From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-11.8 required=3.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MIME_BASE64_TEXT,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 37D5EC433E0 for ; Thu, 21 Jan 2021 14:46:10 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 8579622248 for ; Thu, 21 Jan 2021 14:46:09 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 8579622248 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Received: from localhost ([::1]:46862 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1l2bDs-0001a2-KD for qemu-devel@archiver.kernel.org; Thu, 21 Jan 2021 09:46:08 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:41186) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1l2bCa-0000uE-F2 for qemu-devel@nongnu.org; Thu, 21 Jan 2021 09:44:48 -0500 Received: from us-smtp-delivery-124.mimecast.com ([216.205.24.124]:49934) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.90_1) (envelope-from ) id 1l2bCX-00040P-5O for qemu-devel@nongnu.org; Thu, 21 Jan 2021 09:44:47 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1611240283; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=9J/InfNPqwFuzr3M/NZ9MCR+nAkLgCHleGdJTnagcPo=; b=DbSjcVol1cE8rtWS9CghqHhJYSN3lN+kI4cETQoMjIQIWUkmJRVjYdAb9hWHHrNhLY99Ud Kf12uBvwRNc9Qn906xmwlyVkrDhIwQhPAKufHLcXEQ5Fm0GYEieUR55tp93cBzROvtW0tA XbF0akumX8y0itvphKiZQxsqCVrOBeE= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-181-whaKCRs0O6yggLfwDCp-Sw-1; Thu, 21 Jan 2021 09:44:41 -0500 X-MC-Unique: whaKCRs0O6yggLfwDCp-Sw-1 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 14B801800D41; Thu, 21 Jan 2021 14:44:40 +0000 (UTC) Received: from localhost (ovpn-115-60.ams2.redhat.com [10.36.115.60]) by smtp.corp.redhat.com (Postfix) with ESMTP id D99C539A60; Thu, 21 Jan 2021 14:44:30 +0000 (UTC) From: Stefan Hajnoczi To: qemu-devel@nongnu.org Subject: [PATCH] virtiofsd: prevent opening of special files (CVE-2020-35517) Date: Thu, 21 Jan 2021 14:44:29 +0000 Message-Id: <20210121144429.58885-1-stefanha@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=stefanha@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: base64 Content-Type: text/plain; charset="US-ASCII" Received-SPF: pass client-ip=216.205.24.124; envelope-from=stefanha@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -11 X-Spam_score: -1.2 X-Spam_bar: - X-Spam_report: (-1.2 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.168, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, MIME_BASE64_TEXT=1.741, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: mszeredi@redhat.com, slp@redhat.com, "Dr. David Alan Gilbert" , P J P , virtio-fs@redhat.com, Alex Xu , Stefan Hajnoczi , vgoyal@redhat.com Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" QSB3ZWxsLWJlaGF2ZWQgRlVTRSBjbGllbnQgZG9lcyBub3QgYXR0ZW1wdCB0byBvcGVuIHNwZWNp YWwgZmlsZXMgd2l0aApGVVNFX09QRU4gYmVjYXVzZSB0aGV5IGFyZSBoYW5kbGVkIG9uIHRoZSBj bGllbnQgc2lkZSAoZS5nLiBkZXZpY2Ugbm9kZXMKYXJlIGhhbmRsZWQgYnkgY2xpZW50LXNpZGUg ZGV2aWNlIGRyaXZlcnMpLgoKVGhlIGNoZWNrIHRvIHByZXZlbnQgdmlydGlvZnNkIGZyb20gb3Bl bmluZyBzcGVjaWFsIGZpbGVzIGlzIG1pc3NpbmcgaW4KYSBmZXcgY2FzZXMsIG1vc3Qgbm90YWJs eSBGVVNFX09QRU4uIEEgbWFsaWNpb3VzIGNsaWVudCBjYW4gY2F1c2UKdmlydGlvZnNkIHRvIG9w ZW4gYSBkZXZpY2Ugbm9kZSwgcG90ZW50aWFsbHkgYWxsb3dpbmcgdGhlIGd1ZXN0IHRvCmVzY2Fw ZS4gVGhpcyBjYW4gYmUgZXhwbG9pdGVkIGJ5IGEgbW9kaWZpZWQgZ3Vlc3QgZGV2aWNlIGRyaXZl ci4gSXQgaXMKbm90IGV4cGxvaXRhYmxlIGZyb20gZ3Vlc3QgdXNlcnNwYWNlIHNpbmNlIHRoZSBn dWVzdCBrZXJuZWwgd2lsbCBoYW5kbGUKc3BlY2lhbCBmaWxlcyBpbnNpZGUgdGhlIGd1ZXN0IGlu c3RlYWQgb2Ygc2VuZGluZyBGVVNFIHJlcXVlc3RzLgoKVGhpcyBwYXRjaCBhZGRzIHRoZSBtaXNz aW5nIGNoZWNrcyB0byB2aXJ0aW9mc2QuIFRoaXMgaXMgYSBzaG9ydC10ZXJtCnNvbHV0aW9uIGJl Y2F1c2UgaXQgZG9lcyBub3QgcHJldmVudCBhIGNvbXByb21pc2VkIHZpcnRpb2ZzZCBwcm9jZXNz CmZyb20gb3BlbmluZyBkZXZpY2Ugbm9kZXMgb24gdGhlIGhvc3QuCgpSZXBvcnRlZC1ieTogQWxl eCBYdSA8YWxleEBhbHh1LmNhPgpGaXhlczogQ1ZFLTIwMjAtMzU1MTcKU2lnbmVkLW9mZi1ieTog U3RlZmFuIEhham5vY3ppIDxzdGVmYW5oYUByZWRoYXQuY29tPgotLS0KVGhpcyBpc3N1ZSB3YXMg ZGlhZ25vc2VkIG9uIHB1YmxpYyBJUkMgYW5kIGlzIHRoZXJlZm9yZSBhbHJlYWR5IGtub3duCmFu ZCBub3QgZW1iYXJnb2VkLgoKQSBzdHJvbmdlciBmaXgsIGFuZCB0aGUgbG9uZy10ZXJtIHNvbHV0 aW9uLCBpcyBmb3IgdXNlcnMgdG8gbW91bnQgdGhlCnNoYXJlZCBkaXJlY3RvcnkgYW5kIGFueSBz dWItbW91bnRzIHdpdGggbm9kZXYsIGFzIHdlbGwgYXMgbm9zdWlkIGFuZApub2V4ZWMuIFVuZm9y dHVuYXRlbHkgdmlydGlvZnNkIGNhbm5vdCBkbyB0aGlzIGF1dG9tYXRpY2FsbHkgYmVjYXVzZQpi aW5kIG1vdW50cyBhZGRlZCBieSB0aGUgdXNlciBhZnRlciB2aXJ0aW9mc2QgaGFzIGxhdW5jaGVk IHdvdWxkIG5vdCBiZQpkZXRlY3RlZC4gSSBzdWdnZXN0IHRoZSBmb2xsb3dpbmc6CgoxLiBNb2Rp ZnkgbGlidmlydCBhbmQgS2F0YSBDb250YWluZXJzIHRvIGV4cGxpY2l0bHkgc2V0IHRoZXNlIG1v dW50CiAgIG9wdGlvbnMuCjIuIFRoZW4gbW9kaWZ5IHZpcnRpb2ZzZCB0byBjaGVjayB0aGF0IHRo ZSBzaGFyZWQgZGlyZWN0b3J5IGhhcyB0aGUKICAgbmVjZXNzYXJ5IG9wdGlvbnMgYXQgc3RhcnR1 cC4gUmVmdXNlIHRvIHN0YXJ0IGlmIHRoZSBvcHRpb25zIGFyZQogICBtaXNzaW5nIHNvIHRoYXQg dGhlIHVzZXIgaXMgYXdhcmUgb2YgdGhlIHNlY3VyaXR5IHJlcXVpcmVtZW50cy4KCkFzIGEgYm9u dXMgdGhpcyBhbHNvIGluY3JlYXNlcyB0aGUgbGlrZWxpaG9vZCB0aGF0IG90aGVyIGhvc3QgcHJv Y2Vzc2VzCmJlc2lkZXMgdmlydGlvZnNkIHdpbGwgYmUgcHJvdGVjdGVkIGJ5IG5vc3VpZC9ub2V4 ZWMvbm9kZXYgc28gdGhhdCBhCm1hbGljaW91cyBndWVzdCBjYW5ub3QgZHJvcCB0aGVzZSBmaWxl cyBpbiBwbGFjZSBhbmQgdGhlbiBhcnJhbmdlIGZvciBhCmhvc3QgcHJvY2VzcyB0byBjb21lIGFj cm9zcyB0aGVtLgoKQWRkaXRpb25hbGx5LCB1c2VyIG5hbWVzcGFjZXMgaGF2ZSBiZWVuIGRpc2N1 c3NlZC4gVGhleSBzZWVtIGxpa2UgYQp3b3J0aHdoaWxlIGFkZGl0aW9uIGFzIGFuIHVucHJpdmls ZWdlZCBvciBwcml2aWxlZ2Utc2VwYXJhdGVkIG1vZGUKYWx0aG91Z2ggdGhlcmUgYXJlIGxpbWl0 YXRpb25zIHdpdGggcmVzcGVjdCB0byBzZWN1cml0eSB4YXR0cnMgYW5kIHRoZQphY3R1YWwgdWlk L2dpZCBzdG9yZWQgb24gdGhlIGhvc3QgZmlsZSBzeXN0ZW0gbm90IGNvcnJlc3BvbmRpbmcgdG8g dGhlCmd1ZXN0IHVpZC9naWQuCi0tLQogdG9vbHMvdmlydGlvZnNkL3Bhc3N0aHJvdWdoX2xsLmMg fCA4NCArKysrKysrKysrKysrKysrKysrKystLS0tLS0tLS0tLQogMSBmaWxlIGNoYW5nZWQsIDU2 IGluc2VydGlvbnMoKyksIDI4IGRlbGV0aW9ucygtKQoKZGlmZiAtLWdpdCBhL3Rvb2xzL3ZpcnRp b2ZzZC9wYXNzdGhyb3VnaF9sbC5jIGIvdG9vbHMvdmlydGlvZnNkL3Bhc3N0aHJvdWdoX2xsLmMK aW5kZXggNWZiMzZkOTQwNy4uZTA4MzUyZDY0OSAxMDA2NDQKLS0tIGEvdG9vbHMvdmlydGlvZnNk L3Bhc3N0aHJvdWdoX2xsLmMKKysrIGIvdG9vbHMvdmlydGlvZnNkL3Bhc3N0aHJvdWdoX2xsLmMK QEAgLTU1NSw2ICs1NTUsMjkgQEAgc3RhdGljIGludCBsb19mZChmdXNlX3JlcV90IHJlcSwgZnVz ZV9pbm9fdCBpbm8pCiAgICAgcmV0dXJuIGZkOwogfQogCisvKgorICogT3BlbiBhIGZpbGUgZGVz Y3JpcHRvciBmb3IgYW4gaW5vZGUuIFJldHVybnMgLUVCQURGIGlmIHRoZSBpbm9kZSBpcyBub3Qg YQorICogcmVndWxhciBmaWxlIG9yIGEgZGlyZWN0b3J5LiBVc2UgdGhpcyBoZWxwZXIgZnVuY3Rp b24gaW5zdGVhZCBvZiByYXcKKyAqIG9wZW5hdCgyKSB0byBwcmV2ZW50IHNlY3VyaXR5IGlzc3Vl cyB3aGVuIGEgbWFsaWNpb3VzIGNsaWVudCBvcGVucyBzcGVjaWFsCisgKiBmaWxlcyBzdWNoIGFz IGJsb2NrIGRldmljZSBub2Rlcy4KKyAqLworc3RhdGljIGludCBsb19pbm9kZV9vcGVuKHN0cnVj dCBsb19kYXRhICpsbywgc3RydWN0IGxvX2lub2RlICppbm9kZSwKKyAgICAgICAgICAgICAgICAg ICAgICAgICBpbnQgb3Blbl9mbGFncykKK3sKKyAgICBnX2F1dG9mcmVlIGNoYXIgKmZkX3N0ciA9 IGdfc3RyZHVwX3ByaW50ZigiJWQiLCBpbm9kZS0+ZmQpOworICAgIGludCBmZDsKKworICAgIGlm ICghU19JU1JFRyhpbm9kZS0+ZmlsZXR5cGUpICYmICFTX0lTRElSKGlub2RlLT5maWxldHlwZSkp IHsKKyAgICAgICAgcmV0dXJuIC1FQkFERjsKKyAgICB9CisKKyAgICBmZCA9IG9wZW5hdChsby0+ cHJvY19zZWxmX2ZkLCBmZF9zdHIsIG9wZW5fZmxhZ3MpOworICAgIGlmIChmZCA8IDApIHsKKyAg ICAgICAgcmV0dXJuIC1lcnJubzsKKyAgICB9CisgICAgcmV0dXJuIGZkOworfQorCiBzdGF0aWMg dm9pZCBsb19pbml0KHZvaWQgKnVzZXJkYXRhLCBzdHJ1Y3QgZnVzZV9jb25uX2luZm8gKmNvbm4p CiB7CiAgICAgc3RydWN0IGxvX2RhdGEgKmxvID0gKHN0cnVjdCBsb19kYXRhICopdXNlcmRhdGE7 CkBAIC02ODQsOCArNzA3LDcgQEAgc3RhdGljIHZvaWQgbG9fc2V0YXR0cihmdXNlX3JlcV90IHJl cSwgZnVzZV9pbm9fdCBpbm8sIHN0cnVjdCBzdGF0ICphdHRyLAogICAgICAgICBpZiAoZmkpIHsK ICAgICAgICAgICAgIHRydW5jZmQgPSBmZDsKICAgICAgICAgfSBlbHNlIHsKLSAgICAgICAgICAg IHNwcmludGYocHJvY25hbWUsICIlaSIsIGlmZCk7Ci0gICAgICAgICAgICB0cnVuY2ZkID0gb3Bl bmF0KGxvLT5wcm9jX3NlbGZfZmQsIHByb2NuYW1lLCBPX1JEV1IpOworICAgICAgICAgICAgdHJ1 bmNmZCA9IGxvX2lub2RlX29wZW4obG8sIGlub2RlLCBPX1JEV1IpOwogICAgICAgICAgICAgaWYg KHRydW5jZmQgPCAwKSB7CiAgICAgICAgICAgICAgICAgZ290byBvdXRfZXJyOwogICAgICAgICAg ICAgfQpAQCAtMTcyNSw3ICsxNzQ3LDYgQEAgc3RhdGljIHN0cnVjdCBsb19pbm9kZV9wbG9jayAq bG9va3VwX2NyZWF0ZV9wbG9ja19jdHgoc3RydWN0IGxvX2RhdGEgKmxvLAogICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgcGlkX3QgcGlkLCBpbnQg KmVycikKIHsKICAgICBzdHJ1Y3QgbG9faW5vZGVfcGxvY2sgKnBsb2NrOwotICAgIGNoYXIgcHJv Y25hbWVbNjRdOwogICAgIGludCBmZDsKIAogICAgIHBsb2NrID0KQEAgLTE3NDIsMTIgKzE3NjMs MTAgQEAgc3RhdGljIHN0cnVjdCBsb19pbm9kZV9wbG9jayAqbG9va3VwX2NyZWF0ZV9wbG9ja19j dHgoc3RydWN0IGxvX2RhdGEgKmxvLAogICAgIH0KIAogICAgIC8qIE9wZW4gYW5vdGhlciBpbnN0 YW5jZSBvZiBmaWxlIHdoaWNoIGNhbiBiZSB1c2VkIGZvciBvZmQgbG9ja3MuICovCi0gICAgc3By aW50Zihwcm9jbmFtZSwgIiVpIiwgaW5vZGUtPmZkKTsKLQogICAgIC8qIFRPRE86IFdoYXQgaWYg ZmlsZSBpcyBub3Qgd3JpdGFibGU/ICovCi0gICAgZmQgPSBvcGVuYXQobG8tPnByb2Nfc2VsZl9m ZCwgcHJvY25hbWUsIE9fUkRXUik7Ci0gICAgaWYgKGZkID09IC0xKSB7Ci0gICAgICAgICplcnIg PSBlcnJubzsKKyAgICBmZCA9IGxvX2lub2RlX29wZW4obG8sIGlub2RlLCBPX1JEV1IpOworICAg IGlmIChmZCA8IDApIHsKKyAgICAgICAgKmVyciA9IC1mZDsKICAgICAgICAgZnJlZShwbG9jayk7 CiAgICAgICAgIHJldHVybiBOVUxMOwogICAgIH0KQEAgLTE4OTQsMTggKzE5MTMsMjQgQEAgc3Rh dGljIHZvaWQgbG9fb3BlbihmdXNlX3JlcV90IHJlcSwgZnVzZV9pbm9fdCBpbm8sIHN0cnVjdCBm dXNlX2ZpbGVfaW5mbyAqZmkpCiB7CiAgICAgaW50IGZkOwogICAgIHNzaXplX3QgZmg7Ci0gICAg Y2hhciBidWZbNjRdOwogICAgIHN0cnVjdCBsb19kYXRhICpsbyA9IGxvX2RhdGEocmVxKTsKKyAg ICBzdHJ1Y3QgbG9faW5vZGUgKmlub2RlID0gbG9faW5vZGUocmVxLCBpbm8pOwogCiAgICAgZnVz ZV9sb2coRlVTRV9MT0dfREVCVUcsICJsb19vcGVuKGlubz0lIiBQUkl1NjQgIiwgZmxhZ3M9JWQp XG4iLCBpbm8sCiAgICAgICAgICAgICAgZmktPmZsYWdzKTsKIAorICAgIGlmICghaW5vZGUpIHsK KyAgICAgICAgZnVzZV9yZXBseV9lcnIocmVxLCBFQkFERik7CisgICAgICAgIHJldHVybjsKKyAg ICB9CisKICAgICB1cGRhdGVfb3Blbl9mbGFncyhsby0+d3JpdGViYWNrLCBsby0+YWxsb3dfZGly ZWN0X2lvLCBmaSk7CiAKLSAgICBzcHJpbnRmKGJ1ZiwgIiVpIiwgbG9fZmQocmVxLCBpbm8pKTsK LSAgICBmZCA9IG9wZW5hdChsby0+cHJvY19zZWxmX2ZkLCBidWYsIGZpLT5mbGFncyAmIH5PX05P Rk9MTE9XKTsKLSAgICBpZiAoZmQgPT0gLTEpIHsKLSAgICAgICAgcmV0dXJuICh2b2lkKWZ1c2Vf cmVwbHlfZXJyKHJlcSwgZXJybm8pOworICAgIGZkID0gbG9faW5vZGVfb3BlbihsbywgaW5vZGUs IGZpLT5mbGFncyAmIH5PX05PRk9MTE9XKTsKKyAgICBpZiAoZmQgPCAwKSB7CisgICAgICAgIGxv X2lub2RlX3B1dChsbywgJmlub2RlKTsKKyAgICAgICAgZnVzZV9yZXBseV9lcnIocmVxLCAtZmQp OworICAgICAgICByZXR1cm47CiAgICAgfQogCiAgICAgcHRocmVhZF9tdXRleF9sb2NrKCZsby0+ bXV0ZXgpOwpAQCAtMTkxMyw2ICsxOTM4LDcgQEAgc3RhdGljIHZvaWQgbG9fb3BlbihmdXNlX3Jl cV90IHJlcSwgZnVzZV9pbm9fdCBpbm8sIHN0cnVjdCBmdXNlX2ZpbGVfaW5mbyAqZmkpCiAgICAg cHRocmVhZF9tdXRleF91bmxvY2soJmxvLT5tdXRleCk7CiAgICAgaWYgKGZoID09IC0xKSB7CiAg ICAgICAgIGNsb3NlKGZkKTsKKyAgICAgICAgbG9faW5vZGVfcHV0KGxvLCAmaW5vZGUpOwogICAg ICAgICBmdXNlX3JlcGx5X2VycihyZXEsIEVOT01FTSk7CiAgICAgICAgIHJldHVybjsKICAgICB9 CkBAIC0xOTIzLDYgKzE5NDksNyBAQCBzdGF0aWMgdm9pZCBsb19vcGVuKGZ1c2VfcmVxX3QgcmVx LCBmdXNlX2lub190IGlubywgc3RydWN0IGZ1c2VfZmlsZV9pbmZvICpmaSkKICAgICB9IGVsc2Ug aWYgKGxvLT5jYWNoZSA9PSBDQUNIRV9BTFdBWVMpIHsKICAgICAgICAgZmktPmtlZXBfY2FjaGUg PSAxOwogICAgIH0KKyAgICBsb19pbm9kZV9wdXQobG8sICZpbm9kZSk7CiAgICAgZnVzZV9yZXBs eV9vcGVuKHJlcSwgZmkpOwogfQogCkBAIC0xOTgyLDM5ICsyMDA5LDQwIEBAIHN0YXRpYyB2b2lk IGxvX2ZsdXNoKGZ1c2VfcmVxX3QgcmVxLCBmdXNlX2lub190IGlubywgc3RydWN0IGZ1c2VfZmls ZV9pbmZvICpmaSkKIHN0YXRpYyB2b2lkIGxvX2ZzeW5jKGZ1c2VfcmVxX3QgcmVxLCBmdXNlX2lu b190IGlubywgaW50IGRhdGFzeW5jLAogICAgICAgICAgICAgICAgICAgICAgc3RydWN0IGZ1c2Vf ZmlsZV9pbmZvICpmaSkKIHsKKyAgICBzdHJ1Y3QgbG9faW5vZGUgKmlub2RlID0gbG9faW5vZGUo cmVxLCBpbm8pOworICAgIHN0cnVjdCBsb19kYXRhICpsbyA9IGxvX2RhdGEocmVxKTsKICAgICBp bnQgcmVzOwogICAgIGludCBmZDsKLSAgICBjaGFyICpidWY7CiAKICAgICBmdXNlX2xvZyhGVVNF X0xPR19ERUJVRywgImxvX2ZzeW5jKGlubz0lIiBQUkl1NjQgIiwgZmk9MHglcClcbiIsIGlubywK ICAgICAgICAgICAgICAodm9pZCAqKWZpKTsKIAorICAgIGlmICghaW5vZGUpIHsKKyAgICAgICAg ZnVzZV9yZXBseV9lcnIocmVxLCBFQkFERik7CisgICAgICAgIHJldHVybjsKKyAgICB9CisKICAg ICBpZiAoIWZpKSB7Ci0gICAgICAgIHN0cnVjdCBsb19kYXRhICpsbyA9IGxvX2RhdGEocmVxKTsK LQotICAgICAgICByZXMgPSBhc3ByaW50ZigmYnVmLCAiJWkiLCBsb19mZChyZXEsIGlubykpOwot ICAgICAgICBpZiAocmVzID09IC0xKSB7Ci0gICAgICAgICAgICByZXR1cm4gKHZvaWQpZnVzZV9y ZXBseV9lcnIocmVxLCBlcnJubyk7Ci0gICAgICAgIH0KLQotICAgICAgICBmZCA9IG9wZW5hdChs by0+cHJvY19zZWxmX2ZkLCBidWYsIE9fUkRXUik7Ci0gICAgICAgIGZyZWUoYnVmKTsKLSAgICAg ICAgaWYgKGZkID09IC0xKSB7Ci0gICAgICAgICAgICByZXR1cm4gKHZvaWQpZnVzZV9yZXBseV9l cnIocmVxLCBlcnJubyk7CisgICAgICAgIGZkID0gbG9faW5vZGVfb3BlbihsbywgaW5vZGUsIE9f UkRXUik7CisgICAgICAgIGlmIChmZCA8IDApIHsKKyAgICAgICAgICAgIHJlcyA9IC1mZDsKKyAg ICAgICAgICAgIGdvdG8gb3V0OwogICAgICAgICB9CiAgICAgfSBlbHNlIHsKICAgICAgICAgZmQg PSBsb19maV9mZChyZXEsIGZpKTsKICAgICB9CiAKICAgICBpZiAoZGF0YXN5bmMpIHsKLSAgICAg ICAgcmVzID0gZmRhdGFzeW5jKGZkKTsKKyAgICAgICAgcmVzID0gZmRhdGFzeW5jKGZkKSA9PSAt MSA/IGVycm5vIDogMDsKICAgICB9IGVsc2UgewotICAgICAgICByZXMgPSBmc3luYyhmZCk7Cisg ICAgICAgIHJlcyA9IGZzeW5jKGZkKSA9PSAtMSA/IGVycm5vIDogMDsKICAgICB9CiAgICAgaWYg KCFmaSkgewogICAgICAgICBjbG9zZShmZCk7CiAgICAgfQotICAgIGZ1c2VfcmVwbHlfZXJyKHJl cSwgcmVzID09IC0xID8gZXJybm8gOiAwKTsKK291dDoKKyAgICBsb19pbm9kZV9wdXQobG8sICZp bm9kZSk7CisgICAgZnVzZV9yZXBseV9lcnIocmVxLCByZXMpOwogfQogCiBzdGF0aWMgdm9pZCBs b19yZWFkKGZ1c2VfcmVxX3QgcmVxLCBmdXNlX2lub190IGlubywgc2l6ZV90IHNpemUsIG9mZl90 IG9mZnNldCwKLS0gCjIuMjkuMgoK From mboxrd@z Thu Jan 1 00:00:00 1970 From: Stefan Hajnoczi Date: Thu, 21 Jan 2021 14:44:29 +0000 Message-Id: <20210121144429.58885-1-stefanha@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: base64 Subject: [Virtio-fs] [PATCH] virtiofsd: prevent opening of special files (CVE-2020-35517) List-Id: Development discussions about virtio-fs List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org Cc: P J P , virtio-fs@redhat.com, Alex Xu , vgoyal@redhat.com QSB3ZWxsLWJlaGF2ZWQgRlVTRSBjbGllbnQgZG9lcyBub3QgYXR0ZW1wdCB0byBvcGVuIHNwZWNp YWwgZmlsZXMgd2l0aApGVVNFX09QRU4gYmVjYXVzZSB0aGV5IGFyZSBoYW5kbGVkIG9uIHRoZSBj bGllbnQgc2lkZSAoZS5nLiBkZXZpY2Ugbm9kZXMKYXJlIGhhbmRsZWQgYnkgY2xpZW50LXNpZGUg ZGV2aWNlIGRyaXZlcnMpLgoKVGhlIGNoZWNrIHRvIHByZXZlbnQgdmlydGlvZnNkIGZyb20gb3Bl bmluZyBzcGVjaWFsIGZpbGVzIGlzIG1pc3NpbmcgaW4KYSBmZXcgY2FzZXMsIG1vc3Qgbm90YWJs eSBGVVNFX09QRU4uIEEgbWFsaWNpb3VzIGNsaWVudCBjYW4gY2F1c2UKdmlydGlvZnNkIHRvIG9w ZW4gYSBkZXZpY2Ugbm9kZSwgcG90ZW50aWFsbHkgYWxsb3dpbmcgdGhlIGd1ZXN0IHRvCmVzY2Fw ZS4gVGhpcyBjYW4gYmUgZXhwbG9pdGVkIGJ5IGEgbW9kaWZpZWQgZ3Vlc3QgZGV2aWNlIGRyaXZl ci4gSXQgaXMKbm90IGV4cGxvaXRhYmxlIGZyb20gZ3Vlc3QgdXNlcnNwYWNlIHNpbmNlIHRoZSBn dWVzdCBrZXJuZWwgd2lsbCBoYW5kbGUKc3BlY2lhbCBmaWxlcyBpbnNpZGUgdGhlIGd1ZXN0IGlu c3RlYWQgb2Ygc2VuZGluZyBGVVNFIHJlcXVlc3RzLgoKVGhpcyBwYXRjaCBhZGRzIHRoZSBtaXNz aW5nIGNoZWNrcyB0byB2aXJ0aW9mc2QuIFRoaXMgaXMgYSBzaG9ydC10ZXJtCnNvbHV0aW9uIGJl Y2F1c2UgaXQgZG9lcyBub3QgcHJldmVudCBhIGNvbXByb21pc2VkIHZpcnRpb2ZzZCBwcm9jZXNz CmZyb20gb3BlbmluZyBkZXZpY2Ugbm9kZXMgb24gdGhlIGhvc3QuCgpSZXBvcnRlZC1ieTogQWxl eCBYdSA8YWxleEBhbHh1LmNhPgpGaXhlczogQ1ZFLTIwMjAtMzU1MTcKU2lnbmVkLW9mZi1ieTog U3RlZmFuIEhham5vY3ppIDxzdGVmYW5oYUByZWRoYXQuY29tPgotLS0KVGhpcyBpc3N1ZSB3YXMg ZGlhZ25vc2VkIG9uIHB1YmxpYyBJUkMgYW5kIGlzIHRoZXJlZm9yZSBhbHJlYWR5IGtub3duCmFu ZCBub3QgZW1iYXJnb2VkLgoKQSBzdHJvbmdlciBmaXgsIGFuZCB0aGUgbG9uZy10ZXJtIHNvbHV0 aW9uLCBpcyBmb3IgdXNlcnMgdG8gbW91bnQgdGhlCnNoYXJlZCBkaXJlY3RvcnkgYW5kIGFueSBz dWItbW91bnRzIHdpdGggbm9kZXYsIGFzIHdlbGwgYXMgbm9zdWlkIGFuZApub2V4ZWMuIFVuZm9y dHVuYXRlbHkgdmlydGlvZnNkIGNhbm5vdCBkbyB0aGlzIGF1dG9tYXRpY2FsbHkgYmVjYXVzZQpi aW5kIG1vdW50cyBhZGRlZCBieSB0aGUgdXNlciBhZnRlciB2aXJ0aW9mc2QgaGFzIGxhdW5jaGVk IHdvdWxkIG5vdCBiZQpkZXRlY3RlZC4gSSBzdWdnZXN0IHRoZSBmb2xsb3dpbmc6CgoxLiBNb2Rp ZnkgbGlidmlydCBhbmQgS2F0YSBDb250YWluZXJzIHRvIGV4cGxpY2l0bHkgc2V0IHRoZXNlIG1v dW50CiAgIG9wdGlvbnMuCjIuIFRoZW4gbW9kaWZ5IHZpcnRpb2ZzZCB0byBjaGVjayB0aGF0IHRo ZSBzaGFyZWQgZGlyZWN0b3J5IGhhcyB0aGUKICAgbmVjZXNzYXJ5IG9wdGlvbnMgYXQgc3RhcnR1 cC4gUmVmdXNlIHRvIHN0YXJ0IGlmIHRoZSBvcHRpb25zIGFyZQogICBtaXNzaW5nIHNvIHRoYXQg dGhlIHVzZXIgaXMgYXdhcmUgb2YgdGhlIHNlY3VyaXR5IHJlcXVpcmVtZW50cy4KCkFzIGEgYm9u dXMgdGhpcyBhbHNvIGluY3JlYXNlcyB0aGUgbGlrZWxpaG9vZCB0aGF0IG90aGVyIGhvc3QgcHJv Y2Vzc2VzCmJlc2lkZXMgdmlydGlvZnNkIHdpbGwgYmUgcHJvdGVjdGVkIGJ5IG5vc3VpZC9ub2V4 ZWMvbm9kZXYgc28gdGhhdCBhCm1hbGljaW91cyBndWVzdCBjYW5ub3QgZHJvcCB0aGVzZSBmaWxl cyBpbiBwbGFjZSBhbmQgdGhlbiBhcnJhbmdlIGZvciBhCmhvc3QgcHJvY2VzcyB0byBjb21lIGFj cm9zcyB0aGVtLgoKQWRkaXRpb25hbGx5LCB1c2VyIG5hbWVzcGFjZXMgaGF2ZSBiZWVuIGRpc2N1 c3NlZC4gVGhleSBzZWVtIGxpa2UgYQp3b3J0aHdoaWxlIGFkZGl0aW9uIGFzIGFuIHVucHJpdmls ZWdlZCBvciBwcml2aWxlZ2Utc2VwYXJhdGVkIG1vZGUKYWx0aG91Z2ggdGhlcmUgYXJlIGxpbWl0 YXRpb25zIHdpdGggcmVzcGVjdCB0byBzZWN1cml0eSB4YXR0cnMgYW5kIHRoZQphY3R1YWwgdWlk L2dpZCBzdG9yZWQgb24gdGhlIGhvc3QgZmlsZSBzeXN0ZW0gbm90IGNvcnJlc3BvbmRpbmcgdG8g dGhlCmd1ZXN0IHVpZC9naWQuCi0tLQogdG9vbHMvdmlydGlvZnNkL3Bhc3N0aHJvdWdoX2xsLmMg fCA4NCArKysrKysrKysrKysrKysrKysrKystLS0tLS0tLS0tLQogMSBmaWxlIGNoYW5nZWQsIDU2 IGluc2VydGlvbnMoKyksIDI4IGRlbGV0aW9ucygtKQoKZGlmZiAtLWdpdCBhL3Rvb2xzL3ZpcnRp b2ZzZC9wYXNzdGhyb3VnaF9sbC5jIGIvdG9vbHMvdmlydGlvZnNkL3Bhc3N0aHJvdWdoX2xsLmMK aW5kZXggNWZiMzZkOTQwNy4uZTA4MzUyZDY0OSAxMDA2NDQKLS0tIGEvdG9vbHMvdmlydGlvZnNk L3Bhc3N0aHJvdWdoX2xsLmMKKysrIGIvdG9vbHMvdmlydGlvZnNkL3Bhc3N0aHJvdWdoX2xsLmMK QEAgLTU1NSw2ICs1NTUsMjkgQEAgc3RhdGljIGludCBsb19mZChmdXNlX3JlcV90IHJlcSwgZnVz ZV9pbm9fdCBpbm8pCiAgICAgcmV0dXJuIGZkOwogfQogCisvKgorICogT3BlbiBhIGZpbGUgZGVz Y3JpcHRvciBmb3IgYW4gaW5vZGUuIFJldHVybnMgLUVCQURGIGlmIHRoZSBpbm9kZSBpcyBub3Qg YQorICogcmVndWxhciBmaWxlIG9yIGEgZGlyZWN0b3J5LiBVc2UgdGhpcyBoZWxwZXIgZnVuY3Rp b24gaW5zdGVhZCBvZiByYXcKKyAqIG9wZW5hdCgyKSB0byBwcmV2ZW50IHNlY3VyaXR5IGlzc3Vl cyB3aGVuIGEgbWFsaWNpb3VzIGNsaWVudCBvcGVucyBzcGVjaWFsCisgKiBmaWxlcyBzdWNoIGFz IGJsb2NrIGRldmljZSBub2Rlcy4KKyAqLworc3RhdGljIGludCBsb19pbm9kZV9vcGVuKHN0cnVj dCBsb19kYXRhICpsbywgc3RydWN0IGxvX2lub2RlICppbm9kZSwKKyAgICAgICAgICAgICAgICAg ICAgICAgICBpbnQgb3Blbl9mbGFncykKK3sKKyAgICBnX2F1dG9mcmVlIGNoYXIgKmZkX3N0ciA9 IGdfc3RyZHVwX3ByaW50ZigiJWQiLCBpbm9kZS0+ZmQpOworICAgIGludCBmZDsKKworICAgIGlm ICghU19JU1JFRyhpbm9kZS0+ZmlsZXR5cGUpICYmICFTX0lTRElSKGlub2RlLT5maWxldHlwZSkp IHsKKyAgICAgICAgcmV0dXJuIC1FQkFERjsKKyAgICB9CisKKyAgICBmZCA9IG9wZW5hdChsby0+ cHJvY19zZWxmX2ZkLCBmZF9zdHIsIG9wZW5fZmxhZ3MpOworICAgIGlmIChmZCA8IDApIHsKKyAg ICAgICAgcmV0dXJuIC1lcnJubzsKKyAgICB9CisgICAgcmV0dXJuIGZkOworfQorCiBzdGF0aWMg dm9pZCBsb19pbml0KHZvaWQgKnVzZXJkYXRhLCBzdHJ1Y3QgZnVzZV9jb25uX2luZm8gKmNvbm4p CiB7CiAgICAgc3RydWN0IGxvX2RhdGEgKmxvID0gKHN0cnVjdCBsb19kYXRhICopdXNlcmRhdGE7 CkBAIC02ODQsOCArNzA3LDcgQEAgc3RhdGljIHZvaWQgbG9fc2V0YXR0cihmdXNlX3JlcV90IHJl cSwgZnVzZV9pbm9fdCBpbm8sIHN0cnVjdCBzdGF0ICphdHRyLAogICAgICAgICBpZiAoZmkpIHsK ICAgICAgICAgICAgIHRydW5jZmQgPSBmZDsKICAgICAgICAgfSBlbHNlIHsKLSAgICAgICAgICAg IHNwcmludGYocHJvY25hbWUsICIlaSIsIGlmZCk7Ci0gICAgICAgICAgICB0cnVuY2ZkID0gb3Bl bmF0KGxvLT5wcm9jX3NlbGZfZmQsIHByb2NuYW1lLCBPX1JEV1IpOworICAgICAgICAgICAgdHJ1 bmNmZCA9IGxvX2lub2RlX29wZW4obG8sIGlub2RlLCBPX1JEV1IpOwogICAgICAgICAgICAgaWYg KHRydW5jZmQgPCAwKSB7CiAgICAgICAgICAgICAgICAgZ290byBvdXRfZXJyOwogICAgICAgICAg ICAgfQpAQCAtMTcyNSw3ICsxNzQ3LDYgQEAgc3RhdGljIHN0cnVjdCBsb19pbm9kZV9wbG9jayAq bG9va3VwX2NyZWF0ZV9wbG9ja19jdHgoc3RydWN0IGxvX2RhdGEgKmxvLAogICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgcGlkX3QgcGlkLCBpbnQg KmVycikKIHsKICAgICBzdHJ1Y3QgbG9faW5vZGVfcGxvY2sgKnBsb2NrOwotICAgIGNoYXIgcHJv Y25hbWVbNjRdOwogICAgIGludCBmZDsKIAogICAgIHBsb2NrID0KQEAgLTE3NDIsMTIgKzE3NjMs MTAgQEAgc3RhdGljIHN0cnVjdCBsb19pbm9kZV9wbG9jayAqbG9va3VwX2NyZWF0ZV9wbG9ja19j dHgoc3RydWN0IGxvX2RhdGEgKmxvLAogICAgIH0KIAogICAgIC8qIE9wZW4gYW5vdGhlciBpbnN0 YW5jZSBvZiBmaWxlIHdoaWNoIGNhbiBiZSB1c2VkIGZvciBvZmQgbG9ja3MuICovCi0gICAgc3By aW50Zihwcm9jbmFtZSwgIiVpIiwgaW5vZGUtPmZkKTsKLQogICAgIC8qIFRPRE86IFdoYXQgaWYg ZmlsZSBpcyBub3Qgd3JpdGFibGU/ICovCi0gICAgZmQgPSBvcGVuYXQobG8tPnByb2Nfc2VsZl9m ZCwgcHJvY25hbWUsIE9fUkRXUik7Ci0gICAgaWYgKGZkID09IC0xKSB7Ci0gICAgICAgICplcnIg PSBlcnJubzsKKyAgICBmZCA9IGxvX2lub2RlX29wZW4obG8sIGlub2RlLCBPX1JEV1IpOworICAg IGlmIChmZCA8IDApIHsKKyAgICAgICAgKmVyciA9IC1mZDsKICAgICAgICAgZnJlZShwbG9jayk7 CiAgICAgICAgIHJldHVybiBOVUxMOwogICAgIH0KQEAgLTE4OTQsMTggKzE5MTMsMjQgQEAgc3Rh dGljIHZvaWQgbG9fb3BlbihmdXNlX3JlcV90IHJlcSwgZnVzZV9pbm9fdCBpbm8sIHN0cnVjdCBm dXNlX2ZpbGVfaW5mbyAqZmkpCiB7CiAgICAgaW50IGZkOwogICAgIHNzaXplX3QgZmg7Ci0gICAg Y2hhciBidWZbNjRdOwogICAgIHN0cnVjdCBsb19kYXRhICpsbyA9IGxvX2RhdGEocmVxKTsKKyAg ICBzdHJ1Y3QgbG9faW5vZGUgKmlub2RlID0gbG9faW5vZGUocmVxLCBpbm8pOwogCiAgICAgZnVz ZV9sb2coRlVTRV9MT0dfREVCVUcsICJsb19vcGVuKGlubz0lIiBQUkl1NjQgIiwgZmxhZ3M9JWQp XG4iLCBpbm8sCiAgICAgICAgICAgICAgZmktPmZsYWdzKTsKIAorICAgIGlmICghaW5vZGUpIHsK KyAgICAgICAgZnVzZV9yZXBseV9lcnIocmVxLCBFQkFERik7CisgICAgICAgIHJldHVybjsKKyAg ICB9CisKICAgICB1cGRhdGVfb3Blbl9mbGFncyhsby0+d3JpdGViYWNrLCBsby0+YWxsb3dfZGly ZWN0X2lvLCBmaSk7CiAKLSAgICBzcHJpbnRmKGJ1ZiwgIiVpIiwgbG9fZmQocmVxLCBpbm8pKTsK LSAgICBmZCA9IG9wZW5hdChsby0+cHJvY19zZWxmX2ZkLCBidWYsIGZpLT5mbGFncyAmIH5PX05P Rk9MTE9XKTsKLSAgICBpZiAoZmQgPT0gLTEpIHsKLSAgICAgICAgcmV0dXJuICh2b2lkKWZ1c2Vf cmVwbHlfZXJyKHJlcSwgZXJybm8pOworICAgIGZkID0gbG9faW5vZGVfb3BlbihsbywgaW5vZGUs IGZpLT5mbGFncyAmIH5PX05PRk9MTE9XKTsKKyAgICBpZiAoZmQgPCAwKSB7CisgICAgICAgIGxv X2lub2RlX3B1dChsbywgJmlub2RlKTsKKyAgICAgICAgZnVzZV9yZXBseV9lcnIocmVxLCAtZmQp OworICAgICAgICByZXR1cm47CiAgICAgfQogCiAgICAgcHRocmVhZF9tdXRleF9sb2NrKCZsby0+ bXV0ZXgpOwpAQCAtMTkxMyw2ICsxOTM4LDcgQEAgc3RhdGljIHZvaWQgbG9fb3BlbihmdXNlX3Jl cV90IHJlcSwgZnVzZV9pbm9fdCBpbm8sIHN0cnVjdCBmdXNlX2ZpbGVfaW5mbyAqZmkpCiAgICAg cHRocmVhZF9tdXRleF91bmxvY2soJmxvLT5tdXRleCk7CiAgICAgaWYgKGZoID09IC0xKSB7CiAg ICAgICAgIGNsb3NlKGZkKTsKKyAgICAgICAgbG9faW5vZGVfcHV0KGxvLCAmaW5vZGUpOwogICAg ICAgICBmdXNlX3JlcGx5X2VycihyZXEsIEVOT01FTSk7CiAgICAgICAgIHJldHVybjsKICAgICB9 CkBAIC0xOTIzLDYgKzE5NDksNyBAQCBzdGF0aWMgdm9pZCBsb19vcGVuKGZ1c2VfcmVxX3QgcmVx LCBmdXNlX2lub190IGlubywgc3RydWN0IGZ1c2VfZmlsZV9pbmZvICpmaSkKICAgICB9IGVsc2Ug aWYgKGxvLT5jYWNoZSA9PSBDQUNIRV9BTFdBWVMpIHsKICAgICAgICAgZmktPmtlZXBfY2FjaGUg PSAxOwogICAgIH0KKyAgICBsb19pbm9kZV9wdXQobG8sICZpbm9kZSk7CiAgICAgZnVzZV9yZXBs eV9vcGVuKHJlcSwgZmkpOwogfQogCkBAIC0xOTgyLDM5ICsyMDA5LDQwIEBAIHN0YXRpYyB2b2lk IGxvX2ZsdXNoKGZ1c2VfcmVxX3QgcmVxLCBmdXNlX2lub190IGlubywgc3RydWN0IGZ1c2VfZmls ZV9pbmZvICpmaSkKIHN0YXRpYyB2b2lkIGxvX2ZzeW5jKGZ1c2VfcmVxX3QgcmVxLCBmdXNlX2lu b190IGlubywgaW50IGRhdGFzeW5jLAogICAgICAgICAgICAgICAgICAgICAgc3RydWN0IGZ1c2Vf ZmlsZV9pbmZvICpmaSkKIHsKKyAgICBzdHJ1Y3QgbG9faW5vZGUgKmlub2RlID0gbG9faW5vZGUo cmVxLCBpbm8pOworICAgIHN0cnVjdCBsb19kYXRhICpsbyA9IGxvX2RhdGEocmVxKTsKICAgICBp bnQgcmVzOwogICAgIGludCBmZDsKLSAgICBjaGFyICpidWY7CiAKICAgICBmdXNlX2xvZyhGVVNF X0xPR19ERUJVRywgImxvX2ZzeW5jKGlubz0lIiBQUkl1NjQgIiwgZmk9MHglcClcbiIsIGlubywK ICAgICAgICAgICAgICAodm9pZCAqKWZpKTsKIAorICAgIGlmICghaW5vZGUpIHsKKyAgICAgICAg ZnVzZV9yZXBseV9lcnIocmVxLCBFQkFERik7CisgICAgICAgIHJldHVybjsKKyAgICB9CisKICAg ICBpZiAoIWZpKSB7Ci0gICAgICAgIHN0cnVjdCBsb19kYXRhICpsbyA9IGxvX2RhdGEocmVxKTsK LQotICAgICAgICByZXMgPSBhc3ByaW50ZigmYnVmLCAiJWkiLCBsb19mZChyZXEsIGlubykpOwot ICAgICAgICBpZiAocmVzID09IC0xKSB7Ci0gICAgICAgICAgICByZXR1cm4gKHZvaWQpZnVzZV9y ZXBseV9lcnIocmVxLCBlcnJubyk7Ci0gICAgICAgIH0KLQotICAgICAgICBmZCA9IG9wZW5hdChs by0+cHJvY19zZWxmX2ZkLCBidWYsIE9fUkRXUik7Ci0gICAgICAgIGZyZWUoYnVmKTsKLSAgICAg ICAgaWYgKGZkID09IC0xKSB7Ci0gICAgICAgICAgICByZXR1cm4gKHZvaWQpZnVzZV9yZXBseV9l cnIocmVxLCBlcnJubyk7CisgICAgICAgIGZkID0gbG9faW5vZGVfb3BlbihsbywgaW5vZGUsIE9f UkRXUik7CisgICAgICAgIGlmIChmZCA8IDApIHsKKyAgICAgICAgICAgIHJlcyA9IC1mZDsKKyAg ICAgICAgICAgIGdvdG8gb3V0OwogICAgICAgICB9CiAgICAgfSBlbHNlIHsKICAgICAgICAgZmQg PSBsb19maV9mZChyZXEsIGZpKTsKICAgICB9CiAKICAgICBpZiAoZGF0YXN5bmMpIHsKLSAgICAg ICAgcmVzID0gZmRhdGFzeW5jKGZkKTsKKyAgICAgICAgcmVzID0gZmRhdGFzeW5jKGZkKSA9PSAt MSA/IGVycm5vIDogMDsKICAgICB9IGVsc2UgewotICAgICAgICByZXMgPSBmc3luYyhmZCk7Cisg ICAgICAgIHJlcyA9IGZzeW5jKGZkKSA9PSAtMSA/IGVycm5vIDogMDsKICAgICB9CiAgICAgaWYg KCFmaSkgewogICAgICAgICBjbG9zZShmZCk7CiAgICAgfQotICAgIGZ1c2VfcmVwbHlfZXJyKHJl cSwgcmVzID09IC0xID8gZXJybm8gOiAwKTsKK291dDoKKyAgICBsb19pbm9kZV9wdXQobG8sICZp bm9kZSk7CisgICAgZnVzZV9yZXBseV9lcnIocmVxLCByZXMpOwogfQogCiBzdGF0aWMgdm9pZCBs b19yZWFkKGZ1c2VfcmVxX3QgcmVxLCBmdXNlX2lub190IGlubywgc2l6ZV90IHNpemUsIG9mZl90 IG9mZnNldCwKLS0gCjIuMjkuMgoK