--- /dev/null
+diff -NurpP --minimal linux-2.6.2-rc1/arch/alpha/kernel/ptrace.c linux-2.6.2-rc1-vs0.05.1/arch/alpha/kernel/ptrace.c
+--- linux-2.6.2-rc1/arch/alpha/kernel/ptrace.c Fri Jan 9 08:00:02 2004
++++ linux-2.6.2-rc1-vs0.05.1/arch/alpha/kernel/ptrace.c Sat Jan 24 06:45:48 2004
+@@ -6,6 +6,7 @@
+
+ #include <linux/kernel.h>
+ #include <linux/sched.h>
++#include <linux/vinline.h>
+ #include <linux/mm.h>
+ #include <linux/smp.h>
+ #include <linux/smp_lock.h>
+@@ -285,7 +286,7 @@ do_sys_ptrace(long request, long pid, lo
+ if (child)
+ get_task_struct(child);
+ read_unlock(&tasklist_lock);
+- if (!child)
++ if (!child || !vx_check(vx_task_xid(child), VX_WATCH|VX_IDENT))
+ goto out_notsk;
+
+ if (request == PTRACE_ATTACH) {
+diff -NurpP --minimal linux-2.6.2-rc1/arch/alpha/kernel/systbls.S linux-2.6.2-rc1-vs0.05.1/arch/alpha/kernel/systbls.S
+--- linux-2.6.2-rc1/arch/alpha/kernel/systbls.S Fri Jan 9 07:59:45 2004
++++ linux-2.6.2-rc1-vs0.05.1/arch/alpha/kernel/systbls.S Sat Jan 24 06:45:48 2004
+@@ -291,7 +291,7 @@ sys_call_table:
+ .quad alpha_ni_syscall /* 270 */
+ .quad alpha_ni_syscall
+ .quad alpha_ni_syscall
+- .quad alpha_ni_syscall
++ .quad sys_vserver /* 273 sys_vserver */
+ .quad alpha_ni_syscall
+ .quad alpha_ni_syscall /* 275 */
+ .quad alpha_ni_syscall
+diff -NurpP --minimal linux-2.6.2-rc1/arch/i386/kernel/entry.S linux-2.6.2-rc1-vs0.05.1/arch/i386/kernel/entry.S
+--- linux-2.6.2-rc1/arch/i386/kernel/entry.S Fri Jan 9 07:59:19 2004
++++ linux-2.6.2-rc1-vs0.05.1/arch/i386/kernel/entry.S Sat Jan 24 06:45:48 2004
+@@ -881,6 +881,6 @@ ENTRY(sys_call_table)
+ .long sys_tgkill /* 270 */
+ .long sys_utimes
+ .long sys_fadvise64_64
+- .long sys_ni_syscall /* sys_vserver */
++ .long sys_vserver
+
+ syscall_table_size=(.-sys_call_table)
+diff -NurpP --minimal linux-2.6.2-rc1/arch/i386/kernel/ptrace.c linux-2.6.2-rc1-vs0.05.1/arch/i386/kernel/ptrace.c
+--- linux-2.6.2-rc1/arch/i386/kernel/ptrace.c Fri Jan 9 07:59:19 2004
++++ linux-2.6.2-rc1-vs0.05.1/arch/i386/kernel/ptrace.c Sat Jan 24 06:45:48 2004
+@@ -7,6 +7,7 @@
+
+ #include <linux/kernel.h>
+ #include <linux/sched.h>
++#include <linux/vinline.h>
+ #include <linux/mm.h>
+ #include <linux/smp.h>
+ #include <linux/smp_lock.h>
+@@ -255,7 +256,7 @@ asmlinkage int sys_ptrace(long request,
+ if (child)
+ get_task_struct(child);
+ read_unlock(&tasklist_lock);
+- if (!child)
++ if (!child || !vx_check(vx_task_xid(child), VX_WATCH|VX_IDENT))
+ goto out;
+
+ ret = -EPERM;
+diff -NurpP --minimal linux-2.6.2-rc1/arch/ia64/kernel/ptrace.c linux-2.6.2-rc1-vs0.05.1/arch/ia64/kernel/ptrace.c
+--- linux-2.6.2-rc1/arch/ia64/kernel/ptrace.c Fri Jan 9 08:00:12 2004
++++ linux-2.6.2-rc1-vs0.05.1/arch/ia64/kernel/ptrace.c Sat Jan 24 06:45:48 2004
+@@ -10,6 +10,7 @@
+ #include <linux/config.h>
+ #include <linux/kernel.h>
+ #include <linux/sched.h>
++#include <linux/vinline.h>
+ #include <linux/slab.h>
+ #include <linux/mm.h>
+ #include <linux/errno.h>
+@@ -1282,7 +1283,7 @@ sys_ptrace (long request, pid_t pid, uns
+ }
+ }
+ read_unlock(&tasklist_lock);
+- if (!child)
++ if (!child || !vx_check(vx_task_xid(child), VX_WATCH|VX_IDENT))
+ goto out;
+ ret = -EPERM;
+ if (pid == 1) /* no messing around with init! */
+diff -NurpP --minimal linux-2.6.2-rc1/arch/m68k/kernel/ptrace.c linux-2.6.2-rc1-vs0.05.1/arch/m68k/kernel/ptrace.c
+--- linux-2.6.2-rc1/arch/m68k/kernel/ptrace.c Fri Jan 9 07:59:19 2004
++++ linux-2.6.2-rc1-vs0.05.1/arch/m68k/kernel/ptrace.c Sat Jan 24 06:45:48 2004
+@@ -12,6 +12,7 @@
+
+ #include <linux/kernel.h>
+ #include <linux/sched.h>
++#include <linux/vinline.h>
+ #include <linux/mm.h>
+ #include <linux/smp.h>
+ #include <linux/smp_lock.h>
+@@ -124,7 +125,7 @@ asmlinkage int sys_ptrace(long request,
+ if (child)
+ get_task_struct(child);
+ read_unlock(&tasklist_lock);
+- if (!child)
++ if (!child || !vx_check(vx_task_xid(child), VX_WATCH|VX_IDENT))
+ goto out;
+
+ ret = -EPERM;
+diff -NurpP --minimal linux-2.6.2-rc1/arch/mips/kernel/ptrace.c linux-2.6.2-rc1-vs0.05.1/arch/mips/kernel/ptrace.c
+--- linux-2.6.2-rc1/arch/mips/kernel/ptrace.c Fri Jan 9 08:00:13 2004
++++ linux-2.6.2-rc1-vs0.05.1/arch/mips/kernel/ptrace.c Sat Jan 24 06:45:48 2004
+@@ -18,6 +18,7 @@
+ #include <linux/compiler.h>
+ #include <linux/kernel.h>
+ #include <linux/sched.h>
++#include <linux/vinline.h>
+ #include <linux/mm.h>
+ #include <linux/errno.h>
+ #include <linux/ptrace.h>
+@@ -74,7 +75,7 @@ asmlinkage int sys_ptrace(long request,
+ if (child)
+ get_task_struct(child);
+ read_unlock(&tasklist_lock);
+- if (!child)
++ if (!child || !vx_check(vx_task_xid(child), VX_WATCH|VX_IDENT))
+ goto out;
+
+ ret = -EPERM;
+diff -NurpP --minimal linux-2.6.2-rc1/arch/parisc/kernel/ptrace.c linux-2.6.2-rc1-vs0.05.1/arch/parisc/kernel/ptrace.c
+--- linux-2.6.2-rc1/arch/parisc/kernel/ptrace.c Fri Jan 9 07:59:09 2004
++++ linux-2.6.2-rc1-vs0.05.1/arch/parisc/kernel/ptrace.c Sat Jan 24 06:45:48 2004
+@@ -8,6 +8,7 @@
+
+ #include <linux/kernel.h>
+ #include <linux/sched.h>
++#include <linux/vinline.h>
+ #include <linux/mm.h>
+ #include <linux/smp.h>
+ #include <linux/smp_lock.h>
+@@ -109,7 +110,7 @@ long sys_ptrace(long request, pid_t pid,
+ if (child)
+ get_task_struct(child);
+ read_unlock(&tasklist_lock);
+- if (!child)
++ if (!child || !vx_check(vx_task_xid(child), VX_WATCH|VX_IDENT))
+ goto out;
+ ret = -EPERM;
+ if (pid == 1) /* no messing around with init! */
+diff -NurpP --minimal linux-2.6.2-rc1/arch/ppc/kernel/misc.S linux-2.6.2-rc1-vs0.05.1/arch/ppc/kernel/misc.S
+--- linux-2.6.2-rc1/arch/ppc/kernel/misc.S Sat Jan 24 03:18:04 2004
++++ linux-2.6.2-rc1-vs0.05.1/arch/ppc/kernel/misc.S Sat Jan 24 06:45:48 2004
+@@ -1386,3 +1386,22 @@ _GLOBAL(sys_call_table)
+ .long sys_fstatfs64
+ .long ppc_fadvise64_64
+ .long sys_ni_syscall /* 255 - rtas (used on ppc64) */
++ .long sys_ni_syscall
++ .long sys_ni_syscall
++ .long sys_ni_syscall
++ .long sys_ni_syscall
++ .long sys_ni_syscall /* 260 */
++ .long sys_ni_syscall
++ .long sys_ni_syscall
++ .long sys_ni_syscall
++ .long sys_ni_syscall
++ .long sys_ni_syscall /* 265 */
++ .long sys_ni_syscall
++ .long sys_ni_syscall
++ .long sys_ni_syscall
++ .long sys_ni_syscall
++ .long sys_ni_syscall /* 270 */
++ .long sys_ni_syscall
++ .long sys_ni_syscall
++ .long sys_vserver /* 273 sys_vserver */
++
+diff -NurpP --minimal linux-2.6.2-rc1/arch/ppc/kernel/ptrace.c linux-2.6.2-rc1-vs0.05.1/arch/ppc/kernel/ptrace.c
+--- linux-2.6.2-rc1/arch/ppc/kernel/ptrace.c Fri Jan 9 07:59:19 2004
++++ linux-2.6.2-rc1-vs0.05.1/arch/ppc/kernel/ptrace.c Sat Jan 24 06:45:48 2004
+@@ -19,6 +19,7 @@
+
+ #include <linux/kernel.h>
+ #include <linux/sched.h>
++#include <linux/vinline.h>
+ #include <linux/mm.h>
+ #include <linux/smp.h>
+ #include <linux/smp_lock.h>
+@@ -195,7 +196,7 @@ int sys_ptrace(long request, long pid, l
+ if (child)
+ get_task_struct(child);
+ read_unlock(&tasklist_lock);
+- if (!child)
++ if (!child || !vx_check(vx_task_xid(child), VX_WATCH|VX_IDENT))
+ goto out;
+
+ ret = -EPERM;
+diff -NurpP --minimal linux-2.6.2-rc1/arch/ppc64/kernel/misc.S linux-2.6.2-rc1-vs0.05.1/arch/ppc64/kernel/misc.S
+--- linux-2.6.2-rc1/arch/ppc64/kernel/misc.S Sat Jan 24 03:18:04 2004
++++ linux-2.6.2-rc1-vs0.05.1/arch/ppc64/kernel/misc.S Sat Jan 24 06:45:48 2004
+@@ -819,6 +819,24 @@ _GLOBAL(sys_call_table32)
+ .llong .compat_fstatfs64
+ .llong .ppc32_fadvise64_64 /* 32bit only fadvise64_64 */
+ .llong .ppc_rtas /* 255 */
++ .llong .sys_ni_syscall
++ .llong .sys_ni_syscall
++ .llong .sys_ni_syscall
++ .llong .sys_ni_syscall
++ .llong .sys_ni_syscall /* 260 */
++ .llong .sys_ni_syscall
++ .llong .sys_ni_syscall
++ .llong .sys_ni_syscall
++ .llong .sys_ni_syscall
++ .llong .sys_ni_syscall /* 265 */
++ .llong .sys_ni_syscall
++ .llong .sys_ni_syscall
++ .llong .sys_ni_syscall
++ .llong .sys_ni_syscall
++ .llong .sys_ni_syscall /* 270 */
++ .llong .sys_ni_syscall
++ .llong .sys_ni_syscall
++ .llong .sys_vserver /* 273 sys_vserver */
+
+ .balign 8
+ _GLOBAL(sys_call_table)
+@@ -1078,3 +1096,22 @@ _GLOBAL(sys_call_table)
+ .llong .sys_fstatfs64
+ .llong .sys_ni_syscall /* 32bit only fadvise64_64 */
+ .llong .ppc_rtas /* 255 */
++ .llong .sys_ni_syscall
++ .llong .sys_ni_syscall
++ .llong .sys_ni_syscall
++ .llong .sys_ni_syscall
++ .llong .sys_ni_syscall /* 260 */
++ .llong .sys_ni_syscall
++ .llong .sys_ni_syscall
++ .llong .sys_ni_syscall
++ .llong .sys_ni_syscall
++ .llong .sys_ni_syscall /* 265 */
++ .llong .sys_ni_syscall
++ .llong .sys_ni_syscall
++ .llong .sys_ni_syscall
++ .llong .sys_ni_syscall
++ .llong .sys_ni_syscall /* 270 */
++ .llong .sys_ni_syscall
++ .llong .sys_ni_syscall
++ .llong .sys_vserver /* 273 sys_vserver */
++
+diff -NurpP --minimal linux-2.6.2-rc1/arch/ppc64/kernel/ptrace.c linux-2.6.2-rc1-vs0.05.1/arch/ppc64/kernel/ptrace.c
+--- linux-2.6.2-rc1/arch/ppc64/kernel/ptrace.c Fri Jan 9 07:59:56 2004
++++ linux-2.6.2-rc1-vs0.05.1/arch/ppc64/kernel/ptrace.c Sat Jan 24 06:45:48 2004
+@@ -19,6 +19,7 @@
+
+ #include <linux/kernel.h>
+ #include <linux/sched.h>
++#include <linux/vinline.h>
+ #include <linux/mm.h>
+ #include <linux/smp.h>
+ #include <linux/smp_lock.h>
+@@ -73,7 +74,7 @@ int sys_ptrace(long request, long pid, l
+ if (child)
+ get_task_struct(child);
+ read_unlock(&tasklist_lock);
+- if (!child)
++ if (!child || !vx_check(vx_task_xid(child), VX_WATCH|VX_IDENT))
+ goto out;
+
+ ret = -EPERM;
+diff -NurpP --minimal linux-2.6.2-rc1/arch/s390/kernel/ptrace.c linux-2.6.2-rc1-vs0.05.1/arch/s390/kernel/ptrace.c
+--- linux-2.6.2-rc1/arch/s390/kernel/ptrace.c Sat Jan 24 03:18:05 2004
++++ linux-2.6.2-rc1-vs0.05.1/arch/s390/kernel/ptrace.c Sat Jan 24 06:45:48 2004
+@@ -24,6 +24,7 @@
+
+ #include <linux/kernel.h>
+ #include <linux/sched.h>
++#include <linux/vinline.h>
+ #include <linux/mm.h>
+ #include <linux/smp.h>
+ #include <linux/smp_lock.h>
+@@ -647,7 +648,7 @@ sys_ptrace(long request, long pid, long
+ if (child)
+ get_task_struct(child);
+ read_unlock(&tasklist_lock);
+- if (!child)
++ if (!child || !vx_check(vx_task_xid(child), VX_WATCH|VX_IDENT))
+ goto out;
+
+ ret = do_ptrace(child, request, addr, data);
+diff -NurpP --minimal linux-2.6.2-rc1/arch/s390/kernel/syscalls.S linux-2.6.2-rc1-vs0.05.1/arch/s390/kernel/syscalls.S
+--- linux-2.6.2-rc1/arch/s390/kernel/syscalls.S Sat Jan 24 03:18:05 2004
++++ linux-2.6.2-rc1-vs0.05.1/arch/s390/kernel/syscalls.S Sat Jan 24 06:45:48 2004
+@@ -271,5 +271,5 @@ SYSCALL(sys_clock_settime,sys_clock_sett
+ SYSCALL(sys_clock_gettime,sys_clock_gettime,sys32_clock_gettime_wrapper) /* 260 */
+ SYSCALL(sys_clock_getres,sys_clock_getres,sys32_clock_getres_wrapper)
+ SYSCALL(sys_clock_nanosleep,sys_clock_nanosleep,sys32_clock_nanosleep_wrapper)
+-NI_SYSCALL /* reserved for vserver */
++SYSCALL(sys_vserver,sys_vserver,sys_vserver)
+ SYSCALL(s390_fadvise64_64,sys_ni_syscall,sys32_fadvise64_64_wrapper)
+diff -NurpP --minimal linux-2.6.2-rc1/arch/sparc/kernel/systbls.S linux-2.6.2-rc1-vs0.05.1/arch/sparc/kernel/systbls.S
+--- linux-2.6.2-rc1/arch/sparc/kernel/systbls.S Fri Jan 9 07:59:34 2004
++++ linux-2.6.2-rc1-vs0.05.1/arch/sparc/kernel/systbls.S Sat Jan 24 06:45:48 2004
+@@ -72,7 +72,7 @@ sys_call_table:
+ /*250*/ .long sparc_mremap, sys_sysctl, sys_getsid, sys_fdatasync, sys_nfsservctl
+ /*255*/ .long sys_nis_syscall, sys_clock_settime, sys_clock_gettime, sys_clock_getres, sys_clock_nanosleep
+ /*260*/ .long sys_sched_getaffinity, sys_sched_setaffinity, sys_timer_settime, sys_timer_gettime, sys_timer_getoverrun
+-/*265*/ .long sys_timer_delete, sys_timer_create, sys_nis_syscall, sys_io_setup, sys_io_destroy
++/*265*/ .long sys_timer_delete, sys_timer_create, sys_vserver, sys_io_setup, sys_io_destroy
+ /*270*/ .long sys_io_submit, sys_io_cancel, sys_io_getevents, sys_nis_syscall
+
+ #ifdef CONFIG_SUNOS_EMUL
+diff -NurpP --minimal linux-2.6.2-rc1/arch/sparc64/kernel/ptrace.c linux-2.6.2-rc1-vs0.05.1/arch/sparc64/kernel/ptrace.c
+--- linux-2.6.2-rc1/arch/sparc64/kernel/ptrace.c Fri Jan 9 08:00:05 2004
++++ linux-2.6.2-rc1-vs0.05.1/arch/sparc64/kernel/ptrace.c Sat Jan 24 06:45:48 2004
+@@ -12,6 +12,7 @@
+
+ #include <linux/kernel.h>
+ #include <linux/sched.h>
++#include <linux/vinline.h>
+ #include <linux/mm.h>
+ #include <linux/errno.h>
+ #include <linux/ptrace.h>
+@@ -164,7 +165,7 @@ asmlinkage void do_ptrace(struct pt_regs
+ get_task_struct(child);
+ read_unlock(&tasklist_lock);
+
+- if (!child) {
++ if (!child || !vx_check(vx_task_xid(child), VX_WATCH|VX_IDENT)) {
+ pt_error_return(regs, ESRCH);
+ goto out;
+ }
+diff -NurpP --minimal linux-2.6.2-rc1/arch/sparc64/kernel/systbls.S linux-2.6.2-rc1-vs0.05.1/arch/sparc64/kernel/systbls.S
+--- linux-2.6.2-rc1/arch/sparc64/kernel/systbls.S Fri Jan 9 07:59:26 2004
++++ linux-2.6.2-rc1-vs0.05.1/arch/sparc64/kernel/systbls.S Sat Jan 24 06:45:48 2004
+@@ -73,7 +73,7 @@ sys_call_table32:
+ .word sys_ni_syscall, compat_clock_settime, compat_clock_gettime, compat_clock_getres, compat_clock_nanosleep
+ /*260*/ .word compat_sys_sched_getaffinity, compat_sys_sched_setaffinity, compat_timer_settime, compat_timer_gettime, sys_timer_getoverrun
+ .word sys_timer_delete, sys32_timer_create, sys_ni_syscall, compat_sys_io_setup, sys_io_destroy
+-/*270*/ .word compat_sys_io_submit, sys_io_cancel, compat_sys_io_getevents, sys_ni_syscall
++/*270*/ .word compat_sys_io_submit, sys_io_cancel, compat_sys_io_getevents, sys_vserver
+
+ /* Now the 64-bit native Linux syscall table. */
+
+@@ -135,7 +135,7 @@ sys_call_table:
+ .word sys_ni_syscall, sys_clock_settime, sys_clock_gettime, sys_clock_getres, sys_clock_nanosleep
+ /*260*/ .word sys_sched_getaffinity, sys_sched_setaffinity, sys_timer_settime, sys_timer_gettime, sys_timer_getoverrun
+ .word sys_timer_delete, sys_timer_create, sys_ni_syscall, sys_io_setup, sys_io_destroy
+-/*270*/ .word sys_io_submit, sys_io_cancel, sys_io_getevents, sys_ni_syscall
++/*270*/ .word sys_io_submit, sys_io_cancel, sys_io_getevents, sys_vserver
+
+ #if defined(CONFIG_SUNOS_EMUL) || defined(CONFIG_SOLARIS_EMUL) || \
+ defined(CONFIG_SOLARIS_EMUL_MODULE)
+diff -NurpP --minimal linux-2.6.2-rc1/arch/x86_64/ia32/ia32entry.S linux-2.6.2-rc1-vs0.05.1/arch/x86_64/ia32/ia32entry.S
+--- linux-2.6.2-rc1/arch/x86_64/ia32/ia32entry.S Fri Jan 9 07:59:27 2004
++++ linux-2.6.2-rc1-vs0.05.1/arch/x86_64/ia32/ia32entry.S Sat Jan 24 06:45:48 2004
+@@ -448,34 +448,35 @@ ia32_sys_call_table:
+ .quad compat_sys_sched_getaffinity
+ .quad sys32_set_thread_area
+ .quad sys32_get_thread_area
+- .quad sys32_io_setup
++ .quad sys32_io_setup /* 245 */
+ .quad sys_io_destroy
+ .quad sys32_io_getevents
+ .quad sys32_io_submit
+ .quad sys_io_cancel
+- .quad sys_fadvise64
++ .quad sys_fadvise64 /* 250 */
+ .quad sys_ni_syscall /* free_huge_pages */
+ .quad sys_exit_group /* exit_group */
+ .quad sys_lookup_dcookie
+ .quad sys_epoll_create
+- .quad sys_epoll_ctl
++ .quad sys_epoll_ctl /* 255 */
+ .quad sys_epoll_wait
+ .quad sys_remap_file_pages
+ .quad sys_set_tid_address
+ .quad sys32_timer_create
+- .quad compat_timer_settime
++ .quad compat_timer_settime /* 260 */
+ .quad compat_timer_gettime
+ .quad sys_timer_getoverrun
+ .quad sys_timer_delete
+ .quad compat_clock_settime
+- .quad compat_clock_gettime
++ .quad compat_clock_gettime /* 265 */
+ .quad compat_clock_getres
+ .quad compat_clock_nanosleep
+ .quad compat_statfs64 /* statfs64 */
+ .quad compat_fstatfs64 /* fstatfs64 */
+- .quad sys_tgkill
++ .quad sys_tgkill /* 270 */
+ .quad compat_sys_utimes
+ .quad sys32_fadvise64_64
++ .quad sys_vserver /* 273 sys_vserver */
+ /* don't forget to change IA32_NR_syscalls */
+ ia32_syscall_end:
+ .rept IA32_NR_syscalls-(ia32_syscall_end-ia32_sys_call_table)/8
+diff -NurpP --minimal linux-2.6.2-rc1/arch/x86_64/kernel/ptrace.c linux-2.6.2-rc1-vs0.05.1/arch/x86_64/kernel/ptrace.c
+--- linux-2.6.2-rc1/arch/x86_64/kernel/ptrace.c Fri Jan 9 07:59:19 2004
++++ linux-2.6.2-rc1-vs0.05.1/arch/x86_64/kernel/ptrace.c Sat Jan 24 06:45:48 2004
+@@ -9,6 +9,7 @@
+
+ #include <linux/kernel.h>
+ #include <linux/sched.h>
++#include <linux/vinline.h>
+ #include <linux/mm.h>
+ #include <linux/smp.h>
+ #include <linux/smp_lock.h>
+@@ -205,7 +206,7 @@ asmlinkage long sys_ptrace(long request,
+ if (child)
+ get_task_struct(child);
+ read_unlock(&tasklist_lock);
+- if (!child)
++ if (!child || !vx_check(vx_task_xid(child), VX_WATCH|VX_IDENT))
+ goto out;
+
+ ret = -EPERM;
+diff -NurpP --minimal linux-2.6.2-rc1/fs/ext2/ialloc.c linux-2.6.2-rc1-vs0.05.1/fs/ext2/ialloc.c
+--- linux-2.6.2-rc1/fs/ext2/ialloc.c Sat Jan 24 03:18:15 2004
++++ linux-2.6.2-rc1-vs0.05.1/fs/ext2/ialloc.c Sat Jan 24 06:14:24 2004
+@@ -581,7 +581,7 @@ got:
+ memset(ei->i_data, 0, sizeof(ei->i_data));
+ ei->i_flags = EXT2_I(dir)->i_flags & ~EXT2_BTREE_FL;
+ if (S_ISLNK(mode))
+- ei->i_flags &= ~(EXT2_IMMUTABLE_FL|EXT2_APPEND_FL);
++ ei->i_flags &= ~(EXT2_IMMUTABLE_FL|EXT2_IUNLINK_FL|EXT2_APPEND_FL);
+ /* dirsync is only applied to directories */
+ if (!S_ISDIR(mode))
+ ei->i_flags &= ~EXT2_DIRSYNC_FL;
+diff -NurpP --minimal linux-2.6.2-rc1/fs/ext2/inode.c linux-2.6.2-rc1-vs0.05.1/fs/ext2/inode.c
+--- linux-2.6.2-rc1/fs/ext2/inode.c Sat Jan 24 03:18:15 2004
++++ linux-2.6.2-rc1-vs0.05.1/fs/ext2/inode.c Sat Jan 24 06:28:27 2004
+@@ -64,6 +64,8 @@ void ext2_put_inode(struct inode *inode)
+ ext2_discard_prealloc(inode);
+ }
+
++static void ext2_truncate_nocheck (struct inode * inode);
++
+ /*
+ * Called at the last iput() if i_nlink is zero.
+ */
+@@ -77,7 +79,7 @@ void ext2_delete_inode (struct inode * i
+
+ inode->i_size = 0;
+ if (inode->i_blocks)
+- ext2_truncate (inode);
++ ext2_truncate_nocheck(inode);
+ ext2_free_inode (inode);
+
+ return;
+@@ -876,7 +878,7 @@ static void ext2_free_branches(struct in
+ ext2_free_data(inode, p, q);
+ }
+
+-void ext2_truncate (struct inode * inode)
++static void ext2_truncate_nocheck(struct inode * inode)
+ {
+ u32 *i_data = EXT2_I(inode)->i_data;
+ int addr_per_block = EXT2_ADDR_PER_BLOCK(inode->i_sb);
+@@ -893,8 +895,6 @@ void ext2_truncate (struct inode * inode
+ return;
+ if (ext2_inode_is_fast_symlink(inode))
+ return;
+- if (IS_APPEND(inode) || IS_IMMUTABLE(inode))
+- return;
+
+ ext2_discard_prealloc(inode);
+
+@@ -1016,17 +1016,26 @@ Egdp:
+ return ERR_PTR(-EIO);
+ }
+
++void ext2_truncate (struct inode * inode)
++{
++ if (IS_APPEND(inode) || IS_IMMUTABLE(inode))
++ return;
++ ext2_truncate_nocheck(inode);
++}
++
+ void ext2_set_inode_flags(struct inode *inode)
+ {
+ unsigned int flags = EXT2_I(inode)->i_flags;
+
+- inode->i_flags &= ~(S_SYNC|S_APPEND|S_IMMUTABLE|S_NOATIME|S_DIRSYNC);
++ inode->i_flags &= ~(S_SYNC|S_APPEND|S_IMMUTABLE|S_IUNLINK|S_NOATIME|S_DIRSYNC);
+ if (flags & EXT2_SYNC_FL)
+ inode->i_flags |= S_SYNC;
+ if (flags & EXT2_APPEND_FL)
+ inode->i_flags |= S_APPEND;
+ if (flags & EXT2_IMMUTABLE_FL)
+ inode->i_flags |= S_IMMUTABLE;
++ if (flags & EXT2_IUNLINK_FL)
++ inode->i_flags |= S_IUNLINK;
+ if (flags & EXT2_NOATIME_FL)
+ inode->i_flags |= S_NOATIME;
+ if (flags & EXT2_DIRSYNC_FL)
+diff -NurpP --minimal linux-2.6.2-rc1/fs/ext3/ialloc.c linux-2.6.2-rc1-vs0.05.1/fs/ext3/ialloc.c
+--- linux-2.6.2-rc1/fs/ext3/ialloc.c Sat Jan 24 03:18:15 2004
++++ linux-2.6.2-rc1-vs0.05.1/fs/ext3/ialloc.c Sat Jan 24 06:14:24 2004
+@@ -569,7 +569,7 @@ got:
+
+ ei->i_flags = EXT3_I(dir)->i_flags & ~EXT3_INDEX_FL;
+ if (S_ISLNK(mode))
+- ei->i_flags &= ~(EXT3_IMMUTABLE_FL|EXT3_APPEND_FL);
++ ei->i_flags &= ~(EXT3_IMMUTABLE_FL|EXT3_IUNLINK_FL|EXT3_APPEND_FL);
+ /* dirsync only applies to directories */
+ if (!S_ISDIR(mode))
+ ei->i_flags &= ~EXT3_DIRSYNC_FL;
+diff -NurpP --minimal linux-2.6.2-rc1/fs/ext3/inode.c linux-2.6.2-rc1-vs0.05.1/fs/ext3/inode.c
+--- linux-2.6.2-rc1/fs/ext3/inode.c Sat Jan 24 03:18:15 2004
++++ linux-2.6.2-rc1-vs0.05.1/fs/ext3/inode.c Sat Jan 24 22:44:56 2004
+@@ -189,6 +189,8 @@ void ext3_put_inode(struct inode *inode)
+ ext3_discard_prealloc(inode);
+ }
+
++static void ext3_truncate_nocheck (struct inode *inode);
++
+ /*
+ * Called at the last iput() if i_nlink is zero.
+ */
+@@ -214,7 +216,7 @@ void ext3_delete_inode (struct inode * i
+ handle->h_sync = 1;
+ inode->i_size = 0;
+ if (inode->i_blocks)
+- ext3_truncate(inode);
++ ext3_truncate_nocheck(inode);
+ /*
+ * Kill off the orphan record which ext3_truncate created.
+ * AKPM: I think this can be inside the above `if'.
+@@ -2114,7 +2116,7 @@ static void ext3_free_branches(handle_t
+ * ext3_truncate() run will find them and release them.
+ */
+
+-void ext3_truncate(struct inode * inode)
++void ext3_truncate_nocheck(struct inode * inode)
+ {
+ handle_t *handle;
+ struct ext3_inode_info *ei = EXT3_I(inode);
+@@ -2135,8 +2137,6 @@ void ext3_truncate(struct inode * inode)
+ return;
+ if (ext3_inode_is_fast_symlink(inode))
+ return;
+- if (IS_APPEND(inode) || IS_IMMUTABLE(inode))
+- return;
+
+ ext3_discard_prealloc(inode);
+
+@@ -2443,17 +2443,26 @@ has_buffer:
+ return 0;
+ }
+
++void ext3_truncate(struct inode * inode)
++{
++ if (IS_APPEND(inode) || IS_IMMUTABLE(inode))
++ return;
++ ext3_truncate_nocheck(inode);
++}
++
+ void ext3_set_inode_flags(struct inode *inode)
+ {
+ unsigned int flags = EXT3_I(inode)->i_flags;
+
+- inode->i_flags &= ~(S_SYNC|S_APPEND|S_IMMUTABLE|S_NOATIME|S_DIRSYNC);
++ inode->i_flags &= ~(S_SYNC|S_APPEND|S_IMMUTABLE|S_IUNLINK|S_NOATIME|S_DIRSYNC);
+ if (flags & EXT3_SYNC_FL)
+ inode->i_flags |= S_SYNC;
+ if (flags & EXT3_APPEND_FL)
+ inode->i_flags |= S_APPEND;
+ if (flags & EXT3_IMMUTABLE_FL)
+ inode->i_flags |= S_IMMUTABLE;
++ if (flags & EXT3_IUNLINK_FL)
++ inode->i_flags |= S_IUNLINK;
+ if (flags & EXT3_NOATIME_FL)
+ inode->i_flags |= S_NOATIME;
+ if (flags & EXT3_DIRSYNC_FL)
+diff -NurpP --minimal linux-2.6.2-rc1/fs/inode.c linux-2.6.2-rc1-vs0.05.1/fs/inode.c
+--- linux-2.6.2-rc1/fs/inode.c Fri Jan 9 08:00:12 2004
++++ linux-2.6.2-rc1-vs0.05.1/fs/inode.c Sat Jan 24 06:23:57 2004
+@@ -131,6 +131,7 @@ static struct inode *alloc_inode(struct
+ inode->i_bdev = NULL;
+ inode->i_cdev = NULL;
+ inode->i_rdev = 0;
++ // inode->i_xid = 0; /* maybe not too wise ... */
+ inode->i_security = NULL;
+ if (security_inode_alloc(inode)) {
+ if (inode->i_sb->s_op->destroy_inode)
+diff -NurpP --minimal linux-2.6.2-rc1/fs/ioctl.c linux-2.6.2-rc1-vs0.05.1/fs/ioctl.c
+--- linux-2.6.2-rc1/fs/ioctl.c Sat Jan 24 03:18:15 2004
++++ linux-2.6.2-rc1-vs0.05.1/fs/ioctl.c Sat Jan 24 07:49:20 2004
+@@ -9,10 +9,15 @@
+ #include <linux/file.h>
+ #include <linux/fs.h>
+ #include <linux/security.h>
++#include <linux/proc_fs.h>
++#include <linux/vserver/inode.h>
+
+ #include <asm/uaccess.h>
+ #include <asm/ioctls.h>
+
++extern int vx_proc_ioctl(struct inode *, struct file *,
++ unsigned int, unsigned long);
++
+ static int file_ioctl(struct file *filp,unsigned int cmd,unsigned long arg)
+ {
+ int error;
+@@ -118,6 +123,12 @@ asmlinkage long sys_ioctl(unsigned int f
+ }
+ else
+ error = -ENOTTY;
++ break;
++ case FIOC_GETXFLG:
++ case FIOC_SETXFLG:
++ error = -ENOTTY;
++ if (filp->f_dentry->d_inode->i_sb->s_magic == PROC_SUPER_MAGIC)
++ error = vx_proc_ioctl(filp->f_dentry->d_inode, filp, cmd, arg);
+ break;
+ default:
+ error = -ENOTTY;
+diff -NurpP --minimal linux-2.6.2-rc1/fs/namei.c linux-2.6.2-rc1-vs0.05.1/fs/namei.c
+--- linux-2.6.2-rc1/fs/namei.c Fri Jan 9 07:59:26 2004
++++ linux-2.6.2-rc1-vs0.05.1/fs/namei.c Sat Jan 24 06:14:24 2004
+@@ -1021,7 +1021,7 @@ static inline int may_delete(struct inod
+ if (IS_APPEND(dir))
+ return -EPERM;
+ if (check_sticky(dir, victim->d_inode)||IS_APPEND(victim->d_inode)||
+- IS_IMMUTABLE(victim->d_inode))
++ IS_IXUNLINK(victim->d_inode))
+ return -EPERM;
+ if (isdir) {
+ if (!S_ISDIR(victim->d_inode->i_mode))
+@@ -1816,7 +1816,7 @@ int vfs_link(struct dentry *old_dentry,
+ /*
+ * A link to an append-only or immutable file cannot be created.
+ */
+- if (IS_APPEND(inode) || IS_IMMUTABLE(inode))
++ if (IS_APPEND(inode) || IS_IXUNLINK(inode))
+ return -EPERM;
+ if (!dir->i_op || !dir->i_op->link)
+ return -EPERM;
+diff -NurpP --minimal linux-2.6.2-rc1/fs/proc/Makefile linux-2.6.2-rc1-vs0.05.1/fs/proc/Makefile
+--- linux-2.6.2-rc1/fs/proc/Makefile Fri Jan 9 07:59:07 2004
++++ linux-2.6.2-rc1-vs0.05.1/fs/proc/Makefile Sat Jan 24 05:45:59 2004
+@@ -8,7 +8,7 @@ proc-y := task_nommu.o
+ proc-$(CONFIG_MMU) := task_mmu.o
+
+ proc-y += inode.o root.o base.o generic.o array.o \
+- kmsg.o proc_tty.o proc_misc.o
++ kmsg.o proc_tty.o proc_misc.o virtual.o
+
+ proc-$(CONFIG_PROC_KCORE) += kcore.o
+ proc-$(CONFIG_PROC_DEVICETREE) += proc_devtree.o
+diff -NurpP --minimal linux-2.6.2-rc1/fs/proc/array.c linux-2.6.2-rc1-vs0.05.1/fs/proc/array.c
+--- linux-2.6.2-rc1/fs/proc/array.c Fri Jan 9 07:59:44 2004
++++ linux-2.6.2-rc1-vs0.05.1/fs/proc/array.c Sat Jan 24 07:01:35 2004
+@@ -73,6 +73,7 @@
+ #include <linux/highmem.h>
+ #include <linux/file.h>
+ #include <linux/times.h>
++#include <linux/vinline.h>
+
+ #include <asm/uaccess.h>
+ #include <asm/pgtable.h>
+@@ -150,8 +151,13 @@ static inline const char * get_task_stat
+ static inline char * task_state(struct task_struct *p, char *buffer)
+ {
+ int g;
+-
++ pid_t ppid;
+ read_lock(&tasklist_lock);
++ ppid = p->real_parent->pid;
++ if (ppid != 0
++ && current->vx_info
++ && current->vx_info->vx_initpid == ppid)
++ ppid = 1;
+ buffer += sprintf(buffer,
+ "State:\t%s\n"
+ "SleepAVG:\t%lu%%\n"
+@@ -164,7 +170,7 @@ static inline char * task_state(struct t
+ get_task_state(p),
+ (p->sleep_avg/1024)*100/(1000000000/1024),
+ p->tgid,
+- p->pid, p->pid ? p->real_parent->pid : 0,
++ p->pid, p->pid ? ppid : 0,
+ p->pid && p->ptrace ? p->parent->pid : 0,
+ p->uid, p->euid, p->suid, p->fsuid,
+ p->gid, p->egid, p->sgid, p->fsgid);
+@@ -263,16 +269,20 @@ static inline char *task_cap(struct task
+ {
+ return buffer + sprintf(buffer, "CapInh:\t%016x\n"
+ "CapPrm:\t%016x\n"
+- "CapEff:\t%016x\n",
++ "CapEff:\t%016x\n"
++ "CapBset:\t%016x\n",
+ cap_t(p->cap_inheritable),
+ cap_t(p->cap_permitted),
+- cap_t(p->cap_effective));
++ cap_t(p->cap_effective),
++ cap_t(p->cap_bset));
+ }
+
+ extern char *task_mem(struct mm_struct *, char *);
+ int proc_pid_status(struct task_struct *task, char * buffer)
+ {
+ char * orig = buffer;
++ struct vx_info *vxi;
++ struct ip_info *ipi;
+ struct mm_struct *mm = get_task_mm(task);
+
+ buffer = task_name(task, buffer);
+@@ -284,6 +294,39 @@ int proc_pid_status(struct task_struct *
+ }
+ buffer = task_sig(task, buffer);
+ buffer = task_cap(task, buffer);
++
++ buffer += sprintf (buffer,"s_context: %d\n", vx_task_xid(task));
++ vxi = task_get_vx_info(task);
++ if (vxi) {
++ buffer += sprintf (buffer,"ctxflags: %d\n"
++ ,vxi->vx_flags);
++ buffer += sprintf (buffer,"initpid: %d\n"
++ ,vxi->vx_initpid);
++ } else {
++ buffer += sprintf (buffer,"ctxflags: none\n");
++ buffer += sprintf (buffer,"initpid: none\n");
++ }
++ put_vx_info(vxi);
++ ipi = task_get_ip_info(task);
++ if (ipi) {
++ int i;
++
++ buffer += sprintf (buffer,"ipv4root:");
++ for (i=0; i<ipi->nbipv4; i++){
++ buffer += sprintf (buffer," %08x/%08x"
++ ,ipi->ipv4[i]
++ ,ipi->mask[i]);
++ }
++ *buffer++ = '\n';
++ buffer += sprintf (buffer,"ipv4root_bcast: %08x\n"
++ ,ipi->v4_bcast);
++ buffer += sprintf (buffer,"ipv4root_refcnt: %d\n"
++ ,atomic_read(&ipi->ip_refcount));
++ } else {
++ buffer += sprintf (buffer,"ipv4root: 0\n");
++ buffer += sprintf (buffer,"ipv4root_bcast: 0\n");
++ }
++ put_ip_info(ipi);
+ #if defined(CONFIG_ARCH_S390)
+ buffer = task_show_regs(task, buffer);
+ #endif
+diff -NurpP --minimal linux-2.6.2-rc1/fs/proc/base.c linux-2.6.2-rc1-vs0.05.1/fs/proc/base.c
+--- linux-2.6.2-rc1/fs/proc/base.c Sat Jan 24 03:18:15 2004
++++ linux-2.6.2-rc1-vs0.05.1/fs/proc/base.c Sat Jan 24 06:29:01 2004
+@@ -32,6 +32,7 @@
+ #include <linux/mount.h>
+ #include <linux/security.h>
+ #include <linux/ptrace.h>
++#include <linux/vinline.h>
+
+ /*
+ * For hysterical raisins we keep the same inumbers as in the old procfs.
+@@ -67,6 +68,7 @@ enum pid_directory_inos {
+ PROC_TGID_ATTR_EXEC,
+ PROC_TGID_ATTR_FSCREATE,
+ #endif
++ PROC_TGID_VINFO,
+ PROC_TGID_FD_DIR,
+ PROC_TID_INO,
+ PROC_TID_STATUS,
+@@ -90,6 +92,7 @@ enum pid_directory_inos {
+ PROC_TID_ATTR_EXEC,
+ PROC_TID_ATTR_FSCREATE,
+ #endif
++ PROC_TID_VINFO,
+ PROC_TID_FD_DIR = 0x8000, /* 0x8000-0xffff */
+ };
+
+@@ -123,6 +126,7 @@ static struct pid_entry tgid_base_stuff[
+ #ifdef CONFIG_KALLSYMS
+ E(PROC_TGID_WCHAN, "wchan", S_IFREG|S_IRUGO),
+ #endif
++ E(PROC_TGID_VINFO, "vinfo", S_IFREG|S_IRUGO),
+ {0,0,NULL,0}
+ };
+ static struct pid_entry tid_base_stuff[] = {
+@@ -145,6 +149,7 @@ static struct pid_entry tid_base_stuff[]
+ #ifdef CONFIG_KALLSYMS
+ E(PROC_TID_WCHAN, "wchan", S_IFREG|S_IRUGO),
+ #endif
++ E(PROC_TID_VINFO, "vinfo", S_IFREG|S_IRUGO),
+ {0,0,NULL,0}
+ };
+
+@@ -181,6 +186,7 @@ int proc_pid_stat(struct task_struct*,ch
+ int proc_pid_status(struct task_struct*,char*);
+ int proc_pid_statm(struct task_struct*,char*);
+ int proc_pid_cpu(struct task_struct*,char*);
++// int proc_pid_vinfo(struct task_struct*,char*);
+
+ static int proc_fd_link(struct inode *inode, struct dentry **dentry, struct vfsmount **mnt)
+ {
+@@ -963,6 +969,7 @@ static struct inode *proc_pid_make_inode
+ inode->i_uid = task->euid;
+ inode->i_gid = task->egid;
+ }
++ // inode->i_xid = vx_task_xid(task);
+ security_task_to_inode(task, inode);
+
+ out:
+@@ -1392,6 +1399,11 @@ static struct dentry *proc_pident_lookup
+ ei->op.proc_read = proc_pid_wchan;
+ break;
+ #endif
++ case PROC_TID_VINFO:
++ case PROC_TGID_VINFO:
++ inode->i_fop = &proc_info_file_operations;
++ ei->op.proc_read = proc_pid_vinfo;
++ break;
+ default:
+ printk("procfs: impossible type (%d)",p->type);
+ iput(inode);
+@@ -1584,6 +1596,10 @@ struct dentry *proc_pid_lookup(struct in
+ if (!task)
+ goto out;
+
++ if (tgid != 1 && !vx_check(vx_task_xid(task), VX_WATCH|VX_IDENT)) {
++ put_task_struct(task);
++ goto out;
++ }
+ inode = proc_pid_make_inode(dir->i_sb, task, PROC_TGID_INO);
+
+
+@@ -1691,6 +1707,10 @@ static int get_tgid_list(int index, unsi
+ for ( ; p != &init_task; p = next_task(p)) {
+ int tgid = p->pid;
+ if (!pid_alive(p))
++ continue;
++ if (tgid != 1 && !vx_check(vx_task_xid(p), VX_WATCH|VX_IDENT))
++ continue;
++ if (current->vx_info && current->vx_info->vx_initpid == tgid)
+ continue;
+ if (--index >= 0)
+ continue;
+diff -NurpP --minimal linux-2.6.2-rc1/fs/proc/generic.c linux-2.6.2-rc1-vs0.05.1/fs/proc/generic.c
+--- linux-2.6.2-rc1/fs/proc/generic.c Fri Jan 9 08:00:12 2004
++++ linux-2.6.2-rc1-vs0.05.1/fs/proc/generic.c Sat Jan 24 05:45:59 2004
+@@ -15,6 +15,7 @@
+ #include <linux/module.h>
+ #include <linux/mount.h>
+ #include <linux/smp_lock.h>
++#include <linux/vinline.h>
+ #include <asm/uaccess.h>
+ #include <asm/bitops.h>
+
+@@ -349,6 +350,8 @@ struct dentry *proc_lookup(struct inode
+ for (de = de->subdir; de ; de = de->next) {
+ if (de->namelen != dentry->d_name.len)
+ continue;
++ if (!vx_weak_check(0, de->vx_flags))
++ continue;
+ if (!memcmp(dentry->d_name.name, de->name, de->namelen)) {
+ int ino = de->low_ino;
+ error = -EINVAL;
+@@ -424,9 +427,12 @@ int proc_readdir(struct file * filp,
+ }
+
+ do {
++ if (!vx_weak_check(0, de->vx_flags))
++ goto skip;
+ if (filldir(dirent, de->name, de->namelen, filp->f_pos,
+ de->low_ino, de->mode >> 12) < 0)
+ goto out;
++ skip:
+ filp->f_pos++;
+ de = de->next;
+ } while (de);
+@@ -538,6 +544,7 @@ static struct proc_dir_entry *proc_creat
+ ent->namelen = len;
+ ent->mode = mode;
+ ent->nlink = nlink;
++ ent->vx_flags = VX_ADMIN;
+ out:
+ return ent;
+ }
+@@ -558,7 +565,8 @@ struct proc_dir_entry *proc_symlink(cons
+ kfree(ent->data);
+ kfree(ent);
+ ent = NULL;
+- }
++ } else
++ ent->vx_flags = 0;
+ } else {
+ kfree(ent);
+ ent = NULL;
+diff -NurpP --minimal linux-2.6.2-rc1/fs/proc/inode.c linux-2.6.2-rc1-vs0.05.1/fs/proc/inode.c
+--- linux-2.6.2-rc1/fs/proc/inode.c Fri Jan 9 08:00:02 2004
++++ linux-2.6.2-rc1-vs0.05.1/fs/proc/inode.c Sat Jan 24 05:45:59 2004
+@@ -207,6 +207,8 @@ printk("proc_iget: using deleted entry %
+ inode->i_uid = de->uid;
+ inode->i_gid = de->gid;
+ }
++ if (de->vx_flags)
++ PROC_I(inode)->vx_flags = de->vx_flags;
+ if (de->size)
+ inode->i_size = de->size;
+ if (de->nlink)
+diff -NurpP --minimal linux-2.6.2-rc1/fs/proc/root.c linux-2.6.2-rc1-vs0.05.1/fs/proc/root.c
+--- linux-2.6.2-rc1/fs/proc/root.c Fri Jan 9 07:59:55 2004
++++ linux-2.6.2-rc1-vs0.05.1/fs/proc/root.c Sat Jan 24 05:45:59 2004
+@@ -23,6 +23,9 @@ struct proc_dir_entry *proc_net, *proc_b
+ #ifdef CONFIG_SYSCTL
+ struct proc_dir_entry *proc_sys_root;
+ #endif
++struct proc_dir_entry *proc_virtual;
++
++extern void proc_vx_init(void);
+
+ static struct super_block *proc_get_sb(struct file_system_type *fs_type,
+ int flags, const char *dev_name, void *data)
+@@ -78,6 +81,7 @@ void __init proc_root_init(void)
+ proc_rtas_init();
+ #endif
+ proc_bus = proc_mkdir("bus", 0);
++ proc_vx_init();
+ }
+
+ static struct dentry *proc_root_lookup(struct inode * dir, struct dentry * dentry, struct nameidata *nd)
+diff -NurpP --minimal linux-2.6.2-rc1/fs/proc/virtual.c linux-2.6.2-rc1-vs0.05.1/fs/proc/virtual.c
+--- linux-2.6.2-rc1/fs/proc/virtual.c Thu Jan 1 01:00:00 1970
++++ linux-2.6.2-rc1-vs0.05.1/fs/proc/virtual.c Sat Jan 24 06:42:17 2004
+@@ -0,0 +1,548 @@
++/*
++ * linux/fs/proc/virtual.c
++ *
++ * Virtual Context Support
++ *
++ * Copyright (C) 2003-2004 Herbert Pötzl
++ *
++ * V0.01 basic structure
++ * V0.02 adaptation vs1.3.0
++ * V0.03 proc permissions
++ * V0.04 locking/generic
++ * V0.05 next generation procfs
++ * V0.06 inode validation
++ *
++ */
++
++#include <asm/uaccess.h>
++
++#include <linux/config.h>
++#include <linux/errno.h>
++#include <linux/proc_fs.h>
++
++#include <linux/vinline.h>
++
++
++static struct proc_dir_entry *proc_virtual;
++
++enum xid_directory_inos {
++ PROC_XID_INO = 32,
++ PROC_XID_INFO,
++ PROC_XID_STATUS,
++ PROC_XID_LIMIT,
++};
++
++
++
++/* first the actual feeds */
++
++
++static int proc_virtual_info(struct vx_info *vxi, char *buffer)
++{
++ return sprintf(buffer,
++ "VCIVersion:\t%04x:%04x\n"
++ ,VCI_VERSION >> 16
++ ,VCI_VERSION & 0xFFFF);
++}
++
++
++int proc_xid_info (struct vx_info *vxi, char *buffer)
++{
++ return sprintf(buffer,
++ "ID:\t%d\n"
++ "Info:\t%p\n"
++ "Init:\t%d\n"
++ ,vxi->vx_id
++ ,vxi
++ ,vxi->vx_initpid);
++}
++
++int proc_xid_status (struct vx_info *vxi, char *buffer)
++{
++ return sprintf(buffer,
++ "RefC:\t%d\n"
++ "Flags:\t%08x\n"
++ "Ticks:\t%d\n"
++ ,atomic_read(&vxi->vx_refcount)
++ ,vxi->vx_flags
++ ,atomic_read(&vxi->limit.ticks));
++}
++
++int proc_xid_limit (struct vx_info *vxi, char *buffer)
++{
++ return sprintf(buffer,
++ "PROC:\t%8d/%ld\n"
++ "VM:\t%8d/%ld\n"
++ "VML:\t%8d/%ld\n"
++ "RSS:\t%8d/%ld\n"
++ ,atomic_read(&vxi->limit.res[RLIMIT_NPROC])
++ ,vxi->limit.rlim[RLIMIT_NPROC]
++ ,atomic_read(&vxi->limit.res[RLIMIT_AS])
++ ,vxi->limit.rlim[RLIMIT_AS]
++ ,atomic_read(&vxi->limit.res[RLIMIT_MEMLOCK])
++ ,vxi->limit.rlim[RLIMIT_MEMLOCK]
++ ,atomic_read(&vxi->limit.res[RLIMIT_RSS])
++ ,vxi->limit.rlim[RLIMIT_RSS]);
++}
++
++
++
++
++/* here the inode helpers */
++
++
++
++#define fake_ino(xid,ino) (((xid)<<16)|(ino))
++
++#define MAX_MULBY10 ((~0U-9)/10)
++
++
++static struct inode *proc_xid_make_inode(struct super_block * sb,
++ struct vx_info *vxi, int ino)
++{
++ struct inode *inode = new_inode(sb);
++ xid_t xid = (vxi)?vxi->vx_id:1;
++
++ if (!inode)
++ goto out;
++
++ inode->i_mtime = inode->i_atime =
++ inode->i_ctime = CURRENT_TIME;
++ inode->i_ino = fake_ino(xid, ino);
++
++ inode->u.generic_ip = vxi; /* reference from above */
++ inode->i_uid = 0;
++ inode->i_gid = 0;
++ // inode->i_xid = xid;
++out:
++ return inode;
++}
++
++void proc_xid_delete_inode(struct inode *inode)
++{
++ struct vx_info *vxi = (struct vx_info *)inode->u.generic_ip;
++
++ if (vxi)
++ put_vx_info(vxi);
++}
++
++static int proc_xid_revalidate(struct dentry * dentry, struct nameidata *nd)
++{
++ struct vx_info *vxi = (struct vx_info *)dentry->d_inode->u.generic_ip;
++
++ if (atomic_read(&vxi->limit.res[RLIMIT_NPROC]))
++ return 1;
++ return 0;
++}
++
++
++
++static int proc_xid_delete_dentry(struct dentry * dentry)
++{
++ return 1;
++}
++
++
++
++#define PROC_BLOCK_SIZE (PAGE_SIZE - 1024)
++
++static ssize_t proc_xid_info_read(struct file * file, char * buf,
++ size_t count, loff_t *ppos)
++{
++ struct inode * inode = file->f_dentry->d_inode;
++ unsigned long page;
++ ssize_t length;
++ ssize_t end;
++ struct vx_info *vxi =
++ (struct vx_info *)inode->u.generic_ip;
++
++ if (count > PROC_BLOCK_SIZE)
++ count = PROC_BLOCK_SIZE;
++ if (!(page = __get_free_page(GFP_KERNEL)))
++ return -ENOMEM;
++
++ length = PROC_I(inode)->op.proc_xid_read(vxi, (char*)page);
++
++ if (length < 0) {
++ free_page(page);
++ return length;
++ }
++ /* Static 4kB (or whatever) block capacity */
++ if (*ppos >= length) {
++ free_page(page);
++ return 0;
++ }
++ if (count + *ppos > length)
++ count = length - *ppos;
++ end = count + *ppos;
++ copy_to_user(buf, (char *) page + *ppos, count);
++ *ppos = end;
++ free_page(page);
++ return count;
++}
++
++
++
++
++
++/* here comes the lower level (xid) */
++
++static struct file_operations proc_xid_info_file_operations = {
++ read: proc_xid_info_read,
++};
++
++
++struct xid_entry {
++ int type;
++ int len;
++ char *name;
++ mode_t mode;
++};
++
++#define E(type,name,mode) {(type),sizeof(name)-1,(name),(mode)}
++
++static struct xid_entry base_stuff[] = {
++ E(PROC_XID_INFO, "info", S_IFREG|S_IRUGO),
++ E(PROC_XID_STATUS, "status", S_IFREG|S_IRUGO),
++ E(PROC_XID_LIMIT, "limit", S_IFREG|S_IRUGO),
++ {0,0,NULL,0}
++};
++
++static struct dentry *proc_xid_lookup(struct inode *dir,
++ struct dentry *dentry, struct nameidata *nd)
++{
++ struct inode *inode;
++ struct vx_info *vxi;
++ struct xid_entry *p;
++ int error;
++
++ error = -ENOENT;
++ inode = NULL;
++
++ for (p = base_stuff; p->name; p++) {
++ if (p->len != dentry->d_name.len)
++ continue;
++ if (!memcmp(dentry->d_name.name, p->name, p->len))
++ break;
++ }
++ if (!p->name)
++ goto out;
++ vxi = get_vx_info((struct vx_info *)dir->u.generic_ip);
++ if (!vxi)
++ goto out;
++
++ error = -EINVAL;
++ inode = proc_xid_make_inode(dir->i_sb, vxi, p->type);
++ if (!inode)
++ goto out_release;
++
++ switch(p->type) {
++ case PROC_XID_INFO:
++ PROC_I(inode)->op.proc_xid_read = proc_xid_info;
++ break;
++ case PROC_XID_STATUS:
++ PROC_I(inode)->op.proc_xid_read = proc_xid_status;
++ break;
++ case PROC_XID_LIMIT:
++ PROC_I(inode)->op.proc_xid_read = proc_xid_limit;
++ break;
++ default:
++ printk("procfs: impossible type (%d)",p->type);
++ iput(inode);
++ return ERR_PTR(-EINVAL);
++ }
++ inode->i_mode = p->mode;
++// inode->i_op = &proc_xid_info_inode_operations;
++ inode->i_fop = &proc_xid_info_file_operations;
++ inode->i_nlink = 1;
++ inode->i_flags|=S_IMMUTABLE;
++
++// dentry->d_op = &proc_xid_dentry_operations;
++ d_add(dentry, inode);
++ return NULL;
++
++out_release:
++ put_vx_info(vxi);
++out:
++ return ERR_PTR(error);
++}
++
++
++static int proc_xid_readdir(struct file * filp,
++ void * dirent, filldir_t filldir)
++{
++ int i, xid;
++ struct inode *inode = filp->f_dentry->d_inode;
++ struct vx_info *vxi = (struct vx_info *)inode->u.generic_ip;
++ struct xid_entry *p;
++
++ xid = vxi->vx_id;
++ i = filp->f_pos;
++ switch (i) {
++ case 0:
++ if (filldir(dirent, ".", 1, i,
++ inode->i_ino, DT_DIR) < 0)
++ return 0;
++ i++;
++ filp->f_pos++;
++ /* fall through */
++ case 1:
++ if (filldir(dirent, "..", 2, i,
++ PROC_ROOT_INO, DT_DIR) < 0)
++ return 0;
++ i++;
++ filp->f_pos++;
++ /* fall through */
++ default:
++ i -= 2;
++ if (i>=sizeof(base_stuff)/sizeof(base_stuff[0]))
++ return 1;
++ p = base_stuff + i;
++ while (p->name) {
++ if (filldir(dirent, p->name, p->len,
++ filp->f_pos, fake_ino(xid, p->type),
++ p->mode >> 12) < 0)
++ return 0;
++ filp->f_pos++;
++ p++;
++ }
++ }
++ return 1;
++}
++
++
++
++
++/* now the upper level (virtual) */
++
++static struct file_operations proc_xid_file_operations = {
++ read: generic_read_dir,
++ readdir: proc_xid_readdir,
++};
++
++static struct inode_operations proc_xid_inode_operations = {
++ lookup: proc_xid_lookup,
++};
++
++static struct dentry_operations proc_xid_dentry_operations =
++{
++ d_revalidate: proc_xid_revalidate,
++ d_delete: proc_xid_delete_dentry,
++};
++
++
++
++struct dentry *proc_virtual_lookup(struct inode *dir,
++ struct dentry * dentry, struct nameidata *nd)
++{
++ int xid, c;
++ struct vx_info *vxi;
++ const char *name;
++ struct inode *inode;
++ int len;
++
++ xid = 0;
++ name = dentry->d_name.name;
++ len = dentry->d_name.len;
++ if (len == 7 && !memcmp(name, "current", 7)) {
++ inode = new_inode(dir->i_sb);
++ if (!inode)
++ return ERR_PTR(-ENOMEM);
++ inode->i_mtime = inode->i_atime =
++ inode->i_ctime = CURRENT_TIME;
++ inode->i_ino = fake_ino(1, PROC_XID_INO);
++ inode->u.generic_ip = NULL;
++ inode->i_mode = S_IFLNK|S_IRWXUGO;
++ inode->i_uid = inode->i_gid = 0;
++ inode->i_size = 64;
++// inode->i_op = &proc_current_inode_operations;
++ d_add(dentry, inode);
++ return NULL;
++ }
++ if (len == 4 && !memcmp(name, "info", 4)) {
++ inode = proc_xid_make_inode(dir->i_sb, NULL, PROC_XID_INFO);
++ if (!inode)
++ return ERR_PTR(-ENOMEM);
++ inode->i_fop = &proc_xid_info_file_operations;
++ PROC_I(inode)->op.proc_xid_read = proc_virtual_info;
++ inode->i_mode = S_IFREG|S_IRUGO;
++// inode->i_size = 64;
++// inode->i_op = &proc_current_inode_operations;
++ d_add(dentry, inode);
++ return NULL;
++ }
++
++ while (len-- > 0) {
++ c = *name - '0';
++ name++;
++ if (c > 9)
++ goto out;
++ if (xid >= MAX_MULBY10)
++ goto out;
++ xid *= 10;
++ xid += c;
++ if (!xid)
++ goto out;
++ }
++
++ vxi = find_vx_info(xid);
++ if (!vxi)
++ goto out;
++
++ inode = NULL;
++ if (vx_check(xid, VX_ADMIN|VX_WATCH|VX_IDENT))
++ inode = proc_xid_make_inode(dir->i_sb,
++ vxi, PROC_XID_INO);
++ if (!inode)
++ goto out_release;
++
++ inode->i_mode = S_IFDIR|S_IRUGO;
++ inode->i_op = &proc_xid_inode_operations;
++ inode->i_fop = &proc_xid_file_operations;
++ inode->i_nlink = 2;
++ inode->i_flags|=S_IMMUTABLE;
++
++ dentry->d_op = &proc_xid_dentry_operations;
++ d_add(dentry, inode);
++ return NULL;
++
++out_release:
++ put_vx_info(vxi);
++out:
++ return ERR_PTR(-ENOENT);
++}
++
++
++
++#define PROC_NUMBUF 10
++#define PROC_MAXXIDS 32
++
++
++static int get_xid_list(int index, unsigned int *xids)
++{
++ struct vx_info *p;
++ int nr_xids = 0;
++
++ index--;
++ spin_lock(&vxlist_lock);
++ list_for_each_entry(p, &vx_infos, vx_list) {
++ int xid = p->vx_id;
++
++ if (--index >= 0)
++ continue;
++ xids[nr_xids] = xid;
++ if (++nr_xids >= PROC_MAXXIDS)
++ break;
++ }
++ spin_unlock(&vxlist_lock);
++ return nr_xids;
++}
++
++int proc_virtual_readdir(struct file * filp,
++ void * dirent, filldir_t filldir)
++{
++ unsigned int xid_array[PROC_MAXXIDS];
++ char buf[PROC_NUMBUF];
++ unsigned int nr = filp->f_pos-3;
++ unsigned int nr_xids, i;
++ ino_t ino;
++
++ switch (filp->f_pos) {
++ case 0:
++ ino = fake_ino(0, PROC_XID_INO);
++ if (filldir(dirent, ".", 1,
++ filp->f_pos, ino, DT_DIR) < 0)
++ return 0;
++ filp->f_pos++;
++ /* fall through */
++ case 1:
++ ino = filp->f_dentry->d_parent->d_inode->i_ino;
++ if (filldir(dirent, "..", 2,
++ filp->f_pos, ino, DT_DIR) < 0)
++ return 0;
++ filp->f_pos++;
++ /* fall through */
++ case 2:
++ ino = fake_ino(0, PROC_XID_INFO);
++ if (filldir(dirent, "info", 4,
++ filp->f_pos, ino, DT_LNK) < 0)
++ return 0;
++ filp->f_pos++;
++ /* fall through */
++ case 3:
++ if (current->xid > 1) {
++ ino = fake_ino(1, PROC_XID_INO);
++ if (filldir(dirent, "current", 7,
++ filp->f_pos, ino, DT_LNK) < 0)
++ return 0;
++ }
++ filp->f_pos++;
++ default:
++ }
++
++ nr_xids = get_xid_list(nr, xid_array);
++
++ for (i = 0; i < nr_xids; i++) {
++ int xid = xid_array[i];
++ ino_t ino = fake_ino(xid, PROC_XID_INO);
++ unsigned long j = PROC_NUMBUF;
++
++ do buf[--j] = '0' + (xid % 10); while (xid/=10);
++
++ if (filldir(dirent, buf+j, PROC_NUMBUF-j,
++ filp->f_pos, ino, DT_DIR) < 0)
++ break;
++ filp->f_pos++;
++ }
++ return 0;
++}
++
++
++static struct file_operations proc_virtual_dir_operations = {
++ read: generic_read_dir,
++ readdir: proc_virtual_readdir,
++};
++
++static struct inode_operations proc_virtual_dir_inode_operations = {
++ lookup: proc_virtual_lookup,
++};
++
++
++
++
++
++
++
++void proc_vx_init(void)
++{
++ struct proc_dir_entry *ent;
++
++ ent = proc_mkdir("virtual", 0);
++ if (ent) {
++ ent->proc_fops = &proc_virtual_dir_operations;
++ ent->proc_iops = &proc_virtual_dir_inode_operations;
++ }
++ proc_virtual = ent;
++}
++
++
++
++
++/* per pid info */
++
++
++char *task_vinfo(struct task_struct *p, char *buffer)
++{
++ return buffer + sprintf(buffer,
++ "XID:\t%d\n"
++ ,p->xid);
++}
++
++int proc_pid_vinfo(struct task_struct *p, char *buffer)
++{
++ char * orig = buffer;
++
++ buffer = task_vinfo(p, buffer);
++ return buffer - orig;
++}
++
+diff -NurpP --minimal linux-2.6.2-rc1/fs/proc/virtual_old.c linux-2.6.2-rc1-vs0.05.1/fs/proc/virtual_old.c
+--- linux-2.6.2-rc1/fs/proc/virtual_old.c Thu Jan 1 01:00:00 1970
++++ linux-2.6.2-rc1-vs0.05.1/fs/proc/virtual_old.c Sat Jan 24 05:45:59 2004
+@@ -0,0 +1,179 @@
++/*
++ * linux/fs/proc/virtual.c
++ *
++ * Virtual Context ProcFS Support
++ *
++ * Copyright (C) 2003 Herbert Pötzl
++ *
++ * V0.01 basic directory array
++ * V0.02 per context info & stat
++ * V0.03 proc permissions
++ *
++ */
++
++#include <asm/uaccess.h>
++
++#include <linux/config.h>
++#include <linux/errno.h>
++#include <linux/proc_fs.h>
++
++#include <linux/init.h>
++#include <linux/vswitch.h>
++#include <linux/vinline.h>
++
++
++extern struct proc_dir_entry *proc_virtual;
++static struct proc_dir_entry *proc_virtual_info;
++
++
++char *task_vinfo(struct task_struct *p, char *buffer)
++{
++ return buffer + sprintf(buffer,
++ "VxID:\t%d\n"
++ ,p->vx_id);
++}
++
++int proc_pid_vinfo(struct task_struct *p, char *buffer)
++{
++ char * orig = buffer;
++
++ buffer = task_vinfo(p, buffer);
++ return buffer - orig;
++}
++
++
++static int __generic_info_read_func(char *page, char **start,
++ off_t off, int count, int *eof, void *data,
++ char *(*info_func)(void *, char *))
++{
++ int len;
++ char *buffer = page;
++
++ buffer = info_func(data, buffer);
++
++ len = buffer-page;
++ if (len <= off+count) *eof = 1;
++
++ *start = page + off;
++ len -= off;
++ if (len>count) len = count;
++ if (len<0) len = 0;
++ return len;
++}
++
++char *vx_proc_info (void *data, char *buffer)
++{
++ struct vx_info *vxi = data;
++ buffer += sprintf(buffer,
++ "VxID:\t%d\n"
++ "Info:\t%p\n"
++ "Init:\t%d\n"
++ ,vxi->vx_id
++ ,vxi
++ ,vxi->vx_initpid);
++ return buffer;
++}
++
++int vx_info_read_func (char *page, char **start,
++ off_t off, int count, int *eof, void *data)
++{
++ return __generic_info_read_func(page, start,
++ off, count, eof, data, vx_proc_info);
++}
++
++char *vx_proc_status (void *data, char *buffer)
++{
++ struct vx_info *vxi = data;
++ buffer += sprintf(buffer,
++ "RefC:\t%d\n"
++ "Flags:\t%08x\n"
++ "Ticks:\t%d\n"
++ ,atomic_read(&vxi->vx_refcount)
++ ,vxi->vx_flags
++ ,atomic_read(&vxi->limit.ticks));
++ return buffer;
++}
++
++int vx_status_read_func (char *page, char **start,
++ off_t off, int count, int *eof, void *data)
++{
++ return __generic_info_read_func(page, start,
++ off, count, eof, data, vx_proc_status);
++}
++
++
++static int vx_proc_permission(struct inode *inode,
++ int mask, struct nameidata *nd)
++{
++ vxdprintk("vx_proc_permission(%p) = #%d,%04x\n",
++ inode, inode->i_xid, PROC_I(inode)->vx_flags);
++ if (vx_check(inode->i_xid, PROC_I(inode)->vx_flags))
++ return 0;
++ vxdprintk("vx_proc_permission(%p) #%d != #%d\n",
++ inode, inode->i_xid, vx_current_id());
++ return -ENOENT;
++}
++
++static struct inode_operations vx_proc_inode_operations = {
++ .lookup = proc_lookup,
++ .permission = vx_proc_permission,
++};
++
++
++int vx_proc_create(struct vx_info *vxi)
++{
++ struct proc_dir_entry *entry, *sub;
++ char name[8];
++
++ snprintf(name, sizeof(name)-1, "%d", vxi->vx_id);
++ entry = create_proc_entry(name,
++ S_IFDIR|S_IXUGO, proc_virtual);
++ entry->vx_flags = VX_ADMIN|VX_WATCH|VX_IDENT;
++ entry->xid = vxi->vx_id;
++ entry->proc_iops = &vx_proc_inode_operations;
++ vxi->vx_procent = entry;
++ sub = create_proc_read_entry("info",
++ S_IFREG|S_IRUGO|S_IWUSR,
++ entry, vx_info_read_func, vxi);
++ sub = create_proc_read_entry("status",
++ S_IFREG|S_IRUGO|S_IWUSR,
++ entry, vx_status_read_func, vxi);
++ return 0;
++}
++
++int vx_proc_destroy(struct vx_info *vxi)
++{
++ struct proc_dir_entry *entry = vxi->vx_procent;
++ if (!entry)
++ return 0;
++ remove_proc_entry(entry->name, proc_virtual);
++ vxi->vx_procent = NULL;
++ return 0;
++}
++
++char *vs_proc_info(void *data, char *buffer)
++{
++ buffer += sprintf(buffer,
++ "VCIVersion:\t%04x:%04x\n"
++ ,VCI_VERSION >> 16
++ ,VCI_VERSION & 0xFFFF);
++ return buffer;
++}
++
++int vs_info_read_func(char *page, char **start,
++ off_t off, int count, int *eof, void *data)
++{
++ return __generic_info_read_func(page, start,
++ off, count, eof, data, vs_proc_info);
++}
++
++
++static int __init virtual_proc_init(void)
++{
++ proc_virtual_info = create_proc_read_entry("info",
++ S_IFREG|S_IRUGO|S_IWUSR,
++ proc_virtual, vs_info_read_func, NULL);
++ return 0;
++}
++
++__initcall(virtual_proc_init);
+diff -NurpP --minimal linux-2.6.2-rc1/fs/reiserfs/ioctl.c linux-2.6.2-rc1-vs0.05.1/fs/reiserfs/ioctl.c
+--- linux-2.6.2-rc1/fs/reiserfs/ioctl.c Fri Jan 9 07:59:26 2004
++++ linux-2.6.2-rc1-vs0.05.1/fs/reiserfs/ioctl.c Sat Jan 24 06:14:24 2004
+@@ -47,7 +47,8 @@ int reiserfs_ioctl (struct inode * inode
+ if (get_user(flags, (int *) arg))
+ return -EFAULT;
+
+- if ( ( ( flags ^ REISERFS_I(inode) -> i_attrs) & ( REISERFS_IMMUTABLE_FL | REISERFS_APPEND_FL)) &&
++ if ( ( ( flags ^ REISERFS_I(inode) -> i_attrs) &
++ ( REISERFS_IMMUTABLE_FL | REISERFS_IUNLINK_FL | REISERFS_APPEND_FL)) &&
+ !capable( CAP_LINUX_IMMUTABLE ) )
+ return -EPERM;
+
+diff -NurpP --minimal linux-2.6.2-rc1/include/asm-alpha/unistd.h linux-2.6.2-rc1-vs0.05.1/include/asm-alpha/unistd.h
+--- linux-2.6.2-rc1/include/asm-alpha/unistd.h Fri Jan 9 07:59:26 2004
++++ linux-2.6.2-rc1-vs0.05.1/include/asm-alpha/unistd.h Sat Jan 24 06:45:48 2004
+@@ -233,6 +233,7 @@
+ #define __NR_osf_memcntl 260 /* not implemented */
+ #define __NR_osf_fdatasync 261 /* not implemented */
+
++#define __NR_vserver 273
+
+ /*
+ * Linux-specific system calls begin at 300
+diff -NurpP --minimal linux-2.6.2-rc1/include/asm-m68k/unistd.h linux-2.6.2-rc1-vs0.05.1/include/asm-m68k/unistd.h
+--- linux-2.6.2-rc1/include/asm-m68k/unistd.h Fri Jan 9 07:59:33 2004
++++ linux-2.6.2-rc1-vs0.05.1/include/asm-m68k/unistd.h Sat Jan 24 06:45:48 2004
+@@ -239,7 +239,9 @@
+ #define __NR_fremovexattr 234
+ #define __NR_futex 235
+
+-#define NR_syscalls 236
++#define __NR_vserver 273
++
++#define NR_syscalls 274
+
+ /* user-visible error numbers are in the range -1 - -124: see
+ <asm-m68k/errno.h> */
+diff -NurpP --minimal linux-2.6.2-rc1/include/asm-m68knommu/unistd.h linux-2.6.2-rc1-vs0.05.1/include/asm-m68knommu/unistd.h
+--- linux-2.6.2-rc1/include/asm-m68knommu/unistd.h Fri Jan 9 07:59:41 2004
++++ linux-2.6.2-rc1-vs0.05.1/include/asm-m68knommu/unistd.h Sat Jan 24 06:45:48 2004
+@@ -221,7 +221,9 @@
+ #define __NR_setfsuid32 215
+ #define __NR_setfsgid32 216
+
+-#define NR_syscalls 256
++#define __NR_vserver 273
++
++#define NR_syscalls 274
+
+ /* user-visible error numbers are in the range -1 - -122: see
+ <asm-m68k/errno.h> */
+diff -NurpP --minimal linux-2.6.2-rc1/include/asm-mips/unistd.h linux-2.6.2-rc1-vs0.05.1/include/asm-mips/unistd.h
+--- linux-2.6.2-rc1/include/asm-mips/unistd.h Fri Jan 9 07:59:05 2004
++++ linux-2.6.2-rc1-vs0.05.1/include/asm-mips/unistd.h Sat Jan 24 06:45:48 2004
+@@ -289,10 +289,12 @@
+ #define __NR_tgkill (__NR_Linux + 266)
+ #define __NR_utimes (__NR_Linux + 267)
+
++#define __NR_vserver (__NR_Linux + 273)
++
+ /*
+ * Offset of the last Linux o32 flavoured syscall
+ */
+-#define __NR_Linux_syscalls 267
++#define __NR_Linux_syscalls 273
+
+ #endif /* _MIPS_SIM == _MIPS_SIM_ABI32 */
+
+diff -NurpP --minimal linux-2.6.2-rc1/include/asm-parisc/unistd.h linux-2.6.2-rc1-vs0.05.1/include/asm-parisc/unistd.h
+--- linux-2.6.2-rc1/include/asm-parisc/unistd.h Fri Jan 9 07:59:03 2004
++++ linux-2.6.2-rc1-vs0.05.1/include/asm-parisc/unistd.h Sat Jan 24 06:45:48 2004
+@@ -722,8 +722,9 @@
+ #define __NR_remap_file_pages (__NR_Linux + 227)
+ #define __NR_semtimedop (__NR_Linux + 228)
+
++#define __NR_vserver (__NR_Linux + 273)
+
+-#define __NR_Linux_syscalls 228
++#define __NR_Linux_syscalls 273
+
+ #define HPUX_GATEWAY_ADDR 0xC0000004
+ #define LINUX_GATEWAY_ADDR 0x100
+diff -NurpP --minimal linux-2.6.2-rc1/include/asm-ppc/unistd.h linux-2.6.2-rc1-vs0.05.1/include/asm-ppc/unistd.h
+--- linux-2.6.2-rc1/include/asm-ppc/unistd.h Sat Jan 24 03:18:18 2004
++++ linux-2.6.2-rc1-vs0.05.1/include/asm-ppc/unistd.h Sat Jan 24 06:45:48 2004
+@@ -261,7 +261,9 @@
+ #define __NR_fadvise64_64 254
+ #define __NR_rtas 255
+
+-#define __NR_syscalls 256
++#define __NR_vserver 273
++
++#define __NR_syscalls 274
+
+ #define __NR(n) #n
+
+diff -NurpP --minimal linux-2.6.2-rc1/include/asm-ppc64/unistd.h linux-2.6.2-rc1-vs0.05.1/include/asm-ppc64/unistd.h
+--- linux-2.6.2-rc1/include/asm-ppc64/unistd.h Sat Jan 24 03:18:18 2004
++++ linux-2.6.2-rc1-vs0.05.1/include/asm-ppc64/unistd.h Sat Jan 24 06:45:48 2004
+@@ -267,7 +267,9 @@
+ #define __NR_fadvise64_64 254
+ #define __NR_rtas 255
+
+-#define __NR_syscalls 256
++#define __NR_vserver 273
++
++#define __NR_syscalls 274
+ #ifdef __KERNEL__
+ #define NR_syscalls __NR_syscalls
+ #endif
+diff -NurpP --minimal linux-2.6.2-rc1/include/asm-s390/unistd.h linux-2.6.2-rc1-vs0.05.1/include/asm-s390/unistd.h
+--- linux-2.6.2-rc1/include/asm-s390/unistd.h Sat Jan 24 03:18:18 2004
++++ linux-2.6.2-rc1-vs0.05.1/include/asm-s390/unistd.h Sat Jan 24 06:45:48 2004
+@@ -256,9 +256,7 @@
+ #define __NR_clock_gettime (__NR_timer_create+6)
+ #define __NR_clock_getres (__NR_timer_create+7)
+ #define __NR_clock_nanosleep (__NR_timer_create+8)
+-/*
+- * Number 263 is reserved for vserver
+- */
++#define __NR_vserver 263
+ #define __NR_fadvise64_64 264
+
+ #define NR_syscalls 265
+diff -NurpP --minimal linux-2.6.2-rc1/include/asm-sparc/unistd.h linux-2.6.2-rc1-vs0.05.1/include/asm-sparc/unistd.h
+--- linux-2.6.2-rc1/include/asm-sparc/unistd.h Fri Jan 9 07:59:08 2004
++++ linux-2.6.2-rc1-vs0.05.1/include/asm-sparc/unistd.h Sat Jan 24 06:45:48 2004
+@@ -283,7 +283,7 @@
+ #define __NR_timer_getoverrun 264
+ #define __NR_timer_delete 265
+ #define __NR_timer_create 266
+-/* #define __NR_vserver 267 Reserved for VSERVER */
++#define __NR_vserver 267
+ #define __NR_io_setup 268
+ #define __NR_io_destroy 268
+ #define __NR_io_submit 269
+diff -NurpP --minimal linux-2.6.2-rc1/include/asm-sparc64/unistd.h linux-2.6.2-rc1-vs0.05.1/include/asm-sparc64/unistd.h
+--- linux-2.6.2-rc1/include/asm-sparc64/unistd.h Fri Jan 9 07:59:10 2004
++++ linux-2.6.2-rc1-vs0.05.1/include/asm-sparc64/unistd.h Sat Jan 24 06:45:48 2004
+@@ -285,7 +285,7 @@
+ #define __NR_timer_getoverrun 264
+ #define __NR_timer_delete 265
+ #define __NR_timer_create 266
+-/* #define __NR_vserver 267 Reserved for VSERVER */
++#define __NR_vserver 267
+ #define __NR_io_setup 268
+ #define __NR_io_destroy 268
+ #define __NR_io_submit 269
+diff -NurpP --minimal linux-2.6.2-rc1/include/asm-x86_64/ia32_unistd.h linux-2.6.2-rc1-vs0.05.1/include/asm-x86_64/ia32_unistd.h
+--- linux-2.6.2-rc1/include/asm-x86_64/ia32_unistd.h Fri Jan 9 07:59:45 2004
++++ linux-2.6.2-rc1-vs0.05.1/include/asm-x86_64/ia32_unistd.h Sat Jan 24 06:45:48 2004
+@@ -278,6 +278,7 @@
+ #define __NR_ia32_tgkill 270
+ #define __NR_ia32_utimes 271
+ #define __NR_ia32_fadvise64_64 272
++#define __NR_ia32_vserver 273
+
+ #define IA32_NR_syscalls 275 /* must be > than biggest syscall! */
+
+diff -NurpP --minimal linux-2.6.2-rc1/include/linux/capability.h linux-2.6.2-rc1-vs0.05.1/include/linux/capability.h
+--- linux-2.6.2-rc1/include/linux/capability.h Fri Jan 9 07:59:19 2004
++++ linux-2.6.2-rc1-vs0.05.1/include/linux/capability.h Sat Jan 24 06:21:35 2004
+@@ -235,6 +235,7 @@ typedef __u32 kernel_cap_t;
+ /* Allow enabling/disabling tagged queuing on SCSI controllers and sending
+ arbitrary SCSI commands */
+ /* Allow setting encryption key on loopback filesystem */
++/* Allow the selection of a security context */
+
+ #define CAP_SYS_ADMIN 21
+
+@@ -283,6 +284,15 @@ typedef __u32 kernel_cap_t;
+ /* Allow taking of leases on files */
+
+ #define CAP_LEASE 28
++
++/* Allow quotactl */
++
++#define CAP_QUOTACTL 29
++
++/* Allow context manipulations */
++/* Allow changing context info on files */
++
++#define CAP_CONTEXT 30
+
+ #ifdef __KERNEL__
+ /*
+diff -NurpP --minimal linux-2.6.2-rc1/include/linux/ext2_fs.h linux-2.6.2-rc1-vs0.05.1/include/linux/ext2_fs.h
+--- linux-2.6.2-rc1/include/linux/ext2_fs.h Fri Jan 9 07:59:09 2004
++++ linux-2.6.2-rc1-vs0.05.1/include/linux/ext2_fs.h Sat Jan 24 06:14:24 2004
+@@ -192,10 +192,12 @@ struct ext2_group_desc
+ #define EXT2_NOTAIL_FL 0x00008000 /* file tail should not be merged */
+ #define EXT2_DIRSYNC_FL 0x00010000 /* dirsync behaviour (directories only) */
+ #define EXT2_TOPDIR_FL 0x00020000 /* Top of directory hierarchies*/
++#define EXT2_BARRIER_FL 0x04000000 /* chroot barrier */
++#define EXT2_IUNLINK_FL 0x08000000 /* Immutable unlink */
+ #define EXT2_RESERVED_FL 0x80000000 /* reserved for ext2 lib */
+
+-#define EXT2_FL_USER_VISIBLE 0x0003DFFF /* User visible flags */
+-#define EXT2_FL_USER_MODIFIABLE 0x000380FF /* User modifiable flags */
++#define EXT2_FL_USER_VISIBLE 0x0c03DFFF /* User visible flags */
++#define EXT2_FL_USER_MODIFIABLE 0x0c0380FF /* User modifiable flags */
+
+ /*
+ * ioctl commands
+diff -NurpP --minimal linux-2.6.2-rc1/include/linux/ext3_fs.h linux-2.6.2-rc1-vs0.05.1/include/linux/ext3_fs.h
+--- linux-2.6.2-rc1/include/linux/ext3_fs.h Fri Jan 9 07:59:44 2004
++++ linux-2.6.2-rc1-vs0.05.1/include/linux/ext3_fs.h Sat Jan 24 06:14:24 2004
+@@ -185,10 +185,12 @@ struct ext3_group_desc
+ #define EXT3_NOTAIL_FL 0x00008000 /* file tail should not be merged */
+ #define EXT3_DIRSYNC_FL 0x00010000 /* dirsync behaviour (directories only) */
+ #define EXT3_TOPDIR_FL 0x00020000 /* Top of directory hierarchies*/
++#define EXT3_BARRIER_FL 0x04000000 /* chroot barrier */
++#define EXT3_IUNLINK_FL 0x08000000 /* Immutable unlink */
+ #define EXT3_RESERVED_FL 0x80000000 /* reserved for ext3 lib */
+
+-#define EXT3_FL_USER_VISIBLE 0x0003DFFF /* User visible flags */
+-#define EXT3_FL_USER_MODIFIABLE 0x000380FF /* User modifiable flags */
++#define EXT3_FL_USER_VISIBLE 0x0c03DFFF /* User visible flags */
++#define EXT3_FL_USER_MODIFIABLE 0x0c0380FF /* User modifiable flags */
+
+ /*
+ * Inode dynamic state flags
+diff -NurpP --minimal linux-2.6.2-rc1/include/linux/fs.h linux-2.6.2-rc1-vs0.05.1/include/linux/fs.h
+--- linux-2.6.2-rc1/include/linux/fs.h Sat Jan 24 03:18:19 2004
++++ linux-2.6.2-rc1-vs0.05.1/include/linux/fs.h Sat Jan 24 06:18:09 2004
+@@ -2,9 +2,9 @@
+ #define _LINUX_FS_H
+
+ /*
+- * This file has definitions for some important file table
+- * structures etc.
+- */
++* This file has definitions for some important file table
++* structures etc.
++*/
+
+ #include <linux/config.h>
+ #include <linux/linkage.h>
+@@ -30,14 +30,14 @@ struct vm_area_struct;
+ struct vfsmount;
+
+ /*
+- * It's silly to have NR_OPEN bigger than NR_FILE, but you can change
+- * the file limit at runtime and only root can increase the per-process
+- * nr_file rlimit, so it's safe to set up a ridiculously high absolute
+- * upper limit on files-per-process.
+- *
+- * Some programs (notably those using select()) may have to be
+- * recompiled to take full advantage of the new limits..
+- */
++* It's silly to have NR_OPEN bigger than NR_FILE, but you can change
++* the file limit at runtime and only root can increase the per-process
++* nr_file rlimit, so it's safe to set up a ridiculously high absolute
++* upper limit on files-per-process.
++*
++* Some programs (notably those using select()) may have to be
++* recompiled to take full advantage of the new limits..
++*/
+
+ /* Fixed constants first: */
+ #undef NR_OPEN
+@@ -49,16 +49,16 @@ struct vfsmount;
+
+ /* And dynamically-tunable limits and defaults: */
+ struct files_stat_struct {
+- int nr_files; /* read only */
+- int nr_free_files; /* read only */
+- int max_files; /* tunable */
++int nr_files; /* read only */
++int nr_free_files; /* read only */
++int max_files; /* tunable */
+ };
+ extern struct files_stat_struct files_stat;
+
+ struct inodes_stat_t {
+- int nr_inodes;
+- int nr_unused;
+- int dummy[5];
++int nr_inodes;
++int nr_unused;
++int dummy[5];
+ };
+ extern struct inodes_stat_t inodes_stat;
+
+@@ -91,11 +91,11 @@ extern int leases_enable, dir_notify_ena
+ #define FS_REQUIRES_DEV 1
+ #define FS_REVAL_DOT 16384 /* Check the paths ".", ".." for staleness */
+ #define FS_ODD_RENAME 32768 /* Temporary stuff; will go away as soon
+- * as nfs_rename() will be cleaned up
+- */
++ * as nfs_rename() will be cleaned up
++ */
+ /*
+- * These are the fs-independent mount-flags: up to 32 flags are supported
+- */
++* These are the fs-independent mount-flags: up to 32 flags are supported
++*/
+ #define MS_RDONLY 1 /* Mount read-only */
+ #define MS_NOSUID 2 /* Ignore suid and sgid bits */
+ #define MS_NODEV 4 /* Disallow access to device special files */
+@@ -116,14 +116,14 @@ extern int leases_enable, dir_notify_ena
+ #define MS_NOUSER (1<<31)
+
+ /*
+- * Superblock flags that can be altered by MS_REMOUNT
+- */
++* Superblock flags that can be altered by MS_REMOUNT
++*/
+ #define MS_RMT_MASK (MS_RDONLY|MS_SYNCHRONOUS|MS_MANDLOCK|MS_NOATIME|\
+- MS_NODIRATIME)
++ MS_NODIRATIME)
+
+ /*
+- * Old magic mount flag and mask
+- */
++* Old magic mount flag and mask
++*/
+ #define MS_MGC_VAL 0xC0ED0000
+ #define MS_MGC_MSK 0xffff0000
+
+@@ -137,6 +137,8 @@ extern int leases_enable, dir_notify_ena
+ #define S_DEAD 32 /* removed, but still open directory */
+ #define S_NOQUOTA 64 /* Inode is not counted to quota */
+ #define S_DIRSYNC 128 /* Directory modifications are synchronous */
++#define S_BARRIER 256 /* chroot barrier */
++#define S_IUNLINK 512 /* Immutable unlink */
+
+ /*
+ * Note that nosuid etc flags are inode-specific: setting some file-system
+@@ -164,11 +166,14 @@ extern int leases_enable, dir_notify_ena
+ #define IS_NOQUOTA(inode) ((inode)->i_flags & S_NOQUOTA)
+ #define IS_APPEND(inode) ((inode)->i_flags & S_APPEND)
+ #define IS_IMMUTABLE(inode) ((inode)->i_flags & S_IMMUTABLE)
++#define IS_IUNLINK(inode) ((inode)->i_flags & S_IUNLINK)
++#define IS_IXUNLINK(inode) ((IS_IUNLINK(inode) ? S_IMMUTABLE : 0) ^ IS_IMMUTABLE(inode))
+ #define IS_NOATIME(inode) (__IS_FLG(inode, MS_NOATIME) || ((inode)->i_flags & S_NOATIME))
+ #define IS_NODIRATIME(inode) __IS_FLG(inode, MS_NODIRATIME)
+ #define IS_POSIXACL(inode) __IS_FLG(inode, MS_POSIXACL)
+ #define IS_ONE_SECOND(inode) __IS_FLG(inode, MS_ONE_SECOND)
+
++#define IS_BARRIER(inode) ((inode)->i_flags & S_BARRIER)
+ #define IS_DEADDIR(inode) ((inode)->i_flags & S_DEAD)
+
+ /* the read-only stuff doesn't really belong here, but any other place is
+diff -NurpP --minimal linux-2.6.2-rc1/include/linux/init_task.h linux-2.6.2-rc1-vs0.05.1/include/linux/init_task.h
+--- linux-2.6.2-rc1/include/linux/init_task.h Fri Jan 9 07:59:08 2004
++++ linux-2.6.2-rc1-vs0.05.1/include/linux/init_task.h Sat Jan 24 07:24:16 2004
+@@ -108,6 +108,10 @@
+ .proc_lock = SPIN_LOCK_UNLOCKED, \
+ .switch_lock = SPIN_LOCK_UNLOCKED, \
+ .journal_info = NULL, \
++ .cap_bset = CAP_INIT_EFF_SET, \
++ .xid = 0, \
++ .vx_info = NULL, \
++ .ip_info = NULL, \
+ }
+
+
+diff -NurpP --minimal linux-2.6.2-rc1/include/linux/ip.h linux-2.6.2-rc1-vs0.05.1/include/linux/ip.h
+--- linux-2.6.2-rc1/include/linux/ip.h Fri Jan 9 07:59:19 2004
++++ linux-2.6.2-rc1-vs0.05.1/include/linux/ip.h Sat Jan 24 05:46:08 2004
+@@ -111,9 +111,11 @@ struct inet_opt {
+ /* Socket demultiplex comparisons on incoming packets. */
+ __u32 daddr; /* Foreign IPv4 addr */
+ __u32 rcv_saddr; /* Bound local IPv4 addr */
++ __u32 rcv_saddr2; /* Second bound ipv4 addr, for ipv4root */
+ __u16 dport; /* Destination port */
+ __u16 num; /* Local port */
+ __u32 saddr; /* Sending source */
++// __u32 saddr2; /* Second bound ipv4 addr, for ipv4root */
+ int uc_ttl; /* Unicast TTL */
+ int tos; /* TOS */
+ unsigned cmsg_flags;
+diff -NurpP --minimal linux-2.6.2-rc1/include/linux/proc_fs.h linux-2.6.2-rc1-vs0.05.1/include/linux/proc_fs.h
+--- linux-2.6.2-rc1/include/linux/proc_fs.h Sat Jan 24 03:18:19 2004
++++ linux-2.6.2-rc1-vs0.05.1/include/linux/proc_fs.h Sat Jan 24 05:45:59 2004
+@@ -60,6 +60,7 @@ struct proc_dir_entry {
+ nlink_t nlink;
+ uid_t uid;
+ gid_t gid;
++ int vx_flags;
+ unsigned long size;
+ struct inode_operations * proc_iops;
+ struct file_operations * proc_fops;
+@@ -237,12 +238,16 @@ extern void kclist_add(struct kcore_list
+ extern struct kcore_list *kclist_del(void *);
+ #endif
+
++struct vx_info;
++
+ struct proc_inode {
+ struct task_struct *task;
+ int type;
++ int vx_flags;
+ union {
+ int (*proc_get_link)(struct inode *, struct dentry **, struct vfsmount **);
+ int (*proc_read)(struct task_struct *task, char *page);
++ int (*proc_xid_read)(struct vx_info *vxi, char *page);
+ } op;
+ struct proc_dir_entry *pde;
+ struct inode vfs_inode;
+diff -NurpP --minimal linux-2.6.2-rc1/include/linux/reiserfs_fs.h linux-2.6.2-rc1-vs0.05.1/include/linux/reiserfs_fs.h
+--- linux-2.6.2-rc1/include/linux/reiserfs_fs.h Fri Jan 9 08:00:02 2004
++++ linux-2.6.2-rc1-vs0.05.1/include/linux/reiserfs_fs.h Sat Jan 24 22:45:38 2004
+@@ -879,6 +879,8 @@ struct stat_data_v1
+ /* we want common flags to have the same values as in ext2,
+ so chattr(1) will work without problems */
+ #define REISERFS_IMMUTABLE_FL EXT2_IMMUTABLE_FL
++#define REISERFS_IUNLINK_FL EXT2_IUNLINK_FL
++#define REISERFS_BARRIER_FL EXT2_BARRIER_FL
+ #define REISERFS_APPEND_FL EXT2_APPEND_FL
+ #define REISERFS_SYNC_FL EXT2_SYNC_FL
+ #define REISERFS_NOATIME_FL EXT2_NOATIME_FL
+@@ -890,6 +892,7 @@ struct stat_data_v1
+
+ /* persistent flags that file inherits from the parent directory */
+ #define REISERFS_INHERIT_MASK ( REISERFS_IMMUTABLE_FL | \
++ REISERFS_IUNLINK_FL | \
+ REISERFS_SYNC_FL | \
+ REISERFS_NOATIME_FL | \
+ REISERFS_NODUMP_FL | \
+diff -NurpP --minimal linux-2.6.2-rc1/include/linux/sched.h linux-2.6.2-rc1-vs0.05.1/include/linux/sched.h
+--- linux-2.6.2-rc1/include/linux/sched.h Sat Jan 24 03:18:19 2004
++++ linux-2.6.2-rc1-vs0.05.1/include/linux/sched.h Sat Jan 24 05:57:44 2004
+@@ -102,6 +102,7 @@ extern unsigned long nr_iowait(void);
+ #include <linux/timer.h>
+
+ #include <asm/processor.h>
++#include <linux/vserver/context.h>
+
+ #define TASK_RUNNING 0
+ #define TASK_INTERRUPTIBLE 1
+@@ -296,9 +297,10 @@ struct user_struct {
+ /* Hash table maintenance information */
+ struct list_head uidhash_list;
+ uid_t uid;
++ int vx_id;
+ };
+
+-extern struct user_struct *find_user(uid_t);
++extern struct user_struct *find_user(xid_t, uid_t);
+
+ extern struct user_struct root_user;
+ #define INIT_USER (&root_user)
+@@ -440,6 +442,12 @@ struct task_struct {
+
+ void *security;
+
++/* vserver data */
++ kernel_cap_t cap_bset;
++ xid_t xid;
++ struct vx_info *vx_info;
++ struct ip_info *ip_info;
++
+ /* Thread group tracking */
+ u32 parent_exec_id;
+ u32 self_exec_id;
+@@ -561,7 +569,7 @@ extern void set_special_pids(pid_t sessi
+ extern void __set_special_pids(pid_t session, pid_t pgrp);
+
+ /* per-UID process charging. */
+-extern struct user_struct * alloc_uid(uid_t);
++extern struct user_struct * alloc_uid(xid_t, uid_t);
+ extern void free_uid(struct user_struct *);
+ extern void switch_uid(struct user_struct *);
+
+diff -NurpP --minimal linux-2.6.2-rc1/include/linux/types.h linux-2.6.2-rc1-vs0.05.1/include/linux/types.h
+--- linux-2.6.2-rc1/include/linux/types.h Fri Jan 9 07:59:57 2004
++++ linux-2.6.2-rc1-vs0.05.1/include/linux/types.h Sat Jan 24 05:45:51 2004
+@@ -37,6 +37,7 @@ typedef __kernel_uid32_t uid_t;
+ typedef __kernel_gid32_t gid_t;
+ typedef __kernel_uid16_t uid16_t;
+ typedef __kernel_gid16_t gid16_t;
++typedef unsigned int xid_t;
+
+ #ifdef CONFIG_UID16
+ /* This is defined by include/asm-{arch}/posix_types.h */
+diff -NurpP --minimal linux-2.6.2-rc1/include/linux/vinline.h linux-2.6.2-rc1-vs0.05.1/include/linux/vinline.h
+--- linux-2.6.2-rc1/include/linux/vinline.h Thu Jan 1 01:00:00 1970
++++ linux-2.6.2-rc1-vs0.05.1/include/linux/vinline.h Sat Jan 24 05:14:16 2004
+@@ -0,0 +1,289 @@
++#ifndef _VX_INLINE_H
++#define _VX_INLINE_H
++
++
++// #define VX_DEBUG
++
++#include <linux/kernel.h>
++#include <linux/sched.h>
++
++#include <linux/vserver/context.h>
++#include <linux/vserver/network.h>
++
++#if defined(VX_DEBUG)
++#define vxdprintk(x...) printk("vxd: " x)
++#else
++#define vxdprintk(x...)
++#endif
++
++
++
++void free_vx_info(struct vx_info *);
++
++extern int proc_pid_vinfo(struct task_struct *, char *);
++
++
++#define get_vx_info(i) __get_vx_info(i,__FILE__,__LINE__)
++
++static __inline__ struct vx_info *__get_vx_info(struct vx_info *vxi, const char *_file, int _line)
++{
++ /* for now we allow vxi to be null */
++ if (!vxi)
++ return NULL;
++ vxdprintk("get_vx_info(%p[#%d.%d])\t%s:%d\n", vxi,
++ vxi->vx_id, atomic_read(&vxi->vx_refcount),
++ _file, _line);
++ atomic_inc(&vxi->vx_refcount);
++ return vxi;
++}
++
++#define put_vx_info(i) __put_vx_info(i,__FILE__,__LINE__)
++
++static __inline__ void __put_vx_info(struct vx_info *vxi, const char *_file, int _line)
++{
++ /* for now we allow vxi to be null */
++ if (!vxi)
++ return;
++ vxdprintk("put_vx_info(%p[#%d.%d])\t%s:%d\n", vxi,
++ vxi->vx_id, atomic_read(&vxi->vx_refcount),
++ _file, _line);
++ if (atomic_dec_and_lock(&vxi->vx_refcount, &vxlist_lock)) {
++ list_del(&vxi->vx_list);
++ spin_unlock(&vxlist_lock);
++ free_vx_info(vxi);
++ }
++}
++
++#define task_get_vx_info(i) __task_get_vx_info(i,__FILE__,__LINE__)
++
++static __inline__ struct vx_info *__task_get_vx_info(struct task_struct *p,
++ const char *_file, int _line)
++{
++ struct vx_info *vxi;
++
++ task_lock(p);
++ vxi = __get_vx_info(p->vx_info, _file, _line);
++ task_unlock(p);
++ return vxi;
++}
++
++
++#define vx_verify_info(p,i) \
++ __vx_verify_info((p)->vx_info,i,__FILE__,__LINE__)
++
++static __inline__ void __vx_verify_info(
++ struct vx_info *vxa, struct vx_info *vxb,
++ const char *_file, int _line)
++{
++ if (vxa == vxb)
++ return;
++ printk(KERN_ERR "vx bad assumption (%p==%p) at %s:%d\n",
++ vxa, vxb, _file, _line);
++}
++
++
++#define vx_task_xid(t) ((t)->xid)
++
++#define vx_current_xid() vx_task_xid(current)
++
++#define vx_check(c,m) __vx_check(vx_current_xid(),c,m)
++
++#define vx_weak_check(c,m) ((m) ? vx_check(c,m) : 1)
++
++/*
++ * check current context for ADMIN/WATCH and
++ * optionally agains supplied argument
++ */
++static __inline__ int __vx_check(xid_t cid, xid_t id, unsigned int mode)
++{
++ if (mode & VX_ARG_MASK) {
++ if ((mode & VX_IDENT) &&
++ (id == cid))
++ return 1;
++ }
++ if (mode & VX_ATR_MASK) {
++ if ((mode & VX_DYNAMIC) &&
++ (id >= MIN_D_CONTEXT) &&
++ (id <= MAX_S_CONTEXT))
++ return 1;
++ if ((mode & VX_STATIC) &&
++ (id > 1) && (id < MIN_D_CONTEXT))
++ return 1;
++ }
++ return (((mode & VX_ADMIN) && (cid == 0)) ||
++ ((mode & VX_WATCH) && (cid == 1)));
++}
++
++
++
++void free_ip_info(struct ip_info *);
++
++#define get_ip_info(i) __get_ip_info(i,__FILE__,__LINE__)
++
++static __inline__ struct ip_info *__get_ip_info(struct ip_info *ipi, const char *_file, int _line)
++{
++ /* for now we allow vxi to be null */
++ if (!ipi)
++ return NULL;
++ vxdprintk("get_ip_info(%p[%d])\t%s:%d\n", ipi,
++ atomic_read(&ipi->ip_refcount), _file, _line);
++ atomic_inc(&ipi->ip_refcount);
++ return ipi;
++}
++
++#define put_ip_info(i) __put_ip_info(i,__FILE__,__LINE__)
++
++static __inline__ void __put_ip_info(struct ip_info *ipi, const char *_file, int _line)
++{
++ /* for now we allow vxi to be null */
++ if (!ipi)
++ return;
++ vxdprintk("put_ip_info(%p[%d])\t%s:%d\n", ipi,
++ atomic_read(&ipi->ip_refcount), _file, _line);
++ if (atomic_dec_and_lock(&ipi->ip_refcount, &iplist_lock)) {
++ list_del(&ipi->ip_list);
++ spin_unlock(&iplist_lock);
++ free_ip_info(ipi);
++ }
++}
++
++#define task_get_ip_info(i) __task_get_ip_info(i,__FILE__,__LINE__)
++
++static __inline__ struct ip_info *__task_get_ip_info(struct task_struct *p,
++ const char *_file, int _line)
++{
++ struct ip_info *ipi;
++
++ task_lock(p);
++ ipi = __get_ip_info(p->ip_info, _file, _line);
++ task_unlock(p);
++ return ipi;
++}
++
++#define ip_verify_info(p,i) \
++ __ip_verify_info((p)->ip_info,i,__FILE__,__LINE__)
++
++static __inline__ void __ip_verify_info(
++ struct ip_info *ipa, struct ip_info *ipb,
++ const char *_file, int _line)
++{
++ if (ipa == ipb)
++ return;
++ printk(KERN_ERR "ip bad assumption (%p==%p) at %s:%d\n",
++ ipa, ipb, _file, _line);
++}
++
++
++
++#define VX_DEBUG_ACC_RSS 0
++#define VX_DEBUG_ACC_VM 0
++#define VX_DEBUG_ACC_VML 0
++
++
++#define vx_acc_page(m, d, v, r) \
++ __vx_acc_page(&(m->v), m->mm_vx_info, r, d, __FILE__, __LINE__)
++
++static inline void __vx_acc_page(unsigned long *v, struct vx_info *vxi,
++ int res, int dir, char *file, int line)
++{
++ if (v) {
++ if (dir > 0)
++ ++(*v);
++ else
++ --(*v);
++ }
++ if (vxi) {
++ if (dir > 0)
++ atomic_inc(&vxi->limit.res[res]);
++ else
++ atomic_dec(&vxi->limit.res[res]);
++ }
++}
++
++
++#define vx_acc_pages(m, p, v, r) \
++ __vx_acc_pages(&(m->v), m->mm_vx_info, r, p, __FILE__, __LINE__)
++
++static inline void __vx_acc_pages(unsigned long *v, struct vx_info *vxi,
++ int res, int pages, char *file, int line)
++{
++ if ((pages > 1 || pages < -1) &&
++ ((res == RLIMIT_RSS && VX_DEBUG_ACC_RSS) ||
++ (res == RLIMIT_AS && VX_DEBUG_ACC_VM) ||
++ (res == RLIMIT_MEMLOCK && VX_DEBUG_ACC_VML)))
++ vxdprintk("vx_acc_pages [%5d,%2d]: %5d += %5d in %s:%d\n",
++ (vxi?vxi->vx_id:-1), res,
++ (vxi?atomic_read(&vxi->limit.res[res]):0),
++ pages, file, line);
++ if (pages == 0)
++ return;
++ if (v)
++ *v += pages;
++ if (vxi)
++ atomic_add(pages, &vxi->limit.res[res]);
++}
++
++
++
++#define vx_acc_vmpage(m,d) vx_acc_page(m, d, total_vm, RLIMIT_AS)
++#define vx_acc_vmlpage(m,d) vx_acc_page(m, d, locked_vm, RLIMIT_MEMLOCK)
++#define vx_acc_rsspage(m,d) vx_acc_page(m, d, rss, RLIMIT_RSS)
++
++#define vx_acc_vmpages(m,p) vx_acc_pages(m, p, total_vm, RLIMIT_AS)
++#define vx_acc_vmlpages(m,p) vx_acc_pages(m, p, locked_vm, RLIMIT_MEMLOCK)
++#define vx_acc_rsspages(m,p) vx_acc_pages(m, p, rss, RLIMIT_RSS)
++
++#define vx_pages_add(s,r,p) __vx_acc_pages(0, s, r, p, __FILE__, __LINE__)
++#define vx_pages_sub(s,r,p) __vx_pages_add(s, r, -(p))
++
++#define vx_vmpages_inc(m) vx_acc_vmpage(m, 1)
++#define vx_vmpages_dec(m) vx_acc_vmpage(m,-1)
++#define vx_vmpages_add(m,p) vx_acc_vmpages(m, p)
++#define vx_vmpages_sub(m,p) vx_acc_vmpages(m,-(p))
++
++#define vx_vmlocked_inc(m) vx_acc_vmlpage(m, 1)
++#define vx_vmlocked_dec(m) vx_acc_vmlpage(m,-1)
++#define vx_vmlocked_add(m,p) vx_acc_vmlpages(m, p)
++#define vx_vmlocked_sub(m,p) vx_acc_vmlpages(m,-(p))
++
++#define vx_rsspages_inc(m) vx_acc_rsspage(m, 1)
++#define vx_rsspages_dec(m) vx_acc_rsspage(m,-1)
++#define vx_rsspages_add(m,p) vx_acc_rsspages(m, p)
++#define vx_rsspages_sub(m,p) vx_acc_rsspages(m,-(p))
++
++
++
++#define vx_pages_avail(m, p, r) \
++ __vx_pages_avail((m)->mm_vx_info, (r), (p), __FILE__, __LINE__)
++
++static inline int __vx_pages_avail(struct vx_info *vxi,
++ int res, int pages, char *file, int line)
++{
++ if ((res == RLIMIT_RSS && VX_DEBUG_ACC_RSS) ||
++ (res == RLIMIT_AS && VX_DEBUG_ACC_VM) ||
++ (res == RLIMIT_MEMLOCK && VX_DEBUG_ACC_VML))
++ printk("vx_pages_avail[%5d,%2d]: %5ld > %5d + %5d in %s:%d\n",
++ (vxi?vxi->vx_id:-1), res,
++ (vxi?vxi->limit.rlim[res]:1),
++ (vxi?atomic_read(&vxi->limit.res[res]):0),
++ pages, file, line);
++ if (!vxi)
++ return 1;
++ if (vxi->limit.rlim[res] == RLIM_INFINITY)
++ return 1;
++ if (vxi->limit.rlim[res] < atomic_read(&vxi->limit.res[res]) + pages)
++ return 0;
++ return 1;
++}
++
++#define vx_vmpages_avail(m,p) vx_pages_avail(m, p, RLIMIT_AS)
++#define vx_vmlocked_avail(m,p) vx_pages_avail(m, p, RLIMIT_MEMLOCK)
++#define vx_rsspages_avail(m,p) vx_pages_avail(m, p, RLIMIT_RSS)
++
++/* procfs ioctls */
++
++#define FIOC_GETXFLG _IOR('x', 5, long)
++#define FIOC_SETXFLG _IOW('x', 6, long)
++
++
++#endif
+diff -NurpP --minimal linux-2.6.2-rc1/include/linux/vserver/context.h linux-2.6.2-rc1-vs0.05.1/include/linux/vserver/context.h
+--- linux-2.6.2-rc1/include/linux/vserver/context.h Thu Jan 1 01:00:00 1970
++++ linux-2.6.2-rc1-vs0.05.1/include/linux/vserver/context.h Sat Jan 24 06:06:06 2004
+@@ -0,0 +1,134 @@
++#ifndef _VX_CONTEXT_H
++#define _VX_CONTEXT_H
++
++
++#include <linux/types.h>
++
++
++#define MAX_S_CONTEXT 65535 /* Arbitrary limit */
++#define MIN_D_CONTEXT 49152 /* dynamic contexts start here */
++
++#define VX_DYNAMIC_ID (-1UL) /* id for dynamic context */
++
++
++#include <linux/utsname.h>
++
++struct _vx_virt {
++ int nr_threads;
++ int nr_running;
++ int max_threads;
++ unsigned long total_forks;
++
++ unsigned int bias_cswtch;
++ long bias_jiffies;
++ long bias_idle;
++
++ struct new_utsname utsname;
++};
++
++
++#include <linux/list.h>
++#include <linux/spinlock.h>
++#include <asm/atomic.h>
++
++#include <linux/vserver/limit.h>
++#include <linux/vserver/sched.h>
++
++struct vx_info {
++ struct list_head vx_list; /* linked list of contexts */
++ xid_t vx_id; /* context id */
++ atomic_t vx_refcount; /* refcount */
++ struct vx_info *vx_parent; /* parent context */
++
++ struct proc_dir_entry *vx_procent; /* proc entry */
++ unsigned int vx_flags; /* VX_INFO_xxx */
++ pid_t vx_initpid; /* PID of fake init process */
++
++ struct _vx_virt virt; /* virtual/bias stuff */
++ struct _vx_limit limit; /* vserver limits */
++ struct _vx_sched sched; /* vserver scheduler */
++
++ char vx_name[65]; /* vserver name */
++};
++
++
++extern spinlock_t vxlist_lock;
++extern struct list_head vx_infos;
++
++
++#define VX_ADMIN 0x0001
++#define VX_WATCH 0x0002
++#define VX_DUMMY 0x0008
++
++#define VX_IDENT 0x0010
++#define VX_EQUIV 0x0020
++#define VX_PARENT 0x0040
++#define VX_CHILD 0x0080
++
++#define VX_ARG_MASK 0x00F0
++
++#define VX_DYNAMIC 0x0100
++#define VX_STATIC 0x0200
++
++#define VX_ATR_MASK 0x0F00
++
++
++void free_vx_info(struct vx_info *);
++
++extern struct vx_info *find_vx_info(int);
++extern struct vx_info *find_or_create_vx_info(int);
++
++
++#include <linux/vserver/switch.h>
++
++/* vinfo commands */
++
++#define VCMD_task_xid VC_CMD(VINFO, 1, 0)
++#define VCMD_task_nid VC_CMD(VINFO, 2, 0)
++
++extern int vc_task_xid(uint32_t, void *);
++
++
++#define VCMD_vx_info VC_CMD(VINFO, 5, 0)
++#define VCMD_nx_info VC_CMD(VINFO, 6, 0)
++
++struct vcmd_vx_info_v0 {
++ uint32_t xid;
++ uint32_t initpid;
++ /* more to come */
++};
++
++extern int vc_vx_info(uint32_t, void *);
++
++
++/* virtual host info names */
++
++#define VCMD_vx_set_vhi_name VC_CMD(VHOST, 1, 0)
++#define VCMD_vx_get_vhi_name VC_CMD(VHOST, 2, 0)
++
++extern int vc_set_vhi_name(uint32_t, void *);
++extern int vc_get_vhi_name(uint32_t, void *);
++
++struct vcmd_vx_vhi_name_v0 {
++ uint32_t field;
++ char name[65];
++};
++
++
++enum vx_vhi_name_field {
++ VHIN_CONTEXT=0,
++ VHIN_SYSNAME,
++ VHIN_NODENAME,
++ VHIN_RELEASE,
++ VHIN_VERSION,
++ VHIN_MACHINE,
++ VHIN_DOMAINNAME,
++};
++
++
++// EXPORT_SYMBOL_GPL(vxlist_lock);
++// EXPORT_SYMBOL_GPL(vx_infos);
++
++// EXPORT_SYMBOL_GPL(find_vx_info);
++
++#endif
+diff -NurpP --minimal linux-2.6.2-rc1/include/linux/vserver/inode.h linux-2.6.2-rc1-vs0.05.1/include/linux/vserver/inode.h
+--- linux-2.6.2-rc1/include/linux/vserver/inode.h Thu Jan 1 01:00:00 1970
++++ linux-2.6.2-rc1-vs0.05.1/include/linux/vserver/inode.h Sat Jan 24 05:45:51 2004
+@@ -0,0 +1,41 @@
++#ifndef _VX_INODE_H
++#define _VX_INODE_H
++
++
++#include <linux/vserver/switch.h>
++
++/* inode vserver commands */
++
++#define VCMD_get_iattr VC_CMD(INODE, 1, 0)
++#define VCMD_set_iattr VC_CMD(INODE, 2, 0)
++
++struct vcmd_ctx_iattr_v0 {
++ /* device handle in id */
++ uint64_t ino;
++ uint32_t xid;
++ uint32_t flags;
++ uint32_t mask;
++};
++
++#define IATTR_XID 0x01000000
++
++#define IATTR_ADMIN 0x00000001
++#define IATTR_WATCH 0x00000002
++#define IATTR_HIDE 0x00000004
++#define IATTR_FLAGS 0x00000007
++
++#define IATTR_BARRIER 0x00010000
++#define IATTR_IUNLINK 0x00020000
++
++
++extern int vc_get_iattr(uint32_t, void *);
++extern int vc_set_iattr(uint32_t, void *);
++
++
++/* inode ioctls */
++
++#define FIOC_GETXFLG _IOR('x', 5, long)
++#define FIOC_SETXFLG _IOW('x', 6, long)
++
++
++#endif
+diff -NurpP --minimal linux-2.6.2-rc1/include/linux/vserver/legacy.h linux-2.6.2-rc1-vs0.05.1/include/linux/vserver/legacy.h
+--- linux-2.6.2-rc1/include/linux/vserver/legacy.h Thu Jan 1 01:00:00 1970
++++ linux-2.6.2-rc1-vs0.05.1/include/linux/vserver/legacy.h Sat Jan 24 05:14:16 2004
+@@ -0,0 +1,57 @@
++#ifndef _VX_LEGACY_H
++#define _VX_LEGACY_H
++
++
++#include <linux/vserver/switch.h>
++#include <linux/vserver/network.h>
++
++/* compatibiliy vserver commands */
++
++#define VCMD_new_s_context VC_CMD(COMPAT, 1, 1)
++#define VCMD_set_ipv4root VC_CMD(COMPAT, 2, 3)
++
++/* compatibiliy vserver arguments */
++
++struct vcmd_new_s_context_v1 {
++ uint32_t remove_cap;
++ uint32_t flags;
++};
++
++struct vcmd_set_ipv4root_v3 {
++ /* number of pairs in id */
++ uint32_t broadcast;
++ struct {
++ uint32_t ip;
++ uint32_t mask;
++ } ip_mask_pair[NB_IPV4ROOT];
++};
++
++
++#define VX_INFO_LOCK 1 /* Can't request a new vx_id */
++#define VX_INFO_SCHED 2 /* All process in the vx_id */
++ /* Contribute to the schedular */
++#define VX_INFO_NPROC 4 /* Limit number of processes in a context */
++#define VX_INFO_PRIVATE 8 /* Noone can join this security context */
++#define VX_INFO_INIT 16 /* This process wants to become the */
++ /* logical process 1 of the security */
++ /* context */
++#define VX_INFO_HIDEINFO 32 /* Hide some information in /proc */
++#define VX_INFO_ULIMIT 64 /* Use ulimit of the current process */
++ /* to become the global limits */
++ /* of the context */
++
++#define MAX_S_CONTEXT 65535 /* Arbitrary limit */
++#define MIN_D_CONTEXT 49152 /* dynamic contexts start here */
++
++#define VX_DYNAMIC_ID (-1UL) /* id for dynamic context */
++
++#define NB_S_CONTEXT 16
++
++#define NB_IPV4ROOT 16
++
++
++extern int vc_new_s_context(uint32_t, void *);
++extern int vc_set_ipv4root(uint32_t, void *);
++
++
++#endif
+diff -NurpP --minimal linux-2.6.2-rc1/include/linux/vserver/limit.h linux-2.6.2-rc1-vs0.05.1/include/linux/vserver/limit.h
+--- linux-2.6.2-rc1/include/linux/vserver/limit.h Thu Jan 1 01:00:00 1970
++++ linux-2.6.2-rc1-vs0.05.1/include/linux/vserver/limit.h Sat Jan 24 05:54:14 2004
+@@ -0,0 +1,49 @@
++#ifndef _VX_LIMIT_H
++#define _VX_LIMIT_H
++
++
++#include <linux/vserver/switch.h>
++
++/* rlimit vserver commands */
++
++#define VCMD_get_rlimit VC_CMD(RLIMIT, 1, 0)
++#define VCMD_set_rlimit VC_CMD(RLIMIT, 2, 0)
++#define VCMD_get_rlimit_mask VC_CMD(RLIMIT, 3, 0)
++
++struct vcmd_ctx_rlimit_v0 {
++ uint32_t id;
++ uint64_t minimum;
++ uint64_t softlimit;
++ uint64_t maximum;
++};
++
++struct vcmd_ctx_rlimit_mask_v0 {
++ uint32_t minimum;
++ uint32_t softlimit;
++ uint32_t maximum;
++};
++
++#define CRLIM_UNSET (0ULL)
++#define CRLIM_INFINITY (~0ULL)
++#define CRLIM_KEEP (~1ULL)
++
++
++extern int vc_get_rlimit(uint32_t, void *);
++extern int vc_set_rlimit(uint32_t, void *);
++extern int vc_get_rlimit_mask(uint32_t, void *);
++
++
++#include <asm/atomic.h>
++#include <asm/resource.h>
++
++/* context sub struct */
++
++struct _vx_limit {
++ atomic_t ticks;
++
++ unsigned long rlim[RLIM_NLIMITS]; /* Per context limit */
++ atomic_t res[RLIM_NLIMITS]; /* Current value */
++};
++
++
++#endif
+diff -NurpP --minimal linux-2.6.2-rc1/include/linux/vserver/network.h linux-2.6.2-rc1-vs0.05.1/include/linux/vserver/network.h
+--- linux-2.6.2-rc1/include/linux/vserver/network.h Thu Jan 1 01:00:00 1970
++++ linux-2.6.2-rc1-vs0.05.1/include/linux/vserver/network.h Sat Jan 24 05:46:08 2004
+@@ -0,0 +1,43 @@
++#ifndef _VX_NETWORK_H
++#define _VX_NETWORK_H
++
++
++#define NB_IPV4ROOT 16
++
++#include <linux/list.h>
++#include <linux/spinlock.h>
++#include <linux/utsname.h>
++#include <asm/resource.h>
++#include <asm/atomic.h>
++
++
++struct ip_info {
++ struct list_head ip_list; /* linked list of ipinfos */
++ atomic_t ip_refcount;
++ int nbipv4;
++ __u32 ipv4[NB_IPV4ROOT];/* Process can only bind to these IPs */
++ /* The first one is used to connect */
++ /* and for bind any service */
++ /* The other must be used explicity when */
++ /* binding */
++ __u32 mask[NB_IPV4ROOT];/* Netmask for each ipv4 */
++ /* Used to select the proper source address */
++ /* for sockets */
++ __u32 v4_bcast; /* Broadcast address used to receive UDP packets */
++};
++
++
++extern spinlock_t iplist_lock;
++extern struct list_head ip_infos;
++
++
++void free_ip_info(struct ip_info *);
++struct ip_info *create_ip_info(void);
++
++
++// EXPORT_SYMBOL_GPL(iplist_lock);
++// EXPORT_SYMBOL_GPL(ip_infos);
++
++// EXPORT_SYMBOL_GPL(find_ip_info);
++
++#endif
+diff -NurpP --minimal linux-2.6.2-rc1/include/linux/vserver/sched.h linux-2.6.2-rc1-vs0.05.1/include/linux/vserver/sched.h
+--- linux-2.6.2-rc1/include/linux/vserver/sched.h Thu Jan 1 01:00:00 1970
++++ linux-2.6.2-rc1-vs0.05.1/include/linux/vserver/sched.h Sat Jan 24 06:12:29 2004
+@@ -0,0 +1,42 @@
++#ifndef _VX_SCHED_H
++#define _VX_SCHED_H
++
++
++#include <linux/vserver/switch.h>
++
++/* sched vserver commands */
++
++#define VCMD_set_sched VC_CMD(SYSTEST, 1, 1)
++
++/* Options - these ones enable or disable the CTX_SCHED flag */
++#define TBF_SCHED_ENABLE 0x0001
++#define TBF_SCHED_DISABLE 0x0002
++
++struct vcmd_set_sched_v1 {
++ uint32_t options;
++
++ int32_t fill_rate;
++ int32_t period;
++ int32_t fill_level;
++ int32_t bucket_size;
++};
++
++
++extern int vc_set_sched(uint32_t, void *);
++
++#include <linux/spinlock.h>
++
++/* context sub struct */
++
++struct _vx_sched {
++ spinlock_t tokens_lock; /* lock for this structure */
++
++ int tokens; /* number of CPU tokens in this context */
++ int tokens_fr; /* Fill rate: add X tokens... */
++ int tokens_div; /* Divisor: per Y jiffies */
++ int tokens_max; /* Limit: no more than N tokens */
++ uint32_t tokens_jfy; /* add an integral multiple of Y to this */
++};
++
++
++#endif
+diff -NurpP --minimal linux-2.6.2-rc1/include/linux/vserver/signal.h linux-2.6.2-rc1-vs0.05.1/include/linux/vserver/signal.h
+--- linux-2.6.2-rc1/include/linux/vserver/signal.h Thu Jan 1 01:00:00 1970
++++ linux-2.6.2-rc1-vs0.05.1/include/linux/vserver/signal.h Sat Jan 24 06:02:39 2004
+@@ -0,0 +1,20 @@
++#ifndef _VX_SIGNAL_H
++#define _VX_SIGNAL_H
++
++
++#include <linux/vserver/switch.h>
++
++/* context signalling */
++
++#define VCMD_ctx_kill VC_CMD(PROCTRL, 1, 0)
++
++struct vcmd_ctx_kill_v0 {
++ int32_t pid;
++ int32_t sig;
++};
++
++
++extern int vc_ctx_kill(uint32_t, void *);
++
++
++#endif
+diff -NurpP --minimal linux-2.6.2-rc1/include/linux/vserver/switch.h linux-2.6.2-rc1-vs0.05.1/include/linux/vserver/switch.h
+--- linux-2.6.2-rc1/include/linux/vserver/switch.h Thu Jan 1 01:00:00 1970
++++ linux-2.6.2-rc1-vs0.05.1/include/linux/vserver/switch.h Sat Jan 24 05:14:16 2004
+@@ -0,0 +1,82 @@
++#ifndef _LINUX_VIRTUAL_H
++#define _LINUX_VIRTUAL_H
++
++#include <linux/types.h>
++
++#define VC_CATEGORY(c) (((c) >> 24) & 0x3F)
++#define VC_COMMAND(c) (((c) >> 16) & 0xFF)
++#define VC_VERSION(c) ((c) & 0xFFF)
++
++#define VC_CMD(c,i,v) ((((VC_CAT_ ## c) & 0x3F) << 24) \
++ | (((i) & 0xFF) << 16) | ((v) & 0xFFF))
++
++/*
++
++ Syscall Matrix V2.4
++
++ |VERSION|CREATE |MODIFY |MIGRATE|CONTROL|EXPERIM| |SPECIAL|SPECIAL|
++ |STATS |DESTROY|ALTER |CHANGE |LIMIT |TEST | | | |
++ |INFO |SETUP | |MOVE | | | | | |
++ -------+-------+-------+-------+-------+-------+-------+ +-------+-------+
++ SYSTEM |VERSION| | | | | | |DEVICES| |
++ HOST | 00| 01| 02| 03| 04| 05| | 06| 07|
++ -------+-------+-------+-------+-------+-------+-------+ +-------+-------+
++ CPU | | | | | | | |SCHED. | |
++ PROCESS| 08| 09| 10| 11| 12| 13| | 14| 15|
++ -------+-------+-------+-------+-------+-------+-------+ +-------+-------+
++ MEMORY | | | | | | | |SWAP | |
++ | 16| 17| 18| 19| 20| 21| | 22| 23|
++ -------+-------+-------+-------+-------+-------+-------+ +-------+-------+
++ NETWORK| | | | | | | |SERIAL | |
++ | 24| 25| 26| 27| 28| 29| | 30| 31|
++ -------+-------+-------+-------+-------+-------+-------+ +-------+-------+
++ DISK | | | | | | | |INODE | |
++ VFS | 32| 33| 34| 35| 36| 37| | 38| 39|
++ -------+-------+-------+-------+-------+-------+-------+ +-------+-------+
++ OTHER | | | | | | | |VINFO | |
++ | 40| 41| 42| 43| 44| 45| | 46| 47|
++ =======+=======+=======+=======+=======+=======+=======+ +=======+=======+
++ SPECIAL| | | | | | | | | |
++ | 48| 49| 50| 51| 52| 53| | 54| 55|
++ -------+-------+-------+-------+-------+-------+-------+ +-------+-------+
++ SPECIAL| | | | |RLIMIT |SYSCALL| | |COMPAT |
++ | 56| 57| 58| 59| 60|TEST 61| | 62| 63|
++ -------+-------+-------+-------+-------+-------+-------+ +-------+-------+
++
++*/
++
++#define VC_CAT_VERSION 0
++
++#define VC_CAT_VHOST 2
++
++#define VC_CAT_PROCTRL 12
++
++#define VC_CAT_SCHED 14
++#define VC_CAT_INODE 38
++
++#define VC_CAT_VINFO 46
++
++#define VC_CAT_RLIMIT 60
++
++#define VC_CAT_SYSTEST 61
++#define VC_CAT_COMPAT 63
++
++/* interface version */
++
++#define VCI_VERSION 0x00010010
++
++
++/* query version */
++
++#define VCMD_get_version VC_CMD(VERSION, 0, 0)
++
++
++#include <linux/errno.h>
++
++#define ENOTSUP ENOTSUPP
++
++
++// EXPORT_SYMBOL_GPL(sys_vserver);
++
++
++#endif /* _LINUX_VIRTUAL_H */
+diff -NurpP --minimal linux-2.6.2-rc1/include/linux/vserver.h linux-2.6.2-rc1-vs0.05.1/include/linux/vserver.h
+--- linux-2.6.2-rc1/include/linux/vserver.h Thu Jan 1 01:00:00 1970
++++ linux-2.6.2-rc1-vs0.05.1/include/linux/vserver.h Sat Jan 24 05:14:16 2004
+@@ -0,0 +1,8 @@
++#ifndef _LINUX_VSERVER_H
++#define _LINUX_VSERVER_H
++
++#include <linux/vserver/context.h>
++#include <linux/vserver/network.h>
++#include <linux/vinline.h>
++
++#endif
+diff -NurpP --minimal linux-2.6.2-rc1/include/net/route.h linux-2.6.2-rc1-vs0.05.1/include/net/route.h
+--- linux-2.6.2-rc1/include/net/route.h Fri Jan 9 07:59:02 2004
++++ linux-2.6.2-rc1-vs0.05.1/include/net/route.h Sat Jan 24 05:46:08 2004
+@@ -33,6 +33,7 @@
+ #include <linux/route.h>
+ #include <linux/ip.h>
+ #include <linux/cache.h>
++#include <linux/vinline.h>
+
+ #ifndef __KERNEL__
+ #warning This file is not supposed to be used outside of kernel.
+@@ -160,6 +161,45 @@ static inline int ip_route_connect(struc
+ .dport = dport } } };
+
+ int err;
++ struct ip_info *ip_info = current->ip_info;
++ if (ip_info) {
++ __u32 ipv4root = ip_info->ipv4[0];
++ if (ipv4root) {
++ int n = ip_info->nbipv4;
++ if (src == 0) {
++ if (n > 1) {
++ u32 foundsrc;
++ int i;
++ err = __ip_route_output_key(rp, &fl);
++ if (err)
++ return err;
++ foundsrc = (*rp)->rt_src;
++ ip_rt_put(*rp);
++ for (i=0; i<n; i++){
++ u32 mask = ip_info->mask[i];
++ u32 ipv4 = ip_info->ipv4[i];
++ u32 netipv4 = ipv4 & mask;
++ if ((foundsrc & mask) == netipv4) {
++ src = ipv4;
++ break;
++ }
++ }
++ }
++ if (src == 0)
++ src = dst == 0x0100007f
++ ? 0x0100007f: ipv4root;
++ } else {
++ int i;
++ for (i=0; i<n; i++) {
++ if (ip_info->ipv4[i] == src) break;
++ }
++ if (i == n)
++ return -EPERM;
++ }
++ if (dst == 0x0100007f && !vx_check(0, VX_ADMIN))
++ dst = ipv4root;
++ }
++ }
+ if (!dst || !src) {
+ err = __ip_route_output_key(rp, &fl);
+ if (err)
+diff -NurpP --minimal linux-2.6.2-rc1/include/net/sock.h linux-2.6.2-rc1-vs0.05.1/include/net/sock.h
+--- linux-2.6.2-rc1/include/net/sock.h Sat Jan 24 03:18:19 2004
++++ linux-2.6.2-rc1-vs0.05.1/include/net/sock.h Sat Jan 24 05:46:08 2004
+@@ -50,6 +50,7 @@
+ #include <linux/security.h>
+
+ #include <linux/filter.h>
++#include <linux/vinline.h>
+
+ #include <asm/atomic.h>
+ #include <net/dst.h>
+@@ -109,6 +110,8 @@ struct sock_common {
+ struct hlist_node skc_node;
+ struct hlist_node skc_bind_node;
+ atomic_t skc_refcnt;
++ xid_t skc_xid;
++ struct ip_info *skc_ip_info;
+ };
+
+ /**
+@@ -186,6 +189,8 @@ struct sock {
+ #define sk_node __sk_common.skc_node
+ #define sk_bind_node __sk_common.skc_bind_node
+ #define sk_refcnt __sk_common.skc_refcnt
++#define sk_xid __sk_common.skc_xid
++#define sk_ip_info __sk_common.skc_ip_info
+ volatile unsigned char sk_zapped;
+ unsigned char sk_shutdown;
+ unsigned char sk_use_write_queue;
+diff -NurpP --minimal linux-2.6.2-rc1/include/net/tcp.h linux-2.6.2-rc1-vs0.05.1/include/net/tcp.h
+--- linux-2.6.2-rc1/include/net/tcp.h Sat Jan 24 03:18:19 2004
++++ linux-2.6.2-rc1-vs0.05.1/include/net/tcp.h Sat Jan 24 05:46:08 2004
+@@ -195,6 +195,8 @@ struct tcp_tw_bucket {
+ #define tw_node __tw_common.skc_node
+ #define tw_bind_node __tw_common.skc_bind_node
+ #define tw_refcnt __tw_common.skc_refcnt
++#define tw_xid __tw_common.skc_xid
++#define tw_ip_info __tw_common.skc_ip_info
+ volatile unsigned char tw_substate;
+ unsigned char tw_rcv_wscale;
+ __u16 tw_sport;
+diff -NurpP --minimal linux-2.6.2-rc1/kernel/Makefile linux-2.6.2-rc1-vs0.05.1/kernel/Makefile
+--- linux-2.6.2-rc1/kernel/Makefile Fri Jan 9 07:59:10 2004
++++ linux-2.6.2-rc1-vs0.05.1/kernel/Makefile Sat Jan 24 05:14:16 2004
+@@ -8,6 +8,11 @@ obj-y = sched.o fork.o exec_domain.o
+ signal.o sys.o kmod.o workqueue.o pid.o \
+ rcupdate.o intermodule.o extable.o params.o posix-timers.o
+
++# mod-subdirs := vserver
++
++subdir-y += vserver
++obj-y += vserver/vserver.o
++
+ obj-$(CONFIG_FUTEX) += futex.o
+ obj-$(CONFIG_GENERIC_ISA_DMA) += dma.o
+ obj-$(CONFIG_SMP) += cpu.o
+diff -NurpP --minimal linux-2.6.2-rc1/kernel/sys.c linux-2.6.2-rc1-vs0.05.1/kernel/sys.c
+--- linux-2.6.2-rc1/kernel/sys.c Sat Jan 24 03:18:19 2004
++++ linux-2.6.2-rc1-vs0.05.1/kernel/sys.c Sat Jan 24 06:15:34 2004
+@@ -23,6 +23,7 @@
+ #include <linux/security.h>
+ #include <linux/dcookies.h>
+ #include <linux/suspend.h>
++#include <linux/vinline.h>
+
+ #include <asm/uaccess.h>
+ #include <asm/io.h>
+@@ -317,7 +318,7 @@ asmlinkage long sys_setpriority(int whic
+ if (!who)
+ user = current->user;
+ else
+- user = find_user(who);
++ user = find_user(vx_current_xid(), who);
+
+ if (!user)
+ goto out_unlock;
+@@ -376,7 +377,7 @@ asmlinkage long sys_getpriority(int whic
+ if (!who)
+ user = current->user;
+ else
+- user = find_user(who);
++ user = find_user(vx_current_xid(), who);
+
+ if (!user)
+ goto out_unlock;
+@@ -617,7 +618,7 @@ static int set_user(uid_t new_ruid, int
+ {
+ struct user_struct *new_user;
+
+- new_user = alloc_uid(new_ruid);
++ new_user = alloc_uid(vx_current_xid(), new_ruid);
+ if (!new_user)
+ return -EAGAIN;
+
+diff -NurpP --minimal linux-2.6.2-rc1/kernel/user.c linux-2.6.2-rc1-vs0.05.1/kernel/user.c
+--- linux-2.6.2-rc1/kernel/user.c Fri Jan 9 07:59:26 2004
++++ linux-2.6.2-rc1-vs0.05.1/kernel/user.c Sat Jan 24 05:45:51 2004
+@@ -20,8 +20,8 @@
+ #define UIDHASH_BITS 8
+ #define UIDHASH_SZ (1 << UIDHASH_BITS)
+ #define UIDHASH_MASK (UIDHASH_SZ - 1)
+-#define __uidhashfn(uid) (((uid >> UIDHASH_BITS) + uid) & UIDHASH_MASK)
+-#define uidhashentry(uid) (uidhash_table + __uidhashfn((uid)))
++#define __uidhashfn(xid,uid) ((((uid) >> UIDHASH_BITS) + ((uid)^(xid))) & UIDHASH_MASK)
++#define uidhashentry(xid,uid) (uidhash_table + __uidhashfn((xid),(uid)))
+
+ static kmem_cache_t *uid_cachep;
+ static struct list_head uidhash_table[UIDHASH_SZ];
+@@ -46,7 +46,7 @@ static inline void uid_hash_remove(struc
+ list_del(&up->uidhash_list);
+ }
+
+-static inline struct user_struct *uid_hash_find(uid_t uid, struct list_head *hashent)
++static inline struct user_struct *uid_hash_find(xid_t xid, uid_t uid, struct list_head *hashent)
+ {
+ struct list_head *up;
+
+@@ -55,7 +55,7 @@ static inline struct user_struct *uid_ha
+
+ user = list_entry(up, struct user_struct, uidhash_list);
+
+- if(user->uid == uid) {
++ if(user->uid == uid && user->vx_id == xid) {
+ atomic_inc(&user->__count);
+ return user;
+ }
+@@ -64,9 +64,9 @@ static inline struct user_struct *uid_ha
+ return NULL;
+ }
+
+-struct user_struct *find_user(uid_t uid)
++struct user_struct *find_user(xid_t xid, uid_t uid)
+ {
+- return uid_hash_find(uid, uidhashentry(uid));
++ return uid_hash_find(xid, uid, uidhashentry(xid, uid));
+ }
+
+ void free_uid(struct user_struct *up)
+@@ -78,13 +78,13 @@ void free_uid(struct user_struct *up)
+ }
+ }
+
+-struct user_struct * alloc_uid(uid_t uid)
++struct user_struct * alloc_uid(xid_t xid, uid_t uid)
+ {
+- struct list_head *hashent = uidhashentry(uid);
++ struct list_head *hashent = uidhashentry(xid, uid);
+ struct user_struct *up;
+
+ spin_lock(&uidhash_lock);
+- up = uid_hash_find(uid, hashent);
++ up = uid_hash_find(xid, uid, hashent);
+ spin_unlock(&uidhash_lock);
+
+ if (!up) {
+@@ -94,6 +94,7 @@ struct user_struct * alloc_uid(uid_t uid
+ if (!new)
+ return NULL;
+ new->uid = uid;
++ new->vx_id = xid;
+ atomic_set(&new->__count, 1);
+ atomic_set(&new->processes, 0);
+ atomic_set(&new->files, 0);
+@@ -103,7 +104,7 @@ struct user_struct * alloc_uid(uid_t uid
+ * on adding the same user already..
+ */
+ spin_lock(&uidhash_lock);
+- up = uid_hash_find(uid, hashent);
++ up = uid_hash_find(xid, uid, hashent);
+ if (up) {
+ kmem_cache_free(uid_cachep, new);
+ } else {
+@@ -148,7 +149,7 @@ static int __init uid_cache_init(void)
+
+ /* Insert the root user immediately (init already runs as root) */
+ spin_lock(&uidhash_lock);
+- uid_hash_insert(&root_user, uidhashentry(0));
++ uid_hash_insert(&root_user, uidhashentry(0,0));
+ spin_unlock(&uidhash_lock);
+
+ return 0;
+diff -NurpP --minimal linux-2.6.2-rc1/kernel/vserver/Makefile linux-2.6.2-rc1-vs0.05.1/kernel/vserver/Makefile
+--- linux-2.6.2-rc1/kernel/vserver/Makefile Thu Jan 1 01:00:00 1970
++++ linux-2.6.2-rc1-vs0.05.1/kernel/vserver/Makefile Sat Jan 24 06:36:45 2004
+@@ -0,0 +1,11 @@
++#
++# Makefile for the Linux vserver routines.
++#
++
++
++obj-y += vserver.o
++
++vserver-y := switch.o context.o network.o inode.o limit.o signal.o
++
++vserver-y += legacy.o
++
+diff -NurpP --minimal linux-2.6.2-rc1/kernel/vserver/context.c linux-2.6.2-rc1-vs0.05.1/kernel/vserver/context.c
+--- linux-2.6.2-rc1/kernel/vserver/context.c Thu Jan 1 01:00:00 1970
++++ linux-2.6.2-rc1-vs0.05.1/kernel/vserver/context.c Sat Jan 24 06:04:27 2004
+@@ -0,0 +1,302 @@
++/*
++ * linux/kernel/vserver/context.c
++ *
++ * Virtual Server: Context Support
++ *
++ * Copyright (C) 2003-2004 Herbert Pötzl
++ *
++ * V0.01 context helper
++ * V0.02 vx_ctx_kill syscall command
++ * V0.03 replaced context_info calls
++ * V0.04 redesign of struct (de)alloc
++ * V0.05 rlimit basic implementation
++ *
++ */
++
++#include <linux/config.h>
++//#include <linux/linkage.h>
++#include <linux/utsname.h>
++#include <linux/slab.h>
++#include <linux/vserver/context.h>
++//#include <linux/vswitch.h>
++#include <linux/vinline.h>
++//#include <linux/sched.h>
++#include <linux/kernel_stat.h>
++
++#include <asm/errno.h>
++//#include <asm/uaccess.h>
++
++
++
++/* system functions */
++
++
++LIST_HEAD(vx_infos);
++
++spinlock_t vxlist_lock
++ __cacheline_aligned_in_smp = SPIN_LOCK_UNLOCKED;
++
++
++/*
++ * struct vx_info allocation and deallocation
++ */
++
++static struct vx_info *alloc_vx_info(int id)
++{
++ struct vx_info *new = NULL;
++ int lim;
++
++ vxdprintk("alloc_vx_info(%d)\n", id);
++ /* would this benefit from a slab cache? */
++ new = kmalloc(sizeof(struct vx_info), GFP_KERNEL);
++ if (!new)
++ return 0;
++
++ memset (new, 0, sizeof(struct vx_info));
++ new->vx_id = id;
++ INIT_LIST_HEAD(&new->vx_list);
++ /* rest of init goes here */
++
++ for (lim=0; lim<RLIM_NLIMITS; lim++)
++ new->limit.rlim[lim] = RLIM_INFINITY;
++
++ /* scheduling; hard code starting values as constants */
++ new->sched.tokens_fr = 1;
++ new->sched.tokens_div = 4;
++ new->sched.tokens = HZ * 5;
++ new->sched.tokens_max = HZ * 10;
++ new->sched.tokens_jfy = jiffies;
++ new->sched.tokens_lock = SPIN_LOCK_UNLOCKED;
++
++ new->virt.nr_threads = 1;
++ // new->virt.bias_cswtch = kstat.context_swtch;
++ new->virt.bias_jiffies = jiffies;
++ /* new->virt.bias_idle = init_tasks[0]->times.tms_utime +
++ init_tasks[0]->times.tms_stime;
++ */
++ down_read(&uts_sem);
++ new->virt.utsname = system_utsname;
++ up_read(&uts_sem);
++
++ vxdprintk("alloc_vx_info(%d) = %p\n", id, new);
++ return new;
++}
++
++void free_vx_info(struct vx_info *vxi)
++{
++ vxdprintk("free_vx_info(%p)\n", vxi);
++ kfree(vxi);
++}
++
++
++/*
++ * struct vx_info search by id
++ * assumes vxlist_lock is held
++ */
++
++static __inline__ struct vx_info *__find_vx_info(int id)
++{
++ struct vx_info *vxi;
++
++ list_for_each_entry(vxi, &vx_infos, vx_list)
++ if (vxi->vx_id == id)
++ return vxi;
++ return 0;
++}
++
++
++/*
++ * struct vx_info ref stuff
++ */
++
++struct vx_info *find_vx_info(int id)
++{
++ struct vx_info *vxi;
++
++ spin_lock(&vxlist_lock);
++ if ((vxi = __find_vx_info(id)))
++ get_vx_info(vxi);
++ spin_unlock(&vxlist_lock);
++ return vxi;
++}
++
++
++/*
++ * struct vx_info search by id
++ * assumes vxlist_lock is held
++ */
++
++static __inline__ xid_t __vx_dynamic_id(void)
++{
++ static xid_t seq = MAX_S_CONTEXT;
++ xid_t barrier = seq;
++
++ do {
++ if (++seq > MAX_S_CONTEXT)
++ seq = MIN_D_CONTEXT;
++ if (!__find_vx_info(seq))
++ return seq;
++ } while (barrier != seq);
++ return 0;
++}
++
++
++struct vx_info *find_or_create_vx_info(int id)
++{
++ struct vx_info *new, *vxi = NULL;
++
++ vxdprintk("find_or_create_vx_info(%d)\n", id);
++ if (!(new = alloc_vx_info(id)))
++ return 0;
++
++ spin_lock(&vxlist_lock);
++
++ /* dynamic context requested */
++ if (id == VX_DYNAMIC_ID) {
++ id = __vx_dynamic_id();
++ if (!id) {
++ printk(KERN_ERR "no dynamic context available.\n");
++ goto out_unlock;
++ }
++ new->vx_id = id;
++ }
++ /* existing context requested */
++ else if ((vxi = __find_vx_info(id))) {
++ vxdprintk("find_or_create_vx_info(%d) = %p (found)\n", id, vxi);
++ get_vx_info(vxi);
++ goto out_unlock;
++ }
++
++ /* new context requested */
++ vxdprintk("find_or_create_vx_info(%d) = %p (new)\n", id, vxi);
++ atomic_set(&new->vx_refcount, 1);
++ list_add(&new->vx_list, &vx_infos);
++ vxi = new, new = NULL;
++
++out_unlock:
++ spin_unlock(&vxlist_lock);
++ if (new)
++ free_vx_info(new);
++ return vxi;
++}
++
++
++#include <asm/uaccess.h>
++
++
++int vc_task_xid(uint32_t id, void *data)
++{
++ if (!vx_check(0, VX_ADMIN))
++ return -ENOSYS;
++ switch (id) {
++ case 0:
++ break;
++
++ case -1:
++ break;
++
++ default:
++ break;
++
++ }
++ return 0;
++}
++
++
++int vc_vx_info(uint32_t id, void *data)
++{
++ struct vx_info *vxi;
++ struct vcmd_vx_info_v0 vc_data;
++
++ if (!vx_check(0, VX_ADMIN))
++ return -ENOSYS;
++ if (!capable(CAP_SYS_ADMIN) || !capable(CAP_SYS_RESOURCE))
++ return -EPERM;
++
++ vxi = find_vx_info(id);
++ if (!vxi)
++ return -ESRCH;
++
++ if (copy_to_user (data, &vc_data, sizeof(vc_data)))
++ return -EFAULT;
++ return 0;
++}
++
++
++/* virtual host info names */
++
++static char * vx_vhi_name(struct vx_info *vxi, int id)
++{
++ switch (id) {
++ case VHIN_CONTEXT:
++ return vxi->vx_name;
++ case VHIN_SYSNAME:
++ return vxi->virt.utsname.sysname;
++ case VHIN_NODENAME:
++ return vxi->virt.utsname.nodename;
++ case VHIN_RELEASE:
++ return vxi->virt.utsname.release;
++ case VHIN_VERSION:
++ return vxi->virt.utsname.version;
++ case VHIN_MACHINE:
++ return vxi->virt.utsname.machine;
++ case VHIN_DOMAINNAME:
++ return vxi->virt.utsname.domainname;
++ default:
++ }
++ return NULL;
++}
++
++int vc_set_vhi_name(uint32_t id, void *data)
++{
++ struct vx_info *vxi;
++ struct vcmd_vx_vhi_name_v0 vc_data;
++ char *name;
++
++ if (!vx_check(0, VX_ADMIN))
++ return -ENOSYS;
++ if (!capable(CAP_SYS_ADMIN))
++ return -EPERM;
++ if (copy_from_user (&vc_data, data, sizeof(vc_data)))
++ return -EFAULT;
++
++ vxi = find_vx_info(id);
++ if (!vxi)
++ return -ESRCH;
++
++ name = vx_vhi_name(vxi, vc_data.field);
++ if (name)
++ memcpy(name, vc_data.name, 65);
++ put_vx_info(vxi);
++ return (name ? 0 : -EFAULT);
++}
++
++int vc_get_vhi_name(uint32_t id, void *data)
++{
++ struct vx_info *vxi;
++ struct vcmd_vx_vhi_name_v0 vc_data;
++ char *name;
++
++ if (!vx_check(0, VX_ADMIN))
++ return -ENOSYS;
++ if (copy_from_user (&vc_data, data, sizeof(vc_data)))
++ return -EFAULT;
++
++ vxi = find_vx_info(id);
++ if (!vxi)
++ return -ESRCH;
++
++ name = vx_vhi_name(vxi, vc_data.field);
++ if (!name)
++ goto out_put;
++
++ memcpy(vc_data.name, name, 65);
++ if (copy_to_user (data, &vc_data, sizeof(vc_data)))
++ return -EFAULT;
++out_put:
++ put_vx_info(vxi);
++ return (name ? 0 : -EFAULT);
++}
++
++
++
+diff -NurpP --minimal linux-2.6.2-rc1/kernel/vserver/inode.c linux-2.6.2-rc1-vs0.05.1/kernel/vserver/inode.c
+--- linux-2.6.2-rc1/kernel/vserver/inode.c Thu Jan 1 01:00:00 1970
++++ linux-2.6.2-rc1-vs0.05.1/kernel/vserver/inode.c Sat Jan 24 07:54:13 2004
+@@ -0,0 +1,174 @@
++/*
++ * linux/kernel/vserver/inode.c
++ *
++ * Virtual Server: File System Support
++ *
++ * Copyright (C) 2004 Herbert Pötzl
++ *
++ * V0.01 separated from vcontext V0.05
++ *
++ */
++
++#include <linux/config.h>
++//#include <linux/linkage.h>
++//#include <linux/utsname.h>
++//#include <linux/slab.h>
++//#include <linux/vcontext.h>
++//#include <linux/vswitch.h>
++#include <linux/vinline.h>
++#include <linux/fs.h>
++#include <linux/proc_fs.h>
++//#include <linux/kernel_stat.h>
++#include <linux/vserver/inode.h>
++
++#include <asm/errno.h>
++#include <asm/uaccess.h>
++//#include <asm/smplock.h>
++
++
++int vc_get_iattr(uint32_t id, void *data)
++{
++ struct super_block *sb;
++ struct inode *in;
++ struct vcmd_ctx_iattr_v0 vc_data;
++ int ret;
++#if 0
++
++ if (!vx_check(0, VX_ADMIN))
++ return -ENOSYS;
++ if (copy_from_user (&vc_data, data, sizeof(vc_data)))
++ return -EFAULT;
++
++ ret = -ESRCH;
++ sb = get_super(to_kdev_t(id));
++ if (!sb)
++ goto out;
++ in = iget(sb, vc_data.ino);
++ if (!in)
++ goto out_drop_sb;
++
++ vc_data.xid = in->i_xid;
++ vc_data.flags = IATTR_XID
++ | (IS_BARRIER(in) ? IATTR_BARRIER : 0)
++ | (IS_IUNLINK(in) ? IATTR_IUNLINK : 0);
++ vc_data.mask = IATTR_XID | IATTR_BARRIER | IATTR_IUNLINK;
++
++ if (sb->s_magic == PROC_SUPER_MAGIC) {
++ vc_data.flags |= (in->u.proc_i.vx_flags & IATTR_FLAGS);
++ vc_data.mask |= IATTR_FLAGS;
++ }
++
++ ret = 0;
++ if (copy_to_user (data, &vc_data, sizeof(vc_data)))
++ ret = -EFAULT;
++ iput(in);
++out_drop_sb:
++ drop_super(sb);
++out:
++#endif
++ return ret;
++}
++
++int vc_set_iattr(uint32_t id, void *data)
++{
++ struct super_block *sb;
++ struct inode *in;
++ struct vcmd_ctx_iattr_v0 vc_data;
++ int ret;
++#if 0
++ if (!vx_check(0, VX_ADMIN))
++ return -ENOSYS;
++ if (!capable(CAP_SYS_ADMIN) || !capable(CAP_LINUX_IMMUTABLE))
++ return -EPERM;
++ if (copy_from_user (&vc_data, data, sizeof(vc_data)))
++ return -EFAULT;
++
++ ret = -ESRCH;
++ sb = get_super(to_kdev_t(id));
++ if (!sb)
++ goto out;
++
++ ret = -ENOTSUP;
++ if ((vc_data.mask & IATTR_FLAGS) && (sb->s_magic != PROC_SUPER_MAGIC))
++ goto out_drop_sb;
++
++ ret = -ESRCH;
++ in = iget(sb, vc_data.ino);
++ if (!in)
++ goto out_drop_sb;
++
++ lock_kernel();
++ if (vc_data.mask & IATTR_XID)
++ in->i_xid = vc_data.xid;
++
++ if (vc_data.mask & IATTR_FLAGS) {
++ unsigned int flags = in->u.proc_i.vx_flags;
++ unsigned int mask = vc_data.mask;
++
++ in->u.proc_i.vx_flags = (flags & ~(mask & IATTR_FLAGS))
++ | (vc_data.flags & IATTR_FLAGS);
++ }
++
++ if (vc_data.mask & IATTR_BARRIER)
++ in->i_flags = (in->i_flags & ~S_BARRIER)
++ | ((vc_data.flags & IATTR_BARRIER) ? S_BARRIER : 0);
++ if (vc_data.mask & IATTR_IUNLINK)
++ in->i_flags = (in->i_flags & ~S_IUNLINK)
++ | ((vc_data.flags & IATTR_IUNLINK) ? S_IUNLINK : 0);
++ mark_inode_dirty(in);
++ unlock_kernel();
++ iput(in);
++out_drop_sb:
++ drop_super(sb);
++out:
++#endif
++ return ret;
++}
++
++
++
++#include <linux/proc_fs.h>
++
++int vx_proc_ioctl(struct inode * inode, struct file * filp,
++ unsigned int cmd, unsigned long arg)
++{
++ struct proc_dir_entry *entry;
++ int error = 0;
++ int flags;
++
++ if (inode->i_ino < PROC_DYNAMIC_FIRST ||
++ inode->i_ino >= PROC_DYNAMIC_FIRST+PROC_NDYNAMIC)
++ return -ENOTTY;
++
++ entry = PROC_I(inode)->pde;
++
++ switch(cmd) {
++ case FIOC_GETXFLG: {
++ /* fixme: if stealth, return -ENOTTY */
++ error = -EPERM;
++ flags = entry->vx_flags;
++ if (capable(CAP_CONTEXT))
++ error = put_user(flags, (int *) arg);
++ break;
++ }
++ case FIOC_SETXFLG: {
++ /* fixme: if stealth, return -ENOTTY */
++ error = -EPERM;
++ if (!capable(CAP_CONTEXT))
++ break;
++ error = -EROFS;
++ if (IS_RDONLY(inode))
++ break;
++ error = -EFAULT;
++ if (get_user(flags, (int *) arg))
++ break;
++ error = 0;
++ entry->vx_flags = flags;
++ break;
++ }
++ default:
++ return -ENOTTY;
++ }
++ return error;
++}
++
+diff -NurpP --minimal linux-2.6.2-rc1/kernel/vserver/legacy.c linux-2.6.2-rc1-vs0.05.1/kernel/vserver/legacy.c
+--- linux-2.6.2-rc1/kernel/vserver/legacy.c Thu Jan 1 01:00:00 1970
++++ linux-2.6.2-rc1-vs0.05.1/kernel/vserver/legacy.c Sat Jan 24 05:14:16 2004
+@@ -0,0 +1,211 @@
++/*
++ * linux/kernel/vserver/legacy.c
++ *
++ * Virtual Server: Legacy Funtions
++ *
++ * Copyright (C) 2001-2003 Jacques Gelinas
++ * Copyright (C) 2003-2004 Herbert Pötzl
++ *
++ * V0.01 broken out from vcontext.c V0.05
++ *
++ */
++
++#include <linux/config.h>
++//#include <linux/linkage.h>
++//#include <linux/utsname.h>
++//#include <linux/slab.h>
++#include <linux/vserver/context.h>
++#include <linux/vserver/legacy.h>
++//#include <linux/vswitch.h>
++#include <linux/vinline.h>
++#include <linux/sched.h>
++//#include <linux/kernel_stat.h>
++
++#include <asm/errno.h>
++#include <asm/uaccess.h>
++
++
++static int vx_migrate_user(struct task_struct *p, struct vx_info *vxi)
++{
++ struct user_struct *new_user, *old_user;
++
++ if (!p || !vxi)
++ BUG();
++ new_user = alloc_uid(vxi->vx_id, p->uid);
++ if (!new_user)
++ return -ENOMEM;
++
++ old_user = p->user;
++ if (new_user != old_user) {
++ atomic_inc(&new_user->processes);
++ atomic_dec(&old_user->processes);
++ p->user = new_user;
++ }
++ free_uid(old_user);
++ return 0;
++}
++
++/*
++ * migrate task to new context
++ * gets vxi, puts old_vxi on change
++ */
++
++static int vx_migrate_task(struct task_struct *p, struct vx_info *vxi)
++{
++ struct vx_info *old_vxi = task_get_vx_info(p);
++ int ret = 0;
++
++ if (!p || !vxi)
++ BUG();
++
++ vxdprintk("vx_migrate_task(%p,%p[#%d.%d)\n", p, vxi,
++ vxi->vx_id, atomic_read(&vxi->vx_refcount));
++ spin_lock(&p->alloc_lock);
++ if (old_vxi == vxi)
++ goto out;
++
++ if (!(ret = vx_migrate_user(p, vxi))) {
++ if (old_vxi) {
++ old_vxi->virt.nr_threads--;
++ atomic_dec(&old_vxi->limit.res[RLIMIT_NPROC]);
++ }
++ vxi->virt.nr_threads++;
++ atomic_inc(&vxi->limit.res[RLIMIT_NPROC]);
++ p->vx_info = get_vx_info(vxi);
++ p->xid = vxi->vx_id;
++ if (old_vxi)
++ put_vx_info(old_vxi);
++ }
++out:
++ spin_unlock(&p->alloc_lock);
++ put_vx_info(old_vxi);
++ return ret;
++}
++
++
++static int vx_set_initpid(struct vx_info *vxi, int pid)
++{
++ int ret = 0;
++ if (vxi->vx_initpid)
++ ret = -EPERM;
++ else
++ vxi->vx_initpid = pid;
++ return ret;
++}
++
++int vc_new_s_context(uint32_t ctx, void *data)
++{
++ int ret = -ENOMEM;
++ struct vcmd_new_s_context_v1 vc_data;
++ struct vx_info *new_vxi;
++
++ if (copy_from_user(&vc_data, data, sizeof(vc_data)))
++ return -EFAULT;
++
++ /* legacy hack, will be removed soon */
++ if (ctx == -2) {
++ /* assign flags and initpid */
++ if (!current->vx_info)
++ return -EINVAL;
++ ret = 0;
++ if (vc_data.flags & VX_INFO_INIT)
++ ret = vx_set_initpid(current->vx_info, current->tgid);
++ if (ret == 0) {
++ /* We keep the same vx_id, but lower the capabilities */
++ current->cap_bset &= (~vc_data.remove_cap);
++ ret = vx_current_xid();
++ current->vx_info->vx_flags |= vc_data.flags;
++ }
++ return ret;
++ }
++
++ if (!vx_check(0, VX_ADMIN) ||
++ !capable(CAP_SYS_ADMIN) ||
++ (current->vx_info &&
++ (current->vx_info->vx_flags & VX_INFO_LOCK)))
++ return -EPERM;
++
++ if (((ctx > MAX_S_CONTEXT) && (ctx != VX_DYNAMIC_ID)) ||
++ (ctx == 0))
++ return -EINVAL;
++
++ if ((ctx == VX_DYNAMIC_ID) || (ctx < MIN_D_CONTEXT))
++ new_vxi = find_or_create_vx_info(ctx);
++ else
++ new_vxi = find_vx_info(ctx);
++
++ if (!new_vxi)
++ return -EINVAL;
++
++ ret = vx_migrate_task(current, new_vxi);
++ if (ret == 0) {
++ current->cap_bset &= (~vc_data.remove_cap);
++ new_vxi->vx_flags |= vc_data.flags;
++ if (vc_data.flags & VX_INFO_INIT)
++ vx_set_initpid(new_vxi, current->tgid);
++ if (vc_data.flags & VX_INFO_NPROC)
++ new_vxi->limit.rlim[RLIMIT_NPROC] =
++ current->rlim[RLIMIT_NPROC].rlim_max;
++ ret = new_vxi->vx_id;
++ }
++ put_vx_info(new_vxi);
++ return ret;
++}
++
++
++
++/* set ipv4 root (syscall) */
++
++int vc_set_ipv4root(uint32_t nbip, void *data)
++{
++ int i, err = -EPERM;
++ struct vcmd_set_ipv4root_v3 vc_data;
++ struct ip_info *new_ipi, *ipi = current->ip_info;
++
++ if (nbip < 0 || nbip > NB_IPV4ROOT)
++ return -EINVAL;
++ if (copy_from_user (&vc_data, data, sizeof(vc_data)))
++ return -EFAULT;
++
++ if (!ipi || ipi->ipv4[0] == 0 || capable(CAP_NET_ADMIN))
++ // We are allowed to change everything
++ err = 0;
++ else if (ipi) {
++ int found = 0;
++
++ // We are allowed to select a subset of the currently
++ // installed IP numbers. No new one allowed
++ // We can't change the broadcast address though
++ for (i=0; i<nbip; i++) {
++ int j;
++ __u32 ipip = vc_data.ip_mask_pair[i].ip;
++ for (j=0; j<ipi->nbipv4; j++) {
++ if (ipip == ipi->ipv4[j]) {
++ found++;
++ break;
++ }
++ }
++ }
++ if ((found == nbip) &&
++ (vc_data.broadcast == ipi->v4_bcast))
++ err = 0;
++ }
++ if (err)
++ return err;
++
++ new_ipi = create_ip_info();
++ if (!new_ipi)
++ return -EINVAL;
++
++ new_ipi->nbipv4 = nbip;
++ for (i=0; i<nbip; i++) {
++ new_ipi->ipv4[i] = vc_data.ip_mask_pair[i].ip;
++ new_ipi->mask[i] = vc_data.ip_mask_pair[i].mask;
++ }
++ new_ipi->v4_bcast = vc_data.broadcast;
++ current->ip_info = new_ipi;
++ put_ip_info(ipi);
++ return 0;
++}
++
++
+diff -NurpP --minimal linux-2.6.2-rc1/kernel/vserver/limit.c linux-2.6.2-rc1-vs0.05.1/kernel/vserver/limit.c
+--- linux-2.6.2-rc1/kernel/vserver/limit.c Thu Jan 1 01:00:00 1970
++++ linux-2.6.2-rc1-vs0.05.1/kernel/vserver/limit.c Sat Jan 24 05:54:03 2004
+@@ -0,0 +1,116 @@
++/*
++ * linux/kernel/vserver/limit.c
++ *
++ * Virtual Server: Context Limits
++ *
++ * Copyright (C) 2004 Herbert Pötzl
++ *
++ * V0.01 broken out from vcontext V0.05
++ *
++ */
++
++#include <linux/config.h>
++//#include <linux/linkage.h>
++//#include <linux/utsname.h>
++//#include <linux/slab.h>
++#include <linux/vserver/limit.h>
++#include <linux/vserver/context.h>
++#include <linux/vserver/switch.h>
++#include <linux/vinline.h>
++//#include <linux/sched.h>
++//#include <linux/kernel_stat.h>
++
++#include <asm/errno.h>
++#include <asm/uaccess.h>
++
++
++static int is_valid_rlimit(int id)
++{
++ int valid = 0;
++
++ switch (id) {
++ case RLIMIT_NPROC:
++ case RLIMIT_AS:
++ case RLIMIT_RSS:
++ valid = 1;
++ break;
++ }
++ return valid;
++}
++
++int vc_get_rlimit(uint32_t id, void *data)
++{
++ struct vx_info *vxi;
++ struct vcmd_ctx_rlimit_v0 vc_data;
++
++ if (!vx_check(0, VX_ADMIN))
++ return -ENOSYS;
++ if (copy_from_user (&vc_data, data, sizeof(vc_data)))
++ return -EFAULT;
++ if (!is_valid_rlimit(vc_data.id))
++ return -ENOTSUPP;
++
++ vxi = find_vx_info(id);
++ if (!vxi)
++ return -ESRCH;
++
++ if (vc_data.maximum != CRLIM_KEEP)
++ vc_data.maximum = vxi->limit.rlim[vc_data.id];
++ vc_data.minimum = CRLIM_UNSET;
++ vc_data.softlimit = CRLIM_UNSET;
++ put_vx_info(vxi);
++
++ if (copy_to_user (data, &vc_data, sizeof(vc_data)))
++ return -EFAULT;
++ return 0;
++}
++
++int vc_set_rlimit(uint32_t id, void *data)
++{
++ struct vx_info *vxi;
++ struct vcmd_ctx_rlimit_v0 vc_data;
++
++ if (!vx_check(0, VX_ADMIN))
++ return -ENOSYS;
++ if (!capable(CAP_SYS_ADMIN) || !capable(CAP_SYS_RESOURCE))
++ return -EPERM;
++ if (copy_from_user (&vc_data, data, sizeof(vc_data)))
++ return -EFAULT;
++ if (!is_valid_rlimit(vc_data.id))
++ return -ENOTSUPP;
++
++ vxi = find_vx_info(id);
++ if (!vxi)
++ return -ESRCH;
++
++ if (vc_data.maximum != CRLIM_KEEP)
++ vxi->limit.rlim[vc_data.id] = vc_data.maximum;
++ printk("setting [%d] = %d\n", vc_data.id, (int)vc_data.maximum);
++ put_vx_info(vxi);
++
++ return 0;
++}
++
++int vc_get_rlimit_mask(uint32_t id, void *data)
++{
++ static struct vcmd_ctx_rlimit_mask_v0 mask = {
++ /* minimum */
++ 0
++ , /* softlimit */
++ 0
++ , /* maximum */
++ (1 << RLIMIT_NPROC) |
++ (1 << RLIMIT_AS) |
++ (1 << RLIMIT_RSS)
++ };
++
++ if (!vx_check(0, VX_ADMIN))
++ return -ENOSYS;
++ if (!capable(CAP_SYS_ADMIN) || !capable(CAP_SYS_RESOURCE))
++ return -EPERM;
++ if (copy_to_user(data, &mask, sizeof(mask)))
++ return -EFAULT;
++ return 0;
++}
++
++
+diff -NurpP --minimal linux-2.6.2-rc1/kernel/vserver/network.c linux-2.6.2-rc1-vs0.05.1/kernel/vserver/network.c
+--- linux-2.6.2-rc1/kernel/vserver/network.c Thu Jan 1 01:00:00 1970
++++ linux-2.6.2-rc1-vs0.05.1/kernel/vserver/network.c Sat Jan 24 05:46:08 2004
+@@ -0,0 +1,83 @@
++/*
++ * linux/kernel/vserver/network.c
++ *
++ * Virtual Server: Network Support
++ *
++ * Copyright (C) 2003-2004 Herbert Pötzl
++ *
++ * V0.01 broken out from vcontext V0.05
++ * V0.05 rlimit basic implementation
++ *
++ */
++
++#include <linux/config.h>
++//#include <linux/linkage.h>
++//#include <linux/utsname.h>
++#include <linux/slab.h>
++#include <linux/vserver/network.h>
++//#include <linux/vswitch.h>
++#include <linux/vinline.h>
++//#include <linux/sched.h>
++//#include <linux/kernel_stat.h>
++
++#include <asm/errno.h>
++//#include <asm/uaccess.h>
++
++
++
++LIST_HEAD(ip_infos);
++
++spinlock_t iplist_lock
++ __cacheline_aligned_in_smp = SPIN_LOCK_UNLOCKED;
++
++
++/*
++ * struct ip_info allocation and deallocation
++ */
++
++static struct ip_info *alloc_ip_info(void)
++{
++ struct ip_info *new = NULL;
++
++ vxdprintk("alloc_ip_info()\n");
++ /* would this benefit from a slab cache? */
++ new = kmalloc(sizeof(struct ip_info), GFP_KERNEL);
++ if (!new)
++ return 0;
++
++ memset (new, 0, sizeof(struct ip_info));
++ /* rest of init goes here */
++
++
++ vxdprintk("alloc_ip_info() = %p\n", new);
++ return new;
++}
++
++// extern int ip_proc_destroy(struct ip_info *);
++
++void free_ip_info(struct ip_info *ipi)
++{
++ vxdprintk("free_ip_info(%p)\n", ipi);
++// ip_proc_destroy(ipi);
++ kfree(ipi);
++}
++
++struct ip_info *create_ip_info(void)
++{
++ struct ip_info *new;
++
++ vxdprintk("create_ip_info()\n");
++ if (!(new = alloc_ip_info()))
++ return 0;
++
++ spin_lock(&iplist_lock);
++
++ /* new ip info */
++ atomic_set(&new->ip_refcount, 1);
++ list_add(&new->ip_list, &ip_infos);
++// ip_proc_create(new);
++
++ spin_unlock(&iplist_lock);
++ return new;
++}
++
+diff -NurpP --minimal linux-2.6.2-rc1/kernel/vserver/signal.c linux-2.6.2-rc1-vs0.05.1/kernel/vserver/signal.c
+--- linux-2.6.2-rc1/kernel/vserver/signal.c Thu Jan 1 01:00:00 1970
++++ linux-2.6.2-rc1-vs0.05.1/kernel/vserver/signal.c Sat Jan 24 06:37:18 2004
+@@ -0,0 +1,85 @@
++/*
++ * linux/kernel/vserver/signal.c
++ *
++ * Virtual Server: Signal Support
++ *
++ * Copyright (C) 2003-2004 Herbert Pötzl
++ *
++ * V0.01 broken out from vcontext V0.05
++ *
++ */
++
++#include <linux/config.h>
++#include <linux/sched.h>
++
++#include <asm/errno.h>
++#include <asm/uaccess.h>
++
++#include <linux/vinline.h>
++#include <linux/vserver/signal.h>
++
++
++int vc_ctx_kill(uint32_t id, void *data)
++{
++ int retval, count=0;
++ struct vcmd_ctx_kill_v0 vc_data;
++ struct siginfo info;
++ struct task_struct *p;
++ struct vx_info *vxi;
++
++ if (!vx_check(0, VX_ADMIN))
++ return -ENOSYS;
++ if (copy_from_user (&vc_data, data, sizeof(vc_data)))
++ return -EFAULT;
++
++ info.si_signo = vc_data.sig;
++ info.si_errno = 0;
++ info.si_code = SI_USER;
++ info.si_pid = current->pid;
++ info.si_uid = current->uid;
++
++ vxi = find_vx_info(id);
++ if (!vxi)
++ return -ESRCH;
++
++ retval = -ESRCH;
++ read_lock(&tasklist_lock);
++ switch (vc_data.pid) {
++ case -1:
++ case 0:
++ for_each_process(p) {
++ int err = 0;
++
++ if (vx_task_xid(p) != id || p->pid <= 1 ||
++ (vc_data.pid && vxi->vx_initpid == p->pid) ||
++ !thread_group_leader(p))
++ continue;
++
++ err = send_sig_info(vc_data.sig, &info, p);
++ ++count;
++ if (err != -EPERM)
++ retval = err;
++ }
++ break;
++
++ default:
++ p = find_task_by_pid(vc_data.pid);
++ if (p) {
++ if (!thread_group_leader(p)) {
++ struct task_struct *tg;
++
++ tg = find_task_by_pid(p->tgid);
++ if (tg)
++ p = tg;
++ }
++ if ((id == -1) || (vx_task_xid(p) == id))
++ retval = send_sig_info(vc_data.sig, &info, p);
++ }
++ break;
++ }
++ read_unlock(&tasklist_lock);
++ put_vx_info(vxi);
++ return retval;
++}
++
++
+diff -NurpP --minimal linux-2.6.2-rc1/kernel/vserver/switch.c linux-2.6.2-rc1-vs0.05.1/kernel/vserver/switch.c
+--- linux-2.6.2-rc1/kernel/vserver/switch.c Thu Jan 1 01:00:00 1970
++++ linux-2.6.2-rc1-vs0.05.1/kernel/vserver/switch.c Sat Jan 24 05:14:16 2004
+@@ -0,0 +1,84 @@
++/*
++ * linux/kernel/vserver/switch.c
++ *
++ * Virtual Server: Syscall Switch
++ *
++ * Copyright (C) 2003-2004 Herbert Pötzl
++ *
++ * V0.01 syscall switch
++ * V0.02 added signal to context
++ * V0.03 added rlimit functions
++ * V0.04 added iattr, task/xid functions
++ *
++ */
++
++#include <linux/config.h>
++#include <linux/linkage.h>
++#include <asm/errno.h>
++
++#include <linux/vserver/switch.h>
++
++
++static inline int
++vc_get_version(uint32_t id)
++{
++ return VCI_VERSION;
++}
++
++
++#include <linux/vserver/legacy.h>
++#include <linux/vserver/context.h>
++#include <linux/vserver/network.h>
++#include <linux/vserver/limit.h>
++#include <linux/vserver/inode.h>
++#include <linux/vserver/signal.h>
++
++extern asmlinkage int
++sys_vserver(uint32_t cmd, uint32_t id, void *data)
++{
++ int ret = -ENOTSUP;
++
++ switch (cmd) {
++ case VCMD_get_version:
++ ret = vc_get_version(id);
++ break;
++
++ case VCMD_new_s_context:
++ ret = vc_new_s_context(id, data);
++ break;
++ case VCMD_set_ipv4root:
++ ret = vc_set_ipv4root(id, data);
++ break;
++
++ case VCMD_get_rlimit:
++ ret = vc_get_rlimit(id, data);
++ break;
++ case VCMD_set_rlimit:
++ ret = vc_set_rlimit(id, data);
++ break;
++ case VCMD_get_rlimit_mask:
++ ret = vc_get_rlimit_mask(id, data);
++ break;
++
++ case VCMD_ctx_kill:
++ ret = vc_ctx_kill(id, data);
++ break;
++
++ case VCMD_get_iattr:
++ ret = vc_get_iattr(id, data);
++ break;
++ case VCMD_set_iattr:
++ ret = vc_set_iattr(id, data);
++ break;
++
++ case VCMD_task_xid:
++ ret = vc_task_xid(id, data);
++ break;
++ case VCMD_vx_info:
++ ret = vc_vx_info(id, data);
++ break;
++ }
++ return ret;
++}
++
++
+diff -NurpP --minimal linux-2.6.2-rc1/net/ipv4/af_inet.c linux-2.6.2-rc1-vs0.05.1/net/ipv4/af_inet.c
+--- linux-2.6.2-rc1/net/ipv4/af_inet.c Sat Jan 24 03:18:20 2004
++++ linux-2.6.2-rc1-vs0.05.1/net/ipv4/af_inet.c Sat Jan 24 05:46:08 2004
+@@ -158,6 +158,10 @@ void inet_sock_destruct(struct sock *sk)
+
+ if (inet->opt)
+ kfree(inet->opt);
++
++ /* reordering required? */
++ put_ip_info(sk->sk_ip_info);
++ sk->sk_ip_info = NULL;
+ dst_release(sk->sk_dst_cache);
+ #ifdef INET_REFCNT_DEBUG
+ atomic_dec(&inet_sock_nr);
+@@ -397,6 +401,9 @@ static int inet_create(struct socket *so
+ sk->sk_family = PF_INET;
+ sk->sk_protocol = protocol;
+ sk->sk_backlog_rcv = sk->sk_prot->backlog_rcv;
++
++ sk->sk_xid = vx_current_xid();
++ sk->sk_ip_info = NULL;
+
+ inet->uc_ttl = -1;
+ inet->mc_loop = 1;
+@@ -476,6 +483,10 @@ int inet_bind(struct socket *sock, struc
+ unsigned short snum;
+ int chk_addr_ret;
+ int err;
++ __u32 s_addr; /* Address used for validation */
++ __u32 s_addr1;
++ __u32 s_addr2 = 0xffffffffl; /* Optional address of the socket */
++ struct ip_info *ip_info;
+
+ /* If the socket has its own bind function then use it. (RAW) */
+ if (sk->sk_prot->bind) {
+@@ -486,7 +497,37 @@ int inet_bind(struct socket *sock, struc
+ if (addr_len < sizeof(struct sockaddr_in))
+ goto out;
+
+- chk_addr_ret = inet_addr_type(addr->sin_addr.s_addr);
++ s_addr = s_addr1 = addr->sin_addr.s_addr;
++ ip_info = current->ip_info;
++ if (ip_info) {
++ __u32 v4_bcast = ip_info->v4_bcast;
++ __u32 ipv4root = ip_info->ipv4[0];
++ int nbipv4 = ip_info->nbipv4;
++ if (s_addr == 0) {
++ s_addr = ipv4root;
++ if (nbipv4 > 1)
++ s_addr1 = 0;
++ else {
++ s_addr1 = ipv4root;
++ ip_info = NULL;
++ }
++ s_addr2 = v4_bcast;
++ } else if (s_addr == 0x0100007f) {
++ s_addr = s_addr1 = ipv4root;
++ ip_info = NULL;
++ } else if (s_addr != v4_bcast
++ && s_addr != ipv4root) {
++ int i;
++ for (i=0; i<nbipv4; i++) {
++ if (s_addr == ip_info->ipv4[i])
++ break;
++ }
++ if (i == nbipv4)
++ return -EADDRNOTAVAIL;
++ ip_info = NULL;
++ }
++ }
++ chk_addr_ret = inet_addr_type(s_addr);
+
+ /* Not specified by any standard per-se, however it breaks too
+ * many applications when removed. It is unfortunate since
+@@ -498,7 +539,7 @@ int inet_bind(struct socket *sock, struc
+ err = -EADDRNOTAVAIL;
+ if (!sysctl_ip_nonlocal_bind &&
+ !inet->freebind &&
+- addr->sin_addr.s_addr != INADDR_ANY &&
++ s_addr != INADDR_ANY &&
+ chk_addr_ret != RTN_LOCAL &&
+ chk_addr_ret != RTN_MULTICAST &&
+ chk_addr_ret != RTN_BROADCAST)
+@@ -523,13 +564,18 @@ int inet_bind(struct socket *sock, struc
+ if (sk->sk_state != TCP_CLOSE || inet->num)
+ goto out_release_sock;
+
+- inet->rcv_saddr = inet->saddr = addr->sin_addr.s_addr;
++ inet->rcv_saddr = inet->saddr = s_addr1;
++ inet->rcv_saddr2 = s_addr2;
++ sk->sk_ip_info = get_ip_info(ip_info);
++
+ if (chk_addr_ret == RTN_MULTICAST || chk_addr_ret == RTN_BROADCAST)
+ inet->saddr = 0; /* Use device */
+
+ /* Make sure we are allowed to bind here. */
+ if (sk->sk_prot->get_port(sk, snum)) {
+ inet->saddr = inet->rcv_saddr = 0;
++ sk->sk_ip_info = NULL;
++ put_ip_info(ip_info);
+ err = -EADDRINUSE;
+ goto out_release_sock;
+ }
+diff -NurpP --minimal linux-2.6.2-rc1/net/ipv4/devinet.c linux-2.6.2-rc1-vs0.05.1/net/ipv4/devinet.c
+--- linux-2.6.2-rc1/net/ipv4/devinet.c Sat Jan 24 03:18:20 2004
++++ linux-2.6.2-rc1-vs0.05.1/net/ipv4/devinet.c Sat Jan 24 05:46:08 2004
+@@ -487,6 +487,33 @@ static __inline__ int inet_abc_len(u32 a
+ return rc;
+ }
+
++/*
++ Check that a device is not member of the ipv4root assigned to the process
++ Return true if this is the case
++
++ If the process is not bound to specific IP, then it returns 0 (all
++ interface are fine).
++*/
++static int devinet_notiproot (struct in_ifaddr *ifa)
++{
++ int ret = 0;
++ struct ip_info *info = current->ip_info;
++
++ if (info && !vx_check(0, VX_ADMIN)) {
++ int i;
++ int nbip = info->nbipv4;
++ __u32 addr = ifa->ifa_local;
++ ret = 1;
++ for (i=0; i<nbip; i++) {
++ if(info->ipv4[i] == addr) {
++ ret = 0;
++ break;
++ }
++ }
++ }
++ return ret;
++}
++
+
+ int devinet_ioctl(unsigned int cmd, void *arg)
+ {
+@@ -594,6 +621,8 @@ int devinet_ioctl(unsigned int cmd, void
+ ret = -EADDRNOTAVAIL;
+ if (!ifa && cmd != SIOCSIFADDR && cmd != SIOCSIFFLAGS)
+ goto done;
++ if (ifa != NULL && devinet_notiproot(ifa))
++ goto done;
+
+ switch(cmd) {
+ case SIOCGIFADDR: /* Get interface address */
+@@ -723,6 +752,8 @@ static int inet_gifconf(struct net_devic
+ goto out;
+
+ for (; ifa; ifa = ifa->ifa_next) {
++ if (devinet_notiproot(ifa))
++ continue;
+ if (!buf) {
+ done += sizeof(ifr);
+ continue;
+@@ -980,6 +1011,8 @@ static int inet_dump_ifaddr(struct sk_bu
+ read_lock(&in_dev->lock);
+ for (ifa = in_dev->ifa_list, ip_idx = 0; ifa;
+ ifa = ifa->ifa_next, ip_idx++) {
++ if (devinet_notiproot(ifa))
++ continue;
+ if (ip_idx < s_ip_idx)
+ continue;
+ if (inet_fill_ifaddr(skb, ifa, NETLINK_CB(cb->skb).pid,
+diff -NurpP --minimal linux-2.6.2-rc1/net/ipv4/raw.c linux-2.6.2-rc1-vs0.05.1/net/ipv4/raw.c
+--- linux-2.6.2-rc1/net/ipv4/raw.c Sat Jan 24 03:18:20 2004
++++ linux-2.6.2-rc1-vs0.05.1/net/ipv4/raw.c Sat Jan 24 05:46:08 2004
+@@ -102,6 +102,38 @@ static void raw_v4_unhash(struct sock *s
+ write_unlock_bh(&raw_v4_lock);
+ }
+
++
++/*
++ Check if an address is in the list
++*/
++static inline int raw_addr_in_list (
++ u32 rcv_saddr1,
++ u32 rcv_saddr2,
++ u32 loc_addr,
++ struct ip_info *ip_info)
++{
++ int ret = 0;
++ if (loc_addr != 0 &&
++ (rcv_saddr1 == loc_addr || rcv_saddr2 == loc_addr))
++ ret = 1;
++ else if (rcv_saddr1 == 0) {
++ /* Accept any address or only the one in the list */
++ if (ip_info == NULL)
++ ret = 1;
++ else {
++ int n = ip_info->nbipv4;
++ int i;
++ for (i=0; i<n; i++) {
++ if (ip_info->ipv4[i] == loc_addr) {
++ ret = 1;
++ break;
++ }
++ }
++ }
++ }
++ return ret;
++}
++
+ struct sock *__raw_v4_lookup(struct sock *sk, unsigned short num,
+ unsigned long raddr, unsigned long laddr,
+ int dif)
+@@ -113,7 +145,8 @@ struct sock *__raw_v4_lookup(struct sock
+
+ if (inet->num == num &&
+ !(inet->daddr && inet->daddr != raddr) &&
+- !(inet->rcv_saddr && inet->rcv_saddr != laddr) &&
++ raw_addr_in_list(inet->rcv_saddr, inet->rcv_saddr2,
++ laddr, sk->sk_ip_info) &&
+ !(sk->sk_bound_dev_if && sk->sk_bound_dev_if != dif))
+ goto found; /* gotcha */
+ }
+@@ -687,7 +720,8 @@ static struct sock *raw_get_first(struct
+ struct hlist_node *node;
+
+ sk_for_each(sk, node, &raw_v4_htable[state->bucket])
+- if (sk->sk_family == PF_INET)
++ if (sk->sk_family == PF_INET &&
++ vx_check(sk->sk_xid, VX_WATCH|VX_IDENT))
+ goto found;
+ }
+ sk = NULL;
+diff -NurpP --minimal linux-2.6.2-rc1/net/ipv4/tcp_ipv4.c linux-2.6.2-rc1-vs0.05.1/net/ipv4/tcp_ipv4.c
+--- linux-2.6.2-rc1/net/ipv4/tcp_ipv4.c Fri Jan 9 07:59:19 2004
++++ linux-2.6.2-rc1-vs0.05.1/net/ipv4/tcp_ipv4.c Sat Jan 24 05:46:08 2004
+@@ -179,9 +179,52 @@ void tcp_bind_hash(struct sock *sk, stru
+ tcp_sk(sk)->bind_hash = tb;
+ }
+
++/*
++ Return 1 if addr match the socket IP list
++ or the socket is INADDR_ANY
++*/
++static inline int tcp_in_list (struct sock *sk, u32 addr)
++{
++ struct ip_info *ip_info = sk->sk_ip_info;
++
++ if (ip_info) {
++ int n = ip_info->nbipv4;
++ int i;
++
++ for (i=0; i<n; i++)
++ if (ip_info->ipv4[i] == addr)
++ return 1;
++ }
++ else if (!tcp_v4_rcv_saddr(sk) || tcp_v4_rcv_saddr(sk) == addr)
++ return 1;
++ return 0;
++}
++
++/*
++ Check if the addresses in sk1 conflict with those in sk2
++*/
++int tcp_ipv4_addr_conflict (struct sock *sk1, struct sock *sk2)
++{
++ if (tcp_v4_rcv_saddr(sk1)) {
++ /* Bind to one address only */
++ return tcp_in_list (sk2, tcp_v4_rcv_saddr(sk1));
++ } else if (sk1->sk_ip_info) {
++ /* A restricted bind(any) */
++ struct ip_info *ip_info = sk1->sk_ip_info;
++ int n = ip_info->nbipv4;
++ int i;
++
++ for (i=0; i<n; i++)
++ if (tcp_in_list (sk2, ip_info->ipv4[i]))
++ return 1;
++ } else /* A bind(any) do not allow other bind on the same port */
++ return 1;
++ return 0;
++}
++
+ static inline int tcp_bind_conflict(struct sock *sk, struct tcp_bind_bucket *tb)
+ {
+- const u32 sk_rcv_saddr = tcp_v4_rcv_saddr(sk);
++// const u32 sk_rcv_saddr = tcp_v4_rcv_saddr(sk);
+ struct sock *sk2;
+ struct hlist_node *node;
+ int reuse = sk->sk_reuse;
+@@ -194,9 +237,8 @@ static inline int tcp_bind_conflict(stru
+ sk->sk_bound_dev_if == sk2->sk_bound_dev_if)) {
+ if (!reuse || !sk2->sk_reuse ||
+ sk2->sk_state == TCP_LISTEN) {
+- const u32 sk2_rcv_saddr = tcp_v4_rcv_saddr(sk2);
+- if (!sk2_rcv_saddr || !sk_rcv_saddr ||
+- sk2_rcv_saddr == sk_rcv_saddr)
++// const u32 sk2_rcv_saddr = tcp_v4_rcv_saddr(sk2);
++ if (tcp_ipv4_addr_conflict(sk, sk2))
+ break;
+ }
+ }
+@@ -405,6 +447,34 @@ void tcp_unhash(struct sock *sk)
+ wake_up(&tcp_lhash_wait);
+ }
+
++/*
++ Check if an address is in the list
++*/
++static inline int tcp_addr_in_list (
++ u32 rcv_saddr,
++ u32 daddr,
++ struct ip_info *ip_info)
++{
++ if (rcv_saddr == daddr)
++ return 1;
++ else if (rcv_saddr == 0) {
++ /* Accept any address or check the list */
++ if (!ip_info)
++ return 1;
++ else {
++ int n = ip_info->nbipv4;
++ int i;
++
++ for (i=0; i<n; i++)
++ if (ip_info->ipv4[i] == daddr)
++ return 1;
++ }
++ }
++ return 0;
++}
++
++
++
+ /* Don't inline this cruft. Here are some nice properties to
+ * exploit here. The BSD API does not allow a listening TCP
+ * to specify the remote port nor the remote address for the
+@@ -426,11 +496,10 @@ static struct sock *__tcp_v4_lookup_list
+ __u32 rcv_saddr = inet->rcv_saddr;
+
+ score = (sk->sk_family == PF_INET ? 1 : 0);
+- if (rcv_saddr) {
+- if (rcv_saddr != daddr)
+- continue;
++ if (tcp_addr_in_list(rcv_saddr, daddr, sk->sk_ip_info))
+ score+=2;
+- }
++ else
++ continue;
+ if (sk->sk_bound_dev_if) {
+ if (sk->sk_bound_dev_if != dif)
+ continue;
+@@ -460,8 +529,8 @@ inline struct sock *tcp_v4_lookup_listen
+ struct inet_opt *inet = inet_sk((sk = __sk_head(head)));
+
+ if (inet->num == hnum && !sk->sk_node.next &&
+- (!inet->rcv_saddr || inet->rcv_saddr == daddr) &&
+ (sk->sk_family == PF_INET || !ipv6_only_sock(sk)) &&
++ tcp_addr_in_list(inet->rcv_saddr, daddr, sk->sk_ip_info) &&
+ !sk->sk_bound_dev_if)
+ goto sherry_cache;
+ sk = __tcp_v4_lookup_listener(head, daddr, hnum, dif);
+diff -NurpP --minimal linux-2.6.2-rc1/net/ipv4/tcp_minisocks.c linux-2.6.2-rc1-vs0.05.1/net/ipv4/tcp_minisocks.c
+--- linux-2.6.2-rc1/net/ipv4/tcp_minisocks.c Fri Jan 9 07:59:55 2004
++++ linux-2.6.2-rc1-vs0.05.1/net/ipv4/tcp_minisocks.c Sat Jan 24 05:46:08 2004
+@@ -362,6 +362,9 @@ void tcp_time_wait(struct sock *sk, int
+ tw->tw_ts_recent_stamp = tp->ts_recent_stamp;
+ tw_dead_node_init(tw);
+
++ tw->tw_xid = sk->sk_xid;
++ tw->tw_ip_info = NULL;
++
+ #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
+ if (tw->tw_family == PF_INET6) {
+ struct ipv6_pinfo *np = inet6_sk(sk);
+@@ -686,6 +689,7 @@ struct sock *tcp_create_openreq_child(st
+ struct sk_filter *filter;
+
+ memcpy(newsk, sk, sizeof(struct tcp_sock));
++ newsk->sk_ip_info = get_ip_info(sk->sk_ip_info);
+ newsk->sk_state = TCP_SYN_RECV;
+
+ /* SANITY */
+diff -NurpP --minimal linux-2.6.2-rc1/net/ipv4/udp.c linux-2.6.2-rc1-vs0.05.1/net/ipv4/udp.c
+--- linux-2.6.2-rc1/net/ipv4/udp.c Sat Jan 24 03:18:20 2004
++++ linux-2.6.2-rc1-vs0.05.1/net/ipv4/udp.c Sat Jan 24 05:46:08 2004
+@@ -120,6 +120,9 @@ rwlock_t udp_hash_lock = RW_LOCK_UNLOCKE
+ /* Shared by v4/v6 udp. */
+ int udp_port_rover;
+
++int tcp_ipv4_addr_conflict (struct sock *sk1, struct sock *sk2);
++
++
+ static int udp_v4_get_port(struct sock *sk, unsigned short snum)
+ {
+ struct hlist_node *node;
+@@ -179,9 +182,7 @@ gotit:
+ (!sk2->sk_bound_dev_if ||
+ !sk->sk_bound_dev_if ||
+ sk2->sk_bound_dev_if == sk->sk_bound_dev_if) &&
+- (!inet2->rcv_saddr ||
+- !inet->rcv_saddr ||
+- inet2->rcv_saddr == inet->rcv_saddr) &&
++ tcp_ipv4_addr_conflict(sk2, sk) &&
+ (!sk2->sk_reuse || !sk->sk_reuse))
+ goto fail;
+ }
+@@ -216,6 +217,17 @@ static void udp_v4_unhash(struct sock *s
+ write_unlock_bh(&udp_hash_lock);
+ }
+
++static int udp_in_list (struct ip_info *ip_info, u32 addr)
++{
++ int n = ip_info->nbipv4;
++ int i;
++
++ for (i=0; i<n; i++)
++ if (ip_info->ipv4[i] == addr)
++ return 1;
++ return 0;
++}
++
+ /* UDP is nearly always wildcards out the wazoo, it makes no sense to try
+ * harder than this. -DaveM
+ */
+@@ -235,6 +247,11 @@ struct sock *udp_v4_lookup_longway(u32 s
+ if (inet->rcv_saddr != daddr)
+ continue;
+ score+=2;
++ } else if (sk->sk_ip_info) {
++ if (udp_in_list(sk->sk_ip_info, daddr))
++ score+=2;
++ else
++ continue;
+ }
+ if (inet->daddr) {
+ if (inet->daddr != saddr)
+@@ -290,7 +307,8 @@ static inline struct sock *udp_v4_mcast_
+ if (inet->num != hnum ||
+ (inet->daddr && inet->daddr != rmt_addr) ||
+ (inet->dport != rmt_port && inet->dport) ||
+- (inet->rcv_saddr && inet->rcv_saddr != loc_addr) ||
++ (inet->rcv_saddr && inet->rcv_saddr != loc_addr &&
++ inet->rcv_saddr2 && inet->rcv_saddr2 != loc_addr) ||
+ ipv6_only_sock(s) ||
+ (s->sk_bound_dev_if && s->sk_bound_dev_if != dif))
+ continue;
+@@ -599,6 +617,18 @@ int udp_sendmsg(struct kiocb *iocb, stru
+ .uli_u = { .ports =
+ { .sport = inet->sport,
+ .dport = dport } } };
++ struct ip_info *ip_info = current->ip_info;
++
++ if (ip_info != NULL) {
++ __u32 ipv4root = ip_info->ipv4[0];
++ if (ipv4root) {
++ if (daddr == 0x0100007f &&
++ !vx_check(0, VX_ADMIN))
++ daddr = ipv4root;
++ if (fl.nl_u.ip4_u.saddr == 0)
++ fl.nl_u.ip4_u.saddr = ipv4root;
++ }
++ }
+ err = ip_route_output_flow(&rt, &fl, sk, !(msg->msg_flags&MSG_DONTWAIT));
+ if (err)
+ goto out;
+diff -NurpP --minimal linux-2.6.2-rc1/net/unix/af_unix.c linux-2.6.2-rc1-vs0.05.1/net/unix/af_unix.c
+--- linux-2.6.2-rc1/net/unix/af_unix.c Sat Jan 24 03:18:22 2004
++++ linux-2.6.2-rc1-vs0.05.1/net/unix/af_unix.c Sat Jan 24 05:46:08 2004
+@@ -120,6 +120,7 @@
+ #include <linux/mount.h>
+ #include <net/checksum.h>
+ #include <linux/security.h>
++#include <linux/vinline.h>
+
+ int sysctl_unix_max_dgram_qlen = 10;
+
+@@ -480,6 +481,7 @@ static struct sock * unix_create1(struct
+ sock_init_data(sock,sk);
+ sk_set_owner(sk, THIS_MODULE);
+
++ sk->sk_xid = vx_current_xid();
+ sk->sk_write_space = unix_write_space;
+ sk->sk_max_ack_backlog = sysctl_unix_max_dgram_qlen;
+ sk->sk_destruct = unix_sock_destructor;
+diff -NurpP --minimal linux-2.6.2-rc1/security/commoncap.c linux-2.6.2-rc1-vs0.05.1/security/commoncap.c
+--- linux-2.6.2-rc1/security/commoncap.c Sat Jan 24 03:18:22 2004
++++ linux-2.6.2-rc1-vs0.05.1/security/commoncap.c Sat Jan 24 07:15:57 2004
+@@ -125,7 +125,7 @@ void cap_bprm_compute_creds (struct linu
+ /* Derived from fs/exec.c:compute_creds. */
+ kernel_cap_t new_permitted, working;
+
+- new_permitted = cap_intersect (bprm->cap_permitted, cap_bset);
++ new_permitted = cap_intersect (bprm->cap_permitted, current->cap_bset);
+ working = cap_intersect (bprm->cap_inheritable,
+ current->cap_inheritable);
+ new_permitted = cap_combine (new_permitted, working);