diff options
author | Damien Miller <djm@mindrot.org> | 2015-06-17 14:36:54 +1000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2015-06-17 14:36:54 +1000 |
commit | 97e2e1596c202a4693468378b16b2353fd2d6c5e (patch) | |
tree | d052614aec0dcc9c921eed4603fd186ff5740521 | |
parent | 99f33d7304893bd9fa04d227cb6e870171cded19 (diff) |
trivial optimisation for seccomp-bpf
When doing arg inspection and the syscall doesn't match, skip
past the instruction that reloads the syscall into the accumulator,
since the accumulator hasn't been modified at this point.
-rw-r--r-- | sandbox-seccomp-filter.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c index badfee2ec..c1fe1f3e9 100644 --- a/sandbox-seccomp-filter.c +++ b/sandbox-seccomp-filter.c | |||
@@ -81,7 +81,7 @@ | |||
81 | BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, __NR_ ## _nr, 0, 1), \ | 81 | BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, __NR_ ## _nr, 0, 1), \ |
82 | BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW) | 82 | BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW) |
83 | #define SC_ALLOW_ARG(_nr, _arg_nr, _arg_val) \ | 83 | #define SC_ALLOW_ARG(_nr, _arg_nr, _arg_val) \ |
84 | BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, __NR_ ## _nr, 0, 3), \ | 84 | BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, __NR_ ## _nr, 0, 4), \ |
85 | /* load first syscall argument */ \ | 85 | /* load first syscall argument */ \ |
86 | BPF_STMT(BPF_LD+BPF_W+BPF_ABS, \ | 86 | BPF_STMT(BPF_LD+BPF_W+BPF_ABS, \ |
87 | offsetof(struct seccomp_data, args[(_arg_nr)])), \ | 87 | offsetof(struct seccomp_data, args[(_arg_nr)])), \ |