diff options
author | Damien Miller <djm@mindrot.org> | 2015-06-17 14:36:54 +1000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2015-06-17 14:36:54 +1000 |
commit | 97e2e1596c202a4693468378b16b2353fd2d6c5e (patch) | |
tree | d052614aec0dcc9c921eed4603fd186ff5740521 | |
parent | 99f33d7304893bd9fa04d227cb6e870171cded19 (diff) | |
download | openssh-git-97e2e1596c202a4693468378b16b2353fd2d6c5e.tar.gz |
trivial optimisation for seccomp-bpf
When doing arg inspection and the syscall doesn't match, skip
past the instruction that reloads the syscall into the accumulator,
since the accumulator hasn't been modified at this point.
-rw-r--r-- | sandbox-seccomp-filter.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c index badfee2e..c1fe1f3e 100644 --- a/sandbox-seccomp-filter.c +++ b/sandbox-seccomp-filter.c @@ -81,7 +81,7 @@ BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, __NR_ ## _nr, 0, 1), \ BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW) #define SC_ALLOW_ARG(_nr, _arg_nr, _arg_val) \ - BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, __NR_ ## _nr, 0, 3), \ + BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, __NR_ ## _nr, 0, 4), \ /* load first syscall argument */ \ BPF_STMT(BPF_LD+BPF_W+BPF_ABS, \ offsetof(struct seccomp_data, args[(_arg_nr)])), \ |