From: Kees Cook
Sent: 12 June 2020 16:13
...
/* Fixed size ioctls. Can be converted later on? */ switch (cmd) { case SECCOMP_IOCTL_NOTIF_RECV: return seccomp_notify_recv(filter, buf); case SECCOMP_IOCTL_NOTIF_SEND: return seccomp_notify_send(filter, buf); case SECCOMP_IOCTL_NOTIF_ID_VALID: return seccomp_notify_id_valid(filter, buf); }
/* Probably should make some nicer macros here */ switch (SIZE_MASK(DIR_MASK(cmd))) { case SIZE_MASK(DIR_MASK(SECCOMP_IOCTL_NOTIF_ADDFD)):
Ah yeah, I like this because of what you mention below: it's forward compat too. (I'd just use the ioctl masks directly...)
switch (cmd & ~(_IOC_SIZEMASK | _IOC_DIRMASK))
Since you need the same mask on the case labels I think I'd define a helper just across the switch statement:
#define M(cmd) ((cmd & ~(_IOC_SIZEMASK | _IOC_DIRMASK)) switch (M(cmd)) { case M(SECCOMP_IOCTL_NOTIF_RECV): ... } #undef M
It is probably wrong to mask off DIRMASK. But you might need to add extra case labels for the broken one(s).
Prior to worries about indirect jumps you could get a dense set of case label and faster code.
David
- Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK Registration No: 1397386 (Wales)