diff options
| author |   Richard Yao <ryao@gentoo.org> | 2012-06-17 14:07:51 +0000 |
|---|---|---|
| committer | Richard Yao <ryao@gentoo.org> | 2012-06-17 14:07:51 +0000 |
| commit | f7476ff6bfe37ae292c08c3b756d35900163bce3 (patch) | |
| tree | bc1760cd84d91c7fe33be5dcab13f078b55c0810 /sys-fs | |
| parent | Drop alpha/ia64/sparc keywords (diff) | |
| download | gentoo-2-f7476ff6bfe37ae292c08c3b756d35900163bce3.tar.gz gentoo-2-f7476ff6bfe37ae292c08c3b756d35900163bce3.tar.bz2 gentoo-2-f7476ff6bfe37ae292c08c3b756d35900163bce3.zip | |
Support for sys-kernel/hardened-sources in 0.6.0-rc9, check for CONFIG_DEVTMPFS when USE=rootfs and miscellaneous style changes
(Portage version: 2.1.10.49/cvs/Linux x86_64)
Diffstat (limited to 'sys-fs')
| -rw-r--r-- | sys-fs/zfs/ChangeLog | 8 | ||||
| -rw-r--r-- | sys-fs/zfs/files/zfs-0.6.0_rc9-hardened-support.patch | 345 | ||||
| -rw-r--r-- | sys-fs/zfs/zfs-0.6.0_rc9.ebuild | 15 | ||||
| -rw-r--r-- | sys-fs/zfs/zfs-9999.ebuild | 15 |
4 files changed, 374 insertions, 9 deletions
diff --git a/sys-fs/zfs/ChangeLog b/sys-fs/zfs/ChangeLog index e7d3298b2dc0..13bb5b2007eb 100644 --- a/sys-fs/zfs/ChangeLog +++ b/sys-fs/zfs/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for sys-fs/zfs # Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sys-fs/zfs/ChangeLog,v 1.23 2012/06/16 18:57:39 ryao Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-fs/zfs/ChangeLog,v 1.24 2012/06/17 14:07:51 ryao Exp $ + + 17 Jun 2012; Richard Yao <ryao@gentoo.org> + +files/zfs-0.6.0_rc9-hardened-support.patch, zfs-0.6.0_rc9.ebuild, + zfs-9999.ebuild: + Support for sys-kernel/hardened-sources in 0.6.0-rc9, check for + CONFIG_DEVTMPFS when USE=rootfs and miscellaneous style changes *zfs-0.6.0_rc9 (16 Jun 2012) diff --git a/sys-fs/zfs/files/zfs-0.6.0_rc9-hardened-support.patch b/sys-fs/zfs/files/zfs-0.6.0_rc9-hardened-support.patch new file mode 100644 index 000000000000..882fb7cd918b --- /dev/null +++ b/sys-fs/zfs/files/zfs-0.6.0_rc9-hardened-support.patch @@ -0,0 +1,345 @@ +From 7f7bc416f3153fddecec85c0bbfd4d53fe9efc69 Mon Sep 17 00:00:00 2001 +From: Richard Yao <ryao@cs.stonybrook.edu> +Date: Wed, 30 May 2012 23:25:31 -0400 +Subject: [PATCH] Fix build failures on PaX/GRSecurity patched kernels + +Gentoo Hardened kernels include the PaX/GRSecurity patches. They use a +dialect of C that relies on a GCC plugin. In particular, struct +file_operations has been marked do_const in the PaX/GRSecurity dialect, +which causes GCC to consider all instances of it as const. This caused +failures in the autotools checks and the ZFS source code. + +To address this, we modify the autotools checks to take into account +differences between the PaX C dialect and the regular C dialect. We also +modify struct zfs_acl's z_ops member to be a pointer to a function +pointer table and make a char * pointer const. This avoids issues in the +PaX/GRSecurity dialect. + +Signed-off-by: Richard Yao <ryao@cs.stonybrook.edu> +--- + config/kernel-evict-inode.m4 | 6 ++--- + config/kernel-fallocate.m4 | 21 +++++++++++++++ + config/kernel-fsync.m4 | 60 ++++++++++++++++++++++++++++++++++++++++++ + include/sys/zfs_acl.h | 2 +- + module/zfs/zfs_acl.c | 50 +++++++++++++++++------------------ + module/zfs/zpl_inode.c | 2 +- + 6 files changed, 111 insertions(+), 30 deletions(-) + +diff --git a/config/kernel-evict-inode.m4 b/config/kernel-evict-inode.m4 +index 0700792..683cedb 100644 +--- a/config/kernel-evict-inode.m4 ++++ b/config/kernel-evict-inode.m4 +@@ -7,12 +7,12 @@ AC_DEFUN([ZFS_AC_KERNEL_EVICT_INODE], [ + AC_MSG_CHECKING([whether sops->evict_inode() exists]) + ZFS_LINUX_TRY_COMPILE([ + #include <linux/fs.h> +- ],[ +- void (*evict_inode) (struct inode *) = NULL; +- struct super_operations sops __attribute__ ((unused)) = { ++ void evict_inode (struct inode * t) { return; } ++ static struct super_operations sops __attribute__ ((unused)) = { + .evict_inode = evict_inode, + }; + ],[ ++ ],[ + AC_MSG_RESULT(yes) + AC_DEFINE(HAVE_EVICT_INODE, 1, [sops->evict_inode() exists]) + ],[ +diff --git a/config/kernel-fallocate.m4 b/config/kernel-fallocate.m4 +index d551276..6ac5ae6 100644 +--- a/config/kernel-fallocate.m4 ++++ b/config/kernel-fallocate.m4 +@@ -39,10 +39,31 @@ AC_DEFUN([ZFS_AC_KERNEL_INODE_FALLOCATE], [ + ]) + + dnl # ++dnl # PaX Linux 2.6.38 - 3.x API ++dnl # ++AC_DEFUN([ZFS_AC_PAX_KERNEL_FILE_FALLOCATE], [ ++ AC_MSG_CHECKING([whether fops->fallocate() exists]) ++ ZFS_LINUX_TRY_COMPILE([ ++ #include <linux/fs.h> ++ ],[ ++ long (*fallocate) (struct file *, int, loff_t, loff_t) = NULL; ++ struct file_operations_no_const fops __attribute__ ((unused)) = { ++ .fallocate = fallocate, ++ }; ++ ],[ ++ AC_MSG_RESULT(yes) ++ AC_DEFINE(HAVE_FILE_FALLOCATE, 1, [fops->fallocate() exists]) ++ ],[ ++ AC_MSG_RESULT(no) ++ ]) ++]) ++ ++dnl # + dnl # The fallocate callback was moved from the inode_operations + dnl # structure to the file_operations structure. + dnl # + AC_DEFUN([ZFS_AC_KERNEL_FALLOCATE], [ + ZFS_AC_KERNEL_FILE_FALLOCATE + ZFS_AC_KERNEL_INODE_FALLOCATE ++ ZFS_AC_PAX_KERNEL_FILE_FALLOCATE + ]) +diff --git a/config/kernel-fsync.m4 b/config/kernel-fsync.m4 +index 862b897..2a2b4ab 100644 +--- a/config/kernel-fsync.m4 ++++ b/config/kernel-fsync.m4 +@@ -55,9 +55,69 @@ AC_DEFUN([ZFS_AC_KERNEL_FSYNC_RANGE], [ + ]) + ]) + ++dnl # ++dnl # PaX Linux 2.6.x - 2.6.34 API ++dnl # ++AC_DEFUN([ZFS_AC_PAX_KERNEL_FSYNC_WITH_DENTRY], [ ++ ZFS_LINUX_TRY_COMPILE([ ++ #include <linux/fs.h> ++ ],[ ++ int (*fsync) (struct file *, struct dentry *, int) = NULL; ++ file_operations_no_const fops __attribute__ ((unused)); ++ ++ fops.fsync = fsync; ++ ],[ ++ AC_MSG_RESULT([dentry]) ++ AC_DEFINE(HAVE_FSYNC_WITH_DENTRY, 1, ++ [fops->fsync() with dentry]) ++ ],[ ++ ]) ++]) ++ ++dnl # ++dnl # PaX Linux 2.6.35 - Linux 3.0 API ++dnl # ++AC_DEFUN([ZFS_AC_PAX_KERNEL_FSYNC_WITHOUT_DENTRY], [ ++ ZFS_LINUX_TRY_COMPILE([ ++ #include <linux/fs.h> ++ ],[ ++ int (*fsync) (struct file *, int) = NULL; ++ file_operations_no_const fops __attribute__ ((unused)); ++ ++ fops.fsync = fsync; ++ ],[ ++ AC_MSG_RESULT([no dentry]) ++ AC_DEFINE(HAVE_FSYNC_WITHOUT_DENTRY, 1, ++ [fops->fsync() without dentry]) ++ ],[ ++ ]) ++]) ++ ++dnl # ++dnl # PaX Linux 3.1 -x 3.x API ++dnl # ++AC_DEFUN([ZFS_AC_PAX_KERNEL_FSYNC_RANGE], [ ++ ZFS_LINUX_TRY_COMPILE([ ++ #include <linux/fs.h> ++ ],[ ++ int (*fsync) (struct file *, loff_t, loff_t, int) = NULL; ++ file_operations_no_const fops __attribute__ ((unused)); ++ ++ fops.fsync = fsync; ++ ],[ ++ AC_MSG_RESULT([range]) ++ AC_DEFINE(HAVE_FSYNC_RANGE, 1, ++ [fops->fsync() with range]) ++ ],[ ++ ]) ++]) ++ + AC_DEFUN([ZFS_AC_KERNEL_FSYNC], [ + AC_MSG_CHECKING([whether fops->fsync() wants]) + ZFS_AC_KERNEL_FSYNC_WITH_DENTRY + ZFS_AC_KERNEL_FSYNC_WITHOUT_DENTRY + ZFS_AC_KERNEL_FSYNC_RANGE ++ ZFS_AC_PAX_KERNEL_FSYNC_WITH_DENTRY ++ ZFS_AC_PAX_KERNEL_FSYNC_WITHOUT_DENTRY ++ ZFS_AC_PAX_KERNEL_FSYNC_RANGE + ]) +diff --git a/include/sys/zfs_acl.h b/include/sys/zfs_acl.h +index b6ed439..11fc335 100644 +--- a/include/sys/zfs_acl.h ++++ b/include/sys/zfs_acl.h +@@ -165,7 +165,7 @@ + uint64_t z_hints; /* ACL hints (ZFS_INHERIT_ACE ...) */ + zfs_acl_node_t *z_curr_node; /* current node iterator is handling */ + list_t z_acl; /* chunks of ACE data */ +- acl_ops_t z_ops; /* ACL operations */ ++ acl_ops_t *z_ops; /* ACL operations */ + } zfs_acl_t; + + typedef struct acl_locator_cb { +diff --git a/module/zfs/zfs_acl.c b/module/zfs/zfs_acl.c +index 40f792b..df690b3 100644 +--- a/module/zfs/zfs_acl.c ++++ b/module/zfs/zfs_acl.c +@@ -457,9 +457,9 @@ + offsetof(zfs_acl_node_t, z_next)); + aclp->z_version = vers; + if (vers == ZFS_ACL_VERSION_FUID) +- aclp->z_ops = zfs_acl_fuid_ops; ++ aclp->z_ops = &zfs_acl_fuid_ops; + else +- aclp->z_ops = zfs_acl_v0_ops; ++ aclp->z_ops = &zfs_acl_v0_ops; + return (aclp); + } + +@@ -609,17 +609,17 @@ + /* + * Make sure we don't overstep our bounds + */ +- ace_size = aclp->z_ops.ace_size(acep); ++ ace_size = aclp->z_ops->ace_size(acep); + + if (((caddr_t)acep + ace_size) > + ((caddr_t)aclnode->z_acldata + aclnode->z_size)) { + return (NULL); + } + +- *iflags = aclp->z_ops.ace_flags_get(acep); +- *type = aclp->z_ops.ace_type_get(acep); +- *access_mask = aclp->z_ops.ace_mask_get(acep); +- *who = aclp->z_ops.ace_who_get(acep); ++ *iflags = aclp->z_ops->ace_flags_get(acep); ++ *type = aclp->z_ops->ace_type_get(acep); ++ *access_mask = aclp->z_ops->ace_mask_get(acep); ++ *who = aclp->z_ops->ace_who_get(acep); + aclp->z_next_ace = (caddr_t)aclp->z_next_ace + ace_size; + aclnode->z_ace_idx++; + +@@ -698,7 +698,7 @@ + } + + aceptr = (zfs_ace_t *)((caddr_t)aceptr + +- aclp->z_ops.ace_size(aceptr)); ++ aclp->z_ops->ace_size(aceptr)); + } + + *size = (caddr_t)aceptr - (caddr_t)z_acl; +@@ -824,7 +824,7 @@ + + newaclnode = zfs_acl_node_alloc(aclp->z_acl_count * + sizeof (zfs_object_ace_t)); +- aclp->z_ops = zfs_acl_fuid_ops; ++ aclp->z_ops = &zfs_acl_fuid_ops; + VERIFY(zfs_copy_ace_2_fuid(ZTOZSB(zp), ZTOI(zp)->i_mode, + aclp, oldaclp, newaclnode->z_acldata, aclp->z_acl_count, + &newaclnode->z_size, NULL, cr) == 0); +@@ -868,12 +868,12 @@ + { + uint16_t type = entry_type & ACE_TYPE_FLAGS; + +- aclp->z_ops.ace_mask_set(acep, access_mask); +- aclp->z_ops.ace_type_set(acep, access_type); +- aclp->z_ops.ace_flags_set(acep, entry_type); ++ aclp->z_ops->ace_mask_set(acep, access_mask); ++ aclp->z_ops->ace_type_set(acep, access_type); ++ aclp->z_ops->ace_flags_set(acep, entry_type); + if ((type != ACE_OWNER && type != OWNING_GROUP && + type != ACE_EVERYONE)) +- aclp->z_ops.ace_who_set(acep, fuid); ++ aclp->z_ops->ace_who_set(acep, fuid); + } + + /* +@@ -1454,7 +1454,7 @@ + uint16_t iflags, type; + uint32_t access_mask; + zfs_acl_node_t *newnode; +- size_t abstract_size = aclp->z_ops.ace_abstract_size(); ++ size_t abstract_size = aclp->z_ops->ace_abstract_size(); + void *zacep; + uint32_t owner, group, everyone; + uint32_t deny1, deny2, allow0; +@@ -1530,7 +1530,7 @@ + } + } + zfs_set_ace(aclp, zacep, access_mask, type, who, iflags); +- ace_size = aclp->z_ops.ace_size(acep); ++ ace_size = aclp->z_ops->ace_size(acep); + zacep = (void *)((uintptr_t)zacep + ace_size); + new_count++; + new_bytes += ace_size; +@@ -1570,12 +1570,12 @@ + static void + zfs_restricted_update(zfs_sb_t *zsb, zfs_acl_t *aclp, void *acep) + { +- uint32_t mask = aclp->z_ops.ace_mask_get(acep); ++ uint32_t mask = aclp->z_ops->ace_mask_get(acep); + + if ((zsb->z_acl_inherit == ZFS_ACL_RESTRICTED) && +- (aclp->z_ops.ace_type_get(acep) == ALLOW)) { ++ (aclp->z_ops->ace_type_get(acep) == ALLOW)) { + mask &= ~RESTRICTED_CLEAR; +- aclp->z_ops.ace_mask_set(acep, mask); ++ aclp->z_ops->ace_mask_set(acep, mask); + } + } + +@@ -1640,7 +1640,7 @@ + if (noallow && type == ALLOW) + continue; + +- ace_size = aclp->z_ops.ace_size(pacep); ++ ace_size = aclp->z_ops->ace_size(pacep); + + if (!zfs_ace_can_use(obj_mode, iflags)) + continue; +@@ -1672,8 +1672,8 @@ + /* + * Copy special opaque data if any + */ +- if ((data1sz = paclp->z_ops.ace_data(pacep, &data1)) != 0) { +- VERIFY((data2sz = aclp->z_ops.ace_data(acep, ++ if ((data1sz = paclp->z_ops->ace_data(pacep, &data1)) != 0) { ++ VERIFY((data2sz = aclp->z_ops->ace_data(acep, + &data2)) == data1sz); + bcopy(data1, data2, data2sz); + } +@@ -1681,14 +1681,14 @@ + aclp->z_acl_count++; + aclnode->z_ace_count++; + aclp->z_acl_bytes += aclnode->z_size; +- newflags = aclp->z_ops.ace_flags_get(acep); ++ newflags = aclp->z_ops->ace_flags_get(acep); + + if (vdir) + aclp->z_hints |= ZFS_INHERIT_ACE; + + if ((iflags & ACE_NO_PROPAGATE_INHERIT_ACE) || !vdir) { + newflags &= ~ALL_INHERIT; +- aclp->z_ops.ace_flags_set(acep, ++ aclp->z_ops->ace_flags_set(acep, + newflags|ACE_INHERITED_ACE); + zfs_restricted_update(zsb, aclp, acep); + continue; +@@ -1703,11 +1703,11 @@ + if ((iflags & (ACE_FILE_INHERIT_ACE | + ACE_DIRECTORY_INHERIT_ACE)) == ACE_FILE_INHERIT_ACE) { + newflags |= ACE_INHERIT_ONLY_ACE; +- aclp->z_ops.ace_flags_set(acep, ++ aclp->z_ops->ace_flags_set(acep, + newflags|ACE_INHERITED_ACE); + } else { + newflags &= ~ACE_INHERIT_ONLY_ACE; +- aclp->z_ops.ace_flags_set(acep, ++ aclp->z_ops->ace_flags_set(acep, + newflags|ACE_INHERITED_ACE); + } + } +diff --git a/module/zfs/zpl_inode.c b/module/zfs/zpl_inode.c +index 1f6169b..5b6692f 100644 +--- a/module/zfs/zpl_inode.c ++++ b/module/zfs/zpl_inode.c +@@ -294,7 +294,7 @@ + static void + zpl_put_link(struct dentry *dentry, struct nameidata *nd, void *ptr) + { +- char *link; ++ const char *link; + + link = nd_get_link(nd); + if (!IS_ERR(link)) +-- +1.7.10 + diff --git a/sys-fs/zfs/zfs-0.6.0_rc9.ebuild b/sys-fs/zfs/zfs-0.6.0_rc9.ebuild index 8d81376bb430..25296739621c 100644 --- a/sys-fs/zfs/zfs-0.6.0_rc9.ebuild +++ b/sys-fs/zfs/zfs-0.6.0_rc9.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2012 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-fs/zfs/zfs-0.6.0_rc9.ebuild,v 1.1 2012/06/16 18:57:39 ryao Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-fs/zfs/zfs-0.6.0_rc9.ebuild,v 1.2 2012/06/17 14:07:51 ryao Exp $ EAPI="4" @@ -10,11 +10,11 @@ AUTOTOOLS_IN_SOURCE_BUILD="1" inherit flag-o-matic linux-mod toolchain-funcs autotools-utils -if [[ ${PV} == "9999" ]] ; then +if [ ${PV} == "9999" ] ; then inherit git-2 EGIT_REPO_URI="git://github.com/zfsonlinux/${PN}.git" else - inherit versionator + inherit eutils versionator MY_PV=$(replace_version_separator 3 '-') SRC_URI="https://github.com/downloads/zfsonlinux/${PN}/${PN}-${MY_PV}.tar.gz" S="${WORKDIR}/${PN}-${MY_PV}" @@ -64,6 +64,7 @@ pkg_setup() { MODULES ZLIB_DEFLATE ZLIB_INFLATE" + use rootfs && CONFIG_CHECK="${CONFIG_CHECK} DEVTMPFS" kernel_is ge 2 6 26 || die "Linux 2.6.26 or newer required" check_extra_config } @@ -73,6 +74,12 @@ src_prepare() { sed -i "s|/sbin/lsmod|/bin/lsmod|" scripts/common.sh.in || die # Workaround rename sed -i "s|/usr/bin/scsi-rescan|/usr/sbin/rescan-scsi-bus|" scripts/common.sh.in || die + + if [ ${PV} != "9999" ] + then + epatch "${FILESDIR}/${P}-hardened-support.patch" + fi + autotools-utils_src_prepare } @@ -92,7 +99,7 @@ src_configure() { } src_test() { - if [[ $UID -ne 0 ]] + if [ $UID -ne 0 ] then ewarn "Cannot run make check tests with FEATURES=userpriv." ewarn "Skipping make check tests." diff --git a/sys-fs/zfs/zfs-9999.ebuild b/sys-fs/zfs/zfs-9999.ebuild index 098af1f944f6..24ec586dcfed 100644 --- a/sys-fs/zfs/zfs-9999.ebuild +++ b/sys-fs/zfs/zfs-9999.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2012 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-fs/zfs/zfs-9999.ebuild,v 1.22 2012/06/16 18:57:39 ryao Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-fs/zfs/zfs-9999.ebuild,v 1.23 2012/06/17 14:07:51 ryao Exp $ EAPI="4" @@ -10,11 +10,11 @@ AUTOTOOLS_IN_SOURCE_BUILD="1" inherit flag-o-matic linux-mod toolchain-funcs autotools-utils -if [[ ${PV} == "9999" ]] ; then +if [ ${PV} == "9999" ] ; then inherit git-2 EGIT_REPO_URI="git://github.com/zfsonlinux/${PN}.git" else - inherit versionator + inherit eutils versionator MY_PV=$(replace_version_separator 3 '-') SRC_URI="https://github.com/downloads/zfsonlinux/${PN}/${PN}-${MY_PV}.tar.gz" S="${WORKDIR}/${PN}-${MY_PV}" @@ -64,6 +64,7 @@ pkg_setup() { MODULES ZLIB_DEFLATE ZLIB_INFLATE" + use rootfs && CONFIG_CHECK="${CONFIG_CHECK} DEVTMPFS" kernel_is ge 2 6 26 || die "Linux 2.6.26 or newer required" check_extra_config } @@ -73,6 +74,12 @@ src_prepare() { sed -i "s|/sbin/lsmod|/bin/lsmod|" scripts/common.sh.in || die # Workaround rename sed -i "s|/usr/bin/scsi-rescan|/usr/sbin/rescan-scsi-bus|" scripts/common.sh.in || die + + if [ ${PV} != "9999" ] + then + epatch "${FILESDIR}/${P}-hardened-support.patch" + fi + autotools-utils_src_prepare } @@ -92,7 +99,7 @@ src_configure() { } src_test() { - if [[ $UID -ne 0 ]] + if [ $UID -ne 0 ] then ewarn "Cannot run make check tests with FEATURES=userpriv." ewarn "Skipping make check tests." |