/[vps]/vserver-sources/2.0.2_rc17/4410_vs2.0.2-rc17.patch
Gentoo

Contents of /vserver-sources/2.0.2_rc17/4410_vs2.0.2-rc17.patch

Parent Directory Parent Directory | Revision Log Revision Log

Revision 330 - (show annotations) (download)
Wed Apr 19 13:02:43 2006 UTC (7 years, 1 month ago) by phreak
File size: 619218 byte(s) 
Adding 2.0.2_rc17 and 2.1.1_rc17 (incl. cq0.01 and lo0.03 for 2.1.1)
1 Index: vserver-sources-2.6.16_2.0.2/Makefile
2 ===================================================================
3 --- vserver-sources-2.6.16_2.0.2.orig/Makefile
4 +++ vserver-sources-2.6.16_2.0.2/Makefile
5 @@ -1,7 +1,7 @@
6 VERSION = 2
7 PATCHLEVEL = 6
8 SUBLEVEL = 16
9 -EXTRAVERSION =
10 +EXTRAVERSION = -vs2.0.2-rc17-gentoo
11 NAME=Sliding Snow Leopard
12
13 # *DOCUMENTATION*
14 Index: vserver-sources-2.6.16_2.0.2/arch/alpha/Kconfig
15 ===================================================================
16 --- vserver-sources-2.6.16_2.0.2.orig/arch/alpha/Kconfig
17 +++ vserver-sources-2.6.16_2.0.2/arch/alpha/Kconfig
18 @@ -645,6 +645,8 @@ source "arch/alpha/oprofile/Kconfig"
19
20 source "arch/alpha/Kconfig.debug"
21
22 +source "kernel/vserver/Kconfig"
23 +
24 source "security/Kconfig"
25
26 source "crypto/Kconfig"
27 Index: vserver-sources-2.6.16_2.0.2/arch/alpha/kernel/entry.S
28 ===================================================================
29 --- vserver-sources-2.6.16_2.0.2.orig/arch/alpha/kernel/entry.S
30 +++ vserver-sources-2.6.16_2.0.2/arch/alpha/kernel/entry.S
31 @@ -874,24 +874,15 @@ sys_getxgid:
32 .globl sys_getxpid
33 .ent sys_getxpid
34 sys_getxpid:
35 + lda $sp, -16($sp)
36 + stq $26, 0($sp)
37 .prologue 0
38 - ldq $2, TI_TASK($8)
39
40 - /* See linux/kernel/timer.c sys_getppid for discussion
41 - about this loop. */
42 - ldq $3, TASK_GROUP_LEADER($2)
43 - ldq $4, TASK_REAL_PARENT($3)
44 - ldl $0, TASK_TGID($2)
45 -1: ldl $1, TASK_TGID($4)
46 -#ifdef CONFIG_SMP
47 - mov $4, $5
48 - mb
49 - ldq $3, TASK_GROUP_LEADER($2)
50 - ldq $4, TASK_REAL_PARENT($3)
51 - cmpeq $4, $5, $5
52 - beq $5, 1b
53 -#endif
54 - stq $1, 80($sp)
55 + lda $16, 96($sp)
56 + jsr $26, do_getxpid
57 + ldq $26, 0($sp)
58 +
59 + lda $sp, 16($sp)
60 ret
61 .end sys_getxpid
62
63 Index: vserver-sources-2.6.16_2.0.2/arch/alpha/kernel/ptrace.c
64 ===================================================================
65 --- vserver-sources-2.6.16_2.0.2.orig/arch/alpha/kernel/ptrace.c
66 +++ vserver-sources-2.6.16_2.0.2/arch/alpha/kernel/ptrace.c
67 @@ -15,6 +15,7 @@
68 #include <linux/slab.h>
69 #include <linux/security.h>
70 #include <linux/signal.h>
71 +#include <linux/vs_cvirt.h>
72
73 #include <asm/uaccess.h>
74 #include <asm/pgtable.h>
75 @@ -283,6 +284,11 @@ do_sys_ptrace(long request, long pid, lo
76 goto out_notsk;
77 }
78
79 + if (!vx_check(vx_task_xid(child), VX_WATCH|VX_IDENT)) {
80 + ret = -EPERM;
81 + goto out;
82 + }
83 +
84 if (request == PTRACE_ATTACH) {
85 ret = ptrace_attach(child);
86 goto out;
87 Index: vserver-sources-2.6.16_2.0.2/arch/alpha/kernel/systbls.S
88 ===================================================================
89 --- vserver-sources-2.6.16_2.0.2.orig/arch/alpha/kernel/systbls.S
90 +++ vserver-sources-2.6.16_2.0.2/arch/alpha/kernel/systbls.S
91 @@ -447,7 +447,7 @@ sys_call_table:
92 .quad sys_stat64 /* 425 */
93 .quad sys_lstat64
94 .quad sys_fstat64
95 - .quad sys_ni_syscall /* sys_vserver */
96 + .quad sys_vserver /* sys_vserver */
97 .quad sys_ni_syscall /* sys_mbind */
98 .quad sys_ni_syscall /* sys_get_mempolicy */
99 .quad sys_ni_syscall /* sys_set_mempolicy */
100 Index: vserver-sources-2.6.16_2.0.2/arch/alpha/mm/init.c
101 ===================================================================
102 --- vserver-sources-2.6.16_2.0.2.orig/arch/alpha/mm/init.c
103 +++ vserver-sources-2.6.16_2.0.2/arch/alpha/mm/init.c
104 @@ -21,6 +21,7 @@
105 #include <linux/init.h>
106 #include <linux/bootmem.h> /* max_low_pfn */
107 #include <linux/vmalloc.h>
108 +#include <linux/pagemap.h>
109
110 #include <asm/system.h>
111 #include <asm/uaccess.h>
112 Index: vserver-sources-2.6.16_2.0.2/arch/arm/Kconfig
113 ===================================================================
114 --- vserver-sources-2.6.16_2.0.2.orig/arch/arm/Kconfig
115 +++ vserver-sources-2.6.16_2.0.2/arch/arm/Kconfig
116 @@ -828,6 +828,8 @@ source "arch/arm/oprofile/Kconfig"
117
118 source "arch/arm/Kconfig.debug"
119
120 +source "kernel/vserver/Kconfig"
121 +
122 source "security/Kconfig"
123
124 source "crypto/Kconfig"
125 Index: vserver-sources-2.6.16_2.0.2/arch/arm/kernel/calls.S
126 ===================================================================
127 --- vserver-sources-2.6.16_2.0.2.orig/arch/arm/kernel/calls.S
128 +++ vserver-sources-2.6.16_2.0.2/arch/arm/kernel/calls.S
129 @@ -322,7 +322,7 @@
130 /* 310 */ CALL(sys_request_key)
131 CALL(sys_keyctl)
132 CALL(ABI(sys_semtimedop, sys_oabi_semtimedop))
133 -/* vserver */ CALL(sys_ni_syscall)
134 + CALL(sys_vserver)
135 CALL(sys_ioprio_set)
136 /* 315 */ CALL(sys_ioprio_get)
137 CALL(sys_inotify_init)
138 Index: vserver-sources-2.6.16_2.0.2/arch/arm26/Kconfig
139 ===================================================================
140 --- vserver-sources-2.6.16_2.0.2.orig/arch/arm26/Kconfig
141 +++ vserver-sources-2.6.16_2.0.2/arch/arm26/Kconfig
142 @@ -230,6 +230,8 @@ source "drivers/usb/Kconfig"
143
144 source "arch/arm26/Kconfig.debug"
145
146 +source "kernel/vserver/Kconfig"
147 +
148 source "security/Kconfig"
149
150 source "crypto/Kconfig"
151 Index: vserver-sources-2.6.16_2.0.2/arch/arm26/kernel/calls.S
152 ===================================================================
153 --- vserver-sources-2.6.16_2.0.2.orig/arch/arm26/kernel/calls.S
154 +++ vserver-sources-2.6.16_2.0.2/arch/arm26/kernel/calls.S
155 @@ -257,6 +257,11 @@ __syscall_start:
156 .long sys_lremovexattr
157 .long sys_fremovexattr
158 .long sys_tkill
159 +
160 + .rept 313 - (. - __syscall_start) / 4
161 + .long sys_ni_syscall
162 + .endr
163 + .long sys_vserver /* 313 */
164 __syscall_end:
165
166 .rept NR_syscalls - (__syscall_end - __syscall_start) / 4
167 Index: vserver-sources-2.6.16_2.0.2/arch/arm26/kernel/traps.c
168 ===================================================================
169 --- vserver-sources-2.6.16_2.0.2.orig/arch/arm26/kernel/traps.c
170 +++ vserver-sources-2.6.16_2.0.2/arch/arm26/kernel/traps.c
171 @@ -186,8 +186,9 @@ NORET_TYPE void die(const char *str, str
172 printk("Internal error: %s: %x\n", str, err);
173 printk("CPU: %d\n", smp_processor_id());
174 show_regs(regs);
175 - printk("Process %s (pid: %d, stack limit = 0x%p)\n",
176 - current->comm, current->pid, end_of_stack(tsk));
177 + printk("Process %s (pid: %d[#%u], stack limit = 0x%p)\n",
178 + current->comm, current->pid,
179 + current->xid, end_of_stack(tsk));
180
181 if (!user_mode(regs) || in_interrupt()) {
182 __dump_stack(tsk, (unsigned long)(regs + 1));
183 Index: vserver-sources-2.6.16_2.0.2/arch/cris/Kconfig
184 ===================================================================
185 --- vserver-sources-2.6.16_2.0.2.orig/arch/cris/Kconfig
186 +++ vserver-sources-2.6.16_2.0.2/arch/cris/Kconfig
187 @@ -173,6 +173,8 @@ source "drivers/usb/Kconfig"
188
189 source "arch/cris/Kconfig.debug"
190
191 +source "kernel/vserver/Kconfig"
192 +
193 source "security/Kconfig"
194
195 source "crypto/Kconfig"
196 Index: vserver-sources-2.6.16_2.0.2/arch/frv/mm/mmu-context.c
197 ===================================================================
198 --- vserver-sources-2.6.16_2.0.2.orig/arch/frv/mm/mmu-context.c
199 +++ vserver-sources-2.6.16_2.0.2/arch/frv/mm/mmu-context.c
200 @@ -11,6 +11,7 @@
201
202 #include <linux/sched.h>
203 #include <linux/mm.h>
204 +#include <linux/vs_cvirt.h>
205 #include <asm/tlbflush.h>
206
207 #define NR_CXN 4096
208 Index: vserver-sources-2.6.16_2.0.2/arch/h8300/Kconfig
209 ===================================================================
210 --- vserver-sources-2.6.16_2.0.2.orig/arch/h8300/Kconfig
211 +++ vserver-sources-2.6.16_2.0.2/arch/h8300/Kconfig
212 @@ -191,6 +191,8 @@ source "fs/Kconfig"
213
214 source "arch/h8300/Kconfig.debug"
215
216 +source "kernel/vserver/Kconfig"
217 +
218 source "security/Kconfig"
219
220 source "crypto/Kconfig"
221 Index: vserver-sources-2.6.16_2.0.2/arch/i386/Kconfig
222 ===================================================================
223 --- vserver-sources-2.6.16_2.0.2.orig/arch/i386/Kconfig
224 +++ vserver-sources-2.6.16_2.0.2/arch/i386/Kconfig
225 @@ -466,23 +466,43 @@ choice
226 will also likely make your kernel incompatible with binary-only
227 kernel modules.
228
229 - If you are not absolutely sure what you are doing, leave this
230 - option alone!
231 -
232 config VMSPLIT_3G
233 - bool "3G/1G user/kernel split"
234 - config VMSPLIT_3G_OPT
235 - bool "3G/1G user/kernel split (for full 1G low memory)"
236 + bool "3G/1G user/kernel split (Default)"
237 + help
238 + This is the default split of 3GB userspace to 1GB kernel
239 + space, which will result in about 860MB of lowmem.
240 +
241 + config VMSPLIT_25G
242 + bool "2.5G/1.5G user/kernel split"
243 + help
244 + This split provides 2.5GB userspace and 1.5GB kernel
245 + space, which will result in about 1370MB of lowmem.
246 +
247 config VMSPLIT_2G
248 bool "2G/2G user/kernel split"
249 + help
250 + This split provides 2GB userspace and 2GB kernel
251 + space, which will result in about 1880MB of lowmem.
252 +
253 + config VMSPLIT_15G
254 + bool "1.5G/2.5G user/kernel split"
255 + help
256 + This split provides 1.5GB userspace and 2.5GB kernel
257 + space, which will result in about 2390MB of lowmem.
258 +
259 config VMSPLIT_1G
260 bool "1G/3G user/kernel split"
261 + help
262 + This split provides 1GB userspace and 3GB kernel
263 + space, which will result in about 2900MB of lowmem.
264 +
265 endchoice
266
267 config PAGE_OFFSET
268 hex
269 - default 0xB0000000 if VMSPLIT_3G_OPT
270 - default 0x78000000 if VMSPLIT_2G
271 + default 0xA0000000 if VMSPLIT_25G
272 + default 0x80000000 if VMSPLIT_2G
273 + default 0x60000000 if VMSPLIT_15G
274 default 0x40000000 if VMSPLIT_1G
275 default 0xC0000000
276
277 @@ -1071,6 +1091,8 @@ endmenu
278
279 source "arch/i386/Kconfig.debug"
280
281 +source "kernel/vserver/Kconfig"
282 +
283 source "security/Kconfig"
284
285 source "crypto/Kconfig"
286 Index: vserver-sources-2.6.16_2.0.2/arch/i386/boot/compressed/misc.c
287 ===================================================================
288 --- vserver-sources-2.6.16_2.0.2.orig/arch/i386/boot/compressed/misc.c
289 +++ vserver-sources-2.6.16_2.0.2/arch/i386/boot/compressed/misc.c
290 @@ -309,7 +309,7 @@ static void setup_normal_output_buffer(v
291 #else
292 if ((RM_ALT_MEM_K > RM_EXT_MEM_K ? RM_ALT_MEM_K : RM_EXT_MEM_K) < 1024) error("Less than 2MB of memory");
293 #endif
294 - output_data = (char *)__PHYSICAL_START; /* Normally Points to 1M */
295 + output_data = (char *)PHYSICAL_START; /* Normally Points to 1M */
296 free_mem_end_ptr = (long)real_mode;
297 }
298
299 @@ -334,8 +334,8 @@ static void setup_output_buffer_if_we_ru
300 low_buffer_size = low_buffer_end - LOW_BUFFER_START;
301 high_loaded = 1;
302 free_mem_end_ptr = (long)high_buffer_start;
303 - if ( (__PHYSICAL_START + low_buffer_size) > ((ulg)high_buffer_start)) {
304 - high_buffer_start = (uch *)(__PHYSICAL_START + low_buffer_size);
305 + if ((PHYSICAL_START + low_buffer_size) > ((ulg)high_buffer_start)) {
306 + high_buffer_start = (uch *)(PHYSICAL_START + low_buffer_size);
307 mv->hcount = 0; /* say: we need not to move high_buffer */
308 }
309 else mv->hcount = -1;
310 Index: vserver-sources-2.6.16_2.0.2/arch/i386/kernel/setup.c
311 ===================================================================
312 --- vserver-sources-2.6.16_2.0.2.orig/arch/i386/kernel/setup.c
313 +++ vserver-sources-2.6.16_2.0.2/arch/i386/kernel/setup.c
314 @@ -1192,8 +1192,8 @@ void __init setup_bootmem_allocator(void
315 * the (very unlikely) case of us accidentally initializing the
316 * bootmem allocator with an invalid RAM area.
317 */
318 - reserve_bootmem(__PHYSICAL_START, (PFN_PHYS(min_low_pfn) +
319 - bootmap_size + PAGE_SIZE-1) - (__PHYSICAL_START));
320 + reserve_bootmem(PHYSICAL_START, (PFN_PHYS(min_low_pfn) +
321 + bootmap_size + PAGE_SIZE-1) - (PHYSICAL_START));
322
323 /*
324 * reserve physical page 0 - it's a special BIOS page on many boxes,
325 Index: vserver-sources-2.6.16_2.0.2/arch/i386/kernel/sys_i386.c
326 ===================================================================
327 --- vserver-sources-2.6.16_2.0.2.orig/arch/i386/kernel/sys_i386.c
328 +++ vserver-sources-2.6.16_2.0.2/arch/i386/kernel/sys_i386.c
329 @@ -19,6 +19,7 @@
330 #include <linux/mman.h>
331 #include <linux/file.h>
332 #include <linux/utsname.h>
333 +#include <linux/vs_cvirt.h>
334
335 #include <asm/uaccess.h>
336 #include <asm/ipc.h>
337 @@ -217,7 +218,7 @@ asmlinkage int sys_uname(struct old_utsn
338 if (!name)
339 return -EFAULT;
340 down_read(&uts_sem);
341 - err=copy_to_user(name, &system_utsname, sizeof (*name));
342 + err=copy_to_user(name, vx_new_utsname(), sizeof (*name));
343 up_read(&uts_sem);
344 return err?-EFAULT:0;
345 }
346 @@ -225,6 +226,7 @@ asmlinkage int sys_uname(struct old_utsn
347 asmlinkage int sys_olduname(struct oldold_utsname __user * name)
348 {
349 int error;
350 + struct new_utsname *ptr;
351
352 if (!name)
353 return -EFAULT;
354 @@ -233,15 +235,16 @@ asmlinkage int sys_olduname(struct oldol
355
356 down_read(&uts_sem);
357
358 - error = __copy_to_user(&name->sysname,&system_utsname.sysname,__OLD_UTS_LEN);
359 + ptr = vx_new_utsname();
360 + error = __copy_to_user(&name->sysname,ptr->sysname,__OLD_UTS_LEN);
361 error |= __put_user(0,name->sysname+__OLD_UTS_LEN);
362 - error |= __copy_to_user(&name->nodename,&system_utsname.nodename,__OLD_UTS_LEN);
363 + error |= __copy_to_user(&name->nodename,ptr->nodename,__OLD_UTS_LEN);
364 error |= __put_user(0,name->nodename+__OLD_UTS_LEN);
365 - error |= __copy_to_user(&name->release,&system_utsname.release,__OLD_UTS_LEN);
366 + error |= __copy_to_user(&name->release,ptr->release,__OLD_UTS_LEN);
367 error |= __put_user(0,name->release+__OLD_UTS_LEN);
368 - error |= __copy_to_user(&name->version,&system_utsname.version,__OLD_UTS_LEN);
369 + error |= __copy_to_user(&name->version,ptr->version,__OLD_UTS_LEN);
370 error |= __put_user(0,name->version+__OLD_UTS_LEN);
371 - error |= __copy_to_user(&name->machine,&system_utsname.machine,__OLD_UTS_LEN);
372 + error |= __copy_to_user(&name->machine,ptr->machine,__OLD_UTS_LEN);
373 error |= __put_user(0,name->machine+__OLD_UTS_LEN);
374
375 up_read(&uts_sem);
376 Index: vserver-sources-2.6.16_2.0.2/arch/i386/kernel/syscall_table.S
377 ===================================================================
378 --- vserver-sources-2.6.16_2.0.2.orig/arch/i386/kernel/syscall_table.S
379 +++ vserver-sources-2.6.16_2.0.2/arch/i386/kernel/syscall_table.S
380 @@ -272,7 +272,7 @@ ENTRY(sys_call_table)
381 .long sys_tgkill /* 270 */
382 .long sys_utimes
383 .long sys_fadvise64_64
384 - .long sys_ni_syscall /* sys_vserver */
385 + .long sys_vserver
386 .long sys_mbind
387 .long sys_get_mempolicy
388 .long sys_set_mempolicy
389 Index: vserver-sources-2.6.16_2.0.2/arch/i386/kernel/traps.c
390 ===================================================================
391 --- vserver-sources-2.6.16_2.0.2.orig/arch/i386/kernel/traps.c
392 +++ vserver-sources-2.6.16_2.0.2/arch/i386/kernel/traps.c
393 @@ -53,6 +53,7 @@
394 #include <asm/kdebug.h>
395
396 #include <linux/module.h>
397 +#include <linux/vserver/debug.h>
398
399 #include "mach_traps.h"
400
401 @@ -252,8 +253,9 @@ void show_registers(struct pt_regs *regs
402 regs->esi, regs->edi, regs->ebp, esp);
403 printk(KERN_EMERG "ds: %04x es: %04x ss: %04x\n",
404 regs->xds & 0xffff, regs->xes & 0xffff, ss);
405 - printk(KERN_EMERG "Process %s (pid: %d, threadinfo=%p task=%p)",
406 - current->comm, current->pid, current_thread_info(), current);
407 + printk(KERN_EMERG "Process %s (pid: %d[#%u], threadinfo=%p task=%p)",
408 + current->comm, current->pid, current->xid,
409 + current_thread_info(), current);
410 /*
411 * When in-kernel, we also print out the stack and code at the
412 * time of the fault..
413 @@ -333,6 +335,8 @@ void die(const char * str, struct pt_reg
414 static int die_counter;
415 unsigned long flags;
416
417 + vxh_throw_oops();
418 +
419 if (die.lock_owner != raw_smp_processor_id()) {
420 console_verbose();
421 spin_lock_irqsave(&die.lock, flags);
422 @@ -365,8 +369,9 @@ void die(const char * str, struct pt_reg
423 #endif
424 if (nl)
425 printk("\n");
426 - notify_die(DIE_OOPS, (char *)str, regs, err, 255, SIGSEGV);
427 + notify_die(DIE_OOPS, (char *)str, regs, err, 255, SIGSEGV);
428 show_registers(regs);
429 + vxh_dump_history();
430 } else
431 printk(KERN_EMERG "Recursive die() failure, output suppressed\n");
432
433 Index: vserver-sources-2.6.16_2.0.2/arch/ia64/Kconfig
434 ===================================================================
435 --- vserver-sources-2.6.16_2.0.2.orig/arch/ia64/Kconfig
436 +++ vserver-sources-2.6.16_2.0.2/arch/ia64/Kconfig
437 @@ -464,6 +464,8 @@ endmenu
438
439 source "arch/ia64/Kconfig.debug"
440
441 +source "kernel/vserver/Kconfig"
442 +
443 source "security/Kconfig"
444
445 source "crypto/Kconfig"
446 Index: vserver-sources-2.6.16_2.0.2/arch/ia64/ia32/binfmt_elf32.c
447 ===================================================================
448 --- vserver-sources-2.6.16_2.0.2.orig/arch/ia64/ia32/binfmt_elf32.c
449 +++ vserver-sources-2.6.16_2.0.2/arch/ia64/ia32/binfmt_elf32.c
450 @@ -236,7 +236,8 @@ ia32_setup_arg_pages (struct linux_binpr
451 kmem_cache_free(vm_area_cachep, mpnt);
452 return ret;
453 }
454 - current->mm->stack_vm = current->mm->total_vm = vma_pages(mpnt);
455 + vx_vmpages_sub(current->mm, current->mm->total_vm - vma_pages(mpnt));
456 + current->mm->stack_vm = current->mm->total_vm;
457 }
458
459 for (i = 0 ; i < MAX_ARG_PAGES ; i++) {
460 Index: vserver-sources-2.6.16_2.0.2/arch/ia64/ia32/ia32_entry.S
461 ===================================================================
462 --- vserver-sources-2.6.16_2.0.2.orig/arch/ia64/ia32/ia32_entry.S
463 +++ vserver-sources-2.6.16_2.0.2/arch/ia64/ia32/ia32_entry.S
464 @@ -483,7 +483,7 @@ ia32_syscall_table:
465 data8 sys_tgkill /* 270 */
466 data8 compat_sys_utimes
467 data8 sys32_fadvise64_64
468 - data8 sys_ni_syscall
469 + data8 sys32_vserver
470 data8 sys_ni_syscall
471 data8 sys_ni_syscall /* 275 */
472 data8 sys_ni_syscall
473 Index: vserver-sources-2.6.16_2.0.2/arch/ia64/kernel/entry.S
474 ===================================================================
475 --- vserver-sources-2.6.16_2.0.2.orig/arch/ia64/kernel/entry.S
476 +++ vserver-sources-2.6.16_2.0.2/arch/ia64/kernel/entry.S
477 @@ -1591,7 +1591,7 @@ sys_call_table:
478 data8 sys_mq_notify
479 data8 sys_mq_getsetattr
480 data8 sys_ni_syscall // reserved for kexec_load
481 - data8 sys_ni_syscall // reserved for vserver
482 + data8 sys_vserver
483 data8 sys_waitid // 1270
484 data8 sys_add_key
485 data8 sys_request_key
486 Index: vserver-sources-2.6.16_2.0.2/arch/ia64/kernel/perfmon.c
487 ===================================================================
488 --- vserver-sources-2.6.16_2.0.2.orig/arch/ia64/kernel/perfmon.c
489 +++ vserver-sources-2.6.16_2.0.2/arch/ia64/kernel/perfmon.c
490 @@ -41,6 +41,8 @@
491 #include <linux/capability.h>
492 #include <linux/rcupdate.h>
493 #include <linux/completion.h>
494 +#include <linux/vs_memory.h>
495 +#include <linux/vs_cvirt.h>
496
497 #include <asm/errno.h>
498 #include <asm/intrinsics.h>
499 @@ -2355,7 +2357,7 @@ pfm_smpl_buffer_alloc(struct task_struct
500 */
501 insert_vm_struct(mm, vma);
502
503 - mm->total_vm += size >> PAGE_SHIFT;
504 + vx_vmpages_add(mm, size >> PAGE_SHIFT);
505 vm_stat_account(vma->vm_mm, vma->vm_flags, vma->vm_file,
506 vma_pages(vma));
507 up_write(&task->mm->mmap_sem);
508 Index: vserver-sources-2.6.16_2.0.2/arch/ia64/kernel/ptrace.c
509 ===================================================================
510 --- vserver-sources-2.6.16_2.0.2.orig/arch/ia64/kernel/ptrace.c
511 +++ vserver-sources-2.6.16_2.0.2/arch/ia64/kernel/ptrace.c
512 @@ -18,6 +18,7 @@
513 #include <linux/security.h>
514 #include <linux/audit.h>
515 #include <linux/signal.h>
516 +#include <linux/vs_cvirt.h>
517
518 #include <asm/pgtable.h>
519 #include <asm/processor.h>
520 @@ -1443,6 +1444,9 @@ sys_ptrace (long request, pid_t pid, uns
521 read_unlock(&tasklist_lock);
522 if (!child)
523 goto out;
524 + if (!vx_check(vx_task_xid(child), VX_WATCH|VX_IDENT))
525 + goto out_tsk;
526 +
527 ret = -EPERM;
528 if (pid == 1) /* no messing around with init! */
529 goto out_tsk;
530 Index: vserver-sources-2.6.16_2.0.2/arch/ia64/kernel/signal.c
531 ===================================================================
532 --- vserver-sources-2.6.16_2.0.2.orig/arch/ia64/kernel/signal.c
533 +++ vserver-sources-2.6.16_2.0.2/arch/ia64/kernel/signal.c
534 @@ -21,6 +21,7 @@
535 #include <linux/binfmts.h>
536 #include <linux/unistd.h>
537 #include <linux/wait.h>
538 +#include <linux/vs_cvirt.h>
539
540 #include <asm/ia32.h>
541 #include <asm/intrinsics.h>
542 Index: vserver-sources-2.6.16_2.0.2/arch/ia64/mm/fault.c
543 ===================================================================
544 --- vserver-sources-2.6.16_2.0.2.orig/arch/ia64/mm/fault.c
545 +++ vserver-sources-2.6.16_2.0.2/arch/ia64/mm/fault.c
546 @@ -10,6 +10,7 @@
547 #include <linux/smp_lock.h>
548 #include <linux/interrupt.h>
549 #include <linux/kprobes.h>
550 +#include <linux/vs_memory.h>
551
552 #include <asm/pgtable.h>
553 #include <asm/processor.h>
554 Index: vserver-sources-2.6.16_2.0.2/arch/ia64/sn/kernel/xpc_main.c
555 ===================================================================
556 --- vserver-sources-2.6.16_2.0.2.orig/arch/ia64/sn/kernel/xpc_main.c
557 +++ vserver-sources-2.6.16_2.0.2/arch/ia64/sn/kernel/xpc_main.c
558 @@ -109,6 +109,7 @@ static ctl_table xpc_sys_xpc_hb_dir[] =
559 0644,
560 NULL,
561 &proc_dointvec_minmax,
562 + NULL,
563 &sysctl_intvec,
564 NULL,
565 &xpc_hb_min_interval,
566 @@ -122,6 +123,7 @@ static ctl_table xpc_sys_xpc_hb_dir[] =
567 0644,
568 NULL,
569 &proc_dointvec_minmax,
570 + NULL,
571 &sysctl_intvec,
572 NULL,
573 &xpc_hb_check_min_interval,
574 @@ -146,6 +148,7 @@ static ctl_table xpc_sys_xpc_dir[] = {
575 0644,
576 NULL,
577 &proc_dointvec_minmax,
578 + NULL,
579 &sysctl_intvec,
580 NULL,
581 &xpc_disengage_request_min_timelimit,
582 Index: vserver-sources-2.6.16_2.0.2/arch/m32r/kernel/ptrace.c
583 ===================================================================
584 --- vserver-sources-2.6.16_2.0.2.orig/arch/m32r/kernel/ptrace.c
585 +++ vserver-sources-2.6.16_2.0.2/arch/m32r/kernel/ptrace.c
586 @@ -25,6 +25,7 @@
587 #include <linux/user.h>
588 #include <linux/string.h>
589 #include <linux/signal.h>
590 +#include <linux/vs_cvirt.h>
591
592 #include <asm/cacheflush.h>
593 #include <asm/io.h>
594 Index: vserver-sources-2.6.16_2.0.2/arch/m68k/Kconfig
595 ===================================================================
596 --- vserver-sources-2.6.16_2.0.2.orig/arch/m68k/Kconfig
597 +++ vserver-sources-2.6.16_2.0.2/arch/m68k/Kconfig
598 @@ -650,6 +650,8 @@ source "fs/Kconfig"
599
600 source "arch/m68k/Kconfig.debug"
601
602 +source "kernel/vserver/Kconfig"
603 +
604 source "security/Kconfig"
605
606 source "crypto/Kconfig"
607 Index: vserver-sources-2.6.16_2.0.2/arch/m68k/kernel/ptrace.c
608 ===================================================================
609 --- vserver-sources-2.6.16_2.0.2.orig/arch/m68k/kernel/ptrace.c
610 +++ vserver-sources-2.6.16_2.0.2/arch/m68k/kernel/ptrace.c
611 @@ -280,6 +280,8 @@ long arch_ptrace(struct task_struct *chi
612 ret = ptrace_request(child, request, addr, data);
613 break;
614 }
615 + if (!vx_check(vx_task_xid(child), VX_WATCH|VX_IDENT))
616 + goto out_tsk;
617
618 return ret;
619 out_eio:
620 Index: vserver-sources-2.6.16_2.0.2/arch/m68knommu/Kconfig
621 ===================================================================
622 --- vserver-sources-2.6.16_2.0.2.orig/arch/m68knommu/Kconfig
623 +++ vserver-sources-2.6.16_2.0.2/arch/m68knommu/Kconfig
624 @@ -646,6 +646,8 @@ source "fs/Kconfig"
625
626 source "arch/m68knommu/Kconfig.debug"
627
628 +source "kernel/vserver/Kconfig"
629 +
630 source "security/Kconfig"
631
632 source "crypto/Kconfig"
633 Index: vserver-sources-2.6.16_2.0.2/arch/mips/Kconfig
634 ===================================================================
635 --- vserver-sources-2.6.16_2.0.2.orig/arch/mips/Kconfig
636 +++ vserver-sources-2.6.16_2.0.2/arch/mips/Kconfig
637 @@ -1814,6 +1814,8 @@ source "arch/mips/oprofile/Kconfig"
638
639 source "arch/mips/Kconfig.debug"
640
641 +source "kernel/vserver/Kconfig"
642 +
643 source "security/Kconfig"
644
645 source "crypto/Kconfig"
646 Index: vserver-sources-2.6.16_2.0.2/arch/mips/kernel/linux32.c
647 ===================================================================
648 --- vserver-sources-2.6.16_2.0.2.orig/arch/mips/kernel/linux32.c
649 +++ vserver-sources-2.6.16_2.0.2/arch/mips/kernel/linux32.c
650 @@ -37,6 +37,7 @@
651 #include <linux/security.h>
652 #include <linux/compat.h>
653 #include <linux/vfs.h>
654 +#include <linux/vs_cvirt.h>
655
656 #include <net/sock.h>
657 #include <net/scm.h>
658 @@ -1099,7 +1100,7 @@ asmlinkage long sys32_newuname(struct ne
659 int ret = 0;
660
661 down_read(&uts_sem);
662 - if (copy_to_user(name,&system_utsname,sizeof *name))
663 + if (copy_to_user(name, vx_new_utsname(), sizeof *name))
664 ret = -EFAULT;
665 up_read(&uts_sem);
666
667 Index: vserver-sources-2.6.16_2.0.2/arch/mips/kernel/ptrace.c
668 ===================================================================
669 --- vserver-sources-2.6.16_2.0.2.orig/arch/mips/kernel/ptrace.c
670 +++ vserver-sources-2.6.16_2.0.2/arch/mips/kernel/ptrace.c
671 @@ -476,6 +476,8 @@ asmlinkage void do_syscall_trace(struct
672 goto out;
673 if (!test_thread_flag(TIF_SYSCALL_TRACE))
674 goto out;
675 + if (!vx_check(vx_task_xid(child), VX_WATCH|VX_IDENT))
676 + goto out_tsk;
677
678 /* The 0x80 provides a way for the tracing parent to distinguish
679 between a syscall stop and SIGTRAP delivery */
680 Index: vserver-sources-2.6.16_2.0.2/arch/mips/kernel/ptrace32.c
681 ===================================================================
682 --- vserver-sources-2.6.16_2.0.2.orig/arch/mips/kernel/ptrace32.c
683 +++ vserver-sources-2.6.16_2.0.2/arch/mips/kernel/ptrace32.c
684 @@ -24,6 +24,7 @@
685 #include <linux/smp_lock.h>
686 #include <linux/user.h>
687 #include <linux/security.h>
688 +#include <linux/vs_cvirt.h>
689
690 #include <asm/cpu.h>
691 #include <asm/dsp.h>
692 Index: vserver-sources-2.6.16_2.0.2/arch/mips/kernel/scall32-o32.S
693 ===================================================================
694 --- vserver-sources-2.6.16_2.0.2.orig/arch/mips/kernel/scall32-o32.S
695 +++ vserver-sources-2.6.16_2.0.2/arch/mips/kernel/scall32-o32.S
696 @@ -607,7 +607,7 @@ einval: li v0, -EINVAL
697 sys sys_mq_timedreceive 5
698 sys sys_mq_notify 2 /* 4275 */
699 sys sys_mq_getsetattr 3
700 - sys sys_ni_syscall 0 /* sys_vserver */
701 + sys sys_vserver 3
702 sys sys_waitid 5
703 sys sys_ni_syscall 0 /* available, was setaltroot */
704 sys sys_add_key 5 /* 4280 */
705 Index: vserver-sources-2.6.16_2.0.2/arch/mips/kernel/scall64-64.S
706 ===================================================================
707 --- vserver-sources-2.6.16_2.0.2.orig/arch/mips/kernel/scall64-64.S
708 +++ vserver-sources-2.6.16_2.0.2/arch/mips/kernel/scall64-64.S
709 @@ -433,7 +433,7 @@ sys_call_table:
710 PTR sys_mq_timedreceive
711 PTR sys_mq_notify
712 PTR sys_mq_getsetattr /* 5235 */
713 - PTR sys_ni_syscall /* sys_vserver */
714 + PTR sys_vserver
715 PTR sys_waitid
716 PTR sys_ni_syscall /* available, was setaltroot */
717 PTR sys_add_key
718 Index: vserver-sources-2.6.16_2.0.2/arch/mips/kernel/scall64-n32.S
719 ===================================================================
720 --- vserver-sources-2.6.16_2.0.2.orig/arch/mips/kernel/scall64-n32.S
721 +++ vserver-sources-2.6.16_2.0.2/arch/mips/kernel/scall64-n32.S
722 @@ -359,7 +359,7 @@ EXPORT(sysn32_call_table)
723 PTR compat_sys_mq_timedreceive
724 PTR compat_sys_mq_notify
725 PTR compat_sys_mq_getsetattr
726 - PTR sys_ni_syscall /* 6240, sys_vserver */
727 + PTR sys32_vserver /* 6240 */
728 PTR sysn32_waitid
729 PTR sys_ni_syscall /* available, was setaltroot */
730 PTR sys_add_key
731 Index: vserver-sources-2.6.16_2.0.2/arch/mips/kernel/scall64-o32.S
732 ===================================================================
733 --- vserver-sources-2.6.16_2.0.2.orig/arch/mips/kernel/scall64-o32.S
734 +++ vserver-sources-2.6.16_2.0.2/arch/mips/kernel/scall64-o32.S
735 @@ -481,7 +481,7 @@ sys_call_table:
736 PTR compat_sys_mq_timedreceive
737 PTR compat_sys_mq_notify /* 4275 */
738 PTR compat_sys_mq_getsetattr
739 - PTR sys_ni_syscall /* sys_vserver */
740 + PTR sys32_vserver
741 PTR sys32_waitid
742 PTR sys_ni_syscall /* available, was setaltroot */
743 PTR sys_add_key /* 4280 */
744 Index: vserver-sources-2.6.16_2.0.2/arch/mips/kernel/syscall.c
745 ===================================================================
746 --- vserver-sources-2.6.16_2.0.2.orig/arch/mips/kernel/syscall.c
747 +++ vserver-sources-2.6.16_2.0.2/arch/mips/kernel/syscall.c
748 @@ -29,6 +29,7 @@
749 #include <linux/shm.h>
750 #include <linux/compiler.h>
751 #include <linux/module.h>
752 +#include <linux/vs_cvirt.h>
753
754 #include <asm/branch.h>
755 #include <asm/cachectl.h>
756 @@ -229,7 +230,7 @@ out:
757 */
758 asmlinkage int sys_uname(struct old_utsname __user * name)
759 {
760 - if (name && !copy_to_user(name, &system_utsname, sizeof (*name)))
761 + if (name && !copy_to_user(name, vx_new_utsname(), sizeof (*name)))
762 return 0;
763 return -EFAULT;
764 }
765 @@ -240,21 +241,23 @@ asmlinkage int sys_uname(struct old_utsn
766 asmlinkage int sys_olduname(struct oldold_utsname __user * name)
767 {
768 int error;
769 + struct new_utsname *ptr;
770
771 if (!name)
772 return -EFAULT;
773 if (!access_ok(VERIFY_WRITE,name,sizeof(struct oldold_utsname)))
774 return -EFAULT;
775
776 - error = __copy_to_user(&name->sysname,&system_utsname.sysname,__OLD_UTS_LEN);
777 + ptr = vx_new_utsname();
778 + error = __copy_to_user(&name->sysname,ptr->sysname,__OLD_UTS_LEN);
779 error -= __put_user(0,name->sysname+__OLD_UTS_LEN);
780 - error -= __copy_to_user(&name->nodename,&system_utsname.nodename,__OLD_UTS_LEN);
781 + error -= __copy_to_user(&name->nodename,ptr->nodename,__OLD_UTS_LEN);
782 error -= __put_user(0,name->nodename+__OLD_UTS_LEN);
783 - error -= __copy_to_user(&name->release,&system_utsname.release,__OLD_UTS_LEN);
784 + error -= __copy_to_user(&name->release,ptr->release,__OLD_UTS_LEN);
785 error -= __put_user(0,name->release+__OLD_UTS_LEN);
786 - error -= __copy_to_user(&name->version,&system_utsname.version,__OLD_UTS_LEN);
787 + error -= __copy_to_user(&name->version,ptr->version,__OLD_UTS_LEN);
788 error -= __put_user(0,name->version+__OLD_UTS_LEN);
789 - error -= __copy_to_user(&name->machine,&system_utsname.machine,__OLD_UTS_LEN);
790 + error -= __copy_to_user(&name->machine,ptr->machine,__OLD_UTS_LEN);
791 error = __put_user(0,name->machine+__OLD_UTS_LEN);
792 error = error ? -EFAULT : 0;
793
794 @@ -290,10 +293,10 @@ asmlinkage int _sys_sysmips(int cmd, lon
795 return -EFAULT;
796
797 down_write(&uts_sem);
798 - strncpy(system_utsname.nodename, nodename, len);
799 + strncpy(vx_new_uts(nodename), nodename, len);
800 nodename[__NEW_UTS_LEN] = '\0';
801 - strlcpy(system_utsname.nodename, nodename,
802 - sizeof(system_utsname.nodename));
803 + strlcpy(vx_new_uts(nodename), nodename,
804 + sizeof(vx_new_uts(nodename)));
805 up_write(&uts_sem);
806 return 0;
807 }
808 Index: vserver-sources-2.6.16_2.0.2/arch/mips/kernel/sysirix.c
809 ===================================================================
810 --- vserver-sources-2.6.16_2.0.2.orig/arch/mips/kernel/sysirix.c
811 +++ vserver-sources-2.6.16_2.0.2/arch/mips/kernel/sysirix.c
812 @@ -31,6 +31,7 @@
813 #include <linux/socket.h>
814 #include <linux/security.h>
815 #include <linux/syscalls.h>
816 +#include <linux/vs_cvirt.h>
817
818 #include <asm/ptrace.h>
819 #include <asm/page.h>
820 Index: vserver-sources-2.6.16_2.0.2/arch/parisc/Kconfig
821 ===================================================================
822 --- vserver-sources-2.6.16_2.0.2.orig/arch/parisc/Kconfig
823 +++ vserver-sources-2.6.16_2.0.2/arch/parisc/Kconfig
824 @@ -213,6 +213,8 @@ source "arch/parisc/oprofile/Kconfig"
825
826 source "arch/parisc/Kconfig.debug"
827
828 +source "kernel/vserver/Kconfig"
829 +
830 source "security/Kconfig"
831
832 source "crypto/Kconfig"
833 Index: vserver-sources-2.6.16_2.0.2/arch/parisc/kernel/sys_parisc32.c
834 ===================================================================
835 --- vserver-sources-2.6.16_2.0.2.orig/arch/parisc/kernel/sys_parisc32.c
836 +++ vserver-sources-2.6.16_2.0.2/arch/parisc/kernel/sys_parisc32.c
837 @@ -657,6 +657,7 @@ asmlinkage int sys32_sysinfo(struct sysi
838
839 do {
840 seq = read_seqbegin(&xtime_lock);
841 + /* FIXME: requires vx virtualization */
842 val.uptime = jiffies / HZ;
843
844 val.loads[0] = avenrun[0] << (SI_LOAD_SHIFT - FSHIFT);
845 Index: vserver-sources-2.6.16_2.0.2/arch/parisc/kernel/syscall_table.S
846 ===================================================================
847 --- vserver-sources-2.6.16_2.0.2.orig/arch/parisc/kernel/syscall_table.S
848 +++ vserver-sources-2.6.16_2.0.2/arch/parisc/kernel/syscall_table.S
849 @@ -368,7 +368,7 @@
850 ENTRY_COMP(mbind) /* 260 */
851 ENTRY_COMP(get_mempolicy)
852 ENTRY_COMP(set_mempolicy)
853 - ENTRY_SAME(ni_syscall) /* 263: reserved for vserver */
854 + ENTRY_DIFF(vserver)
855 ENTRY_SAME(add_key)
856 ENTRY_SAME(request_key) /* 265 */
857 ENTRY_SAME(keyctl)
858 Index: vserver-sources-2.6.16_2.0.2/arch/powerpc/Kconfig
859 ===================================================================
860 --- vserver-sources-2.6.16_2.0.2.orig/arch/powerpc/Kconfig
861 +++ vserver-sources-2.6.16_2.0.2/arch/powerpc/Kconfig
862 @@ -974,6 +974,8 @@ endmenu
863
864 source "arch/powerpc/Kconfig.debug"
865
866 +source "kernel/vserver/Kconfig"
867 +
868 source "security/Kconfig"
869
870 config KEYS_COMPAT
871 Index: vserver-sources-2.6.16_2.0.2/arch/powerpc/kernel/process.c
872 ===================================================================
873 --- vserver-sources-2.6.16_2.0.2.orig/arch/powerpc/kernel/process.c
874 +++ vserver-sources-2.6.16_2.0.2/arch/powerpc/kernel/process.c
875 @@ -425,8 +425,9 @@ void show_regs(struct pt_regs * regs)
876 trap = TRAP(regs);
877 if (trap == 0x300 || trap == 0x600)
878 printk("DAR: "REG", DSISR: "REG"\n", regs->dar, regs->dsisr);
879 - printk("TASK = %p[%d] '%s' THREAD: %p",
880 - current, current->pid, current->comm, task_thread_info(current));
881 + printk("TASK = %p[%d,#%u] '%s' THREAD: %p",
882 + current, current->pid, current->xid,
883 + current->comm, task_thread_info(current));
884
885 #ifdef CONFIG_SMP
886 printk(" CPU: %d", smp_processor_id());
887 Index: vserver-sources-2.6.16_2.0.2/arch/powerpc/kernel/ptrace32.c
888 ===================================================================
889 --- vserver-sources-2.6.16_2.0.2.orig/arch/powerpc/kernel/ptrace32.c
890 +++ vserver-sources-2.6.16_2.0.2/arch/powerpc/kernel/ptrace32.c
891 @@ -28,6 +28,7 @@
892 #include <linux/user.h>
893 #include <linux/security.h>
894 #include <linux/signal.h>
895 +#include <linux/vs_cvirt.h>
896
897 #include <asm/uaccess.h>
898 #include <asm/page.h>
899 Index: vserver-sources-2.6.16_2.0.2/arch/powerpc/kernel/syscalls.c
900 ===================================================================
901 --- vserver-sources-2.6.16_2.0.2.orig/arch/powerpc/kernel/syscalls.c
902 +++ vserver-sources-2.6.16_2.0.2/arch/powerpc/kernel/syscalls.c
903 @@ -36,6 +36,7 @@
904 #include <linux/file.h>
905 #include <linux/init.h>
906 #include <linux/personality.h>
907 +#include <linux/vs_cvirt.h>
908
909 #include <asm/uaccess.h>
910 #include <asm/ipc.h>
911 @@ -259,7 +260,7 @@ long ppc_newuname(struct new_utsname __u
912 int err = 0;
913
914 down_read(&uts_sem);
915 - if (copy_to_user(name, &system_utsname, sizeof(*name)))
916 + if (copy_to_user(name, vx_new_utsname(), sizeof(*name)))
917 err = -EFAULT;
918 up_read(&uts_sem);
919 if (!err)
920 @@ -272,7 +273,7 @@ int sys_uname(struct old_utsname __user
921 int err = 0;
922
923 down_read(&uts_sem);
924 - if (copy_to_user(name, &system_utsname, sizeof(*name)))
925 + if (copy_to_user(name, vx_new_utsname(), sizeof(*name)))
926 err = -EFAULT;
927 up_read(&uts_sem);
928 if (!err)
929 @@ -283,25 +284,22 @@ int sys_uname(struct old_utsname __user
930 int sys_olduname(struct oldold_utsname __user *name)
931 {
932 int error;
933 + struct new_utsname *ptr;
934
935 if (!access_ok(VERIFY_WRITE, name, sizeof(struct oldold_utsname)))
936 return -EFAULT;
937
938 down_read(&uts_sem);
939 - error = __copy_to_user(&name->sysname, &system_utsname.sysname,
940 - __OLD_UTS_LEN);
941 + ptr = vx_new_utsname();
942 + error = __copy_to_user(&name->sysname, ptr->sysname, __OLD_UTS_LEN);
943 error |= __put_user(0, name->sysname + __OLD_UTS_LEN);
944 - error |= __copy_to_user(&name->nodename, &system_utsname.nodename,
945 - __OLD_UTS_LEN);
946 + error |= __copy_to_user(&name->nodename, ptr->nodename, __OLD_UTS_LEN);
947 error |= __put_user(0, name->nodename + __OLD_UTS_LEN);
948 - error |= __copy_to_user(&name->release, &system_utsname.release,
949 - __OLD_UTS_LEN);
950 + error |= __copy_to_user(&name->release, ptr->release, __OLD_UTS_LEN);
951 error |= __put_user(0, name->release + __OLD_UTS_LEN);
952 - error |= __copy_to_user(&name->version, &system_utsname.version,
953 - __OLD_UTS_LEN);
954 + error |= __copy_to_user(&name->version, ptr->version, __OLD_UTS_LEN);
955 error |= __put_user(0, name->version + __OLD_UTS_LEN);
956 - error |= __copy_to_user(&name->machine, &system_utsname.machine,
957 - __OLD_UTS_LEN);
958 + error |= __copy_to_user(&name->machine, ptr->machine, __OLD_UTS_LEN);
959 error |= override_machine(name->machine);
960 up_read(&uts_sem);
961
962 Index: vserver-sources-2.6.16_2.0.2/arch/powerpc/kernel/systbl.S
963 ===================================================================
964 --- vserver-sources-2.6.16_2.0.2.orig/arch/powerpc/kernel/systbl.S
965 +++ vserver-sources-2.6.16_2.0.2/arch/powerpc/kernel/systbl.S
966 @@ -296,7 +296,7 @@ COMPAT_SYS(fstatfs64)
967 SYSX(sys_ni_syscall, ppc_fadvise64_64, ppc_fadvise64_64)
968 PPC_SYS(rtas)
969 OLDSYS(debug_setcontext)
970 -SYSCALL(ni_syscall)
971 +SYSX(sys_vserver, sys32_vserver, sys_vserver)
972 SYSCALL(ni_syscall)
973 COMPAT_SYS(mbind)
974 COMPAT_SYS(get_mempolicy)
975 Index: vserver-sources-2.6.16_2.0.2/arch/powerpc/kernel/vdso.c
976 ===================================================================
977 --- vserver-sources-2.6.16_2.0.2.orig/arch/powerpc/kernel/vdso.c
978 +++ vserver-sources-2.6.16_2.0.2/arch/powerpc/kernel/vdso.c
979 @@ -25,6 +25,7 @@
980 #include <linux/elf.h>
981 #include <linux/security.h>
982 #include <linux/bootmem.h>
983 +#include <linux/vs_memory.h>
984
985 #include <asm/pgtable.h>
986 #include <asm/system.h>
987 @@ -294,7 +295,7 @@ int arch_setup_additional_pages(struct l
988 kmem_cache_free(vm_area_cachep, vma);
989 return -ENOMEM;
990 }
991 - mm->total_vm += (vma->vm_end - vma->vm_start) >> PAGE_SHIFT;
992 + vx_vmpages_add(mm, (vma->vm_end - vma->vm_start) >> PAGE_SHIFT);
993 up_write(&mm->mmap_sem);
994
995 return 0;
996 Index: vserver-sources-2.6.16_2.0.2/arch/ppc/Kconfig
997 ===================================================================
998 --- vserver-sources-2.6.16_2.0.2.orig/arch/ppc/Kconfig
999 +++ vserver-sources-2.6.16_2.0.2/arch/ppc/Kconfig
1000 @@ -1394,6 +1394,8 @@ source "arch/powerpc/oprofile/Kconfig"
1001
1002 source "arch/ppc/Kconfig.debug"
1003
1004 +source "kernel/vserver/Kconfig"
1005 +
1006 source "security/Kconfig"
1007
1008 source "crypto/Kconfig"
1009 Index: vserver-sources-2.6.16_2.0.2/arch/s390/Kconfig
1010 ===================================================================
1011 --- vserver-sources-2.6.16_2.0.2.orig/arch/s390/Kconfig
1012 +++ vserver-sources-2.6.16_2.0.2/arch/s390/Kconfig
1013 @@ -472,6 +472,8 @@ source "arch/s390/oprofile/Kconfig"
1014
1015 source "arch/s390/Kconfig.debug"
1016
1017 +source "kernel/vserver/Kconfig"
1018 +
1019 source "security/Kconfig"
1020
1021 source "crypto/Kconfig"
1022 Index: vserver-sources-2.6.16_2.0.2/arch/s390/kernel/process.c
1023 ===================================================================
1024 --- vserver-sources-2.6.16_2.0.2.orig/arch/s390/kernel/process.c
1025 +++ vserver-sources-2.6.16_2.0.2/arch/s390/kernel/process.c
1026 @@ -164,9 +164,9 @@ void show_regs(struct pt_regs *regs)
1027 struct task_struct *tsk = current;
1028
1029 printk("CPU: %d %s\n", task_thread_info(tsk)->cpu, print_tainted());
1030 - printk("Process %s (pid: %d, task: %p, ksp: %p)\n",
1031 - current->comm, current->pid, (void *) tsk,
1032 - (void *) tsk->thread.ksp);
1033 + printk("Process %s (pid: %d[#%u], task: %p, ksp: %p)\n",
1034 + current->comm, current->pid, current->xid,
1035 + (void *) tsk, (void *) tsk->thread.ksp);
1036
1037 show_registers(regs);
1038 /* Show stack backtrace if pt_regs is from kernel mode */
1039 Index: vserver-sources-2.6.16_2.0.2/arch/s390/kernel/ptrace.c
1040 ===================================================================
1041 --- vserver-sources-2.6.16_2.0.2.orig/arch/s390/kernel/ptrace.c
1042 +++ vserver-sources-2.6.16_2.0.2/arch/s390/kernel/ptrace.c
1043 @@ -33,6 +33,7 @@
1044 #include <linux/security.h>
1045 #include <linux/audit.h>
1046 #include <linux/signal.h>
1047 +#include <linux/vs_cvirt.h>
1048
1049 #include <asm/segment.h>
1050 #include <asm/page.h>
1051 @@ -723,7 +724,13 @@ sys_ptrace(long request, long pid, long
1052 goto out;
1053 }
1054
1055 + if (!vx_check(vx_task_xid(child), VX_WATCH|VX_IDENT)) {
1056 + ret = -EPERM;
1057 + goto out_tsk;
1058 + }
1059 +
1060 ret = do_ptrace(child, request, addr, data);
1061 +out_tsk:
1062 put_task_struct(child);
1063 out:
1064 unlock_kernel();
1065 Index: vserver-sources-2.6.16_2.0.2/arch/s390/kernel/syscalls.S
1066 ===================================================================
1067 --- vserver-sources-2.6.16_2.0.2.orig/arch/s390/kernel/syscalls.S
1068 +++ vserver-sources-2.6.16_2.0.2/arch/s390/kernel/syscalls.S
1069 @@ -271,7 +271,7 @@ SYSCALL(sys_clock_settime,sys_clock_sett
1070 SYSCALL(sys_clock_gettime,sys_clock_gettime,sys32_clock_gettime_wrapper) /* 260 */
1071 SYSCALL(sys_clock_getres,sys_clock_getres,sys32_clock_getres_wrapper)
1072 SYSCALL(sys_clock_nanosleep,sys_clock_nanosleep,sys32_clock_nanosleep_wrapper)
1073 -NI_SYSCALL /* reserved for vserver */
1074 +SYSCALL(sys_vserver,sys_vserver,sys32_vserver)
1075 SYSCALL(s390_fadvise64_64,sys_ni_syscall,sys32_fadvise64_64_wrapper)
1076 SYSCALL(sys_statfs64,sys_statfs64,compat_sys_statfs64_wrapper)
1077 SYSCALL(sys_fstatfs64,sys_fstatfs64,compat_sys_fstatfs64_wrapper)
1078 Index: vserver-sources-2.6.16_2.0.2/arch/sh/Kconfig
1079 ===================================================================
1080 --- vserver-sources-2.6.16_2.0.2.orig/arch/sh/Kconfig
1081 +++ vserver-sources-2.6.16_2.0.2/arch/sh/Kconfig
1082 @@ -633,6 +633,8 @@ source "arch/sh/oprofile/Kconfig"
1083
1084 source "arch/sh/Kconfig.debug"
1085
1086 +source "kernel/vserver/Kconfig"
1087 +
1088 source "security/Kconfig"
1089
1090 source "crypto/Kconfig"
1091 Index: vserver-sources-2.6.16_2.0.2/arch/sh/kernel/kgdb_stub.c
1092 ===================================================================
1093 --- vserver-sources-2.6.16_2.0.2.orig/arch/sh/kernel/kgdb_stub.c
1094 +++ vserver-sources-2.6.16_2.0.2/arch/sh/kernel/kgdb_stub.c
1095 @@ -412,7 +412,7 @@ static struct task_struct *get_thread(in
1096 if (pid == PID_MAX) pid = 0;
1097
1098 /* First check via PID */
1099 - thread = find_task_by_pid(pid);
1100 + thread = find_task_by_real_pid(pid);
1101
1102 if (thread)
1103 return thread;
1104 Index: vserver-sources-2.6.16_2.0.2/arch/sparc/Kconfig
1105 ===================================================================
1106 --- vserver-sources-2.6.16_2.0.2.orig/arch/sparc/Kconfig
1107 +++ vserver-sources-2.6.16_2.0.2/arch/sparc/Kconfig
1108 @@ -284,6 +284,8 @@ source "fs/Kconfig"
1109
1110 source "arch/sparc/Kconfig.debug"
1111
1112 +source "kernel/vserver/Kconfig"
1113 +
1114 source "security/Kconfig"
1115
1116 source "crypto/Kconfig"
1117 Index: vserver-sources-2.6.16_2.0.2/arch/sparc/kernel/ptrace.c
1118 ===================================================================
1119 --- vserver-sources-2.6.16_2.0.2.orig/arch/sparc/kernel/ptrace.c
1120 +++ vserver-sources-2.6.16_2.0.2/arch/sparc/kernel/ptrace.c
1121 @@ -19,6 +19,7 @@
1122 #include <linux/smp_lock.h>
1123 #include <linux/security.h>
1124 #include <linux/signal.h>
1125 +#include <linux/vs_cvirt.h>
1126
1127 #include <asm/pgtable.h>
1128 #include <asm/system.h>
1129 @@ -299,6 +300,10 @@ asmlinkage void do_ptrace(struct pt_regs
1130 pt_error_return(regs, -ret);
1131 goto out;
1132 }
1133 + if (!vx_check(vx_task_xid(child), VX_WATCH|VX_IDENT)) {
1134 + pt_error_return(regs, ESRCH);
1135 + goto out_tsk;
1136 + }
1137
1138 if ((current->personality == PER_SUNOS && request == PTRACE_SUNATTACH)
1139 || (current->personality != PER_SUNOS && request == PTRACE_ATTACH)) {
1140 Index: vserver-sources-2.6.16_2.0.2/arch/sparc/kernel/sys_sparc.c
1141 ===================================================================
1142 --- vserver-sources-2.6.16_2.0.2.orig/arch/sparc/kernel/sys_sparc.c
1143 +++ vserver-sources-2.6.16_2.0.2/arch/sparc/kernel/sys_sparc.c
1144 @@ -21,6 +21,7 @@
1145 #include <linux/utsname.h>
1146 #include <linux/smp.h>
1147 #include <linux/smp_lock.h>
1148 +#include <linux/vs_cvirt.h>
1149
1150 #include <asm/uaccess.h>
1151 #include <asm/ipc.h>
1152 @@ -470,13 +471,13 @@ asmlinkage int sys_getdomainname(char __
1153
1154 down_read(&uts_sem);
1155
1156 - nlen = strlen(system_utsname.domainname) + 1;
1157 + nlen = strlen(vx_new_uts(domainname)) + 1;
1158
1159 if (nlen < len)
1160 len = nlen;
1161 if (len > __NEW_UTS_LEN)
1162 goto done;
1163 - if (copy_to_user(name, system_utsname.domainname, len))
1164 + if (copy_to_user(name, vx_new_uts(domainname), len))
1165 goto done;
1166 err = 0;
1167 done:
1168 Index: vserver-sources-2.6.16_2.0.2/arch/sparc/kernel/systbls.S
1169 ===================================================================
1170 --- vserver-sources-2.6.16_2.0.2.orig/arch/sparc/kernel/systbls.S
1171 +++ vserver-sources-2.6.16_2.0.2/arch/sparc/kernel/systbls.S
1172 @@ -72,7 +72,7 @@ sys_call_table:
1173 /*250*/ .long sparc_mremap, sys_sysctl, sys_getsid, sys_fdatasync, sys_nfsservctl
1174 /*255*/ .long sys_nis_syscall, sys_clock_settime, sys_clock_gettime, sys_clock_getres, sys_clock_nanosleep
1175 /*260*/ .long sys_sched_getaffinity, sys_sched_setaffinity, sys_timer_settime, sys_timer_gettime, sys_timer_getoverrun
1176 -/*265*/ .long sys_timer_delete, sys_timer_create, sys_nis_syscall, sys_io_setup, sys_io_destroy
1177 +/*265*/ .long sys_timer_delete, sys_timer_create, sys_vserver, sys_io_setup, sys_io_destroy
1178 /*270*/ .long sys_io_submit, sys_io_cancel, sys_io_getevents, sys_mq_open, sys_mq_unlink
1179 /*275*/ .long sys_mq_timedsend, sys_mq_timedreceive, sys_mq_notify, sys_mq_getsetattr, sys_waitid
1180 /*280*/ .long sys_ni_syscall, sys_add_key, sys_request_key, sys_keyctl, sys_openat
1181 Index: vserver-sources-2.6.16_2.0.2/arch/sparc64/Kconfig
1182 ===================================================================
1183 --- vserver-sources-2.6.16_2.0.2.orig/arch/sparc64/Kconfig
1184 +++ vserver-sources-2.6.16_2.0.2/arch/sparc64/Kconfig
1185 @@ -400,6 +400,8 @@ endmenu
1186
1187 source "arch/sparc64/Kconfig.debug"
1188
1189 +source "kernel/vserver/Kconfig"
1190 +
1191 source "security/Kconfig"
1192
1193 source "crypto/Kconfig"
1194 Index: vserver-sources-2.6.16_2.0.2/arch/sparc64/kernel/binfmt_aout32.c
1195 ===================================================================
1196 --- vserver-sources-2.6.16_2.0.2.orig/arch/sparc64/kernel/binfmt_aout32.c
1197 +++ vserver-sources-2.6.16_2.0.2/arch/sparc64/kernel/binfmt_aout32.c
1198 @@ -27,6 +27,7 @@
1199 #include <linux/binfmts.h>
1200 #include <linux/personality.h>
1201 #include <linux/init.h>
1202 +#include <linux/vs_memory.h>
1203
1204 #include <asm/system.h>
1205 #include <asm/uaccess.h>
1206 Index: vserver-sources-2.6.16_2.0.2/arch/sparc64/kernel/ptrace.c
1207 ===================================================================
1208 --- vserver-sources-2.6.16_2.0.2.orig/arch/sparc64/kernel/ptrace.c
1209 +++ vserver-sources-2.6.16_2.0.2/arch/sparc64/kernel/ptrace.c
1210 @@ -22,6 +22,7 @@
1211 #include <linux/seccomp.h>
1212 #include <linux/audit.h>
1213 #include <linux/signal.h>
1214 +#include <linux/vs_cvirt.h>
1215
1216 #include <asm/asi.h>
1217 #include <asm/pgtable.h>
1218 @@ -209,6 +210,10 @@ asmlinkage void do_ptrace(struct pt_regs
1219 pt_error_return(regs, -ret);
1220 goto out;
1221 }
1222 + if (!vx_check(vx_task_xid(child), VX_WATCH|VX_IDENT)) {
1223 + pt_error_return(regs, ESRCH);
1224 + goto out_tsk;
1225 + }
1226
1227 if ((current->personality == PER_SUNOS && request == PTRACE_SUNATTACH)
1228 || (current->personality != PER_SUNOS && request == PTRACE_ATTACH)) {
1229 Index: vserver-sources-2.6.16_2.0.2/arch/sparc64/kernel/sys_sparc.c
1230 ===================================================================
1231 --- vserver-sources-2.6.16_2.0.2.orig/arch/sparc64/kernel/sys_sparc.c
1232 +++ vserver-sources-2.6.16_2.0.2/arch/sparc64/kernel/sys_sparc.c
1233 @@ -25,6 +25,7 @@
1234 #include <linux/syscalls.h>
1235 #include <linux/ipc.h>
1236 #include <linux/personality.h>
1237 +#include <linux/vs_cvirt.h>
1238
1239 #include <asm/uaccess.h>
1240 #include <asm/ipc.h>
1241 @@ -476,13 +477,13 @@ asmlinkage long sys_getdomainname(char _
1242
1243 down_read(&uts_sem);
1244
1245 - nlen = strlen(system_utsname.domainname) + 1;
1246 + nlen = strlen(vx_new_uts(domainname)) + 1;
1247
1248 if (nlen < len)
1249 len = nlen;
1250 if (len > __NEW_UTS_LEN)
1251 goto done;
1252 - if (copy_to_user(name, system_utsname.domainname, len))
1253 + if (copy_to_user(name, vx_new_uts(domainname), len))
1254 goto done;
1255 err = 0;
1256 done:
1257 Index: vserver-sources-2.6.16_2.0.2/arch/sparc64/kernel/systbls.S
1258 ===================================================================
1259 --- vserver-sources-2.6.16_2.0.2.orig/arch/sparc64/kernel/systbls.S
1260 +++ vserver-sources-2.6.16_2.0.2/arch/sparc64/kernel/systbls.S
1261 @@ -73,7 +73,7 @@ sys_call_table32:
1262 /*250*/ .word sys32_mremap, sys32_sysctl, sys32_getsid, sys_fdatasync, sys32_nfsservctl
1263 .word sys_ni_syscall, compat_sys_clock_settime, compat_sys_clock_gettime, compat_sys_clock_getres, sys32_clock_nanosleep
1264 /*260*/ .word compat_sys_sched_getaffinity, compat_sys_sched_setaffinity, sys32_timer_settime, compat_sys_timer_gettime, sys_timer_getoverrun
1265 - .word sys_timer_delete, compat_sys_timer_create, sys_ni_syscall, compat_sys_io_setup, sys_io_destroy
1266 + .word sys_timer_delete, compat_sys_timer_create, sys32_vserver, compat_sys_io_setup, sys_io_destroy
1267 /*270*/ .word sys32_io_submit, sys_io_cancel, compat_sys_io_getevents, sys32_mq_open, sys_mq_unlink
1268 .word compat_sys_mq_timedsend, compat_sys_mq_timedreceive, compat_sys_mq_notify, compat_sys_mq_getsetattr, compat_sys_waitid
1269 /*280*/ .word sys_ni_syscall, sys_add_key, sys_request_key, sys_keyctl, compat_sys_openat
1270 @@ -142,7 +142,7 @@ sys_call_table:
1271 /*250*/ .word sys64_mremap, sys_sysctl, sys_getsid, sys_fdatasync, sys_nfsservctl
1272 .word sys_ni_syscall, sys_clock_settime, sys_clock_gettime, sys_clock_getres, sys_clock_nanosleep
1273 /*260*/ .word sys_sched_getaffinity, sys_sched_setaffinity, sys_timer_settime, sys_timer_gettime, sys_timer_getoverrun
1274 - .word sys_timer_delete, sys_timer_create, sys_ni_syscall, sys_io_setup, sys_io_destroy
1275 + .word sys_timer_delete, sys_timer_create, sys_vserver, sys_io_setup, sys_io_destroy
1276 /*270*/ .word sys_io_submit, sys_io_cancel, sys_io_getevents, sys_mq_open, sys_mq_unlink
1277 .word sys_mq_timedsend, sys_mq_timedreceive, sys_mq_notify, sys_mq_getsetattr, sys_waitid
1278 /*280*/ .word sys_nis_syscall, sys_add_key, sys_request_key, sys_keyctl, sys_openat
1279 Index: vserver-sources-2.6.16_2.0.2/arch/sparc64/solaris/fs.c
1280 ===================================================================
1281 --- vserver-sources-2.6.16_2.0.2.orig/arch/sparc64/solaris/fs.c
1282 +++ vserver-sources-2.6.16_2.0.2/arch/sparc64/solaris/fs.c
1283 @@ -363,7 +363,7 @@ static int report_statvfs(struct vfsmoun
1284 int j = strlen (p);
1285
1286 if (j > 15) j = 15;
1287 - if (IS_RDONLY(inode)) i = 1;
1288 + if (IS_RDONLY(inode) || MNT_IS_RDONLY(mnt)) i = 1;
1289 if (mnt->mnt_flags & MNT_NOSUID) i |= 2;
1290 if (!sysv_valid_dev(inode->i_sb->s_dev))
1291 return -EOVERFLOW;
1292 @@ -399,7 +399,7 @@ static int report_statvfs64(struct vfsmo
1293 int j = strlen (p);
1294
1295 if (j > 15) j = 15;
1296 - if (IS_RDONLY(inode)) i = 1;
1297 + if (IS_RDONLY(inode) || MNT_IS_RDONLY(mnt)) i = 1;
1298 if (mnt->mnt_flags & MNT_NOSUID) i |= 2;
1299 if (!sysv_valid_dev(inode->i_sb->s_dev))
1300 return -EOVERFLOW;
1301 Index: vserver-sources-2.6.16_2.0.2/arch/um/Kconfig
1302 ===================================================================
1303 --- vserver-sources-2.6.16_2.0.2.orig/arch/um/Kconfig
1304 +++ vserver-sources-2.6.16_2.0.2/arch/um/Kconfig
1305 @@ -290,6 +290,8 @@ source "drivers/connector/Kconfig"
1306
1307 source "fs/Kconfig"
1308
1309 +source "kernel/vserver/Kconfig"
1310 +
1311 source "security/Kconfig"
1312
1313 source "crypto/Kconfig"
1314 Index: vserver-sources-2.6.16_2.0.2/arch/um/drivers/mconsole_kern.c
1315 ===================================================================
1316 --- vserver-sources-2.6.16_2.0.2.orig/arch/um/drivers/mconsole_kern.c
1317 +++ vserver-sources-2.6.16_2.0.2/arch/um/drivers/mconsole_kern.c
1318 @@ -21,6 +21,7 @@
1319 #include "linux/proc_fs.h"
1320 #include "linux/syscalls.h"
1321 #include "linux/console.h"
1322 +#include "linux/vs_cvirt.h"
1323 #include "asm/irq.h"
1324 #include "asm/uaccess.h"
1325 #include "user_util.h"
1326 Index: vserver-sources-2.6.16_2.0.2/arch/um/kernel/process_kern.c
1327 ===================================================================
1328 --- vserver-sources-2.6.16_2.0.2.orig/arch/um/kernel/process_kern.c
1329 +++ vserver-sources-2.6.16_2.0.2/arch/um/kernel/process_kern.c
1330 @@ -23,6 +23,8 @@
1331 #include "linux/proc_fs.h"
1332 #include "linux/ptrace.h"
1333 #include "linux/random.h"
1334 +#include "linux/vs_cvirt.h"
1335 +
1336 #include "asm/unistd.h"
1337 #include "asm/mman.h"
1338 #include "asm/segment.h"
1339 Index: vserver-sources-2.6.16_2.0.2/arch/um/kernel/syscall_kern.c
1340 ===================================================================
1341 --- vserver-sources-2.6.16_2.0.2.orig/arch/um/kernel/syscall_kern.c
1342 +++ vserver-sources-2.6.16_2.0.2/arch/um/kernel/syscall_kern.c
1343 @@ -15,6 +15,8 @@
1344 #include "linux/unistd.h"
1345 #include "linux/slab.h"
1346 #include "linux/utime.h"
1347 +#include <linux/vs_cvirt.h>
1348 +
1349 #include "asm/mman.h"
1350 #include "asm/uaccess.h"
1351 #include "kern_util.h"
1352 @@ -110,7 +112,7 @@ long sys_uname(struct old_utsname * name
1353 if (!name)
1354 return -EFAULT;
1355 down_read(&uts_sem);
1356 - err=copy_to_user(name, &system_utsname, sizeof (*name));
1357 + err=copy_to_user(name, vx_new_utsname(), sizeof (*name));
1358 up_read(&uts_sem);
1359 return err?-EFAULT:0;
1360 }
1361 @@ -118,6 +120,7 @@ long sys_uname(struct old_utsname * name
1362 long sys_olduname(struct oldold_utsname * name)
1363 {
1364 long error;
1365 + struct new_utsname *ptr;
1366
1367 if (!name)
1368 return -EFAULT;
1369 @@ -126,19 +129,20 @@ long sys_olduname(struct oldold_utsname
1370
1371 down_read(&uts_sem);
1372
1373 - error = __copy_to_user(&name->sysname,&system_utsname.sysname,
1374 + ptr = vx_new_utsname();
1375 + error = __copy_to_user(&name->sysname,ptr->sysname,
1376 __OLD_UTS_LEN);
1377 error |= __put_user(0,name->sysname+__OLD_UTS_LEN);
1378 - error |= __copy_to_user(&name->nodename,&system_utsname.nodename,
1379 + error |= __copy_to_user(&name->nodename,ptr->nodename,
1380 __OLD_UTS_LEN);
1381 error |= __put_user(0,name->nodename+__OLD_UTS_LEN);
1382 - error |= __copy_to_user(&name->release,&system_utsname.release,
1383 + error |= __copy_to_user(&name->release,ptr->release,
1384 __OLD_UTS_LEN);
1385 error |= __put_user(0,name->release+__OLD_UTS_LEN);
1386 - error |= __copy_to_user(&name->version,&system_utsname.version,
1387 + error |= __copy_to_user(&name->version,ptr->version,
1388 __OLD_UTS_LEN);
1389 error |= __put_user(0,name->version+__OLD_UTS_LEN);
1390 - error |= __copy_to_user(&name->machine,&system_utsname.machine,
1391 + error |= __copy_to_user(&name->machine,ptr->machine,
1392 __OLD_UTS_LEN);
1393 error |= __put_user(0,name->machine+__OLD_UTS_LEN);
1394
1395 Index: vserver-sources-2.6.16_2.0.2/arch/v850/Kconfig
1396 ===================================================================
1397 --- vserver-sources-2.6.16_2.0.2.orig/arch/v850/Kconfig
1398 +++ vserver-sources-2.6.16_2.0.2/arch/v850/Kconfig
1399 @@ -320,6 +320,8 @@ source "drivers/usb/Kconfig"
1400
1401 source "arch/v850/Kconfig.debug"
1402
1403 +source "kernel/vserver/Kconfig"
1404 +
1405 source "security/Kconfig"
1406
1407 source "crypto/Kconfig"
1408 Index: vserver-sources-2.6.16_2.0.2/arch/v850/kernel/ptrace.c
1409 ===================================================================
1410 --- vserver-sources-2.6.16_2.0.2.orig/arch/v850/kernel/ptrace.c
1411 +++ vserver-sources-2.6.16_2.0.2/arch/v850/kernel/ptrace.c
1412 @@ -137,6 +137,8 @@ long arch_ptrace(struct task_struct *chi
1413 break;
1414 rval = -EIO;
1415 goto out;
1416 + if (!vx_check(vx_task_xid(child), VX_WATCH|VX_IDENT))
1417 + goto out_tsk;
1418
1419 /* Read/write the word at location ADDR in the registers. */
1420 case PTRACE_PEEKUSR:
1421 Index: vserver-sources-2.6.16_2.0.2/arch/x86_64/Kconfig
1422 ===================================================================
1423 --- vserver-sources-2.6.16_2.0.2.orig/arch/x86_64/Kconfig
1424 +++ vserver-sources-2.6.16_2.0.2/arch/x86_64/Kconfig
1425 @@ -588,6 +588,8 @@ endmenu
1426
1427 source "arch/x86_64/Kconfig.debug"
1428
1429 +source "kernel/vserver/Kconfig"
1430 +
1431 source "security/Kconfig"
1432
1433 source "crypto/Kconfig"
1434 Index: vserver-sources-2.6.16_2.0.2/arch/x86_64/ia32/ia32_aout.c
1435 ===================================================================
1436 --- vserver-sources-2.6.16_2.0.2.orig/arch/x86_64/ia32/ia32_aout.c
1437 +++ vserver-sources-2.6.16_2.0.2/arch/x86_64/ia32/ia32_aout.c
1438 @@ -25,6 +25,7 @@
1439 #include <linux/binfmts.h>
1440 #include <linux/personality.h>
1441 #include <linux/init.h>
1442 +#include <linux/vs_memory.h>
1443
1444 #include <asm/system.h>
1445 #include <asm/uaccess.h>
1446 Index: vserver-sources-2.6.16_2.0.2/arch/x86_64/ia32/ia32_binfmt.c
1447 ===================================================================
1448 --- vserver-sources-2.6.16_2.0.2.orig/arch/x86_64/ia32/ia32_binfmt.c
1449 +++ vserver-sources-2.6.16_2.0.2/arch/x86_64/ia32/ia32_binfmt.c
1450 @@ -371,7 +371,8 @@ int ia32_setup_arg_pages(struct linux_bi
1451 kmem_cache_free(vm_area_cachep, mpnt);
1452 return ret;
1453 }
1454 - mm->stack_vm = mm->total_vm = vma_pages(mpnt);
1455 + vx_vmpages_sub(mm, mm->total_vm - vma_pages(mpnt));
1456 + mm->stack_vm = mm->total_vm;
1457 }
1458
1459 for (i = 0 ; i < MAX_ARG_PAGES ; i++) {
1460 Index: vserver-sources-2.6.16_2.0.2/arch/x86_64/ia32/ia32entry.S
1461 ===================================================================
1462 --- vserver-sources-2.6.16_2.0.2.orig/arch/x86_64/ia32/ia32entry.S
1463 +++ vserver-sources-2.6.16_2.0.2/arch/x86_64/ia32/ia32entry.S
1464 @@ -650,7 +650,7 @@ ia32_sys_call_table:
1465 .quad sys_tgkill /* 270 */
1466 .quad compat_sys_utimes
1467 .quad sys32_fadvise64_64
1468 - .quad quiet_ni_syscall /* sys_vserver */
1469 + .quad sys32_vserver
1470 .quad sys_mbind
1471 .quad compat_sys_get_mempolicy /* 275 */
1472 .quad sys_set_mempolicy
1473 Index: vserver-sources-2.6.16_2.0.2/arch/x86_64/ia32/ptrace32.c
1474 ===================================================================
1475 --- vserver-sources-2.6.16_2.0.2.orig/arch/x86_64/ia32/ptrace32.c
1476 +++ vserver-sources-2.6.16_2.0.2/arch/x86_64/ia32/ptrace32.c
1477 @@ -18,6 +18,7 @@
1478 #include <linux/unistd.h>
1479 #include <linux/mm.h>
1480 #include <linux/ptrace.h>
1481 +#include <linux/vs_cvirt.h>
1482 #include <asm/ptrace.h>
1483 #include <asm/compat.h>
1484 #include <asm/uaccess.h>
1485 Index: vserver-sources-2.6.16_2.0.2/arch/x86_64/ia32/sys_ia32.c
1486 ===================================================================
1487 --- vserver-sources-2.6.16_2.0.2.orig/arch/x86_64/ia32/sys_ia32.c
1488 +++ vserver-sources-2.6.16_2.0.2/arch/x86_64/ia32/sys_ia32.c
1489 @@ -62,6 +62,7 @@
1490 #include <linux/highuid.h>
1491 #include <linux/vmalloc.h>
1492 #include <linux/fsnotify.h>
1493 +#include <linux/vs_cvirt.h>
1494 #include <asm/mman.h>
1495 #include <asm/types.h>
1496 #include <asm/uaccess.h>
1497 @@ -882,6 +883,7 @@ asmlinkage long sys32_mmap2(unsigned lon
1498 asmlinkage long sys32_olduname(struct oldold_utsname __user * name)
1499 {
1500 int error;
1501 + struct new_utsname *ptr;
1502
1503 if (!name)
1504 return -EFAULT;
1505 @@ -890,13 +892,14 @@ asmlinkage long sys32_olduname(struct ol
1506
1507 down_read(&uts_sem);
1508
1509 - error = __copy_to_user(&name->sysname,&system_utsname.sysname,__OLD_UTS_LEN);
1510 + ptr = vx_new_utsname();
1511 + error = __copy_to_user(&name->sysname,ptr->sysname,__OLD_UTS_LEN);
1512 __put_user(0,name->sysname+__OLD_UTS_LEN);
1513 - __copy_to_user(&name->nodename,&system_utsname.nodename,__OLD_UTS_LEN);
1514 + __copy_to_user(&name->nodename,ptr->nodename,__OLD_UTS_LEN);
1515 __put_user(0,name->nodename+__OLD_UTS_LEN);
1516 - __copy_to_user(&name->release,&system_utsname.release,__OLD_UTS_LEN);
1517 + __copy_to_user(&name->release,ptr->release,__OLD_UTS_LEN);
1518 __put_user(0,name->release+__OLD_UTS_LEN);
1519 - __copy_to_user(&name->version,&system_utsname.version,__OLD_UTS_LEN);
1520 + __copy_to_user(&name->version,ptr->version,__OLD_UTS_LEN);
1521 __put_user(0,name->version+__OLD_UTS_LEN);
1522 {
1523 char *arch = "x86_64";
1524 @@ -919,7 +922,7 @@ long sys32_uname(struct old_utsname __us
1525 if (!name)
1526 return -EFAULT;
1527 down_read(&uts_sem);
1528 - err=copy_to_user(name, &system_utsname, sizeof (*name));
1529 + err=copy_to_user(name, vx_new_utsname(), sizeof (*name));
1530 up_read(&uts_sem);
1531 if (personality(current->personality) == PER_LINUX32)
1532 err |= copy_to_user(&name->machine, "i686", 5);
1533 Index: vserver-sources-2.6.16_2.0.2/arch/x86_64/ia32/syscall32.c
1534 ===================================================================
1535 --- vserver-sources-2.6.16_2.0.2.orig/arch/x86_64/ia32/syscall32.c
1536 +++ vserver-sources-2.6.16_2.0.2/arch/x86_64/ia32/syscall32.c
1537 @@ -10,6 +10,7 @@
1538 #include <linux/init.h>
1539 #include <linux/stringify.h>
1540 #include <linux/security.h>
1541 +#include <linux/vs_memory.h>
1542 #include <asm/proto.h>
1543 #include <asm/tlbflush.h>
1544 #include <asm/ia32_unistd.h>
1545 @@ -70,7 +71,7 @@ int syscall32_setup_pages(struct linux_b
1546 kmem_cache_free(vm_area_cachep, vma);
1547 return ret;
1548 }
1549 - mm->total_vm += npages;
1550 + vx_vmpages_add(mm, npages);
1551 up_write(&mm->mmap_sem);
1552 return 0;
1553 }
1554 Index: vserver-sources-2.6.16_2.0.2/arch/x86_64/kernel/sys_x86_64.c
1555 ===================================================================
1556 --- vserver-sources-2.6.16_2.0.2.orig/arch/x86_64/kernel/sys_x86_64.c
1557 +++ vserver-sources-2.6.16_2.0.2/arch/x86_64/kernel/sys_x86_64.c
1558 @@ -16,6 +16,7 @@
1559 #include <linux/file.h>
1560 #include <linux/utsname.h>
1561 #include <linux/personality.h>
1562 +#include <linux/vs_cvirt.h>
1563
1564 #include <asm/uaccess.h>
1565 #include <asm/ia32.h>
1566 @@ -148,7 +149,7 @@ asmlinkage long sys_uname(struct new_uts
1567 {
1568 int err;
1569 down_read(&uts_sem);
1570 - err = copy_to_user(name, &system_utsname, sizeof (*name));
1571 + err = copy_to_user(name, vx_new_utsname(), sizeof (*name));
1572 up_read(&uts_sem);
1573 if (personality(current->personality) == PER_LINUX32)
1574 err |= copy_to_user(&name->machine, "i686", 5);
1575 Index: vserver-sources-2.6.16_2.0.2/arch/x86_64/kernel/traps.c
1576 ===================================================================
1577 --- vserver-sources-2.6.16_2.0.2.orig/arch/x86_64/kernel/traps.c
1578 +++ vserver-sources-2.6.16_2.0.2/arch/x86_64/kernel/traps.c
1579 @@ -321,8 +321,9 @@ void show_registers(struct pt_regs *regs
1580
1581 printk("CPU %d ", cpu);
1582 __show_regs(regs);
1583 - printk("Process %s (pid: %d, threadinfo %p, task %p)\n",
1584 - cur->comm, cur->pid, task_thread_info(cur), cur);
1585 + printk("Process %s (pid: %d[#%u], threadinfo %p, task %p)\n",
1586 + cur->comm, cur->pid, cur->xid,
1587 + task_thread_info(cur), cur);
1588
1589 /*
1590 * When in-kernel, we also print out the stack and code at the
1591 Index: vserver-sources-2.6.16_2.0.2/drivers/block/Kconfig
1592 ===================================================================
1593 --- vserver-sources-2.6.16_2.0.2.orig/drivers/block/Kconfig
1594 +++ vserver-sources-2.6.16_2.0.2/drivers/block/Kconfig
1595 @@ -315,6 +315,13 @@ config BLK_DEV_CRYPTOLOOP
1596 instead, which can be configured to be on-disk compatible with the
1597 cryptoloop device.
1598
1599 +config BLK_DEV_VROOT
1600 + tristate "Virtual Root device support"
1601 + depends on QUOTACTL
1602 + ---help---
1603 + Saying Y here will allow you to use quota/fs ioctls on a shared
1604 + partition within a virtual server without compromising security.
1605 +
1606 config BLK_DEV_NBD
1607 tristate "Network block device support"
1608 depends on NET
1609 Index: vserver-sources-2.6.16_2.0.2/drivers/block/Makefile
1610 ===================================================================
1611 --- vserver-sources-2.6.16_2.0.2.orig/drivers/block/Makefile
1612 +++ vserver-sources-2.6.16_2.0.2/drivers/block/Makefile
1613 @@ -30,4 +30,5 @@ obj-$(CONFIG_BLK_DEV_CRYPTOLOOP) += cryp
1614 obj-$(CONFIG_VIODASD) += viodasd.o
1615 obj-$(CONFIG_BLK_DEV_SX8) += sx8.o
1616 obj-$(CONFIG_BLK_DEV_UB) += ub.o
1617 +obj-$(CONFIG_BLK_DEV_VROOT) += vroot.o
1618
1619 Index: vserver-sources-2.6.16_2.0.2/drivers/block/vroot.c
1620 ===================================================================
1621 --- /dev/null
1622 +++ vserver-sources-2.6.16_2.0.2/drivers/block/vroot.c
1623 @@ -0,0 +1,288 @@
1624 +/*
1625 + * linux/drivers/block/vroot.c
1626 + *
1627 + * written by Herbert Pötzl, 9/11/2002
1628 + * ported to 2.6.10 by Herbert Pötzl, 30/12/2004
1629 + *
1630 + * based on the loop.c code by Theodore Ts'o.
1631 + *
1632 + * Copyright (C) 2002-2005 by Herbert Pötzl.
1633 + * Redistribution of this file is permitted under the
1634 + * GNU General Public License.
1635 + *
1636 + */
1637 +
1638 +#include <linux/module.h>
1639 +#include <linux/moduleparam.h>
1640 +#include <linux/file.h>
1641 +#include <linux/major.h>
1642 +#include <linux/blkdev.h>
1643 +#include <linux/devfs_fs_kernel.h>
1644 +
1645 +#include <linux/vroot.h>
1646 +#include <linux/vserver/debug.h>
1647 +
1648 +
1649 +static int max_vroot = 8;
1650 +
1651 +static struct vroot_device *vroot_dev;
1652 +static struct gendisk **disks;
1653 +
1654 +
1655 +static int vroot_set_dev(
1656 + struct vroot_device *vr,
1657 + struct file *vr_file,
1658 + struct block_device *bdev,
1659 + unsigned int arg)
1660 +{
1661 + struct block_device *real_bdev;
1662 + struct file *file;
1663 + struct inode *inode;
1664 + int error;
1665 +
1666 + error = -EBUSY;
1667 + if (vr->vr_state != Vr_unbound)
1668 + goto out;
1669 +
1670 + error = -EBADF;
1671 + file = fget(arg);
1672 + if (!file)
1673 + goto out;
1674 +
1675 + error = -EINVAL;
1676 + inode = file->f_dentry->d_inode;
1677 +
1678 +
1679 + if (S_ISBLK(inode->i_mode)) {
1680 + real_bdev = inode->i_bdev;
1681 + vr->vr_device = real_bdev;
1682 + __iget(real_bdev->bd_inode);
1683 + } else
1684 + goto out_fput;
1685 +
1686 + vxdprintk(VXD_CBIT(misc, 0),
1687 + "vroot[%d]_set_dev: dev=" VXF_DEV,
1688 + vr->vr_number, VXD_DEV(real_bdev));
1689 +
1690 + vr->vr_state = Vr_bound;
1691 + error = 0;
1692 +
1693 + out_fput:
1694 + fput(file);
1695 + out:
1696 + return error;
1697 +}
1698 +
1699 +static int vroot_clr_dev(
1700 + struct vroot_device *vr,
1701 + struct file *vr_file,
1702 + struct block_device *bdev)
1703 +{
1704 + struct block_device *real_bdev;
1705 +
1706 + if (vr->vr_state != Vr_bound)
1707 + return -ENXIO;
1708 + if (vr->vr_refcnt > 1) /* we needed one fd for the ioctl */
1709 + return -EBUSY;
1710 +
1711 + real_bdev = vr->vr_device;
1712 +
1713 + vxdprintk(VXD_CBIT(misc, 0),
1714 + "vroot[%d]_clr_dev: dev=" VXF_DEV,
1715 + vr->vr_number, VXD_DEV(real_bdev));
1716 +
1717 + bdput(real_bdev);
1718 + vr->vr_state = Vr_unbound;
1719 + vr->vr_device = NULL;
1720 + return 0;
1721 +}
1722 +
1723 +
1724 +static int vr_ioctl(struct inode * inode, struct file * file,
1725 + unsigned int cmd, unsigned long arg)
1726 +{
1727 + struct vroot_device *vr = inode->i_bdev->bd_disk->private_data;
1728 + int err;
1729 +
1730 + down(&vr->vr_ctl_mutex);
1731 + switch (cmd) {
1732 + case VROOT_SET_DEV:
1733 + err = vroot_set_dev(vr, file, inode->i_bdev, arg);
1734 + break;
1735 + case VROOT_CLR_DEV:
1736 + err = vroot_clr_dev(vr, file, inode->i_bdev);
1737 + break;
1738 + default:
1739 + err = -EINVAL;
1740 + break;
1741 + }
1742 + up(&vr->vr_ctl_mutex);
1743 + return err;
1744 +}
1745 +
1746 +static int vr_open(struct inode *inode, struct file *file)
1747 +{
1748 + struct vroot_device *vr = inode->i_bdev->bd_disk->private_data;
1749 +
1750 + down(&vr->vr_ctl_mutex);
1751 + vr->vr_refcnt++;
1752 + up(&vr->vr_ctl_mutex);
1753 + return 0;
1754 +}
1755 +
1756 +static int vr_release(struct inode *inode, struct file *file)
1757 +{
1758 + struct vroot_device *vr = inode->i_bdev->bd_disk->private_data;
1759 +
1760 + down(&vr->vr_ctl_mutex);
1761 + --vr->vr_refcnt;
1762 + up(&vr->vr_ctl_mutex);
1763 + return 0;
1764 +}
1765 +
1766 +static struct block_device_operations vr_fops = {
1767 + .owner = THIS_MODULE,
1768 + .open = vr_open,
1769 + .release = vr_release,
1770 + .ioctl = vr_ioctl,
1771 +};
1772 +
1773 +struct block_device *__vroot_get_real_bdev(struct block_device *bdev)
1774 +{
1775 + struct inode *inode = bdev->bd_inode;
1776 + struct vroot_device *vr;
1777 + struct block_device *real_bdev;
1778 + int minor = iminor(inode);
1779 +
1780 + vr = &vroot_dev[minor];
1781 + real_bdev = vr->vr_device;
1782 +
1783 + vxdprintk(VXD_CBIT(misc, 0),
1784 + "vroot[%d]_get_real_bdev: dev=" VXF_DEV,
1785 + vr->vr_number, VXD_DEV(real_bdev));
1786 +
1787 + if (vr->vr_state != Vr_bound)
1788 + return ERR_PTR(-ENXIO);
1789 +
1790 + __iget(real_bdev->bd_inode);
1791 + return real_bdev;
1792 +}
1793 +
1794 +/*
1795 + * And now the modules code and kernel interface.
1796 + */
1797 +
1798 +module_param(max_vroot, int, 0);
1799 +
1800 +MODULE_PARM_DESC(max_vroot, "Maximum number of vroot devices (1-256)");
1801 +MODULE_LICENSE("GPL");
1802 +MODULE_ALIAS_BLOCKDEV_MAJOR(VROOT_MAJOR);
1803 +
1804 +MODULE_AUTHOR ("Herbert Pötzl");
1805 +MODULE_DESCRIPTION ("Virtual Root Device Mapper");
1806 +
1807 +
1808 +int __init vroot_init(void)
1809 +{
1810 + int err, i;
1811 +
1812 + if (max_vroot < 1 || max_vroot > 256) {
1813 + max_vroot = MAX_VROOT_DEFAULT;
1814 + printk(KERN_WARNING "vroot: invalid max_vroot "
1815 + "(must be between 1 and 256), "
1816 + "using default (%d)\n", max_vroot);
1817 + }
1818 +
1819 + if (register_blkdev(VROOT_MAJOR, "vroot"))
1820 + return -EIO;
1821 +
1822 + err = -ENOMEM;
1823 + vroot_dev = kmalloc(max_vroot * sizeof(struct vroot_device), GFP_KERNEL);
1824 + if (!vroot_dev)
1825 + goto out_mem1;
1826 + memset(vroot_dev, 0, max_vroot * sizeof(struct vroot_device));
1827 +
1828 + disks = kmalloc(max_vroot * sizeof(struct gendisk *), GFP_KERNEL);
1829 + if (!disks)
1830 + goto out_mem2;
1831 +
1832 + for (i = 0; i < max_vroot; i++) {
1833 + disks[i] = alloc_disk(1);
1834 + if (!disks[i])
1835 + goto out_mem3;
1836 + }
1837 +
1838 + devfs_mk_dir("vroot");
1839 +
1840 + for (i = 0; i < max_vroot; i++) {
1841 + struct vroot_device *vr = &vroot_dev[i];
1842 + struct gendisk *disk = disks[i];
1843 +
1844 + memset(vr, 0, sizeof(*vr));
1845 + init_MUTEX(&vr->vr_ctl_mutex);
1846 + vr->vr_number = i;
1847 + disk->major = VROOT_MAJOR;
1848 + disk->first_minor = i;
1849 + disk->fops = &vr_fops;
1850 + sprintf(disk->disk_name, "vroot%d", i);
1851 + sprintf(disk->devfs_name, "vroot/%d", i);
1852 + disk->private_data = vr;
1853 + }
1854 +
1855 + err = register_vroot_grb(&__vroot_get_real_bdev);
1856 + if (err)
1857 + goto out_reg;
1858 +
1859 + for (i = 0; i < max_vroot; i++)
1860 + add_disk(disks[i]);
1861 + printk(KERN_INFO "vroot: loaded (max %d devices)\n", max_vroot);
1862 + return 0;
1863 +
1864 +out_reg:
1865 + devfs_remove("vroot");
1866 +out_mem3:
1867 + while (i--)
1868 + put_disk(disks[i]);
1869 + kfree(disks);
1870 +out_mem2:
1871 + kfree(vroot_dev);
1872 +out_mem1:
1873 + unregister_blkdev(VROOT_MAJOR, "vroot");
1874 + printk(KERN_ERR "vroot: ran out of memory\n");
1875 + return err;
1876 +}
1877 +
1878 +void vroot_exit(void)
1879 +{
1880 + int i;
1881 +
1882 + if (unregister_vroot_grb(&__vroot_get_real_bdev))
1883 + printk(KERN_WARNING "vroot: cannot unregister grb\n");
1884 +
1885 + for (i = 0; i < max_vroot; i++) {
1886 + del_gendisk(disks[i]);
1887 + put_disk(disks[i]);
1888 + }
1889 + devfs_remove("vroot");
1890 + if (unregister_blkdev(VROOT_MAJOR, "vroot"))
1891 + printk(KERN_WARNING "vroot: cannot unregister blkdev\n");
1892 +
1893 + kfree(disks);
1894 + kfree(vroot_dev);
1895 +}
1896 +
1897 +module_init(vroot_init);
1898 +module_exit(vroot_exit);
1899 +
1900 +#ifndef MODULE
1901 +
1902 +static int __init max_vroot_setup(char *str)
1903 +{
1904 + max_vroot = simple_strtol(str, NULL, 0);
1905 + return 1;
1906 +}
1907 +
1908 +__setup("max_vroot=", max_vroot_setup);
1909 +
1910 +#endif
1911 +
1912 Index: vserver-sources-2.6.16_2.0.2/drivers/char/random.c
1913 ===================================================================
1914 --- vserver-sources-2.6.16_2.0.2.orig/drivers/char/random.c
1915 +++ vserver-sources-2.6.16_2.0.2/drivers/char/random.c
1916 @@ -1174,7 +1174,7 @@ static char sysctl_bootid[16];
1917 static int proc_do_uuid(ctl_table *table, int write, struct file *filp,
1918 void __user *buffer, size_t *lenp, loff_t *ppos)
1919 {
1920 - ctl_table fake_table;
1921 + ctl_table fake_table = {0};
1922 unsigned char buf[64], tmp_uuid[16], *uuid;
1923
1924 uuid = table->data;
1925 Index: vserver-sources-2.6.16_2.0.2/drivers/char/tty_io.c
1926 ===================================================================
1927 --- vserver-sources-2.6.16_2.0.2.orig/drivers/char/tty_io.c
1928 +++ vserver-sources-2.6.16_2.0.2/drivers/char/tty_io.c
1929 @@ -103,6 +103,7 @@
1930 #include <linux/vt_kern.h>
1931 #include <linux/selection.h>
1932 #include <linux/devfs_fs_kernel.h>
1933 +#include <linux/vs_cvirt.h>
1934
1935 #include <linux/kmod.h>
1936
1937 @@ -2381,13 +2382,16 @@ static int tiocsctty(struct tty_struct *
1938
1939 static int tiocgpgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
1940 {
1941 + pid_t pgrp;
1942 /*
1943 * (tty == real_tty) is a cheap way of
1944 * testing if the tty is NOT a master pty.
1945 */
1946 if (tty == real_tty && current->signal->tty != real_tty)
1947 return -ENOTTY;
1948 - return put_user(real_tty->pgrp, p);
1949 +
1950 + pgrp = vx_map_pid(real_tty->pgrp);
1951 + return put_user(pgrp, p);
1952 }
1953
1954 static int tiocspgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
1955 @@ -2405,6 +2409,8 @@ static int tiocspgrp(struct tty_struct *
1956 return -ENOTTY;
1957 if (get_user(pgrp, p))
1958 return -EFAULT;
1959 +
1960 + pgrp = vx_rmap_pid(pgrp);
1961 if (pgrp < 0)
1962 return -EINVAL;
1963 if (session_of_pgrp(pgrp) != current->signal->session)
1964 Index: vserver-sources-2.6.16_2.0.2/drivers/infiniband/core/uverbs_mem.c
1965 ===================================================================
1966 --- vserver-sources-2.6.16_2.0.2.orig/drivers/infiniband/core/uverbs_mem.c
1967 +++ vserver-sources-2.6.16_2.0.2/drivers/infiniband/core/uverbs_mem.c
1968 @@ -36,6 +36,7 @@
1969
1970 #include <linux/mm.h>
1971 #include <linux/dma-mapping.h>
1972 +#include <linux/vs_memory.h>
1973
1974 #include "uverbs.h"
1975
1976 @@ -161,7 +162,7 @@ out:
1977 if (ret < 0)
1978 __ib_umem_release(dev, mem, 0);
1979 else
1980 - current->mm->locked_vm = locked;
1981 + vx_vmlocked_sub(current->mm, current->mm->locked_vm - locked);
1982
1983 up_write(&current->mm->mmap_sem);
1984 free_page((unsigned long) page_list);
1985 @@ -174,8 +175,8 @@ void ib_umem_release(struct ib_device *d
1986 __ib_umem_release(dev, umem, 1);
1987
1988 down_write(&current->mm->mmap_sem);
1989 - current->mm->locked_vm -=
1990 - PAGE_ALIGN(umem->length + umem->offset) >> PAGE_SHIFT;
1991 + vx_vmlocked_sub(current->mm,
1992 + PAGE_ALIGN(umem->length + umem->offset) >> PAGE_SHIFT);
1993 up_write(&current->mm->mmap_sem);
1994 }
1995
1996 @@ -184,7 +185,7 @@ static void ib_umem_account(void *work_p
1997 struct ib_umem_account_work *work = work_ptr;
1998
1999 down_write(&work->mm->mmap_sem);
2000 - work->mm->locked_vm -= work->diff;
2001 + vx_vmlocked_sub(work->mm, work->diff);
2002 up_write(&work->mm->mmap_sem);
2003 mmput(work->mm);
2004 kfree(work);
2005 Index: vserver-sources-2.6.16_2.0.2/fs/attr.c
2006 ===================================================================
2007 --- vserver-sources-2.6.16_2.0.2.orig/fs/attr.c
2008 +++ vserver-sources-2.6.16_2.0.2/fs/attr.c
2009 @@ -15,6 +15,9 @@
2010 #include <linux/fcntl.h>
2011 #include <linux/quotaops.h>
2012 #include <linux/security.h>
2013 +#include <linux/proc_fs.h>
2014 +#include <linux/devpts_fs.h>
2015 +#include <linux/vserver/debug.h>
2016
2017 /* Taken over from the old code... */
2018
2019 @@ -56,6 +59,28 @@ int inode_change_ok(struct inode *inode,
2020 if (current->fsuid != inode->i_uid && !capable(CAP_FOWNER))
2021 goto error;
2022 }
2023 +
2024 + /* Check for evil vserver activity */
2025 + if (vx_check(0, VX_ADMIN))
2026 + goto fine;
2027 +
2028 + if (IS_BARRIER(inode)) {
2029 + vxwprintk(1, "xid=%d messing with the barrier.",
2030 + vx_current_xid());
2031 + goto error;
2032 + }
2033 + switch (inode->i_sb->s_magic) {
2034 + case PROC_SUPER_MAGIC:
2035 + vxwprintk(1, "xid=%d messing with the procfs.",
2036 + vx_current_xid());
2037 + goto error;
2038 + case DEVPTS_SUPER_MAGIC:
2039 + if (vx_check(inode->i_xid, VX_IDENT))
2040 + goto fine;
2041 + vxwprintk(1, "xid=%d messing with the devpts.",
2042 + vx_current_xid());
2043 + goto error;
2044 + }
2045 fine:
2046 retval = 0;
2047 error:
2048 @@ -79,6 +104,8 @@ int inode_setattr(struct inode * inode,
2049 inode->i_uid = attr->ia_uid;
2050 if (ia_valid & ATTR_GID)
2051 inode->i_gid = attr->ia_gid;
2052 + if ((ia_valid & ATTR_XID) && IS_TAGXID(inode))
2053 + inode->i_xid = attr->ia_xid;
2054 if (ia_valid & ATTR_ATIME)
2055 inode->i_atime = timespec_trunc(attr->ia_atime,
2056 inode->i_sb->s_time_gran);
2057 @@ -153,7 +180,8 @@ int notify_change(struct dentry * dentry
2058 error = security_inode_setattr(dentry, attr);
2059 if (!error) {
2060 if ((ia_valid & ATTR_UID && attr->ia_uid != inode->i_uid) ||
2061 - (ia_valid & ATTR_GID && attr->ia_gid != inode->i_gid))
2062 + (ia_valid & ATTR_GID && attr->ia_gid != inode->i_gid) ||
2063 + (ia_valid & ATTR_XID && attr->ia_xid != inode->i_xid))
2064 error = DQUOT_TRANSFER(inode, attr) ? -EDQUOT : 0;
2065 if (!error)
2066 error = inode_setattr(inode, attr);
2067 Index: vserver-sources-2.6.16_2.0.2/fs/binfmt_aout.c
2068 ===================================================================
2069 --- vserver-sources-2.6.16_2.0.2.orig/fs/binfmt_aout.c
2070 +++ vserver-sources-2.6.16_2.0.2/fs/binfmt_aout.c
2071 @@ -24,6 +24,7 @@
2072 #include <linux/binfmts.h>
2073 #include <linux/personality.h>
2074 #include <linux/init.h>
2075 +#include <linux/vs_memory.h>
2076
2077 #include <asm/system.h>
2078 #include <asm/uaccess.h>
2079 Index: vserver-sources-2.6.16_2.0.2/fs/binfmt_elf.c
2080 ===================================================================
2081 --- vserver-sources-2.6.16_2.0.2.orig/fs/binfmt_elf.c
2082 +++ vserver-sources-2.6.16_2.0.2/fs/binfmt_elf.c
2083 @@ -38,6 +38,7 @@
2084 #include <linux/security.h>
2085 #include <linux/syscalls.h>
2086 #include <linux/random.h>
2087 +#include <linux/vs_memory.h>
2088
2089 #include <asm/uaccess.h>
2090 #include <asm/param.h>
2091 Index: vserver-sources-2.6.16_2.0.2/fs/binfmt_flat.c
2092 ===================================================================
2093 --- vserver-sources-2.6.16_2.0.2.orig/fs/binfmt_flat.c
2094 +++ vserver-sources-2.6.16_2.0.2/fs/binfmt_flat.c
2095 @@ -36,6 +36,7 @@
2096 #include <linux/personality.h>
2097 #include <linux/init.h>
2098 #include <linux/flat.h>
2099 +#include <linux/vs_memory.h>
2100
2101 #include <asm/byteorder.h>
2102 #include <asm/system.h>
2103 Index: vserver-sources-2.6.16_2.0.2/fs/binfmt_som.c
2104 ===================================================================
2105 --- vserver-sources-2.6.16_2.0.2.orig/fs/binfmt_som.c
2106 +++ vserver-sources-2.6.16_2.0.2/fs/binfmt_som.c
2107 @@ -28,6 +28,7 @@
2108 #include <linux/shm.h>
2109 #include <linux/personality.h>
2110 #include <linux/init.h>
2111 +#include <linux/vs_memory.h>
2112
2113 #include <asm/uaccess.h>
2114 #include <asm/pgtable.h>
2115 Index: vserver-sources-2.6.16_2.0.2/fs/devpts/inode.c
2116 ===================================================================
2117 --- vserver-sources-2.6.16_2.0.2.orig/fs/devpts/inode.c
2118 +++ vserver-sources-2.6.16_2.0.2/fs/devpts/inode.c
2119 @@ -19,7 +19,19 @@
2120 #include <linux/tty.h>
2121 #include <linux/devpts_fs.h>
2122
2123 -#define DEVPTS_SUPER_MAGIC 0x1cd1
2124 +
2125 +static int devpts_permission(struct inode *inode, int mask, struct nameidata *nd)
2126 +{
2127 + int ret = -EACCES;
2128 +
2129 + if (vx_check(inode->i_xid, VX_IDENT))
2130 + ret = generic_permission(inode, mask, NULL);
2131 + return ret;
2132 +}
2133 +
2134 +static struct inode_operations devpts_file_inode_operations = {
2135 + .permission = devpts_permission,
2136 +};
2137
2138 static struct vfsmount *devpts_mnt;
2139 static struct dentry *devpts_root;
2140 @@ -69,6 +81,24 @@ static int devpts_remount(struct super_b
2141 return 0;
2142 }
2143
2144 +static int devpts_filter(struct dentry *de)
2145 +{
2146 + return vx_check(de->d_inode->i_xid, VX_IDENT);
2147 +}
2148 +
2149 +static int devpts_readdir(struct file * filp, void * dirent, filldir_t filldir)
2150 +{
2151 + return dcache_readdir_filter(filp, dirent, filldir, devpts_filter);
2152 +}
2153 +
2154 +static struct file_operations devpts_dir_operations = {
2155 + .open = dcache_dir_open,
2156 + .release = dcache_dir_close,
2157 + .llseek = dcache_dir_lseek,
2158 + .read = generic_read_dir,
2159 + .readdir = devpts_readdir,
2160 +};
2161 +
2162 static struct super_operations devpts_sops = {
2163 .statfs = simple_statfs,
2164 .remount_fs = devpts_remount,
2165 @@ -95,8 +125,9 @@ devpts_fill_super(struct super_block *s,
2166 inode->i_uid = inode->i_gid = 0;
2167 inode->i_mode = S_IFDIR | S_IRUGO | S_IXUGO | S_IWUSR;
2168 inode->i_op = &simple_dir_inode_operations;
2169 - inode->i_fop = &simple_dir_operations;
2170 + inode->i_fop = &devpts_dir_operations;
2171 inode->i_nlink = 2;
2172 + inode->i_xid = vx_current_xid();
2173
2174 devpts_root = s->s_root = d_alloc_root(inode);
2175 if (s->s_root)
2176 @@ -155,6 +186,8 @@ int devpts_pty_new(struct tty_struct *tt
2177 inode->i_gid = config.setgid ? config.gid : current->fsgid;
2178 inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME;
2179 init_special_inode(inode, S_IFCHR|config.mode, device);
2180 + inode->i_xid = vx_current_xid();
2181 + inode->i_op = &devpts_file_inode_operations;
2182 inode->u.generic_ip = tty;
2183
2184 dentry = get_node(number);
2185 Index: vserver-sources-2.6.16_2.0.2/fs/exec.c
2186 ===================================================================
2187 --- vserver-sources-2.6.16_2.0.2.orig/fs/exec.c
2188 +++ vserver-sources-2.6.16_2.0.2/fs/exec.c
2189 @@ -49,6 +49,7 @@
2190 #include <linux/rmap.h>
2191 #include <linux/acct.h>
2192 #include <linux/cn_proc.h>
2193 +#include <linux/vs_memory.h>
2194
2195 #include <asm/uaccess.h>
2196 #include <asm/mmu_context.h>
2197 @@ -436,7 +437,8 @@ int setup_arg_pages(struct linux_binprm
2198 kmem_cache_free(vm_area_cachep, mpnt);
2199 return ret;
2200 }
2201 - mm->stack_vm = mm->total_vm = vma_pages(mpnt);
2202 + vx_vmpages_sub(mm, mm->total_vm - vma_pages(mpnt));
2203 + mm->stack_vm = mm->total_vm;
2204 }
2205
2206 for (i = 0 ; i < MAX_ARG_PAGES ; i++) {
2207 Index: vserver-sources-2.6.16_2.0.2/fs/ext2/balloc.c
2208 ===================================================================
2209 --- vserver-sources-2.6.16_2.0.2.orig/fs/ext2/balloc.c
2210 +++ vserver-sources-2.6.16_2.0.2/fs/ext2/balloc.c
2211 @@ -17,6 +17,7 @@
2212 #include <linux/sched.h>
2213 #include <linux/buffer_head.h>
2214 #include <linux/capability.h>
2215 +#include <linux/vs_dlimit.h>
2216
2217 /*
2218 * balloc.c contains the blocks allocation and deallocation routines
2219 @@ -109,6 +110,8 @@ static int reserve_blocks(struct super_b
2220 free_blocks = percpu_counter_read_positive(&sbi->s_freeblocks_counter);
2221 root_blocks = le32_to_cpu(es->s_r_blocks_count);
2222
2223 + DLIMIT_ADJUST_BLOCK(sb, vx_current_xid(), &free_blocks, &root_blocks);
2224 +
2225 if (free_blocks < count)
2226 count = free_blocks;
2227
2228 @@ -259,6 +262,7 @@ do_more:
2229 }
2230 error_return:
2231 brelse(bitmap_bh);
2232 + DLIMIT_FREE_BLOCK(inode, freed);
2233 release_blocks(sb, freed);
2234 DQUOT_FREE_BLOCK(inode, freed);
2235 }
2236 @@ -362,6 +366,10 @@ int ext2_new_block(struct inode *inode,
2237 *err = -ENOSPC;
2238 goto out_dquot;
2239 }
2240 + if (DLIMIT_ALLOC_BLOCK(inode, es_alloc)) {
2241 + *err = -ENOSPC;
2242 + goto out_dlimit;
2243 + }
2244
2245 ext2_debug ("goal=%lu.\n", goal);
2246
2247 @@ -509,6 +517,8 @@ got_block:
2248 *err = 0;
2249 out_release:
2250 group_release_blocks(sb, group_no, desc, gdp_bh, group_alloc);
2251 + DLIMIT_FREE_BLOCK(inode, es_alloc);
2252 +out_dlimit:
2253 release_blocks(sb, es_alloc);
2254 out_dquot:
2255 DQUOT_FREE_BLOCK(inode, dq_alloc);
2256 Index: vserver-sources-2.6.16_2.0.2/fs/ext2/ext2.h
2257 ===================================================================
2258 --- vserver-sources-2.6.16_2.0.2.orig/fs/ext2/ext2.h
2259 +++ vserver-sources-2.6.16_2.0.2/fs/ext2/ext2.h
2260 @@ -162,6 +162,7 @@ extern struct file_operations ext2_xip_f
2261 extern struct address_space_operations ext2_aops;
2262 extern struct address_space_operations ext2_aops_xip;
2263 extern struct address_space_operations ext2_nobh_aops;
2264 +extern int ext2_sync_flags(struct inode *inode);
2265
2266 /* namei.c */
2267 extern struct inode_operations ext2_dir_inode_operations;
2268 Index: vserver-sources-2.6.16_2.0.2/fs/ext2/file.c
2269 ===================================================================
2270 --- vserver-sources-2.6.16_2.0.2.orig/fs/ext2/file.c
2271 +++ vserver-sources-2.6.16_2.0.2/fs/ext2/file.c
2272 @@ -79,4 +79,5 @@ struct inode_operations ext2_file_inode_
2273 #endif
2274 .setattr = ext2_setattr,
2275 .permission = ext2_permission,
2276 + .sync_flags = ext2_sync_flags,
2277 };
2278 Index: vserver-sources-2.6.16_2.0.2/fs/ext2/ialloc.c
2279 ===================================================================
2280 --- vserver-sources-2.6.16_2.0.2.orig/fs/ext2/ialloc.c
2281 +++ vserver-sources-2.6.16_2.0.2/fs/ext2/ialloc.c
2282 @@ -18,6 +18,8 @@
2283 #include <linux/backing-dev.h>
2284 #include <linux/buffer_head.h>
2285 #include <linux/random.h>
2286 +#include <linux/vs_dlimit.h>
2287 +#include <linux/vserver/xid.h>
2288 #include "ext2.h"
2289 #include "xattr.h"
2290 #include "acl.h"
2291 @@ -126,6 +128,7 @@ void ext2_free_inode (struct inode * ino
2292 ext2_xattr_delete_inode(inode);
2293 DQUOT_FREE_INODE(inode);
2294 DQUOT_DROP(inode);
2295 + DLIMIT_FREE_INODE(inode);
2296 }
2297
2298 es = EXT2_SB(sb)->s_es;
2299 @@ -465,6 +468,11 @@ struct inode *ext2_new_inode(struct inod
2300 if (!inode)
2301 return ERR_PTR(-ENOMEM);
2302
2303 + inode->i_xid = vx_current_fsxid(sb);
2304 + if (DLIMIT_ALLOC_INODE(inode)) {
2305 + err = -ENOSPC;
2306 + goto fail_dlim;
2307 + }
2308 ei = EXT2_I(inode);
2309 sbi = EXT2_SB(sb);
2310 es = sbi->s_es;
2311 @@ -579,7 +587,8 @@ got:
2312 inode->i_blocks = 0;
2313 inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME_SEC;
2314 memset(ei->i_data, 0, sizeof(ei->i_data));
2315 - ei->i_flags = EXT2_I(dir)->i_flags & ~EXT2_BTREE_FL;
2316 + ei->i_flags = EXT2_I(dir)->i_flags &
2317 + ~(EXT2_BTREE_FL|EXT2_IUNLINK_FL|EXT2_BARRIER_FL);
2318 if (S_ISLNK(mode))
2319 ei->i_flags &= ~(EXT2_IMMUTABLE_FL|EXT2_APPEND_FL);
2320 /* dirsync is only applied to directories */
2321 @@ -627,12 +636,15 @@ fail_free_drop:
2322
2323 fail_drop:
2324 DQUOT_DROP(inode);
2325 + DLIMIT_FREE_INODE(inode);
2326 inode->i_flags |= S_NOQUOTA;
2327 inode->i_nlink = 0;
2328 iput(inode);
2329 return ERR_PTR(err);
2330
2331 fail:
2332 + DLIMIT_FREE_INODE(inode);
2333 +fail_dlim:
2334 make_bad_inode(inode);
2335 iput(inode);
2336 return ERR_PTR(err);
2337 Index: vserver-sources-2.6.16_2.0.2/fs/ext2/inode.c
2338 ===================================================================
2339 --- vserver-sources-2.6.16_2.0.2.orig/fs/ext2/inode.c
2340 +++ vserver-sources-2.6.16_2.0.2/fs/ext2/inode.c
2341 @@ -31,6 +31,7 @@
2342 #include <linux/writeback.h>
2343 #include <linux/buffer_head.h>
2344 #include <linux/mpage.h>
2345 +#include <linux/vserver/xid.h>
2346 #include "ext2.h"
2347 #include "acl.h"
2348 #include "xip.h"
2349 @@ -1054,25 +1055,70 @@ void ext2_set_inode_flags(struct inode *
2350 {
2351 unsigned int flags = EXT2_I(inode)->i_flags;
2352
2353 - inode->i_flags &= ~(S_SYNC|S_APPEND|S_IMMUTABLE|S_NOATIME|S_DIRSYNC);
2354 + inode->i_flags &= ~(S_IMMUTABLE | S_IUNLINK | S_BARRIER |
2355 + S_SYNC | S_APPEND | S_NOATIME | S_DIRSYNC);
2356 +
2357 + if (flags & EXT2_IMMUTABLE_FL)
2358 + inode->i_flags |= S_IMMUTABLE;
2359 + if (flags & EXT2_IUNLINK_FL)
2360 + inode->i_flags |= S_IUNLINK;
2361 + if (flags & EXT2_BARRIER_FL)
2362 + inode->i_flags |= S_BARRIER;
2363 +
2364 if (flags & EXT2_SYNC_FL)
2365 inode->i_flags |= S_SYNC;
2366 if (flags & EXT2_APPEND_FL)
2367 inode->i_flags |= S_APPEND;
2368 - if (flags & EXT2_IMMUTABLE_FL)
2369 - inode->i_flags |= S_IMMUTABLE;
2370 if (flags & EXT2_NOATIME_FL)
2371 inode->i_flags |= S_NOATIME;
2372 if (flags & EXT2_DIRSYNC_FL)
2373 inode->i_flags |= S_DIRSYNC;
2374 }
2375
2376 +int ext2_sync_flags(struct inode *inode)
2377 +{
2378 + unsigned int oldflags, newflags;
2379 +
2380 + oldflags = EXT2_I(inode)->i_flags;
2381 + newflags = oldflags & ~(EXT2_APPEND_FL |
2382 + EXT2_IMMUTABLE_FL | EXT2_IUNLINK_FL |
2383 + EXT2_BARRIER_FL | EXT2_NOATIME_FL |
2384 + EXT2_SYNC_FL | EXT2_DIRSYNC_FL);
2385 +
2386 + if (IS_APPEND(inode))
2387 + newflags |= EXT2_APPEND_FL;
2388 + if (IS_IMMUTABLE(inode))
2389 + newflags |= EXT2_IMMUTABLE_FL;
2390 + if (IS_IUNLINK(inode))
2391 + newflags |= EXT2_IUNLINK_FL;
2392 + if (IS_BARRIER(inode))
2393 + newflags |= EXT2_BARRIER_FL;
2394 +
2395 + /* we do not want to copy superblock flags */
2396 + if (inode->i_flags & S_NOATIME)
2397 + newflags |= EXT2_NOATIME_FL;
2398 + if (inode->i_flags & S_SYNC)
2399 + newflags |= EXT2_SYNC_FL;
2400 + if (inode->i_flags & S_DIRSYNC)
2401 + newflags |= EXT2_DIRSYNC_FL;
2402 +
2403 + if (oldflags ^ newflags) {
2404 + EXT2_I(inode)->i_flags = newflags;
2405 + inode->i_ctime = CURRENT_TIME;
2406 + mark_inode_dirty(inode);
2407 + }
2408 +
2409 + return 0;
2410 +}
2411 +
2412 void ext2_read_inode (struct inode * inode)
2413 {
2414 struct ext2_inode_info *ei = EXT2_I(inode);
2415 ino_t ino = inode->i_ino;
2416 struct buffer_head * bh;
2417 struct ext2_inode * raw_inode = ext2_get_inode(inode->i_sb, ino, &bh);
2418 + uid_t uid;
2419 + gid_t gid;
2420 int n;
2421
2422 #ifdef CONFIG_EXT2_FS_POSIX_ACL
2423 @@ -1083,12 +1129,17 @@ void ext2_read_inode (struct inode * ino
2424 goto bad_inode;
2425
2426 inode->i_mode = le16_to_cpu(raw_inode->i_mode);
2427 - inode->i_uid = (uid_t)le16_to_cpu(raw_inode->i_uid_low);
2428 - inode->i_gid = (gid_t)le16_to_cpu(raw_inode->i_gid_low);
2429 + uid = (uid_t)le16_to_cpu(raw_inode->i_uid_low);
2430 + gid = (gid_t)le16_to_cpu(raw_inode->i_gid_low);
2431 if (!(test_opt (inode->i_sb, NO_UID32))) {
2432 - inode->i_uid |= le16_to_cpu(raw_inode->i_uid_high) << 16;
2433 - inode->i_gid |= le16_to_cpu(raw_inode->i_gid_high) << 16;
2434 + uid |= le16_to_cpu(raw_inode->i_uid_high) << 16;
2435 + gid |= le16_to_cpu(raw_inode->i_gid_high) << 16;
2436 }
2437 + inode->i_uid = INOXID_UID(XID_TAG(inode), uid, gid);
2438 + inode->i_gid = INOXID_GID(XID_TAG(inode), uid, gid);
2439 + inode->i_xid = INOXID_XID(XID_TAG(inode), uid, gid,
2440 + le16_to_cpu(raw_inode->i_raw_xid));
2441 +
2442 inode->i_nlink = le16_to_cpu(raw_inode->i_links_count);
2443 inode->i_size = le32_to_cpu(raw_inode->i_size);
2444 inode->i_atime.tv_sec = le32_to_cpu(raw_inode->i_atime);
2445 @@ -1186,8 +1237,8 @@ static int ext2_update_inode(struct inod
2446 struct ext2_inode_info *ei = EXT2_I(inode);
2447 struct super_block *sb = inode->i_sb;
2448 ino_t ino = inode->i_ino;
2449 - uid_t uid = inode->i_uid;
2450 - gid_t gid = inode->i_gid;
2451 + uid_t uid = XIDINO_UID(XID_TAG(inode), inode->i_uid, inode->i_xid);
2452 + gid_t gid = XIDINO_GID(XID_TAG(inode), inode->i_gid, inode->i_xid);
2453 struct buffer_head * bh;
2454 struct ext2_inode * raw_inode = ext2_get_inode(sb, ino, &bh);
2455 int n;
2456 @@ -1222,6 +1273,9 @@ static int ext2_update_inode(struct inod
2457 raw_inode->i_uid_high = 0;
2458 raw_inode->i_gid_high = 0;
2459 }
2460 +#ifdef CONFIG_INOXID_INTERN
2461 + raw_inode->i_raw_xid = cpu_to_le16(inode->i_xid);
2462 +#endif
2463 raw_inode->i_links_count = cpu_to_le16(inode->i_nlink);
2464 raw_inode->i_size = cpu_to_le32(inode->i_size);
2465 raw_inode->i_atime = cpu_to_le32(inode->i_atime.tv_sec);
2466 @@ -1308,11 +1362,13 @@ int ext2_setattr(struct dentry *dentry,
2467 if (error)
2468 return error;
2469 if ((iattr->ia_valid & ATTR_UID && iattr->ia_uid != inode->i_uid) ||
2470 - (iattr->ia_valid & ATTR_GID && iattr->ia_gid != inode->i_gid)) {
2471 + (iattr->ia_valid & ATTR_GID && iattr->ia_gid != inode->i_gid) ||
2472 + (iattr->ia_valid & ATTR_XID && iattr->ia_xid != inode->i_xid)) {
2473 error = DQUOT_TRANSFER(inode, iattr) ? -EDQUOT : 0;
2474 if (error)
2475 return error;
2476 }
2477 +
2478 error = inode_setattr(inode, iattr);
2479 if (!error && (iattr->ia_valid & ATTR_MODE))
2480 error = ext2_acl_chmod(inode);
2481 Index: vserver-sources-2.6.16_2.0.2/fs/ext2/ioctl.c
2482 ===================================================================
2483 --- vserver-sources-2.6.16_2.0.2.orig/fs/ext2/ioctl.c
2484 +++ vserver-sources-2.6.16_2.0.2/fs/ext2/ioctl.c
2485 @@ -11,6 +11,7 @@
2486 #include <linux/capability.h>
2487 #include <linux/time.h>
2488 #include <linux/sched.h>
2489 +#include <linux/mount.h>
2490 #include <asm/current.h>
2491 #include <asm/uaccess.h>
2492
2493 @@ -30,7 +31,8 @@ int ext2_ioctl (struct inode * inode, st
2494 case EXT2_IOC_SETFLAGS: {
2495 unsigned int oldflags;
2496
2497 - if (IS_RDONLY(inode))
2498 + if (IS_RDONLY(inode) ||
2499 + (filp && MNT_IS_RDONLY(filp->f_vfsmnt)))
2500 return -EROFS;
2501
2502 if ((current->fsuid != inode->i_uid) && !capable(CAP_FOWNER))
2503 @@ -50,7 +52,9 @@ int ext2_ioctl (struct inode * inode, st
2504 *
2505 * This test looks nicer. Thanks to Pauline Middelink
2506 */
2507 - if ((flags ^ oldflags) & (EXT2_APPEND_FL | EXT2_IMMUTABLE_FL)) {
2508 + if ((oldflags & EXT2_IMMUTABLE_FL) ||
2509 + ((flags ^ oldflags) & (EXT2_APPEND_FL |
2510 + EXT2_IMMUTABLE_FL | EXT2_IUNLINK_FL))) {
2511 if (!capable(CAP_LINUX_IMMUTABLE))
2512 return -EPERM;
2513 }
2514 @@ -69,7 +73,8 @@ int ext2_ioctl (struct inode * inode, st
2515 case EXT2_IOC_SETVERSION:
2516 if ((current->fsuid != inode->i_uid) && !capable(CAP_FOWNER))
2517 return -EPERM;
2518 - if (IS_RDONLY(inode))
2519 + if (IS_RDONLY(inode) ||
2520 + (filp && MNT_IS_RDONLY(filp->f_vfsmnt)))
2521 return -EROFS;
2522 if (get_user(inode->i_generation, (int __user *) arg))
2523 return -EFAULT;
2524 Index: vserver-sources-2.6.16_2.0.2/fs/ext2/namei.c
2525 ===================================================================
2526 --- vserver-sources-2.6.16_2.0.2.orig/fs/ext2/namei.c
2527 +++ vserver-sources-2.6.16_2.0.2/fs/ext2/namei.c
2528 @@ -31,6 +31,7 @@
2529 */
2530
2531 #include <linux/pagemap.h>
2532 +#include <linux/vserver/xid.h>
2533 #include "ext2.h"
2534 #include "xattr.h"
2535 #include "acl.h"
2536 @@ -82,6 +83,7 @@ static struct dentry *ext2_lookup(struct
2537 inode = iget(dir->i_sb, ino);
2538 if (!inode)
2539 return ERR_PTR(-EACCES);
2540 + vx_propagate_xid(nd, inode);
2541 }
2542 return d_splice_alias(inode, dentry);
2543 }
2544 @@ -407,6 +409,7 @@ struct inode_operations ext2_dir_inode_o
2545 #endif
2546 .setattr = ext2_setattr,
2547 .permission = ext2_permission,
2548 + .sync_flags = ext2_sync_flags,
2549 };
2550
2551 struct inode_operations ext2_special_inode_operations = {
2552 @@ -418,4 +421,5 @@ struct inode_operations ext2_special_ino
2553 #endif
2554 .setattr = ext2_setattr,
2555 .permission = ext2_permission,
2556 + .sync_flags = ext2_sync_flags,
2557 };
2558 Index: vserver-sources-2.6.16_2.0.2/fs/ext2/super.c
2559 ===================================================================
2560 --- vserver-sources-2.6.16_2.0.2.orig/fs/ext2/super.c
2561 +++ vserver-sources-2.6.16_2.0.2/fs/ext2/super.c
2562 @@ -289,7 +289,7 @@ enum {
2563 Opt_err_ro, Opt_nouid32, Opt_nocheck, Opt_debug,
2564 Opt_oldalloc, Opt_orlov, Opt_nobh, Opt_user_xattr, Opt_nouser_xattr,
2565 Opt_acl, Opt_noacl, Opt_xip, Opt_ignore, Opt_err, Opt_quota,
2566 - Opt_usrquota, Opt_grpquota
2567 + Opt_usrquota, Opt_grpquota, Opt_tagxid
2568 };
2569
2570 static match_table_t tokens = {
2571 @@ -317,6 +317,7 @@ static match_table_t tokens = {
2572 {Opt_acl, "acl"},
2573 {Opt_noacl, "noacl"},
2574 {Opt_xip, "xip"},
2575 + {Opt_tagxid, "tagxid"},
2576 {Opt_grpquota, "grpquota"},
2577 {Opt_ignore, "noquota"},
2578 {Opt_quota, "quota"},
2579 @@ -380,6 +381,11 @@ static int parse_options (char * options
2580 case Opt_nouid32:
2581 set_opt (sbi->s_mount_opt, NO_UID32);
2582 break;
2583 +#ifndef CONFIG_INOXID_NONE
2584 + case Opt_tagxid:
2585 + set_opt (sbi->s_mount_opt, TAGXID);
2586 + break;
2587 +#endif
2588 case Opt_nocheck:
2589 clear_opt (sbi->s_mount_opt, CHECK);
2590 break;
2591 @@ -681,6 +687,8 @@ static int ext2_fill_super(struct super_
2592 if (!parse_options ((char *) data, sbi))
2593 goto failed_mount;
2594
2595 + if (EXT2_SB(sb)->s_mount_opt & EXT2_MOUNT_TAGXID)
2596 + sb->s_flags |= MS_TAGXID;
2597 sb->s_flags = (sb->s_flags & ~MS_POSIXACL) |
2598 ((EXT2_SB(sb)->s_mount_opt & EXT2_MOUNT_POSIX_ACL) ?
2599 MS_POSIXACL : 0);
2600 @@ -990,6 +998,13 @@ static int ext2_remount (struct super_bl
2601 goto restore_opts;
2602 }
2603
2604 + if ((sbi->s_mount_opt & EXT2_MOUNT_TAGXID) &&
2605 + !(sb->s_flags & MS_TAGXID)) {
2606 + printk("EXT2-fs: %s: tagxid not permitted on remount.\n",
2607 + sb->s_id);
2608 + return -EINVAL;
2609 + }
2610 +
2611 sb->s_flags = (sb->s_flags & ~MS_POSIXACL) |
2612 ((sbi->s_mount_opt & EXT2_MOUNT_POSIX_ACL) ? MS_POSIXACL : 0);
2613
2614 Index: vserver-sources-2.6.16_2.0.2/fs/ext2/symlink.c
2615 ===================================================================
2616 --- vserver-sources-2.6.16_2.0.2.orig/fs/ext2/symlink.c
2617 +++ vserver-sources-2.6.16_2.0.2/fs/ext2/symlink.c
2618 @@ -38,6 +38,7 @@ struct inode_operations ext2_symlink_ino
2619 .listxattr = ext2_listxattr,
2620 .removexattr = generic_removexattr,
2621 #endif
2622 + .sync_flags = ext2_sync_flags,
2623 };
2624
2625 struct inode_operations ext2_fast_symlink_inode_operations = {
2626 @@ -49,4 +50,5 @@ struct inode_operations ext2_fast_symlin
2627 .listxattr = ext2_listxattr,
2628 .removexattr = generic_removexattr,
2629 #endif
2630 + .sync_flags = ext2_sync_flags,
2631 };
2632 Index: vserver-sources-2.6.16_2.0.2/fs/ext2/xattr.c
2633 ===================================================================
2634 --- vserver-sources-2.6.16_2.0.2.orig/fs/ext2/xattr.c
2635 +++ vserver-sources-2.6.16_2.0.2/fs/ext2/xattr.c
2636 @@ -60,6 +60,7 @@
2637 #include <linux/mbcache.h>
2638 #include <linux/quotaops.h>
2639 #include <linux/rwsem.h>
2640 +#include <linux/vs_dlimit.h>
2641 #include "ext2.h"
2642 #include "xattr.h"
2643 #include "acl.h"
2644 @@ -645,8 +646,12 @@ ext2_xattr_set2(struct inode *inode, str
2645 the inode. */
2646 ea_bdebug(new_bh, "reusing block");
2647
2648 + error = -ENOSPC;
2649 + if (DLIMIT_ALLOC_BLOCK(inode, 1))
2650 + goto cleanup;
2651 error = -EDQUOT;
2652 if (DQUOT_ALLOC_BLOCK(inode, 1)) {
2653 + DLIMIT_FREE_BLOCK(inode, 1);
2654 unlock_buffer(new_bh);
2655 goto cleanup;
2656 }
2657 @@ -740,6 +745,7 @@ ext2_xattr_set2(struct inode *inode, str
2658 le32_to_cpu(HDR(old_bh)->h_refcount) - 1);
2659 if (ce)
2660 mb_cache_entry_release(ce);
2661 + DLIMIT_FREE_BLOCK(inode, 1);
2662 DQUOT_FREE_BLOCK(inode, 1);
2663 mark_buffer_dirty(old_bh);
2664 ea_bdebug(old_bh, "refcount now=%d",
2665 @@ -804,6 +810,7 @@ ext2_xattr_delete_inode(struct inode *in
2666 mark_buffer_dirty(bh);
2667 if (IS_SYNC(inode))
2668 sync_dirty_buffer(bh);
2669 + DLIMIT_FREE_BLOCK(inode, 1);
2670 DQUOT_FREE_BLOCK(inode, 1);
2671 }
2672 EXT2_I(inode)->i_file_acl = 0;
2673 Index: vserver-sources-2.6.16_2.0.2/fs/ext3/balloc.c
2674 ===================================================================
2675 --- vserver-sources-2.6.16_2.0.2.orig/fs/ext3/balloc.c
2676 +++ vserver-sources-2.6.16_2.0.2/fs/ext3/balloc.c
2677 @@ -20,6 +20,7 @@
2678 #include <linux/ext3_jbd.h>
2679 #include <linux/quotaops.h>
2680 #include <linux/buffer_head.h>
2681 +#include <linux/vs_dlimit.h>
2682
2683 /*
2684 * balloc.c contains the blocks allocation and deallocation routines
2685 @@ -504,8 +505,10 @@ void ext3_free_blocks(handle_t *handle,
2686 return;
2687 }
2688 ext3_free_blocks_sb(handle, sb, block, count, &dquot_freed_blocks);
2689 - if (dquot_freed_blocks)
2690 + if (dquot_freed_blocks) {
2691 + DLIMIT_FREE_BLOCK(inode, dquot_freed_blocks);
2692 DQUOT_FREE_BLOCK(inode, dquot_freed_blocks);
2693 + }
2694 return;
2695 }
2696
2697 @@ -1116,18 +1119,32 @@ out:
2698 return ret;
2699 }
2700
2701 -static int ext3_has_free_blocks(struct ext3_sb_info *sbi)
2702 +static int ext3_has_free_blocks(struct super_block *sb)
2703 {
2704 - int free_blocks, root_blocks;
2705 + struct ext3_sb_info *sbi = EXT3_SB(sb);
2706 + int free_blocks, root_blocks, cond;
2707
2708 free_blocks = percpu_counter_read_positive(&sbi->s_freeblocks_counter);
2709 root_blocks = le32_to_cpu(sbi->s_es->s_r_blocks_count);
2710 - if (free_blocks < root_blocks + 1 && !capable(CAP_SYS_RESOURCE) &&
2711 +
2712 + vxdprintk(VXD_CBIT(dlim, 3),
2713 + "ext3_has_free_blocks(%p): free=%u, root=%u",
2714 + sb, free_blocks, root_blocks);
2715 +
2716 + DLIMIT_ADJUST_BLOCK(sb, vx_current_xid(), &free_blocks, &root_blocks);
2717 +
2718 + cond = (free_blocks < root_blocks + 1 &&
2719 + !capable(CAP_SYS_RESOURCE) &&
2720 sbi->s_resuid != current->fsuid &&
2721 - (sbi->s_resgid == 0 || !in_group_p (sbi->s_resgid))) {
2722 - return 0;
2723 - }
2724 - return 1;
2725 + (sbi->s_resgid == 0 || !in_group_p (sbi->s_resgid)));
2726 +
2727 + vxdprintk(VXD_CBIT(dlim, 3),
2728 + "ext3_has_free_blocks(%p): %u<%u+1, %c, %u!=%u r=%d",
2729 + sb, free_blocks, root_blocks,
2730 + !capable(CAP_SYS_RESOURCE)?'1':'0',
2731 + sbi->s_resuid, current->fsuid, cond?0:1);
2732 +
2733 + return (cond ? 0 : 1);
2734 }
2735
2736 /*
2737 @@ -1138,7 +1155,7 @@ static int ext3_has_free_blocks(struct e
2738 */
2739 int ext3_should_retry_alloc(struct super_block *sb, int *retries)
2740 {
2741 - if (!ext3_has_free_blocks(EXT3_SB(sb)) || (*retries)++ > 3)
2742 + if (!ext3_has_free_blocks(sb) || (*retries)++ > 3)
2743 return 0;
2744
2745 jbd_debug(1, "%s: retrying operation after ENOSPC\n", sb->s_id);
2746 @@ -1193,6 +1210,8 @@ int ext3_new_block(handle_t *handle, str
2747 *errp = -EDQUOT;
2748 return 0;
2749 }
2750 + if (DLIMIT_ALLOC_BLOCK(inode, 1))
2751 + goto out_dlimit;
2752
2753 sbi = EXT3_SB(sb);
2754 es = EXT3_SB(sb)->s_es;
2755 @@ -1209,7 +1228,7 @@ int ext3_new_block(handle_t *handle, str
2756 if (block_i && ((windowsz = block_i->rsv_window_node.rsv_goal_size) > 0))
2757 my_rsv = &block_i->rsv_window_node;
2758
2759 - if (!ext3_has_free_blocks(sbi)) {
2760 + if (!ext3_has_free_blocks(sb)) {
2761 *errp = -ENOSPC;
2762 goto out;
2763 }
2764 @@ -1393,6 +1412,9 @@ allocated:
2765 io_error:
2766 *errp = -EIO;
2767 out:
2768 + if (!performed_allocation)
2769 + DLIMIT_FREE_BLOCK(inode, 1);
2770 +out_dlimit:
2771 if (fatal) {
2772 *errp = fatal;
2773 ext3_std_error(sb, fatal);
2774 Index: vserver-sources-2.6.16_2.0.2/fs/ext3/file.c
2775 ===================================================================
2776 --- vserver-sources-2.6.16_2.0.2.orig/fs/ext3/file.c
2777 +++ vserver-sources-2.6.16_2.0.2/fs/ext3/file.c
2778 @@ -131,5 +131,6 @@ struct inode_operations ext3_file_inode_
2779 .removexattr = generic_removexattr,
2780 #endif
2781 .permission = ext3_permission,
2782 + .sync_flags = ext3_sync_flags,
2783 };
2784
2785 Index: vserver-sources-2.6.16_2.0.2/fs/ext3/ialloc.c
2786 ===================================================================
2787 --- vserver-sources-2.6.16_2.0.2.orig/fs/ext3/ialloc.c
2788 +++ vserver-sources-2.6.16_2.0.2/fs/ext3/ialloc.c
2789 @@ -23,6 +23,8 @@
2790 #include <linux/buffer_head.h>
2791 #include <linux/random.h>
2792 #include <linux/bitops.h>
2793 +#include <linux/vs_dlimit.h>
2794 +#include <linux/vserver/xid.h>
2795
2796 #include <asm/byteorder.h>
2797
2798 @@ -127,6 +129,7 @@ void ext3_free_inode (handle_t *handle,
2799 ext3_xattr_delete_inode(handle, inode);
2800 DQUOT_FREE_INODE(inode);
2801 DQUOT_DROP(inode);
2802 + DLIMIT_FREE_INODE(inode);
2803
2804 is_directory = S_ISDIR(inode->i_mode);
2805
2806 @@ -443,6 +446,12 @@ struct inode *ext3_new_inode(handle_t *h
2807 inode = new_inode(sb);
2808 if (!inode)
2809 return ERR_PTR(-ENOMEM);
2810 +
2811 + inode->i_xid = vx_current_fsxid(sb);
2812 + if (DLIMIT_ALLOC_INODE(inode)) {
2813 + err = -ENOSPC;
2814 + goto out_dlimit;
2815 + }
2816 ei = EXT3_I(inode);
2817
2818 sbi = EXT3_SB(sb);
2819 @@ -565,7 +574,8 @@ got:
2820 ei->i_dir_start_lookup = 0;
2821 ei->i_disksize = 0;
2822
2823 - ei->i_flags = EXT3_I(dir)->i_flags & ~EXT3_INDEX_FL;
2824 + ei->i_flags = EXT3_I(dir)->i_flags &
2825 + ~(EXT3_INDEX_FL|EXT3_IUNLINK_FL|EXT3_BARRIER_FL);
2826 if (S_ISLNK(mode))
2827 ei->i_flags &= ~(EXT3_IMMUTABLE_FL|EXT3_APPEND_FL);
2828 /* dirsync only applies to directories */
2829 @@ -620,6 +630,8 @@ got:
2830 fail:
2831 ext3_std_error(sb, err);
2832 out:
2833 + DLIMIT_FREE_INODE(inode);
2834 +out_dlimit:
2835 iput(inode);
2836 ret = ERR_PTR(err);
2837 really_out:
2838 @@ -631,6 +643,7 @@ fail_free_drop:
2839
2840 fail_drop:
2841 DQUOT_DROP(inode);
2842 + DLIMIT_FREE_INODE(inode);
2843 inode->i_flags |= S_NOQUOTA;
2844 inode->i_nlink = 0;
2845 iput(inode);
2846 Index: vserver-sources-2.6.16_2.0.2/fs/ext3/inode.c
2847 ===================================================================
2848 --- vserver-sources-2.6.16_2.0.2.orig/fs/ext3/inode.c
2849 +++ vserver-sources-2.6.16_2.0.2/fs/ext3/inode.c
2850 @@ -36,6 +36,7 @@
2851 #include <linux/writeback.h>
2852 #include <linux/mpage.h>
2853 #include <linux/uio.h>
2854 +#include <linux/vserver/xid.h>
2855 #include "xattr.h"
2856 #include "acl.h"
2857
2858 @@ -2422,19 +2423,77 @@ void ext3_set_inode_flags(struct inode *
2859 {
2860 unsigned int flags = EXT3_I(inode)->i_flags;
2861
2862 - inode->i_flags &= ~(S_SYNC|S_APPEND|S_IMMUTABLE|S_NOATIME|S_DIRSYNC);
2863 + inode->i_flags &= ~(S_IMMUTABLE | S_IUNLINK | S_BARRIER |
2864 + S_SYNC | S_APPEND | S_NOATIME | S_DIRSYNC);
2865 +
2866 + if (flags & EXT3_IMMUTABLE_FL)
2867 + inode->i_flags |= S_IMMUTABLE;
2868 + if (flags & EXT3_IUNLINK_FL)
2869 + inode->i_flags |= S_IUNLINK;
2870 + if (flags & EXT3_BARRIER_FL)
2871 + inode->i_flags |= S_BARRIER;
2872 +
2873 if (flags & EXT3_SYNC_FL)
2874 inode->i_flags |= S_SYNC;
2875 if (flags & EXT3_APPEND_FL)
2876 inode->i_flags |= S_APPEND;
2877 - if (flags & EXT3_IMMUTABLE_FL)
2878 - inode->i_flags |= S_IMMUTABLE;
2879 if (flags & EXT3_NOATIME_FL)
2880 inode->i_flags |= S_NOATIME;
2881 if (flags & EXT3_DIRSYNC_FL)
2882 inode->i_flags |= S_DIRSYNC;
2883 }
2884
2885 +int ext3_sync_flags(struct inode *inode)
2886 +{
2887 + unsigned int oldflags, newflags;
2888 + int err = 0;
2889 +
2890 + oldflags = EXT3_I(inode)->i_flags;
2891 + newflags = oldflags & ~(EXT3_APPEND_FL |
2892 + EXT3_IMMUTABLE_FL | EXT3_IUNLINK_FL |
2893 + EXT3_BARRIER_FL | EXT3_NOATIME_FL |
2894 + EXT3_SYNC_FL | EXT3_DIRSYNC_FL);
2895 +
2896 + if (IS_APPEND(inode))
2897 + newflags |= EXT3_APPEND_FL;
2898 + if (IS_IMMUTABLE(inode))
2899 + newflags |= EXT3_IMMUTABLE_FL;
2900 + if (IS_IUNLINK(inode))
2901 + newflags |= EXT3_IUNLINK_FL;
2902 + if (IS_BARRIER(inode))
2903 + newflags |= EXT3_BARRIER_FL;
2904 +
2905 + /* we do not want to copy superblock flags */
2906 + if (inode->i_flags & S_NOATIME)
2907 + newflags |= EXT3_NOATIME_FL;
2908 + if (inode->i_flags & S_SYNC)
2909 + newflags |= EXT3_SYNC_FL;
2910 + if (inode->i_flags & S_DIRSYNC)
2911 + newflags |= EXT3_DIRSYNC_FL;
2912 +
2913 + if (oldflags ^ newflags) {
2914 + handle_t *handle;
2915 + struct ext3_iloc iloc;
2916 +
2917 + handle = ext3_journal_start(inode, 1);
2918 + if (IS_ERR(handle))
2919 + return PTR_ERR(handle);
2920 + if (IS_SYNC(inode))
2921 + handle->h_sync = 1;
2922 + err = ext3_reserve_inode_write(handle, inode, &iloc);
2923 + if (err)
2924 + goto flags_err;
2925 +
2926 + EXT3_I(inode)->i_flags = newflags;
2927 + inode->i_ctime = CURRENT_TIME;
2928 +
2929 + err = ext3_mark_iloc_dirty(handle, inode, &iloc);
2930 + flags_err:
2931 + ext3_journal_stop(handle);
2932 + }
2933 + return err;
2934 +}
2935 +
2936 void ext3_read_inode(struct inode * inode)
2937 {
2938 struct ext3_iloc iloc;
2939 @@ -2442,6 +2501,8 @@ void ext3_read_inode(struct inode * inod
2940 struct ext3_inode_info *ei = EXT3_I(inode);
2941 struct buffer_head *bh;
2942 int block;
2943 + uid_t uid;
2944 + gid_t gid;
2945
2946 #ifdef CONFIG_EXT3_FS_POSIX_ACL
2947 ei->i_acl = EXT3_ACL_NOT_CACHED;
2948 @@ -2454,12 +2515,17 @@ void ext3_read_inode(struct inode * inod
2949 bh = iloc.bh;
2950 raw_inode = ext3_raw_inode(&iloc);
2951 inode->i_mode = le16_to_cpu(raw_inode->i_mode);
2952 - inode->i_uid = (uid_t)le16_to_cpu(raw_inode->i_uid_low);
2953 - inode->i_gid = (gid_t)le16_to_cpu(raw_inode->i_gid_low);
2954 + uid = (uid_t)le16_to_cpu(raw_inode->i_uid_low);
2955 + gid = (gid_t)le16_to_cpu(raw_inode->i_gid_low);
2956 if(!(test_opt (inode->i_sb, NO_UID32))) {
2957 - inode->i_uid |= le16_to_cpu(raw_inode->i_uid_high) << 16;
2958 - inode->i_gid |= le16_to_cpu(raw_inode->i_gid_high) << 16;
2959 + uid |= le16_to_cpu(raw_inode->i_uid_high) << 16;
2960 + gid |= le16_to_cpu(raw_inode->i_gid_high) << 16;
2961 }
2962 + inode->i_uid = INOXID_UID(XID_TAG(inode), uid, gid);
2963 + inode->i_gid = INOXID_GID(XID_TAG(inode), uid, gid);
2964 + inode->i_xid = INOXID_XID(XID_TAG(inode), uid, gid,
2965 + le16_to_cpu(raw_inode->i_raw_xid));
2966 +
2967 inode->i_nlink = le16_to_cpu(raw_inode->i_links_count);
2968 inode->i_size = le32_to_cpu(raw_inode->i_size);
2969 inode->i_atime.tv_sec = le32_to_cpu(raw_inode->i_atime);
2970 @@ -2586,6 +2652,8 @@ static int ext3_do_update_inode(handle_t
2971 struct ext3_inode *raw_inode = ext3_raw_inode(iloc);
2972 struct ext3_inode_info *ei = EXT3_I(inode);
2973 struct buffer_head *bh = iloc->bh;
2974 + uid_t uid = XIDINO_UID(XID_TAG(inode), inode->i_uid, inode->i_xid);
2975 + gid_t gid = XIDINO_GID(XID_TAG(inode), inode->i_gid, inode->i_xid);
2976 int err = 0, rc, block;
2977
2978 /* For fields not not tracking in the in-memory inode,
2979 @@ -2595,29 +2663,32 @@ static int ext3_do_update_inode(handle_t
2980
2981 raw_inode->i_mode = cpu_to_le16(inode->i_mode);
2982 if(!(test_opt(inode->i_sb, NO_UID32))) {
2983 - raw_inode->i_uid_low = cpu_to_le16(low_16_bits(inode->i_uid));
2984 - raw_inode->i_gid_low = cpu_to_le16(low_16_bits(inode->i_gid));
2985 + raw_inode->i_uid_low = cpu_to_le16(low_16_bits(uid));
2986 + raw_inode->i_gid_low = cpu_to_le16(low_16_bits(gid));
2987 /*
2988 * Fix up interoperability with old kernels. Otherwise, old inodes get
2989 * re-used with the upper 16 bits of the uid/gid intact
2990 */
2991 if(!ei->i_dtime) {
2992 raw_inode->i_uid_high =
2993 - cpu_to_le16(high_16_bits(inode->i_uid));
2994 + cpu_to_le16(high_16_bits(uid));
2995 raw_inode->i_gid_high =
2996 - cpu_to_le16(high_16_bits(inode->i_gid));
2997 + cpu_to_le16(high_16_bits(gid));
2998 } else {
2999 raw_inode->i_uid_high = 0;
3000 raw_inode->i_gid_high = 0;
3001 }
3002 } else {
3003 raw_inode->i_uid_low =
3004 - cpu_to_le16(fs_high2lowuid(inode->i_uid));
3005 + cpu_to_le16(fs_high2lowuid(uid));
3006 raw_inode->i_gid_low =
3007 - cpu_to_le16(fs_high2lowgid(inode->i_gid));
3008 + cpu_to_le16(fs_high2lowgid(gid));
3009 raw_inode->i_uid_high = 0;
3010 raw_inode->i_gid_high = 0;
3011 }
3012 +#ifdef CONFIG_INOXID_INTERN
3013 + raw_inode->i_raw_xid = cpu_to_le16(inode->i_xid);
3014 +#endif
3015 raw_inode->i_links_count = cpu_to_le16(inode->i_nlink);
3016 raw_inode->i_size = cpu_to_le32(ei->i_disksize);
3017 raw_inode->i_atime = cpu_to_le32(inode->i_atime.tv_sec);
3018 @@ -2770,7 +2841,8 @@ int ext3_setattr(struct dentry *dentry,
3019 return error;
3020
3021 if ((ia_valid & ATTR_UID && attr->ia_uid != inode->i_uid) ||
3022 - (ia_valid & ATTR_GID && attr->ia_gid != inode->i_gid)) {
3023 + (ia_valid & ATTR_GID && attr->ia_gid != inode->i_gid) ||
3024 + (ia_valid & ATTR_XID && attr->ia_xid != inode->i_xid)) {
3025 handle_t *handle;
3026
3027 /* (user+group)*(old+new) structure, inode write (sb,
3028 @@ -2792,6 +2864,8 @@ int ext3_setattr(struct dentry *dentry,
3029 inode->i_uid = attr->ia_uid;
3030 if (attr->ia_valid & ATTR_GID)
3031 inode->i_gid = attr->ia_gid;
3032 + if ((attr->ia_valid & ATTR_XID) && IS_TAGXID(inode))
3033 + inode->i_xid = attr->ia_xid;
3034 error = ext3_mark_inode_dirty(handle, inode);
3035 ext3_journal_stop(handle);
3036 }
3037 Index: vserver-sources-2.6.16_2.0.2/fs/ext3/ioctl.c
3038 ===================================================================
3039 --- vserver-sources-2.6.16_2.0.2.orig/fs/ext3/ioctl.c
3040 +++ vserver-sources-2.6.16_2.0.2/fs/ext3/ioctl.c
3041 @@ -8,11 +8,13 @@
3042 */
3043
3044 #include <linux/fs.h>
3045 +#include <linux/mount.h>
3046 #include <linux/jbd.h>
3047 #include <linux/capability.h>
3048 #include <linux/ext3_fs.h>
3049 #include <linux/ext3_jbd.h>
3050 #include <linux/time.h>
3051 +#include <linux/vserver/xid.h>
3052 #include <asm/uaccess.h>
3053
3054
3055 @@ -36,7 +38,8 @@ int ext3_ioctl (struct inode * inode, st
3056 unsigned int oldflags;
3057 unsigned int jflag;
3058
3059 - if (IS_RDONLY(inode))
3060 + if (IS_RDONLY(inode) ||
3061 + (filp && MNT_IS_RDONLY(filp->f_vfsmnt)))
3062 return -EROFS;
3063
3064 if ((current->fsuid != inode->i_uid) && !capable(CAP_FOWNER))
3065 @@ -59,7 +62,9 @@ int ext3_ioctl (struct inode * inode, st
3066 *
3067 * This test looks nicer. Thanks to Pauline Middelink
3068 */
3069 - if ((flags ^ oldflags) & (EXT3_APPEND_FL | EXT3_IMMUTABLE_FL)) {
3070 + if ((oldflags & EXT3_IMMUTABLE_FL) ||
3071 + ((flags ^ oldflags) & (EXT3_APPEND_FL |
3072 + EXT3_IMMUTABLE_FL | EXT3_IUNLINK_FL))) {
3073 if (!capable(CAP_LINUX_IMMUTABLE))
3074 return -EPERM;
3075 }
3076 @@ -112,7 +117,8 @@ flags_err:
3077
3078 if ((current->fsuid != inode->i_uid) && !capable(CAP_FOWNER))
3079 return -EPERM;
3080 - if (IS_RDONLY(inode))
3081 + if (IS_RDONLY(inode) ||
3082 + (filp && MNT_IS_RDONLY(filp->f_vfsmnt)))
3083 return -EROFS;
3084 if (get_user(generation, (int __user *) arg))
3085 return -EFAULT;
3086 @@ -166,7 +172,8 @@ flags_err:
3087 if (!test_opt(inode->i_sb, RESERVATION) ||!S_ISREG(inode->i_mode))
3088 return -ENOTTY;
3089
3090 - if (IS_RDONLY(inode))
3091 + if (IS_RDONLY(inode) ||
3092 + (filp && MNT_IS_RDONLY(filp->f_vfsmnt)))
3093 return -EROFS;
3094
3095 if ((current->fsuid != inode->i_uid) && !capable(CAP_FOWNER))
3096 @@ -201,7 +208,8 @@ flags_err:
3097 if (!capable(CAP_SYS_RESOURCE))
3098 return -EPERM;
3099
3100 - if (IS_RDONLY(inode))
3101 + if (IS_RDONLY(inode) ||
3102 + (filp && MNT_IS_RDONLY(filp->f_vfsmnt)))
3103 return -EROFS;
3104
3105 if (get_user(n_blocks_count, (__u32 __user *)arg))
3106 @@ -222,7 +230,8 @@ flags_err:
3107 if (!capable(CAP_SYS_RESOURCE))
3108 return -EPERM;
3109
3110 - if (IS_RDONLY(inode))
3111 + if (IS_RDONLY(inode) ||
3112 + (filp && MNT_IS_RDONLY(filp->f_vfsmnt)))
3113 return -EROFS;
3114
3115 if (copy_from_user(&input, (struct ext3_new_group_input __user *)arg,
3116 @@ -237,6 +246,38 @@ flags_err:
3117 return err;
3118 }
3119
3120 +#if defined(CONFIG_VSERVER_LEGACY) && !defined(CONFIG_INOXID_NONE)
3121 + case EXT3_IOC_SETXID: {
3122 + handle_t *handle;
3123 + struct ext3_iloc iloc;
3124 + int xid;
3125 + int err;
3126 +
3127 + /* fixme: if stealth, return -ENOTTY */
3128 + if (!capable(CAP_CONTEXT))
3129 + return -EPERM;
3130 + if (IS_RDONLY(inode))
3131 + return -EROFS;
3132 + if (!(inode->i_sb->s_flags & MS_TAGXID))
3133 + return -ENOSYS;
3134 + if (get_user(xid, (int *) arg))
3135 + return -EFAULT;
3136 +
3137 + handle = ext3_journal_start(inode, 1);
3138 + if (IS_ERR(handle))
3139 + return PTR_ERR(handle);
3140 + err = ext3_reserve_inode_write(handle, inode, &iloc);
3141 + if (err)
3142 + return err;
3143 +
3144 + inode->i_xid = (xid & 0xFFFF);
3145 + inode->i_ctime = CURRENT_TIME;
3146 +
3147 + err = ext3_mark_iloc_dirty(handle, inode, &iloc);
3148 + ext3_journal_stop(handle);
3149 + return err;
3150 + }
3151 +#endif
3152
3153 default:
3154 return -ENOTTY;
3155 Index: vserver-sources-2.6.16_2.0.2/fs/ext3/namei.c
3156 ===================================================================
3157 --- vserver-sources-2.6.16_2.0.2.orig/fs/ext3/namei.c
3158 +++ vserver-sources-2.6.16_2.0.2/fs/ext3/namei.c
3159 @@ -36,6 +36,7 @@
3160 #include <linux/quotaops.h>
3161 #include <linux/buffer_head.h>
3162 #include <linux/smp_lock.h>
3163 +#include <linux/vserver/xid.h>
3164
3165 #include "namei.h"
3166 #include "xattr.h"
3167 @@ -1004,6 +1005,7 @@ static struct dentry *ext3_lookup(struct
3168
3169 if (!inode)
3170 return ERR_PTR(-EACCES);
3171 + vx_propagate_xid(nd, inode);
3172 }
3173 return d_splice_alias(inode, dentry);
3174 }
3175 @@ -2373,6 +2375,7 @@ struct inode_operations ext3_dir_inode_o
3176 .removexattr = generic_removexattr,
3177 #endif
3178 .permission = ext3_permission,
3179 + .sync_flags = ext3_sync_flags,
3180 };
3181
3182 struct inode_operations ext3_special_inode_operations = {
3183 @@ -2384,4 +2387,5 @@ struct inode_operations ext3_special_ino
3184 .removexattr = generic_removexattr,
3185 #endif
3186 .permission = ext3_permission,
3187 + .sync_flags = ext3_sync_flags,
3188 };
3189 Index: vserver-sources-2.6.16_2.0.2/fs/ext3/super.c
3190 ===================================================================
3191 --- vserver-sources-2.6.16_2.0.2.orig/fs/ext3/super.c
3192 +++ vserver-sources-2.6.16_2.0.2/fs/ext3/super.c
3193 @@ -634,7 +634,7 @@ enum {
3194 Opt_usrjquota, Opt_grpjquota, Opt_offusrjquota, Opt_offgrpjquota,
3195 Opt_jqfmt_vfsold, Opt_jqfmt_vfsv0, Opt_quota, Opt_noquota,
3196 Opt_ignore, Opt_barrier, Opt_err, Opt_resize, Opt_usrquota,
3197 - Opt_grpquota
3198 + Opt_grpquota, Opt_tagxid
3199 };
3200
3201 static match_table_t tokens = {
3202 @@ -683,6 +683,7 @@ static match_table_t tokens = {
3203 {Opt_quota, "quota"},
3204 {Opt_usrquota, "usrquota"},
3205 {Opt_barrier, "barrier=%u"},
3206 + {Opt_tagxid, "tagxid"},
3207 {Opt_err, NULL},
3208 {Opt_resize, "resize"},
3209 };
3210 @@ -775,6 +776,11 @@ static int parse_options (char *options,
3211 case Opt_nouid32:
3212 set_opt (sbi->s_mount_opt, NO_UID32);
3213 break;
3214 +#ifndef CONFIG_INOXID_NONE
3215 + case Opt_tagxid:
3216 + set_opt (sbi->s_mount_opt, TAGXID);
3217 + break;
3218 +#endif
3219 case Opt_nocheck:
3220 clear_opt (sbi->s_mount_opt, CHECK);
3221 break;
3222 @@ -1429,6 +1435,9 @@ static int ext3_fill_super (struct super
3223 NULL, 0))
3224 goto failed_mount;
3225
3226 + if (EXT3_SB(sb)->s_mount_opt & EXT3_MOUNT_TAGXID)
3227 + sb->s_flags |= MS_TAGXID;
3228 +
3229 sb->s_flags = (sb->s_flags & ~MS_POSIXACL) |
3230 ((sbi->s_mount_opt & EXT3_MOUNT_POSIX_ACL) ? MS_POSIXACL : 0);
3231
3232 @@ -2238,6 +2247,12 @@ static int ext3_remount (struct super_bl
3233
3234 if (sbi->s_mount_opt & EXT3_MOUNT_ABORT)
3235 ext3_abort(sb, __FUNCTION__, "Abort forced by user");
3236 + if ((sbi->s_mount_opt & EXT3_MOUNT_TAGXID) &&
3237 + !(sb->s_flags & MS_TAGXID)) {
3238 + printk("EXT3-fs: %s: tagxid not permitted on remount.\n",
3239 + sb->s_id);
3240 + return -EINVAL;
3241 + }
3242
3243 sb->s_flags = (sb->s_flags & ~MS_POSIXACL) |
3244 ((sbi->s_mount_opt & EXT3_MOUNT_POSIX_ACL) ? MS_POSIXACL : 0);
3245 Index: vserver-sources-2.6.16_2.0.2/fs/ext3/symlink.c
3246 ===================================================================
3247 --- vserver-sources-2.6.16_2.0.2.orig/fs/ext3/symlink.c
3248 +++ vserver-sources-2.6.16_2.0.2/fs/ext3/symlink.c
3249 @@ -40,6 +40,7 @@ struct inode_operations ext3_symlink_ino
3250 .listxattr = ext3_listxattr,
3251 .removexattr = generic_removexattr,
3252 #endif
3253 + .sync_flags = ext3_sync_flags,
3254 };
3255
3256 struct inode_operations ext3_fast_symlink_inode_operations = {
3257 @@ -51,4 +52,5 @@ struct inode_operations ext3_fast_symlin
3258 .listxattr = ext3_listxattr,
3259 .removexattr = generic_removexattr,
3260 #endif
3261 + .sync_flags = ext3_sync_flags,
3262 };
3263 Index: vserver-sources-2.6.16_2.0.2/fs/ext3/xattr.c
3264 ===================================================================
3265 --- vserver-sources-2.6.16_2.0.2.orig/fs/ext3/xattr.c
3266 +++ vserver-sources-2.6.16_2.0.2/fs/ext3/xattr.c
3267 @@ -58,6 +58,7 @@
3268 #include <linux/mbcache.h>
3269 #include <linux/quotaops.h>
3270 #include <linux/rwsem.h>
3271 +#include <linux/vs_dlimit.h>
3272 #include "xattr.h"
3273 #include "acl.h"
3274
3275 @@ -495,6 +496,7 @@ ext3_xattr_release_block(handle_t *handl
3276 ext3_journal_dirty_metadata(handle, bh);
3277 if (IS_SYNC(inode))
3278 handle->h_sync = 1;
3279 + DLIMIT_FREE_BLOCK(inode, 1);
3280 DQUOT_FREE_BLOCK(inode, 1);
3281 unlock_buffer(bh);
3282 ea_bdebug(bh, "refcount now=%d; releasing",
3283 @@ -763,11 +765,14 @@ inserted:
3284 if (new_bh == bs->bh)
3285 ea_bdebug(new_bh, "keeping");
3286 else {
3287 + error = -ENOSPC;
3288 + if (DLIMIT_ALLOC_BLOCK(inode, 1))
3289 + goto cleanup;
3290 /* The old block is released after updating
3291 the inode. */
3292 error = -EDQUOT;
3293 if (DQUOT_ALLOC_BLOCK(inode, 1))
3294 - goto cleanup;
3295 + goto cleanup_dlimit;
3296 error = ext3_journal_get_write_access(handle,
3297 new_bh);
3298 if (error)
3299 @@ -843,6 +848,8 @@ cleanup:
3300
3301 cleanup_dquot:
3302 DQUOT_FREE_BLOCK(inode, 1);
3303 +cleanup_dlimit:
3304 + DLIMIT_FREE_BLOCK(inode, 1);
3305 goto cleanup;
3306
3307 bad_block:
3308 Index: vserver-sources-2.6.16_2.0.2/fs/fcntl.c
3309 ===================================================================
3310 --- vserver-sources-2.6.16_2.0.2.orig/fs/fcntl.c
3311 +++ vserver-sources-2.6.16_2.0.2/fs/fcntl.c
3312 @@ -18,6 +18,7 @@
3313 #include <linux/ptrace.h>
3314 #include <linux/signal.h>
3315 #include <linux/rcupdate.h>
3316 +#include <linux/vs_limit.h>
3317
3318 #include <asm/poll.h>
3319 #include <asm/siginfo.h>
3320 @@ -85,6 +86,8 @@ repeat:
3321 error = -EMFILE;
3322 if (newfd >= current->signal->rlim[RLIMIT_NOFILE].rlim_cur)
3323 goto out;
3324 + if (!vx_files_avail(1))
3325 + goto out;
3326
3327 error = expand_files(files, newfd);
3328 if (error < 0)
3329 @@ -126,6 +129,7 @@ static int dupfd(struct file *file, unsi
3330 FD_SET(fd, fdt->open_fds);
3331 FD_CLR(fd, fdt->close_on_exec);
3332 spin_unlock(&files->file_lock);
3333 + vx_openfd_inc(fd);
3334 fd_install(fd, file);
3335 } else {
3336 spin_unlock(&files->file_lock);
3337 @@ -178,6 +182,9 @@ asmlinkage long sys_dup2(unsigned int ol
3338
3339 if (tofree)
3340 filp_close(tofree, files);
3341 + else
3342 + vx_openfd_inc(newfd); /* fd was unused */
3343 +
3344 err = newfd;
3345 out:
3346 return err;
3347 @@ -481,7 +488,7 @@ void send_sigio(struct fown_struct *fown
3348
3349 read_lock(&tasklist_lock);
3350 if (pid > 0) {
3351 - p = find_task_by_pid(pid);
3352 + p = find_task_by_real_pid(pid);
3353 if (p) {
3354 send_sigio_to_task(p, fown, fd, band);
3355 }
3356 @@ -516,7 +523,7 @@ int send_sigurg(struct fown_struct *fown
3357
3358 read_lock(&tasklist_lock);
3359 if (pid > 0) {
3360 - p = find_task_by_pid(pid);
3361 + p = find_task_by_real_pid(pid);
3362 if (p) {
3363 send_sigurg_to_task(p, fown);
3364 }
3365 Index: vserver-sources-2.6.16_2.0.2/fs/file_table.c
3366 ===================================================================
3367 --- vserver-sources-2.6.16_2.0.2.orig/fs/file_table.c
3368 +++ vserver-sources-2.6.16_2.0.2/fs/file_table.c
3369 @@ -22,6 +22,8 @@
3370 #include <linux/fsnotify.h>
3371 #include <linux/sysctl.h>
3372 #include <linux/percpu_counter.h>
3373 +#include <linux/vs_limit.h>
3374 +#include <linux/vs_context.h>
3375
3376 #include <asm/atomic.h>
3377
3378 @@ -119,6 +121,8 @@ struct file *get_empty_filp(void)
3379 rwlock_init(&f->f_owner.lock);
3380 /* f->f_version: 0 */
3381 INIT_LIST_HEAD(&f->f_u.fu_list);
3382 + f->f_xid = vx_current_xid();
3383 + vx_files_inc(f);
3384 return f;
3385
3386 over:
3387 @@ -173,6 +177,8 @@ void fastcall __fput(struct file *file)
3388 fops_put(file->f_op);
3389 if (file->f_mode & FMODE_WRITE)
3390 put_write_access(inode);
3391 + vx_files_dec(file);
3392 + file->f_xid = 0;
3393 file_kill(file);
3394 file->f_dentry = NULL;
3395 file->f_vfsmnt = NULL;
3396 @@ -238,6 +244,8 @@ void put_filp(struct file *file)
3397 {
3398 if (atomic_dec_and_test(&file->f_count)) {
3399 security_file_free(file);
3400 + vx_files_dec(file);
3401 + file->f_xid = 0;
3402 file_kill(file);
3403 file_free(file);
3404 }
3405 Index: vserver-sources-2.6.16_2.0.2/fs/hfsplus/ioctl.c
3406 ===================================================================
3407 --- vserver-sources-2.6.16_2.0.2.orig/fs/hfsplus/ioctl.c
3408 +++ vserver-sources-2.6.16_2.0.2/fs/hfsplus/ioctl.c
3409 @@ -16,6 +16,7 @@
3410 #include <linux/fs.h>
3411 #include <linux/sched.h>
3412 #include <linux/xattr.h>
3413 +#include <linux/mount.h>
3414 #include <asm/uaccess.h>
3415 #include "hfsplus_fs.h"
3416
3417 @@ -35,7 +36,8 @@ int hfsplus_ioctl(struct inode *inode, s
3418 flags |= EXT2_FLAG_NODUMP; /* EXT2_NODUMP_FL */
3419 return put_user(flags, (int __user *)arg);
3420 case HFSPLUS_IOC_EXT2_SETFLAGS: {
3421 - if (IS_RDONLY(inode))
3422 + if (IS_RDONLY(inode) ||
3423 + (filp && MNT_IS_RDONLY(filp->f_vfsmnt)))
3424 return -EROFS;
3425
3426 if ((current->fsuid != inode->i_uid) && !capable(CAP_FOWNER))
3427 Index: vserver-sources-2.6.16_2.0.2/fs/inode.c
3428 ===================================================================
3429 --- vserver-sources-2.6.16_2.0.2.orig/fs/inode.c
3430 +++ vserver-sources-2.6.16_2.0.2/fs/inode.c
3431 @@ -116,6 +116,9 @@ static struct inode *alloc_inode(struct
3432 struct address_space * const mapping = &inode->i_data;
3433
3434 inode->i_sb = sb;
3435 +
3436 + /* essential because of inode slab reuse */
3437 + inode->i_xid = 0;
3438 inode->i_blkbits = sb->s_blocksize_bits;
3439 inode->i_flags = 0;
3440 atomic_set(&inode->i_count, 1);
3441 @@ -236,6 +239,8 @@ void __iget(struct inode * inode)
3442 inodes_stat.nr_unused--;
3443 }
3444
3445 +EXPORT_SYMBOL_GPL(__iget);
3446 +
3447 /**
3448 * clear_inode - clear an inode
3449 * @inode: inode to clear
3450 Index: vserver-sources-2.6.16_2.0.2/fs/ioctl.c
3451 ===================================================================
3452 --- vserver-sources-2.6.16_2.0.2.orig/fs/ioctl.c
3453 +++ vserver-sources-2.6.16_2.0.2/fs/ioctl.c
3454 @@ -13,10 +13,19 @@
3455 #include <linux/fs.h>
3456 #include <linux/security.h>
3457 #include <linux/module.h>
3458 +#include <linux/proc_fs.h>
3459 +#include <linux/vserver/inode.h>
3460 +#include <linux/vserver/xid.h>
3461
3462 #include <asm/uaccess.h>
3463 #include <asm/ioctls.h>
3464
3465 +
3466 +#ifdef CONFIG_VSERVER_LEGACY
3467 +extern int vx_proc_ioctl(struct inode *, struct file *,
3468 + unsigned int, unsigned long);
3469 +#endif
3470 +
3471 static long do_ioctl(struct file *filp, unsigned int cmd,
3472 unsigned long arg)
3473 {
3474 @@ -147,6 +156,48 @@ int vfs_ioctl(struct file *filp, unsigne
3475 else
3476 error = -ENOTTY;
3477 break;
3478 +#ifdef CONFIG_VSERVER_LEGACY
3479 +#ifndef CONFIG_INOXID_NONE
3480 + case FIOC_GETXID: {
3481 + struct inode *inode = filp->f_dentry->d_inode;
3482 +
3483 + /* fixme: if stealth, return -ENOTTY */
3484 + error = -EPERM;
3485 + if (capable(CAP_CONTEXT))
3486 + error = put_user(inode->i_xid, (int *) arg);
3487 + break;
3488 + }
3489 + case FIOC_SETXID: {
3490 + struct inode *inode = filp->f_dentry->d_inode;
3491 + int xid;
3492 +
3493 + /* fixme: if stealth, return -ENOTTY */
3494 + error = -EPERM;
3495 + if (!capable(CAP_CONTEXT))
3496 + break;
3497 + error = -EROFS;
3498 + if (IS_RDONLY(inode))
3499 + break;
3500 + error = -ENOSYS;
3501 + if (!(inode->i_sb->s_flags & MS_TAGXID))
3502 + break;
3503 + error = -EFAULT;
3504 + if (get_user(xid, (int *) arg))
3505 + break;
3506 + error = 0;
3507 + inode->i_xid = (xid & 0xFFFF);
3508 + inode->i_ctime = CURRENT_TIME;
3509 + mark_inode_dirty(inode);
3510 + break;
3511 + }
3512 +#endif
3513 + case FIOC_GETXFLG:
3514 + case FIOC_SETXFLG:
3515 + error = -ENOTTY;
3516 + if (filp->f_dentry->d_inode->i_sb->s_magic == PROC_SUPER_MAGIC)
3517 + error = vx_proc_ioctl(filp->f_dentry->d_inode, filp, cmd, arg);
3518 + break;
3519 +#endif
3520 default:
3521 if (S_ISREG(filp->f_dentry->d_inode->i_mode))
3522 error = file_ioctl(filp, cmd, arg);
3523 Index: vserver-sources-2.6.16_2.0.2/fs/ioprio.c
3524 ===================================================================
3525 --- vserver-sources-2.6.16_2.0.2.orig/fs/ioprio.c
3526 +++ vserver-sources-2.6.16_2.0.2/fs/ioprio.c
3527 @@ -24,6 +24,7 @@
3528 #include <linux/blkdev.h>
3529 #include <linux/capability.h>
3530 #include <linux/syscalls.h>
3531 +#include <linux/vs_cvirt.h>
3532
3533 static int set_task_ioprio(struct task_struct *task, int ioprio)
3534 {
3535 @@ -95,7 +96,7 @@ asmlinkage long sys_ioprio_set(int which
3536 if (!who)
3537 user = current->user;
3538 else
3539 - user = find_user(who);
3540 + user = find_user(vx_current_xid(), who);
3541
3542 if (!user)
3543 break;
3544 @@ -149,7 +150,7 @@ asmlinkage long sys_ioprio_get(int which
3545 if (!who)
3546 user = current->user;
3547 else
3548 - user = find_user(who);
3549 + user = find_user(vx_current_xid(), who);
3550
3551 if (!user)
3552 break;
3553 Index: vserver-sources-2.6.16_2.0.2/fs/jfs/acl.c
3554 ===================================================================
3555 --- vserver-sources-2.6.16_2.0.2.orig/fs/jfs/acl.c
3556 +++ vserver-sources-2.6.16_2.0.2/fs/jfs/acl.c
3557 @@ -229,7 +229,8 @@ int jfs_setattr(struct dentry *dentry, s
3558 return rc;
3559
3560 if ((iattr->ia_valid & ATTR_UID && iattr->ia_uid != inode->i_uid) ||
3561 - (iattr->ia_valid & ATTR_GID && iattr->ia_gid != inode->i_gid)) {
3562 + (iattr->ia_valid & ATTR_GID && iattr->ia_gid != inode->i_gid) ||
3563 + (iattr->ia_valid & ATTR_XID && iattr->ia_xid != inode->i_xid)) {
3564 if (DQUOT_TRANSFER(inode, iattr))
3565 return -EDQUOT;
3566 }
3567 Index: vserver-sources-2.6.16_2.0.2/fs/jfs/inode.c
3568 ===================================================================
3569 --- vserver-sources-2.6.16_2.0.2.orig/fs/jfs/inode.c
3570 +++ vserver-sources-2.6.16_2.0.2/fs/jfs/inode.c
3571 @@ -22,6 +22,7 @@
3572 #include <linux/buffer_head.h>
3573 #include <linux/pagemap.h>
3574 #include <linux/quotaops.h>
3575 +#include <linux/vs_dlimit.h>
3576 #include "jfs_incore.h"
3577 #include "jfs_inode.h"
3578 #include "jfs_filsys.h"
3579 @@ -143,6 +144,7 @@ void jfs_delete_inode(struct inode *inod
3580 DQUOT_INIT(inode);
3581 DQUOT_FREE_INODE(inode);
3582 DQUOT_DROP(inode);
3583 + DLIMIT_FREE_INODE(inode);
3584 }
3585
3586 clear_inode(inode);
3587 Index: vserver-sources-2.6.16_2.0.2/fs/jfs/jfs_dtree.c
3588 ===================================================================
3589 --- vserver-sources-2.6.16_2.0.2.orig/fs/jfs/jfs_dtree.c
3590 +++ vserver-sources-2.6.16_2.0.2/fs/jfs/jfs_dtree.c
3591 @@ -102,6 +102,7 @@
3592
3593 #include <linux/fs.h>
3594 #include <linux/quotaops.h>
3595 +#include <linux/vs_dlimit.h>
3596 #include "jfs_incore.h"
3597 #include "jfs_superblock.h"
3598 #include "jfs_filsys.h"
3599 @@ -383,10 +384,10 @@ static u32 add_index(tid_t tid, struct i
3600 */
3601 if (DQUOT_ALLOC_BLOCK(ip, sbi->nbperpage))
3602 goto clean_up;
3603 - if (dbAlloc(ip, 0, sbi->nbperpage, &xaddr)) {
3604 - DQUOT_FREE_BLOCK(ip, sbi->nbperpage);
3605 - goto clean_up;
3606 - }
3607 + if (DLIMIT_ALLOC_BLOCK(ip, sbi->nbperpage))
3608 + goto clean_up_quota;
3609 + if (dbAlloc(ip, 0, sbi->nbperpage, &xaddr))
3610 + goto clean_up_dlim;
3611
3612 /*
3613 * Save the table, we're going to overwrite it with the
3614 @@ -479,6 +480,10 @@ static u32 add_index(tid_t tid, struct i
3615
3616 return index;
3617
3618 + clean_up_dlim:
3619 + DLIMIT_FREE_BLOCK(ip, sbi->nbperpage);
3620 + clean_up_quota:
3621 + DQUOT_FREE_BLOCK(ip, sbi->nbperpage);
3622 clean_up:
3623
3624 jfs_ip->next_index--;
3625 @@ -930,7 +935,8 @@ int dtInsert(tid_t tid, struct inode *ip
3626 static int dtSplitUp(tid_t tid,
3627 struct inode *ip, struct dtsplit * split, struct btstack * btstack)
3628 {
3629 - struct jfs_sb_info *sbi = JFS_SBI(ip->i_sb);
3630 + struct super_block *sb = ip->i_sb;
3631 + struct jfs_sb_info *sbi = JFS_SBI(sb);
3632 int rc = 0;
3633 struct metapage *smp;
3634 dtpage_t *sp; /* split page */
3635 @@ -952,6 +958,7 @@ static int dtSplitUp(tid_t tid,
3636 struct tlock *tlck;
3637 struct lv *lv;
3638 int quota_allocation = 0;
3639 + int dlimit_allocation = 0;
3640
3641 /* get split page */
3642 smp = split->mp;
3643 @@ -1033,6 +1040,12 @@ static int dtSplitUp(tid_t tid,
3644 }
3645 quota_allocation += n;
3646
3647 + if (DLIMIT_ALLOC_BLOCK(ip, n)) {
3648 + rc = -ENOSPC;
3649 + goto extendOut;
3650 + }
3651 + dlimit_allocation += n;
3652 +
3653 if ((rc = dbReAlloc(sbi->ipbmap, xaddr, (s64) xlen,
3654 (s64) n, &nxaddr)))
3655 goto extendOut;
3656 @@ -1301,6 +1314,9 @@ static int dtSplitUp(tid_t tid,
3657 freeKeyName:
3658 kfree(key.name);
3659
3660 + /* Rollback dlimit allocation */
3661 + if (rc && dlimit_allocation)
3662 + DLIMIT_FREE_BLOCK(ip, dlimit_allocation);
3663 /* Rollback quota allocation */
3664 if (rc && quota_allocation)
3665 DQUOT_FREE_BLOCK(ip, quota_allocation);
3666 @@ -1368,6 +1384,12 @@ static int dtSplitPage(tid_t tid, struct
3667 release_metapage(rmp);
3668 return -EDQUOT;
3669 }
3670 + /* Allocate blocks to dlimit. */
3671 + if (DLIMIT_ALLOC_BLOCK(ip, lengthPXD(pxd))) {
3672 + DQUOT_FREE_BLOCK(ip, lengthPXD(pxd));
3673 + release_metapage(rmp);
3674 + return -ENOSPC;
3675 + }
3676
3677 jfs_info("dtSplitPage: ip:0x%p smp:0x%p rmp:0x%p", ip, smp, rmp);
3678
3679 @@ -1918,6 +1940,12 @@ static int dtSplitRoot(tid_t tid,
3680 release_metapage(rmp);
3681 return -EDQUOT;
3682 }
3683 + /* Allocate blocks to dlimit. */
3684 + if (DLIMIT_ALLOC_BLOCK(ip, lengthPXD(pxd))) {
3685 + DQUOT_FREE_BLOCK(ip, lengthPXD(pxd));
3686 + release_metapage(rmp);
3687 + return -ENOSPC;
3688 + }
3689
3690 BT_MARK_DIRTY(rmp, ip);
3691 /*
3692 @@ -2284,6 +2312,8 @@ static int dtDeleteUp(tid_t tid, struct
3693
3694 xlen = lengthPXD(&fp->header.self);
3695
3696 + /* Free dlimit allocation. */
3697 + DLIMIT_FREE_BLOCK(ip, xlen);
3698 /* Free quota allocation. */
3699 DQUOT_FREE_BLOCK(ip, xlen);
3700
3701 @@ -2360,6 +2390,8 @@ static int dtDeleteUp(tid_t tid, struct
3702
3703 xlen = lengthPXD(&p->header.self);
3704
3705 + /* Free dlimit allocation */
3706 + DLIMIT_FREE_BLOCK(ip, xlen);
3707 /* Free quota allocation */
3708 DQUOT_FREE_BLOCK(ip, xlen);
3709
3710 Index: vserver-sources-2.6.16_2.0.2/fs/jfs/jfs_extent.c
3711 ===================================================================
3712 --- vserver-sources-2.6.16_2.0.2.orig/fs/jfs/jfs_extent.c
3713 +++ vserver-sources-2.6.16_2.0.2/fs/jfs/jfs_extent.c
3714 @@ -18,6 +18,7 @@
3715
3716 #include <linux/fs.h>
3717 #include <linux/quotaops.h>
3718 +#include <linux/vs_dlimit.h>
3719 #include "jfs_incore.h"
3720 #include "jfs_inode.h"
3721 #include "jfs_superblock.h"
3722 @@ -146,6 +147,13 @@ extAlloc(struct inode *ip, s64 xlen, s64
3723 up(&JFS_IP(ip)->commit_sem);
3724 return -EDQUOT;
3725 }
3726 + /* Allocate blocks to dlimit. */
3727 + if (DLIMIT_ALLOC_BLOCK(ip, nxlen)) {
3728 + DQUOT_FREE_BLOCK(ip, nxlen);
3729 + dbFree(ip, nxaddr, (s64) nxlen);
3730 + up(&JFS_IP(ip)->commit_sem);
3731 + return -ENOSPC;
3732 + }
3733
3734 /* determine the value of the extent flag */
3735 xflag = (abnr == TRUE) ? XAD_NOTRECORDED : 0;
3736 @@ -164,6 +172,7 @@ extAlloc(struct inode *ip, s64 xlen, s64
3737 */
3738 if (rc) {
3739 dbFree(ip, nxaddr, nxlen);
3740 + DLIMIT_FREE_BLOCK(ip, nxlen);
3741 DQUOT_FREE_BLOCK(ip, nxlen);
3742 up(&JFS_IP(ip)->commit_sem);
3743 return (rc);
3744 @@ -261,6 +270,13 @@ int extRealloc(struct inode *ip, s64 nxl
3745 up(&JFS_IP(ip)->commit_sem);
3746 return -EDQUOT;
3747 }
3748 + /* Allocate blocks to dlimit. */
3749 + if (DLIMIT_ALLOC_BLOCK(ip, nxlen)) {
3750 + DQUOT_FREE_BLOCK(ip, nxlen);
3751 + dbFree(ip, nxaddr, (s64) nxlen);
3752 + up(&JFS_IP(ip)->commit_sem);
3753 + return -ENOSPC;
3754 + }
3755
3756 delta = nxlen - xlen;
3757
3758 @@ -297,6 +313,7 @@ int extRealloc(struct inode *ip, s64 nxl
3759 /* extend the extent */
3760 if ((rc = xtExtend(0, ip, xoff + xlen, (int) nextend, 0))) {
3761 dbFree(ip, xaddr + xlen, delta);
3762 + DLIMIT_FREE_BLOCK(ip, nxlen);
3763 DQUOT_FREE_BLOCK(ip, nxlen);
3764 goto exit;
3765 }
3766 @@ -308,6 +325,7 @@ int extRealloc(struct inode *ip, s64 nxl
3767 */
3768 if ((rc = xtTailgate(0, ip, xoff, (int) ntail, nxaddr, 0))) {
3769 dbFree(ip, nxaddr, nxlen);
3770 + DLIMIT_FREE_BLOCK(ip, nxlen);
3771 DQUOT_FREE_BLOCK(ip, nxlen);
3772 goto exit;
3773 }
3774 Index: vserver-sources-2.6.16_2.0.2/fs/jfs/jfs_filsys.h
3775 ===================================================================
3776 --- vserver-sources-2.6.16_2.0.2.orig/fs/jfs/jfs_filsys.h
3777 +++ vserver-sources-2.6.16_2.0.2/fs/jfs/jfs_filsys.h
3778 @@ -84,6 +84,7 @@
3779 #define JFS_DIR_INDEX 0x00200000 /* Persistant index for */
3780 /* directory entries */
3781
3782 +#define JFS_TAGXID 0x00800000 /* xid tagging */
3783
3784 /*
3785 * buffer cache configuration
3786 Index: vserver-sources-2.6.16_2.0.2/fs/jfs/jfs_imap.c
3787 ===================================================================
3788 --- vserver-sources-2.6.16_2.0.2.orig/fs/jfs/jfs_imap.c
3789 +++ vserver-sources-2.6.16_2.0.2/fs/jfs/jfs_imap.c
3790 @@ -45,6 +45,7 @@
3791 #include <linux/buffer_head.h>
3792 #include <linux/pagemap.h>
3793 #include <linux/quotaops.h>
3794 +#include <linux/vserver/xid.h>
3795
3796 #include "jfs_incore.h"
3797 #include "jfs_inode.h"
3798 @@ -3074,14 +3075,21 @@ static void duplicateIXtree(struct super
3799 static int copy_from_dinode(struct dinode * dip, struct inode *ip)
3800 {
3801 struct jfs_inode_info *jfs_ip = JFS_IP(ip);
3802 + uid_t uid;
3803 + gid_t gid;
3804
3805 jfs_ip->fileset = le32_to_cpu(dip->di_fileset);
3806 jfs_ip->mode2 = le32_to_cpu(dip->di_mode);
3807
3808 ip->i_mode = le32_to_cpu(dip->di_mode) & 0xffff;
3809 ip->i_nlink = le32_to_cpu(dip->di_nlink);
3810 - ip->i_uid = le32_to_cpu(dip->di_uid);
3811 - ip->i_gid = le32_to_cpu(dip->di_gid);
3812 +
3813 + uid = le32_to_cpu(dip->di_uid);
3814 + gid = le32_to_cpu(dip->di_gid);
3815 + ip->i_uid = INOXID_UID(XID_TAG(ip), uid, gid);
3816 + ip->i_gid = INOXID_GID(XID_TAG(ip), uid, gid);
3817 + ip->i_xid = INOXID_XID(XID_TAG(ip), uid, gid, 0);
3818 +
3819 ip->i_size = le64_to_cpu(dip->di_size);
3820 ip->i_atime.tv_sec = le32_to_cpu(dip->di_atime.tv_sec);
3821 ip->i_atime.tv_nsec = le32_to_cpu(dip->di_atime.tv_nsec);
3822 @@ -3132,6 +3140,8 @@ static int copy_from_dinode(struct dinod
3823 static void copy_to_dinode(struct dinode * dip, struct inode *ip)
3824 {
3825 struct jfs_inode_info *jfs_ip = JFS_IP(ip);
3826 + uid_t uid;
3827 + gid_t gid;
3828
3829 dip->di_fileset = cpu_to_le32(jfs_ip->fileset);
3830 dip->di_inostamp = cpu_to_le32(JFS_SBI(ip->i_sb)->inostamp);
3831 @@ -3140,8 +3150,11 @@ static void copy_to_dinode(struct dinode
3832 dip->di_size = cpu_to_le64(ip->i_size);
3833 dip->di_nblocks = cpu_to_le64(PBLK2LBLK(ip->i_sb, ip->i_blocks));
3834 dip->di_nlink = cpu_to_le32(ip->i_nlink);
3835 - dip->di_uid = cpu_to_le32(ip->i_uid);
3836 - dip->di_gid = cpu_to_le32(ip->i_gid);
3837 +
3838 + uid = XIDINO_UID(XID_TAG(ip), ip->i_uid, ip->i_xid);
3839 + gid = XIDINO_GID(XID_TAG(ip), ip->i_gid, ip->i_xid);
3840 + dip->di_uid = cpu_to_le32(uid);
3841 + dip->di_gid = cpu_to_le32(gid);
3842 /*
3843 * mode2 is only needed for storing the higher order bits.
3844 * Trust i_mode for the lower order ones
3845 Index: vserver-sources-2.6.16_2.0.2/fs/jfs/jfs_inode.c
3846 ===================================================================
3847 --- vserver-sources-2.6.16_2.0.2.orig/fs/jfs/jfs_inode.c
3848 +++ vserver-sources-2.6.16_2.0.2/fs/jfs/jfs_inode.c
3849 @@ -18,6 +18,8 @@
3850
3851 #include <linux/fs.h>
3852 #include <linux/quotaops.h>
3853 +#include <linux/vs_dlimit.h>
3854 +#include <linux/vserver/xid.h>
3855 #include "jfs_incore.h"
3856 #include "jfs_inode.h"
3857 #include "jfs_filsys.h"
3858 @@ -62,10 +64,17 @@ struct inode *ialloc(struct inode *paren
3859 } else
3860 inode->i_gid = current->fsgid;
3861
3862 + inode->i_xid = vx_current_fsxid(sb);
3863 + if (DLIMIT_ALLOC_INODE(inode)) {
3864 + iput(inode);
3865 + return NULL;
3866 + }
3867 +
3868 /*
3869 * Allocate inode to quota.
3870 */
3871 if (DQUOT_ALLOC_INODE(inode)) {
3872 + DLIMIT_FREE_INODE(inode);
3873 DQUOT_DROP(inode);
3874 inode->i_flags |= S_NOQUOTA;
3875 inode->i_nlink = 0;
3876 Index: vserver-sources-2.6.16_2.0.2/fs/jfs/jfs_xtree.c
3877 ===================================================================
3878 --- vserver-sources-2.6.16_2.0.2.orig/fs/jfs/jfs_xtree.c
3879 +++ vserver-sources-2.6.16_2.0.2/fs/jfs/jfs_xtree.c
3880 @@ -21,6 +21,7 @@
3881
3882 #include <linux/fs.h>
3883 #include <linux/quotaops.h>
3884 +#include <linux/vs_dlimit.h>
3885 #include "jfs_incore.h"
3886 #include "jfs_filsys.h"
3887 #include "jfs_metapage.h"
3888 @@ -841,7 +842,12 @@ int xtInsert(tid_t tid, /* transaction
3889 hint = 0;
3890 if ((rc = DQUOT_ALLOC_BLOCK(ip, xlen)))
3891 goto out;
3892 + if ((rc = DLIMIT_ALLOC_BLOCK(ip, xlen))) {
3893 + DQUOT_FREE_BLOCK(ip, xlen);
3894 + goto out;
3895 + }
3896 if ((rc = dbAlloc(ip, hint, (s64) xlen, &xaddr))) {
3897 + DLIMIT_FREE_BLOCK(ip, xlen);
3898 DQUOT_FREE_BLOCK(ip, xlen);
3899 goto out;
3900 }
3901 @@ -871,6 +877,7 @@ int xtInsert(tid_t tid, /* transaction
3902 /* undo data extent allocation */
3903 if (*xaddrp == 0) {
3904 dbFree(ip, xaddr, (s64) xlen);
3905 + DLIMIT_FREE_BLOCK(ip, xlen);
3906 DQUOT_FREE_BLOCK(ip, xlen);
3907 }
3908 return rc;
3909 @@ -1231,6 +1238,7 @@ xtSplitPage(tid_t tid, struct inode *ip,
3910 struct tlock *tlck;
3911 struct xtlock *sxtlck = NULL, *rxtlck = NULL;
3912 int quota_allocation = 0;
3913 + int dlimit_allocation = 0;
3914
3915 smp = split->mp;
3916 sp = XT_PAGE(ip, smp);
3917 @@ -1243,13 +1251,20 @@ xtSplitPage(tid_t tid, struct inode *ip,
3918 rbn = addressPXD(pxd);
3919
3920 /* Allocate blocks to quota. */
3921 - if (DQUOT_ALLOC_BLOCK(ip, lengthPXD(pxd))) {
3922 + if (DQUOT_ALLOC_BLOCK(ip, lengthPXD(pxd))) {
3923 rc = -EDQUOT;
3924 goto clean_up;
3925 }
3926
3927 quota_allocation += lengthPXD(pxd);
3928
3929 + /* Allocate blocks to dlimit. */
3930 + if (DLIMIT_ALLOC_BLOCK(ip, lengthPXD(pxd))) {
3931 + rc = -ENOSPC;
3932 + goto clean_up;
3933 + }
3934 + dlimit_allocation += lengthPXD(pxd);
3935 +
3936 /*
3937 * allocate the new right page for the split
3938 */
3939 @@ -1451,6 +1466,9 @@ xtSplitPage(tid_t tid, struct inode *ip,
3940
3941 clean_up:
3942
3943 + /* Rollback dlimit allocation. */
3944 + if (dlimit_allocation)
3945 + DLIMIT_FREE_BLOCK(ip, dlimit_allocation);
3946 /* Rollback quota allocation. */
3947 if (quota_allocation)
3948 DQUOT_FREE_BLOCK(ip, quota_allocation);
3949 @@ -1515,6 +1533,12 @@ xtSplitRoot(tid_t tid,
3950 release_metapage(rmp);
3951 return -EDQUOT;
3952 }
3953 + /* Allocate blocks to dlimit. */
3954 + if (DLIMIT_ALLOC_BLOCK(ip, lengthPXD(pxd))) {
3955 + DQUOT_FREE_BLOCK(ip, lengthPXD(pxd));
3956 + release_metapage(rmp);
3957 + return -ENOSPC;
3958 + }
3959
3960 jfs_info("xtSplitRoot: ip:0x%p rmp:0x%p", ip, rmp);
3961
3962 @@ -3941,6 +3965,8 @@ s64 xtTruncate(tid_t tid, struct inode *
3963 else
3964 ip->i_size = newsize;
3965
3966 + /* update dlimit allocation to reflect freed blocks */
3967 + DLIMIT_FREE_BLOCK(ip, nfreed);
3968 /* update quota allocation to reflect freed blocks */
3969 DQUOT_FREE_BLOCK(ip, nfreed);
3970
3971 Index: vserver-sources-2.6.16_2.0.2/fs/jfs/namei.c
3972 ===================================================================
3973 --- vserver-sources-2.6.16_2.0.2.orig/fs/jfs/namei.c
3974 +++ vserver-sources-2.6.16_2.0.2/fs/jfs/namei.c
3975 @@ -20,6 +20,7 @@
3976 #include <linux/fs.h>
3977 #include <linux/ctype.h>
3978 #include <linux/quotaops.h>
3979 +#include <linux/vserver/xid.h>
3980 #include "jfs_incore.h"
3981 #include "jfs_superblock.h"
3982 #include "jfs_inode.h"
3983 @@ -1465,6 +1466,7 @@ static struct dentry *jfs_lookup(struct
3984 return ERR_PTR(-EACCES);
3985 }
3986
3987 + vx_propagate_xid(nd, ip);
3988 dentry = d_splice_alias(ip, dentry);
3989
3990 if (dentry && (JFS_SBI(dip->i_sb)->mntflag & JFS_OS2))
3991 Index: vserver-sources-2.6.16_2.0.2/fs/jfs/super.c
3992 ===================================================================
3993 --- vserver-sources-2.6.16_2.0.2.orig/fs/jfs/super.c
3994 +++ vserver-sources-2.6.16_2.0.2/fs/jfs/super.c
3995 @@ -195,7 +195,7 @@ static void jfs_put_super(struct super_b
3996 enum {
3997 Opt_integrity, Opt_nointegrity, Opt_iocharset, Opt_resize,
3998 Opt_resize_nosize, Opt_errors, Opt_ignore, Opt_err, Opt_quota,
3999 - Opt_usrquota, Opt_grpquota
4000 + Opt_usrquota, Opt_grpquota, Opt_tagxid
4001 };
4002
4003 static match_table_t tokens = {
4004 @@ -205,6 +205,7 @@ static match_table_t tokens = {
4005 {Opt_resize, "resize=%u"},
4006 {Opt_resize_nosize, "resize"},
4007 {Opt_errors, "errors=%s"},
4008 + {Opt_tagxid, "tagxid"},
4009 {Opt_ignore, "noquota"},
4010 {Opt_ignore, "quota"},
4011 {Opt_usrquota, "usrquota"},
4012 @@ -313,7 +314,11 @@ static int parse_options(char *options,
4013 "JFS: quota operations not supported\n");
4014 break;
4015 #endif
4016 -
4017 +#ifndef CONFIG_INOXID_NONE
4018 + case Opt_tagxid:
4019 + *flag |= JFS_TAGXID;
4020 + break;
4021 +#endif
4022 default:
4023 printk("jfs: Unrecognized mount option \"%s\" "
4024 " or missing value\n", p);
4025 @@ -344,6 +349,13 @@ static int jfs_remount(struct super_bloc
4026 if (!parse_options(data, sb, &newLVSize, &flag)) {
4027 return -EINVAL;
4028 }
4029 +
4030 + if ((flag & JFS_TAGXID) && !(sb->s_flags & MS_TAGXID)) {
4031 + printk(KERN_ERR "JFS: %s: tagxid not permitted on remount.\n",
4032 + sb->s_id);
4033 + return -EINVAL;
4034 + }
4035 +
4036 if (newLVSize) {
4037 if (sb->s_flags & MS_RDONLY) {
4038 printk(KERN_ERR
4039 @@ -415,6 +427,9 @@ static int jfs_fill_super(struct super_b
4040 #ifdef CONFIG_JFS_POSIX_ACL
4041 sb->s_flags |= MS_POSIXACL;
4042 #endif
4043 + /* map mount option tagxid */
4044 + if (sbi->flag & JFS_TAGXID)
4045 + sb->s_flags |= MS_TAGXID;
4046
4047 if (newLVSize) {
4048 printk(KERN_ERR "resize option for remount only\n");
4049 Index: vserver-sources-2.6.16_2.0.2/fs/jfs/xattr.c
4050 ===================================================================
4051 --- vserver-sources-2.6.16_2.0.2.orig/fs/jfs/xattr.c
4052 +++ vserver-sources-2.6.16_2.0.2/fs/jfs/xattr.c
4053 @@ -23,6 +23,7 @@
4054 #include <linux/posix_acl_xattr.h>
4055 #include <linux/quotaops.h>
4056 #include <linux/security.h>
4057 +#include <linux/vs_dlimit.h>
4058 #include "jfs_incore.h"
4059 #include "jfs_superblock.h"
4060 #include "jfs_dmap.h"
4061 @@ -263,9 +264,16 @@ static int ea_write(struct inode *ip, st
4062 if (DQUOT_ALLOC_BLOCK(ip, nblocks)) {
4063 return -EDQUOT;
4064 }
4065 + /* Allocate new blocks to dlimit. */
4066 + if (DLIMIT_ALLOC_BLOCK(ip, nblocks)) {
4067 + DQUOT_FREE_BLOCK(ip, nblocks);
4068 + return -ENOSPC;
4069 + }
4070
4071 rc = dbAlloc(ip, INOHINT(ip), nblocks, &blkno);
4072 if (rc) {
4073 + /*Rollback dlimit allocation. */
4074 + DLIMIT_FREE_BLOCK(ip, nblocks);
4075 /*Rollback quota allocation. */
4076 DQUOT_FREE_BLOCK(ip, nblocks);
4077 return rc;
4078 @@ -332,6 +340,8 @@ static int ea_write(struct inode *ip, st
4079
4080 failed:
4081 /* Rollback quota allocation. */
4082 + DLIMIT_FREE_BLOCK(ip, nblocks);
4083 + /* Rollback quota allocation. */
4084 DQUOT_FREE_BLOCK(ip, nblocks);
4085
4086 dbFree(ip, blkno, nblocks);
4087 @@ -468,6 +478,7 @@ static int ea_get(struct inode *inode, s
4088 s64 blkno;
4089 int rc;
4090 int quota_allocation = 0;
4091 + int dlimit_allocation = 0;
4092
4093 /* When fsck.jfs clears a bad ea, it doesn't clear the size */
4094 if (ji->ea.flag == 0)
4095 @@ -543,6 +554,12 @@ static int ea_get(struct inode *inode, s
4096
4097 quota_allocation = blocks_needed;
4098
4099 + /* Allocate new blocks to dlimit. */
4100 + rc = -ENOSPC;
4101 + if (DLIMIT_ALLOC_BLOCK(inode, blocks_needed))
4102 + goto clean_up;
4103 + dlimit_allocation = blocks_needed;
4104 +
4105 rc = dbAlloc(inode, INOHINT(inode), (s64) blocks_needed,
4106 &blkno);
4107 if (rc)
4108 @@ -599,6 +616,9 @@ static int ea_get(struct inode *inode, s
4109 return ea_size;
4110
4111 clean_up:
4112 + /* Rollback dlimit allocation */
4113 + if (dlimit_allocation)
4114 + DLIMIT_FREE_BLOCK(inode, dlimit_allocation);
4115 /* Rollback quota allocation */
4116 if (quota_allocation)
4117 DQUOT_FREE_BLOCK(inode, quota_allocation);
4118 @@ -675,8 +695,10 @@ static int ea_put(tid_t tid, struct inod
4119 }
4120
4121 /* If old blocks exist, they must be removed from quota allocation. */
4122 - if (old_blocks)
4123 + if (old_blocks) {
4124 + DLIMIT_FREE_BLOCK(inode, old_blocks);
4125 DQUOT_FREE_BLOCK(inode, old_blocks);
4126 + }
4127
4128 inode->i_ctime = CURRENT_TIME;
4129
4130 Index: vserver-sources-2.6.16_2.0.2/fs/libfs.c
4131 ===================================================================
4132 --- vserver-sources-2.6.16_2.0.2.orig/fs/libfs.c
4133 +++ vserver-sources-2.6.16_2.0.2/fs/libfs.c
4134 @@ -122,7 +122,8 @@ static inline unsigned char dt_type(stru
4135 * both impossible due to the lock on directory.
4136 */
4137
4138 -int dcache_readdir(struct file * filp, void * dirent, filldir_t filldir)
4139 +static inline int do_dcache_readdir_filter(struct file * filp,
4140 + void * dirent, filldir_t filldir, int (*filter)(struct dentry *dentry))
4141 {
4142 struct dentry *dentry = filp->f_dentry;
4143 struct dentry *cursor = filp->private_data;
4144 @@ -156,6 +157,8 @@ int dcache_readdir(struct file * filp, v
4145 next = list_entry(p, struct dentry, d_u.d_child);
4146 if (d_unhashed(next) || !next->d_inode)
4147 continue;
4148 + if (filter && !filter(next))
4149 + continue;
4150
4151 spin_unlock(&dcache_lock);
4152 if (filldir(dirent, next->d_name.name, next->d_name.len, filp->f_pos, next->d_inode->i_ino, dt_type(next->d_inode)) < 0)
4153 @@ -172,6 +175,18 @@ int dcache_readdir(struct file * filp, v
4154 return 0;
4155 }
4156
4157 +int dcache_readdir(struct file * filp, void * dirent, filldir_t filldir)
4158 +{
4159 + return do_dcache_readdir_filter(filp, dirent, filldir, NULL);
4160 +}
4161 +
4162 +int dcache_readdir_filter(struct file * filp, void * dirent, filldir_t filldir,
4163 + int (*filter)(struct dentry *))
4164 +{
4165 + return do_dcache_readdir_filter(filp, dirent, filldir, filter);
4166 +}
4167 +
4168 +
4169 ssize_t generic_read_dir(struct file *filp, char __user *buf, size_t siz, loff_t *ppos)
4170 {
4171 return -EISDIR;
4172 @@ -621,6 +636,7 @@ EXPORT_SYMBOL(dcache_dir_close);
4173 EXPORT_SYMBOL(dcache_dir_lseek);
4174 EXPORT_SYMBOL(dcache_dir_open);
4175 EXPORT_SYMBOL(dcache_readdir);
4176 +EXPORT_SYMBOL(dcache_readdir_filter);
4177 EXPORT_SYMBOL(generic_read_dir);
4178 EXPORT_SYMBOL(get_sb_pseudo);
4179 EXPORT_SYMBOL(simple_commit_write);
4180 Index: vserver-sources-2.6.16_2.0.2/fs/locks.c
4181 ===================================================================
4182 --- vserver-sources-2.6.16_2.0.2.orig/fs/locks.c
4183 +++ vserver-sources-2.6.16_2.0.2/fs/locks.c
4184 @@ -125,6 +125,7 @@
4185 #include <linux/syscalls.h>
4186 #include <linux/time.h>
4187 #include <linux/rcupdate.h>
4188 +#include <linux/vs_limit.h>
4189
4190 #include <asm/semaphore.h>
4191 #include <asm/uaccess.h>
4192 @@ -150,12 +151,16 @@ static kmem_cache_t *filelock_cache;
4193 /* Allocate an empty lock structure. */
4194 static struct file_lock *locks_alloc_lock(void)
4195 {
4196 + if (!vx_locks_avail(1))
4197 + return NULL;
4198 return kmem_cache_alloc(filelock_cache, SLAB_KERNEL);
4199 }
4200
4201 /* Free a lock which is not in use. */
4202 static void locks_free_lock(struct file_lock *fl)
4203 {
4204 + vx_locks_dec(fl);
4205 +
4206 if (fl == NULL) {
4207 BUG();
4208 return;
4209 @@ -199,6 +204,7 @@ void locks_init_lock(struct file_lock *f
4210 fl->fl_start = fl->fl_end = 0;
4211 fl->fl_ops = NULL;
4212 fl->fl_lmops = NULL;
4213 + fl->fl_xid = -1;
4214 }
4215
4216 EXPORT_SYMBOL(locks_init_lock);
4217 @@ -236,6 +242,8 @@ void locks_copy_lock(struct file_lock *n
4218 fl->fl_ops->fl_copy_lock(new, fl);
4219 if (fl->fl_lmops && fl->fl_lmops->fl_copy_lock)
4220 fl->fl_lmops->fl_copy_lock(new, fl);
4221 +
4222 + new->fl_xid = fl->fl_xid;
4223 }
4224
4225 EXPORT_SYMBOL(locks_copy_lock);
4226 @@ -272,6 +280,11 @@ static int flock_make_lock(struct file *
4227 fl->fl_flags = FL_FLOCK;
4228 fl->fl_type = type;
4229 fl->fl_end = OFFSET_MAX;
4230 +
4231 + vxd_assert(filp->f_xid == vx_current_xid(),
4232 + "f_xid(%d) == current(%d)", filp->f_xid, vx_current_xid());
4233 + fl->fl_xid = filp->f_xid;
4234 + vx_locks_inc(fl);
4235
4236 *lock = fl;
4237 return 0;
4238 @@ -457,6 +470,11 @@ static int lease_alloc(struct file *filp
4239 if (fl == NULL)
4240 return -ENOMEM;
4241
4242 + fl->fl_xid = vx_current_xid();
4243 + if (filp)
4244 + vxd_assert(filp->f_xid == fl->fl_xid,
4245 + "f_xid(%d) == fl_xid(%d)", filp->f_xid, fl->fl_xid);
4246 + vx_locks_inc(fl);
4247 error = lease_init(filp, type, fl);
4248 if (error)
4249 return error;
4250 @@ -771,7 +789,7 @@ out:
4251
4252 EXPORT_SYMBOL(posix_lock_file);
4253
4254 -static int __posix_lock_file(struct inode *inode, struct file_lock *request)
4255 +static int __posix_lock_file(struct inode *inode, struct file_lock *request, xid_t xid)
4256 {
4257 struct file_lock *fl;
4258 struct file_lock *new_fl, *new_fl2;
4259 @@ -780,12 +798,18 @@ static int __posix_lock_file(struct inod
4260 struct file_lock **before;
4261 int error, added = 0;
4262
4263 + vxd_assert(xid == vx_current_xid(),
4264 + "xid(%d) == current(%d)", xid, vx_current_xid());
4265 /*
4266 * We may need two file_lock structures for this operation,
4267 * so we get them in advance to avoid races.
4268 */
4269 new_fl = locks_alloc_lock();
4270 + new_fl->fl_xid = xid;
4271 + vx_locks_inc(new_fl);
4272 new_fl2 = locks_alloc_lock();
4273 + new_fl2->fl_xid = xid;
4274 + vx_locks_inc(new_fl2);
4275
4276 lock_kernel();
4277 if (request->fl_type != F_UNLCK) {
4278 @@ -963,7 +987,7 @@ static int __posix_lock_file(struct inod
4279 */
4280 int posix_lock_file(struct file *filp, struct file_lock *fl)
4281 {
4282 - return __posix_lock_file(filp->f_dentry->d_inode, fl);
4283 + return __posix_lock_file(filp->f_dentry->d_inode, fl, filp->f_xid);
4284 }
4285
4286 /**
4287 @@ -980,7 +1004,8 @@ int posix_lock_file_wait(struct file *fi
4288 int error;
4289 might_sleep ();
4290 for (;;) {
4291 - error = __posix_lock_file(filp->f_dentry->d_inode, fl);
4292 + error = __posix_lock_file(filp->f_dentry->d_inode,
4293 + fl, filp->f_xid);
4294 if ((error != -EAGAIN) || !(fl->fl_flags & FL_SLEEP))
4295 break;
4296 error = wait_event_interruptible(fl->fl_wait, !fl->fl_next);
4297 @@ -1052,7 +1077,7 @@ int locks_mandatory_area(int read_write,
4298 fl.fl_end = offset + count - 1;
4299
4300 for (;;) {
4301 - error = __posix_lock_file(inode, &fl);
4302 + error = __posix_lock_file(inode, &fl, filp->f_xid);
4303 if (error != -EAGAIN)
4304 break;
4305 if (!(fl.fl_flags & FL_SLEEP))
4306 @@ -1613,6 +1638,11 @@ int fcntl_setlk(unsigned int fd, struct
4307 if (file_lock == NULL)
4308 return -ENOLCK;
4309
4310 + vxd_assert(filp->f_xid == vx_current_xid(),
4311 + "f_xid(%d) == current(%d)", filp->f_xid, vx_current_xid());
4312 + file_lock->fl_xid = filp->f_xid;
4313 + vx_locks_inc(file_lock);
4314 +
4315 /*
4316 * This might block, so we do it before checking the inode.
4317 */
4318 @@ -1665,7 +1695,8 @@ again:
4319 error = filp->f_op->lock(filp, cmd, file_lock);
4320 else {
4321 for (;;) {
4322 - error = __posix_lock_file(inode, file_lock);
4323 + error = __posix_lock_file(inode, file_lock,
4324 + filp->f_xid);
4325 if ((error != -EAGAIN) || (cmd == F_SETLK))
4326 break;
4327 error = wait_event_interruptible(file_lock->fl_wait,
4328 @@ -1756,6 +1787,11 @@ int fcntl_setlk64(unsigned int fd, struc
4329 if (file_lock == NULL)
4330 return -ENOLCK;
4331
4332 + vxd_assert(filp->f_xid == vx_current_xid(),
4333 + "f_xid(%d) == current(%d)", filp->f_xid, vx_current_xid());
4334 + file_lock->fl_xid = filp->f_xid;
4335 + vx_locks_inc(file_lock);
4336 +
4337 /*
4338 * This might block, so we do it before checking the inode.
4339 */
4340 @@ -1808,7 +1844,8 @@ again:
4341 error = filp->f_op->lock(filp, cmd, file_lock);
4342 else {
4343 for (;;) {
4344 - error = __posix_lock_file(inode, file_lock);
4345 + error = __posix_lock_file(inode, file_lock,
4346 + filp->f_xid);
4347 if ((error != -EAGAIN) || (cmd == F_SETLK64))
4348 break;
4349 error = wait_event_interruptible(file_lock->fl_wait,
4350 @@ -2081,6 +2118,10 @@ int get_locks_status(char *buffer, char
4351 list_for_each(tmp, &file_lock_list) {
4352 struct list_head *btmp;
4353 struct file_lock *fl = list_entry(tmp, struct file_lock, fl_link);
4354 +
4355 + if (!vx_check(fl->fl_xid, VX_IDENT|VX_WATCH))
4356 + continue;
4357 +
4358 lock_get_status(q, fl, ++i, "");
4359 move_lock_status(&q, &pos, offset);
4360
4361 Index: vserver-sources-2.6.16_2.0.2/fs/namei.c
4362 ===================================================================
4363 --- vserver-sources-2.6.16_2.0.2.orig/fs/namei.c
4364 +++ vserver-sources-2.6.16_2.0.2/fs/namei.c
4365 @@ -32,6 +32,9 @@
4366 #include <linux/file.h>
4367 #include <linux/fcntl.h>
4368 #include <linux/namei.h>
4369 +#include <linux/proc_fs.h>
4370 +#include <linux/vserver/inode.h>
4371 +#include <linux/vserver/debug.h>
4372 #include <asm/namei.h>
4373 #include <asm/uaccess.h>
4374
4375 @@ -225,6 +228,24 @@ int generic_permission(struct inode *ino
4376 return -EACCES;
4377 }
4378
4379 +static inline int xid_permission(struct inode *inode, int mask, struct nameidata *nd)
4380 +{
4381 + if (IS_BARRIER(inode) && !vx_check(0, VX_ADMIN)) {
4382 + vxwprintk(1, "xid=%d did hit the barrier.",
4383 + vx_current_xid());
4384 + return -EACCES;
4385 + }
4386 + if (inode->i_xid == 0)
4387 + return 0;
4388 + if (vx_check(inode->i_xid, VX_ADMIN|VX_WATCH|VX_IDENT))
4389 + return 0;
4390 +
4391 + vxwprintk(1, "xid=%d denied access to %p[#%d,%lu] »%s«.",
4392 + vx_current_xid(), inode, inode->i_xid, inode->i_ino,
4393 + vxd_cond_path(nd));
4394 + return -EACCES;
4395 +}
4396 +
4397 int permission(struct inode *inode, int mask, struct nameidata *nd)
4398 {
4399 int retval, submask;
4400 @@ -235,7 +256,7 @@ int permission(struct inode *inode, int
4401 /*
4402 * Nobody gets write access to a read-only fs.
4403 */
4404 - if (IS_RDONLY(inode) &&
4405 + if ((IS_RDONLY(inode) || (nd && MNT_IS_RDONLY(nd->mnt))) &&
4406 (S_ISREG(mode) || S_ISDIR(mode) || S_ISLNK(mode)))
4407 return -EROFS;
4408
4409 @@ -249,6 +270,8 @@ int permission(struct inode *inode, int
4410
4411 /* Ordinary permission routines do not understand MAY_APPEND. */
4412 submask = mask & ~MAY_APPEND;
4413 + if ((retval = xid_permission(inode, mask, nd)))
4414 + return retval;
4415 if (inode->i_op && inode->i_op->permission)
4416 retval = inode->i_op->permission(inode, submask, nd);
4417 else
4418 @@ -702,7 +725,8 @@ static __always_inline void follow_dotdo
4419 if (nd->dentry == current->fs->root &&
4420 nd->mnt == current->fs->rootmnt) {
4421 read_unlock(&current->fs->lock);
4422 - break;
4423 + /* for sane '/' avoid follow_mount() */
4424 + return;
4425 }
4426 read_unlock(&current->fs->lock);
4427 spin_lock(&dcache_lock);
4428 @@ -739,16 +763,34 @@ static int do_lookup(struct nameidata *n
4429 {
4430 struct vfsmount *mnt = nd->mnt;
4431 struct dentry *dentry = __d_lookup(nd->dentry, name);
4432 + struct inode *inode;
4433
4434 if (!dentry)
4435 goto need_lookup;
4436 if (dentry->d_op && dentry->d_op->d_revalidate)
4437 goto need_revalidate;
4438 + inode = dentry->d_inode;
4439 + if (!inode)
4440 + goto done;
4441 + if (!vx_check(inode->i_xid, VX_WATCH|VX_ADMIN|VX_HOSTID|VX_IDENT))
4442 + goto hidden;
4443 + if (inode->i_sb->s_magic == PROC_SUPER_MAGIC) {
4444 + struct proc_dir_entry *de = PDE(inode);
4445 +
4446 + if (de && !vx_hide_check(0, de->vx_flags))
4447 + goto hidden;
4448 + }
4449 done:
4450 path->mnt = mnt;
4451 path->dentry = dentry;
4452 __follow_mount(path);
4453 return 0;
4454 +hidden:
4455 + vxwprintk(1, "xid=%d did lookup hidden %p[#%d,%lu] »%s«.",
4456 + vx_current_xid(), inode, inode->i_xid, inode->i_ino,
4457 + vxd_path(dentry, mnt));
4458 + dput(dentry);
4459 + return -ENOENT;
4460
4461 need_lookup:
4462 dentry = real_lookup(nd->dentry, name, nd);
4463 @@ -1345,7 +1387,8 @@ static inline int check_sticky(struct in
4464 * 10. We don't allow removal of NFS sillyrenamed files; it's handled by
4465 * nfs_async_unlink().
4466 */
4467 -static int may_delete(struct inode *dir,struct dentry *victim,int isdir)
4468 +static int may_delete(struct inode *dir, struct dentry *victim,
4469 + int isdir, struct nameidata *nd)
4470 {
4471 int error;
4472
4473 @@ -1354,13 +1397,13 @@ static int may_delete(struct inode *dir,
4474
4475 BUG_ON(victim->d_parent->d_inode != dir);
4476
4477 - error = permission(dir,MAY_WRITE | MAY_EXEC, NULL);
4478 + error = permission(dir,MAY_WRITE | MAY_EXEC, nd);
4479 if (error)
4480 return error;
4481 if (IS_APPEND(dir))
4482 return -EPERM;
4483 if (check_sticky(dir, victim->d_inode)||IS_APPEND(victim->d_inode)||
4484 - IS_IMMUTABLE(victim->d_inode))
4485 + IS_IXORUNLINK(victim->d_inode))
4486 return -EPERM;
4487 if (isdir) {
4488 if (!S_ISDIR(victim->d_inode->i_mode))
4489 @@ -1507,7 +1550,8 @@ int may_open(struct nameidata *nd, int a
4490 return -EACCES;
4491
4492 flag &= ~O_TRUNC;
4493 - } else if (IS_RDONLY(inode) && (flag & FMODE_WRITE))
4494 + } else if ((IS_RDONLY(inode) || MNT_IS_RDONLY(nd->mnt))
4495 + && (flag & FMODE_WRITE))
4496 return -EROFS;
4497 /*
4498 * An append-only file must be opened in append mode for writing.
4499 @@ -1773,9 +1817,10 @@ fail:
4500 }
4501 EXPORT_SYMBOL_GPL(lookup_create);
4502
4503 -int vfs_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev)
4504 +int vfs_mknod(struct inode *dir, struct dentry *dentry,
4505 + int mode, dev_t dev, struct nameidata *nd)
4506 {
4507 - int error = may_create(dir, dentry, NULL);
4508 + int error = may_create(dir, dentry, nd);
4509
4510 if (error)
4511 return error;
4512 @@ -1825,11 +1870,12 @@ asmlinkage long sys_mknodat(int dfd, con
4513 error = vfs_create(nd.dentry->d_inode,dentry,mode,&nd);
4514 break;
4515 case S_IFCHR: case S_IFBLK:
4516 - error = vfs_mknod(nd.dentry->d_inode,dentry,mode,
4517 - new_decode_dev(dev));
4518 + error = vfs_mknod(nd.dentry->d_inode, dentry, mode,
4519 + new_decode_dev(dev), &nd);
4520 break;
4521 case S_IFIFO: case S_IFSOCK:
4522 - error = vfs_mknod(nd.dentry->d_inode,dentry,mode,0);
4523 + error = vfs_mknod(nd.dentry->d_inode, dentry, mode,
4524 + 0, &nd);
4525 break;
4526 case S_IFDIR:
4527 error = -EPERM;
4528 @@ -1852,9 +1898,10 @@ asmlinkage long sys_mknod(const char __u
4529 return sys_mknodat(AT_FDCWD, filename, mode, dev);
4530 }
4531
4532 -int vfs_mkdir(struct inode *dir, struct dentry *dentry, int mode)
4533 +int vfs_mkdir(struct inode *dir, struct dentry *dentry,
4534 + int mode, struct nameidata *nd)
4535 {
4536 - int error = may_create(dir, dentry, NULL);
4537 + int error = may_create(dir, dentry, nd);
4538
4539 if (error)
4540 return error;
4541 @@ -1893,7 +1940,8 @@ asmlinkage long sys_mkdirat(int dfd, con
4542 if (!IS_ERR(dentry)) {
4543 if (!IS_POSIXACL(nd.dentry->d_inode))
4544 mode &= ~current->fs->umask;
4545 - error = vfs_mkdir(nd.dentry->d_inode, dentry, mode);
4546 + error = vfs_mkdir(nd.dentry->d_inode, dentry,
4547 + mode, &nd);
4548 dput(dentry);
4549 }
4550 mutex_unlock(&nd.dentry->d_inode->i_mutex);
4551 @@ -1938,9 +1986,10 @@ void dentry_unhash(struct dentry *dentry
4552 spin_unlock(&dcache_lock);
4553 }
4554
4555 -int vfs_rmdir(struct inode *dir, struct dentry *dentry)
4556 +int vfs_rmdir(struct inode *dir, struct dentry *dentry,
4557 + struct nameidata *nd)
4558 {
4559 - int error = may_delete(dir, dentry, 1);
4560 + int error = may_delete(dir, dentry, 1, nd);
4561
4562 if (error)
4563 return error;
4564 @@ -2001,7 +2050,7 @@ static long do_rmdir(int dfd, const char
4565 dentry = lookup_hash(&nd);
4566 error = PTR_ERR(dentry);
4567 if (!IS_ERR(dentry)) {
4568 - error = vfs_rmdir(nd.dentry->d_inode, dentry);
4569 + error = vfs_rmdir(nd.dentry->d_inode, dentry, &nd);
4570 dput(dentry);
4571 }
4572 mutex_unlock(&nd.dentry->d_inode->i_mutex);
4573 @@ -2017,9 +2066,10 @@ asmlinkage long sys_rmdir(const char __u
4574 return do_rmdir(AT_FDCWD, pathname);
4575 }
4576
4577 -int vfs_unlink(struct inode *dir, struct dentry *dentry)
4578 +int vfs_unlink(struct inode *dir, struct dentry *dentry,
4579 + struct nameidata *nd)
4580 {
4581 - int error = may_delete(dir, dentry, 0);
4582 + int error = may_delete(dir, dentry, 0, nd);
4583
4584 if (error)
4585 return error;
4586 @@ -2081,7 +2131,7 @@ static long do_unlinkat(int dfd, const c
4587 inode = dentry->d_inode;
4588 if (inode)
4589 atomic_inc(&inode->i_count);
4590 - error = vfs_unlink(nd.dentry->d_inode, dentry);
4591 + error = vfs_unlink(nd.dentry->d_inode, dentry, &nd);
4592 exit2:
4593 dput(dentry);
4594 }
4595 @@ -2116,9 +2166,10 @@ asmlinkage long sys_unlink(const char __
4596 return do_unlinkat(AT_FDCWD, pathname);
4597 }
4598
4599 -int vfs_symlink(struct inode *dir, struct dentry *dentry, const char *oldname, int mode)
4600 +int vfs_symlink(struct inode *dir, struct dentry *dentry,
4601 + const char *oldname, int mode, struct nameidata *nd)
4602 {
4603 - int error = may_create(dir, dentry, NULL);
4604 + int error = may_create(dir, dentry, nd);
4605
4606 if (error)
4607 return error;
4608 @@ -2159,7 +2210,8 @@ asmlinkage long sys_symlinkat(const char
4609 dentry = lookup_create(&nd, 0);
4610 error = PTR_ERR(dentry);
4611 if (!IS_ERR(dentry)) {
4612 - error = vfs_symlink(nd.dentry->d_inode, dentry, from, S_IALLUGO);
4613 + error = vfs_symlink(nd.dentry->d_inode, dentry,
4614 + from, S_IALLUGO, &nd);
4615 dput(dentry);
4616 }
4617 mutex_unlock(&nd.dentry->d_inode->i_mutex);
4618 @@ -2176,7 +2228,8 @@ asmlinkage long sys_symlink(const char _
4619 return sys_symlinkat(oldname, AT_FDCWD, newname);
4620 }
4621
4622 -int vfs_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_dentry)
4623 +int vfs_link(struct dentry *old_dentry, struct inode *dir,
4624 + struct dentry *new_dentry, struct nameidata *nd)
4625 {
4626 struct inode *inode = old_dentry->d_inode;
4627 int error;
4628 @@ -2184,7 +2237,7 @@ int vfs_link(struct dentry *old_dentry,
4629 if (!inode)
4630 return -ENOENT;
4631
4632 - error = may_create(dir, new_dentry, NULL);
4633 + error = may_create(dir, new_dentry, nd);
4634 if (error)
4635 return error;
4636
4637 @@ -2194,7 +2247,7 @@ int vfs_link(struct dentry *old_dentry,
4638 /*
4639 * A link to an append-only or immutable file cannot be created.
4640 */
4641 - if (IS_APPEND(inode) || IS_IMMUTABLE(inode))
4642 + if (IS_APPEND(inode) || IS_IXORUNLINK(inode))
4643 return -EPERM;
4644 if (!dir->i_op || !dir->i_op->link)
4645 return -EPERM;
4646 @@ -2251,7 +2304,8 @@ asmlinkage long sys_linkat(int olddfd, c
4647 new_dentry = lookup_create(&nd, 0);
4648 error = PTR_ERR(new_dentry);
4649 if (!IS_ERR(new_dentry)) {
4650 - error = vfs_link(old_nd.dentry, nd.dentry->d_inode, new_dentry);
4651 + error = vfs_link(old_nd.dentry, nd.dentry->d_inode,
4652 + new_dentry, &nd);
4653 dput(new_dentry);
4654 }
4655 mutex_unlock(&nd.dentry->d_inode->i_mutex);
4656 @@ -2383,14 +2437,14 @@ int vfs_rename(struct inode *old_dir, st
4657 if (old_dentry->d_inode == new_dentry->d_inode)
4658 return 0;
4659
4660 - error = may_delete(old_dir, old_dentry, is_dir);
4661 + error = may_delete(old_dir, old_dentry, is_dir, NULL);
4662 if (error)
4663 return error;
4664
4665 if (!new_dentry->d_inode)
4666 error = may_create(new_dir, new_dentry, NULL);
4667 else
4668 - error = may_delete(new_dir, new_dentry, is_dir);
4669 + error = may_delete(new_dir, new_dentry, is_dir, NULL);
4670 if (error)
4671 return error;
4672
4673 @@ -2468,6 +2522,9 @@ static int do_rename(int olddfd, const c
4674 error = -EINVAL;
4675 if (old_dentry == trap)
4676 goto exit4;
4677 + error = -EROFS;
4678 + if (MNT_IS_RDONLY(newnd.mnt))
4679 + goto exit4;
4680 new_dentry = lookup_hash(&newnd);
4681 error = PTR_ERR(new_dentry);
4682 if (IS_ERR(new_dentry))
4683 Index: vserver-sources-2.6.16_2.0.2/fs/namespace.c
4684 ===================================================================
4685 --- vserver-sources-2.6.16_2.0.2.orig/fs/namespace.c
4686 +++ vserver-sources-2.6.16_2.0.2/fs/namespace.c
4687 @@ -23,6 +23,8 @@
4688 #include <linux/namei.h>
4689 #include <linux/security.h>
4690 #include <linux/mount.h>
4691 +#include <linux/vserver/namespace.h>
4692 +#include <linux/vserver/xid.h>
4693 #include <asm/uaccess.h>
4694 #include <asm/unistd.h>
4695 #include "pnode.h"
4696 @@ -241,6 +243,7 @@ static struct vfsmount *clone_mnt(struct
4697 mnt->mnt_root = dget(root);
4698 mnt->mnt_mountpoint = mnt->mnt_root;
4699 mnt->mnt_parent = mnt;
4700 + mnt->mnt_xid = old->mnt_xid;
4701
4702 if (flag & CL_SLAVE) {
4703 list_add(&mnt->mnt_slave, &old->mnt_slave_list);
4704 @@ -349,43 +352,85 @@ static inline void mangle(struct seq_fil
4705 seq_escape(m, s, " \t\n\\");
4706 }
4707
4708 +static int mnt_is_reachable(struct vfsmount *mnt)
4709 +{
4710 + struct vfsmount *root_mnt;
4711 + struct dentry *root, *point;
4712 + int ret;
4713 +
4714 + if (mnt == mnt->mnt_namespace->root)
4715 + return 1;
4716 +
4717 + spin_lock(&dcache_lock);
4718 + root_mnt = current->fs->rootmnt;
4719 + root = current->fs->root;
4720 + point = root;
4721 +
4722 + while ((mnt != mnt->mnt_parent) && (mnt != root_mnt)) {
4723 + point = mnt->mnt_mountpoint;
4724 + mnt = mnt->mnt_parent;
4725 + }
4726 +
4727 + ret = (mnt == root_mnt) && is_subdir(point, root);
4728 +
4729 + spin_unlock(&dcache_lock);
4730 +
4731 + return ret;
4732 +}
4733 +
4734 static int show_vfsmnt(struct seq_file *m, void *v)
4735 {
4736 struct vfsmount *mnt = v;
4737 int err = 0;
4738 static struct proc_fs_info {
4739 - int flag;
4740 - char *str;
4741 + int s_flag;
4742 + int mnt_flag;
4743 + char *set_str;
4744 + char *unset_str;
4745 } fs_info[] = {
4746 - { MS_SYNCHRONOUS, ",sync" },
4747 - { MS_DIRSYNC, ",dirsync" },
4748 - { MS_MANDLOCK, ",mand" },
4749 - { 0, NULL }
4750 - };
4751 - static struct proc_fs_info mnt_info[] = {
4752 - { MNT_NOSUID, ",nosuid" },
4753 - { MNT_NODEV, ",nodev" },
4754 - { MNT_NOEXEC, ",noexec" },
4755 - { MNT_NOATIME, ",noatime" },
4756 - { MNT_NODIRATIME, ",nodiratime" },
4757 - { 0, NULL }
4758 + { MS_RDONLY, MNT_RDONLY, "ro", "rw" },
4759 + { MS_SYNCHRONOUS, 0, ",sync", NULL },
4760 + { MS_DIRSYNC, 0, ",dirsync", NULL },
4761 + { MS_MANDLOCK, 0, ",mand", NULL },
4762 + { MS_TAGXID, 0, ",tagxid", NULL },
4763 + { MS_NOATIME, MNT_NOATIME, ",noatime", NULL },
4764 + { MS_NODIRATIME, MNT_NODIRATIME, ",nodiratime", NULL },
4765 + { 0, MNT_NOSUID, ",nosuid", NULL },
4766 + { 0, MNT_NODEV, ",nodev", NULL },
4767 + { 0, MNT_NOEXEC, ",noexec", NULL },
4768 + { 0, 0, NULL, NULL }
4769 };
4770 - struct proc_fs_info *fs_infop;
4771 + struct proc_fs_info *p;
4772 + unsigned long s_flags = mnt->mnt_sb->s_flags;
4773 + int mnt_flags = mnt->mnt_flags;
4774
4775 - mangle(m, mnt->mnt_devname ? mnt->mnt_devname : "none");
4776 - seq_putc(m, ' ');
4777 - seq_path(m, mnt, mnt->mnt_root, " \t\n\\");
4778 - seq_putc(m, ' ');
4779 + if (vx_flags(VXF_HIDE_MOUNT, 0))
4780 + return 0;
4781 + if (!mnt_is_reachable(mnt))
4782 + return 0;
4783 +
4784 + if (!vx_check(0, VX_ADMIN|VX_WATCH) &&
4785 + mnt == current->fs->rootmnt) {
4786 + seq_puts(m, "/dev/root / ");
4787 + } else {
4788 + mangle(m, mnt->mnt_devname ? mnt->mnt_devname : "none");
4789 + seq_putc(m, ' ');
4790 + seq_path(m, mnt, mnt->mnt_root, " \t\n\\");
4791 + seq_putc(m, ' ');
4792 + }
4793 mangle(m, mnt->mnt_sb->s_type->name);
4794 - seq_puts(m, mnt->mnt_sb->s_flags & MS_RDONLY ? " ro" : " rw");
4795 - for (fs_infop = fs_info; fs_infop->flag; fs_infop++) {
4796 - if (mnt->mnt_sb->s_flags & fs_infop->flag)
4797 - seq_puts(m, fs_infop->str);
4798 - }
4799 - for (fs_infop = mnt_info; fs_infop->flag; fs_infop++) {
4800 - if (mnt->mnt_flags & fs_infop->flag)
4801 - seq_puts(m, fs_infop->str);
4802 + seq_putc(m, ' ');
4803 + for (p = fs_info; (p->s_flag | p->mnt_flag) ; p++) {
4804 + if ((s_flags & p->s_flag) || (mnt_flags & p->mnt_flag)) {
4805 + if (p->set_str)
4806 + seq_puts(m, p->set_str);
4807 + } else {
4808 + if (p->unset_str)
4809 + seq_puts(m, p->unset_str);
4810 + }
4811 }
4812 + if (mnt->mnt_flags & MNT_XID)
4813 + seq_printf(m, ",xid=%d", mnt->mnt_xid);
4814 if (mnt->mnt_sb->s_op->show_options)
4815 err = mnt->mnt_sb->s_op->show_options(m, mnt);
4816 seq_puts(m, " 0 0\n");
4817 @@ -475,15 +520,11 @@ void release_mounts(struct list_head *he
4818 }
4819 }
4820
4821 -void umount_tree(struct vfsmount *mnt, int propagate, struct list_head *kill)
4822 +static inline void __umount_list(struct vfsmount *mnt,
4823 + int propagate, struct list_head *kill)
4824 {
4825 struct vfsmount *p;
4826
4827 - for (p = mnt; p; p = next_mnt(p, mnt)) {
4828 - list_del(&p->mnt_hash);
4829 - list_add(&p->mnt_hash, kill);
4830 - }
4831 -
4832 if (propagate)
4833 propagate_umount(kill);
4834
4835 @@ -499,6 +540,33 @@ void umount_tree(struct vfsmount *mnt, i
4836 }
4837 }
4838
4839 +void umount_tree(struct vfsmount *mnt, int propagate, struct list_head *kill)
4840 +{
4841 + struct vfsmount *p;
4842 +
4843 + for (p = mnt; p; p = next_mnt(p, mnt)) {
4844 + list_del(&p->mnt_hash);
4845 + list_add(&p->mnt_hash, kill);
4846 + // p->mnt_namespace = NULL;
4847 + }
4848 + __umount_list(mnt, propagate, kill);
4849 +}
4850 +
4851 +void umount_unused(struct vfsmount *mnt, struct fs_struct *fs)
4852 +{
4853 + struct vfsmount *p;
4854 + LIST_HEAD(kill);
4855 +
4856 + for (p = mnt; p; p = next_mnt(p, mnt)) {
4857 + if (p == fs->rootmnt || p == fs->pwdmnt)
4858 + continue;
4859 + list_del(&p->mnt_list);
4860 + list_add(&p->mnt_list, &kill);
4861 + p->mnt_namespace = NULL;
4862 + }
4863 + __umount_list(mnt, 0, &kill);
4864 +}
4865 +
4866 static int do_umount(struct vfsmount *mnt, int flags)
4867 {
4868 struct super_block *sb = mnt->mnt_sb;
4869 @@ -608,7 +676,7 @@ asmlinkage long sys_umount(char __user *
4870 goto dput_and_out;
4871
4872 retval = -EPERM;
4873 - if (!capable(CAP_SYS_ADMIN))
4874 + if (!capable(CAP_SYS_ADMIN) && !vx_ccaps(VXC_SECURE_MOUNT))
4875 goto dput_and_out;
4876
4877 retval = do_umount(nd.mnt, flags);
4878 @@ -634,6 +702,8 @@ static int mount_is_safe(struct nameidat
4879 {
4880 if (capable(CAP_SYS_ADMIN))
4881 return 0;
4882 + if (vx_ccaps(VXC_SECURE_MOUNT))
4883 + return 0;
4884 return -EPERM;
4885 #ifdef notyet
4886 if (S_ISLNK(nd->dentry->d_inode->i_mode))
4887 @@ -861,11 +931,13 @@ static int do_change_type(struct nameida
4888 /*
4889 * do loopback mount.
4890 */
4891 -static int do_loopback(struct nameidata *nd, char *old_name, int recurse)
4892 +static int do_loopback(struct nameidata *nd, char *old_name, xid_t xid,
4893 + unsigned long flags, int mnt_flags)
4894 {
4895 struct nameidata old_nd;
4896 struct vfsmount *mnt = NULL;
4897 int err = mount_is_safe(nd);
4898 + int recurse = flags & MS_REC;
4899 if (err)
4900 return err;
4901 if (!old_name || !*old_name)
4902 @@ -891,6 +963,12 @@ static int do_loopback(struct nameidata
4903 if (!mnt)
4904 goto out;
4905
4906 + mnt->mnt_flags = mnt_flags;
4907 + if (flags & MS_XID) {
4908 + mnt->mnt_xid = xid;
4909 + mnt->mnt_flags |= MNT_XID;
4910 + }
4911 +
4912 err = graft_tree(mnt, nd);
4913 if (err) {
4914 LIST_HEAD(umount_list);
4915 @@ -899,6 +977,7 @@ static int do_loopback(struct nameidata
4916 spin_unlock(&vfsmount_lock);
4917 release_mounts(&umount_list);
4918 }
4919 + mnt->mnt_flags = mnt_flags;
4920
4921 out:
4922 up_write(&namespace_sem);
4923 @@ -912,12 +991,12 @@ out:
4924 * on it - tough luck.
4925 */
4926 static int do_remount(struct nameidata *nd, int flags, int mnt_flags,
4927 - void *data)
4928 + void *data, xid_t xid)
4929 {
4930 int err;
4931 struct super_block *sb = nd->mnt->mnt_sb;
4932
4933 - if (!capable(CAP_SYS_ADMIN))
4934 + if (!capable(CAP_SYS_ADMIN) && !vx_ccaps(VXC_SECURE_REMOUNT))
4935 return -EPERM;
4936
4937 if (!check_mnt(nd->mnt))
4938 @@ -951,7 +1030,7 @@ static int do_move_mount(struct nameidat
4939 struct nameidata old_nd, parent_nd;
4940 struct vfsmount *p;
4941 int err = 0;
4942 - if (!capable(CAP_SYS_ADMIN))
4943 + if (!capable(CAP_SYS_ADMIN) && !vx_ccaps(VXC_SECURE_MOUNT))
4944 return -EPERM;
4945 if (!old_name || !*old_name)
4946 return -EINVAL;
4947 @@ -1031,7 +1110,7 @@ static int do_new_mount(struct nameidata
4948 return -EINVAL;
4949
4950 /* we need capabilities... */
4951 - if (!capable(CAP_SYS_ADMIN))
4952 + if (!capable(CAP_SYS_ADMIN) && !vx_ccaps(VXC_SECURE_MOUNT))
4953 return -EPERM;
4954
4955 mnt = do_kern_mount(type, flags, name, data);
4956 @@ -1269,6 +1348,7 @@ long do_mount(char *dev_name, char *dir_
4957 struct nameidata nd;
4958 int retval = 0;
4959 int mnt_flags = 0;
4960 + xid_t xid = 0;
4961
4962 /* Discard magic */
4963 if ((flags & MS_MGC_MSK) == MS_MGC_VAL)
4964 @@ -1284,7 +1364,17 @@ long do_mount(char *dev_name, char *dir_
4965 if (data_page)
4966 ((char *)data_page)[PAGE_SIZE - 1] = 0;
4967
4968 + retval = vx_parse_xid(data_page, &xid, 1);
4969 + if (retval) {
4970 + mnt_flags |= MNT_XID;
4971 + /* bind and re-mounts get xid flag */
4972 + if (flags & (MS_BIND|MS_REMOUNT))
4973 + flags |= MS_XID;
4974 + }
4975 +
4976 /* Separate the per-mountpoint flags */
4977 + if (flags & MS_RDONLY)
4978 + mnt_flags |= MNT_RDONLY;
4979 if (flags & MS_NOSUID)
4980 mnt_flags |= MNT_NOSUID;
4981 if (flags & MS_NODEV)
4982 @@ -1296,6 +1386,8 @@ long do_mount(char *dev_name, char *dir_
4983 if (flags & MS_NODIRATIME)
4984 mnt_flags |= MNT_NODIRATIME;
4985
4986 + if (vx_ccaps(VXC_SECURE_MOUNT))
4987 + mnt_flags |= MNT_NODEV;
4988 flags &= ~(MS_NOSUID | MS_NOEXEC | MS_NODEV | MS_ACTIVE |
4989 MS_NOATIME | MS_NODIRATIME);
4990
4991 @@ -1310,9 +1402,9 @@ long do_mount(char *dev_name, char *dir_
4992
4993 if (flags & MS_REMOUNT)
4994 retval = do_remount(&nd, flags & ~MS_REMOUNT, mnt_flags,
4995 - data_page);
4996 + data_page, xid);
4997 else if (flags & MS_BIND)
4998 - retval = do_loopback(&nd, dev_name, flags & MS_REC);
4999 + retval = do_loopback(&nd, dev_name, xid, flags, mnt_flags);
5000 else if (flags & (MS_SHARED | MS_PRIVATE | MS_SLAVE | MS_UNBINDABLE))
5001 retval = do_change_type(&nd, flags);
5002 else if (flags & MS_MOVE)
5003 @@ -1410,7 +1502,7 @@ int copy_namespace(int flags, struct tas
5004 if (!(flags & CLONE_NEWNS))
5005 return 0;
5006
5007 - if (!capable(CAP_SYS_ADMIN)) {
5008 + if (!capable(CAP_SYS_ADMIN) && !vx_ccaps(VXC_SECURE_MOUNT)) {
5009 err = -EPERM;
5010 goto out;
5011 }
5012 Index: vserver-sources-2.6.16_2.0.2/fs/nfs/dir.c
5013 ===================================================================
5014 --- vserver-sources-2.6.16_2.0.2.orig/fs/nfs/dir.c
5015 +++ vserver-sources-2.6.16_2.0.2/fs/nfs/dir.c
5016 @@ -28,9 +28,11 @@
5017 #include <linux/sunrpc/clnt.h>
5018 #include <linux/nfs_fs.h>
5019 #include <linux/nfs_mount.h>
5020 +#include <linux/mount.h>
5021 #include <linux/pagemap.h>
5022 #include <linux/smp_lock.h>
5023 #include <linux/namei.h>
5024 +#include <linux/vserver/xid.h>
5025
5026 #include "nfs4_fs.h"
5027 #include "delegation.h"
5028 @@ -869,6 +871,7 @@ static struct dentry *nfs_lookup(struct
5029 inode = nfs_fhget(dentry->d_sb, &fhandle, &fattr);
5030 if (!inode)
5031 goto out_unlock;
5032 + vx_propagate_xid(nd, inode);
5033 no_entry:
5034 res = d_add_unique(dentry, inode);
5035 if (res != NULL)
5036 @@ -902,7 +905,8 @@ static int is_atomic_open(struct inode *
5037 if (nd->flags & LOOKUP_DIRECTORY)
5038 return 0;
5039 /* Are we trying to write to a read only partition? */
5040 - if (IS_RDONLY(dir) && (nd->intent.open.flags & (O_CREAT|O_TRUNC|FMODE_WRITE)))
5041 + if ((IS_RDONLY(dir) || MNT_IS_RDONLY(nd->mnt)) &&
5042 + (nd->intent.open.flags & (O_CREAT|O_TRUNC|FMODE_WRITE)))
5043 return 0;
5044 return 1;
5045 }
5046 Index: vserver-sources-2.6.16_2.0.2/fs/nfs/inode.c
5047 ===================================================================
5048 --- vserver-sources-2.6.16_2.0.2.orig/fs/nfs/inode.c
5049 +++ vserver-sources-2.6.16_2.0.2/fs/nfs/inode.c
5050 @@ -35,6 +35,7 @@
5051 #include <linux/mount.h>
5052 #include <linux/nfs_idmap.h>
5053 #include <linux/vfs.h>
5054 +#include <linux/vserver/xid.h>
5055
5056 #include <asm/system.h>
5057 #include <asm/uaccess.h>
5058 @@ -336,12 +337,16 @@ nfs_sb_init(struct super_block *sb, rpc_
5059 }
5060 server->backing_dev_info.ra_pages = server->rpages * NFS_MAX_READAHEAD;
5061
5062 + if (server->flags & NFS_MOUNT_TAGXID)
5063 + sb->s_flags |= MS_TAGXID;
5064 +
5065 sb->s_maxbytes = fsinfo.maxfilesize;
5066 if (sb->s_maxbytes > MAX_LFS_FILESIZE)
5067 sb->s_maxbytes = MAX_LFS_FILESIZE;
5068
5069 server->client->cl_intr = (server->flags & NFS_MOUNT_INTR) ? 1 : 0;
5070 server->client->cl_softrtry = (server->flags & NFS_MOUNT_SOFT) ? 1 : 0;
5071 + server->client->cl_tagxid = (server->flags & NFS_MOUNT_TAGXID) ? 1 : 0;
5072
5073 /* We're airborne Set socket buffersize */
5074 rpc_setbufsize(server->client, server->wsize + 100, server->rsize + 100);
5075 @@ -413,6 +418,7 @@ nfs_create_client(struct nfs_server *ser
5076
5077 clnt->cl_intr = 1;
5078 clnt->cl_softrtry = 1;
5079 + clnt->cl_tagxid = 1;
5080
5081 return clnt;
5082
5083 @@ -593,6 +599,7 @@ static int nfs_show_options(struct seq_f
5084 { NFS_MOUNT_NOAC, ",noac", "" },
5085 { NFS_MOUNT_NONLM, ",nolock", ",lock" },
5086 { NFS_MOUNT_NOACL, ",noacl", "" },
5087 + { NFS_MOUNT_TAGXID, ",tagxid", "" },
5088 { 0, NULL, NULL }
5089 };
5090 struct proc_nfs_info *nfs_infop;
5091 @@ -805,8 +812,10 @@ nfs_fhget(struct super_block *sb, struct
5092 nfsi->change_attr = fattr->change_attr;
5093 inode->i_size = nfs_size_to_loff_t(fattr->size);
5094 inode->i_nlink = fattr->nlink;
5095 - inode->i_uid = fattr->uid;
5096 - inode->i_gid = fattr->gid;
5097 + inode->i_uid = INOXID_UID(XID_TAG(inode), fattr->uid, fattr->gid);
5098 + inode->i_gid = INOXID_GID(XID_TAG(inode), fattr->uid, fattr->gid);
5099 + inode->i_xid = INOXID_XID(XID_TAG(inode), fattr->uid, fattr->gid, 0);
5100 + /* maybe fattr->xid someday */
5101 if (fattr->valid & (NFS_ATTR_FATTR_V3 | NFS_ATTR_FATTR_V4)) {
5102 /*
5103 * report the blocks in 512byte units
5104 @@ -897,6 +906,8 @@ void nfs_setattr_update_inode(struct ino
5105 inode->i_uid = attr->ia_uid;
5106 if ((attr->ia_valid & ATTR_GID) != 0)
5107 inode->i_gid = attr->ia_gid;
5108 + if ((attr->ia_valid & ATTR_XID) && IS_TAGXID(inode))
5109 + inode->i_xid = attr->ia_xid;
5110 spin_lock(&inode->i_lock);
5111 NFS_I(inode)->cache_validity |= NFS_INO_INVALID_ACCESS|NFS_INO_INVALID_ACL;
5112 spin_unlock(&inode->i_lock);
5113 @@ -1294,6 +1305,9 @@ static int nfs_check_inode_attributes(st
5114 struct nfs_inode *nfsi = NFS_I(inode);
5115 loff_t cur_size, new_isize;
5116 int data_unstable;
5117 + uid_t uid;
5118 + gid_t gid;
5119 + xid_t xid;
5120
5121
5122 if ((fattr->valid & NFS_ATTR_FATTR) == 0)
5123 @@ -1333,10 +1347,15 @@ static int nfs_check_inode_attributes(st
5124 nfsi->cache_validity |= NFS_INO_REVAL_PAGECACHE;
5125 }
5126
5127 + uid = INOXID_UID(XID_TAG(inode), fattr->uid, fattr->gid);
5128 + gid = INOXID_GID(XID_TAG(inode), fattr->uid, fattr->gid);
5129 + xid = INOXID_XID(XID_TAG(inode), fattr->uid, fattr->gid, 0);
5130 +
5131 /* Have any file permissions changed? */
5132 if ((inode->i_mode & S_IALLUGO) != (fattr->mode & S_IALLUGO)
5133 - || inode->i_uid != fattr->uid
5134 - || inode->i_gid != fattr->gid)
5135 + || inode->i_uid != uid
5136 + || inode->i_gid != gid
5137 + || inode->i_xid != xid)
5138 nfsi->cache_validity |= NFS_INO_INVALID_ATTR | NFS_INO_INVALID_ACCESS | NFS_INO_INVALID_ACL;
5139
5140 /* Has the link count changed? */
5141 @@ -1420,6 +1439,9 @@ static int nfs_update_inode(struct inode
5142 loff_t cur_isize, new_isize;
5143 unsigned int invalid = 0;
5144 int data_stable;
5145 + uid_t uid;
5146 + gid_t gid;
5147 + xid_t xid;
5148
5149 dfprintk(VFS, "NFS: %s(%s/%ld ct=%d info=0x%x)\n",
5150 __FUNCTION__, inode->i_sb->s_id, inode->i_ino,
5151 @@ -1498,15 +1520,21 @@ static int nfs_update_inode(struct inode
5152 }
5153 memcpy(&inode->i_atime, &fattr->atime, sizeof(inode->i_atime));
5154
5155 + uid = INOXID_UID(XID_TAG(inode), fattr->uid, fattr->gid);
5156 + gid = INOXID_GID(XID_TAG(inode), fattr->uid, fattr->gid);
5157 + xid = INOXID_XID(XID_TAG(inode), fattr->uid, fattr->gid, 0);
5158 +
5159 if ((inode->i_mode & S_IALLUGO) != (fattr->mode & S_IALLUGO) ||
5160 - inode->i_uid != fattr->uid ||
5161 - inode->i_gid != fattr->gid)
5162 + inode->i_uid != uid ||
5163 + inode->i_gid != gid ||
5164 + inode->i_xid != xid)
5165 invalid |= NFS_INO_INVALID_ATTR|NFS_INO_INVALID_ACCESS|NFS_INO_INVALID_ACL;
5166
5167 inode->i_mode = fattr->mode;
5168 inode->i_nlink = fattr->nlink;
5169 - inode->i_uid = fattr->uid;
5170 - inode->i_gid = fattr->gid;
5171 + inode->i_uid = uid;
5172 + inode->i_gid = gid;
5173 + inode->i_xid = xid;
5174
5175 if (fattr->valid & (NFS_ATTR_FATTR_V3 | NFS_ATTR_FATTR_V4)) {
5176 /*
5177 Index: vserver-sources-2.6.16_2.0.2/fs/nfs/nfs3xdr.c
5178 ===================================================================
5179 --- vserver-sources-2.6.16_2.0.2.orig/fs/nfs/nfs3xdr.c
5180 +++ vserver-sources-2.6.16_2.0.2/fs/nfs/nfs3xdr.c
5181 @@ -22,6 +22,7 @@
5182 #include <linux/nfs3.h>
5183 #include <linux/nfs_fs.h>
5184 #include <linux/nfsacl.h>
5185 +#include <linux/vserver/xid.h>
5186
5187 #define NFSDBG_FACILITY NFSDBG_XDR
5188
5189 @@ -178,7 +179,7 @@ xdr_decode_fattr(u32 *p, struct nfs_fatt
5190 }
5191
5192 static inline u32 *
5193 -xdr_encode_sattr(u32 *p, struct iattr *attr)
5194 +xdr_encode_sattr(u32 *p, struct iattr *attr, int tagxid)
5195 {
5196 if (attr->ia_valid & ATTR_MODE) {
5197 *p++ = xdr_one;
5198 @@ -186,15 +187,17 @@ xdr_encode_sattr(u32 *p, struct iattr *a
5199 } else {
5200 *p++ = xdr_zero;
5201 }
5202 - if (attr->ia_valid & ATTR_UID) {
5203 + if (attr->ia_valid & ATTR_UID ||
5204 + (tagxid && (attr->ia_valid & ATTR_XID))) {
5205 *p++ = xdr_one;
5206 - *p++ = htonl(attr->ia_uid);
5207 + *p++ = htonl(XIDINO_UID(tagxid, attr->ia_uid, attr->ia_xid));
5208 } else {
5209 *p++ = xdr_zero;
5210 }
5211 - if (attr->ia_valid & ATTR_GID) {
5212 + if (attr->ia_valid & ATTR_GID ||
5213 + (tagxid && (attr->ia_valid & ATTR_XID))) {
5214 *p++ = xdr_one;
5215 - *p++ = htonl(attr->ia_gid);
5216 + *p++ = htonl(XIDINO_GID(tagxid, attr->ia_gid, attr->ia_xid));
5217 } else {
5218 *p++ = xdr_zero;
5219 }
5220 @@ -279,7 +282,8 @@ static int
5221 nfs3_xdr_sattrargs(struct rpc_rqst *req, u32 *p, struct nfs3_sattrargs *args)
5222 {
5223 p = xdr_encode_fhandle(p, args->fh);
5224 - p = xdr_encode_sattr(p, args->sattr);
5225 + p = xdr_encode_sattr(p, args->sattr,
5226 + req->rq_task->tk_client->cl_tagxid);
5227 *p++ = htonl(args->guard);
5228 if (args->guard)
5229 p = xdr_encode_time3(p, &args->guardtime);
5230 @@ -370,7 +374,8 @@ nfs3_xdr_createargs(struct rpc_rqst *req
5231 *p++ = args->verifier[0];
5232 *p++ = args->verifier[1];
5233 } else
5234 - p = xdr_encode_sattr(p, args->sattr);
5235 + p = xdr_encode_sattr(p, args->sattr,
5236 + req->rq_task->tk_client->cl_tagxid);
5237
5238 req->rq_slen = xdr_adjust_iovec(req->rq_svec, p);
5239 return 0;
5240 @@ -384,7 +389,8 @@ nfs3_xdr_mkdirargs(struct rpc_rqst *req,
5241 {
5242 p = xdr_encode_fhandle(p, args->fh);
5243 p = xdr_encode_array(p, args->name, args->len);
5244 - p = xdr_encode_sattr(p, args->sattr);
5245 + p = xdr_encode_sattr(p, args->sattr,
5246 + req->rq_task->tk_client->cl_tagxid);
5247 req->rq_slen = xdr_adjust_iovec(req->rq_svec, p);
5248 return 0;
5249 }
5250 @@ -397,7 +403,8 @@ nfs3_xdr_symlinkargs(struct rpc_rqst *re
5251 {
5252 p = xdr_encode_fhandle(p, args->fromfh);
5253 p = xdr_encode_array(p, args->fromname, args->fromlen);
5254 - p = xdr_encode_sattr(p, args->sattr);
5255 + p = xdr_encode_sattr(p, args->sattr,
5256 + req->rq_task->tk_client->cl_tagxid);
5257 p = xdr_encode_array(p, args->topath, args->tolen);
5258 req->rq_slen = xdr_adjust_iovec(req->rq_svec, p);
5259 return 0;
5260 @@ -412,7 +419,8 @@ nfs3_xdr_mknodargs(struct rpc_rqst *req,
5261 p = xdr_encode_fhandle(p, args->fh);
5262 p = xdr_encode_array(p, args->name, args->len);
5263 *p++ = htonl(args->type);
5264 - p = xdr_encode_sattr(p, args->sattr);
5265 + p = xdr_encode_sattr(p, args->sattr,
5266 + req->rq_task->tk_client->cl_tagxid);
5267 if (args->type == NF3CHR || args->type == NF3BLK) {
5268 *p++ = htonl(MAJOR(args->rdev));
5269 *p++ = htonl(MINOR(args->rdev));
5270 Index: vserver-sources-2.6.16_2.0.2/fs/nfs/nfsroot.c
5271 ===================================================================
5272 --- vserver-sources-2.6.16_2.0.2.orig/fs/nfs/nfsroot.c
5273 +++ vserver-sources-2.6.16_2.0.2/fs/nfs/nfsroot.c
5274 @@ -87,6 +87,7 @@
5275 #include <linux/root_dev.h>
5276 #include <net/ipconfig.h>
5277 #include <linux/parser.h>
5278 +#include <linux/vs_cvirt.h>
5279
5280 /* Define this to allow debugging output */
5281 #undef NFSROOT_DEBUG
5282 @@ -124,7 +125,7 @@ enum {
5283 Opt_soft, Opt_hard, Opt_intr,
5284 Opt_nointr, Opt_posix, Opt_noposix, Opt_cto, Opt_nocto, Opt_ac,
5285 Opt_noac, Opt_lock, Opt_nolock, Opt_v2, Opt_v3, Opt_udp, Opt_tcp,
5286 - Opt_acl, Opt_noacl,
5287 + Opt_acl, Opt_noacl, Opt_tagxid,
5288 /* Error token */
5289 Opt_err
5290 };
5291 @@ -161,6 +162,7 @@ static match_table_t __initdata tokens =
5292 {Opt_tcp, "tcp"},
5293 {Opt_acl, "acl"},
5294 {Opt_noacl, "noacl"},
5295 + {Opt_tagxid, "tagxid"},
5296 {Opt_err, NULL}
5297
5298 };
5299 @@ -275,6 +277,11 @@ static int __init root_nfs_parse(char *n
5300 case Opt_noacl:
5301 nfs_data.flags |= NFS_MOUNT_NOACL;
5302 break;
5303 +#ifndef CONFIG_INOXID_NONE
5304 + case Opt_tagxid:
5305 + nfs_data.flags |= NFS_MOUNT_TAGXID;
5306 + break;
5307 +#endif
5308 default:
5309 printk(KERN_WARNING "Root-NFS: unknown "
5310 "option: %s\n", p);
5311 @@ -312,7 +319,7 @@ static int __init root_nfs_name(char *na
5312 /* Override them by options set on kernel command-line */
5313 root_nfs_parse(name, buf);
5314
5315 - cp = system_utsname.nodename;
5316 + cp = vx_new_uts(nodename);
5317 if (strlen(buf) + strlen(cp) > NFS_MAXPATHLEN) {
5318 printk(KERN_ERR "Root-NFS: Pathname for remote directory too long.\n");
5319 return -1;
5320 Index: vserver-sources-2.6.16_2.0.2/fs/nfsd/auth.c
5321 ===================================================================
5322 --- vserver-sources-2.6.16_2.0.2.orig/fs/nfsd/auth.c
5323 +++ vserver-sources-2.6.16_2.0.2/fs/nfsd/auth.c
5324 @@ -9,6 +9,7 @@
5325 #include <linux/sunrpc/svc.h>
5326 #include <linux/sunrpc/svcauth.h>
5327 #include <linux/nfsd/nfsd.h>
5328 +#include <linux/vserver/xid.h>
5329
5330 #define CAP_NFSD_MASK (CAP_FS_MASK|CAP_TO_MASK(CAP_SYS_RESOURCE))
5331
5332 @@ -42,18 +43,20 @@ int nfsd_setuser(struct svc_rqst *rqstp,
5333 }
5334
5335 if (cred->cr_uid != (uid_t) -1)
5336 - current->fsuid = cred->cr_uid;
5337 + current->fsuid = INOXID_UID(XID_TAG_NFSD, cred->cr_uid, cred->cr_gid);
5338 else
5339 current->fsuid = exp->ex_anon_uid;
5340 if (cred->cr_gid != (gid_t) -1)
5341 - current->fsgid = cred->cr_gid;
5342 + current->fsgid = INOXID_GID(XID_TAG_NFSD, cred->cr_uid, cred->cr_gid);
5343 else
5344 current->fsgid = exp->ex_anon_gid;
5345
5346 + current->xid = INOXID_XID(XID_TAG_NFSD, cred->cr_uid, cred->cr_gid, 0);
5347 +
5348 if (!cred->cr_group_info)
5349 return -ENOMEM;
5350 ret = set_current_groups(cred->cr_group_info);
5351 - if ((cred->cr_uid)) {
5352 + if (INOXID_UID(XID_TAG_NFSD, cred->cr_uid, cred->cr_gid)) {
5353 cap_t(current->cap_effective) &= ~CAP_NFSD_MASK;
5354 } else {
5355 cap_t(current->cap_effective) |= (CAP_NFSD_MASK &
5356 Index: vserver-sources-2.6.16_2.0.2/fs/nfsd/nfs3xdr.c
5357 ===================================================================
5358 --- vserver-sources-2.6.16_2.0.2.orig/fs/nfsd/nfs3xdr.c
5359 +++ vserver-sources-2.6.16_2.0.2/fs/nfsd/nfs3xdr.c
5360 @@ -21,6 +21,7 @@
5361 #include <linux/sunrpc/svc.h>
5362 #include <linux/nfsd/nfsd.h>
5363 #include <linux/nfsd/xdr3.h>
5364 +#include <linux/vserver/xid.h>
5365
5366 #define NFSDDBG_FACILITY NFSDDBG_XDR
5367
5368 @@ -111,6 +112,8 @@ static inline u32 *
5369 decode_sattr3(u32 *p, struct iattr *iap)
5370 {
5371 u32 tmp;
5372 + uid_t uid = 0;
5373 + gid_t gid = 0;
5374
5375 iap->ia_valid = 0;
5376
5377 @@ -120,12 +123,15 @@ decode_sattr3(u32 *p, struct iattr *iap)
5378 }
5379 if (*p++) {
5380 iap->ia_valid |= ATTR_UID;
5381 - iap->ia_uid = ntohl(*p++);
5382 + uid = ntohl(*p++);
5383 }
5384 if (*p++) {
5385 iap->ia_valid |= ATTR_GID;
5386 - iap->ia_gid = ntohl(*p++);
5387 + gid = ntohl(*p++);
5388 }
5389 + iap->ia_uid = INOXID_UID(XID_TAG_NFSD, uid, gid);
5390 + iap->ia_gid = INOXID_GID(XID_TAG_NFSD, uid, gid);
5391 + iap->ia_xid = INOXID_XID(XID_TAG_NFSD, uid, gid, 0);
5392 if (*p++) {
5393 u64 newsize;
5394
5395 @@ -163,8 +169,10 @@ encode_fattr3(struct svc_rqst *rqstp, u3
5396 *p++ = htonl(nfs3_ftypes[(stat->mode & S_IFMT) >> 12]);
5397 *p++ = htonl((u32) stat->mode);
5398 *p++ = htonl((u32) stat->nlink);
5399 - *p++ = htonl((u32) nfsd_ruid(rqstp, stat->uid));
5400 - *p++ = htonl((u32) nfsd_rgid(rqstp, stat->gid));
5401 + *p++ = htonl((u32) nfsd_ruid(rqstp,
5402 + XIDINO_UID(XID_TAG(dentry->d_inode), stat->uid, stat->xid)));
5403 + *p++ = htonl((u32) nfsd_rgid(rqstp,
5404 + XIDINO_GID(XID_TAG(dentry->d_inode), stat->gid, stat->xid)));
5405 if (S_ISLNK(stat->mode) && stat->size > NFS3_MAXPATHLEN) {
5406 p = xdr_encode_hyper(p, (u64) NFS3_MAXPATHLEN);
5407 } else {
5408 Index: vserver-sources-2.6.16_2.0.2/fs/nfsd/nfs4recover.c
5409 ===================================================================
5410 --- vserver-sources-2.6.16_2.0.2.orig/fs/nfsd/nfs4recover.c
5411 +++ vserver-sources-2.6.16_2.0.2/fs/nfsd/nfs4recover.c
5412 @@ -155,7 +155,7 @@ nfsd4_create_clid_dir(struct nfs4_client
5413 dprintk("NFSD: nfsd4_create_clid_dir: DIRECTORY EXISTS\n");
5414 goto out_put;
5415 }
5416 - status = vfs_mkdir(rec_dir.dentry->d_inode, dentry, S_IRWXU);
5417 + status = vfs_mkdir(rec_dir.dentry->d_inode, dentry, S_IRWXU, NULL);
5418 out_put:
5419 dput(dentry);
5420 out_unlock:
5421 @@ -259,7 +259,7 @@ nfsd4_remove_clid_file(struct dentry *di
5422 return -EINVAL;
5423 }
5424 mutex_lock(&dir->d_inode->i_mutex);
5425 - status = vfs_unlink(dir->d_inode, dentry);
5426 + status = vfs_unlink(dir->d_inode, dentry, NULL);
5427 mutex_unlock(&dir->d_inode->i_mutex);
5428 return status;
5429 }
5430 @@ -274,7 +274,7 @@ nfsd4_clear_clid_dir(struct dentry *dir,
5431 * a kernel from the future.... */
5432 nfsd4_list_rec_dir(dentry, nfsd4_remove_clid_file);
5433 mutex_lock(&dir->d_inode->i_mutex);
5434 - status = vfs_rmdir(dir->d_inode, dentry);
5435 + status = vfs_rmdir(dir->d_inode, dentry, NULL);
5436 mutex_unlock(&dir->d_inode->i_mutex);
5437 return status;
5438 }
5439 Index: vserver-sources-2.6.16_2.0.2/fs/nfsd/nfs4xdr.c
5440 ===================================================================
5441 --- vserver-sources-2.6.16_2.0.2.orig/fs/nfsd/nfs4xdr.c
5442 +++ vserver-sources-2.6.16_2.0.2/fs/nfsd/nfs4xdr.c
5443 @@ -57,6 +57,7 @@
5444 #include <linux/nfsd_idmap.h>
5445 #include <linux/nfs4.h>
5446 #include <linux/nfs4_acl.h>
5447 +#include <linux/vserver/xid.h>
5448
5449 #define NFSDDBG_FACILITY NFSDDBG_XDR
5450
5451 @@ -1561,14 +1562,18 @@ out_acl:
5452 WRITE32(stat.nlink);
5453 }
5454 if (bmval1 & FATTR4_WORD1_OWNER) {
5455 - status = nfsd4_encode_user(rqstp, stat.uid, &p, &buflen);
5456 + status = nfsd4_encode_user(rqstp,
5457 + XIDINO_UID(XID_TAG(dentry->d_inode),
5458 + stat.uid, stat.xid), &p, &buflen);
5459 if (status == nfserr_resource)
5460 goto out_resource;
5461 if (status)
5462 goto out;
5463 }
5464 if (bmval1 & FATTR4_WORD1_OWNER_GROUP) {
5465 - status = nfsd4_encode_group(rqstp, stat.gid, &p, &buflen);
5466 + status = nfsd4_encode_group(rqstp,
5467 + XIDINO_GID(XID_TAG(dentry->d_inode),
5468 + stat.gid, stat.xid), &p, &buflen);
5469 if (status == nfserr_resource)
5470 goto out_resource;
5471 if (status)
5472 Index: vserver-sources-2.6.16_2.0.2/fs/nfsd/nfsxdr.c
5473 ===================================================================
5474 --- vserver-sources-2.6.16_2.0.2.orig/fs/nfsd/nfsxdr.c
5475 +++ vserver-sources-2.6.16_2.0.2/fs/nfsd/nfsxdr.c
5476 @@ -15,6 +15,7 @@
5477 #include <linux/nfsd/nfsd.h>
5478 #include <linux/nfsd/xdr.h>
5479 #include <linux/mm.h>
5480 +#include <linux/vserver/xid.h>
5481
5482 #define NFSDDBG_FACILITY NFSDDBG_XDR
5483
5484 @@ -102,6 +103,8 @@ static inline u32 *
5485 decode_sattr(u32 *p, struct iattr *iap)
5486 {
5487 u32 tmp, tmp1;
5488 + uid_t uid = 0;
5489 + gid_t gid = 0;
5490
5491 iap->ia_valid = 0;
5492
5493 @@ -115,12 +118,15 @@ decode_sattr(u32 *p, struct iattr *iap)
5494 }
5495 if ((tmp = ntohl(*p++)) != (u32)-1) {
5496 iap->ia_valid |= ATTR_UID;
5497 - iap->ia_uid = tmp;
5498 + uid = tmp;
5499 }
5500 if ((tmp = ntohl(*p++)) != (u32)-1) {
5501 iap->ia_valid |= ATTR_GID;
5502 - iap->ia_gid = tmp;
5503 + gid = tmp;
5504 }
5505 + iap->ia_uid = INOXID_UID(XID_TAG_NFSD, uid, gid);
5506 + iap->ia_gid = INOXID_GID(XID_TAG_NFSD, uid, gid);
5507 + iap->ia_xid = INOXID_XID(XID_TAG_NFSD, uid, gid, 0);
5508 if ((tmp = ntohl(*p++)) != (u32)-1) {
5509 iap->ia_valid |= ATTR_SIZE;
5510 iap->ia_size = tmp;
5511 @@ -164,8 +170,10 @@ encode_fattr(struct svc_rqst *rqstp, u32
5512 *p++ = htonl(nfs_ftypes[type >> 12]);
5513 *p++ = htonl((u32) stat->mode);
5514 *p++ = htonl((u32) stat->nlink);
5515 - *p++ = htonl((u32) nfsd_ruid(rqstp, stat->uid));
5516 - *p++ = htonl((u32) nfsd_rgid(rqstp, stat->gid));
5517 + *p++ = htonl((u32) nfsd_ruid(rqstp,
5518 + XIDINO_UID(XID_TAG(dentry->d_inode), stat->uid, stat->xid)));
5519 + *p++ = htonl((u32) nfsd_rgid(rqstp,
5520 + XIDINO_GID(XID_TAG(dentry->d_inode), stat->gid, stat->xid)));
5521
5522 if (S_ISLNK(type) && stat->size > NFS_MAXPATHLEN) {
5523 *p++ = htonl(NFS_MAXPATHLEN);
5524 Index: vserver-sources-2.6.16_2.0.2/fs/nfsd/vfs.c
5525 ===================================================================
5526 --- vserver-sources-2.6.16_2.0.2.orig/fs/nfsd/vfs.c
5527 +++ vserver-sources-2.6.16_2.0.2/fs/nfsd/vfs.c
5528 @@ -1160,13 +1160,13 @@ nfsd_create(struct svc_rqst *rqstp, stru
5529 err = vfs_create(dirp, dchild, iap->ia_mode, NULL);
5530 break;
5531 case S_IFDIR:
5532 - err = vfs_mkdir(dirp, dchild, iap->ia_mode);
5533 + err = vfs_mkdir(dirp, dchild, iap->ia_mode, NULL);
5534 break;
5535 case S_IFCHR:
5536 case S_IFBLK:
5537 case S_IFIFO:
5538 case S_IFSOCK:
5539 - err = vfs_mknod(dirp, dchild, iap->ia_mode, rdev);
5540 + err = vfs_mknod(dirp, dchild, iap->ia_mode, rdev, NULL);
5541 break;
5542 default:
5543 printk("nfsd: bad file type %o in nfsd_create\n", type);
5544 @@ -1446,11 +1446,13 @@ nfsd_symlink(struct svc_rqst *rqstp, str
5545 else {
5546 strncpy(path_alloced, path, plen);
5547 path_alloced[plen] = 0;
5548 - err = vfs_symlink(dentry->d_inode, dnew, path_alloced, mode);
5549 + err = vfs_symlink(dentry->d_inode, dnew,
5550 + path_alloced, mode, NULL);
5551 kfree(path_alloced);
5552 }
5553 } else
5554 - err = vfs_symlink(dentry->d_inode, dnew, path, mode);
5555 + err = vfs_symlink(dentry->d_inode, dnew,
5556 + path, mode, NULL);
5557
5558 if (!err)
5559 if (EX_ISSYNC(fhp->fh_export))
5560 @@ -1508,7 +1510,7 @@ nfsd_link(struct svc_rqst *rqstp, struct
5561 dold = tfhp->fh_dentry;
5562 dest = dold->d_inode;
5563
5564 - err = vfs_link(dold, dirp, dnew);
5565 + err = vfs_link(dold, dirp, dnew, NULL);
5566 if (!err) {
5567 if (EX_ISSYNC(ffhp->fh_export)) {
5568 err = nfserrno(nfsd_sync_dir(ddir));
5569 @@ -1670,9 +1672,9 @@ nfsd_unlink(struct svc_rqst *rqstp, stru
5570 err = -EPERM;
5571 } else
5572 #endif
5573 - err = vfs_unlink(dirp, rdentry);
5574 + err = vfs_unlink(dirp, rdentry, NULL);
5575 } else { /* It's RMDIR */
5576 - err = vfs_rmdir(dirp, rdentry);
5577 + err = vfs_rmdir(dirp, rdentry, NULL);
5578 }
5579
5580 dput(rdentry);
5581 @@ -1781,7 +1783,8 @@ nfsd_permission(struct svc_export *exp,
5582 */
5583 if (!(acc & MAY_LOCAL_ACCESS))
5584 if (acc & (MAY_WRITE | MAY_SATTR | MAY_TRUNC)) {
5585 - if (EX_RDONLY(exp) || IS_RDONLY(inode))
5586 + if (EX_RDONLY(exp) || IS_RDONLY(inode)
5587 + || MNT_IS_RDONLY(exp->ex_mnt))
5588 return nfserr_rofs;
5589 if (/* (acc & MAY_WRITE) && */ IS_IMMUTABLE(inode))
5590 return nfserr_perm;
5591 Index: vserver-sources-2.6.16_2.0.2/fs/open.c
5592 ===================================================================
5593 --- vserver-sources-2.6.16_2.0.2.orig/fs/open.c
5594 +++ vserver-sources-2.6.16_2.0.2/fs/open.c
5595 @@ -27,6 +27,9 @@
5596 #include <linux/pagemap.h>
5597 #include <linux/syscalls.h>
5598 #include <linux/rcupdate.h>
5599 +#include <linux/vs_limit.h>
5600 +#include <linux/vs_dlimit.h>
5601 +#include <linux/vserver/xid.h>
5602
5603 #include <asm/unistd.h>
5604
5605 @@ -45,6 +48,8 @@ int vfs_statfs(struct super_block *sb, s
5606 if (retval == 0 && buf->f_frsize == 0)
5607 buf->f_frsize = buf->f_bsize;
5608 }
5609 + if (!vx_check(0, VX_ADMIN|VX_WATCH))
5610 + vx_vsi_statfs(sb, buf);
5611 }
5612 return retval;
5613 }
5614 @@ -248,7 +253,7 @@ static long do_sys_truncate(const char _
5615 goto dput_and_out;
5616
5617 error = -EROFS;
5618 - if (IS_RDONLY(inode))
5619 + if (IS_RDONLY(inode) || MNT_IS_RDONLY(nd.mnt))
5620 goto dput_and_out;
5621
5622 error = -EPERM;
5623 @@ -372,7 +377,7 @@ asmlinkage long sys_utime(char __user *
5624 inode = nd.dentry->d_inode;
5625
5626 error = -EROFS;
5627 - if (IS_RDONLY(inode))
5628 + if (IS_RDONLY(inode) || MNT_IS_RDONLY(nd.mnt))
5629 goto dput_and_out;
5630
5631 /* Don't worry, the checks are done in inode_change_ok() */
5632 @@ -429,7 +434,7 @@ long do_utimes(int dfd, char __user *fil
5633 inode = nd.dentry->d_inode;
5634
5635 error = -EROFS;
5636 - if (IS_RDONLY(inode))
5637 + if (IS_RDONLY(inode) || MNT_IS_RDONLY(nd.mnt))
5638 goto dput_and_out;
5639
5640 /* Don't worry, the checks are done in inode_change_ok() */
5641 @@ -516,7 +521,8 @@ asmlinkage long sys_faccessat(int dfd, c
5642 if (!res) {
5643 res = vfs_permission(&nd, mode);
5644 /* SuS v2 requires we report a read only fs too */
5645 - if(!res && (mode & S_IWOTH) && IS_RDONLY(nd.dentry->d_inode)
5646 + if(!res && (mode & S_IWOTH)
5647 + && (IS_RDONLY(nd.dentry->d_inode) || MNT_IS_RDONLY(nd.mnt))
5648 && !special_file(nd.dentry->d_inode->i_mode))
5649 res = -EROFS;
5650 path_release(&nd);
5651 @@ -627,7 +633,7 @@ asmlinkage long sys_fchmod(unsigned int
5652 inode = dentry->d_inode;
5653
5654 err = -EROFS;
5655 - if (IS_RDONLY(inode))
5656 + if (IS_RDONLY(inode) || MNT_IS_RDONLY(file->f_vfsmnt))
5657 goto out_putf;
5658 err = -EPERM;
5659 if (IS_IMMUTABLE(inode) || IS_APPEND(inode))
5660 @@ -660,7 +666,7 @@ asmlinkage long sys_fchmodat(int dfd, co
5661 inode = nd.dentry->d_inode;
5662
5663 error = -EROFS;
5664 - if (IS_RDONLY(inode))
5665 + if (IS_RDONLY(inode) || MNT_IS_RDONLY(nd.mnt))
5666 goto dput_and_out;
5667
5668 error = -EPERM;
5669 @@ -686,7 +692,8 @@ asmlinkage long sys_chmod(const char __u
5670 return sys_fchmodat(AT_FDCWD, filename, mode);
5671 }
5672
5673 -static int chown_common(struct dentry * dentry, uid_t user, gid_t group)
5674 +static int chown_common(struct dentry *dentry, struct vfsmount *mnt,
5675 + uid_t user, gid_t group)
5676 {
5677 struct inode * inode;
5678 int error;
5679 @@ -698,7 +705,7 @@ static int chown_common(struct dentry *
5680 goto out;
5681 }
5682 error = -EROFS;
5683 - if (IS_RDONLY(inode))
5684 + if (IS_RDONLY(inode) || MNT_IS_RDONLY(mnt))
5685 goto out;
5686 error = -EPERM;
5687 if (IS_IMMUTABLE(inode) || IS_APPEND(inode))
5688 @@ -706,11 +713,11 @@ static int chown_common(struct dentry *
5689 newattrs.ia_valid = ATTR_CTIME;
5690 if (user != (uid_t) -1) {
5691 newattrs.ia_valid |= ATTR_UID;
5692 - newattrs.ia_uid = user;
5693 + newattrs.ia_uid = vx_map_uid(user);
5694 }
5695 if (group != (gid_t) -1) {
5696 newattrs.ia_valid |= ATTR_GID;
5697 - newattrs.ia_gid = group;
5698 + newattrs.ia_gid = vx_map_gid(group);
5699 }
5700 if (!S_ISDIR(inode->i_mode))
5701 newattrs.ia_valid |= ATTR_KILL_SUID|ATTR_KILL_SGID;
5702 @@ -728,7 +735,7 @@ asmlinkage long sys_chown(const char __u
5703
5704 error = user_path_walk(filename, &nd);
5705 if (!error) {
5706 - error = chown_common(nd.dentry, user, group);
5707 + error = chown_common(nd.dentry, nd.mnt, user, group);
5708 path_release(&nd);
5709 }
5710 return error;
5711 @@ -747,7 +754,7 @@ asmlinkage long sys_fchownat(int dfd, co
5712 follow = (flag & AT_SYMLINK_NOFOLLOW) ? 0 : LOOKUP_FOLLOW;
5713 error = __user_walk_fd(dfd, filename, follow, &nd);
5714 if (!error) {
5715 - error = chown_common(nd.dentry, user, group);
5716 + error = chown_common(nd.dentry, nd.mnt, user, group);
5717 path_release(&nd);
5718 }
5719 out:
5720 @@ -761,7 +768,7 @@ asmlinkage long sys_lchown(const char __
5721
5722 error = user_path_walk_link(filename, &nd);
5723 if (!error) {
5724 - error = chown_common(nd.dentry, user, group);
5725 + error = chown_common(nd.dentry, nd.mnt, user, group);
5726 path_release(&nd);
5727 }
5728 return error;
5729 @@ -775,7 +782,7 @@ asmlinkage long sys_fchown(unsigned int
5730
5731 file = fget(fd);
5732 if (file) {
5733 - error = chown_common(file->f_dentry, user, group);
5734 + error = chown_common(file->f_dentry, file->f_vfsmnt, user, group);
5735 fput(file);
5736 }
5737 return error;
5738 @@ -999,6 +1006,7 @@ repeat:
5739 FD_SET(fd, fdt->open_fds);
5740 FD_CLR(fd, fdt->close_on_exec);
5741 fdt->next_fd = fd + 1;
5742 + vx_openfd_inc(fd);
5743 #if 1
5744 /* Sanity check */
5745 if (fdt->fd[fd] != NULL) {
5746 @@ -1021,6 +1029,7 @@ static void __put_unused_fd(struct files
5747 __FD_CLR(fd, fdt->open_fds);
5748 if (fd < fdt->next_fd)
5749 fdt->next_fd = fd;
5750 + vx_openfd_dec(fd);
5751 }
5752
5753 void fastcall put_unused_fd(unsigned int fd)
5754 Index: vserver-sources-2.6.16_2.0.2/fs/proc/array.c
5755 ===================================================================
5756 --- vserver-sources-2.6.16_2.0.2.orig/fs/proc/array.c
5757 +++ vserver-sources-2.6.16_2.0.2/fs/proc/array.c
5758 @@ -75,6 +75,9 @@
5759 #include <linux/times.h>
5760 #include <linux/cpuset.h>
5761 #include <linux/rcupdate.h>
5762 +#include <linux/vs_context.h>
5763 +#include <linux/vs_network.h>
5764 +#include <linux/vs_cvirt.h>
5765
5766 #include <asm/uaccess.h>
5767 #include <asm/pgtable.h>
5768 @@ -135,7 +138,9 @@ static const char *task_state_array[] =
5769 "T (stopped)", /* 4 */
5770 "T (tracing stop)", /* 8 */
5771 "Z (zombie)", /* 16 */
5772 - "X (dead)" /* 32 */
5773 + "X (dead)", /* 32 */
5774 + "N (noninteractive)", /* 64 */
5775 + "H (on hold)" /* 128 */
5776 };
5777
5778 static inline const char * get_task_state(struct task_struct *tsk)
5779 @@ -144,7 +149,8 @@ static inline const char * get_task_stat
5780 TASK_INTERRUPTIBLE |
5781 TASK_UNINTERRUPTIBLE |
5782 TASK_STOPPED |
5783 - TASK_TRACED)) |
5784 + TASK_TRACED |
5785 + TASK_ONHOLD)) |
5786 (tsk->exit_state & (EXIT_ZOMBIE |
5787 EXIT_DEAD));
5788 const char **p = &task_state_array[0];
5789 @@ -161,8 +167,13 @@ static inline char * task_state(struct t
5790 struct group_info *group_info;
5791 int g;
5792 struct fdtable *fdt = NULL;
5793 + pid_t pid, ptgid, tppid, tgid;
5794
5795 read_lock(&tasklist_lock);
5796 + tgid = vx_map_tgid(p->tgid);
5797 + pid = vx_map_pid(p->pid);
5798 + ptgid = vx_map_pid(p->group_leader->real_parent->tgid);
5799 + tppid = vx_map_pid(p->parent->pid);
5800 buffer += sprintf(buffer,
5801 "State:\t%s\n"
5802 "SleepAVG:\t%lu%%\n"
5803 @@ -174,9 +185,8 @@ static inline char * task_state(struct t
5804 "Gid:\t%d\t%d\t%d\t%d\n",
5805 get_task_state(p),
5806 (p->sleep_avg/1024)*100/(1020000000/1024),
5807 - p->tgid,
5808 - p->pid, pid_alive(p) ? p->group_leader->real_parent->tgid : 0,
5809 - pid_alive(p) && p->ptrace ? p->parent->pid : 0,
5810 + tgid, pid, (pid > 1) ? ptgid : 0,
5811 + pid_alive(p) && p->ptrace ? tppid : 0,
5812 p->uid, p->euid, p->suid, p->fsuid,
5813 p->gid, p->egid, p->sgid, p->fsgid);
5814 read_unlock(&tasklist_lock);
5815 @@ -296,6 +306,12 @@ static inline char *task_cap(struct task
5816 int proc_pid_status(struct task_struct *task, char * buffer)
5817 {
5818 char * orig = buffer;
5819 +#ifdef CONFIG_VSERVER_LEGACY
5820 + struct vx_info *vxi;
5821 +#endif
5822 +#ifdef CONFIG_VSERVER_LEGACYNET
5823 + struct nx_info *nxi;
5824 +#endif
5825 struct mm_struct *mm = get_task_mm(task);
5826
5827 buffer = task_name(task, buffer);
5828 @@ -308,6 +324,46 @@ int proc_pid_status(struct task_struct *
5829 buffer = task_sig(task, buffer);
5830 buffer = task_cap(task, buffer);
5831 buffer = cpuset_task_status_allowed(task, buffer);
5832 +
5833 + if (task_vx_flags(task, VXF_INFO_HIDE, 0))
5834 + goto skip;
5835 +#ifdef CONFIG_VSERVER_LEGACY
5836 + buffer += sprintf (buffer,"s_context: %d\n", vx_task_xid(task));
5837 + vxi = task_get_vx_info(task);
5838 + if (vxi) {
5839 + buffer += sprintf (buffer,"ctxflags: %08llx\n"
5840 + ,(unsigned long long)vxi->vx_flags);
5841 + buffer += sprintf (buffer,"initpid: %d\n"
5842 + ,vxi->vx_initpid);
5843 + } else {
5844 + buffer += sprintf (buffer,"ctxflags: none\n");
5845 + buffer += sprintf (buffer,"initpid: none\n");
5846 + }
5847 + put_vx_info(vxi);
5848 +#else
5849 + buffer += sprintf (buffer,"VxID: %d\n", vx_task_xid(task));
5850 +#endif
5851 +#ifdef CONFIG_VSERVER_LEGACYNET
5852 + nxi = task_get_nx_info(task);
5853 + if (nxi) {
5854 + int i;
5855 +
5856 + buffer += sprintf (buffer,"ipv4root:");
5857 + for (i=0; i<nxi->nbipv4; i++){
5858 + buffer += sprintf (buffer," %08x/%08x"
5859 + ,nxi->ipv4[i]
5860 + ,nxi->mask[i]);
5861 + }
5862 + *buffer++ = '\n';
5863 + buffer += sprintf (buffer,"ipv4root_bcast: %08x\n"
5864 + ,nxi->v4_bcast);
5865 + } else {
5866 + buffer += sprintf (buffer,"ipv4root: 0\n");
5867 + buffer += sprintf (buffer,"ipv4root_bcast: 0\n");
5868 + }
5869 + put_nx_info(nxi);
5870 +#endif
5871 +skip:
5872 #if defined(CONFIG_S390)
5873 buffer = task_show_regs(task, buffer);
5874 #endif
5875 @@ -322,7 +378,7 @@ static int do_task_stat(struct task_stru
5876 sigset_t sigign, sigcatch;
5877 char state;
5878 int res;
5879 - pid_t ppid, pgid = -1, sid = -1;
5880 + pid_t pid, ppid, pgid = -1, sid = -1;
5881 int num_threads = 0;
5882 struct mm_struct *mm;
5883 unsigned long long start_time;
5884 @@ -388,7 +444,11 @@ static int do_task_stat(struct task_stru
5885 }
5886 it_real_value = task->signal->real_timer.expires;
5887 }
5888 - ppid = pid_alive(task) ? task->group_leader->real_parent->tgid : 0;
5889 + pid = vx_info_map_pid(task->vx_info, pid_alive(task) ? task->pid : 0);
5890 + ppid = (!(pid > 1)) ? 0 : vx_info_map_tgid(task->vx_info,
5891 + task->group_leader->real_parent->tgid);
5892 + pgid = vx_info_map_pid(task->vx_info, pgid);
5893 +
5894 read_unlock(&tasklist_lock);
5895
5896 if (!whole || num_threads<2)
5897 @@ -412,10 +472,21 @@ static int do_task_stat(struct task_stru
5898 /* convert nsec -> ticks */
5899 start_time = nsec_to_clock_t(start_time);
5900
5901 + /* fixup start time for virt uptime */
5902 + if (vx_flags(VXF_VIRT_UPTIME, 0)) {
5903 + unsigned long long bias =
5904 + current->vx_info->cvirt.bias_clock;
5905 +
5906 + if (start_time > bias)
5907 + start_time -= bias;
5908 + else
5909 + start_time = 0;
5910 + }
5911 +
5912 res = sprintf(buffer,"%d (%s) %c %d %d %d %d %d %lu %lu \
5913 %lu %lu %lu %lu %lu %ld %ld %ld %ld %d %ld %llu %lu %ld %lu %lu %lu %lu %lu \
5914 %lu %lu %lu %lu %lu %lu %lu %lu %d %d %lu %lu\n",
5915 - task->pid,
5916 + pid,
5917 tcomm,
5918 state,
5919 ppid,
5920 Index: vserver-sources-2.6.16_2.0.2/fs/proc/base.c
5921 ===================================================================
5922 --- vserver-sources-2.6.16_2.0.2.orig/fs/proc/base.c
5923 +++ vserver-sources-2.6.16_2.0.2/fs/proc/base.c
5924 @@ -72,6 +72,8 @@
5925 #include <linux/cpuset.h>
5926 #include <linux/audit.h>
5927 #include <linux/poll.h>
5928 +#include <linux/vs_cvirt.h>
5929 +#include <linux/vs_network.h>
5930 #include "internal.h"
5931
5932 /*
5933 @@ -121,6 +123,8 @@ enum pid_directory_inos {
5934 PROC_TGID_ATTR_EXEC,
5935 PROC_TGID_ATTR_FSCREATE,
5936 #endif
5937 + PROC_TGID_VX_INFO,
5938 + PROC_TGID_IP_INFO,
5939 #ifdef CONFIG_AUDITSYSCALL
5940 PROC_TGID_LOGINUID,
5941 #endif
5942 @@ -161,6 +165,8 @@ enum pid_directory_inos {
5943 PROC_TID_ATTR_EXEC,
5944 PROC_TID_ATTR_FSCREATE,
5945 #endif
5946 + PROC_TID_VX_INFO,
5947 + PROC_TID_IP_INFO,
5948 #ifdef CONFIG_AUDITSYSCALL
5949 PROC_TID_LOGINUID,
5950 #endif
5951 @@ -216,6 +222,8 @@ static struct pid_entry tgid_base_stuff[
5952 #ifdef CONFIG_CPUSETS
5953 E(PROC_TGID_CPUSET, "cpuset", S_IFREG|S_IRUGO),
5954 #endif
5955 + E(PROC_TGID_VX_INFO, "vinfo", S_IFREG|S_IRUGO),
5956 + E(PROC_TGID_IP_INFO, "ninfo", S_IFREG|S_IRUGO),
5957 E(PROC_TGID_OOM_SCORE, "oom_score",S_IFREG|S_IRUGO),
5958 E(PROC_TGID_OOM_ADJUST,"oom_adj", S_IFREG|S_IRUGO|S_IWUSR),
5959 #ifdef CONFIG_AUDITSYSCALL
5960 @@ -258,6 +266,8 @@ static struct pid_entry tid_base_stuff[]
5961 #ifdef CONFIG_CPUSETS
5962 E(PROC_TID_CPUSET, "cpuset", S_IFREG|S_IRUGO),
5963 #endif
5964 + E(PROC_TID_VX_INFO, "vinfo", S_IFREG|S_IRUGO),
5965 + E(PROC_TID_IP_INFO, "ninfo", S_IFREG|S_IRUGO),
5966 E(PROC_TID_OOM_SCORE, "oom_score",S_IFREG|S_IRUGO),
5967 E(PROC_TID_OOM_ADJUST, "oom_adj", S_IFREG|S_IRUGO|S_IWUSR),
5968 #ifdef CONFIG_AUDITSYSCALL
5969 @@ -537,6 +547,11 @@ static int proc_check_chroot(struct dent
5970 struct dentry *de, *base;
5971 struct vfsmount *our_vfsmnt, *mnt;
5972 int res = 0;
5973 +
5974 + /* context admin override */
5975 + if (capable(CAP_CONTEXT))
5976 + goto override;
5977 +
5978 read_lock(&current->fs->lock);
5979 our_vfsmnt = mntget(current->fs->rootmnt);
5980 base = dget(current->fs->root);
5981 @@ -546,11 +561,11 @@ static int proc_check_chroot(struct dent
5982 de = root;
5983 mnt = vfsmnt;
5984
5985 - while (vfsmnt != our_vfsmnt) {
5986 - if (vfsmnt == vfsmnt->mnt_parent)
5987 + while (mnt != our_vfsmnt) {
5988 + if (mnt == mnt->mnt_parent)
5989 goto out;
5990 - de = vfsmnt->mnt_mountpoint;
5991 - vfsmnt = vfsmnt->mnt_parent;
5992 + de = mnt->mnt_mountpoint;
5993 + mnt = mnt->mnt_parent;
5994 }
5995
5996 if (!is_subdir(de, base))
5997 @@ -560,8 +575,9 @@ static int proc_check_chroot(struct dent
5998 exit:
5999 dput(base);
6000 mntput(our_vfsmnt);
6001 +override:
6002 dput(root);
6003 - mntput(mnt);
6004 + mntput(vfsmnt);
6005 return res;
6006 out:
6007 spin_unlock(&vfsmount_lock);
6008 @@ -1221,7 +1237,7 @@ static int proc_pident_readdir(struct fi
6009 struct inode *inode = dentry->d_inode;
6010 struct pid_entry *p;
6011 ino_t ino;
6012 - int ret;
6013 + int ret, hide;
6014
6015 ret = -ENOENT;
6016 if (!pid_alive(proc_task(inode)))
6017 @@ -1252,11 +1268,20 @@ static int proc_pident_readdir(struct fi
6018 goto out;
6019 }
6020 p = ents + i;
6021 + hide = vx_flags(VXF_INFO_HIDE, 0);
6022 while (p->name) {
6023 + if (hide) {
6024 + switch (p->type) {
6025 + case PROC_TGID_VX_INFO:
6026 + case PROC_TGID_IP_INFO:
6027 + goto skip;
6028 + }
6029 + }
6030 if (filldir(dirent, p->name, p->len, filp->f_pos,
6031 fake_ino(pid, p->type), p->mode >> 12) < 0)
6032 goto out;
6033 filp->f_pos++;
6034 + skip:
6035 p++;
6036 }
6037 }
6038 @@ -1330,6 +1355,7 @@ static struct inode *proc_pid_make_inode
6039 inode->i_uid = task->euid;
6040 inode->i_gid = task->egid;
6041 }
6042 + inode->i_xid = vx_task_xid(task);
6043 security_task_to_inode(task, inode);
6044
6045 out:
6046 @@ -1355,6 +1381,11 @@ static int pid_revalidate(struct dentry
6047 {
6048 struct inode *inode = dentry->d_inode;
6049 struct task_struct *task = proc_task(inode);
6050 +
6051 + if (!vx_check(vx_task_xid(task), VX_IDENT))
6052 + goto out_drop;
6053 + /* discard wrong fakeinit */
6054 +
6055 if (pid_alive(task)) {
6056 if (proc_type(inode) == PROC_TGID_INO || proc_type(inode) == PROC_TID_INO || task_dumpable(task)) {
6057 inode->i_uid = task->euid;
6058 @@ -1366,6 +1397,7 @@ static int pid_revalidate(struct dentry
6059 security_task_to_inode(task, inode);
6060 return 1;
6061 }
6062 +out_drop:
6063 d_drop(dentry);
6064 return 0;
6065 }
6066 @@ -1600,6 +1632,9 @@ static struct file_operations proc_tgid_
6067 static struct inode_operations proc_tgid_attr_inode_operations;
6068 #endif
6069
6070 +extern int proc_pid_vx_info(struct task_struct *, char *);
6071 +extern int proc_pid_nx_info(struct task_struct *, char *);
6072 +
6073 static int get_tid_list(int index, unsigned int *tids, struct inode *dir);
6074
6075 /* SMP-safe */
6076 @@ -1787,15 +1822,33 @@ static struct dentry *proc_pident_lookup
6077 inode->i_fop = &proc_loginuid_operations;
6078 break;
6079 #endif
6080 + case PROC_TID_VX_INFO:
6081 + case PROC_TGID_VX_INFO:
6082 + if (task_vx_flags(task, VXF_INFO_HIDE, 0))
6083 + goto out_noent;
6084 + inode->i_fop = &proc_info_file_operations;
6085 + ei->op.proc_read = proc_pid_vx_info;
6086 + break;
6087 + case PROC_TID_IP_INFO:
6088 + case PROC_TGID_IP_INFO:
6089 + if (task_vx_flags(task, VXF_INFO_HIDE, 0))
6090 + goto out_noent;
6091 + inode->i_fop = &proc_info_file_operations;
6092 + ei->op.proc_read = proc_pid_nx_info;
6093 + break;
6094 default:
6095 printk("procfs: impossible type (%d)",p->type);
6096 - iput(inode);
6097 - return ERR_PTR(-EINVAL);
6098 + error = -EINVAL;
6099 + goto out_put;
6100 }
6101 dentry->d_op = &pid_dentry_operations;
6102 d_add(dentry, inode);
6103 return NULL;
6104
6105 +out_noent:
6106 + error=-ENOENT;
6107 +out_put:
6108 + iput(inode);
6109 out:
6110 return ERR_PTR(error);
6111 }
6112 @@ -1879,14 +1932,14 @@ static int proc_self_readlink(struct den
6113 int buflen)
6114 {
6115 char tmp[30];
6116 - sprintf(tmp, "%d", current->tgid);
6117 + sprintf(tmp, "%d", vx_map_tgid(current->tgid));
6118 return vfs_readlink(dentry,buffer,buflen,tmp);
6119 }
6120
6121 static void *proc_self_follow_link(struct dentry *dentry, struct nameidata *nd)
6122 {
6123 char tmp[30];
6124 - sprintf(tmp, "%d", current->tgid);
6125 + sprintf(tmp, "%d", vx_map_tgid(current->tgid));
6126 return ERR_PTR(vfs_follow_link(nd,tmp));
6127 }
6128
6129 @@ -1949,6 +2002,20 @@ void proc_pid_flush(struct dentry *proc_
6130 }
6131 }
6132
6133 +#define VXF_FAKE_INIT (VXF_INFO_INIT|VXF_STATE_INIT)
6134 +
6135 +static inline int proc_pid_visible(struct task_struct *task, int pid)
6136 +{
6137 + if ((pid == 1) &&
6138 + !vx_flags(VXF_FAKE_INIT, VXF_FAKE_INIT))
6139 + goto visible;
6140 + if (vx_check(vx_task_xid(task), VX_WATCH|VX_IDENT))
6141 + goto visible;
6142 + return 0;
6143 +visible:
6144 + return 1;
6145 +}
6146 +
6147 /* SMP-safe */
6148 struct dentry *proc_pid_lookup(struct inode *dir, struct dentry * dentry, struct nameidata *nd)
6149 {
6150 @@ -1985,13 +2052,14 @@ struct dentry *proc_pid_lookup(struct in
6151 if (!task)
6152 goto out;
6153
6154 - inode = proc_pid_make_inode(dir->i_sb, task, PROC_TGID_INO);
6155 + /* check for context visibility */
6156 + if (!proc_pid_visible(task, tgid))
6157 + goto out_drop_task;
6158
6159 + inode = proc_pid_make_inode(dir->i_sb, task, PROC_TGID_INO);
6160 + if (!inode)
6161 + goto out_drop_task;
6162
6163 - if (!inode) {
6164 - put_task_struct(task);
6165 - goto out;
6166 - }
6167 inode->i_mode = S_IFDIR|S_IRUGO|S_IXUGO;
6168 inode->i_op = &proc_tgid_base_inode_operations;
6169 inode->i_fop = &proc_tgid_base_operations;
6170 @@ -2020,6 +2088,8 @@ struct dentry *proc_pid_lookup(struct in
6171 goto out;
6172 }
6173 return NULL;
6174 +out_drop_task:
6175 + put_task_struct(task);
6176 out:
6177 return ERR_PTR(-ENOENT);
6178 }
6179 @@ -2035,6 +2105,8 @@ static struct dentry *proc_task_lookup(s
6180 tid = name_to_int(dentry);
6181 if (tid == ~0U)
6182 goto out;
6183 + if (vx_current_initpid(tid))
6184 + goto out;
6185
6186 read_lock(&tasklist_lock);
6187 task = find_task_by_pid(tid);
6188 @@ -2046,11 +2118,14 @@ static struct dentry *proc_task_lookup(s
6189 if (leader->tgid != task->tgid)
6190 goto out_drop_task;
6191
6192 - inode = proc_pid_make_inode(dir->i_sb, task, PROC_TID_INO);
6193 -
6194 + /* check for context visibility */
6195 + if (!proc_pid_visible(task, tid))
6196 + goto out_drop_task;
6197
6198 + inode = proc_pid_make_inode(dir->i_sb, task, PROC_TID_INO);
6199 if (!inode)
6200 goto out_drop_task;
6201 +
6202 inode->i_mode = S_IFDIR|S_IRUGO|S_IXUGO;
6203 inode->i_op = &proc_tid_base_inode_operations;
6204 inode->i_fop = &proc_tid_base_operations;
6205 @@ -2090,7 +2165,7 @@ static int get_tgid_list(int index, unsi
6206 read_lock(&tasklist_lock);
6207 p = NULL;
6208 if (version) {
6209 - p = find_task_by_pid(version);
6210 + p = find_task_by_real_pid(version);
6211 if (p && !thread_group_leader(p))
6212 p = NULL;
6213 }
6214 @@ -2102,11 +2177,15 @@ static int get_tgid_list(int index, unsi
6215
6216 for ( ; p != &init_task; p = next_task(p)) {
6217 int tgid = p->pid;
6218 +
6219 if (!pid_alive(p))
6220 continue;
6221 + /* check for context visibility */
6222 + if (!proc_pid_visible(p, tgid))
6223 + continue;
6224 if (--index >= 0)
6225 continue;
6226 - tgids[nr_tgids] = tgid;
6227 + tgids[nr_tgids] = vx_map_tgid(tgid);
6228 nr_tgids++;
6229 if (nr_tgids >= PROC_MAXPIDS)
6230 break;
6231 @@ -2136,10 +2215,13 @@ static int get_tid_list(int index, unsig
6232 if (pid_alive(task)) do {
6233 int tid = task->pid;
6234
6235 + /* check for context visibility */
6236 + if (!proc_pid_visible(task, tid))
6237 + continue;
6238 if (--index >= 0)
6239 continue;
6240 if (tids != NULL)
6241 - tids[nr_tids] = tid;
6242 + tids[nr_tids] = vx_map_pid(tid);
6243 nr_tids++;
6244 if (nr_tids >= PROC_MAXPIDS)
6245 break;
6246 @@ -2215,11 +2297,14 @@ static int proc_task_readdir(struct file
6247 unsigned int nr_tids, i;
6248 struct dentry *dentry = filp->f_dentry;
6249 struct inode *inode = dentry->d_inode;
6250 + struct task_struct *task = proc_task(inode);
6251 int retval = -ENOENT;
6252 ino_t ino;
6253 unsigned long pos = filp->f_pos; /* avoiding "long long" filp->f_pos */
6254
6255 - if (!pid_alive(proc_task(inode)))
6256 + if (!vx_check(vx_task_xid(task), VX_WATCH|VX_IDENT))
6257 + goto out;
6258 + if (!pid_alive(task))
6259 goto out;
6260 retval = 0;
6261
6262 Index: vserver-sources-2.6.16_2.0.2/fs/proc/generic.c
6263 ===================================================================
6264 --- vserver-sources-2.6.16_2.0.2.orig/fs/proc/generic.c
6265 +++ vserver-sources-2.6.16_2.0.2/fs/proc/generic.c
6266 @@ -19,6 +19,7 @@
6267 #include <linux/idr.h>
6268 #include <linux/namei.h>
6269 #include <linux/bitops.h>
6270 +#include <linux/vserver/inode.h>
6271 #include <asm/uaccess.h>
6272
6273 #include "internal.h"
6274 @@ -385,11 +386,15 @@ struct dentry *proc_lookup(struct inode
6275 for (de = de->subdir; de ; de = de->next) {
6276 if (de->namelen != dentry->d_name.len)
6277 continue;
6278 + if (!vx_hide_check(0, de->vx_flags))
6279 + continue;
6280 if (!memcmp(dentry->d_name.name, de->name, de->namelen)) {
6281 unsigned int ino = de->low_ino;
6282
6283 error = -EINVAL;
6284 inode = proc_get_inode(dir->i_sb, ino, de);
6285 + /* generic proc entries belong to the host */
6286 + inode->i_xid = 0;
6287 break;
6288 }
6289 }
6290 @@ -461,9 +466,12 @@ int proc_readdir(struct file * filp,
6291 }
6292
6293 do {
6294 + if (!vx_hide_check(0, de->vx_flags))
6295 + goto skip;
6296 if (filldir(dirent, de->name, de->namelen, filp->f_pos,
6297 de->low_ino, de->mode >> 12) < 0)
6298 goto out;
6299 + skip:
6300 filp->f_pos++;
6301 de = de->next;
6302 } while (de);
6303 @@ -581,6 +589,7 @@ static struct proc_dir_entry *proc_creat
6304 ent->namelen = len;
6305 ent->mode = mode;
6306 ent->nlink = nlink;
6307 + ent->vx_flags = IATTR_PROC_DEFAULT;
6308 out:
6309 return ent;
6310 }
6311 @@ -601,7 +610,8 @@ struct proc_dir_entry *proc_symlink(cons
6312 kfree(ent->data);
6313 kfree(ent);
6314 ent = NULL;
6315 - }
6316 + } else
6317 + ent->vx_flags = IATTR_PROC_SYMLINK;
6318 } else {
6319 kfree(ent);
6320 ent = NULL;
6321 Index: vserver-sources-2.6.16_2.0.2/fs/proc/inode.c
6322 ===================================================================
6323 --- vserver-sources-2.6.16_2.0.2.orig/fs/proc/inode.c
6324 +++ vserver-sources-2.6.16_2.0.2/fs/proc/inode.c
6325 @@ -170,6 +170,8 @@ struct inode *proc_get_inode(struct supe
6326 inode->i_uid = de->uid;
6327 inode->i_gid = de->gid;
6328 }
6329 + if (de->vx_flags)
6330 + PROC_I(inode)->vx_flags = de->vx_flags;
6331 if (de->size)
6332 inode->i_size = de->size;
6333 if (de->nlink)
6334 Index: vserver-sources-2.6.16_2.0.2/fs/proc/proc_misc.c
6335 ===================================================================
6336 --- vserver-sources-2.6.16_2.0.2.orig/fs/proc/proc_misc.c
6337 +++ vserver-sources-2.6.16_2.0.2/fs/proc/proc_misc.c
6338 @@ -53,6 +53,8 @@
6339 #include <asm/div64.h>
6340 #include "internal.h"
6341
6342 +#include <linux/vs_cvirt.h>
6343 +
6344 #define LOAD_INT(x) ((x) >> FSHIFT)
6345 #define LOAD_FRAC(x) LOAD_INT(((x) & (FIXED_1-1)) * 100)
6346 /*
6347 @@ -82,17 +84,32 @@ static int proc_calc_metrics(char *page,
6348 static int loadavg_read_proc(char *page, char **start, off_t off,
6349 int count, int *eof, void *data)
6350 {
6351 + unsigned int running, threads;
6352 int a, b, c;
6353 int len;
6354
6355 - a = avenrun[0] + (FIXED_1/200);
6356 - b = avenrun[1] + (FIXED_1/200);
6357 - c = avenrun[2] + (FIXED_1/200);
6358 - len = sprintf(page,"%d.%02d %d.%02d %d.%02d %ld/%d %d\n",
6359 + if (vx_flags(VXF_VIRT_LOAD, 0)) {
6360 + struct vx_info *vxi = current->vx_info;
6361 +
6362 + a = vxi->cvirt.load[0] + (FIXED_1/200);
6363 + b = vxi->cvirt.load[1] + (FIXED_1/200);
6364 + c = vxi->cvirt.load[2] + (FIXED_1/200);
6365 +
6366 + running = atomic_read(&vxi->cvirt.nr_running);
6367 + threads = atomic_read(&vxi->cvirt.nr_threads);
6368 + } else {
6369 + a = avenrun[0] + (FIXED_1/200);
6370 + b = avenrun[1] + (FIXED_1/200);
6371 + c = avenrun[2] + (FIXED_1/200);
6372 +
6373 + running = nr_running();
6374 + threads = nr_threads;
6375 + }
6376 + len = sprintf(page,"%d.%02d %d.%02d %d.%02d %d/%d %d\n",
6377 LOAD_INT(a), LOAD_FRAC(a),
6378 LOAD_INT(b), LOAD_FRAC(b),
6379 LOAD_INT(c), LOAD_FRAC(c),
6380 - nr_running(), nr_threads, last_pid);
6381 + running, threads, last_pid);
6382 return proc_calc_metrics(page, start, off, count, eof, len);
6383 }
6384
6385 @@ -106,6 +123,9 @@ static int uptime_read_proc(char *page,
6386
6387 do_posix_clock_monotonic_gettime(&uptime);
6388 cputime_to_timespec(idletime, &idle);
6389 + if (vx_flags(VXF_VIRT_UPTIME, 0))