From 9a8edab7d70628a31db73d3469f5b94a12d96068 Mon Sep 17 00:00:00 2001
From: Anton Lindqvist <anton@basename.se>
Date: Fri, 26 Feb 2021 09:08:40 +0100
Subject: sys/openbsd: neutralize sysctl kern.maxproc

Yet another root only knob that can cause the syz-execprog process to
run out of resources[1].

[1] https://syzkaller.appspot.com/bug?id=39e86177b5ccebb26f3dd60ab2bf261d40e485d7
---
 sys/openbsd/init.go      | 9 +++++++++
 sys/openbsd/init_test.go | 5 +++++
 2 files changed, 14 insertions(+)

diff --git a/sys/openbsd/init.go b/sys/openbsd/init.go
index e90ffb115..8eb9a726a 100644
--- a/sys/openbsd/init.go
+++ b/sys/openbsd/init.go
@@ -19,6 +19,7 @@ func InitTarget(target *prog.Target) {
 		DIOCCLRSTATES:    target.GetConst("DIOCCLRSTATES"),
 		DIOCKILLSTATES:   target.GetConst("DIOCKILLSTATES"),
 		KERN_MAXCLUSTERS: target.GetConst("KERN_MAXCLUSTERS"),
+		KERN_MAXPROC:     target.GetConst("KERN_MAXPROC"),
 		KERN_MAXTHREAD:   target.GetConst("KERN_MAXTHREAD"),
 		KERN_WITNESS:     target.GetConst("KERN_WITNESS"),
 		S_IFCHR:          target.GetConst("S_IFCHR"),
@@ -40,6 +41,7 @@ type arch struct {
 	DIOCCLRSTATES    uint64
 	DIOCKILLSTATES   uint64
 	KERN_MAXCLUSTERS uint64
+	KERN_MAXPROC     uint64
 	KERN_MAXTHREAD   uint64
 	KERN_WITNESS     uint64
 	S_IFCHR          uint64
@@ -242,6 +244,13 @@ func (arch *arch) neutralizeSysctlKern(mib []*prog.ConstArg) bool {
 		return true
 	}
 
+	// Do not fiddle with root only knob kern.maxproc, can cause the
+	// syz-execprog to run out of resources.
+	if len(mib) >= 2 &&
+		mib[0].Val == arch.CTL_KERN && mib[1].Val == arch.KERN_MAXPROC {
+		return true
+	}
+
 	// Do not fiddle with root only knob kern.maxthread, can cause the
 	// syz-execprog process to panic.
 	if len(mib) >= 2 &&
diff --git a/sys/openbsd/init_test.go b/sys/openbsd/init_test.go
index 2a9ed640c..d97c5e49e 100644
--- a/sys/openbsd/init_test.go
+++ b/sys/openbsd/init_test.go
@@ -88,6 +88,11 @@ func TestNeutralize(t *testing.T) {
 			In:  `sysctl$kern(&(0x7f0000cc0ff0)={0x1, 0x43}, 0x2, 0x0, 0x0, &(0x7f0000000180), 0x0)`,
 			Out: `sysctl$kern(&(0x7f0000cc0ff0)={0x0}, 0x0, 0x0, 0x0, &(0x7f0000000180), 0x0)`,
 		},
+		{
+			// Test for sysctl kern.maxproc.
+			In:  `sysctl$kern(&(0x7f0000000300)={0x1, 0x6}, 0x2, 0x0, 0x0, &(0x7f0000000300)="ff0380c5", 0x4)`,
+			Out: `sysctl$kern(&(0x7f0000000300)={0x0}, 0x0, 0x0, 0x0, &(0x7f0000000300)="ff0380c5", 0x4)`,
+		},
 		{
 			// Test for sysctl kern.maxthread.
 			In:  `sysctl$kern(&(0x7f0000000300)={0x1, 0x19}, 0x2, 0x0, 0x0, &(0x7f0000000300)="ff0380c5", 0x4)`,
-- 
cgit mrf-deployment