filter: load argument to check

2 files changed, 10 insertions, 1 deletions

diff --git a/cooker/filter.c b/cooker/filter.c
index 3f23c1f..717e525 100644
--- a/cooker/filter.c
+++ b/cooker/filter.c
@@ -184,9 +184,13 @@ static unsigned int get_total_args_instr(const struct syscall_entry table[],
 		for (i = 0; i < t->count; i++) {
 			entry = t->entry + i;
 			n = 0;
+			/* For every argument there are 2 instructions, one to
+			 * load the value and the second to evaluate the
+			 * argument
+			 */
 			for (k = 0; k < 6; k++) {
 				if (entry->check_arg[k])
-					n++;
+					n += 2;
 			}
 			total_instr += n;
 			/* If there is at least an arguments then there is an additional
@@ -287,6 +291,10 @@ unsigned int create_bfp_program(struct syscall_entry table[],
 			next_args_off = get_n_args_syscall_entry(entry);
 			for (k = 0; k < 6; k++)
 				if (entry->check_arg[k]) {
+					filter[size++] = (struct sock_filter)
+						LOAD((offsetof(
+							struct seccomp_data,
+							args[k])));
 					filter[size++] = (struct sock_filter)EQ(
 						(table[i].entry + j)->args[k],
 						0, next_args_off - n_checks);
diff --git a/cooker/filter.h b/cooker/filter.h
index ee5ab12..c8e74be 100644
--- a/cooker/filter.h
+++ b/cooker/filter.h
@@ -9,6 +9,7 @@
 	BPF_JUMP(BPF_JMP | BPF_JGE | BPF_K, (nr), (right), (left))
 #define JUMPA(jump) BPF_JUMP(BPF_JMP | BPF_JA, (jump), 0, 0)
 #define EQ(nr, a1, a2) BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, (nr), (a1), (a2))
+#define LOAD(x) BPF_STMT(BPF_LD | BPF_W | BPF_ABS, (x))
 
 #define MAX_FILTER 1024