bpf: fix off-by-one in class whitelisting

We would jump one insn too many, landing in the middle of the subsequent block.
author: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> 2019-11-10 13:32:36 +0100
committer: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> 2019-11-11 14:55:57 +0100
commit: a72a5326a47733f057d1bea1ddb319b779165f8d (patch)
tree: b1f75f0795eb3a45ba4e878e9746e126cfce0a8b /src/core/bpf-devices.c
parent: bpf: fix device type filter (diff)
download: systemd-a72a5326a47733f057d1bea1ddb319b779165f8d.tar.xz
systemd-a72a5326a47733f057d1bea1ddb319b779165f8d.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/src/core/bpf-devices.c b/src/core/bpf-devices.c
index d83fc44938..60cc2f6b4e 100644
--- a/src/core/bpf-devices.c
+++ b/src/core/bpf-devices.c
@@ -108,7 +108,7 @@ static int bpf_prog_whitelist_class(BPFProgram *prog, int type, const char *acc)
                 return -EINVAL;
 
         const struct bpf_insn insn[] = {
-                BPF_JMP_IMM(BPF_JNE, BPF_REG_2, type, 5), /* compare device type */
+                BPF_JMP_IMM(BPF_JNE, BPF_REG_2, type, 4), /* compare device type */
                 BPF_MOV32_REG(BPF_REG_1, BPF_REG_3), /* calculate access type */
                 BPF_ALU32_IMM(BPF_AND, BPF_REG_1, access),
                 BPF_JMP_REG(BPF_JNE, BPF_REG_1, BPF_REG_3, 1), /* compare access type */
author	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>	2019-11-10 13:32:36 +0100
committer	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>	2019-11-11 14:55:57 +0100
commit	a72a5326a47733f057d1bea1ddb319b779165f8d (patch)
tree	b1f75f0795eb3a45ba4e878e9746e126cfce0a8b /src/core/bpf-devices.c
parent	bpf: fix device type filter (diff)
download	systemd-a72a5326a47733f057d1bea1ddb319b779165f8d.tar.xz systemd-a72a5326a47733f057d1bea1ddb319b779165f8d.zip