1 diff -Ndur linux-2.6.32-700/fs/proc/web100.c linux-2.6.32-700-xidmask/fs/proc/web100.c
2 --- linux-2.6.32-700/fs/proc/web100.c 2013-01-10 14:18:50.429337747 -0500
3 +++ linux-2.6.32-700-xidmask/fs/proc/web100.c 2013-01-19 23:39:00.433628214 -0500
6 stats = web100stats_first;
7 while (stats && n < max) {
8 - if (!stats->wc_dead) {
9 + // only return readable stats
10 + if ( 1 == vx_can_read_stats(stats) ) {
12 cids[n++] = stats->wc_cid;
14 diff -Ndur linux-2.6.32-700/include/linux/vserver/context.h linux-2.6.32-700-xidmask/include/linux/vserver/context.h
15 --- linux-2.6.32-700/include/linux/vserver/context.h 2013-01-10 14:18:49.949337361 -0500
16 +++ linux-2.6.32-700-xidmask/include/linux/vserver/context.h 2013-01-19 23:27:42.280655065 -0500
18 #define VXC_KTHREAD 0x01000000
19 #define VXC_NAMESPACE 0x02000000
21 +#define VXC_ENABLE_WEB100 0x10000000
25 diff -Ndur linux-2.6.32-700/include/net/tcp.h linux-2.6.32-700-xidmask/include/net/tcp.h
26 --- linux-2.6.32-700/include/net/tcp.h 2013-01-10 14:18:49.880337393 -0500
27 +++ linux-2.6.32-700-xidmask/include/net/tcp.h 2013-01-19 15:41:28.218337671 -0500
29 #ifdef CONFIG_WEB100_STATS
30 extern int sysctl_web100_fperms;
31 extern int sysctl_web100_gid;
32 +extern int sysctl_web100_sidestream_xid;
35 extern atomic_t tcp_memory_allocated;
36 diff -Ndur linux-2.6.32-700/include/net/web100.h linux-2.6.32-700-xidmask/include/net/web100.h
37 --- linux-2.6.32-700/include/net/web100.h 2013-01-10 14:18:49.874218972 -0500
38 +++ linux-2.6.32-700-xidmask/include/net/web100.h 2013-01-19 23:44:09.561660368 -0500
40 extern rwlock_t web100_linkage_lock;
42 /* For /proc/web100 */
43 -extern struct web100stats *web100stats_lookup(int cid);
44 +extern int vx_can_read_stats(struct web100stats *stats);
45 +extern struct web100stats *vx_web100stats_lookup(int cid, int vx_filter);
46 +#define web100stats_lookup(cid) vx_web100stats_lookup(cid, 1)
48 /* For the TCP code */
49 extern int web100_stats_create(struct sock *sk);
50 diff -Ndur linux-2.6.32-700/net/ipv4/sysctl_net_ipv4.c linux-2.6.32-700-xidmask/net/ipv4/sysctl_net_ipv4.c
51 --- linux-2.6.32-700/net/ipv4/sysctl_net_ipv4.c 2013-01-10 14:18:50.233320698 -0500
52 +++ linux-2.6.32-700-xidmask/net/ipv4/sysctl_net_ipv4.c 2013-01-19 15:41:52.767269242 -0500
55 .proc_handler = &web100_proc_dointvec_update,
58 + .ctl_name = CTL_UNNUMBERED,
59 + .procname = "web100_sidestream_xid",
60 + .data = &sysctl_web100_sidestream_xid,
61 + .maxlen = sizeof(int),
63 + .proc_handler = &web100_proc_dointvec_update,
67 .ctl_name = CTL_UNNUMBERED,
68 diff -Ndur linux-2.6.32-700/net/ipv4/tcp.c linux-2.6.32-700-xidmask/net/ipv4/tcp.c
69 --- linux-2.6.32-700/net/ipv4/tcp.c 2013-01-10 14:18:50.234322447 -0500
70 +++ linux-2.6.32-700-xidmask/net/ipv4/tcp.c 2013-01-19 15:42:50.975214376 -0500
72 #ifdef CONFIG_WEB100_STATS
73 int sysctl_web100_fperms = CONFIG_WEB100_FPERMS;
74 int sysctl_web100_gid = CONFIG_WEB100_GID;
75 +int sysctl_web100_sidestream_xid = -1;
78 atomic_t tcp_memory_allocated; /* Current allocated memory. */
81 tcp_push(sk, flags & ~MSG_MORE, mss_now, TCP_NAGLE_PUSH);
82 #ifdef CONFIG_WEB100_STATS
83 - web100_update_writeq(sk);
84 + WEB100_UPDATE_FUNC(tcp_sk(sk), web100_update_writeq(sk));
90 tcp_push(sk, flags & ~MSG_MORE, mss_now, TCP_NAGLE_PUSH);
91 #ifdef CONFIG_WEB100_STATS
92 - web100_update_writeq(sk);
93 + WEB100_UPDATE_FUNC(tcp_sk(sk), web100_update_writeq(sk));
100 #ifdef CONFIG_WEB100_STATS
101 - web100_update_recvq(sk);
102 + WEB100_UPDATE_FUNC(tcp_sk(sk), web100_update_recvq(sk));
105 /* Well, if we have backlog, try to process it now yet. */
106 diff -Ndur linux-2.6.32-700/net/ipv4/tcp_input.c linux-2.6.32-700-xidmask/net/ipv4/tcp_input.c
107 --- linux-2.6.32-700/net/ipv4/tcp_input.c 2013-01-10 14:18:50.232318345 -0500
108 +++ linux-2.6.32-700-xidmask/net/ipv4/tcp_input.c 2013-01-10 14:21:16.371337187 -0500
109 @@ -3177,7 +3177,7 @@
112 #ifdef CONFIG_WEB100_NET100
113 - if (vars->WAD_NoAI) {
114 + if (stats != NULL && vars->WAD_NoAI) {
115 tp->snd_cwnd += vars->WAD_CwndAdjust;
116 vars->WAD_CwndAdjust = 0;
117 tp->snd_cwnd_stamp = tcp_time_stamp;
118 @@ -4426,7 +4426,7 @@
119 tcp_fast_path_check(sk);
121 #ifdef CONFIG_WEB100_STATS
122 - web100_update_recvq(sk);
123 + WEB100_UPDATE_FUNC(tcp_sk(sk), web100_update_recvq(sk));
127 @@ -4484,7 +4484,7 @@
128 tp->rcv_nxt, TCP_SKB_CB(skb)->seq, TCP_SKB_CB(skb)->end_seq);
130 #ifdef CONFIG_WEB100_STATS
131 - web100_update_recvq(sk);
132 + WEB100_UPDATE_FUNC(tcp_sk(sk), web100_update_recvq(sk));
134 skb_set_owner_r(skb, sk);
136 @@ -5372,7 +5372,7 @@
139 #ifdef CONFIG_WEB100_STATS
140 - web100_update_recvq(sk);
141 + WEB100_UPDATE_FUNC(tcp_sk(sk), web100_update_recvq(sk));
143 tcp_event_data_recv(sk, skb);
145 diff -Ndur linux-2.6.32-700/net/ipv4/tcp_ipv4.c linux-2.6.32-700-xidmask/net/ipv4/tcp_ipv4.c
146 --- linux-2.6.32-700/net/ipv4/tcp_ipv4.c 2013-01-10 14:18:50.235319018 -0500
147 +++ linux-2.6.32-700-xidmask/net/ipv4/tcp_ipv4.c 2013-01-10 14:21:16.372284450 -0500
148 @@ -1383,7 +1383,9 @@
152 - tcp_sk(newsk)->tcp_stats->wc_vars.LocalAddressType = WC_ADDRTYPE_IPV4;
153 + if ( tcp_sk(newsk)->tcp_stats != NULL ) {
154 + tcp_sk(newsk)->tcp_stats->wc_vars.LocalAddressType = WC_ADDRTYPE_IPV4;
158 newsk->sk_gso_type = SKB_GSO_TCPV4;
159 @@ -1857,7 +1859,9 @@
160 if ((err = web100_stats_create(sk))) {
163 - tcp_sk(sk)->tcp_stats->wc_vars.LocalAddressType = WC_ADDRTYPE_IPV4;
164 + if ( tcp_sk(sk)->tcp_stats != NULL ) {
165 + tcp_sk(sk)->tcp_stats->wc_vars.LocalAddressType = WC_ADDRTYPE_IPV4;
170 diff -Ndur linux-2.6.32-700/net/ipv4/web100_stats.c linux-2.6.32-700-xidmask/net/ipv4/web100_stats.c
171 --- linux-2.6.32-700/net/ipv4/web100_stats.c 2013-01-10 14:18:50.231318735 -0500
172 +++ linux-2.6.32-700-xidmask/net/ipv4/web100_stats.c 2013-01-19 23:53:31.434591210 -0500
174 return cid % web100stats_htsize;
177 -struct web100stats *web100stats_lookup(int cid)
179 + * Determine if the given socket should have web100 stats structure.
182 + * sk -- socket pointer
184 + * 0 -- false, do not create the web100 stats struct
185 + * 1 -- true, create the web100 stats structure
187 +int vx_can_create_stats(struct sock *sk) {
188 + struct vx_info *vxi=NULL;
190 + if ( NULL == sk ) {
194 + if ( 0 != sk->sk_xid ) {
195 + vxi = lookup_vx_info(sk->sk_xid);
196 + if ( NULL != vxi ) {
197 + printk("web100_stats_create():\n");
198 + printk(" does xid:%d->ccaps:0x%016llx have 0x%08x set? ",
199 + sk->sk_xid, vxi->vx_ccaps, VXC_ENABLE_WEB100);
200 + if ( ! vx_info_ccaps(vxi, VXC_ENABLE_WEB100) ) {
202 + printk(" SKIPPING create for xid(%d)\n", sk->sk_xid);
203 + /* do not create stats struct */
207 + printk(" CREATING stats for xid(%d)\n", sk->sk_xid);
210 + printk(" NO VXINFO for xid:%d\n", sk->sk_xid);
211 + printk(" CREATING stats for xid(%d)\n", sk->sk_xid);
214 + /* create stats struct */
219 + * Determine if the current task has permission to read given stats struct. The
220 + * reader's identity is taken as the current task. If the current task
221 + * has permission, then the function returns TRUE. Otherwise, FALSE.
223 + * At least one condition must be satisfied for the function to return TRUE:
224 + * xid == 0 -- reader is the root context of the system.
225 + * xid == stats->wc_sk->sk_xid -- reader created the stats object
226 + * xid == web100_sidestream_xid -- reader can see all stats
229 + * stats - the web100 stats structure to read.
232 + * 0 - FALSE, read permission should be denied.
233 + * 1 - TRUE, current task has read permission
235 +int vx_can_read_stats(struct web100stats *stats) {
236 + struct vx_info *vxi=NULL;
237 + struct sock *sk = NULL;
239 + if ( NULL == stats || stats->wc_dead ) {
243 + if ( 0 == vx_current_xid() ) {
244 + // always ok for xid=0 (root context)
245 + printk("vx_can_read_stats(): TRUE b/c current->xid==0\n");
249 + vxi = current_vx_info();
250 + if ( NULL == vxi ) {
251 + /* non-root context is missing vx_info; cannot check access flags */
252 + printk("vx_can_read_stats(): FALSE b/c current->xid:%d vxi==NULL\n", vx_current_xid());
256 + if ( vx_current_xid() == sysctl_web100_sidestream_xid ) {
257 + /* the sidestream xid can view all stats. */
258 + printk("vx_can_read_stats(): TRUE! b/c xid:%d == sstream:%d\n",
259 + vx_current_xid(), sysctl_web100_sidestream_xid);
264 + if ( vx_current_xid() == sk->sk_xid ) {
265 + /* the xid is the socket owner so can see it's own connections */
266 + printk("vx_can_read_stats(): TRUE! b/c xid:%d == sk_xid:%d\n",
267 + vx_current_xid(), sk->sk_xid);
271 + /* all checks have failed, so deny read permission. */
272 + printk("vx_can_read_stats(): FALSE!\n");
273 + printk(" b/c xid:%d != curr:%d\n",
274 + vx_current_xid(), sk->sk_xid);
275 + printk(" AND, xid:%d != sidestream:%d\n",
276 + vx_current_xid(), sysctl_web100_sidestream_xid);
281 + * Based on the connection ID, return the web100stats structure.
282 + * Optionally, when vx_filter=1, filter the result by the
283 + * read-permission of the current task. When vx_filter=0, do not perform
287 + * cid -- connection id
288 + * vx_filter -- 1 or 0, filter the returned stats or not
291 + * If the cid is found, a pointer to a web100stats struct;
292 + * If the cid is not found or filtered, NULL is returned.
294 +struct web100stats *vx_web100stats_lookup(int cid, int vx_filter)
296 struct web100stats *stats;
299 stats = web100stats_ht[web100stats_hash(cid)];
300 while (stats && stats->wc_cid != cid)
301 stats = stats->wc_hash_next;
302 + if ( 1 == vx_filter ) {
303 + if ( 1 == vx_can_read_stats(stats) ) {
314 i = web100stats_next_cid;
316 - if (web100stats_lookup(i) == NULL)
317 + /* use vx sensitive version *without* filtering */
318 + if (vx_web100stats_lookup(i,0) == NULL)
320 i = (i + 1) % WEB100_MAX_CONNS;
321 } while (i != web100stats_next_cid);
323 struct web100directs *vars;
324 struct tcp_sock *tp = tcp_sk(sk);
326 + struct vx_info *vxi;
328 + if ( 0 == vx_can_create_stats(sk) ) {
329 + /* do not create web100 stats for this socket */
330 + tp->tcp_stats = NULL;
334 if ((stats = kmalloc(sizeof (struct web100stats), gfp_any())) == NULL)
338 void web100_stats_destroy(struct web100stats *stats)
340 + if ( NULL == stats ) {
343 /* Attribute final sndlim time. */
344 web100_update_sndlim(tcp_sk(stats->wc_sk), stats->wc_limstate);
346 Binary files linux-2.6.32-700/net/ipv4/.web100_stats.c.swp and linux-2.6.32-700-xidmask/net/ipv4/.web100_stats.c.swp differ
347 diff -Ndur linux-2.6.32-700/net/ipv6/tcp_ipv6.c linux-2.6.32-700-xidmask/net/ipv6/tcp_ipv6.c
348 --- linux-2.6.32-700/net/ipv6/tcp_ipv6.c 2013-01-10 14:18:50.219284269 -0500
349 +++ linux-2.6.32-700-xidmask/net/ipv6/tcp_ipv6.c 2013-01-10 14:21:16.373337472 -0500
350 @@ -1380,7 +1380,9 @@
354 - tcp_sk(newsk)->tcp_stats->wc_vars.LocalAddressType = WC_ADDRTYPE_IPV6;
355 + if ( tcp_sk(newsk)->tcp_stats != NULL ) {
356 + tcp_sk(newsk)->tcp_stats->wc_vars.LocalAddressType = WC_ADDRTYPE_IPV6;
361 @@ -1901,7 +1903,9 @@
362 if ((err = web100_stats_create(sk))) {
365 - tcp_sk(sk)->tcp_stats->wc_vars.LocalAddressType = WC_ADDRTYPE_IPV6;
366 + if ( tcp_sk(sk)->tcp_stats != NULL ) {
367 + tcp_sk(sk)->tcp_stats->wc_vars.LocalAddressType = WC_ADDRTYPE_IPV6;