From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-13.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5E8DDC2B9F7 for ; Wed, 26 May 2021 09:51:02 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 3EE9D61432 for ; Wed, 26 May 2021 09:51:02 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233551AbhEZJw3 (ORCPT ); Wed, 26 May 2021 05:52:29 -0400 Received: from smtp-1909.mail.infomaniak.ch ([185.125.25.9]:56829 "EHLO smtp-1909.mail.infomaniak.ch" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233371AbhEZJw1 (ORCPT ); Wed, 26 May 2021 05:52:27 -0400 Received: from smtp-3-0001.mail.infomaniak.ch (unknown [10.4.36.108]) by smtp-2-3000.mail.infomaniak.ch (Postfix) with ESMTPS id 4FqmRM1fDqzMptYc; Wed, 26 May 2021 11:50:55 +0200 (CEST) Received: from ns3096276.ip-94-23-54.eu (unknown [23.97.221.149]) by smtp-3-0001.mail.infomaniak.ch (Postfix) with ESMTPA id 4FqmRJ05YQzlmrrV; Wed, 26 May 2021 11:50:51 +0200 (CEST) Subject: Re: [PATCH v26 02/25] LSM: Add the lsmblob data structure. To: Casey Schaufler , casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Cc: linux-audit@redhat.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org, bpf@vger.kernel.org References: <20210513200807.15910-1-casey@schaufler-ca.com> <20210513200807.15910-3-casey@schaufler-ca.com> <206971d6-70c7-e217-299f-1884310afa15@digikod.net> <1c3874c1-870a-ac60-03e6-2c16d49e185b@schaufler-ca.com> From: =?UTF-8?Q?Micka=c3=abl_Sala=c3=bcn?= Message-ID: <53108f3e-3297-3d8b-cba9-2b12ca30d666@digikod.net> Date: Wed, 26 May 2021 11:53:00 +0200 User-Agent: MIME-Version: 1.0 In-Reply-To: <1c3874c1-870a-ac60-03e6-2c16d49e185b@schaufler-ca.com> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 26/05/2021 01:52, Casey Schaufler wrote: > On 5/22/2021 1:39 AM, Mickaël Salaün wrote: >> I like this design but there is an issue with Landlock though, see below. >> >> On 13/05/2021 22:07, Casey Schaufler wrote: >>> When more than one security module is exporting data to >>> audit and networking sub-systems a single 32 bit integer >>> is no longer sufficient to represent the data. Add a >>> structure to be used instead. >>> >>> The lsmblob structure is currently an array of >>> u32 "secids". There is an entry for each of the >>> security modules built into the system that would >>> use secids if active. The system assigns the module >>> a "slot" when it registers hooks. If modules are >>> compiled in but not registered there will be unused >>> slots. >>> >>> A new lsm_id structure, which contains the name >>> of the LSM and its slot number, is created. There >>> is an instance for each LSM, which assigns the name >>> and passes it to the infrastructure to set the slot. >>> >>> The audit rules data is expanded to use an array of >>> security module data rather than a single instance. >>> Because IMA uses the audit rule functions it is >>> affected as well. >>> >>> Acked-by: Stephen Smalley >>> Acked-by: Paul Moore >>> Acked-by: John Johansen >>> Signed-off-by: Casey Schaufler >>> Cc: >>> Cc: linux-audit@redhat.com >>> Cc: linux-security-module@vger.kernel.org >>> Cc: selinux@vger.kernel.org >>> To: Mimi Zohar >>> To: Mickaël Salaün >>> --- >>> include/linux/audit.h | 4 +- >>> include/linux/lsm_hooks.h | 12 ++++- >>> include/linux/security.h | 67 +++++++++++++++++++++++++-- >>> kernel/auditfilter.c | 24 +++++----- >>> kernel/auditsc.c | 13 +++--- >>> security/apparmor/lsm.c | 7 ++- >>> security/bpf/hooks.c | 12 ++++- >>> security/commoncap.c | 7 ++- >>> security/integrity/ima/ima_policy.c | 40 +++++++++++----- >>> security/landlock/cred.c | 2 +- >>> security/landlock/fs.c | 2 +- >>> security/landlock/ptrace.c | 2 +- >>> security/landlock/setup.c | 4 ++ >>> security/landlock/setup.h | 1 + >>> security/loadpin/loadpin.c | 8 +++- >>> security/lockdown/lockdown.c | 7 ++- >>> security/safesetid/lsm.c | 8 +++- >>> security/security.c | 72 ++++++++++++++++++++++++----- >>> security/selinux/hooks.c | 8 +++- >>> security/smack/smack_lsm.c | 7 ++- >>> security/tomoyo/tomoyo.c | 8 +++- >>> security/yama/yama_lsm.c | 7 ++- >>> 22 files changed, 262 insertions(+), 60 deletions(-) >>> >> [...] >> >>> diff --git a/security/landlock/setup.c b/security/landlock/setup.c >>> index f8e8e980454c..4a12666a4090 100644 >>> --- a/security/landlock/setup.c >>> +++ b/security/landlock/setup.c >>> @@ -23,6 +23,10 @@ struct lsm_blob_sizes landlock_blob_sizes __lsm_ro_after_init = { >>> .lbs_superblock = sizeof(struct landlock_superblock_security), >>> }; >>> >>> +struct lsm_id landlock_lsmid __lsm_ro_after_init = { >>> + .lsm = LANDLOCK_NAME, >> It is missing: .slot = LSMBLOB_NEEDED, > > Sorry for the delay. > > Landlock does not provide any of the hooks that use a struct lsmblob. > That would be secid_to_secctx, secctx_to_secid, inode_getsecid, > cred_getsecid, kernel_act_as task_getsecid_subj task_getsecid_obj and > ipc_getsecid. Setting .slot = LSMBLOB_NEEDED indicates that the LSM > uses a slot in struct lsmblob. Landlock does not need a slot. Indeed, the (generic) "blob" name misled me. Would it make sense to use a name with "secid" in it instead? Shouldn't the slot field be set to LSMBLOB_NOT_NEEDED (-3) then (instead of the implicit 0)? > >> >> You can run the Landlock tests please? >> make -C tools/testing/selftests TARGETS=landlock gen_tar >> tar -xf kselftest.tar.gz && ./run_kselftest.sh > > Sure. I'll add them to my routine. Thanks. > >> >> >>> +}; >>> + >>> static int __init landlock_init(void) >>> { >>> landlock_add_cred_hooks(); >> [...] >> >>> diff --git a/security/security.c b/security/security.c >>> index e12a7c463468..a3276deb1b8a 100644 >>> --- a/security/security.c >>> +++ b/security/security.c >>> @@ -344,6 +344,7 @@ static void __init ordered_lsm_init(void) >>> init_debug("sock blob size = %d\n", blob_sizes.lbs_sock); >>> init_debug("superblock blob size = %d\n", blob_sizes.lbs_superblock); >>> init_debug("task blob size = %d\n", blob_sizes.lbs_task); >>> + init_debug("lsmblob size = %zu\n", sizeof(struct lsmblob)); >>> >>> /* >>> * Create any kmem_caches needed for blobs >>> @@ -471,21 +472,36 @@ static int lsm_append(const char *new, char **result) >>> return 0; >>> } >>> >>> +/* >>> + * Current index to use while initializing the lsmblob secid list. >>> + */ >>> +static int lsm_slot __lsm_ro_after_init; >>> + >>> /** >>> * security_add_hooks - Add a modules hooks to the hook lists. >>> * @hooks: the hooks to add >>> * @count: the number of hooks to add >>> - * @lsm: the name of the security module >>> + * @lsmid: the identification information for the security module >>> * >>> * Each LSM has to register its hooks with the infrastructure. >>> + * If the LSM is using hooks that export secids allocate a slot >>> + * for it in the lsmblob. >>> */ >>> void __init security_add_hooks(struct security_hook_list *hooks, int count, >>> - char *lsm) >>> + struct lsm_id *lsmid) >>> { >>> int i; >>> >> Could you add a WARN_ON(!lsmid->slot || !lsmid->name) here? > > Yes. That's reasonable. I guess my above comment makes sense if lsmid->slot should not be zero but LSMBLOB_NOT_NEEDED instead, otherwise the Landlock lsmid would throw a warning. > >> >> >>> + if (lsmid->slot == LSMBLOB_NEEDED) { >>> + if (lsm_slot >= LSMBLOB_ENTRIES) >>> + panic("%s Too many LSMs registered.\n", __func__); >>> + lsmid->slot = lsm_slot++; >>> + init_debug("%s assigned lsmblob slot %d\n", lsmid->lsm, >>> + lsmid->slot); >>> + } >>> + >>> for (i = 0; i < count; i++) { >>> - hooks[i].lsm = lsm; >>> + hooks[i].lsmid = lsmid; >>> hlist_add_tail_rcu(&hooks[i].list, hooks[i].head); >>> } >>> > From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-13.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 637ECC47088 for ; Wed, 26 May 2021 13:54:18 +0000 (UTC) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 8E538611C9 for ; Wed, 26 May 2021 13:54:17 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 8E538611C9 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=digikod.net Authentication-Results: mail.kernel.org; spf=tempfail smtp.mailfrom=linux-audit-bounces@redhat.com Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-120-OKnFFitLOc2zts28mWe-ew-1; Wed, 26 May 2021 09:54:15 -0400 X-MC-Unique: OKnFFitLOc2zts28mWe-ew-1 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id E9885107ACCD; Wed, 26 May 2021 13:54:11 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id B840A5D9D3; Wed, 26 May 2021 13:54:11 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 39128180B463; Wed, 26 May 2021 13:54:11 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 14Q9p316029490 for ; Wed, 26 May 2021 05:51:03 -0400 Received: by smtp.corp.redhat.com (Postfix) id EB96610F1CC8; Wed, 26 May 2021 09:51:02 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast05.extmail.prod.ext.rdu2.redhat.com [10.11.55.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id E76A51000DB4 for ; Wed, 26 May 2021 09:51:00 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [207.211.31.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 118448339A4 for ; Wed, 26 May 2021 09:51:00 +0000 (UTC) Received: from smtp-8faf.mail.infomaniak.ch (smtp-8faf.mail.infomaniak.ch [83.166.143.175]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-597-FzuX5OsfMlaINpZCAkvzIg-1; Wed, 26 May 2021 05:50:57 -0400 X-MC-Unique: FzuX5OsfMlaINpZCAkvzIg-1 Received: from smtp-3-0001.mail.infomaniak.ch (unknown [10.4.36.108]) by smtp-2-3000.mail.infomaniak.ch (Postfix) with ESMTPS id 4FqmRM1fDqzMptYc; Wed, 26 May 2021 11:50:55 +0200 (CEST) Received: from ns3096276.ip-94-23-54.eu (unknown [23.97.221.149]) by smtp-3-0001.mail.infomaniak.ch (Postfix) with ESMTPA id 4FqmRJ05YQzlmrrV; Wed, 26 May 2021 11:50:51 +0200 (CEST) Subject: Re: [PATCH v26 02/25] LSM: Add the lsmblob data structure. To: Casey Schaufler , casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org References: <20210513200807.15910-1-casey@schaufler-ca.com> <20210513200807.15910-3-casey@schaufler-ca.com> <206971d6-70c7-e217-299f-1884310afa15@digikod.net> <1c3874c1-870a-ac60-03e6-2c16d49e185b@schaufler-ca.com> From: =?UTF-8?Q?Micka=c3=abl_Sala=c3=bcn?= Message-ID: <53108f3e-3297-3d8b-cba9-2b12ca30d666@digikod.net> Date: Wed, 26 May 2021 11:53:00 +0200 User-Agent: MIME-Version: 1.0 In-Reply-To: <1c3874c1-870a-ac60-03e6-2c16d49e185b@schaufler-ca.com> X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection Definition; Similar Internal Domain=false; Similar Monitored External Domain=false; Custom External Domain=false; Mimecast External Domain=false; Newly Observed Domain=false; Internal User Name=false; Custom Display Name List=false; Reply-to Address Mismatch=false; Targeted Threat Dictionary=false; Mimecast Threat Dictionary=false; Custom Threat Dictionary=false X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3 X-MIME-Autoconverted: from quoted-printable to 8bit by lists01.pubmisc.prod.ext.phx2.redhat.com id 14Q9p316029490 X-loop: linux-audit@redhat.com X-Mailman-Approved-At: Wed, 26 May 2021 09:54:00 -0400 Cc: john.johansen@canonical.com, linux-kernel@vger.kernel.org, linux-audit@redhat.com, bpf@vger.kernel.org, sds@tycho.nsa.gov X-BeenThere: linux-audit@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Linux Audit Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=linux-audit-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Language: en-US Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Ck9uIDI2LzA1LzIwMjEgMDE6NTIsIENhc2V5IFNjaGF1ZmxlciB3cm90ZToKPiBPbiA1LzIyLzIw MjEgMTozOSBBTSwgTWlja2HDq2wgU2FsYcO8biB3cm90ZToKPj4gSSBsaWtlIHRoaXMgZGVzaWdu IGJ1dCB0aGVyZSBpcyBhbiBpc3N1ZSB3aXRoIExhbmRsb2NrIHRob3VnaCwgc2VlIGJlbG93Lgo+ Pgo+PiBPbiAxMy8wNS8yMDIxIDIyOjA3LCBDYXNleSBTY2hhdWZsZXIgd3JvdGU6Cj4+PiBXaGVu IG1vcmUgdGhhbiBvbmUgc2VjdXJpdHkgbW9kdWxlIGlzIGV4cG9ydGluZyBkYXRhIHRvCj4+PiBh dWRpdCBhbmQgbmV0d29ya2luZyBzdWItc3lzdGVtcyBhIHNpbmdsZSAzMiBiaXQgaW50ZWdlcgo+ Pj4gaXMgbm8gbG9uZ2VyIHN1ZmZpY2llbnQgdG8gcmVwcmVzZW50IHRoZSBkYXRhLiBBZGQgYQo+ Pj4gc3RydWN0dXJlIHRvIGJlIHVzZWQgaW5zdGVhZC4KPj4+Cj4+PiBUaGUgbHNtYmxvYiBzdHJ1 Y3R1cmUgaXMgY3VycmVudGx5IGFuIGFycmF5IG9mCj4+PiB1MzIgInNlY2lkcyIuIFRoZXJlIGlz IGFuIGVudHJ5IGZvciBlYWNoIG9mIHRoZQo+Pj4gc2VjdXJpdHkgbW9kdWxlcyBidWlsdCBpbnRv IHRoZSBzeXN0ZW0gdGhhdCB3b3VsZAo+Pj4gdXNlIHNlY2lkcyBpZiBhY3RpdmUuIFRoZSBzeXN0 ZW0gYXNzaWducyB0aGUgbW9kdWxlCj4+PiBhICJzbG90IiB3aGVuIGl0IHJlZ2lzdGVycyBob29r cy4gSWYgbW9kdWxlcyBhcmUKPj4+IGNvbXBpbGVkIGluIGJ1dCBub3QgcmVnaXN0ZXJlZCB0aGVy ZSB3aWxsIGJlIHVudXNlZAo+Pj4gc2xvdHMuCj4+Pgo+Pj4gQSBuZXcgbHNtX2lkIHN0cnVjdHVy ZSwgd2hpY2ggY29udGFpbnMgdGhlIG5hbWUKPj4+IG9mIHRoZSBMU00gYW5kIGl0cyBzbG90IG51 bWJlciwgaXMgY3JlYXRlZC4gVGhlcmUKPj4+IGlzIGFuIGluc3RhbmNlIGZvciBlYWNoIExTTSwg d2hpY2ggYXNzaWducyB0aGUgbmFtZQo+Pj4gYW5kIHBhc3NlcyBpdCB0byB0aGUgaW5mcmFzdHJ1 Y3R1cmUgdG8gc2V0IHRoZSBzbG90Lgo+Pj4KPj4+IFRoZSBhdWRpdCBydWxlcyBkYXRhIGlzIGV4 cGFuZGVkIHRvIHVzZSBhbiBhcnJheSBvZgo+Pj4gc2VjdXJpdHkgbW9kdWxlIGRhdGEgcmF0aGVy IHRoYW4gYSBzaW5nbGUgaW5zdGFuY2UuCj4+PiBCZWNhdXNlIElNQSB1c2VzIHRoZSBhdWRpdCBy dWxlIGZ1bmN0aW9ucyBpdCBpcwo+Pj4gYWZmZWN0ZWQgYXMgd2VsbC4KPj4+Cj4+PiBBY2tlZC1i eTogU3RlcGhlbiBTbWFsbGV5IDxzZHNAdHljaG8ubnNhLmdvdj4KPj4+IEFja2VkLWJ5OiBQYXVs IE1vb3JlIDxwYXVsQHBhdWwtbW9vcmUuY29tPgo+Pj4gQWNrZWQtYnk6IEpvaG4gSm9oYW5zZW4g PGpvaG4uam9oYW5zZW5AY2Fub25pY2FsLmNvbT4KPj4+IFNpZ25lZC1vZmYtYnk6IENhc2V5IFNj aGF1ZmxlciA8Y2FzZXlAc2NoYXVmbGVyLWNhLmNvbT4KPj4+IENjOiA8YnBmQHZnZXIua2VybmVs Lm9yZz4KPj4+IENjOiBsaW51eC1hdWRpdEByZWRoYXQuY29tCj4+PiBDYzogbGludXgtc2VjdXJp dHktbW9kdWxlQHZnZXIua2VybmVsLm9yZwo+Pj4gQ2M6IHNlbGludXhAdmdlci5rZXJuZWwub3Jn Cj4+PiBUbzogTWltaSBab2hhciA8em9oYXJAbGludXguaWJtLmNvbT4KPj4+IFRvOiBNaWNrYcOr bCBTYWxhw7xuIDxtaWNAbGludXgubWljcm9zb2Z0LmNvbT4KPj4+IC0tLQo+Pj4gIGluY2x1ZGUv bGludXgvYXVkaXQuaCAgICAgICAgICAgICAgIHwgIDQgKy0KPj4+ICBpbmNsdWRlL2xpbnV4L2xz bV9ob29rcy5oICAgICAgICAgICB8IDEyICsrKystCj4+PiAgaW5jbHVkZS9saW51eC9zZWN1cml0 eS5oICAgICAgICAgICAgfCA2NyArKysrKysrKysrKysrKysrKysrKysrKysrLS0KPj4+ICBrZXJu ZWwvYXVkaXRmaWx0ZXIuYyAgICAgICAgICAgICAgICB8IDI0ICsrKysrLS0tLS0KPj4+ICBrZXJu ZWwvYXVkaXRzYy5jICAgICAgICAgICAgICAgICAgICB8IDEzICsrKy0tLQo+Pj4gIHNlY3VyaXR5 L2FwcGFybW9yL2xzbS5jICAgICAgICAgICAgIHwgIDcgKystCj4+PiAgc2VjdXJpdHkvYnBmL2hv b2tzLmMgICAgICAgICAgICAgICAgfCAxMiArKysrLQo+Pj4gIHNlY3VyaXR5L2NvbW1vbmNhcC5j ICAgICAgICAgICAgICAgIHwgIDcgKystCj4+PiAgc2VjdXJpdHkvaW50ZWdyaXR5L2ltYS9pbWFf cG9saWN5LmMgfCA0MCArKysrKysrKysrKy0tLS0tCj4+PiAgc2VjdXJpdHkvbGFuZGxvY2svY3Jl ZC5jICAgICAgICAgICAgfCAgMiArLQo+Pj4gIHNlY3VyaXR5L2xhbmRsb2NrL2ZzLmMgICAgICAg ICAgICAgIHwgIDIgKy0KPj4+ICBzZWN1cml0eS9sYW5kbG9jay9wdHJhY2UuYyAgICAgICAgICB8 ICAyICstCj4+PiAgc2VjdXJpdHkvbGFuZGxvY2svc2V0dXAuYyAgICAgICAgICAgfCAgNCArKwo+ Pj4gIHNlY3VyaXR5L2xhbmRsb2NrL3NldHVwLmggICAgICAgICAgIHwgIDEgKwo+Pj4gIHNlY3Vy aXR5L2xvYWRwaW4vbG9hZHBpbi5jICAgICAgICAgIHwgIDggKysrLQo+Pj4gIHNlY3VyaXR5L2xv Y2tkb3duL2xvY2tkb3duLmMgICAgICAgIHwgIDcgKystCj4+PiAgc2VjdXJpdHkvc2FmZXNldGlk L2xzbS5jICAgICAgICAgICAgfCAgOCArKystCj4+PiAgc2VjdXJpdHkvc2VjdXJpdHkuYyAgICAg ICAgICAgICAgICAgfCA3MiArKysrKysrKysrKysrKysrKysrKysrKystLS0tLQo+Pj4gIHNlY3Vy aXR5L3NlbGludXgvaG9va3MuYyAgICAgICAgICAgIHwgIDggKysrLQo+Pj4gIHNlY3VyaXR5L3Nt YWNrL3NtYWNrX2xzbS5jICAgICAgICAgIHwgIDcgKystCj4+PiAgc2VjdXJpdHkvdG9tb3lvL3Rv bW95by5jICAgICAgICAgICAgfCAgOCArKystCj4+PiAgc2VjdXJpdHkveWFtYS95YW1hX2xzbS5j ICAgICAgICAgICAgfCAgNyArKy0KPj4+ICAyMiBmaWxlcyBjaGFuZ2VkLCAyNjIgaW5zZXJ0aW9u cygrKSwgNjAgZGVsZXRpb25zKC0pCj4+Pgo+PiBbLi4uXQo+Pgo+Pj4gZGlmZiAtLWdpdCBhL3Nl Y3VyaXR5L2xhbmRsb2NrL3NldHVwLmMgYi9zZWN1cml0eS9sYW5kbG9jay9zZXR1cC5jCj4+PiBp bmRleCBmOGU4ZTk4MDQ1NGMuLjRhMTI2NjZhNDA5MCAxMDA2NDQKPj4+IC0tLSBhL3NlY3VyaXR5 L2xhbmRsb2NrL3NldHVwLmMKPj4+ICsrKyBiL3NlY3VyaXR5L2xhbmRsb2NrL3NldHVwLmMKPj4+ IEBAIC0yMyw2ICsyMywxMCBAQCBzdHJ1Y3QgbHNtX2Jsb2Jfc2l6ZXMgbGFuZGxvY2tfYmxvYl9z aXplcyBfX2xzbV9yb19hZnRlcl9pbml0ID0gewo+Pj4gIAkubGJzX3N1cGVyYmxvY2sgPSBzaXpl b2Yoc3RydWN0IGxhbmRsb2NrX3N1cGVyYmxvY2tfc2VjdXJpdHkpLAo+Pj4gIH07Cj4+PiAgCj4+ PiArc3RydWN0IGxzbV9pZCBsYW5kbG9ja19sc21pZCBfX2xzbV9yb19hZnRlcl9pbml0ID0gewo+ Pj4gKwkubHNtID0gTEFORExPQ0tfTkFNRSwKPj4gSXQgaXMgbWlzc2luZzogLnNsb3QgPSBMU01C TE9CX05FRURFRCwKPiAKPiBTb3JyeSBmb3IgdGhlIGRlbGF5Lgo+IAo+IExhbmRsb2NrIGRvZXMg bm90IHByb3ZpZGUgYW55IG9mIHRoZSBob29rcyB0aGF0IHVzZSBhIHN0cnVjdCBsc21ibG9iLgo+ IFRoYXQgd291bGQgYmUgc2VjaWRfdG9fc2VjY3R4LCBzZWNjdHhfdG9fc2VjaWQsIGlub2RlX2dl dHNlY2lkLAo+IGNyZWRfZ2V0c2VjaWQsIGtlcm5lbF9hY3RfYXMgdGFza19nZXRzZWNpZF9zdWJq IHRhc2tfZ2V0c2VjaWRfb2JqIGFuZAo+IGlwY19nZXRzZWNpZC4gU2V0dGluZyAuc2xvdCA9IExT TUJMT0JfTkVFREVEIGluZGljYXRlcyB0aGF0IHRoZSBMU00KPiB1c2VzIGEgc2xvdCBpbiBzdHJ1 Y3QgbHNtYmxvYi4gTGFuZGxvY2sgZG9lcyBub3QgbmVlZCBhIHNsb3QuCgpJbmRlZWQsIHRoZSAo Z2VuZXJpYykgImJsb2IiIG5hbWUgbWlzbGVkIG1lLiBXb3VsZCBpdCBtYWtlIHNlbnNlIHRvIHVz ZQphIG5hbWUgd2l0aCAic2VjaWQiIGluIGl0IGluc3RlYWQ/CgpTaG91bGRuJ3QgdGhlIHNsb3Qg ZmllbGQgYmUgc2V0IHRvIExTTUJMT0JfTk9UX05FRURFRCAoLTMpIHRoZW4gKGluc3RlYWQKb2Yg dGhlIGltcGxpY2l0IDApPwoKPiAKPj4KPj4gWW91IGNhbiBydW4gdGhlIExhbmRsb2NrIHRlc3Rz IHBsZWFzZT8KPj4gbWFrZSAtQyB0b29scy90ZXN0aW5nL3NlbGZ0ZXN0cyBUQVJHRVRTPWxhbmRs b2NrIGdlbl90YXIKPj4gdGFyIC14ZiBrc2VsZnRlc3QudGFyLmd6ICYmIC4vcnVuX2tzZWxmdGVz dC5zaAo+IAo+IFN1cmUuIEknbGwgYWRkIHRoZW0gdG8gbXkgcm91dGluZS4KClRoYW5rcy4KCj4g Cj4+Cj4+Cj4+PiArfTsKPj4+ICsKPj4+ICBzdGF0aWMgaW50IF9faW5pdCBsYW5kbG9ja19pbml0 KHZvaWQpCj4+PiAgewo+Pj4gIAlsYW5kbG9ja19hZGRfY3JlZF9ob29rcygpOwo+PiBbLi4uXQo+ Pgo+Pj4gZGlmZiAtLWdpdCBhL3NlY3VyaXR5L3NlY3VyaXR5LmMgYi9zZWN1cml0eS9zZWN1cml0 eS5jCj4+PiBpbmRleCBlMTJhN2M0NjM0NjguLmEzMjc2ZGViMWI4YSAxMDA2NDQKPj4+IC0tLSBh L3NlY3VyaXR5L3NlY3VyaXR5LmMKPj4+ICsrKyBiL3NlY3VyaXR5L3NlY3VyaXR5LmMKPj4+IEBA IC0zNDQsNiArMzQ0LDcgQEAgc3RhdGljIHZvaWQgX19pbml0IG9yZGVyZWRfbHNtX2luaXQodm9p ZCkKPj4+ICAJaW5pdF9kZWJ1Zygic29jayBibG9iIHNpemUgICAgICAgPSAlZFxuIiwgYmxvYl9z aXplcy5sYnNfc29jayk7Cj4+PiAgCWluaXRfZGVidWcoInN1cGVyYmxvY2sgYmxvYiBzaXplID0g JWRcbiIsIGJsb2Jfc2l6ZXMubGJzX3N1cGVyYmxvY2spOwo+Pj4gIAlpbml0X2RlYnVnKCJ0YXNr IGJsb2Igc2l6ZSAgICAgICA9ICVkXG4iLCBibG9iX3NpemVzLmxic190YXNrKTsKPj4+ICsJaW5p dF9kZWJ1ZygibHNtYmxvYiBzaXplICAgICAgICAgPSAlenVcbiIsIHNpemVvZihzdHJ1Y3QgbHNt YmxvYikpOwo+Pj4gIAo+Pj4gIAkvKgo+Pj4gIAkgKiBDcmVhdGUgYW55IGttZW1fY2FjaGVzIG5l ZWRlZCBmb3IgYmxvYnMKPj4+IEBAIC00NzEsMjEgKzQ3MiwzNiBAQCBzdGF0aWMgaW50IGxzbV9h cHBlbmQoY29uc3QgY2hhciAqbmV3LCBjaGFyICoqcmVzdWx0KQo+Pj4gIAlyZXR1cm4gMDsKPj4+ ICB9Cj4+PiAgCj4+PiArLyoKPj4+ICsgKiBDdXJyZW50IGluZGV4IHRvIHVzZSB3aGlsZSBpbml0 aWFsaXppbmcgdGhlIGxzbWJsb2Igc2VjaWQgbGlzdC4KPj4+ICsgKi8KPj4+ICtzdGF0aWMgaW50 IGxzbV9zbG90IF9fbHNtX3JvX2FmdGVyX2luaXQ7Cj4+PiArCj4+PiAgLyoqCj4+PiAgICogc2Vj dXJpdHlfYWRkX2hvb2tzIC0gQWRkIGEgbW9kdWxlcyBob29rcyB0byB0aGUgaG9vayBsaXN0cy4K Pj4+ICAgKiBAaG9va3M6IHRoZSBob29rcyB0byBhZGQKPj4+ICAgKiBAY291bnQ6IHRoZSBudW1i ZXIgb2YgaG9va3MgdG8gYWRkCj4+PiAtICogQGxzbTogdGhlIG5hbWUgb2YgdGhlIHNlY3VyaXR5 IG1vZHVsZQo+Pj4gKyAqIEBsc21pZDogdGhlIGlkZW50aWZpY2F0aW9uIGluZm9ybWF0aW9uIGZv ciB0aGUgc2VjdXJpdHkgbW9kdWxlCj4+PiAgICoKPj4+ICAgKiBFYWNoIExTTSBoYXMgdG8gcmVn aXN0ZXIgaXRzIGhvb2tzIHdpdGggdGhlIGluZnJhc3RydWN0dXJlLgo+Pj4gKyAqIElmIHRoZSBM U00gaXMgdXNpbmcgaG9va3MgdGhhdCBleHBvcnQgc2VjaWRzIGFsbG9jYXRlIGEgc2xvdAo+Pj4g KyAqIGZvciBpdCBpbiB0aGUgbHNtYmxvYi4KPj4+ICAgKi8KPj4+ICB2b2lkIF9faW5pdCBzZWN1 cml0eV9hZGRfaG9va3Moc3RydWN0IHNlY3VyaXR5X2hvb2tfbGlzdCAqaG9va3MsIGludCBjb3Vu dCwKPj4+IC0JCQkJY2hhciAqbHNtKQo+Pj4gKwkJCSAgICAgICBzdHJ1Y3QgbHNtX2lkICpsc21p ZCkKPj4+ICB7Cj4+PiAgCWludCBpOwo+Pj4gIAo+PiBDb3VsZCB5b3UgYWRkIGEgV0FSTl9PTigh bHNtaWQtPnNsb3QgfHwgIWxzbWlkLT5uYW1lKSBoZXJlPwo+IAo+IFllcy4gVGhhdCdzIHJlYXNv bmFibGUuCgpJIGd1ZXNzIG15IGFib3ZlIGNvbW1lbnQgbWFrZXMgc2Vuc2UgaWYgbHNtaWQtPnNs b3Qgc2hvdWxkIG5vdCBiZSB6ZXJvCmJ1dCBMU01CTE9CX05PVF9ORUVERUQgaW5zdGVhZCwgb3Ro ZXJ3aXNlIHRoZSBMYW5kbG9jayBsc21pZCB3b3VsZCB0aHJvdwphIHdhcm5pbmcuCgo+IAo+Pgo+ Pgo+Pj4gKwlpZiAobHNtaWQtPnNsb3QgPT0gTFNNQkxPQl9ORUVERUQpIHsKPj4+ICsJCWlmIChs c21fc2xvdCA+PSBMU01CTE9CX0VOVFJJRVMpCj4+PiArCQkJcGFuaWMoIiVzIFRvbyBtYW55IExT TXMgcmVnaXN0ZXJlZC5cbiIsIF9fZnVuY19fKTsKPj4+ICsJCWxzbWlkLT5zbG90ID0gbHNtX3Ns b3QrKzsKPj4+ICsJCWluaXRfZGVidWcoIiVzIGFzc2lnbmVkIGxzbWJsb2Igc2xvdCAlZFxuIiwg bHNtaWQtPmxzbSwKPj4+ICsJCQkgICBsc21pZC0+c2xvdCk7Cj4+PiArCX0KPj4+ICsKPj4+ICAJ Zm9yIChpID0gMDsgaSA8IGNvdW50OyBpKyspIHsKPj4+IC0JCWhvb2tzW2ldLmxzbSA9IGxzbTsK Pj4+ICsJCWhvb2tzW2ldLmxzbWlkID0gbHNtaWQ7Cj4+PiAgCQlobGlzdF9hZGRfdGFpbF9yY3Uo Jmhvb2tzW2ldLmxpc3QsIGhvb2tzW2ldLmhlYWQpOwo+Pj4gIAl9Cj4+PiAgCj4gCgoKLS0KTGlu dXgtYXVkaXQgbWFpbGluZyBsaXN0CkxpbnV4LWF1ZGl0QHJlZGhhdC5jb20KaHR0cHM6Ly9saXN0 bWFuLnJlZGhhdC5jb20vbWFpbG1hbi9saXN0aW5mby9saW51eC1hdWRpdA==