From e4f103c49590d5ff0c7e416ade15a99f54029f8d Mon Sep 17 00:00:00 2001
From: Anton Lindqvist <anton@basename.se>
Date: Fri, 26 Feb 2021 09:08:40 +0100
Subject: sys/openbsd: neutralize sysctl kern.maxfiles

Yet another root only knob that can cause the syz-execprog process to
run out of resources[1].

[1] https://syzkaller.appspot.com/bug?id=08745ec898fac9de9164bcc4d03bf62a078f56ab
---
 sys/openbsd/init.go      | 9 +++++++++
 sys/openbsd/init_test.go | 5 +++++
 2 files changed, 14 insertions(+)

diff --git a/sys/openbsd/init.go b/sys/openbsd/init.go
index 8eb9a726a..80e8d5527 100644
--- a/sys/openbsd/init.go
+++ b/sys/openbsd/init.go
@@ -20,6 +20,7 @@ func InitTarget(target *prog.Target) {
 		DIOCKILLSTATES:   target.GetConst("DIOCKILLSTATES"),
 		KERN_MAXCLUSTERS: target.GetConst("KERN_MAXCLUSTERS"),
 		KERN_MAXPROC:     target.GetConst("KERN_MAXPROC"),
+		KERN_MAXFILES:    target.GetConst("KERN_MAXFILES"),
 		KERN_MAXTHREAD:   target.GetConst("KERN_MAXTHREAD"),
 		KERN_WITNESS:     target.GetConst("KERN_WITNESS"),
 		S_IFCHR:          target.GetConst("S_IFCHR"),
@@ -42,6 +43,7 @@ type arch struct {
 	DIOCKILLSTATES   uint64
 	KERN_MAXCLUSTERS uint64
 	KERN_MAXPROC     uint64
+	KERN_MAXFILES    uint64
 	KERN_MAXTHREAD   uint64
 	KERN_WITNESS     uint64
 	S_IFCHR          uint64
@@ -251,6 +253,13 @@ func (arch *arch) neutralizeSysctlKern(mib []*prog.ConstArg) bool {
 		return true
 	}
 
+	// Do not fiddle with root only knob kern.maxfiles, can cause the
+	// syz-execprog to run out of resources.
+	if len(mib) >= 2 &&
+		mib[0].Val == arch.CTL_KERN && mib[1].Val == arch.KERN_MAXFILES {
+		return true
+	}
+
 	// Do not fiddle with root only knob kern.maxthread, can cause the
 	// syz-execprog process to panic.
 	if len(mib) >= 2 &&
diff --git a/sys/openbsd/init_test.go b/sys/openbsd/init_test.go
index d97c5e49e..c439de565 100644
--- a/sys/openbsd/init_test.go
+++ b/sys/openbsd/init_test.go
@@ -93,6 +93,11 @@ func TestNeutralize(t *testing.T) {
 			In:  `sysctl$kern(&(0x7f0000000300)={0x1, 0x6}, 0x2, 0x0, 0x0, &(0x7f0000000300)="ff0380c5", 0x4)`,
 			Out: `sysctl$kern(&(0x7f0000000300)={0x0}, 0x0, 0x0, 0x0, &(0x7f0000000300)="ff0380c5", 0x4)`,
 		},
+		{
+			// Test for sysctl kern.maxfiles.
+			In:  `sysctl$kern(&(0x7f0000000300)={0x1, 0x7}, 0x2, 0x0, 0x0, &(0x7f0000000300)="ff0380c5", 0x4)`,
+			Out: `sysctl$kern(&(0x7f0000000300)={0x0}, 0x0, 0x0, 0x0, &(0x7f0000000300)="ff0380c5", 0x4)`,
+		},
 		{
 			// Test for sysctl kern.maxthread.
 			In:  `sysctl$kern(&(0x7f0000000300)={0x1, 0x19}, 0x2, 0x0, 0x0, &(0x7f0000000300)="ff0380c5", 0x4)`,
-- 
cgit mrf-deployment