Created
October 10, 2013 18:53
-
-
Save jld/6923511 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * The instruction encodings. | |
| */ | |
| /* instruction classes */ | |
| #define BPF_CLASS(code) ((code) & 0x07) | |
| #define BPF_LD 0x00 | |
| #define BPF_LDX 0x01 | |
| #define BPF_ST 0x02 | |
| #define BPF_STX 0x03 | |
| #define BPF_ALU 0x04 | |
| #define BPF_JMP 0x05 | |
| #define BPF_RET 0x06 | |
| #define BPF_MISC 0x07 | |
| /* ld/ldx fields */ | |
| #define BPF_SIZE(code) ((code) & 0x18) | |
| #define BPF_W 0x00 | |
| #define BPF_H 0x08 | |
| #define BPF_B 0x10 | |
| #define BPF_MODE(code) ((code) & 0xe0) | |
| #define BPF_IMM 0x00 | |
| #define BPF_ABS 0x20 | |
| #define BPF_IND 0x40 | |
| #define BPF_MEM 0x60 | |
| #define BPF_LEN 0x80 | |
| #define BPF_MSH 0xa0 | |
| /* alu/jmp fields */ | |
| #define BPF_OP(code) ((code) & 0xf0) | |
| #define BPF_ADD 0x00 | |
| #define BPF_SUB 0x10 | |
| #define BPF_MUL 0x20 | |
| #define BPF_DIV 0x30 | |
| #define BPF_OR 0x40 | |
| #define BPF_AND 0x50 | |
| #define BPF_LSH 0x60 | |
| #define BPF_RSH 0x70 | |
| #define BPF_NEG 0x80 | |
| #define BPF_JA 0x00 | |
| #define BPF_JEQ 0x10 | |
| #define BPF_JGT 0x20 | |
| #define BPF_JGE 0x30 | |
| #define BPF_JSET 0x40 | |
| #define BPF_SRC(code) ((code) & 0x08) | |
| #define BPF_K 0x00 | |
| #define BPF_X 0x08 | |
| /* ret - BPF_K and BPF_X also apply */ | |
| #define BPF_RVAL(code) ((code) & 0x18) | |
| #define BPF_A 0x10 | |
| /* misc */ | |
| #define BPF_MISCOP(code) ((code) & 0xf8) | |
| #define BPF_TAX 0x00 | |
| #define BPF_TXA 0x80 | |
| #define BPF_INSN_SIZE 8 | |
| .macro bpfstmt code, k | |
| .short \code | |
| .byte 0, 0 | |
| .long \k | |
| .endm | |
| .macro bpfjmp code, k, jt, jf | |
| .short \code | |
| .byte (\jt - .) / BPF_INSN_SIZE, (\jf - .) / BPF_INSN_SIZE | |
| .long \k | |
| .endm | |
| .macro bpfret k | |
| bpfstmt BPF_RET, \k | |
| .endm | |
| .macro bpfldw addr | |
| bpfstmt BPF_LD|BPF_W|BPF_K, \addr | |
| .endm | |
| .macro bpfjeq k, dest | |
| bpfjmp BPF_JMP|BPF_JEQ, \k, \dest, . | |
| .endm | |
| .macro bpfjne k, dest | |
| bpfjmp BPF_JMP|BPF_JEQ, \k, ., \dest | |
| .endm | |
| #define SECCOMP_RET_KILL 0x00000000 /* kill the task immediately */ | |
| #define SECCOMP_RET_TRAP 0x00030000 /* disallow and force a SIGSYS */ | |
| #define SECCOMP_RET_ERRNO 0x00050000 /* returns an errno */ | |
| #define SECCOMP_RET_TRACE 0x7ff00000 /* pass to a tracer or disallow */ | |
| #define SECCOMP_RET_ALLOW 0x7fff0000 /* allow */ | |
| .data | |
| .globl prog | |
| .globl progend | |
| prog: bpfldw 0 | |
| bpfjeq 23, 9f | |
| bpfjeq 46, 9f | |
| bpfjne 123, 1f | |
| bpfldw 1 | |
| bpfjeq 4, 9f | |
| bpfjeq 5, 9f | |
| bpfret 0 | |
| 1: bpfldw 0 | |
| bpfjeq __NR_baz, 9f | |
| bpfret SECCOMP_RET_KILL | |
| .fill 250, 8, 0 | |
| 9: bpfret SECCOMP_RET_ALLOW | |
| progend: |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment