diff options
| author | Damien Miller <djm@mindrot.org> | 2015-06-17 14:36:54 +1000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2015-06-17 14:36:54 +1000 |
| commit | 97e2e1596c202a4693468378b16b2353fd2d6c5e (patch) | |
| tree | d052614aec0dcc9c921eed4603fd186ff5740521 /sandbox-seccomp-filter.c | |
| parent | 99f33d7304893bd9fa04d227cb6e870171cded19 (diff) | |
trivial optimisation for seccomp-bpf
When doing arg inspection and the syscall doesn't match, skip
past the instruction that reloads the syscall into the accumulator,
since the accumulator hasn't been modified at this point.
Diffstat (limited to 'sandbox-seccomp-filter.c')
| -rw-r--r-- | sandbox-seccomp-filter.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c index badfee2ec..c1fe1f3e9 100644 --- a/sandbox-seccomp-filter.c +++ b/sandbox-seccomp-filter.c | |||
| @@ -81,7 +81,7 @@ | |||
| 81 | BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, __NR_ ## _nr, 0, 1), \ | 81 | BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, __NR_ ## _nr, 0, 1), \ |
| 82 | BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW) | 82 | BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW) |
| 83 | #define SC_ALLOW_ARG(_nr, _arg_nr, _arg_val) \ | 83 | #define SC_ALLOW_ARG(_nr, _arg_nr, _arg_val) \ |
| 84 | BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, __NR_ ## _nr, 0, 3), \ | 84 | BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, __NR_ ## _nr, 0, 4), \ |
| 85 | /* load first syscall argument */ \ | 85 | /* load first syscall argument */ \ |
| 86 | BPF_STMT(BPF_LD+BPF_W+BPF_ABS, \ | 86 | BPF_STMT(BPF_LD+BPF_W+BPF_ABS, \ |
| 87 | offsetof(struct seccomp_data, args[(_arg_nr)])), \ | 87 | offsetof(struct seccomp_data, args[(_arg_nr)])), \ |