1 diff -NurpP --minimal linux-2.6.2-rc1/arch/alpha/kernel/ptrace.c linux-2.6.2-rc1-vs0.05.1/arch/alpha/kernel/ptrace.c
2 --- linux-2.6.2-rc1/arch/alpha/kernel/ptrace.c Fri Jan 9 08:00:02 2004
3 +++ linux-2.6.2-rc1-vs0.05.1/arch/alpha/kernel/ptrace.c Sat Jan 24 06:45:48 2004
6 #include <linux/kernel.h>
7 #include <linux/sched.h>
8 +#include <linux/vinline.h>
10 #include <linux/smp.h>
11 #include <linux/smp_lock.h>
12 @@ -285,7 +286,7 @@ do_sys_ptrace(long request, long pid, lo
14 get_task_struct(child);
15 read_unlock(&tasklist_lock);
17 + if (!child || !vx_check(vx_task_xid(child), VX_WATCH|VX_IDENT))
20 if (request == PTRACE_ATTACH) {
21 diff -NurpP --minimal linux-2.6.2-rc1/arch/alpha/kernel/systbls.S linux-2.6.2-rc1-vs0.05.1/arch/alpha/kernel/systbls.S
22 --- linux-2.6.2-rc1/arch/alpha/kernel/systbls.S Fri Jan 9 07:59:45 2004
23 +++ linux-2.6.2-rc1-vs0.05.1/arch/alpha/kernel/systbls.S Sat Jan 24 06:45:48 2004
24 @@ -291,7 +291,7 @@ sys_call_table:
25 .quad alpha_ni_syscall /* 270 */
26 .quad alpha_ni_syscall
27 .quad alpha_ni_syscall
28 - .quad alpha_ni_syscall
29 + .quad sys_vserver /* 273 sys_vserver */
30 .quad alpha_ni_syscall
31 .quad alpha_ni_syscall /* 275 */
32 .quad alpha_ni_syscall
33 diff -NurpP --minimal linux-2.6.2-rc1/arch/i386/kernel/entry.S linux-2.6.2-rc1-vs0.05.1/arch/i386/kernel/entry.S
34 --- linux-2.6.2-rc1/arch/i386/kernel/entry.S Fri Jan 9 07:59:19 2004
35 +++ linux-2.6.2-rc1-vs0.05.1/arch/i386/kernel/entry.S Sat Jan 24 06:45:48 2004
36 @@ -881,6 +881,6 @@ ENTRY(sys_call_table)
37 .long sys_tgkill /* 270 */
39 .long sys_fadvise64_64
40 - .long sys_ni_syscall /* sys_vserver */
43 syscall_table_size=(.-sys_call_table)
44 diff -NurpP --minimal linux-2.6.2-rc1/arch/i386/kernel/ptrace.c linux-2.6.2-rc1-vs0.05.1/arch/i386/kernel/ptrace.c
45 --- linux-2.6.2-rc1/arch/i386/kernel/ptrace.c Fri Jan 9 07:59:19 2004
46 +++ linux-2.6.2-rc1-vs0.05.1/arch/i386/kernel/ptrace.c Sat Jan 24 06:45:48 2004
49 #include <linux/kernel.h>
50 #include <linux/sched.h>
51 +#include <linux/vinline.h>
53 #include <linux/smp.h>
54 #include <linux/smp_lock.h>
55 @@ -255,7 +256,7 @@ asmlinkage int sys_ptrace(long request,
57 get_task_struct(child);
58 read_unlock(&tasklist_lock);
60 + if (!child || !vx_check(vx_task_xid(child), VX_WATCH|VX_IDENT))
64 diff -NurpP --minimal linux-2.6.2-rc1/arch/ia64/kernel/ptrace.c linux-2.6.2-rc1-vs0.05.1/arch/ia64/kernel/ptrace.c
65 --- linux-2.6.2-rc1/arch/ia64/kernel/ptrace.c Fri Jan 9 08:00:12 2004
66 +++ linux-2.6.2-rc1-vs0.05.1/arch/ia64/kernel/ptrace.c Sat Jan 24 06:45:48 2004
68 #include <linux/config.h>
69 #include <linux/kernel.h>
70 #include <linux/sched.h>
71 +#include <linux/vinline.h>
72 #include <linux/slab.h>
74 #include <linux/errno.h>
75 @@ -1282,7 +1283,7 @@ sys_ptrace (long request, pid_t pid, uns
78 read_unlock(&tasklist_lock);
80 + if (!child || !vx_check(vx_task_xid(child), VX_WATCH|VX_IDENT))
83 if (pid == 1) /* no messing around with init! */
84 diff -NurpP --minimal linux-2.6.2-rc1/arch/m68k/kernel/ptrace.c linux-2.6.2-rc1-vs0.05.1/arch/m68k/kernel/ptrace.c
85 --- linux-2.6.2-rc1/arch/m68k/kernel/ptrace.c Fri Jan 9 07:59:19 2004
86 +++ linux-2.6.2-rc1-vs0.05.1/arch/m68k/kernel/ptrace.c Sat Jan 24 06:45:48 2004
89 #include <linux/kernel.h>
90 #include <linux/sched.h>
91 +#include <linux/vinline.h>
93 #include <linux/smp.h>
94 #include <linux/smp_lock.h>
95 @@ -124,7 +125,7 @@ asmlinkage int sys_ptrace(long request,
97 get_task_struct(child);
98 read_unlock(&tasklist_lock);
100 + if (!child || !vx_check(vx_task_xid(child), VX_WATCH|VX_IDENT))
104 diff -NurpP --minimal linux-2.6.2-rc1/arch/mips/kernel/ptrace.c linux-2.6.2-rc1-vs0.05.1/arch/mips/kernel/ptrace.c
105 --- linux-2.6.2-rc1/arch/mips/kernel/ptrace.c Fri Jan 9 08:00:13 2004
106 +++ linux-2.6.2-rc1-vs0.05.1/arch/mips/kernel/ptrace.c Sat Jan 24 06:45:48 2004
108 #include <linux/compiler.h>
109 #include <linux/kernel.h>
110 #include <linux/sched.h>
111 +#include <linux/vinline.h>
112 #include <linux/mm.h>
113 #include <linux/errno.h>
114 #include <linux/ptrace.h>
115 @@ -74,7 +75,7 @@ asmlinkage int sys_ptrace(long request,
117 get_task_struct(child);
118 read_unlock(&tasklist_lock);
120 + if (!child || !vx_check(vx_task_xid(child), VX_WATCH|VX_IDENT))
124 diff -NurpP --minimal linux-2.6.2-rc1/arch/parisc/kernel/ptrace.c linux-2.6.2-rc1-vs0.05.1/arch/parisc/kernel/ptrace.c
125 --- linux-2.6.2-rc1/arch/parisc/kernel/ptrace.c Fri Jan 9 07:59:09 2004
126 +++ linux-2.6.2-rc1-vs0.05.1/arch/parisc/kernel/ptrace.c Sat Jan 24 06:45:48 2004
129 #include <linux/kernel.h>
130 #include <linux/sched.h>
131 +#include <linux/vinline.h>
132 #include <linux/mm.h>
133 #include <linux/smp.h>
134 #include <linux/smp_lock.h>
135 @@ -109,7 +110,7 @@ long sys_ptrace(long request, pid_t pid,
137 get_task_struct(child);
138 read_unlock(&tasklist_lock);
140 + if (!child || !vx_check(vx_task_xid(child), VX_WATCH|VX_IDENT))
143 if (pid == 1) /* no messing around with init! */
144 diff -NurpP --minimal linux-2.6.2-rc1/arch/ppc/kernel/misc.S linux-2.6.2-rc1-vs0.05.1/arch/ppc/kernel/misc.S
145 --- linux-2.6.2-rc1/arch/ppc/kernel/misc.S Sat Jan 24 03:18:04 2004
146 +++ linux-2.6.2-rc1-vs0.05.1/arch/ppc/kernel/misc.S Sat Jan 24 06:45:48 2004
147 @@ -1386,3 +1386,22 @@ _GLOBAL(sys_call_table)
149 .long ppc_fadvise64_64
150 .long sys_ni_syscall /* 255 - rtas (used on ppc64) */
151 + .long sys_ni_syscall
152 + .long sys_ni_syscall
153 + .long sys_ni_syscall
154 + .long sys_ni_syscall
155 + .long sys_ni_syscall /* 260 */
156 + .long sys_ni_syscall
157 + .long sys_ni_syscall
158 + .long sys_ni_syscall
159 + .long sys_ni_syscall
160 + .long sys_ni_syscall /* 265 */
161 + .long sys_ni_syscall
162 + .long sys_ni_syscall
163 + .long sys_ni_syscall
164 + .long sys_ni_syscall
165 + .long sys_ni_syscall /* 270 */
166 + .long sys_ni_syscall
167 + .long sys_ni_syscall
168 + .long sys_vserver /* 273 sys_vserver */
170 diff -NurpP --minimal linux-2.6.2-rc1/arch/ppc/kernel/ptrace.c linux-2.6.2-rc1-vs0.05.1/arch/ppc/kernel/ptrace.c
171 --- linux-2.6.2-rc1/arch/ppc/kernel/ptrace.c Fri Jan 9 07:59:19 2004
172 +++ linux-2.6.2-rc1-vs0.05.1/arch/ppc/kernel/ptrace.c Sat Jan 24 06:45:48 2004
175 #include <linux/kernel.h>
176 #include <linux/sched.h>
177 +#include <linux/vinline.h>
178 #include <linux/mm.h>
179 #include <linux/smp.h>
180 #include <linux/smp_lock.h>
181 @@ -195,7 +196,7 @@ int sys_ptrace(long request, long pid, l
183 get_task_struct(child);
184 read_unlock(&tasklist_lock);
186 + if (!child || !vx_check(vx_task_xid(child), VX_WATCH|VX_IDENT))
190 diff -NurpP --minimal linux-2.6.2-rc1/arch/ppc64/kernel/misc.S linux-2.6.2-rc1-vs0.05.1/arch/ppc64/kernel/misc.S
191 --- linux-2.6.2-rc1/arch/ppc64/kernel/misc.S Sat Jan 24 03:18:04 2004
192 +++ linux-2.6.2-rc1-vs0.05.1/arch/ppc64/kernel/misc.S Sat Jan 24 06:45:48 2004
193 @@ -819,6 +819,24 @@ _GLOBAL(sys_call_table32)
194 .llong .compat_fstatfs64
195 .llong .ppc32_fadvise64_64 /* 32bit only fadvise64_64 */
196 .llong .ppc_rtas /* 255 */
197 + .llong .sys_ni_syscall
198 + .llong .sys_ni_syscall
199 + .llong .sys_ni_syscall
200 + .llong .sys_ni_syscall
201 + .llong .sys_ni_syscall /* 260 */
202 + .llong .sys_ni_syscall
203 + .llong .sys_ni_syscall
204 + .llong .sys_ni_syscall
205 + .llong .sys_ni_syscall
206 + .llong .sys_ni_syscall /* 265 */
207 + .llong .sys_ni_syscall
208 + .llong .sys_ni_syscall
209 + .llong .sys_ni_syscall
210 + .llong .sys_ni_syscall
211 + .llong .sys_ni_syscall /* 270 */
212 + .llong .sys_ni_syscall
213 + .llong .sys_ni_syscall
214 + .llong .sys_vserver /* 273 sys_vserver */
217 _GLOBAL(sys_call_table)
218 @@ -1078,3 +1096,22 @@ _GLOBAL(sys_call_table)
219 .llong .sys_fstatfs64
220 .llong .sys_ni_syscall /* 32bit only fadvise64_64 */
221 .llong .ppc_rtas /* 255 */
222 + .llong .sys_ni_syscall
223 + .llong .sys_ni_syscall
224 + .llong .sys_ni_syscall
225 + .llong .sys_ni_syscall
226 + .llong .sys_ni_syscall /* 260 */
227 + .llong .sys_ni_syscall
228 + .llong .sys_ni_syscall
229 + .llong .sys_ni_syscall
230 + .llong .sys_ni_syscall
231 + .llong .sys_ni_syscall /* 265 */
232 + .llong .sys_ni_syscall
233 + .llong .sys_ni_syscall
234 + .llong .sys_ni_syscall
235 + .llong .sys_ni_syscall
236 + .llong .sys_ni_syscall /* 270 */
237 + .llong .sys_ni_syscall
238 + .llong .sys_ni_syscall
239 + .llong .sys_vserver /* 273 sys_vserver */
241 diff -NurpP --minimal linux-2.6.2-rc1/arch/ppc64/kernel/ptrace.c linux-2.6.2-rc1-vs0.05.1/arch/ppc64/kernel/ptrace.c
242 --- linux-2.6.2-rc1/arch/ppc64/kernel/ptrace.c Fri Jan 9 07:59:56 2004
243 +++ linux-2.6.2-rc1-vs0.05.1/arch/ppc64/kernel/ptrace.c Sat Jan 24 06:45:48 2004
246 #include <linux/kernel.h>
247 #include <linux/sched.h>
248 +#include <linux/vinline.h>
249 #include <linux/mm.h>
250 #include <linux/smp.h>
251 #include <linux/smp_lock.h>
252 @@ -73,7 +74,7 @@ int sys_ptrace(long request, long pid, l
254 get_task_struct(child);
255 read_unlock(&tasklist_lock);
257 + if (!child || !vx_check(vx_task_xid(child), VX_WATCH|VX_IDENT))
261 diff -NurpP --minimal linux-2.6.2-rc1/arch/s390/kernel/ptrace.c linux-2.6.2-rc1-vs0.05.1/arch/s390/kernel/ptrace.c
262 --- linux-2.6.2-rc1/arch/s390/kernel/ptrace.c Sat Jan 24 03:18:05 2004
263 +++ linux-2.6.2-rc1-vs0.05.1/arch/s390/kernel/ptrace.c Sat Jan 24 06:45:48 2004
266 #include <linux/kernel.h>
267 #include <linux/sched.h>
268 +#include <linux/vinline.h>
269 #include <linux/mm.h>
270 #include <linux/smp.h>
271 #include <linux/smp_lock.h>
272 @@ -647,7 +648,7 @@ sys_ptrace(long request, long pid, long
274 get_task_struct(child);
275 read_unlock(&tasklist_lock);
277 + if (!child || !vx_check(vx_task_xid(child), VX_WATCH|VX_IDENT))
280 ret = do_ptrace(child, request, addr, data);
281 diff -NurpP --minimal linux-2.6.2-rc1/arch/s390/kernel/syscalls.S linux-2.6.2-rc1-vs0.05.1/arch/s390/kernel/syscalls.S
282 --- linux-2.6.2-rc1/arch/s390/kernel/syscalls.S Sat Jan 24 03:18:05 2004
283 +++ linux-2.6.2-rc1-vs0.05.1/arch/s390/kernel/syscalls.S Sat Jan 24 06:45:48 2004
284 @@ -271,5 +271,5 @@ SYSCALL(sys_clock_settime,sys_clock_sett
285 SYSCALL(sys_clock_gettime,sys_clock_gettime,sys32_clock_gettime_wrapper) /* 260 */
286 SYSCALL(sys_clock_getres,sys_clock_getres,sys32_clock_getres_wrapper)
287 SYSCALL(sys_clock_nanosleep,sys_clock_nanosleep,sys32_clock_nanosleep_wrapper)
288 -NI_SYSCALL /* reserved for vserver */
289 +SYSCALL(sys_vserver,sys_vserver,sys_vserver)
290 SYSCALL(s390_fadvise64_64,sys_ni_syscall,sys32_fadvise64_64_wrapper)
291 diff -NurpP --minimal linux-2.6.2-rc1/arch/sparc/kernel/systbls.S linux-2.6.2-rc1-vs0.05.1/arch/sparc/kernel/systbls.S
292 --- linux-2.6.2-rc1/arch/sparc/kernel/systbls.S Fri Jan 9 07:59:34 2004
293 +++ linux-2.6.2-rc1-vs0.05.1/arch/sparc/kernel/systbls.S Sat Jan 24 06:45:48 2004
294 @@ -72,7 +72,7 @@ sys_call_table:
295 /*250*/ .long sparc_mremap, sys_sysctl, sys_getsid, sys_fdatasync, sys_nfsservctl
296 /*255*/ .long sys_nis_syscall, sys_clock_settime, sys_clock_gettime, sys_clock_getres, sys_clock_nanosleep
297 /*260*/ .long sys_sched_getaffinity, sys_sched_setaffinity, sys_timer_settime, sys_timer_gettime, sys_timer_getoverrun
298 -/*265*/ .long sys_timer_delete, sys_timer_create, sys_nis_syscall, sys_io_setup, sys_io_destroy
299 +/*265*/ .long sys_timer_delete, sys_timer_create, sys_vserver, sys_io_setup, sys_io_destroy
300 /*270*/ .long sys_io_submit, sys_io_cancel, sys_io_getevents, sys_nis_syscall
302 #ifdef CONFIG_SUNOS_EMUL
303 diff -NurpP --minimal linux-2.6.2-rc1/arch/sparc64/kernel/ptrace.c linux-2.6.2-rc1-vs0.05.1/arch/sparc64/kernel/ptrace.c
304 --- linux-2.6.2-rc1/arch/sparc64/kernel/ptrace.c Fri Jan 9 08:00:05 2004
305 +++ linux-2.6.2-rc1-vs0.05.1/arch/sparc64/kernel/ptrace.c Sat Jan 24 06:45:48 2004
308 #include <linux/kernel.h>
309 #include <linux/sched.h>
310 +#include <linux/vinline.h>
311 #include <linux/mm.h>
312 #include <linux/errno.h>
313 #include <linux/ptrace.h>
314 @@ -164,7 +165,7 @@ asmlinkage void do_ptrace(struct pt_regs
315 get_task_struct(child);
316 read_unlock(&tasklist_lock);
319 + if (!child || !vx_check(vx_task_xid(child), VX_WATCH|VX_IDENT)) {
320 pt_error_return(regs, ESRCH);
323 diff -NurpP --minimal linux-2.6.2-rc1/arch/sparc64/kernel/systbls.S linux-2.6.2-rc1-vs0.05.1/arch/sparc64/kernel/systbls.S
324 --- linux-2.6.2-rc1/arch/sparc64/kernel/systbls.S Fri Jan 9 07:59:26 2004
325 +++ linux-2.6.2-rc1-vs0.05.1/arch/sparc64/kernel/systbls.S Sat Jan 24 06:45:48 2004
326 @@ -73,7 +73,7 @@ sys_call_table32:
327 .word sys_ni_syscall, compat_clock_settime, compat_clock_gettime, compat_clock_getres, compat_clock_nanosleep
328 /*260*/ .word compat_sys_sched_getaffinity, compat_sys_sched_setaffinity, compat_timer_settime, compat_timer_gettime, sys_timer_getoverrun
329 .word sys_timer_delete, sys32_timer_create, sys_ni_syscall, compat_sys_io_setup, sys_io_destroy
330 -/*270*/ .word compat_sys_io_submit, sys_io_cancel, compat_sys_io_getevents, sys_ni_syscall
331 +/*270*/ .word compat_sys_io_submit, sys_io_cancel, compat_sys_io_getevents, sys_vserver
333 /* Now the 64-bit native Linux syscall table. */
335 @@ -135,7 +135,7 @@ sys_call_table:
336 .word sys_ni_syscall, sys_clock_settime, sys_clock_gettime, sys_clock_getres, sys_clock_nanosleep
337 /*260*/ .word sys_sched_getaffinity, sys_sched_setaffinity, sys_timer_settime, sys_timer_gettime, sys_timer_getoverrun
338 .word sys_timer_delete, sys_timer_create, sys_ni_syscall, sys_io_setup, sys_io_destroy
339 -/*270*/ .word sys_io_submit, sys_io_cancel, sys_io_getevents, sys_ni_syscall
340 +/*270*/ .word sys_io_submit, sys_io_cancel, sys_io_getevents, sys_vserver
342 #if defined(CONFIG_SUNOS_EMUL) || defined(CONFIG_SOLARIS_EMUL) || \
343 defined(CONFIG_SOLARIS_EMUL_MODULE)
344 diff -NurpP --minimal linux-2.6.2-rc1/arch/x86_64/ia32/ia32entry.S linux-2.6.2-rc1-vs0.05.1/arch/x86_64/ia32/ia32entry.S
345 --- linux-2.6.2-rc1/arch/x86_64/ia32/ia32entry.S Fri Jan 9 07:59:27 2004
346 +++ linux-2.6.2-rc1-vs0.05.1/arch/x86_64/ia32/ia32entry.S Sat Jan 24 06:45:48 2004
347 @@ -448,34 +448,35 @@ ia32_sys_call_table:
348 .quad compat_sys_sched_getaffinity
349 .quad sys32_set_thread_area
350 .quad sys32_get_thread_area
351 - .quad sys32_io_setup
352 + .quad sys32_io_setup /* 245 */
354 .quad sys32_io_getevents
355 .quad sys32_io_submit
357 - .quad sys_fadvise64
358 + .quad sys_fadvise64 /* 250 */
359 .quad sys_ni_syscall /* free_huge_pages */
360 .quad sys_exit_group /* exit_group */
361 .quad sys_lookup_dcookie
362 .quad sys_epoll_create
363 - .quad sys_epoll_ctl
364 + .quad sys_epoll_ctl /* 255 */
366 .quad sys_remap_file_pages
367 .quad sys_set_tid_address
368 .quad sys32_timer_create
369 - .quad compat_timer_settime
370 + .quad compat_timer_settime /* 260 */
371 .quad compat_timer_gettime
372 .quad sys_timer_getoverrun
373 .quad sys_timer_delete
374 .quad compat_clock_settime
375 - .quad compat_clock_gettime
376 + .quad compat_clock_gettime /* 265 */
377 .quad compat_clock_getres
378 .quad compat_clock_nanosleep
379 .quad compat_statfs64 /* statfs64 */
380 .quad compat_fstatfs64 /* fstatfs64 */
382 + .quad sys_tgkill /* 270 */
383 .quad compat_sys_utimes
384 .quad sys32_fadvise64_64
385 + .quad sys_vserver /* 273 sys_vserver */
386 /* don't forget to change IA32_NR_syscalls */
388 .rept IA32_NR_syscalls-(ia32_syscall_end-ia32_sys_call_table)/8
389 diff -NurpP --minimal linux-2.6.2-rc1/arch/x86_64/kernel/ptrace.c linux-2.6.2-rc1-vs0.05.1/arch/x86_64/kernel/ptrace.c
390 --- linux-2.6.2-rc1/arch/x86_64/kernel/ptrace.c Fri Jan 9 07:59:19 2004
391 +++ linux-2.6.2-rc1-vs0.05.1/arch/x86_64/kernel/ptrace.c Sat Jan 24 06:45:48 2004
394 #include <linux/kernel.h>
395 #include <linux/sched.h>
396 +#include <linux/vinline.h>
397 #include <linux/mm.h>
398 #include <linux/smp.h>
399 #include <linux/smp_lock.h>
400 @@ -205,7 +206,7 @@ asmlinkage long sys_ptrace(long request,
402 get_task_struct(child);
403 read_unlock(&tasklist_lock);
405 + if (!child || !vx_check(vx_task_xid(child), VX_WATCH|VX_IDENT))
409 diff -NurpP --minimal linux-2.6.2-rc1/fs/ext2/ialloc.c linux-2.6.2-rc1-vs0.05.1/fs/ext2/ialloc.c
410 --- linux-2.6.2-rc1/fs/ext2/ialloc.c Sat Jan 24 03:18:15 2004
411 +++ linux-2.6.2-rc1-vs0.05.1/fs/ext2/ialloc.c Sat Jan 24 06:14:24 2004
412 @@ -581,7 +581,7 @@ got:
413 memset(ei->i_data, 0, sizeof(ei->i_data));
414 ei->i_flags = EXT2_I(dir)->i_flags & ~EXT2_BTREE_FL;
416 - ei->i_flags &= ~(EXT2_IMMUTABLE_FL|EXT2_APPEND_FL);
417 + ei->i_flags &= ~(EXT2_IMMUTABLE_FL|EXT2_IUNLINK_FL|EXT2_APPEND_FL);
418 /* dirsync is only applied to directories */
420 ei->i_flags &= ~EXT2_DIRSYNC_FL;
421 diff -NurpP --minimal linux-2.6.2-rc1/fs/ext2/inode.c linux-2.6.2-rc1-vs0.05.1/fs/ext2/inode.c
422 --- linux-2.6.2-rc1/fs/ext2/inode.c Sat Jan 24 03:18:15 2004
423 +++ linux-2.6.2-rc1-vs0.05.1/fs/ext2/inode.c Sat Jan 24 06:28:27 2004
424 @@ -64,6 +64,8 @@ void ext2_put_inode(struct inode *inode)
425 ext2_discard_prealloc(inode);
428 +static void ext2_truncate_nocheck (struct inode * inode);
431 * Called at the last iput() if i_nlink is zero.
433 @@ -77,7 +79,7 @@ void ext2_delete_inode (struct inode * i
437 - ext2_truncate (inode);
438 + ext2_truncate_nocheck(inode);
439 ext2_free_inode (inode);
442 @@ -876,7 +878,7 @@ static void ext2_free_branches(struct in
443 ext2_free_data(inode, p, q);
446 -void ext2_truncate (struct inode * inode)
447 +static void ext2_truncate_nocheck(struct inode * inode)
449 u32 *i_data = EXT2_I(inode)->i_data;
450 int addr_per_block = EXT2_ADDR_PER_BLOCK(inode->i_sb);
451 @@ -893,8 +895,6 @@ void ext2_truncate (struct inode * inode
453 if (ext2_inode_is_fast_symlink(inode))
455 - if (IS_APPEND(inode) || IS_IMMUTABLE(inode))
458 ext2_discard_prealloc(inode);
460 @@ -1016,17 +1016,26 @@ Egdp:
461 return ERR_PTR(-EIO);
464 +void ext2_truncate (struct inode * inode)
466 + if (IS_APPEND(inode) || IS_IMMUTABLE(inode))
468 + ext2_truncate_nocheck(inode);
471 void ext2_set_inode_flags(struct inode *inode)
473 unsigned int flags = EXT2_I(inode)->i_flags;
475 - inode->i_flags &= ~(S_SYNC|S_APPEND|S_IMMUTABLE|S_NOATIME|S_DIRSYNC);
476 + inode->i_flags &= ~(S_SYNC|S_APPEND|S_IMMUTABLE|S_IUNLINK|S_NOATIME|S_DIRSYNC);
477 if (flags & EXT2_SYNC_FL)
478 inode->i_flags |= S_SYNC;
479 if (flags & EXT2_APPEND_FL)
480 inode->i_flags |= S_APPEND;
481 if (flags & EXT2_IMMUTABLE_FL)
482 inode->i_flags |= S_IMMUTABLE;
483 + if (flags & EXT2_IUNLINK_FL)
484 + inode->i_flags |= S_IUNLINK;
485 if (flags & EXT2_NOATIME_FL)
486 inode->i_flags |= S_NOATIME;
487 if (flags & EXT2_DIRSYNC_FL)
488 diff -NurpP --minimal linux-2.6.2-rc1/fs/ext3/ialloc.c linux-2.6.2-rc1-vs0.05.1/fs/ext3/ialloc.c
489 --- linux-2.6.2-rc1/fs/ext3/ialloc.c Sat Jan 24 03:18:15 2004
490 +++ linux-2.6.2-rc1-vs0.05.1/fs/ext3/ialloc.c Sat Jan 24 06:14:24 2004
491 @@ -569,7 +569,7 @@ got:
493 ei->i_flags = EXT3_I(dir)->i_flags & ~EXT3_INDEX_FL;
495 - ei->i_flags &= ~(EXT3_IMMUTABLE_FL|EXT3_APPEND_FL);
496 + ei->i_flags &= ~(EXT3_IMMUTABLE_FL|EXT3_IUNLINK_FL|EXT3_APPEND_FL);
497 /* dirsync only applies to directories */
499 ei->i_flags &= ~EXT3_DIRSYNC_FL;
500 diff -NurpP --minimal linux-2.6.2-rc1/fs/ext3/inode.c linux-2.6.2-rc1-vs0.05.1/fs/ext3/inode.c
501 --- linux-2.6.2-rc1/fs/ext3/inode.c Sat Jan 24 03:18:15 2004
502 +++ linux-2.6.2-rc1-vs0.05.1/fs/ext3/inode.c Sat Jan 24 22:44:56 2004
503 @@ -189,6 +189,8 @@ void ext3_put_inode(struct inode *inode)
504 ext3_discard_prealloc(inode);
507 +static void ext3_truncate_nocheck (struct inode *inode);
510 * Called at the last iput() if i_nlink is zero.
512 @@ -214,7 +216,7 @@ void ext3_delete_inode (struct inode * i
516 - ext3_truncate(inode);
517 + ext3_truncate_nocheck(inode);
519 * Kill off the orphan record which ext3_truncate created.
520 * AKPM: I think this can be inside the above `if'.
521 @@ -2114,7 +2116,7 @@ static void ext3_free_branches(handle_t
522 * ext3_truncate() run will find them and release them.
525 -void ext3_truncate(struct inode * inode)
526 +void ext3_truncate_nocheck(struct inode * inode)
529 struct ext3_inode_info *ei = EXT3_I(inode);
530 @@ -2135,8 +2137,6 @@ void ext3_truncate(struct inode * inode)
532 if (ext3_inode_is_fast_symlink(inode))
534 - if (IS_APPEND(inode) || IS_IMMUTABLE(inode))
537 ext3_discard_prealloc(inode);
539 @@ -2443,17 +2443,26 @@ has_buffer:
543 +void ext3_truncate(struct inode * inode)
545 + if (IS_APPEND(inode) || IS_IMMUTABLE(inode))
547 + ext3_truncate_nocheck(inode);
550 void ext3_set_inode_flags(struct inode *inode)
552 unsigned int flags = EXT3_I(inode)->i_flags;
554 - inode->i_flags &= ~(S_SYNC|S_APPEND|S_IMMUTABLE|S_NOATIME|S_DIRSYNC);
555 + inode->i_flags &= ~(S_SYNC|S_APPEND|S_IMMUTABLE|S_IUNLINK|S_NOATIME|S_DIRSYNC);
556 if (flags & EXT3_SYNC_FL)
557 inode->i_flags |= S_SYNC;
558 if (flags & EXT3_APPEND_FL)
559 inode->i_flags |= S_APPEND;
560 if (flags & EXT3_IMMUTABLE_FL)
561 inode->i_flags |= S_IMMUTABLE;
562 + if (flags & EXT3_IUNLINK_FL)
563 + inode->i_flags |= S_IUNLINK;
564 if (flags & EXT3_NOATIME_FL)
565 inode->i_flags |= S_NOATIME;
566 if (flags & EXT3_DIRSYNC_FL)
567 diff -NurpP --minimal linux-2.6.2-rc1/fs/inode.c linux-2.6.2-rc1-vs0.05.1/fs/inode.c
568 --- linux-2.6.2-rc1/fs/inode.c Fri Jan 9 08:00:12 2004
569 +++ linux-2.6.2-rc1-vs0.05.1/fs/inode.c Sat Jan 24 06:23:57 2004
570 @@ -131,6 +131,7 @@ static struct inode *alloc_inode(struct
571 inode->i_bdev = NULL;
572 inode->i_cdev = NULL;
574 + // inode->i_xid = 0; /* maybe not too wise ... */
575 inode->i_security = NULL;
576 if (security_inode_alloc(inode)) {
577 if (inode->i_sb->s_op->destroy_inode)
578 diff -NurpP --minimal linux-2.6.2-rc1/fs/ioctl.c linux-2.6.2-rc1-vs0.05.1/fs/ioctl.c
579 --- linux-2.6.2-rc1/fs/ioctl.c Sat Jan 24 03:18:15 2004
580 +++ linux-2.6.2-rc1-vs0.05.1/fs/ioctl.c Sat Jan 24 07:49:20 2004
582 #include <linux/file.h>
583 #include <linux/fs.h>
584 #include <linux/security.h>
585 +#include <linux/proc_fs.h>
586 +#include <linux/vserver/inode.h>
588 #include <asm/uaccess.h>
589 #include <asm/ioctls.h>
591 +extern int vx_proc_ioctl(struct inode *, struct file *,
592 + unsigned int, unsigned long);
594 static int file_ioctl(struct file *filp,unsigned int cmd,unsigned long arg)
597 @@ -118,6 +123,12 @@ asmlinkage long sys_ioctl(unsigned int f
605 + if (filp->f_dentry->d_inode->i_sb->s_magic == PROC_SUPER_MAGIC)
606 + error = vx_proc_ioctl(filp->f_dentry->d_inode, filp, cmd, arg);
610 diff -NurpP --minimal linux-2.6.2-rc1/fs/namei.c linux-2.6.2-rc1-vs0.05.1/fs/namei.c
611 --- linux-2.6.2-rc1/fs/namei.c Fri Jan 9 07:59:26 2004
612 +++ linux-2.6.2-rc1-vs0.05.1/fs/namei.c Sat Jan 24 06:14:24 2004
613 @@ -1021,7 +1021,7 @@ static inline int may_delete(struct inod
616 if (check_sticky(dir, victim->d_inode)||IS_APPEND(victim->d_inode)||
617 - IS_IMMUTABLE(victim->d_inode))
618 + IS_IXUNLINK(victim->d_inode))
621 if (!S_ISDIR(victim->d_inode->i_mode))
622 @@ -1816,7 +1816,7 @@ int vfs_link(struct dentry *old_dentry,
624 * A link to an append-only or immutable file cannot be created.
626 - if (IS_APPEND(inode) || IS_IMMUTABLE(inode))
627 + if (IS_APPEND(inode) || IS_IXUNLINK(inode))
629 if (!dir->i_op || !dir->i_op->link)
631 diff -NurpP --minimal linux-2.6.2-rc1/fs/proc/Makefile linux-2.6.2-rc1-vs0.05.1/fs/proc/Makefile
632 --- linux-2.6.2-rc1/fs/proc/Makefile Fri Jan 9 07:59:07 2004
633 +++ linux-2.6.2-rc1-vs0.05.1/fs/proc/Makefile Sat Jan 24 05:45:59 2004
634 @@ -8,7 +8,7 @@ proc-y := task_nommu.o
635 proc-$(CONFIG_MMU) := task_mmu.o
637 proc-y += inode.o root.o base.o generic.o array.o \
638 - kmsg.o proc_tty.o proc_misc.o
639 + kmsg.o proc_tty.o proc_misc.o virtual.o
641 proc-$(CONFIG_PROC_KCORE) += kcore.o
642 proc-$(CONFIG_PROC_DEVICETREE) += proc_devtree.o
643 diff -NurpP --minimal linux-2.6.2-rc1/fs/proc/array.c linux-2.6.2-rc1-vs0.05.1/fs/proc/array.c
644 --- linux-2.6.2-rc1/fs/proc/array.c Fri Jan 9 07:59:44 2004
645 +++ linux-2.6.2-rc1-vs0.05.1/fs/proc/array.c Sat Jan 24 07:01:35 2004
647 #include <linux/highmem.h>
648 #include <linux/file.h>
649 #include <linux/times.h>
650 +#include <linux/vinline.h>
652 #include <asm/uaccess.h>
653 #include <asm/pgtable.h>
654 @@ -150,8 +151,13 @@ static inline const char * get_task_stat
655 static inline char * task_state(struct task_struct *p, char *buffer)
660 read_lock(&tasklist_lock);
661 + ppid = p->real_parent->pid;
663 + && current->vx_info
664 + && current->vx_info->vx_initpid == ppid)
666 buffer += sprintf(buffer,
669 @@ -164,7 +170,7 @@ static inline char * task_state(struct t
671 (p->sleep_avg/1024)*100/(1000000000/1024),
673 - p->pid, p->pid ? p->real_parent->pid : 0,
674 + p->pid, p->pid ? ppid : 0,
675 p->pid && p->ptrace ? p->parent->pid : 0,
676 p->uid, p->euid, p->suid, p->fsuid,
677 p->gid, p->egid, p->sgid, p->fsgid);
678 @@ -263,16 +269,20 @@ static inline char *task_cap(struct task
680 return buffer + sprintf(buffer, "CapInh:\t%016x\n"
682 - "CapEff:\t%016x\n",
684 + "CapBset:\t%016x\n",
685 cap_t(p->cap_inheritable),
686 cap_t(p->cap_permitted),
687 - cap_t(p->cap_effective));
688 + cap_t(p->cap_effective),
689 + cap_t(p->cap_bset));
692 extern char *task_mem(struct mm_struct *, char *);
693 int proc_pid_status(struct task_struct *task, char * buffer)
695 char * orig = buffer;
696 + struct vx_info *vxi;
697 + struct ip_info *ipi;
698 struct mm_struct *mm = get_task_mm(task);
700 buffer = task_name(task, buffer);
701 @@ -284,6 +294,39 @@ int proc_pid_status(struct task_struct *
703 buffer = task_sig(task, buffer);
704 buffer = task_cap(task, buffer);
706 + buffer += sprintf (buffer,"s_context: %d\n", vx_task_xid(task));
707 + vxi = task_get_vx_info(task);
709 + buffer += sprintf (buffer,"ctxflags: %d\n"
711 + buffer += sprintf (buffer,"initpid: %d\n"
714 + buffer += sprintf (buffer,"ctxflags: none\n");
715 + buffer += sprintf (buffer,"initpid: none\n");
718 + ipi = task_get_ip_info(task);
722 + buffer += sprintf (buffer,"ipv4root:");
723 + for (i=0; i<ipi->nbipv4; i++){
724 + buffer += sprintf (buffer," %08x/%08x"
729 + buffer += sprintf (buffer,"ipv4root_bcast: %08x\n"
731 + buffer += sprintf (buffer,"ipv4root_refcnt: %d\n"
732 + ,atomic_read(&ipi->ip_refcount));
734 + buffer += sprintf (buffer,"ipv4root: 0\n");
735 + buffer += sprintf (buffer,"ipv4root_bcast: 0\n");
738 #if defined(CONFIG_ARCH_S390)
739 buffer = task_show_regs(task, buffer);
741 diff -NurpP --minimal linux-2.6.2-rc1/fs/proc/base.c linux-2.6.2-rc1-vs0.05.1/fs/proc/base.c
742 --- linux-2.6.2-rc1/fs/proc/base.c Sat Jan 24 03:18:15 2004
743 +++ linux-2.6.2-rc1-vs0.05.1/fs/proc/base.c Sat Jan 24 06:29:01 2004
745 #include <linux/mount.h>
746 #include <linux/security.h>
747 #include <linux/ptrace.h>
748 +#include <linux/vinline.h>
751 * For hysterical raisins we keep the same inumbers as in the old procfs.
752 @@ -67,6 +68,7 @@ enum pid_directory_inos {
754 PROC_TGID_ATTR_FSCREATE,
760 @@ -90,6 +92,7 @@ enum pid_directory_inos {
762 PROC_TID_ATTR_FSCREATE,
765 PROC_TID_FD_DIR = 0x8000, /* 0x8000-0xffff */
768 @@ -123,6 +126,7 @@ static struct pid_entry tgid_base_stuff[
769 #ifdef CONFIG_KALLSYMS
770 E(PROC_TGID_WCHAN, "wchan", S_IFREG|S_IRUGO),
772 + E(PROC_TGID_VINFO, "vinfo", S_IFREG|S_IRUGO),
775 static struct pid_entry tid_base_stuff[] = {
776 @@ -145,6 +149,7 @@ static struct pid_entry tid_base_stuff[]
777 #ifdef CONFIG_KALLSYMS
778 E(PROC_TID_WCHAN, "wchan", S_IFREG|S_IRUGO),
780 + E(PROC_TID_VINFO, "vinfo", S_IFREG|S_IRUGO),
784 @@ -181,6 +186,7 @@ int proc_pid_stat(struct task_struct*,ch
785 int proc_pid_status(struct task_struct*,char*);
786 int proc_pid_statm(struct task_struct*,char*);
787 int proc_pid_cpu(struct task_struct*,char*);
788 +// int proc_pid_vinfo(struct task_struct*,char*);
790 static int proc_fd_link(struct inode *inode, struct dentry **dentry, struct vfsmount **mnt)
792 @@ -963,6 +969,7 @@ static struct inode *proc_pid_make_inode
793 inode->i_uid = task->euid;
794 inode->i_gid = task->egid;
796 + // inode->i_xid = vx_task_xid(task);
797 security_task_to_inode(task, inode);
800 @@ -1392,6 +1399,11 @@ static struct dentry *proc_pident_lookup
801 ei->op.proc_read = proc_pid_wchan;
804 + case PROC_TID_VINFO:
805 + case PROC_TGID_VINFO:
806 + inode->i_fop = &proc_info_file_operations;
807 + ei->op.proc_read = proc_pid_vinfo;
810 printk("procfs: impossible type (%d)",p->type);
812 @@ -1584,6 +1596,10 @@ struct dentry *proc_pid_lookup(struct in
816 + if (tgid != 1 && !vx_check(vx_task_xid(task), VX_WATCH|VX_IDENT)) {
817 + put_task_struct(task);
820 inode = proc_pid_make_inode(dir->i_sb, task, PROC_TGID_INO);
823 @@ -1691,6 +1707,10 @@ static int get_tgid_list(int index, unsi
824 for ( ; p != &init_task; p = next_task(p)) {
828 + if (tgid != 1 && !vx_check(vx_task_xid(p), VX_WATCH|VX_IDENT))
830 + if (current->vx_info && current->vx_info->vx_initpid == tgid)
834 diff -NurpP --minimal linux-2.6.2-rc1/fs/proc/generic.c linux-2.6.2-rc1-vs0.05.1/fs/proc/generic.c
835 --- linux-2.6.2-rc1/fs/proc/generic.c Fri Jan 9 08:00:12 2004
836 +++ linux-2.6.2-rc1-vs0.05.1/fs/proc/generic.c Sat Jan 24 05:45:59 2004
838 #include <linux/module.h>
839 #include <linux/mount.h>
840 #include <linux/smp_lock.h>
841 +#include <linux/vinline.h>
842 #include <asm/uaccess.h>
843 #include <asm/bitops.h>
845 @@ -349,6 +350,8 @@ struct dentry *proc_lookup(struct inode
846 for (de = de->subdir; de ; de = de->next) {
847 if (de->namelen != dentry->d_name.len)
849 + if (!vx_weak_check(0, de->vx_flags))
851 if (!memcmp(dentry->d_name.name, de->name, de->namelen)) {
852 int ino = de->low_ino;
854 @@ -424,9 +427,12 @@ int proc_readdir(struct file * filp,
858 + if (!vx_weak_check(0, de->vx_flags))
860 if (filldir(dirent, de->name, de->namelen, filp->f_pos,
861 de->low_ino, de->mode >> 12) < 0)
867 @@ -538,6 +544,7 @@ static struct proc_dir_entry *proc_creat
871 + ent->vx_flags = VX_ADMIN;
875 @@ -558,7 +565,8 @@ struct proc_dir_entry *proc_symlink(cons
885 diff -NurpP --minimal linux-2.6.2-rc1/fs/proc/inode.c linux-2.6.2-rc1-vs0.05.1/fs/proc/inode.c
886 --- linux-2.6.2-rc1/fs/proc/inode.c Fri Jan 9 08:00:02 2004
887 +++ linux-2.6.2-rc1-vs0.05.1/fs/proc/inode.c Sat Jan 24 05:45:59 2004
888 @@ -207,6 +207,8 @@ printk("proc_iget: using deleted entry %
889 inode->i_uid = de->uid;
890 inode->i_gid = de->gid;
893 + PROC_I(inode)->vx_flags = de->vx_flags;
895 inode->i_size = de->size;
897 diff -NurpP --minimal linux-2.6.2-rc1/fs/proc/root.c linux-2.6.2-rc1-vs0.05.1/fs/proc/root.c
898 --- linux-2.6.2-rc1/fs/proc/root.c Fri Jan 9 07:59:55 2004
899 +++ linux-2.6.2-rc1-vs0.05.1/fs/proc/root.c Sat Jan 24 05:45:59 2004
900 @@ -23,6 +23,9 @@ struct proc_dir_entry *proc_net, *proc_b
902 struct proc_dir_entry *proc_sys_root;
904 +struct proc_dir_entry *proc_virtual;
906 +extern void proc_vx_init(void);
908 static struct super_block *proc_get_sb(struct file_system_type *fs_type,
909 int flags, const char *dev_name, void *data)
910 @@ -78,6 +81,7 @@ void __init proc_root_init(void)
913 proc_bus = proc_mkdir("bus", 0);
917 static struct dentry *proc_root_lookup(struct inode * dir, struct dentry * dentry, struct nameidata *nd)
918 diff -NurpP --minimal linux-2.6.2-rc1/fs/proc/virtual.c linux-2.6.2-rc1-vs0.05.1/fs/proc/virtual.c
919 --- linux-2.6.2-rc1/fs/proc/virtual.c Thu Jan 1 01:00:00 1970
920 +++ linux-2.6.2-rc1-vs0.05.1/fs/proc/virtual.c Sat Jan 24 06:42:17 2004
923 + * linux/fs/proc/virtual.c
925 + * Virtual Context Support
927 + * Copyright (C) 2003-2004 Herbert Pötzl
929 + * V0.01 basic structure
930 + * V0.02 adaptation vs1.3.0
931 + * V0.03 proc permissions
932 + * V0.04 locking/generic
933 + * V0.05 next generation procfs
934 + * V0.06 inode validation
938 +#include <asm/uaccess.h>
940 +#include <linux/config.h>
941 +#include <linux/errno.h>
942 +#include <linux/proc_fs.h>
944 +#include <linux/vinline.h>
947 +static struct proc_dir_entry *proc_virtual;
949 +enum xid_directory_inos {
958 +/* first the actual feeds */
961 +static int proc_virtual_info(struct vx_info *vxi, char *buffer)
963 + return sprintf(buffer,
964 + "VCIVersion:\t%04x:%04x\n"
966 + ,VCI_VERSION & 0xFFFF);
970 +int proc_xid_info (struct vx_info *vxi, char *buffer)
972 + return sprintf(buffer,
981 +int proc_xid_status (struct vx_info *vxi, char *buffer)
983 + return sprintf(buffer,
987 + ,atomic_read(&vxi->vx_refcount)
989 + ,atomic_read(&vxi->limit.ticks));
992 +int proc_xid_limit (struct vx_info *vxi, char *buffer)
994 + return sprintf(buffer,
999 + ,atomic_read(&vxi->limit.res[RLIMIT_NPROC])
1000 + ,vxi->limit.rlim[RLIMIT_NPROC]
1001 + ,atomic_read(&vxi->limit.res[RLIMIT_AS])
1002 + ,vxi->limit.rlim[RLIMIT_AS]
1003 + ,atomic_read(&vxi->limit.res[RLIMIT_MEMLOCK])
1004 + ,vxi->limit.rlim[RLIMIT_MEMLOCK]
1005 + ,atomic_read(&vxi->limit.res[RLIMIT_RSS])
1006 + ,vxi->limit.rlim[RLIMIT_RSS]);
1012 +/* here the inode helpers */
1016 +#define fake_ino(xid,ino) (((xid)<<16)|(ino))
1018 +#define MAX_MULBY10 ((~0U-9)/10)
1021 +static struct inode *proc_xid_make_inode(struct super_block * sb,
1022 + struct vx_info *vxi, int ino)
1024 + struct inode *inode = new_inode(sb);
1025 + xid_t xid = (vxi)?vxi->vx_id:1;
1030 + inode->i_mtime = inode->i_atime =
1031 + inode->i_ctime = CURRENT_TIME;
1032 + inode->i_ino = fake_ino(xid, ino);
1034 + inode->u.generic_ip = vxi; /* reference from above */
1037 + // inode->i_xid = xid;
1042 +void proc_xid_delete_inode(struct inode *inode)
1044 + struct vx_info *vxi = (struct vx_info *)inode->u.generic_ip;
1050 +static int proc_xid_revalidate(struct dentry * dentry, struct nameidata *nd)
1052 + struct vx_info *vxi = (struct vx_info *)dentry->d_inode->u.generic_ip;
1054 + if (atomic_read(&vxi->limit.res[RLIMIT_NPROC]))
1061 +static int proc_xid_delete_dentry(struct dentry * dentry)
1068 +#define PROC_BLOCK_SIZE (PAGE_SIZE - 1024)
1070 +static ssize_t proc_xid_info_read(struct file * file, char * buf,
1071 + size_t count, loff_t *ppos)
1073 + struct inode * inode = file->f_dentry->d_inode;
1074 + unsigned long page;
1077 + struct vx_info *vxi =
1078 + (struct vx_info *)inode->u.generic_ip;
1080 + if (count > PROC_BLOCK_SIZE)
1081 + count = PROC_BLOCK_SIZE;
1082 + if (!(page = __get_free_page(GFP_KERNEL)))
1085 + length = PROC_I(inode)->op.proc_xid_read(vxi, (char*)page);
1091 + /* Static 4kB (or whatever) block capacity */
1092 + if (*ppos >= length) {
1096 + if (count + *ppos > length)
1097 + count = length - *ppos;
1098 + end = count + *ppos;
1099 + copy_to_user(buf, (char *) page + *ppos, count);
1109 +/* here comes the lower level (xid) */
1111 +static struct file_operations proc_xid_info_file_operations = {
1112 + read: proc_xid_info_read,
1123 +#define E(type,name,mode) {(type),sizeof(name)-1,(name),(mode)}
1125 +static struct xid_entry base_stuff[] = {
1126 + E(PROC_XID_INFO, "info", S_IFREG|S_IRUGO),
1127 + E(PROC_XID_STATUS, "status", S_IFREG|S_IRUGO),
1128 + E(PROC_XID_LIMIT, "limit", S_IFREG|S_IRUGO),
1132 +static struct dentry *proc_xid_lookup(struct inode *dir,
1133 + struct dentry *dentry, struct nameidata *nd)
1135 + struct inode *inode;
1136 + struct vx_info *vxi;
1137 + struct xid_entry *p;
1143 + for (p = base_stuff; p->name; p++) {
1144 + if (p->len != dentry->d_name.len)
1146 + if (!memcmp(dentry->d_name.name, p->name, p->len))
1151 + vxi = get_vx_info((struct vx_info *)dir->u.generic_ip);
1156 + inode = proc_xid_make_inode(dir->i_sb, vxi, p->type);
1161 + case PROC_XID_INFO:
1162 + PROC_I(inode)->op.proc_xid_read = proc_xid_info;
1164 + case PROC_XID_STATUS:
1165 + PROC_I(inode)->op.proc_xid_read = proc_xid_status;
1167 + case PROC_XID_LIMIT:
1168 + PROC_I(inode)->op.proc_xid_read = proc_xid_limit;
1171 + printk("procfs: impossible type (%d)",p->type);
1173 + return ERR_PTR(-EINVAL);
1175 + inode->i_mode = p->mode;
1176 +// inode->i_op = &proc_xid_info_inode_operations;
1177 + inode->i_fop = &proc_xid_info_file_operations;
1178 + inode->i_nlink = 1;
1179 + inode->i_flags|=S_IMMUTABLE;
1181 +// dentry->d_op = &proc_xid_dentry_operations;
1182 + d_add(dentry, inode);
1188 + return ERR_PTR(error);
1192 +static int proc_xid_readdir(struct file * filp,
1193 + void * dirent, filldir_t filldir)
1196 + struct inode *inode = filp->f_dentry->d_inode;
1197 + struct vx_info *vxi = (struct vx_info *)inode->u.generic_ip;
1198 + struct xid_entry *p;
1204 + if (filldir(dirent, ".", 1, i,
1205 + inode->i_ino, DT_DIR) < 0)
1209 + /* fall through */
1211 + if (filldir(dirent, "..", 2, i,
1212 + PROC_ROOT_INO, DT_DIR) < 0)
1216 + /* fall through */
1219 + if (i>=sizeof(base_stuff)/sizeof(base_stuff[0]))
1221 + p = base_stuff + i;
1223 + if (filldir(dirent, p->name, p->len,
1224 + filp->f_pos, fake_ino(xid, p->type),
1225 + p->mode >> 12) < 0)
1237 +/* now the upper level (virtual) */
1239 +static struct file_operations proc_xid_file_operations = {
1240 + read: generic_read_dir,
1241 + readdir: proc_xid_readdir,
1244 +static struct inode_operations proc_xid_inode_operations = {
1245 + lookup: proc_xid_lookup,
1248 +static struct dentry_operations proc_xid_dentry_operations =
1250 + d_revalidate: proc_xid_revalidate,
1251 + d_delete: proc_xid_delete_dentry,
1256 +struct dentry *proc_virtual_lookup(struct inode *dir,
1257 + struct dentry * dentry, struct nameidata *nd)
1260 + struct vx_info *vxi;
1262 + struct inode *inode;
1266 + name = dentry->d_name.name;
1267 + len = dentry->d_name.len;
1268 + if (len == 7 && !memcmp(name, "current", 7)) {
1269 + inode = new_inode(dir->i_sb);
1271 + return ERR_PTR(-ENOMEM);
1272 + inode->i_mtime = inode->i_atime =
1273 + inode->i_ctime = CURRENT_TIME;
1274 + inode->i_ino = fake_ino(1, PROC_XID_INO);
1275 + inode->u.generic_ip = NULL;
1276 + inode->i_mode = S_IFLNK|S_IRWXUGO;
1277 + inode->i_uid = inode->i_gid = 0;
1278 + inode->i_size = 64;
1279 +// inode->i_op = &proc_current_inode_operations;
1280 + d_add(dentry, inode);
1283 + if (len == 4 && !memcmp(name, "info", 4)) {
1284 + inode = proc_xid_make_inode(dir->i_sb, NULL, PROC_XID_INFO);
1286 + return ERR_PTR(-ENOMEM);
1287 + inode->i_fop = &proc_xid_info_file_operations;
1288 + PROC_I(inode)->op.proc_xid_read = proc_virtual_info;
1289 + inode->i_mode = S_IFREG|S_IRUGO;
1290 +// inode->i_size = 64;
1291 +// inode->i_op = &proc_current_inode_operations;
1292 + d_add(dentry, inode);
1296 + while (len-- > 0) {
1301 + if (xid >= MAX_MULBY10)
1309 + vxi = find_vx_info(xid);
1314 + if (vx_check(xid, VX_ADMIN|VX_WATCH|VX_IDENT))
1315 + inode = proc_xid_make_inode(dir->i_sb,
1316 + vxi, PROC_XID_INO);
1320 + inode->i_mode = S_IFDIR|S_IRUGO;
1321 + inode->i_op = &proc_xid_inode_operations;
1322 + inode->i_fop = &proc_xid_file_operations;
1323 + inode->i_nlink = 2;
1324 + inode->i_flags|=S_IMMUTABLE;
1326 + dentry->d_op = &proc_xid_dentry_operations;
1327 + d_add(dentry, inode);
1333 + return ERR_PTR(-ENOENT);
1338 +#define PROC_NUMBUF 10
1339 +#define PROC_MAXXIDS 32
1342 +static int get_xid_list(int index, unsigned int *xids)
1344 + struct vx_info *p;
1348 + spin_lock(&vxlist_lock);
1349 + list_for_each_entry(p, &vx_infos, vx_list) {
1350 + int xid = p->vx_id;
1354 + xids[nr_xids] = xid;
1355 + if (++nr_xids >= PROC_MAXXIDS)
1358 + spin_unlock(&vxlist_lock);
1362 +int proc_virtual_readdir(struct file * filp,
1363 + void * dirent, filldir_t filldir)
1365 + unsigned int xid_array[PROC_MAXXIDS];
1366 + char buf[PROC_NUMBUF];
1367 + unsigned int nr = filp->f_pos-3;
1368 + unsigned int nr_xids, i;
1371 + switch (filp->f_pos) {
1373 + ino = fake_ino(0, PROC_XID_INO);
1374 + if (filldir(dirent, ".", 1,
1375 + filp->f_pos, ino, DT_DIR) < 0)
1378 + /* fall through */
1380 + ino = filp->f_dentry->d_parent->d_inode->i_ino;
1381 + if (filldir(dirent, "..", 2,
1382 + filp->f_pos, ino, DT_DIR) < 0)
1385 + /* fall through */
1387 + ino = fake_ino(0, PROC_XID_INFO);
1388 + if (filldir(dirent, "info", 4,
1389 + filp->f_pos, ino, DT_LNK) < 0)
1392 + /* fall through */
1394 + if (current->xid > 1) {
1395 + ino = fake_ino(1, PROC_XID_INO);
1396 + if (filldir(dirent, "current", 7,
1397 + filp->f_pos, ino, DT_LNK) < 0)
1404 + nr_xids = get_xid_list(nr, xid_array);
1406 + for (i = 0; i < nr_xids; i++) {
1407 + int xid = xid_array[i];
1408 + ino_t ino = fake_ino(xid, PROC_XID_INO);
1409 + unsigned long j = PROC_NUMBUF;
1411 + do buf[--j] = '0' + (xid % 10); while (xid/=10);
1413 + if (filldir(dirent, buf+j, PROC_NUMBUF-j,
1414 + filp->f_pos, ino, DT_DIR) < 0)
1422 +static struct file_operations proc_virtual_dir_operations = {
1423 + read: generic_read_dir,
1424 + readdir: proc_virtual_readdir,
1427 +static struct inode_operations proc_virtual_dir_inode_operations = {
1428 + lookup: proc_virtual_lookup,
1437 +void proc_vx_init(void)
1439 + struct proc_dir_entry *ent;
1441 + ent = proc_mkdir("virtual", 0);
1443 + ent->proc_fops = &proc_virtual_dir_operations;
1444 + ent->proc_iops = &proc_virtual_dir_inode_operations;
1446 + proc_virtual = ent;
1455 +char *task_vinfo(struct task_struct *p, char *buffer)
1457 + return buffer + sprintf(buffer,
1462 +int proc_pid_vinfo(struct task_struct *p, char *buffer)
1464 + char * orig = buffer;
1466 + buffer = task_vinfo(p, buffer);
1467 + return buffer - orig;
1470 diff -NurpP --minimal linux-2.6.2-rc1/fs/proc/virtual_old.c linux-2.6.2-rc1-vs0.05.1/fs/proc/virtual_old.c
1471 --- linux-2.6.2-rc1/fs/proc/virtual_old.c Thu Jan 1 01:00:00 1970
1472 +++ linux-2.6.2-rc1-vs0.05.1/fs/proc/virtual_old.c Sat Jan 24 05:45:59 2004
1475 + * linux/fs/proc/virtual.c
1477 + * Virtual Context ProcFS Support
1479 + * Copyright (C) 2003 Herbert Pötzl
1481 + * V0.01 basic directory array
1482 + * V0.02 per context info & stat
1483 + * V0.03 proc permissions
1487 +#include <asm/uaccess.h>
1489 +#include <linux/config.h>
1490 +#include <linux/errno.h>
1491 +#include <linux/proc_fs.h>
1493 +#include <linux/init.h>
1494 +#include <linux/vswitch.h>
1495 +#include <linux/vinline.h>
1498 +extern struct proc_dir_entry *proc_virtual;
1499 +static struct proc_dir_entry *proc_virtual_info;
1502 +char *task_vinfo(struct task_struct *p, char *buffer)
1504 + return buffer + sprintf(buffer,
1509 +int proc_pid_vinfo(struct task_struct *p, char *buffer)
1511 + char * orig = buffer;
1513 + buffer = task_vinfo(p, buffer);
1514 + return buffer - orig;
1518 +static int __generic_info_read_func(char *page, char **start,
1519 + off_t off, int count, int *eof, void *data,
1520 + char *(*info_func)(void *, char *))
1523 + char *buffer = page;
1525 + buffer = info_func(data, buffer);
1527 + len = buffer-page;
1528 + if (len <= off+count) *eof = 1;
1530 + *start = page + off;
1532 + if (len>count) len = count;
1533 + if (len<0) len = 0;
1537 +char *vx_proc_info (void *data, char *buffer)
1539 + struct vx_info *vxi = data;
1540 + buffer += sprintf(buffer,
1546 + ,vxi->vx_initpid);
1550 +int vx_info_read_func (char *page, char **start,
1551 + off_t off, int count, int *eof, void *data)
1553 + return __generic_info_read_func(page, start,
1554 + off, count, eof, data, vx_proc_info);
1557 +char *vx_proc_status (void *data, char *buffer)
1559 + struct vx_info *vxi = data;
1560 + buffer += sprintf(buffer,
1564 + ,atomic_read(&vxi->vx_refcount)
1566 + ,atomic_read(&vxi->limit.ticks));
1570 +int vx_status_read_func (char *page, char **start,
1571 + off_t off, int count, int *eof, void *data)
1573 + return __generic_info_read_func(page, start,
1574 + off, count, eof, data, vx_proc_status);
1578 +static int vx_proc_permission(struct inode *inode,
1579 + int mask, struct nameidata *nd)
1581 + vxdprintk("vx_proc_permission(%p) = #%d,%04x\n",
1582 + inode, inode->i_xid, PROC_I(inode)->vx_flags);
1583 + if (vx_check(inode->i_xid, PROC_I(inode)->vx_flags))
1585 + vxdprintk("vx_proc_permission(%p) #%d != #%d\n",
1586 + inode, inode->i_xid, vx_current_id());
1590 +static struct inode_operations vx_proc_inode_operations = {
1591 + .lookup = proc_lookup,
1592 + .permission = vx_proc_permission,
1596 +int vx_proc_create(struct vx_info *vxi)
1598 + struct proc_dir_entry *entry, *sub;
1601 + snprintf(name, sizeof(name)-1, "%d", vxi->vx_id);
1602 + entry = create_proc_entry(name,
1603 + S_IFDIR|S_IXUGO, proc_virtual);
1604 + entry->vx_flags = VX_ADMIN|VX_WATCH|VX_IDENT;
1605 + entry->xid = vxi->vx_id;
1606 + entry->proc_iops = &vx_proc_inode_operations;
1607 + vxi->vx_procent = entry;
1608 + sub = create_proc_read_entry("info",
1609 + S_IFREG|S_IRUGO|S_IWUSR,
1610 + entry, vx_info_read_func, vxi);
1611 + sub = create_proc_read_entry("status",
1612 + S_IFREG|S_IRUGO|S_IWUSR,
1613 + entry, vx_status_read_func, vxi);
1617 +int vx_proc_destroy(struct vx_info *vxi)
1619 + struct proc_dir_entry *entry = vxi->vx_procent;
1622 + remove_proc_entry(entry->name, proc_virtual);
1623 + vxi->vx_procent = NULL;
1627 +char *vs_proc_info(void *data, char *buffer)
1629 + buffer += sprintf(buffer,
1630 + "VCIVersion:\t%04x:%04x\n"
1631 + ,VCI_VERSION >> 16
1632 + ,VCI_VERSION & 0xFFFF);
1636 +int vs_info_read_func(char *page, char **start,
1637 + off_t off, int count, int *eof, void *data)
1639 + return __generic_info_read_func(page, start,
1640 + off, count, eof, data, vs_proc_info);
1644 +static int __init virtual_proc_init(void)
1646 + proc_virtual_info = create_proc_read_entry("info",
1647 + S_IFREG|S_IRUGO|S_IWUSR,
1648 + proc_virtual, vs_info_read_func, NULL);
1652 +__initcall(virtual_proc_init);
1653 diff -NurpP --minimal linux-2.6.2-rc1/fs/reiserfs/ioctl.c linux-2.6.2-rc1-vs0.05.1/fs/reiserfs/ioctl.c
1654 --- linux-2.6.2-rc1/fs/reiserfs/ioctl.c Fri Jan 9 07:59:26 2004
1655 +++ linux-2.6.2-rc1-vs0.05.1/fs/reiserfs/ioctl.c Sat Jan 24 06:14:24 2004
1656 @@ -47,7 +47,8 @@ int reiserfs_ioctl (struct inode * inode
1657 if (get_user(flags, (int *) arg))
1660 - if ( ( ( flags ^ REISERFS_I(inode) -> i_attrs) & ( REISERFS_IMMUTABLE_FL | REISERFS_APPEND_FL)) &&
1661 + if ( ( ( flags ^ REISERFS_I(inode) -> i_attrs) &
1662 + ( REISERFS_IMMUTABLE_FL | REISERFS_IUNLINK_FL | REISERFS_APPEND_FL)) &&
1663 !capable( CAP_LINUX_IMMUTABLE ) )
1666 diff -NurpP --minimal linux-2.6.2-rc1/include/asm-alpha/unistd.h linux-2.6.2-rc1-vs0.05.1/include/asm-alpha/unistd.h
1667 --- linux-2.6.2-rc1/include/asm-alpha/unistd.h Fri Jan 9 07:59:26 2004
1668 +++ linux-2.6.2-rc1-vs0.05.1/include/asm-alpha/unistd.h Sat Jan 24 06:45:48 2004
1670 #define __NR_osf_memcntl 260 /* not implemented */
1671 #define __NR_osf_fdatasync 261 /* not implemented */
1673 +#define __NR_vserver 273
1676 * Linux-specific system calls begin at 300
1677 diff -NurpP --minimal linux-2.6.2-rc1/include/asm-m68k/unistd.h linux-2.6.2-rc1-vs0.05.1/include/asm-m68k/unistd.h
1678 --- linux-2.6.2-rc1/include/asm-m68k/unistd.h Fri Jan 9 07:59:33 2004
1679 +++ linux-2.6.2-rc1-vs0.05.1/include/asm-m68k/unistd.h Sat Jan 24 06:45:48 2004
1681 #define __NR_fremovexattr 234
1682 #define __NR_futex 235
1684 -#define NR_syscalls 236
1685 +#define __NR_vserver 273
1687 +#define NR_syscalls 274
1689 /* user-visible error numbers are in the range -1 - -124: see
1690 <asm-m68k/errno.h> */
1691 diff -NurpP --minimal linux-2.6.2-rc1/include/asm-m68knommu/unistd.h linux-2.6.2-rc1-vs0.05.1/include/asm-m68knommu/unistd.h
1692 --- linux-2.6.2-rc1/include/asm-m68knommu/unistd.h Fri Jan 9 07:59:41 2004
1693 +++ linux-2.6.2-rc1-vs0.05.1/include/asm-m68knommu/unistd.h Sat Jan 24 06:45:48 2004
1695 #define __NR_setfsuid32 215
1696 #define __NR_setfsgid32 216
1698 -#define NR_syscalls 256
1699 +#define __NR_vserver 273
1701 +#define NR_syscalls 274
1703 /* user-visible error numbers are in the range -1 - -122: see
1704 <asm-m68k/errno.h> */
1705 diff -NurpP --minimal linux-2.6.2-rc1/include/asm-mips/unistd.h linux-2.6.2-rc1-vs0.05.1/include/asm-mips/unistd.h
1706 --- linux-2.6.2-rc1/include/asm-mips/unistd.h Fri Jan 9 07:59:05 2004
1707 +++ linux-2.6.2-rc1-vs0.05.1/include/asm-mips/unistd.h Sat Jan 24 06:45:48 2004
1708 @@ -289,10 +289,12 @@
1709 #define __NR_tgkill (__NR_Linux + 266)
1710 #define __NR_utimes (__NR_Linux + 267)
1712 +#define __NR_vserver (__NR_Linux + 273)
1715 * Offset of the last Linux o32 flavoured syscall
1717 -#define __NR_Linux_syscalls 267
1718 +#define __NR_Linux_syscalls 273
1720 #endif /* _MIPS_SIM == _MIPS_SIM_ABI32 */
1722 diff -NurpP --minimal linux-2.6.2-rc1/include/asm-parisc/unistd.h linux-2.6.2-rc1-vs0.05.1/include/asm-parisc/unistd.h
1723 --- linux-2.6.2-rc1/include/asm-parisc/unistd.h Fri Jan 9 07:59:03 2004
1724 +++ linux-2.6.2-rc1-vs0.05.1/include/asm-parisc/unistd.h Sat Jan 24 06:45:48 2004
1726 #define __NR_remap_file_pages (__NR_Linux + 227)
1727 #define __NR_semtimedop (__NR_Linux + 228)
1729 +#define __NR_vserver (__NR_Linux + 273)
1731 -#define __NR_Linux_syscalls 228
1732 +#define __NR_Linux_syscalls 273
1734 #define HPUX_GATEWAY_ADDR 0xC0000004
1735 #define LINUX_GATEWAY_ADDR 0x100
1736 diff -NurpP --minimal linux-2.6.2-rc1/include/asm-ppc/unistd.h linux-2.6.2-rc1-vs0.05.1/include/asm-ppc/unistd.h
1737 --- linux-2.6.2-rc1/include/asm-ppc/unistd.h Sat Jan 24 03:18:18 2004
1738 +++ linux-2.6.2-rc1-vs0.05.1/include/asm-ppc/unistd.h Sat Jan 24 06:45:48 2004
1740 #define __NR_fadvise64_64 254
1741 #define __NR_rtas 255
1743 -#define __NR_syscalls 256
1744 +#define __NR_vserver 273
1746 +#define __NR_syscalls 274
1750 diff -NurpP --minimal linux-2.6.2-rc1/include/asm-ppc64/unistd.h linux-2.6.2-rc1-vs0.05.1/include/asm-ppc64/unistd.h
1751 --- linux-2.6.2-rc1/include/asm-ppc64/unistd.h Sat Jan 24 03:18:18 2004
1752 +++ linux-2.6.2-rc1-vs0.05.1/include/asm-ppc64/unistd.h Sat Jan 24 06:45:48 2004
1754 #define __NR_fadvise64_64 254
1755 #define __NR_rtas 255
1757 -#define __NR_syscalls 256
1758 +#define __NR_vserver 273
1760 +#define __NR_syscalls 274
1762 #define NR_syscalls __NR_syscalls
1764 diff -NurpP --minimal linux-2.6.2-rc1/include/asm-s390/unistd.h linux-2.6.2-rc1-vs0.05.1/include/asm-s390/unistd.h
1765 --- linux-2.6.2-rc1/include/asm-s390/unistd.h Sat Jan 24 03:18:18 2004
1766 +++ linux-2.6.2-rc1-vs0.05.1/include/asm-s390/unistd.h Sat Jan 24 06:45:48 2004
1768 #define __NR_clock_gettime (__NR_timer_create+6)
1769 #define __NR_clock_getres (__NR_timer_create+7)
1770 #define __NR_clock_nanosleep (__NR_timer_create+8)
1772 - * Number 263 is reserved for vserver
1774 +#define __NR_vserver 263
1775 #define __NR_fadvise64_64 264
1777 #define NR_syscalls 265
1778 diff -NurpP --minimal linux-2.6.2-rc1/include/asm-sparc/unistd.h linux-2.6.2-rc1-vs0.05.1/include/asm-sparc/unistd.h
1779 --- linux-2.6.2-rc1/include/asm-sparc/unistd.h Fri Jan 9 07:59:08 2004
1780 +++ linux-2.6.2-rc1-vs0.05.1/include/asm-sparc/unistd.h Sat Jan 24 06:45:48 2004
1782 #define __NR_timer_getoverrun 264
1783 #define __NR_timer_delete 265
1784 #define __NR_timer_create 266
1785 -/* #define __NR_vserver 267 Reserved for VSERVER */
1786 +#define __NR_vserver 267
1787 #define __NR_io_setup 268
1788 #define __NR_io_destroy 268
1789 #define __NR_io_submit 269
1790 diff -NurpP --minimal linux-2.6.2-rc1/include/asm-sparc64/unistd.h linux-2.6.2-rc1-vs0.05.1/include/asm-sparc64/unistd.h
1791 --- linux-2.6.2-rc1/include/asm-sparc64/unistd.h Fri Jan 9 07:59:10 2004
1792 +++ linux-2.6.2-rc1-vs0.05.1/include/asm-sparc64/unistd.h Sat Jan 24 06:45:48 2004
1794 #define __NR_timer_getoverrun 264
1795 #define __NR_timer_delete 265
1796 #define __NR_timer_create 266
1797 -/* #define __NR_vserver 267 Reserved for VSERVER */
1798 +#define __NR_vserver 267
1799 #define __NR_io_setup 268
1800 #define __NR_io_destroy 268
1801 #define __NR_io_submit 269
1802 diff -NurpP --minimal linux-2.6.2-rc1/include/asm-x86_64/ia32_unistd.h linux-2.6.2-rc1-vs0.05.1/include/asm-x86_64/ia32_unistd.h
1803 --- linux-2.6.2-rc1/include/asm-x86_64/ia32_unistd.h Fri Jan 9 07:59:45 2004
1804 +++ linux-2.6.2-rc1-vs0.05.1/include/asm-x86_64/ia32_unistd.h Sat Jan 24 06:45:48 2004
1806 #define __NR_ia32_tgkill 270
1807 #define __NR_ia32_utimes 271
1808 #define __NR_ia32_fadvise64_64 272
1809 +#define __NR_ia32_vserver 273
1811 #define IA32_NR_syscalls 275 /* must be > than biggest syscall! */
1813 diff -NurpP --minimal linux-2.6.2-rc1/include/linux/capability.h linux-2.6.2-rc1-vs0.05.1/include/linux/capability.h
1814 --- linux-2.6.2-rc1/include/linux/capability.h Fri Jan 9 07:59:19 2004
1815 +++ linux-2.6.2-rc1-vs0.05.1/include/linux/capability.h Sat Jan 24 06:21:35 2004
1816 @@ -235,6 +235,7 @@ typedef __u32 kernel_cap_t;
1817 /* Allow enabling/disabling tagged queuing on SCSI controllers and sending
1818 arbitrary SCSI commands */
1819 /* Allow setting encryption key on loopback filesystem */
1820 +/* Allow the selection of a security context */
1822 #define CAP_SYS_ADMIN 21
1824 @@ -283,6 +284,15 @@ typedef __u32 kernel_cap_t;
1825 /* Allow taking of leases on files */
1827 #define CAP_LEASE 28
1829 +/* Allow quotactl */
1831 +#define CAP_QUOTACTL 29
1833 +/* Allow context manipulations */
1834 +/* Allow changing context info on files */
1836 +#define CAP_CONTEXT 30
1840 diff -NurpP --minimal linux-2.6.2-rc1/include/linux/ext2_fs.h linux-2.6.2-rc1-vs0.05.1/include/linux/ext2_fs.h
1841 --- linux-2.6.2-rc1/include/linux/ext2_fs.h Fri Jan 9 07:59:09 2004
1842 +++ linux-2.6.2-rc1-vs0.05.1/include/linux/ext2_fs.h Sat Jan 24 06:14:24 2004
1843 @@ -192,10 +192,12 @@ struct ext2_group_desc
1844 #define EXT2_NOTAIL_FL 0x00008000 /* file tail should not be merged */
1845 #define EXT2_DIRSYNC_FL 0x00010000 /* dirsync behaviour (directories only) */
1846 #define EXT2_TOPDIR_FL 0x00020000 /* Top of directory hierarchies*/
1847 +#define EXT2_BARRIER_FL 0x04000000 /* chroot barrier */
1848 +#define EXT2_IUNLINK_FL 0x08000000 /* Immutable unlink */
1849 #define EXT2_RESERVED_FL 0x80000000 /* reserved for ext2 lib */
1851 -#define EXT2_FL_USER_VISIBLE 0x0003DFFF /* User visible flags */
1852 -#define EXT2_FL_USER_MODIFIABLE 0x000380FF /* User modifiable flags */
1853 +#define EXT2_FL_USER_VISIBLE 0x0c03DFFF /* User visible flags */
1854 +#define EXT2_FL_USER_MODIFIABLE 0x0c0380FF /* User modifiable flags */
1858 diff -NurpP --minimal linux-2.6.2-rc1/include/linux/ext3_fs.h linux-2.6.2-rc1-vs0.05.1/include/linux/ext3_fs.h
1859 --- linux-2.6.2-rc1/include/linux/ext3_fs.h Fri Jan 9 07:59:44 2004
1860 +++ linux-2.6.2-rc1-vs0.05.1/include/linux/ext3_fs.h Sat Jan 24 06:14:24 2004
1861 @@ -185,10 +185,12 @@ struct ext3_group_desc
1862 #define EXT3_NOTAIL_FL 0x00008000 /* file tail should not be merged */
1863 #define EXT3_DIRSYNC_FL 0x00010000 /* dirsync behaviour (directories only) */
1864 #define EXT3_TOPDIR_FL 0x00020000 /* Top of directory hierarchies*/
1865 +#define EXT3_BARRIER_FL 0x04000000 /* chroot barrier */
1866 +#define EXT3_IUNLINK_FL 0x08000000 /* Immutable unlink */
1867 #define EXT3_RESERVED_FL 0x80000000 /* reserved for ext3 lib */
1869 -#define EXT3_FL_USER_VISIBLE 0x0003DFFF /* User visible flags */
1870 -#define EXT3_FL_USER_MODIFIABLE 0x000380FF /* User modifiable flags */
1871 +#define EXT3_FL_USER_VISIBLE 0x0c03DFFF /* User visible flags */
1872 +#define EXT3_FL_USER_MODIFIABLE 0x0c0380FF /* User modifiable flags */
1875 * Inode dynamic state flags
1876 diff -NurpP --minimal linux-2.6.2-rc1/include/linux/fs.h linux-2.6.2-rc1-vs0.05.1/include/linux/fs.h
1877 --- linux-2.6.2-rc1/include/linux/fs.h Sat Jan 24 03:18:19 2004
1878 +++ linux-2.6.2-rc1-vs0.05.1/include/linux/fs.h Sat Jan 24 06:18:09 2004
1883 - * This file has definitions for some important file table
1886 +* This file has definitions for some important file table
1890 #include <linux/config.h>
1891 #include <linux/linkage.h>
1892 @@ -30,14 +30,14 @@ struct vm_area_struct;
1896 - * It's silly to have NR_OPEN bigger than NR_FILE, but you can change
1897 - * the file limit at runtime and only root can increase the per-process
1898 - * nr_file rlimit, so it's safe to set up a ridiculously high absolute
1899 - * upper limit on files-per-process.
1901 - * Some programs (notably those using select()) may have to be
1902 - * recompiled to take full advantage of the new limits..
1904 +* It's silly to have NR_OPEN bigger than NR_FILE, but you can change
1905 +* the file limit at runtime and only root can increase the per-process
1906 +* nr_file rlimit, so it's safe to set up a ridiculously high absolute
1907 +* upper limit on files-per-process.
1909 +* Some programs (notably those using select()) may have to be
1910 +* recompiled to take full advantage of the new limits..
1913 /* Fixed constants first: */
1915 @@ -49,16 +49,16 @@ struct vfsmount;
1917 /* And dynamically-tunable limits and defaults: */
1918 struct files_stat_struct {
1919 - int nr_files; /* read only */
1920 - int nr_free_files; /* read only */
1921 - int max_files; /* tunable */
1922 +int nr_files; /* read only */
1923 +int nr_free_files; /* read only */
1924 +int max_files; /* tunable */
1926 extern struct files_stat_struct files_stat;
1928 struct inodes_stat_t {
1936 extern struct inodes_stat_t inodes_stat;
1938 @@ -91,11 +91,11 @@ extern int leases_enable, dir_notify_ena
1939 #define FS_REQUIRES_DEV 1
1940 #define FS_REVAL_DOT 16384 /* Check the paths ".", ".." for staleness */
1941 #define FS_ODD_RENAME 32768 /* Temporary stuff; will go away as soon
1942 - * as nfs_rename() will be cleaned up
1944 + * as nfs_rename() will be cleaned up
1947 - * These are the fs-independent mount-flags: up to 32 flags are supported
1949 +* These are the fs-independent mount-flags: up to 32 flags are supported
1951 #define MS_RDONLY 1 /* Mount read-only */
1952 #define MS_NOSUID 2 /* Ignore suid and sgid bits */
1953 #define MS_NODEV 4 /* Disallow access to device special files */
1954 @@ -116,14 +116,14 @@ extern int leases_enable, dir_notify_ena
1955 #define MS_NOUSER (1<<31)
1958 - * Superblock flags that can be altered by MS_REMOUNT
1960 +* Superblock flags that can be altered by MS_REMOUNT
1962 #define MS_RMT_MASK (MS_RDONLY|MS_SYNCHRONOUS|MS_MANDLOCK|MS_NOATIME|\
1967 - * Old magic mount flag and mask
1969 +* Old magic mount flag and mask
1971 #define MS_MGC_VAL 0xC0ED0000
1972 #define MS_MGC_MSK 0xffff0000
1974 @@ -137,6 +137,8 @@ extern int leases_enable, dir_notify_ena
1975 #define S_DEAD 32 /* removed, but still open directory */
1976 #define S_NOQUOTA 64 /* Inode is not counted to quota */
1977 #define S_DIRSYNC 128 /* Directory modifications are synchronous */
1978 +#define S_BARRIER 256 /* chroot barrier */
1979 +#define S_IUNLINK 512 /* Immutable unlink */
1982 * Note that nosuid etc flags are inode-specific: setting some file-system
1983 @@ -164,11 +166,14 @@ extern int leases_enable, dir_notify_ena
1984 #define IS_NOQUOTA(inode) ((inode)->i_flags & S_NOQUOTA)
1985 #define IS_APPEND(inode) ((inode)->i_flags & S_APPEND)
1986 #define IS_IMMUTABLE(inode) ((inode)->i_flags & S_IMMUTABLE)
1987 +#define IS_IUNLINK(inode) ((inode)->i_flags & S_IUNLINK)
1988 +#define IS_IXUNLINK(inode) ((IS_IUNLINK(inode) ? S_IMMUTABLE : 0) ^ IS_IMMUTABLE(inode))
1989 #define IS_NOATIME(inode) (__IS_FLG(inode, MS_NOATIME) || ((inode)->i_flags & S_NOATIME))
1990 #define IS_NODIRATIME(inode) __IS_FLG(inode, MS_NODIRATIME)
1991 #define IS_POSIXACL(inode) __IS_FLG(inode, MS_POSIXACL)
1992 #define IS_ONE_SECOND(inode) __IS_FLG(inode, MS_ONE_SECOND)
1994 +#define IS_BARRIER(inode) ((inode)->i_flags & S_BARRIER)
1995 #define IS_DEADDIR(inode) ((inode)->i_flags & S_DEAD)
1997 /* the read-only stuff doesn't really belong here, but any other place is
1998 diff -NurpP --minimal linux-2.6.2-rc1/include/linux/init_task.h linux-2.6.2-rc1-vs0.05.1/include/linux/init_task.h
1999 --- linux-2.6.2-rc1/include/linux/init_task.h Fri Jan 9 07:59:08 2004
2000 +++ linux-2.6.2-rc1-vs0.05.1/include/linux/init_task.h Sat Jan 24 07:24:16 2004
2001 @@ -108,6 +108,10 @@
2002 .proc_lock = SPIN_LOCK_UNLOCKED, \
2003 .switch_lock = SPIN_LOCK_UNLOCKED, \
2004 .journal_info = NULL, \
2005 + .cap_bset = CAP_INIT_EFF_SET, \
2007 + .vx_info = NULL, \
2008 + .ip_info = NULL, \
2012 diff -NurpP --minimal linux-2.6.2-rc1/include/linux/ip.h linux-2.6.2-rc1-vs0.05.1/include/linux/ip.h
2013 --- linux-2.6.2-rc1/include/linux/ip.h Fri Jan 9 07:59:19 2004
2014 +++ linux-2.6.2-rc1-vs0.05.1/include/linux/ip.h Sat Jan 24 05:46:08 2004
2015 @@ -111,9 +111,11 @@ struct inet_opt {
2016 /* Socket demultiplex comparisons on incoming packets. */
2017 __u32 daddr; /* Foreign IPv4 addr */
2018 __u32 rcv_saddr; /* Bound local IPv4 addr */
2019 + __u32 rcv_saddr2; /* Second bound ipv4 addr, for ipv4root */
2020 __u16 dport; /* Destination port */
2021 __u16 num; /* Local port */
2022 __u32 saddr; /* Sending source */
2023 +// __u32 saddr2; /* Second bound ipv4 addr, for ipv4root */
2024 int uc_ttl; /* Unicast TTL */
2026 unsigned cmsg_flags;
2027 diff -NurpP --minimal linux-2.6.2-rc1/include/linux/proc_fs.h linux-2.6.2-rc1-vs0.05.1/include/linux/proc_fs.h
2028 --- linux-2.6.2-rc1/include/linux/proc_fs.h Sat Jan 24 03:18:19 2004
2029 +++ linux-2.6.2-rc1-vs0.05.1/include/linux/proc_fs.h Sat Jan 24 05:45:59 2004
2030 @@ -60,6 +60,7 @@ struct proc_dir_entry {
2036 struct inode_operations * proc_iops;
2037 struct file_operations * proc_fops;
2038 @@ -237,12 +238,16 @@ extern void kclist_add(struct kcore_list
2039 extern struct kcore_list *kclist_del(void *);
2045 struct task_struct *task;
2049 int (*proc_get_link)(struct inode *, struct dentry **, struct vfsmount **);
2050 int (*proc_read)(struct task_struct *task, char *page);
2051 + int (*proc_xid_read)(struct vx_info *vxi, char *page);
2053 struct proc_dir_entry *pde;
2054 struct inode vfs_inode;
2055 diff -NurpP --minimal linux-2.6.2-rc1/include/linux/reiserfs_fs.h linux-2.6.2-rc1-vs0.05.1/include/linux/reiserfs_fs.h
2056 --- linux-2.6.2-rc1/include/linux/reiserfs_fs.h Fri Jan 9 08:00:02 2004
2057 +++ linux-2.6.2-rc1-vs0.05.1/include/linux/reiserfs_fs.h Sat Jan 24 22:45:38 2004
2058 @@ -879,6 +879,8 @@ struct stat_data_v1
2059 /* we want common flags to have the same values as in ext2,
2060 so chattr(1) will work without problems */
2061 #define REISERFS_IMMUTABLE_FL EXT2_IMMUTABLE_FL
2062 +#define REISERFS_IUNLINK_FL EXT2_IUNLINK_FL
2063 +#define REISERFS_BARRIER_FL EXT2_BARRIER_FL
2064 #define REISERFS_APPEND_FL EXT2_APPEND_FL
2065 #define REISERFS_SYNC_FL EXT2_SYNC_FL
2066 #define REISERFS_NOATIME_FL EXT2_NOATIME_FL
2067 @@ -890,6 +892,7 @@ struct stat_data_v1
2069 /* persistent flags that file inherits from the parent directory */
2070 #define REISERFS_INHERIT_MASK ( REISERFS_IMMUTABLE_FL | \
2071 + REISERFS_IUNLINK_FL | \
2072 REISERFS_SYNC_FL | \
2073 REISERFS_NOATIME_FL | \
2074 REISERFS_NODUMP_FL | \
2075 diff -NurpP --minimal linux-2.6.2-rc1/include/linux/sched.h linux-2.6.2-rc1-vs0.05.1/include/linux/sched.h
2076 --- linux-2.6.2-rc1/include/linux/sched.h Sat Jan 24 03:18:19 2004
2077 +++ linux-2.6.2-rc1-vs0.05.1/include/linux/sched.h Sat Jan 24 05:57:44 2004
2078 @@ -102,6 +102,7 @@ extern unsigned long nr_iowait(void);
2079 #include <linux/timer.h>
2081 #include <asm/processor.h>
2082 +#include <linux/vserver/context.h>
2084 #define TASK_RUNNING 0
2085 #define TASK_INTERRUPTIBLE 1
2086 @@ -296,9 +297,10 @@ struct user_struct {
2087 /* Hash table maintenance information */
2088 struct list_head uidhash_list;
2093 -extern struct user_struct *find_user(uid_t);
2094 +extern struct user_struct *find_user(xid_t, uid_t);
2096 extern struct user_struct root_user;
2097 #define INIT_USER (&root_user)
2098 @@ -440,6 +442,12 @@ struct task_struct {
2103 + kernel_cap_t cap_bset;
2105 + struct vx_info *vx_info;
2106 + struct ip_info *ip_info;
2108 /* Thread group tracking */
2111 @@ -561,7 +569,7 @@ extern void set_special_pids(pid_t sessi
2112 extern void __set_special_pids(pid_t session, pid_t pgrp);
2114 /* per-UID process charging. */
2115 -extern struct user_struct * alloc_uid(uid_t);
2116 +extern struct user_struct * alloc_uid(xid_t, uid_t);
2117 extern void free_uid(struct user_struct *);
2118 extern void switch_uid(struct user_struct *);
2120 diff -NurpP --minimal linux-2.6.2-rc1/include/linux/types.h linux-2.6.2-rc1-vs0.05.1/include/linux/types.h
2121 --- linux-2.6.2-rc1/include/linux/types.h Fri Jan 9 07:59:57 2004
2122 +++ linux-2.6.2-rc1-vs0.05.1/include/linux/types.h Sat Jan 24 05:45:51 2004
2123 @@ -37,6 +37,7 @@ typedef __kernel_uid32_t uid_t;
2124 typedef __kernel_gid32_t gid_t;
2125 typedef __kernel_uid16_t uid16_t;
2126 typedef __kernel_gid16_t gid16_t;
2127 +typedef unsigned int xid_t;
2130 /* This is defined by include/asm-{arch}/posix_types.h */
2131 diff -NurpP --minimal linux-2.6.2-rc1/include/linux/vinline.h linux-2.6.2-rc1-vs0.05.1/include/linux/vinline.h
2132 --- linux-2.6.2-rc1/include/linux/vinline.h Thu Jan 1 01:00:00 1970
2133 +++ linux-2.6.2-rc1-vs0.05.1/include/linux/vinline.h Sat Jan 24 05:14:16 2004
2135 +#ifndef _VX_INLINE_H
2136 +#define _VX_INLINE_H
2139 +// #define VX_DEBUG
2141 +#include <linux/kernel.h>
2142 +#include <linux/sched.h>
2144 +#include <linux/vserver/context.h>
2145 +#include <linux/vserver/network.h>
2147 +#if defined(VX_DEBUG)
2148 +#define vxdprintk(x...) printk("vxd: " x)
2150 +#define vxdprintk(x...)
2155 +void free_vx_info(struct vx_info *);
2157 +extern int proc_pid_vinfo(struct task_struct *, char *);
2160 +#define get_vx_info(i) __get_vx_info(i,__FILE__,__LINE__)
2162 +static __inline__ struct vx_info *__get_vx_info(struct vx_info *vxi, const char *_file, int _line)
2164 + /* for now we allow vxi to be null */
2167 + vxdprintk("get_vx_info(%p[#%d.%d])\t%s:%d\n", vxi,
2168 + vxi->vx_id, atomic_read(&vxi->vx_refcount),
2170 + atomic_inc(&vxi->vx_refcount);
2174 +#define put_vx_info(i) __put_vx_info(i,__FILE__,__LINE__)
2176 +static __inline__ void __put_vx_info(struct vx_info *vxi, const char *_file, int _line)
2178 + /* for now we allow vxi to be null */
2181 + vxdprintk("put_vx_info(%p[#%d.%d])\t%s:%d\n", vxi,
2182 + vxi->vx_id, atomic_read(&vxi->vx_refcount),
2184 + if (atomic_dec_and_lock(&vxi->vx_refcount, &vxlist_lock)) {
2185 + list_del(&vxi->vx_list);
2186 + spin_unlock(&vxlist_lock);
2187 + free_vx_info(vxi);
2191 +#define task_get_vx_info(i) __task_get_vx_info(i,__FILE__,__LINE__)
2193 +static __inline__ struct vx_info *__task_get_vx_info(struct task_struct *p,
2194 + const char *_file, int _line)
2196 + struct vx_info *vxi;
2199 + vxi = __get_vx_info(p->vx_info, _file, _line);
2205 +#define vx_verify_info(p,i) \
2206 + __vx_verify_info((p)->vx_info,i,__FILE__,__LINE__)
2208 +static __inline__ void __vx_verify_info(
2209 + struct vx_info *vxa, struct vx_info *vxb,
2210 + const char *_file, int _line)
2214 + printk(KERN_ERR "vx bad assumption (%p==%p) at %s:%d\n",
2215 + vxa, vxb, _file, _line);
2219 +#define vx_task_xid(t) ((t)->xid)
2221 +#define vx_current_xid() vx_task_xid(current)
2223 +#define vx_check(c,m) __vx_check(vx_current_xid(),c,m)
2225 +#define vx_weak_check(c,m) ((m) ? vx_check(c,m) : 1)
2228 + * check current context for ADMIN/WATCH and
2229 + * optionally agains supplied argument
2231 +static __inline__ int __vx_check(xid_t cid, xid_t id, unsigned int mode)
2233 + if (mode & VX_ARG_MASK) {
2234 + if ((mode & VX_IDENT) &&
2238 + if (mode & VX_ATR_MASK) {
2239 + if ((mode & VX_DYNAMIC) &&
2240 + (id >= MIN_D_CONTEXT) &&
2241 + (id <= MAX_S_CONTEXT))
2243 + if ((mode & VX_STATIC) &&
2244 + (id > 1) && (id < MIN_D_CONTEXT))
2247 + return (((mode & VX_ADMIN) && (cid == 0)) ||
2248 + ((mode & VX_WATCH) && (cid == 1)));
2253 +void free_ip_info(struct ip_info *);
2255 +#define get_ip_info(i) __get_ip_info(i,__FILE__,__LINE__)
2257 +static __inline__ struct ip_info *__get_ip_info(struct ip_info *ipi, const char *_file, int _line)
2259 + /* for now we allow vxi to be null */
2262 + vxdprintk("get_ip_info(%p[%d])\t%s:%d\n", ipi,
2263 + atomic_read(&ipi->ip_refcount), _file, _line);
2264 + atomic_inc(&ipi->ip_refcount);
2268 +#define put_ip_info(i) __put_ip_info(i,__FILE__,__LINE__)
2270 +static __inline__ void __put_ip_info(struct ip_info *ipi, const char *_file, int _line)
2272 + /* for now we allow vxi to be null */
2275 + vxdprintk("put_ip_info(%p[%d])\t%s:%d\n", ipi,
2276 + atomic_read(&ipi->ip_refcount), _file, _line);
2277 + if (atomic_dec_and_lock(&ipi->ip_refcount, &iplist_lock)) {
2278 + list_del(&ipi->ip_list);
2279 + spin_unlock(&iplist_lock);
2280 + free_ip_info(ipi);
2284 +#define task_get_ip_info(i) __task_get_ip_info(i,__FILE__,__LINE__)
2286 +static __inline__ struct ip_info *__task_get_ip_info(struct task_struct *p,
2287 + const char *_file, int _line)
2289 + struct ip_info *ipi;
2292 + ipi = __get_ip_info(p->ip_info, _file, _line);
2297 +#define ip_verify_info(p,i) \
2298 + __ip_verify_info((p)->ip_info,i,__FILE__,__LINE__)
2300 +static __inline__ void __ip_verify_info(
2301 + struct ip_info *ipa, struct ip_info *ipb,
2302 + const char *_file, int _line)
2306 + printk(KERN_ERR "ip bad assumption (%p==%p) at %s:%d\n",
2307 + ipa, ipb, _file, _line);
2312 +#define VX_DEBUG_ACC_RSS 0
2313 +#define VX_DEBUG_ACC_VM 0
2314 +#define VX_DEBUG_ACC_VML 0
2317 +#define vx_acc_page(m, d, v, r) \
2318 + __vx_acc_page(&(m->v), m->mm_vx_info, r, d, __FILE__, __LINE__)
2320 +static inline void __vx_acc_page(unsigned long *v, struct vx_info *vxi,
2321 + int res, int dir, char *file, int line)
2331 + atomic_inc(&vxi->limit.res[res]);
2333 + atomic_dec(&vxi->limit.res[res]);
2338 +#define vx_acc_pages(m, p, v, r) \
2339 + __vx_acc_pages(&(m->v), m->mm_vx_info, r, p, __FILE__, __LINE__)
2341 +static inline void __vx_acc_pages(unsigned long *v, struct vx_info *vxi,
2342 + int res, int pages, char *file, int line)
2344 + if ((pages > 1 || pages < -1) &&
2345 + ((res == RLIMIT_RSS && VX_DEBUG_ACC_RSS) ||
2346 + (res == RLIMIT_AS && VX_DEBUG_ACC_VM) ||
2347 + (res == RLIMIT_MEMLOCK && VX_DEBUG_ACC_VML)))
2348 + vxdprintk("vx_acc_pages [%5d,%2d]: %5d += %5d in %s:%d\n",
2349 + (vxi?vxi->vx_id:-1), res,
2350 + (vxi?atomic_read(&vxi->limit.res[res]):0),
2351 + pages, file, line);
2357 + atomic_add(pages, &vxi->limit.res[res]);
2362 +#define vx_acc_vmpage(m,d) vx_acc_page(m, d, total_vm, RLIMIT_AS)
2363 +#define vx_acc_vmlpage(m,d) vx_acc_page(m, d, locked_vm, RLIMIT_MEMLOCK)
2364 +#define vx_acc_rsspage(m,d) vx_acc_page(m, d, rss, RLIMIT_RSS)
2366 +#define vx_acc_vmpages(m,p) vx_acc_pages(m, p, total_vm, RLIMIT_AS)
2367 +#define vx_acc_vmlpages(m,p) vx_acc_pages(m, p, locked_vm, RLIMIT_MEMLOCK)
2368 +#define vx_acc_rsspages(m,p) vx_acc_pages(m, p, rss, RLIMIT_RSS)
2370 +#define vx_pages_add(s,r,p) __vx_acc_pages(0, s, r, p, __FILE__, __LINE__)
2371 +#define vx_pages_sub(s,r,p) __vx_pages_add(s, r, -(p))
2373 +#define vx_vmpages_inc(m) vx_acc_vmpage(m, 1)
2374 +#define vx_vmpages_dec(m) vx_acc_vmpage(m,-1)
2375 +#define vx_vmpages_add(m,p) vx_acc_vmpages(m, p)
2376 +#define vx_vmpages_sub(m,p) vx_acc_vmpages(m,-(p))
2378 +#define vx_vmlocked_inc(m) vx_acc_vmlpage(m, 1)
2379 +#define vx_vmlocked_dec(m) vx_acc_vmlpage(m,-1)
2380 +#define vx_vmlocked_add(m,p) vx_acc_vmlpages(m, p)
2381 +#define vx_vmlocked_sub(m,p) vx_acc_vmlpages(m,-(p))
2383 +#define vx_rsspages_inc(m) vx_acc_rsspage(m, 1)
2384 +#define vx_rsspages_dec(m) vx_acc_rsspage(m,-1)
2385 +#define vx_rsspages_add(m,p) vx_acc_rsspages(m, p)
2386 +#define vx_rsspages_sub(m,p) vx_acc_rsspages(m,-(p))
2390 +#define vx_pages_avail(m, p, r) \
2391 + __vx_pages_avail((m)->mm_vx_info, (r), (p), __FILE__, __LINE__)
2393 +static inline int __vx_pages_avail(struct vx_info *vxi,
2394 + int res, int pages, char *file, int line)
2396 + if ((res == RLIMIT_RSS && VX_DEBUG_ACC_RSS) ||
2397 + (res == RLIMIT_AS && VX_DEBUG_ACC_VM) ||
2398 + (res == RLIMIT_MEMLOCK && VX_DEBUG_ACC_VML))
2399 + printk("vx_pages_avail[%5d,%2d]: %5ld > %5d + %5d in %s:%d\n",
2400 + (vxi?vxi->vx_id:-1), res,
2401 + (vxi?vxi->limit.rlim[res]:1),
2402 + (vxi?atomic_read(&vxi->limit.res[res]):0),
2403 + pages, file, line);
2406 + if (vxi->limit.rlim[res] == RLIM_INFINITY)
2408 + if (vxi->limit.rlim[res] < atomic_read(&vxi->limit.res[res]) + pages)
2413 +#define vx_vmpages_avail(m,p) vx_pages_avail(m, p, RLIMIT_AS)
2414 +#define vx_vmlocked_avail(m,p) vx_pages_avail(m, p, RLIMIT_MEMLOCK)
2415 +#define vx_rsspages_avail(m,p) vx_pages_avail(m, p, RLIMIT_RSS)
2417 +/* procfs ioctls */
2419 +#define FIOC_GETXFLG _IOR('x', 5, long)
2420 +#define FIOC_SETXFLG _IOW('x', 6, long)
2424 diff -NurpP --minimal linux-2.6.2-rc1/include/linux/vserver/context.h linux-2.6.2-rc1-vs0.05.1/include/linux/vserver/context.h
2425 --- linux-2.6.2-rc1/include/linux/vserver/context.h Thu Jan 1 01:00:00 1970
2426 +++ linux-2.6.2-rc1-vs0.05.1/include/linux/vserver/context.h Sat Jan 24 06:06:06 2004
2428 +#ifndef _VX_CONTEXT_H
2429 +#define _VX_CONTEXT_H
2432 +#include <linux/types.h>
2435 +#define MAX_S_CONTEXT 65535 /* Arbitrary limit */
2436 +#define MIN_D_CONTEXT 49152 /* dynamic contexts start here */
2438 +#define VX_DYNAMIC_ID (-1UL) /* id for dynamic context */
2441 +#include <linux/utsname.h>
2447 + unsigned long total_forks;
2449 + unsigned int bias_cswtch;
2450 + long bias_jiffies;
2453 + struct new_utsname utsname;
2457 +#include <linux/list.h>
2458 +#include <linux/spinlock.h>
2459 +#include <asm/atomic.h>
2461 +#include <linux/vserver/limit.h>
2462 +#include <linux/vserver/sched.h>
2465 + struct list_head vx_list; /* linked list of contexts */
2466 + xid_t vx_id; /* context id */
2467 + atomic_t vx_refcount; /* refcount */
2468 + struct vx_info *vx_parent; /* parent context */
2470 + struct proc_dir_entry *vx_procent; /* proc entry */
2471 + unsigned int vx_flags; /* VX_INFO_xxx */
2472 + pid_t vx_initpid; /* PID of fake init process */
2474 + struct _vx_virt virt; /* virtual/bias stuff */
2475 + struct _vx_limit limit; /* vserver limits */
2476 + struct _vx_sched sched; /* vserver scheduler */
2478 + char vx_name[65]; /* vserver name */
2482 +extern spinlock_t vxlist_lock;
2483 +extern struct list_head vx_infos;
2486 +#define VX_ADMIN 0x0001
2487 +#define VX_WATCH 0x0002
2488 +#define VX_DUMMY 0x0008
2490 +#define VX_IDENT 0x0010
2491 +#define VX_EQUIV 0x0020
2492 +#define VX_PARENT 0x0040
2493 +#define VX_CHILD 0x0080
2495 +#define VX_ARG_MASK 0x00F0
2497 +#define VX_DYNAMIC 0x0100
2498 +#define VX_STATIC 0x0200
2500 +#define VX_ATR_MASK 0x0F00
2503 +void free_vx_info(struct vx_info *);
2505 +extern struct vx_info *find_vx_info(int);
2506 +extern struct vx_info *find_or_create_vx_info(int);
2509 +#include <linux/vserver/switch.h>
2511 +/* vinfo commands */
2513 +#define VCMD_task_xid VC_CMD(VINFO, 1, 0)
2514 +#define VCMD_task_nid VC_CMD(VINFO, 2, 0)
2516 +extern int vc_task_xid(uint32_t, void *);
2519 +#define VCMD_vx_info VC_CMD(VINFO, 5, 0)
2520 +#define VCMD_nx_info VC_CMD(VINFO, 6, 0)
2522 +struct vcmd_vx_info_v0 {
2525 + /* more to come */
2528 +extern int vc_vx_info(uint32_t, void *);
2531 +/* virtual host info names */
2533 +#define VCMD_vx_set_vhi_name VC_CMD(VHOST, 1, 0)
2534 +#define VCMD_vx_get_vhi_name VC_CMD(VHOST, 2, 0)
2536 +extern int vc_set_vhi_name(uint32_t, void *);
2537 +extern int vc_get_vhi_name(uint32_t, void *);
2539 +struct vcmd_vx_vhi_name_v0 {
2545 +enum vx_vhi_name_field {
2556 +// EXPORT_SYMBOL_GPL(vxlist_lock);
2557 +// EXPORT_SYMBOL_GPL(vx_infos);
2559 +// EXPORT_SYMBOL_GPL(find_vx_info);
2562 diff -NurpP --minimal linux-2.6.2-rc1/include/linux/vserver/inode.h linux-2.6.2-rc1-vs0.05.1/include/linux/vserver/inode.h
2563 --- linux-2.6.2-rc1/include/linux/vserver/inode.h Thu Jan 1 01:00:00 1970
2564 +++ linux-2.6.2-rc1-vs0.05.1/include/linux/vserver/inode.h Sat Jan 24 05:45:51 2004
2566 +#ifndef _VX_INODE_H
2567 +#define _VX_INODE_H
2570 +#include <linux/vserver/switch.h>
2572 +/* inode vserver commands */
2574 +#define VCMD_get_iattr VC_CMD(INODE, 1, 0)
2575 +#define VCMD_set_iattr VC_CMD(INODE, 2, 0)
2577 +struct vcmd_ctx_iattr_v0 {
2578 + /* device handle in id */
2585 +#define IATTR_XID 0x01000000
2587 +#define IATTR_ADMIN 0x00000001
2588 +#define IATTR_WATCH 0x00000002
2589 +#define IATTR_HIDE 0x00000004
2590 +#define IATTR_FLAGS 0x00000007
2592 +#define IATTR_BARRIER 0x00010000
2593 +#define IATTR_IUNLINK 0x00020000
2596 +extern int vc_get_iattr(uint32_t, void *);
2597 +extern int vc_set_iattr(uint32_t, void *);
2602 +#define FIOC_GETXFLG _IOR('x', 5, long)
2603 +#define FIOC_SETXFLG _IOW('x', 6, long)
2607 diff -NurpP --minimal linux-2.6.2-rc1/include/linux/vserver/legacy.h linux-2.6.2-rc1-vs0.05.1/include/linux/vserver/legacy.h
2608 --- linux-2.6.2-rc1/include/linux/vserver/legacy.h Thu Jan 1 01:00:00 1970
2609 +++ linux-2.6.2-rc1-vs0.05.1/include/linux/vserver/legacy.h Sat Jan 24 05:14:16 2004
2611 +#ifndef _VX_LEGACY_H
2612 +#define _VX_LEGACY_H
2615 +#include <linux/vserver/switch.h>
2616 +#include <linux/vserver/network.h>
2618 +/* compatibiliy vserver commands */
2620 +#define VCMD_new_s_context VC_CMD(COMPAT, 1, 1)
2621 +#define VCMD_set_ipv4root VC_CMD(COMPAT, 2, 3)
2623 +/* compatibiliy vserver arguments */
2625 +struct vcmd_new_s_context_v1 {
2626 + uint32_t remove_cap;
2630 +struct vcmd_set_ipv4root_v3 {
2631 + /* number of pairs in id */
2632 + uint32_t broadcast;
2636 + } ip_mask_pair[NB_IPV4ROOT];
2640 +#define VX_INFO_LOCK 1 /* Can't request a new vx_id */
2641 +#define VX_INFO_SCHED 2 /* All process in the vx_id */
2642 + /* Contribute to the schedular */
2643 +#define VX_INFO_NPROC 4 /* Limit number of processes in a context */
2644 +#define VX_INFO_PRIVATE 8 /* Noone can join this security context */
2645 +#define VX_INFO_INIT 16 /* This process wants to become the */
2646 + /* logical process 1 of the security */
2648 +#define VX_INFO_HIDEINFO 32 /* Hide some information in /proc */
2649 +#define VX_INFO_ULIMIT 64 /* Use ulimit of the current process */
2650 + /* to become the global limits */
2651 + /* of the context */
2653 +#define MAX_S_CONTEXT 65535 /* Arbitrary limit */
2654 +#define MIN_D_CONTEXT 49152 /* dynamic contexts start here */
2656 +#define VX_DYNAMIC_ID (-1UL) /* id for dynamic context */
2658 +#define NB_S_CONTEXT 16
2660 +#define NB_IPV4ROOT 16
2663 +extern int vc_new_s_context(uint32_t, void *);
2664 +extern int vc_set_ipv4root(uint32_t, void *);
2668 diff -NurpP --minimal linux-2.6.2-rc1/include/linux/vserver/limit.h linux-2.6.2-rc1-vs0.05.1/include/linux/vserver/limit.h
2669 --- linux-2.6.2-rc1/include/linux/vserver/limit.h Thu Jan 1 01:00:00 1970
2670 +++ linux-2.6.2-rc1-vs0.05.1/include/linux/vserver/limit.h Sat Jan 24 05:54:14 2004
2672 +#ifndef _VX_LIMIT_H
2673 +#define _VX_LIMIT_H
2676 +#include <linux/vserver/switch.h>
2678 +/* rlimit vserver commands */
2680 +#define VCMD_get_rlimit VC_CMD(RLIMIT, 1, 0)
2681 +#define VCMD_set_rlimit VC_CMD(RLIMIT, 2, 0)
2682 +#define VCMD_get_rlimit_mask VC_CMD(RLIMIT, 3, 0)
2684 +struct vcmd_ctx_rlimit_v0 {
2687 + uint64_t softlimit;
2691 +struct vcmd_ctx_rlimit_mask_v0 {
2693 + uint32_t softlimit;
2697 +#define CRLIM_UNSET (0ULL)
2698 +#define CRLIM_INFINITY (~0ULL)
2699 +#define CRLIM_KEEP (~1ULL)
2702 +extern int vc_get_rlimit(uint32_t, void *);
2703 +extern int vc_set_rlimit(uint32_t, void *);
2704 +extern int vc_get_rlimit_mask(uint32_t, void *);
2707 +#include <asm/atomic.h>
2708 +#include <asm/resource.h>
2710 +/* context sub struct */
2715 + unsigned long rlim[RLIM_NLIMITS]; /* Per context limit */
2716 + atomic_t res[RLIM_NLIMITS]; /* Current value */
2721 diff -NurpP --minimal linux-2.6.2-rc1/include/linux/vserver/network.h linux-2.6.2-rc1-vs0.05.1/include/linux/vserver/network.h
2722 --- linux-2.6.2-rc1/include/linux/vserver/network.h Thu Jan 1 01:00:00 1970
2723 +++ linux-2.6.2-rc1-vs0.05.1/include/linux/vserver/network.h Sat Jan 24 05:46:08 2004
2725 +#ifndef _VX_NETWORK_H
2726 +#define _VX_NETWORK_H
2729 +#define NB_IPV4ROOT 16
2731 +#include <linux/list.h>
2732 +#include <linux/spinlock.h>
2733 +#include <linux/utsname.h>
2734 +#include <asm/resource.h>
2735 +#include <asm/atomic.h>
2739 + struct list_head ip_list; /* linked list of ipinfos */
2740 + atomic_t ip_refcount;
2742 + __u32 ipv4[NB_IPV4ROOT];/* Process can only bind to these IPs */
2743 + /* The first one is used to connect */
2744 + /* and for bind any service */
2745 + /* The other must be used explicity when */
2747 + __u32 mask[NB_IPV4ROOT];/* Netmask for each ipv4 */
2748 + /* Used to select the proper source address */
2750 + __u32 v4_bcast; /* Broadcast address used to receive UDP packets */
2754 +extern spinlock_t iplist_lock;
2755 +extern struct list_head ip_infos;
2758 +void free_ip_info(struct ip_info *);
2759 +struct ip_info *create_ip_info(void);
2762 +// EXPORT_SYMBOL_GPL(iplist_lock);
2763 +// EXPORT_SYMBOL_GPL(ip_infos);
2765 +// EXPORT_SYMBOL_GPL(find_ip_info);
2768 diff -NurpP --minimal linux-2.6.2-rc1/include/linux/vserver/sched.h linux-2.6.2-rc1-vs0.05.1/include/linux/vserver/sched.h
2769 --- linux-2.6.2-rc1/include/linux/vserver/sched.h Thu Jan 1 01:00:00 1970
2770 +++ linux-2.6.2-rc1-vs0.05.1/include/linux/vserver/sched.h Sat Jan 24 06:12:29 2004
2772 +#ifndef _VX_SCHED_H
2773 +#define _VX_SCHED_H
2776 +#include <linux/vserver/switch.h>
2778 +/* sched vserver commands */
2780 +#define VCMD_set_sched VC_CMD(SYSTEST, 1, 1)
2782 +/* Options - these ones enable or disable the CTX_SCHED flag */
2783 +#define TBF_SCHED_ENABLE 0x0001
2784 +#define TBF_SCHED_DISABLE 0x0002
2786 +struct vcmd_set_sched_v1 {
2789 + int32_t fill_rate;
2791 + int32_t fill_level;
2792 + int32_t bucket_size;
2796 +extern int vc_set_sched(uint32_t, void *);
2798 +#include <linux/spinlock.h>
2800 +/* context sub struct */
2803 + spinlock_t tokens_lock; /* lock for this structure */
2805 + int tokens; /* number of CPU tokens in this context */
2806 + int tokens_fr; /* Fill rate: add X tokens... */
2807 + int tokens_div; /* Divisor: per Y jiffies */
2808 + int tokens_max; /* Limit: no more than N tokens */
2809 + uint32_t tokens_jfy; /* add an integral multiple of Y to this */
2814 diff -NurpP --minimal linux-2.6.2-rc1/include/linux/vserver/signal.h linux-2.6.2-rc1-vs0.05.1/include/linux/vserver/signal.h
2815 --- linux-2.6.2-rc1/include/linux/vserver/signal.h Thu Jan 1 01:00:00 1970
2816 +++ linux-2.6.2-rc1-vs0.05.1/include/linux/vserver/signal.h Sat Jan 24 06:02:39 2004
2818 +#ifndef _VX_SIGNAL_H
2819 +#define _VX_SIGNAL_H
2822 +#include <linux/vserver/switch.h>
2824 +/* context signalling */
2826 +#define VCMD_ctx_kill VC_CMD(PROCTRL, 1, 0)
2828 +struct vcmd_ctx_kill_v0 {
2834 +extern int vc_ctx_kill(uint32_t, void *);
2838 diff -NurpP --minimal linux-2.6.2-rc1/include/linux/vserver/switch.h linux-2.6.2-rc1-vs0.05.1/include/linux/vserver/switch.h
2839 --- linux-2.6.2-rc1/include/linux/vserver/switch.h Thu Jan 1 01:00:00 1970
2840 +++ linux-2.6.2-rc1-vs0.05.1/include/linux/vserver/switch.h Sat Jan 24 05:14:16 2004
2842 +#ifndef _LINUX_VIRTUAL_H
2843 +#define _LINUX_VIRTUAL_H
2845 +#include <linux/types.h>
2847 +#define VC_CATEGORY(c) (((c) >> 24) & 0x3F)
2848 +#define VC_COMMAND(c) (((c) >> 16) & 0xFF)
2849 +#define VC_VERSION(c) ((c) & 0xFFF)
2851 +#define VC_CMD(c,i,v) ((((VC_CAT_ ## c) & 0x3F) << 24) \
2852 + | (((i) & 0xFF) << 16) | ((v) & 0xFFF))
2856 + Syscall Matrix V2.4
2858 + |VERSION|CREATE |MODIFY |MIGRATE|CONTROL|EXPERIM| |SPECIAL|SPECIAL|
2859 + |STATS |DESTROY|ALTER |CHANGE |LIMIT |TEST | | | |
2860 + |INFO |SETUP | |MOVE | | | | | |
2861 + -------+-------+-------+-------+-------+-------+-------+ +-------+-------+
2862 + SYSTEM |VERSION| | | | | | |DEVICES| |
2863 + HOST | 00| 01| 02| 03| 04| 05| | 06| 07|
2864 + -------+-------+-------+-------+-------+-------+-------+ +-------+-------+
2865 + CPU | | | | | | | |SCHED. | |
2866 + PROCESS| 08| 09| 10| 11| 12| 13| | 14| 15|
2867 + -------+-------+-------+-------+-------+-------+-------+ +-------+-------+
2868 + MEMORY | | | | | | | |SWAP | |
2869 + | 16| 17| 18| 19| 20| 21| | 22| 23|
2870 + -------+-------+-------+-------+-------+-------+-------+ +-------+-------+
2871 + NETWORK| | | | | | | |SERIAL | |
2872 + | 24| 25| 26| 27| 28| 29| | 30| 31|
2873 + -------+-------+-------+-------+-------+-------+-------+ +-------+-------+
2874 + DISK | | | | | | | |INODE | |
2875 + VFS | 32| 33| 34| 35| 36| 37| | 38| 39|
2876 + -------+-------+-------+-------+-------+-------+-------+ +-------+-------+
2877 + OTHER | | | | | | | |VINFO | |
2878 + | 40| 41| 42| 43| 44| 45| | 46| 47|
2879 + =======+=======+=======+=======+=======+=======+=======+ +=======+=======+
2880 + SPECIAL| | | | | | | | | |
2881 + | 48| 49| 50| 51| 52| 53| | 54| 55|
2882 + -------+-------+-------+-------+-------+-------+-------+ +-------+-------+
2883 + SPECIAL| | | | |RLIMIT |SYSCALL| | |COMPAT |
2884 + | 56| 57| 58| 59| 60|TEST 61| | 62| 63|
2885 + -------+-------+-------+-------+-------+-------+-------+ +-------+-------+
2889 +#define VC_CAT_VERSION 0
2891 +#define VC_CAT_VHOST 2
2893 +#define VC_CAT_PROCTRL 12
2895 +#define VC_CAT_SCHED 14
2896 +#define VC_CAT_INODE 38
2898 +#define VC_CAT_VINFO 46
2900 +#define VC_CAT_RLIMIT 60
2902 +#define VC_CAT_SYSTEST 61
2903 +#define VC_CAT_COMPAT 63
2905 +/* interface version */
2907 +#define VCI_VERSION 0x00010010
2910 +/* query version */
2912 +#define VCMD_get_version VC_CMD(VERSION, 0, 0)
2915 +#include <linux/errno.h>
2917 +#define ENOTSUP ENOTSUPP
2920 +// EXPORT_SYMBOL_GPL(sys_vserver);
2923 +#endif /* _LINUX_VIRTUAL_H */
2924 diff -NurpP --minimal linux-2.6.2-rc1/include/linux/vserver.h linux-2.6.2-rc1-vs0.05.1/include/linux/vserver.h
2925 --- linux-2.6.2-rc1/include/linux/vserver.h Thu Jan 1 01:00:00 1970
2926 +++ linux-2.6.2-rc1-vs0.05.1/include/linux/vserver.h Sat Jan 24 05:14:16 2004
2928 +#ifndef _LINUX_VSERVER_H
2929 +#define _LINUX_VSERVER_H
2931 +#include <linux/vserver/context.h>
2932 +#include <linux/vserver/network.h>
2933 +#include <linux/vinline.h>
2936 diff -NurpP --minimal linux-2.6.2-rc1/include/net/route.h linux-2.6.2-rc1-vs0.05.1/include/net/route.h
2937 --- linux-2.6.2-rc1/include/net/route.h Fri Jan 9 07:59:02 2004
2938 +++ linux-2.6.2-rc1-vs0.05.1/include/net/route.h Sat Jan 24 05:46:08 2004
2940 #include <linux/route.h>
2941 #include <linux/ip.h>
2942 #include <linux/cache.h>
2943 +#include <linux/vinline.h>
2946 #warning This file is not supposed to be used outside of kernel.
2947 @@ -160,6 +161,45 @@ static inline int ip_route_connect(struc
2948 .dport = dport } } };
2951 + struct ip_info *ip_info = current->ip_info;
2953 + __u32 ipv4root = ip_info->ipv4[0];
2955 + int n = ip_info->nbipv4;
2960 + err = __ip_route_output_key(rp, &fl);
2963 + foundsrc = (*rp)->rt_src;
2965 + for (i=0; i<n; i++){
2966 + u32 mask = ip_info->mask[i];
2967 + u32 ipv4 = ip_info->ipv4[i];
2968 + u32 netipv4 = ipv4 & mask;
2969 + if ((foundsrc & mask) == netipv4) {
2976 + src = dst == 0x0100007f
2977 + ? 0x0100007f: ipv4root;
2980 + for (i=0; i<n; i++) {
2981 + if (ip_info->ipv4[i] == src) break;
2986 + if (dst == 0x0100007f && !vx_check(0, VX_ADMIN))
2991 err = __ip_route_output_key(rp, &fl);
2993 diff -NurpP --minimal linux-2.6.2-rc1/include/net/sock.h linux-2.6.2-rc1-vs0.05.1/include/net/sock.h
2994 --- linux-2.6.2-rc1/include/net/sock.h Sat Jan 24 03:18:19 2004
2995 +++ linux-2.6.2-rc1-vs0.05.1/include/net/sock.h Sat Jan 24 05:46:08 2004
2997 #include <linux/security.h>
2999 #include <linux/filter.h>
3000 +#include <linux/vinline.h>
3002 #include <asm/atomic.h>
3003 #include <net/dst.h>
3004 @@ -109,6 +110,8 @@ struct sock_common {
3005 struct hlist_node skc_node;
3006 struct hlist_node skc_bind_node;
3007 atomic_t skc_refcnt;
3009 + struct ip_info *skc_ip_info;
3013 @@ -186,6 +189,8 @@ struct sock {
3014 #define sk_node __sk_common.skc_node
3015 #define sk_bind_node __sk_common.skc_bind_node
3016 #define sk_refcnt __sk_common.skc_refcnt
3017 +#define sk_xid __sk_common.skc_xid
3018 +#define sk_ip_info __sk_common.skc_ip_info
3019 volatile unsigned char sk_zapped;
3020 unsigned char sk_shutdown;
3021 unsigned char sk_use_write_queue;
3022 diff -NurpP --minimal linux-2.6.2-rc1/include/net/tcp.h linux-2.6.2-rc1-vs0.05.1/include/net/tcp.h
3023 --- linux-2.6.2-rc1/include/net/tcp.h Sat Jan 24 03:18:19 2004
3024 +++ linux-2.6.2-rc1-vs0.05.1/include/net/tcp.h Sat Jan 24 05:46:08 2004
3025 @@ -195,6 +195,8 @@ struct tcp_tw_bucket {
3026 #define tw_node __tw_common.skc_node
3027 #define tw_bind_node __tw_common.skc_bind_node
3028 #define tw_refcnt __tw_common.skc_refcnt
3029 +#define tw_xid __tw_common.skc_xid
3030 +#define tw_ip_info __tw_common.skc_ip_info
3031 volatile unsigned char tw_substate;
3032 unsigned char tw_rcv_wscale;
3034 diff -NurpP --minimal linux-2.6.2-rc1/kernel/Makefile linux-2.6.2-rc1-vs0.05.1/kernel/Makefile
3035 --- linux-2.6.2-rc1/kernel/Makefile Fri Jan 9 07:59:10 2004
3036 +++ linux-2.6.2-rc1-vs0.05.1/kernel/Makefile Sat Jan 24 05:14:16 2004
3037 @@ -8,6 +8,11 @@ obj-y = sched.o fork.o exec_domain.o
3038 signal.o sys.o kmod.o workqueue.o pid.o \
3039 rcupdate.o intermodule.o extable.o params.o posix-timers.o
3041 +# mod-subdirs := vserver
3043 +subdir-y += vserver
3044 +obj-y += vserver/vserver.o
3046 obj-$(CONFIG_FUTEX) += futex.o
3047 obj-$(CONFIG_GENERIC_ISA_DMA) += dma.o
3048 obj-$(CONFIG_SMP) += cpu.o
3049 diff -NurpP --minimal linux-2.6.2-rc1/kernel/sys.c linux-2.6.2-rc1-vs0.05.1/kernel/sys.c
3050 --- linux-2.6.2-rc1/kernel/sys.c Sat Jan 24 03:18:19 2004
3051 +++ linux-2.6.2-rc1-vs0.05.1/kernel/sys.c Sat Jan 24 06:15:34 2004
3053 #include <linux/security.h>
3054 #include <linux/dcookies.h>
3055 #include <linux/suspend.h>
3056 +#include <linux/vinline.h>
3058 #include <asm/uaccess.h>
3060 @@ -317,7 +318,7 @@ asmlinkage long sys_setpriority(int whic
3062 user = current->user;
3064 - user = find_user(who);
3065 + user = find_user(vx_current_xid(), who);
3069 @@ -376,7 +377,7 @@ asmlinkage long sys_getpriority(int whic
3071 user = current->user;
3073 - user = find_user(who);
3074 + user = find_user(vx_current_xid(), who);
3078 @@ -617,7 +618,7 @@ static int set_user(uid_t new_ruid, int
3080 struct user_struct *new_user;
3082 - new_user = alloc_uid(new_ruid);
3083 + new_user = alloc_uid(vx_current_xid(), new_ruid);
3087 diff -NurpP --minimal linux-2.6.2-rc1/kernel/user.c linux-2.6.2-rc1-vs0.05.1/kernel/user.c
3088 --- linux-2.6.2-rc1/kernel/user.c Fri Jan 9 07:59:26 2004
3089 +++ linux-2.6.2-rc1-vs0.05.1/kernel/user.c Sat Jan 24 05:45:51 2004
3091 #define UIDHASH_BITS 8
3092 #define UIDHASH_SZ (1 << UIDHASH_BITS)
3093 #define UIDHASH_MASK (UIDHASH_SZ - 1)
3094 -#define __uidhashfn(uid) (((uid >> UIDHASH_BITS) + uid) & UIDHASH_MASK)
3095 -#define uidhashentry(uid) (uidhash_table + __uidhashfn((uid)))
3096 +#define __uidhashfn(xid,uid) ((((uid) >> UIDHASH_BITS) + ((uid)^(xid))) & UIDHASH_MASK)
3097 +#define uidhashentry(xid,uid) (uidhash_table + __uidhashfn((xid),(uid)))
3099 static kmem_cache_t *uid_cachep;
3100 static struct list_head uidhash_table[UIDHASH_SZ];
3101 @@ -46,7 +46,7 @@ static inline void uid_hash_remove(struc
3102 list_del(&up->uidhash_list);
3105 -static inline struct user_struct *uid_hash_find(uid_t uid, struct list_head *hashent)
3106 +static inline struct user_struct *uid_hash_find(xid_t xid, uid_t uid, struct list_head *hashent)
3108 struct list_head *up;
3110 @@ -55,7 +55,7 @@ static inline struct user_struct *uid_ha
3112 user = list_entry(up, struct user_struct, uidhash_list);
3114 - if(user->uid == uid) {
3115 + if(user->uid == uid && user->vx_id == xid) {
3116 atomic_inc(&user->__count);
3119 @@ -64,9 +64,9 @@ static inline struct user_struct *uid_ha
3123 -struct user_struct *find_user(uid_t uid)
3124 +struct user_struct *find_user(xid_t xid, uid_t uid)
3126 - return uid_hash_find(uid, uidhashentry(uid));
3127 + return uid_hash_find(xid, uid, uidhashentry(xid, uid));
3130 void free_uid(struct user_struct *up)
3131 @@ -78,13 +78,13 @@ void free_uid(struct user_struct *up)
3135 -struct user_struct * alloc_uid(uid_t uid)
3136 +struct user_struct * alloc_uid(xid_t xid, uid_t uid)
3138 - struct list_head *hashent = uidhashentry(uid);
3139 + struct list_head *hashent = uidhashentry(xid, uid);
3140 struct user_struct *up;
3142 spin_lock(&uidhash_lock);
3143 - up = uid_hash_find(uid, hashent);
3144 + up = uid_hash_find(xid, uid, hashent);
3145 spin_unlock(&uidhash_lock);
3148 @@ -94,6 +94,7 @@ struct user_struct * alloc_uid(uid_t uid
3153 atomic_set(&new->__count, 1);
3154 atomic_set(&new->processes, 0);
3155 atomic_set(&new->files, 0);
3156 @@ -103,7 +104,7 @@ struct user_struct * alloc_uid(uid_t uid
3157 * on adding the same user already..
3159 spin_lock(&uidhash_lock);
3160 - up = uid_hash_find(uid, hashent);
3161 + up = uid_hash_find(xid, uid, hashent);
3163 kmem_cache_free(uid_cachep, new);
3165 @@ -148,7 +149,7 @@ static int __init uid_cache_init(void)
3167 /* Insert the root user immediately (init already runs as root) */
3168 spin_lock(&uidhash_lock);
3169 - uid_hash_insert(&root_user, uidhashentry(0));
3170 + uid_hash_insert(&root_user, uidhashentry(0,0));
3171 spin_unlock(&uidhash_lock);
3174 diff -NurpP --minimal linux-2.6.2-rc1/kernel/vserver/Makefile linux-2.6.2-rc1-vs0.05.1/kernel/vserver/Makefile
3175 --- linux-2.6.2-rc1/kernel/vserver/Makefile Thu Jan 1 01:00:00 1970
3176 +++ linux-2.6.2-rc1-vs0.05.1/kernel/vserver/Makefile Sat Jan 24 06:36:45 2004
3179 +# Makefile for the Linux vserver routines.
3185 +vserver-y := switch.o context.o network.o inode.o limit.o signal.o
3187 +vserver-y += legacy.o
3189 diff -NurpP --minimal linux-2.6.2-rc1/kernel/vserver/context.c linux-2.6.2-rc1-vs0.05.1/kernel/vserver/context.c
3190 --- linux-2.6.2-rc1/kernel/vserver/context.c Thu Jan 1 01:00:00 1970
3191 +++ linux-2.6.2-rc1-vs0.05.1/kernel/vserver/context.c Sat Jan 24 06:04:27 2004
3194 + * linux/kernel/vserver/context.c
3196 + * Virtual Server: Context Support
3198 + * Copyright (C) 2003-2004 Herbert Pötzl
3200 + * V0.01 context helper
3201 + * V0.02 vx_ctx_kill syscall command
3202 + * V0.03 replaced context_info calls
3203 + * V0.04 redesign of struct (de)alloc
3204 + * V0.05 rlimit basic implementation
3208 +#include <linux/config.h>
3209 +//#include <linux/linkage.h>
3210 +#include <linux/utsname.h>
3211 +#include <linux/slab.h>
3212 +#include <linux/vserver/context.h>
3213 +//#include <linux/vswitch.h>
3214 +#include <linux/vinline.h>
3215 +//#include <linux/sched.h>
3216 +#include <linux/kernel_stat.h>
3218 +#include <asm/errno.h>
3219 +//#include <asm/uaccess.h>
3223 +/* system functions */
3226 +LIST_HEAD(vx_infos);
3228 +spinlock_t vxlist_lock
3229 + __cacheline_aligned_in_smp = SPIN_LOCK_UNLOCKED;
3233 + * struct vx_info allocation and deallocation
3236 +static struct vx_info *alloc_vx_info(int id)
3238 + struct vx_info *new = NULL;
3241 + vxdprintk("alloc_vx_info(%d)\n", id);
3242 + /* would this benefit from a slab cache? */
3243 + new = kmalloc(sizeof(struct vx_info), GFP_KERNEL);
3247 + memset (new, 0, sizeof(struct vx_info));
3249 + INIT_LIST_HEAD(&new->vx_list);
3250 + /* rest of init goes here */
3252 + for (lim=0; lim<RLIM_NLIMITS; lim++)
3253 + new->limit.rlim[lim] = RLIM_INFINITY;
3255 + /* scheduling; hard code starting values as constants */
3256 + new->sched.tokens_fr = 1;
3257 + new->sched.tokens_div = 4;
3258 + new->sched.tokens = HZ * 5;
3259 + new->sched.tokens_max = HZ * 10;
3260 + new->sched.tokens_jfy = jiffies;
3261 + new->sched.tokens_lock = SPIN_LOCK_UNLOCKED;
3263 + new->virt.nr_threads = 1;
3264 + // new->virt.bias_cswtch = kstat.context_swtch;
3265 + new->virt.bias_jiffies = jiffies;
3266 + /* new->virt.bias_idle = init_tasks[0]->times.tms_utime +
3267 + init_tasks[0]->times.tms_stime;
3269 + down_read(&uts_sem);
3270 + new->virt.utsname = system_utsname;
3271 + up_read(&uts_sem);
3273 + vxdprintk("alloc_vx_info(%d) = %p\n", id, new);
3277 +void free_vx_info(struct vx_info *vxi)
3279 + vxdprintk("free_vx_info(%p)\n", vxi);
3285 + * struct vx_info search by id
3286 + * assumes vxlist_lock is held
3289 +static __inline__ struct vx_info *__find_vx_info(int id)
3291 + struct vx_info *vxi;
3293 + list_for_each_entry(vxi, &vx_infos, vx_list)
3294 + if (vxi->vx_id == id)
3301 + * struct vx_info ref stuff
3304 +struct vx_info *find_vx_info(int id)
3306 + struct vx_info *vxi;
3308 + spin_lock(&vxlist_lock);
3309 + if ((vxi = __find_vx_info(id)))
3311 + spin_unlock(&vxlist_lock);
3317 + * struct vx_info search by id
3318 + * assumes vxlist_lock is held
3321 +static __inline__ xid_t __vx_dynamic_id(void)
3323 + static xid_t seq = MAX_S_CONTEXT;
3324 + xid_t barrier = seq;
3327 + if (++seq > MAX_S_CONTEXT)
3328 + seq = MIN_D_CONTEXT;
3329 + if (!__find_vx_info(seq))
3331 + } while (barrier != seq);
3336 +struct vx_info *find_or_create_vx_info(int id)
3338 + struct vx_info *new, *vxi = NULL;
3340 + vxdprintk("find_or_create_vx_info(%d)\n", id);
3341 + if (!(new = alloc_vx_info(id)))
3344 + spin_lock(&vxlist_lock);
3346 + /* dynamic context requested */
3347 + if (id == VX_DYNAMIC_ID) {
3348 + id = __vx_dynamic_id();
3350 + printk(KERN_ERR "no dynamic context available.\n");
3355 + /* existing context requested */
3356 + else if ((vxi = __find_vx_info(id))) {
3357 + vxdprintk("find_or_create_vx_info(%d) = %p (found)\n", id, vxi);
3362 + /* new context requested */
3363 + vxdprintk("find_or_create_vx_info(%d) = %p (new)\n", id, vxi);
3364 + atomic_set(&new->vx_refcount, 1);
3365 + list_add(&new->vx_list, &vx_infos);
3366 + vxi = new, new = NULL;
3369 + spin_unlock(&vxlist_lock);
3371 + free_vx_info(new);
3376 +#include <asm/uaccess.h>
3379 +int vc_task_xid(uint32_t id, void *data)
3381 + if (!vx_check(0, VX_ADMIN))
3398 +int vc_vx_info(uint32_t id, void *data)
3400 + struct vx_info *vxi;
3401 + struct vcmd_vx_info_v0 vc_data;
3403 + if (!vx_check(0, VX_ADMIN))
3405 + if (!capable(CAP_SYS_ADMIN) || !capable(CAP_SYS_RESOURCE))
3408 + vxi = find_vx_info(id);
3412 + if (copy_to_user (data, &vc_data, sizeof(vc_data)))
3418 +/* virtual host info names */
3420 +static char * vx_vhi_name(struct vx_info *vxi, int id)
3423 + case VHIN_CONTEXT:
3424 + return vxi->vx_name;
3425 + case VHIN_SYSNAME:
3426 + return vxi->virt.utsname.sysname;
3427 + case VHIN_NODENAME:
3428 + return vxi->virt.utsname.nodename;
3429 + case VHIN_RELEASE:
3430 + return vxi->virt.utsname.release;
3431 + case VHIN_VERSION:
3432 + return vxi->virt.utsname.version;
3433 + case VHIN_MACHINE:
3434 + return vxi->virt.utsname.machine;
3435 + case VHIN_DOMAINNAME:
3436 + return vxi->virt.utsname.domainname;
3442 +int vc_set_vhi_name(uint32_t id, void *data)
3444 + struct vx_info *vxi;
3445 + struct vcmd_vx_vhi_name_v0 vc_data;
3448 + if (!vx_check(0, VX_ADMIN))
3450 + if (!capable(CAP_SYS_ADMIN))
3452 + if (copy_from_user (&vc_data, data, sizeof(vc_data)))
3455 + vxi = find_vx_info(id);
3459 + name = vx_vhi_name(vxi, vc_data.field);
3461 + memcpy(name, vc_data.name, 65);
3463 + return (name ? 0 : -EFAULT);
3466 +int vc_get_vhi_name(uint32_t id, void *data)
3468 + struct vx_info *vxi;
3469 + struct vcmd_vx_vhi_name_v0 vc_data;
3472 + if (!vx_check(0, VX_ADMIN))
3474 + if (copy_from_user (&vc_data, data, sizeof(vc_data)))
3477 + vxi = find_vx_info(id);
3481 + name = vx_vhi_name(vxi, vc_data.field);
3485 + memcpy(vc_data.name, name, 65);
3486 + if (copy_to_user (data, &vc_data, sizeof(vc_data)))
3490 + return (name ? 0 : -EFAULT);
3495 diff -NurpP --minimal linux-2.6.2-rc1/kernel/vserver/inode.c linux-2.6.2-rc1-vs0.05.1/kernel/vserver/inode.c
3496 --- linux-2.6.2-rc1/kernel/vserver/inode.c Thu Jan 1 01:00:00 1970
3497 +++ linux-2.6.2-rc1-vs0.05.1/kernel/vserver/inode.c Sat Jan 24 07:54:13 2004
3500 + * linux/kernel/vserver/inode.c
3502 + * Virtual Server: File System Support
3504 + * Copyright (C) 2004 Herbert Pötzl
3506 + * V0.01 separated from vcontext V0.05
3510 +#include <linux/config.h>
3511 +//#include <linux/linkage.h>
3512 +//#include <linux/utsname.h>
3513 +//#include <linux/slab.h>
3514 +//#include <linux/vcontext.h>
3515 +//#include <linux/vswitch.h>
3516 +#include <linux/vinline.h>
3517 +#include <linux/fs.h>
3518 +#include <linux/proc_fs.h>
3519 +//#include <linux/kernel_stat.h>
3520 +#include <linux/vserver/inode.h>
3522 +#include <asm/errno.h>
3523 +#include <asm/uaccess.h>
3524 +//#include <asm/smplock.h>
3527 +int vc_get_iattr(uint32_t id, void *data)
3529 + struct super_block *sb;
3531 + struct vcmd_ctx_iattr_v0 vc_data;
3535 + if (!vx_check(0, VX_ADMIN))
3537 + if (copy_from_user (&vc_data, data, sizeof(vc_data)))
3541 + sb = get_super(to_kdev_t(id));
3544 + in = iget(sb, vc_data.ino);
3548 + vc_data.xid = in->i_xid;
3549 + vc_data.flags = IATTR_XID
3550 + | (IS_BARRIER(in) ? IATTR_BARRIER : 0)
3551 + | (IS_IUNLINK(in) ? IATTR_IUNLINK : 0);
3552 + vc_data.mask = IATTR_XID | IATTR_BARRIER | IATTR_IUNLINK;
3554 + if (sb->s_magic == PROC_SUPER_MAGIC) {
3555 + vc_data.flags |= (in->u.proc_i.vx_flags & IATTR_FLAGS);
3556 + vc_data.mask |= IATTR_FLAGS;
3560 + if (copy_to_user (data, &vc_data, sizeof(vc_data)))
3570 +int vc_set_iattr(uint32_t id, void *data)
3572 + struct super_block *sb;
3574 + struct vcmd_ctx_iattr_v0 vc_data;
3577 + if (!vx_check(0, VX_ADMIN))
3579 + if (!capable(CAP_SYS_ADMIN) || !capable(CAP_LINUX_IMMUTABLE))
3581 + if (copy_from_user (&vc_data, data, sizeof(vc_data)))
3585 + sb = get_super(to_kdev_t(id));
3590 + if ((vc_data.mask & IATTR_FLAGS) && (sb->s_magic != PROC_SUPER_MAGIC))
3594 + in = iget(sb, vc_data.ino);
3599 + if (vc_data.mask & IATTR_XID)
3600 + in->i_xid = vc_data.xid;
3602 + if (vc_data.mask & IATTR_FLAGS) {
3603 + unsigned int flags = in->u.proc_i.vx_flags;
3604 + unsigned int mask = vc_data.mask;
3606 + in->u.proc_i.vx_flags = (flags & ~(mask & IATTR_FLAGS))
3607 + | (vc_data.flags & IATTR_FLAGS);
3610 + if (vc_data.mask & IATTR_BARRIER)
3611 + in->i_flags = (in->i_flags & ~S_BARRIER)
3612 + | ((vc_data.flags & IATTR_BARRIER) ? S_BARRIER : 0);
3613 + if (vc_data.mask & IATTR_IUNLINK)
3614 + in->i_flags = (in->i_flags & ~S_IUNLINK)
3615 + | ((vc_data.flags & IATTR_IUNLINK) ? S_IUNLINK : 0);
3616 + mark_inode_dirty(in);
3628 +#include <linux/proc_fs.h>
3630 +int vx_proc_ioctl(struct inode * inode, struct file * filp,
3631 + unsigned int cmd, unsigned long arg)
3633 + struct proc_dir_entry *entry;
3637 + if (inode->i_ino < PROC_DYNAMIC_FIRST ||
3638 + inode->i_ino >= PROC_DYNAMIC_FIRST+PROC_NDYNAMIC)
3641 + entry = PROC_I(inode)->pde;
3644 + case FIOC_GETXFLG: {
3645 + /* fixme: if stealth, return -ENOTTY */
3647 + flags = entry->vx_flags;
3648 + if (capable(CAP_CONTEXT))
3649 + error = put_user(flags, (int *) arg);
3652 + case FIOC_SETXFLG: {
3653 + /* fixme: if stealth, return -ENOTTY */
3655 + if (!capable(CAP_CONTEXT))
3658 + if (IS_RDONLY(inode))
3661 + if (get_user(flags, (int *) arg))
3664 + entry->vx_flags = flags;
3673 diff -NurpP --minimal linux-2.6.2-rc1/kernel/vserver/legacy.c linux-2.6.2-rc1-vs0.05.1/kernel/vserver/legacy.c
3674 --- linux-2.6.2-rc1/kernel/vserver/legacy.c Thu Jan 1 01:00:00 1970
3675 +++ linux-2.6.2-rc1-vs0.05.1/kernel/vserver/legacy.c Sat Jan 24 05:14:16 2004
3678 + * linux/kernel/vserver/legacy.c
3680 + * Virtual Server: Legacy Funtions
3682 + * Copyright (C) 2001-2003 Jacques Gelinas
3683 + * Copyright (C) 2003-2004 Herbert Pötzl
3685 + * V0.01 broken out from vcontext.c V0.05
3689 +#include <linux/config.h>
3690 +//#include <linux/linkage.h>
3691 +//#include <linux/utsname.h>
3692 +//#include <linux/slab.h>
3693 +#include <linux/vserver/context.h>
3694 +#include <linux/vserver/legacy.h>
3695 +//#include <linux/vswitch.h>
3696 +#include <linux/vinline.h>
3697 +#include <linux/sched.h>
3698 +//#include <linux/kernel_stat.h>
3700 +#include <asm/errno.h>
3701 +#include <asm/uaccess.h>
3704 +static int vx_migrate_user(struct task_struct *p, struct vx_info *vxi)
3706 + struct user_struct *new_user, *old_user;
3710 + new_user = alloc_uid(vxi->vx_id, p->uid);
3714 + old_user = p->user;
3715 + if (new_user != old_user) {
3716 + atomic_inc(&new_user->processes);
3717 + atomic_dec(&old_user->processes);
3718 + p->user = new_user;
3720 + free_uid(old_user);
3725 + * migrate task to new context
3726 + * gets vxi, puts old_vxi on change
3729 +static int vx_migrate_task(struct task_struct *p, struct vx_info *vxi)
3731 + struct vx_info *old_vxi = task_get_vx_info(p);
3737 + vxdprintk("vx_migrate_task(%p,%p[#%d.%d)\n", p, vxi,
3738 + vxi->vx_id, atomic_read(&vxi->vx_refcount));
3739 + spin_lock(&p->alloc_lock);
3740 + if (old_vxi == vxi)
3743 + if (!(ret = vx_migrate_user(p, vxi))) {
3745 + old_vxi->virt.nr_threads--;
3746 + atomic_dec(&old_vxi->limit.res[RLIMIT_NPROC]);
3748 + vxi->virt.nr_threads++;
3749 + atomic_inc(&vxi->limit.res[RLIMIT_NPROC]);
3750 + p->vx_info = get_vx_info(vxi);
3751 + p->xid = vxi->vx_id;
3753 + put_vx_info(old_vxi);
3756 + spin_unlock(&p->alloc_lock);
3757 + put_vx_info(old_vxi);
3762 +static int vx_set_initpid(struct vx_info *vxi, int pid)
3765 + if (vxi->vx_initpid)
3768 + vxi->vx_initpid = pid;
3772 +int vc_new_s_context(uint32_t ctx, void *data)
3774 + int ret = -ENOMEM;
3775 + struct vcmd_new_s_context_v1 vc_data;
3776 + struct vx_info *new_vxi;
3778 + if (copy_from_user(&vc_data, data, sizeof(vc_data)))
3781 + /* legacy hack, will be removed soon */
3783 + /* assign flags and initpid */
3784 + if (!current->vx_info)
3787 + if (vc_data.flags & VX_INFO_INIT)
3788 + ret = vx_set_initpid(current->vx_info, current->tgid);
3790 + /* We keep the same vx_id, but lower the capabilities */
3791 + current->cap_bset &= (~vc_data.remove_cap);
3792 + ret = vx_current_xid();
3793 + current->vx_info->vx_flags |= vc_data.flags;
3798 + if (!vx_check(0, VX_ADMIN) ||
3799 + !capable(CAP_SYS_ADMIN) ||
3800 + (current->vx_info &&
3801 + (current->vx_info->vx_flags & VX_INFO_LOCK)))
3804 + if (((ctx > MAX_S_CONTEXT) && (ctx != VX_DYNAMIC_ID)) ||
3808 + if ((ctx == VX_DYNAMIC_ID) || (ctx < MIN_D_CONTEXT))
3809 + new_vxi = find_or_create_vx_info(ctx);
3811 + new_vxi = find_vx_info(ctx);
3816 + ret = vx_migrate_task(current, new_vxi);
3818 + current->cap_bset &= (~vc_data.remove_cap);
3819 + new_vxi->vx_flags |= vc_data.flags;
3820 + if (vc_data.flags & VX_INFO_INIT)
3821 + vx_set_initpid(new_vxi, current->tgid);
3822 + if (vc_data.flags & VX_INFO_NPROC)
3823 + new_vxi->limit.rlim[RLIMIT_NPROC] =
3824 + current->rlim[RLIMIT_NPROC].rlim_max;
3825 + ret = new_vxi->vx_id;
3827 + put_vx_info(new_vxi);
3833 +/* set ipv4 root (syscall) */
3835 +int vc_set_ipv4root(uint32_t nbip, void *data)
3837 + int i, err = -EPERM;
3838 + struct vcmd_set_ipv4root_v3 vc_data;
3839 + struct ip_info *new_ipi, *ipi = current->ip_info;
3841 + if (nbip < 0 || nbip > NB_IPV4ROOT)
3843 + if (copy_from_user (&vc_data, data, sizeof(vc_data)))
3846 + if (!ipi || ipi->ipv4[0] == 0 || capable(CAP_NET_ADMIN))
3847 + // We are allowed to change everything
3852 + // We are allowed to select a subset of the currently
3853 + // installed IP numbers. No new one allowed
3854 + // We can't change the broadcast address though
3855 + for (i=0; i<nbip; i++) {
3857 + __u32 ipip = vc_data.ip_mask_pair[i].ip;
3858 + for (j=0; j<ipi->nbipv4; j++) {
3859 + if (ipip == ipi->ipv4[j]) {
3865 + if ((found == nbip) &&
3866 + (vc_data.broadcast == ipi->v4_bcast))
3872 + new_ipi = create_ip_info();
3876 + new_ipi->nbipv4 = nbip;
3877 + for (i=0; i<nbip; i++) {
3878 + new_ipi->ipv4[i] = vc_data.ip_mask_pair[i].ip;
3879 + new_ipi->mask[i] = vc_data.ip_mask_pair[i].mask;
3881 + new_ipi->v4_bcast = vc_data.broadcast;
3882 + current->ip_info = new_ipi;
3888 diff -NurpP --minimal linux-2.6.2-rc1/kernel/vserver/limit.c linux-2.6.2-rc1-vs0.05.1/kernel/vserver/limit.c
3889 --- linux-2.6.2-rc1/kernel/vserver/limit.c Thu Jan 1 01:00:00 1970
3890 +++ linux-2.6.2-rc1-vs0.05.1/kernel/vserver/limit.c Sat Jan 24 05:54:03 2004
3893 + * linux/kernel/vserver/limit.c
3895 + * Virtual Server: Context Limits
3897 + * Copyright (C) 2004 Herbert Pötzl
3899 + * V0.01 broken out from vcontext V0.05
3903 +#include <linux/config.h>
3904 +//#include <linux/linkage.h>
3905 +//#include <linux/utsname.h>
3906 +//#include <linux/slab.h>
3907 +#include <linux/vserver/limit.h>
3908 +#include <linux/vserver/context.h>
3909 +#include <linux/vserver/switch.h>
3910 +#include <linux/vinline.h>
3911 +//#include <linux/sched.h>
3912 +//#include <linux/kernel_stat.h>
3914 +#include <asm/errno.h>
3915 +#include <asm/uaccess.h>
3918 +static int is_valid_rlimit(int id)
3923 + case RLIMIT_NPROC:
3932 +int vc_get_rlimit(uint32_t id, void *data)
3934 + struct vx_info *vxi;
3935 + struct vcmd_ctx_rlimit_v0 vc_data;
3937 + if (!vx_check(0, VX_ADMIN))
3939 + if (copy_from_user (&vc_data, data, sizeof(vc_data)))
3941 + if (!is_valid_rlimit(vc_data.id))
3944 + vxi = find_vx_info(id);
3948 + if (vc_data.maximum != CRLIM_KEEP)
3949 + vc_data.maximum = vxi->limit.rlim[vc_data.id];
3950 + vc_data.minimum = CRLIM_UNSET;
3951 + vc_data.softlimit = CRLIM_UNSET;
3954 + if (copy_to_user (data, &vc_data, sizeof(vc_data)))
3959 +int vc_set_rlimit(uint32_t id, void *data)
3961 + struct vx_info *vxi;
3962 + struct vcmd_ctx_rlimit_v0 vc_data;
3964 + if (!vx_check(0, VX_ADMIN))
3966 + if (!capable(CAP_SYS_ADMIN) || !capable(CAP_SYS_RESOURCE))
3968 + if (copy_from_user (&vc_data, data, sizeof(vc_data)))
3970 + if (!is_valid_rlimit(vc_data.id))
3973 + vxi = find_vx_info(id);
3977 + if (vc_data.maximum != CRLIM_KEEP)
3978 + vxi->limit.rlim[vc_data.id] = vc_data.maximum;
3979 + printk("setting [%d] = %d\n", vc_data.id, (int)vc_data.maximum);
3985 +int vc_get_rlimit_mask(uint32_t id, void *data)
3987 + static struct vcmd_ctx_rlimit_mask_v0 mask = {
3993 + (1 << RLIMIT_NPROC) |
3994 + (1 << RLIMIT_AS) |
3998 + if (!vx_check(0, VX_ADMIN))
4000 + if (!capable(CAP_SYS_ADMIN) || !capable(CAP_SYS_RESOURCE))
4002 + if (copy_to_user(data, &mask, sizeof(mask)))
4008 diff -NurpP --minimal linux-2.6.2-rc1/kernel/vserver/network.c linux-2.6.2-rc1-vs0.05.1/kernel/vserver/network.c
4009 --- linux-2.6.2-rc1/kernel/vserver/network.c Thu Jan 1 01:00:00 1970
4010 +++ linux-2.6.2-rc1-vs0.05.1/kernel/vserver/network.c Sat Jan 24 05:46:08 2004
4013 + * linux/kernel/vserver/network.c
4015 + * Virtual Server: Network Support
4017 + * Copyright (C) 2003-2004 Herbert Pötzl
4019 + * V0.01 broken out from vcontext V0.05
4020 + * V0.05 rlimit basic implementation
4024 +#include <linux/config.h>
4025 +//#include <linux/linkage.h>
4026 +//#include <linux/utsname.h>
4027 +#include <linux/slab.h>
4028 +#include <linux/vserver/network.h>
4029 +//#include <linux/vswitch.h>
4030 +#include <linux/vinline.h>
4031 +//#include <linux/sched.h>
4032 +//#include <linux/kernel_stat.h>
4034 +#include <asm/errno.h>
4035 +//#include <asm/uaccess.h>
4039 +LIST_HEAD(ip_infos);
4041 +spinlock_t iplist_lock
4042 + __cacheline_aligned_in_smp = SPIN_LOCK_UNLOCKED;
4046 + * struct ip_info allocation and deallocation
4049 +static struct ip_info *alloc_ip_info(void)
4051 + struct ip_info *new = NULL;
4053 + vxdprintk("alloc_ip_info()\n");
4054 + /* would this benefit from a slab cache? */
4055 + new = kmalloc(sizeof(struct ip_info), GFP_KERNEL);
4059 + memset (new, 0, sizeof(struct ip_info));
4060 + /* rest of init goes here */
4063 + vxdprintk("alloc_ip_info() = %p\n", new);
4067 +// extern int ip_proc_destroy(struct ip_info *);
4069 +void free_ip_info(struct ip_info *ipi)
4071 + vxdprintk("free_ip_info(%p)\n", ipi);
4072 +// ip_proc_destroy(ipi);
4076 +struct ip_info *create_ip_info(void)
4078 + struct ip_info *new;
4080 + vxdprintk("create_ip_info()\n");
4081 + if (!(new = alloc_ip_info()))
4084 + spin_lock(&iplist_lock);
4087 + atomic_set(&new->ip_refcount, 1);
4088 + list_add(&new->ip_list, &ip_infos);
4089 +// ip_proc_create(new);
4091 + spin_unlock(&iplist_lock);
4095 diff -NurpP --minimal linux-2.6.2-rc1/kernel/vserver/signal.c linux-2.6.2-rc1-vs0.05.1/kernel/vserver/signal.c
4096 --- linux-2.6.2-rc1/kernel/vserver/signal.c Thu Jan 1 01:00:00 1970
4097 +++ linux-2.6.2-rc1-vs0.05.1/kernel/vserver/signal.c Sat Jan 24 06:37:18 2004
4100 + * linux/kernel/vserver/signal.c
4102 + * Virtual Server: Signal Support
4104 + * Copyright (C) 2003-2004 Herbert Pötzl
4106 + * V0.01 broken out from vcontext V0.05
4110 +#include <linux/config.h>
4111 +#include <linux/sched.h>
4113 +#include <asm/errno.h>
4114 +#include <asm/uaccess.h>
4116 +#include <linux/vinline.h>
4117 +#include <linux/vserver/signal.h>
4120 +int vc_ctx_kill(uint32_t id, void *data)
4122 + int retval, count=0;
4123 + struct vcmd_ctx_kill_v0 vc_data;
4124 + struct siginfo info;
4125 + struct task_struct *p;
4126 + struct vx_info *vxi;
4128 + if (!vx_check(0, VX_ADMIN))
4130 + if (copy_from_user (&vc_data, data, sizeof(vc_data)))
4133 + info.si_signo = vc_data.sig;
4134 + info.si_errno = 0;
4135 + info.si_code = SI_USER;
4136 + info.si_pid = current->pid;
4137 + info.si_uid = current->uid;
4139 + vxi = find_vx_info(id);
4144 + read_lock(&tasklist_lock);
4145 + switch (vc_data.pid) {
4148 + for_each_process(p) {
4151 + if (vx_task_xid(p) != id || p->pid <= 1 ||
4152 + (vc_data.pid && vxi->vx_initpid == p->pid) ||
4153 + !thread_group_leader(p))
4156 + err = send_sig_info(vc_data.sig, &info, p);
4158 + if (err != -EPERM)
4164 + p = find_task_by_pid(vc_data.pid);
4166 + if (!thread_group_leader(p)) {
4167 + struct task_struct *tg;
4169 + tg = find_task_by_pid(p->tgid);
4173 + if ((id == -1) || (vx_task_xid(p) == id))
4174 + retval = send_sig_info(vc_data.sig, &info, p);
4178 + read_unlock(&tasklist_lock);
4184 diff -NurpP --minimal linux-2.6.2-rc1/kernel/vserver/switch.c linux-2.6.2-rc1-vs0.05.1/kernel/vserver/switch.c
4185 --- linux-2.6.2-rc1/kernel/vserver/switch.c Thu Jan 1 01:00:00 1970
4186 +++ linux-2.6.2-rc1-vs0.05.1/kernel/vserver/switch.c Sat Jan 24 05:14:16 2004
4189 + * linux/kernel/vserver/switch.c
4191 + * Virtual Server: Syscall Switch
4193 + * Copyright (C) 2003-2004 Herbert Pötzl
4195 + * V0.01 syscall switch
4196 + * V0.02 added signal to context
4197 + * V0.03 added rlimit functions
4198 + * V0.04 added iattr, task/xid functions
4202 +#include <linux/config.h>
4203 +#include <linux/linkage.h>
4204 +#include <asm/errno.h>
4206 +#include <linux/vserver/switch.h>
4210 +vc_get_version(uint32_t id)
4212 + return VCI_VERSION;
4216 +#include <linux/vserver/legacy.h>
4217 +#include <linux/vserver/context.h>
4218 +#include <linux/vserver/network.h>
4219 +#include <linux/vserver/limit.h>
4220 +#include <linux/vserver/inode.h>
4221 +#include <linux/vserver/signal.h>
4223 +extern asmlinkage int
4224 +sys_vserver(uint32_t cmd, uint32_t id, void *data)
4226 + int ret = -ENOTSUP;
4229 + case VCMD_get_version:
4230 + ret = vc_get_version(id);
4233 + case VCMD_new_s_context:
4234 + ret = vc_new_s_context(id, data);
4236 + case VCMD_set_ipv4root:
4237 + ret = vc_set_ipv4root(id, data);
4240 + case VCMD_get_rlimit:
4241 + ret = vc_get_rlimit(id, data);
4243 + case VCMD_set_rlimit:
4244 + ret = vc_set_rlimit(id, data);
4246 + case VCMD_get_rlimit_mask:
4247 + ret = vc_get_rlimit_mask(id, data);
4250 + case VCMD_ctx_kill:
4251 + ret = vc_ctx_kill(id, data);
4254 + case VCMD_get_iattr:
4255 + ret = vc_get_iattr(id, data);
4257 + case VCMD_set_iattr:
4258 + ret = vc_set_iattr(id, data);
4261 + case VCMD_task_xid:
4262 + ret = vc_task_xid(id, data);
4264 + case VCMD_vx_info:
4265 + ret = vc_vx_info(id, data);
4272 diff -NurpP --minimal linux-2.6.2-rc1/net/ipv4/af_inet.c linux-2.6.2-rc1-vs0.05.1/net/ipv4/af_inet.c
4273 --- linux-2.6.2-rc1/net/ipv4/af_inet.c Sat Jan 24 03:18:20 2004
4274 +++ linux-2.6.2-rc1-vs0.05.1/net/ipv4/af_inet.c Sat Jan 24 05:46:08 2004
4275 @@ -158,6 +158,10 @@ void inet_sock_destruct(struct sock *sk)
4280 + /* reordering required? */
4281 + put_ip_info(sk->sk_ip_info);
4282 + sk->sk_ip_info = NULL;
4283 dst_release(sk->sk_dst_cache);
4284 #ifdef INET_REFCNT_DEBUG
4285 atomic_dec(&inet_sock_nr);
4286 @@ -397,6 +401,9 @@ static int inet_create(struct socket *so
4287 sk->sk_family = PF_INET;
4288 sk->sk_protocol = protocol;
4289 sk->sk_backlog_rcv = sk->sk_prot->backlog_rcv;
4291 + sk->sk_xid = vx_current_xid();
4292 + sk->sk_ip_info = NULL;
4296 @@ -476,6 +483,10 @@ int inet_bind(struct socket *sock, struc
4297 unsigned short snum;
4300 + __u32 s_addr; /* Address used for validation */
4302 + __u32 s_addr2 = 0xffffffffl; /* Optional address of the socket */
4303 + struct ip_info *ip_info;
4305 /* If the socket has its own bind function then use it. (RAW) */
4306 if (sk->sk_prot->bind) {
4307 @@ -486,7 +497,37 @@ int inet_bind(struct socket *sock, struc
4308 if (addr_len < sizeof(struct sockaddr_in))
4311 - chk_addr_ret = inet_addr_type(addr->sin_addr.s_addr);
4312 + s_addr = s_addr1 = addr->sin_addr.s_addr;
4313 + ip_info = current->ip_info;
4315 + __u32 v4_bcast = ip_info->v4_bcast;
4316 + __u32 ipv4root = ip_info->ipv4[0];
4317 + int nbipv4 = ip_info->nbipv4;
4318 + if (s_addr == 0) {
4319 + s_addr = ipv4root;
4323 + s_addr1 = ipv4root;
4326 + s_addr2 = v4_bcast;
4327 + } else if (s_addr == 0x0100007f) {
4328 + s_addr = s_addr1 = ipv4root;
4330 + } else if (s_addr != v4_bcast
4331 + && s_addr != ipv4root) {
4333 + for (i=0; i<nbipv4; i++) {
4334 + if (s_addr == ip_info->ipv4[i])
4338 + return -EADDRNOTAVAIL;
4342 + chk_addr_ret = inet_addr_type(s_addr);
4344 /* Not specified by any standard per-se, however it breaks too
4345 * many applications when removed. It is unfortunate since
4346 @@ -498,7 +539,7 @@ int inet_bind(struct socket *sock, struc
4347 err = -EADDRNOTAVAIL;
4348 if (!sysctl_ip_nonlocal_bind &&
4350 - addr->sin_addr.s_addr != INADDR_ANY &&
4351 + s_addr != INADDR_ANY &&
4352 chk_addr_ret != RTN_LOCAL &&
4353 chk_addr_ret != RTN_MULTICAST &&
4354 chk_addr_ret != RTN_BROADCAST)
4355 @@ -523,13 +564,18 @@ int inet_bind(struct socket *sock, struc
4356 if (sk->sk_state != TCP_CLOSE || inet->num)
4357 goto out_release_sock;
4359 - inet->rcv_saddr = inet->saddr = addr->sin_addr.s_addr;
4360 + inet->rcv_saddr = inet->saddr = s_addr1;
4361 + inet->rcv_saddr2 = s_addr2;
4362 + sk->sk_ip_info = get_ip_info(ip_info);
4364 if (chk_addr_ret == RTN_MULTICAST || chk_addr_ret == RTN_BROADCAST)
4365 inet->saddr = 0; /* Use device */
4367 /* Make sure we are allowed to bind here. */
4368 if (sk->sk_prot->get_port(sk, snum)) {
4369 inet->saddr = inet->rcv_saddr = 0;
4370 + sk->sk_ip_info = NULL;
4371 + put_ip_info(ip_info);
4373 goto out_release_sock;
4375 diff -NurpP --minimal linux-2.6.2-rc1/net/ipv4/devinet.c linux-2.6.2-rc1-vs0.05.1/net/ipv4/devinet.c
4376 --- linux-2.6.2-rc1/net/ipv4/devinet.c Sat Jan 24 03:18:20 2004
4377 +++ linux-2.6.2-rc1-vs0.05.1/net/ipv4/devinet.c Sat Jan 24 05:46:08 2004
4378 @@ -487,6 +487,33 @@ static __inline__ int inet_abc_len(u32 a
4383 + Check that a device is not member of the ipv4root assigned to the process
4384 + Return true if this is the case
4386 + If the process is not bound to specific IP, then it returns 0 (all
4387 + interface are fine).
4389 +static int devinet_notiproot (struct in_ifaddr *ifa)
4392 + struct ip_info *info = current->ip_info;
4394 + if (info && !vx_check(0, VX_ADMIN)) {
4396 + int nbip = info->nbipv4;
4397 + __u32 addr = ifa->ifa_local;
4399 + for (i=0; i<nbip; i++) {
4400 + if(info->ipv4[i] == addr) {
4410 int devinet_ioctl(unsigned int cmd, void *arg)
4412 @@ -594,6 +621,8 @@ int devinet_ioctl(unsigned int cmd, void
4413 ret = -EADDRNOTAVAIL;
4414 if (!ifa && cmd != SIOCSIFADDR && cmd != SIOCSIFFLAGS)
4416 + if (ifa != NULL && devinet_notiproot(ifa))
4420 case SIOCGIFADDR: /* Get interface address */
4421 @@ -723,6 +752,8 @@ static int inet_gifconf(struct net_devic
4424 for (; ifa; ifa = ifa->ifa_next) {
4425 + if (devinet_notiproot(ifa))
4428 done += sizeof(ifr);
4430 @@ -980,6 +1011,8 @@ static int inet_dump_ifaddr(struct sk_bu
4431 read_lock(&in_dev->lock);
4432 for (ifa = in_dev->ifa_list, ip_idx = 0; ifa;
4433 ifa = ifa->ifa_next, ip_idx++) {
4434 + if (devinet_notiproot(ifa))
4436 if (ip_idx < s_ip_idx)
4438 if (inet_fill_ifaddr(skb, ifa, NETLINK_CB(cb->skb).pid,
4439 diff -NurpP --minimal linux-2.6.2-rc1/net/ipv4/raw.c linux-2.6.2-rc1-vs0.05.1/net/ipv4/raw.c
4440 --- linux-2.6.2-rc1/net/ipv4/raw.c Sat Jan 24 03:18:20 2004
4441 +++ linux-2.6.2-rc1-vs0.05.1/net/ipv4/raw.c Sat Jan 24 05:46:08 2004
4442 @@ -102,6 +102,38 @@ static void raw_v4_unhash(struct sock *s
4443 write_unlock_bh(&raw_v4_lock);
4448 + Check if an address is in the list
4450 +static inline int raw_addr_in_list (
4454 + struct ip_info *ip_info)
4457 + if (loc_addr != 0 &&
4458 + (rcv_saddr1 == loc_addr || rcv_saddr2 == loc_addr))
4460 + else if (rcv_saddr1 == 0) {
4461 + /* Accept any address or only the one in the list */
4462 + if (ip_info == NULL)
4465 + int n = ip_info->nbipv4;
4467 + for (i=0; i<n; i++) {
4468 + if (ip_info->ipv4[i] == loc_addr) {
4478 struct sock *__raw_v4_lookup(struct sock *sk, unsigned short num,
4479 unsigned long raddr, unsigned long laddr,
4481 @@ -113,7 +145,8 @@ struct sock *__raw_v4_lookup(struct sock
4483 if (inet->num == num &&
4484 !(inet->daddr && inet->daddr != raddr) &&
4485 - !(inet->rcv_saddr && inet->rcv_saddr != laddr) &&
4486 + raw_addr_in_list(inet->rcv_saddr, inet->rcv_saddr2,
4487 + laddr, sk->sk_ip_info) &&
4488 !(sk->sk_bound_dev_if && sk->sk_bound_dev_if != dif))
4489 goto found; /* gotcha */
4491 @@ -687,7 +720,8 @@ static struct sock *raw_get_first(struct
4492 struct hlist_node *node;
4494 sk_for_each(sk, node, &raw_v4_htable[state->bucket])
4495 - if (sk->sk_family == PF_INET)
4496 + if (sk->sk_family == PF_INET &&
4497 + vx_check(sk->sk_xid, VX_WATCH|VX_IDENT))
4501 diff -NurpP --minimal linux-2.6.2-rc1/net/ipv4/tcp_ipv4.c linux-2.6.2-rc1-vs0.05.1/net/ipv4/tcp_ipv4.c
4502 --- linux-2.6.2-rc1/net/ipv4/tcp_ipv4.c Fri Jan 9 07:59:19 2004
4503 +++ linux-2.6.2-rc1-vs0.05.1/net/ipv4/tcp_ipv4.c Sat Jan 24 05:46:08 2004
4504 @@ -179,9 +179,52 @@ void tcp_bind_hash(struct sock *sk, stru
4505 tcp_sk(sk)->bind_hash = tb;
4509 + Return 1 if addr match the socket IP list
4510 + or the socket is INADDR_ANY
4512 +static inline int tcp_in_list (struct sock *sk, u32 addr)
4514 + struct ip_info *ip_info = sk->sk_ip_info;
4517 + int n = ip_info->nbipv4;
4520 + for (i=0; i<n; i++)
4521 + if (ip_info->ipv4[i] == addr)
4524 + else if (!tcp_v4_rcv_saddr(sk) || tcp_v4_rcv_saddr(sk) == addr)
4530 + Check if the addresses in sk1 conflict with those in sk2
4532 +int tcp_ipv4_addr_conflict (struct sock *sk1, struct sock *sk2)
4534 + if (tcp_v4_rcv_saddr(sk1)) {
4535 + /* Bind to one address only */
4536 + return tcp_in_list (sk2, tcp_v4_rcv_saddr(sk1));
4537 + } else if (sk1->sk_ip_info) {
4538 + /* A restricted bind(any) */
4539 + struct ip_info *ip_info = sk1->sk_ip_info;
4540 + int n = ip_info->nbipv4;
4543 + for (i=0; i<n; i++)
4544 + if (tcp_in_list (sk2, ip_info->ipv4[i]))
4546 + } else /* A bind(any) do not allow other bind on the same port */
4551 static inline int tcp_bind_conflict(struct sock *sk, struct tcp_bind_bucket *tb)
4553 - const u32 sk_rcv_saddr = tcp_v4_rcv_saddr(sk);
4554 +// const u32 sk_rcv_saddr = tcp_v4_rcv_saddr(sk);
4556 struct hlist_node *node;
4557 int reuse = sk->sk_reuse;
4558 @@ -194,9 +237,8 @@ static inline int tcp_bind_conflict(stru
4559 sk->sk_bound_dev_if == sk2->sk_bound_dev_if)) {
4560 if (!reuse || !sk2->sk_reuse ||
4561 sk2->sk_state == TCP_LISTEN) {
4562 - const u32 sk2_rcv_saddr = tcp_v4_rcv_saddr(sk2);
4563 - if (!sk2_rcv_saddr || !sk_rcv_saddr ||
4564 - sk2_rcv_saddr == sk_rcv_saddr)
4565 +// const u32 sk2_rcv_saddr = tcp_v4_rcv_saddr(sk2);
4566 + if (tcp_ipv4_addr_conflict(sk, sk2))
4570 @@ -405,6 +447,34 @@ void tcp_unhash(struct sock *sk)
4571 wake_up(&tcp_lhash_wait);
4575 + Check if an address is in the list
4577 +static inline int tcp_addr_in_list (
4580 + struct ip_info *ip_info)
4582 + if (rcv_saddr == daddr)
4584 + else if (rcv_saddr == 0) {
4585 + /* Accept any address or check the list */
4589 + int n = ip_info->nbipv4;
4592 + for (i=0; i<n; i++)
4593 + if (ip_info->ipv4[i] == daddr)
4602 /* Don't inline this cruft. Here are some nice properties to
4603 * exploit here. The BSD API does not allow a listening TCP
4604 * to specify the remote port nor the remote address for the
4605 @@ -426,11 +496,10 @@ static struct sock *__tcp_v4_lookup_list
4606 __u32 rcv_saddr = inet->rcv_saddr;
4608 score = (sk->sk_family == PF_INET ? 1 : 0);
4610 - if (rcv_saddr != daddr)
4612 + if (tcp_addr_in_list(rcv_saddr, daddr, sk->sk_ip_info))
4617 if (sk->sk_bound_dev_if) {
4618 if (sk->sk_bound_dev_if != dif)
4620 @@ -460,8 +529,8 @@ inline struct sock *tcp_v4_lookup_listen
4621 struct inet_opt *inet = inet_sk((sk = __sk_head(head)));
4623 if (inet->num == hnum && !sk->sk_node.next &&
4624 - (!inet->rcv_saddr || inet->rcv_saddr == daddr) &&
4625 (sk->sk_family == PF_INET || !ipv6_only_sock(sk)) &&
4626 + tcp_addr_in_list(inet->rcv_saddr, daddr, sk->sk_ip_info) &&
4627 !sk->sk_bound_dev_if)
4629 sk = __tcp_v4_lookup_listener(head, daddr, hnum, dif);
4630 diff -NurpP --minimal linux-2.6.2-rc1/net/ipv4/tcp_minisocks.c linux-2.6.2-rc1-vs0.05.1/net/ipv4/tcp_minisocks.c
4631 --- linux-2.6.2-rc1/net/ipv4/tcp_minisocks.c Fri Jan 9 07:59:55 2004
4632 +++ linux-2.6.2-rc1-vs0.05.1/net/ipv4/tcp_minisocks.c Sat Jan 24 05:46:08 2004
4633 @@ -362,6 +362,9 @@ void tcp_time_wait(struct sock *sk, int
4634 tw->tw_ts_recent_stamp = tp->ts_recent_stamp;
4635 tw_dead_node_init(tw);
4637 + tw->tw_xid = sk->sk_xid;
4638 + tw->tw_ip_info = NULL;
4640 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
4641 if (tw->tw_family == PF_INET6) {
4642 struct ipv6_pinfo *np = inet6_sk(sk);
4643 @@ -686,6 +689,7 @@ struct sock *tcp_create_openreq_child(st
4644 struct sk_filter *filter;
4646 memcpy(newsk, sk, sizeof(struct tcp_sock));
4647 + newsk->sk_ip_info = get_ip_info(sk->sk_ip_info);
4648 newsk->sk_state = TCP_SYN_RECV;
4651 diff -NurpP --minimal linux-2.6.2-rc1/net/ipv4/udp.c linux-2.6.2-rc1-vs0.05.1/net/ipv4/udp.c
4652 --- linux-2.6.2-rc1/net/ipv4/udp.c Sat Jan 24 03:18:20 2004
4653 +++ linux-2.6.2-rc1-vs0.05.1/net/ipv4/udp.c Sat Jan 24 05:46:08 2004
4654 @@ -120,6 +120,9 @@ rwlock_t udp_hash_lock = RW_LOCK_UNLOCKE
4655 /* Shared by v4/v6 udp. */
4658 +int tcp_ipv4_addr_conflict (struct sock *sk1, struct sock *sk2);
4661 static int udp_v4_get_port(struct sock *sk, unsigned short snum)
4663 struct hlist_node *node;
4664 @@ -179,9 +182,7 @@ gotit:
4665 (!sk2->sk_bound_dev_if ||
4666 !sk->sk_bound_dev_if ||
4667 sk2->sk_bound_dev_if == sk->sk_bound_dev_if) &&
4668 - (!inet2->rcv_saddr ||
4669 - !inet->rcv_saddr ||
4670 - inet2->rcv_saddr == inet->rcv_saddr) &&
4671 + tcp_ipv4_addr_conflict(sk2, sk) &&
4672 (!sk2->sk_reuse || !sk->sk_reuse))
4675 @@ -216,6 +217,17 @@ static void udp_v4_unhash(struct sock *s
4676 write_unlock_bh(&udp_hash_lock);
4679 +static int udp_in_list (struct ip_info *ip_info, u32 addr)
4681 + int n = ip_info->nbipv4;
4684 + for (i=0; i<n; i++)
4685 + if (ip_info->ipv4[i] == addr)
4690 /* UDP is nearly always wildcards out the wazoo, it makes no sense to try
4691 * harder than this. -DaveM
4693 @@ -235,6 +247,11 @@ struct sock *udp_v4_lookup_longway(u32 s
4694 if (inet->rcv_saddr != daddr)
4697 + } else if (sk->sk_ip_info) {
4698 + if (udp_in_list(sk->sk_ip_info, daddr))
4704 if (inet->daddr != saddr)
4705 @@ -290,7 +307,8 @@ static inline struct sock *udp_v4_mcast_
4706 if (inet->num != hnum ||
4707 (inet->daddr && inet->daddr != rmt_addr) ||
4708 (inet->dport != rmt_port && inet->dport) ||
4709 - (inet->rcv_saddr && inet->rcv_saddr != loc_addr) ||
4710 + (inet->rcv_saddr && inet->rcv_saddr != loc_addr &&
4711 + inet->rcv_saddr2 && inet->rcv_saddr2 != loc_addr) ||
4712 ipv6_only_sock(s) ||
4713 (s->sk_bound_dev_if && s->sk_bound_dev_if != dif))
4715 @@ -599,6 +617,18 @@ int udp_sendmsg(struct kiocb *iocb, stru
4717 { .sport = inet->sport,
4718 .dport = dport } } };
4719 + struct ip_info *ip_info = current->ip_info;
4721 + if (ip_info != NULL) {
4722 + __u32 ipv4root = ip_info->ipv4[0];
4724 + if (daddr == 0x0100007f &&
4725 + !vx_check(0, VX_ADMIN))
4727 + if (fl.nl_u.ip4_u.saddr == 0)
4728 + fl.nl_u.ip4_u.saddr = ipv4root;
4731 err = ip_route_output_flow(&rt, &fl, sk, !(msg->msg_flags&MSG_DONTWAIT));
4734 diff -NurpP --minimal linux-2.6.2-rc1/net/unix/af_unix.c linux-2.6.2-rc1-vs0.05.1/net/unix/af_unix.c
4735 --- linux-2.6.2-rc1/net/unix/af_unix.c Sat Jan 24 03:18:22 2004
4736 +++ linux-2.6.2-rc1-vs0.05.1/net/unix/af_unix.c Sat Jan 24 05:46:08 2004
4738 #include <linux/mount.h>
4739 #include <net/checksum.h>
4740 #include <linux/security.h>
4741 +#include <linux/vinline.h>
4743 int sysctl_unix_max_dgram_qlen = 10;
4745 @@ -480,6 +481,7 @@ static struct sock * unix_create1(struct
4746 sock_init_data(sock,sk);
4747 sk_set_owner(sk, THIS_MODULE);
4749 + sk->sk_xid = vx_current_xid();
4750 sk->sk_write_space = unix_write_space;
4751 sk->sk_max_ack_backlog = sysctl_unix_max_dgram_qlen;
4752 sk->sk_destruct = unix_sock_destructor;
4753 diff -NurpP --minimal linux-2.6.2-rc1/security/commoncap.c linux-2.6.2-rc1-vs0.05.1/security/commoncap.c
4754 --- linux-2.6.2-rc1/security/commoncap.c Sat Jan 24 03:18:22 2004
4755 +++ linux-2.6.2-rc1-vs0.05.1/security/commoncap.c Sat Jan 24 07:15:57 2004
4756 @@ -125,7 +125,7 @@ void cap_bprm_compute_creds (struct linu
4757 /* Derived from fs/exec.c:compute_creds. */
4758 kernel_cap_t new_permitted, working;
4760 - new_permitted = cap_intersect (bprm->cap_permitted, cap_bset);
4761 + new_permitted = cap_intersect (bprm->cap_permitted, current->cap_bset);
4762 working = cap_intersect (bprm->cap_inheritable,
4763 current->cap_inheritable);
4764 new_permitted = cap_combine (new_permitted, working);