1 diff -NurpP --minimal linux-2.6.2-rc1/arch/alpha/kernel/ptrace.c linux-2.6.2-rc1-vs0.05/arch/alpha/kernel/ptrace.c
2 --- linux-2.6.2-rc1/arch/alpha/kernel/ptrace.c Fri Jan 9 08:00:02 2004
3 +++ linux-2.6.2-rc1-vs0.05/arch/alpha/kernel/ptrace.c Sat Jan 24 06:45:48 2004
6 #include <linux/kernel.h>
7 #include <linux/sched.h>
8 +#include <linux/vinline.h>
10 #include <linux/smp.h>
11 #include <linux/smp_lock.h>
12 @@ -285,7 +286,7 @@ do_sys_ptrace(long request, long pid, lo
14 get_task_struct(child);
15 read_unlock(&tasklist_lock);
17 + if (!child || !vx_check(vx_task_xid(child), VX_WATCH|VX_IDENT))
20 if (request == PTRACE_ATTACH) {
21 diff -NurpP --minimal linux-2.6.2-rc1/arch/alpha/kernel/systbls.S linux-2.6.2-rc1-vs0.05/arch/alpha/kernel/systbls.S
22 --- linux-2.6.2-rc1/arch/alpha/kernel/systbls.S Fri Jan 9 07:59:45 2004
23 +++ linux-2.6.2-rc1-vs0.05/arch/alpha/kernel/systbls.S Sat Jan 24 06:45:48 2004
24 @@ -291,7 +291,7 @@ sys_call_table:
25 .quad alpha_ni_syscall /* 270 */
26 .quad alpha_ni_syscall
27 .quad alpha_ni_syscall
28 - .quad alpha_ni_syscall
29 + .quad sys_vserver /* 273 sys_vserver */
30 .quad alpha_ni_syscall
31 .quad alpha_ni_syscall /* 275 */
32 .quad alpha_ni_syscall
33 diff -NurpP --minimal linux-2.6.2-rc1/arch/i386/kernel/entry.S linux-2.6.2-rc1-vs0.05/arch/i386/kernel/entry.S
34 --- linux-2.6.2-rc1/arch/i386/kernel/entry.S Fri Jan 9 07:59:19 2004
35 +++ linux-2.6.2-rc1-vs0.05/arch/i386/kernel/entry.S Sat Jan 24 06:45:48 2004
36 @@ -881,6 +881,6 @@ ENTRY(sys_call_table)
37 .long sys_tgkill /* 270 */
39 .long sys_fadvise64_64
40 - .long sys_ni_syscall /* sys_vserver */
43 syscall_table_size=(.-sys_call_table)
44 diff -NurpP --minimal linux-2.6.2-rc1/arch/i386/kernel/ptrace.c linux-2.6.2-rc1-vs0.05/arch/i386/kernel/ptrace.c
45 --- linux-2.6.2-rc1/arch/i386/kernel/ptrace.c Fri Jan 9 07:59:19 2004
46 +++ linux-2.6.2-rc1-vs0.05/arch/i386/kernel/ptrace.c Sat Jan 24 06:45:48 2004
49 #include <linux/kernel.h>
50 #include <linux/sched.h>
51 +#include <linux/vinline.h>
53 #include <linux/smp.h>
54 #include <linux/smp_lock.h>
55 @@ -255,7 +256,7 @@ asmlinkage int sys_ptrace(long request,
57 get_task_struct(child);
58 read_unlock(&tasklist_lock);
60 + if (!child || !vx_check(vx_task_xid(child), VX_WATCH|VX_IDENT))
64 diff -NurpP --minimal linux-2.6.2-rc1/arch/ia64/kernel/ptrace.c linux-2.6.2-rc1-vs0.05/arch/ia64/kernel/ptrace.c
65 --- linux-2.6.2-rc1/arch/ia64/kernel/ptrace.c Fri Jan 9 08:00:12 2004
66 +++ linux-2.6.2-rc1-vs0.05/arch/ia64/kernel/ptrace.c Sat Jan 24 06:45:48 2004
68 #include <linux/config.h>
69 #include <linux/kernel.h>
70 #include <linux/sched.h>
71 +#include <linux/vinline.h>
72 #include <linux/slab.h>
74 #include <linux/errno.h>
75 @@ -1282,7 +1283,7 @@ sys_ptrace (long request, pid_t pid, uns
78 read_unlock(&tasklist_lock);
80 + if (!child || !vx_check(vx_task_xid(child), VX_WATCH|VX_IDENT))
83 if (pid == 1) /* no messing around with init! */
84 diff -NurpP --minimal linux-2.6.2-rc1/arch/m68k/kernel/ptrace.c linux-2.6.2-rc1-vs0.05/arch/m68k/kernel/ptrace.c
85 --- linux-2.6.2-rc1/arch/m68k/kernel/ptrace.c Fri Jan 9 07:59:19 2004
86 +++ linux-2.6.2-rc1-vs0.05/arch/m68k/kernel/ptrace.c Sat Jan 24 06:45:48 2004
89 #include <linux/kernel.h>
90 #include <linux/sched.h>
91 +#include <linux/vinline.h>
93 #include <linux/smp.h>
94 #include <linux/smp_lock.h>
95 @@ -124,7 +125,7 @@ asmlinkage int sys_ptrace(long request,
97 get_task_struct(child);
98 read_unlock(&tasklist_lock);
100 + if (!child || !vx_check(vx_task_xid(child), VX_WATCH|VX_IDENT))
104 diff -NurpP --minimal linux-2.6.2-rc1/arch/mips/kernel/ptrace.c linux-2.6.2-rc1-vs0.05/arch/mips/kernel/ptrace.c
105 --- linux-2.6.2-rc1/arch/mips/kernel/ptrace.c Fri Jan 9 08:00:13 2004
106 +++ linux-2.6.2-rc1-vs0.05/arch/mips/kernel/ptrace.c Sat Jan 24 06:45:48 2004
108 #include <linux/compiler.h>
109 #include <linux/kernel.h>
110 #include <linux/sched.h>
111 +#include <linux/vinline.h>
112 #include <linux/mm.h>
113 #include <linux/errno.h>
114 #include <linux/ptrace.h>
115 @@ -74,7 +75,7 @@ asmlinkage int sys_ptrace(long request,
117 get_task_struct(child);
118 read_unlock(&tasklist_lock);
120 + if (!child || !vx_check(vx_task_xid(child), VX_WATCH|VX_IDENT))
124 diff -NurpP --minimal linux-2.6.2-rc1/arch/parisc/kernel/ptrace.c linux-2.6.2-rc1-vs0.05/arch/parisc/kernel/ptrace.c
125 --- linux-2.6.2-rc1/arch/parisc/kernel/ptrace.c Fri Jan 9 07:59:09 2004
126 +++ linux-2.6.2-rc1-vs0.05/arch/parisc/kernel/ptrace.c Sat Jan 24 06:45:48 2004
129 #include <linux/kernel.h>
130 #include <linux/sched.h>
131 +#include <linux/vinline.h>
132 #include <linux/mm.h>
133 #include <linux/smp.h>
134 #include <linux/smp_lock.h>
135 @@ -109,7 +110,7 @@ long sys_ptrace(long request, pid_t pid,
137 get_task_struct(child);
138 read_unlock(&tasklist_lock);
140 + if (!child || !vx_check(vx_task_xid(child), VX_WATCH|VX_IDENT))
143 if (pid == 1) /* no messing around with init! */
144 diff -NurpP --minimal linux-2.6.2-rc1/arch/ppc/kernel/misc.S linux-2.6.2-rc1-vs0.05/arch/ppc/kernel/misc.S
145 --- linux-2.6.2-rc1/arch/ppc/kernel/misc.S Sat Jan 24 03:18:04 2004
146 +++ linux-2.6.2-rc1-vs0.05/arch/ppc/kernel/misc.S Sat Jan 24 06:45:48 2004
147 @@ -1386,3 +1386,22 @@ _GLOBAL(sys_call_table)
149 .long ppc_fadvise64_64
150 .long sys_ni_syscall /* 255 - rtas (used on ppc64) */
151 + .long sys_ni_syscall
152 + .long sys_ni_syscall
153 + .long sys_ni_syscall
154 + .long sys_ni_syscall
155 + .long sys_ni_syscall /* 260 */
156 + .long sys_ni_syscall
157 + .long sys_ni_syscall
158 + .long sys_ni_syscall
159 + .long sys_ni_syscall
160 + .long sys_ni_syscall /* 265 */
161 + .long sys_ni_syscall
162 + .long sys_ni_syscall
163 + .long sys_ni_syscall
164 + .long sys_ni_syscall
165 + .long sys_ni_syscall /* 270 */
166 + .long sys_ni_syscall
167 + .long sys_ni_syscall
168 + .long sys_vserver /* 273 sys_vserver */
170 diff -NurpP --minimal linux-2.6.2-rc1/arch/ppc/kernel/ptrace.c linux-2.6.2-rc1-vs0.05/arch/ppc/kernel/ptrace.c
171 --- linux-2.6.2-rc1/arch/ppc/kernel/ptrace.c Fri Jan 9 07:59:19 2004
172 +++ linux-2.6.2-rc1-vs0.05/arch/ppc/kernel/ptrace.c Sat Jan 24 06:45:48 2004
175 #include <linux/kernel.h>
176 #include <linux/sched.h>
177 +#include <linux/vinline.h>
178 #include <linux/mm.h>
179 #include <linux/smp.h>
180 #include <linux/smp_lock.h>
181 @@ -195,7 +196,7 @@ int sys_ptrace(long request, long pid, l
183 get_task_struct(child);
184 read_unlock(&tasklist_lock);
186 + if (!child || !vx_check(vx_task_xid(child), VX_WATCH|VX_IDENT))
190 diff -NurpP --minimal linux-2.6.2-rc1/arch/ppc64/kernel/misc.S linux-2.6.2-rc1-vs0.05/arch/ppc64/kernel/misc.S
191 --- linux-2.6.2-rc1/arch/ppc64/kernel/misc.S Sat Jan 24 03:18:04 2004
192 +++ linux-2.6.2-rc1-vs0.05/arch/ppc64/kernel/misc.S Sat Jan 24 06:45:48 2004
193 @@ -819,6 +819,24 @@ _GLOBAL(sys_call_table32)
194 .llong .compat_fstatfs64
195 .llong .ppc32_fadvise64_64 /* 32bit only fadvise64_64 */
196 .llong .ppc_rtas /* 255 */
197 + .llong .sys_ni_syscall
198 + .llong .sys_ni_syscall
199 + .llong .sys_ni_syscall
200 + .llong .sys_ni_syscall
201 + .llong .sys_ni_syscall /* 260 */
202 + .llong .sys_ni_syscall
203 + .llong .sys_ni_syscall
204 + .llong .sys_ni_syscall
205 + .llong .sys_ni_syscall
206 + .llong .sys_ni_syscall /* 265 */
207 + .llong .sys_ni_syscall
208 + .llong .sys_ni_syscall
209 + .llong .sys_ni_syscall
210 + .llong .sys_ni_syscall
211 + .llong .sys_ni_syscall /* 270 */
212 + .llong .sys_ni_syscall
213 + .llong .sys_ni_syscall
214 + .llong .sys_vserver /* 273 sys_vserver */
217 _GLOBAL(sys_call_table)
218 @@ -1078,3 +1096,22 @@ _GLOBAL(sys_call_table)
219 .llong .sys_fstatfs64
220 .llong .sys_ni_syscall /* 32bit only fadvise64_64 */
221 .llong .ppc_rtas /* 255 */
222 + .llong .sys_ni_syscall
223 + .llong .sys_ni_syscall
224 + .llong .sys_ni_syscall
225 + .llong .sys_ni_syscall
226 + .llong .sys_ni_syscall /* 260 */
227 + .llong .sys_ni_syscall
228 + .llong .sys_ni_syscall
229 + .llong .sys_ni_syscall
230 + .llong .sys_ni_syscall
231 + .llong .sys_ni_syscall /* 265 */
232 + .llong .sys_ni_syscall
233 + .llong .sys_ni_syscall
234 + .llong .sys_ni_syscall
235 + .llong .sys_ni_syscall
236 + .llong .sys_ni_syscall /* 270 */
237 + .llong .sys_ni_syscall
238 + .llong .sys_ni_syscall
239 + .llong .sys_vserver /* 273 sys_vserver */
241 diff -NurpP --minimal linux-2.6.2-rc1/arch/ppc64/kernel/ptrace.c linux-2.6.2-rc1-vs0.05/arch/ppc64/kernel/ptrace.c
242 --- linux-2.6.2-rc1/arch/ppc64/kernel/ptrace.c Fri Jan 9 07:59:56 2004
243 +++ linux-2.6.2-rc1-vs0.05/arch/ppc64/kernel/ptrace.c Sat Jan 24 06:45:48 2004
246 #include <linux/kernel.h>
247 #include <linux/sched.h>
248 +#include <linux/vinline.h>
249 #include <linux/mm.h>
250 #include <linux/smp.h>
251 #include <linux/smp_lock.h>
252 @@ -73,7 +74,7 @@ int sys_ptrace(long request, long pid, l
254 get_task_struct(child);
255 read_unlock(&tasklist_lock);
257 + if (!child || !vx_check(vx_task_xid(child), VX_WATCH|VX_IDENT))
261 diff -NurpP --minimal linux-2.6.2-rc1/arch/s390/kernel/ptrace.c linux-2.6.2-rc1-vs0.05/arch/s390/kernel/ptrace.c
262 --- linux-2.6.2-rc1/arch/s390/kernel/ptrace.c Sat Jan 24 03:18:05 2004
263 +++ linux-2.6.2-rc1-vs0.05/arch/s390/kernel/ptrace.c Sat Jan 24 06:45:48 2004
266 #include <linux/kernel.h>
267 #include <linux/sched.h>
268 +#include <linux/vinline.h>
269 #include <linux/mm.h>
270 #include <linux/smp.h>
271 #include <linux/smp_lock.h>
272 @@ -647,7 +648,7 @@ sys_ptrace(long request, long pid, long
274 get_task_struct(child);
275 read_unlock(&tasklist_lock);
277 + if (!child || !vx_check(vx_task_xid(child), VX_WATCH|VX_IDENT))
280 ret = do_ptrace(child, request, addr, data);
281 diff -NurpP --minimal linux-2.6.2-rc1/arch/s390/kernel/syscalls.S linux-2.6.2-rc1-vs0.05/arch/s390/kernel/syscalls.S
282 --- linux-2.6.2-rc1/arch/s390/kernel/syscalls.S Sat Jan 24 03:18:05 2004
283 +++ linux-2.6.2-rc1-vs0.05/arch/s390/kernel/syscalls.S Sat Jan 24 06:45:48 2004
284 @@ -271,5 +271,5 @@ SYSCALL(sys_clock_settime,sys_clock_sett
285 SYSCALL(sys_clock_gettime,sys_clock_gettime,sys32_clock_gettime_wrapper) /* 260 */
286 SYSCALL(sys_clock_getres,sys_clock_getres,sys32_clock_getres_wrapper)
287 SYSCALL(sys_clock_nanosleep,sys_clock_nanosleep,sys32_clock_nanosleep_wrapper)
288 -NI_SYSCALL /* reserved for vserver */
289 +SYSCALL(sys_vserver,sys_vserver,sys_vserver)
290 SYSCALL(s390_fadvise64_64,sys_ni_syscall,sys32_fadvise64_64_wrapper)
291 diff -NurpP --minimal linux-2.6.2-rc1/arch/sparc/kernel/systbls.S linux-2.6.2-rc1-vs0.05/arch/sparc/kernel/systbls.S
292 --- linux-2.6.2-rc1/arch/sparc/kernel/systbls.S Fri Jan 9 07:59:34 2004
293 +++ linux-2.6.2-rc1-vs0.05/arch/sparc/kernel/systbls.S Sat Jan 24 06:45:48 2004
294 @@ -72,7 +72,7 @@ sys_call_table:
295 /*250*/ .long sparc_mremap, sys_sysctl, sys_getsid, sys_fdatasync, sys_nfsservctl
296 /*255*/ .long sys_nis_syscall, sys_clock_settime, sys_clock_gettime, sys_clock_getres, sys_clock_nanosleep
297 /*260*/ .long sys_sched_getaffinity, sys_sched_setaffinity, sys_timer_settime, sys_timer_gettime, sys_timer_getoverrun
298 -/*265*/ .long sys_timer_delete, sys_timer_create, sys_nis_syscall, sys_io_setup, sys_io_destroy
299 +/*265*/ .long sys_timer_delete, sys_timer_create, sys_vserver, sys_io_setup, sys_io_destroy
300 /*270*/ .long sys_io_submit, sys_io_cancel, sys_io_getevents, sys_nis_syscall
302 #ifdef CONFIG_SUNOS_EMUL
303 diff -NurpP --minimal linux-2.6.2-rc1/arch/sparc64/kernel/ptrace.c linux-2.6.2-rc1-vs0.05/arch/sparc64/kernel/ptrace.c
304 --- linux-2.6.2-rc1/arch/sparc64/kernel/ptrace.c Fri Jan 9 08:00:05 2004
305 +++ linux-2.6.2-rc1-vs0.05/arch/sparc64/kernel/ptrace.c Sat Jan 24 06:45:48 2004
308 #include <linux/kernel.h>
309 #include <linux/sched.h>
310 +#include <linux/vinline.h>
311 #include <linux/mm.h>
312 #include <linux/errno.h>
313 #include <linux/ptrace.h>
314 @@ -164,7 +165,7 @@ asmlinkage void do_ptrace(struct pt_regs
315 get_task_struct(child);
316 read_unlock(&tasklist_lock);
319 + if (!child || !vx_check(vx_task_xid(child), VX_WATCH|VX_IDENT)) {
320 pt_error_return(regs, ESRCH);
323 diff -NurpP --minimal linux-2.6.2-rc1/arch/sparc64/kernel/systbls.S linux-2.6.2-rc1-vs0.05/arch/sparc64/kernel/systbls.S
324 --- linux-2.6.2-rc1/arch/sparc64/kernel/systbls.S Fri Jan 9 07:59:26 2004
325 +++ linux-2.6.2-rc1-vs0.05/arch/sparc64/kernel/systbls.S Sat Jan 24 06:45:48 2004
326 @@ -73,7 +73,7 @@ sys_call_table32:
327 .word sys_ni_syscall, compat_clock_settime, compat_clock_gettime, compat_clock_getres, compat_clock_nanosleep
328 /*260*/ .word compat_sys_sched_getaffinity, compat_sys_sched_setaffinity, compat_timer_settime, compat_timer_gettime, sys_timer_getoverrun
329 .word sys_timer_delete, sys32_timer_create, sys_ni_syscall, compat_sys_io_setup, sys_io_destroy
330 -/*270*/ .word compat_sys_io_submit, sys_io_cancel, compat_sys_io_getevents, sys_ni_syscall
331 +/*270*/ .word compat_sys_io_submit, sys_io_cancel, compat_sys_io_getevents, sys_vserver
333 /* Now the 64-bit native Linux syscall table. */
335 @@ -135,7 +135,7 @@ sys_call_table:
336 .word sys_ni_syscall, sys_clock_settime, sys_clock_gettime, sys_clock_getres, sys_clock_nanosleep
337 /*260*/ .word sys_sched_getaffinity, sys_sched_setaffinity, sys_timer_settime, sys_timer_gettime, sys_timer_getoverrun
338 .word sys_timer_delete, sys_timer_create, sys_ni_syscall, sys_io_setup, sys_io_destroy
339 -/*270*/ .word sys_io_submit, sys_io_cancel, sys_io_getevents, sys_ni_syscall
340 +/*270*/ .word sys_io_submit, sys_io_cancel, sys_io_getevents, sys_vserver
342 #if defined(CONFIG_SUNOS_EMUL) || defined(CONFIG_SOLARIS_EMUL) || \
343 defined(CONFIG_SOLARIS_EMUL_MODULE)
344 diff -NurpP --minimal linux-2.6.2-rc1/arch/x86_64/ia32/ia32entry.S linux-2.6.2-rc1-vs0.05/arch/x86_64/ia32/ia32entry.S
345 --- linux-2.6.2-rc1/arch/x86_64/ia32/ia32entry.S Fri Jan 9 07:59:27 2004
346 +++ linux-2.6.2-rc1-vs0.05/arch/x86_64/ia32/ia32entry.S Sat Jan 24 06:45:48 2004
347 @@ -448,34 +448,35 @@ ia32_sys_call_table:
348 .quad compat_sys_sched_getaffinity
349 .quad sys32_set_thread_area
350 .quad sys32_get_thread_area
351 - .quad sys32_io_setup
352 + .quad sys32_io_setup /* 245 */
354 .quad sys32_io_getevents
355 .quad sys32_io_submit
357 - .quad sys_fadvise64
358 + .quad sys_fadvise64 /* 250 */
359 .quad sys_ni_syscall /* free_huge_pages */
360 .quad sys_exit_group /* exit_group */
361 .quad sys_lookup_dcookie
362 .quad sys_epoll_create
363 - .quad sys_epoll_ctl
364 + .quad sys_epoll_ctl /* 255 */
366 .quad sys_remap_file_pages
367 .quad sys_set_tid_address
368 .quad sys32_timer_create
369 - .quad compat_timer_settime
370 + .quad compat_timer_settime /* 260 */
371 .quad compat_timer_gettime
372 .quad sys_timer_getoverrun
373 .quad sys_timer_delete
374 .quad compat_clock_settime
375 - .quad compat_clock_gettime
376 + .quad compat_clock_gettime /* 265 */
377 .quad compat_clock_getres
378 .quad compat_clock_nanosleep
379 .quad compat_statfs64 /* statfs64 */
380 .quad compat_fstatfs64 /* fstatfs64 */
382 + .quad sys_tgkill /* 270 */
383 .quad compat_sys_utimes
384 .quad sys32_fadvise64_64
385 + .quad sys_vserver /* 273 sys_vserver */
386 /* don't forget to change IA32_NR_syscalls */
388 .rept IA32_NR_syscalls-(ia32_syscall_end-ia32_sys_call_table)/8
389 diff -NurpP --minimal linux-2.6.2-rc1/arch/x86_64/kernel/ptrace.c linux-2.6.2-rc1-vs0.05/arch/x86_64/kernel/ptrace.c
390 --- linux-2.6.2-rc1/arch/x86_64/kernel/ptrace.c Fri Jan 9 07:59:19 2004
391 +++ linux-2.6.2-rc1-vs0.05/arch/x86_64/kernel/ptrace.c Sat Jan 24 06:45:48 2004
394 #include <linux/kernel.h>
395 #include <linux/sched.h>
396 +#include <linux/vinline.h>
397 #include <linux/mm.h>
398 #include <linux/smp.h>
399 #include <linux/smp_lock.h>
400 @@ -205,7 +206,7 @@ asmlinkage long sys_ptrace(long request,
402 get_task_struct(child);
403 read_unlock(&tasklist_lock);
405 + if (!child || !vx_check(vx_task_xid(child), VX_WATCH|VX_IDENT))
409 diff -NurpP --minimal linux-2.6.2-rc1/fs/ext2/ialloc.c linux-2.6.2-rc1-vs0.05/fs/ext2/ialloc.c
410 --- linux-2.6.2-rc1/fs/ext2/ialloc.c Sat Jan 24 03:18:15 2004
411 +++ linux-2.6.2-rc1-vs0.05/fs/ext2/ialloc.c Sat Jan 24 06:14:24 2004
412 @@ -581,7 +581,7 @@ got:
413 memset(ei->i_data, 0, sizeof(ei->i_data));
414 ei->i_flags = EXT2_I(dir)->i_flags & ~EXT2_BTREE_FL;
416 - ei->i_flags &= ~(EXT2_IMMUTABLE_FL|EXT2_APPEND_FL);
417 + ei->i_flags &= ~(EXT2_IMMUTABLE_FL|EXT2_IUNLINK_FL|EXT2_APPEND_FL);
418 /* dirsync is only applied to directories */
420 ei->i_flags &= ~EXT2_DIRSYNC_FL;
421 diff -NurpP --minimal linux-2.6.2-rc1/fs/ext2/inode.c linux-2.6.2-rc1-vs0.05/fs/ext2/inode.c
422 --- linux-2.6.2-rc1/fs/ext2/inode.c Sat Jan 24 03:18:15 2004
423 +++ linux-2.6.2-rc1-vs0.05/fs/ext2/inode.c Sat Jan 24 06:28:27 2004
424 @@ -64,6 +64,8 @@ void ext2_put_inode(struct inode *inode)
425 ext2_discard_prealloc(inode);
428 +static void ext2_truncate_nocheck (struct inode * inode);
431 * Called at the last iput() if i_nlink is zero.
433 @@ -77,7 +79,7 @@ void ext2_delete_inode (struct inode * i
437 - ext2_truncate (inode);
438 + ext2_truncate_nocheck(inode);
439 ext2_free_inode (inode);
442 @@ -876,7 +878,7 @@ static void ext2_free_branches(struct in
443 ext2_free_data(inode, p, q);
446 -void ext2_truncate (struct inode * inode)
447 +static void ext2_truncate_nocheck(struct inode * inode)
449 u32 *i_data = EXT2_I(inode)->i_data;
450 int addr_per_block = EXT2_ADDR_PER_BLOCK(inode->i_sb);
451 @@ -893,8 +895,6 @@ void ext2_truncate (struct inode * inode
453 if (ext2_inode_is_fast_symlink(inode))
455 - if (IS_APPEND(inode) || IS_IMMUTABLE(inode))
458 ext2_discard_prealloc(inode);
460 @@ -1016,17 +1016,26 @@ Egdp:
461 return ERR_PTR(-EIO);
464 +void ext2_truncate (struct inode * inode)
466 + if (IS_APPEND(inode) || IS_IMMUTABLE(inode))
468 + ext2_truncate_nocheck(inode);
471 void ext2_set_inode_flags(struct inode *inode)
473 unsigned int flags = EXT2_I(inode)->i_flags;
475 - inode->i_flags &= ~(S_SYNC|S_APPEND|S_IMMUTABLE|S_NOATIME|S_DIRSYNC);
476 + inode->i_flags &= ~(S_SYNC|S_APPEND|S_IMMUTABLE|S_IUNLINK|S_NOATIME|S_DIRSYNC);
477 if (flags & EXT2_SYNC_FL)
478 inode->i_flags |= S_SYNC;
479 if (flags & EXT2_APPEND_FL)
480 inode->i_flags |= S_APPEND;
481 if (flags & EXT2_IMMUTABLE_FL)
482 inode->i_flags |= S_IMMUTABLE;
483 + if (flags & EXT2_IUNLINK_FL)
484 + inode->i_flags |= S_IUNLINK;
485 if (flags & EXT2_NOATIME_FL)
486 inode->i_flags |= S_NOATIME;
487 if (flags & EXT2_DIRSYNC_FL)
488 diff -NurpP --minimal linux-2.6.2-rc1/fs/ext3/ialloc.c linux-2.6.2-rc1-vs0.05/fs/ext3/ialloc.c
489 --- linux-2.6.2-rc1/fs/ext3/ialloc.c Sat Jan 24 03:18:15 2004
490 +++ linux-2.6.2-rc1-vs0.05/fs/ext3/ialloc.c Sat Jan 24 06:14:24 2004
491 @@ -569,7 +569,7 @@ got:
493 ei->i_flags = EXT3_I(dir)->i_flags & ~EXT3_INDEX_FL;
495 - ei->i_flags &= ~(EXT3_IMMUTABLE_FL|EXT3_APPEND_FL);
496 + ei->i_flags &= ~(EXT3_IMMUTABLE_FL|EXT3_IUNLINK_FL|EXT3_APPEND_FL);
497 /* dirsync only applies to directories */
499 ei->i_flags &= ~EXT3_DIRSYNC_FL;
500 diff -NurpP --minimal linux-2.6.2-rc1/fs/ext3/inode.c linux-2.6.2-rc1-vs0.05/fs/ext3/inode.c
501 --- linux-2.6.2-rc1/fs/ext3/inode.c Sat Jan 24 03:18:15 2004
502 +++ linux-2.6.2-rc1-vs0.05/fs/ext3/inode.c Sat Jan 24 06:14:24 2004
503 @@ -2443,17 +2443,26 @@ has_buffer:
507 +void ext3_truncate(struct inode * inode)
509 + if (IS_APPEND(inode) || IS_IMMUTABLE(inode))
511 + ext3_truncate_nocheck(inode);
514 void ext3_set_inode_flags(struct inode *inode)
516 unsigned int flags = EXT3_I(inode)->i_flags;
518 - inode->i_flags &= ~(S_SYNC|S_APPEND|S_IMMUTABLE|S_NOATIME|S_DIRSYNC);
519 + inode->i_flags &= ~(S_SYNC|S_APPEND|S_IMMUTABLE|S_IUNLINK|S_NOATIME|S_DIRSYNC);
520 if (flags & EXT3_SYNC_FL)
521 inode->i_flags |= S_SYNC;
522 if (flags & EXT3_APPEND_FL)
523 inode->i_flags |= S_APPEND;
524 if (flags & EXT3_IMMUTABLE_FL)
525 inode->i_flags |= S_IMMUTABLE;
526 + if (flags & EXT3_IUNLINK_FL)
527 + inode->i_flags |= S_IUNLINK;
528 if (flags & EXT3_NOATIME_FL)
529 inode->i_flags |= S_NOATIME;
530 if (flags & EXT3_DIRSYNC_FL)
531 diff -NurpP --minimal linux-2.6.2-rc1/fs/inode.c linux-2.6.2-rc1-vs0.05/fs/inode.c
532 --- linux-2.6.2-rc1/fs/inode.c Fri Jan 9 08:00:12 2004
533 +++ linux-2.6.2-rc1-vs0.05/fs/inode.c Sat Jan 24 06:23:57 2004
534 @@ -131,6 +131,7 @@ static struct inode *alloc_inode(struct
535 inode->i_bdev = NULL;
536 inode->i_cdev = NULL;
538 + // inode->i_xid = 0; /* maybe not too wise ... */
539 inode->i_security = NULL;
540 if (security_inode_alloc(inode)) {
541 if (inode->i_sb->s_op->destroy_inode)
542 diff -NurpP --minimal linux-2.6.2-rc1/fs/ioctl.c linux-2.6.2-rc1-vs0.05/fs/ioctl.c
543 --- linux-2.6.2-rc1/fs/ioctl.c Sat Jan 24 03:18:15 2004
544 +++ linux-2.6.2-rc1-vs0.05/fs/ioctl.c Sat Jan 24 07:49:20 2004
546 #include <linux/file.h>
547 #include <linux/fs.h>
548 #include <linux/security.h>
549 +#include <linux/proc_fs.h>
550 +#include <linux/vserver/inode.h>
552 #include <asm/uaccess.h>
553 #include <asm/ioctls.h>
555 +extern int vx_proc_ioctl(struct inode *, struct file *,
556 + unsigned int, unsigned long);
558 static int file_ioctl(struct file *filp,unsigned int cmd,unsigned long arg)
561 @@ -118,6 +123,12 @@ asmlinkage long sys_ioctl(unsigned int f
569 + if (filp->f_dentry->d_inode->i_sb->s_magic == PROC_SUPER_MAGIC)
570 + error = vx_proc_ioctl(filp->f_dentry->d_inode, filp, cmd, arg);
574 diff -NurpP --minimal linux-2.6.2-rc1/fs/namei.c linux-2.6.2-rc1-vs0.05/fs/namei.c
575 --- linux-2.6.2-rc1/fs/namei.c Fri Jan 9 07:59:26 2004
576 +++ linux-2.6.2-rc1-vs0.05/fs/namei.c Sat Jan 24 06:14:24 2004
577 @@ -1021,7 +1021,7 @@ static inline int may_delete(struct inod
580 if (check_sticky(dir, victim->d_inode)||IS_APPEND(victim->d_inode)||
581 - IS_IMMUTABLE(victim->d_inode))
582 + IS_IXUNLINK(victim->d_inode))
585 if (!S_ISDIR(victim->d_inode->i_mode))
586 @@ -1816,7 +1816,7 @@ int vfs_link(struct dentry *old_dentry,
588 * A link to an append-only or immutable file cannot be created.
590 - if (IS_APPEND(inode) || IS_IMMUTABLE(inode))
591 + if (IS_APPEND(inode) || IS_IXUNLINK(inode))
593 if (!dir->i_op || !dir->i_op->link)
595 diff -NurpP --minimal linux-2.6.2-rc1/fs/proc/Makefile linux-2.6.2-rc1-vs0.05/fs/proc/Makefile
596 --- linux-2.6.2-rc1/fs/proc/Makefile Fri Jan 9 07:59:07 2004
597 +++ linux-2.6.2-rc1-vs0.05/fs/proc/Makefile Sat Jan 24 05:45:59 2004
598 @@ -8,7 +8,7 @@ proc-y := task_nommu.o
599 proc-$(CONFIG_MMU) := task_mmu.o
601 proc-y += inode.o root.o base.o generic.o array.o \
602 - kmsg.o proc_tty.o proc_misc.o
603 + kmsg.o proc_tty.o proc_misc.o virtual.o
605 proc-$(CONFIG_PROC_KCORE) += kcore.o
606 proc-$(CONFIG_PROC_DEVICETREE) += proc_devtree.o
607 diff -NurpP --minimal linux-2.6.2-rc1/fs/proc/array.c linux-2.6.2-rc1-vs0.05/fs/proc/array.c
608 --- linux-2.6.2-rc1/fs/proc/array.c Fri Jan 9 07:59:44 2004
609 +++ linux-2.6.2-rc1-vs0.05/fs/proc/array.c Sat Jan 24 07:01:35 2004
611 #include <linux/highmem.h>
612 #include <linux/file.h>
613 #include <linux/times.h>
614 +#include <linux/vinline.h>
616 #include <asm/uaccess.h>
617 #include <asm/pgtable.h>
618 @@ -150,8 +151,13 @@ static inline const char * get_task_stat
619 static inline char * task_state(struct task_struct *p, char *buffer)
624 read_lock(&tasklist_lock);
625 + ppid = p->real_parent->pid;
627 + && current->vx_info
628 + && current->vx_info->vx_initpid == ppid)
630 buffer += sprintf(buffer,
633 @@ -164,7 +170,7 @@ static inline char * task_state(struct t
635 (p->sleep_avg/1024)*100/(1000000000/1024),
637 - p->pid, p->pid ? p->real_parent->pid : 0,
638 + p->pid, p->pid ? ppid : 0,
639 p->pid && p->ptrace ? p->parent->pid : 0,
640 p->uid, p->euid, p->suid, p->fsuid,
641 p->gid, p->egid, p->sgid, p->fsgid);
642 @@ -263,16 +269,20 @@ static inline char *task_cap(struct task
644 return buffer + sprintf(buffer, "CapInh:\t%016x\n"
646 - "CapEff:\t%016x\n",
648 + "CapBset:\t%016x\n",
649 cap_t(p->cap_inheritable),
650 cap_t(p->cap_permitted),
651 - cap_t(p->cap_effective));
652 + cap_t(p->cap_effective),
653 + cap_t(p->cap_bset));
656 extern char *task_mem(struct mm_struct *, char *);
657 int proc_pid_status(struct task_struct *task, char * buffer)
659 char * orig = buffer;
660 + struct vx_info *vxi;
661 + struct ip_info *ipi;
662 struct mm_struct *mm = get_task_mm(task);
664 buffer = task_name(task, buffer);
665 @@ -284,6 +294,39 @@ int proc_pid_status(struct task_struct *
667 buffer = task_sig(task, buffer);
668 buffer = task_cap(task, buffer);
670 + buffer += sprintf (buffer,"s_context: %d\n", vx_task_xid(task));
671 + vxi = task_get_vx_info(task);
673 + buffer += sprintf (buffer,"ctxflags: %d\n"
675 + buffer += sprintf (buffer,"initpid: %d\n"
678 + buffer += sprintf (buffer,"ctxflags: none\n");
679 + buffer += sprintf (buffer,"initpid: none\n");
682 + ipi = task_get_ip_info(task);
686 + buffer += sprintf (buffer,"ipv4root:");
687 + for (i=0; i<ipi->nbipv4; i++){
688 + buffer += sprintf (buffer," %08x/%08x"
693 + buffer += sprintf (buffer,"ipv4root_bcast: %08x\n"
695 + buffer += sprintf (buffer,"ipv4root_refcnt: %d\n"
696 + ,atomic_read(&ipi->ip_refcount));
698 + buffer += sprintf (buffer,"ipv4root: 0\n");
699 + buffer += sprintf (buffer,"ipv4root_bcast: 0\n");
702 #if defined(CONFIG_ARCH_S390)
703 buffer = task_show_regs(task, buffer);
705 diff -NurpP --minimal linux-2.6.2-rc1/fs/proc/base.c linux-2.6.2-rc1-vs0.05/fs/proc/base.c
706 --- linux-2.6.2-rc1/fs/proc/base.c Sat Jan 24 03:18:15 2004
707 +++ linux-2.6.2-rc1-vs0.05/fs/proc/base.c Sat Jan 24 06:29:01 2004
709 #include <linux/mount.h>
710 #include <linux/security.h>
711 #include <linux/ptrace.h>
712 +#include <linux/vinline.h>
715 * For hysterical raisins we keep the same inumbers as in the old procfs.
716 @@ -67,6 +68,7 @@ enum pid_directory_inos {
718 PROC_TGID_ATTR_FSCREATE,
724 @@ -90,6 +92,7 @@ enum pid_directory_inos {
726 PROC_TID_ATTR_FSCREATE,
729 PROC_TID_FD_DIR = 0x8000, /* 0x8000-0xffff */
732 @@ -123,6 +126,7 @@ static struct pid_entry tgid_base_stuff[
733 #ifdef CONFIG_KALLSYMS
734 E(PROC_TGID_WCHAN, "wchan", S_IFREG|S_IRUGO),
736 + E(PROC_TGID_VINFO, "vinfo", S_IFREG|S_IRUGO),
739 static struct pid_entry tid_base_stuff[] = {
740 @@ -145,6 +149,7 @@ static struct pid_entry tid_base_stuff[]
741 #ifdef CONFIG_KALLSYMS
742 E(PROC_TID_WCHAN, "wchan", S_IFREG|S_IRUGO),
744 + E(PROC_TID_VINFO, "vinfo", S_IFREG|S_IRUGO),
748 @@ -181,6 +186,7 @@ int proc_pid_stat(struct task_struct*,ch
749 int proc_pid_status(struct task_struct*,char*);
750 int proc_pid_statm(struct task_struct*,char*);
751 int proc_pid_cpu(struct task_struct*,char*);
752 +// int proc_pid_vinfo(struct task_struct*,char*);
754 static int proc_fd_link(struct inode *inode, struct dentry **dentry, struct vfsmount **mnt)
756 @@ -963,6 +969,7 @@ static struct inode *proc_pid_make_inode
757 inode->i_uid = task->euid;
758 inode->i_gid = task->egid;
760 + // inode->i_xid = vx_task_xid(task);
761 security_task_to_inode(task, inode);
764 @@ -1392,6 +1399,11 @@ static struct dentry *proc_pident_lookup
765 ei->op.proc_read = proc_pid_wchan;
768 + case PROC_TID_VINFO:
769 + case PROC_TGID_VINFO:
770 + inode->i_fop = &proc_info_file_operations;
771 + ei->op.proc_read = proc_pid_vinfo;
774 printk("procfs: impossible type (%d)",p->type);
776 @@ -1584,6 +1596,10 @@ struct dentry *proc_pid_lookup(struct in
780 + if (tgid != 1 && !vx_check(vx_task_xid(task), VX_WATCH|VX_IDENT)) {
781 + put_task_struct(task);
784 inode = proc_pid_make_inode(dir->i_sb, task, PROC_TGID_INO);
787 @@ -1691,6 +1707,10 @@ static int get_tgid_list(int index, unsi
788 for ( ; p != &init_task; p = next_task(p)) {
792 + if (tgid != 1 && !vx_check(vx_task_xid(p), VX_WATCH|VX_IDENT))
794 + if (current->vx_info && current->vx_info->vx_initpid == tgid)
798 diff -NurpP --minimal linux-2.6.2-rc1/fs/proc/generic.c linux-2.6.2-rc1-vs0.05/fs/proc/generic.c
799 --- linux-2.6.2-rc1/fs/proc/generic.c Fri Jan 9 08:00:12 2004
800 +++ linux-2.6.2-rc1-vs0.05/fs/proc/generic.c Sat Jan 24 05:45:59 2004
802 #include <linux/module.h>
803 #include <linux/mount.h>
804 #include <linux/smp_lock.h>
805 +#include <linux/vinline.h>
806 #include <asm/uaccess.h>
807 #include <asm/bitops.h>
809 @@ -349,6 +350,8 @@ struct dentry *proc_lookup(struct inode
810 for (de = de->subdir; de ; de = de->next) {
811 if (de->namelen != dentry->d_name.len)
813 + if (!vx_weak_check(0, de->vx_flags))
815 if (!memcmp(dentry->d_name.name, de->name, de->namelen)) {
816 int ino = de->low_ino;
818 @@ -424,9 +427,12 @@ int proc_readdir(struct file * filp,
822 + if (!vx_weak_check(0, de->vx_flags))
824 if (filldir(dirent, de->name, de->namelen, filp->f_pos,
825 de->low_ino, de->mode >> 12) < 0)
831 @@ -538,6 +544,7 @@ static struct proc_dir_entry *proc_creat
835 + ent->vx_flags = VX_ADMIN;
839 @@ -558,7 +565,8 @@ struct proc_dir_entry *proc_symlink(cons
849 diff -NurpP --minimal linux-2.6.2-rc1/fs/proc/inode.c linux-2.6.2-rc1-vs0.05/fs/proc/inode.c
850 --- linux-2.6.2-rc1/fs/proc/inode.c Fri Jan 9 08:00:02 2004
851 +++ linux-2.6.2-rc1-vs0.05/fs/proc/inode.c Sat Jan 24 05:45:59 2004
852 @@ -207,6 +207,8 @@ printk("proc_iget: using deleted entry %
853 inode->i_uid = de->uid;
854 inode->i_gid = de->gid;
857 + PROC_I(inode)->vx_flags = de->vx_flags;
859 inode->i_size = de->size;
861 diff -NurpP --minimal linux-2.6.2-rc1/fs/proc/root.c linux-2.6.2-rc1-vs0.05/fs/proc/root.c
862 --- linux-2.6.2-rc1/fs/proc/root.c Fri Jan 9 07:59:55 2004
863 +++ linux-2.6.2-rc1-vs0.05/fs/proc/root.c Sat Jan 24 05:45:59 2004
864 @@ -23,6 +23,9 @@ struct proc_dir_entry *proc_net, *proc_b
866 struct proc_dir_entry *proc_sys_root;
868 +struct proc_dir_entry *proc_virtual;
870 +extern void proc_vx_init(void);
872 static struct super_block *proc_get_sb(struct file_system_type *fs_type,
873 int flags, const char *dev_name, void *data)
874 @@ -78,6 +81,7 @@ void __init proc_root_init(void)
877 proc_bus = proc_mkdir("bus", 0);
881 static struct dentry *proc_root_lookup(struct inode * dir, struct dentry * dentry, struct nameidata *nd)
882 diff -NurpP --minimal linux-2.6.2-rc1/fs/proc/virtual.c linux-2.6.2-rc1-vs0.05/fs/proc/virtual.c
883 --- linux-2.6.2-rc1/fs/proc/virtual.c Thu Jan 1 01:00:00 1970
884 +++ linux-2.6.2-rc1-vs0.05/fs/proc/virtual.c Sat Jan 24 06:42:17 2004
887 + * linux/fs/proc/virtual.c
889 + * Virtual Context Support
891 + * Copyright (C) 2003-2004 Herbert Pötzl
893 + * V0.01 basic structure
894 + * V0.02 adaptation vs1.3.0
895 + * V0.03 proc permissions
896 + * V0.04 locking/generic
897 + * V0.05 next generation procfs
898 + * V0.06 inode validation
902 +#include <asm/uaccess.h>
904 +#include <linux/config.h>
905 +#include <linux/errno.h>
906 +#include <linux/proc_fs.h>
908 +#include <linux/vinline.h>
911 +static struct proc_dir_entry *proc_virtual;
913 +enum xid_directory_inos {
922 +/* first the actual feeds */
925 +static int proc_virtual_info(struct vx_info *vxi, char *buffer)
927 + return sprintf(buffer,
928 + "VCIVersion:\t%04x:%04x\n"
930 + ,VCI_VERSION & 0xFFFF);
934 +int proc_xid_info (struct vx_info *vxi, char *buffer)
936 + return sprintf(buffer,
945 +int proc_xid_status (struct vx_info *vxi, char *buffer)
947 + return sprintf(buffer,
951 + ,atomic_read(&vxi->vx_refcount)
953 + ,atomic_read(&vxi->limit.ticks));
956 +int proc_xid_limit (struct vx_info *vxi, char *buffer)
958 + return sprintf(buffer,
963 + ,atomic_read(&vxi->limit.res[RLIMIT_NPROC])
964 + ,vxi->limit.rlim[RLIMIT_NPROC]
965 + ,atomic_read(&vxi->limit.res[RLIMIT_AS])
966 + ,vxi->limit.rlim[RLIMIT_AS]
967 + ,atomic_read(&vxi->limit.res[RLIMIT_MEMLOCK])
968 + ,vxi->limit.rlim[RLIMIT_MEMLOCK]
969 + ,atomic_read(&vxi->limit.res[RLIMIT_RSS])
970 + ,vxi->limit.rlim[RLIMIT_RSS]);
976 +/* here the inode helpers */
980 +#define fake_ino(xid,ino) (((xid)<<16)|(ino))
982 +#define MAX_MULBY10 ((~0U-9)/10)
985 +static struct inode *proc_xid_make_inode(struct super_block * sb,
986 + struct vx_info *vxi, int ino)
988 + struct inode *inode = new_inode(sb);
989 + xid_t xid = (vxi)?vxi->vx_id:1;
994 + inode->i_mtime = inode->i_atime =
995 + inode->i_ctime = CURRENT_TIME;
996 + inode->i_ino = fake_ino(xid, ino);
998 + inode->u.generic_ip = vxi; /* reference from above */
1001 + // inode->i_xid = xid;
1006 +void proc_xid_delete_inode(struct inode *inode)
1008 + struct vx_info *vxi = (struct vx_info *)inode->u.generic_ip;
1014 +static int proc_xid_revalidate(struct dentry * dentry, struct nameidata *nd)
1016 + struct vx_info *vxi = (struct vx_info *)dentry->d_inode->u.generic_ip;
1018 + if (atomic_read(&vxi->limit.res[RLIMIT_NPROC]))
1025 +static int proc_xid_delete_dentry(struct dentry * dentry)
1032 +#define PROC_BLOCK_SIZE (PAGE_SIZE - 1024)
1034 +static ssize_t proc_xid_info_read(struct file * file, char * buf,
1035 + size_t count, loff_t *ppos)
1037 + struct inode * inode = file->f_dentry->d_inode;
1038 + unsigned long page;
1041 + struct vx_info *vxi =
1042 + (struct vx_info *)inode->u.generic_ip;
1044 + if (count > PROC_BLOCK_SIZE)
1045 + count = PROC_BLOCK_SIZE;
1046 + if (!(page = __get_free_page(GFP_KERNEL)))
1049 + length = PROC_I(inode)->op.proc_xid_read(vxi, (char*)page);
1055 + /* Static 4kB (or whatever) block capacity */
1056 + if (*ppos >= length) {
1060 + if (count + *ppos > length)
1061 + count = length - *ppos;
1062 + end = count + *ppos;
1063 + copy_to_user(buf, (char *) page + *ppos, count);
1073 +/* here comes the lower level (xid) */
1075 +static struct file_operations proc_xid_info_file_operations = {
1076 + read: proc_xid_info_read,
1087 +#define E(type,name,mode) {(type),sizeof(name)-1,(name),(mode)}
1089 +static struct xid_entry base_stuff[] = {
1090 + E(PROC_XID_INFO, "info", S_IFREG|S_IRUGO),
1091 + E(PROC_XID_STATUS, "status", S_IFREG|S_IRUGO),
1092 + E(PROC_XID_LIMIT, "limit", S_IFREG|S_IRUGO),
1096 +static struct dentry *proc_xid_lookup(struct inode *dir,
1097 + struct dentry *dentry, struct nameidata *nd)
1099 + struct inode *inode;
1100 + struct vx_info *vxi;
1101 + struct xid_entry *p;
1107 + for (p = base_stuff; p->name; p++) {
1108 + if (p->len != dentry->d_name.len)
1110 + if (!memcmp(dentry->d_name.name, p->name, p->len))
1115 + vxi = get_vx_info((struct vx_info *)dir->u.generic_ip);
1120 + inode = proc_xid_make_inode(dir->i_sb, vxi, p->type);
1125 + case PROC_XID_INFO:
1126 + PROC_I(inode)->op.proc_xid_read = proc_xid_info;
1128 + case PROC_XID_STATUS:
1129 + PROC_I(inode)->op.proc_xid_read = proc_xid_status;
1131 + case PROC_XID_LIMIT:
1132 + PROC_I(inode)->op.proc_xid_read = proc_xid_limit;
1135 + printk("procfs: impossible type (%d)",p->type);
1137 + return ERR_PTR(-EINVAL);
1139 + inode->i_mode = p->mode;
1140 +// inode->i_op = &proc_xid_info_inode_operations;
1141 + inode->i_fop = &proc_xid_info_file_operations;
1142 + inode->i_nlink = 1;
1143 + inode->i_flags|=S_IMMUTABLE;
1145 +// dentry->d_op = &proc_xid_dentry_operations;
1146 + d_add(dentry, inode);
1152 + return ERR_PTR(error);
1156 +static int proc_xid_readdir(struct file * filp,
1157 + void * dirent, filldir_t filldir)
1160 + struct inode *inode = filp->f_dentry->d_inode;
1161 + struct vx_info *vxi = (struct vx_info *)inode->u.generic_ip;
1162 + struct xid_entry *p;
1168 + if (filldir(dirent, ".", 1, i,
1169 + inode->i_ino, DT_DIR) < 0)
1173 + /* fall through */
1175 + if (filldir(dirent, "..", 2, i,
1176 + PROC_ROOT_INO, DT_DIR) < 0)
1180 + /* fall through */
1183 + if (i>=sizeof(base_stuff)/sizeof(base_stuff[0]))
1185 + p = base_stuff + i;
1187 + if (filldir(dirent, p->name, p->len,
1188 + filp->f_pos, fake_ino(xid, p->type),
1189 + p->mode >> 12) < 0)
1201 +/* now the upper level (virtual) */
1203 +static struct file_operations proc_xid_file_operations = {
1204 + read: generic_read_dir,
1205 + readdir: proc_xid_readdir,
1208 +static struct inode_operations proc_xid_inode_operations = {
1209 + lookup: proc_xid_lookup,
1212 +static struct dentry_operations proc_xid_dentry_operations =
1214 + d_revalidate: proc_xid_revalidate,
1215 + d_delete: proc_xid_delete_dentry,
1220 +struct dentry *proc_virtual_lookup(struct inode *dir,
1221 + struct dentry * dentry, struct nameidata *nd)
1224 + struct vx_info *vxi;
1226 + struct inode *inode;
1230 + name = dentry->d_name.name;
1231 + len = dentry->d_name.len;
1232 + if (len == 7 && !memcmp(name, "current", 7)) {
1233 + inode = new_inode(dir->i_sb);
1235 + return ERR_PTR(-ENOMEM);
1236 + inode->i_mtime = inode->i_atime =
1237 + inode->i_ctime = CURRENT_TIME;
1238 + inode->i_ino = fake_ino(1, PROC_XID_INO);
1239 + inode->u.generic_ip = NULL;
1240 + inode->i_mode = S_IFLNK|S_IRWXUGO;
1241 + inode->i_uid = inode->i_gid = 0;
1242 + inode->i_size = 64;
1243 +// inode->i_op = &proc_current_inode_operations;
1244 + d_add(dentry, inode);
1247 + if (len == 4 && !memcmp(name, "info", 4)) {
1248 + inode = proc_xid_make_inode(dir->i_sb, NULL, PROC_XID_INFO);
1250 + return ERR_PTR(-ENOMEM);
1251 + inode->i_fop = &proc_xid_info_file_operations;
1252 + PROC_I(inode)->op.proc_xid_read = proc_virtual_info;
1253 + inode->i_mode = S_IFREG|S_IRUGO;
1254 +// inode->i_size = 64;
1255 +// inode->i_op = &proc_current_inode_operations;
1256 + d_add(dentry, inode);
1260 + while (len-- > 0) {
1265 + if (xid >= MAX_MULBY10)
1273 + vxi = find_vx_info(xid);
1278 + if (vx_check(xid, VX_ADMIN|VX_WATCH|VX_IDENT))
1279 + inode = proc_xid_make_inode(dir->i_sb,
1280 + vxi, PROC_XID_INO);
1284 + inode->i_mode = S_IFDIR|S_IRUGO;
1285 + inode->i_op = &proc_xid_inode_operations;
1286 + inode->i_fop = &proc_xid_file_operations;
1287 + inode->i_nlink = 2;
1288 + inode->i_flags|=S_IMMUTABLE;
1290 + dentry->d_op = &proc_xid_dentry_operations;
1291 + d_add(dentry, inode);
1297 + return ERR_PTR(-ENOENT);
1302 +#define PROC_NUMBUF 10
1303 +#define PROC_MAXXIDS 32
1306 +static int get_xid_list(int index, unsigned int *xids)
1308 + struct vx_info *p;
1312 + spin_lock(&vxlist_lock);
1313 + list_for_each_entry(p, &vx_infos, vx_list) {
1314 + int xid = p->vx_id;
1318 + xids[nr_xids] = xid;
1319 + if (++nr_xids >= PROC_MAXXIDS)
1322 + spin_unlock(&vxlist_lock);
1326 +int proc_virtual_readdir(struct file * filp,
1327 + void * dirent, filldir_t filldir)
1329 + unsigned int xid_array[PROC_MAXXIDS];
1330 + char buf[PROC_NUMBUF];
1331 + unsigned int nr = filp->f_pos-3;
1332 + unsigned int nr_xids, i;
1335 + switch (filp->f_pos) {
1337 + ino = fake_ino(0, PROC_XID_INO);
1338 + if (filldir(dirent, ".", 1,
1339 + filp->f_pos, ino, DT_DIR) < 0)
1342 + /* fall through */
1344 + ino = filp->f_dentry->d_parent->d_inode->i_ino;
1345 + if (filldir(dirent, "..", 2,
1346 + filp->f_pos, ino, DT_DIR) < 0)
1349 + /* fall through */
1351 + ino = fake_ino(0, PROC_XID_INFO);
1352 + if (filldir(dirent, "info", 4,
1353 + filp->f_pos, ino, DT_LNK) < 0)
1356 + /* fall through */
1358 + if (current->xid > 1) {
1359 + ino = fake_ino(1, PROC_XID_INO);
1360 + if (filldir(dirent, "current", 7,
1361 + filp->f_pos, ino, DT_LNK) < 0)
1368 + nr_xids = get_xid_list(nr, xid_array);
1370 + for (i = 0; i < nr_xids; i++) {
1371 + int xid = xid_array[i];
1372 + ino_t ino = fake_ino(xid, PROC_XID_INO);
1373 + unsigned long j = PROC_NUMBUF;
1375 + do buf[--j] = '0' + (xid % 10); while (xid/=10);
1377 + if (filldir(dirent, buf+j, PROC_NUMBUF-j,
1378 + filp->f_pos, ino, DT_DIR) < 0)
1386 +static struct file_operations proc_virtual_dir_operations = {
1387 + read: generic_read_dir,
1388 + readdir: proc_virtual_readdir,
1391 +static struct inode_operations proc_virtual_dir_inode_operations = {
1392 + lookup: proc_virtual_lookup,
1401 +void proc_vx_init(void)
1403 + struct proc_dir_entry *ent;
1405 + ent = proc_mkdir("virtual", 0);
1407 + ent->proc_fops = &proc_virtual_dir_operations;
1408 + ent->proc_iops = &proc_virtual_dir_inode_operations;
1410 + proc_virtual = ent;
1419 +char *task_vinfo(struct task_struct *p, char *buffer)
1421 + return buffer + sprintf(buffer,
1426 +int proc_pid_vinfo(struct task_struct *p, char *buffer)
1428 + char * orig = buffer;
1430 + buffer = task_vinfo(p, buffer);
1431 + return buffer - orig;
1434 diff -NurpP --minimal linux-2.6.2-rc1/fs/proc/virtual_old.c linux-2.6.2-rc1-vs0.05/fs/proc/virtual_old.c
1435 --- linux-2.6.2-rc1/fs/proc/virtual_old.c Thu Jan 1 01:00:00 1970
1436 +++ linux-2.6.2-rc1-vs0.05/fs/proc/virtual_old.c Sat Jan 24 05:45:59 2004
1439 + * linux/fs/proc/virtual.c
1441 + * Virtual Context ProcFS Support
1443 + * Copyright (C) 2003 Herbert Pötzl
1445 + * V0.01 basic directory array
1446 + * V0.02 per context info & stat
1447 + * V0.03 proc permissions
1451 +#include <asm/uaccess.h>
1453 +#include <linux/config.h>
1454 +#include <linux/errno.h>
1455 +#include <linux/proc_fs.h>
1457 +#include <linux/init.h>
1458 +#include <linux/vswitch.h>
1459 +#include <linux/vinline.h>
1462 +extern struct proc_dir_entry *proc_virtual;
1463 +static struct proc_dir_entry *proc_virtual_info;
1466 +char *task_vinfo(struct task_struct *p, char *buffer)
1468 + return buffer + sprintf(buffer,
1473 +int proc_pid_vinfo(struct task_struct *p, char *buffer)
1475 + char * orig = buffer;
1477 + buffer = task_vinfo(p, buffer);
1478 + return buffer - orig;
1482 +static int __generic_info_read_func(char *page, char **start,
1483 + off_t off, int count, int *eof, void *data,
1484 + char *(*info_func)(void *, char *))
1487 + char *buffer = page;
1489 + buffer = info_func(data, buffer);
1491 + len = buffer-page;
1492 + if (len <= off+count) *eof = 1;
1494 + *start = page + off;
1496 + if (len>count) len = count;
1497 + if (len<0) len = 0;
1501 +char *vx_proc_info (void *data, char *buffer)
1503 + struct vx_info *vxi = data;
1504 + buffer += sprintf(buffer,
1510 + ,vxi->vx_initpid);
1514 +int vx_info_read_func (char *page, char **start,
1515 + off_t off, int count, int *eof, void *data)
1517 + return __generic_info_read_func(page, start,
1518 + off, count, eof, data, vx_proc_info);
1521 +char *vx_proc_status (void *data, char *buffer)
1523 + struct vx_info *vxi = data;
1524 + buffer += sprintf(buffer,
1528 + ,atomic_read(&vxi->vx_refcount)
1530 + ,atomic_read(&vxi->limit.ticks));
1534 +int vx_status_read_func (char *page, char **start,
1535 + off_t off, int count, int *eof, void *data)
1537 + return __generic_info_read_func(page, start,
1538 + off, count, eof, data, vx_proc_status);
1542 +static int vx_proc_permission(struct inode *inode,
1543 + int mask, struct nameidata *nd)
1545 + vxdprintk("vx_proc_permission(%p) = #%d,%04x\n",
1546 + inode, inode->i_xid, PROC_I(inode)->vx_flags);
1547 + if (vx_check(inode->i_xid, PROC_I(inode)->vx_flags))
1549 + vxdprintk("vx_proc_permission(%p) #%d != #%d\n",
1550 + inode, inode->i_xid, vx_current_id());
1554 +static struct inode_operations vx_proc_inode_operations = {
1555 + .lookup = proc_lookup,
1556 + .permission = vx_proc_permission,
1560 +int vx_proc_create(struct vx_info *vxi)
1562 + struct proc_dir_entry *entry, *sub;
1565 + snprintf(name, sizeof(name)-1, "%d", vxi->vx_id);
1566 + entry = create_proc_entry(name,
1567 + S_IFDIR|S_IXUGO, proc_virtual);
1568 + entry->vx_flags = VX_ADMIN|VX_WATCH|VX_IDENT;
1569 + entry->xid = vxi->vx_id;
1570 + entry->proc_iops = &vx_proc_inode_operations;
1571 + vxi->vx_procent = entry;
1572 + sub = create_proc_read_entry("info",
1573 + S_IFREG|S_IRUGO|S_IWUSR,
1574 + entry, vx_info_read_func, vxi);
1575 + sub = create_proc_read_entry("status",
1576 + S_IFREG|S_IRUGO|S_IWUSR,
1577 + entry, vx_status_read_func, vxi);
1581 +int vx_proc_destroy(struct vx_info *vxi)
1583 + struct proc_dir_entry *entry = vxi->vx_procent;
1586 + remove_proc_entry(entry->name, proc_virtual);
1587 + vxi->vx_procent = NULL;
1591 +char *vs_proc_info(void *data, char *buffer)
1593 + buffer += sprintf(buffer,
1594 + "VCIVersion:\t%04x:%04x\n"
1595 + ,VCI_VERSION >> 16
1596 + ,VCI_VERSION & 0xFFFF);
1600 +int vs_info_read_func(char *page, char **start,
1601 + off_t off, int count, int *eof, void *data)
1603 + return __generic_info_read_func(page, start,
1604 + off, count, eof, data, vs_proc_info);
1608 +static int __init virtual_proc_init(void)
1610 + proc_virtual_info = create_proc_read_entry("info",
1611 + S_IFREG|S_IRUGO|S_IWUSR,
1612 + proc_virtual, vs_info_read_func, NULL);
1616 +__initcall(virtual_proc_init);
1617 diff -NurpP --minimal linux-2.6.2-rc1/fs/reiserfs/ioctl.c linux-2.6.2-rc1-vs0.05/fs/reiserfs/ioctl.c
1618 --- linux-2.6.2-rc1/fs/reiserfs/ioctl.c Fri Jan 9 07:59:26 2004
1619 +++ linux-2.6.2-rc1-vs0.05/fs/reiserfs/ioctl.c Sat Jan 24 06:14:24 2004
1620 @@ -47,7 +47,8 @@ int reiserfs_ioctl (struct inode * inode
1621 if (get_user(flags, (int *) arg))
1624 - if ( ( ( flags ^ REISERFS_I(inode) -> i_attrs) & ( REISERFS_IMMUTABLE_FL | REISERFS_APPEND_FL)) &&
1625 + if ( ( ( flags ^ REISERFS_I(inode) -> i_attrs) &
1626 + ( REISERFS_IMMUTABLE_FL | REISERFS_IUNLINK_FL | REISERFS_APPEND_FL)) &&
1627 !capable( CAP_LINUX_IMMUTABLE ) )
1630 diff -NurpP --minimal linux-2.6.2-rc1/include/asm-alpha/unistd.h linux-2.6.2-rc1-vs0.05/include/asm-alpha/unistd.h
1631 --- linux-2.6.2-rc1/include/asm-alpha/unistd.h Fri Jan 9 07:59:26 2004
1632 +++ linux-2.6.2-rc1-vs0.05/include/asm-alpha/unistd.h Sat Jan 24 06:45:48 2004
1634 #define __NR_osf_memcntl 260 /* not implemented */
1635 #define __NR_osf_fdatasync 261 /* not implemented */
1637 +#define __NR_vserver 273
1640 * Linux-specific system calls begin at 300
1641 diff -NurpP --minimal linux-2.6.2-rc1/include/asm-m68k/unistd.h linux-2.6.2-rc1-vs0.05/include/asm-m68k/unistd.h
1642 --- linux-2.6.2-rc1/include/asm-m68k/unistd.h Fri Jan 9 07:59:33 2004
1643 +++ linux-2.6.2-rc1-vs0.05/include/asm-m68k/unistd.h Sat Jan 24 06:45:48 2004
1645 #define __NR_fremovexattr 234
1646 #define __NR_futex 235
1648 -#define NR_syscalls 236
1649 +#define __NR_vserver 273
1651 +#define NR_syscalls 274
1653 /* user-visible error numbers are in the range -1 - -124: see
1654 <asm-m68k/errno.h> */
1655 diff -NurpP --minimal linux-2.6.2-rc1/include/asm-m68knommu/unistd.h linux-2.6.2-rc1-vs0.05/include/asm-m68knommu/unistd.h
1656 --- linux-2.6.2-rc1/include/asm-m68knommu/unistd.h Fri Jan 9 07:59:41 2004
1657 +++ linux-2.6.2-rc1-vs0.05/include/asm-m68knommu/unistd.h Sat Jan 24 06:45:48 2004
1659 #define __NR_setfsuid32 215
1660 #define __NR_setfsgid32 216
1662 -#define NR_syscalls 256
1663 +#define __NR_vserver 273
1665 +#define NR_syscalls 274
1667 /* user-visible error numbers are in the range -1 - -122: see
1668 <asm-m68k/errno.h> */
1669 diff -NurpP --minimal linux-2.6.2-rc1/include/asm-mips/unistd.h linux-2.6.2-rc1-vs0.05/include/asm-mips/unistd.h
1670 --- linux-2.6.2-rc1/include/asm-mips/unistd.h Fri Jan 9 07:59:05 2004
1671 +++ linux-2.6.2-rc1-vs0.05/include/asm-mips/unistd.h Sat Jan 24 06:45:48 2004
1672 @@ -289,10 +289,12 @@
1673 #define __NR_tgkill (__NR_Linux + 266)
1674 #define __NR_utimes (__NR_Linux + 267)
1676 +#define __NR_vserver (__NR_Linux + 273)
1679 * Offset of the last Linux o32 flavoured syscall
1681 -#define __NR_Linux_syscalls 267
1682 +#define __NR_Linux_syscalls 273
1684 #endif /* _MIPS_SIM == _MIPS_SIM_ABI32 */
1686 diff -NurpP --minimal linux-2.6.2-rc1/include/asm-parisc/unistd.h linux-2.6.2-rc1-vs0.05/include/asm-parisc/unistd.h
1687 --- linux-2.6.2-rc1/include/asm-parisc/unistd.h Fri Jan 9 07:59:03 2004
1688 +++ linux-2.6.2-rc1-vs0.05/include/asm-parisc/unistd.h Sat Jan 24 06:45:48 2004
1690 #define __NR_remap_file_pages (__NR_Linux + 227)
1691 #define __NR_semtimedop (__NR_Linux + 228)
1693 +#define __NR_vserver (__NR_Linux + 273)
1695 -#define __NR_Linux_syscalls 228
1696 +#define __NR_Linux_syscalls 273
1698 #define HPUX_GATEWAY_ADDR 0xC0000004
1699 #define LINUX_GATEWAY_ADDR 0x100
1700 diff -NurpP --minimal linux-2.6.2-rc1/include/asm-ppc/unistd.h linux-2.6.2-rc1-vs0.05/include/asm-ppc/unistd.h
1701 --- linux-2.6.2-rc1/include/asm-ppc/unistd.h Sat Jan 24 03:18:18 2004
1702 +++ linux-2.6.2-rc1-vs0.05/include/asm-ppc/unistd.h Sat Jan 24 06:45:48 2004
1704 #define __NR_fadvise64_64 254
1705 #define __NR_rtas 255
1707 -#define __NR_syscalls 256
1708 +#define __NR_vserver 273
1710 +#define __NR_syscalls 274
1714 diff -NurpP --minimal linux-2.6.2-rc1/include/asm-ppc64/unistd.h linux-2.6.2-rc1-vs0.05/include/asm-ppc64/unistd.h
1715 --- linux-2.6.2-rc1/include/asm-ppc64/unistd.h Sat Jan 24 03:18:18 2004
1716 +++ linux-2.6.2-rc1-vs0.05/include/asm-ppc64/unistd.h Sat Jan 24 06:45:48 2004
1718 #define __NR_fadvise64_64 254
1719 #define __NR_rtas 255
1721 -#define __NR_syscalls 256
1722 +#define __NR_vserver 273
1724 +#define __NR_syscalls 274
1726 #define NR_syscalls __NR_syscalls
1728 diff -NurpP --minimal linux-2.6.2-rc1/include/asm-s390/unistd.h linux-2.6.2-rc1-vs0.05/include/asm-s390/unistd.h
1729 --- linux-2.6.2-rc1/include/asm-s390/unistd.h Sat Jan 24 03:18:18 2004
1730 +++ linux-2.6.2-rc1-vs0.05/include/asm-s390/unistd.h Sat Jan 24 06:45:48 2004
1732 #define __NR_clock_gettime (__NR_timer_create+6)
1733 #define __NR_clock_getres (__NR_timer_create+7)
1734 #define __NR_clock_nanosleep (__NR_timer_create+8)
1736 - * Number 263 is reserved for vserver
1738 +#define __NR_vserver 263
1739 #define __NR_fadvise64_64 264
1741 #define NR_syscalls 265
1742 diff -NurpP --minimal linux-2.6.2-rc1/include/asm-sparc/unistd.h linux-2.6.2-rc1-vs0.05/include/asm-sparc/unistd.h
1743 --- linux-2.6.2-rc1/include/asm-sparc/unistd.h Fri Jan 9 07:59:08 2004
1744 +++ linux-2.6.2-rc1-vs0.05/include/asm-sparc/unistd.h Sat Jan 24 06:45:48 2004
1746 #define __NR_timer_getoverrun 264
1747 #define __NR_timer_delete 265
1748 #define __NR_timer_create 266
1749 -/* #define __NR_vserver 267 Reserved for VSERVER */
1750 +#define __NR_vserver 267
1751 #define __NR_io_setup 268
1752 #define __NR_io_destroy 268
1753 #define __NR_io_submit 269
1754 diff -NurpP --minimal linux-2.6.2-rc1/include/asm-sparc64/unistd.h linux-2.6.2-rc1-vs0.05/include/asm-sparc64/unistd.h
1755 --- linux-2.6.2-rc1/include/asm-sparc64/unistd.h Fri Jan 9 07:59:10 2004
1756 +++ linux-2.6.2-rc1-vs0.05/include/asm-sparc64/unistd.h Sat Jan 24 06:45:48 2004
1758 #define __NR_timer_getoverrun 264
1759 #define __NR_timer_delete 265
1760 #define __NR_timer_create 266
1761 -/* #define __NR_vserver 267 Reserved for VSERVER */
1762 +#define __NR_vserver 267
1763 #define __NR_io_setup 268
1764 #define __NR_io_destroy 268
1765 #define __NR_io_submit 269
1766 diff -NurpP --minimal linux-2.6.2-rc1/include/asm-x86_64/ia32_unistd.h linux-2.6.2-rc1-vs0.05/include/asm-x86_64/ia32_unistd.h
1767 --- linux-2.6.2-rc1/include/asm-x86_64/ia32_unistd.h Fri Jan 9 07:59:45 2004
1768 +++ linux-2.6.2-rc1-vs0.05/include/asm-x86_64/ia32_unistd.h Sat Jan 24 06:45:48 2004
1770 #define __NR_ia32_tgkill 270
1771 #define __NR_ia32_utimes 271
1772 #define __NR_ia32_fadvise64_64 272
1773 +#define __NR_ia32_vserver 273
1775 #define IA32_NR_syscalls 275 /* must be > than biggest syscall! */
1777 diff -NurpP --minimal linux-2.6.2-rc1/include/linux/capability.h linux-2.6.2-rc1-vs0.05/include/linux/capability.h
1778 --- linux-2.6.2-rc1/include/linux/capability.h Fri Jan 9 07:59:19 2004
1779 +++ linux-2.6.2-rc1-vs0.05/include/linux/capability.h Sat Jan 24 06:21:35 2004
1780 @@ -235,6 +235,7 @@ typedef __u32 kernel_cap_t;
1781 /* Allow enabling/disabling tagged queuing on SCSI controllers and sending
1782 arbitrary SCSI commands */
1783 /* Allow setting encryption key on loopback filesystem */
1784 +/* Allow the selection of a security context */
1786 #define CAP_SYS_ADMIN 21
1788 @@ -283,6 +284,15 @@ typedef __u32 kernel_cap_t;
1789 /* Allow taking of leases on files */
1791 #define CAP_LEASE 28
1793 +/* Allow quotactl */
1795 +#define CAP_QUOTACTL 29
1797 +/* Allow context manipulations */
1798 +/* Allow changing context info on files */
1800 +#define CAP_CONTEXT 30
1804 diff -NurpP --minimal linux-2.6.2-rc1/include/linux/ext2_fs.h linux-2.6.2-rc1-vs0.05/include/linux/ext2_fs.h
1805 --- linux-2.6.2-rc1/include/linux/ext2_fs.h Fri Jan 9 07:59:09 2004
1806 +++ linux-2.6.2-rc1-vs0.05/include/linux/ext2_fs.h Sat Jan 24 06:14:24 2004
1807 @@ -192,10 +192,12 @@ struct ext2_group_desc
1808 #define EXT2_NOTAIL_FL 0x00008000 /* file tail should not be merged */
1809 #define EXT2_DIRSYNC_FL 0x00010000 /* dirsync behaviour (directories only) */
1810 #define EXT2_TOPDIR_FL 0x00020000 /* Top of directory hierarchies*/
1811 +#define EXT2_BARRIER_FL 0x04000000 /* chroot barrier */
1812 +#define EXT2_IUNLINK_FL 0x08000000 /* Immutable unlink */
1813 #define EXT2_RESERVED_FL 0x80000000 /* reserved for ext2 lib */
1815 -#define EXT2_FL_USER_VISIBLE 0x0003DFFF /* User visible flags */
1816 -#define EXT2_FL_USER_MODIFIABLE 0x000380FF /* User modifiable flags */
1817 +#define EXT2_FL_USER_VISIBLE 0x0c03DFFF /* User visible flags */
1818 +#define EXT2_FL_USER_MODIFIABLE 0x0c0380FF /* User modifiable flags */
1822 diff -NurpP --minimal linux-2.6.2-rc1/include/linux/ext3_fs.h linux-2.6.2-rc1-vs0.05/include/linux/ext3_fs.h
1823 --- linux-2.6.2-rc1/include/linux/ext3_fs.h Fri Jan 9 07:59:44 2004
1824 +++ linux-2.6.2-rc1-vs0.05/include/linux/ext3_fs.h Sat Jan 24 06:14:24 2004
1825 @@ -185,10 +185,12 @@ struct ext3_group_desc
1826 #define EXT3_NOTAIL_FL 0x00008000 /* file tail should not be merged */
1827 #define EXT3_DIRSYNC_FL 0x00010000 /* dirsync behaviour (directories only) */
1828 #define EXT3_TOPDIR_FL 0x00020000 /* Top of directory hierarchies*/
1829 +#define EXT3_BARRIER_FL 0x04000000 /* chroot barrier */
1830 +#define EXT3_IUNLINK_FL 0x08000000 /* Immutable unlink */
1831 #define EXT3_RESERVED_FL 0x80000000 /* reserved for ext3 lib */
1833 -#define EXT3_FL_USER_VISIBLE 0x0003DFFF /* User visible flags */
1834 -#define EXT3_FL_USER_MODIFIABLE 0x000380FF /* User modifiable flags */
1835 +#define EXT3_FL_USER_VISIBLE 0x0c03DFFF /* User visible flags */
1836 +#define EXT3_FL_USER_MODIFIABLE 0x0c0380FF /* User modifiable flags */
1839 * Inode dynamic state flags
1840 diff -NurpP --minimal linux-2.6.2-rc1/include/linux/fs.h linux-2.6.2-rc1-vs0.05/include/linux/fs.h
1841 --- linux-2.6.2-rc1/include/linux/fs.h Sat Jan 24 03:18:19 2004
1842 +++ linux-2.6.2-rc1-vs0.05/include/linux/fs.h Sat Jan 24 06:18:09 2004
1847 - * This file has definitions for some important file table
1850 +* This file has definitions for some important file table
1854 #include <linux/config.h>
1855 #include <linux/linkage.h>
1856 @@ -30,14 +30,14 @@ struct vm_area_struct;
1860 - * It's silly to have NR_OPEN bigger than NR_FILE, but you can change
1861 - * the file limit at runtime and only root can increase the per-process
1862 - * nr_file rlimit, so it's safe to set up a ridiculously high absolute
1863 - * upper limit on files-per-process.
1865 - * Some programs (notably those using select()) may have to be
1866 - * recompiled to take full advantage of the new limits..
1868 +* It's silly to have NR_OPEN bigger than NR_FILE, but you can change
1869 +* the file limit at runtime and only root can increase the per-process
1870 +* nr_file rlimit, so it's safe to set up a ridiculously high absolute
1871 +* upper limit on files-per-process.
1873 +* Some programs (notably those using select()) may have to be
1874 +* recompiled to take full advantage of the new limits..
1877 /* Fixed constants first: */
1879 @@ -49,16 +49,16 @@ struct vfsmount;
1881 /* And dynamically-tunable limits and defaults: */
1882 struct files_stat_struct {
1883 - int nr_files; /* read only */
1884 - int nr_free_files; /* read only */
1885 - int max_files; /* tunable */
1886 +int nr_files; /* read only */
1887 +int nr_free_files; /* read only */
1888 +int max_files; /* tunable */
1890 extern struct files_stat_struct files_stat;
1892 struct inodes_stat_t {
1900 extern struct inodes_stat_t inodes_stat;
1902 @@ -91,11 +91,11 @@ extern int leases_enable, dir_notify_ena
1903 #define FS_REQUIRES_DEV 1
1904 #define FS_REVAL_DOT 16384 /* Check the paths ".", ".." for staleness */
1905 #define FS_ODD_RENAME 32768 /* Temporary stuff; will go away as soon
1906 - * as nfs_rename() will be cleaned up
1908 + * as nfs_rename() will be cleaned up
1911 - * These are the fs-independent mount-flags: up to 32 flags are supported
1913 +* These are the fs-independent mount-flags: up to 32 flags are supported
1915 #define MS_RDONLY 1 /* Mount read-only */
1916 #define MS_NOSUID 2 /* Ignore suid and sgid bits */
1917 #define MS_NODEV 4 /* Disallow access to device special files */
1918 @@ -116,14 +116,14 @@ extern int leases_enable, dir_notify_ena
1919 #define MS_NOUSER (1<<31)
1922 - * Superblock flags that can be altered by MS_REMOUNT
1924 +* Superblock flags that can be altered by MS_REMOUNT
1926 #define MS_RMT_MASK (MS_RDONLY|MS_SYNCHRONOUS|MS_MANDLOCK|MS_NOATIME|\
1931 - * Old magic mount flag and mask
1933 +* Old magic mount flag and mask
1935 #define MS_MGC_VAL 0xC0ED0000
1936 #define MS_MGC_MSK 0xffff0000
1938 @@ -137,6 +137,8 @@ extern int leases_enable, dir_notify_ena
1939 #define S_DEAD 32 /* removed, but still open directory */
1940 #define S_NOQUOTA 64 /* Inode is not counted to quota */
1941 #define S_DIRSYNC 128 /* Directory modifications are synchronous */
1942 +#define S_BARRIER 256 /* chroot barrier */
1943 +#define S_IUNLINK 512 /* Immutable unlink */
1946 * Note that nosuid etc flags are inode-specific: setting some file-system
1947 @@ -164,11 +166,14 @@ extern int leases_enable, dir_notify_ena
1948 #define IS_NOQUOTA(inode) ((inode)->i_flags & S_NOQUOTA)
1949 #define IS_APPEND(inode) ((inode)->i_flags & S_APPEND)
1950 #define IS_IMMUTABLE(inode) ((inode)->i_flags & S_IMMUTABLE)
1951 +#define IS_IUNLINK(inode) ((inode)->i_flags & S_IUNLINK)
1952 +#define IS_IXUNLINK(inode) ((IS_IUNLINK(inode) ? S_IMMUTABLE : 0) ^ IS_IMMUTABLE(inode))
1953 #define IS_NOATIME(inode) (__IS_FLG(inode, MS_NOATIME) || ((inode)->i_flags & S_NOATIME))
1954 #define IS_NODIRATIME(inode) __IS_FLG(inode, MS_NODIRATIME)
1955 #define IS_POSIXACL(inode) __IS_FLG(inode, MS_POSIXACL)
1956 #define IS_ONE_SECOND(inode) __IS_FLG(inode, MS_ONE_SECOND)
1958 +#define IS_BARRIER(inode) ((inode)->i_flags & S_BARRIER)
1959 #define IS_DEADDIR(inode) ((inode)->i_flags & S_DEAD)
1961 /* the read-only stuff doesn't really belong here, but any other place is
1962 diff -NurpP --minimal linux-2.6.2-rc1/include/linux/init_task.h linux-2.6.2-rc1-vs0.05/include/linux/init_task.h
1963 --- linux-2.6.2-rc1/include/linux/init_task.h Fri Jan 9 07:59:08 2004
1964 +++ linux-2.6.2-rc1-vs0.05/include/linux/init_task.h Sat Jan 24 07:24:16 2004
1965 @@ -108,6 +108,10 @@
1966 .proc_lock = SPIN_LOCK_UNLOCKED, \
1967 .switch_lock = SPIN_LOCK_UNLOCKED, \
1968 .journal_info = NULL, \
1969 + .cap_bset = CAP_INIT_EFF_SET, \
1971 + .vx_info = NULL, \
1972 + .ip_info = NULL, \
1976 diff -NurpP --minimal linux-2.6.2-rc1/include/linux/ip.h linux-2.6.2-rc1-vs0.05/include/linux/ip.h
1977 --- linux-2.6.2-rc1/include/linux/ip.h Fri Jan 9 07:59:19 2004
1978 +++ linux-2.6.2-rc1-vs0.05/include/linux/ip.h Sat Jan 24 05:46:08 2004
1979 @@ -111,9 +111,11 @@ struct inet_opt {
1980 /* Socket demultiplex comparisons on incoming packets. */
1981 __u32 daddr; /* Foreign IPv4 addr */
1982 __u32 rcv_saddr; /* Bound local IPv4 addr */
1983 + __u32 rcv_saddr2; /* Second bound ipv4 addr, for ipv4root */
1984 __u16 dport; /* Destination port */
1985 __u16 num; /* Local port */
1986 __u32 saddr; /* Sending source */
1987 +// __u32 saddr2; /* Second bound ipv4 addr, for ipv4root */
1988 int uc_ttl; /* Unicast TTL */
1990 unsigned cmsg_flags;
1991 diff -NurpP --minimal linux-2.6.2-rc1/include/linux/proc_fs.h linux-2.6.2-rc1-vs0.05/include/linux/proc_fs.h
1992 --- linux-2.6.2-rc1/include/linux/proc_fs.h Sat Jan 24 03:18:19 2004
1993 +++ linux-2.6.2-rc1-vs0.05/include/linux/proc_fs.h Sat Jan 24 05:45:59 2004
1994 @@ -60,6 +60,7 @@ struct proc_dir_entry {
2000 struct inode_operations * proc_iops;
2001 struct file_operations * proc_fops;
2002 @@ -237,12 +238,16 @@ extern void kclist_add(struct kcore_list
2003 extern struct kcore_list *kclist_del(void *);
2009 struct task_struct *task;
2013 int (*proc_get_link)(struct inode *, struct dentry **, struct vfsmount **);
2014 int (*proc_read)(struct task_struct *task, char *page);
2015 + int (*proc_xid_read)(struct vx_info *vxi, char *page);
2017 struct proc_dir_entry *pde;
2018 struct inode vfs_inode;
2019 diff -NurpP --minimal linux-2.6.2-rc1/include/linux/sched.h linux-2.6.2-rc1-vs0.05/include/linux/sched.h
2020 --- linux-2.6.2-rc1/include/linux/sched.h Sat Jan 24 03:18:19 2004
2021 +++ linux-2.6.2-rc1-vs0.05/include/linux/sched.h Sat Jan 24 05:57:44 2004
2022 @@ -102,6 +102,7 @@ extern unsigned long nr_iowait(void);
2023 #include <linux/timer.h>
2025 #include <asm/processor.h>
2026 +#include <linux/vserver/context.h>
2028 #define TASK_RUNNING 0
2029 #define TASK_INTERRUPTIBLE 1
2030 @@ -296,9 +297,10 @@ struct user_struct {
2031 /* Hash table maintenance information */
2032 struct list_head uidhash_list;
2037 -extern struct user_struct *find_user(uid_t);
2038 +extern struct user_struct *find_user(xid_t, uid_t);
2040 extern struct user_struct root_user;
2041 #define INIT_USER (&root_user)
2042 @@ -440,6 +442,12 @@ struct task_struct {
2047 + kernel_cap_t cap_bset;
2049 + struct vx_info *vx_info;
2050 + struct ip_info *ip_info;
2052 /* Thread group tracking */
2055 @@ -561,7 +569,7 @@ extern void set_special_pids(pid_t sessi
2056 extern void __set_special_pids(pid_t session, pid_t pgrp);
2058 /* per-UID process charging. */
2059 -extern struct user_struct * alloc_uid(uid_t);
2060 +extern struct user_struct * alloc_uid(xid_t, uid_t);
2061 extern void free_uid(struct user_struct *);
2062 extern void switch_uid(struct user_struct *);
2064 diff -NurpP --minimal linux-2.6.2-rc1/include/linux/types.h linux-2.6.2-rc1-vs0.05/include/linux/types.h
2065 --- linux-2.6.2-rc1/include/linux/types.h Fri Jan 9 07:59:57 2004
2066 +++ linux-2.6.2-rc1-vs0.05/include/linux/types.h Sat Jan 24 05:45:51 2004
2067 @@ -37,6 +37,7 @@ typedef __kernel_uid32_t uid_t;
2068 typedef __kernel_gid32_t gid_t;
2069 typedef __kernel_uid16_t uid16_t;
2070 typedef __kernel_gid16_t gid16_t;
2071 +typedef unsigned int xid_t;
2074 /* This is defined by include/asm-{arch}/posix_types.h */
2075 diff -NurpP --minimal linux-2.6.2-rc1/include/linux/vinline.h linux-2.6.2-rc1-vs0.05/include/linux/vinline.h
2076 --- linux-2.6.2-rc1/include/linux/vinline.h Thu Jan 1 01:00:00 1970
2077 +++ linux-2.6.2-rc1-vs0.05/include/linux/vinline.h Sat Jan 24 05:14:16 2004
2079 +#ifndef _VX_INLINE_H
2080 +#define _VX_INLINE_H
2083 +// #define VX_DEBUG
2085 +#include <linux/kernel.h>
2086 +#include <linux/sched.h>
2088 +#include <linux/vserver/context.h>
2089 +#include <linux/vserver/network.h>
2091 +#if defined(VX_DEBUG)
2092 +#define vxdprintk(x...) printk("vxd: " x)
2094 +#define vxdprintk(x...)
2099 +void free_vx_info(struct vx_info *);
2101 +extern int proc_pid_vinfo(struct task_struct *, char *);
2104 +#define get_vx_info(i) __get_vx_info(i,__FILE__,__LINE__)
2106 +static __inline__ struct vx_info *__get_vx_info(struct vx_info *vxi, const char *_file, int _line)
2108 + /* for now we allow vxi to be null */
2111 + vxdprintk("get_vx_info(%p[#%d.%d])\t%s:%d\n", vxi,
2112 + vxi->vx_id, atomic_read(&vxi->vx_refcount),
2114 + atomic_inc(&vxi->vx_refcount);
2118 +#define put_vx_info(i) __put_vx_info(i,__FILE__,__LINE__)
2120 +static __inline__ void __put_vx_info(struct vx_info *vxi, const char *_file, int _line)
2122 + /* for now we allow vxi to be null */
2125 + vxdprintk("put_vx_info(%p[#%d.%d])\t%s:%d\n", vxi,
2126 + vxi->vx_id, atomic_read(&vxi->vx_refcount),
2128 + if (atomic_dec_and_lock(&vxi->vx_refcount, &vxlist_lock)) {
2129 + list_del(&vxi->vx_list);
2130 + spin_unlock(&vxlist_lock);
2131 + free_vx_info(vxi);
2135 +#define task_get_vx_info(i) __task_get_vx_info(i,__FILE__,__LINE__)
2137 +static __inline__ struct vx_info *__task_get_vx_info(struct task_struct *p,
2138 + const char *_file, int _line)
2140 + struct vx_info *vxi;
2143 + vxi = __get_vx_info(p->vx_info, _file, _line);
2149 +#define vx_verify_info(p,i) \
2150 + __vx_verify_info((p)->vx_info,i,__FILE__,__LINE__)
2152 +static __inline__ void __vx_verify_info(
2153 + struct vx_info *vxa, struct vx_info *vxb,
2154 + const char *_file, int _line)
2158 + printk(KERN_ERR "vx bad assumption (%p==%p) at %s:%d\n",
2159 + vxa, vxb, _file, _line);
2163 +#define vx_task_xid(t) ((t)->xid)
2165 +#define vx_current_xid() vx_task_xid(current)
2167 +#define vx_check(c,m) __vx_check(vx_current_xid(),c,m)
2169 +#define vx_weak_check(c,m) ((m) ? vx_check(c,m) : 1)
2172 + * check current context for ADMIN/WATCH and
2173 + * optionally agains supplied argument
2175 +static __inline__ int __vx_check(xid_t cid, xid_t id, unsigned int mode)
2177 + if (mode & VX_ARG_MASK) {
2178 + if ((mode & VX_IDENT) &&
2182 + if (mode & VX_ATR_MASK) {
2183 + if ((mode & VX_DYNAMIC) &&
2184 + (id >= MIN_D_CONTEXT) &&
2185 + (id <= MAX_S_CONTEXT))
2187 + if ((mode & VX_STATIC) &&
2188 + (id > 1) && (id < MIN_D_CONTEXT))
2191 + return (((mode & VX_ADMIN) && (cid == 0)) ||
2192 + ((mode & VX_WATCH) && (cid == 1)));
2197 +void free_ip_info(struct ip_info *);
2199 +#define get_ip_info(i) __get_ip_info(i,__FILE__,__LINE__)
2201 +static __inline__ struct ip_info *__get_ip_info(struct ip_info *ipi, const char *_file, int _line)
2203 + /* for now we allow vxi to be null */
2206 + vxdprintk("get_ip_info(%p[%d])\t%s:%d\n", ipi,
2207 + atomic_read(&ipi->ip_refcount), _file, _line);
2208 + atomic_inc(&ipi->ip_refcount);
2212 +#define put_ip_info(i) __put_ip_info(i,__FILE__,__LINE__)
2214 +static __inline__ void __put_ip_info(struct ip_info *ipi, const char *_file, int _line)
2216 + /* for now we allow vxi to be null */
2219 + vxdprintk("put_ip_info(%p[%d])\t%s:%d\n", ipi,
2220 + atomic_read(&ipi->ip_refcount), _file, _line);
2221 + if (atomic_dec_and_lock(&ipi->ip_refcount, &iplist_lock)) {
2222 + list_del(&ipi->ip_list);
2223 + spin_unlock(&iplist_lock);
2224 + free_ip_info(ipi);
2228 +#define task_get_ip_info(i) __task_get_ip_info(i,__FILE__,__LINE__)
2230 +static __inline__ struct ip_info *__task_get_ip_info(struct task_struct *p,
2231 + const char *_file, int _line)
2233 + struct ip_info *ipi;
2236 + ipi = __get_ip_info(p->ip_info, _file, _line);
2241 +#define ip_verify_info(p,i) \
2242 + __ip_verify_info((p)->ip_info,i,__FILE__,__LINE__)
2244 +static __inline__ void __ip_verify_info(
2245 + struct ip_info *ipa, struct ip_info *ipb,
2246 + const char *_file, int _line)
2250 + printk(KERN_ERR "ip bad assumption (%p==%p) at %s:%d\n",
2251 + ipa, ipb, _file, _line);
2256 +#define VX_DEBUG_ACC_RSS 0
2257 +#define VX_DEBUG_ACC_VM 0
2258 +#define VX_DEBUG_ACC_VML 0
2261 +#define vx_acc_page(m, d, v, r) \
2262 + __vx_acc_page(&(m->v), m->mm_vx_info, r, d, __FILE__, __LINE__)
2264 +static inline void __vx_acc_page(unsigned long *v, struct vx_info *vxi,
2265 + int res, int dir, char *file, int line)
2275 + atomic_inc(&vxi->limit.res[res]);
2277 + atomic_dec(&vxi->limit.res[res]);
2282 +#define vx_acc_pages(m, p, v, r) \
2283 + __vx_acc_pages(&(m->v), m->mm_vx_info, r, p, __FILE__, __LINE__)
2285 +static inline void __vx_acc_pages(unsigned long *v, struct vx_info *vxi,
2286 + int res, int pages, char *file, int line)
2288 + if ((pages > 1 || pages < -1) &&
2289 + ((res == RLIMIT_RSS && VX_DEBUG_ACC_RSS) ||
2290 + (res == RLIMIT_AS && VX_DEBUG_ACC_VM) ||
2291 + (res == RLIMIT_MEMLOCK && VX_DEBUG_ACC_VML)))
2292 + vxdprintk("vx_acc_pages [%5d,%2d]: %5d += %5d in %s:%d\n",
2293 + (vxi?vxi->vx_id:-1), res,
2294 + (vxi?atomic_read(&vxi->limit.res[res]):0),
2295 + pages, file, line);
2301 + atomic_add(pages, &vxi->limit.res[res]);
2306 +#define vx_acc_vmpage(m,d) vx_acc_page(m, d, total_vm, RLIMIT_AS)
2307 +#define vx_acc_vmlpage(m,d) vx_acc_page(m, d, locked_vm, RLIMIT_MEMLOCK)
2308 +#define vx_acc_rsspage(m,d) vx_acc_page(m, d, rss, RLIMIT_RSS)
2310 +#define vx_acc_vmpages(m,p) vx_acc_pages(m, p, total_vm, RLIMIT_AS)
2311 +#define vx_acc_vmlpages(m,p) vx_acc_pages(m, p, locked_vm, RLIMIT_MEMLOCK)
2312 +#define vx_acc_rsspages(m,p) vx_acc_pages(m, p, rss, RLIMIT_RSS)
2314 +#define vx_pages_add(s,r,p) __vx_acc_pages(0, s, r, p, __FILE__, __LINE__)
2315 +#define vx_pages_sub(s,r,p) __vx_pages_add(s, r, -(p))
2317 +#define vx_vmpages_inc(m) vx_acc_vmpage(m, 1)
2318 +#define vx_vmpages_dec(m) vx_acc_vmpage(m,-1)
2319 +#define vx_vmpages_add(m,p) vx_acc_vmpages(m, p)
2320 +#define vx_vmpages_sub(m,p) vx_acc_vmpages(m,-(p))
2322 +#define vx_vmlocked_inc(m) vx_acc_vmlpage(m, 1)
2323 +#define vx_vmlocked_dec(m) vx_acc_vmlpage(m,-1)
2324 +#define vx_vmlocked_add(m,p) vx_acc_vmlpages(m, p)
2325 +#define vx_vmlocked_sub(m,p) vx_acc_vmlpages(m,-(p))
2327 +#define vx_rsspages_inc(m) vx_acc_rsspage(m, 1)
2328 +#define vx_rsspages_dec(m) vx_acc_rsspage(m,-1)
2329 +#define vx_rsspages_add(m,p) vx_acc_rsspages(m, p)
2330 +#define vx_rsspages_sub(m,p) vx_acc_rsspages(m,-(p))
2334 +#define vx_pages_avail(m, p, r) \
2335 + __vx_pages_avail((m)->mm_vx_info, (r), (p), __FILE__, __LINE__)
2337 +static inline int __vx_pages_avail(struct vx_info *vxi,
2338 + int res, int pages, char *file, int line)
2340 + if ((res == RLIMIT_RSS && VX_DEBUG_ACC_RSS) ||
2341 + (res == RLIMIT_AS && VX_DEBUG_ACC_VM) ||
2342 + (res == RLIMIT_MEMLOCK && VX_DEBUG_ACC_VML))
2343 + printk("vx_pages_avail[%5d,%2d]: %5ld > %5d + %5d in %s:%d\n",
2344 + (vxi?vxi->vx_id:-1), res,
2345 + (vxi?vxi->limit.rlim[res]:1),
2346 + (vxi?atomic_read(&vxi->limit.res[res]):0),
2347 + pages, file, line);
2350 + if (vxi->limit.rlim[res] == RLIM_INFINITY)
2352 + if (vxi->limit.rlim[res] < atomic_read(&vxi->limit.res[res]) + pages)
2357 +#define vx_vmpages_avail(m,p) vx_pages_avail(m, p, RLIMIT_AS)
2358 +#define vx_vmlocked_avail(m,p) vx_pages_avail(m, p, RLIMIT_MEMLOCK)
2359 +#define vx_rsspages_avail(m,p) vx_pages_avail(m, p, RLIMIT_RSS)
2361 +/* procfs ioctls */
2363 +#define FIOC_GETXFLG _IOR('x', 5, long)
2364 +#define FIOC_SETXFLG _IOW('x', 6, long)
2368 diff -NurpP --minimal linux-2.6.2-rc1/include/linux/vserver/context.h linux-2.6.2-rc1-vs0.05/include/linux/vserver/context.h
2369 --- linux-2.6.2-rc1/include/linux/vserver/context.h Thu Jan 1 01:00:00 1970
2370 +++ linux-2.6.2-rc1-vs0.05/include/linux/vserver/context.h Sat Jan 24 06:06:06 2004
2372 +#ifndef _VX_CONTEXT_H
2373 +#define _VX_CONTEXT_H
2376 +#include <linux/types.h>
2379 +#define MAX_S_CONTEXT 65535 /* Arbitrary limit */
2380 +#define MIN_D_CONTEXT 49152 /* dynamic contexts start here */
2382 +#define VX_DYNAMIC_ID (-1UL) /* id for dynamic context */
2385 +#include <linux/utsname.h>
2391 + unsigned long total_forks;
2393 + unsigned int bias_cswtch;
2394 + long bias_jiffies;
2397 + struct new_utsname utsname;
2401 +#include <linux/list.h>
2402 +#include <linux/spinlock.h>
2403 +#include <asm/atomic.h>
2405 +#include <linux/vserver/limit.h>
2406 +#include <linux/vserver/sched.h>
2409 + struct list_head vx_list; /* linked list of contexts */
2410 + xid_t vx_id; /* context id */
2411 + atomic_t vx_refcount; /* refcount */
2412 + struct vx_info *vx_parent; /* parent context */
2414 + struct proc_dir_entry *vx_procent; /* proc entry */
2415 + unsigned int vx_flags; /* VX_INFO_xxx */
2416 + pid_t vx_initpid; /* PID of fake init process */
2418 + struct _vx_virt virt; /* virtual/bias stuff */
2419 + struct _vx_limit limit; /* vserver limits */
2420 + struct _vx_sched sched; /* vserver scheduler */
2422 + char vx_name[65]; /* vserver name */
2426 +extern spinlock_t vxlist_lock;
2427 +extern struct list_head vx_infos;
2430 +#define VX_ADMIN 0x0001
2431 +#define VX_WATCH 0x0002
2432 +#define VX_DUMMY 0x0008
2434 +#define VX_IDENT 0x0010
2435 +#define VX_EQUIV 0x0020
2436 +#define VX_PARENT 0x0040
2437 +#define VX_CHILD 0x0080
2439 +#define VX_ARG_MASK 0x00F0
2441 +#define VX_DYNAMIC 0x0100
2442 +#define VX_STATIC 0x0200
2444 +#define VX_ATR_MASK 0x0F00
2447 +void free_vx_info(struct vx_info *);
2449 +extern struct vx_info *find_vx_info(int);
2450 +extern struct vx_info *find_or_create_vx_info(int);
2453 +#include <linux/vserver/switch.h>
2455 +/* vinfo commands */
2457 +#define VCMD_task_xid VC_CMD(VINFO, 1, 0)
2458 +#define VCMD_task_nid VC_CMD(VINFO, 2, 0)
2460 +extern int vc_task_xid(uint32_t, void *);
2463 +#define VCMD_vx_info VC_CMD(VINFO, 5, 0)
2464 +#define VCMD_nx_info VC_CMD(VINFO, 6, 0)
2466 +struct vcmd_vx_info_v0 {
2469 + /* more to come */
2472 +extern int vc_vx_info(uint32_t, void *);
2475 +/* virtual host info names */
2477 +#define VCMD_vx_set_vhi_name VC_CMD(VHOST, 1, 0)
2478 +#define VCMD_vx_get_vhi_name VC_CMD(VHOST, 2, 0)
2480 +extern int vc_set_vhi_name(uint32_t, void *);
2481 +extern int vc_get_vhi_name(uint32_t, void *);
2483 +struct vcmd_vx_vhi_name_v0 {
2489 +enum vx_vhi_name_field {
2500 +// EXPORT_SYMBOL_GPL(vxlist_lock);
2501 +// EXPORT_SYMBOL_GPL(vx_infos);
2503 +// EXPORT_SYMBOL_GPL(find_vx_info);
2506 diff -NurpP --minimal linux-2.6.2-rc1/include/linux/vserver/inode.h linux-2.6.2-rc1-vs0.05/include/linux/vserver/inode.h
2507 --- linux-2.6.2-rc1/include/linux/vserver/inode.h Thu Jan 1 01:00:00 1970
2508 +++ linux-2.6.2-rc1-vs0.05/include/linux/vserver/inode.h Sat Jan 24 05:45:51 2004
2510 +#ifndef _VX_INODE_H
2511 +#define _VX_INODE_H
2514 +#include <linux/vserver/switch.h>
2516 +/* inode vserver commands */
2518 +#define VCMD_get_iattr VC_CMD(INODE, 1, 0)
2519 +#define VCMD_set_iattr VC_CMD(INODE, 2, 0)
2521 +struct vcmd_ctx_iattr_v0 {
2522 + /* device handle in id */
2529 +#define IATTR_XID 0x01000000
2531 +#define IATTR_ADMIN 0x00000001
2532 +#define IATTR_WATCH 0x00000002
2533 +#define IATTR_HIDE 0x00000004
2534 +#define IATTR_FLAGS 0x00000007
2536 +#define IATTR_BARRIER 0x00010000
2537 +#define IATTR_IUNLINK 0x00020000
2540 +extern int vc_get_iattr(uint32_t, void *);
2541 +extern int vc_set_iattr(uint32_t, void *);
2546 +#define FIOC_GETXFLG _IOR('x', 5, long)
2547 +#define FIOC_SETXFLG _IOW('x', 6, long)
2551 diff -NurpP --minimal linux-2.6.2-rc1/include/linux/vserver/legacy.h linux-2.6.2-rc1-vs0.05/include/linux/vserver/legacy.h
2552 --- linux-2.6.2-rc1/include/linux/vserver/legacy.h Thu Jan 1 01:00:00 1970
2553 +++ linux-2.6.2-rc1-vs0.05/include/linux/vserver/legacy.h Sat Jan 24 05:14:16 2004
2555 +#ifndef _VX_LEGACY_H
2556 +#define _VX_LEGACY_H
2559 +#include <linux/vserver/switch.h>
2560 +#include <linux/vserver/network.h>
2562 +/* compatibiliy vserver commands */
2564 +#define VCMD_new_s_context VC_CMD(COMPAT, 1, 1)
2565 +#define VCMD_set_ipv4root VC_CMD(COMPAT, 2, 3)
2567 +/* compatibiliy vserver arguments */
2569 +struct vcmd_new_s_context_v1 {
2570 + uint32_t remove_cap;
2574 +struct vcmd_set_ipv4root_v3 {
2575 + /* number of pairs in id */
2576 + uint32_t broadcast;
2580 + } ip_mask_pair[NB_IPV4ROOT];
2584 +#define VX_INFO_LOCK 1 /* Can't request a new vx_id */
2585 +#define VX_INFO_SCHED 2 /* All process in the vx_id */
2586 + /* Contribute to the schedular */
2587 +#define VX_INFO_NPROC 4 /* Limit number of processes in a context */
2588 +#define VX_INFO_PRIVATE 8 /* Noone can join this security context */
2589 +#define VX_INFO_INIT 16 /* This process wants to become the */
2590 + /* logical process 1 of the security */
2592 +#define VX_INFO_HIDEINFO 32 /* Hide some information in /proc */
2593 +#define VX_INFO_ULIMIT 64 /* Use ulimit of the current process */
2594 + /* to become the global limits */
2595 + /* of the context */
2597 +#define MAX_S_CONTEXT 65535 /* Arbitrary limit */
2598 +#define MIN_D_CONTEXT 49152 /* dynamic contexts start here */
2600 +#define VX_DYNAMIC_ID (-1UL) /* id for dynamic context */
2602 +#define NB_S_CONTEXT 16
2604 +#define NB_IPV4ROOT 16
2607 +extern int vc_new_s_context(uint32_t, void *);
2608 +extern int vc_set_ipv4root(uint32_t, void *);
2612 diff -NurpP --minimal linux-2.6.2-rc1/include/linux/vserver/limit.h linux-2.6.2-rc1-vs0.05/include/linux/vserver/limit.h
2613 --- linux-2.6.2-rc1/include/linux/vserver/limit.h Thu Jan 1 01:00:00 1970
2614 +++ linux-2.6.2-rc1-vs0.05/include/linux/vserver/limit.h Sat Jan 24 05:54:14 2004
2616 +#ifndef _VX_LIMIT_H
2617 +#define _VX_LIMIT_H
2620 +#include <linux/vserver/switch.h>
2622 +/* rlimit vserver commands */
2624 +#define VCMD_get_rlimit VC_CMD(RLIMIT, 1, 0)
2625 +#define VCMD_set_rlimit VC_CMD(RLIMIT, 2, 0)
2626 +#define VCMD_get_rlimit_mask VC_CMD(RLIMIT, 3, 0)
2628 +struct vcmd_ctx_rlimit_v0 {
2631 + uint64_t softlimit;
2635 +struct vcmd_ctx_rlimit_mask_v0 {
2637 + uint32_t softlimit;
2641 +#define CRLIM_UNSET (0ULL)
2642 +#define CRLIM_INFINITY (~0ULL)
2643 +#define CRLIM_KEEP (~1ULL)
2646 +extern int vc_get_rlimit(uint32_t, void *);
2647 +extern int vc_set_rlimit(uint32_t, void *);
2648 +extern int vc_get_rlimit_mask(uint32_t, void *);
2651 +#include <asm/atomic.h>
2652 +#include <asm/resource.h>
2654 +/* context sub struct */
2659 + unsigned long rlim[RLIM_NLIMITS]; /* Per context limit */
2660 + atomic_t res[RLIM_NLIMITS]; /* Current value */
2665 diff -NurpP --minimal linux-2.6.2-rc1/include/linux/vserver/network.h linux-2.6.2-rc1-vs0.05/include/linux/vserver/network.h
2666 --- linux-2.6.2-rc1/include/linux/vserver/network.h Thu Jan 1 01:00:00 1970
2667 +++ linux-2.6.2-rc1-vs0.05/include/linux/vserver/network.h Sat Jan 24 05:46:08 2004
2669 +#ifndef _VX_NETWORK_H
2670 +#define _VX_NETWORK_H
2673 +#define NB_IPV4ROOT 16
2675 +#include <linux/list.h>
2676 +#include <linux/spinlock.h>
2677 +#include <linux/utsname.h>
2678 +#include <asm/resource.h>
2679 +#include <asm/atomic.h>
2683 + struct list_head ip_list; /* linked list of ipinfos */
2684 + atomic_t ip_refcount;
2686 + __u32 ipv4[NB_IPV4ROOT];/* Process can only bind to these IPs */
2687 + /* The first one is used to connect */
2688 + /* and for bind any service */
2689 + /* The other must be used explicity when */
2691 + __u32 mask[NB_IPV4ROOT];/* Netmask for each ipv4 */
2692 + /* Used to select the proper source address */
2694 + __u32 v4_bcast; /* Broadcast address used to receive UDP packets */
2698 +extern spinlock_t iplist_lock;
2699 +extern struct list_head ip_infos;
2702 +void free_ip_info(struct ip_info *);
2703 +struct ip_info *create_ip_info(void);
2706 +// EXPORT_SYMBOL_GPL(iplist_lock);
2707 +// EXPORT_SYMBOL_GPL(ip_infos);
2709 +// EXPORT_SYMBOL_GPL(find_ip_info);
2712 diff -NurpP --minimal linux-2.6.2-rc1/include/linux/vserver/sched.h linux-2.6.2-rc1-vs0.05/include/linux/vserver/sched.h
2713 --- linux-2.6.2-rc1/include/linux/vserver/sched.h Thu Jan 1 01:00:00 1970
2714 +++ linux-2.6.2-rc1-vs0.05/include/linux/vserver/sched.h Sat Jan 24 06:12:29 2004
2716 +#ifndef _VX_SCHED_H
2717 +#define _VX_SCHED_H
2720 +#include <linux/vserver/switch.h>
2722 +/* sched vserver commands */
2724 +#define VCMD_set_sched VC_CMD(SYSTEST, 1, 1)
2726 +/* Options - these ones enable or disable the CTX_SCHED flag */
2727 +#define TBF_SCHED_ENABLE 0x0001
2728 +#define TBF_SCHED_DISABLE 0x0002
2730 +struct vcmd_set_sched_v1 {
2733 + int32_t fill_rate;
2735 + int32_t fill_level;
2736 + int32_t bucket_size;
2740 +extern int vc_set_sched(uint32_t, void *);
2742 +#include <linux/spinlock.h>
2744 +/* context sub struct */
2747 + spinlock_t tokens_lock; /* lock for this structure */
2749 + int tokens; /* number of CPU tokens in this context */
2750 + int tokens_fr; /* Fill rate: add X tokens... */
2751 + int tokens_div; /* Divisor: per Y jiffies */
2752 + int tokens_max; /* Limit: no more than N tokens */
2753 + uint32_t tokens_jfy; /* add an integral multiple of Y to this */
2758 diff -NurpP --minimal linux-2.6.2-rc1/include/linux/vserver/signal.h linux-2.6.2-rc1-vs0.05/include/linux/vserver/signal.h
2759 --- linux-2.6.2-rc1/include/linux/vserver/signal.h Thu Jan 1 01:00:00 1970
2760 +++ linux-2.6.2-rc1-vs0.05/include/linux/vserver/signal.h Sat Jan 24 06:02:39 2004
2762 +#ifndef _VX_SIGNAL_H
2763 +#define _VX_SIGNAL_H
2766 +#include <linux/vserver/switch.h>
2768 +/* context signalling */
2770 +#define VCMD_ctx_kill VC_CMD(PROCTRL, 1, 0)
2772 +struct vcmd_ctx_kill_v0 {
2778 +extern int vc_ctx_kill(uint32_t, void *);
2782 diff -NurpP --minimal linux-2.6.2-rc1/include/linux/vserver/switch.h linux-2.6.2-rc1-vs0.05/include/linux/vserver/switch.h
2783 --- linux-2.6.2-rc1/include/linux/vserver/switch.h Thu Jan 1 01:00:00 1970
2784 +++ linux-2.6.2-rc1-vs0.05/include/linux/vserver/switch.h Sat Jan 24 05:14:16 2004
2786 +#ifndef _LINUX_VIRTUAL_H
2787 +#define _LINUX_VIRTUAL_H
2789 +#include <linux/types.h>
2791 +#define VC_CATEGORY(c) (((c) >> 24) & 0x3F)
2792 +#define VC_COMMAND(c) (((c) >> 16) & 0xFF)
2793 +#define VC_VERSION(c) ((c) & 0xFFF)
2795 +#define VC_CMD(c,i,v) ((((VC_CAT_ ## c) & 0x3F) << 24) \
2796 + | (((i) & 0xFF) << 16) | ((v) & 0xFFF))
2800 + Syscall Matrix V2.4
2802 + |VERSION|CREATE |MODIFY |MIGRATE|CONTROL|EXPERIM| |SPECIAL|SPECIAL|
2803 + |STATS |DESTROY|ALTER |CHANGE |LIMIT |TEST | | | |
2804 + |INFO |SETUP | |MOVE | | | | | |
2805 + -------+-------+-------+-------+-------+-------+-------+ +-------+-------+
2806 + SYSTEM |VERSION| | | | | | |DEVICES| |
2807 + HOST | 00| 01| 02| 03| 04| 05| | 06| 07|
2808 + -------+-------+-------+-------+-------+-------+-------+ +-------+-------+
2809 + CPU | | | | | | | |SCHED. | |
2810 + PROCESS| 08| 09| 10| 11| 12| 13| | 14| 15|
2811 + -------+-------+-------+-------+-------+-------+-------+ +-------+-------+
2812 + MEMORY | | | | | | | |SWAP | |
2813 + | 16| 17| 18| 19| 20| 21| | 22| 23|
2814 + -------+-------+-------+-------+-------+-------+-------+ +-------+-------+
2815 + NETWORK| | | | | | | |SERIAL | |
2816 + | 24| 25| 26| 27| 28| 29| | 30| 31|
2817 + -------+-------+-------+-------+-------+-------+-------+ +-------+-------+
2818 + DISK | | | | | | | |INODE | |
2819 + VFS | 32| 33| 34| 35| 36| 37| | 38| 39|
2820 + -------+-------+-------+-------+-------+-------+-------+ +-------+-------+
2821 + OTHER | | | | | | | |VINFO | |
2822 + | 40| 41| 42| 43| 44| 45| | 46| 47|
2823 + =======+=======+=======+=======+=======+=======+=======+ +=======+=======+
2824 + SPECIAL| | | | | | | | | |
2825 + | 48| 49| 50| 51| 52| 53| | 54| 55|
2826 + -------+-------+-------+-------+-------+-------+-------+ +-------+-------+
2827 + SPECIAL| | | | |RLIMIT |SYSCALL| | |COMPAT |
2828 + | 56| 57| 58| 59| 60|TEST 61| | 62| 63|
2829 + -------+-------+-------+-------+-------+-------+-------+ +-------+-------+
2833 +#define VC_CAT_VERSION 0
2835 +#define VC_CAT_VHOST 2
2837 +#define VC_CAT_PROCTRL 12
2839 +#define VC_CAT_SCHED 14
2840 +#define VC_CAT_INODE 38
2842 +#define VC_CAT_VINFO 46
2844 +#define VC_CAT_RLIMIT 60
2846 +#define VC_CAT_SYSTEST 61
2847 +#define VC_CAT_COMPAT 63
2849 +/* interface version */
2851 +#define VCI_VERSION 0x00010010
2854 +/* query version */
2856 +#define VCMD_get_version VC_CMD(VERSION, 0, 0)
2859 +#include <linux/errno.h>
2861 +#define ENOTSUP ENOTSUPP
2864 +// EXPORT_SYMBOL_GPL(sys_vserver);
2867 +#endif /* _LINUX_VIRTUAL_H */
2868 diff -NurpP --minimal linux-2.6.2-rc1/include/linux/vserver.h linux-2.6.2-rc1-vs0.05/include/linux/vserver.h
2869 --- linux-2.6.2-rc1/include/linux/vserver.h Thu Jan 1 01:00:00 1970
2870 +++ linux-2.6.2-rc1-vs0.05/include/linux/vserver.h Sat Jan 24 05:14:16 2004
2872 +#ifndef _LINUX_VSERVER_H
2873 +#define _LINUX_VSERVER_H
2875 +#include <linux/vserver/context.h>
2876 +#include <linux/vserver/network.h>
2877 +#include <linux/vinline.h>
2880 diff -NurpP --minimal linux-2.6.2-rc1/include/net/route.h linux-2.6.2-rc1-vs0.05/include/net/route.h
2881 --- linux-2.6.2-rc1/include/net/route.h Fri Jan 9 07:59:02 2004
2882 +++ linux-2.6.2-rc1-vs0.05/include/net/route.h Sat Jan 24 05:46:08 2004
2884 #include <linux/route.h>
2885 #include <linux/ip.h>
2886 #include <linux/cache.h>
2887 +#include <linux/vinline.h>
2890 #warning This file is not supposed to be used outside of kernel.
2891 @@ -160,6 +161,45 @@ static inline int ip_route_connect(struc
2892 .dport = dport } } };
2895 + struct ip_info *ip_info = current->ip_info;
2897 + __u32 ipv4root = ip_info->ipv4[0];
2899 + int n = ip_info->nbipv4;
2904 + err = __ip_route_output_key(rp, &fl);
2907 + foundsrc = (*rp)->rt_src;
2909 + for (i=0; i<n; i++){
2910 + u32 mask = ip_info->mask[i];
2911 + u32 ipv4 = ip_info->ipv4[i];
2912 + u32 netipv4 = ipv4 & mask;
2913 + if ((foundsrc & mask) == netipv4) {
2920 + src = dst == 0x0100007f
2921 + ? 0x0100007f: ipv4root;
2924 + for (i=0; i<n; i++) {
2925 + if (ip_info->ipv4[i] == src) break;
2930 + if (dst == 0x0100007f && !vx_check(0, VX_ADMIN))
2935 err = __ip_route_output_key(rp, &fl);
2937 diff -NurpP --minimal linux-2.6.2-rc1/include/net/sock.h linux-2.6.2-rc1-vs0.05/include/net/sock.h
2938 --- linux-2.6.2-rc1/include/net/sock.h Sat Jan 24 03:18:19 2004
2939 +++ linux-2.6.2-rc1-vs0.05/include/net/sock.h Sat Jan 24 05:46:08 2004
2941 #include <linux/security.h>
2943 #include <linux/filter.h>
2944 +#include <linux/vinline.h>
2946 #include <asm/atomic.h>
2947 #include <net/dst.h>
2948 @@ -109,6 +110,8 @@ struct sock_common {
2949 struct hlist_node skc_node;
2950 struct hlist_node skc_bind_node;
2951 atomic_t skc_refcnt;
2953 + struct ip_info *skc_ip_info;
2957 @@ -186,6 +189,8 @@ struct sock {
2958 #define sk_node __sk_common.skc_node
2959 #define sk_bind_node __sk_common.skc_bind_node
2960 #define sk_refcnt __sk_common.skc_refcnt
2961 +#define sk_xid __sk_common.skc_xid
2962 +#define sk_ip_info __sk_common.skc_ip_info
2963 volatile unsigned char sk_zapped;
2964 unsigned char sk_shutdown;
2965 unsigned char sk_use_write_queue;
2966 diff -NurpP --minimal linux-2.6.2-rc1/include/net/tcp.h linux-2.6.2-rc1-vs0.05/include/net/tcp.h
2967 --- linux-2.6.2-rc1/include/net/tcp.h Sat Jan 24 03:18:19 2004
2968 +++ linux-2.6.2-rc1-vs0.05/include/net/tcp.h Sat Jan 24 05:46:08 2004
2969 @@ -195,6 +195,8 @@ struct tcp_tw_bucket {
2970 #define tw_node __tw_common.skc_node
2971 #define tw_bind_node __tw_common.skc_bind_node
2972 #define tw_refcnt __tw_common.skc_refcnt
2973 +#define tw_xid __tw_common.skc_xid
2974 +#define tw_ip_info __tw_common.skc_ip_info
2975 volatile unsigned char tw_substate;
2976 unsigned char tw_rcv_wscale;
2978 diff -NurpP --minimal linux-2.6.2-rc1/kernel/Makefile linux-2.6.2-rc1-vs0.05/kernel/Makefile
2979 --- linux-2.6.2-rc1/kernel/Makefile Fri Jan 9 07:59:10 2004
2980 +++ linux-2.6.2-rc1-vs0.05/kernel/Makefile Sat Jan 24 05:14:16 2004
2981 @@ -8,6 +8,11 @@ obj-y = sched.o fork.o exec_domain.o
2982 signal.o sys.o kmod.o workqueue.o pid.o \
2983 rcupdate.o intermodule.o extable.o params.o posix-timers.o
2985 +# mod-subdirs := vserver
2987 +subdir-y += vserver
2988 +obj-y += vserver/vserver.o
2990 obj-$(CONFIG_FUTEX) += futex.o
2991 obj-$(CONFIG_GENERIC_ISA_DMA) += dma.o
2992 obj-$(CONFIG_SMP) += cpu.o
2993 diff -NurpP --minimal linux-2.6.2-rc1/kernel/sys.c linux-2.6.2-rc1-vs0.05/kernel/sys.c
2994 --- linux-2.6.2-rc1/kernel/sys.c Sat Jan 24 03:18:19 2004
2995 +++ linux-2.6.2-rc1-vs0.05/kernel/sys.c Sat Jan 24 06:15:34 2004
2997 #include <linux/security.h>
2998 #include <linux/dcookies.h>
2999 #include <linux/suspend.h>
3000 +#include <linux/vinline.h>
3002 #include <asm/uaccess.h>
3004 @@ -317,7 +318,7 @@ asmlinkage long sys_setpriority(int whic
3006 user = current->user;
3008 - user = find_user(who);
3009 + user = find_user(vx_current_xid(), who);
3013 @@ -376,7 +377,7 @@ asmlinkage long sys_getpriority(int whic
3015 user = current->user;
3017 - user = find_user(who);
3018 + user = find_user(vx_current_xid(), who);
3022 @@ -617,7 +618,7 @@ static int set_user(uid_t new_ruid, int
3024 struct user_struct *new_user;
3026 - new_user = alloc_uid(new_ruid);
3027 + new_user = alloc_uid(vx_current_xid(), new_ruid);
3031 diff -NurpP --minimal linux-2.6.2-rc1/kernel/user.c linux-2.6.2-rc1-vs0.05/kernel/user.c
3032 --- linux-2.6.2-rc1/kernel/user.c Fri Jan 9 07:59:26 2004
3033 +++ linux-2.6.2-rc1-vs0.05/kernel/user.c Sat Jan 24 05:45:51 2004
3035 #define UIDHASH_BITS 8
3036 #define UIDHASH_SZ (1 << UIDHASH_BITS)
3037 #define UIDHASH_MASK (UIDHASH_SZ - 1)
3038 -#define __uidhashfn(uid) (((uid >> UIDHASH_BITS) + uid) & UIDHASH_MASK)
3039 -#define uidhashentry(uid) (uidhash_table + __uidhashfn((uid)))
3040 +#define __uidhashfn(xid,uid) ((((uid) >> UIDHASH_BITS) + ((uid)^(xid))) & UIDHASH_MASK)
3041 +#define uidhashentry(xid,uid) (uidhash_table + __uidhashfn((xid),(uid)))
3043 static kmem_cache_t *uid_cachep;
3044 static struct list_head uidhash_table[UIDHASH_SZ];
3045 @@ -46,7 +46,7 @@ static inline void uid_hash_remove(struc
3046 list_del(&up->uidhash_list);
3049 -static inline struct user_struct *uid_hash_find(uid_t uid, struct list_head *hashent)
3050 +static inline struct user_struct *uid_hash_find(xid_t xid, uid_t uid, struct list_head *hashent)
3052 struct list_head *up;
3054 @@ -55,7 +55,7 @@ static inline struct user_struct *uid_ha
3056 user = list_entry(up, struct user_struct, uidhash_list);
3058 - if(user->uid == uid) {
3059 + if(user->uid == uid && user->vx_id == xid) {
3060 atomic_inc(&user->__count);
3063 @@ -64,9 +64,9 @@ static inline struct user_struct *uid_ha
3067 -struct user_struct *find_user(uid_t uid)
3068 +struct user_struct *find_user(xid_t xid, uid_t uid)
3070 - return uid_hash_find(uid, uidhashentry(uid));
3071 + return uid_hash_find(xid, uid, uidhashentry(xid, uid));
3074 void free_uid(struct user_struct *up)
3075 @@ -78,13 +78,13 @@ void free_uid(struct user_struct *up)
3079 -struct user_struct * alloc_uid(uid_t uid)
3080 +struct user_struct * alloc_uid(xid_t xid, uid_t uid)
3082 - struct list_head *hashent = uidhashentry(uid);
3083 + struct list_head *hashent = uidhashentry(xid, uid);
3084 struct user_struct *up;
3086 spin_lock(&uidhash_lock);
3087 - up = uid_hash_find(uid, hashent);
3088 + up = uid_hash_find(xid, uid, hashent);
3089 spin_unlock(&uidhash_lock);
3092 @@ -94,6 +94,7 @@ struct user_struct * alloc_uid(uid_t uid
3097 atomic_set(&new->__count, 1);
3098 atomic_set(&new->processes, 0);
3099 atomic_set(&new->files, 0);
3100 @@ -103,7 +104,7 @@ struct user_struct * alloc_uid(uid_t uid
3101 * on adding the same user already..
3103 spin_lock(&uidhash_lock);
3104 - up = uid_hash_find(uid, hashent);
3105 + up = uid_hash_find(xid, uid, hashent);
3107 kmem_cache_free(uid_cachep, new);
3109 @@ -148,7 +149,7 @@ static int __init uid_cache_init(void)
3111 /* Insert the root user immediately (init already runs as root) */
3112 spin_lock(&uidhash_lock);
3113 - uid_hash_insert(&root_user, uidhashentry(0));
3114 + uid_hash_insert(&root_user, uidhashentry(0,0));
3115 spin_unlock(&uidhash_lock);
3118 diff -NurpP --minimal linux-2.6.2-rc1/kernel/vserver/Makefile linux-2.6.2-rc1-vs0.05/kernel/vserver/Makefile
3119 --- linux-2.6.2-rc1/kernel/vserver/Makefile Thu Jan 1 01:00:00 1970
3120 +++ linux-2.6.2-rc1-vs0.05/kernel/vserver/Makefile Sat Jan 24 06:36:45 2004
3123 +# Makefile for the Linux vserver routines.
3129 +vserver-y := switch.o context.o network.o inode.o limit.o signal.o
3131 +vserver-y += legacy.o
3133 diff -NurpP --minimal linux-2.6.2-rc1/kernel/vserver/context.c linux-2.6.2-rc1-vs0.05/kernel/vserver/context.c
3134 --- linux-2.6.2-rc1/kernel/vserver/context.c Thu Jan 1 01:00:00 1970
3135 +++ linux-2.6.2-rc1-vs0.05/kernel/vserver/context.c Sat Jan 24 06:04:27 2004
3138 + * linux/kernel/vserver/context.c
3140 + * Virtual Server: Context Support
3142 + * Copyright (C) 2003-2004 Herbert Pötzl
3144 + * V0.01 context helper
3145 + * V0.02 vx_ctx_kill syscall command
3146 + * V0.03 replaced context_info calls
3147 + * V0.04 redesign of struct (de)alloc
3148 + * V0.05 rlimit basic implementation
3152 +#include <linux/config.h>
3153 +//#include <linux/linkage.h>
3154 +#include <linux/utsname.h>
3155 +#include <linux/slab.h>
3156 +#include <linux/vserver/context.h>
3157 +//#include <linux/vswitch.h>
3158 +#include <linux/vinline.h>
3159 +//#include <linux/sched.h>
3160 +#include <linux/kernel_stat.h>
3162 +#include <asm/errno.h>
3163 +//#include <asm/uaccess.h>
3167 +/* system functions */
3170 +LIST_HEAD(vx_infos);
3172 +spinlock_t vxlist_lock
3173 + __cacheline_aligned_in_smp = SPIN_LOCK_UNLOCKED;
3177 + * struct vx_info allocation and deallocation
3180 +static struct vx_info *alloc_vx_info(int id)
3182 + struct vx_info *new = NULL;
3185 + vxdprintk("alloc_vx_info(%d)\n", id);
3186 + /* would this benefit from a slab cache? */
3187 + new = kmalloc(sizeof(struct vx_info), GFP_KERNEL);
3191 + memset (new, 0, sizeof(struct vx_info));
3193 + INIT_LIST_HEAD(&new->vx_list);
3194 + /* rest of init goes here */
3196 + for (lim=0; lim<RLIM_NLIMITS; lim++)
3197 + new->limit.rlim[lim] = RLIM_INFINITY;
3199 + /* scheduling; hard code starting values as constants */
3200 + new->sched.tokens_fr = 1;
3201 + new->sched.tokens_div = 4;
3202 + new->sched.tokens = HZ * 5;
3203 + new->sched.tokens_max = HZ * 10;
3204 + new->sched.tokens_jfy = jiffies;
3205 + new->sched.tokens_lock = SPIN_LOCK_UNLOCKED;
3207 + new->virt.nr_threads = 1;
3208 + // new->virt.bias_cswtch = kstat.context_swtch;
3209 + new->virt.bias_jiffies = jiffies;
3210 + /* new->virt.bias_idle = init_tasks[0]->times.tms_utime +
3211 + init_tasks[0]->times.tms_stime;
3213 + down_read(&uts_sem);
3214 + new->virt.utsname = system_utsname;
3215 + up_read(&uts_sem);
3217 + vxdprintk("alloc_vx_info(%d) = %p\n", id, new);
3221 +void free_vx_info(struct vx_info *vxi)
3223 + vxdprintk("free_vx_info(%p)\n", vxi);
3229 + * struct vx_info search by id
3230 + * assumes vxlist_lock is held
3233 +static __inline__ struct vx_info *__find_vx_info(int id)
3235 + struct vx_info *vxi;
3237 + list_for_each_entry(vxi, &vx_infos, vx_list)
3238 + if (vxi->vx_id == id)
3245 + * struct vx_info ref stuff
3248 +struct vx_info *find_vx_info(int id)
3250 + struct vx_info *vxi;
3252 + spin_lock(&vxlist_lock);
3253 + if ((vxi = __find_vx_info(id)))
3255 + spin_unlock(&vxlist_lock);
3261 + * struct vx_info search by id
3262 + * assumes vxlist_lock is held
3265 +static __inline__ xid_t __vx_dynamic_id(void)
3267 + static xid_t seq = MAX_S_CONTEXT;
3268 + xid_t barrier = seq;
3271 + if (++seq > MAX_S_CONTEXT)
3272 + seq = MIN_D_CONTEXT;
3273 + if (!__find_vx_info(seq))
3275 + } while (barrier != seq);
3280 +struct vx_info *find_or_create_vx_info(int id)
3282 + struct vx_info *new, *vxi = NULL;
3284 + vxdprintk("find_or_create_vx_info(%d)\n", id);
3285 + if (!(new = alloc_vx_info(id)))
3288 + spin_lock(&vxlist_lock);
3290 + /* dynamic context requested */
3291 + if (id == VX_DYNAMIC_ID) {
3292 + id = __vx_dynamic_id();
3294 + printk(KERN_ERR "no dynamic context available.\n");
3299 + /* existing context requested */
3300 + else if ((vxi = __find_vx_info(id))) {
3301 + vxdprintk("find_or_create_vx_info(%d) = %p (found)\n", id, vxi);
3306 + /* new context requested */
3307 + vxdprintk("find_or_create_vx_info(%d) = %p (new)\n", id, vxi);
3308 + atomic_set(&new->vx_refcount, 1);
3309 + list_add(&new->vx_list, &vx_infos);
3310 + vxi = new, new = NULL;
3313 + spin_unlock(&vxlist_lock);
3315 + free_vx_info(new);
3320 +#include <asm/uaccess.h>
3323 +int vc_task_xid(uint32_t id, void *data)
3325 + if (!vx_check(0, VX_ADMIN))
3342 +int vc_vx_info(uint32_t id, void *data)
3344 + struct vx_info *vxi;
3345 + struct vcmd_vx_info_v0 vc_data;
3347 + if (!vx_check(0, VX_ADMIN))
3349 + if (!capable(CAP_SYS_ADMIN) || !capable(CAP_SYS_RESOURCE))
3352 + vxi = find_vx_info(id);
3356 + if (copy_to_user (data, &vc_data, sizeof(vc_data)))
3362 +/* virtual host info names */
3364 +static char * vx_vhi_name(struct vx_info *vxi, int id)
3367 + case VHIN_CONTEXT:
3368 + return vxi->vx_name;
3369 + case VHIN_SYSNAME:
3370 + return vxi->virt.utsname.sysname;
3371 + case VHIN_NODENAME:
3372 + return vxi->virt.utsname.nodename;
3373 + case VHIN_RELEASE:
3374 + return vxi->virt.utsname.release;
3375 + case VHIN_VERSION:
3376 + return vxi->virt.utsname.version;
3377 + case VHIN_MACHINE:
3378 + return vxi->virt.utsname.machine;
3379 + case VHIN_DOMAINNAME:
3380 + return vxi->virt.utsname.domainname;
3386 +int vc_set_vhi_name(uint32_t id, void *data)
3388 + struct vx_info *vxi;
3389 + struct vcmd_vx_vhi_name_v0 vc_data;
3392 + if (!vx_check(0, VX_ADMIN))
3394 + if (!capable(CAP_SYS_ADMIN))
3396 + if (copy_from_user (&vc_data, data, sizeof(vc_data)))
3399 + vxi = find_vx_info(id);
3403 + name = vx_vhi_name(vxi, vc_data.field);
3405 + memcpy(name, vc_data.name, 65);
3407 + return (name ? 0 : -EFAULT);
3410 +int vc_get_vhi_name(uint32_t id, void *data)
3412 + struct vx_info *vxi;
3413 + struct vcmd_vx_vhi_name_v0 vc_data;
3416 + if (!vx_check(0, VX_ADMIN))
3418 + if (copy_from_user (&vc_data, data, sizeof(vc_data)))
3421 + vxi = find_vx_info(id);
3425 + name = vx_vhi_name(vxi, vc_data.field);
3429 + memcpy(vc_data.name, name, 65);
3430 + if (copy_to_user (data, &vc_data, sizeof(vc_data)))
3434 + return (name ? 0 : -EFAULT);
3439 diff -NurpP --minimal linux-2.6.2-rc1/kernel/vserver/inode.c linux-2.6.2-rc1-vs0.05/kernel/vserver/inode.c
3440 --- linux-2.6.2-rc1/kernel/vserver/inode.c Thu Jan 1 01:00:00 1970
3441 +++ linux-2.6.2-rc1-vs0.05/kernel/vserver/inode.c Sat Jan 24 07:54:13 2004
3444 + * linux/kernel/vserver/inode.c
3446 + * Virtual Server: File System Support
3448 + * Copyright (C) 2004 Herbert Pötzl
3450 + * V0.01 separated from vcontext V0.05
3454 +#include <linux/config.h>
3455 +//#include <linux/linkage.h>
3456 +//#include <linux/utsname.h>
3457 +//#include <linux/slab.h>
3458 +//#include <linux/vcontext.h>
3459 +//#include <linux/vswitch.h>
3460 +#include <linux/vinline.h>
3461 +#include <linux/fs.h>
3462 +#include <linux/proc_fs.h>
3463 +//#include <linux/kernel_stat.h>
3464 +#include <linux/vserver/inode.h>
3466 +#include <asm/errno.h>
3467 +#include <asm/uaccess.h>
3468 +//#include <asm/smplock.h>
3471 +int vc_get_iattr(uint32_t id, void *data)
3473 + struct super_block *sb;
3475 + struct vcmd_ctx_iattr_v0 vc_data;
3479 + if (!vx_check(0, VX_ADMIN))
3481 + if (copy_from_user (&vc_data, data, sizeof(vc_data)))
3485 + sb = get_super(to_kdev_t(id));
3488 + in = iget(sb, vc_data.ino);
3492 + vc_data.xid = in->i_xid;
3493 + vc_data.flags = IATTR_XID
3494 + | (IS_BARRIER(in) ? IATTR_BARRIER : 0)
3495 + | (IS_IUNLINK(in) ? IATTR_IUNLINK : 0);
3496 + vc_data.mask = IATTR_XID | IATTR_BARRIER | IATTR_IUNLINK;
3498 + if (sb->s_magic == PROC_SUPER_MAGIC) {
3499 + vc_data.flags |= (in->u.proc_i.vx_flags & IATTR_FLAGS);
3500 + vc_data.mask |= IATTR_FLAGS;
3504 + if (copy_to_user (data, &vc_data, sizeof(vc_data)))
3514 +int vc_set_iattr(uint32_t id, void *data)
3516 + struct super_block *sb;
3518 + struct vcmd_ctx_iattr_v0 vc_data;
3521 + if (!vx_check(0, VX_ADMIN))
3523 + if (!capable(CAP_SYS_ADMIN) || !capable(CAP_LINUX_IMMUTABLE))
3525 + if (copy_from_user (&vc_data, data, sizeof(vc_data)))
3529 + sb = get_super(to_kdev_t(id));
3534 + if ((vc_data.mask & IATTR_FLAGS) && (sb->s_magic != PROC_SUPER_MAGIC))
3538 + in = iget(sb, vc_data.ino);
3543 + if (vc_data.mask & IATTR_XID)
3544 + in->i_xid = vc_data.xid;
3546 + if (vc_data.mask & IATTR_FLAGS) {
3547 + unsigned int flags = in->u.proc_i.vx_flags;
3548 + unsigned int mask = vc_data.mask;
3550 + in->u.proc_i.vx_flags = (flags & ~(mask & IATTR_FLAGS))
3551 + | (vc_data.flags & IATTR_FLAGS);
3554 + if (vc_data.mask & IATTR_BARRIER)
3555 + in->i_flags = (in->i_flags & ~S_BARRIER)
3556 + | ((vc_data.flags & IATTR_BARRIER) ? S_BARRIER : 0);
3557 + if (vc_data.mask & IATTR_IUNLINK)
3558 + in->i_flags = (in->i_flags & ~S_IUNLINK)
3559 + | ((vc_data.flags & IATTR_IUNLINK) ? S_IUNLINK : 0);
3560 + mark_inode_dirty(in);
3572 +#include <linux/proc_fs.h>
3574 +int vx_proc_ioctl(struct inode * inode, struct file * filp,
3575 + unsigned int cmd, unsigned long arg)
3577 + struct proc_dir_entry *entry;
3581 + if (inode->i_ino < PROC_DYNAMIC_FIRST ||
3582 + inode->i_ino >= PROC_DYNAMIC_FIRST+PROC_NDYNAMIC)
3585 + entry = PROC_I(inode)->pde;
3588 + case FIOC_GETXFLG: {
3589 + /* fixme: if stealth, return -ENOTTY */
3591 + flags = entry->vx_flags;
3592 + if (capable(CAP_CONTEXT))
3593 + error = put_user(flags, (int *) arg);
3596 + case FIOC_SETXFLG: {
3597 + /* fixme: if stealth, return -ENOTTY */
3599 + if (!capable(CAP_CONTEXT))
3602 + if (IS_RDONLY(inode))
3605 + if (get_user(flags, (int *) arg))
3608 + entry->vx_flags = flags;
3617 diff -NurpP --minimal linux-2.6.2-rc1/kernel/vserver/legacy.c linux-2.6.2-rc1-vs0.05/kernel/vserver/legacy.c
3618 --- linux-2.6.2-rc1/kernel/vserver/legacy.c Thu Jan 1 01:00:00 1970
3619 +++ linux-2.6.2-rc1-vs0.05/kernel/vserver/legacy.c Sat Jan 24 05:14:16 2004
3622 + * linux/kernel/vserver/legacy.c
3624 + * Virtual Server: Legacy Funtions
3626 + * Copyright (C) 2001-2003 Jacques Gelinas
3627 + * Copyright (C) 2003-2004 Herbert Pötzl
3629 + * V0.01 broken out from vcontext.c V0.05
3633 +#include <linux/config.h>
3634 +//#include <linux/linkage.h>
3635 +//#include <linux/utsname.h>
3636 +//#include <linux/slab.h>
3637 +#include <linux/vserver/context.h>
3638 +#include <linux/vserver/legacy.h>
3639 +//#include <linux/vswitch.h>
3640 +#include <linux/vinline.h>
3641 +#include <linux/sched.h>
3642 +//#include <linux/kernel_stat.h>
3644 +#include <asm/errno.h>
3645 +#include <asm/uaccess.h>
3648 +static int vx_migrate_user(struct task_struct *p, struct vx_info *vxi)
3650 + struct user_struct *new_user, *old_user;
3654 + new_user = alloc_uid(vxi->vx_id, p->uid);
3658 + old_user = p->user;
3659 + if (new_user != old_user) {
3660 + atomic_inc(&new_user->processes);
3661 + atomic_dec(&old_user->processes);
3662 + p->user = new_user;
3664 + free_uid(old_user);
3669 + * migrate task to new context
3670 + * gets vxi, puts old_vxi on change
3673 +static int vx_migrate_task(struct task_struct *p, struct vx_info *vxi)
3675 + struct vx_info *old_vxi = task_get_vx_info(p);
3681 + vxdprintk("vx_migrate_task(%p,%p[#%d.%d)\n", p, vxi,
3682 + vxi->vx_id, atomic_read(&vxi->vx_refcount));
3683 + spin_lock(&p->alloc_lock);
3684 + if (old_vxi == vxi)
3687 + if (!(ret = vx_migrate_user(p, vxi))) {
3689 + old_vxi->virt.nr_threads--;
3690 + atomic_dec(&old_vxi->limit.res[RLIMIT_NPROC]);
3692 + vxi->virt.nr_threads++;
3693 + atomic_inc(&vxi->limit.res[RLIMIT_NPROC]);
3694 + p->vx_info = get_vx_info(vxi);
3695 + p->xid = vxi->vx_id;
3697 + put_vx_info(old_vxi);
3700 + spin_unlock(&p->alloc_lock);
3701 + put_vx_info(old_vxi);
3706 +static int vx_set_initpid(struct vx_info *vxi, int pid)
3709 + if (vxi->vx_initpid)
3712 + vxi->vx_initpid = pid;
3716 +int vc_new_s_context(uint32_t ctx, void *data)
3718 + int ret = -ENOMEM;
3719 + struct vcmd_new_s_context_v1 vc_data;
3720 + struct vx_info *new_vxi;
3722 + if (copy_from_user(&vc_data, data, sizeof(vc_data)))
3725 + /* legacy hack, will be removed soon */
3727 + /* assign flags and initpid */
3728 + if (!current->vx_info)
3731 + if (vc_data.flags & VX_INFO_INIT)
3732 + ret = vx_set_initpid(current->vx_info, current->tgid);
3734 + /* We keep the same vx_id, but lower the capabilities */
3735 + current->cap_bset &= (~vc_data.remove_cap);
3736 + ret = vx_current_xid();
3737 + current->vx_info->vx_flags |= vc_data.flags;
3742 + if (!vx_check(0, VX_ADMIN) ||
3743 + !capable(CAP_SYS_ADMIN) ||
3744 + (current->vx_info &&
3745 + (current->vx_info->vx_flags & VX_INFO_LOCK)))
3748 + if (((ctx > MAX_S_CONTEXT) && (ctx != VX_DYNAMIC_ID)) ||
3752 + if ((ctx == VX_DYNAMIC_ID) || (ctx < MIN_D_CONTEXT))
3753 + new_vxi = find_or_create_vx_info(ctx);
3755 + new_vxi = find_vx_info(ctx);
3760 + ret = vx_migrate_task(current, new_vxi);
3762 + current->cap_bset &= (~vc_data.remove_cap);
3763 + new_vxi->vx_flags |= vc_data.flags;
3764 + if (vc_data.flags & VX_INFO_INIT)
3765 + vx_set_initpid(new_vxi, current->tgid);
3766 + if (vc_data.flags & VX_INFO_NPROC)
3767 + new_vxi->limit.rlim[RLIMIT_NPROC] =
3768 + current->rlim[RLIMIT_NPROC].rlim_max;
3769 + ret = new_vxi->vx_id;
3771 + put_vx_info(new_vxi);
3777 +/* set ipv4 root (syscall) */
3779 +int vc_set_ipv4root(uint32_t nbip, void *data)
3781 + int i, err = -EPERM;
3782 + struct vcmd_set_ipv4root_v3 vc_data;
3783 + struct ip_info *new_ipi, *ipi = current->ip_info;
3785 + if (nbip < 0 || nbip > NB_IPV4ROOT)
3787 + if (copy_from_user (&vc_data, data, sizeof(vc_data)))
3790 + if (!ipi || ipi->ipv4[0] == 0 || capable(CAP_NET_ADMIN))
3791 + // We are allowed to change everything
3796 + // We are allowed to select a subset of the currently
3797 + // installed IP numbers. No new one allowed
3798 + // We can't change the broadcast address though
3799 + for (i=0; i<nbip; i++) {
3801 + __u32 ipip = vc_data.ip_mask_pair[i].ip;
3802 + for (j=0; j<ipi->nbipv4; j++) {
3803 + if (ipip == ipi->ipv4[j]) {
3809 + if ((found == nbip) &&
3810 + (vc_data.broadcast == ipi->v4_bcast))
3816 + new_ipi = create_ip_info();
3820 + new_ipi->nbipv4 = nbip;
3821 + for (i=0; i<nbip; i++) {
3822 + new_ipi->ipv4[i] = vc_data.ip_mask_pair[i].ip;
3823 + new_ipi->mask[i] = vc_data.ip_mask_pair[i].mask;
3825 + new_ipi->v4_bcast = vc_data.broadcast;
3826 + current->ip_info = new_ipi;
3832 diff -NurpP --minimal linux-2.6.2-rc1/kernel/vserver/limit.c linux-2.6.2-rc1-vs0.05/kernel/vserver/limit.c
3833 --- linux-2.6.2-rc1/kernel/vserver/limit.c Thu Jan 1 01:00:00 1970
3834 +++ linux-2.6.2-rc1-vs0.05/kernel/vserver/limit.c Sat Jan 24 05:54:03 2004
3837 + * linux/kernel/vserver/limit.c
3839 + * Virtual Server: Context Limits
3841 + * Copyright (C) 2004 Herbert Pötzl
3843 + * V0.01 broken out from vcontext V0.05
3847 +#include <linux/config.h>
3848 +//#include <linux/linkage.h>
3849 +//#include <linux/utsname.h>
3850 +//#include <linux/slab.h>
3851 +#include <linux/vserver/limit.h>
3852 +#include <linux/vserver/context.h>
3853 +#include <linux/vserver/switch.h>
3854 +#include <linux/vinline.h>
3855 +//#include <linux/sched.h>
3856 +//#include <linux/kernel_stat.h>
3858 +#include <asm/errno.h>
3859 +#include <asm/uaccess.h>
3862 +static int is_valid_rlimit(int id)
3867 + case RLIMIT_NPROC:
3876 +int vc_get_rlimit(uint32_t id, void *data)
3878 + struct vx_info *vxi;
3879 + struct vcmd_ctx_rlimit_v0 vc_data;
3881 + if (!vx_check(0, VX_ADMIN))
3883 + if (copy_from_user (&vc_data, data, sizeof(vc_data)))
3885 + if (!is_valid_rlimit(vc_data.id))
3888 + vxi = find_vx_info(id);
3892 + if (vc_data.maximum != CRLIM_KEEP)
3893 + vc_data.maximum = vxi->limit.rlim[vc_data.id];
3894 + vc_data.minimum = CRLIM_UNSET;
3895 + vc_data.softlimit = CRLIM_UNSET;
3898 + if (copy_to_user (data, &vc_data, sizeof(vc_data)))
3903 +int vc_set_rlimit(uint32_t id, void *data)
3905 + struct vx_info *vxi;
3906 + struct vcmd_ctx_rlimit_v0 vc_data;
3908 + if (!vx_check(0, VX_ADMIN))
3910 + if (!capable(CAP_SYS_ADMIN) || !capable(CAP_SYS_RESOURCE))
3912 + if (copy_from_user (&vc_data, data, sizeof(vc_data)))
3914 + if (!is_valid_rlimit(vc_data.id))
3917 + vxi = find_vx_info(id);
3921 + if (vc_data.maximum != CRLIM_KEEP)
3922 + vxi->limit.rlim[vc_data.id] = vc_data.maximum;
3923 + printk("setting [%d] = %d\n", vc_data.id, (int)vc_data.maximum);
3929 +int vc_get_rlimit_mask(uint32_t id, void *data)
3931 + static struct vcmd_ctx_rlimit_mask_v0 mask = {
3937 + (1 << RLIMIT_NPROC) |
3938 + (1 << RLIMIT_AS) |
3942 + if (!vx_check(0, VX_ADMIN))
3944 + if (!capable(CAP_SYS_ADMIN) || !capable(CAP_SYS_RESOURCE))
3946 + if (copy_to_user(data, &mask, sizeof(mask)))
3952 diff -NurpP --minimal linux-2.6.2-rc1/kernel/vserver/network.c linux-2.6.2-rc1-vs0.05/kernel/vserver/network.c
3953 --- linux-2.6.2-rc1/kernel/vserver/network.c Thu Jan 1 01:00:00 1970
3954 +++ linux-2.6.2-rc1-vs0.05/kernel/vserver/network.c Sat Jan 24 05:46:08 2004
3957 + * linux/kernel/vserver/network.c
3959 + * Virtual Server: Network Support
3961 + * Copyright (C) 2003-2004 Herbert Pötzl
3963 + * V0.01 broken out from vcontext V0.05
3964 + * V0.05 rlimit basic implementation
3968 +#include <linux/config.h>
3969 +//#include <linux/linkage.h>
3970 +//#include <linux/utsname.h>
3971 +#include <linux/slab.h>
3972 +#include <linux/vserver/network.h>
3973 +//#include <linux/vswitch.h>
3974 +#include <linux/vinline.h>
3975 +//#include <linux/sched.h>
3976 +//#include <linux/kernel_stat.h>
3978 +#include <asm/errno.h>
3979 +//#include <asm/uaccess.h>
3983 +LIST_HEAD(ip_infos);
3985 +spinlock_t iplist_lock
3986 + __cacheline_aligned_in_smp = SPIN_LOCK_UNLOCKED;
3990 + * struct ip_info allocation and deallocation
3993 +static struct ip_info *alloc_ip_info(void)
3995 + struct ip_info *new = NULL;
3997 + vxdprintk("alloc_ip_info()\n");
3998 + /* would this benefit from a slab cache? */
3999 + new = kmalloc(sizeof(struct ip_info), GFP_KERNEL);
4003 + memset (new, 0, sizeof(struct ip_info));
4004 + /* rest of init goes here */
4007 + vxdprintk("alloc_ip_info() = %p\n", new);
4011 +// extern int ip_proc_destroy(struct ip_info *);
4013 +void free_ip_info(struct ip_info *ipi)
4015 + vxdprintk("free_ip_info(%p)\n", ipi);
4016 +// ip_proc_destroy(ipi);
4020 +struct ip_info *create_ip_info(void)
4022 + struct ip_info *new;
4024 + vxdprintk("create_ip_info()\n");
4025 + if (!(new = alloc_ip_info()))
4028 + spin_lock(&iplist_lock);
4031 + atomic_set(&new->ip_refcount, 1);
4032 + list_add(&new->ip_list, &ip_infos);
4033 +// ip_proc_create(new);
4035 + spin_unlock(&iplist_lock);
4039 diff -NurpP --minimal linux-2.6.2-rc1/kernel/vserver/signal.c linux-2.6.2-rc1-vs0.05/kernel/vserver/signal.c
4040 --- linux-2.6.2-rc1/kernel/vserver/signal.c Thu Jan 1 01:00:00 1970
4041 +++ linux-2.6.2-rc1-vs0.05/kernel/vserver/signal.c Sat Jan 24 06:37:18 2004
4044 + * linux/kernel/vserver/signal.c
4046 + * Virtual Server: Signal Support
4048 + * Copyright (C) 2003-2004 Herbert Pötzl
4050 + * V0.01 broken out from vcontext V0.05
4054 +#include <linux/config.h>
4055 +#include <linux/sched.h>
4057 +#include <asm/errno.h>
4058 +#include <asm/uaccess.h>
4060 +#include <linux/vinline.h>
4061 +#include <linux/vserver/signal.h>
4064 +int vc_ctx_kill(uint32_t id, void *data)
4066 + int retval, count=0;
4067 + struct vcmd_ctx_kill_v0 vc_data;
4068 + struct siginfo info;
4069 + struct task_struct *p;
4070 + struct vx_info *vxi;
4072 + if (!vx_check(0, VX_ADMIN))
4074 + if (copy_from_user (&vc_data, data, sizeof(vc_data)))
4077 + info.si_signo = vc_data.sig;
4078 + info.si_errno = 0;
4079 + info.si_code = SI_USER;
4080 + info.si_pid = current->pid;
4081 + info.si_uid = current->uid;
4083 + vxi = find_vx_info(id);
4088 + read_lock(&tasklist_lock);
4089 + switch (vc_data.pid) {
4092 + for_each_process(p) {
4095 + if (vx_task_xid(p) != id || p->pid <= 1 ||
4096 + (vc_data.pid && vxi->vx_initpid == p->pid) ||
4097 + !thread_group_leader(p))
4100 + err = send_sig_info(vc_data.sig, &info, p);
4102 + if (err != -EPERM)
4108 + p = find_task_by_pid(vc_data.pid);
4110 + if (!thread_group_leader(p)) {
4111 + struct task_struct *tg;
4113 + tg = find_task_by_pid(p->tgid);
4117 + if ((id == -1) || (vx_task_xid(p) == id))
4118 + retval = send_sig_info(vc_data.sig, &info, p);
4122 + read_unlock(&tasklist_lock);
4128 diff -NurpP --minimal linux-2.6.2-rc1/kernel/vserver/switch.c linux-2.6.2-rc1-vs0.05/kernel/vserver/switch.c
4129 --- linux-2.6.2-rc1/kernel/vserver/switch.c Thu Jan 1 01:00:00 1970
4130 +++ linux-2.6.2-rc1-vs0.05/kernel/vserver/switch.c Sat Jan 24 05:14:16 2004
4133 + * linux/kernel/vserver/switch.c
4135 + * Virtual Server: Syscall Switch
4137 + * Copyright (C) 2003-2004 Herbert Pötzl
4139 + * V0.01 syscall switch
4140 + * V0.02 added signal to context
4141 + * V0.03 added rlimit functions
4142 + * V0.04 added iattr, task/xid functions
4146 +#include <linux/config.h>
4147 +#include <linux/linkage.h>
4148 +#include <asm/errno.h>
4150 +#include <linux/vserver/switch.h>
4154 +vc_get_version(uint32_t id)
4156 + return VCI_VERSION;
4160 +#include <linux/vserver/legacy.h>
4161 +#include <linux/vserver/context.h>
4162 +#include <linux/vserver/network.h>
4163 +#include <linux/vserver/limit.h>
4164 +#include <linux/vserver/inode.h>
4165 +#include <linux/vserver/signal.h>
4167 +extern asmlinkage int
4168 +sys_vserver(uint32_t cmd, uint32_t id, void *data)
4170 + int ret = -ENOTSUP;
4173 + case VCMD_get_version:
4174 + ret = vc_get_version(id);
4177 + case VCMD_new_s_context:
4178 + ret = vc_new_s_context(id, data);
4180 + case VCMD_set_ipv4root:
4181 + ret = vc_set_ipv4root(id, data);
4184 + case VCMD_get_rlimit:
4185 + ret = vc_get_rlimit(id, data);
4187 + case VCMD_set_rlimit:
4188 + ret = vc_set_rlimit(id, data);
4190 + case VCMD_get_rlimit_mask:
4191 + ret = vc_get_rlimit_mask(id, data);
4194 + case VCMD_ctx_kill:
4195 + ret = vc_ctx_kill(id, data);
4198 + case VCMD_get_iattr:
4199 + ret = vc_get_iattr(id, data);
4201 + case VCMD_set_iattr:
4202 + ret = vc_set_iattr(id, data);
4205 + case VCMD_task_xid:
4206 + ret = vc_task_xid(id, data);
4208 + case VCMD_vx_info:
4209 + ret = vc_vx_info(id, data);
4216 diff -NurpP --minimal linux-2.6.2-rc1/net/ipv4/af_inet.c linux-2.6.2-rc1-vs0.05/net/ipv4/af_inet.c
4217 --- linux-2.6.2-rc1/net/ipv4/af_inet.c Sat Jan 24 03:18:20 2004
4218 +++ linux-2.6.2-rc1-vs0.05/net/ipv4/af_inet.c Sat Jan 24 05:46:08 2004
4219 @@ -158,6 +158,10 @@ void inet_sock_destruct(struct sock *sk)
4224 + /* reordering required? */
4225 + put_ip_info(sk->sk_ip_info);
4226 + sk->sk_ip_info = NULL;
4227 dst_release(sk->sk_dst_cache);
4228 #ifdef INET_REFCNT_DEBUG
4229 atomic_dec(&inet_sock_nr);
4230 @@ -397,6 +401,9 @@ static int inet_create(struct socket *so
4231 sk->sk_family = PF_INET;
4232 sk->sk_protocol = protocol;
4233 sk->sk_backlog_rcv = sk->sk_prot->backlog_rcv;
4235 + sk->sk_xid = vx_current_xid();
4236 + sk->sk_ip_info = NULL;
4240 @@ -476,6 +483,10 @@ int inet_bind(struct socket *sock, struc
4241 unsigned short snum;
4244 + __u32 s_addr; /* Address used for validation */
4246 + __u32 s_addr2 = 0xffffffffl; /* Optional address of the socket */
4247 + struct ip_info *ip_info;
4249 /* If the socket has its own bind function then use it. (RAW) */
4250 if (sk->sk_prot->bind) {
4251 @@ -486,7 +497,37 @@ int inet_bind(struct socket *sock, struc
4252 if (addr_len < sizeof(struct sockaddr_in))
4255 - chk_addr_ret = inet_addr_type(addr->sin_addr.s_addr);
4256 + s_addr = s_addr1 = addr->sin_addr.s_addr;
4257 + ip_info = current->ip_info;
4259 + __u32 v4_bcast = ip_info->v4_bcast;
4260 + __u32 ipv4root = ip_info->ipv4[0];
4261 + int nbipv4 = ip_info->nbipv4;
4262 + if (s_addr == 0) {
4263 + s_addr = ipv4root;
4267 + s_addr1 = ipv4root;
4270 + s_addr2 = v4_bcast;
4271 + } else if (s_addr == 0x0100007f) {
4272 + s_addr = s_addr1 = ipv4root;
4274 + } else if (s_addr != v4_bcast
4275 + && s_addr != ipv4root) {
4277 + for (i=0; i<nbipv4; i++) {
4278 + if (s_addr == ip_info->ipv4[i])
4282 + return -EADDRNOTAVAIL;
4286 + chk_addr_ret = inet_addr_type(s_addr);
4288 /* Not specified by any standard per-se, however it breaks too
4289 * many applications when removed. It is unfortunate since
4290 @@ -498,7 +539,7 @@ int inet_bind(struct socket *sock, struc
4291 err = -EADDRNOTAVAIL;
4292 if (!sysctl_ip_nonlocal_bind &&
4294 - addr->sin_addr.s_addr != INADDR_ANY &&
4295 + s_addr != INADDR_ANY &&
4296 chk_addr_ret != RTN_LOCAL &&
4297 chk_addr_ret != RTN_MULTICAST &&
4298 chk_addr_ret != RTN_BROADCAST)
4299 @@ -523,13 +564,18 @@ int inet_bind(struct socket *sock, struc
4300 if (sk->sk_state != TCP_CLOSE || inet->num)
4301 goto out_release_sock;
4303 - inet->rcv_saddr = inet->saddr = addr->sin_addr.s_addr;
4304 + inet->rcv_saddr = inet->saddr = s_addr1;
4305 + inet->rcv_saddr2 = s_addr2;
4306 + sk->sk_ip_info = get_ip_info(ip_info);
4308 if (chk_addr_ret == RTN_MULTICAST || chk_addr_ret == RTN_BROADCAST)
4309 inet->saddr = 0; /* Use device */
4311 /* Make sure we are allowed to bind here. */
4312 if (sk->sk_prot->get_port(sk, snum)) {
4313 inet->saddr = inet->rcv_saddr = 0;
4314 + sk->sk_ip_info = NULL;
4315 + put_ip_info(ip_info);
4317 goto out_release_sock;
4319 diff -NurpP --minimal linux-2.6.2-rc1/net/ipv4/devinet.c linux-2.6.2-rc1-vs0.05/net/ipv4/devinet.c
4320 --- linux-2.6.2-rc1/net/ipv4/devinet.c Sat Jan 24 03:18:20 2004
4321 +++ linux-2.6.2-rc1-vs0.05/net/ipv4/devinet.c Sat Jan 24 05:46:08 2004
4322 @@ -487,6 +487,33 @@ static __inline__ int inet_abc_len(u32 a
4327 + Check that a device is not member of the ipv4root assigned to the process
4328 + Return true if this is the case
4330 + If the process is not bound to specific IP, then it returns 0 (all
4331 + interface are fine).
4333 +static int devinet_notiproot (struct in_ifaddr *ifa)
4336 + struct ip_info *info = current->ip_info;
4338 + if (info && !vx_check(0, VX_ADMIN)) {
4340 + int nbip = info->nbipv4;
4341 + __u32 addr = ifa->ifa_local;
4343 + for (i=0; i<nbip; i++) {
4344 + if(info->ipv4[i] == addr) {
4354 int devinet_ioctl(unsigned int cmd, void *arg)
4356 @@ -594,6 +621,8 @@ int devinet_ioctl(unsigned int cmd, void
4357 ret = -EADDRNOTAVAIL;
4358 if (!ifa && cmd != SIOCSIFADDR && cmd != SIOCSIFFLAGS)
4360 + if (ifa != NULL && devinet_notiproot(ifa))
4364 case SIOCGIFADDR: /* Get interface address */
4365 @@ -723,6 +752,8 @@ static int inet_gifconf(struct net_devic
4368 for (; ifa; ifa = ifa->ifa_next) {
4369 + if (devinet_notiproot(ifa))
4372 done += sizeof(ifr);
4374 @@ -980,6 +1011,8 @@ static int inet_dump_ifaddr(struct sk_bu
4375 read_lock(&in_dev->lock);
4376 for (ifa = in_dev->ifa_list, ip_idx = 0; ifa;
4377 ifa = ifa->ifa_next, ip_idx++) {
4378 + if (devinet_notiproot(ifa))
4380 if (ip_idx < s_ip_idx)
4382 if (inet_fill_ifaddr(skb, ifa, NETLINK_CB(cb->skb).pid,
4383 diff -NurpP --minimal linux-2.6.2-rc1/net/ipv4/raw.c linux-2.6.2-rc1-vs0.05/net/ipv4/raw.c
4384 --- linux-2.6.2-rc1/net/ipv4/raw.c Sat Jan 24 03:18:20 2004
4385 +++ linux-2.6.2-rc1-vs0.05/net/ipv4/raw.c Sat Jan 24 05:46:08 2004
4386 @@ -102,6 +102,38 @@ static void raw_v4_unhash(struct sock *s
4387 write_unlock_bh(&raw_v4_lock);
4392 + Check if an address is in the list
4394 +static inline int raw_addr_in_list (
4398 + struct ip_info *ip_info)
4401 + if (loc_addr != 0 &&
4402 + (rcv_saddr1 == loc_addr || rcv_saddr2 == loc_addr))
4404 + else if (rcv_saddr1 == 0) {
4405 + /* Accept any address or only the one in the list */
4406 + if (ip_info == NULL)
4409 + int n = ip_info->nbipv4;
4411 + for (i=0; i<n; i++) {
4412 + if (ip_info->ipv4[i] == loc_addr) {
4422 struct sock *__raw_v4_lookup(struct sock *sk, unsigned short num,
4423 unsigned long raddr, unsigned long laddr,
4425 @@ -113,7 +145,8 @@ struct sock *__raw_v4_lookup(struct sock
4427 if (inet->num == num &&
4428 !(inet->daddr && inet->daddr != raddr) &&
4429 - !(inet->rcv_saddr && inet->rcv_saddr != laddr) &&
4430 + raw_addr_in_list(inet->rcv_saddr, inet->rcv_saddr2,
4431 + laddr, sk->sk_ip_info) &&
4432 !(sk->sk_bound_dev_if && sk->sk_bound_dev_if != dif))
4433 goto found; /* gotcha */
4435 @@ -687,7 +720,8 @@ static struct sock *raw_get_first(struct
4436 struct hlist_node *node;
4438 sk_for_each(sk, node, &raw_v4_htable[state->bucket])
4439 - if (sk->sk_family == PF_INET)
4440 + if (sk->sk_family == PF_INET &&
4441 + vx_check(sk->sk_xid, VX_WATCH|VX_IDENT))
4445 diff -NurpP --minimal linux-2.6.2-rc1/net/ipv4/tcp_ipv4.c linux-2.6.2-rc1-vs0.05/net/ipv4/tcp_ipv4.c
4446 --- linux-2.6.2-rc1/net/ipv4/tcp_ipv4.c Fri Jan 9 07:59:19 2004
4447 +++ linux-2.6.2-rc1-vs0.05/net/ipv4/tcp_ipv4.c Sat Jan 24 05:46:08 2004
4448 @@ -179,9 +179,52 @@ void tcp_bind_hash(struct sock *sk, stru
4449 tcp_sk(sk)->bind_hash = tb;
4453 + Return 1 if addr match the socket IP list
4454 + or the socket is INADDR_ANY
4456 +static inline int tcp_in_list (struct sock *sk, u32 addr)
4458 + struct ip_info *ip_info = sk->sk_ip_info;
4461 + int n = ip_info->nbipv4;
4464 + for (i=0; i<n; i++)
4465 + if (ip_info->ipv4[i] == addr)
4468 + else if (!tcp_v4_rcv_saddr(sk) || tcp_v4_rcv_saddr(sk) == addr)
4474 + Check if the addresses in sk1 conflict with those in sk2
4476 +int tcp_ipv4_addr_conflict (struct sock *sk1, struct sock *sk2)
4478 + if (tcp_v4_rcv_saddr(sk1)) {
4479 + /* Bind to one address only */
4480 + return tcp_in_list (sk2, tcp_v4_rcv_saddr(sk1));
4481 + } else if (sk1->sk_ip_info) {
4482 + /* A restricted bind(any) */
4483 + struct ip_info *ip_info = sk1->sk_ip_info;
4484 + int n = ip_info->nbipv4;
4487 + for (i=0; i<n; i++)
4488 + if (tcp_in_list (sk2, ip_info->ipv4[i]))
4490 + } else /* A bind(any) do not allow other bind on the same port */
4495 static inline int tcp_bind_conflict(struct sock *sk, struct tcp_bind_bucket *tb)
4497 - const u32 sk_rcv_saddr = tcp_v4_rcv_saddr(sk);
4498 +// const u32 sk_rcv_saddr = tcp_v4_rcv_saddr(sk);
4500 struct hlist_node *node;
4501 int reuse = sk->sk_reuse;
4502 @@ -194,9 +237,8 @@ static inline int tcp_bind_conflict(stru
4503 sk->sk_bound_dev_if == sk2->sk_bound_dev_if)) {
4504 if (!reuse || !sk2->sk_reuse ||
4505 sk2->sk_state == TCP_LISTEN) {
4506 - const u32 sk2_rcv_saddr = tcp_v4_rcv_saddr(sk2);
4507 - if (!sk2_rcv_saddr || !sk_rcv_saddr ||
4508 - sk2_rcv_saddr == sk_rcv_saddr)
4509 +// const u32 sk2_rcv_saddr = tcp_v4_rcv_saddr(sk2);
4510 + if (tcp_ipv4_addr_conflict(sk, sk2))
4514 @@ -405,6 +447,34 @@ void tcp_unhash(struct sock *sk)
4515 wake_up(&tcp_lhash_wait);
4519 + Check if an address is in the list
4521 +static inline int tcp_addr_in_list (
4524 + struct ip_info *ip_info)
4526 + if (rcv_saddr == daddr)
4528 + else if (rcv_saddr == 0) {
4529 + /* Accept any address or check the list */
4533 + int n = ip_info->nbipv4;
4536 + for (i=0; i<n; i++)
4537 + if (ip_info->ipv4[i] == daddr)
4546 /* Don't inline this cruft. Here are some nice properties to
4547 * exploit here. The BSD API does not allow a listening TCP
4548 * to specify the remote port nor the remote address for the
4549 @@ -426,11 +496,10 @@ static struct sock *__tcp_v4_lookup_list
4550 __u32 rcv_saddr = inet->rcv_saddr;
4552 score = (sk->sk_family == PF_INET ? 1 : 0);
4554 - if (rcv_saddr != daddr)
4556 + if (tcp_addr_in_list(rcv_saddr, daddr, sk->sk_ip_info))
4561 if (sk->sk_bound_dev_if) {
4562 if (sk->sk_bound_dev_if != dif)
4564 @@ -460,8 +529,8 @@ inline struct sock *tcp_v4_lookup_listen
4565 struct inet_opt *inet = inet_sk((sk = __sk_head(head)));
4567 if (inet->num == hnum && !sk->sk_node.next &&
4568 - (!inet->rcv_saddr || inet->rcv_saddr == daddr) &&
4569 (sk->sk_family == PF_INET || !ipv6_only_sock(sk)) &&
4570 + tcp_addr_in_list(inet->rcv_saddr, daddr, sk->sk_ip_info) &&
4571 !sk->sk_bound_dev_if)
4573 sk = __tcp_v4_lookup_listener(head, daddr, hnum, dif);
4574 diff -NurpP --minimal linux-2.6.2-rc1/net/ipv4/tcp_minisocks.c linux-2.6.2-rc1-vs0.05/net/ipv4/tcp_minisocks.c
4575 --- linux-2.6.2-rc1/net/ipv4/tcp_minisocks.c Fri Jan 9 07:59:55 2004
4576 +++ linux-2.6.2-rc1-vs0.05/net/ipv4/tcp_minisocks.c Sat Jan 24 05:46:08 2004
4577 @@ -362,6 +362,9 @@ void tcp_time_wait(struct sock *sk, int
4578 tw->tw_ts_recent_stamp = tp->ts_recent_stamp;
4579 tw_dead_node_init(tw);
4581 + tw->tw_xid = sk->sk_xid;
4582 + tw->tw_ip_info = NULL;
4584 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
4585 if (tw->tw_family == PF_INET6) {
4586 struct ipv6_pinfo *np = inet6_sk(sk);
4587 @@ -686,6 +689,7 @@ struct sock *tcp_create_openreq_child(st
4588 struct sk_filter *filter;
4590 memcpy(newsk, sk, sizeof(struct tcp_sock));
4591 + newsk->sk_ip_info = get_ip_info(sk->sk_ip_info);
4592 newsk->sk_state = TCP_SYN_RECV;
4595 diff -NurpP --minimal linux-2.6.2-rc1/net/ipv4/udp.c linux-2.6.2-rc1-vs0.05/net/ipv4/udp.c
4596 --- linux-2.6.2-rc1/net/ipv4/udp.c Sat Jan 24 03:18:20 2004
4597 +++ linux-2.6.2-rc1-vs0.05/net/ipv4/udp.c Sat Jan 24 05:46:08 2004
4598 @@ -120,6 +120,9 @@ rwlock_t udp_hash_lock = RW_LOCK_UNLOCKE
4599 /* Shared by v4/v6 udp. */
4602 +int tcp_ipv4_addr_conflict (struct sock *sk1, struct sock *sk2);
4605 static int udp_v4_get_port(struct sock *sk, unsigned short snum)
4607 struct hlist_node *node;
4608 @@ -179,9 +182,7 @@ gotit:
4609 (!sk2->sk_bound_dev_if ||
4610 !sk->sk_bound_dev_if ||
4611 sk2->sk_bound_dev_if == sk->sk_bound_dev_if) &&
4612 - (!inet2->rcv_saddr ||
4613 - !inet->rcv_saddr ||
4614 - inet2->rcv_saddr == inet->rcv_saddr) &&
4615 + tcp_ipv4_addr_conflict(sk2, sk) &&
4616 (!sk2->sk_reuse || !sk->sk_reuse))
4619 @@ -216,6 +217,17 @@ static void udp_v4_unhash(struct sock *s
4620 write_unlock_bh(&udp_hash_lock);
4623 +static int udp_in_list (struct ip_info *ip_info, u32 addr)
4625 + int n = ip_info->nbipv4;
4628 + for (i=0; i<n; i++)
4629 + if (ip_info->ipv4[i] == addr)
4634 /* UDP is nearly always wildcards out the wazoo, it makes no sense to try
4635 * harder than this. -DaveM
4637 @@ -235,6 +247,11 @@ struct sock *udp_v4_lookup_longway(u32 s
4638 if (inet->rcv_saddr != daddr)
4641 + } else if (sk->sk_ip_info) {
4642 + if (udp_in_list(sk->sk_ip_info, daddr))
4648 if (inet->daddr != saddr)
4649 @@ -290,7 +307,8 @@ static inline struct sock *udp_v4_mcast_
4650 if (inet->num != hnum ||
4651 (inet->daddr && inet->daddr != rmt_addr) ||
4652 (inet->dport != rmt_port && inet->dport) ||
4653 - (inet->rcv_saddr && inet->rcv_saddr != loc_addr) ||
4654 + (inet->rcv_saddr && inet->rcv_saddr != loc_addr &&
4655 + inet->rcv_saddr2 && inet->rcv_saddr2 != loc_addr) ||
4656 ipv6_only_sock(s) ||
4657 (s->sk_bound_dev_if && s->sk_bound_dev_if != dif))
4659 @@ -599,6 +617,18 @@ int udp_sendmsg(struct kiocb *iocb, stru
4661 { .sport = inet->sport,
4662 .dport = dport } } };
4663 + struct ip_info *ip_info = current->ip_info;
4665 + if (ip_info != NULL) {
4666 + __u32 ipv4root = ip_info->ipv4[0];
4668 + if (daddr == 0x0100007f &&
4669 + !vx_check(0, VX_ADMIN))
4671 + if (fl.nl_u.ip4_u.saddr == 0)
4672 + fl.nl_u.ip4_u.saddr = ipv4root;
4675 err = ip_route_output_flow(&rt, &fl, sk, !(msg->msg_flags&MSG_DONTWAIT));
4678 diff -NurpP --minimal linux-2.6.2-rc1/net/unix/af_unix.c linux-2.6.2-rc1-vs0.05/net/unix/af_unix.c
4679 --- linux-2.6.2-rc1/net/unix/af_unix.c Sat Jan 24 03:18:22 2004
4680 +++ linux-2.6.2-rc1-vs0.05/net/unix/af_unix.c Sat Jan 24 05:46:08 2004
4682 #include <linux/mount.h>
4683 #include <net/checksum.h>
4684 #include <linux/security.h>
4685 +#include <linux/vinline.h>
4687 int sysctl_unix_max_dgram_qlen = 10;
4689 @@ -480,6 +481,7 @@ static struct sock * unix_create1(struct
4690 sock_init_data(sock,sk);
4691 sk_set_owner(sk, THIS_MODULE);
4693 + sk->sk_xid = vx_current_xid();
4694 sk->sk_write_space = unix_write_space;
4695 sk->sk_max_ack_backlog = sysctl_unix_max_dgram_qlen;
4696 sk->sk_destruct = unix_sock_destructor;
4697 diff -NurpP --minimal linux-2.6.2-rc1/security/commoncap.c linux-2.6.2-rc1-vs0.05/security/commoncap.c
4698 --- linux-2.6.2-rc1/security/commoncap.c Sat Jan 24 03:18:22 2004
4699 +++ linux-2.6.2-rc1-vs0.05/security/commoncap.c Sat Jan 24 07:15:57 2004
4700 @@ -125,7 +125,7 @@ void cap_bprm_compute_creds (struct linu
4701 /* Derived from fs/exec.c:compute_creds. */
4702 kernel_cap_t new_permitted, working;
4704 - new_permitted = cap_intersect (bprm->cap_permitted, cap_bset);
4705 + new_permitted = cap_intersect (bprm->cap_permitted, current->cap_bset);
4706 working = cap_intersect (bprm->cap_inheritable,
4707 current->cap_inheritable);
4708 new_permitted = cap_combine (new_permitted, working);