diff options
| author | Paul Moore <pmoore@redhat.com> | 2013-04-03 10:49:05 -0400 |
|---|---|---|
| committer | Paul Moore <pmoore@redhat.com> | 2013-04-03 10:49:05 -0400 |
| commit | b9ea299f69a15b237fd5f992dbadad0d6b19f768 (patch) | |
| tree | fd2c5be6feb08abe833a241369ca49278f9ba1f4 | |
| parent | 61fd28b0d8f3c7f3e6eea4091f9551125b4ae8e1 (diff) | |
| download | libseccomp-b9ea299f69a15b237fd5f992dbadad0d6b19f768.tar.gz | |
bpf: correctly manage the BPF accumulator state
We weren't correctly tracking the accumulator state as we built the
BPF code, in an effort to fix this we now store the initial state of
the accumulator along with the BPF instruction block.
Signed-off-by: Paul Moore <pmoore@redhat.com>
| -rw-r--r-- | src/gen_bpf.c | 18 |
1 files changed, 9 insertions, 9 deletions
diff --git a/src/gen_bpf.c b/src/gen_bpf.c index 715560d..01c2709 100644 --- a/src/gen_bpf.c +++ b/src/gen_bpf.c @@ -107,6 +107,7 @@ struct bpf_blk { unsigned int flag_unique; /* ->blks is unique to this block */ /* used during block assembly */ + struct acc_state acc_state; uint64_t hash; struct bpf_blk *hash_nxt; struct bpf_blk *prev, *next; @@ -674,6 +675,7 @@ static struct bpf_blk *_gen_bpf_node(struct bpf_state *state, uint64_t act_t_hash = 0, act_f_hash = 0; struct bpf_blk *blk = NULL, *b_act; struct bpf_instr instr; + struct acc_state a_state_orig = *a_state; /* generate the action blocks */ if (node->act_t_flg) { @@ -757,6 +759,7 @@ static struct bpf_blk *_gen_bpf_node(struct bpf_state *state, goto node_failure; blk->node = node; + blk->acc_state = a_state_orig; return blk; node_failure: @@ -770,7 +773,6 @@ node_failure: * @param sys the syscall filter * @param blk the BPF instruction block * @param nxt_jump the jump to fallthrough to at the end of the level - * @param a_state the accumulator state * * Resolve the jump targets in a BPF instruction block generated by the * _gen_bpf_chain_lvl() function and adds the resulting block to the hash @@ -781,8 +783,7 @@ node_failure: static struct bpf_blk *_gen_bpf_chain_lvl_res(struct bpf_state *state, const struct db_sys_list *sys, struct bpf_blk *blk, - const struct bpf_jump *nxt_jump, - struct acc_state *a_state) + const struct bpf_jump *nxt_jump) { int rc; unsigned int iter; @@ -805,7 +806,7 @@ static struct bpf_blk *_gen_bpf_chain_lvl_res(struct bpf_state *state, case TGT_PTR_BLK: b_new = _gen_bpf_chain_lvl_res(state, sys, i_iter->jt.tgt.blk, - nxt_jump, a_state); + nxt_jump); if (b_new == NULL) return NULL; i_iter->jt = _BPF_JMP_HSH(b_new->hash); @@ -813,7 +814,7 @@ static struct bpf_blk *_gen_bpf_chain_lvl_res(struct bpf_state *state, case TGT_PTR_DB: node = (struct db_arg_chain_tree *)i_iter->jt.tgt.db; b_new = _gen_bpf_chain(state, sys, node, - nxt_jump, a_state); + nxt_jump, &blk->acc_state); if (b_new == NULL) return NULL; i_iter->jt = _BPF_JMP_HSH(b_new->hash); @@ -831,7 +832,7 @@ static struct bpf_blk *_gen_bpf_chain_lvl_res(struct bpf_state *state, case TGT_PTR_BLK: b_new = _gen_bpf_chain_lvl_res(state, sys, i_iter->jf.tgt.blk, - nxt_jump, a_state); + nxt_jump); if (b_new == NULL) return NULL; i_iter->jf = _BPF_JMP_HSH(b_new->hash); @@ -839,7 +840,7 @@ static struct bpf_blk *_gen_bpf_chain_lvl_res(struct bpf_state *state, case TGT_PTR_DB: node = (struct db_arg_chain_tree *)i_iter->jf.tgt.db; b_new = _gen_bpf_chain(state, sys, node, - nxt_jump, a_state); + nxt_jump, &blk->acc_state); if (b_new == NULL) return NULL; i_iter->jf = _BPF_JMP_HSH(b_new->hash); @@ -954,8 +955,7 @@ static struct bpf_blk *_gen_bpf_chain(struct bpf_state *state, b_iter = _gen_bpf_chain_lvl_res(state, sys, b_iter, (b_next == NULL ? nxt_jump : - &_BPF_JMP_BLK(b_next)), - a_state); + &_BPF_JMP_BLK(b_next))); if (b_iter == NULL) goto chain_failure; |