[kernel] r16855 - in dists/sid/linux-2.6/debian: . patches/features/all/openvz patches/series
Maximilian Attems
maks at alioth.debian.org
Thu Jan 27 14:55:24 UTC 2011
Author: maks
Date: Thu Jan 27 14:55:19 2011
New Revision: 16855
Log:
update to latest openvz patch
merged stable updates and fixed bugs in checkpointing, ipv6, ppp and
stability.
Deleted:
dists/sid/linux-2.6/debian/patches/features/all/openvz/ubc-Fix-orphan-count-checks-after-merge.patch
Modified:
dists/sid/linux-2.6/debian/changelog
dists/sid/linux-2.6/debian/patches/features/all/openvz/openvz.patch
dists/sid/linux-2.6/debian/patches/series/31-extra
Modified: dists/sid/linux-2.6/debian/changelog
==============================================================================
--- dists/sid/linux-2.6/debian/changelog Wed Jan 26 14:09:17 2011 (r16854)
+++ dists/sid/linux-2.6/debian/changelog Thu Jan 27 14:55:19 2011 (r16855)
@@ -17,6 +17,10 @@
* xfs: fix information leak using stale NFS handle (CVE-2010-2943)
* av7110: check for negative array offset (CVE-2011-0521)
+ [ maximilian attems]
+ * Update openvz patch to 07aaa2e9fb25 (ipv6, checkpointing, stability,
+ ipsec, ppp). (closes: #607041)
+
-- Ian Campbell <ijc at hellion.org.uk> Thu, 13 Jan 2011 07:07:54 +0000
linux-2.6 (2.6.32-30) unstable; urgency=high
Modified: dists/sid/linux-2.6/debian/patches/features/all/openvz/openvz.patch
==============================================================================
--- dists/sid/linux-2.6/debian/patches/features/all/openvz/openvz.patch Wed Jan 26 14:09:17 2011 (r16854)
+++ dists/sid/linux-2.6/debian/patches/features/all/openvz/openvz.patch Thu Jan 27 14:55:19 2011 (r16855)
@@ -1,3 +1,258 @@
+commit 07aaa2e9fb25f914810c7a15147fbe036f653d7e
+Author: Konstantin Khlebnikov <khlebnikov at openvz.org>
+Date: Thu Jan 27 15:11:28 2011 +0300
+
+ cpt: Fix for rst files with root creds
+
+ * stash original credentials in local variable
+ * override credentials to init_cread, because init_task->cred can be overriden too
+ * export init_cred
+
+ Signed-off-by: Konstantin Khlebnikov <khlebnikov at openvz.org>
+ Looks-good-to: Cyrill Gorcunov <gorcunov at openvz.org>
+ Signed-off-by: Pavel Emelyanov <xemul at openvz.org>
+
+commit 3826a8a2998817f602b880f9b41e2a8e307d1058
+Merge: 0eb5aa8 376faec
+Author: Pavel Emelyanov <xemul at openvz.org>
+Date: Thu Jan 27 14:26:09 2011 +0300
+
+ Merged linux-2.6.32.28
+
+ Conflicts:
+
+ Makefile
+ mm/mprotect.c
+ net/core/dev.c
+ net/netfilter/nf_conntrack_core.c
+
+ Signed-off-by: Pavel Emelyanov <xemul at openvz.org>
+
+commit 0eb5aa8ea2d24a3925d125b16f3898e1639c651f
+Author: Konstantin Khlebnikov <khlebnikov at parallels.com>
+Date: Tue Jan 25 20:22:12 2011 +0300
+
+ ve: register vc in ve0 sysfs
+
+ http://bugzilla.openvz.org/show_bug.cgi?id=1468
+
+ Signed-off-by: Konstantin Khlebnikov <khlebnikov at openvz.org>
+ Signed-off-by: Pavel Emelyanov <xemul at openvz.org>
+
+commit 8fd7d68c52473584ec04127e88e050c89edc64e3
+Author: Cyrill Gorcunov <gorcunov at openvz.org>
+Date: Tue Jan 25 20:19:04 2011 +0300
+
+ CR: Restore vDSO sysenter_return address on special conditions v3
+
+ vDSO sysenter_return address make sence on x86-32 platform or
+ x86-64 with compat layer turned on (pure x86-64 environment
+ uses syscall instead).
+
+ v2:
+ - Add tricks for hrtimer C/R code
+ - More vDSO32 conditional compilation on dump/restore
+
+ v3:
+ - Pavel has spotted some of prepoc madness here, plain
+ and simple CONFIG_X86_32 || CONFIG_COMPAT is enough
+
+ http://bugzilla.openvz.org/show_bug.cgi?id=1586
+
+ Signed-off-by: Cyrill Gorcunov <gorcunov at openvz.org>
+ Signed-off-by: Pavel Emelyanov <xemul at openvz.org>
+
+commit c5c8daa2dd3e3bbfccd653f60e099b39a26da118
+Author: Cyrill Gorcunov <gorcunov at gmail.com>
+Date: Tue Dec 21 19:04:39 2010 +0300
+
+ net, sched: Implement per-namespace functionality v4
+
+ Backport of commit 7316ae88c43d47f6503f4c29b4973204e33c3411
+
+ http://bugzilla.openvz.org/show_bug.cgi?id=1238
+
+ v2: Allow to manipulate tc classes inside net-namespaces
+ v3: Allow 'mirred' action in net-namespaces
+ v4: Be more carefull with netdev refs.
+
+ Signed-off-by: Cyrill Gorcunov <gorcunov at openvz.org>
+ Signed-off-by: Pavel Emelyanov <xemul at openvz.org>
+
+commit 56628f791cdee0846cdf250b7bbad70144f9b231
+Author: Cyrill Gorcunov <gorcunov at openvz.org>
+Date: Tue Jan 25 18:52:16 2011 +0300
+
+ net, ip6tables: LOG target for both IPv4/6 should use ve_printk
+
+ Signed-off-by: Steven Chamberlain <steven at pyro.eu.org>
+ Signed-off-by: Cyrill Gorcunov <gorcunov at openvz.org>
+ Signed-off-by: Pavel Emelyanov <xemul at openvz.org>
+
+commit 835db9404b7c1d5e9ef16d5dd17a1c8bd7431137
+Author: Cyrill Gorcunov <gorcunov at openvz.org>
+Date: Tue Jan 25 18:51:40 2011 +0300
+
+ net, ip6tables: Allow to modify IPv6 netfliter rules inside the VE
+
+ IPv6 netfilter stuff is per-net modtly so we should allow users to
+ set their own rules if needed, as result we need CAP_VE_NET_ADMIN
+ check as a complement to CAP_NET_ADMIN.
+
+ http://bugzilla.openvz.org/show_bug.cgi?id=1723
+
+ Signed-off-by: Steven Chamberlain <steven at pyro.eu.org>
+ Signed-off-by: Cyrill Gorcunov <gorcunov at openvz.org>
+ Signed-off-by: Pavel Emelyanov <xemul at openvz.org>
+
+commit eb1f3c62b3fc652945dd108dde30cde8be7a6867
+Author: Cyrill Gorcunov <gorcunov at openvz.org>
+Date: Fri Dec 10 18:38:51 2010 +0300
+
+ C/R: Restore variable name missed
+
+ In patch 66d247cf6dd51c6725cef2d01285398fe667ef6f
+ we've lost a part of variable name during the merge
+ which causes kernel to not build anymore. Fix it
+ by restoring the name we need.
+
+ Signed-off-by: Cyrill Gorcunov <gorcunov at openvz.org>
+ Signed-off-by: Pavel Emelyanov <xemul at openvz.org>
+
+commit 9cfc84d64b73f2bbf752b1df68aa190313407afb
+Author: Pavel Emelaynov <xemul at openvz.org>
+Date: Wed Dec 8 17:28:28 2010 +0300
+
+ proc: Compilation fix (lost headers)
+
+ http://bugzilla.openvz.org/show_bug.cgi?id=1688
+
+ Signed-off-by: Pavel Emelyanov <xemul at openvz.org>
+
+commit 8bf86e607e0089de11f645d6e87bc01718f25ea5
+Author: Pavel Emelaynov <xemul at openvz.org>
+Date: Wed Dec 8 17:18:38 2010 +0300
+
+ net: Enable ipsec in container
+
+ This is a minimal set of changes enabling the ipsec.
+ http://bugzilla.openvz.org/show_bug.cgi?id=1536
+
+ Signed-off-by: Pavel Emelyanov <xemul at openvz.org>
+
+commit 04e9b2f949ad9c2ded425caecc17341d5300f2b5
+Author: Cyrill Gorcunov <gorcunov at openvz.org>
+Date: Wed Dec 8 17:12:39 2010 +0300
+
+ net, iptables: Restore setting VE_IP_NAT bit in running modules mask
+
+ During migration to new iptables management code the setting of
+ VE_IP_NAT bit was lost. In the former code it set at module symbol
+ resolving time (which was cut off eventually). Restore this
+ functionality by setting this bit if VE is allowed to.
+
+ http://bugzilla.openvz.org/show_bug.cgi?id=1603
+
+ Signed-off-by: Cyrill Gorcunov <gorcunov at openvz.org>
+ Signed-off-by: Pavel Emelyanov <xemul at openvz.org>
+
+commit 66d247cf6dd51c6725cef2d01285398fe667ef6f
+Author: Cyrill Gorcunov <gorcunov at openvz.org>
+Date: Wed Dec 8 17:10:42 2010 +0300
+
+ cpt: Use init_task credentials for file restoring procedure
+
+ We need highest credentials for file restoring procedure otherwise
+ we might hit the situation where credentials for restoring thread
+ is not high enough (happens with programs changing their uids).
+
+ http://bugzilla.openvz.org/show_bug.cgi?id=1603
+
+ Signed-off-by: Cyrill Gorcunov <gorcunov at openvz.org>
+ Signed-off-by: Pavel Emelyanov <xemul at openvz.org>
+
+commit 6bb1ed0512b651893df1794a494e5eeb713e3d02
+Author: Cyrill Gorcunov <gorcunov at gmail.com>
+Date: Wed Dec 8 16:35:42 2010 +0300
+
+ net, ppp: Report correct error code if unit allocation failed v7
+
+ Allocating unit from ird might return various error codes
+ not EAGAIN one, so it should not be changed to anything else
+ but returned precisely.
+
+ v2: Do not free interface unit until it's freed, otherwise
+ sysfs will find that device is still present and allocation
+ of new interace will fail.
+ v3: Close a small race window in unit release procedure
+ v5: Be ready for PADO if PPP feature disabled.
+ v6: Correct freeing of PPP units in generic level.
+ v7: Put units if device is being unregistered.
+
+ bcc70bb3aeae7c3d035881d41055685f08a2b745
+ http://bugzilla.openvz.org/show_bug.cgi?id=1697
+
+ Signed-off-by: Cyrill Gorcunov <gorcunov at openvz.org>
+ Signed-off-by: Pavel Emelyanov <xemul at openvz.org>
+
+commit 6aa0026d95af8b9a83113a3907c328eaa492333a
+Author: Pavel Emelyanov <xemul at openvz.org>
+Date: Wed Dec 8 16:29:54 2010 +0300
+
+ netns: Don't leak others' openreq-s in proc
+
+ The /proc/net/tcp leaks openreq sockets from other namespaces.
+ http://bugzilla.openvz.org/show_bug.cgi?id=1705
+
+ Signed-off-by: Pavel Emelyanov <xemul at parallels.com>
+ Signed-off-by: Pavel Emelyanov <xemul at openvz.org>
+
+commit 09c67a4c47f8dfeac50c3122550e8d8163b2d2d3
+Author: Cyrill Gorcunov <gorcunov at openvz.org>
+Date: Wed Dec 8 16:28:42 2010 +0300
+
+ net: pppoe - Fix NULL dereference on PPPoED frames
+
+ In case if VE configured without VE_FEATURE_PPP
+ PPPoED frame causes NULL dereference. In real there is
+ a chance to receive a malformed packet (ie packets with
+ PPPoE type) which would cause null dereference as well.
+ Fix both cases.
+
+ Signed-off-by: Cyrill Gorcunov <gorcunov at openvz.org>
+ Signed-off-by: Pavel Emelyanov <xemul at openvz.org>
+
+commit 3e89668abca56e6e11e1bbb9cbac1008d3c2357b
+Author: Pavel Emelaynov <xemul at openvz.org>
+Date: Wed Dec 8 16:26:53 2010 +0300
+
+ ext4: Disable delalloc by default
+
+commit aaf7d79ecd409182c101fa22a977b11fa95122f1
+Author: Cyrill Gorcunov <gorcunov at gmail.com>
+Date: Sun Nov 7 21:01:45 2010 +0300
+
+ ppp: Restore virtualization v3
+
+ net, ppp: ppp_open should check for CAP_VE_NET_ADMIN
+ http://bugzilla.openvz.org/show_bug.cgi?id=1663
+
+ Signed-off-by: Cyrill Gorcunov <gorcunov at openvz.org>
+ Signed-off-by: Pavel Emelyanov <xemul at openvz.org>
+
+commit e5db932edffe86ddc4a8f9cdfc6e267ed887570c
+Author: Pavel Emelyanov <xemul at openvz.org>
+Date: Sat Nov 6 17:02:43 2010 +0300
+
+ ubc: Fix orphan count checks after merge
+
+ After merging -stable the orphans checking function started checking
+ the wrong counter.
+
+ http://bugzilla.openvz.org/show_bug.cgi?id=1693
+
+ Signed-off-by: Pavel Emelyanov <xemul at openvz.org>
+
commit f3d52fc5575aa3bbd8bc270b448307736ca2ce33
Author: Pavel Emelyanov <xemul at openvz.org>
Date: Mon Nov 1 14:36:24 2010 +0300
@@ -6277,10 +6532,6 @@
Neither compiles, nor works.
Signed-off-by: Pavel Emelyanov <xemul at openvz.org>
-
-[bwh: Adjust to changes to mm/mprotect.c and
- net/netfilter/nf_conntrack_core.c in 2.6.32.27]
-
diff --git a/COPYING.Parallels b/COPYING.Parallels
new file mode 100644
index 0000000..9856a2b
@@ -6638,7 +6889,7 @@
+library. If this is what you want to do, use the GNU Library General
+Public License instead of this License.
diff --git a/Makefile b/Makefile
-index 2b6c7bd..f0c5190 100644
+index 928ad57..3307085 100644
--- a/Makefile
+++ b/Makefile
@@ -2,6 +2,7 @@ VERSION = 2
@@ -6810,10 +7061,10 @@
static inline void pud_free(struct mm_struct *mm, pud_t *pud)
diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/processor.h
-index 13b1885..224e817 100644
+index 78bb4d7..5b74249 100644
--- a/arch/x86/include/asm/processor.h
+++ b/arch/x86/include/asm/processor.h
-@@ -974,8 +974,7 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk);
+@@ -951,8 +951,7 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk);
/* This decides where the kernel will search for a free chunk of vm
* space during mmap's.
*/
@@ -7330,10 +7581,10 @@
if (syscall_get_nr(current, regs) >= 0) {
/* Restart the system call - no handlers present */
diff --git a/arch/x86/kernel/smp.c b/arch/x86/kernel/smp.c
-index ec1de97..29df6fd 100644
+index 29f0a78..46cf43e 100644
--- a/arch/x86/kernel/smp.c
+++ b/arch/x86/kernel/smp.c
-@@ -221,6 +221,11 @@ void smp_call_function_single_interrupt(struct pt_regs *regs)
+@@ -224,6 +224,11 @@ void smp_call_function_single_interrupt(struct pt_regs *regs)
irq_exit();
}
@@ -7346,10 +7597,10 @@
.smp_prepare_boot_cpu = native_smp_prepare_boot_cpu,
.smp_prepare_cpus = native_smp_prepare_cpus,
diff --git a/arch/x86/kernel/smpboot.c b/arch/x86/kernel/smpboot.c
-index 29ec560..4daf07b 100644
+index 539bb6c..187e456 100644
--- a/arch/x86/kernel/smpboot.c
+++ b/arch/x86/kernel/smpboot.c
-@@ -752,6 +752,12 @@ do_rest:
+@@ -758,6 +758,12 @@ do_rest:
initial_code = (unsigned long)start_secondary;
stack_start.sp = (void *) c_idle.idle->thread.sp;
@@ -8249,7 +8500,7 @@
+#endif
+#endif /* _BLK_CGROUP_H */
diff --git a/block/blk-settings.c b/block/blk-settings.c
-index 9651c0a..06c6694 100644
+index 112c4f7..6c88923 100644
--- a/block/blk-settings.c
+++ b/block/blk-settings.c
@@ -9,6 +9,7 @@
@@ -12094,6 +12345,42 @@
+#endif
+EXPORT_SYMBOL(init_ve_tty_class);
+EXPORT_SYMBOL(fini_ve_tty_class);
+diff --git a/drivers/char/vc_screen.c b/drivers/char/vc_screen.c
+index c1791a6..99ebe54 100644
+--- a/drivers/char/vc_screen.c
++++ b/drivers/char/vc_screen.c
+@@ -35,6 +35,8 @@
+ #include <linux/console.h>
+ #include <linux/device.h>
+ #include <linux/smp_lock.h>
++#include <linux/ve_task.h>
++
+
+ #include <asm/uaccess.h>
+ #include <asm/byteorder.h>
+@@ -481,16 +483,22 @@ static struct class *vc_class;
+
+ void vcs_make_sysfs(int index)
+ {
++ struct ve_struct *ve = set_exec_env(get_ve0());
++
+ device_create(vc_class, NULL, MKDEV(VCS_MAJOR, index + 1), NULL,
+ "vcs%u", index + 1);
+ device_create(vc_class, NULL, MKDEV(VCS_MAJOR, index + 129), NULL,
+ "vcsa%u", index + 1);
++ set_exec_env(ve);
+ }
+
+ void vcs_remove_sysfs(int index)
+ {
++ struct ve_struct *ve = set_exec_env(get_ve0());
++
+ device_destroy(vc_class, MKDEV(VCS_MAJOR, index + 1));
+ device_destroy(vc_class, MKDEV(VCS_MAJOR, index + 129));
++ set_exec_env(ve);
+ }
+
+ int __init vcs_init(void)
diff --git a/drivers/net/Makefile b/drivers/net/Makefile
index 246323d..3e91ef9 100644
--- a/drivers/net/Makefile
@@ -12404,7 +12691,7 @@
+MODULE_DESCRIPTION("Virtuozzo Virtual Network Device");
+MODULE_LICENSE("GPL v2");
diff --git a/drivers/net/ppp_generic.c b/drivers/net/ppp_generic.c
-index 965adb6..f8545d0 100644
+index 965adb6..091f629 100644
--- a/drivers/net/ppp_generic.c
+++ b/drivers/net/ppp_generic.c
@@ -53,6 +53,9 @@
@@ -12417,9 +12704,12 @@
#define PPP_VERSION "2.4.2"
/*
-@@ -368,6 +371,8 @@ static int ppp_open(struct inode *inode, struct file *file)
+@@ -366,8 +369,10 @@ static int ppp_open(struct inode *inode, struct file *file)
+ /*
+ * This could (should?) be enforced by the permissions on /dev/ppp.
*/
- if (!capable(CAP_NET_ADMIN))
+- if (!capable(CAP_NET_ADMIN))
++ if (!capable(CAP_VE_NET_ADMIN))
return -EPERM;
+ if (!net_generic(get_exec_env()->ve_netns, ppp_net_id)) /* no VE_FEATURE_PPP */
+ return -EACCES;
@@ -12455,8 +12745,98 @@
dev->priv_flags &= ~IFF_XMIT_DST_RELEASE;
}
+@@ -2568,16 +2579,16 @@ ppp_create_interface(struct net *net, int unit, int *retp)
+ */
+ dev_net_set(dev, net);
+
+- ret = -EEXIST;
+ mutex_lock(&pn->all_ppp_mutex);
+
+ if (unit < 0) {
+ unit = unit_get(&pn->units_idr, ppp);
+ if (unit < 0) {
+- *retp = unit;
++ ret = unit;
+ goto out2;
+ }
+ } else {
++ ret = -EEXIST;
+ if (unit_find(&pn->units_idr, unit))
+ goto out2; /* unit already exists */
+ /*
+@@ -2652,10 +2663,10 @@ static void ppp_shutdown_interface(struct ppp *ppp)
+ ppp->closing = 1;
+ ppp_unlock(ppp);
+ unregister_netdev(ppp->dev);
++ unit_put(&pn->units_idr, ppp->file.index);
+ } else
+ ppp_unlock(ppp);
+
+- unit_put(&pn->units_idr, ppp->file.index);
+ ppp->file.dead = 1;
+ ppp->owner = NULL;
+ wake_up_interruptible(&ppp->file.rwait);
+@@ -2843,8 +2854,7 @@ static void __exit ppp_cleanup(void)
+ * by holding all_ppp_mutex
+ */
+
+-/* associate pointer with specified number */
+-static int unit_set(struct idr *p, void *ptr, int n)
++static int __unit_alloc(struct idr *p, void *ptr, int n)
+ {
+ int unit, err;
+
+@@ -2855,10 +2865,24 @@ again:
+ }
+
+ err = idr_get_new_above(p, ptr, n, &unit);
+- if (err == -EAGAIN)
+- goto again;
++ if (err < 0) {
++ if (err == -EAGAIN)
++ goto again;
++ return err;
++ }
+
+- if (unit != n) {
++ return unit;
++}
++
++/* associate pointer with specified number */
++static int unit_set(struct idr *p, void *ptr, int n)
++{
++ int unit;
++
++ unit = __unit_alloc(p, ptr, n);
++ if (unit < 0)
++ return unit;
++ else if (unit != n) {
+ idr_remove(p, unit);
+ return -EINVAL;
+ }
+@@ -2869,19 +2893,7 @@ again:
+ /* get new free unit number and associate pointer with it */
+ static int unit_get(struct idr *p, void *ptr)
+ {
+- int unit, err;
+-
+-again:
+- if (!idr_pre_get(p, GFP_KERNEL)) {
+- printk(KERN_ERR "PPP: No free memory for idr\n");
+- return -ENOMEM;
+- }
+-
+- err = idr_get_new_above(p, ptr, 0, &unit);
+- if (err == -EAGAIN)
+- goto again;
+-
+- return unit;
++ return __unit_alloc(p, ptr, 0);
+ }
+
+ /* put unit number back to a pool */
diff --git a/drivers/net/pppoe.c b/drivers/net/pppoe.c
-index 2559991..326958b 100644
+index 2559991..9bf064c 100644
--- a/drivers/net/pppoe.c
+++ b/drivers/net/pppoe.c
@@ -77,6 +77,7 @@
@@ -12467,7 +12847,26 @@
#include <linux/nsproxy.h>
#include <net/net_namespace.h>
-@@ -547,6 +548,9 @@ static int pppoe_create(struct net *net, struct socket *sock)
+@@ -452,6 +453,8 @@ static int pppoe_rcv(struct sk_buff *skb, struct net_device *dev,
+ goto drop;
+
+ pn = pppoe_pernet(dev_net(dev));
++ if (!pn) /* no VE_FEATURE_PPP */
++ goto drop;
+
+ /* Note that get_item does a sock_hold(), so sk_pppox(po)
+ * is known to be safe.
+@@ -494,6 +497,9 @@ static int pppoe_disc_rcv(struct sk_buff *skb, struct net_device *dev,
+ goto abort;
+
+ pn = pppoe_pernet(dev_net(dev));
++ if (!pn) /* no VE_FEATURE_PPP */
++ goto abort;
++
+ po = get_item(pn, ph->sid, eth_hdr(skb)->h_source, dev->ifindex);
+ if (po) {
+ struct sock *sk = sk_pppox(po);
+@@ -547,6 +553,9 @@ static int pppoe_create(struct net *net, struct socket *sock)
{
struct sock *sk;
@@ -12477,7 +12876,7 @@
sk = sk_alloc(net, PF_PPPOX, GFP_KERNEL, &pppoe_sk_proto);
if (!sk)
return -ENOMEM;
-@@ -1144,6 +1148,9 @@ static __net_init int pppoe_init_net(struct net *net)
+@@ -1144,6 +1153,9 @@ static __net_init int pppoe_init_net(struct net *net)
struct proc_dir_entry *pde;
int err;
@@ -12487,7 +12886,7 @@
pn = kzalloc(sizeof(*pn), GFP_KERNEL);
if (!pn)
return -ENOMEM;
-@@ -1173,8 +1180,11 @@ static __net_exit void pppoe_exit_net(struct net *net)
+@@ -1173,8 +1185,11 @@ static __net_exit void pppoe_exit_net(struct net *net)
{
struct pppoe_net *pn;
@@ -16354,7 +16753,7 @@
/*
* The following function implements the controller interface for
diff --git a/fs/exec.c b/fs/exec.c
-index a0410eb..d2272be 100644
+index 68083fa..32291d1 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -26,6 +26,7 @@
@@ -16399,7 +16798,7 @@
down_write(&mm->mmap_sem);
vma->vm_mm = mm;
-@@ -259,6 +269,9 @@ err:
+@@ -264,6 +274,9 @@ err:
up_write(&mm->mmap_sem);
bprm->vma = NULL;
kmem_cache_free(vm_area_cachep, vma);
@@ -16409,7 +16808,7 @@
return err;
}
-@@ -725,10 +738,11 @@ int kernel_read(struct file *file, loff_t offset,
+@@ -730,10 +743,11 @@ int kernel_read(struct file *file, loff_t offset,
EXPORT_SYMBOL(kernel_read);
@@ -16423,7 +16822,7 @@
/* Notify parent that we're no longer interested in the old VM */
tsk = current;
-@@ -748,6 +762,10 @@ static int exec_mmap(struct mm_struct *mm)
+@@ -753,6 +767,10 @@ static int exec_mmap(struct mm_struct *mm)
return -EINTR;
}
}
@@ -16434,7 +16833,7 @@
task_lock(tsk);
active_mm = tsk->active_mm;
tsk->mm = mm;
-@@ -755,15 +773,25 @@ static int exec_mmap(struct mm_struct *mm)
+@@ -760,15 +778,25 @@ static int exec_mmap(struct mm_struct *mm)
activate_mm(active_mm, mm);
task_unlock(tsk);
arch_pick_mmap_layout(mm);
@@ -16462,7 +16861,7 @@
}
/*
-@@ -858,6 +886,10 @@ static int de_thread(struct task_struct *tsk)
+@@ -863,6 +891,10 @@ static int de_thread(struct task_struct *tsk)
transfer_pid(leader, tsk, PIDTYPE_PGID);
transfer_pid(leader, tsk, PIDTYPE_SID);
list_replace_rcu(&leader->tasks, &tsk->tasks);
@@ -16473,7 +16872,7 @@
tsk->group_leader = tsk;
leader->group_leader = tsk;
-@@ -998,12 +1030,10 @@ int flush_old_exec(struct linux_binprm *
+@@ -981,12 +1013,10 @@ int flush_old_exec(struct linux_binprm * bprm)
/*
* Release all of the old mmap stuff
*/
@@ -16487,7 +16886,7 @@
current->flags &= ~PF_RANDOMIZE;
flush_thread();
current->personality &= ~bprm->per_clear;
-@@ -1329,6 +1359,10 @@ int do_execve(char * filename,
+@@ -1334,6 +1364,10 @@ int do_execve(char * filename,
bool clear_in_exec;
int retval;
@@ -16498,7 +16897,7 @@
retval = unshare_files(&displaced);
if (retval)
goto out_ret;
-@@ -1580,7 +1614,7 @@ static int zap_process(struct task_struct *start)
+@@ -1585,7 +1619,7 @@ static int zap_process(struct task_struct *start)
signal_wake_up(t, 1);
nr++;
}
@@ -16507,7 +16906,7 @@
return nr;
}
-@@ -1635,7 +1669,7 @@ static inline int zap_threads(struct task_struct *tsk, struct mm_struct *mm,
+@@ -1640,7 +1674,7 @@ static inline int zap_threads(struct task_struct *tsk, struct mm_struct *mm,
* next_thread().
*/
rcu_read_lock();
@@ -16516,7 +16915,7 @@
if (g == tsk->group_leader)
continue;
if (g->flags & PF_KTHREAD)
-@@ -1650,7 +1684,7 @@ static inline int zap_threads(struct task_struct *tsk, struct mm_struct *mm,
+@@ -1655,7 +1689,7 @@ static inline int zap_threads(struct task_struct *tsk, struct mm_struct *mm,
}
break;
}
@@ -16525,7 +16924,7 @@
}
rcu_read_unlock();
done:
-@@ -1818,7 +1852,7 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs)
+@@ -1823,7 +1857,7 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs)
/*
* If another thread got here first, or we are not dumpable, bail out.
*/
@@ -16651,6 +17050,24 @@
goto flags_out;
}
if (oldflags & EXT4_EXTENTS_FL) {
+diff --git a/fs/ext4/super.c b/fs/ext4/super.c
+index f27e045..92aa773 100644
+--- a/fs/ext4/super.c
++++ b/fs/ext4/super.c
+@@ -2462,10 +2462,10 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent)
+ set_opt(sbi->s_mount_opt, BARRIER);
+
+ /*
+- * enable delayed allocation by default
+- * Use -o nodelalloc to turn it off
++ * Don't enable delayed allocation by default
++ * Use -o delalloc to turn it on
+ */
+- set_opt(sbi->s_mount_opt, DELALLOC);
++ /* set_opt(sbi->s_mount_opt, DELALLOC); */
+
+ if (!parse_options((char *) data, sb, &journal_devnum,
+ &journal_ioprio, NULL, 0))
diff --git a/fs/fcntl.c b/fs/fcntl.c
index 97e01dc..e24ca00 100644
--- a/fs/fcntl.c
@@ -19398,7 +19815,7 @@
device_del(disk_to_dev(disk));
}
diff --git a/fs/pipe.c b/fs/pipe.c
-index ae17d02..1cb5f83 100644
+index d0cc080..352523e 100644
--- a/fs/pipe.c
+++ b/fs/pipe.c
@@ -22,6 +22,8 @@
@@ -20142,10 +20559,19 @@
/*
diff --git a/fs/proc/inode.c b/fs/proc/inode.c
-index d78ade3..3693efa 100644
+index d78ade3..20fcc37 100644
--- a/fs/proc/inode.c
+++ b/fs/proc/inode.c
-@@ -442,7 +442,7 @@ static const struct file_operations proc_reg_file_ops_no_compat = {
+@@ -18,6 +18,8 @@
+ #include <linux/module.h>
+ #include <linux/smp_lock.h>
+ #include <linux/sysctl.h>
++#include <linux/sched.h>
++#include <linux/ve.h>
+
+ #include <asm/system.h>
+ #include <asm/uaccess.h>
+@@ -442,7 +444,7 @@ static const struct file_operations proc_reg_file_ops_no_compat = {
#endif
struct inode *proc_get_inode(struct super_block *sb, unsigned int ino,
@@ -20154,7 +20580,7 @@
{
struct inode * inode;
-@@ -453,6 +453,9 @@ struct inode *proc_get_inode(struct super_block *sb, unsigned int ino,
+@@ -453,6 +455,9 @@ struct inode *proc_get_inode(struct super_block *sb, unsigned int ino,
inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME;
PROC_I(inode)->fd = 0;
PROC_I(inode)->pde = de;
@@ -20164,7 +20590,7 @@
if (de->mode) {
inode->i_mode = de->mode;
-@@ -494,9 +497,11 @@ int proc_fill_super(struct super_block *s)
+@@ -494,9 +499,11 @@ int proc_fill_super(struct super_block *s)
s->s_magic = PROC_SUPER_MAGIC;
s->s_op = &proc_sops;
s->s_time_gran = 1;
@@ -29915,10 +30341,10 @@
+#endif
diff --git a/include/bc/sock_orphan.h b/include/bc/sock_orphan.h
new file mode 100644
-index 0000000..c5b2412
+index 0000000..8f829c3
--- /dev/null
+++ b/include/bc/sock_orphan.h
-@@ -0,0 +1,102 @@
+@@ -0,0 +1,98 @@
+/*
+ * include/bc/sock_orphan.h
+ *
@@ -29940,9 +30366,13 @@
+
+static inline struct percpu_counter *__ub_get_orphan_count_ptr(struct sock *sk)
+{
-+ if (sock_has_ubc(sk))
-+ return &sock_bc(sk)->ub->ub_orphan_count;
-+ return sk->sk_prot->orphan_count;
++ if (sock_has_ubc(sk)) {
++ struct user_beancounter *ub;
++
++ ub = top_beancounter(sock_bc(sk)->ub);
++ return &ub->ub_orphan_count;
++ } else
++ return sk->sk_prot->orphan_count;
+}
+
+static inline void ub_inc_orphan_count(struct sock *sk)
@@ -29960,15 +30390,7 @@
+ return percpu_counter_sum_positive(__ub_get_orphan_count_ptr(sk));
+}
+
-+extern int __ub_too_many_orphans(struct sock *sk, int count);
-+static inline int ub_too_many_orphans(struct sock *sk, int shift)
-+{
-+#ifdef CONFIG_BEANCOUNTERS
-+ if (__ub_too_many_orphans(sk, shift))
-+ return 1;
-+#endif
-+ return tcp_too_many_orphans(sk, shift);
-+}
++extern int ub_too_many_orphans(struct sock *sk, int count);
+
+#include <bc/kmem.h>
+
@@ -35485,7 +35907,7 @@
if (!s)
return ZERO_SIZE_PTR;
diff --git a/include/linux/socket.h b/include/linux/socket.h
-index 9464cfb..b62937a 100644
+index 3273a0c..87cf3d1 100644
--- a/include/linux/socket.h
+++ b/include/linux/socket.h
@@ -296,6 +296,16 @@ struct ucred {
@@ -38601,7 +39023,7 @@
{
if (unlikely(skb->sk)) {
diff --git a/include/net/tcp.h b/include/net/tcp.h
-index 6cfe18b..6fa5f0d 100644
+index 6cfe18b..ac5f07d 100644
--- a/include/net/tcp.h
+++ b/include/net/tcp.h
@@ -44,6 +44,13 @@
@@ -38639,6 +39061,18 @@
extern atomic_t tcp_memory_allocated;
extern struct percpu_counter tcp_sockets_allocated;
+@@ -259,9 +272,9 @@ static inline int between(__u32 seq1, __u32 seq2, __u32 seq3)
+ return seq3 - seq2 >= seq1 - seq2;
+ }
+
+-static inline bool tcp_too_many_orphans(struct sock *sk, int shift)
++static inline bool tcp_too_many_orphans(struct sock *sk,
++ struct percpu_counter *ocp, int shift)
+ {
+- struct percpu_counter *ocp = sk->sk_prot->orphan_count;
+ int orphans = percpu_counter_read_positive(ocp);
+
+ if (orphans << shift > sysctl_tcp_max_orphans) {
@@ -616,7 +629,11 @@ extern u32 __tcp_select_window(struct sock *sk);
* to use only the low 32-bits of jiffies and hide the ugly
* casts with the following macro.
@@ -39200,7 +39634,7 @@
void free_msg(struct msg_msg *msg)
{
diff --git a/ipc/sem.c b/ipc/sem.c
-index 2f2a479..5cd8dc7 100644
+index b781007..b2086e0 100644
--- a/ipc/sem.c
+++ b/ipc/sem.c
@@ -87,6 +87,8 @@
@@ -39237,7 +39671,7 @@
return ipcget(ns, &sem_ids(ns), &sem_ops, &sem_params);
}
-@@ -949,7 +953,7 @@ static inline int get_undo_list(struct sem_undo_list **undo_listp)
+@@ -951,7 +955,7 @@ static inline int get_undo_list(struct sem_undo_list **undo_listp)
undo_list = current->sysvsem.undo_list;
if (!undo_list) {
@@ -39246,7 +39680,7 @@
if (undo_list == NULL)
return -ENOMEM;
spin_lock_init(&undo_list->lock);
-@@ -1014,7 +1018,8 @@ static struct sem_undo *find_alloc_undo(struct ipc_namespace *ns, int semid)
+@@ -1016,7 +1020,8 @@ static struct sem_undo *find_alloc_undo(struct ipc_namespace *ns, int semid)
sem_getref_and_unlock(sma);
/* step 2: allocate new undo structure */
@@ -39256,7 +39690,7 @@
if (!new) {
sem_putref(sma);
return ERR_PTR(-ENOMEM);
-@@ -1076,7 +1081,7 @@ SYSCALL_DEFINE4(semtimedop, int, semid, struct sembuf __user *, tsops,
+@@ -1078,7 +1083,7 @@ SYSCALL_DEFINE4(semtimedop, int, semid, struct sembuf __user *, tsops,
if (nsops > ns->sc_semopm)
return -E2BIG;
if(nsops > SEMOPM_FAST) {
@@ -39265,7 +39699,7 @@
if(sops==NULL)
return -ENOMEM;
}
-@@ -1379,3 +1384,57 @@ static int sysvipc_sem_proc_show(struct seq_file *s, void *it)
+@@ -1381,3 +1386,57 @@ static int sysvipc_sem_proc_show(struct seq_file *s, void *it)
sma->sem_ctime);
}
#endif
@@ -39324,7 +39758,7 @@
+EXPORT_SYMBOL_GPL(exit_sem);
+#endif
diff --git a/ipc/shm.c b/ipc/shm.c
-index e9b039f..8a7214e 100644
+index d30732c..5300fb8 100644
--- a/ipc/shm.c
+++ b/ipc/shm.c
@@ -40,27 +40,17 @@
@@ -39437,7 +39871,7 @@
return ipcget(ns, &shm_ids(ns), &shm_ops, &shm_params);
}
-@@ -1099,3 +1078,67 @@ static int sysvipc_shm_proc_show(struct seq_file *s, void *it)
+@@ -1100,3 +1079,67 @@ static int sysvipc_shm_proc_show(struct seq_file *s, void *it)
shp->shm_ctim);
}
#endif
@@ -42465,10 +42899,10 @@
+}
diff --git a/kernel/bc/net.c b/kernel/bc/net.c
new file mode 100644
-index 0000000..2866ebb
+index 0000000..427fc42
--- /dev/null
+++ b/kernel/bc/net.c
-@@ -0,0 +1,1165 @@
+@@ -0,0 +1,1167 @@
+/*
+ * linux/kernel/bc/net.c
+ *
@@ -42573,17 +43007,18 @@
+static int ub_sock_makewreserv_locked(struct sock *sk,
+ int bufid, unsigned long size);
+
-+int __ub_too_many_orphans(struct sock *sk, int shift)
++int ub_too_many_orphans(struct sock *sk, int shift)
+{
-+ struct user_beancounter *ub;
+ struct percpu_counter *cnt;
+
++ cnt = sk->sk_prot->orphan_count;
+ if (sock_has_ubc(sk)) {
-+ int orphans, limit;
++ struct user_beancounter *ub;
++ unsigned int orphans, limit;
+
+ ub = top_beancounter(sock_bc(sk)->ub);
-+ limit = ((int)ub->ub_parms[UB_NUMTCPSOCK].barrier) >> 2;
-+ cnt = __ub_get_orphan_count_ptr(sk);
++ limit = ub->ub_parms[UB_NUMTCPSOCK].barrier >> 2;
++ cnt = &ub->ub_orphan_count;
+
+ orphans = percpu_counter_read_positive(cnt);
+ if ((orphans << shift) >= limit)
@@ -42593,7 +43028,8 @@
+ if ((orphans << shift) >= limit)
+ return 1;
+ }
-+ return 0;
++
++ return tcp_too_many_orphans(sk, cnt, shift);
+}
+
+/*
@@ -47558,7 +47994,7 @@
+}
diff --git a/kernel/cpt/cpt_dump.c b/kernel/cpt/cpt_dump.c
new file mode 100644
-index 0000000..08ae5e6
+index 0000000..9a52c1a
--- /dev/null
+++ b/kernel/cpt/cpt_dump.c
@@ -0,0 +1,1271 @@
@@ -48407,7 +48843,7 @@
+ return 0;
+}
+
-+#ifndef CONFIG_IA64
++#if defined(CONFIG_X86_32) || defined(CONFIG_COMPAT)
+static int cpt_dump_vsyscall(cpt_context_t *ctx)
+{
+ struct cpt_page_block *pgb = cpt_get_buf(ctx);
@@ -48511,7 +48947,7 @@
+ if (!err)
+ err = cpt_dump_utsname(ctx);
+
-+#ifndef CONFIG_IA64
++#if defined(CONFIG_X86_32) || defined(CONFIG_COMPAT)
+ if (!err)
+ err = cpt_dump_vsyscall(ctx);
+#endif
@@ -52294,7 +52730,7 @@
+}
diff --git a/kernel/cpt/cpt_mm.h b/kernel/cpt/cpt_mm.h
new file mode 100644
-index 0000000..dc2c483
+index 0000000..10e4a9c
--- /dev/null
+++ b/kernel/cpt/cpt_mm.h
@@ -0,0 +1,35 @@
@@ -52327,7 +52763,7 @@
+ unsigned long map_address);
+#endif
+
-+#ifdef CONFIG_X86
++#if defined(CONFIG_X86_32) || defined(CONFIG_COMPAT)
+extern struct page *vdso32_pages[1];
+#define vsyscall_addr page_address(vdso32_pages[0])
+#endif
@@ -58410,10 +58846,10 @@
+}
diff --git a/kernel/cpt/rst_files.c b/kernel/cpt/rst_files.c
new file mode 100644
-index 0000000..a84e3d3
+index 0000000..2981b1c
--- /dev/null
+++ b/kernel/cpt/rst_files.c
-@@ -0,0 +1,1779 @@
+@@ -0,0 +1,1799 @@
+/*
+ *
+ * kernel/cpt/rst_files.c
@@ -58454,6 +58890,7 @@
+#include <linux/shm.h>
+#include <linux/signalfd.h>
+#include <linux/proc_fs.h>
++#include <linux/init_task.h>
+
+#include "cpt_obj.h"
+#include "cpt_context.h"
@@ -59032,12 +59469,11 @@
+ return err;
+}
+
-+static int fixup_file_flags(struct file *file, struct cpt_file_image *fi,
++static int fixup_file_flags(struct file *file, const struct cred *cred,
++ struct cpt_file_image *fi,
+ int was_dentry_open, loff_t pos,
+ cpt_context_t *ctx)
+{
-+ const struct cred *cred = current_cred() /* should be valid already */;
-+
+ if (fi->cpt_pos != file->f_pos) {
+ int err = -ESPIPE;
+ if (file->f_op->llseek)
@@ -59251,6 +59687,23 @@
+ struct file *file;
+ struct proc_dir_entry *proc_dead_file;
+ int flags;
++ const struct cred *cred_origin;
++
++ /*
++ * It may happen that a process which created a file
++ * had changed its UID after that (keeping file opened/referenced
++ * with write permissions for 'own' only) as a result we might
++ * be unable to read it at restore time due to credentials
++ * mismatch, to break this tie we temporary take init_cred credentials
++ * and as only the file gets read into the memory we restore original
++ * credentials back
++ *
++ * Same time if between credentials rise/restore you need
++ * the former credentials (for fixups or whatever) --
++ * use cred_origin for that
++ */
++
++ cred_origin = override_creds(&init_cred);
+
+ obj = lookup_cpt_obj_bypos(CPT_OBJ_FILE, pos, ctx);
+ if (obj) {
@@ -59260,9 +59713,10 @@
+ err = rst_get_object(CPT_OBJ_FILE, pos, &fi, ctx);
+ if (err < 0)
+ goto err_out;
-+ fixup_file_flags(file, &fi, 0, pos, ctx);
++ fixup_file_flags(file, cred_origin, &fi, 0, pos, ctx);
+ }
+ get_file(file);
++ revert_creds(cred_origin);
+ return file;
+ }
+
@@ -59422,7 +59876,7 @@
+ }
+map_file:
+ if (!IS_ERR(file)) {
-+ fixup_file_flags(file, &fi, was_dentry_open, pos, ctx);
++ fixup_file_flags(file, cred_origin, &fi, was_dentry_open, pos, ctx);
+
+ if (S_ISFIFO(fi.cpt_i_mode) && !was_dentry_open) {
+ err = fixup_pipe_data(file, &fi, ctx);
@@ -59475,6 +59929,7 @@
+out:
+ if (name)
+ rst_put_name(name, ctx);
++ revert_creds(cred_origin);
+ return file;
+
+err_put:
@@ -59483,6 +59938,7 @@
+err_out:
+ if (name)
+ rst_put_name(name, ctx);
++ revert_creds(cred_origin);
+ return ERR_PTR(err);
+}
+
@@ -60389,10 +60845,10 @@
+}
diff --git a/kernel/cpt/rst_mm.c b/kernel/cpt/rst_mm.c
new file mode 100644
-index 0000000..78627cc
+index 0000000..2250903
--- /dev/null
+++ b/kernel/cpt/rst_mm.c
-@@ -0,0 +1,1150 @@
+@@ -0,0 +1,1152 @@
+/*
+ *
+ * kernel/cpt/rst_mm.c
@@ -61377,8 +61833,10 @@
+#ifndef CONFIG_IA64
+ if (ctx->image_version >= CPT_VERSION_9) {
+ mm->context.vdso = cpt_ptr_import(vmi->cpt_vdso);
++#if defined(CONFIG_X86_32) || defined(CONFIG_COMPAT)
+ current_thread_info()->sysenter_return =
+ VDSO32_SYMBOL(mm->context.vdso, SYSENTER_RETURN);
++#endif
+ }
+#endif
+
@@ -67321,7 +67779,7 @@
+}
diff --git a/kernel/cpt/rst_undump.c b/kernel/cpt/rst_undump.c
new file mode 100644
-index 0000000..c3d0074
+index 0000000..84257e2
--- /dev/null
+++ b/kernel/cpt/rst_undump.c
@@ -0,0 +1,1074 @@
@@ -68124,7 +68582,7 @@
+ return err;
+}
+
-+#ifndef CONFIG_IA64
++#if defined(CONFIG_X86_32) || defined(CONFIG_COMPAT)
+int rst_read_vdso(struct cpt_context *ctx)
+{
+ int err;
@@ -68198,7 +68656,7 @@
+#ifdef CONFIG_VZ_CHECKPOINT_LAZY
+ err = rst_setup_pagein(ctx);
+#endif
-+#ifndef CONFIG_IA64
++#if defined(CONFIG_X86_32) || defined(CONFIG_COMPAT)
+ if (err == 0)
+ err = rst_read_vdso(ctx);
+#endif
@@ -68412,8 +68870,20 @@
if (task_cpu(p) == cpu && p->state == TASK_RUNNING &&
(!cputime_eq(p->utime, cputime_zero) ||
!cputime_eq(p->stime, cputime_zero)))
+diff --git a/kernel/cred.c b/kernel/cred.c
+index 099f5e6..cc20c96 100644
+--- a/kernel/cred.c
++++ b/kernel/cred.c
+@@ -63,6 +63,7 @@ struct cred init_cred = {
+ .tgcred = &init_tgcred,
+ #endif
+ };
++EXPORT_SYMBOL_GPL(init_cred);
+
+ static inline void set_cred_subscribers(struct cred *cred, int n)
+ {
diff --git a/kernel/exit.c b/kernel/exit.c
-index 45102e9..36fa8da 100644
+index d890628..32791f3 100644
--- a/kernel/exit.c
+++ b/kernel/exit.c
@@ -22,6 +22,9 @@
@@ -68454,7 +68924,7 @@
__get_cpu_var(process_counts)--;
}
list_del_rcu(&p->thread_group);
-@@ -177,6 +186,8 @@ repeat:
+@@ -185,6 +194,8 @@ repeat:
write_lock_irq(&tasklist_lock);
tracehook_finish_release_task(p);
__exit_signal(p);
@@ -68463,7 +68933,7 @@
/*
* If we are the last non-leader member of the thread
-@@ -205,9 +216,12 @@ repeat:
+@@ -213,9 +224,12 @@ repeat:
if (zap_leader)
leader->exit_state = EXIT_DEAD;
}
@@ -68476,7 +68946,7 @@
call_rcu(&p->rcu, delayed_put_task_struct);
p = leader;
-@@ -422,6 +436,8 @@ void daemonize(const char *name, ...)
+@@ -430,6 +444,8 @@ void daemonize(const char *name, ...)
va_list args;
sigset_t blocked;
@@ -68485,7 +68955,7 @@
va_start(args, name);
vsnprintf(current->comm, sizeof(current->comm), name, args);
va_end(args);
-@@ -526,6 +542,7 @@ void put_files_struct(struct files_struct *files)
+@@ -534,6 +550,7 @@ void put_files_struct(struct files_struct *files)
free_fdtable(fdt);
}
}
@@ -68493,7 +68963,7 @@
void reset_files_struct(struct files_struct *files)
{
-@@ -598,10 +615,10 @@ retry:
+@@ -606,10 +623,10 @@ retry:
* Search through everything else. We should not get
* here often
*/
@@ -68506,7 +68976,7 @@
read_unlock(&tasklist_lock);
/*
-@@ -640,7 +657,7 @@ assign_new_owner:
+@@ -648,7 +665,7 @@ assign_new_owner:
* Turn us into a lazy TLB process if we
* aren't already..
*/
@@ -68515,7 +68985,7 @@
{
struct mm_struct *mm = tsk->mm;
struct core_state *core_state;
-@@ -648,6 +665,10 @@ static void exit_mm(struct task_struct * tsk)
+@@ -656,6 +673,10 @@ static void exit_mm(struct task_struct * tsk)
mm_release(tsk, mm);
if (!mm)
return;
@@ -68526,7 +68996,7 @@
/*
* Serialize with any possible pending coredump.
* We must hold mmap_sem around checking core_state
-@@ -692,6 +713,7 @@ static void exit_mm(struct task_struct * tsk)
+@@ -700,6 +721,7 @@ static void exit_mm(struct task_struct * tsk)
mm_update_next_owner(mm);
mmput(mm);
}
@@ -68534,7 +69004,7 @@
/*
* When we die, we re-parent all our children.
-@@ -706,7 +728,7 @@ static struct task_struct *find_new_reaper(struct task_struct *father)
+@@ -714,7 +736,7 @@ static struct task_struct *find_new_reaper(struct task_struct *father)
struct task_struct *thread;
thread = father;
@@ -68543,7 +69013,7 @@
if (thread->flags & PF_EXITING)
continue;
if (unlikely(pid_ns->child_reaper == father))
-@@ -839,11 +861,16 @@ static void exit_notify(struct task_struct *tsk, int group_dead)
+@@ -847,11 +869,16 @@ static void exit_notify(struct task_struct *tsk, int group_dead)
tsk->self_exec_id != tsk->parent_exec_id))
tsk->exit_signal = SIGCHLD;
@@ -68560,15 +69030,15 @@
/* mt-exec, de_thread() is waiting for us */
if (thread_group_leader(tsk) &&
-@@ -900,6 +927,7 @@ NORET_TYPE void do_exit(long code)
- panic("Attempted to kill the idle task!");
+@@ -917,6 +944,7 @@ NORET_TYPE void do_exit(long code)
+ set_fs(USER_DS);
tracehook_report_exit(&code);
+ (void)virtinfo_gencall(VIRTINFO_DOEXIT, NULL);
validate_creds_for_do_exit(tsk);
-@@ -983,7 +1011,15 @@ NORET_TYPE void do_exit(long code)
+@@ -1000,7 +1028,15 @@ NORET_TYPE void do_exit(long code)
*/
perf_event_exit_task(tsk);
@@ -68585,7 +69055,7 @@
#ifdef CONFIG_NUMA
mpol_put(tsk->mempolicy);
tsk->mempolicy = NULL;
-@@ -1629,7 +1665,7 @@ repeat:
+@@ -1646,7 +1682,7 @@ repeat:
if (wo->wo_flags & __WNOTHREAD)
break;
@@ -68594,7 +69064,7 @@
read_unlock(&tasklist_lock);
notask:
-@@ -1756,6 +1792,7 @@ SYSCALL_DEFINE4(wait4, pid_t, upid, int __user *, stat_addr,
+@@ -1773,6 +1809,7 @@ SYSCALL_DEFINE4(wait4, pid_t, upid, int __user *, stat_addr,
asmlinkage_protect(4, ret, upid, stat_addr, options, ru);
return ret;
}
@@ -69716,10 +70186,10 @@
__set_current_state(save);
}
diff --git a/kernel/futex.c b/kernel/futex.c
-index 3071911..097d1c5 100644
+index 09dbee2..2431de5 100644
--- a/kernel/futex.c
+++ b/kernel/futex.c
-@@ -1592,8 +1592,6 @@ handle_fault:
+@@ -1588,8 +1588,6 @@ handle_fault:
#define FLAGS_CLOCKRT 0x02
#define FLAGS_HAS_TIMEOUT 0x04
@@ -69728,7 +70198,7 @@
/**
* fixup_owner() - Post lock pi_state and corner case management
* @uaddr: user address of the futex
-@@ -1867,7 +1865,7 @@ out:
+@@ -1863,7 +1861,7 @@ out:
}
@@ -69737,7 +70207,7 @@
{
u32 __user *uaddr = (u32 __user *)restart->futex.uaddr;
int fshared = 0;
-@@ -1884,6 +1882,7 @@ static long futex_wait_restart(struct restart_block *restart)
+@@ -1880,6 +1878,7 @@ static long futex_wait_restart(struct restart_block *restart)
restart->futex.bitset,
restart->futex.flags & FLAGS_CLOCKRT);
}
@@ -70666,7 +71136,7 @@
}
diff --git a/kernel/printk.c b/kernel/printk.c
-index f38b07f..75f2691 100644
+index 4cade47..5486e01 100644
--- a/kernel/printk.c
+++ b/kernel/printk.c
@@ -31,7 +31,9 @@
@@ -70980,7 +71450,7 @@
#else
static void call_console_drivers(unsigned start, unsigned end)
-@@ -1058,6 +1165,7 @@ void release_console_sem(void)
+@@ -1060,6 +1167,7 @@ void release_console_sem(void)
_con_start = con_start;
_log_end = log_end;
con_start = log_end; /* Flush */
@@ -70988,7 +71458,7 @@
spin_unlock(&logbuf_lock);
stop_critical_timings(); /* don't trace print latency */
call_console_drivers(_con_start, _log_end);
-@@ -1066,6 +1174,7 @@ void release_console_sem(void)
+@@ -1068,6 +1176,7 @@ void release_console_sem(void)
}
console_locked = 0;
up(&console_sem);
@@ -70996,7 +71466,7 @@
spin_unlock_irqrestore(&logbuf_lock, flags);
if (wake_klogd)
wake_up_klogd();
-@@ -1382,6 +1491,36 @@ int printk_ratelimit(void)
+@@ -1384,6 +1493,36 @@ int printk_ratelimit(void)
}
EXPORT_SYMBOL(printk_ratelimit);
@@ -71033,7 +71503,7 @@
/**
* printk_timed_ratelimit - caller-controlled printk ratelimiting
* @caller_jiffies: pointer to caller's state
-@@ -1405,3 +1544,65 @@ bool printk_timed_ratelimit(unsigned long *caller_jiffies,
+@@ -1407,3 +1546,65 @@ bool printk_timed_ratelimit(unsigned long *caller_jiffies,
}
EXPORT_SYMBOL(printk_timed_ratelimit);
#endif
@@ -71162,7 +71632,7 @@
child = find_task_by_vpid(pid);
if (child)
diff --git a/kernel/sched.c b/kernel/sched.c
-index a675fd6..d186389 100644
+index 9652eca..ffcf147 100644
--- a/kernel/sched.c
+++ b/kernel/sched.c
@@ -71,6 +71,8 @@
@@ -71206,7 +71676,7 @@
/*
* The domain tree (rq->sd) is protected by RCU's quiescent state transition.
* See detach_destroy_domains: synchronize_sched for details.
-@@ -1008,6 +1021,220 @@ static inline void task_rq_unlock(struct rq *rq, unsigned long *flags)
+@@ -1007,6 +1020,220 @@ static inline void task_rq_unlock(struct rq *rq, unsigned long *flags)
spin_unlock_irqrestore(&rq->lock, *flags);
}
@@ -71427,7 +71897,7 @@
/*
* this_rq_lock - lock this runqueue and disable interrupts.
*/
-@@ -1975,11 +2202,21 @@ static int effective_prio(struct task_struct *p)
+@@ -1974,11 +2201,21 @@ static int effective_prio(struct task_struct *p)
*/
static void activate_task(struct rq *rq, struct task_struct *p, int wakeup)
{
@@ -71450,7 +71920,7 @@
}
/*
-@@ -1987,11 +2224,31 @@ static void activate_task(struct rq *rq, struct task_struct *p, int wakeup)
+@@ -1986,11 +2223,31 @@ static void activate_task(struct rq *rq, struct task_struct *p, int wakeup)
*/
static void deactivate_task(struct rq *rq, struct task_struct *p, int sleep)
{
@@ -71483,7 +71953,7 @@
}
/**
-@@ -2276,6 +2533,7 @@ unsigned long wait_task_inactive(struct task_struct *p, long match_state)
+@@ -2275,6 +2532,7 @@ unsigned long wait_task_inactive(struct task_struct *p, long match_state)
return ncsw;
}
@@ -71491,7 +71961,7 @@
/***
* kick_process - kick a running thread to enter/exit the kernel
-@@ -2436,6 +2694,7 @@ static int try_to_wake_up(struct task_struct *p, unsigned int state,
+@@ -2435,6 +2693,7 @@ static int try_to_wake_up(struct task_struct *p, unsigned int state,
* First fix up the nr_uninterruptible count:
*/
if (task_contributes_to_load(p)) {
@@ -71499,7 +71969,7 @@
if (likely(cpu_online(orig_cpu)))
rq->nr_uninterruptible--;
else
-@@ -2679,6 +2938,10 @@ void sched_fork(struct task_struct *p, int clone_flags)
+@@ -2678,6 +2937,10 @@ void sched_fork(struct task_struct *p, int clone_flags)
/* Want to start with kernel preemption disabled. */
task_thread_info(p)->preempt_count = 1;
#endif
@@ -71510,7 +71980,7 @@
plist_node_init(&p->pushable_tasks, MAX_PRIO);
put_cpu();
-@@ -2921,6 +3184,7 @@ asmlinkage void schedule_tail(struct task_struct *prev)
+@@ -2920,6 +3183,7 @@ asmlinkage void schedule_tail(struct task_struct *prev)
if (current->set_child_tid)
put_user(task_pid_vnr(current), current->set_child_tid);
}
@@ -71518,7 +71988,7 @@
/*
* context_switch - switch to the new MM and the new
-@@ -2992,6 +3256,7 @@ unsigned long nr_running(void)
+@@ -2991,6 +3255,7 @@ unsigned long nr_running(void)
return sum;
}
@@ -71526,7 +71996,7 @@
unsigned long nr_uninterruptible(void)
{
-@@ -3009,6 +3274,7 @@ unsigned long nr_uninterruptible(void)
+@@ -3008,6 +3273,7 @@ unsigned long nr_uninterruptible(void)
return sum;
}
@@ -71534,7 +72004,7 @@
unsigned long long nr_context_switches(void)
{
-@@ -3044,6 +3310,72 @@ unsigned long this_cpu_load(void)
+@@ -3043,6 +3309,72 @@ unsigned long this_cpu_load(void)
}
@@ -71607,7 +72077,7 @@
/* Variables and functions for calc_load */
static atomic_long_t calc_load_tasks;
static unsigned long calc_load_update;
-@@ -3065,6 +3397,16 @@ void get_avenrun(unsigned long *loads, unsigned long offset, int shift)
+@@ -3064,6 +3396,16 @@ void get_avenrun(unsigned long *loads, unsigned long offset, int shift)
loads[2] = (avenrun[2] + offset) << shift;
}
@@ -71624,7 +72094,7 @@
static unsigned long
calc_load(unsigned long load, unsigned long exp, unsigned long active)
{
-@@ -3073,6 +3415,35 @@ calc_load(unsigned long load, unsigned long exp, unsigned long active)
+@@ -3072,6 +3414,35 @@ calc_load(unsigned long load, unsigned long exp, unsigned long active)
return load >> FSHIFT;
}
@@ -71660,7 +72130,7 @@
/*
* calc_load - update the avenrun load estimates 10 ticks after the
* CPUs have updated calc_load_tasks.
-@@ -3092,6 +3463,8 @@ void calc_global_load(void)
+@@ -3091,6 +3462,8 @@ void calc_global_load(void)
avenrun[1] = calc_load(avenrun[1], EXP_5, active);
avenrun[2] = calc_load(avenrun[2], EXP_15, active);
@@ -71669,7 +72139,7 @@
calc_load_update += LOAD_FREQ;
}
-@@ -3147,6 +3520,16 @@ static void update_cpu_load(struct rq *this_rq)
+@@ -3146,6 +3519,16 @@ static void update_cpu_load(struct rq *this_rq)
}
}
@@ -71686,7 +72156,7 @@
#ifdef CONFIG_SMP
/*
-@@ -3238,8 +3621,15 @@ unlock:
+@@ -3237,8 +3620,15 @@ unlock:
static void pull_task(struct rq *src_rq, struct task_struct *p,
struct rq *this_rq, int this_cpu)
{
@@ -71702,7 +72172,7 @@
activate_task(this_rq, p, 0);
check_preempt_curr(this_rq, p, 0);
}
-@@ -5116,10 +5506,13 @@ void account_user_time(struct task_struct *p, cputime_t cputime,
+@@ -5115,10 +5505,13 @@ void account_user_time(struct task_struct *p, cputime_t cputime,
/* Add user time to cpustat. */
tmp = cputime_to_cputime64(cputime);
@@ -71718,7 +72188,7 @@
cpuacct_update_stats(p, CPUACCT_STAT_USER, cputime);
/* Account for user time used */
-@@ -5176,6 +5569,7 @@ void account_system_time(struct task_struct *p, int hardirq_offset,
+@@ -5175,6 +5568,7 @@ void account_system_time(struct task_struct *p, int hardirq_offset,
/* Add system time to cpustat. */
tmp = cputime_to_cputime64(cputime);
@@ -71726,7 +72196,7 @@
if (hardirq_count() - hardirq_offset)
cpustat->irq = cputime64_add(cpustat->irq, tmp);
else if (softirq_count())
-@@ -5599,6 +5993,8 @@ need_resched_nonpreemptible:
+@@ -5598,6 +5992,8 @@ need_resched_nonpreemptible:
next = pick_next_task(rq);
if (likely(prev != next)) {
@@ -71735,7 +72205,7 @@
sched_info_switch(prev, next);
perf_event_task_sched_out(prev, next, cpu);
-@@ -5606,6 +6002,22 @@ need_resched_nonpreemptible:
+@@ -5605,6 +6001,22 @@ need_resched_nonpreemptible:
rq->curr = next;
++*switch_count;
@@ -71758,7 +72228,7 @@
context_switch(rq, prev, next); /* unlocks the rq */
/*
* the context switch might have flipped the stack from under
-@@ -5613,8 +6025,10 @@ need_resched_nonpreemptible:
+@@ -5612,8 +6024,10 @@ need_resched_nonpreemptible:
*/
cpu = smp_processor_id();
rq = cpu_rq(cpu);
@@ -71770,7 +72240,7 @@
post_schedule(rq);
-@@ -6400,7 +6814,7 @@ recheck:
+@@ -6399,7 +6813,7 @@ recheck:
/*
* Allow unprivileged RT tasks to decrease priority:
*/
@@ -71779,7 +72249,7 @@
if (rt_policy(policy)) {
unsigned long rlim_rtprio;
-@@ -6911,11 +7325,16 @@ EXPORT_SYMBOL(yield);
+@@ -6910,11 +7324,16 @@ EXPORT_SYMBOL(yield);
void __sched io_schedule(void)
{
struct rq *rq = raw_rq();
@@ -71796,7 +72266,7 @@
current->in_iowait = 0;
atomic_dec(&rq->nr_iowait);
delayacct_blkio_end();
-@@ -6926,11 +7345,16 @@ long __sched io_schedule_timeout(long timeout)
+@@ -6925,11 +7344,16 @@ long __sched io_schedule_timeout(long timeout)
{
struct rq *rq = raw_rq();
long ret;
@@ -71813,7 +72283,7 @@
current->in_iowait = 0;
atomic_dec(&rq->nr_iowait);
delayacct_blkio_end();
-@@ -7041,17 +7465,7 @@ void sched_show_task(struct task_struct *p)
+@@ -7040,17 +7464,7 @@ void sched_show_task(struct task_struct *p)
state = p->state ? __ffs(p->state) + 1 : 0;
printk(KERN_INFO "%-13.13s %c", p->comm,
state < sizeof(stat_nam) - 1 ? stat_nam[state] : '?');
@@ -71832,7 +72302,7 @@
#ifdef CONFIG_DEBUG_STACK_USAGE
free = stack_not_used(p);
#endif
-@@ -7068,13 +7482,13 @@ void show_state_filter(unsigned long state_filter)
+@@ -7067,13 +7481,13 @@ void show_state_filter(unsigned long state_filter)
#if BITS_PER_LONG == 32
printk(KERN_INFO
@@ -71849,7 +72319,7 @@
/*
* reset the NMI-timeout, listing all files on a slow
* console might take alot of time:
-@@ -7082,7 +7496,7 @@ void show_state_filter(unsigned long state_filter)
+@@ -7081,7 +7495,7 @@ void show_state_filter(unsigned long state_filter)
touch_nmi_watchdog();
if (!state_filter || (p->state & state_filter))
sched_show_task(p);
@@ -71858,7 +72328,7 @@
touch_all_softlockup_watchdogs();
-@@ -7434,13 +7848,13 @@ static void migrate_live_tasks(int src_cpu)
+@@ -7433,13 +7847,13 @@ static void migrate_live_tasks(int src_cpu)
read_lock(&tasklist_lock);
@@ -71874,7 +72344,7 @@
read_unlock(&tasklist_lock);
}
-@@ -9594,6 +10008,7 @@ void __init sched_init(void)
+@@ -9593,6 +10007,7 @@ void __init sched_init(void)
update_shares_data = __alloc_percpu(nr_cpu_ids * sizeof(unsigned long),
__alignof__(unsigned long));
#endif
@@ -71882,7 +72352,7 @@
for_each_possible_cpu(i) {
struct rq *rq;
-@@ -9607,7 +10022,7 @@ void __init sched_init(void)
+@@ -9606,7 +10021,7 @@ void __init sched_init(void)
#ifdef CONFIG_FAIR_GROUP_SCHED
init_task_group.shares = init_task_group_load;
INIT_LIST_HEAD(&rq->leaf_cfs_rq_list);
@@ -71891,7 +72361,7 @@
/*
* How much cpu bandwidth does init_task_group get?
*
-@@ -9653,7 +10068,7 @@ void __init sched_init(void)
+@@ -9652,7 +10067,7 @@ void __init sched_init(void)
rq->rt.rt_runtime = def_rt_bandwidth.rt_runtime;
#ifdef CONFIG_RT_GROUP_SCHED
INIT_LIST_HEAD(&rq->leaf_rt_rq_list);
@@ -71900,7 +72370,7 @@
init_tg_rt_entry(&init_task_group, &rq->rt, NULL, i, 1, NULL);
#elif defined CONFIG_USER_SCHED
init_tg_rt_entry(&root_task_group, &rq->rt, NULL, i, 0, NULL);
-@@ -9719,6 +10134,7 @@ void __init sched_init(void)
+@@ -9718,6 +10133,7 @@ void __init sched_init(void)
* During early bootup we pretend to be a normal task:
*/
current->sched_class = &fair_sched_class;
@@ -71908,7 +72378,7 @@
/* Allocate the nohz_cpu_mask if CONFIG_CPUMASK_OFFSTACK */
zalloc_cpumask_var(&nohz_cpu_mask, GFP_NOWAIT);
-@@ -9797,7 +10213,7 @@ void normalize_rt_tasks(void)
+@@ -9796,7 +10212,7 @@ void normalize_rt_tasks(void)
struct rq *rq;
read_lock_irqsave(&tasklist_lock, flags);
@@ -71917,7 +72387,7 @@
/*
* Only normalize user tasks:
*/
-@@ -9828,7 +10244,7 @@ void normalize_rt_tasks(void)
+@@ -9827,7 +10243,7 @@ void normalize_rt_tasks(void)
__task_rq_unlock(rq);
spin_unlock(&p->pi_lock);
@@ -71926,7 +72396,7 @@
read_unlock_irqrestore(&tasklist_lock, flags);
}
-@@ -10274,10 +10690,10 @@ static inline int tg_has_rt_tasks(struct task_group *tg)
+@@ -10273,10 +10689,10 @@ static inline int tg_has_rt_tasks(struct task_group *tg)
{
struct task_struct *g, *p;
@@ -72912,7 +73382,7 @@
static struct timespec total_sleep_time;
diff --git a/kernel/timer.c b/kernel/timer.c
-index 5db5a8d..0ba4a86 100644
+index cb3c1f1..683349c 100644
--- a/kernel/timer.c
+++ b/kernel/timer.c
@@ -39,6 +39,7 @@
@@ -72941,7 +73411,7 @@
trace_timer_expire_exit(timer);
lock_map_release(&lockdep_map);
-@@ -1441,20 +1445,35 @@ int do_sysinfo(struct sysinfo *info)
+@@ -1447,20 +1451,35 @@ int do_sysinfo(struct sysinfo *info)
unsigned long mem_total, sav_total;
unsigned int mem_unit, bitcount;
struct timespec tp;
@@ -76664,7 +77134,7 @@
}
+EXPORT_SYMBOL_GPL(show_mem);
diff --git a/mm/filemap.c b/mm/filemap.c
-index 46e3f8a..4e0d03f 100644
+index 9e0826e..ac46043 100644
--- a/mm/filemap.c
+++ b/mm/filemap.c
@@ -42,6 +42,7 @@
@@ -76752,7 +77222,7 @@
}
+EXPORT_SYMBOL_GPL(sys_remap_file_pages);
diff --git a/mm/internal.h b/mm/internal.h
-index 17bc0df..6a5669b 100644
+index f03e8e2..9340c95 100644
--- a/mm/internal.h
+++ b/mm/internal.h
@@ -66,8 +66,14 @@ static inline unsigned long page_order(struct page *page)
@@ -77471,7 +77941,7 @@
static int do_mlockall(int flags)
{
diff --git a/mm/mmap.c b/mm/mmap.c
-index 866a666..7ff61c2 100644
+index 292afec..6ac2b12 100644
--- a/mm/mmap.c
+++ b/mm/mmap.c
@@ -29,6 +29,7 @@
@@ -77724,7 +78194,7 @@
/*
* next_zone - helper magic for for_each_zone()
diff --git a/mm/mprotect.c b/mm/mprotect.c
-index 8bc969d..3978aa8 100644
+index 1737c7e..bde59ac 100644
--- a/mm/mprotect.c
+++ b/mm/mprotect.c
@@ -9,6 +9,7 @@
@@ -77775,12 +78245,13 @@
newflags |= VM_ACCOUNT;
}
}
-@@ -212,10 +223,16 @@ success:
+@@ -212,11 +223,17 @@ success:
+ mmu_notifier_invalidate_range_end(mm, start, end);
vm_stat_account(mm, oldflags, vma->vm_file, -nrpages);
vm_stat_account(mm, newflags, vma->vm_file, nrpages);
- perf_event_mmap(vma);
+ if (ch_dir == PRIVVM_TO_SHARED)
+ __ub_unused_privvm_dec(mm, ch_size);
+ perf_event_mmap(vma);
return 0;
fail:
@@ -80635,7 +81106,7 @@
}
}
diff --git a/mm/vmalloc.c b/mm/vmalloc.c
-index c228731..b579d8d 100644
+index 680dcbb..4921a63 100644
--- a/mm/vmalloc.c
+++ b/mm/vmalloc.c
@@ -31,6 +31,9 @@
@@ -80648,7 +81119,7 @@
/*** Page table manipulation functions ***/
-@@ -1349,7 +1352,7 @@ struct vm_struct *remove_vm_area(const void *addr)
+@@ -1358,7 +1361,7 @@ struct vm_struct *remove_vm_area(const void *addr)
return NULL;
}
@@ -80657,7 +81128,7 @@
{
struct vm_struct *area;
-@@ -1374,6 +1377,8 @@ static void __vunmap(const void *addr, int deallocate_pages)
+@@ -1383,6 +1386,8 @@ static void __vunmap(const void *addr, int deallocate_pages)
if (deallocate_pages) {
int i;
@@ -80666,7 +81137,7 @@
for (i = 0; i < area->nr_pages; i++) {
struct page *page = area->pages[i];
-@@ -1407,7 +1412,7 @@ void vfree(const void *addr)
+@@ -1416,7 +1421,7 @@ void vfree(const void *addr)
kmemleak_free(addr);
@@ -80675,7 +81146,7 @@
}
EXPORT_SYMBOL(vfree);
-@@ -1424,7 +1429,7 @@ void vunmap(const void *addr)
+@@ -1433,7 +1438,7 @@ void vunmap(const void *addr)
{
BUG_ON(in_interrupt());
might_sleep();
@@ -80684,7 +81155,7 @@
}
EXPORT_SYMBOL(vunmap);
-@@ -1511,10 +1516,12 @@ static void *__vmalloc_area_node(struct vm_struct *area, gfp_t gfp_mask,
+@@ -1520,10 +1525,12 @@ static void *__vmalloc_area_node(struct vm_struct *area, gfp_t gfp_mask,
if (map_vm_area(area, prot, &pages))
goto fail;
@@ -80698,7 +81169,7 @@
return NULL;
}
-@@ -1599,6 +1606,26 @@ void *vmalloc(unsigned long size)
+@@ -1608,6 +1615,26 @@ void *vmalloc(unsigned long size)
}
EXPORT_SYMBOL(vmalloc);
@@ -80725,7 +81196,7 @@
/**
* vmalloc_user - allocate zeroed virtually contiguous memory for userspace
* @size: allocation size
-@@ -1640,6 +1667,13 @@ void *vmalloc_node(unsigned long size, int node)
+@@ -1649,6 +1676,13 @@ void *vmalloc_node(unsigned long size, int node)
}
EXPORT_SYMBOL(vmalloc_node);
@@ -80739,7 +81210,7 @@
#ifndef PAGE_KERNEL_EXEC
# define PAGE_KERNEL_EXEC PAGE_KERNEL
#endif
-@@ -2335,6 +2369,40 @@ void pcpu_free_vm_areas(struct vm_struct **vms, int nr_vms)
+@@ -2344,6 +2378,40 @@ void pcpu_free_vm_areas(struct vm_struct **vms, int nr_vms)
kfree(vms);
}
@@ -81619,7 +82090,7 @@
else
set_bit(SOCK_ASYNC_NOSPACE, &sk->sk_socket->flags);
diff --git a/net/core/dev.c b/net/core/dev.c
-index 915d0ae..7f18124 100644
+index fd4c1e7..6e37837 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -130,6 +130,9 @@
@@ -81716,7 +82187,7 @@
rc = ops->ndo_start_xmit(nskb, dev);
if (unlikely(rc != NETDEV_TX_OK)) {
nskb->next = skb->next;
-@@ -2288,6 +2302,7 @@ int netif_receive_skb(struct sk_buff *skb)
+@@ -2296,6 +2302,7 @@ int netif_receive_skb(struct sk_buff *skb)
struct net_device *null_or_orig;
int ret = NET_RX_DROP;
__be16 type;
@@ -81724,7 +82195,7 @@
if (!skb->tstamp.tv64)
net_timestamp(skb);
-@@ -2317,6 +2332,16 @@ int netif_receive_skb(struct sk_buff *skb)
+@@ -2325,6 +2332,16 @@ int netif_receive_skb(struct sk_buff *skb)
skb_reset_transport_header(skb);
skb->mac_len = skb->network_header - skb->mac_header;
@@ -81741,7 +82212,7 @@
pt_prev = NULL;
rcu_read_lock();
-@@ -2375,6 +2400,7 @@ ncls:
+@@ -2383,6 +2400,7 @@ ncls:
out:
rcu_read_unlock();
@@ -81749,7 +82220,7 @@
return ret;
}
EXPORT_SYMBOL(netif_receive_skb);
-@@ -3394,8 +3420,13 @@ static int __dev_set_promiscuity(struct net_device *dev, int inc)
+@@ -3402,8 +3420,13 @@ static int __dev_set_promiscuity(struct net_device *dev, int inc)
return -EOVERFLOW;
}
}
@@ -81765,7 +82236,7 @@
dev->name, (dev->flags & IFF_PROMISC) ? "entered" :
"left");
if (audit_enabled) {
-@@ -4547,16 +4578,25 @@ int dev_ioctl(struct net *net, unsigned int cmd, void __user *arg)
+@@ -4555,16 +4578,25 @@ int dev_ioctl(struct net *net, unsigned int cmd, void __user *arg)
* - require strict serialization.
* - do not return a value
*/
@@ -81794,7 +82265,7 @@
case SIOCSMIIREG:
case SIOCBONDENSLAVE:
case SIOCBONDRELEASE:
-@@ -4619,12 +4659,11 @@ int dev_ioctl(struct net *net, unsigned int cmd, void __user *arg)
+@@ -4627,12 +4659,11 @@ int dev_ioctl(struct net *net, unsigned int cmd, void __user *arg)
*/
static int dev_new_index(struct net *net)
{
@@ -81811,7 +82282,7 @@
}
}
-@@ -4779,6 +4818,10 @@ int register_netdevice(struct net_device *dev)
+@@ -4787,6 +4818,10 @@ int register_netdevice(struct net_device *dev)
BUG_ON(dev->reg_state != NETREG_UNINITIALIZED);
BUG_ON(!net);
@@ -81822,7 +82293,7 @@
spin_lock_init(&dev->addr_list_lock);
netdev_set_addr_lockdep_class(dev);
netdev_init_queue_locks(dev);
-@@ -4849,6 +4892,10 @@ int register_netdevice(struct net_device *dev)
+@@ -4857,6 +4892,10 @@ int register_netdevice(struct net_device *dev)
set_bit(__LINK_STATE_PRESENT, &dev->state);
@@ -81833,7 +82304,7 @@
dev_init_scheduler(dev);
dev_hold(dev);
list_netdevice(dev);
-@@ -5029,12 +5076,14 @@ static void netdev_wait_allrefs(struct net_device *dev)
+@@ -5037,12 +5076,14 @@ static void netdev_wait_allrefs(struct net_device *dev)
void netdev_run_todo(void)
{
struct list_head list;
@@ -81848,7 +82319,7 @@
while (!list_empty(&list)) {
struct net_device *dev
= list_entry(list.next, struct net_device, todo_list);
-@@ -5047,6 +5096,7 @@ void netdev_run_todo(void)
+@@ -5055,6 +5096,7 @@ void netdev_run_todo(void)
continue;
}
@@ -81856,7 +82327,7 @@
dev->reg_state = NETREG_UNREGISTERED;
on_each_cpu(flush_backlog, dev, 1);
-@@ -5059,12 +5109,21 @@ void netdev_run_todo(void)
+@@ -5067,12 +5109,21 @@ void netdev_run_todo(void)
WARN_ON(dev->ip6_ptr);
WARN_ON(dev->dn_ptr);
@@ -81878,7 +82349,7 @@
}
/**
-@@ -5147,13 +5206,13 @@ struct net_device *alloc_netdev_mq(int sizeof_priv, const char *name,
+@@ -5155,13 +5206,13 @@ struct net_device *alloc_netdev_mq(int sizeof_priv, const char *name,
/* ensure 32-byte alignment of whole construct */
alloc_size += NETDEV_ALIGN - 1;
@@ -81894,7 +82365,7 @@
if (!tx) {
printk(KERN_ERR "alloc_netdev: Unable to allocate "
"tx qdiscs.\n");
-@@ -5296,11 +5355,18 @@ EXPORT_SYMBOL(unregister_netdev);
+@@ -5304,11 +5355,18 @@ EXPORT_SYMBOL(unregister_netdev);
* Callers must hold the rtnl semaphore.
*/
@@ -81914,7 +82385,7 @@
ASSERT_RTNL();
-@@ -5309,15 +5375,6 @@ int dev_change_net_namespace(struct net_device *dev, struct net *net, const char
+@@ -5317,15 +5375,6 @@ int dev_change_net_namespace(struct net_device *dev, struct net *net, const char
if (dev->features & NETIF_F_NETNS_LOCAL)
goto out;
@@ -81930,7 +82401,7 @@
/* Ensure the device has been registrered */
err = -EINVAL;
if (dev->reg_state != NETREG_REGISTERED)
-@@ -5360,6 +5417,11 @@ int dev_change_net_namespace(struct net_device *dev, struct net *net, const char
+@@ -5368,6 +5417,11 @@ int dev_change_net_namespace(struct net_device *dev, struct net *net, const char
err = -ENODEV;
unlist_netdevice(dev);
@@ -81942,7 +82413,7 @@
synchronize_net();
/* Shutdown queueing discipline. */
-@@ -5368,7 +5430,9 @@ int dev_change_net_namespace(struct net_device *dev, struct net *net, const char
+@@ -5376,7 +5430,9 @@ int dev_change_net_namespace(struct net_device *dev, struct net *net, const char
/* Notify protocols, that we are about to destroy
this device. They should clean all the things.
*/
@@ -81952,7 +82423,7 @@
/*
* Flush the unicast and multicast chains
-@@ -5376,7 +5440,9 @@ int dev_change_net_namespace(struct net_device *dev, struct net *net, const char
+@@ -5384,7 +5440,9 @@ int dev_change_net_namespace(struct net_device *dev, struct net *net, const char
dev_unicast_flush(dev);
dev_addr_discard(dev);
@@ -81962,7 +82433,7 @@
/* Actually switch the network namespace */
dev_net_set(dev, net);
-@@ -5394,14 +5460,18 @@ int dev_change_net_namespace(struct net_device *dev, struct net *net, const char
+@@ -5402,14 +5460,18 @@ int dev_change_net_namespace(struct net_device *dev, struct net *net, const char
}
/* Fixup kobjects */
@@ -81981,7 +82452,7 @@
/*
* Prevent userspace races by waiting until the network
-@@ -5416,6 +5486,14 @@ out:
+@@ -5424,6 +5486,14 @@ out:
}
EXPORT_SYMBOL_GPL(dev_change_net_namespace);
@@ -81996,7 +82467,7 @@
static int dev_cpu_callback(struct notifier_block *nfb,
unsigned long action,
void *ocpu)
-@@ -5507,7 +5585,7 @@ static struct hlist_head *netdev_create_hash(void)
+@@ -5515,7 +5585,7 @@ static struct hlist_head *netdev_create_hash(void)
int i;
struct hlist_head *hash;
@@ -82005,7 +82476,7 @@
if (hash != NULL)
for (i = 0; i < NETDEV_HASHENTRIES; i++)
INIT_HLIST_HEAD(&hash[i]);
-@@ -5701,3 +5779,32 @@ static int __init initialize_hashrnd(void)
+@@ -5709,3 +5779,32 @@ static int __init initialize_hashrnd(void)
late_initcall_sync(initialize_hashrnd);
@@ -82051,7 +82522,7 @@
for (dst = dst_busy_list; dst; dst = dst->next) {
last = dst;
diff --git a/net/core/ethtool.c b/net/core/ethtool.c
-index 450862e..f0ffc06 100644
+index abbe8fa..4519d60 100644
--- a/net/core/ethtool.c
+++ b/net/core/ethtool.c
@@ -975,7 +975,7 @@ int dev_ethtool(struct net *net, struct ifreq *ifr)
@@ -82511,7 +82982,7 @@
if (!fpl)
return -ENOMEM;
*fplp = fpl;
-@@ -304,7 +307,7 @@ struct scm_fp_list *scm_fp_dup(struct sc
+@@ -302,7 +305,7 @@ struct scm_fp_list *scm_fp_dup(struct scm_fp_list *fpl)
return NULL;
new_fpl = kmemdup(fpl, offsetof(struct scm_fp_list, fp[fpl->count]),
@@ -83621,6 +84092,19 @@
.tos = RT_TOS(ip_hdr(skb)->tos) } },
/* Not quite clean, but right. */
.uli_u = { .ports =
+diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c
+index e982b5c..bf1a036 100644
+--- a/net/ipv4/ip_sockglue.c
++++ b/net/ipv4/ip_sockglue.c
+@@ -921,7 +921,7 @@ mc_msf_out:
+ case IP_IPSEC_POLICY:
+ case IP_XFRM_POLICY:
+ err = -EPERM;
+- if (!capable(CAP_NET_ADMIN))
++ if (!capable(CAP_NET_ADMIN) && !capable(CAP_VE_NET_ADMIN))
+ break;
+ err = xfrm_user_policy(sk, optname, optval, optlen);
+ break;
diff --git a/net/ipv4/ipconfig.c b/net/ipv4/ipconfig.c
index f8d04c2..e70ffc0 100644
--- a/net/ipv4/ipconfig.c
@@ -84065,7 +84549,7 @@
printk(KERN_WARNING "CLUSTERIP: no such interface %s\n", e->ip.iniface);
return false;
diff --git a/net/ipv4/netfilter/ipt_LOG.c b/net/ipv4/netfilter/ipt_LOG.c
-index acc44c6..fbef754 100644
+index acc44c6..5d5a8ab 100644
--- a/net/ipv4/netfilter/ipt_LOG.c
+++ b/net/ipv4/netfilter/ipt_LOG.c
@@ -47,32 +47,32 @@ static void dump_packet(const struct nf_loginfo *info,
@@ -84377,6 +84861,15 @@
skb->sk->sk_socket->file->f_cred->fsuid,
skb->sk->sk_socket->file->f_cred->fsgid);
read_unlock_bh(&skb->sk->sk_callback_lock);
+@@ -346,7 +346,7 @@ static void dump_packet(const struct nf_loginfo *info,
+
+ /* Max length: 16 "MARK=0xFFFFFFFF " */
+ if (!iphoff && skb->mark)
+- printk("MARK=0x%x ", skb->mark);
++ ve_printk(VE_LOG, "MARK=0x%x ", skb->mark);
+
+ /* Proto Max log string length */
+ /* IP: 40+46+6+11+127 = 230 */
@@ -386,7 +386,7 @@ ipt_log_packet(u_int8_t pf,
loginfo = &default_loginfo;
@@ -84633,7 +85126,7 @@
module_init(nf_conntrack_l3proto_ipv4_init);
diff --git a/net/ipv4/netfilter/nf_nat_core.c b/net/ipv4/netfilter/nf_nat_core.c
-index 26066a2..2c77ffe 100644
+index 26066a2..96f07a4 100644
--- a/net/ipv4/netfilter/nf_nat_core.c
+++ b/net/ipv4/netfilter/nf_nat_core.c
@@ -275,6 +275,22 @@ out:
@@ -84680,6 +85173,16 @@
/* It's done. */
if (maniptype == IP_NAT_MANIP_DST)
+@@ -676,6 +682,9 @@ nfnetlink_parse_nat_setup(struct nf_conn *ct,
+
+ static int __net_init nf_nat_net_init(struct net *net)
+ {
++ if (net_ipt_permitted(net, VE_IP_NAT))
++ net_ipt_module_set(net, VE_IP_NAT);
++
+ /* Leave them the same for the moment. */
+ net->ipv4.nat_htable_size = net->ct.htable_size;
+ net->ipv4.nat_bysource = nf_ct_alloc_hashtable(&net->ipv4.nat_htable_size,
diff --git a/net/ipv4/netfilter/nf_nat_rule.c b/net/ipv4/netfilter/nf_nat_rule.c
index 9e81e0d..e6798d6 100644
--- a/net/ipv4/netfilter/nf_nat_rule.c
@@ -84848,7 +85351,7 @@
.procname = "rt_cache_rebuild_count",
.data = &init_net.ipv4.sysctl_rt_cache_rebuild_count,
diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
-index 4678308..256bcc7 100644
+index 734fe94..5c60596 100644
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c
@@ -272,6 +272,10 @@
@@ -85152,7 +85655,7 @@
/* Size and allocate the main established and bind bucket
* hash tables.
-@@ -2950,6 +3018,11 @@ void __init tcp_init(void)
+@@ -2952,6 +3020,11 @@ void __init tcp_init(void)
sysctl_tcp_mem[1] = limit;
sysctl_tcp_mem[2] = sysctl_tcp_mem[0] * 2;
@@ -85302,7 +85805,7 @@
NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPHPHITS);
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
-index 7cda24b..e1418334 100644
+index 7cda24b..e360965 100644
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -72,6 +72,8 @@
@@ -85398,7 +85901,18 @@
__free_page(sk->sk_sndmsg_page);
sk->sk_sndmsg_page = NULL;
}
-@@ -2478,6 +2493,93 @@ void __init tcp_v4_init(void)
+@@ -1949,7 +1964,9 @@ get_req:
+ }
+ get_sk:
+ sk_nulls_for_each_from(sk, node) {
+- if (sk->sk_family == st->family && net_eq(sock_net(sk), net)) {
++ if (!net_eq(sock_net(sk), net))
++ continue;
++ if (sk->sk_family == st->family) {
+ cur = sk;
+ goto out;
+ }
+@@ -2478,6 +2495,93 @@ void __init tcp_v4_init(void)
panic("Failed to create the TCP control socket.\n");
}
@@ -85891,7 +86405,7 @@
+ (void)set_exec_env(ve);
}
diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c
-index c322f44..2c1435a 100644
+index 31db78c..39c9bba 100644
--- a/net/ipv4/udp.c
+++ b/net/ipv4/udp.c
@@ -138,6 +138,7 @@ static int udp_lib_lport_inuse(struct net *net, __u16 num,
@@ -86316,7 +86830,7 @@
write_unlock_bh(&queue_lock);
}
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c
-index 1de56fd..645d172 100644
+index 1de56fd..9355bb8 100644
--- a/net/ipv6/netfilter/ip6_tables.c
+++ b/net/ipv6/netfilter/ip6_tables.c
@@ -351,6 +351,9 @@ ip6t_do_table(struct sk_buff *skb,
@@ -86347,6 +86861,24 @@
return -EPERM;
switch (cmd) {
+@@ -2029,7 +2032,7 @@ do_ip6t_set_ctl(struct sock *sk, int cmd, void __user *user, unsigned int len)
+ {
+ int ret;
+
+- if (!capable(CAP_NET_ADMIN))
++ if (!capable(CAP_NET_ADMIN) && !capable(CAP_VE_NET_ADMIN))
+ return -EPERM;
+
+ switch (cmd) {
+@@ -2054,7 +2057,7 @@ do_ip6t_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
+ {
+ int ret;
+
+- if (!capable(CAP_NET_ADMIN))
++ if (!capable(CAP_NET_ADMIN) && !capable(CAP_VE_NET_ADMIN))
+ return -EPERM;
+
+ switch (cmd) {
@@ -2107,7 +2110,7 @@ struct xt_table *ip6t_register_table(struct net *net,
int ret;
struct xt_table_info *newinfo;
@@ -86380,6 +86912,390 @@
xt_proto_fini(net, NFPROTO_IPV6);
}
+diff --git a/net/ipv6/netfilter/ip6t_LOG.c b/net/ipv6/netfilter/ip6t_LOG.c
+index 7018cac..8624c50 100644
+--- a/net/ipv6/netfilter/ip6t_LOG.c
++++ b/net/ipv6/netfilter/ip6t_LOG.c
+@@ -56,15 +56,15 @@ static void dump_packet(const struct nf_loginfo *info,
+
+ ih = skb_header_pointer(skb, ip6hoff, sizeof(_ip6h), &_ip6h);
+ if (ih == NULL) {
+- printk("TRUNCATED");
++ ve_printk(VE_LOG, "TRUNCATED");
+ return;
+ }
+
+ /* Max length: 88 "SRC=0000.0000.0000.0000.0000.0000.0000.0000 DST=0000.0000.0000.0000.0000.0000.0000.0000 " */
+- printk("SRC=%pI6 DST=%pI6 ", &ih->saddr, &ih->daddr);
++ ve_printk(VE_LOG, "SRC=%pI6 DST=%pI6 ", &ih->saddr, &ih->daddr);
+
+ /* Max length: 44 "LEN=65535 TC=255 HOPLIMIT=255 FLOWLBL=FFFFF " */
+- printk("LEN=%Zu TC=%u HOPLIMIT=%u FLOWLBL=%u ",
++ ve_printk(VE_LOG, "LEN=%Zu TC=%u HOPLIMIT=%u FLOWLBL=%u ",
+ ntohs(ih->payload_len) + sizeof(struct ipv6hdr),
+ (ntohl(*(__be32 *)ih) & 0x0ff00000) >> 20,
+ ih->hop_limit,
+@@ -79,35 +79,35 @@ static void dump_packet(const struct nf_loginfo *info,
+
+ hp = skb_header_pointer(skb, ptr, sizeof(_hdr), &_hdr);
+ if (hp == NULL) {
+- printk("TRUNCATED");
++ ve_printk(VE_LOG, "TRUNCATED");
+ return;
+ }
+
+ /* Max length: 48 "OPT (...) " */
+ if (logflags & IP6T_LOG_IPOPT)
+- printk("OPT ( ");
++ ve_printk(VE_LOG, "OPT ( ");
+
+ switch (currenthdr) {
+ case IPPROTO_FRAGMENT: {
+ struct frag_hdr _fhdr;
+ const struct frag_hdr *fh;
+
+- printk("FRAG:");
++ ve_printk(VE_LOG, "FRAG:");
+ fh = skb_header_pointer(skb, ptr, sizeof(_fhdr),
+ &_fhdr);
+ if (fh == NULL) {
+- printk("TRUNCATED ");
++ ve_printk(VE_LOG, "TRUNCATED ");
+ return;
+ }
+
+ /* Max length: 6 "65535 " */
+- printk("%u ", ntohs(fh->frag_off) & 0xFFF8);
++ ve_printk(VE_LOG, "%u ", ntohs(fh->frag_off) & 0xFFF8);
+
+ /* Max length: 11 "INCOMPLETE " */
+ if (fh->frag_off & htons(0x0001))
+- printk("INCOMPLETE ");
++ ve_printk(VE_LOG, "INCOMPLETE ");
+
+- printk("ID:%08x ", ntohl(fh->identification));
++ ve_printk(VE_LOG, "ID:%08x ", ntohl(fh->identification));
+
+ if (ntohs(fh->frag_off) & 0xFFF8)
+ fragment = 1;
+@@ -121,7 +121,7 @@ static void dump_packet(const struct nf_loginfo *info,
+ case IPPROTO_HOPOPTS:
+ if (fragment) {
+ if (logflags & IP6T_LOG_IPOPT)
+- printk(")");
++ ve_printk(VE_LOG, ")");
+ return;
+ }
+ hdrlen = ipv6_optlen(hp);
+@@ -133,10 +133,10 @@ static void dump_packet(const struct nf_loginfo *info,
+ const struct ip_auth_hdr *ah;
+
+ /* Max length: 3 "AH " */
+- printk("AH ");
++ ve_printk(VE_LOG, "AH ");
+
+ if (fragment) {
+- printk(")");
++ ve_printk(VE_LOG, ")");
+ return;
+ }
+
+@@ -147,13 +147,13 @@ static void dump_packet(const struct nf_loginfo *info,
+ * Max length: 26 "INCOMPLETE [65535
+ * bytes] )"
+ */
+- printk("INCOMPLETE [%u bytes] )",
++ ve_printk(VE_LOG, "INCOMPLETE [%u bytes] )",
+ skb->len - ptr);
+ return;
+ }
+
+ /* Length: 15 "SPI=0xF1234567 */
+- printk("SPI=0x%x ", ntohl(ah->spi));
++ ve_printk(VE_LOG, "SPI=0x%x ", ntohl(ah->spi));
+
+ }
+
+@@ -165,10 +165,10 @@ static void dump_packet(const struct nf_loginfo *info,
+ const struct ip_esp_hdr *eh;
+
+ /* Max length: 4 "ESP " */
+- printk("ESP ");
++ ve_printk(VE_LOG, "ESP ");
+
+ if (fragment) {
+- printk(")");
++ ve_printk(VE_LOG, ")");
+ return;
+ }
+
+@@ -178,23 +178,23 @@ static void dump_packet(const struct nf_loginfo *info,
+ eh = skb_header_pointer(skb, ptr, sizeof(_esph),
+ &_esph);
+ if (eh == NULL) {
+- printk("INCOMPLETE [%u bytes] )",
++ ve_printk(VE_LOG, "INCOMPLETE [%u bytes] )",
+ skb->len - ptr);
+ return;
+ }
+
+ /* Length: 16 "SPI=0xF1234567 )" */
+- printk("SPI=0x%x )", ntohl(eh->spi) );
++ ve_printk(VE_LOG, "SPI=0x%x )", ntohl(eh->spi) );
+
+ }
+ return;
+ default:
+ /* Max length: 20 "Unknown Ext Hdr 255" */
+- printk("Unknown Ext Hdr %u", currenthdr);
++ ve_printk(VE_LOG, "Unknown Ext Hdr %u", currenthdr);
+ return;
+ }
+ if (logflags & IP6T_LOG_IPOPT)
+- printk(") ");
++ ve_printk(VE_LOG, ") ");
+
+ currenthdr = hp->nexthdr;
+ ptr += hdrlen;
+@@ -206,7 +206,7 @@ static void dump_packet(const struct nf_loginfo *info,
+ const struct tcphdr *th;
+
+ /* Max length: 10 "PROTO=TCP " */
+- printk("PROTO=TCP ");
++ ve_printk(VE_LOG, "PROTO=TCP ");
+
+ if (fragment)
+ break;
+@@ -214,40 +214,40 @@ static void dump_packet(const struct nf_loginfo *info,
+ /* Max length: 25 "INCOMPLETE [65535 bytes] " */
+ th = skb_header_pointer(skb, ptr, sizeof(_tcph), &_tcph);
+ if (th == NULL) {
+- printk("INCOMPLETE [%u bytes] ", skb->len - ptr);
++ ve_printk(VE_LOG, "INCOMPLETE [%u bytes] ", skb->len - ptr);
+ return;
+ }
+
+ /* Max length: 20 "SPT=65535 DPT=65535 " */
+- printk("SPT=%u DPT=%u ",
++ ve_printk(VE_LOG, "SPT=%u DPT=%u ",
+ ntohs(th->source), ntohs(th->dest));
+ /* Max length: 30 "SEQ=4294967295 ACK=4294967295 " */
+ if (logflags & IP6T_LOG_TCPSEQ)
+- printk("SEQ=%u ACK=%u ",
++ ve_printk(VE_LOG, "SEQ=%u ACK=%u ",
+ ntohl(th->seq), ntohl(th->ack_seq));
+ /* Max length: 13 "WINDOW=65535 " */
+- printk("WINDOW=%u ", ntohs(th->window));
++ ve_printk(VE_LOG, "WINDOW=%u ", ntohs(th->window));
+ /* Max length: 9 "RES=0x3C " */
+- printk("RES=0x%02x ", (u_int8_t)(ntohl(tcp_flag_word(th) & TCP_RESERVED_BITS) >> 22));
++ ve_printk(VE_LOG, "RES=0x%02x ", (u_int8_t)(ntohl(tcp_flag_word(th) & TCP_RESERVED_BITS) >> 22));
+ /* Max length: 32 "CWR ECE URG ACK PSH RST SYN FIN " */
+ if (th->cwr)
+- printk("CWR ");
++ ve_printk(VE_LOG, "CWR ");
+ if (th->ece)
+- printk("ECE ");
++ ve_printk(VE_LOG, "ECE ");
+ if (th->urg)
+- printk("URG ");
++ ve_printk(VE_LOG, "URG ");
+ if (th->ack)
+- printk("ACK ");
++ ve_printk(VE_LOG, "ACK ");
+ if (th->psh)
+- printk("PSH ");
++ ve_printk(VE_LOG, "PSH ");
+ if (th->rst)
+- printk("RST ");
++ ve_printk(VE_LOG, "RST ");
+ if (th->syn)
+- printk("SYN ");
++ ve_printk(VE_LOG, "SYN ");
+ if (th->fin)
+- printk("FIN ");
++ ve_printk(VE_LOG, "FIN ");
+ /* Max length: 11 "URGP=65535 " */
+- printk("URGP=%u ", ntohs(th->urg_ptr));
++ ve_printk(VE_LOG, "URGP=%u ", ntohs(th->urg_ptr));
+
+ if ((logflags & IP6T_LOG_TCPOPT)
+ && th->doff * 4 > sizeof(struct tcphdr)) {
+@@ -261,15 +261,15 @@ static void dump_packet(const struct nf_loginfo *info,
+ ptr + sizeof(struct tcphdr),
+ optsize, _opt);
+ if (op == NULL) {
+- printk("OPT (TRUNCATED)");
++ ve_printk(VE_LOG, "OPT (TRUNCATED)");
+ return;
+ }
+
+ /* Max length: 127 "OPT (" 15*4*2chars ") " */
+- printk("OPT (");
++ ve_printk(VE_LOG, "OPT (");
+ for (i =0; i < optsize; i++)
+- printk("%02X", op[i]);
+- printk(") ");
++ ve_printk(VE_LOG, "%02X", op[i]);
++ ve_printk(VE_LOG, ") ");
+ }
+ break;
+ }
+@@ -280,9 +280,9 @@ static void dump_packet(const struct nf_loginfo *info,
+
+ if (currenthdr == IPPROTO_UDP)
+ /* Max length: 10 "PROTO=UDP " */
+- printk("PROTO=UDP " );
++ ve_printk(VE_LOG, "PROTO=UDP " );
+ else /* Max length: 14 "PROTO=UDPLITE " */
+- printk("PROTO=UDPLITE ");
++ ve_printk(VE_LOG, "PROTO=UDPLITE ");
+
+ if (fragment)
+ break;
+@@ -290,12 +290,12 @@ static void dump_packet(const struct nf_loginfo *info,
+ /* Max length: 25 "INCOMPLETE [65535 bytes] " */
+ uh = skb_header_pointer(skb, ptr, sizeof(_udph), &_udph);
+ if (uh == NULL) {
+- printk("INCOMPLETE [%u bytes] ", skb->len - ptr);
++ ve_printk(VE_LOG, "INCOMPLETE [%u bytes] ", skb->len - ptr);
+ return;
+ }
+
+ /* Max length: 20 "SPT=65535 DPT=65535 " */
+- printk("SPT=%u DPT=%u LEN=%u ",
++ ve_printk(VE_LOG, "SPT=%u DPT=%u LEN=%u ",
+ ntohs(uh->source), ntohs(uh->dest),
+ ntohs(uh->len));
+ break;
+@@ -305,7 +305,7 @@ static void dump_packet(const struct nf_loginfo *info,
+ const struct icmp6hdr *ic;
+
+ /* Max length: 13 "PROTO=ICMPv6 " */
+- printk("PROTO=ICMPv6 ");
++ ve_printk(VE_LOG, "PROTO=ICMPv6 ");
+
+ if (fragment)
+ break;
+@@ -313,18 +313,18 @@ static void dump_packet(const struct nf_loginfo *info,
+ /* Max length: 25 "INCOMPLETE [65535 bytes] " */
+ ic = skb_header_pointer(skb, ptr, sizeof(_icmp6h), &_icmp6h);
+ if (ic == NULL) {
+- printk("INCOMPLETE [%u bytes] ", skb->len - ptr);
++ ve_printk(VE_LOG, "INCOMPLETE [%u bytes] ", skb->len - ptr);
+ return;
+ }
+
+ /* Max length: 18 "TYPE=255 CODE=255 " */
+- printk("TYPE=%u CODE=%u ", ic->icmp6_type, ic->icmp6_code);
++ ve_printk(VE_LOG, "TYPE=%u CODE=%u ", ic->icmp6_type, ic->icmp6_code);
+
+ switch (ic->icmp6_type) {
+ case ICMPV6_ECHO_REQUEST:
+ case ICMPV6_ECHO_REPLY:
+ /* Max length: 19 "ID=65535 SEQ=65535 " */
+- printk("ID=%u SEQ=%u ",
++ ve_printk(VE_LOG, "ID=%u SEQ=%u ",
+ ntohs(ic->icmp6_identifier),
+ ntohs(ic->icmp6_sequence));
+ break;
+@@ -335,35 +335,35 @@ static void dump_packet(const struct nf_loginfo *info,
+
+ case ICMPV6_PARAMPROB:
+ /* Max length: 17 "POINTER=ffffffff " */
+- printk("POINTER=%08x ", ntohl(ic->icmp6_pointer));
++ ve_printk(VE_LOG, "POINTER=%08x ", ntohl(ic->icmp6_pointer));
+ /* Fall through */
+ case ICMPV6_DEST_UNREACH:
+ case ICMPV6_PKT_TOOBIG:
+ case ICMPV6_TIME_EXCEED:
+ /* Max length: 3+maxlen */
+ if (recurse) {
+- printk("[");
++ ve_printk(VE_LOG, "[");
+ dump_packet(info, skb, ptr + sizeof(_icmp6h),
+ 0);
+- printk("] ");
++ ve_printk(VE_LOG, "] ");
+ }
+
+ /* Max length: 10 "MTU=65535 " */
+ if (ic->icmp6_type == ICMPV6_PKT_TOOBIG)
+- printk("MTU=%u ", ntohl(ic->icmp6_mtu));
++ ve_printk(VE_LOG, "MTU=%u ", ntohl(ic->icmp6_mtu));
+ }
+ break;
+ }
+ /* Max length: 10 "PROTO=255 " */
+ default:
+- printk("PROTO=%u ", currenthdr);
++ ve_printk(VE_LOG, "PROTO=%u ", currenthdr);
+ }
+
+ /* Max length: 15 "UID=4294967295 " */
+ if ((logflags & IP6T_LOG_UID) && recurse && skb->sk) {
+ read_lock_bh(&skb->sk->sk_callback_lock);
+ if (skb->sk->sk_socket && skb->sk->sk_socket->file)
+- printk("UID=%u GID=%u ",
++ ve_printk(VE_LOG, "UID=%u GID=%u ",
+ skb->sk->sk_socket->file->f_cred->fsuid,
+ skb->sk->sk_socket->file->f_cred->fsgid);
+ read_unlock_bh(&skb->sk->sk_callback_lock);
+@@ -371,7 +371,7 @@ static void dump_packet(const struct nf_loginfo *info,
+
+ /* Max length: 16 "MARK=0xFFFFFFFF " */
+ if (!recurse && skb->mark)
+- printk("MARK=0x%x ", skb->mark);
++ ve_printk(VE_LOG, "MARK=0x%x ", skb->mark);
+ }
+
+ static struct nf_loginfo default_loginfo = {
+@@ -397,14 +397,14 @@ ip6t_log_packet(u_int8_t pf,
+ loginfo = &default_loginfo;
+
+ spin_lock_bh(&log_lock);
+- printk("<%d>%sIN=%s OUT=%s ", loginfo->u.log.level,
++ ve_printk(VE_LOG, "<%d>%sIN=%s OUT=%s ", loginfo->u.log.level,
+ prefix,
+ in ? in->name : "",
+ out ? out->name : "");
+ if (in && !out) {
+ unsigned int len;
+ /* MAC logging for input chain only. */
+- printk("MAC=");
++ ve_printk(VE_LOG, "MAC=");
+ if (skb->dev && (len = skb->dev->hard_header_len) &&
+ skb->mac_header != skb->network_header) {
+ const unsigned char *p = skb_mac_header(skb);
+@@ -416,23 +416,23 @@ ip6t_log_packet(u_int8_t pf,
+
+ if (p != NULL) {
+ for (i = 0; i < len; i++)
+- printk("%02x%s", p[i],
++ ve_printk(VE_LOG, "%02x%s", p[i],
+ i == len - 1 ? "" : ":");
+ }
+- printk(" ");
++ ve_printk(VE_LOG, " ");
+
+ if (skb->dev->type == ARPHRD_SIT) {
+ const struct iphdr *iph =
+ (struct iphdr *)skb_mac_header(skb);
+- printk("TUNNEL=%pI4->%pI4 ",
++ ve_printk(VE_LOG, "TUNNEL=%pI4->%pI4 ",
+ &iph->saddr, &iph->daddr);
+ }
+ } else
+- printk(" ");
++ ve_printk(VE_LOG, " ");
+ }
+
+ dump_packet(loginfo, skb, skb_network_offset(skb), 1);
+- printk("\n");
++ ve_printk(VE_LOG, "\n");
+ spin_unlock_bh(&log_lock);
+ }
+
diff --git a/net/ipv6/netfilter/ip6table_filter.c b/net/ipv6/netfilter/ip6table_filter.c
index 6f4383a..6b9dc0b 100644
--- a/net/ipv6/netfilter/ip6table_filter.c
@@ -87010,6 +87926,19 @@
#ifdef CONFIG_TCP_MD5SIG
static const struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific = {
.md5_lookup = tcp_v4_md5_lookup,
+diff --git a/net/key/af_key.c b/net/key/af_key.c
+index 4e98193..723beee 100644
+--- a/net/key/af_key.c
++++ b/net/key/af_key.c
+@@ -183,7 +183,7 @@ static int pfkey_create(struct net *net, struct socket *sock, int protocol)
+ struct sock *sk;
+ int err;
+
+- if (!capable(CAP_NET_ADMIN))
++ if (!capable(CAP_NET_ADMIN) && !capable(CAP_VE_NET_ADMIN))
+ return -EPERM;
+ if (sock->type != SOCK_RAW)
+ return -ESOCKTNOSUPPORT;
diff --git a/net/netfilter/core.c b/net/netfilter/core.c
index 5bb3473..30a2739 100644
--- a/net/netfilter/core.c
@@ -87111,7 +88040,7 @@
addr = inet_select_addr(dev, 0, RT_SCOPE_UNIVERSE);
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
-index 1374179..0692fd2 100644
+index 8df3477..927823e 100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -45,6 +45,9 @@
@@ -89287,6 +90216,584 @@
out:
return err;
}
+diff --git a/net/sched/act_api.c b/net/sched/act_api.c
+index 2dfb3e7..592d77a 100644
+--- a/net/sched/act_api.c
++++ b/net/sched/act_api.c
+@@ -666,7 +666,8 @@ nlmsg_failure:
+ }
+
+ static int
+-act_get_notify(u32 pid, struct nlmsghdr *n, struct tc_action *a, int event)
++act_get_notify(struct net *net, u32 pid, struct nlmsghdr *n,
++ struct tc_action *a, int event)
+ {
+ struct sk_buff *skb;
+
+@@ -678,7 +679,7 @@ act_get_notify(u32 pid, struct nlmsghdr *n, struct tc_action *a, int event)
+ return -EINVAL;
+ }
+
+- return rtnl_unicast(skb, &init_net, pid);
++ return rtnl_unicast(skb, net, pid);
+ }
+
+ static struct tc_action *
+@@ -748,7 +749,8 @@ static struct tc_action *create_a(int i)
+ return act;
+ }
+
+-static int tca_action_flush(struct nlattr *nla, struct nlmsghdr *n, u32 pid)
++static int tca_action_flush(struct net *net, struct nlattr *nla,
++ struct nlmsghdr *n, u32 pid)
+ {
+ struct sk_buff *skb;
+ unsigned char *b;
+@@ -807,7 +809,7 @@ static int tca_action_flush(struct nlattr *nla, struct nlmsghdr *n, u32 pid)
+ nlh->nlmsg_flags |= NLM_F_ROOT;
+ module_put(a->ops->owner);
+ kfree(a);
+- err = rtnetlink_send(skb, &init_net, pid, RTNLGRP_TC, n->nlmsg_flags&NLM_F_ECHO);
++ err = rtnetlink_send(skb, net, pid, RTNLGRP_TC, n->nlmsg_flags&NLM_F_ECHO);
+ if (err > 0)
+ return 0;
+
+@@ -824,7 +826,8 @@ noflush_out:
+ }
+
+ static int
+-tca_action_gd(struct nlattr *nla, struct nlmsghdr *n, u32 pid, int event)
++tca_action_gd(struct net *net, struct nlattr *nla, struct nlmsghdr *n,
++ u32 pid, int event)
+ {
+ int i, ret;
+ struct nlattr *tb[TCA_ACT_MAX_PRIO+1];
+@@ -836,7 +839,7 @@ tca_action_gd(struct nlattr *nla, struct nlmsghdr *n, u32 pid, int event)
+
+ if (event == RTM_DELACTION && n->nlmsg_flags&NLM_F_ROOT) {
+ if (tb[1] != NULL)
+- return tca_action_flush(tb[1], n, pid);
++ return tca_action_flush(net, tb[1], n, pid);
+ else
+ return -EINVAL;
+ }
+@@ -857,7 +860,7 @@ tca_action_gd(struct nlattr *nla, struct nlmsghdr *n, u32 pid, int event)
+ }
+
+ if (event == RTM_GETACTION)
+- ret = act_get_notify(pid, n, head, event);
++ ret = act_get_notify(net, pid, n, head, event);
+ else { /* delete */
+ struct sk_buff *skb;
+
+@@ -876,7 +879,7 @@ tca_action_gd(struct nlattr *nla, struct nlmsghdr *n, u32 pid, int event)
+
+ /* now do the delete */
+ tcf_action_destroy(head, 0);
+- ret = rtnetlink_send(skb, &init_net, pid, RTNLGRP_TC,
++ ret = rtnetlink_send(skb, net, pid, RTNLGRP_TC,
+ n->nlmsg_flags&NLM_F_ECHO);
+ if (ret > 0)
+ return 0;
+@@ -887,8 +890,8 @@ err:
+ return ret;
+ }
+
+-static int tcf_add_notify(struct tc_action *a, u32 pid, u32 seq, int event,
+- u16 flags)
++static int tcf_add_notify(struct net *net, struct tc_action *a,
++ u32 pid, u32 seq, int event, u16 flags)
+ {
+ struct tcamsg *t;
+ struct nlmsghdr *nlh;
+@@ -921,7 +924,7 @@ static int tcf_add_notify(struct tc_action *a, u32 pid, u32 seq, int event,
+ nlh->nlmsg_len = skb_tail_pointer(skb) - b;
+ NETLINK_CB(skb).dst_group = RTNLGRP_TC;
+
+- err = rtnetlink_send(skb, &init_net, pid, RTNLGRP_TC, flags&NLM_F_ECHO);
++ err = rtnetlink_send(skb, net, pid, RTNLGRP_TC, flags&NLM_F_ECHO);
+ if (err > 0)
+ err = 0;
+ return err;
+@@ -934,7 +937,8 @@ nlmsg_failure:
+
+
+ static int
+-tcf_action_add(struct nlattr *nla, struct nlmsghdr *n, u32 pid, int ovr)
++tcf_action_add(struct net *net, struct nlattr *nla, struct nlmsghdr *n,
++ u32 pid, int ovr)
+ {
+ int ret = 0;
+ struct tc_action *act;
+@@ -952,7 +956,7 @@ tcf_action_add(struct nlattr *nla, struct nlmsghdr *n, u32 pid, int ovr)
+ /* dump then free all the actions after update; inserted policy
+ * stays intact
+ * */
+- ret = tcf_add_notify(act, pid, seq, RTM_NEWACTION, n->nlmsg_flags);
++ ret = tcf_add_notify(net, act, pid, seq, RTM_NEWACTION, n->nlmsg_flags);
+ for (a = act; a; a = act) {
+ act = a->next;
+ kfree(a);
+@@ -968,9 +972,6 @@ static int tc_ctl_action(struct sk_buff *skb, struct nlmsghdr *n, void *arg)
+ u32 pid = skb ? NETLINK_CB(skb).pid : 0;
+ int ret = 0, ovr = 0;
+
+- if (net != &init_net)
+- return -EINVAL;
+-
+ ret = nlmsg_parse(n, sizeof(struct tcamsg), tca, TCA_ACT_MAX, NULL);
+ if (ret < 0)
+ return ret;
+@@ -993,15 +994,17 @@ static int tc_ctl_action(struct sk_buff *skb, struct nlmsghdr *n, void *arg)
+ if (n->nlmsg_flags&NLM_F_REPLACE)
+ ovr = 1;
+ replay:
+- ret = tcf_action_add(tca[TCA_ACT_TAB], n, pid, ovr);
++ ret = tcf_action_add(net, tca[TCA_ACT_TAB], n, pid, ovr);
+ if (ret == -EAGAIN)
+ goto replay;
+ break;
+ case RTM_DELACTION:
+- ret = tca_action_gd(tca[TCA_ACT_TAB], n, pid, RTM_DELACTION);
++ ret = tca_action_gd(net, tca[TCA_ACT_TAB], n,
++ pid, RTM_DELACTION);
+ break;
+ case RTM_GETACTION:
+- ret = tca_action_gd(tca[TCA_ACT_TAB], n, pid, RTM_GETACTION);
++ ret = tca_action_gd(net, tca[TCA_ACT_TAB], n,
++ pid, RTM_GETACTION);
+ break;
+ default:
+ BUG();
+@@ -1041,7 +1044,6 @@ find_dump_kind(const struct nlmsghdr *n)
+ static int
+ tc_dump_action(struct sk_buff *skb, struct netlink_callback *cb)
+ {
+- struct net *net = sock_net(skb->sk);
+ struct nlmsghdr *nlh;
+ unsigned char *b = skb_tail_pointer(skb);
+ struct nlattr *nest;
+@@ -1051,9 +1053,6 @@ tc_dump_action(struct sk_buff *skb, struct netlink_callback *cb)
+ struct tcamsg *t = (struct tcamsg *) NLMSG_DATA(cb->nlh);
+ struct nlattr *kind = find_dump_kind(cb->nlh);
+
+- if (net != &init_net)
+- return 0;
+-
+ if (kind == NULL) {
+ printk("tc_dump_action: action bad kind\n");
+ return 0;
+diff --git a/net/sched/cls_api.c b/net/sched/cls_api.c
+index 7cf6c0f..08f42b2 100644
+--- a/net/sched/cls_api.c
++++ b/net/sched/cls_api.c
+@@ -98,8 +98,9 @@ out:
+ }
+ EXPORT_SYMBOL(unregister_tcf_proto_ops);
+
+-static int tfilter_notify(struct sk_buff *oskb, struct nlmsghdr *n,
+- struct tcf_proto *tp, unsigned long fh, int event);
++static int tfilter_notify(struct net *net, struct sk_buff *oskb,
++ struct nlmsghdr *n, struct tcf_proto *tp,
++ unsigned long fh, int event);
+
+
+ /* Select new prio value from the range, managed by kernel. */
+@@ -137,9 +138,6 @@ static int tc_ctl_tfilter(struct sk_buff *skb, struct nlmsghdr *n, void *arg)
+ int err;
+ int tp_created = 0;
+
+- if (net != &init_net)
+- return -EINVAL;
+-
+ replay:
+ t = NLMSG_DATA(n);
+ protocol = TC_H_MIN(t->tcm_info);
+@@ -158,7 +156,7 @@ replay:
+ /* Find head of filter chain. */
+
+ /* Find link */
+- dev = __dev_get_by_index(&init_net, t->tcm_ifindex);
++ dev = __dev_get_by_index(net, t->tcm_ifindex);
+ if (dev == NULL)
+ return -ENODEV;
+
+@@ -282,7 +280,7 @@ replay:
+ *back = tp->next;
+ spin_unlock_bh(root_lock);
+
+- tfilter_notify(skb, n, tp, fh, RTM_DELTFILTER);
++ tfilter_notify(net, skb, n, tp, fh, RTM_DELTFILTER);
+ tcf_destroy(tp);
+ err = 0;
+ goto errout;
+@@ -305,10 +303,10 @@ replay:
+ case RTM_DELTFILTER:
+ err = tp->ops->delete(tp, fh);
+ if (err == 0)
+- tfilter_notify(skb, n, tp, fh, RTM_DELTFILTER);
++ tfilter_notify(net, skb, n, tp, fh, RTM_DELTFILTER);
+ goto errout;
+ case RTM_GETTFILTER:
+- err = tfilter_notify(skb, n, tp, fh, RTM_NEWTFILTER);
++ err = tfilter_notify(net, skb, n, tp, fh, RTM_NEWTFILTER);
+ goto errout;
+ default:
+ err = -EINVAL;
+@@ -324,7 +322,7 @@ replay:
+ *back = tp;
+ spin_unlock_bh(root_lock);
+ }
+- tfilter_notify(skb, n, tp, fh, RTM_NEWTFILTER);
++ tfilter_notify(net, skb, n, tp, fh, RTM_NEWTFILTER);
+ } else {
+ if (tp_created)
+ tcf_destroy(tp);
+@@ -370,8 +368,9 @@ nla_put_failure:
+ return -1;
+ }
+
+-static int tfilter_notify(struct sk_buff *oskb, struct nlmsghdr *n,
+- struct tcf_proto *tp, unsigned long fh, int event)
++static int tfilter_notify(struct net *net, struct sk_buff *oskb,
++ struct nlmsghdr *n, struct tcf_proto *tp,
++ unsigned long fh, int event)
+ {
+ struct sk_buff *skb;
+ u32 pid = oskb ? NETLINK_CB(oskb).pid : 0;
+@@ -385,7 +384,7 @@ static int tfilter_notify(struct sk_buff *oskb, struct nlmsghdr *n,
+ return -EINVAL;
+ }
+
+- return rtnetlink_send(skb, &init_net, pid, RTNLGRP_TC,
++ return rtnetlink_send(skb, net, pid, RTNLGRP_TC,
+ n->nlmsg_flags & NLM_F_ECHO);
+ }
+
+@@ -417,12 +416,9 @@ static int tc_dump_tfilter(struct sk_buff *skb, struct netlink_callback *cb)
+ const struct Qdisc_class_ops *cops;
+ struct tcf_dump_args arg;
+
+- if (net != &init_net)
+- return 0;
+-
+ if (cb->nlh->nlmsg_len < NLMSG_LENGTH(sizeof(*tcm)))
+ return skb->len;
+- if ((dev = dev_get_by_index(&init_net, tcm->tcm_ifindex)) == NULL)
++ if ((dev = dev_get_by_index(net, tcm->tcm_ifindex)) == NULL)
+ return skb->len;
+
+ if (!tcm->tcm_parent)
+diff --git a/net/sched/cls_flow.c b/net/sched/cls_flow.c
+index 9402a7f..d3ef7f1 100644
+--- a/net/sched/cls_flow.c
++++ b/net/sched/cls_flow.c
+@@ -601,7 +601,6 @@ static unsigned long flow_get(struct tcf_proto *tp, u32 handle)
+
+ static void flow_put(struct tcf_proto *tp, unsigned long f)
+ {
+- return;
+ }
+
+ static int flow_dump(struct tcf_proto *tp, unsigned long fh,
+diff --git a/net/sched/em_meta.c b/net/sched/em_meta.c
+index 18d85d2..e348b6d 100644
+--- a/net/sched/em_meta.c
++++ b/net/sched/em_meta.c
+@@ -309,7 +309,7 @@ META_COLLECTOR(var_sk_bound_if)
+ } else {
+ struct net_device *dev;
+
+- dev = dev_get_by_index(&init_net, skb->sk->sk_bound_dev_if);
++ dev = dev_get_by_index(sock_net(skb->sk), skb->sk->sk_bound_dev_if);
+ *err = var_dev(dev, dst);
+ if (dev)
+ dev_put(dev);
+diff --git a/net/sched/sch_api.c b/net/sched/sch_api.c
+index 903e418..53ac33a 100644
+--- a/net/sched/sch_api.c
++++ b/net/sched/sch_api.c
+@@ -34,10 +34,12 @@
+ #include <net/netlink.h>
+ #include <net/pkt_sched.h>
+
+-static int qdisc_notify(struct sk_buff *oskb, struct nlmsghdr *n, u32 clid,
++static int qdisc_notify(struct net *net, struct sk_buff *oskb,
++ struct nlmsghdr *n, u32 clid,
+ struct Qdisc *old, struct Qdisc *new);
+-static int tclass_notify(struct sk_buff *oskb, struct nlmsghdr *n,
+- struct Qdisc *q, unsigned long cl, int event);
++static int tclass_notify(struct net *net, struct sk_buff *oskb,
++ struct nlmsghdr *n, struct Qdisc *q,
++ unsigned long cl, int event);
+
+ /*
+
+@@ -638,11 +640,12 @@ void qdisc_tree_decrease_qlen(struct Qdisc *sch, unsigned int n)
+ }
+ EXPORT_SYMBOL(qdisc_tree_decrease_qlen);
+
+-static void notify_and_destroy(struct sk_buff *skb, struct nlmsghdr *n, u32 clid,
++static void notify_and_destroy(struct net *net, struct sk_buff *skb,
++ struct nlmsghdr *n, u32 clid,
+ struct Qdisc *old, struct Qdisc *new)
+ {
+ if (new || old)
+- qdisc_notify(skb, n, clid, old, new);
++ qdisc_notify(net, skb, n, clid, old, new);
+
+ if (old)
+ qdisc_destroy(old);
+@@ -662,6 +665,7 @@ static int qdisc_graft(struct net_device *dev, struct Qdisc *parent,
+ struct Qdisc *new, struct Qdisc *old)
+ {
+ struct Qdisc *q = old;
++ struct net *net = dev_net(dev);
+ int err = 0;
+
+ if (parent == NULL) {
+@@ -698,12 +702,13 @@ static int qdisc_graft(struct net_device *dev, struct Qdisc *parent,
+ }
+
+ if (!ingress) {
+- notify_and_destroy(skb, n, classid, dev->qdisc, new);
++ notify_and_destroy(net, skb, n, classid,
++ dev->qdisc, new);
+ if (new && !new->ops->attach)
+ atomic_inc(&new->refcnt);
+ dev->qdisc = new ? : &noop_qdisc;
+ } else {
+- notify_and_destroy(skb, n, classid, old, new);
++ notify_and_destroy(net, skb, n, classid, old, new);
+ }
+
+ if (dev->flags & IFF_UP)
+@@ -721,7 +726,7 @@ static int qdisc_graft(struct net_device *dev, struct Qdisc *parent,
+ err = -ENOENT;
+ }
+ if (!err)
+- notify_and_destroy(skb, n, classid, old, new);
++ notify_and_destroy(net, skb, n, classid, old, new);
+ }
+ return err;
+ }
+@@ -947,10 +952,7 @@ static int tc_get_qdisc(struct sk_buff *skb, struct nlmsghdr *n, void *arg)
+ struct Qdisc *p = NULL;
+ int err;
+
+- if (net != &init_net)
+- return -EINVAL;
+-
+- if ((dev = __dev_get_by_index(&init_net, tcm->tcm_ifindex)) == NULL)
++ if ((dev = __dev_get_by_index(net, tcm->tcm_ifindex)) == NULL)
+ return -ENODEV;
+
+ err = nlmsg_parse(n, sizeof(*tcm), tca, TCA_MAX, NULL);
+@@ -990,7 +992,7 @@ static int tc_get_qdisc(struct sk_buff *skb, struct nlmsghdr *n, void *arg)
+ if ((err = qdisc_graft(dev, p, skb, n, clid, NULL, q)) != 0)
+ return err;
+ } else {
+- qdisc_notify(skb, n, clid, NULL, q);
++ qdisc_notify(net, skb, n, clid, NULL, q);
+ }
+ return 0;
+ }
+@@ -1009,16 +1011,13 @@ static int tc_modify_qdisc(struct sk_buff *skb, struct nlmsghdr *n, void *arg)
+ struct Qdisc *q, *p;
+ int err;
+
+- if (net != &init_net)
+- return -EINVAL;
+-
+ replay:
+ /* Reinit, just in case something touches this. */
+ tcm = NLMSG_DATA(n);
+ clid = tcm->tcm_parent;
+ q = p = NULL;
+
+- if ((dev = __dev_get_by_index(&init_net, tcm->tcm_ifindex)) == NULL)
++ if ((dev = __dev_get_by_index(net, tcm->tcm_ifindex)) == NULL)
+ return -ENODEV;
+
+ err = nlmsg_parse(n, sizeof(*tcm), tca, TCA_MAX, NULL);
+@@ -1105,7 +1104,7 @@ replay:
+ return -EINVAL;
+ err = qdisc_change(q, tca);
+ if (err == 0)
+- qdisc_notify(skb, n, clid, NULL, q);
++ qdisc_notify(net, skb, n, clid, NULL, q);
+ return err;
+
+ create_n_graft:
+@@ -1195,8 +1194,9 @@ nla_put_failure:
+ return -1;
+ }
+
+-static int qdisc_notify(struct sk_buff *oskb, struct nlmsghdr *n,
+- u32 clid, struct Qdisc *old, struct Qdisc *new)
++static int qdisc_notify(struct net *net, struct sk_buff *oskb,
++ struct nlmsghdr *n, u32 clid,
++ struct Qdisc *old, struct Qdisc *new)
+ {
+ struct sk_buff *skb;
+ u32 pid = oskb ? NETLINK_CB(oskb).pid : 0;
+@@ -1215,7 +1215,7 @@ static int qdisc_notify(struct sk_buff *oskb, struct nlmsghdr *n,
+ }
+
+ if (skb->len)
+- return rtnetlink_send(skb, &init_net, pid, RTNLGRP_TC, n->nlmsg_flags&NLM_F_ECHO);
++ return rtnetlink_send(skb, net, pid, RTNLGRP_TC, n->nlmsg_flags&NLM_F_ECHO);
+
+ err_out:
+ kfree_skb(skb);
+@@ -1274,14 +1274,11 @@ static int tc_dump_qdisc(struct sk_buff *skb, struct netlink_callback *cb)
+ int s_idx, s_q_idx;
+ struct net_device *dev;
+
+- if (net != &init_net)
+- return 0;
+-
+ s_idx = cb->args[0];
+ s_q_idx = q_idx = cb->args[1];
+ read_lock(&dev_base_lock);
+ idx = 0;
+- for_each_netdev(&init_net, dev) {
++ for_each_netdev(net, dev) {
+ struct netdev_queue *dev_queue;
+
+ if (idx < s_idx)
+@@ -1333,10 +1330,7 @@ static int tc_ctl_tclass(struct sk_buff *skb, struct nlmsghdr *n, void *arg)
+ u32 qid = TC_H_MAJ(clid);
+ int err;
+
+- if (net != &init_net)
+- return -EINVAL;
+-
+- if ((dev = __dev_get_by_index(&init_net, tcm->tcm_ifindex)) == NULL)
++ if ((dev = __dev_get_by_index(net, tcm->tcm_ifindex)) == NULL)
+ return -ENODEV;
+
+ err = nlmsg_parse(n, sizeof(*tcm), tca, TCA_MAX, NULL);
+@@ -1417,10 +1411,10 @@ static int tc_ctl_tclass(struct sk_buff *skb, struct nlmsghdr *n, void *arg)
+ if (cops->delete)
+ err = cops->delete(q, cl);
+ if (err == 0)
+- tclass_notify(skb, n, q, cl, RTM_DELTCLASS);
++ tclass_notify(net, skb, n, q, cl, RTM_DELTCLASS);
+ goto out;
+ case RTM_GETTCLASS:
+- err = tclass_notify(skb, n, q, cl, RTM_NEWTCLASS);
++ err = tclass_notify(net, skb, n, q, cl, RTM_NEWTCLASS);
+ goto out;
+ default:
+ err = -EINVAL;
+@@ -1433,7 +1427,7 @@ static int tc_ctl_tclass(struct sk_buff *skb, struct nlmsghdr *n, void *arg)
+ if (cops->change)
+ err = cops->change(q, clid, pid, tca, &new_cl);
+ if (err == 0)
+- tclass_notify(skb, n, q, new_cl, RTM_NEWTCLASS);
++ tclass_notify(net, skb, n, q, new_cl, RTM_NEWTCLASS);
+
+ out:
+ if (cl)
+@@ -1485,8 +1479,9 @@ nla_put_failure:
+ return -1;
+ }
+
+-static int tclass_notify(struct sk_buff *oskb, struct nlmsghdr *n,
+- struct Qdisc *q, unsigned long cl, int event)
++static int tclass_notify(struct net *net, struct sk_buff *oskb,
++ struct nlmsghdr *n, struct Qdisc *q,
++ unsigned long cl, int event)
+ {
+ struct sk_buff *skb;
+ u32 pid = oskb ? NETLINK_CB(oskb).pid : 0;
+@@ -1500,7 +1495,7 @@ static int tclass_notify(struct sk_buff *oskb, struct nlmsghdr *n,
+ return -EINVAL;
+ }
+
+- return rtnetlink_send(skb, &init_net, pid, RTNLGRP_TC, n->nlmsg_flags&NLM_F_ECHO);
++ return rtnetlink_send(skb, net, pid, RTNLGRP_TC, n->nlmsg_flags&NLM_F_ECHO);
+ }
+
+ struct qdisc_dump_args
+@@ -1575,12 +1570,9 @@ static int tc_dump_tclass(struct sk_buff *skb, struct netlink_callback *cb)
+ struct net_device *dev;
+ int t, s_t;
+
+- if (net != &init_net)
+- return 0;
+-
+ if (cb->nlh->nlmsg_len < NLMSG_LENGTH(sizeof(*tcm)))
+ return 0;
+- if ((dev = dev_get_by_index(&init_net, tcm->tcm_ifindex)) == NULL)
++ if ((dev = dev_get_by_index(net, tcm->tcm_ifindex)) == NULL)
+ return 0;
+
+ s_t = cb->args[0];
+@@ -1690,7 +1682,7 @@ static int psched_show(struct seq_file *seq, void *v)
+
+ static int psched_open(struct inode *inode, struct file *file)
+ {
+- return single_open(file, psched_show, PDE(inode)->data);
++ return single_open(file, psched_show, NULL);
+ }
+
+ static const struct file_operations psched_fops = {
+@@ -1700,14 +1692,52 @@ static const struct file_operations psched_fops = {
+ .llseek = seq_lseek,
+ .release = single_release,
+ };
++
++static int __net_init psched_net_init(struct net *net)
++{
++ struct proc_dir_entry *e;
++
++ e = proc_net_fops_create(net, "psched", 0, &psched_fops);
++ if (e == NULL)
++ return -ENOMEM;
++
++ return 0;
++}
++
++static void __net_exit psched_net_exit(struct net *net)
++{
++ proc_net_remove(net, "psched");
++}
++#else
++static int __net_init psched_net_init(struct net *net)
++{
++ return 0;
++}
++
++static void __net_exit psched_net_exit(struct net *net)
++{
++}
+ #endif
+
++static struct pernet_operations psched_net_ops = {
++ .init = psched_net_init,
++ .exit = psched_net_exit,
++};
++
+ static int __init pktsched_init(void)
+ {
++ int err;
++
++ err = register_pernet_subsys(&psched_net_ops);
++ if (err) {
++ printk(KERN_ERR "pktsched_init: "
++ "cannot initialize per netns operations\n");
++ return err;
++ }
++
+ register_qdisc(&pfifo_qdisc_ops);
+ register_qdisc(&bfifo_qdisc_ops);
+ register_qdisc(&mq_qdisc_ops);
+- proc_net_fops_create(&init_net, "psched", 0, &psched_fops);
+
+ rtnl_register(PF_UNSPEC, RTM_NEWQDISC, tc_modify_qdisc, NULL);
+ rtnl_register(PF_UNSPEC, RTM_DELQDISC, tc_get_qdisc, NULL);
diff --git a/net/sched/sch_cbq.c b/net/sched/sch_cbq.c
index 5b132c4..6a88cab 100644
--- a/net/sched/sch_cbq.c
@@ -89356,6 +90863,66 @@
}
void __qdisc_run(struct Qdisc *q)
+diff --git a/net/sched/sch_ingress.c b/net/sched/sch_ingress.c
+index a9e646b..f10e34a 100644
+--- a/net/sched/sch_ingress.c
++++ b/net/sched/sch_ingress.c
+@@ -44,7 +44,6 @@ static void ingress_put(struct Qdisc *sch, unsigned long cl)
+
+ static void ingress_walk(struct Qdisc *sch, struct qdisc_walker *walker)
+ {
+- return;
+ }
+
+ static struct tcf_proto **ingress_find_tcf(struct Qdisc *sch, unsigned long cl)
+diff --git a/net/sched/sch_mq.c b/net/sched/sch_mq.c
+index d1dea3d..d87a6dd 100644
+--- a/net/sched/sch_mq.c
++++ b/net/sched/sch_mq.c
+@@ -173,7 +173,6 @@ static unsigned long mq_get(struct Qdisc *sch, u32 classid)
+
+ static void mq_put(struct Qdisc *sch, unsigned long cl)
+ {
+- return;
+ }
+
+ static int mq_dump_class(struct Qdisc *sch, unsigned long cl,
+diff --git a/net/sched/sch_multiq.c b/net/sched/sch_multiq.c
+index 7db2c88..f172ed5 100644
+--- a/net/sched/sch_multiq.c
++++ b/net/sched/sch_multiq.c
+@@ -339,7 +339,6 @@ static unsigned long multiq_bind(struct Qdisc *sch, unsigned long parent,
+
+ static void multiq_put(struct Qdisc *q, unsigned long cl)
+ {
+- return;
+ }
+
+ static int multiq_dump_class(struct Qdisc *sch, unsigned long cl,
+diff --git a/net/sched/sch_prio.c b/net/sched/sch_prio.c
+index 93285ce..8888c34 100644
+--- a/net/sched/sch_prio.c
++++ b/net/sched/sch_prio.c
+@@ -302,7 +302,6 @@ static unsigned long prio_bind(struct Qdisc *sch, unsigned long parent, u32 clas
+
+ static void prio_put(struct Qdisc *q, unsigned long cl)
+ {
+- return;
+ }
+
+ static int prio_dump_class(struct Qdisc *sch, unsigned long cl, struct sk_buff *skb,
+diff --git a/net/sched/sch_red.c b/net/sched/sch_red.c
+index 072cdf4..8d42bb3 100644
+--- a/net/sched/sch_red.c
++++ b/net/sched/sch_red.c
+@@ -303,7 +303,6 @@ static unsigned long red_get(struct Qdisc *sch, u32 classid)
+
+ static void red_put(struct Qdisc *sch, unsigned long arg)
+ {
+- return;
+ }
+
+ static void red_walk(struct Qdisc *sch, struct qdisc_walker *walker)
diff --git a/net/sched/sch_teql.c b/net/sched/sch_teql.c
index 5a002c2..7917369 100644
--- a/net/sched/sch_teql.c
@@ -89384,7 +90951,7 @@
}
diff --git a/net/socket.c b/net/socket.c
-index 7565536..f674df3 100644
+index d449812..60053d9 100644
--- a/net/socket.c
+++ b/net/socket.c
@@ -85,6 +85,7 @@
@@ -89438,7 +91005,7 @@
if (sock->ops) {
struct module *owner = sock->ops->owner;
-@@ -1140,6 +1138,50 @@ call_kill:
+@@ -1140,6 +1138,54 @@ call_kill:
return 0;
}
@@ -89456,6 +91023,7 @@
+ case PF_INET:
+ case PF_INET6:
+ case PF_PPPOX:
++ case PF_KEY:
+ break;
+ default:
+ return -EAFNOSUPPORT;
@@ -89477,6 +91045,9 @@
+ case IPPROTO_UDP:
+ case IPPROTO_RAW:
+ case IPPROTO_DCCP:
++ case IPPROTO_GRE:
++ case IPPROTO_ESP:
++ case IPPROTO_AH:
+ break;
+ default:
+ return -EAFNOSUPPORT;
@@ -89489,7 +91060,7 @@
static int __sock_create(struct net *net, int family, int type, int protocol,
struct socket **res, int kern)
{
-@@ -1170,6 +1212,11 @@ static int __sock_create(struct net *net, int family, int type, int protocol,
+@@ -1170,6 +1216,11 @@ static int __sock_create(struct net *net, int family, int type, int protocol,
family = PF_PACKET;
}
@@ -89501,7 +91072,7 @@
err = security_socket_create(family, type, protocol, kern);
if (err)
return err;
-@@ -2419,9 +2466,12 @@ int kernel_sock_ioctl(struct socket *sock, int cmd, unsigned long arg)
+@@ -2423,9 +2474,12 @@ int kernel_sock_ioctl(struct socket *sock, int cmd, unsigned long arg)
{
mm_segment_t oldfs = get_fs();
int err;
Modified: dists/sid/linux-2.6/debian/patches/series/31-extra
==============================================================================
--- dists/sid/linux-2.6/debian/patches/series/31-extra Wed Jan 26 14:09:17 2011 (r16854)
+++ dists/sid/linux-2.6/debian/patches/series/31-extra Thu Jan 27 14:55:19 2011 (r16855)
@@ -1,5 +1,4 @@
+ features/all/openvz/openvz.patch featureset=openvz
-+ features/all/openvz/ubc-Fix-orphan-count-checks-after-merge.patch featureset=openvz
+ features/all/vserver/vs2.3.0.36.29.6.patch featureset=vserver
More information about the Kernel-svn-changes
mailing list