[openssh-commits] [openssh] 01/01: trivial optimisation for seccomp-bpf
git+noreply at mindrot.org
git+noreply at mindrot.org
Wed Jun 17 14:38:30 AEST 2015
This is an automated email from the git hooks/post-receive script.
djm pushed a commit to branch master
in repository openssh.
commit 97e2e1596c202a4693468378b16b2353fd2d6c5e
Author: Damien Miller <djm at mindrot.org>
Date: Wed Jun 17 14:36:54 2015 +1000
trivial optimisation for seccomp-bpf
When doing arg inspection and the syscall doesn't match, skip
past the instruction that reloads the syscall into the accumulator,
since the accumulator hasn't been modified at this point.
---
sandbox-seccomp-filter.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
index badfee2..c1fe1f3 100644
--- a/sandbox-seccomp-filter.c
+++ b/sandbox-seccomp-filter.c
@@ -81,7 +81,7 @@
BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, __NR_ ## _nr, 0, 1), \
BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW)
#define SC_ALLOW_ARG(_nr, _arg_nr, _arg_val) \
- BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, __NR_ ## _nr, 0, 3), \
+ BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, __NR_ ## _nr, 0, 4), \
/* load first syscall argument */ \
BPF_STMT(BPF_LD+BPF_W+BPF_ABS, \
offsetof(struct seccomp_data, args[(_arg_nr)])), \
--
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
More information about the openssh-commits
mailing list