From: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Date: Sun, 10 Nov 2019 12:13:31 +0000 (+0100)
Subject: bpf: fix device type filter
X-Git-Tag: v244-rc1~62^2~6
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=415fe5ec7d38db5e8e0b97c68e462734f543ad17;p=thirdparty%2Fsystemd.git

bpf: fix device type filter

On big endian arches, we were taking the wrong half-word, so the check
was giving bogus results.

https://bugzilla.redhat.com/show_bug.cgi?id=1769148.
---

diff --git a/src/core/bpf-devices.c b/src/core/bpf-devices.c
index c94b9353a3c..d83fc449383 100644
--- a/src/core/bpf-devices.c
+++ b/src/core/bpf-devices.c
@@ -125,8 +125,9 @@ static int bpf_prog_whitelist_class(BPFProgram *prog, int type, const char *acc)
 int bpf_devices_cgroup_init(BPFProgram **ret, CGroupDevicePolicy policy, bool whitelist) {
         const struct bpf_insn pre_insn[] = {
                 /* load device type to r2 */
-                BPF_LDX_MEM(BPF_H, BPF_REG_2, BPF_REG_1,
+                BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1,
                             offsetof(struct bpf_cgroup_dev_ctx, access_type)),
+                BPF_ALU32_IMM(BPF_AND, BPF_REG_2, 0xFFFF),
 
                 /* load access type to r3 */
                 BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1,