diff options
author | Paul Moore <paul@paul-moore.com> | 2020-06-06 15:59:55 -0400 |
---|---|---|
committer | Paul Moore <paul@paul-moore.com> | 2020-06-16 11:22:29 -0400 |
commit | 3a1d1c977065f204b96293cccfe7d3e5aa0d7ace (patch) | |
tree | b757138f8018657d8ab8e372323bc94318d7ec52 | |
parent | 027cc6031461e67d4c6a9a3463540a8433f2fcd4 (diff) | |
download | libseccomp-3a1d1c977065f204b96293cccfe7d3e5aa0d7ace.tar.gz |
bpf: return integer error codes from gen_bpf_release()
Acked-by: Tom Hromatka <tom.hromatka@oracle.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
-rw-r--r-- | doc/man/man3/seccomp_export_bpf.3 | 3 | ||||
-rw-r--r-- | doc/man/man3/seccomp_load.3 | 3 | ||||
-rw-r--r-- | src/api.c | 6 | ||||
-rw-r--r-- | src/gen_bpf.c | 21 | ||||
-rw-r--r-- | src/gen_bpf.h | 3 | ||||
-rw-r--r-- | src/system.c | 6 |
6 files changed, 26 insertions, 16 deletions
diff --git a/doc/man/man3/seccomp_export_bpf.3 b/doc/man/man3/seccomp_export_bpf.3 index bb0627c..68e735f 100644 --- a/doc/man/man3/seccomp_export_bpf.3 +++ b/doc/man/man3/seccomp_export_bpf.3 @@ -51,6 +51,9 @@ failure: .B -ECANCELED There was a kernel failure beyond the control of the library. .TP +.B -EFAULT +Internal libseccomp failure. +.TP .B -EINVAL Invalid input, either the context or architecture token is invalid. .TP diff --git a/doc/man/man3/seccomp_load.3 b/doc/man/man3/seccomp_load.3 index 15ace53..dcca7f5 100644 --- a/doc/man/man3/seccomp_load.3 +++ b/doc/man/man3/seccomp_load.3 @@ -41,6 +41,9 @@ Returns zero on success or one of the following error codes on failure: .B -ECANCELED There was a kernel failure beyond the control of the library. .TP +.B -EFAULT +Internal libseccomp failure. +.TP .B -EINVAL Invalid input, either the context or architecture token is invalid. .TP @@ -653,9 +653,9 @@ API int seccomp_export_bpf(const scmp_filter_ctx ctx, int fd) if (_ctx_valid(ctx)) return _rc_filter(-EINVAL); - program = gen_bpf_generate((struct db_filter_col *)ctx); - if (program == NULL) - return _rc_filter(-ENOMEM); + rc = gen_bpf_generate((struct db_filter_col *)ctx, &program); + if (rc < 0) + return _rc_filter(rc); rc = write(fd, program->blks, BPF_PGM_SIZE(program)); gen_bpf_release(program); if (rc < 0) diff --git a/src/gen_bpf.c b/src/gen_bpf.c index 5e1aad5..a8b3314 100644 --- a/src/gen_bpf.c +++ b/src/gen_bpf.c @@ -2240,34 +2240,37 @@ build_bpf_free_blks: /** * Generate a BPF representation of the filter DB * @param col the seccomp filter collection + * @param prgm_ptr the bpf program pointer * * This function generates a BPF representation of the given filter collection. - * Returns a pointer to a valid bpf_program on success, NULL on failure. + * Returns zero on success, negative values on failure. * */ -struct bpf_program *gen_bpf_generate(const struct db_filter_col *col) +int gen_bpf_generate(const struct db_filter_col *col, + struct bpf_program **prgm_ptr) { int rc; struct bpf_state state; struct bpf_program *prgm; if (col->filter_cnt == 0) - return NULL; + return -EINVAL; memset(&state, 0, sizeof(state)); state.attr = &col->attr; - prgm = zmalloc(sizeof(*(prgm))); - if (prgm == NULL) - return NULL; - state.bpf = prgm; + state.bpf = zmalloc(sizeof(*(prgm))); + if (state.bpf == NULL) + return -ENOMEM; rc = _gen_bpf_build_bpf(&state, col); - if (rc == 0) + if (rc == 0) { + *prgm_ptr = state.bpf; state.bpf = NULL; + } _state_release(&state); - return prgm; + return rc; } /** diff --git a/src/gen_bpf.h b/src/gen_bpf.h index 14484e7..8f886ae 100644 --- a/src/gen_bpf.h +++ b/src/gen_bpf.h @@ -36,7 +36,8 @@ struct bpf_program { #define BPF_PGM_SIZE(x) \ ((x)->blk_cnt * sizeof(*((x)->blks))) -struct bpf_program *gen_bpf_generate(const struct db_filter_col *col); +int gen_bpf_generate(const struct db_filter_col *col, + struct bpf_program **prgm_ptr); void gen_bpf_release(struct bpf_program *program); #endif diff --git a/src/system.c b/src/system.c index d73aaef..e2b2a9d 100644 --- a/src/system.c +++ b/src/system.c @@ -303,9 +303,9 @@ int sys_filter_load(struct db_filter_col *col) int rc; struct bpf_program *prgm = NULL; - prgm = gen_bpf_generate(col); - if (prgm == NULL) - return -ENOMEM; + rc = gen_bpf_generate(col, &prgm); + if (rc < 0) + return rc; /* attempt to set NO_NEW_PRIVS */ if (col->attr.nnp_enable) { |