1 diff -Ndur linux-2.6.32-700/fs/proc/web100.c linux-2.6.32-700-xidmask/fs/proc/web100.c
2 --- linux-2.6.32-700/fs/proc/web100.c 2013-01-10 14:18:50.429337747 -0500
3 +++ linux-2.6.32-700-xidmask/fs/proc/web100.c 2013-01-19 23:39:00.433628214 -0500
6 stats = web100stats_first;
7 while (stats && n < max) {
8 - if (!stats->wc_dead) {
9 + // only return readable stats
10 + if ( 1 == vx_can_read_stats(stats) ) {
12 cids[n++] = stats->wc_cid;
14 diff -Ndur linux-2.6.32-700/include/linux/vserver/context.h linux-2.6.32-700-xidmask/include/linux/vserver/context.h
15 --- linux-2.6.32-700/include/linux/vserver/context.h 2013-01-10 14:18:49.949337361 -0500
16 +++ linux-2.6.32-700-xidmask/include/linux/vserver/context.h 2013-01-19 23:27:42.280655065 -0500
18 #define VXC_KTHREAD 0x01000000
19 #define VXC_NAMESPACE 0x02000000
21 +#define VXC_ENABLE_WEB100 0x10000000
25 diff -Ndur linux-2.6.32-700/include/net/tcp.h linux-2.6.32-700-xidmask/include/net/tcp.h
26 --- linux-2.6.32-700/include/net/tcp.h 2013-01-10 14:18:49.880337393 -0500
27 +++ linux-2.6.32-700-xidmask/include/net/tcp.h 2013-01-19 15:41:28.218337671 -0500
29 #ifdef CONFIG_WEB100_STATS
30 extern int sysctl_web100_fperms;
31 extern int sysctl_web100_gid;
32 +extern int sysctl_web100_sidestream_xid;
35 extern atomic_t tcp_memory_allocated;
36 diff -Ndur linux-2.6.32-700/include/net/web100.h linux-2.6.32-700-xidmask/include/net/web100.h
37 --- linux-2.6.32-700/include/net/web100.h 2013-01-10 14:18:49.874218972 -0500
38 +++ linux-2.6.32-700-xidmask/include/net/web100.h 2013-01-19 23:44:09.561660368 -0500
40 extern rwlock_t web100_linkage_lock;
42 /* For /proc/web100 */
43 -extern struct web100stats *web100stats_lookup(int cid);
44 +extern int vx_can_read_stats(struct web100stats *stats);
45 +extern struct web100stats *vx_web100stats_lookup(int cid, int vx_filter);
46 +#define web100stats_lookup(cid) vx_web100stats_lookup(cid, 1)
48 /* For the TCP code */
49 extern int web100_stats_create(struct sock *sk);
50 diff -Ndur linux-2.6.32-700/Makefile linux-2.6.32-700-xidmask/Makefile
51 --- linux-2.6.32-700/Makefile 2013-01-10 14:18:52.816337505 -0500
52 +++ linux-2.6.32-700-xidmask/Makefile 2013-01-19 18:08:11.786396982 -0500
57 -EXTRAVERSION = -131.tg3.220.mlab.i686
58 +EXTRAVERSION = .133-vs2.3.0.36.29.6.mlab.maskXX.planetlab
59 NAME = Man-Eating Seals of Antiquity
62 diff -Ndur linux-2.6.32-700/net/ipv4/sysctl_net_ipv4.c linux-2.6.32-700-xidmask/net/ipv4/sysctl_net_ipv4.c
63 --- linux-2.6.32-700/net/ipv4/sysctl_net_ipv4.c 2013-01-10 14:18:50.233320698 -0500
64 +++ linux-2.6.32-700-xidmask/net/ipv4/sysctl_net_ipv4.c 2013-01-19 15:41:52.767269242 -0500
67 .proc_handler = &web100_proc_dointvec_update,
70 + .ctl_name = CTL_UNNUMBERED,
71 + .procname = "web100_sidestream_xid",
72 + .data = &sysctl_web100_sidestream_xid,
73 + .maxlen = sizeof(int),
75 + .proc_handler = &web100_proc_dointvec_update,
79 .ctl_name = CTL_UNNUMBERED,
80 diff -Ndur linux-2.6.32-700/net/ipv4/tcp.c linux-2.6.32-700-xidmask/net/ipv4/tcp.c
81 --- linux-2.6.32-700/net/ipv4/tcp.c 2013-01-10 14:18:50.234322447 -0500
82 +++ linux-2.6.32-700-xidmask/net/ipv4/tcp.c 2013-01-19 15:42:50.975214376 -0500
84 #ifdef CONFIG_WEB100_STATS
85 int sysctl_web100_fperms = CONFIG_WEB100_FPERMS;
86 int sysctl_web100_gid = CONFIG_WEB100_GID;
87 +int sysctl_web100_sidestream_xid = -1;
90 atomic_t tcp_memory_allocated; /* Current allocated memory. */
93 tcp_push(sk, flags & ~MSG_MORE, mss_now, TCP_NAGLE_PUSH);
94 #ifdef CONFIG_WEB100_STATS
95 - web100_update_writeq(sk);
96 + WEB100_UPDATE_FUNC(tcp_sk(sk), web100_update_writeq(sk));
100 @@ -1101,7 +1102,7 @@
102 tcp_push(sk, flags & ~MSG_MORE, mss_now, TCP_NAGLE_PUSH);
103 #ifdef CONFIG_WEB100_STATS
104 - web100_update_writeq(sk);
105 + WEB100_UPDATE_FUNC(tcp_sk(sk), web100_update_writeq(sk));
109 @@ -1471,7 +1472,7 @@
112 #ifdef CONFIG_WEB100_STATS
113 - web100_update_recvq(sk);
114 + WEB100_UPDATE_FUNC(tcp_sk(sk), web100_update_recvq(sk));
117 /* Well, if we have backlog, try to process it now yet. */
118 diff -Ndur linux-2.6.32-700/net/ipv4/tcp_input.c linux-2.6.32-700-xidmask/net/ipv4/tcp_input.c
119 --- linux-2.6.32-700/net/ipv4/tcp_input.c 2013-01-10 14:18:50.232318345 -0500
120 +++ linux-2.6.32-700-xidmask/net/ipv4/tcp_input.c 2013-01-10 14:21:16.371337187 -0500
121 @@ -3177,7 +3177,7 @@
124 #ifdef CONFIG_WEB100_NET100
125 - if (vars->WAD_NoAI) {
126 + if (stats != NULL && vars->WAD_NoAI) {
127 tp->snd_cwnd += vars->WAD_CwndAdjust;
128 vars->WAD_CwndAdjust = 0;
129 tp->snd_cwnd_stamp = tcp_time_stamp;
130 @@ -4426,7 +4426,7 @@
131 tcp_fast_path_check(sk);
133 #ifdef CONFIG_WEB100_STATS
134 - web100_update_recvq(sk);
135 + WEB100_UPDATE_FUNC(tcp_sk(sk), web100_update_recvq(sk));
139 @@ -4484,7 +4484,7 @@
140 tp->rcv_nxt, TCP_SKB_CB(skb)->seq, TCP_SKB_CB(skb)->end_seq);
142 #ifdef CONFIG_WEB100_STATS
143 - web100_update_recvq(sk);
144 + WEB100_UPDATE_FUNC(tcp_sk(sk), web100_update_recvq(sk));
146 skb_set_owner_r(skb, sk);
148 @@ -5372,7 +5372,7 @@
151 #ifdef CONFIG_WEB100_STATS
152 - web100_update_recvq(sk);
153 + WEB100_UPDATE_FUNC(tcp_sk(sk), web100_update_recvq(sk));
155 tcp_event_data_recv(sk, skb);
157 diff -Ndur linux-2.6.32-700/net/ipv4/tcp_ipv4.c linux-2.6.32-700-xidmask/net/ipv4/tcp_ipv4.c
158 --- linux-2.6.32-700/net/ipv4/tcp_ipv4.c 2013-01-10 14:18:50.235319018 -0500
159 +++ linux-2.6.32-700-xidmask/net/ipv4/tcp_ipv4.c 2013-01-10 14:21:16.372284450 -0500
160 @@ -1383,7 +1383,9 @@
164 - tcp_sk(newsk)->tcp_stats->wc_vars.LocalAddressType = WC_ADDRTYPE_IPV4;
165 + if ( tcp_sk(newsk)->tcp_stats != NULL ) {
166 + tcp_sk(newsk)->tcp_stats->wc_vars.LocalAddressType = WC_ADDRTYPE_IPV4;
170 newsk->sk_gso_type = SKB_GSO_TCPV4;
171 @@ -1857,7 +1859,9 @@
172 if ((err = web100_stats_create(sk))) {
175 - tcp_sk(sk)->tcp_stats->wc_vars.LocalAddressType = WC_ADDRTYPE_IPV4;
176 + if ( tcp_sk(sk)->tcp_stats != NULL ) {
177 + tcp_sk(sk)->tcp_stats->wc_vars.LocalAddressType = WC_ADDRTYPE_IPV4;
182 diff -Ndur linux-2.6.32-700/net/ipv4/web100_stats.c linux-2.6.32-700-xidmask/net/ipv4/web100_stats.c
183 --- linux-2.6.32-700/net/ipv4/web100_stats.c 2013-01-10 14:18:50.231318735 -0500
184 +++ linux-2.6.32-700-xidmask/net/ipv4/web100_stats.c 2013-01-19 23:53:31.434591210 -0500
186 return cid % web100stats_htsize;
189 -struct web100stats *web100stats_lookup(int cid)
191 + * Determine if the given socket should have web100 stats structure.
194 + * sk -- socket pointer
196 + * 0 -- false, do not create the web100 stats struct
197 + * 1 -- true, create the web100 stats structure
199 +int vx_can_create_stats(struct sock *sk) {
200 + struct vx_info *vxi=NULL;
202 + if ( NULL == sk ) {
206 + if ( 0 != sk->sk_xid ) {
207 + vxi = lookup_vx_info(sk->sk_xid);
208 + if ( NULL != vxi ) {
209 + printk("web100_stats_create():\n");
210 + printk(" does xid:%d->ccaps:0x%016llx have 0x%08x set? ",
211 + sk->sk_xid, vxi->vx_ccaps, VXC_ENABLE_WEB100);
212 + if ( ! vx_info_ccaps(vxi, VXC_ENABLE_WEB100) ) {
214 + printk(" SKIPPING create for xid(%d)\n", sk->sk_xid);
215 + /* do not create stats struct */
219 + printk(" CREATING stats for xid(%d)\n", sk->sk_xid);
222 + printk(" NO VXINFO for xid:%d\n", sk->sk_xid);
223 + printk(" CREATING stats for xid(%d)\n", sk->sk_xid);
226 + /* create stats struct */
231 + * Determine if the current task has permission to read given stats struct. The
232 + * reader's identity is taken as the current task. If the current task
233 + * has permission, then the function returns TRUE. Otherwise, FALSE.
235 + * At least one condition must be satisfied for the function to return TRUE:
236 + * xid == 0 -- reader is the root context of the system.
237 + * xid == stats->wc_sk->sk_xid -- reader created the stats object
238 + * xid == web100_sidestream_xid -- reader can see all stats
241 + * stats - the web100 stats structure to read.
244 + * 0 - FALSE, read permission should be denied.
245 + * 1 - TRUE, current task has read permission
247 +int vx_can_read_stats(struct web100stats *stats) {
248 + struct vx_info *vxi=NULL;
249 + struct sock *sk = NULL;
251 + if ( NULL == stats || stats->wc_dead ) {
255 + if ( 0 == vx_current_xid() ) {
256 + // always ok for xid=0 (root context)
257 + printk("vx_can_read_stats(): TRUE b/c current->xid==0\n");
261 + vxi = current_vx_info();
262 + if ( NULL == vxi ) {
263 + /* non-root context is missing vx_info; cannot check access flags */
264 + printk("vx_can_read_stats(): FALSE b/c current->xid:%d vxi==NULL\n", vx_current_xid());
268 + if ( vx_current_xid() == sysctl_web100_sidestream_xid ) {
269 + /* the sidestream xid can view all stats. */
270 + printk("vx_can_read_stats(): TRUE! b/c xid:%d == sstream:%d\n",
271 + vx_current_xid(), sysctl_web100_sidestream_xid);
276 + if ( vx_current_xid() == sk->sk_xid ) {
277 + /* the xid is the socket owner so can see it's own connections */
278 + printk("vx_can_read_stats(): TRUE! b/c xid:%d == sk_xid:%d\n",
279 + vx_current_xid(), sk->sk_xid);
283 + /* all checks have failed, so deny read permission. */
284 + printk("vx_can_read_stats(): FALSE!\n");
285 + printk(" b/c xid:%d != curr:%d\n",
286 + vx_current_xid(), sk->sk_xid);
287 + printk(" AND, xid:%d != sidestream:%d\n",
288 + vx_current_xid(), sysctl_web100_sidestream_xid);
293 + * Based on the connection ID, return the web100stats structure.
294 + * Optionally, when vx_filter=1, filter the result by the
295 + * read-permission of the current task. When vx_filter=0, do not perform
299 + * cid -- connection id
300 + * vx_filter -- 1 or 0, filter the returned stats or not
303 + * If the cid is found, a pointer to a web100stats struct;
304 + * If the cid is not found or filtered, NULL is returned.
306 +struct web100stats *vx_web100stats_lookup(int cid, int vx_filter)
308 struct web100stats *stats;
311 stats = web100stats_ht[web100stats_hash(cid)];
312 while (stats && stats->wc_cid != cid)
313 stats = stats->wc_hash_next;
314 + if ( 1 == vx_filter ) {
315 + if ( 1 == vx_can_read_stats(stats) ) {
326 i = web100stats_next_cid;
328 - if (web100stats_lookup(i) == NULL)
329 + /* use vx sensitive version *without* filtering */
330 + if (vx_web100stats_lookup(i,0) == NULL)
332 i = (i + 1) % WEB100_MAX_CONNS;
333 } while (i != web100stats_next_cid);
335 struct web100directs *vars;
336 struct tcp_sock *tp = tcp_sk(sk);
338 + struct vx_info *vxi;
340 + if ( 0 == vx_can_create_stats(sk) ) {
341 + /* do not create web100 stats for this socket */
342 + tp->tcp_stats = NULL;
346 if ((stats = kmalloc(sizeof (struct web100stats), gfp_any())) == NULL)
350 void web100_stats_destroy(struct web100stats *stats)
352 + if ( NULL == stats ) {
355 /* Attribute final sndlim time. */
356 web100_update_sndlim(tcp_sk(stats->wc_sk), stats->wc_limstate);
358 Binary files linux-2.6.32-700/net/ipv4/.web100_stats.c.swp and linux-2.6.32-700-xidmask/net/ipv4/.web100_stats.c.swp differ
359 diff -Ndur linux-2.6.32-700/net/ipv6/tcp_ipv6.c linux-2.6.32-700-xidmask/net/ipv6/tcp_ipv6.c
360 --- linux-2.6.32-700/net/ipv6/tcp_ipv6.c 2013-01-10 14:18:50.219284269 -0500
361 +++ linux-2.6.32-700-xidmask/net/ipv6/tcp_ipv6.c 2013-01-10 14:21:16.373337472 -0500
362 @@ -1380,7 +1380,9 @@
366 - tcp_sk(newsk)->tcp_stats->wc_vars.LocalAddressType = WC_ADDRTYPE_IPV6;
367 + if ( tcp_sk(newsk)->tcp_stats != NULL ) {
368 + tcp_sk(newsk)->tcp_stats->wc_vars.LocalAddressType = WC_ADDRTYPE_IPV6;
373 @@ -1901,7 +1903,9 @@
374 if ((err = web100_stats_create(sk))) {
377 - tcp_sk(sk)->tcp_stats->wc_vars.LocalAddressType = WC_ADDRTYPE_IPV6;
378 + if ( tcp_sk(sk)->tcp_stats != NULL ) {
379 + tcp_sk(sk)->tcp_stats->wc_vars.LocalAddressType = WC_ADDRTYPE_IPV6;