1 diff -NurpP --minimal linux-3.14.17/Documentation/vserver/debug.txt linux-3.14.17-vs2.3.6.13/Documentation/vserver/debug.txt
2 --- linux-3.14.17/Documentation/vserver/debug.txt 1970-01-01 00:00:00.000000000 +0000
3 +++ linux-3.14.17-vs2.3.6.13/Documentation/vserver/debug.txt 2014-08-30 14:27:38.000000000 +0000
8 + 2 4 "vx_map_tgid: %p/%llx: %d -> %d"
9 + "vx_rmap_tgid: %p/%llx: %d -> %d"
13 + 0 1 "ALLOC (%p,#%d)%c inode (%d)"
14 + "FREE (%p,#%d)%c inode"
15 + 1 2 "ALLOC (%p,#%d)%c %lld bytes (%d)"
16 + "FREE (%p,#%d)%c %lld bytes"
17 + 2 4 "ADJUST: %lld,%lld on %ld,%ld [mult=%d]"
18 + 3 8 "ext3_has_free_blocks(%p): %lu<%lu+1, %c, %u!=%u r=%d"
19 + "ext3_has_free_blocks(%p): free=%lu, root=%lu"
20 + "rcu_free_dl_info(%p)"
21 + 4 10 "alloc_dl_info(%p,%d) = %p"
22 + "dealloc_dl_info(%p)"
23 + "get_dl_info(%p[#%d.%d])"
24 + "put_dl_info(%p[#%d.%d])"
25 + 5 20 "alloc_dl_info(%p,%d)*"
26 + 6 40 "__hash_dl_info: %p[#%d]"
27 + "__unhash_dl_info: %p[#%d]"
28 + 7 80 "locate_dl_info(%p,#%d) = %p"
32 + 0 1 "destroy_dqhash: %p [#0x%08x] c=%d"
33 + "new_dqhash: %p [#0x%08x]"
34 + "vroot[%d]_clr_dev: dev=%p[%lu,%d:%d]"
35 + "vroot[%d]_get_real_bdev: dev=%p[%lu,%d:%d]"
36 + "vroot[%d]_set_dev: dev=%p[%lu,%d:%d]"
37 + "vroot_get_real_bdev not set"
38 + 1 2 "cow_break_link(»%s«)"
40 + 2 4 "dentry_open(new): %p"
41 + "dentry_open(old): %p"
42 + "lookup_create(new): %p"
44 + "path_lookup(old): %d"
45 + "vfs_create(new): %d"
48 + 3 8 "fput(new_file=%p[#%d])"
49 + "fput(old_file=%p[#%d])"
50 + 4 10 "vx_info_kill(%p[#%d],%d,%d) = %d"
51 + "vx_info_kill(%p[#%d],%d,%d)*"
52 + 5 20 "vs_reboot(%p[#%d],%d)"
53 + 6 40 "dropping task %p[#%u,%u] for %p[#%u,%u]"
57 + 2 4 "nx_addr_conflict(%p,%p) %d.%d,%d.%d"
58 + 3 8 "inet_bind(%p) %d.%d.%d.%d, %d.%d.%d.%d, %d.%d.%d.%d"
59 + "inet_bind(%p)* %p,%p;%lx %d.%d.%d.%d"
60 + 4 10 "ip_route_connect(%p) %p,%p;%lx"
61 + 5 20 "__addr_in_socket(%p,%d.%d.%d.%d) %p:%d.%d.%d.%d %p;%lx"
62 + 6 40 "sk,egf: %p [#%d] (from %d)"
63 + "sk,egn: %p [#%d] (from %d)"
64 + "sk,req: %p [#%d] (from %d)"
65 + "sk: %p [#%d] (from %d)"
66 + "tw: %p [#%d] (from %d)"
67 + 7 80 "__sock_recvmsg: %p[%p,%p,%p;%d]:%d/%d"
68 + "__sock_sendmsg: %p[%p,%p,%p;%d]:%d/%d"
72 + 0 1 "__lookup_nx_info(#%u): %p[#%u]"
73 + "alloc_nx_info(%d) = %p"
74 + "create_nx_info(%d) (dynamic rejected)"
75 + "create_nx_info(%d) = %p (already there)"
76 + "create_nx_info(%d) = %p (new)"
77 + "dealloc_nx_info(%p)"
78 + 1 2 "alloc_nx_info(%d)*"
79 + "create_nx_info(%d)*"
80 + 2 4 "get_nx_info(%p[#%d.%d])"
81 + "put_nx_info(%p[#%d.%d])"
82 + 3 8 "claim_nx_info(%p[#%d.%d.%d]) %p"
83 + "clr_nx_info(%p[#%d.%d])"
84 + "init_nx_info(%p[#%d.%d])"
85 + "release_nx_info(%p[#%d.%d.%d]) %p"
86 + "set_nx_info(%p[#%d.%d])"
87 + 4 10 "__hash_nx_info: %p[#%d]"
88 + "__nx_dynamic_id: [#%d]"
89 + "__unhash_nx_info: %p[#%d.%d.%d]"
90 + 5 20 "moved task %p into nxi:%p[#%d]"
91 + "nx_migrate_task(%p,%p[#%d.%d.%d])"
92 + "task_get_nx_info(%p)"
93 + 6 40 "nx_clear_persistent(%p[#%d])"
97 + 0 1 "quota_sync_dqh(%p,%d) discard inode %p"
98 + 1 2 "quota_sync_dqh(%p,%d)"
99 + "sync_dquots(%p,%d)"
100 + "sync_dquots_dqh(%p,%d)"
101 + 3 8 "do_quotactl(%p,%d,cmd=%d,id=%d,%p)"
105 + 0 1 "vc: VCMD_%02d_%d[%d], %d,%p [%d,%d,%x,%x]"
106 + 1 2 "vc: VCMD_%02d_%d[%d] = %08lx(%ld) [%d,%d]"
107 + 4 10 "%s: (%s %s) returned %s with %d"
111 + 7 80 "dx_parse_tag(»%s«): %d:#%d"
112 + "dx_propagate_tag(%p[#%lu.%d]): %d,%d"
116 + 0 1 "__lookup_vx_info(#%u): %p[#%u]"
117 + "alloc_vx_info(%d) = %p"
118 + "alloc_vx_info(%d)*"
119 + "create_vx_info(%d) (dynamic rejected)"
120 + "create_vx_info(%d) = %p (already there)"
121 + "create_vx_info(%d) = %p (new)"
122 + "dealloc_vx_info(%p)"
123 + "loc_vx_info(%d) = %p (found)"
124 + "loc_vx_info(%d) = %p (new)"
125 + "loc_vx_info(%d) = %p (not available)"
126 + 1 2 "create_vx_info(%d)*"
128 + 2 4 "get_vx_info(%p[#%d.%d])"
129 + "put_vx_info(%p[#%d.%d])"
130 + 3 8 "claim_vx_info(%p[#%d.%d.%d]) %p"
131 + "clr_vx_info(%p[#%d.%d])"
132 + "init_vx_info(%p[#%d.%d])"
133 + "release_vx_info(%p[#%d.%d.%d]) %p"
134 + "set_vx_info(%p[#%d.%d])"
135 + 4 10 "__hash_vx_info: %p[#%d]"
136 + "__unhash_vx_info: %p[#%d.%d.%d]"
137 + "__vx_dynamic_id: [#%d]"
138 + 5 20 "enter_vx_info(%p[#%d],%p) %p[#%d,%p]"
139 + "leave_vx_info(%p[#%d,%p]) %p[#%d,%p]"
140 + "moved task %p into vxi:%p[#%d]"
141 + "task_get_vx_info(%p)"
142 + "vx_migrate_task(%p,%p[#%d.%d])"
143 + 6 40 "vx_clear_persistent(%p[#%d])"
144 + "vx_exit_init(%p[#%d],%p[#%d,%d,%d])"
145 + "vx_set_init(%p[#%d],%p[#%d,%d,%d])"
146 + "vx_set_persistent(%p[#%d])"
147 + "vx_set_reaper(%p[#%d],%p[#%d,%d])"
148 + 7 80 "vx_child_reaper(%p[#%u,%u]) = %p[#%u,%u]"
153 + n 2^n "vx_acc_cres[%5d,%s,%2d]: %5d%s"
154 + "vx_cres_avail[%5d,%s,%2d]: %5ld > %5d + %5d"
156 + m 2^m "vx_acc_page[%5d,%s,%2d]: %5d%s"
157 + "vx_acc_pages[%5d,%s,%2d]: %5d += %5d"
158 + "vx_pages_avail[%5d,%s,%2d]: %5ld > %5d + %5d"
159 diff -NurpP --minimal linux-3.14.17/arch/alpha/Kconfig linux-3.14.17-vs2.3.6.13/arch/alpha/Kconfig
160 --- linux-3.14.17/arch/alpha/Kconfig 2014-08-14 01:38:34.000000000 +0000
161 +++ linux-3.14.17-vs2.3.6.13/arch/alpha/Kconfig 2014-08-30 14:27:38.000000000 +0000
162 @@ -739,6 +739,8 @@ config DUMMY_CONSOLE
166 +source "kernel/vserver/Kconfig"
168 source "security/Kconfig"
170 source "crypto/Kconfig"
171 diff -NurpP --minimal linux-3.14.17/arch/alpha/kernel/systbls.S linux-3.14.17-vs2.3.6.13/arch/alpha/kernel/systbls.S
172 --- linux-3.14.17/arch/alpha/kernel/systbls.S 2014-08-14 01:38:34.000000000 +0000
173 +++ linux-3.14.17-vs2.3.6.13/arch/alpha/kernel/systbls.S 2014-08-30 14:27:38.000000000 +0000
174 @@ -446,7 +446,7 @@ sys_call_table:
175 .quad sys_stat64 /* 425 */
178 - .quad sys_ni_syscall /* sys_vserver */
179 + .quad sys_vserver /* sys_vserver */
180 .quad sys_ni_syscall /* sys_mbind */
181 .quad sys_ni_syscall /* sys_get_mempolicy */
182 .quad sys_ni_syscall /* sys_set_mempolicy */
183 diff -NurpP --minimal linux-3.14.17/arch/alpha/kernel/traps.c linux-3.14.17-vs2.3.6.13/arch/alpha/kernel/traps.c
184 --- linux-3.14.17/arch/alpha/kernel/traps.c 2014-08-14 01:38:34.000000000 +0000
185 +++ linux-3.14.17-vs2.3.6.13/arch/alpha/kernel/traps.c 2014-08-30 14:27:38.000000000 +0000
186 @@ -175,7 +175,8 @@ die_if_kernel(char * str, struct pt_regs
188 printk("CPU %d ", hard_smp_processor_id());
190 - printk("%s(%d): %s %ld\n", current->comm, task_pid_nr(current), str, err);
191 + printk("%s(%d:#%u): %s %ld\n", current->comm,
192 + task_pid_nr(current), current->xid, str, err);
193 dik_show_regs(regs, r9_15);
194 add_taint(TAINT_DIE, LOCKDEP_NOW_UNRELIABLE);
195 dik_show_trace((unsigned long *)(regs+1));
196 diff -NurpP --minimal linux-3.14.17/arch/arm/Kconfig linux-3.14.17-vs2.3.6.13/arch/arm/Kconfig
197 --- linux-3.14.17/arch/arm/Kconfig 2014-08-14 01:38:34.000000000 +0000
198 +++ linux-3.14.17-vs2.3.6.13/arch/arm/Kconfig 2014-08-30 14:27:38.000000000 +0000
199 @@ -2290,6 +2290,8 @@ source "fs/Kconfig"
201 source "arch/arm/Kconfig.debug"
203 +source "kernel/vserver/Kconfig"
205 source "security/Kconfig"
207 source "crypto/Kconfig"
208 File linux-3.14.17/arch/arm/boot/dts/include/dt-bindings is a directory while file linux-3.14.17-vs2.3.6.13/arch/arm/boot/dts/include/dt-bindings is a regular file
209 diff -NurpP --minimal linux-3.14.17/arch/arm/kernel/calls.S linux-3.14.17-vs2.3.6.13/arch/arm/kernel/calls.S
210 --- linux-3.14.17/arch/arm/kernel/calls.S 2014-08-14 01:38:34.000000000 +0000
211 +++ linux-3.14.17-vs2.3.6.13/arch/arm/kernel/calls.S 2014-08-30 14:27:38.000000000 +0000
213 /* 310 */ CALL(sys_request_key)
215 CALL(ABI(sys_semtimedop, sys_oabi_semtimedop))
216 -/* vserver */ CALL(sys_ni_syscall)
219 /* 315 */ CALL(sys_ioprio_get)
220 CALL(sys_inotify_init)
221 diff -NurpP --minimal linux-3.14.17/arch/arm/kernel/traps.c linux-3.14.17-vs2.3.6.13/arch/arm/kernel/traps.c
222 --- linux-3.14.17/arch/arm/kernel/traps.c 2014-08-14 01:38:34.000000000 +0000
223 +++ linux-3.14.17-vs2.3.6.13/arch/arm/kernel/traps.c 2014-08-30 14:27:38.000000000 +0000
224 @@ -247,8 +247,8 @@ static int __die(const char *str, int er
228 - printk(KERN_EMERG "Process %.*s (pid: %d, stack limit = 0x%p)\n",
229 - TASK_COMM_LEN, tsk->comm, task_pid_nr(tsk), end_of_stack(tsk));
230 + printk(KERN_EMERG "Process %.*s (pid: %d:#%u, stack limit = 0x%p)\n",
231 + TASK_COMM_LEN, tsk->comm, task_pid_nr(tsk), tsk->xid, end_of_stack(tsk));
233 if (!user_mode(regs) || in_interrupt()) {
234 dump_mem(KERN_EMERG, "Stack: ", regs->ARM_sp,
235 diff -NurpP --minimal linux-3.14.17/arch/cris/Kconfig linux-3.14.17-vs2.3.6.13/arch/cris/Kconfig
236 --- linux-3.14.17/arch/cris/Kconfig 2014-08-14 01:38:34.000000000 +0000
237 +++ linux-3.14.17-vs2.3.6.13/arch/cris/Kconfig 2014-08-30 14:27:38.000000000 +0000
238 @@ -555,6 +555,8 @@ source "fs/Kconfig"
240 source "arch/cris/Kconfig.debug"
242 +source "kernel/vserver/Kconfig"
244 source "security/Kconfig"
246 source "crypto/Kconfig"
247 diff -NurpP --minimal linux-3.14.17/arch/ia64/Kconfig linux-3.14.17-vs2.3.6.13/arch/ia64/Kconfig
248 --- linux-3.14.17/arch/ia64/Kconfig 2014-08-14 01:38:34.000000000 +0000
249 +++ linux-3.14.17-vs2.3.6.13/arch/ia64/Kconfig 2014-08-30 14:27:38.000000000 +0000
250 @@ -631,6 +631,8 @@ source "fs/Kconfig"
252 source "arch/ia64/Kconfig.debug"
254 +source "kernel/vserver/Kconfig"
256 source "security/Kconfig"
258 source "crypto/Kconfig"
259 diff -NurpP --minimal linux-3.14.17/arch/ia64/kernel/entry.S linux-3.14.17-vs2.3.6.13/arch/ia64/kernel/entry.S
260 --- linux-3.14.17/arch/ia64/kernel/entry.S 2014-08-14 01:38:34.000000000 +0000
261 +++ linux-3.14.17-vs2.3.6.13/arch/ia64/kernel/entry.S 2014-08-30 14:27:38.000000000 +0000
262 @@ -1706,7 +1706,7 @@ sys_call_table:
264 data8 sys_mq_getsetattr
266 - data8 sys_ni_syscall // reserved for vserver
268 data8 sys_waitid // 1270
270 data8 sys_request_key
271 diff -NurpP --minimal linux-3.14.17/arch/ia64/kernel/ptrace.c linux-3.14.17-vs2.3.6.13/arch/ia64/kernel/ptrace.c
272 --- linux-3.14.17/arch/ia64/kernel/ptrace.c 2014-08-14 01:38:34.000000000 +0000
273 +++ linux-3.14.17-vs2.3.6.13/arch/ia64/kernel/ptrace.c 2014-08-30 14:27:38.000000000 +0000
275 #include <linux/regset.h>
276 #include <linux/elf.h>
277 #include <linux/tracehook.h>
278 +#include <linux/vs_base.h>
280 #include <asm/pgtable.h>
281 #include <asm/processor.h>
282 diff -NurpP --minimal linux-3.14.17/arch/ia64/kernel/traps.c linux-3.14.17-vs2.3.6.13/arch/ia64/kernel/traps.c
283 --- linux-3.14.17/arch/ia64/kernel/traps.c 2014-08-14 01:38:34.000000000 +0000
284 +++ linux-3.14.17-vs2.3.6.13/arch/ia64/kernel/traps.c 2014-08-30 14:27:38.000000000 +0000
285 @@ -60,8 +60,9 @@ die (const char *str, struct pt_regs *re
288 if (++die.lock_owner_depth < 3) {
289 - printk("%s[%d]: %s %ld [%d]\n",
290 - current->comm, task_pid_nr(current), str, err, ++die_counter);
291 + printk("%s[%d:#%u]: %s %ld [%d]\n",
292 + current->comm, task_pid_nr(current), current->xid,
293 + str, err, ++die_counter);
294 if (notify_die(DIE_OOPS, str, regs, err, 255, SIGSEGV)
297 @@ -324,8 +325,9 @@ handle_fpu_swa (int fp_fault, struct pt_
298 if ((last.count & 15) < 5 && (ia64_fetchadd(1, &last.count, acq) & 15) < 5) {
299 last.time = current_jiffies + 5 * HZ;
301 - "%s(%d): floating-point assist fault at ip %016lx, isr %016lx\n",
302 - current->comm, task_pid_nr(current), regs->cr_iip + ia64_psr(regs)->ri, isr);
303 + "%s(%d:#%u): floating-point assist fault at ip %016lx, isr %016lx\n",
304 + current->comm, task_pid_nr(current), current->xid,
305 + regs->cr_iip + ia64_psr(regs)->ri, isr);
309 diff -NurpP --minimal linux-3.14.17/arch/m32r/kernel/traps.c linux-3.14.17-vs2.3.6.13/arch/m32r/kernel/traps.c
310 --- linux-3.14.17/arch/m32r/kernel/traps.c 2014-08-14 01:38:34.000000000 +0000
311 +++ linux-3.14.17-vs2.3.6.13/arch/m32r/kernel/traps.c 2014-08-30 14:27:38.000000000 +0000
312 @@ -184,8 +184,9 @@ static void show_registers(struct pt_reg
314 printk("SPI: %08lx\n", sp);
316 - printk("Process %s (pid: %d, process nr: %d, stackpage=%08lx)",
317 - current->comm, task_pid_nr(current), 0xffff & i, 4096+(unsigned long)current);
318 + printk("Process %s (pid: %d:#%u, process nr: %d, stackpage=%08lx)",
319 + current->comm, task_pid_nr(current), current->xid,
320 + 0xffff & i, 4096+(unsigned long)current);
323 * When in-kernel, we also print out the stack and code at the
324 diff -NurpP --minimal linux-3.14.17/arch/m68k/Kconfig linux-3.14.17-vs2.3.6.13/arch/m68k/Kconfig
325 --- linux-3.14.17/arch/m68k/Kconfig 2014-08-14 01:38:34.000000000 +0000
326 +++ linux-3.14.17-vs2.3.6.13/arch/m68k/Kconfig 2014-08-30 14:27:38.000000000 +0000
327 @@ -159,6 +159,8 @@ source "fs/Kconfig"
329 source "arch/m68k/Kconfig.debug"
331 +source "kernel/vserver/Kconfig"
333 source "security/Kconfig"
335 source "crypto/Kconfig"
336 File linux-3.14.17/arch/metag/boot/dts/include/dt-bindings is a directory while file linux-3.14.17-vs2.3.6.13/arch/metag/boot/dts/include/dt-bindings is a regular file
337 diff -NurpP --minimal linux-3.14.17/arch/mips/Kconfig linux-3.14.17-vs2.3.6.13/arch/mips/Kconfig
338 --- linux-3.14.17/arch/mips/Kconfig 2014-08-14 01:38:34.000000000 +0000
339 +++ linux-3.14.17-vs2.3.6.13/arch/mips/Kconfig 2014-08-30 14:27:38.000000000 +0000
340 @@ -2579,6 +2579,8 @@ source "fs/Kconfig"
342 source "arch/mips/Kconfig.debug"
344 +source "kernel/vserver/Kconfig"
346 source "security/Kconfig"
348 source "crypto/Kconfig"
349 File linux-3.14.17/arch/mips/boot/dts/include/dt-bindings is a directory while file linux-3.14.17-vs2.3.6.13/arch/mips/boot/dts/include/dt-bindings is a regular file
350 diff -NurpP --minimal linux-3.14.17/arch/mips/kernel/ptrace.c linux-3.14.17-vs2.3.6.13/arch/mips/kernel/ptrace.c
351 --- linux-3.14.17/arch/mips/kernel/ptrace.c 2014-08-14 01:38:34.000000000 +0000
352 +++ linux-3.14.17-vs2.3.6.13/arch/mips/kernel/ptrace.c 2014-08-30 14:27:38.000000000 +0000
354 #include <linux/audit.h>
355 #include <linux/seccomp.h>
356 #include <linux/ftrace.h>
357 +#include <linux/vs_base.h>
359 #include <asm/byteorder.h>
361 @@ -398,6 +399,9 @@ long arch_ptrace(struct task_struct *chi
362 void __user *datavp = (void __user *) data;
363 unsigned long __user *datalp = (void __user *) data;
365 + if (!vx_check(vx_task_xid(child), VS_WATCH_P | VS_IDENT))
369 /* when I and D space are separate, these will need to be fixed. */
370 case PTRACE_PEEKTEXT: /* read word at location addr. */
371 diff -NurpP --minimal linux-3.14.17/arch/mips/kernel/scall32-o32.S linux-3.14.17-vs2.3.6.13/arch/mips/kernel/scall32-o32.S
372 --- linux-3.14.17/arch/mips/kernel/scall32-o32.S 2014-08-14 01:38:34.000000000 +0000
373 +++ linux-3.14.17-vs2.3.6.13/arch/mips/kernel/scall32-o32.S 2014-08-30 14:27:38.000000000 +0000
374 @@ -491,7 +491,7 @@ EXPORT(sys_call_table)
375 PTR sys_mq_timedreceive
376 PTR sys_mq_notify /* 4275 */
377 PTR sys_mq_getsetattr
378 - PTR sys_ni_syscall /* sys_vserver */
381 PTR sys_ni_syscall /* available, was setaltroot */
382 PTR sys_add_key /* 4280 */
383 diff -NurpP --minimal linux-3.14.17/arch/mips/kernel/scall64-64.S linux-3.14.17-vs2.3.6.13/arch/mips/kernel/scall64-64.S
384 --- linux-3.14.17/arch/mips/kernel/scall64-64.S 2014-08-14 01:38:34.000000000 +0000
385 +++ linux-3.14.17-vs2.3.6.13/arch/mips/kernel/scall64-64.S 2014-08-30 14:27:38.000000000 +0000
386 @@ -352,7 +352,7 @@ EXPORT(sys_call_table)
387 PTR sys_mq_timedreceive
389 PTR sys_mq_getsetattr /* 5235 */
390 - PTR sys_ni_syscall /* sys_vserver */
393 PTR sys_ni_syscall /* available, was setaltroot */
395 diff -NurpP --minimal linux-3.14.17/arch/mips/kernel/scall64-n32.S linux-3.14.17-vs2.3.6.13/arch/mips/kernel/scall64-n32.S
396 --- linux-3.14.17/arch/mips/kernel/scall64-n32.S 2014-08-14 01:38:34.000000000 +0000
397 +++ linux-3.14.17-vs2.3.6.13/arch/mips/kernel/scall64-n32.S 2014-08-30 14:27:38.000000000 +0000
398 @@ -345,7 +345,7 @@ EXPORT(sysn32_call_table)
399 PTR compat_sys_mq_timedreceive
400 PTR compat_sys_mq_notify
401 PTR compat_sys_mq_getsetattr
402 - PTR sys_ni_syscall /* 6240, sys_vserver */
403 + PTR sys32_vserver /* 6240 */
404 PTR compat_sys_waitid
405 PTR sys_ni_syscall /* available, was setaltroot */
407 diff -NurpP --minimal linux-3.14.17/arch/mips/kernel/scall64-o32.S linux-3.14.17-vs2.3.6.13/arch/mips/kernel/scall64-o32.S
408 --- linux-3.14.17/arch/mips/kernel/scall64-o32.S 2014-08-14 01:38:34.000000000 +0000
409 +++ linux-3.14.17-vs2.3.6.13/arch/mips/kernel/scall64-o32.S 2014-08-30 14:27:38.000000000 +0000
410 @@ -469,7 +469,7 @@ EXPORT(sys32_call_table)
411 PTR compat_sys_mq_timedreceive
412 PTR compat_sys_mq_notify /* 4275 */
413 PTR compat_sys_mq_getsetattr
414 - PTR sys_ni_syscall /* sys_vserver */
416 PTR compat_sys_waitid
417 PTR sys_ni_syscall /* available, was setaltroot */
418 PTR sys_add_key /* 4280 */
419 diff -NurpP --minimal linux-3.14.17/arch/mips/kernel/traps.c linux-3.14.17-vs2.3.6.13/arch/mips/kernel/traps.c
420 --- linux-3.14.17/arch/mips/kernel/traps.c 2014-08-14 01:38:34.000000000 +0000
421 +++ linux-3.14.17-vs2.3.6.13/arch/mips/kernel/traps.c 2014-08-30 14:27:38.000000000 +0000
422 @@ -335,9 +335,10 @@ void show_registers(struct pt_regs *regs
426 - printk("Process %s (pid: %d, threadinfo=%p, task=%p, tls=%0*lx)\n",
427 - current->comm, current->pid, current_thread_info(), current,
428 - field, current_thread_info()->tp_value);
429 + printk("Process %s (pid: %d:#%u, threadinfo=%p, task=%p, tls=%0*lx)\n",
430 + current->comm, task_pid_nr(current), current->xid,
431 + current_thread_info(), current,
432 + field, current_thread_info()->tp_value);
433 if (cpu_has_userlocal) {
436 diff -NurpP --minimal linux-3.14.17/arch/parisc/Kconfig linux-3.14.17-vs2.3.6.13/arch/parisc/Kconfig
437 --- linux-3.14.17/arch/parisc/Kconfig 2014-08-14 01:38:34.000000000 +0000
438 +++ linux-3.14.17-vs2.3.6.13/arch/parisc/Kconfig 2014-08-30 14:27:38.000000000 +0000
439 @@ -321,6 +321,8 @@ source "fs/Kconfig"
441 source "arch/parisc/Kconfig.debug"
443 +source "kernel/vserver/Kconfig"
445 source "security/Kconfig"
447 source "crypto/Kconfig"
448 diff -NurpP --minimal linux-3.14.17/arch/parisc/kernel/syscall_table.S linux-3.14.17-vs2.3.6.13/arch/parisc/kernel/syscall_table.S
449 --- linux-3.14.17/arch/parisc/kernel/syscall_table.S 2014-08-14 01:38:34.000000000 +0000
450 +++ linux-3.14.17-vs2.3.6.13/arch/parisc/kernel/syscall_table.S 2014-08-30 14:27:38.000000000 +0000
452 ENTRY_COMP(mbind) /* 260 */
453 ENTRY_COMP(get_mempolicy)
454 ENTRY_COMP(set_mempolicy)
455 - ENTRY_SAME(ni_syscall) /* 263: reserved for vserver */
456 + ENTRY_DIFF(vserver)
458 ENTRY_SAME(request_key) /* 265 */
460 diff -NurpP --minimal linux-3.14.17/arch/parisc/kernel/traps.c linux-3.14.17-vs2.3.6.13/arch/parisc/kernel/traps.c
461 --- linux-3.14.17/arch/parisc/kernel/traps.c 2014-08-14 01:38:34.000000000 +0000
462 +++ linux-3.14.17-vs2.3.6.13/arch/parisc/kernel/traps.c 2014-08-30 14:36:00.000000000 +0000
463 @@ -239,8 +239,9 @@ void die_if_kernel(char *str, struct pt_
466 parisc_printk_ratelimited(1, regs,
467 - KERN_CRIT "%s (pid %d): %s (code %ld) at " RFMT "\n",
468 - current->comm, task_pid_nr(current), str, err, regs->iaoq[0]);
469 + KERN_CRIT "%s (pid %d:#%u): %s (code %ld) at " RFMT "\n",
470 + current->comm, task_pid_nr(current), current->xid,
471 + str, err, regs->iaoq[0]);
475 @@ -270,8 +271,8 @@ void die_if_kernel(char *str, struct pt_
476 pdc_console_restart();
479 - printk(KERN_CRIT "%s (pid %d): %s (code %ld)\n",
480 - current->comm, task_pid_nr(current), str, err);
481 + printk(KERN_CRIT "%s (pid %d:#%u): %s (code %ld)\n",
482 + current->comm, task_pid_nr(current), current->xid, str, err);
484 /* Wot's wrong wif bein' racy? */
485 if (current->thread.flags & PARISC_KERNEL_DEATH) {
486 diff -NurpP --minimal linux-3.14.17/arch/powerpc/Kconfig linux-3.14.17-vs2.3.6.13/arch/powerpc/Kconfig
487 --- linux-3.14.17/arch/powerpc/Kconfig 2014-08-14 01:38:34.000000000 +0000
488 +++ linux-3.14.17-vs2.3.6.13/arch/powerpc/Kconfig 2014-08-30 14:27:38.000000000 +0000
489 @@ -1041,6 +1041,8 @@ source "lib/Kconfig"
491 source "arch/powerpc/Kconfig.debug"
493 +source "kernel/vserver/Kconfig"
495 source "security/Kconfig"
498 File linux-3.14.17/arch/powerpc/boot/dts/include/dt-bindings is a directory while file linux-3.14.17-vs2.3.6.13/arch/powerpc/boot/dts/include/dt-bindings is a regular file
499 diff -NurpP --minimal linux-3.14.17/arch/powerpc/include/uapi/asm/unistd.h linux-3.14.17-vs2.3.6.13/arch/powerpc/include/uapi/asm/unistd.h
500 --- linux-3.14.17/arch/powerpc/include/uapi/asm/unistd.h 2014-08-14 01:38:34.000000000 +0000
501 +++ linux-3.14.17-vs2.3.6.13/arch/powerpc/include/uapi/asm/unistd.h 2014-08-30 14:27:38.000000000 +0000
504 #define __NR_rtas 255
505 #define __NR_sys_debug_setcontext 256
506 -/* Number 257 is reserved for vserver */
507 +#define __NR_vserver 257
508 #define __NR_migrate_pages 258
509 #define __NR_mbind 259
510 #define __NR_get_mempolicy 260
511 diff -NurpP --minimal linux-3.14.17/arch/powerpc/kernel/traps.c linux-3.14.17-vs2.3.6.13/arch/powerpc/kernel/traps.c
512 --- linux-3.14.17/arch/powerpc/kernel/traps.c 2014-08-14 01:38:34.000000000 +0000
513 +++ linux-3.14.17-vs2.3.6.13/arch/powerpc/kernel/traps.c 2014-08-30 14:27:38.000000000 +0000
514 @@ -1287,8 +1287,9 @@ void nonrecoverable_exception(struct pt_
516 void trace_syscall(struct pt_regs *regs)
518 - printk("Task: %p(%d), PC: %08lX/%08lX, Syscall: %3ld, Result: %s%ld %s\n",
519 - current, task_pid_nr(current), regs->nip, regs->link, regs->gpr[0],
520 + printk("Task: %p(%d:#%u), PC: %08lX/%08lX, Syscall: %3ld, Result: %s%ld %s\n",
521 + current, task_pid_nr(current), current->xid,
522 + regs->nip, regs->link, regs->gpr[0],
523 regs->ccr&0x10000000?"Error=":"", regs->gpr[3], print_tainted());
526 diff -NurpP --minimal linux-3.14.17/arch/s390/Kconfig linux-3.14.17-vs2.3.6.13/arch/s390/Kconfig
527 --- linux-3.14.17/arch/s390/Kconfig 2014-08-14 01:38:34.000000000 +0000
528 +++ linux-3.14.17-vs2.3.6.13/arch/s390/Kconfig 2014-08-30 14:27:38.000000000 +0000
529 @@ -650,6 +650,8 @@ source "fs/Kconfig"
531 source "arch/s390/Kconfig.debug"
533 +source "kernel/vserver/Kconfig"
535 source "security/Kconfig"
537 source "crypto/Kconfig"
538 diff -NurpP --minimal linux-3.14.17/arch/s390/include/asm/tlb.h linux-3.14.17-vs2.3.6.13/arch/s390/include/asm/tlb.h
539 --- linux-3.14.17/arch/s390/include/asm/tlb.h 2014-08-14 01:38:34.000000000 +0000
540 +++ linux-3.14.17-vs2.3.6.13/arch/s390/include/asm/tlb.h 2014-08-30 14:27:38.000000000 +0000
542 #include <linux/mm.h>
543 #include <linux/pagemap.h>
544 #include <linux/swap.h>
546 #include <asm/processor.h>
547 #include <asm/pgalloc.h>
548 #include <asm/tlbflush.h>
549 diff -NurpP --minimal linux-3.14.17/arch/s390/include/uapi/asm/unistd.h linux-3.14.17-vs2.3.6.13/arch/s390/include/uapi/asm/unistd.h
550 --- linux-3.14.17/arch/s390/include/uapi/asm/unistd.h 2014-08-14 01:38:34.000000000 +0000
551 +++ linux-3.14.17-vs2.3.6.13/arch/s390/include/uapi/asm/unistd.h 2014-08-30 14:27:38.000000000 +0000
553 #define __NR_clock_gettime (__NR_timer_create+6)
554 #define __NR_clock_getres (__NR_timer_create+7)
555 #define __NR_clock_nanosleep (__NR_timer_create+8)
556 -/* Number 263 is reserved for vserver */
557 +#define __NR_vserver 263
558 #define __NR_statfs64 265
559 #define __NR_fstatfs64 266
560 #define __NR_remap_file_pages 267
561 diff -NurpP --minimal linux-3.14.17/arch/s390/kernel/ptrace.c linux-3.14.17-vs2.3.6.13/arch/s390/kernel/ptrace.c
562 --- linux-3.14.17/arch/s390/kernel/ptrace.c 2014-08-14 01:38:34.000000000 +0000
563 +++ linux-3.14.17-vs2.3.6.13/arch/s390/kernel/ptrace.c 2014-08-30 14:27:38.000000000 +0000
565 #include <linux/tracehook.h>
566 #include <linux/seccomp.h>
567 #include <linux/compat.h>
568 +#include <linux/vs_base.h>
569 #include <trace/syscall.h>
570 #include <asm/segment.h>
571 #include <asm/page.h>
572 diff -NurpP --minimal linux-3.14.17/arch/s390/kernel/syscalls.S linux-3.14.17-vs2.3.6.13/arch/s390/kernel/syscalls.S
573 --- linux-3.14.17/arch/s390/kernel/syscalls.S 2014-08-14 01:38:34.000000000 +0000
574 +++ linux-3.14.17-vs2.3.6.13/arch/s390/kernel/syscalls.S 2014-08-30 14:27:38.000000000 +0000
575 @@ -271,7 +271,7 @@ SYSCALL(sys_clock_settime,sys_clock_sett
576 SYSCALL(sys_clock_gettime,sys_clock_gettime,sys32_clock_gettime_wrapper) /* 260 */
577 SYSCALL(sys_clock_getres,sys_clock_getres,sys32_clock_getres_wrapper)
578 SYSCALL(sys_clock_nanosleep,sys_clock_nanosleep,sys32_clock_nanosleep_wrapper)
579 -NI_SYSCALL /* reserved for vserver */
580 +SYSCALL(sys_vserver,sys_vserver,sys32_vserver)
581 SYSCALL(sys_s390_fadvise64_64,sys_ni_syscall,sys32_fadvise64_64_wrapper)
582 SYSCALL(sys_statfs64,sys_statfs64,compat_sys_statfs64_wrapper)
583 SYSCALL(sys_fstatfs64,sys_fstatfs64,compat_sys_fstatfs64_wrapper)
584 diff -NurpP --minimal linux-3.14.17/arch/sh/Kconfig linux-3.14.17-vs2.3.6.13/arch/sh/Kconfig
585 --- linux-3.14.17/arch/sh/Kconfig 2014-08-14 01:38:34.000000000 +0000
586 +++ linux-3.14.17-vs2.3.6.13/arch/sh/Kconfig 2014-08-30 14:27:38.000000000 +0000
587 @@ -914,6 +914,8 @@ source "fs/Kconfig"
589 source "arch/sh/Kconfig.debug"
591 +source "kernel/vserver/Kconfig"
593 source "security/Kconfig"
595 source "crypto/Kconfig"
596 diff -NurpP --minimal linux-3.14.17/arch/sh/kernel/irq.c linux-3.14.17-vs2.3.6.13/arch/sh/kernel/irq.c
597 --- linux-3.14.17/arch/sh/kernel/irq.c 2014-08-14 01:38:34.000000000 +0000
598 +++ linux-3.14.17-vs2.3.6.13/arch/sh/kernel/irq.c 2014-08-30 14:27:38.000000000 +0000
600 #include <linux/ftrace.h>
601 #include <linux/delay.h>
602 #include <linux/ratelimit.h>
603 +// #include <linux/vs_context.h>
604 #include <asm/processor.h>
605 #include <asm/machvec.h>
606 #include <asm/uaccess.h>
607 diff -NurpP --minimal linux-3.14.17/arch/sparc/Kconfig linux-3.14.17-vs2.3.6.13/arch/sparc/Kconfig
608 --- linux-3.14.17/arch/sparc/Kconfig 2014-08-14 01:38:34.000000000 +0000
609 +++ linux-3.14.17-vs2.3.6.13/arch/sparc/Kconfig 2014-08-30 14:27:38.000000000 +0000
610 @@ -555,6 +555,8 @@ source "fs/Kconfig"
612 source "arch/sparc/Kconfig.debug"
614 +source "kernel/vserver/Kconfig"
616 source "security/Kconfig"
618 source "crypto/Kconfig"
619 diff -NurpP --minimal linux-3.14.17/arch/sparc/include/uapi/asm/unistd.h linux-3.14.17-vs2.3.6.13/arch/sparc/include/uapi/asm/unistd.h
620 --- linux-3.14.17/arch/sparc/include/uapi/asm/unistd.h 2014-08-14 01:38:34.000000000 +0000
621 +++ linux-3.14.17-vs2.3.6.13/arch/sparc/include/uapi/asm/unistd.h 2014-08-30 14:27:38.000000000 +0000
623 #define __NR_timer_getoverrun 264
624 #define __NR_timer_delete 265
625 #define __NR_timer_create 266
626 -/* #define __NR_vserver 267 Reserved for VSERVER */
627 +#define __NR_vserver 267
628 #define __NR_io_setup 268
629 #define __NR_io_destroy 269
630 #define __NR_io_submit 270
631 diff -NurpP --minimal linux-3.14.17/arch/sparc/kernel/systbls_32.S linux-3.14.17-vs2.3.6.13/arch/sparc/kernel/systbls_32.S
632 --- linux-3.14.17/arch/sparc/kernel/systbls_32.S 2014-08-14 01:38:34.000000000 +0000
633 +++ linux-3.14.17-vs2.3.6.13/arch/sparc/kernel/systbls_32.S 2014-08-30 14:27:38.000000000 +0000
634 @@ -70,7 +70,7 @@ sys_call_table:
635 /*250*/ .long sys_mremap, sys_sysctl, sys_getsid, sys_fdatasync, sys_ni_syscall
636 /*255*/ .long sys_sync_file_range, sys_clock_settime, sys_clock_gettime, sys_clock_getres, sys_clock_nanosleep
637 /*260*/ .long sys_sched_getaffinity, sys_sched_setaffinity, sys_timer_settime, sys_timer_gettime, sys_timer_getoverrun
638 -/*265*/ .long sys_timer_delete, sys_timer_create, sys_nis_syscall, sys_io_setup, sys_io_destroy
639 +/*265*/ .long sys_timer_delete, sys_timer_create, sys_vserver, sys_io_setup, sys_io_destroy
640 /*270*/ .long sys_io_submit, sys_io_cancel, sys_io_getevents, sys_mq_open, sys_mq_unlink
641 /*275*/ .long sys_mq_timedsend, sys_mq_timedreceive, sys_mq_notify, sys_mq_getsetattr, sys_waitid
642 /*280*/ .long sys_tee, sys_add_key, sys_request_key, sys_keyctl, sys_openat
643 diff -NurpP --minimal linux-3.14.17/arch/sparc/kernel/systbls_64.S linux-3.14.17-vs2.3.6.13/arch/sparc/kernel/systbls_64.S
644 --- linux-3.14.17/arch/sparc/kernel/systbls_64.S 2014-08-14 01:38:34.000000000 +0000
645 +++ linux-3.14.17-vs2.3.6.13/arch/sparc/kernel/systbls_64.S 2014-08-30 14:27:38.000000000 +0000
646 @@ -71,7 +71,7 @@ sys_call_table32:
647 /*250*/ .word sys_mremap, compat_sys_sysctl, sys_getsid, sys_fdatasync, sys_nis_syscall
648 .word sys32_sync_file_range, compat_sys_clock_settime, compat_sys_clock_gettime, compat_sys_clock_getres, sys32_clock_nanosleep
649 /*260*/ .word compat_sys_sched_getaffinity, compat_sys_sched_setaffinity, sys32_timer_settime, compat_sys_timer_gettime, sys_timer_getoverrun
650 - .word sys_timer_delete, compat_sys_timer_create, sys_ni_syscall, compat_sys_io_setup, sys_io_destroy
651 + .word sys_timer_delete, compat_sys_timer_create, sys32_vserver, compat_sys_io_setup, sys_io_destroy
652 /*270*/ .word sys32_io_submit, sys_io_cancel, compat_sys_io_getevents, sys32_mq_open, sys_mq_unlink
653 .word compat_sys_mq_timedsend, compat_sys_mq_timedreceive, compat_sys_mq_notify, compat_sys_mq_getsetattr, compat_sys_waitid
654 /*280*/ .word sys_tee, sys_add_key, sys_request_key, compat_sys_keyctl, compat_sys_openat
655 @@ -149,7 +149,7 @@ sys_call_table:
656 /*250*/ .word sys_64_mremap, sys_sysctl, sys_getsid, sys_fdatasync, sys_nis_syscall
657 .word sys_sync_file_range, sys_clock_settime, sys_clock_gettime, sys_clock_getres, sys_clock_nanosleep
658 /*260*/ .word sys_sched_getaffinity, sys_sched_setaffinity, sys_timer_settime, sys_timer_gettime, sys_timer_getoverrun
659 - .word sys_timer_delete, sys_timer_create, sys_ni_syscall, sys_io_setup, sys_io_destroy
660 + .word sys_timer_delete, sys_timer_create, sys_vserver, sys_io_setup, sys_io_destroy
661 /*270*/ .word sys_io_submit, sys_io_cancel, sys_io_getevents, sys_mq_open, sys_mq_unlink
662 .word sys_mq_timedsend, sys_mq_timedreceive, sys_mq_notify, sys_mq_getsetattr, sys_waitid
663 /*280*/ .word sys_tee, sys_add_key, sys_request_key, sys_keyctl, sys_openat
664 diff -NurpP --minimal linux-3.14.17/arch/um/Kconfig.rest linux-3.14.17-vs2.3.6.13/arch/um/Kconfig.rest
665 --- linux-3.14.17/arch/um/Kconfig.rest 2014-08-14 01:38:34.000000000 +0000
666 +++ linux-3.14.17-vs2.3.6.13/arch/um/Kconfig.rest 2014-08-30 14:27:38.000000000 +0000
667 @@ -12,6 +12,8 @@ source "arch/um/Kconfig.net"
671 +source "kernel/vserver/Kconfig"
673 source "security/Kconfig"
675 source "crypto/Kconfig"
676 diff -NurpP --minimal linux-3.14.17/arch/x86/Kconfig linux-3.14.17-vs2.3.6.13/arch/x86/Kconfig
677 --- linux-3.14.17/arch/x86/Kconfig 2014-08-14 01:38:34.000000000 +0000
678 +++ linux-3.14.17-vs2.3.6.13/arch/x86/Kconfig 2014-08-30 14:27:38.000000000 +0000
679 @@ -2452,6 +2452,8 @@ source "fs/Kconfig"
681 source "arch/x86/Kconfig.debug"
683 +source "kernel/vserver/Kconfig"
685 source "security/Kconfig"
687 source "crypto/Kconfig"
688 diff -NurpP --minimal linux-3.14.17/arch/x86/syscalls/syscall_32.tbl linux-3.14.17-vs2.3.6.13/arch/x86/syscalls/syscall_32.tbl
689 --- linux-3.14.17/arch/x86/syscalls/syscall_32.tbl 2014-08-14 01:38:34.000000000 +0000
690 +++ linux-3.14.17-vs2.3.6.13/arch/x86/syscalls/syscall_32.tbl 2014-08-30 14:27:38.000000000 +0000
692 270 i386 tgkill sys_tgkill
693 271 i386 utimes sys_utimes compat_sys_utimes
694 272 i386 fadvise64_64 sys_fadvise64_64 sys32_fadvise64_64
696 +273 i386 vserver sys_vserver sys32_vserver
697 274 i386 mbind sys_mbind
698 275 i386 get_mempolicy sys_get_mempolicy compat_sys_get_mempolicy
699 276 i386 set_mempolicy sys_set_mempolicy
700 diff -NurpP --minimal linux-3.14.17/arch/x86/syscalls/syscall_64.tbl linux-3.14.17-vs2.3.6.13/arch/x86/syscalls/syscall_64.tbl
701 --- linux-3.14.17/arch/x86/syscalls/syscall_64.tbl 2014-08-14 01:38:34.000000000 +0000
702 +++ linux-3.14.17-vs2.3.6.13/arch/x86/syscalls/syscall_64.tbl 2014-08-30 14:27:38.000000000 +0000
704 233 common epoll_ctl sys_epoll_ctl
705 234 common tgkill sys_tgkill
706 235 common utimes sys_utimes
708 +236 64 vserver sys_vserver
709 237 common mbind sys_mbind
710 238 common set_mempolicy sys_set_mempolicy
711 239 common get_mempolicy sys_get_mempolicy
712 diff -NurpP --minimal linux-3.14.17/drivers/block/Kconfig linux-3.14.17-vs2.3.6.13/drivers/block/Kconfig
713 --- linux-3.14.17/drivers/block/Kconfig 2014-08-14 01:38:34.000000000 +0000
714 +++ linux-3.14.17-vs2.3.6.13/drivers/block/Kconfig 2014-08-30 14:27:38.000000000 +0000
715 @@ -283,6 +283,13 @@ config BLK_DEV_CRYPTOLOOP
717 source "drivers/block/drbd/Kconfig"
719 +config BLK_DEV_VROOT
720 + tristate "Virtual Root device support"
721 + depends on QUOTACTL
723 + Saying Y here will allow you to use quota/fs ioctls on a shared
724 + partition within a virtual server without compromising security.
727 tristate "Network block device support"
729 diff -NurpP --minimal linux-3.14.17/drivers/block/Makefile linux-3.14.17-vs2.3.6.13/drivers/block/Makefile
730 --- linux-3.14.17/drivers/block/Makefile 2014-08-14 01:38:34.000000000 +0000
731 +++ linux-3.14.17-vs2.3.6.13/drivers/block/Makefile 2014-08-30 14:27:38.000000000 +0000
732 @@ -33,6 +33,7 @@ obj-$(CONFIG_VIRTIO_BLK) += virtio_blk.o
734 obj-$(CONFIG_BLK_DEV_SX8) += sx8.o
735 obj-$(CONFIG_BLK_DEV_HD) += hd.o
736 +obj-$(CONFIG_BLK_DEV_VROOT) += vroot.o
738 obj-$(CONFIG_XEN_BLKDEV_FRONTEND) += xen-blkfront.o
739 obj-$(CONFIG_XEN_BLKDEV_BACKEND) += xen-blkback/
740 diff -NurpP --minimal linux-3.14.17/drivers/block/loop.c linux-3.14.17-vs2.3.6.13/drivers/block/loop.c
741 --- linux-3.14.17/drivers/block/loop.c 2014-08-14 01:38:34.000000000 +0000
742 +++ linux-3.14.17-vs2.3.6.13/drivers/block/loop.c 2014-08-30 14:27:38.000000000 +0000
744 #include <linux/sysfs.h>
745 #include <linux/miscdevice.h>
746 #include <linux/falloc.h>
747 +#include <linux/vs_context.h>
750 #include <asm/uaccess.h>
751 @@ -885,6 +886,7 @@ static int loop_set_fd(struct loop_devic
752 lo->lo_blocksize = lo_blocksize;
753 lo->lo_device = bdev;
754 lo->lo_flags = lo_flags;
755 + lo->lo_xid = vx_current_xid();
756 lo->lo_backing_file = file;
757 lo->transfer = transfer_none;
759 @@ -1029,6 +1031,7 @@ static int loop_clr_fd(struct loop_devic
760 lo->lo_sizelimit = 0;
761 lo->lo_encrypt_key_size = 0;
762 lo->lo_thread = NULL;
764 memset(lo->lo_encrypt_key, 0, LO_KEY_SIZE);
765 memset(lo->lo_crypt_name, 0, LO_NAME_SIZE);
766 memset(lo->lo_file_name, 0, LO_NAME_SIZE);
767 @@ -1072,7 +1075,7 @@ loop_set_status(struct loop_device *lo,
769 if (lo->lo_encrypt_key_size &&
770 !uid_eq(lo->lo_key_owner, uid) &&
771 - !capable(CAP_SYS_ADMIN))
772 + !vx_capable(CAP_SYS_ADMIN, VXC_ADMIN_CLOOP))
774 if (lo->lo_state != Lo_bound)
776 @@ -1162,7 +1165,8 @@ loop_get_status(struct loop_device *lo,
777 memcpy(info->lo_crypt_name, lo->lo_crypt_name, LO_NAME_SIZE);
778 info->lo_encrypt_type =
779 lo->lo_encryption ? lo->lo_encryption->number : 0;
780 - if (lo->lo_encrypt_key_size && capable(CAP_SYS_ADMIN)) {
781 + if (lo->lo_encrypt_key_size &&
782 + vx_capable(CAP_SYS_ADMIN, VXC_ADMIN_CLOOP)) {
783 info->lo_encrypt_key_size = lo->lo_encrypt_key_size;
784 memcpy(info->lo_encrypt_key, lo->lo_encrypt_key,
785 lo->lo_encrypt_key_size);
786 @@ -1504,6 +1508,11 @@ static int lo_open(struct block_device *
790 + if (!vx_check(lo->lo_xid, VS_IDENT|VS_HOSTID|VS_ADMIN_P)) {
795 mutex_lock(&lo->lo_ctl_mutex);
797 mutex_unlock(&lo->lo_ctl_mutex);
798 diff -NurpP --minimal linux-3.14.17/drivers/block/loop.h linux-3.14.17-vs2.3.6.13/drivers/block/loop.h
799 --- linux-3.14.17/drivers/block/loop.h 2014-08-14 01:38:34.000000000 +0000
800 +++ linux-3.14.17-vs2.3.6.13/drivers/block/loop.h 2014-08-30 14:27:38.000000000 +0000
801 @@ -41,6 +41,7 @@ struct loop_device {
802 struct loop_func_table *lo_encryption;
804 kuid_t lo_key_owner; /* Who set the key */
806 int (*ioctl)(struct loop_device *, int cmd,
809 diff -NurpP --minimal linux-3.14.17/drivers/block/vroot.c linux-3.14.17-vs2.3.6.13/drivers/block/vroot.c
810 --- linux-3.14.17/drivers/block/vroot.c 1970-01-01 00:00:00.000000000 +0000
811 +++ linux-3.14.17-vs2.3.6.13/drivers/block/vroot.c 2014-08-30 14:27:38.000000000 +0000
814 + * linux/drivers/block/vroot.c
816 + * written by Herbert Pötzl, 9/11/2002
817 + * ported to 2.6.10 by Herbert Pötzl, 30/12/2004
819 + * based on the loop.c code by Theodore Ts'o.
821 + * Copyright (C) 2002-2007 by Herbert Pötzl.
822 + * Redistribution of this file is permitted under the
823 + * GNU General Public License.
827 +#include <linux/module.h>
828 +#include <linux/moduleparam.h>
829 +#include <linux/file.h>
830 +#include <linux/major.h>
831 +#include <linux/blkdev.h>
832 +#include <linux/slab.h>
834 +#include <linux/vroot.h>
835 +#include <linux/vs_context.h>
838 +static int max_vroot = 8;
840 +static struct vroot_device *vroot_dev;
841 +static struct gendisk **disks;
844 +static int vroot_set_dev(
845 + struct vroot_device *vr,
846 + struct block_device *bdev,
849 + struct block_device *real_bdev;
851 + struct inode *inode;
855 + if (vr->vr_state != Vr_unbound)
864 + inode = file->f_dentry->d_inode;
867 + if (S_ISBLK(inode->i_mode)) {
868 + real_bdev = inode->i_bdev;
869 + vr->vr_device = real_bdev;
870 + __iget(real_bdev->bd_inode);
874 + vxdprintk(VXD_CBIT(misc, 0),
875 + "vroot[%d]_set_dev: dev=" VXF_DEV,
876 + vr->vr_number, VXD_DEV(real_bdev));
878 + vr->vr_state = Vr_bound;
887 +static int vroot_clr_dev(
888 + struct vroot_device *vr,
889 + struct block_device *bdev)
891 + struct block_device *real_bdev;
893 + if (vr->vr_state != Vr_bound)
895 + if (vr->vr_refcnt > 1) /* we needed one fd for the ioctl */
898 + real_bdev = vr->vr_device;
900 + vxdprintk(VXD_CBIT(misc, 0),
901 + "vroot[%d]_clr_dev: dev=" VXF_DEV,
902 + vr->vr_number, VXD_DEV(real_bdev));
905 + vr->vr_state = Vr_unbound;
906 + vr->vr_device = NULL;
911 +static int vr_ioctl(struct block_device *bdev, fmode_t mode,
912 + unsigned int cmd, unsigned long arg)
914 + struct vroot_device *vr = bdev->bd_disk->private_data;
917 + down(&vr->vr_ctl_mutex);
919 + case VROOT_SET_DEV:
920 + err = vroot_set_dev(vr, bdev, arg);
922 + case VROOT_CLR_DEV:
923 + err = vroot_clr_dev(vr, bdev);
929 + up(&vr->vr_ctl_mutex);
933 +static int vr_open(struct block_device *bdev, fmode_t mode)
935 + struct vroot_device *vr = bdev->bd_disk->private_data;
937 + down(&vr->vr_ctl_mutex);
939 + up(&vr->vr_ctl_mutex);
943 +static void vr_release(struct gendisk *disk, fmode_t mode)
945 + struct vroot_device *vr = disk->private_data;
947 + down(&vr->vr_ctl_mutex);
949 + up(&vr->vr_ctl_mutex);
952 +static struct block_device_operations vr_fops = {
953 + .owner = THIS_MODULE,
955 + .release = vr_release,
959 +static void vroot_make_request(struct request_queue *q, struct bio *bio)
961 + printk("vroot_make_request %p, %p\n", q, bio);
965 +struct block_device *__vroot_get_real_bdev(struct block_device *bdev)
967 + struct inode *inode = bdev->bd_inode;
968 + struct vroot_device *vr;
969 + struct block_device *real_bdev;
970 + int minor = iminor(inode);
972 + vr = &vroot_dev[minor];
973 + real_bdev = vr->vr_device;
975 + vxdprintk(VXD_CBIT(misc, 0),
976 + "vroot[%d]_get_real_bdev: dev=" VXF_DEV,
977 + vr->vr_number, VXD_DEV(real_bdev));
979 + if (vr->vr_state != Vr_bound)
980 + return ERR_PTR(-ENXIO);
982 + __iget(real_bdev->bd_inode);
989 + * And now the modules code and kernel interface.
992 +module_param(max_vroot, int, 0);
994 +MODULE_PARM_DESC(max_vroot, "Maximum number of vroot devices (1-256)");
995 +MODULE_LICENSE("GPL");
996 +MODULE_ALIAS_BLOCKDEV_MAJOR(VROOT_MAJOR);
998 +MODULE_AUTHOR ("Herbert Pötzl");
999 +MODULE_DESCRIPTION ("Virtual Root Device Mapper");
1002 +int __init vroot_init(void)
1006 + if (max_vroot < 1 || max_vroot > 256) {
1007 + max_vroot = MAX_VROOT_DEFAULT;
1008 + printk(KERN_WARNING "vroot: invalid max_vroot "
1009 + "(must be between 1 and 256), "
1010 + "using default (%d)\n", max_vroot);
1013 + if (register_blkdev(VROOT_MAJOR, "vroot"))
1017 + vroot_dev = kmalloc(max_vroot * sizeof(struct vroot_device), GFP_KERNEL);
1020 + memset(vroot_dev, 0, max_vroot * sizeof(struct vroot_device));
1022 + disks = kmalloc(max_vroot * sizeof(struct gendisk *), GFP_KERNEL);
1026 + for (i = 0; i < max_vroot; i++) {
1027 + disks[i] = alloc_disk(1);
1030 + disks[i]->queue = blk_alloc_queue(GFP_KERNEL);
1031 + if (!disks[i]->queue)
1033 + blk_queue_make_request(disks[i]->queue, vroot_make_request);
1036 + for (i = 0; i < max_vroot; i++) {
1037 + struct vroot_device *vr = &vroot_dev[i];
1038 + struct gendisk *disk = disks[i];
1040 + memset(vr, 0, sizeof(*vr));
1041 + sema_init(&vr->vr_ctl_mutex, 1);
1042 + vr->vr_number = i;
1043 + disk->major = VROOT_MAJOR;
1044 + disk->first_minor = i;
1045 + disk->fops = &vr_fops;
1046 + sprintf(disk->disk_name, "vroot%d", i);
1047 + disk->private_data = vr;
1050 + err = register_vroot_grb(&__vroot_get_real_bdev);
1054 + for (i = 0; i < max_vroot; i++)
1055 + add_disk(disks[i]);
1056 + printk(KERN_INFO "vroot: loaded (max %d devices)\n", max_vroot);
1061 + put_disk(disks[i]);
1066 + unregister_blkdev(VROOT_MAJOR, "vroot");
1067 + printk(KERN_ERR "vroot: ran out of memory\n");
1071 +void vroot_exit(void)
1075 + if (unregister_vroot_grb(&__vroot_get_real_bdev))
1076 + printk(KERN_WARNING "vroot: cannot unregister grb\n");
1078 + for (i = 0; i < max_vroot; i++) {
1079 + del_gendisk(disks[i]);
1080 + put_disk(disks[i]);
1082 + unregister_blkdev(VROOT_MAJOR, "vroot");
1088 +module_init(vroot_init);
1089 +module_exit(vroot_exit);
1093 +static int __init max_vroot_setup(char *str)
1095 + max_vroot = simple_strtol(str, NULL, 0);
1099 +__setup("max_vroot=", max_vroot_setup);
1103 diff -NurpP --minimal linux-3.14.17/drivers/infiniband/core/addr.c linux-3.14.17-vs2.3.6.13/drivers/infiniband/core/addr.c
1104 --- linux-3.14.17/drivers/infiniband/core/addr.c 2014-08-14 01:38:34.000000000 +0000
1105 +++ linux-3.14.17-vs2.3.6.13/drivers/infiniband/core/addr.c 2014-08-30 14:27:38.000000000 +0000
1106 @@ -284,7 +284,7 @@ static int addr6_resolve(struct sockaddr
1108 if (ipv6_addr_any(&fl6.saddr)) {
1109 ret = ipv6_dev_get_saddr(&init_net, ip6_dst_idev(dst)->dev,
1110 - &fl6.daddr, 0, &fl6.saddr);
1111 + &fl6.daddr, 0, &fl6.saddr, NULL);
1115 diff -NurpP --minimal linux-3.14.17/drivers/md/dm-ioctl.c linux-3.14.17-vs2.3.6.13/drivers/md/dm-ioctl.c
1116 --- linux-3.14.17/drivers/md/dm-ioctl.c 2014-08-14 01:38:34.000000000 +0000
1117 +++ linux-3.14.17-vs2.3.6.13/drivers/md/dm-ioctl.c 2014-08-30 14:27:38.000000000 +0000
1119 #include <linux/dm-ioctl.h>
1120 #include <linux/hdreg.h>
1121 #include <linux/compat.h>
1122 +#include <linux/vs_context.h>
1124 #include <asm/uaccess.h>
1126 @@ -114,7 +115,8 @@ static struct hash_cell *__get_name_cell
1127 unsigned int h = hash_str(str);
1129 list_for_each_entry (hc, _name_buckets + h, name_list)
1130 - if (!strcmp(hc->name, str)) {
1131 + if (vx_check(dm_get_xid(hc->md), VS_WATCH_P | VS_IDENT) &&
1132 + !strcmp(hc->name, str)) {
1136 @@ -128,7 +130,8 @@ static struct hash_cell *__get_uuid_cell
1137 unsigned int h = hash_str(str);
1139 list_for_each_entry (hc, _uuid_buckets + h, uuid_list)
1140 - if (!strcmp(hc->uuid, str)) {
1141 + if (vx_check(dm_get_xid(hc->md), VS_WATCH_P | VS_IDENT) &&
1142 + !strcmp(hc->uuid, str)) {
1146 @@ -139,13 +142,15 @@ static struct hash_cell *__get_uuid_cell
1147 static struct hash_cell *__get_dev_cell(uint64_t dev)
1149 struct mapped_device *md;
1150 - struct hash_cell *hc;
1151 + struct hash_cell *hc = NULL;
1153 md = dm_get_md(huge_decode_dev(dev));
1157 - hc = dm_get_mdptr(md);
1158 + if (vx_check(dm_get_xid(md), VS_WATCH_P | VS_IDENT))
1159 + hc = dm_get_mdptr(md);
1164 @@ -467,6 +472,9 @@ typedef int (*ioctl_fn)(struct dm_ioctl
1166 static int remove_all(struct dm_ioctl *param, size_t param_size)
1168 + if (!vx_check(0, VS_ADMIN))
1171 dm_hash_remove_all(true, !!(param->flags & DM_DEFERRED_REMOVE), false);
1172 param->data_size = 0;
1174 @@ -514,6 +522,8 @@ static int list_devices(struct dm_ioctl
1176 for (i = 0; i < NUM_BUCKETS; i++) {
1177 list_for_each_entry (hc, _name_buckets + i, name_list) {
1178 + if (!vx_check(dm_get_xid(hc->md), VS_WATCH_P | VS_IDENT))
1180 needed += sizeof(struct dm_name_list);
1181 needed += strlen(hc->name) + 1;
1182 needed += ALIGN_MASK;
1183 @@ -537,6 +547,8 @@ static int list_devices(struct dm_ioctl
1185 for (i = 0; i < NUM_BUCKETS; i++) {
1186 list_for_each_entry (hc, _name_buckets + i, name_list) {
1187 + if (!vx_check(dm_get_xid(hc->md), VS_WATCH_P | VS_IDENT))
1190 old_nl->next = (uint32_t) ((void *) nl -
1192 @@ -1797,8 +1809,8 @@ static int ctl_ioctl(uint command, struc
1193 size_t input_param_size;
1194 struct dm_ioctl param_kernel;
1196 - /* only root can play with this */
1197 - if (!capable(CAP_SYS_ADMIN))
1198 + /* only root and certain contexts can play with this */
1199 + if (!vx_capable(CAP_SYS_ADMIN, VXC_ADMIN_MAPPER))
1202 if (_IOC_TYPE(command) != DM_IOCTL)
1203 diff -NurpP --minimal linux-3.14.17/drivers/md/dm.c linux-3.14.17-vs2.3.6.13/drivers/md/dm.c
1204 --- linux-3.14.17/drivers/md/dm.c 2014-08-14 01:38:34.000000000 +0000
1205 +++ linux-3.14.17-vs2.3.6.13/drivers/md/dm.c 2014-08-30 14:27:38.000000000 +0000
1207 #include <linux/idr.h>
1208 #include <linux/hdreg.h>
1209 #include <linux/delay.h>
1210 +#include <linux/vs_base.h>
1212 #include <trace/events/block.h>
1214 @@ -141,6 +142,7 @@ struct mapped_device {
1215 struct mutex suspend_lock;
1217 atomic_t open_count;
1221 * The current mapping.
1222 @@ -395,6 +397,7 @@ int dm_deleting_md(struct mapped_device
1223 static int dm_blk_open(struct block_device *bdev, fmode_t mode)
1225 struct mapped_device *md;
1228 spin_lock(&_minor_lock);
1230 @@ -403,18 +406,19 @@ static int dm_blk_open(struct block_devi
1233 if (test_bit(DMF_FREEING, &md->flags) ||
1234 - dm_deleting_md(md)) {
1236 + dm_deleting_md(md))
1240 + if (!vx_check(md->xid, VS_IDENT|VS_HOSTID))
1245 atomic_inc(&md->open_count);
1249 spin_unlock(&_minor_lock);
1251 - return md ? 0 : -ENXIO;
1255 static void dm_blk_close(struct gendisk *disk, fmode_t mode)
1256 @@ -698,6 +702,14 @@ int dm_set_geometry(struct mapped_device
1261 + * Get the xid associated with a dm device
1263 +vxid_t dm_get_xid(struct mapped_device *md)
1268 /*-----------------------------------------------------------------
1270 * A more elegant soln is in the works that uses the queue
1271 @@ -1904,6 +1916,7 @@ static struct mapped_device *alloc_dev(i
1272 INIT_LIST_HEAD(&md->uevent_list);
1273 spin_lock_init(&md->uevent_lock);
1275 + md->xid = vx_current_xid();
1276 md->queue = blk_alloc_queue(GFP_KERNEL);
1279 diff -NurpP --minimal linux-3.14.17/drivers/md/dm.h linux-3.14.17-vs2.3.6.13/drivers/md/dm.h
1280 --- linux-3.14.17/drivers/md/dm.h 2014-08-14 01:38:34.000000000 +0000
1281 +++ linux-3.14.17-vs2.3.6.13/drivers/md/dm.h 2014-08-30 14:27:38.000000000 +0000
1282 @@ -50,6 +50,8 @@ struct dm_dev_internal {
1284 struct dm_md_mempools;
1286 +vxid_t dm_get_xid(struct mapped_device *md);
1288 /*-----------------------------------------------------------------
1289 * Internal table functions.
1290 *---------------------------------------------------------------*/
1291 diff -NurpP --minimal linux-3.14.17/drivers/net/tun.c linux-3.14.17-vs2.3.6.13/drivers/net/tun.c
1292 --- linux-3.14.17/drivers/net/tun.c 2014-08-14 01:38:34.000000000 +0000
1293 +++ linux-3.14.17-vs2.3.6.13/drivers/net/tun.c 2014-08-30 14:27:38.000000000 +0000
1295 #include <linux/nsproxy.h>
1296 #include <linux/virtio_net.h>
1297 #include <linux/rcupdate.h>
1298 +#include <linux/vs_network.h>
1299 #include <net/ipv6.h>
1300 #include <net/net_namespace.h>
1301 #include <net/netns/generic.h>
1302 @@ -170,6 +171,7 @@ struct tun_struct {
1308 struct net_device *dev;
1309 netdev_features_t set_features;
1310 @@ -403,6 +405,7 @@ static inline bool tun_not_capable(struc
1311 return ((uid_valid(tun->owner) && !uid_eq(cred->euid, tun->owner)) ||
1312 (gid_valid(tun->group) && !in_egroup_p(tun->group))) &&
1313 !ns_capable(net->user_ns, CAP_NET_ADMIN);
1314 + /* !cap_raised(current_cap(), CAP_NET_ADMIN) */
1317 static void tun_set_real_num_queues(struct tun_struct *tun)
1318 @@ -1417,6 +1420,7 @@ static void tun_setup(struct net_device
1320 tun->owner = INVALID_UID;
1321 tun->group = INVALID_GID;
1322 + tun->nid = nx_current_nid();
1324 dev->ethtool_ops = &tun_ethtool_ops;
1325 dev->destructor = tun_free_netdev;
1326 @@ -1633,7 +1637,7 @@ static int tun_set_iff(struct net *net,
1327 int queues = ifr->ifr_flags & IFF_MULTI_QUEUE ?
1330 - if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
1331 + if (!nx_ns_capable(net->user_ns, CAP_NET_ADMIN, NXC_TUN_CREATE))
1333 err = security_tun_dev_create();
1335 @@ -2004,6 +2008,16 @@ static long __tun_chr_ioctl(struct file
1336 from_kgid(&init_user_ns, tun->group));
1340 + if (!capable(CAP_CONTEXT))
1343 + /* Set nid owner of the device */
1344 + tun->nid = (vnid_t) arg;
1346 + tun_debug(KERN_INFO, tun, "nid owner set to %u\n", tun->nid);
1350 /* Only allow setting the type when the interface is down */
1351 if (tun->dev->flags & IFF_UP) {
1352 diff -NurpP --minimal linux-3.14.17/drivers/tty/sysrq.c linux-3.14.17-vs2.3.6.13/drivers/tty/sysrq.c
1353 --- linux-3.14.17/drivers/tty/sysrq.c 2014-08-14 01:38:34.000000000 +0000
1354 +++ linux-3.14.17-vs2.3.6.13/drivers/tty/sysrq.c 2014-08-30 14:27:38.000000000 +0000
1356 #include <linux/jiffies.h>
1357 #include <linux/syscalls.h>
1358 #include <linux/of.h>
1359 +#include <linux/vserver/debug.h>
1361 #include <asm/ptrace.h>
1362 #include <asm/irq_regs.h>
1363 @@ -407,6 +408,21 @@ static struct sysrq_key_op sysrq_unrt_op
1364 .enable_mask = SYSRQ_ENABLE_RTNICE,
1368 +#ifdef CONFIG_VSERVER_DEBUG
1369 +static void sysrq_handle_vxinfo(int key)
1371 + dump_vx_info_inactive((key == 'x') ? 0 : 1);
1374 +static struct sysrq_key_op sysrq_showvxinfo_op = {
1375 + .handler = sysrq_handle_vxinfo,
1376 + .help_msg = "conteXt",
1377 + .action_msg = "Show Context Info",
1378 + .enable_mask = SYSRQ_ENABLE_DUMP,
1382 /* Key Operations table and lock */
1383 static DEFINE_SPINLOCK(sysrq_key_table_lock);
1385 @@ -462,7 +478,11 @@ static struct sysrq_key_op *sysrq_key_ta
1386 &sysrq_showstate_blocked_op, /* w */
1387 /* x: May be registered on ppc/powerpc for xmon */
1388 /* x: May be registered on sparc64 for global PMU dump */
1389 +#ifdef CONFIG_VSERVER_DEBUG
1390 + &sysrq_showvxinfo_op, /* x */
1394 /* y: May be registered on sparc64 for global register dump */
1396 &sysrq_ftrace_dump_op, /* z */
1397 @@ -477,6 +497,8 @@ static int sysrq_key_table_key2index(int
1399 else if ((key >= 'a') && (key <= 'z'))
1400 retval = key + 10 - 'a';
1401 + else if ((key >= 'A') && (key <= 'Z'))
1402 + retval = key + 10 - 'A';
1406 diff -NurpP --minimal linux-3.14.17/drivers/tty/tty_io.c linux-3.14.17-vs2.3.6.13/drivers/tty/tty_io.c
1407 --- linux-3.14.17/drivers/tty/tty_io.c 2014-08-14 01:38:34.000000000 +0000
1408 +++ linux-3.14.17-vs2.3.6.13/drivers/tty/tty_io.c 2014-08-30 14:27:38.000000000 +0000
1411 #include <linux/kmod.h>
1412 #include <linux/nsproxy.h>
1413 +#include <linux/vs_pid.h>
1415 #undef TTY_DEBUG_HANGUP
1417 @@ -2219,7 +2220,8 @@ static int tiocsti(struct tty_struct *tt
1419 struct tty_ldisc *ld;
1421 - if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN))
1422 + if (((current->signal->tty != tty) &&
1423 + !vx_capable(CAP_SYS_ADMIN, VXC_TIOCSTI)))
1425 if (get_user(ch, p))
1427 @@ -2507,6 +2509,7 @@ static int tiocspgrp(struct tty_struct *
1429 if (get_user(pgrp_nr, p))
1431 + pgrp_nr = vx_rmap_pid(pgrp_nr);
1435 diff -NurpP --minimal linux-3.14.17/fs/attr.c linux-3.14.17-vs2.3.6.13/fs/attr.c
1436 --- linux-3.14.17/fs/attr.c 2014-08-14 01:38:34.000000000 +0000
1437 +++ linux-3.14.17-vs2.3.6.13/fs/attr.c 2014-08-30 14:27:38.000000000 +0000
1439 #include <linux/security.h>
1440 #include <linux/evm.h>
1441 #include <linux/ima.h>
1442 +#include <linux/proc_fs.h>
1443 +#include <linux/devpts_fs.h>
1444 +#include <linux/vs_tag.h>
1447 * inode_change_ok - check if attribute changes to an inode are allowed
1448 @@ -77,6 +80,10 @@ int inode_change_ok(const struct inode *
1452 + /* check for inode tag permission */
1453 + if (dx_permission(inode, MAY_WRITE))
1458 EXPORT_SYMBOL(inode_change_ok);
1459 @@ -147,6 +154,8 @@ void setattr_copy(struct inode *inode, c
1460 inode->i_uid = attr->ia_uid;
1461 if (ia_valid & ATTR_GID)
1462 inode->i_gid = attr->ia_gid;
1463 + if ((ia_valid & ATTR_TAG) && IS_TAGGED(inode))
1464 + inode->i_tag = attr->ia_tag;
1465 if (ia_valid & ATTR_ATIME)
1466 inode->i_atime = timespec_trunc(attr->ia_atime,
1467 inode->i_sb->s_time_gran);
1468 @@ -197,7 +206,8 @@ int notify_change(struct dentry * dentry
1470 WARN_ON_ONCE(!mutex_is_locked(&inode->i_mutex));
1472 - if (ia_valid & (ATTR_MODE | ATTR_UID | ATTR_GID | ATTR_TIMES_SET)) {
1473 + if (ia_valid & (ATTR_MODE | ATTR_UID | ATTR_GID |
1474 + ATTR_TAG | ATTR_TIMES_SET)) {
1475 if (IS_IMMUTABLE(inode) || IS_APPEND(inode))
1478 diff -NurpP --minimal linux-3.14.17/fs/block_dev.c linux-3.14.17-vs2.3.6.13/fs/block_dev.c
1479 --- linux-3.14.17/fs/block_dev.c 2014-08-14 01:38:34.000000000 +0000
1480 +++ linux-3.14.17-vs2.3.6.13/fs/block_dev.c 2014-08-30 14:27:38.000000000 +0000
1482 #include <linux/log2.h>
1483 #include <linux/cleancache.h>
1484 #include <linux/aio.h>
1485 +#include <linux/vs_device.h>
1486 #include <asm/uaccess.h>
1487 #include "internal.h"
1489 @@ -515,6 +516,7 @@ struct block_device *bdget(dev_t dev)
1490 bdev->bd_invalidated = 0;
1491 inode->i_mode = S_IFBLK;
1492 inode->i_rdev = dev;
1493 + inode->i_mdev = dev;
1494 inode->i_bdev = bdev;
1495 inode->i_data.a_ops = &def_blk_aops;
1496 mapping_set_gfp_mask(&inode->i_data, GFP_USER);
1497 @@ -562,6 +564,11 @@ EXPORT_SYMBOL(bdput);
1498 static struct block_device *bd_acquire(struct inode *inode)
1500 struct block_device *bdev;
1503 + if (!vs_map_blkdev(inode->i_rdev, &mdev, DATTR_OPEN))
1505 + inode->i_mdev = mdev;
1507 spin_lock(&bdev_lock);
1508 bdev = inode->i_bdev;
1509 @@ -572,7 +579,7 @@ static struct block_device *bd_acquire(s
1511 spin_unlock(&bdev_lock);
1513 - bdev = bdget(inode->i_rdev);
1514 + bdev = bdget(mdev);
1516 spin_lock(&bdev_lock);
1517 if (!inode->i_bdev) {
1518 diff -NurpP --minimal linux-3.14.17/fs/btrfs/ctree.h linux-3.14.17-vs2.3.6.13/fs/btrfs/ctree.h
1519 --- linux-3.14.17/fs/btrfs/ctree.h 2014-08-14 01:38:34.000000000 +0000
1520 +++ linux-3.14.17-vs2.3.6.13/fs/btrfs/ctree.h 2014-08-30 14:27:38.000000000 +0000
1521 @@ -729,11 +729,14 @@ struct btrfs_inode_item {
1522 /* modification sequence number for NFS */
1527 * a little future expansion, for more than this we can
1528 * just grow the inode item and version it
1530 - __le64 reserved[4];
1531 + __le16 reserved16;
1532 + __le32 reserved32;
1533 + __le64 reserved[3];
1534 struct btrfs_timespec atime;
1535 struct btrfs_timespec ctime;
1536 struct btrfs_timespec mtime;
1537 @@ -2034,6 +2037,8 @@ struct btrfs_ioctl_defrag_range_args {
1539 #define BTRFS_DEFAULT_COMMIT_INTERVAL (30)
1541 +#define BTRFS_MOUNT_TAGGED (1 << 24)
1543 #define btrfs_clear_opt(o, opt) ((o) &= ~BTRFS_MOUNT_##opt)
1544 #define btrfs_set_opt(o, opt) ((o) |= BTRFS_MOUNT_##opt)
1545 #define btrfs_raw_test_opt(o, opt) ((o) & BTRFS_MOUNT_##opt)
1546 @@ -2303,6 +2308,7 @@ BTRFS_SETGET_FUNCS(inode_block_group, st
1547 BTRFS_SETGET_FUNCS(inode_nlink, struct btrfs_inode_item, nlink, 32);
1548 BTRFS_SETGET_FUNCS(inode_uid, struct btrfs_inode_item, uid, 32);
1549 BTRFS_SETGET_FUNCS(inode_gid, struct btrfs_inode_item, gid, 32);
1550 +BTRFS_SETGET_FUNCS(inode_tag, struct btrfs_inode_item, tag, 16);
1551 BTRFS_SETGET_FUNCS(inode_mode, struct btrfs_inode_item, mode, 32);
1552 BTRFS_SETGET_FUNCS(inode_rdev, struct btrfs_inode_item, rdev, 64);
1553 BTRFS_SETGET_FUNCS(inode_flags, struct btrfs_inode_item, flags, 64);
1554 @@ -2375,6 +2381,10 @@ BTRFS_SETGET_FUNCS(extent_flags, struct
1556 BTRFS_SETGET_FUNCS(extent_refs_v0, struct btrfs_extent_item_v0, refs, 32);
1558 +#define BTRFS_INODE_IXUNLINK (1 << 24)
1559 +#define BTRFS_INODE_BARRIER (1 << 25)
1560 +#define BTRFS_INODE_COW (1 << 26)
1563 BTRFS_SETGET_FUNCS(tree_block_level, struct btrfs_tree_block_info, level, 8);
1565 @@ -3781,6 +3791,7 @@ long btrfs_ioctl(struct file *file, unsi
1566 void btrfs_update_iflags(struct inode *inode);
1567 void btrfs_inherit_iflags(struct inode *inode, struct inode *dir);
1568 int btrfs_is_empty_uuid(u8 *uuid);
1569 +int btrfs_sync_flags(struct inode *inode, int, int);
1570 int btrfs_defrag_file(struct inode *inode, struct file *file,
1571 struct btrfs_ioctl_defrag_range_args *range,
1572 u64 newer_than, unsigned long max_pages);
1573 diff -NurpP --minimal linux-3.14.17/fs/btrfs/disk-io.c linux-3.14.17-vs2.3.6.13/fs/btrfs/disk-io.c
1574 --- linux-3.14.17/fs/btrfs/disk-io.c 2014-08-14 01:38:34.000000000 +0000
1575 +++ linux-3.14.17-vs2.3.6.13/fs/btrfs/disk-io.c 2014-08-30 14:27:38.000000000 +0000
1576 @@ -2378,6 +2378,9 @@ int open_ctree(struct super_block *sb,
1580 + if (btrfs_test_opt(tree_root, TAGGED))
1581 + sb->s_flags |= MS_TAGGED;
1583 features = btrfs_super_incompat_flags(disk_super) &
1584 ~BTRFS_FEATURE_INCOMPAT_SUPP;
1586 diff -NurpP --minimal linux-3.14.17/fs/btrfs/inode.c linux-3.14.17-vs2.3.6.13/fs/btrfs/inode.c
1587 --- linux-3.14.17/fs/btrfs/inode.c 2014-08-14 01:38:34.000000000 +0000
1588 +++ linux-3.14.17-vs2.3.6.13/fs/btrfs/inode.c 2014-08-30 14:54:20.000000000 +0000
1590 #include <linux/btrfs.h>
1591 #include <linux/blkdev.h>
1592 #include <linux/posix_acl_xattr.h>
1593 +#include <linux/vs_tag.h>
1595 #include "disk-io.h"
1596 #include "transaction.h"
1597 @@ -3343,6 +3344,9 @@ static void btrfs_read_locked_inode(stru
1605 bool filled = false;
1606 int first_xattr_slot;
1607 @@ -3370,8 +3374,14 @@ static void btrfs_read_locked_inode(stru
1608 struct btrfs_inode_item);
1609 inode->i_mode = btrfs_inode_mode(leaf, inode_item);
1610 set_nlink(inode, btrfs_inode_nlink(leaf, inode_item));
1611 - i_uid_write(inode, btrfs_inode_uid(leaf, inode_item));
1612 - i_gid_write(inode, btrfs_inode_gid(leaf, inode_item));
1614 + kuid = make_kuid(&init_user_ns, btrfs_inode_uid(leaf, inode_item));
1615 + kgid = make_kgid(&init_user_ns, btrfs_inode_gid(leaf, inode_item));
1616 + ktag = make_ktag(&init_user_ns, btrfs_inode_tag(leaf, inode_item));
1618 + inode->i_uid = INOTAG_KUID(DX_TAG(inode), kuid, kgid);
1619 + inode->i_gid = INOTAG_KGID(DX_TAG(inode), kuid, kgid);
1620 + inode->i_tag = INOTAG_KTAG(DX_TAG(inode), kuid, kgid, ktag);
1621 btrfs_i_size_write(inode, btrfs_inode_size(leaf, inode_item));
1623 tspec = btrfs_inode_atime(inode_item);
1624 @@ -3495,11 +3505,18 @@ static void fill_inode_item(struct btrfs
1625 struct inode *inode)
1627 struct btrfs_map_token token;
1628 + uid_t uid = from_kuid(&init_user_ns,
1629 + TAGINO_KUID(DX_TAG(inode), inode->i_uid, inode->i_tag));
1630 + gid_t gid = from_kgid(&init_user_ns,
1631 + TAGINO_KGID(DX_TAG(inode), inode->i_gid, inode->i_tag));
1633 btrfs_init_map_token(&token);
1635 - btrfs_set_token_inode_uid(leaf, item, i_uid_read(inode), &token);
1636 - btrfs_set_token_inode_gid(leaf, item, i_gid_read(inode), &token);
1637 + btrfs_set_token_inode_uid(leaf, item, uid, &token);
1638 + btrfs_set_token_inode_gid(leaf, item, gid, &token);
1639 +#ifdef CONFIG_TAGGING_INTERN
1640 + btrfs_set_token_inode_tag(leaf, item, i_tag_read(inode), &token);
1642 btrfs_set_token_inode_size(leaf, item, BTRFS_I(inode)->disk_i_size,
1644 btrfs_set_token_inode_mode(leaf, item, inode->i_mode, &token);
1645 @@ -8849,13 +8866,16 @@ static const struct inode_operations btr
1646 .listxattr = btrfs_listxattr,
1647 .removexattr = btrfs_removexattr,
1648 .permission = btrfs_permission,
1649 + .sync_flags = btrfs_sync_flags,
1650 .get_acl = btrfs_get_acl,
1651 .set_acl = btrfs_set_acl,
1652 .update_time = btrfs_update_time,
1655 static const struct inode_operations btrfs_dir_ro_inode_operations = {
1656 .lookup = btrfs_lookup,
1657 .permission = btrfs_permission,
1658 + .sync_flags = btrfs_sync_flags,
1659 .get_acl = btrfs_get_acl,
1660 .set_acl = btrfs_set_acl,
1661 .update_time = btrfs_update_time,
1662 @@ -8926,6 +8946,7 @@ static const struct inode_operations btr
1663 .removexattr = btrfs_removexattr,
1664 .permission = btrfs_permission,
1665 .fiemap = btrfs_fiemap,
1666 + .sync_flags = btrfs_sync_flags,
1667 .get_acl = btrfs_get_acl,
1668 .set_acl = btrfs_set_acl,
1669 .update_time = btrfs_update_time,
1670 diff -NurpP --minimal linux-3.14.17/fs/btrfs/ioctl.c linux-3.14.17-vs2.3.6.13/fs/btrfs/ioctl.c
1671 --- linux-3.14.17/fs/btrfs/ioctl.c 2014-08-14 01:38:34.000000000 +0000
1672 +++ linux-3.14.17-vs2.3.6.13/fs/btrfs/ioctl.c 2014-08-30 14:27:38.000000000 +0000
1673 @@ -80,10 +80,13 @@ static unsigned int btrfs_flags_to_ioctl
1675 unsigned int iflags = 0;
1677 - if (flags & BTRFS_INODE_SYNC)
1678 - iflags |= FS_SYNC_FL;
1679 if (flags & BTRFS_INODE_IMMUTABLE)
1680 iflags |= FS_IMMUTABLE_FL;
1681 + if (flags & BTRFS_INODE_IXUNLINK)
1682 + iflags |= FS_IXUNLINK_FL;
1684 + if (flags & BTRFS_INODE_SYNC)
1685 + iflags |= FS_SYNC_FL;
1686 if (flags & BTRFS_INODE_APPEND)
1687 iflags |= FS_APPEND_FL;
1688 if (flags & BTRFS_INODE_NODUMP)
1689 @@ -100,28 +103,78 @@ static unsigned int btrfs_flags_to_ioctl
1690 else if (flags & BTRFS_INODE_NOCOMPRESS)
1691 iflags |= FS_NOCOMP_FL;
1693 + if (flags & BTRFS_INODE_BARRIER)
1694 + iflags |= FS_BARRIER_FL;
1695 + if (flags & BTRFS_INODE_COW)
1696 + iflags |= FS_COW_FL;
1701 - * Update inode->i_flags based on the btrfs internal flags.
1702 + * Update inode->i_(v)flags based on the btrfs internal flags.
1704 void btrfs_update_iflags(struct inode *inode)
1706 struct btrfs_inode *ip = BTRFS_I(inode);
1708 - inode->i_flags &= ~(S_SYNC|S_APPEND|S_IMMUTABLE|S_NOATIME|S_DIRSYNC);
1709 + inode->i_flags &= ~(S_IMMUTABLE | S_IXUNLINK |
1710 + S_SYNC | S_APPEND | S_NOATIME | S_DIRSYNC);
1712 - if (ip->flags & BTRFS_INODE_SYNC)
1713 - inode->i_flags |= S_SYNC;
1714 if (ip->flags & BTRFS_INODE_IMMUTABLE)
1715 inode->i_flags |= S_IMMUTABLE;
1716 + if (ip->flags & BTRFS_INODE_IXUNLINK)
1717 + inode->i_flags |= S_IXUNLINK;
1719 + if (ip->flags & BTRFS_INODE_SYNC)
1720 + inode->i_flags |= S_SYNC;
1721 if (ip->flags & BTRFS_INODE_APPEND)
1722 inode->i_flags |= S_APPEND;
1723 if (ip->flags & BTRFS_INODE_NOATIME)
1724 inode->i_flags |= S_NOATIME;
1725 if (ip->flags & BTRFS_INODE_DIRSYNC)
1726 inode->i_flags |= S_DIRSYNC;
1728 + inode->i_vflags &= ~(V_BARRIER | V_COW);
1730 + if (ip->flags & BTRFS_INODE_BARRIER)
1731 + inode->i_vflags |= V_BARRIER;
1732 + if (ip->flags & BTRFS_INODE_COW)
1733 + inode->i_vflags |= V_COW;
1737 + * Update btrfs internal flags from inode->i_(v)flags.
1739 +void btrfs_update_flags(struct inode *inode)
1741 + struct btrfs_inode *ip = BTRFS_I(inode);
1743 + unsigned int flags = inode->i_flags;
1744 + unsigned int vflags = inode->i_vflags;
1746 + ip->flags &= ~(BTRFS_INODE_SYNC | BTRFS_INODE_APPEND |
1747 + BTRFS_INODE_IMMUTABLE | BTRFS_INODE_IXUNLINK |
1748 + BTRFS_INODE_NOATIME | BTRFS_INODE_DIRSYNC |
1749 + BTRFS_INODE_BARRIER | BTRFS_INODE_COW);
1751 + if (flags & S_IMMUTABLE)
1752 + ip->flags |= BTRFS_INODE_IMMUTABLE;
1753 + if (flags & S_IXUNLINK)
1754 + ip->flags |= BTRFS_INODE_IXUNLINK;
1756 + if (flags & S_SYNC)
1757 + ip->flags |= BTRFS_INODE_SYNC;
1758 + if (flags & S_APPEND)
1759 + ip->flags |= BTRFS_INODE_APPEND;
1760 + if (flags & S_NOATIME)
1761 + ip->flags |= BTRFS_INODE_NOATIME;
1762 + if (flags & S_DIRSYNC)
1763 + ip->flags |= BTRFS_INODE_DIRSYNC;
1765 + if (vflags & V_BARRIER)
1766 + ip->flags |= BTRFS_INODE_BARRIER;
1767 + if (vflags & V_COW)
1768 + ip->flags |= BTRFS_INODE_COW;
1772 @@ -137,6 +190,7 @@ void btrfs_inherit_iflags(struct inode *
1775 flags = BTRFS_I(dir)->flags;
1776 + flags &= ~BTRFS_INODE_BARRIER;
1778 if (flags & BTRFS_INODE_NOCOMPRESS) {
1779 BTRFS_I(inode)->flags &= ~BTRFS_INODE_COMPRESS;
1780 @@ -155,6 +209,30 @@ void btrfs_inherit_iflags(struct inode *
1781 btrfs_update_iflags(inode);
1784 +int btrfs_sync_flags(struct inode *inode, int flags, int vflags)
1786 + struct btrfs_inode *ip = BTRFS_I(inode);
1787 + struct btrfs_root *root = ip->root;
1788 + struct btrfs_trans_handle *trans;
1791 + trans = btrfs_join_transaction(root);
1794 + inode->i_flags = flags;
1795 + inode->i_vflags = vflags;
1796 + btrfs_update_flags(inode);
1798 + ret = btrfs_update_inode(trans, root, inode);
1801 + btrfs_update_iflags(inode);
1802 + inode->i_ctime = CURRENT_TIME;
1803 + btrfs_end_transaction(trans, root);
1808 static int btrfs_ioctl_getflags(struct file *file, void __user *arg)
1810 struct btrfs_inode *ip = BTRFS_I(file_inode(file));
1811 @@ -217,21 +295,27 @@ static int btrfs_ioctl_setflags(struct f
1813 flags = btrfs_mask_flags(inode->i_mode, flags);
1814 oldflags = btrfs_flags_to_ioctl(ip->flags);
1815 - if ((flags ^ oldflags) & (FS_APPEND_FL | FS_IMMUTABLE_FL)) {
1816 + if ((flags ^ oldflags) & (FS_APPEND_FL |
1817 + FS_IMMUTABLE_FL | FS_IXUNLINK_FL)) {
1818 if (!capable(CAP_LINUX_IMMUTABLE)) {
1824 - if (flags & FS_SYNC_FL)
1825 - ip->flags |= BTRFS_INODE_SYNC;
1827 - ip->flags &= ~BTRFS_INODE_SYNC;
1828 if (flags & FS_IMMUTABLE_FL)
1829 ip->flags |= BTRFS_INODE_IMMUTABLE;
1831 ip->flags &= ~BTRFS_INODE_IMMUTABLE;
1832 + if (flags & FS_IXUNLINK_FL)
1833 + ip->flags |= BTRFS_INODE_IXUNLINK;
1835 + ip->flags &= ~BTRFS_INODE_IXUNLINK;
1837 + if (flags & FS_SYNC_FL)
1838 + ip->flags |= BTRFS_INODE_SYNC;
1840 + ip->flags &= ~BTRFS_INODE_SYNC;
1841 if (flags & FS_APPEND_FL)
1842 ip->flags |= BTRFS_INODE_APPEND;
1844 diff -NurpP --minimal linux-3.14.17/fs/btrfs/super.c linux-3.14.17-vs2.3.6.13/fs/btrfs/super.c
1845 --- linux-3.14.17/fs/btrfs/super.c 2014-08-14 01:38:34.000000000 +0000
1846 +++ linux-3.14.17-vs2.3.6.13/fs/btrfs/super.c 2014-08-30 14:54:42.000000000 +0000
1847 @@ -328,7 +328,7 @@ enum {
1848 Opt_commit_interval, Opt_barrier, Opt_nodefrag, Opt_nodiscard,
1849 Opt_noenospc_debug, Opt_noflushoncommit, Opt_acl, Opt_datacow,
1850 Opt_datasum, Opt_treelog, Opt_noinode_cache,
1852 + Opt_tag, Opt_notag, Opt_tagid, Opt_err,
1855 static match_table_t tokens = {
1856 @@ -380,6 +380,9 @@ static match_table_t tokens = {
1857 {Opt_rescan_uuid_tree, "rescan_uuid_tree"},
1858 {Opt_fatal_errors, "fatal_errors=%s"},
1859 {Opt_commit_interval, "commit=%d"},
1861 + {Opt_notag, "notag"},
1862 + {Opt_tagid, "tagid=%u"},
1866 @@ -747,6 +750,22 @@ int btrfs_parse_options(struct btrfs_roo
1867 info->commit_interval = BTRFS_DEFAULT_COMMIT_INTERVAL;
1870 +#ifndef CONFIG_TAGGING_NONE
1872 + printk(KERN_INFO "btrfs: use tagging\n");
1873 + btrfs_set_opt(info->mount_opt, TAGGED);
1876 + printk(KERN_INFO "btrfs: disabled tagging\n");
1877 + btrfs_clear_opt(info->mount_opt, TAGGED);
1880 +#ifdef CONFIG_PROPAGATE
1883 + btrfs_set_opt(info->mount_opt, TAGGED);
1887 btrfs_info(root->fs_info, "unrecognized mount option '%s'", p);
1889 @@ -1400,6 +1419,12 @@ static int btrfs_remount(struct super_bl
1890 btrfs_resize_thread_pool(fs_info,
1891 fs_info->thread_pool_size, old_thread_pool_size);
1893 + if (btrfs_test_opt(root, TAGGED) && !(sb->s_flags & MS_TAGGED)) {
1894 + printk("btrfs: %s: tagging not permitted on remount.\n",
1899 if ((*flags & MS_RDONLY) == (sb->s_flags & MS_RDONLY))
1902 diff -NurpP --minimal linux-3.14.17/fs/char_dev.c linux-3.14.17-vs2.3.6.13/fs/char_dev.c
1903 --- linux-3.14.17/fs/char_dev.c 2014-08-14 01:38:34.000000000 +0000
1904 +++ linux-3.14.17-vs2.3.6.13/fs/char_dev.c 2014-08-30 14:27:38.000000000 +0000
1906 #include <linux/mutex.h>
1907 #include <linux/backing-dev.h>
1908 #include <linux/tty.h>
1909 +#include <linux/vs_context.h>
1910 +#include <linux/vs_device.h>
1912 #include "internal.h"
1914 @@ -372,14 +374,21 @@ static int chrdev_open(struct inode *ino
1916 struct cdev *new = NULL;
1920 + if (!vs_map_chrdev(inode->i_rdev, &mdev, DATTR_OPEN))
1922 + inode->i_mdev = mdev;
1924 spin_lock(&cdev_lock);
1927 struct kobject *kobj;
1930 spin_unlock(&cdev_lock);
1931 - kobj = kobj_lookup(cdev_map, inode->i_rdev, &idx);
1933 + kobj = kobj_lookup(cdev_map, mdev, &idx);
1936 new = container_of(kobj, struct cdev, kobj);
1937 diff -NurpP --minimal linux-3.14.17/fs/dcache.c linux-3.14.17-vs2.3.6.13/fs/dcache.c
1938 --- linux-3.14.17/fs/dcache.c 2014-08-14 01:38:34.000000000 +0000
1939 +++ linux-3.14.17-vs2.3.6.13/fs/dcache.c 2014-08-30 14:27:38.000000000 +0000
1941 #include <linux/prefetch.h>
1942 #include <linux/ratelimit.h>
1943 #include <linux/list_lru.h>
1944 +#include <linux/vs_limit.h>
1945 #include "internal.h"
1948 @@ -640,6 +641,8 @@ int d_invalidate(struct dentry * dentry)
1949 spin_lock(&dentry->d_lock);
1952 + vx_dentry_dec(dentry);
1955 * Somebody else still using it?
1957 @@ -669,6 +672,7 @@ EXPORT_SYMBOL(d_invalidate);
1958 static inline void __dget_dlock(struct dentry *dentry)
1960 dentry->d_lockref.count++;
1961 + vx_dentry_inc(dentry);
1964 static inline void __dget(struct dentry *dentry)
1965 @@ -1483,6 +1487,9 @@ struct dentry *__d_alloc(struct super_bl
1966 struct dentry *dentry;
1969 + if (!vx_dentry_avail(1))
1972 dentry = kmem_cache_alloc(dentry_cache, GFP_KERNEL);
1975 @@ -1515,6 +1522,7 @@ struct dentry *__d_alloc(struct super_bl
1977 dentry->d_lockref.count = 1;
1978 dentry->d_flags = 0;
1979 + vx_dentry_inc(dentry);
1980 spin_lock_init(&dentry->d_lock);
1981 seqcount_init(&dentry->d_seq);
1982 dentry->d_inode = NULL;
1983 @@ -2277,6 +2285,7 @@ struct dentry *__d_lookup(const struct d
1986 dentry->d_lockref.count++;
1987 + vx_dentry_inc(dentry);
1989 spin_unlock(&dentry->d_lock);
1991 diff -NurpP --minimal linux-3.14.17/fs/devpts/inode.c linux-3.14.17-vs2.3.6.13/fs/devpts/inode.c
1992 --- linux-3.14.17/fs/devpts/inode.c 2014-08-14 01:38:34.000000000 +0000
1993 +++ linux-3.14.17-vs2.3.6.13/fs/devpts/inode.c 2014-08-30 14:27:38.000000000 +0000
1995 #include <linux/parser.h>
1996 #include <linux/fsnotify.h>
1997 #include <linux/seq_file.h>
1998 +#include <linux/vs_base.h>
2000 #define DEVPTS_DEFAULT_MODE 0600
2003 #define DEVPTS_DEFAULT_PTMX_MODE 0000
2004 #define PTMX_MINOR 2
2006 +static int devpts_permission(struct inode *inode, int mask)
2008 + int ret = -EACCES;
2010 + /* devpts is xid tagged */
2011 + if (vx_check((vxid_t)i_tag_read(inode), VS_WATCH_P | VS_IDENT))
2012 + ret = generic_permission(inode, mask);
2016 +static struct inode_operations devpts_file_inode_operations = {
2017 + .permission = devpts_permission,
2022 * sysctl support for setting limits on the number of Unix98 ptys allocated.
2023 * Otherwise one can eat up all kernel memory by opening /dev/ptmx repeatedly.
2024 @@ -345,6 +361,34 @@ static int devpts_show_options(struct se
2028 +static int devpts_filter(struct dentry *de)
2032 + /* devpts is xid tagged */
2033 + if (de && de->d_inode)
2034 + xid = (vxid_t)i_tag_read(de->d_inode);
2035 +#ifdef CONFIG_VSERVER_WARN_DEVPTS
2037 + vxwprintk_task(1, "devpts " VS_Q("%.*s") " without inode.",
2038 + de->d_name.len, de->d_name.name);
2040 + return vx_check(xid, VS_WATCH_P | VS_IDENT);
2043 +static int devpts_readdir(struct file * filp, struct dir_context *ctx)
2045 + return dcache_readdir_filter(filp, ctx, devpts_filter);
2048 +static struct file_operations devpts_dir_operations = {
2049 + .open = dcache_dir_open,
2050 + .release = dcache_dir_close,
2051 + .llseek = dcache_dir_lseek,
2052 + .read = generic_read_dir,
2053 + .iterate = devpts_readdir,
2056 static const struct super_operations devpts_sops = {
2057 .statfs = simple_statfs,
2058 .remount_fs = devpts_remount,
2059 @@ -388,8 +432,10 @@ devpts_fill_super(struct super_block *s,
2060 inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME;
2061 inode->i_mode = S_IFDIR | S_IRUGO | S_IXUGO | S_IWUSR;
2062 inode->i_op = &simple_dir_inode_operations;
2063 - inode->i_fop = &simple_dir_operations;
2064 + inode->i_fop = &devpts_dir_operations;
2065 set_nlink(inode, 2);
2066 + /* devpts is xid tagged */
2067 + i_tag_write(inode, (vtag_t)vx_current_xid());
2069 s->s_root = d_make_root(inode);
2071 @@ -593,6 +639,9 @@ struct inode *devpts_pty_new(struct inod
2072 inode->i_gid = opts->setgid ? opts->gid : current_fsgid();
2073 inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME;
2074 init_special_inode(inode, S_IFCHR|opts->mode, device);
2075 + /* devpts is xid tagged */
2076 + i_tag_write(inode, (vtag_t)vx_current_xid());
2077 + inode->i_op = &devpts_file_inode_operations;
2078 inode->i_private = priv;
2080 sprintf(s, "%d", index);
2081 diff -NurpP --minimal linux-3.14.17/fs/ext2/balloc.c linux-3.14.17-vs2.3.6.13/fs/ext2/balloc.c
2082 --- linux-3.14.17/fs/ext2/balloc.c 2014-08-14 01:38:34.000000000 +0000
2083 +++ linux-3.14.17-vs2.3.6.13/fs/ext2/balloc.c 2014-08-30 14:27:38.000000000 +0000
2084 @@ -693,7 +693,6 @@ ext2_try_to_allocate(struct super_block
2086 end = EXT2_BLOCKS_PER_GROUP(sb);
2089 BUG_ON(start > EXT2_BLOCKS_PER_GROUP(sb));
2092 diff -NurpP --minimal linux-3.14.17/fs/ext2/ext2.h linux-3.14.17-vs2.3.6.13/fs/ext2/ext2.h
2093 --- linux-3.14.17/fs/ext2/ext2.h 2014-08-14 01:38:34.000000000 +0000
2094 +++ linux-3.14.17-vs2.3.6.13/fs/ext2/ext2.h 2014-08-30 14:27:38.000000000 +0000
2095 @@ -244,8 +244,12 @@ struct ext2_group_desc
2096 #define EXT2_NOTAIL_FL FS_NOTAIL_FL /* file tail should not be merged */
2097 #define EXT2_DIRSYNC_FL FS_DIRSYNC_FL /* dirsync behaviour (directories only) */
2098 #define EXT2_TOPDIR_FL FS_TOPDIR_FL /* Top of directory hierarchies*/
2099 +#define EXT2_IXUNLINK_FL FS_IXUNLINK_FL /* Immutable invert on unlink */
2100 #define EXT2_RESERVED_FL FS_RESERVED_FL /* reserved for ext2 lib */
2102 +#define EXT2_BARRIER_FL FS_BARRIER_FL /* Barrier for chroot() */
2103 +#define EXT2_COW_FL FS_COW_FL /* Copy on Write marker */
2105 #define EXT2_FL_USER_VISIBLE FS_FL_USER_VISIBLE /* User visible flags */
2106 #define EXT2_FL_USER_MODIFIABLE FS_FL_USER_MODIFIABLE /* User modifiable flags */
2108 @@ -329,7 +333,8 @@ struct ext2_inode {
2110 __le16 l_i_uid_high; /* these 2 fields */
2111 __le16 l_i_gid_high; /* were reserved2[0] */
2112 - __u32 l_i_reserved2;
2113 + __le16 l_i_tag; /* Context Tag */
2114 + __u16 l_i_reserved2;
2117 __u8 h_i_frag; /* Fragment number */
2118 @@ -357,6 +362,7 @@ struct ext2_inode {
2119 #define i_gid_low i_gid
2120 #define i_uid_high osd2.linux2.l_i_uid_high
2121 #define i_gid_high osd2.linux2.l_i_gid_high
2122 +#define i_raw_tag osd2.linux2.l_i_tag
2123 #define i_reserved2 osd2.linux2.l_i_reserved2
2126 @@ -384,6 +390,7 @@ struct ext2_inode {
2127 #define EXT2_MOUNT_USRQUOTA 0x020000 /* user quota */
2128 #define EXT2_MOUNT_GRPQUOTA 0x040000 /* group quota */
2129 #define EXT2_MOUNT_RESERVATION 0x080000 /* Preallocation */
2130 +#define EXT2_MOUNT_TAGGED (1<<24) /* Enable Context Tags */
2133 #define clear_opt(o, opt) o &= ~EXT2_MOUNT_##opt
2134 @@ -757,6 +764,7 @@ extern void ext2_set_inode_flags(struct
2135 extern void ext2_get_inode_flags(struct ext2_inode_info *);
2136 extern int ext2_fiemap(struct inode *inode, struct fiemap_extent_info *fieinfo,
2137 u64 start, u64 len);
2138 +extern int ext2_sync_flags(struct inode *, int, int);
2141 extern long ext2_ioctl(struct file *, unsigned int, unsigned long);
2142 diff -NurpP --minimal linux-3.14.17/fs/ext2/file.c linux-3.14.17-vs2.3.6.13/fs/ext2/file.c
2143 --- linux-3.14.17/fs/ext2/file.c 2014-08-14 01:38:34.000000000 +0000
2144 +++ linux-3.14.17-vs2.3.6.13/fs/ext2/file.c 2014-08-30 14:27:38.000000000 +0000
2145 @@ -105,4 +105,5 @@ const struct inode_operations ext2_file_
2146 .get_acl = ext2_get_acl,
2147 .set_acl = ext2_set_acl,
2148 .fiemap = ext2_fiemap,
2149 + .sync_flags = ext2_sync_flags,
2151 diff -NurpP --minimal linux-3.14.17/fs/ext2/ialloc.c linux-3.14.17-vs2.3.6.13/fs/ext2/ialloc.c
2152 --- linux-3.14.17/fs/ext2/ialloc.c 2014-08-14 01:38:34.000000000 +0000
2153 +++ linux-3.14.17-vs2.3.6.13/fs/ext2/ialloc.c 2014-08-30 14:27:38.000000000 +0000
2155 #include <linux/backing-dev.h>
2156 #include <linux/buffer_head.h>
2157 #include <linux/random.h>
2158 +#include <linux/vs_tag.h>
2162 @@ -546,6 +547,7 @@ got:
2163 inode->i_mode = mode;
2164 inode->i_uid = current_fsuid();
2165 inode->i_gid = dir->i_gid;
2166 + i_tag_write(inode, dx_current_fstag(sb));
2168 inode_init_owner(inode, dir, mode);
2170 diff -NurpP --minimal linux-3.14.17/fs/ext2/inode.c linux-3.14.17-vs2.3.6.13/fs/ext2/inode.c
2171 --- linux-3.14.17/fs/ext2/inode.c 2014-08-14 01:38:34.000000000 +0000
2172 +++ linux-3.14.17-vs2.3.6.13/fs/ext2/inode.c 2014-08-30 14:27:38.000000000 +0000
2174 #include <linux/fiemap.h>
2175 #include <linux/namei.h>
2176 #include <linux/aio.h>
2177 +#include <linux/vs_tag.h>
2181 @@ -1182,7 +1183,7 @@ static void ext2_truncate_blocks(struct
2183 if (ext2_inode_is_fast_symlink(inode))
2185 - if (IS_APPEND(inode) || IS_IMMUTABLE(inode))
2186 + if (IS_APPEND(inode) || IS_IXORUNLINK(inode))
2188 __ext2_truncate_blocks(inode, offset);
2190 @@ -1273,36 +1274,61 @@ void ext2_set_inode_flags(struct inode *
2192 unsigned int flags = EXT2_I(inode)->i_flags;
2194 - inode->i_flags &= ~(S_SYNC|S_APPEND|S_IMMUTABLE|S_NOATIME|S_DIRSYNC);
2195 + inode->i_flags &= ~(S_IMMUTABLE | S_IXUNLINK |
2196 + S_SYNC | S_APPEND | S_NOATIME | S_DIRSYNC);
2199 + if (flags & EXT2_IMMUTABLE_FL)
2200 + inode->i_flags |= S_IMMUTABLE;
2201 + if (flags & EXT2_IXUNLINK_FL)
2202 + inode->i_flags |= S_IXUNLINK;
2204 if (flags & EXT2_SYNC_FL)
2205 inode->i_flags |= S_SYNC;
2206 if (flags & EXT2_APPEND_FL)
2207 inode->i_flags |= S_APPEND;
2208 - if (flags & EXT2_IMMUTABLE_FL)
2209 - inode->i_flags |= S_IMMUTABLE;
2210 if (flags & EXT2_NOATIME_FL)
2211 inode->i_flags |= S_NOATIME;
2212 if (flags & EXT2_DIRSYNC_FL)
2213 inode->i_flags |= S_DIRSYNC;
2215 + inode->i_vflags &= ~(V_BARRIER | V_COW);
2217 + if (flags & EXT2_BARRIER_FL)
2218 + inode->i_vflags |= V_BARRIER;
2219 + if (flags & EXT2_COW_FL)
2220 + inode->i_vflags |= V_COW;
2223 /* Propagate flags from i_flags to EXT2_I(inode)->i_flags */
2224 void ext2_get_inode_flags(struct ext2_inode_info *ei)
2226 unsigned int flags = ei->vfs_inode.i_flags;
2227 + unsigned int vflags = ei->vfs_inode.i_vflags;
2229 + ei->i_flags &= ~(EXT2_SYNC_FL | EXT2_APPEND_FL |
2230 + EXT2_IMMUTABLE_FL | EXT2_IXUNLINK_FL |
2231 + EXT2_NOATIME_FL | EXT2_DIRSYNC_FL |
2232 + EXT2_BARRIER_FL | EXT2_COW_FL);
2234 + if (flags & S_IMMUTABLE)
2235 + ei->i_flags |= EXT2_IMMUTABLE_FL;
2236 + if (flags & S_IXUNLINK)
2237 + ei->i_flags |= EXT2_IXUNLINK_FL;
2239 - ei->i_flags &= ~(EXT2_SYNC_FL|EXT2_APPEND_FL|
2240 - EXT2_IMMUTABLE_FL|EXT2_NOATIME_FL|EXT2_DIRSYNC_FL);
2242 ei->i_flags |= EXT2_SYNC_FL;
2243 if (flags & S_APPEND)
2244 ei->i_flags |= EXT2_APPEND_FL;
2245 - if (flags & S_IMMUTABLE)
2246 - ei->i_flags |= EXT2_IMMUTABLE_FL;
2247 if (flags & S_NOATIME)
2248 ei->i_flags |= EXT2_NOATIME_FL;
2249 if (flags & S_DIRSYNC)
2250 ei->i_flags |= EXT2_DIRSYNC_FL;
2252 + if (vflags & V_BARRIER)
2253 + ei->i_flags |= EXT2_BARRIER_FL;
2254 + if (vflags & V_COW)
2255 + ei->i_flags |= EXT2_COW_FL;
2258 struct inode *ext2_iget (struct super_block *sb, unsigned long ino)
2259 @@ -1338,8 +1364,10 @@ struct inode *ext2_iget (struct super_bl
2260 i_uid |= le16_to_cpu(raw_inode->i_uid_high) << 16;
2261 i_gid |= le16_to_cpu(raw_inode->i_gid_high) << 16;
2263 - i_uid_write(inode, i_uid);
2264 - i_gid_write(inode, i_gid);
2265 + i_uid_write(inode, INOTAG_UID(DX_TAG(inode), i_uid, i_gid));
2266 + i_gid_write(inode, INOTAG_GID(DX_TAG(inode), i_uid, i_gid));
2267 + i_tag_write(inode, INOTAG_TAG(DX_TAG(inode), i_uid, i_gid,
2268 + le16_to_cpu(raw_inode->i_raw_tag)));
2269 set_nlink(inode, le16_to_cpu(raw_inode->i_links_count));
2270 inode->i_size = le32_to_cpu(raw_inode->i_size);
2271 inode->i_atime.tv_sec = (signed)le32_to_cpu(raw_inode->i_atime);
2272 @@ -1437,8 +1465,10 @@ static int __ext2_write_inode(struct ino
2273 struct ext2_inode_info *ei = EXT2_I(inode);
2274 struct super_block *sb = inode->i_sb;
2275 ino_t ino = inode->i_ino;
2276 - uid_t uid = i_uid_read(inode);
2277 - gid_t gid = i_gid_read(inode);
2278 + uid_t uid = from_kuid(&init_user_ns,
2279 + TAGINO_KUID(DX_TAG(inode), inode->i_uid, inode->i_tag));
2280 + gid_t gid = from_kgid(&init_user_ns,
2281 + TAGINO_KGID(DX_TAG(inode), inode->i_gid, inode->i_tag));
2282 struct buffer_head * bh;
2283 struct ext2_inode * raw_inode = ext2_get_inode(sb, ino, &bh);
2285 @@ -1474,6 +1504,9 @@ static int __ext2_write_inode(struct ino
2286 raw_inode->i_uid_high = 0;
2287 raw_inode->i_gid_high = 0;
2289 +#ifdef CONFIG_TAGGING_INTERN
2290 + raw_inode->i_raw_tag = cpu_to_le16(i_tag_read(inode));
2292 raw_inode->i_links_count = cpu_to_le16(inode->i_nlink);
2293 raw_inode->i_size = cpu_to_le32(inode->i_size);
2294 raw_inode->i_atime = cpu_to_le32(inode->i_atime.tv_sec);
2295 @@ -1554,7 +1587,8 @@ int ext2_setattr(struct dentry *dentry,
2296 if (is_quota_modification(inode, iattr))
2297 dquot_initialize(inode);
2298 if ((iattr->ia_valid & ATTR_UID && !uid_eq(iattr->ia_uid, inode->i_uid)) ||
2299 - (iattr->ia_valid & ATTR_GID && !gid_eq(iattr->ia_gid, inode->i_gid))) {
2300 + (iattr->ia_valid & ATTR_GID && !gid_eq(iattr->ia_gid, inode->i_gid)) ||
2301 + (iattr->ia_valid & ATTR_TAG && !tag_eq(iattr->ia_tag, inode->i_tag))) {
2302 error = dquot_transfer(inode, iattr);
2305 diff -NurpP --minimal linux-3.14.17/fs/ext2/ioctl.c linux-3.14.17-vs2.3.6.13/fs/ext2/ioctl.c
2306 --- linux-3.14.17/fs/ext2/ioctl.c 2014-08-14 01:38:34.000000000 +0000
2307 +++ linux-3.14.17-vs2.3.6.13/fs/ext2/ioctl.c 2014-08-30 14:27:38.000000000 +0000
2309 #include <asm/uaccess.h>
2312 +int ext2_sync_flags(struct inode *inode, int flags, int vflags)
2314 + inode->i_flags = flags;
2315 + inode->i_vflags = vflags;
2316 + ext2_get_inode_flags(EXT2_I(inode));
2317 + inode->i_ctime = CURRENT_TIME_SEC;
2318 + mark_inode_dirty(inode);
2322 long ext2_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
2324 struct inode *inode = file_inode(filp);
2325 @@ -51,6 +61,11 @@ long ext2_ioctl(struct file *filp, unsig
2327 flags = ext2_mask_flags(inode->i_mode, flags);
2329 + if (IS_BARRIER(inode)) {
2330 + vxwprintk_task(1, "messing with the barrier.");
2334 mutex_lock(&inode->i_mutex);
2335 /* Is it quota file? Do not allow user to mess with it */
2336 if (IS_NOQUOTA(inode)) {
2337 @@ -66,7 +81,9 @@ long ext2_ioctl(struct file *filp, unsig
2339 * This test looks nicer. Thanks to Pauline Middelink
2341 - if ((flags ^ oldflags) & (EXT2_APPEND_FL | EXT2_IMMUTABLE_FL)) {
2342 + if ((oldflags & EXT2_IMMUTABLE_FL) ||
2343 + ((flags ^ oldflags) & (EXT2_APPEND_FL |
2344 + EXT2_IMMUTABLE_FL | EXT2_IXUNLINK_FL))) {
2345 if (!capable(CAP_LINUX_IMMUTABLE)) {
2346 mutex_unlock(&inode->i_mutex);
2348 @@ -74,7 +91,7 @@ long ext2_ioctl(struct file *filp, unsig
2352 - flags = flags & EXT2_FL_USER_MODIFIABLE;
2353 + flags &= EXT2_FL_USER_MODIFIABLE;
2354 flags |= oldflags & ~EXT2_FL_USER_MODIFIABLE;
2355 ei->i_flags = flags;
2357 diff -NurpP --minimal linux-3.14.17/fs/ext2/namei.c linux-3.14.17-vs2.3.6.13/fs/ext2/namei.c
2358 --- linux-3.14.17/fs/ext2/namei.c 2014-08-14 01:38:34.000000000 +0000
2359 +++ linux-3.14.17-vs2.3.6.13/fs/ext2/namei.c 2014-08-30 14:27:38.000000000 +0000
2362 #include <linux/pagemap.h>
2363 #include <linux/quotaops.h>
2364 +#include <linux/vs_tag.h>
2368 @@ -73,6 +74,7 @@ static struct dentry *ext2_lookup(struct
2369 (unsigned long) ino);
2370 return ERR_PTR(-EIO);
2372 + dx_propagate_tag(nd, inode);
2374 return d_splice_alias(inode, dentry);
2376 @@ -433,6 +435,7 @@ const struct inode_operations ext2_speci
2377 .removexattr = generic_removexattr,
2379 .setattr = ext2_setattr,
2380 + .sync_flags = ext2_sync_flags,
2381 .get_acl = ext2_get_acl,
2382 .set_acl = ext2_set_acl,
2384 diff -NurpP --minimal linux-3.14.17/fs/ext2/super.c linux-3.14.17-vs2.3.6.13/fs/ext2/super.c
2385 --- linux-3.14.17/fs/ext2/super.c 2014-08-14 01:38:34.000000000 +0000
2386 +++ linux-3.14.17-vs2.3.6.13/fs/ext2/super.c 2014-08-30 14:27:38.000000000 +0000
2387 @@ -395,7 +395,8 @@ enum {
2388 Opt_err_ro, Opt_nouid32, Opt_nocheck, Opt_debug,
2389 Opt_oldalloc, Opt_orlov, Opt_nobh, Opt_user_xattr, Opt_nouser_xattr,
2390 Opt_acl, Opt_noacl, Opt_xip, Opt_ignore, Opt_err, Opt_quota,
2391 - Opt_usrquota, Opt_grpquota, Opt_reservation, Opt_noreservation
2392 + Opt_usrquota, Opt_grpquota, Opt_reservation, Opt_noreservation,
2393 + Opt_tag, Opt_notag, Opt_tagid
2396 static const match_table_t tokens = {
2397 @@ -423,6 +424,9 @@ static const match_table_t tokens = {
2399 {Opt_noacl, "noacl"},
2402 + {Opt_notag, "notag"},
2403 + {Opt_tagid, "tagid=%u"},
2404 {Opt_grpquota, "grpquota"},
2405 {Opt_ignore, "noquota"},
2406 {Opt_quota, "quota"},
2407 @@ -506,6 +510,20 @@ static int parse_options(char *options,
2409 set_opt (sbi->s_mount_opt, NO_UID32);
2411 +#ifndef CONFIG_TAGGING_NONE
2413 + set_opt (sbi->s_mount_opt, TAGGED);
2416 + clear_opt (sbi->s_mount_opt, TAGGED);
2419 +#ifdef CONFIG_PROPAGATE
2422 + set_opt (sbi->s_mount_opt, TAGGED);
2426 clear_opt (sbi->s_mount_opt, CHECK);
2428 @@ -864,6 +882,8 @@ static int ext2_fill_super(struct super_
2429 if (!parse_options((char *) data, sb))
2432 + if (EXT2_SB(sb)->s_mount_opt & EXT2_MOUNT_TAGGED)
2433 + sb->s_flags |= MS_TAGGED;
2434 sb->s_flags = (sb->s_flags & ~MS_POSIXACL) |
2435 ((EXT2_SB(sb)->s_mount_opt & EXT2_MOUNT_POSIX_ACL) ?
2437 @@ -1269,6 +1289,14 @@ static int ext2_remount (struct super_bl
2442 + if ((sbi->s_mount_opt & EXT2_MOUNT_TAGGED) &&
2443 + !(sb->s_flags & MS_TAGGED)) {
2444 + printk("EXT2-fs: %s: tagging not permitted on remount.\n",
2447 + goto restore_opts;
2450 sb->s_flags = (sb->s_flags & ~MS_POSIXACL) |
2451 ((sbi->s_mount_opt & EXT2_MOUNT_POSIX_ACL) ? MS_POSIXACL : 0);
2452 diff -NurpP --minimal linux-3.14.17/fs/ext3/ext3.h linux-3.14.17-vs2.3.6.13/fs/ext3/ext3.h
2453 --- linux-3.14.17/fs/ext3/ext3.h 2014-08-14 01:38:34.000000000 +0000
2454 +++ linux-3.14.17-vs2.3.6.13/fs/ext3/ext3.h 2014-08-30 14:27:38.000000000 +0000
2455 @@ -151,10 +151,14 @@ struct ext3_group_desc
2456 #define EXT3_NOTAIL_FL 0x00008000 /* file tail should not be merged */
2457 #define EXT3_DIRSYNC_FL 0x00010000 /* dirsync behaviour (directories only) */
2458 #define EXT3_TOPDIR_FL 0x00020000 /* Top of directory hierarchies*/
2459 +#define EXT3_IXUNLINK_FL 0x08000000 /* Immutable invert on unlink */
2460 #define EXT3_RESERVED_FL 0x80000000 /* reserved for ext3 lib */
2462 -#define EXT3_FL_USER_VISIBLE 0x0003DFFF /* User visible flags */
2463 -#define EXT3_FL_USER_MODIFIABLE 0x000380FF /* User modifiable flags */
2464 +#define EXT3_BARRIER_FL 0x04000000 /* Barrier for chroot() */
2465 +#define EXT3_COW_FL 0x20000000 /* Copy on Write marker */
2467 +#define EXT3_FL_USER_VISIBLE 0x0103DFFF /* User visible flags */
2468 +#define EXT3_FL_USER_MODIFIABLE 0x010380FF /* User modifiable flags */
2470 /* Flags that should be inherited by new inodes from their parent. */
2471 #define EXT3_FL_INHERITED (EXT3_SECRM_FL | EXT3_UNRM_FL | EXT3_COMPR_FL |\
2472 @@ -290,7 +294,8 @@ struct ext3_inode {
2474 __le16 l_i_uid_high; /* these 2 fields */
2475 __le16 l_i_gid_high; /* were reserved2[0] */
2476 - __u32 l_i_reserved2;
2477 + __le16 l_i_tag; /* Context Tag */
2478 + __u16 l_i_reserved2;
2481 __u8 h_i_frag; /* Fragment number */
2482 @@ -320,6 +325,7 @@ struct ext3_inode {
2483 #define i_gid_low i_gid
2484 #define i_uid_high osd2.linux2.l_i_uid_high
2485 #define i_gid_high osd2.linux2.l_i_gid_high
2486 +#define i_raw_tag osd2.linux2.l_i_tag
2487 #define i_reserved2 osd2.linux2.l_i_reserved2
2490 @@ -364,6 +370,7 @@ struct ext3_inode {
2491 #define EXT3_MOUNT_GRPQUOTA 0x200000 /* "old" group quota */
2492 #define EXT3_MOUNT_DATA_ERR_ABORT 0x400000 /* Abort on file data write
2493 * error in ordered mode */
2494 +#define EXT3_MOUNT_TAGGED (1<<24) /* Enable Context Tags */
2496 /* Compatibility, for having both ext2_fs.h and ext3_fs.h included at once */
2497 #ifndef _LINUX_EXT2_FS_H
2498 @@ -1061,6 +1068,7 @@ extern void ext3_get_inode_flags(struct
2499 extern void ext3_set_aops(struct inode *inode);
2500 extern int ext3_fiemap(struct inode *inode, struct fiemap_extent_info *fieinfo,
2501 u64 start, u64 len);
2502 +extern int ext3_sync_flags(struct inode *, int, int);
2505 extern long ext3_ioctl(struct file *, unsigned int, unsigned long);
2506 diff -NurpP --minimal linux-3.14.17/fs/ext3/file.c linux-3.14.17-vs2.3.6.13/fs/ext3/file.c
2507 --- linux-3.14.17/fs/ext3/file.c 2014-08-14 01:38:34.000000000 +0000
2508 +++ linux-3.14.17-vs2.3.6.13/fs/ext3/file.c 2014-08-30 14:27:38.000000000 +0000
2509 @@ -77,5 +77,6 @@ const struct inode_operations ext3_file_
2510 .get_acl = ext3_get_acl,
2511 .set_acl = ext3_set_acl,
2512 .fiemap = ext3_fiemap,
2513 + .sync_flags = ext3_sync_flags,
2516 diff -NurpP --minimal linux-3.14.17/fs/ext3/ialloc.c linux-3.14.17-vs2.3.6.13/fs/ext3/ialloc.c
2517 --- linux-3.14.17/fs/ext3/ialloc.c 2014-08-14 01:38:34.000000000 +0000
2518 +++ linux-3.14.17-vs2.3.6.13/fs/ext3/ialloc.c 2014-08-30 14:27:38.000000000 +0000
2521 #include <linux/quotaops.h>
2522 #include <linux/random.h>
2523 +#include <linux/vs_tag.h>
2527 @@ -469,6 +470,7 @@ got:
2528 inode->i_mode = mode;
2529 inode->i_uid = current_fsuid();
2530 inode->i_gid = dir->i_gid;
2531 + i_tag_write(inode, dx_current_fstag(sb));
2533 inode_init_owner(inode, dir, mode);
2535 diff -NurpP --minimal linux-3.14.17/fs/ext3/inode.c linux-3.14.17-vs2.3.6.13/fs/ext3/inode.c
2536 --- linux-3.14.17/fs/ext3/inode.c 2014-08-14 01:38:34.000000000 +0000
2537 +++ linux-3.14.17-vs2.3.6.13/fs/ext3/inode.c 2014-08-30 14:27:38.000000000 +0000
2539 #include <linux/mpage.h>
2540 #include <linux/namei.h>
2541 #include <linux/aio.h>
2542 +#include <linux/vs_tag.h>
2547 @@ -2855,36 +2857,60 @@ void ext3_set_inode_flags(struct inode *
2549 unsigned int flags = EXT3_I(inode)->i_flags;
2551 - inode->i_flags &= ~(S_SYNC|S_APPEND|S_IMMUTABLE|S_NOATIME|S_DIRSYNC);
2552 + inode->i_flags &= ~(S_IMMUTABLE | S_IXUNLINK |
2553 + S_SYNC | S_APPEND | S_NOATIME | S_DIRSYNC);
2555 + if (flags & EXT3_IMMUTABLE_FL)
2556 + inode->i_flags |= S_IMMUTABLE;
2557 + if (flags & EXT3_IXUNLINK_FL)
2558 + inode->i_flags |= S_IXUNLINK;
2560 if (flags & EXT3_SYNC_FL)
2561 inode->i_flags |= S_SYNC;
2562 if (flags & EXT3_APPEND_FL)
2563 inode->i_flags |= S_APPEND;
2564 - if (flags & EXT3_IMMUTABLE_FL)
2565 - inode->i_flags |= S_IMMUTABLE;
2566 if (flags & EXT3_NOATIME_FL)
2567 inode->i_flags |= S_NOATIME;
2568 if (flags & EXT3_DIRSYNC_FL)
2569 inode->i_flags |= S_DIRSYNC;
2571 + inode->i_vflags &= ~(V_BARRIER | V_COW);
2573 + if (flags & EXT3_BARRIER_FL)
2574 + inode->i_vflags |= V_BARRIER;
2575 + if (flags & EXT3_COW_FL)
2576 + inode->i_vflags |= V_COW;
2579 /* Propagate flags from i_flags to EXT3_I(inode)->i_flags */
2580 void ext3_get_inode_flags(struct ext3_inode_info *ei)
2582 unsigned int flags = ei->vfs_inode.i_flags;
2583 + unsigned int vflags = ei->vfs_inode.i_vflags;
2585 + ei->i_flags &= ~(EXT3_SYNC_FL | EXT3_APPEND_FL |
2586 + EXT3_IMMUTABLE_FL | EXT3_IXUNLINK_FL |
2587 + EXT3_NOATIME_FL | EXT3_DIRSYNC_FL |
2588 + EXT3_BARRIER_FL | EXT3_COW_FL);
2590 + if (flags & S_IMMUTABLE)
2591 + ei->i_flags |= EXT3_IMMUTABLE_FL;
2592 + if (flags & S_IXUNLINK)
2593 + ei->i_flags |= EXT3_IXUNLINK_FL;
2595 - ei->i_flags &= ~(EXT3_SYNC_FL|EXT3_APPEND_FL|
2596 - EXT3_IMMUTABLE_FL|EXT3_NOATIME_FL|EXT3_DIRSYNC_FL);
2598 ei->i_flags |= EXT3_SYNC_FL;
2599 if (flags & S_APPEND)
2600 ei->i_flags |= EXT3_APPEND_FL;
2601 - if (flags & S_IMMUTABLE)
2602 - ei->i_flags |= EXT3_IMMUTABLE_FL;
2603 if (flags & S_NOATIME)
2604 ei->i_flags |= EXT3_NOATIME_FL;
2605 if (flags & S_DIRSYNC)
2606 ei->i_flags |= EXT3_DIRSYNC_FL;
2608 + if (vflags & V_BARRIER)
2609 + ei->i_flags |= EXT3_BARRIER_FL;
2610 + if (vflags & V_COW)
2611 + ei->i_flags |= EXT3_COW_FL;
2614 struct inode *ext3_iget(struct super_block *sb, unsigned long ino)
2615 @@ -2922,8 +2948,10 @@ struct inode *ext3_iget(struct super_blo
2616 i_uid |= le16_to_cpu(raw_inode->i_uid_high) << 16;
2617 i_gid |= le16_to_cpu(raw_inode->i_gid_high) << 16;
2619 - i_uid_write(inode, i_uid);
2620 - i_gid_write(inode, i_gid);
2621 + i_uid_write(inode, INOTAG_UID(DX_TAG(inode), i_uid, i_gid));
2622 + i_gid_write(inode, INOTAG_GID(DX_TAG(inode), i_uid, i_gid));
2623 + i_tag_write(inode, INOTAG_TAG(DX_TAG(inode), i_uid, i_gid,
2624 + le16_to_cpu(raw_inode->i_raw_tag)));
2625 set_nlink(inode, le16_to_cpu(raw_inode->i_links_count));
2626 inode->i_size = le32_to_cpu(raw_inode->i_size);
2627 inode->i_atime.tv_sec = (signed)le32_to_cpu(raw_inode->i_atime);
2628 @@ -3095,8 +3123,10 @@ again:
2630 ext3_get_inode_flags(ei);
2631 raw_inode->i_mode = cpu_to_le16(inode->i_mode);
2632 - i_uid = i_uid_read(inode);
2633 - i_gid = i_gid_read(inode);
2634 + i_uid = from_kuid(&init_user_ns,
2635 + TAGINO_KUID(DX_TAG(inode), inode->i_uid, inode->i_tag));
2636 + i_gid = from_kgid(&init_user_ns,
2637 + TAGINO_KGID(DX_TAG(inode), inode->i_gid, inode->i_tag));
2638 if(!(test_opt(inode->i_sb, NO_UID32))) {
2639 raw_inode->i_uid_low = cpu_to_le16(low_16_bits(i_uid));
2640 raw_inode->i_gid_low = cpu_to_le16(low_16_bits(i_gid));
2641 @@ -3121,6 +3151,9 @@ again:
2642 raw_inode->i_uid_high = 0;
2643 raw_inode->i_gid_high = 0;
2645 +#ifdef CONFIG_TAGGING_INTERN
2646 + raw_inode->i_raw_tag = cpu_to_le16(i_tag_read(inode));
2648 raw_inode->i_links_count = cpu_to_le16(inode->i_nlink);
2649 disksize = cpu_to_le32(ei->i_disksize);
2650 if (disksize != raw_inode->i_size) {
2651 @@ -3289,7 +3322,8 @@ int ext3_setattr(struct dentry *dentry,
2652 if (is_quota_modification(inode, attr))
2653 dquot_initialize(inode);
2654 if ((ia_valid & ATTR_UID && !uid_eq(attr->ia_uid, inode->i_uid)) ||
2655 - (ia_valid & ATTR_GID && !gid_eq(attr->ia_gid, inode->i_gid))) {
2656 + (ia_valid & ATTR_GID && !gid_eq(attr->ia_gid, inode->i_gid)) ||
2657 + (ia_valid & ATTR_TAG && !tag_eq(attr->ia_tag, inode->i_tag))) {
2660 /* (user+group)*(old+new) structure, inode write (sb,
2661 @@ -3311,6 +3345,8 @@ int ext3_setattr(struct dentry *dentry,
2662 inode->i_uid = attr->ia_uid;
2663 if (attr->ia_valid & ATTR_GID)
2664 inode->i_gid = attr->ia_gid;
2665 + if ((attr->ia_valid & ATTR_TAG) && IS_TAGGED(inode))
2666 + inode->i_tag = attr->ia_tag;
2667 error = ext3_mark_inode_dirty(handle, inode);
2668 ext3_journal_stop(handle);
2670 diff -NurpP --minimal linux-3.14.17/fs/ext3/ioctl.c linux-3.14.17-vs2.3.6.13/fs/ext3/ioctl.c
2671 --- linux-3.14.17/fs/ext3/ioctl.c 2014-08-14 01:38:34.000000000 +0000
2672 +++ linux-3.14.17-vs2.3.6.13/fs/ext3/ioctl.c 2014-08-30 14:27:38.000000000 +0000
2674 #include <asm/uaccess.h>
2678 +int ext3_sync_flags(struct inode *inode, int flags, int vflags)
2680 + handle_t *handle = NULL;
2681 + struct ext3_iloc iloc;
2684 + handle = ext3_journal_start(inode, 1);
2685 + if (IS_ERR(handle))
2686 + return PTR_ERR(handle);
2688 + if (IS_SYNC(inode))
2689 + handle->h_sync = 1;
2690 + err = ext3_reserve_inode_write(handle, inode, &iloc);
2694 + inode->i_flags = flags;
2695 + inode->i_vflags = vflags;
2696 + ext3_get_inode_flags(EXT3_I(inode));
2697 + inode->i_ctime = CURRENT_TIME_SEC;
2699 + err = ext3_mark_iloc_dirty(handle, inode, &iloc);
2701 + ext3_journal_stop(handle);
2705 long ext3_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
2707 struct inode *inode = file_inode(filp);
2708 @@ -45,6 +73,11 @@ long ext3_ioctl(struct file *filp, unsig
2710 flags = ext3_mask_flags(inode->i_mode, flags);
2712 + if (IS_BARRIER(inode)) {
2713 + vxwprintk_task(1, "messing with the barrier.");
2717 mutex_lock(&inode->i_mutex);
2719 /* Is it quota file? Do not allow user to mess with it */
2720 @@ -63,7 +96,9 @@ long ext3_ioctl(struct file *filp, unsig
2722 * This test looks nicer. Thanks to Pauline Middelink
2724 - if ((flags ^ oldflags) & (EXT3_APPEND_FL | EXT3_IMMUTABLE_FL)) {
2725 + if ((oldflags & EXT3_IMMUTABLE_FL) ||
2726 + ((flags ^ oldflags) & (EXT3_APPEND_FL |
2727 + EXT3_IMMUTABLE_FL | EXT3_IXUNLINK_FL))) {
2728 if (!capable(CAP_LINUX_IMMUTABLE))
2731 @@ -88,7 +123,7 @@ long ext3_ioctl(struct file *filp, unsig
2735 - flags = flags & EXT3_FL_USER_MODIFIABLE;
2736 + flags &= EXT3_FL_USER_MODIFIABLE;
2737 flags |= oldflags & ~EXT3_FL_USER_MODIFIABLE;
2738 ei->i_flags = flags;
2740 diff -NurpP --minimal linux-3.14.17/fs/ext3/namei.c linux-3.14.17-vs2.3.6.13/fs/ext3/namei.c
2741 --- linux-3.14.17/fs/ext3/namei.c 2014-08-14 01:38:34.000000000 +0000
2742 +++ linux-3.14.17-vs2.3.6.13/fs/ext3/namei.c 2014-08-30 14:27:38.000000000 +0000
2746 #include <linux/quotaops.h>
2747 +#include <linux/vs_tag.h>
2752 @@ -915,6 +917,7 @@ restart:
2753 submit_bh(READ | REQ_META | REQ_PRIO,
2756 + dx_propagate_tag(nd, inode);
2759 if ((bh = bh_use[ra_ptr++]) == NULL)
2760 @@ -2568,6 +2571,7 @@ const struct inode_operations ext3_dir_i
2761 .listxattr = ext3_listxattr,
2762 .removexattr = generic_removexattr,
2764 + .sync_flags = ext3_sync_flags,
2765 .get_acl = ext3_get_acl,
2766 .set_acl = ext3_set_acl,
2768 diff -NurpP --minimal linux-3.14.17/fs/ext3/super.c linux-3.14.17-vs2.3.6.13/fs/ext3/super.c
2769 --- linux-3.14.17/fs/ext3/super.c 2014-08-14 01:38:34.000000000 +0000
2770 +++ linux-3.14.17-vs2.3.6.13/fs/ext3/super.c 2014-08-30 14:27:38.000000000 +0000
2771 @@ -826,7 +826,8 @@ enum {
2772 Opt_usrjquota, Opt_grpjquota, Opt_offusrjquota, Opt_offgrpjquota,
2773 Opt_jqfmt_vfsold, Opt_jqfmt_vfsv0, Opt_jqfmt_vfsv1, Opt_quota,
2774 Opt_noquota, Opt_ignore, Opt_barrier, Opt_nobarrier, Opt_err,
2775 - Opt_resize, Opt_usrquota, Opt_grpquota
2776 + Opt_resize, Opt_usrquota, Opt_grpquota,
2777 + Opt_tag, Opt_notag, Opt_tagid
2780 static const match_table_t tokens = {
2781 @@ -884,6 +885,9 @@ static const match_table_t tokens = {
2782 {Opt_barrier, "barrier"},
2783 {Opt_nobarrier, "nobarrier"},
2784 {Opt_resize, "resize"},
2786 + {Opt_notag, "notag"},
2787 + {Opt_tagid, "tagid=%u"},
2791 @@ -1056,6 +1060,20 @@ static int parse_options (char *options,
2793 set_opt (sbi->s_mount_opt, NO_UID32);
2795 +#ifndef CONFIG_TAGGING_NONE
2797 + set_opt (sbi->s_mount_opt, TAGGED);
2800 + clear_opt (sbi->s_mount_opt, TAGGED);
2803 +#ifdef CONFIG_PROPAGATE
2806 + set_opt (sbi->s_mount_opt, TAGGED);
2810 clear_opt (sbi->s_mount_opt, CHECK);
2812 @@ -1788,6 +1806,9 @@ static int ext3_fill_super (struct super
2816 + if (EXT3_SB(sb)->s_mount_opt & EXT3_MOUNT_TAGGED)
2817 + sb->s_flags |= MS_TAGGED;
2819 sb->s_flags = (sb->s_flags & ~MS_POSIXACL) |
2820 (test_opt(sb, POSIX_ACL) ? MS_POSIXACL : 0);
2822 @@ -2683,6 +2704,14 @@ static int ext3_remount (struct super_bl
2823 if (test_opt(sb, ABORT))
2824 ext3_abort(sb, __func__, "Abort forced by user");
2826 + if ((sbi->s_mount_opt & EXT3_MOUNT_TAGGED) &&
2827 + !(sb->s_flags & MS_TAGGED)) {
2828 + printk("EXT3-fs: %s: tagging not permitted on remount.\n",
2831 + goto restore_opts;
2834 sb->s_flags = (sb->s_flags & ~MS_POSIXACL) |
2835 (test_opt(sb, POSIX_ACL) ? MS_POSIXACL : 0);
2837 diff -NurpP --minimal linux-3.14.17/fs/ext4/ext4.h linux-3.14.17-vs2.3.6.13/fs/ext4/ext4.h
2838 --- linux-3.14.17/fs/ext4/ext4.h 2014-08-14 01:38:34.000000000 +0000
2839 +++ linux-3.14.17-vs2.3.6.13/fs/ext4/ext4.h 2014-08-30 14:27:38.000000000 +0000
2840 @@ -385,7 +385,10 @@ struct flex_groups {
2841 #define EXT4_EXTENTS_FL 0x00080000 /* Inode uses extents */
2842 #define EXT4_EA_INODE_FL 0x00200000 /* Inode used for large EA */
2843 #define EXT4_EOFBLOCKS_FL 0x00400000 /* Blocks allocated beyond EOF */
2844 +#define EXT4_BARRIER_FL 0x04000000 /* Barrier for chroot() */
2845 +#define EXT4_IXUNLINK_FL 0x08000000 /* Immutable invert on unlink */
2846 #define EXT4_INLINE_DATA_FL 0x10000000 /* Inode has inline data. */
2847 +#define EXT4_COW_FL 0x20000000 /* Copy on Write marker */
2848 #define EXT4_RESERVED_FL 0x80000000 /* reserved for ext4 lib */
2850 #define EXT4_FL_USER_VISIBLE 0x004BDFFF /* User visible flags */
2851 @@ -670,7 +673,7 @@ struct ext4_inode {
2852 __le16 l_i_uid_high; /* these 2 fields */
2853 __le16 l_i_gid_high; /* were reserved2[0] */
2854 __le16 l_i_checksum_lo;/* crc32c(uuid+inum+inode) LE */
2855 - __le16 l_i_reserved;
2856 + __le16 l_i_tag; /* Context Tag */
2859 __le16 h_i_reserved1; /* Obsoleted fragment number/size which are removed in ext4 */
2860 @@ -790,6 +793,7 @@ do { \
2861 #define i_gid_low i_gid
2862 #define i_uid_high osd2.linux2.l_i_uid_high
2863 #define i_gid_high osd2.linux2.l_i_gid_high
2864 +#define i_raw_tag osd2.linux2.l_i_tag
2865 #define i_checksum_lo osd2.linux2.l_i_checksum_lo
2867 #elif defined(__GNU__)
2868 @@ -976,6 +980,7 @@ struct ext4_inode_info {
2869 #define EXT4_MOUNT_POSIX_ACL 0x08000 /* POSIX Access Control Lists */
2870 #define EXT4_MOUNT_NO_AUTO_DA_ALLOC 0x10000 /* No auto delalloc mapping */
2871 #define EXT4_MOUNT_BARRIER 0x20000 /* Use block barriers */
2872 +#define EXT4_MOUNT_TAGGED 0x40000 /* Enable Context Tags */
2873 #define EXT4_MOUNT_QUOTA 0x80000 /* Some quota option set */
2874 #define EXT4_MOUNT_USRQUOTA 0x100000 /* "old" user quota */
2875 #define EXT4_MOUNT_GRPQUOTA 0x200000 /* "old" group quota */
2876 @@ -2636,6 +2641,7 @@ extern struct buffer_head *ext4_get_firs
2877 extern int ext4_inline_data_fiemap(struct inode *inode,
2878 struct fiemap_extent_info *fieinfo,
2880 +extern int ext4_sync_flags(struct inode *, int, int);
2881 extern int ext4_try_to_evict_inline_data(handle_t *handle,
2882 struct inode *inode,
2884 diff -NurpP --minimal linux-3.14.17/fs/ext4/file.c linux-3.14.17-vs2.3.6.13/fs/ext4/file.c
2885 --- linux-3.14.17/fs/ext4/file.c 2014-08-14 01:38:34.000000000 +0000
2886 +++ linux-3.14.17-vs2.3.6.13/fs/ext4/file.c 2014-08-30 14:27:38.000000000 +0000
2887 @@ -619,5 +619,6 @@ const struct inode_operations ext4_file_
2888 .get_acl = ext4_get_acl,
2889 .set_acl = ext4_set_acl,
2890 .fiemap = ext4_fiemap,
2891 + .sync_flags = ext4_sync_flags,
2894 diff -NurpP --minimal linux-3.14.17/fs/ext4/ialloc.c linux-3.14.17-vs2.3.6.13/fs/ext4/ialloc.c
2895 --- linux-3.14.17/fs/ext4/ialloc.c 2014-08-14 01:38:34.000000000 +0000
2896 +++ linux-3.14.17-vs2.3.6.13/fs/ext4/ialloc.c 2014-08-30 14:27:38.000000000 +0000
2898 #include <linux/random.h>
2899 #include <linux/bitops.h>
2900 #include <linux/blkdev.h>
2901 +#include <linux/vs_tag.h>
2902 #include <asm/byteorder.h>
2905 @@ -731,6 +732,7 @@ struct inode *__ext4_new_inode(handle_t
2906 inode->i_mode = mode;
2907 inode->i_uid = current_fsuid();
2908 inode->i_gid = dir->i_gid;
2909 + i_tag_write(inode, dx_current_fstag(sb));
2911 inode_init_owner(inode, dir, mode);
2912 dquot_initialize(inode);
2913 diff -NurpP --minimal linux-3.14.17/fs/ext4/inode.c linux-3.14.17-vs2.3.6.13/fs/ext4/inode.c
2914 --- linux-3.14.17/fs/ext4/inode.c 2014-08-14 01:38:34.000000000 +0000
2915 +++ linux-3.14.17-vs2.3.6.13/fs/ext4/inode.c 2014-08-30 14:27:38.000000000 +0000
2917 #include <linux/ratelimit.h>
2918 #include <linux/aio.h>
2919 #include <linux/bitops.h>
2920 +#include <linux/vs_tag.h>
2922 #include "ext4_jbd2.h"
2924 @@ -3940,42 +3941,67 @@ void ext4_set_inode_flags(struct inode *
2925 unsigned int flags = EXT4_I(inode)->i_flags;
2926 unsigned int new_fl = 0;
2928 + if (flags & EXT4_IMMUTABLE_FL)
2929 + new_fl |= S_IMMUTABLE;
2930 + if (flags & EXT4_IXUNLINK_FL)
2931 + new_fl |= S_IXUNLINK;
2933 if (flags & EXT4_SYNC_FL)
2935 if (flags & EXT4_APPEND_FL)
2937 - if (flags & EXT4_IMMUTABLE_FL)
2938 - new_fl |= S_IMMUTABLE;
2939 if (flags & EXT4_NOATIME_FL)
2940 new_fl |= S_NOATIME;
2941 if (flags & EXT4_DIRSYNC_FL)
2942 new_fl |= S_DIRSYNC;
2944 set_mask_bits(&inode->i_flags,
2945 - S_SYNC|S_APPEND|S_IMMUTABLE|S_NOATIME|S_DIRSYNC, new_fl);
2946 + S_IXUNLINK | S_IMMUTABLE |
2947 + S_SYNC | S_APPEND | S_NOATIME | S_DIRSYNC, new_fl);
2950 + if (flags & EXT4_BARRIER_FL)
2951 + new_fl |= V_BARRIER;
2952 + if (flags & EXT4_COW_FL)
2955 + set_mask_bits(&inode->i_vflags,
2956 + V_BARRIER | V_COW, new_fl);
2959 /* Propagate flags from i_flags to EXT4_I(inode)->i_flags */
2960 void ext4_get_inode_flags(struct ext4_inode_info *ei)
2962 - unsigned int vfs_fl;
2963 + unsigned int vfs_fl, vfs_vf;
2964 unsigned long old_fl, new_fl;
2967 vfs_fl = ei->vfs_inode.i_flags;
2968 + vfs_vf = ei->vfs_inode.i_vflags;
2969 old_fl = ei->i_flags;
2970 new_fl = old_fl & ~(EXT4_SYNC_FL|EXT4_APPEND_FL|
2971 EXT4_IMMUTABLE_FL|EXT4_NOATIME_FL|
2973 + EXT4_DIRSYNC_FL|EXT4_BARRIER_FL|
2976 + if (vfs_fl & S_IMMUTABLE)
2977 + new_fl |= EXT4_IMMUTABLE_FL;
2978 + if (vfs_fl & S_IXUNLINK)
2979 + new_fl |= EXT4_IXUNLINK_FL;
2981 if (vfs_fl & S_SYNC)
2982 new_fl |= EXT4_SYNC_FL;
2983 if (vfs_fl & S_APPEND)
2984 new_fl |= EXT4_APPEND_FL;
2985 - if (vfs_fl & S_IMMUTABLE)
2986 - new_fl |= EXT4_IMMUTABLE_FL;
2987 if (vfs_fl & S_NOATIME)
2988 new_fl |= EXT4_NOATIME_FL;
2989 if (vfs_fl & S_DIRSYNC)
2990 new_fl |= EXT4_DIRSYNC_FL;
2992 + if (vfs_vf & V_BARRIER)
2993 + new_fl |= EXT4_BARRIER_FL;
2994 + if (vfs_vf & V_COW)
2995 + new_fl |= EXT4_COW_FL;
2996 } while (cmpxchg(&ei->i_flags, old_fl, new_fl) != old_fl);
2999 @@ -4080,8 +4106,10 @@ struct inode *ext4_iget(struct super_blo
3000 i_uid |= le16_to_cpu(raw_inode->i_uid_high) << 16;
3001 i_gid |= le16_to_cpu(raw_inode->i_gid_high) << 16;
3003 - i_uid_write(inode, i_uid);
3004 - i_gid_write(inode, i_gid);
3005 + i_uid_write(inode, INOTAG_UID(DX_TAG(inode), i_uid, i_gid));
3006 + i_gid_write(inode, INOTAG_GID(DX_TAG(inode), i_uid, i_gid));
3007 + i_tag_write(inode, INOTAG_TAG(DX_TAG(inode), i_uid, i_gid,
3008 + le16_to_cpu(raw_inode->i_raw_tag)));
3009 set_nlink(inode, le16_to_cpu(raw_inode->i_links_count));
3011 ext4_clear_state_flags(ei); /* Only relevant on 32-bit archs */
3012 @@ -4309,8 +4337,10 @@ static int ext4_do_update_inode(handle_t
3014 ext4_get_inode_flags(ei);
3015 raw_inode->i_mode = cpu_to_le16(inode->i_mode);
3016 - i_uid = i_uid_read(inode);
3017 - i_gid = i_gid_read(inode);
3018 + i_uid = from_kuid(&init_user_ns,
3019 + TAGINO_KUID(DX_TAG(inode), inode->i_uid, inode->i_tag));
3020 + i_gid = from_kgid(&init_user_ns,
3021 + TAGINO_KGID(DX_TAG(inode), inode->i_gid, inode->i_tag));
3022 if (!(test_opt(inode->i_sb, NO_UID32))) {
3023 raw_inode->i_uid_low = cpu_to_le16(low_16_bits(i_uid));
3024 raw_inode->i_gid_low = cpu_to_le16(low_16_bits(i_gid));
3025 @@ -4333,6 +4363,9 @@ static int ext4_do_update_inode(handle_t
3026 raw_inode->i_uid_high = 0;
3027 raw_inode->i_gid_high = 0;
3029 +#ifdef CONFIG_TAGGING_INTERN
3030 + raw_inode->i_raw_tag = cpu_to_le16(i_tag_read(inode));
3032 raw_inode->i_links_count = cpu_to_le16(inode->i_nlink);
3034 EXT4_INODE_SET_XTIME(i_ctime, inode, raw_inode);
3035 @@ -4564,7 +4597,8 @@ int ext4_setattr(struct dentry *dentry,
3036 if (is_quota_modification(inode, attr))
3037 dquot_initialize(inode);
3038 if ((ia_valid & ATTR_UID && !uid_eq(attr->ia_uid, inode->i_uid)) ||
3039 - (ia_valid & ATTR_GID && !gid_eq(attr->ia_gid, inode->i_gid))) {
3040 + (ia_valid & ATTR_GID && !gid_eq(attr->ia_gid, inode->i_gid)) ||
3041 + (ia_valid & ATTR_TAG && !tag_eq(attr->ia_tag, inode->i_tag))) {
3044 /* (user+group)*(old+new) structure, inode write (sb,
3045 @@ -4587,6 +4621,8 @@ int ext4_setattr(struct dentry *dentry,
3046 inode->i_uid = attr->ia_uid;
3047 if (attr->ia_valid & ATTR_GID)
3048 inode->i_gid = attr->ia_gid;
3049 + if ((attr->ia_valid & ATTR_TAG) && IS_TAGGED(inode))
3050 + inode->i_tag = attr->ia_tag;
3051 error = ext4_mark_inode_dirty(handle, inode);
3052 ext4_journal_stop(handle);
3054 diff -NurpP --minimal linux-3.14.17/fs/ext4/ioctl.c linux-3.14.17-vs2.3.6.13/fs/ext4/ioctl.c
3055 --- linux-3.14.17/fs/ext4/ioctl.c 2014-08-14 01:38:34.000000000 +0000
3056 +++ linux-3.14.17-vs2.3.6.13/fs/ext4/ioctl.c 2014-08-30 14:27:38.000000000 +0000
3058 #include <linux/compat.h>
3059 #include <linux/mount.h>
3060 #include <linux/file.h>
3061 +#include <linux/vs_tag.h>
3062 #include <asm/uaccess.h>
3063 #include "ext4_jbd2.h"
3065 @@ -210,6 +211,33 @@ swap_boot_out:
3069 +int ext4_sync_flags(struct inode *inode, int flags, int vflags)
3071 + handle_t *handle = NULL;
3072 + struct ext4_iloc iloc;
3075 + handle = ext4_journal_start(inode, EXT4_HT_INODE, 1);
3076 + if (IS_ERR(handle))
3077 + return PTR_ERR(handle);
3079 + if (IS_SYNC(inode))
3080 + ext4_handle_sync(handle);
3081 + err = ext4_reserve_inode_write(handle, inode, &iloc);
3085 + inode->i_flags = flags;
3086 + inode->i_vflags = vflags;
3087 + ext4_get_inode_flags(EXT4_I(inode));
3088 + inode->i_ctime = ext4_current_time(inode);
3090 + err = ext4_mark_iloc_dirty(handle, inode, &iloc);
3092 + ext4_journal_stop(handle);
3096 long ext4_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
3098 struct inode *inode = file_inode(filp);
3099 @@ -243,6 +271,11 @@ long ext4_ioctl(struct file *filp, unsig
3101 flags = ext4_mask_flags(inode->i_mode, flags);
3103 + if (IS_BARRIER(inode)) {
3104 + vxwprintk_task(1, "messing with the barrier.");
3109 mutex_lock(&inode->i_mutex);
3110 /* Is it quota file? Do not allow user to mess with it */
3111 @@ -260,7 +293,9 @@ long ext4_ioctl(struct file *filp, unsig
3113 * This test looks nicer. Thanks to Pauline Middelink
3115 - if ((flags ^ oldflags) & (EXT4_APPEND_FL | EXT4_IMMUTABLE_FL)) {
3116 + if ((oldflags & EXT4_IMMUTABLE_FL) ||
3117 + ((flags ^ oldflags) & (EXT4_APPEND_FL |
3118 + EXT4_IMMUTABLE_FL | EXT4_IXUNLINK_FL))) {
3119 if (!capable(CAP_LINUX_IMMUTABLE))
3122 diff -NurpP --minimal linux-3.14.17/fs/ext4/namei.c linux-3.14.17-vs2.3.6.13/fs/ext4/namei.c
3123 --- linux-3.14.17/fs/ext4/namei.c 2014-08-14 01:38:34.000000000 +0000
3124 +++ linux-3.14.17-vs2.3.6.13/fs/ext4/namei.c 2014-08-30 14:27:38.000000000 +0000
3126 #include <linux/quotaops.h>
3127 #include <linux/buffer_head.h>
3128 #include <linux/bio.h>
3129 +#include <linux/vs_tag.h>
3131 #include "ext4_jbd2.h"
3133 @@ -1299,6 +1300,7 @@ restart:
3134 ll_rw_block(READ | REQ_META | REQ_PRIO,
3137 + dx_propagate_tag(nd, inode);
3139 if ((bh = bh_use[ra_ptr++]) == NULL)
3141 @@ -3226,6 +3228,7 @@ const struct inode_operations ext4_dir_i
3142 .get_acl = ext4_get_acl,
3143 .set_acl = ext4_set_acl,
3144 .fiemap = ext4_fiemap,
3145 + .sync_flags = ext4_sync_flags,
3148 const struct inode_operations ext4_special_inode_operations = {
3149 diff -NurpP --minimal linux-3.14.17/fs/ext4/super.c linux-3.14.17-vs2.3.6.13/fs/ext4/super.c
3150 --- linux-3.14.17/fs/ext4/super.c 2014-08-14 01:38:34.000000000 +0000
3151 +++ linux-3.14.17-vs2.3.6.13/fs/ext4/super.c 2014-08-30 14:27:38.000000000 +0000
3152 @@ -1162,7 +1162,7 @@ enum {
3153 Opt_inode_readahead_blks, Opt_journal_ioprio,
3154 Opt_dioread_nolock, Opt_dioread_lock,
3155 Opt_discard, Opt_nodiscard, Opt_init_itable, Opt_noinit_itable,
3156 - Opt_max_dir_size_kb,
3157 + Opt_max_dir_size_kb, Opt_tag, Opt_notag, Opt_tagid
3160 static const match_table_t tokens = {
3161 @@ -1243,6 +1243,9 @@ static const match_table_t tokens = {
3162 {Opt_removed, "reservation"}, /* mount option from ext2/3 */
3163 {Opt_removed, "noreservation"}, /* mount option from ext2/3 */
3164 {Opt_removed, "journal=%u"}, /* mount option from ext2/3 */
3166 + {Opt_notag, "notag"},
3167 + {Opt_tagid, "tagid=%u"},
3171 @@ -1475,6 +1478,20 @@ static int handle_mount_opt(struct super
3173 sb->s_flags |= MS_I_VERSION;
3175 +#ifndef CONFIG_TAGGING_NONE
3177 + set_opt(sb, TAGGED);
3180 + clear_opt(sb, TAGGED);
3183 +#ifdef CONFIG_PROPAGATE
3186 + set_opt(sb, TAGGED);
3191 for (m = ext4_mount_opts; m->token != Opt_err; m++)
3192 @@ -3563,6 +3580,9 @@ static int ext4_fill_super(struct super_
3193 clear_opt(sb, DELALLOC);
3196 + if (EXT4_SB(sb)->s_mount_opt & EXT4_MOUNT_TAGGED)
3197 + sb->s_flags |= MS_TAGGED;
3199 sb->s_flags = (sb->s_flags & ~MS_POSIXACL) |
3200 (test_opt(sb, POSIX_ACL) ? MS_POSIXACL : 0);
3202 @@ -4817,6 +4837,14 @@ static int ext4_remount(struct super_blo
3203 if (sbi->s_mount_flags & EXT4_MF_FS_ABORTED)
3204 ext4_abort(sb, "Abort forced by user");
3206 + if ((sbi->s_mount_opt & EXT4_MOUNT_TAGGED) &&
3207 + !(sb->s_flags & MS_TAGGED)) {
3208 + printk("EXT4-fs: %s: tagging not permitted on remount.\n",
3211 + goto restore_opts;
3214 sb->s_flags = (sb->s_flags & ~MS_POSIXACL) |
3215 (test_opt(sb, POSIX_ACL) ? MS_POSIXACL : 0);
3217 diff -NurpP --minimal linux-3.14.17/fs/fcntl.c linux-3.14.17-vs2.3.6.13/fs/fcntl.c
3218 --- linux-3.14.17/fs/fcntl.c 2014-08-14 01:38:34.000000000 +0000
3219 +++ linux-3.14.17-vs2.3.6.13/fs/fcntl.c 2014-08-30 14:27:38.000000000 +0000
3221 #include <linux/rcupdate.h>
3222 #include <linux/pid_namespace.h>
3223 #include <linux/user_namespace.h>
3224 +#include <linux/vs_limit.h>
3226 #include <asm/poll.h>
3227 #include <asm/siginfo.h>
3228 @@ -377,6 +378,8 @@ SYSCALL_DEFINE3(fcntl64, unsigned int, f
3232 + if (!vx_files_avail(1))
3235 if (unlikely(f.file->f_mode & FMODE_PATH)) {
3236 if (!check_fcntl_cmd(cmd))
3237 diff -NurpP --minimal linux-3.14.17/fs/file.c linux-3.14.17-vs2.3.6.13/fs/file.c
3238 --- linux-3.14.17/fs/file.c 2014-08-14 01:38:34.000000000 +0000
3239 +++ linux-3.14.17-vs2.3.6.13/fs/file.c 2014-08-30 14:27:38.000000000 +0000
3241 #include <linux/spinlock.h>
3242 #include <linux/rcupdate.h>
3243 #include <linux/workqueue.h>
3244 +#include <linux/vs_limit.h>
3246 int sysctl_nr_open __read_mostly = 1024*1024;
3247 int sysctl_nr_open_min = BITS_PER_LONG;
3248 @@ -311,6 +312,8 @@ struct files_struct *dup_fd(struct files
3249 struct file *f = *old_fds++;
3252 + /* TODO: sum it first for check and performance */
3253 + vx_openfd_inc(open_files - i);
3256 * The fd may be claimed in the fd bitmap but not yet
3257 @@ -371,9 +374,11 @@ static struct fdtable *close_files(struc
3258 filp_close(file, files);
3269 @@ -495,6 +500,7 @@ repeat:
3271 __clear_close_on_exec(fd, fdt);
3273 + vx_openfd_inc(fd);
3276 if (rcu_dereference_raw(fdt->fd[fd]) != NULL) {
3277 @@ -525,6 +531,7 @@ static void __put_unused_fd(struct files
3278 __clear_open_fd(fd, fdt);
3279 if (fd < files->next_fd)
3280 files->next_fd = fd;
3281 + vx_openfd_dec(fd);
3284 void put_unused_fd(unsigned int fd)
3285 @@ -791,6 +798,8 @@ static int do_dup2(struct files_struct *
3288 filp_close(tofree, files);
3290 + vx_openfd_inc(fd); /* fd was unused */
3294 diff -NurpP --minimal linux-3.14.17/fs/file_table.c linux-3.14.17-vs2.3.6.13/fs/file_table.c
3295 --- linux-3.14.17/fs/file_table.c 2014-08-14 01:38:34.000000000 +0000
3296 +++ linux-3.14.17-vs2.3.6.13/fs/file_table.c 2014-08-30 14:27:38.000000000 +0000
3298 #include <linux/hardirq.h>
3299 #include <linux/task_work.h>
3300 #include <linux/ima.h>
3301 +#include <linux/vs_limit.h>
3302 +#include <linux/vs_context.h>
3304 #include <linux/atomic.h>
3306 @@ -138,6 +140,8 @@ struct file *get_empty_filp(void)
3307 mutex_init(&f->f_pos_lock);
3308 eventpoll_init_file(f);
3309 /* f->f_version: 0 */
3310 + f->f_xid = vx_current_xid();
3315 @@ -255,6 +259,8 @@ static void __fput(struct file *file)
3316 i_readcount_dec(inode);
3317 if (file->f_mode & FMODE_WRITE)
3318 drop_file_write_access(file);
3319 + vx_files_dec(file);
3321 file->f_path.dentry = NULL;
3322 file->f_path.mnt = NULL;
3323 file->f_inode = NULL;
3324 @@ -341,6 +347,8 @@ void put_filp(struct file *file)
3326 if (atomic_long_dec_and_test(&file->f_count)) {
3327 security_file_free(file);
3328 + vx_files_dec(file);
3333 diff -NurpP --minimal linux-3.14.17/fs/fs_struct.c linux-3.14.17-vs2.3.6.13/fs/fs_struct.c
3334 --- linux-3.14.17/fs/fs_struct.c 2014-08-14 01:38:34.000000000 +0000
3335 +++ linux-3.14.17-vs2.3.6.13/fs/fs_struct.c 2014-08-30 14:27:38.000000000 +0000
3337 #include <linux/path.h>
3338 #include <linux/slab.h>
3339 #include <linux/fs_struct.h>
3340 +#include <linux/vserver/global.h>
3341 #include "internal.h"
3344 @@ -87,6 +88,7 @@ void free_fs_struct(struct fs_struct *fs
3346 path_put(&fs->root);
3348 + atomic_dec(&vs_global_fs);
3349 kmem_cache_free(fs_cachep, fs);
3352 @@ -124,6 +126,7 @@ struct fs_struct *copy_fs_struct(struct
3355 spin_unlock(&old->lock);
3356 + atomic_inc(&vs_global_fs);
3360 diff -NurpP --minimal linux-3.14.17/fs/gfs2/file.c linux-3.14.17-vs2.3.6.13/fs/gfs2/file.c
3361 --- linux-3.14.17/fs/gfs2/file.c 2014-08-14 01:38:34.000000000 +0000
3362 +++ linux-3.14.17-vs2.3.6.13/fs/gfs2/file.c 2014-08-30 14:27:38.000000000 +0000
3363 @@ -137,6 +137,9 @@ static const u32 fsflags_to_gfs2[32] = {
3364 [12] = GFS2_DIF_EXHASH,
3365 [14] = GFS2_DIF_INHERIT_JDATA,
3366 [17] = GFS2_DIF_TOPDIR,
3367 + [27] = GFS2_DIF_IXUNLINK,
3368 + [26] = GFS2_DIF_BARRIER,
3369 + [29] = GFS2_DIF_COW,
3372 static const u32 gfs2_to_fsflags[32] = {
3373 @@ -147,6 +150,9 @@ static const u32 gfs2_to_fsflags[32] = {
3374 [gfs2fl_ExHash] = FS_INDEX_FL,
3375 [gfs2fl_TopLevel] = FS_TOPDIR_FL,
3376 [gfs2fl_InheritJdata] = FS_JOURNAL_DATA_FL,
3377 + [gfs2fl_IXUnlink] = FS_IXUNLINK_FL,
3378 + [gfs2fl_Barrier] = FS_BARRIER_FL,
3379 + [gfs2fl_Cow] = FS_COW_FL,
3382 static int gfs2_get_flags(struct file *filp, u32 __user *ptr)
3383 @@ -177,12 +183,18 @@ void gfs2_set_inode_flags(struct inode *
3385 struct gfs2_inode *ip = GFS2_I(inode);
3386 unsigned int flags = inode->i_flags;
3387 + unsigned int vflags = inode->i_vflags;
3389 + flags &= ~(S_IMMUTABLE | S_IXUNLINK |
3390 + S_SYNC | S_APPEND | S_NOATIME | S_DIRSYNC | S_NOSEC);
3392 - flags &= ~(S_SYNC|S_APPEND|S_IMMUTABLE|S_NOATIME|S_DIRSYNC|S_NOSEC);
3393 if ((ip->i_eattr == 0) && !is_sxid(inode->i_mode))
3394 inode->i_flags |= S_NOSEC;
3395 if (ip->i_diskflags & GFS2_DIF_IMMUTABLE)
3396 flags |= S_IMMUTABLE;
3397 + if (ip->i_diskflags & GFS2_DIF_IXUNLINK)
3398 + flags |= S_IXUNLINK;
3400 if (ip->i_diskflags & GFS2_DIF_APPENDONLY)
3402 if (ip->i_diskflags & GFS2_DIF_NOATIME)
3403 @@ -190,6 +202,43 @@ void gfs2_set_inode_flags(struct inode *
3404 if (ip->i_diskflags & GFS2_DIF_SYNC)
3406 inode->i_flags = flags;
3408 + vflags &= ~(V_BARRIER | V_COW);
3410 + if (ip->i_diskflags & GFS2_DIF_BARRIER)
3411 + vflags |= V_BARRIER;
3412 + if (ip->i_diskflags & GFS2_DIF_COW)
3414 + inode->i_vflags = vflags;
3417 +void gfs2_get_inode_flags(struct inode *inode)
3419 + struct gfs2_inode *ip = GFS2_I(inode);
3420 + unsigned int flags = inode->i_flags;
3421 + unsigned int vflags = inode->i_vflags;
3423 + ip->i_diskflags &= ~(GFS2_DIF_APPENDONLY |
3424 + GFS2_DIF_NOATIME | GFS2_DIF_SYNC |
3425 + GFS2_DIF_IMMUTABLE | GFS2_DIF_IXUNLINK |
3426 + GFS2_DIF_BARRIER | GFS2_DIF_COW);
3428 + if (flags & S_IMMUTABLE)
3429 + ip->i_diskflags |= GFS2_DIF_IMMUTABLE;
3430 + if (flags & S_IXUNLINK)
3431 + ip->i_diskflags |= GFS2_DIF_IXUNLINK;
3433 + if (flags & S_APPEND)
3434 + ip->i_diskflags |= GFS2_DIF_APPENDONLY;
3435 + if (flags & S_NOATIME)
3436 + ip->i_diskflags |= GFS2_DIF_NOATIME;
3437 + if (flags & S_SYNC)
3438 + ip->i_diskflags |= GFS2_DIF_SYNC;
3440 + if (vflags & V_BARRIER)
3441 + ip->i_diskflags |= GFS2_DIF_BARRIER;
3442 + if (vflags & V_COW)
3443 + ip->i_diskflags |= GFS2_DIF_COW;
3446 /* Flags that can be set by user space */
3447 @@ -303,6 +352,37 @@ static int gfs2_set_flags(struct file *f
3448 return do_gfs2_set_flags(filp, gfsflags, ~GFS2_DIF_JDATA);
3451 +int gfs2_sync_flags(struct inode *inode, int flags, int vflags)
3453 + struct gfs2_inode *ip = GFS2_I(inode);
3454 + struct gfs2_sbd *sdp = GFS2_SB(inode);
3455 + struct buffer_head *bh;
3456 + struct gfs2_holder gh;
3459 + error = gfs2_glock_nq_init(ip->i_gl, LM_ST_EXCLUSIVE, 0, &gh);
3462 + error = gfs2_trans_begin(sdp, RES_DINODE, 0);
3465 + error = gfs2_meta_inode_buffer(ip, &bh);
3467 + goto out_trans_end;
3468 + gfs2_trans_add_meta(ip->i_gl, bh);
3469 + inode->i_flags = flags;
3470 + inode->i_vflags = vflags;
3471 + gfs2_get_inode_flags(inode);
3472 + gfs2_dinode_out(ip, bh->b_data);
3474 + gfs2_set_aops(inode);
3476 + gfs2_trans_end(sdp);
3478 + gfs2_glock_dq_uninit(&gh);
3482 static long gfs2_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
3485 diff -NurpP --minimal linux-3.14.17/fs/gfs2/inode.h linux-3.14.17-vs2.3.6.13/fs/gfs2/inode.h
3486 --- linux-3.14.17/fs/gfs2/inode.h 2014-08-14 01:38:34.000000000 +0000
3487 +++ linux-3.14.17-vs2.3.6.13/fs/gfs2/inode.h 2014-08-30 14:27:38.000000000 +0000
3488 @@ -118,6 +118,7 @@ extern const struct file_operations gfs2
3489 extern const struct file_operations gfs2_dir_fops_nolock;
3491 extern void gfs2_set_inode_flags(struct inode *inode);
3492 +extern int gfs2_sync_flags(struct inode *inode, int flags, int vflags);
3494 #ifdef CONFIG_GFS2_FS_LOCKING_DLM
3495 extern const struct file_operations gfs2_file_fops;
3496 diff -NurpP --minimal linux-3.14.17/fs/hostfs/hostfs.h linux-3.14.17-vs2.3.6.13/fs/hostfs/hostfs.h
3497 --- linux-3.14.17/fs/hostfs/hostfs.h 2014-08-14 01:38:34.000000000 +0000
3498 +++ linux-3.14.17-vs2.3.6.13/fs/hostfs/hostfs.h 2014-08-30 14:27:38.000000000 +0000
3499 @@ -42,6 +42,7 @@ struct hostfs_iattr {
3500 unsigned short ia_mode;
3505 struct timespec ia_atime;
3506 struct timespec ia_mtime;
3507 diff -NurpP --minimal linux-3.14.17/fs/inode.c linux-3.14.17-vs2.3.6.13/fs/inode.c
3508 --- linux-3.14.17/fs/inode.c 2014-08-14 01:38:34.000000000 +0000
3509 +++ linux-3.14.17-vs2.3.6.13/fs/inode.c 2014-08-30 14:27:38.000000000 +0000
3511 #include <linux/buffer_head.h> /* for inode_has_buffers */
3512 #include <linux/ratelimit.h>
3513 #include <linux/list_lru.h>
3514 +#include <linux/vs_tag.h>
3515 #include "internal.h"
3518 @@ -129,6 +130,8 @@ int inode_init_always(struct super_block
3519 struct address_space *const mapping = &inode->i_data;
3523 + /* essential because of inode slab reuse */
3524 inode->i_blkbits = sb->s_blocksize_bits;
3526 atomic_set(&inode->i_count, 1);
3527 @@ -138,6 +141,7 @@ int inode_init_always(struct super_block
3528 inode->i_opflags = 0;
3529 i_uid_write(inode, 0);
3530 i_gid_write(inode, 0);
3531 + i_tag_write(inode, 0);
3532 atomic_set(&inode->i_writecount, 0);
3534 inode->i_blocks = 0;
3535 @@ -150,6 +154,7 @@ int inode_init_always(struct super_block
3536 inode->i_bdev = NULL;
3537 inode->i_cdev = NULL;
3539 + inode->i_mdev = 0;
3540 inode->dirtied_when = 0;
3542 if (security_inode_alloc(inode))
3543 @@ -477,6 +482,8 @@ void __insert_inode_hash(struct inode *i
3545 EXPORT_SYMBOL(__insert_inode_hash);
3547 +EXPORT_SYMBOL_GPL(__iget);
3550 * __remove_inode_hash - remove an inode from the hash
3551 * @inode: inode to unhash
3552 @@ -1802,9 +1809,11 @@ void init_special_inode(struct inode *in
3553 if (S_ISCHR(mode)) {
3554 inode->i_fop = &def_chr_fops;
3555 inode->i_rdev = rdev;
3556 + inode->i_mdev = rdev;
3557 } else if (S_ISBLK(mode)) {
3558 inode->i_fop = &def_blk_fops;
3559 inode->i_rdev = rdev;
3560 + inode->i_mdev = rdev;
3561 } else if (S_ISFIFO(mode))
3562 inode->i_fop = &pipefifo_fops;
3563 else if (S_ISSOCK(mode))
3564 @@ -1833,6 +1842,7 @@ void inode_init_owner(struct inode *inod
3566 inode->i_gid = current_fsgid();
3567 inode->i_mode = mode;
3568 + i_tag_write(inode, dx_current_fstag(inode->i_sb));
3570 EXPORT_SYMBOL(inode_init_owner);
3572 diff -NurpP --minimal linux-3.14.17/fs/ioctl.c linux-3.14.17-vs2.3.6.13/fs/ioctl.c
3573 --- linux-3.14.17/fs/ioctl.c 2014-08-14 01:38:34.000000000 +0000
3574 +++ linux-3.14.17-vs2.3.6.13/fs/ioctl.c 2014-08-30 14:27:38.000000000 +0000
3576 #include <linux/writeback.h>
3577 #include <linux/buffer_head.h>
3578 #include <linux/falloc.h>
3579 +#include <linux/proc_fs.h>
3580 +#include <linux/vserver/inode.h>
3581 +#include <linux/vs_tag.h>
3583 #include <asm/ioctls.h>
3585 diff -NurpP --minimal linux-3.14.17/fs/ioprio.c linux-3.14.17-vs2.3.6.13/fs/ioprio.c
3586 --- linux-3.14.17/fs/ioprio.c 2014-08-14 01:38:34.000000000 +0000
3587 +++ linux-3.14.17-vs2.3.6.13/fs/ioprio.c 2014-08-30 14:27:38.000000000 +0000
3589 #include <linux/syscalls.h>
3590 #include <linux/security.h>
3591 #include <linux/pid_namespace.h>
3592 +#include <linux/vs_base.h>
3594 int set_task_ioprio(struct task_struct *task, int ioprio)
3596 @@ -105,6 +106,8 @@ SYSCALL_DEFINE3(ioprio_set, int, which,
3598 pgrp = find_vpid(who);
3599 do_each_pid_thread(pgrp, PIDTYPE_PGID, p) {
3600 + if (!vx_check(p->xid, VS_ADMIN_P | VS_IDENT))
3602 ret = set_task_ioprio(p, ioprio);
3605 @@ -198,6 +201,8 @@ SYSCALL_DEFINE2(ioprio_get, int, which,
3607 pgrp = find_vpid(who);
3608 do_each_pid_thread(pgrp, PIDTYPE_PGID, p) {
3609 + if (!vx_check(p->xid, VS_ADMIN_P | VS_IDENT))
3611 tmpio = get_task_ioprio(p);
3614 diff -NurpP --minimal linux-3.14.17/fs/jfs/file.c linux-3.14.17-vs2.3.6.13/fs/jfs/file.c
3615 --- linux-3.14.17/fs/jfs/file.c 2014-08-14 01:38:34.000000000 +0000
3616 +++ linux-3.14.17-vs2.3.6.13/fs/jfs/file.c 2014-08-30 14:27:38.000000000 +0000
3617 @@ -110,7 +110,8 @@ int jfs_setattr(struct dentry *dentry, s
3618 if (is_quota_modification(inode, iattr))
3619 dquot_initialize(inode);
3620 if ((iattr->ia_valid & ATTR_UID && !uid_eq(iattr->ia_uid, inode->i_uid)) ||
3621 - (iattr->ia_valid & ATTR_GID && !gid_eq(iattr->ia_gid, inode->i_gid))) {
3622 + (iattr->ia_valid & ATTR_GID && !gid_eq(iattr->ia_gid, inode->i_gid)) ||
3623 + (iattr->ia_valid & ATTR_TAG && !tag_eq(iattr->ia_tag, inode->i_tag))) {
3624 rc = dquot_transfer(inode, iattr);
3627 @@ -146,6 +147,7 @@ const struct inode_operations jfs_file_i
3628 .get_acl = jfs_get_acl,
3629 .set_acl = jfs_set_acl,
3631 + .sync_flags = jfs_sync_flags,
3634 const struct file_operations jfs_file_operations = {
3635 diff -NurpP --minimal linux-3.14.17/fs/jfs/ioctl.c linux-3.14.17-vs2.3.6.13/fs/jfs/ioctl.c
3636 --- linux-3.14.17/fs/jfs/ioctl.c 2014-08-14 01:38:34.000000000 +0000
3637 +++ linux-3.14.17-vs2.3.6.13/fs/jfs/ioctl.c 2014-08-30 14:27:38.000000000 +0000
3639 #include <linux/time.h>
3640 #include <linux/sched.h>
3641 #include <linux/blkdev.h>
3642 +#include <linux/mount.h>
3643 #include <asm/current.h>
3644 #include <asm/uaccess.h>
3646 @@ -56,6 +57,16 @@ static long jfs_map_ext2(unsigned long f
3650 +int jfs_sync_flags(struct inode *inode, int flags, int vflags)
3652 + inode->i_flags = flags;
3653 + inode->i_vflags = vflags;
3654 + jfs_get_inode_flags(JFS_IP(inode));
3655 + inode->i_ctime = CURRENT_TIME_SEC;
3656 + mark_inode_dirty(inode);
3660 long jfs_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
3662 struct inode *inode = file_inode(filp);
3663 @@ -89,6 +100,11 @@ long jfs_ioctl(struct file *filp, unsign
3664 if (!S_ISDIR(inode->i_mode))
3665 flags &= ~JFS_DIRSYNC_FL;
3667 + if (IS_BARRIER(inode)) {
3668 + vxwprintk_task(1, "messing with the barrier.");
3672 /* Is it quota file? Do not allow user to mess with it */
3673 if (IS_NOQUOTA(inode)) {
3675 @@ -106,8 +122,8 @@ long jfs_ioctl(struct file *filp, unsign
3676 * the relevant capability.
3678 if ((oldflags & JFS_IMMUTABLE_FL) ||
3679 - ((flags ^ oldflags) &
3680 - (JFS_APPEND_FL | JFS_IMMUTABLE_FL))) {
3681 + ((flags ^ oldflags) & (JFS_APPEND_FL |
3682 + JFS_IMMUTABLE_FL | JFS_IXUNLINK_FL))) {
3683 if (!capable(CAP_LINUX_IMMUTABLE)) {
3684 mutex_unlock(&inode->i_mutex);
3686 @@ -115,7 +131,7 @@ long jfs_ioctl(struct file *filp, unsign
3690 - flags = flags & JFS_FL_USER_MODIFIABLE;
3691 + flags &= JFS_FL_USER_MODIFIABLE;
3692 flags |= oldflags & ~JFS_FL_USER_MODIFIABLE;
3693 jfs_inode->mode2 = flags;
3695 diff -NurpP --minimal linux-3.14.17/fs/jfs/jfs_dinode.h linux-3.14.17-vs2.3.6.13/fs/jfs/jfs_dinode.h
3696 --- linux-3.14.17/fs/jfs/jfs_dinode.h 2014-08-14 01:38:34.000000000 +0000
3697 +++ linux-3.14.17-vs2.3.6.13/fs/jfs/jfs_dinode.h 2014-08-30 14:27:38.000000000 +0000
3698 @@ -161,9 +161,13 @@ struct dinode {
3700 #define JFS_APPEND_FL 0x01000000 /* writes to file may only append */
3701 #define JFS_IMMUTABLE_FL 0x02000000 /* Immutable file */
3702 +#define JFS_IXUNLINK_FL 0x08000000 /* Immutable invert on unlink */
3704 -#define JFS_FL_USER_VISIBLE 0x03F80000
3705 -#define JFS_FL_USER_MODIFIABLE 0x03F80000
3706 +#define JFS_BARRIER_FL 0x04000000 /* Barrier for chroot() */
3707 +#define JFS_COW_FL 0x20000000 /* Copy on Write marker */
3709 +#define JFS_FL_USER_VISIBLE 0x07F80000
3710 +#define JFS_FL_USER_MODIFIABLE 0x07F80000
3711 #define JFS_FL_INHERIT 0x03C80000
3713 /* These are identical to EXT[23]_IOC_GETFLAGS/SETFLAGS */
3714 diff -NurpP --minimal linux-3.14.17/fs/jfs/jfs_filsys.h linux-3.14.17-vs2.3.6.13/fs/jfs/jfs_filsys.h
3715 --- linux-3.14.17/fs/jfs/jfs_filsys.h 2014-08-14 01:38:34.000000000 +0000
3716 +++ linux-3.14.17-vs2.3.6.13/fs/jfs/jfs_filsys.h 2014-08-30 14:27:38.000000000 +0000
3718 #define JFS_NAME_MAX 255
3719 #define JFS_PATH_MAX BPSIZE
3721 +#define JFS_TAGGED 0x00800000 /* Context Tagging */
3724 * file system state (superblock state)
3725 diff -NurpP --minimal linux-3.14.17/fs/jfs/jfs_imap.c linux-3.14.17-vs2.3.6.13/fs/jfs/jfs_imap.c
3726 --- linux-3.14.17/fs/jfs/jfs_imap.c 2014-08-14 01:38:34.000000000 +0000
3727 +++ linux-3.14.17-vs2.3.6.13/fs/jfs/jfs_imap.c 2014-08-30 14:27:38.000000000 +0000
3729 #include <linux/pagemap.h>
3730 #include <linux/quotaops.h>
3731 #include <linux/slab.h>
3732 +#include <linux/vs_tag.h>
3734 #include "jfs_incore.h"
3735 #include "jfs_inode.h"
3736 @@ -3047,6 +3048,8 @@ static int copy_from_dinode(struct dinod
3738 struct jfs_inode_info *jfs_ip = JFS_IP(ip);
3739 struct jfs_sb_info *sbi = JFS_SBI(ip->i_sb);
3743 jfs_ip->fileset = le32_to_cpu(dip->di_fileset);
3744 jfs_ip->mode2 = le32_to_cpu(dip->di_mode);
3745 @@ -3067,14 +3070,18 @@ static int copy_from_dinode(struct dinod
3747 set_nlink(ip, le32_to_cpu(dip->di_nlink));
3749 - jfs_ip->saved_uid = make_kuid(&init_user_ns, le32_to_cpu(dip->di_uid));
3750 + kuid = make_kuid(&init_user_ns, le32_to_cpu(dip->di_uid));
3751 + kgid = make_kgid(&init_user_ns, le32_to_cpu(dip->di_gid));
3752 + ip->i_tag = INOTAG_KTAG(DX_TAG(ip), kuid, kgid, GLOBAL_ROOT_TAG);
3754 + jfs_ip->saved_uid = INOTAG_KUID(DX_TAG(ip), kuid, kgid);
3755 if (!uid_valid(sbi->uid))
3756 ip->i_uid = jfs_ip->saved_uid;
3758 ip->i_uid = sbi->uid;
3761 - jfs_ip->saved_gid = make_kgid(&init_user_ns, le32_to_cpu(dip->di_gid));
3762 + jfs_ip->saved_gid = INOTAG_KGID(DX_TAG(ip), kuid, kgid);
3763 if (!gid_valid(sbi->gid))
3764 ip->i_gid = jfs_ip->saved_gid;
3766 @@ -3139,16 +3146,14 @@ static void copy_to_dinode(struct dinode
3767 dip->di_size = cpu_to_le64(ip->i_size);
3768 dip->di_nblocks = cpu_to_le64(PBLK2LBLK(ip->i_sb, ip->i_blocks));
3769 dip->di_nlink = cpu_to_le32(ip->i_nlink);
3770 - if (!uid_valid(sbi->uid))
3771 - dip->di_uid = cpu_to_le32(i_uid_read(ip));
3773 - dip->di_uid =cpu_to_le32(from_kuid(&init_user_ns,
3774 - jfs_ip->saved_uid));
3775 - if (!gid_valid(sbi->gid))
3776 - dip->di_gid = cpu_to_le32(i_gid_read(ip));
3778 - dip->di_gid = cpu_to_le32(from_kgid(&init_user_ns,
3779 - jfs_ip->saved_gid));
3780 + dip->di_uid = cpu_to_le32(from_kuid(&init_user_ns,
3781 + TAGINO_KUID(DX_TAG(ip),
3782 + !uid_valid(sbi->uid) ? ip->i_uid : jfs_ip->saved_uid,
3784 + dip->di_gid = cpu_to_le32(from_kgid(&init_user_ns,
3785 + TAGINO_KGID(DX_TAG(ip),
3786 + !gid_valid(sbi->gid) ? ip->i_gid : jfs_ip->saved_gid,
3788 jfs_get_inode_flags(jfs_ip);
3790 * mode2 is only needed for storing the higher order bits.
3791 diff -NurpP --minimal linux-3.14.17/fs/jfs/jfs_inode.c linux-3.14.17-vs2.3.6.13/fs/jfs/jfs_inode.c
3792 --- linux-3.14.17/fs/jfs/jfs_inode.c 2014-08-14 01:38:34.000000000 +0000
3793 +++ linux-3.14.17-vs2.3.6.13/fs/jfs/jfs_inode.c 2014-08-30 14:27:38.000000000 +0000
3796 #include <linux/fs.h>
3797 #include <linux/quotaops.h>
3798 +#include <linux/vs_tag.h>
3799 #include "jfs_incore.h"
3800 #include "jfs_inode.h"
3801 #include "jfs_filsys.h"
3802 @@ -30,29 +31,46 @@ void jfs_set_inode_flags(struct inode *i
3804 unsigned int flags = JFS_IP(inode)->mode2;
3806 - inode->i_flags &= ~(S_IMMUTABLE | S_APPEND |
3807 - S_NOATIME | S_DIRSYNC | S_SYNC);
3808 + inode->i_flags &= ~(S_IMMUTABLE | S_IXUNLINK |
3809 + S_SYNC | S_APPEND | S_NOATIME | S_DIRSYNC);
3811 if (flags & JFS_IMMUTABLE_FL)
3812 inode->i_flags |= S_IMMUTABLE;
3813 + if (flags & JFS_IXUNLINK_FL)
3814 + inode->i_flags |= S_IXUNLINK;
3816 + if (flags & JFS_SYNC_FL)
3817 + inode->i_flags |= S_SYNC;
3818 if (flags & JFS_APPEND_FL)
3819 inode->i_flags |= S_APPEND;
3820 if (flags & JFS_NOATIME_FL)
3821 inode->i_flags |= S_NOATIME;
3822 if (flags & JFS_DIRSYNC_FL)
3823 inode->i_flags |= S_DIRSYNC;
3824 - if (flags & JFS_SYNC_FL)
3825 - inode->i_flags |= S_SYNC;
3827 + inode->i_vflags &= ~(V_BARRIER | V_COW);
3829 + if (flags & JFS_BARRIER_FL)
3830 + inode->i_vflags |= V_BARRIER;
3831 + if (flags & JFS_COW_FL)
3832 + inode->i_vflags |= V_COW;
3835 void jfs_get_inode_flags(struct jfs_inode_info *jfs_ip)
3837 unsigned int flags = jfs_ip->vfs_inode.i_flags;
3838 + unsigned int vflags = jfs_ip->vfs_inode.i_vflags;
3840 + jfs_ip->mode2 &= ~(JFS_IMMUTABLE_FL | JFS_IXUNLINK_FL |
3841 + JFS_APPEND_FL | JFS_NOATIME_FL |
3842 + JFS_DIRSYNC_FL | JFS_SYNC_FL |
3843 + JFS_BARRIER_FL | JFS_COW_FL);
3845 - jfs_ip->mode2 &= ~(JFS_IMMUTABLE_FL | JFS_APPEND_FL | JFS_NOATIME_FL |
3846 - JFS_DIRSYNC_FL | JFS_SYNC_FL);
3847 if (flags & S_IMMUTABLE)
3848 jfs_ip->mode2 |= JFS_IMMUTABLE_FL;
3849 + if (flags & S_IXUNLINK)
3850 + jfs_ip->mode2 |= JFS_IXUNLINK_FL;
3852 if (flags & S_APPEND)
3853 jfs_ip->mode2 |= JFS_APPEND_FL;
3854 if (flags & S_NOATIME)
3855 @@ -61,6 +79,11 @@ void jfs_get_inode_flags(struct jfs_inod
3856 jfs_ip->mode2 |= JFS_DIRSYNC_FL;
3858 jfs_ip->mode2 |= JFS_SYNC_FL;
3860 + if (vflags & V_BARRIER)
3861 + jfs_ip->mode2 |= JFS_BARRIER_FL;
3862 + if (vflags & V_COW)
3863 + jfs_ip->mode2 |= JFS_COW_FL;
3867 diff -NurpP --minimal linux-3.14.17/fs/jfs/jfs_inode.h linux-3.14.17-vs2.3.6.13/fs/jfs/jfs_inode.h
3868 --- linux-3.14.17/fs/jfs/jfs_inode.h 2014-08-14 01:38:34.000000000 +0000
3869 +++ linux-3.14.17-vs2.3.6.13/fs/jfs/jfs_inode.h 2014-08-30 14:27:38.000000000 +0000
3870 @@ -39,6 +39,7 @@ extern struct dentry *jfs_fh_to_dentry(s
3871 extern struct dentry *jfs_fh_to_parent(struct super_block *sb, struct fid *fid,
3872 int fh_len, int fh_type);
3873 extern void jfs_set_inode_flags(struct inode *);
3874 +extern int jfs_sync_flags(struct inode *, int, int);
3875 extern int jfs_get_block(struct inode *, sector_t, struct buffer_head *, int);
3876 extern int jfs_setattr(struct dentry *, struct iattr *);
3878 diff -NurpP --minimal linux-3.14.17/fs/jfs/namei.c linux-3.14.17-vs2.3.6.13/fs/jfs/namei.c
3879 --- linux-3.14.17/fs/jfs/namei.c 2014-08-14 01:38:34.000000000 +0000
3880 +++ linux-3.14.17-vs2.3.6.13/fs/jfs/namei.c 2014-08-30 14:27:38.000000000 +0000
3882 #include <linux/ctype.h>
3883 #include <linux/quotaops.h>
3884 #include <linux/exportfs.h>
3885 +#include <linux/vs_tag.h>
3886 #include "jfs_incore.h"
3887 #include "jfs_superblock.h"
3888 #include "jfs_inode.h"
3889 @@ -1461,6 +1462,7 @@ static struct dentry *jfs_lookup(struct
3890 jfs_err("jfs_lookup: iget failed on inum %d", (uint)inum);
3893 + dx_propagate_tag(nd, ip);
3894 return d_splice_alias(ip, dentry);
3897 @@ -1526,6 +1528,7 @@ const struct inode_operations jfs_dir_in
3898 .get_acl = jfs_get_acl,
3899 .set_acl = jfs_set_acl,
3901 + .sync_flags = jfs_sync_flags,
3904 const struct file_operations jfs_dir_operations = {
3905 diff -NurpP --minimal linux-3.14.17/fs/jfs/super.c linux-3.14.17-vs2.3.6.13/fs/jfs/super.c
3906 --- linux-3.14.17/fs/jfs/super.c 2014-08-14 01:38:34.000000000 +0000
3907 +++ linux-3.14.17-vs2.3.6.13/fs/jfs/super.c 2014-08-30 14:27:38.000000000 +0000
3908 @@ -204,7 +204,8 @@ enum {
3909 Opt_integrity, Opt_nointegrity, Opt_iocharset, Opt_resize,
3910 Opt_resize_nosize, Opt_errors, Opt_ignore, Opt_err, Opt_quota,
3911 Opt_usrquota, Opt_grpquota, Opt_uid, Opt_gid, Opt_umask,
3912 - Opt_discard, Opt_nodiscard, Opt_discard_minblk
3913 + Opt_discard, Opt_nodiscard, Opt_discard_minblk,
3914 + Opt_tag, Opt_notag, Opt_tagid
3917 static const match_table_t tokens = {
3918 @@ -214,6 +215,10 @@ static const match_table_t tokens = {
3919 {Opt_resize, "resize=%u"},
3920 {Opt_resize_nosize, "resize"},
3921 {Opt_errors, "errors=%s"},
3923 + {Opt_notag, "notag"},
3924 + {Opt_tagid, "tagid=%u"},
3925 + {Opt_tag, "tagxid"},
3926 {Opt_ignore, "noquota"},
3927 {Opt_ignore, "quota"},
3928 {Opt_usrquota, "usrquota"},
3929 @@ -390,7 +395,20 @@ static int parse_options(char *options,
3934 +#ifndef CONFIG_TAGGING_NONE
3936 + *flag |= JFS_TAGGED;
3939 + *flag &= JFS_TAGGED;
3942 +#ifdef CONFIG_PROPAGATE
3945 + *flag |= JFS_TAGGED;
3949 printk("jfs: Unrecognized mount option \"%s\" "
3950 " or missing value\n", p);
3951 @@ -422,6 +440,12 @@ static int jfs_remount(struct super_bloc
3955 + if ((flag & JFS_TAGGED) && !(sb->s_flags & MS_TAGGED)) {
3956 + printk(KERN_ERR "JFS: %s: tagging not permitted on remount.\n",
3962 if (sb->s_flags & MS_RDONLY) {
3963 pr_err("JFS: resize requires volume" \
3964 @@ -507,6 +531,9 @@ static int jfs_fill_super(struct super_b
3965 #ifdef CONFIG_JFS_POSIX_ACL
3966 sb->s_flags |= MS_POSIXACL;
3968 + /* map mount option tagxid */
3969 + if (sbi->flag & JFS_TAGGED)
3970 + sb->s_flags |= MS_TAGGED;
3973 pr_err("resize option for remount only\n");
3974 diff -NurpP --minimal linux-3.14.17/fs/libfs.c linux-3.14.17-vs2.3.6.13/fs/libfs.c
3975 --- linux-3.14.17/fs/libfs.c 2014-08-14 01:38:34.000000000 +0000
3976 +++ linux-3.14.17-vs2.3.6.13/fs/libfs.c 2014-08-30 14:27:38.000000000 +0000
3977 @@ -145,13 +145,14 @@ static inline unsigned char dt_type(stru
3978 * both impossible due to the lock on directory.
3981 -int dcache_readdir(struct file *file, struct dir_context *ctx)
3982 +static inline int do_dcache_readdir_filter(struct file *filp,
3983 + struct dir_context *ctx, int (*filter)(struct dentry *dentry))
3985 - struct dentry *dentry = file->f_path.dentry;
3986 - struct dentry *cursor = file->private_data;
3987 + struct dentry *dentry = filp->f_path.dentry;
3988 + struct dentry *cursor = filp->private_data;
3989 struct list_head *p, *q = &cursor->d_child;
3991 - if (!dir_emit_dots(file, ctx))
3992 + if (!dir_emit_dots(filp, ctx))
3994 spin_lock(&dentry->d_lock);
3996 @@ -159,6 +160,8 @@ int dcache_readdir(struct file *file, st
3998 for (p = q->next; p != &dentry->d_subdirs; p = p->next) {
3999 struct dentry *next = list_entry(p, struct dentry, d_child);
4000 + if (filter && !filter(next))
4002 spin_lock_nested(&next->d_lock, DENTRY_D_LOCK_NESTED);
4003 if (!simple_positive(next)) {
4004 spin_unlock(&next->d_lock);
4005 @@ -181,8 +184,22 @@ int dcache_readdir(struct file *file, st
4006 spin_unlock(&dentry->d_lock);
4010 EXPORT_SYMBOL(dcache_readdir);
4012 +int dcache_readdir(struct file *filp, struct dir_context *ctx)
4014 + return do_dcache_readdir_filter(filp, ctx, NULL);
4017 +EXPORT_SYMBOL(dcache_readdir_filter);
4019 +int dcache_readdir_filter(struct file *filp, struct dir_context *ctx,
4020 + int (*filter)(struct dentry *))
4022 + return do_dcache_readdir_filter(filp, ctx, filter);
4025 ssize_t generic_read_dir(struct file *filp, char __user *buf, size_t siz, loff_t *ppos)
4028 diff -NurpP --minimal linux-3.14.17/fs/locks.c linux-3.14.17-vs2.3.6.13/fs/locks.c
4029 --- linux-3.14.17/fs/locks.c 2014-08-14 01:38:34.000000000 +0000
4030 +++ linux-3.14.17-vs2.3.6.13/fs/locks.c 2014-08-30 14:27:38.000000000 +0000
4032 #include <linux/hashtable.h>
4033 #include <linux/percpu.h>
4034 #include <linux/lglock.h>
4035 +#include <linux/vs_base.h>
4036 +#include <linux/vs_limit.h>
4038 #include <asm/uaccess.h>
4040 @@ -210,11 +212,17 @@ static void locks_init_lock_heads(struct
4041 /* Allocate an empty lock structure. */
4042 struct file_lock *locks_alloc_lock(void)
4044 - struct file_lock *fl = kmem_cache_zalloc(filelock_cache, GFP_KERNEL);
4045 + struct file_lock *fl;
4048 - locks_init_lock_heads(fl);
4049 + if (!vx_locks_avail(1))
4052 + fl = kmem_cache_zalloc(filelock_cache, GFP_KERNEL);
4055 + locks_init_lock_heads(fl);
4060 EXPORT_SYMBOL_GPL(locks_alloc_lock);
4061 @@ -238,6 +246,7 @@ void locks_free_lock(struct file_lock *f
4062 BUG_ON(!list_empty(&fl->fl_block));
4063 BUG_ON(!hlist_unhashed(&fl->fl_link));
4066 locks_release_private(fl);
4067 kmem_cache_free(filelock_cache, fl);
4069 @@ -247,6 +256,7 @@ void locks_init_lock(struct file_lock *f
4071 memset(fl, 0, sizeof(struct file_lock));
4072 locks_init_lock_heads(fl);
4076 EXPORT_SYMBOL(locks_init_lock);
4077 @@ -287,6 +297,7 @@ void locks_copy_lock(struct file_lock *n
4078 new->fl_file = fl->fl_file;
4079 new->fl_ops = fl->fl_ops;
4080 new->fl_lmops = fl->fl_lmops;
4081 + new->fl_xid = fl->fl_xid;
4083 locks_copy_private(new, fl);
4085 @@ -325,6 +336,11 @@ static int flock_make_lock(struct file *
4086 fl->fl_flags = FL_FLOCK;
4088 fl->fl_end = OFFSET_MAX;
4090 + vxd_assert(filp->f_xid == vx_current_xid(),
4091 + "f_xid(%d) == current(%d)", filp->f_xid, vx_current_xid());
4092 + fl->fl_xid = filp->f_xid;
4097 @@ -464,6 +480,7 @@ static int lease_init(struct file *filp,
4099 fl->fl_owner = current->files;
4100 fl->fl_pid = current->tgid;
4101 + fl->fl_xid = vx_current_xid();
4104 fl->fl_flags = FL_LEASE;
4105 @@ -483,6 +500,11 @@ static struct file_lock *lease_alloc(str
4107 return ERR_PTR(error);
4109 + fl->fl_xid = vx_current_xid();
4111 + vxd_assert(filp->f_xid == fl->fl_xid,
4112 + "f_xid(%d) == fl_xid(%d)", filp->f_xid, fl->fl_xid);
4114 error = lease_init(filp, type, fl);
4116 locks_free_lock(fl);
4117 @@ -858,6 +880,7 @@ static int flock_lock_file(struct file *
4118 spin_lock(&inode->i_lock);
4121 + new_fl->fl_xid = -1;
4123 for_each_lock(inode, before) {
4124 struct file_lock *fl = *before;
4125 @@ -878,6 +901,7 @@ find_conflict:
4127 locks_copy_lock(new_fl, request);
4128 locks_insert_lock(before, new_fl);
4129 + vx_locks_inc(new_fl);
4133 @@ -888,7 +912,8 @@ out:
4137 -static int __posix_lock_file(struct inode *inode, struct file_lock *request, struct file_lock *conflock)
4138 +static int __posix_lock_file(struct inode *inode, struct file_lock *request,
4139 + struct file_lock *conflock, vxid_t xid)
4141 struct file_lock *fl;
4142 struct file_lock *new_fl = NULL;
4143 @@ -899,6 +924,8 @@ static int __posix_lock_file(struct inod
4147 + vxd_assert(xid == vx_current_xid(),
4148 + "xid(%d) == current(%d)", xid, vx_current_xid());
4150 * We may need two file_lock structures for this operation,
4151 * so we get them in advance to avoid races.
4152 @@ -909,7 +936,11 @@ static int __posix_lock_file(struct inod
4153 (request->fl_type != F_UNLCK ||
4154 request->fl_start != 0 || request->fl_end != OFFSET_MAX)) {
4155 new_fl = locks_alloc_lock();
4156 + new_fl->fl_xid = xid;
4157 + vx_locks_inc(new_fl);
4158 new_fl2 = locks_alloc_lock();
4159 + new_fl2->fl_xid = xid;
4160 + vx_locks_inc(new_fl2);
4163 spin_lock(&inode->i_lock);
4164 @@ -1118,7 +1149,8 @@ static int __posix_lock_file(struct inod
4165 int posix_lock_file(struct file *filp, struct file_lock *fl,
4166 struct file_lock *conflock)
4168 - return __posix_lock_file(file_inode(filp), fl, conflock);
4169 + return __posix_lock_file(file_inode(filp),
4170 + fl, conflock, filp->f_xid);
4172 EXPORT_SYMBOL(posix_lock_file);
4174 @@ -1208,7 +1240,7 @@ int locks_mandatory_area(int read_write,
4175 fl.fl_end = offset + count - 1;
4178 - error = __posix_lock_file(inode, &fl, NULL);
4179 + error = __posix_lock_file(inode, &fl, NULL, filp->f_xid);
4180 if (error != FILE_LOCK_DEFERRED)
4182 error = wait_event_interruptible(fl.fl_wait, !fl.fl_next);
4183 @@ -1548,6 +1580,7 @@ static int generic_add_lease(struct file
4186 locks_insert_lock(before, lease);
4187 + vx_locks_inc(lease);
4191 @@ -1990,6 +2023,11 @@ int fcntl_setlk(unsigned int fd, struct
4192 if (file_lock == NULL)
4195 + vxd_assert(filp->f_xid == vx_current_xid(),
4196 + "f_xid(%d) == current(%d)", filp->f_xid, vx_current_xid());
4197 + file_lock->fl_xid = filp->f_xid;
4198 + vx_locks_inc(file_lock);
4201 * This might block, so we do it before checking the inode.
4203 @@ -2108,6 +2146,11 @@ int fcntl_setlk64(unsigned int fd, struc
4204 if (file_lock == NULL)
4207 + vxd_assert(filp->f_xid == vx_current_xid(),
4208 + "f_xid(%d) == current(%d)", filp->f_xid, vx_current_xid());
4209 + file_lock->fl_xid = filp->f_xid;
4210 + vx_locks_inc(file_lock);
4213 * This might block, so we do it before checking the inode.
4215 @@ -2377,8 +2420,11 @@ static int locks_show(struct seq_file *f
4217 lock_get_status(f, fl, iter->li_pos, "");
4219 - list_for_each_entry(bfl, &fl->fl_block, fl_block)
4220 + list_for_each_entry(bfl, &fl->fl_block, fl_block) {
4221 + if (!vx_check(fl->fl_xid, VS_WATCH_P | VS_IDENT))
4223 lock_get_status(f, bfl, iter->li_pos, " ->");
4228 diff -NurpP --minimal linux-3.14.17/fs/mount.h linux-3.14.17-vs2.3.6.13/fs/mount.h
4229 --- linux-3.14.17/fs/mount.h 2014-08-14 01:38:34.000000000 +0000
4230 +++ linux-3.14.17-vs2.3.6.13/fs/mount.h 2014-08-30 14:27:38.000000000 +0000
4231 @@ -57,6 +57,7 @@ struct mount {
4232 int mnt_expiry_mark; /* true if marked for expiry */
4234 struct path mnt_ex_mountpoint;
4235 + vtag_t mnt_tag; /* tagging used for vfsmount */
4238 #define MNT_NS_INTERNAL ERR_PTR(-EINVAL) /* distinct from any mnt_namespace */
4239 diff -NurpP --minimal linux-3.14.17/fs/namei.c linux-3.14.17-vs2.3.6.13/fs/namei.c
4240 --- linux-3.14.17/fs/namei.c 2014-08-14 01:38:34.000000000 +0000
4241 +++ linux-3.14.17-vs2.3.6.13/fs/namei.c 2014-08-30 17:03:10.000000000 +0000
4243 #include <linux/fs_struct.h>
4244 #include <linux/posix_acl.h>
4245 #include <linux/hash.h>
4246 +#include <linux/proc_fs.h>
4247 +#include <linux/magic.h>
4248 +#include <linux/vserver/inode.h>
4249 +#include <linux/vs_base.h>
4250 +#include <linux/vs_tag.h>
4251 +#include <linux/vs_cowbl.h>
4252 +#include <linux/vs_device.h>
4253 +#include <linux/vs_context.h>
4254 +#include <linux/pid_namespace.h>
4255 #include <asm/uaccess.h>
4257 #include "internal.h"
4258 +#include "proc/internal.h"
4261 /* [Feb-1997 T. Schoebel-Theuer]
4262 @@ -277,6 +287,89 @@ static int check_acl(struct inode *inode
4266 +static inline int dx_barrier(const struct inode *inode)
4268 + if (IS_BARRIER(inode) && !vx_check(0, VS_ADMIN | VS_WATCH)) {
4269 + vxwprintk_task(1, "did hit the barrier.");
4275 +static int __dx_permission(const struct inode *inode, int mask)
4277 + if (dx_barrier(inode))
4280 + if (inode->i_sb->s_magic == DEVPTS_SUPER_MAGIC) {
4281 + /* devpts is xid tagged */
4282 + if (S_ISDIR(inode->i_mode) ||
4283 + vx_check((vxid_t)i_tag_read(inode), VS_IDENT | VS_WATCH_P))
4286 + /* just pretend we didn't find anything */
4289 + else if (inode->i_sb->s_magic == PROC_SUPER_MAGIC) {
4290 + struct proc_dir_entry *de = PDE(inode);
4292 + if (de && !vx_hide_check(0, de->vx_flags))
4295 + if ((mask & (MAY_WRITE | MAY_APPEND))) {
4297 + struct task_struct *tsk;
4299 + if (vx_check(0, VS_ADMIN | VS_WATCH_P) ||
4300 + vx_flags(VXF_STATE_SETUP, 0))
4303 + pid = PROC_I(inode)->pid;
4308 + tsk = pid_task(pid, PIDTYPE_PID);
4309 + vxdprintk(VXD_CBIT(tag, 0), "accessing %p[#%u]",
4310 + tsk, (tsk ? vx_task_xid(tsk) : 0));
4312 + vx_check(vx_task_xid(tsk), VS_IDENT | VS_WATCH_P)) {
4313 + rcu_read_unlock();
4316 + rcu_read_unlock();
4319 + /* FIXME: Should we block some entries here? */
4324 + if (dx_notagcheck(inode->i_sb) ||
4325 + dx_check((vxid_t)i_tag_read(inode),
4326 + DX_HOSTID | DX_ADMIN | DX_WATCH | DX_IDENT))
4334 +int dx_permission(const struct inode *inode, int mask)
4336 + int ret = __dx_permission(inode, mask);
4337 + if (unlikely(ret)) {
4338 +#ifndef CONFIG_VSERVER_WARN_DEVPTS
4339 + if (inode->i_sb->s_magic != DEVPTS_SUPER_MAGIC)
4342 + "denied [0x%x] access to inode %s:%p[#%d,%lu]",
4343 + mask, inode->i_sb->s_id, inode,
4344 + i_tag_read(inode), inode->i_ino);
4350 * This does the basic permission checking
4352 @@ -400,10 +493,14 @@ int __inode_permission(struct inode *ino
4354 * Nobody gets write access to an immutable file.
4356 - if (IS_IMMUTABLE(inode))
4357 + if (IS_IMMUTABLE(inode) && !IS_COW(inode))
4361 + retval = dx_permission(inode, mask);
4365 retval = do_inode_permission(inode, mask);
4368 @@ -1395,6 +1492,9 @@ static int lookup_fast(struct nameidata
4373 + /* FIXME: check dx permission */
4376 path->dentry = dentry;
4377 if (unlikely(!__follow_mount_rcu(nd, path, inode)))
4378 @@ -1425,6 +1525,8 @@ unlazy:
4382 + /* FIXME: check dx permission */
4385 path->dentry = dentry;
4386 err = follow_managed(path, nd->flags);
4387 @@ -2413,7 +2515,7 @@ static int may_delete(struct inode *dir,
4390 if (check_sticky(dir, inode) || IS_APPEND(inode) ||
4391 - IS_IMMUTABLE(inode) || IS_SWAPFILE(inode))
4392 + IS_IXORUNLINK(inode) || IS_SWAPFILE(inode))
4395 if (!d_is_directory(victim) && !d_is_autodir(victim))
4396 @@ -2493,19 +2595,25 @@ int vfs_create(struct inode *dir, struct
4399 int error = may_create(dir, dentry);
4402 + vxdprintk(VXD_CBIT(misc, 3), "may_create failed with %d", error);
4406 if (!dir->i_op->create)
4407 return -EACCES; /* shouldn't it be ENOSYS? */
4410 error = security_inode_create(dir, dentry, mode);
4413 + vxdprintk(VXD_CBIT(misc, 3), "security_inode_create failed with %d", error);
4416 error = dir->i_op->create(dir, dentry, mode, want_excl);
4418 fsnotify_create(dir, dentry);
4420 + vxdprintk(VXD_CBIT(misc, 3), "i_op->create failed with %d", error);
4424 @@ -2540,6 +2648,15 @@ static int may_open(struct path *path, i
4428 +#ifdef CONFIG_VSERVER_COWBL
4429 + if (IS_COW(inode) &&
4430 + ((flag & O_ACCMODE) != O_RDONLY)) {
4431 + if (IS_COW_LINK(inode))
4433 + inode->i_flags &= ~(S_IXUNLINK|S_IMMUTABLE);
4434 + mark_inode_dirty(inode);
4437 error = inode_permission(inode, acc_mode);
4440 @@ -3035,6 +3152,16 @@ finish_open:
4442 finish_open_created:
4443 error = may_open(&nd->path, acc_mode, open_flag);
4444 +#ifdef CONFIG_VSERVER_COWBL
4445 + if (error == -EMLINK) {
4446 + struct dentry *dentry;
4447 + dentry = cow_break_link(name->name);
4448 + if (IS_ERR(dentry))
4449 + error = PTR_ERR(dentry);
4456 file->f_path.mnt = nd->path.mnt;
4457 @@ -3160,6 +3287,7 @@ static struct file *path_openat(int dfd,
4462 file = get_empty_filp();
4465 @@ -3201,6 +3329,16 @@ static struct file *path_openat(int dfd,
4466 error = do_last(nd, &path, file, op, &opened, pathname);
4467 put_link(nd, &link, cookie);
4470 +#ifdef CONFIG_VSERVER_COWBL
4471 + if (error == -EMLINK) {
4472 + if (nd->root.mnt && !(nd->flags & LOOKUP_ROOT))
4473 + path_put(&nd->root);
4480 if (nd->root.mnt && !(nd->flags & LOOKUP_ROOT))
4481 path_put(&nd->root);
4482 @@ -3316,6 +3454,11 @@ struct dentry *kern_path_create(int dfd,
4486 + vxdprintk(VXD_CBIT(misc, 3), "kern_path_create path.dentry = %p (%.*s), dentry = %p (%.*s), d_inode = %p",
4487 + path->dentry, path->dentry->d_name.len,
4488 + path->dentry->d_name.name, dentry,
4489 + dentry->d_name.len, dentry->d_name.name,
4490 + path->dentry->d_inode);
4494 @@ -3863,7 +4006,7 @@ int vfs_link(struct dentry *old_dentry,
4496 * A link to an append-only or immutable file cannot be created.
4498 - if (IS_APPEND(inode) || IS_IMMUTABLE(inode))
4499 + if (IS_APPEND(inode) || IS_IXORUNLINK(inode))
4501 if (!dir->i_op->link)
4503 @@ -4318,6 +4461,287 @@ int generic_readlink(struct dentry *dent
4508 +#ifdef CONFIG_VSERVER_COWBL
4511 +long do_cow_splice(struct file *in, struct file *out, size_t len)
4516 + return do_splice_direct(in, &ppos, out, &opos, len, 0);
4519 +struct dentry *cow_break_link(const char *pathname)
4521 + int ret, mode, pathlen, redo = 0, drop = 1;
4522 + struct nameidata old_nd, dir_nd;
4523 + struct path dir_path, *old_path, *new_path;
4524 + struct dentry *dir, *old_dentry, *new_dentry = NULL;
4525 + struct file *old_file;
4526 + struct file *new_file;
4527 + char *to, *path, pad='\251';
4530 + vxdprintk(VXD_CBIT(misc, 1),
4531 + "cow_break_link(" VS_Q("%s") ")", pathname);
4533 + path = kmalloc(PATH_MAX, GFP_KERNEL);
4538 + /* old_nd.path will have refs to dentry and mnt */
4539 + ret = do_path_lookup(AT_FDCWD, pathname, LOOKUP_FOLLOW, &old_nd);
4540 + vxdprintk(VXD_CBIT(misc, 2),
4541 + "do_path_lookup(old): %d", ret);
4543 + goto out_free_path;
4545 + /* dentry/mnt refs handed over to old_path */
4546 + old_path = &old_nd.path;
4547 + /* no explicit reference for old_dentry here */
4548 + old_dentry = old_path->dentry;
4550 + mode = old_dentry->d_inode->i_mode;
4551 + to = d_path(old_path, path, PATH_MAX-2);
4552 + pathlen = strlen(to);
4553 + vxdprintk(VXD_CBIT(misc, 2),
4554 + "old path " VS_Q("%s") " [%p:" VS_Q("%.*s") ":%d]", to,
4556 + old_dentry->d_name.len, old_dentry->d_name.name,
4557 + old_dentry->d_name.len);
4559 + to[pathlen + 1] = 0;
4561 + new_dentry = NULL;
4562 + to[pathlen] = pad--;
4564 + if (pad <= '\240')
4567 + vxdprintk(VXD_CBIT(misc, 1), "temp copy " VS_Q("%s"), to);
4569 + /* dir_nd.path will have refs to dentry and mnt */
4570 + ret = do_path_lookup(AT_FDCWD, to,
4571 + LOOKUP_PARENT | LOOKUP_OPEN | LOOKUP_CREATE, &dir_nd);
4572 + vxdprintk(VXD_CBIT(misc, 2), "do_path_lookup(new): %d", ret);
4576 + /* this puppy downs the dir inode mutex if successful.
4577 + dir_path will hold refs to dentry and mnt and
4578 + we'll have write access to the mnt */
4579 + new_dentry = kern_path_create(AT_FDCWD, to, &dir_path, 0);
4580 + if (!new_dentry || IS_ERR(new_dentry)) {
4581 + path_put(&dir_nd.path);
4582 + vxdprintk(VXD_CBIT(misc, 2),
4583 + "kern_path_create(new) failed with %ld",
4584 + PTR_ERR(new_dentry));
4587 + vxdprintk(VXD_CBIT(misc, 2),
4588 + "kern_path_create(new): %p [" VS_Q("%.*s") ":%d]",
4590 + new_dentry->d_name.len, new_dentry->d_name.name,
4591 + new_dentry->d_name.len);
4593 + /* take a reference on new_dentry */
4596 + /* dentry/mnt refs handed over to new_path */
4597 + new_path = &dir_path;
4599 + /* dentry for old/new dir */
4600 + dir = dir_nd.path.dentry;
4602 + /* give up reference on dir */
4603 + dput(new_path->dentry);
4605 + /* new_dentry already has a reference */
4606 + new_path->dentry = new_dentry;
4608 + ret = vfs_create(dir->d_inode, new_dentry, mode, 1);
4609 + vxdprintk(VXD_CBIT(misc, 2),
4610 + "vfs_create(new): %d", ret);
4611 + if (ret == -EEXIST) {
4612 + path_put(&dir_nd.path);
4613 + mutex_unlock(&dir->d_inode->i_mutex);
4614 + mnt_drop_write(new_path->mnt);
4615 + path_put(new_path);
4616 + new_dentry = NULL;
4620 + goto out_unlock_new;
4622 + /* drop out early, ret passes ENOENT */
4624 + if ((redo = d_unhashed(old_dentry)))
4625 + goto out_unlock_new;
4627 + /* doesn't change refs for old_path */
4628 + old_file = dentry_open(old_path, O_RDONLY, current_cred());
4629 + vxdprintk(VXD_CBIT(misc, 2),
4630 + "dentry_open(old): %p", old_file);
4631 + if (IS_ERR(old_file)) {
4632 + ret = PTR_ERR(old_file);
4633 + goto out_unlock_new;
4636 + /* doesn't change refs for new_path */
4637 + new_file = dentry_open(new_path, O_WRONLY, current_cred());
4638 + vxdprintk(VXD_CBIT(misc, 2),
4639 + "dentry_open(new): %p", new_file);
4640 + if (IS_ERR(new_file)) {
4641 + ret = PTR_ERR(new_file);
4642 + goto out_fput_old;
4645 + /* unlock the inode mutex from kern_path_create() */
4646 + mutex_unlock(&dir->d_inode->i_mutex);
4648 + /* drop write access to mnt */
4649 + mnt_drop_write(new_path->mnt);
4653 + size = i_size_read(old_file->f_dentry->d_inode);
4654 + ret = do_cow_splice(old_file, new_file, size);
4655 + vxdprintk(VXD_CBIT(misc, 2), "do_splice_direct: %d", ret);
4657 + goto out_fput_both;
4658 + } else if (ret < size) {
4660 + goto out_fput_both;
4662 + struct inode *old_inode = old_dentry->d_inode;
4663 + struct inode *new_inode = new_dentry->d_inode;
4664 + struct iattr attr = {
4665 + .ia_uid = old_inode->i_uid,
4666 + .ia_gid = old_inode->i_gid,
4667 + .ia_valid = ATTR_UID | ATTR_GID
4670 + setattr_copy(new_inode, &attr);
4671 + mark_inode_dirty(new_inode);
4674 + /* lock rename mutex */
4675 + mutex_lock(&old_dentry->d_inode->i_sb->s_vfs_rename_mutex);
4677 + /* drop out late */
4679 + if ((redo = d_unhashed(old_dentry)))
4682 + vxdprintk(VXD_CBIT(misc, 2),
4683 + "vfs_rename: [" VS_Q("%*s") ":%d] -> [" VS_Q("%*s") ":%d]",
4684 + new_dentry->d_name.len, new_dentry->d_name.name,
4685 + new_dentry->d_name.len,
4686 + old_dentry->d_name.len, old_dentry->d_name.name,
4687 + old_dentry->d_name.len);
4688 + ret = vfs_rename(dir_nd.path.dentry->d_inode, new_dentry,
4689 + old_dentry->d_parent->d_inode, old_dentry, NULL);
4690 + vxdprintk(VXD_CBIT(misc, 2), "vfs_rename: %d", ret);
4693 + mutex_unlock(&old_dentry->d_inode->i_sb->s_vfs_rename_mutex);
4696 + vxdprintk(VXD_CBIT(misc, 3),
4697 + "fput(new_file=%p[#%ld])", new_file,
4698 + atomic_long_read(&new_file->f_count));
4702 + vxdprintk(VXD_CBIT(misc, 3),
4703 + "fput(old_file=%p[#%ld])", old_file,
4704 + atomic_long_read(&old_file->f_count));
4708 + /* drop references from dir_nd.path */
4709 + path_put(&dir_nd.path);
4712 + /* unlock the inode mutex from kern_path_create() */
4713 + mutex_unlock(&dir->d_inode->i_mutex);
4715 + /* drop write access to mnt */
4716 + mnt_drop_write(new_path->mnt);
4722 + /* error path cleanup */
4723 + vfs_unlink(dir->d_inode, new_dentry, NULL);
4727 + goto out_rel_both;
4729 + /* lookup dentry once again
4730 + old_nd.path will be freed as old_path in out_rel_old */
4731 + ret = do_path_lookup(AT_FDCWD, pathname, LOOKUP_FOLLOW, &old_nd);
4733 + goto out_rel_both;
4735 + /* drop reference on new_dentry */
4737 + new_dentry = old_path->dentry;
4739 + vxdprintk(VXD_CBIT(misc, 2),
4740 + "do_path_lookup(redo): %p [" VS_Q("%.*s") ":%d]",
4742 + new_dentry->d_name.len, new_dentry->d_name.name,
4743 + new_dentry->d_name.len);
4747 + path_put(new_path);
4749 + path_put(old_path);
4755 + new_dentry = ERR_PTR(ret);
4757 + vxdprintk(VXD_CBIT(misc, 3),
4758 + "cow_break_link returning with %p", new_dentry);
4759 + return new_dentry;
4764 +int vx_info_mnt_namespace(struct mnt_namespace *ns, char *buffer)
4767 + struct vfsmount *vmnt;
4768 + char *pstr, *root;
4771 + pstr = kmalloc(PATH_MAX, GFP_KERNEL);
4775 + vmnt = &ns->root->mnt;
4777 + path.dentry = vmnt->mnt_root;
4778 + root = d_path(&path, pstr, PATH_MAX - 2);
4779 + length = sprintf(buffer + length,
4780 + "Namespace:\t%p [#%u]\n"
4781 + "RootPath:\t%s\n",
4782 + ns, atomic_read(&ns->count),
4788 /* get the link contents into pagecache */
4789 static char *page_getlink(struct dentry * dentry, struct page **ppage)
4791 @@ -4440,3 +4864,4 @@ EXPORT_SYMBOL(vfs_symlink);
4792 EXPORT_SYMBOL(vfs_unlink);
4793 EXPORT_SYMBOL(dentry_unhash);
4794 EXPORT_SYMBOL(generic_readlink);
4795 +EXPORT_SYMBOL(vx_info_mnt_namespace);
4796 diff -NurpP --minimal linux-3.14.17/fs/namespace.c linux-3.14.17-vs2.3.6.13/fs/namespace.c
4797 --- linux-3.14.17/fs/namespace.c 2014-08-14 01:38:34.000000000 +0000
4798 +++ linux-3.14.17-vs2.3.6.13/fs/namespace.c 2014-08-30 14:27:38.000000000 +0000
4800 #include <linux/proc_ns.h>
4801 #include <linux/magic.h>
4802 #include <linux/bootmem.h>
4803 +#include <linux/vs_base.h>
4804 +#include <linux/vs_context.h>
4805 +#include <linux/vs_tag.h>
4806 +#include <linux/vserver/space.h>
4807 +#include <linux/vserver/global.h>
4809 #include "internal.h"
4811 @@ -839,6 +844,10 @@ vfs_kern_mount(struct file_system_type *
4813 return ERR_PTR(-ENODEV);
4815 + if ((type->fs_flags & FS_BINARY_MOUNTDATA) &&
4816 + !vx_capable(CAP_SYS_ADMIN, VXC_BINARY_MOUNT))
4817 + return ERR_PTR(-EPERM);
4819 mnt = alloc_vfsmnt(name);
4821 return ERR_PTR(-ENOMEM);
4822 @@ -899,6 +908,7 @@ static struct mount *clone_mnt(struct mo
4823 mnt->mnt.mnt_root = dget(root);
4824 mnt->mnt_mountpoint = mnt->mnt.mnt_root;
4825 mnt->mnt_parent = mnt;
4826 + mnt->mnt_tag = old->mnt_tag;
4828 list_add_tail(&mnt->mnt_instance, &sb->s_mounts);
4829 unlock_mount_hash();
4830 @@ -1369,7 +1379,8 @@ static int do_umount(struct mount *mnt,
4832 static inline bool may_mount(void)
4834 - return ns_capable(current->nsproxy->mnt_ns->user_ns, CAP_SYS_ADMIN);
4835 + return vx_ns_capable(current->nsproxy->mnt_ns->user_ns,
4836 + CAP_SYS_ADMIN, VXC_SECURE_MOUNT);
4840 @@ -1790,6 +1801,7 @@ static int do_change_type(struct path *p
4844 + // mnt->mnt_flags = mnt_flags;
4847 for (m = mnt; m; m = (recurse ? next_mnt(m, mnt) : NULL))
4848 @@ -1818,12 +1830,14 @@ static bool has_locked_children(struct m
4849 * do loopback mount.
4851 static int do_loopback(struct path *path, const char *old_name,
4853 + vtag_t tag, unsigned long flags, int mnt_flags)
4855 struct path old_path;
4856 struct mount *mnt = NULL, *old, *parent;
4857 struct mountpoint *mp;
4858 + int recurse = flags & MS_REC;
4861 if (!old_name || !*old_name)
4863 err = kern_path(old_name, LOOKUP_FOLLOW|LOOKUP_AUTOMOUNT, &old_path);
4864 @@ -1903,7 +1917,7 @@ static int change_mount_flags(struct vfs
4865 * on it - tough luck.
4867 static int do_remount(struct path *path, int flags, int mnt_flags,
4869 + void *data, vxid_t xid)
4872 struct super_block *sb = path->mnt->mnt_sb;
4873 @@ -2382,6 +2396,7 @@ long do_mount(const char *dev_name, cons
4880 if ((flags & MS_MGC_MSK) == MS_MGC_VAL)
4881 @@ -2411,6 +2426,12 @@ long do_mount(const char *dev_name, cons
4882 if (!(flags & MS_NOATIME))
4883 mnt_flags |= MNT_RELATIME;
4885 + if (dx_parse_tag(data_page, &tag, 1, &mnt_flags, &flags)) {
4886 + /* FIXME: bind and re-mounts get the tag flag? */
4887 + if (flags & (MS_BIND|MS_REMOUNT))
4888 + flags |= MS_TAGID;
4891 /* Separate the per-mountpoint flags */
4892 if (flags & MS_NOSUID)
4893 mnt_flags |= MNT_NOSUID;
4894 @@ -2427,15 +2448,17 @@ long do_mount(const char *dev_name, cons
4895 if (flags & MS_RDONLY)
4896 mnt_flags |= MNT_READONLY;
4898 + if (!vx_capable(CAP_SYS_ADMIN, VXC_DEV_MOUNT))
4899 + mnt_flags |= MNT_NODEV;
4900 flags &= ~(MS_NOSUID | MS_NOEXEC | MS_NODEV | MS_ACTIVE | MS_BORN |
4901 MS_NOATIME | MS_NODIRATIME | MS_RELATIME| MS_KERNMOUNT |
4904 if (flags & MS_REMOUNT)
4905 retval = do_remount(&path, flags & ~MS_REMOUNT, mnt_flags,
4908 else if (flags & MS_BIND)
4909 - retval = do_loopback(&path, dev_name, flags & MS_REC);
4910 + retval = do_loopback(&path, dev_name, tag, flags, mnt_flags);
4911 else if (flags & (MS_SHARED | MS_PRIVATE | MS_SLAVE | MS_UNBINDABLE))
4912 retval = do_change_type(&path, flags);
4913 else if (flags & MS_MOVE)
4914 @@ -2551,6 +2574,7 @@ struct mnt_namespace *copy_mnt_ns(unsign
4915 p = next_mnt(p, old);
4918 + atomic_inc(&vs_global_mnt_ns);
4922 @@ -2732,9 +2756,10 @@ SYSCALL_DEFINE2(pivot_root, const char _
4923 new_mnt = real_mount(new.mnt);
4924 root_mnt = real_mount(root.mnt);
4925 old_mnt = real_mount(old.mnt);
4926 - if (IS_MNT_SHARED(old_mnt) ||
4927 + if ((IS_MNT_SHARED(old_mnt) ||
4928 IS_MNT_SHARED(new_mnt->mnt_parent) ||
4929 - IS_MNT_SHARED(root_mnt->mnt_parent))
4930 + IS_MNT_SHARED(root_mnt->mnt_parent)) &&
4931 + !vx_flags(VXF_STATE_SETUP, 0))
4933 if (!check_mnt(root_mnt) || !check_mnt(new_mnt))
4935 @@ -2866,6 +2891,7 @@ void put_mnt_ns(struct mnt_namespace *ns
4936 if (!atomic_dec_and_test(&ns->count))
4938 drop_collected_mounts(&ns->root->mnt);
4939 + atomic_dec(&vs_global_mnt_ns);
4943 diff -NurpP --minimal linux-3.14.17/fs/nfs/client.c linux-3.14.17-vs2.3.6.13/fs/nfs/client.c
4944 --- linux-3.14.17/fs/nfs/client.c 2014-08-14 01:38:34.000000000 +0000
4945 +++ linux-3.14.17-vs2.3.6.13/fs/nfs/client.c 2014-08-30 14:27:38.000000000 +0000
4946 @@ -685,6 +685,9 @@ int nfs_init_server_rpcclient(struct nfs
4947 if (server->flags & NFS_MOUNT_SOFT)
4948 server->client->cl_softrtry = 1;
4950 + server->client->cl_tag = 0;
4951 + if (server->flags & NFS_MOUNT_TAGGED)
4952 + server->client->cl_tag = 1;
4955 EXPORT_SYMBOL_GPL(nfs_init_server_rpcclient);
4956 @@ -863,6 +866,10 @@ static void nfs_server_set_fsinfo(struct
4957 server->acdirmin = server->acdirmax = 0;
4960 + /* FIXME: needs fsinfo
4961 + if (server->flags & NFS_MOUNT_TAGGED)
4962 + sb->s_flags |= MS_TAGGED; */
4964 server->maxfilesize = fsinfo->maxfilesize;
4966 server->time_delta = fsinfo->time_delta;
4967 diff -NurpP --minimal linux-3.14.17/fs/nfs/dir.c linux-3.14.17-vs2.3.6.13/fs/nfs/dir.c
4968 --- linux-3.14.17/fs/nfs/dir.c 2014-08-14 01:38:34.000000000 +0000
4969 +++ linux-3.14.17-vs2.3.6.13/fs/nfs/dir.c 2014-08-30 14:27:38.000000000 +0000
4971 #include <linux/sched.h>
4972 #include <linux/kmemleak.h>
4973 #include <linux/xattr.h>
4974 +#include <linux/vs_tag.h>
4976 #include "delegation.h"
4978 @@ -1328,6 +1329,7 @@ struct dentry *nfs_lookup(struct inode *
4979 /* Success: notify readdir to use READDIRPLUS */
4980 nfs_advise_use_readdirplus(dir);
4982 + dx_propagate_tag(nd, inode);
4984 res = d_materialise_unique(dentry, inode);
4986 diff -NurpP --minimal linux-3.14.17/fs/nfs/inode.c linux-3.14.17-vs2.3.6.13/fs/nfs/inode.c
4987 --- linux-3.14.17/fs/nfs/inode.c 2014-08-14 01:38:34.000000000 +0000
4988 +++ linux-3.14.17-vs2.3.6.13/fs/nfs/inode.c 2014-08-30 14:27:38.000000000 +0000
4990 #include <linux/slab.h>
4991 #include <linux/compat.h>
4992 #include <linux/freezer.h>
4993 +#include <linux/vs_tag.h>
4995 #include <asm/uaccess.h>
4997 @@ -359,6 +360,8 @@ nfs_fhget(struct super_block *sb, struct
4998 if (inode->i_state & I_NEW) {
4999 struct nfs_inode *nfsi = NFS_I(inode);
5000 unsigned long now = jiffies;
5004 /* We set i_ino for the few things that still rely on it,
5005 * such as stat(2) */
5006 @@ -403,8 +406,8 @@ nfs_fhget(struct super_block *sb, struct
5007 inode->i_version = 0;
5010 - inode->i_uid = make_kuid(&init_user_ns, -2);
5011 - inode->i_gid = make_kgid(&init_user_ns, -2);
5012 + kuid = make_kuid(&init_user_ns, -2);
5013 + kgid = make_kgid(&init_user_ns, -2);
5014 inode->i_blocks = 0;
5015 memset(nfsi->cookieverf, 0, sizeof(nfsi->cookieverf));
5017 @@ -438,11 +441,11 @@ nfs_fhget(struct super_block *sb, struct
5018 else if (nfs_server_capable(inode, NFS_CAP_NLINK))
5019 nfsi->cache_validity |= NFS_INO_INVALID_ATTR;
5020 if (fattr->valid & NFS_ATTR_FATTR_OWNER)
5021 - inode->i_uid = fattr->uid;
5022 + kuid = fattr->uid;
5023 else if (nfs_server_capable(inode, NFS_CAP_OWNER))
5024 nfsi->cache_validity |= NFS_INO_INVALID_ATTR;
5025 if (fattr->valid & NFS_ATTR_FATTR_GROUP)
5026 - inode->i_gid = fattr->gid;
5027 + kgid = fattr->gid;
5028 else if (nfs_server_capable(inode, NFS_CAP_OWNER_GROUP))
5029 nfsi->cache_validity |= NFS_INO_INVALID_ATTR;
5030 if (fattr->valid & NFS_ATTR_FATTR_BLOCKS_USED)
5031 @@ -453,6 +456,10 @@ nfs_fhget(struct super_block *sb, struct
5033 inode->i_blocks = nfs_calc_block_size(fattr->du.nfs3.used);
5035 + inode->i_uid = INOTAG_KUID(DX_TAG(inode), kuid, kgid);
5036 + inode->i_gid = INOTAG_KGID(DX_TAG(inode), kuid, kgid);
5037 + inode->i_tag = INOTAG_KTAG(DX_TAG(inode), kuid, kgid, GLOBAL_ROOT_TAG);
5038 + /* maybe fattr->xid someday */
5040 nfs_setsecurity(inode, fattr, label);
5042 @@ -578,6 +585,8 @@ void nfs_setattr_update_inode(struct ino
5043 inode->i_uid = attr->ia_uid;
5044 if ((attr->ia_valid & ATTR_GID) != 0)
5045 inode->i_gid = attr->ia_gid;
5046 + if ((attr->ia_valid & ATTR_TAG) && IS_TAGGED(inode))
5047 + inode->i_tag = attr->ia_tag;
5048 NFS_I(inode)->cache_validity |= NFS_INO_INVALID_ACCESS|NFS_INO_INVALID_ACL;
5049 spin_unlock(&inode->i_lock);
5051 @@ -1128,7 +1137,9 @@ static int nfs_check_inode_attributes(st
5052 struct nfs_inode *nfsi = NFS_I(inode);
5053 loff_t cur_size, new_isize;
5054 unsigned long invalid = 0;
5060 if (nfs_have_delegated_attributes(inode))
5062 @@ -1153,13 +1164,18 @@ static int nfs_check_inode_attributes(st
5063 invalid |= NFS_INO_INVALID_ATTR|NFS_INO_REVAL_PAGECACHE;
5066 + kuid = INOTAG_KUID(DX_TAG(inode), fattr->uid, fattr->gid);
5067 + kgid = INOTAG_KGID(DX_TAG(inode), fattr->uid, fattr->gid);
5068 + ktag = INOTAG_KTAG(DX_TAG(inode), fattr->uid, fattr->gid, GLOBAL_ROOT_TAG);
5070 /* Have any file permissions changed? */
5071 if ((fattr->valid & NFS_ATTR_FATTR_MODE) && (inode->i_mode & S_IALLUGO) != (fattr->mode & S_IALLUGO))
5072 invalid |= NFS_INO_INVALID_ATTR | NFS_INO_INVALID_ACCESS | NFS_INO_INVALID_ACL;
5073 - if ((fattr->valid & NFS_ATTR_FATTR_OWNER) && !uid_eq(inode->i_uid, fattr->uid))
5074 + if ((fattr->valid & NFS_ATTR_FATTR_OWNER) && !uid_eq(inode->i_uid, kuid))
5075 invalid |= NFS_INO_INVALID_ATTR | NFS_INO_INVALID_ACCESS | NFS_INO_INVALID_ACL;
5076 - if ((fattr->valid & NFS_ATTR_FATTR_GROUP) && !gid_eq(inode->i_gid, fattr->gid))
5077 + if ((fattr->valid & NFS_ATTR_FATTR_GROUP) && !gid_eq(inode->i_gid, kgid))
5078 invalid |= NFS_INO_INVALID_ATTR | NFS_INO_INVALID_ACCESS | NFS_INO_INVALID_ACL;
5079 + /* maybe check for tag too? */
5081 /* Has the link count changed? */
5082 if ((fattr->valid & NFS_ATTR_FATTR_NLINK) && inode->i_nlink != fattr->nlink)
5083 @@ -1492,6 +1508,9 @@ static int nfs_update_inode(struct inode
5084 unsigned long invalid = 0;
5085 unsigned long now = jiffies;
5086 unsigned long save_cache_validity;
5091 dfprintk(VFS, "NFS: %s(%s/%lu fh_crc=0x%08x ct=%d info=0x%x)\n",
5092 __func__, inode->i_sb->s_id, inode->i_ino,
5093 @@ -1595,6 +1614,9 @@ static int nfs_update_inode(struct inode
5094 | NFS_INO_REVAL_PAGECACHE
5095 | NFS_INO_REVAL_FORCED);
5097 + kuid = TAGINO_KUID(DX_TAG(inode), inode->i_uid, inode->i_tag);
5098 + kgid = TAGINO_KGID(DX_TAG(inode), inode->i_gid, inode->i_tag);
5099 + ktag = TAGINO_KTAG(DX_TAG(inode), inode->i_tag);
5101 if (fattr->valid & NFS_ATTR_FATTR_ATIME)
5102 memcpy(&inode->i_atime, &fattr->atime, sizeof(inode->i_atime));
5103 @@ -1641,6 +1663,10 @@ static int nfs_update_inode(struct inode
5104 | NFS_INO_INVALID_ACL
5105 | NFS_INO_REVAL_FORCED);
5107 + inode->i_uid = INOTAG_KUID(DX_TAG(inode), kuid, kgid);
5108 + inode->i_gid = INOTAG_KGID(DX_TAG(inode), kuid, kgid);
5109 + inode->i_tag = INOTAG_KTAG(DX_TAG(inode), kuid, kgid, ktag);
5111 if (fattr->valid & NFS_ATTR_FATTR_NLINK) {
5112 if (inode->i_nlink != fattr->nlink) {
5113 invalid |= NFS_INO_INVALID_ATTR;
5114 diff -NurpP --minimal linux-3.14.17/fs/nfs/nfs3xdr.c linux-3.14.17-vs2.3.6.13/fs/nfs/nfs3xdr.c
5115 --- linux-3.14.17/fs/nfs/nfs3xdr.c 2014-08-14 01:38:34.000000000 +0000
5116 +++ linux-3.14.17-vs2.3.6.13/fs/nfs/nfs3xdr.c 2014-08-30 14:27:38.000000000 +0000
5118 #include <linux/nfs3.h>
5119 #include <linux/nfs_fs.h>
5120 #include <linux/nfsacl.h>
5121 +#include <linux/vs_tag.h>
5122 #include "internal.h"
5124 #define NFSDBG_FACILITY NFSDBG_XDR
5125 @@ -558,7 +559,8 @@ static __be32 *xdr_decode_nfstime3(__be3
5129 -static void encode_sattr3(struct xdr_stream *xdr, const struct iattr *attr)
5130 +static void encode_sattr3(struct xdr_stream *xdr,
5131 + const struct iattr *attr, int tag)
5135 @@ -590,15 +592,19 @@ static void encode_sattr3(struct xdr_str
5139 - if (attr->ia_valid & ATTR_UID) {
5140 + if (attr->ia_valid & ATTR_UID ||
5141 + (tag && (attr->ia_valid & ATTR_TAG))) {
5143 - *p++ = cpu_to_be32(from_kuid(&init_user_ns, attr->ia_uid));
5144 + *p++ = cpu_to_be32(from_kuid(&init_user_ns,
5145 + TAGINO_KUID(tag, attr->ia_uid, attr->ia_tag)));
5149 - if (attr->ia_valid & ATTR_GID) {
5150 + if (attr->ia_valid & ATTR_GID ||
5151 + (tag && (attr->ia_valid & ATTR_TAG))) {
5153 - *p++ = cpu_to_be32(from_kgid(&init_user_ns, attr->ia_gid));
5154 + *p++ = cpu_to_be32(from_kgid(&init_user_ns,
5155 + TAGINO_KGID(tag, attr->ia_gid, attr->ia_tag)));
5159 @@ -887,7 +893,7 @@ static void nfs3_xdr_enc_setattr3args(st
5160 const struct nfs3_sattrargs *args)
5162 encode_nfs_fh3(xdr, args->fh);
5163 - encode_sattr3(xdr, args->sattr);
5164 + encode_sattr3(xdr, args->sattr, req->rq_task->tk_client->cl_tag);
5165 encode_sattrguard3(xdr, args);
5168 @@ -1037,13 +1043,13 @@ static void nfs3_xdr_enc_write3args(stru
5171 static void encode_createhow3(struct xdr_stream *xdr,
5172 - const struct nfs3_createargs *args)
5173 + const struct nfs3_createargs *args, int tag)
5175 encode_uint32(xdr, args->createmode);
5176 switch (args->createmode) {
5177 case NFS3_CREATE_UNCHECKED:
5178 case NFS3_CREATE_GUARDED:
5179 - encode_sattr3(xdr, args->sattr);
5180 + encode_sattr3(xdr, args->sattr, tag);
5182 case NFS3_CREATE_EXCLUSIVE:
5183 encode_createverf3(xdr, args->verifier);
5184 @@ -1058,7 +1064,7 @@ static void nfs3_xdr_enc_create3args(str
5185 const struct nfs3_createargs *args)
5187 encode_diropargs3(xdr, args->fh, args->name, args->len);
5188 - encode_createhow3(xdr, args);
5189 + encode_createhow3(xdr, args, req->rq_task->tk_client->cl_tag);
5193 @@ -1074,7 +1080,7 @@ static void nfs3_xdr_enc_mkdir3args(stru
5194 const struct nfs3_mkdirargs *args)
5196 encode_diropargs3(xdr, args->fh, args->name, args->len);
5197 - encode_sattr3(xdr, args->sattr);
5198 + encode_sattr3(xdr, args->sattr, req->rq_task->tk_client->cl_tag);
5202 @@ -1091,9 +1097,9 @@ static void nfs3_xdr_enc_mkdir3args(stru
5205 static void encode_symlinkdata3(struct xdr_stream *xdr,
5206 - const struct nfs3_symlinkargs *args)
5207 + const struct nfs3_symlinkargs *args, int tag)
5209 - encode_sattr3(xdr, args->sattr);
5210 + encode_sattr3(xdr, args->sattr, tag);
5211 encode_nfspath3(xdr, args->pages, args->pathlen);
5214 @@ -1102,7 +1108,7 @@ static void nfs3_xdr_enc_symlink3args(st
5215 const struct nfs3_symlinkargs *args)
5217 encode_diropargs3(xdr, args->fromfh, args->fromname, args->fromlen);
5218 - encode_symlinkdata3(xdr, args);
5219 + encode_symlinkdata3(xdr, args, req->rq_task->tk_client->cl_tag);
5223 @@ -1130,24 +1136,24 @@ static void nfs3_xdr_enc_symlink3args(st
5226 static void encode_devicedata3(struct xdr_stream *xdr,
5227 - const struct nfs3_mknodargs *args)
5228 + const struct nfs3_mknodargs *args, int tag)
5230 - encode_sattr3(xdr, args->sattr);
5231 + encode_sattr3(xdr, args->sattr, tag);
5232 encode_specdata3(xdr, args->rdev);
5235 static void encode_mknoddata3(struct xdr_stream *xdr,
5236 - const struct nfs3_mknodargs *args)
5237 + const struct nfs3_mknodargs *args, int tag)
5239 encode_ftype3(xdr, args->type);
5240 switch (args->type) {
5243 - encode_devicedata3(xdr, args);
5244 + encode_devicedata3(xdr, args, tag);
5248 - encode_sattr3(xdr, args->sattr);
5249 + encode_sattr3(xdr, args->sattr, tag);
5253 @@ -1162,7 +1168,7 @@ static void nfs3_xdr_enc_mknod3args(stru
5254 const struct nfs3_mknodargs *args)
5256 encode_diropargs3(xdr, args->fh, args->name, args->len);
5257 - encode_mknoddata3(xdr, args);
5258 + encode_mknoddata3(xdr, args, req->rq_task->tk_client->cl_tag);
5262 diff -NurpP --minimal linux-3.14.17/fs/nfs/super.c linux-3.14.17-vs2.3.6.13/fs/nfs/super.c
5263 --- linux-3.14.17/fs/nfs/super.c 2014-08-14 01:38:34.000000000 +0000
5264 +++ linux-3.14.17-vs2.3.6.13/fs/nfs/super.c 2014-08-30 14:27:38.000000000 +0000
5266 #include <linux/parser.h>
5267 #include <linux/nsproxy.h>
5268 #include <linux/rcupdate.h>
5269 +#include <linux/vs_tag.h>
5271 #include <asm/uaccess.h>
5273 @@ -103,6 +104,7 @@ enum {
5279 /* Mount options that take string arguments */
5281 @@ -115,6 +117,9 @@ enum {
5282 /* Special mount options */
5283 Opt_userspace, Opt_deprecated, Opt_sloppy,
5285 + /* Linux-VServer tagging options */
5286 + Opt_tag, Opt_notag,
5291 @@ -184,6 +189,10 @@ static const match_table_t nfs_mount_opt
5292 { Opt_fscache_uniq, "fsc=%s" },
5293 { Opt_local_lock, "local_lock=%s" },
5295 + { Opt_tag, "tag" },
5296 + { Opt_notag, "notag" },
5297 + { Opt_tagid, "tagid=%u" },
5299 /* The following needs to be listed after all other options */
5300 { Opt_nfsvers, "v%s" },
5302 @@ -638,6 +647,7 @@ static void nfs_show_mount_options(struc
5303 { NFS_MOUNT_NORDIRPLUS, ",nordirplus", "" },
5304 { NFS_MOUNT_UNSHARED, ",nosharecache", "" },
5305 { NFS_MOUNT_NORESVPORT, ",noresvport", "" },
5306 + { NFS_MOUNT_TAGGED, ",tag", "" },
5309 const struct proc_nfs_info *nfs_infop;
5310 @@ -1321,6 +1331,14 @@ static int nfs_parse_mount_options(char
5311 case Opt_nomigration:
5312 mnt->options &= NFS_OPTION_MIGRATION;
5314 +#ifndef CONFIG_TAGGING_NONE
5316 + mnt->flags |= NFS_MOUNT_TAGGED;
5319 + mnt->flags &= ~NFS_MOUNT_TAGGED;
5324 * options that take numeric values
5325 @@ -1407,6 +1425,12 @@ static int nfs_parse_mount_options(char
5326 goto out_invalid_value;
5327 mnt->minorversion = option;
5329 +#ifdef CONFIG_PROPAGATE
5332 + nfs_data.flags |= NFS_MOUNT_TAGGED;
5337 * options that take text values
5338 diff -NurpP --minimal linux-3.14.17/fs/nfsd/auth.c linux-3.14.17-vs2.3.6.13/fs/nfsd/auth.c
5339 --- linux-3.14.17/fs/nfsd/auth.c 2014-08-14 01:38:34.000000000 +0000
5340 +++ linux-3.14.17-vs2.3.6.13/fs/nfsd/auth.c 2014-08-30 14:27:38.000000000 +0000
5343 #include <linux/sched.h>
5344 #include <linux/user_namespace.h>
5345 +#include <linux/vs_tag.h>
5349 @@ -37,6 +38,9 @@ int nfsd_setuser(struct svc_rqst *rqstp,
5351 new->fsuid = rqstp->rq_cred.cr_uid;
5352 new->fsgid = rqstp->rq_cred.cr_gid;
5353 + /* FIXME: this desperately needs a tag :)
5354 + new->xid = (vxid_t)INOTAG_TAG(DX_TAG_NFSD, cred.cr_uid, cred.cr_gid, 0);
5357 rqgi = rqstp->rq_cred.cr_group_info;
5359 diff -NurpP --minimal linux-3.14.17/fs/nfsd/nfs3xdr.c linux-3.14.17-vs2.3.6.13/fs/nfsd/nfs3xdr.c
5360 --- linux-3.14.17/fs/nfsd/nfs3xdr.c 2014-08-14 01:38:34.000000000 +0000
5361 +++ linux-3.14.17-vs2.3.6.13/fs/nfsd/nfs3xdr.c 2014-08-30 14:27:38.000000000 +0000
5364 #include <linux/namei.h>
5365 #include <linux/sunrpc/svc_xprt.h>
5366 +#include <linux/vs_tag.h>
5370 @@ -98,6 +99,8 @@ static __be32 *
5371 decode_sattr3(__be32 *p, struct iattr *iap)
5374 + kuid_t kuid = GLOBAL_ROOT_UID;
5375 + kgid_t kgid = GLOBAL_ROOT_GID;
5379 @@ -106,15 +109,18 @@ decode_sattr3(__be32 *p, struct iattr *i
5380 iap->ia_mode = ntohl(*p++);
5383 - iap->ia_uid = make_kuid(&init_user_ns, ntohl(*p++));
5384 + kuid = make_kuid(&init_user_ns, ntohl(*p++));
5385 if (uid_valid(iap->ia_uid))
5386 iap->ia_valid |= ATTR_UID;
5389 - iap->ia_gid = make_kgid(&init_user_ns, ntohl(*p++));
5390 + kgid = make_kgid(&init_user_ns, ntohl(*p++));
5391 if (gid_valid(iap->ia_gid))
5392 iap->ia_valid |= ATTR_GID;
5394 + iap->ia_uid = INOTAG_KUID(DX_TAG_NFSD, kuid, kgid);
5395 + iap->ia_gid = INOTAG_KGID(DX_TAG_NFSD, kuid, kgid);
5396 + iap->ia_tag = INOTAG_KTAG(DX_TAG_NFSD, kuid, kgid, GLOBAL_ROOT_TAG);
5400 @@ -170,8 +176,12 @@ encode_fattr3(struct svc_rqst *rqstp, __
5401 *p++ = htonl(nfs3_ftypes[(stat->mode & S_IFMT) >> 12]);
5402 *p++ = htonl((u32) (stat->mode & S_IALLUGO));
5403 *p++ = htonl((u32) stat->nlink);
5404 - *p++ = htonl((u32) from_kuid(&init_user_ns, stat->uid));
5405 - *p++ = htonl((u32) from_kgid(&init_user_ns, stat->gid));
5406 + *p++ = htonl((u32) from_kuid(&init_user_ns,
5407 + TAGINO_KUID(0 /* FIXME: DX_TAG(dentry->d_inode) */,
5408 + stat->uid, stat->tag)));
5409 + *p++ = htonl((u32) from_kgid(&init_user_ns,
5410 + TAGINO_KGID(0 /* FIXME: DX_TAG(dentry->d_inode) */,
5411 + stat->gid, stat->tag)));
5412 if (S_ISLNK(stat->mode) && stat->size > NFS3_MAXPATHLEN) {
5413 p = xdr_encode_hyper(p, (u64) NFS3_MAXPATHLEN);
5415 diff -NurpP --minimal linux-3.14.17/fs/nfsd/nfs4xdr.c linux-3.14.17-vs2.3.6.13/fs/nfsd/nfs4xdr.c
5416 --- linux-3.14.17/fs/nfsd/nfs4xdr.c 2014-08-14 01:38:34.000000000 +0000
5417 +++ linux-3.14.17-vs2.3.6.13/fs/nfsd/nfs4xdr.c 2014-08-30 14:56:00.000000000 +0000
5419 #include <linux/utsname.h>
5420 #include <linux/pagemap.h>
5421 #include <linux/sunrpc/svcauth_gss.h>
5422 +#include <linux/vs_tag.h>
5426 @@ -2411,12 +2412,16 @@ out_acl:
5427 WRITE32(stat.nlink);
5429 if (bmval1 & FATTR4_WORD1_OWNER) {
5430 - status = nfsd4_encode_user(rqstp, stat.uid, &p, &buflen);
5431 + status = nfsd4_encode_user(rqstp,
5432 + TAGINO_KUID(DX_TAG(dentry->d_inode),
5433 + stat.uid, stat.tag), &p, &buflen);
5437 if (bmval1 & FATTR4_WORD1_OWNER_GROUP) {
5438 - status = nfsd4_encode_group(rqstp, stat.gid, &p, &buflen);
5439 + status = nfsd4_encode_group(rqstp,
5440 + TAGINO_KGID(DX_TAG(dentry->d_inode),
5441 + stat.gid, stat.tag), &p, &buflen);
5445 diff -NurpP --minimal linux-3.14.17/fs/nfsd/nfsxdr.c linux-3.14.17-vs2.3.6.13/fs/nfsd/nfsxdr.c
5446 --- linux-3.14.17/fs/nfsd/nfsxdr.c 2014-08-14 01:38:34.000000000 +0000
5447 +++ linux-3.14.17-vs2.3.6.13/fs/nfsd/nfsxdr.c 2014-08-30 14:27:38.000000000 +0000
5452 +#include <linux/vs_tag.h>
5454 #define NFSDDBG_FACILITY NFSDDBG_XDR
5456 @@ -89,6 +90,8 @@ static __be32 *
5457 decode_sattr(__be32 *p, struct iattr *iap)
5460 + kuid_t kuid = GLOBAL_ROOT_UID;
5461 + kgid_t kgid = GLOBAL_ROOT_GID;
5465 @@ -101,15 +104,18 @@ decode_sattr(__be32 *p, struct iattr *ia
5468 if ((tmp = ntohl(*p++)) != (u32)-1) {
5469 - iap->ia_uid = make_kuid(&init_user_ns, tmp);
5470 + kuid = make_kuid(&init_user_ns, tmp);
5471 if (uid_valid(iap->ia_uid))
5472 iap->ia_valid |= ATTR_UID;
5474 if ((tmp = ntohl(*p++)) != (u32)-1) {
5475 - iap->ia_gid = make_kgid(&init_user_ns, tmp);
5476 + kgid = make_kgid(&init_user_ns, tmp);
5477 if (gid_valid(iap->ia_gid))
5478 iap->ia_valid |= ATTR_GID;
5480 + iap->ia_uid = INOTAG_KUID(DX_TAG_NFSD, kuid, kgid);
5481 + iap->ia_gid = INOTAG_KGID(DX_TAG_NFSD, kuid, kgid);
5482 + iap->ia_tag = INOTAG_KTAG(DX_TAG_NFSD, kuid, kgid, GLOBAL_ROOT_TAG);
5483 if ((tmp = ntohl(*p++)) != (u32)-1) {
5484 iap->ia_valid |= ATTR_SIZE;
5486 @@ -154,8 +160,10 @@ encode_fattr(struct svc_rqst *rqstp, __b
5487 *p++ = htonl(nfs_ftypes[type >> 12]);
5488 *p++ = htonl((u32) stat->mode);
5489 *p++ = htonl((u32) stat->nlink);
5490 - *p++ = htonl((u32) from_kuid(&init_user_ns, stat->uid));
5491 - *p++ = htonl((u32) from_kgid(&init_user_ns, stat->gid));
5492 + *p++ = htonl((u32) from_kuid(&init_user_ns,
5493 + TAGINO_KUID(DX_TAG(dentry->d_inode), stat->uid, stat->tag)));
5494 + *p++ = htonl((u32) from_kgid(&init_user_ns,
5495 + TAGINO_KGID(DX_TAG(dentry->d_inode), stat->gid, stat->tag)));
5497 if (S_ISLNK(type) && stat->size > NFS_MAXPATHLEN) {
5498 *p++ = htonl(NFS_MAXPATHLEN);
5499 diff -NurpP --minimal linux-3.14.17/fs/ocfs2/dlmglue.c linux-3.14.17-vs2.3.6.13/fs/ocfs2/dlmglue.c
5500 --- linux-3.14.17/fs/ocfs2/dlmglue.c 2014-08-14 01:38:34.000000000 +0000
5501 +++ linux-3.14.17-vs2.3.6.13/fs/ocfs2/dlmglue.c 2014-08-30 14:27:38.000000000 +0000
5502 @@ -2047,6 +2047,7 @@ static void __ocfs2_stuff_meta_lvb(struc
5503 lvb->lvb_iclusters = cpu_to_be32(oi->ip_clusters);
5504 lvb->lvb_iuid = cpu_to_be32(i_uid_read(inode));
5505 lvb->lvb_igid = cpu_to_be32(i_gid_read(inode));
5506 + lvb->lvb_itag = cpu_to_be16(i_tag_read(inode));
5507 lvb->lvb_imode = cpu_to_be16(inode->i_mode);
5508 lvb->lvb_inlink = cpu_to_be16(inode->i_nlink);
5509 lvb->lvb_iatime_packed =
5510 @@ -2097,6 +2098,7 @@ static void ocfs2_refresh_inode_from_lvb
5512 i_uid_write(inode, be32_to_cpu(lvb->lvb_iuid));
5513 i_gid_write(inode, be32_to_cpu(lvb->lvb_igid));
5514 + i_tag_write(inode, be16_to_cpu(lvb->lvb_itag));
5515 inode->i_mode = be16_to_cpu(lvb->lvb_imode);
5516 set_nlink(inode, be16_to_cpu(lvb->lvb_inlink));
5517 ocfs2_unpack_timespec(&inode->i_atime,
5518 diff -NurpP --minimal linux-3.14.17/fs/ocfs2/dlmglue.h linux-3.14.17-vs2.3.6.13/fs/ocfs2/dlmglue.h
5519 --- linux-3.14.17/fs/ocfs2/dlmglue.h 2014-08-14 01:38:34.000000000 +0000
5520 +++ linux-3.14.17-vs2.3.6.13/fs/ocfs2/dlmglue.h 2014-08-30 14:27:38.000000000 +0000
5521 @@ -46,7 +46,8 @@ struct ocfs2_meta_lvb {
5524 __be32 lvb_igeneration;
5525 - __be32 lvb_reserved2;
5527 + __be16 lvb_reserved2;
5530 #define OCFS2_QINFO_LVB_VERSION 1
5531 diff -NurpP --minimal linux-3.14.17/fs/ocfs2/file.c linux-3.14.17-vs2.3.6.13/fs/ocfs2/file.c
5532 --- linux-3.14.17/fs/ocfs2/file.c 2014-08-14 01:38:34.000000000 +0000
5533 +++ linux-3.14.17-vs2.3.6.13/fs/ocfs2/file.c 2014-08-30 14:27:38.000000000 +0000
5534 @@ -1141,7 +1141,7 @@ int ocfs2_setattr(struct dentry *dentry,
5535 attr->ia_valid &= ~ATTR_SIZE;
5537 #define OCFS2_VALID_ATTRS (ATTR_ATIME | ATTR_MTIME | ATTR_CTIME | ATTR_SIZE \
5538 - | ATTR_GID | ATTR_UID | ATTR_MODE)
5539 + | ATTR_GID | ATTR_UID | ATTR_TAG | ATTR_MODE)
5540 if (!(attr->ia_valid & OCFS2_VALID_ATTRS))
5543 diff -NurpP --minimal linux-3.14.17/fs/ocfs2/inode.c linux-3.14.17-vs2.3.6.13/fs/ocfs2/inode.c
5544 --- linux-3.14.17/fs/ocfs2/inode.c 2014-08-14 01:38:34.000000000 +0000
5545 +++ linux-3.14.17-vs2.3.6.13/fs/ocfs2/inode.c 2014-08-30 14:27:38.000000000 +0000
5547 #include <linux/highmem.h>
5548 #include <linux/pagemap.h>
5549 #include <linux/quotaops.h>
5550 +#include <linux/vs_tag.h>
5552 #include <asm/byteorder.h>
5554 @@ -78,11 +79,13 @@ void ocfs2_set_inode_flags(struct inode
5556 unsigned int flags = OCFS2_I(inode)->ip_attr;
5558 - inode->i_flags &= ~(S_IMMUTABLE |
5559 + inode->i_flags &= ~(S_IMMUTABLE | S_IXUNLINK |
5560 S_SYNC | S_APPEND | S_NOATIME | S_DIRSYNC);
5562 if (flags & OCFS2_IMMUTABLE_FL)
5563 inode->i_flags |= S_IMMUTABLE;
5564 + if (flags & OCFS2_IXUNLINK_FL)
5565 + inode->i_flags |= S_IXUNLINK;
5567 if (flags & OCFS2_SYNC_FL)
5568 inode->i_flags |= S_SYNC;
5569 @@ -92,25 +95,44 @@ void ocfs2_set_inode_flags(struct inode
5570 inode->i_flags |= S_NOATIME;
5571 if (flags & OCFS2_DIRSYNC_FL)
5572 inode->i_flags |= S_DIRSYNC;
5574 + inode->i_vflags &= ~(V_BARRIER | V_COW);
5576 + if (flags & OCFS2_BARRIER_FL)
5577 + inode->i_vflags |= V_BARRIER;
5578 + if (flags & OCFS2_COW_FL)
5579 + inode->i_vflags |= V_COW;
5582 /* Propagate flags from i_flags to OCFS2_I(inode)->ip_attr */
5583 void ocfs2_get_inode_flags(struct ocfs2_inode_info *oi)
5585 unsigned int flags = oi->vfs_inode.i_flags;
5586 + unsigned int vflags = oi->vfs_inode.i_vflags;
5588 + oi->ip_attr &= ~(OCFS2_SYNC_FL | OCFS2_APPEND_FL |
5589 + OCFS2_IMMUTABLE_FL | OCFS2_IXUNLINK_FL |
5590 + OCFS2_NOATIME_FL | OCFS2_DIRSYNC_FL |
5591 + OCFS2_BARRIER_FL | OCFS2_COW_FL);
5593 + if (flags & S_IMMUTABLE)
5594 + oi->ip_attr |= OCFS2_IMMUTABLE_FL;
5595 + if (flags & S_IXUNLINK)
5596 + oi->ip_attr |= OCFS2_IXUNLINK_FL;
5598 - oi->ip_attr &= ~(OCFS2_SYNC_FL|OCFS2_APPEND_FL|
5599 - OCFS2_IMMUTABLE_FL|OCFS2_NOATIME_FL|OCFS2_DIRSYNC_FL);
5601 oi->ip_attr |= OCFS2_SYNC_FL;
5602 if (flags & S_APPEND)
5603 oi->ip_attr |= OCFS2_APPEND_FL;
5604 - if (flags & S_IMMUTABLE)
5605 - oi->ip_attr |= OCFS2_IMMUTABLE_FL;
5606 if (flags & S_NOATIME)
5607 oi->ip_attr |= OCFS2_NOATIME_FL;
5608 if (flags & S_DIRSYNC)
5609 oi->ip_attr |= OCFS2_DIRSYNC_FL;
5611 + if (vflags & V_BARRIER)
5612 + oi->ip_attr |= OCFS2_BARRIER_FL;
5613 + if (vflags & V_COW)
5614 + oi->ip_attr |= OCFS2_COW_FL;
5617 struct inode *ocfs2_ilookup(struct super_block *sb, u64 blkno)
5618 @@ -241,6 +263,8 @@ void ocfs2_populate_inode(struct inode *
5619 struct super_block *sb;
5620 struct ocfs2_super *osb;
5627 @@ -269,8 +293,12 @@ void ocfs2_populate_inode(struct inode *
5628 inode->i_generation = le32_to_cpu(fe->i_generation);
5629 inode->i_rdev = huge_decode_dev(le64_to_cpu(fe->id1.dev1.i_rdev));
5630 inode->i_mode = le16_to_cpu(fe->i_mode);
5631 - i_uid_write(inode, le32_to_cpu(fe->i_uid));
5632 - i_gid_write(inode, le32_to_cpu(fe->i_gid));
5633 + uid = le32_to_cpu(fe->i_uid);
5634 + gid = le32_to_cpu(fe->i_gid);
5635 + i_uid_write(inode, INOTAG_UID(DX_TAG(inode), uid, gid));
5636 + i_gid_write(inode, INOTAG_GID(DX_TAG(inode), uid, gid));
5637 + i_tag_write(inode, INOTAG_TAG(DX_TAG(inode), uid, gid,
5638 + /* le16_to_cpu(raw_inode->i_raw_tag) */ 0));
5640 /* Fast symlinks will have i_size but no allocated clusters. */
5641 if (S_ISLNK(inode->i_mode) && !fe->i_clusters) {
5642 diff -NurpP --minimal linux-3.14.17/fs/ocfs2/inode.h linux-3.14.17-vs2.3.6.13/fs/ocfs2/inode.h
5643 --- linux-3.14.17/fs/ocfs2/inode.h 2014-08-14 01:38:34.000000000 +0000
5644 +++ linux-3.14.17-vs2.3.6.13/fs/ocfs2/inode.h 2014-08-30 14:27:38.000000000 +0000
5645 @@ -152,6 +152,7 @@ struct buffer_head *ocfs2_bread(struct i
5647 void ocfs2_set_inode_flags(struct inode *inode);
5648 void ocfs2_get_inode_flags(struct ocfs2_inode_info *oi);
5649 +int ocfs2_sync_flags(struct inode *inode, int, int);
5651 static inline blkcnt_t ocfs2_inode_sector_count(struct inode *inode)
5653 diff -NurpP --minimal linux-3.14.17/fs/ocfs2/ioctl.c linux-3.14.17-vs2.3.6.13/fs/ocfs2/ioctl.c
5654 --- linux-3.14.17/fs/ocfs2/ioctl.c 2014-08-14 01:38:34.000000000 +0000
5655 +++ linux-3.14.17-vs2.3.6.13/fs/ocfs2/ioctl.c 2014-08-30 14:27:38.000000000 +0000
5656 @@ -77,7 +77,41 @@ static int ocfs2_get_inode_attr(struct i
5660 -static int ocfs2_set_inode_attr(struct inode *inode, unsigned flags,
5661 +int ocfs2_sync_flags(struct inode *inode, int flags, int vflags)
5663 + struct ocfs2_super *osb = OCFS2_SB(inode->i_sb);
5664 + struct buffer_head *bh = NULL;
5665 + handle_t *handle = NULL;
5668 + status = ocfs2_inode_lock(inode, &bh, 1);
5670 + mlog_errno(status);
5673 + handle = ocfs2_start_trans(osb, OCFS2_INODE_UPDATE_CREDITS);
5674 + if (IS_ERR(handle)) {
5675 + status = PTR_ERR(handle);
5676 + mlog_errno(status);
5680 + inode->i_flags = flags;
5681 + inode->i_vflags = vflags;
5682 + ocfs2_get_inode_flags(OCFS2_I(inode));
5684 + status = ocfs2_mark_inode_dirty(handle, inode, bh);
5686 + mlog_errno(status);
5688 + ocfs2_commit_trans(osb, handle);
5690 + ocfs2_inode_unlock(inode, 1);
5695 +int ocfs2_set_inode_attr(struct inode *inode, unsigned flags,
5698 struct ocfs2_inode_info *ocfs2_inode = OCFS2_I(inode);
5699 @@ -117,6 +151,11 @@ static int ocfs2_set_inode_attr(struct i
5703 + if (IS_BARRIER(inode)) {
5704 + vxwprintk_task(1, "messing with the barrier.");
5708 handle = ocfs2_start_trans(osb, OCFS2_INODE_UPDATE_CREDITS);
5709 if (IS_ERR(handle)) {
5710 status = PTR_ERR(handle);
5711 @@ -882,6 +921,7 @@ bail:
5716 long ocfs2_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
5718 struct inode *inode = file_inode(filp);
5719 diff -NurpP --minimal linux-3.14.17/fs/ocfs2/namei.c linux-3.14.17-vs2.3.6.13/fs/ocfs2/namei.c
5720 --- linux-3.14.17/fs/ocfs2/namei.c 2014-08-14 01:38:34.000000000 +0000
5721 +++ linux-3.14.17-vs2.3.6.13/fs/ocfs2/namei.c 2014-08-30 14:27:38.000000000 +0000
5723 #include <linux/slab.h>
5724 #include <linux/highmem.h>
5725 #include <linux/quotaops.h>
5726 +#include <linux/vs_tag.h>
5728 #include <cluster/masklog.h>
5730 @@ -494,6 +495,7 @@ static int __ocfs2_mknod_locked(struct i
5731 struct ocfs2_dinode *fe = NULL;
5732 struct ocfs2_extent_list *fel;
5738 @@ -531,8 +533,13 @@ static int __ocfs2_mknod_locked(struct i
5739 fe->i_suballoc_loc = cpu_to_le64(suballoc_loc);
5740 fe->i_suballoc_bit = cpu_to_le16(suballoc_bit);
5741 fe->i_suballoc_slot = cpu_to_le16(inode_ac->ac_alloc_slot);
5742 - fe->i_uid = cpu_to_le32(i_uid_read(inode));
5743 - fe->i_gid = cpu_to_le32(i_gid_read(inode));
5745 + ktag = make_ktag(&init_user_ns, dx_current_fstag(osb->sb));
5746 + fe->i_uid = cpu_to_le32(from_kuid(&init_user_ns,
5747 + TAGINO_KUID(DX_TAG(inode), inode->i_uid, ktag)));
5748 + fe->i_gid = cpu_to_le32(from_kgid(&init_user_ns,
5749 + TAGINO_KGID(DX_TAG(inode), inode->i_gid, ktag)));
5750 + inode->i_tag = ktag; /* is this correct? */
5751 fe->i_mode = cpu_to_le16(inode->i_mode);
5752 if (S_ISCHR(inode->i_mode) || S_ISBLK(inode->i_mode))
5753 fe->id1.dev1.i_rdev = cpu_to_le64(huge_encode_dev(dev));
5754 diff -NurpP --minimal linux-3.14.17/fs/ocfs2/ocfs2.h linux-3.14.17-vs2.3.6.13/fs/ocfs2/ocfs2.h
5755 --- linux-3.14.17/fs/ocfs2/ocfs2.h 2014-08-14 01:38:34.000000000 +0000
5756 +++ linux-3.14.17-vs2.3.6.13/fs/ocfs2/ocfs2.h 2014-08-30 14:27:38.000000000 +0000
5757 @@ -272,6 +272,7 @@ enum ocfs2_mount_options
5759 OCFS2_MOUNT_HB_NONE = 1 << 13, /* No heartbeat */
5760 OCFS2_MOUNT_HB_GLOBAL = 1 << 14, /* Global heartbeat */
5761 + OCFS2_MOUNT_TAGGED = 1 << 15, /* use tagging */
5764 #define OCFS2_OSB_SOFT_RO 0x0001
5765 diff -NurpP --minimal linux-3.14.17/fs/ocfs2/ocfs2_fs.h linux-3.14.17-vs2.3.6.13/fs/ocfs2/ocfs2_fs.h
5766 --- linux-3.14.17/fs/ocfs2/ocfs2_fs.h 2014-08-14 01:38:34.000000000 +0000
5767 +++ linux-3.14.17-vs2.3.6.13/fs/ocfs2/ocfs2_fs.h 2014-08-30 14:27:38.000000000 +0000
5768 @@ -266,6 +266,11 @@
5769 #define OCFS2_TOPDIR_FL FS_TOPDIR_FL /* Top of directory hierarchies*/
5770 #define OCFS2_RESERVED_FL FS_RESERVED_FL /* reserved for ext2 lib */
5772 +#define OCFS2_IXUNLINK_FL FS_IXUNLINK_FL /* Immutable invert on unlink */
5774 +#define OCFS2_BARRIER_FL FS_BARRIER_FL /* Barrier for chroot() */
5775 +#define OCFS2_COW_FL FS_COW_FL /* Copy on Write marker */
5777 #define OCFS2_FL_VISIBLE FS_FL_USER_VISIBLE /* User visible flags */
5778 #define OCFS2_FL_MODIFIABLE FS_FL_USER_MODIFIABLE /* User modifiable flags */
5780 diff -NurpP --minimal linux-3.14.17/fs/ocfs2/super.c linux-3.14.17-vs2.3.6.13/fs/ocfs2/super.c
5781 --- linux-3.14.17/fs/ocfs2/super.c 2014-08-14 01:38:34.000000000 +0000
5782 +++ linux-3.14.17-vs2.3.6.13/fs/ocfs2/super.c 2014-08-30 14:27:38.000000000 +0000
5783 @@ -185,6 +185,7 @@ enum {
5787 + Opt_tag, Opt_notag, Opt_tagid,
5791 @@ -216,6 +217,9 @@ static const match_table_t tokens = {
5792 {Opt_coherency_full, "coherency=full"},
5793 {Opt_resv_level, "resv_level=%u"},
5794 {Opt_dir_resv_level, "dir_resv_level=%u"},
5796 + {Opt_notag, "notag"},
5797 + {Opt_tagid, "tagid=%u"},
5801 @@ -661,6 +665,13 @@ static int ocfs2_remount(struct super_bl
5805 + if ((osb->s_mount_opt & OCFS2_MOUNT_TAGGED) !=
5806 + (parsed_options.mount_opt & OCFS2_MOUNT_TAGGED)) {
5808 + mlog(ML_ERROR, "Cannot change tagging on remount\n");
5812 /* We're going to/from readonly mode. */
5813 if ((*flags & MS_RDONLY) != (sb->s_flags & MS_RDONLY)) {
5814 /* Disable quota accounting before remounting RO */
5815 @@ -1176,6 +1187,9 @@ static int ocfs2_fill_super(struct super
5817 ocfs2_complete_mount_recovery(osb);
5819 + if (osb->s_mount_opt & OCFS2_MOUNT_TAGGED)
5820 + sb->s_flags |= MS_TAGGED;
5822 if (ocfs2_mount_local(osb))
5823 snprintf(nodestr, sizeof(nodestr), "local");
5825 @@ -1503,6 +1517,20 @@ static int ocfs2_parse_options(struct su
5826 option < OCFS2_MAX_RESV_LEVEL)
5827 mopt->dir_resv_level = option;
5829 +#ifndef CONFIG_TAGGING_NONE
5831 + mopt->mount_opt |= OCFS2_MOUNT_TAGGED;
5834 + mopt->mount_opt &= ~OCFS2_MOUNT_TAGGED;
5837 +#ifdef CONFIG_PROPAGATE
5840 + mopt->mount_opt |= OCFS2_MOUNT_TAGGED;
5845 "Unrecognized mount option \"%s\" "
5846 diff -NurpP --minimal linux-3.14.17/fs/open.c linux-3.14.17-vs2.3.6.13/fs/open.c
5847 --- linux-3.14.17/fs/open.c 2014-08-14 01:38:34.000000000 +0000
5848 +++ linux-3.14.17-vs2.3.6.13/fs/open.c 2014-08-30 14:27:38.000000000 +0000
5850 #include <linux/ima.h>
5851 #include <linux/dnotify.h>
5852 #include <linux/compat.h>
5853 +#include <linux/vs_base.h>
5854 +#include <linux/vs_limit.h>
5855 +#include <linux/vs_tag.h>
5856 +#include <linux/vs_cowbl.h>
5857 +#include <linux/vserver/dlimit.h>
5859 #include "internal.h"
5861 @@ -68,6 +73,11 @@ long vfs_truncate(struct path *path, lof
5862 struct inode *inode;
5865 +#ifdef CONFIG_VSERVER_COWBL
5866 + error = cow_check_and_break(path);
5870 inode = path->dentry->d_inode;
5872 /* For directories it's -EISDIR, for other non-regulars - -EINVAL */
5873 @@ -511,6 +521,13 @@ SYSCALL_DEFINE3(fchmodat, int, dfd, cons
5874 unsigned int lookup_flags = LOOKUP_FOLLOW;
5876 error = user_path_at(dfd, filename, lookup_flags, &path);
5877 +#ifdef CONFIG_VSERVER_COWBL
5879 + error = cow_check_and_break(&path);
5885 error = chmod_common(&path, mode);
5887 @@ -544,13 +561,15 @@ static int chown_common(struct path *pat
5888 if (!uid_valid(uid))
5890 newattrs.ia_valid |= ATTR_UID;
5891 - newattrs.ia_uid = uid;
5892 + newattrs.ia_uid = make_kuid(&init_user_ns,
5893 + dx_map_uid(user));
5895 if (group != (gid_t) -1) {
5896 if (!gid_valid(gid))
5898 newattrs.ia_valid |= ATTR_GID;
5899 - newattrs.ia_gid = gid;
5900 + newattrs.ia_gid = make_kgid(&init_user_ns,
5901 + dx_map_gid(group));
5903 if (!S_ISDIR(inode->i_mode))
5904 newattrs.ia_valid |=
5905 @@ -589,6 +608,18 @@ retry:
5906 error = mnt_want_write(path.mnt);
5909 +#ifdef CONFIG_VSERVER_COWBL
5910 + error = cow_check_and_break(&path);
5913 +#ifdef CONFIG_VSERVER_COWBL
5914 + error = cow_check_and_break(&path);
5917 +#ifdef CONFIG_VSERVER_COWBL
5918 + error = cow_check_and_break(&path);
5921 error = chown_common(&path, user, group);
5922 mnt_drop_write(path.mnt);
5924 diff -NurpP --minimal linux-3.14.17/fs/proc/array.c linux-3.14.17-vs2.3.6.13/fs/proc/array.c
5925 --- linux-3.14.17/fs/proc/array.c 2014-08-14 01:38:34.000000000 +0000
5926 +++ linux-3.14.17-vs2.3.6.13/fs/proc/array.c 2014-08-30 14:56:59.000000000 +0000
5928 #include <linux/ptrace.h>
5929 #include <linux/tracehook.h>
5930 #include <linux/user_namespace.h>
5931 +#include <linux/vs_context.h>
5932 +#include <linux/vs_network.h>
5934 #include <asm/pgtable.h>
5935 #include <asm/processor.h>
5936 @@ -164,6 +166,9 @@ static inline void task_state(struct seq
5938 ppid = pid_alive(p) ?
5939 task_tgid_nr_ns(rcu_dereference(p->real_parent), ns) : 0;
5940 + if (unlikely(vx_current_initpid(p->pid)))
5945 struct task_struct *tracer = ptrace_parent(p);
5946 @@ -290,7 +295,7 @@ static inline void task_sig(struct seq_f
5949 static void render_cap_t(struct seq_file *m, const char *header,
5951 + struct vx_info *vxi, kernel_cap_t *a)
5955 @@ -324,10 +329,11 @@ static inline void task_cap(struct seq_f
5956 NORM_CAPS(cap_effective);
5957 NORM_CAPS(cap_bset);
5959 - render_cap_t(m, "CapInh:\t", &cap_inheritable);
5960 - render_cap_t(m, "CapPrm:\t", &cap_permitted);
5961 - render_cap_t(m, "CapEff:\t", &cap_effective);
5962 - render_cap_t(m, "CapBnd:\t", &cap_bset);
5963 + /* FIXME: maybe move the p->vx_info masking to __task_cred() ? */
5964 + render_cap_t(m, "CapInh:\t", p->vx_info, &cap_inheritable);
5965 + render_cap_t(m, "CapPrm:\t", p->vx_info, &cap_permitted);
5966 + render_cap_t(m, "CapEff:\t", p->vx_info, &cap_effective);
5967 + render_cap_t(m, "CapBnd:\t", p->vx_info, &cap_bset);
5970 static inline void task_seccomp(struct seq_file *m, struct task_struct *p)
5971 @@ -356,6 +362,43 @@ static void task_cpus_allowed(struct seq
5975 +int proc_pid_nsproxy(struct seq_file *m, struct pid_namespace *ns,
5976 + struct pid *pid, struct task_struct *task)
5978 + seq_printf(m, "Proxy:\t%p(%c)\n"
5986 + (task->nsproxy == init_task.nsproxy ? 'I' : '-'),
5987 + atomic_read(&task->nsproxy->count),
5988 + task->nsproxy->uts_ns,
5989 + (task->nsproxy->uts_ns == init_task.nsproxy->uts_ns ? 'I' : '-'),
5990 + task->nsproxy->ipc_ns,
5991 + (task->nsproxy->ipc_ns == init_task.nsproxy->ipc_ns ? 'I' : '-'),
5992 + task->nsproxy->mnt_ns,
5993 + (task->nsproxy->mnt_ns == init_task.nsproxy->mnt_ns ? 'I' : '-'),
5994 + task->nsproxy->pid_ns_for_children,
5995 + (task->nsproxy->pid_ns_for_children ==
5996 + init_task.nsproxy->pid_ns_for_children ? 'I' : '-'),
5997 + task->nsproxy->net_ns,
5998 + (task->nsproxy->net_ns == init_task.nsproxy->net_ns ? 'I' : '-'));
6002 +void task_vs_id(struct seq_file *m, struct task_struct *task)
6004 + if (task_vx_flags(task, VXF_HIDE_VINFO, 0))
6007 + seq_printf(m, "VxID:\t%d\n", vx_task_xid(task));
6008 + seq_printf(m, "NxID:\t%d\n", nx_task_nid(task));
6012 int proc_pid_status(struct seq_file *m, struct pid_namespace *ns,
6013 struct pid *pid, struct task_struct *task)
6015 @@ -373,6 +416,7 @@ int proc_pid_status(struct seq_file *m,
6016 task_seccomp(m, task);
6017 task_cpus_allowed(m, task);
6018 cpuset_task_status_allowed(m, task);
6019 + task_vs_id(m, task);
6020 task_context_switch_counts(m, task);
6023 @@ -481,6 +525,17 @@ static int do_task_stat(struct seq_file
6024 /* convert nsec -> ticks */
6025 start_time = nsec_to_clock_t(start_time);
6027 + /* fixup start time for virt uptime */
6028 + if (vx_flags(VXF_VIRT_UPTIME, 0)) {
6029 + unsigned long long bias =
6030 + current->vx_info->cvirt.bias_clock;
6032 + if (start_time > bias)
6033 + start_time -= bias;
6038 seq_printf(m, "%d (%s) %c", pid_nr_ns(pid, ns), tcomm, state);
6039 seq_put_decimal_ll(m, ' ', ppid);
6040 seq_put_decimal_ll(m, ' ', pgid);
6041 diff -NurpP --minimal linux-3.14.17/fs/proc/base.c linux-3.14.17-vs2.3.6.13/fs/proc/base.c
6042 --- linux-3.14.17/fs/proc/base.c 2014-08-14 01:38:34.000000000 +0000
6043 +++ linux-3.14.17-vs2.3.6.13/fs/proc/base.c 2014-08-30 14:27:38.000000000 +0000
6045 #include <linux/slab.h>
6046 #include <linux/flex_array.h>
6047 #include <linux/posix-timers.h>
6048 +#include <linux/vs_context.h>
6049 +#include <linux/vs_network.h>
6050 #ifdef CONFIG_HARDWALL
6051 #include <asm/hardwall.h>
6053 @@ -976,11 +978,15 @@ static ssize_t oom_adj_write(struct file
6054 oom_adj = (oom_adj * OOM_SCORE_ADJ_MAX) / -OOM_DISABLE;
6056 if (oom_adj < task->signal->oom_score_adj &&
6057 - !capable(CAP_SYS_RESOURCE)) {
6058 + !vx_capable(CAP_SYS_RESOURCE, VXC_OOM_ADJUST)) {
6063 + /* prevent guest processes from circumventing the oom killer */
6064 + if (vx_current_xid() && (oom_adj == OOM_DISABLE))
6065 + oom_adj = OOM_ADJUST_MIN;
6068 * /proc/pid/oom_adj is provided for legacy purposes, ask users to use
6069 * /proc/pid/oom_score_adj instead.
6070 @@ -1565,6 +1571,8 @@ struct inode *proc_pid_make_inode(struct
6071 inode->i_gid = cred->egid;
6074 + /* procfs is xid tagged */
6075 + i_tag_write(inode, (vtag_t)vx_task_xid(task));
6076 security_task_to_inode(task, inode);
6079 @@ -1610,6 +1618,8 @@ int pid_getattr(struct vfsmount *mnt, st
6083 +static unsigned name_to_int(struct dentry *dentry);
6086 * Exceptional case: normally we are not allowed to unhash a busy
6087 * directory. In this case, however, we can do it - no aliasing problems
6088 @@ -1638,6 +1648,12 @@ int pid_revalidate(struct dentry *dentry
6089 task = get_proc_task(inode);
6092 + unsigned pid = name_to_int(dentry);
6094 + if (pid != ~0U && pid != vx_map_pid(task->pid)) {
6095 + put_task_struct(task);
6098 if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) ||
6099 task_dumpable(task)) {
6101 @@ -1654,6 +1670,7 @@ int pid_revalidate(struct dentry *dentry
6102 put_task_struct(task);
6109 @@ -2178,6 +2195,13 @@ static struct dentry *proc_pident_lookup
6113 + /* TODO: maybe we can come up with a generic approach? */
6114 + if (task_vx_flags(task, VXF_HIDE_VINFO, 0) &&
6115 + (dentry->d_name.len == 5) &&
6116 + (!memcmp(dentry->d_name.name, "vinfo", 5) ||
6117 + !memcmp(dentry->d_name.name, "ninfo", 5)))
6121 * Yes, it does not scale. And it should not. Don't add
6122 * new entries into /proc/<tgid>/ without very good reasons.
6123 @@ -2574,6 +2598,9 @@ static int proc_pid_personality(struct s
6124 static const struct file_operations proc_task_operations;
6125 static const struct inode_operations proc_task_inode_operations;
6127 +extern int proc_pid_vx_info(struct task_struct *, char *);
6128 +extern int proc_pid_nx_info(struct task_struct *, char *);
6130 static const struct pid_entry tgid_base_stuff[] = {
6131 DIR("task", S_IRUGO|S_IXUGO, proc_task_inode_operations, proc_task_operations),
6132 DIR("fd", S_IRUSR|S_IXUSR, proc_fd_inode_operations, proc_fd_operations),
6133 @@ -2640,6 +2667,8 @@ static const struct pid_entry tgid_base_
6134 #ifdef CONFIG_CGROUPS
6135 REG("cgroup", S_IRUGO, proc_cgroup_operations),
6137 + INF("vinfo", S_IRUGO, proc_pid_vx_info),
6138 + INF("ninfo", S_IRUGO, proc_pid_nx_info),
6139 INF("oom_score", S_IRUGO, proc_oom_score),
6140 REG("oom_adj", S_IRUGO|S_IWUSR, proc_oom_adj_operations),
6141 REG("oom_score_adj", S_IRUGO|S_IWUSR, proc_oom_score_adj_operations),
6142 @@ -2852,7 +2881,7 @@ retry:
6144 pid = find_ge_pid(iter.tgid, ns);
6146 - iter.tgid = pid_nr_ns(pid, ns);
6147 + iter.tgid = pid_unmapped_nr_ns(pid, ns);
6148 iter.task = pid_task(pid, PIDTYPE_PID);
6149 /* What we to know is if the pid we have find is the
6150 * pid of a thread_group_leader. Testing for task
6151 @@ -2905,8 +2934,10 @@ int proc_pid_readdir(struct file *file,
6152 if (!has_pid_permissions(ns, iter.task, 2))
6155 - len = snprintf(name, sizeof(name), "%d", iter.tgid);
6156 + len = snprintf(name, sizeof(name), "%d", vx_map_tgid(iter.tgid));
6157 ctx->pos = iter.tgid + TGID_OFFSET;
6158 + if (!vx_proc_task_visible(iter.task))
6160 if (!proc_fill_cache(file, ctx, name, len,
6161 proc_pid_instantiate, iter.task, NULL)) {
6162 put_task_struct(iter.task);
6163 @@ -2999,6 +3030,7 @@ static const struct pid_entry tid_base_s
6164 REG("gid_map", S_IRUGO|S_IWUSR, proc_gid_map_operations),
6165 REG("projid_map", S_IRUGO|S_IWUSR, proc_projid_map_operations),
6167 + ONE("nsproxy", S_IRUGO, proc_pid_nsproxy),
6170 static int proc_tid_base_readdir(struct file *file, struct dir_context *ctx)
6171 @@ -3065,6 +3097,8 @@ static struct dentry *proc_task_lookup(s
6172 tid = name_to_int(dentry);
6175 + if (vx_current_initpid(tid))
6178 ns = dentry->d_sb->s_fs_info;
6180 diff -NurpP --minimal linux-3.14.17/fs/proc/generic.c linux-3.14.17-vs2.3.6.13/fs/proc/generic.c
6181 --- linux-3.14.17/fs/proc/generic.c 2014-08-14 01:38:34.000000000 +0000
6182 +++ linux-3.14.17-vs2.3.6.13/fs/proc/generic.c 2014-08-30 14:27:38.000000000 +0000
6184 #include <linux/bitops.h>
6185 #include <linux/spinlock.h>
6186 #include <linux/completion.h>
6187 +#include <linux/vserver/inode.h>
6188 #include <asm/uaccess.h>
6190 #include "internal.h"
6191 @@ -186,6 +187,8 @@ struct dentry *proc_lookup_de(struct pro
6192 for (de = de->subdir; de ; de = de->next) {
6193 if (de->namelen != dentry->d_name.len)
6195 + if (!vx_hide_check(0, de->vx_flags))
6197 if (!memcmp(dentry->d_name.name, de->name, de->namelen)) {
6199 spin_unlock(&proc_subdir_lock);
6200 @@ -194,6 +197,8 @@ struct dentry *proc_lookup_de(struct pro
6201 return ERR_PTR(-ENOMEM);
6202 d_set_d_op(dentry, &simple_dentry_operations);
6203 d_add(dentry, inode);
6204 + /* generic proc entries belong to the host */
6205 + i_tag_write(inode, 0);
6209 @@ -241,6 +246,9 @@ int proc_readdir_de(struct proc_dir_entr
6211 struct proc_dir_entry *next;
6214 + if (!vx_hide_check(0, de->vx_flags))
6216 spin_unlock(&proc_subdir_lock);
6217 if (!dir_emit(ctx, de->name, de->namelen,
6218 de->low_ino, de->mode >> 12)) {
6219 @@ -248,6 +256,7 @@ int proc_readdir_de(struct proc_dir_entr
6222 spin_lock(&proc_subdir_lock);
6227 @@ -354,6 +363,7 @@ static struct proc_dir_entry *__proc_cre
6231 + ent->vx_flags = IATTR_PROC_DEFAULT;
6232 atomic_set(&ent->count, 1);
6233 spin_lock_init(&ent->pde_unload_lock);
6234 INIT_LIST_HEAD(&ent->pde_openers);
6235 @@ -377,7 +387,8 @@ struct proc_dir_entry *proc_symlink(cons
6241 + ent->vx_flags = IATTR_PROC_SYMLINK;
6245 diff -NurpP --minimal linux-3.14.17/fs/proc/inode.c linux-3.14.17-vs2.3.6.13/fs/proc/inode.c
6246 --- linux-3.14.17/fs/proc/inode.c 2014-08-14 01:38:34.000000000 +0000
6247 +++ linux-3.14.17-vs2.3.6.13/fs/proc/inode.c 2014-08-30 14:27:38.000000000 +0000
6248 @@ -415,6 +415,8 @@ struct inode *proc_get_inode(struct supe
6249 inode->i_uid = de->uid;
6250 inode->i_gid = de->gid;
6253 + PROC_I(inode)->vx_flags = de->vx_flags;
6255 inode->i_size = de->size;
6257 diff -NurpP --minimal linux-3.14.17/fs/proc/internal.h linux-3.14.17-vs2.3.6.13/fs/proc/internal.h
6258 --- linux-3.14.17/fs/proc/internal.h 2014-08-14 01:38:34.000000000 +0000
6259 +++ linux-3.14.17-vs2.3.6.13/fs/proc/internal.h 2014-08-30 14:27:38.000000000 +0000
6261 #include <linux/spinlock.h>
6262 #include <linux/atomic.h>
6263 #include <linux/binfmts.h>
6264 +#include <linux/vs_pid.h>
6266 struct ctl_table_header;
6268 @@ -35,6 +36,7 @@ struct proc_dir_entry {
6274 const struct inode_operations *proc_iops;
6275 const struct file_operations *proc_fops;
6276 @@ -50,16 +52,23 @@ struct proc_dir_entry {
6284 int (*proc_get_link)(struct dentry *, struct path *);
6285 int (*proc_read)(struct task_struct *task, char *page);
6286 int (*proc_show)(struct seq_file *m,
6287 struct pid_namespace *ns, struct pid *pid,
6288 struct task_struct *task);
6289 + int (*proc_vs_read)(char *page);
6290 + int (*proc_vxi_read)(struct vx_info *vxi, char *page);
6291 + int (*proc_nxi_read)(struct nx_info *nxi, char *page);
6299 struct proc_dir_entry *pde;
6300 @@ -92,11 +101,16 @@ static inline struct pid *proc_pid(struc
6301 return PROC_I(inode)->pid;
6304 -static inline struct task_struct *get_proc_task(struct inode *inode)
6305 +static inline struct task_struct *get_proc_task_real(struct inode *inode)
6307 return get_pid_task(proc_pid(inode), PIDTYPE_PID);
6310 +static inline struct task_struct *get_proc_task(struct inode *inode)
6312 + return vx_get_proc_task(inode, proc_pid(inode));
6315 static inline int task_dumpable(struct task_struct *task)
6318 @@ -155,6 +169,8 @@ extern int proc_pid_status(struct seq_fi
6319 struct pid *, struct task_struct *);
6320 extern int proc_pid_statm(struct seq_file *, struct pid_namespace *,
6321 struct pid *, struct task_struct *);
6322 +extern int proc_pid_nsproxy(struct seq_file *m, struct pid_namespace *ns,
6323 + struct pid *pid, struct task_struct *task);
6327 diff -NurpP --minimal linux-3.14.17/fs/proc/loadavg.c linux-3.14.17-vs2.3.6.13/fs/proc/loadavg.c
6328 --- linux-3.14.17/fs/proc/loadavg.c 2014-08-14 01:38:34.000000000 +0000
6329 +++ linux-3.14.17-vs2.3.6.13/fs/proc/loadavg.c 2014-08-30 14:27:38.000000000 +0000
6332 static int loadavg_proc_show(struct seq_file *m, void *v)
6334 + unsigned long running;
6335 + unsigned int threads;
6336 unsigned long avnrun[3];
6338 get_avenrun(avnrun, FIXED_1/200, 0);
6340 + if (vx_flags(VXF_VIRT_LOAD, 0)) {
6341 + struct vx_info *vxi = current_vx_info();
6343 + running = atomic_read(&vxi->cvirt.nr_running);
6344 + threads = atomic_read(&vxi->cvirt.nr_threads);
6346 + running = nr_running();
6347 + threads = nr_threads;
6350 seq_printf(m, "%lu.%02lu %lu.%02lu %lu.%02lu %ld/%d %d\n",
6351 LOAD_INT(avnrun[0]), LOAD_FRAC(avnrun[0]),
6352 LOAD_INT(avnrun[1]), LOAD_FRAC(avnrun[1]),
6353 LOAD_INT(avnrun[2]), LOAD_FRAC(avnrun[2]),
6354 - nr_running(), nr_threads,
6356 task_active_pid_ns(current)->last_pid);
6359 diff -NurpP --minimal linux-3.14.17/fs/proc/meminfo.c linux-3.14.17-vs2.3.6.13/fs/proc/meminfo.c
6360 --- linux-3.14.17/fs/proc/meminfo.c 2014-08-14 01:38:34.000000000 +0000
6361 +++ linux-3.14.17-vs2.3.6.13/fs/proc/meminfo.c 2014-08-30 14:27:38.000000000 +0000
6362 @@ -41,7 +41,8 @@ static int meminfo_proc_show(struct seq_
6364 committed = percpu_counter_read_positive(&vm_committed_as);
6366 - cached = global_page_state(NR_FILE_PAGES) -
6367 + cached = vx_flags(VXF_VIRT_MEM, 0) ?
6368 + vx_vsi_cached(&i) : global_page_state(NR_FILE_PAGES) -
6369 total_swapcache_pages() - i.bufferram;
6372 diff -NurpP --minimal linux-3.14.17/fs/proc/root.c linux-3.14.17-vs2.3.6.13/fs/proc/root.c
6373 --- linux-3.14.17/fs/proc/root.c 2014-08-14 01:38:34.000000000 +0000
6374 +++ linux-3.14.17-vs2.3.6.13/fs/proc/root.c 2014-08-30 14:27:38.000000000 +0000
6376 #include <linux/mount.h>
6377 #include <linux/pid_namespace.h>
6378 #include <linux/parser.h>
6379 +#include <linux/vserver/inode.h>
6381 #include "internal.h"
6383 +struct proc_dir_entry *proc_virtual;
6385 +extern void proc_vx_init(void);
6387 static int proc_test_super(struct super_block *sb, void *data)
6389 return sb->s_fs_info == data;
6390 @@ -114,7 +119,8 @@ static struct dentry *proc_mount(struct
6391 return ERR_PTR(-EPERM);
6393 /* Does the mounter have privilege over the pid namespace? */
6394 - if (!ns_capable(ns->user_ns, CAP_SYS_ADMIN))
6395 + if (!vx_ns_capable(ns->user_ns,
6396 + CAP_SYS_ADMIN, VXC_SECURE_MOUNT))
6397 return ERR_PTR(-EPERM);
6400 @@ -188,6 +194,7 @@ void __init proc_root_init(void)
6402 proc_mkdir("bus", NULL);
6407 static int proc_root_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat
6408 @@ -249,6 +256,7 @@ struct proc_dir_entry proc_root = {
6409 .proc_iops = &proc_root_inode_operations,
6410 .proc_fops = &proc_root_operations,
6411 .parent = &proc_root,
6412 + .vx_flags = IATTR_ADMIN | IATTR_WATCH,
6416 diff -NurpP --minimal linux-3.14.17/fs/proc/self.c linux-3.14.17-vs2.3.6.13/fs/proc/self.c
6417 --- linux-3.14.17/fs/proc/self.c 2014-08-14 01:38:34.000000000 +0000
6418 +++ linux-3.14.17-vs2.3.6.13/fs/proc/self.c 2014-08-30 14:27:38.000000000 +0000
6420 #include <linux/namei.h>
6421 #include <linux/slab.h>
6422 #include <linux/pid_namespace.h>
6423 +#include <linux/vserver/inode.h>
6424 #include "internal.h"
6427 @@ -54,6 +55,8 @@ int proc_setup_self(struct super_block *
6428 self = d_alloc_name(s->s_root, "self");
6430 struct inode *inode = new_inode_pseudo(s);
6432 + // self->vx_flags = IATTR_PROC_SYMLINK;
6434 inode->i_ino = self_inum;
6435 inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME;
6436 diff -NurpP --minimal linux-3.14.17/fs/proc/stat.c linux-3.14.17-vs2.3.6.13/fs/proc/stat.c
6437 --- linux-3.14.17/fs/proc/stat.c 2014-08-14 01:38:34.000000000 +0000
6438 +++ linux-3.14.17-vs2.3.6.13/fs/proc/stat.c 2014-08-30 14:27:38.000000000 +0000
6440 #include <linux/slab.h>
6441 #include <linux/time.h>
6442 #include <linux/irqnr.h>
6443 +#include <linux/vserver/cvirt.h>
6444 #include <asm/cputime.h>
6445 #include <linux/tick.h>
6446 +#include <linux/cpuset.h>
6448 #ifndef arch_irq_stat_cpu
6449 #define arch_irq_stat_cpu(cpu) 0
6450 @@ -87,14 +89,26 @@ static int show_stat(struct seq_file *p,
6451 u64 sum_softirq = 0;
6452 unsigned int per_softirq_sums[NR_SOFTIRQS] = {0};
6453 struct timespec boottime;
6454 + cpumask_var_t cpus_allowed;
6455 + bool virt_cpu = vx_flags(VXF_VIRT_CPU, 0);
6457 user = nice = system = idle = iowait =
6458 irq = softirq = steal = 0;
6459 guest = guest_nice = 0;
6460 getboottime(&boottime);
6462 + if (vx_flags(VXF_VIRT_UPTIME, 0))
6463 + vx_vsi_boottime(&boottime);
6466 + cpuset_cpus_allowed(current, cpus_allowed);
6468 jif = boottime.tv_sec;
6470 for_each_possible_cpu(i) {
6471 + if (virt_cpu && !cpumask_test_cpu(i, cpus_allowed))
6474 user += kcpustat_cpu(i).cpustat[CPUTIME_USER];
6475 nice += kcpustat_cpu(i).cpustat[CPUTIME_NICE];
6476 system += kcpustat_cpu(i).cpustat[CPUTIME_SYSTEM];
6477 @@ -131,6 +145,9 @@ static int show_stat(struct seq_file *p,
6480 for_each_online_cpu(i) {
6481 + if (virt_cpu && !cpumask_test_cpu(i, cpus_allowed))
6484 /* Copy values here to work around gcc-2.95.3, gcc-2.96 */
6485 user = kcpustat_cpu(i).cpustat[CPUTIME_USER];
6486 nice = kcpustat_cpu(i).cpustat[CPUTIME_NICE];
6487 diff -NurpP --minimal linux-3.14.17/fs/proc/uptime.c linux-3.14.17-vs2.3.6.13/fs/proc/uptime.c
6488 --- linux-3.14.17/fs/proc/uptime.c 2014-08-14 01:38:34.000000000 +0000
6489 +++ linux-3.14.17-vs2.3.6.13/fs/proc/uptime.c 2014-08-30 14:27:38.000000000 +0000
6491 #include <linux/seq_file.h>
6492 #include <linux/time.h>
6493 #include <linux/kernel_stat.h>
6494 +#include <linux/vserver/cvirt.h>
6495 #include <asm/cputime.h>
6497 static int uptime_proc_show(struct seq_file *m, void *v)
6498 @@ -24,6 +25,10 @@ static int uptime_proc_show(struct seq_f
6499 nsec = cputime64_to_jiffies64(idletime) * TICK_NSEC;
6500 idle.tv_sec = div_u64_rem(nsec, NSEC_PER_SEC, &rem);
6503 + if (vx_flags(VXF_VIRT_UPTIME, 0))
6504 + vx_vsi_uptime(&uptime, &idle);
6506 seq_printf(m, "%lu.%02lu %lu.%02lu\n",
6507 (unsigned long) uptime.tv_sec,
6508 (uptime.tv_nsec / (NSEC_PER_SEC / 100)),
6509 diff -NurpP --minimal linux-3.14.17/fs/proc_namespace.c linux-3.14.17-vs2.3.6.13/fs/proc_namespace.c
6510 --- linux-3.14.17/fs/proc_namespace.c 2014-08-14 01:38:34.000000000 +0000
6511 +++ linux-3.14.17-vs2.3.6.13/fs/proc_namespace.c 2014-08-30 14:27:38.000000000 +0000
6512 @@ -44,6 +44,8 @@ static int show_sb_opts(struct seq_file
6513 { MS_SYNCHRONOUS, ",sync" },
6514 { MS_DIRSYNC, ",dirsync" },
6515 { MS_MANDLOCK, ",mand" },
6516 + { MS_TAGGED, ",tag" },
6517 + { MS_NOTAGCHECK, ",notagcheck" },
6520 const struct proc_fs_info *fs_infop;
6521 @@ -80,6 +82,38 @@ static inline void mangle(struct seq_fil
6522 seq_escape(m, s, " \t\n\\");
6525 +#ifdef CONFIG_VSERVER_EXTRA_MNT_CHECK
6527 +static int mnt_is_reachable(struct vfsmount *vfsmnt)
6530 + struct dentry *point;
6531 + struct mount *mnt = real_mount(vfsmnt);
6532 + struct mount *root_mnt;
6535 + if (mnt == mnt->mnt_ns->root)
6539 + root = current->fs->root;
6540 + root_mnt = real_mount(root.mnt);
6541 + point = root.dentry;
6543 + while ((mnt != mnt->mnt_parent) && (mnt != root_mnt)) {
6544 + point = mnt->mnt_mountpoint;
6545 + mnt = mnt->mnt_parent;
6547 + rcu_read_unlock();
6549 + ret = (mnt == root_mnt) && is_subdir(point, root.dentry);
6554 +#define mnt_is_reachable(v) (1)
6557 static void show_type(struct seq_file *m, struct super_block *sb)
6559 mangle(m, sb->s_type->name);
6560 @@ -96,6 +130,17 @@ static int show_vfsmnt(struct seq_file *
6561 struct path mnt_path = { .dentry = mnt->mnt_root, .mnt = mnt };
6562 struct super_block *sb = mnt_path.dentry->d_sb;
6564 + if (vx_flags(VXF_HIDE_MOUNT, 0))
6566 + if (!mnt_is_reachable(mnt) && !vx_check(0, VS_WATCH_P))
6569 + if (!vx_check(0, VS_ADMIN|VS_WATCH) &&
6570 + mnt == current->fs->root.mnt) {
6571 + seq_puts(m, "/dev/root / ");
6575 if (sb->s_op->show_devname) {
6576 err = sb->s_op->show_devname(m, mnt_path.dentry);
6578 @@ -106,6 +151,7 @@ static int show_vfsmnt(struct seq_file *
6580 seq_path(m, &mnt_path, " \t\n\\");
6584 seq_puts(m, __mnt_is_readonly(mnt) ? " ro" : " rw");
6585 err = show_sb_opts(m, sb);
6586 @@ -128,6 +174,11 @@ static int show_mountinfo(struct seq_fil
6587 struct path root = p->root;
6590 + if (vx_flags(VXF_HIDE_MOUNT, 0))
6592 + if (!mnt_is_reachable(mnt) && !vx_check(0, VS_WATCH_P))
6595 seq_printf(m, "%i %i %u:%u ", r->mnt_id, r->mnt_parent->mnt_id,
6596 MAJOR(sb->s_dev), MINOR(sb->s_dev));
6597 if (sb->s_op->show_path)
6598 @@ -187,6 +238,17 @@ static int show_vfsstat(struct seq_file
6599 struct super_block *sb = mnt_path.dentry->d_sb;
6602 + if (vx_flags(VXF_HIDE_MOUNT, 0))
6604 + if (!mnt_is_reachable(mnt) && !vx_check(0, VS_WATCH_P))
6607 + if (!vx_check(0, VS_ADMIN|VS_WATCH) &&
6608 + mnt == current->fs->root.mnt) {
6609 + seq_puts(m, "device /dev/root mounted on / ");
6614 if (sb->s_op->show_devname) {
6615 seq_puts(m, "device ");
6616 @@ -203,7 +265,7 @@ static int show_vfsstat(struct seq_file
6617 seq_puts(m, " mounted on ");
6618 seq_path(m, &mnt_path, " \t\n\\");
6622 /* file system type */
6623 seq_puts(m, "with fstype ");
6625 diff -NurpP --minimal linux-3.14.17/fs/quota/dquot.c linux-3.14.17-vs2.3.6.13/fs/quota/dquot.c
6626 --- linux-3.14.17/fs/quota/dquot.c 2014-08-14 01:38:34.000000000 +0000
6627 +++ linux-3.14.17-vs2.3.6.13/fs/quota/dquot.c 2014-08-30 14:27:38.000000000 +0000
6628 @@ -1604,6 +1604,9 @@ int __dquot_alloc_space(struct inode *in
6629 struct dquot **dquots = inode->i_dquot;
6630 int reserve = flags & DQUOT_SPACE_RESERVE;
6632 + if ((ret = dl_alloc_space(inode, number)))
6636 * First test before acquiring mutex - solves deadlocks when we
6637 * re-enter the quota code and are already holding the mutex
6638 @@ -1659,6 +1662,9 @@ int dquot_alloc_inode(const struct inode
6639 struct dquot_warn warn[MAXQUOTAS];
6640 struct dquot * const *dquots = inode->i_dquot;
6642 + if ((ret = dl_alloc_inode(inode)))
6645 /* First test before acquiring mutex - solves deadlocks when we
6646 * re-enter the quota code and are already holding the mutex */
6647 if (!dquot_active(inode))
6648 @@ -1759,6 +1765,8 @@ void __dquot_free_space(struct inode *in
6649 struct dquot **dquots = inode->i_dquot;
6650 int reserve = flags & DQUOT_SPACE_RESERVE;
6652 + dl_free_space(inode, number);
6654 /* First test before acquiring mutex - solves deadlocks when we
6655 * re-enter the quota code and are already holding the mutex */
6656 if (!dquot_active(inode)) {
6657 @@ -1803,6 +1811,8 @@ void dquot_free_inode(const struct inode
6658 struct dquot_warn warn[MAXQUOTAS];
6659 struct dquot * const *dquots = inode->i_dquot;
6661 + dl_free_inode(inode);
6663 /* First test before acquiring mutex - solves deadlocks when we
6664 * re-enter the quota code and are already holding the mutex */
6665 if (!dquot_active(inode))
6666 diff -NurpP --minimal linux-3.14.17/fs/quota/quota.c linux-3.14.17-vs2.3.6.13/fs/quota/quota.c
6667 --- linux-3.14.17/fs/quota/quota.c 2014-08-14 01:38:34.000000000 +0000
6668 +++ linux-3.14.17-vs2.3.6.13/fs/quota/quota.c 2014-08-30 14:27:38.000000000 +0000
6670 #include <linux/fs.h>
6671 #include <linux/namei.h>
6672 #include <linux/slab.h>
6673 +#include <linux/vs_context.h>
6674 #include <asm/current.h>
6675 #include <linux/uaccess.h>
6676 #include <linux/kernel.h>
6677 @@ -38,7 +39,7 @@ static int check_quotactl_permission(str
6681 - if (!capable(CAP_SYS_ADMIN))
6682 + if (!vx_capable(CAP_SYS_ADMIN, VXC_QUOTA_CTL))
6686 @@ -338,6 +339,46 @@ static int do_quotactl(struct super_bloc
6690 +#if defined(CONFIG_BLK_DEV_VROOT) || defined(CONFIG_BLK_DEV_VROOT_MODULE)
6692 +#include <linux/vroot.h>
6693 +#include <linux/major.h>
6694 +#include <linux/module.h>
6695 +#include <linux/kallsyms.h>
6696 +#include <linux/vserver/debug.h>
6698 +static vroot_grb_func *vroot_get_real_bdev = NULL;
6700 +static DEFINE_SPINLOCK(vroot_grb_lock);
6702 +int register_vroot_grb(vroot_grb_func *func) {
6705 + spin_lock(&vroot_grb_lock);
6706 + if (!vroot_get_real_bdev) {
6707 + vroot_get_real_bdev = func;
6710 + spin_unlock(&vroot_grb_lock);
6713 +EXPORT_SYMBOL(register_vroot_grb);
6715 +int unregister_vroot_grb(vroot_grb_func *func) {
6716 + int ret = -EINVAL;
6718 + spin_lock(&vroot_grb_lock);
6719 + if (vroot_get_real_bdev) {
6720 + vroot_get_real_bdev = NULL;
6723 + spin_unlock(&vroot_grb_lock);
6726 +EXPORT_SYMBOL(unregister_vroot_grb);
6730 /* Return 1 if 'cmd' will block on frozen filesystem */
6731 static int quotactl_cmd_write(int cmd)
6733 @@ -373,6 +414,22 @@ static struct super_block *quotactl_bloc
6736 return ERR_CAST(bdev);
6737 +#if defined(CONFIG_BLK_DEV_VROOT) || defined(CONFIG_BLK_DEV_VROOT_MODULE)
6738 + if (bdev && bdev->bd_inode &&
6739 + imajor(bdev->bd_inode) == VROOT_MAJOR) {
6740 + struct block_device *bdnew = (void *)-EINVAL;
6742 + if (vroot_get_real_bdev)
6743 + bdnew = vroot_get_real_bdev(bdev);
6745 + vxdprintk(VXD_CBIT(misc, 0),
6746 + "vroot_get_real_bdev not set");
6748 + if (IS_ERR(bdnew))
6749 + return ERR_PTR(PTR_ERR(bdnew));
6753 if (quotactl_cmd_write(cmd))
6754 sb = get_super_thawed(bdev);
6756 diff -NurpP --minimal linux-3.14.17/fs/stat.c linux-3.14.17-vs2.3.6.13/fs/stat.c
6757 --- linux-3.14.17/fs/stat.c 2014-08-14 01:38:34.000000000 +0000
6758 +++ linux-3.14.17-vs2.3.6.13/fs/stat.c 2014-08-30 14:27:38.000000000 +0000
6759 @@ -26,6 +26,7 @@ void generic_fillattr(struct inode *inod
6760 stat->nlink = inode->i_nlink;
6761 stat->uid = inode->i_uid;
6762 stat->gid = inode->i_gid;
6763 + stat->tag = inode->i_tag;
6764 stat->rdev = inode->i_rdev;
6765 stat->size = i_size_read(inode);
6766 stat->atime = inode->i_atime;
6767 diff -NurpP --minimal linux-3.14.17/fs/statfs.c linux-3.14.17-vs2.3.6.13/fs/statfs.c
6768 --- linux-3.14.17/fs/statfs.c 2014-08-14 01:38:34.000000000 +0000
6769 +++ linux-3.14.17-vs2.3.6.13/fs/statfs.c 2014-08-30 14:27:38.000000000 +0000
6771 #include <linux/statfs.h>
6772 #include <linux/security.h>
6773 #include <linux/uaccess.h>
6774 +#include <linux/vs_base.h>
6775 +#include <linux/vs_dlimit.h>
6776 #include "internal.h"
6778 static int flags_by_mnt(int mnt_flags)
6779 @@ -60,6 +62,8 @@ static int statfs_by_dentry(struct dentr
6780 retval = dentry->d_sb->s_op->statfs(dentry, buf);
6781 if (retval == 0 && buf->f_frsize == 0)
6782 buf->f_frsize = buf->f_bsize;
6783 + if (!vx_check(0, VS_ADMIN|VS_WATCH))
6784 + vx_vsi_statfs(dentry->d_sb, buf);
6788 diff -NurpP --minimal linux-3.14.17/fs/super.c linux-3.14.17-vs2.3.6.13/fs/super.c
6789 --- linux-3.14.17/fs/super.c 2014-08-14 01:38:34.000000000 +0000
6790 +++ linux-3.14.17-vs2.3.6.13/fs/super.c 2014-08-30 14:27:38.000000000 +0000
6792 #include <linux/cleancache.h>
6793 #include <linux/fsnotify.h>
6794 #include <linux/lockdep.h>
6795 +#include <linux/magic.h>
6796 +#include <linux/vs_context.h>
6797 #include "internal.h"
6800 @@ -1103,6 +1105,13 @@ mount_fs(struct file_system_type *type,
6801 WARN_ON(sb->s_bdi == &default_backing_dev_info);
6802 sb->s_flags |= MS_BORN;
6805 + if (!vx_capable(CAP_SYS_ADMIN, VXC_BINARY_MOUNT) &&
6807 + (sb->s_magic != PROC_SUPER_MAGIC) &&
6808 + (sb->s_magic != DEVPTS_SUPER_MAGIC))
6811 error = security_sb_kern_mount(sb, flags, secdata);
6814 diff -NurpP --minimal linux-3.14.17/fs/utimes.c linux-3.14.17-vs2.3.6.13/fs/utimes.c
6815 --- linux-3.14.17/fs/utimes.c 2014-08-14 01:38:34.000000000 +0000
6816 +++ linux-3.14.17-vs2.3.6.13/fs/utimes.c 2014-08-30 14:27:38.000000000 +0000
6818 #include <linux/stat.h>
6819 #include <linux/utime.h>
6820 #include <linux/syscalls.h>
6821 +#include <linux/mount.h>
6822 +#include <linux/vs_cowbl.h>
6823 #include <asm/uaccess.h>
6824 #include <asm/unistd.h>
6826 @@ -52,13 +54,19 @@ static int utimes_common(struct path *pa
6829 struct iattr newattrs;
6830 - struct inode *inode = path->dentry->d_inode;
6831 struct inode *delegated_inode = NULL;
6832 + struct inode *inode;
6834 + error = cow_check_and_break(path);
6838 error = mnt_want_write(path->mnt);
6842 + inode = path->dentry->d_inode;
6844 if (times && times[0].tv_nsec == UTIME_NOW &&
6845 times[1].tv_nsec == UTIME_NOW)
6847 diff -NurpP --minimal linux-3.14.17/fs/xattr.c linux-3.14.17-vs2.3.6.13/fs/xattr.c
6848 --- linux-3.14.17/fs/xattr.c 2014-08-14 01:38:34.000000000 +0000
6849 +++ linux-3.14.17-vs2.3.6.13/fs/xattr.c 2014-08-30 14:27:38.000000000 +0000
6851 #include <linux/audit.h>
6852 #include <linux/vmalloc.h>
6853 #include <linux/posix_acl_xattr.h>
6854 +#include <linux/mount.h>
6856 #include <asm/uaccess.h>
6858 @@ -52,7 +53,7 @@ xattr_permission(struct inode *inode, co
6859 * The trusted.* namespace can only be accessed by privileged users.
6861 if (!strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN)) {
6862 - if (!capable(CAP_SYS_ADMIN))
6863 + if (!vx_capable(CAP_SYS_ADMIN, VXC_FS_TRUSTED))
6864 return (mask & MAY_WRITE) ? -EPERM : -ENODATA;
6867 diff -NurpP --minimal linux-3.14.17/include/linux/cred.h linux-3.14.17-vs2.3.6.13/include/linux/cred.h
6868 --- linux-3.14.17/include/linux/cred.h 2014-08-14 01:38:34.000000000 +0000
6869 +++ linux-3.14.17-vs2.3.6.13/include/linux/cred.h 2014-08-30 14:27:38.000000000 +0000
6870 @@ -143,6 +143,7 @@ extern void exit_creds(struct task_struc
6871 extern int copy_creds(struct task_struct *, unsigned long);
6872 extern const struct cred *get_task_cred(struct task_struct *);
6873 extern struct cred *cred_alloc_blank(void);
6874 +extern struct cred *__prepare_creds(const struct cred *);
6875 extern struct cred *prepare_creds(void);
6876 extern struct cred *prepare_exec_creds(void);
6877 extern int commit_creds(struct cred *);
6878 @@ -196,6 +197,31 @@ static inline void validate_process_cred
6882 +static inline void set_cred_subscribers(struct cred *cred, int n)
6884 +#ifdef CONFIG_DEBUG_CREDENTIALS
6885 + atomic_set(&cred->subscribers, n);
6889 +static inline int read_cred_subscribers(const struct cred *cred)
6891 +#ifdef CONFIG_DEBUG_CREDENTIALS
6892 + return atomic_read(&cred->subscribers);
6898 +static inline void alter_cred_subscribers(const struct cred *_cred, int n)
6900 +#ifdef CONFIG_DEBUG_CREDENTIALS
6901 + struct cred *cred = (struct cred *) _cred;
6903 + atomic_add(n, &cred->subscribers);
6908 * get_new_cred - Get a reference on a new set of credentials
6909 * @cred: The new credentials to reference
6910 diff -NurpP --minimal linux-3.14.17/include/linux/devpts_fs.h linux-3.14.17-vs2.3.6.13/include/linux/devpts_fs.h
6911 --- linux-3.14.17/include/linux/devpts_fs.h 2014-08-14 01:38:34.000000000 +0000
6912 +++ linux-3.14.17-vs2.3.6.13/include/linux/devpts_fs.h 2014-08-30 14:27:38.000000000 +0000
6913 @@ -45,5 +45,4 @@ static inline void devpts_pty_kill(struc
6918 #endif /* _LINUX_DEVPTS_FS_H */
6919 diff -NurpP --minimal linux-3.14.17/include/linux/fs.h linux-3.14.17-vs2.3.6.13/include/linux/fs.h
6920 --- linux-3.14.17/include/linux/fs.h 2014-08-14 01:38:34.000000000 +0000
6921 +++ linux-3.14.17-vs2.3.6.13/include/linux/fs.h 2014-08-30 14:27:38.000000000 +0000
6922 @@ -216,6 +216,7 @@ typedef void (dio_iodone_t)(struct kiocb
6923 #define ATTR_KILL_PRIV (1 << 14)
6924 #define ATTR_OPEN (1 << 15) /* Truncating from open(O_TRUNC) */
6925 #define ATTR_TIMES_SET (1 << 16)
6926 +#define ATTR_TAG (1 << 17)
6929 * This is the Inode Attributes structure, used for notify_change(). It
6930 @@ -231,6 +232,7 @@ struct iattr {
6936 struct timespec ia_atime;
6937 struct timespec ia_mtime;
6938 @@ -529,7 +531,9 @@ struct inode {
6939 unsigned short i_opflags;
6942 - unsigned int i_flags;
6944 + unsigned short i_flags;
6945 + unsigned short i_vflags;
6947 #ifdef CONFIG_FS_POSIX_ACL
6948 struct posix_acl *i_acl;
6949 @@ -558,6 +562,7 @@ struct inode {
6950 unsigned int __i_nlink;
6955 struct timespec i_atime;
6956 struct timespec i_mtime;
6957 @@ -716,6 +721,11 @@ static inline gid_t i_gid_read(const str
6958 return from_kgid(&init_user_ns, inode->i_gid);
6961 +static inline vtag_t i_tag_read(const struct inode *inode)
6963 + return from_ktag(&init_user_ns, inode->i_tag);
6966 static inline void i_uid_write(struct inode *inode, uid_t uid)
6968 inode->i_uid = make_kuid(&init_user_ns, uid);
6969 @@ -726,14 +736,19 @@ static inline void i_gid_write(struct in
6970 inode->i_gid = make_kgid(&init_user_ns, gid);
6973 +static inline void i_tag_write(struct inode *inode, vtag_t tag)
6975 + inode->i_tag = make_ktag(&init_user_ns, tag);
6978 static inline unsigned iminor(const struct inode *inode)
6980 - return MINOR(inode->i_rdev);
6981 + return MINOR(inode->i_mdev);
6984 static inline unsigned imajor(const struct inode *inode)
6986 - return MAJOR(inode->i_rdev);
6987 + return MAJOR(inode->i_mdev);
6990 extern struct block_device *I_BDEV(struct inode *inode);
6991 @@ -794,6 +809,7 @@ struct file {
6993 struct fown_struct f_owner;
6994 const struct cred *f_cred;
6996 struct file_ra_state f_ra;
6999 @@ -966,6 +982,7 @@ struct file_lock {
7000 struct file *fl_file;
7005 struct fasync_struct * fl_fasync; /* for lease break notifications */
7006 /* for lease breaks: */
7007 @@ -1577,6 +1594,7 @@ struct inode_operations {
7008 ssize_t (*getxattr) (struct dentry *, const char *, void *, size_t);
7009 ssize_t (*listxattr) (struct dentry *, char *, size_t);
7010 int (*removexattr) (struct dentry *, const char *);
7011 + int (*sync_flags) (struct inode *, int, int);
7012 int (*fiemap)(struct inode *, struct fiemap_extent_info *, u64 start,
7014 int (*update_time)(struct inode *, struct timespec *, int);
7015 @@ -1591,6 +1609,7 @@ ssize_t rw_copy_check_uvector(int type,
7016 unsigned long nr_segs, unsigned long fast_segs,
7017 struct iovec *fast_pointer,
7018 struct iovec **ret_pointer);
7019 +ssize_t vfs_sendfile(struct file *, struct file *, loff_t *, size_t, loff_t);
7021 extern ssize_t vfs_read(struct file *, char __user *, size_t, loff_t *);
7022 extern ssize_t vfs_write(struct file *, const char __user *, size_t, loff_t *);
7023 @@ -1644,6 +1663,14 @@ struct super_operations {
7024 #define S_IMA 1024 /* Inode has an associated IMA struct */
7025 #define S_AUTOMOUNT 2048 /* Automount/referral quasi-directory */
7026 #define S_NOSEC 4096 /* no suid or xattr security attributes */
7027 +#define S_IXUNLINK 8192 /* Immutable Invert on unlink */
7029 +/* Linux-VServer related Inode flags */
7033 +#define V_BARRIER 4 /* Barrier for chroot() */
7034 +#define V_COW 8 /* Copy on Write */
7037 * Note that nosuid etc flags are inode-specific: setting some file-system
7038 @@ -1668,10 +1695,13 @@ struct super_operations {
7039 #define IS_MANDLOCK(inode) __IS_FLG(inode, MS_MANDLOCK)
7040 #define IS_NOATIME(inode) __IS_FLG(inode, MS_RDONLY|MS_NOATIME)
7041 #define IS_I_VERSION(inode) __IS_FLG(inode, MS_I_VERSION)
7042 +#define IS_TAGGED(inode) __IS_FLG(inode, MS_TAGGED)
7044 #define IS_NOQUOTA(inode) ((inode)->i_flags & S_NOQUOTA)
7045 #define IS_APPEND(inode) ((inode)->i_flags & S_APPEND)
7046 #define IS_IMMUTABLE(inode) ((inode)->i_flags & S_IMMUTABLE)
7047 +#define IS_IXUNLINK(inode) ((inode)->i_flags & S_IXUNLINK)
7048 +#define IS_IXORUNLINK(inode) ((IS_IXUNLINK(inode) ? S_IMMUTABLE : 0) ^ IS_IMMUTABLE(inode))
7049 #define IS_POSIXACL(inode) __IS_FLG(inode, MS_POSIXACL)
7051 #define IS_DEADDIR(inode) ((inode)->i_flags & S_DEAD)
7052 @@ -1682,6 +1712,16 @@ struct super_operations {
7053 #define IS_AUTOMOUNT(inode) ((inode)->i_flags & S_AUTOMOUNT)
7054 #define IS_NOSEC(inode) ((inode)->i_flags & S_NOSEC)
7056 +#define IS_BARRIER(inode) (S_ISDIR((inode)->i_mode) && ((inode)->i_vflags & V_BARRIER))
7058 +#ifdef CONFIG_VSERVER_COWBL
7059 +# define IS_COW(inode) (IS_IXUNLINK(inode) && IS_IMMUTABLE(inode))
7060 +# define IS_COW_LINK(inode) (S_ISREG((inode)->i_mode) && ((inode)->i_nlink > 1))
7062 +# define IS_COW(inode) (0)
7063 +# define IS_COW_LINK(inode) (0)
7067 * Inode state bits. Protected by inode->i_lock
7069 @@ -1925,6 +1965,9 @@ extern struct kobject *fs_kobj;
7070 extern int locks_mandatory_locked(struct inode *);
7071 extern int locks_mandatory_area(int, struct inode *, struct file *, loff_t, size_t);
7073 +#define ATTR_FLAG_BARRIER 512 /* Barrier for chroot() */
7074 +#define ATTR_FLAG_IXUNLINK 1024 /* Immutable invert on unlink */
7077 * Candidates for mandatory locking have the setgid bit set
7078 * but no group execute bit - an otherwise meaningless combination.
7079 @@ -2617,6 +2660,7 @@ extern int dcache_dir_open(struct inode
7080 extern int dcache_dir_close(struct inode *, struct file *);
7081 extern loff_t dcache_dir_lseek(struct file *, loff_t, int);
7082 extern int dcache_readdir(struct file *, struct dir_context *);
7083 +extern int dcache_readdir_filter(struct file *, struct dir_context *, int (*)(struct dentry *));
7084 extern int simple_setattr(struct dentry *, struct iattr *);
7085 extern int simple_getattr(struct vfsmount *, struct dentry *, struct kstat *);
7086 extern int simple_statfs(struct dentry *, struct kstatfs *);
7087 diff -NurpP --minimal linux-3.14.17/include/linux/init_task.h linux-3.14.17-vs2.3.6.13/include/linux/init_task.h
7088 --- linux-3.14.17/include/linux/init_task.h 2014-08-14 01:38:34.000000000 +0000
7089 +++ linux-3.14.17-vs2.3.6.13/include/linux/init_task.h 2014-08-30 14:27:38.000000000 +0000
7090 @@ -234,6 +234,10 @@ extern struct task_group root_task_group
7091 INIT_CPUSET_SEQ(tsk) \
7092 INIT_RT_MUTEXES(tsk) \
7095 + .vx_info = NULL, \
7097 + .nx_info = NULL, \
7101 diff -NurpP --minimal linux-3.14.17/include/linux/ipc.h linux-3.14.17-vs2.3.6.13/include/linux/ipc.h
7102 --- linux-3.14.17/include/linux/ipc.h 2014-08-14 01:38:34.000000000 +0000
7103 +++ linux-3.14.17-vs2.3.6.13/include/linux/ipc.h 2014-08-30 14:27:38.000000000 +0000
7104 @@ -16,6 +16,7 @@ struct kern_ipc_perm
7112 diff -NurpP --minimal linux-3.14.17/include/linux/memcontrol.h linux-3.14.17-vs2.3.6.13/include/linux/memcontrol.h
7113 --- linux-3.14.17/include/linux/memcontrol.h 2014-08-14 01:38:34.000000000 +0000
7114 +++ linux-3.14.17-vs2.3.6.13/include/linux/memcontrol.h 2014-08-30 14:27:38.000000000 +0000
7115 @@ -99,6 +99,13 @@ extern struct mem_cgroup *try_get_mem_cg
7116 extern struct mem_cgroup *parent_mem_cgroup(struct mem_cgroup *memcg);
7117 extern struct mem_cgroup *mem_cgroup_from_css(struct cgroup_subsys_state *css);
7119 +extern u64 mem_cgroup_res_read_u64(struct mem_cgroup *mem, int member);
7120 +extern u64 mem_cgroup_memsw_read_u64(struct mem_cgroup *mem, int member);
7122 +extern s64 mem_cgroup_stat_read_cache(struct mem_cgroup *mem);
7123 +extern s64 mem_cgroup_stat_read_anon(struct mem_cgroup *mem);
7124 +extern s64 mem_cgroup_stat_read_mapped(struct mem_cgroup *mem);
7127 bool mm_match_cgroup(const struct mm_struct *mm, const struct mem_cgroup *memcg)
7129 diff -NurpP --minimal linux-3.14.17/include/linux/mm_types.h linux-3.14.17-vs2.3.6.13/include/linux/mm_types.h
7130 --- linux-3.14.17/include/linux/mm_types.h 2014-08-14 01:38:34.000000000 +0000
7131 +++ linux-3.14.17-vs2.3.6.13/include/linux/mm_types.h 2014-08-30 14:27:38.000000000 +0000
7132 @@ -397,6 +397,7 @@ struct mm_struct {
7134 /* Architecture-specific MM context */
7135 mm_context_t context;
7136 + struct vx_info *mm_vx_info;
7138 unsigned long flags; /* Must use atomic bitops to access the bits */
7140 diff -NurpP --minimal linux-3.14.17/include/linux/mount.h linux-3.14.17-vs2.3.6.13/include/linux/mount.h
7141 --- linux-3.14.17/include/linux/mount.h 2014-08-14 01:38:34.000000000 +0000
7142 +++ linux-3.14.17-vs2.3.6.13/include/linux/mount.h 2014-08-30 14:27:38.000000000 +0000
7143 @@ -55,6 +55,9 @@ struct mnt_namespace;
7144 #define MNT_SYNC_UMOUNT 0x2000000
7145 #define MNT_MARKED 0x4000000
7147 +#define MNT_TAGID 0x10000
7148 +#define MNT_NOTAG 0x20000
7151 struct dentry *mnt_root; /* root of the mounted tree */
7152 struct super_block *mnt_sb; /* pointer to superblock */
7153 diff -NurpP --minimal linux-3.14.17/include/linux/net.h linux-3.14.17-vs2.3.6.13/include/linux/net.h
7154 --- linux-3.14.17/include/linux/net.h 2014-08-14 01:38:34.000000000 +0000
7155 +++ linux-3.14.17-vs2.3.6.13/include/linux/net.h 2014-08-30 14:27:38.000000000 +0000
7156 @@ -39,6 +39,7 @@ struct net;
7157 #define SOCK_PASSCRED 3
7158 #define SOCK_PASSSEC 4
7159 #define SOCK_EXTERNALLY_ALLOCATED 5
7160 +#define SOCK_USER_SOCKET 6
7162 #ifndef ARCH_HAS_SOCKET_TYPES
7164 diff -NurpP --minimal linux-3.14.17/include/linux/netdevice.h linux-3.14.17-vs2.3.6.13/include/linux/netdevice.h
7165 --- linux-3.14.17/include/linux/netdevice.h 2014-08-14 01:38:34.000000000 +0000
7166 +++ linux-3.14.17-vs2.3.6.13/include/linux/netdevice.h 2014-08-30 14:27:38.000000000 +0000
7167 @@ -1882,6 +1882,7 @@ int init_dummy_netdev(struct net_device
7169 struct net_device *dev_get_by_index(struct net *net, int ifindex);
7170 struct net_device *__dev_get_by_index(struct net *net, int ifindex);
7171 +struct net_device *dev_get_by_index_real_rcu(struct net *net, int ifindex);
7172 struct net_device *dev_get_by_index_rcu(struct net *net, int ifindex);
7173 int netdev_get_name(struct net *net, char *name, int ifindex);
7174 int dev_restart(struct net_device *dev);
7175 diff -NurpP --minimal linux-3.14.17/include/linux/nsproxy.h linux-3.14.17-vs2.3.6.13/include/linux/nsproxy.h
7176 --- linux-3.14.17/include/linux/nsproxy.h 2014-08-14 01:38:34.000000000 +0000
7177 +++ linux-3.14.17-vs2.3.6.13/include/linux/nsproxy.h 2014-08-30 14:27:38.000000000 +0000
7180 #include <linux/spinlock.h>
7181 #include <linux/sched.h>
7182 +#include <linux/vserver/debug.h>
7184 struct mnt_namespace;
7185 struct uts_namespace;
7186 @@ -67,6 +68,7 @@ static inline struct nsproxy *task_nspro
7189 int copy_namespaces(unsigned long flags, struct task_struct *tsk);
7190 +struct nsproxy *copy_nsproxy(struct nsproxy *orig);
7191 void exit_task_namespaces(struct task_struct *tsk);
7192 void switch_task_namespaces(struct task_struct *tsk, struct nsproxy *new);
7193 void free_nsproxy(struct nsproxy *ns);
7194 @@ -74,16 +76,26 @@ int unshare_nsproxy_namespaces(unsigned
7195 struct cred *, struct fs_struct *);
7196 int __init nsproxy_cache_init(void);
7198 -static inline void put_nsproxy(struct nsproxy *ns)
7199 +#define get_nsproxy(n) __get_nsproxy(n, __FILE__, __LINE__)
7201 +static inline void __get_nsproxy(struct nsproxy *ns,
7202 + const char *_file, int _line)
7204 - if (atomic_dec_and_test(&ns->count)) {
7207 + vxlprintk(VXD_CBIT(space, 0), "get_nsproxy(%p[%u])",
7208 + ns, atomic_read(&ns->count), _file, _line);
7209 + atomic_inc(&ns->count);
7212 -static inline void get_nsproxy(struct nsproxy *ns)
7213 +#define put_nsproxy(n) __put_nsproxy(n, __FILE__, __LINE__)
7215 +static inline void __put_nsproxy(struct nsproxy *ns,
7216 + const char *_file, int _line)
7218 - atomic_inc(&ns->count);
7219 + vxlprintk(VXD_CBIT(space, 0), "put_nsproxy(%p[%u])",
7220 + ns, atomic_read(&ns->count), _file, _line);
7221 + if (atomic_dec_and_test(&ns->count)) {
7227 diff -NurpP --minimal linux-3.14.17/include/linux/pid.h linux-3.14.17-vs2.3.6.13/include/linux/pid.h
7228 --- linux-3.14.17/include/linux/pid.h 2014-08-14 01:38:34.000000000 +0000
7229 +++ linux-3.14.17-vs2.3.6.13/include/linux/pid.h 2014-08-30 14:27:38.000000000 +0000
7230 @@ -8,7 +8,8 @@ enum pid_type
7240 @@ -170,6 +171,7 @@ static inline pid_t pid_nr(struct pid *p
7243 pid_t pid_nr_ns(struct pid *pid, struct pid_namespace *ns);
7244 +pid_t pid_unmapped_nr_ns(struct pid *pid, struct pid_namespace *ns);
7245 pid_t pid_vnr(struct pid *pid);
7247 #define do_each_pid_task(pid, type, task) \
7248 diff -NurpP --minimal linux-3.14.17/include/linux/quotaops.h linux-3.14.17-vs2.3.6.13/include/linux/quotaops.h
7249 --- linux-3.14.17/include/linux/quotaops.h 2014-08-14 01:38:34.000000000 +0000
7250 +++ linux-3.14.17-vs2.3.6.13/include/linux/quotaops.h 2014-08-30 14:27:38.000000000 +0000
7252 #define _LINUX_QUOTAOPS_
7254 #include <linux/fs.h>
7255 +#include <linux/vs_dlimit.h>
7257 #define DQUOT_SPACE_WARN 0x1
7258 #define DQUOT_SPACE_RESERVE 0x2
7259 @@ -207,11 +208,12 @@ static inline void dquot_drop(struct ino
7261 static inline int dquot_alloc_inode(const struct inode *inode)
7264 + return dl_alloc_inode(inode);
7267 static inline void dquot_free_inode(const struct inode *inode)
7269 + dl_free_inode(inode);
7272 static inline int dquot_transfer(struct inode *inode, struct iattr *iattr)
7273 @@ -222,6 +224,10 @@ static inline int dquot_transfer(struct
7274 static inline int __dquot_alloc_space(struct inode *inode, qsize_t number,
7279 + if ((ret = dl_alloc_space(inode, number)))
7281 if (!(flags & DQUOT_SPACE_RESERVE))
7282 inode_add_bytes(inode, number);
7284 @@ -232,6 +238,7 @@ static inline void __dquot_free_space(st
7286 if (!(flags & DQUOT_SPACE_RESERVE))
7287 inode_sub_bytes(inode, number);
7288 + dl_free_space(inode, number);
7291 static inline int dquot_claim_space_nodirty(struct inode *inode, qsize_t number)
7292 diff -NurpP --minimal linux-3.14.17/include/linux/sched.h linux-3.14.17-vs2.3.6.13/include/linux/sched.h
7293 --- linux-3.14.17/include/linux/sched.h 2014-08-14 01:38:34.000000000 +0000
7294 +++ linux-3.14.17-vs2.3.6.13/include/linux/sched.h 2014-08-30 14:27:38.000000000 +0000
7295 @@ -1361,6 +1361,14 @@ struct task_struct {
7297 struct seccomp seccomp;
7299 +/* vserver context data */
7300 + struct vx_info *vx_info;
7301 + struct nx_info *nx_info;
7307 /* Thread group tracking */
7310 @@ -1658,6 +1666,11 @@ struct pid_namespace;
7311 pid_t __task_pid_nr_ns(struct task_struct *task, enum pid_type type,
7312 struct pid_namespace *ns);
7314 +#include <linux/vserver/base.h>
7315 +#include <linux/vserver/context.h>
7316 +#include <linux/vserver/debug.h>
7317 +#include <linux/vserver/pid.h>
7319 static inline pid_t task_pid_nr(struct task_struct *tsk)
7322 @@ -1671,7 +1684,8 @@ static inline pid_t task_pid_nr_ns(struc
7324 static inline pid_t task_pid_vnr(struct task_struct *tsk)
7326 - return __task_pid_nr_ns(tsk, PIDTYPE_PID, NULL);
7327 + // return __task_pid_nr_ns(tsk, PIDTYPE_PID, NULL);
7328 + return vx_map_pid(__task_pid_nr_ns(tsk, PIDTYPE_PID, NULL));
7332 @@ -1684,7 +1698,7 @@ pid_t task_tgid_nr_ns(struct task_struct
7334 static inline pid_t task_tgid_vnr(struct task_struct *tsk)
7336 - return pid_vnr(task_tgid(tsk));
7337 + return vx_map_tgid(pid_vnr(task_tgid(tsk)));
7341 diff -NurpP --minimal linux-3.14.17/include/linux/shmem_fs.h linux-3.14.17-vs2.3.6.13/include/linux/shmem_fs.h
7342 --- linux-3.14.17/include/linux/shmem_fs.h 2014-08-14 01:38:34.000000000 +0000
7343 +++ linux-3.14.17-vs2.3.6.13/include/linux/shmem_fs.h 2014-08-30 14:27:38.000000000 +0000
7346 /* inode in-kernel data */
7348 +#define TMPFS_SUPER_MAGIC 0x01021994
7351 struct shmem_inode_info {
7353 unsigned long flags;
7354 diff -NurpP --minimal linux-3.14.17/include/linux/stat.h linux-3.14.17-vs2.3.6.13/include/linux/stat.h
7355 --- linux-3.14.17/include/linux/stat.h 2014-08-14 01:38:34.000000000 +0000
7356 +++ linux-3.14.17-vs2.3.6.13/include/linux/stat.h 2014-08-30 14:27:38.000000000 +0000
7357 @@ -25,6 +25,7 @@ struct kstat {
7364 struct timespec atime;
7365 diff -NurpP --minimal linux-3.14.17/include/linux/sunrpc/auth.h linux-3.14.17-vs2.3.6.13/include/linux/sunrpc/auth.h
7366 --- linux-3.14.17/include/linux/sunrpc/auth.h 2014-08-14 01:38:34.000000000 +0000
7367 +++ linux-3.14.17-vs2.3.6.13/include/linux/sunrpc/auth.h 2014-08-30 14:27:38.000000000 +0000
7368 @@ -36,6 +36,7 @@ enum {
7373 struct group_info *group_info;
7374 const char *principal;
7375 unsigned long ac_flags;
7376 diff -NurpP --minimal linux-3.14.17/include/linux/sunrpc/clnt.h linux-3.14.17-vs2.3.6.13/include/linux/sunrpc/clnt.h
7377 --- linux-3.14.17/include/linux/sunrpc/clnt.h 2014-08-14 01:38:34.000000000 +0000
7378 +++ linux-3.14.17-vs2.3.6.13/include/linux/sunrpc/clnt.h 2014-08-30 14:27:38.000000000 +0000
7379 @@ -51,7 +51,8 @@ struct rpc_clnt {
7380 cl_discrtry : 1,/* disconnect before retry */
7381 cl_noretranstimeo: 1,/* No retransmit timeouts */
7382 cl_autobind : 1,/* use getport() */
7383 - cl_chatty : 1;/* be verbose */
7384 + cl_chatty : 1,/* be verbose */
7385 + cl_tag : 1;/* context tagging */
7387 struct rpc_rtt * cl_rtt; /* RTO estimator data */
7388 const struct rpc_timeout *cl_timeout; /* Timeout strategy */
7389 diff -NurpP --minimal linux-3.14.17/include/linux/types.h linux-3.14.17-vs2.3.6.13/include/linux/types.h
7390 --- linux-3.14.17/include/linux/types.h 2014-08-14 01:38:34.000000000 +0000
7391 +++ linux-3.14.17-vs2.3.6.13/include/linux/types.h 2014-08-30 14:27:38.000000000 +0000
7392 @@ -32,6 +32,9 @@ typedef __kernel_uid32_t uid_t;
7393 typedef __kernel_gid32_t gid_t;
7394 typedef __kernel_uid16_t uid16_t;
7395 typedef __kernel_gid16_t gid16_t;
7396 +typedef unsigned int vxid_t;
7397 +typedef unsigned int vnid_t;
7398 +typedef unsigned int vtag_t;
7400 typedef unsigned long uintptr_t;
7402 diff -NurpP --minimal linux-3.14.17/include/linux/uidgid.h linux-3.14.17-vs2.3.6.13/include/linux/uidgid.h
7403 --- linux-3.14.17/include/linux/uidgid.h 2014-08-14 01:38:34.000000000 +0000
7404 +++ linux-3.14.17-vs2.3.6.13/include/linux/uidgid.h 2014-08-30 14:32:41.000000000 +0000
7405 @@ -21,13 +21,17 @@ typedef struct {
7418 #define KUIDT_INIT(value) (kuid_t){ value }
7419 #define KGIDT_INIT(value) (kgid_t){ value }
7420 +#define KTAGT_INIT(value) (ktag_t){ value }
7422 static inline uid_t __kuid_val(kuid_t uid)
7424 @@ -39,11 +43,18 @@ static inline gid_t __kgid_val(kgid_t gi
7428 +static inline vtag_t __ktag_val(ktag_t tag)
7433 #define GLOBAL_ROOT_UID KUIDT_INIT(0)
7434 #define GLOBAL_ROOT_GID KGIDT_INIT(0)
7435 +#define GLOBAL_ROOT_TAG KTAGT_INIT(0)
7437 #define INVALID_UID KUIDT_INIT(-1)
7438 #define INVALID_GID KGIDT_INIT(-1)
7439 +#define INVALID_TAG KTAGT_INIT(-1)
7441 static inline bool uid_eq(kuid_t left, kuid_t right)
7443 @@ -55,6 +66,11 @@ static inline bool gid_eq(kgid_t left, k
7444 return __kgid_val(left) == __kgid_val(right);
7447 +static inline bool tag_eq(ktag_t left, ktag_t right)
7449 + return __ktag_val(left) == __ktag_val(right);
7452 static inline bool uid_gt(kuid_t left, kuid_t right)
7454 return __kuid_val(left) > __kuid_val(right);
7455 @@ -105,13 +121,21 @@ static inline bool gid_valid(kgid_t gid)
7456 return !gid_eq(gid, INVALID_GID);
7459 +static inline bool tag_valid(ktag_t tag)
7461 + return !tag_eq(tag, INVALID_TAG);
7464 #ifdef CONFIG_USER_NS
7466 extern kuid_t make_kuid(struct user_namespace *from, uid_t uid);
7467 extern kgid_t make_kgid(struct user_namespace *from, gid_t gid);
7468 +extern ktag_t make_ktag(struct user_namespace *from, gid_t gid);
7470 extern uid_t from_kuid(struct user_namespace *to, kuid_t uid);
7471 extern gid_t from_kgid(struct user_namespace *to, kgid_t gid);
7472 +extern vtag_t from_ktag(struct user_namespace *to, ktag_t tag);
7474 extern uid_t from_kuid_munged(struct user_namespace *to, kuid_t uid);
7475 extern gid_t from_kgid_munged(struct user_namespace *to, kgid_t gid);
7477 @@ -137,6 +161,11 @@ static inline kgid_t make_kgid(struct us
7478 return KGIDT_INIT(gid);
7481 +static inline ktag_t make_ktag(struct user_namespace *from, vtag_t tag)
7483 + return KTAGT_INIT(tag);
7486 static inline uid_t from_kuid(struct user_namespace *to, kuid_t kuid)
7488 return __kuid_val(kuid);
7489 @@ -147,6 +176,11 @@ static inline gid_t from_kgid(struct use
7490 return __kgid_val(kgid);
7493 +static inline vtag_t from_ktag(struct user_namespace *to, ktag_t ktag)
7495 + return __ktag_val(ktag);
7498 static inline uid_t from_kuid_munged(struct user_namespace *to, kuid_t kuid)
7500 uid_t uid = from_kuid(to, kuid);
7501 diff -NurpP --minimal linux-3.14.17/include/linux/vroot.h linux-3.14.17-vs2.3.6.13/include/linux/vroot.h
7502 --- linux-3.14.17/include/linux/vroot.h 1970-01-01 00:00:00.000000000 +0000
7503 +++ linux-3.14.17-vs2.3.6.13/include/linux/vroot.h 2014-08-30 14:27:38.000000000 +0000
7507 + * include/linux/vroot.h
7509 + * written by Herbert Pötzl, 9/11/2002
7510 + * ported to 2.6 by Herbert Pötzl, 30/12/2004
7512 + * Copyright (C) 2002-2007 by Herbert Pötzl.
7513 + * Redistribution of this file is permitted under the
7514 + * GNU General Public License.
7517 +#ifndef _LINUX_VROOT_H
7518 +#define _LINUX_VROOT_H
7523 +/* Possible states of device */
7529 +struct vroot_device {
7533 + struct semaphore vr_ctl_mutex;
7534 + struct block_device *vr_device;
7539 +typedef struct block_device *(vroot_grb_func)(struct block_device *);
7541 +extern int register_vroot_grb(vroot_grb_func *);
7542 +extern int unregister_vroot_grb(vroot_grb_func *);
7544 +#endif /* __KERNEL__ */
7546 +#define MAX_VROOT_DEFAULT 8
7549 + * IOCTL commands --- we will commandeer 0x56 ('V')
7552 +#define VROOT_SET_DEV 0x5600
7553 +#define VROOT_CLR_DEV 0x5601
7555 +#endif /* _LINUX_VROOT_H */
7556 diff -NurpP --minimal linux-3.14.17/include/linux/vs_base.h linux-3.14.17-vs2.3.6.13/include/linux/vs_base.h
7557 --- linux-3.14.17/include/linux/vs_base.h 1970-01-01 00:00:00.000000000 +0000
7558 +++ linux-3.14.17-vs2.3.6.13/include/linux/vs_base.h 2014-08-30 14:27:38.000000000 +0000
7563 +#include "vserver/base.h"
7564 +#include "vserver/check.h"
7565 +#include "vserver/debug.h"
7568 +#warning duplicate inclusion
7570 diff -NurpP --minimal linux-3.14.17/include/linux/vs_context.h linux-3.14.17-vs2.3.6.13/include/linux/vs_context.h
7571 --- linux-3.14.17/include/linux/vs_context.h 1970-01-01 00:00:00.000000000 +0000
7572 +++ linux-3.14.17-vs2.3.6.13/include/linux/vs_context.h 2014-08-30 14:27:38.000000000 +0000
7574 +#ifndef _VS_CONTEXT_H
7575 +#define _VS_CONTEXT_H
7577 +#include "vserver/base.h"
7578 +#include "vserver/check.h"
7579 +#include "vserver/context.h"
7580 +#include "vserver/history.h"
7581 +#include "vserver/debug.h"
7583 +#include <linux/sched.h>
7586 +#define get_vx_info(i) __get_vx_info(i, __FILE__, __LINE__, __HERE__)
7588 +static inline struct vx_info *__get_vx_info(struct vx_info *vxi,
7589 + const char *_file, int _line, void *_here)
7594 + vxlprintk(VXD_CBIT(xid, 2), "get_vx_info(%p[#%d.%d])",
7595 + vxi, vxi ? vxi->vx_id : 0,
7596 + vxi ? atomic_read(&vxi->vx_usecnt) : 0,
7598 + __vxh_get_vx_info(vxi, _here);
7600 + atomic_inc(&vxi->vx_usecnt);
7605 +extern void free_vx_info(struct vx_info *);
7607 +#define put_vx_info(i) __put_vx_info(i, __FILE__, __LINE__, __HERE__)
7609 +static inline void __put_vx_info(struct vx_info *vxi,
7610 + const char *_file, int _line, void *_here)
7615 + vxlprintk(VXD_CBIT(xid, 2), "put_vx_info(%p[#%d.%d])",
7616 + vxi, vxi ? vxi->vx_id : 0,
7617 + vxi ? atomic_read(&vxi->vx_usecnt) : 0,
7619 + __vxh_put_vx_info(vxi, _here);
7621 + if (atomic_dec_and_test(&vxi->vx_usecnt))
7622 + free_vx_info(vxi);
7626 +#define init_vx_info(p, i) \
7627 + __init_vx_info(p, i, __FILE__, __LINE__, __HERE__)
7629 +static inline void __init_vx_info(struct vx_info **vxp, struct vx_info *vxi,
7630 + const char *_file, int _line, void *_here)
7633 + vxlprintk(VXD_CBIT(xid, 3),
7634 + "init_vx_info(%p[#%d.%d])",
7635 + vxi, vxi ? vxi->vx_id : 0,
7636 + vxi ? atomic_read(&vxi->vx_usecnt) : 0,
7638 + __vxh_init_vx_info(vxi, vxp, _here);
7640 + atomic_inc(&vxi->vx_usecnt);
7646 +#define set_vx_info(p, i) \
7647 + __set_vx_info(p, i, __FILE__, __LINE__, __HERE__)
7649 +static inline void __set_vx_info(struct vx_info **vxp, struct vx_info *vxi,
7650 + const char *_file, int _line, void *_here)
7652 + struct vx_info *vxo;
7657 + vxlprintk(VXD_CBIT(xid, 3), "set_vx_info(%p[#%d.%d])",
7658 + vxi, vxi ? vxi->vx_id : 0,
7659 + vxi ? atomic_read(&vxi->vx_usecnt) : 0,
7661 + __vxh_set_vx_info(vxi, vxp, _here);
7663 + atomic_inc(&vxi->vx_usecnt);
7664 + vxo = xchg(vxp, vxi);
7669 +#define clr_vx_info(p) __clr_vx_info(p, __FILE__, __LINE__, __HERE__)
7671 +static inline void __clr_vx_info(struct vx_info **vxp,
7672 + const char *_file, int _line, void *_here)
7674 + struct vx_info *vxo;
7676 + vxo = xchg(vxp, NULL);
7680 + vxlprintk(VXD_CBIT(xid, 3), "clr_vx_info(%p[#%d.%d])",
7681 + vxo, vxo ? vxo->vx_id : 0,
7682 + vxo ? atomic_read(&vxo->vx_usecnt) : 0,
7684 + __vxh_clr_vx_info(vxo, vxp, _here);
7686 + if (atomic_dec_and_test(&vxo->vx_usecnt))
7687 + free_vx_info(vxo);
7691 +#define claim_vx_info(v, p) \
7692 + __claim_vx_info(v, p, __FILE__, __LINE__, __HERE__)
7694 +static inline void __claim_vx_info(struct vx_info *vxi,
7695 + struct task_struct *task,
7696 + const char *_file, int _line, void *_here)
7698 + vxlprintk(VXD_CBIT(xid, 3), "claim_vx_info(%p[#%d.%d.%d]) %p",
7699 + vxi, vxi ? vxi->vx_id : 0,
7700 + vxi ? atomic_read(&vxi->vx_usecnt) : 0,
7701 + vxi ? atomic_read(&vxi->vx_tasks) : 0,
7702 + task, _file, _line);
7703 + __vxh_claim_vx_info(vxi, task, _here);
7705 + atomic_inc(&vxi->vx_tasks);
7709 +extern void unhash_vx_info(struct vx_info *);
7711 +#define release_vx_info(v, p) \
7712 + __release_vx_info(v, p, __FILE__, __LINE__, __HERE__)
7714 +static inline void __release_vx_info(struct vx_info *vxi,
7715 + struct task_struct *task,
7716 + const char *_file, int _line, void *_here)
7718 + vxlprintk(VXD_CBIT(xid, 3), "release_vx_info(%p[#%d.%d.%d]) %p",
7719 + vxi, vxi ? vxi->vx_id : 0,
7720 + vxi ? atomic_read(&vxi->vx_usecnt) : 0,
7721 + vxi ? atomic_read(&vxi->vx_tasks) : 0,
7722 + task, _file, _line);
7723 + __vxh_release_vx_info(vxi, task, _here);
7727 + if (atomic_dec_and_test(&vxi->vx_tasks))
7728 + unhash_vx_info(vxi);
7732 +#define task_get_vx_info(p) \
7733 + __task_get_vx_info(p, __FILE__, __LINE__, __HERE__)
7735 +static inline struct vx_info *__task_get_vx_info(struct task_struct *p,
7736 + const char *_file, int _line, void *_here)
7738 + struct vx_info *vxi;
7741 + vxlprintk(VXD_CBIT(xid, 5), "task_get_vx_info(%p)",
7743 + vxi = __get_vx_info(p->vx_info, _file, _line, _here);
7749 +static inline void __wakeup_vx_info(struct vx_info *vxi)
7751 + if (waitqueue_active(&vxi->vx_wait))
7752 + wake_up_interruptible(&vxi->vx_wait);
7756 +#define enter_vx_info(v, s) __enter_vx_info(v, s, __FILE__, __LINE__)
7758 +static inline void __enter_vx_info(struct vx_info *vxi,
7759 + struct vx_info_save *vxis, const char *_file, int _line)
7761 + vxlprintk(VXD_CBIT(xid, 5), "enter_vx_info(%p[#%d],%p) %p[#%d,%p]",
7762 + vxi, vxi ? vxi->vx_id : 0, vxis, current,
7763 + current->xid, current->vx_info, _file, _line);
7764 + vxis->vxi = xchg(¤t->vx_info, vxi);
7765 + vxis->xid = current->xid;
7766 + current->xid = vxi ? vxi->vx_id : 0;
7769 +#define leave_vx_info(s) __leave_vx_info(s, __FILE__, __LINE__)
7771 +static inline void __leave_vx_info(struct vx_info_save *vxis,
7772 + const char *_file, int _line)
7774 + vxlprintk(VXD_CBIT(xid, 5), "leave_vx_info(%p[#%d,%p]) %p[#%d,%p]",
7775 + vxis, vxis->xid, vxis->vxi, current,
7776 + current->xid, current->vx_info, _file, _line);
7777 + (void)xchg(¤t->vx_info, vxis->vxi);
7778 + current->xid = vxis->xid;
7782 +static inline void __enter_vx_admin(struct vx_info_save *vxis)
7784 + vxis->vxi = xchg(¤t->vx_info, NULL);
7785 + vxis->xid = xchg(¤t->xid, (vxid_t)0);
7788 +static inline void __leave_vx_admin(struct vx_info_save *vxis)
7790 + (void)xchg(¤t->xid, vxis->xid);
7791 + (void)xchg(¤t->vx_info, vxis->vxi);
7794 +#define task_is_init(p) \
7795 + __task_is_init(p, __FILE__, __LINE__, __HERE__)
7797 +static inline int __task_is_init(struct task_struct *p,
7798 + const char *_file, int _line, void *_here)
7800 + int is_init = is_global_init(p);
7804 + is_init = p->vx_info->vx_initpid == p->pid;
7809 +extern void exit_vx_info(struct task_struct *, int);
7810 +extern void exit_vx_info_early(struct task_struct *, int);
7814 +#warning duplicate inclusion
7816 diff -NurpP --minimal linux-3.14.17/include/linux/vs_cowbl.h linux-3.14.17-vs2.3.6.13/include/linux/vs_cowbl.h
7817 --- linux-3.14.17/include/linux/vs_cowbl.h 1970-01-01 00:00:00.000000000 +0000
7818 +++ linux-3.14.17-vs2.3.6.13/include/linux/vs_cowbl.h 2014-08-30 14:27:38.000000000 +0000
7820 +#ifndef _VS_COWBL_H
7821 +#define _VS_COWBL_H
7823 +#include <linux/fs.h>
7824 +#include <linux/dcache.h>
7825 +#include <linux/namei.h>
7826 +#include <linux/slab.h>
7828 +extern struct dentry *cow_break_link(const char *pathname);
7830 +static inline int cow_check_and_break(struct path *path)
7832 + struct inode *inode = path->dentry->d_inode;
7835 + /* do we need this check? */
7836 + if (IS_RDONLY(inode))
7839 + if (IS_COW(inode)) {
7840 + if (IS_COW_LINK(inode)) {
7841 + struct dentry *new_dentry, *old_dentry = path->dentry;
7844 + buf = kmalloc(PATH_MAX, GFP_KERNEL);
7848 + pp = d_path(path, buf, PATH_MAX);
7849 + new_dentry = cow_break_link(pp);
7851 + if (!IS_ERR(new_dentry)) {
7852 + path->dentry = new_dentry;
7855 + error = PTR_ERR(new_dentry);
7857 + inode->i_flags &= ~(S_IXUNLINK | S_IMMUTABLE);
7858 + inode->i_ctime = CURRENT_TIME;
7859 + mark_inode_dirty(inode);
7866 +#warning duplicate inclusion
7868 diff -NurpP --minimal linux-3.14.17/include/linux/vs_cvirt.h linux-3.14.17-vs2.3.6.13/include/linux/vs_cvirt.h
7869 --- linux-3.14.17/include/linux/vs_cvirt.h 1970-01-01 00:00:00.000000000 +0000
7870 +++ linux-3.14.17-vs2.3.6.13/include/linux/vs_cvirt.h 2014-08-30 14:27:38.000000000 +0000
7872 +#ifndef _VS_CVIRT_H
7873 +#define _VS_CVIRT_H
7875 +#include "vserver/cvirt.h"
7876 +#include "vserver/context.h"
7877 +#include "vserver/base.h"
7878 +#include "vserver/check.h"
7879 +#include "vserver/debug.h"
7882 +static inline void vx_activate_task(struct task_struct *p)
7884 + struct vx_info *vxi;
7886 + if ((vxi = p->vx_info)) {
7887 + vx_update_load(vxi);
7888 + atomic_inc(&vxi->cvirt.nr_running);
7892 +static inline void vx_deactivate_task(struct task_struct *p)
7894 + struct vx_info *vxi;
7896 + if ((vxi = p->vx_info)) {
7897 + vx_update_load(vxi);
7898 + atomic_dec(&vxi->cvirt.nr_running);
7902 +static inline void vx_uninterruptible_inc(struct task_struct *p)
7904 + struct vx_info *vxi;
7906 + if ((vxi = p->vx_info))
7907 + atomic_inc(&vxi->cvirt.nr_uninterruptible);
7910 +static inline void vx_uninterruptible_dec(struct task_struct *p)
7912 + struct vx_info *vxi;
7914 + if ((vxi = p->vx_info))
7915 + atomic_dec(&vxi->cvirt.nr_uninterruptible);
7920 +#warning duplicate inclusion
7922 diff -NurpP --minimal linux-3.14.17/include/linux/vs_device.h linux-3.14.17-vs2.3.6.13/include/linux/vs_device.h
7923 --- linux-3.14.17/include/linux/vs_device.h 1970-01-01 00:00:00.000000000 +0000
7924 +++ linux-3.14.17-vs2.3.6.13/include/linux/vs_device.h 2014-08-30 14:27:38.000000000 +0000
7926 +#ifndef _VS_DEVICE_H
7927 +#define _VS_DEVICE_H
7929 +#include "vserver/base.h"
7930 +#include "vserver/device.h"
7931 +#include "vserver/debug.h"
7934 +#ifdef CONFIG_VSERVER_DEVICE
7936 +int vs_map_device(struct vx_info *, dev_t, dev_t *, umode_t);
7938 +#define vs_device_perm(v, d, m, p) \
7939 + ((vs_map_device(current_vx_info(), d, NULL, m) & (p)) == (p))
7944 +int vs_map_device(struct vx_info *vxi,
7945 + dev_t device, dev_t *target, umode_t mode)
7952 +#define vs_device_perm(v, d, m, p) ((p) == (p))
7957 +#define vs_map_chrdev(d, t, p) \
7958 + ((vs_map_device(current_vx_info(), d, t, S_IFCHR) & (p)) == (p))
7959 +#define vs_map_blkdev(d, t, p) \
7960 + ((vs_map_device(current_vx_info(), d, t, S_IFBLK) & (p)) == (p))
7962 +#define vs_chrdev_perm(d, p) \
7963 + vs_device_perm(current_vx_info(), d, S_IFCHR, p)
7964 +#define vs_blkdev_perm(d, p) \
7965 + vs_device_perm(current_vx_info(), d, S_IFBLK, p)
7969 +#warning duplicate inclusion
7971 diff -NurpP --minimal linux-3.14.17/include/linux/vs_dlimit.h linux-3.14.17-vs2.3.6.13/include/linux/vs_dlimit.h
7972 --- linux-3.14.17/include/linux/vs_dlimit.h 1970-01-01 00:00:00.000000000 +0000
7973 +++ linux-3.14.17-vs2.3.6.13/include/linux/vs_dlimit.h 2014-08-30 14:27:38.000000000 +0000
7975 +#ifndef _VS_DLIMIT_H
7976 +#define _VS_DLIMIT_H
7978 +#include <linux/fs.h>
7980 +#include "vserver/dlimit.h"
7981 +#include "vserver/base.h"
7982 +#include "vserver/debug.h"
7985 +#define get_dl_info(i) __get_dl_info(i, __FILE__, __LINE__)
7987 +static inline struct dl_info *__get_dl_info(struct dl_info *dli,
7988 + const char *_file, int _line)
7992 + vxlprintk(VXD_CBIT(dlim, 4), "get_dl_info(%p[#%d.%d])",
7993 + dli, dli ? dli->dl_tag : 0,
7994 + dli ? atomic_read(&dli->dl_usecnt) : 0,
7996 + atomic_inc(&dli->dl_usecnt);
8001 +#define free_dl_info(i) \
8002 + call_rcu(&(i)->dl_rcu, rcu_free_dl_info)
8004 +#define put_dl_info(i) __put_dl_info(i, __FILE__, __LINE__)
8006 +static inline void __put_dl_info(struct dl_info *dli,
8007 + const char *_file, int _line)
8011 + vxlprintk(VXD_CBIT(dlim, 4), "put_dl_info(%p[#%d.%d])",
8012 + dli, dli ? dli->dl_tag : 0,
8013 + dli ? atomic_read(&dli->dl_usecnt) : 0,
8015 + if (atomic_dec_and_test(&dli->dl_usecnt))
8016 + free_dl_info(dli);
8020 +#define __dlimit_char(d) ((d) ? '*' : ' ')
8022 +static inline int __dl_alloc_space(struct super_block *sb,
8023 + vtag_t tag, dlsize_t nr, const char *file, int line)
8025 + struct dl_info *dli = NULL;
8030 + dli = locate_dl_info(sb, tag);
8034 + spin_lock(&dli->dl_lock);
8035 + ret = (dli->dl_space_used + nr > dli->dl_space_total);
8037 + dli->dl_space_used += nr;
8038 + spin_unlock(&dli->dl_lock);
8041 + vxlprintk(VXD_CBIT(dlim, 1),
8042 + "ALLOC (%p,#%d)%c %lld bytes (%d)",
8043 + sb, tag, __dlimit_char(dli), (long long)nr,
8045 + return ret ? -ENOSPC : 0;
8048 +static inline void __dl_free_space(struct super_block *sb,
8049 + vtag_t tag, dlsize_t nr, const char *_file, int _line)
8051 + struct dl_info *dli = NULL;
8055 + dli = locate_dl_info(sb, tag);
8059 + spin_lock(&dli->dl_lock);
8060 + if (dli->dl_space_used > nr)
8061 + dli->dl_space_used -= nr;
8063 + dli->dl_space_used = 0;
8064 + spin_unlock(&dli->dl_lock);
8067 + vxlprintk(VXD_CBIT(dlim, 1),
8068 + "FREE (%p,#%d)%c %lld bytes",
8069 + sb, tag, __dlimit_char(dli), (long long)nr,
8073 +static inline int __dl_alloc_inode(struct super_block *sb,
8074 + vtag_t tag, const char *_file, int _line)
8076 + struct dl_info *dli;
8079 + dli = locate_dl_info(sb, tag);
8083 + spin_lock(&dli->dl_lock);
8084 + dli->dl_inodes_used++;
8085 + ret = (dli->dl_inodes_used > dli->dl_inodes_total);
8086 + spin_unlock(&dli->dl_lock);
8089 + vxlprintk(VXD_CBIT(dlim, 0),
8090 + "ALLOC (%p,#%d)%c inode (%d)",
8091 + sb, tag, __dlimit_char(dli), ret, _file, _line);
8092 + return ret ? -ENOSPC : 0;
8095 +static inline void __dl_free_inode(struct super_block *sb,
8096 + vtag_t tag, const char *_file, int _line)
8098 + struct dl_info *dli;
8100 + dli = locate_dl_info(sb, tag);
8104 + spin_lock(&dli->dl_lock);
8105 + if (dli->dl_inodes_used > 1)
8106 + dli->dl_inodes_used--;
8108 + dli->dl_inodes_used = 0;
8109 + spin_unlock(&dli->dl_lock);
8112 + vxlprintk(VXD_CBIT(dlim, 0),
8113 + "FREE (%p,#%d)%c inode",
8114 + sb, tag, __dlimit_char(dli), _file, _line);
8117 +static inline void __dl_adjust_block(struct super_block *sb, vtag_t tag,
8118 + unsigned long long *free_blocks, unsigned long long *root_blocks,
8119 + const char *_file, int _line)
8121 + struct dl_info *dli;
8122 + uint64_t broot, bfree;
8124 + dli = locate_dl_info(sb, tag);
8128 + spin_lock(&dli->dl_lock);
8129 + broot = (dli->dl_space_total -
8130 + (dli->dl_space_total >> 10) * dli->dl_nrlmult)
8131 + >> sb->s_blocksize_bits;
8132 + bfree = (dli->dl_space_total - dli->dl_space_used)
8133 + >> sb->s_blocksize_bits;
8134 + spin_unlock(&dli->dl_lock);
8136 + vxlprintk(VXD_CBIT(dlim, 2),
8137 + "ADJUST: %lld,%lld on %lld,%lld [mult=%d]",
8138 + (long long)bfree, (long long)broot,
8139 + *free_blocks, *root_blocks, dli->dl_nrlmult,
8141 + if (free_blocks) {
8142 + if (*free_blocks > bfree)
8143 + *free_blocks = bfree;
8145 + if (root_blocks) {
8146 + if (*root_blocks > broot)
8147 + *root_blocks = broot;
8152 +#define dl_prealloc_space(in, bytes) \
8153 + __dl_alloc_space((in)->i_sb, i_tag_read(in), (dlsize_t)(bytes), \
8154 + __FILE__, __LINE__ )
8156 +#define dl_alloc_space(in, bytes) \
8157 + __dl_alloc_space((in)->i_sb, i_tag_read(in), (dlsize_t)(bytes), \
8158 + __FILE__, __LINE__ )
8160 +#define dl_reserve_space(in, bytes) \
8161 + __dl_alloc_space((in)->i_sb, i_tag_read(in), (dlsize_t)(bytes), \
8162 + __FILE__, __LINE__ )
8164 +#define dl_claim_space(in, bytes) (0)
8166 +#define dl_release_space(in, bytes) \
8167 + __dl_free_space((in)->i_sb, i_tag_read(in), (dlsize_t)(bytes), \
8168 + __FILE__, __LINE__ )
8170 +#define dl_free_space(in, bytes) \
8171 + __dl_free_space((in)->i_sb, i_tag_read(in), (dlsize_t)(bytes), \
8172 + __FILE__, __LINE__ )
8176 +#define dl_alloc_inode(in) \
8177 + __dl_alloc_inode((in)->i_sb, i_tag_read(in), __FILE__, __LINE__ )
8179 +#define dl_free_inode(in) \
8180 + __dl_free_inode((in)->i_sb, i_tag_read(in), __FILE__, __LINE__ )
8183 +#define dl_adjust_block(sb, tag, fb, rb) \
8184 + __dl_adjust_block(sb, tag, fb, rb, __FILE__, __LINE__ )
8188 +#warning duplicate inclusion
8190 diff -NurpP --minimal linux-3.14.17/include/linux/vs_inet.h linux-3.14.17-vs2.3.6.13/include/linux/vs_inet.h
8191 --- linux-3.14.17/include/linux/vs_inet.h 1970-01-01 00:00:00.000000000 +0000
8192 +++ linux-3.14.17-vs2.3.6.13/include/linux/vs_inet.h 2014-08-30 14:27:38.000000000 +0000
8197 +#include "vserver/base.h"
8198 +#include "vserver/network.h"
8199 +#include "vserver/debug.h"
8201 +#define IPI_LOOPBACK htonl(INADDR_LOOPBACK)
8203 +#define NXAV4(a) NIPQUAD((a)->ip[0]), NIPQUAD((a)->ip[1]), \
8204 + NIPQUAD((a)->mask), (a)->type
8205 +#define NXAV4_FMT "[" NIPQUAD_FMT "-" NIPQUAD_FMT "/" NIPQUAD_FMT ":%04x]"
8207 +#define NIPQUAD(addr) \
8208 + ((unsigned char *)&addr)[0], \
8209 + ((unsigned char *)&addr)[1], \
8210 + ((unsigned char *)&addr)[2], \
8211 + ((unsigned char *)&addr)[3]
8213 +#define NIPQUAD_FMT "%u.%u.%u.%u"
8217 +int v4_addr_match(struct nx_addr_v4 *nxa, __be32 addr, uint16_t tmask)
8219 + __be32 ip = nxa->ip[0].s_addr;
8220 + __be32 mask = nxa->mask.s_addr;
8221 + __be32 bcast = ip | ~mask;
8224 + switch (nxa->type & tmask) {
8225 + case NXA_TYPE_MASK:
8226 + ret = (ip == (addr & mask));
8228 + case NXA_TYPE_ADDR:
8232 + /* fall through to broadcast */
8233 + case NXA_MOD_BCAST:
8234 + ret = ((tmask & NXA_MOD_BCAST) && (addr == bcast));
8236 + case NXA_TYPE_RANGE:
8237 + ret = ((nxa->ip[0].s_addr <= addr) &&
8238 + (nxa->ip[1].s_addr > addr));
8240 + case NXA_TYPE_ANY:
8245 + vxdprintk(VXD_CBIT(net, 0),
8246 + "v4_addr_match(%p" NXAV4_FMT "," NIPQUAD_FMT ",%04x) = %d",
8247 + nxa, NXAV4(nxa), NIPQUAD(addr), tmask, ret);
8252 +int v4_addr_in_nx_info(struct nx_info *nxi, __be32 addr, uint16_t tmask)
8254 + struct nx_addr_v4 *nxa;
8255 + unsigned long irqflags;
8262 + /* allow 127.0.0.1 when remapping lback */
8263 + if ((tmask & NXA_LOOPBACK) &&
8264 + (addr == IPI_LOOPBACK) &&
8265 + nx_info_flags(nxi, NXF_LBACK_REMAP, 0))
8268 + /* check for lback address */
8269 + if ((tmask & NXA_MOD_LBACK) &&
8270 + (nxi->v4_lback.s_addr == addr))
8273 + /* check for broadcast address */
8274 + if ((tmask & NXA_MOD_BCAST) &&
8275 + (nxi->v4_bcast.s_addr == addr))
8279 + /* check for v4 addresses */
8280 + spin_lock_irqsave(&nxi->addr_lock, irqflags);
8281 + for (nxa = &nxi->v4; nxa; nxa = nxa->next)
8282 + if (v4_addr_match(nxa, addr, tmask))
8286 + spin_unlock_irqrestore(&nxi->addr_lock, irqflags);
8288 + vxdprintk(VXD_CBIT(net, 0),
8289 + "v4_addr_in_nx_info(%p[#%u]," NIPQUAD_FMT ",%04x) = %d",
8290 + nxi, nxi ? nxi->nx_id : 0, NIPQUAD(addr), tmask, ret);
8295 +int v4_nx_addr_match(struct nx_addr_v4 *nxa, struct nx_addr_v4 *addr, uint16_t mask)
8297 + /* FIXME: needs full range checks */
8298 + return v4_addr_match(nxa, addr->ip[0].s_addr, mask);
8302 +int v4_nx_addr_in_nx_info(struct nx_info *nxi, struct nx_addr_v4 *nxa, uint16_t mask)
8304 + struct nx_addr_v4 *ptr;
8305 + unsigned long irqflags;
8308 + spin_lock_irqsave(&nxi->addr_lock, irqflags);
8309 + for (ptr = &nxi->v4; ptr; ptr = ptr->next)
8310 + if (v4_nx_addr_match(ptr, nxa, mask))
8314 + spin_unlock_irqrestore(&nxi->addr_lock, irqflags);
8318 +#include <net/inet_sock.h>
8321 + * Check if a given address matches for a socket
8323 + * nxi: the socket's nx_info if any
8324 + * addr: to be verified address
8327 +int v4_sock_addr_match (
8328 + struct nx_info *nxi,
8329 + struct inet_sock *inet,
8332 + __be32 saddr = inet->inet_rcv_saddr;
8333 + __be32 bcast = nxi ? nxi->v4_bcast.s_addr : INADDR_BROADCAST;
8335 + if (addr && (saddr == addr || bcast == addr))
8338 + return v4_addr_in_nx_info(nxi, addr, NXA_MASK_BIND);
8343 +/* inet related checks and helpers */
8352 +#include <linux/netdevice.h>
8353 +#include <linux/inetdevice.h>
8354 +#include <net/inet_sock.h>
8355 +#include <net/inet_timewait_sock.h>
8358 +int dev_in_nx_info(struct net_device *, struct nx_info *);
8359 +int v4_dev_in_nx_info(struct net_device *, struct nx_info *);
8360 +int nx_v4_addr_conflict(struct nx_info *, struct nx_info *);
8364 + * check if address is covered by socket
8366 + * sk: the socket to check against
8367 + * addr: the address in question (must be != 0)
8371 +int __v4_addr_match_socket(const struct sock *sk, struct nx_addr_v4 *nxa)
8373 + struct nx_info *nxi = sk->sk_nx_info;
8374 + __be32 saddr = sk->sk_rcv_saddr;
8376 + vxdprintk(VXD_CBIT(net, 5),
8377 + "__v4_addr_in_socket(%p," NXAV4_FMT ") %p:" NIPQUAD_FMT " %p;%lx",
8378 + sk, NXAV4(nxa), nxi, NIPQUAD(saddr), sk->sk_socket,
8379 + (sk->sk_socket?sk->sk_socket->flags:0));
8381 + if (saddr) { /* direct address match */
8382 + return v4_addr_match(nxa, saddr, -1);
8383 + } else if (nxi) { /* match against nx_info */
8384 + return v4_nx_addr_in_nx_info(nxi, nxa, -1);
8385 + } else { /* unrestricted any socket */
8393 +int nx_dev_visible(struct nx_info *nxi, struct net_device *dev)
8395 + vxdprintk(VXD_CBIT(net, 1),
8396 + "nx_dev_visible(%p[#%u],%p " VS_Q("%s") ") %d",
8397 + nxi, nxi ? nxi->nx_id : 0, dev, dev->name,
8398 + nxi ? dev_in_nx_info(dev, nxi) : 0);
8400 + if (!nx_info_flags(nxi, NXF_HIDE_NETIF, 0))
8402 + if (dev_in_nx_info(dev, nxi))
8409 +int v4_ifa_in_nx_info(struct in_ifaddr *ifa, struct nx_info *nxi)
8415 + return v4_addr_in_nx_info(nxi, ifa->ifa_local, NXA_MASK_SHOW);
8419 +int nx_v4_ifa_visible(struct nx_info *nxi, struct in_ifaddr *ifa)
8421 + vxdprintk(VXD_CBIT(net, 1), "nx_v4_ifa_visible(%p[#%u],%p) %d",
8422 + nxi, nxi ? nxi->nx_id : 0, ifa,
8423 + nxi ? v4_ifa_in_nx_info(ifa, nxi) : 0);
8425 + if (!nx_info_flags(nxi, NXF_HIDE_NETIF, 0))
8427 + if (v4_ifa_in_nx_info(ifa, nxi))
8433 +struct nx_v4_sock_addr {
8434 + __be32 saddr; /* Address used for validation */
8435 + __be32 baddr; /* Address used for socket bind */
8439 +int v4_map_sock_addr(struct inet_sock *inet, struct sockaddr_in *addr,
8440 + struct nx_v4_sock_addr *nsa)
8442 + struct sock *sk = &inet->sk;
8443 + struct nx_info *nxi = sk->sk_nx_info;
8444 + __be32 saddr = addr->sin_addr.s_addr;
8445 + __be32 baddr = saddr;
8447 + vxdprintk(VXD_CBIT(net, 3),
8448 + "inet_bind(%p)* %p,%p;%lx " NIPQUAD_FMT,
8449 + sk, sk->sk_nx_info, sk->sk_socket,
8450 + (sk->sk_socket ? sk->sk_socket->flags : 0),
8454 + if (saddr == INADDR_ANY) {
8455 + if (nx_info_flags(nxi, NXF_SINGLE_IP, 0))
8456 + baddr = nxi->v4.ip[0].s_addr;
8457 + } else if (saddr == IPI_LOOPBACK) {
8458 + if (nx_info_flags(nxi, NXF_LBACK_REMAP, 0))
8459 + baddr = nxi->v4_lback.s_addr;
8460 + } else if (!ipv4_is_multicast(saddr) ||
8461 + !nx_info_ncaps(nxi, NXC_MULTICAST)) {
8462 + /* normal address bind */
8463 + if (!v4_addr_in_nx_info(nxi, saddr, NXA_MASK_BIND))
8464 + return -EADDRNOTAVAIL;
8468 + vxdprintk(VXD_CBIT(net, 3),
8469 + "inet_bind(%p) " NIPQUAD_FMT ", " NIPQUAD_FMT,
8470 + sk, NIPQUAD(saddr), NIPQUAD(baddr));
8472 + nsa->saddr = saddr;
8473 + nsa->baddr = baddr;
8478 +void v4_set_sock_addr(struct inet_sock *inet, struct nx_v4_sock_addr *nsa)
8480 + inet->inet_saddr = nsa->baddr;
8481 + inet->inet_rcv_saddr = nsa->baddr;
8486 + * helper to simplify inet_lookup_listener
8488 + * nxi: the socket's nx_info if any
8489 + * addr: to be verified address
8490 + * saddr: socket address
8492 +static inline int v4_inet_addr_match (
8493 + struct nx_info *nxi,
8497 + if (addr && (saddr == addr))
8500 + return nxi ? v4_addr_in_nx_info(nxi, addr, NXA_MASK_BIND) : 1;
8504 +static inline __be32 nx_map_sock_lback(struct nx_info *nxi, __be32 addr)
8506 + if (nx_info_flags(nxi, NXF_HIDE_LBACK, 0) &&
8507 + (addr == nxi->v4_lback.s_addr))
8508 + return IPI_LOOPBACK;
8513 +int nx_info_has_v4(struct nx_info *nxi)
8519 + if (nx_info_flags(nxi, NXF_LBACK_REMAP, 0))
8524 +#else /* CONFIG_INET */
8527 +int nx_dev_visible(struct nx_info *n, struct net_device *d)
8533 +int nx_v4_addr_conflict(struct nx_info *n, uint32_t a, const struct sock *s)
8539 +int v4_ifa_in_nx_info(struct in_ifaddr *a, struct nx_info *n)
8545 +int nx_info_has_v4(struct nx_info *nxi)
8550 +#endif /* CONFIG_INET */
8552 +#define current_nx_info_has_v4() \
8553 + nx_info_has_v4(current_nx_info())
8556 +// #warning duplicate inclusion
8558 diff -NurpP --minimal linux-3.14.17/include/linux/vs_inet6.h linux-3.14.17-vs2.3.6.13/include/linux/vs_inet6.h
8559 --- linux-3.14.17/include/linux/vs_inet6.h 1970-01-01 00:00:00.000000000 +0000
8560 +++ linux-3.14.17-vs2.3.6.13/include/linux/vs_inet6.h 2014-08-30 14:27:38.000000000 +0000
8562 +#ifndef _VS_INET6_H
8563 +#define _VS_INET6_H
8565 +#include "vserver/base.h"
8566 +#include "vserver/network.h"
8567 +#include "vserver/debug.h"
8569 +#include <net/ipv6.h>
8571 +#define NXAV6(a) &(a)->ip, &(a)->mask, (a)->prefix, (a)->type
8572 +#define NXAV6_FMT "[%pI6/%pI6/%d:%04x]"
8578 +int v6_addr_match(struct nx_addr_v6 *nxa,
8579 + const struct in6_addr *addr, uint16_t mask)
8583 + switch (nxa->type & mask) {
8584 + case NXA_TYPE_MASK:
8585 + ret = ipv6_masked_addr_cmp(&nxa->ip, &nxa->mask, addr);
8587 + case NXA_TYPE_ADDR:
8588 + ret = ipv6_addr_equal(&nxa->ip, addr);
8590 + case NXA_TYPE_ANY:
8594 + vxdprintk(VXD_CBIT(net, 0),
8595 + "v6_addr_match(%p" NXAV6_FMT ",%pI6,%04x) = %d",
8596 + nxa, NXAV6(nxa), addr, mask, ret);
8601 +int v6_addr_in_nx_info(struct nx_info *nxi,
8602 + const struct in6_addr *addr, uint16_t mask)
8604 + struct nx_addr_v6 *nxa;
8605 + unsigned long irqflags;
8611 + spin_lock_irqsave(&nxi->addr_lock, irqflags);
8612 + for (nxa = &nxi->v6; nxa; nxa = nxa->next)
8613 + if (v6_addr_match(nxa, addr, mask))
8617 + spin_unlock_irqrestore(&nxi->addr_lock, irqflags);
8619 + vxdprintk(VXD_CBIT(net, 0),
8620 + "v6_addr_in_nx_info(%p[#%u],%pI6,%04x) = %d",
8621 + nxi, nxi ? nxi->nx_id : 0, addr, mask, ret);
8626 +int v6_nx_addr_match(struct nx_addr_v6 *nxa, struct nx_addr_v6 *addr, uint16_t mask)
8628 + /* FIXME: needs full range checks */
8629 + return v6_addr_match(nxa, &addr->ip, mask);
8633 +int v6_nx_addr_in_nx_info(struct nx_info *nxi, struct nx_addr_v6 *nxa, uint16_t mask)
8635 + struct nx_addr_v6 *ptr;
8636 + unsigned long irqflags;
8639 + spin_lock_irqsave(&nxi->addr_lock, irqflags);
8640 + for (ptr = &nxi->v6; ptr; ptr = ptr->next)
8641 + if (v6_nx_addr_match(ptr, nxa, mask))
8645 + spin_unlock_irqrestore(&nxi->addr_lock, irqflags);
8651 + * Check if a given address matches for a socket
8653 + * nxi: the socket's nx_info if any
8654 + * addr: to be verified address
8657 +int v6_sock_addr_match (
8658 + struct nx_info *nxi,
8659 + struct inet_sock *inet,
8660 + struct in6_addr *addr)
8662 + struct sock *sk = &inet->sk;
8663 + const struct in6_addr *saddr = inet6_rcv_saddr(sk);
8665 + if (!ipv6_addr_any(addr) &&
8666 + ipv6_addr_equal(saddr, addr))
8668 + if (ipv6_addr_any(saddr))
8669 + return v6_addr_in_nx_info(nxi, addr, -1);
8674 + * check if address is covered by socket
8676 + * sk: the socket to check against
8677 + * addr: the address in question (must be != 0)
8681 +int __v6_addr_match_socket(const struct sock *sk, struct nx_addr_v6 *nxa)
8683 + struct nx_info *nxi = sk->sk_nx_info;
8684 + const struct in6_addr *saddr = inet6_rcv_saddr(sk);
8686 + vxdprintk(VXD_CBIT(net, 5),
8687 + "__v6_addr_in_socket(%p," NXAV6_FMT ") %p:%pI6 %p;%lx",
8688 + sk, NXAV6(nxa), nxi, saddr, sk->sk_socket,
8689 + (sk->sk_socket?sk->sk_socket->flags:0));
8691 + if (!ipv6_addr_any(saddr)) { /* direct address match */
8692 + return v6_addr_match(nxa, saddr, -1);
8693 + } else if (nxi) { /* match against nx_info */
8694 + return v6_nx_addr_in_nx_info(nxi, nxa, -1);
8695 + } else { /* unrestricted any socket */
8701 +/* inet related checks and helpers */
8709 +#include <linux/netdevice.h>
8710 +#include <linux/inetdevice.h>
8711 +#include <net/inet_timewait_sock.h>
8714 +int dev_in_nx_info(struct net_device *, struct nx_info *);
8715 +int v6_dev_in_nx_info(struct net_device *, struct nx_info *);
8716 +int nx_v6_addr_conflict(struct nx_info *, struct nx_info *);
8721 +int v6_ifa_in_nx_info(struct inet6_ifaddr *ifa, struct nx_info *nxi)
8727 + return v6_addr_in_nx_info(nxi, &ifa->addr, -1);
8731 +int nx_v6_ifa_visible(struct nx_info *nxi, struct inet6_ifaddr *ifa)
8733 + vxdprintk(VXD_CBIT(net, 1), "nx_v6_ifa_visible(%p[#%u],%p) %d",
8734 + nxi, nxi ? nxi->nx_id : 0, ifa,
8735 + nxi ? v6_ifa_in_nx_info(ifa, nxi) : 0);
8737 + if (!nx_info_flags(nxi, NXF_HIDE_NETIF, 0))
8739 + if (v6_ifa_in_nx_info(ifa, nxi))
8745 +struct nx_v6_sock_addr {
8746 + struct in6_addr saddr; /* Address used for validation */
8747 + struct in6_addr baddr; /* Address used for socket bind */
8751 +int v6_map_sock_addr(struct inet_sock *inet, struct sockaddr_in6 *addr,
8752 + struct nx_v6_sock_addr *nsa)
8754 + // struct sock *sk = &inet->sk;
8755 + // struct nx_info *nxi = sk->sk_nx_info;
8756 + struct in6_addr saddr = addr->sin6_addr;
8757 + struct in6_addr baddr = saddr;
8759 + nsa->saddr = saddr;
8760 + nsa->baddr = baddr;
8765 +void v6_set_sock_addr(struct inet_sock *inet, struct nx_v6_sock_addr *nsa)
8767 + // struct sock *sk = &inet->sk;
8768 + // struct in6_addr *saddr = inet6_rcv_saddr(sk);
8770 + // *saddr = nsa->baddr;
8771 + // inet->inet_saddr = nsa->baddr;
8775 +int nx_info_has_v6(struct nx_info *nxi)
8784 +#else /* CONFIG_IPV6 */
8787 +int nx_v6_dev_visible(struct nx_info *n, struct net_device *d)
8794 +int nx_v6_addr_conflict(struct nx_info *n, uint32_t a, const struct sock *s)
8800 +int v6_ifa_in_nx_info(struct in_ifaddr *a, struct nx_info *n)
8806 +int nx_info_has_v6(struct nx_info *nxi)
8811 +#endif /* CONFIG_IPV6 */
8813 +#define current_nx_info_has_v6() \
8814 + nx_info_has_v6(current_nx_info())
8817 +#warning duplicate inclusion
8819 diff -NurpP --minimal linux-3.14.17/include/linux/vs_limit.h linux-3.14.17-vs2.3.6.13/include/linux/vs_limit.h
8820 --- linux-3.14.17/include/linux/vs_limit.h 1970-01-01 00:00:00.000000000 +0000
8821 +++ linux-3.14.17-vs2.3.6.13/include/linux/vs_limit.h 2014-08-30 14:27:38.000000000 +0000
8823 +#ifndef _VS_LIMIT_H
8824 +#define _VS_LIMIT_H
8826 +#include "vserver/limit.h"
8827 +#include "vserver/base.h"
8828 +#include "vserver/context.h"
8829 +#include "vserver/debug.h"
8830 +#include "vserver/context.h"
8831 +#include "vserver/limit_int.h"
8834 +#define vx_acc_cres(v, d, p, r) \
8835 + __vx_acc_cres(v, r, d, p, __FILE__, __LINE__)
8837 +#define vx_acc_cres_cond(x, d, p, r) \
8838 + __vx_acc_cres(((x) == vx_current_xid()) ? current_vx_info() : 0, \
8839 + r, d, p, __FILE__, __LINE__)
8842 +#define vx_add_cres(v, a, p, r) \
8843 + __vx_add_cres(v, r, a, p, __FILE__, __LINE__)
8844 +#define vx_sub_cres(v, a, p, r) vx_add_cres(v, -(a), p, r)
8846 +#define vx_add_cres_cond(x, a, p, r) \
8847 + __vx_add_cres(((x) == vx_current_xid()) ? current_vx_info() : 0, \
8848 + r, a, p, __FILE__, __LINE__)
8849 +#define vx_sub_cres_cond(x, a, p, r) vx_add_cres_cond(x, -(a), p, r)
8852 +/* process and file limits */
8854 +#define vx_nproc_inc(p) \
8855 + vx_acc_cres((p)->vx_info, 1, p, RLIMIT_NPROC)
8857 +#define vx_nproc_dec(p) \
8858 + vx_acc_cres((p)->vx_info,-1, p, RLIMIT_NPROC)
8860 +#define vx_files_inc(f) \
8861 + vx_acc_cres_cond((f)->f_xid, 1, f, RLIMIT_NOFILE)
8863 +#define vx_files_dec(f) \
8864 + vx_acc_cres_cond((f)->f_xid,-1, f, RLIMIT_NOFILE)
8866 +#define vx_locks_inc(l) \
8867 + vx_acc_cres_cond((l)->fl_xid, 1, l, RLIMIT_LOCKS)
8869 +#define vx_locks_dec(l) \
8870 + vx_acc_cres_cond((l)->fl_xid,-1, l, RLIMIT_LOCKS)
8872 +#define vx_openfd_inc(f) \
8873 + vx_acc_cres(current_vx_info(), 1, (void *)(long)(f), VLIMIT_OPENFD)
8875 +#define vx_openfd_dec(f) \
8876 + vx_acc_cres(current_vx_info(),-1, (void *)(long)(f), VLIMIT_OPENFD)
8879 +#define vx_cres_avail(v, n, r) \
8880 + __vx_cres_avail(v, r, n, __FILE__, __LINE__)
8883 +#define vx_nproc_avail(n) \
8884 + vx_cres_avail(current_vx_info(), n, RLIMIT_NPROC)
8886 +#define vx_files_avail(n) \
8887 + vx_cres_avail(current_vx_info(), n, RLIMIT_NOFILE)
8889 +#define vx_locks_avail(n) \
8890 + vx_cres_avail(current_vx_info(), n, RLIMIT_LOCKS)
8892 +#define vx_openfd_avail(n) \
8893 + vx_cres_avail(current_vx_info(), n, VLIMIT_OPENFD)
8896 +/* dentry limits */
8898 +#define vx_dentry_inc(d) do { \
8899 + if (d_count(d) == 1) \
8900 + vx_acc_cres(current_vx_info(), 1, d, VLIMIT_DENTRY); \
8903 +#define vx_dentry_dec(d) do { \
8904 + if (d_count(d) == 0) \
8905 + vx_acc_cres(current_vx_info(),-1, d, VLIMIT_DENTRY); \
8908 +#define vx_dentry_avail(n) \
8909 + vx_cres_avail(current_vx_info(), n, VLIMIT_DENTRY)
8912 +/* socket limits */
8914 +#define vx_sock_inc(s) \
8915 + vx_acc_cres((s)->sk_vx_info, 1, s, VLIMIT_NSOCK)
8917 +#define vx_sock_dec(s) \
8918 + vx_acc_cres((s)->sk_vx_info,-1, s, VLIMIT_NSOCK)
8920 +#define vx_sock_avail(n) \
8921 + vx_cres_avail(current_vx_info(), n, VLIMIT_NSOCK)
8924 +/* ipc resource limits */
8926 +#define vx_ipcmsg_add(v, u, a) \
8927 + vx_add_cres(v, a, u, RLIMIT_MSGQUEUE)
8929 +#define vx_ipcmsg_sub(v, u, a) \
8930 + vx_sub_cres(v, a, u, RLIMIT_MSGQUEUE)
8932 +#define vx_ipcmsg_avail(v, a) \
8933 + vx_cres_avail(v, a, RLIMIT_MSGQUEUE)
8936 +#define vx_ipcshm_add(v, k, a) \
8937 + vx_add_cres(v, a, (void *)(long)(k), VLIMIT_SHMEM)
8939 +#define vx_ipcshm_sub(v, k, a) \
8940 + vx_sub_cres(v, a, (void *)(long)(k), VLIMIT_SHMEM)
8942 +#define vx_ipcshm_avail(v, a) \
8943 + vx_cres_avail(v, a, VLIMIT_SHMEM)
8946 +#define vx_semary_inc(a) \
8947 + vx_acc_cres(current_vx_info(), 1, a, VLIMIT_SEMARY)
8949 +#define vx_semary_dec(a) \
8950 + vx_acc_cres(current_vx_info(), -1, a, VLIMIT_SEMARY)
8953 +#define vx_nsems_add(a,n) \
8954 + vx_add_cres(current_vx_info(), n, a, VLIMIT_NSEMS)
8956 +#define vx_nsems_sub(a,n) \
8957 + vx_sub_cres(current_vx_info(), n, a, VLIMIT_NSEMS)
8961 +#warning duplicate inclusion
8963 diff -NurpP --minimal linux-3.14.17/include/linux/vs_network.h linux-3.14.17-vs2.3.6.13/include/linux/vs_network.h
8964 --- linux-3.14.17/include/linux/vs_network.h 1970-01-01 00:00:00.000000000 +0000
8965 +++ linux-3.14.17-vs2.3.6.13/include/linux/vs_network.h 2014-08-30 14:27:38.000000000 +0000
8967 +#ifndef _NX_VS_NETWORK_H
8968 +#define _NX_VS_NETWORK_H
8970 +#include "vserver/context.h"
8971 +#include "vserver/network.h"
8972 +#include "vserver/base.h"
8973 +#include "vserver/check.h"
8974 +#include "vserver/debug.h"
8976 +#include <linux/sched.h>
8979 +#define get_nx_info(i) __get_nx_info(i, __FILE__, __LINE__)
8981 +static inline struct nx_info *__get_nx_info(struct nx_info *nxi,
8982 + const char *_file, int _line)
8987 + vxlprintk(VXD_CBIT(nid, 2), "get_nx_info(%p[#%d.%d])",
8988 + nxi, nxi ? nxi->nx_id : 0,
8989 + nxi ? atomic_read(&nxi->nx_usecnt) : 0,
8992 + atomic_inc(&nxi->nx_usecnt);
8997 +extern void free_nx_info(struct nx_info *);
8999 +#define put_nx_info(i) __put_nx_info(i, __FILE__, __LINE__)
9001 +static inline void __put_nx_info(struct nx_info *nxi, const char *_file, int _line)
9006 + vxlprintk(VXD_CBIT(nid, 2), "put_nx_info(%p[#%d.%d])",
9007 + nxi, nxi ? nxi->nx_id : 0,
9008 + nxi ? atomic_read(&nxi->nx_usecnt) : 0,
9011 + if (atomic_dec_and_test(&nxi->nx_usecnt))
9012 + free_nx_info(nxi);
9016 +#define init_nx_info(p, i) __init_nx_info(p, i, __FILE__, __LINE__)
9018 +static inline void __init_nx_info(struct nx_info **nxp, struct nx_info *nxi,
9019 + const char *_file, int _line)
9022 + vxlprintk(VXD_CBIT(nid, 3),
9023 + "init_nx_info(%p[#%d.%d])",
9024 + nxi, nxi ? nxi->nx_id : 0,
9025 + nxi ? atomic_read(&nxi->nx_usecnt) : 0,
9028 + atomic_inc(&nxi->nx_usecnt);
9034 +#define set_nx_info(p, i) __set_nx_info(p, i, __FILE__, __LINE__)
9036 +static inline void __set_nx_info(struct nx_info **nxp, struct nx_info *nxi,
9037 + const char *_file, int _line)
9039 + struct nx_info *nxo;
9044 + vxlprintk(VXD_CBIT(nid, 3), "set_nx_info(%p[#%d.%d])",
9045 + nxi, nxi ? nxi->nx_id : 0,
9046 + nxi ? atomic_read(&nxi->nx_usecnt) : 0,
9049 + atomic_inc(&nxi->nx_usecnt);
9050 + nxo = xchg(nxp, nxi);
9054 +#define clr_nx_info(p) __clr_nx_info(p, __FILE__, __LINE__)
9056 +static inline void __clr_nx_info(struct nx_info **nxp,
9057 + const char *_file, int _line)
9059 + struct nx_info *nxo;
9061 + nxo = xchg(nxp, NULL);
9065 + vxlprintk(VXD_CBIT(nid, 3), "clr_nx_info(%p[#%d.%d])",
9066 + nxo, nxo ? nxo->nx_id : 0,
9067 + nxo ? atomic_read(&nxo->nx_usecnt) : 0,
9070 + if (atomic_dec_and_test(&nxo->nx_usecnt))
9071 + free_nx_info(nxo);
9075 +#define claim_nx_info(v, p) __claim_nx_info(v, p, __FILE__, __LINE__)
9077 +static inline void __claim_nx_info(struct nx_info *nxi,
9078 + struct task_struct *task, const char *_file, int _line)
9080 + vxlprintk(VXD_CBIT(nid, 3), "claim_nx_info(%p[#%d.%d.%d]) %p",
9081 + nxi, nxi ? nxi->nx_id : 0,
9082 + nxi?atomic_read(&nxi->nx_usecnt):0,
9083 + nxi?atomic_read(&nxi->nx_tasks):0,
9084 + task, _file, _line);
9086 + atomic_inc(&nxi->nx_tasks);
9090 +extern void unhash_nx_info(struct nx_info *);
9092 +#define release_nx_info(v, p) __release_nx_info(v, p, __FILE__, __LINE__)
9094 +static inline void __release_nx_info(struct nx_info *nxi,
9095 + struct task_struct *task, const char *_file, int _line)
9097 + vxlprintk(VXD_CBIT(nid, 3), "release_nx_info(%p[#%d.%d.%d]) %p",
9098 + nxi, nxi ? nxi->nx_id : 0,
9099 + nxi ? atomic_read(&nxi->nx_usecnt) : 0,
9100 + nxi ? atomic_read(&nxi->nx_tasks) : 0,
9101 + task, _file, _line);
9105 + if (atomic_dec_and_test(&nxi->nx_tasks))
9106 + unhash_nx_info(nxi);
9110 +#define task_get_nx_info(i) __task_get_nx_info(i, __FILE__, __LINE__)
9112 +static __inline__ struct nx_info *__task_get_nx_info(struct task_struct *p,
9113 + const char *_file, int _line)
9115 + struct nx_info *nxi;
9118 + vxlprintk(VXD_CBIT(nid, 5), "task_get_nx_info(%p)",
9120 + nxi = __get_nx_info(p->nx_info, _file, _line);
9126 +static inline void exit_nx_info(struct task_struct *p)
9129 + release_nx_info(p->nx_info, p);
9134 +#warning duplicate inclusion
9136 diff -NurpP --minimal linux-3.14.17/include/linux/vs_pid.h linux-3.14.17-vs2.3.6.13/include/linux/vs_pid.h
9137 --- linux-3.14.17/include/linux/vs_pid.h 1970-01-01 00:00:00.000000000 +0000
9138 +++ linux-3.14.17-vs2.3.6.13/include/linux/vs_pid.h 2014-08-30 14:27:38.000000000 +0000
9143 +#include "vserver/base.h"
9144 +#include "vserver/check.h"
9145 +#include "vserver/context.h"
9146 +#include "vserver/debug.h"
9147 +#include "vserver/pid.h"
9148 +#include <linux/pid_namespace.h>
9151 +#define VXF_FAKE_INIT (VXF_INFO_INIT | VXF_STATE_INIT)
9154 +int vx_proc_task_visible(struct task_struct *task)
9156 + if ((task->pid == 1) &&
9157 + !vx_flags(VXF_FAKE_INIT, VXF_FAKE_INIT))
9158 + /* show a blend through init */
9160 + if (vx_check(vx_task_xid(task), VS_WATCH | VS_IDENT))
9167 +#define find_task_by_real_pid(pid) find_task_by_pid_ns(pid, &init_pid_ns)
9171 +struct task_struct *vx_get_proc_task(struct inode *inode, struct pid *pid)
9173 + struct task_struct *task = get_pid_task(pid, PIDTYPE_PID);
9175 + if (task && !vx_proc_task_visible(task)) {
9176 + vxdprintk(VXD_CBIT(misc, 6),
9177 + "dropping task (get) %p[#%u,%u] for %p[#%u,%u]",
9178 + task, task->xid, task->pid,
9179 + current, current->xid, current->pid);
9180 + put_task_struct(task);
9188 +#warning duplicate inclusion
9190 diff -NurpP --minimal linux-3.14.17/include/linux/vs_sched.h linux-3.14.17-vs2.3.6.13/include/linux/vs_sched.h
9191 --- linux-3.14.17/include/linux/vs_sched.h 1970-01-01 00:00:00.000000000 +0000
9192 +++ linux-3.14.17-vs2.3.6.13/include/linux/vs_sched.h 2014-08-30 14:27:38.000000000 +0000
9194 +#ifndef _VS_SCHED_H
9195 +#define _VS_SCHED_H
9197 +#include "vserver/base.h"
9198 +#include "vserver/context.h"
9199 +#include "vserver/sched.h"
9202 +#define MAX_PRIO_BIAS 20
9203 +#define MIN_PRIO_BIAS -20
9206 +int vx_adjust_prio(struct task_struct *p, int prio, int max_user)
9208 + struct vx_info *vxi = p->vx_info;
9211 + prio += vx_cpu(vxi, sched_pc).prio_bias;
9215 +static inline void vx_account_user(struct vx_info *vxi,
9216 + cputime_t cputime, int nice)
9220 + vx_cpu(vxi, sched_pc).user_ticks += cputime;
9223 +static inline void vx_account_system(struct vx_info *vxi,
9224 + cputime_t cputime, int idle)
9228 + vx_cpu(vxi, sched_pc).sys_ticks += cputime;
9232 +#warning duplicate inclusion
9234 diff -NurpP --minimal linux-3.14.17/include/linux/vs_socket.h linux-3.14.17-vs2.3.6.13/include/linux/vs_socket.h
9235 --- linux-3.14.17/include/linux/vs_socket.h 1970-01-01 00:00:00.000000000 +0000
9236 +++ linux-3.14.17-vs2.3.6.13/include/linux/vs_socket.h 2014-08-30 14:27:38.000000000 +0000
9238 +#ifndef _VS_SOCKET_H
9239 +#define _VS_SOCKET_H
9241 +#include "vserver/debug.h"
9242 +#include "vserver/base.h"
9243 +#include "vserver/cacct.h"
9244 +#include "vserver/context.h"
9245 +#include "vserver/tag.h"
9248 +/* socket accounting */
9250 +#include <linux/socket.h>
9252 +static inline int vx_sock_type(int family)
9256 + return VXA_SOCK_UNSPEC;
9258 + return VXA_SOCK_UNIX;
9260 + return VXA_SOCK_INET;
9262 + return VXA_SOCK_INET6;
9264 + return VXA_SOCK_PACKET;
9266 + return VXA_SOCK_OTHER;
9270 +#define vx_acc_sock(v, f, p, s) \
9271 + __vx_acc_sock(v, f, p, s, __FILE__, __LINE__)
9273 +static inline void __vx_acc_sock(struct vx_info *vxi,
9274 + int family, int pos, int size, char *file, int line)
9277 + int type = vx_sock_type(family);
9279 + atomic_long_inc(&vxi->cacct.sock[type][pos].count);
9280 + atomic_long_add(size, &vxi->cacct.sock[type][pos].total);
9284 +#define vx_sock_recv(sk, s) \
9285 + vx_acc_sock((sk)->sk_vx_info, (sk)->sk_family, 0, s)
9286 +#define vx_sock_send(sk, s) \
9287 + vx_acc_sock((sk)->sk_vx_info, (sk)->sk_family, 1, s)
9288 +#define vx_sock_fail(sk, s) \
9289 + vx_acc_sock((sk)->sk_vx_info, (sk)->sk_family, 2, s)
9292 +#define sock_vx_init(s) do { \
9293 + (s)->sk_xid = 0; \
9294 + (s)->sk_vx_info = NULL; \
9297 +#define sock_nx_init(s) do { \
9298 + (s)->sk_nid = 0; \
9299 + (s)->sk_nx_info = NULL; \
9303 +#warning duplicate inclusion
9305 diff -NurpP --minimal linux-3.14.17/include/linux/vs_tag.h linux-3.14.17-vs2.3.6.13/include/linux/vs_tag.h
9306 --- linux-3.14.17/include/linux/vs_tag.h 1970-01-01 00:00:00.000000000 +0000
9307 +++ linux-3.14.17-vs2.3.6.13/include/linux/vs_tag.h 2014-08-30 14:27:38.000000000 +0000
9312 +#include <linux/vserver/tag.h>
9314 +/* check conditions */
9316 +#define DX_ADMIN 0x0001
9317 +#define DX_WATCH 0x0002
9318 +#define DX_HOSTID 0x0008
9320 +#define DX_IDENT 0x0010
9322 +#define DX_ARG_MASK 0x0010
9325 +#define dx_task_tag(t) ((t)->tag)
9327 +#define dx_current_tag() dx_task_tag(current)
9329 +#define dx_check(c, m) __dx_check(dx_current_tag(), c, m)
9331 +#define dx_weak_check(c, m) ((m) ? dx_check(c, m) : 1)
9335 + * check current context for ADMIN/WATCH and
9336 + * optionally against supplied argument
9338 +static inline int __dx_check(vtag_t cid, vtag_t id, unsigned int mode)
9340 + if (mode & DX_ARG_MASK) {
9341 + if ((mode & DX_IDENT) && (id == cid))
9344 + return (((mode & DX_ADMIN) && (cid == 0)) ||
9345 + ((mode & DX_WATCH) && (cid == 1)) ||
9346 + ((mode & DX_HOSTID) && (id == 0)));
9350 +int dx_permission(const struct inode *inode, int mask);
9354 +#warning duplicate inclusion
9356 diff -NurpP --minimal linux-3.14.17/include/linux/vs_time.h linux-3.14.17-vs2.3.6.13/include/linux/vs_time.h
9357 --- linux-3.14.17/include/linux/vs_time.h 1970-01-01 00:00:00.000000000 +0000
9358 +++ linux-3.14.17-vs2.3.6.13/include/linux/vs_time.h 2014-08-30 14:27:38.000000000 +0000
9364 +/* time faking stuff */
9366 +#ifdef CONFIG_VSERVER_VTIME
9368 +extern void vx_adjust_timespec(struct timespec *ts);
9369 +extern int vx_settimeofday(const struct timespec *ts);
9372 +#define vx_adjust_timespec(t) do { } while (0)
9373 +#define vx_settimeofday(t) do_settimeofday(t)
9377 +#warning duplicate inclusion
9379 diff -NurpP --minimal linux-3.14.17/include/linux/vserver/base.h linux-3.14.17-vs2.3.6.13/include/linux/vserver/base.h
9380 --- linux-3.14.17/include/linux/vserver/base.h 1970-01-01 00:00:00.000000000 +0000
9381 +++ linux-3.14.17-vs2.3.6.13/include/linux/vserver/base.h 2014-08-30 14:27:38.000000000 +0000
9383 +#ifndef _VSERVER_BASE_H
9384 +#define _VSERVER_BASE_H
9387 +/* context state changes */
9399 +#define vx_task_xid(t) ((t)->xid)
9401 +#define vx_current_xid() vx_task_xid(current)
9403 +#define current_vx_info() (current->vx_info)
9406 +#define nx_task_nid(t) ((t)->nid)
9408 +#define nx_current_nid() nx_task_nid(current)
9410 +#define current_nx_info() (current->nx_info)
9413 +/* generic flag merging */
9415 +#define vs_check_flags(v, m, f) (((v) & (m)) ^ (f))
9417 +#define vs_mask_flags(v, f, m) (((v) & ~(m)) | ((f) & (m)))
9419 +#define vs_mask_mask(v, f, m) (((v) & ~(m)) | ((v) & (f) & (m)))
9421 +#define vs_check_bit(v, n) ((v) & (1LL << (n)))
9424 +/* context flags */
9426 +#define __vx_flags(v) ((v) ? (v)->vx_flags : 0)
9428 +#define vx_current_flags() __vx_flags(current_vx_info())
9430 +#define vx_info_flags(v, m, f) \
9431 + vs_check_flags(__vx_flags(v), m, f)
9433 +#define task_vx_flags(t, m, f) \
9434 + ((t) && vx_info_flags((t)->vx_info, m, f))
9436 +#define vx_flags(m, f) vx_info_flags(current_vx_info(), m, f)
9441 +#define __vx_ccaps(v) ((v) ? (v)->vx_ccaps : 0)
9443 +#define vx_current_ccaps() __vx_ccaps(current_vx_info())
9445 +#define vx_info_ccaps(v, c) (__vx_ccaps(v) & (c))
9447 +#define vx_ccaps(c) vx_info_ccaps(current_vx_info(), (c))
9451 +/* network flags */
9453 +#define __nx_flags(n) ((n) ? (n)->nx_flags : 0)
9455 +#define nx_current_flags() __nx_flags(current_nx_info())
9457 +#define nx_info_flags(n, m, f) \
9458 + vs_check_flags(__nx_flags(n), m, f)
9460 +#define task_nx_flags(t, m, f) \
9461 + ((t) && nx_info_flags((t)->nx_info, m, f))
9463 +#define nx_flags(m, f) nx_info_flags(current_nx_info(), m, f)
9468 +#define __nx_ncaps(n) ((n) ? (n)->nx_ncaps : 0)
9470 +#define nx_current_ncaps() __nx_ncaps(current_nx_info())
9472 +#define nx_info_ncaps(n, c) (__nx_ncaps(n) & (c))
9474 +#define nx_ncaps(c) nx_info_ncaps(current_nx_info(), c)
9477 +/* context mask capabilities */
9479 +#define __vx_mcaps(v) ((v) ? (v)->vx_ccaps >> 32UL : ~0 )
9481 +#define vx_info_mcaps(v, c) (__vx_mcaps(v) & (c))
9483 +#define vx_mcaps(c) vx_info_mcaps(current_vx_info(), c)
9486 +/* context bcap mask */
9488 +#define __vx_bcaps(v) ((v)->vx_bcaps)
9490 +#define vx_current_bcaps() __vx_bcaps(current_vx_info())
9493 +/* mask given bcaps */
9495 +#define vx_info_mbcaps(v, c) ((v) ? cap_intersect(__vx_bcaps(v), c) : c)
9497 +#define vx_mbcaps(c) vx_info_mbcaps(current_vx_info(), c)
9500 +/* masked cap_bset */
9502 +#define vx_info_cap_bset(v) vx_info_mbcaps(v, current->cap_bset)
9504 +#define vx_current_cap_bset() vx_info_cap_bset(current_vx_info())
9507 +#define vx_info_mbcap(v, b) \
9508 + (!vx_info_flags(v, VXF_STATE_SETUP, 0) ? \
9509 + vx_info_bcaps(v, b) : (b))
9511 +#define task_vx_mbcap(t, b) \
9512 + vx_info_mbcap((t)->vx_info, (t)->b)
9514 +#define vx_mbcap(b) task_vx_mbcap(current, b)
9517 +#define vx_cap_raised(v, c, f) cap_raised(vx_info_mbcaps(v, c), f)
9519 +#define vx_capable(b, c) (capable(b) || \
9520 + (cap_raised(current_cap(), b) && vx_ccaps(c)))
9522 +#define vx_ns_capable(n, b, c) (ns_capable(n, b) || \
9523 + (cap_raised(current_cap(), b) && vx_ccaps(c)))
9525 +#define nx_capable(b, c) (capable(b) || \
9526 + (cap_raised(current_cap(), b) && nx_ncaps(c)))
9528 +#define nx_ns_capable(n, b, c) (ns_capable(n, b) || \
9529 + (cap_raised(current_cap(), b) && nx_ncaps(c)))
9531 +#define vx_task_initpid(t, n) \
9532 + ((t)->vx_info && \
9533 + ((t)->vx_info->vx_initpid == (n)))
9535 +#define vx_current_initpid(n) vx_task_initpid(current, n)
9538 +/* context unshare mask */
9540 +#define __vx_umask(v) ((v)->vx_umask)
9542 +#define vx_current_umask() __vx_umask(current_vx_info())
9544 +#define vx_can_unshare(b, f) (capable(b) || \
9545 + (cap_raised(current_cap(), b) && \
9546 + !((f) & ~vx_current_umask())))
9548 +#define vx_ns_can_unshare(n, b, f) (ns_capable(n, b) || \
9549 + (cap_raised(current_cap(), b) && \
9550 + !((f) & ~vx_current_umask())))
9552 +#define __vx_wmask(v) ((v)->vx_wmask)
9554 +#define vx_current_wmask() __vx_wmask(current_vx_info())
9557 +#define __vx_state(v) ((v) ? ((v)->vx_state) : 0)
9559 +#define vx_info_state(v, m) (__vx_state(v) & (m))
9562 +#define __nx_state(n) ((n) ? ((n)->nx_state) : 0)
9564 +#define nx_info_state(n, m) (__nx_state(n) & (m))
9567 diff -NurpP --minimal linux-3.14.17/include/linux/vserver/cacct.h linux-3.14.17-vs2.3.6.13/include/linux/vserver/cacct.h
9568 --- linux-3.14.17/include/linux/vserver/cacct.h 1970-01-01 00:00:00.000000000 +0000
9569 +++ linux-3.14.17-vs2.3.6.13/include/linux/vserver/cacct.h 2014-08-30 14:27:38.000000000 +0000
9571 +#ifndef _VSERVER_CACCT_H
9572 +#define _VSERVER_CACCT_H
9575 +enum sock_acc_field {
9576 + VXA_SOCK_UNSPEC = 0,
9582 + VXA_SOCK_SIZE /* array size */
9585 +#endif /* _VSERVER_CACCT_H */
9586 diff -NurpP --minimal linux-3.14.17/include/linux/vserver/cacct_cmd.h linux-3.14.17-vs2.3.6.13/include/linux/vserver/cacct_cmd.h
9587 --- linux-3.14.17/include/linux/vserver/cacct_cmd.h 1970-01-01 00:00:00.000000000 +0000
9588 +++ linux-3.14.17-vs2.3.6.13/include/linux/vserver/cacct_cmd.h 2014-08-30 14:27:38.000000000 +0000
9590 +#ifndef _VSERVER_CACCT_CMD_H
9591 +#define _VSERVER_CACCT_CMD_H
9594 +#include <linux/compiler.h>
9595 +#include <uapi/vserver/cacct_cmd.h>
9597 +extern int vc_sock_stat(struct vx_info *, void __user *);
9599 +#endif /* _VSERVER_CACCT_CMD_H */
9600 diff -NurpP --minimal linux-3.14.17/include/linux/vserver/cacct_def.h linux-3.14.17-vs2.3.6.13/include/linux/vserver/cacct_def.h
9601 --- linux-3.14.17/include/linux/vserver/cacct_def.h 1970-01-01 00:00:00.000000000 +0000
9602 +++ linux-3.14.17-vs2.3.6.13/include/linux/vserver/cacct_def.h 2014-08-30 14:27:38.000000000 +0000
9604 +#ifndef _VSERVER_CACCT_DEF_H
9605 +#define _VSERVER_CACCT_DEF_H
9607 +#include <asm/atomic.h>
9608 +#include <linux/vserver/cacct.h>
9611 +struct _vx_sock_acc {
9612 + atomic_long_t count;
9613 + atomic_long_t total;
9616 +/* context sub struct */
9619 + struct _vx_sock_acc sock[VXA_SOCK_SIZE][3];
9621 + atomic_t page[6][8];
9624 +#ifdef CONFIG_VSERVER_DEBUG
9626 +static inline void __dump_vx_cacct(struct _vx_cacct *cacct)
9630 + printk("\t_vx_cacct:");
9631 + for (i = 0; i < 6; i++) {
9632 + struct _vx_sock_acc *ptr = cacct->sock[i];
9634 + printk("\t [%d] =", i);
9635 + for (j = 0; j < 3; j++) {
9636 + printk(" [%d] = %8lu, %8lu", j,
9637 + atomic_long_read(&ptr[j].count),
9638 + atomic_long_read(&ptr[j].total));
9646 +#endif /* _VSERVER_CACCT_DEF_H */
9647 diff -NurpP --minimal linux-3.14.17/include/linux/vserver/cacct_int.h linux-3.14.17-vs2.3.6.13/include/linux/vserver/cacct_int.h
9648 --- linux-3.14.17/include/linux/vserver/cacct_int.h 1970-01-01 00:00:00.000000000 +0000
9649 +++ linux-3.14.17-vs2.3.6.13/include/linux/vserver/cacct_int.h 2014-08-30 14:27:38.000000000 +0000
9651 +#ifndef _VSERVER_CACCT_INT_H
9652 +#define _VSERVER_CACCT_INT_H
9655 +unsigned long vx_sock_count(struct _vx_cacct *cacct, int type, int pos)
9657 + return atomic_long_read(&cacct->sock[type][pos].count);
9662 +unsigned long vx_sock_total(struct _vx_cacct *cacct, int type, int pos)
9664 + return atomic_long_read(&cacct->sock[type][pos].total);
9667 +#endif /* _VSERVER_CACCT_INT_H */
9668 diff -NurpP --minimal linux-3.14.17/include/linux/vserver/check.h linux-3.14.17-vs2.3.6.13/include/linux/vserver/check.h
9669 --- linux-3.14.17/include/linux/vserver/check.h 1970-01-01 00:00:00.000000000 +0000
9670 +++ linux-3.14.17-vs2.3.6.13/include/linux/vserver/check.h 2014-08-30 14:27:38.000000000 +0000
9672 +#ifndef _VSERVER_CHECK_H
9673 +#define _VSERVER_CHECK_H
9676 +#define MAX_S_CONTEXT 65535 /* Arbitrary limit */
9678 +#ifdef CONFIG_VSERVER_DYNAMIC_IDS
9679 +#define MIN_D_CONTEXT 49152 /* dynamic contexts start here */
9681 +#define MIN_D_CONTEXT 65536
9684 +/* check conditions */
9686 +#define VS_ADMIN 0x0001
9687 +#define VS_WATCH 0x0002
9688 +#define VS_HIDE 0x0004
9689 +#define VS_HOSTID 0x0008
9691 +#define VS_IDENT 0x0010
9692 +#define VS_EQUIV 0x0020
9693 +#define VS_PARENT 0x0040
9694 +#define VS_CHILD 0x0080
9696 +#define VS_ARG_MASK 0x00F0
9698 +#define VS_DYNAMIC 0x0100
9699 +#define VS_STATIC 0x0200
9701 +#define VS_ATR_MASK 0x0F00
9703 +#ifdef CONFIG_VSERVER_PRIVACY
9704 +#define VS_ADMIN_P (0)
9705 +#define VS_WATCH_P (0)
9707 +#define VS_ADMIN_P VS_ADMIN
9708 +#define VS_WATCH_P VS_WATCH
9711 +#define VS_HARDIRQ 0x1000
9712 +#define VS_SOFTIRQ 0x2000
9713 +#define VS_IRQ 0x4000
9715 +#define VS_IRQ_MASK 0xF000
9717 +#include <linux/hardirq.h>
9720 + * check current context for ADMIN/WATCH and
9721 + * optionally against supplied argument
9723 +static inline int __vs_check(int cid, int id, unsigned int mode)
9725 + if (mode & VS_ARG_MASK) {
9726 + if ((mode & VS_IDENT) && (id == cid))
9729 + if (mode & VS_ATR_MASK) {
9730 + if ((mode & VS_DYNAMIC) &&
9731 + (id >= MIN_D_CONTEXT) &&
9732 + (id <= MAX_S_CONTEXT))
9734 + if ((mode & VS_STATIC) &&
9735 + (id > 1) && (id < MIN_D_CONTEXT))
9738 + if (mode & VS_IRQ_MASK) {
9739 + if ((mode & VS_IRQ) && unlikely(in_interrupt()))
9741 + if ((mode & VS_HARDIRQ) && unlikely(in_irq()))
9743 + if ((mode & VS_SOFTIRQ) && unlikely(in_softirq()))
9746 + return (((mode & VS_ADMIN) && (cid == 0)) ||
9747 + ((mode & VS_WATCH) && (cid == 1)) ||
9748 + ((mode & VS_HOSTID) && (id == 0)));
9751 +#define vx_check(c, m) __vs_check(vx_current_xid(), c, (m) | VS_IRQ)
9753 +#define vx_weak_check(c, m) ((m) ? vx_check(c, m) : 1)
9756 +#define nx_check(c, m) __vs_check(nx_current_nid(), c, m)
9758 +#define nx_weak_check(c, m) ((m) ? nx_check(c, m) : 1)
9761 diff -NurpP --minimal linux-3.14.17/include/linux/vserver/context.h linux-3.14.17-vs2.3.6.13/include/linux/vserver/context.h
9762 --- linux-3.14.17/include/linux/vserver/context.h 1970-01-01 00:00:00.000000000 +0000
9763 +++ linux-3.14.17-vs2.3.6.13/include/linux/vserver/context.h 2014-08-30 14:27:38.000000000 +0000
9765 +#ifndef _VSERVER_CONTEXT_H
9766 +#define _VSERVER_CONTEXT_H
9769 +#include <linux/list.h>
9770 +#include <linux/spinlock.h>
9771 +#include <linux/rcupdate.h>
9772 +#include <uapi/vserver/context.h>
9774 +#include "limit_def.h"
9775 +#include "sched_def.h"
9776 +#include "cvirt_def.h"
9777 +#include "cacct_def.h"
9778 +#include "device_def.h"
9780 +#define VX_SPACES 2
9782 +struct _vx_info_pc {
9783 + struct _vx_sched_pc sched_pc;
9784 + struct _vx_cvirt_pc cvirt_pc;
9788 + unsigned long vx_nsmask; /* assignment mask */
9789 + struct nsproxy *vx_nsproxy; /* private namespaces */
9790 + struct fs_struct *vx_fs; /* private namespace fs */
9791 + const struct cred *vx_cred; /* task credentials */
9795 + struct hlist_node vx_hlist; /* linked list of contexts */
9796 + vxid_t vx_id; /* context id */
9797 + atomic_t vx_usecnt; /* usage count */
9798 + atomic_t vx_tasks; /* tasks count */
9799 + struct vx_info *vx_parent; /* parent context */
9800 + int vx_state; /* context state */
9802 + struct _vx_space space[VX_SPACES]; /* namespace store */
9804 + uint64_t vx_flags; /* context flags */
9805 + uint64_t vx_ccaps; /* context caps (vserver) */
9806 + uint64_t vx_umask; /* unshare mask (guest) */
9807 + uint64_t vx_wmask; /* warn mask (guest) */
9808 + kernel_cap_t vx_bcaps; /* bounding caps (system) */
9810 + struct task_struct *vx_reaper; /* guest reaper process */
9811 + pid_t vx_initpid; /* PID of guest init */
9812 + int64_t vx_badness_bias; /* OOM points bias */
9814 + struct _vx_limit limit; /* vserver limits */
9815 + struct _vx_sched sched; /* vserver scheduler */
9816 + struct _vx_cvirt cvirt; /* virtual/bias stuff */
9817 + struct _vx_cacct cacct; /* context accounting */
9819 + struct _vx_device dmap; /* default device map targets */
9822 + struct _vx_info_pc info_pc; /* per cpu data */
9824 + struct _vx_info_pc *ptr_pc; /* per cpu array */
9827 + wait_queue_head_t vx_wait; /* context exit waitqueue */
9828 + int reboot_cmd; /* last sys_reboot() cmd */
9829 + int exit_code; /* last process exit code */
9831 + char vx_name[65]; /* vserver name */
9835 +#define vx_ptr_pc(vxi) (&(vxi)->info_pc)
9836 +#define vx_per_cpu(vxi, v, id) vx_ptr_pc(vxi)->v
9838 +#define vx_ptr_pc(vxi) ((vxi)->ptr_pc)
9839 +#define vx_per_cpu(vxi, v, id) per_cpu_ptr(vx_ptr_pc(vxi), id)->v
9842 +#define vx_cpu(vxi, v) vx_per_cpu(vxi, v, smp_processor_id())
9845 +struct vx_info_save {
9846 + struct vx_info *vxi;
9853 +#define VXS_HASHED 0x0001
9854 +#define VXS_PAUSED 0x0010
9855 +#define VXS_SHUTDOWN 0x0100
9856 +#define VXS_HELPER 0x1000
9857 +#define VXS_RELEASED 0x8000
9860 +extern void claim_vx_info(struct vx_info *, struct task_struct *);
9861 +extern void release_vx_info(struct vx_info *, struct task_struct *);
9863 +extern struct vx_info *lookup_vx_info(int);
9864 +extern struct vx_info *lookup_or_create_vx_info(int);
9866 +extern int get_xid_list(int, unsigned int *, int);
9867 +extern int xid_is_hashed(vxid_t);
9869 +extern int vx_migrate_task(struct task_struct *, struct vx_info *, int);
9871 +extern long vs_state_change(struct vx_info *, unsigned int);
9874 +#endif /* _VSERVER_CONTEXT_H */
9875 diff -NurpP --minimal linux-3.14.17/include/linux/vserver/context_cmd.h linux-3.14.17-vs2.3.6.13/include/linux/vserver/context_cmd.h
9876 --- linux-3.14.17/include/linux/vserver/context_cmd.h 1970-01-01 00:00:00.000000000 +0000
9877 +++ linux-3.14.17-vs2.3.6.13/include/linux/vserver/context_cmd.h 2014-08-30 14:27:38.000000000 +0000
9879 +#ifndef _VSERVER_CONTEXT_CMD_H
9880 +#define _VSERVER_CONTEXT_CMD_H
9882 +#include <uapi/vserver/context_cmd.h>
9884 +extern int vc_task_xid(uint32_t);
9886 +extern int vc_vx_info(struct vx_info *, void __user *);
9888 +extern int vc_ctx_stat(struct vx_info *, void __user *);
9890 +extern int vc_ctx_create(uint32_t, void __user *);
9891 +extern int vc_ctx_migrate(struct vx_info *, void __user *);
9893 +extern int vc_get_cflags(struct vx_info *, void __user *);
9894 +extern int vc_set_cflags(struct vx_info *, void __user *);
9896 +extern int vc_get_ccaps(struct vx_info *, void __user *);
9897 +extern int vc_set_ccaps(struct vx_info *, void __user *);
9899 +extern int vc_get_bcaps(struct vx_info *, void __user *);
9900 +extern int vc_set_bcaps(struct vx_info *, void __user *);
9902 +extern int vc_get_umask(struct vx_info *, void __user *);
9903 +extern int vc_set_umask(struct vx_info *, void __user *);
9905 +extern int vc_get_wmask(struct vx_info *, void __user *);
9906 +extern int vc_set_wmask(struct vx_info *, void __user *);
9908 +extern int vc_get_badness(struct vx_info *, void __user *);
9909 +extern int vc_set_badness(struct vx_info *, void __user *);
9911 +#endif /* _VSERVER_CONTEXT_CMD_H */
9912 diff -NurpP --minimal linux-3.14.17/include/linux/vserver/cvirt.h linux-3.14.17-vs2.3.6.13/include/linux/vserver/cvirt.h
9913 --- linux-3.14.17/include/linux/vserver/cvirt.h 1970-01-01 00:00:00.000000000 +0000
9914 +++ linux-3.14.17-vs2.3.6.13/include/linux/vserver/cvirt.h 2014-08-30 14:27:38.000000000 +0000
9916 +#ifndef _VSERVER_CVIRT_H
9917 +#define _VSERVER_CVIRT_H
9921 +void vx_vsi_boottime(struct timespec *);
9923 +void vx_vsi_uptime(struct timespec *, struct timespec *);
9928 +void vx_update_load(struct vx_info *);
9931 +int vx_do_syslog(int, char __user *, int);
9933 +#endif /* _VSERVER_CVIRT_H */
9934 diff -NurpP --minimal linux-3.14.17/include/linux/vserver/cvirt_cmd.h linux-3.14.17-vs2.3.6.13/include/linux/vserver/cvirt_cmd.h
9935 --- linux-3.14.17/include/linux/vserver/cvirt_cmd.h 1970-01-01 00:00:00.000000000 +0000
9936 +++ linux-3.14.17-vs2.3.6.13/include/linux/vserver/cvirt_cmd.h 2014-08-30 14:27:38.000000000 +0000
9938 +#ifndef _VSERVER_CVIRT_CMD_H
9939 +#define _VSERVER_CVIRT_CMD_H
9942 +#include <linux/compiler.h>
9943 +#include <uapi/vserver/cvirt_cmd.h>
9945 +extern int vc_set_vhi_name(struct vx_info *, void __user *);
9946 +extern int vc_get_vhi_name(struct vx_info *, void __user *);
9948 +extern int vc_virt_stat(struct vx_info *, void __user *);
9950 +#endif /* _VSERVER_CVIRT_CMD_H */
9951 diff -NurpP --minimal linux-3.14.17/include/linux/vserver/cvirt_def.h linux-3.14.17-vs2.3.6.13/include/linux/vserver/cvirt_def.h
9952 --- linux-3.14.17/include/linux/vserver/cvirt_def.h 1970-01-01 00:00:00.000000000 +0000
9953 +++ linux-3.14.17-vs2.3.6.13/include/linux/vserver/cvirt_def.h 2014-08-30 14:27:38.000000000 +0000
9955 +#ifndef _VSERVER_CVIRT_DEF_H
9956 +#define _VSERVER_CVIRT_DEF_H
9958 +#include <linux/jiffies.h>
9959 +#include <linux/spinlock.h>
9960 +#include <linux/wait.h>
9961 +#include <linux/time.h>
9962 +#include <asm/atomic.h>
9965 +struct _vx_usage_stat {
9975 +struct _vx_syslog {
9976 + wait_queue_head_t log_wait;
9977 + spinlock_t logbuf_lock; /* lock for the log buffer */
9979 + unsigned long log_start; /* next char to be read by syslog() */
9980 + unsigned long con_start; /* next char to be sent to consoles */
9981 + unsigned long log_end; /* most-recently-written-char + 1 */
9982 + unsigned long logged_chars; /* #chars since last read+clear operation */
9984 + char log_buf[1024];
9988 +/* context sub struct */
9991 + atomic_t nr_threads; /* number of current threads */
9992 + atomic_t nr_running; /* number of running threads */
9993 + atomic_t nr_uninterruptible; /* number of uninterruptible threads */
9995 + atomic_t nr_onhold; /* processes on hold */
9996 + uint32_t onhold_last; /* jiffies when put on hold */
9998 + struct timespec bias_ts; /* time offset to the host */
9999 + struct timespec bias_idle;
10000 + struct timespec bias_uptime; /* context creation point */
10001 + uint64_t bias_clock; /* offset in clock_t */
10003 + spinlock_t load_lock; /* lock for the load averages */
10004 + atomic_t load_updates; /* nr of load updates done so far */
10005 + uint32_t load_last; /* last time load was calculated */
10006 + uint32_t load[3]; /* load averages 1,5,15 */
10008 + atomic_t total_forks; /* number of forks so far */
10010 + struct _vx_syslog syslog;
10013 +struct _vx_cvirt_pc {
10014 + struct _vx_usage_stat cpustat;
10018 +#ifdef CONFIG_VSERVER_DEBUG
10020 +static inline void __dump_vx_cvirt(struct _vx_cvirt *cvirt)
10022 + printk("\t_vx_cvirt:\n");
10023 + printk("\t threads: %4d, %4d, %4d, %4d\n",
10024 + atomic_read(&cvirt->nr_threads),
10025 + atomic_read(&cvirt->nr_running),
10026 + atomic_read(&cvirt->nr_uninterruptible),
10027 + atomic_read(&cvirt->nr_onhold));
10028 + /* add rest here */
10029 + printk("\t total_forks = %d\n", atomic_read(&cvirt->total_forks));
10034 +#endif /* _VSERVER_CVIRT_DEF_H */
10035 diff -NurpP --minimal linux-3.14.17/include/linux/vserver/debug.h linux-3.14.17-vs2.3.6.13/include/linux/vserver/debug.h
10036 --- linux-3.14.17/include/linux/vserver/debug.h 1970-01-01 00:00:00.000000000 +0000
10037 +++ linux-3.14.17-vs2.3.6.13/include/linux/vserver/debug.h 2014-08-30 14:27:38.000000000 +0000
10039 +#ifndef _VSERVER_DEBUG_H
10040 +#define _VSERVER_DEBUG_H
10043 +#define VXD_CBIT(n, m) (vs_debug_ ## n & (1 << (m)))
10044 +#define VXD_CMIN(n, m) (vs_debug_ ## n > (m))
10045 +#define VXD_MASK(n, m) (vs_debug_ ## n & (m))
10047 +#define VXD_DEV(d) (d), (d)->bd_inode->i_ino, \
10048 + imajor((d)->bd_inode), iminor((d)->bd_inode)
10049 +#define VXF_DEV "%p[%lu,%d:%d]"
10051 +#if defined(CONFIG_QUOTES_UTF8)
10052 +#define VS_Q_LQM "\xc2\xbb"
10053 +#define VS_Q_RQM "\xc2\xab"
10054 +#elif defined(CONFIG_QUOTES_ASCII)
10055 +#define VS_Q_LQM "\x27"
10056 +#define VS_Q_RQM "\x27"
10058 +#define VS_Q_LQM "\xbb"
10059 +#define VS_Q_RQM "\xab"
10062 +#define VS_Q(f) VS_Q_LQM f VS_Q_RQM
10065 +#define vxd_path(p) \
10066 + ({ static char _buffer[PATH_MAX]; \
10067 + d_path(p, _buffer, sizeof(_buffer)); })
10069 +#define vxd_cond_path(n) \
10070 + ((n) ? vxd_path(&(n)->path) : "<null>" )
10073 +#ifdef CONFIG_VSERVER_DEBUG
10075 +extern unsigned int vs_debug_switch;
10076 +extern unsigned int vs_debug_xid;
10077 +extern unsigned int vs_debug_nid;
10078 +extern unsigned int vs_debug_tag;
10079 +extern unsigned int vs_debug_net;
10080 +extern unsigned int vs_debug_limit;
10081 +extern unsigned int vs_debug_cres;
10082 +extern unsigned int vs_debug_dlim;
10083 +extern unsigned int vs_debug_quota;
10084 +extern unsigned int vs_debug_cvirt;
10085 +extern unsigned int vs_debug_space;
10086 +extern unsigned int vs_debug_perm;
10087 +extern unsigned int vs_debug_misc;
10090 +#define VX_LOGLEVEL "vxD: "
10091 +#define VX_PROC_FMT "%p: "
10092 +#define VX_PROCESS current
10094 +#define vxdprintk(c, f, x...) \
10097 + printk(VX_LOGLEVEL VX_PROC_FMT f "\n", \
10098 + VX_PROCESS , ##x); \
10101 +#define vxlprintk(c, f, x...) \
10104 + printk(VX_LOGLEVEL f " @%s:%d\n", x); \
10107 +#define vxfprintk(c, f, x...) \
10110 + printk(VX_LOGLEVEL f " %s@%s:%d\n", x); \
10116 +void dump_vx_info(struct vx_info *, int);
10117 +void dump_vx_info_inactive(int);
10119 +#else /* CONFIG_VSERVER_DEBUG */
10121 +#define vs_debug_switch 0
10122 +#define vs_debug_xid 0
10123 +#define vs_debug_nid 0
10124 +#define vs_debug_tag 0
10125 +#define vs_debug_net 0
10126 +#define vs_debug_limit 0
10127 +#define vs_debug_cres 0
10128 +#define vs_debug_dlim 0
10129 +#define vs_debug_quota 0
10130 +#define vs_debug_cvirt 0
10131 +#define vs_debug_space 0
10132 +#define vs_debug_perm 0
10133 +#define vs_debug_misc 0
10135 +#define vxdprintk(x...) do { } while (0)
10136 +#define vxlprintk(x...) do { } while (0)
10137 +#define vxfprintk(x...) do { } while (0)
10139 +#endif /* CONFIG_VSERVER_DEBUG */
10142 +#ifdef CONFIG_VSERVER_WARN
10144 +#define VX_WARNLEVEL KERN_WARNING "vxW: "
10145 +#define VX_WARN_TASK "[" VS_Q("%s") ",%u:#%u|%u|%u] "
10146 +#define VX_WARN_XID "[xid #%u] "
10147 +#define VX_WARN_NID "[nid #%u] "
10148 +#define VX_WARN_TAG "[tag #%u] "
10150 +#define vxwprintk(c, f, x...) \
10153 + printk(VX_WARNLEVEL f "\n", ##x); \
10156 +#else /* CONFIG_VSERVER_WARN */
10158 +#define vxwprintk(x...) do { } while (0)
10160 +#endif /* CONFIG_VSERVER_WARN */
10162 +#define vxwprintk_task(c, f, x...) \
10163 + vxwprintk(c, VX_WARN_TASK f, \
10164 + current->comm, current->pid, \
10165 + current->xid, current->nid, \
10166 + current->tag, ##x)
10167 +#define vxwprintk_xid(c, f, x...) \
10168 + vxwprintk(c, VX_WARN_XID f, current->xid, x)
10169 +#define vxwprintk_nid(c, f, x...) \
10170 + vxwprintk(c, VX_WARN_NID f, current->nid, x)
10171 +#define vxwprintk_tag(c, f, x...) \
10172 + vxwprintk(c, VX_WARN_TAG f, current->tag, x)
10174 +#ifdef CONFIG_VSERVER_DEBUG
10175 +#define vxd_assert_lock(l) assert_spin_locked(l)
10176 +#define vxd_assert(c, f, x...) vxlprintk(!(c), \
10177 + "assertion [" f "] failed.", ##x, __FILE__, __LINE__)
10179 +#define vxd_assert_lock(l) do { } while (0)
10180 +#define vxd_assert(c, f, x...) do { } while (0)
10184 +#endif /* _VSERVER_DEBUG_H */
10185 diff -NurpP --minimal linux-3.14.17/include/linux/vserver/debug_cmd.h linux-3.14.17-vs2.3.6.13/include/linux/vserver/debug_cmd.h
10186 --- linux-3.14.17/include/linux/vserver/debug_cmd.h 1970-01-01 00:00:00.000000000 +0000
10187 +++ linux-3.14.17-vs2.3.6.13/include/linux/vserver/debug_cmd.h 2014-08-30 14:27:38.000000000 +0000
10189 +#ifndef _VSERVER_DEBUG_CMD_H
10190 +#define _VSERVER_DEBUG_CMD_H
10192 +#include <uapi/vserver/debug_cmd.h>
10195 +#ifdef CONFIG_COMPAT
10197 +#include <asm/compat.h>
10199 +struct vcmd_read_history_v0_x32 {
10202 + compat_uptr_t data_ptr;
10205 +struct vcmd_read_monitor_v0_x32 {
10208 + compat_uptr_t data_ptr;
10211 +#endif /* CONFIG_COMPAT */
10213 +extern int vc_dump_history(uint32_t);
10215 +extern int vc_read_history(uint32_t, void __user *);
10216 +extern int vc_read_monitor(uint32_t, void __user *);
10218 +#ifdef CONFIG_COMPAT
10220 +extern int vc_read_history_x32(uint32_t, void __user *);
10221 +extern int vc_read_monitor_x32(uint32_t, void __user *);
10223 +#endif /* CONFIG_COMPAT */
10225 +#endif /* _VSERVER_DEBUG_CMD_H */
10226 diff -NurpP --minimal linux-3.14.17/include/linux/vserver/device.h linux-3.14.17-vs2.3.6.13/include/linux/vserver/device.h
10227 --- linux-3.14.17/include/linux/vserver/device.h 1970-01-01 00:00:00.000000000 +0000
10228 +++ linux-3.14.17-vs2.3.6.13/include/linux/vserver/device.h 2014-08-30 14:27:38.000000000 +0000
10230 +#ifndef _VSERVER_DEVICE_H
10231 +#define _VSERVER_DEVICE_H
10234 +#include <uapi/vserver/device.h>
10236 +#else /* _VSERVER_DEVICE_H */
10237 +#warning duplicate inclusion
10238 +#endif /* _VSERVER_DEVICE_H */
10239 diff -NurpP --minimal linux-3.14.17/include/linux/vserver/device_cmd.h linux-3.14.17-vs2.3.6.13/include/linux/vserver/device_cmd.h
10240 --- linux-3.14.17/include/linux/vserver/device_cmd.h 1970-01-01 00:00:00.000000000 +0000
10241 +++ linux-3.14.17-vs2.3.6.13/include/linux/vserver/device_cmd.h 2014-08-30 14:27:38.000000000 +0000
10243 +#ifndef _VSERVER_DEVICE_CMD_H
10244 +#define _VSERVER_DEVICE_CMD_H
10246 +#include <uapi/vserver/device_cmd.h>
10249 +#ifdef CONFIG_COMPAT
10251 +#include <asm/compat.h>
10253 +struct vcmd_set_mapping_v0_x32 {
10254 + compat_uptr_t device_ptr;
10255 + compat_uptr_t target_ptr;
10259 +#endif /* CONFIG_COMPAT */
10261 +#include <linux/compiler.h>
10263 +extern int vc_set_mapping(struct vx_info *, void __user *);
10264 +extern int vc_unset_mapping(struct vx_info *, void __user *);
10266 +#ifdef CONFIG_COMPAT
10268 +extern int vc_set_mapping_x32(struct vx_info *, void __user *);
10269 +extern int vc_unset_mapping_x32(struct vx_info *, void __user *);
10271 +#endif /* CONFIG_COMPAT */
10273 +#endif /* _VSERVER_DEVICE_CMD_H */
10274 diff -NurpP --minimal linux-3.14.17/include/linux/vserver/device_def.h linux-3.14.17-vs2.3.6.13/include/linux/vserver/device_def.h
10275 --- linux-3.14.17/include/linux/vserver/device_def.h 1970-01-01 00:00:00.000000000 +0000
10276 +++ linux-3.14.17-vs2.3.6.13/include/linux/vserver/device_def.h 2014-08-30 14:27:38.000000000 +0000
10278 +#ifndef _VSERVER_DEVICE_DEF_H
10279 +#define _VSERVER_DEVICE_DEF_H
10281 +#include <linux/types.h>
10283 +struct vx_dmap_target {
10288 +struct _vx_device {
10289 +#ifdef CONFIG_VSERVER_DEVICE
10290 + struct vx_dmap_target targets[2];
10294 +#endif /* _VSERVER_DEVICE_DEF_H */
10295 diff -NurpP --minimal linux-3.14.17/include/linux/vserver/dlimit.h linux-3.14.17-vs2.3.6.13/include/linux/vserver/dlimit.h
10296 --- linux-3.14.17/include/linux/vserver/dlimit.h 1970-01-01 00:00:00.000000000 +0000
10297 +++ linux-3.14.17-vs2.3.6.13/include/linux/vserver/dlimit.h 2014-08-30 14:27:38.000000000 +0000
10299 +#ifndef _VSERVER_DLIMIT_H
10300 +#define _VSERVER_DLIMIT_H
10302 +#include "switch.h"
10307 +/* keep in sync with CDLIM_INFINITY */
10309 +#define DLIM_INFINITY (~0ULL)
10311 +#include <linux/spinlock.h>
10312 +#include <linux/rcupdate.h>
10314 +struct super_block;
10317 + struct hlist_node dl_hlist; /* linked list of contexts */
10318 + struct rcu_head dl_rcu; /* the rcu head */
10319 + vtag_t dl_tag; /* context tag */
10320 + atomic_t dl_usecnt; /* usage count */
10321 + atomic_t dl_refcnt; /* reference count */
10323 + struct super_block *dl_sb; /* associated superblock */
10325 + spinlock_t dl_lock; /* protect the values */
10327 + unsigned long long dl_space_used; /* used space in bytes */
10328 + unsigned long long dl_space_total; /* maximum space in bytes */
10329 + unsigned long dl_inodes_used; /* used inodes */
10330 + unsigned long dl_inodes_total; /* maximum inodes */
10332 + unsigned int dl_nrlmult; /* non root limit mult */
10337 +extern void rcu_free_dl_info(struct rcu_head *);
10338 +extern void unhash_dl_info(struct dl_info *);
10340 +extern struct dl_info *locate_dl_info(struct super_block *, vtag_t);
10345 +extern void vx_vsi_statfs(struct super_block *, struct kstatfs *);
10347 +typedef uint64_t dlsize_t;
10349 +#endif /* __KERNEL__ */
10350 +#else /* _VSERVER_DLIMIT_H */
10351 +#warning duplicate inclusion
10352 +#endif /* _VSERVER_DLIMIT_H */
10353 diff -NurpP --minimal linux-3.14.17/include/linux/vserver/dlimit_cmd.h linux-3.14.17-vs2.3.6.13/include/linux/vserver/dlimit_cmd.h
10354 --- linux-3.14.17/include/linux/vserver/dlimit_cmd.h 1970-01-01 00:00:00.000000000 +0000
10355 +++ linux-3.14.17-vs2.3.6.13/include/linux/vserver/dlimit_cmd.h 2014-08-30 14:27:38.000000000 +0000
10357 +#ifndef _VSERVER_DLIMIT_CMD_H
10358 +#define _VSERVER_DLIMIT_CMD_H
10360 +#include <uapi/vserver/dlimit_cmd.h>
10363 +#ifdef CONFIG_COMPAT
10365 +#include <asm/compat.h>
10367 +struct vcmd_ctx_dlimit_base_v0_x32 {
10368 + compat_uptr_t name_ptr;
10372 +struct vcmd_ctx_dlimit_v0_x32 {
10373 + compat_uptr_t name_ptr;
10374 + uint32_t space_used; /* used space in kbytes */
10375 + uint32_t space_total; /* maximum space in kbytes */
10376 + uint32_t inodes_used; /* used inodes */
10377 + uint32_t inodes_total; /* maximum inodes */
10378 + uint32_t reserved; /* reserved for root in % */
10382 +#endif /* CONFIG_COMPAT */
10384 +#include <linux/compiler.h>
10386 +extern int vc_add_dlimit(uint32_t, void __user *);
10387 +extern int vc_rem_dlimit(uint32_t, void __user *);
10389 +extern int vc_set_dlimit(uint32_t, void __user *);
10390 +extern int vc_get_dlimit(uint32_t, void __user *);
10392 +#ifdef CONFIG_COMPAT
10394 +extern int vc_add_dlimit_x32(uint32_t, void __user *);
10395 +extern int vc_rem_dlimit_x32(uint32_t, void __user *);
10397 +extern int vc_set_dlimit_x32(uint32_t, void __user *);
10398 +extern int vc_get_dlimit_x32(uint32_t, void __user *);
10400 +#endif /* CONFIG_COMPAT */
10402 +#endif /* _VSERVER_DLIMIT_CMD_H */
10403 diff -NurpP --minimal linux-3.14.17/include/linux/vserver/global.h linux-3.14.17-vs2.3.6.13/include/linux/vserver/global.h
10404 --- linux-3.14.17/include/linux/vserver/global.h 1970-01-01 00:00:00.000000000 +0000
10405 +++ linux-3.14.17-vs2.3.6.13/include/linux/vserver/global.h 2014-08-30 14:27:38.000000000 +0000
10407 +#ifndef _VSERVER_GLOBAL_H
10408 +#define _VSERVER_GLOBAL_H
10411 +extern atomic_t vx_global_ctotal;
10412 +extern atomic_t vx_global_cactive;
10414 +extern atomic_t nx_global_ctotal;
10415 +extern atomic_t nx_global_cactive;
10417 +extern atomic_t vs_global_nsproxy;
10418 +extern atomic_t vs_global_fs;
10419 +extern atomic_t vs_global_mnt_ns;
10420 +extern atomic_t vs_global_uts_ns;
10421 +extern atomic_t vs_global_user_ns;
10422 +extern atomic_t vs_global_pid_ns;
10425 +#endif /* _VSERVER_GLOBAL_H */
10426 diff -NurpP --minimal linux-3.14.17/include/linux/vserver/history.h linux-3.14.17-vs2.3.6.13/include/linux/vserver/history.h
10427 --- linux-3.14.17/include/linux/vserver/history.h 1970-01-01 00:00:00.000000000 +0000
10428 +++ linux-3.14.17-vs2.3.6.13/include/linux/vserver/history.h 2014-08-30 14:27:38.000000000 +0000
10430 +#ifndef _VSERVER_HISTORY_H
10431 +#define _VSERVER_HISTORY_H
10436 + VXH_THROW_OOPS = 1,
10440 + VXH_INIT_VX_INFO,
10443 + VXH_CLAIM_VX_INFO,
10444 + VXH_RELEASE_VX_INFO,
10445 + VXH_ALLOC_VX_INFO,
10446 + VXH_DEALLOC_VX_INFO,
10447 + VXH_HASH_VX_INFO,
10448 + VXH_UNHASH_VX_INFO,
10450 + VXH_LOOKUP_VX_INFO,
10451 + VXH_CREATE_VX_INFO,
10454 +struct _vxhe_vxi {
10455 + struct vx_info *ptr;
10461 +struct _vxhe_set_clr {
10465 +struct _vxhe_loc_lookup {
10469 +struct _vx_hist_entry {
10471 + unsigned short seq;
10472 + unsigned short type;
10473 + struct _vxhe_vxi vxi;
10475 + struct _vxhe_set_clr sc;
10476 + struct _vxhe_loc_lookup ll;
10480 +#ifdef CONFIG_VSERVER_HISTORY
10482 +extern unsigned volatile int vxh_active;
10484 +struct _vx_hist_entry *vxh_advance(void *loc);
10488 +void __vxh_copy_vxi(struct _vx_hist_entry *entry, struct vx_info *vxi)
10490 + entry->vxi.ptr = vxi;
10492 + entry->vxi.usecnt = atomic_read(&vxi->vx_usecnt);
10493 + entry->vxi.tasks = atomic_read(&vxi->vx_tasks);
10494 + entry->vxi.xid = vxi->vx_id;
10499 +#define __HERE__ current_text_addr()
10501 +#define __VXH_BODY(__type, __data, __here) \
10502 + struct _vx_hist_entry *entry; \
10504 + preempt_disable(); \
10505 + entry = vxh_advance(__here); \
10507 + entry->type = __type; \
10508 + preempt_enable();
10511 + /* pass vxi only */
10513 +#define __VXH_SMPL \
10514 + __vxh_copy_vxi(entry, vxi)
10517 +void __vxh_smpl(struct vx_info *vxi, int __type, void *__here)
10519 + __VXH_BODY(__type, __VXH_SMPL, __here)
10522 + /* pass vxi and data (void *) */
10524 +#define __VXH_DATA \
10525 + __vxh_copy_vxi(entry, vxi); \
10526 + entry->sc.data = data
10529 +void __vxh_data(struct vx_info *vxi, void *data,
10530 + int __type, void *__here)
10532 + __VXH_BODY(__type, __VXH_DATA, __here)
10535 + /* pass vxi and arg (long) */
10537 +#define __VXH_LONG \
10538 + __vxh_copy_vxi(entry, vxi); \
10539 + entry->ll.arg = arg
10542 +void __vxh_long(struct vx_info *vxi, long arg,
10543 + int __type, void *__here)
10545 + __VXH_BODY(__type, __VXH_LONG, __here)
10550 +void __vxh_throw_oops(void *__here)
10552 + __VXH_BODY(VXH_THROW_OOPS, {}, __here);
10553 + /* prevent further acquisition */
10558 +#define vxh_throw_oops() __vxh_throw_oops(__HERE__);
10560 +#define __vxh_get_vx_info(v, h) __vxh_smpl(v, VXH_GET_VX_INFO, h);
10561 +#define __vxh_put_vx_info(v, h) __vxh_smpl(v, VXH_PUT_VX_INFO, h);
10563 +#define __vxh_init_vx_info(v, d, h) \
10564 + __vxh_data(v, d, VXH_INIT_VX_INFO, h);
10565 +#define __vxh_set_vx_info(v, d, h) \
10566 + __vxh_data(v, d, VXH_SET_VX_INFO, h);
10567 +#define __vxh_clr_vx_info(v, d, h) \
10568 + __vxh_data(v, d, VXH_CLR_VX_INFO, h);
10570 +#define __vxh_claim_vx_info(v, d, h) \
10571 + __vxh_data(v, d, VXH_CLAIM_VX_INFO, h);
10572 +#define __vxh_release_vx_info(v, d, h) \
10573 + __vxh_data(v, d, VXH_RELEASE_VX_INFO, h);
10575 +#define vxh_alloc_vx_info(v) \
10576 + __vxh_smpl(v, VXH_ALLOC_VX_INFO, __HERE__);
10577 +#define vxh_dealloc_vx_info(v) \
10578 + __vxh_smpl(v, VXH_DEALLOC_VX_INFO, __HERE__);
10580 +#define vxh_hash_vx_info(v) \
10581 + __vxh_smpl(v, VXH_HASH_VX_INFO, __HERE__);
10582 +#define vxh_unhash_vx_info(v) \
10583 + __vxh_smpl(v, VXH_UNHASH_VX_INFO, __HERE__);
10585 +#define vxh_loc_vx_info(v, l) \
10586 + __vxh_long(v, l, VXH_LOC_VX_INFO, __HERE__);
10587 +#define vxh_lookup_vx_info(v, l) \
10588 + __vxh_long(v, l, VXH_LOOKUP_VX_INFO, __HERE__);
10589 +#define vxh_create_vx_info(v, l) \
10590 + __vxh_long(v, l, VXH_CREATE_VX_INFO, __HERE__);
10592 +extern void vxh_dump_history(void);
10595 +#else /* CONFIG_VSERVER_HISTORY */
10597 +#define __HERE__ 0
10599 +#define vxh_throw_oops() do { } while (0)
10601 +#define __vxh_get_vx_info(v, h) do { } while (0)
10602 +#define __vxh_put_vx_info(v, h) do { } while (0)
10604 +#define __vxh_init_vx_info(v, d, h) do { } while (0)
10605 +#define __vxh_set_vx_info(v, d, h) do { } while (0)
10606 +#define __vxh_clr_vx_info(v, d, h) do { } while (0)
10608 +#define __vxh_claim_vx_info(v, d, h) do { } while (0)
10609 +#define __vxh_release_vx_info(v, d, h) do { } while (0)
10611 +#define vxh_alloc_vx_info(v) do { } while (0)
10612 +#define vxh_dealloc_vx_info(v) do { } while (0)
10614 +#define vxh_hash_vx_info(v) do { } while (0)
10615 +#define vxh_unhash_vx_info(v) do { } while (0)
10617 +#define vxh_loc_vx_info(v, l) do { } while (0)
10618 +#define vxh_lookup_vx_info(v, l) do { } while (0)
10619 +#define vxh_create_vx_info(v, l) do { } while (0)
10621 +#define vxh_dump_history() do { } while (0)
10624 +#endif /* CONFIG_VSERVER_HISTORY */
10626 +#endif /* _VSERVER_HISTORY_H */
10627 diff -NurpP --minimal linux-3.14.17/include/linux/vserver/inode.h linux-3.14.17-vs2.3.6.13/include/linux/vserver/inode.h
10628 --- linux-3.14.17/include/linux/vserver/inode.h 1970-01-01 00:00:00.000000000 +0000
10629 +++ linux-3.14.17-vs2.3.6.13/include/linux/vserver/inode.h 2014-08-30 14:27:38.000000000 +0000
10631 +#ifndef _VSERVER_INODE_H
10632 +#define _VSERVER_INODE_H
10634 +#include <uapi/vserver/inode.h>
10637 +#ifdef CONFIG_VSERVER_PROC_SECURE
10638 +#define IATTR_PROC_DEFAULT ( IATTR_ADMIN | IATTR_HIDE )
10639 +#define IATTR_PROC_SYMLINK ( IATTR_ADMIN )
10641 +#define IATTR_PROC_DEFAULT ( IATTR_ADMIN )
10642 +#define IATTR_PROC_SYMLINK ( IATTR_ADMIN )
10645 +#define vx_hide_check(c, m) (((m) & IATTR_HIDE) ? vx_check(c, m) : 1)
10647 +#else /* _VSERVER_INODE_H */
10648 +#warning duplicate inclusion
10649 +#endif /* _VSERVER_INODE_H */
10650 diff -NurpP --minimal linux-3.14.17/include/linux/vserver/inode_cmd.h linux-3.14.17-vs2.3.6.13/include/linux/vserver/inode_cmd.h
10651 --- linux-3.14.17/include/linux/vserver/inode_cmd.h 1970-01-01 00:00:00.000000000 +0000
10652 +++ linux-3.14.17-vs2.3.6.13/include/linux/vserver/inode_cmd.h 2014-08-30 14:27:38.000000000 +0000
10654 +#ifndef _VSERVER_INODE_CMD_H
10655 +#define _VSERVER_INODE_CMD_H
10657 +#include <uapi/vserver/inode_cmd.h>
10661 +#ifdef CONFIG_COMPAT
10663 +#include <asm/compat.h>
10665 +struct vcmd_ctx_iattr_v1_x32 {
10666 + compat_uptr_t name_ptr;
10672 +#endif /* CONFIG_COMPAT */
10674 +#include <linux/compiler.h>
10676 +extern int vc_get_iattr(void __user *);
10677 +extern int vc_set_iattr(void __user *);
10679 +extern int vc_fget_iattr(uint32_t, void __user *);
10680 +extern int vc_fset_iattr(uint32_t, void __user *);
10682 +#ifdef CONFIG_COMPAT
10684 +extern int vc_get_iattr_x32(void __user *);
10685 +extern int vc_set_iattr_x32(void __user *);
10687 +#endif /* CONFIG_COMPAT */
10689 +#endif /* _VSERVER_INODE_CMD_H */
10690 diff -NurpP --minimal linux-3.14.17/include/linux/vserver/limit.h linux-3.14.17-vs2.3.6.13/include/linux/vserver/limit.h
10691 --- linux-3.14.17/include/linux/vserver/limit.h 1970-01-01 00:00:00.000000000 +0000
10692 +++ linux-3.14.17-vs2.3.6.13/include/linux/vserver/limit.h 2014-08-30 14:27:38.000000000 +0000
10694 +#ifndef _VSERVER_LIMIT_H
10695 +#define _VSERVER_LIMIT_H
10697 +#include <uapi/vserver/limit.h>
10700 +#define VLIM_NOCHECK ((1L << VLIMIT_DENTRY) | (1L << RLIMIT_RSS))
10702 +/* keep in sync with CRLIM_INFINITY */
10704 +#define VLIM_INFINITY (~0ULL)
10706 +#include <asm/atomic.h>
10707 +#include <asm/resource.h>
10709 +#ifndef RLIM_INFINITY
10710 +#warning RLIM_INFINITY is undefined
10713 +#define __rlim_val(l, r, v) ((l)->res[r].v)
10715 +#define __rlim_soft(l, r) __rlim_val(l, r, soft)
10716 +#define __rlim_hard(l, r) __rlim_val(l, r, hard)
10718 +#define __rlim_rcur(l, r) __rlim_val(l, r, rcur)
10719 +#define __rlim_rmin(l, r) __rlim_val(l, r, rmin)
10720 +#define __rlim_rmax(l, r) __rlim_val(l, r, rmax)
10722 +#define __rlim_lhit(l, r) __rlim_val(l, r, lhit)
10723 +#define __rlim_hit(l, r) atomic_inc(&__rlim_lhit(l, r))
10725 +typedef atomic_long_t rlim_atomic_t;
10726 +typedef unsigned long rlim_t;
10728 +#define __rlim_get(l, r) atomic_long_read(&__rlim_rcur(l, r))
10729 +#define __rlim_set(l, r, v) atomic_long_set(&__rlim_rcur(l, r), v)
10730 +#define __rlim_inc(l, r) atomic_long_inc(&__rlim_rcur(l, r))
10731 +#define __rlim_dec(l, r) atomic_long_dec(&__rlim_rcur(l, r))
10732 +#define __rlim_add(l, r, v) atomic_long_add(v, &__rlim_rcur(l, r))
10733 +#define __rlim_sub(l, r, v) atomic_long_sub(v, &__rlim_rcur(l, r))
10736 +#if (RLIM_INFINITY == VLIM_INFINITY)
10737 +#define VX_VLIM(r) ((long long)(long)(r))
10738 +#define VX_RLIM(v) ((rlim_t)(v))
10740 +#define VX_VLIM(r) (((r) == RLIM_INFINITY) \
10741 + ? VLIM_INFINITY : (long long)(r))
10742 +#define VX_RLIM(v) (((v) == VLIM_INFINITY) \
10743 + ? RLIM_INFINITY : (rlim_t)(v))
10748 +void vx_vsi_meminfo(struct sysinfo *);
10749 +void vx_vsi_swapinfo(struct sysinfo *);
10750 +long vx_vsi_cached(struct sysinfo *);
10752 +#define NUM_LIMITS 24
10754 +#endif /* _VSERVER_LIMIT_H */
10755 diff -NurpP --minimal linux-3.14.17/include/linux/vserver/limit_cmd.h linux-3.14.17-vs2.3.6.13/include/linux/vserver/limit_cmd.h
10756 --- linux-3.14.17/include/linux/vserver/limit_cmd.h 1970-01-01 00:00:00.000000000 +0000
10757 +++ linux-3.14.17-vs2.3.6.13/include/linux/vserver/limit_cmd.h 2014-08-30 14:27:38.000000000 +0000
10759 +#ifndef _VSERVER_LIMIT_CMD_H
10760 +#define _VSERVER_LIMIT_CMD_H
10762 +#include <uapi/vserver/limit_cmd.h>
10765 +#ifdef CONFIG_IA32_EMULATION
10767 +struct vcmd_ctx_rlimit_v0_x32 {
10769 + uint64_t minimum;
10770 + uint64_t softlimit;
10771 + uint64_t maximum;
10772 +} __attribute__ ((packed));
10774 +#endif /* CONFIG_IA32_EMULATION */
10776 +#include <linux/compiler.h>
10778 +extern int vc_get_rlimit_mask(uint32_t, void __user *);
10779 +extern int vc_get_rlimit(struct vx_info *, void __user *);
10780 +extern int vc_set_rlimit(struct vx_info *, void __user *);
10781 +extern int vc_reset_hits(struct vx_info *, void __user *);
10782 +extern int vc_reset_minmax(struct vx_info *, void __user *);
10784 +extern int vc_rlimit_stat(struct vx_info *, void __user *);
10786 +#ifdef CONFIG_IA32_EMULATION
10788 +extern int vc_get_rlimit_x32(struct vx_info *, void __user *);
10789 +extern int vc_set_rlimit_x32(struct vx_info *, void __user *);
10791 +#endif /* CONFIG_IA32_EMULATION */
10793 +#endif /* _VSERVER_LIMIT_CMD_H */
10794 diff -NurpP --minimal linux-3.14.17/include/linux/vserver/limit_def.h linux-3.14.17-vs2.3.6.13/include/linux/vserver/limit_def.h
10795 --- linux-3.14.17/include/linux/vserver/limit_def.h 1970-01-01 00:00:00.000000000 +0000
10796 +++ linux-3.14.17-vs2.3.6.13/include/linux/vserver/limit_def.h 2014-08-30 14:27:38.000000000 +0000
10798 +#ifndef _VSERVER_LIMIT_DEF_H
10799 +#define _VSERVER_LIMIT_DEF_H
10801 +#include <asm/atomic.h>
10802 +#include <asm/resource.h>
10804 +#include "limit.h"
10807 +struct _vx_res_limit {
10808 + rlim_t soft; /* Context soft limit */
10809 + rlim_t hard; /* Context hard limit */
10811 + rlim_atomic_t rcur; /* Current value */
10812 + rlim_t rmin; /* Context minimum */
10813 + rlim_t rmax; /* Context maximum */
10815 + atomic_t lhit; /* Limit hits */
10818 +/* context sub struct */
10820 +struct _vx_limit {
10821 + struct _vx_res_limit res[NUM_LIMITS];
10824 +#ifdef CONFIG_VSERVER_DEBUG
10826 +static inline void __dump_vx_limit(struct _vx_limit *limit)
10830 + printk("\t_vx_limit:");
10831 + for (i = 0; i < NUM_LIMITS; i++) {
10832 + printk("\t [%2d] = %8lu %8lu/%8lu, %8ld/%8ld, %8d\n",
10833 + i, (unsigned long)__rlim_get(limit, i),
10834 + (unsigned long)__rlim_rmin(limit, i),
10835 + (unsigned long)__rlim_rmax(limit, i),
10836 + (long)__rlim_soft(limit, i),
10837 + (long)__rlim_hard(limit, i),
10838 + atomic_read(&__rlim_lhit(limit, i)));
10844 +#endif /* _VSERVER_LIMIT_DEF_H */
10845 diff -NurpP --minimal linux-3.14.17/include/linux/vserver/limit_int.h linux-3.14.17-vs2.3.6.13/include/linux/vserver/limit_int.h
10846 --- linux-3.14.17/include/linux/vserver/limit_int.h 1970-01-01 00:00:00.000000000 +0000
10847 +++ linux-3.14.17-vs2.3.6.13/include/linux/vserver/limit_int.h 2014-08-30 14:27:38.000000000 +0000
10849 +#ifndef _VSERVER_LIMIT_INT_H
10850 +#define _VSERVER_LIMIT_INT_H
10852 +#define VXD_RCRES_COND(r) VXD_CBIT(cres, r)
10853 +#define VXD_RLIMIT_COND(r) VXD_CBIT(limit, r)
10855 +extern const char *vlimit_name[NUM_LIMITS];
10857 +static inline void __vx_acc_cres(struct vx_info *vxi,
10858 + int res, int dir, void *_data, char *_file, int _line)
10860 + if (VXD_RCRES_COND(res))
10861 + vxlprintk(1, "vx_acc_cres[%5d,%s,%2d]: %5ld%s (%p)",
10862 + (vxi ? vxi->vx_id : -1), vlimit_name[res], res,
10863 + (vxi ? (long)__rlim_get(&vxi->limit, res) : 0),
10864 + (dir > 0) ? "++" : "--", _data, _file, _line);
10869 + __rlim_inc(&vxi->limit, res);
10871 + __rlim_dec(&vxi->limit, res);
10874 +static inline void __vx_add_cres(struct vx_info *vxi,
10875 + int res, int amount, void *_data, char *_file, int _line)
10877 + if (VXD_RCRES_COND(res))
10878 + vxlprintk(1, "vx_add_cres[%5d,%s,%2d]: %5ld += %5d (%p)",
10879 + (vxi ? vxi->vx_id : -1), vlimit_name[res], res,
10880 + (vxi ? (long)__rlim_get(&vxi->limit, res) : 0),
10881 + amount, _data, _file, _line);
10886 + __rlim_add(&vxi->limit, res, amount);
10890 +int __vx_cres_adjust_max(struct _vx_limit *limit, int res, rlim_t value)
10892 + int cond = (value > __rlim_rmax(limit, res));
10895 + __rlim_rmax(limit, res) = value;
10900 +int __vx_cres_adjust_min(struct _vx_limit *limit, int res, rlim_t value)
10902 + int cond = (value < __rlim_rmin(limit, res));
10905 + __rlim_rmin(limit, res) = value;
10910 +void __vx_cres_fixup(struct _vx_limit *limit, int res, rlim_t value)
10912 + if (!__vx_cres_adjust_max(limit, res, value))
10913 + __vx_cres_adjust_min(limit, res, value);
10918 + +1 ... no limit hit
10919 + -1 ... over soft limit
10920 + 0 ... over hard limit */
10922 +static inline int __vx_cres_avail(struct vx_info *vxi,
10923 + int res, int num, char *_file, int _line)
10925 + struct _vx_limit *limit;
10928 + if (VXD_RLIMIT_COND(res))
10929 + vxlprintk(1, "vx_cres_avail[%5d,%s,%2d]: %5ld/%5ld > %5ld + %5d",
10930 + (vxi ? vxi->vx_id : -1), vlimit_name[res], res,
10931 + (vxi ? (long)__rlim_soft(&vxi->limit, res) : -1),
10932 + (vxi ? (long)__rlim_hard(&vxi->limit, res) : -1),
10933 + (vxi ? (long)__rlim_get(&vxi->limit, res) : 0),
10934 + num, _file, _line);
10938 + limit = &vxi->limit;
10939 + value = __rlim_get(limit, res);
10941 + if (!__vx_cres_adjust_max(limit, res, value))
10942 + __vx_cres_adjust_min(limit, res, value);
10947 + if (__rlim_soft(limit, res) == RLIM_INFINITY)
10949 + if (value + num <= __rlim_soft(limit, res))
10952 + if (__rlim_hard(limit, res) == RLIM_INFINITY)
10954 + if (value + num <= __rlim_hard(limit, res))
10957 + __rlim_hit(limit, res);
10962 +static const int VLA_RSS[] = { RLIMIT_RSS, VLIMIT_ANON, VLIMIT_MAPPED, 0 };
10965 +rlim_t __vx_cres_array_sum(struct _vx_limit *limit, const int *array)
10967 + rlim_t value, sum = 0;
10970 + while ((res = *array++)) {
10971 + value = __rlim_get(limit, res);
10972 + __vx_cres_fixup(limit, res, value);
10979 +rlim_t __vx_cres_array_fixup(struct _vx_limit *limit, const int *array)
10981 + rlim_t value = __vx_cres_array_sum(limit, array + 1);
10982 + int res = *array;
10984 + if (value == __rlim_get(limit, res))
10987 + __rlim_set(limit, res, value);
10988 + /* now adjust min/max */
10989 + if (!__vx_cres_adjust_max(limit, res, value))
10990 + __vx_cres_adjust_min(limit, res, value);
10995 +static inline int __vx_cres_array_avail(struct vx_info *vxi,
10996 + const int *array, int num, char *_file, int _line)
10998 + struct _vx_limit *limit;
10999 + rlim_t value = 0;
11007 + limit = &vxi->limit;
11009 + value = __vx_cres_array_sum(limit, array + 1);
11011 + __rlim_set(limit, res, value);
11012 + __vx_cres_fixup(limit, res, value);
11014 + return __vx_cres_avail(vxi, res, num, _file, _line);
11018 +static inline void vx_limit_fixup(struct _vx_limit *limit, int id)
11023 + /* complex resources first */
11024 + if ((id < 0) || (id == RLIMIT_RSS))
11025 + __vx_cres_array_fixup(limit, VLA_RSS);
11027 + for (res = 0; res < NUM_LIMITS; res++) {
11028 + if ((id > 0) && (res != id))
11031 + value = __rlim_get(limit, res);
11032 + __vx_cres_fixup(limit, res, value);
11034 + /* not supposed to happen, maybe warn? */
11035 + if (__rlim_rmax(limit, res) > __rlim_hard(limit, res))
11036 + __rlim_rmax(limit, res) = __rlim_hard(limit, res);
11041 +#endif /* _VSERVER_LIMIT_INT_H */
11042 diff -NurpP --minimal linux-3.14.17/include/linux/vserver/monitor.h linux-3.14.17-vs2.3.6.13/include/linux/vserver/monitor.h
11043 --- linux-3.14.17/include/linux/vserver/monitor.h 1970-01-01 00:00:00.000000000 +0000
11044 +++ linux-3.14.17-vs2.3.6.13/include/linux/vserver/monitor.h 2014-08-30 14:27:38.000000000 +0000
11046 +#ifndef _VSERVER_MONITOR_H
11047 +#define _VSERVER_MONITOR_H
11049 +#include <uapi/vserver/monitor.h>
11051 +#endif /* _VSERVER_MONITOR_H */
11052 diff -NurpP --minimal linux-3.14.17/include/linux/vserver/network.h linux-3.14.17-vs2.3.6.13/include/linux/vserver/network.h
11053 --- linux-3.14.17/include/linux/vserver/network.h 1970-01-01 00:00:00.000000000 +0000
11054 +++ linux-3.14.17-vs2.3.6.13/include/linux/vserver/network.h 2014-08-30 14:27:38.000000000 +0000
11056 +#ifndef _VSERVER_NETWORK_H
11057 +#define _VSERVER_NETWORK_H
11060 +#include <linux/list.h>
11061 +#include <linux/spinlock.h>
11062 +#include <linux/rcupdate.h>
11063 +#include <linux/in.h>
11064 +#include <linux/in6.h>
11065 +#include <asm/atomic.h>
11066 +#include <uapi/vserver/network.h>
11068 +struct nx_addr_v4 {
11069 + struct nx_addr_v4 *next;
11070 + struct in_addr ip[2];
11071 + struct in_addr mask;
11076 +struct nx_addr_v6 {
11077 + struct nx_addr_v6 *next;
11078 + struct in6_addr ip;
11079 + struct in6_addr mask;
11086 + struct hlist_node nx_hlist; /* linked list of nxinfos */
11087 + vnid_t nx_id; /* vnet id */
11088 + atomic_t nx_usecnt; /* usage count */
11089 + atomic_t nx_tasks; /* tasks count */
11090 + int nx_state; /* context state */
11092 + uint64_t nx_flags; /* network flag word */
11093 + uint64_t nx_ncaps; /* network capabilities */
11095 + spinlock_t addr_lock; /* protect address changes */
11096 + struct in_addr v4_lback; /* Loopback address */
11097 + struct in_addr v4_bcast; /* Broadcast address */
11098 + struct nx_addr_v4 v4; /* First/Single ipv4 address */
11099 +#ifdef CONFIG_IPV6
11100 + struct nx_addr_v6 v6; /* First/Single ipv6 address */
11102 + char nx_name[65]; /* network context name */
11106 +/* status flags */
11108 +#define NXS_HASHED 0x0001
11109 +#define NXS_SHUTDOWN 0x0100
11110 +#define NXS_RELEASED 0x8000
11112 +extern struct nx_info *lookup_nx_info(int);
11114 +extern int get_nid_list(int, unsigned int *, int);
11115 +extern int nid_is_hashed(vnid_t);
11117 +extern int nx_migrate_task(struct task_struct *, struct nx_info *);
11119 +extern long vs_net_change(struct nx_info *, unsigned int);
11124 +#define NX_IPV4(n) ((n)->v4.type != NXA_TYPE_NONE)
11125 +#ifdef CONFIG_IPV6
11126 +#define NX_IPV6(n) ((n)->v6.type != NXA_TYPE_NONE)
11128 +#define NX_IPV6(n) (0)
11131 +#endif /* _VSERVER_NETWORK_H */
11132 diff -NurpP --minimal linux-3.14.17/include/linux/vserver/network_cmd.h linux-3.14.17-vs2.3.6.13/include/linux/vserver/network_cmd.h
11133 --- linux-3.14.17/include/linux/vserver/network_cmd.h 1970-01-01 00:00:00.000000000 +0000
11134 +++ linux-3.14.17-vs2.3.6.13/include/linux/vserver/network_cmd.h 2014-08-30 14:27:38.000000000 +0000
11136 +#ifndef _VSERVER_NETWORK_CMD_H
11137 +#define _VSERVER_NETWORK_CMD_H
11139 +#include <uapi/vserver/network_cmd.h>
11141 +extern int vc_task_nid(uint32_t);
11143 +extern int vc_nx_info(struct nx_info *, void __user *);
11145 +extern int vc_net_create(uint32_t, void __user *);
11146 +extern int vc_net_migrate(struct nx_info *, void __user *);
11148 +extern int vc_net_add(struct nx_info *, void __user *);
11149 +extern int vc_net_remove(struct nx_info *, void __user *);
11151 +extern int vc_net_add_ipv4_v1(struct nx_info *, void __user *);
11152 +extern int vc_net_add_ipv4(struct nx_info *, void __user *);
11154 +extern int vc_net_rem_ipv4_v1(struct nx_info *, void __user *);
11155 +extern int vc_net_rem_ipv4(struct nx_info *, void __user *);
11157 +extern int vc_net_add_ipv6(struct nx_info *, void __user *);
11158 +extern int vc_net_remove_ipv6(struct nx_info *, void __user *);
11160 +extern int vc_add_match_ipv4(struct nx_info *, void __user *);
11161 +extern int vc_get_match_ipv4(struct nx_info *, void __user *);
11163 +extern int vc_add_match_ipv6(struct nx_info *, void __user *);
11164 +extern int vc_get_match_ipv6(struct nx_info *, void __user *);
11166 +extern int vc_get_nflags(struct nx_info *, void __user *);
11167 +extern int vc_set_nflags(struct nx_info *, void __user *);
11169 +extern int vc_get_ncaps(struct nx_info *, void __user *);
11170 +extern int vc_set_ncaps(struct nx_info *, void __user *);
11172 +#endif /* _VSERVER_CONTEXT_CMD_H */
11173 diff -NurpP --minimal linux-3.14.17/include/linux/vserver/percpu.h linux-3.14.17-vs2.3.6.13/include/linux/vserver/percpu.h
11174 --- linux-3.14.17/include/linux/vserver/percpu.h 1970-01-01 00:00:00.000000000 +0000
11175 +++ linux-3.14.17-vs2.3.6.13/include/linux/vserver/percpu.h 2014-08-30 14:27:38.000000000 +0000
11177 +#ifndef _VSERVER_PERCPU_H
11178 +#define _VSERVER_PERCPU_H
11180 +#include "cvirt_def.h"
11181 +#include "sched_def.h"
11183 +struct _vx_percpu {
11184 + struct _vx_cvirt_pc cvirt;
11185 + struct _vx_sched_pc sched;
11188 +#define PERCPU_PERCTX (sizeof(struct _vx_percpu))
11190 +#endif /* _VSERVER_PERCPU_H */
11191 diff -NurpP --minimal linux-3.14.17/include/linux/vserver/pid.h linux-3.14.17-vs2.3.6.13/include/linux/vserver/pid.h
11192 --- linux-3.14.17/include/linux/vserver/pid.h 1970-01-01 00:00:00.000000000 +0000
11193 +++ linux-3.14.17-vs2.3.6.13/include/linux/vserver/pid.h 2014-08-30 14:27:38.000000000 +0000
11195 +#ifndef _VSERVER_PID_H
11196 +#define _VSERVER_PID_H
11198 +/* pid faking stuff */
11200 +#define vx_info_map_pid(v, p) \
11201 + __vx_info_map_pid((v), (p), __func__, __FILE__, __LINE__)
11202 +#define vx_info_map_tgid(v,p) vx_info_map_pid(v,p)
11203 +#define vx_map_pid(p) vx_info_map_pid(current_vx_info(), p)
11204 +#define vx_map_tgid(p) vx_map_pid(p)
11206 +static inline int __vx_info_map_pid(struct vx_info *vxi, int pid,
11207 + const char *func, const char *file, int line)
11209 + if (vx_info_flags(vxi, VXF_INFO_INIT, 0)) {
11210 + vxfprintk(VXD_CBIT(cvirt, 2),
11211 + "vx_map_tgid: %p/%llx: %d -> %d",
11212 + vxi, (long long)vxi->vx_flags, pid,
11213 + (pid && pid == vxi->vx_initpid) ? 1 : pid,
11214 + func, file, line);
11217 + if (pid == vxi->vx_initpid)
11223 +#define vx_info_rmap_pid(v, p) \
11224 + __vx_info_rmap_pid((v), (p), __func__, __FILE__, __LINE__)
11225 +#define vx_rmap_pid(p) vx_info_rmap_pid(current_vx_info(), p)
11226 +#define vx_rmap_tgid(p) vx_rmap_pid(p)
11228 +static inline int __vx_info_rmap_pid(struct vx_info *vxi, int pid,
11229 + const char *func, const char *file, int line)
11231 + if (vx_info_flags(vxi, VXF_INFO_INIT, 0)) {
11232 + vxfprintk(VXD_CBIT(cvirt, 2),
11233 + "vx_rmap_tgid: %p/%llx: %d -> %d",
11234 + vxi, (long long)vxi->vx_flags, pid,
11235 + (pid == 1) ? vxi->vx_initpid : pid,
11236 + func, file, line);
11237 + if ((pid == 1) && vxi->vx_initpid)
11238 + return vxi->vx_initpid;
11239 + if (pid == vxi->vx_initpid)
11246 diff -NurpP --minimal linux-3.14.17/include/linux/vserver/sched.h linux-3.14.17-vs2.3.6.13/include/linux/vserver/sched.h
11247 --- linux-3.14.17/include/linux/vserver/sched.h 1970-01-01 00:00:00.000000000 +0000
11248 +++ linux-3.14.17-vs2.3.6.13/include/linux/vserver/sched.h 2014-08-30 14:27:38.000000000 +0000
11250 +#ifndef _VSERVER_SCHED_H
11251 +#define _VSERVER_SCHED_H
11258 +void vx_vsi_uptime(struct timespec *, struct timespec *);
11263 +void vx_update_load(struct vx_info *);
11266 +void vx_update_sched_param(struct _vx_sched *sched,
11267 + struct _vx_sched_pc *sched_pc);
11269 +#endif /* __KERNEL__ */
11270 +#else /* _VSERVER_SCHED_H */
11271 +#warning duplicate inclusion
11272 +#endif /* _VSERVER_SCHED_H */
11273 diff -NurpP --minimal linux-3.14.17/include/linux/vserver/sched_cmd.h linux-3.14.17-vs2.3.6.13/include/linux/vserver/sched_cmd.h
11274 --- linux-3.14.17/include/linux/vserver/sched_cmd.h 1970-01-01 00:00:00.000000000 +0000
11275 +++ linux-3.14.17-vs2.3.6.13/include/linux/vserver/sched_cmd.h 2014-08-30 14:27:38.000000000 +0000
11277 +#ifndef _VSERVER_SCHED_CMD_H
11278 +#define _VSERVER_SCHED_CMD_H
11281 +#include <linux/compiler.h>
11282 +#include <uapi/vserver/sched_cmd.h>
11284 +extern int vc_set_prio_bias(struct vx_info *, void __user *);
11285 +extern int vc_get_prio_bias(struct vx_info *, void __user *);
11287 +#endif /* _VSERVER_SCHED_CMD_H */
11288 diff -NurpP --minimal linux-3.14.17/include/linux/vserver/sched_def.h linux-3.14.17-vs2.3.6.13/include/linux/vserver/sched_def.h
11289 --- linux-3.14.17/include/linux/vserver/sched_def.h 1970-01-01 00:00:00.000000000 +0000
11290 +++ linux-3.14.17-vs2.3.6.13/include/linux/vserver/sched_def.h 2014-08-30 14:27:38.000000000 +0000
11292 +#ifndef _VSERVER_SCHED_DEF_H
11293 +#define _VSERVER_SCHED_DEF_H
11295 +#include <linux/spinlock.h>
11296 +#include <linux/jiffies.h>
11297 +#include <linux/cpumask.h>
11298 +#include <asm/atomic.h>
11299 +#include <asm/param.h>
11302 +/* context sub struct */
11304 +struct _vx_sched {
11305 + int prio_bias; /* bias offset for priority */
11307 + cpumask_t update; /* CPUs which should update */
11310 +struct _vx_sched_pc {
11311 + int prio_bias; /* bias offset for priority */
11313 + uint64_t user_ticks; /* token tick events */
11314 + uint64_t sys_ticks; /* token tick events */
11315 + uint64_t hold_ticks; /* token ticks paused */
11319 +#ifdef CONFIG_VSERVER_DEBUG
11321 +static inline void __dump_vx_sched(struct _vx_sched *sched)
11323 + printk("\t_vx_sched:\n");
11324 + printk("\t priority = %4d\n", sched->prio_bias);
11329 +#endif /* _VSERVER_SCHED_DEF_H */
11330 diff -NurpP --minimal linux-3.14.17/include/linux/vserver/signal.h linux-3.14.17-vs2.3.6.13/include/linux/vserver/signal.h
11331 --- linux-3.14.17/include/linux/vserver/signal.h 1970-01-01 00:00:00.000000000 +0000
11332 +++ linux-3.14.17-vs2.3.6.13/include/linux/vserver/signal.h 2014-08-30 14:27:38.000000000 +0000
11334 +#ifndef _VSERVER_SIGNAL_H
11335 +#define _VSERVER_SIGNAL_H
11342 +int vx_info_kill(struct vx_info *, int, int);
11344 +#endif /* __KERNEL__ */
11345 +#else /* _VSERVER_SIGNAL_H */
11346 +#warning duplicate inclusion
11347 +#endif /* _VSERVER_SIGNAL_H */
11348 diff -NurpP --minimal linux-3.14.17/include/linux/vserver/signal_cmd.h linux-3.14.17-vs2.3.6.13/include/linux/vserver/signal_cmd.h
11349 --- linux-3.14.17/include/linux/vserver/signal_cmd.h 1970-01-01 00:00:00.000000000 +0000
11350 +++ linux-3.14.17-vs2.3.6.13/include/linux/vserver/signal_cmd.h 2014-08-30 14:27:38.000000000 +0000
11352 +#ifndef _VSERVER_SIGNAL_CMD_H
11353 +#define _VSERVER_SIGNAL_CMD_H
11355 +#include <uapi/vserver/signal_cmd.h>
11358 +extern int vc_ctx_kill(struct vx_info *, void __user *);
11359 +extern int vc_wait_exit(struct vx_info *, void __user *);
11362 +extern int vc_get_pflags(uint32_t pid, void __user *);
11363 +extern int vc_set_pflags(uint32_t pid, void __user *);
11365 +#endif /* _VSERVER_SIGNAL_CMD_H */
11366 diff -NurpP --minimal linux-3.14.17/include/linux/vserver/space.h linux-3.14.17-vs2.3.6.13/include/linux/vserver/space.h
11367 --- linux-3.14.17/include/linux/vserver/space.h 1970-01-01 00:00:00.000000000 +0000
11368 +++ linux-3.14.17-vs2.3.6.13/include/linux/vserver/space.h 2014-08-30 14:27:38.000000000 +0000
11370 +#ifndef _VSERVER_SPACE_H
11371 +#define _VSERVER_SPACE_H
11373 +#include <linux/types.h>
11377 +int vx_set_space(struct vx_info *vxi, unsigned long mask, unsigned index);
11379 +#else /* _VSERVER_SPACE_H */
11380 +#warning duplicate inclusion
11381 +#endif /* _VSERVER_SPACE_H */
11382 diff -NurpP --minimal linux-3.14.17/include/linux/vserver/space_cmd.h linux-3.14.17-vs2.3.6.13/include/linux/vserver/space_cmd.h
11383 --- linux-3.14.17/include/linux/vserver/space_cmd.h 1970-01-01 00:00:00.000000000 +0000
11384 +++ linux-3.14.17-vs2.3.6.13/include/linux/vserver/space_cmd.h 2014-08-30 14:27:38.000000000 +0000
11386 +#ifndef _VSERVER_SPACE_CMD_H
11387 +#define _VSERVER_SPACE_CMD_H
11389 +#include <uapi/vserver/space_cmd.h>
11392 +extern int vc_enter_space_v1(struct vx_info *, void __user *);
11393 +extern int vc_set_space_v1(struct vx_info *, void __user *);
11394 +extern int vc_enter_space(struct vx_info *, void __user *);
11395 +extern int vc_set_space(struct vx_info *, void __user *);
11396 +extern int vc_get_space_mask(void __user *, int);
11398 +#endif /* _VSERVER_SPACE_CMD_H */
11399 diff -NurpP --minimal linux-3.14.17/include/linux/vserver/switch.h linux-3.14.17-vs2.3.6.13/include/linux/vserver/switch.h
11400 --- linux-3.14.17/include/linux/vserver/switch.h 1970-01-01 00:00:00.000000000 +0000
11401 +++ linux-3.14.17-vs2.3.6.13/include/linux/vserver/switch.h 2014-08-30 14:27:38.000000000 +0000
11403 +#ifndef _VSERVER_SWITCH_H
11404 +#define _VSERVER_SWITCH_H
11407 +#include <linux/errno.h>
11408 +#include <uapi/vserver/switch.h>
11410 +#endif /* _VSERVER_SWITCH_H */
11411 diff -NurpP --minimal linux-3.14.17/include/linux/vserver/tag.h linux-3.14.17-vs2.3.6.13/include/linux/vserver/tag.h
11412 --- linux-3.14.17/include/linux/vserver/tag.h 1970-01-01 00:00:00.000000000 +0000
11413 +++ linux-3.14.17-vs2.3.6.13/include/linux/vserver/tag.h 2014-08-30 14:27:38.000000000 +0000
11418 +#include <linux/types.h>
11419 +#include <linux/uidgid.h>
11422 +#define DX_TAG(in) (IS_TAGGED(in))
11425 +#ifdef CONFIG_TAG_NFSD
11426 +#define DX_TAG_NFSD 1
11428 +#define DX_TAG_NFSD 0
11432 +#ifdef CONFIG_TAGGING_NONE
11434 +#define MAX_UID 0xFFFFFFFF
11435 +#define MAX_GID 0xFFFFFFFF
11437 +#define INOTAG_TAG(cond, uid, gid, tag) (0)
11439 +#define TAGINO_UID(cond, uid, tag) (uid)
11440 +#define TAGINO_GID(cond, gid, tag) (gid)
11445 +#ifdef CONFIG_TAGGING_GID16
11447 +#define MAX_UID 0xFFFFFFFF
11448 +#define MAX_GID 0x0000FFFF
11450 +#define INOTAG_TAG(cond, uid, gid, tag) \
11451 + ((cond) ? (((gid) >> 16) & 0xFFFF) : 0)
11453 +#define TAGINO_UID(cond, uid, tag) (uid)
11454 +#define TAGINO_GID(cond, gid, tag) \
11455 + ((cond) ? (((gid) & 0xFFFF) | ((tag) << 16)) : (gid))
11460 +#ifdef CONFIG_TAGGING_ID24
11462 +#define MAX_UID 0x00FFFFFF
11463 +#define MAX_GID 0x00FFFFFF
11465 +#define INOTAG_TAG(cond, uid, gid, tag) \
11466 + ((cond) ? ((((uid) >> 16) & 0xFF00) | (((gid) >> 24) & 0xFF)) : 0)
11468 +#define TAGINO_UID(cond, uid, tag) \
11469 + ((cond) ? (((uid) & 0xFFFFFF) | (((tag) & 0xFF00) << 16)) : (uid))
11470 +#define TAGINO_GID(cond, gid, tag) \
11471 + ((cond) ? (((gid) & 0xFFFFFF) | (((tag) & 0x00FF) << 24)) : (gid))
11476 +#ifdef CONFIG_TAGGING_UID16
11478 +#define MAX_UID 0x0000FFFF
11479 +#define MAX_GID 0xFFFFFFFF
11481 +#define INOTAG_TAG(cond, uid, gid, tag) \
11482 + ((cond) ? (((uid) >> 16) & 0xFFFF) : 0)
11484 +#define TAGINO_UID(cond, uid, tag) \
11485 + ((cond) ? (((uid) & 0xFFFF) | ((tag) << 16)) : (uid))
11486 +#define TAGINO_GID(cond, gid, tag) (gid)
11491 +#ifdef CONFIG_TAGGING_INTERN
11493 +#define MAX_UID 0xFFFFFFFF
11494 +#define MAX_GID 0xFFFFFFFF
11496 +#define INOTAG_TAG(cond, uid, gid, tag) \
11497 + ((cond) ? (tag) : 0)
11499 +#define TAGINO_UID(cond, uid, tag) (uid)
11500 +#define TAGINO_GID(cond, gid, tag) (gid)
11505 +#ifndef CONFIG_TAGGING_NONE
11506 +#define dx_current_fstag(sb) \
11507 + ((sb)->s_flags & MS_TAGGED ? dx_current_tag() : 0)
11509 +#define dx_current_fstag(sb) (0)
11512 +#ifndef CONFIG_TAGGING_INTERN
11513 +#define TAGINO_TAG(cond, tag) (0)
11515 +#define TAGINO_TAG(cond, tag) ((cond) ? (tag) : 0)
11518 +#define TAGINO_KUID(cond, kuid, ktag) \
11519 + KUIDT_INIT(TAGINO_UID(cond, __kuid_val(kuid), __ktag_val(ktag)))
11520 +#define TAGINO_KGID(cond, kgid, ktag) \
11521 + KGIDT_INIT(TAGINO_GID(cond, __kgid_val(kgid), __ktag_val(ktag)))
11522 +#define TAGINO_KTAG(cond, ktag) \
11523 + KTAGT_INIT(TAGINO_TAG(cond, __ktag_val(ktag)))
11526 +#define INOTAG_UID(cond, uid, gid) \
11527 + ((cond) ? ((uid) & MAX_UID) : (uid))
11528 +#define INOTAG_GID(cond, uid, gid) \
11529 + ((cond) ? ((gid) & MAX_GID) : (gid))
11531 +#define INOTAG_KUID(cond, kuid, kgid) \
11532 + KUIDT_INIT(INOTAG_UID(cond, __kuid_val(kuid), __kgid_val(kgid)))
11533 +#define INOTAG_KGID(cond, kuid, kgid) \
11534 + KGIDT_INIT(INOTAG_GID(cond, __kuid_val(kuid), __kgid_val(kgid)))
11535 +#define INOTAG_KTAG(cond, kuid, kgid, ktag) \
11536 + KTAGT_INIT(INOTAG_TAG(cond, \
11537 + __kuid_val(kuid), __kgid_val(kgid), __ktag_val(ktag)))
11540 +static inline uid_t dx_map_uid(uid_t uid)
11542 + if ((uid > MAX_UID) && (uid != -1))
11544 + return (uid & MAX_UID);
11547 +static inline gid_t dx_map_gid(gid_t gid)
11549 + if ((gid > MAX_GID) && (gid != -1))
11551 + return (gid & MAX_GID);
11559 +#define dx_notagcheck(sb) ((sb) && ((sb)->s_flags & MS_NOTAGCHECK))
11561 +int dx_parse_tag(char *string, vtag_t *tag, int remove, int *mnt_flags,
11562 + unsigned long *flags);
11564 +#ifdef CONFIG_PROPAGATE
11566 +void __dx_propagate_tag(struct nameidata *nd, struct inode *inode);
11568 +#define dx_propagate_tag(n, i) __dx_propagate_tag(n, i)
11571 +#define dx_propagate_tag(n, i) do { } while (0)
11574 +#endif /* _DX_TAG_H */
11575 diff -NurpP --minimal linux-3.14.17/include/linux/vserver/tag_cmd.h linux-3.14.17-vs2.3.6.13/include/linux/vserver/tag_cmd.h
11576 --- linux-3.14.17/include/linux/vserver/tag_cmd.h 1970-01-01 00:00:00.000000000 +0000
11577 +++ linux-3.14.17-vs2.3.6.13/include/linux/vserver/tag_cmd.h 2014-08-30 14:27:38.000000000 +0000
11579 +#ifndef _VSERVER_TAG_CMD_H
11580 +#define _VSERVER_TAG_CMD_H
11582 +#include <uapi/vserver/tag_cmd.h>
11584 +extern int vc_task_tag(uint32_t);
11586 +extern int vc_tag_migrate(uint32_t);
11588 +#endif /* _VSERVER_TAG_CMD_H */
11589 diff -NurpP --minimal linux-3.14.17/include/net/addrconf.h linux-3.14.17-vs2.3.6.13/include/net/addrconf.h
11590 --- linux-3.14.17/include/net/addrconf.h 2014-08-14 01:38:34.000000000 +0000
11591 +++ linux-3.14.17-vs2.3.6.13/include/net/addrconf.h 2014-08-30 14:27:38.000000000 +0000
11592 @@ -79,7 +79,7 @@ struct inet6_ifaddr *ipv6_get_ifaddr(str
11594 int ipv6_dev_get_saddr(struct net *net, const struct net_device *dev,
11595 const struct in6_addr *daddr, unsigned int srcprefs,
11596 - struct in6_addr *saddr);
11597 + struct in6_addr *saddr, struct nx_info *nxi);
11598 int __ipv6_get_lladdr(struct inet6_dev *idev, struct in6_addr *addr,
11600 int ipv6_get_lladdr(struct net_device *dev, struct in6_addr *addr,
11601 diff -NurpP --minimal linux-3.14.17/include/net/af_unix.h linux-3.14.17-vs2.3.6.13/include/net/af_unix.h
11602 --- linux-3.14.17/include/net/af_unix.h 2014-08-14 01:38:34.000000000 +0000
11603 +++ linux-3.14.17-vs2.3.6.13/include/net/af_unix.h 2014-08-30 14:27:38.000000000 +0000
11605 #include <linux/socket.h>
11606 #include <linux/un.h>
11607 #include <linux/mutex.h>
11608 +#include <linux/vs_base.h>
11609 #include <net/sock.h>
11611 void unix_inflight(struct file *fp);
11612 diff -NurpP --minimal linux-3.14.17/include/net/inet_timewait_sock.h linux-3.14.17-vs2.3.6.13/include/net/inet_timewait_sock.h
11613 --- linux-3.14.17/include/net/inet_timewait_sock.h 2014-08-14 01:38:34.000000000 +0000
11614 +++ linux-3.14.17-vs2.3.6.13/include/net/inet_timewait_sock.h 2014-08-30 14:27:38.000000000 +0000
11615 @@ -121,6 +121,10 @@ struct inet_timewait_sock {
11616 #define tw_v6_rcv_saddr __tw_common.skc_v6_rcv_saddr
11617 #define tw_dport __tw_common.skc_dport
11618 #define tw_num __tw_common.skc_num
11619 +#define tw_xid __tw_common.skc_xid
11620 +#define tw_vx_info __tw_common.skc_vx_info
11621 +#define tw_nid __tw_common.skc_nid
11622 +#define tw_nx_info __tw_common.skc_nx_info
11625 volatile unsigned char tw_substate;
11626 diff -NurpP --minimal linux-3.14.17/include/net/ip6_route.h linux-3.14.17-vs2.3.6.13/include/net/ip6_route.h
11627 --- linux-3.14.17/include/net/ip6_route.h 2014-08-14 01:38:34.000000000 +0000
11628 +++ linux-3.14.17-vs2.3.6.13/include/net/ip6_route.h 2014-08-30 14:27:38.000000000 +0000
11629 @@ -75,7 +75,7 @@ int ip6_del_rt(struct rt6_info *);
11631 int ip6_route_get_saddr(struct net *net, struct rt6_info *rt,
11632 const struct in6_addr *daddr, unsigned int prefs,
11633 - struct in6_addr *saddr);
11634 + struct in6_addr *saddr, struct nx_info *nxi);
11636 struct rt6_info *rt6_lookup(struct net *net, const struct in6_addr *daddr,
11637 const struct in6_addr *saddr, int oif, int flags);
11638 diff -NurpP --minimal linux-3.14.17/include/net/route.h linux-3.14.17-vs2.3.6.13/include/net/route.h
11639 --- linux-3.14.17/include/net/route.h 2014-08-14 01:38:34.000000000 +0000
11640 +++ linux-3.14.17-vs2.3.6.13/include/net/route.h 2014-08-30 14:28:51.000000000 +0000
11641 @@ -206,6 +206,9 @@ static inline void ip_rt_put(struct rtab
11642 dst_release(&rt->dst);
11645 +#include <linux/vs_base.h>
11646 +#include <linux/vs_inet.h>
11648 #define IPTOS_RT_MASK (IPTOS_TOS_MASK & ~3)
11650 extern const __u8 ip_tos2prio[16];
11651 @@ -253,6 +256,9 @@ static inline void ip_route_connect_init
11652 protocol, flow_flags, dst, src, dport, sport);
11655 +extern struct rtable *ip_v4_find_src(struct net *net, struct nx_info *,
11656 + struct flowi4 *);
11658 static inline struct rtable *ip_route_connect(struct flowi4 *fl4,
11659 __be32 dst, __be32 src, u32 tos,
11660 int oif, u8 protocol,
11661 @@ -261,11 +267,25 @@ static inline struct rtable *ip_route_co
11663 struct net *net = sock_net(sk);
11665 + struct nx_info *nx_info = current_nx_info();
11667 ip_route_connect_init(fl4, dst, src, tos, oif, protocol,
11670 - if (!dst || !src) {
11672 + nx_info = sk->sk_nx_info;
11674 + vxdprintk(VXD_CBIT(net, 4),
11675 + "ip_route_connect(%p) %p,%p;%lx",
11676 + sk, nx_info, sk->sk_socket,
11677 + (sk->sk_socket?sk->sk_socket->flags:0));
11679 + rt = ip_v4_find_src(net, nx_info, fl4);
11684 + if (!fl4->daddr || !fl4->saddr) {
11685 rt = __ip_route_output_key(net, fl4);
11688 diff -NurpP --minimal linux-3.14.17/include/net/sock.h linux-3.14.17-vs2.3.6.13/include/net/sock.h
11689 --- linux-3.14.17/include/net/sock.h 2014-08-14 01:38:34.000000000 +0000
11690 +++ linux-3.14.17-vs2.3.6.13/include/net/sock.h 2014-08-30 14:27:38.000000000 +0000
11691 @@ -191,6 +191,10 @@ struct sock_common {
11692 #ifdef CONFIG_NET_NS
11693 struct net *skc_net;
11696 + struct vx_info *skc_vx_info;
11698 + struct nx_info *skc_nx_info;
11700 #if IS_ENABLED(CONFIG_IPV6)
11701 struct in6_addr skc_v6_daddr;
11702 @@ -321,7 +325,11 @@ struct sock {
11703 #define sk_prot __sk_common.skc_prot
11704 #define sk_net __sk_common.skc_net
11705 #define sk_v6_daddr __sk_common.skc_v6_daddr
11706 -#define sk_v6_rcv_saddr __sk_common.skc_v6_rcv_saddr
11707 +#define sk_v6_rcv_saddr __sk_common.skc_v6_rcv_saddr
11708 +#define sk_xid __sk_common.skc_xid
11709 +#define sk_vx_info __sk_common.skc_vx_info
11710 +#define sk_nid __sk_common.skc_nid
11711 +#define sk_nx_info __sk_common.skc_nx_info
11713 socket_lock_t sk_lock;
11714 struct sk_buff_head sk_receive_queue;
11715 diff -NurpP --minimal linux-3.14.17/include/uapi/Kbuild linux-3.14.17-vs2.3.6.13/include/uapi/Kbuild
11716 --- linux-3.14.17/include/uapi/Kbuild 2014-08-14 01:38:34.000000000 +0000
11717 +++ linux-3.14.17-vs2.3.6.13/include/uapi/Kbuild 2014-08-30 14:27:38.000000000 +0000
11718 @@ -12,3 +12,4 @@ header-y += video/
11722 +header-y += vserver/
11723 diff -NurpP --minimal linux-3.14.17/include/uapi/linux/capability.h linux-3.14.17-vs2.3.6.13/include/uapi/linux/capability.h
11724 --- linux-3.14.17/include/uapi/linux/capability.h 2014-08-14 01:38:34.000000000 +0000
11725 +++ linux-3.14.17-vs2.3.6.13/include/uapi/linux/capability.h 2014-08-30 14:27:38.000000000 +0000
11726 @@ -259,6 +259,7 @@ struct vfs_cap_data {
11727 arbitrary SCSI commands */
11728 /* Allow setting encryption key on loopback filesystem */
11729 /* Allow setting zone reclaim policy */
11730 +/* Allow the selection of a security context */
11732 #define CAP_SYS_ADMIN 21
11734 @@ -345,7 +346,12 @@ struct vfs_cap_data {
11736 #define CAP_LAST_CAP CAP_BLOCK_SUSPEND
11738 -#define cap_valid(x) ((x) >= 0 && (x) <= CAP_LAST_CAP)
11739 +/* Allow context manipulations */
11740 +/* Allow changing context info on files */
11742 +#define CAP_CONTEXT 63
11744 +#define cap_valid(x) ((x) >= 0 && ((x) <= CAP_LAST_CAP || (x) == CAP_CONTEXT))
11747 * Bit location of each capability (used by user-space library and kernel)
11748 diff -NurpP --minimal linux-3.14.17/include/uapi/linux/fs.h linux-3.14.17-vs2.3.6.13/include/uapi/linux/fs.h
11749 --- linux-3.14.17/include/uapi/linux/fs.h 2014-08-14 01:38:34.000000000 +0000
11750 +++ linux-3.14.17-vs2.3.6.13/include/uapi/linux/fs.h 2014-08-30 14:27:38.000000000 +0000
11751 @@ -86,6 +86,9 @@ struct inodes_stat_t {
11752 #define MS_KERNMOUNT (1<<22) /* this is a kern_mount call */
11753 #define MS_I_VERSION (1<<23) /* Update inode I_version field */
11754 #define MS_STRICTATIME (1<<24) /* Always perform atime updates */
11755 +#define MS_TAGGED (1<<8) /* use generic inode tagging */
11756 +#define MS_NOTAGCHECK (1<<9) /* don't check tags */
11757 +#define MS_TAGID (1<<25) /* use specific tag for this mount */
11759 /* These sb flags are internal to the kernel */
11760 #define MS_NOSEC (1<<28)
11761 @@ -191,11 +194,14 @@ struct inodes_stat_t {
11762 #define FS_EXTENT_FL 0x00080000 /* Extents */
11763 #define FS_DIRECTIO_FL 0x00100000 /* Use direct i/o */
11764 #define FS_NOCOW_FL 0x00800000 /* Do not cow file */
11765 +#define FS_IXUNLINK_FL 0x08000000 /* Immutable invert on unlink */
11766 #define FS_RESERVED_FL 0x80000000 /* reserved for ext2 lib */
11768 -#define FS_FL_USER_VISIBLE 0x0003DFFF /* User visible flags */
11769 -#define FS_FL_USER_MODIFIABLE 0x000380FF /* User modifiable flags */
11770 +#define FS_BARRIER_FL 0x04000000 /* Barrier for chroot() */
11771 +#define FS_COW_FL 0x20000000 /* Copy on Write marker */
11773 +#define FS_FL_USER_VISIBLE 0x0103DFFF /* User visible flags */
11774 +#define FS_FL_USER_MODIFIABLE 0x010380FF /* User modifiable flags */
11776 #define SYNC_FILE_RANGE_WAIT_BEFORE 1
11777 #define SYNC_FILE_RANGE_WRITE 2
11778 diff -NurpP --minimal linux-3.14.17/include/uapi/linux/gfs2_ondisk.h linux-3.14.17-vs2.3.6.13/include/uapi/linux/gfs2_ondisk.h
11779 --- linux-3.14.17/include/uapi/linux/gfs2_ondisk.h 2014-08-14 01:38:34.000000000 +0000
11780 +++ linux-3.14.17-vs2.3.6.13/include/uapi/linux/gfs2_ondisk.h 2014-08-30 14:27:38.000000000 +0000
11781 @@ -225,6 +225,9 @@ enum {
11784 gfs2fl_TopLevel = 10,
11785 + gfs2fl_IXUnlink = 16,
11786 + gfs2fl_Barrier = 17,
11788 gfs2fl_TruncInProg = 29,
11789 gfs2fl_InheritDirectio = 30,
11790 gfs2fl_InheritJdata = 31,
11791 @@ -242,6 +245,9 @@ enum {
11792 #define GFS2_DIF_SYNC 0x00000100
11793 #define GFS2_DIF_SYSTEM 0x00000200 /* New in gfs2 */
11794 #define GFS2_DIF_TOPDIR 0x00000400 /* New in gfs2 */
11795 +#define GFS2_DIF_IXUNLINK 0x00010000
11796 +#define GFS2_DIF_BARRIER 0x00020000
11797 +#define GFS2_DIF_COW 0x00040000
11798 #define GFS2_DIF_TRUNC_IN_PROG 0x20000000 /* New in gfs2 */
11799 #define GFS2_DIF_INHERIT_DIRECTIO 0x40000000 /* only in gfs1 */
11800 #define GFS2_DIF_INHERIT_JDATA 0x80000000
11801 diff -NurpP --minimal linux-3.14.17/include/uapi/linux/if_tun.h linux-3.14.17-vs2.3.6.13/include/uapi/linux/if_tun.h
11802 --- linux-3.14.17/include/uapi/linux/if_tun.h 2014-08-14 01:38:34.000000000 +0000
11803 +++ linux-3.14.17-vs2.3.6.13/include/uapi/linux/if_tun.h 2014-08-30 14:27:38.000000000 +0000
11805 #define TUNSETQUEUE _IOW('T', 217, int)
11806 #define TUNSETIFINDEX _IOW('T', 218, unsigned int)
11807 #define TUNGETFILTER _IOR('T', 219, struct sock_fprog)
11808 +#define TUNSETNID _IOW('T', 220, int)
11810 /* TUNSETIFF ifr flags */
11811 #define IFF_TUN 0x0001
11812 diff -NurpP --minimal linux-3.14.17/include/uapi/linux/major.h linux-3.14.17-vs2.3.6.13/include/uapi/linux/major.h
11813 --- linux-3.14.17/include/uapi/linux/major.h 2014-08-14 01:38:34.000000000 +0000
11814 +++ linux-3.14.17-vs2.3.6.13/include/uapi/linux/major.h 2014-08-30 14:27:38.000000000 +0000
11816 #define HD_MAJOR IDE0_MAJOR
11817 #define PTY_SLAVE_MAJOR 3
11818 #define TTY_MAJOR 4
11819 +#define VROOT_MAJOR 4
11820 #define TTYAUX_MAJOR 5
11822 #define VCS_MAJOR 7
11823 diff -NurpP --minimal linux-3.14.17/include/uapi/linux/nfs_mount.h linux-3.14.17-vs2.3.6.13/include/uapi/linux/nfs_mount.h
11824 --- linux-3.14.17/include/uapi/linux/nfs_mount.h 2014-08-14 01:38:34.000000000 +0000
11825 +++ linux-3.14.17-vs2.3.6.13/include/uapi/linux/nfs_mount.h 2014-08-30 14:27:38.000000000 +0000
11826 @@ -63,7 +63,8 @@ struct nfs_mount_data {
11827 #define NFS_MOUNT_SECFLAVOUR 0x2000 /* 5 non-text parsed mount data only */
11828 #define NFS_MOUNT_NORDIRPLUS 0x4000 /* 5 */
11829 #define NFS_MOUNT_UNSHARED 0x8000 /* 5 */
11830 -#define NFS_MOUNT_FLAGMASK 0xFFFF
11831 +#define NFS_MOUNT_TAGGED 0x10000 /* context tagging */
11832 +#define NFS_MOUNT_FLAGMASK 0x1FFFF
11834 /* The following are for internal use only */
11835 #define NFS_MOUNT_LOOKUP_CACHE_NONEG 0x10000
11836 diff -NurpP --minimal linux-3.14.17/include/uapi/linux/reboot.h linux-3.14.17-vs2.3.6.13/include/uapi/linux/reboot.h
11837 --- linux-3.14.17/include/uapi/linux/reboot.h 2014-08-14 01:38:34.000000000 +0000
11838 +++ linux-3.14.17-vs2.3.6.13/include/uapi/linux/reboot.h 2014-08-30 14:27:38.000000000 +0000
11840 #define LINUX_REBOOT_CMD_RESTART2 0xA1B2C3D4
11841 #define LINUX_REBOOT_CMD_SW_SUSPEND 0xD000FCE2
11842 #define LINUX_REBOOT_CMD_KEXEC 0x45584543
11844 +#define LINUX_REBOOT_CMD_OOM 0xDEADBEEF
11847 #endif /* _UAPI_LINUX_REBOOT_H */
11848 diff -NurpP --minimal linux-3.14.17/include/uapi/linux/sysctl.h linux-3.14.17-vs2.3.6.13/include/uapi/linux/sysctl.h
11849 --- linux-3.14.17/include/uapi/linux/sysctl.h 2014-08-14 01:38:34.000000000 +0000
11850 +++ linux-3.14.17-vs2.3.6.13/include/uapi/linux/sysctl.h 2014-08-30 14:27:38.000000000 +0000
11851 @@ -60,6 +60,7 @@ enum
11852 CTL_ABI=9, /* Binary emulation */
11853 CTL_CPU=10, /* CPU stuff (speed scaling, etc) */
11854 CTL_ARLAN=254, /* arlan wireless driver */
11855 + CTL_VSERVER=4242, /* Linux-VServer debug */
11856 CTL_S390DBF=5677, /* s390 debug */
11857 CTL_SUNRPC=7249, /* sunrpc debug */
11858 CTL_PM=9899, /* frv power management */
11859 @@ -94,6 +95,7 @@ enum
11861 KERN_PANIC=15, /* int: panic timeout */
11862 KERN_REALROOTDEV=16, /* real root device to mount after initrd */
11863 + KERN_VSHELPER=17, /* string: path to vshelper policy agent */
11865 KERN_SPARC_REBOOT=21, /* reboot command on Sparc */
11866 KERN_CTLALTDEL=22, /* int: allow ctl-alt-del to reboot */
11867 diff -NurpP --minimal linux-3.14.17/include/uapi/vserver/Kbuild linux-3.14.17-vs2.3.6.13/include/uapi/vserver/Kbuild
11868 --- linux-3.14.17/include/uapi/vserver/Kbuild 1970-01-01 00:00:00.000000000 +0000
11869 +++ linux-3.14.17-vs2.3.6.13/include/uapi/vserver/Kbuild 2014-08-30 14:27:38.000000000 +0000
11872 +header-y += context_cmd.h network_cmd.h space_cmd.h \
11873 + cacct_cmd.h cvirt_cmd.h limit_cmd.h dlimit_cmd.h \
11874 + inode_cmd.h tag_cmd.h sched_cmd.h signal_cmd.h \
11875 + debug_cmd.h device_cmd.h
11877 +header-y += switch.h context.h network.h monitor.h \
11878 + limit.h inode.h device.h
11880 diff -NurpP --minimal linux-3.14.17/include/uapi/vserver/cacct_cmd.h linux-3.14.17-vs2.3.6.13/include/uapi/vserver/cacct_cmd.h
11881 --- linux-3.14.17/include/uapi/vserver/cacct_cmd.h 1970-01-01 00:00:00.000000000 +0000
11882 +++ linux-3.14.17-vs2.3.6.13/include/uapi/vserver/cacct_cmd.h 2014-08-30 14:27:38.000000000 +0000
11884 +#ifndef _UAPI_VS_CACCT_CMD_H
11885 +#define _UAPI_VS_CACCT_CMD_H
11888 +/* virtual host info name commands */
11890 +#define VCMD_sock_stat VC_CMD(VSTAT, 5, 0)
11892 +struct vcmd_sock_stat_v0 {
11894 + uint32_t count[3];
11895 + uint64_t total[3];
11898 +#endif /* _UAPI_VS_CACCT_CMD_H */
11899 diff -NurpP --minimal linux-3.14.17/include/uapi/vserver/context.h linux-3.14.17-vs2.3.6.13/include/uapi/vserver/context.h
11900 --- linux-3.14.17/include/uapi/vserver/context.h 1970-01-01 00:00:00.000000000 +0000
11901 +++ linux-3.14.17-vs2.3.6.13/include/uapi/vserver/context.h 2014-08-30 14:27:38.000000000 +0000
11903 +#ifndef _UAPI_VS_CONTEXT_H
11904 +#define _UAPI_VS_CONTEXT_H
11906 +#include <linux/types.h>
11907 +#include <linux/capability.h>
11910 +/* context flags */
11912 +#define VXF_INFO_SCHED 0x00000002
11913 +#define VXF_INFO_NPROC 0x00000004
11914 +#define VXF_INFO_PRIVATE 0x00000008
11916 +#define VXF_INFO_INIT 0x00000010
11917 +#define VXF_INFO_HIDE 0x00000020
11918 +#define VXF_INFO_ULIMIT 0x00000040
11919 +#define VXF_INFO_NSPACE 0x00000080
11921 +#define VXF_SCHED_HARD 0x00000100
11922 +#define VXF_SCHED_PRIO 0x00000200
11923 +#define VXF_SCHED_PAUSE 0x00000400
11925 +#define VXF_VIRT_MEM 0x00010000
11926 +#define VXF_VIRT_UPTIME 0x00020000
11927 +#define VXF_VIRT_CPU 0x00040000
11928 +#define VXF_VIRT_LOAD 0x00080000
11929 +#define VXF_VIRT_TIME 0x00100000
11931 +#define VXF_HIDE_MOUNT 0x01000000
11932 +/* was VXF_HIDE_NETIF 0x02000000 */
11933 +#define VXF_HIDE_VINFO 0x04000000
11935 +#define VXF_STATE_SETUP (1ULL << 32)
11936 +#define VXF_STATE_INIT (1ULL << 33)
11937 +#define VXF_STATE_ADMIN (1ULL << 34)
11939 +#define VXF_SC_HELPER (1ULL << 36)
11940 +#define VXF_REBOOT_KILL (1ULL << 37)
11941 +#define VXF_PERSISTENT (1ULL << 38)
11943 +#define VXF_FORK_RSS (1ULL << 48)
11944 +#define VXF_PROLIFIC (1ULL << 49)
11946 +#define VXF_IGNEG_NICE (1ULL << 52)
11948 +#define VXF_ONE_TIME (0x0007ULL << 32)
11950 +#define VXF_INIT_SET (VXF_STATE_SETUP | VXF_STATE_INIT | VXF_STATE_ADMIN)
11953 +/* context migration */
11955 +#define VXM_SET_INIT 0x00000001
11956 +#define VXM_SET_REAPER 0x00000002
11958 +/* context caps */
11960 +#define VXC_SET_UTSNAME 0x00000001
11961 +#define VXC_SET_RLIMIT 0x00000002
11962 +#define VXC_FS_SECURITY 0x00000004
11963 +#define VXC_FS_TRUSTED 0x00000008
11964 +#define VXC_TIOCSTI 0x00000010
11966 +/* was VXC_RAW_ICMP 0x00000100 */
11967 +#define VXC_SYSLOG 0x00001000
11968 +#define VXC_OOM_ADJUST 0x00002000
11969 +#define VXC_AUDIT_CONTROL 0x00004000
11971 +#define VXC_SECURE_MOUNT 0x00010000
11972 +/* #define VXC_SECURE_REMOUNT 0x00020000 */
11973 +#define VXC_BINARY_MOUNT 0x00040000
11974 +#define VXC_DEV_MOUNT 0x00080000
11976 +#define VXC_QUOTA_CTL 0x00100000
11977 +#define VXC_ADMIN_MAPPER 0x00200000
11978 +#define VXC_ADMIN_CLOOP 0x00400000
11980 +#define VXC_KTHREAD 0x01000000
11981 +#define VXC_NAMESPACE 0x02000000
11983 +#endif /* _UAPI_VS_CONTEXT_H */
11984 diff -NurpP --minimal linux-3.14.17/include/uapi/vserver/context_cmd.h linux-3.14.17-vs2.3.6.13/include/uapi/vserver/context_cmd.h
11985 --- linux-3.14.17/include/uapi/vserver/context_cmd.h 1970-01-01 00:00:00.000000000 +0000
11986 +++ linux-3.14.17-vs2.3.6.13/include/uapi/vserver/context_cmd.h 2014-08-30 14:27:38.000000000 +0000
11988 +#ifndef _UAPI_VS_CONTEXT_CMD_H
11989 +#define _UAPI_VS_CONTEXT_CMD_H
11992 +/* vinfo commands */
11994 +#define VCMD_task_xid VC_CMD(VINFO, 1, 0)
11997 +#define VCMD_vx_info VC_CMD(VINFO, 5, 0)
11999 +struct vcmd_vx_info_v0 {
12001 + uint32_t initpid;
12002 + /* more to come */
12006 +#define VCMD_ctx_stat VC_CMD(VSTAT, 0, 0)
12008 +struct vcmd_ctx_stat_v0 {
12011 + /* more to come */
12015 +/* context commands */
12017 +#define VCMD_ctx_create_v0 VC_CMD(VPROC, 1, 0)
12018 +#define VCMD_ctx_create VC_CMD(VPROC, 1, 1)
12020 +struct vcmd_ctx_create {
12021 + uint64_t flagword;
12024 +#define VCMD_ctx_migrate_v0 VC_CMD(PROCMIG, 1, 0)
12025 +#define VCMD_ctx_migrate VC_CMD(PROCMIG, 1, 1)
12027 +struct vcmd_ctx_migrate {
12028 + uint64_t flagword;
12033 +/* flag commands */
12035 +#define VCMD_get_cflags VC_CMD(FLAGS, 1, 0)
12036 +#define VCMD_set_cflags VC_CMD(FLAGS, 2, 0)
12038 +struct vcmd_ctx_flags_v0 {
12039 + uint64_t flagword;
12045 +/* context caps commands */
12047 +#define VCMD_get_ccaps VC_CMD(FLAGS, 3, 1)
12048 +#define VCMD_set_ccaps VC_CMD(FLAGS, 4, 1)
12050 +struct vcmd_ctx_caps_v1 {
12057 +/* bcaps commands */
12059 +#define VCMD_get_bcaps VC_CMD(FLAGS, 9, 0)
12060 +#define VCMD_set_bcaps VC_CMD(FLAGS, 10, 0)
12062 +struct vcmd_bcaps {
12069 +/* umask commands */
12071 +#define VCMD_get_umask VC_CMD(FLAGS, 13, 0)
12072 +#define VCMD_set_umask VC_CMD(FLAGS, 14, 0)
12074 +struct vcmd_umask {
12081 +/* wmask commands */
12083 +#define VCMD_get_wmask VC_CMD(FLAGS, 15, 0)
12084 +#define VCMD_set_wmask VC_CMD(FLAGS, 16, 0)
12086 +struct vcmd_wmask {
12095 +#define VCMD_get_badness VC_CMD(MEMCTRL, 5, 0)
12096 +#define VCMD_set_badness VC_CMD(MEMCTRL, 6, 0)
12098 +struct vcmd_badness_v0 {
12102 +#endif /* _UAPI_VS_CONTEXT_CMD_H */
12103 diff -NurpP --minimal linux-3.14.17/include/uapi/vserver/cvirt_cmd.h linux-3.14.17-vs2.3.6.13/include/uapi/vserver/cvirt_cmd.h
12104 --- linux-3.14.17/include/uapi/vserver/cvirt_cmd.h 1970-01-01 00:00:00.000000000 +0000
12105 +++ linux-3.14.17-vs2.3.6.13/include/uapi/vserver/cvirt_cmd.h 2014-08-30 14:27:38.000000000 +0000
12107 +#ifndef _UAPI_VS_CVIRT_CMD_H
12108 +#define _UAPI_VS_CVIRT_CMD_H
12111 +/* virtual host info name commands */
12113 +#define VCMD_set_vhi_name VC_CMD(VHOST, 1, 0)
12114 +#define VCMD_get_vhi_name VC_CMD(VHOST, 2, 0)
12116 +struct vcmd_vhi_name_v0 {
12122 +enum vhi_name_field {
12123 + VHIN_CONTEXT = 0,
12134 +#define VCMD_virt_stat VC_CMD(VSTAT, 3, 0)
12136 +struct vcmd_virt_stat_v0 {
12139 + uint32_t nr_threads;
12140 + uint32_t nr_running;
12141 + uint32_t nr_uninterruptible;
12142 + uint32_t nr_onhold;
12143 + uint32_t nr_forks;
12144 + uint32_t load[3];
12147 +#endif /* _UAPI_VS_CVIRT_CMD_H */
12148 diff -NurpP --minimal linux-3.14.17/include/uapi/vserver/debug_cmd.h linux-3.14.17-vs2.3.6.13/include/uapi/vserver/debug_cmd.h
12149 --- linux-3.14.17/include/uapi/vserver/debug_cmd.h 1970-01-01 00:00:00.000000000 +0000
12150 +++ linux-3.14.17-vs2.3.6.13/include/uapi/vserver/debug_cmd.h 2014-08-30 14:27:38.000000000 +0000
12152 +#ifndef _UAPI_VS_DEBUG_CMD_H
12153 +#define _UAPI_VS_DEBUG_CMD_H
12156 +/* debug commands */
12158 +#define VCMD_dump_history VC_CMD(DEBUG, 1, 0)
12160 +#define VCMD_read_history VC_CMD(DEBUG, 5, 0)
12161 +#define VCMD_read_monitor VC_CMD(DEBUG, 6, 0)
12163 +struct vcmd_read_history_v0 {
12166 + char __user *data;
12169 +struct vcmd_read_monitor_v0 {
12172 + char __user *data;
12175 +#endif /* _UAPI_VS_DEBUG_CMD_H */
12176 diff -NurpP --minimal linux-3.14.17/include/uapi/vserver/device.h linux-3.14.17-vs2.3.6.13/include/uapi/vserver/device.h
12177 --- linux-3.14.17/include/uapi/vserver/device.h 1970-01-01 00:00:00.000000000 +0000
12178 +++ linux-3.14.17-vs2.3.6.13/include/uapi/vserver/device.h 2014-08-30 14:27:38.000000000 +0000
12180 +#ifndef _UAPI_VS_DEVICE_H
12181 +#define _UAPI_VS_DEVICE_H
12184 +#define DATTR_CREATE 0x00000001
12185 +#define DATTR_OPEN 0x00000002
12187 +#define DATTR_REMAP 0x00000010
12189 +#define DATTR_MASK 0x00000013
12191 +#endif /* _UAPI_VS_DEVICE_H */
12192 diff -NurpP --minimal linux-3.14.17/include/uapi/vserver/device_cmd.h linux-3.14.17-vs2.3.6.13/include/uapi/vserver/device_cmd.h
12193 --- linux-3.14.17/include/uapi/vserver/device_cmd.h 1970-01-01 00:00:00.000000000 +0000
12194 +++ linux-3.14.17-vs2.3.6.13/include/uapi/vserver/device_cmd.h 2014-08-30 14:27:38.000000000 +0000
12196 +#ifndef _UAPI_VS_DEVICE_CMD_H
12197 +#define _UAPI_VS_DEVICE_CMD_H
12200 +/* device vserver commands */
12202 +#define VCMD_set_mapping VC_CMD(DEVICE, 1, 0)
12203 +#define VCMD_unset_mapping VC_CMD(DEVICE, 2, 0)
12205 +struct vcmd_set_mapping_v0 {
12206 + const char __user *device;
12207 + const char __user *target;
12211 +#endif /* _UAPI_VS_DEVICE_CMD_H */
12212 diff -NurpP --minimal linux-3.14.17/include/uapi/vserver/dlimit_cmd.h linux-3.14.17-vs2.3.6.13/include/uapi/vserver/dlimit_cmd.h
12213 --- linux-3.14.17/include/uapi/vserver/dlimit_cmd.h 1970-01-01 00:00:00.000000000 +0000
12214 +++ linux-3.14.17-vs2.3.6.13/include/uapi/vserver/dlimit_cmd.h 2014-08-30 14:27:38.000000000 +0000
12216 +#ifndef _UAPI_VS_DLIMIT_CMD_H
12217 +#define _UAPI_VS_DLIMIT_CMD_H
12220 +/* dlimit vserver commands */
12222 +#define VCMD_add_dlimit VC_CMD(DLIMIT, 1, 0)
12223 +#define VCMD_rem_dlimit VC_CMD(DLIMIT, 2, 0)
12225 +#define VCMD_set_dlimit VC_CMD(DLIMIT, 5, 0)
12226 +#define VCMD_get_dlimit VC_CMD(DLIMIT, 6, 0)
12228 +struct vcmd_ctx_dlimit_base_v0 {
12229 + const char __user *name;
12233 +struct vcmd_ctx_dlimit_v0 {
12234 + const char __user *name;
12235 + uint32_t space_used; /* used space in kbytes */
12236 + uint32_t space_total; /* maximum space in kbytes */
12237 + uint32_t inodes_used; /* used inodes */
12238 + uint32_t inodes_total; /* maximum inodes */
12239 + uint32_t reserved; /* reserved for root in % */
12243 +#define CDLIM_UNSET ((uint32_t)0UL)
12244 +#define CDLIM_INFINITY ((uint32_t)~0UL)
12245 +#define CDLIM_KEEP ((uint32_t)~1UL)
12247 +#define DLIME_UNIT 0
12248 +#define DLIME_KILO 1
12249 +#define DLIME_MEGA 2
12250 +#define DLIME_GIGA 3
12252 +#define DLIMF_SHIFT 0x10
12254 +#define DLIMS_USED 0
12255 +#define DLIMS_TOTAL 2
12258 +uint64_t dlimit_space_32to64(uint32_t val, uint32_t flags, int shift)
12260 + int exp = (flags & DLIMF_SHIFT) ?
12261 + (flags >> shift) & DLIME_GIGA : DLIME_KILO;
12262 + return ((uint64_t)val) << (10 * exp);
12266 +uint32_t dlimit_space_64to32(uint64_t val, uint32_t *flags, int shift)
12270 + if (*flags & DLIMF_SHIFT) {
12271 + while (val > (1LL << 32) && (exp < 3)) {
12275 + *flags &= ~(DLIME_GIGA << shift);
12276 + *flags |= exp << shift;
12282 +#endif /* _UAPI_VS_DLIMIT_CMD_H */
12283 diff -NurpP --minimal linux-3.14.17/include/uapi/vserver/inode.h linux-3.14.17-vs2.3.6.13/include/uapi/vserver/inode.h
12284 --- linux-3.14.17/include/uapi/vserver/inode.h 1970-01-01 00:00:00.000000000 +0000
12285 +++ linux-3.14.17-vs2.3.6.13/include/uapi/vserver/inode.h 2014-08-30 14:27:38.000000000 +0000
12287 +#ifndef _UAPI_VS_INODE_H
12288 +#define _UAPI_VS_INODE_H
12291 +#define IATTR_TAG 0x01000000
12293 +#define IATTR_ADMIN 0x00000001
12294 +#define IATTR_WATCH 0x00000002
12295 +#define IATTR_HIDE 0x00000004
12296 +#define IATTR_FLAGS 0x00000007
12298 +#define IATTR_BARRIER 0x00010000
12299 +#define IATTR_IXUNLINK 0x00020000
12300 +#define IATTR_IMMUTABLE 0x00040000
12301 +#define IATTR_COW 0x00080000
12304 +/* inode ioctls */
12306 +#define FIOC_GETXFLG _IOR('x', 5, long)
12307 +#define FIOC_SETXFLG _IOW('x', 6, long)
12309 +#endif /* _UAPI_VS_INODE_H */
12310 diff -NurpP --minimal linux-3.14.17/include/uapi/vserver/inode_cmd.h linux-3.14.17-vs2.3.6.13/include/uapi/vserver/inode_cmd.h
12311 --- linux-3.14.17/include/uapi/vserver/inode_cmd.h 1970-01-01 00:00:00.000000000 +0000
12312 +++ linux-3.14.17-vs2.3.6.13/include/uapi/vserver/inode_cmd.h 2014-08-30 14:27:38.000000000 +0000
12314 +#ifndef _UAPI_VS_INODE_CMD_H
12315 +#define _UAPI_VS_INODE_CMD_H
12318 +/* inode vserver commands */
12320 +#define VCMD_get_iattr VC_CMD(INODE, 1, 1)
12321 +#define VCMD_set_iattr VC_CMD(INODE, 2, 1)
12323 +#define VCMD_fget_iattr VC_CMD(INODE, 3, 0)
12324 +#define VCMD_fset_iattr VC_CMD(INODE, 4, 0)
12326 +struct vcmd_ctx_iattr_v1 {
12327 + const char __user *name;
12333 +struct vcmd_ctx_fiattr_v0 {
12339 +#endif /* _UAPI_VS_INODE_CMD_H */
12340 diff -NurpP --minimal linux-3.14.17/include/uapi/vserver/limit.h linux-3.14.17-vs2.3.6.13/include/uapi/vserver/limit.h
12341 --- linux-3.14.17/include/uapi/vserver/limit.h 1970-01-01 00:00:00.000000000 +0000
12342 +++ linux-3.14.17-vs2.3.6.13/include/uapi/vserver/limit.h 2014-08-30 14:27:38.000000000 +0000
12344 +#ifndef _UAPI_VS_LIMIT_H
12345 +#define _UAPI_VS_LIMIT_H
12348 +#define VLIMIT_NSOCK 16
12349 +#define VLIMIT_OPENFD 17
12350 +#define VLIMIT_ANON 18
12351 +#define VLIMIT_SHMEM 19
12352 +#define VLIMIT_SEMARY 20
12353 +#define VLIMIT_NSEMS 21
12354 +#define VLIMIT_DENTRY 22
12355 +#define VLIMIT_MAPPED 23
12357 +#endif /* _UAPI_VS_LIMIT_H */
12358 diff -NurpP --minimal linux-3.14.17/include/uapi/vserver/limit_cmd.h linux-3.14.17-vs2.3.6.13/include/uapi/vserver/limit_cmd.h
12359 --- linux-3.14.17/include/uapi/vserver/limit_cmd.h 1970-01-01 00:00:00.000000000 +0000
12360 +++ linux-3.14.17-vs2.3.6.13/include/uapi/vserver/limit_cmd.h 2014-08-30 14:27:38.000000000 +0000
12362 +#ifndef _UAPI_VS_LIMIT_CMD_H
12363 +#define _UAPI_VS_LIMIT_CMD_H
12366 +/* rlimit vserver commands */
12368 +#define VCMD_get_rlimit VC_CMD(RLIMIT, 1, 0)
12369 +#define VCMD_set_rlimit VC_CMD(RLIMIT, 2, 0)
12370 +#define VCMD_get_rlimit_mask VC_CMD(RLIMIT, 3, 0)
12371 +#define VCMD_reset_hits VC_CMD(RLIMIT, 7, 0)
12372 +#define VCMD_reset_minmax VC_CMD(RLIMIT, 9, 0)
12374 +struct vcmd_ctx_rlimit_v0 {
12376 + uint64_t minimum;
12377 + uint64_t softlimit;
12378 + uint64_t maximum;
12381 +struct vcmd_ctx_rlimit_mask_v0 {
12382 + uint32_t minimum;
12383 + uint32_t softlimit;
12384 + uint32_t maximum;
12387 +#define VCMD_rlimit_stat VC_CMD(VSTAT, 1, 0)
12389 +struct vcmd_rlimit_stat_v0 {
12393 + uint64_t minimum;
12394 + uint64_t maximum;
12397 +#define CRLIM_UNSET (0ULL)
12398 +#define CRLIM_INFINITY (~0ULL)
12399 +#define CRLIM_KEEP (~1ULL)
12401 +#endif /* _UAPI_VS_LIMIT_CMD_H */
12402 diff -NurpP --minimal linux-3.14.17/include/uapi/vserver/monitor.h linux-3.14.17-vs2.3.6.13/include/uapi/vserver/monitor.h
12403 --- linux-3.14.17/include/uapi/vserver/monitor.h 1970-01-01 00:00:00.000000000 +0000
12404 +++ linux-3.14.17-vs2.3.6.13/include/uapi/vserver/monitor.h 2014-08-30 14:27:38.000000000 +0000
12406 +#ifndef _UAPI_VS_MONITOR_H
12407 +#define _UAPI_VS_MONITOR_H
12409 +#include <linux/types.h>
12417 + VXM_UPDATE = 0x20,
12421 + VXM_RQINFO_1 = 0x24,
12424 + VXM_ACTIVATE = 0x40,
12431 + VXM_MIGRATE = 0x48,
12434 + /* all other bits are flags */
12435 + VXM_SCHED = 0x80,
12438 +struct _vxm_update_1 {
12439 + uint32_t tokens_max;
12440 + uint32_t fill_rate;
12441 + uint32_t interval;
12444 +struct _vxm_update_2 {
12445 + uint32_t tokens_min;
12446 + uint32_t fill_rate;
12447 + uint32_t interval;
12450 +struct _vxm_rqinfo_1 {
12451 + uint16_t running;
12455 + uint32_t idle_tokens;
12458 +struct _vxm_rqinfo_2 {
12459 + uint32_t norm_time;
12460 + uint32_t idle_time;
12461 + uint32_t idle_skip;
12464 +struct _vxm_sched {
12466 + uint32_t norm_time;
12467 + uint32_t idle_time;
12470 +struct _vxm_task {
12475 +struct _vxm_event {
12484 + struct _vxm_task tsk;
12488 +struct _vx_mon_entry {
12492 + struct _vxm_event ev;
12493 + struct _vxm_sched sd;
12494 + struct _vxm_update_1 u1;
12495 + struct _vxm_update_2 u2;
12496 + struct _vxm_rqinfo_1 q1;
12497 + struct _vxm_rqinfo_2 q2;
12501 +#endif /* _UAPI_VS_MONITOR_H */
12502 diff -NurpP --minimal linux-3.14.17/include/uapi/vserver/network.h linux-3.14.17-vs2.3.6.13/include/uapi/vserver/network.h
12503 --- linux-3.14.17/include/uapi/vserver/network.h 1970-01-01 00:00:00.000000000 +0000
12504 +++ linux-3.14.17-vs2.3.6.13/include/uapi/vserver/network.h 2014-08-30 14:27:38.000000000 +0000
12506 +#ifndef _UAPI_VS_NETWORK_H
12507 +#define _UAPI_VS_NETWORK_H
12509 +#include <linux/types.h>
12512 +#define MAX_N_CONTEXT 65535 /* Arbitrary limit */
12515 +/* network flags */
12517 +#define NXF_INFO_PRIVATE 0x00000008
12519 +#define NXF_SINGLE_IP 0x00000100
12520 +#define NXF_LBACK_REMAP 0x00000200
12521 +#define NXF_LBACK_ALLOW 0x00000400
12523 +#define NXF_HIDE_NETIF 0x02000000
12524 +#define NXF_HIDE_LBACK 0x04000000
12526 +#define NXF_STATE_SETUP (1ULL << 32)
12527 +#define NXF_STATE_ADMIN (1ULL << 34)
12529 +#define NXF_SC_HELPER (1ULL << 36)
12530 +#define NXF_PERSISTENT (1ULL << 38)
12532 +#define NXF_ONE_TIME (0x0005ULL << 32)
12535 +#define NXF_INIT_SET (__nxf_init_set())
12537 +static inline uint64_t __nxf_init_set(void) {
12538 + return NXF_STATE_ADMIN
12539 +#ifdef CONFIG_VSERVER_AUTO_LBACK
12540 + | NXF_LBACK_REMAP
12543 +#ifdef CONFIG_VSERVER_AUTO_SINGLE
12546 + | NXF_HIDE_NETIF;
12550 +/* network caps */
12552 +#define NXC_TUN_CREATE 0x00000001
12554 +#define NXC_RAW_ICMP 0x00000100
12556 +#define NXC_MULTICAST 0x00001000
12559 +/* address types */
12561 +#define NXA_TYPE_IPV4 0x0001
12562 +#define NXA_TYPE_IPV6 0x0002
12564 +#define NXA_TYPE_NONE 0x0000
12565 +#define NXA_TYPE_ANY 0x00FF
12567 +#define NXA_TYPE_ADDR 0x0010
12568 +#define NXA_TYPE_MASK 0x0020
12569 +#define NXA_TYPE_RANGE 0x0040
12571 +#define NXA_MASK_ALL (NXA_TYPE_ADDR | NXA_TYPE_MASK | NXA_TYPE_RANGE)
12573 +#define NXA_MOD_BCAST 0x0100
12574 +#define NXA_MOD_LBACK 0x0200
12576 +#define NXA_LOOPBACK 0x1000
12578 +#define NXA_MASK_BIND (NXA_MASK_ALL | NXA_MOD_BCAST | NXA_MOD_LBACK)
12579 +#define NXA_MASK_SHOW (NXA_MASK_ALL | NXA_LOOPBACK)
12581 +#endif /* _UAPI_VS_NETWORK_H */
12582 diff -NurpP --minimal linux-3.14.17/include/uapi/vserver/network_cmd.h linux-3.14.17-vs2.3.6.13/include/uapi/vserver/network_cmd.h
12583 --- linux-3.14.17/include/uapi/vserver/network_cmd.h 1970-01-01 00:00:00.000000000 +0000
12584 +++ linux-3.14.17-vs2.3.6.13/include/uapi/vserver/network_cmd.h 2014-08-30 14:27:38.000000000 +0000
12586 +#ifndef _UAPI_VS_NETWORK_CMD_H
12587 +#define _UAPI_VS_NETWORK_CMD_H
12590 +/* vinfo commands */
12592 +#define VCMD_task_nid VC_CMD(VINFO, 2, 0)
12595 +#define VCMD_nx_info VC_CMD(VINFO, 6, 0)
12597 +struct vcmd_nx_info_v0 {
12599 + /* more to come */
12603 +#include <linux/in.h>
12604 +#include <linux/in6.h>
12606 +#define VCMD_net_create_v0 VC_CMD(VNET, 1, 0)
12607 +#define VCMD_net_create VC_CMD(VNET, 1, 1)
12609 +struct vcmd_net_create {
12610 + uint64_t flagword;
12613 +#define VCMD_net_migrate VC_CMD(NETMIG, 1, 0)
12615 +#define VCMD_net_add VC_CMD(NETALT, 1, 0)
12616 +#define VCMD_net_remove VC_CMD(NETALT, 2, 0)
12618 +struct vcmd_net_addr_v0 {
12621 + struct in_addr ip[4];
12622 + struct in_addr mask[4];
12625 +#define VCMD_net_add_ipv4_v1 VC_CMD(NETALT, 1, 1)
12626 +#define VCMD_net_rem_ipv4_v1 VC_CMD(NETALT, 2, 1)
12628 +struct vcmd_net_addr_ipv4_v1 {
12631 + struct in_addr ip;
12632 + struct in_addr mask;
12635 +#define VCMD_net_add_ipv4 VC_CMD(NETALT, 1, 2)
12636 +#define VCMD_net_rem_ipv4 VC_CMD(NETALT, 2, 2)
12638 +struct vcmd_net_addr_ipv4_v2 {
12641 + struct in_addr ip;
12642 + struct in_addr ip2;
12643 + struct in_addr mask;
12646 +#define VCMD_net_add_ipv6 VC_CMD(NETALT, 3, 1)
12647 +#define VCMD_net_remove_ipv6 VC_CMD(NETALT, 4, 1)
12649 +struct vcmd_net_addr_ipv6_v1 {
12653 + struct in6_addr ip;
12654 + struct in6_addr mask;
12657 +#define VCMD_add_match_ipv4 VC_CMD(NETALT, 5, 0)
12658 +#define VCMD_get_match_ipv4 VC_CMD(NETALT, 6, 0)
12660 +struct vcmd_match_ipv4_v0 {
12665 + struct in_addr ip;
12666 + struct in_addr ip2;
12667 + struct in_addr mask;
12670 +#define VCMD_add_match_ipv6 VC_CMD(NETALT, 7, 0)
12671 +#define VCMD_get_match_ipv6 VC_CMD(NETALT, 8, 0)
12673 +struct vcmd_match_ipv6_v0 {
12678 + struct in6_addr ip;
12679 + struct in6_addr ip2;
12680 + struct in6_addr mask;
12686 +/* flag commands */
12688 +#define VCMD_get_nflags VC_CMD(FLAGS, 5, 0)
12689 +#define VCMD_set_nflags VC_CMD(FLAGS, 6, 0)
12691 +struct vcmd_net_flags_v0 {
12692 + uint64_t flagword;
12698 +/* network caps commands */
12700 +#define VCMD_get_ncaps VC_CMD(FLAGS, 7, 0)
12701 +#define VCMD_set_ncaps VC_CMD(FLAGS, 8, 0)
12703 +struct vcmd_net_caps_v0 {
12708 +#endif /* _UAPI_VS_NETWORK_CMD_H */
12709 diff -NurpP --minimal linux-3.14.17/include/uapi/vserver/sched_cmd.h linux-3.14.17-vs2.3.6.13/include/uapi/vserver/sched_cmd.h
12710 --- linux-3.14.17/include/uapi/vserver/sched_cmd.h 1970-01-01 00:00:00.000000000 +0000
12711 +++ linux-3.14.17-vs2.3.6.13/include/uapi/vserver/sched_cmd.h 2014-08-30 14:27:38.000000000 +0000
12713 +#ifndef _UAPI_VS_SCHED_CMD_H
12714 +#define _UAPI_VS_SCHED_CMD_H
12717 +struct vcmd_prio_bias {
12719 + int32_t prio_bias;
12722 +#define VCMD_set_prio_bias VC_CMD(SCHED, 4, 0)
12723 +#define VCMD_get_prio_bias VC_CMD(SCHED, 5, 0)
12725 +#endif /* _UAPI_VS_SCHED_CMD_H */
12726 diff -NurpP --minimal linux-3.14.17/include/uapi/vserver/signal_cmd.h linux-3.14.17-vs2.3.6.13/include/uapi/vserver/signal_cmd.h
12727 --- linux-3.14.17/include/uapi/vserver/signal_cmd.h 1970-01-01 00:00:00.000000000 +0000
12728 +++ linux-3.14.17-vs2.3.6.13/include/uapi/vserver/signal_cmd.h 2014-08-30 14:27:38.000000000 +0000
12730 +#ifndef _UAPI_VS_SIGNAL_CMD_H
12731 +#define _UAPI_VS_SIGNAL_CMD_H
12734 +/* signalling vserver commands */
12736 +#define VCMD_ctx_kill VC_CMD(PROCTRL, 1, 0)
12737 +#define VCMD_wait_exit VC_CMD(EVENT, 99, 0)
12739 +struct vcmd_ctx_kill_v0 {
12744 +struct vcmd_wait_exit_v0 {
12745 + int32_t reboot_cmd;
12746 + int32_t exit_code;
12750 +/* process alteration commands */
12752 +#define VCMD_get_pflags VC_CMD(PROCALT, 5, 0)
12753 +#define VCMD_set_pflags VC_CMD(PROCALT, 6, 0)
12755 +struct vcmd_pflags_v0 {
12756 + uint32_t flagword;
12760 +#endif /* _UAPI_VS_SIGNAL_CMD_H */
12761 diff -NurpP --minimal linux-3.14.17/include/uapi/vserver/space_cmd.h linux-3.14.17-vs2.3.6.13/include/uapi/vserver/space_cmd.h
12762 --- linux-3.14.17/include/uapi/vserver/space_cmd.h 1970-01-01 00:00:00.000000000 +0000
12763 +++ linux-3.14.17-vs2.3.6.13/include/uapi/vserver/space_cmd.h 2014-08-30 14:27:38.000000000 +0000
12765 +#ifndef _UAPI_VS_SPACE_CMD_H
12766 +#define _UAPI_VS_SPACE_CMD_H
12769 +#define VCMD_enter_space_v0 VC_CMD(PROCALT, 1, 0)
12770 +#define VCMD_enter_space_v1 VC_CMD(PROCALT, 1, 1)
12771 +#define VCMD_enter_space VC_CMD(PROCALT, 1, 2)
12773 +#define VCMD_set_space_v0 VC_CMD(PROCALT, 3, 0)
12774 +#define VCMD_set_space_v1 VC_CMD(PROCALT, 3, 1)
12775 +#define VCMD_set_space VC_CMD(PROCALT, 3, 2)
12777 +#define VCMD_get_space_mask_v0 VC_CMD(PROCALT, 4, 0)
12779 +#define VCMD_get_space_mask VC_CMD(VSPACE, 0, 1)
12780 +#define VCMD_get_space_default VC_CMD(VSPACE, 1, 0)
12783 +struct vcmd_space_mask_v1 {
12787 +struct vcmd_space_mask_v2 {
12792 +#endif /* _UAPI_VS_SPACE_CMD_H */
12793 diff -NurpP --minimal linux-3.14.17/include/uapi/vserver/switch.h linux-3.14.17-vs2.3.6.13/include/uapi/vserver/switch.h
12794 --- linux-3.14.17/include/uapi/vserver/switch.h 1970-01-01 00:00:00.000000000 +0000
12795 +++ linux-3.14.17-vs2.3.6.13/include/uapi/vserver/switch.h 2014-08-30 14:27:38.000000000 +0000
12797 +#ifndef _UAPI_VS_SWITCH_H
12798 +#define _UAPI_VS_SWITCH_H
12800 +#include <linux/types.h>
12803 +#define VC_CATEGORY(c) (((c) >> 24) & 0x3F)
12804 +#define VC_COMMAND(c) (((c) >> 16) & 0xFF)
12805 +#define VC_VERSION(c) ((c) & 0xFFF)
12807 +#define VC_CMD(c, i, v) ((((VC_CAT_ ## c) & 0x3F) << 24) \
12808 + | (((i) & 0xFF) << 16) | ((v) & 0xFFF))
12812 + Syscall Matrix V2.8
12814 + |VERSION|CREATE |MODIFY |MIGRATE|CONTROL|EXPERIM| |SPECIAL|SPECIAL|
12815 + |STATS |DESTROY|ALTER |CHANGE |LIMIT |TEST | | | |
12816 + |INFO |SETUP | |MOVE | | | | | |
12817 + -------+-------+-------+-------+-------+-------+-------+ +-------+-------+
12818 + SYSTEM |VERSION|VSETUP |VHOST | | | | |DEVICE | |
12819 + HOST | 00| 01| 02| 03| 04| 05| | 06| 07|
12820 + -------+-------+-------+-------+-------+-------+-------+ +-------+-------+
12821 + CPU | |VPROC |PROCALT|PROCMIG|PROCTRL| | |SCHED. | |
12822 + PROCESS| 08| 09| 10| 11| 12| 13| | 14| 15|
12823 + -------+-------+-------+-------+-------+-------+-------+ +-------+-------+
12824 + MEMORY | | | | |MEMCTRL| | |SWAP | |
12825 + | 16| 17| 18| 19| 20| 21| | 22| 23|
12826 + -------+-------+-------+-------+-------+-------+-------+ +-------+-------+
12827 + NETWORK| |VNET |NETALT |NETMIG |NETCTL | | |SERIAL | |
12828 + | 24| 25| 26| 27| 28| 29| | 30| 31|
12829 + -------+-------+-------+-------+-------+-------+-------+ +-------+-------+
12830 + DISK | | | |TAGMIG |DLIMIT | | |INODE | |
12831 + VFS | 32| 33| 34| 35| 36| 37| | 38| 39|
12832 + -------+-------+-------+-------+-------+-------+-------+ +-------+-------+
12833 + OTHER |VSTAT | | | | | | |VINFO | |
12834 + | 40| 41| 42| 43| 44| 45| | 46| 47|
12835 + =======+=======+=======+=======+=======+=======+=======+ +=======+=======+
12836 + SPECIAL|EVENT | | | |FLAGS | | |VSPACE | |
12837 + | 48| 49| 50| 51| 52| 53| | 54| 55|
12838 + -------+-------+-------+-------+-------+-------+-------+ +-------+-------+
12839 + SPECIAL|DEBUG | | | |RLIMIT |SYSCALL| | |COMPAT |
12840 + | 56| 57| 58| 59| 60|TEST 61| | 62| 63|
12841 + -------+-------+-------+-------+-------+-------+-------+ +-------+-------+
12845 +#define VC_CAT_VERSION 0
12847 +#define VC_CAT_VSETUP 1
12848 +#define VC_CAT_VHOST 2
12850 +#define VC_CAT_DEVICE 6
12852 +#define VC_CAT_VPROC 9
12853 +#define VC_CAT_PROCALT 10
12854 +#define VC_CAT_PROCMIG 11
12855 +#define VC_CAT_PROCTRL 12
12857 +#define VC_CAT_SCHED 14
12858 +#define VC_CAT_MEMCTRL 20
12860 +#define VC_CAT_VNET 25
12861 +#define VC_CAT_NETALT 26
12862 +#define VC_CAT_NETMIG 27
12863 +#define VC_CAT_NETCTRL 28
12865 +#define VC_CAT_TAGMIG 35
12866 +#define VC_CAT_DLIMIT 36
12867 +#define VC_CAT_INODE 38
12869 +#define VC_CAT_VSTAT 40
12870 +#define VC_CAT_VINFO 46
12871 +#define VC_CAT_EVENT 48
12873 +#define VC_CAT_FLAGS 52
12874 +#define VC_CAT_VSPACE 54
12875 +#define VC_CAT_DEBUG 56
12876 +#define VC_CAT_RLIMIT 60
12878 +#define VC_CAT_SYSTEST 61
12879 +#define VC_CAT_COMPAT 63
12881 +/* query version */
12883 +#define VCMD_get_version VC_CMD(VERSION, 0, 0)
12884 +#define VCMD_get_vci VC_CMD(VERSION, 1, 0)
12886 +#endif /* _UAPI_VS_SWITCH_H */
12887 diff -NurpP --minimal linux-3.14.17/include/uapi/vserver/tag_cmd.h linux-3.14.17-vs2.3.6.13/include/uapi/vserver/tag_cmd.h
12888 --- linux-3.14.17/include/uapi/vserver/tag_cmd.h 1970-01-01 00:00:00.000000000 +0000
12889 +++ linux-3.14.17-vs2.3.6.13/include/uapi/vserver/tag_cmd.h 2014-08-30 14:27:38.000000000 +0000
12891 +#ifndef _UAPI_VS_TAG_CMD_H
12892 +#define _UAPI_VS_TAG_CMD_H
12895 +/* vinfo commands */
12897 +#define VCMD_task_tag VC_CMD(VINFO, 3, 0)
12900 +/* context commands */
12902 +#define VCMD_tag_migrate VC_CMD(TAGMIG, 1, 0)
12904 +#endif /* _UAPI_VS_TAG_CMD_H */
12905 diff -NurpP --minimal linux-3.14.17/init/Kconfig linux-3.14.17-vs2.3.6.13/init/Kconfig
12906 --- linux-3.14.17/init/Kconfig 2014-08-14 01:38:34.000000000 +0000
12907 +++ linux-3.14.17-vs2.3.6.13/init/Kconfig 2014-08-30 14:37:19.000000000 +0000
12908 @@ -854,6 +854,7 @@ config NUMA_BALANCING
12911 boolean "Control Group support"
12914 This option adds support for grouping sets of processes together, for
12915 use with process control subsystems such as Cpusets, CFS, memory
12916 diff -NurpP --minimal linux-3.14.17/init/main.c linux-3.14.17-vs2.3.6.13/init/main.c
12917 --- linux-3.14.17/init/main.c 2014-08-14 01:38:34.000000000 +0000
12918 +++ linux-3.14.17-vs2.3.6.13/init/main.c 2014-08-30 14:27:38.000000000 +0000
12920 #include <linux/sched_clock.h>
12921 #include <linux/context_tracking.h>
12922 #include <linux/random.h>
12923 +#include <linux/vserver/percpu.h>
12925 #include <asm/io.h>
12926 #include <asm/bugs.h>
12927 diff -NurpP --minimal linux-3.14.17/ipc/mqueue.c linux-3.14.17-vs2.3.6.13/ipc/mqueue.c
12928 --- linux-3.14.17/ipc/mqueue.c 2014-08-14 01:38:34.000000000 +0000
12929 +++ linux-3.14.17-vs2.3.6.13/ipc/mqueue.c 2014-08-30 14:27:38.000000000 +0000
12931 #include <linux/ipc_namespace.h>
12932 #include <linux/user_namespace.h>
12933 #include <linux/slab.h>
12934 +#include <linux/vs_context.h>
12935 +#include <linux/vs_limit.h>
12937 #include <net/sock.h>
12939 @@ -76,6 +78,7 @@ struct mqueue_inode_info {
12940 struct pid *notify_owner;
12941 struct user_namespace *notify_user_ns;
12942 struct user_struct *user; /* user who created, for accounting */
12943 + struct vx_info *vxi;
12944 struct sock *notify_sock;
12945 struct sk_buff *notify_cookie;
12947 @@ -234,6 +237,7 @@ static struct inode *mqueue_get_inode(st
12948 if (S_ISREG(mode)) {
12949 struct mqueue_inode_info *info;
12950 unsigned long mq_bytes, mq_treesize;
12951 + struct vx_info *vxi = current_vx_info();
12953 inode->i_fop = &mqueue_file_operations;
12954 inode->i_size = FILENT_SIZE;
12955 @@ -247,6 +251,7 @@ static struct inode *mqueue_get_inode(st
12956 info->notify_user_ns = NULL;
12958 info->user = NULL; /* set when all is ok */
12959 + info->vxi = NULL;
12960 info->msg_tree = RB_ROOT;
12961 info->node_cache = NULL;
12962 memset(&info->attr, 0, sizeof(info->attr));
12963 @@ -280,17 +285,20 @@ static struct inode *mqueue_get_inode(st
12965 spin_lock(&mq_lock);
12966 if (u->mq_bytes + mq_bytes < u->mq_bytes ||
12967 - u->mq_bytes + mq_bytes > rlimit(RLIMIT_MSGQUEUE)) {
12968 + u->mq_bytes + mq_bytes > rlimit(RLIMIT_MSGQUEUE) ||
12969 + !vx_ipcmsg_avail(vxi, mq_bytes)) {
12970 spin_unlock(&mq_lock);
12971 /* mqueue_evict_inode() releases info->messages */
12975 u->mq_bytes += mq_bytes;
12976 + vx_ipcmsg_add(vxi, u, mq_bytes);
12977 spin_unlock(&mq_lock);
12980 info->user = get_uid(u);
12981 + info->vxi = get_vx_info(vxi);
12982 } else if (S_ISDIR(mode)) {
12984 /* Some things misbehave if size == 0 on a directory */
12985 @@ -402,8 +410,11 @@ static void mqueue_evict_inode(struct in
12989 + struct vx_info *vxi = info->vxi;
12991 spin_lock(&mq_lock);
12992 user->mq_bytes -= mq_bytes;
12993 + vx_ipcmsg_sub(vxi, user, mq_bytes);
12995 * get_ns_from_inode() ensures that the
12996 * (ipc_ns = sb->s_fs_info) is either a valid ipc_ns
12997 @@ -413,6 +424,7 @@ static void mqueue_evict_inode(struct in
12999 ipc_ns->mq_queues_count--;
13000 spin_unlock(&mq_lock);
13001 + put_vx_info(vxi);
13005 diff -NurpP --minimal linux-3.14.17/ipc/msg.c linux-3.14.17-vs2.3.6.13/ipc/msg.c
13006 --- linux-3.14.17/ipc/msg.c 2014-08-14 01:38:34.000000000 +0000
13007 +++ linux-3.14.17-vs2.3.6.13/ipc/msg.c 2014-08-30 14:27:38.000000000 +0000
13009 #include <linux/rwsem.h>
13010 #include <linux/nsproxy.h>
13011 #include <linux/ipc_namespace.h>
13012 +#include <linux/vs_base.h>
13014 #include <asm/current.h>
13015 #include <asm/uaccess.h>
13016 @@ -194,6 +195,7 @@ static int newque(struct ipc_namespace *
13018 msq->q_perm.mode = msgflg & S_IRWXUGO;
13019 msq->q_perm.key = key;
13020 + msq->q_perm.xid = vx_current_xid();
13022 msq->q_perm.security = NULL;
13023 retval = security_msg_queue_alloc(msq);
13024 diff -NurpP --minimal linux-3.14.17/ipc/sem.c linux-3.14.17-vs2.3.6.13/ipc/sem.c
13025 --- linux-3.14.17/ipc/sem.c 2014-08-14 01:38:34.000000000 +0000
13026 +++ linux-3.14.17-vs2.3.6.13/ipc/sem.c 2014-08-30 14:27:38.000000000 +0000
13028 #include <linux/rwsem.h>
13029 #include <linux/nsproxy.h>
13030 #include <linux/ipc_namespace.h>
13031 +#include <linux/vs_base.h>
13032 +#include <linux/vs_limit.h>
13034 #include <asm/uaccess.h>
13036 @@ -499,6 +501,7 @@ static int newary(struct ipc_namespace *
13038 sma->sem_perm.mode = (semflg & S_IRWXUGO);
13039 sma->sem_perm.key = key;
13040 + sma->sem_perm.xid = vx_current_xid();
13042 sma->sem_perm.security = NULL;
13043 retval = security_sem_alloc(sma);
13044 @@ -513,6 +516,9 @@ static int newary(struct ipc_namespace *
13047 ns->used_sems += nsems;
13048 + /* FIXME: obsoleted? */
13049 + vx_semary_inc(sma);
13050 + vx_nsems_add(sma, nsems);
13052 sma->sem_base = (struct sem *) &sma[1];
13054 @@ -1103,6 +1109,9 @@ static void freeary(struct ipc_namespace
13056 wake_up_sem_queue_do(&tasks);
13057 ns->used_sems -= sma->sem_nsems;
13058 + /* FIXME: obsoleted? */
13059 + vx_nsems_sub(sma, sma->sem_nsems);
13060 + vx_semary_dec(sma);
13061 ipc_rcu_putref(sma, sem_rcu_free);
13064 diff -NurpP --minimal linux-3.14.17/ipc/shm.c linux-3.14.17-vs2.3.6.13/ipc/shm.c
13065 --- linux-3.14.17/ipc/shm.c 2014-08-14 01:38:34.000000000 +0000
13066 +++ linux-3.14.17-vs2.3.6.13/ipc/shm.c 2014-08-30 14:27:38.000000000 +0000
13068 #include <linux/nsproxy.h>
13069 #include <linux/mount.h>
13070 #include <linux/ipc_namespace.h>
13071 +#include <linux/vs_context.h>
13072 +#include <linux/vs_limit.h>
13074 #include <asm/uaccess.h>
13076 @@ -209,10 +211,14 @@ static void shm_open(struct vm_area_stru
13077 static void shm_destroy(struct ipc_namespace *ns, struct shmid_kernel *shp)
13079 struct file *shm_file;
13080 + struct vx_info *vxi = lookup_vx_info(shp->shm_perm.xid);
13081 + int numpages = (shp->shm_segsz + PAGE_SIZE - 1) >> PAGE_SHIFT;
13083 shm_file = shp->shm_file;
13084 shp->shm_file = NULL;
13085 - ns->shm_tot -= (shp->shm_segsz + PAGE_SIZE - 1) >> PAGE_SHIFT;
13086 + vx_ipcshm_sub(vxi, shp, numpages);
13087 + ns->shm_tot -= numpages;
13091 if (!is_file_hugepages(shm_file))
13092 @@ -220,6 +226,7 @@ static void shm_destroy(struct ipc_names
13093 else if (shp->mlock_user)
13094 user_shm_unlock(file_inode(shm_file)->i_size, shp->mlock_user);
13096 + put_vx_info(vxi);
13097 ipc_rcu_putref(shp, shm_rcu_free);
13100 @@ -496,11 +503,15 @@ static int newseg(struct ipc_namespace *
13101 if (ns->shm_tot + numpages > ns->shm_ctlall)
13104 + if (!vx_ipcshm_avail(current_vx_info(), numpages))
13107 shp = ipc_rcu_alloc(sizeof(*shp));
13111 shp->shm_perm.key = key;
13112 + shp->shm_perm.xid = vx_current_xid();
13113 shp->shm_perm.mode = (shmflg & S_IRWXUGO);
13114 shp->mlock_user = NULL;
13116 @@ -569,6 +580,7 @@ static int newseg(struct ipc_namespace *
13118 ipc_unlock_object(&shp->shm_perm);
13120 + vx_ipcshm_add(current_vx_info(), key, numpages);
13124 diff -NurpP --minimal linux-3.14.17/kernel/Makefile linux-3.14.17-vs2.3.6.13/kernel/Makefile
13125 --- linux-3.14.17/kernel/Makefile 2014-08-14 01:38:34.000000000 +0000
13126 +++ linux-3.14.17-vs2.3.6.13/kernel/Makefile 2014-08-30 14:27:38.000000000 +0000
13127 @@ -25,6 +25,7 @@ obj-y += printk/
13133 obj-$(CONFIG_CHECKPOINT_RESTORE) += kcmp.o
13134 obj-$(CONFIG_FREEZER) += freezer.o
13135 diff -NurpP --minimal linux-3.14.17/kernel/auditsc.c linux-3.14.17-vs2.3.6.13/kernel/auditsc.c
13136 --- linux-3.14.17/kernel/auditsc.c 2014-08-14 01:38:34.000000000 +0000
13137 +++ linux-3.14.17-vs2.3.6.13/kernel/auditsc.c 2014-08-30 14:27:38.000000000 +0000
13138 @@ -1965,7 +1965,7 @@ static int audit_set_loginuid_perm(kuid_
13139 if (is_audit_feature_set(AUDIT_FEATURE_LOGINUID_IMMUTABLE))
13141 /* it is set, you need permission */
13142 - if (!capable(CAP_AUDIT_CONTROL))
13143 + if (!vx_capable(CAP_AUDIT_CONTROL, VXC_AUDIT_CONTROL))
13145 /* reject if this is not an unset and we don't allow that */
13146 if (is_audit_feature_set(AUDIT_FEATURE_ONLY_UNSET_LOGINUID) && uid_valid(loginuid))
13147 diff -NurpP --minimal linux-3.14.17/kernel/capability.c linux-3.14.17-vs2.3.6.13/kernel/capability.c
13148 --- linux-3.14.17/kernel/capability.c 2014-08-14 01:38:34.000000000 +0000
13149 +++ linux-3.14.17-vs2.3.6.13/kernel/capability.c 2014-08-30 14:27:38.000000000 +0000
13151 #include <linux/syscalls.h>
13152 #include <linux/pid_namespace.h>
13153 #include <linux/user_namespace.h>
13154 +#include <linux/vs_context.h>
13155 #include <asm/uaccess.h>
13158 @@ -116,6 +117,7 @@ static int cap_validate_magic(cap_user_h
13164 * The only thing that can change the capabilities of the current
13165 * process is the current process. As such, we can't be in this code
13166 @@ -349,6 +351,8 @@ bool has_ns_capability_noaudit(struct ta
13170 +#include <linux/vserver/base.h>
13173 * has_capability_noaudit - Does a task have a capability (unaudited) in the
13175 diff -NurpP --minimal linux-3.14.17/kernel/compat.c linux-3.14.17-vs2.3.6.13/kernel/compat.c
13176 --- linux-3.14.17/kernel/compat.c 2014-08-14 01:38:34.000000000 +0000
13177 +++ linux-3.14.17-vs2.3.6.13/kernel/compat.c 2014-08-30 14:27:38.000000000 +0000
13179 #include <linux/times.h>
13180 #include <linux/ptrace.h>
13181 #include <linux/gfp.h>
13182 +#include <linux/vs_time.h>
13184 #include <asm/uaccess.h>
13186 @@ -1040,7 +1041,7 @@ asmlinkage long compat_sys_stime(compat_
13190 - do_settimeofday(&tv);
13191 + vx_settimeofday(&tv);
13195 diff -NurpP --minimal linux-3.14.17/kernel/cred.c linux-3.14.17-vs2.3.6.13/kernel/cred.c
13196 --- linux-3.14.17/kernel/cred.c 2014-08-14 01:38:34.000000000 +0000
13197 +++ linux-3.14.17-vs2.3.6.13/kernel/cred.c 2014-08-30 14:27:38.000000000 +0000
13198 @@ -56,31 +56,6 @@ struct cred init_cred = {
13199 .group_info = &init_groups,
13202 -static inline void set_cred_subscribers(struct cred *cred, int n)
13204 -#ifdef CONFIG_DEBUG_CREDENTIALS
13205 - atomic_set(&cred->subscribers, n);
13209 -static inline int read_cred_subscribers(const struct cred *cred)
13211 -#ifdef CONFIG_DEBUG_CREDENTIALS
13212 - return atomic_read(&cred->subscribers);
13218 -static inline void alter_cred_subscribers(const struct cred *_cred, int n)
13220 -#ifdef CONFIG_DEBUG_CREDENTIALS
13221 - struct cred *cred = (struct cred *) _cred;
13223 - atomic_add(n, &cred->subscribers);
13228 * The RCU callback to actually dispose of a set of credentials
13230 @@ -232,21 +207,16 @@ error:
13232 * Call commit_creds() or abort_creds() to clean up.
13234 -struct cred *prepare_creds(void)
13235 +struct cred *__prepare_creds(const struct cred *old)
13237 - struct task_struct *task = current;
13238 - const struct cred *old;
13241 - validate_process_creds();
13243 new = kmem_cache_alloc(cred_jar, GFP_KERNEL);
13247 kdebug("prepare_creds() alloc %p", new);
13249 - old = task->cred;
13250 memcpy(new, old, sizeof(struct cred));
13252 atomic_set(&new->usage, 1);
13253 @@ -275,6 +245,13 @@ error:
13258 +struct cred *prepare_creds(void)
13260 + validate_process_creds();
13262 + return __prepare_creds(current->cred);
13264 EXPORT_SYMBOL(prepare_creds);
13267 diff -NurpP --minimal linux-3.14.17/kernel/exit.c linux-3.14.17-vs2.3.6.13/kernel/exit.c
13268 --- linux-3.14.17/kernel/exit.c 2014-08-14 01:38:34.000000000 +0000
13269 +++ linux-3.14.17-vs2.3.6.13/kernel/exit.c 2014-08-30 14:27:38.000000000 +0000
13271 #include <linux/fs_struct.h>
13272 #include <linux/init_task.h>
13273 #include <linux/perf_event.h>
13274 +#include <linux/vs_limit.h>
13275 +#include <linux/vs_context.h>
13276 +#include <linux/vs_network.h>
13277 +#include <linux/vs_pid.h>
13278 #include <trace/events/sched.h>
13279 #include <linux/hw_breakpoint.h>
13280 #include <linux/oom.h>
13281 @@ -504,15 +508,25 @@ static struct task_struct *find_new_reap
13282 __acquires(&tasklist_lock)
13284 struct pid_namespace *pid_ns = task_active_pid_ns(father);
13285 - struct task_struct *thread;
13286 + struct vx_info *vxi = task_get_vx_info(father);
13287 + struct task_struct *thread = father;
13288 + struct task_struct *reaper;
13291 while_each_thread(father, thread) {
13292 if (thread->flags & PF_EXITING)
13294 if (unlikely(pid_ns->child_reaper == father))
13295 pid_ns->child_reaper = thread;
13301 + reaper = pid_ns->child_reaper;
13303 + BUG_ON(!vxi->vx_reaper);
13304 + if (vxi->vx_reaper != init_pid_ns.child_reaper &&
13305 + vxi->vx_reaper != father)
13306 + reaper = vxi->vx_reaper;
13309 if (unlikely(pid_ns->child_reaper == father)) {
13310 @@ -550,7 +564,9 @@ static struct task_struct *find_new_reap
13314 - return pid_ns->child_reaper;
13316 + put_vx_info(vxi);
13321 @@ -608,10 +624,15 @@ static void forget_original_parent(struc
13322 list_for_each_entry_safe(p, n, &father->children, sibling) {
13323 struct task_struct *t = p;
13325 - t->real_parent = reaper;
13326 + struct task_struct *new_parent = reaper;
13328 + if (unlikely(p == reaper))
13329 + new_parent = task_active_pid_ns(p)->child_reaper;
13331 + t->real_parent = new_parent;
13332 if (t->parent == father) {
13334 - t->parent = t->real_parent;
13335 + t->parent = new_parent;
13337 if (t->pdeath_signal)
13338 group_send_sig_info(t->pdeath_signal,
13339 @@ -816,6 +837,9 @@ void do_exit(long code)
13341 flush_ptrace_hw_breakpoint(tsk);
13343 + /* needs to stay before exit_notify() */
13344 + exit_vx_info_early(tsk, code);
13346 exit_notify(tsk, group_dead);
13349 @@ -869,10 +893,15 @@ void do_exit(long code)
13351 raw_spin_unlock_wait(&tsk->pi_lock);
13353 + /* needs to stay after exit_notify() */
13354 + exit_vx_info(tsk, code);
13355 + exit_nx_info(tsk);
13357 /* causes final put_task_struct in finish_task_switch(). */
13358 tsk->state = TASK_DEAD;
13359 tsk->flags |= PF_NOFREEZE; /* tell freezer to ignore us */
13361 + printk("bad task: %p [%lx]\n", current, current->state);
13363 /* Avoid "noreturn function does return". */
13365 diff -NurpP --minimal linux-3.14.17/kernel/fork.c linux-3.14.17-vs2.3.6.13/kernel/fork.c
13366 --- linux-3.14.17/kernel/fork.c 2014-08-14 01:38:34.000000000 +0000
13367 +++ linux-3.14.17-vs2.3.6.13/kernel/fork.c 2014-08-30 14:38:41.000000000 +0000
13369 #include <linux/signalfd.h>
13370 #include <linux/uprobes.h>
13371 #include <linux/aio.h>
13372 +#include <linux/vs_context.h>
13373 +#include <linux/vs_network.h>
13374 +#include <linux/vs_limit.h>
13376 #include <asm/pgtable.h>
13377 #include <asm/pgalloc.h>
13378 @@ -211,6 +214,8 @@ void free_task(struct task_struct *tsk)
13379 arch_release_thread_info(tsk->stack);
13380 free_thread_info(tsk->stack);
13381 rt_mutex_debug_task_free(tsk);
13382 + clr_vx_info(&tsk->vx_info);
13383 + clr_nx_info(&tsk->nx_info);
13384 ftrace_graph_exit_task(tsk);
13385 put_seccomp_filter(tsk);
13386 arch_release_task_struct(tsk);
13387 @@ -542,6 +547,7 @@ static struct mm_struct *mm_init(struct
13388 if (likely(!mm_alloc_pgd(mm))) {
13390 mmu_notifier_mm_init(mm);
13391 + set_vx_info(&mm->mm_vx_info, p->vx_info);
13395 @@ -594,6 +600,7 @@ void __mmdrop(struct mm_struct *mm)
13396 destroy_context(mm);
13397 mmu_notifier_mm_destroy(mm);
13399 + clr_vx_info(&mm->mm_vx_info);
13402 EXPORT_SYMBOL_GPL(__mmdrop);
13403 @@ -810,6 +817,7 @@ static struct mm_struct *dup_mm(struct t
13406 memcpy(mm, oldmm, sizeof(*mm));
13407 + mm->mm_vx_info = NULL;
13408 mm_init_cpumask(mm);
13410 #if defined(CONFIG_TRANSPARENT_HUGEPAGE) && !USE_SPLIT_PMD_PTLOCKS
13411 @@ -848,6 +856,7 @@ fail_nocontext:
13412 * If init_new_context() failed, we cannot use mmput() to free the mm
13413 * because it calls destroy_context()
13415 + clr_vx_info(&mm->mm_vx_info);
13419 @@ -1139,6 +1148,8 @@ static struct task_struct *copy_process(
13422 struct task_struct *p;
13423 + struct vx_info *vxi;
13424 + struct nx_info *nxi;
13426 if ((clone_flags & (CLONE_NEWNS|CLONE_FS)) == (CLONE_NEWNS|CLONE_FS))
13427 return ERR_PTR(-EINVAL);
13428 @@ -1201,7 +1212,12 @@ static struct task_struct *copy_process(
13429 DEBUG_LOCKS_WARN_ON(!p->hardirqs_enabled);
13430 DEBUG_LOCKS_WARN_ON(!p->softirqs_enabled);
13432 + init_vx_info(&p->vx_info, current_vx_info());
13433 + init_nx_info(&p->nx_info, current_nx_info());
13436 + if (!vx_nproc_avail(1))
13437 + goto bad_fork_free;
13438 if (atomic_read(&p->real_cred->user->processes) >=
13439 task_rlimit(p, RLIMIT_NPROC)) {
13440 if (p->real_cred->user != INIT_USER &&
13441 @@ -1485,6 +1501,18 @@ static struct task_struct *copy_process(
13443 spin_unlock(¤t->sighand->siglock);
13444 syscall_tracepoint_update(p);
13446 + /* p is copy of current */
13447 + vxi = p->vx_info;
13449 + claim_vx_info(vxi, p);
13450 + atomic_inc(&vxi->cvirt.nr_threads);
13451 + atomic_inc(&vxi->cvirt.total_forks);
13454 + nxi = p->nx_info;
13456 + claim_nx_info(nxi, p);
13457 write_unlock_irq(&tasklist_lock);
13459 proc_fork_connector(p);
13460 diff -NurpP --minimal linux-3.14.17/kernel/kthread.c linux-3.14.17-vs2.3.6.13/kernel/kthread.c
13461 --- linux-3.14.17/kernel/kthread.c 2014-08-14 01:38:34.000000000 +0000
13462 +++ linux-3.14.17-vs2.3.6.13/kernel/kthread.c 2014-08-30 14:27:38.000000000 +0000
13464 #include <linux/freezer.h>
13465 #include <linux/ptrace.h>
13466 #include <linux/uaccess.h>
13467 +#include <linux/vs_pid.h>
13468 #include <trace/events/sched.h>
13470 static DEFINE_SPINLOCK(kthread_create_lock);
13471 diff -NurpP --minimal linux-3.14.17/kernel/nsproxy.c linux-3.14.17-vs2.3.6.13/kernel/nsproxy.c
13472 --- linux-3.14.17/kernel/nsproxy.c 2014-08-14 01:38:34.000000000 +0000
13473 +++ linux-3.14.17-vs2.3.6.13/kernel/nsproxy.c 2014-08-30 14:27:38.000000000 +0000
13474 @@ -20,11 +20,14 @@
13475 #include <linux/mnt_namespace.h>
13476 #include <linux/utsname.h>
13477 #include <linux/pid_namespace.h>
13478 +#include <linux/vserver/global.h>
13479 +#include <linux/vserver/debug.h>
13480 #include <net/net_namespace.h>
13481 #include <linux/ipc_namespace.h>
13482 #include <linux/proc_ns.h>
13483 #include <linux/file.h>
13484 #include <linux/syscalls.h>
13485 +#include "../fs/mount.h"
13487 static struct kmem_cache *nsproxy_cachep;
13489 @@ -46,8 +49,11 @@ static inline struct nsproxy *create_nsp
13490 struct nsproxy *nsproxy;
13492 nsproxy = kmem_cache_alloc(nsproxy_cachep, GFP_KERNEL);
13495 atomic_set(&nsproxy->count, 1);
13496 + atomic_inc(&vs_global_nsproxy);
13498 + vxdprintk(VXD_CBIT(space, 2), "create_nsproxy = %p[1]", nsproxy);
13502 @@ -56,9 +62,12 @@ static inline struct nsproxy *create_nsp
13503 * Return the newly created nsproxy. Do not attach this to the task,
13504 * leave it to the caller to do proper locking and attach it to task.
13506 -static struct nsproxy *create_new_namespaces(unsigned long flags,
13507 - struct task_struct *tsk, struct user_namespace *user_ns,
13508 - struct fs_struct *new_fs)
13509 +static struct nsproxy *unshare_namespaces(
13510 + unsigned long flags,
13511 + struct nsproxy *orig,
13512 + struct fs_struct *new_fs,
13513 + struct user_namespace *new_user,
13514 + struct pid_namespace *new_pid)
13516 struct nsproxy *new_nsp;
13518 @@ -67,32 +76,31 @@ static struct nsproxy *create_new_namesp
13520 return ERR_PTR(-ENOMEM);
13522 - new_nsp->mnt_ns = copy_mnt_ns(flags, tsk->nsproxy->mnt_ns, user_ns, new_fs);
13523 + new_nsp->mnt_ns = copy_mnt_ns(flags, orig->mnt_ns, new_user, new_fs);
13524 if (IS_ERR(new_nsp->mnt_ns)) {
13525 err = PTR_ERR(new_nsp->mnt_ns);
13529 - new_nsp->uts_ns = copy_utsname(flags, user_ns, tsk->nsproxy->uts_ns);
13530 + new_nsp->uts_ns = copy_utsname(flags, new_user, orig->uts_ns);
13531 if (IS_ERR(new_nsp->uts_ns)) {
13532 err = PTR_ERR(new_nsp->uts_ns);
13536 - new_nsp->ipc_ns = copy_ipcs(flags, user_ns, tsk->nsproxy->ipc_ns);
13537 + new_nsp->ipc_ns = copy_ipcs(flags, new_user, orig->ipc_ns);
13538 if (IS_ERR(new_nsp->ipc_ns)) {
13539 err = PTR_ERR(new_nsp->ipc_ns);
13543 - new_nsp->pid_ns_for_children =
13544 - copy_pid_ns(flags, user_ns, tsk->nsproxy->pid_ns_for_children);
13545 + new_nsp->pid_ns_for_children = copy_pid_ns(flags, new_user, new_pid);
13546 if (IS_ERR(new_nsp->pid_ns_for_children)) {
13547 err = PTR_ERR(new_nsp->pid_ns_for_children);
13551 - new_nsp->net_ns = copy_net_ns(flags, user_ns, tsk->nsproxy->net_ns);
13552 + new_nsp->net_ns = copy_net_ns(flags, new_user, orig->net_ns);
13553 if (IS_ERR(new_nsp->net_ns)) {
13554 err = PTR_ERR(new_nsp->net_ns);
13556 @@ -117,6 +125,41 @@ out_ns:
13557 return ERR_PTR(err);
13560 +static struct nsproxy *create_new_namespaces(unsigned long flags,
13561 + struct task_struct *tsk, struct user_namespace *user_ns,
13562 + struct fs_struct *new_fs)
13565 + return unshare_namespaces(flags, tsk->nsproxy,
13566 + new_fs, user_ns, task_active_pid_ns(tsk));
13570 + * copies the nsproxy, setting refcount to 1, and grabbing a
13571 + * reference to all contained namespaces.
13573 +struct nsproxy *copy_nsproxy(struct nsproxy *orig)
13575 + struct nsproxy *ns = create_nsproxy();
13578 + memcpy(ns, orig, sizeof(struct nsproxy));
13579 + atomic_set(&ns->count, 1);
13582 + get_mnt_ns(ns->mnt_ns);
13584 + get_uts_ns(ns->uts_ns);
13586 + get_ipc_ns(ns->ipc_ns);
13587 + if (ns->pid_ns_for_children)
13588 + get_pid_ns(ns->pid_ns_for_children);
13590 + get_net(ns->net_ns);
13596 * called from clone. This now handles copy for nsproxy and all
13597 * namespaces therein.
13598 @@ -125,7 +168,10 @@ int copy_namespaces(unsigned long flags,
13600 struct nsproxy *old_ns = tsk->nsproxy;
13601 struct user_namespace *user_ns = task_cred_xxx(tsk, user_ns);
13602 - struct nsproxy *new_ns;
13603 + struct nsproxy *new_ns = NULL;
13605 + vxdprintk(VXD_CBIT(space, 7), "copy_namespaces(0x%08lx,%p[%p])",
13606 + flags, tsk, old_ns);
13608 if (likely(!(flags & (CLONE_NEWNS | CLONE_NEWUTS | CLONE_NEWIPC |
13609 CLONE_NEWPID | CLONE_NEWNET)))) {
13610 @@ -133,7 +179,7 @@ int copy_namespaces(unsigned long flags,
13614 - if (!ns_capable(user_ns, CAP_SYS_ADMIN))
13615 + if (!vx_ns_can_unshare(user_ns, CAP_SYS_ADMIN, flags))
13619 @@ -152,6 +198,9 @@ int copy_namespaces(unsigned long flags,
13620 return PTR_ERR(new_ns);
13622 tsk->nsproxy = new_ns;
13623 + vxdprintk(VXD_CBIT(space, 3),
13624 + "copy_namespaces(0x%08lx,%p[%p]) = [%p]",
13625 + flags, tsk, old_ns, new_ns);
13629 @@ -165,7 +214,9 @@ void free_nsproxy(struct nsproxy *ns)
13630 put_ipc_ns(ns->ipc_ns);
13631 if (ns->pid_ns_for_children)
13632 put_pid_ns(ns->pid_ns_for_children);
13633 - put_net(ns->net_ns);
13635 + put_net(ns->net_ns);
13636 + atomic_dec(&vs_global_nsproxy);
13637 kmem_cache_free(nsproxy_cachep, ns);
13640 @@ -179,12 +230,16 @@ int unshare_nsproxy_namespaces(unsigned
13641 struct user_namespace *user_ns;
13644 + vxdprintk(VXD_CBIT(space, 4),
13645 + "unshare_nsproxy_namespaces(0x%08lx,[%p])",
13646 + unshare_flags, current->nsproxy);
13648 if (!(unshare_flags & (CLONE_NEWNS | CLONE_NEWUTS | CLONE_NEWIPC |
13649 CLONE_NEWNET | CLONE_NEWPID)))
13652 user_ns = new_cred ? new_cred->user_ns : current_user_ns();
13653 - if (!ns_capable(user_ns, CAP_SYS_ADMIN))
13654 + if (!vx_ns_can_unshare(user_ns, CAP_SYS_ADMIN, unshare_flags))
13657 *new_nsp = create_new_namespaces(unshare_flags, current, user_ns,
13658 diff -NurpP --minimal linux-3.14.17/kernel/pid.c linux-3.14.17-vs2.3.6.13/kernel/pid.c
13659 --- linux-3.14.17/kernel/pid.c 2014-08-14 01:38:34.000000000 +0000
13660 +++ linux-3.14.17-vs2.3.6.13/kernel/pid.c 2014-08-30 14:27:38.000000000 +0000
13662 #include <linux/syscalls.h>
13663 #include <linux/proc_ns.h>
13664 #include <linux/proc_fs.h>
13665 +#include <linux/vs_pid.h>
13667 #define pid_hashfn(nr, ns) \
13668 hash_long((unsigned long)nr + (unsigned long)ns, pidhash_shift)
13669 @@ -373,7 +374,7 @@ EXPORT_SYMBOL_GPL(find_pid_ns);
13671 struct pid *find_vpid(int nr)
13673 - return find_pid_ns(nr, task_active_pid_ns(current));
13674 + return find_pid_ns(vx_rmap_pid(nr), task_active_pid_ns(current));
13676 EXPORT_SYMBOL_GPL(find_vpid);
13678 @@ -429,6 +430,9 @@ void transfer_pid(struct task_struct *ol
13679 struct task_struct *pid_task(struct pid *pid, enum pid_type type)
13681 struct task_struct *result = NULL;
13683 + if (type == PIDTYPE_REALPID)
13684 + type = PIDTYPE_PID;
13686 struct hlist_node *first;
13687 first = rcu_dereference_check(hlist_first_rcu(&pid->tasks[type]),
13688 @@ -448,7 +452,7 @@ struct task_struct *find_task_by_pid_ns(
13689 rcu_lockdep_assert(rcu_read_lock_held(),
13690 "find_task_by_pid_ns() needs rcu_read_lock()"
13692 - return pid_task(find_pid_ns(nr, ns), PIDTYPE_PID);
13693 + return pid_task(find_pid_ns(vx_rmap_pid(nr), ns), PIDTYPE_PID);
13696 struct task_struct *find_task_by_vpid(pid_t vnr)
13697 @@ -492,7 +496,7 @@ struct pid *find_get_pid(pid_t nr)
13699 EXPORT_SYMBOL_GPL(find_get_pid);
13701 -pid_t pid_nr_ns(struct pid *pid, struct pid_namespace *ns)
13702 +pid_t pid_unmapped_nr_ns(struct pid *pid, struct pid_namespace *ns)
13706 @@ -506,6 +510,11 @@ pid_t pid_nr_ns(struct pid *pid, struct
13708 EXPORT_SYMBOL_GPL(pid_nr_ns);
13710 +pid_t pid_nr_ns(struct pid *pid, struct pid_namespace *ns)
13712 + return vx_map_pid(pid_unmapped_nr_ns(pid, ns));
13715 pid_t pid_vnr(struct pid *pid)
13717 return pid_nr_ns(pid, task_active_pid_ns(current));
13718 diff -NurpP --minimal linux-3.14.17/kernel/pid_namespace.c linux-3.14.17-vs2.3.6.13/kernel/pid_namespace.c
13719 --- linux-3.14.17/kernel/pid_namespace.c 2014-08-14 01:38:34.000000000 +0000
13720 +++ linux-3.14.17-vs2.3.6.13/kernel/pid_namespace.c 2014-08-30 14:27:38.000000000 +0000
13722 #include <linux/proc_ns.h>
13723 #include <linux/reboot.h>
13724 #include <linux/export.h>
13725 +#include <linux/vserver/global.h>
13729 @@ -110,6 +111,7 @@ static struct pid_namespace *create_pid_
13732 kref_init(&ns->kref);
13733 + atomic_inc(&vs_global_pid_ns);
13735 ns->parent = get_pid_ns(parent_pid_ns);
13736 ns->user_ns = get_user_ns(user_ns);
13737 @@ -127,6 +129,7 @@ static struct pid_namespace *create_pid_
13739 kfree(ns->pidmap[0].page);
13741 + atomic_dec(&vs_global_pid_ns);
13742 kmem_cache_free(pid_ns_cachep, ns);
13744 return ERR_PTR(err);
13745 diff -NurpP --minimal linux-3.14.17/kernel/posix-timers.c linux-3.14.17-vs2.3.6.13/kernel/posix-timers.c
13746 --- linux-3.14.17/kernel/posix-timers.c 2014-08-14 01:38:34.000000000 +0000
13747 +++ linux-3.14.17-vs2.3.6.13/kernel/posix-timers.c 2014-08-30 14:27:38.000000000 +0000
13749 #include <linux/workqueue.h>
13750 #include <linux/export.h>
13751 #include <linux/hashtable.h>
13752 +#include <linux/vs_context.h>
13755 * Management arrays for POSIX timers. Timers are now kept in static hash table
13756 @@ -398,6 +399,7 @@ int posix_timer_event(struct k_itimer *t
13758 struct task_struct *task;
13759 int shared, ret = -1;
13762 * FIXME: if ->sigq is queued we can race with
13763 * dequeue_signal()->do_schedule_next_timer().
13764 @@ -414,10 +416,18 @@ int posix_timer_event(struct k_itimer *t
13766 task = pid_task(timr->it_pid, PIDTYPE_PID);
13768 + struct vx_info_save vxis;
13769 + struct vx_info *vxi;
13771 + vxi = get_vx_info(task->vx_info);
13772 + enter_vx_info(vxi, &vxis);
13773 shared = !(timr->it_sigev_notify & SIGEV_THREAD_ID);
13774 ret = send_sigqueue(timr->sigq, task, shared);
13775 + leave_vx_info(&vxis);
13776 + put_vx_info(vxi);
13780 /* If we failed to send the signal the timer stops. */
13783 diff -NurpP --minimal linux-3.14.17/kernel/printk/printk.c linux-3.14.17-vs2.3.6.13/kernel/printk/printk.c
13784 --- linux-3.14.17/kernel/printk/printk.c 2014-08-14 01:38:34.000000000 +0000
13785 +++ linux-3.14.17-vs2.3.6.13/kernel/printk/printk.c 2014-08-30 14:27:38.000000000 +0000
13787 #include <linux/poll.h>
13788 #include <linux/irq_work.h>
13789 #include <linux/utsname.h>
13790 +#include <linux/vs_cvirt.h>
13792 #include <asm/uaccess.h>
13794 @@ -386,7 +387,7 @@ static int check_syslog_permissions(int
13797 if (syslog_action_restricted(type)) {
13798 - if (capable(CAP_SYSLOG))
13799 + if (vx_capable(CAP_SYSLOG, VXC_SYSLOG))
13802 * For historical reasons, accept CAP_SYS_ADMIN too, with
13803 @@ -1130,12 +1131,9 @@ int do_syslog(int type, char __user *buf
13808 - case SYSLOG_ACTION_CLOSE: /* Close log */
13810 - case SYSLOG_ACTION_OPEN: /* Open log */
13812 - case SYSLOG_ACTION_READ: /* Read from log */
13813 + if ((type == SYSLOG_ACTION_READ) ||
13814 + (type == SYSLOG_ACTION_READ_ALL) ||
13815 + (type == SYSLOG_ACTION_READ_CLEAR)) {
13817 if (!buf || len < 0)
13819 @@ -1146,6 +1144,16 @@ int do_syslog(int type, char __user *buf
13824 + if (!vx_check(0, VS_ADMIN|VS_WATCH))
13825 + return vx_do_syslog(type, buf, len);
13828 + case SYSLOG_ACTION_CLOSE: /* Close log */
13830 + case SYSLOG_ACTION_OPEN: /* Open log */
13832 + case SYSLOG_ACTION_READ: /* Read from log */
13833 error = wait_event_interruptible(log_wait,
13834 syslog_seq != log_next_seq);
13836 @@ -1158,16 +1166,6 @@ int do_syslog(int type, char __user *buf
13838 /* Read last kernel messages */
13839 case SYSLOG_ACTION_READ_ALL:
13841 - if (!buf || len < 0)
13846 - if (!access_ok(VERIFY_WRITE, buf, len)) {
13850 error = syslog_print_all(buf, len, clear);
13852 /* Clear ring buffer */
13853 diff -NurpP --minimal linux-3.14.17/kernel/ptrace.c linux-3.14.17-vs2.3.6.13/kernel/ptrace.c
13854 --- linux-3.14.17/kernel/ptrace.c 2014-08-14 01:38:34.000000000 +0000
13855 +++ linux-3.14.17-vs2.3.6.13/kernel/ptrace.c 2014-08-30 14:27:38.000000000 +0000
13857 #include <linux/syscalls.h>
13858 #include <linux/uaccess.h>
13859 #include <linux/regset.h>
13860 +#include <linux/vs_context.h>
13861 #include <linux/hw_breakpoint.h>
13862 #include <linux/cn_proc.h>
13863 #include <linux/compat.h>
13864 @@ -264,6 +265,11 @@ ok:
13868 + if (!vx_check(task->xid, VS_ADMIN_P|VS_WATCH_P|VS_IDENT))
13870 + if (!vx_check(task->xid, VS_IDENT) &&
13871 + !task_vx_flags(task, VXF_STATE_ADMIN, 0))
13873 return security_ptrace_access_check(task, mode);
13876 diff -NurpP --minimal linux-3.14.17/kernel/reboot.c linux-3.14.17-vs2.3.6.13/kernel/reboot.c
13877 --- linux-3.14.17/kernel/reboot.c 2014-08-14 01:38:34.000000000 +0000
13878 +++ linux-3.14.17-vs2.3.6.13/kernel/reboot.c 2014-08-30 14:27:38.000000000 +0000
13880 #include <linux/syscalls.h>
13881 #include <linux/syscore_ops.h>
13882 #include <linux/uaccess.h>
13883 +#include <linux/vs_pid.h>
13886 * this indicates whether you can reboot with ctrl-alt-del: the default is yes
13887 @@ -188,6 +189,8 @@ EXPORT_SYMBOL_GPL(kernel_power_off);
13889 static DEFINE_MUTEX(reboot_mutex);
13891 +long vs_reboot(unsigned int, void __user *);
13894 * Reboot system call: for obvious reasons only root may call it,
13895 * and even root needs to set up some magic numbers in the registers
13896 @@ -230,6 +233,9 @@ SYSCALL_DEFINE4(reboot, int, magic1, int
13897 if ((cmd == LINUX_REBOOT_CMD_POWER_OFF) && !pm_power_off)
13898 cmd = LINUX_REBOOT_CMD_HALT;
13900 + if (!vx_check(0, VS_ADMIN|VS_WATCH))
13901 + return vs_reboot(cmd, arg);
13903 mutex_lock(&reboot_mutex);
13905 case LINUX_REBOOT_CMD_RESTART:
13906 diff -NurpP --minimal linux-3.14.17/kernel/sched/core.c linux-3.14.17-vs2.3.6.13/kernel/sched/core.c
13907 --- linux-3.14.17/kernel/sched/core.c 2014-08-14 01:38:34.000000000 +0000
13908 +++ linux-3.14.17-vs2.3.6.13/kernel/sched/core.c 2014-08-30 14:27:38.000000000 +0000
13910 #include <linux/init_task.h>
13911 #include <linux/binfmts.h>
13912 #include <linux/context_tracking.h>
13913 +#include <linux/vs_sched.h>
13914 +#include <linux/vs_cvirt.h>
13916 #include <asm/switch_to.h>
13917 #include <asm/tlb.h>
13918 @@ -3083,7 +3085,7 @@ SYSCALL_DEFINE1(nice, int, increment)
13921 if (increment < 0 && !can_nice(current, nice))
13923 + return vx_flags(VXF_IGNEG_NICE, 0) ? 0 : -EPERM;
13925 retval = security_task_setnice(current, nice);
13927 diff -NurpP --minimal linux-3.14.17/kernel/sched/cputime.c linux-3.14.17-vs2.3.6.13/kernel/sched/cputime.c
13928 --- linux-3.14.17/kernel/sched/cputime.c 2014-08-14 01:38:34.000000000 +0000
13929 +++ linux-3.14.17-vs2.3.6.13/kernel/sched/cputime.c 2014-08-30 14:27:38.000000000 +0000
13931 #include <linux/kernel_stat.h>
13932 #include <linux/static_key.h>
13933 #include <linux/context_tracking.h>
13934 +#include <linux/vs_sched.h>
13938 @@ -135,14 +136,17 @@ static inline void task_group_account_fi
13939 void account_user_time(struct task_struct *p, cputime_t cputime,
13940 cputime_t cputime_scaled)
13942 + struct vx_info *vxi = p->vx_info; /* p is _always_ current */
13943 + int nice = (TASK_NICE(p) > 0);
13946 /* Add user time to process. */
13947 p->utime += cputime;
13948 p->utimescaled += cputime_scaled;
13949 + vx_account_user(vxi, cputime, nice);
13950 account_group_user_time(p, cputime);
13952 - index = (TASK_NICE(p) > 0) ? CPUTIME_NICE : CPUTIME_USER;
13953 + index = (nice) ? CPUTIME_NICE : CPUTIME_USER;
13955 /* Add user time to cpustat. */
13956 task_group_account_field(p, index, (__force u64) cputime);
13957 @@ -189,9 +193,12 @@ static inline
13958 void __account_system_time(struct task_struct *p, cputime_t cputime,
13959 cputime_t cputime_scaled, int index)
13961 + struct vx_info *vxi = p->vx_info; /* p is _always_ current */
13963 /* Add system time to process. */
13964 p->stime += cputime;
13965 p->stimescaled += cputime_scaled;
13966 + vx_account_system(vxi, cputime, 0 /* do we have idle time? */);
13967 account_group_system_time(p, cputime);
13969 /* Add system time to cpustat. */
13970 diff -NurpP --minimal linux-3.14.17/kernel/sched/fair.c linux-3.14.17-vs2.3.6.13/kernel/sched/fair.c
13971 --- linux-3.14.17/kernel/sched/fair.c 2014-08-14 01:38:34.000000000 +0000
13972 +++ linux-3.14.17-vs2.3.6.13/kernel/sched/fair.c 2014-08-30 14:27:38.000000000 +0000
13974 #include <linux/mempolicy.h>
13975 #include <linux/migrate.h>
13976 #include <linux/task_work.h>
13977 +#include <linux/vs_cvirt.h>
13979 #include <trace/events/sched.h>
13981 @@ -2568,6 +2569,8 @@ enqueue_entity(struct cfs_rq *cfs_rq, st
13982 __enqueue_entity(cfs_rq, se);
13985 + if (entity_is_task(se))
13986 + vx_activate_task(task_of(se));
13987 if (cfs_rq->nr_running == 1) {
13988 list_add_leaf_cfs_rq(cfs_rq);
13989 check_enqueue_throttle(cfs_rq);
13990 @@ -2649,6 +2652,8 @@ dequeue_entity(struct cfs_rq *cfs_rq, st
13991 if (se != cfs_rq->curr)
13992 __dequeue_entity(cfs_rq, se);
13994 + if (entity_is_task(se))
13995 + vx_deactivate_task(task_of(se));
13996 account_entity_dequeue(cfs_rq, se);
13999 diff -NurpP --minimal linux-3.14.17/kernel/sched/proc.c linux-3.14.17-vs2.3.6.13/kernel/sched/proc.c
14000 --- linux-3.14.17/kernel/sched/proc.c 2014-08-14 01:38:34.000000000 +0000
14001 +++ linux-3.14.17-vs2.3.6.13/kernel/sched/proc.c 2014-08-30 14:27:38.000000000 +0000
14002 @@ -78,9 +78,17 @@ EXPORT_SYMBOL(avenrun); /* should be rem
14004 void get_avenrun(unsigned long *loads, unsigned long offset, int shift)
14006 - loads[0] = (avenrun[0] + offset) << shift;
14007 - loads[1] = (avenrun[1] + offset) << shift;
14008 - loads[2] = (avenrun[2] + offset) << shift;
14009 + if (vx_flags(VXF_VIRT_LOAD, 0)) {
14010 + struct vx_info *vxi = current_vx_info();
14012 + loads[0] = (vxi->cvirt.load[0] + offset) << shift;
14013 + loads[1] = (vxi->cvirt.load[1] + offset) << shift;
14014 + loads[2] = (vxi->cvirt.load[2] + offset) << shift;
14016 + loads[0] = (avenrun[0] + offset) << shift;
14017 + loads[1] = (avenrun[1] + offset) << shift;
14018 + loads[2] = (avenrun[2] + offset) << shift;
14022 long calc_load_fold_active(struct rq *this_rq)
14023 diff -NurpP --minimal linux-3.14.17/kernel/signal.c linux-3.14.17-vs2.3.6.13/kernel/signal.c
14024 --- linux-3.14.17/kernel/signal.c 2014-08-14 01:38:34.000000000 +0000
14025 +++ linux-3.14.17-vs2.3.6.13/kernel/signal.c 2014-08-30 14:27:38.000000000 +0000
14027 #include <linux/uprobes.h>
14028 #include <linux/compat.h>
14029 #include <linux/cn_proc.h>
14030 +#include <linux/vs_context.h>
14031 +#include <linux/vs_pid.h>
14032 #define CREATE_TRACE_POINTS
14033 #include <trace/events/signal.h>
14035 @@ -790,9 +792,18 @@ static int check_kill_permission(int sig
14039 + vxdprintk(VXD_CBIT(misc, 7),
14040 + "check_kill_permission(%d,%p,%p[#%u,%u])",
14041 + sig, info, t, vx_task_xid(t), t->pid);
14043 if (!valid_signal(sig))
14046 +/* FIXME: needed? if so, why?
14047 + if ((info != SEND_SIG_NOINFO) &&
14048 + (is_si_special(info) || !si_fromuser(info)))
14051 if (!si_fromuser(info))
14054 @@ -816,6 +827,20 @@ static int check_kill_permission(int sig
14059 + if (t->pid == 1 && current->xid)
14063 + /* FIXME: we shouldn't return ESRCH ever, to avoid
14064 + loops, maybe ENOENT or EACCES? */
14065 + if (!vx_check(vx_task_xid(t), VS_WATCH_P | VS_IDENT)) {
14066 + vxdprintk(current->xid || VXD_CBIT(misc, 7),
14067 + "signal %d[%p] xid mismatch %p[#%u,%u] xid=#%u",
14068 + sig, info, t, vx_task_xid(t), t->pid, current->xid);
14072 return security_task_kill(t, info, sig, 0);
14075 @@ -1353,7 +1378,7 @@ int kill_pid_info(int sig, struct siginf
14078 p = pid_task(pid, PIDTYPE_PID);
14080 + if (p && vx_check(vx_task_xid(p), VS_IDENT)) {
14081 error = group_send_sig_info(sig, info, p);
14082 if (unlikely(error == -ESRCH))
14084 @@ -1401,7 +1426,7 @@ int kill_pid_info_as_cred(int sig, struc
14087 p = pid_task(pid, PIDTYPE_PID);
14089 + if (!p || !vx_check(vx_task_xid(p), VS_IDENT)) {
14093 @@ -1453,8 +1478,10 @@ static int kill_something_info(int sig,
14094 struct task_struct * p;
14096 for_each_process(p) {
14097 - if (task_pid_vnr(p) > 1 &&
14098 - !same_thread_group(p, current)) {
14099 + if (vx_check(vx_task_xid(p), VS_ADMIN|VS_IDENT) &&
14100 + task_pid_vnr(p) > 1 &&
14101 + !same_thread_group(p, current) &&
14102 + !vx_current_initpid(p->pid)) {
14103 int err = group_send_sig_info(sig, info, p);
14106 @@ -2308,6 +2335,11 @@ relock:
14107 !sig_kernel_only(signr))
14110 + /* virtual init is protected against user signals */
14111 + if ((info->si_code == SI_USER) &&
14112 + vx_current_initpid(current->pid))
14115 if (sig_kernel_stop(signr)) {
14117 * The default action is to stop all threads in
14118 diff -NurpP --minimal linux-3.14.17/kernel/softirq.c linux-3.14.17-vs2.3.6.13/kernel/softirq.c
14119 --- linux-3.14.17/kernel/softirq.c 2014-08-14 01:38:34.000000000 +0000
14120 +++ linux-3.14.17-vs2.3.6.13/kernel/softirq.c 2014-08-30 14:27:38.000000000 +0000
14122 #include <linux/smp.h>
14123 #include <linux/smpboot.h>
14124 #include <linux/tick.h>
14125 +#include <linux/vs_context.h>
14127 #define CREATE_TRACE_POINTS
14128 #include <trace/events/irq.h>
14129 diff -NurpP --minimal linux-3.14.17/kernel/sys.c linux-3.14.17-vs2.3.6.13/kernel/sys.c
14130 --- linux-3.14.17/kernel/sys.c 2014-08-14 01:38:34.000000000 +0000
14131 +++ linux-3.14.17-vs2.3.6.13/kernel/sys.c 2014-08-30 14:27:38.000000000 +0000
14133 #include <linux/cred.h>
14135 #include <linux/kmsg_dump.h>
14136 +#include <linux/vs_pid.h>
14137 /* Move somewhere else to avoid recompiling? */
14138 #include <generated/utsrelease.h>
14140 @@ -145,7 +146,10 @@ static int set_one_prio(struct task_stru
14143 if (niceval < task_nice(p) && !can_nice(p, niceval)) {
14145 + if (vx_flags(VXF_IGNEG_NICE, 0))
14151 no_nice = security_task_setnice(p, niceval);
14152 @@ -196,6 +200,8 @@ SYSCALL_DEFINE3(setpriority, int, which,
14154 pgrp = task_pgrp(current);
14155 do_each_pid_thread(pgrp, PIDTYPE_PGID, p) {
14156 + if (!vx_check(p->xid, VS_ADMIN_P | VS_IDENT))
14158 error = set_one_prio(p, niceval, error);
14159 } while_each_pid_thread(pgrp, PIDTYPE_PGID, p);
14161 @@ -261,6 +267,8 @@ SYSCALL_DEFINE2(getpriority, int, which,
14163 pgrp = task_pgrp(current);
14164 do_each_pid_thread(pgrp, PIDTYPE_PGID, p) {
14165 + if (!vx_check(p->xid, VS_ADMIN_P | VS_IDENT))
14167 niceval = 20 - task_nice(p);
14168 if (niceval > retval)
14170 @@ -1197,7 +1205,8 @@ SYSCALL_DEFINE2(sethostname, char __user
14172 char tmp[__NEW_UTS_LEN];
14174 - if (!ns_capable(current->nsproxy->uts_ns->user_ns, CAP_SYS_ADMIN))
14175 + if (!vx_ns_capable(current->nsproxy->uts_ns->user_ns,
14176 + CAP_SYS_ADMIN, VXC_SET_UTSNAME))
14179 if (len < 0 || len > __NEW_UTS_LEN)
14180 @@ -1248,7 +1257,8 @@ SYSCALL_DEFINE2(setdomainname, char __us
14182 char tmp[__NEW_UTS_LEN];
14184 - if (!ns_capable(current->nsproxy->uts_ns->user_ns, CAP_SYS_ADMIN))
14185 + if (!vx_ns_capable(current->nsproxy->uts_ns->user_ns,
14186 + CAP_SYS_ADMIN, VXC_SET_UTSNAME))
14188 if (len < 0 || len > __NEW_UTS_LEN)
14190 @@ -1367,7 +1377,7 @@ int do_prlimit(struct task_struct *tsk,
14191 /* Keep the capable check against init_user_ns until
14192 cgroups can contain all limits */
14193 if (new_rlim->rlim_max > rlim->rlim_max &&
14194 - !capable(CAP_SYS_RESOURCE))
14195 + !vx_capable(CAP_SYS_RESOURCE, VXC_SET_RLIMIT))
14198 retval = security_task_setrlimit(tsk->group_leader,
14199 @@ -1420,7 +1430,8 @@ static int check_prlimit_permission(stru
14200 gid_eq(cred->gid, tcred->sgid) &&
14201 gid_eq(cred->gid, tcred->gid))
14203 - if (ns_capable(tcred->user_ns, CAP_SYS_RESOURCE))
14204 + if (vx_ns_capable(tcred->user_ns,
14205 + CAP_SYS_RESOURCE, VXC_SET_RLIMIT))
14209 diff -NurpP --minimal linux-3.14.17/kernel/sysctl.c linux-3.14.17-vs2.3.6.13/kernel/sysctl.c
14210 --- linux-3.14.17/kernel/sysctl.c 2014-08-14 01:38:34.000000000 +0000
14211 +++ linux-3.14.17-vs2.3.6.13/kernel/sysctl.c 2014-08-30 14:27:38.000000000 +0000
14213 #if defined(CONFIG_PROVE_LOCKING) || defined(CONFIG_LOCK_STAT)
14214 #include <linux/lockdep.h>
14216 +extern char vshelper_path[];
14217 #ifdef CONFIG_CHR_DEV_SG
14218 #include <scsi/sg.h>
14220 @@ -660,6 +661,13 @@ static struct ctl_table kern_table[] = {
14222 .proc_handler = proc_dostring,
14225 + .procname = "vshelper",
14226 + .data = &vshelper_path,
14229 + .proc_handler = &proc_dostring,
14232 #ifdef CONFIG_CHR_DEV_SG
14234 diff -NurpP --minimal linux-3.14.17/kernel/sysctl_binary.c linux-3.14.17-vs2.3.6.13/kernel/sysctl_binary.c
14235 --- linux-3.14.17/kernel/sysctl_binary.c 2014-08-14 01:38:34.000000000 +0000
14236 +++ linux-3.14.17-vs2.3.6.13/kernel/sysctl_binary.c 2014-08-30 14:27:38.000000000 +0000
14237 @@ -73,6 +73,7 @@ static const struct bin_table bin_kern_t
14239 { CTL_INT, KERN_PANIC, "panic" },
14240 { CTL_INT, KERN_REALROOTDEV, "real-root-dev" },
14241 + { CTL_STR, KERN_VSHELPER, "vshelper" },
14243 { CTL_STR, KERN_SPARC_REBOOT, "reboot-cmd" },
14244 { CTL_INT, KERN_CTLALTDEL, "ctrl-alt-del" },
14245 diff -NurpP --minimal linux-3.14.17/kernel/time/timekeeping.c linux-3.14.17-vs2.3.6.13/kernel/time/timekeeping.c
14246 --- linux-3.14.17/kernel/time/timekeeping.c 2014-08-14 01:38:34.000000000 +0000
14247 +++ linux-3.14.17-vs2.3.6.13/kernel/time/timekeeping.c 2014-08-30 14:27:38.000000000 +0000
14249 #include <linux/tick.h>
14250 #include <linux/stop_machine.h>
14251 #include <linux/pvclock_gtod.h>
14252 +#include <linux/vs_time.h>
14254 #include "tick-internal.h"
14255 #include "ntp_internal.h"
14256 @@ -710,6 +711,7 @@ void getrawmonotonic(struct timespec *ts
14257 } while (read_seqcount_retry(&timekeeper_seq, seq));
14259 timespec_add_ns(ts, nsecs);
14260 + vx_adjust_timespec(ts);
14262 EXPORT_SYMBOL(getrawmonotonic);
14264 diff -NurpP --minimal linux-3.14.17/kernel/time.c linux-3.14.17-vs2.3.6.13/kernel/time.c
14265 --- linux-3.14.17/kernel/time.c 2014-08-14 01:38:34.000000000 +0000
14266 +++ linux-3.14.17-vs2.3.6.13/kernel/time.c 2014-08-30 14:27:38.000000000 +0000
14268 #include <linux/fs.h>
14269 #include <linux/math64.h>
14270 #include <linux/ptrace.h>
14271 +#include <linux/vs_time.h>
14273 #include <asm/uaccess.h>
14274 #include <asm/unistd.h>
14275 @@ -92,7 +93,7 @@ SYSCALL_DEFINE1(stime, time_t __user *,
14279 - do_settimeofday(&tv);
14280 + vx_settimeofday(&tv);
14284 @@ -181,7 +182,7 @@ int do_sys_settimeofday(const struct tim
14288 - return do_settimeofday(tv);
14289 + return vx_settimeofday(tv);
14293 diff -NurpP --minimal linux-3.14.17/kernel/timer.c linux-3.14.17-vs2.3.6.13/kernel/timer.c
14294 --- linux-3.14.17/kernel/timer.c 2014-08-14 01:38:34.000000000 +0000
14295 +++ linux-3.14.17-vs2.3.6.13/kernel/timer.c 2014-08-30 14:27:38.000000000 +0000
14297 #include <linux/sched/sysctl.h>
14298 #include <linux/slab.h>
14299 #include <linux/compat.h>
14300 +#include <linux/vs_base.h>
14301 +#include <linux/vs_cvirt.h>
14302 +#include <linux/vs_pid.h>
14303 +#include <linux/vserver/sched.h>
14305 #include <asm/uaccess.h>
14306 #include <asm/unistd.h>
14307 diff -NurpP --minimal linux-3.14.17/kernel/user_namespace.c linux-3.14.17-vs2.3.6.13/kernel/user_namespace.c
14308 --- linux-3.14.17/kernel/user_namespace.c 2014-08-14 01:38:34.000000000 +0000
14309 +++ linux-3.14.17-vs2.3.6.13/kernel/user_namespace.c 2014-08-30 14:27:38.000000000 +0000
14311 #include <linux/ctype.h>
14312 #include <linux/projid.h>
14313 #include <linux/fs_struct.h>
14314 +#include <linux/vserver/global.h>
14316 static struct kmem_cache *user_ns_cachep __read_mostly;
14318 @@ -94,6 +95,7 @@ int create_user_ns(struct cred *new)
14320 atomic_set(&ns->count, 1);
14321 /* Leave the new->user_ns reference with the new user namespace. */
14322 + atomic_inc(&vs_global_user_ns);
14323 ns->parent = parent_ns;
14324 ns->level = parent_ns->level + 1;
14326 @@ -847,6 +849,8 @@ static void *userns_get(struct task_stru
14328 static void userns_put(void *ns)
14330 + /* FIXME: maybe move into destroyer? */
14331 + atomic_dec(&vs_global_user_ns);
14335 diff -NurpP --minimal linux-3.14.17/kernel/utsname.c linux-3.14.17-vs2.3.6.13/kernel/utsname.c
14336 --- linux-3.14.17/kernel/utsname.c 2014-08-14 01:38:34.000000000 +0000
14337 +++ linux-3.14.17-vs2.3.6.13/kernel/utsname.c 2014-08-30 14:27:38.000000000 +0000
14338 @@ -16,14 +16,17 @@
14339 #include <linux/slab.h>
14340 #include <linux/user_namespace.h>
14341 #include <linux/proc_ns.h>
14342 +#include <linux/vserver/global.h>
14344 static struct uts_namespace *create_uts_ns(void)
14346 struct uts_namespace *uts_ns;
14348 uts_ns = kmalloc(sizeof(struct uts_namespace), GFP_KERNEL);
14351 kref_init(&uts_ns->kref);
14352 + atomic_inc(&vs_global_uts_ns);
14357 @@ -85,6 +88,7 @@ void free_uts_ns(struct kref *kref)
14358 ns = container_of(kref, struct uts_namespace, kref);
14359 put_user_ns(ns->user_ns);
14360 proc_free_inum(ns->proc_inum);
14361 + atomic_dec(&vs_global_uts_ns);
14365 diff -NurpP --minimal linux-3.14.17/kernel/vserver/Kconfig linux-3.14.17-vs2.3.6.13/kernel/vserver/Kconfig
14366 --- linux-3.14.17/kernel/vserver/Kconfig 1970-01-01 00:00:00.000000000 +0000
14367 +++ linux-3.14.17-vs2.3.6.13/kernel/vserver/Kconfig 2014-08-30 14:27:38.000000000 +0000
14370 +# Linux VServer configuration
14373 +menu "Linux VServer"
14375 +config VSERVER_AUTO_LBACK
14376 + bool "Automatically Assign Loopback IP"
14379 + Automatically assign a guest specific loopback
14380 + IP and add it to the kernel network stack on
14383 +config VSERVER_AUTO_SINGLE
14384 + bool "Automatic Single IP Special Casing"
14387 + This allows network contexts with a single IP to
14388 + automatically remap 0.0.0.0 bindings to that IP,
14389 + avoiding further network checks and improving
14392 + (note: such guests do not allow to change the ip
14393 + on the fly and do not show loopback addresses)
14395 +config VSERVER_COWBL
14396 + bool "Enable COW Immutable Link Breaking"
14399 + This enables the COW (Copy-On-Write) link break code.
14400 + It allows you to treat unified files like normal files
14401 + when writing to them (which will implicitely break the
14402 + link and create a copy of the unified file)
14404 +config VSERVER_VTIME
14405 + bool "Enable Virtualized Guest Time (EXPERIMENTAL)"
14408 + This enables per guest time offsets to allow for
14409 + adjusting the system clock individually per guest.
14410 + this adds some overhead to the time functions and
14411 + therefore should not be enabled without good reason.
14413 +config VSERVER_DEVICE
14414 + bool "Enable Guest Device Mapping (EXPERIMENTAL)"
14417 + This enables generic device remapping.
14419 +config VSERVER_PROC_SECURE
14420 + bool "Enable Proc Security"
14421 + depends on PROC_FS
14424 + This configures ProcFS security to initially hide
14425 + non-process entries for all contexts except the main and
14426 + spectator context (i.e. for all guests), which is a secure
14429 + (note: on 1.2x the entries were visible by default)
14432 + prompt "Persistent Inode Tagging"
14433 + default TAGGING_ID24
14435 + This adds persistent context information to filesystems
14436 + mounted with the tagxid option. Tagging is a requirement
14437 + for per-context disk limits and per-context quota.
14440 +config TAGGING_NONE
14443 + do not store per-context information in inodes.
14445 +config TAGGING_UID16
14446 + bool "UID16/GID32"
14448 + reduces UID to 16 bit, but leaves GID at 32 bit.
14450 +config TAGGING_GID16
14451 + bool "UID32/GID16"
14453 + reduces GID to 16 bit, but leaves UID at 32 bit.
14455 +config TAGGING_ID24
14456 + bool "UID24/GID24"
14458 + uses the upper 8bit from UID and GID for XID tagging
14459 + which leaves 24bit for UID/GID each, which should be
14460 + more than sufficient for normal use.
14462 +config TAGGING_INTERN
14463 + bool "UID32/GID32"
14465 + this uses otherwise reserved inode fields in the on
14466 + disk representation, which limits the use to a few
14467 + filesystems (currently ext2 and ext3)
14472 + bool "Tag NFSD User Auth and Files"
14475 + Enable this if you do want the in-kernel NFS
14476 + Server to use the tagging specified above.
14477 + (will require patched clients too)
14479 +config VSERVER_PRIVACY
14480 + bool "Honor Privacy Aspects of Guests"
14483 + When enabled, most context checks will disallow
14484 + access to structures assigned to a specific context,
14485 + like ptys or loop devices.
14487 +config VSERVER_CONTEXTS
14488 + int "Maximum number of Contexts (1-65533)" if EMBEDDED
14490 + default "768" if 64BIT
14493 + This setting will optimize certain data structures
14494 + and memory allocations according to the expected
14497 + note: this is not a strict upper limit.
14499 +config VSERVER_WARN
14500 + bool "VServer Warnings"
14503 + This enables various runtime warnings, which will
14504 + notify about potential manipulation attempts or
14505 + resource shortage. It is generally considered to
14506 + be a good idea to have that enabled.
14508 +config VSERVER_WARN_DEVPTS
14509 + bool "VServer DevPTS Warnings"
14510 + depends on VSERVER_WARN
14513 + This enables DevPTS related warnings, issued when a
14514 + process inside a context tries to lookup or access
14515 + a dynamic pts from the host or a different context.
14517 +config VSERVER_DEBUG
14518 + bool "VServer Debugging Code"
14521 + Set this to yes if you want to be able to activate
14522 + debugging output at runtime. It adds a very small
14523 + overhead to all vserver related functions and
14524 + increases the kernel size by about 20k.
14526 +config VSERVER_HISTORY
14527 + bool "VServer History Tracing"
14528 + depends on VSERVER_DEBUG
14531 + Set this to yes if you want to record the history of
14532 + linux-vserver activities, so they can be replayed in
14533 + the event of a kernel panic or oops.
14535 +config VSERVER_HISTORY_SIZE
14536 + int "Per-CPU History Size (32-65536)"
14537 + depends on VSERVER_HISTORY
14541 + This allows you to specify the number of entries in
14542 + the per-CPU history buffer.
14544 +config VSERVER_EXTRA_MNT_CHECK
14545 + bool "Extra Checks for Reachability"
14548 + Set this to yes if you want to do extra checks for
14549 + vfsmount reachability in the proc filesystem code.
14550 + This shouldn't be required on any setup utilizing
14554 + prompt "Quotes used in debug and warn messages"
14555 + default QUOTES_ISO8859
14557 +config QUOTES_ISO8859
14558 + bool "Extended ASCII (ISO 8859) angle quotes"
14560 + This uses the extended ASCII characters \xbb
14561 + and \xab for quoting file and process names.
14563 +config QUOTES_UTF8
14564 + bool "UTF-8 angle quotes"
14566 + This uses the the UTF-8 sequences for angle
14567 + quotes to quote file and process names.
14569 +config QUOTES_ASCII
14570 + bool "ASCII single quotes"
14572 + This uses the ASCII single quote character
14573 + (\x27) to quote file and process names.
14583 + select NAMESPACES
14589 +config VSERVER_SECURITY
14591 + depends on SECURITY
14593 + select SECURITY_CAPABILITIES
14595 +config VSERVER_DISABLED
14599 diff -NurpP --minimal linux-3.14.17/kernel/vserver/Makefile linux-3.14.17-vs2.3.6.13/kernel/vserver/Makefile
14600 --- linux-3.14.17/kernel/vserver/Makefile 1970-01-01 00:00:00.000000000 +0000
14601 +++ linux-3.14.17-vs2.3.6.13/kernel/vserver/Makefile 2014-08-30 14:27:38.000000000 +0000
14604 +# Makefile for the Linux vserver routines.
14608 +obj-y += vserver.o
14610 +vserver-y := switch.o context.o space.o sched.o network.o inode.o \
14611 + limit.o cvirt.o cacct.o signal.o helper.o init.o \
14614 +vserver-$(CONFIG_INET) += inet.o
14615 +vserver-$(CONFIG_PROC_FS) += proc.o
14616 +vserver-$(CONFIG_VSERVER_DEBUG) += sysctl.o debug.o
14617 +vserver-$(CONFIG_VSERVER_HISTORY) += history.o
14618 +vserver-$(CONFIG_VSERVER_MONITOR) += monitor.o
14619 +vserver-$(CONFIG_VSERVER_DEVICE) += device.o
14621 diff -NurpP --minimal linux-3.14.17/kernel/vserver/cacct.c linux-3.14.17-vs2.3.6.13/kernel/vserver/cacct.c
14622 --- linux-3.14.17/kernel/vserver/cacct.c 1970-01-01 00:00:00.000000000 +0000
14623 +++ linux-3.14.17-vs2.3.6.13/kernel/vserver/cacct.c 2014-08-30 14:27:38.000000000 +0000
14626 + * linux/kernel/vserver/cacct.c
14628 + * Virtual Server: Context Accounting
14630 + * Copyright (C) 2006-2007 Herbert Pötzl
14632 + * V0.01 added accounting stats
14636 +#include <linux/types.h>
14637 +#include <linux/vs_context.h>
14638 +#include <linux/vserver/cacct_cmd.h>
14639 +#include <linux/vserver/cacct_int.h>
14641 +#include <asm/errno.h>
14642 +#include <asm/uaccess.h>
14645 +int vc_sock_stat(struct vx_info *vxi, void __user *data)
14647 + struct vcmd_sock_stat_v0 vc_data;
14650 + if (copy_from_user(&vc_data, data, sizeof(vc_data)))
14653 + field = vc_data.field;
14654 + if ((field < 0) || (field >= VXA_SOCK_SIZE))
14657 + for (j = 0; j < 3; j++) {
14658 + vc_data.count[j] = vx_sock_count(&vxi->cacct, field, j);
14659 + vc_data.total[j] = vx_sock_total(&vxi->cacct, field, j);
14662 + if (copy_to_user(data, &vc_data, sizeof(vc_data)))
14667 diff -NurpP --minimal linux-3.14.17/kernel/vserver/cacct_init.h linux-3.14.17-vs2.3.6.13/kernel/vserver/cacct_init.h
14668 --- linux-3.14.17/kernel/vserver/cacct_init.h 1970-01-01 00:00:00.000000000 +0000
14669 +++ linux-3.14.17-vs2.3.6.13/kernel/vserver/cacct_init.h 2014-08-30 14:27:38.000000000 +0000
14673 +static inline void vx_info_init_cacct(struct _vx_cacct *cacct)
14678 + for (i = 0; i < VXA_SOCK_SIZE; i++) {
14679 + for (j = 0; j < 3; j++) {
14680 + atomic_long_set(&cacct->sock[i][j].count, 0);
14681 + atomic_long_set(&cacct->sock[i][j].total, 0);
14684 + for (i = 0; i < 8; i++)
14685 + atomic_set(&cacct->slab[i], 0);
14686 + for (i = 0; i < 5; i++)
14687 + for (j = 0; j < 4; j++)
14688 + atomic_set(&cacct->page[i][j], 0);
14691 +static inline void vx_info_exit_cacct(struct _vx_cacct *cacct)
14696 diff -NurpP --minimal linux-3.14.17/kernel/vserver/cacct_proc.h linux-3.14.17-vs2.3.6.13/kernel/vserver/cacct_proc.h
14697 --- linux-3.14.17/kernel/vserver/cacct_proc.h 1970-01-01 00:00:00.000000000 +0000
14698 +++ linux-3.14.17-vs2.3.6.13/kernel/vserver/cacct_proc.h 2014-08-30 14:27:38.000000000 +0000
14700 +#ifndef _VX_CACCT_PROC_H
14701 +#define _VX_CACCT_PROC_H
14703 +#include <linux/vserver/cacct_int.h>
14706 +#define VX_SOCKA_TOP \
14707 + "Type\t recv #/bytes\t\t send #/bytes\t\t fail #/bytes\n"
14709 +static inline int vx_info_proc_cacct(struct _vx_cacct *cacct, char *buffer)
14711 + int i, j, length = 0;
14712 + static char *type[VXA_SOCK_SIZE] = {
14713 + "UNSPEC", "UNIX", "INET", "INET6", "PACKET", "OTHER"
14716 + length += sprintf(buffer + length, VX_SOCKA_TOP);
14717 + for (i = 0; i < VXA_SOCK_SIZE; i++) {
14718 + length += sprintf(buffer + length, "%s:", type[i]);
14719 + for (j = 0; j < 3; j++) {
14720 + length += sprintf(buffer + length,
14721 + "\t%10lu/%-10lu",
14722 + vx_sock_count(cacct, i, j),
14723 + vx_sock_total(cacct, i, j));
14725 + buffer[length++] = '\n';
14728 + length += sprintf(buffer + length, "\n");
14729 + length += sprintf(buffer + length,
14730 + "slab:\t %8u %8u %8u %8u\n",
14731 + atomic_read(&cacct->slab[1]),
14732 + atomic_read(&cacct->slab[4]),
14733 + atomic_read(&cacct->slab[0]),
14734 + atomic_read(&cacct->slab[2]));
14736 + length += sprintf(buffer + length, "\n");
14737 + for (i = 0; i < 5; i++) {
14738 + length += sprintf(buffer + length,
14739 + "page[%d]: %8u %8u %8u %8u\t %8u %8u %8u %8u\n", i,
14740 + atomic_read(&cacct->page[i][0]),
14741 + atomic_read(&cacct->page[i][1]),
14742 + atomic_read(&cacct->page[i][2]),
14743 + atomic_read(&cacct->page[i][3]),
14744 + atomic_read(&cacct->page[i][4]),
14745 + atomic_read(&cacct->page[i][5]),
14746 + atomic_read(&cacct->page[i][6]),
14747 + atomic_read(&cacct->page[i][7]));
14752 +#endif /* _VX_CACCT_PROC_H */
14753 diff -NurpP --minimal linux-3.14.17/kernel/vserver/context.c linux-3.14.17-vs2.3.6.13/kernel/vserver/context.c
14754 --- linux-3.14.17/kernel/vserver/context.c 1970-01-01 00:00:00.000000000 +0000
14755 +++ linux-3.14.17-vs2.3.6.13/kernel/vserver/context.c 2014-08-30 14:27:38.000000000 +0000
14758 + * linux/kernel/vserver/context.c
14760 + * Virtual Server: Context Support
14762 + * Copyright (C) 2003-2011 Herbert Pötzl
14764 + * V0.01 context helper
14765 + * V0.02 vx_ctx_kill syscall command
14766 + * V0.03 replaced context_info calls
14767 + * V0.04 redesign of struct (de)alloc
14768 + * V0.05 rlimit basic implementation
14769 + * V0.06 task_xid and info commands
14770 + * V0.07 context flags and caps
14771 + * V0.08 switch to RCU based hash
14772 + * V0.09 revert to non RCU for now
14773 + * V0.10 and back to working RCU hash
14774 + * V0.11 and back to locking again
14775 + * V0.12 referenced context store
14776 + * V0.13 separate per cpu data
14777 + * V0.14 changed vcmds to vxi arg
14778 + * V0.15 added context stat
14779 + * V0.16 have __create claim() the vxi
14780 + * V0.17 removed older and legacy stuff
14781 + * V0.18 added user credentials
14782 + * V0.19 added warn mask
14786 +#include <linux/slab.h>
14787 +#include <linux/types.h>
14788 +#include <linux/security.h>
14789 +#include <linux/pid_namespace.h>
14790 +#include <linux/capability.h>
14792 +#include <linux/vserver/context.h>
14793 +#include <linux/vserver/network.h>
14794 +#include <linux/vserver/debug.h>
14795 +#include <linux/vserver/limit.h>
14796 +#include <linux/vserver/limit_int.h>
14797 +#include <linux/vserver/space.h>
14798 +#include <linux/init_task.h>
14799 +#include <linux/fs_struct.h>
14800 +#include <linux/cred.h>
14802 +#include <linux/vs_context.h>
14803 +#include <linux/vs_limit.h>
14804 +#include <linux/vs_pid.h>
14805 +#include <linux/vserver/context_cmd.h>
14807 +#include "cvirt_init.h"
14808 +#include "cacct_init.h"
14809 +#include "limit_init.h"
14810 +#include "sched_init.h"
14813 +atomic_t vx_global_ctotal = ATOMIC_INIT(0);
14814 +atomic_t vx_global_cactive = ATOMIC_INIT(0);
14817 +/* now inactive context structures */
14819 +static struct hlist_head vx_info_inactive = HLIST_HEAD_INIT;
14821 +static DEFINE_SPINLOCK(vx_info_inactive_lock);
14824 +/* __alloc_vx_info()
14826 + * allocate an initialized vx_info struct
14827 + * doesn't make it visible (hash) */
14829 +static struct vx_info *__alloc_vx_info(vxid_t xid)
14831 + struct vx_info *new = NULL;
14834 + vxdprintk(VXD_CBIT(xid, 0), "alloc_vx_info(%d)*", xid);
14836 + /* would this benefit from a slab cache? */
14837 + new = kmalloc(sizeof(struct vx_info), GFP_KERNEL);
14841 + memset(new, 0, sizeof(struct vx_info));
14843 + new->ptr_pc = alloc_percpu(struct _vx_info_pc);
14844 + if (!new->ptr_pc)
14847 + new->vx_id = xid;
14848 + INIT_HLIST_NODE(&new->vx_hlist);
14849 + atomic_set(&new->vx_usecnt, 0);
14850 + atomic_set(&new->vx_tasks, 0);
14851 + new->vx_parent = NULL;
14852 + new->vx_state = 0;
14853 + init_waitqueue_head(&new->vx_wait);
14855 + /* prepare reaper */
14856 + get_task_struct(init_pid_ns.child_reaper);
14857 + new->vx_reaper = init_pid_ns.child_reaper;
14858 + new->vx_badness_bias = 0;
14860 + /* rest of init goes here */
14861 + vx_info_init_limit(&new->limit);
14862 + vx_info_init_sched(&new->sched);
14863 + vx_info_init_cvirt(&new->cvirt);
14864 + vx_info_init_cacct(&new->cacct);
14866 + /* per cpu data structures */
14867 + for_each_possible_cpu(cpu) {
14868 + vx_info_init_sched_pc(
14869 + &vx_per_cpu(new, sched_pc, cpu), cpu);
14870 + vx_info_init_cvirt_pc(
14871 + &vx_per_cpu(new, cvirt_pc, cpu), cpu);
14874 + new->vx_flags = VXF_INIT_SET;
14875 + new->vx_bcaps = CAP_FULL_SET; // maybe ~CAP_SETPCAP
14876 + new->vx_ccaps = 0;
14877 + new->vx_umask = 0;
14878 + new->vx_wmask = 0;
14880 + new->reboot_cmd = 0;
14881 + new->exit_code = 0;
14883 + // preconfig spaces
14884 + for (index = 0; index < VX_SPACES; index++) {
14885 + struct _vx_space *space = &new->space[index];
14888 + spin_lock(&init_fs.lock);
14890 + spin_unlock(&init_fs.lock);
14891 + space->vx_fs = &init_fs;
14893 + /* FIXME: do we want defaults? */
14894 + // space->vx_real_cred = 0;
14895 + // space->vx_cred = 0;
14899 + vxdprintk(VXD_CBIT(xid, 0),
14900 + "alloc_vx_info(%d) = %p", xid, new);
14901 + vxh_alloc_vx_info(new);
14902 + atomic_inc(&vx_global_ctotal);
14911 +/* __dealloc_vx_info()
14913 + * final disposal of vx_info */
14915 +static void __dealloc_vx_info(struct vx_info *vxi)
14917 +#ifdef CONFIG_VSERVER_WARN
14918 + struct vx_info_save vxis;
14921 + vxdprintk(VXD_CBIT(xid, 0),
14922 + "dealloc_vx_info(%p)", vxi);
14923 + vxh_dealloc_vx_info(vxi);
14925 +#ifdef CONFIG_VSERVER_WARN
14926 + enter_vx_info(vxi, &vxis);
14927 + vx_info_exit_limit(&vxi->limit);
14928 + vx_info_exit_sched(&vxi->sched);
14929 + vx_info_exit_cvirt(&vxi->cvirt);
14930 + vx_info_exit_cacct(&vxi->cacct);
14932 + for_each_possible_cpu(cpu) {
14933 + vx_info_exit_sched_pc(
14934 + &vx_per_cpu(vxi, sched_pc, cpu), cpu);
14935 + vx_info_exit_cvirt_pc(
14936 + &vx_per_cpu(vxi, cvirt_pc, cpu), cpu);
14938 + leave_vx_info(&vxis);
14942 + vxi->vx_state |= VXS_RELEASED;
14945 + free_percpu(vxi->ptr_pc);
14948 + atomic_dec(&vx_global_ctotal);
14951 +static void __shutdown_vx_info(struct vx_info *vxi)
14953 + struct nsproxy *nsproxy;
14954 + struct fs_struct *fs;
14955 + struct cred *cred;
14960 + vxi->vx_state |= VXS_SHUTDOWN;
14961 + vs_state_change(vxi, VSC_SHUTDOWN);
14963 + for (index = 0; index < VX_SPACES; index++) {
14964 + struct _vx_space *space = &vxi->space[index];
14966 + nsproxy = xchg(&space->vx_nsproxy, NULL);
14968 + put_nsproxy(nsproxy);
14970 + fs = xchg(&space->vx_fs, NULL);
14971 + spin_lock(&fs->lock);
14972 + kill = !--fs->users;
14973 + spin_unlock(&fs->lock);
14975 + free_fs_struct(fs);
14977 + cred = (struct cred *)xchg(&space->vx_cred, NULL);
14979 + abort_creds(cred);
14983 +/* exported stuff */
14985 +void free_vx_info(struct vx_info *vxi)
14987 + unsigned long flags;
14990 + /* check for reference counts first */
14991 + BUG_ON(atomic_read(&vxi->vx_usecnt));
14992 + BUG_ON(atomic_read(&vxi->vx_tasks));
14994 + /* context must not be hashed */
14995 + BUG_ON(vx_info_state(vxi, VXS_HASHED));
14997 + /* context shutdown is mandatory */
14998 + BUG_ON(!vx_info_state(vxi, VXS_SHUTDOWN));
15000 + /* spaces check */
15001 + for (index = 0; index < VX_SPACES; index++) {
15002 + struct _vx_space *space = &vxi->space[index];
15004 + BUG_ON(space->vx_nsproxy);
15005 + BUG_ON(space->vx_fs);
15006 + // BUG_ON(space->vx_real_cred);
15007 + // BUG_ON(space->vx_cred);
15010 + spin_lock_irqsave(&vx_info_inactive_lock, flags);
15011 + hlist_del(&vxi->vx_hlist);
15012 + spin_unlock_irqrestore(&vx_info_inactive_lock, flags);
15014 + __dealloc_vx_info(vxi);
15018 +/* hash table for vx_info hash */
15020 +#define VX_HASH_SIZE 13
15022 +static struct hlist_head vx_info_hash[VX_HASH_SIZE] =
15023 + { [0 ... VX_HASH_SIZE-1] = HLIST_HEAD_INIT };
15025 +static DEFINE_SPINLOCK(vx_info_hash_lock);
15028 +static inline unsigned int __hashval(vxid_t xid)
15030 + return (xid % VX_HASH_SIZE);
15035 +/* __hash_vx_info()
15037 + * add the vxi to the global hash table
15038 + * requires the hash_lock to be held */
15040 +static inline void __hash_vx_info(struct vx_info *vxi)
15042 + struct hlist_head *head;
15044 + vxd_assert_lock(&vx_info_hash_lock);
15045 + vxdprintk(VXD_CBIT(xid, 4),
15046 + "__hash_vx_info: %p[#%d]", vxi, vxi->vx_id);
15047 + vxh_hash_vx_info(vxi);
15049 + /* context must not be hashed */
15050 + BUG_ON(vx_info_state(vxi, VXS_HASHED));
15052 + vxi->vx_state |= VXS_HASHED;
15053 + head = &vx_info_hash[__hashval(vxi->vx_id)];
15054 + hlist_add_head(&vxi->vx_hlist, head);
15055 + atomic_inc(&vx_global_cactive);
15058 +/* __unhash_vx_info()
15060 + * remove the vxi from the global hash table
15061 + * requires the hash_lock to be held */
15063 +static inline void __unhash_vx_info(struct vx_info *vxi)
15065 + unsigned long flags;
15067 + vxd_assert_lock(&vx_info_hash_lock);
15068 + vxdprintk(VXD_CBIT(xid, 4),
15069 + "__unhash_vx_info: %p[#%d.%d.%d]", vxi, vxi->vx_id,
15070 + atomic_read(&vxi->vx_usecnt), atomic_read(&vxi->vx_tasks));
15071 + vxh_unhash_vx_info(vxi);
15073 + /* context must be hashed */
15074 + BUG_ON(!vx_info_state(vxi, VXS_HASHED));
15075 + /* but without tasks */
15076 + BUG_ON(atomic_read(&vxi->vx_tasks));
15078 + vxi->vx_state &= ~VXS_HASHED;
15079 + hlist_del_init(&vxi->vx_hlist);
15080 + spin_lock_irqsave(&vx_info_inactive_lock, flags);
15081 + hlist_add_head(&vxi->vx_hlist, &vx_info_inactive);
15082 + spin_unlock_irqrestore(&vx_info_inactive_lock, flags);
15083 + atomic_dec(&vx_global_cactive);
15087 +/* __lookup_vx_info()
15089 + * requires the hash_lock to be held
15090 + * doesn't increment the vx_refcnt */
15092 +static inline struct vx_info *__lookup_vx_info(vxid_t xid)
15094 + struct hlist_head *head = &vx_info_hash[__hashval(xid)];
15095 + struct hlist_node *pos;
15096 + struct vx_info *vxi;
15098 + vxd_assert_lock(&vx_info_hash_lock);
15099 + hlist_for_each(pos, head) {
15100 + vxi = hlist_entry(pos, struct vx_info, vx_hlist);
15102 + if (vxi->vx_id == xid)
15107 + vxdprintk(VXD_CBIT(xid, 0),
15108 + "__lookup_vx_info(#%u): %p[#%u]",
15109 + xid, vxi, vxi ? vxi->vx_id : 0);
15110 + vxh_lookup_vx_info(vxi, xid);
15115 +/* __create_vx_info()
15117 + * create the requested context
15118 + * get(), claim() and hash it */
15120 +static struct vx_info *__create_vx_info(int id)
15122 + struct vx_info *new, *vxi = NULL;
15124 + vxdprintk(VXD_CBIT(xid, 1), "create_vx_info(%d)*", id);
15126 + if (!(new = __alloc_vx_info(id)))
15127 + return ERR_PTR(-ENOMEM);
15129 + /* required to make dynamic xids unique */
15130 + spin_lock(&vx_info_hash_lock);
15132 + /* static context requested */
15133 + if ((vxi = __lookup_vx_info(id))) {
15134 + vxdprintk(VXD_CBIT(xid, 0),
15135 + "create_vx_info(%d) = %p (already there)", id, vxi);
15136 + if (vx_info_flags(vxi, VXF_STATE_SETUP, 0))
15137 + vxi = ERR_PTR(-EBUSY);
15139 + vxi = ERR_PTR(-EEXIST);
15142 + /* new context */
15143 + vxdprintk(VXD_CBIT(xid, 0),
15144 + "create_vx_info(%d) = %p (new)", id, new);
15145 + claim_vx_info(new, NULL);
15146 + __hash_vx_info(get_vx_info(new));
15147 + vxi = new, new = NULL;
15150 + spin_unlock(&vx_info_hash_lock);
15151 + vxh_create_vx_info(IS_ERR(vxi) ? NULL : vxi, id);
15153 + __dealloc_vx_info(new);
15158 +/* exported stuff */
15161 +void unhash_vx_info(struct vx_info *vxi)
15163 + spin_lock(&vx_info_hash_lock);
15164 + __unhash_vx_info(vxi);
15165 + spin_unlock(&vx_info_hash_lock);
15166 + __shutdown_vx_info(vxi);
15167 + __wakeup_vx_info(vxi);
15171 +/* lookup_vx_info()
15173 + * search for a vx_info and get() it
15174 + * negative id means current */
15176 +struct vx_info *lookup_vx_info(int id)
15178 + struct vx_info *vxi = NULL;
15181 + vxi = get_vx_info(current_vx_info());
15182 + } else if (id > 1) {
15183 + spin_lock(&vx_info_hash_lock);
15184 + vxi = get_vx_info(__lookup_vx_info(id));
15185 + spin_unlock(&vx_info_hash_lock);
15190 +/* xid_is_hashed()
15192 + * verify that xid is still hashed */
15194 +int xid_is_hashed(vxid_t xid)
15198 + spin_lock(&vx_info_hash_lock);
15199 + hashed = (__lookup_vx_info(xid) != NULL);
15200 + spin_unlock(&vx_info_hash_lock);
15204 +#ifdef CONFIG_PROC_FS
15208 + * get a subset of hashed xids for proc
15209 + * assumes size is at least one */
15211 +int get_xid_list(int index, unsigned int *xids, int size)
15213 + int hindex, nr_xids = 0;
15215 + /* only show current and children */
15216 + if (!vx_check(0, VS_ADMIN | VS_WATCH)) {
15219 + xids[nr_xids] = vx_current_xid();
15223 + for (hindex = 0; hindex < VX_HASH_SIZE; hindex++) {
15224 + struct hlist_head *head = &vx_info_hash[hindex];
15225 + struct hlist_node *pos;
15227 + spin_lock(&vx_info_hash_lock);
15228 + hlist_for_each(pos, head) {
15229 + struct vx_info *vxi;
15234 + vxi = hlist_entry(pos, struct vx_info, vx_hlist);
15235 + xids[nr_xids] = vxi->vx_id;
15236 + if (++nr_xids >= size) {
15237 + spin_unlock(&vx_info_hash_lock);
15241 + /* keep the lock time short */
15242 + spin_unlock(&vx_info_hash_lock);
15249 +#ifdef CONFIG_VSERVER_DEBUG
15251 +void dump_vx_info_inactive(int level)
15253 + struct hlist_node *entry, *next;
15255 + hlist_for_each_safe(entry, next, &vx_info_inactive) {
15256 + struct vx_info *vxi =
15257 + list_entry(entry, struct vx_info, vx_hlist);
15259 + dump_vx_info(vxi, level);
15266 +int vx_migrate_user(struct task_struct *p, struct vx_info *vxi)
15268 + struct user_struct *new_user, *old_user;
15273 + if (vx_info_flags(vxi, VXF_INFO_PRIVATE, 0))
15276 + new_user = alloc_uid(vxi->vx_id, p->uid);
15280 + old_user = p->user;
15281 + if (new_user != old_user) {
15282 + atomic_inc(&new_user->processes);
15283 + atomic_dec(&old_user->processes);
15284 + p->user = new_user;
15286 + free_uid(old_user);
15292 +void vx_mask_cap_bset(struct vx_info *vxi, struct task_struct *p)
15294 + // p->cap_effective &= vxi->vx_cap_bset;
15295 + p->cap_effective =
15296 + cap_intersect(p->cap_effective, vxi->cap_bset);
15297 + // p->cap_inheritable &= vxi->vx_cap_bset;
15298 + p->cap_inheritable =
15299 + cap_intersect(p->cap_inheritable, vxi->cap_bset);
15300 + // p->cap_permitted &= vxi->vx_cap_bset;
15301 + p->cap_permitted =
15302 + cap_intersect(p->cap_permitted, vxi->cap_bset);
15307 +#include <linux/file.h>
15308 +#include <linux/fdtable.h>
15310 +static int vx_openfd_task(struct task_struct *tsk)
15312 + struct files_struct *files = tsk->files;
15313 + struct fdtable *fdt;
15314 + const unsigned long *bptr;
15315 + int count, total;
15317 + /* no rcu_read_lock() because of spin_lock() */
15318 + spin_lock(&files->file_lock);
15319 + fdt = files_fdtable(files);
15320 + bptr = fdt->open_fds;
15321 + count = fdt->max_fds / (sizeof(unsigned long) * 8);
15322 + for (total = 0; count > 0; count--) {
15324 + total += hweight_long(*bptr);
15327 + spin_unlock(&files->file_lock);
15332 +/* for *space compatibility */
15334 +asmlinkage long sys_unshare(unsigned long);
15337 + * migrate task to new context
15338 + * gets vxi, puts old_vxi on change
15339 + * optionally unshares namespaces (hack)
15342 +int vx_migrate_task(struct task_struct *p, struct vx_info *vxi, int unshare)
15344 + struct vx_info *old_vxi;
15350 + vxdprintk(VXD_CBIT(xid, 5),
15351 + "vx_migrate_task(%p,%p[#%d.%d])", p, vxi,
15352 + vxi->vx_id, atomic_read(&vxi->vx_usecnt));
15354 + if (vx_info_flags(vxi, VXF_INFO_PRIVATE, 0) &&
15355 + !vx_info_flags(vxi, VXF_STATE_SETUP, 0))
15358 + if (vx_info_state(vxi, VXS_SHUTDOWN))
15361 + old_vxi = task_get_vx_info(p);
15362 + if (old_vxi == vxi)
15365 +// if (!(ret = vx_migrate_user(p, vxi))) {
15370 + openfd = vx_openfd_task(p);
15373 + atomic_dec(&old_vxi->cvirt.nr_threads);
15374 + atomic_dec(&old_vxi->cvirt.nr_running);
15375 + __rlim_dec(&old_vxi->limit, RLIMIT_NPROC);
15376 + /* FIXME: what about the struct files here? */
15377 + __rlim_sub(&old_vxi->limit, VLIMIT_OPENFD, openfd);
15378 + /* account for the executable */
15379 + __rlim_dec(&old_vxi->limit, VLIMIT_DENTRY);
15381 + atomic_inc(&vxi->cvirt.nr_threads);
15382 + atomic_inc(&vxi->cvirt.nr_running);
15383 + __rlim_inc(&vxi->limit, RLIMIT_NPROC);
15384 + /* FIXME: what about the struct files here? */
15385 + __rlim_add(&vxi->limit, VLIMIT_OPENFD, openfd);
15386 + /* account for the executable */
15387 + __rlim_inc(&vxi->limit, VLIMIT_DENTRY);
15390 + release_vx_info(old_vxi, p);
15391 + clr_vx_info(&p->vx_info);
15393 + claim_vx_info(vxi, p);
15394 + set_vx_info(&p->vx_info, vxi);
15395 + p->xid = vxi->vx_id;
15397 + vxdprintk(VXD_CBIT(xid, 5),
15398 + "moved task %p into vxi:%p[#%d]",
15399 + p, vxi, vxi->vx_id);
15401 + // vx_mask_cap_bset(vxi, p);
15404 + /* hack for *spaces to provide compatibility */
15406 + struct nsproxy *old_nsp, *new_nsp;
15408 + ret = unshare_nsproxy_namespaces(
15409 + CLONE_NEWUTS | CLONE_NEWIPC | CLONE_NEWUSER,
15410 + &new_nsp, NULL, NULL);
15414 + old_nsp = xchg(&p->nsproxy, new_nsp);
15415 + vx_set_space(vxi,
15416 + CLONE_NEWUTS | CLONE_NEWIPC | CLONE_NEWUSER, 0);
15417 + put_nsproxy(old_nsp);
15421 + put_vx_info(old_vxi);
15425 +int vx_set_reaper(struct vx_info *vxi, struct task_struct *p)
15427 + struct task_struct *old_reaper;
15428 + struct vx_info *reaper_vxi;
15433 + vxdprintk(VXD_CBIT(xid, 6),
15434 + "vx_set_reaper(%p[#%d],%p[#%d,%d])",
15435 + vxi, vxi->vx_id, p, p->xid, p->pid);
15437 + old_reaper = vxi->vx_reaper;
15438 + if (old_reaper == p)
15441 + reaper_vxi = task_get_vx_info(p);
15442 + if (reaper_vxi && reaper_vxi != vxi) {
15444 + "Unsuitable reaper [" VS_Q("%s") ",%u:#%u] "
15446 + p->comm, p->pid, p->xid, vx_current_xid());
15450 + /* set new child reaper */
15451 + get_task_struct(p);
15452 + vxi->vx_reaper = p;
15453 + put_task_struct(old_reaper);
15455 + put_vx_info(reaper_vxi);
15459 +int vx_set_init(struct vx_info *vxi, struct task_struct *p)
15464 + vxdprintk(VXD_CBIT(xid, 6),
15465 + "vx_set_init(%p[#%d],%p[#%d,%d,%d])",
15466 + vxi, vxi->vx_id, p, p->xid, p->pid, p->tgid);
15468 + vxi->vx_flags &= ~VXF_STATE_INIT;
15469 + // vxi->vx_initpid = p->tgid;
15470 + vxi->vx_initpid = p->pid;
15474 +void vx_exit_init(struct vx_info *vxi, struct task_struct *p, int code)
15476 + vxdprintk(VXD_CBIT(xid, 6),
15477 + "vx_exit_init(%p[#%d],%p[#%d,%d,%d])",
15478 + vxi, vxi->vx_id, p, p->xid, p->pid, p->tgid);
15480 + vxi->exit_code = code;
15481 + vxi->vx_initpid = 0;
15485 +void vx_set_persistent(struct vx_info *vxi)
15487 + vxdprintk(VXD_CBIT(xid, 6),
15488 + "vx_set_persistent(%p[#%d])", vxi, vxi->vx_id);
15490 + get_vx_info(vxi);
15491 + claim_vx_info(vxi, NULL);
15494 +void vx_clear_persistent(struct vx_info *vxi)
15496 + vxdprintk(VXD_CBIT(xid, 6),
15497 + "vx_clear_persistent(%p[#%d])", vxi, vxi->vx_id);
15499 + release_vx_info(vxi, NULL);
15500 + put_vx_info(vxi);
15503 +void vx_update_persistent(struct vx_info *vxi)
15505 + if (vx_info_flags(vxi, VXF_PERSISTENT, 0))
15506 + vx_set_persistent(vxi);
15508 + vx_clear_persistent(vxi);
15512 +/* task must be current or locked */
15514 +void exit_vx_info(struct task_struct *p, int code)
15516 + struct vx_info *vxi = p->vx_info;
15519 + atomic_dec(&vxi->cvirt.nr_threads);
15522 + vxi->exit_code = code;
15523 + release_vx_info(vxi, p);
15527 +void exit_vx_info_early(struct task_struct *p, int code)
15529 + struct vx_info *vxi = p->vx_info;
15532 + if (vxi->vx_initpid == p->pid)
15533 + vx_exit_init(vxi, p, code);
15534 + if (vxi->vx_reaper == p)
15535 + vx_set_reaper(vxi, init_pid_ns.child_reaper);
15540 +/* vserver syscall commands below here */
15542 +/* taks xid and vx_info functions */
15544 +#include <asm/uaccess.h>
15547 +int vc_task_xid(uint32_t id)
15552 + struct task_struct *tsk;
15555 + tsk = find_task_by_real_pid(id);
15556 + xid = (tsk) ? tsk->xid : -ESRCH;
15557 + rcu_read_unlock();
15559 + xid = vx_current_xid();
15564 +int vc_vx_info(struct vx_info *vxi, void __user *data)
15566 + struct vcmd_vx_info_v0 vc_data;
15568 + vc_data.xid = vxi->vx_id;
15569 + vc_data.initpid = vxi->vx_initpid;
15571 + if (copy_to_user(data, &vc_data, sizeof(vc_data)))
15577 +int vc_ctx_stat(struct vx_info *vxi, void __user *data)
15579 + struct vcmd_ctx_stat_v0 vc_data;
15581 + vc_data.usecnt = atomic_read(&vxi->vx_usecnt);
15582 + vc_data.tasks = atomic_read(&vxi->vx_tasks);
15584 + if (copy_to_user(data, &vc_data, sizeof(vc_data)))
15590 +/* context functions */
15592 +int vc_ctx_create(uint32_t xid, void __user *data)
15594 + struct vcmd_ctx_create vc_data = { .flagword = VXF_INIT_SET };
15595 + struct vx_info *new_vxi;
15598 + if (data && copy_from_user(&vc_data, data, sizeof(vc_data)))
15601 + if ((xid > MAX_S_CONTEXT) || (xid < 2))
15604 + new_vxi = __create_vx_info(xid);
15605 + if (IS_ERR(new_vxi))
15606 + return PTR_ERR(new_vxi);
15608 + /* initial flags */
15609 + new_vxi->vx_flags = vc_data.flagword;
15612 + if (vs_state_change(new_vxi, VSC_STARTUP))
15615 + ret = vx_migrate_task(current, new_vxi, (!data));
15619 + /* return context id on success */
15620 + ret = new_vxi->vx_id;
15622 + /* get a reference for persistent contexts */
15623 + if ((vc_data.flagword & VXF_PERSISTENT))
15624 + vx_set_persistent(new_vxi);
15626 + release_vx_info(new_vxi, NULL);
15627 + put_vx_info(new_vxi);
15632 +int vc_ctx_migrate(struct vx_info *vxi, void __user *data)
15634 + struct vcmd_ctx_migrate vc_data = { .flagword = 0 };
15637 + if (data && copy_from_user(&vc_data, data, sizeof(vc_data)))
15640 + ret = vx_migrate_task(current, vxi, 0);
15643 + if (vc_data.flagword & VXM_SET_INIT)
15644 + ret = vx_set_init(vxi, current);
15647 + if (vc_data.flagword & VXM_SET_REAPER)
15648 + ret = vx_set_reaper(vxi, current);
15653 +int vc_get_cflags(struct vx_info *vxi, void __user *data)
15655 + struct vcmd_ctx_flags_v0 vc_data;
15657 + vc_data.flagword = vxi->vx_flags;
15659 + /* special STATE flag handling */
15660 + vc_data.mask = vs_mask_flags(~0ULL, vxi->vx_flags, VXF_ONE_TIME);
15662 + if (copy_to_user(data, &vc_data, sizeof(vc_data)))
15667 +int vc_set_cflags(struct vx_info *vxi, void __user *data)
15669 + struct vcmd_ctx_flags_v0 vc_data;
15670 + uint64_t mask, trigger;
15672 + if (copy_from_user(&vc_data, data, sizeof(vc_data)))
15675 + /* special STATE flag handling */
15676 + mask = vs_mask_mask(vc_data.mask, vxi->vx_flags, VXF_ONE_TIME);
15677 + trigger = (mask & vxi->vx_flags) ^ (mask & vc_data.flagword);
15679 + if (vxi == current_vx_info()) {
15680 + /* if (trigger & VXF_STATE_SETUP)
15681 + vx_mask_cap_bset(vxi, current); */
15682 + if (trigger & VXF_STATE_INIT) {
15685 + ret = vx_set_init(vxi, current);
15688 + ret = vx_set_reaper(vxi, current);
15694 + vxi->vx_flags = vs_mask_flags(vxi->vx_flags,
15695 + vc_data.flagword, mask);
15696 + if (trigger & VXF_PERSISTENT)
15697 + vx_update_persistent(vxi);
15703 +static inline uint64_t caps_from_cap_t(kernel_cap_t c)
15705 + uint64_t v = c.cap[0] | ((uint64_t)c.cap[1] << 32);
15707 + // printk("caps_from_cap_t(%08x:%08x) = %016llx\n", c.cap[1], c.cap[0], v);
15711 +static inline kernel_cap_t cap_t_from_caps(uint64_t v)
15713 + kernel_cap_t c = __cap_empty_set;
15715 + c.cap[0] = v & 0xFFFFFFFF;
15716 + c.cap[1] = (v >> 32) & 0xFFFFFFFF;
15718 + // printk("cap_t_from_caps(%016llx) = %08x:%08x\n", v, c.cap[1], c.cap[0]);
15723 +static int do_get_caps(struct vx_info *vxi, uint64_t *bcaps, uint64_t *ccaps)
15726 + *bcaps = caps_from_cap_t(vxi->vx_bcaps);
15728 + *ccaps = vxi->vx_ccaps;
15733 +int vc_get_ccaps(struct vx_info *vxi, void __user *data)
15735 + struct vcmd_ctx_caps_v1 vc_data;
15738 + ret = do_get_caps(vxi, NULL, &vc_data.ccaps);
15741 + vc_data.cmask = ~0ULL;
15743 + if (copy_to_user(data, &vc_data, sizeof(vc_data)))
15748 +static int do_set_caps(struct vx_info *vxi,
15749 + uint64_t bcaps, uint64_t bmask, uint64_t ccaps, uint64_t cmask)
15751 + uint64_t bcold = caps_from_cap_t(vxi->vx_bcaps);
15754 + printk("do_set_caps(%16llx, %16llx, %16llx, %16llx)\n",
15755 + bcaps, bmask, ccaps, cmask);
15757 + vxi->vx_bcaps = cap_t_from_caps(
15758 + vs_mask_flags(bcold, bcaps, bmask));
15759 + vxi->vx_ccaps = vs_mask_flags(vxi->vx_ccaps, ccaps, cmask);
15764 +int vc_set_ccaps(struct vx_info *vxi, void __user *data)
15766 + struct vcmd_ctx_caps_v1 vc_data;
15768 + if (copy_from_user(&vc_data, data, sizeof(vc_data)))
15771 + return do_set_caps(vxi, 0, 0, vc_data.ccaps, vc_data.cmask);
15774 +int vc_get_bcaps(struct vx_info *vxi, void __user *data)
15776 + struct vcmd_bcaps vc_data;
15779 + ret = do_get_caps(vxi, &vc_data.bcaps, NULL);
15782 + vc_data.bmask = ~0ULL;
15784 + if (copy_to_user(data, &vc_data, sizeof(vc_data)))
15789 +int vc_set_bcaps(struct vx_info *vxi, void __user *data)
15791 + struct vcmd_bcaps vc_data;
15793 + if (copy_from_user(&vc_data, data, sizeof(vc_data)))
15796 + return do_set_caps(vxi, vc_data.bcaps, vc_data.bmask, 0, 0);
15800 +int vc_get_umask(struct vx_info *vxi, void __user *data)
15802 + struct vcmd_umask vc_data;
15804 + vc_data.umask = vxi->vx_umask;
15805 + vc_data.mask = ~0ULL;
15807 + if (copy_to_user(data, &vc_data, sizeof(vc_data)))
15812 +int vc_set_umask(struct vx_info *vxi, void __user *data)
15814 + struct vcmd_umask vc_data;
15816 + if (copy_from_user(&vc_data, data, sizeof(vc_data)))
15819 + vxi->vx_umask = vs_mask_flags(vxi->vx_umask,
15820 + vc_data.umask, vc_data.mask);
15825 +int vc_get_wmask(struct vx_info *vxi, void __user *data)
15827 + struct vcmd_wmask vc_data;
15829 + vc_data.wmask = vxi->vx_wmask;
15830 + vc_data.mask = ~0ULL;
15832 + if (copy_to_user(data, &vc_data, sizeof(vc_data)))
15837 +int vc_set_wmask(struct vx_info *vxi, void __user *data)
15839 + struct vcmd_wmask vc_data;
15841 + if (copy_from_user(&vc_data, data, sizeof(vc_data)))
15844 + vxi->vx_wmask = vs_mask_flags(vxi->vx_wmask,
15845 + vc_data.wmask, vc_data.mask);
15850 +int vc_get_badness(struct vx_info *vxi, void __user *data)
15852 + struct vcmd_badness_v0 vc_data;
15854 + vc_data.bias = vxi->vx_badness_bias;
15856 + if (copy_to_user(data, &vc_data, sizeof(vc_data)))
15861 +int vc_set_badness(struct vx_info *vxi, void __user *data)
15863 + struct vcmd_badness_v0 vc_data;
15865 + if (copy_from_user(&vc_data, data, sizeof(vc_data)))
15868 + vxi->vx_badness_bias = vc_data.bias;
15872 +#include <linux/module.h>
15874 +EXPORT_SYMBOL_GPL(free_vx_info);
15876 diff -NurpP --minimal linux-3.14.17/kernel/vserver/cvirt.c linux-3.14.17-vs2.3.6.13/kernel/vserver/cvirt.c
15877 --- linux-3.14.17/kernel/vserver/cvirt.c 1970-01-01 00:00:00.000000000 +0000
15878 +++ linux-3.14.17-vs2.3.6.13/kernel/vserver/cvirt.c 2014-08-30 14:27:38.000000000 +0000
15881 + * linux/kernel/vserver/cvirt.c
15883 + * Virtual Server: Context Virtualization
15885 + * Copyright (C) 2004-2007 Herbert Pötzl
15887 + * V0.01 broken out from limit.c
15888 + * V0.02 added utsname stuff
15889 + * V0.03 changed vcmds to vxi arg
15893 +#include <linux/types.h>
15894 +#include <linux/utsname.h>
15895 +#include <linux/vs_cvirt.h>
15896 +#include <linux/vserver/switch.h>
15897 +#include <linux/vserver/cvirt_cmd.h>
15899 +#include <asm/uaccess.h>
15902 +void vx_vsi_boottime(struct timespec *boottime)
15904 + struct vx_info *vxi = current_vx_info();
15906 + set_normalized_timespec(boottime,
15907 + boottime->tv_sec + vxi->cvirt.bias_uptime.tv_sec,
15908 + boottime->tv_nsec + vxi->cvirt.bias_uptime.tv_nsec);
15912 +void vx_vsi_uptime(struct timespec *uptime, struct timespec *idle)
15914 + struct vx_info *vxi = current_vx_info();
15916 + set_normalized_timespec(uptime,
15917 + uptime->tv_sec - vxi->cvirt.bias_uptime.tv_sec,
15918 + uptime->tv_nsec - vxi->cvirt.bias_uptime.tv_nsec);
15921 + set_normalized_timespec(idle,
15922 + idle->tv_sec - vxi->cvirt.bias_idle.tv_sec,
15923 + idle->tv_nsec - vxi->cvirt.bias_idle.tv_nsec);
15927 +uint64_t vx_idle_jiffies(void)
15929 + return init_task.utime + init_task.stime;
15934 +static inline uint32_t __update_loadavg(uint32_t load,
15935 + int wsize, int delta, int n)
15937 + unsigned long long calc, prev;
15939 + /* just set it to n */
15940 + if (unlikely(delta >= wsize))
15941 + return (n << FSHIFT);
15943 + calc = delta * n;
15945 + prev = (wsize - delta);
15948 + do_div(calc, wsize);
15953 +void vx_update_load(struct vx_info *vxi)
15955 + uint32_t now, last, delta;
15956 + unsigned int nr_running, nr_uninterruptible;
15957 + unsigned int total;
15958 + unsigned long flags;
15960 + spin_lock_irqsave(&vxi->cvirt.load_lock, flags);
15963 + last = vxi->cvirt.load_last;
15964 + delta = now - last;
15966 + if (delta < 5*HZ)
15969 + nr_running = atomic_read(&vxi->cvirt.nr_running);
15970 + nr_uninterruptible = atomic_read(&vxi->cvirt.nr_uninterruptible);
15971 + total = nr_running + nr_uninterruptible;
15973 + vxi->cvirt.load[0] = __update_loadavg(vxi->cvirt.load[0],
15974 + 60*HZ, delta, total);
15975 + vxi->cvirt.load[1] = __update_loadavg(vxi->cvirt.load[1],
15976 + 5*60*HZ, delta, total);
15977 + vxi->cvirt.load[2] = __update_loadavg(vxi->cvirt.load[2],
15978 + 15*60*HZ, delta, total);
15980 + vxi->cvirt.load_last = now;
15982 + atomic_inc(&vxi->cvirt.load_updates);
15983 + spin_unlock_irqrestore(&vxi->cvirt.load_lock, flags);
15988 + * Commands to do_syslog:
15990 + * 0 -- Close the log. Currently a NOP.
15991 + * 1 -- Open the log. Currently a NOP.
15992 + * 2 -- Read from the log.
15993 + * 3 -- Read all messages remaining in the ring buffer.
15994 + * 4 -- Read and clear all messages remaining in the ring buffer
15995 + * 5 -- Clear ring buffer.
15996 + * 6 -- Disable printk's to console
15997 + * 7 -- Enable printk's to console
15998 + * 8 -- Set level of messages printed to console
15999 + * 9 -- Return number of unread characters in the log buffer
16000 + * 10 -- Return size of the log buffer
16002 +int vx_do_syslog(int type, char __user *buf, int len)
16005 + int do_clear = 0;
16006 + struct vx_info *vxi = current_vx_info();
16007 + struct _vx_syslog *log;
16011 + log = &vxi->cvirt.syslog;
16014 + case 0: /* Close log */
16015 + case 1: /* Open log */
16017 + case 2: /* Read from log */
16018 + error = wait_event_interruptible(log->log_wait,
16019 + (log->log_start - log->log_end));
16022 + spin_lock_irq(&log->logbuf_lock);
16023 + spin_unlock_irq(&log->logbuf_lock);
16025 + case 4: /* Read/clear last kernel messages */
16027 + /* fall through */
16028 + case 3: /* Read last kernel messages */
16031 + case 5: /* Clear ring buffer */
16034 + case 6: /* Disable logging to console */
16035 + case 7: /* Enable logging to console */
16036 + case 8: /* Set level of messages printed to console */
16039 + case 9: /* Number of chars in the log buffer */
16041 + case 10: /* Size of the log buffer */
16051 +/* virtual host info names */
16053 +static char *vx_vhi_name(struct vx_info *vxi, int id)
16055 + struct nsproxy *nsproxy;
16056 + struct uts_namespace *uts;
16058 + if (id == VHIN_CONTEXT)
16059 + return vxi->vx_name;
16061 + nsproxy = vxi->space[0].vx_nsproxy;
16065 + uts = nsproxy->uts_ns;
16070 + case VHIN_SYSNAME:
16071 + return uts->name.sysname;
16072 + case VHIN_NODENAME:
16073 + return uts->name.nodename;
16074 + case VHIN_RELEASE:
16075 + return uts->name.release;
16076 + case VHIN_VERSION:
16077 + return uts->name.version;
16078 + case VHIN_MACHINE:
16079 + return uts->name.machine;
16080 + case VHIN_DOMAINNAME:
16081 + return uts->name.domainname;
16088 +int vc_set_vhi_name(struct vx_info *vxi, void __user *data)
16090 + struct vcmd_vhi_name_v0 vc_data;
16093 + if (copy_from_user(&vc_data, data, sizeof(vc_data)))
16096 + name = vx_vhi_name(vxi, vc_data.field);
16100 + memcpy(name, vc_data.name, 65);
16104 +int vc_get_vhi_name(struct vx_info *vxi, void __user *data)
16106 + struct vcmd_vhi_name_v0 vc_data;
16109 + if (copy_from_user(&vc_data, data, sizeof(vc_data)))
16112 + name = vx_vhi_name(vxi, vc_data.field);
16116 + memcpy(vc_data.name, name, 65);
16117 + if (copy_to_user(data, &vc_data, sizeof(vc_data)))
16123 +int vc_virt_stat(struct vx_info *vxi, void __user *data)
16125 + struct vcmd_virt_stat_v0 vc_data;
16126 + struct _vx_cvirt *cvirt = &vxi->cvirt;
16127 + struct timespec uptime;
16129 + do_posix_clock_monotonic_gettime(&uptime);
16130 + set_normalized_timespec(&uptime,
16131 + uptime.tv_sec - cvirt->bias_uptime.tv_sec,
16132 + uptime.tv_nsec - cvirt->bias_uptime.tv_nsec);
16134 + vc_data.offset = timespec_to_ns(&cvirt->bias_ts);
16135 + vc_data.uptime = timespec_to_ns(&uptime);
16136 + vc_data.nr_threads = atomic_read(&cvirt->nr_threads);
16137 + vc_data.nr_running = atomic_read(&cvirt->nr_running);
16138 + vc_data.nr_uninterruptible = atomic_read(&cvirt->nr_uninterruptible);
16139 + vc_data.nr_onhold = atomic_read(&cvirt->nr_onhold);
16140 + vc_data.nr_forks = atomic_read(&cvirt->total_forks);
16141 + vc_data.load[0] = cvirt->load[0];
16142 + vc_data.load[1] = cvirt->load[1];
16143 + vc_data.load[2] = cvirt->load[2];
16145 + if (copy_to_user(data, &vc_data, sizeof(vc_data)))
16151 +#ifdef CONFIG_VSERVER_VTIME
16153 +/* virtualized time base */
16155 +void vx_adjust_timespec(struct timespec *ts)
16157 + struct vx_info *vxi;
16159 + if (!vx_flags(VXF_VIRT_TIME, 0))
16162 + vxi = current_vx_info();
16163 + ts->tv_sec += vxi->cvirt.bias_ts.tv_sec;
16164 + ts->tv_nsec += vxi->cvirt.bias_ts.tv_nsec;
16166 + if (ts->tv_nsec >= NSEC_PER_SEC) {
16168 + ts->tv_nsec -= NSEC_PER_SEC;
16169 + } else if (ts->tv_nsec < 0) {
16171 + ts->tv_nsec += NSEC_PER_SEC;
16175 +int vx_settimeofday(const struct timespec *ts)
16177 + struct timespec ats, delta;
16178 + struct vx_info *vxi;
16180 + if (!vx_flags(VXF_VIRT_TIME, 0))
16181 + return do_settimeofday(ts);
16183 + getnstimeofday(&ats);
16184 + delta = timespec_sub(*ts, ats);
16186 + vxi = current_vx_info();
16187 + vxi->cvirt.bias_ts = timespec_add(vxi->cvirt.bias_ts, delta);
16193 diff -NurpP --minimal linux-3.14.17/kernel/vserver/cvirt_init.h linux-3.14.17-vs2.3.6.13/kernel/vserver/cvirt_init.h
16194 --- linux-3.14.17/kernel/vserver/cvirt_init.h 1970-01-01 00:00:00.000000000 +0000
16195 +++ linux-3.14.17-vs2.3.6.13/kernel/vserver/cvirt_init.h 2014-08-30 14:27:38.000000000 +0000
16199 +extern uint64_t vx_idle_jiffies(void);
16201 +static inline void vx_info_init_cvirt(struct _vx_cvirt *cvirt)
16203 + uint64_t idle_jiffies = vx_idle_jiffies();
16204 + uint64_t nsuptime;
16206 + do_posix_clock_monotonic_gettime(&cvirt->bias_uptime);
16207 + nsuptime = (unsigned long long)cvirt->bias_uptime.tv_sec
16208 + * NSEC_PER_SEC + cvirt->bias_uptime.tv_nsec;
16209 + cvirt->bias_clock = nsec_to_clock_t(nsuptime);
16210 + cvirt->bias_ts.tv_sec = 0;
16211 + cvirt->bias_ts.tv_nsec = 0;
16213 + jiffies_to_timespec(idle_jiffies, &cvirt->bias_idle);
16214 + atomic_set(&cvirt->nr_threads, 0);
16215 + atomic_set(&cvirt->nr_running, 0);
16216 + atomic_set(&cvirt->nr_uninterruptible, 0);
16217 + atomic_set(&cvirt->nr_onhold, 0);
16219 + spin_lock_init(&cvirt->load_lock);
16220 + cvirt->load_last = jiffies;
16221 + atomic_set(&cvirt->load_updates, 0);
16222 + cvirt->load[0] = 0;
16223 + cvirt->load[1] = 0;
16224 + cvirt->load[2] = 0;
16225 + atomic_set(&cvirt->total_forks, 0);
16227 + spin_lock_init(&cvirt->syslog.logbuf_lock);
16228 + init_waitqueue_head(&cvirt->syslog.log_wait);
16229 + cvirt->syslog.log_start = 0;
16230 + cvirt->syslog.log_end = 0;
16231 + cvirt->syslog.con_start = 0;
16232 + cvirt->syslog.logged_chars = 0;
16236 +void vx_info_init_cvirt_pc(struct _vx_cvirt_pc *cvirt_pc, int cpu)
16238 + // cvirt_pc->cpustat = { 0 };
16241 +static inline void vx_info_exit_cvirt(struct _vx_cvirt *cvirt)
16243 +#ifdef CONFIG_VSERVER_WARN
16246 + vxwprintk_xid((value = atomic_read(&cvirt->nr_threads)),
16247 + "!!! cvirt: %p[nr_threads] = %d on exit.",
16249 + vxwprintk_xid((value = atomic_read(&cvirt->nr_running)),
16250 + "!!! cvirt: %p[nr_running] = %d on exit.",
16252 + vxwprintk_xid((value = atomic_read(&cvirt->nr_uninterruptible)),
16253 + "!!! cvirt: %p[nr_uninterruptible] = %d on exit.",
16255 + vxwprintk_xid((value = atomic_read(&cvirt->nr_onhold)),
16256 + "!!! cvirt: %p[nr_onhold] = %d on exit.",
16262 +void vx_info_exit_cvirt_pc(struct _vx_cvirt_pc *cvirt_pc, int cpu)
16267 diff -NurpP --minimal linux-3.14.17/kernel/vserver/cvirt_proc.h linux-3.14.17-vs2.3.6.13/kernel/vserver/cvirt_proc.h
16268 --- linux-3.14.17/kernel/vserver/cvirt_proc.h 1970-01-01 00:00:00.000000000 +0000
16269 +++ linux-3.14.17-vs2.3.6.13/kernel/vserver/cvirt_proc.h 2014-08-30 14:27:38.000000000 +0000
16271 +#ifndef _VX_CVIRT_PROC_H
16272 +#define _VX_CVIRT_PROC_H
16274 +#include <linux/nsproxy.h>
16275 +#include <linux/mnt_namespace.h>
16276 +#include <linux/ipc_namespace.h>
16277 +#include <linux/utsname.h>
16278 +#include <linux/ipc.h>
16280 +extern int vx_info_mnt_namespace(struct mnt_namespace *, char *);
16283 +int vx_info_proc_nsproxy(struct nsproxy *nsproxy, char *buffer)
16285 + struct mnt_namespace *ns;
16286 + struct uts_namespace *uts;
16287 + struct ipc_namespace *ipc;
16293 + length += sprintf(buffer + length,
16294 + "NSProxy:\t%p [%p,%p,%p]\n",
16295 + nsproxy, nsproxy->mnt_ns,
16296 + nsproxy->uts_ns, nsproxy->ipc_ns);
16298 + ns = nsproxy->mnt_ns;
16302 + length += vx_info_mnt_namespace(ns, buffer + length);
16306 + uts = nsproxy->uts_ns;
16310 + length += sprintf(buffer + length,
16311 + "SysName:\t%.*s\n"
16312 + "NodeName:\t%.*s\n"
16313 + "Release:\t%.*s\n"
16314 + "Version:\t%.*s\n"
16315 + "Machine:\t%.*s\n"
16316 + "DomainName:\t%.*s\n",
16317 + __NEW_UTS_LEN, uts->name.sysname,
16318 + __NEW_UTS_LEN, uts->name.nodename,
16319 + __NEW_UTS_LEN, uts->name.release,
16320 + __NEW_UTS_LEN, uts->name.version,
16321 + __NEW_UTS_LEN, uts->name.machine,
16322 + __NEW_UTS_LEN, uts->name.domainname);
16325 + ipc = nsproxy->ipc_ns;
16329 + length += sprintf(buffer + length,
16330 + "SEMS:\t\t%d %d %d %d %d\n"
16331 + "MSG:\t\t%d %d %d\n"
16332 + "SHM:\t\t%lu %lu %d %ld\n",
16333 + ipc->sem_ctls[0], ipc->sem_ctls[1],
16334 + ipc->sem_ctls[2], ipc->sem_ctls[3],
16336 + ipc->msg_ctlmax, ipc->msg_ctlmnb, ipc->msg_ctlmni,
16337 + (unsigned long)ipc->shm_ctlmax,
16338 + (unsigned long)ipc->shm_ctlall,
16339 + ipc->shm_ctlmni, ipc->shm_tot);
16346 +#include <linux/sched.h>
16348 +#define LOAD_INT(x) ((x) >> FSHIFT)
16349 +#define LOAD_FRAC(x) LOAD_INT(((x) & (FIXED_1 - 1)) * 100)
16352 +int vx_info_proc_cvirt(struct _vx_cvirt *cvirt, char *buffer)
16357 + length += sprintf(buffer + length,
16358 + "BiasUptime:\t%lu.%02lu\n",
16359 + (unsigned long)cvirt->bias_uptime.tv_sec,
16360 + (cvirt->bias_uptime.tv_nsec / (NSEC_PER_SEC / 100)));
16362 + a = cvirt->load[0] + (FIXED_1 / 200);
16363 + b = cvirt->load[1] + (FIXED_1 / 200);
16364 + c = cvirt->load[2] + (FIXED_1 / 200);
16365 + length += sprintf(buffer + length,
16366 + "nr_threads:\t%d\n"
16367 + "nr_running:\t%d\n"
16368 + "nr_unintr:\t%d\n"
16369 + "nr_onhold:\t%d\n"
16370 + "load_updates:\t%d\n"
16371 + "loadavg:\t%d.%02d %d.%02d %d.%02d\n"
16372 + "total_forks:\t%d\n",
16373 + atomic_read(&cvirt->nr_threads),
16374 + atomic_read(&cvirt->nr_running),
16375 + atomic_read(&cvirt->nr_uninterruptible),
16376 + atomic_read(&cvirt->nr_onhold),
16377 + atomic_read(&cvirt->load_updates),
16378 + LOAD_INT(a), LOAD_FRAC(a),
16379 + LOAD_INT(b), LOAD_FRAC(b),
16380 + LOAD_INT(c), LOAD_FRAC(c),
16381 + atomic_read(&cvirt->total_forks));
16386 +int vx_info_proc_cvirt_pc(struct _vx_cvirt_pc *cvirt_pc,
16387 + char *buffer, int cpu)
16393 +#endif /* _VX_CVIRT_PROC_H */
16394 diff -NurpP --minimal linux-3.14.17/kernel/vserver/debug.c linux-3.14.17-vs2.3.6.13/kernel/vserver/debug.c
16395 --- linux-3.14.17/kernel/vserver/debug.c 1970-01-01 00:00:00.000000000 +0000
16396 +++ linux-3.14.17-vs2.3.6.13/kernel/vserver/debug.c 2014-08-30 14:27:38.000000000 +0000
16399 + * kernel/vserver/debug.c
16401 + * Copyright (C) 2005-2007 Herbert Pötzl
16403 + * V0.01 vx_info dump support
16407 +#include <linux/module.h>
16409 +#include <linux/vserver/context.h>
16412 +void dump_vx_info(struct vx_info *vxi, int level)
16414 + printk("vx_info %p[#%d, %d.%d, %4x]\n", vxi, vxi->vx_id,
16415 + atomic_read(&vxi->vx_usecnt),
16416 + atomic_read(&vxi->vx_tasks),
16419 + __dump_vx_limit(&vxi->limit);
16420 + __dump_vx_sched(&vxi->sched);
16421 + __dump_vx_cvirt(&vxi->cvirt);
16422 + __dump_vx_cacct(&vxi->cacct);
16428 +EXPORT_SYMBOL_GPL(dump_vx_info);
16430 diff -NurpP --minimal linux-3.14.17/kernel/vserver/device.c linux-3.14.17-vs2.3.6.13/kernel/vserver/device.c
16431 --- linux-3.14.17/kernel/vserver/device.c 1970-01-01 00:00:00.000000000 +0000
16432 +++ linux-3.14.17-vs2.3.6.13/kernel/vserver/device.c 2014-08-30 14:27:38.000000000 +0000
16435 + * linux/kernel/vserver/device.c
16437 + * Linux-VServer: Device Support
16439 + * Copyright (C) 2006 Herbert Pötzl
16440 + * Copyright (C) 2007 Daniel Hokka Zakrisson
16442 + * V0.01 device mapping basics
16443 + * V0.02 added defaults
16447 +#include <linux/slab.h>
16448 +#include <linux/rcupdate.h>
16449 +#include <linux/fs.h>
16450 +#include <linux/namei.h>
16451 +#include <linux/hash.h>
16453 +#include <asm/errno.h>
16454 +#include <asm/uaccess.h>
16455 +#include <linux/vserver/base.h>
16456 +#include <linux/vserver/debug.h>
16457 +#include <linux/vserver/context.h>
16458 +#include <linux/vserver/device.h>
16459 +#include <linux/vserver/device_cmd.h>
16462 +#define DMAP_HASH_BITS 4
16465 +struct vs_mapping {
16467 + struct hlist_node hlist;
16468 + struct list_head list;
16470 +#define dm_hlist u.hlist
16471 +#define dm_list u.list
16474 + struct vx_dmap_target target;
16478 +static struct hlist_head dmap_main_hash[1 << DMAP_HASH_BITS];
16480 +static DEFINE_SPINLOCK(dmap_main_hash_lock);
16482 +static struct vx_dmap_target dmap_defaults[2] = {
16483 + { .flags = DATTR_OPEN },
16484 + { .flags = DATTR_OPEN },
16488 +struct kmem_cache *dmap_cachep __read_mostly;
16490 +int __init dmap_cache_init(void)
16492 + dmap_cachep = kmem_cache_create("dmap_cache",
16493 + sizeof(struct vs_mapping), 0,
16494 + SLAB_HWCACHE_ALIGN|SLAB_PANIC, NULL);
16498 +__initcall(dmap_cache_init);
16501 +static inline unsigned int __hashval(dev_t dev, int bits)
16503 + return hash_long((unsigned long)dev, bits);
16507 +/* __hash_mapping()
16508 + * add the mapping to the hash table
16510 +static inline void __hash_mapping(struct vx_info *vxi, struct vs_mapping *vdm)
16512 + spinlock_t *hash_lock = &dmap_main_hash_lock;
16513 + struct hlist_head *head, *hash = dmap_main_hash;
16514 + int device = vdm->device;
16516 + spin_lock(hash_lock);
16517 + vxdprintk(VXD_CBIT(misc, 8), "__hash_mapping: %p[#%d] %08x:%08x",
16518 + vxi, vxi ? vxi->vx_id : 0, device, vdm->target.target);
16520 + head = &hash[__hashval(device, DMAP_HASH_BITS)];
16521 + hlist_add_head(&vdm->dm_hlist, head);
16522 + spin_unlock(hash_lock);
16526 +static inline int __mode_to_default(umode_t mode)
16539 +/* __set_default()
16542 +static inline void __set_default(struct vx_info *vxi, umode_t mode,
16543 + struct vx_dmap_target *vdmt)
16545 + spinlock_t *hash_lock = &dmap_main_hash_lock;
16546 + spin_lock(hash_lock);
16549 + vxi->dmap.targets[__mode_to_default(mode)] = *vdmt;
16551 + dmap_defaults[__mode_to_default(mode)] = *vdmt;
16554 + spin_unlock(hash_lock);
16556 + vxdprintk(VXD_CBIT(misc, 8), "__set_default: %p[#%u] %08x %04x",
16557 + vxi, vxi ? vxi->vx_id : 0, vdmt->target, vdmt->flags);
16561 +/* __remove_default()
16562 + * remove a default
16564 +static inline int __remove_default(struct vx_info *vxi, umode_t mode)
16566 + spinlock_t *hash_lock = &dmap_main_hash_lock;
16567 + spin_lock(hash_lock);
16570 + vxi->dmap.targets[__mode_to_default(mode)].flags = 0;
16571 + else /* remove == reset */
16572 + dmap_defaults[__mode_to_default(mode)].flags = DATTR_OPEN | mode;
16574 + spin_unlock(hash_lock);
16579 +/* __find_mapping()
16580 + * find a mapping in the hash table
16582 + * caller must hold hash_lock
16584 +static inline int __find_mapping(vxid_t xid, dev_t device, umode_t mode,
16585 + struct vs_mapping **local, struct vs_mapping **global)
16587 + struct hlist_head *hash = dmap_main_hash;
16588 + struct hlist_head *head = &hash[__hashval(device, DMAP_HASH_BITS)];
16589 + struct hlist_node *pos;
16590 + struct vs_mapping *vdm;
16596 + hlist_for_each(pos, head) {
16597 + vdm = hlist_entry(pos, struct vs_mapping, dm_hlist);
16599 + if ((vdm->device == device) &&
16600 + !((vdm->target.flags ^ mode) & S_IFMT)) {
16601 + if (vdm->xid == xid) {
16604 + } else if (global && vdm->xid == 0)
16609 + if (global && *global)
16616 +/* __lookup_mapping()
16617 + * find a mapping and store the result in target and flags
16619 +static inline int __lookup_mapping(struct vx_info *vxi,
16620 + dev_t device, dev_t *target, int *flags, umode_t mode)
16622 + spinlock_t *hash_lock = &dmap_main_hash_lock;
16623 + struct vs_mapping *vdm, *global;
16624 + struct vx_dmap_target *vdmt;
16626 + vxid_t xid = vxi->vx_id;
16629 + spin_lock(hash_lock);
16630 + if (__find_mapping(xid, device, mode, &vdm, &global) > 0) {
16632 + vdmt = &vdm->target;
16636 + index = __mode_to_default(mode);
16637 + if (vxi && vxi->dmap.targets[index].flags) {
16639 + vdmt = &vxi->dmap.targets[index];
16640 + } else if (global) {
16642 + vdmt = &global->target;
16646 + vdmt = &dmap_defaults[index];
16650 + if (target && (vdmt->flags & DATTR_REMAP))
16651 + *target = vdmt->target;
16653 + *target = device;
16655 + *flags = vdmt->flags;
16657 + spin_unlock(hash_lock);
16663 +/* __remove_mapping()
16664 + * remove a mapping from the hash table
16666 +static inline int __remove_mapping(struct vx_info *vxi, dev_t device,
16669 + spinlock_t *hash_lock = &dmap_main_hash_lock;
16670 + struct vs_mapping *vdm = NULL;
16673 + spin_lock(hash_lock);
16675 + ret = __find_mapping((vxi ? vxi->vx_id : 0), device, mode, &vdm,
16677 + vxdprintk(VXD_CBIT(misc, 8), "__remove_mapping: %p[#%d] %08x %04x",
16678 + vxi, vxi ? vxi->vx_id : 0, device, mode);
16681 + hlist_del(&vdm->dm_hlist);
16684 + spin_unlock(hash_lock);
16686 + kmem_cache_free(dmap_cachep, vdm);
16692 +int vs_map_device(struct vx_info *vxi,
16693 + dev_t device, dev_t *target, umode_t mode)
16695 + int ret, flags = DATTR_MASK;
16699 + *target = device;
16702 + ret = __lookup_mapping(vxi, device, target, &flags, mode);
16703 + vxdprintk(VXD_CBIT(misc, 8), "vs_map_device: %08x target: %08x flags: %04x mode: %04x mapped=%d",
16704 + device, target ? *target : 0, flags, mode, ret);
16706 + return (flags & DATTR_MASK);
16711 +static int do_set_mapping(struct vx_info *vxi,
16712 + dev_t device, dev_t target, int flags, umode_t mode)
16715 + struct vs_mapping *new;
16717 + new = kmem_cache_alloc(dmap_cachep, GFP_KERNEL);
16721 + INIT_HLIST_NODE(&new->dm_hlist);
16722 + new->device = device;
16723 + new->target.target = target;
16724 + new->target.flags = flags | mode;
16725 + new->xid = (vxi ? vxi->vx_id : 0);
16727 + vxdprintk(VXD_CBIT(misc, 8), "do_set_mapping: %08x target: %08x flags: %04x", device, target, flags);
16728 + __hash_mapping(vxi, new);
16730 + struct vx_dmap_target new = {
16731 + .target = target,
16732 + .flags = flags | mode,
16734 + __set_default(vxi, mode, &new);
16740 +static int do_unset_mapping(struct vx_info *vxi,
16741 + dev_t device, dev_t target, int flags, umode_t mode)
16743 + int ret = -EINVAL;
16746 + ret = __remove_mapping(vxi, device, mode);
16750 + ret = __remove_default(vxi, mode);
16760 +static inline int __user_device(const char __user *name, dev_t *dev,
16763 + struct nameidata nd;
16770 + ret = user_lpath(name, &nd.path);
16773 + if (nd.path.dentry->d_inode) {
16774 + *dev = nd.path.dentry->d_inode->i_rdev;
16775 + *mode = nd.path.dentry->d_inode->i_mode;
16777 + path_put(&nd.path);
16781 +static inline int __mapping_mode(dev_t device, dev_t target,
16782 + umode_t device_mode, umode_t target_mode, umode_t *mode)
16785 + *mode = device_mode & S_IFMT;
16787 + *mode = target_mode & S_IFMT;
16791 + /* if both given, device and target mode have to match */
16792 + if (device && target &&
16793 + ((device_mode ^ target_mode) & S_IFMT))
16799 +static inline int do_mapping(struct vx_info *vxi, const char __user *device_path,
16800 + const char __user *target_path, int flags, int set)
16802 + dev_t device = ~0, target = ~0;
16803 + umode_t device_mode = 0, target_mode = 0, mode;
16806 + ret = __user_device(device_path, &device, &device_mode);
16809 + ret = __user_device(target_path, &target, &target_mode);
16813 + ret = __mapping_mode(device, target,
16814 + device_mode, target_mode, &mode);
16819 + return do_set_mapping(vxi, device, target,
16822 + return do_unset_mapping(vxi, device, target,
16827 +int vc_set_mapping(struct vx_info *vxi, void __user *data)
16829 + struct vcmd_set_mapping_v0 vc_data;
16831 + if (copy_from_user(&vc_data, data, sizeof(vc_data)))
16834 + return do_mapping(vxi, vc_data.device, vc_data.target,
16835 + vc_data.flags, 1);
16838 +int vc_unset_mapping(struct vx_info *vxi, void __user *data)
16840 + struct vcmd_set_mapping_v0 vc_data;
16842 + if (copy_from_user(&vc_data, data, sizeof(vc_data)))
16845 + return do_mapping(vxi, vc_data.device, vc_data.target,
16846 + vc_data.flags, 0);
16850 +#ifdef CONFIG_COMPAT
16852 +int vc_set_mapping_x32(struct vx_info *vxi, void __user *data)
16854 + struct vcmd_set_mapping_v0_x32 vc_data;
16856 + if (copy_from_user(&vc_data, data, sizeof(vc_data)))
16859 + return do_mapping(vxi, compat_ptr(vc_data.device_ptr),
16860 + compat_ptr(vc_data.target_ptr), vc_data.flags, 1);
16863 +int vc_unset_mapping_x32(struct vx_info *vxi, void __user *data)
16865 + struct vcmd_set_mapping_v0_x32 vc_data;
16867 + if (copy_from_user(&vc_data, data, sizeof(vc_data)))
16870 + return do_mapping(vxi, compat_ptr(vc_data.device_ptr),
16871 + compat_ptr(vc_data.target_ptr), vc_data.flags, 0);
16874 +#endif /* CONFIG_COMPAT */
16877 diff -NurpP --minimal linux-3.14.17/kernel/vserver/dlimit.c linux-3.14.17-vs2.3.6.13/kernel/vserver/dlimit.c
16878 --- linux-3.14.17/kernel/vserver/dlimit.c 1970-01-01 00:00:00.000000000 +0000
16879 +++ linux-3.14.17-vs2.3.6.13/kernel/vserver/dlimit.c 2014-08-30 14:27:38.000000000 +0000
16882 + * linux/kernel/vserver/dlimit.c
16884 + * Virtual Server: Context Disk Limits
16886 + * Copyright (C) 2004-2009 Herbert Pötzl
16888 + * V0.01 initial version
16889 + * V0.02 compat32 splitup
16890 + * V0.03 extended interface
16894 +#include <linux/statfs.h>
16895 +#include <linux/sched.h>
16896 +#include <linux/namei.h>
16897 +#include <linux/vs_tag.h>
16898 +#include <linux/vs_dlimit.h>
16899 +#include <linux/vserver/dlimit_cmd.h>
16900 +#include <linux/slab.h>
16901 +// #include <linux/gfp.h>
16903 +#include <asm/uaccess.h>
16905 +/* __alloc_dl_info()
16907 + * allocate an initialized dl_info struct
16908 + * doesn't make it visible (hash) */
16910 +static struct dl_info *__alloc_dl_info(struct super_block *sb, vtag_t tag)
16912 + struct dl_info *new = NULL;
16914 + vxdprintk(VXD_CBIT(dlim, 5),
16915 + "alloc_dl_info(%p,%d)*", sb, tag);
16917 + /* would this benefit from a slab cache? */
16918 + new = kmalloc(sizeof(struct dl_info), GFP_KERNEL);
16922 + memset(new, 0, sizeof(struct dl_info));
16923 + new->dl_tag = tag;
16925 + // INIT_RCU_HEAD(&new->dl_rcu);
16926 + INIT_HLIST_NODE(&new->dl_hlist);
16927 + spin_lock_init(&new->dl_lock);
16928 + atomic_set(&new->dl_refcnt, 0);
16929 + atomic_set(&new->dl_usecnt, 0);
16931 + /* rest of init goes here */
16933 + vxdprintk(VXD_CBIT(dlim, 4),
16934 + "alloc_dl_info(%p,%d) = %p", sb, tag, new);
16938 +/* __dealloc_dl_info()
16940 + * final disposal of dl_info */
16942 +static void __dealloc_dl_info(struct dl_info *dli)
16944 + vxdprintk(VXD_CBIT(dlim, 4),
16945 + "dealloc_dl_info(%p)", dli);
16947 + dli->dl_hlist.next = LIST_POISON1;
16948 + dli->dl_tag = -1;
16951 + BUG_ON(atomic_read(&dli->dl_usecnt));
16952 + BUG_ON(atomic_read(&dli->dl_refcnt));
16958 +/* hash table for dl_info hash */
16960 +#define DL_HASH_SIZE 13
16962 +struct hlist_head dl_info_hash[DL_HASH_SIZE];
16964 +static DEFINE_SPINLOCK(dl_info_hash_lock);
16967 +static inline unsigned int __hashval(struct super_block *sb, vtag_t tag)
16969 + return ((tag ^ (unsigned long)sb) % DL_HASH_SIZE);
16974 +/* __hash_dl_info()
16976 + * add the dli to the global hash table
16977 + * requires the hash_lock to be held */
16979 +static inline void __hash_dl_info(struct dl_info *dli)
16981 + struct hlist_head *head;
16983 + vxdprintk(VXD_CBIT(dlim, 6),
16984 + "__hash_dl_info: %p[#%d]", dli, dli->dl_tag);
16985 + get_dl_info(dli);
16986 + head = &dl_info_hash[__hashval(dli->dl_sb, dli->dl_tag)];
16987 + hlist_add_head_rcu(&dli->dl_hlist, head);
16990 +/* __unhash_dl_info()
16992 + * remove the dli from the global hash table
16993 + * requires the hash_lock to be held */
16995 +static inline void __unhash_dl_info(struct dl_info *dli)
16997 + vxdprintk(VXD_CBIT(dlim, 6),
16998 + "__unhash_dl_info: %p[#%d]", dli, dli->dl_tag);
16999 + hlist_del_rcu(&dli->dl_hlist);
17000 + put_dl_info(dli);
17004 +/* __lookup_dl_info()
17006 + * requires the rcu_read_lock()
17007 + * doesn't increment the dl_refcnt */
17009 +static inline struct dl_info *__lookup_dl_info(struct super_block *sb, vtag_t tag)
17011 + struct hlist_head *head = &dl_info_hash[__hashval(sb, tag)];
17012 + struct dl_info *dli;
17014 + hlist_for_each_entry_rcu(dli, head, dl_hlist) {
17015 + if (dli->dl_tag == tag && dli->dl_sb == sb)
17022 +struct dl_info *locate_dl_info(struct super_block *sb, vtag_t tag)
17024 + struct dl_info *dli;
17027 + dli = get_dl_info(__lookup_dl_info(sb, tag));
17028 + vxdprintk(VXD_CBIT(dlim, 7),
17029 + "locate_dl_info(%p,#%d) = %p", sb, tag, dli);
17030 + rcu_read_unlock();
17034 +void rcu_free_dl_info(struct rcu_head *head)
17036 + struct dl_info *dli = container_of(head, struct dl_info, dl_rcu);
17037 + int usecnt, refcnt;
17039 + BUG_ON(!dli || !head);
17041 + usecnt = atomic_read(&dli->dl_usecnt);
17042 + BUG_ON(usecnt < 0);
17044 + refcnt = atomic_read(&dli->dl_refcnt);
17045 + BUG_ON(refcnt < 0);
17047 + vxdprintk(VXD_CBIT(dlim, 3),
17048 + "rcu_free_dl_info(%p)", dli);
17050 + __dealloc_dl_info(dli);
17052 + printk("!!! rcu didn't free\n");
17058 +static int do_addrem_dlimit(uint32_t id, const char __user *name,
17059 + uint32_t flags, int add)
17061 + struct path path;
17064 + ret = user_lpath(name, &path);
17066 + struct super_block *sb;
17067 + struct dl_info *dli;
17070 + if (!path.dentry->d_inode)
17071 + goto out_release;
17072 + if (!(sb = path.dentry->d_inode->i_sb))
17073 + goto out_release;
17076 + dli = __alloc_dl_info(sb, id);
17077 + spin_lock(&dl_info_hash_lock);
17080 + if (__lookup_dl_info(sb, id))
17082 + __hash_dl_info(dli);
17085 + spin_lock(&dl_info_hash_lock);
17086 + dli = __lookup_dl_info(sb, id);
17091 + __unhash_dl_info(dli);
17095 + spin_unlock(&dl_info_hash_lock);
17097 + __dealloc_dl_info(dli);
17104 +int vc_add_dlimit(uint32_t id, void __user *data)
17106 + struct vcmd_ctx_dlimit_base_v0 vc_data;
17108 + if (copy_from_user(&vc_data, data, sizeof(vc_data)))
17111 + return do_addrem_dlimit(id, vc_data.name, vc_data.flags, 1);
17114 +int vc_rem_dlimit(uint32_t id, void __user *data)
17116 + struct vcmd_ctx_dlimit_base_v0 vc_data;
17118 + if (copy_from_user(&vc_data, data, sizeof(vc_data)))
17121 + return do_addrem_dlimit(id, vc_data.name, vc_data.flags, 0);
17124 +#ifdef CONFIG_COMPAT
17126 +int vc_add_dlimit_x32(uint32_t id, void __user *data)
17128 + struct vcmd_ctx_dlimit_base_v0_x32 vc_data;
17130 + if (copy_from_user(&vc_data, data, sizeof(vc_data)))
17133 + return do_addrem_dlimit(id,
17134 + compat_ptr(vc_data.name_ptr), vc_data.flags, 1);
17137 +int vc_rem_dlimit_x32(uint32_t id, void __user *data)
17139 + struct vcmd_ctx_dlimit_base_v0_x32 vc_data;
17141 + if (copy_from_user(&vc_data, data, sizeof(vc_data)))
17144 + return do_addrem_dlimit(id,
17145 + compat_ptr(vc_data.name_ptr), vc_data.flags, 0);
17148 +#endif /* CONFIG_COMPAT */
17152 +int do_set_dlimit(uint32_t id, const char __user *name,
17153 + uint32_t space_used, uint32_t space_total,
17154 + uint32_t inodes_used, uint32_t inodes_total,
17155 + uint32_t reserved, uint32_t flags)
17157 + struct path path;
17160 + ret = user_lpath(name, &path);
17162 + struct super_block *sb;
17163 + struct dl_info *dli;
17166 + if (!path.dentry->d_inode)
17167 + goto out_release;
17168 + if (!(sb = path.dentry->d_inode->i_sb))
17169 + goto out_release;
17171 + /* sanity checks */
17172 + if ((reserved != CDLIM_KEEP &&
17173 + reserved > 100) ||
17174 + (inodes_used != CDLIM_KEEP &&
17175 + inodes_used > inodes_total) ||
17176 + (space_used != CDLIM_KEEP &&
17177 + space_used > space_total))
17178 + goto out_release;
17181 + dli = locate_dl_info(sb, id);
17183 + goto out_release;
17185 + spin_lock(&dli->dl_lock);
17187 + if (inodes_used != CDLIM_KEEP)
17188 + dli->dl_inodes_used = inodes_used;
17189 + if (inodes_total != CDLIM_KEEP)
17190 + dli->dl_inodes_total = inodes_total;
17191 + if (space_used != CDLIM_KEEP)
17192 + dli->dl_space_used = dlimit_space_32to64(
17193 + space_used, flags, DLIMS_USED);
17195 + if (space_total == CDLIM_INFINITY)
17196 + dli->dl_space_total = DLIM_INFINITY;
17197 + else if (space_total != CDLIM_KEEP)
17198 + dli->dl_space_total = dlimit_space_32to64(
17199 + space_total, flags, DLIMS_TOTAL);
17201 + if (reserved != CDLIM_KEEP)
17202 + dli->dl_nrlmult = (1 << 10) * (100 - reserved) / 100;
17204 + spin_unlock(&dli->dl_lock);
17206 + put_dl_info(dli);
17215 +int vc_set_dlimit(uint32_t id, void __user *data)
17217 + struct vcmd_ctx_dlimit_v0 vc_data;
17219 + if (copy_from_user(&vc_data, data, sizeof(vc_data)))
17222 + return do_set_dlimit(id, vc_data.name,
17223 + vc_data.space_used, vc_data.space_total,
17224 + vc_data.inodes_used, vc_data.inodes_total,
17225 + vc_data.reserved, vc_data.flags);
17228 +#ifdef CONFIG_COMPAT
17230 +int vc_set_dlimit_x32(uint32_t id, void __user *data)
17232 + struct vcmd_ctx_dlimit_v0_x32 vc_data;
17234 + if (copy_from_user(&vc_data, data, sizeof(vc_data)))
17237 + return do_set_dlimit(id, compat_ptr(vc_data.name_ptr),
17238 + vc_data.space_used, vc_data.space_total,
17239 + vc_data.inodes_used, vc_data.inodes_total,
17240 + vc_data.reserved, vc_data.flags);
17243 +#endif /* CONFIG_COMPAT */
17247 +int do_get_dlimit(uint32_t id, const char __user *name,
17248 + uint32_t *space_used, uint32_t *space_total,
17249 + uint32_t *inodes_used, uint32_t *inodes_total,
17250 + uint32_t *reserved, uint32_t *flags)
17252 + struct path path;
17255 + ret = user_lpath(name, &path);
17257 + struct super_block *sb;
17258 + struct dl_info *dli;
17261 + if (!path.dentry->d_inode)
17262 + goto out_release;
17263 + if (!(sb = path.dentry->d_inode->i_sb))
17264 + goto out_release;
17267 + dli = locate_dl_info(sb, id);
17269 + goto out_release;
17271 + spin_lock(&dli->dl_lock);
17272 + *inodes_used = dli->dl_inodes_used;
17273 + *inodes_total = dli->dl_inodes_total;
17275 + *space_used = dlimit_space_64to32(
17276 + dli->dl_space_used, flags, DLIMS_USED);
17278 + if (dli->dl_space_total == DLIM_INFINITY)
17279 + *space_total = CDLIM_INFINITY;
17281 + *space_total = dlimit_space_64to32(
17282 + dli->dl_space_total, flags, DLIMS_TOTAL);
17284 + *reserved = 100 - ((dli->dl_nrlmult * 100 + 512) >> 10);
17285 + spin_unlock(&dli->dl_lock);
17287 + put_dl_info(dli);
17298 +int vc_get_dlimit(uint32_t id, void __user *data)
17300 + struct vcmd_ctx_dlimit_v0 vc_data;
17303 + if (copy_from_user(&vc_data, data, sizeof(vc_data)))
17306 + ret = do_get_dlimit(id, vc_data.name,
17307 + &vc_data.space_used, &vc_data.space_total,
17308 + &vc_data.inodes_used, &vc_data.inodes_total,
17309 + &vc_data.reserved, &vc_data.flags);
17313 + if (copy_to_user(data, &vc_data, sizeof(vc_data)))
17318 +#ifdef CONFIG_COMPAT
17320 +int vc_get_dlimit_x32(uint32_t id, void __user *data)
17322 + struct vcmd_ctx_dlimit_v0_x32 vc_data;
17325 + if (copy_from_user(&vc_data, data, sizeof(vc_data)))
17328 + ret = do_get_dlimit(id, compat_ptr(vc_data.name_ptr),
17329 + &vc_data.space_used, &vc_data.space_total,
17330 + &vc_data.inodes_used, &vc_data.inodes_total,
17331 + &vc_data.reserved, &vc_data.flags);
17335 + if (copy_to_user(data, &vc_data, sizeof(vc_data)))
17340 +#endif /* CONFIG_COMPAT */
17343 +void vx_vsi_statfs(struct super_block *sb, struct kstatfs *buf)
17345 + struct dl_info *dli;
17346 + __u64 blimit, bfree, bavail;
17349 + dli = locate_dl_info(sb, dx_current_tag());
17353 + spin_lock(&dli->dl_lock);
17354 + if (dli->dl_inodes_total == (unsigned long)DLIM_INFINITY)
17357 + /* reduce max inodes available to limit */
17358 + if (buf->f_files > dli->dl_inodes_total)
17359 + buf->f_files = dli->dl_inodes_total;
17361 + ifree = dli->dl_inodes_total - dli->dl_inodes_used;
17362 + /* reduce free inodes to min */
17363 + if (ifree < buf->f_ffree)
17364 + buf->f_ffree = ifree;
17367 + if (dli->dl_space_total == DLIM_INFINITY)
17370 + blimit = dli->dl_space_total >> sb->s_blocksize_bits;
17372 + if (dli->dl_space_total < dli->dl_space_used)
17375 + bfree = (dli->dl_space_total - dli->dl_space_used)
17376 + >> sb->s_blocksize_bits;
17378 + bavail = ((dli->dl_space_total >> 10) * dli->dl_nrlmult);
17379 + if (bavail < dli->dl_space_used)
17382 + bavail = (bavail - dli->dl_space_used)
17383 + >> sb->s_blocksize_bits;
17385 + /* reduce max space available to limit */
17386 + if (buf->f_blocks > blimit)
17387 + buf->f_blocks = blimit;
17389 + /* reduce free space to min */
17390 + if (bfree < buf->f_bfree)
17391 + buf->f_bfree = bfree;
17393 + /* reduce avail space to min */
17394 + if (bavail < buf->f_bavail)
17395 + buf->f_bavail = bavail;
17398 + spin_unlock(&dli->dl_lock);
17399 + put_dl_info(dli);
17404 +#include <linux/module.h>
17406 +EXPORT_SYMBOL_GPL(locate_dl_info);
17407 +EXPORT_SYMBOL_GPL(rcu_free_dl_info);
17409 diff -NurpP --minimal linux-3.14.17/kernel/vserver/helper.c linux-3.14.17-vs2.3.6.13/kernel/vserver/helper.c
17410 --- linux-3.14.17/kernel/vserver/helper.c 1970-01-01 00:00:00.000000000 +0000
17411 +++ linux-3.14.17-vs2.3.6.13/kernel/vserver/helper.c 2014-08-30 14:27:38.000000000 +0000
17414 + * linux/kernel/vserver/helper.c
17416 + * Virtual Context Support
17418 + * Copyright (C) 2004-2007 Herbert Pötzl
17420 + * V0.01 basic helper
17424 +#include <linux/kmod.h>
17425 +#include <linux/reboot.h>
17426 +#include <linux/vs_context.h>
17427 +#include <linux/vs_network.h>
17428 +#include <linux/vserver/signal.h>
17431 +char vshelper_path[255] = "/sbin/vshelper";
17433 +static int vshelper_init(struct subprocess_info *info, struct cred *new_cred)
17435 + current->flags &= ~PF_NO_SETAFFINITY;
17439 +static int vs_call_usermodehelper(char *path, char **argv, char **envp, int wait)
17441 + struct subprocess_info *info;
17442 + gfp_t gfp_mask = (wait == UMH_NO_WAIT) ? GFP_ATOMIC : GFP_KERNEL;
17444 + info = call_usermodehelper_setup(path, argv, envp, gfp_mask,
17445 + vshelper_init, NULL, NULL);
17446 + if (info == NULL)
17449 + return call_usermodehelper_exec(info, wait);
17452 +static int do_vshelper(char *name, char *argv[], char *envp[], int sync)
17456 + if ((ret = vs_call_usermodehelper(name, argv, envp,
17457 + sync ? UMH_WAIT_PROC : UMH_WAIT_EXEC))) {
17458 + printk(KERN_WARNING "%s: (%s %s) returned %s with %d\n",
17459 + name, argv[1], argv[2],
17460 + sync ? "sync" : "async", ret);
17462 + vxdprintk(VXD_CBIT(switch, 4),
17463 + "%s: (%s %s) returned %s with %d",
17464 + name, argv[1], argv[2], sync ? "sync" : "async", ret);
17469 + * vshelper path is set via /proc/sys
17470 + * invoked by vserver sys_reboot(), with
17471 + * the following arguments
17473 + * argv [0] = vshelper_path;
17474 + * argv [1] = action: "restart", "halt", "poweroff", ...
17475 + * argv [2] = context identifier
17477 + * envp [*] = type-specific parameters
17480 +long vs_reboot_helper(struct vx_info *vxi, int cmd, void __user *arg)
17482 + char id_buf[8], cmd_buf[16];
17483 + char uid_buf[16], pid_buf[16];
17486 + char *argv[] = {vshelper_path, NULL, id_buf, 0};
17487 + char *envp[] = {"HOME=/", "TERM=linux",
17488 + "PATH=/sbin:/usr/sbin:/bin:/usr/bin",
17489 + uid_buf, pid_buf, cmd_buf, 0};
17491 + if (vx_info_state(vxi, VXS_HELPER))
17493 + vxi->vx_state |= VXS_HELPER;
17495 + snprintf(id_buf, sizeof(id_buf), "%d", vxi->vx_id);
17497 + snprintf(cmd_buf, sizeof(cmd_buf), "VS_CMD=%08x", cmd);
17498 + snprintf(uid_buf, sizeof(uid_buf), "VS_UID=%d",
17499 + from_kuid(&init_user_ns, current_uid()));
17500 + snprintf(pid_buf, sizeof(pid_buf), "VS_PID=%d", current->pid);
17503 + case LINUX_REBOOT_CMD_RESTART:
17504 + argv[1] = "restart";
17507 + case LINUX_REBOOT_CMD_HALT:
17508 + argv[1] = "halt";
17511 + case LINUX_REBOOT_CMD_POWER_OFF:
17512 + argv[1] = "poweroff";
17515 + case LINUX_REBOOT_CMD_SW_SUSPEND:
17516 + argv[1] = "swsusp";
17519 + case LINUX_REBOOT_CMD_OOM:
17524 + vxi->vx_state &= ~VXS_HELPER;
17528 + ret = do_vshelper(vshelper_path, argv, envp, 0);
17529 + vxi->vx_state &= ~VXS_HELPER;
17530 + __wakeup_vx_info(vxi);
17531 + return (ret) ? -EPERM : 0;
17535 +long vs_reboot(unsigned int cmd, void __user *arg)
17537 + struct vx_info *vxi = current_vx_info();
17540 + vxdprintk(VXD_CBIT(misc, 5),
17541 + "vs_reboot(%p[#%d],%u)",
17542 + vxi, vxi ? vxi->vx_id : 0, cmd);
17544 + ret = vs_reboot_helper(vxi, cmd, arg);
17548 + vxi->reboot_cmd = cmd;
17549 + if (vx_info_flags(vxi, VXF_REBOOT_KILL, 0)) {
17551 + case LINUX_REBOOT_CMD_RESTART:
17552 + case LINUX_REBOOT_CMD_HALT:
17553 + case LINUX_REBOOT_CMD_POWER_OFF:
17554 + vx_info_kill(vxi, 0, SIGKILL);
17555 + vx_info_kill(vxi, 1, SIGKILL);
17563 +long vs_oom_action(unsigned int cmd)
17565 + struct vx_info *vxi = current_vx_info();
17568 + vxdprintk(VXD_CBIT(misc, 5),
17569 + "vs_oom_action(%p[#%d],%u)",
17570 + vxi, vxi ? vxi->vx_id : 0, cmd);
17572 + ret = vs_reboot_helper(vxi, cmd, NULL);
17576 + vxi->reboot_cmd = cmd;
17577 + if (vx_info_flags(vxi, VXF_REBOOT_KILL, 0)) {
17578 + vx_info_kill(vxi, 0, SIGKILL);
17579 + vx_info_kill(vxi, 1, SIGKILL);
17585 + * argv [0] = vshelper_path;
17586 + * argv [1] = action: "startup", "shutdown"
17587 + * argv [2] = context identifier
17589 + * envp [*] = type-specific parameters
17592 +long vs_state_change(struct vx_info *vxi, unsigned int cmd)
17594 + char id_buf[8], cmd_buf[16];
17595 + char *argv[] = {vshelper_path, NULL, id_buf, 0};
17596 + char *envp[] = {"HOME=/", "TERM=linux",
17597 + "PATH=/sbin:/usr/sbin:/bin:/usr/bin", cmd_buf, 0};
17599 + if (!vx_info_flags(vxi, VXF_SC_HELPER, 0))
17602 + snprintf(id_buf, sizeof(id_buf), "%d", vxi->vx_id);
17603 + snprintf(cmd_buf, sizeof(cmd_buf), "VS_CMD=%08x", cmd);
17606 + case VSC_STARTUP:
17607 + argv[1] = "startup";
17609 + case VSC_SHUTDOWN:
17610 + argv[1] = "shutdown";
17616 + return do_vshelper(vshelper_path, argv, envp, 1);
17621 + * argv [0] = vshelper_path;
17622 + * argv [1] = action: "netup", "netdown"
17623 + * argv [2] = context identifier
17625 + * envp [*] = type-specific parameters
17628 +long vs_net_change(struct nx_info *nxi, unsigned int cmd)
17630 + char id_buf[8], cmd_buf[16];
17631 + char *argv[] = {vshelper_path, NULL, id_buf, 0};
17632 + char *envp[] = {"HOME=/", "TERM=linux",
17633 + "PATH=/sbin:/usr/sbin:/bin:/usr/bin", cmd_buf, 0};
17635 + if (!nx_info_flags(nxi, NXF_SC_HELPER, 0))
17638 + snprintf(id_buf, sizeof(id_buf), "%d", nxi->nx_id);
17639 + snprintf(cmd_buf, sizeof(cmd_buf), "VS_CMD=%08x", cmd);
17643 + argv[1] = "netup";
17645 + case VSC_NETDOWN:
17646 + argv[1] = "netdown";
17652 + return do_vshelper(vshelper_path, argv, envp, 1);
17655 diff -NurpP --minimal linux-3.14.17/kernel/vserver/history.c linux-3.14.17-vs2.3.6.13/kernel/vserver/history.c
17656 --- linux-3.14.17/kernel/vserver/history.c 1970-01-01 00:00:00.000000000 +0000
17657 +++ linux-3.14.17-vs2.3.6.13/kernel/vserver/history.c 2014-08-30 14:27:38.000000000 +0000
17660 + * kernel/vserver/history.c
17662 + * Virtual Context History Backtrace
17664 + * Copyright (C) 2004-2007 Herbert Pötzl
17666 + * V0.01 basic structure
17667 + * V0.02 hash/unhash and trace
17668 + * V0.03 preemption fixes
17672 +#include <linux/module.h>
17673 +#include <asm/uaccess.h>
17675 +#include <linux/vserver/context.h>
17676 +#include <linux/vserver/debug.h>
17677 +#include <linux/vserver/debug_cmd.h>
17678 +#include <linux/vserver/history.h>
17681 +#ifdef CONFIG_VSERVER_HISTORY
17682 +#define VXH_SIZE CONFIG_VSERVER_HISTORY_SIZE
17684 +#define VXH_SIZE 64
17687 +struct _vx_history {
17688 + unsigned int counter;
17690 + struct _vx_hist_entry entry[VXH_SIZE + 1];
17694 +DEFINE_PER_CPU(struct _vx_history, vx_history_buffer);
17696 +unsigned volatile int vxh_active = 1;
17698 +static atomic_t sequence = ATOMIC_INIT(0);
17703 + * requires disabled preemption */
17705 +struct _vx_hist_entry *vxh_advance(void *loc)
17707 + unsigned int cpu = smp_processor_id();
17708 + struct _vx_history *hist = &per_cpu(vx_history_buffer, cpu);
17709 + struct _vx_hist_entry *entry;
17710 + unsigned int index;
17712 + index = vxh_active ? (hist->counter++ % VXH_SIZE) : VXH_SIZE;
17713 + entry = &hist->entry[index];
17715 + entry->seq = atomic_inc_return(&sequence);
17716 + entry->loc = loc;
17720 +EXPORT_SYMBOL_GPL(vxh_advance);
17723 +#define VXH_LOC_FMTS "(#%04x,*%d):%p"
17725 +#define VXH_LOC_ARGS(e) (e)->seq, cpu, (e)->loc
17728 +#define VXH_VXI_FMTS "%p[#%d,%d.%d]"
17730 +#define VXH_VXI_ARGS(e) (e)->vxi.ptr, \
17731 + (e)->vxi.ptr ? (e)->vxi.xid : 0, \
17732 + (e)->vxi.ptr ? (e)->vxi.usecnt : 0, \
17733 + (e)->vxi.ptr ? (e)->vxi.tasks : 0
17735 +void vxh_dump_entry(struct _vx_hist_entry *e, unsigned cpu)
17737 + switch (e->type) {
17738 + case VXH_THROW_OOPS:
17739 + printk( VXH_LOC_FMTS " oops \n", VXH_LOC_ARGS(e));
17742 + case VXH_GET_VX_INFO:
17743 + case VXH_PUT_VX_INFO:
17744 + printk( VXH_LOC_FMTS " %s_vx_info " VXH_VXI_FMTS "\n",
17746 + (e->type == VXH_GET_VX_INFO) ? "get" : "put",
17747 + VXH_VXI_ARGS(e));
17750 + case VXH_INIT_VX_INFO:
17751 + case VXH_SET_VX_INFO:
17752 + case VXH_CLR_VX_INFO:
17753 + printk( VXH_LOC_FMTS " %s_vx_info " VXH_VXI_FMTS " @%p\n",
17755 + (e->type == VXH_INIT_VX_INFO) ? "init" :
17756 + ((e->type == VXH_SET_VX_INFO) ? "set" : "clr"),
17757 + VXH_VXI_ARGS(e), e->sc.data);
17760 + case VXH_CLAIM_VX_INFO:
17761 + case VXH_RELEASE_VX_INFO:
17762 + printk( VXH_LOC_FMTS " %s_vx_info " VXH_VXI_FMTS " @%p\n",
17764 + (e->type == VXH_CLAIM_VX_INFO) ? "claim" : "release",
17765 + VXH_VXI_ARGS(e), e->sc.data);
17768 + case VXH_ALLOC_VX_INFO:
17769 + case VXH_DEALLOC_VX_INFO:
17770 + printk( VXH_LOC_FMTS " %s_vx_info " VXH_VXI_FMTS "\n",
17772 + (e->type == VXH_ALLOC_VX_INFO) ? "alloc" : "dealloc",
17773 + VXH_VXI_ARGS(e));
17776 + case VXH_HASH_VX_INFO:
17777 + case VXH_UNHASH_VX_INFO:
17778 + printk( VXH_LOC_FMTS " __%s_vx_info " VXH_VXI_FMTS "\n",
17780 + (e->type == VXH_HASH_VX_INFO) ? "hash" : "unhash",
17781 + VXH_VXI_ARGS(e));
17784 + case VXH_LOC_VX_INFO:
17785 + case VXH_LOOKUP_VX_INFO:
17786 + case VXH_CREATE_VX_INFO:
17787 + printk( VXH_LOC_FMTS " __%s_vx_info [#%d] -> " VXH_VXI_FMTS "\n",
17789 + (e->type == VXH_CREATE_VX_INFO) ? "create" :
17790 + ((e->type == VXH_LOC_VX_INFO) ? "loc" : "lookup"),
17791 + e->ll.arg, VXH_VXI_ARGS(e));
17796 +static void __vxh_dump_history(void)
17798 + unsigned int i, cpu;
17800 + printk("History:\tSEQ: %8x\tNR_CPUS: %d\n",
17801 + atomic_read(&sequence), NR_CPUS);
17803 + for (i = 0; i < VXH_SIZE; i++) {
17804 + for_each_online_cpu(cpu) {
17805 + struct _vx_history *hist =
17806 + &per_cpu(vx_history_buffer, cpu);
17807 + unsigned int index = (hist->counter - i) % VXH_SIZE;
17808 + struct _vx_hist_entry *entry = &hist->entry[index];
17810 + vxh_dump_entry(entry, cpu);
17815 +void vxh_dump_history(void)
17819 + local_irq_enable();
17821 + local_irq_disable();
17823 + __vxh_dump_history();
17827 +/* vserver syscall commands below here */
17830 +int vc_dump_history(uint32_t id)
17833 + __vxh_dump_history();
17840 +int do_read_history(struct __user _vx_hist_entry *data,
17841 + int cpu, uint32_t *index, uint32_t *count)
17843 + int pos, ret = 0;
17844 + struct _vx_history *hist = &per_cpu(vx_history_buffer, cpu);
17845 + int end = hist->counter;
17846 + int start = end - VXH_SIZE + 2;
17847 + int idx = *index;
17849 + /* special case: get current pos */
17855 + /* have we lost some data? */
17859 + for (pos = 0; (pos < *count) && (idx < end); pos++, idx++) {
17860 + struct _vx_hist_entry *entry =
17861 + &hist->entry[idx % VXH_SIZE];
17863 + /* send entry to userspace */
17864 + ret = copy_to_user(&data[pos], entry, sizeof(*entry));
17868 + /* save new index and count */
17871 + return ret ? ret : (*index < end);
17874 +int vc_read_history(uint32_t id, void __user *data)
17876 + struct vcmd_read_history_v0 vc_data;
17879 + if (id >= NR_CPUS)
17882 + if (copy_from_user(&vc_data, data, sizeof(vc_data)))
17885 + ret = do_read_history((struct __user _vx_hist_entry *)vc_data.data,
17886 + id, &vc_data.index, &vc_data.count);
17888 + if (copy_to_user(data, &vc_data, sizeof(vc_data)))
17893 +#ifdef CONFIG_COMPAT
17895 +int vc_read_history_x32(uint32_t id, void __user *data)
17897 + struct vcmd_read_history_v0_x32 vc_data;
17900 + if (id >= NR_CPUS)
17903 + if (copy_from_user(&vc_data, data, sizeof(vc_data)))
17906 + ret = do_read_history((struct __user _vx_hist_entry *)
17907 + compat_ptr(vc_data.data_ptr),
17908 + id, &vc_data.index, &vc_data.count);
17910 + if (copy_to_user(data, &vc_data, sizeof(vc_data)))
17915 +#endif /* CONFIG_COMPAT */
17917 diff -NurpP --minimal linux-3.14.17/kernel/vserver/inet.c linux-3.14.17-vs2.3.6.13/kernel/vserver/inet.c
17918 --- linux-3.14.17/kernel/vserver/inet.c 1970-01-01 00:00:00.000000000 +0000
17919 +++ linux-3.14.17-vs2.3.6.13/kernel/vserver/inet.c 2014-08-30 14:27:38.000000000 +0000
17922 +#include <linux/in.h>
17923 +#include <linux/inetdevice.h>
17924 +#include <linux/export.h>
17925 +#include <linux/vs_inet.h>
17926 +#include <linux/vs_inet6.h>
17927 +#include <linux/vserver/debug.h>
17928 +#include <net/route.h>
17929 +#include <net/addrconf.h>
17932 +int nx_v4_addr_conflict(struct nx_info *nxi1, struct nx_info *nxi2)
17936 + if (!nxi1 || !nxi2 || nxi1 == nxi2)
17939 + struct nx_addr_v4 *ptr;
17940 + unsigned long irqflags;
17942 + spin_lock_irqsave(&nxi1->addr_lock, irqflags);
17943 + for (ptr = &nxi1->v4; ptr; ptr = ptr->next) {
17944 + if (v4_nx_addr_in_nx_info(nxi2, ptr, -1)) {
17949 + spin_unlock_irqrestore(&nxi1->addr_lock, irqflags);
17952 + vxdprintk(VXD_CBIT(net, 2),
17953 + "nx_v4_addr_conflict(%p,%p): %d",
17954 + nxi1, nxi2, ret);
17960 +#ifdef CONFIG_IPV6
17962 +int nx_v6_addr_conflict(struct nx_info *nxi1, struct nx_info *nxi2)
17966 + if (!nxi1 || !nxi2 || nxi1 == nxi2)
17969 + struct nx_addr_v6 *ptr;
17970 + unsigned long irqflags;
17972 + spin_lock_irqsave(&nxi1->addr_lock, irqflags);
17973 + for (ptr = &nxi1->v6; ptr; ptr = ptr->next) {
17974 + if (v6_nx_addr_in_nx_info(nxi2, ptr, -1)) {
17979 + spin_unlock_irqrestore(&nxi1->addr_lock, irqflags);
17982 + vxdprintk(VXD_CBIT(net, 2),
17983 + "nx_v6_addr_conflict(%p,%p): %d",
17984 + nxi1, nxi2, ret);
17991 +int v4_dev_in_nx_info(struct net_device *dev, struct nx_info *nxi)
17993 + struct in_device *in_dev;
17994 + struct in_ifaddr **ifap;
17995 + struct in_ifaddr *ifa;
18000 + in_dev = in_dev_get(dev);
18004 + for (ifap = &in_dev->ifa_list; (ifa = *ifap) != NULL;
18005 + ifap = &ifa->ifa_next) {
18006 + if (v4_addr_in_nx_info(nxi, ifa->ifa_local, NXA_MASK_SHOW)) {
18011 + in_dev_put(in_dev);
18017 +#ifdef CONFIG_IPV6
18019 +int v6_dev_in_nx_info(struct net_device *dev, struct nx_info *nxi)
18021 + struct inet6_dev *in_dev;
18022 + struct inet6_ifaddr *ifa;
18027 + in_dev = in6_dev_get(dev);
18031 + // for (ifap = &in_dev->addr_list; (ifa = *ifap) != NULL;
18032 + list_for_each_entry(ifa, &in_dev->addr_list, if_list) {
18033 + if (v6_addr_in_nx_info(nxi, &ifa->addr, -1)) {
18038 + in6_dev_put(in_dev);
18045 +int dev_in_nx_info(struct net_device *dev, struct nx_info *nxi)
18051 + if (nxi->v4.type && v4_dev_in_nx_info(dev, nxi))
18053 +#ifdef CONFIG_IPV6
18055 + if (nxi->v6.type && v6_dev_in_nx_info(dev, nxi))
18060 + vxdprintk(VXD_CBIT(net, 3),
18061 + "dev_in_nx_info(%p,%p[#%d]) = %d",
18062 + dev, nxi, nxi ? nxi->nx_id : 0, ret);
18066 +struct rtable *ip_v4_find_src(struct net *net, struct nx_info *nxi,
18067 + struct flowi4 *fl4)
18069 + struct rtable *rt;
18074 + /* FIXME: handle lback only case */
18075 + if (!NX_IPV4(nxi))
18076 + return ERR_PTR(-EPERM);
18078 + vxdprintk(VXD_CBIT(net, 4),
18079 + "ip_v4_find_src(%p[#%u]) " NIPQUAD_FMT " -> " NIPQUAD_FMT,
18080 + nxi, nxi ? nxi->nx_id : 0,
18081 + NIPQUAD(fl4->saddr), NIPQUAD(fl4->daddr));
18083 + /* single IP is unconditional */
18084 + if (nx_info_flags(nxi, NXF_SINGLE_IP, 0) &&
18085 + (fl4->saddr == INADDR_ANY))
18086 + fl4->saddr = nxi->v4.ip[0].s_addr;
18088 + if (fl4->saddr == INADDR_ANY) {
18089 + struct nx_addr_v4 *ptr;
18090 + __be32 found = 0;
18092 + rt = __ip_route_output_key(net, fl4);
18093 + if (!IS_ERR(rt)) {
18094 + found = fl4->saddr;
18096 + vxdprintk(VXD_CBIT(net, 4),
18097 + "ip_v4_find_src(%p[#%u]) rok[%u]: " NIPQUAD_FMT,
18098 + nxi, nxi ? nxi->nx_id : 0, fl4->flowi4_oif, NIPQUAD(found));
18099 + if (v4_addr_in_nx_info(nxi, found, NXA_MASK_BIND))
18103 + WARN_ON_ONCE(in_irq());
18104 + spin_lock_bh(&nxi->addr_lock);
18105 + for (ptr = &nxi->v4; ptr; ptr = ptr->next) {
18106 + __be32 primary = ptr->ip[0].s_addr;
18107 + __be32 mask = ptr->mask.s_addr;
18108 + __be32 neta = primary & mask;
18110 + vxdprintk(VXD_CBIT(net, 4), "ip_v4_find_src(%p[#%u]) chk: "
18111 + NIPQUAD_FMT "/" NIPQUAD_FMT "/" NIPQUAD_FMT,
18112 + nxi, nxi ? nxi->nx_id : 0, NIPQUAD(primary),
18113 + NIPQUAD(mask), NIPQUAD(neta));
18114 + if ((found & mask) != neta)
18117 + fl4->saddr = primary;
18118 + rt = __ip_route_output_key(net, fl4);
18119 + vxdprintk(VXD_CBIT(net, 4),
18120 + "ip_v4_find_src(%p[#%u]) rok[%u]: " NIPQUAD_FMT,
18121 + nxi, nxi ? nxi->nx_id : 0, fl4->flowi4_oif, NIPQUAD(primary));
18122 + if (!IS_ERR(rt)) {
18123 + found = fl4->saddr;
18125 + if (found == primary)
18126 + goto found_unlock;
18129 + /* still no source ip? */
18130 + found = ipv4_is_loopback(fl4->daddr)
18131 + ? IPI_LOOPBACK : nxi->v4.ip[0].s_addr;
18133 + spin_unlock_bh(&nxi->addr_lock);
18135 + /* assign src ip to flow */
18136 + fl4->saddr = found;
18139 + if (!v4_addr_in_nx_info(nxi, fl4->saddr, NXA_MASK_BIND))
18140 + return ERR_PTR(-EPERM);
18143 + if (nx_info_flags(nxi, NXF_LBACK_REMAP, 0)) {
18144 + if (ipv4_is_loopback(fl4->daddr))
18145 + fl4->daddr = nxi->v4_lback.s_addr;
18146 + if (ipv4_is_loopback(fl4->saddr))
18147 + fl4->saddr = nxi->v4_lback.s_addr;
18148 + } else if (ipv4_is_loopback(fl4->daddr) &&
18149 + !nx_info_flags(nxi, NXF_LBACK_ALLOW, 0))
18150 + return ERR_PTR(-EPERM);
18155 +EXPORT_SYMBOL_GPL(ip_v4_find_src);
18157 diff -NurpP --minimal linux-3.14.17/kernel/vserver/init.c linux-3.14.17-vs2.3.6.13/kernel/vserver/init.c
18158 --- linux-3.14.17/kernel/vserver/init.c 1970-01-01 00:00:00.000000000 +0000
18159 +++ linux-3.14.17-vs2.3.6.13/kernel/vserver/init.c 2014-08-30 14:27:38.000000000 +0000
18162 + * linux/kernel/init.c
18164 + * Virtual Server Init
18166 + * Copyright (C) 2004-2007 Herbert Pötzl
18168 + * V0.01 basic structure
18172 +#include <linux/init.h>
18174 +int vserver_register_sysctl(void);
18175 +void vserver_unregister_sysctl(void);
18178 +static int __init init_vserver(void)
18182 +#ifdef CONFIG_VSERVER_DEBUG
18183 + vserver_register_sysctl();
18189 +static void __exit exit_vserver(void)
18192 +#ifdef CONFIG_VSERVER_DEBUG
18193 + vserver_unregister_sysctl();
18198 +/* FIXME: GFP_ZONETYPES gone
18199 +long vx_slab[GFP_ZONETYPES]; */
18203 +module_init(init_vserver);
18204 +module_exit(exit_vserver);
18206 diff -NurpP --minimal linux-3.14.17/kernel/vserver/inode.c linux-3.14.17-vs2.3.6.13/kernel/vserver/inode.c
18207 --- linux-3.14.17/kernel/vserver/inode.c 1970-01-01 00:00:00.000000000 +0000
18208 +++ linux-3.14.17-vs2.3.6.13/kernel/vserver/inode.c 2014-08-30 14:27:38.000000000 +0000
18211 + * linux/kernel/vserver/inode.c
18213 + * Virtual Server: File System Support
18215 + * Copyright (C) 2004-2007 Herbert Pötzl
18217 + * V0.01 separated from vcontext V0.05
18218 + * V0.02 moved to tag (instead of xid)
18222 +#include <linux/tty.h>
18223 +#include <linux/proc_fs.h>
18224 +#include <linux/devpts_fs.h>
18225 +#include <linux/fs.h>
18226 +#include <linux/file.h>
18227 +#include <linux/mount.h>
18228 +#include <linux/parser.h>
18229 +#include <linux/namei.h>
18230 +#include <linux/magic.h>
18231 +#include <linux/slab.h>
18232 +#include <linux/vserver/inode.h>
18233 +#include <linux/vserver/inode_cmd.h>
18234 +#include <linux/vs_base.h>
18235 +#include <linux/vs_tag.h>
18237 +#include <asm/uaccess.h>
18238 +#include <../../fs/proc/internal.h>
18241 +static int __vc_get_iattr(struct inode *in, uint32_t *tag, uint32_t *flags, uint32_t *mask)
18243 + struct proc_dir_entry *entry;
18245 + if (!in || !in->i_sb)
18248 + *flags = IATTR_TAG
18249 + | (IS_IMMUTABLE(in) ? IATTR_IMMUTABLE : 0)
18250 + | (IS_IXUNLINK(in) ? IATTR_IXUNLINK : 0)
18251 + | (IS_BARRIER(in) ? IATTR_BARRIER : 0)
18252 + | (IS_COW(in) ? IATTR_COW : 0);
18253 + *mask = IATTR_IXUNLINK | IATTR_IMMUTABLE | IATTR_COW;
18255 + if (S_ISDIR(in->i_mode))
18256 + *mask |= IATTR_BARRIER;
18258 + if (IS_TAGGED(in)) {
18259 + *tag = i_tag_read(in);
18260 + *mask |= IATTR_TAG;
18263 + switch (in->i_sb->s_magic) {
18264 + case PROC_SUPER_MAGIC:
18265 + entry = PROC_I(in)->pde;
18267 + /* check for specific inodes? */
18269 + *mask |= IATTR_FLAGS;
18271 + *flags |= (entry->vx_flags & IATTR_FLAGS);
18273 + *flags |= (PROC_I(in)->vx_flags & IATTR_FLAGS);
18276 + case DEVPTS_SUPER_MAGIC:
18277 + *tag = i_tag_read(in);
18278 + *mask |= IATTR_TAG;
18287 +int vc_get_iattr(void __user *data)
18289 + struct path path;
18290 + struct vcmd_ctx_iattr_v1 vc_data = { .tag = -1 };
18293 + if (copy_from_user(&vc_data, data, sizeof(vc_data)))
18296 + ret = user_lpath(vc_data.name, &path);
18298 + ret = __vc_get_iattr(path.dentry->d_inode,
18299 + &vc_data.tag, &vc_data.flags, &vc_data.mask);
18305 + if (copy_to_user(data, &vc_data, sizeof(vc_data)))
18310 +#ifdef CONFIG_COMPAT
18312 +int vc_get_iattr_x32(void __user *data)
18314 + struct path path;
18315 + struct vcmd_ctx_iattr_v1_x32 vc_data = { .tag = -1 };
18318 + if (copy_from_user(&vc_data, data, sizeof(vc_data)))
18321 + ret = user_lpath(compat_ptr(vc_data.name_ptr), &path);
18323 + ret = __vc_get_iattr(path.dentry->d_inode,
18324 + &vc_data.tag, &vc_data.flags, &vc_data.mask);
18330 + if (copy_to_user(data, &vc_data, sizeof(vc_data)))
18335 +#endif /* CONFIG_COMPAT */
18338 +int vc_fget_iattr(uint32_t fd, void __user *data)
18340 + struct file *filp;
18341 + struct vcmd_ctx_fiattr_v0 vc_data = { .tag = -1 };
18344 + if (copy_from_user(&vc_data, data, sizeof(vc_data)))
18348 + if (!filp || !filp->f_dentry || !filp->f_dentry->d_inode)
18351 + ret = __vc_get_iattr(filp->f_dentry->d_inode,
18352 + &vc_data.tag, &vc_data.flags, &vc_data.mask);
18356 + if (copy_to_user(data, &vc_data, sizeof(vc_data)))
18362 +static int __vc_set_iattr(struct dentry *de, uint32_t *tag, uint32_t *flags, uint32_t *mask)
18364 + struct inode *in = de->d_inode;
18365 + int error = 0, is_proc = 0, has_tag = 0;
18366 + struct iattr attr = { 0 };
18368 + if (!in || !in->i_sb)
18371 + is_proc = (in->i_sb->s_magic == PROC_SUPER_MAGIC);
18372 + if ((*mask & IATTR_FLAGS) && !is_proc)
18375 + has_tag = IS_TAGGED(in) ||
18376 + (in->i_sb->s_magic == DEVPTS_SUPER_MAGIC);
18377 + if ((*mask & IATTR_TAG) && !has_tag)
18380 + mutex_lock(&in->i_mutex);
18381 + if (*mask & IATTR_TAG) {
18382 + attr.ia_tag = make_ktag(&init_user_ns, *tag);
18383 + attr.ia_valid |= ATTR_TAG;
18386 + if (*mask & IATTR_FLAGS) {
18387 + struct proc_dir_entry *entry = PROC_I(in)->pde;
18388 + unsigned int iflags = PROC_I(in)->vx_flags;
18390 + iflags = (iflags & ~(*mask & IATTR_FLAGS))
18391 + | (*flags & IATTR_FLAGS);
18392 + PROC_I(in)->vx_flags = iflags;
18394 + entry->vx_flags = iflags;
18397 + if (*mask & (IATTR_IMMUTABLE | IATTR_IXUNLINK |
18398 + IATTR_BARRIER | IATTR_COW)) {
18399 + int iflags = in->i_flags;
18400 + int vflags = in->i_vflags;
18402 + if (*mask & IATTR_IMMUTABLE) {
18403 + if (*flags & IATTR_IMMUTABLE)
18404 + iflags |= S_IMMUTABLE;
18406 + iflags &= ~S_IMMUTABLE;
18408 + if (*mask & IATTR_IXUNLINK) {
18409 + if (*flags & IATTR_IXUNLINK)
18410 + iflags |= S_IXUNLINK;
18412 + iflags &= ~S_IXUNLINK;
18414 + if (S_ISDIR(in->i_mode) && (*mask & IATTR_BARRIER)) {
18415 + if (*flags & IATTR_BARRIER)
18416 + vflags |= V_BARRIER;
18418 + vflags &= ~V_BARRIER;
18420 + if (S_ISREG(in->i_mode) && (*mask & IATTR_COW)) {
18421 + if (*flags & IATTR_COW)
18424 + vflags &= ~V_COW;
18426 + if (in->i_op && in->i_op->sync_flags) {
18427 + error = in->i_op->sync_flags(in, iflags, vflags);
18433 + if (attr.ia_valid) {
18434 + if (in->i_op && in->i_op->setattr)
18435 + error = in->i_op->setattr(de, &attr);
18437 + error = inode_change_ok(in, &attr);
18439 + setattr_copy(in, &attr);
18440 + mark_inode_dirty(in);
18446 + mutex_unlock(&in->i_mutex);
18450 +int vc_set_iattr(void __user *data)
18452 + struct path path;
18453 + struct vcmd_ctx_iattr_v1 vc_data;
18456 + if (!capable(CAP_LINUX_IMMUTABLE))
18458 + if (copy_from_user(&vc_data, data, sizeof(vc_data)))
18461 + ret = user_lpath(vc_data.name, &path);
18463 + ret = __vc_set_iattr(path.dentry,
18464 + &vc_data.tag, &vc_data.flags, &vc_data.mask);
18468 + if (copy_to_user(data, &vc_data, sizeof(vc_data)))
18473 +#ifdef CONFIG_COMPAT
18475 +int vc_set_iattr_x32(void __user *data)
18477 + struct path path;
18478 + struct vcmd_ctx_iattr_v1_x32 vc_data;
18481 + if (!capable(CAP_LINUX_IMMUTABLE))
18483 + if (copy_from_user(&vc_data, data, sizeof(vc_data)))
18486 + ret = user_lpath(compat_ptr(vc_data.name_ptr), &path);
18488 + ret = __vc_set_iattr(path.dentry,
18489 + &vc_data.tag, &vc_data.flags, &vc_data.mask);
18493 + if (copy_to_user(data, &vc_data, sizeof(vc_data)))
18498 +#endif /* CONFIG_COMPAT */
18500 +int vc_fset_iattr(uint32_t fd, void __user *data)
18502 + struct file *filp;
18503 + struct vcmd_ctx_fiattr_v0 vc_data;
18506 + if (!capable(CAP_LINUX_IMMUTABLE))
18508 + if (copy_from_user(&vc_data, data, sizeof(vc_data)))
18512 + if (!filp || !filp->f_dentry || !filp->f_dentry->d_inode)
18515 + ret = __vc_set_iattr(filp->f_dentry, &vc_data.tag,
18516 + &vc_data.flags, &vc_data.mask);
18520 + if (copy_to_user(data, &vc_data, sizeof(vc_data)))
18526 +enum { Opt_notagcheck, Opt_tag, Opt_notag, Opt_tagid, Opt_err };
18528 +static match_table_t tokens = {
18529 + {Opt_notagcheck, "notagcheck"},
18530 +#ifdef CONFIG_PROPAGATE
18531 + {Opt_notag, "notag"},
18532 + {Opt_tag, "tag"},
18533 + {Opt_tagid, "tagid=%u"},
18539 +static void __dx_parse_remove(char *string, char *opt)
18541 + char *p = strstr(string, opt);
18545 + while (*q != '\0' && *q != ',')
18554 +int dx_parse_tag(char *string, vtag_t *tag, int remove, int *mnt_flags,
18555 + unsigned long *flags)
18558 + substring_t args[MAX_OPT_ARGS];
18560 + char *s, *p, *opts;
18561 +#if defined(CONFIG_PROPAGATE) || defined(CONFIG_VSERVER_DEBUG)
18567 + s = kstrdup(string, GFP_KERNEL | GFP_ATOMIC);
18572 + while ((p = strsep(&opts, ",")) != NULL) {
18573 + token = match_token(p, tokens, args);
18576 +#ifdef CONFIG_PROPAGATE
18581 + __dx_parse_remove(s, "tag");
18582 + *mnt_flags |= MNT_TAGID;
18583 + set |= MNT_TAGID;
18587 + __dx_parse_remove(s, "notag");
18588 + *mnt_flags |= MNT_NOTAG;
18589 + set |= MNT_NOTAG;
18592 + if (tag && !match_int(args, &option))
18595 + __dx_parse_remove(s, "tagid");
18596 + *mnt_flags |= MNT_TAGID;
18597 + set |= MNT_TAGID;
18599 +#endif /* CONFIG_PROPAGATE */
18600 + case Opt_notagcheck:
18602 + __dx_parse_remove(s, "notagcheck");
18603 + *flags |= MS_NOTAGCHECK;
18604 + set |= MS_NOTAGCHECK;
18607 + vxdprintk(VXD_CBIT(tag, 7),
18608 + "dx_parse_tag(" VS_Q("%s") "): %d:#%d",
18609 + p, token, option);
18612 + strcpy(string, s);
18617 +#ifdef CONFIG_PROPAGATE
18619 +void __dx_propagate_tag(struct nameidata *nd, struct inode *inode)
18621 + vtag_t new_tag = 0;
18622 + struct vfsmount *mnt;
18627 + mnt = nd->path.mnt;
18631 + propagate = (mnt->mnt_flags & MNT_TAGID);
18633 + new_tag = mnt->mnt_tag;
18635 + vxdprintk(VXD_CBIT(tag, 7),
18636 + "dx_propagate_tag(%p[#%lu.%d]): %d,%d",
18637 + inode, inode->i_ino, inode->i_tag,
18638 + new_tag, (propagate) ? 1 : 0);
18641 + i_tag_write(inode, new_tag);
18644 +#include <linux/module.h>
18646 +EXPORT_SYMBOL_GPL(__dx_propagate_tag);
18648 +#endif /* CONFIG_PROPAGATE */
18650 diff -NurpP --minimal linux-3.14.17/kernel/vserver/limit.c linux-3.14.17-vs2.3.6.13/kernel/vserver/limit.c
18651 --- linux-3.14.17/kernel/vserver/limit.c 1970-01-01 00:00:00.000000000 +0000
18652 +++ linux-3.14.17-vs2.3.6.13/kernel/vserver/limit.c 2014-08-30 14:27:38.000000000 +0000
18655 + * linux/kernel/vserver/limit.c
18657 + * Virtual Server: Context Limits
18659 + * Copyright (C) 2004-2010 Herbert Pötzl
18661 + * V0.01 broken out from vcontext V0.05
18662 + * V0.02 changed vcmds to vxi arg
18663 + * V0.03 added memory cgroup support
18667 +#include <linux/sched.h>
18668 +#include <linux/module.h>
18669 +#include <linux/memcontrol.h>
18670 +#include <linux/res_counter.h>
18671 +#include <linux/vs_limit.h>
18672 +#include <linux/vserver/limit.h>
18673 +#include <linux/vserver/limit_cmd.h>
18675 +#include <asm/uaccess.h>
18678 +const char *vlimit_name[NUM_LIMITS] = {
18679 + [RLIMIT_CPU] = "CPU",
18680 + [RLIMIT_NPROC] = "NPROC",
18681 + [RLIMIT_NOFILE] = "NOFILE",
18682 + [RLIMIT_LOCKS] = "LOCKS",
18683 + [RLIMIT_SIGPENDING] = "SIGP",
18684 + [RLIMIT_MSGQUEUE] = "MSGQ",
18686 + [VLIMIT_NSOCK] = "NSOCK",
18687 + [VLIMIT_OPENFD] = "OPENFD",
18688 + [VLIMIT_SHMEM] = "SHMEM",
18689 + [VLIMIT_DENTRY] = "DENTRY",
18692 +EXPORT_SYMBOL_GPL(vlimit_name);
18694 +#define MASK_ENTRY(x) (1 << (x))
18696 +const struct vcmd_ctx_rlimit_mask_v0 vlimit_mask = {
18699 + , /* softlimit */
18702 + MASK_ENTRY( RLIMIT_NPROC ) |
18703 + MASK_ENTRY( RLIMIT_NOFILE ) |
18704 + MASK_ENTRY( RLIMIT_LOCKS ) |
18705 + MASK_ENTRY( RLIMIT_MSGQUEUE ) |
18707 + MASK_ENTRY( VLIMIT_NSOCK ) |
18708 + MASK_ENTRY( VLIMIT_OPENFD ) |
18709 + MASK_ENTRY( VLIMIT_SHMEM ) |
18710 + MASK_ENTRY( VLIMIT_DENTRY ) |
18713 + /* accounting only */
18714 +uint32_t account_mask =
18715 + MASK_ENTRY( VLIMIT_SEMARY ) |
18716 + MASK_ENTRY( VLIMIT_NSEMS ) |
18717 + MASK_ENTRY( VLIMIT_MAPPED ) |
18721 +static int is_valid_vlimit(int id)
18723 + uint32_t mask = vlimit_mask.minimum |
18724 + vlimit_mask.softlimit | vlimit_mask.maximum;
18725 + return mask & (1 << id);
18728 +static int is_accounted_vlimit(int id)
18730 + if (is_valid_vlimit(id))
18732 + return account_mask & (1 << id);
18736 +static inline uint64_t vc_get_soft(struct vx_info *vxi, int id)
18738 + rlim_t limit = __rlim_soft(&vxi->limit, id);
18739 + return VX_VLIM(limit);
18742 +static inline uint64_t vc_get_hard(struct vx_info *vxi, int id)
18744 + rlim_t limit = __rlim_hard(&vxi->limit, id);
18745 + return VX_VLIM(limit);
18748 +static int do_get_rlimit(struct vx_info *vxi, uint32_t id,
18749 + uint64_t *minimum, uint64_t *softlimit, uint64_t *maximum)
18751 + if (!is_valid_vlimit(id))
18755 + *minimum = CRLIM_UNSET;
18757 + *softlimit = vc_get_soft(vxi, id);
18759 + *maximum = vc_get_hard(vxi, id);
18763 +int vc_get_rlimit(struct vx_info *vxi, void __user *data)
18765 + struct vcmd_ctx_rlimit_v0 vc_data;
18768 + if (copy_from_user(&vc_data, data, sizeof(vc_data)))
18771 + ret = do_get_rlimit(vxi, vc_data.id,
18772 + &vc_data.minimum, &vc_data.softlimit, &vc_data.maximum);
18776 + if (copy_to_user(data, &vc_data, sizeof(vc_data)))
18781 +static int do_set_rlimit(struct vx_info *vxi, uint32_t id,
18782 + uint64_t minimum, uint64_t softlimit, uint64_t maximum)
18784 + if (!is_valid_vlimit(id))
18787 + if (maximum != CRLIM_KEEP)
18788 + __rlim_hard(&vxi->limit, id) = VX_RLIM(maximum);
18789 + if (softlimit != CRLIM_KEEP)
18790 + __rlim_soft(&vxi->limit, id) = VX_RLIM(softlimit);
18792 + /* clamp soft limit */
18793 + if (__rlim_soft(&vxi->limit, id) > __rlim_hard(&vxi->limit, id))
18794 + __rlim_soft(&vxi->limit, id) = __rlim_hard(&vxi->limit, id);
18799 +int vc_set_rlimit(struct vx_info *vxi, void __user *data)
18801 + struct vcmd_ctx_rlimit_v0 vc_data;
18803 + if (copy_from_user(&vc_data, data, sizeof(vc_data)))
18806 + return do_set_rlimit(vxi, vc_data.id,
18807 + vc_data.minimum, vc_data.softlimit, vc_data.maximum);
18810 +#ifdef CONFIG_IA32_EMULATION
18812 +int vc_set_rlimit_x32(struct vx_info *vxi, void __user *data)
18814 + struct vcmd_ctx_rlimit_v0_x32 vc_data;
18816 + if (copy_from_user(&vc_data, data, sizeof(vc_data)))
18819 + return do_set_rlimit(vxi, vc_data.id,
18820 + vc_data.minimum, vc_data.softlimit, vc_data.maximum);
18823 +int vc_get_rlimit_x32(struct vx_info *vxi, void __user *data)
18825 + struct vcmd_ctx_rlimit_v0_x32 vc_data;
18828 + if (copy_from_user(&vc_data, data, sizeof(vc_data)))
18831 + ret = do_get_rlimit(vxi, vc_data.id,
18832 + &vc_data.minimum, &vc_data.softlimit, &vc_data.maximum);
18836 + if (copy_to_user(data, &vc_data, sizeof(vc_data)))
18841 +#endif /* CONFIG_IA32_EMULATION */
18844 +int vc_get_rlimit_mask(uint32_t id, void __user *data)
18846 + if (copy_to_user(data, &vlimit_mask, sizeof(vlimit_mask)))
18852 +static inline void vx_reset_hits(struct _vx_limit *limit)
18856 + for (lim = 0; lim < NUM_LIMITS; lim++) {
18857 + atomic_set(&__rlim_lhit(limit, lim), 0);
18861 +int vc_reset_hits(struct vx_info *vxi, void __user *data)
18863 + vx_reset_hits(&vxi->limit);
18867 +static inline void vx_reset_minmax(struct _vx_limit *limit)
18872 + for (lim = 0; lim < NUM_LIMITS; lim++) {
18873 + value = __rlim_get(limit, lim);
18874 + __rlim_rmax(limit, lim) = value;
18875 + __rlim_rmin(limit, lim) = value;
18879 +int vc_reset_minmax(struct vx_info *vxi, void __user *data)
18881 + vx_reset_minmax(&vxi->limit);
18886 +int vc_rlimit_stat(struct vx_info *vxi, void __user *data)
18888 + struct vcmd_rlimit_stat_v0 vc_data;
18889 + struct _vx_limit *limit = &vxi->limit;
18892 + if (copy_from_user(&vc_data, data, sizeof(vc_data)))
18896 + if (!is_accounted_vlimit(id))
18899 + vx_limit_fixup(limit, id);
18900 + vc_data.hits = atomic_read(&__rlim_lhit(limit, id));
18901 + vc_data.value = __rlim_get(limit, id);
18902 + vc_data.minimum = __rlim_rmin(limit, id);
18903 + vc_data.maximum = __rlim_rmax(limit, id);
18905 + if (copy_to_user(data, &vc_data, sizeof(vc_data)))
18911 +void vx_vsi_meminfo(struct sysinfo *val)
18913 +#ifdef CONFIG_MEMCG
18914 + struct mem_cgroup *mcg;
18915 + u64 res_limit, res_usage;
18918 + mcg = mem_cgroup_from_task(current);
18919 + rcu_read_unlock();
18923 + res_limit = mem_cgroup_res_read_u64(mcg, RES_LIMIT);
18924 + res_usage = mem_cgroup_res_read_u64(mcg, RES_USAGE);
18926 + if (res_limit != RES_COUNTER_MAX)
18927 + val->totalram = (res_limit >> PAGE_SHIFT);
18928 + val->freeram = val->totalram - (res_usage >> PAGE_SHIFT);
18929 + val->bufferram = 0;
18930 + val->totalhigh = 0;
18931 + val->freehigh = 0;
18933 +#endif /* CONFIG_MEMCG */
18937 +void vx_vsi_swapinfo(struct sysinfo *val)
18939 +#ifdef CONFIG_MEMCG
18940 +#ifdef CONFIG_MEMCG_SWAP
18941 + struct mem_cgroup *mcg;
18942 + u64 res_limit, res_usage, memsw_limit, memsw_usage;
18943 + s64 swap_limit, swap_usage;
18946 + mcg = mem_cgroup_from_task(current);
18947 + rcu_read_unlock();
18951 + res_limit = mem_cgroup_res_read_u64(mcg, RES_LIMIT);
18952 + res_usage = mem_cgroup_res_read_u64(mcg, RES_USAGE);
18953 + memsw_limit = mem_cgroup_memsw_read_u64(mcg, RES_LIMIT);
18954 + memsw_usage = mem_cgroup_memsw_read_u64(mcg, RES_USAGE);
18956 + /* memory unlimited */
18957 + if (res_limit == RES_COUNTER_MAX)
18960 + swap_limit = memsw_limit - res_limit;
18961 + /* we have a swap limit? */
18962 + if (memsw_limit != RES_COUNTER_MAX)
18963 + val->totalswap = swap_limit >> PAGE_SHIFT;
18965 + /* calculate swap part */
18966 + swap_usage = (memsw_usage > res_usage) ?
18967 + memsw_usage - res_usage : 0;
18969 + /* total shown minus usage gives free swap */
18970 + val->freeswap = (swap_usage < swap_limit) ?
18971 + val->totalswap - (swap_usage >> PAGE_SHIFT) : 0;
18973 +#else /* !CONFIG_MEMCG_SWAP */
18974 + val->totalswap = 0;
18975 + val->freeswap = 0;
18976 +#endif /* !CONFIG_MEMCG_SWAP */
18977 +#endif /* CONFIG_MEMCG */
18981 +long vx_vsi_cached(struct sysinfo *val)
18984 +#ifdef CONFIG_MEMCG
18985 + struct mem_cgroup *mcg;
18988 + mcg = mem_cgroup_from_task(current);
18989 + rcu_read_unlock();
18993 + cache = mem_cgroup_stat_read_cache(mcg);
18999 diff -NurpP --minimal linux-3.14.17/kernel/vserver/limit_init.h linux-3.14.17-vs2.3.6.13/kernel/vserver/limit_init.h
19000 --- linux-3.14.17/kernel/vserver/limit_init.h 1970-01-01 00:00:00.000000000 +0000
19001 +++ linux-3.14.17-vs2.3.6.13/kernel/vserver/limit_init.h 2014-08-30 14:27:38.000000000 +0000
19005 +static inline void vx_info_init_limit(struct _vx_limit *limit)
19009 + for (lim = 0; lim < NUM_LIMITS; lim++) {
19010 + __rlim_soft(limit, lim) = RLIM_INFINITY;
19011 + __rlim_hard(limit, lim) = RLIM_INFINITY;
19012 + __rlim_set(limit, lim, 0);
19013 + atomic_set(&__rlim_lhit(limit, lim), 0);
19014 + __rlim_rmin(limit, lim) = 0;
19015 + __rlim_rmax(limit, lim) = 0;
19019 +static inline void vx_info_exit_limit(struct _vx_limit *limit)
19024 + for (lim = 0; lim < NUM_LIMITS; lim++) {
19025 + if ((1 << lim) & VLIM_NOCHECK)
19027 + value = __rlim_get(limit, lim);
19028 + vxwprintk_xid(value,
19029 + "!!! limit: %p[%s,%d] = %ld on exit.",
19030 + limit, vlimit_name[lim], lim, (long)value);
19034 diff -NurpP --minimal linux-3.14.17/kernel/vserver/limit_proc.h linux-3.14.17-vs2.3.6.13/kernel/vserver/limit_proc.h
19035 --- linux-3.14.17/kernel/vserver/limit_proc.h 1970-01-01 00:00:00.000000000 +0000
19036 +++ linux-3.14.17-vs2.3.6.13/kernel/vserver/limit_proc.h 2014-08-30 14:27:38.000000000 +0000
19038 +#ifndef _VX_LIMIT_PROC_H
19039 +#define _VX_LIMIT_PROC_H
19041 +#include <linux/vserver/limit_int.h>
19044 +#define VX_LIMIT_FMT ":\t%8ld\t%8ld/%8ld\t%8lld/%8lld\t%6d\n"
19045 +#define VX_LIMIT_TOP \
19046 + "Limit\t current\t min/max\t\t soft/hard\t\thits\n"
19048 +#define VX_LIMIT_ARG(r) \
19049 + (unsigned long)__rlim_get(limit, r), \
19050 + (unsigned long)__rlim_rmin(limit, r), \
19051 + (unsigned long)__rlim_rmax(limit, r), \
19052 + VX_VLIM(__rlim_soft(limit, r)), \
19053 + VX_VLIM(__rlim_hard(limit, r)), \
19054 + atomic_read(&__rlim_lhit(limit, r))
19056 +static inline int vx_info_proc_limit(struct _vx_limit *limit, char *buffer)
19058 + vx_limit_fixup(limit, -1);
19059 + return sprintf(buffer, VX_LIMIT_TOP
19060 + "PROC" VX_LIMIT_FMT
19061 + "VM" VX_LIMIT_FMT
19062 + "VML" VX_LIMIT_FMT
19063 + "RSS" VX_LIMIT_FMT
19064 + "ANON" VX_LIMIT_FMT
19065 + "RMAP" VX_LIMIT_FMT
19066 + "FILES" VX_LIMIT_FMT
19067 + "OFD" VX_LIMIT_FMT
19068 + "LOCKS" VX_LIMIT_FMT
19069 + "SOCK" VX_LIMIT_FMT
19070 + "MSGQ" VX_LIMIT_FMT
19071 + "SHM" VX_LIMIT_FMT
19072 + "SEMA" VX_LIMIT_FMT
19073 + "SEMS" VX_LIMIT_FMT
19074 + "DENT" VX_LIMIT_FMT,
19075 + VX_LIMIT_ARG(RLIMIT_NPROC),
19076 + VX_LIMIT_ARG(RLIMIT_AS),
19077 + VX_LIMIT_ARG(RLIMIT_MEMLOCK),
19078 + VX_LIMIT_ARG(RLIMIT_RSS),
19079 + VX_LIMIT_ARG(VLIMIT_ANON),
19080 + VX_LIMIT_ARG(VLIMIT_MAPPED),
19081 + VX_LIMIT_ARG(RLIMIT_NOFILE),
19082 + VX_LIMIT_ARG(VLIMIT_OPENFD),
19083 + VX_LIMIT_ARG(RLIMIT_LOCKS),
19084 + VX_LIMIT_ARG(VLIMIT_NSOCK),
19085 + VX_LIMIT_ARG(RLIMIT_MSGQUEUE),
19086 + VX_LIMIT_ARG(VLIMIT_SHMEM),
19087 + VX_LIMIT_ARG(VLIMIT_SEMARY),
19088 + VX_LIMIT_ARG(VLIMIT_NSEMS),
19089 + VX_LIMIT_ARG(VLIMIT_DENTRY));
19092 +#endif /* _VX_LIMIT_PROC_H */
19095 diff -NurpP --minimal linux-3.14.17/kernel/vserver/network.c linux-3.14.17-vs2.3.6.13/kernel/vserver/network.c
19096 --- linux-3.14.17/kernel/vserver/network.c 1970-01-01 00:00:00.000000000 +0000
19097 +++ linux-3.14.17-vs2.3.6.13/kernel/vserver/network.c 2014-08-30 14:27:38.000000000 +0000
19100 + * linux/kernel/vserver/network.c
19102 + * Virtual Server: Network Support
19104 + * Copyright (C) 2003-2007 Herbert Pötzl
19106 + * V0.01 broken out from vcontext V0.05
19107 + * V0.02 cleaned up implementation
19108 + * V0.03 added equiv nx commands
19109 + * V0.04 switch to RCU based hash
19110 + * V0.05 and back to locking again
19111 + * V0.06 changed vcmds to nxi arg
19112 + * V0.07 have __create claim() the nxi
19116 +#include <linux/err.h>
19117 +#include <linux/slab.h>
19118 +#include <linux/rcupdate.h>
19119 +#include <net/ipv6.h>
19121 +#include <linux/vs_network.h>
19122 +#include <linux/vs_pid.h>
19123 +#include <linux/vserver/network_cmd.h>
19126 +atomic_t nx_global_ctotal = ATOMIC_INIT(0);
19127 +atomic_t nx_global_cactive = ATOMIC_INIT(0);
19129 +static struct kmem_cache *nx_addr_v4_cachep = NULL;
19130 +static struct kmem_cache *nx_addr_v6_cachep = NULL;
19133 +static int __init init_network(void)
19135 + nx_addr_v4_cachep = kmem_cache_create("nx_v4_addr_cache",
19136 + sizeof(struct nx_addr_v4), 0,
19137 + SLAB_HWCACHE_ALIGN|SLAB_PANIC, NULL);
19138 + nx_addr_v6_cachep = kmem_cache_create("nx_v6_addr_cache",
19139 + sizeof(struct nx_addr_v6), 0,
19140 + SLAB_HWCACHE_ALIGN|SLAB_PANIC, NULL);
19145 +/* __alloc_nx_addr_v4() */
19147 +static inline struct nx_addr_v4 *__alloc_nx_addr_v4(void)
19149 + struct nx_addr_v4 *nxa = kmem_cache_alloc(
19150 + nx_addr_v4_cachep, GFP_KERNEL);
19152 + if (!IS_ERR(nxa))
19153 + memset(nxa, 0, sizeof(*nxa));
19157 +/* __dealloc_nx_addr_v4() */
19159 +static inline void __dealloc_nx_addr_v4(struct nx_addr_v4 *nxa)
19161 + kmem_cache_free(nx_addr_v4_cachep, nxa);
19164 +/* __dealloc_nx_addr_v4_all() */
19166 +static inline void __dealloc_nx_addr_v4_all(struct nx_addr_v4 *nxa)
19169 + struct nx_addr_v4 *next = nxa->next;
19171 + __dealloc_nx_addr_v4(nxa);
19177 +#ifdef CONFIG_IPV6
19179 +/* __alloc_nx_addr_v6() */
19181 +static inline struct nx_addr_v6 *__alloc_nx_addr_v6(void)
19183 + struct nx_addr_v6 *nxa = kmem_cache_alloc(
19184 + nx_addr_v6_cachep, GFP_KERNEL);
19186 + if (!IS_ERR(nxa))
19187 + memset(nxa, 0, sizeof(*nxa));
19191 +/* __dealloc_nx_addr_v6() */
19193 +static inline void __dealloc_nx_addr_v6(struct nx_addr_v6 *nxa)
19195 + kmem_cache_free(nx_addr_v6_cachep, nxa);
19198 +/* __dealloc_nx_addr_v6_all() */
19200 +static inline void __dealloc_nx_addr_v6_all(struct nx_addr_v6 *nxa)
19203 + struct nx_addr_v6 *next = nxa->next;
19205 + __dealloc_nx_addr_v6(nxa);
19210 +#endif /* CONFIG_IPV6 */
19212 +/* __alloc_nx_info()
19214 + * allocate an initialized nx_info struct
19215 + * doesn't make it visible (hash) */
19217 +static struct nx_info *__alloc_nx_info(vnid_t nid)
19219 + struct nx_info *new = NULL;
19221 + vxdprintk(VXD_CBIT(nid, 1), "alloc_nx_info(%d)*", nid);
19223 + /* would this benefit from a slab cache? */
19224 + new = kmalloc(sizeof(struct nx_info), GFP_KERNEL);
19228 + memset(new, 0, sizeof(struct nx_info));
19229 + new->nx_id = nid;
19230 + INIT_HLIST_NODE(&new->nx_hlist);
19231 + atomic_set(&new->nx_usecnt, 0);
19232 + atomic_set(&new->nx_tasks, 0);
19233 + spin_lock_init(&new->addr_lock);
19234 + new->nx_state = 0;
19236 + new->nx_flags = NXF_INIT_SET;
19238 + /* rest of init goes here */
19240 + new->v4_lback.s_addr = htonl(INADDR_LOOPBACK);
19241 + new->v4_bcast.s_addr = htonl(INADDR_BROADCAST);
19243 + vxdprintk(VXD_CBIT(nid, 0),
19244 + "alloc_nx_info(%d) = %p", nid, new);
19245 + atomic_inc(&nx_global_ctotal);
19249 +/* __dealloc_nx_info()
19251 + * final disposal of nx_info */
19253 +static void __dealloc_nx_info(struct nx_info *nxi)
19255 + vxdprintk(VXD_CBIT(nid, 0),
19256 + "dealloc_nx_info(%p)", nxi);
19258 + nxi->nx_hlist.next = LIST_POISON1;
19261 + BUG_ON(atomic_read(&nxi->nx_usecnt));
19262 + BUG_ON(atomic_read(&nxi->nx_tasks));
19264 + __dealloc_nx_addr_v4_all(nxi->v4.next);
19265 +#ifdef CONFIG_IPV6
19266 + __dealloc_nx_addr_v6_all(nxi->v6.next);
19269 + nxi->nx_state |= NXS_RELEASED;
19271 + atomic_dec(&nx_global_ctotal);
19274 +static void __shutdown_nx_info(struct nx_info *nxi)
19276 + nxi->nx_state |= NXS_SHUTDOWN;
19277 + vs_net_change(nxi, VSC_NETDOWN);
19280 +/* exported stuff */
19282 +void free_nx_info(struct nx_info *nxi)
19284 + /* context shutdown is mandatory */
19285 + BUG_ON(nxi->nx_state != NXS_SHUTDOWN);
19287 + /* context must not be hashed */
19288 + BUG_ON(nxi->nx_state & NXS_HASHED);
19290 + BUG_ON(atomic_read(&nxi->nx_usecnt));
19291 + BUG_ON(atomic_read(&nxi->nx_tasks));
19293 + __dealloc_nx_info(nxi);
19297 +void __nx_set_lback(struct nx_info *nxi)
19299 + int nid = nxi->nx_id;
19300 + __be32 lback = htonl(INADDR_LOOPBACK ^ ((nid & 0xFFFF) << 8));
19302 + nxi->v4_lback.s_addr = lback;
19305 +extern int __nx_inet_add_lback(__be32 addr);
19306 +extern int __nx_inet_del_lback(__be32 addr);
19309 +/* hash table for nx_info hash */
19311 +#define NX_HASH_SIZE 13
19313 +struct hlist_head nx_info_hash[NX_HASH_SIZE];
19315 +static DEFINE_SPINLOCK(nx_info_hash_lock);
19318 +static inline unsigned int __hashval(vnid_t nid)
19320 + return (nid % NX_HASH_SIZE);
19325 +/* __hash_nx_info()
19327 + * add the nxi to the global hash table
19328 + * requires the hash_lock to be held */
19330 +static inline void __hash_nx_info(struct nx_info *nxi)
19332 + struct hlist_head *head;
19334 + vxd_assert_lock(&nx_info_hash_lock);
19335 + vxdprintk(VXD_CBIT(nid, 4),
19336 + "__hash_nx_info: %p[#%d]", nxi, nxi->nx_id);
19338 + /* context must not be hashed */
19339 + BUG_ON(nx_info_state(nxi, NXS_HASHED));
19341 + nxi->nx_state |= NXS_HASHED;
19342 + head = &nx_info_hash[__hashval(nxi->nx_id)];
19343 + hlist_add_head(&nxi->nx_hlist, head);
19344 + atomic_inc(&nx_global_cactive);
19347 +/* __unhash_nx_info()
19349 + * remove the nxi from the global hash table
19350 + * requires the hash_lock to be held */
19352 +static inline void __unhash_nx_info(struct nx_info *nxi)
19354 + vxd_assert_lock(&nx_info_hash_lock);
19355 + vxdprintk(VXD_CBIT(nid, 4),
19356 + "__unhash_nx_info: %p[#%d.%d.%d]", nxi, nxi->nx_id,
19357 + atomic_read(&nxi->nx_usecnt), atomic_read(&nxi->nx_tasks));
19359 + /* context must be hashed */
19360 + BUG_ON(!nx_info_state(nxi, NXS_HASHED));
19361 + /* but without tasks */
19362 + BUG_ON(atomic_read(&nxi->nx_tasks));
19364 + nxi->nx_state &= ~NXS_HASHED;
19365 + hlist_del(&nxi->nx_hlist);
19366 + atomic_dec(&nx_global_cactive);
19370 +/* __lookup_nx_info()
19372 + * requires the hash_lock to be held
19373 + * doesn't increment the nx_refcnt */
19375 +static inline struct nx_info *__lookup_nx_info(vnid_t nid)
19377 + struct hlist_head *head = &nx_info_hash[__hashval(nid)];
19378 + struct hlist_node *pos;
19379 + struct nx_info *nxi;
19381 + vxd_assert_lock(&nx_info_hash_lock);
19382 + hlist_for_each(pos, head) {
19383 + nxi = hlist_entry(pos, struct nx_info, nx_hlist);
19385 + if (nxi->nx_id == nid)
19390 + vxdprintk(VXD_CBIT(nid, 0),
19391 + "__lookup_nx_info(#%u): %p[#%u]",
19392 + nid, nxi, nxi ? nxi->nx_id : 0);
19397 +/* __create_nx_info()
19399 + * create the requested context
19400 + * get(), claim() and hash it */
19402 +static struct nx_info *__create_nx_info(int id)
19404 + struct nx_info *new, *nxi = NULL;
19406 + vxdprintk(VXD_CBIT(nid, 1), "create_nx_info(%d)*", id);
19408 + if (!(new = __alloc_nx_info(id)))
19409 + return ERR_PTR(-ENOMEM);
19411 + /* required to make dynamic xids unique */
19412 + spin_lock(&nx_info_hash_lock);
19414 + /* static context requested */
19415 + if ((nxi = __lookup_nx_info(id))) {
19416 + vxdprintk(VXD_CBIT(nid, 0),
19417 + "create_nx_info(%d) = %p (already there)", id, nxi);
19418 + if (nx_info_flags(nxi, NXF_STATE_SETUP, 0))
19419 + nxi = ERR_PTR(-EBUSY);
19421 + nxi = ERR_PTR(-EEXIST);
19424 + /* new context */
19425 + vxdprintk(VXD_CBIT(nid, 0),
19426 + "create_nx_info(%d) = %p (new)", id, new);
19427 + claim_nx_info(new, NULL);
19428 + __nx_set_lback(new);
19429 + __hash_nx_info(get_nx_info(new));
19430 + nxi = new, new = NULL;
19433 + spin_unlock(&nx_info_hash_lock);
19435 + __dealloc_nx_info(new);
19441 +/* exported stuff */
19444 +void unhash_nx_info(struct nx_info *nxi)
19446 + __shutdown_nx_info(nxi);
19447 + spin_lock(&nx_info_hash_lock);
19448 + __unhash_nx_info(nxi);
19449 + spin_unlock(&nx_info_hash_lock);
19452 +/* lookup_nx_info()
19454 + * search for a nx_info and get() it
19455 + * negative id means current */
19457 +struct nx_info *lookup_nx_info(int id)
19459 + struct nx_info *nxi = NULL;
19462 + nxi = get_nx_info(current_nx_info());
19463 + } else if (id > 1) {
19464 + spin_lock(&nx_info_hash_lock);
19465 + nxi = get_nx_info(__lookup_nx_info(id));
19466 + spin_unlock(&nx_info_hash_lock);
19471 +/* nid_is_hashed()
19473 + * verify that nid is still hashed */
19475 +int nid_is_hashed(vnid_t nid)
19479 + spin_lock(&nx_info_hash_lock);
19480 + hashed = (__lookup_nx_info(nid) != NULL);
19481 + spin_unlock(&nx_info_hash_lock);
19486 +#ifdef CONFIG_PROC_FS
19490 + * get a subset of hashed nids for proc
19491 + * assumes size is at least one */
19493 +int get_nid_list(int index, unsigned int *nids, int size)
19495 + int hindex, nr_nids = 0;
19497 + /* only show current and children */
19498 + if (!nx_check(0, VS_ADMIN | VS_WATCH)) {
19501 + nids[nr_nids] = nx_current_nid();
19505 + for (hindex = 0; hindex < NX_HASH_SIZE; hindex++) {
19506 + struct hlist_head *head = &nx_info_hash[hindex];
19507 + struct hlist_node *pos;
19509 + spin_lock(&nx_info_hash_lock);
19510 + hlist_for_each(pos, head) {
19511 + struct nx_info *nxi;
19516 + nxi = hlist_entry(pos, struct nx_info, nx_hlist);
19517 + nids[nr_nids] = nxi->nx_id;
19518 + if (++nr_nids >= size) {
19519 + spin_unlock(&nx_info_hash_lock);
19523 + /* keep the lock time short */
19524 + spin_unlock(&nx_info_hash_lock);
19533 + * migrate task to new network
19534 + * gets nxi, puts old_nxi on change
19537 +int nx_migrate_task(struct task_struct *p, struct nx_info *nxi)
19539 + struct nx_info *old_nxi;
19545 + vxdprintk(VXD_CBIT(nid, 5),
19546 + "nx_migrate_task(%p,%p[#%d.%d.%d])",
19547 + p, nxi, nxi->nx_id,
19548 + atomic_read(&nxi->nx_usecnt),
19549 + atomic_read(&nxi->nx_tasks));
19551 + if (nx_info_flags(nxi, NXF_INFO_PRIVATE, 0) &&
19552 + !nx_info_flags(nxi, NXF_STATE_SETUP, 0))
19555 + if (nx_info_state(nxi, NXS_SHUTDOWN))
19558 + /* maybe disallow this completely? */
19559 + old_nxi = task_get_nx_info(p);
19560 + if (old_nxi == nxi)
19565 + clr_nx_info(&p->nx_info);
19566 + claim_nx_info(nxi, p);
19567 + set_nx_info(&p->nx_info, nxi);
19568 + p->nid = nxi->nx_id;
19571 + vxdprintk(VXD_CBIT(nid, 5),
19572 + "moved task %p into nxi:%p[#%d]",
19573 + p, nxi, nxi->nx_id);
19576 + release_nx_info(old_nxi, p);
19579 + put_nx_info(old_nxi);
19584 +void nx_set_persistent(struct nx_info *nxi)
19586 + vxdprintk(VXD_CBIT(nid, 6),
19587 + "nx_set_persistent(%p[#%d])", nxi, nxi->nx_id);
19589 + get_nx_info(nxi);
19590 + claim_nx_info(nxi, NULL);
19593 +void nx_clear_persistent(struct nx_info *nxi)
19595 + vxdprintk(VXD_CBIT(nid, 6),
19596 + "nx_clear_persistent(%p[#%d])", nxi, nxi->nx_id);
19598 + release_nx_info(nxi, NULL);
19599 + put_nx_info(nxi);
19602 +void nx_update_persistent(struct nx_info *nxi)
19604 + if (nx_info_flags(nxi, NXF_PERSISTENT, 0))
19605 + nx_set_persistent(nxi);
19607 + nx_clear_persistent(nxi);
19610 +/* vserver syscall commands below here */
19612 +/* taks nid and nx_info functions */
19614 +#include <asm/uaccess.h>
19617 +int vc_task_nid(uint32_t id)
19622 + struct task_struct *tsk;
19625 + tsk = find_task_by_real_pid(id);
19626 + nid = (tsk) ? tsk->nid : -ESRCH;
19627 + rcu_read_unlock();
19629 + nid = nx_current_nid();
19634 +int vc_nx_info(struct nx_info *nxi, void __user *data)
19636 + struct vcmd_nx_info_v0 vc_data;
19638 + vc_data.nid = nxi->nx_id;
19640 + if (copy_to_user(data, &vc_data, sizeof(vc_data)))
19646 +/* network functions */
19648 +int vc_net_create(uint32_t nid, void __user *data)
19650 + struct vcmd_net_create vc_data = { .flagword = NXF_INIT_SET };
19651 + struct nx_info *new_nxi;
19654 + if (data && copy_from_user(&vc_data, data, sizeof(vc_data)))
19657 + if ((nid > MAX_S_CONTEXT) || (nid < 2))
19660 + new_nxi = __create_nx_info(nid);
19661 + if (IS_ERR(new_nxi))
19662 + return PTR_ERR(new_nxi);
19664 + /* initial flags */
19665 + new_nxi->nx_flags = vc_data.flagword;
19668 + if (vs_net_change(new_nxi, VSC_NETUP))
19671 + ret = nx_migrate_task(current, new_nxi);
19675 + /* return context id on success */
19676 + ret = new_nxi->nx_id;
19678 + /* get a reference for persistent contexts */
19679 + if ((vc_data.flagword & NXF_PERSISTENT))
19680 + nx_set_persistent(new_nxi);
19682 + release_nx_info(new_nxi, NULL);
19683 + put_nx_info(new_nxi);
19688 +int vc_net_migrate(struct nx_info *nxi, void __user *data)
19690 + return nx_migrate_task(current, nxi);
19695 +struct nx_addr_v4 *__find_v4_addr(struct nx_info *nxi,
19696 + __be32 ip, __be32 ip2, __be32 mask, uint16_t type, uint16_t flags,
19697 + struct nx_addr_v4 **prev)
19699 + struct nx_addr_v4 *nxa = &nxi->v4;
19701 + for (; nxa; nxa = nxa->next) {
19702 + if ((nxa->ip[0].s_addr == ip) &&
19703 + (nxa->ip[1].s_addr == ip2) &&
19704 + (nxa->mask.s_addr == mask) &&
19705 + (nxa->type == type) &&
19706 + (nxa->flags == flags))
19709 + /* save previous entry */
19716 +int do_add_v4_addr(struct nx_info *nxi, __be32 ip, __be32 ip2, __be32 mask,
19717 + uint16_t type, uint16_t flags)
19719 + struct nx_addr_v4 *nxa = NULL;
19720 + struct nx_addr_v4 *new = __alloc_nx_addr_v4();
19721 + unsigned long irqflags;
19722 + int ret = -EEXIST;
19725 + return PTR_ERR(new);
19727 + spin_lock_irqsave(&nxi->addr_lock, irqflags);
19728 + if (__find_v4_addr(nxi, ip, ip2, mask, type, flags, &nxa))
19731 + if (NX_IPV4(nxi)) {
19736 + /* remove single ip for ip list */
19737 + nxi->nx_flags &= ~NXF_SINGLE_IP;
19740 + nxa->ip[0].s_addr = ip;
19741 + nxa->ip[1].s_addr = ip2;
19742 + nxa->mask.s_addr = mask;
19743 + nxa->type = type;
19744 + nxa->flags = flags;
19747 + spin_unlock_irqrestore(&nxi->addr_lock, irqflags);
19749 + __dealloc_nx_addr_v4(new);
19753 +int do_remove_v4_addr(struct nx_info *nxi, __be32 ip, __be32 ip2, __be32 mask,
19754 + uint16_t type, uint16_t flags)
19756 + struct nx_addr_v4 *nxa = NULL;
19757 + struct nx_addr_v4 *old = NULL;
19758 + unsigned long irqflags;
19761 + spin_lock_irqsave(&nxi->addr_lock, irqflags);
19763 + case NXA_TYPE_ADDR:
19764 + old = __find_v4_addr(nxi, ip, ip2, mask, type, flags, &nxa);
19767 + nxa->next = old->next;
19768 + old->next = NULL;
19774 + old->next = NULL;
19776 + memset(old, 0, sizeof(*old));
19784 + case NXA_TYPE_ANY:
19787 + memset(nxa, 0, sizeof(*nxa));
19793 + spin_unlock_irqrestore(&nxi->addr_lock, irqflags);
19794 + __dealloc_nx_addr_v4_all(old);
19799 +int vc_net_add(struct nx_info *nxi, void __user *data)
19801 + struct vcmd_net_addr_v0 vc_data;
19802 + int index, ret = 0;
19804 + if (data && copy_from_user(&vc_data, data, sizeof(vc_data)))
19807 + switch (vc_data.type) {
19808 + case NXA_TYPE_IPV4:
19809 + if ((vc_data.count < 1) || (vc_data.count > 4))
19813 + while (index < vc_data.count) {
19814 + ret = do_add_v4_addr(nxi, vc_data.ip[index].s_addr, 0,
19815 + vc_data.mask[index].s_addr, NXA_TYPE_ADDR, 0);
19823 + case NXA_TYPE_IPV4|NXA_MOD_BCAST:
19824 + nxi->v4_bcast = vc_data.ip[0];
19828 + case NXA_TYPE_IPV4|NXA_MOD_LBACK:
19829 + nxi->v4_lback = vc_data.ip[0];
19840 +int vc_net_remove(struct nx_info *nxi, void __user *data)
19842 + struct vcmd_net_addr_v0 vc_data;
19844 + if (data && copy_from_user(&vc_data, data, sizeof(vc_data)))
19847 + switch (vc_data.type) {
19848 + case NXA_TYPE_ANY:
19849 + return do_remove_v4_addr(nxi, 0, 0, 0, vc_data.type, 0);
19857 +int vc_net_add_ipv4_v1(struct nx_info *nxi, void __user *data)
19859 + struct vcmd_net_addr_ipv4_v1 vc_data;
19861 + if (data && copy_from_user(&vc_data, data, sizeof(vc_data)))
19864 + switch (vc_data.type) {
19865 + case NXA_TYPE_ADDR:
19866 + case NXA_TYPE_MASK:
19867 + return do_add_v4_addr(nxi, vc_data.ip.s_addr, 0,
19868 + vc_data.mask.s_addr, vc_data.type, vc_data.flags);
19870 + case NXA_TYPE_ADDR | NXA_MOD_BCAST:
19871 + nxi->v4_bcast = vc_data.ip;
19874 + case NXA_TYPE_ADDR | NXA_MOD_LBACK:
19875 + nxi->v4_lback = vc_data.ip;
19884 +int vc_net_add_ipv4(struct nx_info *nxi, void __user *data)
19886 + struct vcmd_net_addr_ipv4_v2 vc_data;
19888 + if (data && copy_from_user(&vc_data, data, sizeof(vc_data)))
19891 + switch (vc_data.type) {
19892 + case NXA_TYPE_ADDR:
19893 + case NXA_TYPE_MASK:
19894 + case NXA_TYPE_RANGE:
19895 + return do_add_v4_addr(nxi, vc_data.ip.s_addr, vc_data.ip2.s_addr,
19896 + vc_data.mask.s_addr, vc_data.type, vc_data.flags);
19898 + case NXA_TYPE_ADDR | NXA_MOD_BCAST:
19899 + nxi->v4_bcast = vc_data.ip;
19902 + case NXA_TYPE_ADDR | NXA_MOD_LBACK:
19903 + nxi->v4_lback = vc_data.ip;
19912 +int vc_net_rem_ipv4_v1(struct nx_info *nxi, void __user *data)
19914 + struct vcmd_net_addr_ipv4_v1 vc_data;
19916 + if (data && copy_from_user(&vc_data, data, sizeof(vc_data)))
19919 + return do_remove_v4_addr(nxi, vc_data.ip.s_addr, 0,
19920 + vc_data.mask.s_addr, vc_data.type, vc_data.flags);
19923 +int vc_net_rem_ipv4(struct nx_info *nxi, void __user *data)
19925 + struct vcmd_net_addr_ipv4_v2 vc_data;
19927 + if (data && copy_from_user(&vc_data, data, sizeof(vc_data)))
19930 + return do_remove_v4_addr(nxi, vc_data.ip.s_addr, vc_data.ip2.s_addr,
19931 + vc_data.mask.s_addr, vc_data.type, vc_data.flags);
19934 +#ifdef CONFIG_IPV6
19937 +struct nx_addr_v6 *__find_v6_addr(struct nx_info *nxi,
19938 + struct in6_addr *ip, struct in6_addr *mask,
19939 + uint32_t prefix, uint16_t type, uint16_t flags,
19940 + struct nx_addr_v6 **prev)
19942 + struct nx_addr_v6 *nxa = &nxi->v6;
19944 + for (; nxa; nxa = nxa->next) {
19945 + if (ipv6_addr_equal(&nxa->ip, ip) &&
19946 + ipv6_addr_equal(&nxa->mask, mask) &&
19947 + (nxa->prefix == prefix) &&
19948 + (nxa->type == type) &&
19949 + (nxa->flags == flags))
19952 + /* save previous entry */
19960 +int do_add_v6_addr(struct nx_info *nxi,
19961 + struct in6_addr *ip, struct in6_addr *mask,
19962 + uint32_t prefix, uint16_t type, uint16_t flags)
19964 + struct nx_addr_v6 *nxa = NULL;
19965 + struct nx_addr_v6 *new = __alloc_nx_addr_v6();
19966 + unsigned long irqflags;
19967 + int ret = -EEXIST;
19970 + return PTR_ERR(new);
19972 + spin_lock_irqsave(&nxi->addr_lock, irqflags);
19973 + if (__find_v6_addr(nxi, ip, mask, prefix, type, flags, &nxa))
19976 + if (NX_IPV6(nxi)) {
19983 + nxa->mask = *mask;
19984 + nxa->prefix = prefix;
19985 + nxa->type = type;
19986 + nxa->flags = flags;
19989 + spin_unlock_irqrestore(&nxi->addr_lock, irqflags);
19991 + __dealloc_nx_addr_v6(new);
19995 +int do_remove_v6_addr(struct nx_info *nxi,
19996 + struct in6_addr *ip, struct in6_addr *mask,
19997 + uint32_t prefix, uint16_t type, uint16_t flags)
19999 + struct nx_addr_v6 *nxa = NULL;
20000 + struct nx_addr_v6 *old = NULL;
20001 + unsigned long irqflags;
20004 + spin_lock_irqsave(&nxi->addr_lock, irqflags);
20006 + case NXA_TYPE_ADDR:
20007 + old = __find_v6_addr(nxi, ip, mask, prefix, type, flags, &nxa);
20010 + nxa->next = old->next;
20011 + old->next = NULL;
20017 + old->next = NULL;
20019 + memset(old, 0, sizeof(*old));
20027 + case NXA_TYPE_ANY:
20030 + memset(nxa, 0, sizeof(*nxa));
20036 + spin_unlock_irqrestore(&nxi->addr_lock, irqflags);
20037 + __dealloc_nx_addr_v6_all(old);
20041 +int vc_net_add_ipv6(struct nx_info *nxi, void __user *data)
20043 + struct vcmd_net_addr_ipv6_v1 vc_data;
20045 + if (data && copy_from_user(&vc_data, data, sizeof(vc_data)))
20048 + switch (vc_data.type) {
20049 + case NXA_TYPE_ADDR:
20050 + memset(&vc_data.mask, ~0, sizeof(vc_data.mask));
20051 + /* fallthrough */
20052 + case NXA_TYPE_MASK:
20053 + return do_add_v6_addr(nxi, &vc_data.ip, &vc_data.mask,
20054 + vc_data.prefix, vc_data.type, vc_data.flags);
20061 +int vc_net_remove_ipv6(struct nx_info *nxi, void __user *data)
20063 + struct vcmd_net_addr_ipv6_v1 vc_data;
20065 + if (data && copy_from_user(&vc_data, data, sizeof(vc_data)))
20068 + switch (vc_data.type) {
20069 + case NXA_TYPE_ADDR:
20070 + memset(&vc_data.mask, ~0, sizeof(vc_data.mask));
20071 + /* fallthrough */
20072 + case NXA_TYPE_MASK:
20073 + return do_remove_v6_addr(nxi, &vc_data.ip, &vc_data.mask,
20074 + vc_data.prefix, vc_data.type, vc_data.flags);
20075 + case NXA_TYPE_ANY:
20076 + return do_remove_v6_addr(nxi, NULL, NULL, 0, vc_data.type, 0);
20083 +#endif /* CONFIG_IPV6 */
20086 +int vc_get_nflags(struct nx_info *nxi, void __user *data)
20088 + struct vcmd_net_flags_v0 vc_data;
20090 + vc_data.flagword = nxi->nx_flags;
20092 + /* special STATE flag handling */
20093 + vc_data.mask = vs_mask_flags(~0ULL, nxi->nx_flags, NXF_ONE_TIME);
20095 + if (copy_to_user(data, &vc_data, sizeof(vc_data)))
20100 +int vc_set_nflags(struct nx_info *nxi, void __user *data)
20102 + struct vcmd_net_flags_v0 vc_data;
20103 + uint64_t mask, trigger;
20105 + if (copy_from_user(&vc_data, data, sizeof(vc_data)))
20108 + /* special STATE flag handling */
20109 + mask = vs_mask_mask(vc_data.mask, nxi->nx_flags, NXF_ONE_TIME);
20110 + trigger = (mask & nxi->nx_flags) ^ (mask & vc_data.flagword);
20112 + nxi->nx_flags = vs_mask_flags(nxi->nx_flags,
20113 + vc_data.flagword, mask);
20114 + if (trigger & NXF_PERSISTENT)
20115 + nx_update_persistent(nxi);
20120 +int vc_get_ncaps(struct nx_info *nxi, void __user *data)
20122 + struct vcmd_net_caps_v0 vc_data;
20124 + vc_data.ncaps = nxi->nx_ncaps;
20125 + vc_data.cmask = ~0ULL;
20127 + if (copy_to_user(data, &vc_data, sizeof(vc_data)))
20132 +int vc_set_ncaps(struct nx_info *nxi, void __user *data)
20134 + struct vcmd_net_caps_v0 vc_data;
20136 + if (copy_from_user(&vc_data, data, sizeof(vc_data)))
20139 + nxi->nx_ncaps = vs_mask_flags(nxi->nx_ncaps,
20140 + vc_data.ncaps, vc_data.cmask);
20145 +#include <linux/module.h>
20147 +module_init(init_network);
20149 +EXPORT_SYMBOL_GPL(free_nx_info);
20150 +EXPORT_SYMBOL_GPL(unhash_nx_info);
20152 diff -NurpP --minimal linux-3.14.17/kernel/vserver/proc.c linux-3.14.17-vs2.3.6.13/kernel/vserver/proc.c
20153 --- linux-3.14.17/kernel/vserver/proc.c 1970-01-01 00:00:00.000000000 +0000
20154 +++ linux-3.14.17-vs2.3.6.13/kernel/vserver/proc.c 2014-08-30 14:27:38.000000000 +0000
20157 + * linux/kernel/vserver/proc.c
20159 + * Virtual Context Support
20161 + * Copyright (C) 2003-2011 Herbert Pötzl
20163 + * V0.01 basic structure
20164 + * V0.02 adaptation vs1.3.0
20165 + * V0.03 proc permissions
20166 + * V0.04 locking/generic
20167 + * V0.05 next generation procfs
20168 + * V0.06 inode validation
20169 + * V0.07 generic rewrite vid
20170 + * V0.08 remove inode type
20171 + * V0.09 added u/wmask info
20175 +#include <linux/proc_fs.h>
20176 +#include <linux/fs_struct.h>
20177 +#include <linux/mount.h>
20178 +#include <linux/namei.h>
20179 +#include <asm/unistd.h>
20181 +#include <linux/vs_context.h>
20182 +#include <linux/vs_network.h>
20183 +#include <linux/vs_cvirt.h>
20185 +#include <linux/in.h>
20186 +#include <linux/inetdevice.h>
20187 +#include <linux/vs_inet.h>
20188 +#include <linux/vs_inet6.h>
20190 +#include <linux/vserver/global.h>
20192 +#include "cvirt_proc.h"
20193 +#include "cacct_proc.h"
20194 +#include "limit_proc.h"
20195 +#include "sched_proc.h"
20196 +#include "vci_config.h"
20198 +#include <../../fs/proc/internal.h>
20201 +static inline char *print_cap_t(char *buffer, kernel_cap_t *c)
20205 + CAP_FOR_EACH_U32(__capi) {
20206 + buffer += sprintf(buffer, "%08x",
20207 + c->cap[(_KERNEL_CAPABILITY_U32S-1) - __capi]);
20213 +static struct proc_dir_entry *proc_virtual;
20215 +static struct proc_dir_entry *proc_virtnet;
20218 +/* first the actual feeds */
20221 +static int proc_vci(char *buffer)
20223 + return sprintf(buffer,
20224 + "VCIVersion:\t%04x:%04x\n"
20225 + "VCISyscall:\t%d\n"
20226 + "VCIKernel:\t%08x\n",
20227 + VCI_VERSION >> 16,
20228 + VCI_VERSION & 0xFFFF,
20230 + vci_kernel_config());
20233 +static int proc_virtual_info(char *buffer)
20235 + return proc_vci(buffer);
20238 +static int proc_virtual_status(char *buffer)
20240 + return sprintf(buffer,
20242 + "#CActive:\t%d\n"
20243 + "#NSProxy:\t%d\t%d %d %d %d %d %d\n"
20244 + "#InitTask:\t%d\t%d %d\n",
20245 + atomic_read(&vx_global_ctotal),
20246 + atomic_read(&vx_global_cactive),
20247 + atomic_read(&vs_global_nsproxy),
20248 + atomic_read(&vs_global_fs),
20249 + atomic_read(&vs_global_mnt_ns),
20250 + atomic_read(&vs_global_uts_ns),
20251 + atomic_read(&nr_ipc_ns),
20252 + atomic_read(&vs_global_user_ns),
20253 + atomic_read(&vs_global_pid_ns),
20254 + atomic_read(&init_task.usage),
20255 + atomic_read(&init_task.nsproxy->count),
20256 + init_task.fs->users);
20260 +int proc_vxi_info(struct vx_info *vxi, char *buffer)
20264 + length = sprintf(buffer,
20272 + vxi->vx_badness_bias);
20276 +int proc_vxi_status(struct vx_info *vxi, char *buffer)
20278 + char *orig = buffer;
20280 + buffer += sprintf(buffer,
20283 + "Flags:\t%016llx\n",
20284 + atomic_read(&vxi->vx_usecnt),
20285 + atomic_read(&vxi->vx_tasks),
20286 + (unsigned long long)vxi->vx_flags);
20288 + buffer += sprintf(buffer, "BCaps:\t");
20289 + buffer = print_cap_t(buffer, &vxi->vx_bcaps);
20290 + buffer += sprintf(buffer, "\n");
20292 + buffer += sprintf(buffer,
20293 + "CCaps:\t%016llx\n"
20294 + "Umask:\t%16llx\n"
20295 + "Wmask:\t%16llx\n"
20296 + "Spaces:\t%08lx %08lx\n",
20297 + (unsigned long long)vxi->vx_ccaps,
20298 + (unsigned long long)vxi->vx_umask,
20299 + (unsigned long long)vxi->vx_wmask,
20300 + vxi->space[0].vx_nsmask, vxi->space[1].vx_nsmask);
20301 + return buffer - orig;
20304 +int proc_vxi_limit(struct vx_info *vxi, char *buffer)
20306 + return vx_info_proc_limit(&vxi->limit, buffer);
20309 +int proc_vxi_sched(struct vx_info *vxi, char *buffer)
20313 + length = vx_info_proc_sched(&vxi->sched, buffer);
20314 + for_each_online_cpu(cpu) {
20315 + length += vx_info_proc_sched_pc(
20316 + &vx_per_cpu(vxi, sched_pc, cpu),
20317 + buffer + length, cpu);
20322 +int proc_vxi_nsproxy0(struct vx_info *vxi, char *buffer)
20324 + return vx_info_proc_nsproxy(vxi->space[0].vx_nsproxy, buffer);
20327 +int proc_vxi_nsproxy1(struct vx_info *vxi, char *buffer)
20329 + return vx_info_proc_nsproxy(vxi->space[1].vx_nsproxy, buffer);
20332 +int proc_vxi_cvirt(struct vx_info *vxi, char *buffer)
20336 + vx_update_load(vxi);
20337 + length = vx_info_proc_cvirt(&vxi->cvirt, buffer);
20338 + for_each_online_cpu(cpu) {
20339 + length += vx_info_proc_cvirt_pc(
20340 + &vx_per_cpu(vxi, cvirt_pc, cpu),
20341 + buffer + length, cpu);
20346 +int proc_vxi_cacct(struct vx_info *vxi, char *buffer)
20348 + return vx_info_proc_cacct(&vxi->cacct, buffer);
20352 +static int proc_virtnet_info(char *buffer)
20354 + return proc_vci(buffer);
20357 +static int proc_virtnet_status(char *buffer)
20359 + return sprintf(buffer,
20361 + "#CActive:\t%d\n",
20362 + atomic_read(&nx_global_ctotal),
20363 + atomic_read(&nx_global_cactive));
20366 +int proc_nxi_info(struct nx_info *nxi, char *buffer)
20368 + struct nx_addr_v4 *v4a;
20369 +#ifdef CONFIG_IPV6
20370 + struct nx_addr_v6 *v6a;
20374 + length = sprintf(buffer,
20377 + "Bcast:\t" NIPQUAD_FMT "\n"
20378 + "Lback:\t" NIPQUAD_FMT "\n",
20381 + NIPQUAD(nxi->v4_bcast.s_addr),
20382 + NIPQUAD(nxi->v4_lback.s_addr));
20384 + if (!NX_IPV4(nxi))
20386 + for (i = 0, v4a = &nxi->v4; v4a; i++, v4a = v4a->next)
20387 + length += sprintf(buffer + length, "%d:\t" NXAV4_FMT "\n",
20390 +#ifdef CONFIG_IPV6
20391 + if (!NX_IPV6(nxi))
20393 + for (i = 0, v6a = &nxi->v6; v6a; i++, v6a = v6a->next)
20394 + length += sprintf(buffer + length, "%d:\t" NXAV6_FMT "\n",
20401 +int proc_nxi_status(struct nx_info *nxi, char *buffer)
20405 + length = sprintf(buffer,
20408 + "Flags:\t%016llx\n"
20409 + "NCaps:\t%016llx\n",
20410 + atomic_read(&nxi->nx_usecnt),
20411 + atomic_read(&nxi->nx_tasks),
20412 + (unsigned long long)nxi->nx_flags,
20413 + (unsigned long long)nxi->nx_ncaps);
20419 +/* here the inode helpers */
20425 + struct inode_operations *iop;
20426 + struct file_operations *fop;
20427 + union proc_op op;
20430 +static struct inode *vs_proc_make_inode(struct super_block *sb, struct vs_entry *p)
20432 + struct inode *inode = new_inode(sb);
20437 + inode->i_mode = p->mode;
20439 + inode->i_op = p->iop;
20441 + inode->i_fop = p->fop;
20443 + set_nlink(inode, (p->mode & S_IFDIR) ? 2 : 1);
20444 + inode->i_flags |= S_IMMUTABLE;
20446 + inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME;
20448 + i_uid_write(inode, 0);
20449 + i_gid_write(inode, 0);
20450 + i_tag_write(inode, 0);
20455 +static struct dentry *vs_proc_instantiate(struct inode *dir,
20456 + struct dentry *dentry, int id, void *ptr)
20458 + struct vs_entry *p = ptr;
20459 + struct inode *inode = vs_proc_make_inode(dir->i_sb, p);
20460 + struct dentry *error = ERR_PTR(-EINVAL);
20465 + PROC_I(inode)->op = p->op;
20466 + PROC_I(inode)->fd = id;
20467 + d_add(dentry, inode);
20475 +typedef struct dentry *vx_instantiate_t(struct inode *, struct dentry *, int, void *);
20479 + * Fill a directory entry.
20481 + * If possible create the dcache entry and derive our inode number and
20482 + * file type from dcache entry.
20484 + * Since all of the proc inode numbers are dynamically generated, the inode
20485 + * numbers do not exist until the inode is cache. This means creating the
20486 + * the dcache entry in iterate is necessary to keep the inode numbers
20487 + * reported by iterate in sync with the inode numbers reported
20490 +static int vx_proc_fill_cache(struct file *filp, struct dir_context *ctx,
20491 + char *name, int len, vx_instantiate_t instantiate, int id, void *ptr)
20493 + struct dentry *child, *dir = filp->f_dentry;
20494 + struct inode *inode;
20495 + struct qstr qname;
20497 + unsigned type = DT_UNKNOWN;
20499 + qname.name = name;
20501 + qname.hash = full_name_hash(name, len);
20503 + child = d_lookup(dir, &qname);
20505 + struct dentry *new;
20506 + new = d_alloc(dir, &qname);
20508 + child = instantiate(dir->d_inode, new, id, ptr);
20515 + if (!child || IS_ERR(child) || !child->d_inode)
20516 + goto end_instantiate;
20517 + inode = child->d_inode;
20519 + ino = inode->i_ino;
20520 + type = inode->i_mode >> 12;
20526 + return !dir_emit(ctx, name, len, ino, type);
20531 +/* get and revalidate vx_info/xid */
20534 +struct vx_info *get_proc_vx_info(struct inode *inode)
20536 + return lookup_vx_info(PROC_I(inode)->fd);
20539 +static int proc_xid_revalidate(struct dentry *dentry, unsigned int flags)
20541 + struct inode *inode = dentry->d_inode;
20542 + vxid_t xid = PROC_I(inode)->fd;
20544 + if (flags & LOOKUP_RCU) /* FIXME: can be dropped? */
20547 + if (!xid || xid_is_hashed(xid))
20554 +/* get and revalidate nx_info/nid */
20556 +static int proc_nid_revalidate(struct dentry *dentry, unsigned int flags)
20558 + struct inode *inode = dentry->d_inode;
20559 + vnid_t nid = PROC_I(inode)->fd;
20561 + if (flags & LOOKUP_RCU) /* FIXME: can be dropped? */
20564 + if (!nid || nid_is_hashed(nid))
20572 +#define PROC_BLOCK_SIZE (PAGE_SIZE - 1024)
20574 +static ssize_t proc_vs_info_read(struct file *file, char __user *buf,
20575 + size_t count, loff_t *ppos)
20577 + struct inode *inode = file->f_dentry->d_inode;
20578 + unsigned long page;
20579 + ssize_t length = 0;
20581 + if (count > PROC_BLOCK_SIZE)
20582 + count = PROC_BLOCK_SIZE;
20584 + /* fade that out as soon as stable */
20585 + WARN_ON(PROC_I(inode)->fd);
20587 + if (!(page = __get_free_page(GFP_KERNEL)))
20590 + BUG_ON(!PROC_I(inode)->op.proc_vs_read);
20591 + length = PROC_I(inode)->op.proc_vs_read((char *)page);
20594 + length = simple_read_from_buffer(buf, count, ppos,
20595 + (char *)page, length);
20601 +static ssize_t proc_vx_info_read(struct file *file, char __user *buf,
20602 + size_t count, loff_t *ppos)
20604 + struct inode *inode = file->f_dentry->d_inode;
20605 + struct vx_info *vxi = NULL;
20606 + vxid_t xid = PROC_I(inode)->fd;
20607 + unsigned long page;
20608 + ssize_t length = 0;
20610 + if (count > PROC_BLOCK_SIZE)
20611 + count = PROC_BLOCK_SIZE;
20613 + /* fade that out as soon as stable */
20615 + vxi = lookup_vx_info(xid);
20619 + length = -ENOMEM;
20620 + if (!(page = __get_free_page(GFP_KERNEL)))
20623 + BUG_ON(!PROC_I(inode)->op.proc_vxi_read);
20624 + length = PROC_I(inode)->op.proc_vxi_read(vxi, (char *)page);
20627 + length = simple_read_from_buffer(buf, count, ppos,
20628 + (char *)page, length);
20632 + put_vx_info(vxi);
20637 +static ssize_t proc_nx_info_read(struct file *file, char __user *buf,
20638 + size_t count, loff_t *ppos)
20640 + struct inode *inode = file->f_dentry->d_inode;
20641 + struct nx_info *nxi = NULL;
20642 + vnid_t nid = PROC_I(inode)->fd;
20643 + unsigned long page;
20644 + ssize_t length = 0;
20646 + if (count > PROC_BLOCK_SIZE)
20647 + count = PROC_BLOCK_SIZE;
20649 + /* fade that out as soon as stable */
20651 + nxi = lookup_nx_info(nid);
20655 + length = -ENOMEM;
20656 + if (!(page = __get_free_page(GFP_KERNEL)))
20659 + BUG_ON(!PROC_I(inode)->op.proc_nxi_read);
20660 + length = PROC_I(inode)->op.proc_nxi_read(nxi, (char *)page);
20663 + length = simple_read_from_buffer(buf, count, ppos,
20664 + (char *)page, length);
20668 + put_nx_info(nxi);
20675 +/* here comes the lower level */
20678 +#define NOD(NAME, MODE, IOP, FOP, OP) { \
20679 + .len = sizeof(NAME) - 1, \
20680 + .name = (NAME), \
20688 +#define DIR(NAME, MODE, OTYPE) \
20689 + NOD(NAME, (S_IFDIR | (MODE)), \
20690 + &proc_ ## OTYPE ## _inode_operations, \
20691 + &proc_ ## OTYPE ## _file_operations, { } )
20693 +#define INF(NAME, MODE, OTYPE) \
20694 + NOD(NAME, (S_IFREG | (MODE)), NULL, \
20695 + &proc_vs_info_file_operations, \
20696 + { .proc_vs_read = &proc_##OTYPE } )
20698 +#define VINF(NAME, MODE, OTYPE) \
20699 + NOD(NAME, (S_IFREG | (MODE)), NULL, \
20700 + &proc_vx_info_file_operations, \
20701 + { .proc_vxi_read = &proc_##OTYPE } )
20703 +#define NINF(NAME, MODE, OTYPE) \
20704 + NOD(NAME, (S_IFREG | (MODE)), NULL, \
20705 + &proc_nx_info_file_operations, \
20706 + { .proc_nxi_read = &proc_##OTYPE } )
20709 +static struct file_operations proc_vs_info_file_operations = {
20710 + .read = proc_vs_info_read,
20713 +static struct file_operations proc_vx_info_file_operations = {
20714 + .read = proc_vx_info_read,
20717 +static struct dentry_operations proc_xid_dentry_operations = {
20718 + .d_revalidate = proc_xid_revalidate,
20721 +static struct vs_entry vx_base_stuff[] = {
20722 + VINF("info", S_IRUGO, vxi_info),
20723 + VINF("status", S_IRUGO, vxi_status),
20724 + VINF("limit", S_IRUGO, vxi_limit),
20725 + VINF("sched", S_IRUGO, vxi_sched),
20726 + VINF("nsproxy", S_IRUGO, vxi_nsproxy0),
20727 + VINF("nsproxy1",S_IRUGO, vxi_nsproxy1),
20728 + VINF("cvirt", S_IRUGO, vxi_cvirt),
20729 + VINF("cacct", S_IRUGO, vxi_cacct),
20736 +static struct dentry *proc_xid_instantiate(struct inode *dir,
20737 + struct dentry *dentry, int id, void *ptr)
20739 + dentry->d_op = &proc_xid_dentry_operations;
20740 + return vs_proc_instantiate(dir, dentry, id, ptr);
20743 +static struct dentry *proc_xid_lookup(struct inode *dir,
20744 + struct dentry *dentry, unsigned int flags)
20746 + struct vs_entry *p = vx_base_stuff;
20747 + struct dentry *error = ERR_PTR(-ENOENT);
20749 + for (; p->name; p++) {
20750 + if (p->len != dentry->d_name.len)
20752 + if (!memcmp(dentry->d_name.name, p->name, p->len))
20758 + error = proc_xid_instantiate(dir, dentry, PROC_I(dir)->fd, p);
20763 +static int proc_xid_iterate(struct file *filp, struct dir_context *ctx)
20765 + struct dentry *dentry = filp->f_dentry;
20766 + struct inode *inode = dentry->d_inode;
20767 + struct vs_entry *p = vx_base_stuff;
20768 + int size = sizeof(vx_base_stuff) / sizeof(struct vs_entry);
20772 + switch (ctx->pos) {
20774 + ino = inode->i_ino;
20775 + if (!dir_emit(ctx, ".", 1, ino, DT_DIR) < 0)
20778 + /* fall through */
20780 + ino = parent_ino(dentry);
20781 + if (!dir_emit(ctx, "..", 2, ino, DT_DIR) < 0)
20784 + /* fall through */
20786 + index = ctx->pos - 2;
20787 + if (index >= size)
20789 + for (p += index; p->name; p++) {
20790 + if (vx_proc_fill_cache(filp, ctx, p->name, p->len,
20791 + vs_proc_instantiate, PROC_I(inode)->fd, p))
20802 +static struct file_operations proc_nx_info_file_operations = {
20803 + .read = proc_nx_info_read,
20806 +static struct dentry_operations proc_nid_dentry_operations = {
20807 + .d_revalidate = proc_nid_revalidate,
20810 +static struct vs_entry nx_base_stuff[] = {
20811 + NINF("info", S_IRUGO, nxi_info),
20812 + NINF("status", S_IRUGO, nxi_status),
20817 +static struct dentry *proc_nid_instantiate(struct inode *dir,
20818 + struct dentry *dentry, int id, void *ptr)
20820 + dentry->d_op = &proc_nid_dentry_operations;
20821 + return vs_proc_instantiate(dir, dentry, id, ptr);
20824 +static struct dentry *proc_nid_lookup(struct inode *dir,
20825 + struct dentry *dentry, unsigned int flags)
20827 + struct vs_entry *p = nx_base_stuff;
20828 + struct dentry *error = ERR_PTR(-ENOENT);
20830 + for (; p->name; p++) {
20831 + if (p->len != dentry->d_name.len)
20833 + if (!memcmp(dentry->d_name.name, p->name, p->len))
20839 + error = proc_nid_instantiate(dir, dentry, PROC_I(dir)->fd, p);
20844 +static int proc_nid_iterate(struct file *filp, struct dir_context *ctx)
20846 + struct dentry *dentry = filp->f_dentry;
20847 + struct inode *inode = dentry->d_inode;
20848 + struct vs_entry *p = nx_base_stuff;
20849 + int size = sizeof(nx_base_stuff) / sizeof(struct vs_entry);
20853 + switch (ctx->pos) {
20855 + ino = inode->i_ino;
20856 + if (!dir_emit(ctx, ".", 1, ino, DT_DIR) < 0)
20859 + /* fall through */
20861 + ino = parent_ino(dentry);
20862 + if (!dir_emit(ctx, "..", 2, ino, DT_DIR) < 0)
20865 + /* fall through */
20867 + index = ctx->pos - 2;
20868 + if (index >= size)
20870 + for (p += index; p->name; p++) {
20871 + if (vx_proc_fill_cache(filp, ctx, p->name, p->len,
20872 + vs_proc_instantiate, PROC_I(inode)->fd, p))
20882 +#define MAX_MULBY10 ((~0U - 9) / 10)
20884 +static inline int atovid(const char *str, int len)
20889 + while (len-- > 0) {
20894 + if (vid >= MAX_MULBY10)
20904 +/* now the upper level (virtual) */
20907 +static struct file_operations proc_xid_file_operations = {
20908 + .read = generic_read_dir,
20909 + .iterate = proc_xid_iterate,
20912 +static struct inode_operations proc_xid_inode_operations = {
20913 + .lookup = proc_xid_lookup,
20916 +static struct vs_entry vx_virtual_stuff[] = {
20917 + INF("info", S_IRUGO, virtual_info),
20918 + INF("status", S_IRUGO, virtual_status),
20919 + DIR(NULL, S_IRUGO | S_IXUGO, xid),
20923 +static struct dentry *proc_virtual_lookup(struct inode *dir,
20924 + struct dentry *dentry, unsigned int flags)
20926 + struct vs_entry *p = vx_virtual_stuff;
20927 + struct dentry *error = ERR_PTR(-ENOENT);
20930 + for (; p->name; p++) {
20931 + if (p->len != dentry->d_name.len)
20933 + if (!memcmp(dentry->d_name.name, p->name, p->len))
20937 + goto instantiate;
20939 + id = atovid(dentry->d_name.name, dentry->d_name.len);
20940 + if ((id < 0) || !xid_is_hashed(id))
20944 + error = proc_xid_instantiate(dir, dentry, id, p);
20949 +static struct file_operations proc_nid_file_operations = {
20950 + .read = generic_read_dir,
20951 + .iterate = proc_nid_iterate,
20954 +static struct inode_operations proc_nid_inode_operations = {
20955 + .lookup = proc_nid_lookup,
20958 +static struct vs_entry nx_virtnet_stuff[] = {
20959 + INF("info", S_IRUGO, virtnet_info),
20960 + INF("status", S_IRUGO, virtnet_status),
20961 + DIR(NULL, S_IRUGO | S_IXUGO, nid),
20965 +static struct dentry *proc_virtnet_lookup(struct inode *dir,
20966 + struct dentry *dentry, unsigned int flags)
20968 + struct vs_entry *p = nx_virtnet_stuff;
20969 + struct dentry *error = ERR_PTR(-ENOENT);
20972 + for (; p->name; p++) {
20973 + if (p->len != dentry->d_name.len)
20975 + if (!memcmp(dentry->d_name.name, p->name, p->len))
20979 + goto instantiate;
20981 + id = atovid(dentry->d_name.name, dentry->d_name.len);
20982 + if ((id < 0) || !nid_is_hashed(id))
20986 + error = proc_nid_instantiate(dir, dentry, id, p);
20992 +#define PROC_MAXVIDS 32
20994 +int proc_virtual_iterate(struct file *filp, struct dir_context *ctx)
20996 + struct dentry *dentry = filp->f_dentry;
20997 + struct inode *inode = dentry->d_inode;
20998 + struct vs_entry *p = vx_virtual_stuff;
20999 + int size = sizeof(vx_virtual_stuff) / sizeof(struct vs_entry);
21001 + unsigned int xid_array[PROC_MAXVIDS];
21002 + char buf[PROC_NUMBUF];
21003 + unsigned int nr_xids, i;
21006 + switch (ctx->pos) {
21008 + ino = inode->i_ino;
21009 + if (!dir_emit(ctx, ".", 1, ino, DT_DIR) < 0)
21012 + /* fall through */
21014 + ino = parent_ino(dentry);
21015 + if (!dir_emit(ctx, "..", 2, ino, DT_DIR) < 0)
21018 + /* fall through */
21020 + index = ctx->pos - 2;
21021 + if (index >= size)
21023 + for (p += index; p->name; p++) {
21024 + if (vx_proc_fill_cache(filp, ctx, p->name, p->len,
21025 + vs_proc_instantiate, 0, p))
21030 + index = ctx->pos - size;
21031 + p = &vx_virtual_stuff[size - 1];
21032 + nr_xids = get_xid_list(index, xid_array, PROC_MAXVIDS);
21033 + for (i = 0; i < nr_xids; i++) {
21034 + int n, xid = xid_array[i];
21035 + unsigned int j = PROC_NUMBUF;
21039 + buf[--j] = '0' + (n % 10);
21042 + if (vx_proc_fill_cache(filp, ctx,
21043 + buf + j, PROC_NUMBUF - j,
21044 + vs_proc_instantiate, xid, p))
21053 +static int proc_virtual_getattr(struct vfsmount *mnt,
21054 + struct dentry *dentry, struct kstat *stat)
21056 + struct inode *inode = dentry->d_inode;
21058 + generic_fillattr(inode, stat);
21059 + stat->nlink = 2 + atomic_read(&vx_global_cactive);
21063 +static struct file_operations proc_virtual_dir_operations = {
21064 + .read = generic_read_dir,
21065 + .iterate = proc_virtual_iterate,
21068 +static struct inode_operations proc_virtual_dir_inode_operations = {
21069 + .getattr = proc_virtual_getattr,
21070 + .lookup = proc_virtual_lookup,
21075 +int proc_virtnet_iterate(struct file *filp, struct dir_context *ctx)
21077 + struct dentry *dentry = filp->f_dentry;
21078 + struct inode *inode = dentry->d_inode;
21079 + struct vs_entry *p = nx_virtnet_stuff;
21080 + int size = sizeof(nx_virtnet_stuff) / sizeof(struct vs_entry);
21082 + unsigned int nid_array[PROC_MAXVIDS];
21083 + char buf[PROC_NUMBUF];
21084 + unsigned int nr_nids, i;
21087 + switch (ctx->pos) {
21089 + ino = inode->i_ino;
21090 + if (!dir_emit(ctx, ".", 1, ino, DT_DIR) < 0)
21093 + /* fall through */
21095 + ino = parent_ino(dentry);
21096 + if (!dir_emit(ctx, "..", 2, ino, DT_DIR) < 0)
21099 + /* fall through */
21101 + index = ctx->pos - 2;
21102 + if (index >= size)
21104 + for (p += index; p->name; p++) {
21105 + if (vx_proc_fill_cache(filp, ctx, p->name, p->len,
21106 + vs_proc_instantiate, 0, p))
21111 + index = ctx->pos - size;
21112 + p = &nx_virtnet_stuff[size - 1];
21113 + nr_nids = get_nid_list(index, nid_array, PROC_MAXVIDS);
21114 + for (i = 0; i < nr_nids; i++) {
21115 + int n, nid = nid_array[i];
21116 + unsigned int j = PROC_NUMBUF;
21120 + buf[--j] = '0' + (n % 10);
21123 + if (vx_proc_fill_cache(filp, ctx,
21124 + buf + j, PROC_NUMBUF - j,
21125 + vs_proc_instantiate, nid, p))
21134 +static int proc_virtnet_getattr(struct vfsmount *mnt,
21135 + struct dentry *dentry, struct kstat *stat)
21137 + struct inode *inode = dentry->d_inode;
21139 + generic_fillattr(inode, stat);
21140 + stat->nlink = 2 + atomic_read(&nx_global_cactive);
21144 +static struct file_operations proc_virtnet_dir_operations = {
21145 + .read = generic_read_dir,
21146 + .iterate = proc_virtnet_iterate,
21149 +static struct inode_operations proc_virtnet_dir_inode_operations = {
21150 + .getattr = proc_virtnet_getattr,
21151 + .lookup = proc_virtnet_lookup,
21156 +void proc_vx_init(void)
21158 + struct proc_dir_entry *ent;
21160 + ent = proc_mkdir("virtual", 0);
21162 + ent->proc_fops = &proc_virtual_dir_operations;
21163 + ent->proc_iops = &proc_virtual_dir_inode_operations;
21165 + proc_virtual = ent;
21167 + ent = proc_mkdir("virtnet", 0);
21169 + ent->proc_fops = &proc_virtnet_dir_operations;
21170 + ent->proc_iops = &proc_virtnet_dir_inode_operations;
21172 + proc_virtnet = ent;
21178 +/* per pid info */
21181 +int proc_pid_vx_info(struct task_struct *p, char *buffer)
21183 + struct vx_info *vxi;
21184 + char *orig = buffer;
21186 + buffer += sprintf(buffer, "XID:\t%d\n", vx_task_xid(p));
21188 + vxi = task_get_vx_info(p);
21192 + buffer += sprintf(buffer, "BCaps:\t");
21193 + buffer = print_cap_t(buffer, &vxi->vx_bcaps);
21194 + buffer += sprintf(buffer, "\n");
21195 + buffer += sprintf(buffer, "CCaps:\t%016llx\n",
21196 + (unsigned long long)vxi->vx_ccaps);
21197 + buffer += sprintf(buffer, "CFlags:\t%016llx\n",
21198 + (unsigned long long)vxi->vx_flags);
21199 + buffer += sprintf(buffer, "CIPid:\t%d\n", vxi->vx_initpid);
21201 + put_vx_info(vxi);
21203 + return buffer - orig;
21207 +int proc_pid_nx_info(struct task_struct *p, char *buffer)
21209 + struct nx_info *nxi;
21210 + struct nx_addr_v4 *v4a;
21211 +#ifdef CONFIG_IPV6
21212 + struct nx_addr_v6 *v6a;
21214 + char *orig = buffer;
21217 + buffer += sprintf(buffer, "NID:\t%d\n", nx_task_nid(p));
21219 + nxi = task_get_nx_info(p);
21223 + buffer += sprintf(buffer, "NCaps:\t%016llx\n",
21224 + (unsigned long long)nxi->nx_ncaps);
21225 + buffer += sprintf(buffer, "NFlags:\t%016llx\n",
21226 + (unsigned long long)nxi->nx_flags);
21228 + buffer += sprintf(buffer,
21229 + "V4Root[bcast]:\t" NIPQUAD_FMT "\n",
21230 + NIPQUAD(nxi->v4_bcast.s_addr));
21231 + buffer += sprintf (buffer,
21232 + "V4Root[lback]:\t" NIPQUAD_FMT "\n",
21233 + NIPQUAD(nxi->v4_lback.s_addr));
21234 + if (!NX_IPV4(nxi))
21236 + for (i = 0, v4a = &nxi->v4; v4a; i++, v4a = v4a->next)
21237 + buffer += sprintf(buffer, "V4Root[%d]:\t" NXAV4_FMT "\n",
21240 +#ifdef CONFIG_IPV6
21241 + if (!NX_IPV6(nxi))
21243 + for (i = 0, v6a = &nxi->v6; v6a; i++, v6a = v6a->next)
21244 + buffer += sprintf(buffer, "V6Root[%d]:\t" NXAV6_FMT "\n",
21248 + put_nx_info(nxi);
21250 + return buffer - orig;
21253 diff -NurpP --minimal linux-3.14.17/kernel/vserver/sched.c linux-3.14.17-vs2.3.6.13/kernel/vserver/sched.c
21254 --- linux-3.14.17/kernel/vserver/sched.c 1970-01-01 00:00:00.000000000 +0000
21255 +++ linux-3.14.17-vs2.3.6.13/kernel/vserver/sched.c 2014-08-30 14:27:38.000000000 +0000
21258 + * linux/kernel/vserver/sched.c
21260 + * Virtual Server: Scheduler Support
21262 + * Copyright (C) 2004-2010 Herbert Pötzl
21264 + * V0.01 adapted Sam Vilains version to 2.6.3
21265 + * V0.02 removed legacy interface
21266 + * V0.03 changed vcmds to vxi arg
21267 + * V0.04 removed older and legacy interfaces
21268 + * V0.05 removed scheduler code/commands
21272 +#include <linux/vs_context.h>
21273 +#include <linux/vs_sched.h>
21274 +#include <linux/cpumask.h>
21275 +#include <linux/vserver/sched_cmd.h>
21277 +#include <asm/uaccess.h>
21280 +void vx_update_sched_param(struct _vx_sched *sched,
21281 + struct _vx_sched_pc *sched_pc)
21283 + sched_pc->prio_bias = sched->prio_bias;
21286 +static int do_set_prio_bias(struct vx_info *vxi, struct vcmd_prio_bias *data)
21290 + if (data->prio_bias > MAX_PRIO_BIAS)
21291 + data->prio_bias = MAX_PRIO_BIAS;
21292 + if (data->prio_bias < MIN_PRIO_BIAS)
21293 + data->prio_bias = MIN_PRIO_BIAS;
21295 + if (data->cpu_id != ~0) {
21296 + vxi->sched.update = cpumask_of_cpu(data->cpu_id);
21297 + cpumask_and(&vxi->sched.update, &vxi->sched.update,
21298 + cpu_online_mask);
21300 + cpumask_copy(&vxi->sched.update, cpu_online_mask);
21302 + for_each_cpu_mask(cpu, vxi->sched.update)
21303 + vx_update_sched_param(&vxi->sched,
21304 + &vx_per_cpu(vxi, sched_pc, cpu));
21308 +int vc_set_prio_bias(struct vx_info *vxi, void __user *data)
21310 + struct vcmd_prio_bias vc_data;
21312 + if (copy_from_user(&vc_data, data, sizeof(vc_data)))
21315 + return do_set_prio_bias(vxi, &vc_data);
21318 +int vc_get_prio_bias(struct vx_info *vxi, void __user *data)
21320 + struct vcmd_prio_bias vc_data;
21321 + struct _vx_sched_pc *pcd;
21324 + if (copy_from_user(&vc_data, data, sizeof(vc_data)))
21327 + cpu = vc_data.cpu_id;
21329 + if (!cpu_possible(cpu))
21332 + pcd = &vx_per_cpu(vxi, sched_pc, cpu);
21333 + vc_data.prio_bias = pcd->prio_bias;
21335 + if (copy_to_user(data, &vc_data, sizeof(vc_data)))
21340 diff -NurpP --minimal linux-3.14.17/kernel/vserver/sched_init.h linux-3.14.17-vs2.3.6.13/kernel/vserver/sched_init.h
21341 --- linux-3.14.17/kernel/vserver/sched_init.h 1970-01-01 00:00:00.000000000 +0000
21342 +++ linux-3.14.17-vs2.3.6.13/kernel/vserver/sched_init.h 2014-08-30 14:27:38.000000000 +0000
21345 +static inline void vx_info_init_sched(struct _vx_sched *sched)
21347 + /* scheduling; hard code starting values as constants */
21348 + sched->prio_bias = 0;
21352 +void vx_info_init_sched_pc(struct _vx_sched_pc *sched_pc, int cpu)
21354 + sched_pc->prio_bias = 0;
21356 + sched_pc->user_ticks = 0;
21357 + sched_pc->sys_ticks = 0;
21358 + sched_pc->hold_ticks = 0;
21361 +static inline void vx_info_exit_sched(struct _vx_sched *sched)
21367 +void vx_info_exit_sched_pc(struct _vx_sched_pc *sched_pc, int cpu)
21371 diff -NurpP --minimal linux-3.14.17/kernel/vserver/sched_proc.h linux-3.14.17-vs2.3.6.13/kernel/vserver/sched_proc.h
21372 --- linux-3.14.17/kernel/vserver/sched_proc.h 1970-01-01 00:00:00.000000000 +0000
21373 +++ linux-3.14.17-vs2.3.6.13/kernel/vserver/sched_proc.h 2014-08-30 14:27:38.000000000 +0000
21375 +#ifndef _VX_SCHED_PROC_H
21376 +#define _VX_SCHED_PROC_H
21380 +int vx_info_proc_sched(struct _vx_sched *sched, char *buffer)
21384 + length += sprintf(buffer,
21385 + "PrioBias:\t%8d\n",
21386 + sched->prio_bias);
21391 +int vx_info_proc_sched_pc(struct _vx_sched_pc *sched_pc,
21392 + char *buffer, int cpu)
21396 + length += sprintf(buffer + length,
21397 + "cpu %d: %lld %lld %lld", cpu,
21398 + (unsigned long long)sched_pc->user_ticks,
21399 + (unsigned long long)sched_pc->sys_ticks,
21400 + (unsigned long long)sched_pc->hold_ticks);
21401 + length += sprintf(buffer + length,
21402 + " %d\n", sched_pc->prio_bias);
21406 +#endif /* _VX_SCHED_PROC_H */
21407 diff -NurpP --minimal linux-3.14.17/kernel/vserver/signal.c linux-3.14.17-vs2.3.6.13/kernel/vserver/signal.c
21408 --- linux-3.14.17/kernel/vserver/signal.c 1970-01-01 00:00:00.000000000 +0000
21409 +++ linux-3.14.17-vs2.3.6.13/kernel/vserver/signal.c 2014-08-30 14:27:38.000000000 +0000
21412 + * linux/kernel/vserver/signal.c
21414 + * Virtual Server: Signal Support
21416 + * Copyright (C) 2003-2007 Herbert Pötzl
21418 + * V0.01 broken out from vcontext V0.05
21419 + * V0.02 changed vcmds to vxi arg
21420 + * V0.03 adjusted siginfo for kill
21424 +#include <asm/uaccess.h>
21426 +#include <linux/vs_context.h>
21427 +#include <linux/vs_pid.h>
21428 +#include <linux/vserver/signal_cmd.h>
21431 +int vx_info_kill(struct vx_info *vxi, int pid, int sig)
21433 + int retval, count = 0;
21434 + struct task_struct *p;
21435 + struct siginfo *sip = SEND_SIG_PRIV;
21438 + vxdprintk(VXD_CBIT(misc, 4),
21439 + "vx_info_kill(%p[#%d],%d,%d)*",
21440 + vxi, vxi->vx_id, pid, sig);
21441 + read_lock(&tasklist_lock);
21445 + for_each_process(p) {
21448 + if (vx_task_xid(p) != vxi->vx_id || p->pid <= 1 ||
21449 + (pid && vxi->vx_initpid == p->pid))
21452 + err = group_send_sig_info(sig, sip, p);
21454 + if (err != -EPERM)
21460 + if (vxi->vx_initpid) {
21461 + pid = vxi->vx_initpid;
21462 + /* for now, only SIGINT to private init ... */
21463 + if (!vx_info_flags(vxi, VXF_STATE_ADMIN, 0) &&
21464 + /* ... as long as there are tasks left */
21465 + (atomic_read(&vxi->vx_tasks) > 1))
21468 + /* fallthrough */
21471 + p = find_task_by_real_pid(pid);
21472 + rcu_read_unlock();
21474 + if (vx_task_xid(p) == vxi->vx_id)
21475 + retval = group_send_sig_info(sig, sip, p);
21479 + read_unlock(&tasklist_lock);
21480 + vxdprintk(VXD_CBIT(misc, 4),
21481 + "vx_info_kill(%p[#%d],%d,%d,%ld) = %d",
21482 + vxi, vxi->vx_id, pid, sig, (long)sip, retval);
21486 +int vc_ctx_kill(struct vx_info *vxi, void __user *data)
21488 + struct vcmd_ctx_kill_v0 vc_data;
21490 + if (copy_from_user(&vc_data, data, sizeof(vc_data)))
21493 + /* special check to allow guest shutdown */
21494 + if (!vx_info_flags(vxi, VXF_STATE_ADMIN, 0) &&
21495 + /* forbid killall pid=0 when init is present */
21496 + (((vc_data.pid < 1) && vxi->vx_initpid) ||
21497 + (vc_data.pid > 1)))
21500 + return vx_info_kill(vxi, vc_data.pid, vc_data.sig);
21504 +static int __wait_exit(struct vx_info *vxi)
21506 + DECLARE_WAITQUEUE(wait, current);
21509 + add_wait_queue(&vxi->vx_wait, &wait);
21510 + set_current_state(TASK_INTERRUPTIBLE);
21513 + if (vx_info_state(vxi,
21514 + VXS_SHUTDOWN | VXS_HASHED | VXS_HELPER) == VXS_SHUTDOWN)
21516 + if (signal_pending(current)) {
21517 + ret = -ERESTARTSYS;
21524 + set_current_state(TASK_RUNNING);
21525 + remove_wait_queue(&vxi->vx_wait, &wait);
21531 +int vc_wait_exit(struct vx_info *vxi, void __user *data)
21533 + struct vcmd_wait_exit_v0 vc_data;
21536 + ret = __wait_exit(vxi);
21537 + vc_data.reboot_cmd = vxi->reboot_cmd;
21538 + vc_data.exit_code = vxi->exit_code;
21540 + if (copy_to_user(data, &vc_data, sizeof(vc_data)))
21545 diff -NurpP --minimal linux-3.14.17/kernel/vserver/space.c linux-3.14.17-vs2.3.6.13/kernel/vserver/space.c
21546 --- linux-3.14.17/kernel/vserver/space.c 1970-01-01 00:00:00.000000000 +0000
21547 +++ linux-3.14.17-vs2.3.6.13/kernel/vserver/space.c 2014-08-30 14:27:38.000000000 +0000
21550 + * linux/kernel/vserver/space.c
21552 + * Virtual Server: Context Space Support
21554 + * Copyright (C) 2003-2010 Herbert Pötzl
21556 + * V0.01 broken out from context.c 0.07
21557 + * V0.02 added task locking for namespace
21558 + * V0.03 broken out vx_enter_namespace
21559 + * V0.04 added *space support and commands
21560 + * V0.05 added credential support
21564 +#include <linux/utsname.h>
21565 +#include <linux/nsproxy.h>
21566 +#include <linux/err.h>
21567 +#include <linux/fs_struct.h>
21568 +#include <linux/cred.h>
21569 +#include <asm/uaccess.h>
21571 +#include <linux/vs_context.h>
21572 +#include <linux/vserver/space.h>
21573 +#include <linux/vserver/space_cmd.h>
21575 +atomic_t vs_global_nsproxy = ATOMIC_INIT(0);
21576 +atomic_t vs_global_fs = ATOMIC_INIT(0);
21577 +atomic_t vs_global_mnt_ns = ATOMIC_INIT(0);
21578 +atomic_t vs_global_uts_ns = ATOMIC_INIT(0);
21579 +atomic_t vs_global_user_ns = ATOMIC_INIT(0);
21580 +atomic_t vs_global_pid_ns = ATOMIC_INIT(0);
21583 +/* namespace functions */
21585 +#include <linux/mnt_namespace.h>
21586 +#include <linux/user_namespace.h>
21587 +#include <linux/pid_namespace.h>
21588 +#include <linux/ipc_namespace.h>
21589 +#include <net/net_namespace.h>
21590 +#include "../fs/mount.h"
21593 +static const struct vcmd_space_mask_v1 space_mask_v0 = {
21594 + .mask = CLONE_FS |
21596 +#ifdef CONFIG_UTS_NS
21599 +#ifdef CONFIG_IPC_NS
21602 +#ifdef CONFIG_USER_NS
21608 +static const struct vcmd_space_mask_v1 space_mask = {
21609 + .mask = CLONE_FS |
21611 +#ifdef CONFIG_UTS_NS
21614 +#ifdef CONFIG_IPC_NS
21617 +#ifdef CONFIG_USER_NS
21620 +#ifdef CONFIG_PID_NS
21623 +#ifdef CONFIG_NET_NS
21629 +static const struct vcmd_space_mask_v1 default_space_mask = {
21630 + .mask = CLONE_FS |
21632 +#ifdef CONFIG_UTS_NS
21635 +#ifdef CONFIG_IPC_NS
21638 +#ifdef CONFIG_USER_NS
21641 +#ifdef CONFIG_PID_NS
21648 + * build a new nsproxy mix
21649 + * assumes that both proxies are 'const'
21650 + * does not touch nsproxy refcounts
21651 + * will hold a reference on the result.
21654 +struct nsproxy *vs_mix_nsproxy(struct nsproxy *old_nsproxy,
21655 + struct nsproxy *new_nsproxy, unsigned long mask)
21657 + struct mnt_namespace *old_ns;
21658 + struct uts_namespace *old_uts;
21659 + struct ipc_namespace *old_ipc;
21660 +#ifdef CONFIG_PID_NS
21661 + struct pid_namespace *old_pid;
21663 +#ifdef CONFIG_NET_NS
21664 + struct net *old_net;
21666 + struct nsproxy *nsproxy;
21668 + nsproxy = copy_nsproxy(old_nsproxy);
21672 + if (mask & CLONE_NEWNS) {
21673 + old_ns = nsproxy->mnt_ns;
21674 + nsproxy->mnt_ns = new_nsproxy->mnt_ns;
21675 + if (nsproxy->mnt_ns)
21676 + get_mnt_ns(nsproxy->mnt_ns);
21680 + if (mask & CLONE_NEWUTS) {
21681 + old_uts = nsproxy->uts_ns;
21682 + nsproxy->uts_ns = new_nsproxy->uts_ns;
21683 + if (nsproxy->uts_ns)
21684 + get_uts_ns(nsproxy->uts_ns);
21688 + if (mask & CLONE_NEWIPC) {
21689 + old_ipc = nsproxy->ipc_ns;
21690 + nsproxy->ipc_ns = new_nsproxy->ipc_ns;
21691 + if (nsproxy->ipc_ns)
21692 + get_ipc_ns(nsproxy->ipc_ns);
21696 +#ifdef CONFIG_PID_NS
21697 + if (mask & CLONE_NEWPID) {
21698 + old_pid = nsproxy->pid_ns_for_children;
21699 + nsproxy->pid_ns_for_children = new_nsproxy->pid_ns_for_children;
21700 + if (nsproxy->pid_ns_for_children)
21701 + get_pid_ns(nsproxy->pid_ns_for_children);
21705 +#ifdef CONFIG_NET_NS
21706 + if (mask & CLONE_NEWNET) {
21707 + old_net = nsproxy->net_ns;
21708 + nsproxy->net_ns = new_nsproxy->net_ns;
21709 + if (nsproxy->net_ns)
21710 + get_net(nsproxy->net_ns);
21715 + put_mnt_ns(old_ns);
21717 + put_uts_ns(old_uts);
21719 + put_ipc_ns(old_ipc);
21720 +#ifdef CONFIG_PID_NS
21722 + put_pid_ns(old_pid);
21724 +#ifdef CONFIG_NET_NS
21726 + put_net(old_net);
21734 + * merge two nsproxy structs into a new one.
21735 + * will hold a reference on the result.
21739 +struct nsproxy *__vs_merge_nsproxy(struct nsproxy *old,
21740 + struct nsproxy *proxy, unsigned long mask)
21742 + struct nsproxy null_proxy = { .mnt_ns = NULL };
21748 + /* vs_mix_nsproxy returns with reference */
21749 + return vs_mix_nsproxy(old ? old : &null_proxy,
21752 + get_nsproxy(proxy);
21757 +int vx_enter_space(struct vx_info *vxi, unsigned long mask, unsigned index)
21759 + struct nsproxy *proxy, *proxy_cur, *proxy_new;
21760 + struct fs_struct *fs_cur, *fs = NULL;
21761 + struct _vx_space *space;
21762 + int ret, kill = 0;
21764 + vxdprintk(VXD_CBIT(space, 8), "vx_enter_space(%p[#%u],0x%08lx,%d)",
21765 + vxi, vxi->vx_id, mask, index);
21767 + if (vx_info_flags(vxi, VXF_INFO_PRIVATE, 0))
21770 + if (index >= VX_SPACES)
21773 + space = &vxi->space[index];
21776 + mask = space->vx_nsmask;
21778 + if ((mask & space->vx_nsmask) != mask)
21781 + if (mask & CLONE_FS) {
21782 + fs = copy_fs_struct(space->vx_fs);
21786 + proxy = space->vx_nsproxy;
21788 + vxdprintk(VXD_CBIT(space, 9),
21789 + "vx_enter_space(%p[#%u],0x%08lx,%d) -> (%p,%p)",
21790 + vxi, vxi->vx_id, mask, index, proxy, fs);
21792 + task_lock(current);
21793 + fs_cur = current->fs;
21795 + if (mask & CLONE_FS) {
21796 + spin_lock(&fs_cur->lock);
21797 + current->fs = fs;
21798 + kill = !--fs_cur->users;
21799 + spin_unlock(&fs_cur->lock);
21802 + proxy_cur = current->nsproxy;
21803 + get_nsproxy(proxy_cur);
21804 + task_unlock(current);
21807 + free_fs_struct(fs_cur);
21809 + proxy_new = __vs_merge_nsproxy(proxy_cur, proxy, mask);
21810 + if (IS_ERR(proxy_new)) {
21811 + ret = PTR_ERR(proxy_new);
21815 + proxy_new = xchg(¤t->nsproxy, proxy_new);
21817 + if (mask & CLONE_NEWUSER) {
21818 + struct cred *cred;
21820 + vxdprintk(VXD_CBIT(space, 10),
21821 + "vx_enter_space(%p[#%u],%p) cred (%p,%p)",
21822 + vxi, vxi->vx_id, space->vx_cred,
21823 + current->real_cred, current->cred);
21825 + if (space->vx_cred) {
21826 + cred = __prepare_creds(space->vx_cred);
21828 + commit_creds(cred);
21835 + put_nsproxy(proxy_new);
21838 + put_nsproxy(proxy_cur);
21843 +int vx_set_space(struct vx_info *vxi, unsigned long mask, unsigned index)
21845 + struct nsproxy *proxy_vxi, *proxy_cur, *proxy_new;
21846 + struct fs_struct *fs_vxi, *fs = NULL;
21847 + struct _vx_space *space;
21848 + int ret, kill = 0;
21850 + vxdprintk(VXD_CBIT(space, 8), "vx_set_space(%p[#%u],0x%08lx,%d)",
21851 + vxi, vxi->vx_id, mask, index);
21853 + if ((mask & space_mask.mask) != mask)
21856 + if (index >= VX_SPACES)
21859 + space = &vxi->space[index];
21861 + proxy_vxi = space->vx_nsproxy;
21862 + fs_vxi = space->vx_fs;
21864 + if (mask & CLONE_FS) {
21865 + fs = copy_fs_struct(current->fs);
21870 + task_lock(current);
21872 + if (mask & CLONE_FS) {
21873 + spin_lock(&fs_vxi->lock);
21874 + space->vx_fs = fs;
21875 + kill = !--fs_vxi->users;
21876 + spin_unlock(&fs_vxi->lock);
21879 + proxy_cur = current->nsproxy;
21880 + get_nsproxy(proxy_cur);
21881 + task_unlock(current);
21884 + free_fs_struct(fs_vxi);
21886 + proxy_new = __vs_merge_nsproxy(proxy_vxi, proxy_cur, mask);
21887 + if (IS_ERR(proxy_new)) {
21888 + ret = PTR_ERR(proxy_new);
21892 + proxy_new = xchg(&space->vx_nsproxy, proxy_new);
21893 + space->vx_nsmask |= mask;
21895 + if (mask & CLONE_NEWUSER) {
21896 + struct cred *cred;
21898 + vxdprintk(VXD_CBIT(space, 10),
21899 + "vx_set_space(%p[#%u],%p) cred (%p,%p)",
21900 + vxi, vxi->vx_id, space->vx_cred,
21901 + current->real_cred, current->cred);
21903 + cred = prepare_creds();
21904 + cred = (struct cred *)xchg(&space->vx_cred, cred);
21906 + abort_creds(cred);
21912 + put_nsproxy(proxy_new);
21915 + put_nsproxy(proxy_cur);
21920 +int vc_enter_space_v1(struct vx_info *vxi, void __user *data)
21922 + struct vcmd_space_mask_v1 vc_data = { .mask = 0 };
21924 + if (data && copy_from_user(&vc_data, data, sizeof(vc_data)))
21927 + return vx_enter_space(vxi, vc_data.mask, 0);
21930 +int vc_enter_space(struct vx_info *vxi, void __user *data)
21932 + struct vcmd_space_mask_v2 vc_data = { .mask = 0 };
21934 + if (data && copy_from_user(&vc_data, data, sizeof(vc_data)))
21937 + if (vc_data.index >= VX_SPACES)
21940 + return vx_enter_space(vxi, vc_data.mask, vc_data.index);
21943 +int vc_set_space_v1(struct vx_info *vxi, void __user *data)
21945 + struct vcmd_space_mask_v1 vc_data = { .mask = 0 };
21947 + if (data && copy_from_user(&vc_data, data, sizeof(vc_data)))
21950 + return vx_set_space(vxi, vc_data.mask, 0);
21953 +int vc_set_space(struct vx_info *vxi, void __user *data)
21955 + struct vcmd_space_mask_v2 vc_data = { .mask = 0 };
21957 + if (data && copy_from_user(&vc_data, data, sizeof(vc_data)))
21960 + if (vc_data.index >= VX_SPACES)
21963 + return vx_set_space(vxi, vc_data.mask, vc_data.index);
21966 +int vc_get_space_mask(void __user *data, int type)
21968 + const struct vcmd_space_mask_v1 *mask;
21971 + mask = &space_mask_v0;
21972 + else if (type == 1)
21973 + mask = &space_mask;
21975 + mask = &default_space_mask;
21977 + vxdprintk(VXD_CBIT(space, 10),
21978 + "vc_get_space_mask(%d) = %08llx", type, mask->mask);
21980 + if (copy_to_user(data, mask, sizeof(*mask)))
21985 diff -NurpP --minimal linux-3.14.17/kernel/vserver/switch.c linux-3.14.17-vs2.3.6.13/kernel/vserver/switch.c
21986 --- linux-3.14.17/kernel/vserver/switch.c 1970-01-01 00:00:00.000000000 +0000
21987 +++ linux-3.14.17-vs2.3.6.13/kernel/vserver/switch.c 2014-08-30 14:27:38.000000000 +0000
21990 + * linux/kernel/vserver/switch.c
21992 + * Virtual Server: Syscall Switch
21994 + * Copyright (C) 2003-2011 Herbert Pötzl
21996 + * V0.01 syscall switch
21997 + * V0.02 added signal to context
21998 + * V0.03 added rlimit functions
21999 + * V0.04 added iattr, task/xid functions
22000 + * V0.05 added debug/history stuff
22001 + * V0.06 added compat32 layer
22002 + * V0.07 vcmd args and perms
22003 + * V0.08 added status commands
22004 + * V0.09 added tag commands
22005 + * V0.10 added oom bias
22006 + * V0.11 added device commands
22007 + * V0.12 added warn mask
22011 +#include <linux/vs_context.h>
22012 +#include <linux/vs_network.h>
22013 +#include <linux/vserver/switch.h>
22015 +#include "vci_config.h"
22019 +int vc_get_version(uint32_t id)
22021 + return VCI_VERSION;
22025 +int vc_get_vci(uint32_t id)
22027 + return vci_kernel_config();
22030 +#include <linux/vserver/context_cmd.h>
22031 +#include <linux/vserver/cvirt_cmd.h>
22032 +#include <linux/vserver/cacct_cmd.h>
22033 +#include <linux/vserver/limit_cmd.h>
22034 +#include <linux/vserver/network_cmd.h>
22035 +#include <linux/vserver/sched_cmd.h>
22036 +#include <linux/vserver/debug_cmd.h>
22037 +#include <linux/vserver/inode_cmd.h>
22038 +#include <linux/vserver/dlimit_cmd.h>
22039 +#include <linux/vserver/signal_cmd.h>
22040 +#include <linux/vserver/space_cmd.h>
22041 +#include <linux/vserver/tag_cmd.h>
22042 +#include <linux/vserver/device_cmd.h>
22044 +#include <linux/vserver/inode.h>
22045 +#include <linux/vserver/dlimit.h>
22048 +#ifdef CONFIG_COMPAT
22049 +#define __COMPAT(name, id, data, compat) \
22050 + (compat) ? name ## _x32(id, data) : name(id, data)
22051 +#define __COMPAT_NO_ID(name, data, compat) \
22052 + (compat) ? name ## _x32(data) : name(data)
22054 +#define __COMPAT(name, id, data, compat) \
22056 +#define __COMPAT_NO_ID(name, data, compat) \
22062 +long do_vcmd(uint32_t cmd, uint32_t id,
22063 + struct vx_info *vxi, struct nx_info *nxi,
22064 + void __user *data, int compat)
22068 + case VCMD_get_version:
22069 + return vc_get_version(id);
22070 + case VCMD_get_vci:
22071 + return vc_get_vci(id);
22073 + case VCMD_task_xid:
22074 + return vc_task_xid(id);
22075 + case VCMD_vx_info:
22076 + return vc_vx_info(vxi, data);
22078 + case VCMD_task_nid:
22079 + return vc_task_nid(id);
22080 + case VCMD_nx_info:
22081 + return vc_nx_info(nxi, data);
22083 + case VCMD_task_tag:
22084 + return vc_task_tag(id);
22086 + case VCMD_set_space_v1:
22087 + return vc_set_space_v1(vxi, data);
22088 + /* this is version 2 */
22089 + case VCMD_set_space:
22090 + return vc_set_space(vxi, data);
22092 + case VCMD_get_space_mask_v0:
22093 + return vc_get_space_mask(data, 0);
22094 + /* this is version 1 */
22095 + case VCMD_get_space_mask:
22096 + return vc_get_space_mask(data, 1);
22098 + case VCMD_get_space_default:
22099 + return vc_get_space_mask(data, -1);
22101 + case VCMD_set_umask:
22102 + return vc_set_umask(vxi, data);
22104 + case VCMD_get_umask:
22105 + return vc_get_umask(vxi, data);
22107 + case VCMD_set_wmask:
22108 + return vc_set_wmask(vxi, data);
22110 + case VCMD_get_wmask:
22111 + return vc_get_wmask(vxi, data);
22112 +#ifdef CONFIG_IA32_EMULATION
22113 + case VCMD_get_rlimit:
22114 + return __COMPAT(vc_get_rlimit, vxi, data, compat);
22115 + case VCMD_set_rlimit:
22116 + return __COMPAT(vc_set_rlimit, vxi, data, compat);
22118 + case VCMD_get_rlimit:
22119 + return vc_get_rlimit(vxi, data);
22120 + case VCMD_set_rlimit:
22121 + return vc_set_rlimit(vxi, data);
22123 + case VCMD_get_rlimit_mask:
22124 + return vc_get_rlimit_mask(id, data);
22125 + case VCMD_reset_hits:
22126 + return vc_reset_hits(vxi, data);
22127 + case VCMD_reset_minmax:
22128 + return vc_reset_minmax(vxi, data);
22130 + case VCMD_get_vhi_name:
22131 + return vc_get_vhi_name(vxi, data);
22132 + case VCMD_set_vhi_name:
22133 + return vc_set_vhi_name(vxi, data);
22135 + case VCMD_ctx_stat:
22136 + return vc_ctx_stat(vxi, data);
22137 + case VCMD_virt_stat:
22138 + return vc_virt_stat(vxi, data);
22139 + case VCMD_sock_stat:
22140 + return vc_sock_stat(vxi, data);
22141 + case VCMD_rlimit_stat:
22142 + return vc_rlimit_stat(vxi, data);
22144 + case VCMD_set_cflags:
22145 + return vc_set_cflags(vxi, data);
22146 + case VCMD_get_cflags:
22147 + return vc_get_cflags(vxi, data);
22149 + /* this is version 1 */
22150 + case VCMD_set_ccaps:
22151 + return vc_set_ccaps(vxi, data);
22152 + /* this is version 1 */
22153 + case VCMD_get_ccaps:
22154 + return vc_get_ccaps(vxi, data);
22155 + case VCMD_set_bcaps:
22156 + return vc_set_bcaps(vxi, data);
22157 + case VCMD_get_bcaps:
22158 + return vc_get_bcaps(vxi, data);
22160 + case VCMD_set_badness:
22161 + return vc_set_badness(vxi, data);
22162 + case VCMD_get_badness:
22163 + return vc_get_badness(vxi, data);
22165 + case VCMD_set_nflags:
22166 + return vc_set_nflags(nxi, data);
22167 + case VCMD_get_nflags:
22168 + return vc_get_nflags(nxi, data);
22170 + case VCMD_set_ncaps:
22171 + return vc_set_ncaps(nxi, data);
22172 + case VCMD_get_ncaps:
22173 + return vc_get_ncaps(nxi, data);
22175 + case VCMD_set_prio_bias:
22176 + return vc_set_prio_bias(vxi, data);
22177 + case VCMD_get_prio_bias:
22178 + return vc_get_prio_bias(vxi, data);
22179 + case VCMD_add_dlimit:
22180 + return __COMPAT(vc_add_dlimit, id, data, compat);
22181 + case VCMD_rem_dlimit:
22182 + return __COMPAT(vc_rem_dlimit, id, data, compat);
22183 + case VCMD_set_dlimit:
22184 + return __COMPAT(vc_set_dlimit, id, data, compat);
22185 + case VCMD_get_dlimit:
22186 + return __COMPAT(vc_get_dlimit, id, data, compat);
22188 + case VCMD_ctx_kill:
22189 + return vc_ctx_kill(vxi, data);
22191 + case VCMD_wait_exit:
22192 + return vc_wait_exit(vxi, data);
22194 + case VCMD_get_iattr:
22195 + return __COMPAT_NO_ID(vc_get_iattr, data, compat);
22196 + case VCMD_set_iattr:
22197 + return __COMPAT_NO_ID(vc_set_iattr, data, compat);
22199 + case VCMD_fget_iattr:
22200 + return vc_fget_iattr(id, data);
22201 + case VCMD_fset_iattr:
22202 + return vc_fset_iattr(id, data);
22204 + case VCMD_enter_space_v0:
22205 + return vc_enter_space_v1(vxi, NULL);
22206 + case VCMD_enter_space_v1:
22207 + return vc_enter_space_v1(vxi, data);
22208 + /* this is version 2 */
22209 + case VCMD_enter_space:
22210 + return vc_enter_space(vxi, data);
22212 + case VCMD_ctx_create_v0:
22213 + return vc_ctx_create(id, NULL);
22214 + case VCMD_ctx_create:
22215 + return vc_ctx_create(id, data);
22216 + case VCMD_ctx_migrate_v0:
22217 + return vc_ctx_migrate(vxi, NULL);
22218 + case VCMD_ctx_migrate:
22219 + return vc_ctx_migrate(vxi, data);
22221 + case VCMD_net_create_v0:
22222 + return vc_net_create(id, NULL);
22223 + case VCMD_net_create:
22224 + return vc_net_create(id, data);
22225 + case VCMD_net_migrate:
22226 + return vc_net_migrate(nxi, data);
22228 + case VCMD_tag_migrate:
22229 + return vc_tag_migrate(id);
22231 + case VCMD_net_add:
22232 + return vc_net_add(nxi, data);
22233 + case VCMD_net_remove:
22234 + return vc_net_remove(nxi, data);
22236 + case VCMD_net_add_ipv4_v1:
22237 + return vc_net_add_ipv4_v1(nxi, data);
22238 + /* this is version 2 */
22239 + case VCMD_net_add_ipv4:
22240 + return vc_net_add_ipv4(nxi, data);
22242 + case VCMD_net_rem_ipv4_v1:
22243 + return vc_net_rem_ipv4_v1(nxi, data);
22244 + /* this is version 2 */
22245 + case VCMD_net_rem_ipv4:
22246 + return vc_net_rem_ipv4(nxi, data);
22247 +#ifdef CONFIG_IPV6
22248 + case VCMD_net_add_ipv6:
22249 + return vc_net_add_ipv6(nxi, data);
22250 + case VCMD_net_remove_ipv6:
22251 + return vc_net_remove_ipv6(nxi, data);
22253 +/* case VCMD_add_match_ipv4:
22254 + return vc_add_match_ipv4(nxi, data);
22255 + case VCMD_get_match_ipv4:
22256 + return vc_get_match_ipv4(nxi, data);
22257 +#ifdef CONFIG_IPV6
22258 + case VCMD_add_match_ipv6:
22259 + return vc_add_match_ipv6(nxi, data);
22260 + case VCMD_get_match_ipv6:
22261 + return vc_get_match_ipv6(nxi, data);
22264 +#ifdef CONFIG_VSERVER_DEVICE
22265 + case VCMD_set_mapping:
22266 + return __COMPAT(vc_set_mapping, vxi, data, compat);
22267 + case VCMD_unset_mapping:
22268 + return __COMPAT(vc_unset_mapping, vxi, data, compat);
22270 +#ifdef CONFIG_VSERVER_HISTORY
22271 + case VCMD_dump_history:
22272 + return vc_dump_history(id);
22273 + case VCMD_read_history:
22274 + return __COMPAT(vc_read_history, id, data, compat);
22277 + vxwprintk_task(1, "unimplemented VCMD_%02d_%d[%d]",
22278 + VC_CATEGORY(cmd), VC_COMMAND(cmd), VC_VERSION(cmd));
22284 +#define __VCMD(vcmd, _perm, _args, _flags) \
22285 + case VCMD_ ## vcmd: perm = _perm; \
22286 + args = _args; flags = _flags; break
22289 +#define VCA_NONE 0x00
22290 +#define VCA_VXI 0x01
22291 +#define VCA_NXI 0x02
22293 +#define VCF_NONE 0x00
22294 +#define VCF_INFO 0x01
22295 +#define VCF_ADMIN 0x02
22296 +#define VCF_ARES 0x06 /* includes admin */
22297 +#define VCF_SETUP 0x08
22299 +#define VCF_ZIDOK 0x10 /* zero id okay */
22303 +long do_vserver(uint32_t cmd, uint32_t id, void __user *data, int compat)
22306 + int permit = -1, state = 0;
22307 + int perm = -1, args = 0, flags = 0;
22308 + struct vx_info *vxi = NULL;
22309 + struct nx_info *nxi = NULL;
22312 + /* unpriviledged commands */
22313 + __VCMD(get_version, 0, VCA_NONE, 0);
22314 + __VCMD(get_vci, 0, VCA_NONE, 0);
22315 + __VCMD(get_rlimit_mask, 0, VCA_NONE, 0);
22316 + __VCMD(get_space_mask_v0,0, VCA_NONE, 0);
22317 + __VCMD(get_space_mask, 0, VCA_NONE, 0);
22318 + __VCMD(get_space_default,0, VCA_NONE, 0);
22320 + /* info commands */
22321 + __VCMD(task_xid, 2, VCA_NONE, 0);
22322 + __VCMD(reset_hits, 2, VCA_VXI, 0);
22323 + __VCMD(reset_minmax, 2, VCA_VXI, 0);
22324 + __VCMD(vx_info, 3, VCA_VXI, VCF_INFO);
22325 + __VCMD(get_bcaps, 3, VCA_VXI, VCF_INFO);
22326 + __VCMD(get_ccaps, 3, VCA_VXI, VCF_INFO);
22327 + __VCMD(get_cflags, 3, VCA_VXI, VCF_INFO);
22328 + __VCMD(get_umask, 3, VCA_VXI, VCF_INFO);
22329 + __VCMD(get_wmask, 3, VCA_VXI, VCF_INFO);
22330 + __VCMD(get_badness, 3, VCA_VXI, VCF_INFO);
22331 + __VCMD(get_vhi_name, 3, VCA_VXI, VCF_INFO);
22332 + __VCMD(get_rlimit, 3, VCA_VXI, VCF_INFO);
22334 + __VCMD(ctx_stat, 3, VCA_VXI, VCF_INFO);
22335 + __VCMD(virt_stat, 3, VCA_VXI, VCF_INFO);
22336 + __VCMD(sock_stat, 3, VCA_VXI, VCF_INFO);
22337 + __VCMD(rlimit_stat, 3, VCA_VXI, VCF_INFO);
22339 + __VCMD(task_nid, 2, VCA_NONE, 0);
22340 + __VCMD(nx_info, 3, VCA_NXI, VCF_INFO);
22341 + __VCMD(get_ncaps, 3, VCA_NXI, VCF_INFO);
22342 + __VCMD(get_nflags, 3, VCA_NXI, VCF_INFO);
22344 + __VCMD(task_tag, 2, VCA_NONE, 0);
22346 + __VCMD(get_iattr, 2, VCA_NONE, 0);
22347 + __VCMD(fget_iattr, 2, VCA_NONE, 0);
22348 + __VCMD(get_dlimit, 3, VCA_NONE, VCF_INFO);
22349 + __VCMD(get_prio_bias, 3, VCA_VXI, VCF_INFO);
22351 + /* lower admin commands */
22352 + __VCMD(wait_exit, 4, VCA_VXI, VCF_INFO);
22353 + __VCMD(ctx_create_v0, 5, VCA_NONE, 0);
22354 + __VCMD(ctx_create, 5, VCA_NONE, 0);
22355 + __VCMD(ctx_migrate_v0, 5, VCA_VXI, VCF_ADMIN);
22356 + __VCMD(ctx_migrate, 5, VCA_VXI, VCF_ADMIN);
22357 + __VCMD(enter_space_v0, 5, VCA_VXI, VCF_ADMIN);
22358 + __VCMD(enter_space_v1, 5, VCA_VXI, VCF_ADMIN);
22359 + __VCMD(enter_space, 5, VCA_VXI, VCF_ADMIN);
22361 + __VCMD(net_create_v0, 5, VCA_NONE, 0);
22362 + __VCMD(net_create, 5, VCA_NONE, 0);
22363 + __VCMD(net_migrate, 5, VCA_NXI, VCF_ADMIN);
22365 + __VCMD(tag_migrate, 5, VCA_NONE, VCF_ADMIN);
22367 + /* higher admin commands */
22368 + __VCMD(ctx_kill, 6, VCA_VXI, VCF_ARES);
22369 + __VCMD(set_space_v1, 7, VCA_VXI, VCF_ARES | VCF_SETUP);
22370 + __VCMD(set_space, 7, VCA_VXI, VCF_ARES | VCF_SETUP);
22372 + __VCMD(set_ccaps, 7, VCA_VXI, VCF_ARES | VCF_SETUP);
22373 + __VCMD(set_bcaps, 7, VCA_VXI, VCF_ARES | VCF_SETUP);
22374 + __VCMD(set_cflags, 7, VCA_VXI, VCF_ARES | VCF_SETUP);
22375 + __VCMD(set_umask, 7, VCA_VXI, VCF_ARES | VCF_SETUP);
22376 + __VCMD(set_wmask, 7, VCA_VXI, VCF_ARES | VCF_SETUP);
22377 + __VCMD(set_badness, 7, VCA_VXI, VCF_ARES | VCF_SETUP);
22379 + __VCMD(set_vhi_name, 7, VCA_VXI, VCF_ARES | VCF_SETUP);
22380 + __VCMD(set_rlimit, 7, VCA_VXI, VCF_ARES | VCF_SETUP);
22381 + __VCMD(set_prio_bias, 7, VCA_VXI, VCF_ARES | VCF_SETUP);
22383 + __VCMD(set_ncaps, 7, VCA_NXI, VCF_ARES | VCF_SETUP);
22384 + __VCMD(set_nflags, 7, VCA_NXI, VCF_ARES | VCF_SETUP);
22385 + __VCMD(net_add, 8, VCA_NXI, VCF_ARES | VCF_SETUP);
22386 + __VCMD(net_remove, 8, VCA_NXI, VCF_ARES | VCF_SETUP);
22387 + __VCMD(net_add_ipv4_v1, 8, VCA_NXI, VCF_ARES | VCF_SETUP);
22388 + __VCMD(net_rem_ipv4_v1, 8, VCA_NXI, VCF_ARES | VCF_SETUP);
22389 + __VCMD(net_add_ipv4, 8, VCA_NXI, VCF_ARES | VCF_SETUP);
22390 + __VCMD(net_rem_ipv4, 8, VCA_NXI, VCF_ARES | VCF_SETUP);
22391 +#ifdef CONFIG_IPV6
22392 + __VCMD(net_add_ipv6, 8, VCA_NXI, VCF_ARES | VCF_SETUP);
22393 + __VCMD(net_remove_ipv6, 8, VCA_NXI, VCF_ARES | VCF_SETUP);
22395 + __VCMD(set_iattr, 7, VCA_NONE, 0);
22396 + __VCMD(fset_iattr, 7, VCA_NONE, 0);
22397 + __VCMD(set_dlimit, 7, VCA_NONE, VCF_ARES);
22398 + __VCMD(add_dlimit, 8, VCA_NONE, VCF_ARES);
22399 + __VCMD(rem_dlimit, 8, VCA_NONE, VCF_ARES);
22401 +#ifdef CONFIG_VSERVER_DEVICE
22402 + __VCMD(set_mapping, 8, VCA_VXI, VCF_ARES|VCF_ZIDOK);
22403 + __VCMD(unset_mapping, 8, VCA_VXI, VCF_ARES|VCF_ZIDOK);
22405 + /* debug level admin commands */
22406 +#ifdef CONFIG_VSERVER_HISTORY
22407 + __VCMD(dump_history, 9, VCA_NONE, 0);
22408 + __VCMD(read_history, 9, VCA_NONE, 0);
22415 + vxdprintk(VXD_CBIT(switch, 0),
22416 + "vc: VCMD_%02d_%d[%d], %d,%p [%d,%d,%x,%x]",
22417 + VC_CATEGORY(cmd), VC_COMMAND(cmd),
22418 + VC_VERSION(cmd), id, data, compat,
22419 + perm, args, flags);
22426 + if (!capable(CAP_CONTEXT))
22430 + /* moved here from the individual commands */
22432 + if ((perm > 1) && !capable(CAP_SYS_ADMIN))
22436 + /* vcmd involves resource management */
22438 + if ((flags & VCF_ARES) && !capable(CAP_SYS_RESOURCE))
22442 + /* various legacy exceptions */
22444 + /* will go away when spectator is a cap */
22445 + case VCMD_ctx_migrate_v0:
22446 + case VCMD_ctx_migrate:
22448 + current->xid = 1;
22454 + /* will go away when spectator is a cap */
22455 + case VCMD_net_migrate:
22457 + current->nid = 1;
22464 + /* vcmds are fine by default */
22467 + /* admin type vcmds require admin ... */
22468 + if (flags & VCF_ADMIN)
22469 + permit = vx_check(0, VS_ADMIN) ? 1 : 0;
22471 + /* ... but setup type vcmds override that */
22472 + if (!permit && (flags & VCF_SETUP))
22473 + permit = vx_flags(VXF_STATE_SETUP, 0) ? 2 : 0;
22481 + if (!id && (flags & VCF_ZIDOK))
22485 + if (args & VCA_VXI) {
22486 + vxi = lookup_vx_info(id);
22490 + if ((flags & VCF_ADMIN) &&
22491 + /* special case kill for shutdown */
22492 + (cmd != VCMD_ctx_kill) &&
22493 + /* can context be administrated? */
22494 + !vx_info_flags(vxi, VXF_STATE_ADMIN, 0)) {
22500 + if (args & VCA_NXI) {
22501 + nxi = lookup_nx_info(id);
22505 + if ((flags & VCF_ADMIN) &&
22506 + /* can context be administrated? */
22507 + !nx_info_flags(nxi, NXF_STATE_ADMIN, 0)) {
22514 + ret = do_vcmd(cmd, id, vxi, nxi, data, compat);
22517 + if ((args & VCA_NXI) && nxi)
22518 + put_nx_info(nxi);
22520 + if ((args & VCA_VXI) && vxi)
22521 + put_vx_info(vxi);
22523 + vxdprintk(VXD_CBIT(switch, 1),
22524 + "vc: VCMD_%02d_%d[%d] = %08lx(%ld) [%d,%d]",
22525 + VC_CATEGORY(cmd), VC_COMMAND(cmd),
22526 + VC_VERSION(cmd), ret, ret, state, permit);
22531 +sys_vserver(uint32_t cmd, uint32_t id, void __user *data)
22533 + return do_vserver(cmd, id, data, 0);
22536 +#ifdef CONFIG_COMPAT
22539 +sys32_vserver(uint32_t cmd, uint32_t id, void __user *data)
22541 + return do_vserver(cmd, id, data, 1);
22544 +#endif /* CONFIG_COMPAT */
22545 diff -NurpP --minimal linux-3.14.17/kernel/vserver/sysctl.c linux-3.14.17-vs2.3.6.13/kernel/vserver/sysctl.c
22546 --- linux-3.14.17/kernel/vserver/sysctl.c 1970-01-01 00:00:00.000000000 +0000
22547 +++ linux-3.14.17-vs2.3.6.13/kernel/vserver/sysctl.c 2014-08-30 14:27:38.000000000 +0000
22550 + * kernel/vserver/sysctl.c
22552 + * Virtual Context Support
22554 + * Copyright (C) 2004-2007 Herbert Pötzl
22556 + * V0.01 basic structure
22560 +#include <linux/module.h>
22561 +#include <linux/ctype.h>
22562 +#include <linux/sysctl.h>
22563 +#include <linux/parser.h>
22564 +#include <asm/uaccess.h>
22567 + CTL_DEBUG_ERROR = 0,
22568 + CTL_DEBUG_SWITCH = 1,
22584 +unsigned int vs_debug_switch = 0;
22585 +unsigned int vs_debug_xid = 0;
22586 +unsigned int vs_debug_nid = 0;
22587 +unsigned int vs_debug_tag = 0;
22588 +unsigned int vs_debug_net = 0;
22589 +unsigned int vs_debug_limit = 0;
22590 +unsigned int vs_debug_cres = 0;
22591 +unsigned int vs_debug_dlim = 0;
22592 +unsigned int vs_debug_quota = 0;
22593 +unsigned int vs_debug_cvirt = 0;
22594 +unsigned int vs_debug_space = 0;
22595 +unsigned int vs_debug_perm = 0;
22596 +unsigned int vs_debug_misc = 0;
22599 +static struct ctl_table_header *vserver_table_header;
22600 +static ctl_table vserver_root_table[];
22603 +void vserver_register_sysctl(void)
22605 + if (!vserver_table_header) {
22606 + vserver_table_header = register_sysctl_table(vserver_root_table);
22611 +void vserver_unregister_sysctl(void)
22613 + if (vserver_table_header) {
22614 + unregister_sysctl_table(vserver_table_header);
22615 + vserver_table_header = NULL;
22620 +static int proc_dodebug(ctl_table *table, int write,
22621 + void __user *buffer, size_t *lenp, loff_t *ppos)
22623 + char tmpbuf[20], *p, c;
22624 + unsigned int value;
22625 + size_t left, len;
22627 + if ((*ppos && !write) || !*lenp) {
22635 + if (!access_ok(VERIFY_READ, buffer, left))
22637 + p = (char *)buffer;
22638 + while (left && __get_user(c, p) >= 0 && isspace(c))
22643 + if (left > sizeof(tmpbuf) - 1)
22645 + if (copy_from_user(tmpbuf, p, left))
22647 + tmpbuf[left] = '\0';
22649 + for (p = tmpbuf, value = 0; '0' <= *p && *p <= '9'; p++, left--)
22650 + value = 10 * value + (*p - '0');
22651 + if (*p && !isspace(*p))
22653 + while (left && isspace(*p))
22655 + *(unsigned int *)table->data = value;
22657 + if (!access_ok(VERIFY_WRITE, buffer, left))
22659 + len = sprintf(tmpbuf, "%d", *(unsigned int *)table->data);
22662 + if (__copy_to_user(buffer, tmpbuf, len))
22664 + if ((left -= len) > 0) {
22665 + if (put_user('\n', (char *)buffer + len))
22679 +#define CTL_ENTRY(ctl, name) \
22681 + .procname = #name, \
22682 + .data = &vs_ ## name, \
22683 + .maxlen = sizeof(int), \
22685 + .proc_handler = &proc_dodebug, \
22686 + .extra1 = &zero, \
22687 + .extra2 = &zero, \
22690 +static ctl_table vserver_debug_table[] = {
22691 + CTL_ENTRY(CTL_DEBUG_SWITCH, debug_switch),
22692 + CTL_ENTRY(CTL_DEBUG_XID, debug_xid),
22693 + CTL_ENTRY(CTL_DEBUG_NID, debug_nid),
22694 + CTL_ENTRY(CTL_DEBUG_TAG, debug_tag),
22695 + CTL_ENTRY(CTL_DEBUG_NET, debug_net),
22696 + CTL_ENTRY(CTL_DEBUG_LIMIT, debug_limit),
22697 + CTL_ENTRY(CTL_DEBUG_CRES, debug_cres),
22698 + CTL_ENTRY(CTL_DEBUG_DLIM, debug_dlim),
22699 + CTL_ENTRY(CTL_DEBUG_QUOTA, debug_quota),
22700 + CTL_ENTRY(CTL_DEBUG_CVIRT, debug_cvirt),
22701 + CTL_ENTRY(CTL_DEBUG_SPACE, debug_space),
22702 + CTL_ENTRY(CTL_DEBUG_PERM, debug_perm),
22703 + CTL_ENTRY(CTL_DEBUG_MISC, debug_misc),
22707 +static ctl_table vserver_root_table[] = {
22709 + .procname = "vserver",
22711 + .child = vserver_debug_table
22717 +static match_table_t tokens = {
22718 + { CTL_DEBUG_SWITCH, "switch=%x" },
22719 + { CTL_DEBUG_XID, "xid=%x" },
22720 + { CTL_DEBUG_NID, "nid=%x" },
22721 + { CTL_DEBUG_TAG, "tag=%x" },
22722 + { CTL_DEBUG_NET, "net=%x" },
22723 + { CTL_DEBUG_LIMIT, "limit=%x" },
22724 + { CTL_DEBUG_CRES, "cres=%x" },
22725 + { CTL_DEBUG_DLIM, "dlim=%x" },
22726 + { CTL_DEBUG_QUOTA, "quota=%x" },
22727 + { CTL_DEBUG_CVIRT, "cvirt=%x" },
22728 + { CTL_DEBUG_SPACE, "space=%x" },
22729 + { CTL_DEBUG_PERM, "perm=%x" },
22730 + { CTL_DEBUG_MISC, "misc=%x" },
22731 + { CTL_DEBUG_ERROR, NULL }
22734 +#define HANDLE_CASE(id, name, val) \
22735 + case CTL_DEBUG_ ## id: \
22736 + vs_debug_ ## name = val; \
22737 + printk("vs_debug_" #name "=0x%x\n", val); \
22741 +static int __init vs_debug_setup(char *str)
22746 + printk("vs_debug_setup(%s)\n", str);
22747 + while ((p = strsep(&str, ",")) != NULL) {
22748 + substring_t args[MAX_OPT_ARGS];
22749 + unsigned int value;
22754 + token = match_token(p, tokens, args);
22755 + value = (token > 0) ? simple_strtoul(args[0].from, NULL, 0) : 0;
22758 + HANDLE_CASE(SWITCH, switch, value);
22759 + HANDLE_CASE(XID, xid, value);
22760 + HANDLE_CASE(NID, nid, value);
22761 + HANDLE_CASE(TAG, tag, value);
22762 + HANDLE_CASE(NET, net, value);
22763 + HANDLE_CASE(LIMIT, limit, value);
22764 + HANDLE_CASE(CRES, cres, value);
22765 + HANDLE_CASE(DLIM, dlim, value);
22766 + HANDLE_CASE(QUOTA, quota, value);
22767 + HANDLE_CASE(CVIRT, cvirt, value);
22768 + HANDLE_CASE(SPACE, space, value);
22769 + HANDLE_CASE(PERM, perm, value);
22770 + HANDLE_CASE(MISC, misc, value);
22779 +__setup("vsdebug=", vs_debug_setup);
22783 +EXPORT_SYMBOL_GPL(vs_debug_switch);
22784 +EXPORT_SYMBOL_GPL(vs_debug_xid);
22785 +EXPORT_SYMBOL_GPL(vs_debug_nid);
22786 +EXPORT_SYMBOL_GPL(vs_debug_net);
22787 +EXPORT_SYMBOL_GPL(vs_debug_limit);
22788 +EXPORT_SYMBOL_GPL(vs_debug_cres);
22789 +EXPORT_SYMBOL_GPL(vs_debug_dlim);
22790 +EXPORT_SYMBOL_GPL(vs_debug_quota);
22791 +EXPORT_SYMBOL_GPL(vs_debug_cvirt);
22792 +EXPORT_SYMBOL_GPL(vs_debug_space);
22793 +EXPORT_SYMBOL_GPL(vs_debug_perm);
22794 +EXPORT_SYMBOL_GPL(vs_debug_misc);
22796 diff -NurpP --minimal linux-3.14.17/kernel/vserver/tag.c linux-3.14.17-vs2.3.6.13/kernel/vserver/tag.c
22797 --- linux-3.14.17/kernel/vserver/tag.c 1970-01-01 00:00:00.000000000 +0000
22798 +++ linux-3.14.17-vs2.3.6.13/kernel/vserver/tag.c 2014-08-30 14:27:38.000000000 +0000
22801 + * linux/kernel/vserver/tag.c
22803 + * Virtual Server: Shallow Tag Space
22805 + * Copyright (C) 2007 Herbert Pötzl
22807 + * V0.01 basic implementation
22811 +#include <linux/sched.h>
22812 +#include <linux/vserver/debug.h>
22813 +#include <linux/vs_pid.h>
22814 +#include <linux/vs_tag.h>
22816 +#include <linux/vserver/tag_cmd.h>
22819 +int dx_migrate_task(struct task_struct *p, vtag_t tag)
22824 + vxdprintk(VXD_CBIT(tag, 5),
22825 + "dx_migrate_task(%p[#%d],#%d)", p, p->tag, tag);
22831 + vxdprintk(VXD_CBIT(tag, 5),
22832 + "moved task %p into [#%d]", p, tag);
22836 +/* vserver syscall commands below here */
22838 +/* taks xid and vx_info functions */
22841 +int vc_task_tag(uint32_t id)
22846 + struct task_struct *tsk;
22848 + tsk = find_task_by_real_pid(id);
22849 + tag = (tsk) ? tsk->tag : -ESRCH;
22850 + rcu_read_unlock();
22852 + tag = dx_current_tag();
22857 +int vc_tag_migrate(uint32_t tag)
22859 + return dx_migrate_task(current, tag & 0xFFFF);
22863 diff -NurpP --minimal linux-3.14.17/kernel/vserver/vci_config.h linux-3.14.17-vs2.3.6.13/kernel/vserver/vci_config.h
22864 --- linux-3.14.17/kernel/vserver/vci_config.h 1970-01-01 00:00:00.000000000 +0000
22865 +++ linux-3.14.17-vs2.3.6.13/kernel/vserver/vci_config.h 2014-08-30 14:27:38.000000000 +0000
22868 +/* interface version */
22870 +#define VCI_VERSION 0x00020308
22874 + VCI_KCBIT_NO_DYNAMIC = 0,
22876 + VCI_KCBIT_PROC_SECURE = 4,
22877 + /* VCI_KCBIT_HARDCPU = 5, */
22878 + /* VCI_KCBIT_IDLELIMIT = 6, */
22879 + /* VCI_KCBIT_IDLETIME = 7, */
22881 + VCI_KCBIT_COWBL = 8,
22882 + VCI_KCBIT_FULLCOWBL = 9,
22883 + VCI_KCBIT_SPACES = 10,
22884 + VCI_KCBIT_NETV2 = 11,
22885 + VCI_KCBIT_MEMCG = 12,
22886 + VCI_KCBIT_MEMCG_SWAP = 13,
22888 + VCI_KCBIT_DEBUG = 16,
22889 + VCI_KCBIT_HISTORY = 20,
22890 + VCI_KCBIT_TAGGED = 24,
22891 + VCI_KCBIT_PPTAG = 28,
22893 + VCI_KCBIT_MORE = 31,
22897 +static inline uint32_t vci_kernel_config(void)
22900 + (1 << VCI_KCBIT_NO_DYNAMIC) |
22902 + /* configured features */
22903 +#ifdef CONFIG_VSERVER_PROC_SECURE
22904 + (1 << VCI_KCBIT_PROC_SECURE) |
22906 +#ifdef CONFIG_VSERVER_COWBL
22907 + (1 << VCI_KCBIT_COWBL) |
22908 + (1 << VCI_KCBIT_FULLCOWBL) |
22910 + (1 << VCI_KCBIT_SPACES) |
22911 + (1 << VCI_KCBIT_NETV2) |
22912 +#ifdef CONFIG_MEMCG
22913 + (1 << VCI_KCBIT_MEMCG) |
22915 +#ifdef CONFIG_MEMCG_SWAP
22916 + (1 << VCI_KCBIT_MEMCG_SWAP) |
22919 + /* debug options */
22920 +#ifdef CONFIG_VSERVER_DEBUG
22921 + (1 << VCI_KCBIT_DEBUG) |
22923 +#ifdef CONFIG_VSERVER_HISTORY
22924 + (1 << VCI_KCBIT_HISTORY) |
22927 + /* inode context tagging */
22928 +#if defined(CONFIG_TAGGING_NONE)
22929 + (0 << VCI_KCBIT_TAGGED) |
22930 +#elif defined(CONFIG_TAGGING_UID16)
22931 + (1 << VCI_KCBIT_TAGGED) |
22932 +#elif defined(CONFIG_TAGGING_GID16)
22933 + (2 << VCI_KCBIT_TAGGED) |
22934 +#elif defined(CONFIG_TAGGING_ID24)
22935 + (3 << VCI_KCBIT_TAGGED) |
22936 +#elif defined(CONFIG_TAGGING_INTERN)
22937 + (4 << VCI_KCBIT_TAGGED) |
22938 +#elif defined(CONFIG_TAGGING_RUNTIME)
22939 + (5 << VCI_KCBIT_TAGGED) |
22941 + (7 << VCI_KCBIT_TAGGED) |
22943 + (1 << VCI_KCBIT_PPTAG) |
22947 diff -NurpP --minimal linux-3.14.17/mm/memcontrol.c linux-3.14.17-vs2.3.6.13/mm/memcontrol.c
22948 --- linux-3.14.17/mm/memcontrol.c 2014-08-14 01:38:34.000000000 +0000
22949 +++ linux-3.14.17-vs2.3.6.13/mm/memcontrol.c 2014-08-30 14:27:38.000000000 +0000
22950 @@ -1075,6 +1075,31 @@ struct mem_cgroup *mem_cgroup_from_task(
22951 return mem_cgroup_from_css(task_css(p, mem_cgroup_subsys_id));
22954 +u64 mem_cgroup_res_read_u64(struct mem_cgroup *mem, int member)
22956 + return res_counter_read_u64(&mem->res, member);
22959 +u64 mem_cgroup_memsw_read_u64(struct mem_cgroup *mem, int member)
22961 + return res_counter_read_u64(&mem->memsw, member);
22964 +s64 mem_cgroup_stat_read_cache(struct mem_cgroup *mem)
22966 + return mem_cgroup_read_stat(mem, MEM_CGROUP_STAT_CACHE);
22969 +s64 mem_cgroup_stat_read_anon(struct mem_cgroup *mem)
22971 + return mem_cgroup_read_stat(mem, MEM_CGROUP_STAT_RSS);
22974 +s64 mem_cgroup_stat_read_mapped(struct mem_cgroup *mem)
22976 + return mem_cgroup_read_stat(mem, MEM_CGROUP_STAT_FILE_MAPPED);
22979 struct mem_cgroup *try_get_mem_cgroup_from_mm(struct mm_struct *mm)
22981 struct mem_cgroup *memcg = NULL;
22982 diff -NurpP --minimal linux-3.14.17/mm/oom_kill.c linux-3.14.17-vs2.3.6.13/mm/oom_kill.c
22983 --- linux-3.14.17/mm/oom_kill.c 2014-08-14 01:38:34.000000000 +0000
22984 +++ linux-3.14.17-vs2.3.6.13/mm/oom_kill.c 2014-08-30 14:27:38.000000000 +0000
22986 #include <linux/freezer.h>
22987 #include <linux/ftrace.h>
22988 #include <linux/ratelimit.h>
22989 +#include <linux/reboot.h>
22990 +#include <linux/vs_context.h>
22992 #define CREATE_TRACE_POINTS
22993 #include <trace/events/oom.h>
22994 @@ -121,11 +123,18 @@ found:
22995 static bool oom_unkillable_task(struct task_struct *p,
22996 const struct mem_cgroup *memcg, const nodemask_t *nodemask)
22998 - if (is_global_init(p))
22999 + unsigned xid = vx_current_xid();
23001 + /* skip the init task, global and per guest */
23002 + if (task_is_init(p))
23004 if (p->flags & PF_KTHREAD)
23007 + /* skip other guest and host processes if oom in guest */
23008 + if (xid && vx_task_xid(p) != xid)
23011 /* When mem_cgroup_out_of_memory() and p is not member of the group */
23012 if (memcg && !task_in_mem_cgroup(p, memcg))
23014 @@ -438,8 +447,8 @@ void oom_kill_process(struct task_struct
23015 dump_header(p, gfp_mask, order, memcg, nodemask);
23018 - pr_err("%s: Kill process %d (%s) score %d or sacrifice child\n",
23019 - message, task_pid_nr(p), p->comm, points);
23020 + pr_err("%s: Kill process %d:#%u (%s) score %d or sacrifice child\n",
23021 + message, task_pid_nr(p), p->xid, p->comm, points);
23025 @@ -482,8 +491,8 @@ void oom_kill_process(struct task_struct
23027 /* mm cannot safely be dereferenced after task_unlock(victim) */
23029 - pr_err("Killed process %d (%s) total-vm:%lukB, anon-rss:%lukB, file-rss:%lukB\n",
23030 - task_pid_nr(victim), victim->comm, K(victim->mm->total_vm),
23031 + pr_err("Killed process %d:#%u (%s) total-vm:%lukB, anon-rss:%lukB, file-rss:%lukB\n",
23032 + task_pid_nr(victim), victim->xid, victim->comm, K(victim->mm->total_vm),
23033 K(get_mm_counter(victim->mm, MM_ANONPAGES)),
23034 K(get_mm_counter(victim->mm, MM_FILEPAGES)));
23035 task_unlock(victim);
23036 @@ -554,6 +563,8 @@ int unregister_oom_notifier(struct notif
23038 EXPORT_SYMBOL_GPL(unregister_oom_notifier);
23040 +long vs_oom_action(unsigned int);
23043 * Try to acquire the OOM killer lock for the zones in zonelist. Returns zero
23044 * if a parallel OOM killing is already taking place that includes a zone in
23045 @@ -666,7 +677,12 @@ void out_of_memory(struct zonelist *zone
23046 /* Found nothing?!?! Either we hang forever, or we panic. */
23048 dump_header(NULL, gfp_mask, order, NULL, mpol_mask);
23049 - panic("Out of memory and no killable processes...\n");
23051 + /* avoid panic for guest OOM */
23052 + if (vx_current_xid())
23053 + vs_oom_action(LINUX_REBOOT_CMD_OOM);
23055 + panic("Out of memory and no killable processes...\n");
23057 if (p != (void *)-1UL) {
23058 oom_kill_process(p, gfp_mask, order, points, totalpages, NULL,
23059 diff -NurpP --minimal linux-3.14.17/mm/page_alloc.c linux-3.14.17-vs2.3.6.13/mm/page_alloc.c
23060 --- linux-3.14.17/mm/page_alloc.c 2014-08-14 01:38:34.000000000 +0000
23061 +++ linux-3.14.17-vs2.3.6.13/mm/page_alloc.c 2014-08-30 14:27:38.000000000 +0000
23063 #include <linux/page-debug-flags.h>
23064 #include <linux/hugetlb.h>
23065 #include <linux/sched/rt.h>
23066 +#include <linux/vs_base.h>
23067 +#include <linux/vs_limit.h>
23069 #include <asm/sections.h>
23070 #include <asm/tlbflush.h>
23071 @@ -3019,6 +3021,9 @@ void si_meminfo(struct sysinfo *val)
23072 val->totalhigh = totalhigh_pages;
23073 val->freehigh = nr_free_highpages();
23074 val->mem_unit = PAGE_SIZE;
23076 + if (vx_flags(VXF_VIRT_MEM, 0))
23077 + vx_vsi_meminfo(val);
23080 EXPORT_SYMBOL(si_meminfo);
23081 @@ -3043,6 +3048,9 @@ void si_meminfo_node(struct sysinfo *val
23084 val->mem_unit = PAGE_SIZE;
23086 + if (vx_flags(VXF_VIRT_MEM, 0))
23087 + vx_vsi_meminfo(val);
23091 diff -NurpP --minimal linux-3.14.17/mm/pgtable-generic.c linux-3.14.17-vs2.3.6.13/mm/pgtable-generic.c
23092 --- linux-3.14.17/mm/pgtable-generic.c 2014-08-14 01:38:34.000000000 +0000
23093 +++ linux-3.14.17-vs2.3.6.13/mm/pgtable-generic.c 2014-08-30 14:27:38.000000000 +0000
23095 * Copyright (C) 2010 Linus Torvalds
23098 +#include <linux/mm.h>
23100 #include <linux/pagemap.h>
23101 #include <asm/tlb.h>
23102 #include <asm-generic/pgtable.h>
23103 diff -NurpP --minimal linux-3.14.17/mm/shmem.c linux-3.14.17-vs2.3.6.13/mm/shmem.c
23104 --- linux-3.14.17/mm/shmem.c 2014-08-14 01:38:34.000000000 +0000
23105 +++ linux-3.14.17-vs2.3.6.13/mm/shmem.c 2014-08-30 14:27:38.000000000 +0000
23106 @@ -1987,7 +1987,7 @@ static int shmem_statfs(struct dentry *d
23108 struct shmem_sb_info *sbinfo = SHMEM_SB(dentry->d_sb);
23110 - buf->f_type = TMPFS_MAGIC;
23111 + buf->f_type = TMPFS_SUPER_MAGIC;
23112 buf->f_bsize = PAGE_CACHE_SIZE;
23113 buf->f_namelen = NAME_MAX;
23114 if (sbinfo->max_blocks) {
23115 @@ -2705,7 +2705,7 @@ int shmem_fill_super(struct super_block
23116 sb->s_maxbytes = MAX_LFS_FILESIZE;
23117 sb->s_blocksize = PAGE_CACHE_SIZE;
23118 sb->s_blocksize_bits = PAGE_CACHE_SHIFT;
23119 - sb->s_magic = TMPFS_MAGIC;
23120 + sb->s_magic = TMPFS_SUPER_MAGIC;
23121 sb->s_op = &shmem_ops;
23122 sb->s_time_gran = 1;
23123 #ifdef CONFIG_TMPFS_XATTR
23124 diff -NurpP --minimal linux-3.14.17/mm/slab.c linux-3.14.17-vs2.3.6.13/mm/slab.c
23125 --- linux-3.14.17/mm/slab.c 2014-08-14 01:38:34.000000000 +0000
23126 +++ linux-3.14.17-vs2.3.6.13/mm/slab.c 2014-08-30 14:27:38.000000000 +0000
23127 @@ -322,6 +322,8 @@ static void kmem_cache_node_init(struct
23128 #define STATS_INC_FREEMISS(x) do { } while (0)
23131 +#include "slab_vs.h"
23136 @@ -3296,6 +3298,7 @@ slab_alloc_node(struct kmem_cache *cache
23137 /* ___cache_alloc_node can fall back to other nodes */
23138 ptr = ____cache_alloc_node(cachep, flags, nodeid);
23140 + vx_slab_alloc(cachep, flags);
23141 local_irq_restore(save_flags);
23142 ptr = cache_alloc_debugcheck_after(cachep, flags, ptr, caller);
23143 kmemleak_alloc_recursive(ptr, cachep->object_size, 1, cachep->flags,
23144 @@ -3486,6 +3489,7 @@ static inline void __cache_free(struct k
23146 kmemleak_free_recursive(objp, cachep->flags);
23147 objp = cache_free_debugcheck(cachep, objp, caller);
23148 + vx_slab_free(cachep);
23150 kmemcheck_slab_free(cachep, objp, cachep->object_size);
23152 diff -NurpP --minimal linux-3.14.17/mm/slab_vs.h linux-3.14.17-vs2.3.6.13/mm/slab_vs.h
23153 --- linux-3.14.17/mm/slab_vs.h 1970-01-01 00:00:00.000000000 +0000
23154 +++ linux-3.14.17-vs2.3.6.13/mm/slab_vs.h 2014-08-30 14:27:38.000000000 +0000
23157 +#include <linux/vserver/context.h>
23159 +#include <linux/vs_context.h>
23162 +void vx_slab_alloc(struct kmem_cache *cachep, gfp_t flags)
23164 + int what = gfp_zone(cachep->allocflags);
23165 + struct vx_info *vxi = current_vx_info();
23170 + atomic_add(cachep->size, &vxi->cacct.slab[what]);
23174 +void vx_slab_free(struct kmem_cache *cachep)
23176 + int what = gfp_zone(cachep->allocflags);
23177 + struct vx_info *vxi = current_vx_info();
23182 + atomic_sub(cachep->size, &vxi->cacct.slab[what]);
23185 diff -NurpP --minimal linux-3.14.17/mm/swapfile.c linux-3.14.17-vs2.3.6.13/mm/swapfile.c
23186 --- linux-3.14.17/mm/swapfile.c 2014-08-14 01:38:34.000000000 +0000
23187 +++ linux-3.14.17-vs2.3.6.13/mm/swapfile.c 2014-08-30 14:27:38.000000000 +0000
23189 #include <asm/tlbflush.h>
23190 #include <linux/swapops.h>
23191 #include <linux/page_cgroup.h>
23192 +#include <linux/vs_base.h>
23194 static bool swap_count_continued(struct swap_info_struct *, pgoff_t,
23196 @@ -2043,6 +2044,16 @@ static int swap_show(struct seq_file *sw
23198 if (si == SEQ_START_TOKEN) {
23199 seq_puts(swap,"Filename\t\t\t\tType\t\tSize\tUsed\tPriority\n");
23200 + if (vx_flags(VXF_VIRT_MEM, 0)) {
23201 + struct sysinfo si;
23203 + vx_vsi_swapinfo(&si);
23204 + if (si.totalswap < (1 << 10))
23206 + seq_printf(swap, "%s\t\t\t\t\t%s\t%lu\t%lu\t%d\n",
23207 + "hdv0", "partition", si.totalswap >> 10,
23208 + (si.totalswap - si.freeswap) >> 10, -1);
23213 @@ -2590,6 +2601,8 @@ void si_swapinfo(struct sysinfo *val)
23214 val->freeswap = atomic_long_read(&nr_swap_pages) + nr_to_be_unused;
23215 val->totalswap = total_swap_pages + nr_to_be_unused;
23216 spin_unlock(&swap_lock);
23217 + if (vx_flags(VXF_VIRT_MEM, 0))
23218 + vx_vsi_swapinfo(val);
23222 diff -NurpP --minimal linux-3.14.17/net/bridge/br_multicast.c linux-3.14.17-vs2.3.6.13/net/bridge/br_multicast.c
23223 --- linux-3.14.17/net/bridge/br_multicast.c 2014-08-14 01:38:34.000000000 +0000
23224 +++ linux-3.14.17-vs2.3.6.13/net/bridge/br_multicast.c 2014-08-30 14:27:38.000000000 +0000
23225 @@ -447,7 +447,7 @@ static struct sk_buff *br_ip6_multicast_
23226 ip6h->hop_limit = 1;
23227 ipv6_addr_set(&ip6h->daddr, htonl(0xff020000), 0, 0, htonl(1));
23228 if (ipv6_dev_get_saddr(dev_net(br->dev), br->dev, &ip6h->daddr, 0,
23230 + &ip6h->saddr, NULL)) {
23234 diff -NurpP --minimal linux-3.14.17/net/core/dev.c linux-3.14.17-vs2.3.6.13/net/core/dev.c
23235 --- linux-3.14.17/net/core/dev.c 2014-08-14 01:38:34.000000000 +0000
23236 +++ linux-3.14.17-vs2.3.6.13/net/core/dev.c 2014-08-30 14:27:38.000000000 +0000
23237 @@ -122,6 +122,7 @@
23238 #include <linux/in.h>
23239 #include <linux/jhash.h>
23240 #include <linux/random.h>
23241 +#include <linux/vs_inet.h>
23242 #include <trace/events/napi.h>
23243 #include <trace/events/net.h>
23244 #include <trace/events/skb.h>
23245 @@ -673,7 +674,8 @@ struct net_device *__dev_get_by_name(str
23246 struct hlist_head *head = dev_name_hash(net, name);
23248 hlist_for_each_entry(dev, head, name_hlist)
23249 - if (!strncmp(dev->name, name, IFNAMSIZ))
23250 + if (!strncmp(dev->name, name, IFNAMSIZ) &&
23251 + nx_dev_visible(current_nx_info(), dev))
23255 @@ -698,7 +700,8 @@ struct net_device *dev_get_by_name_rcu(s
23256 struct hlist_head *head = dev_name_hash(net, name);
23258 hlist_for_each_entry_rcu(dev, head, name_hlist)
23259 - if (!strncmp(dev->name, name, IFNAMSIZ))
23260 + if (!strncmp(dev->name, name, IFNAMSIZ) &&
23261 + nx_dev_visible(current_nx_info(), dev))
23265 @@ -748,7 +751,8 @@ struct net_device *__dev_get_by_index(st
23266 struct hlist_head *head = dev_index_hash(net, ifindex);
23268 hlist_for_each_entry(dev, head, index_hlist)
23269 - if (dev->ifindex == ifindex)
23270 + if ((dev->ifindex == ifindex) &&
23271 + nx_dev_visible(current_nx_info(), dev))
23275 @@ -766,7 +770,7 @@ EXPORT_SYMBOL(__dev_get_by_index);
23276 * about locking. The caller must hold RCU lock.
23279 -struct net_device *dev_get_by_index_rcu(struct net *net, int ifindex)
23280 +struct net_device *dev_get_by_index_real_rcu(struct net *net, int ifindex)
23282 struct net_device *dev;
23283 struct hlist_head *head = dev_index_hash(net, ifindex);
23284 @@ -777,6 +781,16 @@ struct net_device *dev_get_by_index_rcu(
23288 +EXPORT_SYMBOL(dev_get_by_index_real_rcu);
23290 +struct net_device *dev_get_by_index_rcu(struct net *net, int ifindex)
23292 + struct net_device *dev = dev_get_by_index_real_rcu(net, ifindex);
23294 + if (nx_dev_visible(current_nx_info(), dev))
23298 EXPORT_SYMBOL(dev_get_by_index_rcu);
23301 @@ -859,7 +873,8 @@ struct net_device *dev_getbyhwaddr_rcu(s
23303 for_each_netdev_rcu(net, dev)
23304 if (dev->type == type &&
23305 - !memcmp(dev->dev_addr, ha, dev->addr_len))
23306 + !memcmp(dev->dev_addr, ha, dev->addr_len) &&
23307 + nx_dev_visible(current_nx_info(), dev))
23311 @@ -871,9 +886,11 @@ struct net_device *__dev_getfirstbyhwtyp
23312 struct net_device *dev;
23315 - for_each_netdev(net, dev)
23316 - if (dev->type == type)
23317 + for_each_netdev(net, dev) {
23318 + if ((dev->type == type) &&
23319 + nx_dev_visible(current_nx_info(), dev))
23325 @@ -885,7 +902,8 @@ struct net_device *dev_getfirstbyhwtype(
23328 for_each_netdev_rcu(net, dev)
23329 - if (dev->type == type) {
23330 + if ((dev->type == type) &&
23331 + nx_dev_visible(current_nx_info(), dev)) {
23335 @@ -913,7 +931,8 @@ struct net_device *dev_get_by_flags_rcu(
23338 for_each_netdev_rcu(net, dev) {
23339 - if (((dev->flags ^ if_flags) & mask) == 0) {
23340 + if ((((dev->flags ^ if_flags) & mask) == 0) &&
23341 + nx_dev_visible(current_nx_info(), dev)) {
23345 @@ -991,6 +1010,8 @@ static int __dev_alloc_name(struct net *
23347 if (i < 0 || i >= max_netdevices)
23349 + if (!nx_dev_visible(current_nx_info(), d))
23352 /* avoid cases where sscanf is not exact inverse of printf */
23353 snprintf(buf, IFNAMSIZ, name, i);
23354 diff -NurpP --minimal linux-3.14.17/net/core/net-procfs.c linux-3.14.17-vs2.3.6.13/net/core/net-procfs.c
23355 --- linux-3.14.17/net/core/net-procfs.c 2014-08-14 01:38:34.000000000 +0000
23356 +++ linux-3.14.17-vs2.3.6.13/net/core/net-procfs.c 2014-08-30 14:27:38.000000000 +0000
23358 #include <linux/netdevice.h>
23359 #include <linux/proc_fs.h>
23360 #include <linux/seq_file.h>
23361 +#include <linux/vs_inet.h>
23362 #include <net/wext.h>
23364 #define BUCKET_SPACE (32 - NETDEV_HASHBITS - 1)
23365 @@ -77,8 +78,13 @@ static void dev_seq_stop(struct seq_file
23366 static void dev_seq_printf_stats(struct seq_file *seq, struct net_device *dev)
23368 struct rtnl_link_stats64 temp;
23369 - const struct rtnl_link_stats64 *stats = dev_get_stats(dev, &temp);
23370 + const struct rtnl_link_stats64 *stats;
23372 + /* device visible inside network context? */
23373 + if (!nx_dev_visible(current_nx_info(), dev))
23376 + stats = dev_get_stats(dev, &temp);
23377 seq_printf(seq, "%6s: %7llu %7llu %4llu %4llu %4llu %5llu %10llu %9llu "
23378 "%8llu %7llu %4llu %4llu %4llu %5llu %7llu %10llu\n",
23379 dev->name, stats->rx_bytes, stats->rx_packets,
23380 diff -NurpP --minimal linux-3.14.17/net/core/rtnetlink.c linux-3.14.17-vs2.3.6.13/net/core/rtnetlink.c
23381 --- linux-3.14.17/net/core/rtnetlink.c 2014-08-14 01:38:34.000000000 +0000
23382 +++ linux-3.14.17-vs2.3.6.13/net/core/rtnetlink.c 2014-08-30 14:40:40.000000000 +0000
23383 @@ -1196,6 +1196,8 @@ static int rtnl_dump_ifinfo(struct sk_bu
23384 hlist_for_each_entry_rcu(dev, head, index_hlist) {
23387 + if (!nx_dev_visible(skb->sk->sk_nx_info, dev))
23389 err = rtnl_fill_ifinfo(skb, dev, RTM_NEWLINK,
23390 NETLINK_CB(cb->skb).portid,
23391 cb->nlh->nlmsg_seq, 0,
23392 @@ -2156,6 +2158,9 @@ void rtmsg_ifinfo(int type, struct net_d
23393 int err = -ENOBUFS;
23394 size_t if_info_size;
23396 + if (!nx_dev_visible(current_nx_info(), dev))
23399 skb = nlmsg_new((if_info_size = if_nlmsg_size(dev, 0)), flags);
23402 diff -NurpP --minimal linux-3.14.17/net/core/sock.c linux-3.14.17-vs2.3.6.13/net/core/sock.c
23403 --- linux-3.14.17/net/core/sock.c 2014-08-14 01:38:34.000000000 +0000
23404 +++ linux-3.14.17-vs2.3.6.13/net/core/sock.c 2014-08-30 14:27:38.000000000 +0000
23405 @@ -133,6 +133,10 @@
23406 #include <net/netprio_cgroup.h>
23408 #include <linux/filter.h>
23409 +#include <linux/vs_socket.h>
23410 +#include <linux/vs_limit.h>
23411 +#include <linux/vs_context.h>
23412 +#include <linux/vs_network.h>
23414 #include <trace/events/sock.h>
23416 @@ -1331,6 +1335,8 @@ static struct sock *sk_prot_alloc(struct
23418 sk_tx_queue_clear(sk);
23420 + sock_vx_init(sk);
23421 + sock_nx_init(sk);
23425 @@ -1427,6 +1433,11 @@ static void __sk_free(struct sock *sk)
23426 put_cred(sk->sk_peer_cred);
23427 put_pid(sk->sk_peer_pid);
23428 put_net(sock_net(sk));
23430 + clr_vx_info(&sk->sk_vx_info);
23432 + clr_nx_info(&sk->sk_nx_info);
23434 sk_prot_free(sk->sk_prot_creator, sk);
23437 @@ -1487,6 +1498,8 @@ struct sock *sk_clone_lock(const struct
23440 get_net(sock_net(newsk));
23441 + sock_vx_init(newsk);
23442 + sock_nx_init(newsk);
23443 sk_node_init(&newsk->sk_node);
23444 sock_lock_init(newsk);
23445 bh_lock_sock(newsk);
23446 @@ -1543,6 +1556,12 @@ struct sock *sk_clone_lock(const struct
23448 atomic_set(&newsk->sk_refcnt, 2);
23450 + set_vx_info(&newsk->sk_vx_info, sk->sk_vx_info);
23451 + newsk->sk_xid = sk->sk_xid;
23452 + vx_sock_inc(newsk);
23453 + set_nx_info(&newsk->sk_nx_info, sk->sk_nx_info);
23454 + newsk->sk_nid = sk->sk_nid;
23457 * Increment the counter in the same struct proto as the master
23458 * sock (sk_refcnt_debug_inc uses newsk->sk_prot->socks, that
23459 @@ -2362,6 +2381,12 @@ void sock_init_data(struct socket *sock,
23461 sk->sk_stamp = ktime_set(-1L, 0);
23463 + set_vx_info(&sk->sk_vx_info, current_vx_info());
23464 + sk->sk_xid = vx_current_xid();
23466 + set_nx_info(&sk->sk_nx_info, current_nx_info());
23467 + sk->sk_nid = nx_current_nid();
23469 #ifdef CONFIG_NET_RX_BUSY_POLL
23470 sk->sk_napi_id = 0;
23471 sk->sk_ll_usec = sysctl_net_busy_read;
23472 diff -NurpP --minimal linux-3.14.17/net/ipv4/af_inet.c linux-3.14.17-vs2.3.6.13/net/ipv4/af_inet.c
23473 --- linux-3.14.17/net/ipv4/af_inet.c 2014-08-14 01:38:34.000000000 +0000
23474 +++ linux-3.14.17-vs2.3.6.13/net/ipv4/af_inet.c 2014-08-30 14:27:38.000000000 +0000
23475 @@ -118,6 +118,7 @@
23476 #ifdef CONFIG_IP_MROUTE
23477 #include <linux/mroute.h>
23479 +#include <linux/vs_limit.h>
23482 /* The inetsw table contains everything that inet_create needs to
23483 @@ -306,10 +307,13 @@ lookup_protocol:
23487 + if ((protocol == IPPROTO_ICMP) &&
23488 + nx_capable(CAP_NET_RAW, NXC_RAW_ICMP))
23490 if (sock->type == SOCK_RAW && !kern &&
23491 !ns_capable(net->user_ns, CAP_NET_RAW))
23492 goto out_rcu_unlock;
23495 sock->ops = answer->ops;
23496 answer_prot = answer->prot;
23497 answer_no_check = answer->no_check;
23498 @@ -430,6 +434,7 @@ int inet_bind(struct socket *sock, struc
23499 struct sockaddr_in *addr = (struct sockaddr_in *)uaddr;
23500 struct sock *sk = sock->sk;
23501 struct inet_sock *inet = inet_sk(sk);
23502 + struct nx_v4_sock_addr nsa;
23503 struct net *net = sock_net(sk);
23504 unsigned short snum;
23506 @@ -454,7 +459,11 @@ int inet_bind(struct socket *sock, struc
23510 - chk_addr_ret = inet_addr_type(net, addr->sin_addr.s_addr);
23511 + err = v4_map_sock_addr(inet, addr, &nsa);
23515 + chk_addr_ret = inet_addr_type(net, nsa.saddr);
23517 /* Not specified by any standard per-se, however it breaks too
23518 * many applications when removed. It is unfortunate since
23519 @@ -466,7 +475,7 @@ int inet_bind(struct socket *sock, struc
23520 err = -EADDRNOTAVAIL;
23521 if (!sysctl_ip_nonlocal_bind &&
23522 !(inet->freebind || inet->transparent) &&
23523 - addr->sin_addr.s_addr != htonl(INADDR_ANY) &&
23524 + nsa.saddr != htonl(INADDR_ANY) &&
23525 chk_addr_ret != RTN_LOCAL &&
23526 chk_addr_ret != RTN_MULTICAST &&
23527 chk_addr_ret != RTN_BROADCAST)
23528 @@ -492,7 +501,7 @@ int inet_bind(struct socket *sock, struc
23529 if (sk->sk_state != TCP_CLOSE || inet->inet_num)
23530 goto out_release_sock;
23532 - inet->inet_rcv_saddr = inet->inet_saddr = addr->sin_addr.s_addr;
23533 + v4_set_sock_addr(inet, &nsa);
23534 if (chk_addr_ret == RTN_MULTICAST || chk_addr_ret == RTN_BROADCAST)
23535 inet->inet_saddr = 0; /* Use device */
23537 @@ -711,11 +720,13 @@ int inet_getname(struct socket *sock, st
23540 sin->sin_port = inet->inet_dport;
23541 - sin->sin_addr.s_addr = inet->inet_daddr;
23542 + sin->sin_addr.s_addr =
23543 + nx_map_sock_lback(sk->sk_nx_info, inet->inet_daddr);
23545 __be32 addr = inet->inet_rcv_saddr;
23547 addr = inet->inet_saddr;
23548 + addr = nx_map_sock_lback(sk->sk_nx_info, addr);
23549 sin->sin_port = inet->inet_sport;
23550 sin->sin_addr.s_addr = addr;
23552 diff -NurpP --minimal linux-3.14.17/net/ipv4/arp.c linux-3.14.17-vs2.3.6.13/net/ipv4/arp.c
23553 --- linux-3.14.17/net/ipv4/arp.c 2014-08-14 01:38:34.000000000 +0000
23554 +++ linux-3.14.17-vs2.3.6.13/net/ipv4/arp.c 2014-08-30 14:27:38.000000000 +0000
23555 @@ -1345,6 +1345,7 @@ static void arp_format_neigh_entry(struc
23556 struct net_device *dev = n->dev;
23557 int hatype = dev->type;
23559 + /* FIXME: check for network context */
23560 read_lock(&n->lock);
23561 /* Convert hardware address to XX:XX:XX:XX ... form. */
23562 #if IS_ENABLED(CONFIG_AX25)
23563 @@ -1376,6 +1377,7 @@ static void arp_format_pneigh_entry(stru
23564 int hatype = dev ? dev->type : 0;
23567 + /* FIXME: check for network context */
23568 sprintf(tbuf, "%pI4", n->key);
23569 seq_printf(seq, "%-16s 0x%-10x0x%-10x%s * %s\n",
23570 tbuf, hatype, ATF_PUBL | ATF_PERM, "00:00:00:00:00:00",
23571 diff -NurpP --minimal linux-3.14.17/net/ipv4/devinet.c linux-3.14.17-vs2.3.6.13/net/ipv4/devinet.c
23572 --- linux-3.14.17/net/ipv4/devinet.c 2014-08-14 01:38:34.000000000 +0000
23573 +++ linux-3.14.17-vs2.3.6.13/net/ipv4/devinet.c 2014-08-30 14:27:38.000000000 +0000
23574 @@ -529,6 +529,7 @@ struct in_device *inetdev_by_index(struc
23576 EXPORT_SYMBOL(inetdev_by_index);
23579 /* Called only from RTNL semaphored context. No locks. */
23581 struct in_ifaddr *inet_ifa_byprefix(struct in_device *in_dev, __be32 prefix,
23582 @@ -953,6 +954,8 @@ int devinet_ioctl(struct net *net, unsig
23584 in_dev = __in_dev_get_rtnl(dev);
23586 + struct nx_info *nxi = current_nx_info();
23588 if (tryaddrmatch) {
23589 /* Matthias Andree */
23590 /* compare label and address (4.4BSD style) */
23591 @@ -961,6 +964,8 @@ int devinet_ioctl(struct net *net, unsig
23592 This is checked above. */
23593 for (ifap = &in_dev->ifa_list; (ifa = *ifap) != NULL;
23594 ifap = &ifa->ifa_next) {
23595 + if (!nx_v4_ifa_visible(nxi, ifa))
23597 if (!strcmp(ifr.ifr_name, ifa->ifa_label) &&
23598 sin_orig.sin_addr.s_addr ==
23600 @@ -973,9 +978,12 @@ int devinet_ioctl(struct net *net, unsig
23601 comparing just the label */
23603 for (ifap = &in_dev->ifa_list; (ifa = *ifap) != NULL;
23604 - ifap = &ifa->ifa_next)
23605 + ifap = &ifa->ifa_next) {
23606 + if (!nx_v4_ifa_visible(nxi, ifa))
23608 if (!strcmp(ifr.ifr_name, ifa->ifa_label))
23614 @@ -1129,6 +1137,8 @@ static int inet_gifconf(struct net_devic
23617 for (ifa = in_dev->ifa_list; ifa; ifa = ifa->ifa_next) {
23618 + if (!nx_v4_ifa_visible(current_nx_info(), ifa))
23621 done += sizeof(ifr);
23623 @@ -1533,6 +1543,7 @@ static int inet_dump_ifaddr(struct sk_bu
23624 struct net_device *dev;
23625 struct in_device *in_dev;
23626 struct in_ifaddr *ifa;
23627 + struct sock *sk = skb->sk;
23628 struct hlist_head *head;
23631 @@ -1556,6 +1567,8 @@ static int inet_dump_ifaddr(struct sk_bu
23633 for (ifa = in_dev->ifa_list, ip_idx = 0; ifa;
23634 ifa = ifa->ifa_next, ip_idx++) {
23635 + if (sk && !nx_v4_ifa_visible(sk->sk_nx_info, ifa))
23637 if (ip_idx < s_ip_idx)
23639 if (inet_fill_ifaddr(skb, ifa,
23640 diff -NurpP --minimal linux-3.14.17/net/ipv4/fib_trie.c linux-3.14.17-vs2.3.6.13/net/ipv4/fib_trie.c
23641 --- linux-3.14.17/net/ipv4/fib_trie.c 2014-08-14 01:38:34.000000000 +0000
23642 +++ linux-3.14.17-vs2.3.6.13/net/ipv4/fib_trie.c 2014-08-30 14:27:38.000000000 +0000
23643 @@ -2530,6 +2530,7 @@ static int fib_route_seq_show(struct seq
23645 seq_setwidth(seq, 127);
23647 + /* FIXME: check for network context? */
23650 "%s\t%08X\t%08X\t%04X\t%d\t%u\t"
23651 diff -NurpP --minimal linux-3.14.17/net/ipv4/inet_connection_sock.c linux-3.14.17-vs2.3.6.13/net/ipv4/inet_connection_sock.c
23652 --- linux-3.14.17/net/ipv4/inet_connection_sock.c 2014-08-14 01:38:34.000000000 +0000
23653 +++ linux-3.14.17-vs2.3.6.13/net/ipv4/inet_connection_sock.c 2014-08-30 14:27:38.000000000 +0000
23654 @@ -45,6 +45,37 @@ void inet_get_local_port_range(struct ne
23656 EXPORT_SYMBOL(inet_get_local_port_range);
23658 +int ipv4_rcv_saddr_equal(const struct sock *sk1, const struct sock *sk2)
23660 + __be32 sk1_rcv_saddr = sk1->sk_rcv_saddr,
23661 + sk2_rcv_saddr = sk2->sk_rcv_saddr;
23663 + if (inet_v6_ipv6only(sk2))
23666 + if (sk1_rcv_saddr &&
23668 + sk1_rcv_saddr == sk2_rcv_saddr)
23671 + if (sk1_rcv_saddr &&
23672 + !sk2_rcv_saddr &&
23673 + v4_addr_in_nx_info(sk2->sk_nx_info, sk1_rcv_saddr, NXA_MASK_BIND))
23676 + if (sk2_rcv_saddr &&
23677 + !sk1_rcv_saddr &&
23678 + v4_addr_in_nx_info(sk1->sk_nx_info, sk2_rcv_saddr, NXA_MASK_BIND))
23681 + if (!sk1_rcv_saddr &&
23682 + !sk2_rcv_saddr &&
23683 + nx_v4_addr_conflict(sk1->sk_nx_info, sk2->sk_nx_info))
23689 int inet_csk_bind_conflict(const struct sock *sk,
23690 const struct inet_bind_bucket *tb, bool relax)
23692 @@ -72,15 +103,13 @@ int inet_csk_bind_conflict(const struct
23693 (sk2->sk_state != TCP_TIME_WAIT &&
23694 !uid_eq(uid, sock_i_uid(sk2))))) {
23696 - if (!sk2->sk_rcv_saddr || !sk->sk_rcv_saddr ||
23697 - sk2->sk_rcv_saddr == sk->sk_rcv_saddr)
23698 + if (ipv4_rcv_saddr_equal(sk, sk2))
23701 if (!relax && reuse && sk2->sk_reuse &&
23702 sk2->sk_state != TCP_LISTEN) {
23704 - if (!sk2->sk_rcv_saddr || !sk->sk_rcv_saddr ||
23705 - sk2->sk_rcv_saddr == sk->sk_rcv_saddr)
23706 + if (ipv4_rcv_saddr_equal(sk, sk2))
23710 diff -NurpP --minimal linux-3.14.17/net/ipv4/inet_diag.c linux-3.14.17-vs2.3.6.13/net/ipv4/inet_diag.c
23711 --- linux-3.14.17/net/ipv4/inet_diag.c 2014-08-14 01:38:34.000000000 +0000
23712 +++ linux-3.14.17-vs2.3.6.13/net/ipv4/inet_diag.c 2014-08-30 14:27:38.000000000 +0000
23715 #include <linux/inet.h>
23716 #include <linux/stddef.h>
23717 +#include <linux/vs_network.h>
23718 +#include <linux/vs_inet.h>
23720 #include <linux/inet_diag.h>
23721 #include <linux/sock_diag.h>
23722 @@ -110,8 +112,10 @@ int inet_sk_diag_fill(struct sock *sk, s
23723 memset(&r->id.idiag_src, 0, sizeof(r->id.idiag_src));
23724 memset(&r->id.idiag_dst, 0, sizeof(r->id.idiag_dst));
23726 - r->id.idiag_src[0] = inet->inet_rcv_saddr;
23727 - r->id.idiag_dst[0] = inet->inet_daddr;
23728 + r->id.idiag_src[0] = nx_map_sock_lback(sk->sk_nx_info,
23729 + inet->inet_rcv_saddr);
23730 + r->id.idiag_dst[0] = nx_map_sock_lback(sk->sk_nx_info,
23731 + inet->inet_daddr);
23733 if (nla_put_u8(skb, INET_DIAG_SHUTDOWN, sk->sk_shutdown))
23735 @@ -254,8 +258,8 @@ static int inet_twsk_diag_fill(struct in
23736 memset(&r->id.idiag_src, 0, sizeof(r->id.idiag_src));
23737 memset(&r->id.idiag_dst, 0, sizeof(r->id.idiag_dst));
23739 - r->id.idiag_src[0] = tw->tw_rcv_saddr;
23740 - r->id.idiag_dst[0] = tw->tw_daddr;
23741 + r->id.idiag_src[0] = nx_map_sock_lback(tw->tw_nx_info, tw->tw_rcv_saddr);
23742 + r->id.idiag_dst[0] = nx_map_sock_lback(tw->tw_nx_info, tw->tw_daddr);
23744 r->idiag_state = tw->tw_substate;
23745 r->idiag_timer = 3;
23746 @@ -298,12 +302,14 @@ int inet_diag_dump_one_icsk(struct inet_
23749 if (req->sdiag_family == AF_INET) {
23750 + /* TODO: lback */
23751 sk = inet_lookup(net, hashinfo, req->id.idiag_dst[0],
23752 req->id.idiag_dport, req->id.idiag_src[0],
23753 req->id.idiag_sport, req->id.idiag_if);
23755 #if IS_ENABLED(CONFIG_IPV6)
23756 else if (req->sdiag_family == AF_INET6) {
23757 + /* TODO: lback */
23758 sk = inet6_lookup(net, hashinfo,
23759 (struct in6_addr *)req->id.idiag_dst,
23760 req->id.idiag_dport,
23761 @@ -501,6 +507,7 @@ int inet_diag_bc_sk(const struct nlattr
23765 + /* TODO: lback */
23766 entry.saddr = &inet->inet_rcv_saddr;
23767 entry.daddr = &inet->inet_daddr;
23769 @@ -659,6 +666,7 @@ static int inet_twsk_diag_dump(struct so
23773 + /* TODO: lback */
23774 entry.saddr = &tw->tw_rcv_saddr;
23775 entry.daddr = &tw->tw_daddr;
23777 @@ -741,8 +749,8 @@ static int inet_diag_fill_req(struct sk_
23778 memset(&r->id.idiag_src, 0, sizeof(r->id.idiag_src));
23779 memset(&r->id.idiag_dst, 0, sizeof(r->id.idiag_dst));
23781 - r->id.idiag_src[0] = ireq->ir_loc_addr;
23782 - r->id.idiag_dst[0] = ireq->ir_rmt_addr;
23783 + r->id.idiag_src[0] = nx_map_sock_lback(sk->sk_nx_info, ireq->ir_loc_addr);
23784 + r->id.idiag_dst[0] = nx_map_sock_lback(sk->sk_nx_info, ireq->ir_rmt_addr);
23786 r->idiag_expires = jiffies_to_msecs(tmo);
23787 r->idiag_rqueue = 0;
23788 @@ -806,6 +814,7 @@ static int inet_diag_dump_reqs(struct sk
23792 + /* TODO: lback */
23794 inet_diag_req_addrs(sk, req, &entry);
23795 entry.dport = ntohs(ireq->ir_rmt_port);
23796 @@ -862,6 +871,8 @@ void inet_diag_dump_icsk(struct inet_has
23797 if (!net_eq(sock_net(sk), net))
23800 + if (!nx_check(sk->sk_nid, VS_WATCH_P | VS_IDENT))
23805 @@ -934,6 +945,8 @@ skip_listen_ht:
23807 if (!net_eq(sock_net(sk), net))
23809 + if (!nx_check(sk->sk_nid, VS_WATCH_P | VS_IDENT))
23813 state = (sk->sk_state == TCP_TIME_WAIT) ?
23814 diff -NurpP --minimal linux-3.14.17/net/ipv4/inet_hashtables.c linux-3.14.17-vs2.3.6.13/net/ipv4/inet_hashtables.c
23815 --- linux-3.14.17/net/ipv4/inet_hashtables.c 2014-08-14 01:38:34.000000000 +0000
23816 +++ linux-3.14.17-vs2.3.6.13/net/ipv4/inet_hashtables.c 2014-08-30 14:27:38.000000000 +0000
23818 #include <net/inet_connection_sock.h>
23819 #include <net/inet_hashtables.h>
23820 #include <net/secure_seq.h>
23821 +#include <net/route.h>
23822 #include <net/ip.h>
23824 static unsigned int inet_ehashfn(struct net *net, const __be32 laddr,
23825 @@ -181,6 +182,11 @@ static inline int compute_score(struct s
23826 if (rcv_saddr != daddr)
23830 + /* block non nx_info ips */
23831 + if (!v4_addr_in_nx_info(sk->sk_nx_info,
23832 + daddr, NXA_MASK_BIND))
23835 if (sk->sk_bound_dev_if) {
23836 if (sk->sk_bound_dev_if != dif)
23837 @@ -198,7 +204,6 @@ static inline int compute_score(struct s
23838 * wildcarded during the search since they can never be otherwise.
23842 struct sock *__inet_lookup_listener(struct net *net,
23843 struct inet_hashinfo *hashinfo,
23844 const __be32 saddr, __be16 sport,
23845 @@ -234,6 +239,7 @@ begin:
23846 phash = next_pseudo_random32(phash);
23851 * if the nulls value we got at the end of this lookup is
23852 * not the expected one, we must restart lookup.
23853 diff -NurpP --minimal linux-3.14.17/net/ipv4/netfilter.c linux-3.14.17-vs2.3.6.13/net/ipv4/netfilter.c
23854 --- linux-3.14.17/net/ipv4/netfilter.c 2014-08-14 01:38:34.000000000 +0000
23855 +++ linux-3.14.17-vs2.3.6.13/net/ipv4/netfilter.c 2014-08-30 14:27:38.000000000 +0000
23857 #include <linux/skbuff.h>
23858 #include <linux/gfp.h>
23859 #include <linux/export.h>
23860 -#include <net/route.h>
23861 +// #include <net/route.h>
23862 #include <net/xfrm.h>
23863 #include <net/ip.h>
23864 #include <net/netfilter/nf_queue.h>
23865 diff -NurpP --minimal linux-3.14.17/net/ipv4/raw.c linux-3.14.17-vs2.3.6.13/net/ipv4/raw.c
23866 --- linux-3.14.17/net/ipv4/raw.c 2014-08-14 01:38:34.000000000 +0000
23867 +++ linux-3.14.17-vs2.3.6.13/net/ipv4/raw.c 2014-08-30 14:27:38.000000000 +0000
23868 @@ -116,7 +116,7 @@ static struct sock *__raw_v4_lookup(stru
23870 if (net_eq(sock_net(sk), net) && inet->inet_num == num &&
23871 !(inet->inet_daddr && inet->inet_daddr != raddr) &&
23872 - !(inet->inet_rcv_saddr && inet->inet_rcv_saddr != laddr) &&
23873 + v4_sock_addr_match(sk->sk_nx_info, inet, laddr) &&
23874 !(sk->sk_bound_dev_if && sk->sk_bound_dev_if != dif))
23875 goto found; /* gotcha */
23877 @@ -397,6 +397,12 @@ static int raw_send_hdrinc(struct sock *
23878 icmp_out_count(net, ((struct icmphdr *)
23879 skb_transport_header(skb))->type);
23882 + if (!nx_check(0, VS_ADMIN) && !capable(CAP_NET_RAW) &&
23883 + sk->sk_nx_info &&
23884 + !v4_addr_in_nx_info(sk->sk_nx_info, iph->saddr, NXA_MASK_BIND))
23887 err = NF_HOOK(NFPROTO_IPV4, NF_INET_LOCAL_OUT, skb, NULL,
23888 rt->dst.dev, dst_output);
23890 @@ -585,6 +591,16 @@ static int raw_sendmsg(struct kiocb *ioc
23894 + if (sk->sk_nx_info) {
23895 + rt = ip_v4_find_src(sock_net(sk), sk->sk_nx_info, &fl4);
23896 + if (IS_ERR(rt)) {
23897 + err = PTR_ERR(rt);
23904 security_sk_classify_flow(sk, flowi4_to_flowi(&fl4));
23905 rt = ip_route_output_flow(sock_net(sk), &fl4, sk);
23907 @@ -661,17 +677,19 @@ static int raw_bind(struct sock *sk, str
23909 struct inet_sock *inet = inet_sk(sk);
23910 struct sockaddr_in *addr = (struct sockaddr_in *) uaddr;
23911 + struct nx_v4_sock_addr nsa = { 0 };
23915 if (sk->sk_state != TCP_CLOSE || addr_len < sizeof(struct sockaddr_in))
23917 - chk_addr_ret = inet_addr_type(sock_net(sk), addr->sin_addr.s_addr);
23918 + v4_map_sock_addr(inet, addr, &nsa);
23919 + chk_addr_ret = inet_addr_type(sock_net(sk), nsa.saddr);
23920 ret = -EADDRNOTAVAIL;
23921 - if (addr->sin_addr.s_addr && chk_addr_ret != RTN_LOCAL &&
23922 + if (nsa.saddr && chk_addr_ret != RTN_LOCAL &&
23923 chk_addr_ret != RTN_MULTICAST && chk_addr_ret != RTN_BROADCAST)
23925 - inet->inet_rcv_saddr = inet->inet_saddr = addr->sin_addr.s_addr;
23926 + v4_set_sock_addr(inet, &nsa);
23927 if (chk_addr_ret == RTN_MULTICAST || chk_addr_ret == RTN_BROADCAST)
23928 inet->inet_saddr = 0; /* Use device */
23930 @@ -720,7 +738,8 @@ static int raw_recvmsg(struct kiocb *ioc
23931 /* Copy the address. */
23933 sin->sin_family = AF_INET;
23934 - sin->sin_addr.s_addr = ip_hdr(skb)->saddr;
23935 + sin->sin_addr.s_addr =
23936 + nx_map_sock_lback(sk->sk_nx_info, ip_hdr(skb)->saddr);
23938 memset(&sin->sin_zero, 0, sizeof(sin->sin_zero));
23939 *addr_len = sizeof(*sin);
23940 @@ -916,7 +935,8 @@ static struct sock *raw_get_first(struct
23941 for (state->bucket = 0; state->bucket < RAW_HTABLE_SIZE;
23943 sk_for_each(sk, &state->h->ht[state->bucket])
23944 - if (sock_net(sk) == seq_file_net(seq))
23945 + if ((sock_net(sk) == seq_file_net(seq)) &&
23946 + nx_check(sk->sk_nid, VS_WATCH_P | VS_IDENT))
23950 @@ -932,7 +952,8 @@ static struct sock *raw_get_next(struct
23954 - } while (sk && sock_net(sk) != seq_file_net(seq));
23955 + } while (sk && ((sock_net(sk) != seq_file_net(seq)) ||
23956 + !nx_check(sk->sk_nid, VS_WATCH_P | VS_IDENT)));
23958 if (!sk && ++state->bucket < RAW_HTABLE_SIZE) {
23959 sk = sk_head(&state->h->ht[state->bucket]);
23960 diff -NurpP --minimal linux-3.14.17/net/ipv4/route.c linux-3.14.17-vs2.3.6.13/net/ipv4/route.c
23961 --- linux-3.14.17/net/ipv4/route.c 2014-08-14 01:38:34.000000000 +0000
23962 +++ linux-3.14.17-vs2.3.6.13/net/ipv4/route.c 2014-08-30 14:27:38.000000000 +0000
23963 @@ -2073,7 +2073,7 @@ struct rtable *__ip_route_output_key(str
23966 if (fl4->flowi4_oif) {
23967 - dev_out = dev_get_by_index_rcu(net, fl4->flowi4_oif);
23968 + dev_out = dev_get_by_index_real_rcu(net, fl4->flowi4_oif);
23969 rth = ERR_PTR(-ENODEV);
23970 if (dev_out == NULL)
23972 diff -NurpP --minimal linux-3.14.17/net/ipv4/tcp.c linux-3.14.17-vs2.3.6.13/net/ipv4/tcp.c
23973 --- linux-3.14.17/net/ipv4/tcp.c 2014-08-14 01:38:34.000000000 +0000
23974 +++ linux-3.14.17-vs2.3.6.13/net/ipv4/tcp.c 2014-08-30 14:27:38.000000000 +0000
23975 @@ -268,6 +268,7 @@
23976 #include <linux/crypto.h>
23977 #include <linux/time.h>
23978 #include <linux/slab.h>
23979 +#include <linux/in.h>
23981 #include <net/icmp.h>
23982 #include <net/inet_common.h>
23983 diff -NurpP --minimal linux-3.14.17/net/ipv4/tcp_ipv4.c linux-3.14.17-vs2.3.6.13/net/ipv4/tcp_ipv4.c
23984 --- linux-3.14.17/net/ipv4/tcp_ipv4.c 2014-08-14 01:38:34.000000000 +0000
23985 +++ linux-3.14.17-vs2.3.6.13/net/ipv4/tcp_ipv4.c 2014-08-30 14:27:38.000000000 +0000
23986 @@ -2226,6 +2226,12 @@ static void *listening_get_next(struct s
23987 req = req->dl_next;
23990 + vxdprintk(VXD_CBIT(net, 6),
23991 + "sk,req: %p [#%d] (from %d)", req->sk,
23992 + (req->sk)?req->sk->sk_nid:0, nx_current_nid());
23994 + !nx_check(req->sk->sk_nid, VS_WATCH_P | VS_IDENT))
23996 if (req->rsk_ops->family == st->family) {
23999 @@ -2250,6 +2256,10 @@ get_req:
24002 sk_nulls_for_each_from(sk, node) {
24003 + vxdprintk(VXD_CBIT(net, 6), "sk: %p [#%d] (from %d)",
24004 + sk, sk->sk_nid, nx_current_nid());
24005 + if (!nx_check(sk->sk_nid, VS_WATCH_P | VS_IDENT))
24007 if (!net_eq(sock_net(sk), net))
24009 if (sk->sk_family == st->family) {
24010 @@ -2324,6 +2334,11 @@ static void *established_get_first(struc
24012 spin_lock_bh(lock);
24013 sk_nulls_for_each(sk, node, &tcp_hashinfo.ehash[st->bucket].chain) {
24014 + vxdprintk(VXD_CBIT(net, 6),
24015 + "sk,egf: %p [#%d] (from %d)",
24016 + sk, sk->sk_nid, nx_current_nid());
24017 + if (!nx_check(sk->sk_nid, VS_WATCH_P | VS_IDENT))
24019 if (sk->sk_family != st->family ||
24020 !net_eq(sock_net(sk), net)) {
24022 @@ -2350,6 +2365,11 @@ static void *established_get_next(struct
24023 sk = sk_nulls_next(sk);
24025 sk_nulls_for_each_from(sk, node) {
24026 + vxdprintk(VXD_CBIT(net, 6),
24027 + "sk,egn: %p [#%d] (from %d)",
24028 + sk, sk->sk_nid, nx_current_nid());
24029 + if (!nx_check(sk->sk_nid, VS_WATCH_P | VS_IDENT))
24031 if (sk->sk_family == st->family && net_eq(sock_net(sk), net))
24034 @@ -2548,9 +2568,9 @@ static void get_openreq4(const struct so
24035 seq_printf(f, "%4d: %08X:%04X %08X:%04X"
24036 " %02X %08X:%08X %02X:%08lX %08X %5u %8d %u %d %pK",
24038 - ireq->ir_loc_addr,
24039 + nx_map_sock_lback(current_nx_info(), ireq->ir_loc_addr),
24040 ntohs(inet_sk(sk)->inet_sport),
24041 - ireq->ir_rmt_addr,
24042 + nx_map_sock_lback(current_nx_info(), ireq->ir_rmt_addr),
24043 ntohs(ireq->ir_rmt_port),
24045 0, 0, /* could print option size, but that is af dependent. */
24046 @@ -2572,8 +2592,8 @@ static void get_tcp4_sock(struct sock *s
24047 const struct inet_connection_sock *icsk = inet_csk(sk);
24048 const struct inet_sock *inet = inet_sk(sk);
24049 struct fastopen_queue *fastopenq = icsk->icsk_accept_queue.fastopenq;
24050 - __be32 dest = inet->inet_daddr;
24051 - __be32 src = inet->inet_rcv_saddr;
24052 + __be32 dest = nx_map_sock_lback(current_nx_info(), inet->inet_daddr);
24053 + __be32 src = nx_map_sock_lback(current_nx_info(), inet->inet_rcv_saddr);
24054 __u16 destp = ntohs(inet->inet_dport);
24055 __u16 srcp = ntohs(inet->inet_sport);
24057 @@ -2630,8 +2650,8 @@ static void get_timewait4_sock(const str
24059 s32 delta = tw->tw_ttd - inet_tw_time_stamp();
24061 - dest = tw->tw_daddr;
24062 - src = tw->tw_rcv_saddr;
24063 + dest = nx_map_sock_lback(current_nx_info(), tw->tw_daddr);
24064 + src = nx_map_sock_lback(current_nx_info(), tw->tw_rcv_saddr);
24065 destp = ntohs(tw->tw_dport);
24066 srcp = ntohs(tw->tw_sport);
24068 diff -NurpP --minimal linux-3.14.17/net/ipv4/tcp_minisocks.c linux-3.14.17-vs2.3.6.13/net/ipv4/tcp_minisocks.c
24069 --- linux-3.14.17/net/ipv4/tcp_minisocks.c 2014-08-14 01:38:34.000000000 +0000
24070 +++ linux-3.14.17-vs2.3.6.13/net/ipv4/tcp_minisocks.c 2014-08-30 14:27:38.000000000 +0000
24072 #include <linux/slab.h>
24073 #include <linux/sysctl.h>
24074 #include <linux/workqueue.h>
24075 +#include <linux/vs_limit.h>
24076 +#include <linux/vs_socket.h>
24077 +#include <linux/vs_context.h>
24078 #include <net/tcp.h>
24079 #include <net/inet_common.h>
24080 #include <net/xfrm.h>
24081 @@ -290,6 +293,11 @@ void tcp_time_wait(struct sock *sk, int
24082 tcptw->tw_ts_recent_stamp = tp->rx_opt.ts_recent_stamp;
24083 tcptw->tw_ts_offset = tp->tsoffset;
24085 + tw->tw_xid = sk->sk_xid;
24086 + tw->tw_vx_info = NULL;
24087 + tw->tw_nid = sk->sk_nid;
24088 + tw->tw_nx_info = NULL;
24090 #if IS_ENABLED(CONFIG_IPV6)
24091 if (tw->tw_family == PF_INET6) {
24092 struct ipv6_pinfo *np = inet6_sk(sk);
24093 diff -NurpP --minimal linux-3.14.17/net/ipv4/udp.c linux-3.14.17-vs2.3.6.13/net/ipv4/udp.c
24094 --- linux-3.14.17/net/ipv4/udp.c 2014-08-14 01:38:34.000000000 +0000
24095 +++ linux-3.14.17-vs2.3.6.13/net/ipv4/udp.c 2014-08-30 14:27:38.000000000 +0000
24096 @@ -308,14 +308,7 @@ fail:
24098 EXPORT_SYMBOL(udp_lib_get_port);
24100 -static int ipv4_rcv_saddr_equal(const struct sock *sk1, const struct sock *sk2)
24102 - struct inet_sock *inet1 = inet_sk(sk1), *inet2 = inet_sk(sk2);
24104 - return (!ipv6_only_sock(sk2) &&
24105 - (!inet1->inet_rcv_saddr || !inet2->inet_rcv_saddr ||
24106 - inet1->inet_rcv_saddr == inet2->inet_rcv_saddr));
24108 +extern int ipv4_rcv_saddr_equal(const struct sock *, const struct sock *);
24110 static unsigned int udp4_portaddr_hash(struct net *net, __be32 saddr,
24112 @@ -350,6 +343,11 @@ static inline int compute_score(struct s
24113 if (inet->inet_rcv_saddr != daddr)
24117 + /* block non nx_info ips */
24118 + if (!v4_addr_in_nx_info(sk->sk_nx_info,
24119 + daddr, NXA_MASK_BIND))
24122 if (inet->inet_daddr) {
24123 if (inet->inet_daddr != saddr)
24124 @@ -472,6 +470,7 @@ begin:
24129 /* UDP is nearly always wildcards out the wazoo, it makes no sense to try
24130 * harder than this. -DaveM
24132 @@ -518,6 +517,11 @@ begin:
24133 sk_nulls_for_each_rcu(sk, node, &hslot->head) {
24134 score = compute_score(sk, net, saddr, hnum, sport,
24135 daddr, dport, dif);
24136 + /* FIXME: disabled?
24137 + if (score == 9) {
24141 if (score > badness) {
24144 @@ -542,6 +546,7 @@ begin:
24145 if (get_nulls_value(node) != slot)
24150 if (unlikely(!atomic_inc_not_zero_hint(&result->sk_refcnt, 2)))
24152 @@ -551,6 +556,7 @@ begin:
24160 @@ -585,7 +591,7 @@ static inline bool __udp_is_mcast_sock(s
24161 udp_sk(sk)->udp_port_hash != hnum ||
24162 (inet->inet_daddr && inet->inet_daddr != rmt_addr) ||
24163 (inet->inet_dport != rmt_port && inet->inet_dport) ||
24164 - (inet->inet_rcv_saddr && inet->inet_rcv_saddr != loc_addr) ||
24165 + !v4_sock_addr_match(sk->sk_nx_info, inet, loc_addr) ||
24166 ipv6_only_sock(sk) ||
24167 (sk->sk_bound_dev_if && sk->sk_bound_dev_if != dif))
24169 @@ -989,6 +995,16 @@ int udp_sendmsg(struct kiocb *iocb, stru
24170 inet_sk_flowi_flags(sk),
24171 faddr, saddr, dport, inet->inet_sport);
24173 + if (sk->sk_nx_info) {
24174 + rt = ip_v4_find_src(net, sk->sk_nx_info, fl4);
24175 + if (IS_ERR(rt)) {
24176 + err = PTR_ERR(rt);
24183 security_sk_classify_flow(sk, flowi4_to_flowi(fl4));
24184 rt = ip_route_output_flow(net, fl4, sk);
24186 @@ -1293,7 +1309,8 @@ try_again:
24188 sin->sin_family = AF_INET;
24189 sin->sin_port = udp_hdr(skb)->source;
24190 - sin->sin_addr.s_addr = ip_hdr(skb)->saddr;
24191 + sin->sin_addr.s_addr = nx_map_sock_lback(
24192 + skb->sk->sk_nx_info, ip_hdr(skb)->saddr);
24193 memset(sin->sin_zero, 0, sizeof(sin->sin_zero));
24194 *addr_len = sizeof(*sin);
24196 @@ -2227,6 +2244,8 @@ static struct sock *udp_get_first(struct
24197 sk_nulls_for_each(sk, node, &hslot->head) {
24198 if (!net_eq(sock_net(sk), net))
24200 + if (!nx_check(sk->sk_nid, VS_WATCH_P | VS_IDENT))
24202 if (sk->sk_family == state->family)
24205 @@ -2244,7 +2263,9 @@ static struct sock *udp_get_next(struct
24208 sk = sk_nulls_next(sk);
24209 - } while (sk && (!net_eq(sock_net(sk), net) || sk->sk_family != state->family));
24210 + } while (sk && (!net_eq(sock_net(sk), net) ||
24211 + sk->sk_family != state->family ||
24212 + !nx_check(sk->sk_nid, VS_WATCH_P | VS_IDENT)));
24215 if (state->bucket <= state->udp_table->mask)
24216 @@ -2340,8 +2361,8 @@ static void udp4_format_sock(struct sock
24219 struct inet_sock *inet = inet_sk(sp);
24220 - __be32 dest = inet->inet_daddr;
24221 - __be32 src = inet->inet_rcv_saddr;
24222 + __be32 dest = nx_map_sock_lback(current_nx_info(), inet->inet_daddr);
24223 + __be32 src = nx_map_sock_lback(current_nx_info(), inet->inet_rcv_saddr);
24224 __u16 destp = ntohs(inet->inet_dport);
24225 __u16 srcp = ntohs(inet->inet_sport);
24227 diff -NurpP --minimal linux-3.14.17/net/ipv6/Kconfig linux-3.14.17-vs2.3.6.13/net/ipv6/Kconfig
24228 --- linux-3.14.17/net/ipv6/Kconfig 2014-08-14 01:38:34.000000000 +0000
24229 +++ linux-3.14.17-vs2.3.6.13/net/ipv6/Kconfig 2014-08-30 14:27:38.000000000 +0000
24232 # IPv6 as module will cause a CRASH if you try to unload it
24234 - tristate "The IPv6 protocol"
24236 + bool "The IPv6 protocol"
24239 This is complemental support for the IP version 6.
24240 You will still be able to do traditional IPv4 networking as well.
24241 diff -NurpP --minimal linux-3.14.17/net/ipv6/addrconf.c linux-3.14.17-vs2.3.6.13/net/ipv6/addrconf.c
24242 --- linux-3.14.17/net/ipv6/addrconf.c 2014-08-14 01:38:34.000000000 +0000
24243 +++ linux-3.14.17-vs2.3.6.13/net/ipv6/addrconf.c 2014-08-30 14:27:38.000000000 +0000
24245 #include <linux/proc_fs.h>
24246 #include <linux/seq_file.h>
24247 #include <linux/export.h>
24248 +#include <linux/vs_network.h>
24249 +#include <linux/vs_inet6.h>
24251 /* Set to 3 to get tracing... */
24252 #define ACONF_DEBUG 2
24253 @@ -1313,7 +1315,7 @@ out:
24255 int ipv6_dev_get_saddr(struct net *net, const struct net_device *dst_dev,
24256 const struct in6_addr *daddr, unsigned int prefs,
24257 - struct in6_addr *saddr)
24258 + struct in6_addr *saddr, struct nx_info *nxi)
24260 struct ipv6_saddr_score scores[2],
24261 *score = &scores[0], *hiscore = &scores[1];
24262 @@ -1385,6 +1387,8 @@ int ipv6_dev_get_saddr(struct net *net,
24266 + if (!v6_addr_in_nx_info(nxi, &score->ifa->addr, -1))
24270 bitmap_zero(score->scorebits, IPV6_SADDR_RULE_MAX);
24271 @@ -3497,7 +3501,10 @@ static void if6_seq_stop(struct seq_file
24272 static int if6_seq_show(struct seq_file *seq, void *v)
24274 struct inet6_ifaddr *ifp = (struct inet6_ifaddr *)v;
24275 - seq_printf(seq, "%pi6 %02x %02x %02x %02x %8s\n",
24277 + if (nx_check(0, VS_ADMIN|VS_WATCH) ||
24278 + v6_addr_in_nx_info(current_nx_info(), &ifp->addr, -1))
24279 + seq_printf(seq, "%pi6 %02x %02x %02x %02x %8s\n",
24281 ifp->idev->dev->ifindex,
24283 @@ -4071,6 +4078,11 @@ static int in6_dump_addrs(struct inet6_d
24284 struct ifacaddr6 *ifaca;
24286 int ip_idx = *p_ip_idx;
24287 + struct nx_info *nxi = skb->sk ? skb->sk->sk_nx_info : NULL;
24289 + /* disable ipv6 on non v6 guests */
24290 + if (nxi && !nx_info_has_v6(nxi))
24293 read_lock_bh(&idev->lock);
24295 @@ -4081,6 +4093,8 @@ static int in6_dump_addrs(struct inet6_d
24296 list_for_each_entry(ifa, &idev->addr_list, if_list) {
24297 if (++ip_idx < s_ip_idx)
24299 + if (!v6_addr_in_nx_info(nxi, &ifa->addr, -1))
24301 err = inet6_fill_ifaddr(skb, ifa,
24302 NETLINK_CB(cb->skb).portid,
24303 cb->nlh->nlmsg_seq,
24304 @@ -4098,6 +4112,8 @@ static int in6_dump_addrs(struct inet6_d
24305 ifmca = ifmca->next, ip_idx++) {
24306 if (ip_idx < s_ip_idx)
24308 + if (!v6_addr_in_nx_info(nxi, &ifmca->mca_addr, -1))
24310 err = inet6_fill_ifmcaddr(skb, ifmca,
24311 NETLINK_CB(cb->skb).portid,
24312 cb->nlh->nlmsg_seq,
24313 @@ -4113,6 +4129,8 @@ static int in6_dump_addrs(struct inet6_d
24314 ifaca = ifaca->aca_next, ip_idx++) {
24315 if (ip_idx < s_ip_idx)
24317 + if (!v6_addr_in_nx_info(nxi, &ifaca->aca_addr, -1))
24319 err = inet6_fill_ifacaddr(skb, ifaca,
24320 NETLINK_CB(cb->skb).portid,
24321 cb->nlh->nlmsg_seq,
24322 @@ -4141,6 +4159,10 @@ static int inet6_dump_addr(struct sk_buf
24323 struct inet6_dev *idev;
24324 struct hlist_head *head;
24326 + /* FIXME: maybe disable ipv6 on non v6 guests?
24327 + if (skb->sk && skb->sk->sk_vx_info)
24328 + return skb->len; */
24331 s_idx = idx = cb->args[1];
24332 s_ip_idx = ip_idx = cb->args[2];
24333 @@ -4585,6 +4607,7 @@ static int inet6_dump_ifinfo(struct sk_b
24334 struct net_device *dev;
24335 struct inet6_dev *idev;
24336 struct hlist_head *head;
24337 + struct nx_info *nxi = skb->sk ? skb->sk->sk_nx_info : NULL;
24340 s_idx = cb->args[1];
24341 @@ -4596,6 +4619,8 @@ static int inet6_dump_ifinfo(struct sk_b
24342 hlist_for_each_entry_rcu(dev, head, index_hlist) {
24345 + if (!v6_dev_in_nx_info(dev, nxi))
24347 idev = __in6_dev_get(dev);
24350 diff -NurpP --minimal linux-3.14.17/net/ipv6/af_inet6.c linux-3.14.17-vs2.3.6.13/net/ipv6/af_inet6.c
24351 --- linux-3.14.17/net/ipv6/af_inet6.c 2014-08-14 01:38:34.000000000 +0000
24352 +++ linux-3.14.17-vs2.3.6.13/net/ipv6/af_inet6.c 2014-08-30 14:27:38.000000000 +0000
24354 #include <linux/netdevice.h>
24355 #include <linux/icmpv6.h>
24356 #include <linux/netfilter_ipv6.h>
24357 +#include <linux/vs_inet.h>
24358 +#include <linux/vs_inet6.h>
24360 #include <net/ip.h>
24361 #include <net/ipv6.h>
24362 @@ -156,10 +158,13 @@ lookup_protocol:
24366 + if ((protocol == IPPROTO_ICMPV6) &&
24367 + nx_capable(CAP_NET_RAW, NXC_RAW_ICMP))
24369 if (sock->type == SOCK_RAW && !kern &&
24370 !ns_capable(net->user_ns, CAP_NET_RAW))
24371 goto out_rcu_unlock;
24374 sock->ops = answer->ops;
24375 answer_prot = answer->prot;
24376 answer_no_check = answer->no_check;
24377 @@ -259,6 +264,7 @@ int inet6_bind(struct socket *sock, stru
24378 struct inet_sock *inet = inet_sk(sk);
24379 struct ipv6_pinfo *np = inet6_sk(sk);
24380 struct net *net = sock_net(sk);
24381 + struct nx_v6_sock_addr nsa;
24383 unsigned short snum;
24385 @@ -274,6 +280,10 @@ int inet6_bind(struct socket *sock, stru
24386 if (addr->sin6_family != AF_INET6)
24387 return -EAFNOSUPPORT;
24389 + err = v6_map_sock_addr(inet, addr, &nsa);
24393 addr_type = ipv6_addr_type(&addr->sin6_addr);
24394 if ((addr_type & IPV6_ADDR_MULTICAST) && sock->type == SOCK_STREAM)
24396 @@ -305,6 +315,7 @@ int inet6_bind(struct socket *sock, stru
24397 /* Reproduce AF_INET checks to make the bindings consistent */
24398 v4addr = addr->sin6_addr.s6_addr32[3];
24399 chk_addr_ret = inet_addr_type(net, v4addr);
24401 if (!sysctl_ip_nonlocal_bind &&
24402 !(inet->freebind || inet->transparent) &&
24403 v4addr != htonl(INADDR_ANY) &&
24404 @@ -314,6 +325,10 @@ int inet6_bind(struct socket *sock, stru
24405 err = -EADDRNOTAVAIL;
24408 + if (!v4_addr_in_nx_info(sk->sk_nx_info, v4addr, NXA_MASK_BIND)) {
24409 + err = -EADDRNOTAVAIL;
24413 if (addr_type != IPV6_ADDR_ANY) {
24414 struct net_device *dev = NULL;
24415 @@ -340,6 +355,11 @@ int inet6_bind(struct socket *sock, stru
24419 + if (!v6_addr_in_nx_info(sk->sk_nx_info, &addr->sin6_addr, -1)) {
24420 + err = -EADDRNOTAVAIL;
24424 /* ipv4 addr of the socket is invalid. Only the
24425 * unspecified and mapped address have a v4 equivalent.
24427 @@ -356,6 +376,9 @@ int inet6_bind(struct socket *sock, stru
24431 + /* what's that for? */
24432 + v6_set_sock_addr(inet, &nsa);
24434 inet->inet_rcv_saddr = v4addr;
24435 inet->inet_saddr = v4addr;
24437 @@ -457,9 +480,11 @@ int inet6_getname(struct socket *sock, s
24439 sin->sin6_port = inet->inet_dport;
24440 sin->sin6_addr = sk->sk_v6_daddr;
24441 + /* FIXME: remap lback? */
24443 sin->sin6_flowinfo = np->flow_label;
24445 + /* FIXME: remap lback? */
24446 if (ipv6_addr_any(&sk->sk_v6_rcv_saddr))
24447 sin->sin6_addr = np->saddr;
24449 diff -NurpP --minimal linux-3.14.17/net/ipv6/datagram.c linux-3.14.17-vs2.3.6.13/net/ipv6/datagram.c
24450 --- linux-3.14.17/net/ipv6/datagram.c 2014-08-14 01:38:34.000000000 +0000
24451 +++ linux-3.14.17-vs2.3.6.13/net/ipv6/datagram.c 2014-08-30 14:27:38.000000000 +0000
24452 @@ -685,7 +685,7 @@ int ip6_datagram_send_ctl(struct net *ne
24455 if (fl6->flowi6_oif) {
24456 - dev = dev_get_by_index_rcu(net, fl6->flowi6_oif);
24457 + dev = dev_get_by_index_real_rcu(net, fl6->flowi6_oif);
24461 diff -NurpP --minimal linux-3.14.17/net/ipv6/fib6_rules.c linux-3.14.17-vs2.3.6.13/net/ipv6/fib6_rules.c
24462 --- linux-3.14.17/net/ipv6/fib6_rules.c 2014-08-14 01:38:34.000000000 +0000
24463 +++ linux-3.14.17-vs2.3.6.13/net/ipv6/fib6_rules.c 2014-08-30 14:27:38.000000000 +0000
24464 @@ -97,7 +97,7 @@ static int fib6_rule_action(struct fib_r
24465 ip6_dst_idev(&rt->dst)->dev,
24467 rt6_flags2srcprefs(flags),
24471 if (!ipv6_prefix_equal(&saddr, &r->src.addr,
24473 diff -NurpP --minimal linux-3.14.17/net/ipv6/inet6_hashtables.c linux-3.14.17-vs2.3.6.13/net/ipv6/inet6_hashtables.c
24474 --- linux-3.14.17/net/ipv6/inet6_hashtables.c 2014-08-14 01:38:34.000000000 +0000
24475 +++ linux-3.14.17-vs2.3.6.13/net/ipv6/inet6_hashtables.c 2014-08-30 14:27:38.000000000 +0000
24478 #include <linux/module.h>
24479 #include <linux/random.h>
24480 +#include <linux/vs_inet6.h>
24482 #include <net/inet_connection_sock.h>
24483 #include <net/inet_hashtables.h>
24484 @@ -116,7 +117,6 @@ struct sock *__inet6_lookup_established(
24485 unsigned int slot = hash & hashinfo->ehash_mask;
24486 struct inet_ehash_bucket *head = &hashinfo->ehash[slot];
24491 sk_nulls_for_each_rcu(sk, node, &head->chain) {
24492 @@ -158,6 +158,9 @@ static inline int compute_score(struct s
24493 if (!ipv6_addr_equal(&sk->sk_v6_rcv_saddr, daddr))
24497 + if (!v6_addr_in_nx_info(sk->sk_nx_info, daddr, -1))
24500 if (sk->sk_bound_dev_if) {
24501 if (sk->sk_bound_dev_if != dif)
24502 diff -NurpP --minimal linux-3.14.17/net/ipv6/ip6_fib.c linux-3.14.17-vs2.3.6.13/net/ipv6/ip6_fib.c
24503 --- linux-3.14.17/net/ipv6/ip6_fib.c 2014-08-14 01:38:34.000000000 +0000
24504 +++ linux-3.14.17-vs2.3.6.13/net/ipv6/ip6_fib.c 2014-08-30 14:27:38.000000000 +0000
24505 @@ -1780,6 +1780,7 @@ static int ipv6_route_seq_show(struct se
24506 struct rt6_info *rt = v;
24507 struct ipv6_route_iter *iter = seq->private;
24509 + /* FIXME: check for network context? */
24510 seq_printf(seq, "%pi6 %02x ", &rt->rt6i_dst.addr, rt->rt6i_dst.plen);
24512 #ifdef CONFIG_IPV6_SUBTREES
24513 diff -NurpP --minimal linux-3.14.17/net/ipv6/ip6_output.c linux-3.14.17-vs2.3.6.13/net/ipv6/ip6_output.c
24514 --- linux-3.14.17/net/ipv6/ip6_output.c 2014-08-14 01:38:34.000000000 +0000
24515 +++ linux-3.14.17-vs2.3.6.13/net/ipv6/ip6_output.c 2014-08-30 14:27:38.000000000 +0000
24516 @@ -911,7 +911,8 @@ static int ip6_dst_lookup_tail(struct so
24517 struct rt6_info *rt = (struct rt6_info *) *dst;
24518 err = ip6_route_get_saddr(net, rt, &fl6->daddr,
24519 sk ? inet6_sk(sk)->srcprefs : 0,
24522 + sk ? sk->sk_nx_info : NULL);
24524 goto out_err_release;
24526 diff -NurpP --minimal linux-3.14.17/net/ipv6/ndisc.c linux-3.14.17-vs2.3.6.13/net/ipv6/ndisc.c
24527 --- linux-3.14.17/net/ipv6/ndisc.c 2014-08-14 01:38:34.000000000 +0000
24528 +++ linux-3.14.17-vs2.3.6.13/net/ipv6/ndisc.c 2014-08-30 14:27:38.000000000 +0000
24529 @@ -488,7 +488,7 @@ void ndisc_send_na(struct net_device *de
24531 if (ipv6_dev_get_saddr(dev_net(dev), dev, daddr,
24532 inet6_sk(dev_net(dev)->ipv6.ndisc_sk)->srcprefs,
24536 src_addr = &tmpaddr;
24538 diff -NurpP --minimal linux-3.14.17/net/ipv6/netfilter/ip6t_MASQUERADE.c linux-3.14.17-vs2.3.6.13/net/ipv6/netfilter/ip6t_MASQUERADE.c
24539 --- linux-3.14.17/net/ipv6/netfilter/ip6t_MASQUERADE.c 2014-08-14 01:38:34.000000000 +0000
24540 +++ linux-3.14.17-vs2.3.6.13/net/ipv6/netfilter/ip6t_MASQUERADE.c 2014-08-30 14:27:38.000000000 +0000
24541 @@ -34,7 +34,7 @@ masquerade_tg6(struct sk_buff *skb, cons
24542 ctinfo == IP_CT_RELATED_REPLY));
24544 if (ipv6_dev_get_saddr(dev_net(par->out), par->out,
24545 - &ipv6_hdr(skb)->daddr, 0, &src) < 0)
24546 + &ipv6_hdr(skb)->daddr, 0, &src, NULL) < 0)
24549 nfct_nat(ct)->masq_index = par->out->ifindex;
24550 diff -NurpP --minimal linux-3.14.17/net/ipv6/raw.c linux-3.14.17-vs2.3.6.13/net/ipv6/raw.c
24551 --- linux-3.14.17/net/ipv6/raw.c 2014-08-14 01:38:34.000000000 +0000
24552 +++ linux-3.14.17-vs2.3.6.13/net/ipv6/raw.c 2014-08-30 14:27:38.000000000 +0000
24554 #include <linux/icmpv6.h>
24555 #include <linux/netfilter.h>
24556 #include <linux/netfilter_ipv6.h>
24557 +#include <linux/vs_inet6.h>
24558 #include <linux/skbuff.h>
24559 #include <linux/compat.h>
24560 #include <asm/uaccess.h>
24561 @@ -291,6 +292,13 @@ static int rawv6_bind(struct sock *sk, s
24565 + if (!v6_addr_in_nx_info(sk->sk_nx_info, &addr->sin6_addr, -1)) {
24566 + err = -EADDRNOTAVAIL;
24572 /* ipv4 addr of the socket is invalid. Only the
24573 * unspecified and mapped address have a v4 equivalent.
24575 diff -NurpP --minimal linux-3.14.17/net/ipv6/route.c linux-3.14.17-vs2.3.6.13/net/ipv6/route.c
24576 --- linux-3.14.17/net/ipv6/route.c 2014-08-14 01:38:34.000000000 +0000
24577 +++ linux-3.14.17-vs2.3.6.13/net/ipv6/route.c 2014-08-30 14:27:38.000000000 +0000
24579 #include <net/netevent.h>
24580 #include <net/netlink.h>
24581 #include <net/nexthop.h>
24582 +#include <linux/vs_inet6.h>
24584 #include <asm/uaccess.h>
24586 @@ -2215,15 +2216,17 @@ int ip6_route_get_saddr(struct net *net,
24587 struct rt6_info *rt,
24588 const struct in6_addr *daddr,
24589 unsigned int prefs,
24590 - struct in6_addr *saddr)
24591 + struct in6_addr *saddr,
24592 + struct nx_info *nxi)
24594 struct inet6_dev *idev = ip6_dst_idev((struct dst_entry*)rt);
24596 - if (rt->rt6i_prefsrc.plen)
24597 + if (rt->rt6i_prefsrc.plen && (!nxi ||
24598 + v6_addr_in_nx_info(nxi, &rt->rt6i_prefsrc.addr, NXA_TYPE_ADDR)))
24599 *saddr = rt->rt6i_prefsrc.addr;
24601 err = ipv6_dev_get_saddr(net, idev ? idev->dev : NULL,
24602 - daddr, prefs, saddr);
24603 + daddr, prefs, saddr, nxi);
24607 @@ -2643,7 +2646,8 @@ static int rt6_fill_node(struct net *net
24608 goto nla_put_failure;
24610 struct in6_addr saddr_buf;
24611 - if (ip6_route_get_saddr(net, rt, dst, 0, &saddr_buf) == 0 &&
24612 + if (ip6_route_get_saddr(net, rt, dst, 0, &saddr_buf,
24613 + (skb->sk ? skb->sk->sk_nx_info : NULL)) == 0 &&
24614 nla_put(skb, RTA_PREFSRC, 16, &saddr_buf))
24615 goto nla_put_failure;
24617 diff -NurpP --minimal linux-3.14.17/net/ipv6/tcp_ipv6.c linux-3.14.17-vs2.3.6.13/net/ipv6/tcp_ipv6.c
24618 --- linux-3.14.17/net/ipv6/tcp_ipv6.c 2014-08-14 01:38:34.000000000 +0000
24619 +++ linux-3.14.17-vs2.3.6.13/net/ipv6/tcp_ipv6.c 2014-08-30 14:39:19.000000000 +0000
24622 #include <linux/crypto.h>
24623 #include <linux/scatterlist.h>
24624 +#include <linux/vs_inet6.h>
24626 static void tcp_v6_send_reset(struct sock *sk, struct sk_buff *skb);
24627 static void tcp_v6_reqsk_send_ack(struct sock *sk, struct sk_buff *skb,
24628 @@ -164,8 +165,15 @@ static int tcp_v6_connect(struct sock *s
24629 * connect() to INADDR_ANY means loopback (BSD'ism).
24632 - if (ipv6_addr_any(&usin->sin6_addr))
24633 - usin->sin6_addr.s6_addr[15] = 0x1;
24634 + if(ipv6_addr_any(&usin->sin6_addr)) {
24635 + struct nx_info *nxi = sk->sk_nx_info;
24637 + if (nxi && nx_info_has_v6(nxi))
24638 + /* FIXME: remap lback? */
24639 + usin->sin6_addr = nxi->v6.ip;
24641 + usin->sin6_addr.s6_addr[15] = 0x1;
24644 addr_type = ipv6_addr_type(&usin->sin6_addr);
24646 diff -NurpP --minimal linux-3.14.17/net/ipv6/udp.c linux-3.14.17-vs2.3.6.13/net/ipv6/udp.c
24647 --- linux-3.14.17/net/ipv6/udp.c 2014-08-14 01:38:34.000000000 +0000
24648 +++ linux-3.14.17-vs2.3.6.13/net/ipv6/udp.c 2014-08-30 14:27:38.000000000 +0000
24650 #include <net/xfrm.h>
24651 #include <net/inet6_hashtables.h>
24652 #include <net/busy_poll.h>
24653 +#include <linux/vs_inet6.h>
24655 #include <linux/proc_fs.h>
24656 #include <linux/seq_file.h>
24657 @@ -76,33 +77,61 @@ static unsigned int udp6_ehashfn(struct
24658 udp_ipv6_hash_secret + net_hash_mix(net));
24661 -int ipv6_rcv_saddr_equal(const struct sock *sk, const struct sock *sk2)
24662 +int ipv6_rcv_saddr_equal(const struct sock *sk1, const struct sock *sk2)
24664 + const struct in6_addr *sk1_rcv_saddr6 = inet6_rcv_saddr(sk1);
24665 const struct in6_addr *sk2_rcv_saddr6 = inet6_rcv_saddr(sk2);
24666 - int sk_ipv6only = ipv6_only_sock(sk);
24667 + __be32 sk1_rcv_saddr = sk1->sk_rcv_saddr;
24668 + __be32 sk2_rcv_saddr = sk2->sk_rcv_saddr;
24669 + int sk1_ipv6only = ipv6_only_sock(sk1);
24670 int sk2_ipv6only = inet_v6_ipv6only(sk2);
24671 - int addr_type = ipv6_addr_type(&sk->sk_v6_rcv_saddr);
24672 + int addr_type1 = ipv6_addr_type(sk1_rcv_saddr6);
24673 int addr_type2 = sk2_rcv_saddr6 ? ipv6_addr_type(sk2_rcv_saddr6) : IPV6_ADDR_MAPPED;
24675 /* if both are mapped, treat as IPv4 */
24676 - if (addr_type == IPV6_ADDR_MAPPED && addr_type2 == IPV6_ADDR_MAPPED)
24677 - return (!sk2_ipv6only &&
24678 - (!sk->sk_rcv_saddr || !sk2->sk_rcv_saddr ||
24679 - sk->sk_rcv_saddr == sk2->sk_rcv_saddr));
24680 + if (addr_type1 == IPV6_ADDR_MAPPED && addr_type2 == IPV6_ADDR_MAPPED) {
24681 + if (!sk2_ipv6only &&
24682 + (!sk1->sk_rcv_saddr || !sk2->sk_rcv_saddr ||
24683 + sk1->sk_rcv_saddr == sk2->sk_rcv_saddr))
24689 if (addr_type2 == IPV6_ADDR_ANY &&
24690 - !(sk2_ipv6only && addr_type == IPV6_ADDR_MAPPED))
24692 + !(sk2_ipv6only && addr_type1 == IPV6_ADDR_MAPPED))
24695 - if (addr_type == IPV6_ADDR_ANY &&
24696 - !(sk_ipv6only && addr_type2 == IPV6_ADDR_MAPPED))
24698 + if (addr_type1 == IPV6_ADDR_ANY &&
24699 + !(sk1_ipv6only && addr_type2 == IPV6_ADDR_MAPPED))
24702 if (sk2_rcv_saddr6 &&
24703 - ipv6_addr_equal(&sk->sk_v6_rcv_saddr, sk2_rcv_saddr6))
24705 + ipv6_addr_equal(&sk1->sk_v6_rcv_saddr, sk2_rcv_saddr6))
24711 + if (!sk1_rcv_saddr && !sk2_rcv_saddr)
24712 + return nx_v4_addr_conflict(sk1->sk_nx_info, sk2->sk_nx_info);
24713 + if (!sk2_rcv_saddr)
24714 + return v4_addr_in_nx_info(sk1->sk_nx_info, sk2_rcv_saddr, -1);
24715 + if (!sk1_rcv_saddr)
24716 + return v4_addr_in_nx_info(sk2->sk_nx_info, sk1_rcv_saddr, -1);
24719 + if (addr_type2 == IPV6_ADDR_ANY && addr_type1 == IPV6_ADDR_ANY)
24720 + return nx_v6_addr_conflict(sk1->sk_nx_info, sk2->sk_nx_info);
24721 + else if (addr_type2 == IPV6_ADDR_ANY)
24722 + return v6_addr_in_nx_info(sk2->sk_nx_info, sk1_rcv_saddr6, -1);
24723 + else if (addr_type1 == IPV6_ADDR_ANY) {
24724 + if (addr_type2 == IPV6_ADDR_MAPPED)
24725 + return nx_v4_addr_conflict(sk1->sk_nx_info, sk2->sk_nx_info);
24727 + return v6_addr_in_nx_info(sk1->sk_nx_info, sk2_rcv_saddr6, -1);
24732 static unsigned int udp6_portaddr_hash(struct net *net,
24733 @@ -160,6 +189,10 @@ static inline int compute_score(struct s
24734 if (inet->inet_dport != sport)
24738 + /* block non nx_info ips */
24739 + if (!v6_addr_in_nx_info(sk->sk_nx_info, daddr, -1))
24742 if (!ipv6_addr_any(&sk->sk_v6_rcv_saddr)) {
24743 if (!ipv6_addr_equal(&sk->sk_v6_rcv_saddr, daddr))
24744 diff -NurpP --minimal linux-3.14.17/net/ipv6/xfrm6_policy.c linux-3.14.17-vs2.3.6.13/net/ipv6/xfrm6_policy.c
24745 --- linux-3.14.17/net/ipv6/xfrm6_policy.c 2014-08-14 01:38:34.000000000 +0000
24746 +++ linux-3.14.17-vs2.3.6.13/net/ipv6/xfrm6_policy.c 2014-08-30 14:27:38.000000000 +0000
24747 @@ -63,7 +63,7 @@ static int xfrm6_get_saddr(struct net *n
24748 dev = ip6_dst_idev(dst)->dev;
24749 ipv6_dev_get_saddr(dev_net(dev), dev,
24750 (struct in6_addr *)&daddr->a6, 0,
24751 - (struct in6_addr *)&saddr->a6);
24752 + (struct in6_addr *)&saddr->a6, NULL);
24756 diff -NurpP --minimal linux-3.14.17/net/netfilter/ipvs/ip_vs_xmit.c linux-3.14.17-vs2.3.6.13/net/netfilter/ipvs/ip_vs_xmit.c
24757 --- linux-3.14.17/net/netfilter/ipvs/ip_vs_xmit.c 2014-08-14 01:38:34.000000000 +0000
24758 +++ linux-3.14.17-vs2.3.6.13/net/netfilter/ipvs/ip_vs_xmit.c 2014-08-30 14:27:38.000000000 +0000
24759 @@ -316,7 +316,7 @@ __ip_vs_route_output_v6(struct net *net,
24761 if (ipv6_addr_any(&fl6.saddr) &&
24762 ipv6_dev_get_saddr(net, ip6_dst_idev(dst)->dev,
24763 - &fl6.daddr, 0, &fl6.saddr) < 0)
24764 + &fl6.daddr, 0, &fl6.saddr, NULL) < 0)
24767 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), NULL, 0);
24768 diff -NurpP --minimal linux-3.14.17/net/netlink/af_netlink.c linux-3.14.17-vs2.3.6.13/net/netlink/af_netlink.c
24769 --- linux-3.14.17/net/netlink/af_netlink.c 2014-08-14 01:38:34.000000000 +0000
24770 +++ linux-3.14.17-vs2.3.6.13/net/netlink/af_netlink.c 2014-08-30 14:27:38.000000000 +0000
24772 #include <linux/mutex.h>
24773 #include <linux/vmalloc.h>
24774 #include <linux/if_arp.h>
24775 +#include <linux/vs_context.h>
24776 +#include <linux/vs_network.h>
24777 +#include <linux/vs_limit.h>
24778 #include <asm/cacheflush.h>
24780 #include <net/net_namespace.h>
24781 @@ -2913,6 +2916,8 @@ static struct sock *netlink_seq_socket_i
24782 sk_for_each(s, &hash->table[j]) {
24783 if (sock_net(s) != seq_file_net(seq))
24785 + if (!nx_check(s->sk_nid, VS_WATCH_P | VS_IDENT))
24789 iter->hash_idx = j;
24790 @@ -2949,7 +2954,8 @@ static void *netlink_seq_next(struct seq
24794 - } while (s && !nl_table[s->sk_protocol].compare(net, s));
24795 + } while (s && (!nl_table[s->sk_protocol].compare(net, s) ||
24796 + !nx_check(s->sk_nid, VS_WATCH_P | VS_IDENT)));
24800 @@ -2962,7 +2968,8 @@ static void *netlink_seq_next(struct seq
24801 for (; j <= hash->mask; j++) {
24802 s = sk_head(&hash->table[j]);
24804 - while (s && !nl_table[s->sk_protocol].compare(net, s))
24805 + while (s && (!nl_table[s->sk_protocol].compare(net, s) ||
24806 + !nx_check(s->sk_nid, VS_WATCH_P | VS_IDENT)))
24810 diff -NurpP --minimal linux-3.14.17/net/socket.c linux-3.14.17-vs2.3.6.13/net/socket.c
24811 --- linux-3.14.17/net/socket.c 2014-08-14 01:38:34.000000000 +0000
24812 +++ linux-3.14.17-vs2.3.6.13/net/socket.c 2014-08-30 14:27:38.000000000 +0000
24815 #include <net/sock.h>
24816 #include <linux/netfilter.h>
24817 +#include <linux/vs_socket.h>
24818 +#include <linux/vs_inet.h>
24819 +#include <linux/vs_inet6.h>
24821 #include <linux/if_tun.h>
24822 #include <linux/ipv6_route.h>
24823 @@ -624,13 +627,29 @@ static inline int __sock_sendmsg_nosec(s
24824 struct msghdr *msg, size_t size)
24826 struct sock_iocb *si = kiocb_to_siocb(iocb);
24834 - return sock->ops->sendmsg(iocb, sock, msg, size);
24835 + len = sock->ops->sendmsg(iocb, sock, msg, size);
24838 + vx_sock_send(sock->sk, size);
24840 + vx_sock_fail(sock->sk, size);
24842 + vxdprintk(VXD_CBIT(net, 7),
24843 + "__sock_sendmsg: %p[%p,%p,%p;%d/%d]:%d/%zu",
24845 + (sock->sk)?sock->sk->sk_nx_info:0,
24846 + (sock->sk)?sock->sk->sk_vx_info:0,
24847 + (sock->sk)?sock->sk->sk_xid:0,
24848 + (sock->sk)?sock->sk->sk_nid:0,
24849 + (unsigned int)size, len);
24853 static inline int __sock_sendmsg(struct kiocb *iocb, struct socket *sock,
24854 @@ -774,6 +793,7 @@ static inline int __sock_recvmsg_nosec(s
24855 struct msghdr *msg, size_t size, int flags)
24857 struct sock_iocb *si = kiocb_to_siocb(iocb);
24862 @@ -781,7 +801,18 @@ static inline int __sock_recvmsg_nosec(s
24866 - return sock->ops->recvmsg(iocb, sock, msg, size, flags);
24867 + len = sock->ops->recvmsg(iocb, sock, msg, size, flags);
24868 + if ((len >= 0) && sock->sk)
24869 + vx_sock_recv(sock->sk, len);
24870 + vxdprintk(VXD_CBIT(net, 7),
24871 + "__sock_recvmsg: %p[%p,%p,%p;%d/%d]:%d/%d",
24873 + (sock->sk)?sock->sk->sk_nx_info:0,
24874 + (sock->sk)?sock->sk->sk_vx_info:0,
24875 + (sock->sk)?sock->sk->sk_xid:0,
24876 + (sock->sk)?sock->sk->sk_nid:0,
24877 + (unsigned int)size, len);
24881 static inline int __sock_recvmsg(struct kiocb *iocb, struct socket *sock,
24882 @@ -1257,6 +1288,13 @@ int __sock_create(struct net *net, int f
24883 if (type < 0 || type >= SOCK_MAX)
24886 + if (!nx_check(0, VS_ADMIN)) {
24887 + if (family == PF_INET && !current_nx_info_has_v4())
24888 + return -EAFNOSUPPORT;
24889 + if (family == PF_INET6 && !current_nx_info_has_v6())
24890 + return -EAFNOSUPPORT;
24895 This uglymoron is moved from INET layer to here to avoid
24896 @@ -1391,6 +1429,7 @@ SYSCALL_DEFINE3(socket, int, family, int
24900 + set_bit(SOCK_USER_SOCKET, &sock->flags);
24901 retval = sock_map_fd(sock, flags & (O_CLOEXEC | O_NONBLOCK));
24904 @@ -1432,10 +1471,12 @@ SYSCALL_DEFINE4(socketpair, int, family,
24905 err = sock_create(family, type, protocol, &sock1);
24908 + set_bit(SOCK_USER_SOCKET, &sock1->flags);
24910 err = sock_create(family, type, protocol, &sock2);
24912 goto out_release_1;
24913 + set_bit(SOCK_USER_SOCKET, &sock2->flags);
24915 err = sock1->ops->socketpair(sock1, sock2);
24917 diff -NurpP --minimal linux-3.14.17/net/sunrpc/auth.c linux-3.14.17-vs2.3.6.13/net/sunrpc/auth.c
24918 --- linux-3.14.17/net/sunrpc/auth.c 2014-08-14 01:38:34.000000000 +0000
24919 +++ linux-3.14.17-vs2.3.6.13/net/sunrpc/auth.c 2014-08-30 14:27:38.000000000 +0000
24921 #include <linux/sunrpc/clnt.h>
24922 #include <linux/sunrpc/gss_api.h>
24923 #include <linux/spinlock.h>
24924 +#include <linux/vs_tag.h>
24927 # define RPCDBG_FACILITY RPCDBG_AUTH
24928 @@ -586,6 +587,7 @@ rpcauth_lookupcred(struct rpc_auth *auth
24929 memset(&acred, 0, sizeof(acred));
24930 acred.uid = cred->fsuid;
24931 acred.gid = cred->fsgid;
24932 + acred.tag = make_ktag(&init_user_ns, dx_current_tag());
24933 acred.group_info = get_group_info(((struct cred *)cred)->group_info);
24935 ret = auth->au_ops->lookup_cred(auth, &acred, flags);
24936 @@ -626,6 +628,7 @@ rpcauth_bind_root_cred(struct rpc_task *
24937 struct auth_cred acred = {
24938 .uid = GLOBAL_ROOT_UID,
24939 .gid = GLOBAL_ROOT_GID,
24940 + .tag = KTAGT_INIT(dx_current_tag()),
24943 dprintk("RPC: %5u looking up %s cred\n",
24944 diff -NurpP --minimal linux-3.14.17/net/sunrpc/auth_unix.c linux-3.14.17-vs2.3.6.13/net/sunrpc/auth_unix.c
24945 --- linux-3.14.17/net/sunrpc/auth_unix.c 2014-08-14 01:38:34.000000000 +0000
24946 +++ linux-3.14.17-vs2.3.6.13/net/sunrpc/auth_unix.c 2014-08-30 14:27:38.000000000 +0000
24947 @@ -13,11 +13,13 @@
24948 #include <linux/sunrpc/clnt.h>
24949 #include <linux/sunrpc/auth.h>
24950 #include <linux/user_namespace.h>
24951 +#include <linux/vs_tag.h>
24953 #define NFS_NGROUPS 16
24956 struct rpc_cred uc_base;
24959 kgid_t uc_gids[NFS_NGROUPS];
24961 @@ -80,6 +82,7 @@ unx_create_cred(struct rpc_auth *auth, s
24962 groups = NFS_NGROUPS;
24964 cred->uc_gid = acred->gid;
24965 + cred->uc_tag = acred->tag;
24966 for (i = 0; i < groups; i++)
24967 cred->uc_gids[i] = GROUP_AT(acred->group_info, i);
24968 if (i < NFS_NGROUPS)
24969 @@ -121,7 +124,9 @@ unx_match(struct auth_cred *acred, struc
24973 - if (!uid_eq(cred->uc_uid, acred->uid) || !gid_eq(cred->uc_gid, acred->gid))
24974 + if (!uid_eq(cred->uc_uid, acred->uid) ||
24975 + !gid_eq(cred->uc_gid, acred->gid) ||
24976 + !tag_eq(cred->uc_tag, acred->tag))
24979 if (acred->group_info != NULL)
24980 @@ -146,7 +151,7 @@ unx_marshal(struct rpc_task *task, __be3
24981 struct rpc_clnt *clnt = task->tk_client;
24982 struct unx_cred *cred = container_of(task->tk_rqstp->rq_cred, struct unx_cred, uc_base);
24983 __be32 *base, *hold;
24987 *p++ = htonl(RPC_AUTH_UNIX);
24989 @@ -157,8 +162,11 @@ unx_marshal(struct rpc_task *task, __be3
24991 p = xdr_encode_array(p, clnt->cl_nodename, clnt->cl_nodelen);
24993 - *p++ = htonl((u32) from_kuid(&init_user_ns, cred->uc_uid));
24994 - *p++ = htonl((u32) from_kgid(&init_user_ns, cred->uc_gid));
24995 + tag = task->tk_client->cl_tag;
24996 + *p++ = htonl((u32) from_kuid(&init_user_ns,
24997 + TAGINO_KUID(tag, cred->uc_uid, cred->uc_tag)));
24998 + *p++ = htonl((u32) from_kgid(&init_user_ns,
24999 + TAGINO_KGID(tag, cred->uc_gid, cred->uc_tag)));
25001 for (i = 0; i < 16 && gid_valid(cred->uc_gids[i]); i++)
25002 *p++ = htonl((u32) from_kgid(&init_user_ns, cred->uc_gids[i]));
25003 diff -NurpP --minimal linux-3.14.17/net/sunrpc/clnt.c linux-3.14.17-vs2.3.6.13/net/sunrpc/clnt.c
25004 --- linux-3.14.17/net/sunrpc/clnt.c 2014-08-14 01:38:34.000000000 +0000
25005 +++ linux-3.14.17-vs2.3.6.13/net/sunrpc/clnt.c 2014-08-30 14:27:38.000000000 +0000
25007 #include <linux/in.h>
25008 #include <linux/in6.h>
25009 #include <linux/un.h>
25010 +#include <linux/vs_cvirt.h>
25012 #include <linux/sunrpc/clnt.h>
25013 #include <linux/sunrpc/addr.h>
25014 @@ -538,6 +539,9 @@ struct rpc_clnt *rpc_create(struct rpc_c
25015 if (!(args->flags & RPC_CLNT_CREATE_QUIET))
25016 clnt->cl_chatty = 1;
25018 + /* TODO: handle RPC_CLNT_CREATE_TAGGED
25019 + if (args->flags & RPC_CLNT_CREATE_TAGGED)
25020 + clnt->cl_tag = 1; */
25023 EXPORT_SYMBOL_GPL(rpc_create);
25024 diff -NurpP --minimal linux-3.14.17/net/unix/af_unix.c linux-3.14.17-vs2.3.6.13/net/unix/af_unix.c
25025 --- linux-3.14.17/net/unix/af_unix.c 2014-08-14 01:38:34.000000000 +0000
25026 +++ linux-3.14.17-vs2.3.6.13/net/unix/af_unix.c 2014-08-30 14:27:38.000000000 +0000
25027 @@ -117,6 +117,8 @@
25028 #include <net/checksum.h>
25029 #include <linux/security.h>
25030 #include <linux/freezer.h>
25031 +#include <linux/vs_context.h>
25032 +#include <linux/vs_limit.h>
25034 struct hlist_head unix_socket_table[2 * UNIX_HASH_SIZE];
25035 EXPORT_SYMBOL_GPL(unix_socket_table);
25036 @@ -272,6 +274,8 @@ static struct sock *__unix_find_socket_b
25037 if (!net_eq(sock_net(s), net))
25040 + if (!nx_check(s->sk_nid, VS_WATCH_P | VS_IDENT))
25042 if (u->addr->len == len &&
25043 !memcmp(u->addr->name, sunname, len))
25045 @@ -2277,6 +2281,8 @@ static struct sock *unix_from_bucket(str
25046 for (sk = sk_head(&unix_socket_table[bucket]); sk; sk = sk_next(sk)) {
25047 if (sock_net(sk) != seq_file_net(seq))
25049 + if (!nx_check(sk->sk_nid, VS_WATCH_P | VS_IDENT))
25051 if (++count == offset)
25054 @@ -2294,6 +2300,8 @@ static struct sock *unix_next_socket(str
25058 + if (!nx_check(sk->sk_nid, VS_WATCH_P | VS_IDENT))
25060 if (sock_net(sk) == seq_file_net(seq))
25063 diff -NurpP --minimal linux-3.14.17/scripts/checksyscalls.sh linux-3.14.17-vs2.3.6.13/scripts/checksyscalls.sh
25064 --- linux-3.14.17/scripts/checksyscalls.sh 2014-08-14 01:38:34.000000000 +0000
25065 +++ linux-3.14.17-vs2.3.6.13/scripts/checksyscalls.sh 2014-08-30 14:27:38.000000000 +0000
25066 @@ -193,7 +193,6 @@ cat << EOF
25067 #define __IGNORE_afs_syscall
25068 #define __IGNORE_getpmsg
25069 #define __IGNORE_putpmsg
25070 -#define __IGNORE_vserver
25074 diff -NurpP --minimal linux-3.14.17/security/commoncap.c linux-3.14.17-vs2.3.6.13/security/commoncap.c
25075 --- linux-3.14.17/security/commoncap.c 2014-08-14 01:38:34.000000000 +0000
25076 +++ linux-3.14.17-vs2.3.6.13/security/commoncap.c 2014-08-30 14:27:38.000000000 +0000
25077 @@ -76,6 +76,7 @@ int cap_netlink_send(struct sock *sk, st
25078 int cap_capable(const struct cred *cred, struct user_namespace *targ_ns,
25079 int cap, int audit)
25081 + struct vx_info *vxi = current_vx_info(); /* FIXME: get vxi from cred? */
25082 struct user_namespace *ns = targ_ns;
25084 /* See if cred has the capability in the target user namespace
25085 @@ -84,8 +85,12 @@ int cap_capable(const struct cred *cred,
25088 /* Do we have the necessary capabilities? */
25089 - if (ns == cred->user_ns)
25090 - return cap_raised(cred->cap_effective, cap) ? 0 : -EPERM;
25091 + if (ns == cred->user_ns) {
25092 + if (vx_info_flags(vxi, VXF_STATE_SETUP, 0) &&
25093 + cap_raised(cred->cap_effective, cap))
25095 + return vx_cap_raised(vxi, cred->cap_effective, cap) ? 0 : -EPERM;
25098 /* Have we tried all of the parent namespaces? */
25099 if (ns == &init_user_ns)
25100 @@ -628,7 +633,7 @@ int cap_inode_setxattr(struct dentry *de
25102 if (!strncmp(name, XATTR_SECURITY_PREFIX,
25103 sizeof(XATTR_SECURITY_PREFIX) - 1) &&
25104 - !capable(CAP_SYS_ADMIN))
25105 + !vx_capable(CAP_SYS_ADMIN, VXC_FS_SECURITY))
25109 @@ -654,7 +659,7 @@ int cap_inode_removexattr(struct dentry
25111 if (!strncmp(name, XATTR_SECURITY_PREFIX,
25112 sizeof(XATTR_SECURITY_PREFIX) - 1) &&
25113 - !capable(CAP_SYS_ADMIN))
25114 + !vx_capable(CAP_SYS_ADMIN, VXC_FS_SECURITY))
25118 diff -NurpP --minimal linux-3.14.17/security/selinux/hooks.c linux-3.14.17-vs2.3.6.13/security/selinux/hooks.c
25119 --- linux-3.14.17/security/selinux/hooks.c 2014-08-14 01:38:34.000000000 +0000
25120 +++ linux-3.14.17-vs2.3.6.13/security/selinux/hooks.c 2014-08-30 14:27:38.000000000 +0000
25122 #include <linux/dccp.h>
25123 #include <linux/quota.h>
25124 #include <linux/un.h> /* for Unix socket types */
25125 -#include <net/af_unix.h> /* for Unix socket types */
25126 #include <linux/parser.h>
25127 #include <linux/nfs_mount.h>
25128 #include <net/ipv6.h>