summaryrefslogtreecommitdiff
path: root/sys-fs
diff options
context:
space:
mode:
authorJustin Lecher <jlec@gentoo.org>2011-08-28 09:48:57 +0000
committerJustin Lecher <jlec@gentoo.org>2011-08-28 09:48:57 +0000
commitbd4ba32e8a9e523422854629119e7195308d1571 (patch)
tree0490fae675affd742b088d0d45c1a8a8add09be1 /sys-fs
parentChange version scheme (diff)
downloadgentoo-2-bd4ba32e8a9e523422854629119e7195308d1571.tar.gz
gentoo-2-bd4ba32e8a9e523422854629119e7195308d1571.tar.bz2
gentoo-2-bd4ba32e8a9e523422854629119e7195308d1571.zip
Moved to tree, fixes bug 376175
(Portage version: 2.2.0_alpha51/cvs/Linux x86_64)
Diffstat (limited to 'sys-fs')
-rw-r--r--sys-fs/aufs3/ChangeLog34
-rw-r--r--sys-fs/aufs3/aufs3-3_p20110815.ebuild123
-rw-r--r--sys-fs/aufs3/files/aufs3-base-0.patch70
-rw-r--r--sys-fs/aufs3/files/aufs3-standalone-0.patch257
-rw-r--r--sys-fs/aufs3/files/pax.patch135
-rw-r--r--sys-fs/aufs3/metadata.xml21
6 files changed, 640 insertions, 0 deletions
diff --git a/sys-fs/aufs3/ChangeLog b/sys-fs/aufs3/ChangeLog
new file mode 100644
index 000000000000..65393413cf42
--- /dev/null
+++ b/sys-fs/aufs3/ChangeLog
@@ -0,0 +1,34 @@
+# ChangeLog for sys-fs/aufs3
+# Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/sys-fs/aufs3/ChangeLog,v 1.1 2011/08/28 09:48:57 jlec Exp $
+
+ 28 Aug 2011; Justin Lecher <jlec@gentoo.org> +files/aufs3-base-0.patch,
+ +files/aufs3-standalone-0.patch, +aufs3-3_p20110815.ebuild, +files/pax.patch,
+ +metadata.xml:
+ Moved to tree, fixes bug 376175
+
+ 27 Aug 2011; Justin Lecher <jlec@gentoo.org> aufs3-3_p20110815.ebuild:
+ Make CONFIG check for EXPORTFS matadory for USE=nfs
+
+ 19 Aug 2011; Justin Lecher <jlec@gentoo.org> files/aufs3-standalone-0.patch,
+ -files/aufs3-base-1.patch, -files/aufs3-standalone-1.patch,
+ aufs3-3_p20110815.ebuild:
+ Cleaned some USE=doc problems
+
+ 18 Aug 2011; Justin Lecher <jlec@gentoo.org> aufs3-3_p20110815.ebuild:
+ Corrected to new kernel versioning scheme
+
+ 16 Aug 2011; Justin Lecher <jlec@gentoo.org> files/aufs3-standalone-1.patch:
+ Fix missing upstream export of symbols
+
+ 15 Aug 2011; Justin Lecher <jlec@gentoo.org> aufs3-3_p20110815.ebuild,
+ metadata.xml:
+ Changed USE hardened to pax_kernel, #375811
+
+*aufs3-3_p20110815 (15 Aug 2011)
+
+ 15 Aug 2011; Justin Lecher <jlec@gentoo.org> +files/aufs3-base-0.patch,
+ +files/aufs3-standalone-0.patch, +files/aufs3-base-1.patch,
+ +files/aufs3-standalone-1.patch, +aufs3-3_p20110815.ebuild, +metadata.xml:
+ Initial commit
+
diff --git a/sys-fs/aufs3/aufs3-3_p20110815.ebuild b/sys-fs/aufs3/aufs3-3_p20110815.ebuild
new file mode 100644
index 000000000000..e8ffbc6c3ac6
--- /dev/null
+++ b/sys-fs/aufs3/aufs3-3_p20110815.ebuild
@@ -0,0 +1,123 @@
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-fs/aufs3/aufs3-3_p20110815.ebuild,v 1.1 2011/08/28 09:48:57 jlec Exp $
+
+EAPI=4
+
+inherit linux-mod multilib toolchain-funcs
+
+AUFS_VERSION="${PV%%_p*}"
+
+DESCRIPTION="An entirely re-designed and re-implemented Unionfs"
+HOMEPAGE="http://aufs.sourceforge.net/"
+SRC_URI="http://dev.gentoo.org/~jlec/distfiles/${P}.tar.xz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="debug doc fuse pax_kernel hfs inotify kernel-patch nfs ramfs"
+
+DEPEND="dev-vcs/git"
+RDEPEND="
+ !sys-fs/aufs
+ !sys-fs/aufs2"
+
+S="${WORKDIR}"/${PN}-standalone
+
+MODULE_NAMES="aufs(misc:${S})"
+
+pkg_setup() {
+ CONFIG_CHECK="${CONFIG_CHECK} ~EXPERIMENTAL"
+ use inotify && CONFIG_CHECK="${CONFIG_CHECK} ~FSNOTIFY"
+ use nfs && CONFIG_CHECK="${CONFIG_CHECK} EXPORTFS"
+ use fuse && CONFIG_CHECK="${CONFIG_CHECK} ~FUSE_FS"
+ use hfs && CONFIG_CHECK="${CONFIG_CHECK} ~HFSPLUS_FS"
+
+ # this is needed so merging a binpkg ${PN} is possible w/out a kernel unpacked on the system
+ [ -n "$PKG_SETUP_HAS_BEEN_RAN" ] && return
+
+ get_version
+ kernel_is lt 3 0 0 && die "kernel too old, Please use sys-fs/aufs2"
+ kernel_is gt 3 0 99 && die "kernel too new"
+
+ linux-mod_pkg_setup
+ if ! ( patch -p1 --dry-run --force -R -d ${KV_DIR} < "${FILESDIR}"/${PN}-standalone-${KV_MINOR}.patch >/dev/null && \
+ patch -p1 --dry-run --force -R -d ${KV_DIR} < "${FILESDIR}"/${PN}-base-${KV_MINOR}.patch >/dev/null ); then
+ if use kernel-patch; then
+ cd ${KV_DIR}
+ ewarn "Patching your kernel..."
+ patch --no-backup-if-mismatch --force -p1 -R -d ${KV_DIR} < "${FILESDIR}"/${PN}-standalone-${KV_MINOR}.patch >/dev/null
+ patch --no-backup-if-mismatch --force -p1 -R -d ${KV_DIR} < "${FILESDIR}"/${PN}-base-${KV_MINOR}.patch >/dev/null
+ epatch "${FILESDIR}"/${PN}-{base,standalone}-${KV_MINOR}.patch
+ ewarn "You need to compile your kernel with the applied patch"
+ ewarn "to be able to load and use the aufs kernel module"
+ else
+ eerror "You need to apply a patch to your kernel to compile and run the ${PN} module"
+ eerror "Either enable the kernel-patch useflag to do it with this ebuild"
+ eerror "or apply ${FILESDIR}/${PN}-base-${KV_MINOR}.patch and"
+ eerror "${FILESDIR}/${PN}-standalone-${KV_MINOR}.patch by hand"
+ die "missing kernel patch, please apply it first"
+ fi
+ fi
+ export PKG_SETUP_HAS_BEEN_RAN=1
+}
+
+set_config() {
+ for option in $*; do
+ grep -q "^CONFIG_AUFS_${option} =" config.mk || die "${option} is not a valid config option"
+ sed "/^CONFIG_AUFS_${option}/s:=:= y:g" -i config.mk || die
+ done
+}
+
+src_prepare() {
+# local branch=origin/${PN}-${KV_MINOR}
+ local branch=origin/${PN}.0
+ git checkout -q $branch || die
+
+ # All config options to off
+ sed "s:= y:=:g" -i config.mk || die
+
+ set_config RDU BRANCH_MAX_127 SBILIST
+
+ use debug && set_config DEBUG
+ use fuse && set_config BR_FUSE POLL
+ use hfs && set_config BR_HFSPLUS
+ use inotify && set_config HNOTIFY HFSNOTIFY
+ use nfs && set_config EXPORT
+ use nfs && use amd64 && set_config INO_T_64
+ use ramfs && set_config BR_RAMFS
+
+ use pax_kernel && epatch "${FILESDIR}"/pax.patch
+
+ sed -i "s:aufs.ko usr/include/linux/aufs_type.h:aufs.ko:g" Makefile || die
+ sed -i "s:__user::g" include/linux/aufs_type.h || die
+
+ cd "${WORKDIR}"/${PN/3}-util
+ git checkout -q origin/${PN}.0
+ sed -i "/LDFLAGS += -static -s/d" Makefile || die
+ sed -i -e "s:m 644 -s:m 644:g" -e "s:/usr/lib:/usr/$(get_libdir):g" libau/Makefile || die
+}
+
+src_compile() {
+ local ARCH=x86
+
+ emake CC=$(tc-getCC) CONFIG_AUFS_FS=m KDIR=${KV_DIR}
+
+ cd "${WORKDIR}"/${PN/3}-util
+ emake CC=$(tc-getCC) AR=$(tc-getAR) KDIR=${KV_DIR} C_INCLUDE_PATH="${S}"/include
+}
+
+src_install() {
+ linux-mod_src_install
+
+ insinto /usr/share/doc/${PF}
+
+ use doc && doins -r Documentation
+
+ dodoc README
+
+ cd "${WORKDIR}"/${PN/3}-util
+ emake DESTDIR="${D}" KDIR=${KV_DIR} install
+
+ newdoc README README-utils
+}
diff --git a/sys-fs/aufs3/files/aufs3-base-0.patch b/sys-fs/aufs3/files/aufs3-base-0.patch
new file mode 100644
index 000000000000..7fa7db4ee6c7
--- /dev/null
+++ b/sys-fs/aufs3/files/aufs3-base-0.patch
@@ -0,0 +1,70 @@
+aufs3.0 base patch
+
+diff --git a/fs/namei.c b/fs/namei.c
+index 14ab8d3..eb4aef1 100644
+--- a/fs/namei.c
++++ b/fs/namei.c
+@@ -1697,7 +1697,7 @@ static struct dentry *__lookup_hash(struct qstr *name,
+ * needs parent already locked. Doesn't follow mounts.
+ * SMP-safe.
+ */
+-static struct dentry *lookup_hash(struct nameidata *nd)
++struct dentry *lookup_hash(struct nameidata *nd)
+ {
+ return __lookup_hash(&nd->last, nd->path.dentry, nd);
+ }
+diff --git a/fs/splice.c b/fs/splice.c
+index aa866d3..19afec6 100644
+--- a/fs/splice.c
++++ b/fs/splice.c
+@@ -1085,8 +1085,8 @@ EXPORT_SYMBOL(generic_splice_sendpage);
+ /*
+ * Attempt to initiate a splice from pipe to file.
+ */
+-static long do_splice_from(struct pipe_inode_info *pipe, struct file *out,
+- loff_t *ppos, size_t len, unsigned int flags)
++long do_splice_from(struct pipe_inode_info *pipe, struct file *out,
++ loff_t *ppos, size_t len, unsigned int flags)
+ {
+ ssize_t (*splice_write)(struct pipe_inode_info *, struct file *,
+ loff_t *, size_t, unsigned int);
+@@ -1113,9 +1113,9 @@ static long do_splice_from(struct pipe_inode_info *pipe, struct file *out,
+ /*
+ * Attempt to initiate a splice from a file to a pipe.
+ */
+-static long do_splice_to(struct file *in, loff_t *ppos,
+- struct pipe_inode_info *pipe, size_t len,
+- unsigned int flags)
++long do_splice_to(struct file *in, loff_t *ppos,
++ struct pipe_inode_info *pipe, size_t len,
++ unsigned int flags)
+ {
+ ssize_t (*splice_read)(struct file *, loff_t *,
+ struct pipe_inode_info *, size_t, unsigned int);
+diff --git a/include/linux/namei.h b/include/linux/namei.h
+index eba45ea..21ed6c9 100644
+--- a/include/linux/namei.h
++++ b/include/linux/namei.h
+@@ -82,6 +82,7 @@ extern int vfs_path_lookup(struct dentry *, struct vfsmount *,
+ extern struct file *lookup_instantiate_filp(struct nameidata *nd, struct dentry *dentry,
+ int (*open)(struct inode *, struct file *));
+
++extern struct dentry *lookup_hash(struct nameidata *nd);
+ extern struct dentry *lookup_one_len(const char *, struct dentry *, int);
+
+ extern int follow_down_one(struct path *);
+diff --git a/include/linux/splice.h b/include/linux/splice.h
+index 997c3b4..be9a153 100644
+--- a/include/linux/splice.h
++++ b/include/linux/splice.h
+@@ -89,4 +89,10 @@ extern int splice_grow_spd(struct pipe_inode_info *, struct splice_pipe_desc *);
+ extern void splice_shrink_spd(struct pipe_inode_info *,
+ struct splice_pipe_desc *);
+
++extern long do_splice_from(struct pipe_inode_info *pipe, struct file *out,
++ loff_t *ppos, size_t len, unsigned int flags);
++extern long do_splice_to(struct file *in, loff_t *ppos,
++ struct pipe_inode_info *pipe, size_t len,
++ unsigned int flags);
++
+ #endif
diff --git a/sys-fs/aufs3/files/aufs3-standalone-0.patch b/sys-fs/aufs3/files/aufs3-standalone-0.patch
new file mode 100644
index 000000000000..1c406c07e9b7
--- /dev/null
+++ b/sys-fs/aufs3/files/aufs3-standalone-0.patch
@@ -0,0 +1,257 @@
+aufs3.0 standalone patch
+
+diff --git a/fs/file_table.c b/fs/file_table.c
+index 01e4c1e..0e800e2 100644
+--- a/fs/file_table.c
++++ b/fs/file_table.c
+@@ -443,6 +443,8 @@ void file_sb_list_del(struct file *file)
+ }
+ }
+
++EXPORT_SYMBOL(file_sb_list_del);
++
+ #ifdef CONFIG_SMP
+
+ /*
+diff --git a/fs/inode.c b/fs/inode.c
+index 43566d1..4291eae 100644
+--- a/fs/inode.c
++++ b/fs/inode.c
+@@ -69,6 +69,7 @@ static DEFINE_SPINLOCK(inode_lru_lock);
+
+ __cacheline_aligned_in_smp DEFINE_SPINLOCK(inode_sb_list_lock);
+ __cacheline_aligned_in_smp DEFINE_SPINLOCK(inode_wb_list_lock);
++EXPORT_SYMBOL(inode_sb_list_lock);
+
+ /*
+ * iprune_sem provides exclusion between the icache shrinking and the
+diff --git a/fs/namei.c b/fs/namei.c
+index eb4aef1..66d04c6 100644
+--- a/fs/namei.c
++++ b/fs/namei.c
+@@ -365,6 +365,7 @@ int deny_write_access(struct file * file)
+
+ return 0;
+ }
++EXPORT_SYMBOL(deny_write_access);
+
+ /**
+ * path_get - get a reference to a path
+@@ -1701,6 +1702,7 @@ struct dentry *lookup_hash(struct nameidata *nd)
+ {
+ return __lookup_hash(&nd->last, nd->path.dentry, nd);
+ }
++EXPORT_SYMBOL(lookup_hash);
+
+ /**
+ * lookup_one_len - filesystem helper to lookup single pathname component
+diff --git a/fs/namespace.c b/fs/namespace.c
+index fe59bd1..7d3843f 100644
+--- a/fs/namespace.c
++++ b/fs/namespace.c
+@@ -1508,6 +1508,7 @@ int iterate_mounts(int (*f)(struct vfsmount *, void *), void *arg,
+ }
+ return 0;
+ }
++EXPORT_SYMBOL(iterate_mounts);
+
+ static void cleanup_group_ids(struct vfsmount *mnt, struct vfsmount *end)
+ {
+diff --git a/fs/notify/group.c b/fs/notify/group.c
+index d309f38..f0e9568 100644
+--- a/fs/notify/group.c
++++ b/fs/notify/group.c
+@@ -22,6 +22,7 @@
+ #include <linux/srcu.h>
+ #include <linux/rculist.h>
+ #include <linux/wait.h>
++#include <linux/module.h>
+
+ #include <linux/fsnotify_backend.h>
+ #include "fsnotify.h"
+@@ -70,6 +71,7 @@ void fsnotify_put_group(struct fsnotify_group *group)
+ if (atomic_dec_and_test(&group->refcnt))
+ fsnotify_destroy_group(group);
+ }
++EXPORT_SYMBOL(fsnotify_put_group);
+
+ /*
+ * Create a new fsnotify_group and hold a reference for the group returned.
+@@ -102,3 +104,4 @@ struct fsnotify_group *fsnotify_alloc_group(const struct fsnotify_ops *ops)
+
+ return group;
+ }
++EXPORT_SYMBOL(fsnotify_alloc_group);
+diff --git a/fs/notify/mark.c b/fs/notify/mark.c
+index 252ab1f..2199b9b 100644
+--- a/fs/notify/mark.c
++++ b/fs/notify/mark.c
+@@ -112,6 +112,7 @@ void fsnotify_put_mark(struct fsnotify_mark *mark)
+ if (atomic_dec_and_test(&mark->refcnt))
+ mark->free_mark(mark);
+ }
++EXPORT_SYMBOL(fsnotify_put_mark);
+
+ /*
+ * Any time a mark is getting freed we end up here.
+@@ -189,6 +190,7 @@ void fsnotify_destroy_mark(struct fsnotify_mark *mark)
+ if (unlikely(atomic_dec_and_test(&group->num_marks)))
+ fsnotify_final_destroy_group(group);
+ }
++EXPORT_SYMBOL(fsnotify_destroy_mark);
+
+ void fsnotify_set_mark_mask_locked(struct fsnotify_mark *mark, __u32 mask)
+ {
+@@ -276,6 +278,7 @@ err:
+
+ return ret;
+ }
++EXPORT_SYMBOL(fsnotify_add_mark);
+
+ /*
+ * clear any marks in a group in which mark->flags & flags is true
+@@ -331,6 +334,7 @@ void fsnotify_init_mark(struct fsnotify_mark *mark,
+ atomic_set(&mark->refcnt, 1);
+ mark->free_mark = free_mark;
+ }
++EXPORT_SYMBOL(fsnotify_init_mark);
+
+ static int fsnotify_mark_destroy(void *ignored)
+ {
+diff --git a/fs/open.c b/fs/open.c
+index b52cf01..c1b341c 100644
+--- a/fs/open.c
++++ b/fs/open.c
+@@ -60,6 +60,7 @@ int do_truncate(struct dentry *dentry, loff_t length, unsigned int time_attrs,
+ mutex_unlock(&dentry->d_inode->i_mutex);
+ return ret;
+ }
++EXPORT_SYMBOL(do_truncate);
+
+ static long do_sys_truncate(const char __user *pathname, loff_t length)
+ {
+diff --git a/fs/splice.c b/fs/splice.c
+index 19afec6..11f07f8 100644
+--- a/fs/splice.c
++++ b/fs/splice.c
+@@ -1109,6 +1109,7 @@ long do_splice_from(struct pipe_inode_info *pipe, struct file *out,
+
+ return splice_write(pipe, out, ppos, len, flags);
+ }
++EXPORT_SYMBOL(do_splice_from);
+
+ /*
+ * Attempt to initiate a splice from a file to a pipe.
+@@ -1135,6 +1136,7 @@ long do_splice_to(struct file *in, loff_t *ppos,
+
+ return splice_read(in, ppos, pipe, len, flags);
+ }
++EXPORT_SYMBOL(do_splice_to);
+
+ /**
+ * splice_direct_to_actor - splices data directly between two non-pipes
+diff --git a/security/commoncap.c b/security/commoncap.c
+index f20e984..d39acd9 100644
+--- a/security/commoncap.c
++++ b/security/commoncap.c
+@@ -976,3 +976,4 @@ int cap_file_mmap(struct file *file, unsigned long reqprot,
+ }
+ return ret;
+ }
++EXPORT_SYMBOL(cap_file_mmap);
+diff --git a/security/device_cgroup.c b/security/device_cgroup.c
+index 1be6826..215278c 100644
+--- a/security/device_cgroup.c
++++ b/security/device_cgroup.c
+@@ -508,6 +508,7 @@ found:
+
+ return -EPERM;
+ }
++EXPORT_SYMBOL(__devcgroup_inode_permission);
+
+ int devcgroup_inode_mknod(int mode, dev_t dev)
+ {
+diff --git a/security/security.c b/security/security.c
+index 4ba6d4c..9f64bb8 100644
+--- a/security/security.c
++++ b/security/security.c
+@@ -373,6 +373,7 @@ int security_path_rmdir(struct path *dir, struct dentry *dentry)
+ return 0;
+ return security_ops->path_rmdir(dir, dentry);
+ }
++EXPORT_SYMBOL(security_path_rmdir);
+
+ int security_path_unlink(struct path *dir, struct dentry *dentry)
+ {
+@@ -389,6 +390,7 @@ int security_path_symlink(struct path *dir, struct dentry *dentry,
+ return 0;
+ return security_ops->path_symlink(dir, dentry, old_name);
+ }
++EXPORT_SYMBOL(security_path_symlink);
+
+ int security_path_link(struct dentry *old_dentry, struct path *new_dir,
+ struct dentry *new_dentry)
+@@ -397,6 +399,7 @@ int security_path_link(struct dentry *old_dentry, struct path *new_dir,
+ return 0;
+ return security_ops->path_link(old_dentry, new_dir, new_dentry);
+ }
++EXPORT_SYMBOL(security_path_link);
+
+ int security_path_rename(struct path *old_dir, struct dentry *old_dentry,
+ struct path *new_dir, struct dentry *new_dentry)
+@@ -415,6 +418,7 @@ int security_path_truncate(struct path *path)
+ return 0;
+ return security_ops->path_truncate(path);
+ }
++EXPORT_SYMBOL(security_path_truncate);
+
+ int security_path_chmod(struct dentry *dentry, struct vfsmount *mnt,
+ mode_t mode)
+@@ -423,6 +427,7 @@ int security_path_chmod(struct dentry *dentry, struct vfsmount *mnt,
+ return 0;
+ return security_ops->path_chmod(dentry, mnt, mode);
+ }
++EXPORT_SYMBOL(security_path_chmod);
+
+ int security_path_chown(struct path *path, uid_t uid, gid_t gid)
+ {
+@@ -430,6 +435,7 @@ int security_path_chown(struct path *path, uid_t uid, gid_t gid)
+ return 0;
+ return security_ops->path_chown(path, uid, gid);
+ }
++EXPORT_SYMBOL(security_path_chown);
+
+ int security_path_chroot(struct path *path)
+ {
+@@ -506,6 +512,7 @@ int security_inode_readlink(struct dentry *dentry)
+ return 0;
+ return security_ops->inode_readlink(dentry);
+ }
++EXPORT_SYMBOL(security_inode_readlink);
+
+ int security_inode_follow_link(struct dentry *dentry, struct nameidata *nd)
+ {
+@@ -520,6 +527,7 @@ int security_inode_permission(struct inode *inode, int mask)
+ return 0;
+ return security_ops->inode_permission(inode, mask, 0);
+ }
++EXPORT_SYMBOL(security_inode_permission);
+
+ int security_inode_exec_permission(struct inode *inode, unsigned int flags)
+ {
+@@ -626,6 +634,7 @@ int security_file_permission(struct file *file, int mask)
+
+ return fsnotify_perm(file, mask);
+ }
++EXPORT_SYMBOL(security_file_permission);
+
+ int security_file_alloc(struct file *file)
+ {
+@@ -653,6 +662,7 @@ int security_file_mmap(struct file *file, unsigned long reqprot,
+ return ret;
+ return ima_file_mmap(file, prot);
+ }
++EXPORT_SYMBOL(security_file_mmap);
+
+ int security_file_mprotect(struct vm_area_struct *vma, unsigned long reqprot,
+ unsigned long prot)
diff --git a/sys-fs/aufs3/files/pax.patch b/sys-fs/aufs3/files/pax.patch
new file mode 100644
index 000000000000..df53004daddb
--- /dev/null
+++ b/sys-fs/aufs3/files/pax.patch
@@ -0,0 +1,135 @@
+commit 584bf002ec62a333840b87193b93ee5a521063f7
+Author: J. R. Okajima <hooanon05@yahoo.co.jp>
+Date: Thu May 27 11:28:41 2010 +0900
+
+ aufs: dynop supports grsec/pax patch
+
+ The grsec/pax patches make member of struct brabra_operation 'const.'
+ I don't understand why they need these 'const'. They modifies some of
+ structures, but other structures.
+ What do they want to protect from what?
+
+ The keyword 'const' is essentially a feature of C language and it never
+ modifes the behaviour of software. It just prohibits the assignment (or
+ modification) to a variable which is expected not to be modified.
+ In other word, it is a feature for programmers and doesn't enhance the
+ security level. Actually programmers can bypass 'const' easily by
+ indirect assignment as this patch does.
+
+ Also the grsec/pax patches modifies some assignments to the member
+ of struct brabra_operation in mainline kernel, but they don't make the
+ confirmation fot that. For example, they replaced these assignments by
+ declaring a structure statically.
+
+ - /* inherit and extend fuse_dev_operations */
+ - cuse_channel_fops = fuse_dev_operations;
+ - cuse_channel_fops.owner = THIS_MODULE;
+ - cuse_channel_fops.open = cuse_channel_open;
+ - cuse_channel_fops.release = cuse_channel_release;
+
+ +static const struct file_operations cuse_channel_fops = {
+ + .owner = THIS_MODULE,
+ + .llseek = no_llseek,
+ + .read = do_sync_read,
+ + .aio_read = fuse_dev_read,
+ + .write = do_sync_write,
+ + .aio_write = fuse_dev_write,
+ + .poll = fuse_dev_poll,
+ + .open = cuse_channel_open,
+ + .release = cuse_channel_release,
+ + .fasync = fuse_dev_fasync,
+ +};
+
+ By this modification, there exists major possible future problem I am
+ afraid. _If_ fuse_dev_operations is modified, then this code needs to
+ follow the change. But it is hard to detect such modification since
+ there is no trick to do so. Generally it is recommended to put code such
+ like this.
+
+ ----------------------------------------------------------------------
+ int n;
+ n++;
+ BUG_ON(super.member != derive.member);
+ } while (0);
+
+ n++; /* owner */
+ MakeSure(fuse_dev_operations, cuse_channel_fops, llseek);
+ MakeSure(fuse_dev_operations, cuse_channel_fops, read);
+ :::
+ BUG_ON(n != sizeof(cuse_channel_fops)/sizeof(cuse_channel_fops.owner));
+ ----------------------------------------------------------------------
+
+ This piece of code ensures two things.
+ - cuse_channel_fops correctly inherits fuse_dev_operations, eg. all
+ members are equivalent except the overrided ones.
+ - if some members are added or deleted from struct file_operations, it
+ should be detected by a debugging feature, the variable 'n'.
+
+ Without such trick, I am afraid the simple modification is a regression.
+
+ Signed-off-by: J. R. Okajima <hooanon05@yahoo.co.jp>
+
+diff --git a/fs/aufs/dynop.c b/fs/aufs/dynop.c
+index 12ea894..109d3bb 100644
+--- a/fs/aufs/dynop.c
++++ b/fs/aufs/dynop.c
+@@ -146,11 +146,22 @@ void au_dy_put(struct au_dykey *key)
+ #define DyDbgInc(cnt) do {} while (0)
+ #endif
+
++#define AuGrsecPaxPtr(func, dst, src) do { \
++ union { \
++ const void *o; \
++ char **p; \
++ } u; \
++ BUILD_BUG_ON(sizeof(u.o) != sizeof(&dst.func)); \
++ BUILD_BUG_ON(sizeof(*u.p) != sizeof(src.func)); \
++ u.o = (void *)&dst.func; \
++ *u.p = (void *)src.func; \
++} while (0)
++
+ #define DySet(func, dst, src, h_op, h_sb) do { \
+ DyDbgInc(cnt); \
+ if (h_op->func) { \
+ if (src.func) \
+- dst.func = src.func; \
++ AuGrsecPaxPtr(func, dst, src); \
+ else \
+ AuDbg("%s %s\n", au_sbtype(h_sb), #func); \
+ } \
+@@ -159,7 +170,7 @@ void au_dy_put(struct au_dykey *key)
+ #define DySetForce(func, dst, src) do { \
+ AuDebugOn(!src.func); \
+ DyDbgInc(cnt); \
+- dst.func = src.func; \
++ AuGrsecPaxPtr(func, dst, src); \
+ } while (0)
+
+ #define DySetAop(func) \
+@@ -297,14 +308,21 @@ out:
+ */
+ static void dy_adx(struct au_dyaop *dyaop, int do_dx)
+ {
++ union {
++ void *direct_IO, *get_xip_mem;
++ } grsec_pax_dummy = {
++ .get_xip_mem = NULL
++ };
++
+ if (!do_dx) {
+- dyaop->da_op.direct_IO = NULL;
+- dyaop->da_op.get_xip_mem = NULL;
++ AuGrsecPaxPtr(direct_IO, dyaop->da_op, grsec_pax_dummy);
++ AuGrsecPaxPtr(get_xip_mem, dyaop->da_op, grsec_pax_dummy);
+ } else {
+- dyaop->da_op.direct_IO = aufs_aop.direct_IO;
+- dyaop->da_op.get_xip_mem = aufs_aop.get_xip_mem;
++ AuGrsecPaxPtr(direct_IO, dyaop->da_op, aufs_aop);
++ AuGrsecPaxPtr(get_xip_mem, dyaop->da_op, aufs_aop);
+ if (!dyaop->da_get_xip_mem)
+- dyaop->da_op.get_xip_mem = NULL;
++ AuGrsecPaxPtr(get_xip_mem, dyaop->da_op,
++ grsec_pax_dummy);
+ }
+ }
+
diff --git a/sys-fs/aufs3/metadata.xml b/sys-fs/aufs3/metadata.xml
new file mode 100644
index 000000000000..5916c9f01a77
--- /dev/null
+++ b/sys-fs/aufs3/metadata.xml
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <herd>no-herd</herd>
+ <maintainer>
+ <email>jlec@gentoo.org</email>
+ </maintainer>
+ <maintainer>
+ <email>tommy@gentoo.org</email>
+ </maintainer>
+ <use>
+ <flag name="debug">Enable additional debugging support</flag>
+ <flag name="hfs">Enable hfs support</flag>
+ <flag name="fuse">Enable fuse support</flag>
+ <flag name="inotify">Enable inotify support</flag>
+ <flag name="kernel-patch">Patch the current kernel for aufs2 support</flag>
+ <flag name="nfs">Enable support for nfs export</flag>
+ <flag name="pax_kernel">Apply patch needed for pax enabled kernels</flag>
+ <flag name="ramfs">Enable initramfs/rootfs support</flag>
+ </use>
+</pkgmetadata>