From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-13.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 10C8BC2B9F2 for ; Sat, 22 May 2021 08:37:29 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id E233A61074 for ; Sat, 22 May 2021 08:37:28 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230150AbhEVIiv (ORCPT ); Sat, 22 May 2021 04:38:51 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57500 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230096AbhEVIit (ORCPT ); Sat, 22 May 2021 04:38:49 -0400 Received: from smtp-42a8.mail.infomaniak.ch (smtp-42a8.mail.infomaniak.ch [IPv6:2001:1600:4:17::42a8]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id AFE2BC061574 for ; Sat, 22 May 2021 01:37:24 -0700 (PDT) Received: from smtp-3-0001.mail.infomaniak.ch (unknown [10.4.36.108]) by smtp-3-3000.mail.infomaniak.ch (Postfix) with ESMTPS id 4FnH0H2rnPzMpwvM; Sat, 22 May 2021 10:37:19 +0200 (CEST) Received: from ns3096276.ip-94-23-54.eu (unknown [23.97.221.149]) by smtp-3-0001.mail.infomaniak.ch (Postfix) with ESMTPA id 4FnH0B6q19zlmrrn; Sat, 22 May 2021 10:37:14 +0200 (CEST) Subject: Re: [PATCH v26 02/25] LSM: Add the lsmblob data structure. To: Casey Schaufler , casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, bpf@vger.kernel.org References: <20210513200807.15910-1-casey@schaufler-ca.com> <20210513200807.15910-3-casey@schaufler-ca.com> From: =?UTF-8?Q?Micka=c3=abl_Sala=c3=bcn?= Message-ID: <206971d6-70c7-e217-299f-1884310afa15@digikod.net> Date: Sat, 22 May 2021 10:39:01 +0200 User-Agent: MIME-Version: 1.0 In-Reply-To: <20210513200807.15910-3-casey@schaufler-ca.com> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org I like this design but there is an issue with Landlock though, see below. On 13/05/2021 22:07, Casey Schaufler wrote: > When more than one security module is exporting data to > audit and networking sub-systems a single 32 bit integer > is no longer sufficient to represent the data. Add a > structure to be used instead. > > The lsmblob structure is currently an array of > u32 "secids". There is an entry for each of the > security modules built into the system that would > use secids if active. The system assigns the module > a "slot" when it registers hooks. If modules are > compiled in but not registered there will be unused > slots. > > A new lsm_id structure, which contains the name > of the LSM and its slot number, is created. There > is an instance for each LSM, which assigns the name > and passes it to the infrastructure to set the slot. > > The audit rules data is expanded to use an array of > security module data rather than a single instance. > Because IMA uses the audit rule functions it is > affected as well. > > Acked-by: Stephen Smalley > Acked-by: Paul Moore > Acked-by: John Johansen > Signed-off-by: Casey Schaufler > Cc: > Cc: linux-audit@redhat.com > Cc: linux-security-module@vger.kernel.org > Cc: selinux@vger.kernel.org > To: Mimi Zohar > To: Mickaël Salaün > --- > include/linux/audit.h | 4 +- > include/linux/lsm_hooks.h | 12 ++++- > include/linux/security.h | 67 +++++++++++++++++++++++++-- > kernel/auditfilter.c | 24 +++++----- > kernel/auditsc.c | 13 +++--- > security/apparmor/lsm.c | 7 ++- > security/bpf/hooks.c | 12 ++++- > security/commoncap.c | 7 ++- > security/integrity/ima/ima_policy.c | 40 +++++++++++----- > security/landlock/cred.c | 2 +- > security/landlock/fs.c | 2 +- > security/landlock/ptrace.c | 2 +- > security/landlock/setup.c | 4 ++ > security/landlock/setup.h | 1 + > security/loadpin/loadpin.c | 8 +++- > security/lockdown/lockdown.c | 7 ++- > security/safesetid/lsm.c | 8 +++- > security/security.c | 72 ++++++++++++++++++++++++----- > security/selinux/hooks.c | 8 +++- > security/smack/smack_lsm.c | 7 ++- > security/tomoyo/tomoyo.c | 8 +++- > security/yama/yama_lsm.c | 7 ++- > 22 files changed, 262 insertions(+), 60 deletions(-) > [...] > diff --git a/security/landlock/setup.c b/security/landlock/setup.c > index f8e8e980454c..4a12666a4090 100644 > --- a/security/landlock/setup.c > +++ b/security/landlock/setup.c > @@ -23,6 +23,10 @@ struct lsm_blob_sizes landlock_blob_sizes __lsm_ro_after_init = { > .lbs_superblock = sizeof(struct landlock_superblock_security), > }; > > +struct lsm_id landlock_lsmid __lsm_ro_after_init = { > + .lsm = LANDLOCK_NAME, It is missing: .slot = LSMBLOB_NEEDED, You can run the Landlock tests please? make -C tools/testing/selftests TARGETS=landlock gen_tar tar -xf kselftest.tar.gz && ./run_kselftest.sh > +}; > + > static int __init landlock_init(void) > { > landlock_add_cred_hooks(); [...] > diff --git a/security/security.c b/security/security.c > index e12a7c463468..a3276deb1b8a 100644 > --- a/security/security.c > +++ b/security/security.c > @@ -344,6 +344,7 @@ static void __init ordered_lsm_init(void) > init_debug("sock blob size = %d\n", blob_sizes.lbs_sock); > init_debug("superblock blob size = %d\n", blob_sizes.lbs_superblock); > init_debug("task blob size = %d\n", blob_sizes.lbs_task); > + init_debug("lsmblob size = %zu\n", sizeof(struct lsmblob)); > > /* > * Create any kmem_caches needed for blobs > @@ -471,21 +472,36 @@ static int lsm_append(const char *new, char **result) > return 0; > } > > +/* > + * Current index to use while initializing the lsmblob secid list. > + */ > +static int lsm_slot __lsm_ro_after_init; > + > /** > * security_add_hooks - Add a modules hooks to the hook lists. > * @hooks: the hooks to add > * @count: the number of hooks to add > - * @lsm: the name of the security module > + * @lsmid: the identification information for the security module > * > * Each LSM has to register its hooks with the infrastructure. > + * If the LSM is using hooks that export secids allocate a slot > + * for it in the lsmblob. > */ > void __init security_add_hooks(struct security_hook_list *hooks, int count, > - char *lsm) > + struct lsm_id *lsmid) > { > int i; > Could you add a WARN_ON(!lsmid->slot || !lsmid->name) here? > + if (lsmid->slot == LSMBLOB_NEEDED) { > + if (lsm_slot >= LSMBLOB_ENTRIES) > + panic("%s Too many LSMs registered.\n", __func__); > + lsmid->slot = lsm_slot++; > + init_debug("%s assigned lsmblob slot %d\n", lsmid->lsm, > + lsmid->slot); > + } > + > for (i = 0; i < count; i++) { > - hooks[i].lsm = lsm; > + hooks[i].lsmid = lsmid; > hlist_add_tail_rcu(&hooks[i].list, hooks[i].head); > } > From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-13.7 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id E8A59C47081 for ; Sun, 23 May 2021 01:54:09 +0000 (UTC) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 227B6611F1 for ; Sun, 23 May 2021 01:54:09 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 227B6611F1 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=digikod.net Authentication-Results: mail.kernel.org; spf=tempfail smtp.mailfrom=linux-audit-bounces@redhat.com Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-190-paO1W6ihMwS7KEwB0jDc3Q-1; Sat, 22 May 2021 21:54:06 -0400 X-MC-Unique: paO1W6ihMwS7KEwB0jDc3Q-1 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id ED570180FD67; Sun, 23 May 2021 01:54:02 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id DB45060DBA; Sun, 23 May 2021 01:54:02 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 6B11D180B463; Sun, 23 May 2021 01:54:00 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 14M8tZUn012673 for ; Sat, 22 May 2021 04:55:36 -0400 Received: by smtp.corp.redhat.com (Postfix) id 44CAF116726; Sat, 22 May 2021 08:55:35 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast06.extmail.prod.ext.rdu2.redhat.com [10.11.55.22]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 3FA38117C32 for ; Sat, 22 May 2021 08:55:29 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-2.mimecast.com [207.211.31.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 971BD1857F1E for ; Sat, 22 May 2021 08:55:29 +0000 (UTC) Received: from smtp-8fae.mail.infomaniak.ch (smtp-8fae.mail.infomaniak.ch [83.166.143.174]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-531-y3kC9D13MHSdUtQpdo5tew-1; Sat, 22 May 2021 04:55:27 -0400 X-MC-Unique: y3kC9D13MHSdUtQpdo5tew-1 Received: from smtp-3-0001.mail.infomaniak.ch (unknown [10.4.36.108]) by smtp-3-3000.mail.infomaniak.ch (Postfix) with ESMTPS id 4FnH0H2rnPzMpwvM; Sat, 22 May 2021 10:37:19 +0200 (CEST) Received: from ns3096276.ip-94-23-54.eu (unknown [23.97.221.149]) by smtp-3-0001.mail.infomaniak.ch (Postfix) with ESMTPA id 4FnH0B6q19zlmrrn; Sat, 22 May 2021 10:37:14 +0200 (CEST) Subject: Re: [PATCH v26 02/25] LSM: Add the lsmblob data structure. To: Casey Schaufler , casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org References: <20210513200807.15910-1-casey@schaufler-ca.com> <20210513200807.15910-3-casey@schaufler-ca.com> From: =?UTF-8?Q?Micka=c3=abl_Sala=c3=bcn?= Message-ID: <206971d6-70c7-e217-299f-1884310afa15@digikod.net> Date: Sat, 22 May 2021 10:39:01 +0200 User-Agent: MIME-Version: 1.0 In-Reply-To: <20210513200807.15910-3-casey@schaufler-ca.com> X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection Definition; Similar Internal Domain=false; Similar Monitored External Domain=false; Custom External Domain=false; Mimecast External Domain=false; Newly Observed Domain=false; Internal User Name=false; Custom Display Name List=false; Reply-to Address Mismatch=false; Targeted Threat Dictionary=false; Mimecast Threat Dictionary=false; Custom Threat Dictionary=false X-Scanned-By: MIMEDefang 2.79 on 10.11.54.5 X-MIME-Autoconverted: from quoted-printable to 8bit by lists01.pubmisc.prod.ext.phx2.redhat.com id 14M8tZUn012673 X-loop: linux-audit@redhat.com X-Mailman-Approved-At: Sat, 22 May 2021 21:53:58 -0400 Cc: john.johansen@canonical.com, linux-kernel@vger.kernel.org, linux-audit@redhat.com, bpf@vger.kernel.org, sds@tycho.nsa.gov X-BeenThere: linux-audit@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Linux Audit Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=linux-audit-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Language: en-US Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 SSBsaWtlIHRoaXMgZGVzaWduIGJ1dCB0aGVyZSBpcyBhbiBpc3N1ZSB3aXRoIExhbmRsb2NrIHRo b3VnaCwgc2VlIGJlbG93LgoKT24gMTMvMDUvMjAyMSAyMjowNywgQ2FzZXkgU2NoYXVmbGVyIHdy b3RlOgo+IFdoZW4gbW9yZSB0aGFuIG9uZSBzZWN1cml0eSBtb2R1bGUgaXMgZXhwb3J0aW5nIGRh dGEgdG8KPiBhdWRpdCBhbmQgbmV0d29ya2luZyBzdWItc3lzdGVtcyBhIHNpbmdsZSAzMiBiaXQg aW50ZWdlcgo+IGlzIG5vIGxvbmdlciBzdWZmaWNpZW50IHRvIHJlcHJlc2VudCB0aGUgZGF0YS4g QWRkIGEKPiBzdHJ1Y3R1cmUgdG8gYmUgdXNlZCBpbnN0ZWFkLgo+IAo+IFRoZSBsc21ibG9iIHN0 cnVjdHVyZSBpcyBjdXJyZW50bHkgYW4gYXJyYXkgb2YKPiB1MzIgInNlY2lkcyIuIFRoZXJlIGlz IGFuIGVudHJ5IGZvciBlYWNoIG9mIHRoZQo+IHNlY3VyaXR5IG1vZHVsZXMgYnVpbHQgaW50byB0 aGUgc3lzdGVtIHRoYXQgd291bGQKPiB1c2Ugc2VjaWRzIGlmIGFjdGl2ZS4gVGhlIHN5c3RlbSBh c3NpZ25zIHRoZSBtb2R1bGUKPiBhICJzbG90IiB3aGVuIGl0IHJlZ2lzdGVycyBob29rcy4gSWYg bW9kdWxlcyBhcmUKPiBjb21waWxlZCBpbiBidXQgbm90IHJlZ2lzdGVyZWQgdGhlcmUgd2lsbCBi ZSB1bnVzZWQKPiBzbG90cy4KPiAKPiBBIG5ldyBsc21faWQgc3RydWN0dXJlLCB3aGljaCBjb250 YWlucyB0aGUgbmFtZQo+IG9mIHRoZSBMU00gYW5kIGl0cyBzbG90IG51bWJlciwgaXMgY3JlYXRl ZC4gVGhlcmUKPiBpcyBhbiBpbnN0YW5jZSBmb3IgZWFjaCBMU00sIHdoaWNoIGFzc2lnbnMgdGhl IG5hbWUKPiBhbmQgcGFzc2VzIGl0IHRvIHRoZSBpbmZyYXN0cnVjdHVyZSB0byBzZXQgdGhlIHNs b3QuCj4gCj4gVGhlIGF1ZGl0IHJ1bGVzIGRhdGEgaXMgZXhwYW5kZWQgdG8gdXNlIGFuIGFycmF5 IG9mCj4gc2VjdXJpdHkgbW9kdWxlIGRhdGEgcmF0aGVyIHRoYW4gYSBzaW5nbGUgaW5zdGFuY2Uu Cj4gQmVjYXVzZSBJTUEgdXNlcyB0aGUgYXVkaXQgcnVsZSBmdW5jdGlvbnMgaXQgaXMKPiBhZmZl Y3RlZCBhcyB3ZWxsLgo+IAo+IEFja2VkLWJ5OiBTdGVwaGVuIFNtYWxsZXkgPHNkc0B0eWNoby5u c2EuZ292Pgo+IEFja2VkLWJ5OiBQYXVsIE1vb3JlIDxwYXVsQHBhdWwtbW9vcmUuY29tPgo+IEFj a2VkLWJ5OiBKb2huIEpvaGFuc2VuIDxqb2huLmpvaGFuc2VuQGNhbm9uaWNhbC5jb20+Cj4gU2ln bmVkLW9mZi1ieTogQ2FzZXkgU2NoYXVmbGVyIDxjYXNleUBzY2hhdWZsZXItY2EuY29tPgo+IENj OiA8YnBmQHZnZXIua2VybmVsLm9yZz4KPiBDYzogbGludXgtYXVkaXRAcmVkaGF0LmNvbQo+IENj OiBsaW51eC1zZWN1cml0eS1tb2R1bGVAdmdlci5rZXJuZWwub3JnCj4gQ2M6IHNlbGludXhAdmdl ci5rZXJuZWwub3JnCj4gVG86IE1pbWkgWm9oYXIgPHpvaGFyQGxpbnV4LmlibS5jb20+Cj4gVG86 IE1pY2thw6tsIFNhbGHDvG4gPG1pY0BsaW51eC5taWNyb3NvZnQuY29tPgo+IC0tLQo+ICBpbmNs dWRlL2xpbnV4L2F1ZGl0LmggICAgICAgICAgICAgICB8ICA0ICstCj4gIGluY2x1ZGUvbGludXgv bHNtX2hvb2tzLmggICAgICAgICAgIHwgMTIgKysrKy0KPiAgaW5jbHVkZS9saW51eC9zZWN1cml0 eS5oICAgICAgICAgICAgfCA2NyArKysrKysrKysrKysrKysrKysrKysrKysrLS0KPiAga2VybmVs L2F1ZGl0ZmlsdGVyLmMgICAgICAgICAgICAgICAgfCAyNCArKysrKy0tLS0tCj4gIGtlcm5lbC9h dWRpdHNjLmMgICAgICAgICAgICAgICAgICAgIHwgMTMgKysrLS0tCj4gIHNlY3VyaXR5L2FwcGFy bW9yL2xzbS5jICAgICAgICAgICAgIHwgIDcgKystCj4gIHNlY3VyaXR5L2JwZi9ob29rcy5jICAg ICAgICAgICAgICAgIHwgMTIgKysrKy0KPiAgc2VjdXJpdHkvY29tbW9uY2FwLmMgICAgICAgICAg ICAgICAgfCAgNyArKy0KPiAgc2VjdXJpdHkvaW50ZWdyaXR5L2ltYS9pbWFfcG9saWN5LmMgfCA0 MCArKysrKysrKysrKy0tLS0tCj4gIHNlY3VyaXR5L2xhbmRsb2NrL2NyZWQuYyAgICAgICAgICAg IHwgIDIgKy0KPiAgc2VjdXJpdHkvbGFuZGxvY2svZnMuYyAgICAgICAgICAgICAgfCAgMiArLQo+ ICBzZWN1cml0eS9sYW5kbG9jay9wdHJhY2UuYyAgICAgICAgICB8ICAyICstCj4gIHNlY3VyaXR5 L2xhbmRsb2NrL3NldHVwLmMgICAgICAgICAgIHwgIDQgKysKPiAgc2VjdXJpdHkvbGFuZGxvY2sv c2V0dXAuaCAgICAgICAgICAgfCAgMSArCj4gIHNlY3VyaXR5L2xvYWRwaW4vbG9hZHBpbi5jICAg ICAgICAgIHwgIDggKysrLQo+ICBzZWN1cml0eS9sb2NrZG93bi9sb2NrZG93bi5jICAgICAgICB8 ICA3ICsrLQo+ICBzZWN1cml0eS9zYWZlc2V0aWQvbHNtLmMgICAgICAgICAgICB8ICA4ICsrKy0K PiAgc2VjdXJpdHkvc2VjdXJpdHkuYyAgICAgICAgICAgICAgICAgfCA3MiArKysrKysrKysrKysr KysrKysrKysrKystLS0tLQo+ICBzZWN1cml0eS9zZWxpbnV4L2hvb2tzLmMgICAgICAgICAgICB8 ICA4ICsrKy0KPiAgc2VjdXJpdHkvc21hY2svc21hY2tfbHNtLmMgICAgICAgICAgfCAgNyArKy0K PiAgc2VjdXJpdHkvdG9tb3lvL3RvbW95by5jICAgICAgICAgICAgfCAgOCArKystCj4gIHNlY3Vy aXR5L3lhbWEveWFtYV9sc20uYyAgICAgICAgICAgIHwgIDcgKystCj4gIDIyIGZpbGVzIGNoYW5n ZWQsIDI2MiBpbnNlcnRpb25zKCspLCA2MCBkZWxldGlvbnMoLSkKPiAKClsuLi5dCgo+IGRpZmYg LS1naXQgYS9zZWN1cml0eS9sYW5kbG9jay9zZXR1cC5jIGIvc2VjdXJpdHkvbGFuZGxvY2svc2V0 dXAuYwo+IGluZGV4IGY4ZThlOTgwNDU0Yy4uNGExMjY2NmE0MDkwIDEwMDY0NAo+IC0tLSBhL3Nl Y3VyaXR5L2xhbmRsb2NrL3NldHVwLmMKPiArKysgYi9zZWN1cml0eS9sYW5kbG9jay9zZXR1cC5j Cj4gQEAgLTIzLDYgKzIzLDEwIEBAIHN0cnVjdCBsc21fYmxvYl9zaXplcyBsYW5kbG9ja19ibG9i X3NpemVzIF9fbHNtX3JvX2FmdGVyX2luaXQgPSB7Cj4gIAkubGJzX3N1cGVyYmxvY2sgPSBzaXpl b2Yoc3RydWN0IGxhbmRsb2NrX3N1cGVyYmxvY2tfc2VjdXJpdHkpLAo+ICB9Owo+ICAKPiArc3Ry dWN0IGxzbV9pZCBsYW5kbG9ja19sc21pZCBfX2xzbV9yb19hZnRlcl9pbml0ID0gewo+ICsJLmxz bSA9IExBTkRMT0NLX05BTUUsCgpJdCBpcyBtaXNzaW5nOiAuc2xvdCA9IExTTUJMT0JfTkVFREVE LAoKWW91IGNhbiBydW4gdGhlIExhbmRsb2NrIHRlc3RzIHBsZWFzZT8KbWFrZSAtQyB0b29scy90 ZXN0aW5nL3NlbGZ0ZXN0cyBUQVJHRVRTPWxhbmRsb2NrIGdlbl90YXIKdGFyIC14ZiBrc2VsZnRl c3QudGFyLmd6ICYmIC4vcnVuX2tzZWxmdGVzdC5zaAoKCj4gK307Cj4gKwo+ICBzdGF0aWMgaW50 IF9faW5pdCBsYW5kbG9ja19pbml0KHZvaWQpCj4gIHsKPiAgCWxhbmRsb2NrX2FkZF9jcmVkX2hv b2tzKCk7CgpbLi4uXQoKPiBkaWZmIC0tZ2l0IGEvc2VjdXJpdHkvc2VjdXJpdHkuYyBiL3NlY3Vy aXR5L3NlY3VyaXR5LmMKPiBpbmRleCBlMTJhN2M0NjM0NjguLmEzMjc2ZGViMWI4YSAxMDA2NDQK PiAtLS0gYS9zZWN1cml0eS9zZWN1cml0eS5jCj4gKysrIGIvc2VjdXJpdHkvc2VjdXJpdHkuYwo+ IEBAIC0zNDQsNiArMzQ0LDcgQEAgc3RhdGljIHZvaWQgX19pbml0IG9yZGVyZWRfbHNtX2luaXQo dm9pZCkKPiAgCWluaXRfZGVidWcoInNvY2sgYmxvYiBzaXplICAgICAgID0gJWRcbiIsIGJsb2Jf c2l6ZXMubGJzX3NvY2spOwo+ICAJaW5pdF9kZWJ1Zygic3VwZXJibG9jayBibG9iIHNpemUgPSAl ZFxuIiwgYmxvYl9zaXplcy5sYnNfc3VwZXJibG9jayk7Cj4gIAlpbml0X2RlYnVnKCJ0YXNrIGJs b2Igc2l6ZSAgICAgICA9ICVkXG4iLCBibG9iX3NpemVzLmxic190YXNrKTsKPiArCWluaXRfZGVi dWcoImxzbWJsb2Igc2l6ZSAgICAgICAgID0gJXp1XG4iLCBzaXplb2Yoc3RydWN0IGxzbWJsb2Ip KTsKPiAgCj4gIAkvKgo+ICAJICogQ3JlYXRlIGFueSBrbWVtX2NhY2hlcyBuZWVkZWQgZm9yIGJs b2JzCj4gQEAgLTQ3MSwyMSArNDcyLDM2IEBAIHN0YXRpYyBpbnQgbHNtX2FwcGVuZChjb25zdCBj aGFyICpuZXcsIGNoYXIgKipyZXN1bHQpCj4gIAlyZXR1cm4gMDsKPiAgfQo+ICAKPiArLyoKPiAr ICogQ3VycmVudCBpbmRleCB0byB1c2Ugd2hpbGUgaW5pdGlhbGl6aW5nIHRoZSBsc21ibG9iIHNl Y2lkIGxpc3QuCj4gKyAqLwo+ICtzdGF0aWMgaW50IGxzbV9zbG90IF9fbHNtX3JvX2FmdGVyX2lu aXQ7Cj4gKwo+ICAvKioKPiAgICogc2VjdXJpdHlfYWRkX2hvb2tzIC0gQWRkIGEgbW9kdWxlcyBo b29rcyB0byB0aGUgaG9vayBsaXN0cy4KPiAgICogQGhvb2tzOiB0aGUgaG9va3MgdG8gYWRkCj4g ICAqIEBjb3VudDogdGhlIG51bWJlciBvZiBob29rcyB0byBhZGQKPiAtICogQGxzbTogdGhlIG5h bWUgb2YgdGhlIHNlY3VyaXR5IG1vZHVsZQo+ICsgKiBAbHNtaWQ6IHRoZSBpZGVudGlmaWNhdGlv biBpbmZvcm1hdGlvbiBmb3IgdGhlIHNlY3VyaXR5IG1vZHVsZQo+ICAgKgo+ICAgKiBFYWNoIExT TSBoYXMgdG8gcmVnaXN0ZXIgaXRzIGhvb2tzIHdpdGggdGhlIGluZnJhc3RydWN0dXJlLgo+ICsg KiBJZiB0aGUgTFNNIGlzIHVzaW5nIGhvb2tzIHRoYXQgZXhwb3J0IHNlY2lkcyBhbGxvY2F0ZSBh IHNsb3QKPiArICogZm9yIGl0IGluIHRoZSBsc21ibG9iLgo+ICAgKi8KPiAgdm9pZCBfX2luaXQg c2VjdXJpdHlfYWRkX2hvb2tzKHN0cnVjdCBzZWN1cml0eV9ob29rX2xpc3QgKmhvb2tzLCBpbnQg Y291bnQsCj4gLQkJCQljaGFyICpsc20pCj4gKwkJCSAgICAgICBzdHJ1Y3QgbHNtX2lkICpsc21p ZCkKPiAgewo+ICAJaW50IGk7Cj4gIAoKQ291bGQgeW91IGFkZCBhIFdBUk5fT04oIWxzbWlkLT5z bG90IHx8ICFsc21pZC0+bmFtZSkgaGVyZT8KCgo+ICsJaWYgKGxzbWlkLT5zbG90ID09IExTTUJM T0JfTkVFREVEKSB7Cj4gKwkJaWYgKGxzbV9zbG90ID49IExTTUJMT0JfRU5UUklFUykKPiArCQkJ cGFuaWMoIiVzIFRvbyBtYW55IExTTXMgcmVnaXN0ZXJlZC5cbiIsIF9fZnVuY19fKTsKPiArCQls c21pZC0+c2xvdCA9IGxzbV9zbG90Kys7Cj4gKwkJaW5pdF9kZWJ1ZygiJXMgYXNzaWduZWQgbHNt YmxvYiBzbG90ICVkXG4iLCBsc21pZC0+bHNtLAo+ICsJCQkgICBsc21pZC0+c2xvdCk7Cj4gKwl9 Cj4gKwo+ICAJZm9yIChpID0gMDsgaSA8IGNvdW50OyBpKyspIHsKPiAtCQlob29rc1tpXS5sc20g PSBsc207Cj4gKwkJaG9va3NbaV0ubHNtaWQgPSBsc21pZDsKPiAgCQlobGlzdF9hZGRfdGFpbF9y Y3UoJmhvb2tzW2ldLmxpc3QsIGhvb2tzW2ldLmhlYWQpOwo+ICAJfQo+ICAKCgotLQpMaW51eC1h dWRpdCBtYWlsaW5nIGxpc3QKTGludXgtYXVkaXRAcmVkaGF0LmNvbQpodHRwczovL2xpc3RtYW4u cmVkaGF0LmNvbS9tYWlsbWFuL2xpc3RpbmZvL2xpbnV4LWF1ZGl0