From: deraadt <deraadt@openbsd.org>
Date: Sun, 5 Aug 2018 23:19:49 +0000 (+0000)
Subject: ifconfig ioctl's that bring interfaces up the first time may issue
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=1b907d569350075a460f5afb8801da4ed4c06433;p=openbsd

ifconfig ioctl's that bring interfaces up the first time may issue
firmware loads.  The namei operations are being performed are on behalf
of the kernel not process, so use BYPASSUNVEIL.
spotted by sthen, ok beck
---

diff --git a/sys/dev/firmload.c b/sys/dev/firmload.c
index 88346241c6a..9c258d9d80f 100644
--- a/sys/dev/firmload.c
+++ b/sys/dev/firmload.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: firmload.c,v 1.14 2015/12/29 04:46:28 mmcc Exp $	*/
+/*	$OpenBSD: firmload.c,v 1.15 2018/08/05 23:19:49 deraadt Exp $	*/
 
 /*
  * Copyright (c) 2004 Theo de Raadt <deraadt@openbsd.org>
@@ -51,6 +51,7 @@ loadfirmware(const char *name, u_char **bufp, size_t *buflen)
 	}
 
 	NDINIT(&nid, LOOKUP, NOFOLLOW|LOCKLEAF, UIO_SYSSPACE, path, p);
+	nid.ni_cnd.cn_flags |= BYPASSUNVEIL;
 	error = namei(&nid);
 #ifdef RAMDISK_HOOKS
 	/* try again with mounted disk */
@@ -62,6 +63,7 @@ loadfirmware(const char *name, u_char **bufp, size_t *buflen)
 		}
 
 		NDINIT(&nid, LOOKUP, NOFOLLOW|LOCKLEAF, UIO_SYSSPACE, path, p);
+		nid.ni_cnd.cn_flags |= BYPASSUNVEIL;
 		error = namei(&nid);
 	}
 #endif