diff options
| -rw-r--r-- | src/gen_bpf.c | 11 | ||||
| -rw-r--r-- | tests/28-sim-arch_x86.c | 2 | ||||
| -rw-r--r-- | tests/28-sim-arch_x86.tests | 2 |
3 files changed, 11 insertions, 4 deletions
diff --git a/src/gen_bpf.c b/src/gen_bpf.c index 452d954..8d1b1b5 100644 --- a/src/gen_bpf.c +++ b/src/gen_bpf.c @@ -153,6 +153,8 @@ struct bpf_state { /* filter attributes */ const struct db_filter_attr *attr; + /* bad arch action */ + uint64_t bad_arch_hsh; /* default action */ uint64_t def_hsh; @@ -1352,22 +1354,26 @@ static struct bpf_blk *_gen_bpf_arch(struct bpf_state *state, /* filter out x32 */ _BPF_INSTR(instr, _BPF_OP(state->arch, BPF_JMP + BPF_JGE), - _BPF_JMP_NXT(blk_cnt++), _BPF_JMP_NO, + _BPF_JMP_HSH(state->bad_arch_hsh), + _BPF_JMP_NO, _BPF_K(state->arch, X32_SYSCALL_BIT)); if (b_head != NULL) instr.jf = _BPF_JMP_HSH(b_head->hash); else instr.jf = _BPF_JMP_HSH(state->def_hsh); + blk_cnt++; } else if (state->arch->token == SCMP_ARCH_X32) { /* filter out x86_64 */ _BPF_INSTR(instr, _BPF_OP(state->arch, BPF_JMP + BPF_JGE), - _BPF_JMP_NO, _BPF_JMP_NXT(blk_cnt++), + _BPF_JMP_NO, + _BPF_JMP_HSH(state->bad_arch_hsh), _BPF_K(state->arch, X32_SYSCALL_BIT)); if (b_head != NULL) instr.jt = _BPF_JMP_HSH(b_head->hash); else instr.jt = _BPF_JMP_HSH(state->def_hsh); + blk_cnt++; } else /* we should never get here */ goto arch_failure; @@ -1636,6 +1642,7 @@ static int _gen_bpf_build_bpf(struct bpf_state *state, rc = _hsh_add(state, &b_badarch, 1); if (rc < 0) return rc; + state->bad_arch_hsh = b_badarch->hash; /* generate the default action */ b_default = _gen_bpf_action(state, NULL, state->attr->act_default); diff --git a/tests/28-sim-arch_x86.c b/tests/28-sim-arch_x86.c index e93c0a7..fa6302f 100644 --- a/tests/28-sim-arch_x86.c +++ b/tests/28-sim-arch_x86.c @@ -1,7 +1,7 @@ /** * Seccomp Library test program * - * This test triggers a bug in libseccomp erroneously allowing the close() + * This test triggered a bug in libseccomp erroneously allowing the close() * syscall on x32 instead of 'KILL'ing it, as it should do for unsupported * architectures. * diff --git a/tests/28-sim-arch_x86.tests b/tests/28-sim-arch_x86.tests index b86a047..45978aa 100644 --- a/tests/28-sim-arch_x86.tests +++ b/tests/28-sim-arch_x86.tests @@ -1,7 +1,7 @@ # # libseccomp regression test automation data # -# This test triggers a bug in libseccomp erroneously allowing the close() +# This test triggered a bug in libseccomp erroneously allowing the close() # syscall on x32 instead of 'KILL'ing it, as it should do for unsupported # architectures. # |