diff -NurpP --minimal linux-2.4.23-vs1.21/Makefile linux-2.4.23-vs1.3.0/Makefile --- linux-2.4.23-vs1.21/Makefile Thu Dec 11 02:45:53 2003 +++ linux-2.4.23-vs1.3.0/Makefile Wed Dec 10 01:52:25 2003 @@ -1,7 +1,7 @@ VERSION = 2 PATCHLEVEL = 4 SUBLEVEL = 23 -EXTRAVERSION = -vs1.21 +EXTRAVERSION = -vs1.3.0 KERNELRELEASE=$(VERSION).$(PATCHLEVEL).$(SUBLEVEL)$(EXTRAVERSION) diff -NurpP --minimal linux-2.4.23-vs1.21/arch/alpha/kernel/ptrace.c linux-2.4.23-vs1.3.0/arch/alpha/kernel/ptrace.c --- linux-2.4.23-vs1.21/arch/alpha/kernel/ptrace.c Fri Jun 13 16:51:29 2003 +++ linux-2.4.23-vs1.3.0/arch/alpha/kernel/ptrace.c Wed Dec 10 01:52:25 2003 @@ -273,7 +273,7 @@ sys_ptrace(long request, long pid, long if (child) get_task_struct(child); read_unlock(&tasklist_lock); - if (!child) + if (!child || !vx_check(child->vx_info, VX_WATCH|VX_IDENT)) goto out_notsk; if (request == PTRACE_ATTACH) { ret = ptrace_attach(child); diff -NurpP --minimal linux-2.4.23-vs1.21/arch/i386/kernel/ptrace.c linux-2.4.23-vs1.3.0/arch/i386/kernel/ptrace.c --- linux-2.4.23-vs1.21/arch/i386/kernel/ptrace.c Thu Dec 11 00:54:56 2003 +++ linux-2.4.23-vs1.3.0/arch/i386/kernel/ptrace.c Wed Dec 10 01:52:25 2003 @@ -170,7 +170,7 @@ asmlinkage int sys_ptrace(long request, if (child) get_task_struct(child); read_unlock(&tasklist_lock); - if (!child || !vx_check(child->vx_id, VX_WATCH|VX_IDENT)) + if (!child || !vx_check(child->vx_info, VX_WATCH|VX_IDENT)) goto out; ret = -EPERM; diff -NurpP --minimal linux-2.4.23-vs1.21/arch/ia64/kernel/ptrace.c linux-2.4.23-vs1.3.0/arch/ia64/kernel/ptrace.c --- linux-2.4.23-vs1.21/arch/ia64/kernel/ptrace.c Fri Nov 28 19:26:19 2003 +++ linux-2.4.23-vs1.3.0/arch/ia64/kernel/ptrace.c Wed Dec 10 01:52:25 2003 @@ -1267,7 +1267,7 @@ sys_ptrace (long request, pid_t pid, uns get_task_struct(child); } read_unlock(&tasklist_lock); - if (!child) + if (!child || !vx_check(child->vx_info, VX_WATCH|VX_IDENT)) goto out; ret = -EPERM; if (pid == 1) /* no messing around with init! */ diff -NurpP --minimal linux-2.4.23-vs1.21/arch/m68k/kernel/ptrace.c linux-2.4.23-vs1.3.0/arch/m68k/kernel/ptrace.c --- linux-2.4.23-vs1.21/arch/m68k/kernel/ptrace.c Fri Nov 28 19:26:19 2003 +++ linux-2.4.23-vs1.3.0/arch/m68k/kernel/ptrace.c Wed Dec 10 01:52:25 2003 @@ -122,7 +122,7 @@ asmlinkage int sys_ptrace(long request, if (child) get_task_struct(child); read_unlock(&tasklist_lock); - if (!child) + if (!child || !vx_check(child->vx_info, VX_WATCH|VX_IDENT)) goto out; ret = -EPERM; diff -NurpP --minimal linux-2.4.23-vs1.21/arch/mips/kernel/ptrace.c linux-2.4.23-vs1.3.0/arch/mips/kernel/ptrace.c --- linux-2.4.23-vs1.21/arch/mips/kernel/ptrace.c Mon Aug 25 13:44:40 2003 +++ linux-2.4.23-vs1.3.0/arch/mips/kernel/ptrace.c Wed Dec 10 01:52:25 2003 @@ -67,7 +67,7 @@ asmlinkage int sys_ptrace(long request, if (child) get_task_struct(child); read_unlock(&tasklist_lock); - if (!child) + if (!child || !vx_check(child->vx_info, VX_WATCH|VX_IDENT)) goto out; ret = -EPERM; diff -NurpP --minimal linux-2.4.23-vs1.21/arch/mips64/kernel/ptrace.c linux-2.4.23-vs1.3.0/arch/mips64/kernel/ptrace.c --- linux-2.4.23-vs1.21/arch/mips64/kernel/ptrace.c Mon Aug 25 13:44:40 2003 +++ linux-2.4.23-vs1.3.0/arch/mips64/kernel/ptrace.c Wed Dec 10 01:52:25 2003 @@ -311,7 +311,7 @@ asmlinkage int sys_ptrace(long request, if (child) get_task_struct(child); read_unlock(&tasklist_lock); - if (!child) + if (!child || !vx_check(child->vx_info, VX_WATCH|VX_IDENT)) goto out; ret = -EPERM; diff -NurpP --minimal linux-2.4.23-vs1.21/arch/parisc/kernel/ptrace.c linux-2.4.23-vs1.3.0/arch/parisc/kernel/ptrace.c --- linux-2.4.23-vs1.21/arch/parisc/kernel/ptrace.c Fri Nov 29 00:53:10 2002 +++ linux-2.4.23-vs1.3.0/arch/parisc/kernel/ptrace.c Wed Dec 10 01:52:25 2003 @@ -113,7 +113,7 @@ long sys_ptrace(long request, pid_t pid, if (child) get_task_struct(child); read_unlock(&tasklist_lock); - if (!child) + if (!child || !vx_check(child->vx_info, VX_WATCH|VX_IDENT)) goto out; ret = -EPERM; if (pid == 1) /* no messing around with init! */ diff -NurpP --minimal linux-2.4.23-vs1.21/arch/parisc/kernel/sys_parisc32.c linux-2.4.23-vs1.3.0/arch/parisc/kernel/sys_parisc32.c --- linux-2.4.23-vs1.21/arch/parisc/kernel/sys_parisc32.c Fri Jun 13 16:51:31 2003 +++ linux-2.4.23-vs1.3.0/arch/parisc/kernel/sys_parisc32.c Wed Dec 10 01:52:26 2003 @@ -3046,13 +3046,18 @@ asmlinkage int sys32_sysinfo(struct sysi */ cli(); - val.uptime = jiffies / HZ; + if (vx_check(0, VX_ADMIN|VX_WATCH)) { + val.uptime = jiffies / HZ; + val.procs = nr_threads-1; + } else { + struct vx_info *vxi = current->vx_info; + val.uptime = (jiffies - vxi->bias_jiffies) / HZ; + val.procs = vxi->nr_threads; + } val.loads[0] = avenrun[0] << (SI_LOAD_SHIFT - FSHIFT); val.loads[1] = avenrun[1] << (SI_LOAD_SHIFT - FSHIFT); val.loads[2] = avenrun[2] << (SI_LOAD_SHIFT - FSHIFT); - - val.procs = nr_threads-1; sti(); si_meminfo(&val); diff -NurpP --minimal linux-2.4.23-vs1.21/arch/ppc/kernel/ptrace.c linux-2.4.23-vs1.3.0/arch/ppc/kernel/ptrace.c --- linux-2.4.23-vs1.21/arch/ppc/kernel/ptrace.c Thu Dec 11 00:54:56 2003 +++ linux-2.4.23-vs1.3.0/arch/ppc/kernel/ptrace.c Wed Dec 10 01:52:25 2003 @@ -188,7 +188,7 @@ int sys_ptrace(long request, long pid, l if (child) get_task_struct(child); read_unlock(&tasklist_lock); - if (!child || !vx_check(child->vx_id, VX_WATCH|VX_IDENT)) + if (!child || !vx_check(child->vx_info, VX_WATCH|VX_IDENT)) goto out; ret = -EPERM; diff -NurpP --minimal linux-2.4.23-vs1.21/arch/ppc64/kernel/ptrace.c linux-2.4.23-vs1.3.0/arch/ppc64/kernel/ptrace.c --- linux-2.4.23-vs1.21/arch/ppc64/kernel/ptrace.c Thu Dec 11 00:54:56 2003 +++ linux-2.4.23-vs1.3.0/arch/ppc64/kernel/ptrace.c Wed Dec 10 01:52:25 2003 @@ -115,7 +115,7 @@ int sys_ptrace(long request, long pid, l if (child) get_task_struct(child); read_unlock(&tasklist_lock); - if (!child || !vx_check(child->vx_id, VX_WATCH|VX_IDENT)) + if (!child || !vx_check(child->vx_info, VX_WATCH|VX_IDENT)) goto out; ret = -EPERM; diff -NurpP --minimal linux-2.4.23-vs1.21/arch/s390/kernel/ptrace.c linux-2.4.23-vs1.3.0/arch/s390/kernel/ptrace.c --- linux-2.4.23-vs1.21/arch/s390/kernel/ptrace.c Fri Nov 29 00:53:11 2002 +++ linux-2.4.23-vs1.3.0/arch/s390/kernel/ptrace.c Wed Dec 10 01:52:25 2003 @@ -239,7 +239,7 @@ asmlinkage int sys_ptrace(long request, if (child) get_task_struct(child); read_unlock(&tasklist_lock); - if (!child) + if (!child || !vx_check(child->vx_info, VX_WATCH|VX_IDENT)) goto out; ret = -EPERM; if (pid == 1) /* you may not mess with init */ diff -NurpP --minimal linux-2.4.23-vs1.21/arch/s390x/kernel/ptrace.c linux-2.4.23-vs1.3.0/arch/s390x/kernel/ptrace.c --- linux-2.4.23-vs1.21/arch/s390x/kernel/ptrace.c Fri Nov 29 00:53:11 2002 +++ linux-2.4.23-vs1.3.0/arch/s390x/kernel/ptrace.c Wed Dec 10 01:52:25 2003 @@ -448,7 +448,7 @@ asmlinkage int sys_ptrace(long request, if (child) get_task_struct(child); read_unlock(&tasklist_lock); - if (!child) + if (!child || !vx_check(child->vx_info, VX_WATCH|VX_IDENT)) goto out; ret = -EPERM; if (pid == 1) /* you may not mess with init */ diff -NurpP --minimal linux-2.4.23-vs1.21/arch/sparc64/kernel/ptrace.c linux-2.4.23-vs1.3.0/arch/sparc64/kernel/ptrace.c --- linux-2.4.23-vs1.21/arch/sparc64/kernel/ptrace.c Thu Dec 11 00:54:56 2003 +++ linux-2.4.23-vs1.3.0/arch/sparc64/kernel/ptrace.c Wed Dec 10 01:52:25 2003 @@ -156,7 +156,7 @@ asmlinkage void do_ptrace(struct pt_regs get_task_struct(child); read_unlock(&tasklist_lock); - if (!child || !vx_check(child->vx_id, VX_WATCH|VX_IDENT)) { + if (!child || !vx_check_id(child->vx_id, VX_WATCH|VX_SAME)) { pt_error_return(regs, ESRCH); goto out; } diff -NurpP --minimal linux-2.4.23-vs1.21/arch/x86_64/kernel/ptrace.c linux-2.4.23-vs1.3.0/arch/x86_64/kernel/ptrace.c --- linux-2.4.23-vs1.21/arch/x86_64/kernel/ptrace.c Fri Jun 13 16:51:32 2003 +++ linux-2.4.23-vs1.3.0/arch/x86_64/kernel/ptrace.c Wed Dec 10 01:52:25 2003 @@ -194,7 +194,7 @@ asmlinkage long sys_ptrace(long request, if (child) get_task_struct(child); read_unlock(&tasklist_lock); - if (!child) + if (!child || !vx_check(child->vx_info, VX_WATCH|VX_IDENT)) goto out; ret = -EPERM; diff -NurpP --minimal linux-2.4.23-vs1.21/arch/x86_64/kernel/sys_x86_64.c linux-2.4.23-vs1.3.0/arch/x86_64/kernel/sys_x86_64.c --- linux-2.4.23-vs1.21/arch/x86_64/kernel/sys_x86_64.c Thu Dec 11 00:54:56 2003 +++ linux-2.4.23-vs1.3.0/arch/x86_64/kernel/sys_x86_64.c Wed Dec 10 01:52:25 2003 @@ -111,10 +111,8 @@ asmlinkage long sys_uname(struct new_uts struct new_utsname tmp, *pttmp; down_read(&uts_sem); - if (current->s_info) { - tmp = system_utsname; - strcpy (tmp.nodename, current->s_info->nodename); - strcpy (tmp.domainname, current->s_info->domainname); + if (current->vx_info) { + tmp = current->vx_info.virt.utsname; pttmp = &tmp; } else diff -NurpP --minimal linux-2.4.23-vs1.21/fs/devpts/inode.c linux-2.4.23-vs1.3.0/fs/devpts/inode.c --- linux-2.4.23-vs1.21/fs/devpts/inode.c Thu Dec 11 00:54:57 2003 +++ linux-2.4.23-vs1.3.0/fs/devpts/inode.c Wed Dec 10 01:52:26 2003 @@ -184,7 +184,7 @@ static DECLARE_FSTYPE(devpts_fs_type, "d static int devpts_tty_permission(struct inode *inode, int mask) { int ret = -EACCES; - if (vx_check(inode->u.devpts_i.vx_id, VX_IDENT)) + if (vx_check_id(inode->u.devpts_i.xid, VX_SAME)) ret = vfs_permission(inode, mask); return ret; } @@ -211,7 +211,7 @@ void devpts_pty_new(int number, kdev_t d inode->i_uid = sbi->setuid ? sbi->uid : current->fsuid; inode->i_gid = sbi->setgid ? sbi->gid : current->fsgid; inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME; - inode->u.devpts_i.vx_id = current->vx_id; + inode->u.devpts_i.xid = vx_current_id(); inode->i_op = &devpts_tty_inode_operations; init_special_inode(inode, S_IFCHR|sbi->mode, kdev_t_to_nr(device)); diff -NurpP --minimal linux-2.4.23-vs1.21/fs/devpts/root.c linux-2.4.23-vs1.3.0/fs/devpts/root.c --- linux-2.4.23-vs1.21/fs/devpts/root.c Thu Dec 11 00:54:57 2003 +++ linux-2.4.23-vs1.3.0/fs/devpts/root.c Wed Dec 10 01:52:26 2003 @@ -66,12 +66,13 @@ static int devpts_root_readdir(struct fi while ( nr - 2 < sbi->max_ptys ) { int ptynr = nr - 2; struct inode *inode = sbi->inodes[ptynr]; - if (inode && vx_check(inode->u.devpts_i.vx_id, - VX_WATCH|VX_IDENT)) { - genptsname(numbuf, ptynr); - if ( filldir(dirent, numbuf, strlen(numbuf), nr, nr, DT_CHR) < 0 ) - return 0; - } + + if (!inode || !vx_check_id(inode->u.devpts_i.xid, VX_WATCH|VX_SAME)) + goto skip; + genptsname(numbuf, ptynr); + if ( filldir(dirent, numbuf, strlen(numbuf), nr, nr, DT_CHR) < 0 ) + return 0; + skip: filp->f_pos = ++nr; } break; @@ -131,7 +132,7 @@ static struct dentry *devpts_root_lookup return NULL; inode = sbi->inodes[entry]; - if (inode && vx_check(inode->u.devpts_i.vx_id, VX_IDENT)) + if (inode && vx_check_id(inode->u.devpts_i.xid, VX_SAME)) atomic_inc(&inode->i_count); else inode = NULL; diff -NurpP --minimal linux-2.4.23-vs1.21/fs/inode.c linux-2.4.23-vs1.3.0/fs/inode.c --- linux-2.4.23-vs1.21/fs/inode.c Fri Nov 28 19:26:21 2003 +++ linux-2.4.23-vs1.3.0/fs/inode.c Wed Dec 10 01:52:25 2003 @@ -112,6 +112,7 @@ static struct inode *alloc_inode(struct inode->i_pipe = NULL; inode->i_bdev = NULL; inode->i_cdev = NULL; + inode->i_xid = vx_current_id(); mapping->a_ops = &empty_aops; mapping->host = inode; diff -NurpP --minimal linux-2.4.23-vs1.21/fs/proc/Makefile linux-2.4.23-vs1.3.0/fs/proc/Makefile --- linux-2.4.23-vs1.21/fs/proc/Makefile Wed May 9 01:41:32 2001 +++ linux-2.4.23-vs1.3.0/fs/proc/Makefile Wed Dec 10 01:52:26 2003 @@ -12,7 +12,7 @@ O_TARGET := proc.o export-objs := root.o obj-y := inode.o root.o base.o generic.o array.o \ - kmsg.o proc_tty.o proc_misc.o kcore.o + kmsg.o proc_tty.o proc_misc.o kcore.o virtual.o ifeq ($(CONFIG_PROC_DEVICETREE),y) obj-y += proc_devtree.o diff -NurpP --minimal linux-2.4.23-vs1.21/fs/proc/array.c linux-2.4.23-vs1.3.0/fs/proc/array.c --- linux-2.4.23-vs1.21/fs/proc/array.c Thu Dec 11 00:54:58 2003 +++ linux-2.4.23-vs1.3.0/fs/proc/array.c Wed Dec 10 01:52:26 2003 @@ -76,7 +76,7 @@ #include #include #include -#include +// #include /* Gcc optimizes away "strlen(x)" for constant x */ #define ADDBUF(buffer, string) \ @@ -153,8 +153,8 @@ static inline char * task_state(struct t read_lock(&tasklist_lock); ppid = p->p_opptr->pid; if (ppid != 0 - && current->s_info - && current->s_info->initpid == ppid) + && current->vx_info + && current->vx_info->vx_initpid == ppid) ppid = 1; buffer += sprintf(buffer, "State:\t%s\n" @@ -300,29 +300,18 @@ int proc_pid_status(struct task_struct * } buffer = task_sig(task, buffer); buffer = task_cap(task, buffer); - if (task->s_info) { - int i; - - buffer += sprintf (buffer,"s_context: %d [", task->vx_id); - for (i=0; is_info->vx_id[i]; - - if (ctx == 0) - break; - buffer += sprintf (buffer," %d",ctx); - } - *buffer++ = ']'; - *buffer++ = '\n'; + if (task->vx_info) { + buffer += sprintf (buffer,"s_context: %d\n", vx_task_id(task)); buffer += sprintf (buffer,"ctxticks: %d %ld %d\n" - ,atomic_read(&task->s_info->ticks) + ,atomic_read(&task->vx_info->limit.ticks) ,task->counter - ,atomic_read(&task->s_info->refcount)); + ,atomic_read(&task->vx_info->vx_refcount)); buffer += sprintf (buffer,"ctxflags: %d\n" - ,task->s_info->flags); + ,task->vx_info->vx_flags); buffer += sprintf (buffer,"initpid: %d\n" - ,task->s_info->initpid); + ,task->vx_info->vx_initpid); } else { - buffer += sprintf (buffer,"s_context: %d\n", task->vx_id); + buffer += sprintf (buffer,"s_context: %d\n", vx_task_id(task)); buffer += sprintf (buffer,"ctxticks: none\n"); buffer += sprintf (buffer,"ctxflags: none\n"); buffer += sprintf (buffer,"initpid: none\n"); @@ -398,7 +387,7 @@ int proc_pid_stat(struct task_struct *ta read_lock(&tasklist_lock); ppid = task->pid ? task->p_opptr->pid : 0; - if (current->s_info && current->s_info->initpid == ppid) + if (current->vx_info && current->vx_info->vx_initpid == ppid) ppid = 1; read_unlock(&tasklist_lock); res = sprintf(buffer,"%d (%s) %c %d %d %d %d %d %lu %lu \ diff -NurpP --minimal linux-2.4.23-vs1.21/fs/proc/base.c linux-2.4.23-vs1.3.0/fs/proc/base.c --- linux-2.4.23-vs1.21/fs/proc/base.c Thu Dec 11 00:54:59 2003 +++ linux-2.4.23-vs1.3.0/fs/proc/base.c Wed Dec 10 01:52:26 2003 @@ -774,6 +774,7 @@ static struct inode *proc_pid_make_inode inode->i_uid = task->euid; inode->i_gid = task->egid; } + inode->i_xid = vx_task_id(task); out: return inode; @@ -1078,7 +1079,7 @@ struct dentry *proc_pid_lookup(struct in if (!task) goto out; - if (pid != 1 && !vx_check(task->vx_id, VX_WATCH|VX_IDENT)) { + if (pid != 1 && !vx_check(task->vx_info, VX_WATCH|VX_IDENT)) { free_task_struct(task); goto out; } @@ -1135,10 +1136,10 @@ static int get_pid_list(int index, unsig /* send any signal either */ /* A process with security context 1 can see all processes */ - if (pid != 1 && !vx_check(p->vx_id, VX_WATCH|VX_IDENT)) + if (pid != 1 && !vx_check(p->vx_info, VX_WATCH|VX_IDENT)) continue; /* We hide the fakeinit process since we show it as process 1 */ - if (current->s_info && current->s_info->initpid == pid) + if (current->vx_info && current->vx_info->vx_initpid == pid) continue; if (--index >= 0) continue; diff -NurpP --minimal linux-2.4.23-vs1.21/fs/proc/generic.c linux-2.4.23-vs1.3.0/fs/proc/generic.c --- linux-2.4.23-vs1.21/fs/proc/generic.c Fri Nov 28 19:26:21 2003 +++ linux-2.4.23-vs1.3.0/fs/proc/generic.c Wed Dec 10 01:52:26 2003 @@ -332,9 +332,12 @@ int proc_readdir(struct file * filp, } do { + if (de->vx_flags && !vx_check_id(de->xid, de->vx_flags)) + goto skip; if (filldir(dirent, de->name, de->namelen, filp->f_pos, de->low_ino, de->mode >> 12) < 0) return 0; + skip: filp->f_pos++; de = de->next; } while (de); diff -NurpP --minimal linux-2.4.23-vs1.21/fs/proc/inode.c linux-2.4.23-vs1.3.0/fs/proc/inode.c --- linux-2.4.23-vs1.21/fs/proc/inode.c Fri Nov 28 19:26:21 2003 +++ linux-2.4.23-vs1.3.0/fs/proc/inode.c Wed Dec 10 01:52:26 2003 @@ -154,6 +154,9 @@ printk("proc_iget: using deleted entry % inode->i_uid = de->uid; inode->i_gid = de->gid; } + inode->i_xid = de->xid; + if (de->vx_flags) + inode->u.proc_i.vx_flags = de->vx_flags; if (de->size) inode->i_size = de->size; if (de->nlink) diff -NurpP --minimal linux-2.4.23-vs1.21/fs/proc/proc_misc.c linux-2.4.23-vs1.3.0/fs/proc/proc_misc.c --- linux-2.4.23-vs1.21/fs/proc/proc_misc.c Fri Nov 28 19:26:21 2003 +++ linux-2.4.23-vs1.3.0/fs/proc/proc_misc.c Wed Dec 10 01:52:26 2003 @@ -126,6 +126,12 @@ static int uptime_read_proc(char *page, uptime = jiffies; idle = init_tasks[0]->times.tms_utime + init_tasks[0]->times.tms_stime; + if (!vx_check(0, VX_ADMIN|VX_WATCH)) { + struct vx_info *vxi = current->vx_info; + + uptime -= vxi->virt.bias_jiffies; + idle -= vxi->virt.bias_idle; + } /* The formula for the fraction parts really is ((t * 100) / HZ) % 100, but that would overflow about every five days at HZ == 100. @@ -373,14 +379,25 @@ static int kstat_read_proc(char *page, c } } - proc_sprintf(page, &off, &len, - "\nctxt %u\n" - "btime %lu\n" - "processes %lu\n", - kstat.context_swtch, - xtime.tv_sec - jif / HZ, - total_forks); + if (vx_check(0, VX_ADMIN|VX_WATCH)) { + proc_sprintf(page, &off, &len, + "\nctxt %u\n" + "btime %lu\n" + "processes %lu\n" + ,kstat.context_swtch + ,xtime.tv_sec - jif / HZ + ,total_forks); + } else { + struct vx_info *vxi = current->vx_info; + proc_sprintf(page, &off, &len, + "\nctxt %u\n" + "btime %lu\n" + "processes %lu\n" + ,kstat.context_swtch - vxi->virt.bias_cswtch + ,xtime.tv_sec - jif / HZ + vxi->virt.bias_jiffies / HZ + ,vxi->virt.total_forks); + } return proc_calc_metrics(page, start, off, count, eof, len); } diff -NurpP --minimal linux-2.4.23-vs1.21/fs/proc/root.c linux-2.4.23-vs1.3.0/fs/proc/root.c --- linux-2.4.23-vs1.21/fs/proc/root.c Sat Aug 3 02:39:45 2002 +++ linux-2.4.23-vs1.3.0/fs/proc/root.c Wed Dec 10 01:52:26 2003 @@ -15,6 +15,7 @@ #include #include #include +#include #include struct proc_dir_entry *proc_net, *proc_bus, *proc_root_fs, *proc_root_driver; @@ -22,6 +23,8 @@ struct proc_dir_entry *proc_net, *proc_b #ifdef CONFIG_SYSCTL struct proc_dir_entry *proc_sys_root; #endif +struct proc_dir_entry *proc_virtual; + static DECLARE_FSTYPE(proc_fs_type, "proc", proc_read_super, FS_SINGLE); @@ -68,6 +71,7 @@ void __init proc_root_init(void) proc_rtas_init(); #endif proc_bus = proc_mkdir("bus", 0); + proc_virtual = proc_mkdir("virtual", 0); } static struct dentry *proc_root_lookup(struct inode * dir, struct dentry * dentry) @@ -144,4 +148,5 @@ EXPORT_SYMBOL(proc_root); EXPORT_SYMBOL(proc_root_fs); EXPORT_SYMBOL(proc_net); EXPORT_SYMBOL(proc_bus); +EXPORT_SYMBOL(proc_virtual); EXPORT_SYMBOL(proc_root_driver); diff -NurpP --minimal linux-2.4.23-vs1.21/fs/proc/virtual.c linux-2.4.23-vs1.3.0/fs/proc/virtual.c --- linux-2.4.23-vs1.21/fs/proc/virtual.c Thu Jan 1 01:00:00 1970 +++ linux-2.4.23-vs1.3.0/fs/proc/virtual.c Wed Dec 10 01:52:26 2003 @@ -0,0 +1,169 @@ +/* + * linux/fs/proc/virtual.c + * + * Virtual Context Support + * + * Copyright (C) 2003 Herbert Pötzl + * + * V0.01 basic structure + * V0.02 adaptation vs1.3.0 + * V0.03 proc permissions + * + */ + +#include + +#include +#include +#include + +#include +#include + + +extern struct proc_dir_entry *proc_virtual; + +struct proc_dir_entry *proc_virtual_info; + + +char *vx_proc_info (struct vx_info *info, char *buffer) +{ + buffer += sprintf(buffer, + "ID:\t%d\n" + "Info:\t%p\n" + "Init:\t%d\n" + ,info->vx_id + ,info, info->vx_initpid); + return buffer; +} + +int vx_info_read_func (char *page, char **start, off_t off, int count, int *eof, void *data) +{ + int len; + char *buffer = page; + + buffer = vx_proc_info(data, buffer); + + len = buffer-page; + if (len <= off+count) *eof = 1; + + *start = page + off; + len -= off; + if (len>count) len = count; + if (len<0) len = 0; + return len; +} + +char *vx_proc_status (struct vx_info *info, char *buffer) +{ + buffer += sprintf(buffer, + "RefC:\t%d\n" + "Flags:\t%08x\n" + "Ticks:\t%d\n" + ,atomic_read(&info->vx_refcount) + ,info->vx_flags + ,atomic_read(&info->limit.ticks)); + return buffer; +} + +int vx_status_read_func (char *page, char **start, off_t off, int count, int *eof, void *data) +{ + int len; + char *buffer = page; + + buffer = vx_proc_status(data, buffer); + + len = buffer-page; + if (len <= off+count) *eof = 1; + + *start = page + off; + len -= off; + if (len>count) len = count; + if (len<0) len = 0; + return len; +} + +static int vx_proc_permission(struct inode *inode, int mask) +{ + dprintk("vx_proc_permission(%p) = #%d,%04x\n", + inode, inode->i_xid, inode->u.proc_i.vx_flags); + if (vx_check_id(inode->i_xid, inode->u.proc_i.vx_flags)) + return 0; + dprintk("vx_proc_permission(%p) #%d != #%d\n", + inode, inode->i_xid, vx_current_id()); + return -ENOENT; +} + +static struct inode_operations vx_proc_inode_operations = { + lookup: proc_lookup, + permission: vx_proc_permission, +}; + + +int vx_proc_create(struct vx_info *info) +{ + struct proc_dir_entry *entry, *sub; + char name[8]; + + snprintf(name, sizeof(name)-1, "%d", info->vx_id); + entry = create_proc_entry(name, + S_IFDIR|S_IXUGO, proc_virtual); + entry->vx_flags = VX_ADMIN|VX_WATCH|VX_SAME; + entry->xid = info->vx_id; + entry->proc_iops = &vx_proc_inode_operations; + info->vx_procent = entry; + sub = create_proc_read_entry("info", + S_IFREG|S_IRUGO|S_IWUSR, + entry, vx_info_read_func, info); + sub = create_proc_read_entry("status", + S_IFREG|S_IRUGO|S_IWUSR, + entry, vx_status_read_func, info); + return 0; +} + +int vx_proc_destroy(struct vx_info *info) +{ + struct proc_dir_entry *entry = info->vx_procent; + if (!entry) + return 0; + remove_proc_entry(entry->name, proc_virtual); + info->vx_procent = NULL; + return 0; +} + +char *vs_proc_info(void *data, char *buffer) +{ + buffer += sprintf(buffer, + "VCIVersion:\t%04x:%04x\n" + ,VCI_VERSION >> 16 + ,VCI_VERSION & 0xFFFF); + return buffer; +} + +int vs_info_read_func(char *page, char **start, off_t off, int count, int *eof, void *data) +{ + int len; + char *buffer = page; + + buffer = vs_proc_info(data, buffer); + + len = buffer-page; + if (len <= off+count) *eof = 1; + + *start = page + off; + len -= off; + if (len>count) len = count; + if (len<0) len = 0; + return len; +} + + +static int __init virtual_proc_init(void) +{ + proc_virtual_info = create_proc_read_entry("info", + S_IFREG|S_IRUGO|S_IWUSR, + proc_virtual, vs_info_read_func, NULL); + return 0; +} + +__initcall(virtual_proc_init); diff -NurpP --minimal linux-2.4.23-vs1.21/include/linux/devpts_fs_info.h linux-2.4.23-vs1.3.0/include/linux/devpts_fs_info.h --- linux-2.4.23-vs1.21/include/linux/devpts_fs_info.h Thu Dec 11 00:54:56 2003 +++ linux-2.4.23-vs1.3.0/include/linux/devpts_fs_info.h Wed Dec 10 01:52:25 2003 @@ -1,4 +1,4 @@ struct devpts_inode_info { - int vx_id; + xid_t xid; }; diff -NurpP --minimal linux-2.4.23-vs1.21/include/linux/fs.h linux-2.4.23-vs1.3.0/include/linux/fs.h --- linux-2.4.23-vs1.21/include/linux/fs.h Thu Dec 11 00:55:19 2003 +++ linux-2.4.23-vs1.3.0/include/linux/fs.h Wed Dec 10 01:53:11 2003 @@ -454,6 +454,7 @@ struct inode { nlink_t i_nlink; uid_t i_uid; gid_t i_gid; + xid_t i_xid; kdev_t i_rdev; loff_t i_size; time_t i_atime; diff -NurpP --minimal linux-2.4.23-vs1.21/include/linux/proc_fs.h linux-2.4.23-vs1.3.0/include/linux/proc_fs.h --- linux-2.4.23-vs1.21/include/linux/proc_fs.h Thu Dec 11 00:55:27 2003 +++ linux-2.4.23-vs1.3.0/include/linux/proc_fs.h Wed Dec 10 01:53:18 2003 @@ -58,6 +58,8 @@ struct proc_dir_entry { nlink_t nlink; uid_t uid; gid_t gid; + xid_t xid; + int vx_flags; unsigned long size; struct inode_operations * proc_iops; struct file_operations * proc_fops; diff -NurpP --minimal linux-2.4.23-vs1.21/include/linux/proc_fs_i.h linux-2.4.23-vs1.3.0/include/linux/proc_fs_i.h --- linux-2.4.23-vs1.21/include/linux/proc_fs_i.h Fri Apr 7 22:38:00 2000 +++ linux-2.4.23-vs1.3.0/include/linux/proc_fs_i.h Wed Dec 10 01:52:26 2003 @@ -1,6 +1,7 @@ struct proc_inode_info { struct task_struct *task; int type; + int vx_flags; union { int (*proc_get_link)(struct inode *, struct dentry **, struct vfsmount **); int (*proc_read)(struct task_struct *task, char *page); diff -NurpP --minimal linux-2.4.23-vs1.21/include/linux/sched.h linux-2.4.23-vs1.3.0/include/linux/sched.h --- linux-2.4.23-vs1.21/include/linux/sched.h Thu Dec 11 00:55:19 2003 +++ linux-2.4.23-vs1.3.0/include/linux/sched.h Wed Dec 10 01:53:11 2003 @@ -271,7 +271,7 @@ struct user_struct { /* Hash table maintenance information */ struct user_struct *next, **pprev; uid_t uid; - int vx_id; + xid_t xid; }; #define get_current_user() ({ \ @@ -280,7 +280,7 @@ struct user_struct { __user; }) -struct context_info; +struct vx_info; struct iproot_info; extern struct user_struct root_user; @@ -410,10 +410,9 @@ struct task_struct { unsigned long sas_ss_sp; size_t sas_ss_size; int (*notifier)(void *priv); - int vx_id; /* Process can only deal with other processes */ - /* with the same vx_id */ + __u32 cap_bset; /* Maximum capability of this process and children */ - struct context_info *s_info; + struct vx_info *vx_info; struct iproot_info *ip_info; void *notifier_data; sigset_t *notifier_mask; @@ -584,7 +583,7 @@ static inline void task_release_cpu(stru } /* per-UID process charging. */ -extern struct user_struct * alloc_uid(int, uid_t); +extern struct user_struct * alloc_uid(xid_t, uid_t); extern void free_uid(struct user_struct *); extern void switch_uid(struct user_struct *); @@ -920,6 +919,8 @@ static inline void unhash_process(struct out_of_line_bug(); write_lock_irq(&tasklist_lock); nr_threads--; + if (p->vx_info) + p->vx_info->virt.nr_threads--; unhash_pid(p); REMOVE_LINKS(p); list_del(&p->thread_group); diff -NurpP --minimal linux-2.4.23-vs1.21/include/linux/types.h linux-2.4.23-vs1.3.0/include/linux/types.h --- linux-2.4.23-vs1.21/include/linux/types.h Thu Dec 11 00:55:19 2003 +++ linux-2.4.23-vs1.3.0/include/linux/types.h Wed Dec 10 01:53:10 2003 @@ -33,6 +33,7 @@ typedef __kernel_uid32_t uid_t; typedef __kernel_gid32_t gid_t; typedef __kernel_uid16_t uid16_t; typedef __kernel_gid16_t gid16_t; +typedef unsigned int xid_t; #ifdef CONFIG_UID16 /* This is defined by include/asm-{arch}/posix_types.h */ diff -NurpP --minimal linux-2.4.23-vs1.21/include/linux/vcontext.h linux-2.4.23-vs1.3.0/include/linux/vcontext.h --- linux-2.4.23-vs1.21/include/linux/vcontext.h Thu Dec 11 00:55:19 2003 +++ linux-2.4.23-vs1.3.0/include/linux/vcontext.h Wed Dec 10 01:53:11 2003 @@ -1,11 +1,15 @@ #ifndef _VX_CONTEXT_H #define _VX_CONTEXT_H -/* - We may have a different domainname and nodename for each security - context. By default, a security context share the same as its - parent, potentially the information in system_utsname -*/ +#define DEBUG_VX +#if defined(DEBUG) || defined(DEBUG_VX) +#include +#define dprintk(x...) printk("vxd: " x) +#else +#define dprintk(x...) +#endif + + #define VX_INFO_LOCK 1 /* Can't request a new vx_id */ #define VX_INFO_SCHED 2 /* All process in the vx_id */ /* Contribute to the schedular */ @@ -26,34 +30,48 @@ #define NB_IPV4ROOT 16 +#include +#include +#include #include #include -struct context_info { - atomic_t refcount; - short int vx_id[NB_S_CONTEXT];/* root is allowed to switch the current */ - /* security context using any in this table */ - unsigned long rlim[RLIM_NLIMITS]; /* Per context limit */ - atomic_t res[RLIM_NLIMITS]; /* Current value */ - struct proc_dir_entry *procent; - char nodename[65]; - char domainname[65]; - int flags; /* VX_INFO_xxx */ - atomic_t ticks; /* Number of ticks used by all process */ - /* in the vx_id */ - int initpid; /* PID of the logical process 1 of the */ - /* of the context */ + +struct _vx_virt { int nr_threads; + int nr_running; + int max_threads; unsigned long total_forks; + unsigned int bias_cswtch; long bias_jiffies; long bias_idle; - void *data1; - void *data2; - void *data3; - void *data4; + + struct new_utsname utsname; +}; + +struct _vx_limit { + atomic_t ticks; + + unsigned long rlim[RLIM_NLIMITS]; /* Per context limit */ + atomic_t res[RLIM_NLIMITS]; /* Current value */ +}; + +struct vx_info { + struct list_head vx_list; /* linked list of contexts */ + xid_t vx_id; /* context id */ + atomic_t vx_refcount; /* refcount */ + struct vx_info *vx_parent; /* parent context */ + + struct proc_dir_entry *vx_procent; /* proc entry */ + unsigned int vx_flags; /* VX_INFO_xxx */ + pid_t vx_initpid; /* PID of fake init process */ + + struct _vx_virt virt; /* virtual/bias stuff */ + struct _vx_limit limit; /* vserver limits */ }; + struct iproot_info { unsigned long mark; /* Special signature for debugging */ atomic_t refcount; @@ -70,11 +88,37 @@ struct iproot_info { }; +void free_vx_info(struct vx_info *); +extern int proc_pid_vinfo(struct task_struct *, char *); + +static inline struct vx_info *get_vx_info(struct vx_info *vxi) +{ + dprintk("get_vx_info(%p[#%d.%d])\n", vxi, + vxi->vx_id, atomic_read(&vxi->vx_refcount)); + atomic_inc(&vxi->vx_refcount); + return vxi; +} + +static inline void put_vx_info(struct vx_info *vxi) +{ + /* for now we allow vxi to be null */ + if (!vxi) + return; + dprintk("put_vx_info(%p[#%d.%d])\n", vxi, + vxi->vx_id, atomic_read(&vxi->vx_refcount)); + if (atomic_dec_and_lock(&vxi->vx_refcount, &vxlist_lock)) { + list_del(&vxi->vx_list); + spin_unlock(&vxlist_lock); + free_vx_info(vxi); + } +} + + #define VX_ADMIN 0x0001 #define VX_WATCH 0x0002 -#define VX_IDENT 0x0010 -#define VX_EQUIV 0x0020 +#define VX_IDENT 0x0010 /* pointer based */ +#define VX_SAME 0x0020 /* id based */ #define VX_PARENT 0x0040 #define VX_CHILD 0x0080 @@ -83,22 +127,43 @@ struct iproot_info { #include /* required to resolve recursive dependancies */ -#define vx_check(c,m) __vx_check(current->vx_id,c,m) +#define vx_task_id(t) __vx_id(t->vx_info) + +#define vx_current_id() vx_task_id(current) + +static inline int __vx_id(struct vx_info *vxi) +{ + if (!vxi) + return 0; + return vxi->vx_id; +} + + +/* required to resolve recursive dependancies */ +#define vx_check(c,m) \ + __vx_check(current->vx_info,c,__vx_id(c),m) + +#define vx_check_id(c,m) \ + __vx_check(current->vx_info,0,c,m) /* * check current context for ADMIN/WATCH and * optionally agains supplied argument */ -static inline int __vx_check(int cctx, int ctx, unsigned int mode) +static inline int __vx_check(struct vx_info *cvxi, + struct vx_info *vxi, int id, unsigned int mode) { if (mode & VX_ARG_MASK) { - if ((mode & VX_IDENT) && (ctx == cctx)) + if ((mode & VX_IDENT) && + (vxi == cvxi)) return 1; - if ((mode & VX_EQUIV) && (ctx == cctx)) + if ((mode & VX_SAME) && + (__vx_id(cvxi) == id)) return 1; } - return (((mode & VX_ADMIN) && (cctx == 0)) || - ((mode & VX_WATCH) && (cctx == 1))); + return (((mode & VX_ADMIN) && (cvxi == 0)) || + ((mode & VX_WATCH) && (cvxi) && + (__vx_id(cvxi) == 1))); } diff -NurpP --minimal linux-2.4.23-vs1.21/include/net/route.h linux-2.4.23-vs1.3.0/include/net/route.h --- linux-2.4.23-vs1.21/include/net/route.h Thu Dec 11 00:57:27 2003 +++ linux-2.4.23-vs1.3.0/include/net/route.h Wed Dec 10 01:55:19 2003 @@ -172,6 +172,8 @@ static inline int ip_route_connect(struc __u32 ipv4root = ip_info->ipv4[0]; if (ipv4root != 0) { int n = ip_info->nbipv4; + if (dst == 0x0100007f && !vx_check(0, VX_ADMIN)) + dst = ipv4root; if (src == 0) { if (n > 1) { u32 foundsrc; @@ -201,8 +203,6 @@ static inline int ip_route_connect(struc if (i == n) return -EPERM; } - if (dst == 0x0100007f && !vx_check(0, VX_ADMIN)) - dst = ipv4root; } } err = ip_route_output(rp, dst, src, tos, oif); diff -NurpP --minimal linux-2.4.23-vs1.21/include/net/sock.h linux-2.4.23-vs1.3.0/include/net/sock.h --- linux-2.4.23-vs1.21/include/net/sock.h Thu Dec 11 00:56:07 2003 +++ linux-2.4.23-vs1.3.0/include/net/sock.h Wed Dec 10 01:53:59 2003 @@ -691,7 +691,7 @@ struct sock { void *user_data; /* Context of process creating this socket */ - int vx_id; + xid_t xid; /* Callbacks */ void (*state_change)(struct sock *sk); diff -NurpP --minimal linux-2.4.23-vs1.21/include/net/tcp.h linux-2.4.23-vs1.3.0/include/net/tcp.h --- linux-2.4.23-vs1.21/include/net/tcp.h Thu Dec 11 00:58:26 2003 +++ linux-2.4.23-vs1.3.0/include/net/tcp.h Wed Dec 10 01:56:19 2003 @@ -192,7 +192,7 @@ struct tcp_tw_bucket { struct in6_addr v6_daddr; struct in6_addr v6_rcv_saddr; #endif - int vx_id; + xid_t xid; }; extern kmem_cache_t *tcp_timewait_cachep; diff -NurpP --minimal linux-2.4.23-vs1.21/ipc/util.c linux-2.4.23-vs1.3.0/ipc/util.c --- linux-2.4.23-vs1.21/ipc/util.c Thu Dec 11 00:54:59 2003 +++ linux-2.4.23-vs1.3.0/ipc/util.c Wed Dec 10 01:52:26 2003 @@ -93,7 +93,7 @@ int ipc_findkey(struct ipc_ids* ids, key struct kern_ipc_perm* p; for (id = 0; id <= ids->max_id; id++) { - if (!vx_check(ids->entries[id].vx_id, VX_IDENT)) + if (!vx_check_id(ids->entries[id].xid, VX_SAME)) continue; p = ids->entries[id].p; if(p==NULL) @@ -169,7 +169,7 @@ found: spin_lock(&ids->ary); ids->entries[id].p = new; - ids->entries[id].vx_id = current->vx_id; + ids->entries[id].xid = vx_current_id(); return id; } diff -NurpP --minimal linux-2.4.23-vs1.21/ipc/util.h linux-2.4.23-vs1.3.0/ipc/util.h --- linux-2.4.23-vs1.21/ipc/util.h Thu Dec 11 00:59:44 2003 +++ linux-2.4.23-vs1.3.0/ipc/util.h Wed Dec 10 01:57:37 2003 @@ -27,7 +27,7 @@ struct ipc_ids { struct ipc_id { struct kern_ipc_perm* p; - int vx_id; // Context owning this ID + xid_t xid; }; @@ -78,7 +78,7 @@ extern inline struct kern_ipc_perm* ipc_ spin_lock(&ids->ary); out = ids->entries[lid].p; if (out==NULL || - !vx_check(ids->entries[lid].vx_id, VX_WATCH|VX_IDENT)) { + !vx_check_id(ids->entries[lid].xid, VX_WATCH|VX_SAME)) { spin_unlock(&ids->ary); out = NULL; } diff -NurpP --minimal linux-2.4.23-vs1.21/kernel/exit.c linux-2.4.23-vs1.3.0/kernel/exit.c --- linux-2.4.23-vs1.21/kernel/exit.c Thu Dec 11 00:54:59 2003 +++ linux-2.4.23-vs1.3.0/kernel/exit.c Wed Dec 10 01:52:26 2003 @@ -67,7 +67,8 @@ static void release_task(struct task_str current->counter += p->counter; if (current->counter >= MAX_COUNTER) current->counter = MAX_COUNTER; - vx_release_info(p); + put_vx_info(p->vx_info); + // vx_release_info(p); vx_release_ip_info(p->ip_info); p->pid = 0; free_task_struct(p); @@ -165,8 +166,8 @@ static inline void forget_original_paren struct task_struct *vchild_reaper = child_reaper; read_lock(&tasklist_lock); - if (father->s_info) { - pid_t initpid = father->s_info->initpid; + if (father->vx_info) { + pid_t initpid = father->vx_info->vx_initpid; if ((initpid != 0) && (father->pid != initpid)) { struct task_struct *r = find_task_by_pid(initpid); diff -NurpP --minimal linux-2.4.23-vs1.21/kernel/fork.c linux-2.4.23-vs1.3.0/kernel/fork.c --- linux-2.4.23-vs1.21/kernel/fork.c Thu Dec 11 00:54:59 2003 +++ linux-2.4.23-vs1.3.0/kernel/fork.c Wed Dec 10 01:52:26 2003 @@ -663,8 +663,8 @@ int do_fork(unsigned long clone_flags, u *p = *current; retval = -EAGAIN; - if (p->s_info && (p->s_info->flags & VX_INFO_NPROC)) { - if (atomic_read(&p->s_info->refcount) >= p->rlim[RLIMIT_NPROC].rlim_max) + if (p->vx_info && (p->vx_info->vx_flags & VX_INFO_NPROC)) { + if (atomic_read(&p->vx_info->vx_refcount) >= p->rlim[RLIMIT_NPROC].rlim_max) goto bad_fork_free; } /* @@ -677,7 +677,11 @@ int do_fork(unsigned long clone_flags, u && !capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RESOURCE)) goto bad_fork_free; - vx_assign_info(p); + if (current->vx_info) + p->vx_info = get_vx_info(current->vx_info); + else + p->vx_info = NULL; + // vx_assign_info(p); vx_assign_ip_info(p->ip_info); atomic_inc(&p->user->__count); @@ -814,6 +818,8 @@ int do_fork(unsigned long clone_flags, u SET_LINKS(p); hash_pid(p); nr_threads++; + if (p->vx_info) + p->vx_info->virt.nr_threads++; write_unlock_irq(&tasklist_lock); if (p->ptrace & PT_PTRACED) @@ -821,6 +827,8 @@ int do_fork(unsigned long clone_flags, u wake_up_process(p); /* do this last */ ++total_forks; + if (p->vx_info) + p->vx_info->virt.total_forks++; if (clone_flags & CLONE_VFORK) wait_for_completion(&vfork); diff -NurpP --minimal linux-2.4.23-vs1.21/kernel/info.c linux-2.4.23-vs1.3.0/kernel/info.c --- linux-2.4.23-vs1.21/kernel/info.c Sat Apr 21 01:15:40 2001 +++ linux-2.4.23-vs1.3.0/kernel/info.c Wed Dec 10 01:52:26 2003 @@ -20,13 +20,19 @@ asmlinkage long sys_sysinfo(struct sysin memset((char *)&val, 0, sizeof(struct sysinfo)); cli(); - val.uptime = jiffies / HZ; + if (vx_check(0, VX_ADMIN|VX_WATCH)) { + val.uptime = jiffies / HZ; + val.procs = nr_threads-1; + } else { + struct vx_info *vxi = current->vx_info; + + val.uptime = (jiffies - vxi->virt.bias_jiffies) / HZ; + val.procs = vxi->virt.nr_threads; + } val.loads[0] = avenrun[0] << (SI_LOAD_SHIFT - FSHIFT); val.loads[1] = avenrun[1] << (SI_LOAD_SHIFT - FSHIFT); val.loads[2] = avenrun[2] << (SI_LOAD_SHIFT - FSHIFT); - - val.procs = nr_threads-1; sti(); si_meminfo(&val); diff -NurpP --minimal linux-2.4.23-vs1.21/kernel/sched.c linux-2.4.23-vs1.3.0/kernel/sched.c --- linux-2.4.23-vs1.21/kernel/sched.c Thu Dec 11 00:54:59 2003 +++ linux-2.4.23-vs1.3.0/kernel/sched.c Wed Dec 10 01:52:26 2003 @@ -166,9 +166,9 @@ static inline int goodness(struct task_s * Don't do any other calculations if the time slice is * over.. */ - if (p->s_info && (p->s_info->flags & VX_INFO_SCHED)) { - weight = atomic_read(&p->s_info->ticks) / - atomic_read(&p->s_info->refcount); + if (p->vx_info && (p->vx_info->vx_flags & VX_INFO_SCHED)) { + weight = atomic_read(&p->vx_info->limit.ticks) / + atomic_read(&p->vx_info->vx_refcount); weight = (weight+p->counter) >> 1; } else weight = p->counter; @@ -629,13 +629,13 @@ repeat_schedule: member processes p->counter */ for_each_task(p) { - if (p->s_info && (p->s_info->flags & VX_INFO_SCHED)) - atomic_set(&p->s_info->ticks, 0); + if (p->vx_info && (p->vx_info->vx_flags & VX_INFO_SCHED)) + atomic_set(&p->vx_info->limit.ticks, 0); } for_each_task(p) { p->counter = (p->counter >> 1) + NICE_TO_TICKS(p->nice); - if (p->s_info && (p->s_info->flags & VX_INFO_SCHED)) - atomic_add(p->counter, &p->s_info->ticks); + if (p->vx_info && (p->vx_info->vx_flags & VX_INFO_SCHED)) + atomic_add(p->counter, &p->vx_info->limit.ticks); } read_unlock(&tasklist_lock); spin_lock_irq(&runqueue_lock); diff -NurpP --minimal linux-2.4.23-vs1.21/kernel/signal.c linux-2.4.23-vs1.3.0/kernel/signal.c --- linux-2.4.23-vs1.21/kernel/signal.c Thu Dec 11 00:54:59 2003 +++ linux-2.4.23-vs1.3.0/kernel/signal.c Wed Dec 10 01:52:26 2003 @@ -624,7 +624,7 @@ kill_pg_info(int sig, struct siginfo *in for_each_task(p) { if (p->pgrp == pgrp && thread_group_leader(p) && ((long)info == 1 || - vx_check(p->vx_id, VX_IDENT))) { + vx_check(p->vx_info, VX_IDENT))) { int err = send_sig_info(sig, info, p); if (retval) retval = err; @@ -680,7 +680,7 @@ kill_proc_info(int sig, struct siginfo * } switch ((unsigned long)info) { case 0: - if (vx_check(p->vx_id, VX_IDENT)) + if (vx_check(p->vx_info, VX_IDENT)) error = send_sig_info(sig, info, p); break; case 1: @@ -688,7 +688,7 @@ kill_proc_info(int sig, struct siginfo * break; default: if ((info->si_code == SI_KERNEL) - || vx_check(p->vx_id, VX_IDENT)) + || vx_check(p->vx_info, VX_IDENT)) error = send_sig_info(sig, info, p); break; } @@ -717,7 +717,7 @@ static int kill_something_info(int sig, for_each_task(p) { if (p->pid > 1 && p != current && thread_group_leader(p) && - vx_check(p->vx_id, VX_IDENT)) { + vx_check(p->vx_info, VX_IDENT)) { int err = send_sig_info(sig, info, p); ++count; if (err != -EPERM) diff -NurpP --minimal linux-2.4.23-vs1.21/kernel/sys.c linux-2.4.23-vs1.3.0/kernel/sys.c --- linux-2.4.23-vs1.21/kernel/sys.c Thu Dec 11 00:54:59 2003 +++ linux-2.4.23-vs1.3.0/kernel/sys.c Wed Dec 10 01:52:26 2003 @@ -305,7 +305,7 @@ long vs_reboot(unsigned int cmd, void * "PATH=/sbin:/usr/sbin:/bin:/usr/bin", uid_buf, pid_buf, cmd_buf, 0}; - snprintf(id_buf, sizeof(id_buf)-1, "%d", current->vx_id); + snprintf(id_buf, sizeof(id_buf)-1, "%d", vx_current_id()); snprintf(cmd_buf, sizeof(cmd_buf)-1, "VS_CMD=%08x", cmd); snprintf(uid_buf, sizeof(uid_buf)-1, "VS_UID=%d", current->uid); @@ -580,7 +580,7 @@ static int set_user(uid_t new_ruid, int { struct user_struct *new_user; - new_user = alloc_uid(current->vx_id, new_ruid); + new_user = alloc_uid(vx_current_id(), new_ruid); if (!new_user) return -EAGAIN; switch_uid(new_user); @@ -1095,10 +1095,8 @@ asmlinkage long sys_newuname(struct new_ struct new_utsname tmp,*pttmp; down_read(&uts_sem); - if (current->s_info) { - tmp = system_utsname; - strcpy (tmp.nodename,current->s_info->nodename); - strcpy (tmp.domainname,current->s_info->domainname); + if (current->vx_info) { + tmp = current->vx_info->virt.utsname; pttmp = &tmp; } else @@ -1122,8 +1120,8 @@ asmlinkage long sys_sethostname(char *na down_write(&uts_sem); errno = -EFAULT; nodename = system_utsname.nodename; - if (current->s_info) - nodename = current->s_info->nodename; + if (current->vx_info) + nodename = current->vx_info->virt.utsname.nodename; if (!copy_from_user(tmp, name, len)) { memcpy(nodename, tmp, len); nodename[len] = 0; @@ -1142,8 +1140,8 @@ asmlinkage long sys_gethostname(char *na return -EINVAL; down_read(&uts_sem); nodename = system_utsname.nodename; - if (current->s_info) - nodename = current->s_info->nodename; + if (current->vx_info) + nodename = current->vx_info->virt.utsname.nodename; i = 1 + strlen(nodename); if (i > len) i = len; @@ -1171,8 +1169,8 @@ asmlinkage long sys_setdomainname(char * down_write(&uts_sem); domainname = system_utsname.domainname; - if (current->s_info) - domainname = current->s_info->domainname; + if (current->vx_info) + domainname = current->vx_info->virt.utsname.domainname; errno = -EFAULT; if (!copy_from_user(tmp, name, len)) { memcpy(domainname, tmp, len); diff -NurpP --minimal linux-2.4.23-vs1.21/kernel/sysctl.c linux-2.4.23-vs1.3.0/kernel/sysctl.c --- linux-2.4.23-vs1.21/kernel/sysctl.c Thu Dec 11 00:54:59 2003 +++ linux-2.4.23-vs1.3.0/kernel/sysctl.c Wed Dec 10 01:52:26 2003 @@ -838,14 +838,14 @@ static int proc_doutsstring(ctl_table *t ctl_table tmp; /* HACK for per context hostname and domainname */ - if (current->s_info) { + if (current->vx_info) { tmp = *table; table = &tmp; if (table->data == (void*)&system_utsname.nodename) - tmp.data = ¤t->s_info->nodename; + tmp.data = ¤t->vx_info->virt.utsname.nodename; else if (table->data == (void*)&system_utsname.domainname) - tmp.data = ¤t->s_info->domainname; + tmp.data = ¤t->vx_info->virt.utsname.domainname; } if (!write) { down_read(&uts_sem); diff -NurpP --minimal linux-2.4.23-vs1.21/kernel/timer.c linux-2.4.23-vs1.3.0/kernel/timer.c --- linux-2.4.23-vs1.21/kernel/timer.c Thu Dec 11 00:54:59 2003 +++ linux-2.4.23-vs1.3.0/kernel/timer.c Wed Dec 10 01:52:26 2003 @@ -600,8 +600,8 @@ void update_process_times(int user_tick) update_one_process(p, user_tick, system, cpu); if (p->pid) { - if (p->s_info && (p->s_info->flags & VX_INFO_SCHED)) - atomic_dec (&p->s_info->ticks); + if (p->vx_info && (p->vx_info->vx_flags & VX_INFO_SCHED)) + atomic_dec (&p->vx_info->limit.ticks); if (--p->counter <= 0) { p->counter = 0; /* @@ -755,8 +755,8 @@ asmlinkage unsigned long sys_alarm(unsig */ asmlinkage long sys_getpid(void) { - if (current->s_info && - current->s_info->initpid == current->tgid) + if (current->vx_info && + current->vx_info->vx_initpid == current->tgid) /* We are faking process 1 for this security context */ return 1; return current->tgid; @@ -805,8 +805,8 @@ asmlinkage long sys_getppid(void) #endif break; } - if (pid && current->s_info - && current->s_info->initpid == pid) + if (pid && current->vx_info + && current->vx_info->vx_initpid == pid) /* We are faking process 1 for this security context */ pid = 1; return pid; diff -NurpP --minimal linux-2.4.23-vs1.21/kernel/user.c linux-2.4.23-vs1.3.0/kernel/user.c --- linux-2.4.23-vs1.21/kernel/user.c Thu Dec 11 00:54:56 2003 +++ linux-2.4.23-vs1.3.0/kernel/user.c Wed Dec 10 01:52:26 2003 @@ -69,7 +69,7 @@ static inline void uid_hash_remove(struc *pprev = next; } -static inline struct user_struct *uid_hash_find(int vx_id, uid_t uid, struct user_struct **hashent) +static inline struct user_struct *uid_hash_find(xid_t xid, uid_t uid, struct user_struct **hashent) { struct user_struct *next; @@ -78,7 +78,7 @@ static inline struct user_struct *uid_ha struct user_struct *up = next; if (next) { next = up->next; - if (up->uid != uid || up->vx_id != vx_id) + if (up->uid != uid || up->xid != xid) continue; atomic_inc(&up->__count); } @@ -95,13 +95,13 @@ void free_uid(struct user_struct *up) } } -struct user_struct * alloc_uid(int vx_id, uid_t uid) +struct user_struct * alloc_uid(xid_t xid, uid_t uid) { struct user_struct **hashent = uidhashentry(uid); struct user_struct *up; spin_lock(&uidhash_lock); - up = uid_hash_find(vx_id, uid, hashent); + up = uid_hash_find(xid, uid, hashent); spin_unlock(&uidhash_lock); if (!up) { @@ -111,7 +111,7 @@ struct user_struct * alloc_uid(int vx_id if (!new) return NULL; new->uid = uid; - new->vx_id = vx_id; + new->xid = xid; atomic_set(&new->__count, 1); atomic_set(&new->processes, 0); atomic_set(&new->files, 0); @@ -121,7 +121,7 @@ struct user_struct * alloc_uid(int vx_id * on adding the same user already.. */ spin_lock(&uidhash_lock); - up = uid_hash_find(vx_id, uid, hashent); + up = uid_hash_find(xid, uid, hashent); if (up) { kmem_cache_free(uid_cachep, new); } else { diff -NurpP --minimal linux-2.4.23-vs1.21/kernel/vcontext.c linux-2.4.23-vs1.3.0/kernel/vcontext.c --- linux-2.4.23-vs1.21/kernel/vcontext.c Thu Dec 11 00:54:59 2003 +++ linux-2.4.23-vs1.3.0/kernel/vcontext.c Wed Dec 10 01:52:26 2003 @@ -6,6 +6,8 @@ * Copyright (C) 2003 Herbert Pötzl * * V0.01 context helper + * V0.02 vx_ctx_kill + * V0.03 replaced context_info calls * */ @@ -47,9 +49,9 @@ int vc_ctx_kill(uint32_t id, void *data) case -1: case 0: for_each_task(p) { - if (!initpid && p->vx_id == id && p->s_info) - initpid = p->s_info->initpid; - if (p->vx_id == id && p->pid > 1 + if (!initpid && vx_task_id(p) == id && p->vx_info) + initpid = p->vx_info->vx_initpid; + if (vx_task_id(p) == id && p->pid > 1 && (!vc_data.pid || initpid != p->pid) && thread_group_leader(p)) { int err = send_sig_info(vc_data.sig, &info, p); @@ -71,7 +73,7 @@ int vc_ctx_kill(uint32_t id, void *data) if (tg) p = tg; } - if ((id == -1) || (p->vx_id == id)) + if ((id == -1) || (vx_task_id(p) == id)) retval = send_sig_info(vc_data.sig, &info, p); } break; @@ -100,85 +102,166 @@ int vc_get_rlimit_mask(uint32_t id, void /* system functions */ +LIST_HEAD(vx_infos); + +spinlock_t vxlist_lock + __cacheline_aligned_in_smp = SPIN_LOCK_UNLOCKED; + + /* - * Alloc a new s_info to the current process and release - * the one currently owned by the current process. + * struct vx_info allocation and deallocation */ -static void vx_alloc_info(void) + +static struct vx_info *alloc_vx_info(int id) { - struct context_info *s_info; + struct vx_info *new = NULL; + + dprintk("alloc_vx_info(%d)\n", id); + /* would this benefit from a slab cache? */ + new = kmalloc(sizeof(struct vx_info), GFP_KERNEL); + if (!new) + return 0; + + memset (new, 0, sizeof(struct vx_info)); + new->vx_id = id; + /* rest of init goes here */ + + atomic_set(&new->limit.ticks, current->counter); + new->virt.nr_threads = 1; + new->virt.bias_cswtch = kstat.context_swtch; + new->virt.bias_jiffies = jiffies; + new->virt.bias_idle = init_tasks[0]->times.tms_utime + + init_tasks[0]->times.tms_stime; + down_read(&uts_sem); + new->virt.utsname = system_utsname; + up_read(&uts_sem); + + dprintk("alloc_vx_info(%d) = %p\n", id, new); + return new; +} - s_info = kmalloc(sizeof(struct context_info), GFP_KERNEL); - if (s_info) { - int i; - memset (s_info, 0, sizeof(*s_info)); - s_info->vx_id[0] = current->vx_id; - atomic_set(&s_info->refcount, 1); - atomic_set(&s_info->ticks, current->counter); - s_info->flags = 0; - s_info->initpid = 0; - s_info->nr_threads = 1; - s_info->total_forks = 0; - s_info->bias_cswtch = kstat.context_swtch; - s_info->bias_jiffies = jiffies; - s_info->bias_idle = init_tasks[0]->times.tms_utime + - init_tasks[0]->times.tms_stime; - for (i=0; irlim[i] = 0xffffffff; - atomic_set(&s_info->res[i], 0); - } - down_read(&uts_sem); - if (current->s_info) { - strcpy(s_info->nodename, current->s_info->nodename); - strcpy(s_info->domainname, current->s_info->domainname); - } else { - strcpy(s_info->nodename, system_utsname.nodename); - strcpy(s_info->domainname, system_utsname.domainname); - } - up_read(&uts_sem); - vx_release_info(current); - current->s_info = s_info; - /* - The current process is switching to a new context - so we preset the open file counter with - the file currently open by that process. - Some of those files may have been opened by - a parent, so do not strictly belong to this - process, so we kind of over bill the current process - but it is minimal. - */ - atomic_set(&s_info->res[RLIMIT_NOFILE], - atomic_read(¤t->files->count)); - } +extern int vx_proc_destroy(struct vx_info *); + +void free_vx_info(struct vx_info *vxi) +{ + dprintk("free_vx_info(%p)\n", vxi); + vx_proc_destroy(vxi); + kfree(vxi); } + /* - * Increase the reference count on the context_info member of a task + * struct vx_info search by id + * needs the vxlist_lock */ -void vx_assign_info (struct task_struct *p) + +static inline struct vx_info *__find_vx_info(int id) { - down_write (&uts_sem); - if (p->s_info) - atomic_inc(&p->s_info->refcount); - up_write (&uts_sem); + struct vx_info *vxi; + + list_for_each_entry(vxi, &vx_infos, vx_list) + if (vxi->vx_id == id) + return vxi; + return 0; } + /* - * Decrease the reference count on the context_info member of a task - * Free the struct if the reference count reach 0. + * struct vx_info ref stuff */ -void vx_release_info (struct task_struct *p) + +static struct vx_info *find_vx_info(int id) { - down_write (&uts_sem); - if (p->s_info) { - if (atomic_dec_and_test(&p->s_info->refcount)) { - kfree(p->s_info); - p->s_info = NULL; - } + struct vx_info *vxi; + + spin_lock(&vxlist_lock); + if ((vxi = __find_vx_info(id))) + get_vx_info(vxi); + spin_unlock(&vxlist_lock); + return vxi; +} + +extern int vx_proc_create(struct vx_info *); + +static struct vx_info *find_or_create_vx_info(int id) +{ + struct vx_info *vxi, *new; + + dprintk("find_or_create_vx_info(%d)\n", id); + if (!(new = alloc_vx_info(id))) + return 0; + atomic_set(&new->vx_refcount, 1); + spin_lock(&vxlist_lock); + if ((vxi = __find_vx_info(id))) { + dprintk("find_or_create_vx_info(%d) = %p (found)\n", id, vxi); + get_vx_info(vxi); + spin_unlock(&vxlist_lock); + free_vx_info(new); + return vxi; } - up_write (&uts_sem); + list_add(&new->vx_list, &vx_infos); + vx_proc_create(new); + dprintk("find_or_create_vx_info(%d) = %p (new)\n", id, new); + spin_unlock(&vxlist_lock); + return new; +} + + + +static int vx_migrate_user(struct task_struct *p, struct vx_info *vxi) +{ + struct user_struct *new_user, *old_user; + + if (!p || !vxi) + BUG(); + new_user = alloc_uid(vxi->vx_id, p->uid); + if (!new_user) + return -ENOMEM; + + old_user = p->user; + if (new_user != old_user) { + atomic_inc(&new_user->processes); + atomic_dec(&old_user->processes); + p->user = new_user; + } + free_uid(old_user); + return 0; +} + +/* + * migrate task to new context + * gets vxi, puts old_vxi on change + */ + +static int vx_migrate_task(struct task_struct *p, struct vx_info *vxi) +{ + struct vx_info *old_vxi; + int ret = 0; + + if (!p || !vxi) + BUG(); + + dprintk("vx_migrate_task(%p,%p[#%d.%d)\n", p, vxi, + vxi->vx_id, atomic_read(&vxi->vx_refcount)); + spin_lock(&p->alloc_lock); + if ((old_vxi = p->vx_info) == vxi) + goto out; + + if (!(ret = vx_migrate_user(p, vxi))) { + if (old_vxi) + old_vxi->virt.nr_threads--; + vxi->virt.nr_threads++; + p->vx_info = get_vx_info(vxi); + if (old_vxi) + put_vx_info(old_vxi); + } +out: + spin_unlock(&p->alloc_lock); + return ret; } + + /* * Alloc a new ip_info to the current process and release * the one currently owned by the current process. @@ -219,156 +302,107 @@ void vx_release_ip_info (struct iproot_i } -static int vx_switch_user_struct(int new_context) -{ - struct user_struct *new_user; - - new_user = alloc_uid(new_context, current->uid); - if (!new_user) - return -ENOMEM; - - if (new_user != current->user) { - struct user_struct *old_user = current->user; - - atomic_inc(&new_user->processes); - atomic_dec(&old_user->processes); - current->user = new_user; - free_uid(old_user); - } else - free_uid(new_user); - return 0; -} - -static int vx_set_initpid(int flags) +static int vx_set_initpid(struct vx_info *vxi, int pid) { int ret = 0; - if (flags & VX_INFO_INIT) { - if (current->s_info == NULL) - ret = -EINVAL; - else if (current->s_info->initpid != 0) - ret = -EPERM; - else - current->s_info->initpid = current->tgid; - } + if (vxi->vx_initpid) + ret = -EPERM; + else + vxi->vx_initpid = pid; return ret; } - -/* new security context (syscall) */ - -/* - * Change to a new security context and reduce the capability - * basic set of the current process - */ int vc_new_s_context(uint32_t ctx, void *data) { int ret = -EPERM; struct vcmd_new_s_context_v1 vc_data; + struct vx_info *new_vxi; if (copy_from_user(&vc_data, data, sizeof(vc_data))) return -EFAULT; - if (ctx == -1) { - if (current->s_info == NULL - || !(current->s_info->flags & VX_INFO_LOCK)) { - /* Ok we allocate a new context. For now, we just increase */ - /* it. Wrap around possible, so we loop */ + switch (ctx) { + case -1: + /* allocate dynamic context */ + if (current->vx_info == NULL + || !(current->vx_info->vx_flags & VX_INFO_LOCK)) { static int new_xid = MAX_S_CONTEXT; static spinlock_t alloc_ctx_lock = SPIN_LOCK_UNLOCKED; - int old_xid = current->vx_id; int barrier = new_xid; - int valid = 0; + int done = 0; - spin_lock(&alloc_ctx_lock); do { - struct task_struct *p; - - valid = 1; + spin_lock(&alloc_ctx_lock); if (++new_xid > MAX_S_CONTEXT) new_xid = MIN_D_CONTEXT; + spin_unlock(&alloc_ctx_lock); - /* Check if in use */ - read_lock(&tasklist_lock); - for_each_task(p) { - if (p->vx_id == new_xid) { - valid = 0; - break; - } - } - read_unlock(&tasklist_lock); - - if (valid) { - current->vx_id = new_xid; + new_vxi = find_or_create_vx_info(new_xid); + if (atomic_read(&new_vxi->vx_refcount) > 1) + put_vx_info(new_vxi); + else { + done = 1; break; } } while (barrier != new_xid); - spin_unlock(&alloc_ctx_lock); - if (!valid) + if (!done) return -EDEADLK; - ret = vx_switch_user_struct(new_xid); + ret = vx_migrate_task(current, new_vxi); if (ret == 0) { current->cap_bset &= (~vc_data.remove_cap); - ret = new_xid; - vx_alloc_info(); - if (current->s_info) { - vx_set_initpid(vc_data.flags); - current->s_info->flags |= vc_data.flags; - } - } else - current->vx_id = old_xid; + new_vxi->vx_flags |= vc_data.flags; + if (vc_data.flags & VX_INFO_INIT) + vx_set_initpid(new_vxi, current->tgid); + ret = new_vxi->vx_id; + } + put_vx_info(new_vxi); } - } else if (ctx == -2) { - ret = vx_set_initpid(vc_data.flags); + break; + + case -2: + /* assign flags and initpid */ + if (!current->vx_info) + return -EINVAL; + ret = 0; + if (vc_data.flags & VX_INFO_INIT) + ret = vx_set_initpid(current->vx_info, current->tgid); if (ret == 0) { /* We keep the same vx_id, but lower the capabilities */ current->cap_bset &= (~vc_data.remove_cap); - ret = current->vx_id; - if (current->s_info) { - if (vc_data.flags & VX_INFO_INIT) - current->s_info->initpid = current->tgid; - current->s_info->flags |= vc_data.flags; - } - } - } else if (ctx <= 0 || ctx > MAX_S_CONTEXT) { - ret = -EINVAL; - } else if (vx_check(0, VX_ADMIN) - && capable(CAP_SYS_ADMIN) - && (current->s_info == NULL - ||(current->s_info->flags & VX_INFO_LOCK) == 0)) { - /* The root context can become any context it wants */ - int found = 0; - struct task_struct *p; - - /* Check if in use so we reuse the same context_info */ - read_lock(&tasklist_lock); - ret = ctx; - for_each_task(p) { - if (p->vx_id == ctx) { - found = 1; - if (p->s_info == NULL - || !(p->s_info->flags & VX_INFO_PRIVATE)) { - vx_release_info(current); - vx_assign_info (p); - current->s_info = p->s_info; - } - else - ret = -EPERM; - break; - } + ret = vx_current_id(); + current->vx_info->vx_flags |= vc_data.flags; } - read_unlock(&tasklist_lock); - if (ret == ctx) { - ret = vx_switch_user_struct(ctx); - if (ret == 0) { - current->vx_id = ctx; - current->cap_bset &= (~vc_data.remove_cap); - if (!found) - vx_alloc_info(); - if (current->s_info) - current->s_info->flags |= vc_data.flags; - } + break; + + case 0: + return -EINVAL; + break; + + default: + if (ctx <= 0 || ctx > MAX_S_CONTEXT) + return -EINVAL; + if (!vx_check(0, VX_ADMIN) || + !capable(CAP_SYS_ADMIN) || + (current->vx_info && + (current->vx_info->vx_flags & VX_INFO_LOCK))) + return -EPERM; + if (ctx >= MIN_D_CONTEXT) + new_vxi = find_vx_info(ctx); + else + new_vxi = find_or_create_vx_info(ctx); + if (!new_vxi) + return -EINVAL; + ret = vx_migrate_task(current, new_vxi); + if (ret == 0) { + current->cap_bset &= (~vc_data.remove_cap); + new_vxi->vx_flags |= vc_data.flags; + if (vc_data.flags & VX_INFO_INIT) + vx_set_initpid(new_vxi, current->tgid); + ret = new_vxi->vx_id; } + put_vx_info(new_vxi); + break; } return ret; } diff -NurpP --minimal linux-2.4.23-vs1.21/net/ipv4/af_inet.c linux-2.4.23-vs1.3.0/net/ipv4/af_inet.c --- linux-2.4.23-vs1.21/net/ipv4/af_inet.c Thu Dec 11 00:54:59 2003 +++ linux-2.4.23-vs1.3.0/net/ipv4/af_inet.c Wed Dec 10 01:52:26 2003 @@ -395,7 +395,7 @@ static int inet_create(struct socket *so sk->protinfo.af_inet.mc_index = 0; sk->protinfo.af_inet.mc_list = NULL; - sk->vx_id = current->vx_id; + sk->xid = vx_current_id(); sk->ip_info = NULL; #ifdef INET_REFCNT_DEBUG diff -NurpP --minimal linux-2.4.23-vs1.21/net/ipv4/raw.c linux-2.4.23-vs1.3.0/net/ipv4/raw.c --- linux-2.4.23-vs1.21/net/ipv4/raw.c Thu Dec 11 00:54:59 2003 +++ linux-2.4.23-vs1.3.0/net/ipv4/raw.c Wed Dec 10 01:52:26 2003 @@ -689,7 +689,7 @@ int raw_get_info(char *buffer, char **st for (sk = raw_v4_htable[i]; sk; sk = sk->next, num++) { if (sk->family != PF_INET || - !vx_check(sk->vx_id, VX_WATCH|VX_IDENT)) + !vx_check_id(sk->xid, VX_WATCH|VX_SAME)) continue; pos += 128; if (pos <= offset) diff -NurpP --minimal linux-2.4.23-vs1.21/net/ipv4/tcp_ipv4.c linux-2.4.23-vs1.3.0/net/ipv4/tcp_ipv4.c --- linux-2.4.23-vs1.21/net/ipv4/tcp_ipv4.c Thu Dec 11 00:54:59 2003 +++ linux-2.4.23-vs1.3.0/net/ipv4/tcp_ipv4.c Wed Dec 10 01:52:26 2003 @@ -2259,7 +2259,7 @@ int tcp_get_info(char *buffer, char **st int uid; struct tcp_opt *tp = &(sk->tp_pinfo.af_tcp); - if (!vx_check(sk->vx_id, VX_WATCH|VX_IDENT)) + if (!vx_check_id(sk->xid, VX_WATCH|VX_SAME)) continue; if (!TCP_INET_FAMILY(sk->family)) @@ -2316,7 +2316,7 @@ skip_listen: read_lock(&head->lock); for(sk = head->chain; sk; sk = sk->next, num++) { if (!TCP_INET_FAMILY(sk->family) || - !vx_check(sk->vx_id, VX_WATCH|VX_IDENT)) + !vx_check_id(sk->xid, VX_WATCH|VX_SAME)) continue; pos += TMPSZ; if (pos <= offset) @@ -2332,7 +2332,7 @@ skip_listen: tw != NULL; tw = (struct tcp_tw_bucket *)tw->next, num++) { if (!TCP_INET_FAMILY(tw->family) || - !vx_check(tw->vx_id, VX_WATCH|VX_IDENT)) + !vx_check_id(tw->xid, VX_WATCH|VX_SAME)) continue; pos += TMPSZ; if (pos <= offset) diff -NurpP --minimal linux-2.4.23-vs1.21/net/ipv4/tcp_minisocks.c linux-2.4.23-vs1.3.0/net/ipv4/tcp_minisocks.c --- linux-2.4.23-vs1.21/net/ipv4/tcp_minisocks.c Thu Dec 11 00:54:59 2003 +++ linux-2.4.23-vs1.3.0/net/ipv4/tcp_minisocks.c Wed Dec 10 01:52:26 2003 @@ -380,7 +380,7 @@ void tcp_time_wait(struct sock *sk, int tw->ts_recent_stamp= tp->ts_recent_stamp; tw->pprev_death = NULL; - tw->vx_id = sk->vx_id; + tw->xid = sk->xid; tw->ip_info = NULL; #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) diff -NurpP --minimal linux-2.4.23-vs1.21/net/ipv4/udp.c linux-2.4.23-vs1.3.0/net/ipv4/udp.c --- linux-2.4.23-vs1.21/net/ipv4/udp.c Thu Dec 11 00:54:59 2003 +++ linux-2.4.23-vs1.3.0/net/ipv4/udp.c Wed Dec 10 01:52:26 2003 @@ -1051,7 +1051,7 @@ int udp_get_info(char *buffer, char **st for (sk = udp_hash[i]; sk; sk = sk->next, num++) { if (sk->family != PF_INET || - !vx_check(sk->vx_id, VX_WATCH|VX_IDENT)) + !vx_check_id(sk->xid, VX_WATCH|VX_SAME)) continue; pos += 128; if (pos <= offset) diff -NurpP --minimal linux-2.4.23-vs1.21/net/ipv6/raw.c linux-2.4.23-vs1.3.0/net/ipv6/raw.c --- linux-2.4.23-vs1.21/net/ipv6/raw.c Thu Dec 11 00:54:59 2003 +++ linux-2.4.23-vs1.3.0/net/ipv6/raw.c Wed Dec 10 01:52:26 2003 @@ -881,7 +881,7 @@ int raw6_get_info(char *buffer, char **s for (sk = raw_v6_htable[i]; sk; sk = sk->next, num++) { if (sk->family != PF_INET6 || - !vx_check(sk->vx_id, VX_WATCH|VX_IDENT)) + !vx_check_id(sk->vx_id, VX_WATCH|VX_SAME)) continue; pos += LINE_LEN+1; if (pos <= offset) diff -NurpP --minimal linux-2.4.23-vs1.21/net/ipv6/tcp_ipv6.c linux-2.4.23-vs1.3.0/net/ipv6/tcp_ipv6.c --- linux-2.4.23-vs1.21/net/ipv6/tcp_ipv6.c Thu Dec 11 00:54:59 2003 +++ linux-2.4.23-vs1.3.0/net/ipv6/tcp_ipv6.c Wed Dec 10 01:52:26 2003 @@ -2030,7 +2030,7 @@ int tcp6_get_info(char *buffer, char **s struct tcp_opt *tp = &(sk->tp_pinfo.af_tcp); if (sk->family != PF_INET6 || - !vx_check(sk->vx_id, VX_WATCH|VX_IDENT)) + !vx_check_id(sk->xid, VX_WATCH|VX_SAME)) continue; pos += LINE_LEN+1; if (pos >= offset) { @@ -2081,7 +2081,7 @@ int tcp6_get_info(char *buffer, char **s read_lock(&head->lock); for(sk = head->chain; sk; sk = sk->next, num++) { if (sk->family != PF_INET6 || - !vx_check(sk->vx_id, VX_WATCH|VX_IDENT)) + !vx_check_id(sk->xid, VX_WATCH|VX_SAME)) continue; pos += LINE_LEN+1; if (pos <= offset) @@ -2097,7 +2097,7 @@ int tcp6_get_info(char *buffer, char **s tw != NULL; tw = (struct tcp_tw_bucket *)tw->next, num++) { if (tw->family != PF_INET6 || - !vx_check(tw->vx_id, VX_WATCH|VX_IDENT)) + !vx_check_id(tw->xid, VX_WATCH|VX_SAME)) continue; pos += LINE_LEN+1; if (pos <= offset) diff -NurpP --minimal linux-2.4.23-vs1.21/net/ipv6/udp.c linux-2.4.23-vs1.3.0/net/ipv6/udp.c --- linux-2.4.23-vs1.21/net/ipv6/udp.c Thu Dec 11 00:54:59 2003 +++ linux-2.4.23-vs1.3.0/net/ipv6/udp.c Wed Dec 10 01:52:26 2003 @@ -982,7 +982,7 @@ int udp6_get_info(char *buffer, char **s for (sk = udp_hash[i]; sk; sk = sk->next, num++) { if (sk->family != PF_INET6 || - !vx_check(sk->vx_id, VX_WATCH|VX_IDENT)) + !vx_check_id(sk->vx_id, VX_WATCH|VX_SAME)) continue; pos += LINE_LEN+1; if (pos <= offset) diff -NurpP --minimal linux-2.4.23-vs1.21/net/unix/af_unix.c linux-2.4.23-vs1.3.0/net/unix/af_unix.c --- linux-2.4.23-vs1.21/net/unix/af_unix.c Thu Dec 11 00:54:59 2003 +++ linux-2.4.23-vs1.3.0/net/unix/af_unix.c Wed Dec 10 01:52:26 2003 @@ -479,7 +479,7 @@ static struct sock * unix_create1(struct sk->write_space = unix_write_space; - sk->vx_id = current->vx_id; + sk->xid = vx_current_id(); sk->max_ack_backlog = sysctl_unix_max_dgram_qlen; sk->destruct = unix_sock_destructor; @@ -1758,7 +1758,7 @@ static int unix_read_proc(char *buffer, read_lock(&unix_table_lock); forall_unix_sockets (i,s) { - if (!vx_check(s->vx_id, VX_WATCH|VX_IDENT)) + if (!vx_check_id(s->xid, VX_WATCH|VX_SAME)) continue; unix_state_rlock(s);