--- linux-2.6.18.2/include/linux/net.h 2006-09-20 16:58:44 +0200 +++ linux-2.6.18.2-vs2.1.1/include/linux/net.h 2006-09-20 17:47:13 +0200 @@ -62,6 +62,7 @@ typedef enum { #define SOCK_NOSPACE 2 #define SOCK_PASSCRED 3 #define SOCK_PASSSEC 4 +#define SOCK_USER_SOCKET 5 #ifndef ARCH_HAS_SOCKET_TYPES /** --- linux-2.6.18.2/include/net/af_unix.h 2006-09-20 16:58:44 +0200 +++ linux-2.6.18.2-vs2.1.1/include/net/af_unix.h 2006-09-25 15:40:02 +0200 @@ -17,9 +17,9 @@ extern spinlock_t unix_table_lock; extern atomic_t unix_tot_inflight; -static inline struct sock *first_unix_socket(int *i) +static inline struct sock *next_unix_socket_table(int *i) { - for (*i = 0; *i <= UNIX_HASH_SIZE; (*i)++) { + for ((*i)++; *i <= UNIX_HASH_SIZE; (*i)++) { if (!hlist_empty(&unix_socket_table[*i])) return __sk_head(&unix_socket_table[*i]); } --- linux-2.6.18.2/include/net/af_unix.h 2006-09-20 16:58:44 +0200 +++ linux-2.6.18.2-vs2.1.1/include/net/af_unix.h 2006-09-25 15:40:02 +0200 @@ -28,16 +28,19 @@ static inline struct sock *first_unix_so static inline struct sock *next_unix_socket(int *i, struct sock *s) { - struct sock *next = sk_next(s); - /* More in this chain? */ - if (next) - return next; - /* Look for next non-empty chain. */ - for ((*i)++; *i <= UNIX_HASH_SIZE; (*i)++) { - if (!hlist_empty(&unix_socket_table[*i])) - return __sk_head(&unix_socket_table[*i]); - } - return NULL; + do { + if (s) + s = sk_next(s); + if (!s) + s = next_unix_socket_table(i); + } while (s && !vx_check(s->sk_xid, VX_WATCH_P|VX_IDENT)); + return s; +} + +static inline struct sock *first_unix_socket(int *i) +{ + *i = 0; + return next_unix_socket(i, NULL); } #define forall_unix_sockets(i, s) \ --- linux-2.6.18.2/include/net/sock.h 2006-09-20 16:58:44 +0200 +++ linux-2.6.18.2-vs2.1.1/include/net/sock.h 2006-09-20 17:01:45 +0200 @@ -118,6 +118,10 @@ struct sock_common { atomic_t skc_refcnt; unsigned int skc_hash; struct proto *skc_prot; + xid_t skc_xid; + struct vx_info *skc_vx_info; + nid_t skc_nid; + struct nx_info *skc_nx_info; }; /** --- linux-2.6.18.2/include/net/sock.h 2006-09-20 16:58:44 +0200 +++ linux-2.6.18.2-vs2.1.1/include/net/sock.h 2006-09-20 17:01:45 +0200 @@ -194,6 +198,10 @@ struct sock { #define sk_refcnt __sk_common.skc_refcnt #define sk_hash __sk_common.skc_hash #define sk_prot __sk_common.skc_prot +#define sk_xid __sk_common.skc_xid +#define sk_vx_info __sk_common.skc_vx_info +#define sk_nid __sk_common.skc_nid +#define sk_nx_info __sk_common.skc_nx_info unsigned char sk_shutdown : 2, sk_no_check : 2, sk_userlocks : 4; --- linux-2.6.18.2/net/core/sock.c 2006-09-20 16:58:50 +0200 +++ linux-2.6.18.2-vs2.1.1/net/core/sock.c 2006-09-20 17:01:45 +0200 @@ -859,6 +862,8 @@ struct sock *sk_alloc(int family, gfp_t sk->sk_prot = sk->sk_prot_creator = prot; sock_lock_init(sk); } + sock_vx_init(sk); + sock_nx_init(sk); if (security_sk_alloc(sk, family, priority)) goto out_free; --- linux-2.6.18.2/net/core/sock.c 2006-09-20 16:58:50 +0200 +++ linux-2.6.18.2-vs2.1.1/net/core/sock.c 2006-09-20 17:01:45 +0200 @@ -897,6 +902,11 @@ void sk_free(struct sock *sk) __FUNCTION__, atomic_read(&sk->sk_omem_alloc)); security_sk_free(sk); + vx_sock_dec(sk); + clr_vx_info(&sk->sk_vx_info); + sk->sk_xid = -1; + clr_nx_info(&sk->sk_nx_info); + sk->sk_nid = -1; if (sk->sk_prot_creator->slab != NULL) kmem_cache_free(sk->sk_prot_creator->slab, sk); else --- linux-2.6.18.2/net/core/sock.c 2006-09-20 16:58:50 +0200 +++ linux-2.6.18.2-vs2.1.1/net/core/sock.c 2006-09-20 17:01:45 +0200 @@ -914,6 +924,8 @@ struct sock *sk_clone(const struct sock memcpy(newsk, sk, sk->sk_prot->obj_size); /* SANITY */ + sock_vx_init(newsk); + sock_nx_init(newsk); sk_node_init(&newsk->sk_node); sock_lock_init(newsk); bh_lock_sock(newsk); --- linux-2.6.18.2/net/core/sock.c 2006-09-20 16:58:50 +0200 +++ linux-2.6.18.2-vs2.1.1/net/core/sock.c 2006-09-20 17:01:45 +0200 @@ -959,6 +971,12 @@ struct sock *sk_clone(const struct sock newsk->sk_priority = 0; atomic_set(&newsk->sk_refcnt, 2); + set_vx_info(&newsk->sk_vx_info, sk->sk_vx_info); + newsk->sk_xid = sk->sk_xid; + vx_sock_inc(newsk); + set_nx_info(&newsk->sk_nx_info, sk->sk_nx_info); + newsk->sk_nid = sk->sk_nid; + /* * Increment the counter in the same struct proto as the master * sock (sk_refcnt_debug_inc uses newsk->sk_prot->socks, that --- linux-2.6.18.2/net/core/sock.c 2006-09-20 16:58:50 +0200 +++ linux-2.6.18.2-vs2.1.1/net/core/sock.c 2006-09-20 17:01:45 +0200 @@ -1528,6 +1546,11 @@ void sock_init_data(struct socket *sock, sk->sk_stamp.tv_sec = -1L; sk->sk_stamp.tv_usec = -1L; + set_vx_info(&sk->sk_vx_info, current->vx_info); + sk->sk_xid = vx_current_xid(); + vx_sock_inc(sk); + set_nx_info(&sk->sk_nx_info, current->nx_info); + sk->sk_nid = nx_current_nid(); atomic_set(&sk->sk_refcnt, 1); } --- linux-2.6.18.2/net/ipv4/tcp_minisocks.c 2006-09-20 16:58:51 +0200 +++ linux-2.6.18.2-vs2.1.1/net/ipv4/tcp_minisocks.c 2006-09-20 17:01:45 +0200 @@ -294,6 +298,11 @@ void tcp_time_wait(struct sock *sk, int tcptw->tw_ts_recent = tp->rx_opt.ts_recent; tcptw->tw_ts_recent_stamp = tp->rx_opt.ts_recent_stamp; + tw->tw_xid = sk->sk_xid; + tw->tw_vx_info = NULL; + tw->tw_nid = sk->sk_nid; + tw->tw_nx_info = NULL; + #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) if (tw->tw_family == PF_INET6) { struct ipv6_pinfo *np = inet6_sk(sk); --- linux-2.6.18.2/net/socket.c 2006-09-20 16:58:54 +0200 +++ linux-2.6.18.2-vs2.1.1/net/socket.c 2006-09-20 17:01:45 +0200 @@ -582,7 +583,7 @@ static inline int __sock_sendmsg(struct struct msghdr *msg, size_t size) { struct sock_iocb *si = kiocb_to_siocb(iocb); - int err; + int err, len; si->sock = sock; si->scm = NULL; --- linux-2.6.18.2/net/socket.c 2006-09-20 16:58:54 +0200 +++ linux-2.6.18.2-vs2.1.1/net/socket.c 2006-09-20 17:01:45 +0200 @@ -593,7 +594,21 @@ static inline int __sock_sendmsg(struct if (err) return err; - return sock->ops->sendmsg(iocb, sock, msg, size); + len = sock->ops->sendmsg(iocb, sock, msg, size); + if (sock->sk) { + if (len == size) + vx_sock_send(sock->sk, size); + else + vx_sock_fail(sock->sk, size); + } + vxdprintk(VXD_CBIT(net, 7), + "__sock_sendmsg: %p[%p,%p,%p;%d]:%d/%d", + sock, sock->sk, + (sock->sk)?sock->sk->sk_nx_info:0, + (sock->sk)?sock->sk->sk_vx_info:0, + (sock->sk)?sock->sk->sk_xid:0, + (unsigned int)size, len); + return len; } int sock_sendmsg(struct socket *sock, struct msghdr *msg, size_t size) --- linux-2.6.18.2/net/socket.c 2006-09-20 16:58:54 +0200 +++ linux-2.6.18.2-vs2.1.1/net/socket.c 2006-09-20 17:01:45 +0200 @@ -631,7 +646,7 @@ int kernel_sendmsg(struct socket *sock, static inline int __sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t size, int flags) { - int err; + int err, len; struct sock_iocb *si = kiocb_to_siocb(iocb); si->sock = sock; --- linux-2.6.18.2/net/socket.c 2006-09-20 16:58:54 +0200 +++ linux-2.6.18.2-vs2.1.1/net/socket.c 2006-09-20 17:01:45 +0200 @@ -644,7 +659,17 @@ static inline int __sock_recvmsg(struct if (err) return err; - return sock->ops->recvmsg(iocb, sock, msg, size, flags); + len = sock->ops->recvmsg(iocb, sock, msg, size, flags); + if ((len >= 0) && sock->sk) + vx_sock_recv(sock->sk, len); + vxdprintk(VXD_CBIT(net, 7), + "__sock_recvmsg: %p[%p,%p,%p;%d]:%d/%d", + sock, sock->sk, + (sock->sk)?sock->sk->sk_nx_info:0, + (sock->sk)?sock->sk->sk_vx_info:0, + (sock->sk)?sock->sk->sk_xid:0, + (unsigned int)size, len); + return len; } int sock_recvmsg(struct socket *sock, struct msghdr *msg, --- linux-2.6.18.2/net/socket.c 2006-09-20 16:58:54 +0200 +++ linux-2.6.18.2-vs2.1.1/net/socket.c 2006-09-20 17:01:45 +0200 @@ -1134,6 +1159,10 @@ static int __sock_create(int family, int if (type < 0 || type >= SOCK_MAX) return -EINVAL; + /* disable IPv6 inside vservers for now */ + if (family == PF_INET6 && !vx_check(0, VX_ADMIN)) + return -EAFNOSUPPORT; + /* Compatibility. This uglymoron is moved from INET layer to here to avoid --- linux-2.6.18.2/net/socket.c 2006-09-20 16:58:54 +0200 +++ linux-2.6.18.2-vs2.1.1/net/socket.c 2006-09-20 17:01:45 +0200 @@ -1245,6 +1274,7 @@ asmlinkage long sys_socket(int family, i if (retval < 0) goto out; + set_bit(SOCK_USER_SOCKET, &sock->flags); retval = sock_map_fd(sock); if (retval < 0) goto out_release; --- linux-2.6.18.2/net/socket.c 2006-09-20 16:58:54 +0200 +++ linux-2.6.18.2-vs2.1.1/net/socket.c 2006-09-20 17:01:45 +0200 @@ -1275,6 +1305,7 @@ asmlinkage long sys_socketpair(int famil err = sock_create(family, type, protocol, &sock1); if (err < 0) goto out; + set_bit(SOCK_USER_SOCKET, &sock1->flags); err = sock_create(family, type, protocol, &sock2); if (err < 0) --- linux-2.6.18.2/net/socket.c 2006-09-20 16:58:54 +0200 +++ linux-2.6.18.2-vs2.1.1/net/socket.c 2006-09-20 17:01:45 +0200 @@ -1279,6 +1310,7 @@ ***** err = sock_create(family, type, protocol, &sock2); if (err < 0) goto out_release_1; + set_bit(SOCK_USER_SOCKET, &sock2->flags); err = sock1->ops->socketpair(sock1, sock2); if (err < 0) --- linux-2.6.18.2/net/unix/af_unix.c 2006-09-20 16:58:54 +0200 +++ linux-2.6.18.2-vs2.1.1/net/unix/af_unix.c 2006-09-25 15:40:02 +0200 @@ -252,6 +255,8 @@ static struct sock *__unix_find_socket_b sk_for_each(s, node, &unix_socket_table[hash ^ type]) { struct unix_sock *u = unix_sk(s); + if (!vx_check(s->sk_xid, VX_WATCH_P|VX_IDENT)) + continue; if (u->addr->len == len && !memcmp(u->addr->name, sunname, len)) goto found; --- linux-2.6.18.2/net/x25/af_x25.c 2006-09-20 16:58:54 +0200 +++ linux-2.6.18.2-vs2.1.1/net/x25/af_x25.c 2006-09-20 17:01:45 +0200 @@ -501,7 +501,10 @@ static int x25_create(struct socket *soc x25 = x25_sk(sk); - sock_init_data(sock, sk); + sk->sk_socket = sock; + sk->sk_type = sock->type; + sk->sk_sleep = &sock->wait; + sock->sk = sk; x25_init_timers(sk);