bpf: fix device type filter

author Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>

Sun, 10 Nov 2019 12:13:31 +0000 (13:13 +0100)

committer Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>

Mon, 11 Nov 2019 13:55:57 +0000 (14:55 +0100)
author Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Sun, 10 Nov 2019 12:13:31 +0000 (13:13 +0100)
committer Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Mon, 11 Nov 2019 13:55:57 +0000 (14:55 +0100)
diff --git a/src/core/bpf-devices.c b/src/core/bpf-devices.c

index c94b9353a3c8eca8cd4078a77c8c5701fdeb0af3..d83fc44938365f453d67afbc957a98754d8037d3 100644 (file)
--- a/src/core/bpf-devices.c
+++ b/src/core/bpf-devices.c
@@ -125,8 +125,9 @@ static int bpf_prog_whitelist_class(BPFProgram *prog, int type, const char *acc)
  int bpf_devices_cgroup_init(BPFProgram **ret, CGroupDevicePolicy policy, bool whitelist) {
          const struct bpf_insn pre_insn[] = {
                  /* load device type to r2 */
-                BPF_LDX_MEM(BPF_H, BPF_REG_2, BPF_REG_1,
+                BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1,
                              offsetof(struct bpf_cgroup_dev_ctx, access_type)),
+                BPF_ALU32_IMM(BPF_AND, BPF_REG_2, 0xFFFF),
  
                  /* load access type to r3 */
                  BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1,
author	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
	Sun, 10 Nov 2019 12:13:31 +0000 (13:13 +0100)
committer	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
	Mon, 11 Nov 2019 13:55:57 +0000 (14:55 +0100)