Merge branch 'master' into ipd4

author: Dan McDonald <danmcd@joyent.com> 2022-03-01 10:29:43 -0500
committer: Dan McDonald <danmcd@joyent.com> 2022-03-01 10:29:43 -0500
commit: 8d5f3f64e8c27482b578733fe3dd4cae0cce9eba (patch)
tree: d3b0fbf72cf1aab708771d12e52b6a800479584f
parent: cb65e07dbab60d774a6697160958f344c7f3c3de (diff)
parent: 143ed836ba84ee6f57ce416b8693ff0d12cef081 (diff)
download: illumos-joyent-8d5f3f64e8c27482b578733fe3dd4cae0cce9eba.tar.gz
3 files changed, 59 insertions, 0 deletions
diff --git a/usr/src/cmd/syseventd/modules/zfs_mod/Makefile b/usr/src/cmd/syseventd/modules/zfs_mod/Makefile
index 8b8c2c6c42..bcdf8d442e 100644
--- a/usr/src/cmd/syseventd/modules/zfs_mod/Makefile
+++ b/usr/src/cmd/syseventd/modules/zfs_mod/Makefile
@@ -29,6 +29,7 @@ include ../Makefile.com
 CPPFLAGS += -I../../../../lib/libc/inc
 LDLIBS += -lzfs -ldevid -lcmdutils -lnvpair
 
+CSTD= $(CSTD_GNU99)
 CERRWARN += $(CNOWARN_UNINIT)
 
 .KEEP_STATE:
diff --git a/usr/src/uts/common/os/policy.c b/usr/src/uts/common/os/policy.c
index 00ca6ec54a..b3f01cfab2 100644
--- a/usr/src/uts/common/os/policy.c
+++ b/usr/src/uts/common/os/policy.c
@@ -22,6 +22,7 @@
  * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
  * Copyright 2016 Joyent, Inc.
  * Copyright (c) 2016 by Delphix. All rights reserved.
+ * Copyright 2022 Oxide Computer Company
  */
 
 #include <sys/types.h>
@@ -69,6 +70,19 @@ int priv_debug = 0;
 int priv_basic_test = -1;
 
 /*
+ * Unlinking or creating new hard links to directories was historically allowed
+ * in some file systems; e.g., UFS allows root users to do it, at the cost of
+ * almost certain file system corruption that will require fsck to fix.
+ *
+ * Most modern operating systems and file systems (e.g., ZFS) do not allow this
+ * behaviour anymore, and we have elected to stamp it out entirely for
+ * compatibility and safety reasons.  An attempt to unlink a directory will
+ * fail with EPERM, as described in the standard.  During this transition, one
+ * can turn the behaviour back on, at their own risk, with this tuneable:
+ */
+int priv_allow_linkdir = 0;
+
+/*
  * This file contains the majority of the policy routines.
  * Since the policy routines are defined by function and not
  * by privilege, there is quite a bit of duplication of
@@ -896,6 +910,23 @@ secpolicy_fs_config(const cred_t *cr, const vfs_t *vfsp)
 int
 secpolicy_fs_linkdir(const cred_t *cr, const vfs_t *vfsp)
 {
+	if (priv_allow_linkdir == 0) {
+		/*
+		 * By default, this policy check will now always return EPERM
+		 * unless overridden.
+		 *
+		 * We do so without triggering auditing or allowing privilege
+		 * debugging for two reasons: first, we intend eventually to
+		 * deprecate the PRIV_SYS_LINKDIR privilege entirely and remove
+		 * the use of this policy check from the file systems; second,
+		 * for privilege debugging in particular, because it would be
+		 * confusing to report an unlink() failure as the result of a
+		 * missing privilege when in fact we are simply no longer
+		 * allowing the operation at all.
+		 */
+		return (EPERM);
+	}
+
 	return (PRIV_POLICY(cr, PRIV_SYS_LINKDIR, B_FALSE, EPERM, NULL));
 }
 
diff --git a/usr/src/uts/i86pc/io/vmm/vmm_instruction_emul.c b/usr/src/uts/i86pc/io/vmm/vmm_instruction_emul.c
index d2a790ec03..06baec53bf 100644
--- a/usr/src/uts/i86pc/io/vmm/vmm_instruction_emul.c
+++ b/usr/src/uts/i86pc/io/vmm/vmm_instruction_emul.c
@@ -41,6 +41,7 @@
  * Copyright 2015 Pluribus Networks Inc.
  * Copyright 2018 Joyent, Inc.
  * Copyright 2021 Oxide Computer Company
+ * Copyright 2022 OmniOS Community Edition (OmniOSce) Association.
  */
 
 #include <sys/cdefs.h>
@@ -348,6 +349,12 @@ static const struct vie_op one_byte_opcodes[256] = {
 		.op_byte = 0x8F,
 		.op_type = VIE_OP_TYPE_POP,
 	},
+	[0xF6] = {
+		/* XXX Group 3 extended opcode - not just TEST */
+		.op_byte = 0xF6,
+		.op_type = VIE_OP_TYPE_TEST,
+		.op_flags = VIE_OP_F_IMM8,
+	},
 	[0xF7] = {
 		/* XXX Group 3 extended opcode - not just TEST */
 		.op_byte = 0xF7,
@@ -1591,6 +1598,26 @@ vie_emulate_test(struct vie *vie, struct vm *vm, int vcpuid, uint64_t gpa)
 	error = EINVAL;
 
 	switch (vie->op.op_byte) {
+	case 0xF6:
+		/*
+		 * F6 /0		test r/m8, imm8
+		 *
+		 * Test mem (ModRM:r/m) with immediate and set status
+		 * flags according to the results.  The comparison is
+		 * performed by anding the immediate from the first
+		 * operand and then setting the status flags.
+		 */
+		if ((vie->reg & 7) != 0)
+			return (EINVAL);
+
+		size = 1;	/* override for byte operation */
+
+		error = vie_mmio_read(vie, vm, vcpuid, gpa, &op1, size);
+		if (error)
+			return (error);
+
+		rflags2 = getandflags(size, op1, vie->immediate);
+		break;
 	case 0xF7:
 		/*
 		 * F7 /0		test r/m16, imm16
author	Dan McDonald <danmcd@joyent.com>	2022-03-01 10:29:43 -0500
committer	Dan McDonald <danmcd@joyent.com>	2022-03-01 10:29:43 -0500
commit	8d5f3f64e8c27482b578733fe3dd4cae0cce9eba (patch)
tree	d3b0fbf72cf1aab708771d12e52b6a800479584f
parent	cb65e07dbab60d774a6697160958f344c7f3c3de (diff)
parent	143ed836ba84ee6f57ce416b8693ff0d12cef081 (diff)
download	illumos-joyent-8d5f3f64e8c27482b578733fe3dd4cae0cce9eba.tar.gz