aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAnton Lindqvist <anton@basename.se>2021-02-26 09:08:40 +0100
committerDmitry Vyukov <dvyukov@google.com>2021-02-26 10:33:39 +0100
commit9a8edab7d70628a31db73d3469f5b94a12d96068 (patch)
treefce22834df82296810df837f14d8d76c4478ad9d
parent76f7fc952d5c6a94c61aa2628568ffddb533272a (diff)
sys/openbsd: neutralize sysctl kern.maxproc
Yet another root only knob that can cause the syz-execprog process to run out of resources[1]. [1] https://syzkaller.appspot.com/bug?id=39e86177b5ccebb26f3dd60ab2bf261d40e485d7
Diffstat
-rw-r--r--sys/openbsd/init.go9
-rw-r--r--sys/openbsd/init_test.go5
2 files changed, 14 insertions, 0 deletions
diff --git a/sys/openbsd/init.go b/sys/openbsd/init.go
index e90ffb115..8eb9a726a 100644
--- a/sys/openbsd/init.go
+++ b/sys/openbsd/init.go
@@ -19,6 +19,7 @@ func InitTarget(target *prog.Target) {
DIOCCLRSTATES: target.GetConst("DIOCCLRSTATES"),
DIOCKILLSTATES: target.GetConst("DIOCKILLSTATES"),
KERN_MAXCLUSTERS: target.GetConst("KERN_MAXCLUSTERS"),
+ KERN_MAXPROC: target.GetConst("KERN_MAXPROC"),
KERN_MAXTHREAD: target.GetConst("KERN_MAXTHREAD"),
KERN_WITNESS: target.GetConst("KERN_WITNESS"),
S_IFCHR: target.GetConst("S_IFCHR"),
@@ -40,6 +41,7 @@ type arch struct {
DIOCCLRSTATES uint64
DIOCKILLSTATES uint64
KERN_MAXCLUSTERS uint64
+ KERN_MAXPROC uint64
KERN_MAXTHREAD uint64
KERN_WITNESS uint64
S_IFCHR uint64
@@ -242,6 +244,13 @@ func (arch *arch) neutralizeSysctlKern(mib []*prog.ConstArg) bool {
return true
}
+ // Do not fiddle with root only knob kern.maxproc, can cause the
+ // syz-execprog to run out of resources.
+ if len(mib) >= 2 &&
+ mib[0].Val == arch.CTL_KERN && mib[1].Val == arch.KERN_MAXPROC {
+ return true
+ }
+
// Do not fiddle with root only knob kern.maxthread, can cause the
// syz-execprog process to panic.
if len(mib) >= 2 &&
diff --git a/sys/openbsd/init_test.go b/sys/openbsd/init_test.go
index 2a9ed640c..d97c5e49e 100644
--- a/sys/openbsd/init_test.go
+++ b/sys/openbsd/init_test.go
@@ -89,6 +89,11 @@ func TestNeutralize(t *testing.T) {
Out: `sysctl$kern(&(0x7f0000cc0ff0)={0x0}, 0x0, 0x0, 0x0, &(0x7f0000000180), 0x0)`,
},
{
+ // Test for sysctl kern.maxproc.
+ In: `sysctl$kern(&(0x7f0000000300)={0x1, 0x6}, 0x2, 0x0, 0x0, &(0x7f0000000300)="ff0380c5", 0x4)`,
+ Out: `sysctl$kern(&(0x7f0000000300)={0x0}, 0x0, 0x0, 0x0, &(0x7f0000000300)="ff0380c5", 0x4)`,
+ },
+ {
// Test for sysctl kern.maxthread.
In: `sysctl$kern(&(0x7f0000000300)={0x1, 0x19}, 0x2, 0x0, 0x0, &(0x7f0000000300)="ff0380c5", 0x4)`,
Out: `sysctl$kern(&(0x7f0000000300)={0x0}, 0x0, 0x0, 0x0, &(0x7f0000000300)="ff0380c5", 0x4)`,
generated by ggit (джигит) mrf-deployment (git 2.46.0) at 2026-03-11 20:03:32 +0000