit(l, r) __rlim_val(l, r, lhit)
++#define __rlim_hit(l, r) atomic_inc(&__rlim_lhit(l, r))
+
-+struct vcmd_net_caps_v0 {
-+ uint64_t ncaps;
-+ uint64_t cmask;
-+};
++typedef atomic_long_t rlim_atomic_t;
++typedef unsigned long rlim_t;
+
-+#ifdef __KERNEL__
-+extern int vc_get_ncaps(struct nx_info *, void __user *);
-+extern int vc_set_ncaps(struct nx_info *, void __user *);
++#define __rlim_get(l, r) atomic_long_read(&__rlim_rcur(l, r))
++#define __rlim_set(l, r, v) atomic_long_set(&__rlim_rcur(l, r), v)
++#define __rlim_inc(l, r) atomic_long_inc(&__rlim_rcur(l, r))
++#define __rlim_dec(l, r) atomic_long_dec(&__rlim_rcur(l, r))
++#define __rlim_add(l, r, v) atomic_long_add(v, &__rlim_rcur(l, r))
++#define __rlim_sub(l, r, v) atomic_long_sub(v, &__rlim_rcur(l, r))
+
-+#endif /* __KERNEL__ */
-+#endif /* _VX_CONTEXT_CMD_H */
-diff -NurpP --minimal linux-2.6.35.4/include/linux/vserver/network.h linux-2.6.35.4-vs2.3.0.36.32/include/linux/vserver/network.h
---- linux-2.6.35.4/include/linux/vserver/network.h 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/include/linux/vserver/network.h 2010-08-02 17:05:06.000000000 +0200
-@@ -0,0 +1,146 @@
-+#ifndef _VX_NETWORK_H
-+#define _VX_NETWORK_H
+
-+#include <linux/types.h>
++#if (RLIM_INFINITY == VLIM_INFINITY)
++#define VX_VLIM(r) ((long long)(long)(r))
++#define VX_RLIM(v) ((rlim_t)(v))
++#else
++#define VX_VLIM(r) (((r) == RLIM_INFINITY) \
++ ? VLIM_INFINITY : (long long)(r))
++#define VX_RLIM(v) (((v) == VLIM_INFINITY) \
++ ? RLIM_INFINITY : (rlim_t)(v))
++#endif
+
++struct sysinfo;
+
-+#define MAX_N_CONTEXT 65535 /* Arbitrary limit */
++void vx_vsi_meminfo(struct sysinfo *);
++void vx_vsi_swapinfo(struct sysinfo *);
++long vx_vsi_cached(struct sysinfo *);
+
++#define NUM_LIMITS 24
+
-+/* network flags */
++#endif /* _VSERVER_LIMIT_H */
+diff -NurpP --minimal linux-3.9.4/include/linux/vserver/limit_cmd.h linux-3.9.4-vs2.3.6.2/include/linux/vserver/limit_cmd.h
+--- linux-3.9.4/include/linux/vserver/limit_cmd.h 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/linux/vserver/limit_cmd.h 2013-05-31 14:47:11.000000000 +0000
+@@ -0,0 +1,35 @@
++#ifndef _VSERVER_LIMIT_CMD_H
++#define _VSERVER_LIMIT_CMD_H
+
-+#define NXF_INFO_PRIVATE 0x00000008
++#include <uapi/vserver/limit_cmd.h>
+
-+#define NXF_SINGLE_IP 0x00000100
-+#define NXF_LBACK_REMAP 0x00000200
-+#define NXF_LBACK_ALLOW 0x00000400
+
-+#define NXF_HIDE_NETIF 0x02000000
-+#define NXF_HIDE_LBACK 0x04000000
++#ifdef CONFIG_IA32_EMULATION
+
-+#define NXF_STATE_SETUP (1ULL << 32)
-+#define NXF_STATE_ADMIN (1ULL << 34)
++struct vcmd_ctx_rlimit_v0_x32 {
++ uint32_t id;
++ uint64_t minimum;
++ uint64_t softlimit;
++ uint64_t maximum;
++} __attribute__ ((packed));
+
-+#define NXF_SC_HELPER (1ULL << 36)
-+#define NXF_PERSISTENT (1ULL << 38)
++#endif /* CONFIG_IA32_EMULATION */
+
-+#define NXF_ONE_TIME (0x0005ULL << 32)
++#include <linux/compiler.h>
+
++extern int vc_get_rlimit_mask(uint32_t, void __user *);
++extern int vc_get_rlimit(struct vx_info *, void __user *);
++extern int vc_set_rlimit(struct vx_info *, void __user *);
++extern int vc_reset_hits(struct vx_info *, void __user *);
++extern int vc_reset_minmax(struct vx_info *, void __user *);
+
-+#define NXF_INIT_SET (__nxf_init_set())
++extern int vc_rlimit_stat(struct vx_info *, void __user *);
+
-+static inline uint64_t __nxf_init_set(void) {
-+ return NXF_STATE_ADMIN
-+#ifdef CONFIG_VSERVER_AUTO_LBACK
-+ | NXF_LBACK_REMAP
-+ | NXF_HIDE_LBACK
-+#endif
-+#ifdef CONFIG_VSERVER_AUTO_SINGLE
-+ | NXF_SINGLE_IP
-+#endif
-+ | NXF_HIDE_NETIF;
-+}
++#ifdef CONFIG_IA32_EMULATION
+
++extern int vc_get_rlimit_x32(struct vx_info *, void __user *);
++extern int vc_set_rlimit_x32(struct vx_info *, void __user *);
+
-+/* network caps */
++#endif /* CONFIG_IA32_EMULATION */
+
-+#define NXC_TUN_CREATE 0x00000001
++#endif /* _VSERVER_LIMIT_CMD_H */
+diff -NurpP --minimal linux-3.9.4/include/linux/vserver/limit_def.h linux-3.9.4-vs2.3.6.2/include/linux/vserver/limit_def.h
+--- linux-3.9.4/include/linux/vserver/limit_def.h 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/linux/vserver/limit_def.h 2013-05-31 14:47:11.000000000 +0000
+@@ -0,0 +1,47 @@
++#ifndef _VSERVER_LIMIT_DEF_H
++#define _VSERVER_LIMIT_DEF_H
+
-+#define NXC_RAW_ICMP 0x00000100
++#include <asm/atomic.h>
++#include <asm/resource.h>
+
++#include "limit.h"
+
-+/* address types */
+
-+#define NXA_TYPE_IPV4 0x0001
-+#define NXA_TYPE_IPV6 0x0002
++struct _vx_res_limit {
++ rlim_t soft; /* Context soft limit */
++ rlim_t hard; /* Context hard limit */
+
-+#define NXA_TYPE_NONE 0x0000
-+#define NXA_TYPE_ANY 0x00FF
++ rlim_atomic_t rcur; /* Current value */
++ rlim_t rmin; /* Context minimum */
++ rlim_t rmax; /* Context maximum */
+
-+#define NXA_TYPE_ADDR 0x0010
-+#define NXA_TYPE_MASK 0x0020
-+#define NXA_TYPE_RANGE 0x0040
++ atomic_t lhit; /* Limit hits */
++};
+
-+#define NXA_MASK_ALL (NXA_TYPE_ADDR | NXA_TYPE_MASK | NXA_TYPE_RANGE)
++/* context sub struct */
+
-+#define NXA_MOD_BCAST 0x0100
-+#define NXA_MOD_LBACK 0x0200
++struct _vx_limit {
++ struct _vx_res_limit res[NUM_LIMITS];
++};
+
-+#define NXA_LOOPBACK 0x1000
++#ifdef CONFIG_VSERVER_DEBUG
+
-+#define NXA_MASK_BIND (NXA_MASK_ALL | NXA_MOD_BCAST | NXA_MOD_LBACK)
-+#define NXA_MASK_SHOW (NXA_MASK_ALL | NXA_LOOPBACK)
++static inline void __dump_vx_limit(struct _vx_limit *limit)
++{
++ int i;
+
-+#ifdef __KERNEL__
++ printk("\t_vx_limit:");
++ for (i = 0; i < NUM_LIMITS; i++) {
++ printk("\t [%2d] = %8lu %8lu/%8lu, %8ld/%8ld, %8d\n",
++ i, (unsigned long)__rlim_get(limit, i),
++ (unsigned long)__rlim_rmin(limit, i),
++ (unsigned long)__rlim_rmax(limit, i),
++ (long)__rlim_soft(limit, i),
++ (long)__rlim_hard(limit, i),
++ atomic_read(&__rlim_lhit(limit, i)));
++ }
++}
+
-+#include <linux/list.h>
-+#include <linux/spinlock.h>
-+#include <linux/rcupdate.h>
-+#include <linux/in.h>
-+#include <linux/in6.h>
-+#include <asm/atomic.h>
++#endif
+
-+struct nx_addr_v4 {
-+ struct nx_addr_v4 *next;
-+ struct in_addr ip[2];
-+ struct in_addr mask;
-+ uint16_t type;
-+ uint16_t flags;
-+};
++#endif /* _VSERVER_LIMIT_DEF_H */
+diff -NurpP --minimal linux-3.9.4/include/linux/vserver/limit_int.h linux-3.9.4-vs2.3.6.2/include/linux/vserver/limit_int.h
+--- linux-3.9.4/include/linux/vserver/limit_int.h 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/linux/vserver/limit_int.h 2013-05-31 14:47:11.000000000 +0000
+@@ -0,0 +1,193 @@
++#ifndef _VSERVER_LIMIT_INT_H
++#define _VSERVER_LIMIT_INT_H
+
-+struct nx_addr_v6 {
-+ struct nx_addr_v6 *next;
-+ struct in6_addr ip;
-+ struct in6_addr mask;
-+ uint32_t prefix;
-+ uint16_t type;
-+ uint16_t flags;
-+};
++#define VXD_RCRES_COND(r) VXD_CBIT(cres, r)
++#define VXD_RLIMIT_COND(r) VXD_CBIT(limit, r)
+
-+struct nx_info {
-+ struct hlist_node nx_hlist; /* linked list of nxinfos */
-+ nid_t nx_id; /* vnet id */
-+ atomic_t nx_usecnt; /* usage count */
-+ atomic_t nx_tasks; /* tasks count */
-+ int nx_state; /* context state */
++extern const char *vlimit_name[NUM_LIMITS];
+
-+ uint64_t nx_flags; /* network flag word */
-+ uint64_t nx_ncaps; /* network capabilities */
++static inline void __vx_acc_cres(struct vx_info *vxi,
++ int res, int dir, void *_data, char *_file, int _line)
++{
++ if (VXD_RCRES_COND(res))
++ vxlprintk(1, "vx_acc_cres[%5d,%s,%2d]: %5ld%s (%p)",
++ (vxi ? vxi->vx_id : -1), vlimit_name[res], res,
++ (vxi ? (long)__rlim_get(&vxi->limit, res) : 0),
++ (dir > 0) ? "++" : "--", _data, _file, _line);
++ if (!vxi)
++ return;
+
-+ struct in_addr v4_lback; /* Loopback address */
-+ struct in_addr v4_bcast; /* Broadcast address */
-+ struct nx_addr_v4 v4; /* First/Single ipv4 address */
-+#ifdef CONFIG_IPV6
-+ struct nx_addr_v6 v6; /* First/Single ipv6 address */
-+#endif
-+ char nx_name[65]; /* network context name */
-+};
++ if (dir > 0)
++ __rlim_inc(&vxi->limit, res);
++ else
++ __rlim_dec(&vxi->limit, res);
++}
+
++static inline void __vx_add_cres(struct vx_info *vxi,
++ int res, int amount, void *_data, char *_file, int _line)
++{
++ if (VXD_RCRES_COND(res))
++ vxlprintk(1, "vx_add_cres[%5d,%s,%2d]: %5ld += %5d (%p)",
++ (vxi ? vxi->vx_id : -1), vlimit_name[res], res,
++ (vxi ? (long)__rlim_get(&vxi->limit, res) : 0),
++ amount, _data, _file, _line);
++ if (amount == 0)
++ return;
++ if (!vxi)
++ return;
++ __rlim_add(&vxi->limit, res, amount);
++}
+
-+/* status flags */
++static inline
++int __vx_cres_adjust_max(struct _vx_limit *limit, int res, rlim_t value)
++{
++ int cond = (value > __rlim_rmax(limit, res));
+
-+#define NXS_HASHED 0x0001
-+#define NXS_SHUTDOWN 0x0100
-+#define NXS_RELEASED 0x8000
++ if (cond)
++ __rlim_rmax(limit, res) = value;
++ return cond;
++}
+
-+extern struct nx_info *lookup_nx_info(int);
++static inline
++int __vx_cres_adjust_min(struct _vx_limit *limit, int res, rlim_t value)
++{
++ int cond = (value < __rlim_rmin(limit, res));
+
-+extern int get_nid_list(int, unsigned int *, int);
-+extern int nid_is_hashed(nid_t);
++ if (cond)
++ __rlim_rmin(limit, res) = value;
++ return cond;
++}
+
-+extern int nx_migrate_task(struct task_struct *, struct nx_info *);
++static inline
++void __vx_cres_fixup(struct _vx_limit *limit, int res, rlim_t value)
++{
++ if (!__vx_cres_adjust_max(limit, res, value))
++ __vx_cres_adjust_min(limit, res, value);
++}
+
-+extern long vs_net_change(struct nx_info *, unsigned int);
+
-+struct sock;
++/* return values:
++ +1 ... no limit hit
++ -1 ... over soft limit
++ 0 ... over hard limit */
+
++static inline int __vx_cres_avail(struct vx_info *vxi,
++ int res, int num, char *_file, int _line)
++{
++ struct _vx_limit *limit;
++ rlim_t value;
+
-+#define NX_IPV4(n) ((n)->v4.type != NXA_TYPE_NONE)
-+#ifdef CONFIG_IPV6
-+#define NX_IPV6(n) ((n)->v6.type != NXA_TYPE_NONE)
-+#else
-+#define NX_IPV6(n) (0)
-+#endif
++ if (VXD_RLIMIT_COND(res))
++ vxlprintk(1, "vx_cres_avail[%5d,%s,%2d]: %5ld/%5ld > %5ld + %5d",
++ (vxi ? vxi->vx_id : -1), vlimit_name[res], res,
++ (vxi ? (long)__rlim_soft(&vxi->limit, res) : -1),
++ (vxi ? (long)__rlim_hard(&vxi->limit, res) : -1),
++ (vxi ? (long)__rlim_get(&vxi->limit, res) : 0),
++ num, _file, _line);
++ if (!vxi)
++ return 1;
+
-+#endif /* __KERNEL__ */
-+#endif /* _VX_NETWORK_H */
-diff -NurpP --minimal linux-2.6.35.4/include/linux/vserver/percpu.h linux-2.6.35.4-vs2.3.0.36.32/include/linux/vserver/percpu.h
---- linux-2.6.35.4/include/linux/vserver/percpu.h 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/include/linux/vserver/percpu.h 2010-08-02 17:05:06.000000000 +0200
-@@ -0,0 +1,14 @@
-+#ifndef _VX_PERCPU_H
-+#define _VX_PERCPU_H
++ limit = &vxi->limit;
++ value = __rlim_get(limit, res);
+
-+#include "cvirt_def.h"
-+#include "sched_def.h"
++ if (!__vx_cres_adjust_max(limit, res, value))
++ __vx_cres_adjust_min(limit, res, value);
+
-+struct _vx_percpu {
-+ struct _vx_cvirt_pc cvirt;
++ if (num == 0)
++ return 1;
++
++ if (__rlim_soft(limit, res) == RLIM_INFINITY)
++ return -1;
++ if (value + num <= __rlim_soft(limit, res))
++ return -1;
++
++ if (__rlim_hard(limit, res) == RLIM_INFINITY)
++ return 1;
++ if (value + num <= __rlim_hard(limit, res))
++ return 1;
++
++ __rlim_hit(limit, res);
++ return 0;
++}
++
++
++static const int VLA_RSS[] = { RLIMIT_RSS, VLIMIT_ANON, VLIMIT_MAPPED, 0 };
++
++static inline
++rlim_t __vx_cres_array_sum(struct _vx_limit *limit, const int *array)
++{
++ rlim_t value, sum = 0;
++ int res;
++
++ while ((res = *array++)) {
++ value = __rlim_get(limit, res);
++ __vx_cres_fixup(limit, res, value);
++ sum += value;
++ }
++ return sum;
++}
++
++static inline
++rlim_t __vx_cres_array_fixup(struct _vx_limit *limit, const int *array)
++{
++ rlim_t value = __vx_cres_array_sum(limit, array + 1);
++ int res = *array;
++
++ if (value == __rlim_get(limit, res))
++ return value;
++
++ __rlim_set(limit, res, value);
++ /* now adjust min/max */
++ if (!__vx_cres_adjust_max(limit, res, value))
++ __vx_cres_adjust_min(limit, res, value);
++
++ return value;
++}
++
++static inline int __vx_cres_array_avail(struct vx_info *vxi,
++ const int *array, int num, char *_file, int _line)
++{
++ struct _vx_limit *limit;
++ rlim_t value = 0;
++ int res;
++
++ if (num == 0)
++ return 1;
++ if (!vxi)
++ return 1;
++
++ limit = &vxi->limit;
++ res = *array;
++ value = __vx_cres_array_sum(limit, array + 1);
++
++ __rlim_set(limit, res, value);
++ __vx_cres_fixup(limit, res, value);
++
++ return __vx_cres_avail(vxi, res, num, _file, _line);
++}
++
++
++static inline void vx_limit_fixup(struct _vx_limit *limit, int id)
++{
++ rlim_t value;
++ int res;
++
++ /* complex resources first */
++ if ((id < 0) || (id == RLIMIT_RSS))
++ __vx_cres_array_fixup(limit, VLA_RSS);
++
++ for (res = 0; res < NUM_LIMITS; res++) {
++ if ((id > 0) && (res != id))
++ continue;
++
++ value = __rlim_get(limit, res);
++ __vx_cres_fixup(limit, res, value);
++
++ /* not supposed to happen, maybe warn? */
++ if (__rlim_rmax(limit, res) > __rlim_hard(limit, res))
++ __rlim_rmax(limit, res) = __rlim_hard(limit, res);
++ }
++}
++
++
++#endif /* _VSERVER_LIMIT_INT_H */
+diff -NurpP --minimal linux-3.9.4/include/linux/vserver/monitor.h linux-3.9.4-vs2.3.6.2/include/linux/vserver/monitor.h
+--- linux-3.9.4/include/linux/vserver/monitor.h 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/linux/vserver/monitor.h 2013-05-31 14:47:11.000000000 +0000
+@@ -0,0 +1,6 @@
++#ifndef _VSERVER_MONITOR_H
++#define _VSERVER_MONITOR_H
++
++#include <uapi/vserver/monitor.h>
++
++#endif /* _VSERVER_MONITOR_H */
+diff -NurpP --minimal linux-3.9.4/include/linux/vserver/network.h linux-3.9.4-vs2.3.6.2/include/linux/vserver/network.h
+--- linux-3.9.4/include/linux/vserver/network.h 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/linux/vserver/network.h 2013-05-31 14:47:11.000000000 +0000
+@@ -0,0 +1,76 @@
++#ifndef _VSERVER_NETWORK_H
++#define _VSERVER_NETWORK_H
++
++
++#include <linux/list.h>
++#include <linux/spinlock.h>
++#include <linux/rcupdate.h>
++#include <linux/in.h>
++#include <linux/in6.h>
++#include <asm/atomic.h>
++#include <uapi/vserver/network.h>
++
++struct nx_addr_v4 {
++ struct nx_addr_v4 *next;
++ struct in_addr ip[2];
++ struct in_addr mask;
++ uint16_t type;
++ uint16_t flags;
++};
++
++struct nx_addr_v6 {
++ struct nx_addr_v6 *next;
++ struct in6_addr ip;
++ struct in6_addr mask;
++ uint32_t prefix;
++ uint16_t type;
++ uint16_t flags;
++};
++
++struct nx_info {
++ struct hlist_node nx_hlist; /* linked list of nxinfos */
++ nid_t nx_id; /* vnet id */
++ atomic_t nx_usecnt; /* usage count */
++ atomic_t nx_tasks; /* tasks count */
++ int nx_state; /* context state */
++
++ uint64_t nx_flags; /* network flag word */
++ uint64_t nx_ncaps; /* network capabilities */
++
++ spinlock_t addr_lock; /* protect address changes */
++ struct in_addr v4_lback; /* Loopback address */
++ struct in_addr v4_bcast; /* Broadcast address */
++ struct nx_addr_v4 v4; /* First/Single ipv4 address */
++#ifdef CONFIG_IPV6
++ struct nx_addr_v6 v6; /* First/Single ipv6 address */
++#endif
++ char nx_name[65]; /* network context name */
++};
++
++
++/* status flags */
++
++#define NXS_HASHED 0x0001
++#define NXS_SHUTDOWN 0x0100
++#define NXS_RELEASED 0x8000
++
++extern struct nx_info *lookup_nx_info(int);
++
++extern int get_nid_list(int, unsigned int *, int);
++extern int nid_is_hashed(nid_t);
++
++extern int nx_migrate_task(struct task_struct *, struct nx_info *);
++
++extern long vs_net_change(struct nx_info *, unsigned int);
++
++struct sock;
++
++
++#define NX_IPV4(n) ((n)->v4.type != NXA_TYPE_NONE)
++#ifdef CONFIG_IPV6
++#define NX_IPV6(n) ((n)->v6.type != NXA_TYPE_NONE)
++#else
++#define NX_IPV6(n) (0)
++#endif
++
++#endif /* _VSERVER_NETWORK_H */
+diff -NurpP --minimal linux-3.9.4/include/linux/vserver/network_cmd.h linux-3.9.4-vs2.3.6.2/include/linux/vserver/network_cmd.h
+--- linux-3.9.4/include/linux/vserver/network_cmd.h 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/linux/vserver/network_cmd.h 2013-05-31 14:47:11.000000000 +0000
+@@ -0,0 +1,37 @@
++#ifndef _VSERVER_NETWORK_CMD_H
++#define _VSERVER_NETWORK_CMD_H
++
++#include <uapi/vserver/network_cmd.h>
++
++extern int vc_task_nid(uint32_t);
++
++extern int vc_nx_info(struct nx_info *, void __user *);
++
++extern int vc_net_create(uint32_t, void __user *);
++extern int vc_net_migrate(struct nx_info *, void __user *);
++
++extern int vc_net_add(struct nx_info *, void __user *);
++extern int vc_net_remove(struct nx_info *, void __user *);
++
++extern int vc_net_add_ipv4_v1(struct nx_info *, void __user *);
++extern int vc_net_add_ipv4(struct nx_info *, void __user *);
++
++extern int vc_net_rem_ipv4_v1(struct nx_info *, void __user *);
++extern int vc_net_rem_ipv4(struct nx_info *, void __user *);
++
++extern int vc_net_add_ipv6(struct nx_info *, void __user *);
++extern int vc_net_remove_ipv6(struct nx_info *, void __user *);
++
++extern int vc_add_match_ipv4(struct nx_info *, void __user *);
++extern int vc_get_match_ipv4(struct nx_info *, void __user *);
++
++extern int vc_add_match_ipv6(struct nx_info *, void __user *);
++extern int vc_get_match_ipv6(struct nx_info *, void __user *);
++
++extern int vc_get_nflags(struct nx_info *, void __user *);
++extern int vc_set_nflags(struct nx_info *, void __user *);
++
++extern int vc_get_ncaps(struct nx_info *, void __user *);
++extern int vc_set_ncaps(struct nx_info *, void __user *);
++
++#endif /* _VSERVER_CONTEXT_CMD_H */
+diff -NurpP --minimal linux-3.9.4/include/linux/vserver/percpu.h linux-3.9.4-vs2.3.6.2/include/linux/vserver/percpu.h
+--- linux-3.9.4/include/linux/vserver/percpu.h 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/linux/vserver/percpu.h 2013-05-31 14:47:11.000000000 +0000
+@@ -0,0 +1,14 @@
++#ifndef _VSERVER_PERCPU_H
++#define _VSERVER_PERCPU_H
++
++#include "cvirt_def.h"
++#include "sched_def.h"
++
++struct _vx_percpu {
++ struct _vx_cvirt_pc cvirt;
+ struct _vx_sched_pc sched;
+};
+
+#define PERCPU_PERCTX (sizeof(struct _vx_percpu))
+
-+#endif /* _VX_PERCPU_H */
-diff -NurpP --minimal linux-2.6.35.4/include/linux/vserver/pid.h linux-2.6.35.4-vs2.3.0.36.32/include/linux/vserver/pid.h
---- linux-2.6.35.4/include/linux/vserver/pid.h 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/include/linux/vserver/pid.h 2010-08-02 17:05:06.000000000 +0200
++#endif /* _VSERVER_PERCPU_H */
+diff -NurpP --minimal linux-3.9.4/include/linux/vserver/pid.h linux-3.9.4-vs2.3.6.2/include/linux/vserver/pid.h
+--- linux-3.9.4/include/linux/vserver/pid.h 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/linux/vserver/pid.h 2013-05-31 14:47:11.000000000 +0000
@@ -0,0 +1,51 @@
+#ifndef _VSERVER_PID_H
+#define _VSERVER_PID_H
+}
+
+#endif
-diff -NurpP --minimal linux-2.6.35.4/include/linux/vserver/sched_cmd.h linux-2.6.35.4-vs2.3.0.36.32/include/linux/vserver/sched_cmd.h
---- linux-2.6.35.4/include/linux/vserver/sched_cmd.h 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/include/linux/vserver/sched_cmd.h 2010-08-02 17:05:06.000000000 +0200
-@@ -0,0 +1,108 @@
-+#ifndef _VX_SCHED_CMD_H
-+#define _VX_SCHED_CMD_H
-+
-+
-+/* sched vserver commands */
-+
-+#define VCMD_set_sched_v2 VC_CMD(SCHED, 1, 2)
-+#define VCMD_set_sched_v3 VC_CMD(SCHED, 1, 3)
-+#define VCMD_set_sched_v4 VC_CMD(SCHED, 1, 4)
-+
-+struct vcmd_set_sched_v2 {
-+ int32_t fill_rate;
-+ int32_t interval;
-+ int32_t tokens;
-+ int32_t tokens_min;
-+ int32_t tokens_max;
-+ uint64_t cpu_mask;
-+};
-+
-+struct vcmd_set_sched_v3 {
-+ uint32_t set_mask;
-+ int32_t fill_rate;
-+ int32_t interval;
-+ int32_t tokens;
-+ int32_t tokens_min;
-+ int32_t tokens_max;
-+ int32_t priority_bias;
-+};
-+
-+struct vcmd_set_sched_v4 {
-+ uint32_t set_mask;
-+ int32_t fill_rate;
-+ int32_t interval;
-+ int32_t tokens;
-+ int32_t tokens_min;
-+ int32_t tokens_max;
-+ int32_t prio_bias;
-+ int32_t cpu_id;
-+ int32_t bucket_id;
-+};
-+
-+#define VCMD_set_sched VC_CMD(SCHED, 1, 5)
-+#define VCMD_get_sched VC_CMD(SCHED, 2, 5)
-+
-+struct vcmd_sched_v5 {
-+ uint32_t mask;
-+ int32_t cpu_id;
-+ int32_t bucket_id;
-+ int32_t fill_rate[2];
-+ int32_t interval[2];
-+ int32_t tokens;
-+ int32_t tokens_min;
-+ int32_t tokens_max;
-+ int32_t prio_bias;
-+};
+diff -NurpP --minimal linux-3.9.4/include/linux/vserver/sched.h linux-3.9.4-vs2.3.6.2/include/linux/vserver/sched.h
+--- linux-3.9.4/include/linux/vserver/sched.h 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/linux/vserver/sched.h 2013-05-31 14:47:11.000000000 +0000
+@@ -0,0 +1,23 @@
++#ifndef _VSERVER_SCHED_H
++#define _VSERVER_SCHED_H
+
-+#define VXSM_FILL_RATE 0x0001
-+#define VXSM_INTERVAL 0x0002
-+#define VXSM_FILL_RATE2 0x0004
-+#define VXSM_INTERVAL2 0x0008
-+#define VXSM_TOKENS 0x0010
-+#define VXSM_TOKENS_MIN 0x0020
-+#define VXSM_TOKENS_MAX 0x0040
-+#define VXSM_PRIO_BIAS 0x0100
+
-+#define VXSM_IDLE_TIME 0x0200
-+#define VXSM_FORCE 0x0400
++#ifdef __KERNEL__
+
-+#define VXSM_V3_MASK 0x0173
-+#define VXSM_SET_MASK 0x01FF
++struct timespec;
+
-+#define VXSM_CPU_ID 0x1000
-+#define VXSM_BUCKET_ID 0x2000
++void vx_vsi_uptime(struct timespec *, struct timespec *);
+
-+#define VXSM_MSEC 0x4000
+
-+#define SCHED_KEEP (-2) /* only for v2 */
++struct vx_info;
+
-+#ifdef __KERNEL__
++void vx_update_load(struct vx_info *);
+
-+#include <linux/compiler.h>
+
-+extern int vc_set_sched_v2(struct vx_info *, void __user *);
-+extern int vc_set_sched_v3(struct vx_info *, void __user *);
-+extern int vc_set_sched_v4(struct vx_info *, void __user *);
-+extern int vc_set_sched(struct vx_info *, void __user *);
-+extern int vc_get_sched(struct vx_info *, void __user *);
++void vx_update_sched_param(struct _vx_sched *sched,
++ struct _vx_sched_pc *sched_pc);
+
+#endif /* __KERNEL__ */
++#else /* _VSERVER_SCHED_H */
++#warning duplicate inclusion
++#endif /* _VSERVER_SCHED_H */
+diff -NurpP --minimal linux-3.9.4/include/linux/vserver/sched_cmd.h linux-3.9.4-vs2.3.6.2/include/linux/vserver/sched_cmd.h
+--- linux-3.9.4/include/linux/vserver/sched_cmd.h 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/linux/vserver/sched_cmd.h 2013-05-31 14:47:11.000000000 +0000
+@@ -0,0 +1,11 @@
++#ifndef _VSERVER_SCHED_CMD_H
++#define _VSERVER_SCHED_CMD_H
+
-+#define VCMD_sched_info VC_CMD(SCHED, 3, 0)
-+
-+struct vcmd_sched_info {
-+ int32_t cpu_id;
-+ int32_t bucket_id;
-+ uint64_t user_msec;
-+ uint64_t sys_msec;
-+ uint64_t hold_msec;
-+ uint32_t token_usec;
-+ int32_t vavavoom;
-+};
+
-+#ifdef __KERNEL__
++#include <linux/compiler.h>
++#include <uapi/vserver/sched_cmd.h>
+
-+extern int vc_sched_info(struct vx_info *, void __user *);
++extern int vc_set_prio_bias(struct vx_info *, void __user *);
++extern int vc_get_prio_bias(struct vx_info *, void __user *);
+
-+#endif /* __KERNEL__ */
-+#endif /* _VX_SCHED_CMD_H */
-diff -NurpP --minimal linux-2.6.35.4/include/linux/vserver/sched_def.h linux-2.6.35.4-vs2.3.0.36.32/include/linux/vserver/sched_def.h
---- linux-2.6.35.4/include/linux/vserver/sched_def.h 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/include/linux/vserver/sched_def.h 2010-08-02 17:05:06.000000000 +0200
-@@ -0,0 +1,68 @@
-+#ifndef _VX_SCHED_DEF_H
-+#define _VX_SCHED_DEF_H
++#endif /* _VSERVER_SCHED_CMD_H */
+diff -NurpP --minimal linux-3.9.4/include/linux/vserver/sched_def.h linux-3.9.4-vs2.3.6.2/include/linux/vserver/sched_def.h
+--- linux-3.9.4/include/linux/vserver/sched_def.h 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/linux/vserver/sched_def.h 2013-05-31 14:47:11.000000000 +0000
+@@ -0,0 +1,38 @@
++#ifndef _VSERVER_SCHED_DEF_H
++#define _VSERVER_SCHED_DEF_H
+
+#include <linux/spinlock.h>
+#include <linux/jiffies.h>
+/* context sub struct */
+
+struct _vx_sched {
-+ spinlock_t tokens_lock; /* lock for token bucket */
-+
-+ int tokens; /* number of CPU tokens */
-+ int fill_rate[2]; /* Fill rate: add X tokens... */
-+ int interval[2]; /* Divisor: per Y jiffies */
-+ int tokens_min; /* Limit: minimum for unhold */
-+ int tokens_max; /* Limit: no more than N tokens */
-+
+ int prio_bias; /* bias offset for priority */
+
-+ unsigned update_mask; /* which features should be updated */
+ cpumask_t update; /* CPUs which should update */
+};
+
+struct _vx_sched_pc {
-+ int tokens; /* number of CPU tokens */
-+ int flags; /* bucket flags */
-+
-+ int fill_rate[2]; /* Fill rate: add X tokens... */
-+ int interval[2]; /* Divisor: per Y jiffies */
-+ int tokens_min; /* Limit: minimum for unhold */
-+ int tokens_max; /* Limit: no more than N tokens */
-+
+ int prio_bias; /* bias offset for priority */
-+ int vavavoom; /* last calculated vavavoom */
-+
-+ unsigned long norm_time; /* last time accounted */
-+ unsigned long idle_time; /* non linear time for fair sched */
-+ unsigned long token_time; /* token time for accounting */
-+ unsigned long onhold; /* jiffies when put on hold */
+
+ uint64_t user_ticks; /* token tick events */
+ uint64_t sys_ticks; /* token tick events */
+};
+
+
-+#define VXSF_ONHOLD 0x0001
-+#define VXSF_IDLE_TIME 0x0100
-+
+#ifdef CONFIG_VSERVER_DEBUG
+
+static inline void __dump_vx_sched(struct _vx_sched *sched)
+{
+ printk("\t_vx_sched:\n");
-+ printk("\t tokens: %4d/%4d, %4d/%4d, %4d, %4d\n",
-+ sched->fill_rate[0], sched->interval[0],
-+ sched->fill_rate[1], sched->interval[1],
-+ sched->tokens_min, sched->tokens_max);
+ printk("\t priority = %4d\n", sched->prio_bias);
+}
+
+#endif
+
-+#endif /* _VX_SCHED_DEF_H */
-diff -NurpP --minimal linux-2.6.35.4/include/linux/vserver/sched.h linux-2.6.35.4-vs2.3.0.36.32/include/linux/vserver/sched.h
---- linux-2.6.35.4/include/linux/vserver/sched.h 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/include/linux/vserver/sched.h 2010-08-02 17:05:06.000000000 +0200
-@@ -0,0 +1,26 @@
-+#ifndef _VX_SCHED_H
-+#define _VX_SCHED_H
++#endif /* _VSERVER_SCHED_DEF_H */
+diff -NurpP --minimal linux-3.9.4/include/linux/vserver/signal.h linux-3.9.4-vs2.3.6.2/include/linux/vserver/signal.h
+--- linux-3.9.4/include/linux/vserver/signal.h 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/linux/vserver/signal.h 2013-05-31 14:47:11.000000000 +0000
+@@ -0,0 +1,14 @@
++#ifndef _VSERVER_SIGNAL_H
++#define _VSERVER_SIGNAL_H
+
+
+#ifdef __KERNEL__
+
-+struct timespec;
-+
-+void vx_vsi_uptime(struct timespec *, struct timespec *);
-+
-+
+struct vx_info;
+
-+void vx_update_load(struct vx_info *);
++int vx_info_kill(struct vx_info *, int, int);
+
++#endif /* __KERNEL__ */
++#else /* _VSERVER_SIGNAL_H */
++#warning duplicate inclusion
++#endif /* _VSERVER_SIGNAL_H */
+diff -NurpP --minimal linux-3.9.4/include/linux/vserver/signal_cmd.h linux-3.9.4-vs2.3.6.2/include/linux/vserver/signal_cmd.h
+--- linux-3.9.4/include/linux/vserver/signal_cmd.h 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/linux/vserver/signal_cmd.h 2013-05-31 14:47:11.000000000 +0000
+@@ -0,0 +1,14 @@
++#ifndef _VSERVER_SIGNAL_CMD_H
++#define _VSERVER_SIGNAL_CMD_H
+
-+int vx_tokens_recalc(struct _vx_sched_pc *,
-+ unsigned long *, unsigned long *, int [2]);
++#include <uapi/vserver/signal_cmd.h>
+
-+void vx_update_sched_param(struct _vx_sched *sched,
-+ struct _vx_sched_pc *sched_pc);
-+
-+#endif /* __KERNEL__ */
-+#else /* _VX_SCHED_H */
-+#warning duplicate inclusion
-+#endif /* _VX_SCHED_H */
-diff -NurpP --minimal linux-2.6.35.4/include/linux/vserver/signal_cmd.h linux-2.6.35.4-vs2.3.0.36.32/include/linux/vserver/signal_cmd.h
---- linux-2.6.35.4/include/linux/vserver/signal_cmd.h 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/include/linux/vserver/signal_cmd.h 2010-08-02 17:05:06.000000000 +0200
-@@ -0,0 +1,43 @@
-+#ifndef _VX_SIGNAL_CMD_H
-+#define _VX_SIGNAL_CMD_H
-+
-+
-+/* signalling vserver commands */
-+
-+#define VCMD_ctx_kill VC_CMD(PROCTRL, 1, 0)
-+#define VCMD_wait_exit VC_CMD(EVENT, 99, 0)
-+
-+struct vcmd_ctx_kill_v0 {
-+ int32_t pid;
-+ int32_t sig;
-+};
-+
-+struct vcmd_wait_exit_v0 {
-+ int32_t reboot_cmd;
-+ int32_t exit_code;
-+};
-+
-+#ifdef __KERNEL__
+
+extern int vc_ctx_kill(struct vx_info *, void __user *);
+extern int vc_wait_exit(struct vx_info *, void __user *);
+
-+#endif /* __KERNEL__ */
-+
-+/* process alteration commands */
-+
-+#define VCMD_get_pflags VC_CMD(PROCALT, 5, 0)
-+#define VCMD_set_pflags VC_CMD(PROCALT, 6, 0)
-+
-+struct vcmd_pflags_v0 {
-+ uint32_t flagword;
-+ uint32_t mask;
-+};
-+
-+#ifdef __KERNEL__
+
+extern int vc_get_pflags(uint32_t pid, void __user *);
+extern int vc_set_pflags(uint32_t pid, void __user *);
+
-+#endif /* __KERNEL__ */
-+#endif /* _VX_SIGNAL_CMD_H */
-diff -NurpP --minimal linux-2.6.35.4/include/linux/vserver/signal.h linux-2.6.35.4-vs2.3.0.36.32/include/linux/vserver/signal.h
---- linux-2.6.35.4/include/linux/vserver/signal.h 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/include/linux/vserver/signal.h 2010-08-02 17:05:06.000000000 +0200
-@@ -0,0 +1,14 @@
-+#ifndef _VX_SIGNAL_H
-+#define _VX_SIGNAL_H
-+
++#endif /* _VSERVER_SIGNAL_CMD_H */
+diff -NurpP --minimal linux-3.9.4/include/linux/vserver/space.h linux-3.9.4-vs2.3.6.2/include/linux/vserver/space.h
+--- linux-3.9.4/include/linux/vserver/space.h 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/linux/vserver/space.h 2013-05-31 14:47:11.000000000 +0000
+@@ -0,0 +1,12 @@
++#ifndef _VSERVER_SPACE_H
++#define _VSERVER_SPACE_H
+
-+#ifdef __KERNEL__
++#include <linux/types.h>
+
+struct vx_info;
+
-+int vx_info_kill(struct vx_info *, int, int);
++int vx_set_space(struct vx_info *vxi, unsigned long mask, unsigned index);
+
-+#endif /* __KERNEL__ */
-+#else /* _VX_SIGNAL_H */
++#else /* _VSERVER_SPACE_H */
+#warning duplicate inclusion
-+#endif /* _VX_SIGNAL_H */
-diff -NurpP --minimal linux-2.6.35.4/include/linux/vserver/space_cmd.h linux-2.6.35.4-vs2.3.0.36.32/include/linux/vserver/space_cmd.h
---- linux-2.6.35.4/include/linux/vserver/space_cmd.h 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/include/linux/vserver/space_cmd.h 2010-08-02 17:05:06.000000000 +0200
-@@ -0,0 +1,38 @@
-+#ifndef _VX_SPACE_CMD_H
-+#define _VX_SPACE_CMD_H
-+
-+
-+#define VCMD_enter_space_v0 VC_CMD(PROCALT, 1, 0)
-+#define VCMD_enter_space_v1 VC_CMD(PROCALT, 1, 1)
-+#define VCMD_enter_space VC_CMD(PROCALT, 1, 2)
-+
-+#define VCMD_set_space_v0 VC_CMD(PROCALT, 3, 0)
-+#define VCMD_set_space_v1 VC_CMD(PROCALT, 3, 1)
-+#define VCMD_set_space VC_CMD(PROCALT, 3, 2)
-+
-+#define VCMD_get_space_mask_v0 VC_CMD(PROCALT, 4, 0)
-+
-+#define VCMD_get_space_mask VC_CMD(VSPACE, 0, 1)
-+#define VCMD_get_space_default VC_CMD(VSPACE, 1, 0)
-+
-+
-+struct vcmd_space_mask_v1 {
-+ uint64_t mask;
-+};
-+
-+struct vcmd_space_mask_v2 {
-+ uint64_t mask;
-+ uint32_t index;
-+};
++#endif /* _VSERVER_SPACE_H */
+diff -NurpP --minimal linux-3.9.4/include/linux/vserver/space_cmd.h linux-3.9.4-vs2.3.6.2/include/linux/vserver/space_cmd.h
+--- linux-3.9.4/include/linux/vserver/space_cmd.h 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/linux/vserver/space_cmd.h 2013-05-31 14:47:11.000000000 +0000
+@@ -0,0 +1,13 @@
++#ifndef _VSERVER_SPACE_CMD_H
++#define _VSERVER_SPACE_CMD_H
+
++#include <uapi/vserver/space_cmd.h>
+
-+#ifdef __KERNEL__
+
+extern int vc_enter_space_v1(struct vx_info *, void __user *);
+extern int vc_set_space_v1(struct vx_info *, void __user *);
+extern int vc_set_space(struct vx_info *, void __user *);
+extern int vc_get_space_mask(void __user *, int);
+
-+#endif /* __KERNEL__ */
-+#endif /* _VX_SPACE_CMD_H */
-diff -NurpP --minimal linux-2.6.35.4/include/linux/vserver/space.h linux-2.6.35.4-vs2.3.0.36.32/include/linux/vserver/space.h
---- linux-2.6.35.4/include/linux/vserver/space.h 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/include/linux/vserver/space.h 2010-08-02 17:05:06.000000000 +0200
-@@ -0,0 +1,12 @@
-+#ifndef _VX_SPACE_H
-+#define _VX_SPACE_H
-+
-+#include <linux/types.h>
-+
-+struct vx_info;
-+
-+int vx_set_space(struct vx_info *vxi, unsigned long mask, unsigned index);
-+
-+#else /* _VX_SPACE_H */
-+#warning duplicate inclusion
-+#endif /* _VX_SPACE_H */
-diff -NurpP --minimal linux-2.6.35.4/include/linux/vserver/switch.h linux-2.6.35.4-vs2.3.0.36.32/include/linux/vserver/switch.h
---- linux-2.6.35.4/include/linux/vserver/switch.h 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/include/linux/vserver/switch.h 2010-08-02 17:05:06.000000000 +0200
-@@ -0,0 +1,98 @@
-+#ifndef _VX_SWITCH_H
-+#define _VX_SWITCH_H
-+
-+#include <linux/types.h>
-+
-+
-+#define VC_CATEGORY(c) (((c) >> 24) & 0x3F)
-+#define VC_COMMAND(c) (((c) >> 16) & 0xFF)
-+#define VC_VERSION(c) ((c) & 0xFFF)
-+
-+#define VC_CMD(c, i, v) ((((VC_CAT_ ## c) & 0x3F) << 24) \
-+ | (((i) & 0xFF) << 16) | ((v) & 0xFFF))
-+
-+/*
-+
-+ Syscall Matrix V2.8
-+
-+ |VERSION|CREATE |MODIFY |MIGRATE|CONTROL|EXPERIM| |SPECIAL|SPECIAL|
-+ |STATS |DESTROY|ALTER |CHANGE |LIMIT |TEST | | | |
-+ |INFO |SETUP | |MOVE | | | | | |
-+ -------+-------+-------+-------+-------+-------+-------+ +-------+-------+
-+ SYSTEM |VERSION|VSETUP |VHOST | | | | |DEVICE | |
-+ HOST | 00| 01| 02| 03| 04| 05| | 06| 07|
-+ -------+-------+-------+-------+-------+-------+-------+ +-------+-------+
-+ CPU | |VPROC |PROCALT|PROCMIG|PROCTRL| | |SCHED. | |
-+ PROCESS| 08| 09| 10| 11| 12| 13| | 14| 15|
-+ -------+-------+-------+-------+-------+-------+-------+ +-------+-------+
-+ MEMORY | | | | |MEMCTRL| | |SWAP | |
-+ | 16| 17| 18| 19| 20| 21| | 22| 23|
-+ -------+-------+-------+-------+-------+-------+-------+ +-------+-------+
-+ NETWORK| |VNET |NETALT |NETMIG |NETCTL | | |SERIAL | |
-+ | 24| 25| 26| 27| 28| 29| | 30| 31|
-+ -------+-------+-------+-------+-------+-------+-------+ +-------+-------+
-+ DISK | | | |TAGMIG |DLIMIT | | |INODE | |
-+ VFS | 32| 33| 34| 35| 36| 37| | 38| 39|
-+ -------+-------+-------+-------+-------+-------+-------+ +-------+-------+
-+ OTHER |VSTAT | | | | | | |VINFO | |
-+ | 40| 41| 42| 43| 44| 45| | 46| 47|
-+ =======+=======+=======+=======+=======+=======+=======+ +=======+=======+
-+ SPECIAL|EVENT | | | |FLAGS | | |VSPACE | |
-+ | 48| 49| 50| 51| 52| 53| | 54| 55|
-+ -------+-------+-------+-------+-------+-------+-------+ +-------+-------+
-+ SPECIAL|DEBUG | | | |RLIMIT |SYSCALL| | |COMPAT |
-+ | 56| 57| 58| 59| 60|TEST 61| | 62| 63|
-+ -------+-------+-------+-------+-------+-------+-------+ +-------+-------+
-+
-+*/
-+
-+#define VC_CAT_VERSION 0
-+
-+#define VC_CAT_VSETUP 1
-+#define VC_CAT_VHOST 2
-+
-+#define VC_CAT_DEVICE 6
-+
-+#define VC_CAT_VPROC 9
-+#define VC_CAT_PROCALT 10
-+#define VC_CAT_PROCMIG 11
-+#define VC_CAT_PROCTRL 12
-+
-+#define VC_CAT_SCHED 14
-+#define VC_CAT_MEMCTRL 20
-+
-+#define VC_CAT_VNET 25
-+#define VC_CAT_NETALT 26
-+#define VC_CAT_NETMIG 27
-+#define VC_CAT_NETCTRL 28
-+
-+#define VC_CAT_TAGMIG 35
-+#define VC_CAT_DLIMIT 36
-+#define VC_CAT_INODE 38
-+
-+#define VC_CAT_VSTAT 40
-+#define VC_CAT_VINFO 46
-+#define VC_CAT_EVENT 48
-+
-+#define VC_CAT_FLAGS 52
-+#define VC_CAT_VSPACE 54
-+#define VC_CAT_DEBUG 56
-+#define VC_CAT_RLIMIT 60
-+
-+#define VC_CAT_SYSTEST 61
-+#define VC_CAT_COMPAT 63
-+
-+/* query version */
-+
-+#define VCMD_get_version VC_CMD(VERSION, 0, 0)
-+#define VCMD_get_vci VC_CMD(VERSION, 1, 0)
-+
++#endif /* _VSERVER_SPACE_CMD_H */
+diff -NurpP --minimal linux-3.9.4/include/linux/vserver/switch.h linux-3.9.4-vs2.3.6.2/include/linux/vserver/switch.h
+--- linux-3.9.4/include/linux/vserver/switch.h 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/linux/vserver/switch.h 2013-05-31 14:47:11.000000000 +0000
+@@ -0,0 +1,8 @@
++#ifndef _VSERVER_SWITCH_H
++#define _VSERVER_SWITCH_H
+
-+#ifdef __KERNEL__
+
+#include <linux/errno.h>
++#include <uapi/vserver/switch.h>
+
-+#endif /* __KERNEL__ */
-+
-+#endif /* _VX_SWITCH_H */
-+
-diff -NurpP --minimal linux-2.6.35.4/include/linux/vserver/tag_cmd.h linux-2.6.35.4-vs2.3.0.36.32/include/linux/vserver/tag_cmd.h
---- linux-2.6.35.4/include/linux/vserver/tag_cmd.h 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/include/linux/vserver/tag_cmd.h 2010-08-02 17:05:06.000000000 +0200
-@@ -0,0 +1,22 @@
-+#ifndef _VX_TAG_CMD_H
-+#define _VX_TAG_CMD_H
-+
-+
-+/* vinfo commands */
-+
-+#define VCMD_task_tag VC_CMD(VINFO, 3, 0)
-+
-+#ifdef __KERNEL__
-+extern int vc_task_tag(uint32_t);
-+
-+#endif /* __KERNEL__ */
-+
-+/* context commands */
-+
-+#define VCMD_tag_migrate VC_CMD(TAGMIG, 1, 0)
-+
-+#ifdef __KERNEL__
-+extern int vc_tag_migrate(uint32_t);
-+
-+#endif /* __KERNEL__ */
-+#endif /* _VX_TAG_CMD_H */
-diff -NurpP --minimal linux-2.6.35.4/include/linux/vserver/tag.h linux-2.6.35.4-vs2.3.0.36.32/include/linux/vserver/tag.h
---- linux-2.6.35.4/include/linux/vserver/tag.h 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/include/linux/vserver/tag.h 2010-08-02 17:05:06.000000000 +0200
-@@ -0,0 +1,143 @@
++#endif /* _VSERVER_SWITCH_H */
+diff -NurpP --minimal linux-3.9.4/include/linux/vserver/tag.h linux-3.9.4-vs2.3.6.2/include/linux/vserver/tag.h
+--- linux-3.9.4/include/linux/vserver/tag.h 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/linux/vserver/tag.h 2013-06-01 08:36:17.000000000 +0000
+@@ -0,0 +1,149 @@
+#ifndef _DX_TAG_H
+#define _DX_TAG_H
+
+ return (uid & MAX_UID);
+}
+
++#define dx_map_kuid(n, u) \
++ make_kuid(n, dx_map_uid(from_kuid(n, u)))
++
+static inline gid_t dx_map_gid(gid_t gid)
+{
+ if ((gid > MAX_GID) && (gid != -1))
+ return (gid & MAX_GID);
+}
+
++#define dx_map_kgid(n, u) \
++ make_kgid(n, dx_map_gid(from_kgid(n, u)))
++
+struct peer_tag {
+ int32_t xid;
+ int32_t nid;
+#endif
+
+#endif /* _DX_TAG_H */
-diff -NurpP --minimal linux-2.6.35.4/include/linux/vs_inet6.h linux-2.6.35.4-vs2.3.0.36.32/include/linux/vs_inet6.h
---- linux-2.6.35.4/include/linux/vs_inet6.h 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/include/linux/vs_inet6.h 2010-08-02 17:05:06.000000000 +0200
-@@ -0,0 +1,246 @@
-+#ifndef _VS_INET6_H
-+#define _VS_INET6_H
+diff -NurpP --minimal linux-3.9.4/include/linux/vserver/tag_cmd.h linux-3.9.4-vs2.3.6.2/include/linux/vserver/tag_cmd.h
+--- linux-3.9.4/include/linux/vserver/tag_cmd.h 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/linux/vserver/tag_cmd.h 2013-05-31 14:47:11.000000000 +0000
+@@ -0,0 +1,10 @@
++#ifndef _VSERVER_TAG_CMD_H
++#define _VSERVER_TAG_CMD_H
+
-+#include "vserver/base.h"
-+#include "vserver/network.h"
-+#include "vserver/debug.h"
++#include <uapi/vserver/tag_cmd.h>
+
-+#include <net/ipv6.h>
++extern int vc_task_tag(uint32_t);
+
-+#define NXAV6(a) &(a)->ip, &(a)->mask, (a)->prefix, (a)->type
-+#define NXAV6_FMT "[%pI6/%pI6/%d:%04x]"
++extern int vc_tag_migrate(uint32_t);
+
++#endif /* _VSERVER_TAG_CMD_H */
+diff -NurpP --minimal linux-3.9.4/include/net/addrconf.h linux-3.9.4-vs2.3.6.2/include/net/addrconf.h
+--- linux-3.9.4/include/net/addrconf.h 2013-05-31 13:45:28.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/net/addrconf.h 2013-05-31 17:17:53.000000000 +0000
+@@ -85,7 +85,8 @@ extern int ipv6_dev_get_saddr(struct n
+ const struct net_device *dev,
+ const struct in6_addr *daddr,
+ unsigned int srcprefs,
+- struct in6_addr *saddr);
++ struct in6_addr *saddr,
++ struct nx_info *nxi);
+ extern int ipv6_get_lladdr(struct net_device *dev,
+ struct in6_addr *addr,
+ unsigned char banned_flags);
+diff -NurpP --minimal linux-3.9.4/include/net/af_unix.h linux-3.9.4-vs2.3.6.2/include/net/af_unix.h
+--- linux-3.9.4/include/net/af_unix.h 2013-02-19 13:58:52.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/net/af_unix.h 2013-05-31 17:17:53.000000000 +0000
+@@ -4,6 +4,7 @@
+ #include <linux/socket.h>
+ #include <linux/un.h>
+ #include <linux/mutex.h>
++#include <linux/vs_base.h>
+ #include <net/sock.h>
+
+ extern void unix_inflight(struct file *fp);
+diff -NurpP --minimal linux-3.9.4/include/net/inet_timewait_sock.h linux-3.9.4-vs2.3.6.2/include/net/inet_timewait_sock.h
+--- linux-3.9.4/include/net/inet_timewait_sock.h 2013-05-31 13:45:28.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/net/inet_timewait_sock.h 2013-05-31 17:18:34.000000000 +0000
+@@ -116,6 +116,10 @@ struct inet_timewait_sock {
+ #define tw_dport __tw_common.skc_dport
+ #define tw_num __tw_common.skc_num
+ #define tw_portpair __tw_common.skc_portpair
++#define tw_xid __tw_common.skc_xid
++#define tw_vx_info __tw_common.skc_vx_info
++#define tw_nid __tw_common.skc_nid
++#define tw_nx_info __tw_common.skc_nx_info
+
+ int tw_timeout;
+ volatile unsigned char tw_substate;
+diff -NurpP --minimal linux-3.9.4/include/net/ip6_route.h linux-3.9.4-vs2.3.6.2/include/net/ip6_route.h
+--- linux-3.9.4/include/net/ip6_route.h 2013-05-31 13:45:28.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/net/ip6_route.h 2013-05-31 17:17:53.000000000 +0000
+@@ -95,7 +95,8 @@ extern int ip6_route_get_saddr(struct
+ struct rt6_info *rt,
+ const struct in6_addr *daddr,
+ unsigned int prefs,
+- struct in6_addr *saddr);
++ struct in6_addr *saddr,
++ struct nx_info *nxi);
+
+ extern struct rt6_info *rt6_lookup(struct net *net,
+ const struct in6_addr *daddr,
+diff -NurpP --minimal linux-3.9.4/include/net/route.h linux-3.9.4-vs2.3.6.2/include/net/route.h
+--- linux-3.9.4/include/net/route.h 2013-02-19 13:58:52.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/net/route.h 2013-05-31 17:17:53.000000000 +0000
+@@ -207,6 +207,9 @@ static inline void ip_rt_put(struct rtab
+ dst_release(&rt->dst);
+ }
+
++#include <linux/vs_base.h>
++#include <linux/vs_inet.h>
+
-+#ifdef CONFIG_IPV6
+ #define IPTOS_RT_MASK (IPTOS_TOS_MASK & ~3)
+
+ extern const __u8 ip_tos2prio[16];
+@@ -256,6 +259,9 @@ static inline void ip_route_connect_init
+ protocol, flow_flags, dst, src, dport, sport);
+ }
+
++extern struct rtable *ip_v4_find_src(struct net *net, struct nx_info *,
++ struct flowi4 *);
+
-+static inline
-+int v6_addr_match(struct nx_addr_v6 *nxa,
-+ const struct in6_addr *addr, uint16_t mask)
-+{
-+ int ret = 0;
+ static inline struct rtable *ip_route_connect(struct flowi4 *fl4,
+ __be32 dst, __be32 src, u32 tos,
+ int oif, u8 protocol,
+@@ -264,11 +270,25 @@ static inline struct rtable *ip_route_co
+ {
+ struct net *net = sock_net(sk);
+ struct rtable *rt;
++ struct nx_info *nx_info = current_nx_info();
+
+ ip_route_connect_init(fl4, dst, src, tos, oif, protocol,
+ sport, dport, sk, can_sleep);
+
+- if (!dst || !src) {
++ if (sk)
++ nx_info = sk->sk_nx_info;
+
-+ switch (nxa->type & mask) {
-+ case NXA_TYPE_MASK:
-+ ret = ipv6_masked_addr_cmp(&nxa->ip, &nxa->mask, addr);
-+ break;
-+ case NXA_TYPE_ADDR:
-+ ret = ipv6_addr_equal(&nxa->ip, addr);
-+ break;
-+ case NXA_TYPE_ANY:
-+ ret = 1;
-+ break;
-+ }
-+ vxdprintk(VXD_CBIT(net, 0),
-+ "v6_addr_match(%p" NXAV6_FMT ",%pI6,%04x) = %d",
-+ nxa, NXAV6(nxa), addr, mask, ret);
-+ return ret;
-+}
++ vxdprintk(VXD_CBIT(net, 4),
++ "ip_route_connect(%p) %p,%p;%lx",
++ sk, nx_info, sk->sk_socket,
++ (sk->sk_socket?sk->sk_socket->flags:0));
+
-+static inline
-+int v6_addr_in_nx_info(struct nx_info *nxi,
-+ const struct in6_addr *addr, uint16_t mask)
-+{
-+ struct nx_addr_v6 *nxa;
-+ int ret = 1;
++ rt = ip_v4_find_src(net, nx_info, fl4);
++ if (IS_ERR(rt))
++ return rt;
++ ip_rt_put(rt);
++
++ if (!fl4->daddr || !fl4->saddr) {
+ rt = __ip_route_output_key(net, fl4);
+ if (IS_ERR(rt))
+ return rt;
+diff -NurpP --minimal linux-3.9.4/include/net/sock.h linux-3.9.4-vs2.3.6.2/include/net/sock.h
+--- linux-3.9.4/include/net/sock.h 2013-05-31 14:22:27.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/net/sock.h 2013-05-31 17:17:53.000000000 +0000
+@@ -191,6 +191,10 @@ struct sock_common {
+ #ifdef CONFIG_NET_NS
+ struct net *skc_net;
+ #endif
++ xid_t skc_xid;
++ struct vx_info *skc_vx_info;
++ nid_t skc_nid;
++ struct nx_info *skc_nx_info;
+ /*
+ * fields between dontcopy_begin/dontcopy_end
+ * are not copied in sock_copy()
+@@ -304,6 +308,10 @@ struct sock {
+ #define sk_bind_node __sk_common.skc_bind_node
+ #define sk_prot __sk_common.skc_prot
+ #define sk_net __sk_common.skc_net
++#define sk_xid __sk_common.skc_xid
++#define sk_vx_info __sk_common.skc_vx_info
++#define sk_nid __sk_common.skc_nid
++#define sk_nx_info __sk_common.skc_nx_info
+ socket_lock_t sk_lock;
+ struct sk_buff_head sk_receive_queue;
+ /*
+diff -NurpP --minimal linux-3.9.4/include/uapi/Kbuild linux-3.9.4-vs2.3.6.2/include/uapi/Kbuild
+--- linux-3.9.4/include/uapi/Kbuild 2012-12-11 03:30:57.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/uapi/Kbuild 2013-05-31 14:47:11.000000000 +0000
+@@ -12,3 +12,4 @@ header-y += video/
+ header-y += drm/
+ header-y += xen/
+ header-y += scsi/
++header-y += vserver/
+diff -NurpP --minimal linux-3.9.4/include/uapi/linux/capability.h linux-3.9.4-vs2.3.6.2/include/uapi/linux/capability.h
+--- linux-3.9.4/include/uapi/linux/capability.h 2012-12-11 03:30:57.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/uapi/linux/capability.h 2013-05-31 14:47:11.000000000 +0000
+@@ -259,6 +259,7 @@ struct vfs_cap_data {
+ arbitrary SCSI commands */
+ /* Allow setting encryption key on loopback filesystem */
+ /* Allow setting zone reclaim policy */
++/* Allow the selection of a security context */
+
+ #define CAP_SYS_ADMIN 21
+
+@@ -345,7 +346,12 @@ struct vfs_cap_data {
+
+ #define CAP_LAST_CAP CAP_BLOCK_SUSPEND
+
+-#define cap_valid(x) ((x) >= 0 && (x) <= CAP_LAST_CAP)
++/* Allow context manipulations */
++/* Allow changing context info on files */
+
-+ if (!nxi)
-+ goto out;
-+ for (nxa = &nxi->v6; nxa; nxa = nxa->next)
-+ if (v6_addr_match(nxa, addr, mask))
-+ goto out;
-+ ret = 0;
-+out:
-+ vxdprintk(VXD_CBIT(net, 0),
-+ "v6_addr_in_nx_info(%p[#%u],%pI6,%04x) = %d",
-+ nxi, nxi ? nxi->nx_id : 0, addr, mask, ret);
-+ return ret;
-+}
++#define CAP_CONTEXT 63
+
-+static inline
-+int v6_nx_addr_match(struct nx_addr_v6 *nxa, struct nx_addr_v6 *addr, uint16_t mask)
-+{
-+ /* FIXME: needs full range checks */
-+ return v6_addr_match(nxa, &addr->ip, mask);
-+}
++#define cap_valid(x) ((x) >= 0 && ((x) <= CAP_LAST_CAP || (x) == CAP_CONTEXT))
+
+ /*
+ * Bit location of each capability (used by user-space library and kernel)
+diff -NurpP --minimal linux-3.9.4/include/uapi/linux/fs.h linux-3.9.4-vs2.3.6.2/include/uapi/linux/fs.h
+--- linux-3.9.4/include/uapi/linux/fs.h 2013-05-31 13:45:29.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/uapi/linux/fs.h 2013-05-31 23:07:43.000000000 +0000
+@@ -86,6 +86,9 @@ struct inodes_stat_t {
+ #define MS_KERNMOUNT (1<<22) /* this is a kern_mount call */
+ #define MS_I_VERSION (1<<23) /* Update inode I_version field */
+ #define MS_STRICTATIME (1<<24) /* Always perform atime updates */
++#define MS_TAGGED (1<<8) /* use generic inode tagging */
++#define MS_NOTAGCHECK (1<<9) /* don't check tags */
++#define MS_TAGID (1<<25) /* use specific tag for this mount */
+
+ /* These sb flags are internal to the kernel */
+ #define MS_SNAP_STABLE (1<<27) /* Snapshot pages during writeback, if needed */
+@@ -192,11 +195,14 @@ struct inodes_stat_t {
+ #define FS_EXTENT_FL 0x00080000 /* Extents */
+ #define FS_DIRECTIO_FL 0x00100000 /* Use direct i/o */
+ #define FS_NOCOW_FL 0x00800000 /* Do not cow file */
++#define FS_IXUNLINK_FL 0x08000000 /* Immutable invert on unlink */
+ #define FS_RESERVED_FL 0x80000000 /* reserved for ext2 lib */
+
+-#define FS_FL_USER_VISIBLE 0x0003DFFF /* User visible flags */
+-#define FS_FL_USER_MODIFIABLE 0x000380FF /* User modifiable flags */
++#define FS_BARRIER_FL 0x04000000 /* Barrier for chroot() */
++#define FS_COW_FL 0x20000000 /* Copy on Write marker */
+
++#define FS_FL_USER_VISIBLE 0x0103DFFF /* User visible flags */
++#define FS_FL_USER_MODIFIABLE 0x010380FF /* User modifiable flags */
+
+ #define SYNC_FILE_RANGE_WAIT_BEFORE 1
+ #define SYNC_FILE_RANGE_WRITE 2
+diff -NurpP --minimal linux-3.9.4/include/uapi/linux/gfs2_ondisk.h linux-3.9.4-vs2.3.6.2/include/uapi/linux/gfs2_ondisk.h
+--- linux-3.9.4/include/uapi/linux/gfs2_ondisk.h 2012-12-11 03:30:57.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/uapi/linux/gfs2_ondisk.h 2013-05-31 14:47:11.000000000 +0000
+@@ -225,6 +225,9 @@ enum {
+ gfs2fl_Sync = 8,
+ gfs2fl_System = 9,
+ gfs2fl_TopLevel = 10,
++ gfs2fl_IXUnlink = 16,
++ gfs2fl_Barrier = 17,
++ gfs2fl_Cow = 18,
+ gfs2fl_TruncInProg = 29,
+ gfs2fl_InheritDirectio = 30,
+ gfs2fl_InheritJdata = 31,
+@@ -242,6 +245,9 @@ enum {
+ #define GFS2_DIF_SYNC 0x00000100
+ #define GFS2_DIF_SYSTEM 0x00000200 /* New in gfs2 */
+ #define GFS2_DIF_TOPDIR 0x00000400 /* New in gfs2 */
++#define GFS2_DIF_IXUNLINK 0x00010000
++#define GFS2_DIF_BARRIER 0x00020000
++#define GFS2_DIF_COW 0x00040000
+ #define GFS2_DIF_TRUNC_IN_PROG 0x20000000 /* New in gfs2 */
+ #define GFS2_DIF_INHERIT_DIRECTIO 0x40000000 /* only in gfs1 */
+ #define GFS2_DIF_INHERIT_JDATA 0x80000000
+diff -NurpP --minimal linux-3.9.4/include/uapi/linux/if_tun.h linux-3.9.4-vs2.3.6.2/include/uapi/linux/if_tun.h
+--- linux-3.9.4/include/uapi/linux/if_tun.h 2013-02-19 13:58:55.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/uapi/linux/if_tun.h 2013-05-31 15:00:16.000000000 +0000
+@@ -56,6 +56,7 @@
+ #define TUNGETVNETHDRSZ _IOR('T', 215, int)
+ #define TUNSETVNETHDRSZ _IOW('T', 216, int)
+ #define TUNSETQUEUE _IOW('T', 217, int)
++#define TUNSETNID _IOW('T', 218, int)
+
+ /* TUNSETIFF ifr flags */
+ #define IFF_TUN 0x0001
+diff -NurpP --minimal linux-3.9.4/include/uapi/linux/major.h linux-3.9.4-vs2.3.6.2/include/uapi/linux/major.h
+--- linux-3.9.4/include/uapi/linux/major.h 2012-12-11 03:30:57.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/uapi/linux/major.h 2013-05-31 14:47:11.000000000 +0000
+@@ -15,6 +15,7 @@
+ #define HD_MAJOR IDE0_MAJOR
+ #define PTY_SLAVE_MAJOR 3
+ #define TTY_MAJOR 4
++#define VROOT_MAJOR 4
+ #define TTYAUX_MAJOR 5
+ #define LP_MAJOR 6
+ #define VCS_MAJOR 7
+diff -NurpP --minimal linux-3.9.4/include/uapi/linux/nfs_mount.h linux-3.9.4-vs2.3.6.2/include/uapi/linux/nfs_mount.h
+--- linux-3.9.4/include/uapi/linux/nfs_mount.h 2012-12-11 03:30:57.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/uapi/linux/nfs_mount.h 2013-05-31 14:47:11.000000000 +0000
+@@ -63,7 +63,8 @@ struct nfs_mount_data {
+ #define NFS_MOUNT_SECFLAVOUR 0x2000 /* 5 */
+ #define NFS_MOUNT_NORDIRPLUS 0x4000 /* 5 */
+ #define NFS_MOUNT_UNSHARED 0x8000 /* 5 */
+-#define NFS_MOUNT_FLAGMASK 0xFFFF
++#define NFS_MOUNT_TAGGED 0x10000 /* context tagging */
++#define NFS_MOUNT_FLAGMASK 0x1FFFF
+
+ /* The following are for internal use only */
+ #define NFS_MOUNT_LOOKUP_CACHE_NONEG 0x10000
+diff -NurpP --minimal linux-3.9.4/include/uapi/linux/reboot.h linux-3.9.4-vs2.3.6.2/include/uapi/linux/reboot.h
+--- linux-3.9.4/include/uapi/linux/reboot.h 2012-12-11 03:30:57.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/uapi/linux/reboot.h 2013-05-31 14:47:11.000000000 +0000
+@@ -33,7 +33,7 @@
+ #define LINUX_REBOOT_CMD_RESTART2 0xA1B2C3D4
+ #define LINUX_REBOOT_CMD_SW_SUSPEND 0xD000FCE2
+ #define LINUX_REBOOT_CMD_KEXEC 0x45584543
+-
++#define LINUX_REBOOT_CMD_OOM 0xDEADBEEF
+
+
+ #endif /* _UAPI_LINUX_REBOOT_H */
+diff -NurpP --minimal linux-3.9.4/include/uapi/linux/sysctl.h linux-3.9.4-vs2.3.6.2/include/uapi/linux/sysctl.h
+--- linux-3.9.4/include/uapi/linux/sysctl.h 2012-12-11 03:30:57.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/uapi/linux/sysctl.h 2013-05-31 14:47:11.000000000 +0000
+@@ -60,6 +60,7 @@ enum
+ CTL_ABI=9, /* Binary emulation */
+ CTL_CPU=10, /* CPU stuff (speed scaling, etc) */
+ CTL_ARLAN=254, /* arlan wireless driver */
++ CTL_VSERVER=4242, /* Linux-VServer debug */
+ CTL_S390DBF=5677, /* s390 debug */
+ CTL_SUNRPC=7249, /* sunrpc debug */
+ CTL_PM=9899, /* frv power management */
+@@ -94,6 +95,7 @@ enum
+
+ KERN_PANIC=15, /* int: panic timeout */
+ KERN_REALROOTDEV=16, /* real root device to mount after initrd */
++ KERN_VSHELPER=17, /* string: path to vshelper policy agent */
+
+ KERN_SPARC_REBOOT=21, /* reboot command on Sparc */
+ KERN_CTLALTDEL=22, /* int: allow ctl-alt-del to reboot */
+diff -NurpP --minimal linux-3.9.4/include/uapi/vserver/Kbuild linux-3.9.4-vs2.3.6.2/include/uapi/vserver/Kbuild
+--- linux-3.9.4/include/uapi/vserver/Kbuild 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/uapi/vserver/Kbuild 2013-05-31 14:47:11.000000000 +0000
+@@ -0,0 +1,9 @@
+
-+static inline
-+int v6_nx_addr_in_nx_info(struct nx_info *nxi, struct nx_addr_v6 *nxa, uint16_t mask)
-+{
-+ struct nx_addr_v6 *ptr;
++header-y += context_cmd.h network_cmd.h space_cmd.h \
++ cacct_cmd.h cvirt_cmd.h limit_cmd.h dlimit_cmd.h \
++ inode_cmd.h tag_cmd.h sched_cmd.h signal_cmd.h \
++ debug_cmd.h device_cmd.h
+
-+ for (ptr = &nxi->v6; ptr; ptr = ptr->next)
-+ if (v6_nx_addr_match(ptr, nxa, mask))
-+ return 1;
-+ return 0;
-+}
++header-y += switch.h context.h network.h monitor.h \
++ limit.h inode.h device.h
+
+diff -NurpP --minimal linux-3.9.4/include/uapi/vserver/cacct_cmd.h linux-3.9.4-vs2.3.6.2/include/uapi/vserver/cacct_cmd.h
+--- linux-3.9.4/include/uapi/vserver/cacct_cmd.h 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/uapi/vserver/cacct_cmd.h 2013-05-31 14:47:11.000000000 +0000
+@@ -0,0 +1,15 @@
++#ifndef _UAPI_VS_CACCT_CMD_H
++#define _UAPI_VS_CACCT_CMD_H
+
-+/*
-+ * Check if a given address matches for a socket
-+ *
-+ * nxi: the socket's nx_info if any
-+ * addr: to be verified address
-+ */
-+static inline
-+int v6_sock_addr_match (
-+ struct nx_info *nxi,
-+ struct inet_sock *inet,
-+ struct in6_addr *addr)
-+{
-+ struct sock *sk = &inet->sk;
-+ struct in6_addr *saddr = inet6_rcv_saddr(sk);
+
-+ if (!ipv6_addr_any(addr) &&
-+ ipv6_addr_equal(saddr, addr))
-+ return 1;
-+ if (ipv6_addr_any(saddr))
-+ return v6_addr_in_nx_info(nxi, addr, -1);
-+ return 0;
-+}
++/* virtual host info name commands */
+
-+/*
-+ * check if address is covered by socket
-+ *
-+ * sk: the socket to check against
-+ * addr: the address in question (must be != 0)
-+ */
++#define VCMD_sock_stat VC_CMD(VSTAT, 5, 0)
+
-+static inline
-+int __v6_addr_match_socket(const struct sock *sk, struct nx_addr_v6 *nxa)
-+{
-+ struct nx_info *nxi = sk->sk_nx_info;
-+ struct in6_addr *saddr = inet6_rcv_saddr(sk);
++struct vcmd_sock_stat_v0 {
++ uint32_t field;
++ uint32_t count[3];
++ uint64_t total[3];
++};
+
-+ vxdprintk(VXD_CBIT(net, 5),
-+ "__v6_addr_in_socket(%p," NXAV6_FMT ") %p:%pI6 %p;%lx",
-+ sk, NXAV6(nxa), nxi, saddr, sk->sk_socket,
-+ (sk->sk_socket?sk->sk_socket->flags:0));
++#endif /* _UAPI_VS_CACCT_CMD_H */
+diff -NurpP --minimal linux-3.9.4/include/uapi/vserver/context.h linux-3.9.4-vs2.3.6.2/include/uapi/vserver/context.h
+--- linux-3.9.4/include/uapi/vserver/context.h 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/uapi/vserver/context.h 2013-05-31 19:44:13.000000000 +0000
+@@ -0,0 +1,81 @@
++#ifndef _UAPI_VS_CONTEXT_H
++#define _UAPI_VS_CONTEXT_H
+
-+ if (!ipv6_addr_any(saddr)) { /* direct address match */
-+ return v6_addr_match(nxa, saddr, -1);
-+ } else if (nxi) { /* match against nx_info */
-+ return v6_nx_addr_in_nx_info(nxi, nxa, -1);
-+ } else { /* unrestricted any socket */
-+ return 1;
-+ }
-+}
++#include <linux/types.h>
++#include <linux/capability.h>
+
+
-+/* inet related checks and helpers */
++/* context flags */
+
++#define VXF_INFO_SCHED 0x00000002
++#define VXF_INFO_NPROC 0x00000004
++#define VXF_INFO_PRIVATE 0x00000008
+
-+struct in_ifaddr;
-+struct net_device;
-+struct sock;
++#define VXF_INFO_INIT 0x00000010
++#define VXF_INFO_HIDE 0x00000020
++#define VXF_INFO_ULIMIT 0x00000040
++#define VXF_INFO_NSPACE 0x00000080
+
++#define VXF_SCHED_HARD 0x00000100
++#define VXF_SCHED_PRIO 0x00000200
++#define VXF_SCHED_PAUSE 0x00000400
+
-+#include <linux/netdevice.h>
-+#include <linux/inetdevice.h>
-+#include <net/inet_timewait_sock.h>
++#define VXF_VIRT_MEM 0x00010000
++#define VXF_VIRT_UPTIME 0x00020000
++#define VXF_VIRT_CPU 0x00040000
++#define VXF_VIRT_LOAD 0x00080000
++#define VXF_VIRT_TIME 0x00100000
+
++#define VXF_HIDE_MOUNT 0x01000000
++/* was VXF_HIDE_NETIF 0x02000000 */
++#define VXF_HIDE_VINFO 0x04000000
+
-+int dev_in_nx_info(struct net_device *, struct nx_info *);
-+int v6_dev_in_nx_info(struct net_device *, struct nx_info *);
-+int nx_v6_addr_conflict(struct nx_info *, struct nx_info *);
++#define VXF_STATE_SETUP (1ULL << 32)
++#define VXF_STATE_INIT (1ULL << 33)
++#define VXF_STATE_ADMIN (1ULL << 34)
+
++#define VXF_SC_HELPER (1ULL << 36)
++#define VXF_REBOOT_KILL (1ULL << 37)
++#define VXF_PERSISTENT (1ULL << 38)
+
++#define VXF_FORK_RSS (1ULL << 48)
++#define VXF_PROLIFIC (1ULL << 49)
+
-+static inline
-+int v6_ifa_in_nx_info(struct inet6_ifaddr *ifa, struct nx_info *nxi)
-+{
-+ if (!nxi)
-+ return 1;
-+ if (!ifa)
-+ return 0;
-+ return v6_addr_in_nx_info(nxi, &ifa->addr, -1);
-+}
++#define VXF_IGNEG_NICE (1ULL << 52)
+
-+static inline
-+int nx_v6_ifa_visible(struct nx_info *nxi, struct inet6_ifaddr *ifa)
-+{
-+ vxdprintk(VXD_CBIT(net, 1), "nx_v6_ifa_visible(%p[#%u],%p) %d",
-+ nxi, nxi ? nxi->nx_id : 0, ifa,
-+ nxi ? v6_ifa_in_nx_info(ifa, nxi) : 0);
++#define VXF_ONE_TIME (0x0007ULL << 32)
+
-+ if (!nx_info_flags(nxi, NXF_HIDE_NETIF, 0))
-+ return 1;
-+ if (v6_ifa_in_nx_info(ifa, nxi))
-+ return 1;
-+ return 0;
-+}
++#define VXF_INIT_SET (VXF_STATE_SETUP | VXF_STATE_INIT | VXF_STATE_ADMIN)
+
+
-+struct nx_v6_sock_addr {
-+ struct in6_addr saddr; /* Address used for validation */
-+ struct in6_addr baddr; /* Address used for socket bind */
-+};
++/* context migration */
+
-+static inline
-+int v6_map_sock_addr(struct inet_sock *inet, struct sockaddr_in6 *addr,
-+ struct nx_v6_sock_addr *nsa)
-+{
-+ // struct sock *sk = &inet->sk;
-+ // struct nx_info *nxi = sk->sk_nx_info;
-+ struct in6_addr saddr = addr->sin6_addr;
-+ struct in6_addr baddr = saddr;
++#define VXM_SET_INIT 0x00000001
++#define VXM_SET_REAPER 0x00000002
+
-+ nsa->saddr = saddr;
-+ nsa->baddr = baddr;
-+ return 0;
-+}
++/* context caps */
+
-+static inline
-+void v6_set_sock_addr(struct inet_sock *inet, struct nx_v6_sock_addr *nsa)
-+{
-+ // struct sock *sk = &inet->sk;
-+ // struct in6_addr *saddr = inet6_rcv_saddr(sk);
++#define VXC_SET_UTSNAME 0x00000001
++#define VXC_SET_RLIMIT 0x00000002
++#define VXC_FS_SECURITY 0x00000004
++#define VXC_FS_TRUSTED 0x00000008
++#define VXC_TIOCSTI 0x00000010
+
-+ // *saddr = nsa->baddr;
-+ // inet->inet_saddr = nsa->baddr;
-+}
++/* was VXC_RAW_ICMP 0x00000100 */
++#define VXC_SYSLOG 0x00001000
++#define VXC_OOM_ADJUST 0x00002000
++#define VXC_AUDIT_CONTROL 0x00004000
+
-+static inline
-+int nx_info_has_v6(struct nx_info *nxi)
-+{
-+ if (!nxi)
-+ return 1;
-+ if (NX_IPV6(nxi))
-+ return 1;
-+ return 0;
-+}
++/* #define VXC_SECURE_MOUNT 0x00010000
++#define VXC_SECURE_REMOUNT 0x00020000 */
++#define VXC_BINARY_MOUNT 0x00040000
++#define VXC_DEV_MOUNT 0x00080000
+
-+#else /* CONFIG_IPV6 */
++#define VXC_QUOTA_CTL 0x00100000
++#define VXC_ADMIN_MAPPER 0x00200000
++#define VXC_ADMIN_CLOOP 0x00400000
+
-+static inline
-+int nx_v6_dev_visible(struct nx_info *n, struct net_device *d)
-+{
-+ return 1;
-+}
++#define VXC_KTHREAD 0x01000000
++#define VXC_NAMESPACE 0x02000000
+
++#endif /* _UAPI_VS_CONTEXT_H */
+diff -NurpP --minimal linux-3.9.4/include/uapi/vserver/context_cmd.h linux-3.9.4-vs2.3.6.2/include/uapi/vserver/context_cmd.h
+--- linux-3.9.4/include/uapi/vserver/context_cmd.h 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/uapi/vserver/context_cmd.h 2013-05-31 14:47:11.000000000 +0000
+@@ -0,0 +1,115 @@
++#ifndef _UAPI_VS_CONTEXT_CMD_H
++#define _UAPI_VS_CONTEXT_CMD_H
+
-+static inline
-+int nx_v6_addr_conflict(struct nx_info *n, uint32_t a, const struct sock *s)
-+{
-+ return 1;
-+}
+
-+static inline
-+int v6_ifa_in_nx_info(struct in_ifaddr *a, struct nx_info *n)
-+{
-+ return 1;
-+}
++/* vinfo commands */
+
-+static inline
-+int nx_info_has_v6(struct nx_info *nxi)
-+{
-+ return 0;
-+}
++#define VCMD_task_xid VC_CMD(VINFO, 1, 0)
+
-+#endif /* CONFIG_IPV6 */
+
-+#define current_nx_info_has_v6() \
-+ nx_info_has_v6(current_nx_info())
++#define VCMD_vx_info VC_CMD(VINFO, 5, 0)
+
-+#else
-+#warning duplicate inclusion
-+#endif
-diff -NurpP --minimal linux-2.6.35.4/include/linux/vs_inet.h linux-2.6.35.4-vs2.3.0.36.32/include/linux/vs_inet.h
---- linux-2.6.35.4/include/linux/vs_inet.h 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/include/linux/vs_inet.h 2010-08-02 17:05:06.000000000 +0200
-@@ -0,0 +1,342 @@
-+#ifndef _VS_INET_H
-+#define _VS_INET_H
++struct vcmd_vx_info_v0 {
++ uint32_t xid;
++ uint32_t initpid;
++ /* more to come */
++};
+
-+#include "vserver/base.h"
-+#include "vserver/network.h"
-+#include "vserver/debug.h"
+
-+#define IPI_LOOPBACK htonl(INADDR_LOOPBACK)
++#define VCMD_ctx_stat VC_CMD(VSTAT, 0, 0)
+
-+#define NXAV4(a) NIPQUAD((a)->ip[0]), NIPQUAD((a)->ip[1]), \
-+ NIPQUAD((a)->mask), (a)->type
-+#define NXAV4_FMT "[" NIPQUAD_FMT "-" NIPQUAD_FMT "/" NIPQUAD_FMT ":%04x]"
++struct vcmd_ctx_stat_v0 {
++ uint32_t usecnt;
++ uint32_t tasks;
++ /* more to come */
++};
+
+
-+static inline
-+int v4_addr_match(struct nx_addr_v4 *nxa, __be32 addr, uint16_t tmask)
-+{
-+ __be32 ip = nxa->ip[0].s_addr;
-+ __be32 mask = nxa->mask.s_addr;
-+ __be32 bcast = ip | ~mask;
-+ int ret = 0;
++/* context commands */
+
-+ switch (nxa->type & tmask) {
-+ case NXA_TYPE_MASK:
-+ ret = (ip == (addr & mask));
-+ break;
-+ case NXA_TYPE_ADDR:
-+ ret = 3;
-+ if (addr == ip)
-+ break;
-+ /* fall through to broadcast */
-+ case NXA_MOD_BCAST:
-+ ret = ((tmask & NXA_MOD_BCAST) && (addr == bcast));
-+ break;
-+ case NXA_TYPE_RANGE:
-+ ret = ((nxa->ip[0].s_addr <= addr) &&
-+ (nxa->ip[1].s_addr > addr));
-+ break;
-+ case NXA_TYPE_ANY:
-+ ret = 2;
-+ break;
-+ }
++#define VCMD_ctx_create_v0 VC_CMD(VPROC, 1, 0)
++#define VCMD_ctx_create VC_CMD(VPROC, 1, 1)
+
-+ vxdprintk(VXD_CBIT(net, 0),
-+ "v4_addr_match(%p" NXAV4_FMT "," NIPQUAD_FMT ",%04x) = %d",
-+ nxa, NXAV4(nxa), NIPQUAD(addr), tmask, ret);
-+ return ret;
-+}
++struct vcmd_ctx_create {
++ uint64_t flagword;
++};
+
-+static inline
-+int v4_addr_in_nx_info(struct nx_info *nxi, __be32 addr, uint16_t tmask)
-+{
-+ struct nx_addr_v4 *nxa;
-+ int ret = 1;
++#define VCMD_ctx_migrate_v0 VC_CMD(PROCMIG, 1, 0)
++#define VCMD_ctx_migrate VC_CMD(PROCMIG, 1, 1)
+
-+ if (!nxi)
-+ goto out;
++struct vcmd_ctx_migrate {
++ uint64_t flagword;
++};
+
-+ ret = 2;
-+ /* allow 127.0.0.1 when remapping lback */
-+ if ((tmask & NXA_LOOPBACK) &&
-+ (addr == IPI_LOOPBACK) &&
-+ nx_info_flags(nxi, NXF_LBACK_REMAP, 0))
-+ goto out;
-+ ret = 3;
-+ /* check for lback address */
-+ if ((tmask & NXA_MOD_LBACK) &&
-+ (nxi->v4_lback.s_addr == addr))
-+ goto out;
-+ ret = 4;
-+ /* check for broadcast address */
-+ if ((tmask & NXA_MOD_BCAST) &&
-+ (nxi->v4_bcast.s_addr == addr))
-+ goto out;
-+ ret = 5;
-+ /* check for v4 addresses */
-+ for (nxa = &nxi->v4; nxa; nxa = nxa->next)
-+ if (v4_addr_match(nxa, addr, tmask))
-+ goto out;
-+ ret = 0;
-+out:
-+ vxdprintk(VXD_CBIT(net, 0),
-+ "v4_addr_in_nx_info(%p[#%u]," NIPQUAD_FMT ",%04x) = %d",
-+ nxi, nxi ? nxi->nx_id : 0, NIPQUAD(addr), tmask, ret);
-+ return ret;
-+}
+
-+static inline
-+int v4_nx_addr_match(struct nx_addr_v4 *nxa, struct nx_addr_v4 *addr, uint16_t mask)
-+{
-+ /* FIXME: needs full range checks */
-+ return v4_addr_match(nxa, addr->ip[0].s_addr, mask);
-+}
+
-+static inline
-+int v4_nx_addr_in_nx_info(struct nx_info *nxi, struct nx_addr_v4 *nxa, uint16_t mask)
-+{
-+ struct nx_addr_v4 *ptr;
++/* flag commands */
+
-+ for (ptr = &nxi->v4; ptr; ptr = ptr->next)
-+ if (v4_nx_addr_match(ptr, nxa, mask))
-+ return 1;
-+ return 0;
-+}
++#define VCMD_get_cflags VC_CMD(FLAGS, 1, 0)
++#define VCMD_set_cflags VC_CMD(FLAGS, 2, 0)
+
-+#include <net/inet_sock.h>
++struct vcmd_ctx_flags_v0 {
++ uint64_t flagword;
++ uint64_t mask;
++};
+
-+/*
-+ * Check if a given address matches for a socket
-+ *
-+ * nxi: the socket's nx_info if any
-+ * addr: to be verified address
-+ */
-+static inline
-+int v4_sock_addr_match (
-+ struct nx_info *nxi,
-+ struct inet_sock *inet,
-+ __be32 addr)
-+{
-+ __be32 saddr = inet->inet_rcv_saddr;
-+ __be32 bcast = nxi ? nxi->v4_bcast.s_addr : INADDR_BROADCAST;
+
-+ if (addr && (saddr == addr || bcast == addr))
-+ return 1;
-+ if (!saddr)
-+ return v4_addr_in_nx_info(nxi, addr, NXA_MASK_BIND);
-+ return 0;
-+}
+
++/* context caps commands */
+
-+/* inet related checks and helpers */
++#define VCMD_get_ccaps VC_CMD(FLAGS, 3, 1)
++#define VCMD_set_ccaps VC_CMD(FLAGS, 4, 1)
+
++struct vcmd_ctx_caps_v1 {
++ uint64_t ccaps;
++ uint64_t cmask;
++};
+
-+struct in_ifaddr;
-+struct net_device;
-+struct sock;
+
-+#ifdef CONFIG_INET
+
-+#include <linux/netdevice.h>
-+#include <linux/inetdevice.h>
-+#include <net/inet_sock.h>
-+#include <net/inet_timewait_sock.h>
++/* bcaps commands */
+
++#define VCMD_get_bcaps VC_CMD(FLAGS, 9, 0)
++#define VCMD_set_bcaps VC_CMD(FLAGS, 10, 0)
+
-+int dev_in_nx_info(struct net_device *, struct nx_info *);
-+int v4_dev_in_nx_info(struct net_device *, struct nx_info *);
-+int nx_v4_addr_conflict(struct nx_info *, struct nx_info *);
++struct vcmd_bcaps {
++ uint64_t bcaps;
++ uint64_t bmask;
++};
+
+
-+/*
-+ * check if address is covered by socket
-+ *
-+ * sk: the socket to check against
-+ * addr: the address in question (must be != 0)
-+ */
+
-+static inline
-+int __v4_addr_match_socket(const struct sock *sk, struct nx_addr_v4 *nxa)
-+{
-+ struct nx_info *nxi = sk->sk_nx_info;
-+ __be32 saddr = inet_rcv_saddr(sk);
++/* umask commands */
+
-+ vxdprintk(VXD_CBIT(net, 5),
-+ "__v4_addr_in_socket(%p," NXAV4_FMT ") %p:" NIPQUAD_FMT " %p;%lx",
-+ sk, NXAV4(nxa), nxi, NIPQUAD(saddr), sk->sk_socket,
-+ (sk->sk_socket?sk->sk_socket->flags:0));
++#define VCMD_get_umask VC_CMD(FLAGS, 13, 0)
++#define VCMD_set_umask VC_CMD(FLAGS, 14, 0)
+
-+ if (saddr) { /* direct address match */
-+ return v4_addr_match(nxa, saddr, -1);
-+ } else if (nxi) { /* match against nx_info */
-+ return v4_nx_addr_in_nx_info(nxi, nxa, -1);
-+ } else { /* unrestricted any socket */
-+ return 1;
-+ }
-+}
++struct vcmd_umask {
++ uint64_t umask;
++ uint64_t mask;
++};
+
+
+
-+static inline
-+int nx_dev_visible(struct nx_info *nxi, struct net_device *dev)
-+{
-+ vxdprintk(VXD_CBIT(net, 1), "nx_dev_visible(%p[#%u],%p »%s«) %d",
-+ nxi, nxi ? nxi->nx_id : 0, dev, dev->name,
-+ nxi ? dev_in_nx_info(dev, nxi) : 0);
++/* wmask commands */
+
-+ if (!nx_info_flags(nxi, NXF_HIDE_NETIF, 0))
-+ return 1;
-+ if (dev_in_nx_info(dev, nxi))
-+ return 1;
-+ return 0;
-+}
++#define VCMD_get_wmask VC_CMD(FLAGS, 15, 0)
++#define VCMD_set_wmask VC_CMD(FLAGS, 16, 0)
+
++struct vcmd_wmask {
++ uint64_t wmask;
++ uint64_t mask;
++};
+
-+static inline
-+int v4_ifa_in_nx_info(struct in_ifaddr *ifa, struct nx_info *nxi)
-+{
-+ if (!nxi)
-+ return 1;
-+ if (!ifa)
-+ return 0;
-+ return v4_addr_in_nx_info(nxi, ifa->ifa_local, NXA_MASK_SHOW);
-+}
+
-+static inline
-+int nx_v4_ifa_visible(struct nx_info *nxi, struct in_ifaddr *ifa)
-+{
-+ vxdprintk(VXD_CBIT(net, 1), "nx_v4_ifa_visible(%p[#%u],%p) %d",
-+ nxi, nxi ? nxi->nx_id : 0, ifa,
-+ nxi ? v4_ifa_in_nx_info(ifa, nxi) : 0);
+
-+ if (!nx_info_flags(nxi, NXF_HIDE_NETIF, 0))
-+ return 1;
-+ if (v4_ifa_in_nx_info(ifa, nxi))
-+ return 1;
-+ return 0;
-+}
++/* OOM badness */
+
++#define VCMD_get_badness VC_CMD(MEMCTRL, 5, 0)
++#define VCMD_set_badness VC_CMD(MEMCTRL, 6, 0)
+
-+struct nx_v4_sock_addr {
-+ __be32 saddr; /* Address used for validation */
-+ __be32 baddr; /* Address used for socket bind */
++struct vcmd_badness_v0 {
++ int64_t bias;
+};
+
-+static inline
-+int v4_map_sock_addr(struct inet_sock *inet, struct sockaddr_in *addr,
-+ struct nx_v4_sock_addr *nsa)
-+{
-+ struct sock *sk = &inet->sk;
-+ struct nx_info *nxi = sk->sk_nx_info;
-+ __be32 saddr = addr->sin_addr.s_addr;
-+ __be32 baddr = saddr;
++#endif /* _UAPI_VS_CONTEXT_CMD_H */
+diff -NurpP --minimal linux-3.9.4/include/uapi/vserver/cvirt_cmd.h linux-3.9.4-vs2.3.6.2/include/uapi/vserver/cvirt_cmd.h
+--- linux-3.9.4/include/uapi/vserver/cvirt_cmd.h 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/uapi/vserver/cvirt_cmd.h 2013-05-31 14:47:11.000000000 +0000
+@@ -0,0 +1,41 @@
++#ifndef _UAPI_VS_CVIRT_CMD_H
++#define _UAPI_VS_CVIRT_CMD_H
+
-+ vxdprintk(VXD_CBIT(net, 3),
-+ "inet_bind(%p)* %p,%p;%lx " NIPQUAD_FMT,
-+ sk, sk->sk_nx_info, sk->sk_socket,
-+ (sk->sk_socket ? sk->sk_socket->flags : 0),
-+ NIPQUAD(saddr));
-+
-+ if (nxi) {
-+ if (saddr == INADDR_ANY) {
-+ if (nx_info_flags(nxi, NXF_SINGLE_IP, 0))
-+ baddr = nxi->v4.ip[0].s_addr;
-+ } else if (saddr == IPI_LOOPBACK) {
-+ if (nx_info_flags(nxi, NXF_LBACK_REMAP, 0))
-+ baddr = nxi->v4_lback.s_addr;
-+ } else { /* normal address bind */
-+ if (!v4_addr_in_nx_info(nxi, saddr, NXA_MASK_BIND))
-+ return -EADDRNOTAVAIL;
-+ }
-+ }
+
-+ vxdprintk(VXD_CBIT(net, 3),
-+ "inet_bind(%p) " NIPQUAD_FMT ", " NIPQUAD_FMT,
-+ sk, NIPQUAD(saddr), NIPQUAD(baddr));
++/* virtual host info name commands */
+
-+ nsa->saddr = saddr;
-+ nsa->baddr = baddr;
-+ return 0;
-+}
++#define VCMD_set_vhi_name VC_CMD(VHOST, 1, 0)
++#define VCMD_get_vhi_name VC_CMD(VHOST, 2, 0)
+
-+static inline
-+void v4_set_sock_addr(struct inet_sock *inet, struct nx_v4_sock_addr *nsa)
-+{
-+ inet->inet_saddr = nsa->baddr;
-+ inet->inet_rcv_saddr = nsa->baddr;
-+}
++struct vcmd_vhi_name_v0 {
++ uint32_t field;
++ char name[65];
++};
+
+
-+/*
-+ * helper to simplify inet_lookup_listener
-+ *
-+ * nxi: the socket's nx_info if any
-+ * addr: to be verified address
-+ * saddr: socket address
-+ */
-+static inline int v4_inet_addr_match (
-+ struct nx_info *nxi,
-+ __be32 addr,
-+ __be32 saddr)
-+{
-+ if (addr && (saddr == addr))
-+ return 1;
-+ if (!saddr)
-+ return nxi ? v4_addr_in_nx_info(nxi, addr, NXA_MASK_BIND) : 1;
-+ return 0;
-+}
++enum vhi_name_field {
++ VHIN_CONTEXT = 0,
++ VHIN_SYSNAME,
++ VHIN_NODENAME,
++ VHIN_RELEASE,
++ VHIN_VERSION,
++ VHIN_MACHINE,
++ VHIN_DOMAINNAME,
++};
+
-+static inline __be32 nx_map_sock_lback(struct nx_info *nxi, __be32 addr)
-+{
-+ if (nx_info_flags(nxi, NXF_HIDE_LBACK, 0) &&
-+ (addr == nxi->v4_lback.s_addr))
-+ return IPI_LOOPBACK;
-+ return addr;
-+}
+
-+static inline
-+int nx_info_has_v4(struct nx_info *nxi)
-+{
-+ if (!nxi)
-+ return 1;
-+ if (NX_IPV4(nxi))
-+ return 1;
-+ if (nx_info_flags(nxi, NXF_LBACK_REMAP, 0))
-+ return 1;
-+ return 0;
-+}
+
-+#else /* CONFIG_INET */
++#define VCMD_virt_stat VC_CMD(VSTAT, 3, 0)
+
-+static inline
-+int nx_dev_visible(struct nx_info *n, struct net_device *d)
-+{
-+ return 1;
-+}
++struct vcmd_virt_stat_v0 {
++ uint64_t offset;
++ uint64_t uptime;
++ uint32_t nr_threads;
++ uint32_t nr_running;
++ uint32_t nr_uninterruptible;
++ uint32_t nr_onhold;
++ uint32_t nr_forks;
++ uint32_t load[3];
++};
+
-+static inline
-+int nx_v4_addr_conflict(struct nx_info *n, uint32_t a, const struct sock *s)
-+{
-+ return 1;
-+}
++#endif /* _UAPI_VS_CVIRT_CMD_H */
+diff -NurpP --minimal linux-3.9.4/include/uapi/vserver/debug_cmd.h linux-3.9.4-vs2.3.6.2/include/uapi/vserver/debug_cmd.h
+--- linux-3.9.4/include/uapi/vserver/debug_cmd.h 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/uapi/vserver/debug_cmd.h 2013-05-31 14:47:11.000000000 +0000
+@@ -0,0 +1,24 @@
++#ifndef _UAPI_VS_DEBUG_CMD_H
++#define _UAPI_VS_DEBUG_CMD_H
+
-+static inline
-+int v4_ifa_in_nx_info(struct in_ifaddr *a, struct nx_info *n)
-+{
-+ return 1;
-+}
+
-+static inline
-+int nx_info_has_v4(struct nx_info *nxi)
-+{
-+ return 0;
-+}
++/* debug commands */
+
-+#endif /* CONFIG_INET */
++#define VCMD_dump_history VC_CMD(DEBUG, 1, 0)
+
-+#define current_nx_info_has_v4() \
-+ nx_info_has_v4(current_nx_info())
++#define VCMD_read_history VC_CMD(DEBUG, 5, 0)
++#define VCMD_read_monitor VC_CMD(DEBUG, 6, 0)
+
-+#else
-+// #warning duplicate inclusion
-+#endif
-diff -NurpP --minimal linux-2.6.35.4/include/linux/vs_limit.h linux-2.6.35.4-vs2.3.0.36.32/include/linux/vs_limit.h
---- linux-2.6.35.4/include/linux/vs_limit.h 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/include/linux/vs_limit.h 2010-08-02 17:05:06.000000000 +0200
-@@ -0,0 +1,140 @@
-+#ifndef _VS_LIMIT_H
-+#define _VS_LIMIT_H
++struct vcmd_read_history_v0 {
++ uint32_t index;
++ uint32_t count;
++ char __user *data;
++};
+
-+#include "vserver/limit.h"
-+#include "vserver/base.h"
-+#include "vserver/context.h"
-+#include "vserver/debug.h"
-+#include "vserver/context.h"
-+#include "vserver/limit_int.h"
++struct vcmd_read_monitor_v0 {
++ uint32_t index;
++ uint32_t count;
++ char __user *data;
++};
+
++#endif /* _UAPI_VS_DEBUG_CMD_H */
+diff -NurpP --minimal linux-3.9.4/include/uapi/vserver/device.h linux-3.9.4-vs2.3.6.2/include/uapi/vserver/device.h
+--- linux-3.9.4/include/uapi/vserver/device.h 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/uapi/vserver/device.h 2013-05-31 14:47:11.000000000 +0000
+@@ -0,0 +1,12 @@
++#ifndef _UAPI_VS_DEVICE_H
++#define _UAPI_VS_DEVICE_H
+
-+#define vx_acc_cres(v, d, p, r) \
-+ __vx_acc_cres(v, r, d, p, __FILE__, __LINE__)
+
-+#define vx_acc_cres_cond(x, d, p, r) \
-+ __vx_acc_cres(((x) == vx_current_xid()) ? current_vx_info() : 0, \
-+ r, d, p, __FILE__, __LINE__)
++#define DATTR_CREATE 0x00000001
++#define DATTR_OPEN 0x00000002
+
++#define DATTR_REMAP 0x00000010
+
-+#define vx_add_cres(v, a, p, r) \
-+ __vx_add_cres(v, r, a, p, __FILE__, __LINE__)
-+#define vx_sub_cres(v, a, p, r) vx_add_cres(v, -(a), p, r)
++#define DATTR_MASK 0x00000013
+
-+#define vx_add_cres_cond(x, a, p, r) \
-+ __vx_add_cres(((x) == vx_current_xid()) ? current_vx_info() : 0, \
-+ r, a, p, __FILE__, __LINE__)
-+#define vx_sub_cres_cond(x, a, p, r) vx_add_cres_cond(x, -(a), p, r)
++#endif /* _UAPI_VS_DEVICE_H */
+diff -NurpP --minimal linux-3.9.4/include/uapi/vserver/device_cmd.h linux-3.9.4-vs2.3.6.2/include/uapi/vserver/device_cmd.h
+--- linux-3.9.4/include/uapi/vserver/device_cmd.h 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/uapi/vserver/device_cmd.h 2013-05-31 14:47:11.000000000 +0000
+@@ -0,0 +1,16 @@
++#ifndef _UAPI_VS_DEVICE_CMD_H
++#define _UAPI_VS_DEVICE_CMD_H
+
+
-+/* process and file limits */
++/* device vserver commands */
+
-+#define vx_nproc_inc(p) \
-+ vx_acc_cres((p)->vx_info, 1, p, RLIMIT_NPROC)
++#define VCMD_set_mapping VC_CMD(DEVICE, 1, 0)
++#define VCMD_unset_mapping VC_CMD(DEVICE, 2, 0)
+
-+#define vx_nproc_dec(p) \
-+ vx_acc_cres((p)->vx_info,-1, p, RLIMIT_NPROC)
-+
-+#define vx_files_inc(f) \
-+ vx_acc_cres_cond((f)->f_xid, 1, f, RLIMIT_NOFILE)
-+
-+#define vx_files_dec(f) \
-+ vx_acc_cres_cond((f)->f_xid,-1, f, RLIMIT_NOFILE)
++struct vcmd_set_mapping_v0 {
++ const char __user *device;
++ const char __user *target;
++ uint32_t flags;
++};
+
-+#define vx_locks_inc(l) \
-+ vx_acc_cres_cond((l)->fl_xid, 1, l, RLIMIT_LOCKS)
++#endif /* _UAPI_VS_DEVICE_CMD_H */
+diff -NurpP --minimal linux-3.9.4/include/uapi/vserver/dlimit_cmd.h linux-3.9.4-vs2.3.6.2/include/uapi/vserver/dlimit_cmd.h
+--- linux-3.9.4/include/uapi/vserver/dlimit_cmd.h 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/uapi/vserver/dlimit_cmd.h 2013-05-31 14:47:11.000000000 +0000
+@@ -0,0 +1,67 @@
++#ifndef _UAPI_VS_DLIMIT_CMD_H
++#define _UAPI_VS_DLIMIT_CMD_H
+
-+#define vx_locks_dec(l) \
-+ vx_acc_cres_cond((l)->fl_xid,-1, l, RLIMIT_LOCKS)
+
-+#define vx_openfd_inc(f) \
-+ vx_acc_cres(current_vx_info(), 1, (void *)(long)(f), VLIMIT_OPENFD)
++/* dlimit vserver commands */
+
-+#define vx_openfd_dec(f) \
-+ vx_acc_cres(current_vx_info(),-1, (void *)(long)(f), VLIMIT_OPENFD)
++#define VCMD_add_dlimit VC_CMD(DLIMIT, 1, 0)
++#define VCMD_rem_dlimit VC_CMD(DLIMIT, 2, 0)
+
++#define VCMD_set_dlimit VC_CMD(DLIMIT, 5, 0)
++#define VCMD_get_dlimit VC_CMD(DLIMIT, 6, 0)
+
-+#define vx_cres_avail(v, n, r) \
-+ __vx_cres_avail(v, r, n, __FILE__, __LINE__)
++struct vcmd_ctx_dlimit_base_v0 {
++ const char __user *name;
++ uint32_t flags;
++};
+
++struct vcmd_ctx_dlimit_v0 {
++ const char __user *name;
++ uint32_t space_used; /* used space in kbytes */
++ uint32_t space_total; /* maximum space in kbytes */
++ uint32_t inodes_used; /* used inodes */
++ uint32_t inodes_total; /* maximum inodes */
++ uint32_t reserved; /* reserved for root in % */
++ uint32_t flags;
++};
+
-+#define vx_nproc_avail(n) \
-+ vx_cres_avail(current_vx_info(), n, RLIMIT_NPROC)
++#define CDLIM_UNSET ((uint32_t)0UL)
++#define CDLIM_INFINITY ((uint32_t)~0UL)
++#define CDLIM_KEEP ((uint32_t)~1UL)
+
-+#define vx_files_avail(n) \
-+ vx_cres_avail(current_vx_info(), n, RLIMIT_NOFILE)
++#define DLIME_UNIT 0
++#define DLIME_KILO 1
++#define DLIME_MEGA 2
++#define DLIME_GIGA 3
+
-+#define vx_locks_avail(n) \
-+ vx_cres_avail(current_vx_info(), n, RLIMIT_LOCKS)
++#define DLIMF_SHIFT 0x10
+
-+#define vx_openfd_avail(n) \
-+ vx_cres_avail(current_vx_info(), n, VLIMIT_OPENFD)
++#define DLIMS_USED 0
++#define DLIMS_TOTAL 2
+
++static inline
++uint64_t dlimit_space_32to64(uint32_t val, uint32_t flags, int shift)
++{
++ int exp = (flags & DLIMF_SHIFT) ?
++ (flags >> shift) & DLIME_GIGA : DLIME_KILO;
++ return ((uint64_t)val) << (10 * exp);
++}
+
-+/* dentry limits */
++static inline
++uint32_t dlimit_space_64to32(uint64_t val, uint32_t *flags, int shift)
++{
++ int exp = 0;
+
-+#define vx_dentry_inc(d) do { \
-+ if (atomic_read(&d->d_count) == 1) \
-+ vx_acc_cres(current_vx_info(), 1, d, VLIMIT_DENTRY); \
-+ } while (0)
++ if (*flags & DLIMF_SHIFT) {
++ while (val > (1LL << 32) && (exp < 3)) {
++ val >>= 10;
++ exp++;
++ }
++ *flags &= ~(DLIME_GIGA << shift);
++ *flags |= exp << shift;
++ } else
++ val >>= 10;
++ return val;
++}
+
-+#define vx_dentry_dec(d) do { \
-+ if (atomic_read(&d->d_count) == 0) \
-+ vx_acc_cres(current_vx_info(),-1, d, VLIMIT_DENTRY); \
-+ } while (0)
++#endif /* _UAPI_VS_DLIMIT_CMD_H */
+diff -NurpP --minimal linux-3.9.4/include/uapi/vserver/inode.h linux-3.9.4-vs2.3.6.2/include/uapi/vserver/inode.h
+--- linux-3.9.4/include/uapi/vserver/inode.h 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/uapi/vserver/inode.h 2013-05-31 14:47:11.000000000 +0000
+@@ -0,0 +1,23 @@
++#ifndef _UAPI_VS_INODE_H
++#define _UAPI_VS_INODE_H
+
-+#define vx_dentry_avail(n) \
-+ vx_cres_avail(current_vx_info(), n, VLIMIT_DENTRY)
+
++#define IATTR_TAG 0x01000000
+
-+/* socket limits */
++#define IATTR_ADMIN 0x00000001
++#define IATTR_WATCH 0x00000002
++#define IATTR_HIDE 0x00000004
++#define IATTR_FLAGS 0x00000007
+
-+#define vx_sock_inc(s) \
-+ vx_acc_cres((s)->sk_vx_info, 1, s, VLIMIT_NSOCK)
++#define IATTR_BARRIER 0x00010000
++#define IATTR_IXUNLINK 0x00020000
++#define IATTR_IMMUTABLE 0x00040000
++#define IATTR_COW 0x00080000
+
-+#define vx_sock_dec(s) \
-+ vx_acc_cres((s)->sk_vx_info,-1, s, VLIMIT_NSOCK)
+
-+#define vx_sock_avail(n) \
-+ vx_cres_avail(current_vx_info(), n, VLIMIT_NSOCK)
++/* inode ioctls */
+
++#define FIOC_GETXFLG _IOR('x', 5, long)
++#define FIOC_SETXFLG _IOW('x', 6, long)
+
-+/* ipc resource limits */
++#endif /* _UAPI_VS_INODE_H */
+diff -NurpP --minimal linux-3.9.4/include/uapi/vserver/inode_cmd.h linux-3.9.4-vs2.3.6.2/include/uapi/vserver/inode_cmd.h
+--- linux-3.9.4/include/uapi/vserver/inode_cmd.h 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/uapi/vserver/inode_cmd.h 2013-05-31 14:47:11.000000000 +0000
+@@ -0,0 +1,26 @@
++#ifndef _UAPI_VS_INODE_CMD_H
++#define _UAPI_VS_INODE_CMD_H
+
-+#define vx_ipcmsg_add(v, u, a) \
-+ vx_add_cres(v, a, u, RLIMIT_MSGQUEUE)
+
-+#define vx_ipcmsg_sub(v, u, a) \
-+ vx_sub_cres(v, a, u, RLIMIT_MSGQUEUE)
++/* inode vserver commands */
+
-+#define vx_ipcmsg_avail(v, a) \
-+ vx_cres_avail(v, a, RLIMIT_MSGQUEUE)
++#define VCMD_get_iattr VC_CMD(INODE, 1, 1)
++#define VCMD_set_iattr VC_CMD(INODE, 2, 1)
+
++#define VCMD_fget_iattr VC_CMD(INODE, 3, 0)
++#define VCMD_fset_iattr VC_CMD(INODE, 4, 0)
+
-+#define vx_ipcshm_add(v, k, a) \
-+ vx_add_cres(v, a, (void *)(long)(k), VLIMIT_SHMEM)
++struct vcmd_ctx_iattr_v1 {
++ const char __user *name;
++ uint32_t tag;
++ uint32_t flags;
++ uint32_t mask;
++};
+
-+#define vx_ipcshm_sub(v, k, a) \
-+ vx_sub_cres(v, a, (void *)(long)(k), VLIMIT_SHMEM)
++struct vcmd_ctx_fiattr_v0 {
++ uint32_t tag;
++ uint32_t flags;
++ uint32_t mask;
++};
+
-+#define vx_ipcshm_avail(v, a) \
-+ vx_cres_avail(v, a, VLIMIT_SHMEM)
++#endif /* _UAPI_VS_INODE_CMD_H */
+diff -NurpP --minimal linux-3.9.4/include/uapi/vserver/limit.h linux-3.9.4-vs2.3.6.2/include/uapi/vserver/limit.h
+--- linux-3.9.4/include/uapi/vserver/limit.h 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/uapi/vserver/limit.h 2013-05-31 14:47:11.000000000 +0000
+@@ -0,0 +1,14 @@
++#ifndef _UAPI_VS_LIMIT_H
++#define _UAPI_VS_LIMIT_H
+
+
-+#define vx_semary_inc(a) \
-+ vx_acc_cres(current_vx_info(), 1, a, VLIMIT_SEMARY)
++#define VLIMIT_NSOCK 16
++#define VLIMIT_OPENFD 17
++#define VLIMIT_ANON 18
++#define VLIMIT_SHMEM 19
++#define VLIMIT_SEMARY 20
++#define VLIMIT_NSEMS 21
++#define VLIMIT_DENTRY 22
++#define VLIMIT_MAPPED 23
+
-+#define vx_semary_dec(a) \
-+ vx_acc_cres(current_vx_info(), -1, a, VLIMIT_SEMARY)
++#endif /* _UAPI_VS_LIMIT_H */
+diff -NurpP --minimal linux-3.9.4/include/uapi/vserver/limit_cmd.h linux-3.9.4-vs2.3.6.2/include/uapi/vserver/limit_cmd.h
+--- linux-3.9.4/include/uapi/vserver/limit_cmd.h 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/uapi/vserver/limit_cmd.h 2013-05-31 14:47:11.000000000 +0000
+@@ -0,0 +1,40 @@
++#ifndef _UAPI_VS_LIMIT_CMD_H
++#define _UAPI_VS_LIMIT_CMD_H
+
+
-+#define vx_nsems_add(a,n) \
-+ vx_add_cres(current_vx_info(), n, a, VLIMIT_NSEMS)
++/* rlimit vserver commands */
+
-+#define vx_nsems_sub(a,n) \
-+ vx_sub_cres(current_vx_info(), n, a, VLIMIT_NSEMS)
++#define VCMD_get_rlimit VC_CMD(RLIMIT, 1, 0)
++#define VCMD_set_rlimit VC_CMD(RLIMIT, 2, 0)
++#define VCMD_get_rlimit_mask VC_CMD(RLIMIT, 3, 0)
++#define VCMD_reset_hits VC_CMD(RLIMIT, 7, 0)
++#define VCMD_reset_minmax VC_CMD(RLIMIT, 9, 0)
+
++struct vcmd_ctx_rlimit_v0 {
++ uint32_t id;
++ uint64_t minimum;
++ uint64_t softlimit;
++ uint64_t maximum;
++};
+
-+#else
-+#warning duplicate inclusion
-+#endif
-diff -NurpP --minimal linux-2.6.35.4/include/linux/vs_memory.h linux-2.6.35.4-vs2.3.0.36.32/include/linux/vs_memory.h
---- linux-2.6.35.4/include/linux/vs_memory.h 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/include/linux/vs_memory.h 2010-08-02 17:05:06.000000000 +0200
-@@ -0,0 +1,58 @@
-+#ifndef _VS_MEMORY_H
-+#define _VS_MEMORY_H
++struct vcmd_ctx_rlimit_mask_v0 {
++ uint32_t minimum;
++ uint32_t softlimit;
++ uint32_t maximum;
++};
+
-+#include "vserver/limit.h"
-+#include "vserver/base.h"
-+#include "vserver/context.h"
-+#include "vserver/debug.h"
-+#include "vserver/context.h"
-+#include "vserver/limit_int.h"
++#define VCMD_rlimit_stat VC_CMD(VSTAT, 1, 0)
+
-+enum {
-+ VXPT_UNKNOWN = 0,
-+ VXPT_ANON,
-+ VXPT_NONE,
-+ VXPT_FILE,
-+ VXPT_SWAP,
-+ VXPT_WRITE
++struct vcmd_rlimit_stat_v0 {
++ uint32_t id;
++ uint32_t hits;
++ uint64_t value;
++ uint64_t minimum;
++ uint64_t maximum;
+};
+
-+#if 0
-+#define vx_page_fault(mm, vma, type, ret)
-+#else
++#define CRLIM_UNSET (0ULL)
++#define CRLIM_INFINITY (~0ULL)
++#define CRLIM_KEEP (~1ULL)
+
-+static inline
-+void __vx_page_fault(struct mm_struct *mm,
-+ struct vm_area_struct *vma, int type, int ret)
-+{
-+ struct vx_info *vxi = mm->mm_vx_info;
-+ int what;
-+/*
-+ static char *page_type[6] =
-+ { "UNKNOWN", "ANON", "NONE", "FILE", "SWAP", "WRITE" };
-+ static char *page_what[4] =
-+ { "FAULT_OOM", "FAULT_SIGBUS", "FAULT_MINOR", "FAULT_MAJOR" };
-+*/
++#endif /* _UAPI_VS_LIMIT_CMD_H */
+diff -NurpP --minimal linux-3.9.4/include/uapi/vserver/monitor.h linux-3.9.4-vs2.3.6.2/include/uapi/vserver/monitor.h
+--- linux-3.9.4/include/uapi/vserver/monitor.h 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/uapi/vserver/monitor.h 2013-05-31 14:47:11.000000000 +0000
+@@ -0,0 +1,96 @@
++#ifndef _UAPI_VS_MONITOR_H
++#define _UAPI_VS_MONITOR_H
+
-+ if (!vxi)
-+ return;
++#include <linux/types.h>
+
-+ what = (ret & 0x3);
+
-+/* printk("[%d] page[%d][%d] %2x %s %s\n", vxi->vx_id,
-+ type, what, ret, page_type[type], page_what[what]);
-+*/
-+ if (ret & VM_FAULT_WRITE)
-+ what |= 0x4;
-+ atomic_inc(&vxi->cacct.page[type][what]);
-+}
++enum {
++ VXM_UNUSED = 0,
+
-+#define vx_page_fault(mm, vma, type, ret) __vx_page_fault(mm, vma, type, ret)
-+#endif
++ VXM_SYNC = 0x10,
+
++ VXM_UPDATE = 0x20,
++ VXM_UPDATE_1,
++ VXM_UPDATE_2,
+
-+extern unsigned long vx_badness(struct task_struct *task, struct mm_struct *mm);
++ VXM_RQINFO_1 = 0x24,
++ VXM_RQINFO_2,
+
-+#else
-+#warning duplicate inclusion
-+#endif
-diff -NurpP --minimal linux-2.6.35.4/include/linux/vs_network.h linux-2.6.35.4-vs2.3.0.36.32/include/linux/vs_network.h
---- linux-2.6.35.4/include/linux/vs_network.h 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/include/linux/vs_network.h 2010-08-02 17:05:06.000000000 +0200
-@@ -0,0 +1,169 @@
-+#ifndef _NX_VS_NETWORK_H
-+#define _NX_VS_NETWORK_H
++ VXM_ACTIVATE = 0x40,
++ VXM_DEACTIVATE,
++ VXM_IDLE,
+
-+#include "vserver/context.h"
-+#include "vserver/network.h"
-+#include "vserver/base.h"
-+#include "vserver/check.h"
-+#include "vserver/debug.h"
++ VXM_HOLD = 0x44,
++ VXM_UNHOLD,
+
-+#include <linux/sched.h>
++ VXM_MIGRATE = 0x48,
++ VXM_RESCHED,
+
++ /* all other bits are flags */
++ VXM_SCHED = 0x80,
++};
+
-+#define get_nx_info(i) __get_nx_info(i, __FILE__, __LINE__)
++struct _vxm_update_1 {
++ uint32_t tokens_max;
++ uint32_t fill_rate;
++ uint32_t interval;
++};
+
-+static inline struct nx_info *__get_nx_info(struct nx_info *nxi,
-+ const char *_file, int _line)
-+{
-+ if (!nxi)
-+ return NULL;
-+
-+ vxlprintk(VXD_CBIT(nid, 2), "get_nx_info(%p[#%d.%d])",
-+ nxi, nxi ? nxi->nx_id : 0,
-+ nxi ? atomic_read(&nxi->nx_usecnt) : 0,
-+ _file, _line);
-+
-+ atomic_inc(&nxi->nx_usecnt);
-+ return nxi;
-+}
++struct _vxm_update_2 {
++ uint32_t tokens_min;
++ uint32_t fill_rate;
++ uint32_t interval;
++};
+
++struct _vxm_rqinfo_1 {
++ uint16_t running;
++ uint16_t onhold;
++ uint16_t iowait;
++ uint16_t uintr;
++ uint32_t idle_tokens;
++};
+
-+extern void free_nx_info(struct nx_info *);
++struct _vxm_rqinfo_2 {
++ uint32_t norm_time;
++ uint32_t idle_time;
++ uint32_t idle_skip;
++};
+
-+#define put_nx_info(i) __put_nx_info(i, __FILE__, __LINE__)
++struct _vxm_sched {
++ uint32_t tokens;
++ uint32_t norm_time;
++ uint32_t idle_time;
++};
+
-+static inline void __put_nx_info(struct nx_info *nxi, const char *_file, int _line)
-+{
-+ if (!nxi)
-+ return;
++struct _vxm_task {
++ uint16_t pid;
++ uint16_t state;
++};
+
-+ vxlprintk(VXD_CBIT(nid, 2), "put_nx_info(%p[#%d.%d])",
-+ nxi, nxi ? nxi->nx_id : 0,
-+ nxi ? atomic_read(&nxi->nx_usecnt) : 0,
-+ _file, _line);
++struct _vxm_event {
++ uint32_t jif;
++ union {
++ uint32_t seq;
++ uint32_t sec;
++ };
++ union {
++ uint32_t tokens;
++ uint32_t nsec;
++ struct _vxm_task tsk;
++ };
++};
+
-+ if (atomic_dec_and_test(&nxi->nx_usecnt))
-+ free_nx_info(nxi);
-+}
++struct _vx_mon_entry {
++ uint16_t type;
++ uint16_t xid;
++ union {
++ struct _vxm_event ev;
++ struct _vxm_sched sd;
++ struct _vxm_update_1 u1;
++ struct _vxm_update_2 u2;
++ struct _vxm_rqinfo_1 q1;
++ struct _vxm_rqinfo_2 q2;
++ };
++};
+
++#endif /* _UAPI_VS_MONITOR_H */
+diff -NurpP --minimal linux-3.9.4/include/uapi/vserver/network.h linux-3.9.4-vs2.3.6.2/include/uapi/vserver/network.h
+--- linux-3.9.4/include/uapi/vserver/network.h 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/uapi/vserver/network.h 2013-05-31 14:47:11.000000000 +0000
+@@ -0,0 +1,76 @@
++#ifndef _UAPI_VS_NETWORK_H
++#define _UAPI_VS_NETWORK_H
+
-+#define init_nx_info(p, i) __init_nx_info(p, i, __FILE__, __LINE__)
++#include <linux/types.h>
+
-+static inline void __init_nx_info(struct nx_info **nxp, struct nx_info *nxi,
-+ const char *_file, int _line)
-+{
-+ if (nxi) {
-+ vxlprintk(VXD_CBIT(nid, 3),
-+ "init_nx_info(%p[#%d.%d])",
-+ nxi, nxi ? nxi->nx_id : 0,
-+ nxi ? atomic_read(&nxi->nx_usecnt) : 0,
-+ _file, _line);
+
-+ atomic_inc(&nxi->nx_usecnt);
-+ }
-+ *nxp = nxi;
-+}
++#define MAX_N_CONTEXT 65535 /* Arbitrary limit */
+
+
-+#define set_nx_info(p, i) __set_nx_info(p, i, __FILE__, __LINE__)
++/* network flags */
+
-+static inline void __set_nx_info(struct nx_info **nxp, struct nx_info *nxi,
-+ const char *_file, int _line)
-+{
-+ struct nx_info *nxo;
++#define NXF_INFO_PRIVATE 0x00000008
+
-+ if (!nxi)
-+ return;
++#define NXF_SINGLE_IP 0x00000100
++#define NXF_LBACK_REMAP 0x00000200
++#define NXF_LBACK_ALLOW 0x00000400
+
-+ vxlprintk(VXD_CBIT(nid, 3), "set_nx_info(%p[#%d.%d])",
-+ nxi, nxi ? nxi->nx_id : 0,
-+ nxi ? atomic_read(&nxi->nx_usecnt) : 0,
-+ _file, _line);
++#define NXF_HIDE_NETIF 0x02000000
++#define NXF_HIDE_LBACK 0x04000000
+
-+ atomic_inc(&nxi->nx_usecnt);
-+ nxo = xchg(nxp, nxi);
-+ BUG_ON(nxo);
-+}
++#define NXF_STATE_SETUP (1ULL << 32)
++#define NXF_STATE_ADMIN (1ULL << 34)
+
-+#define clr_nx_info(p) __clr_nx_info(p, __FILE__, __LINE__)
++#define NXF_SC_HELPER (1ULL << 36)
++#define NXF_PERSISTENT (1ULL << 38)
+
-+static inline void __clr_nx_info(struct nx_info **nxp,
-+ const char *_file, int _line)
-+{
-+ struct nx_info *nxo;
++#define NXF_ONE_TIME (0x0005ULL << 32)
+
-+ nxo = xchg(nxp, NULL);
-+ if (!nxo)
-+ return;
+
-+ vxlprintk(VXD_CBIT(nid, 3), "clr_nx_info(%p[#%d.%d])",
-+ nxo, nxo ? nxo->nx_id : 0,
-+ nxo ? atomic_read(&nxo->nx_usecnt) : 0,
-+ _file, _line);
++#define NXF_INIT_SET (__nxf_init_set())
+
-+ if (atomic_dec_and_test(&nxo->nx_usecnt))
-+ free_nx_info(nxo);
++static inline uint64_t __nxf_init_set(void) {
++ return NXF_STATE_ADMIN
++#ifdef CONFIG_VSERVER_AUTO_LBACK
++ | NXF_LBACK_REMAP
++ | NXF_HIDE_LBACK
++#endif
++#ifdef CONFIG_VSERVER_AUTO_SINGLE
++ | NXF_SINGLE_IP
++#endif
++ | NXF_HIDE_NETIF;
+}
+
+
-+#define claim_nx_info(v, p) __claim_nx_info(v, p, __FILE__, __LINE__)
++/* network caps */
+
-+static inline void __claim_nx_info(struct nx_info *nxi,
-+ struct task_struct *task, const char *_file, int _line)
-+{
-+ vxlprintk(VXD_CBIT(nid, 3), "claim_nx_info(%p[#%d.%d.%d]) %p",
-+ nxi, nxi ? nxi->nx_id : 0,
-+ nxi?atomic_read(&nxi->nx_usecnt):0,
-+ nxi?atomic_read(&nxi->nx_tasks):0,
-+ task, _file, _line);
++#define NXC_TUN_CREATE 0x00000001
+
-+ atomic_inc(&nxi->nx_tasks);
-+}
++#define NXC_RAW_ICMP 0x00000100
+
++#define NXC_MULTICAST 0x00001000
+
-+extern void unhash_nx_info(struct nx_info *);
+
-+#define release_nx_info(v, p) __release_nx_info(v, p, __FILE__, __LINE__)
++/* address types */
+
-+static inline void __release_nx_info(struct nx_info *nxi,
-+ struct task_struct *task, const char *_file, int _line)
-+{
-+ vxlprintk(VXD_CBIT(nid, 3), "release_nx_info(%p[#%d.%d.%d]) %p",
-+ nxi, nxi ? nxi->nx_id : 0,
-+ nxi ? atomic_read(&nxi->nx_usecnt) : 0,
-+ nxi ? atomic_read(&nxi->nx_tasks) : 0,
-+ task, _file, _line);
++#define NXA_TYPE_IPV4 0x0001
++#define NXA_TYPE_IPV6 0x0002
+
-+ might_sleep();
++#define NXA_TYPE_NONE 0x0000
++#define NXA_TYPE_ANY 0x00FF
+
-+ if (atomic_dec_and_test(&nxi->nx_tasks))
-+ unhash_nx_info(nxi);
-+}
++#define NXA_TYPE_ADDR 0x0010
++#define NXA_TYPE_MASK 0x0020
++#define NXA_TYPE_RANGE 0x0040
+
++#define NXA_MASK_ALL (NXA_TYPE_ADDR | NXA_TYPE_MASK | NXA_TYPE_RANGE)
+
-+#define task_get_nx_info(i) __task_get_nx_info(i, __FILE__, __LINE__)
++#define NXA_MOD_BCAST 0x0100
++#define NXA_MOD_LBACK 0x0200
+
-+static __inline__ struct nx_info *__task_get_nx_info(struct task_struct *p,
-+ const char *_file, int _line)
-+{
-+ struct nx_info *nxi;
++#define NXA_LOOPBACK 0x1000
+
-+ task_lock(p);
-+ vxlprintk(VXD_CBIT(nid, 5), "task_get_nx_info(%p)",
-+ p, _file, _line);
-+ nxi = __get_nx_info(p->nx_info, _file, _line);
-+ task_unlock(p);
-+ return nxi;
-+}
++#define NXA_MASK_BIND (NXA_MASK_ALL | NXA_MOD_BCAST | NXA_MOD_LBACK)
++#define NXA_MASK_SHOW (NXA_MASK_ALL | NXA_LOOPBACK)
+
++#endif /* _UAPI_VS_NETWORK_H */
+diff -NurpP --minimal linux-3.9.4/include/uapi/vserver/network_cmd.h linux-3.9.4-vs2.3.6.2/include/uapi/vserver/network_cmd.h
+--- linux-3.9.4/include/uapi/vserver/network_cmd.h 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/uapi/vserver/network_cmd.h 2013-05-31 14:47:11.000000000 +0000
+@@ -0,0 +1,123 @@
++#ifndef _UAPI_VS_NETWORK_CMD_H
++#define _UAPI_VS_NETWORK_CMD_H
+
-+static inline void exit_nx_info(struct task_struct *p)
-+{
-+ if (p->nx_info)
-+ release_nx_info(p->nx_info, p);
-+}
+
++/* vinfo commands */
+
-+#else
-+#warning duplicate inclusion
-+#endif
-diff -NurpP --minimal linux-2.6.35.4/include/linux/vs_pid.h linux-2.6.35.4-vs2.3.0.36.32/include/linux/vs_pid.h
---- linux-2.6.35.4/include/linux/vs_pid.h 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/include/linux/vs_pid.h 2010-08-02 17:05:06.000000000 +0200
-@@ -0,0 +1,95 @@
-+#ifndef _VS_PID_H
-+#define _VS_PID_H
++#define VCMD_task_nid VC_CMD(VINFO, 2, 0)
+
-+#include "vserver/base.h"
-+#include "vserver/check.h"
-+#include "vserver/context.h"
-+#include "vserver/debug.h"
-+#include "vserver/pid.h"
-+#include <linux/pid_namespace.h>
+
++#define VCMD_nx_info VC_CMD(VINFO, 6, 0)
+
-+#define VXF_FAKE_INIT (VXF_INFO_INIT | VXF_STATE_INIT)
++struct vcmd_nx_info_v0 {
++ uint32_t nid;
++ /* more to come */
++};
+
-+static inline
-+int vx_proc_task_visible(struct task_struct *task)
-+{
-+ if ((task->pid == 1) &&
-+ !vx_flags(VXF_FAKE_INIT, VXF_FAKE_INIT))
-+ /* show a blend through init */
-+ goto visible;
-+ if (vx_check(vx_task_xid(task), VS_WATCH | VS_IDENT))
-+ goto visible;
-+ return 0;
-+visible:
-+ return 1;
-+}
+
-+#define find_task_by_real_pid(pid) find_task_by_pid_ns(pid, &init_pid_ns)
++#include <linux/in.h>
++#include <linux/in6.h>
+
-+#if 0
++#define VCMD_net_create_v0 VC_CMD(VNET, 1, 0)
++#define VCMD_net_create VC_CMD(VNET, 1, 1)
+
-+static inline
-+struct task_struct *vx_find_proc_task_by_pid(int pid)
-+{
-+ struct task_struct *task = find_task_by_real_pid(pid);
++struct vcmd_net_create {
++ uint64_t flagword;
++};
+
-+ if (task && !vx_proc_task_visible(task)) {
-+ vxdprintk(VXD_CBIT(misc, 6),
-+ "dropping task (find) %p[#%u,%u] for %p[#%u,%u]",
-+ task, task->xid, task->pid,
-+ current, current->xid, current->pid);
-+ task = NULL;
-+ }
-+ return task;
-+}
++#define VCMD_net_migrate VC_CMD(NETMIG, 1, 0)
+
-+#endif
++#define VCMD_net_add VC_CMD(NETALT, 1, 0)
++#define VCMD_net_remove VC_CMD(NETALT, 2, 0)
+
-+static inline
-+struct task_struct *vx_get_proc_task(struct inode *inode, struct pid *pid)
-+{
-+ struct task_struct *task = get_pid_task(pid, PIDTYPE_PID);
++struct vcmd_net_addr_v0 {
++ uint16_t type;
++ uint16_t count;
++ struct in_addr ip[4];
++ struct in_addr mask[4];
++};
+
-+ if (task && !vx_proc_task_visible(task)) {
-+ vxdprintk(VXD_CBIT(misc, 6),
-+ "dropping task (get) %p[#%u,%u] for %p[#%u,%u]",
-+ task, task->xid, task->pid,
-+ current, current->xid, current->pid);
-+ put_task_struct(task);
-+ task = NULL;
-+ }
-+ return task;
-+}
-+
-+#if 0
-+
-+static inline
-+struct task_struct *vx_child_reaper(struct task_struct *p)
-+{
-+ struct vx_info *vxi = p->vx_info;
-+ struct task_struct *reaper = child_reaper(p);
++#define VCMD_net_add_ipv4_v1 VC_CMD(NETALT, 1, 1)
++#define VCMD_net_rem_ipv4_v1 VC_CMD(NETALT, 2, 1)
+
-+ if (!vxi)
-+ goto out;
-+
-+ BUG_ON(!p->vx_info->vx_reaper);
++struct vcmd_net_addr_ipv4_v1 {
++ uint16_t type;
++ uint16_t flags;
++ struct in_addr ip;
++ struct in_addr mask;
++};
+
-+ /* child reaper for the guest reaper */
-+ if (vxi->vx_reaper == p)
-+ goto out;
++#define VCMD_net_add_ipv4 VC_CMD(NETALT, 1, 2)
++#define VCMD_net_rem_ipv4 VC_CMD(NETALT, 2, 2)
+
-+ reaper = vxi->vx_reaper;
-+out:
-+ vxdprintk(VXD_CBIT(xid, 7),
-+ "vx_child_reaper(%p[#%u,%u]) = %p[#%u,%u]",
-+ p, p->xid, p->pid, reaper, reaper->xid, reaper->pid);
-+ return reaper;
-+}
++struct vcmd_net_addr_ipv4_v2 {
++ uint16_t type;
++ uint16_t flags;
++ struct in_addr ip;
++ struct in_addr ip2;
++ struct in_addr mask;
++};
+
-+#endif
++#define VCMD_net_add_ipv6 VC_CMD(NETALT, 3, 1)
++#define VCMD_net_remove_ipv6 VC_CMD(NETALT, 4, 1)
+
++struct vcmd_net_addr_ipv6_v1 {
++ uint16_t type;
++ uint16_t flags;
++ uint32_t prefix;
++ struct in6_addr ip;
++ struct in6_addr mask;
++};
+
-+#else
-+#warning duplicate inclusion
-+#endif
-diff -NurpP --minimal linux-2.6.35.4/include/linux/vs_sched.h linux-2.6.35.4-vs2.3.0.36.32/include/linux/vs_sched.h
---- linux-2.6.35.4/include/linux/vs_sched.h 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/include/linux/vs_sched.h 2010-08-02 17:05:06.000000000 +0200
-@@ -0,0 +1,110 @@
-+#ifndef _VS_SCHED_H
-+#define _VS_SCHED_H
++#define VCMD_add_match_ipv4 VC_CMD(NETALT, 5, 0)
++#define VCMD_get_match_ipv4 VC_CMD(NETALT, 6, 0)
+
-+#include "vserver/base.h"
-+#include "vserver/context.h"
-+#include "vserver/sched.h"
++struct vcmd_match_ipv4_v0 {
++ uint16_t type;
++ uint16_t flags;
++ uint16_t parent;
++ uint16_t prefix;
++ struct in_addr ip;
++ struct in_addr ip2;
++ struct in_addr mask;
++};
+
++#define VCMD_add_match_ipv6 VC_CMD(NETALT, 7, 0)
++#define VCMD_get_match_ipv6 VC_CMD(NETALT, 8, 0)
+
-+#define VAVAVOOM_RATIO 50
++struct vcmd_match_ipv6_v0 {
++ uint16_t type;
++ uint16_t flags;
++ uint16_t parent;
++ uint16_t prefix;
++ struct in6_addr ip;
++ struct in6_addr ip2;
++ struct in6_addr mask;
++};
+
-+#define MAX_PRIO_BIAS 20
-+#define MIN_PRIO_BIAS -20
+
+
-+#ifdef CONFIG_VSERVER_HARDCPU
+
-+/*
-+ * effective_prio - return the priority that is based on the static
-+ * priority but is modified by bonuses/penalties.
-+ *
-+ * We scale the actual sleep average [0 .... MAX_SLEEP_AVG]
-+ * into a -4 ... 0 ... +4 bonus/penalty range.
-+ *
-+ * Additionally, we scale another amount based on the number of
-+ * CPU tokens currently held by the context, if the process is
-+ * part of a context (and the appropriate SCHED flag is set).
-+ * This ranges from -5 ... 0 ... +15, quadratically.
-+ *
-+ * So, the total bonus is -9 .. 0 .. +19
-+ * We use ~50% of the full 0...39 priority range so that:
-+ *
-+ * 1) nice +19 interactive tasks do not preempt nice 0 CPU hogs.
-+ * 2) nice -20 CPU hogs do not get preempted by nice 0 tasks.
-+ * unless that context is far exceeding its CPU allocation.
-+ *
-+ * Both properties are important to certain workloads.
-+ */
-+static inline
-+int vx_effective_vavavoom(struct _vx_sched_pc *sched_pc, int max_prio)
-+{
-+ int vavavoom, max;
-+
-+ /* lots of tokens = lots of vavavoom
-+ * no tokens = no vavavoom */
-+ if ((vavavoom = sched_pc->tokens) >= 0) {
-+ max = sched_pc->tokens_max;
-+ vavavoom = max - vavavoom;
-+ max = max * max;
-+ vavavoom = max_prio * VAVAVOOM_RATIO / 100
-+ * (vavavoom*vavavoom - (max >> 2)) / max;
-+ return vavavoom;
-+ }
-+ return 0;
-+}
++/* flag commands */
+
++#define VCMD_get_nflags VC_CMD(FLAGS, 5, 0)
++#define VCMD_set_nflags VC_CMD(FLAGS, 6, 0)
+
-+static inline
-+int vx_adjust_prio(struct task_struct *p, int prio, int max_user)
-+{
-+ struct vx_info *vxi = p->vx_info;
-+ struct _vx_sched_pc *sched_pc;
++struct vcmd_net_flags_v0 {
++ uint64_t flagword;
++ uint64_t mask;
++};
+
-+ if (!vxi)
-+ return prio;
+
-+ sched_pc = &vx_cpu(vxi, sched_pc);
-+ if (vx_info_flags(vxi, VXF_SCHED_PRIO, 0)) {
-+ int vavavoom = vx_effective_vavavoom(sched_pc, max_user);
+
-+ sched_pc->vavavoom = vavavoom;
-+ prio += vavavoom;
-+ }
-+ prio += sched_pc->prio_bias;
-+ return prio;
-+}
++/* network caps commands */
+
-+#else /* !CONFIG_VSERVER_HARDCPU */
++#define VCMD_get_ncaps VC_CMD(FLAGS, 7, 0)
++#define VCMD_set_ncaps VC_CMD(FLAGS, 8, 0)
+
-+static inline
-+int vx_adjust_prio(struct task_struct *p, int prio, int max_user)
-+{
-+ struct vx_info *vxi = p->vx_info;
++struct vcmd_net_caps_v0 {
++ uint64_t ncaps;
++ uint64_t cmask;
++};
+
-+ if (vxi)
-+ prio += vx_cpu(vxi, sched_pc).prio_bias;
-+ return prio;
-+}
++#endif /* _UAPI_VS_NETWORK_CMD_H */
+diff -NurpP --minimal linux-3.9.4/include/uapi/vserver/sched_cmd.h linux-3.9.4-vs2.3.6.2/include/uapi/vserver/sched_cmd.h
+--- linux-3.9.4/include/uapi/vserver/sched_cmd.h 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/uapi/vserver/sched_cmd.h 2013-05-31 14:47:11.000000000 +0000
+@@ -0,0 +1,13 @@
++#ifndef _UAPI_VS_SCHED_CMD_H
++#define _UAPI_VS_SCHED_CMD_H
+
-+#endif /* CONFIG_VSERVER_HARDCPU */
+
++struct vcmd_prio_bias {
++ int32_t cpu_id;
++ int32_t prio_bias;
++};
+
-+static inline void vx_account_user(struct vx_info *vxi,
-+ cputime_t cputime, int nice)
-+{
-+ if (!vxi)
-+ return;
-+ vx_cpu(vxi, sched_pc).user_ticks += cputime;
-+}
++#define VCMD_set_prio_bias VC_CMD(SCHED, 4, 0)
++#define VCMD_get_prio_bias VC_CMD(SCHED, 5, 0)
+
-+static inline void vx_account_system(struct vx_info *vxi,
-+ cputime_t cputime, int idle)
-+{
-+ if (!vxi)
-+ return;
-+ vx_cpu(vxi, sched_pc).sys_ticks += cputime;
-+}
++#endif /* _UAPI_VS_SCHED_CMD_H */
+diff -NurpP --minimal linux-3.9.4/include/uapi/vserver/signal_cmd.h linux-3.9.4-vs2.3.6.2/include/uapi/vserver/signal_cmd.h
+--- linux-3.9.4/include/uapi/vserver/signal_cmd.h 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/uapi/vserver/signal_cmd.h 2013-05-31 14:47:11.000000000 +0000
+@@ -0,0 +1,31 @@
++#ifndef _UAPI_VS_SIGNAL_CMD_H
++#define _UAPI_VS_SIGNAL_CMD_H
+
-+#else
-+#warning duplicate inclusion
-+#endif
-diff -NurpP --minimal linux-2.6.35.4/include/linux/vs_socket.h linux-2.6.35.4-vs2.3.0.36.32/include/linux/vs_socket.h
---- linux-2.6.35.4/include/linux/vs_socket.h 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/include/linux/vs_socket.h 2010-08-02 17:05:06.000000000 +0200
-@@ -0,0 +1,67 @@
-+#ifndef _VS_SOCKET_H
-+#define _VS_SOCKET_H
+
-+#include "vserver/debug.h"
-+#include "vserver/base.h"
-+#include "vserver/cacct.h"
-+#include "vserver/context.h"
-+#include "vserver/tag.h"
++/* signalling vserver commands */
+
++#define VCMD_ctx_kill VC_CMD(PROCTRL, 1, 0)
++#define VCMD_wait_exit VC_CMD(EVENT, 99, 0)
+
-+/* socket accounting */
++struct vcmd_ctx_kill_v0 {
++ int32_t pid;
++ int32_t sig;
++};
+
-+#include <linux/socket.h>
++struct vcmd_wait_exit_v0 {
++ int32_t reboot_cmd;
++ int32_t exit_code;
++};
+
-+static inline int vx_sock_type(int family)
-+{
-+ switch (family) {
-+ case PF_UNSPEC:
-+ return VXA_SOCK_UNSPEC;
-+ case PF_UNIX:
-+ return VXA_SOCK_UNIX;
-+ case PF_INET:
-+ return VXA_SOCK_INET;
-+ case PF_INET6:
-+ return VXA_SOCK_INET6;
-+ case PF_PACKET:
-+ return VXA_SOCK_PACKET;
-+ default:
-+ return VXA_SOCK_OTHER;
-+ }
-+}
+
-+#define vx_acc_sock(v, f, p, s) \
-+ __vx_acc_sock(v, f, p, s, __FILE__, __LINE__)
++/* process alteration commands */
+
-+static inline void __vx_acc_sock(struct vx_info *vxi,
-+ int family, int pos, int size, char *file, int line)
-+{
-+ if (vxi) {
-+ int type = vx_sock_type(family);
++#define VCMD_get_pflags VC_CMD(PROCALT, 5, 0)
++#define VCMD_set_pflags VC_CMD(PROCALT, 6, 0)
+
-+ atomic_long_inc(&vxi->cacct.sock[type][pos].count);
-+ atomic_long_add(size, &vxi->cacct.sock[type][pos].total);
-+ }
-+}
++struct vcmd_pflags_v0 {
++ uint32_t flagword;
++ uint32_t mask;
++};
+
-+#define vx_sock_recv(sk, s) \
-+ vx_acc_sock((sk)->sk_vx_info, (sk)->sk_family, 0, s)
-+#define vx_sock_send(sk, s) \
-+ vx_acc_sock((sk)->sk_vx_info, (sk)->sk_family, 1, s)
-+#define vx_sock_fail(sk, s) \
-+ vx_acc_sock((sk)->sk_vx_info, (sk)->sk_family, 2, s)
++#endif /* _UAPI_VS_SIGNAL_CMD_H */
+diff -NurpP --minimal linux-3.9.4/include/uapi/vserver/space_cmd.h linux-3.9.4-vs2.3.6.2/include/uapi/vserver/space_cmd.h
+--- linux-3.9.4/include/uapi/vserver/space_cmd.h 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/uapi/vserver/space_cmd.h 2013-05-31 14:47:11.000000000 +0000
+@@ -0,0 +1,28 @@
++#ifndef _UAPI_VS_SPACE_CMD_H
++#define _UAPI_VS_SPACE_CMD_H
+
+
-+#define sock_vx_init(s) do { \
-+ (s)->sk_xid = 0; \
-+ (s)->sk_vx_info = NULL; \
-+ } while (0)
++#define VCMD_enter_space_v0 VC_CMD(PROCALT, 1, 0)
++#define VCMD_enter_space_v1 VC_CMD(PROCALT, 1, 1)
++#define VCMD_enter_space VC_CMD(PROCALT, 1, 2)
+
-+#define sock_nx_init(s) do { \
-+ (s)->sk_nid = 0; \
-+ (s)->sk_nx_info = NULL; \
-+ } while (0)
++#define VCMD_set_space_v0 VC_CMD(PROCALT, 3, 0)
++#define VCMD_set_space_v1 VC_CMD(PROCALT, 3, 1)
++#define VCMD_set_space VC_CMD(PROCALT, 3, 2)
+
-+#else
-+#warning duplicate inclusion
-+#endif
-diff -NurpP --minimal linux-2.6.35.4/include/linux/vs_tag.h linux-2.6.35.4-vs2.3.0.36.32/include/linux/vs_tag.h
---- linux-2.6.35.4/include/linux/vs_tag.h 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/include/linux/vs_tag.h 2010-08-02 17:05:06.000000000 +0200
-@@ -0,0 +1,47 @@
-+#ifndef _VS_TAG_H
-+#define _VS_TAG_H
++#define VCMD_get_space_mask_v0 VC_CMD(PROCALT, 4, 0)
+
-+#include <linux/vserver/tag.h>
++#define VCMD_get_space_mask VC_CMD(VSPACE, 0, 1)
++#define VCMD_get_space_default VC_CMD(VSPACE, 1, 0)
+
-+/* check conditions */
+
-+#define DX_ADMIN 0x0001
-+#define DX_WATCH 0x0002
-+#define DX_HOSTID 0x0008
++struct vcmd_space_mask_v1 {
++ uint64_t mask;
++};
+
-+#define DX_IDENT 0x0010
++struct vcmd_space_mask_v2 {
++ uint64_t mask;
++ uint32_t index;
++};
+
-+#define DX_ARG_MASK 0x0010
++#endif /* _UAPI_VS_SPACE_CMD_H */
+diff -NurpP --minimal linux-3.9.4/include/uapi/vserver/switch.h linux-3.9.4-vs2.3.6.2/include/uapi/vserver/switch.h
+--- linux-3.9.4/include/uapi/vserver/switch.h 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/uapi/vserver/switch.h 2013-05-31 14:47:11.000000000 +0000
+@@ -0,0 +1,90 @@
++#ifndef _UAPI_VS_SWITCH_H
++#define _UAPI_VS_SWITCH_H
+
++#include <linux/types.h>
+
-+#define dx_task_tag(t) ((t)->tag)
+
-+#define dx_current_tag() dx_task_tag(current)
++#define VC_CATEGORY(c) (((c) >> 24) & 0x3F)
++#define VC_COMMAND(c) (((c) >> 16) & 0xFF)
++#define VC_VERSION(c) ((c) & 0xFFF)
+
-+#define dx_check(c, m) __dx_check(dx_current_tag(), c, m)
++#define VC_CMD(c, i, v) ((((VC_CAT_ ## c) & 0x3F) << 24) \
++ | (((i) & 0xFF) << 16) | ((v) & 0xFFF))
+
-+#define dx_weak_check(c, m) ((m) ? dx_check(c, m) : 1)
++/*
+
++ Syscall Matrix V2.8
+
-+/*
-+ * check current context for ADMIN/WATCH and
-+ * optionally against supplied argument
-+ */
-+static inline int __dx_check(tag_t cid, tag_t id, unsigned int mode)
-+{
-+ if (mode & DX_ARG_MASK) {
-+ if ((mode & DX_IDENT) && (id == cid))
-+ return 1;
-+ }
-+ return (((mode & DX_ADMIN) && (cid == 0)) ||
-+ ((mode & DX_WATCH) && (cid == 1)) ||
-+ ((mode & DX_HOSTID) && (id == 0)));
-+}
++ |VERSION|CREATE |MODIFY |MIGRATE|CONTROL|EXPERIM| |SPECIAL|SPECIAL|
++ |STATS |DESTROY|ALTER |CHANGE |LIMIT |TEST | | | |
++ |INFO |SETUP | |MOVE | | | | | |
++ -------+-------+-------+-------+-------+-------+-------+ +-------+-------+
++ SYSTEM |VERSION|VSETUP |VHOST | | | | |DEVICE | |
++ HOST | 00| 01| 02| 03| 04| 05| | 06| 07|
++ -------+-------+-------+-------+-------+-------+-------+ +-------+-------+
++ CPU | |VPROC |PROCALT|PROCMIG|PROCTRL| | |SCHED. | |
++ PROCESS| 08| 09| 10| 11| 12| 13| | 14| 15|
++ -------+-------+-------+-------+-------+-------+-------+ +-------+-------+
++ MEMORY | | | | |MEMCTRL| | |SWAP | |
++ | 16| 17| 18| 19| 20| 21| | 22| 23|
++ -------+-------+-------+-------+-------+-------+-------+ +-------+-------+
++ NETWORK| |VNET |NETALT |NETMIG |NETCTL | | |SERIAL | |
++ | 24| 25| 26| 27| 28| 29| | 30| 31|
++ -------+-------+-------+-------+-------+-------+-------+ +-------+-------+
++ DISK | | | |TAGMIG |DLIMIT | | |INODE | |
++ VFS | 32| 33| 34| 35| 36| 37| | 38| 39|
++ -------+-------+-------+-------+-------+-------+-------+ +-------+-------+
++ OTHER |VSTAT | | | | | | |VINFO | |
++ | 40| 41| 42| 43| 44| 45| | 46| 47|
++ =======+=======+=======+=======+=======+=======+=======+ +=======+=======+
++ SPECIAL|EVENT | | | |FLAGS | | |VSPACE | |
++ | 48| 49| 50| 51| 52| 53| | 54| 55|
++ -------+-------+-------+-------+-------+-------+-------+ +-------+-------+
++ SPECIAL|DEBUG | | | |RLIMIT |SYSCALL| | |COMPAT |
++ | 56| 57| 58| 59| 60|TEST 61| | 62| 63|
++ -------+-------+-------+-------+-------+-------+-------+ +-------+-------+
+
-+struct inode;
-+int dx_permission(const struct inode *inode, int mask);
++*/
+
++#define VC_CAT_VERSION 0
+
-+#else
-+#warning duplicate inclusion
-+#endif
-diff -NurpP --minimal linux-2.6.35.4/include/linux/vs_time.h linux-2.6.35.4-vs2.3.0.36.32/include/linux/vs_time.h
---- linux-2.6.35.4/include/linux/vs_time.h 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/include/linux/vs_time.h 2010-08-02 17:05:06.000000000 +0200
-@@ -0,0 +1,19 @@
-+#ifndef _VS_TIME_H
-+#define _VS_TIME_H
++#define VC_CAT_VSETUP 1
++#define VC_CAT_VHOST 2
+
++#define VC_CAT_DEVICE 6
+
-+/* time faking stuff */
++#define VC_CAT_VPROC 9
++#define VC_CAT_PROCALT 10
++#define VC_CAT_PROCMIG 11
++#define VC_CAT_PROCTRL 12
+
-+#ifdef CONFIG_VSERVER_VTIME
++#define VC_CAT_SCHED 14
++#define VC_CAT_MEMCTRL 20
+
-+extern void vx_gettimeofday(struct timeval *tv);
-+extern int vx_settimeofday(struct timespec *ts);
++#define VC_CAT_VNET 25
++#define VC_CAT_NETALT 26
++#define VC_CAT_NETMIG 27
++#define VC_CAT_NETCTRL 28
+
-+#else
-+#define vx_gettimeofday(t) do_gettimeofday(t)
-+#define vx_settimeofday(t) do_settimeofday(t)
-+#endif
++#define VC_CAT_TAGMIG 35
++#define VC_CAT_DLIMIT 36
++#define VC_CAT_INODE 38
+
-+#else
-+#warning duplicate inclusion
-+#endif
-diff -NurpP --minimal linux-2.6.35.4/include/net/addrconf.h linux-2.6.35.4-vs2.3.0.36.32/include/net/addrconf.h
---- linux-2.6.35.4/include/net/addrconf.h 2010-07-07 18:31:56.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/include/net/addrconf.h 2010-08-02 17:05:06.000000000 +0200
-@@ -84,7 +84,8 @@ extern int ipv6_dev_get_saddr(struct n
- struct net_device *dev,
- const struct in6_addr *daddr,
- unsigned int srcprefs,
-- struct in6_addr *saddr);
-+ struct in6_addr *saddr,
-+ struct nx_info *nxi);
- extern int ipv6_get_lladdr(struct net_device *dev,
- struct in6_addr *addr,
- unsigned char banned_flags);
-diff -NurpP --minimal linux-2.6.35.4/include/net/af_unix.h linux-2.6.35.4-vs2.3.0.36.32/include/net/af_unix.h
---- linux-2.6.35.4/include/net/af_unix.h 2010-08-02 16:52:56.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/include/net/af_unix.h 2010-08-02 17:05:06.000000000 +0200
-@@ -4,6 +4,7 @@
- #include <linux/socket.h>
- #include <linux/un.h>
- #include <linux/mutex.h>
-+#include <linux/vs_base.h>
- #include <net/sock.h>
-
- extern void unix_inflight(struct file *fp);
-diff -NurpP --minimal linux-2.6.35.4/include/net/inet_timewait_sock.h linux-2.6.35.4-vs2.3.0.36.32/include/net/inet_timewait_sock.h
---- linux-2.6.35.4/include/net/inet_timewait_sock.h 2010-08-02 16:52:56.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/include/net/inet_timewait_sock.h 2010-08-02 17:05:06.000000000 +0200
-@@ -117,6 +117,10 @@ struct inet_timewait_sock {
- #define tw_hash __tw_common.skc_hash
- #define tw_prot __tw_common.skc_prot
- #define tw_net __tw_common.skc_net
-+#define tw_xid __tw_common.skc_xid
-+#define tw_vx_info __tw_common.skc_vx_info
-+#define tw_nid __tw_common.skc_nid
-+#define tw_nx_info __tw_common.skc_nx_info
- int tw_timeout;
- volatile unsigned char tw_substate;
- /* 3 bits hole, try to pack */
-diff -NurpP --minimal linux-2.6.35.4/include/net/route.h linux-2.6.35.4-vs2.3.0.36.32/include/net/route.h
---- linux-2.6.35.4/include/net/route.h 2010-08-02 16:52:57.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/include/net/route.h 2010-08-02 17:05:06.000000000 +0200
-@@ -147,6 +147,9 @@ static inline void ip_rt_put(struct rtab
- dst_release(&rt->u.dst);
- }
-
-+#include <linux/vs_base.h>
-+#include <linux/vs_inet.h>
++#define VC_CAT_VSTAT 40
++#define VC_CAT_VINFO 46
++#define VC_CAT_EVENT 48
+
- #define IPTOS_RT_MASK (IPTOS_TOS_MASK & ~3)
-
- extern const __u8 ip_tos2prio[16];
-@@ -156,6 +159,9 @@ static inline char rt_tos2priority(u8 to
- return ip_tos2prio[IPTOS_TOS(tos)>>1];
- }
-
-+extern int ip_v4_find_src(struct net *net, struct nx_info *,
-+ struct rtable **, struct flowi *);
++#define VC_CAT_FLAGS 52
++#define VC_CAT_VSPACE 54
++#define VC_CAT_DEBUG 56
++#define VC_CAT_RLIMIT 60
+
- static inline int ip_route_connect(struct rtable **rp, __be32 dst,
- __be32 src, u32 tos, int oif, u8 protocol,
- __be16 sport, __be16 dport, struct sock *sk,
-@@ -173,11 +179,24 @@ static inline int ip_route_connect(struc
-
- int err;
- struct net *net = sock_net(sk);
-+ struct nx_info *nx_info = current_nx_info();
-
- if (inet_sk(sk)->transparent)
- fl.flags |= FLOWI_FLAG_ANYSRC;
-
-- if (!dst || !src) {
-+ if (sk)
-+ nx_info = sk->sk_nx_info;
++#define VC_CAT_SYSTEST 61
++#define VC_CAT_COMPAT 63
+
-+ vxdprintk(VXD_CBIT(net, 4),
-+ "ip_route_connect(%p) %p,%p;%lx",
-+ sk, nx_info, sk->sk_socket,
-+ (sk->sk_socket?sk->sk_socket->flags:0));
++/* query version */
+
-+ err = ip_v4_find_src(net, nx_info, rp, &fl);
-+ if (err)
-+ return err;
++#define VCMD_get_version VC_CMD(VERSION, 0, 0)
++#define VCMD_get_vci VC_CMD(VERSION, 1, 0)
+
-+ if (!fl.fl4_dst || !fl.fl4_src) {
- err = __ip_route_output_key(net, rp, &fl);
- if (err)
- return err;
-diff -NurpP --minimal linux-2.6.35.4/include/net/sock.h linux-2.6.35.4-vs2.3.0.36.32/include/net/sock.h
---- linux-2.6.35.4/include/net/sock.h 2010-08-02 16:52:57.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/include/net/sock.h 2010-08-02 17:05:06.000000000 +0200
-@@ -150,6 +150,10 @@ struct sock_common {
- #ifdef CONFIG_NET_NS
- struct net *skc_net;
- #endif
-+ xid_t skc_xid;
-+ struct vx_info *skc_vx_info;
-+ nid_t skc_nid;
-+ struct nx_info *skc_nx_info;
- };
-
- /**
-@@ -239,6 +243,10 @@ struct sock {
- #define sk_bind_node __sk_common.skc_bind_node
- #define sk_prot __sk_common.skc_prot
- #define sk_net __sk_common.skc_net
-+#define sk_xid __sk_common.skc_xid
-+#define sk_vx_info __sk_common.skc_vx_info
-+#define sk_nid __sk_common.skc_nid
-+#define sk_nx_info __sk_common.skc_nx_info
- kmemcheck_bitfield_begin(flags);
- unsigned int sk_shutdown : 2,
- sk_no_check : 2,
-diff -NurpP --minimal linux-2.6.35.4/init/Kconfig linux-2.6.35.4-vs2.3.0.36.32/init/Kconfig
---- linux-2.6.35.4/init/Kconfig 2010-08-02 16:52:57.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/init/Kconfig 2010-08-02 17:05:06.000000000 +0200
-@@ -472,6 +472,7 @@ config HAVE_UNSTABLE_SCHED_CLOCK
++#endif /* _UAPI_VS_SWITCH_H */
+diff -NurpP --minimal linux-3.9.4/include/uapi/vserver/tag_cmd.h linux-3.9.4-vs2.3.6.2/include/uapi/vserver/tag_cmd.h
+--- linux-3.9.4/include/uapi/vserver/tag_cmd.h 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/include/uapi/vserver/tag_cmd.h 2013-05-31 14:47:11.000000000 +0000
+@@ -0,0 +1,14 @@
++#ifndef _UAPI_VS_TAG_CMD_H
++#define _UAPI_VS_TAG_CMD_H
++
++
++/* vinfo commands */
++
++#define VCMD_task_tag VC_CMD(VINFO, 3, 0)
++
++
++/* context commands */
++
++#define VCMD_tag_migrate VC_CMD(TAGMIG, 1, 0)
++
++#endif /* _UAPI_VS_TAG_CMD_H */
+diff -NurpP --minimal linux-3.9.4/init/Kconfig linux-3.9.4-vs2.3.6.2/init/Kconfig
+--- linux-3.9.4/init/Kconfig 2013-05-31 13:45:29.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/init/Kconfig 2013-05-31 14:47:11.000000000 +0000
+@@ -760,6 +760,7 @@ config NUMA_BALANCING
menuconfig CGROUPS
boolean "Control Group support"
depends on EVENTFD
help
This option adds support for grouping sets of processes together, for
use with process control subsystems such as Cpusets, CFS, memory
-@@ -499,6 +500,7 @@ config CGROUP_DEBUG
- config CGROUP_NS
- bool "Namespace cgroup subsystem"
- depends on CGROUPS
-+ default n
- help
- Provides a simple namespace cgroup subsystem to
- provide hierarchical naming of sets of namespaces,
-diff -NurpP --minimal linux-2.6.35.4/init/main.c linux-2.6.35.4-vs2.3.0.36.32/init/main.c
---- linux-2.6.35.4/init/main.c 2010-08-02 16:52:57.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/init/main.c 2010-08-02 17:05:06.000000000 +0200
-@@ -71,6 +71,7 @@
- #include <linux/shmem_fs.h>
- #include <linux/slab.h>
- #include <trace/boot.h>
+@@ -1022,6 +1023,7 @@ config IPC_NS
+ config USER_NS
+ bool "User namespace"
+ depends on UIDGID_CONVERTED
++ depends on VSERVER_DISABLED
+ select UIDGID_STRICT_TYPE_CHECKS
+
+ default n
+diff -NurpP --minimal linux-3.9.4/init/main.c linux-3.9.4-vs2.3.6.2/init/main.c
+--- linux-3.9.4/init/main.c 2013-05-31 13:45:29.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/init/main.c 2013-05-31 15:09:17.000000000 +0000
+@@ -72,6 +72,7 @@
+ #include <linux/ptrace.h>
+ #include <linux/blkdev.h>
+ #include <linux/elevator.h>
+#include <linux/vserver/percpu.h>
#include <asm/io.h>
#include <asm/bugs.h>
-diff -NurpP --minimal linux-2.6.35.4/ipc/mqueue.c linux-2.6.35.4-vs2.3.0.36.32/ipc/mqueue.c
---- linux-2.6.35.4/ipc/mqueue.c 2010-08-02 16:52:57.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/ipc/mqueue.c 2010-08-02 17:05:06.000000000 +0200
-@@ -33,6 +33,8 @@
- #include <linux/pid.h>
+diff -NurpP --minimal linux-3.9.4/ipc/mqueue.c linux-3.9.4-vs2.3.6.2/ipc/mqueue.c
+--- linux-3.9.4/ipc/mqueue.c 2013-05-31 13:45:29.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/ipc/mqueue.c 2013-05-31 14:47:11.000000000 +0000
+@@ -35,6 +35,8 @@
#include <linux/ipc_namespace.h>
+ #include <linux/user_namespace.h>
#include <linux/slab.h>
+#include <linux/vs_context.h>
+#include <linux/vs_limit.h>
#include <net/sock.h>
#include "util.h"
-@@ -66,6 +68,7 @@ struct mqueue_inode_info {
- struct sigevent notify;
+@@ -76,6 +78,7 @@ struct mqueue_inode_info {
struct pid* notify_owner;
+ struct user_namespace *notify_user_ns;
struct user_struct *user; /* user who created, for accounting */
+ struct vx_info *vxi;
struct sock *notify_sock;
struct sk_buff *notify_cookie;
-@@ -125,6 +128,7 @@ static struct inode *mqueue_get_inode(st
- if (S_ISREG(mode)) {
- struct mqueue_inode_info *info;
- struct task_struct *p = current;
-+ struct vx_info *vxi = p->vx_info;
- unsigned long mq_bytes, mq_msg_tblsz;
-
- inode->i_fop = &mqueue_file_operations;
-@@ -138,6 +142,7 @@ static struct inode *mqueue_get_inode(st
- info->notify_owner = NULL;
- info->qsize = 0;
- info->user = NULL; /* set when all is ok */
-+ info->vxi = NULL;
- memset(&info->attr, 0, sizeof(info->attr));
- info->attr.mq_maxmsg = ipc_ns->mq_msg_max;
- info->attr.mq_msgsize = ipc_ns->mq_msgsize_max;
-@@ -156,16 +161,19 @@ static struct inode *mqueue_get_inode(st
- spin_lock(&mq_lock);
- if (u->mq_bytes + mq_bytes < u->mq_bytes ||
- u->mq_bytes + mq_bytes >
-- task_rlimit(p, RLIMIT_MSGQUEUE)) {
-+ task_rlimit(p, RLIMIT_MSGQUEUE) ||
-+ !vx_ipcmsg_avail(vxi, mq_bytes)) {
- spin_unlock(&mq_lock);
- /* mqueue_delete_inode() releases info->messages */
- goto out_inode;
- }
- u->mq_bytes += mq_bytes;
-+ vx_ipcmsg_add(vxi, u, mq_bytes);
+@@ -234,6 +237,7 @@ static struct inode *mqueue_get_inode(st
+ if (S_ISREG(mode)) {
+ struct mqueue_inode_info *info;
+ unsigned long mq_bytes, mq_treesize;
++ struct vx_info *vxi = current_vx_info();
+
+ inode->i_fop = &mqueue_file_operations;
+ inode->i_size = FILENT_SIZE;
+@@ -247,6 +251,7 @@ static struct inode *mqueue_get_inode(st
+ info->notify_user_ns = NULL;
+ info->qsize = 0;
+ info->user = NULL; /* set when all is ok */
++ info->vxi = NULL;
+ info->msg_tree = RB_ROOT;
+ info->node_cache = NULL;
+ memset(&info->attr, 0, sizeof(info->attr));
+@@ -280,17 +285,20 @@ static struct inode *mqueue_get_inode(st
+
+ spin_lock(&mq_lock);
+ if (u->mq_bytes + mq_bytes < u->mq_bytes ||
+- u->mq_bytes + mq_bytes > rlimit(RLIMIT_MSGQUEUE)) {
++ u->mq_bytes + mq_bytes > rlimit(RLIMIT_MSGQUEUE) ||
++ !vx_ipcmsg_avail(vxi, mq_bytes)) {
spin_unlock(&mq_lock);
+ /* mqueue_evict_inode() releases info->messages */
+ ret = -EMFILE;
+ goto out_inode;
+ }
+ u->mq_bytes += mq_bytes;
++ vx_ipcmsg_add(vxi, u, mq_bytes);
+ spin_unlock(&mq_lock);
+
+ /* all is ok */
+ info->user = get_uid(u);
++ info->vxi = get_vx_info(vxi);
+ } else if (S_ISDIR(mode)) {
+ inc_nlink(inode);
+ /* Some things misbehave if size == 0 on a directory */
+@@ -402,8 +410,11 @@ static void mqueue_evict_inode(struct in
- /* all is ok */
- info->user = get_uid(u);
-+ info->vxi = get_vx_info(vxi);
- } else if (S_ISDIR(mode)) {
- inc_nlink(inode);
- /* Some things misbehave if size == 0 on a directory */
-@@ -268,8 +276,11 @@ static void mqueue_delete_inode(struct i
- + info->attr.mq_msgsize);
user = info->user;
if (user) {
+ struct vx_info *vxi = info->vxi;
/*
* get_ns_from_inode() ensures that the
* (ipc_ns = sb->s_fs_info) is either a valid ipc_ns
-@@ -279,6 +290,7 @@ static void mqueue_delete_inode(struct i
+@@ -413,6 +424,7 @@ static void mqueue_evict_inode(struct in
if (ipc_ns)
ipc_ns->mq_queues_count--;
spin_unlock(&mq_lock);
free_uid(user);
}
if (ipc_ns)
-diff -NurpP --minimal linux-2.6.35.4/ipc/msg.c linux-2.6.35.4-vs2.3.0.36.32/ipc/msg.c
---- linux-2.6.35.4/ipc/msg.c 2010-08-02 16:52:57.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/ipc/msg.c 2010-08-02 17:05:06.000000000 +0200
+diff -NurpP --minimal linux-3.9.4/ipc/msg.c linux-3.9.4-vs2.3.6.2/ipc/msg.c
+--- linux-3.9.4/ipc/msg.c 2013-05-31 13:45:29.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/ipc/msg.c 2013-05-31 14:47:11.000000000 +0000
@@ -37,6 +37,7 @@
#include <linux/rwsem.h>
#include <linux/nsproxy.h>
msq->q_perm.security = NULL;
retval = security_msg_queue_alloc(msq);
-diff -NurpP --minimal linux-2.6.35.4/ipc/namespace.c linux-2.6.35.4-vs2.3.0.36.32/ipc/namespace.c
---- linux-2.6.35.4/ipc/namespace.c 2009-09-10 15:26:27.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/ipc/namespace.c 2010-08-02 17:05:06.000000000 +0200
-@@ -11,6 +11,8 @@
- #include <linux/slab.h>
- #include <linux/fs.h>
- #include <linux/mount.h>
-+#include <linux/vs_base.h>
-+#include <linux/vserver/global.h>
-
- #include "util.h"
-
-diff -NurpP --minimal linux-2.6.35.4/ipc/sem.c linux-2.6.35.4-vs2.3.0.36.32/ipc/sem.c
---- linux-2.6.35.4/ipc/sem.c 2010-08-02 16:52:57.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/ipc/sem.c 2010-08-02 17:05:06.000000000 +0200
+diff -NurpP --minimal linux-3.9.4/ipc/sem.c linux-3.9.4-vs2.3.6.2/ipc/sem.c
+--- linux-3.9.4/ipc/sem.c 2012-12-11 03:30:57.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/ipc/sem.c 2013-05-31 14:47:11.000000000 +0000
@@ -86,6 +86,8 @@
#include <linux/rwsem.h>
#include <linux/nsproxy.h>
#include <asm/uaccess.h>
#include "util.h"
-@@ -260,6 +262,7 @@ static int newary(struct ipc_namespace *
+@@ -306,6 +308,7 @@ static int newary(struct ipc_namespace *
sma->sem_perm.mode = (semflg & S_IRWXUGO);
sma->sem_perm.key = key;
sma->sem_perm.security = NULL;
retval = security_sem_alloc(sma);
-@@ -275,6 +278,9 @@ static int newary(struct ipc_namespace *
+@@ -321,6 +324,9 @@ static int newary(struct ipc_namespace *
return id;
}
ns->used_sems += nsems;
sma->sem_base = (struct sem *) &sma[1];
-@@ -730,6 +736,9 @@ static void freeary(struct ipc_namespace
+@@ -770,6 +776,9 @@ static void freeary(struct ipc_namespace
wake_up_sem_queue_do(&tasks);
ns->used_sems -= sma->sem_nsems;
security_sem_free(sma);
ipc_rcu_putref(sma);
}
-diff -NurpP --minimal linux-2.6.35.4/ipc/shm.c linux-2.6.35.4-vs2.3.0.36.32/ipc/shm.c
---- linux-2.6.35.4/ipc/shm.c 2010-08-02 16:52:57.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/ipc/shm.c 2010-08-02 17:05:06.000000000 +0200
+diff -NurpP --minimal linux-3.9.4/ipc/shm.c linux-3.9.4-vs2.3.6.2/ipc/shm.c
+--- linux-3.9.4/ipc/shm.c 2013-05-31 14:22:27.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/ipc/shm.c 2013-05-31 14:47:11.000000000 +0000
@@ -39,6 +39,8 @@
#include <linux/nsproxy.h>
#include <linux/mount.h>
#include <asm/uaccess.h>
-@@ -169,7 +171,12 @@ static void shm_open(struct vm_area_stru
+@@ -187,7 +189,12 @@ static void shm_open(struct vm_area_stru
*/
static void shm_destroy(struct ipc_namespace *ns, struct shmid_kernel *shp)
{
shm_rmid(ns, shp);
shm_unlock(shp);
if (!is_file_hugepages(shp->shm_file))
-@@ -179,6 +186,7 @@ static void shm_destroy(struct ipc_names
+@@ -197,6 +204,7 @@ static void shm_destroy(struct ipc_names
shp->mlock_user);
fput (shp->shm_file);
security_shm_free(shp);
ipc_rcu_putref(shp);
}
-@@ -349,11 +357,15 @@ static int newseg(struct ipc_namespace *
+@@ -474,11 +482,15 @@ static int newseg(struct ipc_namespace *
if (ns->shm_tot + numpages > ns->shm_ctlall)
return -ENOSPC;
shp->shm_perm.mode = (shmflg & S_IRWXUGO);
shp->mlock_user = NULL;
-@@ -407,6 +419,7 @@ static int newseg(struct ipc_namespace *
+@@ -544,6 +556,7 @@ static int newseg(struct ipc_namespace *
ns->shm_tot += numpages;
error = shp->shm_perm.id;
shm_unlock(shp);
return error;
no_id:
-diff -NurpP --minimal linux-2.6.35.4/kernel/capability.c linux-2.6.35.4-vs2.3.0.36.32/kernel/capability.c
---- linux-2.6.35.4/kernel/capability.c 2010-08-02 16:52:57.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/kernel/capability.c 2010-08-02 17:05:06.000000000 +0200
-@@ -14,6 +14,7 @@
- #include <linux/security.h>
+diff -NurpP --minimal linux-3.9.4/kernel/Makefile linux-3.9.4-vs2.3.6.2/kernel/Makefile
+--- linux-3.9.4/kernel/Makefile 2013-05-31 14:22:27.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/kernel/Makefile 2013-05-31 14:47:11.000000000 +0000
+@@ -24,6 +24,7 @@ endif
+
+ obj-y += sched/
+ obj-y += power/
++obj-y += vserver/
+
+ obj-$(CONFIG_CHECKPOINT_RESTORE) += kcmp.o
+ obj-$(CONFIG_FREEZER) += freezer.o
+diff -NurpP --minimal linux-3.9.4/kernel/auditsc.c linux-3.9.4-vs2.3.6.2/kernel/auditsc.c
+--- linux-3.9.4/kernel/auditsc.c 2013-05-31 14:22:27.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/kernel/auditsc.c 2013-05-31 14:47:11.000000000 +0000
+@@ -2315,7 +2315,7 @@ int audit_set_loginuid(kuid_t loginuid)
+ if (audit_loginuid_set(task))
+ return -EPERM;
+ #else /* CONFIG_AUDIT_LOGINUID_IMMUTABLE */
+- if (!capable(CAP_AUDIT_CONTROL))
++ if (!vx_capable(CAP_AUDIT_CONTROL, VXC_AUDIT_CONTROL))
+ return -EPERM;
+ #endif /* CONFIG_AUDIT_LOGINUID_IMMUTABLE */
+
+diff -NurpP --minimal linux-3.9.4/kernel/capability.c linux-3.9.4-vs2.3.6.2/kernel/capability.c
+--- linux-3.9.4/kernel/capability.c 2013-05-31 13:45:29.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/kernel/capability.c 2013-05-31 14:47:11.000000000 +0000
+@@ -15,6 +15,7 @@
#include <linux/syscalls.h>
#include <linux/pid_namespace.h>
+ #include <linux/user_namespace.h>
+#include <linux/vs_context.h>
#include <asm/uaccess.h>
/*
-@@ -119,6 +120,7 @@ static int cap_validate_magic(cap_user_h
+@@ -116,6 +117,7 @@ static int cap_validate_magic(cap_user_h
return 0;
}
/*
* The only thing that can change the capabilities of the current
* process is the current process. As such, we can't be in this code
-@@ -289,6 +291,8 @@ error:
- return ret;
+@@ -349,6 +351,8 @@ bool has_ns_capability_noaudit(struct ta
+ return (ret == 0);
}
+#include <linux/vserver/base.h>
+
/**
- * capable - Determine if the current task has a superior capability in effect
- * @cap: The capability to be tested for
-@@ -301,6 +305,9 @@ error:
- */
- int capable(int cap)
- {
-+ /* here for now so we don't require task locking */
-+ if (vs_check_bit(VXC_CAP_MASK, cap) && !vx_mcaps(1L << cap))
-+ return 0;
- if (unlikely(!cap_valid(cap))) {
- printk(KERN_CRIT "capable() called with invalid cap=%u\n", cap);
- BUG();
-diff -NurpP --minimal linux-2.6.35.4/kernel/compat.c linux-2.6.35.4-vs2.3.0.36.32/kernel/compat.c
---- linux-2.6.35.4/kernel/compat.c 2010-08-02 16:52:57.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/kernel/compat.c 2010-08-02 17:05:06.000000000 +0200
-@@ -900,7 +900,7 @@ asmlinkage long compat_sys_time(compat_t
- compat_time_t i;
- struct timeval tv;
-
-- do_gettimeofday(&tv);
-+ vx_gettimeofday(&tv);
- i = tv.tv_sec;
-
- if (tloc) {
-@@ -925,7 +925,7 @@ asmlinkage long compat_sys_stime(compat_
+ * has_capability_noaudit - Does a task have a capability (unaudited) in the
+ * initial user ns
+diff -NurpP --minimal linux-3.9.4/kernel/compat.c linux-3.9.4-vs2.3.6.2/kernel/compat.c
+--- linux-3.9.4/kernel/compat.c 2013-05-31 13:45:29.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/kernel/compat.c 2013-05-31 14:47:11.000000000 +0000
+@@ -27,6 +27,7 @@
+ #include <linux/times.h>
+ #include <linux/ptrace.h>
+ #include <linux/gfp.h>
++#include <linux/vs_time.h>
+
+ #include <asm/uaccess.h>
+
+@@ -1059,7 +1060,7 @@ asmlinkage long compat_sys_stime(compat_
if (err)
return err;
return 0;
}
-diff -NurpP --minimal linux-2.6.35.4/kernel/exit.c linux-2.6.35.4-vs2.3.0.36.32/kernel/exit.c
---- linux-2.6.35.4/kernel/exit.c 2010-08-02 16:52:57.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/kernel/exit.c 2010-08-02 17:05:06.000000000 +0200
+diff -NurpP --minimal linux-3.9.4/kernel/cred.c linux-3.9.4-vs2.3.6.2/kernel/cred.c
+--- linux-3.9.4/kernel/cred.c 2013-02-19 13:58:56.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/kernel/cred.c 2013-05-31 14:47:11.000000000 +0000
+@@ -56,31 +56,6 @@ struct cred init_cred = {
+ .group_info = &init_groups,
+ };
+
+-static inline void set_cred_subscribers(struct cred *cred, int n)
+-{
+-#ifdef CONFIG_DEBUG_CREDENTIALS
+- atomic_set(&cred->subscribers, n);
+-#endif
+-}
+-
+-static inline int read_cred_subscribers(const struct cred *cred)
+-{
+-#ifdef CONFIG_DEBUG_CREDENTIALS
+- return atomic_read(&cred->subscribers);
+-#else
+- return 0;
+-#endif
+-}
+-
+-static inline void alter_cred_subscribers(const struct cred *_cred, int n)
+-{
+-#ifdef CONFIG_DEBUG_CREDENTIALS
+- struct cred *cred = (struct cred *) _cred;
+-
+- atomic_add(n, &cred->subscribers);
+-#endif
+-}
+-
+ /*
+ * The RCU callback to actually dispose of a set of credentials
+ */
+@@ -232,21 +207,16 @@ error:
+ *
+ * Call commit_creds() or abort_creds() to clean up.
+ */
+-struct cred *prepare_creds(void)
++struct cred *__prepare_creds(const struct cred *old)
+ {
+- struct task_struct *task = current;
+- const struct cred *old;
+ struct cred *new;
+
+- validate_process_creds();
+-
+ new = kmem_cache_alloc(cred_jar, GFP_KERNEL);
+ if (!new)
+ return NULL;
+
+ kdebug("prepare_creds() alloc %p", new);
+
+- old = task->cred;
+ memcpy(new, old, sizeof(struct cred));
+
+ atomic_set(&new->usage, 1);
+@@ -275,6 +245,13 @@ error:
+ abort_creds(new);
+ return NULL;
+ }
++
++struct cred *prepare_creds(void)
++{
++ validate_process_creds();
++
++ return __prepare_creds(current->cred);
++}
+ EXPORT_SYMBOL(prepare_creds);
+
+ /*
+diff -NurpP --minimal linux-3.9.4/kernel/exit.c linux-3.9.4-vs2.3.6.2/kernel/exit.c
+--- linux-3.9.4/kernel/exit.c 2013-05-31 13:45:29.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/kernel/exit.c 2013-05-31 14:47:11.000000000 +0000
@@ -48,6 +48,10 @@
#include <linux/fs_struct.h>
#include <linux/init_task.h>
+#include <linux/vs_pid.h>
#include <trace/events/sched.h>
#include <linux/hw_breakpoint.h>
+ #include <linux/oom.h>
+@@ -514,15 +518,25 @@ static struct task_struct *find_new_reap
+ __acquires(&tasklist_lock)
+ {
+ struct pid_namespace *pid_ns = task_active_pid_ns(father);
+- struct task_struct *thread;
++ struct vx_info *vxi = task_get_vx_info(father);
++ struct task_struct *thread = father;
++ struct task_struct *reaper;
+
+- thread = father;
+ while_each_thread(father, thread) {
+ if (thread->flags & PF_EXITING)
+ continue;
+ if (unlikely(pid_ns->child_reaper == father))
+ pid_ns->child_reaper = thread;
+- return thread;
++ reaper = thread;
++ goto out_put;
++ }
++
++ reaper = pid_ns->child_reaper;
++ if (vxi) {
++ BUG_ON(!vxi->vx_reaper);
++ if (vxi->vx_reaper != init_pid_ns.child_reaper &&
++ vxi->vx_reaper != father)
++ reaper = vxi->vx_reaper;
+ }
-@@ -487,9 +491,11 @@ static void close_files(struct files_str
- filp_close(file, files);
- cond_resched();
- }
-+ vx_openfd_dec(i);
- }
- i++;
- set >>= 1;
-+ cond_resched();
+ if (unlikely(pid_ns->child_reaper == father)) {
+@@ -560,7 +574,9 @@ static struct task_struct *find_new_reap
}
}
+
+- return pid_ns->child_reaper;
++out_put:
++ put_vx_info(vxi);
++ return reaper;
}
-@@ -1020,11 +1026,16 @@ NORET_TYPE void do_exit(long code)
- validate_creds_for_do_exit(tsk);
+ /*
+@@ -611,10 +627,15 @@ static void forget_original_parent(struc
+ list_for_each_entry_safe(p, n, &father->children, sibling) {
+ struct task_struct *t = p;
+ do {
+- t->real_parent = reaper;
++ struct task_struct *new_parent = reaper;
++
++ if (unlikely(p == reaper))
++ new_parent = task_active_pid_ns(p)->child_reaper;
++
++ t->real_parent = new_parent;
+ if (t->parent == father) {
+ BUG_ON(t->ptrace);
+- t->parent = t->real_parent;
++ t->parent = new_parent;
+ }
+ if (t->pdeath_signal)
+ group_send_sig_info(t->pdeath_signal,
+@@ -821,6 +842,9 @@ void do_exit(long code)
+ */
+ ptrace_put_breakpoints(tsk);
+
++ /* needs to stay before exit_notify() */
++ exit_vx_info_early(tsk, code);
++
+ exit_notify(tsk, group_dead);
+ #ifdef CONFIG_NUMA
+ task_lock(tsk);
+@@ -874,10 +898,15 @@ void do_exit(long code)
+ smp_mb();
+ raw_spin_unlock_wait(&tsk->pi_lock);
+ /* needs to stay after exit_notify() */
+ exit_vx_info(tsk, code);
+ exit_nx_info(tsk);
+
- preempt_disable();
- exit_rcu();
/* causes final put_task_struct in finish_task_switch(). */
tsk->state = TASK_DEAD;
+ tsk->flags |= PF_NOFREEZE; /* tell freezer to ignore us */
schedule();
+ printk("bad task: %p [%lx]\n", current, current->state);
BUG();
/* Avoid "noreturn function does return". */
for (;;)
-diff -NurpP --minimal linux-2.6.35.4/kernel/fork.c linux-2.6.35.4-vs2.3.0.36.32/kernel/fork.c
---- linux-2.6.35.4/kernel/fork.c 2010-09-05 01:41:57.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/kernel/fork.c 2010-09-06 02:59:52.000000000 +0200
-@@ -65,6 +65,10 @@
- #include <linux/perf_event.h>
- #include <linux/posix-timers.h>
- #include <linux/user-return-notifier.h>
+diff -NurpP --minimal linux-3.9.4/kernel/fork.c linux-3.9.4-vs2.3.6.2/kernel/fork.c
+--- linux-3.9.4/kernel/fork.c 2013-05-31 13:45:29.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/kernel/fork.c 2013-05-31 14:47:11.000000000 +0000
+@@ -70,6 +70,9 @@
+ #include <linux/khugepaged.h>
+ #include <linux/signalfd.h>
+ #include <linux/uprobes.h>
+#include <linux/vs_context.h>
+#include <linux/vs_network.h>
+#include <linux/vs_limit.h>
-+#include <linux/vs_memory.h>
#include <asm/pgtable.h>
#include <asm/pgalloc.h>
-@@ -160,6 +164,8 @@ void free_task(struct task_struct *tsk)
- account_kernel_stack(tsk->stack, -1);
+@@ -210,6 +213,8 @@ void free_task(struct task_struct *tsk)
+ arch_release_thread_info(tsk->stack);
free_thread_info(tsk->stack);
rt_mutex_debug_task_free(tsk);
+ clr_vx_info(&tsk->vx_info);
+ clr_nx_info(&tsk->nx_info);
ftrace_graph_exit_task(tsk);
- free_task_struct(tsk);
- }
-@@ -492,6 +498,7 @@ static struct mm_struct * mm_init(struct
+ put_seccomp_filter(tsk);
+ arch_release_task_struct(tsk);
+@@ -547,6 +552,7 @@ static struct mm_struct *mm_init(struct
if (likely(!mm_alloc_pgd(mm))) {
mm->def_flags = 0;
mmu_notifier_mm_init(mm);
return mm;
}
-@@ -525,6 +532,7 @@ void __mmdrop(struct mm_struct *mm)
- mm_free_pgd(mm);
+@@ -599,6 +605,7 @@ void __mmdrop(struct mm_struct *mm)
destroy_context(mm);
mmu_notifier_mm_destroy(mm);
+ check_mm(mm);
+ clr_vx_info(&mm->mm_vx_info);
free_mm(mm);
}
EXPORT_SYMBOL_GPL(__mmdrop);
-@@ -660,6 +668,7 @@ struct mm_struct *dup_mm(struct task_str
+@@ -818,6 +825,7 @@ struct mm_struct *dup_mm(struct task_str
goto fail_nomem;
memcpy(mm, oldmm, sizeof(*mm));
+ mm->mm_vx_info = NULL;
+ mm_init_cpumask(mm);
- /* Initializing for Swap token stuff */
- mm->token_priority = 0;
-@@ -698,6 +707,7 @@ fail_nocontext:
+ #ifdef CONFIG_TRANSPARENT_HUGEPAGE
+@@ -859,6 +867,7 @@ fail_nocontext:
* If init_new_context() failed, we cannot use mmput() to free the mm
* because it calls destroy_context()
*/
mm_free_pgd(mm);
free_mm(mm);
return NULL;
-@@ -972,6 +982,8 @@ static struct task_struct *copy_process(
+@@ -1137,6 +1146,8 @@ static struct task_struct *copy_process(
+ {
int retval;
struct task_struct *p;
- int cgroup_callbacks_done = 0;
+ struct vx_info *vxi;
+ struct nx_info *nxi;
if ((clone_flags & (CLONE_NEWNS|CLONE_FS)) == (CLONE_NEWNS|CLONE_FS))
return ERR_PTR(-EINVAL);
-@@ -1018,7 +1030,12 @@ static struct task_struct *copy_process(
+@@ -1195,7 +1206,12 @@ static struct task_struct *copy_process(
DEBUG_LOCKS_WARN_ON(!p->hardirqs_enabled);
DEBUG_LOCKS_WARN_ON(!p->softirqs_enabled);
#endif
if (atomic_read(&p->real_cred->user->processes) >=
task_rlimit(p, RLIMIT_NPROC)) {
if (!capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RESOURCE) &&
-@@ -1283,6 +1300,18 @@ static struct task_struct *copy_process(
+@@ -1472,6 +1488,18 @@ static struct task_struct *copy_process(
total_forks++;
spin_unlock(¤t->sighand->siglock);
write_unlock_irq(&tasklist_lock);
proc_fork_connector(p);
cgroup_post_fork(p);
-diff -NurpP --minimal linux-2.6.35.4/kernel/kthread.c linux-2.6.35.4-vs2.3.0.36.32/kernel/kthread.c
---- linux-2.6.35.4/kernel/kthread.c 2010-07-07 18:31:57.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/kernel/kthread.c 2010-08-02 17:05:06.000000000 +0200
-@@ -14,6 +14,7 @@
- #include <linux/file.h>
- #include <linux/module.h>
- #include <linux/mutex.h>
+diff -NurpP --minimal linux-3.9.4/kernel/kthread.c linux-3.9.4-vs2.3.6.2/kernel/kthread.c
+--- linux-3.9.4/kernel/kthread.c 2013-05-31 13:45:30.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/kernel/kthread.c 2013-05-31 14:47:11.000000000 +0000
+@@ -17,6 +17,7 @@
+ #include <linux/slab.h>
+ #include <linux/freezer.h>
+ #include <linux/ptrace.h>
+#include <linux/vs_pid.h>
#include <trace/events/sched.h>
static DEFINE_SPINLOCK(kthread_create_lock);
-diff -NurpP --minimal linux-2.6.35.4/kernel/Makefile linux-2.6.35.4-vs2.3.0.36.32/kernel/Makefile
---- linux-2.6.35.4/kernel/Makefile 2010-08-02 16:52:57.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/kernel/Makefile 2010-08-02 17:05:06.000000000 +0200
-@@ -25,6 +25,7 @@ CFLAGS_REMOVE_sched_clock.o = -pg
- CFLAGS_REMOVE_perf_event.o = -pg
- endif
-
-+obj-y += vserver/
- obj-$(CONFIG_FREEZER) += freezer.o
- obj-$(CONFIG_PROFILING) += profile.o
- obj-$(CONFIG_SYSCTL_SYSCALL_CHECK) += sysctl_check.o
-diff -NurpP --minimal linux-2.6.35.4/kernel/nsproxy.c linux-2.6.35.4-vs2.3.0.36.32/kernel/nsproxy.c
---- linux-2.6.35.4/kernel/nsproxy.c 2010-07-07 18:31:57.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/kernel/nsproxy.c 2010-08-02 17:05:06.000000000 +0200
-@@ -20,6 +20,8 @@
+diff -NurpP --minimal linux-3.9.4/kernel/nsproxy.c linux-3.9.4-vs2.3.6.2/kernel/nsproxy.c
+--- linux-3.9.4/kernel/nsproxy.c 2013-05-31 13:45:30.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/kernel/nsproxy.c 2013-05-31 19:28:43.000000000 +0000
+@@ -20,11 +20,14 @@
#include <linux/mnt_namespace.h>
#include <linux/utsname.h>
#include <linux/pid_namespace.h>
+#include <linux/vserver/debug.h>
#include <net/net_namespace.h>
#include <linux/ipc_namespace.h>
+ #include <linux/proc_fs.h>
+ #include <linux/file.h>
+ #include <linux/syscalls.h>
++#include "../fs/mount.h"
+
+ static struct kmem_cache *nsproxy_cachep;
-@@ -43,8 +45,11 @@ static inline struct nsproxy *create_nsp
+@@ -46,8 +49,11 @@ static inline struct nsproxy *create_nsp
struct nsproxy *nsproxy;
nsproxy = kmem_cache_alloc(nsproxy_cachep, GFP_KERNEL);
return nsproxy;
}
-@@ -53,41 +58,52 @@ static inline struct nsproxy *create_nsp
+@@ -56,9 +62,12 @@ static inline struct nsproxy *create_nsp
* Return the newly created nsproxy. Do not attach this to the task,
* leave it to the caller to do proper locking and attach it to task.
*/
-static struct nsproxy *create_new_namespaces(unsigned long flags,
-- struct task_struct *tsk, struct fs_struct *new_fs)
-+static struct nsproxy *unshare_namespaces(unsigned long flags,
-+ struct nsproxy *orig, struct fs_struct *new_fs)
+- struct task_struct *tsk, struct user_namespace *user_ns,
+- struct fs_struct *new_fs)
++static struct nsproxy *unshare_namespaces(
++ unsigned long flags,
++ struct nsproxy *orig,
++ struct fs_struct *new_fs,
++ struct user_namespace *new_user,
++ struct pid_namespace *new_pid)
{
struct nsproxy *new_nsp;
int err;
-
-+ vxdprintk(VXD_CBIT(space, 4),
-+ "unshare_namespaces(0x%08lx,%p,%p)",
-+ flags, orig, new_fs);
-+
- new_nsp = create_nsproxy();
+@@ -67,31 +76,31 @@ static struct nsproxy *create_new_namesp
if (!new_nsp)
return ERR_PTR(-ENOMEM);
-- new_nsp->mnt_ns = copy_mnt_ns(flags, tsk->nsproxy->mnt_ns, new_fs);
-+ new_nsp->mnt_ns = copy_mnt_ns(flags, orig->mnt_ns, new_fs);
+- new_nsp->mnt_ns = copy_mnt_ns(flags, tsk->nsproxy->mnt_ns, user_ns, new_fs);
++ new_nsp->mnt_ns = copy_mnt_ns(flags, orig->mnt_ns, new_user, new_fs);
if (IS_ERR(new_nsp->mnt_ns)) {
err = PTR_ERR(new_nsp->mnt_ns);
goto out_ns;
}
-- new_nsp->uts_ns = copy_utsname(flags, tsk->nsproxy->uts_ns);
-+ new_nsp->uts_ns = copy_utsname(flags, orig->uts_ns);
+- new_nsp->uts_ns = copy_utsname(flags, user_ns, tsk->nsproxy->uts_ns);
++ new_nsp->uts_ns = copy_utsname(flags, new_user, orig->uts_ns);
if (IS_ERR(new_nsp->uts_ns)) {
err = PTR_ERR(new_nsp->uts_ns);
goto out_uts;
}
-- new_nsp->ipc_ns = copy_ipcs(flags, tsk->nsproxy->ipc_ns);
-+ new_nsp->ipc_ns = copy_ipcs(flags, orig->ipc_ns);
+- new_nsp->ipc_ns = copy_ipcs(flags, user_ns, tsk->nsproxy->ipc_ns);
++ new_nsp->ipc_ns = copy_ipcs(flags, new_user, orig->ipc_ns);
if (IS_ERR(new_nsp->ipc_ns)) {
err = PTR_ERR(new_nsp->ipc_ns);
goto out_ipc;
}
-- new_nsp->pid_ns = copy_pid_ns(flags, task_active_pid_ns(tsk));
-+ new_nsp->pid_ns = copy_pid_ns(flags, orig->pid_ns);
+- new_nsp->pid_ns = copy_pid_ns(flags, user_ns, tsk->nsproxy->pid_ns);
++ new_nsp->pid_ns = copy_pid_ns(flags, new_user, new_pid);
if (IS_ERR(new_nsp->pid_ns)) {
err = PTR_ERR(new_nsp->pid_ns);
goto out_pid;
}
-- new_nsp->net_ns = copy_net_ns(flags, tsk->nsproxy->net_ns);
-+ /* disabled now?
-+ new_nsp->user_ns = copy_user_ns(flags, orig->user_ns);
-+ if (IS_ERR(new_nsp->user_ns)) {
-+ err = PTR_ERR(new_nsp->user_ns);
-+ goto out_user;
-+ } */
-+
-+ new_nsp->net_ns = copy_net_ns(flags, orig->net_ns);
+- new_nsp->net_ns = copy_net_ns(flags, user_ns, tsk->nsproxy->net_ns);
++ new_nsp->net_ns = copy_net_ns(flags, new_user, orig->net_ns);
if (IS_ERR(new_nsp->net_ns)) {
err = PTR_ERR(new_nsp->net_ns);
goto out_net;
-@@ -112,6 +128,38 @@ out_ns:
+@@ -116,6 +125,41 @@ out_ns:
return ERR_PTR(err);
}
-+static struct nsproxy *create_new_namespaces(int flags, struct task_struct *tsk,
-+ struct fs_struct *new_fs)
++static struct nsproxy *create_new_namespaces(unsigned long flags,
++ struct task_struct *tsk, struct user_namespace *user_ns,
++ struct fs_struct *new_fs)
++
+{
-+ return unshare_namespaces(flags, tsk->nsproxy, new_fs);
++ return unshare_namespaces(flags, tsk->nsproxy,
++ new_fs, user_ns, task_active_pid_ns(tsk));
+}
+
+/*
/*
* called from clone. This now handles copy for nsproxy and all
* namespaces therein.
-@@ -119,9 +167,12 @@ out_ns:
- int copy_namespaces(unsigned long flags, struct task_struct *tsk)
+@@ -124,9 +168,12 @@ int copy_namespaces(unsigned long flags,
{
struct nsproxy *old_ns = tsk->nsproxy;
+ struct user_namespace *user_ns = task_cred_xxx(tsk, user_ns);
- struct nsproxy *new_ns;
+ struct nsproxy *new_ns = NULL;
int err = 0;
if (!old_ns)
return 0;
-@@ -131,7 +182,7 @@ int copy_namespaces(unsigned long flags,
+@@ -136,7 +183,7 @@ int copy_namespaces(unsigned long flags,
CLONE_NEWPID | CLONE_NEWNET)))
return 0;
-- if (!capable(CAP_SYS_ADMIN)) {
-+ if (!vx_can_unshare(CAP_SYS_ADMIN, flags)) {
+- if (!ns_capable(user_ns, CAP_SYS_ADMIN)) {
++ if (!vx_ns_can_unshare(user_ns, CAP_SYS_ADMIN, flags)) {
err = -EPERM;
goto out;
}
-@@ -158,6 +209,9 @@ int copy_namespaces(unsigned long flags,
+@@ -163,6 +210,9 @@ int copy_namespaces(unsigned long flags,
out:
put_nsproxy(old_ns);
return err;
}
-@@ -171,7 +225,9 @@ void free_nsproxy(struct nsproxy *ns)
+@@ -176,7 +226,9 @@ void free_nsproxy(struct nsproxy *ns)
put_ipc_ns(ns->ipc_ns);
if (ns->pid_ns)
put_pid_ns(ns->pid_ns);
kmem_cache_free(nsproxy_cachep, ns);
}
-@@ -184,11 +240,15 @@ int unshare_nsproxy_namespaces(unsigned
- {
+@@ -190,12 +242,16 @@ int unshare_nsproxy_namespaces(unsigned
+ struct user_namespace *user_ns;
int err = 0;
+ vxdprintk(VXD_CBIT(space, 4),
+ unshare_flags, current->nsproxy);
+
if (!(unshare_flags & (CLONE_NEWNS | CLONE_NEWUTS | CLONE_NEWIPC |
- CLONE_NEWNET)))
+ CLONE_NEWNET | CLONE_NEWPID)))
return 0;
-- if (!capable(CAP_SYS_ADMIN))
-+ if (!vx_can_unshare(CAP_SYS_ADMIN, unshare_flags))
+ user_ns = new_cred ? new_cred->user_ns : current_user_ns();
+- if (!ns_capable(user_ns, CAP_SYS_ADMIN))
++ if (!vx_ns_can_unshare(user_ns, CAP_SYS_ADMIN, unshare_flags))
return -EPERM;
- *new_nsp = create_new_namespaces(unshare_flags, current,
-diff -NurpP --minimal linux-2.6.35.4/kernel/pid.c linux-2.6.35.4-vs2.3.0.36.32/kernel/pid.c
---- linux-2.6.35.4/kernel/pid.c 2010-08-02 16:52:57.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/kernel/pid.c 2010-08-02 17:05:06.000000000 +0200
-@@ -36,6 +36,7 @@
- #include <linux/pid_namespace.h>
+ *new_nsp = create_new_namespaces(unshare_flags, current, user_ns,
+diff -NurpP --minimal linux-3.9.4/kernel/pid.c linux-3.9.4-vs2.3.6.2/kernel/pid.c
+--- linux-3.9.4/kernel/pid.c 2013-05-31 13:45:30.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/kernel/pid.c 2013-05-31 15:24:34.000000000 +0000
+@@ -37,6 +37,7 @@
#include <linux/init_task.h>
#include <linux/syscalls.h>
+ #include <linux/proc_fs.h>
+#include <linux/vs_pid.h>
#define pid_hashfn(nr, ns) \
hash_long((unsigned long)nr + (unsigned long)ns, pidhash_shift)
-@@ -305,7 +306,7 @@ EXPORT_SYMBOL_GPL(find_pid_ns);
+@@ -364,7 +365,7 @@ EXPORT_SYMBOL_GPL(find_pid_ns);
struct pid *find_vpid(int nr)
{
-- return find_pid_ns(nr, current->nsproxy->pid_ns);
-+ return find_pid_ns(vx_rmap_pid(nr), current->nsproxy->pid_ns);
+- return find_pid_ns(nr, task_active_pid_ns(current));
++ return find_pid_ns(vx_rmap_pid(nr), task_active_pid_ns(current));
}
EXPORT_SYMBOL_GPL(find_vpid);
-@@ -365,6 +366,9 @@ void transfer_pid(struct task_struct *ol
+@@ -424,6 +425,9 @@ void transfer_pid(struct task_struct *ol
struct task_struct *pid_task(struct pid *pid, enum pid_type type)
{
struct task_struct *result = NULL;
+ type = PIDTYPE_PID;
if (pid) {
struct hlist_node *first;
- first = rcu_dereference_check(pid->tasks[type].first,
-@@ -382,7 +386,7 @@ EXPORT_SYMBOL(pid_task);
- */
- struct task_struct *find_task_by_pid_ns(pid_t nr, struct pid_namespace *ns)
- {
+ first = rcu_dereference_check(hlist_first_rcu(&pid->tasks[type]),
+@@ -443,7 +447,7 @@ struct task_struct *find_task_by_pid_ns(
+ rcu_lockdep_assert(rcu_read_lock_held(),
+ "find_task_by_pid_ns() needs rcu_read_lock()"
+ " protection");
- return pid_task(find_pid_ns(nr, ns), PIDTYPE_PID);
+ return pid_task(find_pid_ns(vx_rmap_pid(nr), ns), PIDTYPE_PID);
}
struct task_struct *find_task_by_vpid(pid_t vnr)
-@@ -424,7 +428,7 @@ struct pid *find_get_pid(pid_t nr)
+@@ -487,7 +491,7 @@ struct pid *find_get_pid(pid_t nr)
}
EXPORT_SYMBOL_GPL(find_get_pid);
{
struct upid *upid;
pid_t nr = 0;
-@@ -437,6 +441,11 @@ pid_t pid_nr_ns(struct pid *pid, struct
- return nr;
+@@ -501,6 +505,11 @@ pid_t pid_nr_ns(struct pid *pid, struct
}
+ EXPORT_SYMBOL_GPL(pid_nr_ns);
+pid_t pid_nr_ns(struct pid *pid, struct pid_namespace *ns)
+{
+
pid_t pid_vnr(struct pid *pid)
{
- return pid_nr_ns(pid, current->nsproxy->pid_ns);
-diff -NurpP --minimal linux-2.6.35.4/kernel/pid_namespace.c linux-2.6.35.4-vs2.3.0.36.32/kernel/pid_namespace.c
---- linux-2.6.35.4/kernel/pid_namespace.c 2010-07-07 18:31:57.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/kernel/pid_namespace.c 2010-08-02 17:05:06.000000000 +0200
-@@ -14,6 +14,7 @@
- #include <linux/err.h>
- #include <linux/acct.h>
- #include <linux/slab.h>
+ return pid_nr_ns(pid, task_active_pid_ns(current));
+diff -NurpP --minimal linux-3.9.4/kernel/pid_namespace.c linux-3.9.4-vs2.3.6.2/kernel/pid_namespace.c
+--- linux-3.9.4/kernel/pid_namespace.c 2013-05-31 13:45:30.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/kernel/pid_namespace.c 2013-05-31 17:59:48.000000000 +0000
+@@ -18,6 +18,7 @@
+ #include <linux/proc_fs.h>
+ #include <linux/reboot.h>
+ #include <linux/export.h>
+#include <linux/vserver/global.h>
#define BITS_PER_PAGE (PAGE_SIZE*8)
-@@ -87,6 +88,7 @@ static struct pid_namespace *create_pid_
+@@ -112,6 +113,7 @@ static struct pid_namespace *create_pid_
goto out_free_map;
kref_init(&ns->kref);
+ atomic_inc(&vs_global_pid_ns);
ns->level = level;
ns->parent = get_pid_ns(parent_pid_ns);
-
-@@ -112,6 +114,7 @@ static void destroy_pid_namespace(struct
-
+ ns->user_ns = get_user_ns(user_ns);
+@@ -142,6 +144,7 @@ static void destroy_pid_namespace(struct
for (i = 0; i < PIDMAP_ENTRIES; i++)
kfree(ns->pidmap[i].page);
+ put_user_ns(ns->user_ns);
+ atomic_dec(&vs_global_pid_ns);
kmem_cache_free(pid_ns_cachep, ns);
}
-diff -NurpP --minimal linux-2.6.35.4/kernel/posix-timers.c linux-2.6.35.4-vs2.3.0.36.32/kernel/posix-timers.c
---- linux-2.6.35.4/kernel/posix-timers.c 2010-08-02 16:52:57.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/kernel/posix-timers.c 2010-08-02 17:05:06.000000000 +0200
-@@ -46,6 +46,7 @@
+diff -NurpP --minimal linux-3.9.4/kernel/posix-timers.c linux-3.9.4-vs2.3.6.2/kernel/posix-timers.c
+--- linux-3.9.4/kernel/posix-timers.c 2013-05-31 13:45:30.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/kernel/posix-timers.c 2013-05-31 14:47:11.000000000 +0000
+@@ -47,6 +47,7 @@
#include <linux/wait.h>
#include <linux/workqueue.h>
- #include <linux/module.h>
+ #include <linux/export.h>
+#include <linux/vs_context.h>
/*
* Management arrays for POSIX timers. Timers are kept in slab memory
-@@ -363,6 +364,7 @@ int posix_timer_event(struct k_itimer *t
+@@ -340,6 +341,7 @@ int posix_timer_event(struct k_itimer *t
{
struct task_struct *task;
int shared, ret = -1;
/*
* FIXME: if ->sigq is queued we can race with
* dequeue_signal()->do_schedule_next_timer().
-@@ -379,10 +381,18 @@ int posix_timer_event(struct k_itimer *t
+@@ -356,10 +358,18 @@ int posix_timer_event(struct k_itimer *t
rcu_read_lock();
task = pid_task(timr->it_pid, PIDTYPE_PID);
if (task) {
/* If we failed to send the signal the timer stops. */
return ret > 0;
}
-diff -NurpP --minimal linux-2.6.35.4/kernel/printk.c linux-2.6.35.4-vs2.3.0.36.32/kernel/printk.c
---- linux-2.6.35.4/kernel/printk.c 2010-08-02 16:52:57.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/kernel/printk.c 2010-08-02 17:05:06.000000000 +0200
-@@ -37,6 +37,7 @@
- #include <linux/ratelimit.h>
- #include <linux/kmsg_dump.h>
- #include <linux/syslog.h>
+diff -NurpP --minimal linux-3.9.4/kernel/printk.c linux-3.9.4-vs2.3.6.2/kernel/printk.c
+--- linux-3.9.4/kernel/printk.c 2013-05-31 13:45:30.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/kernel/printk.c 2013-05-31 15:23:35.000000000 +0000
+@@ -43,6 +43,7 @@
+ #include <linux/rculist.h>
+ #include <linux/poll.h>
+ #include <linux/irq_work.h>
+#include <linux/vs_cvirt.h>
#include <asm/uaccess.h>
-@@ -264,18 +265,15 @@ int do_syslog(int type, char __user *buf
- unsigned i, j, limit, count;
- int do_clear = 0;
- char c;
-- int error = 0;
-+ int error;
+@@ -841,7 +842,7 @@ static int check_syslog_permissions(int
+ return 0;
- error = security_syslog(type, from_file);
+ if (syslog_action_restricted(type)) {
+- if (capable(CAP_SYSLOG))
++ if (vx_capable(CAP_SYSLOG, VXC_SYSLOG))
+ return 0;
+ /* For historical reasons, accept CAP_SYS_ADMIN too, with a warning */
+ if (capable(CAP_SYS_ADMIN)) {
+@@ -1135,12 +1136,9 @@ int do_syslog(int type, char __user *buf
if (error)
return error;
error = -EINVAL;
if (!buf || len < 0)
goto out;
-@@ -286,6 +284,16 @@ int do_syslog(int type, char __user *buf
+@@ -1151,6 +1149,16 @@ int do_syslog(int type, char __user *buf
error = -EFAULT;
goto out;
}
+ break;
+ case SYSLOG_ACTION_READ: /* Read from log */
error = wait_event_interruptible(log_wait,
- (log_start - log_end));
+ syslog_seq != log_next_seq);
if (error)
-@@ -312,16 +320,6 @@ int do_syslog(int type, char __user *buf
+@@ -1163,16 +1171,6 @@ int do_syslog(int type, char __user *buf
/* FALL THRU */
/* Read last kernel messages */
case SYSLOG_ACTION_READ_ALL:
- error = -EFAULT;
- goto out;
- }
- count = len;
- if (count > log_buf_len)
- count = log_buf_len;
-diff -NurpP --minimal linux-2.6.35.4/kernel/ptrace.c linux-2.6.35.4-vs2.3.0.36.32/kernel/ptrace.c
---- linux-2.6.35.4/kernel/ptrace.c 2010-08-02 16:52:57.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/kernel/ptrace.c 2010-08-02 17:05:06.000000000 +0200
+ error = syslog_print_all(buf, len, clear);
+ break;
+ /* Clear ring buffer */
+diff -NurpP --minimal linux-3.9.4/kernel/ptrace.c linux-3.9.4-vs2.3.6.2/kernel/ptrace.c
+--- linux-3.9.4/kernel/ptrace.c 2013-05-31 13:45:30.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/kernel/ptrace.c 2013-05-31 15:22:34.000000000 +0000
@@ -22,6 +22,7 @@
#include <linux/syscalls.h>
#include <linux/uaccess.h>
#include <linux/regset.h>
+#include <linux/vs_context.h>
+ #include <linux/hw_breakpoint.h>
+ #include <linux/cn_proc.h>
+@@ -261,6 +262,11 @@ ok:
+ }
+ rcu_read_unlock();
- /*
-@@ -150,6 +151,11 @@ int __ptrace_may_access(struct task_stru
- dumpable = get_dumpable(task->mm);
- if (!dumpable && !capable(CAP_SYS_PTRACE))
- return -EPERM;
-+ if (!vx_check(task->xid, VS_ADMIN_P|VS_IDENT))
++ if (!vx_check(task->xid, VS_ADMIN_P|VS_WATCH_P|VS_IDENT))
+ return -EPERM;
+ if (!vx_check(task->xid, VS_IDENT) &&
+ !task_vx_flags(task, VXF_STATE_ADMIN, 0))
+ return -EACCES;
-
return security_ptrace_access_check(task, mode);
}
-@@ -703,6 +709,10 @@ SYSCALL_DEFINE4(ptrace, long, request, l
- goto out;
- }
-+ ret = -EPERM;
-+ if (!vx_check(vx_task_xid(child), VS_WATCH_P | VS_IDENT))
-+ goto out_put_task_struct;
-+
- if (request == PTRACE_ATTACH) {
- ret = ptrace_attach(child);
- /*
-diff -NurpP --minimal linux-2.6.35.4/kernel/sched.c linux-2.6.35.4-vs2.3.0.36.32/kernel/sched.c
---- linux-2.6.35.4/kernel/sched.c 2010-09-05 01:41:57.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/kernel/sched.c 2010-09-06 02:59:52.000000000 +0200
-@@ -72,6 +72,8 @@
- #include <linux/ctype.h>
- #include <linux/ftrace.h>
- #include <linux/slab.h>
+diff -NurpP --minimal linux-3.9.4/kernel/sched/core.c linux-3.9.4-vs2.3.6.2/kernel/sched/core.c
+--- linux-3.9.4/kernel/sched/core.c 2013-05-31 13:45:30.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/kernel/sched/core.c 2013-05-31 15:17:22.000000000 +0000
+@@ -73,6 +73,8 @@
+ #include <linux/init_task.h>
+ #include <linux/binfmts.h>
+ #include <linux/context_tracking.h>
+#include <linux/vs_sched.h>
+#include <linux/vs_cvirt.h>
+ #include <asm/switch_to.h>
#include <asm/tlb.h>
- #include <asm/irq_regs.h>
-@@ -2947,9 +2949,17 @@ static inline long calc_load_fold_idle(v
+@@ -2091,9 +2093,17 @@ EXPORT_SYMBOL(avenrun); /* should be rem
*/
void get_avenrun(unsigned long *loads, unsigned long offset, int shift)
{
+ }
}
- static unsigned long
-@@ -3157,16 +3167,19 @@ void account_user_time(struct task_struc
+ static long calc_load_fold_active(struct rq *this_rq)
+@@ -3704,7 +3714,7 @@ SYSCALL_DEFINE1(nice, int, increment)
+ nice = 19;
+
+ if (increment < 0 && !can_nice(current, nice))
+- return -EPERM;
++ return vx_flags(VXF_IGNEG_NICE, 0) ? 0 : -EPERM;
+
+ retval = security_task_setnice(current, nice);
+ if (retval)
+diff -NurpP --minimal linux-3.9.4/kernel/sched/cputime.c linux-3.9.4-vs2.3.6.2/kernel/sched/cputime.c
+--- linux-3.9.4/kernel/sched/cputime.c 2013-05-31 14:22:27.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/kernel/sched/cputime.c 2013-05-31 15:17:55.000000000 +0000
+@@ -4,6 +4,7 @@
+ #include <linux/kernel_stat.h>
+ #include <linux/static_key.h>
+ #include <linux/context_tracking.h>
++#include <linux/vs_sched.h>
+ #include "sched.h"
+
+
+@@ -151,14 +152,17 @@ static inline void task_group_account_fi
+ void account_user_time(struct task_struct *p, cputime_t cputime,
cputime_t cputime_scaled)
{
- struct cpu_usage_stat *cpustat = &kstat_this_cpu.cpustat;
+ struct vx_info *vxi = p->vx_info; /* p is _always_ current */
- cputime64_t tmp;
+ int nice = (TASK_NICE(p) > 0);
+ int index;
/* Add user time to process. */
- p->utime = cputime_add(p->utime, cputime);
- p->utimescaled = cputime_add(p->utimescaled, cputime_scaled);
+ p->utime += cputime;
+ p->utimescaled += cputime_scaled;
+ vx_account_user(vxi, cputime, nice);
account_group_user_time(p, cputime);
+- index = (TASK_NICE(p) > 0) ? CPUTIME_NICE : CPUTIME_USER;
++ index = (nice) ? CPUTIME_NICE : CPUTIME_USER;
+
/* Add user time to cpustat. */
- tmp = cputime_to_cputime64(cputime);
-- if (TASK_NICE(p) > 0)
-+ if (nice)
- cpustat->nice = cputime64_add(cpustat->nice, tmp);
- else
- cpustat->user = cputime64_add(cpustat->user, tmp);
-@@ -3217,6 +3230,7 @@ void account_system_time(struct task_str
- cputime_t cputime, cputime_t cputime_scaled)
+ task_group_account_field(p, index, (__force u64) cputime);
+@@ -205,9 +209,12 @@ static inline
+ void __account_system_time(struct task_struct *p, cputime_t cputime,
+ cputime_t cputime_scaled, int index)
{
- struct cpu_usage_stat *cpustat = &kstat_this_cpu.cpustat;
+ struct vx_info *vxi = p->vx_info; /* p is _always_ current */
- cputime64_t tmp;
-
- if ((p->flags & PF_VCPU) && (irq_count() - hardirq_offset == 0)) {
-@@ -3227,6 +3241,7 @@ void account_system_time(struct task_str
++
/* Add system time to process. */
- p->stime = cputime_add(p->stime, cputime);
- p->stimescaled = cputime_add(p->stimescaled, cputime_scaled);
+ p->stime += cputime;
+ p->stimescaled += cputime_scaled;
+ vx_account_system(vxi, cputime, 0 /* do we have idle time? */);
account_group_system_time(p, cputime);
/* Add system time to cpustat. */
-@@ -4300,7 +4315,7 @@ SYSCALL_DEFINE1(nice, int, increment)
- nice = 19;
+diff -NurpP --minimal linux-3.9.4/kernel/sched/fair.c linux-3.9.4-vs2.3.6.2/kernel/sched/fair.c
+--- linux-3.9.4/kernel/sched/fair.c 2013-05-31 13:45:30.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/kernel/sched/fair.c 2013-05-31 15:19:37.000000000 +0000
+@@ -29,6 +29,7 @@
+ #include <linux/mempolicy.h>
+ #include <linux/migrate.h>
+ #include <linux/task_work.h>
++#include <linux/vs_cvirt.h>
- if (increment < 0 && !can_nice(current, nice))
-- return -EPERM;
-+ return vx_flags(VXF_IGNEG_NICE, 0) ? 0 : -EPERM;
+ #include <trace/events/sched.h>
- retval = security_task_setnice(current, nice);
- if (retval)
-diff -NurpP --minimal linux-2.6.35.4/kernel/sched_fair.c linux-2.6.35.4-vs2.3.0.36.32/kernel/sched_fair.c
---- linux-2.6.35.4/kernel/sched_fair.c 2010-08-02 16:52:57.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/kernel/sched_fair.c 2010-08-02 17:05:06.000000000 +0200
-@@ -782,6 +782,9 @@ enqueue_entity(struct cfs_rq *cfs_rq, st
- check_spread(cfs_rq, se);
- if (se != cfs_rq->curr)
+@@ -1714,6 +1715,8 @@ enqueue_entity(struct cfs_rq *cfs_rq, st
__enqueue_entity(cfs_rq, se);
-+
+ se->on_rq = 1;
+
+ if (entity_is_task(se))
+ vx_activate_task(task_of(se));
- }
-
- static void __clear_buddies(struct cfs_rq *cfs_rq, struct sched_entity *se)
-@@ -825,6 +828,8 @@ dequeue_entity(struct cfs_rq *cfs_rq, st
-
+ if (cfs_rq->nr_running == 1) {
+ list_add_leaf_cfs_rq(cfs_rq);
+ check_enqueue_throttle(cfs_rq);
+@@ -1795,6 +1798,8 @@ dequeue_entity(struct cfs_rq *cfs_rq, st
if (se != cfs_rq->curr)
__dequeue_entity(cfs_rq, se);
+ se->on_rq = 0;
+ if (entity_is_task(se))
+ vx_deactivate_task(task_of(se));
account_entity_dequeue(cfs_rq, se);
- update_min_vruntime(cfs_rq);
-diff -NurpP --minimal linux-2.6.35.4/kernel/signal.c linux-2.6.35.4-vs2.3.0.36.32/kernel/signal.c
---- linux-2.6.35.4/kernel/signal.c 2010-09-05 01:41:57.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/kernel/signal.c 2010-08-14 18:19:32.000000000 +0200
-@@ -28,6 +28,8 @@
- #include <linux/freezer.h>
- #include <linux/pid_namespace.h>
- #include <linux/nsproxy.h>
+ /*
+diff -NurpP --minimal linux-3.9.4/kernel/signal.c linux-3.9.4-vs2.3.6.2/kernel/signal.c
+--- linux-3.9.4/kernel/signal.c 2013-05-31 13:45:30.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/kernel/signal.c 2013-05-31 15:20:05.000000000 +0000
+@@ -32,6 +32,8 @@
+ #include <linux/user_namespace.h>
+ #include <linux/uprobes.h>
+ #include <linux/compat.h>
+#include <linux/vs_context.h>
+#include <linux/vs_pid.h>
#define CREATE_TRACE_POINTS
#include <trace/events/signal.h>
-@@ -646,9 +648,18 @@ static int check_kill_permission(int sig
+@@ -789,9 +791,18 @@ static int check_kill_permission(int sig
struct pid *sid;
int error;
if (!si_fromuser(info))
return 0;
-@@ -678,6 +689,20 @@ static int check_kill_permission(int sig
+@@ -815,6 +826,20 @@ static int check_kill_permission(int sig
}
}
return security_task_kill(t, info, sig, 0);
}
-@@ -1170,7 +1195,7 @@ int kill_pid_info(int sig, struct siginf
+@@ -1351,7 +1376,7 @@ int kill_pid_info(int sig, struct siginf
rcu_read_lock();
retry:
p = pid_task(pid, PIDTYPE_PID);
error = group_send_sig_info(sig, info, p);
if (unlikely(error == -ESRCH))
/*
-@@ -1210,7 +1235,7 @@ int kill_pid_info_as_uid(int sig, struct
+@@ -1399,7 +1424,7 @@ int kill_pid_info_as_cred(int sig, struc
rcu_read_lock();
p = pid_task(pid, PIDTYPE_PID);
ret = -ESRCH;
goto out_unlock;
}
-@@ -1265,8 +1290,10 @@ static int kill_something_info(int sig,
+@@ -1451,8 +1476,10 @@ static int kill_something_info(int sig,
struct task_struct * p;
for_each_process(p) {
int err = group_send_sig_info(sig, info, p);
++count;
if (err != -EPERM)
-@@ -1933,6 +1960,11 @@ relock:
+@@ -2306,6 +2333,11 @@ relock:
!sig_kernel_only(signr))
continue;
+ vx_current_initpid(current->pid))
+ continue;
+
- if (sig_kernel_stop(signr)) {
- /*
- * The default action is to stop all threads in
-diff -NurpP --minimal linux-2.6.35.4/kernel/softirq.c linux-2.6.35.4-vs2.3.0.36.32/kernel/softirq.c
---- linux-2.6.35.4/kernel/softirq.c 2010-08-02 16:52:57.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/kernel/softirq.c 2010-08-02 17:05:06.000000000 +0200
-@@ -24,6 +24,7 @@
- #include <linux/ftrace.h>
- #include <linux/smp.h>
- #include <linux/tick.h>
-+#include <linux/vs_context.h>
-
- #define CREATE_TRACE_POINTS
- #include <trace/events/irq.h>
-diff -NurpP --minimal linux-2.6.35.4/kernel/sys.c linux-2.6.35.4-vs2.3.0.36.32/kernel/sys.c
---- linux-2.6.35.4/kernel/sys.c 2010-08-02 16:52:57.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/kernel/sys.c 2010-08-02 17:48:19.000000000 +0200
-@@ -42,6 +42,7 @@
- #include <linux/syscalls.h>
- #include <linux/kprobes.h>
- #include <linux/user_namespace.h>
-+#include <linux/vs_pid.h>
-
- #include <asm/uaccess.h>
- #include <asm/io.h>
-@@ -131,7 +132,10 @@ static int set_one_prio(struct task_stru
- goto out;
- }
- if (niceval < task_nice(p) && !can_nice(p, niceval)) {
-- error = -EACCES;
-+ if (vx_flags(VXF_IGNEG_NICE, 0))
-+ error = 0;
-+ else
-+ error = -EACCES;
- goto out;
- }
- no_nice = security_task_setnice(p, niceval);
-@@ -181,6 +185,8 @@ SYSCALL_DEFINE3(setpriority, int, which,
- else
- pgrp = task_pgrp(current);
- do_each_pid_thread(pgrp, PIDTYPE_PGID, p) {
-+ if (!vx_check(p->xid, VS_ADMIN_P | VS_IDENT))
-+ continue;
- error = set_one_prio(p, niceval, error);
- } while_each_pid_thread(pgrp, PIDTYPE_PGID, p);
- break;
-@@ -244,6 +250,8 @@ SYSCALL_DEFINE2(getpriority, int, which,
- else
- pgrp = task_pgrp(current);
- do_each_pid_thread(pgrp, PIDTYPE_PGID, p) {
-+ if (!vx_check(p->xid, VS_ADMIN_P | VS_IDENT))
-+ continue;
- niceval = 20 - task_nice(p);
- if (niceval > retval)
- retval = niceval;
-@@ -357,6 +365,8 @@ EXPORT_SYMBOL_GPL(kernel_power_off);
-
- static DEFINE_MUTEX(reboot_mutex);
-
-+long vs_reboot(unsigned int, void __user *);
+ if (sig_kernel_stop(signr)) {
+ /*
+ * The default action is to stop all threads in
+diff -NurpP --minimal linux-3.9.4/kernel/softirq.c linux-3.9.4-vs2.3.6.2/kernel/softirq.c
+--- linux-3.9.4/kernel/softirq.c 2013-05-31 13:45:30.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/kernel/softirq.c 2013-05-31 14:47:11.000000000 +0000
+@@ -25,6 +25,7 @@
+ #include <linux/smp.h>
+ #include <linux/smpboot.h>
+ #include <linux/tick.h>
++#include <linux/vs_context.h>
+
+ #define CREATE_TRACE_POINTS
+ #include <trace/events/irq.h>
+diff -NurpP --minimal linux-3.9.4/kernel/sys.c linux-3.9.4-vs2.3.6.2/kernel/sys.c
+--- linux-3.9.4/kernel/sys.c 2013-05-31 13:45:30.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/kernel/sys.c 2013-05-31 15:23:14.000000000 +0000
+@@ -50,6 +50,7 @@
+ #include <linux/binfmts.h>
+
+ #include <linux/kmsg_dump.h>
++#include <linux/vs_pid.h>
+ /* Move somewhere else to avoid recompiling? */
+ #include <generated/utsrelease.h>
+
+@@ -155,7 +156,10 @@ static int set_one_prio(struct task_stru
+ goto out;
+ }
+ if (niceval < task_nice(p) && !can_nice(p, niceval)) {
+- error = -EACCES;
++ if (vx_flags(VXF_IGNEG_NICE, 0))
++ error = 0;
++ else
++ error = -EACCES;
+ goto out;
+ }
+ no_nice = security_task_setnice(p, niceval);
+@@ -206,6 +210,8 @@ SYSCALL_DEFINE3(setpriority, int, which,
+ else
+ pgrp = task_pgrp(current);
+ do_each_pid_thread(pgrp, PIDTYPE_PGID, p) {
++ if (!vx_check(p->xid, VS_ADMIN_P | VS_IDENT))
++ continue;
+ error = set_one_prio(p, niceval, error);
+ } while_each_pid_thread(pgrp, PIDTYPE_PGID, p);
+ break;
+@@ -271,6 +277,8 @@ SYSCALL_DEFINE2(getpriority, int, which,
+ else
+ pgrp = task_pgrp(current);
+ do_each_pid_thread(pgrp, PIDTYPE_PGID, p) {
++ if (!vx_check(p->xid, VS_ADMIN_P | VS_IDENT))
++ continue;
+ niceval = 20 - task_nice(p);
+ if (niceval > retval)
+ retval = niceval;
+@@ -424,6 +432,8 @@ EXPORT_SYMBOL_GPL(kernel_power_off);
+
+ static DEFINE_MUTEX(reboot_mutex);
+
++long vs_reboot(unsigned int, void __user *);
++
+ /*
+ * Reboot system call: for obvious reasons only root may call it,
+ * and even root needs to set up some magic numbers in the registers
+@@ -466,6 +476,9 @@ SYSCALL_DEFINE4(reboot, int, magic1, int
+ if ((cmd == LINUX_REBOOT_CMD_POWER_OFF) && !pm_power_off)
+ cmd = LINUX_REBOOT_CMD_HALT;
+
++ if (!vx_check(0, VS_ADMIN|VS_WATCH))
++ return vs_reboot(cmd, arg);
++
+ mutex_lock(&reboot_mutex);
+ switch (cmd) {
+ case LINUX_REBOOT_CMD_RESTART:
+@@ -1373,7 +1386,8 @@ SYSCALL_DEFINE2(sethostname, char __user
+ int errno;
+ char tmp[__NEW_UTS_LEN];
+
+- if (!ns_capable(current->nsproxy->uts_ns->user_ns, CAP_SYS_ADMIN))
++ if (!vx_ns_capable(current->nsproxy->uts_ns->user_ns,
++ CAP_SYS_ADMIN, VXC_SET_UTSNAME))
+ return -EPERM;
+
+ if (len < 0 || len > __NEW_UTS_LEN)
+@@ -1424,7 +1438,8 @@ SYSCALL_DEFINE2(setdomainname, char __us
+ int errno;
+ char tmp[__NEW_UTS_LEN];
+
+- if (!ns_capable(current->nsproxy->uts_ns->user_ns, CAP_SYS_ADMIN))
++ if (!vx_ns_capable(current->nsproxy->uts_ns->user_ns,
++ CAP_SYS_ADMIN, VXC_SET_UTSNAME))
+ return -EPERM;
+ if (len < 0 || len > __NEW_UTS_LEN)
+ return -EINVAL;
+@@ -1543,7 +1558,7 @@ int do_prlimit(struct task_struct *tsk,
+ /* Keep the capable check against init_user_ns until
+ cgroups can contain all limits */
+ if (new_rlim->rlim_max > rlim->rlim_max &&
+- !capable(CAP_SYS_RESOURCE))
++ !vx_capable(CAP_SYS_RESOURCE, VXC_SET_RLIMIT))
+ retval = -EPERM;
+ if (!retval)
+ retval = security_task_setrlimit(tsk->group_leader,
+@@ -1596,7 +1611,8 @@ static int check_prlimit_permission(stru
+ gid_eq(cred->gid, tcred->sgid) &&
+ gid_eq(cred->gid, tcred->gid))
+ return 0;
+- if (ns_capable(tcred->user_ns, CAP_SYS_RESOURCE))
++ if (vx_ns_capable(tcred->user_ns,
++ CAP_SYS_RESOURCE, VXC_SET_RLIMIT))
+ return 0;
+
+ return -EPERM;
+diff -NurpP --minimal linux-3.9.4/kernel/sysctl.c linux-3.9.4-vs2.3.6.2/kernel/sysctl.c
+--- linux-3.9.4/kernel/sysctl.c 2013-05-31 13:45:30.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/kernel/sysctl.c 2013-05-31 15:28:39.000000000 +0000
+@@ -83,6 +83,7 @@
+ #if defined(CONFIG_PROVE_LOCKING) || defined(CONFIG_LOCK_STAT)
+ #include <linux/lockdep.h>
+ #endif
++extern char vshelper_path[];
+ #ifdef CONFIG_CHR_DEV_SG
+ #include <scsi/sg.h>
+ #endif
+@@ -629,6 +630,13 @@ static struct ctl_table kern_table[] = {
+ .mode = 0644,
+ .proc_handler = proc_dostring,
+ },
++ {
++ .procname = "vshelper",
++ .data = &vshelper_path,
++ .maxlen = 256,
++ .mode = 0644,
++ .proc_handler = &proc_dostring,
++ },
+
+ #ifdef CONFIG_CHR_DEV_SG
+ {
+diff -NurpP --minimal linux-3.9.4/kernel/sysctl_binary.c linux-3.9.4-vs2.3.6.2/kernel/sysctl_binary.c
+--- linux-3.9.4/kernel/sysctl_binary.c 2013-05-31 13:45:30.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/kernel/sysctl_binary.c 2013-05-31 14:47:11.000000000 +0000
+@@ -73,6 +73,7 @@ static const struct bin_table bin_kern_t
+
+ { CTL_INT, KERN_PANIC, "panic" },
+ { CTL_INT, KERN_REALROOTDEV, "real-root-dev" },
++ { CTL_STR, KERN_VSHELPER, "vshelper" },
+
+ { CTL_STR, KERN_SPARC_REBOOT, "reboot-cmd" },
+ { CTL_INT, KERN_CTLALTDEL, "ctrl-alt-del" },
+diff -NurpP --minimal linux-3.9.4/kernel/time/timekeeping.c linux-3.9.4-vs2.3.6.2/kernel/time/timekeeping.c
+--- linux-3.9.4/kernel/time/timekeeping.c 2013-05-31 13:45:30.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/kernel/time/timekeeping.c 2013-05-31 15:24:55.000000000 +0000
+@@ -22,6 +22,7 @@
+ #include <linux/tick.h>
+ #include <linux/stop_machine.h>
+ #include <linux/pvclock_gtod.h>
++#include <linux/vs_time.h>
+
+
+ static struct timekeeper timekeeper;
+@@ -594,6 +595,7 @@ void getrawmonotonic(struct timespec *ts
+ } while (read_seqretry(&tk->lock, seq));
+
+ timespec_add_ns(ts, nsecs);
++ vx_adjust_timespec(ts);
+ }
+ EXPORT_SYMBOL(getrawmonotonic);
+
+diff -NurpP --minimal linux-3.9.4/kernel/time.c linux-3.9.4-vs2.3.6.2/kernel/time.c
+--- linux-3.9.4/kernel/time.c 2013-05-31 13:45:30.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/kernel/time.c 2013-05-31 14:47:11.000000000 +0000
+@@ -37,6 +37,7 @@
+ #include <linux/fs.h>
+ #include <linux/math64.h>
+ #include <linux/ptrace.h>
++#include <linux/vs_time.h>
+
+ #include <asm/uaccess.h>
+ #include <asm/unistd.h>
+@@ -92,7 +93,7 @@ SYSCALL_DEFINE1(stime, time_t __user *,
+ if (err)
+ return err;
+
+- do_settimeofday(&tv);
++ vx_settimeofday(&tv);
+ return 0;
+ }
+
+@@ -180,7 +181,7 @@ int do_sys_settimeofday(const struct tim
+ }
+ }
+ if (tv)
+- return do_settimeofday(tv);
++ return vx_settimeofday(tv);
+ return 0;
+ }
+
+diff -NurpP --minimal linux-3.9.4/kernel/timer.c linux-3.9.4-vs2.3.6.2/kernel/timer.c
+--- linux-3.9.4/kernel/timer.c 2013-05-31 14:22:27.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/kernel/timer.c 2013-05-31 14:47:11.000000000 +0000
+@@ -41,6 +41,10 @@
+ #include <linux/sched.h>
+ #include <linux/sched/sysctl.h>
+ #include <linux/slab.h>
++#include <linux/vs_base.h>
++#include <linux/vs_cvirt.h>
++#include <linux/vs_pid.h>
++#include <linux/vserver/sched.h>
+
+ #include <asm/uaccess.h>
+ #include <asm/unistd.h>
+diff -NurpP --minimal linux-3.9.4/kernel/user_namespace.c linux-3.9.4-vs2.3.6.2/kernel/user_namespace.c
+--- linux-3.9.4/kernel/user_namespace.c 2013-05-31 13:45:30.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/kernel/user_namespace.c 2013-05-31 17:44:56.000000000 +0000
+@@ -22,6 +22,7 @@
+ #include <linux/ctype.h>
+ #include <linux/projid.h>
+ #include <linux/fs_struct.h>
++#include <linux/vserver/global.h>
+
+ static struct kmem_cache *user_ns_cachep __read_mostly;
+
+@@ -91,6 +92,7 @@ int create_user_ns(struct cred *new)
+
+ atomic_set(&ns->count, 1);
+ /* Leave the new->user_ns reference with the new user namespace. */
++ atomic_inc(&vs_global_user_ns);
+ ns->parent = parent_ns;
+ ns->owner = owner;
+ ns->group = group;
+@@ -835,6 +837,8 @@ static void *userns_get(struct task_stru
+
+ static void userns_put(void *ns)
+ {
++ /* FIXME: maybe move into destroyer? */
++ atomic_dec(&vs_global_user_ns);
+ put_user_ns(ns);
+ }
+
+diff -NurpP --minimal linux-3.9.4/kernel/utsname.c linux-3.9.4-vs2.3.6.2/kernel/utsname.c
+--- linux-3.9.4/kernel/utsname.c 2013-05-31 13:45:30.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/kernel/utsname.c 2013-05-31 15:15:55.000000000 +0000
+@@ -16,14 +16,17 @@
+ #include <linux/slab.h>
+ #include <linux/user_namespace.h>
+ #include <linux/proc_fs.h>
++#include <linux/vserver/global.h>
+
+ static struct uts_namespace *create_uts_ns(void)
+ {
+ struct uts_namespace *uts_ns;
+
+ uts_ns = kmalloc(sizeof(struct uts_namespace), GFP_KERNEL);
+- if (uts_ns)
++ if (uts_ns) {
+ kref_init(&uts_ns->kref);
++ atomic_inc(&vs_global_uts_ns);
++ }
+ return uts_ns;
+ }
+
+@@ -85,6 +88,7 @@ void free_uts_ns(struct kref *kref)
+ ns = container_of(kref, struct uts_namespace, kref);
+ put_user_ns(ns->user_ns);
+ proc_free_inum(ns->proc_inum);
++ atomic_dec(&vs_global_uts_ns);
+ kfree(ns);
+ }
+
+diff -NurpP --minimal linux-3.9.4/kernel/vserver/Kconfig linux-3.9.4-vs2.3.6.2/kernel/vserver/Kconfig
+--- linux-3.9.4/kernel/vserver/Kconfig 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/kernel/vserver/Kconfig 2013-05-31 14:47:11.000000000 +0000
+@@ -0,0 +1,233 @@
++#
++# Linux VServer configuration
++#
++
++menu "Linux VServer"
++
++config VSERVER_AUTO_LBACK
++ bool "Automatically Assign Loopback IP"
++ default y
++ help
++ Automatically assign a guest specific loopback
++ IP and add it to the kernel network stack on
++ startup.
++
++config VSERVER_AUTO_SINGLE
++ bool "Automatic Single IP Special Casing"
++ depends on EXPERIMENTAL
++ default y
++ help
++ This allows network contexts with a single IP to
++ automatically remap 0.0.0.0 bindings to that IP,
++ avoiding further network checks and improving
++ performance.
++
++ (note: such guests do not allow to change the ip
++ on the fly and do not show loopback addresses)
++
++config VSERVER_COWBL
++ bool "Enable COW Immutable Link Breaking"
++ default y
++ help
++ This enables the COW (Copy-On-Write) link break code.
++ It allows you to treat unified files like normal files
++ when writing to them (which will implicitely break the
++ link and create a copy of the unified file)
++
++config VSERVER_VTIME
++ bool "Enable Virtualized Guest Time"
++ depends on EXPERIMENTAL
++ default n
++ help
++ This enables per guest time offsets to allow for
++ adjusting the system clock individually per guest.
++ this adds some overhead to the time functions and
++ therefore should not be enabled without good reason.
++
++config VSERVER_DEVICE
++ bool "Enable Guest Device Mapping"
++ depends on EXPERIMENTAL
++ default n
++ help
++ This enables generic device remapping.
++
++config VSERVER_PROC_SECURE
++ bool "Enable Proc Security"
++ depends on PROC_FS
++ default y
++ help
++ This configures ProcFS security to initially hide
++ non-process entries for all contexts except the main and
++ spectator context (i.e. for all guests), which is a secure
++ default.
++
++ (note: on 1.2x the entries were visible by default)
++
++choice
++ prompt "Persistent Inode Tagging"
++ default TAGGING_ID24
++ help
++ This adds persistent context information to filesystems
++ mounted with the tagxid option. Tagging is a requirement
++ for per-context disk limits and per-context quota.
++
++
++config TAGGING_NONE
++ bool "Disabled"
++ help
++ do not store per-context information in inodes.
++
++config TAGGING_UID16
++ bool "UID16/GID32"
++ help
++ reduces UID to 16 bit, but leaves GID at 32 bit.
++
++config TAGGING_GID16
++ bool "UID32/GID16"
++ help
++ reduces GID to 16 bit, but leaves UID at 32 bit.
++
++config TAGGING_ID24
++ bool "UID24/GID24"
++ help
++ uses the upper 8bit from UID and GID for XID tagging
++ which leaves 24bit for UID/GID each, which should be
++ more than sufficient for normal use.
++
++config TAGGING_INTERN
++ bool "UID32/GID32"
++ help
++ this uses otherwise reserved inode fields in the on
++ disk representation, which limits the use to a few
++ filesystems (currently ext2 and ext3)
++
++endchoice
++
++config TAG_NFSD
++ bool "Tag NFSD User Auth and Files"
++ default n
++ help
++ Enable this if you do want the in-kernel NFS
++ Server to use the tagging specified above.
++ (will require patched clients too)
++
++config VSERVER_PRIVACY
++ bool "Honor Privacy Aspects of Guests"
++ default n
++ help
++ When enabled, most context checks will disallow
++ access to structures assigned to a specific context,
++ like ptys or loop devices.
++
++config VSERVER_CONTEXTS
++ int "Maximum number of Contexts (1-65533)" if EMBEDDED
++ range 1 65533
++ default "768" if 64BIT
++ default "256"
++ help
++ This setting will optimize certain data structures
++ and memory allocations according to the expected
++ maximum.
++
++ note: this is not a strict upper limit.
++
++config VSERVER_WARN
++ bool "VServer Warnings"
++ default y
++ help
++ This enables various runtime warnings, which will
++ notify about potential manipulation attempts or
++ resource shortage. It is generally considered to
++ be a good idea to have that enabled.
++
++config VSERVER_WARN_DEVPTS
++ bool "VServer DevPTS Warnings"
++ depends on VSERVER_WARN
++ default y
++ help
++ This enables DevPTS related warnings, issued when a
++ process inside a context tries to lookup or access
++ a dynamic pts from the host or a different context.
++
++config VSERVER_DEBUG
++ bool "VServer Debugging Code"
++ default n
++ help
++ Set this to yes if you want to be able to activate
++ debugging output at runtime. It adds a very small
++ overhead to all vserver related functions and
++ increases the kernel size by about 20k.
++
++config VSERVER_HISTORY
++ bool "VServer History Tracing"
++ depends on VSERVER_DEBUG
++ default n
++ help
++ Set this to yes if you want to record the history of
++ linux-vserver activities, so they can be replayed in
++ the event of a kernel panic or oops.
++
++config VSERVER_HISTORY_SIZE
++ int "Per-CPU History Size (32-65536)"
++ depends on VSERVER_HISTORY
++ range 32 65536
++ default 64
++ help
++ This allows you to specify the number of entries in
++ the per-CPU history buffer.
++
++config VSERVER_EXTRA_MNT_CHECK
++ bool "Extra Checks for Reachability"
++ default n
++ help
++ Set this to yes if you want to do extra checks for
++ vfsmount reachability in the proc filesystem code.
++ This shouldn't be required on any setup utilizing
++ mnt namespaces.
++
++choice
++ prompt "Quotes used in debug and warn messages"
++ default QUOTES_ISO8859
++
++config QUOTES_ISO8859
++ bool "Extended ASCII (ISO 8859) angle quotes"
++ help
++ This uses the extended ASCII characters \xbb
++ and \xab for quoting file and process names.
++
++config QUOTES_UTF8
++ bool "UTF-8 angle quotes"
++ help
++ This uses the the UTF-8 sequences for angle
++ quotes to quote file and process names.
++
++config QUOTES_ASCII
++ bool "ASCII single quotes"
++ help
++ This uses the ASCII single quote character
++ (\x27) to quote file and process names.
++
++endchoice
++
++endmenu
++
++
++config VSERVER
++ bool
++ default y
++ select NAMESPACES
++ select UTS_NS
++ select IPC_NS
++# select USER_NS
++ select SYSVIPC
++
++config VSERVER_SECURITY
++ bool
++ depends on SECURITY
++ default y
++ select SECURITY_CAPABILITIES
+
- /*
- * Reboot system call: for obvious reasons only root may call it,
- * and even root needs to set up some magic numbers in the registers
-@@ -389,6 +399,9 @@ SYSCALL_DEFINE4(reboot, int, magic1, int
- if ((cmd == LINUX_REBOOT_CMD_POWER_OFF) && !pm_power_off)
- cmd = LINUX_REBOOT_CMD_HALT;
-
-+ if (!vx_check(0, VS_ADMIN|VS_WATCH))
-+ return vs_reboot(cmd, arg);
++config VSERVER_DISABLED
++ bool
++ default n
+
- mutex_lock(&reboot_mutex);
- switch (cmd) {
- case LINUX_REBOOT_CMD_RESTART:
-@@ -1167,7 +1180,7 @@ SYSCALL_DEFINE2(sethostname, char __user
- int errno;
- char tmp[__NEW_UTS_LEN];
-
-- if (!capable(CAP_SYS_ADMIN))
-+ if (!vx_capable(CAP_SYS_ADMIN, VXC_SET_UTSNAME))
- return -EPERM;
- if (len < 0 || len > __NEW_UTS_LEN)
- return -EINVAL;
-@@ -1216,7 +1229,7 @@ SYSCALL_DEFINE2(setdomainname, char __us
- int errno;
- char tmp[__NEW_UTS_LEN];
-
-- if (!capable(CAP_SYS_ADMIN))
-+ if (!vx_capable(CAP_SYS_ADMIN, VXC_SET_UTSNAME))
- return -EPERM;
- if (len < 0 || len > __NEW_UTS_LEN)
- return -EINVAL;
-@@ -1285,7 +1298,7 @@ SYSCALL_DEFINE2(setrlimit, unsigned int,
- return -EINVAL;
- old_rlim = current->signal->rlim + resource;
- if ((new_rlim.rlim_max > old_rlim->rlim_max) &&
-- !capable(CAP_SYS_RESOURCE))
-+ !vx_capable(CAP_SYS_RESOURCE, VXC_SET_RLIMIT))
- return -EPERM;
- if (resource == RLIMIT_NOFILE && new_rlim.rlim_max > sysctl_nr_open)
- return -EPERM;
-diff -NurpP --minimal linux-2.6.35.4/kernel/sysctl_binary.c linux-2.6.35.4-vs2.3.0.36.32/kernel/sysctl_binary.c
---- linux-2.6.35.4/kernel/sysctl_binary.c 2010-08-02 16:52:57.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/kernel/sysctl_binary.c 2010-08-02 17:05:06.000000000 +0200
-@@ -73,6 +73,7 @@ static const struct bin_table bin_kern_t
-
- { CTL_INT, KERN_PANIC, "panic" },
- { CTL_INT, KERN_REALROOTDEV, "real-root-dev" },
-+ { CTL_STR, KERN_VSHELPER, "vshelper" },
-
- { CTL_STR, KERN_SPARC_REBOOT, "reboot-cmd" },
- { CTL_INT, KERN_CTLALTDEL, "ctrl-alt-del" },
-diff -NurpP --minimal linux-2.6.35.4/kernel/sysctl.c linux-2.6.35.4-vs2.3.0.36.32/kernel/sysctl.c
---- linux-2.6.35.4/kernel/sysctl.c 2010-08-02 16:52:57.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/kernel/sysctl.c 2010-08-02 17:05:06.000000000 +0200
-@@ -72,6 +72,7 @@
- #if defined(CONFIG_PROVE_LOCKING) || defined(CONFIG_LOCK_STAT)
- #include <linux/lockdep.h>
- #endif
-+extern char vshelper_path[];
- #ifdef CONFIG_CHR_DEV_SG
- #include <scsi/sg.h>
- #endif
-@@ -571,6 +572,13 @@ static struct ctl_table kern_table[] = {
- .proc_handler = proc_dostring,
- },
- #endif
-+ {
-+ .procname = "vshelper",
-+ .data = &vshelper_path,
-+ .maxlen = 256,
-+ .mode = 0644,
-+ .proc_handler = &proc_dostring,
-+ },
- #ifdef CONFIG_CHR_DEV_SG
- {
- .procname = "sg-big-buff",
-diff -NurpP --minimal linux-2.6.35.4/kernel/time.c linux-2.6.35.4-vs2.3.0.36.32/kernel/time.c
---- linux-2.6.35.4/kernel/time.c 2010-08-02 16:52:57.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/kernel/time.c 2010-08-02 17:05:06.000000000 +0200
-@@ -62,6 +62,7 @@ EXPORT_SYMBOL(sys_tz);
- SYSCALL_DEFINE1(time, time_t __user *, tloc)
- {
- time_t i = get_seconds();
-+/* FIXME: do_gettimeofday(&tv) -> vx_gettimeofday(&tv) */
-
- if (tloc) {
- if (put_user(i,tloc))
-@@ -92,7 +93,7 @@ SYSCALL_DEFINE1(stime, time_t __user *,
- if (err)
- return err;
-
-- do_settimeofday(&tv);
-+ vx_settimeofday(&tv);
- return 0;
- }
-
-@@ -103,7 +104,7 @@ SYSCALL_DEFINE2(gettimeofday, struct tim
- {
- if (likely(tv != NULL)) {
- struct timeval ktv;
-- do_gettimeofday(&ktv);
-+ vx_gettimeofday(&ktv);
- if (copy_to_user(tv, &ktv, sizeof(ktv)))
- return -EFAULT;
- }
-@@ -177,7 +178,7 @@ int do_sys_settimeofday(struct timespec
- /* SMP safe, again the code in arch/foo/time.c should
- * globally block out interrupts when it runs.
- */
-- return do_settimeofday(tv);
-+ return vx_settimeofday(tv);
- }
- return 0;
- }
-@@ -309,7 +310,7 @@ void getnstimeofday(struct timespec *tv)
- {
- struct timeval x;
-
-- do_gettimeofday(&x);
-+ vx_gettimeofday(&x);
- tv->tv_sec = x.tv_sec;
- tv->tv_nsec = x.tv_usec * NSEC_PER_USEC;
- }
-diff -NurpP --minimal linux-2.6.35.4/kernel/timer.c linux-2.6.35.4-vs2.3.0.36.32/kernel/timer.c
---- linux-2.6.35.4/kernel/timer.c 2010-08-02 16:52:58.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/kernel/timer.c 2010-08-02 17:05:06.000000000 +0200
-@@ -40,6 +40,10 @@
- #include <linux/perf_event.h>
- #include <linux/sched.h>
- #include <linux/slab.h>
-+#include <linux/vs_base.h>
-+#include <linux/vs_cvirt.h>
-+#include <linux/vs_pid.h>
-+#include <linux/vserver/sched.h>
-
- #include <asm/uaccess.h>
- #include <asm/unistd.h>
-@@ -1318,12 +1322,6 @@ SYSCALL_DEFINE1(alarm, unsigned int, sec
-
- #endif
-
--#ifndef __alpha__
--
--/*
-- * The Alpha uses getxpid, getxuid, and getxgid instead. Maybe this
-- * should be moved into arch/i386 instead?
-- */
-
- /**
- * sys_getpid - return the thread group id of the current process
-@@ -1352,10 +1350,23 @@ SYSCALL_DEFINE0(getppid)
- rcu_read_lock();
- pid = task_tgid_vnr(current->real_parent);
- rcu_read_unlock();
-+ return vx_map_pid(pid);
-+}
-
-- return pid;
-+#ifdef __alpha__
+diff -NurpP --minimal linux-3.9.4/kernel/vserver/Makefile linux-3.9.4-vs2.3.6.2/kernel/vserver/Makefile
+--- linux-3.9.4/kernel/vserver/Makefile 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/kernel/vserver/Makefile 2013-05-31 14:47:11.000000000 +0000
+@@ -0,0 +1,18 @@
++#
++# Makefile for the Linux vserver routines.
++#
+
-+/*
-+ * The Alpha uses getxpid, getxuid, and getxgid instead.
-+ */
+
-+asmlinkage long do_getxpid(long *ppid)
-+{
-+ *ppid = sys_getppid();
-+ return sys_getpid();
- }
-
-+#else /* _alpha_ */
++obj-y += vserver.o
+
- SYSCALL_DEFINE0(getuid)
- {
- /* Only we change this so SMP safe */
-diff -NurpP --minimal linux-2.6.35.4/kernel/user_namespace.c linux-2.6.35.4-vs2.3.0.36.32/kernel/user_namespace.c
---- linux-2.6.35.4/kernel/user_namespace.c 2010-08-02 16:52:58.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/kernel/user_namespace.c 2010-08-02 17:05:06.000000000 +0200
-@@ -10,6 +10,7 @@
- #include <linux/slab.h>
- #include <linux/user_namespace.h>
- #include <linux/cred.h>
-+#include <linux/vserver/global.h>
-
- /*
- * Create a new user namespace, deriving the creator from the user in the
-@@ -30,6 +31,7 @@ int create_user_ns(struct cred *new)
- return -ENOMEM;
-
- kref_init(&ns->kref);
-+ atomic_inc(&vs_global_user_ns);
-
- for (n = 0; n < UIDHASH_SZ; ++n)
- INIT_HLIST_HEAD(ns->uidhash_table + n);
-@@ -78,6 +80,8 @@ void free_user_ns(struct kref *kref)
- struct user_namespace *ns =
- container_of(kref, struct user_namespace, kref);
-
-+ /* FIXME: maybe move into destroyer? */
-+ atomic_dec(&vs_global_user_ns);
- INIT_WORK(&ns->destroyer, free_user_ns_work);
- schedule_work(&ns->destroyer);
- }
-diff -NurpP --minimal linux-2.6.35.4/kernel/utsname.c linux-2.6.35.4-vs2.3.0.36.32/kernel/utsname.c
---- linux-2.6.35.4/kernel/utsname.c 2009-09-10 15:26:28.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/kernel/utsname.c 2010-08-02 17:05:06.000000000 +0200
-@@ -14,14 +14,17 @@
- #include <linux/utsname.h>
- #include <linux/err.h>
- #include <linux/slab.h>
-+#include <linux/vserver/global.h>
-
- static struct uts_namespace *create_uts_ns(void)
- {
- struct uts_namespace *uts_ns;
-
- uts_ns = kmalloc(sizeof(struct uts_namespace), GFP_KERNEL);
-- if (uts_ns)
-+ if (uts_ns) {
- kref_init(&uts_ns->kref);
-+ atomic_inc(&vs_global_uts_ns);
-+ }
- return uts_ns;
- }
-
-@@ -71,5 +74,6 @@ void free_uts_ns(struct kref *kref)
- struct uts_namespace *ns;
-
- ns = container_of(kref, struct uts_namespace, kref);
-+ atomic_dec(&vs_global_uts_ns);
- kfree(ns);
- }
-diff -NurpP --minimal linux-2.6.35.4/kernel/vserver/cacct.c linux-2.6.35.4-vs2.3.0.36.32/kernel/vserver/cacct.c
---- linux-2.6.35.4/kernel/vserver/cacct.c 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/kernel/vserver/cacct.c 2010-08-02 17:05:06.000000000 +0200
++vserver-y := switch.o context.o space.o sched.o network.o inode.o \
++ limit.o cvirt.o cacct.o signal.o helper.o init.o \
++ dlimit.o tag.o
++
++vserver-$(CONFIG_INET) += inet.o
++vserver-$(CONFIG_PROC_FS) += proc.o
++vserver-$(CONFIG_VSERVER_DEBUG) += sysctl.o debug.o
++vserver-$(CONFIG_VSERVER_HISTORY) += history.o
++vserver-$(CONFIG_VSERVER_MONITOR) += monitor.o
++vserver-$(CONFIG_VSERVER_DEVICE) += device.o
++
+diff -NurpP --minimal linux-3.9.4/kernel/vserver/cacct.c linux-3.9.4-vs2.3.6.2/kernel/vserver/cacct.c
+--- linux-3.9.4/kernel/vserver/cacct.c 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/kernel/vserver/cacct.c 2013-05-31 14:47:11.000000000 +0000
@@ -0,0 +1,42 @@
+/*
+ * linux/kernel/vserver/cacct.c
+ return 0;
+}
+
-diff -NurpP --minimal linux-2.6.35.4/kernel/vserver/cacct_init.h linux-2.6.35.4-vs2.3.0.36.32/kernel/vserver/cacct_init.h
---- linux-2.6.35.4/kernel/vserver/cacct_init.h 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/kernel/vserver/cacct_init.h 2010-08-02 17:05:06.000000000 +0200
+diff -NurpP --minimal linux-3.9.4/kernel/vserver/cacct_init.h linux-3.9.4-vs2.3.6.2/kernel/vserver/cacct_init.h
+--- linux-3.9.4/kernel/vserver/cacct_init.h 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/kernel/vserver/cacct_init.h 2013-05-31 14:47:11.000000000 +0000
@@ -0,0 +1,25 @@
+
+
+ return;
+}
+
-diff -NurpP --minimal linux-2.6.35.4/kernel/vserver/cacct_proc.h linux-2.6.35.4-vs2.3.0.36.32/kernel/vserver/cacct_proc.h
---- linux-2.6.35.4/kernel/vserver/cacct_proc.h 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/kernel/vserver/cacct_proc.h 2010-08-02 17:05:06.000000000 +0200
+diff -NurpP --minimal linux-3.9.4/kernel/vserver/cacct_proc.h linux-3.9.4-vs2.3.6.2/kernel/vserver/cacct_proc.h
+--- linux-3.9.4/kernel/vserver/cacct_proc.h 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/kernel/vserver/cacct_proc.h 2013-05-31 14:47:11.000000000 +0000
@@ -0,0 +1,53 @@
+#ifndef _VX_CACCT_PROC_H
+#define _VX_CACCT_PROC_H
+}
+
+#endif /* _VX_CACCT_PROC_H */
-diff -NurpP --minimal linux-2.6.35.4/kernel/vserver/context.c linux-2.6.35.4-vs2.3.0.36.32/kernel/vserver/context.c
---- linux-2.6.35.4/kernel/vserver/context.c 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/kernel/vserver/context.c 2010-08-02 17:05:06.000000000 +0200
-@@ -0,0 +1,1058 @@
+diff -NurpP --minimal linux-3.9.4/kernel/vserver/context.c linux-3.9.4-vs2.3.6.2/kernel/vserver/context.c
+--- linux-3.9.4/kernel/vserver/context.c 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/kernel/vserver/context.c 2013-05-31 19:34:32.000000000 +0000
+@@ -0,0 +1,1119 @@
+/*
+ * linux/kernel/vserver/context.c
+ *
+ * Virtual Server: Context Support
+ *
-+ * Copyright (C) 2003-2007 Herbert Pötzl
++ * Copyright (C) 2003-2011 Herbert Pötzl
+ *
+ * V0.01 context helper
+ * V0.02 vx_ctx_kill syscall command
+ * V0.15 added context stat
+ * V0.16 have __create claim() the vxi
+ * V0.17 removed older and legacy stuff
++ * V0.18 added user credentials
++ * V0.19 added warn mask
+ *
+ */
+
+#include <linux/types.h>
+#include <linux/security.h>
+#include <linux/pid_namespace.h>
++#include <linux/capability.h>
+
+#include <linux/vserver/context.h>
+#include <linux/vserver/network.h>
+#include <linux/vserver/space.h>
+#include <linux/init_task.h>
+#include <linux/fs_struct.h>
++#include <linux/cred.h>
+
+#include <linux/vs_context.h>
+#include <linux/vs_limit.h>
+
+static struct hlist_head vx_info_inactive = HLIST_HEAD_INIT;
+
-+static spinlock_t vx_info_inactive_lock = SPIN_LOCK_UNLOCKED;
++static DEFINE_SPINLOCK(vx_info_inactive_lock);
+
+
+/* __alloc_vx_info()
+ }
+
+ new->vx_flags = VXF_INIT_SET;
-+ cap_set_init_eff(new->vx_bcaps);
++ new->vx_bcaps = CAP_FULL_SET; // maybe ~CAP_SETPCAP
+ new->vx_ccaps = 0;
+ new->vx_umask = 0;
++ new->vx_wmask = 0;
+
+ new->reboot_cmd = 0;
+ new->exit_code = 0;
+
-+ // preconfig fs entries
++ // preconfig spaces
+ for (index = 0; index < VX_SPACES; index++) {
-+ write_lock(&init_fs.lock);
++ struct _vx_space *space = &new->space[index];
++
++ // filesystem
++ spin_lock(&init_fs.lock);
+ init_fs.users++;
-+ write_unlock(&init_fs.lock);
-+ new->vx_fs[index] = &init_fs;
++ spin_unlock(&init_fs.lock);
++ space->vx_fs = &init_fs;
++
++ /* FIXME: do we want defaults? */
++ // space->vx_real_cred = 0;
++ // space->vx_cred = 0;
+ }
+
++
+ vxdprintk(VXD_CBIT(xid, 0),
+ "alloc_vx_info(%d) = %p", xid, new);
+ vxh_alloc_vx_info(new);
+{
+ struct nsproxy *nsproxy;
+ struct fs_struct *fs;
++ struct cred *cred;
+ int index, kill;
+
+ might_sleep();
+ vs_state_change(vxi, VSC_SHUTDOWN);
+
+ for (index = 0; index < VX_SPACES; index++) {
-+ nsproxy = xchg(&vxi->vx_nsproxy[index], NULL);
++ struct _vx_space *space = &vxi->space[index];
++
++ nsproxy = xchg(&space->vx_nsproxy, NULL);
+ if (nsproxy)
+ put_nsproxy(nsproxy);
+
-+ fs = xchg(&vxi->vx_fs[index], NULL);
-+ write_lock(&fs->lock);
++ fs = xchg(&space->vx_fs, NULL);
++ spin_lock(&fs->lock);
+ kill = !--fs->users;
-+ write_unlock(&fs->lock);
++ spin_unlock(&fs->lock);
+ if (kill)
+ free_fs_struct(fs);
++
++ cred = (struct cred *)xchg(&space->vx_cred, NULL);
++ if (cred)
++ abort_creds(cred);
+ }
+}
+
+ /* context shutdown is mandatory */
+ BUG_ON(!vx_info_state(vxi, VXS_SHUTDOWN));
+
-+ /* nsproxy and fs check */
++ /* spaces check */
+ for (index = 0; index < VX_SPACES; index++) {
-+ BUG_ON(vxi->vx_nsproxy[index]);
-+ BUG_ON(vxi->vx_fs[index]);
++ struct _vx_space *space = &vxi->space[index];
++
++ BUG_ON(space->vx_nsproxy);
++ BUG_ON(space->vx_fs);
++ // BUG_ON(space->vx_real_cred);
++ // BUG_ON(space->vx_cred);
+ }
+
+ spin_lock_irqsave(&vx_info_inactive_lock, flags);
+static struct hlist_head vx_info_hash[VX_HASH_SIZE] =
+ { [0 ... VX_HASH_SIZE-1] = HLIST_HEAD_INIT };
+
-+static spinlock_t vx_info_hash_lock = SPIN_LOCK_UNLOCKED;
++static DEFINE_SPINLOCK(vx_info_hash_lock);
+
+
+static inline unsigned int __hashval(xid_t xid)
+
+void unhash_vx_info(struct vx_info *vxi)
+{
-+ __shutdown_vx_info(vxi);
+ spin_lock(&vx_info_hash_lock);
+ __unhash_vx_info(vxi);
+ spin_unlock(&vx_info_hash_lock);
++ __shutdown_vx_info(vxi);
+ __wakeup_vx_info(vxi);
+}
+
+ /* no rcu_read_lock() because of spin_lock() */
+ spin_lock(&files->file_lock);
+ fdt = files_fdtable(files);
-+ bptr = fdt->open_fds->fds_bits;
++ bptr = fdt->open_fds;
+ count = fdt->max_fds / (sizeof(unsigned long) * 8);
+ for (total = 0; count > 0; count--) {
+ if (*bptr)
+
+ ret = unshare_nsproxy_namespaces(
+ CLONE_NEWUTS | CLONE_NEWIPC | CLONE_NEWUSER,
-+ &new_nsp, NULL);
++ &new_nsp, NULL, NULL);
+ if (ret)
+ goto out;
+
+int vx_set_reaper(struct vx_info *vxi, struct task_struct *p)
+{
+ struct task_struct *old_reaper;
++ struct vx_info *reaper_vxi;
+
+ if (!vxi)
+ return -EINVAL;
+ if (old_reaper == p)
+ return 0;
+
++ reaper_vxi = task_get_vx_info(p);
++ if (reaper_vxi && reaper_vxi != vxi) {
++ vxwprintk(1,
++ "Unsuitable reaper [" VS_Q("%s") ",%u:#%u] "
++ "for [xid #%u]",
++ p->comm, p->pid, p->xid, vx_current_xid());
++ goto out;
++ }
++
+ /* set new child reaper */
+ get_task_struct(p);
+ vxi->vx_reaper = p;
+ put_task_struct(old_reaper);
++out:
++ put_vx_info(reaper_vxi);
+ return 0;
+}
+
+ if (id) {
+ struct task_struct *tsk;
+
-+ read_lock(&tasklist_lock);
++ rcu_read_lock();
+ tsk = find_task_by_real_pid(id);
+ xid = (tsk) ? tsk->xid : -ESRCH;
-+ read_unlock(&tasklist_lock);
++ rcu_read_unlock();
+ } else
+ xid = vx_current_xid();
+ return xid;
+}
+
+
++int vc_get_wmask(struct vx_info *vxi, void __user *data)
++{
++ struct vcmd_wmask vc_data;
++
++ vc_data.wmask = vxi->vx_wmask;
++ vc_data.mask = ~0ULL;
++
++ if (copy_to_user(data, &vc_data, sizeof(vc_data)))
++ return -EFAULT;
++ return 0;
++}
++
++int vc_set_wmask(struct vx_info *vxi, void __user *data)
++{
++ struct vcmd_wmask vc_data;
++
++ if (copy_from_user(&vc_data, data, sizeof(vc_data)))
++ return -EFAULT;
++
++ vxi->vx_wmask = vs_mask_flags(vxi->vx_wmask,
++ vc_data.wmask, vc_data.mask);
++ return 0;
++}
++
++
+int vc_get_badness(struct vx_info *vxi, void __user *data)
+{
+ struct vcmd_badness_v0 vc_data;
+
+EXPORT_SYMBOL_GPL(free_vx_info);
+
-diff -NurpP --minimal linux-2.6.35.4/kernel/vserver/cvirt.c linux-2.6.35.4-vs2.3.0.36.32/kernel/vserver/cvirt.c
---- linux-2.6.35.4/kernel/vserver/cvirt.c 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/kernel/vserver/cvirt.c 2010-08-02 17:05:06.000000000 +0200
-@@ -0,0 +1,304 @@
+diff -NurpP --minimal linux-3.9.4/kernel/vserver/cvirt.c linux-3.9.4-vs2.3.6.2/kernel/vserver/cvirt.c
+--- linux-3.9.4/kernel/vserver/cvirt.c 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/kernel/vserver/cvirt.c 2013-05-31 14:47:11.000000000 +0000
+@@ -0,0 +1,313 @@
+/*
+ * linux/kernel/vserver/cvirt.c
+ *
+#include <asm/uaccess.h>
+
+
++void vx_vsi_boottime(struct timespec *boottime)
++{
++ struct vx_info *vxi = current_vx_info();
++
++ set_normalized_timespec(boottime,
++ boottime->tv_sec + vxi->cvirt.bias_uptime.tv_sec,
++ boottime->tv_nsec + vxi->cvirt.bias_uptime.tv_nsec);
++ return;
++}
++
+void vx_vsi_uptime(struct timespec *uptime, struct timespec *idle)
+{
+ struct vx_info *vxi = current_vx_info();
+ if (id == VHIN_CONTEXT)
+ return vxi->vx_name;
+
-+ nsproxy = vxi->vx_nsproxy[0];
++ nsproxy = vxi->space[0].vx_nsproxy;
+ if (!nsproxy)
+ return NULL;
+
+ uptime.tv_sec - cvirt->bias_uptime.tv_sec,
+ uptime.tv_nsec - cvirt->bias_uptime.tv_nsec);
+
-+ vc_data.offset = timeval_to_ns(&cvirt->bias_tv);
++ vc_data.offset = timespec_to_ns(&cvirt->bias_ts);
+ vc_data.uptime = timespec_to_ns(&uptime);
+ vc_data.nr_threads = atomic_read(&cvirt->nr_threads);
+ vc_data.nr_running = atomic_read(&cvirt->nr_running);
+
+/* virtualized time base */
+
-+void vx_gettimeofday(struct timeval *tv)
++void vx_adjust_timespec(struct timespec *ts)
+{
+ struct vx_info *vxi;
+
-+ do_gettimeofday(tv);
+ if (!vx_flags(VXF_VIRT_TIME, 0))
+ return;
+
+ vxi = current_vx_info();
-+ tv->tv_sec += vxi->cvirt.bias_tv.tv_sec;
-+ tv->tv_usec += vxi->cvirt.bias_tv.tv_usec;
-+
-+ if (tv->tv_usec >= USEC_PER_SEC) {
-+ tv->tv_sec++;
-+ tv->tv_usec -= USEC_PER_SEC;
-+ } else if (tv->tv_usec < 0) {
-+ tv->tv_sec--;
-+ tv->tv_usec += USEC_PER_SEC;
++ ts->tv_sec += vxi->cvirt.bias_ts.tv_sec;
++ ts->tv_nsec += vxi->cvirt.bias_ts.tv_nsec;
++
++ if (ts->tv_nsec >= NSEC_PER_SEC) {
++ ts->tv_sec++;
++ ts->tv_nsec -= NSEC_PER_SEC;
++ } else if (ts->tv_nsec < 0) {
++ ts->tv_sec--;
++ ts->tv_nsec += NSEC_PER_SEC;
+ }
+}
+
-+int vx_settimeofday(struct timespec *ts)
++int vx_settimeofday(const struct timespec *ts)
+{
-+ struct timeval tv;
++ struct timespec ats, delta;
+ struct vx_info *vxi;
+
+ if (!vx_flags(VXF_VIRT_TIME, 0))
+ return do_settimeofday(ts);
+
-+ do_gettimeofday(&tv);
++ getnstimeofday(&ats);
++ delta = timespec_sub(*ts, ats);
++
+ vxi = current_vx_info();
-+ vxi->cvirt.bias_tv.tv_sec = ts->tv_sec - tv.tv_sec;
-+ vxi->cvirt.bias_tv.tv_usec =
-+ (ts->tv_nsec/NSEC_PER_USEC) - tv.tv_usec;
++ vxi->cvirt.bias_ts = timespec_add(vxi->cvirt.bias_ts, delta);
+ return 0;
+}
+
+#endif
+
-diff -NurpP --minimal linux-2.6.35.4/kernel/vserver/cvirt_init.h linux-2.6.35.4-vs2.3.0.36.32/kernel/vserver/cvirt_init.h
---- linux-2.6.35.4/kernel/vserver/cvirt_init.h 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/kernel/vserver/cvirt_init.h 2010-08-02 17:05:06.000000000 +0200
-@@ -0,0 +1,69 @@
+diff -NurpP --minimal linux-3.9.4/kernel/vserver/cvirt_init.h linux-3.9.4-vs2.3.6.2/kernel/vserver/cvirt_init.h
+--- linux-3.9.4/kernel/vserver/cvirt_init.h 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/kernel/vserver/cvirt_init.h 2013-05-31 14:47:11.000000000 +0000
+@@ -0,0 +1,70 @@
+
+
+extern uint64_t vx_idle_jiffies(void);
+ nsuptime = (unsigned long long)cvirt->bias_uptime.tv_sec
+ * NSEC_PER_SEC + cvirt->bias_uptime.tv_nsec;
+ cvirt->bias_clock = nsec_to_clock_t(nsuptime);
-+ cvirt->bias_tv.tv_sec = 0;
-+ cvirt->bias_tv.tv_usec = 0;
++ cvirt->bias_ts.tv_sec = 0;
++ cvirt->bias_ts.tv_nsec = 0;
+
+ jiffies_to_timespec(idle_jiffies, &cvirt->bias_idle);
+ atomic_set(&cvirt->nr_threads, 0);
+
+static inline void vx_info_exit_cvirt(struct _vx_cvirt *cvirt)
+{
++#ifdef CONFIG_VSERVER_WARN
+ int value;
-+
++#endif
+ vxwprintk_xid((value = atomic_read(&cvirt->nr_threads)),
+ "!!! cvirt: %p[nr_threads] = %d on exit.",
+ cvirt, value);
+ return;
+}
+
-diff -NurpP --minimal linux-2.6.35.4/kernel/vserver/cvirt_proc.h linux-2.6.35.4-vs2.3.0.36.32/kernel/vserver/cvirt_proc.h
---- linux-2.6.35.4/kernel/vserver/cvirt_proc.h 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/kernel/vserver/cvirt_proc.h 2010-08-02 17:05:06.000000000 +0200
-@@ -0,0 +1,135 @@
+diff -NurpP --minimal linux-3.9.4/kernel/vserver/cvirt_proc.h linux-3.9.4-vs2.3.6.2/kernel/vserver/cvirt_proc.h
+--- linux-3.9.4/kernel/vserver/cvirt_proc.h 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/kernel/vserver/cvirt_proc.h 2013-05-31 19:38:26.000000000 +0000
+@@ -0,0 +1,123 @@
+#ifndef _VX_CVIRT_PROC_H
+#define _VX_CVIRT_PROC_H
+
+#include <linux/utsname.h>
+#include <linux/ipc.h>
+
++extern int vx_info_mnt_namespace(struct mnt_namespace *, char *);
+
+static inline
+int vx_info_proc_nsproxy(struct nsproxy *nsproxy, char *buffer)
+{
+ struct mnt_namespace *ns;
+ struct uts_namespace *uts;
-+ struct ipc_namespace *ipc;
-+ struct path path;
-+ char *pstr, *root;
++ struct ipc_namespace *ipc;
+ int length = 0;
+
+ if (!nsproxy)
+ if (!ns)
+ goto skip_ns;
+
-+ pstr = kmalloc(PATH_MAX, GFP_KERNEL);
-+ if (!pstr)
-+ goto skip_ns;
++ length += vx_info_mnt_namespace(ns, buffer + length);
+
-+ path.mnt = ns->root;
-+ path.dentry = ns->root->mnt_root;
-+ root = d_path(&path, pstr, PATH_MAX - 2);
-+ length += sprintf(buffer + length,
-+ "Namespace:\t%p [#%u]\n"
-+ "RootPath:\t%s\n",
-+ ns, atomic_read(&ns->count),
-+ root);
-+ kfree(pstr);
+skip_ns:
+
+ uts = nsproxy->uts_ns;
+ length += sprintf(buffer + length,
+ "SEMS:\t\t%d %d %d %d %d\n"
+ "MSG:\t\t%d %d %d\n"
-+ "SHM:\t\t%lu %lu %d %d\n",
++ "SHM:\t\t%lu %lu %d %ld\n",
+ ipc->sem_ctls[0], ipc->sem_ctls[1],
+ ipc->sem_ctls[2], ipc->sem_ctls[3],
+ ipc->used_sems,
+}
+
+#endif /* _VX_CVIRT_PROC_H */
-diff -NurpP --minimal linux-2.6.35.4/kernel/vserver/debug.c linux-2.6.35.4-vs2.3.0.36.32/kernel/vserver/debug.c
---- linux-2.6.35.4/kernel/vserver/debug.c 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/kernel/vserver/debug.c 2010-08-02 17:05:06.000000000 +0200
+diff -NurpP --minimal linux-3.9.4/kernel/vserver/debug.c linux-3.9.4-vs2.3.6.2/kernel/vserver/debug.c
+--- linux-3.9.4/kernel/vserver/debug.c 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/kernel/vserver/debug.c 2013-05-31 14:47:11.000000000 +0000
@@ -0,0 +1,32 @@
+/*
+ * kernel/vserver/debug.c
+
+EXPORT_SYMBOL_GPL(dump_vx_info);
+
-diff -NurpP --minimal linux-2.6.35.4/kernel/vserver/device.c linux-2.6.35.4-vs2.3.0.36.32/kernel/vserver/device.c
---- linux-2.6.35.4/kernel/vserver/device.c 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/kernel/vserver/device.c 2010-08-02 17:05:06.000000000 +0200
+diff -NurpP --minimal linux-3.9.4/kernel/vserver/device.c linux-3.9.4-vs2.3.6.2/kernel/vserver/device.c
+--- linux-3.9.4/kernel/vserver/device.c 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/kernel/vserver/device.c 2013-05-31 14:47:11.000000000 +0000
@@ -0,0 +1,443 @@
+/*
+ * linux/kernel/vserver/device.c
+
+static struct hlist_head dmap_main_hash[1 << DMAP_HASH_BITS];
+
-+static spinlock_t dmap_main_hash_lock = SPIN_LOCK_UNLOCKED;
++static DEFINE_SPINLOCK(dmap_main_hash_lock);
+
+static struct vx_dmap_target dmap_defaults[2] = {
+ { .flags = DATTR_OPEN },
+#endif /* CONFIG_COMPAT */
+
+
-diff -NurpP --minimal linux-2.6.35.4/kernel/vserver/dlimit.c linux-2.6.35.4-vs2.3.0.36.32/kernel/vserver/dlimit.c
---- linux-2.6.35.4/kernel/vserver/dlimit.c 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/kernel/vserver/dlimit.c 2010-08-02 17:05:06.000000000 +0200
-@@ -0,0 +1,531 @@
+diff -NurpP --minimal linux-3.9.4/kernel/vserver/dlimit.c linux-3.9.4-vs2.3.6.2/kernel/vserver/dlimit.c
+--- linux-3.9.4/kernel/vserver/dlimit.c 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/kernel/vserver/dlimit.c 2013-05-31 19:37:39.000000000 +0000
+@@ -0,0 +1,528 @@
+/*
+ * linux/kernel/vserver/dlimit.c
+ *
+ memset(new, 0, sizeof(struct dl_info));
+ new->dl_tag = tag;
+ new->dl_sb = sb;
-+ INIT_RCU_HEAD(&new->dl_rcu);
++ // INIT_RCU_HEAD(&new->dl_rcu);
+ INIT_HLIST_NODE(&new->dl_hlist);
+ spin_lock_init(&new->dl_lock);
+ atomic_set(&new->dl_refcnt, 0);
+
+struct hlist_head dl_info_hash[DL_HASH_SIZE];
+
-+static spinlock_t dl_info_hash_lock = SPIN_LOCK_UNLOCKED;
++static DEFINE_SPINLOCK(dl_info_hash_lock);
+
+
+static inline unsigned int __hashval(struct super_block *sb, tag_t tag)
+static inline struct dl_info *__lookup_dl_info(struct super_block *sb, tag_t tag)
+{
+ struct hlist_head *head = &dl_info_hash[__hashval(sb, tag)];
-+ struct hlist_node *pos;
+ struct dl_info *dli;
+
-+ hlist_for_each_entry_rcu(dli, pos, head, dl_hlist) {
-+
-+ if (dli->dl_tag == tag && dli->dl_sb == sb) {
++ hlist_for_each_entry_rcu(dli, head, dl_hlist) {
++ if (dli->dl_tag == tag && dli->dl_sb == sb)
+ return dli;
-+ }
+ }
+ return NULL;
+}
+EXPORT_SYMBOL_GPL(locate_dl_info);
+EXPORT_SYMBOL_GPL(rcu_free_dl_info);
+
-diff -NurpP --minimal linux-2.6.35.4/kernel/vserver/helper.c linux-2.6.35.4-vs2.3.0.36.32/kernel/vserver/helper.c
---- linux-2.6.35.4/kernel/vserver/helper.c 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/kernel/vserver/helper.c 2010-08-02 17:05:06.000000000 +0200
-@@ -0,0 +1,223 @@
+diff -NurpP --minimal linux-3.9.4/kernel/vserver/helper.c linux-3.9.4-vs2.3.6.2/kernel/vserver/helper.c
+--- linux-3.9.4/kernel/vserver/helper.c 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/kernel/vserver/helper.c 2013-06-01 08:27:59.000000000 +0000
+@@ -0,0 +1,230 @@
+/*
+ * linux/kernel/vserver/helper.c
+ *
+
+char vshelper_path[255] = "/sbin/vshelper";
+
++static int vshelper_init(struct subprocess_info *info, struct cred *new_cred)
++{
++ current->flags &= ~PF_THREAD_BOUND;
++ return 0;
++}
+
+static int do_vshelper(char *name, char *argv[], char *envp[], int sync)
+{
+ int ret;
+
-+ if ((ret = call_usermodehelper(name, argv, envp, sync))) {
-+ printk( KERN_WARNING
-+ "%s: (%s %s) returned %s with %d\n",
++ if ((ret = call_usermodehelper_fns(name, argv, envp,
++ sync ? UMH_WAIT_PROC : UMH_WAIT_EXEC,
++ vshelper_init, NULL, NULL))) {
++ printk(KERN_WARNING "%s: (%s %s) returned %s with %d\n",
+ name, argv[1], argv[2],
+ sync ? "sync" : "async", ret);
+ }
+ return -EAGAIN;
+ vxi->vx_state |= VXS_HELPER;
+
-+ snprintf(id_buf, sizeof(id_buf)-1, "%d", vxi->vx_id);
++ snprintf(id_buf, sizeof(id_buf), "%d", vxi->vx_id);
+
-+ snprintf(cmd_buf, sizeof(cmd_buf)-1, "VS_CMD=%08x", cmd);
-+ snprintf(uid_buf, sizeof(uid_buf)-1, "VS_UID=%d", current_uid());
-+ snprintf(pid_buf, sizeof(pid_buf)-1, "VS_PID=%d", current->pid);
++ snprintf(cmd_buf, sizeof(cmd_buf), "VS_CMD=%08x", cmd);
++ snprintf(uid_buf, sizeof(uid_buf), "VS_UID=%d",
++ from_kuid(&init_user_ns, current_uid()));
++ snprintf(pid_buf, sizeof(pid_buf), "VS_PID=%d", current->pid);
+
+ switch (cmd) {
+ case LINUX_REBOOT_CMD_RESTART:
+ if (!vx_info_flags(vxi, VXF_SC_HELPER, 0))
+ return 0;
+
-+ snprintf(id_buf, sizeof(id_buf)-1, "%d", vxi->vx_id);
-+ snprintf(cmd_buf, sizeof(cmd_buf)-1, "VS_CMD=%08x", cmd);
++ snprintf(id_buf, sizeof(id_buf), "%d", vxi->vx_id);
++ snprintf(cmd_buf, sizeof(cmd_buf), "VS_CMD=%08x", cmd);
+
+ switch (cmd) {
+ case VSC_STARTUP:
+ if (!nx_info_flags(nxi, NXF_SC_HELPER, 0))
+ return 0;
+
-+ snprintf(id_buf, sizeof(id_buf)-1, "%d", nxi->nx_id);
-+ snprintf(cmd_buf, sizeof(cmd_buf)-1, "VS_CMD=%08x", cmd);
++ snprintf(id_buf, sizeof(id_buf), "%d", nxi->nx_id);
++ snprintf(cmd_buf, sizeof(cmd_buf), "VS_CMD=%08x", cmd);
+
+ switch (cmd) {
+ case VSC_NETUP:
+ return do_vshelper(vshelper_path, argv, envp, 1);
+}
+
-diff -NurpP --minimal linux-2.6.35.4/kernel/vserver/history.c linux-2.6.35.4-vs2.3.0.36.32/kernel/vserver/history.c
---- linux-2.6.35.4/kernel/vserver/history.c 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/kernel/vserver/history.c 2010-08-02 17:05:06.000000000 +0200
+diff -NurpP --minimal linux-3.9.4/kernel/vserver/history.c linux-3.9.4-vs2.3.6.2/kernel/vserver/history.c
+--- linux-3.9.4/kernel/vserver/history.c 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/kernel/vserver/history.c 2013-05-31 14:47:11.000000000 +0000
@@ -0,0 +1,258 @@
+/*
+ * kernel/vserver/history.c
+
+#endif /* CONFIG_COMPAT */
+
-diff -NurpP --minimal linux-2.6.35.4/kernel/vserver/inet.c linux-2.6.35.4-vs2.3.0.36.32/kernel/vserver/inet.c
---- linux-2.6.35.4/kernel/vserver/inet.c 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/kernel/vserver/inet.c 2010-08-02 18:54:03.000000000 +0200
-@@ -0,0 +1,224 @@
+diff -NurpP --minimal linux-3.9.4/kernel/vserver/inet.c linux-3.9.4-vs2.3.6.2/kernel/vserver/inet.c
+--- linux-3.9.4/kernel/vserver/inet.c 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/kernel/vserver/inet.c 2013-05-31 22:43:05.000000000 +0000
+@@ -0,0 +1,236 @@
+
+#include <linux/in.h>
+#include <linux/inetdevice.h>
++#include <linux/export.h>
+#include <linux/vs_inet.h>
+#include <linux/vs_inet6.h>
+#include <linux/vserver/debug.h>
+ ret = 1;
+ else {
+ struct nx_addr_v4 *ptr;
++ unsigned long irqflags;
+
++ spin_lock_irqsave(&nxi1->addr_lock, irqflags);
+ for (ptr = &nxi1->v4; ptr; ptr = ptr->next) {
+ if (v4_nx_addr_in_nx_info(nxi2, ptr, -1)) {
+ ret = 1;
+ break;
+ }
+ }
++ spin_unlock_irqrestore(&nxi1->addr_lock, irqflags);
+ }
+
+ vxdprintk(VXD_CBIT(net, 2),
+ ret = 1;
+ else {
+ struct nx_addr_v6 *ptr;
++ unsigned long irqflags;
+
++ spin_lock_irqsave(&nxi1->addr_lock, irqflags);
+ for (ptr = &nxi1->v6; ptr; ptr = ptr->next) {
+ if (v6_nx_addr_in_nx_info(nxi2, ptr, -1)) {
+ ret = 1;
+ break;
+ }
+ }
++ spin_unlock_irqrestore(&nxi1->addr_lock, irqflags);
+ }
+
+ vxdprintk(VXD_CBIT(net, 2),
+ return ret;
+}
+
-+int ip_v4_find_src(struct net *net, struct nx_info *nxi,
-+ struct rtable **rp, struct flowi *fl)
++struct rtable *ip_v4_find_src(struct net *net, struct nx_info *nxi,
++ struct flowi4 *fl4)
+{
++ struct rtable *rt;
++
+ if (!nxi)
-+ return 0;
++ return NULL;
+
+ /* FIXME: handle lback only case */
+ if (!NX_IPV4(nxi))
-+ return -EPERM;
++ return ERR_PTR(-EPERM);
+
+ vxdprintk(VXD_CBIT(net, 4),
+ "ip_v4_find_src(%p[#%u]) " NIPQUAD_FMT " -> " NIPQUAD_FMT,
+ nxi, nxi ? nxi->nx_id : 0,
-+ NIPQUAD(fl->fl4_src), NIPQUAD(fl->fl4_dst));
++ NIPQUAD(fl4->saddr), NIPQUAD(fl4->daddr));
+
+ /* single IP is unconditional */
+ if (nx_info_flags(nxi, NXF_SINGLE_IP, 0) &&
-+ (fl->fl4_src == INADDR_ANY))
-+ fl->fl4_src = nxi->v4.ip[0].s_addr;
++ (fl4->saddr == INADDR_ANY))
++ fl4->saddr = nxi->v4.ip[0].s_addr;
+
-+ if (fl->fl4_src == INADDR_ANY) {
++ if (fl4->saddr == INADDR_ANY) {
+ struct nx_addr_v4 *ptr;
+ __be32 found = 0;
-+ int err;
+
-+ err = __ip_route_output_key(net, rp, fl);
-+ if (!err) {
-+ found = (*rp)->rt_src;
-+ ip_rt_put(*rp);
++ rt = __ip_route_output_key(net, fl4);
++ if (!IS_ERR(rt)) {
++ found = fl4->saddr;
++ ip_rt_put(rt);
+ vxdprintk(VXD_CBIT(net, 4),
+ "ip_v4_find_src(%p[#%u]) rok[%u]: " NIPQUAD_FMT,
-+ nxi, nxi ? nxi->nx_id : 0, fl->oif, NIPQUAD(found));
++ nxi, nxi ? nxi->nx_id : 0, fl4->flowi4_oif, NIPQUAD(found));
+ if (v4_addr_in_nx_info(nxi, found, NXA_MASK_BIND))
+ goto found;
+ }
+
++ WARN_ON_ONCE(in_irq());
++ spin_lock_bh(&nxi->addr_lock);
+ for (ptr = &nxi->v4; ptr; ptr = ptr->next) {
+ __be32 primary = ptr->ip[0].s_addr;
+ __be32 mask = ptr->mask.s_addr;
+ if ((found & mask) != neta)
+ continue;
+
-+ fl->fl4_src = primary;
-+ err = __ip_route_output_key(net, rp, fl);
++ fl4->saddr = primary;
++ rt = __ip_route_output_key(net, fl4);
+ vxdprintk(VXD_CBIT(net, 4),
+ "ip_v4_find_src(%p[#%u]) rok[%u]: " NIPQUAD_FMT,
-+ nxi, nxi ? nxi->nx_id : 0, fl->oif, NIPQUAD(primary));
-+ if (!err) {
-+ found = (*rp)->rt_src;
-+ ip_rt_put(*rp);
++ nxi, nxi ? nxi->nx_id : 0, fl4->flowi4_oif, NIPQUAD(primary));
++ if (!IS_ERR(rt)) {
++ found = fl4->saddr;
++ ip_rt_put(rt);
+ if (found == primary)
-+ goto found;
++ goto found_unlock;
+ }
+ }
+ /* still no source ip? */
-+ found = ipv4_is_loopback(fl->fl4_dst)
++ found = ipv4_is_loopback(fl4->daddr)
+ ? IPI_LOOPBACK : nxi->v4.ip[0].s_addr;
++ found_unlock:
++ spin_unlock_bh(&nxi->addr_lock);
+ found:
+ /* assign src ip to flow */
-+ fl->fl4_src = found;
++ fl4->saddr = found;
+
+ } else {
-+ if (!v4_addr_in_nx_info(nxi, fl->fl4_src, NXA_MASK_BIND))
-+ return -EPERM;
++ if (!v4_addr_in_nx_info(nxi, fl4->saddr, NXA_MASK_BIND))
++ return ERR_PTR(-EPERM);
+ }
+
+ if (nx_info_flags(nxi, NXF_LBACK_REMAP, 0)) {
-+ if (ipv4_is_loopback(fl->fl4_dst))
-+ fl->fl4_dst = nxi->v4_lback.s_addr;
-+ if (ipv4_is_loopback(fl->fl4_src))
-+ fl->fl4_src = nxi->v4_lback.s_addr;
-+ } else if (ipv4_is_loopback(fl->fl4_dst) &&
++ if (ipv4_is_loopback(fl4->daddr))
++ fl4->daddr = nxi->v4_lback.s_addr;
++ if (ipv4_is_loopback(fl4->saddr))
++ fl4->saddr = nxi->v4_lback.s_addr;
++ } else if (ipv4_is_loopback(fl4->daddr) &&
+ !nx_info_flags(nxi, NXF_LBACK_ALLOW, 0))
-+ return -EPERM;
++ return ERR_PTR(-EPERM);
+
-+ return 0;
++ return NULL;
+}
+
+EXPORT_SYMBOL_GPL(ip_v4_find_src);
+
-diff -NurpP --minimal linux-2.6.35.4/kernel/vserver/init.c linux-2.6.35.4-vs2.3.0.36.32/kernel/vserver/init.c
---- linux-2.6.35.4/kernel/vserver/init.c 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/kernel/vserver/init.c 2010-08-02 17:05:06.000000000 +0200
+diff -NurpP --minimal linux-3.9.4/kernel/vserver/init.c linux-3.9.4-vs2.3.6.2/kernel/vserver/init.c
+--- linux-3.9.4/kernel/vserver/init.c 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/kernel/vserver/init.c 2013-05-31 14:47:11.000000000 +0000
@@ -0,0 +1,45 @@
+/*
+ * linux/kernel/init.c
+module_init(init_vserver);
+module_exit(exit_vserver);
+
-diff -NurpP --minimal linux-2.6.35.4/kernel/vserver/inode.c linux-2.6.35.4-vs2.3.0.36.32/kernel/vserver/inode.c
---- linux-2.6.35.4/kernel/vserver/inode.c 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/kernel/vserver/inode.c 2010-08-02 17:05:06.000000000 +0200
-@@ -0,0 +1,433 @@
+diff -NurpP --minimal linux-3.9.4/kernel/vserver/inode.c linux-3.9.4-vs2.3.6.2/kernel/vserver/inode.c
+--- linux-3.9.4/kernel/vserver/inode.c 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/kernel/vserver/inode.c 2013-06-01 08:26:06.000000000 +0000
+@@ -0,0 +1,437 @@
+/*
+ * linux/kernel/vserver/inode.c
+ *
+ *mask |= IATTR_BARRIER;
+
+ if (IS_TAGGED(in)) {
-+ *tag = in->i_tag;
++ *tag = i_tag_read(in);
+ *mask |= IATTR_TAG;
+ }
+
+ break;
+
+ case DEVPTS_SUPER_MAGIC:
-+ *tag = in->i_tag;
++ *tag = i_tag_read(in);
+ *mask |= IATTR_TAG;
+ break;
+
+
+ mutex_lock(&in->i_mutex);
+ if (*mask & IATTR_TAG) {
-+ attr.ia_tag = *tag;
++ attr.ia_tag = make_ktag(&init_user_ns, *tag);
+ attr.ia_valid |= ATTR_TAG;
+ }
+
+ error = in->i_op->setattr(de, &attr);
+ else {
+ error = inode_change_ok(in, &attr);
-+ if (!error)
-+ error = inode_setattr(in, &attr);
++ if (!error) {
++ setattr_copy(in, &attr);
++ mark_inode_dirty(in);
++ }
+ }
+ }
+
+{
+ int set = 0;
+ substring_t args[MAX_OPT_ARGS];
-+ int token, option = 0;
++ int token;
+ char *s, *p, *opts;
++#if defined(CONFIG_PROPAGATE) || defined(CONFIG_VSERVER_DEBUG)
++ int option = 0;
++#endif
+
+ if (!string)
+ return 0;
+ while ((p = strsep(&opts, ",")) != NULL) {
+ token = match_token(p, tokens, args);
+
-+ vxdprintk(VXD_CBIT(tag, 7),
-+ "dx_parse_tag(»%s«): %d:#%d",
-+ p, token, option);
-+
+ switch (token) {
+#ifdef CONFIG_PROPAGATE
+ case Opt_tag:
+ *mnt_flags |= MNT_TAGID;
+ set |= MNT_TAGID;
+ break;
-+#endif
++#endif /* CONFIG_PROPAGATE */
+ case Opt_notagcheck:
+ if (remove)
+ __dx_parse_remove(s, "notagcheck");
+ set |= MS_NOTAGCHECK;
+ break;
+ }
++ vxdprintk(VXD_CBIT(tag, 7),
++ "dx_parse_tag(" VS_Q("%s") "): %d:#%d",
++ p, token, option);
+ }
+ if (set)
+ strcpy(string, s);
+ new_tag, (propagate) ? 1 : 0);
+
+ if (propagate)
-+ inode->i_tag = new_tag;
++ i_tag_write(inode, new_tag);
+}
+
+#include <linux/module.h>
+
+#endif /* CONFIG_PROPAGATE */
+
-diff -NurpP --minimal linux-2.6.35.4/kernel/vserver/Kconfig linux-2.6.35.4-vs2.3.0.36.32/kernel/vserver/Kconfig
---- linux-2.6.35.4/kernel/vserver/Kconfig 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/kernel/vserver/Kconfig 2010-08-02 17:05:06.000000000 +0200
-@@ -0,0 +1,260 @@
-+#
-+# Linux VServer configuration
-+#
-+
-+menu "Linux VServer"
-+
-+config VSERVER_AUTO_LBACK
-+ bool "Automatically Assign Loopback IP"
-+ default y
-+ help
-+ Automatically assign a guest specific loopback
-+ IP and add it to the kernel network stack on
-+ startup.
-+
-+config VSERVER_AUTO_SINGLE
-+ bool "Automatic Single IP Special Casing"
-+ depends on EXPERIMENTAL
-+ default y
-+ help
-+ This allows network contexts with a single IP to
-+ automatically remap 0.0.0.0 bindings to that IP,
-+ avoiding further network checks and improving
-+ performance.
-+
-+ (note: such guests do not allow to change the ip
-+ on the fly and do not show loopback addresses)
-+
-+config VSERVER_COWBL
-+ bool "Enable COW Immutable Link Breaking"
-+ default y
-+ help
-+ This enables the COW (Copy-On-Write) link break code.
-+ It allows you to treat unified files like normal files
-+ when writing to them (which will implicitely break the
-+ link and create a copy of the unified file)
-+
-+config VSERVER_VTIME
-+ bool "Enable Virtualized Guest Time"
-+ depends on EXPERIMENTAL
-+ default n
-+ help
-+ This enables per guest time offsets to allow for
-+ adjusting the system clock individually per guest.
-+ this adds some overhead to the time functions and
-+ therefore should not be enabled without good reason.
-+
-+config VSERVER_DEVICE
-+ bool "Enable Guest Device Mapping"
-+ depends on EXPERIMENTAL
-+ default n
-+ help
-+ This enables generic device remapping.
-+
-+config VSERVER_PROC_SECURE
-+ bool "Enable Proc Security"
-+ depends on PROC_FS
-+ default y
-+ help
-+ This configures ProcFS security to initially hide
-+ non-process entries for all contexts except the main and
-+ spectator context (i.e. for all guests), which is a secure
-+ default.
-+
-+ (note: on 1.2x the entries were visible by default)
-+
-+config VSERVER_HARDCPU
-+ bool "Enable Hard CPU Limits"
-+ default y
-+ help
-+ Activate the Hard CPU Limits
-+
-+ This will compile in code that allows the Token Bucket
-+ Scheduler to put processes on hold when a context's
-+ tokens are depleted (provided that its per-context
-+ sched_hard flag is set).
-+
-+ Processes belonging to that context will not be able
-+ to consume CPU resources again until a per-context
-+ configured minimum of tokens has been reached.
-+
-+config VSERVER_IDLETIME
-+ bool "Avoid idle CPUs by skipping Time"
-+ depends on VSERVER_HARDCPU
-+ default y
-+ help
-+ This option allows the scheduler to artificially
-+ advance time (per cpu) when otherwise the idle
-+ task would be scheduled, thus keeping the cpu
-+ busy and sharing the available resources among
-+ certain contexts.
-+
-+config VSERVER_IDLELIMIT
-+ bool "Limit the IDLE task"
-+ depends on VSERVER_HARDCPU
-+ default n
-+ help
-+ Limit the idle slices, so the the next context
-+ will be scheduled as soon as possible.
-+
-+ This might improve interactivity and latency, but
-+ will also marginally increase scheduling overhead.
-+
-+choice
-+ prompt "Persistent Inode Tagging"
-+ default TAGGING_ID24
-+ help
-+ This adds persistent context information to filesystems
-+ mounted with the tagxid option. Tagging is a requirement
-+ for per-context disk limits and per-context quota.
-+
-+
-+config TAGGING_NONE
-+ bool "Disabled"
-+ help
-+ do not store per-context information in inodes.
-+
-+config TAGGING_UID16
-+ bool "UID16/GID32"
-+ help
-+ reduces UID to 16 bit, but leaves GID at 32 bit.
-+
-+config TAGGING_GID16
-+ bool "UID32/GID16"
-+ help
-+ reduces GID to 16 bit, but leaves UID at 32 bit.
-+
-+config TAGGING_ID24
-+ bool "UID24/GID24"
-+ help
-+ uses the upper 8bit from UID and GID for XID tagging
-+ which leaves 24bit for UID/GID each, which should be
-+ more than sufficient for normal use.
-+
-+config TAGGING_INTERN
-+ bool "UID32/GID32"
-+ help
-+ this uses otherwise reserved inode fields in the on
-+ disk representation, which limits the use to a few
-+ filesystems (currently ext2 and ext3)
-+
-+endchoice
-+
-+config TAG_NFSD
-+ bool "Tag NFSD User Auth and Files"
-+ default n
-+ help
-+ Enable this if you do want the in-kernel NFS
-+ Server to use the tagging specified above.
-+ (will require patched clients too)
-+
-+config VSERVER_PRIVACY
-+ bool "Honor Privacy Aspects of Guests"
-+ default n
-+ help
-+ When enabled, most context checks will disallow
-+ access to structures assigned to a specific context,
-+ like ptys or loop devices.
-+
-+config VSERVER_CONTEXTS
-+ int "Maximum number of Contexts (1-65533)" if EMBEDDED
-+ range 1 65533
-+ default "768" if 64BIT
-+ default "256"
-+ help
-+ This setting will optimize certain data structures
-+ and memory allocations according to the expected
-+ maximum.
-+
-+ note: this is not a strict upper limit.
-+
-+config VSERVER_WARN
-+ bool "VServer Warnings"
-+ default y
-+ help
-+ This enables various runtime warnings, which will
-+ notify about potential manipulation attempts or
-+ resource shortage. It is generally considered to
-+ be a good idea to have that enabled.
-+
-+config VSERVER_DEBUG
-+ bool "VServer Debugging Code"
-+ default n
-+ help
-+ Set this to yes if you want to be able to activate
-+ debugging output at runtime. It adds a very small
-+ overhead to all vserver related functions and
-+ increases the kernel size by about 20k.
-+
-+config VSERVER_HISTORY
-+ bool "VServer History Tracing"
-+ depends on VSERVER_DEBUG
-+ default n
-+ help
-+ Set this to yes if you want to record the history of
-+ linux-vserver activities, so they can be replayed in
-+ the event of a kernel panic or oops.
-+
-+config VSERVER_HISTORY_SIZE
-+ int "Per-CPU History Size (32-65536)"
-+ depends on VSERVER_HISTORY
-+ range 32 65536
-+ default 64
-+ help
-+ This allows you to specify the number of entries in
-+ the per-CPU history buffer.
-+
-+config VSERVER_MONITOR
-+ bool "VServer Scheduling Monitor"
-+ depends on VSERVER_DISABLED
-+ default n
-+ help
-+ Set this to yes if you want to record the scheduling
-+ decisions, so that they can be relayed to userspace
-+ for detailed analysis.
-+
-+config VSERVER_MONITOR_SIZE
-+ int "Per-CPU Monitor Queue Size (32-65536)"
-+ depends on VSERVER_MONITOR
-+ range 32 65536
-+ default 1024
-+ help
-+ This allows you to specify the number of entries in
-+ the per-CPU scheduling monitor buffer.
-+
-+config VSERVER_MONITOR_SYNC
-+ int "Per-CPU Monitor Sync Interval (0-65536)"
-+ depends on VSERVER_MONITOR
-+ range 0 65536
-+ default 256
-+ help
-+ This allows you to specify the interval in ticks
-+ when a time sync entry is inserted.
-+
-+config VSERVER_LEGACY_MEM
-+ bool "Legacy Memory Limits"
-+ default n
-+ help
-+ This provides fake memory limits to keep
-+ older tools happy in the face of memory
-+ cgroups
-+
-+
-+endmenu
-+
-+
-+config VSERVER
-+ bool
-+ default y
-+ select NAMESPACES
-+ select UTS_NS
-+ select IPC_NS
-+ select USER_NS
-+ select SYSVIPC
-+
-+config VSERVER_SECURITY
-+ bool
-+ depends on SECURITY
-+ default y
-+ select SECURITY_CAPABILITIES
-+
-diff -NurpP --minimal linux-2.6.35.4/kernel/vserver/limit.c linux-2.6.35.4-vs2.3.0.36.32/kernel/vserver/limit.c
---- linux-2.6.35.4/kernel/vserver/limit.c 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/kernel/vserver/limit.c 2010-08-02 17:05:06.000000000 +0200
-@@ -0,0 +1,354 @@
+diff -NurpP --minimal linux-3.9.4/kernel/vserver/limit.c linux-3.9.4-vs2.3.6.2/kernel/vserver/limit.c
+--- linux-3.9.4/kernel/vserver/limit.c 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/kernel/vserver/limit.c 2013-05-31 14:47:11.000000000 +0000
+@@ -0,0 +1,345 @@
+/*
+ * linux/kernel/vserver/limit.c
+ *
+
+
+const char *vlimit_name[NUM_LIMITS] = {
-+#ifdef CONFIG_VSERVER_LEGACY_MEM
-+ [RLIMIT_RSS] = "RSS",
-+ [RLIMIT_AS] = "VM",
-+#endif /* CONFIG_VSERVER_LEGACY_MEM */
+ [RLIMIT_CPU] = "CPU",
+ [RLIMIT_NPROC] = "NPROC",
+ [RLIMIT_NOFILE] = "NOFILE",
+ /* minimum */
+ 0
+ , /* softlimit */
-+#ifdef CONFIG_VSERVER_LEGACY_MEM
-+ MASK_ENTRY( RLIMIT_RSS ) |
-+#endif /* CONFIG_VSERVER_LEGACY_MEM */
+ 0
+ , /* maximum */
-+#ifdef CONFIG_VSERVER_LEGACY_MEM
-+ MASK_ENTRY( RLIMIT_RSS ) |
-+ MASK_ENTRY( RLIMIT_AS ) |
-+#endif /* CONFIG_VSERVER_LEGACY_MEM */
+ MASK_ENTRY( RLIMIT_NPROC ) |
+ MASK_ENTRY( RLIMIT_NOFILE ) |
+ MASK_ENTRY( RLIMIT_LOCKS ) |
+
+void vx_vsi_meminfo(struct sysinfo *val)
+{
-+#ifdef CONFIG_CGROUP_MEM_RES_CTLR
-+ struct mem_cgroup *mcg = mem_cgroup_from_task(current);
++#ifdef CONFIG_MEMCG
++ struct mem_cgroup *mcg;
+ u64 res_limit, res_usage;
+
++ rcu_read_lock();
++ mcg = mem_cgroup_from_task(current);
++ rcu_read_unlock();
+ if (!mcg)
-+ return;
++ goto out;
+
+ res_limit = mem_cgroup_res_read_u64(mcg, RES_LIMIT);
+ res_usage = mem_cgroup_res_read_u64(mcg, RES_USAGE);
+ val->bufferram = 0;
+ val->totalhigh = 0;
+ val->freehigh = 0;
-+#endif /* CONFIG_CGROUP_MEM_RES_CTLR */
++out:
++#endif /* CONFIG_MEMCG */
+ return;
+}
+
+void vx_vsi_swapinfo(struct sysinfo *val)
+{
-+#ifdef CONFIG_CGROUP_MEM_RES_CTLR
-+#ifdef CONFIG_CGROUP_MEM_RES_CTLR_SWAP
-+ struct mem_cgroup *mcg = mem_cgroup_from_task(current);
++#ifdef CONFIG_MEMCG
++#ifdef CONFIG_MEMCG_SWAP
++ struct mem_cgroup *mcg;
+ u64 res_limit, res_usage, memsw_limit, memsw_usage;
+ s64 swap_limit, swap_usage;
+
++ rcu_read_lock();
++ mcg = mem_cgroup_from_task(current);
++ rcu_read_unlock();
+ if (!mcg)
-+ return;
++ goto out;
+
+ res_limit = mem_cgroup_res_read_u64(mcg, RES_LIMIT);
+ res_usage = mem_cgroup_res_read_u64(mcg, RES_USAGE);
+ memsw_limit = mem_cgroup_memsw_read_u64(mcg, RES_LIMIT);
+ memsw_usage = mem_cgroup_memsw_read_u64(mcg, RES_USAGE);
+
++ /* memory unlimited */
+ if (res_limit == RESOURCE_MAX)
-+ return;
++ goto out;
+
+ swap_limit = memsw_limit - res_limit;
++ /* we have a swap limit? */
+ if (memsw_limit != RESOURCE_MAX)
+ val->totalswap = swap_limit >> PAGE_SHIFT;
+
-+ swap_usage = memsw_usage - res_usage;
++ /* calculate swap part */
++ swap_usage = (memsw_usage > res_usage) ?
++ memsw_usage - res_usage : 0;
++
++ /* total shown minus usage gives free swap */
+ val->freeswap = (swap_usage < swap_limit) ?
+ val->totalswap - (swap_usage >> PAGE_SHIFT) : 0;
-+#else /* !CONFIG_CGROUP_MEM_RES_CTLR_SWAP */
++out:
++#else /* !CONFIG_MEMCG_SWAP */
+ val->totalswap = 0;
+ val->freeswap = 0;
-+#endif /* !CONFIG_CGROUP_MEM_RES_CTLR_SWAP */
-+#endif /* CONFIG_CGROUP_MEM_RES_CTLR */
++#endif /* !CONFIG_MEMCG_SWAP */
++#endif /* CONFIG_MEMCG */
+ return;
+}
+
+long vx_vsi_cached(struct sysinfo *val)
+{
-+#ifdef CONFIG_CGROUP_MEM_RES_CTLR
-+ struct mem_cgroup *mcg = mem_cgroup_from_task(current);
-+
-+ return mem_cgroup_stat_read_cache(mcg);
-+#else
-+ return 0;
-+#endif
-+}
-+
-+
-+unsigned long vx_badness(struct task_struct *task, struct mm_struct *mm)
-+{
-+ struct vx_info *vxi = mm->mm_vx_info;
-+ unsigned long points;
-+ rlim_t v, w;
-+
-+ if (!vxi)
-+ return 0;
++ long cache = 0;
++#ifdef CONFIG_MEMCG
++ struct mem_cgroup *mcg;
+
-+ points = vxi->vx_badness_bias;
-+
-+ v = __vx_cres_array_fixup(&vxi->limit, VLA_RSS);
-+ w = __rlim_soft(&vxi->limit, RLIMIT_RSS);
-+ points += (v > w) ? (v - w) : 0;
++ rcu_read_lock();
++ mcg = mem_cgroup_from_task(current);
++ rcu_read_unlock();
++ if (!mcg)
++ goto out;
+
-+ return points;
++ cache = mem_cgroup_stat_read_cache(mcg);
++out:
++#endif
++ return cache;
+}
+
-diff -NurpP --minimal linux-2.6.35.4/kernel/vserver/limit_init.h linux-2.6.35.4-vs2.3.0.36.32/kernel/vserver/limit_init.h
---- linux-2.6.35.4/kernel/vserver/limit_init.h 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/kernel/vserver/limit_init.h 2010-08-02 17:05:06.000000000 +0200
+diff -NurpP --minimal linux-3.9.4/kernel/vserver/limit_init.h linux-3.9.4-vs2.3.6.2/kernel/vserver/limit_init.h
+--- linux-3.9.4/kernel/vserver/limit_init.h 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/kernel/vserver/limit_init.h 2013-05-31 14:47:11.000000000 +0000
@@ -0,0 +1,31 @@
+
+
+ }
+}
+
-diff -NurpP --minimal linux-2.6.35.4/kernel/vserver/limit_proc.h linux-2.6.35.4-vs2.3.0.36.32/kernel/vserver/limit_proc.h
---- linux-2.6.35.4/kernel/vserver/limit_proc.h 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/kernel/vserver/limit_proc.h 2010-08-02 17:05:06.000000000 +0200
+diff -NurpP --minimal linux-3.9.4/kernel/vserver/limit_proc.h linux-3.9.4-vs2.3.6.2/kernel/vserver/limit_proc.h
+--- linux-3.9.4/kernel/vserver/limit_proc.h 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/kernel/vserver/limit_proc.h 2013-05-31 14:47:11.000000000 +0000
@@ -0,0 +1,57 @@
+#ifndef _VX_LIMIT_PROC_H
+#define _VX_LIMIT_PROC_H
+#endif /* _VX_LIMIT_PROC_H */
+
+
-diff -NurpP --minimal linux-2.6.35.4/kernel/vserver/Makefile linux-2.6.35.4-vs2.3.0.36.32/kernel/vserver/Makefile
---- linux-2.6.35.4/kernel/vserver/Makefile 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/kernel/vserver/Makefile 2010-08-02 17:05:06.000000000 +0200
-@@ -0,0 +1,18 @@
-+#
-+# Makefile for the Linux vserver routines.
-+#
-+
-+
-+obj-y += vserver.o
-+
-+vserver-y := switch.o context.o space.o sched.o network.o inode.o \
-+ limit.o cvirt.o cacct.o signal.o helper.o init.o \
-+ dlimit.o tag.o
-+
-+vserver-$(CONFIG_INET) += inet.o
-+vserver-$(CONFIG_PROC_FS) += proc.o
-+vserver-$(CONFIG_VSERVER_DEBUG) += sysctl.o debug.o
-+vserver-$(CONFIG_VSERVER_HISTORY) += history.o
-+vserver-$(CONFIG_VSERVER_MONITOR) += monitor.o
-+vserver-$(CONFIG_VSERVER_DEVICE) += device.o
-+
-diff -NurpP --minimal linux-2.6.35.4/kernel/vserver/monitor.c linux-2.6.35.4-vs2.3.0.36.32/kernel/vserver/monitor.c
---- linux-2.6.35.4/kernel/vserver/monitor.c 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/kernel/vserver/monitor.c 2010-08-02 17:05:06.000000000 +0200
-@@ -0,0 +1,138 @@
-+/*
-+ * kernel/vserver/monitor.c
-+ *
-+ * Virtual Context Scheduler Monitor
-+ *
-+ * Copyright (C) 2006-2007 Herbert Pötzl
-+ *
-+ * V0.01 basic design
-+ *
-+ */
-+
-+#include <linux/module.h>
-+#include <linux/jiffies.h>
-+#include <asm/uaccess.h>
-+#include <asm/atomic.h>
-+
-+#include <linux/vserver/monitor.h>
-+#include <linux/vserver/debug_cmd.h>
-+
-+
-+#ifdef CONFIG_VSERVER_MONITOR
-+#define VXM_SIZE CONFIG_VSERVER_MONITOR_SIZE
-+#else
-+#define VXM_SIZE 64
-+#endif
-+
-+struct _vx_monitor {
-+ unsigned int counter;
-+
-+ struct _vx_mon_entry entry[VXM_SIZE+1];
-+};
-+
-+
-+DEFINE_PER_CPU(struct _vx_monitor, vx_monitor_buffer);
-+
-+unsigned volatile int vxm_active = 1;
-+
-+static atomic_t sequence = ATOMIC_INIT(0);
-+
-+
-+/* vxm_advance()
-+
-+ * requires disabled preemption */
-+
-+struct _vx_mon_entry *vxm_advance(int cpu)
-+{
-+ struct _vx_monitor *mon = &per_cpu(vx_monitor_buffer, cpu);
-+ struct _vx_mon_entry *entry;
-+ unsigned int index;
-+
-+ index = vxm_active ? (mon->counter++ % VXM_SIZE) : VXM_SIZE;
-+ entry = &mon->entry[index];
-+
-+ entry->ev.seq = atomic_inc_return(&sequence);
-+ entry->ev.jif = jiffies;
-+ return entry;
-+}
-+
-+EXPORT_SYMBOL_GPL(vxm_advance);
-+
-+
-+int do_read_monitor(struct __user _vx_mon_entry *data,
-+ int cpu, uint32_t *index, uint32_t *count)
-+{
-+ int pos, ret = 0;
-+ struct _vx_monitor *mon = &per_cpu(vx_monitor_buffer, cpu);
-+ int end = mon->counter;
-+ int start = end - VXM_SIZE + 2;
-+ int idx = *index;
-+
-+ /* special case: get current pos */
-+ if (!*count) {
-+ *index = end;
-+ return 0;
-+ }
-+
-+ /* have we lost some data? */
-+ if (idx < start)
-+ idx = start;
-+
-+ for (pos = 0; (pos < *count) && (idx < end); pos++, idx++) {
-+ struct _vx_mon_entry *entry =
-+ &mon->entry[idx % VXM_SIZE];
-+
-+ /* send entry to userspace */
-+ ret = copy_to_user(&data[pos], entry, sizeof(*entry));
-+ if (ret)
-+ break;
-+ }
-+ /* save new index and count */
-+ *index = idx;
-+ *count = pos;
-+ return ret ? ret : (*index < end);
-+}
-+
-+int vc_read_monitor(uint32_t id, void __user *data)
-+{
-+ struct vcmd_read_monitor_v0 vc_data;
-+ int ret;
-+
-+ if (id >= NR_CPUS)
-+ return -EINVAL;
-+
-+ if (copy_from_user(&vc_data, data, sizeof(vc_data)))
-+ return -EFAULT;
-+
-+ ret = do_read_monitor((struct __user _vx_mon_entry *)vc_data.data,
-+ id, &vc_data.index, &vc_data.count);
-+
-+ if (copy_to_user(data, &vc_data, sizeof(vc_data)))
-+ return -EFAULT;
-+ return ret;
-+}
-+
-+#ifdef CONFIG_COMPAT
-+
-+int vc_read_monitor_x32(uint32_t id, void __user *data)
-+{
-+ struct vcmd_read_monitor_v0_x32 vc_data;
-+ int ret;
-+
-+ if (id >= NR_CPUS)
-+ return -EINVAL;
-+
-+ if (copy_from_user(&vc_data, data, sizeof(vc_data)))
-+ return -EFAULT;
-+
-+ ret = do_read_monitor((struct __user _vx_mon_entry *)
-+ compat_ptr(vc_data.data_ptr),
-+ id, &vc_data.index, &vc_data.count);
-+
-+ if (copy_to_user(data, &vc_data, sizeof(vc_data)))
-+ return -EFAULT;
-+ return ret;
-+}
-+
-+#endif /* CONFIG_COMPAT */
-+
-diff -NurpP --minimal linux-2.6.35.4/kernel/vserver/network.c linux-2.6.35.4-vs2.3.0.36.32/kernel/vserver/network.c
---- linux-2.6.35.4/kernel/vserver/network.c 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/kernel/vserver/network.c 2010-08-02 17:05:06.000000000 +0200
-@@ -0,0 +1,864 @@
+diff -NurpP --minimal linux-3.9.4/kernel/vserver/network.c linux-3.9.4-vs2.3.6.2/kernel/vserver/network.c
+--- linux-3.9.4/kernel/vserver/network.c 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/kernel/vserver/network.c 2013-05-31 14:47:11.000000000 +0000
+@@ -0,0 +1,1053 @@
+/*
+ * linux/kernel/vserver/network.c
+ *
+#include <linux/err.h>
+#include <linux/slab.h>
+#include <linux/rcupdate.h>
++#include <net/ipv6.h>
+
+#include <linux/vs_network.h>
+#include <linux/vs_pid.h>
+ INIT_HLIST_NODE(&new->nx_hlist);
+ atomic_set(&new->nx_usecnt, 0);
+ atomic_set(&new->nx_tasks, 0);
++ spin_lock_init(&new->addr_lock);
+ new->nx_state = 0;
+
+ new->nx_flags = NXF_INIT_SET;
+ BUG_ON(atomic_read(&nxi->nx_tasks));
+
+ __dealloc_nx_addr_v4_all(nxi->v4.next);
++#ifdef CONFIG_IPV6
++ __dealloc_nx_addr_v6_all(nxi->v6.next);
++#endif
+
+ nxi->nx_state |= NXS_RELEASED;
+ kfree(nxi);
+
+struct hlist_head nx_info_hash[NX_HASH_SIZE];
+
-+static spinlock_t nx_info_hash_lock = SPIN_LOCK_UNLOCKED;
++static DEFINE_SPINLOCK(nx_info_hash_lock);
+
+
+static inline unsigned int __hashval(nid_t nid)
+ if (id) {
+ struct task_struct *tsk;
+
-+ read_lock(&tasklist_lock);
++ rcu_read_lock();
+ tsk = find_task_by_real_pid(id);
+ nid = (tsk) ? tsk->nid : -ESRCH;
-+ read_unlock(&tasklist_lock);
++ rcu_read_unlock();
+ } else
+ nid = nx_current_nid();
+ return nid;
+}
+
+
++static inline
++struct nx_addr_v4 *__find_v4_addr(struct nx_info *nxi,
++ __be32 ip, __be32 ip2, __be32 mask, uint16_t type, uint16_t flags,
++ struct nx_addr_v4 **prev)
++{
++ struct nx_addr_v4 *nxa = &nxi->v4;
++
++ for (; nxa; nxa = nxa->next) {
++ if ((nxa->ip[0].s_addr == ip) &&
++ (nxa->ip[1].s_addr == ip2) &&
++ (nxa->mask.s_addr == mask) &&
++ (nxa->type == type) &&
++ (nxa->flags == flags))
++ return nxa;
++
++ /* save previous entry */
++ if (prev)
++ *prev = nxa;
++ }
++ return NULL;
++}
+
+int do_add_v4_addr(struct nx_info *nxi, __be32 ip, __be32 ip2, __be32 mask,
+ uint16_t type, uint16_t flags)
+{
-+ struct nx_addr_v4 *nxa = &nxi->v4;
++ struct nx_addr_v4 *nxa = NULL;
++ struct nx_addr_v4 *new = __alloc_nx_addr_v4();
++ unsigned long irqflags;
++ int ret = -EEXIST;
+
-+ if (NX_IPV4(nxi)) {
-+ /* locate last entry */
-+ for (; nxa->next; nxa = nxa->next);
-+ nxa->next = __alloc_nx_addr_v4();
-+ nxa = nxa->next;
++ if (IS_ERR(new))
++ return PTR_ERR(new);
+
-+ if (IS_ERR(nxa))
-+ return PTR_ERR(nxa);
-+ }
++ spin_lock_irqsave(&nxi->addr_lock, irqflags);
++ if (__find_v4_addr(nxi, ip, ip2, mask, type, flags, &nxa))
++ goto out_unlock;
++
++ if (NX_IPV4(nxi)) {
++ nxa->next = new;
++ nxa = new;
++ new = NULL;
+
-+ if (nxi->v4.next)
+ /* remove single ip for ip list */
+ nxi->nx_flags &= ~NXF_SINGLE_IP;
++ }
+
+ nxa->ip[0].s_addr = ip;
+ nxa->ip[1].s_addr = ip2;
+ nxa->mask.s_addr = mask;
+ nxa->type = type;
+ nxa->flags = flags;
-+ return 0;
++ ret = 0;
++out_unlock:
++ spin_unlock_irqrestore(&nxi->addr_lock, irqflags);
++ if (new)
++ __dealloc_nx_addr_v4(new);
++ return ret;
++}
++
++int do_remove_v4_addr(struct nx_info *nxi, __be32 ip, __be32 ip2, __be32 mask,
++ uint16_t type, uint16_t flags)
++{
++ struct nx_addr_v4 *nxa = NULL;
++ struct nx_addr_v4 *old = NULL;
++ unsigned long irqflags;
++ int ret = 0;
++
++ spin_lock_irqsave(&nxi->addr_lock, irqflags);
++ switch (type) {
++ case NXA_TYPE_ADDR:
++ old = __find_v4_addr(nxi, ip, ip2, mask, type, flags, &nxa);
++ if (old) {
++ if (nxa) {
++ nxa->next = old->next;
++ old->next = NULL;
++ } else {
++ if (old->next) {
++ nxa = old;
++ old = old->next;
++ *nxa = *old;
++ old->next = NULL;
++ } else {
++ memset(old, 0, sizeof(*old));
++ old = NULL;
++ }
++ }
++ } else
++ ret = -ESRCH;
++ break;
++
++ case NXA_TYPE_ANY:
++ nxa = &nxi->v4;
++ old = nxa->next;
++ memset(nxa, 0, sizeof(*nxa));
++ break;
++
++ default:
++ ret = -EINVAL;
++ }
++ spin_unlock_irqrestore(&nxi->addr_lock, irqflags);
++ __dealloc_nx_addr_v4_all(old);
++ return ret;
+}
+
+
+
+ switch (vc_data.type) {
+ case NXA_TYPE_ANY:
-+ __dealloc_nx_addr_v4_all(xchg(&nxi->v4.next, NULL));
-+ memset(&nxi->v4, 0, sizeof(nxi->v4));
-+ break;
-+
++ return do_remove_v4_addr(nxi, 0, 0, 0, vc_data.type, 0);
+ default:
+ return -EINVAL;
+ }
+}
+
+
-+int vc_net_add_ipv4(struct nx_info *nxi, void __user *data)
++int vc_net_add_ipv4_v1(struct nx_info *nxi, void __user *data)
+{
+ struct vcmd_net_addr_ipv4_v1 vc_data;
+
+
+ switch (vc_data.type) {
+ case NXA_TYPE_ADDR:
-+ case NXA_TYPE_RANGE:
+ case NXA_TYPE_MASK:
+ return do_add_v4_addr(nxi, vc_data.ip.s_addr, 0,
+ vc_data.mask.s_addr, vc_data.type, vc_data.flags);
+ return 0;
+}
+
-+int vc_net_remove_ipv4(struct nx_info *nxi, void __user *data)
++int vc_net_add_ipv4(struct nx_info *nxi, void __user *data)
+{
-+ struct vcmd_net_addr_ipv4_v1 vc_data;
++ struct vcmd_net_addr_ipv4_v2 vc_data;
+
+ if (data && copy_from_user(&vc_data, data, sizeof(vc_data)))
+ return -EFAULT;
+
+ switch (vc_data.type) {
-+/* case NXA_TYPE_ADDR:
-+ break; */
++ case NXA_TYPE_ADDR:
++ case NXA_TYPE_MASK:
++ case NXA_TYPE_RANGE:
++ return do_add_v4_addr(nxi, vc_data.ip.s_addr, vc_data.ip2.s_addr,
++ vc_data.mask.s_addr, vc_data.type, vc_data.flags);
+
-+ case NXA_TYPE_ANY:
-+ __dealloc_nx_addr_v4_all(xchg(&nxi->v4.next, NULL));
-+ memset(&nxi->v4, 0, sizeof(nxi->v4));
++ case NXA_TYPE_ADDR | NXA_MOD_BCAST:
++ nxi->v4_bcast = vc_data.ip;
++ break;
++
++ case NXA_TYPE_ADDR | NXA_MOD_LBACK:
++ nxi->v4_lback = vc_data.ip;
+ break;
+
+ default:
+ return 0;
+}
+
++int vc_net_rem_ipv4_v1(struct nx_info *nxi, void __user *data)
++{
++ struct vcmd_net_addr_ipv4_v1 vc_data;
++
++ if (data && copy_from_user(&vc_data, data, sizeof(vc_data)))
++ return -EFAULT;
++
++ return do_remove_v4_addr(nxi, vc_data.ip.s_addr, 0,
++ vc_data.mask.s_addr, vc_data.type, vc_data.flags);
++}
++
++int vc_net_rem_ipv4(struct nx_info *nxi, void __user *data)
++{
++ struct vcmd_net_addr_ipv4_v2 vc_data;
++
++ if (data && copy_from_user(&vc_data, data, sizeof(vc_data)))
++ return -EFAULT;
++
++ return do_remove_v4_addr(nxi, vc_data.ip.s_addr, vc_data.ip2.s_addr,
++ vc_data.mask.s_addr, vc_data.type, vc_data.flags);
++}
+
+#ifdef CONFIG_IPV6
+
++static inline
++struct nx_addr_v6 *__find_v6_addr(struct nx_info *nxi,
++ struct in6_addr *ip, struct in6_addr *mask,
++ uint32_t prefix, uint16_t type, uint16_t flags,
++ struct nx_addr_v6 **prev)
++{
++ struct nx_addr_v6 *nxa = &nxi->v6;
++
++ for (; nxa; nxa = nxa->next) {
++ if (ipv6_addr_equal(&nxa->ip, ip) &&
++ ipv6_addr_equal(&nxa->mask, mask) &&
++ (nxa->prefix == prefix) &&
++ (nxa->type == type) &&
++ (nxa->flags == flags))
++ return nxa;
++
++ /* save previous entry */
++ if (prev)
++ *prev = nxa;
++ }
++ return NULL;
++}
++
++
+int do_add_v6_addr(struct nx_info *nxi,
+ struct in6_addr *ip, struct in6_addr *mask,
+ uint32_t prefix, uint16_t type, uint16_t flags)
+{
-+ struct nx_addr_v6 *nxa = &nxi->v6;
++ struct nx_addr_v6 *nxa = NULL;
++ struct nx_addr_v6 *new = __alloc_nx_addr_v6();
++ unsigned long irqflags;
++ int ret = -EEXIST;
++
++ if (IS_ERR(new))
++ return PTR_ERR(new);
++
++ spin_lock_irqsave(&nxi->addr_lock, irqflags);
++ if (__find_v6_addr(nxi, ip, mask, prefix, type, flags, &nxa))
++ goto out_unlock;
++
++ if (NX_IPV6(nxi)) {
++ nxa->next = new;
++ nxa = new;
++ new = NULL;
++ }
++
++ nxa->ip = *ip;
++ nxa->mask = *mask;
++ nxa->prefix = prefix;
++ nxa->type = type;
++ nxa->flags = flags;
++ ret = 0;
++out_unlock:
++ spin_unlock_irqrestore(&nxi->addr_lock, irqflags);
++ if (new)
++ __dealloc_nx_addr_v6(new);
++ return ret;
++}
++
++int do_remove_v6_addr(struct nx_info *nxi,
++ struct in6_addr *ip, struct in6_addr *mask,
++ uint32_t prefix, uint16_t type, uint16_t flags)
++{
++ struct nx_addr_v6 *nxa = NULL;
++ struct nx_addr_v6 *old = NULL;
++ unsigned long irqflags;
++ int ret = 0;
++
++ spin_lock_irqsave(&nxi->addr_lock, irqflags);
++ switch (type) {
++ case NXA_TYPE_ADDR:
++ old = __find_v6_addr(nxi, ip, mask, prefix, type, flags, &nxa);
++ if (old) {
++ if (nxa) {
++ nxa->next = old->next;
++ old->next = NULL;
++ } else {
++ if (old->next) {
++ nxa = old;
++ old = old->next;
++ *nxa = *old;
++ old->next = NULL;
++ } else {
++ memset(old, 0, sizeof(*old));
++ old = NULL;
++ }
++ }
++ } else
++ ret = -ESRCH;
++ break;
+
-+ if (NX_IPV6(nxi)) {
-+ /* locate last entry */
-+ for (; nxa->next; nxa = nxa->next);
-+ nxa->next = __alloc_nx_addr_v6();
-+ nxa = nxa->next;
++ case NXA_TYPE_ANY:
++ nxa = &nxi->v6;
++ old = nxa->next;
++ memset(nxa, 0, sizeof(*nxa));
++ break;
+
-+ if (IS_ERR(nxa))
-+ return PTR_ERR(nxa);
++ default:
++ ret = -EINVAL;
+ }
-+
-+ nxa->ip = *ip;
-+ nxa->mask = *mask;
-+ nxa->prefix = prefix;
-+ nxa->type = type;
-+ nxa->flags = flags;
-+ return 0;
++ spin_unlock_irqrestore(&nxi->addr_lock, irqflags);
++ __dealloc_nx_addr_v6_all(old);
++ return ret;
+}
+
-+
+int vc_net_add_ipv6(struct nx_info *nxi, void __user *data)
+{
+ struct vcmd_net_addr_ipv6_v1 vc_data;
+
+ switch (vc_data.type) {
+ case NXA_TYPE_ADDR:
++ memset(&vc_data.mask, ~0, sizeof(vc_data.mask));
++ /* fallthrough */
+ case NXA_TYPE_MASK:
+ return do_add_v6_addr(nxi, &vc_data.ip, &vc_data.mask,
+ vc_data.prefix, vc_data.type, vc_data.flags);
+ return -EFAULT;
+
+ switch (vc_data.type) {
++ case NXA_TYPE_ADDR:
++ memset(&vc_data.mask, ~0, sizeof(vc_data.mask));
++ /* fallthrough */
++ case NXA_TYPE_MASK:
++ return do_remove_v6_addr(nxi, &vc_data.ip, &vc_data.mask,
++ vc_data.prefix, vc_data.type, vc_data.flags);
+ case NXA_TYPE_ANY:
-+ __dealloc_nx_addr_v6_all(xchg(&nxi->v6.next, NULL));
-+ memset(&nxi->v6, 0, sizeof(nxi->v6));
-+ break;
-+
++ return do_remove_v6_addr(nxi, NULL, NULL, 0, vc_data.type, 0);
+ default:
+ return -EINVAL;
+ }
+EXPORT_SYMBOL_GPL(free_nx_info);
+EXPORT_SYMBOL_GPL(unhash_nx_info);
+
-diff -NurpP --minimal linux-2.6.35.4/kernel/vserver/proc.c linux-2.6.35.4-vs2.3.0.36.32/kernel/vserver/proc.c
---- linux-2.6.35.4/kernel/vserver/proc.c 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/kernel/vserver/proc.c 2010-08-02 17:05:06.000000000 +0200
-@@ -0,0 +1,1098 @@
+diff -NurpP --minimal linux-3.9.4/kernel/vserver/proc.c linux-3.9.4-vs2.3.6.2/kernel/vserver/proc.c
+--- linux-3.9.4/kernel/vserver/proc.c 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/kernel/vserver/proc.c 2013-06-01 08:30:38.000000000 +0000
+@@ -0,0 +1,1110 @@
+/*
+ * linux/kernel/vserver/proc.c
+ *
+ * Virtual Context Support
+ *
-+ * Copyright (C) 2003-2007 Herbert Pötzl
++ * Copyright (C) 2003-2011 Herbert Pötzl
+ *
+ * V0.01 basic structure
+ * V0.02 adaptation vs1.3.0
+ * V0.06 inode validation
+ * V0.07 generic rewrite vid
+ * V0.08 remove inode type
++ * V0.09 added u/wmask info
+ *
+ */
+
+#include <linux/proc_fs.h>
+#include <linux/fs_struct.h>
+#include <linux/mount.h>
++#include <linux/namei.h>
+#include <asm/unistd.h>
+
+#include <linux/vs_context.h>
+
+ buffer += sprintf(buffer,
+ "CCaps:\t%016llx\n"
++ "Umask:\t%16llx\n"
++ "Wmask:\t%16llx\n"
+ "Spaces:\t%08lx %08lx\n",
+ (unsigned long long)vxi->vx_ccaps,
-+ vxi->vx_nsmask[0], vxi->vx_nsmask[1]);
++ (unsigned long long)vxi->vx_umask,
++ (unsigned long long)vxi->vx_wmask,
++ vxi->space[0].vx_nsmask, vxi->space[1].vx_nsmask);
+ return buffer - orig;
+}
+
+
+int proc_vxi_nsproxy0(struct vx_info *vxi, char *buffer)
+{
-+ return vx_info_proc_nsproxy(vxi->vx_nsproxy[0], buffer);
++ return vx_info_proc_nsproxy(vxi->space[0].vx_nsproxy, buffer);
+}
+
+int proc_vxi_nsproxy1(struct vx_info *vxi, char *buffer)
+{
-+ return vx_info_proc_nsproxy(vxi->vx_nsproxy[1], buffer);
++ return vx_info_proc_nsproxy(vxi->space[1].vx_nsproxy, buffer);
+}
+
+int proc_vxi_cvirt(struct vx_info *vxi, char *buffer)
+ if (p->fop)
+ inode->i_fop = p->fop;
+
-+ inode->i_nlink = (p->mode & S_IFDIR) ? 2 : 1;
++ set_nlink(inode, (p->mode & S_IFDIR) ? 2 : 1);
+ inode->i_flags |= S_IMMUTABLE;
+
+ inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME;
+
-+ inode->i_uid = 0;
-+ inode->i_gid = 0;
-+ inode->i_tag = 0;
++ i_uid_write(inode, 0);
++ i_gid_write(inode, 0);
++ i_tag_write(inode, 0);
+out:
+ return inode;
+}
+ return lookup_vx_info(PROC_I(inode)->fd);
+}
+
-+static int proc_xid_revalidate(struct dentry *dentry, struct nameidata *nd)
++static int proc_xid_revalidate(struct dentry *dentry, unsigned int flags)
+{
+ struct inode *inode = dentry->d_inode;
+ xid_t xid = PROC_I(inode)->fd;
+
++ if (flags & LOOKUP_RCU) /* FIXME: can be dropped? */
++ return -ECHILD;
++
+ if (!xid || xid_is_hashed(xid))
+ return 1;
+ d_drop(dentry);
+
+/* get and revalidate nx_info/nid */
+
-+static int proc_nid_revalidate(struct dentry *dentry, struct nameidata *nd)
++static int proc_nid_revalidate(struct dentry *dentry, unsigned int flags)
+{
+ struct inode *inode = dentry->d_inode;
+ nid_t nid = PROC_I(inode)->fd;
+
++ if (flags & LOOKUP_RCU) /* FIXME: can be dropped? */
++ return -ECHILD;
++
+ if (!nid || nid_is_hashed(nid))
+ return 1;
+ d_drop(dentry);
+}
+
+static struct dentry *proc_xid_lookup(struct inode *dir,
-+ struct dentry *dentry, struct nameidata *nd)
++ struct dentry *dentry, unsigned int flags)
+{
+ struct vs_entry *p = vx_base_stuff;
+ struct dentry *error = ERR_PTR(-ENOENT);
+}
+
+static struct dentry *proc_nid_lookup(struct inode *dir,
-+ struct dentry *dentry, struct nameidata *nd)
++ struct dentry *dentry, unsigned int flags)
+{
+ struct vs_entry *p = nx_base_stuff;
+ struct dentry *error = ERR_PTR(-ENOENT);
+
+
+static struct dentry *proc_virtual_lookup(struct inode *dir,
-+ struct dentry *dentry, struct nameidata *nd)
++ struct dentry *dentry, unsigned int flags)
+{
+ struct vs_entry *p = vx_virtual_stuff;
+ struct dentry *error = ERR_PTR(-ENOENT);
+
+
+static struct dentry *proc_virtnet_lookup(struct inode *dir,
-+ struct dentry *dentry, struct nameidata *nd)
++ struct dentry *dentry, unsigned int flags)
+{
+ struct vs_entry *p = nx_virtnet_stuff;
+ struct dentry *error = ERR_PTR(-ENOENT);
+ return buffer - orig;
+}
+
-diff -NurpP --minimal linux-2.6.35.4/kernel/vserver/sched.c linux-2.6.35.4-vs2.3.0.36.32/kernel/vserver/sched.c
---- linux-2.6.35.4/kernel/vserver/sched.c 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/kernel/vserver/sched.c 2010-08-02 17:05:06.000000000 +0200
-@@ -0,0 +1,414 @@
+diff -NurpP --minimal linux-3.9.4/kernel/vserver/sched.c linux-3.9.4-vs2.3.6.2/kernel/vserver/sched.c
+--- linux-3.9.4/kernel/vserver/sched.c 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/kernel/vserver/sched.c 2013-05-31 14:47:11.000000000 +0000
+@@ -0,0 +1,83 @@
+/*
+ * linux/kernel/vserver/sched.c
+ *
+ * Virtual Server: Scheduler Support
+ *
-+ * Copyright (C) 2004-2007 Herbert Pötzl
++ * Copyright (C) 2004-2010 Herbert Pötzl
+ *
+ * V0.01 adapted Sam Vilains version to 2.6.3
+ * V0.02 removed legacy interface
+ * V0.03 changed vcmds to vxi arg
+ * V0.04 removed older and legacy interfaces
++ * V0.05 removed scheduler code/commands
+ *
+ */
+
+#include <linux/vs_context.h>
+#include <linux/vs_sched.h>
++#include <linux/cpumask.h>
+#include <linux/vserver/sched_cmd.h>
+
+#include <asm/uaccess.h>
+
+
-+#define vxd_check_range(val, min, max) do { \
-+ vxlprintk((val < min) || (val > max), \
-+ "check_range(%ld,%ld,%ld)", \
-+ (long)val, (long)min, (long)max, \
-+ __FILE__, __LINE__); \
-+ } while (0)
-+
-+
+void vx_update_sched_param(struct _vx_sched *sched,
+ struct _vx_sched_pc *sched_pc)
+{
-+ unsigned int set_mask = sched->update_mask;
-+
-+ if (set_mask & VXSM_FILL_RATE)
-+ sched_pc->fill_rate[0] = sched->fill_rate[0];
-+ if (set_mask & VXSM_INTERVAL)
-+ sched_pc->interval[0] = sched->interval[0];
-+ if (set_mask & VXSM_FILL_RATE2)
-+ sched_pc->fill_rate[1] = sched->fill_rate[1];
-+ if (set_mask & VXSM_INTERVAL2)
-+ sched_pc->interval[1] = sched->interval[1];
-+ if (set_mask & VXSM_TOKENS)
-+ sched_pc->tokens = sched->tokens;
-+ if (set_mask & VXSM_TOKENS_MIN)
-+ sched_pc->tokens_min = sched->tokens_min;
-+ if (set_mask & VXSM_TOKENS_MAX)
-+ sched_pc->tokens_max = sched->tokens_max;
-+ if (set_mask & VXSM_PRIO_BIAS)
-+ sched_pc->prio_bias = sched->prio_bias;
-+
-+ if (set_mask & VXSM_IDLE_TIME)
-+ sched_pc->flags |= VXSF_IDLE_TIME;
-+ else
-+ sched_pc->flags &= ~VXSF_IDLE_TIME;
-+
-+ /* reset time */
-+ sched_pc->norm_time = jiffies;
-+}
-+
-+
-+/*
-+ * recalculate the context's scheduling tokens
-+ *
-+ * ret > 0 : number of tokens available
-+ * ret < 0 : on hold, check delta_min[]
-+ * -1 only jiffies
-+ * -2 also idle time
-+ *
-+ */
-+int vx_tokens_recalc(struct _vx_sched_pc *sched_pc,
-+ unsigned long *norm_time, unsigned long *idle_time, int delta_min[2])
-+{
-+ long delta;
-+ long tokens = 0;
-+ int flags = sched_pc->flags;
-+
-+ /* how much time did pass? */
-+ delta = *norm_time - sched_pc->norm_time;
-+ // printk("@ %ld, %ld, %ld\n", *norm_time, sched_pc->norm_time, jiffies);
-+ vxd_check_range(delta, 0, INT_MAX);
-+
-+ if (delta >= sched_pc->interval[0]) {
-+ long tokens, integral;
-+
-+ /* calc integral token part */
-+ tokens = delta / sched_pc->interval[0];
-+ integral = tokens * sched_pc->interval[0];
-+ tokens *= sched_pc->fill_rate[0];
-+#ifdef CONFIG_VSERVER_HARDCPU
-+ delta_min[0] = delta - integral;
-+ vxd_check_range(delta_min[0], 0, sched_pc->interval[0]);
-+#endif
-+ /* advance time */
-+ sched_pc->norm_time += delta;
-+
-+ /* add tokens */
-+ sched_pc->tokens += tokens;
-+ sched_pc->token_time += tokens;
-+ } else
-+ delta_min[0] = delta;
-+
-+#ifdef CONFIG_VSERVER_IDLETIME
-+ if (!(flags & VXSF_IDLE_TIME))
-+ goto skip_idle;
-+
-+ /* how much was the idle skip? */
-+ delta = *idle_time - sched_pc->idle_time;
-+ vxd_check_range(delta, 0, INT_MAX);
-+
-+ if (delta >= sched_pc->interval[1]) {
-+ long tokens, integral;
-+
-+ /* calc fair share token part */
-+ tokens = delta / sched_pc->interval[1];
-+ integral = tokens * sched_pc->interval[1];
-+ tokens *= sched_pc->fill_rate[1];
-+ delta_min[1] = delta - integral;
-+ vxd_check_range(delta_min[1], 0, sched_pc->interval[1]);
-+
-+ /* advance idle time */
-+ sched_pc->idle_time += integral;
-+
-+ /* add tokens */
-+ sched_pc->tokens += tokens;
-+ sched_pc->token_time += tokens;
-+ } else
-+ delta_min[1] = delta;
-+skip_idle:
-+#endif
-+
-+ /* clip at maximum */
-+ if (sched_pc->tokens > sched_pc->tokens_max)
-+ sched_pc->tokens = sched_pc->tokens_max;
-+ tokens = sched_pc->tokens;
-+
-+ if ((flags & VXSF_ONHOLD)) {
-+ /* can we unhold? */
-+ if (tokens >= sched_pc->tokens_min) {
-+ flags &= ~VXSF_ONHOLD;
-+ sched_pc->hold_ticks +=
-+ *norm_time - sched_pc->onhold;
-+ } else
-+ goto on_hold;
-+ } else {
-+ /* put on hold? */
-+ if (tokens <= 0) {
-+ flags |= VXSF_ONHOLD;
-+ sched_pc->onhold = *norm_time;
-+ goto on_hold;
-+ }
-+ }
-+ sched_pc->flags = flags;
-+ return tokens;
-+
-+on_hold:
-+ tokens = sched_pc->tokens_min - tokens;
-+ sched_pc->flags = flags;
-+ // BUG_ON(tokens < 0); probably doesn't hold anymore
-+
-+#ifdef CONFIG_VSERVER_HARDCPU
-+ /* next interval? */
-+ if (!sched_pc->fill_rate[0])
-+ delta_min[0] = HZ;
-+ else if (tokens > sched_pc->fill_rate[0])
-+ delta_min[0] += sched_pc->interval[0] *
-+ tokens / sched_pc->fill_rate[0];
-+ else
-+ delta_min[0] = sched_pc->interval[0] - delta_min[0];
-+ vxd_check_range(delta_min[0], 0, INT_MAX);
-+
-+#ifdef CONFIG_VSERVER_IDLETIME
-+ if (!(flags & VXSF_IDLE_TIME))
-+ return -1;
-+
-+ /* next interval? */
-+ if (!sched_pc->fill_rate[1])
-+ delta_min[1] = HZ;
-+ else if (tokens > sched_pc->fill_rate[1])
-+ delta_min[1] += sched_pc->interval[1] *
-+ tokens / sched_pc->fill_rate[1];
-+ else
-+ delta_min[1] = sched_pc->interval[1] - delta_min[1];
-+ vxd_check_range(delta_min[1], 0, INT_MAX);
-+
-+ return -2;
-+#else
-+ return -1;
-+#endif /* CONFIG_VSERVER_IDLETIME */
-+#else
-+ return 0;
-+#endif /* CONFIG_VSERVER_HARDCPU */
-+}
-+
-+static inline unsigned long msec_to_ticks(unsigned long msec)
-+{
-+ return msecs_to_jiffies(msec);
-+}
-+
-+static inline unsigned long ticks_to_msec(unsigned long ticks)
-+{
-+ return jiffies_to_msecs(ticks);
++ sched_pc->prio_bias = sched->prio_bias;
+}
+
-+static inline unsigned long ticks_to_usec(unsigned long ticks)
-+{
-+ return jiffies_to_usecs(ticks);
-+}
-+
-+
-+static int do_set_sched(struct vx_info *vxi, struct vcmd_sched_v5 *data)
++static int do_set_prio_bias(struct vx_info *vxi, struct vcmd_prio_bias *data)
+{
-+ unsigned int set_mask = data->mask;
-+ unsigned int update_mask;
-+ int i, cpu;
-+
-+ /* Sanity check data values */
-+ if (data->tokens_max <= 0)
-+ data->tokens_max = HZ;
-+ if (data->tokens_min < 0)
-+ data->tokens_min = HZ / 3;
-+ if (data->tokens_min >= data->tokens_max)
-+ data->tokens_min = data->tokens_max;
++ int cpu;
+
+ if (data->prio_bias > MAX_PRIO_BIAS)
+ data->prio_bias = MAX_PRIO_BIAS;
+ if (data->prio_bias < MIN_PRIO_BIAS)
+ data->prio_bias = MIN_PRIO_BIAS;
+
-+ spin_lock(&vxi->sched.tokens_lock);
++ if (data->cpu_id != ~0) {
++ vxi->sched.update = cpumask_of_cpu(data->cpu_id);
++ cpumask_and(&vxi->sched.update, &vxi->sched.update,
++ cpu_online_mask);
++ } else
++ cpumask_copy(&vxi->sched.update, cpu_online_mask);
+
-+ /* sync up on delayed updates */
+ for_each_cpu_mask(cpu, vxi->sched.update)
+ vx_update_sched_param(&vxi->sched,
+ &vx_per_cpu(vxi, sched_pc, cpu));
-+
-+ if (set_mask & VXSM_FILL_RATE)
-+ vxi->sched.fill_rate[0] = data->fill_rate[0];
-+ if (set_mask & VXSM_FILL_RATE2)
-+ vxi->sched.fill_rate[1] = data->fill_rate[1];
-+ if (set_mask & VXSM_INTERVAL)
-+ vxi->sched.interval[0] = (set_mask & VXSM_MSEC) ?
-+ msec_to_ticks(data->interval[0]) : data->interval[0];
-+ if (set_mask & VXSM_INTERVAL2)
-+ vxi->sched.interval[1] = (set_mask & VXSM_MSEC) ?
-+ msec_to_ticks(data->interval[1]) : data->interval[1];
-+ if (set_mask & VXSM_TOKENS)
-+ vxi->sched.tokens = data->tokens;
-+ if (set_mask & VXSM_TOKENS_MIN)
-+ vxi->sched.tokens_min = data->tokens_min;
-+ if (set_mask & VXSM_TOKENS_MAX)
-+ vxi->sched.tokens_max = data->tokens_max;
-+ if (set_mask & VXSM_PRIO_BIAS)
-+ vxi->sched.prio_bias = data->prio_bias;
-+
-+ /* Sanity check rate/interval */
-+ for (i = 0; i < 2; i++) {
-+ if (data->fill_rate[i] < 0)
-+ data->fill_rate[i] = 0;
-+ if (data->interval[i] <= 0)
-+ data->interval[i] = HZ;
-+ }
-+
-+ update_mask = vxi->sched.update_mask & VXSM_SET_MASK;
-+ update_mask |= (set_mask & (VXSM_SET_MASK | VXSM_IDLE_TIME));
-+ vxi->sched.update_mask = update_mask;
-+
-+#ifdef CONFIG_SMP
-+ rmb();
-+ if (set_mask & VXSM_CPU_ID) {
-+ vxi->sched.update = cpumask_of_cpu(data->cpu_id);
-+ cpus_and(vxi->sched.update, cpu_online_map,
-+ vxi->sched.update);
-+ } else
-+ vxi->sched.update = cpu_online_map;
-+
-+ /* forced reload? */
-+ if (set_mask & VXSM_FORCE) {
-+ for_each_cpu_mask(cpu, vxi->sched.update)
-+ vx_update_sched_param(&vxi->sched,
-+ &vx_per_cpu(vxi, sched_pc, cpu));
-+ vxi->sched.update = CPU_MASK_NONE;
-+ }
-+#else
-+ /* on UP we update immediately */
-+ vx_update_sched_param(&vxi->sched,
-+ &vx_per_cpu(vxi, sched_pc, 0));
-+#endif
-+
-+ spin_unlock(&vxi->sched.tokens_lock);
+ return 0;
+}
+
-+
-+#define COPY_IDS(C) C(cpu_id); C(bucket_id)
-+#define COPY_PRI(C) C(prio_bias)
-+#define COPY_TOK(C) C(tokens); C(tokens_min); C(tokens_max)
-+#define COPY_FRI(C) C(fill_rate[0]); C(interval[0]); \
-+ C(fill_rate[1]); C(interval[1]);
-+
-+#define COPY_VALUE(name) vc_data.name = data->name
-+
-+static int do_set_sched_v4(struct vx_info *vxi, struct vcmd_set_sched_v4 *data)
-+{
-+ struct vcmd_sched_v5 vc_data;
-+
-+ vc_data.mask = data->set_mask;
-+ COPY_IDS(COPY_VALUE);
-+ COPY_PRI(COPY_VALUE);
-+ COPY_TOK(COPY_VALUE);
-+ vc_data.fill_rate[0] = vc_data.fill_rate[1] = data->fill_rate;
-+ vc_data.interval[0] = vc_data.interval[1] = data->interval;
-+ return do_set_sched(vxi, &vc_data);
-+}
-+
-+int vc_set_sched_v4(struct vx_info *vxi, void __user *data)
-+{
-+ struct vcmd_set_sched_v4 vc_data;
-+
-+ if (copy_from_user(&vc_data, data, sizeof(vc_data)))
-+ return -EFAULT;
-+
-+ return do_set_sched_v4(vxi, &vc_data);
-+}
-+
-+ /* latest interface is v5 */
-+
-+int vc_set_sched(struct vx_info *vxi, void __user *data)
-+{
-+ struct vcmd_sched_v5 vc_data;
-+
-+ if (copy_from_user(&vc_data, data, sizeof(vc_data)))
-+ return -EFAULT;
-+
-+ return do_set_sched(vxi, &vc_data);
-+}
-+
-+
-+#define COPY_PRI(C) C(prio_bias)
-+#define COPY_TOK(C) C(tokens); C(tokens_min); C(tokens_max)
-+#define COPY_FRI(C) C(fill_rate[0]); C(interval[0]); \
-+ C(fill_rate[1]); C(interval[1]);
-+
-+#define COPY_VALUE(name) vc_data.name = data->name
-+
-+
-+int vc_get_sched(struct vx_info *vxi, void __user *data)
++int vc_set_prio_bias(struct vx_info *vxi, void __user *data)
+{
-+ struct vcmd_sched_v5 vc_data;
++ struct vcmd_prio_bias vc_data;
+
+ if (copy_from_user(&vc_data, data, sizeof(vc_data)))
+ return -EFAULT;
+
-+ if (vc_data.mask & VXSM_CPU_ID) {
-+ int cpu = vc_data.cpu_id;
-+ struct _vx_sched_pc *data;
-+
-+ if (!cpu_possible(cpu))
-+ return -EINVAL;
-+
-+ data = &vx_per_cpu(vxi, sched_pc, cpu);
-+ COPY_TOK(COPY_VALUE);
-+ COPY_PRI(COPY_VALUE);
-+ COPY_FRI(COPY_VALUE);
-+
-+ if (data->flags & VXSF_IDLE_TIME)
-+ vc_data.mask |= VXSM_IDLE_TIME;
-+ } else {
-+ struct _vx_sched *data = &vxi->sched;
-+
-+ COPY_TOK(COPY_VALUE);
-+ COPY_PRI(COPY_VALUE);
-+ COPY_FRI(COPY_VALUE);
-+ }
-+
-+ if (vc_data.mask & VXSM_MSEC) {
-+ vc_data.interval[0] = ticks_to_msec(vc_data.interval[0]);
-+ vc_data.interval[1] = ticks_to_msec(vc_data.interval[1]);
-+ }
-+
-+ if (copy_to_user(data, &vc_data, sizeof(vc_data)))
-+ return -EFAULT;
-+ return 0;
++ return do_set_prio_bias(vxi, &vc_data);
+}
+
-+
-+int vc_sched_info(struct vx_info *vxi, void __user *data)
++int vc_get_prio_bias(struct vx_info *vxi, void __user *data)
+{
-+ struct vcmd_sched_info vc_data;
++ struct vcmd_prio_bias vc_data;
++ struct _vx_sched_pc *pcd;
+ int cpu;
+
+ if (copy_from_user(&vc_data, data, sizeof(vc_data)))
+ return -EFAULT;
+
+ cpu = vc_data.cpu_id;
++
+ if (!cpu_possible(cpu))
+ return -EINVAL;
+
-+ if (vxi) {
-+ struct _vx_sched_pc *sched_pc =
-+ &vx_per_cpu(vxi, sched_pc, cpu);
-+
-+ vc_data.user_msec = ticks_to_msec(sched_pc->user_ticks);
-+ vc_data.sys_msec = ticks_to_msec(sched_pc->sys_ticks);
-+ vc_data.hold_msec = ticks_to_msec(sched_pc->hold_ticks);
-+ vc_data.vavavoom = sched_pc->vavavoom;
-+ }
-+ vc_data.token_usec = ticks_to_usec(1);
++ pcd = &vx_per_cpu(vxi, sched_pc, cpu);
++ vc_data.prio_bias = pcd->prio_bias;
+
+ if (copy_to_user(data, &vc_data, sizeof(vc_data)))
+ return -EFAULT;
+ return 0;
+}
+
-diff -NurpP --minimal linux-2.6.35.4/kernel/vserver/sched_init.h linux-2.6.35.4-vs2.3.0.36.32/kernel/vserver/sched_init.h
---- linux-2.6.35.4/kernel/vserver/sched_init.h 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/kernel/vserver/sched_init.h 2010-08-02 17:05:06.000000000 +0200
-@@ -0,0 +1,50 @@
+diff -NurpP --minimal linux-3.9.4/kernel/vserver/sched_init.h linux-3.9.4-vs2.3.6.2/kernel/vserver/sched_init.h
+--- linux-3.9.4/kernel/vserver/sched_init.h 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/kernel/vserver/sched_init.h 2013-05-31 14:47:11.000000000 +0000
+@@ -0,0 +1,27 @@
+
+static inline void vx_info_init_sched(struct _vx_sched *sched)
+{
-+ static struct lock_class_key tokens_lock_key;
-+
+ /* scheduling; hard code starting values as constants */
-+ sched->fill_rate[0] = 1;
-+ sched->interval[0] = 4;
-+ sched->fill_rate[1] = 1;
-+ sched->interval[1] = 8;
-+ sched->tokens = HZ >> 2;
-+ sched->tokens_min = HZ >> 4;
-+ sched->tokens_max = HZ >> 1;
-+ sched->tokens_lock = SPIN_LOCK_UNLOCKED;
-+ sched->prio_bias = 0;
-+
-+ lockdep_set_class(&sched->tokens_lock, &tokens_lock_key);
++ sched->prio_bias = 0;
+}
+
+static inline
+void vx_info_init_sched_pc(struct _vx_sched_pc *sched_pc, int cpu)
+{
-+ sched_pc->fill_rate[0] = 1;
-+ sched_pc->interval[0] = 4;
-+ sched_pc->fill_rate[1] = 1;
-+ sched_pc->interval[1] = 8;
-+ sched_pc->tokens = HZ >> 2;
-+ sched_pc->tokens_min = HZ >> 4;
-+ sched_pc->tokens_max = HZ >> 1;
-+ sched_pc->prio_bias = 0;
-+ sched_pc->vavavoom = 0;
-+ sched_pc->token_time = 0;
-+ sched_pc->idle_time = 0;
-+ sched_pc->norm_time = jiffies;
++ sched_pc->prio_bias = 0;
+
+ sched_pc->user_ticks = 0;
+ sched_pc->sys_ticks = 0;
+{
+ return;
+}
-diff -NurpP --minimal linux-2.6.35.4/kernel/vserver/sched_proc.h linux-2.6.35.4-vs2.3.0.36.32/kernel/vserver/sched_proc.h
---- linux-2.6.35.4/kernel/vserver/sched_proc.h 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/kernel/vserver/sched_proc.h 2010-08-02 17:05:06.000000000 +0200
-@@ -0,0 +1,57 @@
+diff -NurpP --minimal linux-3.9.4/kernel/vserver/sched_proc.h linux-3.9.4-vs2.3.6.2/kernel/vserver/sched_proc.h
+--- linux-3.9.4/kernel/vserver/sched_proc.h 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/kernel/vserver/sched_proc.h 2013-05-31 14:47:11.000000000 +0000
+@@ -0,0 +1,32 @@
+#ifndef _VX_SCHED_PROC_H
+#define _VX_SCHED_PROC_H
+
+ int length = 0;
+
+ length += sprintf(buffer,
-+ "FillRate:\t%8d,%d\n"
-+ "Interval:\t%8d,%d\n"
-+ "TokensMin:\t%8d\n"
-+ "TokensMax:\t%8d\n"
+ "PrioBias:\t%8d\n",
-+ sched->fill_rate[0],
-+ sched->fill_rate[1],
-+ sched->interval[0],
-+ sched->interval[1],
-+ sched->tokens_min,
-+ sched->tokens_max,
+ sched->prio_bias);
+ return length;
+}
+ int length = 0;
+
+ length += sprintf(buffer + length,
-+ "cpu %d: %lld %lld %lld %ld %ld", cpu,
++ "cpu %d: %lld %lld %lld", cpu,
+ (unsigned long long)sched_pc->user_ticks,
+ (unsigned long long)sched_pc->sys_ticks,
-+ (unsigned long long)sched_pc->hold_ticks,
-+ sched_pc->token_time,
-+ sched_pc->idle_time);
-+ length += sprintf(buffer + length,
-+ " %c%c %d %d %d %d/%d %d/%d",
-+ (sched_pc->flags & VXSF_ONHOLD) ? 'H' : 'R',
-+ (sched_pc->flags & VXSF_IDLE_TIME) ? 'I' : '-',
-+ sched_pc->tokens,
-+ sched_pc->tokens_min,
-+ sched_pc->tokens_max,
-+ sched_pc->fill_rate[0],
-+ sched_pc->interval[0],
-+ sched_pc->fill_rate[1],
-+ sched_pc->interval[1]);
++ (unsigned long long)sched_pc->hold_ticks);
+ length += sprintf(buffer + length,
-+ " %d %d\n",
-+ sched_pc->prio_bias,
-+ sched_pc->vavavoom);
++ " %d\n", sched_pc->prio_bias);
+ return length;
+}
+
+#endif /* _VX_SCHED_PROC_H */
-diff -NurpP --minimal linux-2.6.35.4/kernel/vserver/signal.c linux-2.6.35.4-vs2.3.0.36.32/kernel/vserver/signal.c
---- linux-2.6.35.4/kernel/vserver/signal.c 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/kernel/vserver/signal.c 2010-08-02 17:05:06.000000000 +0200
-@@ -0,0 +1,132 @@
+diff -NurpP --minimal linux-3.9.4/kernel/vserver/signal.c linux-3.9.4-vs2.3.6.2/kernel/vserver/signal.c
+--- linux-3.9.4/kernel/vserver/signal.c 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/kernel/vserver/signal.c 2013-05-31 14:47:11.000000000 +0000
+@@ -0,0 +1,134 @@
+/*
+ * linux/kernel/vserver/signal.c
+ *
+ }
+ /* fallthrough */
+ default:
++ rcu_read_lock();
+ p = find_task_by_real_pid(pid);
++ rcu_read_unlock();
+ if (p) {
+ if (vx_task_xid(p) == vxi->vx_id)
+ retval = group_send_sig_info(sig, sip, p);
+ return ret;
+}
+
-diff -NurpP --minimal linux-2.6.35.4/kernel/vserver/space.c linux-2.6.35.4-vs2.3.0.36.32/kernel/vserver/space.c
---- linux-2.6.35.4/kernel/vserver/space.c 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/kernel/vserver/space.c 2010-08-02 17:05:06.000000000 +0200
-@@ -0,0 +1,375 @@
+diff -NurpP --minimal linux-3.9.4/kernel/vserver/space.c linux-3.9.4-vs2.3.6.2/kernel/vserver/space.c
+--- linux-3.9.4/kernel/vserver/space.c 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/kernel/vserver/space.c 2013-05-31 14:47:11.000000000 +0000
+@@ -0,0 +1,436 @@
+/*
+ * linux/kernel/vserver/space.c
+ *
+ * Virtual Server: Context Space Support
+ *
-+ * Copyright (C) 2003-2007 Herbert Pötzl
++ * Copyright (C) 2003-2010 Herbert Pötzl
+ *
+ * V0.01 broken out from context.c 0.07
+ * V0.02 added task locking for namespace
+ * V0.03 broken out vx_enter_namespace
+ * V0.04 added *space support and commands
++ * V0.05 added credential support
+ *
+ */
+
+#include <linux/nsproxy.h>
+#include <linux/err.h>
+#include <linux/fs_struct.h>
++#include <linux/cred.h>
+#include <asm/uaccess.h>
+
+#include <linux/vs_context.h>
+#include <linux/pid_namespace.h>
+#include <linux/ipc_namespace.h>
+#include <net/net_namespace.h>
++#include "../fs/mount.h"
+
+
+static const struct vcmd_space_mask_v1 space_mask_v0 = {
+ .mask = CLONE_FS |
+ CLONE_NEWNS |
++#ifdef CONFIG_UTS_NS
+ CLONE_NEWUTS |
++#endif
++#ifdef CONFIG_IPC_NS
+ CLONE_NEWIPC |
++#endif
++#ifdef CONFIG_USER_NS
+ CLONE_NEWUSER |
++#endif
+ 0
+};
+
+static const struct vcmd_space_mask_v1 space_mask = {
+ .mask = CLONE_FS |
+ CLONE_NEWNS |
++#ifdef CONFIG_UTS_NS
+ CLONE_NEWUTS |
++#endif
++#ifdef CONFIG_IPC_NS
+ CLONE_NEWIPC |
++#endif
++#ifdef CONFIG_USER_NS
+ CLONE_NEWUSER |
++#endif
+#ifdef CONFIG_PID_NS
+ CLONE_NEWPID |
+#endif
+static const struct vcmd_space_mask_v1 default_space_mask = {
+ .mask = CLONE_FS |
+ CLONE_NEWNS |
++#ifdef CONFIG_UTS_NS
+ CLONE_NEWUTS |
++#endif
++#ifdef CONFIG_IPC_NS
+ CLONE_NEWIPC |
++#endif
++#ifdef CONFIG_USER_NS
+ CLONE_NEWUSER |
++#endif
+#ifdef CONFIG_PID_NS
+// CLONE_NEWPID |
+#endif
+{
+ struct nsproxy *proxy, *proxy_cur, *proxy_new;
+ struct fs_struct *fs_cur, *fs = NULL;
++ struct _vx_space *space;
+ int ret, kill = 0;
+
+ vxdprintk(VXD_CBIT(space, 8), "vx_enter_space(%p[#%u],0x%08lx,%d)",
+ if (vx_info_flags(vxi, VXF_INFO_PRIVATE, 0))
+ return -EACCES;
+
++ if (index >= VX_SPACES)
++ return -EINVAL;
++
++ space = &vxi->space[index];
++
+ if (!mask)
-+ mask = vxi->vx_nsmask[index];
++ mask = space->vx_nsmask;
+
-+ if ((mask & vxi->vx_nsmask[index]) != mask)
++ if ((mask & space->vx_nsmask) != mask)
+ return -EINVAL;
+
+ if (mask & CLONE_FS) {
-+ fs = copy_fs_struct(vxi->vx_fs[index]);
++ fs = copy_fs_struct(space->vx_fs);
+ if (!fs)
+ return -ENOMEM;
+ }
-+ proxy = vxi->vx_nsproxy[index];
++ proxy = space->vx_nsproxy;
+
+ vxdprintk(VXD_CBIT(space, 9),
+ "vx_enter_space(%p[#%u],0x%08lx,%d) -> (%p,%p)",
+ fs_cur = current->fs;
+
+ if (mask & CLONE_FS) {
-+ write_lock(&fs_cur->lock);
++ spin_lock(&fs_cur->lock);
+ current->fs = fs;
+ kill = !--fs_cur->users;
-+ write_unlock(&fs_cur->lock);
++ spin_unlock(&fs_cur->lock);
+ }
+
+ proxy_cur = current->nsproxy;
+ }
+
+ proxy_new = xchg(¤t->nsproxy, proxy_new);
++
++ if (mask & CLONE_NEWUSER) {
++ struct cred *cred;
++
++ vxdprintk(VXD_CBIT(space, 10),
++ "vx_enter_space(%p[#%u],%p) cred (%p,%p)",
++ vxi, vxi->vx_id, space->vx_cred,
++ current->real_cred, current->cred);
++
++ if (space->vx_cred) {
++ cred = __prepare_creds(space->vx_cred);
++ if (cred)
++ commit_creds(cred);
++ }
++ }
++
+ ret = 0;
+
+ if (proxy_new)
+int vx_set_space(struct vx_info *vxi, unsigned long mask, unsigned index)
+{
+ struct nsproxy *proxy_vxi, *proxy_cur, *proxy_new;
-+ struct fs_struct *fs_vxi, *fs;
++ struct fs_struct *fs_vxi, *fs = NULL;
++ struct _vx_space *space;
+ int ret, kill = 0;
+
+ vxdprintk(VXD_CBIT(space, 8), "vx_set_space(%p[#%u],0x%08lx,%d)",
+ vxi, vxi->vx_id, mask, index);
-+#if 0
-+ if (!mask)
-+ mask = default_space_mask.mask;
-+#endif
++
+ if ((mask & space_mask.mask) != mask)
+ return -EINVAL;
+
-+ proxy_vxi = vxi->vx_nsproxy[index];
-+ fs_vxi = vxi->vx_fs[index];
++ if (index >= VX_SPACES)
++ return -EINVAL;
++
++ space = &vxi->space[index];
++
++ proxy_vxi = space->vx_nsproxy;
++ fs_vxi = space->vx_fs;
+
+ if (mask & CLONE_FS) {
+ fs = copy_fs_struct(current->fs);
+ task_lock(current);
+
+ if (mask & CLONE_FS) {
-+ write_lock(&fs_vxi->lock);
-+ vxi->vx_fs[index] = fs;
++ spin_lock(&fs_vxi->lock);
++ space->vx_fs = fs;
+ kill = !--fs_vxi->users;
-+ write_unlock(&fs_vxi->lock);
++ spin_unlock(&fs_vxi->lock);
+ }
+
+ proxy_cur = current->nsproxy;
+ goto out_put;
+ }
+
-+ proxy_new = xchg(&vxi->vx_nsproxy[index], proxy_new);
-+ vxi->vx_nsmask[index] |= mask;
++ proxy_new = xchg(&space->vx_nsproxy, proxy_new);
++ space->vx_nsmask |= mask;
++
++ if (mask & CLONE_NEWUSER) {
++ struct cred *cred;
++
++ vxdprintk(VXD_CBIT(space, 10),
++ "vx_set_space(%p[#%u],%p) cred (%p,%p)",
++ vxi, vxi->vx_id, space->vx_cred,
++ current->real_cred, current->cred);
++
++ cred = prepare_creds();
++ cred = (struct cred *)xchg(&space->vx_cred, cred);
++ if (cred)
++ abort_creds(cred);
++ }
++
+ ret = 0;
+
+ if (proxy_new)
+ return 0;
+}
+
-diff -NurpP --minimal linux-2.6.35.4/kernel/vserver/switch.c linux-2.6.35.4-vs2.3.0.36.32/kernel/vserver/switch.c
---- linux-2.6.35.4/kernel/vserver/switch.c 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/kernel/vserver/switch.c 2010-08-02 17:05:06.000000000 +0200
-@@ -0,0 +1,546 @@
+diff -NurpP --minimal linux-3.9.4/kernel/vserver/switch.c linux-3.9.4-vs2.3.6.2/kernel/vserver/switch.c
+--- linux-3.9.4/kernel/vserver/switch.c 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/kernel/vserver/switch.c 2013-05-31 14:47:11.000000000 +0000
+@@ -0,0 +1,556 @@
+/*
+ * linux/kernel/vserver/switch.c
+ *
+ * Virtual Server: Syscall Switch
+ *
-+ * Copyright (C) 2003-2007 Herbert Pötzl
++ * Copyright (C) 2003-2011 Herbert Pötzl
+ *
+ * V0.01 syscall switch
+ * V0.02 added signal to context
+ * V0.09 added tag commands
+ * V0.10 added oom bias
+ * V0.11 added device commands
++ * V0.12 added warn mask
+ *
+ */
+
+ case VCMD_get_space_default:
+ return vc_get_space_mask(data, -1);
+
++ case VCMD_set_umask:
++ return vc_set_umask(vxi, data);
++
++ case VCMD_get_umask:
++ return vc_get_umask(vxi, data);
++
++ case VCMD_set_wmask:
++ return vc_set_wmask(vxi, data);
++
++ case VCMD_get_wmask:
++ return vc_get_wmask(vxi, data);
+#ifdef CONFIG_IA32_EMULATION
+ case VCMD_get_rlimit:
+ return __COMPAT(vc_get_rlimit, vxi, data, compat);
+ case VCMD_get_ncaps:
+ return vc_get_ncaps(nxi, data);
+
-+ case VCMD_set_sched_v4:
-+ return vc_set_sched_v4(vxi, data);
-+ /* this is version 5 */
-+ case VCMD_set_sched:
-+ return vc_set_sched(vxi, data);
-+ case VCMD_get_sched:
-+ return vc_get_sched(vxi, data);
-+ case VCMD_sched_info:
-+ return vc_sched_info(vxi, data);
-+
++ case VCMD_set_prio_bias:
++ return vc_set_prio_bias(vxi, data);
++ case VCMD_get_prio_bias:
++ return vc_get_prio_bias(vxi, data);
+ case VCMD_add_dlimit:
+ return __COMPAT(vc_add_dlimit, id, data, compat);
+ case VCMD_rem_dlimit:
+ case VCMD_net_remove:
+ return vc_net_remove(nxi, data);
+
++ case VCMD_net_add_ipv4_v1:
++ return vc_net_add_ipv4_v1(nxi, data);
++ /* this is version 2 */
+ case VCMD_net_add_ipv4:
+ return vc_net_add_ipv4(nxi, data);
-+ case VCMD_net_remove_ipv4:
-+ return vc_net_remove_ipv4(nxi, data);
++
++ case VCMD_net_rem_ipv4_v1:
++ return vc_net_rem_ipv4_v1(nxi, data);
++ /* this is version 2 */
++ case VCMD_net_rem_ipv4:
++ return vc_net_rem_ipv4(nxi, data);
+#ifdef CONFIG_IPV6
+ case VCMD_net_add_ipv6:
+ return vc_net_add_ipv6(nxi, data);
+ case VCMD_read_history:
+ return __COMPAT(vc_read_history, id, data, compat);
+#endif
-+#ifdef CONFIG_VSERVER_MONITOR
-+ case VCMD_read_monitor:
-+ return __COMPAT(vc_read_monitor, id, data, compat);
-+#endif
+ default:
+ vxwprintk_task(1, "unimplemented VCMD_%02d_%d[%d]",
+ VC_CATEGORY(cmd), VC_COMMAND(cmd), VC_VERSION(cmd));
+ __VCMD(get_bcaps, 3, VCA_VXI, VCF_INFO);
+ __VCMD(get_ccaps, 3, VCA_VXI, VCF_INFO);
+ __VCMD(get_cflags, 3, VCA_VXI, VCF_INFO);
++ __VCMD(get_umask, 3, VCA_VXI, VCF_INFO);
++ __VCMD(get_wmask, 3, VCA_VXI, VCF_INFO);
+ __VCMD(get_badness, 3, VCA_VXI, VCF_INFO);
+ __VCMD(get_vhi_name, 3, VCA_VXI, VCF_INFO);
+ __VCMD(get_rlimit, 3, VCA_VXI, VCF_INFO);
+ __VCMD(get_iattr, 2, VCA_NONE, 0);
+ __VCMD(fget_iattr, 2, VCA_NONE, 0);
+ __VCMD(get_dlimit, 3, VCA_NONE, VCF_INFO);
-+ __VCMD(get_sched, 3, VCA_VXI, VCF_INFO);
-+ __VCMD(sched_info, 3, VCA_VXI, VCF_INFO | VCF_ZIDOK);
++ __VCMD(get_prio_bias, 3, VCA_VXI, VCF_INFO);
+
+ /* lower admin commands */
+ __VCMD(wait_exit, 4, VCA_VXI, VCF_INFO);
+ __VCMD(set_ccaps, 7, VCA_VXI, VCF_ARES | VCF_SETUP);
+ __VCMD(set_bcaps, 7, VCA_VXI, VCF_ARES | VCF_SETUP);
+ __VCMD(set_cflags, 7, VCA_VXI, VCF_ARES | VCF_SETUP);
++ __VCMD(set_umask, 7, VCA_VXI, VCF_ARES | VCF_SETUP);
++ __VCMD(set_wmask, 7, VCA_VXI, VCF_ARES | VCF_SETUP);
+ __VCMD(set_badness, 7, VCA_VXI, VCF_ARES | VCF_SETUP);
+
+ __VCMD(set_vhi_name, 7, VCA_VXI, VCF_ARES | VCF_SETUP);
+ __VCMD(set_rlimit, 7, VCA_VXI, VCF_ARES | VCF_SETUP);
-+ __VCMD(set_sched, 7, VCA_VXI, VCF_ARES | VCF_SETUP);
-+ __VCMD(set_sched_v4, 7, VCA_VXI, VCF_ARES | VCF_SETUP);
++ __VCMD(set_prio_bias, 7, VCA_VXI, VCF_ARES | VCF_SETUP);
+
+ __VCMD(set_ncaps, 7, VCA_NXI, VCF_ARES | VCF_SETUP);
+ __VCMD(set_nflags, 7, VCA_NXI, VCF_ARES | VCF_SETUP);
+ __VCMD(net_add, 8, VCA_NXI, VCF_ARES | VCF_SETUP);
+ __VCMD(net_remove, 8, VCA_NXI, VCF_ARES | VCF_SETUP);
++ __VCMD(net_add_ipv4_v1, 8, VCA_NXI, VCF_ARES | VCF_SETUP);
++ __VCMD(net_rem_ipv4_v1, 8, VCA_NXI, VCF_ARES | VCF_SETUP);
+ __VCMD(net_add_ipv4, 8, VCA_NXI, VCF_ARES | VCF_SETUP);
-+ __VCMD(net_remove_ipv4, 8, VCA_NXI, VCF_ARES | VCF_SETUP);
++ __VCMD(net_rem_ipv4, 8, VCA_NXI, VCF_ARES | VCF_SETUP);
+#ifdef CONFIG_IPV6
+ __VCMD(net_add_ipv6, 8, VCA_NXI, VCF_ARES | VCF_SETUP);
+ __VCMD(net_remove_ipv6, 8, VCA_NXI, VCF_ARES | VCF_SETUP);
+ __VCMD(dump_history, 9, VCA_NONE, 0);
+ __VCMD(read_history, 9, VCA_NONE, 0);
+#endif
-+#ifdef CONFIG_VSERVER_MONITOR
-+ __VCMD(read_monitor, 9, VCA_NONE, 0);
-+#endif
+
+ default:
+ perm = -1;
+}
+
+#endif /* CONFIG_COMPAT */
-diff -NurpP --minimal linux-2.6.35.4/kernel/vserver/sysctl.c linux-2.6.35.4-vs2.3.0.36.32/kernel/vserver/sysctl.c
---- linux-2.6.35.4/kernel/vserver/sysctl.c 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/kernel/vserver/sysctl.c 2010-08-02 17:05:06.000000000 +0200
-@@ -0,0 +1,241 @@
+diff -NurpP --minimal linux-3.9.4/kernel/vserver/sysctl.c linux-3.9.4-vs2.3.6.2/kernel/vserver/sysctl.c
+--- linux-3.9.4/kernel/vserver/sysctl.c 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/kernel/vserver/sysctl.c 2013-05-31 14:47:11.000000000 +0000
+@@ -0,0 +1,247 @@
+/*
+ * kernel/vserver/sysctl.c
+ *
+ CTL_DEBUG_QUOTA,
+ CTL_DEBUG_CVIRT,
+ CTL_DEBUG_SPACE,
++ CTL_DEBUG_PERM,
+ CTL_DEBUG_MISC,
+};
+
+
-+unsigned int vx_debug_switch = 0;
-+unsigned int vx_debug_xid = 0;
-+unsigned int vx_debug_nid = 0;
-+unsigned int vx_debug_tag = 0;
-+unsigned int vx_debug_net = 0;
-+unsigned int vx_debug_limit = 0;
-+unsigned int vx_debug_cres = 0;
-+unsigned int vx_debug_dlim = 0;
-+unsigned int vx_debug_quota = 0;
-+unsigned int vx_debug_cvirt = 0;
-+unsigned int vx_debug_space = 0;
-+unsigned int vx_debug_misc = 0;
++unsigned int vs_debug_switch = 0;
++unsigned int vs_debug_xid = 0;
++unsigned int vs_debug_nid = 0;
++unsigned int vs_debug_tag = 0;
++unsigned int vs_debug_net = 0;
++unsigned int vs_debug_limit = 0;
++unsigned int vs_debug_cres = 0;
++unsigned int vs_debug_dlim = 0;
++unsigned int vs_debug_quota = 0;
++unsigned int vs_debug_cvirt = 0;
++unsigned int vs_debug_space = 0;
++unsigned int vs_debug_perm = 0;
++unsigned int vs_debug_misc = 0;
+
+
+static struct ctl_table_header *vserver_table_header;
+#define CTL_ENTRY(ctl, name) \
+ { \
+ .procname = #name, \
-+ .data = &vx_ ## name, \
++ .data = &vs_ ## name, \
+ .maxlen = sizeof(int), \
+ .mode = 0644, \
+ .proc_handler = &proc_dodebug, \
+ CTL_ENTRY(CTL_DEBUG_QUOTA, debug_quota),
+ CTL_ENTRY(CTL_DEBUG_CVIRT, debug_cvirt),
+ CTL_ENTRY(CTL_DEBUG_SPACE, debug_space),
++ CTL_ENTRY(CTL_DEBUG_PERM, debug_perm),
+ CTL_ENTRY(CTL_DEBUG_MISC, debug_misc),
+ { 0 }
+};
+ { CTL_DEBUG_QUOTA, "quota=%x" },
+ { CTL_DEBUG_CVIRT, "cvirt=%x" },
+ { CTL_DEBUG_SPACE, "space=%x" },
++ { CTL_DEBUG_PERM, "perm=%x" },
+ { CTL_DEBUG_MISC, "misc=%x" },
+ { CTL_DEBUG_ERROR, NULL }
+};
+
+#define HANDLE_CASE(id, name, val) \
+ case CTL_DEBUG_ ## id: \
-+ vx_debug_ ## name = val; \
++ vs_debug_ ## name = val; \
+ printk("vs_debug_" #name "=0x%x\n", val); \
+ break
+
+ HANDLE_CASE(QUOTA, quota, value);
+ HANDLE_CASE(CVIRT, cvirt, value);
+ HANDLE_CASE(SPACE, space, value);
++ HANDLE_CASE(PERM, perm, value);
+ HANDLE_CASE(MISC, misc, value);
+ default:
+ return -EINVAL;
+
+
+
-+EXPORT_SYMBOL_GPL(vx_debug_switch);
-+EXPORT_SYMBOL_GPL(vx_debug_xid);
-+EXPORT_SYMBOL_GPL(vx_debug_nid);
-+EXPORT_SYMBOL_GPL(vx_debug_net);
-+EXPORT_SYMBOL_GPL(vx_debug_limit);
-+EXPORT_SYMBOL_GPL(vx_debug_cres);
-+EXPORT_SYMBOL_GPL(vx_debug_dlim);
-+EXPORT_SYMBOL_GPL(vx_debug_quota);
-+EXPORT_SYMBOL_GPL(vx_debug_cvirt);
-+EXPORT_SYMBOL_GPL(vx_debug_space);
-+EXPORT_SYMBOL_GPL(vx_debug_misc);
++EXPORT_SYMBOL_GPL(vs_debug_switch);
++EXPORT_SYMBOL_GPL(vs_debug_xid);
++EXPORT_SYMBOL_GPL(vs_debug_nid);
++EXPORT_SYMBOL_GPL(vs_debug_net);
++EXPORT_SYMBOL_GPL(vs_debug_limit);
++EXPORT_SYMBOL_GPL(vs_debug_cres);
++EXPORT_SYMBOL_GPL(vs_debug_dlim);
++EXPORT_SYMBOL_GPL(vs_debug_quota);
++EXPORT_SYMBOL_GPL(vs_debug_cvirt);
++EXPORT_SYMBOL_GPL(vs_debug_space);
++EXPORT_SYMBOL_GPL(vs_debug_perm);
++EXPORT_SYMBOL_GPL(vs_debug_misc);
+
-diff -NurpP --minimal linux-2.6.35.4/kernel/vserver/tag.c linux-2.6.35.4-vs2.3.0.36.32/kernel/vserver/tag.c
---- linux-2.6.35.4/kernel/vserver/tag.c 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/kernel/vserver/tag.c 2010-08-02 17:05:06.000000000 +0200
+diff -NurpP --minimal linux-3.9.4/kernel/vserver/tag.c linux-3.9.4-vs2.3.6.2/kernel/vserver/tag.c
+--- linux-3.9.4/kernel/vserver/tag.c 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/kernel/vserver/tag.c 2013-05-31 14:47:11.000000000 +0000
@@ -0,0 +1,63 @@
+/*
+ * linux/kernel/vserver/tag.c
+
+ if (id) {
+ struct task_struct *tsk;
-+ read_lock(&tasklist_lock);
++ rcu_read_lock();
+ tsk = find_task_by_real_pid(id);
+ tag = (tsk) ? tsk->tag : -ESRCH;
-+ read_unlock(&tasklist_lock);
++ rcu_read_unlock();
+ } else
+ tag = dx_current_tag();
+ return tag;
+}
+
+
-diff -NurpP --minimal linux-2.6.35.4/kernel/vserver/vci_config.h linux-2.6.35.4-vs2.3.0.36.32/kernel/vserver/vci_config.h
---- linux-2.6.35.4/kernel/vserver/vci_config.h 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/kernel/vserver/vci_config.h 2010-08-02 17:05:06.000000000 +0200
-@@ -0,0 +1,85 @@
+diff -NurpP --minimal linux-3.9.4/kernel/vserver/vci_config.h linux-3.9.4-vs2.3.6.2/kernel/vserver/vci_config.h
+--- linux-3.9.4/kernel/vserver/vci_config.h 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/kernel/vserver/vci_config.h 2013-05-31 14:47:11.000000000 +0000
+@@ -0,0 +1,80 @@
+
+/* interface version */
+
-+#define VCI_VERSION 0x00020306
++#define VCI_VERSION 0x00020308
+
+
+enum {
+ VCI_KCBIT_NO_DYNAMIC = 0,
+
+ VCI_KCBIT_PROC_SECURE = 4,
-+ VCI_KCBIT_HARDCPU = 5,
-+ VCI_KCBIT_IDLELIMIT = 6,
-+ VCI_KCBIT_IDLETIME = 7,
++ /* VCI_KCBIT_HARDCPU = 5, */
++ /* VCI_KCBIT_IDLELIMIT = 6, */
++ /* VCI_KCBIT_IDLETIME = 7, */
+
+ VCI_KCBIT_COWBL = 8,
+ VCI_KCBIT_FULLCOWBL = 9,
+ VCI_KCBIT_SPACES = 10,
+ VCI_KCBIT_NETV2 = 11,
+ VCI_KCBIT_MEMCG = 12,
++ VCI_KCBIT_MEMCG_SWAP = 13,
+
+ VCI_KCBIT_DEBUG = 16,
+ VCI_KCBIT_HISTORY = 20,
+#ifdef CONFIG_VSERVER_PROC_SECURE
+ (1 << VCI_KCBIT_PROC_SECURE) |
+#endif
-+#ifdef CONFIG_VSERVER_HARDCPU
-+ (1 << VCI_KCBIT_HARDCPU) |
-+#endif
-+#ifdef CONFIG_VSERVER_IDLELIMIT
-+ (1 << VCI_KCBIT_IDLELIMIT) |
-+#endif
-+#ifdef CONFIG_VSERVER_IDLETIME
-+ (1 << VCI_KCBIT_IDLETIME) |
-+#endif
+#ifdef CONFIG_VSERVER_COWBL
+ (1 << VCI_KCBIT_COWBL) |
+ (1 << VCI_KCBIT_FULLCOWBL) |
+#endif
+ (1 << VCI_KCBIT_SPACES) |
+ (1 << VCI_KCBIT_NETV2) |
-+#ifdef CONFIG_CGROUP_MEM_RES_CTLR
++#ifdef CONFIG_MEMCG
+ (1 << VCI_KCBIT_MEMCG) |
+#endif
++#ifdef CONFIG_MEMCG_SWAP
++ (1 << VCI_KCBIT_MEMCG_SWAP) |
++#endif
+
+ /* debug options */
+#ifdef CONFIG_VSERVER_DEBUG
+ 0;
+}
+
-diff -NurpP --minimal linux-2.6.35.4/mm/filemap_xip.c linux-2.6.35.4-vs2.3.0.36.32/mm/filemap_xip.c
---- linux-2.6.35.4/mm/filemap_xip.c 2010-07-07 18:31:58.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/mm/filemap_xip.c 2010-08-02 17:05:06.000000000 +0200
-@@ -18,6 +18,7 @@
- #include <linux/seqlock.h>
- #include <linux/mutex.h>
- #include <linux/gfp.h>
-+#include <linux/vs_memory.h>
- #include <asm/tlbflush.h>
- #include <asm/io.h>
-
-diff -NurpP --minimal linux-2.6.35.4/mm/fremap.c linux-2.6.35.4-vs2.3.0.36.32/mm/fremap.c
---- linux-2.6.35.4/mm/fremap.c 2010-07-07 18:31:58.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/mm/fremap.c 2010-08-02 17:05:06.000000000 +0200
-@@ -16,6 +16,7 @@
- #include <linux/module.h>
- #include <linux/syscalls.h>
- #include <linux/mmu_notifier.h>
-+#include <linux/vs_memory.h>
-
- #include <asm/mmu_context.h>
- #include <asm/cacheflush.h>
-diff -NurpP --minimal linux-2.6.35.4/mm/hugetlb.c linux-2.6.35.4-vs2.3.0.36.32/mm/hugetlb.c
---- linux-2.6.35.4/mm/hugetlb.c 2010-08-02 16:52:58.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/mm/hugetlb.c 2010-08-02 17:05:06.000000000 +0200
-@@ -25,6 +25,7 @@
-
- #include <linux/hugetlb.h>
- #include <linux/node.h>
-+#include <linux/vs_memory.h>
- #include "internal.h"
-
- const unsigned long hugetlb_zero = 0, hugetlb_infinity = ~0UL;
-diff -NurpP --minimal linux-2.6.35.4/mm/memcontrol.c linux-2.6.35.4-vs2.3.0.36.32/mm/memcontrol.c
---- linux-2.6.35.4/mm/memcontrol.c 2010-08-02 16:52:58.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/mm/memcontrol.c 2010-08-02 17:05:06.000000000 +0200
-@@ -635,6 +635,31 @@ struct mem_cgroup *mem_cgroup_from_task(
- struct mem_cgroup, css);
+diff -NurpP --minimal linux-3.9.4/mm/memcontrol.c linux-3.9.4-vs2.3.6.2/mm/memcontrol.c
+--- linux-3.9.4/mm/memcontrol.c 2013-05-31 13:45:31.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/mm/memcontrol.c 2013-05-31 14:47:11.000000000 +0000
+@@ -1046,6 +1046,31 @@ struct mem_cgroup *mem_cgroup_from_task(
+ return mem_cgroup_from_css(task_subsys_state(p, mem_cgroup_subsys_id));
}
+u64 mem_cgroup_res_read_u64(struct mem_cgroup *mem, int member)
+ return mem_cgroup_read_stat(mem, MEM_CGROUP_STAT_FILE_MAPPED);
+}
+
- static struct mem_cgroup *try_get_mem_cgroup_from_mm(struct mm_struct *mm)
- {
- struct mem_cgroup *mem = NULL;
-diff -NurpP --minimal linux-2.6.35.4/mm/memory.c linux-2.6.35.4-vs2.3.0.36.32/mm/memory.c
---- linux-2.6.35.4/mm/memory.c 2010-09-05 01:41:57.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/mm/memory.c 2010-09-06 02:59:52.000000000 +0200
-@@ -3107,6 +3107,7 @@ static inline int handle_pte_fault(struc
- {
- pte_t entry;
- spinlock_t *ptl;
-+ int ret = 0, type = VXPT_UNKNOWN;
-
- entry = *pte;
- if (!pte_present(entry)) {
-@@ -3131,9 +3132,12 @@ static inline int handle_pte_fault(struc
- if (unlikely(!pte_same(*pte, entry)))
- goto unlock;
- if (flags & FAULT_FLAG_WRITE) {
-- if (!pte_write(entry))
-- return do_wp_page(mm, vma, address,
-+ if (!pte_write(entry)) {
-+ ret = do_wp_page(mm, vma, address,
- pte, pmd, ptl, entry);
-+ type = VXPT_WRITE;
-+ goto out;
-+ }
- entry = pte_mkdirty(entry);
- }
- entry = pte_mkyoung(entry);
-@@ -3151,7 +3155,10 @@ static inline int handle_pte_fault(struc
- }
- unlock:
- pte_unmap_unlock(pte, ptl);
-- return 0;
-+ ret = 0;
-+out:
-+ vx_page_fault(mm, vma, type, ret);
-+ return ret;
- }
-
- /*
-diff -NurpP --minimal linux-2.6.35.4/mm/mlock.c linux-2.6.35.4-vs2.3.0.36.32/mm/mlock.c
---- linux-2.6.35.4/mm/mlock.c 2010-09-05 01:41:57.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/mm/mlock.c 2010-09-06 02:59:52.000000000 +0200
-@@ -18,6 +18,7 @@
- #include <linux/rmap.h>
- #include <linux/mmzone.h>
- #include <linux/hugetlb.h>
-+#include <linux/vs_memory.h>
-
- #include "internal.h"
-
-@@ -490,7 +491,7 @@ static int do_mlock(unsigned long start,
-
- SYSCALL_DEFINE2(mlock, unsigned long, start, size_t, len)
- {
-- unsigned long locked;
-+ unsigned long locked, grow;
- unsigned long lock_limit;
- int error = -ENOMEM;
-
-@@ -512,6 +513,7 @@ SYSCALL_DEFINE2(mlock, unsigned long, st
- /* check against resource limits */
- if ((locked <= lock_limit) || capable(CAP_IPC_LOCK))
- error = do_mlock(start, len, 1);
-+out:
- up_write(¤t->mm->mmap_sem);
- return error;
- }
-diff -NurpP --minimal linux-2.6.35.4/mm/mremap.c linux-2.6.35.4-vs2.3.0.36.32/mm/mremap.c
---- linux-2.6.35.4/mm/mremap.c 2010-07-07 18:31:58.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/mm/mremap.c 2010-08-02 17:05:06.000000000 +0200
-@@ -19,6 +19,7 @@
- #include <linux/security.h>
- #include <linux/syscalls.h>
- #include <linux/mmu_notifier.h>
-+#include <linux/vs_memory.h>
-
- #include <asm/uaccess.h>
- #include <asm/cacheflush.h>
-diff -NurpP --minimal linux-2.6.35.4/mm/oom_kill.c linux-2.6.35.4-vs2.3.0.36.32/mm/oom_kill.c
---- linux-2.6.35.4/mm/oom_kill.c 2010-08-02 16:52:58.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/mm/oom_kill.c 2010-08-02 17:05:06.000000000 +0200
-@@ -28,6 +28,9 @@
- #include <linux/notifier.h>
- #include <linux/memcontrol.h>
- #include <linux/security.h>
-+#include <linux/reboot.h>
-+#include <linux/vs_memory.h>
-+#include <linux/vs_context.h>
-
- int sysctl_panic_on_oom;
- int sysctl_oom_kill_allocating_task;
-@@ -187,9 +190,21 @@ unsigned long badness(struct task_struct
- points >>= -(oom_adj);
- }
-
-+ /*
-+ * add points for context badness and
-+ * reduce badness for processes belonging to
-+ * a different context
-+ */
-+
-+ points += vx_badness(p, mm);
-+
-+ if ((vx_current_xid() > 1) &&
-+ vx_current_xid() != vx_task_xid(p))
-+ points /= 16;
-+
- #ifdef DEBUG
-- printk(KERN_DEBUG "OOMkill: task %d (%s) got %lu points\n",
-- p->pid, p->comm, points);
-+ printk(KERN_DEBUG "OOMkill: task %d:#%u (%s) got %d points\n",
-+ task_pid_nr(p), p->xid, p->comm, points);
- #endif
- return points;
- }
-@@ -250,6 +265,7 @@ static struct task_struct *select_bad_pr
- struct task_struct *p;
- struct task_struct *chosen = NULL;
- struct timespec uptime;
-+ unsigned xid = vx_current_xid();
- *ppoints = 0;
-
- do_posix_clock_monotonic_gettime(&uptime);
-@@ -262,11 +278,14 @@ static struct task_struct *select_bad_pr
- */
- if (!p->mm)
- continue;
-- /* skip the init task */
-- if (is_global_init(p))
-+ /* skip the init task, global and per guest */
-+ if (task_is_init(p))
- continue;
- if (mem && !task_in_mem_cgroup(p, mem))
- continue;
-+ /* skip other guest and host processes if oom in guest */
-+ if (xid && vx_task_xid(p) != xid)
-+ continue;
-
- /*
- * This task already has access to memory reserves and is
-@@ -398,9 +417,9 @@ static void __oom_kill_task(struct task_
- }
-
- if (verbose)
-- printk(KERN_ERR "Killed process %d (%s) "
-+ printk(KERN_ERR "Killed process %s(%d:#%u) "
- "vsz:%lukB, anon-rss:%lukB, file-rss:%lukB\n",
-- task_pid_nr(p), p->comm,
-+ p->comm, task_pid_nr(p), p->xid,
- K(p->mm->total_vm),
- K(get_mm_counter(p->mm, MM_ANONPAGES)),
- K(get_mm_counter(p->mm, MM_FILEPAGES)));
-@@ -453,8 +472,8 @@ static int oom_kill_process(struct task_
- return 0;
- }
+ struct mem_cgroup *try_get_mem_cgroup_from_mm(struct mm_struct *mm)
+ {
+ struct mem_cgroup *memcg = NULL;
+diff -NurpP --minimal linux-3.9.4/mm/oom_kill.c linux-3.9.4-vs2.3.6.2/mm/oom_kill.c
+--- linux-3.9.4/mm/oom_kill.c 2013-05-31 13:45:31.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/mm/oom_kill.c 2013-05-31 14:47:11.000000000 +0000
+@@ -35,6 +35,8 @@
+ #include <linux/freezer.h>
+ #include <linux/ftrace.h>
+ #include <linux/ratelimit.h>
++#include <linux/reboot.h>
++#include <linux/vs_context.h>
-- printk(KERN_ERR "%s: kill process %d (%s) score %li or a child\n",
-- message, task_pid_nr(p), p->comm, points);
-+ printk(KERN_ERR "%s: kill process %s(%d:#%u) score %li or a child\n",
-+ message, p->comm, task_pid_nr(p), p->xid, points);
+ #define CREATE_TRACE_POINTS
+ #include <trace/events/oom.h>
+@@ -113,11 +115,18 @@ struct task_struct *find_lock_task_mm(st
+ static bool oom_unkillable_task(struct task_struct *p,
+ const struct mem_cgroup *memcg, const nodemask_t *nodemask)
+ {
+- if (is_global_init(p))
++ unsigned xid = vx_current_xid();
++
++ /* skip the init task, global and per guest */
++ if (task_is_init(p))
+ return true;
+ if (p->flags & PF_KTHREAD)
+ return true;
+
++ /* skip other guest and host processes if oom in guest */
++ if (xid && vx_task_xid(p) != xid)
++ return true;
++
+ /* When mem_cgroup_out_of_memory() and p is not member of the group */
+ if (memcg && !task_in_mem_cgroup(p, memcg))
+ return true;
+@@ -426,8 +435,8 @@ void oom_kill_process(struct task_struct
+ dump_header(p, gfp_mask, order, memcg, nodemask);
+
+ task_lock(p);
+- pr_err("%s: Kill process %d (%s) score %d or sacrifice child\n",
+- message, task_pid_nr(p), p->comm, points);
++ pr_err("%s: Kill process %d:#%u (%s) score %d or sacrifice child\n",
++ message, task_pid_nr(p), p->xid, p->comm, points);
+ task_unlock(p);
- /* Try to kill a child first */
- list_for_each_entry(c, &p->children, sibling) {
-@@ -554,6 +573,8 @@ void clear_zonelist_oom(struct zonelist
- spin_unlock(&zone_scan_lock);
+ /*
+@@ -472,8 +481,8 @@ void oom_kill_process(struct task_struct
+
+ /* mm cannot safely be dereferenced after task_unlock(victim) */
+ mm = victim->mm;
+- pr_err("Killed process %d (%s) total-vm:%lukB, anon-rss:%lukB, file-rss:%lukB\n",
+- task_pid_nr(victim), victim->comm, K(victim->mm->total_vm),
++ pr_err("Killed process %d:#%u (%s) total-vm:%lukB, anon-rss:%lukB, file-rss:%lukB\n",
++ task_pid_nr(victim), victim->xid, victim->comm, K(victim->mm->total_vm),
+ K(get_mm_counter(victim->mm, MM_ANONPAGES)),
+ K(get_mm_counter(victim->mm, MM_FILEPAGES)));
+ task_unlock(victim);
+@@ -543,6 +552,8 @@ int unregister_oom_notifier(struct notif
}
+ EXPORT_SYMBOL_GPL(unregister_oom_notifier);
+long vs_oom_action(unsigned int);
+
/*
- * Must be called with tasklist_lock held for read.
- */
-@@ -580,7 +601,11 @@ retry:
+ * Try to acquire the OOM killer lock for the zones in zonelist. Returns zero
+ * if a parallel OOM killing is already taking place that includes a zone in
+@@ -655,7 +666,12 @@ void out_of_memory(struct zonelist *zone
+ /* Found nothing?!?! Either we hang forever, or we panic. */
if (!p) {
- read_unlock(&tasklist_lock);
- dump_header(NULL, gfp_mask, order, NULL);
+ dump_header(NULL, gfp_mask, order, NULL, mpol_mask);
- panic("Out of memory and no killable processes...\n");
++
+ /* avoid panic for guest OOM */
-+ if (current->xid)
++ if (vx_current_xid())
+ vs_oom_action(LINUX_REBOOT_CMD_OOM);
+ else
+ panic("Out of memory and no killable processes...\n");
}
-
- if (oom_kill_process(p, gfp_mask, order, points, NULL,
-diff -NurpP --minimal linux-2.6.35.4/mm/page_alloc.c linux-2.6.35.4-vs2.3.0.36.32/mm/page_alloc.c
---- linux-2.6.35.4/mm/page_alloc.c 2010-08-02 16:52:58.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/mm/page_alloc.c 2010-08-02 17:46:11.000000000 +0200
-@@ -52,6 +52,8 @@
- #include <linux/compaction.h>
- #include <trace/events/kmem.h>
- #include <linux/ftrace_event.h>
+ if (PTR_ERR(p) != -1UL) {
+ oom_kill_process(p, gfp_mask, order, points, totalpages, NULL,
+diff -NurpP --minimal linux-3.9.4/mm/page_alloc.c linux-3.9.4-vs2.3.6.2/mm/page_alloc.c
+--- linux-3.9.4/mm/page_alloc.c 2013-05-31 13:45:31.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/mm/page_alloc.c 2013-05-31 15:08:50.000000000 +0000
+@@ -59,6 +59,8 @@
+ #include <linux/migrate.h>
+ #include <linux/page-debug-flags.h>
+ #include <linux/sched/rt.h>
+#include <linux/vs_base.h>
+#include <linux/vs_limit.h>
#include <asm/tlbflush.h>
#include <asm/div64.h>
-@@ -2305,6 +2307,9 @@ void si_meminfo(struct sysinfo *val)
+@@ -2873,6 +2875,9 @@ void si_meminfo(struct sysinfo *val)
val->totalhigh = totalhigh_pages;
val->freehigh = nr_free_highpages();
val->mem_unit = PAGE_SIZE;
}
EXPORT_SYMBOL(si_meminfo);
-@@ -2325,6 +2330,9 @@ void si_meminfo_node(struct sysinfo *val
+@@ -2893,6 +2898,9 @@ void si_meminfo_node(struct sysinfo *val
val->freehigh = 0;
#endif
val->mem_unit = PAGE_SIZE;
}
#endif
-diff -NurpP --minimal linux-2.6.35.4/mm/rmap.c linux-2.6.35.4-vs2.3.0.36.32/mm/rmap.c
---- linux-2.6.35.4/mm/rmap.c 2010-08-02 16:52:58.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/mm/rmap.c 2010-08-02 17:05:06.000000000 +0200
-@@ -56,6 +56,7 @@
- #include <linux/memcontrol.h>
- #include <linux/mmu_notifier.h>
- #include <linux/migrate.h>
-+#include <linux/vs_memory.h>
-
- #include <asm/tlbflush.h>
+diff -NurpP --minimal linux-3.9.4/mm/pgtable-generic.c linux-3.9.4-vs2.3.6.2/mm/pgtable-generic.c
+--- linux-3.9.4/mm/pgtable-generic.c 2013-02-19 13:58:57.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/mm/pgtable-generic.c 2013-05-31 14:47:11.000000000 +0000
+@@ -6,6 +6,8 @@
+ * Copyright (C) 2010 Linus Torvalds
+ */
-diff -NurpP --minimal linux-2.6.35.4/mm/shmem.c linux-2.6.35.4-vs2.3.0.36.32/mm/shmem.c
---- linux-2.6.35.4/mm/shmem.c 2010-08-02 16:52:58.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/mm/shmem.c 2010-08-02 17:05:06.000000000 +0200
-@@ -1788,7 +1788,7 @@ static int shmem_statfs(struct dentry *d
++#include <linux/mm.h>
++
+ #include <linux/pagemap.h>
+ #include <asm/tlb.h>
+ #include <asm-generic/pgtable.h>
+diff -NurpP --minimal linux-3.9.4/mm/shmem.c linux-3.9.4-vs2.3.6.2/mm/shmem.c
+--- linux-3.9.4/mm/shmem.c 2013-05-31 13:45:31.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/mm/shmem.c 2013-05-31 14:47:11.000000000 +0000
+@@ -1909,7 +1909,7 @@ static int shmem_statfs(struct dentry *d
{
struct shmem_sb_info *sbinfo = SHMEM_SB(dentry->d_sb);
+ buf->f_type = TMPFS_SUPER_MAGIC;
buf->f_bsize = PAGE_CACHE_SIZE;
buf->f_namelen = NAME_MAX;
- spin_lock(&sbinfo->stat_lock);
-@@ -2350,7 +2350,7 @@ int shmem_fill_super(struct super_block
- sb->s_maxbytes = SHMEM_MAX_BYTES;
+ if (sbinfo->max_blocks) {
+@@ -2606,7 +2606,7 @@ int shmem_fill_super(struct super_block
+ sb->s_maxbytes = MAX_LFS_FILESIZE;
sb->s_blocksize = PAGE_CACHE_SIZE;
sb->s_blocksize_bits = PAGE_CACHE_SHIFT;
- sb->s_magic = TMPFS_MAGIC;
+ sb->s_magic = TMPFS_SUPER_MAGIC;
sb->s_op = &shmem_ops;
sb->s_time_gran = 1;
- #ifdef CONFIG_TMPFS_POSIX_ACL
-diff -NurpP --minimal linux-2.6.35.4/mm/slab.c linux-2.6.35.4-vs2.3.0.36.32/mm/slab.c
---- linux-2.6.35.4/mm/slab.c 2010-09-05 01:41:57.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/mm/slab.c 2010-09-06 02:59:52.000000000 +0200
-@@ -408,6 +408,8 @@ static void kmem_list3_init(struct kmem_
+ #ifdef CONFIG_TMPFS_XATTR
+diff -NurpP --minimal linux-3.9.4/mm/slab.c linux-3.9.4-vs2.3.6.2/mm/slab.c
+--- linux-3.9.4/mm/slab.c 2013-05-31 13:45:31.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/mm/slab.c 2013-05-31 14:47:11.000000000 +0000
+@@ -429,6 +429,8 @@ static void kmem_list3_init(struct kmem_
#define STATS_INC_FREEMISS(x) do { } while (0)
#endif
#if DEBUG
/*
-@@ -3347,6 +3349,7 @@ retry:
+@@ -3438,6 +3440,7 @@ retry:
obj = slab_get_obj(cachep, slabp, nodeid);
check_slabp(cachep, slabp);
l3->free_objects--;
/* move slabp to correct slabp list: */
list_del(&slabp->list);
-@@ -3424,6 +3427,7 @@ __cache_alloc_node(struct kmem_cache *ca
+@@ -3517,6 +3520,7 @@ slab_alloc_node(struct kmem_cache *cache
/* ___cache_alloc_node can fall back to other nodes */
ptr = ____cache_alloc_node(cachep, flags, nodeid);
out:
+ vx_slab_alloc(cachep, flags);
local_irq_restore(save_flags);
ptr = cache_alloc_debugcheck_after(cachep, flags, ptr, caller);
- kmemleak_alloc_recursive(ptr, obj_size(cachep), 1, cachep->flags,
-@@ -3610,6 +3614,7 @@ static inline void __cache_free(struct k
+ kmemleak_alloc_recursive(ptr, cachep->object_size, 1, cachep->flags,
+@@ -3709,6 +3713,7 @@ static inline void __cache_free(struct k
check_irq_off();
kmemleak_free_recursive(objp, cachep->flags);
- objp = cache_free_debugcheck(cachep, objp, __builtin_return_address(0));
+ objp = cache_free_debugcheck(cachep, objp, caller);
+ vx_slab_free(cachep);
- kmemcheck_slab_free(cachep, objp, obj_size(cachep));
+ kmemcheck_slab_free(cachep, objp, cachep->object_size);
-diff -NurpP --minimal linux-2.6.35.4/mm/slab_vs.h linux-2.6.35.4-vs2.3.0.36.32/mm/slab_vs.h
---- linux-2.6.35.4/mm/slab_vs.h 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/mm/slab_vs.h 2010-08-02 17:05:06.000000000 +0200
+diff -NurpP --minimal linux-3.9.4/mm/slab_vs.h linux-3.9.4-vs2.3.6.2/mm/slab_vs.h
+--- linux-3.9.4/mm/slab_vs.h 1970-01-01 00:00:00.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/mm/slab_vs.h 2013-05-31 14:47:11.000000000 +0000
@@ -0,0 +1,29 @@
+
+#include <linux/vserver/context.h>
+static inline
+void vx_slab_alloc(struct kmem_cache *cachep, gfp_t flags)
+{
-+ int what = gfp_zone(cachep->gfpflags);
++ int what = gfp_zone(cachep->allocflags);
+ struct vx_info *vxi = current_vx_info();
+
+ if (!vxi)
+ return;
+
-+ atomic_add(cachep->buffer_size, &vxi->cacct.slab[what]);
++ atomic_add(cachep->size, &vxi->cacct.slab[what]);
+}
+
+static inline
+void vx_slab_free(struct kmem_cache *cachep)
+{
-+ int what = gfp_zone(cachep->gfpflags);
++ int what = gfp_zone(cachep->allocflags);
+ struct vx_info *vxi = current_vx_info();
+
+ if (!vxi)
+ return;
+
-+ atomic_sub(cachep->buffer_size, &vxi->cacct.slab[what]);
++ atomic_sub(cachep->size, &vxi->cacct.slab[what]);
+}
+
-diff -NurpP --minimal linux-2.6.35.4/mm/swapfile.c linux-2.6.35.4-vs2.3.0.36.32/mm/swapfile.c
---- linux-2.6.35.4/mm/swapfile.c 2010-09-05 01:41:57.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/mm/swapfile.c 2010-08-14 18:19:32.000000000 +0200
-@@ -35,6 +35,8 @@
+diff -NurpP --minimal linux-3.9.4/mm/swapfile.c linux-3.9.4-vs2.3.6.2/mm/swapfile.c
+--- linux-3.9.4/mm/swapfile.c 2013-05-31 13:45:31.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/mm/swapfile.c 2013-05-31 14:47:11.000000000 +0000
+@@ -39,6 +39,7 @@
#include <asm/tlbflush.h>
#include <linux/swapops.h>
#include <linux/page_cgroup.h>
+#include <linux/vs_base.h>
-+#include <linux/vs_memory.h>
static bool swap_count_continued(struct swap_info_struct *, pgoff_t,
unsigned char);
-@@ -1734,6 +1736,16 @@ static int swap_show(struct seq_file *sw
+@@ -1767,6 +1768,16 @@ static int swap_show(struct seq_file *sw
if (si == SEQ_START_TOKEN) {
seq_puts(swap,"Filename\t\t\t\tType\t\tSize\tUsed\tPriority\n");
return 0;
}
-@@ -2118,6 +2130,8 @@ void si_swapinfo(struct sysinfo *val)
- val->freeswap = nr_swap_pages + nr_to_be_unused;
+@@ -2195,6 +2206,8 @@ void si_swapinfo(struct sysinfo *val)
+ val->freeswap = atomic_long_read(&nr_swap_pages) + nr_to_be_unused;
val->totalswap = total_swap_pages + nr_to_be_unused;
spin_unlock(&swap_lock);
+ if (vx_flags(VXF_VIRT_MEM, 0))
}
/*
-diff -NurpP --minimal linux-2.6.35.4/net/core/dev.c linux-2.6.35.4-vs2.3.0.36.32/net/core/dev.c
---- linux-2.6.35.4/net/core/dev.c 2010-09-05 01:41:57.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/net/core/dev.c 2010-09-06 02:59:52.000000000 +0200
-@@ -129,6 +129,7 @@
+diff -NurpP --minimal linux-3.9.4/net/bridge/br_multicast.c linux-3.9.4-vs2.3.6.2/net/bridge/br_multicast.c
+--- linux-3.9.4/net/bridge/br_multicast.c 2013-05-31 13:45:31.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/net/bridge/br_multicast.c 2013-05-31 17:17:53.000000000 +0000
+@@ -443,7 +443,7 @@ static struct sk_buff *br_ip6_multicast_
+ ip6h->hop_limit = 1;
+ ipv6_addr_set(&ip6h->daddr, htonl(0xff020000), 0, 0, htonl(1));
+ if (ipv6_dev_get_saddr(dev_net(br->dev), br->dev, &ip6h->daddr, 0,
+- &ip6h->saddr)) {
++ &ip6h->saddr, NULL)) {
+ kfree_skb(skb);
+ return NULL;
+ }
+diff -NurpP --minimal linux-3.9.4/net/core/dev.c linux-3.9.4-vs2.3.6.2/net/core/dev.c
+--- linux-3.9.4/net/core/dev.c 2013-05-31 14:22:27.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/net/core/dev.c 2013-05-31 18:37:38.000000000 +0000
+@@ -122,6 +122,7 @@
#include <linux/in.h>
#include <linux/jhash.h>
#include <linux/random.h>
+#include <linux/vs_inet.h>
#include <trace/events/napi.h>
- #include <linux/pci.h>
-
-@@ -609,7 +610,8 @@ struct net_device *__dev_get_by_name(str
+ #include <trace/events/net.h>
+ #include <trace/events/skb.h>
+@@ -662,7 +663,8 @@ struct net_device *__dev_get_by_name(str
struct hlist_head *head = dev_name_hash(net, name);
- hlist_for_each_entry(dev, p, head, name_hlist)
+ hlist_for_each_entry(dev, head, name_hlist)
- if (!strncmp(dev->name, name, IFNAMSIZ))
+ if (!strncmp(dev->name, name, IFNAMSIZ) &&
+ nx_dev_visible(current_nx_info(), dev))
return dev;
return NULL;
-@@ -635,7 +637,8 @@ struct net_device *dev_get_by_name_rcu(s
+@@ -687,7 +689,8 @@ struct net_device *dev_get_by_name_rcu(s
struct hlist_head *head = dev_name_hash(net, name);
- hlist_for_each_entry_rcu(dev, p, head, name_hlist)
+ hlist_for_each_entry_rcu(dev, head, name_hlist)
- if (!strncmp(dev->name, name, IFNAMSIZ))
+ if (!strncmp(dev->name, name, IFNAMSIZ) &&
+ nx_dev_visible(current_nx_info(), dev))
return dev;
return NULL;
-@@ -686,7 +689,8 @@ struct net_device *__dev_get_by_index(st
+@@ -737,7 +740,8 @@ struct net_device *__dev_get_by_index(st
struct hlist_head *head = dev_index_hash(net, ifindex);
- hlist_for_each_entry(dev, p, head, index_hlist)
+ hlist_for_each_entry(dev, head, index_hlist)
- if (dev->ifindex == ifindex)
+ if ((dev->ifindex == ifindex) &&
+ nx_dev_visible(current_nx_info(), dev))
return dev;
return NULL;
-@@ -711,7 +715,8 @@ struct net_device *dev_get_by_index_rcu(
- struct hlist_head *head = dev_index_hash(net, ifindex);
+@@ -755,7 +759,7 @@ EXPORT_SYMBOL(__dev_get_by_index);
+ * about locking. The caller must hold RCU lock.
+ */
- hlist_for_each_entry_rcu(dev, p, head, index_hlist)
-- if (dev->ifindex == ifindex)
-+ if ((dev->ifindex == ifindex) &&
-+ nx_dev_visible(current_nx_info(), dev))
- return dev;
+-struct net_device *dev_get_by_index_rcu(struct net *net, int ifindex)
++struct net_device *dev_get_by_index_real_rcu(struct net *net, int ifindex)
+ {
+ struct net_device *dev;
+ struct hlist_head *head = dev_index_hash(net, ifindex);
+@@ -766,6 +770,16 @@ struct net_device *dev_get_by_index_rcu(
return NULL;
-@@ -764,10 +769,12 @@ struct net_device *dev_getbyhwaddr(struc
+ }
++EXPORT_SYMBOL(dev_get_by_index_real_rcu);
++
++struct net_device *dev_get_by_index_rcu(struct net *net, int ifindex)
++{
++ struct net_device *dev = dev_get_by_index_real_rcu(net, ifindex);
++
++ if (nx_dev_visible(current_nx_info(), dev))
++ return dev;
++ return NULL;
++}
+ EXPORT_SYMBOL(dev_get_by_index_rcu);
- ASSERT_RTNL();
-- for_each_netdev(net, dev)
-+ for_each_netdev(net, dev) {
+@@ -814,7 +828,8 @@ struct net_device *dev_getbyhwaddr_rcu(s
+
+ for_each_netdev_rcu(net, dev)
if (dev->type == type &&
- !memcmp(dev->dev_addr, ha, dev->addr_len))
+ !memcmp(dev->dev_addr, ha, dev->addr_len) &&
+ nx_dev_visible(current_nx_info(), dev))
return dev;
-+ }
return NULL;
- }
-@@ -778,9 +785,11 @@ struct net_device *__dev_getfirstbyhwtyp
+@@ -826,9 +841,11 @@ struct net_device *__dev_getfirstbyhwtyp
struct net_device *dev;
ASSERT_RTNL();
return NULL;
}
-@@ -902,6 +911,8 @@ static int __dev_alloc_name(struct net *
+@@ -840,7 +857,8 @@ struct net_device *dev_getfirstbyhwtype(
+
+ rcu_read_lock();
+ for_each_netdev_rcu(net, dev)
+- if (dev->type == type) {
++ if ((dev->type == type) &&
++ nx_dev_visible(current_nx_info(), dev)) {
+ dev_hold(dev);
+ ret = dev;
+ break;
+@@ -868,7 +886,8 @@ struct net_device *dev_get_by_flags_rcu(
+
+ ret = NULL;
+ for_each_netdev_rcu(net, dev) {
+- if (((dev->flags ^ if_flags) & mask) == 0) {
++ if ((((dev->flags ^ if_flags) & mask) == 0) &&
++ nx_dev_visible(current_nx_info(), dev)) {
+ ret = dev;
+ break;
+ }
+@@ -946,6 +965,8 @@ static int __dev_alloc_name(struct net *
continue;
if (i < 0 || i >= max_netdevices)
continue;
/* avoid cases where sscanf is not exact inverse of printf */
snprintf(buf, IFNAMSIZ, name, i);
-@@ -3650,6 +3661,8 @@ static int dev_ifconf(struct net *net, c
+diff -NurpP --minimal linux-3.9.4/net/core/net-procfs.c linux-3.9.4-vs2.3.6.2/net/core/net-procfs.c
+--- linux-3.9.4/net/core/net-procfs.c 2013-05-31 13:45:32.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/net/core/net-procfs.c 2013-06-01 10:40:52.000000000 +0000
+@@ -1,6 +1,7 @@
+ #include <linux/netdevice.h>
+ #include <linux/proc_fs.h>
+ #include <linux/seq_file.h>
++#include <linux/vs_inet.h>
+ #include <net/wext.h>
- total = 0;
- for_each_netdev(net, dev) {
-+ if (!nx_dev_visible(current_nx_info(), dev))
-+ continue;
- for (i = 0; i < NPROTO; i++) {
- if (gifconf_list[i]) {
- int done;
-@@ -3720,6 +3733,9 @@ static void dev_seq_printf_stats(struct
+ #define BUCKET_SPACE (32 - NETDEV_HASHBITS - 1)
+@@ -77,8 +78,13 @@ static void dev_seq_stop(struct seq_file
+ static void dev_seq_printf_stats(struct seq_file *seq, struct net_device *dev)
{
- const struct net_device_stats *stats = dev_get_stats(dev);
-
+ struct rtnl_link_stats64 temp;
+- const struct rtnl_link_stats64 *stats = dev_get_stats(dev, &temp);
++ const struct rtnl_link_stats64 *stats;
++
++ /* device visible inside network context? */
+ if (!nx_dev_visible(current_nx_info(), dev))
+ return;
-+
- seq_printf(seq, "%6s: %7lu %7lu %4lu %4lu %4lu %5lu %10lu %9lu "
- "%8lu %7lu %4lu %4lu %4lu %5lu %7lu %10lu\n",
+
++ stats = dev_get_stats(dev, &temp);
+ seq_printf(seq, "%6s: %7llu %7llu %4llu %4llu %4llu %5llu %10llu %9llu "
+ "%8llu %7llu %4llu %4llu %4llu %5llu %7llu %10llu\n",
dev->name, stats->rx_bytes, stats->rx_packets,
-diff -NurpP --minimal linux-2.6.35.4/net/core/rtnetlink.c linux-2.6.35.4-vs2.3.0.36.32/net/core/rtnetlink.c
---- linux-2.6.35.4/net/core/rtnetlink.c 2010-08-02 16:52:59.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/net/core/rtnetlink.c 2010-08-02 17:05:06.000000000 +0200
-@@ -926,6 +926,8 @@ static int rtnl_dump_ifinfo(struct sk_bu
- hlist_for_each_entry(dev, node, head, index_hlist) {
+diff -NurpP --minimal linux-3.9.4/net/core/rtnetlink.c linux-3.9.4-vs2.3.6.2/net/core/rtnetlink.c
+--- linux-3.9.4/net/core/rtnetlink.c 2013-05-31 13:45:32.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/net/core/rtnetlink.c 2013-05-31 17:17:54.000000000 +0000
+@@ -1085,6 +1085,8 @@ static int rtnl_dump_ifinfo(struct sk_bu
+ hlist_for_each_entry_rcu(dev, head, index_hlist) {
if (idx < s_idx)
goto cont;
+ if (!nx_dev_visible(skb->sk->sk_nx_info, dev))
+ continue;
if (rtnl_fill_ifinfo(skb, dev, RTM_NEWLINK,
- NETLINK_CB(cb->skb).pid,
+ NETLINK_CB(cb->skb).portid,
cb->nlh->nlmsg_seq, 0,
-@@ -1642,6 +1644,9 @@ void rtmsg_ifinfo(int type, struct net_d
- struct sk_buff *skb;
+@@ -1974,6 +1976,9 @@ void rtmsg_ifinfo(int type, struct net_d
int err = -ENOBUFS;
+ size_t if_info_size;
+ if (!nx_dev_visible(current_nx_info(), dev))
+ return;
+
- skb = nlmsg_new(if_nlmsg_size(dev), GFP_KERNEL);
+ skb = nlmsg_new((if_info_size = if_nlmsg_size(dev, 0)), GFP_KERNEL);
if (skb == NULL)
goto errout;
-diff -NurpP --minimal linux-2.6.35.4/net/core/sock.c linux-2.6.35.4-vs2.3.0.36.32/net/core/sock.c
---- linux-2.6.35.4/net/core/sock.c 2010-08-02 16:52:59.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/net/core/sock.c 2010-08-02 17:05:06.000000000 +0200
-@@ -126,6 +126,10 @@
- #include <net/cls_cgroup.h>
+diff -NurpP --minimal linux-3.9.4/net/core/sock.c linux-3.9.4-vs2.3.6.2/net/core/sock.c
+--- linux-3.9.4/net/core/sock.c 2013-05-31 14:22:27.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/net/core/sock.c 2013-05-31 17:17:54.000000000 +0000
+@@ -132,6 +132,10 @@
+ #include <net/netprio_cgroup.h>
#include <linux/filter.h>
+#include <linux/vs_socket.h>
+#include <linux/vs_context.h>
+#include <linux/vs_network.h>
- #ifdef CONFIG_INET
- #include <net/tcp.h>
-@@ -1027,6 +1031,8 @@ static struct sock *sk_prot_alloc(struct
+ #include <trace/events/sock.h>
+
+@@ -1257,6 +1261,8 @@ static struct sock *sk_prot_alloc(struct
goto out_free_sec;
sk_tx_queue_clear(sk);
}
return sk;
-@@ -1120,6 +1126,11 @@ static void __sk_free(struct sock *sk)
- __func__, atomic_read(&sk->sk_omem_alloc));
-
+@@ -1367,6 +1373,11 @@ static void __sk_free(struct sock *sk)
+ put_cred(sk->sk_peer_cred);
+ put_pid(sk->sk_peer_pid);
put_net(sock_net(sk));
+ vx_sock_dec(sk);
+ clr_vx_info(&sk->sk_vx_info);
sk_prot_free(sk->sk_prot_creator, sk);
}
-@@ -1167,6 +1178,8 @@ struct sock *sk_clone(const struct sock
+@@ -1427,6 +1438,8 @@ struct sock *sk_clone_lock(const struct
/* SANITY */
get_net(sock_net(newsk));
sk_node_init(&newsk->sk_node);
sock_lock_init(newsk);
bh_lock_sock(newsk);
-@@ -1222,6 +1235,12 @@ struct sock *sk_clone(const struct sock
+@@ -1483,6 +1496,12 @@ struct sock *sk_clone_lock(const struct
smp_wmb();
atomic_set(&newsk->sk_refcnt, 2);
/*
* Increment the counter in the same struct proto as the master
* sock (sk_refcnt_debug_inc uses newsk->sk_prot->socks, that
-@@ -1964,6 +1983,12 @@ void sock_init_data(struct socket *sock,
+@@ -2278,6 +2297,12 @@ void sock_init_data(struct socket *sock,
sk->sk_stamp = ktime_set(-1L, 0);
/*
* Before updating sk_refcnt, we must commit prior changes to memory
* (Documentation/RCU/rculist_nulls.txt for details)
-diff -NurpP --minimal linux-2.6.35.4/net/ipv4/af_inet.c linux-2.6.35.4-vs2.3.0.36.32/net/ipv4/af_inet.c
---- linux-2.6.35.4/net/ipv4/af_inet.c 2010-08-02 16:52:59.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/net/ipv4/af_inet.c 2010-08-02 17:05:06.000000000 +0200
-@@ -116,6 +116,7 @@
+diff -NurpP --minimal linux-3.9.4/net/ipv4/af_inet.c linux-3.9.4-vs2.3.6.2/net/ipv4/af_inet.c
+--- linux-3.9.4/net/ipv4/af_inet.c 2013-05-31 13:45:32.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/net/ipv4/af_inet.c 2013-05-31 18:24:05.000000000 +0000
+@@ -118,6 +118,7 @@
#ifdef CONFIG_IP_MROUTE
#include <linux/mroute.h>
#endif
/* The inetsw table contains everything that inet_create needs to
-@@ -327,9 +328,13 @@ lookup_protocol:
+@@ -336,6 +337,10 @@ lookup_protocol:
}
err = -EPERM;
+ if ((protocol == IPPROTO_ICMP) &&
+ nx_capable(CAP_NET_RAW, NXC_RAW_ICMP))
+ goto override;
-+
- if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
- goto out_rcu_unlock;
--
+override:
- err = -EAFNOSUPPORT;
- if (!inet_netns_ok(net, protocol))
+ if (sock->type == SOCK_RAW && !kern &&
+ !ns_capable(net->user_ns, CAP_NET_RAW))
goto out_rcu_unlock;
-@@ -451,6 +456,7 @@ int inet_bind(struct socket *sock, struc
+@@ -460,6 +465,7 @@ int inet_bind(struct socket *sock, struc
struct sockaddr_in *addr = (struct sockaddr_in *)uaddr;
struct sock *sk = sock->sk;
struct inet_sock *inet = inet_sk(sk);
+ struct nx_v4_sock_addr nsa;
+ struct net *net = sock_net(sk);
unsigned short snum;
int chk_addr_ret;
- int err;
-@@ -464,7 +470,11 @@ int inet_bind(struct socket *sock, struc
- if (addr_len < sizeof(struct sockaddr_in))
- goto out;
+@@ -484,7 +490,11 @@ int inet_bind(struct socket *sock, struc
+ goto out;
+ }
-- chk_addr_ret = inet_addr_type(sock_net(sk), addr->sin_addr.s_addr);
+- chk_addr_ret = inet_addr_type(net, addr->sin_addr.s_addr);
+ err = v4_map_sock_addr(inet, addr, &nsa);
+ if (err)
+ goto out;
+
-+ chk_addr_ret = inet_addr_type(sock_net(sk), nsa.saddr);
++ chk_addr_ret = inet_addr_type(net, nsa.saddr);
/* Not specified by any standard per-se, however it breaks too
* many applications when removed. It is unfortunate since
-@@ -476,7 +486,7 @@ int inet_bind(struct socket *sock, struc
+@@ -496,7 +506,7 @@ int inet_bind(struct socket *sock, struc
err = -EADDRNOTAVAIL;
if (!sysctl_ip_nonlocal_bind &&
!(inet->freebind || inet->transparent) &&
chk_addr_ret != RTN_LOCAL &&
chk_addr_ret != RTN_MULTICAST &&
chk_addr_ret != RTN_BROADCAST)
-@@ -501,7 +511,7 @@ int inet_bind(struct socket *sock, struc
+@@ -522,7 +532,7 @@ int inet_bind(struct socket *sock, struc
if (sk->sk_state != TCP_CLOSE || inet->inet_num)
goto out_release_sock;
if (chk_addr_ret == RTN_MULTICAST || chk_addr_ret == RTN_BROADCAST)
inet->inet_saddr = 0; /* Use device */
-@@ -703,11 +713,13 @@ int inet_getname(struct socket *sock, st
+@@ -741,11 +751,13 @@ int inet_getname(struct socket *sock, st
peer == 1))
return -ENOTCONN;
sin->sin_port = inet->inet_dport;
sin->sin_port = inet->inet_sport;
sin->sin_addr.s_addr = addr;
}
-diff -NurpP --minimal linux-2.6.35.4/net/ipv4/devinet.c linux-2.6.35.4-vs2.3.0.36.32/net/ipv4/devinet.c
---- linux-2.6.35.4/net/ipv4/devinet.c 2010-09-05 01:41:57.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/net/ipv4/devinet.c 2010-08-14 18:19:32.000000000 +0200
-@@ -417,6 +417,7 @@ struct in_device *inetdev_by_index(struc
+diff -NurpP --minimal linux-3.9.4/net/ipv4/arp.c linux-3.9.4-vs2.3.6.2/net/ipv4/arp.c
+--- linux-3.9.4/net/ipv4/arp.c 2013-05-31 13:45:32.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/net/ipv4/arp.c 2013-05-31 17:17:54.000000000 +0000
+@@ -1317,6 +1317,7 @@ static void arp_format_neigh_entry(struc
+ struct net_device *dev = n->dev;
+ int hatype = dev->type;
+
++ /* FIXME: check for network context */
+ read_lock(&n->lock);
+ /* Convert hardware address to XX:XX:XX:XX ... form. */
+ #if IS_ENABLED(CONFIG_AX25)
+@@ -1348,6 +1349,7 @@ static void arp_format_pneigh_entry(stru
+ int hatype = dev ? dev->type : 0;
+ char tbuf[16];
+
++ /* FIXME: check for network context */
+ sprintf(tbuf, "%pI4", n->key);
+ seq_printf(seq, "%-16s 0x%-10x0x%-10x%s * %s\n",
+ tbuf, hatype, ATF_PUBL | ATF_PERM, "00:00:00:00:00:00",
+diff -NurpP --minimal linux-3.9.4/net/ipv4/devinet.c linux-3.9.4-vs2.3.6.2/net/ipv4/devinet.c
+--- linux-3.9.4/net/ipv4/devinet.c 2013-05-31 13:45:32.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/net/ipv4/devinet.c 2013-05-31 17:17:54.000000000 +0000
+@@ -522,6 +522,7 @@ struct in_device *inetdev_by_index(struc
}
EXPORT_SYMBOL(inetdev_by_index);
/* Called only from RTNL semaphored context. No locks. */
struct in_ifaddr *inet_ifa_byprefix(struct in_device *in_dev, __be32 prefix,
-@@ -659,6 +660,8 @@ int devinet_ioctl(struct net *net, unsig
+@@ -940,6 +941,8 @@ int devinet_ioctl(struct net *net, unsig
in_dev = __in_dev_get_rtnl(dev);
if (in_dev) {
if (tryaddrmatch) {
/* Matthias Andree */
/* compare label and address (4.4BSD style) */
-@@ -667,6 +670,8 @@ int devinet_ioctl(struct net *net, unsig
+@@ -948,6 +951,8 @@ int devinet_ioctl(struct net *net, unsig
This is checked above. */
for (ifap = &in_dev->ifa_list; (ifa = *ifap) != NULL;
ifap = &ifa->ifa_next) {
+ continue;
if (!strcmp(ifr.ifr_name, ifa->ifa_label) &&
sin_orig.sin_addr.s_addr ==
- ifa->ifa_address) {
-@@ -679,9 +684,12 @@ int devinet_ioctl(struct net *net, unsig
+ ifa->ifa_local) {
+@@ -960,9 +965,12 @@ int devinet_ioctl(struct net *net, unsig
comparing just the label */
if (!ifa) {
for (ifap = &in_dev->ifa_list; (ifa = *ifap) != NULL;
}
}
-@@ -833,6 +841,8 @@ static int inet_gifconf(struct net_devic
+@@ -1116,6 +1124,8 @@ static int inet_gifconf(struct net_devic
goto out;
for (ifa = in_dev->ifa_list; ifa; ifa = ifa->ifa_next) {
if (!buf) {
done += sizeof(ifr);
continue;
-@@ -1182,6 +1192,7 @@ static int inet_dump_ifaddr(struct sk_bu
+@@ -1519,6 +1529,7 @@ static int inet_dump_ifaddr(struct sk_bu
struct net_device *dev;
struct in_device *in_dev;
struct in_ifaddr *ifa;
+ struct sock *sk = skb->sk;
struct hlist_head *head;
- struct hlist_node *node;
-@@ -1204,6 +1215,8 @@ static int inet_dump_ifaddr(struct sk_bu
+ s_h = cb->args[0];
+@@ -1540,6 +1551,8 @@ static int inet_dump_ifaddr(struct sk_bu
for (ifa = in_dev->ifa_list, ip_idx = 0; ifa;
ifa = ifa->ifa_next, ip_idx++) {
if (ip_idx < s_ip_idx)
continue;
if (inet_fill_ifaddr(skb, ifa,
-diff -NurpP --minimal linux-2.6.35.4/net/ipv4/fib_hash.c linux-2.6.35.4-vs2.3.0.36.32/net/ipv4/fib_hash.c
---- linux-2.6.35.4/net/ipv4/fib_hash.c 2010-07-07 18:31:59.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/net/ipv4/fib_hash.c 2010-08-02 17:05:06.000000000 +0200
-@@ -1017,7 +1017,7 @@ static int fib_seq_show(struct seq_file
- prefix = f->fn_key;
- mask = FZ_MASK(iter->zone);
- flags = fib_flag_trans(fa->fa_type, mask, fi);
-- if (fi)
-+ if (fi && nx_dev_visible(current_nx_info(), fi->fib_dev))
- seq_printf(seq,
- "%s\t%08X\t%08X\t%04X\t%d\t%u\t%d\t%08X\t%d\t%u\t%u%n",
- fi->fib_dev ? fi->fib_dev->name : "*", prefix,
-diff -NurpP --minimal linux-2.6.35.4/net/ipv4/inet_connection_sock.c linux-2.6.35.4-vs2.3.0.36.32/net/ipv4/inet_connection_sock.c
---- linux-2.6.35.4/net/ipv4/inet_connection_sock.c 2010-08-02 16:52:59.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/net/ipv4/inet_connection_sock.c 2010-08-02 17:05:06.000000000 +0200
-@@ -52,10 +52,40 @@ void inet_get_local_port_range(int *low,
+diff -NurpP --minimal linux-3.9.4/net/ipv4/fib_trie.c linux-3.9.4-vs2.3.6.2/net/ipv4/fib_trie.c
+--- linux-3.9.4/net/ipv4/fib_trie.c 2013-05-31 13:45:32.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/net/ipv4/fib_trie.c 2013-05-31 17:17:54.000000000 +0000
+@@ -2548,6 +2548,7 @@ static int fib_route_seq_show(struct seq
+ || fa->fa_type == RTN_MULTICAST)
+ continue;
+
++ /* FIXME: check for network context? */
+ if (fi)
+ seq_printf(seq,
+ "%s\t%08X\t%08X\t%04X\t%d\t%u\t"
+diff -NurpP --minimal linux-3.9.4/net/ipv4/inet_connection_sock.c linux-3.9.4-vs2.3.6.2/net/ipv4/inet_connection_sock.c
+--- linux-3.9.4/net/ipv4/inet_connection_sock.c 2013-05-31 13:45:32.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/net/ipv4/inet_connection_sock.c 2013-05-31 18:29:56.000000000 +0000
+@@ -53,6 +53,37 @@ void inet_get_local_port_range(int *low,
}
EXPORT_SYMBOL(inet_get_local_port_range);
+int ipv4_rcv_saddr_equal(const struct sock *sk1, const struct sock *sk2)
+{
-+ __be32 sk1_rcv_saddr = inet_rcv_saddr(sk1),
-+ sk2_rcv_saddr = inet_rcv_saddr(sk2);
++ __be32 sk1_rcv_saddr = sk_rcv_saddr(sk1),
++ sk2_rcv_saddr = sk_rcv_saddr(sk2);
+
+ if (inet_v6_ipv6only(sk2))
+ return 0;
+}
+
int inet_csk_bind_conflict(const struct sock *sk,
- const struct inet_bind_bucket *tb)
+ const struct inet_bind_bucket *tb, bool relax)
{
-- const __be32 sk_rcv_saddr = inet_rcv_saddr(sk);
- struct sock *sk2;
- struct hlist_node *node;
- int reuse = sk->sk_reuse;
-@@ -75,9 +105,7 @@ int inet_csk_bind_conflict(const struct
- sk->sk_bound_dev_if == sk2->sk_bound_dev_if)) {
- if (!reuse || !sk2->sk_reuse ||
- sk2->sk_state == TCP_LISTEN) {
-- const __be32 sk2_rcv_saddr = inet_rcv_saddr(sk2);
-- if (!sk2_rcv_saddr || !sk_rcv_saddr ||
-- sk2_rcv_saddr == sk_rcv_saddr)
+@@ -79,17 +110,12 @@ int inet_csk_bind_conflict(const struct
+ (!reuseport || !sk2->sk_reuseport ||
+ (sk2->sk_state != TCP_TIME_WAIT &&
+ !uid_eq(uid, sock_i_uid(sk2))))) {
+- const __be32 sk2_rcv_saddr = sk_rcv_saddr(sk2);
+- if (!sk2_rcv_saddr || !sk_rcv_saddr(sk) ||
+- sk2_rcv_saddr == sk_rcv_saddr(sk))
++ if (ipv4_rcv_saddr_equal(sk, sk2))
+ break;
+ }
+ if (!relax && reuse && sk2->sk_reuse &&
+ sk2->sk_state != TCP_LISTEN) {
+- const __be32 sk2_rcv_saddr = sk_rcv_saddr(sk2);
+-
+- if (!sk2_rcv_saddr || !sk_rcv_saddr(sk) ||
+- sk2_rcv_saddr == sk_rcv_saddr(sk))
+ if (ipv4_rcv_saddr_equal(sk, sk2))
break;
}
}
-diff -NurpP --minimal linux-2.6.35.4/net/ipv4/inet_diag.c linux-2.6.35.4-vs2.3.0.36.32/net/ipv4/inet_diag.c
---- linux-2.6.35.4/net/ipv4/inet_diag.c 2010-07-07 18:31:59.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/net/ipv4/inet_diag.c 2010-08-02 17:05:06.000000000 +0200
-@@ -33,6 +33,8 @@
- #include <linux/stddef.h>
+diff -NurpP --minimal linux-3.9.4/net/ipv4/inet_diag.c linux-3.9.4-vs2.3.6.2/net/ipv4/inet_diag.c
+--- linux-3.9.4/net/ipv4/inet_diag.c 2013-02-19 13:58:58.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/net/ipv4/inet_diag.c 2013-05-31 17:17:54.000000000 +0000
+@@ -31,6 +31,8 @@
- #include <linux/inet_diag.h>
+ #include <linux/inet.h>
+ #include <linux/stddef.h>
+#include <linux/vs_network.h>
+#include <linux/vs_inet.h>
- static const struct inet_diag_handler **inet_diag_table;
-
-@@ -119,8 +121,10 @@ static int inet_csk_diag_fill(struct soc
+ #include <linux/inet_diag.h>
+ #include <linux/sock_diag.h>
+@@ -106,8 +108,10 @@ int inet_sk_diag_fill(struct sock *sk, s
r->id.idiag_sport = inet->inet_sport;
r->id.idiag_dport = inet->inet_dport;
+ r->id.idiag_dst[0] = nx_map_sock_lback(sk->sk_nx_info,
+ inet->inet_daddr);
- #if defined(CONFIG_IPV6) || defined (CONFIG_IPV6_MODULE)
- if (r->idiag_family == AF_INET6) {
-@@ -205,8 +209,8 @@ static int inet_twsk_diag_fill(struct in
- r->id.idiag_cookie[1] = (u32)(((unsigned long)tw >> 31) >> 1);
+ if (nla_put_u8(skb, INET_DIAG_SHUTDOWN, sk->sk_shutdown))
+ goto errout;
+@@ -242,8 +246,8 @@ static int inet_twsk_diag_fill(struct in
+ sock_diag_save_cookie(tw, r->id.idiag_cookie);
r->id.idiag_sport = tw->tw_sport;
r->id.idiag_dport = tw->tw_dport;
- r->id.idiag_src[0] = tw->tw_rcv_saddr;
r->idiag_state = tw->tw_substate;
r->idiag_timer = 3;
r->idiag_expires = DIV_ROUND_UP(tmo * 1000, HZ);
-@@ -263,6 +267,7 @@ static int inet_diag_get_exact(struct sk
- err = -EINVAL;
+@@ -287,12 +291,14 @@ int inet_diag_dump_one_icsk(struct inet_
- if (req->idiag_family == AF_INET) {
+ err = -EINVAL;
+ if (req->sdiag_family == AF_INET) {
+ /* TODO: lback */
- sk = inet_lookup(&init_net, hashinfo, req->id.idiag_dst[0],
+ sk = inet_lookup(net, hashinfo, req->id.idiag_dst[0],
req->id.idiag_dport, req->id.idiag_src[0],
req->id.idiag_sport, req->id.idiag_if);
-@@ -505,6 +510,7 @@ static int inet_csk_diag_dump(struct soc
- } else
+ }
+ #if IS_ENABLED(CONFIG_IPV6)
+ else if (req->sdiag_family == AF_INET6) {
++ /* TODO: lback */
+ sk = inet6_lookup(net, hashinfo,
+ (struct in6_addr *)req->id.idiag_dst,
+ req->id.idiag_dport,
+@@ -494,6 +500,7 @@ int inet_diag_bc_sk(const struct nlattr
+ } else
#endif
- {
+ {
+ /* TODO: lback */
- entry.saddr = &inet->inet_rcv_saddr;
- entry.daddr = &inet->inet_daddr;
- }
-@@ -541,6 +547,7 @@ static int inet_twsk_diag_dump(struct in
+ entry.saddr = &inet->inet_rcv_saddr;
+ entry.daddr = &inet->inet_daddr;
+ }
+@@ -652,6 +659,7 @@ static int inet_twsk_diag_dump(struct in
} else
#endif
{
entry.saddr = &tw->tw_rcv_saddr;
entry.daddr = &tw->tw_daddr;
}
-@@ -587,8 +594,8 @@ static int inet_diag_fill_req(struct sk_
+@@ -730,8 +738,8 @@ static int inet_diag_fill_req(struct sk_
r->id.idiag_sport = inet->inet_sport;
r->id.idiag_dport = ireq->rmt_port;
r->idiag_expires = jiffies_to_msecs(tmo);
r->idiag_rqueue = 0;
r->idiag_wqueue = 0;
-@@ -658,6 +665,7 @@ static int inet_diag_dump_reqs(struct sk
+@@ -794,6 +802,7 @@ static int inet_diag_dump_reqs(struct sk
+ r->id.idiag_dport)
continue;
++ /* TODO: lback */
if (bc) {
-+ /* TODO: lback */
- entry.saddr =
- #if defined(CONFIG_IPV6) || defined (CONFIG_IPV6_MODULE)
- (entry.family == AF_INET6) ?
-@@ -728,6 +736,8 @@ static int inet_diag_dump(struct sk_buff
- sk_nulls_for_each(sk, node, &ilb->head) {
- struct inet_sock *inet = inet_sk(sk);
+ inet_diag_req_addrs(sk, req, &entry);
+ entry.dport = ntohs(ireq->rmt_port);
+@@ -850,6 +859,8 @@ void inet_diag_dump_icsk(struct inet_has
+ if (!net_eq(sock_net(sk), net))
+ continue;
+ if (!nx_check(sk->sk_nid, VS_WATCH_P | VS_IDENT))
+ continue;
if (num < s_num) {
num++;
continue;
-@@ -794,6 +804,8 @@ skip_listen_ht:
- sk_nulls_for_each(sk, node, &head->chain) {
- struct inet_sock *inet = inet_sk(sk);
+@@ -922,6 +933,8 @@ skip_listen_ht:
+ if (!net_eq(sock_net(sk), net))
+ continue;
+ if (!nx_check(sk->sk_nid, VS_WATCH_P | VS_IDENT))
+ continue;
if (num < s_num)
goto next_normal;
if (!(r->idiag_states & (1 << sk->sk_state)))
-@@ -818,6 +830,8 @@ next_normal:
- inet_twsk_for_each(tw, node,
+@@ -950,7 +963,8 @@ next_normal:
&head->twchain) {
-
+ if (!net_eq(twsk_net(tw), net))
+ continue;
+-
+ if (!nx_check(tw->tw_nid, VS_WATCH_P | VS_IDENT))
+ continue;
if (num < s_num)
goto next_dying;
- if (r->id.idiag_sport != tw->tw_sport &&
-diff -NurpP --minimal linux-2.6.35.4/net/ipv4/inet_hashtables.c linux-2.6.35.4-vs2.3.0.36.32/net/ipv4/inet_hashtables.c
---- linux-2.6.35.4/net/ipv4/inet_hashtables.c 2010-08-02 16:52:59.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/net/ipv4/inet_hashtables.c 2010-08-02 17:05:06.000000000 +0200
-@@ -21,6 +21,7 @@
-
+ if (r->sdiag_family != AF_UNSPEC &&
+diff -NurpP --minimal linux-3.9.4/net/ipv4/inet_hashtables.c linux-3.9.4-vs2.3.6.2/net/ipv4/inet_hashtables.c
+--- linux-3.9.4/net/ipv4/inet_hashtables.c 2013-05-31 13:45:32.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/net/ipv4/inet_hashtables.c 2013-05-31 18:20:50.000000000 +0000
+@@ -22,6 +22,7 @@
#include <net/inet_connection_sock.h>
#include <net/inet_hashtables.h>
+ #include <net/secure_seq.h>
+#include <net/route.h>
#include <net/ip.h>
/*
-@@ -134,6 +135,11 @@ static inline int compute_score(struct s
+@@ -156,6 +157,11 @@ static inline int compute_score(struct s
if (rcv_saddr != daddr)
return -1;
- score += 2;
+ score += 4;
+ } else {
+ /* block non nx_info ips */
+ if (!v4_addr_in_nx_info(sk->sk_nx_info,
}
if (sk->sk_bound_dev_if) {
if (sk->sk_bound_dev_if != dif)
-@@ -151,7 +157,6 @@ static inline int compute_score(struct s
+@@ -173,7 +179,6 @@ static inline int compute_score(struct s
* wildcarded during the search since they can never be otherwise.
*/
-
struct sock *__inet_lookup_listener(struct net *net,
struct inet_hashinfo *hashinfo,
- const __be32 daddr, const unsigned short hnum,
-@@ -174,6 +179,7 @@ begin:
- hiscore = score;
+ const __be32 saddr, __be16 sport,
+@@ -209,6 +214,7 @@ begin:
+ phash = next_pseudo_random32(phash);
}
}
+
/*
* if the nulls value we got at the end of this lookup is
* not the expected one, we must restart lookup.
-diff -NurpP --minimal linux-2.6.35.4/net/ipv4/netfilter/nf_nat_helper.c linux-2.6.35.4-vs2.3.0.36.32/net/ipv4/netfilter/nf_nat_helper.c
---- linux-2.6.35.4/net/ipv4/netfilter/nf_nat_helper.c 2010-07-07 18:31:59.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/net/ipv4/netfilter/nf_nat_helper.c 2010-08-02 17:05:06.000000000 +0200
-@@ -20,6 +20,7 @@
- #include <net/route.h>
-
- #include <linux/netfilter_ipv4.h>
-+#include <net/route.h>
- #include <net/netfilter/nf_conntrack.h>
- #include <net/netfilter/nf_conntrack_helper.h>
- #include <net/netfilter/nf_conntrack_ecache.h>
-diff -NurpP --minimal linux-2.6.35.4/net/ipv4/netfilter.c linux-2.6.35.4-vs2.3.0.36.32/net/ipv4/netfilter.c
---- linux-2.6.35.4/net/ipv4/netfilter.c 2010-08-02 16:52:59.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/net/ipv4/netfilter.c 2010-08-02 17:05:06.000000000 +0200
-@@ -5,7 +5,7 @@
- #include <linux/ip.h>
+diff -NurpP --minimal linux-3.9.4/net/ipv4/netfilter.c linux-3.9.4-vs2.3.6.2/net/ipv4/netfilter.c
+--- linux-3.9.4/net/ipv4/netfilter.c 2012-12-11 03:30:57.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/net/ipv4/netfilter.c 2013-05-31 17:17:54.000000000 +0000
+@@ -6,7 +6,7 @@
#include <linux/skbuff.h>
#include <linux/gfp.h>
+ #include <linux/export.h>
-#include <net/route.h>
+// #include <net/route.h>
#include <net/xfrm.h>
#include <net/ip.h>
#include <net/netfilter/nf_queue.h>
-diff -NurpP --minimal linux-2.6.35.4/net/ipv4/raw.c linux-2.6.35.4-vs2.3.0.36.32/net/ipv4/raw.c
---- linux-2.6.35.4/net/ipv4/raw.c 2010-08-02 16:52:59.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/net/ipv4/raw.c 2010-08-02 18:19:23.000000000 +0200
+diff -NurpP --minimal linux-3.9.4/net/ipv4/raw.c linux-3.9.4-vs2.3.6.2/net/ipv4/raw.c
+--- linux-3.9.4/net/ipv4/raw.c 2013-05-31 13:45:32.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/net/ipv4/raw.c 2013-05-31 18:19:38.000000000 +0000
@@ -116,7 +116,7 @@ static struct sock *__raw_v4_lookup(stru
if (net_eq(sock_net(sk), net) && inet->inet_num == num &&
!(sk->sk_bound_dev_if && sk->sk_bound_dev_if != dif))
goto found; /* gotcha */
}
-@@ -381,6 +381,12 @@ static int raw_send_hdrinc(struct sock *
+@@ -395,6 +395,12 @@ static int raw_send_hdrinc(struct sock *
icmp_out_count(net, ((struct icmphdr *)
skb_transport_header(skb))->type);
+ goto error_free;
+
err = NF_HOOK(NFPROTO_IPV4, NF_INET_LOCAL_OUT, skb, NULL,
- rt->u.dst.dev, dst_output);
+ rt->dst.dev, dst_output);
if (err > 0)
-@@ -561,6 +567,13 @@ static int raw_sendmsg(struct kiocb *ioc
- }
+@@ -580,6 +586,16 @@ static int raw_sendmsg(struct kiocb *ioc
+ goto done;
+ }
- security_sk_classify_flow(sk, &fl);
-+ if (sk->sk_nx_info) {
-+ err = ip_v4_find_src(sock_net(sk),
-+ sk->sk_nx_info, &rt, &fl);
-+
-+ if (err)
-+ goto done;
++ if (sk->sk_nx_info) {
++ rt = ip_v4_find_src(sock_net(sk), sk->sk_nx_info, &fl4);
++ if (IS_ERR(rt)) {
++ err = PTR_ERR(rt);
++ rt = NULL;
++ goto done;
+ }
- err = ip_route_output_flow(sock_net(sk), &rt, &fl, sk, 1);
- }
- if (err)
-@@ -633,17 +646,19 @@ static int raw_bind(struct sock *sk, str
++ ip_rt_put(rt);
++ }
++
+ security_sk_classify_flow(sk, flowi4_to_flowi(&fl4));
+ rt = ip_route_output_flow(sock_net(sk), &fl4, sk);
+ if (IS_ERR(rt)) {
+@@ -656,17 +672,19 @@ static int raw_bind(struct sock *sk, str
{
struct inet_sock *inet = inet_sk(sk);
struct sockaddr_in *addr = (struct sockaddr_in *) uaddr;
if (chk_addr_ret == RTN_MULTICAST || chk_addr_ret == RTN_BROADCAST)
inet->inet_saddr = 0; /* Use device */
sk_dst_reset(sk);
-@@ -695,7 +710,8 @@ static int raw_recvmsg(struct kiocb *ioc
+@@ -718,7 +736,8 @@ static int raw_recvmsg(struct kiocb *ioc
/* Copy the address. */
if (sin) {
sin->sin_family = AF_INET;
sin->sin_port = 0;
memset(&sin->sin_zero, 0, sizeof(sin->sin_zero));
}
-@@ -873,7 +889,8 @@ static struct sock *raw_get_first(struct
- struct hlist_node *node;
-
- sk_for_each(sk, node, &state->h->ht[state->bucket])
+@@ -913,7 +932,8 @@ static struct sock *raw_get_first(struct
+ for (state->bucket = 0; state->bucket < RAW_HTABLE_SIZE;
+ ++state->bucket) {
+ sk_for_each(sk, &state->h->ht[state->bucket])
- if (sock_net(sk) == seq_file_net(seq))
+ if ((sock_net(sk) == seq_file_net(seq)) &&
-+ nx_check(sk->sk_nid, VS_WATCH_P | VS_IDENT))
++ nx_check(sk->sk_nid, VS_WATCH_P | VS_IDENT))
goto found;
}
sk = NULL;
-@@ -889,7 +906,8 @@ static struct sock *raw_get_next(struct
+@@ -929,7 +949,8 @@ static struct sock *raw_get_next(struct
sk = sk_next(sk);
try_again:
;
if (!sk && ++state->bucket < RAW_HTABLE_SIZE) {
sk = sk_head(&state->h->ht[state->bucket]);
-@@ -948,7 +966,10 @@ static void raw_sock_seq_show(struct seq
-
- seq_printf(seq, "%4d: %08X:%04X %08X:%04X"
- " %02X %08X:%08X %02X:%08lX %08X %5d %8d %lu %d %p %d\n",
-- i, src, srcp, dest, destp, sp->sk_state,
-+ i,
-+ nx_map_sock_lback(current_nx_info(), src), srcp,
-+ nx_map_sock_lback(current_nx_info(), dest), destp,
-+ sp->sk_state,
- sk_wmem_alloc_get(sp),
- sk_rmem_alloc_get(sp),
- 0, 0L, 0, sock_i_uid(sp), 0, sock_i_ino(sp),
-diff -NurpP --minimal linux-2.6.35.4/net/ipv4/tcp.c linux-2.6.35.4-vs2.3.0.36.32/net/ipv4/tcp.c
---- linux-2.6.35.4/net/ipv4/tcp.c 2010-09-05 01:41:57.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/net/ipv4/tcp.c 2010-09-06 02:59:52.000000000 +0200
-@@ -266,6 +266,7 @@
+diff -NurpP --minimal linux-3.9.4/net/ipv4/route.c linux-3.9.4-vs2.3.6.2/net/ipv4/route.c
+--- linux-3.9.4/net/ipv4/route.c 2013-05-31 13:45:32.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/net/ipv4/route.c 2013-05-31 17:17:54.000000000 +0000
+@@ -1998,7 +1998,7 @@ struct rtable *__ip_route_output_key(str
+
+
+ if (fl4->flowi4_oif) {
+- dev_out = dev_get_by_index_rcu(net, fl4->flowi4_oif);
++ dev_out = dev_get_by_index_real_rcu(net, fl4->flowi4_oif);
+ rth = ERR_PTR(-ENODEV);
+ if (dev_out == NULL)
+ goto out;
+diff -NurpP --minimal linux-3.9.4/net/ipv4/tcp.c linux-3.9.4-vs2.3.6.2/net/ipv4/tcp.c
+--- linux-3.9.4/net/ipv4/tcp.c 2013-05-31 13:45:32.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/net/ipv4/tcp.c 2013-05-31 17:17:54.000000000 +0000
+@@ -268,6 +268,7 @@
#include <linux/crypto.h>
#include <linux/time.h>
#include <linux/slab.h>
+#include <linux/in.h>
#include <net/icmp.h>
- #include <net/tcp.h>
-diff -NurpP --minimal linux-2.6.35.4/net/ipv4/tcp_ipv4.c linux-2.6.35.4-vs2.3.0.36.32/net/ipv4/tcp_ipv4.c
---- linux-2.6.35.4/net/ipv4/tcp_ipv4.c 2010-08-02 16:52:59.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/net/ipv4/tcp_ipv4.c 2010-08-02 17:05:06.000000000 +0200
-@@ -2004,6 +2004,12 @@ static void *listening_get_next(struct s
+ #include <net/inet_common.h>
+diff -NurpP --minimal linux-3.9.4/net/ipv4/tcp_ipv4.c linux-3.9.4-vs2.3.6.2/net/ipv4/tcp_ipv4.c
+--- linux-3.9.4/net/ipv4/tcp_ipv4.c 2013-05-31 13:45:32.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/net/ipv4/tcp_ipv4.c 2013-05-31 17:17:54.000000000 +0000
+@@ -2260,6 +2260,12 @@ static void *listening_get_next(struct s
req = req->dl_next;
while (1) {
while (req) {
if (req->rsk_ops->family == st->family) {
cur = req;
goto out;
-@@ -2028,6 +2034,10 @@ get_req:
+@@ -2284,6 +2290,10 @@ get_req:
}
get_sk:
sk_nulls_for_each_from(sk, node) {
+ sk, sk->sk_nid, nx_current_nid());
+ if (!nx_check(sk->sk_nid, VS_WATCH_P | VS_IDENT))
+ continue;
- if (sk->sk_family == st->family && net_eq(sock_net(sk), net)) {
- cur = sk;
- goto out;
-@@ -2091,6 +2101,11 @@ static void *established_get_first(struc
+ if (!net_eq(sock_net(sk), net))
+ continue;
+ if (sk->sk_family == st->family) {
+@@ -2360,6 +2370,11 @@ static void *established_get_first(struc
spin_lock_bh(lock);
sk_nulls_for_each(sk, node, &tcp_hashinfo.ehash[st->bucket].chain) {
if (sk->sk_family != st->family ||
!net_eq(sock_net(sk), net)) {
continue;
-@@ -2101,6 +2116,11 @@ static void *established_get_first(struc
+@@ -2370,6 +2385,11 @@ static void *established_get_first(struc
st->state = TCP_SEQ_STATE_TIME_WAIT;
inet_twsk_for_each(tw, node,
&tcp_hashinfo.ehash[st->bucket].twchain) {
if (tw->tw_family != st->family ||
!net_eq(twsk_net(tw), net)) {
continue;
-@@ -2129,7 +2149,9 @@ static void *established_get_next(struct
+@@ -2399,7 +2419,9 @@ static void *established_get_next(struct
tw = cur;
tw = tw_next(tw);
get_tw:
tw = tw_next(tw);
}
if (tw) {
-@@ -2152,6 +2174,11 @@ get_tw:
+@@ -2423,6 +2445,11 @@ get_tw:
sk = sk_nulls_next(sk);
sk_nulls_for_each_from(sk, node) {
if (sk->sk_family == st->family && net_eq(sock_net(sk), net))
goto found;
}
-@@ -2303,9 +2330,9 @@ static void get_openreq4(struct sock *sk
+@@ -2628,9 +2655,9 @@ static void get_openreq4(const struct so
seq_printf(f, "%4d: %08X:%04X %08X:%04X"
- " %02X %08X:%08X %02X:%08lX %08X %5d %8d %u %d %p%n",
+ " %02X %08X:%08X %02X:%08lX %08X %5d %8d %u %d %pK%n",
i,
- ireq->loc_addr,
+ nx_map_sock_lback(current_nx_info(), ireq->loc_addr),
ntohs(ireq->rmt_port),
TCP_SYN_RECV,
0, 0, /* could print option size, but that is af dependent. */
-@@ -2357,7 +2384,10 @@ static void get_tcp4_sock(struct sock *s
-
- seq_printf(f, "%4d: %08X:%04X %08X:%04X %02X %08X:%08X %02X:%08lX "
- "%08X %5d %8d %lu %d %p %lu %lu %u %u %d%n",
-- i, src, srcp, dest, destp, sk->sk_state,
-+ i,
-+ nx_map_sock_lback(current_nx_info(), src), srcp,
-+ nx_map_sock_lback(current_nx_info(), dest), destp,
-+ sk->sk_state,
- tp->write_seq - tp->snd_una,
- rx_queue,
- timer_active,
-@@ -2392,7 +2422,10 @@ static void get_timewait4_sock(struct in
-
- seq_printf(f, "%4d: %08X:%04X %08X:%04X"
- " %02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %p%n",
-- i, src, srcp, dest, destp, tw->tw_substate, 0, 0,
-+ i,
-+ nx_map_sock_lback(current_nx_info(), src), srcp,
-+ nx_map_sock_lback(current_nx_info(), dest), destp,
-+ tw->tw_substate, 0, 0,
- 3, jiffies_to_clock_t(ttd), 0, 0, 0, 0,
- atomic_read(&tw->tw_refcnt), tw, len);
- }
-diff -NurpP --minimal linux-2.6.35.4/net/ipv4/tcp_minisocks.c linux-2.6.35.4-vs2.3.0.36.32/net/ipv4/tcp_minisocks.c
---- linux-2.6.35.4/net/ipv4/tcp_minisocks.c 2010-08-02 16:52:59.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/net/ipv4/tcp_minisocks.c 2010-08-02 17:05:06.000000000 +0200
+@@ -2653,8 +2680,8 @@ static void get_tcp4_sock(struct sock *s
+ const struct inet_connection_sock *icsk = inet_csk(sk);
+ const struct inet_sock *inet = inet_sk(sk);
+ struct fastopen_queue *fastopenq = icsk->icsk_accept_queue.fastopenq;
+- __be32 dest = inet->inet_daddr;
+- __be32 src = inet->inet_rcv_saddr;
++ __be32 dest = nx_map_sock_lback(current_nx_info(), inet->inet_daddr);
++ __be32 src = nx_map_sock_lback(current_nx_info(), inet->inet_rcv_saddr);
+ __u16 destp = ntohs(inet->inet_dport);
+ __u16 srcp = ntohs(inet->inet_sport);
+ int rx_queue;
+@@ -2710,8 +2737,8 @@ static void get_timewait4_sock(const str
+ __u16 destp, srcp;
+ long delta = tw->tw_ttd - jiffies;
+
+- dest = tw->tw_daddr;
+- src = tw->tw_rcv_saddr;
++ dest = nx_map_sock_lback(current_nx_info(), tw->tw_daddr);
++ src = nx_map_sock_lback(current_nx_info(), tw->tw_rcv_saddr);
+ destp = ntohs(tw->tw_dport);
+ srcp = ntohs(tw->tw_sport);
+
+diff -NurpP --minimal linux-3.9.4/net/ipv4/tcp_minisocks.c linux-3.9.4-vs2.3.6.2/net/ipv4/tcp_minisocks.c
+--- linux-3.9.4/net/ipv4/tcp_minisocks.c 2013-05-31 14:22:27.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/net/ipv4/tcp_minisocks.c 2013-05-31 17:17:54.000000000 +0000
@@ -23,6 +23,9 @@
#include <linux/slab.h>
#include <linux/sysctl.h>
#include <net/tcp.h>
#include <net/inet_common.h>
#include <net/xfrm.h>
-@@ -290,6 +293,11 @@ void tcp_time_wait(struct sock *sk, int
- tcptw->tw_ts_recent = tp->rx_opt.ts_recent;
+@@ -291,6 +294,11 @@ void tcp_time_wait(struct sock *sk, int
tcptw->tw_ts_recent_stamp = tp->rx_opt.ts_recent_stamp;
+ tcptw->tw_ts_offset = tp->tsoffset;
+ tw->tw_xid = sk->sk_xid;
+ tw->tw_vx_info = NULL;
+ tw->tw_nid = sk->sk_nid;
+ tw->tw_nx_info = NULL;
+
- #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
+ #if IS_ENABLED(CONFIG_IPV6)
if (tw->tw_family == PF_INET6) {
struct ipv6_pinfo *np = inet6_sk(sk);
-diff -NurpP --minimal linux-2.6.35.4/net/ipv4/udp.c linux-2.6.35.4-vs2.3.0.36.32/net/ipv4/udp.c
---- linux-2.6.35.4/net/ipv4/udp.c 2010-08-02 16:52:59.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/net/ipv4/udp.c 2010-08-02 17:05:06.000000000 +0200
-@@ -296,14 +296,7 @@ fail:
+diff -NurpP --minimal linux-3.9.4/net/ipv4/udp.c linux-3.9.4-vs2.3.6.2/net/ipv4/udp.c
+--- linux-3.9.4/net/ipv4/udp.c 2013-05-31 13:45:32.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/net/ipv4/udp.c 2013-05-31 18:26:00.000000000 +0000
+@@ -306,14 +306,7 @@ fail:
}
EXPORT_SYMBOL(udp_lib_get_port);
static unsigned int udp4_portaddr_hash(struct net *net, __be32 saddr,
unsigned int port)
-@@ -338,6 +331,11 @@ static inline int compute_score(struct s
+@@ -348,6 +341,11 @@ static inline int compute_score(struct s
if (inet->inet_rcv_saddr != daddr)
return -1;
- score += 2;
+ score += 4;
+ } else {
+ /* block non nx_info ips */
+ if (!v4_addr_in_nx_info(sk->sk_nx_info,
}
if (inet->inet_daddr) {
if (inet->inet_daddr != saddr)
-@@ -441,6 +439,7 @@ exact_match:
+@@ -458,6 +456,7 @@ begin:
return result;
}
/* UDP is nearly always wildcards out the wazoo, it makes no sense to try
* harder than this. -DaveM
*/
-@@ -486,6 +485,11 @@ begin:
+@@ -504,6 +503,11 @@ begin:
sk_nulls_for_each_rcu(sk, node, &hslot->head) {
score = compute_score(sk, net, saddr, hnum, sport,
daddr, dport, dif);
if (score > badness) {
result = sk;
badness = score;
-@@ -499,6 +503,7 @@ begin:
+@@ -528,6 +532,7 @@ begin:
if (get_nulls_value(node) != slot)
goto begin;
+
if (result) {
- if (unlikely(!atomic_inc_not_zero(&result->sk_refcnt)))
+ if (unlikely(!atomic_inc_not_zero_hint(&result->sk_refcnt, 2)))
result = NULL;
-@@ -508,6 +513,7 @@ begin:
+@@ -537,6 +542,7 @@ begin:
goto begin;
}
}
rcu_read_unlock();
return result;
}
-@@ -550,8 +556,7 @@ static inline struct sock *udp_v4_mcast_
+@@ -580,8 +586,7 @@ static inline struct sock *udp_v4_mcast_
udp_sk(s)->udp_port_hash != hnum ||
(inet->inet_daddr && inet->inet_daddr != rmt_addr) ||
(inet->inet_dport != rmt_port && inet->inet_dport) ||
ipv6_only_sock(s) ||
(s->sk_bound_dev_if && s->sk_bound_dev_if != dif))
continue;
-@@ -900,8 +905,13 @@ int udp_sendmsg(struct kiocb *iocb, stru
- { .sport = inet->inet_sport,
- .dport = dport } } };
- struct net *net = sock_net(sk);
-+ struct nx_info *nxi = sk->sk_nx_info;
-
- security_sk_classify_flow(sk, &fl);
-+ err = ip_v4_find_src(net, nxi, &rt, &fl);
-+ if (err)
-+ goto out;
+@@ -964,6 +969,16 @@ int udp_sendmsg(struct kiocb *iocb, stru
+ inet_sk_flowi_flags(sk)|FLOWI_FLAG_CAN_SLEEP,
+ faddr, saddr, dport, inet->inet_sport);
+
++ if (sk->sk_nx_info) {
++ rt = ip_v4_find_src(net, sk->sk_nx_info, fl4);
++ if (IS_ERR(rt)) {
++ err = PTR_ERR(rt);
++ rt = NULL;
++ goto out;
++ }
++ ip_rt_put(rt);
++ }
+
- err = ip_route_output_flow(net, &rt, &fl, sk, 1);
- if (err) {
- if (err == -ENETUNREACH)
-@@ -1183,7 +1193,8 @@ try_again:
+ security_sk_classify_flow(sk, flowi4_to_flowi(fl4));
+ rt = ip_route_output_flow(net, fl4, sk);
+ if (IS_ERR(rt)) {
+@@ -1269,7 +1284,8 @@ try_again:
if (sin) {
sin->sin_family = AF_INET;
sin->sin_port = udp_hdr(skb)->source;
memset(sin->sin_zero, 0, sizeof(sin->sin_zero));
}
if (inet->cmsg_flags)
-@@ -1879,6 +1890,8 @@ static struct sock *udp_get_first(struct
+@@ -2025,6 +2041,8 @@ static struct sock *udp_get_first(struct
sk_nulls_for_each(sk, node, &hslot->head) {
if (!net_eq(sock_net(sk), net))
continue;
if (sk->sk_family == state->family)
goto found;
}
-@@ -1896,7 +1909,9 @@ static struct sock *udp_get_next(struct
+@@ -2042,7 +2060,9 @@ static struct sock *udp_get_next(struct
do {
sk = sk_nulls_next(sk);
if (!sk) {
if (state->bucket <= state->udp_table->mask)
-@@ -2003,7 +2018,10 @@ static void udp4_format_sock(struct sock
-
- seq_printf(f, "%5d: %08X:%04X %08X:%04X"
- " %02X %08X:%08X %02X:%08lX %08X %5d %8d %lu %d %p %d%n",
-- bucket, src, srcp, dest, destp, sp->sk_state,
-+ bucket,
-+ nx_map_sock_lback(current_nx_info(), src), srcp,
-+ nx_map_sock_lback(current_nx_info(), dest), destp,
-+ sp->sk_state,
- sk_wmem_alloc_get(sp),
- sk_rmem_alloc_get(sp),
- 0, 0L, 0, sock_i_uid(sp), 0, sock_i_ino(sp),
-diff -NurpP --minimal linux-2.6.35.4/net/ipv6/addrconf.c linux-2.6.35.4-vs2.3.0.36.32/net/ipv6/addrconf.c
---- linux-2.6.35.4/net/ipv6/addrconf.c 2010-08-02 16:52:59.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/net/ipv6/addrconf.c 2010-08-02 17:05:06.000000000 +0200
-@@ -87,6 +87,8 @@
+@@ -2138,8 +2158,8 @@ static void udp4_format_sock(struct sock
+ int bucket, int *len)
+ {
+ struct inet_sock *inet = inet_sk(sp);
+- __be32 dest = inet->inet_daddr;
+- __be32 src = inet->inet_rcv_saddr;
++ __be32 dest = nx_map_sock_lback(current_nx_info(), inet->inet_daddr);
++ __be32 src = nx_map_sock_lback(current_nx_info(), inet->inet_rcv_saddr);
+ __u16 destp = ntohs(inet->inet_dport);
+ __u16 srcp = ntohs(inet->inet_sport);
+
+diff -NurpP --minimal linux-3.9.4/net/ipv6/Kconfig linux-3.9.4-vs2.3.6.2/net/ipv6/Kconfig
+--- linux-3.9.4/net/ipv6/Kconfig 2013-05-31 13:45:32.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/net/ipv6/Kconfig 2013-05-31 17:17:54.000000000 +0000
+@@ -4,8 +4,8 @@
+ # IPv6 as module will cause a CRASH if you try to unload it
+ menuconfig IPV6
+- tristate "The IPv6 protocol"
+- default m
++ bool "The IPv6 protocol"
++ default n
+ ---help---
+ This is complemental support for the IP version 6.
+ You will still be able to do traditional IPv4 networking as well.
+diff -NurpP --minimal linux-3.9.4/net/ipv6/addrconf.c linux-3.9.4-vs2.3.6.2/net/ipv6/addrconf.c
+--- linux-3.9.4/net/ipv6/addrconf.c 2013-05-31 13:45:32.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/net/ipv6/addrconf.c 2013-05-31 20:07:39.000000000 +0000
+@@ -93,6 +93,8 @@
#include <linux/proc_fs.h>
#include <linux/seq_file.h>
+ #include <linux/export.h>
+#include <linux/vs_network.h>
+#include <linux/vs_inet6.h>
/* Set to 3 to get tracing... */
#define ACONF_DEBUG 2
-@@ -1117,7 +1119,7 @@ out:
+@@ -1250,7 +1252,7 @@ out:
- int ipv6_dev_get_saddr(struct net *net, struct net_device *dst_dev,
+ int ipv6_dev_get_saddr(struct net *net, const struct net_device *dst_dev,
const struct in6_addr *daddr, unsigned int prefs,
- struct in6_addr *saddr)
+ struct in6_addr *saddr, struct nx_info *nxi)
{
struct ipv6_saddr_score scores[2],
*score = &scores[0], *hiscore = &scores[1];
-@@ -1189,6 +1191,8 @@ int ipv6_dev_get_saddr(struct net *net,
+@@ -1322,6 +1324,8 @@ int ipv6_dev_get_saddr(struct net *net,
dev->name);
continue;
}
score->rule = -1;
bitmap_zero(score->scorebits, IPV6_SADDR_RULE_MAX);
-@@ -3074,7 +3078,10 @@ static void if6_seq_stop(struct seq_file
+@@ -3311,7 +3315,10 @@ static void if6_seq_stop(struct seq_file
static int if6_seq_show(struct seq_file *seq, void *v)
{
struct inet6_ifaddr *ifp = (struct inet6_ifaddr *)v;
&ifp->addr,
ifp->idev->dev->ifindex,
ifp->prefix_len,
-@@ -3578,6 +3585,11 @@ static int in6_dump_addrs(struct inet6_d
+@@ -3815,6 +3822,11 @@ static int in6_dump_addrs(struct inet6_d
struct ifacaddr6 *ifaca;
int err = 1;
int ip_idx = *p_ip_idx;
read_lock_bh(&idev->lock);
switch (type) {
-@@ -3588,6 +3600,8 @@ static int in6_dump_addrs(struct inet6_d
+@@ -3825,6 +3837,8 @@ static int in6_dump_addrs(struct inet6_d
list_for_each_entry(ifa, &idev->addr_list, if_list) {
if (++ip_idx < s_ip_idx)
continue;
+ if (!v6_addr_in_nx_info(nxi, &ifa->addr, -1))
+ continue;
err = inet6_fill_ifaddr(skb, ifa,
- NETLINK_CB(cb->skb).pid,
+ NETLINK_CB(cb->skb).portid,
cb->nlh->nlmsg_seq,
-@@ -3604,6 +3618,8 @@ static int in6_dump_addrs(struct inet6_d
+@@ -3841,6 +3855,8 @@ static int in6_dump_addrs(struct inet6_d
ifmca = ifmca->next, ip_idx++) {
if (ip_idx < s_ip_idx)
continue;
+ if (!v6_addr_in_nx_info(nxi, &ifmca->mca_addr, -1))
+ continue;
err = inet6_fill_ifmcaddr(skb, ifmca,
- NETLINK_CB(cb->skb).pid,
+ NETLINK_CB(cb->skb).portid,
cb->nlh->nlmsg_seq,
-@@ -3619,6 +3635,8 @@ static int in6_dump_addrs(struct inet6_d
+@@ -3856,6 +3872,8 @@ static int in6_dump_addrs(struct inet6_d
ifaca = ifaca->aca_next, ip_idx++) {
if (ip_idx < s_ip_idx)
continue;
+ if (!v6_addr_in_nx_info(nxi, &ifaca->aca_addr, -1))
+ continue;
err = inet6_fill_ifacaddr(skb, ifaca,
- NETLINK_CB(cb->skb).pid,
+ NETLINK_CB(cb->skb).portid,
cb->nlh->nlmsg_seq,
-@@ -3950,6 +3968,11 @@ static int inet6_dump_ifinfo(struct sk_b
+@@ -3884,6 +3902,10 @@ static int inet6_dump_addr(struct sk_buf
struct inet6_dev *idev;
struct hlist_head *head;
- struct hlist_node *node;
-+ struct nx_info *nxi = skb->sk ? skb->sk->sk_nx_info : NULL;
-+
+
+ /* FIXME: maybe disable ipv6 on non v6 guests?
+ if (skb->sk && skb->sk->sk_vx_info)
+ return skb->len; */
++
+ s_h = cb->args[0];
+ s_idx = idx = cb->args[1];
+ s_ip_idx = ip_idx = cb->args[2];
+@@ -4238,6 +4260,7 @@ static int inet6_dump_ifinfo(struct sk_b
+ struct net_device *dev;
+ struct inet6_dev *idev;
+ struct hlist_head *head;
++ struct nx_info *nxi = skb->sk ? skb->sk->sk_nx_info : NULL;
s_h = cb->args[0];
s_idx = cb->args[1];
-@@ -3961,6 +3984,8 @@ static int inet6_dump_ifinfo(struct sk_b
- hlist_for_each_entry_rcu(dev, node, head, index_hlist) {
+@@ -4249,6 +4272,8 @@ static int inet6_dump_ifinfo(struct sk_b
+ hlist_for_each_entry_rcu(dev, head, index_hlist) {
if (idx < s_idx)
goto cont;
+ if (!v6_dev_in_nx_info(dev, nxi))
idev = __in6_dev_get(dev);
if (!idev)
goto cont;
-diff -NurpP --minimal linux-2.6.35.4/net/ipv6/af_inet6.c linux-2.6.35.4-vs2.3.0.36.32/net/ipv6/af_inet6.c
---- linux-2.6.35.4/net/ipv6/af_inet6.c 2010-08-02 16:52:59.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/net/ipv6/af_inet6.c 2010-08-02 17:05:06.000000000 +0200
-@@ -42,6 +42,8 @@
+diff -NurpP --minimal linux-3.9.4/net/ipv6/af_inet6.c linux-3.9.4-vs2.3.6.2/net/ipv6/af_inet6.c
+--- linux-3.9.4/net/ipv6/af_inet6.c 2013-05-31 13:45:32.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/net/ipv6/af_inet6.c 2013-05-31 20:04:41.000000000 +0000
+@@ -43,6 +43,8 @@
#include <linux/netdevice.h>
#include <linux/icmpv6.h>
#include <linux/netfilter_ipv6.h>
#include <net/ip.h>
#include <net/ipv6.h>
-@@ -160,9 +162,12 @@ lookup_protocol:
+@@ -160,10 +162,13 @@ lookup_protocol:
}
err = -EPERM;
+ if ((protocol == IPPROTO_ICMPV6) &&
+ nx_capable(CAP_NET_RAW, NXC_RAW_ICMP))
+ goto override;
- if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
+ if (sock->type == SOCK_RAW && !kern &&
+ !ns_capable(net->user_ns, CAP_NET_RAW))
goto out_rcu_unlock;
-
+override:
sock->ops = answer->ops;
answer_prot = answer->prot;
answer_no_check = answer->no_check;
-@@ -261,6 +266,7 @@ int inet6_bind(struct socket *sock, stru
+@@ -263,6 +268,7 @@ int inet6_bind(struct socket *sock, stru
struct inet_sock *inet = inet_sk(sk);
struct ipv6_pinfo *np = inet6_sk(sk);
struct net *net = sock_net(sk);
__be32 v4addr = 0;
unsigned short snum;
int addr_type = 0;
-@@ -272,6 +278,11 @@ int inet6_bind(struct socket *sock, stru
+@@ -278,6 +284,10 @@ int inet6_bind(struct socket *sock, stru
+ if (addr->sin6_family != AF_INET6)
+ return -EAFNOSUPPORT;
- if (addr_len < SIN6_LEN_RFC2133)
- return -EINVAL;
-+
+ err = v6_map_sock_addr(inet, addr, &nsa);
+ if (err)
+ return err;
addr_type = ipv6_addr_type(&addr->sin6_addr);
if ((addr_type & IPV6_ADDR_MULTICAST) && sock->type == SOCK_STREAM)
return -EINVAL;
-@@ -303,6 +314,7 @@ int inet6_bind(struct socket *sock, stru
- /* Reproduce AF_INET checks to make the bindings consitant */
+@@ -309,6 +319,7 @@ int inet6_bind(struct socket *sock, stru
+ /* Reproduce AF_INET checks to make the bindings consistent */
v4addr = addr->sin6_addr.s6_addr32[3];
chk_addr_ret = inet_addr_type(net, v4addr);
+
if (!sysctl_ip_nonlocal_bind &&
!(inet->freebind || inet->transparent) &&
v4addr != htonl(INADDR_ANY) &&
-@@ -312,6 +324,10 @@ int inet6_bind(struct socket *sock, stru
+@@ -318,6 +329,10 @@ int inet6_bind(struct socket *sock, stru
err = -EADDRNOTAVAIL;
goto out;
}
} else {
if (addr_type != IPV6_ADDR_ANY) {
struct net_device *dev = NULL;
-@@ -338,6 +354,11 @@ int inet6_bind(struct socket *sock, stru
+@@ -344,6 +359,11 @@ int inet6_bind(struct socket *sock, stru
}
}
+ if (!v6_addr_in_nx_info(sk->sk_nx_info, &addr->sin6_addr, -1)) {
+ err = -EADDRNOTAVAIL;
-+ goto out;
++ goto out_unlock;
+ }
+
/* ipv4 addr of the socket is invalid. Only the
* unspecified and mapped address have a v4 equivalent.
*/
-@@ -353,6 +374,9 @@ int inet6_bind(struct socket *sock, stru
+@@ -360,6 +380,9 @@ int inet6_bind(struct socket *sock, stru
}
}
inet->inet_rcv_saddr = v4addr;
inet->inet_saddr = v4addr;
-@@ -454,9 +478,11 @@ int inet6_getname(struct socket *sock, s
+@@ -461,9 +484,11 @@ int inet6_getname(struct socket *sock, s
return -ENOTCONN;
sin->sin6_port = inet->inet_dport;
- ipv6_addr_copy(&sin->sin6_addr, &np->daddr);
+ sin->sin6_addr = np->daddr;
+ /* FIXME: remap lback? */
if (np->sndflow)
sin->sin6_flowinfo = np->flow_label;
} else {
+ /* FIXME: remap lback? */
if (ipv6_addr_any(&np->rcv_saddr))
- ipv6_addr_copy(&sin->sin6_addr, &np->saddr);
+ sin->sin6_addr = np->saddr;
else
-diff -NurpP --minimal linux-2.6.35.4/net/ipv6/fib6_rules.c linux-2.6.35.4-vs2.3.0.36.32/net/ipv6/fib6_rules.c
---- linux-2.6.35.4/net/ipv6/fib6_rules.c 2010-08-02 16:52:59.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/net/ipv6/fib6_rules.c 2010-08-02 17:05:06.000000000 +0200
-@@ -89,7 +89,7 @@ static int fib6_rule_action(struct fib_r
- ip6_dst_idev(&rt->u.dst)->dev,
- &flp->fl6_dst,
+diff -NurpP --minimal linux-3.9.4/net/ipv6/datagram.c linux-3.9.4-vs2.3.6.2/net/ipv6/datagram.c
+--- linux-3.9.4/net/ipv6/datagram.c 2013-05-31 13:45:32.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/net/ipv6/datagram.c 2013-05-31 17:17:54.000000000 +0000
+@@ -648,7 +648,7 @@ int ip6_datagram_send_ctl(struct net *ne
+
+ rcu_read_lock();
+ if (fl6->flowi6_oif) {
+- dev = dev_get_by_index_rcu(net, fl6->flowi6_oif);
++ dev = dev_get_by_index_real_rcu(net, fl6->flowi6_oif);
+ if (!dev) {
+ rcu_read_unlock();
+ return -ENODEV;
+diff -NurpP --minimal linux-3.9.4/net/ipv6/fib6_rules.c linux-3.9.4-vs2.3.6.2/net/ipv6/fib6_rules.c
+--- linux-3.9.4/net/ipv6/fib6_rules.c 2013-02-19 13:58:58.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/net/ipv6/fib6_rules.c 2013-05-31 17:17:54.000000000 +0000
+@@ -90,7 +90,7 @@ static int fib6_rule_action(struct fib_r
+ ip6_dst_idev(&rt->dst)->dev,
+ &flp6->daddr,
rt6_flags2srcprefs(flags),
- &saddr))
+ &saddr, NULL))
goto again;
if (!ipv6_prefix_equal(&saddr, &r->src.addr,
r->src.plen))
-diff -NurpP --minimal linux-2.6.35.4/net/ipv6/inet6_hashtables.c linux-2.6.35.4-vs2.3.0.36.32/net/ipv6/inet6_hashtables.c
---- linux-2.6.35.4/net/ipv6/inet6_hashtables.c 2010-02-25 11:52:10.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/net/ipv6/inet6_hashtables.c 2010-08-02 17:05:06.000000000 +0200
+diff -NurpP --minimal linux-3.9.4/net/ipv6/inet6_hashtables.c linux-3.9.4-vs2.3.6.2/net/ipv6/inet6_hashtables.c
+--- linux-3.9.4/net/ipv6/inet6_hashtables.c 2013-05-31 13:45:32.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/net/ipv6/inet6_hashtables.c 2013-05-31 17:17:54.000000000 +0000
@@ -16,6 +16,7 @@
#include <linux/module.h>
#include <net/inet_connection_sock.h>
#include <net/inet_hashtables.h>
-@@ -82,7 +83,6 @@ struct sock *__inet6_lookup_established(
+@@ -83,7 +84,6 @@ struct sock *__inet6_lookup_established(
unsigned int slot = hash & hashinfo->ehash_mask;
struct inet_ehash_bucket *head = &hashinfo->ehash[slot];
rcu_read_lock();
begin:
sk_nulls_for_each_rcu(sk, node, &head->chain) {
-@@ -94,7 +94,7 @@ begin:
+@@ -97,7 +97,7 @@ begin:
sock_put(sk);
goto begin;
}
}
}
if (get_nulls_value(node) != slot)
-@@ -140,6 +140,9 @@ static int inline compute_score(struct s
+@@ -147,6 +147,9 @@ static inline int compute_score(struct s
if (!ipv6_addr_equal(&np->rcv_saddr, daddr))
return -1;
score++;
}
if (sk->sk_bound_dev_if) {
if (sk->sk_bound_dev_if != dif)
-diff -NurpP --minimal linux-2.6.35.4/net/ipv6/ip6_output.c linux-2.6.35.4-vs2.3.0.36.32/net/ipv6/ip6_output.c
---- linux-2.6.35.4/net/ipv6/ip6_output.c 2010-08-02 16:52:59.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/net/ipv6/ip6_output.c 2010-08-02 17:05:06.000000000 +0200
-@@ -930,7 +930,7 @@ static int ip6_dst_lookup_tail(struct so
- err = ipv6_dev_get_saddr(net, ip6_dst_idev(*dst)->dev,
- &fl->fl6_dst,
- sk ? inet6_sk(sk)->srcprefs : 0,
-- &fl->fl6_src);
-+ &fl->fl6_src, sk->sk_nx_info);
+diff -NurpP --minimal linux-3.9.4/net/ipv6/ip6_output.c linux-3.9.4-vs2.3.6.2/net/ipv6/ip6_output.c
+--- linux-3.9.4/net/ipv6/ip6_output.c 2013-05-31 13:45:32.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/net/ipv6/ip6_output.c 2013-05-31 17:17:54.000000000 +0000
+@@ -877,7 +877,8 @@ static int ip6_dst_lookup_tail(struct so
+ struct rt6_info *rt = (struct rt6_info *) *dst;
+ err = ip6_route_get_saddr(net, rt, &fl6->daddr,
+ sk ? inet6_sk(sk)->srcprefs : 0,
+- &fl6->saddr);
++ &fl6->saddr,
++ sk ? sk->sk_nx_info : NULL);
if (err)
goto out_err_release;
}
-diff -NurpP --minimal linux-2.6.35.4/net/ipv6/Kconfig linux-2.6.35.4-vs2.3.0.36.32/net/ipv6/Kconfig
---- linux-2.6.35.4/net/ipv6/Kconfig 2010-08-02 16:52:59.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/net/ipv6/Kconfig 2010-08-02 17:05:06.000000000 +0200
-@@ -4,8 +4,8 @@
-
- # IPv6 as module will cause a CRASH if you try to unload it
- menuconfig IPV6
-- tristate "The IPv6 protocol"
-- default m
-+ bool "The IPv6 protocol"
-+ default n
- ---help---
- This is complemental support for the IP version 6.
- You will still be able to do traditional IPv4 networking as well.
-diff -NurpP --minimal linux-2.6.35.4/net/ipv6/ndisc.c linux-2.6.35.4-vs2.3.0.36.32/net/ipv6/ndisc.c
---- linux-2.6.35.4/net/ipv6/ndisc.c 2010-08-02 16:53:00.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/net/ipv6/ndisc.c 2010-08-02 17:05:06.000000000 +0200
-@@ -591,7 +591,7 @@ static void ndisc_send_na(struct net_dev
+diff -NurpP --minimal linux-3.9.4/net/ipv6/ndisc.c linux-3.9.4-vs2.3.6.2/net/ipv6/ndisc.c
+--- linux-3.9.4/net/ipv6/ndisc.c 2013-05-31 13:45:32.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/net/ipv6/ndisc.c 2013-05-31 17:17:54.000000000 +0000
+@@ -485,7 +485,7 @@ static void ndisc_send_na(struct net_dev
} else {
if (ipv6_dev_get_saddr(dev_net(dev), dev, daddr,
inet6_sk(dev_net(dev)->ipv6.ndisc_sk)->srcprefs,
- &tmpaddr))
-+ &tmpaddr, NULL /* FIXME: ? */ ))
++ &tmpaddr, NULL))
return;
src_addr = &tmpaddr;
}
-diff -NurpP --minimal linux-2.6.35.4/net/ipv6/raw.c linux-2.6.35.4-vs2.3.0.36.32/net/ipv6/raw.c
---- linux-2.6.35.4/net/ipv6/raw.c 2010-08-02 16:53:00.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/net/ipv6/raw.c 2010-08-02 17:05:06.000000000 +0200
+diff -NurpP --minimal linux-3.9.4/net/ipv6/netfilter/ip6t_MASQUERADE.c linux-3.9.4-vs2.3.6.2/net/ipv6/netfilter/ip6t_MASQUERADE.c
+--- linux-3.9.4/net/ipv6/netfilter/ip6t_MASQUERADE.c 2012-12-11 03:30:57.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/net/ipv6/netfilter/ip6t_MASQUERADE.c 2013-05-31 17:17:54.000000000 +0000
+@@ -34,7 +34,7 @@ masquerade_tg6(struct sk_buff *skb, cons
+ ctinfo == IP_CT_RELATED_REPLY));
+
+ if (ipv6_dev_get_saddr(dev_net(par->out), par->out,
+- &ipv6_hdr(skb)->daddr, 0, &src) < 0)
++ &ipv6_hdr(skb)->daddr, 0, &src, NULL) < 0)
+ return NF_DROP;
+
+ nfct_nat(ct)->masq_index = par->out->ifindex;
+diff -NurpP --minimal linux-3.9.4/net/ipv6/raw.c linux-3.9.4-vs2.3.6.2/net/ipv6/raw.c
+--- linux-3.9.4/net/ipv6/raw.c 2013-05-31 13:45:32.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/net/ipv6/raw.c 2013-05-31 17:17:54.000000000 +0000
@@ -30,6 +30,7 @@
#include <linux/icmpv6.h>
#include <linux/netfilter.h>
#include <linux/netfilter_ipv6.h>
+#include <linux/vs_inet6.h>
#include <linux/skbuff.h>
+ #include <linux/compat.h>
#include <asm/uaccess.h>
- #include <asm/ioctls.h>
@@ -283,6 +284,13 @@ static int rawv6_bind(struct sock *sk, s
goto out_unlock;
}
/* ipv4 addr of the socket is invalid. Only the
* unspecified and mapped address have a v4 equivalent.
*/
-diff -NurpP --minimal linux-2.6.35.4/net/ipv6/route.c linux-2.6.35.4-vs2.3.0.36.32/net/ipv6/route.c
---- linux-2.6.35.4/net/ipv6/route.c 2010-08-02 16:53:00.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/net/ipv6/route.c 2010-08-02 17:05:06.000000000 +0200
-@@ -2255,7 +2255,8 @@ static int rt6_fill_node(struct net *net
- struct inet6_dev *idev = ip6_dst_idev(&rt->u.dst);
+diff -NurpP --minimal linux-3.9.4/net/ipv6/route.c linux-3.9.4-vs2.3.6.2/net/ipv6/route.c
+--- linux-3.9.4/net/ipv6/route.c 2013-05-31 13:45:32.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/net/ipv6/route.c 2013-05-31 18:10:38.000000000 +0000
+@@ -58,6 +58,7 @@
+ #include <net/netevent.h>
+ #include <net/netlink.h>
+ #include <net/nexthop.h>
++#include <linux/vs_inet6.h>
+
+ #include <asm/uaccess.h>
+
+@@ -2079,15 +2080,17 @@ int ip6_route_get_saddr(struct net *net,
+ struct rt6_info *rt,
+ const struct in6_addr *daddr,
+ unsigned int prefs,
+- struct in6_addr *saddr)
++ struct in6_addr *saddr,
++ struct nx_info *nxi)
+ {
+ struct inet6_dev *idev = ip6_dst_idev((struct dst_entry*)rt);
+ int err = 0;
+- if (rt->rt6i_prefsrc.plen)
++ if (rt->rt6i_prefsrc.plen && (!nxi ||
++ v6_addr_in_nx_info(nxi, &rt->rt6i_prefsrc.addr, NXA_TYPE_ADDR)))
+ *saddr = rt->rt6i_prefsrc.addr;
+ else
+ err = ipv6_dev_get_saddr(net, idev ? idev->dev : NULL,
+- daddr, prefs, saddr);
++ daddr, prefs, saddr, nxi);
+ return err;
+ }
+
+@@ -2507,7 +2510,8 @@ static int rt6_fill_node(struct net *net
+ goto nla_put_failure;
+ } else if (dst) {
struct in6_addr saddr_buf;
- if (ipv6_dev_get_saddr(net, idev ? idev->dev : NULL,
-- dst, 0, &saddr_buf) == 0)
-+ dst, 0, &saddr_buf,
-+ (skb->sk ? skb->sk->sk_nx_info : NULL)) == 0)
- NLA_PUT(skb, RTA_PREFSRC, 16, &saddr_buf);
+- if (ip6_route_get_saddr(net, rt, dst, 0, &saddr_buf) == 0 &&
++ if (ip6_route_get_saddr(net, rt, dst, 0, &saddr_buf,
++ (skb->sk ? skb->sk->sk_nx_info : NULL)) == 0 &&
+ nla_put(skb, RTA_PREFSRC, 16, &saddr_buf))
+ goto nla_put_failure;
}
+@@ -2719,6 +2723,7 @@ static int rt6_info_route(struct rt6_inf
+ {
+ struct seq_file *m = p_arg;
-diff -NurpP --minimal linux-2.6.35.4/net/ipv6/tcp_ipv6.c linux-2.6.35.4-vs2.3.0.36.32/net/ipv6/tcp_ipv6.c
---- linux-2.6.35.4/net/ipv6/tcp_ipv6.c 2010-08-02 16:53:00.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/net/ipv6/tcp_ipv6.c 2010-08-02 17:05:06.000000000 +0200
-@@ -69,6 +69,7 @@
++ /* FIXME: check for network context? */
+ seq_printf(m, "%pi6 %02x ", &rt->rt6i_dst.addr, rt->rt6i_dst.plen);
+
+ #ifdef CONFIG_IPV6_SUBTREES
+diff -NurpP --minimal linux-3.9.4/net/ipv6/tcp_ipv6.c linux-3.9.4-vs2.3.6.2/net/ipv6/tcp_ipv6.c
+--- linux-3.9.4/net/ipv6/tcp_ipv6.c 2013-05-31 14:22:27.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/net/ipv6/tcp_ipv6.c 2013-05-31 17:17:54.000000000 +0000
+@@ -71,6 +71,7 @@
#include <linux/crypto.h>
#include <linux/scatterlist.h>
static void tcp_v6_send_reset(struct sock *sk, struct sk_buff *skb);
static void tcp_v6_reqsk_send_ack(struct sock *sk, struct sk_buff *skb,
-@@ -160,8 +161,15 @@ static int tcp_v6_connect(struct sock *s
+@@ -164,8 +165,15 @@ static int tcp_v6_connect(struct sock *s
* connect() to INADDR_ANY means loopback (BSD'ism).
*/
addr_type = ipv6_addr_type(&usin->sin6_addr);
-diff -NurpP --minimal linux-2.6.35.4/net/ipv6/udp.c linux-2.6.35.4-vs2.3.0.36.32/net/ipv6/udp.c
---- linux-2.6.35.4/net/ipv6/udp.c 2010-08-02 16:53:00.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/net/ipv6/udp.c 2010-08-02 17:05:06.000000000 +0200
-@@ -48,13 +48,14 @@
+diff -NurpP --minimal linux-3.9.4/net/ipv6/udp.c linux-3.9.4-vs2.3.6.2/net/ipv6/udp.c
+--- linux-3.9.4/net/ipv6/udp.c 2013-05-31 14:22:27.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/net/ipv6/udp.c 2013-05-31 18:16:01.000000000 +0000
+@@ -46,42 +46,68 @@
+ #include <net/ip6_checksum.h>
+ #include <net/xfrm.h>
+ #include <net/inet6_hashtables.h>
++#include <linux/vs_inet6.h>
#include <linux/proc_fs.h>
#include <linux/seq_file.h>
-+#include <linux/vs_inet6.h>
+ #include <trace/events/skb.h>
#include "udp_impl.h"
- int ipv6_rcv_saddr_equal(const struct sock *sk, const struct sock *sk2)
+-int ipv6_rcv_saddr_equal(const struct sock *sk, const struct sock *sk2)
++int ipv6_rcv_saddr_equal(const struct sock *sk1, const struct sock *sk2)
{
- const struct in6_addr *sk_rcv_saddr6 = &inet6_sk(sk)->rcv_saddr;
+- const struct in6_addr *sk_rcv_saddr6 = &inet6_sk(sk)->rcv_saddr;
++ const struct in6_addr *sk1_rcv_saddr6 = &inet6_sk(sk1)->rcv_saddr;
const struct in6_addr *sk2_rcv_saddr6 = inet6_rcv_saddr(sk2);
-- __be32 sk1_rcv_saddr = inet_sk(sk)->inet_rcv_saddr;
-+ __be32 sk_rcv_saddr = inet_sk(sk)->inet_rcv_saddr;
- __be32 sk2_rcv_saddr = inet_rcv_saddr(sk2);
- int sk_ipv6only = ipv6_only_sock(sk);
+- __be32 sk1_rcv_saddr = sk_rcv_saddr(sk);
++ __be32 sk1_rcv_saddr = sk_rcv_saddr(sk1);
+ __be32 sk2_rcv_saddr = sk_rcv_saddr(sk2);
+- int sk_ipv6only = ipv6_only_sock(sk);
++ int sk1_ipv6only = ipv6_only_sock(sk1);
int sk2_ipv6only = inet_v6_ipv6only(sk2);
-@@ -62,24 +63,49 @@ int ipv6_rcv_saddr_equal(const struct so
+- int addr_type = ipv6_addr_type(sk_rcv_saddr6);
++ int addr_type = ipv6_addr_type(sk1_rcv_saddr6);
int addr_type2 = sk2_rcv_saddr6 ? ipv6_addr_type(sk2_rcv_saddr6) : IPV6_ADDR_MAPPED;
/* if both are mapped, treat as IPv4 */
- if (addr_type == IPV6_ADDR_MAPPED && addr_type2 == IPV6_ADDR_MAPPED)
- return (!sk2_ipv6only &&
-- (!sk1_rcv_saddr || !sk2_rcv_saddr ||
-- sk1_rcv_saddr == sk2_rcv_saddr));
+ if (addr_type == IPV6_ADDR_MAPPED && addr_type2 == IPV6_ADDR_MAPPED) {
+ if (!sk2_ipv6only &&
-+ (!sk_rcv_saddr || !sk2_rcv_saddr ||
-+ sk_rcv_saddr == sk2_rcv_saddr))
+ (!sk1_rcv_saddr || !sk2_rcv_saddr ||
+- sk1_rcv_saddr == sk2_rcv_saddr));
++ sk1_rcv_saddr == sk2_rcv_saddr))
+ goto vs_v4;
+ else
+ return 0;
+ goto vs;
if (addr_type == IPV6_ADDR_ANY &&
- !(sk_ipv6only && addr_type2 == IPV6_ADDR_MAPPED))
+- !(sk_ipv6only && addr_type2 == IPV6_ADDR_MAPPED))
- return 1;
++ !(sk1_ipv6only && addr_type2 == IPV6_ADDR_MAPPED))
+ goto vs;
if (sk2_rcv_saddr6 &&
- ipv6_addr_equal(sk_rcv_saddr6, sk2_rcv_saddr6))
+- ipv6_addr_equal(sk_rcv_saddr6, sk2_rcv_saddr6))
- return 1;
++ ipv6_addr_equal(sk1_rcv_saddr6, sk2_rcv_saddr6))
+ goto vs;
return 0;
+
+vs_v4:
-+ if (!sk_rcv_saddr && !sk2_rcv_saddr)
-+ return nx_v4_addr_conflict(sk->sk_nx_info, sk2->sk_nx_info);
++ if (!sk1_rcv_saddr && !sk2_rcv_saddr)
++ return nx_v4_addr_conflict(sk1->sk_nx_info, sk2->sk_nx_info);
+ if (!sk2_rcv_saddr)
-+ return v4_addr_in_nx_info(sk->sk_nx_info, sk2_rcv_saddr, -1);
-+ if (!sk_rcv_saddr)
-+ return v4_addr_in_nx_info(sk2->sk_nx_info, sk_rcv_saddr, -1);
++ return v4_addr_in_nx_info(sk1->sk_nx_info, sk2_rcv_saddr, -1);
++ if (!sk1_rcv_saddr)
++ return v4_addr_in_nx_info(sk2->sk_nx_info, sk1_rcv_saddr, -1);
+ return 1;
+vs:
+ if (addr_type2 == IPV6_ADDR_ANY && addr_type == IPV6_ADDR_ANY)
-+ return nx_v6_addr_conflict(sk->sk_nx_info, sk2->sk_nx_info);
++ return nx_v6_addr_conflict(sk1->sk_nx_info, sk2->sk_nx_info);
+ else if (addr_type2 == IPV6_ADDR_ANY)
-+ return v6_addr_in_nx_info(sk2->sk_nx_info, sk_rcv_saddr6, -1);
++ return v6_addr_in_nx_info(sk2->sk_nx_info, sk1_rcv_saddr6, -1);
+ else if (addr_type == IPV6_ADDR_ANY) {
+ if (addr_type2 == IPV6_ADDR_MAPPED)
-+ return nx_v4_addr_conflict(sk->sk_nx_info, sk2->sk_nx_info);
++ return nx_v4_addr_conflict(sk1->sk_nx_info, sk2->sk_nx_info);
+ else
-+ return v6_addr_in_nx_info(sk->sk_nx_info, sk2_rcv_saddr6, -1);
++ return v6_addr_in_nx_info(sk1->sk_nx_info, sk2_rcv_saddr6, -1);
+ }
+ return 1;
}
static unsigned int udp6_portaddr_hash(struct net *net,
-@@ -134,6 +160,10 @@ static inline int compute_score(struct s
+@@ -145,6 +171,10 @@ static inline int compute_score(struct s
if (!ipv6_addr_equal(&np->rcv_saddr, daddr))
return -1;
score++;
}
if (!ipv6_addr_any(&np->daddr)) {
if (!ipv6_addr_equal(&np->daddr, saddr))
-diff -NurpP --minimal linux-2.6.35.4/net/ipv6/xfrm6_policy.c linux-2.6.35.4-vs2.3.0.36.32/net/ipv6/xfrm6_policy.c
---- linux-2.6.35.4/net/ipv6/xfrm6_policy.c 2010-08-02 16:53:00.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/net/ipv6/xfrm6_policy.c 2010-08-02 17:05:06.000000000 +0200
-@@ -62,7 +62,7 @@ static int xfrm6_get_saddr(struct net *n
+diff -NurpP --minimal linux-3.9.4/net/ipv6/xfrm6_policy.c linux-3.9.4-vs2.3.6.2/net/ipv6/xfrm6_policy.c
+--- linux-3.9.4/net/ipv6/xfrm6_policy.c 2013-05-31 14:22:27.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/net/ipv6/xfrm6_policy.c 2013-05-31 17:17:54.000000000 +0000
+@@ -63,7 +63,7 @@ static int xfrm6_get_saddr(struct net *n
dev = ip6_dst_idev(dst)->dev;
ipv6_dev_get_saddr(dev_net(dev), dev,
(struct in6_addr *)&daddr->a6, 0,
dst_release(dst);
return 0;
}
-diff -NurpP --minimal linux-2.6.35.4/net/netlink/af_netlink.c linux-2.6.35.4-vs2.3.0.36.32/net/netlink/af_netlink.c
---- linux-2.6.35.4/net/netlink/af_netlink.c 2010-09-05 01:41:57.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/net/netlink/af_netlink.c 2010-09-06 02:59:52.000000000 +0200
+diff -NurpP --minimal linux-3.9.4/net/netfilter/ipvs/ip_vs_xmit.c linux-3.9.4-vs2.3.6.2/net/netfilter/ipvs/ip_vs_xmit.c
+--- linux-3.9.4/net/netfilter/ipvs/ip_vs_xmit.c 2013-02-19 13:58:59.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/net/netfilter/ipvs/ip_vs_xmit.c 2013-05-31 17:17:54.000000000 +0000
+@@ -273,7 +273,7 @@ __ip_vs_route_output_v6(struct net *net,
+ return dst;
+ if (ipv6_addr_any(&fl6.saddr) &&
+ ipv6_dev_get_saddr(net, ip6_dst_idev(dst)->dev,
+- &fl6.daddr, 0, &fl6.saddr) < 0)
++ &fl6.daddr, 0, &fl6.saddr, NULL) < 0)
+ goto out_err;
+ if (do_xfrm) {
+ dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), NULL, 0);
+diff -NurpP --minimal linux-3.9.4/net/netlink/af_netlink.c linux-3.9.4-vs2.3.6.2/net/netlink/af_netlink.c
+--- linux-3.9.4/net/netlink/af_netlink.c 2013-05-31 13:45:33.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/net/netlink/af_netlink.c 2013-05-31 17:17:54.000000000 +0000
@@ -55,6 +55,9 @@
#include <linux/types.h>
#include <linux/audit.h>
#include <net/net_namespace.h>
#include <net/sock.h>
-@@ -1922,6 +1925,8 @@ static struct sock *netlink_seq_socket_i
- sk_for_each(s, node, &hash->table[j]) {
+@@ -1976,6 +1979,8 @@ static struct sock *netlink_seq_socket_i
+ sk_for_each(s, &hash->table[j]) {
if (sock_net(s) != seq_file_net(seq))
continue;
+ if (!nx_check(s->sk_nid, VS_WATCH_P | VS_IDENT))
if (off == pos) {
iter->link = i;
iter->hash_idx = j;
-@@ -1956,7 +1961,8 @@ static void *netlink_seq_next(struct seq
+@@ -2010,7 +2015,8 @@ static void *netlink_seq_next(struct seq
s = v;
do {
s = sk_next(s);
if (s)
return s;
-@@ -1968,7 +1974,8 @@ static void *netlink_seq_next(struct seq
+@@ -2022,7 +2028,8 @@ static void *netlink_seq_next(struct seq
for (; j <= hash->mask; j++) {
s = sk_head(&hash->table[j]);
s = sk_next(s);
if (s) {
iter->link = i;
-diff -NurpP --minimal linux-2.6.35.4/net/sctp/ipv6.c linux-2.6.35.4-vs2.3.0.36.32/net/sctp/ipv6.c
---- linux-2.6.35.4/net/sctp/ipv6.c 2010-08-02 16:53:01.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/net/sctp/ipv6.c 2010-08-02 17:05:06.000000000 +0200
-@@ -304,7 +304,8 @@ static void sctp_v6_get_saddr(struct sct
- dst ? ip6_dst_idev(dst)->dev : NULL,
- &daddr->v6.sin6_addr,
- inet6_sk(&sk->inet.sk)->srcprefs,
-- &saddr->v6.sin6_addr);
-+ &saddr->v6.sin6_addr,
-+ asoc->base.sk->sk_nx_info);
- SCTP_DEBUG_PRINTK("saddr from ipv6_get_saddr: %pI6\n",
- &saddr->v6.sin6_addr);
- return;
-diff -NurpP --minimal linux-2.6.35.4/net/socket.c linux-2.6.35.4-vs2.3.0.36.32/net/socket.c
---- linux-2.6.35.4/net/socket.c 2010-08-02 16:53:02.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/net/socket.c 2010-08-02 17:05:06.000000000 +0200
+diff -NurpP --minimal linux-3.9.4/net/socket.c linux-3.9.4-vs2.3.6.2/net/socket.c
+--- linux-3.9.4/net/socket.c 2013-05-31 13:45:33.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/net/socket.c 2013-05-31 17:17:54.000000000 +0000
@@ -98,6 +98,10 @@
#include <net/sock.h>
#include <linux/if_tun.h>
#include <linux/ipv6_route.h>
-@@ -557,7 +561,7 @@ static inline int __sock_sendmsg(struct
- struct msghdr *msg, size_t size)
+@@ -617,13 +621,29 @@ static inline int __sock_sendmsg_nosec(s
+ struct msghdr *msg, size_t size)
{
struct sock_iocb *si = kiocb_to_siocb(iocb);
-- int err;
-+ int err, len;
++ size_t len;
- sock_update_classid(sock->sk);
-
-@@ -570,7 +574,22 @@ static inline int __sock_sendmsg(struct
- if (err)
- return err;
+ si->sock = sock;
+ si->scm = NULL;
+ si->msg = msg;
+ si->size = size;
- return sock->ops->sendmsg(iocb, sock, msg, size);
+ len = sock->ops->sendmsg(iocb, sock, msg, size);
+ vx_sock_fail(sock->sk, size);
+ }
+ vxdprintk(VXD_CBIT(net, 7),
-+ "__sock_sendmsg: %p[%p,%p,%p;%d/%d]:%d/%d",
++ "__sock_sendmsg: %p[%p,%p,%p;%d/%d]:%d/%zu",
+ sock, sock->sk,
+ (sock->sk)?sock->sk->sk_nx_info:0,
+ (sock->sk)?sock->sk->sk_vx_info:0,
+ return len;
}
- int sock_sendmsg(struct socket *sock, struct msghdr *msg, size_t size)
-@@ -686,6 +705,7 @@ static inline int __sock_recvmsg_nosec(s
+ static inline int __sock_sendmsg(struct kiocb *iocb, struct socket *sock,
+@@ -779,6 +799,7 @@ static inline int __sock_recvmsg_nosec(s
struct msghdr *msg, size_t size, int flags)
{
struct sock_iocb *si = kiocb_to_siocb(iocb);
+ int len;
- sock_update_classid(sock->sk);
-
-@@ -695,7 +715,18 @@ static inline int __sock_recvmsg_nosec(s
+ si->sock = sock;
+ si->scm = NULL;
+@@ -786,7 +807,18 @@ static inline int __sock_recvmsg_nosec(s
si->size = size;
si->flags = flags;
}
static inline int __sock_recvmsg(struct kiocb *iocb, struct socket *sock,
-@@ -1163,6 +1194,13 @@ static int __sock_create(struct net *net
+@@ -1269,6 +1301,13 @@ int __sock_create(struct net *net, int f
if (type < 0 || type >= SOCK_MAX)
return -EINVAL;
/* Compatibility.
This uglymoron is moved from INET layer to here to avoid
-@@ -1295,6 +1333,7 @@ SYSCALL_DEFINE3(socket, int, family, int
+@@ -1403,6 +1442,7 @@ SYSCALL_DEFINE3(socket, int, family, int
if (retval < 0)
goto out;
retval = sock_map_fd(sock, flags & (O_CLOEXEC | O_NONBLOCK));
if (retval < 0)
goto out_release;
-@@ -1336,10 +1375,12 @@ SYSCALL_DEFINE4(socketpair, int, family,
+@@ -1444,10 +1484,12 @@ SYSCALL_DEFINE4(socketpair, int, family,
err = sock_create(family, type, protocol, &sock1);
if (err < 0)
goto out;
err = sock1->ops->socketpair(sock1, sock2);
if (err < 0)
-diff -NurpP --minimal linux-2.6.35.4/net/sunrpc/auth.c linux-2.6.35.4-vs2.3.0.36.32/net/sunrpc/auth.c
---- linux-2.6.35.4/net/sunrpc/auth.c 2010-08-02 16:53:02.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/net/sunrpc/auth.c 2010-08-02 17:05:06.000000000 +0200
-@@ -14,6 +14,7 @@
- #include <linux/hash.h>
+diff -NurpP --minimal linux-3.9.4/net/sunrpc/auth.c linux-3.9.4-vs2.3.6.2/net/sunrpc/auth.c
+--- linux-3.9.4/net/sunrpc/auth.c 2013-05-31 13:45:33.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/net/sunrpc/auth.c 2013-05-31 18:01:00.000000000 +0000
+@@ -15,6 +15,7 @@
#include <linux/sunrpc/clnt.h>
+ #include <linux/sunrpc/gss_api.h>
#include <linux/spinlock.h>
+#include <linux/vs_tag.h>
#ifdef RPC_DEBUG
# define RPCDBG_FACILITY RPCDBG_AUTH
-@@ -366,6 +367,7 @@ rpcauth_lookupcred(struct rpc_auth *auth
+@@ -480,6 +481,7 @@ rpcauth_lookupcred(struct rpc_auth *auth
memset(&acred, 0, sizeof(acred));
acred.uid = cred->fsuid;
acred.gid = cred->fsgid;
acred.group_info = get_group_info(((struct cred *)cred)->group_info);
ret = auth->au_ops->lookup_cred(auth, &acred, flags);
-@@ -406,6 +408,7 @@ rpcauth_bind_root_cred(struct rpc_task *
+@@ -520,6 +522,7 @@ rpcauth_bind_root_cred(struct rpc_task *
struct auth_cred acred = {
- .uid = 0,
- .gid = 0,
+ .uid = GLOBAL_ROOT_UID,
+ .gid = GLOBAL_ROOT_GID,
+ .tag = dx_current_tag(),
};
- struct rpc_cred *ret;
-diff -NurpP --minimal linux-2.6.35.4/net/sunrpc/auth_unix.c linux-2.6.35.4-vs2.3.0.36.32/net/sunrpc/auth_unix.c
---- linux-2.6.35.4/net/sunrpc/auth_unix.c 2010-07-07 18:32:01.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/net/sunrpc/auth_unix.c 2010-08-02 17:05:06.000000000 +0200
-@@ -12,12 +12,14 @@
- #include <linux/module.h>
+ dprintk("RPC: %5u looking up %s cred\n",
+diff -NurpP --minimal linux-3.9.4/net/sunrpc/auth_unix.c linux-3.9.4-vs2.3.6.2/net/sunrpc/auth_unix.c
+--- linux-3.9.4/net/sunrpc/auth_unix.c 2013-05-31 13:45:33.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/net/sunrpc/auth_unix.c 2013-05-31 18:05:54.000000000 +0000
+@@ -13,11 +13,13 @@
#include <linux/sunrpc/clnt.h>
#include <linux/sunrpc/auth.h>
+ #include <linux/user_namespace.h>
+#include <linux/vs_tag.h>
#define NFS_NGROUPS 16
struct unx_cred {
struct rpc_cred uc_base;
- gid_t uc_gid;
-+ tag_t uc_tag;
- gid_t uc_gids[NFS_NGROUPS];
++ ktag_t uc_tag;
+ kgid_t uc_gid;
+ kgid_t uc_gids[NFS_NGROUPS];
};
- #define uc_uid uc_base.cr_uid
-@@ -79,6 +81,7 @@ unx_create_cred(struct rpc_auth *auth, s
+@@ -80,6 +82,7 @@ unx_create_cred(struct rpc_auth *auth, s
groups = NFS_NGROUPS;
cred->uc_gid = acred->gid;
for (i = 0; i < groups; i++)
cred->uc_gids[i] = GROUP_AT(acred->group_info, i);
if (i < NFS_NGROUPS)
-@@ -120,7 +123,9 @@ unx_match(struct auth_cred *acred, struc
+@@ -121,7 +124,9 @@ unx_match(struct auth_cred *acred, struc
unsigned int i;
-- if (cred->uc_uid != acred->uid || cred->uc_gid != acred->gid)
-+ if (cred->uc_uid != acred->uid ||
-+ cred->uc_gid != acred->gid ||
-+ cred->uc_tag != acred->tag)
+- if (!uid_eq(cred->uc_uid, acred->uid) || !gid_eq(cred->uc_gid, acred->gid))
++ if (!uid_eq(cred->uc_uid, acred->uid) ||
++ !gid_eq(cred->uc_gid, acred->gid) ||
++ !tag_eq(cred->uc_tag, acred->tag))
return 0;
if (acred->group_info != NULL)
-@@ -143,7 +148,7 @@ unx_marshal(struct rpc_task *task, __be3
+@@ -146,7 +151,7 @@ unx_marshal(struct rpc_task *task, __be3
struct rpc_clnt *clnt = task->tk_client;
- struct unx_cred *cred = container_of(task->tk_msg.rpc_cred, struct unx_cred, uc_base);
+ struct unx_cred *cred = container_of(task->tk_rqstp->rq_cred, struct unx_cred, uc_base);
__be32 *base, *hold;
- int i;
+ int i, tag;
*p++ = htonl(RPC_AUTH_UNIX);
base = p++;
-@@ -153,9 +158,12 @@ unx_marshal(struct rpc_task *task, __be3
- * Copy the UTS nodename captured when the client was created.
+@@ -157,8 +162,13 @@ unx_marshal(struct rpc_task *task, __be3
*/
p = xdr_encode_array(p, clnt->cl_nodename, clnt->cl_nodelen);
-+ tag = task->tk_client->cl_tag;
-- *p++ = htonl((u32) cred->uc_uid);
-- *p++ = htonl((u32) cred->uc_gid);
+- *p++ = htonl((u32) from_kuid(&init_user_ns, cred->uc_uid));
+- *p++ = htonl((u32) from_kgid(&init_user_ns, cred->uc_gid));
++ tag = task->tk_client->cl_tag;
+ *p++ = htonl((u32) TAGINO_UID(tag,
-+ cred->uc_uid, cred->uc_tag));
++ from_kuid(&init_user_ns, cred->uc_uid),
++ from_ktag(&init_user_ns, cred->uc_tag)));
+ *p++ = htonl((u32) TAGINO_GID(tag,
-+ cred->uc_gid, cred->uc_tag));
++ from_kgid(&init_user_ns, cred->uc_gid),
++ from_ktag(&init_user_ns, cred->uc_tag)));
hold = p++;
- for (i = 0; i < 16 && cred->uc_gids[i] != (gid_t) NOGROUP; i++)
- *p++ = htonl((u32) cred->uc_gids[i]);
-diff -NurpP --minimal linux-2.6.35.4/net/sunrpc/clnt.c linux-2.6.35.4-vs2.3.0.36.32/net/sunrpc/clnt.c
---- linux-2.6.35.4/net/sunrpc/clnt.c 2010-08-02 16:53:02.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/net/sunrpc/clnt.c 2010-08-02 17:05:06.000000000 +0200
-@@ -33,6 +33,7 @@
- #include <linux/utsname.h>
- #include <linux/workqueue.h>
+ for (i = 0; i < 16 && gid_valid(cred->uc_gids[i]); i++)
+ *p++ = htonl((u32) from_kgid(&init_user_ns, cred->uc_gids[i]));
+diff -NurpP --minimal linux-3.9.4/net/sunrpc/clnt.c linux-3.9.4-vs2.3.6.2/net/sunrpc/clnt.c
+--- linux-3.9.4/net/sunrpc/clnt.c 2013-05-31 13:45:33.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/net/sunrpc/clnt.c 2013-05-31 17:17:54.000000000 +0000
+@@ -31,6 +31,7 @@
#include <linux/in6.h>
+ #include <linux/un.h>
+ #include <linux/rcupdate.h>
+#include <linux/vs_cvirt.h>
#include <linux/sunrpc/clnt.h>
- #include <linux/sunrpc/rpc_pipe_fs.h>
-@@ -358,6 +359,9 @@ struct rpc_clnt *rpc_create(struct rpc_c
+ #include <linux/sunrpc/addr.h>
+@@ -482,6 +483,9 @@ struct rpc_clnt *rpc_create(struct rpc_c
if (!(args->flags & RPC_CLNT_CREATE_QUIET))
clnt->cl_chatty = 1;
return clnt;
}
EXPORT_SYMBOL_GPL(rpc_create);
-diff -NurpP --minimal linux-2.6.35.4/net/unix/af_unix.c linux-2.6.35.4-vs2.3.0.36.32/net/unix/af_unix.c
---- linux-2.6.35.4/net/unix/af_unix.c 2010-08-02 16:53:02.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/net/unix/af_unix.c 2010-08-02 17:05:06.000000000 +0200
+diff -NurpP --minimal linux-3.9.4/net/unix/af_unix.c linux-3.9.4-vs2.3.6.2/net/unix/af_unix.c
+--- linux-3.9.4/net/unix/af_unix.c 2013-05-31 13:45:33.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/net/unix/af_unix.c 2013-05-31 17:17:54.000000000 +0000
@@ -114,6 +114,8 @@
#include <linux/mount.h>
#include <net/checksum.h>
+#include <linux/vs_context.h>
+#include <linux/vs_limit.h>
- static struct hlist_head unix_socket_table[UNIX_HASH_SIZE + 1];
- static DEFINE_SPINLOCK(unix_table_lock);
-@@ -258,6 +260,8 @@ static struct sock *__unix_find_socket_b
+ struct hlist_head unix_socket_table[2 * UNIX_HASH_SIZE];
+ EXPORT_SYMBOL_GPL(unix_socket_table);
+@@ -270,6 +272,8 @@ static struct sock *__unix_find_socket_b
if (!net_eq(sock_net(s), net))
continue;
if (u->addr->len == len &&
!memcmp(u->addr->name, sunname, len))
goto found;
-@@ -2114,6 +2118,8 @@ static struct sock *unix_seq_idx(struct
- for (s = first_unix_socket(&iter->i); s; s = next_unix_socket(&iter->i, s)) {
- if (sock_net(s) != seq_file_net(seq))
+@@ -2256,6 +2260,8 @@ static struct sock *unix_from_bucket(str
+ for (sk = sk_head(&unix_socket_table[bucket]); sk; sk = sk_next(sk)) {
+ if (sock_net(sk) != seq_file_net(seq))
continue;
-+ if (!nx_check(s->sk_nid, VS_WATCH_P | VS_IDENT))
++ if (!nx_check(sk->sk_nid, VS_WATCH_P | VS_IDENT))
+ continue;
- if (off == pos)
- return s;
- ++off;
-@@ -2138,7 +2144,8 @@ static void *unix_seq_next(struct seq_fi
- sk = first_unix_socket(&iter->i);
- else
- sk = next_unix_socket(&iter->i, sk);
-- while (sk && (sock_net(sk) != seq_file_net(seq)))
-+ while (sk && (sock_net(sk) != seq_file_net(seq) ||
-+ !nx_check(sk->sk_nid, VS_WATCH_P | VS_IDENT)))
- sk = next_unix_socket(&iter->i, sk);
- return sk;
- }
-diff -NurpP --minimal linux-2.6.35.4/scripts/checksyscalls.sh linux-2.6.35.4-vs2.3.0.36.32/scripts/checksyscalls.sh
---- linux-2.6.35.4/scripts/checksyscalls.sh 2009-09-10 15:26:31.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/scripts/checksyscalls.sh 2010-08-02 17:05:06.000000000 +0200
-@@ -194,7 +194,6 @@ cat << EOF
+ if (++count == offset)
+ break;
+ }
+@@ -2273,6 +2279,8 @@ static struct sock *unix_next_socket(str
+ sk = sk_next(sk);
+ if (!sk)
+ goto next_bucket;
++ if (!nx_check(sk->sk_nid, VS_WATCH_P | VS_IDENT))
++ continue;
+ if (sock_net(sk) == seq_file_net(seq))
+ return sk;
+ }
+diff -NurpP --minimal linux-3.9.4/scripts/checksyscalls.sh linux-3.9.4-vs2.3.6.2/scripts/checksyscalls.sh
+--- linux-3.9.4/scripts/checksyscalls.sh 2012-12-11 03:30:57.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/scripts/checksyscalls.sh 2013-05-31 14:47:11.000000000 +0000
+@@ -193,7 +193,6 @@ cat << EOF
#define __IGNORE_afs_syscall
#define __IGNORE_getpmsg
#define __IGNORE_putpmsg
EOF
}
-diff -NurpP --minimal linux-2.6.35.4/security/commoncap.c linux-2.6.35.4-vs2.3.0.36.32/security/commoncap.c
---- linux-2.6.35.4/security/commoncap.c 2010-08-02 16:53:03.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/security/commoncap.c 2010-08-02 17:05:06.000000000 +0200
-@@ -28,6 +28,7 @@
- #include <linux/prctl.h>
- #include <linux/securebits.h>
- #include <linux/syslog.h>
-+#include <linux/vs_context.h>
-
- /*
- * If a non-root user executes a setuid-root binary in
-@@ -53,7 +54,7 @@ static void warn_setuid_and_fcaps_mixed(
-
- int cap_netlink_send(struct sock *sk, struct sk_buff *skb)
+diff -NurpP --minimal linux-3.9.4/security/commoncap.c linux-3.9.4-vs2.3.6.2/security/commoncap.c
+--- linux-3.9.4/security/commoncap.c 2013-05-31 13:45:34.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/security/commoncap.c 2013-05-31 15:07:02.000000000 +0000
+@@ -76,6 +76,7 @@ int cap_netlink_send(struct sock *sk, st
+ int cap_capable(const struct cred *cred, struct user_namespace *targ_ns,
+ int cap, int audit)
{
-- NETLINK_CB(skb).eff_cap = current_cap();
-+ NETLINK_CB(skb).eff_cap = vx_mbcaps(current_cap());
- return 0;
- }
-
-@@ -63,6 +64,7 @@ int cap_netlink_recv(struct sk_buff *skb
- return -EPERM;
- return 0;
- }
-+
- EXPORT_SYMBOL(cap_netlink_recv);
++ struct vx_info *vxi = current_vx_info(); /* FIXME: get vxi from cred? */
+ struct user_namespace *ns = targ_ns;
- /**
-@@ -83,7 +85,22 @@ EXPORT_SYMBOL(cap_netlink_recv);
- int cap_capable(struct task_struct *tsk, const struct cred *cred, int cap,
- int audit)
- {
-- return cap_raised(cred->cap_effective, cap) ? 0 : -EPERM;
-+ struct vx_info *vxi = tsk->vx_info;
-+
-+#if 0
-+ printk("cap_capable() VXF_STATE_SETUP = %llx, raised = %x, eff = %08x:%08x\n",
-+ vx_info_flags(vxi, VXF_STATE_SETUP, 0),
-+ cap_raised(tsk->cap_effective, cap),
-+ tsk->cap_effective.cap[1], tsk->cap_effective.cap[0]);
-+#endif
-+
-+ /* special case SETUP */
-+ if (vx_info_flags(vxi, VXF_STATE_SETUP, 0) &&
-+ /* FIXME: maybe use cred instead? */
-+ cap_raised(tsk->cred->cap_effective, cap))
-+ return 0;
-+
-+ return vx_cap_raised(vxi, cred->cap_effective, cap) ? 0 : -EPERM;
- }
+ /* See if cred has the capability in the target user namespace
+@@ -84,8 +85,12 @@ int cap_capable(const struct cred *cred,
+ */
+ for (;;) {
+ /* Do we have the necessary capabilities? */
+- if (ns == cred->user_ns)
+- return cap_raised(cred->cap_effective, cap) ? 0 : -EPERM;
++ if (ns == cred->user_ns) {
++ if (vx_info_flags(vxi, VXF_STATE_SETUP, 0) &&
++ cap_raised(cred->cap_effective, cap))
++ return 0;
++ return vx_cap_raised(vxi, cred->cap_effective, cap) ? 0 : -EPERM;
++ }
- /**
-@@ -571,7 +588,7 @@ int cap_inode_setxattr(struct dentry *de
+ /* Have we tried all of the parent namespaces? */
+ if (ns == &init_user_ns)
+@@ -628,7 +633,7 @@ int cap_inode_setxattr(struct dentry *de
if (!strncmp(name, XATTR_SECURITY_PREFIX,
sizeof(XATTR_SECURITY_PREFIX) - 1) &&
return -EPERM;
return 0;
}
-@@ -597,7 +614,7 @@ int cap_inode_removexattr(struct dentry
+@@ -654,7 +659,7 @@ int cap_inode_removexattr(struct dentry
if (!strncmp(name, XATTR_SECURITY_PREFIX,
sizeof(XATTR_SECURITY_PREFIX) - 1) &&
return -EPERM;
return 0;
}
-@@ -899,7 +916,8 @@ int cap_syslog(int type, bool from_file)
- if (type != SYSLOG_ACTION_OPEN && from_file)
- return 0;
- if ((type != SYSLOG_ACTION_READ_ALL &&
-- type != SYSLOG_ACTION_SIZE_BUFFER) && !capable(CAP_SYS_ADMIN))
-+ type != SYSLOG_ACTION_SIZE_BUFFER) &&
-+ !vx_capable(CAP_SYS_ADMIN, VXC_SYSLOG))
- return -EPERM;
- return 0;
- }
-diff -NurpP --minimal linux-2.6.35.4/security/selinux/av_permissions.h linux-2.6.35.4-vs2.3.0.36.32/security/selinux/av_permissions.h
---- linux-2.6.35.4/security/selinux/av_permissions.h 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.35.4-vs2.3.0.36.32/security/selinux/av_permissions.h 2010-08-02 17:05:06.000000000 +0200
-@@ -0,0 +1,827 @@
-+/* This file is automatically generated. Do not edit. */
-+#ifndef _SELINUX_AV_PERMISSIONS_H_
-+#define _SELINUX_AV_PERMISSIONS_H_
-+
-+#define SECURITY__COMPUTE_AV 0x00000001UL
-+#define SECURITY__COMPUTE_CREATE 0x00000002UL
-+#define SECURITY__COMPUTE_MEMBER 0x00000004UL
-+#define SECURITY__CHECK_CONTEXT 0x00000008UL
-+#define SECURITY__LOAD_POLICY 0x00000010UL
-+#define SECURITY__COMPUTE_RELABEL 0x00000020UL
-+#define SECURITY__COMPUTE_USER 0x00000040UL
-+#define SECURITY__SETENFORCE 0x00000080UL
-+#define SECURITY__SETBOOL 0x00000100UL
-+#define SECURITY__SETSECPARAM 0x00000200UL
-+#define SECURITY__SETCHECKREQPROT 0x00000400UL
-+#define PROCESS__FORK 0x00000001UL
-+#define PROCESS__TRANSITION 0x00000002UL
-+#define PROCESS__SIGCHLD 0x00000004UL
-+#define PROCESS__SIGKILL 0x00000008UL
-+#define PROCESS__SIGSTOP 0x00000010UL
-+#define PROCESS__SIGNULL 0x00000020UL
-+#define PROCESS__SIGNAL 0x00000040UL
-+#define PROCESS__PTRACE 0x00000080UL
-+#define PROCESS__GETSCHED 0x00000100UL
-+#define PROCESS__SETSCHED 0x00000200UL
-+#define PROCESS__GETSESSION 0x00000400UL
-+#define PROCESS__GETPGID 0x00000800UL
-+#define PROCESS__SETPGID 0x00001000UL
-+#define PROCESS__GETCAP 0x00002000UL
-+#define PROCESS__SETCAP 0x00004000UL
-+#define PROCESS__SHARE 0x00008000UL
-+#define PROCESS__GETATTR 0x00010000UL
-+#define PROCESS__SETEXEC 0x00020000UL
-+#define PROCESS__SETFSCREATE 0x00040000UL
-+#define PROCESS__NOATSECURE 0x00080000UL
-+#define PROCESS__SIGINH 0x00100000UL
-+#define PROCESS__SETRLIMIT 0x00200000UL
-+#define PROCESS__RLIMITINH 0x00400000UL
-+#define PROCESS__DYNTRANSITION 0x00800000UL
-+#define PROCESS__SETCURRENT 0x01000000UL
-+#define PROCESS__EXECMEM 0x02000000UL
-+#define PROCESS__EXECSTACK 0x04000000UL
-+#define PROCESS__EXECHEAP 0x08000000UL
-+#define PROCESS__SETKEYCREATE 0x10000000UL
-+#define PROCESS__SETSOCKCREATE 0x20000000UL
-+#define SYSTEM__IPC_INFO 0x00000001UL
-+#define SYSTEM__SYSLOG_READ 0x00000002UL
-+#define SYSTEM__SYSLOG_MOD 0x00000004UL
-+#define SYSTEM__SYSLOG_CONSOLE 0x00000008UL
-+#define SYSTEM__MODULE_REQUEST 0x00000010UL
-+#define CAPABILITY__CHOWN 0x00000001UL
-+#define CAPABILITY__DAC_OVERRIDE 0x00000002UL
-+#define CAPABILITY__DAC_READ_SEARCH 0x00000004UL
-+#define CAPABILITY__FOWNER 0x00000008UL
-+#define CAPABILITY__FSETID 0x00000010UL
-+#define CAPABILITY__KILL 0x00000020UL
-+#define CAPABILITY__SETGID 0x00000040UL
-+#define CAPABILITY__SETUID 0x00000080UL
-+#define CAPABILITY__SETPCAP 0x00000100UL
-+#define CAPABILITY__LINUX_IMMUTABLE 0x00000200UL
-+#define CAPABILITY__NET_BIND_SERVICE 0x00000400UL
-+#define CAPABILITY__NET_BROADCAST 0x00000800UL
-+#define CAPABILITY__NET_ADMIN 0x00001000UL
-+#define CAPABILITY__NET_RAW 0x00002000UL
-+#define CAPABILITY__IPC_LOCK 0x00004000UL
-+#define CAPABILITY__IPC_OWNER 0x00008000UL
-+#define CAPABILITY__SYS_MODULE 0x00010000UL
-+#define CAPABILITY__SYS_RAWIO 0x00020000UL
-+#define CAPABILITY__SYS_CHROOT 0x00040000UL
-+#define CAPABILITY__SYS_PTRACE 0x00080000UL
-+#define CAPABILITY__SYS_PACCT 0x00100000UL
-+#define CAPABILITY__SYS_ADMIN 0x00200000UL
-+#define CAPABILITY__SYS_BOOT 0x00400000UL
-+#define CAPABILITY__SYS_NICE 0x00800000UL
-+#define CAPABILITY__SYS_RESOURCE 0x01000000UL
-+#define CAPABILITY__SYS_TIME 0x02000000UL
-+#define CAPABILITY__SYS_TTY_CONFIG 0x04000000UL
-+#define CAPABILITY__MKNOD 0x08000000UL
-+#define CAPABILITY__LEASE 0x10000000UL
-+#define CAPABILITY__AUDIT_WRITE 0x20000000UL
-+#define CAPABILITY__AUDIT_CONTROL 0x40000000UL
-+#define CAPABILITY__SETFCAP 0x80000000UL
-+#define FILESYSTEM__MOUNT 0x00000001UL
-+#define FILESYSTEM__REMOUNT 0x00000002UL
-+#define FILESYSTEM__UNMOUNT 0x00000004UL
-+#define FILESYSTEM__GETATTR 0x00000008UL
-+#define FILESYSTEM__RELABELFROM 0x00000010UL
-+#define FILESYSTEM__RELABELTO 0x00000020UL
-+#define FILESYSTEM__TRANSITION 0x00000040UL
-+#define FILESYSTEM__ASSOCIATE 0x00000080UL
-+#define FILESYSTEM__QUOTAMOD 0x00000100UL
-+#define FILESYSTEM__QUOTAGET 0x00000200UL
-+#define FILE__IOCTL 0x00000001UL
-+#define FILE__READ 0x00000002UL
-+#define FILE__WRITE 0x00000004UL
-+#define FILE__CREATE 0x00000008UL
-+#define FILE__GETATTR 0x00000010UL
-+#define FILE__SETATTR 0x00000020UL
-+#define FILE__LOCK 0x00000040UL
-+#define FILE__RELABELFROM 0x00000080UL
-+#define FILE__RELABELTO 0x00000100UL
-+#define FILE__APPEND 0x00000200UL
-+#define FILE__UNLINK 0x00000400UL
-+#define FILE__LINK 0x00000800UL
-+#define FILE__RENAME 0x00001000UL
-+#define FILE__EXECUTE 0x00002000UL
-+#define FILE__SWAPON 0x00004000UL
-+#define FILE__QUOTAON 0x00008000UL
-+#define FILE__MOUNTON 0x00010000UL
-+#define FILE__EXECUTE_NO_TRANS 0x00020000UL
-+#define FILE__ENTRYPOINT 0x00040000UL
-+#define FILE__EXECMOD 0x00080000UL
-+#define FILE__OPEN 0x00100000UL
-+#define DIR__IOCTL 0x00000001UL
-+#define DIR__READ 0x00000002UL
-+#define DIR__WRITE 0x00000004UL
-+#define DIR__CREATE 0x00000008UL
-+#define DIR__GETATTR 0x00000010UL
-+#define DIR__SETATTR 0x00000020UL
-+#define DIR__LOCK 0x00000040UL
-+#define DIR__RELABELFROM 0x00000080UL
-+#define DIR__RELABELTO 0x00000100UL
-+#define DIR__APPEND 0x00000200UL
-+#define DIR__UNLINK 0x00000400UL
-+#define DIR__LINK 0x00000800UL
-+#define DIR__RENAME 0x00001000UL
-+#define DIR__EXECUTE 0x00002000UL
-+#define DIR__SWAPON 0x00004000UL
-+#define DIR__QUOTAON 0x00008000UL
-+#define DIR__MOUNTON 0x00010000UL
-+#define DIR__ADD_NAME 0x00020000UL
-+#define DIR__REMOVE_NAME 0x00040000UL
-+#define DIR__REPARENT 0x00080000UL
-+#define DIR__SEARCH 0x00100000UL
-+#define DIR__RMDIR 0x00200000UL
-+#define DIR__OPEN 0x00400000UL
-+#define FD__USE 0x00000001UL
-+#define LNK_FILE__IOCTL 0x00000001UL
-+#define LNK_FILE__READ 0x00000002UL
-+#define LNK_FILE__WRITE 0x00000004UL
-+#define LNK_FILE__CREATE 0x00000008UL
-+#define LNK_FILE__GETATTR 0x00000010UL
-+#define LNK_FILE__SETATTR 0x00000020UL
-+#define LNK_FILE__LOCK 0x00000040UL
-+#define LNK_FILE__RELABELFROM 0x00000080UL
-+#define LNK_FILE__RELABELTO 0x00000100UL
-+#define LNK_FILE__APPEND 0x00000200UL
-+#define LNK_FILE__UNLINK 0x00000400UL
-+#define LNK_FILE__LINK 0x00000800UL
-+#define LNK_FILE__RENAME 0x00001000UL
-+#define LNK_FILE__EXECUTE 0x00002000UL
-+#define LNK_FILE__SWAPON 0x00004000UL
-+#define LNK_FILE__QUOTAON 0x00008000UL
-+#define LNK_FILE__MOUNTON 0x00010000UL
-+#define CHR_FILE__IOCTL 0x00000001UL
-+#define CHR_FILE__READ 0x00000002UL
-+#define CHR_FILE__WRITE 0x00000004UL
-+#define CHR_FILE__CREATE 0x00000008UL
-+#define CHR_FILE__GETATTR 0x00000010UL
-+#define CHR_FILE__SETATTR 0x00000020UL
-+#define CHR_FILE__LOCK 0x00000040UL
-+#define CHR_FILE__RELABELFROM 0x00000080UL
-+#define CHR_FILE__RELABELTO 0x00000100UL
-+#define CHR_FILE__APPEND 0x00000200UL
-+#define CHR_FILE__UNLINK 0x00000400UL
-+#define CHR_FILE__LINK 0x00000800UL
-+#define CHR_FILE__RENAME 0x00001000UL
-+#define CHR_FILE__EXECUTE 0x00002000UL
-+#define CHR_FILE__SWAPON 0x00004000UL
-+#define CHR_FILE__QUOTAON 0x00008000UL
-+#define CHR_FILE__MOUNTON 0x00010000UL
-+#define CHR_FILE__EXECUTE_NO_TRANS 0x00020000UL
-+#define CHR_FILE__ENTRYPOINT 0x00040000UL
-+#define CHR_FILE__EXECMOD 0x00080000UL
-+#define CHR_FILE__OPEN 0x00100000UL
-+#define BLK_FILE__IOCTL 0x00000001UL
-+#define BLK_FILE__READ 0x00000002UL
-+#define BLK_FILE__WRITE 0x00000004UL
-+#define BLK_FILE__CREATE 0x00000008UL
-+#define BLK_FILE__GETATTR 0x00000010UL
-+#define BLK_FILE__SETATTR 0x00000020UL
-+#define BLK_FILE__LOCK 0x00000040UL
-+#define BLK_FILE__RELABELFROM 0x00000080UL
-+#define BLK_FILE__RELABELTO 0x00000100UL
-+#define BLK_FILE__APPEND 0x00000200UL
-+#define BLK_FILE__UNLINK 0x00000400UL
-+#define BLK_FILE__LINK 0x00000800UL
-+#define BLK_FILE__RENAME 0x00001000UL
-+#define BLK_FILE__EXECUTE 0x00002000UL
-+#define BLK_FILE__SWAPON 0x00004000UL
-+#define BLK_FILE__QUOTAON 0x00008000UL
-+#define BLK_FILE__MOUNTON 0x00010000UL
-+#define BLK_FILE__OPEN 0x00020000UL
-+#define SOCK_FILE__IOCTL 0x00000001UL
-+#define SOCK_FILE__READ 0x00000002UL
-+#define SOCK_FILE__WRITE 0x00000004UL
-+#define SOCK_FILE__CREATE 0x00000008UL
-+#define SOCK_FILE__GETATTR 0x00000010UL
-+#define SOCK_FILE__SETATTR 0x00000020UL
-+#define SOCK_FILE__LOCK 0x00000040UL
-+#define SOCK_FILE__RELABELFROM 0x00000080UL
-+#define SOCK_FILE__RELABELTO 0x00000100UL
-+#define SOCK_FILE__APPEND 0x00000200UL
-+#define SOCK_FILE__UNLINK 0x00000400UL
-+#define SOCK_FILE__LINK 0x00000800UL
-+#define SOCK_FILE__RENAME 0x00001000UL
-+#define SOCK_FILE__EXECUTE 0x00002000UL
-+#define SOCK_FILE__SWAPON 0x00004000UL
-+#define SOCK_FILE__QUOTAON 0x00008000UL
-+#define SOCK_FILE__MOUNTON 0x00010000UL
-+#define SOCK_FILE__OPEN 0x00020000UL
-+#define FIFO_FILE__IOCTL 0x00000001UL
-+#define FIFO_FILE__READ 0x00000002UL
-+#define FIFO_FILE__WRITE 0x00000004UL
-+#define FIFO_FILE__CREATE 0x00000008UL
-+#define FIFO_FILE__GETATTR 0x00000010UL
-+#define FIFO_FILE__SETATTR 0x00000020UL
-+#define FIFO_FILE__LOCK 0x00000040UL
-+#define FIFO_FILE__RELABELFROM 0x00000080UL
-+#define FIFO_FILE__RELABELTO 0x00000100UL
-+#define FIFO_FILE__APPEND 0x00000200UL
-+#define FIFO_FILE__UNLINK 0x00000400UL
-+#define FIFO_FILE__LINK 0x00000800UL
-+#define FIFO_FILE__RENAME 0x00001000UL
-+#define FIFO_FILE__EXECUTE 0x00002000UL
-+#define FIFO_FILE__SWAPON 0x00004000UL
-+#define FIFO_FILE__QUOTAON 0x00008000UL
-+#define FIFO_FILE__MOUNTON 0x00010000UL
-+#define FIFO_FILE__OPEN 0x00020000UL
-+#define SOCKET__IOCTL 0x00000001UL
-+#define SOCKET__READ 0x00000002UL
-+#define SOCKET__WRITE 0x00000004UL
-+#define SOCKET__CREATE 0x00000008UL
-+#define SOCKET__GETATTR 0x00000010UL
-+#define SOCKET__SETATTR 0x00000020UL
-+#define SOCKET__LOCK 0x00000040UL
-+#define SOCKET__RELABELFROM 0x00000080UL
-+#define SOCKET__RELABELTO 0x00000100UL
-+#define SOCKET__APPEND 0x00000200UL
-+#define SOCKET__BIND 0x00000400UL
-+#define SOCKET__CONNECT 0x00000800UL
-+#define SOCKET__LISTEN 0x00001000UL
-+#define SOCKET__ACCEPT 0x00002000UL
-+#define SOCKET__GETOPT 0x00004000UL
-+#define SOCKET__SETOPT 0x00008000UL
-+#define SOCKET__SHUTDOWN 0x00010000UL
-+#define SOCKET__RECVFROM 0x00020000UL
-+#define SOCKET__SENDTO 0x00040000UL
-+#define SOCKET__RECV_MSG 0x00080000UL
-+#define SOCKET__SEND_MSG 0x00100000UL
-+#define SOCKET__NAME_BIND 0x00200000UL
-+#define TCP_SOCKET__IOCTL 0x00000001UL
-+#define TCP_SOCKET__READ 0x00000002UL
-+#define TCP_SOCKET__WRITE 0x00000004UL
-+#define TCP_SOCKET__CREATE 0x00000008UL
-+#define TCP_SOCKET__GETATTR 0x00000010UL
-+#define TCP_SOCKET__SETATTR 0x00000020UL
-+#define TCP_SOCKET__LOCK 0x00000040UL
-+#define TCP_SOCKET__RELABELFROM 0x00000080UL
-+#define TCP_SOCKET__RELABELTO 0x00000100UL
-+#define TCP_SOCKET__APPEND 0x00000200UL
-+#define TCP_SOCKET__BIND 0x00000400UL
-+#define TCP_SOCKET__CONNECT 0x00000800UL
-+#define TCP_SOCKET__LISTEN 0x00001000UL
-+#define TCP_SOCKET__ACCEPT 0x00002000UL
-+#define TCP_SOCKET__GETOPT 0x00004000UL
-+#define TCP_SOCKET__SETOPT 0x00008000UL
-+#define TCP_SOCKET__SHUTDOWN 0x00010000UL
-+#define TCP_SOCKET__RECVFROM 0x00020000UL
-+#define TCP_SOCKET__SENDTO 0x00040000UL
-+#define TCP_SOCKET__RECV_MSG 0x00080000UL
-+#define TCP_SOCKET__SEND_MSG 0x00100000UL
-+#define TCP_SOCKET__NAME_BIND 0x00200000UL
-+#define TCP_SOCKET__CONNECTTO 0x00400000UL
-+#define TCP_SOCKET__NEWCONN 0x00800000UL
-+#define TCP_SOCKET__ACCEPTFROM 0x01000000UL
-+#define TCP_SOCKET__NODE_BIND 0x02000000UL
-+#define TCP_SOCKET__NAME_CONNECT 0x04000000UL
-+#define UDP_SOCKET__IOCTL 0x00000001UL
-+#define UDP_SOCKET__READ 0x00000002UL
-+#define UDP_SOCKET__WRITE 0x00000004UL
-+#define UDP_SOCKET__CREATE 0x00000008UL
-+#define UDP_SOCKET__GETATTR 0x00000010UL
-+#define UDP_SOCKET__SETATTR 0x00000020UL
-+#define UDP_SOCKET__LOCK 0x00000040UL
-+#define UDP_SOCKET__RELABELFROM 0x00000080UL
-+#define UDP_SOCKET__RELABELTO 0x00000100UL
-+#define UDP_SOCKET__APPEND 0x00000200UL
-+#define UDP_SOCKET__BIND 0x00000400UL
-+#define UDP_SOCKET__CONNECT 0x00000800UL
-+#define UDP_SOCKET__LISTEN 0x00001000UL
-+#define UDP_SOCKET__ACCEPT 0x00002000UL
-+#define UDP_SOCKET__GETOPT 0x00004000UL
-+#define UDP_SOCKET__SETOPT 0x00008000UL
-+#define UDP_SOCKET__SHUTDOWN 0x00010000UL
-+#define UDP_SOCKET__RECVFROM 0x00020000UL
-+#define UDP_SOCKET__SENDTO 0x00040000UL
-+#define UDP_SOCKET__RECV_MSG 0x00080000UL
-+#define UDP_SOCKET__SEND_MSG 0x00100000UL
-+#define UDP_SOCKET__NAME_BIND 0x00200000UL
-+#define UDP_SOCKET__NODE_BIND 0x00400000UL
-+#define RAWIP_SOCKET__IOCTL 0x00000001UL
-+#define RAWIP_SOCKET__READ 0x00000002UL
-+#define RAWIP_SOCKET__WRITE 0x00000004UL
-+#define RAWIP_SOCKET__CREATE 0x00000008UL
-+#define RAWIP_SOCKET__GETATTR 0x00000010UL
-+#define RAWIP_SOCKET__SETATTR 0x00000020UL
-+#define RAWIP_SOCKET__LOCK 0x00000040UL
-+#define RAWIP_SOCKET__RELABELFROM 0x00000080UL
-+#define RAWIP_SOCKET__RELABELTO 0x00000100UL
-+#define RAWIP_SOCKET__APPEND 0x00000200UL
-+#define RAWIP_SOCKET__BIND 0x00000400UL
-+#define RAWIP_SOCKET__CONNECT 0x00000800UL
-+#define RAWIP_SOCKET__LISTEN 0x00001000UL
-+#define RAWIP_SOCKET__ACCEPT 0x00002000UL
-+#define RAWIP_SOCKET__GETOPT 0x00004000UL
-+#define RAWIP_SOCKET__SETOPT 0x00008000UL
-+#define RAWIP_SOCKET__SHUTDOWN 0x00010000UL
-+#define RAWIP_SOCKET__RECVFROM 0x00020000UL
-+#define RAWIP_SOCKET__SENDTO 0x00040000UL
-+#define RAWIP_SOCKET__RECV_MSG 0x00080000UL
-+#define RAWIP_SOCKET__SEND_MSG 0x00100000UL
-+#define RAWIP_SOCKET__NAME_BIND 0x00200000UL
-+#define RAWIP_SOCKET__NODE_BIND 0x00400000UL
-+#define NODE__TCP_RECV 0x00000001UL
-+#define NODE__TCP_SEND 0x00000002UL
-+#define NODE__UDP_RECV 0x00000004UL
-+#define NODE__UDP_SEND 0x00000008UL
-+#define NODE__RAWIP_RECV 0x00000010UL
-+#define NODE__RAWIP_SEND 0x00000020UL
-+#define NODE__ENFORCE_DEST 0x00000040UL
-+#define NODE__DCCP_RECV 0x00000080UL
-+#define NODE__DCCP_SEND 0x00000100UL
-+#define NODE__RECVFROM 0x00000200UL
-+#define NODE__SENDTO 0x00000400UL
-+#define NETIF__TCP_RECV 0x00000001UL
-+#define NETIF__TCP_SEND 0x00000002UL
-+#define NETIF__UDP_RECV 0x00000004UL
-+#define NETIF__UDP_SEND 0x00000008UL
-+#define NETIF__RAWIP_RECV 0x00000010UL
-+#define NETIF__RAWIP_SEND 0x00000020UL
-+#define NETIF__DCCP_RECV 0x00000040UL
-+#define NETIF__DCCP_SEND 0x00000080UL
-+#define NETIF__INGRESS 0x00000100UL
-+#define NETIF__EGRESS 0x00000200UL
-+#define NETLINK_SOCKET__IOCTL 0x00000001UL
-+#define NETLINK_SOCKET__READ 0x00000002UL
-+#define NETLINK_SOCKET__WRITE 0x00000004UL
-+#define NETLINK_SOCKET__CREATE 0x00000008UL
-+#define NETLINK_SOCKET__GETATTR 0x00000010UL
-+#define NETLINK_SOCKET__SETATTR 0x00000020UL
-+#define NETLINK_SOCKET__LOCK 0x00000040UL
-+#define NETLINK_SOCKET__RELABELFROM 0x00000080UL
-+#define NETLINK_SOCKET__RELABELTO 0x00000100UL
-+#define NETLINK_SOCKET__APPEND 0x00000200UL
-+#define NETLINK_SOCKET__BIND 0x00000400UL
-+#define NETLINK_SOCKET__CONNECT 0x00000800UL
-+#define NETLINK_SOCKET__LISTEN 0x00001000UL
-+#define NETLINK_SOCKET__ACCEPT 0x00002000UL
-+#define NETLINK_SOCKET__GETOPT 0x00004000UL
-+#define NETLINK_SOCKET__SETOPT 0x00008000UL
-+#define NETLINK_SOCKET__SHUTDOWN 0x00010000UL
-+#define NETLINK_SOCKET__RECVFROM 0x00020000UL
-+#define NETLINK_SOCKET__SENDTO 0x00040000UL
-+#define NETLINK_SOCKET__RECV_MSG 0x00080000UL
-+#define NETLINK_SOCKET__SEND_MSG 0x00100000UL
-+#define NETLINK_SOCKET__NAME_BIND 0x00200000UL
-+#define PACKET_SOCKET__IOCTL 0x00000001UL
-+#define PACKET_SOCKET__READ 0x00000002UL
-+#define PACKET_SOCKET__WRITE 0x00000004UL
-+#define PACKET_SOCKET__CREATE 0x00000008UL
-+#define PACKET_SOCKET__GETATTR 0x00000010UL
-+#define PACKET_SOCKET__SETATTR 0x00000020UL
-+#define PACKET_SOCKET__LOCK 0x00000040UL
-+#define PACKET_SOCKET__RELABELFROM 0x00000080UL
-+#define PACKET_SOCKET__RELABELTO 0x00000100UL
-+#define PACKET_SOCKET__APPEND 0x00000200UL
-+#define PACKET_SOCKET__BIND 0x00000400UL
-+#define PACKET_SOCKET__CONNECT 0x00000800UL
-+#define PACKET_SOCKET__LISTEN 0x00001000UL
-+#define PACKET_SOCKET__ACCEPT 0x00002000UL
-+#define PACKET_SOCKET__GETOPT 0x00004000UL
-+#define PACKET_SOCKET__SETOPT 0x00008000UL
-+#define PACKET_SOCKET__SHUTDOWN 0x00010000UL
-+#define PACKET_SOCKET__RECVFROM 0x00020000UL
-+#define PACKET_SOCKET__SENDTO 0x00040000UL
-+#define PACKET_SOCKET__RECV_MSG 0x00080000UL
-+#define PACKET_SOCKET__SEND_MSG 0x00100000UL
-+#define PACKET_SOCKET__NAME_BIND 0x00200000UL
-+#define KEY_SOCKET__IOCTL 0x00000001UL
-+#define KEY_SOCKET__READ 0x00000002UL
-+#define KEY_SOCKET__WRITE 0x00000004UL
-+#define KEY_SOCKET__CREATE 0x00000008UL
-+#define KEY_SOCKET__GETATTR 0x00000010UL
-+#define KEY_SOCKET__SETATTR 0x00000020UL
-+#define KEY_SOCKET__LOCK 0x00000040UL
-+#define KEY_SOCKET__RELABELFROM 0x00000080UL
-+#define KEY_SOCKET__RELABELTO 0x00000100UL
-+#define KEY_SOCKET__APPEND 0x00000200UL
-+#define KEY_SOCKET__BIND 0x00000400UL
-+#define KEY_SOCKET__CONNECT 0x00000800UL
-+#define KEY_SOCKET__LISTEN 0x00001000UL
-+#define KEY_SOCKET__ACCEPT 0x00002000UL
-+#define KEY_SOCKET__GETOPT 0x00004000UL
-+#define KEY_SOCKET__SETOPT 0x00008000UL
-+#define KEY_SOCKET__SHUTDOWN 0x00010000UL
-+#define KEY_SOCKET__RECVFROM 0x00020000UL
-+#define KEY_SOCKET__SENDTO 0x00040000UL
-+#define KEY_SOCKET__RECV_MSG 0x00080000UL
-+#define KEY_SOCKET__SEND_MSG 0x00100000UL
-+#define KEY_SOCKET__NAME_BIND 0x00200000UL
-+#define UNIX_STREAM_SOCKET__IOCTL 0x00000001UL
-+#define UNIX_STREAM_SOCKET__READ 0x00000002UL
-+#define UNIX_STREAM_SOCKET__WRITE 0x00000004UL
-+#define UNIX_STREAM_SOCKET__CREATE 0x00000008UL
-+#define UNIX_STREAM_SOCKET__GETATTR 0x00000010UL
-+#define UNIX_STREAM_SOCKET__SETATTR 0x00000020UL
-+#define UNIX_STREAM_SOCKET__LOCK 0x00000040UL
-+#define UNIX_STREAM_SOCKET__RELABELFROM 0x00000080UL
-+#define UNIX_STREAM_SOCKET__RELABELTO 0x00000100UL
-+#define UNIX_STREAM_SOCKET__APPEND 0x00000200UL
-+#define UNIX_STREAM_SOCKET__BIND 0x00000400UL
-+#define UNIX_STREAM_SOCKET__CONNECT 0x00000800UL
-+#define UNIX_STREAM_SOCKET__LISTEN 0x00001000UL
-+#define UNIX_STREAM_SOCKET__ACCEPT 0x00002000UL
-+#define UNIX_STREAM_SOCKET__GETOPT 0x00004000UL
-+#define UNIX_STREAM_SOCKET__SETOPT 0x00008000UL
-+#define UNIX_STREAM_SOCKET__SHUTDOWN 0x00010000UL
-+#define UNIX_STREAM_SOCKET__RECVFROM 0x00020000UL
-+#define UNIX_STREAM_SOCKET__SENDTO 0x00040000UL
-+#define UNIX_STREAM_SOCKET__RECV_MSG 0x00080000UL
-+#define UNIX_STREAM_SOCKET__SEND_MSG 0x00100000UL
-+#define UNIX_STREAM_SOCKET__NAME_BIND 0x00200000UL
-+#define UNIX_STREAM_SOCKET__CONNECTTO 0x00400000UL
-+#define UNIX_STREAM_SOCKET__NEWCONN 0x00800000UL
-+#define UNIX_STREAM_SOCKET__ACCEPTFROM 0x01000000UL
-+#define UNIX_DGRAM_SOCKET__IOCTL 0x00000001UL
-+#define UNIX_DGRAM_SOCKET__READ 0x00000002UL
-+#define UNIX_DGRAM_SOCKET__WRITE 0x00000004UL
-+#define UNIX_DGRAM_SOCKET__CREATE 0x00000008UL
-+#define UNIX_DGRAM_SOCKET__GETATTR 0x00000010UL
-+#define UNIX_DGRAM_SOCKET__SETATTR 0x00000020UL
-+#define UNIX_DGRAM_SOCKET__LOCK 0x00000040UL
-+#define UNIX_DGRAM_SOCKET__RELABELFROM 0x00000080UL
-+#define UNIX_DGRAM_SOCKET__RELABELTO 0x00000100UL
-+#define UNIX_DGRAM_SOCKET__APPEND 0x00000200UL
-+#define UNIX_DGRAM_SOCKET__BIND 0x00000400UL
-+#define UNIX_DGRAM_SOCKET__CONNECT 0x00000800UL
-+#define UNIX_DGRAM_SOCKET__LISTEN 0x00001000UL
-+#define UNIX_DGRAM_SOCKET__ACCEPT 0x00002000UL
-+#define UNIX_DGRAM_SOCKET__GETOPT 0x00004000UL
-+#define UNIX_DGRAM_SOCKET__SETOPT 0x00008000UL
-+#define UNIX_DGRAM_SOCKET__SHUTDOWN 0x00010000UL
-+#define UNIX_DGRAM_SOCKET__RECVFROM 0x00020000UL
-+#define UNIX_DGRAM_SOCKET__SENDTO 0x00040000UL
-+#define UNIX_DGRAM_SOCKET__RECV_MSG 0x00080000UL
-+#define UNIX_DGRAM_SOCKET__SEND_MSG 0x00100000UL
-+#define UNIX_DGRAM_SOCKET__NAME_BIND 0x00200000UL
-+#define SEM__CREATE 0x00000001UL
-+#define SEM__DESTROY 0x00000002UL
-+#define SEM__GETATTR 0x00000004UL
-+#define SEM__SETATTR 0x00000008UL
-+#define SEM__READ 0x00000010UL
-+#define SEM__WRITE 0x00000020UL
-+#define SEM__ASSOCIATE 0x00000040UL
-+#define SEM__UNIX_READ 0x00000080UL
-+#define SEM__UNIX_WRITE 0x00000100UL
-+#define MSG__SEND 0x00000001UL
-+#define MSG__RECEIVE 0x00000002UL
-+#define MSGQ__CREATE 0x00000001UL
-+#define MSGQ__DESTROY 0x00000002UL
-+#define MSGQ__GETATTR 0x00000004UL
-+#define MSGQ__SETATTR 0x00000008UL
-+#define MSGQ__READ 0x00000010UL
-+#define MSGQ__WRITE 0x00000020UL
-+#define MSGQ__ASSOCIATE 0x00000040UL
-+#define MSGQ__UNIX_READ 0x00000080UL
-+#define MSGQ__UNIX_WRITE 0x00000100UL
-+#define MSGQ__ENQUEUE 0x00000200UL
-+#define SHM__CREATE 0x00000001UL
-+#define SHM__DESTROY 0x00000002UL
-+#define SHM__GETATTR 0x00000004UL
-+#define SHM__SETATTR 0x00000008UL
-+#define SHM__READ 0x00000010UL
-+#define SHM__WRITE 0x00000020UL
-+#define SHM__ASSOCIATE 0x00000040UL
-+#define SHM__UNIX_READ 0x00000080UL
-+#define SHM__UNIX_WRITE 0x00000100UL
-+#define SHM__LOCK 0x00000200UL
-+#define IPC__CREATE 0x00000001UL
-+#define IPC__DESTROY 0x00000002UL
-+#define IPC__GETATTR 0x00000004UL
-+#define IPC__SETATTR 0x00000008UL
-+#define IPC__READ 0x00000010UL
-+#define IPC__WRITE 0x00000020UL
-+#define IPC__ASSOCIATE 0x00000040UL
-+#define IPC__UNIX_READ 0x00000080UL
-+#define IPC__UNIX_WRITE 0x00000100UL
-+#define NETLINK_ROUTE_SOCKET__IOCTL 0x00000001UL
-+#define NETLINK_ROUTE_SOCKET__READ 0x00000002UL
-+#define NETLINK_ROUTE_SOCKET__WRITE 0x00000004UL
-+#define NETLINK_ROUTE_SOCKET__CREATE 0x00000008UL
-+#define NETLINK_ROUTE_SOCKET__GETATTR 0x00000010UL
-+#define NETLINK_ROUTE_SOCKET__SETATTR 0x00000020UL
-+#define NETLINK_ROUTE_SOCKET__LOCK 0x00000040UL
-+#define NETLINK_ROUTE_SOCKET__RELABELFROM 0x00000080UL
-+#define NETLINK_ROUTE_SOCKET__RELABELTO 0x00000100UL
-+#define NETLINK_ROUTE_SOCKET__APPEND 0x00000200UL
-+#define NETLINK_ROUTE_SOCKET__BIND 0x00000400UL
-+#define NETLINK_ROUTE_SOCKET__CONNECT 0x00000800UL
-+#define NETLINK_ROUTE_SOCKET__LISTEN 0x00001000UL
-+#define NETLINK_ROUTE_SOCKET__ACCEPT 0x00002000UL
-+#define NETLINK_ROUTE_SOCKET__GETOPT 0x00004000UL
-+#define NETLINK_ROUTE_SOCKET__SETOPT 0x00008000UL
-+#define NETLINK_ROUTE_SOCKET__SHUTDOWN 0x00010000UL
-+#define NETLINK_ROUTE_SOCKET__RECVFROM 0x00020000UL
-+#define NETLINK_ROUTE_SOCKET__SENDTO 0x00040000UL
-+#define NETLINK_ROUTE_SOCKET__RECV_MSG 0x00080000UL
-+#define NETLINK_ROUTE_SOCKET__SEND_MSG 0x00100000UL
-+#define NETLINK_ROUTE_SOCKET__NAME_BIND 0x00200000UL
-+#define NETLINK_ROUTE_SOCKET__NLMSG_READ 0x00400000UL
-+#define NETLINK_ROUTE_SOCKET__NLMSG_WRITE 0x00800000UL
-+#define NETLINK_FIREWALL_SOCKET__IOCTL 0x00000001UL
-+#define NETLINK_FIREWALL_SOCKET__READ 0x00000002UL
-+#define NETLINK_FIREWALL_SOCKET__WRITE 0x00000004UL
-+#define NETLINK_FIREWALL_SOCKET__CREATE 0x00000008UL
-+#define NETLINK_FIREWALL_SOCKET__GETATTR 0x00000010UL
-+#define NETLINK_FIREWALL_SOCKET__SETATTR 0x00000020UL
-+#define NETLINK_FIREWALL_SOCKET__LOCK 0x00000040UL
-+#define NETLINK_FIREWALL_SOCKET__RELABELFROM 0x00000080UL
-+#define NETLINK_FIREWALL_SOCKET__RELABELTO 0x00000100UL
-+#define NETLINK_FIREWALL_SOCKET__APPEND 0x00000200UL
-+#define NETLINK_FIREWALL_SOCKET__BIND 0x00000400UL
-+#define NETLINK_FIREWALL_SOCKET__CONNECT 0x00000800UL
-+#define NETLINK_FIREWALL_SOCKET__LISTEN 0x00001000UL
-+#define NETLINK_FIREWALL_SOCKET__ACCEPT 0x00002000UL
-+#define NETLINK_FIREWALL_SOCKET__GETOPT 0x00004000UL
-+#define NETLINK_FIREWALL_SOCKET__SETOPT 0x00008000UL
-+#define NETLINK_FIREWALL_SOCKET__SHUTDOWN 0x00010000UL
-+#define NETLINK_FIREWALL_SOCKET__RECVFROM 0x00020000UL
-+#define NETLINK_FIREWALL_SOCKET__SENDTO 0x00040000UL
-+#define NETLINK_FIREWALL_SOCKET__RECV_MSG 0x00080000UL
-+#define NETLINK_FIREWALL_SOCKET__SEND_MSG 0x00100000UL
-+#define NETLINK_FIREWALL_SOCKET__NAME_BIND 0x00200000UL
-+#define NETLINK_FIREWALL_SOCKET__NLMSG_READ 0x00400000UL
-+#define NETLINK_FIREWALL_SOCKET__NLMSG_WRITE 0x00800000UL
-+#define NETLINK_TCPDIAG_SOCKET__IOCTL 0x00000001UL
-+#define NETLINK_TCPDIAG_SOCKET__READ 0x00000002UL
-+#define NETLINK_TCPDIAG_SOCKET__WRITE 0x00000004UL
-+#define NETLINK_TCPDIAG_SOCKET__CREATE 0x00000008UL
-+#define NETLINK_TCPDIAG_SOCKET__GETATTR 0x00000010UL
-+#define NETLINK_TCPDIAG_SOCKET__SETATTR 0x00000020UL
-+#define NETLINK_TCPDIAG_SOCKET__LOCK 0x00000040UL
-+#define NETLINK_TCPDIAG_SOCKET__RELABELFROM 0x00000080UL
-+#define NETLINK_TCPDIAG_SOCKET__RELABELTO 0x00000100UL
-+#define NETLINK_TCPDIAG_SOCKET__APPEND 0x00000200UL
-+#define NETLINK_TCPDIAG_SOCKET__BIND 0x00000400UL
-+#define NETLINK_TCPDIAG_SOCKET__CONNECT 0x00000800UL
-+#define NETLINK_TCPDIAG_SOCKET__LISTEN 0x00001000UL
-+#define NETLINK_TCPDIAG_SOCKET__ACCEPT 0x00002000UL
-+#define NETLINK_TCPDIAG_SOCKET__GETOPT 0x00004000UL
-+#define NETLINK_TCPDIAG_SOCKET__SETOPT 0x00008000UL
-+#define NETLINK_TCPDIAG_SOCKET__SHUTDOWN 0x00010000UL
-+#define NETLINK_TCPDIAG_SOCKET__RECVFROM 0x00020000UL
-+#define NETLINK_TCPDIAG_SOCKET__SENDTO 0x00040000UL
-+#define NETLINK_TCPDIAG_SOCKET__RECV_MSG 0x00080000UL
-+#define NETLINK_TCPDIAG_SOCKET__SEND_MSG 0x00100000UL
-+#define NETLINK_TCPDIAG_SOCKET__NAME_BIND 0x00200000UL
-+#define NETLINK_TCPDIAG_SOCKET__NLMSG_READ 0x00400000UL
-+#define NETLINK_TCPDIAG_SOCKET__NLMSG_WRITE 0x00800000UL
-+#define NETLINK_NFLOG_SOCKET__IOCTL 0x00000001UL
-+#define NETLINK_NFLOG_SOCKET__READ 0x00000002UL
-+#define NETLINK_NFLOG_SOCKET__WRITE 0x00000004UL
-+#define NETLINK_NFLOG_SOCKET__CREATE 0x00000008UL
-+#define NETLINK_NFLOG_SOCKET__GETATTR 0x00000010UL
-+#define NETLINK_NFLOG_SOCKET__SETATTR 0x00000020UL
-+#define NETLINK_NFLOG_SOCKET__LOCK 0x00000040UL
-+#define NETLINK_NFLOG_SOCKET__RELABELFROM 0x00000080UL
-+#define NETLINK_NFLOG_SOCKET__RELABELTO 0x00000100UL
-+#define NETLINK_NFLOG_SOCKET__APPEND 0x00000200UL
-+#define NETLINK_NFLOG_SOCKET__BIND 0x00000400UL
-+#define NETLINK_NFLOG_SOCKET__CONNECT 0x00000800UL
-+#define NETLINK_NFLOG_SOCKET__LISTEN 0x00001000UL
-+#define NETLINK_NFLOG_SOCKET__ACCEPT 0x00002000UL
-+#define NETLINK_NFLOG_SOCKET__GETOPT 0x00004000UL
-+#define NETLINK_NFLOG_SOCKET__SETOPT 0x00008000UL
-+#define NETLINK_NFLOG_SOCKET__SHUTDOWN 0x00010000UL
-+#define NETLINK_NFLOG_SOCKET__RECVFROM 0x00020000UL
-+#define NETLINK_NFLOG_SOCKET__SENDTO 0x00040000UL
-+#define NETLINK_NFLOG_SOCKET__RECV_MSG 0x00080000UL
-+#define NETLINK_NFLOG_SOCKET__SEND_MSG 0x00100000UL
-+#define NETLINK_NFLOG_SOCKET__NAME_BIND 0x00200000UL
-+#define NETLINK_XFRM_SOCKET__IOCTL 0x00000001UL
-+#define NETLINK_XFRM_SOCKET__READ 0x00000002UL
-+#define NETLINK_XFRM_SOCKET__WRITE 0x00000004UL
-+#define NETLINK_XFRM_SOCKET__CREATE 0x00000008UL
-+#define NETLINK_XFRM_SOCKET__GETATTR 0x00000010UL
-+#define NETLINK_XFRM_SOCKET__SETATTR 0x00000020UL
-+#define NETLINK_XFRM_SOCKET__LOCK 0x00000040UL
-+#define NETLINK_XFRM_SOCKET__RELABELFROM 0x00000080UL
-+#define NETLINK_XFRM_SOCKET__RELABELTO 0x00000100UL
-+#define NETLINK_XFRM_SOCKET__APPEND 0x00000200UL
-+#define NETLINK_XFRM_SOCKET__BIND 0x00000400UL
-+#define NETLINK_XFRM_SOCKET__CONNECT 0x00000800UL
-+#define NETLINK_XFRM_SOCKET__LISTEN 0x00001000UL
-+#define NETLINK_XFRM_SOCKET__ACCEPT 0x00002000UL
-+#define NETLINK_XFRM_SOCKET__GETOPT 0x00004000UL
-+#define NETLINK_XFRM_SOCKET__SETOPT 0x00008000UL
-+#define NETLINK_XFRM_SOCKET__SHUTDOWN 0x00010000UL
-+#define NETLINK_XFRM_SOCKET__RECVFROM 0x00020000UL
-+#define NETLINK_XFRM_SOCKET__SENDTO 0x00040000UL
-+#define NETLINK_XFRM_SOCKET__RECV_MSG 0x00080000UL
-+#define NETLINK_XFRM_SOCKET__SEND_MSG 0x00100000UL
-+#define NETLINK_XFRM_SOCKET__NAME_BIND 0x00200000UL
-+#define NETLINK_XFRM_SOCKET__NLMSG_READ 0x00400000UL
-+#define NETLINK_XFRM_SOCKET__NLMSG_WRITE 0x00800000UL
-+#define NETLINK_SELINUX_SOCKET__IOCTL 0x00000001UL
-+#define NETLINK_SELINUX_SOCKET__READ 0x00000002UL
-+#define NETLINK_SELINUX_SOCKET__WRITE 0x00000004UL
-+#define NETLINK_SELINUX_SOCKET__CREATE 0x00000008UL
-+#define NETLINK_SELINUX_SOCKET__GETATTR 0x00000010UL
-+#define NETLINK_SELINUX_SOCKET__SETATTR 0x00000020UL
-+#define NETLINK_SELINUX_SOCKET__LOCK 0x00000040UL
-+#define NETLINK_SELINUX_SOCKET__RELABELFROM 0x00000080UL
-+#define NETLINK_SELINUX_SOCKET__RELABELTO 0x00000100UL
-+#define NETLINK_SELINUX_SOCKET__APPEND 0x00000200UL
-+#define NETLINK_SELINUX_SOCKET__BIND 0x00000400UL
-+#define NETLINK_SELINUX_SOCKET__CONNECT 0x00000800UL
-+#define NETLINK_SELINUX_SOCKET__LISTEN 0x00001000UL
-+#define NETLINK_SELINUX_SOCKET__ACCEPT 0x00002000UL
-+#define NETLINK_SELINUX_SOCKET__GETOPT 0x00004000UL
-+#define NETLINK_SELINUX_SOCKET__SETOPT 0x00008000UL
-+#define NETLINK_SELINUX_SOCKET__SHUTDOWN 0x00010000UL
-+#define NETLINK_SELINUX_SOCKET__RECVFROM 0x00020000UL
-+#define NETLINK_SELINUX_SOCKET__SENDTO 0x00040000UL
-+#define NETLINK_SELINUX_SOCKET__RECV_MSG 0x00080000UL
-+#define NETLINK_SELINUX_SOCKET__SEND_MSG 0x00100000UL
-+#define NETLINK_SELINUX_SOCKET__NAME_BIND 0x00200000UL
-+#define NETLINK_AUDIT_SOCKET__IOCTL 0x00000001UL
-+#define NETLINK_AUDIT_SOCKET__READ 0x00000002UL
-+#define NETLINK_AUDIT_SOCKET__WRITE 0x00000004UL
-+#define NETLINK_AUDIT_SOCKET__CREATE 0x00000008UL
-+#define NETLINK_AUDIT_SOCKET__GETATTR 0x00000010UL
-+#define NETLINK_AUDIT_SOCKET__SETATTR 0x00000020UL
-+#define NETLINK_AUDIT_SOCKET__LOCK 0x00000040UL
-+#define NETLINK_AUDIT_SOCKET__RELABELFROM 0x00000080UL
-+#define NETLINK_AUDIT_SOCKET__RELABELTO 0x00000100UL
-+#define NETLINK_AUDIT_SOCKET__APPEND 0x00000200UL
-+#define NETLINK_AUDIT_SOCKET__BIND 0x00000400UL
-+#define NETLINK_AUDIT_SOCKET__CONNECT 0x00000800UL
-+#define NETLINK_AUDIT_SOCKET__LISTEN 0x00001000UL
-+#define NETLINK_AUDIT_SOCKET__ACCEPT 0x00002000UL
-+#define NETLINK_AUDIT_SOCKET__GETOPT 0x00004000UL
-+#define NETLINK_AUDIT_SOCKET__SETOPT 0x00008000UL
-+#define NETLINK_AUDIT_SOCKET__SHUTDOWN 0x00010000UL
-+#define NETLINK_AUDIT_SOCKET__RECVFROM 0x00020000UL
-+#define NETLINK_AUDIT_SOCKET__SENDTO 0x00040000UL
-+#define NETLINK_AUDIT_SOCKET__RECV_MSG 0x00080000UL
-+#define NETLINK_AUDIT_SOCKET__SEND_MSG 0x00100000UL
-+#define NETLINK_AUDIT_SOCKET__NAME_BIND 0x00200000UL
-+#define NETLINK_AUDIT_SOCKET__NLMSG_READ 0x00400000UL
-+#define NETLINK_AUDIT_SOCKET__NLMSG_WRITE 0x00800000UL
-+#define NETLINK_AUDIT_SOCKET__NLMSG_RELAY 0x01000000UL
-+#define NETLINK_AUDIT_SOCKET__NLMSG_READPRIV 0x02000000UL
-+#define NETLINK_AUDIT_SOCKET__NLMSG_TTY_AUDIT 0x04000000UL
-+#define NETLINK_IP6FW_SOCKET__IOCTL 0x00000001UL
-+#define NETLINK_IP6FW_SOCKET__READ 0x00000002UL
-+#define NETLINK_IP6FW_SOCKET__WRITE 0x00000004UL
-+#define NETLINK_IP6FW_SOCKET__CREATE 0x00000008UL
-+#define NETLINK_IP6FW_SOCKET__GETATTR 0x00000010UL
-+#define NETLINK_IP6FW_SOCKET__SETATTR 0x00000020UL
-+#define NETLINK_IP6FW_SOCKET__LOCK 0x00000040UL
-+#define NETLINK_IP6FW_SOCKET__RELABELFROM 0x00000080UL
-+#define NETLINK_IP6FW_SOCKET__RELABELTO 0x00000100UL
-+#define NETLINK_IP6FW_SOCKET__APPEND 0x00000200UL
-+#define NETLINK_IP6FW_SOCKET__BIND 0x00000400UL
-+#define NETLINK_IP6FW_SOCKET__CONNECT 0x00000800UL
-+#define NETLINK_IP6FW_SOCKET__LISTEN 0x00001000UL
-+#define NETLINK_IP6FW_SOCKET__ACCEPT 0x00002000UL
-+#define NETLINK_IP6FW_SOCKET__GETOPT 0x00004000UL
-+#define NETLINK_IP6FW_SOCKET__SETOPT 0x00008000UL
-+#define NETLINK_IP6FW_SOCKET__SHUTDOWN 0x00010000UL
-+#define NETLINK_IP6FW_SOCKET__RECVFROM 0x00020000UL
-+#define NETLINK_IP6FW_SOCKET__SENDTO 0x00040000UL
-+#define NETLINK_IP6FW_SOCKET__RECV_MSG 0x00080000UL
-+#define NETLINK_IP6FW_SOCKET__SEND_MSG 0x00100000UL
-+#define NETLINK_IP6FW_SOCKET__NAME_BIND 0x00200000UL
-+#define NETLINK_IP6FW_SOCKET__NLMSG_READ 0x00400000UL
-+#define NETLINK_IP6FW_SOCKET__NLMSG_WRITE 0x00800000UL
-+#define NETLINK_DNRT_SOCKET__IOCTL 0x00000001UL
-+#define NETLINK_DNRT_SOCKET__READ 0x00000002UL
-+#define NETLINK_DNRT_SOCKET__WRITE 0x00000004UL
-+#define NETLINK_DNRT_SOCKET__CREATE 0x00000008UL
-+#define NETLINK_DNRT_SOCKET__GETATTR 0x00000010UL
-+#define NETLINK_DNRT_SOCKET__SETATTR 0x00000020UL
-+#define NETLINK_DNRT_SOCKET__LOCK 0x00000040UL
-+#define NETLINK_DNRT_SOCKET__RELABELFROM 0x00000080UL
-+#define NETLINK_DNRT_SOCKET__RELABELTO 0x00000100UL
-+#define NETLINK_DNRT_SOCKET__APPEND 0x00000200UL
-+#define NETLINK_DNRT_SOCKET__BIND 0x00000400UL
-+#define NETLINK_DNRT_SOCKET__CONNECT 0x00000800UL
-+#define NETLINK_DNRT_SOCKET__LISTEN 0x00001000UL
-+#define NETLINK_DNRT_SOCKET__ACCEPT 0x00002000UL
-+#define NETLINK_DNRT_SOCKET__GETOPT 0x00004000UL
-+#define NETLINK_DNRT_SOCKET__SETOPT 0x00008000UL
-+#define NETLINK_DNRT_SOCKET__SHUTDOWN 0x00010000UL
-+#define NETLINK_DNRT_SOCKET__RECVFROM 0x00020000UL
-+#define NETLINK_DNRT_SOCKET__SENDTO 0x00040000UL
-+#define NETLINK_DNRT_SOCKET__RECV_MSG 0x00080000UL
-+#define NETLINK_DNRT_SOCKET__SEND_MSG 0x00100000UL
-+#define NETLINK_DNRT_SOCKET__NAME_BIND 0x00200000UL
-+#define ASSOCIATION__SENDTO 0x00000001UL
-+#define ASSOCIATION__RECVFROM 0x00000002UL
-+#define ASSOCIATION__SETCONTEXT 0x00000004UL
-+#define ASSOCIATION__POLMATCH 0x00000008UL
-+#define NETLINK_KOBJECT_UEVENT_SOCKET__IOCTL 0x00000001UL
-+#define NETLINK_KOBJECT_UEVENT_SOCKET__READ 0x00000002UL
-+#define NETLINK_KOBJECT_UEVENT_SOCKET__WRITE 0x00000004UL
-+#define NETLINK_KOBJECT_UEVENT_SOCKET__CREATE 0x00000008UL
-+#define NETLINK_KOBJECT_UEVENT_SOCKET__GETATTR 0x00000010UL
-+#define NETLINK_KOBJECT_UEVENT_SOCKET__SETATTR 0x00000020UL
-+#define NETLINK_KOBJECT_UEVENT_SOCKET__LOCK 0x00000040UL
-+#define NETLINK_KOBJECT_UEVENT_SOCKET__RELABELFROM 0x00000080UL
-+#define NETLINK_KOBJECT_UEVENT_SOCKET__RELABELTO 0x00000100UL
-+#define NETLINK_KOBJECT_UEVENT_SOCKET__APPEND 0x00000200UL
-+#define NETLINK_KOBJECT_UEVENT_SOCKET__BIND 0x00000400UL
-+#define NETLINK_KOBJECT_UEVENT_SOCKET__CONNECT 0x00000800UL
-+#define NETLINK_KOBJECT_UEVENT_SOCKET__LISTEN 0x00001000UL
-+#define NETLINK_KOBJECT_UEVENT_SOCKET__ACCEPT 0x00002000UL
-+#define NETLINK_KOBJECT_UEVENT_SOCKET__GETOPT 0x00004000UL
-+#define NETLINK_KOBJECT_UEVENT_SOCKET__SETOPT 0x00008000UL
-+#define NETLINK_KOBJECT_UEVENT_SOCKET__SHUTDOWN 0x00010000UL
-+#define NETLINK_KOBJECT_UEVENT_SOCKET__RECVFROM 0x00020000UL
-+#define NETLINK_KOBJECT_UEVENT_SOCKET__SENDTO 0x00040000UL
-+#define NETLINK_KOBJECT_UEVENT_SOCKET__RECV_MSG 0x00080000UL
-+#define NETLINK_KOBJECT_UEVENT_SOCKET__SEND_MSG 0x00100000UL
-+#define NETLINK_KOBJECT_UEVENT_SOCKET__NAME_BIND 0x00200000UL
-+#define APPLETALK_SOCKET__IOCTL 0x00000001UL
-+#define APPLETALK_SOCKET__READ 0x00000002UL
-+#define APPLETALK_SOCKET__WRITE 0x00000004UL
-+#define APPLETALK_SOCKET__CREATE 0x00000008UL
-+#define APPLETALK_SOCKET__GETATTR 0x00000010UL
-+#define APPLETALK_SOCKET__SETATTR 0x00000020UL
-+#define APPLETALK_SOCKET__LOCK 0x00000040UL
-+#define APPLETALK_SOCKET__RELABELFROM 0x00000080UL
-+#define APPLETALK_SOCKET__RELABELTO 0x00000100UL
-+#define APPLETALK_SOCKET__APPEND 0x00000200UL
-+#define APPLETALK_SOCKET__BIND 0x00000400UL
-+#define APPLETALK_SOCKET__CONNECT 0x00000800UL
-+#define APPLETALK_SOCKET__LISTEN 0x00001000UL
-+#define APPLETALK_SOCKET__ACCEPT 0x00002000UL
-+#define APPLETALK_SOCKET__GETOPT 0x00004000UL
-+#define APPLETALK_SOCKET__SETOPT 0x00008000UL
-+#define APPLETALK_SOCKET__SHUTDOWN 0x00010000UL
-+#define APPLETALK_SOCKET__RECVFROM 0x00020000UL
-+#define APPLETALK_SOCKET__SENDTO 0x00040000UL
-+#define APPLETALK_SOCKET__RECV_MSG 0x00080000UL
-+#define APPLETALK_SOCKET__SEND_MSG 0x00100000UL
-+#define APPLETALK_SOCKET__NAME_BIND 0x00200000UL
-+#define PACKET__SEND 0x00000001UL
-+#define PACKET__RECV 0x00000002UL
-+#define PACKET__RELABELTO 0x00000004UL
-+#define PACKET__FLOW_IN 0x00000008UL
-+#define PACKET__FLOW_OUT 0x00000010UL
-+#define PACKET__FORWARD_IN 0x00000020UL
-+#define PACKET__FORWARD_OUT 0x00000040UL
-+#define KEY__VIEW 0x00000001UL
-+#define KEY__READ 0x00000002UL
-+#define KEY__WRITE 0x00000004UL
-+#define KEY__SEARCH 0x00000008UL
-+#define KEY__LINK 0x00000010UL
-+#define KEY__SETATTR 0x00000020UL
-+#define KEY__CREATE 0x00000040UL
-+#define DCCP_SOCKET__IOCTL 0x00000001UL
-+#define DCCP_SOCKET__READ 0x00000002UL
-+#define DCCP_SOCKET__WRITE 0x00000004UL
-+#define DCCP_SOCKET__CREATE 0x00000008UL
-+#define DCCP_SOCKET__GETATTR 0x00000010UL
-+#define DCCP_SOCKET__SETATTR 0x00000020UL
-+#define DCCP_SOCKET__LOCK 0x00000040UL
-+#define DCCP_SOCKET__RELABELFROM 0x00000080UL
-+#define DCCP_SOCKET__RELABELTO 0x00000100UL
-+#define DCCP_SOCKET__APPEND 0x00000200UL
-+#define DCCP_SOCKET__BIND 0x00000400UL
-+#define DCCP_SOCKET__CONNECT 0x00000800UL
-+#define DCCP_SOCKET__LISTEN 0x00001000UL
-+#define DCCP_SOCKET__ACCEPT 0x00002000UL
-+#define DCCP_SOCKET__GETOPT 0x00004000UL
-+#define DCCP_SOCKET__SETOPT 0x00008000UL
-+#define DCCP_SOCKET__SHUTDOWN 0x00010000UL
-+#define DCCP_SOCKET__RECVFROM 0x00020000UL
-+#define DCCP_SOCKET__SENDTO 0x00040000UL
-+#define DCCP_SOCKET__RECV_MSG 0x00080000UL
-+#define DCCP_SOCKET__SEND_MSG 0x00100000UL
-+#define DCCP_SOCKET__NAME_BIND 0x00200000UL
-+#define DCCP_SOCKET__NODE_BIND 0x00400000UL
-+#define DCCP_SOCKET__NAME_CONNECT 0x00800000UL
-+#define MEMPROTECT__MMAP_ZERO 0x00000001UL
-+#define PEER__RECV 0x00000001UL
-+#define CAPABILITY2__MAC_OVERRIDE 0x00000001UL
-+#define CAPABILITY2__MAC_ADMIN 0x00000002UL
-+#define KERNEL_SERVICE__USE_AS_OVERRIDE 0x00000001UL
-+#define KERNEL_SERVICE__CREATE_FILES_AS 0x00000002UL
-+#define TUN_SOCKET__IOCTL 0x00000001UL
-+#define TUN_SOCKET__READ 0x00000002UL
-+#define TUN_SOCKET__WRITE 0x00000004UL
-+#define TUN_SOCKET__CREATE 0x00000008UL
-+#define TUN_SOCKET__GETATTR 0x00000010UL
-+#define TUN_SOCKET__SETATTR 0x00000020UL
-+#define TUN_SOCKET__LOCK 0x00000040UL
-+#define TUN_SOCKET__RELABELFROM 0x00000080UL
-+#define TUN_SOCKET__RELABELTO 0x00000100UL
-+#define TUN_SOCKET__APPEND 0x00000200UL
-+#define TUN_SOCKET__BIND 0x00000400UL
-+#define TUN_SOCKET__CONNECT 0x00000800UL
-+#define TUN_SOCKET__LISTEN 0x00001000UL
-+#define TUN_SOCKET__ACCEPT 0x00002000UL
-+#define TUN_SOCKET__GETOPT 0x00004000UL
-+#define TUN_SOCKET__SETOPT 0x00008000UL
-+#define TUN_SOCKET__SHUTDOWN 0x00010000UL
-+#define TUN_SOCKET__RECVFROM 0x00020000UL
-+#define TUN_SOCKET__SENDTO 0x00040000UL
-+#define TUN_SOCKET__RECV_MSG 0x00080000UL
-+#define TUN_SOCKET__SEND_MSG 0x00100000UL
-+#define TUN_SOCKET__NAME_BIND 0x00200000UL
-+
-+#endif
-diff -NurpP --minimal linux-2.6.35.4/security/selinux/hooks.c linux-2.6.35.4-vs2.3.0.36.32/security/selinux/hooks.c
---- linux-2.6.35.4/security/selinux/hooks.c 2010-08-02 16:53:03.000000000 +0200
-+++ linux-2.6.35.4-vs2.3.0.36.32/security/selinux/hooks.c 2010-08-02 17:05:06.000000000 +0200
-@@ -64,7 +64,6 @@
+diff -NurpP --minimal linux-3.9.4/security/selinux/hooks.c linux-3.9.4-vs2.3.6.2/security/selinux/hooks.c
+--- linux-3.9.4/security/selinux/hooks.c 2013-05-31 13:45:34.000000000 +0000
++++ linux-3.9.4-vs2.3.6.2/security/selinux/hooks.c 2013-05-31 14:47:11.000000000 +0000
+@@ -67,7 +67,6 @@
#include <linux/dccp.h>
#include <linux/quota.h>
#include <linux/un.h> /* for Unix socket types */