From: robert <robert@openbsd.org>
Date: Fri, 25 Mar 2022 17:40:59 +0000 (+0000)
Subject: add an exception to the CPU_ID_AA64ISAR0 in pledged applications so that
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=49f7164095125e254117a6a4c43fda2b189de85b;p=openbsd

add an exception to the CPU_ID_AA64ISAR0 in pledged applications so that
libcrypto can access this sysctl on arm64 without restrictions to determine
cpu features

ok deraadt@, kettenis@
---

diff --git a/sys/kern/kern_pledge.c b/sys/kern/kern_pledge.c
index eaedbe320c0..b269ba98805 100644
--- a/sys/kern/kern_pledge.c
+++ b/sys/kern/kern_pledge.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: kern_pledge.c,v 1.280 2022/02/25 18:24:01 tedu Exp $	*/
+/*	$OpenBSD: kern_pledge.c,v 1.281 2022/03/25 17:40:59 robert Exp $	*/
 
 /*
  * Copyright (c) 2015 Nicholas Marriott <nicm@openbsd.org>
@@ -999,6 +999,12 @@ pledge_sysctl(struct proc *p, int miblen, int *mib, void *new)
 		return (0);
 #endif /* CPU_SSE */
 
+#ifdef CPU_ID_AA64ISAR0
+	if (miblen == 2 &&		/* arm64 libcrypto inspects CPU features */
+	    mib[0] == CTL_MACHDEP && mib[1] == CPU_ID_AA64ISAR0)
+		return (0);
+#endif /* CPU_ID_AA64ISAR0 */
+
 	snprintf(buf, sizeof(buf), "%s(%d): pledge sysctl %d:",
 	    p->p_p->ps_comm, p->p_p->ps_pid, miblen);
 	for (i = 0; i < miblen; i++) {