[illumos-gate merge]

commit 0193495632be916873f94049cb3da876f1b1ae01
    10507 NO_GENUNIX_UNIQUIFY has no effect
commit 18af157d87b4b81f71536f46eb203c55084f0e58
    10899 loader: use ldscript to build loader (10605 regression)
commit 36d4738015761d092fe5921e277cba513295e7a9
    10887 Missing void cast in wcuwsrv()
commit d3351b346d0c3defc40a1eeafcbebec6201461ec
    10886 smatch debug macro cleanup in usr/src/uts
commit 245d13322fd3ad73899eb875f067b1582501c6f4
    10506 CVE-2019-9579 Access problem with SMB server

16 files changed, 121 insertions, 49 deletions

diff --git a/usr/src/boot/sys/boot/i386/loader/Makefile b/usr/src/boot/sys/boot/i386/loader/Makefile
index ab866d6338..e41fab4189 100644
--- a/usr/src/boot/sys/boot/i386/loader/Makefile
+++ b/usr/src/boot/sys/boot/i386/loader/Makefile
@@ -84,7 +84,8 @@ CPPFLAGS +=	-I.
 CLEANFILES=	vers.c $(LOADER) $(LOADER).sym $(LOADER).bin loader.help
 CLEANFILES +=	$(FONT).c
 
-LDFLAGS=	-static -Ttext 0x0
+LDSCRIPT=	ldscript.i386
+LDFLAGS=	-static -T $(LDSCRIPT) -N --gc-sections
 
 # i386 standalone support library
 CPPFLAGS +=	-I.. -I../../../../lib/libstand
diff --git a/usr/src/boot/sys/boot/i386/loader/ldscript.i386 b/usr/src/boot/sys/boot/i386/loader/ldscript.i386
new file mode 100644
index 0000000000..88b0c22db1
--- /dev/null
+++ b/usr/src/boot/sys/boot/i386/loader/ldscript.i386
@@ -0,0 +1,51 @@
+/*
+ * This file and its contents are supplied under the terms of the
+ * Common Development and Distribution License ("CDDL"), version 1.0.
+ * You may only use this file in accordance with the terms of version
+ * 1.0 of the CDDL.
+ *
+ * A full copy of the text of the CDDL should have accompanied this
+ * source.  A copy of the CDDL is also available via the Internet at
+ * http://www.illumos.org/license/CDDL.
+ */
+/*
+ * Copyright 2019 Toomas Soome <tsoome@me.com>
+ */
+
+OUTPUT_FORMAT("elf32-i386-sol2", "elf32-i386-sol2", "elf32-i386-sol2")
+OUTPUT_ARCH(i386)
+ENTRY(_start)
+SECTIONS
+{
+	. = 0x0;
+	.text . :
+	{
+		*(.text .text.*)
+		*(.plt)
+	}
+	.data :
+	{
+		*(.rodata .rodata.*)
+		*(.rodata1)
+		*(.data .data.*)
+		*(.got.plt .got)
+		__start_set_Xcommand_set = .;
+		*(set_Xcommand_set)
+		__stop_set_Xcommand_set = .;
+		__start_set_Xficl_compile_set = .;
+		*(set_Xficl_compile_set)
+		__stop_set_Xficl_compile_set = .;
+		_edata = .;
+	}
+
+	.bss :
+	{
+		__bss_start = . ;
+		*(.bss .bss.*)
+		*(COMMON)
+	}
+	.edata :
+	{
+		_end = . ;
+	}
+}
diff --git a/usr/src/boot/sys/boot/i386/loader/main.c b/usr/src/boot/sys/boot/i386/loader/main.c
index 6f96c6a757..7bd5373976 100644
--- a/usr/src/boot/sys/boot/i386/loader/main.c
+++ b/usr/src/boot/sys/boot/i386/loader/main.c
@@ -69,7 +69,7 @@ void			exit(int code);
 static void		i386_zfs_probe(void);
 
 /* XXX debugging */
-extern char end[];
+extern char _end[];
 
 static void *heap_top;
 static void *heap_bottom;
@@ -101,7 +101,7 @@ main(void)
 	    memtop_copyin = high_heap_base;
     } else {
 	heap_top = (void *)PTOV(bios_basemem);
-	heap_bottom = (void *)end;
+	heap_bottom = (void *)_end;
     }
     setheap(heap_bottom, heap_top);
 
diff --git a/usr/src/uts/Makefile.uts b/usr/src/uts/Makefile.uts
index 57597ad909..416cf5166e 100644
--- a/usr/src/uts/Makefile.uts
+++ b/usr/src/uts/Makefile.uts
@@ -350,7 +350,7 @@ CTFMERGE_GENUNIX	= \
 #
 NO_GENUNIX_UNIQUIFY=$(POUND_SIGN)
 CTFMERGE_GENUNIX_DFLAG=-d $(CTFMERGE_GENUNIX)
-$(NO_GENUNIX_UNIQUIFY)CTF_GENUNIX_DFLAG=
+$(NO_GENUNIX_UNIQUIFY)CTFMERGE_GENUNIX_DFLAG=
 
 CTFMERGE_UNIQUIFY_AGAINST_GENUNIX	= \
 	$(CTFMERGE) $(CTFMRGFLAGS) -L VERSION \
diff --git a/usr/src/uts/common/fs/smbsrv/smb_common_open.c b/usr/src/uts/common/fs/smbsrv/smb_common_open.c
index 780f805cae..695a2c062c 100644
--- a/usr/src/uts/common/fs/smbsrv/smb_common_open.c
+++ b/usr/src/uts/common/fs/smbsrv/smb_common_open.c
@@ -801,14 +801,12 @@ smb_open_subr(smb_request_t *sr)
 			op->desired_access |= max_allowed;
 		}
 		/*
-		 * We created created this object (we own it) so
-		 * grant read/write attributes on this handle,
+		 * We created this object (we own it) so grant
+		 * read_control + read_attributes on this handle,
 		 * even if that was not requested.  This avoids
-		 * unexpected access failures later that would
-		 * happen if these were not granted.
+		 * unexpected access failures later.
 		 */
-		op->desired_access |= (READ_CONTROL |
-		    FILE_READ_ATTRIBUTES | FILE_WRITE_ATTRIBUTES);
+		op->desired_access |= (READ_CONTROL | FILE_READ_ATTRIBUTES);
 	}
 
 	status = NT_STATUS_SUCCESS;
diff --git a/usr/src/uts/common/fs/smbsrv/smb_fsops.c b/usr/src/uts/common/fs/smbsrv/smb_fsops.c
index 9b860bb4c1..e58b065d6e 100644
--- a/usr/src/uts/common/fs/smbsrv/smb_fsops.c
+++ b/usr/src/uts/common/fs/smbsrv/smb_fsops.c
@@ -20,7 +20,7 @@
  */
 /*
  * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
- * Copyright 2015 Nexenta Systems, Inc.  All rights reserved.
+ * Copyright 2018 Nexenta Systems, Inc.  All rights reserved.
  */
 
 #include <sys/sid.h>
@@ -381,7 +381,11 @@ smb_fsop_create_stream(smb_request_t *sr, cred_t *cr,
 	/* Look up / create the unnamed stream, fname */
 	rc = smb_fsop_lookup(sr, cr, flags | SMB_FOLLOW_LINKS,
 	    sr->tid_tree->t_snode, dnode, fname, &fnode);
-	if (rc == ENOENT) {
+	if (rc == 0) {
+		if (smb_fsop_access(sr, sr->user_cr, fnode,
+		    sr->sr_open.desired_access) != 0)
+			rc = EACCES;
+	} else if (rc == ENOENT) {
 		fcreate = B_TRUE;
 		rc = smb_fsop_create_file(sr, cr, dnode, fname, flags,
 		    attr, &fnode);
@@ -2036,10 +2040,13 @@ smb_fsop_aclread(smb_request_t *sr, cred_t *cr, smb_node_t *snode,
 	int flags = 0;
 	int access = 0;
 	acl_t *acl;
-	smb_node_t *unnamed_node;
 
 	ASSERT(cr);
 
+	/* Can't query security on named streams */
+	if (SMB_IS_STREAM(snode) != NULL)
+		return (EINVAL);
+
 	if (SMB_TREE_HAS_ACCESS(sr, ACE_READ_ACL) == 0)
 		return (EACCES);
 
@@ -2056,16 +2063,6 @@ smb_fsop_aclread(smb_request_t *sr, cred_t *cr, smb_node_t *snode,
 		}
 	}
 
-	unnamed_node = SMB_IS_STREAM(snode);
-	if (unnamed_node) {
-		ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC);
-		ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING);
-		/*
-		 * Streams don't have ACL, any read ACL attempt on a stream
-		 * should be performed on the unnamed stream.
-		 */
-		snode = unnamed_node;
-	}
 
 	if (smb_tree_has_feature(sr->tid_tree, SMB_TREE_ACEMASKONACCESS))
 		flags = ATTR_NOACLCHECK;
@@ -2102,7 +2099,6 @@ smb_fsop_aclwrite(smb_request_t *sr, cred_t *cr, smb_node_t *snode,
 	int flags = 0;
 	int access = 0;
 	acl_t *acl, *dacl, *sacl;
-	smb_node_t *unnamed_node;
 
 	ASSERT(cr);
 
@@ -2111,6 +2107,10 @@ smb_fsop_aclwrite(smb_request_t *sr, cred_t *cr, smb_node_t *snode,
 	if (SMB_TREE_IS_READONLY(sr))
 		return (EROFS);
 
+	/* Can't set security on named streams */
+	if (SMB_IS_STREAM(snode) != NULL)
+		return (EINVAL);
+
 	if (SMB_TREE_HAS_ACCESS(sr, ACE_WRITE_ACL) == 0)
 		return (EACCES);
 
@@ -2138,17 +2138,6 @@ smb_fsop_aclwrite(smb_request_t *sr, cred_t *cr, smb_node_t *snode,
 		return (EINVAL);
 	}
 
-	unnamed_node = SMB_IS_STREAM(snode);
-	if (unnamed_node) {
-		ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC);
-		ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING);
-		/*
-		 * Streams don't have ACL, any write ACL attempt on a stream
-		 * should be performed on the unnamed stream.
-		 */
-		snode = unnamed_node;
-	}
-
 	dacl = fs_sd->sd_zdacl;
 	sacl = fs_sd->sd_zsacl;
 
@@ -2203,6 +2192,10 @@ smb_fsop_sdread(smb_request_t *sr, cred_t *cr, smb_node_t *snode,
 	ASSERT(cr);
 	ASSERT(fs_sd);
 
+	/* Can't query security on named streams */
+	if (SMB_IS_STREAM(snode) != NULL)
+		return (EINVAL);
+
 	/*
 	 * File's uid/gid is fetched in two cases:
 	 *
@@ -2368,6 +2361,10 @@ smb_fsop_sdwrite(smb_request_t *sr, cred_t *cr, smb_node_t *snode,
 	if (SMB_TREE_IS_READONLY(sr))
 		return (EROFS);
 
+	/* Can't set security on named streams */
+	if (SMB_IS_STREAM(snode) != NULL)
+		return (EINVAL);
+
 	bzero(&set_attr, sizeof (smb_attr_t));
 
 	if (fs_sd->sd_secinfo & SMB_OWNER_SECINFO) {
diff --git a/usr/src/uts/common/io/bscbus.c b/usr/src/uts/common/io/bscbus.c
index 318ed40d69..b229f08a76 100644
--- a/usr/src/uts/common/io/bscbus.c
+++ b/usr/src/uts/common/io/bscbus.c
@@ -22,6 +22,8 @@
  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  *
+ * Copyright 2019 Joyent, Inc.
+ *
  * The "bscbus" driver provides access to the LOMlite2 virtual registers,
  * so that its clients (children) need not be concerned with the details
  * of the access mechanism, which in this case is implemented via a
@@ -404,7 +406,7 @@ bscbus_trace(struct bscbus_channel_state *csp, char code, const char *caller,
 	}
 }
 #else /* DEBUG */
-#define	bscbus_trace
+#define	bscbus_trace(...) (void)(0)
 #endif /* DEBUG */
 
 static struct bscbus_state *
diff --git a/usr/src/uts/common/io/bscv.c b/usr/src/uts/common/io/bscv.c
index 829268c822..a3923d5287 100644
--- a/usr/src/uts/common/io/bscv.c
+++ b/usr/src/uts/common/io/bscv.c
@@ -23,6 +23,9 @@
  * Use is subject to license terms.
  */
 
+/*
+ * Copyright 2019 Joyent, Inc.
+ */
 
 /*
  * bscv.c - multi-threaded lom driver for the Stiletto platform.
@@ -404,7 +407,7 @@ static int bscv_trace_flag = 1;
 
 #define	BSCV_TRACE   if (bscv_trace_flag != 0)	bscv_trace
 #else
-#define	BSCV_TRACE
+#define	BSCV_TRACE(...) (void)(0)
 #endif
 
 /*
diff --git a/usr/src/uts/common/io/mwl/mwl.c b/usr/src/uts/common/io/mwl/mwl.c
index 98d0892326..47bffb6cd8 100644
--- a/usr/src/uts/common/io/mwl/mwl.c
+++ b/usr/src/uts/common/io/mwl/mwl.c
@@ -34,6 +34,10 @@
  */
 
 /*
+ * Copyright 2019 Joyent, Inc.
+ */
+
+/*
  * Driver for the Marvell 88W8363 Wireless LAN controller.
  */
 #include <sys/stat.h>
@@ -128,7 +132,7 @@ uint32_t mwl_dbg_flags = 0x0;
 #define	MWL_DBG	\
 	mwl_debug
 #else
-#define	MWL_DBG
+#define	MWL_DBG(...) (void)(0)
 #endif
 
 /*
diff --git a/usr/src/uts/common/io/rtw/rtwvar.h b/usr/src/uts/common/io/rtw/rtwvar.h
index 1b0aabbbe5..e034d3bd4c 100644
--- a/usr/src/uts/common/io/rtw/rtwvar.h
+++ b/usr/src/uts/common/io/rtw/rtwvar.h
@@ -1,6 +1,8 @@
 /*
  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
+ *
+ * Copyright 2019 Joyent, Inc.
  */
 /*
  * Copyright (c) 2004, 2005 David Young.  All rights reserved.
@@ -78,7 +80,7 @@ extern void rtw_dbg(uint32_t dbg_flags, const int8_t *fmt, ...);
 #define	RTW_DPRINTF \
 	rtw_dbg
 #else /* DEBUG */
-#define	RTW_DPRINTF
+#define	RTW_DPRINTF(...) (void)(0)
 #endif /* DEBUG */
 
 enum rtw_locale {
diff --git a/usr/src/uts/common/io/rwd/rt2661.c b/usr/src/uts/common/io/rwd/rt2661.c
index df3e688e4d..97de5ab482 100644
--- a/usr/src/uts/common/io/rwd/rt2661.c
+++ b/usr/src/uts/common/io/rwd/rt2661.c
@@ -25,6 +25,10 @@
  * http://www.ralinktech.com/
  */
 
+/*
+ * Copyright 2019 Joyent, Inc.
+ */
+
 #include <sys/types.h>
 #include <sys/byteorder.h>
 #include <sys/conf.h>
@@ -77,7 +81,7 @@ uint32_t rt2661_dbg_flags = 0;
 #define	RWD_DEBUG \
 	rt2661_debug
 #else
-#define	RWD_DEBUG
+#define	RWD_DEBUG(...) (void)(0)
 #endif
 
 static void *rt2661_soft_state_p = NULL;
diff --git a/usr/src/uts/common/io/rwn/rt2860.c b/usr/src/uts/common/io/rwn/rt2860.c
index 5aaeebb4ac..f58c2c3f10 100644
--- a/usr/src/uts/common/io/rwn/rt2860.c
+++ b/usr/src/uts/common/io/rwn/rt2860.c
@@ -2,7 +2,7 @@
  * Copyright 2017 Gary Mills
  * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
- * Copyright (c) 2018, Joyent, Inc.
+ * Copyright 2019 Joyent, Inc.
  */
 
 /*
@@ -73,7 +73,7 @@ uint32_t rt2860_dbg_flags = 0x0;
 #define	RWN_DEBUG \
 	rt2860_debug
 #else
-#define	RWN_DEBUG
+#define	RWN_DEBUG(...) (void)(0)
 #endif
 
 static void *rt2860_soft_state_p = NULL;
diff --git a/usr/src/uts/common/io/uath/uath.c b/usr/src/uts/common/io/uath/uath.c
index 3353369389..4d24e55316 100644
--- a/usr/src/uts/common/io/uath/uath.c
+++ b/usr/src/uts/common/io/uath/uath.c
@@ -4,6 +4,10 @@
  */
 
 /*
+ * Copyright 2019 Joyent, Inc.
+ */
+
+/*
  * Copyright (c) 2006 Sam Leffler, Errno Consulting
  * Copyright (c) 2008-2009 Weongyo Jeong <weongyo@freebsd.org>
  * All rights reserved.
@@ -94,7 +98,7 @@ uint32_t uath_dbg_flags = 0;
 #define	UATH_DEBUG \
 	uath_debug
 #else
-#define	UATH_DEBUG
+#define	UATH_DEBUG(...) (void)(0)
 #endif
 
 /*
diff --git a/usr/src/uts/common/io/wscons.c b/usr/src/uts/common/io/wscons.c
index f7a0eaa99c..6ba2c7196b 100644
--- a/usr/src/uts/common/io/wscons.c
+++ b/usr/src/uts/common/io/wscons.c
@@ -22,6 +22,7 @@
 /*
  * Copyright (c) 1987, 2010, Oracle and/or its affiliates. All rights reserved.
  * Copyright 2019 Toomas Soome <tsoome@me.com>
+ * Copyright 2019 Joyent, Inc.
  */
 
 /*
@@ -511,7 +512,7 @@ wcuwsrv(queue_t *q)
 		 * new.
 		 */
 		if (pvc->vc_flags & (WCS_DELAY|WCS_BUSY|WCS_STOPPED)) {
-			putbq(q, mp);
+			(void) putbq(q, mp);
 			return (0);
 		}
 
diff --git a/usr/src/uts/common/sys/fibre-channel/impl/fp.h b/usr/src/uts/common/sys/fibre-channel/impl/fp.h
index 56fb941de1..f8844a29dd 100644
--- a/usr/src/uts/common/sys/fibre-channel/impl/fp.h
+++ b/usr/src/uts/common/sys/fibre-channel/impl/fp.h
@@ -23,6 +23,10 @@
  * Use is subject to license terms.
  */
 
+/*
+ * Copyright 2019 Joyent, Inc.
+ */
+
 #ifndef	_FP_H
 #define	_FP_H
 
@@ -126,7 +130,7 @@ extern "C" {
 
 #else
 
-#define	FP_DTRACE
+#define	FP_DTRACE(...)		(void)(0)
 
 #endif
 
diff --git a/usr/src/uts/common/sys/scsi/targets/sddef.h b/usr/src/uts/common/sys/scsi/targets/sddef.h
index 30c6ae54d1..c4af129a32 100644
--- a/usr/src/uts/common/sys/scsi/targets/sddef.h
+++ b/usr/src/uts/common/sys/scsi/targets/sddef.h
@@ -24,6 +24,7 @@
 /*
  * Copyright 2011 cyril.galibern@opensvc.com
  * Copyright 2017 Nexenta Systems, Inc.  All rights reserved.
+ * Copyright 2019 Joyent, Inc.
  */
 
 #ifndef	_SYS_SCSI_TARGETS_SDDEF_H
@@ -1170,10 +1171,10 @@ struct sd_fi_arq {
 #else
 
 #undef	SDDEBUG
-#define	SD_ERROR	{ if (0) sd_log_err; }
-#define	SD_TRACE	{ if (0) sd_log_trace; }
-#define	SD_INFO		{ if (0) sd_log_info; }
-#define	SD_DUMP_MEMORY	{ if (0) sd_dump_memory; }
+#define	SD_ERROR(...)		(void)(0)
+#define	SD_TRACE(...)		(void)(0)
+#define	SD_INFO(...)		(void)(0)
+#define	SD_DUMP_MEMORY(...)	(void)(0)
 #endif