From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id B9CCFEB64DA for ; Wed, 12 Jul 2023 19:39:41 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232417AbjGLTjk (ORCPT ); Wed, 12 Jul 2023 15:39:40 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35150 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231594AbjGLTjk (ORCPT ); Wed, 12 Jul 2023 15:39:40 -0400 Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id E90C31FC7 for ; Wed, 12 Jul 2023 12:39:38 -0700 (PDT) Received: from [192.168.87.36] (c-98-237-170-177.hsd1.wa.comcast.net [98.237.170.177]) by linux.microsoft.com (Postfix) with ESMTPSA id 3BF5221C44E3; Wed, 12 Jul 2023 12:39:38 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 3BF5221C44E3 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1689190778; bh=ejHvuhi9pcpP1A/ico7WTH2llnMHDBUFt6eYXEXSrZs=; h=Date:Subject:To:Cc:References:From:In-Reply-To:From; b=g63x7OksBugGZW5IoHkQL3n4Ssn/2rVIAZ/cAJBR01rYWK4kXZ8dr2krMs1EdBAjl ENUOIzrBM6iCrWAmBwXFBkcV+N0mNwaLSfWxtk03LatROQ3XWaR8hPTu9f19CIg6PV a7FCHvo9RWisJWYrr9zSsjGSaZ7iGn/o7He8pPec= Message-ID: <105faa02-4008-5143-0ee3-8417e1411e54@linux.microsoft.com> Date: Wed, 12 Jul 2023 12:39:37 -0700 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.11.0 Subject: Re: [PATCH 03/10] ima: allocate buffer at kexec load to hold ima measurements Content-Language: en-US To: Stefan Berger , zohar@linux.ibm.com, noodles@fb.com, bauermann@kolabnow.com, kexec@lists.infradead.org, linux-integrity@vger.kernel.org Cc: code@tyhicks.com, nramas@linux.microsoft.com, paul@paul-moore.com, "Eric W . Biederman" References: <20230703215709.1195644-1-tusharsu@linux.microsoft.com> <20230703215709.1195644-4-tusharsu@linux.microsoft.com> <273cea4f-9c82-e5ca-20e4-1db30d83393e@linux.ibm.com> From: Tushar Sugandhi In-Reply-To: <273cea4f-9c82-e5ca-20e4-1db30d83393e@linux.ibm.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org On 7/11/23 13:16, Stefan Berger wrote: > > > On 7/3/23 17:57, Tushar Sugandhi wrote: >> The IMA subsystem needs a dedicated mechanism to reserve extra memory >> for >> measurements added between the kexec 'load' and kexec 'execute'. >> >> Update ima_add_kexec_buffer to allocate a buffer of a sufficient size >> taking ima binary runtime measurements size, size of ima_kexec_hdr, and >> IMA_KEXEC_EXTRA_SIZE into account.  Adjust the kexec_segment_size to >> align >> to the PAGE_SIZE.  Call ima_allocate_buf_at_kexec_load() to allocate the >> buffer. >> >> This patch assumes the extra space defined (IMA_KEXEC_EXTRA_SIZE) is >> sufficient to handle the additional measurements.  This should be as per >> the system requirements and based on the number of additional >> measurements >> expected during the window from kexec 'load' to kexec 'execute'. > > This could be the most problematic part if the 'execute' happens much > later > than the 'load' with lots of measurement activity in between. I am > wondering > whether not doing anything at 'load' time and doing the whole work at > 'execute' time Technically I don't want to do anything at kexec 'load' time. But as I said elsewhere in this series, I am under impression that segment allocation must happen at kexec 'load' time. But if that understanding is wrong - then we can move the entire logic to kexec 'execute' time. I am currently trying to validate if moving the logic to kexec 'execute' works. > wouldn't be the right thing to do ? > > Otherwise, if we wanted the work to be split as you suggest, could you > - krealloc the src_pages (now in kimage_map_segment) to add space for > a few more pages needed for the additional measurements > - add those few more pages to src_pages > - vunmap the previous mapping > - vmap the extended src_pages array > - update ima_kexec_file.buf with the diff between the new and old > vmap'ed addresses > - append to the existing log > > This presumably would help resolve this potential issue. Thanks for the detailed thoughts. I will investigate if this approach is needed, based on my comment above. If it is needed and feasible, I will incorporate it in the next iteration. Thanks again. ~Tushar > > The src_pages is currently not kfree'd -- may be a memory leak. > > Regards, >    Stefan > >> >> Signed-off-by: Tushar Sugandhi >> --- >>   security/integrity/ima/ima.h       |  2 ++ >>   security/integrity/ima/ima_kexec.c | 21 ++++++++++----------- >>   2 files changed, 12 insertions(+), 11 deletions(-) >> >> diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h >> index c29db699c996..2ffda9449b9b 100644 >> --- a/security/integrity/ima/ima.h >> +++ b/security/integrity/ima/ima.h >> @@ -43,6 +43,8 @@ enum tpm_pcrs { TPM_PCR0 = 0, TPM_PCR8 = 8, >> TPM_PCR10 = 10 }; >>     #define NR_BANKS(chip) ((chip != NULL) ? chip->nr_allocated_banks >> : 0) >>   +#define IMA_KEXEC_EXTRA_SIZE (16 * PAGE_SIZE) >> + >>   /* current content of the policy */ >>   extern int ima_policy_flag; >>   diff --git a/security/integrity/ima/ima_kexec.c >> b/security/integrity/ima/ima_kexec.c >> index 858b67689701..7deb8df31485 100644 >> --- a/security/integrity/ima/ima_kexec.c >> +++ b/security/integrity/ima/ima_kexec.c >> @@ -188,31 +188,30 @@ void ima_add_kexec_buffer(struct kimage *image) >>       /* use more understandable variable names than defined in kbuf */ >>       void *kexec_buffer = NULL; >>       size_t kexec_buffer_size; >> -    size_t kexec_segment_size; >>       int ret; >>         /* >> -     * Reserve an extra half page of memory for additional measurements >> -     * added during the kexec load. >> +     * Reserve extra memory for measurements added in the window from >> +     * kexec 'load' to kexec 'execute'. >>        */ >> -    binary_runtime_size = ima_get_binary_runtime_size(); >> +    binary_runtime_size = ima_get_binary_runtime_size() + >> +                  sizeof(struct ima_kexec_hdr) + >> +                  IMA_KEXEC_EXTRA_SIZE; >> + >>       if (binary_runtime_size >= ULONG_MAX - PAGE_SIZE) >>           kexec_segment_size = ULONG_MAX; >>       else >> -        kexec_segment_size = ALIGN(ima_get_binary_runtime_size() + >> -                       PAGE_SIZE / 2, PAGE_SIZE); >> +        kexec_segment_size = ALIGN(binary_runtime_size, PAGE_SIZE); >> + >>       if ((kexec_segment_size == ULONG_MAX) || >>           ((kexec_segment_size >> PAGE_SHIFT) > totalram_pages() / 2)) { >>           pr_err("Binary measurement list too large.\n"); >>           return; >>       } >>   -    ima_dump_measurement_list(&kexec_buffer_size, &kexec_buffer, >> -                  kexec_segment_size); >> -    if (!kexec_buffer) { >> -        pr_err("Not enough memory for the kexec measurement >> buffer.\n"); >> +    ret = ima_allocate_buf_at_kexec_load(); >> +    if (ret < 0) >>           return; >> -    } >>         kbuf.buffer = kexec_buffer; >>       kbuf.bufsz = kexec_buffer_size; From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 698BCEB64DD for ; Wed, 12 Jul 2023 19:39:46 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:Content-Type: Content-Transfer-Encoding:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:In-Reply-To:From:References:Cc:To:Subject: MIME-Version:Date:Message-ID:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=4vDsbrYf4mFPaWLSPkSLa50kWCAeNnEy8PIyCTTnzgU=; b=hEjvJG+/A47q0h TH3Fb/lnJeOZFGS28X0SE43+5iqapufuY8S32vunebYrti9Q0pvUe295XN+PdAw0CNIPEQY4m5Qq1 GhoewV59a2NCVraLCZDKrLSGUpuAFFUu/BZYGLrptGbdsGCGACq3J39zlfUU8sCYgqDznn3HJpneP W7AzF9ifg6Kqvm4cVflUFD7WnYQuBqOnnDTR0AfgUcC5cMKCddVAGDmpEN6m+BKb1z1UmESVsW6lo nWX9I+dr9mnhLDA6SkkffmoYSvf2xlxw4OQmQHwfeOfX8k8jY9f8ZOQrbpcTxMBgCF2jZ3W+4ygnO BYFdtscTRm+nUIukfzlQ==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.96 #2 (Red Hat Linux)) id 1qJfgc-0010p3-0X; Wed, 12 Jul 2023 19:39:42 +0000 Received: from linux.microsoft.com ([13.77.154.182]) by bombadil.infradead.org with esmtp (Exim 4.96 #2 (Red Hat Linux)) id 1qJfgZ-0010od-0o for kexec@lists.infradead.org; Wed, 12 Jul 2023 19:39:40 +0000 Received: from [192.168.87.36] (c-98-237-170-177.hsd1.wa.comcast.net [98.237.170.177]) by linux.microsoft.com (Postfix) with ESMTPSA id 3BF5221C44E3; Wed, 12 Jul 2023 12:39:38 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 3BF5221C44E3 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1689190778; bh=ejHvuhi9pcpP1A/ico7WTH2llnMHDBUFt6eYXEXSrZs=; h=Date:Subject:To:Cc:References:From:In-Reply-To:From; b=g63x7OksBugGZW5IoHkQL3n4Ssn/2rVIAZ/cAJBR01rYWK4kXZ8dr2krMs1EdBAjl ENUOIzrBM6iCrWAmBwXFBkcV+N0mNwaLSfWxtk03LatROQ3XWaR8hPTu9f19CIg6PV a7FCHvo9RWisJWYrr9zSsjGSaZ7iGn/o7He8pPec= Message-ID: <105faa02-4008-5143-0ee3-8417e1411e54@linux.microsoft.com> Date: Wed, 12 Jul 2023 12:39:37 -0700 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.11.0 Subject: Re: [PATCH 03/10] ima: allocate buffer at kexec load to hold ima measurements Content-Language: en-US To: Stefan Berger , zohar@linux.ibm.com, noodles@fb.com, bauermann@kolabnow.com, kexec@lists.infradead.org, linux-integrity@vger.kernel.org Cc: code@tyhicks.com, nramas@linux.microsoft.com, paul@paul-moore.com, "Eric W . Biederman" References: <20230703215709.1195644-1-tusharsu@linux.microsoft.com> <20230703215709.1195644-4-tusharsu@linux.microsoft.com> <273cea4f-9c82-e5ca-20e4-1db30d83393e@linux.ibm.com> From: Tushar Sugandhi In-Reply-To: <273cea4f-9c82-e5ca-20e4-1db30d83393e@linux.ibm.com> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20230712_123939_336156_E243A4A2 X-CRM114-Status: GOOD ( 30.69 ) X-BeenThere: kexec@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: base64 Content-Type: text/plain; charset="utf-8"; Format="flowed" Sender: "kexec" Errors-To: kexec-bounces+kexec=archiver.kernel.org@lists.infradead.org Ck9uIDcvMTEvMjMgMTM6MTYsIFN0ZWZhbiBCZXJnZXIgd3JvdGU6Cj4KPgo+IE9uIDcvMy8yMyAx Nzo1NywgVHVzaGFyIFN1Z2FuZGhpIHdyb3RlOgo+PiBUaGUgSU1BIHN1YnN5c3RlbSBuZWVkcyBh IGRlZGljYXRlZCBtZWNoYW5pc20gdG8gcmVzZXJ2ZSBleHRyYSBtZW1vcnkgCj4+IGZvcgo+PiBt ZWFzdXJlbWVudHMgYWRkZWQgYmV0d2VlbiB0aGUga2V4ZWMgJ2xvYWQnIGFuZCBrZXhlYyAnZXhl Y3V0ZScuCj4+Cj4+IFVwZGF0ZSBpbWFfYWRkX2tleGVjX2J1ZmZlciB0byBhbGxvY2F0ZSBhIGJ1 ZmZlciBvZiBhIHN1ZmZpY2llbnQgc2l6ZQo+PiB0YWtpbmcgaW1hIGJpbmFyeSBydW50aW1lIG1l YXN1cmVtZW50cyBzaXplLCBzaXplIG9mIGltYV9rZXhlY19oZHIsIGFuZAo+PiBJTUFfS0VYRUNf RVhUUkFfU0laRSBpbnRvIGFjY291bnQuwqAgQWRqdXN0IHRoZSBrZXhlY19zZWdtZW50X3NpemUg dG8gCj4+IGFsaWduCj4+IHRvIHRoZSBQQUdFX1NJWkUuwqAgQ2FsbCBpbWFfYWxsb2NhdGVfYnVm X2F0X2tleGVjX2xvYWQoKSB0byBhbGxvY2F0ZSB0aGUKPj4gYnVmZmVyLgo+Pgo+PiBUaGlzIHBh dGNoIGFzc3VtZXMgdGhlIGV4dHJhIHNwYWNlIGRlZmluZWQgKElNQV9LRVhFQ19FWFRSQV9TSVpF KSBpcwo+PiBzdWZmaWNpZW50IHRvIGhhbmRsZSB0aGUgYWRkaXRpb25hbCBtZWFzdXJlbWVudHMu wqAgVGhpcyBzaG91bGQgYmUgYXMgcGVyCj4+IHRoZSBzeXN0ZW0gcmVxdWlyZW1lbnRzIGFuZCBi YXNlZCBvbiB0aGUgbnVtYmVyIG9mIGFkZGl0aW9uYWwgCj4+IG1lYXN1cmVtZW50cwo+PiBleHBl Y3RlZCBkdXJpbmcgdGhlIHdpbmRvdyBmcm9tIGtleGVjICdsb2FkJyB0byBrZXhlYyAnZXhlY3V0 ZScuCj4KPiBUaGlzIGNvdWxkIGJlIHRoZSBtb3N0IHByb2JsZW1hdGljIHBhcnQgaWYgdGhlICdl eGVjdXRlJyBoYXBwZW5zIG11Y2ggCj4gbGF0ZXIKPiB0aGFuIHRoZSAnbG9hZCcgd2l0aCBsb3Rz IG9mIG1lYXN1cmVtZW50IGFjdGl2aXR5IGluIGJldHdlZW4uIEkgYW0gCj4gd29uZGVyaW5nCj4g d2hldGhlciBub3QgZG9pbmcgYW55dGhpbmcgYXQgJ2xvYWQnIHRpbWUgYW5kIGRvaW5nIHRoZSB3 aG9sZSB3b3JrIGF0IAo+ICdleGVjdXRlJyB0aW1lClRlY2huaWNhbGx5IEkgZG9uJ3Qgd2FudCB0 byBkbyBhbnl0aGluZyBhdCBrZXhlYyAnbG9hZCcgdGltZS4KQnV0IGFzIEkgc2FpZCBlbHNld2hl cmUgaW4gdGhpcyBzZXJpZXMsIEkgYW0gdW5kZXIgaW1wcmVzc2lvbiB0aGF0IApzZWdtZW50IGFs bG9jYXRpb24KbXVzdCBoYXBwZW4gYXQga2V4ZWMgJ2xvYWQnIHRpbWUuCgoKQnV0IGlmIHRoYXQg dW5kZXJzdGFuZGluZyBpcyB3cm9uZyAtIHRoZW4gd2UgY2FuIG1vdmUgdGhlIGVudGlyZSBsb2dp YyAKdG8ga2V4ZWMgJ2V4ZWN1dGUnIHRpbWUuCgpJIGFtIGN1cnJlbnRseSB0cnlpbmcgdG8gdmFs aWRhdGUgaWYgbW92aW5nIHRoZSBsb2dpYyB0byBrZXhlYyAnZXhlY3V0ZScgCndvcmtzLgo+IHdv dWxkbid0IGJlIHRoZSByaWdodCB0aGluZyB0byBkbyA/Cj4KPiBPdGhlcndpc2UsIGlmIHdlIHdh bnRlZCB0aGUgd29yayB0byBiZSBzcGxpdCBhcyB5b3Ugc3VnZ2VzdCwgY291bGQgeW91Cj4gLSBr cmVhbGxvYyB0aGUgc3JjX3BhZ2VzIChub3cgaW4ga2ltYWdlX21hcF9zZWdtZW50KSB0byBhZGQg c3BhY2UgZm9yIAo+IGEgZmV3IG1vcmUgcGFnZXMgbmVlZGVkIGZvciB0aGUgYWRkaXRpb25hbCBt ZWFzdXJlbWVudHMKPiAtIGFkZCB0aG9zZSBmZXcgbW9yZSBwYWdlcyB0byBzcmNfcGFnZXMKPiAt IHZ1bm1hcCB0aGUgcHJldmlvdXMgbWFwcGluZwo+IC0gdm1hcCB0aGUgZXh0ZW5kZWQgc3JjX3Bh Z2VzIGFycmF5Cj4gLSB1cGRhdGUgaW1hX2tleGVjX2ZpbGUuYnVmIHdpdGggdGhlIGRpZmYgYmV0 d2VlbiB0aGUgbmV3IGFuZCBvbGQgCj4gdm1hcCdlZCBhZGRyZXNzZXMKPiAtIGFwcGVuZCB0byB0 aGUgZXhpc3RpbmcgbG9nCj4KPiBUaGlzIHByZXN1bWFibHkgd291bGQgaGVscCByZXNvbHZlIHRo aXMgcG90ZW50aWFsIGlzc3VlLgpUaGFua3MgZm9yIHRoZSBkZXRhaWxlZCB0aG91Z2h0cy4KSSB3 aWxsIGludmVzdGlnYXRlIGlmIHRoaXMgYXBwcm9hY2ggaXMgbmVlZGVkLCBiYXNlZCBvbiBteSBj b21tZW50IGFib3ZlLgpJZiBpdCBpcyBuZWVkZWQgYW5kIGZlYXNpYmxlLCBJIHdpbGwgaW5jb3Jw b3JhdGUgaXQgaW4gdGhlIG5leHQgaXRlcmF0aW9uLgoKVGhhbmtzIGFnYWluLgoKflR1c2hhcgoK Pgo+IFRoZSBzcmNfcGFnZXMgaXMgY3VycmVudGx5IG5vdCBrZnJlZSdkIC0tIG1heSBiZSBhIG1l bW9yeSBsZWFrLgo+Cj4gUmVnYXJkcywKPiDCoMKgIFN0ZWZhbgo+Cj4+Cj4+IFNpZ25lZC1vZmYt Ynk6IFR1c2hhciBTdWdhbmRoaSA8dHVzaGFyc3VAbGludXgubWljcm9zb2Z0LmNvbT4KPj4gLS0t Cj4+IMKgIHNlY3VyaXR5L2ludGVncml0eS9pbWEvaW1hLmjCoMKgwqDCoMKgwqAgfMKgIDIgKysK Pj4gwqAgc2VjdXJpdHkvaW50ZWdyaXR5L2ltYS9pbWFfa2V4ZWMuYyB8IDIxICsrKysrKysrKyst LS0tLS0tLS0tLQo+PiDCoCAyIGZpbGVzIGNoYW5nZWQsIDEyIGluc2VydGlvbnMoKyksIDExIGRl bGV0aW9ucygtKQo+Pgo+PiBkaWZmIC0tZ2l0IGEvc2VjdXJpdHkvaW50ZWdyaXR5L2ltYS9pbWEu aCBiL3NlY3VyaXR5L2ludGVncml0eS9pbWEvaW1hLmgKPj4gaW5kZXggYzI5ZGI2OTljOTk2Li4y ZmZkYTk0NDliOWIgMTAwNjQ0Cj4+IC0tLSBhL3NlY3VyaXR5L2ludGVncml0eS9pbWEvaW1hLmgK Pj4gKysrIGIvc2VjdXJpdHkvaW50ZWdyaXR5L2ltYS9pbWEuaAo+PiBAQCAtNDMsNiArNDMsOCBA QCBlbnVtIHRwbV9wY3JzIHsgVFBNX1BDUjAgPSAwLCBUUE1fUENSOCA9IDgsIAo+PiBUUE1fUENS MTAgPSAxMCB9Owo+PiDCoCDCoCAjZGVmaW5lIE5SX0JBTktTKGNoaXApICgoY2hpcCAhPSBOVUxM KSA/IGNoaXAtPm5yX2FsbG9jYXRlZF9iYW5rcyAKPj4gOiAwKQo+PiDCoCArI2RlZmluZSBJTUFf S0VYRUNfRVhUUkFfU0laRSAoMTYgKiBQQUdFX1NJWkUpCj4+ICsKPj4gwqAgLyogY3VycmVudCBj b250ZW50IG9mIHRoZSBwb2xpY3kgKi8KPj4gwqAgZXh0ZXJuIGludCBpbWFfcG9saWN5X2ZsYWc7 Cj4+IMKgIGRpZmYgLS1naXQgYS9zZWN1cml0eS9pbnRlZ3JpdHkvaW1hL2ltYV9rZXhlYy5jIAo+ PiBiL3NlY3VyaXR5L2ludGVncml0eS9pbWEvaW1hX2tleGVjLmMKPj4gaW5kZXggODU4YjY3Njg5 NzAxLi43ZGViOGRmMzE0ODUgMTAwNjQ0Cj4+IC0tLSBhL3NlY3VyaXR5L2ludGVncml0eS9pbWEv aW1hX2tleGVjLmMKPj4gKysrIGIvc2VjdXJpdHkvaW50ZWdyaXR5L2ltYS9pbWFfa2V4ZWMuYwo+ PiBAQCAtMTg4LDMxICsxODgsMzAgQEAgdm9pZCBpbWFfYWRkX2tleGVjX2J1ZmZlcihzdHJ1Y3Qg a2ltYWdlICppbWFnZSkKPj4gwqDCoMKgwqDCoCAvKiB1c2UgbW9yZSB1bmRlcnN0YW5kYWJsZSB2 YXJpYWJsZSBuYW1lcyB0aGFuIGRlZmluZWQgaW4ga2J1ZiAqLwo+PiDCoMKgwqDCoMKgIHZvaWQg KmtleGVjX2J1ZmZlciA9IE5VTEw7Cj4+IMKgwqDCoMKgwqAgc2l6ZV90IGtleGVjX2J1ZmZlcl9z aXplOwo+PiAtwqDCoMKgIHNpemVfdCBrZXhlY19zZWdtZW50X3NpemU7Cj4+IMKgwqDCoMKgwqAg aW50IHJldDsKPj4gwqAgwqDCoMKgwqDCoCAvKgo+PiAtwqDCoMKgwqAgKiBSZXNlcnZlIGFuIGV4 dHJhIGhhbGYgcGFnZSBvZiBtZW1vcnkgZm9yIGFkZGl0aW9uYWwgbWVhc3VyZW1lbnRzCj4+IC3C oMKgwqDCoCAqIGFkZGVkIGR1cmluZyB0aGUga2V4ZWMgbG9hZC4KPj4gK8KgwqDCoMKgICogUmVz ZXJ2ZSBleHRyYSBtZW1vcnkgZm9yIG1lYXN1cmVtZW50cyBhZGRlZCBpbiB0aGUgd2luZG93IGZy b20KPj4gK8KgwqDCoMKgICoga2V4ZWMgJ2xvYWQnIHRvIGtleGVjICdleGVjdXRlJy4KPj4gwqDC oMKgwqDCoMKgICovCj4+IC3CoMKgwqAgYmluYXJ5X3J1bnRpbWVfc2l6ZSA9IGltYV9nZXRfYmlu YXJ5X3J1bnRpbWVfc2l6ZSgpOwo+PiArwqDCoMKgIGJpbmFyeV9ydW50aW1lX3NpemUgPSBpbWFf Z2V0X2JpbmFyeV9ydW50aW1lX3NpemUoKSArCj4+ICvCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDC oMKgwqDCoMKgIHNpemVvZihzdHJ1Y3QgaW1hX2tleGVjX2hkcikgKwo+PiArwqDCoMKgwqDCoMKg wqDCoMKgwqDCoMKgwqDCoMKgwqDCoCBJTUFfS0VYRUNfRVhUUkFfU0laRTsKPj4gKwo+PiDCoMKg wqDCoMKgIGlmIChiaW5hcnlfcnVudGltZV9zaXplID49IFVMT05HX01BWCAtIFBBR0VfU0laRSkK Pj4gwqDCoMKgwqDCoMKgwqDCoMKgIGtleGVjX3NlZ21lbnRfc2l6ZSA9IFVMT05HX01BWDsKPj4g wqDCoMKgwqDCoCBlbHNlCj4+IC3CoMKgwqDCoMKgwqDCoCBrZXhlY19zZWdtZW50X3NpemUgPSBB TElHTihpbWFfZ2V0X2JpbmFyeV9ydW50aW1lX3NpemUoKSArCj4+IC3CoMKgwqDCoMKgwqDCoMKg wqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoCBQQUdFX1NJWkUgLyAyLCBQQUdFX1NJWkUpOwo+ PiArwqDCoMKgwqDCoMKgwqAga2V4ZWNfc2VnbWVudF9zaXplID0gQUxJR04oYmluYXJ5X3J1bnRp bWVfc2l6ZSwgUEFHRV9TSVpFKTsKPj4gKwo+PiDCoMKgwqDCoMKgIGlmICgoa2V4ZWNfc2VnbWVu dF9zaXplID09IFVMT05HX01BWCkgfHwKPj4gwqDCoMKgwqDCoMKgwqDCoMKgICgoa2V4ZWNfc2Vn bWVudF9zaXplID4+IFBBR0VfU0hJRlQpID4gdG90YWxyYW1fcGFnZXMoKSAvIDIpKSB7Cj4+IMKg wqDCoMKgwqDCoMKgwqDCoCBwcl9lcnIoIkJpbmFyeSBtZWFzdXJlbWVudCBsaXN0IHRvbyBsYXJn ZS5cbiIpOwo+PiDCoMKgwqDCoMKgwqDCoMKgwqAgcmV0dXJuOwo+PiDCoMKgwqDCoMKgIH0KPj4g wqAgLcKgwqDCoCBpbWFfZHVtcF9tZWFzdXJlbWVudF9saXN0KCZrZXhlY19idWZmZXJfc2l6ZSwg JmtleGVjX2J1ZmZlciwKPj4gLcKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqAga2V4 ZWNfc2VnbWVudF9zaXplKTsKPj4gLcKgwqDCoCBpZiAoIWtleGVjX2J1ZmZlcikgewo+PiAtwqDC oMKgwqDCoMKgwqAgcHJfZXJyKCJOb3QgZW5vdWdoIG1lbW9yeSBmb3IgdGhlIGtleGVjIG1lYXN1 cmVtZW50IAo+PiBidWZmZXIuXG4iKTsKPj4gK8KgwqDCoCByZXQgPSBpbWFfYWxsb2NhdGVfYnVm X2F0X2tleGVjX2xvYWQoKTsKPj4gK8KgwqDCoCBpZiAocmV0IDwgMCkKPj4gwqDCoMKgwqDCoMKg wqDCoMKgIHJldHVybjsKPj4gLcKgwqDCoCB9Cj4+IMKgIMKgwqDCoMKgwqAga2J1Zi5idWZmZXIg PSBrZXhlY19idWZmZXI7Cj4+IMKgwqDCoMKgwqAga2J1Zi5idWZzeiA9IGtleGVjX2J1ZmZlcl9z aXplOwoKX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18Ka2V4 ZWMgbWFpbGluZyBsaXN0CmtleGVjQGxpc3RzLmluZnJhZGVhZC5vcmcKaHR0cDovL2xpc3RzLmlu ZnJhZGVhZC5vcmcvbWFpbG1hbi9saXN0aW5mby9rZXhlYwo=