aboutgitcodelistschat:MatrixIRC
diff options
context:
space:
mode:
-rw-r--r--cooker/filter.c10
-rw-r--r--cooker/filter.h1
2 files changed, 10 insertions, 1 deletions
diff --git a/cooker/filter.c b/cooker/filter.c
index 3f23c1f..717e525 100644
--- a/cooker/filter.c
+++ b/cooker/filter.c
@@ -184,9 +184,13 @@ static unsigned int get_total_args_instr(const struct syscall_entry table[],
for (i = 0; i < t->count; i++) {
entry = t->entry + i;
n = 0;
+ /* For every argument there are 2 instructions, one to
+ * load the value and the second to evaluate the
+ * argument
+ */
for (k = 0; k < 6; k++) {
if (entry->check_arg[k])
- n++;
+ n += 2;
}
total_instr += n;
/* If there is at least an arguments then there is an additional
@@ -287,6 +291,10 @@ unsigned int create_bfp_program(struct syscall_entry table[],
next_args_off = get_n_args_syscall_entry(entry);
for (k = 0; k < 6; k++)
if (entry->check_arg[k]) {
+ filter[size++] = (struct sock_filter)
+ LOAD((offsetof(
+ struct seccomp_data,
+ args[k])));
filter[size++] = (struct sock_filter)EQ(
(table[i].entry + j)->args[k],
0, next_args_off - n_checks);
diff --git a/cooker/filter.h b/cooker/filter.h
index ee5ab12..c8e74be 100644
--- a/cooker/filter.h
+++ b/cooker/filter.h
@@ -9,6 +9,7 @@
BPF_JUMP(BPF_JMP | BPF_JGE | BPF_K, (nr), (right), (left))
#define JUMPA(jump) BPF_JUMP(BPF_JMP | BPF_JA, (jump), 0, 0)
#define EQ(nr, a1, a2) BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, (nr), (a1), (a2))
+#define LOAD(x) BPF_STMT(BPF_LD | BPF_W | BPF_ABS, (x))
#define MAX_FILTER 1024