Skip to content

RFE: add support for comparisons against 32-bit arguments #384

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
jhenstridge wants to merge 8 commits into
base: main
Choose a base branch
from
Open

RFE: add support for comparisons against 32-bit arguments #384

Changes from 1 commit
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
ad65b76
api: Add a SCMP_CMP_32BIT flag bit that can be combined with existing…
jhenstridge May 9, 2022
b6b2e21
db: extract per db_api_arg portion of _db_rule_gen_32 into its own fu…
jhenstridge May 10, 2022
9090c42
db: extract 64-bit comparison generation into _db_rule_gen_arg_64
jhenstridge May 11, 2022
0936a72
db: merge _db_rule_gen_64 and _db_rule_gen_32
jhenstridge May 11, 2022
b86348b
db: generate 32-bit comparisons on 64-bit architectures if SCMP_CMP_3…
jhenstridge May 11, 2022
3a13808
tests: add a test covering forced 32-bit comparisons
jhenstridge May 12, 2022
d472727
db: return EINVAL if there are any unknown flags set in the compariso…
jhenstridge May 12, 2022
518493f
tests: add Python version of 32-bit comparison test program
jhenstridge May 18, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions src/db.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2331,6 +2331,11 @@ int db_col_rule_add(struct db_filter_col *col,
rc = -EINVAL;
goto add_return;
}
/* Check that no unknown flags are specified in the op */
Copy link
Member

@pcmoore pcmoore Jul 12, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It might be a good idea to check this up near the top of the if-block once the once the chain entry is considered valid (the fail early idea).

if ((arg_data.op & ~(SCMP_CMP_OPMASK | SCMP_CMP_32BIT)) != 0) {
Copy link
Member

@pcmoore pcmoore Jul 12, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This may argue for a SCMP_CMP_FLAGMASK or similar, see the comments on the first patch in the PR.

rc = -EINVAL;
goto add_return;
}
} else {
rc = -EINVAL;
goto add_return;
Expand Down