From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id B7051C433EF for ; Thu, 10 Mar 2022 23:48:23 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1344088AbiCJXtW (ORCPT ); Thu, 10 Mar 2022 18:49:22 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49456 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233353AbiCJXtU (ORCPT ); Thu, 10 Mar 2022 18:49:20 -0500 Received: from sonic301-38.consmr.mail.ne1.yahoo.com (sonic301-38.consmr.mail.ne1.yahoo.com [66.163.184.207]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4C402E0AE6 for ; Thu, 10 Mar 2022 15:48:17 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1646956096; bh=bN7UjzkLpmK8Etg3af+uvO0f3fY31Npj4OxsA9N1ShA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=DKKowPP2a2LqlXrd86hkmF9TaC9rfv0BYchYmBcILdxzmHiX/HSiJ1U7kYCbR280dimCsVH4QHHY6lwHNBp0XBPL61Wy4hC2NxGKL+z7JZsZZRKWVNbz8tZcBQ4+qzqUA0INMqniRR5byY/YqQlHoAz3io9PR9bMMITvScGX8k/0OGA2MBKmByV+KsxCk61qKqOELttJ0zqGQ7kZOWpB14e3HLDFQbuCEYUIRCDVHzeEihStGEl89ENbEGUjDnUT3Usr2ZouQur9I5oBw7zVMB4bYlzlDRLxap4TnRxqC6e46fLHeGnQ8M4eXsD3xvGYUNYrKgxcb8Hxm4e7FdGG0Q== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1646956096; bh=0FJVnXUsm/OsW9HIHOUMMmhrs/n+3To2raSmllvfE9V=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=cTGcFB5s6HHdBR1sJvwNtrqUgAxIzGtNKJDm4XykCO6ur98Wbd4BNxaPFpllj61P0OWWL27CFTWWqYv/cUi2VQWEzwKpivp/VVz7MUeOam5qHuc25erlnLAAJmRU+Hev45XBBL9gSAHDny288mzJiPYd4Y1o2Gr7bkTHZnM6H5q80lNFRDfKp3rB8YNibFYx3fGps716TyWmaVKQdi3KpRwMl+2ySHaXmUIsHO6CVn5lJ/WedTSW6wSBoX0MCnTGi+ylO2hx7Znn33dfkXySINM/r6W7rXmjIr5duskxV+pqL+4wcF9wu72dNfBaXnnPupO2mM2wCUzemdTFZFIbkw== X-YMail-OSG: 23tlpQEVM1lyNWsa7p8yLp881Zo5wsPJUykpNuOPY_K2oWHvNYKGtNTehPCjIBu 02M8705.YvsCE2KDVB.FlYoRtwXn2kQCy4P9Od2kko.pP5m08ZVb5ngN74X_yJDtaBu7pIYMKVwL s8BdpaKcA7VhfK5Xd17XtxoGgUIKchSdUjncXneZYfTknrGQjGK2K.Utz_abOP0XRLggChIdkkAJ zKMQlzXUNdw3aeaLF9zr6VtYpyQYmUxrAOHtVHPbuG2viZs804iF2XKbwyD0cAr92vHrLo_37anl WFagVPoxuxQTy80tGMvO9XAOWQuFTPxFkJndwS5dN1nl9LlZ4cLbk7R_9Do1Uo4PHO9f_B07w9cL dxsu4JbZkzG6CX.ht4vdzaawQkwFowPT2HUuTBNORni7nji35nxAQCzbELnufpvPQzEnAy09oXAX FyhTmbWyvv_Nn7CsqZ8Gt_1hSNCGiUBxANxXkhA_lDgFjqIi3kGu9bd6qaGNFFJEtL1mFToF6sGM nouFpyIYqn5OCTG_tlQK.m7QA51moOTdkCWJfrz8yBO8ed8hMKwYr0yYAAw2bJDEn05FHBlYNjR1 fIYLAhIK3LMsVvM2hEGCjP0nF1MUopTdKuX8Z82gjjb5Tu3eLLBvbtM.jwQZtjbf63Pj3t2b7ifr HGKSg09KvGZc1AY0VNzz9K3T9yipdAylB5SwRJxUhBFIJY6JW9vjDpFBGrjvQSzLXinU3TZ4.Tam fSS6LwU1sk6l2OFWN3hQ5Pf1PTmz7XHBF5jxgPNtTk32lmvSgZeijAoiGxGRX5DebrXE3_n670hK ljnSDIWwmXCH.SNKxXkr95YGd7ThOf6b0ZY0s5cDEjJ54RnDRzMAl6nvVrpBMdC_Aoi4K4.ginh7 .N3WBkesssCQaq2asXV0DJVXJJJ0xCFz_VhIVT6pU9wJJqBa.13R5uVg.o9LDsXVjZShehbMgUIJ 4E5WDPbaiqNuCGO47.cK0ckR4AeoMybJ56CkthCghNHWV9NUvdoPSxpbg7_6eZoOjqYFcIML6En9 AnfUBKg23_zFhEZQk9PO2JfB0dp9MFjQ.4isMilng_YEAAR09Yu649HNmQJ1Qp05VXkyz44rTzZE _E0tlIYbOEvMKEhABiTHZ9.pBwhWcEPWXRMuELVmraBQBPqG1rgXABGxUbsmmm.rp_Gm.rRR8IPf RgGR6jZczsmJC3kie5.WyDxI0W67hSNHpFE5TIjwBgXFihyvEGqYh.s5alTYnxarOJYklSQOLl3O pz9tjZfGR.JQ3sEapOSEyITGpt17leowIWPyuTqCY2UuC53osSzq.sN4bZycHdOWrtt2Ldzh44S2 F52df6TlomC.lUVlhnitASRql4rt5G_k2kzdnyd4h8ah_16i915CGXV3XiM_X5kEy0ryqWjOE326 OGN9A4l9AwjBXo3KF36TR7IjJtJVLF4WGwpYr7KUv.eFSbxoC5XX8CRjJgCQOFAlR3lV5Gysrp26 gzDEQRFBeYal9oY.binHGEo_zCeW7baMBJ3mCv3h6wJNhS2QQtSom8V3ZtkPb.ka4a4vraX7u4uK bCiuPguVSxzvfMdqTMm9IXxvf9W0Z7zAYKP6aN0P1DTCjJCi3bSGs1PUdBMOh8S1jtfEMNwUmJrN gE1r0v6VMCp605GjxuulMpx378kz52gHv8pSj6Aae9pA7JiXcrHVhLFFjzi.ANVqxLOXo_GIgQ9v kwQ4QBuWRyiNKSBP1QyDf8P8TQmzi9nRzRX3LQK5WrnNe4h0lNz0am.pqVPBI8BRS.6Kj9ykx_fX 9oZDB0qGwys3aSxvcXWsmq_7d0CaANqurUwPfzTeM6rd9XN5FOW5CShQCns0b6bAgs_cbKv1Z4fX pJd2CZzGSHuslAJjGq6LL6qdteWXWID0X3tHLvRex.nSIt3ks2p8DXd51SXqjFbmHTJVavPHfieX dtCBZy1BBkzrihaA2Q.3OGx.kBF13CgAIaA7AmIKx5yIxWcActyb_2XxEebTwyhAcr.L7f7Lo.Rd mDr7Dr_XdaCb_UpZA.eM7PDaotE3aZ7MvXi2DffJMN.f3L2b777wC7GLbMs_6TAI7FtGcbHs8l16 ehVCmXBZGpsq4BkmWQ8BZEAkG9p7FwoQ43y_CcVkkJ.jHMI70ZMRW.Q32BKFFxjmXPY.CBcmbAwD PzFyaHQUn.c7DK8oNWRY4CHpe4G1iyE_78uAScWBVo82Ws8hdPfgkSy4bLKVxyUBDk3Hn9PUw5dH Y161arPcs7d_Mbh8TefvhujQ5DwM6_gi9SkzVMn4rYhk0ncyumctSg7Qohgr7qYr3ifDbM2LBNOY 9KNc3RC.LnaZw9a28zumt9Bpl X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic301.consmr.mail.ne1.yahoo.com with HTTP; Thu, 10 Mar 2022 23:48:16 +0000 Received: by kubenode513.mail-prod1.omega.gq1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 83925d611ffce7fcc78508743dd1e1cf; Thu, 10 Mar 2022 23:48:14 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: casey@schaufler-ca.com, linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, =?UTF-8?q?Micka=C3=ABl=20Sala=C3=BCn?= Subject: [PATCH v33 03/29] LSM: Add the lsmblob data structure. Date: Thu, 10 Mar 2022 15:46:06 -0800 Message-Id: <20220310234632.16194-4-casey@schaufler-ca.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20220310234632.16194-1-casey@schaufler-ca.com> References: <20220310234632.16194-1-casey@schaufler-ca.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org When more than one security module is exporting data to audit and networking sub-systems a single 32 bit integer is no longer sufficient to represent the data. Add a structure to be used instead. The lsmblob structure is currently an array of u32 "secids". There is an entry for each of the security modules built into the system that would use secids if active. The system assigns the module a "slot" when it registers hooks. If modules are compiled in but not registered there will be unused slots. A new lsm_id structure, which contains the name of the LSM and its slot number, is created. There is an instance for each LSM, which assigns the name and passes it to the infrastructure to set the slot. The audit rules data is expanded to use an array of security module data rather than a single instance. A new structure audit_lsm_rules is defined to avoid the confusion which commonly accompanies the use of void ** parameters. Signed-off-by: Casey Schaufler Reviewed-by: Mickaël Salaün --- include/linux/audit.h | 10 ++++- include/linux/lsm_hooks.h | 12 +++++- include/linux/security.h | 75 ++++++++++++++++++++++++++++++--- kernel/auditfilter.c | 23 +++++----- kernel/auditsc.c | 17 +++----- security/apparmor/lsm.c | 7 ++- security/bpf/hooks.c | 12 +++++- security/commoncap.c | 7 ++- security/landlock/cred.c | 2 +- security/landlock/fs.c | 2 +- security/landlock/ptrace.c | 2 +- security/landlock/setup.c | 5 +++ security/landlock/setup.h | 1 + security/loadpin/loadpin.c | 8 +++- security/lockdown/lockdown.c | 7 ++- security/safesetid/lsm.c | 8 +++- security/security.c | 82 ++++++++++++++++++++++++++++++------ security/selinux/hooks.c | 8 +++- security/smack/smack_lsm.c | 7 ++- security/tomoyo/tomoyo.c | 8 +++- security/yama/yama_lsm.c | 7 ++- 21 files changed, 254 insertions(+), 56 deletions(-) diff --git a/include/linux/audit.h b/include/linux/audit.h index d06134ac6245..14849d5f84b4 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h @@ -11,6 +11,7 @@ #include #include +#include #include #include #include @@ -59,6 +60,10 @@ struct audit_krule { /* Flag to indicate legacy AUDIT_LOGINUID unset usage */ #define AUDIT_LOGINUID_LEGACY 0x1 +struct audit_lsm_rules { + void *rule[LSMBLOB_ENTRIES]; +}; + struct audit_field { u32 type; union { @@ -66,8 +71,9 @@ struct audit_field { kuid_t uid; kgid_t gid; struct { - char *lsm_str; - void *lsm_rule; + bool lsm_isset; + char *lsm_str; + struct audit_lsm_rules lsm_rules; }; }; u32 op; diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index 129d99c6f9ed..2c2d0ef59a41 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -1582,6 +1582,14 @@ struct security_hook_heads { #undef LSM_HOOK } __randomize_layout; +/* + * Information that identifies a security module. + */ +struct lsm_id { + const char *lsm; /* Name of the LSM */ + int slot; /* Slot in lsmblob if one is allocated */ +}; + /* * Security module hook list structure. * For use with generic list macros for common operations. @@ -1590,7 +1598,7 @@ struct security_hook_list { struct hlist_node list; struct hlist_head *head; union security_list_options hook; - char *lsm; + struct lsm_id *lsmid; } __randomize_layout; /* @@ -1626,7 +1634,7 @@ extern struct security_hook_heads security_hook_heads; extern char *lsm_names; extern void security_add_hooks(struct security_hook_list *hooks, int count, - char *lsm); + struct lsm_id *lsmid); #define LSM_FLAG_LEGACY_MAJOR BIT(0) #define LSM_FLAG_EXCLUSIVE BIT(1) diff --git a/include/linux/security.h b/include/linux/security.h index 33e0f2e659df..c53bf67c4d9f 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -39,6 +39,7 @@ struct kernel_siginfo; struct sembuf; struct kern_ipc_perm; struct audit_context; +struct audit_lsm_rules; struct super_block; struct inode; struct dentry; @@ -134,6 +135,66 @@ enum lockdown_reason { extern const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1]; +/* + * Data exported by the security modules + * + * Any LSM that provides secid or secctx based hooks must be included. + */ +#define LSMBLOB_ENTRIES ( \ + (IS_ENABLED(CONFIG_SECURITY_SELINUX) ? 1 : 0) + \ + (IS_ENABLED(CONFIG_SECURITY_SMACK) ? 1 : 0) + \ + (IS_ENABLED(CONFIG_SECURITY_APPARMOR) ? 1 : 0) + \ + (IS_ENABLED(CONFIG_BPF_LSM) ? 1 : 0)) + +struct lsmblob { + u32 secid[LSMBLOB_ENTRIES]; +}; + +#define LSMBLOB_INVALID -1 /* Not a valid LSM slot number */ +#define LSMBLOB_NEEDED -2 /* Slot requested on initialization */ +#define LSMBLOB_NOT_NEEDED -3 /* Slot not requested */ + +/** + * lsmblob_init - initialize a lsmblob structure + * @blob: Pointer to the data to initialize + * @secid: The initial secid value + * + * Set all secid for all modules to the specified value. + */ +static inline void lsmblob_init(struct lsmblob *blob, u32 secid) +{ + int i; + + for (i = 0; i < LSMBLOB_ENTRIES; i++) + blob->secid[i] = secid; +} + +/** + * lsmblob_is_set - report if there is a value in the lsmblob + * @blob: Pointer to the exported LSM data + * + * Returns true if there is a secid set, false otherwise + */ +static inline bool lsmblob_is_set(struct lsmblob *blob) +{ + const struct lsmblob empty = {}; + + return !!memcmp(blob, &empty, sizeof(*blob)); +} + +/** + * lsmblob_equal - report if the two lsmblob's are equal + * @bloba: Pointer to one LSM data + * @blobb: Pointer to the other LSM data + * + * Returns true if all entries in the two are equal, false otherwise + */ +static inline bool lsmblob_equal(const struct lsmblob *bloba, + const struct lsmblob *blobb) +{ + return !memcmp(bloba, blobb, sizeof(*bloba)); +} + /* These functions are in security/commoncap.c */ extern int cap_capable(const struct cred *cred, struct user_namespace *ns, int cap, unsigned int opts); @@ -1879,15 +1940,17 @@ static inline int security_key_getsecurity(struct key *key, char **_buffer) #ifdef CONFIG_AUDIT #ifdef CONFIG_SECURITY -int security_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule); +int security_audit_rule_init(u32 field, u32 op, char *rulestr, + struct audit_lsm_rules *lsmrules); int security_audit_rule_known(struct audit_krule *krule); -int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule); -void security_audit_rule_free(void *lsmrule); +int security_audit_rule_match(u32 secid, u32 field, u32 op, + struct audit_lsm_rules *lsmrules); +void security_audit_rule_free(struct audit_lsm_rules *lsmrules); #else static inline int security_audit_rule_init(u32 field, u32 op, char *rulestr, - void **lsmrule) + struct audit_lsm_rules *lsmrules) { return 0; } @@ -1898,12 +1961,12 @@ static inline int security_audit_rule_known(struct audit_krule *krule) } static inline int security_audit_rule_match(u32 secid, u32 field, u32 op, - void *lsmrule) + struct audit_lsm_rules *lsmrules) { return 0; } -static inline void security_audit_rule_free(void *lsmrule) +static inline void security_audit_rule_free(struct audit_lsm_rules *lsmrules) { } #endif /* CONFIG_SECURITY */ diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index 42d99896e7a6..de75bd6ad866 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c @@ -76,7 +76,7 @@ static void audit_free_lsm_field(struct audit_field *f) case AUDIT_OBJ_LEV_LOW: case AUDIT_OBJ_LEV_HIGH: kfree(f->lsm_str); - security_audit_rule_free(f->lsm_rule); + security_audit_rule_free(&f->lsm_rules); } } @@ -529,7 +529,7 @@ static struct audit_entry *audit_data_to_entry(struct audit_rule_data *data, entry->rule.buflen += f_val; f->lsm_str = str; err = security_audit_rule_init(f->type, f->op, str, - (void **)&f->lsm_rule); + &f->lsm_rules); /* Keep currently invalid fields around in case they * become valid after a policy reload. */ if (err == -EINVAL) { @@ -782,7 +782,7 @@ static int audit_compare_rule(struct audit_krule *a, struct audit_krule *b) return 0; } -/* Duplicate LSM field information. The lsm_rule is opaque, so must be +/* Duplicate LSM field information. The lsm_rules is opaque, so must be * re-initialized. */ static inline int audit_dupe_lsm_field(struct audit_field *df, struct audit_field *sf) @@ -796,9 +796,9 @@ static inline int audit_dupe_lsm_field(struct audit_field *df, return -ENOMEM; df->lsm_str = lsm_str; - /* our own (refreshed) copy of lsm_rule */ + /* our own (refreshed) copy of lsm_rules */ ret = security_audit_rule_init(df->type, df->op, df->lsm_str, - (void **)&df->lsm_rule); + &df->lsm_rules); /* Keep currently invalid fields around in case they * become valid after a policy reload. */ if (ret == -EINVAL) { @@ -850,7 +850,7 @@ struct audit_entry *audit_dupe_rule(struct audit_krule *old) new->tree = old->tree; memcpy(new->fields, old->fields, sizeof(struct audit_field) * fcount); - /* deep copy this information, updating the lsm_rule fields, because + /* deep copy this information, updating the lsm_rules fields, because * the originals will all be freed when the old rule is freed. */ for (i = 0; i < fcount; i++) { switch (new->fields[i].type) { @@ -1367,10 +1367,11 @@ int audit_filter(int msgtype, unsigned int listtype) case AUDIT_SUBJ_TYPE: case AUDIT_SUBJ_SEN: case AUDIT_SUBJ_CLR: - if (f->lsm_rule) { + if (f->lsm_str) { security_current_getsecid_subj(&sid); result = security_audit_rule_match(sid, - f->type, f->op, f->lsm_rule); + f->type, f->op, + &f->lsm_rules); } break; case AUDIT_EXE: @@ -1397,7 +1398,7 @@ int audit_filter(int msgtype, unsigned int listtype) return ret; } -static int update_lsm_rule(struct audit_krule *r) +static int update_lsm_rules(struct audit_krule *r) { struct audit_entry *entry = container_of(r, struct audit_entry, rule); struct audit_entry *nentry; @@ -1429,7 +1430,7 @@ static int update_lsm_rule(struct audit_krule *r) return err; } -/* This function will re-initialize the lsm_rule field of all applicable rules. +/* This function will re-initialize the lsm_rules field of all applicable rules. * It will traverse the filter lists serarching for rules that contain LSM * specific filter fields. When such a rule is found, it is copied, the * LSM field is re-initialized, and the old rule is replaced with the @@ -1444,7 +1445,7 @@ int audit_update_lsm_rules(void) for (i = 0; i < AUDIT_NR_FILTERS; i++) { list_for_each_entry_safe(r, n, &audit_rules_list[i], list) { - int res = update_lsm_rule(r); + int res = update_lsm_rules(r); if (!err) err = res; } diff --git a/kernel/auditsc.c b/kernel/auditsc.c index fce5d43a933f..f1c26a322f9d 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -664,7 +664,7 @@ static int audit_filter_rules(struct task_struct *tsk, match for now to avoid losing information that may be wanted. An error message will also be logged upon error */ - if (f->lsm_rule) { + if (f->lsm_str) { if (need_sid) { /* @tsk should always be equal to * @current with the exception of @@ -679,8 +679,7 @@ static int audit_filter_rules(struct task_struct *tsk, need_sid = 0; } result = security_audit_rule_match(sid, f->type, - f->op, - f->lsm_rule); + f->op, &f->lsm_rules); } break; case AUDIT_OBJ_USER: @@ -690,21 +689,19 @@ static int audit_filter_rules(struct task_struct *tsk, case AUDIT_OBJ_LEV_HIGH: /* The above note for AUDIT_SUBJ_USER...AUDIT_SUBJ_CLR also applies here */ - if (f->lsm_rule) { + if (f->lsm_str) { /* Find files that match */ if (name) { result = security_audit_rule_match( name->osid, f->type, f->op, - f->lsm_rule); + &f->lsm_rules); } else if (ctx) { list_for_each_entry(n, &ctx->names_list, list) { if (security_audit_rule_match( - n->osid, - f->type, - f->op, - f->lsm_rule)) { + n->osid, f->type, f->op, + &f->lsm_rules)) { ++result; break; } @@ -715,7 +712,7 @@ static int audit_filter_rules(struct task_struct *tsk, break; if (security_audit_rule_match(ctx->ipc.osid, f->type, f->op, - f->lsm_rule)) + &f->lsm_rules)) ++result; } break; diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index be8976c407f4..1e53fea61335 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -1168,6 +1168,11 @@ struct lsm_blob_sizes apparmor_blob_sizes __lsm_ro_after_init = { .lbs_sock = sizeof(struct aa_sk_ctx), }; +static struct lsm_id apparmor_lsmid __lsm_ro_after_init = { + .lsm = "apparmor", + .slot = LSMBLOB_NEEDED +}; + static struct security_hook_list apparmor_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(ptrace_access_check, apparmor_ptrace_access_check), LSM_HOOK_INIT(ptrace_traceme, apparmor_ptrace_traceme), @@ -1853,7 +1858,7 @@ static int __init apparmor_init(void) goto buffers_out; } security_add_hooks(apparmor_hooks, ARRAY_SIZE(apparmor_hooks), - "apparmor"); + &apparmor_lsmid); /* Report that AppArmor successfully initialized */ apparmor_initialized = 1; diff --git a/security/bpf/hooks.c b/security/bpf/hooks.c index e5971fa74fd7..7a58fe9ab8c4 100644 --- a/security/bpf/hooks.c +++ b/security/bpf/hooks.c @@ -15,9 +15,19 @@ static struct security_hook_list bpf_lsm_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(task_free, bpf_task_storage_free), }; +/* + * slot has to be LSMBLOB_NEEDED because some of the hooks + * supplied by this module require a slot. + */ +struct lsm_id bpf_lsmid __lsm_ro_after_init = { + .lsm = "bpf", + .slot = LSMBLOB_NEEDED +}; + static int __init bpf_lsm_init(void) { - security_add_hooks(bpf_lsm_hooks, ARRAY_SIZE(bpf_lsm_hooks), "bpf"); + security_add_hooks(bpf_lsm_hooks, ARRAY_SIZE(bpf_lsm_hooks), + &bpf_lsmid); pr_info("LSM support for eBPF active\n"); return 0; } diff --git a/security/commoncap.c b/security/commoncap.c index 5fc8986c3c77..c94ec46e07ac 100644 --- a/security/commoncap.c +++ b/security/commoncap.c @@ -1446,6 +1446,11 @@ int cap_mmap_file(struct file *file, unsigned long reqprot, #ifdef CONFIG_SECURITY +static struct lsm_id capability_lsmid __lsm_ro_after_init = { + .lsm = "capability", + .slot = LSMBLOB_NOT_NEEDED +}; + static struct security_hook_list capability_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(capable, cap_capable), LSM_HOOK_INIT(settime, cap_settime), @@ -1470,7 +1475,7 @@ static struct security_hook_list capability_hooks[] __lsm_ro_after_init = { static int __init capability_init(void) { security_add_hooks(capability_hooks, ARRAY_SIZE(capability_hooks), - "capability"); + &capability_lsmid); return 0; } diff --git a/security/landlock/cred.c b/security/landlock/cred.c index 6725af24c684..56b121d65436 100644 --- a/security/landlock/cred.c +++ b/security/landlock/cred.c @@ -42,5 +42,5 @@ static struct security_hook_list landlock_hooks[] __lsm_ro_after_init = { __init void landlock_add_cred_hooks(void) { security_add_hooks(landlock_hooks, ARRAY_SIZE(landlock_hooks), - LANDLOCK_NAME); + &landlock_lsmid); } diff --git a/security/landlock/fs.c b/security/landlock/fs.c index 97b8e421f617..319e90e9290c 100644 --- a/security/landlock/fs.c +++ b/security/landlock/fs.c @@ -688,5 +688,5 @@ static struct security_hook_list landlock_hooks[] __lsm_ro_after_init = { __init void landlock_add_fs_hooks(void) { security_add_hooks(landlock_hooks, ARRAY_SIZE(landlock_hooks), - LANDLOCK_NAME); + &landlock_lsmid); } diff --git a/security/landlock/ptrace.c b/security/landlock/ptrace.c index f55b82446de2..54ccf55a077a 100644 --- a/security/landlock/ptrace.c +++ b/security/landlock/ptrace.c @@ -116,5 +116,5 @@ static struct security_hook_list landlock_hooks[] __lsm_ro_after_init = { __init void landlock_add_ptrace_hooks(void) { security_add_hooks(landlock_hooks, ARRAY_SIZE(landlock_hooks), - LANDLOCK_NAME); + &landlock_lsmid); } diff --git a/security/landlock/setup.c b/security/landlock/setup.c index f8e8e980454c..759e00b9436c 100644 --- a/security/landlock/setup.c +++ b/security/landlock/setup.c @@ -23,6 +23,11 @@ struct lsm_blob_sizes landlock_blob_sizes __lsm_ro_after_init = { .lbs_superblock = sizeof(struct landlock_superblock_security), }; +struct lsm_id landlock_lsmid __lsm_ro_after_init = { + .lsm = LANDLOCK_NAME, + .slot = LSMBLOB_NOT_NEEDED, +}; + static int __init landlock_init(void) { landlock_add_cred_hooks(); diff --git a/security/landlock/setup.h b/security/landlock/setup.h index 1daffab1ab4b..38bce5b172dc 100644 --- a/security/landlock/setup.h +++ b/security/landlock/setup.h @@ -14,5 +14,6 @@ extern bool landlock_initialized; extern struct lsm_blob_sizes landlock_blob_sizes; +extern struct lsm_id landlock_lsmid; #endif /* _SECURITY_LANDLOCK_SETUP_H */ diff --git a/security/loadpin/loadpin.c b/security/loadpin/loadpin.c index b12f7d986b1e..b569f3bc170b 100644 --- a/security/loadpin/loadpin.c +++ b/security/loadpin/loadpin.c @@ -192,6 +192,11 @@ static int loadpin_load_data(enum kernel_load_data_id id, bool contents) return loadpin_read_file(NULL, (enum kernel_read_file_id) id, contents); } +static struct lsm_id loadpin_lsmid __lsm_ro_after_init = { + .lsm = "loadpin", + .slot = LSMBLOB_NOT_NEEDED +}; + static struct security_hook_list loadpin_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(sb_free_security, loadpin_sb_free_security), LSM_HOOK_INIT(kernel_read_file, loadpin_read_file), @@ -239,7 +244,8 @@ static int __init loadpin_init(void) pr_info("ready to pin (currently %senforcing)\n", enforce ? "" : "not "); parse_exclude(); - security_add_hooks(loadpin_hooks, ARRAY_SIZE(loadpin_hooks), "loadpin"); + security_add_hooks(loadpin_hooks, ARRAY_SIZE(loadpin_hooks), + &loadpin_lsmid); return 0; } diff --git a/security/lockdown/lockdown.c b/security/lockdown/lockdown.c index 87cbdc64d272..4e24ea3f7b7e 100644 --- a/security/lockdown/lockdown.c +++ b/security/lockdown/lockdown.c @@ -75,6 +75,11 @@ static struct security_hook_list lockdown_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(locked_down, lockdown_is_locked_down), }; +static struct lsm_id lockdown_lsmid __lsm_ro_after_init = { + .lsm = "lockdown", + .slot = LSMBLOB_NOT_NEEDED +}; + static int __init lockdown_lsm_init(void) { #if defined(CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY) @@ -83,7 +88,7 @@ static int __init lockdown_lsm_init(void) lock_kernel_down("Kernel configuration", LOCKDOWN_CONFIDENTIALITY_MAX); #endif security_add_hooks(lockdown_hooks, ARRAY_SIZE(lockdown_hooks), - "lockdown"); + &lockdown_lsmid); return 0; } diff --git a/security/safesetid/lsm.c b/security/safesetid/lsm.c index 963f4ad9cb66..0c368950dc14 100644 --- a/security/safesetid/lsm.c +++ b/security/safesetid/lsm.c @@ -241,6 +241,11 @@ static int safesetid_task_fix_setgid(struct cred *new, return -EACCES; } +static struct lsm_id safesetid_lsmid __lsm_ro_after_init = { + .lsm = "safesetid", + .slot = LSMBLOB_NOT_NEEDED +}; + static struct security_hook_list safesetid_security_hooks[] = { LSM_HOOK_INIT(task_fix_setuid, safesetid_task_fix_setuid), LSM_HOOK_INIT(task_fix_setgid, safesetid_task_fix_setgid), @@ -250,7 +255,8 @@ static struct security_hook_list safesetid_security_hooks[] = { static int __init safesetid_security_init(void) { security_add_hooks(safesetid_security_hooks, - ARRAY_SIZE(safesetid_security_hooks), "safesetid"); + ARRAY_SIZE(safesetid_security_hooks), + &safesetid_lsmid); /* Report that SafeSetID successfully initialized */ safesetid_initialized = 1; diff --git a/security/security.c b/security/security.c index f2d4b20613c8..2bf21c726ba0 100644 --- a/security/security.c +++ b/security/security.c @@ -345,6 +345,7 @@ static void __init ordered_lsm_init(void) init_debug("sock blob size = %d\n", blob_sizes.lbs_sock); init_debug("superblock blob size = %d\n", blob_sizes.lbs_superblock); init_debug("task blob size = %d\n", blob_sizes.lbs_task); + init_debug("lsmblob size = %zu\n", sizeof(struct lsmblob)); /* * Create any kmem_caches needed for blobs @@ -472,21 +473,38 @@ static int lsm_append(const char *new, char **result) return 0; } +/* + * Current index to use while initializing the lsmblob secid list. + */ +static int lsm_slot __lsm_ro_after_init; + /** * security_add_hooks - Add a modules hooks to the hook lists. * @hooks: the hooks to add * @count: the number of hooks to add - * @lsm: the name of the security module + * @lsmid: the identification information for the security module * * Each LSM has to register its hooks with the infrastructure. + * If the LSM is using hooks that export secids allocate a slot + * for it in the lsmblob. */ void __init security_add_hooks(struct security_hook_list *hooks, int count, - char *lsm) + struct lsm_id *lsmid) { int i; + WARN_ON(!lsmid->slot || !lsmid->lsm); + + if (lsmid->slot == LSMBLOB_NEEDED) { + if (lsm_slot >= LSMBLOB_ENTRIES) + panic("%s Too many LSMs registered.\n", __func__); + lsmid->slot = lsm_slot++; + init_debug("%s assigned lsmblob slot %d\n", lsmid->lsm, + lsmid->slot); + } + for (i = 0; i < count; i++) { - hooks[i].lsm = lsm; + hooks[i].lsmid = lsmid; hlist_add_tail_rcu(&hooks[i].list, hooks[i].head); } @@ -495,7 +513,7 @@ void __init security_add_hooks(struct security_hook_list *hooks, int count, * and fix this up afterwards. */ if (slab_is_available()) { - if (lsm_append(lsm, &lsm_names) < 0) + if (lsm_append(lsmid->lsm, &lsm_names) < 0) panic("%s - Cannot get early memory.\n", __func__); } } @@ -2075,7 +2093,7 @@ int security_getprocattr(struct task_struct *p, const char *lsm, char *name, struct security_hook_list *hp; hlist_for_each_entry(hp, &security_hook_heads.getprocattr, list) { - if (lsm != NULL && strcmp(lsm, hp->lsm)) + if (lsm != NULL && strcmp(lsm, hp->lsmid->lsm)) continue; return hp->hook.getprocattr(p, name, value); } @@ -2088,7 +2106,7 @@ int security_setprocattr(const char *lsm, const char *name, void *value, struct security_hook_list *hp; hlist_for_each_entry(hp, &security_hook_heads.setprocattr, list) { - if (lsm != NULL && strcmp(lsm, hp->lsm)) + if (lsm != NULL && strcmp(lsm, hp->lsmid->lsm)) continue; return hp->hook.setprocattr(name, value, size); } @@ -2579,9 +2597,27 @@ int security_key_getsecurity(struct key *key, char **_buffer) #ifdef CONFIG_AUDIT -int security_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule) +int security_audit_rule_init(u32 field, u32 op, char *rulestr, + struct audit_lsm_rules *lsmrules) { - return call_int_hook(audit_rule_init, 0, field, op, rulestr, lsmrule); + struct security_hook_list *hp; + bool one_is_good = false; + int rc = 0; + int trc; + + hlist_for_each_entry(hp, &security_hook_heads.audit_rule_init, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + trc = hp->hook.audit_rule_init(field, op, rulestr, + &lsmrules->rule[hp->lsmid->slot]); + if (trc == 0) + one_is_good = true; + else + rc = trc; + } + if (one_is_good) + return 0; + return rc; } int security_audit_rule_known(struct audit_krule *krule) @@ -2589,14 +2625,36 @@ int security_audit_rule_known(struct audit_krule *krule) return call_int_hook(audit_rule_known, 0, krule); } -void security_audit_rule_free(void *lsmrule) +void security_audit_rule_free(struct audit_lsm_rules *lsmrules) { - call_void_hook(audit_rule_free, lsmrule); + struct security_hook_list *hp; + + hlist_for_each_entry(hp, &security_hook_heads.audit_rule_free, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + if (lsmrules->rule[hp->lsmid->slot] == NULL) + continue; + hp->hook.audit_rule_free(lsmrules->rule[hp->lsmid->slot]); + } } -int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule) +int security_audit_rule_match(u32 secid, u32 field, u32 op, + struct audit_lsm_rules *lsmrules) { - return call_int_hook(audit_rule_match, 0, secid, field, op, lsmrule); + struct security_hook_list *hp; + int rc; + + hlist_for_each_entry(hp, &security_hook_heads.audit_rule_match, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + if (lsmrules->rule[hp->lsmid->slot] == NULL) + continue; + rc = hp->hook.audit_rule_match(secid, field, op, + &lsmrules->rule[hp->lsmid->slot]); + if (rc) + return rc; + } + return 0; } #endif /* CONFIG_AUDIT */ diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index dffde40d367e..d67bcd1aeaf5 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -7009,6 +7009,11 @@ static int selinux_uring_sqpoll(void) } #endif /* CONFIG_IO_URING */ +static struct lsm_id selinux_lsmid __lsm_ro_after_init = { + .lsm = "selinux", + .slot = LSMBLOB_NEEDED +}; + /* * IMPORTANT NOTE: When adding new hooks, please be careful to keep this order: * 1. any hooks that don't belong to (2.) or (3.) below, @@ -7324,7 +7329,8 @@ static __init int selinux_init(void) hashtab_cache_init(); - security_add_hooks(selinux_hooks, ARRAY_SIZE(selinux_hooks), "selinux"); + security_add_hooks(selinux_hooks, ARRAY_SIZE(selinux_hooks), + &selinux_lsmid); if (avc_add_callback(selinux_netcache_avc_callback, AVC_CALLBACK_RESET)) panic("SELinux: Unable to register AVC netcache callback\n"); diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index d58b50006e79..ff832d47479f 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -4744,6 +4744,11 @@ struct lsm_blob_sizes smack_blob_sizes __lsm_ro_after_init = { .lbs_superblock = sizeof(struct superblock_smack), }; +static struct lsm_id smack_lsmid __lsm_ro_after_init = { + .lsm = "smack", + .slot = LSMBLOB_NEEDED +}; + static struct security_hook_list smack_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(ptrace_access_check, smack_ptrace_access_check), LSM_HOOK_INIT(ptrace_traceme, smack_ptrace_traceme), @@ -4947,7 +4952,7 @@ static __init int smack_init(void) /* * Register with LSM */ - security_add_hooks(smack_hooks, ARRAY_SIZE(smack_hooks), "smack"); + security_add_hooks(smack_hooks, ARRAY_SIZE(smack_hooks), &smack_lsmid); smack_enabled = 1; pr_info("Smack: Initializing.\n"); diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c index b6a31901f289..e8f6bb9782c1 100644 --- a/security/tomoyo/tomoyo.c +++ b/security/tomoyo/tomoyo.c @@ -521,6 +521,11 @@ static void tomoyo_task_free(struct task_struct *task) } } +static struct lsm_id tomoyo_lsmid __lsm_ro_after_init = { + .lsm = "tomoyo", + .slot = LSMBLOB_NOT_NEEDED +}; + /* * tomoyo_security_ops is a "struct security_operations" which is used for * registering TOMOYO. @@ -573,7 +578,8 @@ static int __init tomoyo_init(void) struct tomoyo_task *s = tomoyo_task(current); /* register ourselves with the security framework */ - security_add_hooks(tomoyo_hooks, ARRAY_SIZE(tomoyo_hooks), "tomoyo"); + security_add_hooks(tomoyo_hooks, ARRAY_SIZE(tomoyo_hooks), + &tomoyo_lsmid); pr_info("TOMOYO Linux initialized\n"); s->domain_info = &tomoyo_kernel_domain; atomic_inc(&tomoyo_kernel_domain.users); diff --git a/security/yama/yama_lsm.c b/security/yama/yama_lsm.c index 06e226166aab..a9639ea541f7 100644 --- a/security/yama/yama_lsm.c +++ b/security/yama/yama_lsm.c @@ -421,6 +421,11 @@ static int yama_ptrace_traceme(struct task_struct *parent) return rc; } +static struct lsm_id yama_lsmid __lsm_ro_after_init = { + .lsm = "yama", + .slot = LSMBLOB_NOT_NEEDED +}; + static struct security_hook_list yama_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(ptrace_access_check, yama_ptrace_access_check), LSM_HOOK_INIT(ptrace_traceme, yama_ptrace_traceme), @@ -477,7 +482,7 @@ static inline void yama_init_sysctl(void) { } static int __init yama_init(void) { pr_info("Yama: becoming mindful.\n"); - security_add_hooks(yama_hooks, ARRAY_SIZE(yama_hooks), "yama"); + security_add_hooks(yama_hooks, ARRAY_SIZE(yama_hooks), &yama_lsmid); yama_init_sysctl(); return 0; } -- 2.31.1 From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 9E2A8C433EF for ; Thu, 10 Mar 2022 23:48:26 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-664-h3yBItEoOle7nD4UeZ2Wag-1; Thu, 10 Mar 2022 18:48:22 -0500 X-MC-Unique: h3yBItEoOle7nD4UeZ2Wag-1 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.rdu2.redhat.com [10.11.54.7]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id C3B031C068D2; Thu, 10 Mar 2022 23:48:20 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com [10.30.29.100]) by smtp.corp.redhat.com (Postfix) with ESMTP id 96336141DEE1; Thu, 10 Mar 2022 23:48:20 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (localhost [IPv6:::1]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 6DC001964195; Thu, 10 Mar 2022 23:48:20 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.rdu2.redhat.com [10.11.54.2]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id C5D861964185 for ; Thu, 10 Mar 2022 23:48:19 +0000 (UTC) Received: by smtp.corp.redhat.com (Postfix) id A0DDE40C1242; Thu, 10 Mar 2022 23:48:19 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast09.extmail.prod.ext.rdu2.redhat.com [10.11.55.25]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 9A8AA40C128B for ; Thu, 10 Mar 2022 23:48:19 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-2.mimecast.com [205.139.110.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 79BF72A2AD4F for ; Thu, 10 Mar 2022 23:48:19 +0000 (UTC) Received: from sonic301-38.consmr.mail.ne1.yahoo.com (sonic301-38.consmr.mail.ne1.yahoo.com [66.163.184.207]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-390-i7LVZw_xMxqTyd2J2VIBrg-1; Thu, 10 Mar 2022 18:48:17 -0500 X-MC-Unique: i7LVZw_xMxqTyd2J2VIBrg-1 X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1646956096; bh=0FJVnXUsm/OsW9HIHOUMMmhrs/n+3To2raSmllvfE9V=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=cTGcFB5s6HHdBR1sJvwNtrqUgAxIzGtNKJDm4XykCO6ur98Wbd4BNxaPFpllj61P0OWWL27CFTWWqYv/cUi2VQWEzwKpivp/VVz7MUeOam5qHuc25erlnLAAJmRU+Hev45XBBL9gSAHDny288mzJiPYd4Y1o2Gr7bkTHZnM6H5q80lNFRDfKp3rB8YNibFYx3fGps716TyWmaVKQdi3KpRwMl+2ySHaXmUIsHO6CVn5lJ/WedTSW6wSBoX0MCnTGi+ylO2hx7Znn33dfkXySINM/r6W7rXmjIr5duskxV+pqL+4wcF9wu72dNfBaXnnPupO2mM2wCUzemdTFZFIbkw== X-YMail-OSG: 23tlpQEVM1lyNWsa7p8yLp881Zo5wsPJUykpNuOPY_K2oWHvNYKGtNTehPCjIBu 02M8705.YvsCE2KDVB.FlYoRtwXn2kQCy4P9Od2kko.pP5m08ZVb5ngN74X_yJDtaBu7pIYMKVwL s8BdpaKcA7VhfK5Xd17XtxoGgUIKchSdUjncXneZYfTknrGQjGK2K.Utz_abOP0XRLggChIdkkAJ zKMQlzXUNdw3aeaLF9zr6VtYpyQYmUxrAOHtVHPbuG2viZs804iF2XKbwyD0cAr92vHrLo_37anl WFagVPoxuxQTy80tGMvO9XAOWQuFTPxFkJndwS5dN1nl9LlZ4cLbk7R_9Do1Uo4PHO9f_B07w9cL dxsu4JbZkzG6CX.ht4vdzaawQkwFowPT2HUuTBNORni7nji35nxAQCzbELnufpvPQzEnAy09oXAX FyhTmbWyvv_Nn7CsqZ8Gt_1hSNCGiUBxANxXkhA_lDgFjqIi3kGu9bd6qaGNFFJEtL1mFToF6sGM nouFpyIYqn5OCTG_tlQK.m7QA51moOTdkCWJfrz8yBO8ed8hMKwYr0yYAAw2bJDEn05FHBlYNjR1 fIYLAhIK3LMsVvM2hEGCjP0nF1MUopTdKuX8Z82gjjb5Tu3eLLBvbtM.jwQZtjbf63Pj3t2b7ifr HGKSg09KvGZc1AY0VNzz9K3T9yipdAylB5SwRJxUhBFIJY6JW9vjDpFBGrjvQSzLXinU3TZ4.Tam fSS6LwU1sk6l2OFWN3hQ5Pf1PTmz7XHBF5jxgPNtTk32lmvSgZeijAoiGxGRX5DebrXE3_n670hK ljnSDIWwmXCH.SNKxXkr95YGd7ThOf6b0ZY0s5cDEjJ54RnDRzMAl6nvVrpBMdC_Aoi4K4.ginh7 .N3WBkesssCQaq2asXV0DJVXJJJ0xCFz_VhIVT6pU9wJJqBa.13R5uVg.o9LDsXVjZShehbMgUIJ 4E5WDPbaiqNuCGO47.cK0ckR4AeoMybJ56CkthCghNHWV9NUvdoPSxpbg7_6eZoOjqYFcIML6En9 AnfUBKg23_zFhEZQk9PO2JfB0dp9MFjQ.4isMilng_YEAAR09Yu649HNmQJ1Qp05VXkyz44rTzZE _E0tlIYbOEvMKEhABiTHZ9.pBwhWcEPWXRMuELVmraBQBPqG1rgXABGxUbsmmm.rp_Gm.rRR8IPf RgGR6jZczsmJC3kie5.WyDxI0W67hSNHpFE5TIjwBgXFihyvEGqYh.s5alTYnxarOJYklSQOLl3O pz9tjZfGR.JQ3sEapOSEyITGpt17leowIWPyuTqCY2UuC53osSzq.sN4bZycHdOWrtt2Ldzh44S2 F52df6TlomC.lUVlhnitASRql4rt5G_k2kzdnyd4h8ah_16i915CGXV3XiM_X5kEy0ryqWjOE326 OGN9A4l9AwjBXo3KF36TR7IjJtJVLF4WGwpYr7KUv.eFSbxoC5XX8CRjJgCQOFAlR3lV5Gysrp26 gzDEQRFBeYal9oY.binHGEo_zCeW7baMBJ3mCv3h6wJNhS2QQtSom8V3ZtkPb.ka4a4vraX7u4uK bCiuPguVSxzvfMdqTMm9IXxvf9W0Z7zAYKP6aN0P1DTCjJCi3bSGs1PUdBMOh8S1jtfEMNwUmJrN gE1r0v6VMCp605GjxuulMpx378kz52gHv8pSj6Aae9pA7JiXcrHVhLFFjzi.ANVqxLOXo_GIgQ9v kwQ4QBuWRyiNKSBP1QyDf8P8TQmzi9nRzRX3LQK5WrnNe4h0lNz0am.pqVPBI8BRS.6Kj9ykx_fX 9oZDB0qGwys3aSxvcXWsmq_7d0CaANqurUwPfzTeM6rd9XN5FOW5CShQCns0b6bAgs_cbKv1Z4fX pJd2CZzGSHuslAJjGq6LL6qdteWXWID0X3tHLvRex.nSIt3ks2p8DXd51SXqjFbmHTJVavPHfieX dtCBZy1BBkzrihaA2Q.3OGx.kBF13CgAIaA7AmIKx5yIxWcActyb_2XxEebTwyhAcr.L7f7Lo.Rd mDr7Dr_XdaCb_UpZA.eM7PDaotE3aZ7MvXi2DffJMN.f3L2b777wC7GLbMs_6TAI7FtGcbHs8l16 ehVCmXBZGpsq4BkmWQ8BZEAkG9p7FwoQ43y_CcVkkJ.jHMI70ZMRW.Q32BKFFxjmXPY.CBcmbAwD PzFyaHQUn.c7DK8oNWRY4CHpe4G1iyE_78uAScWBVo82Ws8hdPfgkSy4bLKVxyUBDk3Hn9PUw5dH Y161arPcs7d_Mbh8TefvhujQ5DwM6_gi9SkzVMn4rYhk0ncyumctSg7Qohgr7qYr3ifDbM2LBNOY 9KNc3RC.LnaZw9a28zumt9Bpl X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic301.consmr.mail.ne1.yahoo.com with HTTP; Thu, 10 Mar 2022 23:48:16 +0000 Received: by kubenode513.mail-prod1.omega.gq1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 83925d611ffce7fcc78508743dd1e1cf; Thu, 10 Mar 2022 23:48:14 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Subject: [PATCH v33 03/29] LSM: Add the lsmblob data structure. Date: Thu, 10 Mar 2022 15:46:06 -0800 Message-Id: <20220310234632.16194-4-casey@schaufler-ca.com> In-Reply-To: <20220310234632.16194-1-casey@schaufler-ca.com> References: <20220310234632.16194-1-casey@schaufler-ca.com> MIME-Version: 1.0 X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection Definition; Similar Internal Domain=false; Similar Monitored External Domain=false; Custom External Domain=false; Mimecast External Domain=false; Newly Observed Domain=false; Internal User Name=false; Custom Display Name List=false; Reply-to Address Mismatch=false; Targeted Threat Dictionary=false; Mimecast Threat Dictionary=false; Custom Threat Dictionary=false X-Scanned-By: MIMEDefang 2.84 on 10.11.54.2 X-BeenThere: linux-audit@redhat.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Linux Audit Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: john.johansen@canonical.com, linux-kernel@vger.kernel.org, =?UTF-8?q?Micka=C3=ABl=20Sala=C3=BCn?= , linux-audit@redhat.com Errors-To: linux-audit-bounces@redhat.com Sender: "Linux-audit" X-Scanned-By: MIMEDefang 2.85 on 10.11.54.7 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=linux-audit-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 V2hlbiBtb3JlIHRoYW4gb25lIHNlY3VyaXR5IG1vZHVsZSBpcyBleHBvcnRpbmcgZGF0YSB0bwph dWRpdCBhbmQgbmV0d29ya2luZyBzdWItc3lzdGVtcyBhIHNpbmdsZSAzMiBiaXQgaW50ZWdlcgpp cyBubyBsb25nZXIgc3VmZmljaWVudCB0byByZXByZXNlbnQgdGhlIGRhdGEuIEFkZCBhCnN0cnVj dHVyZSB0byBiZSB1c2VkIGluc3RlYWQuCgpUaGUgbHNtYmxvYiBzdHJ1Y3R1cmUgaXMgY3VycmVu dGx5IGFuIGFycmF5IG9mCnUzMiAic2VjaWRzIi4gVGhlcmUgaXMgYW4gZW50cnkgZm9yIGVhY2gg b2YgdGhlCnNlY3VyaXR5IG1vZHVsZXMgYnVpbHQgaW50byB0aGUgc3lzdGVtIHRoYXQgd291bGQK dXNlIHNlY2lkcyBpZiBhY3RpdmUuIFRoZSBzeXN0ZW0gYXNzaWducyB0aGUgbW9kdWxlCmEgInNs b3QiIHdoZW4gaXQgcmVnaXN0ZXJzIGhvb2tzLiBJZiBtb2R1bGVzIGFyZQpjb21waWxlZCBpbiBi dXQgbm90IHJlZ2lzdGVyZWQgdGhlcmUgd2lsbCBiZSB1bnVzZWQKc2xvdHMuCgpBIG5ldyBsc21f aWQgc3RydWN0dXJlLCB3aGljaCBjb250YWlucyB0aGUgbmFtZQpvZiB0aGUgTFNNIGFuZCBpdHMg c2xvdCBudW1iZXIsIGlzIGNyZWF0ZWQuIFRoZXJlCmlzIGFuIGluc3RhbmNlIGZvciBlYWNoIExT TSwgd2hpY2ggYXNzaWducyB0aGUgbmFtZQphbmQgcGFzc2VzIGl0IHRvIHRoZSBpbmZyYXN0cnVj dHVyZSB0byBzZXQgdGhlIHNsb3QuCgpUaGUgYXVkaXQgcnVsZXMgZGF0YSBpcyBleHBhbmRlZCB0 byB1c2UgYW4gYXJyYXkgb2YKc2VjdXJpdHkgbW9kdWxlIGRhdGEgcmF0aGVyIHRoYW4gYSBzaW5n bGUgaW5zdGFuY2UuCkEgbmV3IHN0cnVjdHVyZSBhdWRpdF9sc21fcnVsZXMgaXMgZGVmaW5lZCB0 byBhdm9pZCB0aGUKY29uZnVzaW9uIHdoaWNoIGNvbW1vbmx5IGFjY29tcGFuaWVzIHRoZSB1c2Ug b2YKdm9pZCAqKiBwYXJhbWV0ZXJzLgoKU2lnbmVkLW9mZi1ieTogQ2FzZXkgU2NoYXVmbGVyIDxj YXNleUBzY2hhdWZsZXItY2EuY29tPgpSZXZpZXdlZC1ieTogTWlja2HDq2wgU2FsYcO8biA8bWlj QGxpbnV4Lm1pY3Jvc29mdC5jb20+Ci0tLQogaW5jbHVkZS9saW51eC9hdWRpdC5oICAgICAgICB8 IDEwICsrKystCiBpbmNsdWRlL2xpbnV4L2xzbV9ob29rcy5oICAgIHwgMTIgKysrKystCiBpbmNs dWRlL2xpbnV4L3NlY3VyaXR5LmggICAgIHwgNzUgKysrKysrKysrKysrKysrKysrKysrKysrKysr KysrLS0tCiBrZXJuZWwvYXVkaXRmaWx0ZXIuYyAgICAgICAgIHwgMjMgKysrKystLS0tLQoga2Vy bmVsL2F1ZGl0c2MuYyAgICAgICAgICAgICB8IDE3ICsrKy0tLS0tCiBzZWN1cml0eS9hcHBhcm1v ci9sc20uYyAgICAgIHwgIDcgKystCiBzZWN1cml0eS9icGYvaG9va3MuYyAgICAgICAgIHwgMTIg KysrKystCiBzZWN1cml0eS9jb21tb25jYXAuYyAgICAgICAgIHwgIDcgKystCiBzZWN1cml0eS9s YW5kbG9jay9jcmVkLmMgICAgIHwgIDIgKy0KIHNlY3VyaXR5L2xhbmRsb2NrL2ZzLmMgICAgICAg fCAgMiArLQogc2VjdXJpdHkvbGFuZGxvY2svcHRyYWNlLmMgICB8ICAyICstCiBzZWN1cml0eS9s YW5kbG9jay9zZXR1cC5jICAgIHwgIDUgKysrCiBzZWN1cml0eS9sYW5kbG9jay9zZXR1cC5oICAg IHwgIDEgKwogc2VjdXJpdHkvbG9hZHBpbi9sb2FkcGluLmMgICB8ICA4ICsrKy0KIHNlY3VyaXR5 L2xvY2tkb3duL2xvY2tkb3duLmMgfCAgNyArKy0KIHNlY3VyaXR5L3NhZmVzZXRpZC9sc20uYyAg ICAgfCAgOCArKystCiBzZWN1cml0eS9zZWN1cml0eS5jICAgICAgICAgIHwgODIgKysrKysrKysr KysrKysrKysrKysrKysrKysrKysrLS0tLS0tCiBzZWN1cml0eS9zZWxpbnV4L2hvb2tzLmMgICAg IHwgIDggKysrLQogc2VjdXJpdHkvc21hY2svc21hY2tfbHNtLmMgICB8ICA3ICsrLQogc2VjdXJp dHkvdG9tb3lvL3RvbW95by5jICAgICB8ICA4ICsrKy0KIHNlY3VyaXR5L3lhbWEveWFtYV9sc20u YyAgICAgfCAgNyArKy0KIDIxIGZpbGVzIGNoYW5nZWQsIDI1NCBpbnNlcnRpb25zKCspLCA1NiBk ZWxldGlvbnMoLSkKCmRpZmYgLS1naXQgYS9pbmNsdWRlL2xpbnV4L2F1ZGl0LmggYi9pbmNsdWRl L2xpbnV4L2F1ZGl0LmgKaW5kZXggZDA2MTM0YWM2MjQ1Li4xNDg0OWQ1Zjg0YjQgMTAwNjQ0Ci0t LSBhL2luY2x1ZGUvbGludXgvYXVkaXQuaAorKysgYi9pbmNsdWRlL2xpbnV4L2F1ZGl0LmgKQEAg LTExLDYgKzExLDcgQEAKIAogI2luY2x1ZGUgPGxpbnV4L3NjaGVkLmg+CiAjaW5jbHVkZSA8bGlu dXgvcHRyYWNlLmg+CisjaW5jbHVkZSA8bGludXgvc2VjdXJpdHkuaD4KICNpbmNsdWRlIDxsaW51 eC9hdWRpdF9hcmNoLmg+CiAjaW5jbHVkZSA8dWFwaS9saW51eC9hdWRpdC5oPgogI2luY2x1ZGUg PHVhcGkvbGludXgvbmV0ZmlsdGVyL25mX3RhYmxlcy5oPgpAQCAtNTksNiArNjAsMTAgQEAgc3Ry dWN0IGF1ZGl0X2tydWxlIHsKIC8qIEZsYWcgdG8gaW5kaWNhdGUgbGVnYWN5IEFVRElUX0xPR0lO VUlEIHVuc2V0IHVzYWdlICovCiAjZGVmaW5lIEFVRElUX0xPR0lOVUlEX0xFR0FDWQkJMHgxCiAK K3N0cnVjdCBhdWRpdF9sc21fcnVsZXMgeworCXZvaWQJKnJ1bGVbTFNNQkxPQl9FTlRSSUVTXTsK K307CisKIHN0cnVjdCBhdWRpdF9maWVsZCB7CiAJdTMyCQkJCXR5cGU7CiAJdW5pb24gewpAQCAt NjYsOCArNzEsOSBAQCBzdHJ1Y3QgYXVkaXRfZmllbGQgewogCQlrdWlkX3QJCQl1aWQ7CiAJCWtn aWRfdAkJCWdpZDsKIAkJc3RydWN0IHsKLQkJCWNoYXIJCSpsc21fc3RyOwotCQkJdm9pZAkJKmxz bV9ydWxlOworCQkJYm9vbAkJCWxzbV9pc3NldDsKKwkJCWNoYXIJCQkqbHNtX3N0cjsKKwkJCXN0 cnVjdCBhdWRpdF9sc21fcnVsZXMJbHNtX3J1bGVzOwogCQl9OwogCX07CiAJdTMyCQkJCW9wOwpk aWZmIC0tZ2l0IGEvaW5jbHVkZS9saW51eC9sc21faG9va3MuaCBiL2luY2x1ZGUvbGludXgvbHNt X2hvb2tzLmgKaW5kZXggMTI5ZDk5YzZmOWVkLi4yYzJkMGVmNTlhNDEgMTAwNjQ0Ci0tLSBhL2lu Y2x1ZGUvbGludXgvbHNtX2hvb2tzLmgKKysrIGIvaW5jbHVkZS9saW51eC9sc21faG9va3MuaApA QCAtMTU4Miw2ICsxNTgyLDE0IEBAIHN0cnVjdCBzZWN1cml0eV9ob29rX2hlYWRzIHsKIAkjdW5k ZWYgTFNNX0hPT0sKIH0gX19yYW5kb21pemVfbGF5b3V0OwogCisvKgorICogSW5mb3JtYXRpb24g dGhhdCBpZGVudGlmaWVzIGEgc2VjdXJpdHkgbW9kdWxlLgorICovCitzdHJ1Y3QgbHNtX2lkIHsK Kwljb25zdCBjaGFyCSpsc207CS8qIE5hbWUgb2YgdGhlIExTTSAqLworCWludAkJc2xvdDsJLyog U2xvdCBpbiBsc21ibG9iIGlmIG9uZSBpcyBhbGxvY2F0ZWQgKi8KK307CisKIC8qCiAgKiBTZWN1 cml0eSBtb2R1bGUgaG9vayBsaXN0IHN0cnVjdHVyZS4KICAqIEZvciB1c2Ugd2l0aCBnZW5lcmlj IGxpc3QgbWFjcm9zIGZvciBjb21tb24gb3BlcmF0aW9ucy4KQEAgLTE1OTAsNyArMTU5OCw3IEBA IHN0cnVjdCBzZWN1cml0eV9ob29rX2xpc3QgewogCXN0cnVjdCBobGlzdF9ub2RlCQlsaXN0Owog CXN0cnVjdCBobGlzdF9oZWFkCQkqaGVhZDsKIAl1bmlvbiBzZWN1cml0eV9saXN0X29wdGlvbnMJ aG9vazsKLQljaGFyCQkJCSpsc207CisJc3RydWN0IGxzbV9pZAkJCSpsc21pZDsKIH0gX19yYW5k b21pemVfbGF5b3V0OwogCiAvKgpAQCAtMTYyNiw3ICsxNjM0LDcgQEAgZXh0ZXJuIHN0cnVjdCBz ZWN1cml0eV9ob29rX2hlYWRzIHNlY3VyaXR5X2hvb2tfaGVhZHM7CiBleHRlcm4gY2hhciAqbHNt X25hbWVzOwogCiBleHRlcm4gdm9pZCBzZWN1cml0eV9hZGRfaG9va3Moc3RydWN0IHNlY3VyaXR5 X2hvb2tfbGlzdCAqaG9va3MsIGludCBjb3VudCwKLQkJCQljaGFyICpsc20pOworCQkJICAgICAg IHN0cnVjdCBsc21faWQgKmxzbWlkKTsKIAogI2RlZmluZSBMU01fRkxBR19MRUdBQ1lfTUFKT1IJ QklUKDApCiAjZGVmaW5lIExTTV9GTEFHX0VYQ0xVU0lWRQlCSVQoMSkKZGlmZiAtLWdpdCBhL2lu Y2x1ZGUvbGludXgvc2VjdXJpdHkuaCBiL2luY2x1ZGUvbGludXgvc2VjdXJpdHkuaAppbmRleCAz M2UwZjJlNjU5ZGYuLmM1M2JmNjdjNGQ5ZiAxMDA2NDQKLS0tIGEvaW5jbHVkZS9saW51eC9zZWN1 cml0eS5oCisrKyBiL2luY2x1ZGUvbGludXgvc2VjdXJpdHkuaApAQCAtMzksNiArMzksNyBAQCBz dHJ1Y3Qga2VybmVsX3NpZ2luZm87CiBzdHJ1Y3Qgc2VtYnVmOwogc3RydWN0IGtlcm5faXBjX3Bl cm07CiBzdHJ1Y3QgYXVkaXRfY29udGV4dDsKK3N0cnVjdCBhdWRpdF9sc21fcnVsZXM7CiBzdHJ1 Y3Qgc3VwZXJfYmxvY2s7CiBzdHJ1Y3QgaW5vZGU7CiBzdHJ1Y3QgZGVudHJ5OwpAQCAtMTM0LDYg KzEzNSw2NiBAQCBlbnVtIGxvY2tkb3duX3JlYXNvbiB7CiAKIGV4dGVybiBjb25zdCBjaGFyICpj b25zdCBsb2NrZG93bl9yZWFzb25zW0xPQ0tET1dOX0NPTkZJREVOVElBTElUWV9NQVgrMV07CiAK Ky8qCisgKiBEYXRhIGV4cG9ydGVkIGJ5IHRoZSBzZWN1cml0eSBtb2R1bGVzCisgKgorICogQW55 IExTTSB0aGF0IHByb3ZpZGVzIHNlY2lkIG9yIHNlY2N0eCBiYXNlZCBob29rcyBtdXN0IGJlIGlu Y2x1ZGVkLgorICovCisjZGVmaW5lIExTTUJMT0JfRU5UUklFUyAoIFwKKwkoSVNfRU5BQkxFRChD T05GSUdfU0VDVVJJVFlfU0VMSU5VWCkgPyAxIDogMCkgKyBcCisJKElTX0VOQUJMRUQoQ09ORklH X1NFQ1VSSVRZX1NNQUNLKSA/IDEgOiAwKSArIFwKKwkoSVNfRU5BQkxFRChDT05GSUdfU0VDVVJJ VFlfQVBQQVJNT1IpID8gMSA6IDApICsgXAorCShJU19FTkFCTEVEKENPTkZJR19CUEZfTFNNKSA/ IDEgOiAwKSkKKworc3RydWN0IGxzbWJsb2IgeworCXUzMiAgICAgc2VjaWRbTFNNQkxPQl9FTlRS SUVTXTsKK307CisKKyNkZWZpbmUgTFNNQkxPQl9JTlZBTElECQktMQkvKiBOb3QgYSB2YWxpZCBM U00gc2xvdCBudW1iZXIgKi8KKyNkZWZpbmUgTFNNQkxPQl9ORUVERUQJCS0yCS8qIFNsb3QgcmVx dWVzdGVkIG9uIGluaXRpYWxpemF0aW9uICovCisjZGVmaW5lIExTTUJMT0JfTk9UX05FRURFRAkt MwkvKiBTbG90IG5vdCByZXF1ZXN0ZWQgKi8KKworLyoqCisgKiBsc21ibG9iX2luaXQgLSBpbml0 aWFsaXplIGEgbHNtYmxvYiBzdHJ1Y3R1cmUKKyAqIEBibG9iOiBQb2ludGVyIHRvIHRoZSBkYXRh IHRvIGluaXRpYWxpemUKKyAqIEBzZWNpZDogVGhlIGluaXRpYWwgc2VjaWQgdmFsdWUKKyAqCisg KiBTZXQgYWxsIHNlY2lkIGZvciBhbGwgbW9kdWxlcyB0byB0aGUgc3BlY2lmaWVkIHZhbHVlLgor ICovCitzdGF0aWMgaW5saW5lIHZvaWQgbHNtYmxvYl9pbml0KHN0cnVjdCBsc21ibG9iICpibG9i LCB1MzIgc2VjaWQpCit7CisJaW50IGk7CisKKwlmb3IgKGkgPSAwOyBpIDwgTFNNQkxPQl9FTlRS SUVTOyBpKyspCisJCWJsb2ItPnNlY2lkW2ldID0gc2VjaWQ7Cit9CisKKy8qKgorICogbHNtYmxv Yl9pc19zZXQgLSByZXBvcnQgaWYgdGhlcmUgaXMgYSB2YWx1ZSBpbiB0aGUgbHNtYmxvYgorICog QGJsb2I6IFBvaW50ZXIgdG8gdGhlIGV4cG9ydGVkIExTTSBkYXRhCisgKgorICogUmV0dXJucyB0 cnVlIGlmIHRoZXJlIGlzIGEgc2VjaWQgc2V0LCBmYWxzZSBvdGhlcndpc2UKKyAqLworc3RhdGlj IGlubGluZSBib29sIGxzbWJsb2JfaXNfc2V0KHN0cnVjdCBsc21ibG9iICpibG9iKQoreworCWNv bnN0IHN0cnVjdCBsc21ibG9iIGVtcHR5ID0ge307CisKKwlyZXR1cm4gISFtZW1jbXAoYmxvYiwg JmVtcHR5LCBzaXplb2YoKmJsb2IpKTsKK30KKworLyoqCisgKiBsc21ibG9iX2VxdWFsIC0gcmVw b3J0IGlmIHRoZSB0d28gbHNtYmxvYidzIGFyZSBlcXVhbAorICogQGJsb2JhOiBQb2ludGVyIHRv IG9uZSBMU00gZGF0YQorICogQGJsb2JiOiBQb2ludGVyIHRvIHRoZSBvdGhlciBMU00gZGF0YQor ICoKKyAqIFJldHVybnMgdHJ1ZSBpZiBhbGwgZW50cmllcyBpbiB0aGUgdHdvIGFyZSBlcXVhbCwg ZmFsc2Ugb3RoZXJ3aXNlCisgKi8KK3N0YXRpYyBpbmxpbmUgYm9vbCBsc21ibG9iX2VxdWFsKGNv bnN0IHN0cnVjdCBsc21ibG9iICpibG9iYSwKKwkJCQkgY29uc3Qgc3RydWN0IGxzbWJsb2IgKmJs b2JiKQoreworCXJldHVybiAhbWVtY21wKGJsb2JhLCBibG9iYiwgc2l6ZW9mKCpibG9iYSkpOwor fQorCiAvKiBUaGVzZSBmdW5jdGlvbnMgYXJlIGluIHNlY3VyaXR5L2NvbW1vbmNhcC5jICovCiBl eHRlcm4gaW50IGNhcF9jYXBhYmxlKGNvbnN0IHN0cnVjdCBjcmVkICpjcmVkLCBzdHJ1Y3QgdXNl cl9uYW1lc3BhY2UgKm5zLAogCQkgICAgICAgaW50IGNhcCwgdW5zaWduZWQgaW50IG9wdHMpOwpA QCAtMTg3OSwxNSArMTk0MCwxNyBAQCBzdGF0aWMgaW5saW5lIGludCBzZWN1cml0eV9rZXlfZ2V0 c2VjdXJpdHkoc3RydWN0IGtleSAqa2V5LCBjaGFyICoqX2J1ZmZlcikKIAogI2lmZGVmIENPTkZJ R19BVURJVAogI2lmZGVmIENPTkZJR19TRUNVUklUWQotaW50IHNlY3VyaXR5X2F1ZGl0X3J1bGVf aW5pdCh1MzIgZmllbGQsIHUzMiBvcCwgY2hhciAqcnVsZXN0ciwgdm9pZCAqKmxzbXJ1bGUpOwor aW50IHNlY3VyaXR5X2F1ZGl0X3J1bGVfaW5pdCh1MzIgZmllbGQsIHUzMiBvcCwgY2hhciAqcnVs ZXN0ciwKKwkJCSAgICAgc3RydWN0IGF1ZGl0X2xzbV9ydWxlcyAqbHNtcnVsZXMpOwogaW50IHNl Y3VyaXR5X2F1ZGl0X3J1bGVfa25vd24oc3RydWN0IGF1ZGl0X2tydWxlICprcnVsZSk7Ci1pbnQg c2VjdXJpdHlfYXVkaXRfcnVsZV9tYXRjaCh1MzIgc2VjaWQsIHUzMiBmaWVsZCwgdTMyIG9wLCB2 b2lkICpsc21ydWxlKTsKLXZvaWQgc2VjdXJpdHlfYXVkaXRfcnVsZV9mcmVlKHZvaWQgKmxzbXJ1 bGUpOworaW50IHNlY3VyaXR5X2F1ZGl0X3J1bGVfbWF0Y2godTMyIHNlY2lkLCB1MzIgZmllbGQs IHUzMiBvcCwKKwkJCSAgICAgIHN0cnVjdCBhdWRpdF9sc21fcnVsZXMgKmxzbXJ1bGVzKTsKK3Zv aWQgc2VjdXJpdHlfYXVkaXRfcnVsZV9mcmVlKHN0cnVjdCBhdWRpdF9sc21fcnVsZXMgKmxzbXJ1 bGVzKTsKIAogI2Vsc2UKIAogc3RhdGljIGlubGluZSBpbnQgc2VjdXJpdHlfYXVkaXRfcnVsZV9p bml0KHUzMiBmaWVsZCwgdTMyIG9wLCBjaGFyICpydWxlc3RyLAotCQkJCQkgICB2b2lkICoqbHNt cnVsZSkKKwkJCQkJICAgc3RydWN0IGF1ZGl0X2xzbV9ydWxlcyAqbHNtcnVsZXMpCiB7CiAJcmV0 dXJuIDA7CiB9CkBAIC0xODk4LDEyICsxOTYxLDEyIEBAIHN0YXRpYyBpbmxpbmUgaW50IHNlY3Vy aXR5X2F1ZGl0X3J1bGVfa25vd24oc3RydWN0IGF1ZGl0X2tydWxlICprcnVsZSkKIH0KIAogc3Rh dGljIGlubGluZSBpbnQgc2VjdXJpdHlfYXVkaXRfcnVsZV9tYXRjaCh1MzIgc2VjaWQsIHUzMiBm aWVsZCwgdTMyIG9wLAotCQkJCQkgICAgdm9pZCAqbHNtcnVsZSkKKwkJCQkJICAgIHN0cnVjdCBh dWRpdF9sc21fcnVsZXMgKmxzbXJ1bGVzKQogewogCXJldHVybiAwOwogfQogCi1zdGF0aWMgaW5s aW5lIHZvaWQgc2VjdXJpdHlfYXVkaXRfcnVsZV9mcmVlKHZvaWQgKmxzbXJ1bGUpCitzdGF0aWMg aW5saW5lIHZvaWQgc2VjdXJpdHlfYXVkaXRfcnVsZV9mcmVlKHN0cnVjdCBhdWRpdF9sc21fcnVs ZXMgKmxzbXJ1bGVzKQogeyB9CiAKICNlbmRpZiAvKiBDT05GSUdfU0VDVVJJVFkgKi8KZGlmZiAt LWdpdCBhL2tlcm5lbC9hdWRpdGZpbHRlci5jIGIva2VybmVsL2F1ZGl0ZmlsdGVyLmMKaW5kZXgg NDJkOTk4OTZlN2E2Li5kZTc1YmQ2YWQ4NjYgMTAwNjQ0Ci0tLSBhL2tlcm5lbC9hdWRpdGZpbHRl ci5jCisrKyBiL2tlcm5lbC9hdWRpdGZpbHRlci5jCkBAIC03Niw3ICs3Niw3IEBAIHN0YXRpYyB2 b2lkIGF1ZGl0X2ZyZWVfbHNtX2ZpZWxkKHN0cnVjdCBhdWRpdF9maWVsZCAqZikKIAljYXNlIEFV RElUX09CSl9MRVZfTE9XOgogCWNhc2UgQVVESVRfT0JKX0xFVl9ISUdIOgogCQlrZnJlZShmLT5s c21fc3RyKTsKLQkJc2VjdXJpdHlfYXVkaXRfcnVsZV9mcmVlKGYtPmxzbV9ydWxlKTsKKwkJc2Vj dXJpdHlfYXVkaXRfcnVsZV9mcmVlKCZmLT5sc21fcnVsZXMpOwogCX0KIH0KIApAQCAtNTI5LDcg KzUyOSw3IEBAIHN0YXRpYyBzdHJ1Y3QgYXVkaXRfZW50cnkgKmF1ZGl0X2RhdGFfdG9fZW50cnko c3RydWN0IGF1ZGl0X3J1bGVfZGF0YSAqZGF0YSwKIAkJCWVudHJ5LT5ydWxlLmJ1ZmxlbiArPSBm X3ZhbDsKIAkJCWYtPmxzbV9zdHIgPSBzdHI7CiAJCQllcnIgPSBzZWN1cml0eV9hdWRpdF9ydWxl X2luaXQoZi0+dHlwZSwgZi0+b3AsIHN0ciwKLQkJCQkJCSAgICAgICAodm9pZCAqKikmZi0+bHNt X3J1bGUpOworCQkJCQkJICAgICAgICZmLT5sc21fcnVsZXMpOwogCQkJLyogS2VlcCBjdXJyZW50 bHkgaW52YWxpZCBmaWVsZHMgYXJvdW5kIGluIGNhc2UgdGhleQogCQkJICogYmVjb21lIHZhbGlk IGFmdGVyIGEgcG9saWN5IHJlbG9hZC4gKi8KIAkJCWlmIChlcnIgPT0gLUVJTlZBTCkgewpAQCAt NzgyLDcgKzc4Miw3IEBAIHN0YXRpYyBpbnQgYXVkaXRfY29tcGFyZV9ydWxlKHN0cnVjdCBhdWRp dF9rcnVsZSAqYSwgc3RydWN0IGF1ZGl0X2tydWxlICpiKQogCXJldHVybiAwOwogfQogCi0vKiBE dXBsaWNhdGUgTFNNIGZpZWxkIGluZm9ybWF0aW9uLiAgVGhlIGxzbV9ydWxlIGlzIG9wYXF1ZSwg c28gbXVzdCBiZQorLyogRHVwbGljYXRlIExTTSBmaWVsZCBpbmZvcm1hdGlvbi4gIFRoZSBsc21f cnVsZXMgaXMgb3BhcXVlLCBzbyBtdXN0IGJlCiAgKiByZS1pbml0aWFsaXplZC4gKi8KIHN0YXRp YyBpbmxpbmUgaW50IGF1ZGl0X2R1cGVfbHNtX2ZpZWxkKHN0cnVjdCBhdWRpdF9maWVsZCAqZGYs CiAJCQkJCSAgIHN0cnVjdCBhdWRpdF9maWVsZCAqc2YpCkBAIC03OTYsOSArNzk2LDkgQEAgc3Rh dGljIGlubGluZSBpbnQgYXVkaXRfZHVwZV9sc21fZmllbGQoc3RydWN0IGF1ZGl0X2ZpZWxkICpk ZiwKIAkJcmV0dXJuIC1FTk9NRU07CiAJZGYtPmxzbV9zdHIgPSBsc21fc3RyOwogCi0JLyogb3Vy IG93biAocmVmcmVzaGVkKSBjb3B5IG9mIGxzbV9ydWxlICovCisJLyogb3VyIG93biAocmVmcmVz aGVkKSBjb3B5IG9mIGxzbV9ydWxlcyAqLwogCXJldCA9IHNlY3VyaXR5X2F1ZGl0X3J1bGVfaW5p dChkZi0+dHlwZSwgZGYtPm9wLCBkZi0+bHNtX3N0ciwKLQkJCQkgICAgICAgKHZvaWQgKiopJmRm LT5sc21fcnVsZSk7CisJCQkJICAgICAgICZkZi0+bHNtX3J1bGVzKTsKIAkvKiBLZWVwIGN1cnJl bnRseSBpbnZhbGlkIGZpZWxkcyBhcm91bmQgaW4gY2FzZSB0aGV5CiAJICogYmVjb21lIHZhbGlk IGFmdGVyIGEgcG9saWN5IHJlbG9hZC4gKi8KIAlpZiAocmV0ID09IC1FSU5WQUwpIHsKQEAgLTg1 MCw3ICs4NTAsNyBAQCBzdHJ1Y3QgYXVkaXRfZW50cnkgKmF1ZGl0X2R1cGVfcnVsZShzdHJ1Y3Qg YXVkaXRfa3J1bGUgKm9sZCkKIAluZXctPnRyZWUgPSBvbGQtPnRyZWU7CiAJbWVtY3B5KG5ldy0+ ZmllbGRzLCBvbGQtPmZpZWxkcywgc2l6ZW9mKHN0cnVjdCBhdWRpdF9maWVsZCkgKiBmY291bnQp OwogCi0JLyogZGVlcCBjb3B5IHRoaXMgaW5mb3JtYXRpb24sIHVwZGF0aW5nIHRoZSBsc21fcnVs ZSBmaWVsZHMsIGJlY2F1c2UKKwkvKiBkZWVwIGNvcHkgdGhpcyBpbmZvcm1hdGlvbiwgdXBkYXRp bmcgdGhlIGxzbV9ydWxlcyBmaWVsZHMsIGJlY2F1c2UKIAkgKiB0aGUgb3JpZ2luYWxzIHdpbGwg YWxsIGJlIGZyZWVkIHdoZW4gdGhlIG9sZCBydWxlIGlzIGZyZWVkLiAqLwogCWZvciAoaSA9IDA7 IGkgPCBmY291bnQ7IGkrKykgewogCQlzd2l0Y2ggKG5ldy0+ZmllbGRzW2ldLnR5cGUpIHsKQEAg LTEzNjcsMTAgKzEzNjcsMTEgQEAgaW50IGF1ZGl0X2ZpbHRlcihpbnQgbXNndHlwZSwgdW5zaWdu ZWQgaW50IGxpc3R0eXBlKQogCQkJY2FzZSBBVURJVF9TVUJKX1RZUEU6CiAJCQljYXNlIEFVRElU X1NVQkpfU0VOOgogCQkJY2FzZSBBVURJVF9TVUJKX0NMUjoKLQkJCQlpZiAoZi0+bHNtX3J1bGUp IHsKKwkJCQlpZiAoZi0+bHNtX3N0cikgewogCQkJCQlzZWN1cml0eV9jdXJyZW50X2dldHNlY2lk X3N1YmooJnNpZCk7CiAJCQkJCXJlc3VsdCA9IHNlY3VyaXR5X2F1ZGl0X3J1bGVfbWF0Y2goc2lk LAotCQkJCQkJICAgZi0+dHlwZSwgZi0+b3AsIGYtPmxzbV9ydWxlKTsKKwkJCQkJCSAgIGYtPnR5 cGUsIGYtPm9wLAorCQkJCQkJICAgJmYtPmxzbV9ydWxlcyk7CiAJCQkJfQogCQkJCWJyZWFrOwog CQkJY2FzZSBBVURJVF9FWEU6CkBAIC0xMzk3LDcgKzEzOTgsNyBAQCBpbnQgYXVkaXRfZmlsdGVy KGludCBtc2d0eXBlLCB1bnNpZ25lZCBpbnQgbGlzdHR5cGUpCiAJcmV0dXJuIHJldDsKIH0KIAot c3RhdGljIGludCB1cGRhdGVfbHNtX3J1bGUoc3RydWN0IGF1ZGl0X2tydWxlICpyKQorc3RhdGlj IGludCB1cGRhdGVfbHNtX3J1bGVzKHN0cnVjdCBhdWRpdF9rcnVsZSAqcikKIHsKIAlzdHJ1Y3Qg YXVkaXRfZW50cnkgKmVudHJ5ID0gY29udGFpbmVyX29mKHIsIHN0cnVjdCBhdWRpdF9lbnRyeSwg cnVsZSk7CiAJc3RydWN0IGF1ZGl0X2VudHJ5ICpuZW50cnk7CkBAIC0xNDI5LDcgKzE0MzAsNyBA QCBzdGF0aWMgaW50IHVwZGF0ZV9sc21fcnVsZShzdHJ1Y3QgYXVkaXRfa3J1bGUgKnIpCiAJcmV0 dXJuIGVycjsKIH0KIAotLyogVGhpcyBmdW5jdGlvbiB3aWxsIHJlLWluaXRpYWxpemUgdGhlIGxz bV9ydWxlIGZpZWxkIG9mIGFsbCBhcHBsaWNhYmxlIHJ1bGVzLgorLyogVGhpcyBmdW5jdGlvbiB3 aWxsIHJlLWluaXRpYWxpemUgdGhlIGxzbV9ydWxlcyBmaWVsZCBvZiBhbGwgYXBwbGljYWJsZSBy dWxlcy4KICAqIEl0IHdpbGwgdHJhdmVyc2UgdGhlIGZpbHRlciBsaXN0cyBzZXJhcmNoaW5nIGZv ciBydWxlcyB0aGF0IGNvbnRhaW4gTFNNCiAgKiBzcGVjaWZpYyBmaWx0ZXIgZmllbGRzLiAgV2hl biBzdWNoIGEgcnVsZSBpcyBmb3VuZCwgaXQgaXMgY29waWVkLCB0aGUKICAqIExTTSBmaWVsZCBp cyByZS1pbml0aWFsaXplZCwgYW5kIHRoZSBvbGQgcnVsZSBpcyByZXBsYWNlZCB3aXRoIHRoZQpA QCAtMTQ0NCw3ICsxNDQ1LDcgQEAgaW50IGF1ZGl0X3VwZGF0ZV9sc21fcnVsZXModm9pZCkKIAog CWZvciAoaSA9IDA7IGkgPCBBVURJVF9OUl9GSUxURVJTOyBpKyspIHsKIAkJbGlzdF9mb3JfZWFj aF9lbnRyeV9zYWZlKHIsIG4sICZhdWRpdF9ydWxlc19saXN0W2ldLCBsaXN0KSB7Ci0JCQlpbnQg cmVzID0gdXBkYXRlX2xzbV9ydWxlKHIpOworCQkJaW50IHJlcyA9IHVwZGF0ZV9sc21fcnVsZXMo cik7CiAJCQlpZiAoIWVycikKIAkJCQllcnIgPSByZXM7CiAJCX0KZGlmZiAtLWdpdCBhL2tlcm5l bC9hdWRpdHNjLmMgYi9rZXJuZWwvYXVkaXRzYy5jCmluZGV4IGZjZTVkNDNhOTMzZi4uZjFjMjZh MzIyZjlkIDEwMDY0NAotLS0gYS9rZXJuZWwvYXVkaXRzYy5jCisrKyBiL2tlcm5lbC9hdWRpdHNj LmMKQEAgLTY2NCw3ICs2NjQsNyBAQCBzdGF0aWMgaW50IGF1ZGl0X2ZpbHRlcl9ydWxlcyhzdHJ1 Y3QgdGFza19zdHJ1Y3QgKnRzaywKIAkJCSAgIG1hdGNoIGZvciBub3cgdG8gYXZvaWQgbG9zaW5n IGluZm9ybWF0aW9uIHRoYXQKIAkJCSAgIG1heSBiZSB3YW50ZWQuICAgQW4gZXJyb3IgbWVzc2Fn ZSB3aWxsIGFsc28gYmUKIAkJCSAgIGxvZ2dlZCB1cG9uIGVycm9yICovCi0JCQlpZiAoZi0+bHNt X3J1bGUpIHsKKwkJCWlmIChmLT5sc21fc3RyKSB7CiAJCQkJaWYgKG5lZWRfc2lkKSB7CiAJCQkJ CS8qIEB0c2sgc2hvdWxkIGFsd2F5cyBiZSBlcXVhbCB0bwogCQkJCQkgKiBAY3VycmVudCB3aXRo IHRoZSBleGNlcHRpb24gb2YKQEAgLTY3OSw4ICs2NzksNyBAQCBzdGF0aWMgaW50IGF1ZGl0X2Zp bHRlcl9ydWxlcyhzdHJ1Y3QgdGFza19zdHJ1Y3QgKnRzaywKIAkJCQkJbmVlZF9zaWQgPSAwOwog CQkJCX0KIAkJCQlyZXN1bHQgPSBzZWN1cml0eV9hdWRpdF9ydWxlX21hdGNoKHNpZCwgZi0+dHlw ZSwKLQkJCQkJCQkJICAgZi0+b3AsCi0JCQkJCQkJCSAgIGYtPmxzbV9ydWxlKTsKKwkJCQkJCQlm LT5vcCwgJmYtPmxzbV9ydWxlcyk7CiAJCQl9CiAJCQlicmVhazsKIAkJY2FzZSBBVURJVF9PQkpf VVNFUjoKQEAgLTY5MCwyMSArNjg5LDE5IEBAIHN0YXRpYyBpbnQgYXVkaXRfZmlsdGVyX3J1bGVz KHN0cnVjdCB0YXNrX3N0cnVjdCAqdHNrLAogCQljYXNlIEFVRElUX09CSl9MRVZfSElHSDoKIAkJ CS8qIFRoZSBhYm92ZSBub3RlIGZvciBBVURJVF9TVUJKX1VTRVIuLi5BVURJVF9TVUJKX0NMUgog CQkJICAgYWxzbyBhcHBsaWVzIGhlcmUgKi8KLQkJCWlmIChmLT5sc21fcnVsZSkgeworCQkJaWYg KGYtPmxzbV9zdHIpIHsKIAkJCQkvKiBGaW5kIGZpbGVzIHRoYXQgbWF0Y2ggKi8KIAkJCQlpZiAo bmFtZSkgewogCQkJCQlyZXN1bHQgPSBzZWN1cml0eV9hdWRpdF9ydWxlX21hdGNoKAogCQkJCQkJ CQluYW1lLT5vc2lkLAogCQkJCQkJCQlmLT50eXBlLAogCQkJCQkJCQlmLT5vcCwKLQkJCQkJCQkJ Zi0+bHNtX3J1bGUpOworCQkJCQkJCQkmZi0+bHNtX3J1bGVzKTsKIAkJCQl9IGVsc2UgaWYgKGN0 eCkgewogCQkJCQlsaXN0X2Zvcl9lYWNoX2VudHJ5KG4sICZjdHgtPm5hbWVzX2xpc3QsIGxpc3Qp IHsKIAkJCQkJCWlmIChzZWN1cml0eV9hdWRpdF9ydWxlX21hdGNoKAotCQkJCQkJCQluLT5vc2lk LAotCQkJCQkJCQlmLT50eXBlLAotCQkJCQkJCQlmLT5vcCwKLQkJCQkJCQkJZi0+bHNtX3J1bGUp KSB7CisJCQkJCQkJbi0+b3NpZCwgZi0+dHlwZSwgZi0+b3AsCisJCQkJCQkJJmYtPmxzbV9ydWxl cykpIHsKIAkJCQkJCQkrK3Jlc3VsdDsKIAkJCQkJCQlicmVhazsKIAkJCQkJCX0KQEAgLTcxNSw3 ICs3MTIsNyBAQCBzdGF0aWMgaW50IGF1ZGl0X2ZpbHRlcl9ydWxlcyhzdHJ1Y3QgdGFza19zdHJ1 Y3QgKnRzaywKIAkJCQkJYnJlYWs7CiAJCQkJaWYgKHNlY3VyaXR5X2F1ZGl0X3J1bGVfbWF0Y2go Y3R4LT5pcGMub3NpZCwKIAkJCQkJCQkgICAgICBmLT50eXBlLCBmLT5vcCwKLQkJCQkJCQkgICAg ICBmLT5sc21fcnVsZSkpCisJCQkJCQkJICAgICAgJmYtPmxzbV9ydWxlcykpCiAJCQkJCSsrcmVz dWx0OwogCQkJfQogCQkJYnJlYWs7CmRpZmYgLS1naXQgYS9zZWN1cml0eS9hcHBhcm1vci9sc20u YyBiL3NlY3VyaXR5L2FwcGFybW9yL2xzbS5jCmluZGV4IGJlODk3NmM0MDdmNC4uMWU1M2ZlYTYx MzM1IDEwMDY0NAotLS0gYS9zZWN1cml0eS9hcHBhcm1vci9sc20uYworKysgYi9zZWN1cml0eS9h cHBhcm1vci9sc20uYwpAQCAtMTE2OCw2ICsxMTY4LDExIEBAIHN0cnVjdCBsc21fYmxvYl9zaXpl cyBhcHBhcm1vcl9ibG9iX3NpemVzIF9fbHNtX3JvX2FmdGVyX2luaXQgPSB7CiAJLmxic19zb2Nr ID0gc2l6ZW9mKHN0cnVjdCBhYV9za19jdHgpLAogfTsKIAorc3RhdGljIHN0cnVjdCBsc21faWQg YXBwYXJtb3JfbHNtaWQgX19sc21fcm9fYWZ0ZXJfaW5pdCA9IHsKKwkubHNtICA9ICJhcHBhcm1v ciIsCisJLnNsb3QgPSBMU01CTE9CX05FRURFRAorfTsKKwogc3RhdGljIHN0cnVjdCBzZWN1cml0 eV9ob29rX2xpc3QgYXBwYXJtb3JfaG9va3NbXSBfX2xzbV9yb19hZnRlcl9pbml0ID0gewogCUxT TV9IT09LX0lOSVQocHRyYWNlX2FjY2Vzc19jaGVjaywgYXBwYXJtb3JfcHRyYWNlX2FjY2Vzc19j aGVjayksCiAJTFNNX0hPT0tfSU5JVChwdHJhY2VfdHJhY2VtZSwgYXBwYXJtb3JfcHRyYWNlX3Ry YWNlbWUpLApAQCAtMTg1Myw3ICsxODU4LDcgQEAgc3RhdGljIGludCBfX2luaXQgYXBwYXJtb3Jf aW5pdCh2b2lkKQogCQlnb3RvIGJ1ZmZlcnNfb3V0OwogCX0KIAlzZWN1cml0eV9hZGRfaG9va3Mo YXBwYXJtb3JfaG9va3MsIEFSUkFZX1NJWkUoYXBwYXJtb3JfaG9va3MpLAotCQkJCSJhcHBhcm1v ciIpOworCQkJCSZhcHBhcm1vcl9sc21pZCk7CiAKIAkvKiBSZXBvcnQgdGhhdCBBcHBBcm1vciBz dWNjZXNzZnVsbHkgaW5pdGlhbGl6ZWQgKi8KIAlhcHBhcm1vcl9pbml0aWFsaXplZCA9IDE7CmRp ZmYgLS1naXQgYS9zZWN1cml0eS9icGYvaG9va3MuYyBiL3NlY3VyaXR5L2JwZi9ob29rcy5jCmlu ZGV4IGU1OTcxZmE3NGZkNy4uN2E1OGZlOWFiOGM0IDEwMDY0NAotLS0gYS9zZWN1cml0eS9icGYv aG9va3MuYworKysgYi9zZWN1cml0eS9icGYvaG9va3MuYwpAQCAtMTUsOSArMTUsMTkgQEAgc3Rh dGljIHN0cnVjdCBzZWN1cml0eV9ob29rX2xpc3QgYnBmX2xzbV9ob29rc1tdIF9fbHNtX3JvX2Fm dGVyX2luaXQgPSB7CiAJTFNNX0hPT0tfSU5JVCh0YXNrX2ZyZWUsIGJwZl90YXNrX3N0b3JhZ2Vf ZnJlZSksCiB9OwogCisvKgorICogc2xvdCBoYXMgdG8gYmUgTFNNQkxPQl9ORUVERUQgYmVjYXVz ZSBzb21lIG9mIHRoZSBob29rcworICogc3VwcGxpZWQgYnkgdGhpcyBtb2R1bGUgcmVxdWlyZSBh IHNsb3QuCisgKi8KK3N0cnVjdCBsc21faWQgYnBmX2xzbWlkIF9fbHNtX3JvX2FmdGVyX2luaXQg PSB7CisJLmxzbSA9ICJicGYiLAorCS5zbG90ID0gTFNNQkxPQl9ORUVERUQKK307CisKIHN0YXRp YyBpbnQgX19pbml0IGJwZl9sc21faW5pdCh2b2lkKQogewotCXNlY3VyaXR5X2FkZF9ob29rcyhi cGZfbHNtX2hvb2tzLCBBUlJBWV9TSVpFKGJwZl9sc21faG9va3MpLCAiYnBmIik7CisJc2VjdXJp dHlfYWRkX2hvb2tzKGJwZl9sc21faG9va3MsIEFSUkFZX1NJWkUoYnBmX2xzbV9ob29rcyksCisJ CQkgICAmYnBmX2xzbWlkKTsKIAlwcl9pbmZvKCJMU00gc3VwcG9ydCBmb3IgZUJQRiBhY3RpdmVc biIpOwogCXJldHVybiAwOwogfQpkaWZmIC0tZ2l0IGEvc2VjdXJpdHkvY29tbW9uY2FwLmMgYi9z ZWN1cml0eS9jb21tb25jYXAuYwppbmRleCA1ZmM4OTg2YzNjNzcuLmM5NGVjNDZlMDdhYyAxMDA2 NDQKLS0tIGEvc2VjdXJpdHkvY29tbW9uY2FwLmMKKysrIGIvc2VjdXJpdHkvY29tbW9uY2FwLmMK QEAgLTE0NDYsNiArMTQ0NiwxMSBAQCBpbnQgY2FwX21tYXBfZmlsZShzdHJ1Y3QgZmlsZSAqZmls ZSwgdW5zaWduZWQgbG9uZyByZXFwcm90LAogCiAjaWZkZWYgQ09ORklHX1NFQ1VSSVRZCiAKK3N0 YXRpYyBzdHJ1Y3QgbHNtX2lkIGNhcGFiaWxpdHlfbHNtaWQgX19sc21fcm9fYWZ0ZXJfaW5pdCA9 IHsKKwkubHNtICA9ICJjYXBhYmlsaXR5IiwKKwkuc2xvdCA9IExTTUJMT0JfTk9UX05FRURFRAor fTsKKwogc3RhdGljIHN0cnVjdCBzZWN1cml0eV9ob29rX2xpc3QgY2FwYWJpbGl0eV9ob29rc1td IF9fbHNtX3JvX2FmdGVyX2luaXQgPSB7CiAJTFNNX0hPT0tfSU5JVChjYXBhYmxlLCBjYXBfY2Fw YWJsZSksCiAJTFNNX0hPT0tfSU5JVChzZXR0aW1lLCBjYXBfc2V0dGltZSksCkBAIC0xNDcwLDcg KzE0NzUsNyBAQCBzdGF0aWMgc3RydWN0IHNlY3VyaXR5X2hvb2tfbGlzdCBjYXBhYmlsaXR5X2hv b2tzW10gX19sc21fcm9fYWZ0ZXJfaW5pdCA9IHsKIHN0YXRpYyBpbnQgX19pbml0IGNhcGFiaWxp dHlfaW5pdCh2b2lkKQogewogCXNlY3VyaXR5X2FkZF9ob29rcyhjYXBhYmlsaXR5X2hvb2tzLCBB UlJBWV9TSVpFKGNhcGFiaWxpdHlfaG9va3MpLAotCQkJCSJjYXBhYmlsaXR5Iik7CisJCQkgICAm Y2FwYWJpbGl0eV9sc21pZCk7CiAJcmV0dXJuIDA7CiB9CiAKZGlmZiAtLWdpdCBhL3NlY3VyaXR5 L2xhbmRsb2NrL2NyZWQuYyBiL3NlY3VyaXR5L2xhbmRsb2NrL2NyZWQuYwppbmRleCA2NzI1YWYy NGM2ODQuLjU2YjEyMWQ2NTQzNiAxMDA2NDQKLS0tIGEvc2VjdXJpdHkvbGFuZGxvY2svY3JlZC5j CisrKyBiL3NlY3VyaXR5L2xhbmRsb2NrL2NyZWQuYwpAQCAtNDIsNSArNDIsNSBAQCBzdGF0aWMg c3RydWN0IHNlY3VyaXR5X2hvb2tfbGlzdCBsYW5kbG9ja19ob29rc1tdIF9fbHNtX3JvX2FmdGVy X2luaXQgPSB7CiBfX2luaXQgdm9pZCBsYW5kbG9ja19hZGRfY3JlZF9ob29rcyh2b2lkKQogewog CXNlY3VyaXR5X2FkZF9ob29rcyhsYW5kbG9ja19ob29rcywgQVJSQVlfU0laRShsYW5kbG9ja19o b29rcyksCi0JCQlMQU5ETE9DS19OQU1FKTsKKwkJCSZsYW5kbG9ja19sc21pZCk7CiB9CmRpZmYg LS1naXQgYS9zZWN1cml0eS9sYW5kbG9jay9mcy5jIGIvc2VjdXJpdHkvbGFuZGxvY2svZnMuYwpp bmRleCA5N2I4ZTQyMWY2MTcuLjMxOWU5MGU5MjkwYyAxMDA2NDQKLS0tIGEvc2VjdXJpdHkvbGFu ZGxvY2svZnMuYworKysgYi9zZWN1cml0eS9sYW5kbG9jay9mcy5jCkBAIC02ODgsNSArNjg4LDUg QEAgc3RhdGljIHN0cnVjdCBzZWN1cml0eV9ob29rX2xpc3QgbGFuZGxvY2tfaG9va3NbXSBfX2xz bV9yb19hZnRlcl9pbml0ID0gewogX19pbml0IHZvaWQgbGFuZGxvY2tfYWRkX2ZzX2hvb2tzKHZv aWQpCiB7CiAJc2VjdXJpdHlfYWRkX2hvb2tzKGxhbmRsb2NrX2hvb2tzLCBBUlJBWV9TSVpFKGxh bmRsb2NrX2hvb2tzKSwKLQkJCUxBTkRMT0NLX05BTUUpOworCQkJJmxhbmRsb2NrX2xzbWlkKTsK IH0KZGlmZiAtLWdpdCBhL3NlY3VyaXR5L2xhbmRsb2NrL3B0cmFjZS5jIGIvc2VjdXJpdHkvbGFu ZGxvY2svcHRyYWNlLmMKaW5kZXggZjU1YjgyNDQ2ZGUyLi41NGNjZjU1YTA3N2EgMTAwNjQ0Ci0t LSBhL3NlY3VyaXR5L2xhbmRsb2NrL3B0cmFjZS5jCisrKyBiL3NlY3VyaXR5L2xhbmRsb2NrL3B0 cmFjZS5jCkBAIC0xMTYsNSArMTE2LDUgQEAgc3RhdGljIHN0cnVjdCBzZWN1cml0eV9ob29rX2xp c3QgbGFuZGxvY2tfaG9va3NbXSBfX2xzbV9yb19hZnRlcl9pbml0ID0gewogX19pbml0IHZvaWQg bGFuZGxvY2tfYWRkX3B0cmFjZV9ob29rcyh2b2lkKQogewogCXNlY3VyaXR5X2FkZF9ob29rcyhs YW5kbG9ja19ob29rcywgQVJSQVlfU0laRShsYW5kbG9ja19ob29rcyksCi0JCQlMQU5ETE9DS19O QU1FKTsKKwkJCSZsYW5kbG9ja19sc21pZCk7CiB9CmRpZmYgLS1naXQgYS9zZWN1cml0eS9sYW5k bG9jay9zZXR1cC5jIGIvc2VjdXJpdHkvbGFuZGxvY2svc2V0dXAuYwppbmRleCBmOGU4ZTk4MDQ1 NGMuLjc1OWUwMGI5NDM2YyAxMDA2NDQKLS0tIGEvc2VjdXJpdHkvbGFuZGxvY2svc2V0dXAuYwor KysgYi9zZWN1cml0eS9sYW5kbG9jay9zZXR1cC5jCkBAIC0yMyw2ICsyMywxMSBAQCBzdHJ1Y3Qg bHNtX2Jsb2Jfc2l6ZXMgbGFuZGxvY2tfYmxvYl9zaXplcyBfX2xzbV9yb19hZnRlcl9pbml0ID0g ewogCS5sYnNfc3VwZXJibG9jayA9IHNpemVvZihzdHJ1Y3QgbGFuZGxvY2tfc3VwZXJibG9ja19z ZWN1cml0eSksCiB9OwogCitzdHJ1Y3QgbHNtX2lkIGxhbmRsb2NrX2xzbWlkIF9fbHNtX3JvX2Fm dGVyX2luaXQgPSB7CisJLmxzbSA9IExBTkRMT0NLX05BTUUsCisJLnNsb3QgPSBMU01CTE9CX05P VF9ORUVERUQsCit9OworCiBzdGF0aWMgaW50IF9faW5pdCBsYW5kbG9ja19pbml0KHZvaWQpCiB7 CiAJbGFuZGxvY2tfYWRkX2NyZWRfaG9va3MoKTsKZGlmZiAtLWdpdCBhL3NlY3VyaXR5L2xhbmRs b2NrL3NldHVwLmggYi9zZWN1cml0eS9sYW5kbG9jay9zZXR1cC5oCmluZGV4IDFkYWZmYWIxYWI0 Yi4uMzhiY2U1YjE3MmRjIDEwMDY0NAotLS0gYS9zZWN1cml0eS9sYW5kbG9jay9zZXR1cC5oCisr KyBiL3NlY3VyaXR5L2xhbmRsb2NrL3NldHVwLmgKQEAgLTE0LDUgKzE0LDYgQEAKIGV4dGVybiBi b29sIGxhbmRsb2NrX2luaXRpYWxpemVkOwogCiBleHRlcm4gc3RydWN0IGxzbV9ibG9iX3NpemVz IGxhbmRsb2NrX2Jsb2Jfc2l6ZXM7CitleHRlcm4gc3RydWN0IGxzbV9pZCBsYW5kbG9ja19sc21p ZDsKIAogI2VuZGlmIC8qIF9TRUNVUklUWV9MQU5ETE9DS19TRVRVUF9IICovCmRpZmYgLS1naXQg YS9zZWN1cml0eS9sb2FkcGluL2xvYWRwaW4uYyBiL3NlY3VyaXR5L2xvYWRwaW4vbG9hZHBpbi5j CmluZGV4IGIxMmY3ZDk4NmIxZS4uYjU2OWYzYmMxNzBiIDEwMDY0NAotLS0gYS9zZWN1cml0eS9s b2FkcGluL2xvYWRwaW4uYworKysgYi9zZWN1cml0eS9sb2FkcGluL2xvYWRwaW4uYwpAQCAtMTky LDYgKzE5MiwxMSBAQCBzdGF0aWMgaW50IGxvYWRwaW5fbG9hZF9kYXRhKGVudW0ga2VybmVsX2xv YWRfZGF0YV9pZCBpZCwgYm9vbCBjb250ZW50cykKIAlyZXR1cm4gbG9hZHBpbl9yZWFkX2ZpbGUo TlVMTCwgKGVudW0ga2VybmVsX3JlYWRfZmlsZV9pZCkgaWQsIGNvbnRlbnRzKTsKIH0KIAorc3Rh dGljIHN0cnVjdCBsc21faWQgbG9hZHBpbl9sc21pZCBfX2xzbV9yb19hZnRlcl9pbml0ID0gewor CS5sc20gID0gImxvYWRwaW4iLAorCS5zbG90ID0gTFNNQkxPQl9OT1RfTkVFREVECit9OworCiBz dGF0aWMgc3RydWN0IHNlY3VyaXR5X2hvb2tfbGlzdCBsb2FkcGluX2hvb2tzW10gX19sc21fcm9f YWZ0ZXJfaW5pdCA9IHsKIAlMU01fSE9PS19JTklUKHNiX2ZyZWVfc2VjdXJpdHksIGxvYWRwaW5f c2JfZnJlZV9zZWN1cml0eSksCiAJTFNNX0hPT0tfSU5JVChrZXJuZWxfcmVhZF9maWxlLCBsb2Fk cGluX3JlYWRfZmlsZSksCkBAIC0yMzksNyArMjQ0LDggQEAgc3RhdGljIGludCBfX2luaXQgbG9h ZHBpbl9pbml0KHZvaWQpCiAJcHJfaW5mbygicmVhZHkgdG8gcGluIChjdXJyZW50bHkgJXNlbmZv cmNpbmcpXG4iLAogCQllbmZvcmNlID8gIiIgOiAibm90ICIpOwogCXBhcnNlX2V4Y2x1ZGUoKTsK LQlzZWN1cml0eV9hZGRfaG9va3MobG9hZHBpbl9ob29rcywgQVJSQVlfU0laRShsb2FkcGluX2hv b2tzKSwgImxvYWRwaW4iKTsKKwlzZWN1cml0eV9hZGRfaG9va3MobG9hZHBpbl9ob29rcywgQVJS QVlfU0laRShsb2FkcGluX2hvb2tzKSwKKwkJCSAgICZsb2FkcGluX2xzbWlkKTsKIAlyZXR1cm4g MDsKIH0KIApkaWZmIC0tZ2l0IGEvc2VjdXJpdHkvbG9ja2Rvd24vbG9ja2Rvd24uYyBiL3NlY3Vy aXR5L2xvY2tkb3duL2xvY2tkb3duLmMKaW5kZXggODdjYmRjNjRkMjcyLi40ZTI0ZWEzZjdiN2Ug MTAwNjQ0Ci0tLSBhL3NlY3VyaXR5L2xvY2tkb3duL2xvY2tkb3duLmMKKysrIGIvc2VjdXJpdHkv bG9ja2Rvd24vbG9ja2Rvd24uYwpAQCAtNzUsNiArNzUsMTEgQEAgc3RhdGljIHN0cnVjdCBzZWN1 cml0eV9ob29rX2xpc3QgbG9ja2Rvd25faG9va3NbXSBfX2xzbV9yb19hZnRlcl9pbml0ID0gewog CUxTTV9IT09LX0lOSVQobG9ja2VkX2Rvd24sIGxvY2tkb3duX2lzX2xvY2tlZF9kb3duKSwKIH07 CiAKK3N0YXRpYyBzdHJ1Y3QgbHNtX2lkIGxvY2tkb3duX2xzbWlkIF9fbHNtX3JvX2FmdGVyX2lu aXQgPSB7CisJLmxzbSA9ICJsb2NrZG93biIsCisJLnNsb3QgPSBMU01CTE9CX05PVF9ORUVERUQK K307CisKIHN0YXRpYyBpbnQgX19pbml0IGxvY2tkb3duX2xzbV9pbml0KHZvaWQpCiB7CiAjaWYg ZGVmaW5lZChDT05GSUdfTE9DS19ET1dOX0tFUk5FTF9GT1JDRV9JTlRFR1JJVFkpCkBAIC04Myw3 ICs4OCw3IEBAIHN0YXRpYyBpbnQgX19pbml0IGxvY2tkb3duX2xzbV9pbml0KHZvaWQpCiAJbG9j a19rZXJuZWxfZG93bigiS2VybmVsIGNvbmZpZ3VyYXRpb24iLCBMT0NLRE9XTl9DT05GSURFTlRJ QUxJVFlfTUFYKTsKICNlbmRpZgogCXNlY3VyaXR5X2FkZF9ob29rcyhsb2NrZG93bl9ob29rcywg QVJSQVlfU0laRShsb2NrZG93bl9ob29rcyksCi0JCQkgICAibG9ja2Rvd24iKTsKKwkJCSAgICZs b2NrZG93bl9sc21pZCk7CiAJcmV0dXJuIDA7CiB9CiAKZGlmZiAtLWdpdCBhL3NlY3VyaXR5L3Nh ZmVzZXRpZC9sc20uYyBiL3NlY3VyaXR5L3NhZmVzZXRpZC9sc20uYwppbmRleCA5NjNmNGFkOWNi NjYuLjBjMzY4OTUwZGMxNCAxMDA2NDQKLS0tIGEvc2VjdXJpdHkvc2FmZXNldGlkL2xzbS5jCisr KyBiL3NlY3VyaXR5L3NhZmVzZXRpZC9sc20uYwpAQCAtMjQxLDYgKzI0MSwxMSBAQCBzdGF0aWMg aW50IHNhZmVzZXRpZF90YXNrX2ZpeF9zZXRnaWQoc3RydWN0IGNyZWQgKm5ldywKIAlyZXR1cm4g LUVBQ0NFUzsKIH0KIAorc3RhdGljIHN0cnVjdCBsc21faWQgc2FmZXNldGlkX2xzbWlkIF9fbHNt X3JvX2FmdGVyX2luaXQgPSB7CisJLmxzbSAgPSAic2FmZXNldGlkIiwKKwkuc2xvdCA9IExTTUJM T0JfTk9UX05FRURFRAorfTsKKwogc3RhdGljIHN0cnVjdCBzZWN1cml0eV9ob29rX2xpc3Qgc2Fm ZXNldGlkX3NlY3VyaXR5X2hvb2tzW10gPSB7CiAJTFNNX0hPT0tfSU5JVCh0YXNrX2ZpeF9zZXR1 aWQsIHNhZmVzZXRpZF90YXNrX2ZpeF9zZXR1aWQpLAogCUxTTV9IT09LX0lOSVQodGFza19maXhf c2V0Z2lkLCBzYWZlc2V0aWRfdGFza19maXhfc2V0Z2lkKSwKQEAgLTI1MCw3ICsyNTUsOCBAQCBz dGF0aWMgc3RydWN0IHNlY3VyaXR5X2hvb2tfbGlzdCBzYWZlc2V0aWRfc2VjdXJpdHlfaG9va3Nb XSA9IHsKIHN0YXRpYyBpbnQgX19pbml0IHNhZmVzZXRpZF9zZWN1cml0eV9pbml0KHZvaWQpCiB7 CiAJc2VjdXJpdHlfYWRkX2hvb2tzKHNhZmVzZXRpZF9zZWN1cml0eV9ob29rcywKLQkJCSAgIEFS UkFZX1NJWkUoc2FmZXNldGlkX3NlY3VyaXR5X2hvb2tzKSwgInNhZmVzZXRpZCIpOworCQkJICAg QVJSQVlfU0laRShzYWZlc2V0aWRfc2VjdXJpdHlfaG9va3MpLAorCQkJICAgJnNhZmVzZXRpZF9s c21pZCk7CiAKIAkvKiBSZXBvcnQgdGhhdCBTYWZlU2V0SUQgc3VjY2Vzc2Z1bGx5IGluaXRpYWxp emVkICovCiAJc2FmZXNldGlkX2luaXRpYWxpemVkID0gMTsKZGlmZiAtLWdpdCBhL3NlY3VyaXR5 L3NlY3VyaXR5LmMgYi9zZWN1cml0eS9zZWN1cml0eS5jCmluZGV4IGYyZDRiMjA2MTNjOC4uMmJm MjFjNzI2YmEwIDEwMDY0NAotLS0gYS9zZWN1cml0eS9zZWN1cml0eS5jCisrKyBiL3NlY3VyaXR5 L3NlY3VyaXR5LmMKQEAgLTM0NSw2ICszNDUsNyBAQCBzdGF0aWMgdm9pZCBfX2luaXQgb3JkZXJl ZF9sc21faW5pdCh2b2lkKQogCWluaXRfZGVidWcoInNvY2sgYmxvYiBzaXplICAgICAgID0gJWRc biIsIGJsb2Jfc2l6ZXMubGJzX3NvY2spOwogCWluaXRfZGVidWcoInN1cGVyYmxvY2sgYmxvYiBz aXplID0gJWRcbiIsIGJsb2Jfc2l6ZXMubGJzX3N1cGVyYmxvY2spOwogCWluaXRfZGVidWcoInRh c2sgYmxvYiBzaXplICAgICAgID0gJWRcbiIsIGJsb2Jfc2l6ZXMubGJzX3Rhc2spOworCWluaXRf ZGVidWcoImxzbWJsb2Igc2l6ZSAgICAgICAgID0gJXp1XG4iLCBzaXplb2Yoc3RydWN0IGxzbWJs b2IpKTsKIAogCS8qCiAJICogQ3JlYXRlIGFueSBrbWVtX2NhY2hlcyBuZWVkZWQgZm9yIGJsb2Jz CkBAIC00NzIsMjEgKzQ3MywzOCBAQCBzdGF0aWMgaW50IGxzbV9hcHBlbmQoY29uc3QgY2hhciAq bmV3LCBjaGFyICoqcmVzdWx0KQogCXJldHVybiAwOwogfQogCisvKgorICogQ3VycmVudCBpbmRl eCB0byB1c2Ugd2hpbGUgaW5pdGlhbGl6aW5nIHRoZSBsc21ibG9iIHNlY2lkIGxpc3QuCisgKi8K K3N0YXRpYyBpbnQgbHNtX3Nsb3QgX19sc21fcm9fYWZ0ZXJfaW5pdDsKKwogLyoqCiAgKiBzZWN1 cml0eV9hZGRfaG9va3MgLSBBZGQgYSBtb2R1bGVzIGhvb2tzIHRvIHRoZSBob29rIGxpc3RzLgog ICogQGhvb2tzOiB0aGUgaG9va3MgdG8gYWRkCiAgKiBAY291bnQ6IHRoZSBudW1iZXIgb2YgaG9v a3MgdG8gYWRkCi0gKiBAbHNtOiB0aGUgbmFtZSBvZiB0aGUgc2VjdXJpdHkgbW9kdWxlCisgKiBA bHNtaWQ6IHRoZSBpZGVudGlmaWNhdGlvbiBpbmZvcm1hdGlvbiBmb3IgdGhlIHNlY3VyaXR5IG1v ZHVsZQogICoKICAqIEVhY2ggTFNNIGhhcyB0byByZWdpc3RlciBpdHMgaG9va3Mgd2l0aCB0aGUg aW5mcmFzdHJ1Y3R1cmUuCisgKiBJZiB0aGUgTFNNIGlzIHVzaW5nIGhvb2tzIHRoYXQgZXhwb3J0 IHNlY2lkcyBhbGxvY2F0ZSBhIHNsb3QKKyAqIGZvciBpdCBpbiB0aGUgbHNtYmxvYi4KICAqLwog dm9pZCBfX2luaXQgc2VjdXJpdHlfYWRkX2hvb2tzKHN0cnVjdCBzZWN1cml0eV9ob29rX2xpc3Qg Kmhvb2tzLCBpbnQgY291bnQsCi0JCQkJY2hhciAqbHNtKQorCQkJICAgICAgIHN0cnVjdCBsc21f aWQgKmxzbWlkKQogewogCWludCBpOwogCisJV0FSTl9PTighbHNtaWQtPnNsb3QgfHwgIWxzbWlk LT5sc20pOworCisJaWYgKGxzbWlkLT5zbG90ID09IExTTUJMT0JfTkVFREVEKSB7CisJCWlmIChs c21fc2xvdCA+PSBMU01CTE9CX0VOVFJJRVMpCisJCQlwYW5pYygiJXMgVG9vIG1hbnkgTFNNcyBy ZWdpc3RlcmVkLlxuIiwgX19mdW5jX18pOworCQlsc21pZC0+c2xvdCA9IGxzbV9zbG90Kys7CisJ CWluaXRfZGVidWcoIiVzIGFzc2lnbmVkIGxzbWJsb2Igc2xvdCAlZFxuIiwgbHNtaWQtPmxzbSwK KwkJCSAgIGxzbWlkLT5zbG90KTsKKwl9CisKIAlmb3IgKGkgPSAwOyBpIDwgY291bnQ7IGkrKykg ewotCQlob29rc1tpXS5sc20gPSBsc207CisJCWhvb2tzW2ldLmxzbWlkID0gbHNtaWQ7CiAJCWhs aXN0X2FkZF90YWlsX3JjdSgmaG9va3NbaV0ubGlzdCwgaG9va3NbaV0uaGVhZCk7CiAJfQogCkBA IC00OTUsNyArNTEzLDcgQEAgdm9pZCBfX2luaXQgc2VjdXJpdHlfYWRkX2hvb2tzKHN0cnVjdCBz ZWN1cml0eV9ob29rX2xpc3QgKmhvb2tzLCBpbnQgY291bnQsCiAJICogYW5kIGZpeCB0aGlzIHVw IGFmdGVyd2FyZHMuCiAJICovCiAJaWYgKHNsYWJfaXNfYXZhaWxhYmxlKCkpIHsKLQkJaWYgKGxz bV9hcHBlbmQobHNtLCAmbHNtX25hbWVzKSA8IDApCisJCWlmIChsc21fYXBwZW5kKGxzbWlkLT5s c20sICZsc21fbmFtZXMpIDwgMCkKIAkJCXBhbmljKCIlcyAtIENhbm5vdCBnZXQgZWFybHkgbWVt b3J5LlxuIiwgX19mdW5jX18pOwogCX0KIH0KQEAgLTIwNzUsNyArMjA5Myw3IEBAIGludCBzZWN1 cml0eV9nZXRwcm9jYXR0cihzdHJ1Y3QgdGFza19zdHJ1Y3QgKnAsIGNvbnN0IGNoYXIgKmxzbSwg Y2hhciAqbmFtZSwKIAlzdHJ1Y3Qgc2VjdXJpdHlfaG9va19saXN0ICpocDsKIAogCWhsaXN0X2Zv cl9lYWNoX2VudHJ5KGhwLCAmc2VjdXJpdHlfaG9va19oZWFkcy5nZXRwcm9jYXR0ciwgbGlzdCkg ewotCQlpZiAobHNtICE9IE5VTEwgJiYgc3RyY21wKGxzbSwgaHAtPmxzbSkpCisJCWlmIChsc20g IT0gTlVMTCAmJiBzdHJjbXAobHNtLCBocC0+bHNtaWQtPmxzbSkpCiAJCQljb250aW51ZTsKIAkJ cmV0dXJuIGhwLT5ob29rLmdldHByb2NhdHRyKHAsIG5hbWUsIHZhbHVlKTsKIAl9CkBAIC0yMDg4 LDcgKzIxMDYsNyBAQCBpbnQgc2VjdXJpdHlfc2V0cHJvY2F0dHIoY29uc3QgY2hhciAqbHNtLCBj b25zdCBjaGFyICpuYW1lLCB2b2lkICp2YWx1ZSwKIAlzdHJ1Y3Qgc2VjdXJpdHlfaG9va19saXN0 ICpocDsKIAogCWhsaXN0X2Zvcl9lYWNoX2VudHJ5KGhwLCAmc2VjdXJpdHlfaG9va19oZWFkcy5z ZXRwcm9jYXR0ciwgbGlzdCkgewotCQlpZiAobHNtICE9IE5VTEwgJiYgc3RyY21wKGxzbSwgaHAt PmxzbSkpCisJCWlmIChsc20gIT0gTlVMTCAmJiBzdHJjbXAobHNtLCBocC0+bHNtaWQtPmxzbSkp CiAJCQljb250aW51ZTsKIAkJcmV0dXJuIGhwLT5ob29rLnNldHByb2NhdHRyKG5hbWUsIHZhbHVl LCBzaXplKTsKIAl9CkBAIC0yNTc5LDkgKzI1OTcsMjcgQEAgaW50IHNlY3VyaXR5X2tleV9nZXRz ZWN1cml0eShzdHJ1Y3Qga2V5ICprZXksIGNoYXIgKipfYnVmZmVyKQogCiAjaWZkZWYgQ09ORklH X0FVRElUCiAKLWludCBzZWN1cml0eV9hdWRpdF9ydWxlX2luaXQodTMyIGZpZWxkLCB1MzIgb3As IGNoYXIgKnJ1bGVzdHIsIHZvaWQgKipsc21ydWxlKQoraW50IHNlY3VyaXR5X2F1ZGl0X3J1bGVf aW5pdCh1MzIgZmllbGQsIHUzMiBvcCwgY2hhciAqcnVsZXN0ciwKKwkJCSAgICAgc3RydWN0IGF1 ZGl0X2xzbV9ydWxlcyAqbHNtcnVsZXMpCiB7Ci0JcmV0dXJuIGNhbGxfaW50X2hvb2soYXVkaXRf cnVsZV9pbml0LCAwLCBmaWVsZCwgb3AsIHJ1bGVzdHIsIGxzbXJ1bGUpOworCXN0cnVjdCBzZWN1 cml0eV9ob29rX2xpc3QgKmhwOworCWJvb2wgb25lX2lzX2dvb2QgPSBmYWxzZTsKKwlpbnQgcmMg PSAwOworCWludCB0cmM7CisKKwlobGlzdF9mb3JfZWFjaF9lbnRyeShocCwgJnNlY3VyaXR5X2hv b2tfaGVhZHMuYXVkaXRfcnVsZV9pbml0LCBsaXN0KSB7CisJCWlmIChXQVJOX09OKGhwLT5sc21p ZC0+c2xvdCA8IDAgfHwgaHAtPmxzbWlkLT5zbG90ID49IGxzbV9zbG90KSkKKwkJCWNvbnRpbnVl OworCQl0cmMgPSBocC0+aG9vay5hdWRpdF9ydWxlX2luaXQoZmllbGQsIG9wLCBydWxlc3RyLAor CQkJCQkmbHNtcnVsZXMtPnJ1bGVbaHAtPmxzbWlkLT5zbG90XSk7CisJCWlmICh0cmMgPT0gMCkK KwkJCW9uZV9pc19nb29kID0gdHJ1ZTsKKwkJZWxzZQorCQkJcmMgPSB0cmM7CisJfQorCWlmIChv bmVfaXNfZ29vZCkKKwkJcmV0dXJuIDA7CisJcmV0dXJuIHJjOwogfQogCiBpbnQgc2VjdXJpdHlf YXVkaXRfcnVsZV9rbm93bihzdHJ1Y3QgYXVkaXRfa3J1bGUgKmtydWxlKQpAQCAtMjU4OSwxNCAr MjYyNSwzNiBAQCBpbnQgc2VjdXJpdHlfYXVkaXRfcnVsZV9rbm93bihzdHJ1Y3QgYXVkaXRfa3J1 bGUgKmtydWxlKQogCXJldHVybiBjYWxsX2ludF9ob29rKGF1ZGl0X3J1bGVfa25vd24sIDAsIGty dWxlKTsKIH0KIAotdm9pZCBzZWN1cml0eV9hdWRpdF9ydWxlX2ZyZWUodm9pZCAqbHNtcnVsZSkK K3ZvaWQgc2VjdXJpdHlfYXVkaXRfcnVsZV9mcmVlKHN0cnVjdCBhdWRpdF9sc21fcnVsZXMgKmxz bXJ1bGVzKQogewotCWNhbGxfdm9pZF9ob29rKGF1ZGl0X3J1bGVfZnJlZSwgbHNtcnVsZSk7CisJ c3RydWN0IHNlY3VyaXR5X2hvb2tfbGlzdCAqaHA7CisKKwlobGlzdF9mb3JfZWFjaF9lbnRyeSho cCwgJnNlY3VyaXR5X2hvb2tfaGVhZHMuYXVkaXRfcnVsZV9mcmVlLCBsaXN0KSB7CisJCWlmIChX QVJOX09OKGhwLT5sc21pZC0+c2xvdCA8IDAgfHwgaHAtPmxzbWlkLT5zbG90ID49IGxzbV9zbG90 KSkKKwkJCWNvbnRpbnVlOworCQlpZiAobHNtcnVsZXMtPnJ1bGVbaHAtPmxzbWlkLT5zbG90XSA9 PSBOVUxMKQorCQkJY29udGludWU7CisJCWhwLT5ob29rLmF1ZGl0X3J1bGVfZnJlZShsc21ydWxl cy0+cnVsZVtocC0+bHNtaWQtPnNsb3RdKTsKKwl9CiB9CiAKLWludCBzZWN1cml0eV9hdWRpdF9y dWxlX21hdGNoKHUzMiBzZWNpZCwgdTMyIGZpZWxkLCB1MzIgb3AsIHZvaWQgKmxzbXJ1bGUpCitp bnQgc2VjdXJpdHlfYXVkaXRfcnVsZV9tYXRjaCh1MzIgc2VjaWQsIHUzMiBmaWVsZCwgdTMyIG9w LAorCQkJICAgICAgc3RydWN0IGF1ZGl0X2xzbV9ydWxlcyAqbHNtcnVsZXMpCiB7Ci0JcmV0dXJu IGNhbGxfaW50X2hvb2soYXVkaXRfcnVsZV9tYXRjaCwgMCwgc2VjaWQsIGZpZWxkLCBvcCwgbHNt cnVsZSk7CisJc3RydWN0IHNlY3VyaXR5X2hvb2tfbGlzdCAqaHA7CisJaW50IHJjOworCisJaGxp c3RfZm9yX2VhY2hfZW50cnkoaHAsICZzZWN1cml0eV9ob29rX2hlYWRzLmF1ZGl0X3J1bGVfbWF0 Y2gsIGxpc3QpIHsKKwkJaWYgKFdBUk5fT04oaHAtPmxzbWlkLT5zbG90IDwgMCB8fCBocC0+bHNt aWQtPnNsb3QgPj0gbHNtX3Nsb3QpKQorCQkJY29udGludWU7CisJCWlmIChsc21ydWxlcy0+cnVs ZVtocC0+bHNtaWQtPnNsb3RdID09IE5VTEwpCisJCQljb250aW51ZTsKKwkJcmMgPSBocC0+aG9v ay5hdWRpdF9ydWxlX21hdGNoKHNlY2lkLCBmaWVsZCwgb3AsCisJCQkJCSZsc21ydWxlcy0+cnVs ZVtocC0+bHNtaWQtPnNsb3RdKTsKKwkJaWYgKHJjKQorCQkJcmV0dXJuIHJjOworCX0KKwlyZXR1 cm4gMDsKIH0KICNlbmRpZiAvKiBDT05GSUdfQVVESVQgKi8KIApkaWZmIC0tZ2l0IGEvc2VjdXJp dHkvc2VsaW51eC9ob29rcy5jIGIvc2VjdXJpdHkvc2VsaW51eC9ob29rcy5jCmluZGV4IGRmZmRl NDBkMzY3ZS4uZDY3YmNkMWFlYWY1IDEwMDY0NAotLS0gYS9zZWN1cml0eS9zZWxpbnV4L2hvb2tz LmMKKysrIGIvc2VjdXJpdHkvc2VsaW51eC9ob29rcy5jCkBAIC03MDA5LDYgKzcwMDksMTEgQEAg c3RhdGljIGludCBzZWxpbnV4X3VyaW5nX3NxcG9sbCh2b2lkKQogfQogI2VuZGlmIC8qIENPTkZJ R19JT19VUklORyAqLwogCitzdGF0aWMgc3RydWN0IGxzbV9pZCBzZWxpbnV4X2xzbWlkIF9fbHNt X3JvX2FmdGVyX2luaXQgPSB7CisJLmxzbSAgPSAic2VsaW51eCIsCisJLnNsb3QgPSBMU01CTE9C X05FRURFRAorfTsKKwogLyoKICAqIElNUE9SVEFOVCBOT1RFOiBXaGVuIGFkZGluZyBuZXcgaG9v a3MsIHBsZWFzZSBiZSBjYXJlZnVsIHRvIGtlZXAgdGhpcyBvcmRlcjoKICAqIDEuIGFueSBob29r cyB0aGF0IGRvbid0IGJlbG9uZyB0byAoMi4pIG9yICgzLikgYmVsb3csCkBAIC03MzI0LDcgKzcz MjksOCBAQCBzdGF0aWMgX19pbml0IGludCBzZWxpbnV4X2luaXQodm9pZCkKIAogCWhhc2h0YWJf Y2FjaGVfaW5pdCgpOwogCi0Jc2VjdXJpdHlfYWRkX2hvb2tzKHNlbGludXhfaG9va3MsIEFSUkFZ X1NJWkUoc2VsaW51eF9ob29rcyksICJzZWxpbnV4Iik7CisJc2VjdXJpdHlfYWRkX2hvb2tzKHNl bGludXhfaG9va3MsIEFSUkFZX1NJWkUoc2VsaW51eF9ob29rcyksCisJCQkgICAmc2VsaW51eF9s c21pZCk7CiAKIAlpZiAoYXZjX2FkZF9jYWxsYmFjayhzZWxpbnV4X25ldGNhY2hlX2F2Y19jYWxs YmFjaywgQVZDX0NBTExCQUNLX1JFU0VUKSkKIAkJcGFuaWMoIlNFTGludXg6IFVuYWJsZSB0byBy ZWdpc3RlciBBVkMgbmV0Y2FjaGUgY2FsbGJhY2tcbiIpOwpkaWZmIC0tZ2l0IGEvc2VjdXJpdHkv c21hY2svc21hY2tfbHNtLmMgYi9zZWN1cml0eS9zbWFjay9zbWFja19sc20uYwppbmRleCBkNThi NTAwMDZlNzkuLmZmODMyZDQ3NDc5ZiAxMDA2NDQKLS0tIGEvc2VjdXJpdHkvc21hY2svc21hY2tf bHNtLmMKKysrIGIvc2VjdXJpdHkvc21hY2svc21hY2tfbHNtLmMKQEAgLTQ3NDQsNiArNDc0NCwx MSBAQCBzdHJ1Y3QgbHNtX2Jsb2Jfc2l6ZXMgc21hY2tfYmxvYl9zaXplcyBfX2xzbV9yb19hZnRl cl9pbml0ID0gewogCS5sYnNfc3VwZXJibG9jayA9IHNpemVvZihzdHJ1Y3Qgc3VwZXJibG9ja19z bWFjayksCiB9OwogCitzdGF0aWMgc3RydWN0IGxzbV9pZCBzbWFja19sc21pZCBfX2xzbV9yb19h ZnRlcl9pbml0ID0geworCS5sc20gID0gInNtYWNrIiwKKwkuc2xvdCA9IExTTUJMT0JfTkVFREVE Cit9OworCiBzdGF0aWMgc3RydWN0IHNlY3VyaXR5X2hvb2tfbGlzdCBzbWFja19ob29rc1tdIF9f bHNtX3JvX2FmdGVyX2luaXQgPSB7CiAJTFNNX0hPT0tfSU5JVChwdHJhY2VfYWNjZXNzX2NoZWNr LCBzbWFja19wdHJhY2VfYWNjZXNzX2NoZWNrKSwKIAlMU01fSE9PS19JTklUKHB0cmFjZV90cmFj ZW1lLCBzbWFja19wdHJhY2VfdHJhY2VtZSksCkBAIC00OTQ3LDcgKzQ5NTIsNyBAQCBzdGF0aWMg X19pbml0IGludCBzbWFja19pbml0KHZvaWQpCiAJLyoKIAkgKiBSZWdpc3RlciB3aXRoIExTTQog CSAqLwotCXNlY3VyaXR5X2FkZF9ob29rcyhzbWFja19ob29rcywgQVJSQVlfU0laRShzbWFja19o b29rcyksICJzbWFjayIpOworCXNlY3VyaXR5X2FkZF9ob29rcyhzbWFja19ob29rcywgQVJSQVlf U0laRShzbWFja19ob29rcyksICZzbWFja19sc21pZCk7CiAJc21hY2tfZW5hYmxlZCA9IDE7CiAK IAlwcl9pbmZvKCJTbWFjazogIEluaXRpYWxpemluZy5cbiIpOwpkaWZmIC0tZ2l0IGEvc2VjdXJp dHkvdG9tb3lvL3RvbW95by5jIGIvc2VjdXJpdHkvdG9tb3lvL3RvbW95by5jCmluZGV4IGI2YTMx OTAxZjI4OS4uZThmNmJiOTc4MmMxIDEwMDY0NAotLS0gYS9zZWN1cml0eS90b21veW8vdG9tb3lv LmMKKysrIGIvc2VjdXJpdHkvdG9tb3lvL3RvbW95by5jCkBAIC01MjEsNiArNTIxLDExIEBAIHN0 YXRpYyB2b2lkIHRvbW95b190YXNrX2ZyZWUoc3RydWN0IHRhc2tfc3RydWN0ICp0YXNrKQogCX0K IH0KIAorc3RhdGljIHN0cnVjdCBsc21faWQgdG9tb3lvX2xzbWlkIF9fbHNtX3JvX2FmdGVyX2lu aXQgPSB7CisJLmxzbSAgPSAidG9tb3lvIiwKKwkuc2xvdCA9IExTTUJMT0JfTk9UX05FRURFRAor fTsKKwogLyoKICAqIHRvbW95b19zZWN1cml0eV9vcHMgaXMgYSAic3RydWN0IHNlY3VyaXR5X29w ZXJhdGlvbnMiIHdoaWNoIGlzIHVzZWQgZm9yCiAgKiByZWdpc3RlcmluZyBUT01PWU8uCkBAIC01 NzMsNyArNTc4LDggQEAgc3RhdGljIGludCBfX2luaXQgdG9tb3lvX2luaXQodm9pZCkKIAlzdHJ1 Y3QgdG9tb3lvX3Rhc2sgKnMgPSB0b21veW9fdGFzayhjdXJyZW50KTsKIAogCS8qIHJlZ2lzdGVy IG91cnNlbHZlcyB3aXRoIHRoZSBzZWN1cml0eSBmcmFtZXdvcmsgKi8KLQlzZWN1cml0eV9hZGRf aG9va3ModG9tb3lvX2hvb2tzLCBBUlJBWV9TSVpFKHRvbW95b19ob29rcyksICJ0b21veW8iKTsK KwlzZWN1cml0eV9hZGRfaG9va3ModG9tb3lvX2hvb2tzLCBBUlJBWV9TSVpFKHRvbW95b19ob29r cyksCisJCQkgICAmdG9tb3lvX2xzbWlkKTsKIAlwcl9pbmZvKCJUT01PWU8gTGludXggaW5pdGlh bGl6ZWRcbiIpOwogCXMtPmRvbWFpbl9pbmZvID0gJnRvbW95b19rZXJuZWxfZG9tYWluOwogCWF0 b21pY19pbmMoJnRvbW95b19rZXJuZWxfZG9tYWluLnVzZXJzKTsKZGlmZiAtLWdpdCBhL3NlY3Vy aXR5L3lhbWEveWFtYV9sc20uYyBiL3NlY3VyaXR5L3lhbWEveWFtYV9sc20uYwppbmRleCAwNmUy MjYxNjZhYWIuLmE5NjM5ZWE1NDFmNyAxMDA2NDQKLS0tIGEvc2VjdXJpdHkveWFtYS95YW1hX2xz bS5jCisrKyBiL3NlY3VyaXR5L3lhbWEveWFtYV9sc20uYwpAQCAtNDIxLDYgKzQyMSwxMSBAQCBz dGF0aWMgaW50IHlhbWFfcHRyYWNlX3RyYWNlbWUoc3RydWN0IHRhc2tfc3RydWN0ICpwYXJlbnQp CiAJcmV0dXJuIHJjOwogfQogCitzdGF0aWMgc3RydWN0IGxzbV9pZCB5YW1hX2xzbWlkIF9fbHNt X3JvX2FmdGVyX2luaXQgPSB7CisJLmxzbSAgPSAieWFtYSIsCisJLnNsb3QgPSBMU01CTE9CX05P VF9ORUVERUQKK307CisKIHN0YXRpYyBzdHJ1Y3Qgc2VjdXJpdHlfaG9va19saXN0IHlhbWFfaG9v a3NbXSBfX2xzbV9yb19hZnRlcl9pbml0ID0gewogCUxTTV9IT09LX0lOSVQocHRyYWNlX2FjY2Vz c19jaGVjaywgeWFtYV9wdHJhY2VfYWNjZXNzX2NoZWNrKSwKIAlMU01fSE9PS19JTklUKHB0cmFj ZV90cmFjZW1lLCB5YW1hX3B0cmFjZV90cmFjZW1lKSwKQEAgLTQ3Nyw3ICs0ODIsNyBAQCBzdGF0 aWMgaW5saW5lIHZvaWQgeWFtYV9pbml0X3N5c2N0bCh2b2lkKSB7IH0KIHN0YXRpYyBpbnQgX19p bml0IHlhbWFfaW5pdCh2b2lkKQogewogCXByX2luZm8oIllhbWE6IGJlY29taW5nIG1pbmRmdWwu XG4iKTsKLQlzZWN1cml0eV9hZGRfaG9va3MoeWFtYV9ob29rcywgQVJSQVlfU0laRSh5YW1hX2hv b2tzKSwgInlhbWEiKTsKKwlzZWN1cml0eV9hZGRfaG9va3MoeWFtYV9ob29rcywgQVJSQVlfU0la RSh5YW1hX2hvb2tzKSwgJnlhbWFfbHNtaWQpOwogCXlhbWFfaW5pdF9zeXNjdGwoKTsKIAlyZXR1 cm4gMDsKIH0KLS0gCjIuMzEuMQoKLS0KTGludXgtYXVkaXQgbWFpbGluZyBsaXN0CkxpbnV4LWF1 ZGl0QHJlZGhhdC5jb20KaHR0cHM6Ly9saXN0bWFuLnJlZGhhdC5jb20vbWFpbG1hbi9saXN0aW5m by9saW51eC1hdWRpdAo=