Skip to content

Commit 232137d

Browse files
committed
seccomp: optimize common prefix comparison
Suggested-by: Kir Kolyshkin <kolyshkin@gmail.com> Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
1 parent 9b36167 commit 232137d

1 file changed

Lines changed: 48 additions & 54 deletions

File tree

src/libcrun/seccomp.c

Lines changed: 48 additions & 54 deletions
Original file line numberDiff line numberDiff line change
@@ -106,20 +106,30 @@ syscall_seccomp (unsigned int operation, unsigned int flags, void *args)
106106
static enum scmp_compare
107107
get_seccomp_operator_raw (const char *name)
108108
{
109-
if (strcmp (name, "SCMP_CMP_NE") == 0)
109+
const char *p;
110+
111+
p = name;
112+
if (strncmp (p, "SCMP_CMP_", 9))
113+
goto fail;
114+
115+
p += 9;
116+
117+
if (strcmp (p, "NE") == 0)
110118
return SCMP_CMP_NE;
111-
if (strcmp (name, "SCMP_CMP_LT") == 0)
119+
if (strcmp (p, "LT") == 0)
112120
return SCMP_CMP_LT;
113-
if (strcmp (name, "SCMP_CMP_LE") == 0)
121+
if (strcmp (p, "LE") == 0)
114122
return SCMP_CMP_LE;
115-
if (strcmp (name, "SCMP_CMP_EQ") == 0)
123+
if (strcmp (p, "EQ") == 0)
116124
return SCMP_CMP_EQ;
117-
if (strcmp (name, "SCMP_CMP_GE") == 0)
125+
if (strcmp (p, "GE") == 0)
118126
return SCMP_CMP_GE;
119-
if (strcmp (name, "SCMP_CMP_GT") == 0)
127+
if (strcmp (p, "GT") == 0)
120128
return SCMP_CMP_GT;
121-
if (strcmp (name, "SCMP_CMP_MASKED_EQ") == 0)
129+
if (strcmp (p, "MASKED_EQ") == 0)
122130
return SCMP_CMP_MASKED_EQ;
131+
132+
fail:
123133
return _SCMP_CMP_MIN; // Error.
124134
}
125135

@@ -134,8 +144,8 @@ get_seccomp_operator (const char *name, enum scmp_compare *op, libcrun_error_t *
134144
return 0;
135145
}
136146

137-
static int
138-
get_seccomp_action (const char *name, int errno_ret, uint32_t *action, libcrun_error_t *err)
147+
static uint32_t
148+
get_seccomp_action_raw (const char *name, int errno_ret)
139149
{
140150
const char *p;
141151

@@ -146,61 +156,45 @@ get_seccomp_action (const char *name, int errno_ret, uint32_t *action, libcrun_e
146156
p += 9;
147157

148158
if (strcmp (p, "ALLOW") == 0)
149-
{
150-
*action = SCMP_ACT_ALLOW;
151-
return 0;
152-
}
153-
else if (strcmp (p, "ERRNO") == 0)
154-
{
155-
*action = SCMP_ACT_ERRNO (errno_ret);
156-
return 0;
157-
}
158-
else if (strcmp (p, "KILL") == 0)
159-
{
160-
*action = SCMP_ACT_KILL;
161-
return 0;
162-
}
159+
return SCMP_ACT_ALLOW;
160+
if (strcmp (p, "ERRNO") == 0)
161+
return SCMP_ACT_ERRNO (errno_ret);
162+
if (strcmp (p, "KILL") == 0)
163+
return SCMP_ACT_KILL;
163164
# ifdef SCMP_ACT_LOG
164-
else if (strcmp (p, "LOG") == 0)
165-
{
166-
*action = SCMP_ACT_LOG;
167-
return 0;
168-
}
165+
if (strcmp (p, "LOG") == 0)
166+
return SCMP_ACT_LOG;
169167
# endif
170-
else if (strcmp (p, "TRAP") == 0)
171-
{
172-
*action = SCMP_ACT_TRAP;
173-
return 0;
174-
}
175-
else if (strcmp (p, "TRACE") == 0)
176-
{
177-
*action = SCMP_ACT_TRACE (errno_ret);
178-
return 0;
179-
}
168+
if (strcmp (p, "TRAP") == 0)
169+
return SCMP_ACT_TRAP;
170+
if (strcmp (p, "TRACE") == 0)
171+
return SCMP_ACT_TRACE (errno_ret);
180172
# ifdef SCMP_ACT_KILL_PROCESS
181-
else if (strcmp (p, "KILL_PROCESS") == 0)
182-
{
183-
*action = SCMP_ACT_KILL_PROCESS;
184-
return 0;
185-
}
173+
if (strcmp (p, "KILL_PROCESS") == 0)
174+
return SCMP_ACT_KILL_PROCESS;
186175
# endif
187176
# ifdef SCMP_ACT_KILL_THREAD
188-
else if (strcmp (p, "KILL_THREAD") == 0)
189-
{
190-
*action = SCMP_ACT_KILL_THREAD;
191-
return 0;
192-
}
177+
if (strcmp (p, "KILL_THREAD") == 0)
178+
return SCMP_ACT_KILL_THREAD;
193179
# endif
194180
# ifdef SCMP_ACT_NOTIFY
195-
else if (strcmp (p, "NOTIFY") == 0)
196-
{
197-
*action = SCMP_ACT_NOTIFY;
198-
return 0;
199-
}
181+
if (strcmp (p, "NOTIFY") == 0)
182+
return SCMP_ACT_NOTIFY;
200183
# endif
201184

202185
fail:
203-
return crun_make_error (err, 0, "seccomp get action `%s`", name);
186+
return ~0U; // Error.
187+
}
188+
189+
static int
190+
get_seccomp_action (const char *name, int errno_ret, uint32_t *action, libcrun_error_t *err)
191+
{
192+
*action = get_seccomp_action_raw (name, errno_ret);
193+
194+
if (*action == ~0U)
195+
return crun_make_error (err, 0, "seccomp get action `%s`", name);
196+
197+
return 0;
204198
}
205199
#endif
206200

0 commit comments

Comments
 (0)