From 1b907d569350075a460f5afb8801da4ed4c06433 Mon Sep 17 00:00:00 2001
From: deraadt <deraadt@openbsd.org>
Date: Sun, 5 Aug 2018 23:19:49 +0000
Subject: [PATCH] ifconfig ioctl's that bring interfaces up the first time may
 issue firmware loads.  The namei operations are being performed are on behalf
 of the kernel not process, so use BYPASSUNVEIL. spotted by sthen, ok beck

---
 sys/dev/firmload.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/sys/dev/firmload.c b/sys/dev/firmload.c
index 88346241c6a..9c258d9d80f 100644
--- a/sys/dev/firmload.c
+++ b/sys/dev/firmload.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: firmload.c,v 1.14 2015/12/29 04:46:28 mmcc Exp $	*/
+/*	$OpenBSD: firmload.c,v 1.15 2018/08/05 23:19:49 deraadt Exp $	*/
 
 /*
  * Copyright (c) 2004 Theo de Raadt <deraadt@openbsd.org>
@@ -51,6 +51,7 @@ loadfirmware(const char *name, u_char **bufp, size_t *buflen)
 	}
 
 	NDINIT(&nid, LOOKUP, NOFOLLOW|LOCKLEAF, UIO_SYSSPACE, path, p);
+	nid.ni_cnd.cn_flags |= BYPASSUNVEIL;
 	error = namei(&nid);
 #ifdef RAMDISK_HOOKS
 	/* try again with mounted disk */
@@ -62,6 +63,7 @@ loadfirmware(const char *name, u_char **bufp, size_t *buflen)
 		}
 
 		NDINIT(&nid, LOOKUP, NOFOLLOW|LOCKLEAF, UIO_SYSSPACE, path, p);
+		nid.ni_cnd.cn_flags |= BYPASSUNVEIL;
 		error = namei(&nid);
 	}
 #endif
-- 
2.20.1