trivial optimisation for seccomp-bpf

When doing arg inspection and the syscall doesn't match, skip past the instruction that reloads the syscall into the accumulator, since the accumulator hasn't been modified at this point.
author: Damien Miller <djm@mindrot.org> 2015-06-17 14:36:54 +1000
committer: Damien Miller <djm@mindrot.org> 2015-06-17 14:36:54 +1000
commit: 97e2e1596c202a4693468378b16b2353fd2d6c5e (patch)
tree: d052614aec0dcc9c921eed4603fd186ff5740521
parent: 99f33d7304893bd9fa04d227cb6e870171cded19 (diff)
download: openssh-git-97e2e1596c202a4693468378b16b2353fd2d6c5e.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
index badfee2e..c1fe1f3e 100644
--- a/sandbox-seccomp-filter.c
+++ b/sandbox-seccomp-filter.c
@@ -81,7 +81,7 @@
 	BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, __NR_ ## _nr, 0, 1), \
 	BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW)
 #define SC_ALLOW_ARG(_nr, _arg_nr, _arg_val) \
-	BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, __NR_ ## _nr, 0, 3), \
+	BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, __NR_ ## _nr, 0, 4), \
 	/* load first syscall argument */ \
 	BPF_STMT(BPF_LD+BPF_W+BPF_ABS, \
 	    offsetof(struct seccomp_data, args[(_arg_nr)])), \
author	Damien Miller <djm@mindrot.org>	2015-06-17 14:36:54 +1000
committer	Damien Miller <djm@mindrot.org>	2015-06-17 14:36:54 +1000
commit	97e2e1596c202a4693468378b16b2353fd2d6c5e (patch)
tree	d052614aec0dcc9c921eed4603fd186ff5740521
parent	99f33d7304893bd9fa04d227cb6e870171cded19 (diff)
download	openssh-git-97e2e1596c202a4693468378b16b2353fd2d6c5e.tar.gz