diff options
Diffstat (limited to 'vserver-sources/old/2.1.1_rc25-r2/4413_vs2.1.1-lock-feat01.patch')
| -rw-r--r-- | vserver-sources/old/2.1.1_rc25-r2/4413_vs2.1.1-lock-feat01.patch | 191 |
1 files changed, 191 insertions, 0 deletions
diff --git a/vserver-sources/old/2.1.1_rc25-r2/4413_vs2.1.1-lock-feat01.patch b/vserver-sources/old/2.1.1_rc25-r2/4413_vs2.1.1-lock-feat01.patch new file mode 100644 index 0000000..8ea89cd --- /dev/null +++ b/vserver-sources/old/2.1.1_rc25-r2/4413_vs2.1.1-lock-feat01.patch @@ -0,0 +1,191 @@ +Index: linux-2.6.17/include/linux/vserver/network.h +=================================================================== +--- linux-2.6.17.orig/include/linux/vserver/network.h ++++ linux-2.6.17/include/linux/vserver/network.h +@@ -13,6 +13,8 @@ + + /* network flags */ + ++#define NXF_INFO_LOCK 0x00000001 ++ + #define NXF_STATE_SETUP (1ULL<<32) + #define NXF_STATE_ADMIN (1ULL<<34) + +Index: linux-2.6.17/kernel/vserver/context.c +=================================================================== +--- linux-2.6.17.orig/kernel/vserver/context.c ++++ linux-2.6.17/kernel/vserver/context.c +@@ -3,7 +3,7 @@ + * + * Virtual Server: Context Support + * +- * Copyright (C) 2003-2005 Herbert Pötzl ++ * Copyright (C) 2003-2006 Herbert Pötzl + * + * V0.01 context helper + * V0.02 vx_ctx_kill syscall command +@@ -578,6 +578,10 @@ int vx_migrate_user(struct task_struct * + + if (!p || !vxi) + BUG(); ++ ++ if (vx_info_flags(vxi, VXF_INFO_LOCK, 0)) ++ return -EACCES; ++ + new_user = alloc_uid(vxi->vx_id, p->uid); + if (!new_user) + return -ENOMEM; +@@ -636,6 +640,9 @@ int vx_migrate_task(struct task_struct * + if (!p || !vxi) + BUG(); + ++ if (vx_info_flags(vxi, VXF_INFO_LOCK, 0)) ++ return -EACCES; ++ + old_vxi = task_get_vx_info(p); + if (old_vxi == vxi) + goto out; +@@ -851,9 +858,10 @@ int vc_ctx_create(uint32_t xid, void __u + vx_set_persistent(new_vxi); + + vs_state_change(new_vxi, VSC_STARTUP); +- ret = new_vxi->vx_id; +- vx_migrate_task(current, new_vxi); ++ ret = vx_migrate_task(current, new_vxi); + /* if this fails, we might end up with a hashed vx_info */ ++ if (ret == 0) ++ ret = new_vxi->vx_id; + put_vx_info(new_vxi); + return ret; + } +@@ -863,6 +871,7 @@ int vc_ctx_migrate(uint32_t id, void __u + { + struct vcmd_ctx_migrate vc_data = { .flagword = 0 }; + struct vx_info *vxi; ++ int ret; + + if (data && copy_from_user (&vc_data, data, sizeof(vc_data))) + return -EFAULT; +@@ -876,13 +885,22 @@ int vc_ctx_migrate(uint32_t id, void __u + vxi = lookup_vx_info(id); + if (!vxi) + return -ESRCH; +- vx_migrate_task(current, vxi); ++ ++ ret = vx_migrate_task(current, vxi); ++ if (ret) ++ goto out_put; + if (vc_data.flagword & VXM_SET_INIT) +- vx_set_init(vxi, current); ++ ret = vx_set_init(vxi, current); ++ if (ret) ++ goto out_put; + if (vc_data.flagword & VXM_SET_REAPER) +- vx_set_reaper(vxi, current); ++ ret = vx_set_reaper(vxi, current); ++ if (ret) ++ goto out_put; ++ ret = 0; ++out_put: + put_vx_info(vxi); +- return 0; ++ return ret; + } + + +@@ -912,6 +930,7 @@ int vc_set_cflags(uint32_t id, void __us + struct vx_info *vxi; + struct vcmd_ctx_flags_v0 vc_data; + uint64_t mask, trigger; ++ int ret; + + if (copy_from_user (&vc_data, data, sizeof(vc_data))) + return -EFAULT; +@@ -932,8 +951,12 @@ int vc_set_cflags(uint32_t id, void __us + if (trigger & VXF_STATE_SETUP) + vx_mask_cap_bset(vxi, current); + if (trigger & VXF_STATE_INIT) { +- vx_set_init(vxi, current); +- vx_set_reaper(vxi, current); ++ ret = vx_set_init(vxi, current); ++ if (!ret) ++ goto out_put; ++ ret = vx_set_reaper(vxi, current); ++ if (!ret) ++ goto out_put; + } + } + +@@ -941,9 +964,10 @@ int vc_set_cflags(uint32_t id, void __us + vc_data.flagword, mask); + if (trigger & VXF_PERSISTENT) + vx_set_persistent(vxi); +- ++ ret = 0; ++out_put: + put_vx_info(vxi); +- return 0; ++ return ret; + } + + static int do_get_caps(xid_t xid, uint64_t *bcaps, uint64_t *ccaps) +Index: linux-2.6.17/kernel/vserver/namespace.c +=================================================================== +--- linux-2.6.17.orig/kernel/vserver/namespace.c ++++ linux-2.6.17/kernel/vserver/namespace.c +@@ -3,7 +3,7 @@ + * + * Virtual Server: Context Namespace Support + * +- * Copyright (C) 2003-2005 Herbert Pötzl ++ * Copyright (C) 2003-2006 Herbert Pötzl + * + * V0.01 broken out from context.c 0.07 + * V0.02 added task locking for namespace +@@ -62,6 +62,10 @@ int vc_enter_namespace(uint32_t id, void + if (!vxi->vx_namespace) + goto out_put; + ++ ret = -EACCES; ++ if (vx_info_flags(vxi, VXF_INFO_LOCK, 0)) ++ goto out_put; ++ + ret = -ENOMEM; + fs = copy_fs_struct(vxi->vx_fs); + if (!fs) +Index: linux-2.6.17/kernel/vserver/network.c +=================================================================== +--- linux-2.6.17.orig/kernel/vserver/network.c ++++ linux-2.6.17/kernel/vserver/network.c +@@ -3,7 +3,7 @@ + * + * Virtual Server: Network Support + * +- * Copyright (C) 2003-2005 Herbert Pötzl ++ * Copyright (C) 2003-2006 Herbert Pötzl + * + * V0.01 broken out from vcontext V0.05 + * V0.02 cleaned up implementation +@@ -605,13 +605,21 @@ int vc_net_create(uint32_t nid, void __u + int vc_net_migrate(uint32_t id, void __user *data) + { + struct nx_info *nxi; ++ int ret; + + nxi = lookup_nx_info(id); + if (!nxi) + return -ESRCH; ++ ++ ret = -EPERM; ++ if (nx_info_flags(nxi, NXF_INFO_LOCK, 0)) ++ goto out_put; ++ + nx_migrate_task(current, nxi); ++ ret = 0; ++out_put: + put_nx_info(nxi); +- return 0; ++ return ret; + } + + int vc_net_add(uint32_t nid, void __user *data) |