From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-wr1-f53.google.com (mail-wr1-f53.google.com [209.85.221.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 098501DA53 for ; Wed, 13 Dec 2023 08:28:54 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="bWxF1WJ2" Received: by mail-wr1-f53.google.com with SMTP id ffacd0b85a97d-336166b8143so3942877f8f.3 for ; Wed, 13 Dec 2023 00:28:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1702456133; x=1703060933; darn=lists.linux.dev; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=Hr0EkM0AW4NJjEhu011HxfMqaEPMpfdcZOlpEJK/FFw=; b=bWxF1WJ21nikJzvJRRInvP8Lv5TS0txNfxZCZZv14LZ7vvOCVaSICNxqsQvA2rCfm4 iJfLdXJ6GBJxrntGgt205UeMZSA7n1gLEer6K+DrLlgDBei0eun9zHbuxDDKfrCe8xpU YPqGoGSlrWmE5ondR+P2iNT1WdqN+7LMF6tbUd1TZ3Azxmiw3foNicUsXwQ/W+ibQ2zz l09S8z2Iv5ahPIVYHG8mDp2zMwrczV8jCmnBRq4seKrkLTr9m53HGgyDvhx/x+0AMYE5 yed53BaE6cV6hvgZqbaq63Y1cqABtlkirSRfq9diM8G9hzdElH23U+tmjcORr2rLxiTp Herg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1702456133; x=1703060933; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Hr0EkM0AW4NJjEhu011HxfMqaEPMpfdcZOlpEJK/FFw=; b=AufaFAP3DboQ4wI7DRkheu5R3/Mvw38+uZiIkej4vgguEfM0/1176hBqKguXyv34vb 92KjwXNNtP2MYQSMMsh9gSuOTZ5n2zEL7Hv6V9rAVNP6PF72+G8RyvTYEORcthZ/h9df B1GZ6qoVTFbdc/1CrM0+eWPMupQg+qvVzp8kq/bZ2dDDAa8op3ojOxcG4cMYi/Lb0LwN PvncBFrCqjJ4BBGI7ezBtbxsiyfWeHPW5DTxSxTHquCSOObbkIV4jduqGBzQp5RrtGjI warxDuCeEGppMSXudu9gx0Fd002TGIrWCUmCL7nd8oFX9c9wsPOQIZB8dwz6VNIsftsg fB6w== X-Gm-Message-State: AOJu0YxvGCz71uO4kHr4HdajyB42BO4m0uUN6KmfrNrg0QCiWwd8ann5 JnngNH5RJ3tcxg9TLatFpg16QvrLZgSAQdrG3CI= X-Google-Smtp-Source: AGHT+IF6OU7e61gRhfLt8Ut2SGsCwbw2KIL2DFOd3md2kYPMnnta9DMW0C41gamy9EzjlgT+crWKmWy9dzyoihsdnUM= X-Received: by 2002:adf:ebc2:0:b0:333:1bd5:b825 with SMTP id v2-20020adfebc2000000b003331bd5b825mr3616512wrn.69.1702456132974; Wed, 13 Dec 2023 00:28:52 -0800 (PST) Precedence: bulk X-Mailing-List: llvm@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 References: <20221219061758.23321-1-ashimida.1990@gmail.com> In-Reply-To: <20221219061758.23321-1-ashimida.1990@gmail.com> From: Dan Li Date: Wed, 13 Dec 2023 16:28:41 +0800 Message-ID: Subject: Re: [RFC/RFT] CFI: Add support for gcc CFI in aarch64 To: Masahiro Yamada , Michal Marek , Nick Desaulniers , Catalin Marinas , Will Deacon , Sami Tolvanen , Kees Cook , Nathan Chancellor , Tom Rix , Peter Zijlstra , "Paul E. McKenney" , Mark Rutland , Josh Poimboeuf , Frederic Weisbecker , "Eric W. Biederman" , Dan Li , Marco Elver , Christophe Leroy , Song Liu , Andrew Morton , Uros Bizjak , Kumar Kartikeya Dwivedi , Juergen Gross , Luis Chamberlain , Borislav Petkov , Masami Hiramatsu , Dmitry Torokhov , Aaron Tomlin , Kalesh Singh , Yuntao Wang , Changbin Du , wanglikun@lixiang.com Cc: linux-kbuild@vger.kernel.org, linux-kernel@vger.kernel.org, linux-arm-kernel@lists.infradead.org, llvm@lists.linux.dev Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi all, I am happy to introduce to you that I have contacted a colleague Likun Wang= , who is willing to continue completing this patch. This patch has been delayed for a long time. I hope that gcc will support this feature in the near future. Thanks. Dan. On Mon, 19 Dec 2022 at 14:18, Dan Li wrote: > > Based on Sami's patch[1], this patch makes the corresponding kernel > configuration of CFI available when compiling the kernel with the gcc[2]. > > The code after enabling cfi is as follows: > > int (*p)(void); > int func (int) > { > p(); > } > > __cfi_func: > .4byte 0x439d3502 > func: > ...... > adrp x0, p > add x0, x0, :lo12:p > mov w1, 23592 > movk w1, 0x4601, lsl 16 > cmp w0, w1 > beq .L2 > ...... > bl cfi_check_failed > .L2: > blr x19 > ret > > In the compiler part[4], there are some differences from Sami's > implementation[3], mainly including: > > 1. When a typeid mismatch is detected, the cfi_check_failed function > will be called instead of the brk instruction. This function needs > to be implemented by the compiler user. > If there are user mode programs or other systems that want to use > this feature, it may be more convenient to use a callback (so this > compilation option is set to -fsanitize=3Dcfi instead of kcfi). > > 2. A reserved typeid (such as 0x0U on the aarch64 platform) is always > inserted in front of functions that should not be called indirectly. > Functions that can be called indirectly will not use this hash value, > which prevents instructions/data before the function from being used > as a typeid by an attacker. > > 3. Some bits are ignored in the typeid to avoid conflicts between the > typeid and the instruction set of a specific platform, thereby > preventing an attacker from bypassing the CFI check by using the > instruction as a typeid, such as on the aarch64 platform: > * If the following instruction sequence exists: > 400620: a9be7bfd stp x29, x30, [sp, #-32]! > 400624: 910003fd mov x29, sp > 400628: f9000bf3 str x19, [sp, #16] > * If the expected typeid of the indirect call is exactly 0x910003fd, > the attacker can jump to the next instruction position of any > "mov x29,sp" instruction (such as 0x400628 here). > > 4. Insert a symbol __cfi_ before each function's typeid, > which may be helpful for fine-grained KASLR implementations (or not?). > > 5. The current implementation of gcc only supports the aarch64 platform. > > This produces the following oops on CFI failure (generated using lkdtm): > > /kselftest_install/lkdtm # ./CFI_FORWARD_PROTO.sh > [ 74.856516] lkdtm: Performing direct entry CFI_FORWARD_PROTO > [ 74.856878] lkdtm: Calling matched prototype ... > [ 74.857011] lkdtm: Calling mismatched prototype ... > [ 74.857133] CFI failure at lkdtm_indirect_call+0x30/0x50 (target: lkdt= m_increment_int+0x0/0x1c; expected type: 0xc59c68f1) > [ 74.858185] Kernel panic - not syncing: Oops - CFI > [ 74.859240] CPU: 0 PID: 129 Comm: cat Not tainted 6.0.0-rc4-00024-g32b= f7f14f497-dirty #150 > [ 74.859481] Hardware name: linux,dummy-virt (DT) > [ 74.859795] Call trace: > [ 74.859959] dump_backtrace.part.0+0xcc/0xe0 > [ 74.860212] show_stack+0x18/0x5c > [ 74.860327] dump_stack_lvl+0x64/0x84 > [ 74.860398] dump_stack+0x18/0x38 > [ 74.860443] panic+0x170/0x36c > [ 74.860496] cfi_check_failed+0x38/0x44 > [ 74.860564] lkdtm_indirect_call+0x30/0x50 > [ 74.860614] lkdtm_CFI_FORWARD_PROTO+0x3c/0x6c > [ 74.860701] lkdtm_do_action+0x44/0x58 > [ 74.860764] direct_entry+0x148/0x160 > [ 74.860814] full_proxy_write+0x74/0xe0 > [ 74.860874] vfs_write+0xd8/0x2d0 > [ 74.860942] ksys_write+0x70/0x110 > [ 74.861000] __arm64_sys_write+0x1c/0x30 > [ 74.861067] invoke_syscall+0x5c/0x140 > [ 74.861117] el0_svc_common.constprop.0+0x44/0xf0 > [ 74.861190] do_el0_svc+0x2c/0xc0 > [ 74.861233] el0_svc+0x20/0x60 > [ 74.861287] el0t_64_sync_handler+0xf4/0x124 > [ 74.861340] el0t_64_sync+0x160/0x164 > [ 74.861782] SMP: stopping secondary CPUs > [ 74.862336] Kernel Offset: disabled > [ 74.862439] CPU features: 0x0000,00075024,699418af > [ 74.862799] Memory Limit: none > [ 74.863373] ---[ end Kernel panic - not syncing: Oops - CFI ]--- > > The gcc-related patches[4] are based on tag: releases/gcc-12.2.0. > > Any suggestion please let me know :). > > Thanks, Dan. > > [1] https://lore.kernel.org/all/20220908215504.3686827-1-samitolvanen@goo= gle.com/ > [2] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D107048 > [3] https://reviews.llvm.org/D119296 > [4] https://lore.kernel.org/linux-hardening/20221219055431.22596-1-ashimi= da.1990@gmail.com/ > > Signed-off-by: Dan Li > --- > Makefile | 6 ++++++ > arch/Kconfig | 24 +++++++++++++++++++++++- > arch/arm64/Kconfig | 1 + > include/linux/cfi_types.h | 15 +++++++++++---- > include/linux/compiler-gcc.h | 4 ++++ > kernel/Makefile | 1 + > kernel/cfi.c | 23 +++++++++++++++++++++++ > scripts/kallsyms.c | 4 +++- > 8 files changed, 72 insertions(+), 6 deletions(-) > > diff --git a/Makefile b/Makefile > index 43e08c9f95e9..7c74dac57aa4 100644 > --- a/Makefile > +++ b/Makefile > @@ -926,6 +926,12 @@ KBUILD_CFLAGS +=3D $(CC_FLAGS_CFI) > export CC_FLAGS_CFI > endif > > +ifdef CONFIG_CFI_GCC > +CC_FLAGS_CFI :=3D -fsanitize=3Dcfi > +KBUILD_CFLAGS +=3D $(CC_FLAGS_CFI) > +export CC_FLAGS_CFI > +endif > + > ifdef CONFIG_DEBUG_FORCE_FUNCTION_ALIGN_64B > KBUILD_CFLAGS +=3D -falign-functions=3D64 > endif > diff --git a/arch/Kconfig b/arch/Kconfig > index 1c1eca0c0019..8b43a9fd3b54 100644 > --- a/arch/Kconfig > +++ b/arch/Kconfig > @@ -756,9 +756,31 @@ config CFI_CLANG > > https://clang.llvm.org/docs/ControlFlowIntegrity.html > > +config ARCH_SUPPORTS_CFI_GCC > + bool > + help > + An architecture should select this option if it can support GCC= 's > + Control-Flow Integrity (CFI) checking. > + > +config CFI_GCC > + bool "Use GCC's Control Flow Integrity (CFI)" > + depends on ARCH_SUPPORTS_CFI_GCC > + depends on $(cc-option,-fsanitize=3Dcfi) > + help > + This option enables GCC=E2=80=99s forward-edge Control Flow Int= egrity > + (CFI) checking, where the compiler injects a runtime check to e= ach > + indirect function call to ensure the target is a valid function= with > + the correct static type. This restricts possible call targets a= nd > + makes it more difficult for an attacker to exploit bugs that al= low > + the modification of stored function pointers. More information = can be > + found from the compiler's documentation: > + > + - Clang: https://clang.llvm.org/docs/ControlFlowIntegrity.html > + - GCC: https://gcc.gnu.org/onlinedocs/gcc/Instrumentation-Optio= ns.html#Instrumentation-Options > + > config CFI_PERMISSIVE > bool "Use CFI in permissive mode" > - depends on CFI_CLANG > + depends on CFI_CLANG || CFI_GCC > help > When selected, Control Flow Integrity (CFI) violations result i= n a > warning instead of a kernel panic. This option should only be u= sed > diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig > index 9fb9fff08c94..60fdfb01cecb 100644 > --- a/arch/arm64/Kconfig > +++ b/arch/arm64/Kconfig > @@ -89,6 +89,7 @@ config ARM64 > select ARCH_SUPPORTS_LTO_CLANG if CPU_LITTLE_ENDIAN > select ARCH_SUPPORTS_LTO_CLANG_THIN > select ARCH_SUPPORTS_CFI_CLANG > + select ARCH_SUPPORTS_CFI_GCC > select ARCH_SUPPORTS_ATOMIC_RMW > select ARCH_SUPPORTS_INT128 if CC_HAS_INT128 > select ARCH_SUPPORTS_NUMA_BALANCING > diff --git a/include/linux/cfi_types.h b/include/linux/cfi_types.h > index 6b8713675765..1c3b7ea6a79f 100644 > --- a/include/linux/cfi_types.h > +++ b/include/linux/cfi_types.h > @@ -8,18 +8,25 @@ > #ifdef __ASSEMBLY__ > #include > > -#ifdef CONFIG_CFI_CLANG > +#if defined(CONFIG_CFI_CLANG) || defined(CONFIG_CFI_GCC) > /* > - * Use the __kcfi_typeid_ type identifier symbol to > + * Use the __[k]cfi_typeid_ type identifier symbol to > * annotate indirectly called assembly functions. The compiler emits > * these symbols for all address-taken function declarations in C > * code. > */ > #ifndef __CFI_TYPE > + > +#ifdef CONFIG_CFI_GCC > +#define __CFI_TYPE(name) \ > + .4byte __cfi_typeid_##name > +#else > #define __CFI_TYPE(name) \ > .4byte __kcfi_typeid_##name > #endif > > +#endif > + > #define SYM_TYPED_ENTRY(name, linkage, align...) \ > linkage(name) ASM_NL \ > align ASM_NL \ > @@ -29,12 +36,12 @@ > #define SYM_TYPED_START(name, linkage, align...) \ > SYM_TYPED_ENTRY(name, linkage, align) > > -#else /* CONFIG_CFI_CLANG */ > +#else /* defined(CONFIG_CFI_CLANG) || defined(CONFIG_CFI_GCC) */ > > #define SYM_TYPED_START(name, linkage, align...) \ > SYM_START(name, linkage, align) > > -#endif /* CONFIG_CFI_CLANG */ > +#endif /* defined(CONFIG_CFI_CLANG) || defined(CONFIG_CFI_GCC) */ > > #ifndef SYM_TYPED_FUNC_START > #define SYM_TYPED_FUNC_START(name) \ > diff --git a/include/linux/compiler-gcc.h b/include/linux/compiler-gcc.h > index 9b157b71036f..aec1ce327b1a 100644 > --- a/include/linux/compiler-gcc.h > +++ b/include/linux/compiler-gcc.h > @@ -82,6 +82,10 @@ > #define __noscs __attribute__((__no_sanitize__("shadow-call-stack"))) > #endif > > +#ifdef CONFIG_CFI_GCC > +#define __nocfi __attribute__((no_sanitize("cfi"))) > +#endif > + > #if __has_attribute(__no_sanitize_address__) > #define __no_sanitize_address __attribute__((no_sanitize_address)) > #else > diff --git a/kernel/Makefile b/kernel/Makefile > index 318789c728d3..923d3e060852 100644 > --- a/kernel/Makefile > +++ b/kernel/Makefile > @@ -114,6 +114,7 @@ obj-$(CONFIG_SHADOW_CALL_STACK) +=3D scs.o > obj-$(CONFIG_HAVE_STATIC_CALL) +=3D static_call.o > obj-$(CONFIG_HAVE_STATIC_CALL_INLINE) +=3D static_call_inline.o > obj-$(CONFIG_CFI_CLANG) +=3D cfi.o > +obj-$(CONFIG_CFI_GCC) +=3D cfi.o > > obj-$(CONFIG_PERF_EVENTS) +=3D events/ > > diff --git a/kernel/cfi.c b/kernel/cfi.c > index 08caad776717..9bff35736756 100644 > --- a/kernel/cfi.c > +++ b/kernel/cfi.c > @@ -25,6 +25,7 @@ enum bug_trap_type report_cfi_failure(struct pt_regs *r= egs, unsigned long addr, > return BUG_TRAP_TYPE_BUG; > } > > +#ifdef CONFIG_CFI_CLANG > #ifdef CONFIG_ARCH_USES_CFI_TRAPS > static inline unsigned long trap_address(s32 *p) > { > @@ -99,3 +100,25 @@ bool is_cfi_trap(unsigned long addr) > return is_module_cfi_trap(addr); > } > #endif /* CONFIG_ARCH_USES_CFI_TRAPS */ > +#endif /* CONFIG_CFI_CLANG */ > + > + > +#ifdef CONFIG_CFI_GCC > +void cfi_check_failed(u32 caller_hash, u32 callee_hash, void *callee_add= r) > +{ > + unsigned long pc, target; > + > + pc =3D (unsigned long)__builtin_return_address(0); > + target =3D (unsigned long)callee_addr; > + > + switch (report_cfi_failure(NULL, pc, &target, caller_hash)) { > + case BUG_TRAP_TYPE_WARN: > + break; > + > + default: > + panic("Oops - CFI"); > + } > +} > +EXPORT_SYMBOL(cfi_check_failed); > + > +#endif /* CONFIG_CFI_GCC */ > diff --git a/scripts/kallsyms.c b/scripts/kallsyms.c > index ccdf0c897f31..ed8db513b918 100644 > --- a/scripts/kallsyms.c > +++ b/scripts/kallsyms.c > @@ -119,7 +119,9 @@ static bool is_ignored_symbol(const char *name, char = type) > "__ThumbV7PILongThunk_", > "__LA25Thunk_", /* mips lld */ > "__microLA25Thunk_", > - "__kcfi_typeid_", /* CFI type identifiers */ > + "__kcfi_typeid_", /* CFI type identifiers in Clang = */ > + "__cfi_", /* CFI type identifiers in GCC */ > + "__pi___cfi", /* CFI type identifiers in GCC */ > NULL > }; > > -- > 2.17.1 > From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id B18B4C4332F for ; Wed, 13 Dec 2023 08:29:43 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:Cc:To:Subject:Message-ID:Date:From: In-Reply-To:References:MIME-Version:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=YG2X5m+tAJ4oxYbxzGDNQKFbgSwnVh/Tr/PtV6iuY7M=; b=aGfIhOxz1yw1Wf Hk6hzZVve4RHzPsL1MMISBiq0feNL2Px58aiuWBJXrFJfZ0frZIbkllIEt1LHA3uU5deodjJMi8bb 33w8zbOWhdGwj8Sr8nM6EHkixuvkRFpwqvlxXG16sMRMJfnWWuEygKKBCrit9b98WO0gEbcGtwCUH axFAIkL8h8BUWPmosSgZYSvAEZoPzkUi1Z7eivuEOfwnbXmWIxKLXE9nyirVU/6EqFudTSuiQFew4 kO6TxOk7gJZLFkJi0JORUkFFmY5hQSJdCQ7P9rMRIT9TXss6FwNzUQItMHbFylm8NSJsq7PuptAs4 NpfkSpt/I0L/pZKi4gnA==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.96 #2 (Red Hat Linux)) id 1rDKcB-00E1go-1j; Wed, 13 Dec 2023 08:29:11 +0000 Received: from mail-wr1-x42f.google.com ([2a00:1450:4864:20::42f]) by bombadil.infradead.org with esmtps (Exim 4.96 #2 (Red Hat Linux)) id 1rDKc7-00E1aM-1o for linux-arm-kernel@lists.infradead.org; Wed, 13 Dec 2023 08:29:10 +0000 Received: by mail-wr1-x42f.google.com with SMTP id ffacd0b85a97d-3363aa2bbfbso308145f8f.0 for ; Wed, 13 Dec 2023 00:28:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1702456133; x=1703060933; darn=lists.infradead.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=Hr0EkM0AW4NJjEhu011HxfMqaEPMpfdcZOlpEJK/FFw=; b=WMjRe3utqLF/ScA9LTZ3O1ojnDaT1aIdop6mbhszkVOgbWqv5B5Oxx/OpbmedvtNZz 0p/AOGDIKvDOyBkr3LKKK7ltCPycg3WemcHFqd3dx1zhERx/LpUEbtWYhOf3QJq5ZDHI 7lXZ8rVWFLpweJefHUduwrZ+0nJj3Bue/A9VJEM+TPNoaJSxxyfgGVwndIWDn3vjj2uR lp1q8jLYfmbPUivqaohrabaGtSVQR6NXkJy+UXa/WsAYnbBbU27aF9sqsjzx2+ZWudPK 1d7MJqnVvIi0KsJ0b+Muuc+ZijT1U3M3GllUITOO+TulDnHp+tvD1GlQtrMRExFVwDxa 01gw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1702456133; x=1703060933; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Hr0EkM0AW4NJjEhu011HxfMqaEPMpfdcZOlpEJK/FFw=; b=Z1q/FTm06f+0U9fgfM3oUrP158ieu7dyd3u6ZnOimuw0P37jZe3QvKuEZUqazLB9Xy peLFVzc2+gZzW7qr5unrL5guYdZvihEOnH/ALYgXfnj4ImA6r/D2OjDH2Ctyz6pdKOnI emTTBPWHdilN8s+cxrWtmvUxl8Lmhx0+q4EMZ3CIzo26kY5bEEhqcKzjeNlt9eSoBtza ytJXJDjNl2Mmy79SFxY+rOyG5ro7GKBpvKT64Flljw22D9//Ci06pN74vkXw8x69DnYL T7tcxMR0F02BUe16Hhq1YZI7ziUONA5IBKfMhj+jvEz/fPGVhmfICEkeCYjGbKPR0wAS vvbw== X-Gm-Message-State: AOJu0Yy1XheBoVz71XKu7nHrNzg2ISxfgBC4ew34WOaA3PiuDZQvJxVV UCl28SiKxZJHjsvRcwzMbFTMTtlDScUcXdjaREs= X-Google-Smtp-Source: AGHT+IF6OU7e61gRhfLt8Ut2SGsCwbw2KIL2DFOd3md2kYPMnnta9DMW0C41gamy9EzjlgT+crWKmWy9dzyoihsdnUM= X-Received: by 2002:adf:ebc2:0:b0:333:1bd5:b825 with SMTP id v2-20020adfebc2000000b003331bd5b825mr3616512wrn.69.1702456132974; Wed, 13 Dec 2023 00:28:52 -0800 (PST) MIME-Version: 1.0 References: <20221219061758.23321-1-ashimida.1990@gmail.com> In-Reply-To: <20221219061758.23321-1-ashimida.1990@gmail.com> From: Dan Li Date: Wed, 13 Dec 2023 16:28:41 +0800 Message-ID: Subject: Re: [RFC/RFT] CFI: Add support for gcc CFI in aarch64 To: Masahiro Yamada , Michal Marek , Nick Desaulniers , Catalin Marinas , Will Deacon , Sami Tolvanen , Kees Cook , Nathan Chancellor , Tom Rix , Peter Zijlstra , "Paul E. McKenney" , Mark Rutland , Josh Poimboeuf , Frederic Weisbecker , "Eric W. Biederman" , Dan Li , Marco Elver , Christophe Leroy , Song Liu , Andrew Morton , Uros Bizjak , Kumar Kartikeya Dwivedi , Juergen Gross , Luis Chamberlain , Borislav Petkov , Masami Hiramatsu , Dmitry Torokhov , Aaron Tomlin , Kalesh Singh , Yuntao Wang , Changbin Du , wanglikun@lixiang.com Cc: linux-kbuild@vger.kernel.org, linux-kernel@vger.kernel.org, linux-arm-kernel@lists.infradead.org, llvm@lists.linux.dev X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20231213_002907_634158_83D10F8B X-CRM114-Status: GOOD ( 47.44 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org SGkgYWxsLAoKSSBhbSBoYXBweSB0byBpbnRyb2R1Y2UgdG8geW91IHRoYXQgSSBoYXZlIGNvbnRh Y3RlZCBhIGNvbGxlYWd1ZSBMaWt1biBXYW5nLCB3aG8KIGlzIHdpbGxpbmcgdG8gY29udGludWUg Y29tcGxldGluZyB0aGlzIHBhdGNoLgpUaGlzIHBhdGNoIGhhcyBiZWVuIGRlbGF5ZWQgZm9yIGEg bG9uZyB0aW1lLiBJIGhvcGUgdGhhdCBnY2Mgd2lsbApzdXBwb3J0IHRoaXMgZmVhdHVyZQppbiB0 aGUgbmVhciBmdXR1cmUuCgpUaGFua3MuCkRhbi4KCk9uIE1vbiwgMTkgRGVjIDIwMjIgYXQgMTQ6 MTgsIERhbiBMaSA8YXNoaW1pZGEuMTk5MEBnbWFpbC5jb20+IHdyb3RlOgo+Cj4gQmFzZWQgb24g U2FtaSdzIHBhdGNoWzFdLCB0aGlzIHBhdGNoIG1ha2VzIHRoZSBjb3JyZXNwb25kaW5nIGtlcm5l bAo+IGNvbmZpZ3VyYXRpb24gb2YgQ0ZJIGF2YWlsYWJsZSB3aGVuIGNvbXBpbGluZyB0aGUga2Vy bmVsIHdpdGggdGhlIGdjY1syXS4KPgo+IFRoZSBjb2RlIGFmdGVyIGVuYWJsaW5nIGNmaSBpcyBh cyBmb2xsb3dzOgo+Cj4gaW50ICgqcCkodm9pZCk7Cj4gaW50IGZ1bmMgKGludCkKPiB7Cj4gICAg ICAgICBwKCk7Cj4gfQo+Cj4gX19jZmlfZnVuYzoKPiAgICAgICAgIC40Ynl0ZSAweDQzOWQzNTAy Cj4gZnVuYzoKPiAgICAgICAgIC4uLi4uLgo+ICAgICAgICAgYWRycCAgICB4MCwgcAo+ICAgICAg ICAgYWRkICAgICB4MCwgeDAsIDpsbzEyOnAKPiAgICAgICAgIG1vdiAgICAgdzEsIDIzNTkyCj4g ICAgICAgICBtb3ZrICAgIHcxLCAweDQ2MDEsIGxzbCAxNgo+ICAgICAgICAgY21wICAgICB3MCwg dzEKPiAgICAgICAgIGJlcSAgICAgLkwyCj4gICAgICAgICAuLi4uLi4KPiAgICAgICAgIGJsICAg ICAgY2ZpX2NoZWNrX2ZhaWxlZAo+IC5MMjoKPiAgICAgICAgIGJsciAgICAgeDE5Cj4gICAgICAg ICByZXQKPgo+IEluIHRoZSBjb21waWxlciBwYXJ0WzRdLCB0aGVyZSBhcmUgc29tZSBkaWZmZXJl bmNlcyBmcm9tIFNhbWkncwo+IGltcGxlbWVudGF0aW9uWzNdLCBtYWlubHkgaW5jbHVkaW5nOgo+ Cj4gMS4gV2hlbiBhIHR5cGVpZCBtaXNtYXRjaCBpcyBkZXRlY3RlZCwgdGhlIGNmaV9jaGVja19m YWlsZWQgZnVuY3Rpb24KPiAgICB3aWxsIGJlIGNhbGxlZCBpbnN0ZWFkIG9mIHRoZSBicmsgaW5z dHJ1Y3Rpb24uIFRoaXMgZnVuY3Rpb24gbmVlZHMKPiAgICB0byBiZSBpbXBsZW1lbnRlZCBieSB0 aGUgY29tcGlsZXIgdXNlci4KPiAgICBJZiB0aGVyZSBhcmUgdXNlciBtb2RlIHByb2dyYW1zIG9y IG90aGVyIHN5c3RlbXMgdGhhdCB3YW50IHRvIHVzZQo+ICAgIHRoaXMgZmVhdHVyZSwgaXQgbWF5 IGJlIG1vcmUgY29udmVuaWVudCB0byB1c2UgYSBjYWxsYmFjayAoc28gdGhpcwo+ICAgIGNvbXBp bGF0aW9uIG9wdGlvbiBpcyBzZXQgdG8gLWZzYW5pdGl6ZT1jZmkgaW5zdGVhZCBvZiBrY2ZpKS4K Pgo+IDIuIEEgcmVzZXJ2ZWQgdHlwZWlkIChzdWNoIGFzIDB4MFUgb24gdGhlIGFhcmNoNjQgcGxh dGZvcm0pIGlzIGFsd2F5cwo+ICAgIGluc2VydGVkIGluIGZyb250IG9mIGZ1bmN0aW9ucyB0aGF0 IHNob3VsZCBub3QgYmUgY2FsbGVkIGluZGlyZWN0bHkuCj4gICAgRnVuY3Rpb25zIHRoYXQgY2Fu IGJlIGNhbGxlZCBpbmRpcmVjdGx5IHdpbGwgbm90IHVzZSB0aGlzIGhhc2ggdmFsdWUsCj4gICAg d2hpY2ggcHJldmVudHMgaW5zdHJ1Y3Rpb25zL2RhdGEgYmVmb3JlIHRoZSBmdW5jdGlvbiBmcm9t IGJlaW5nIHVzZWQKPiAgICBhcyBhIHR5cGVpZCBieSBhbiBhdHRhY2tlci4KPgo+IDMuIFNvbWUg Yml0cyBhcmUgaWdub3JlZCBpbiB0aGUgdHlwZWlkIHRvIGF2b2lkIGNvbmZsaWN0cyBiZXR3ZWVu IHRoZQo+ICAgIHR5cGVpZCBhbmQgdGhlIGluc3RydWN0aW9uIHNldCBvZiBhIHNwZWNpZmljIHBs YXRmb3JtLCB0aGVyZWJ5Cj4gICAgcHJldmVudGluZyBhbiBhdHRhY2tlciBmcm9tIGJ5cGFzc2lu ZyB0aGUgQ0ZJIGNoZWNrIGJ5IHVzaW5nIHRoZQo+ICAgIGluc3RydWN0aW9uIGFzIGEgdHlwZWlk LCBzdWNoIGFzIG9uIHRoZSBhYXJjaDY0IHBsYXRmb3JtOgo+ICAgICogSWYgdGhlIGZvbGxvd2lu ZyBpbnN0cnVjdGlvbiBzZXF1ZW5jZSBleGlzdHM6Cj4gICAgICAgICAgIDQwMDYyMDogICAgICAg YTliZTdiZmQgICAgICAgIHN0cCAgICAgeDI5LCB4MzAsIFtzcCwgIy0zMl0hCj4gICAgICAgICAg IDQwMDYyNDogICAgICAgOTEwMDAzZmQgICAgICAgIG1vdiAgICAgeDI5LCBzcAo+ICAgICAgICAg ICA0MDA2Mjg6ICAgICAgIGY5MDAwYmYzICAgICAgICBzdHIgICAgIHgxOSwgW3NwLCAjMTZdCj4g ICAgKiBJZiB0aGUgZXhwZWN0ZWQgdHlwZWlkIG9mIHRoZSBpbmRpcmVjdCBjYWxsIGlzIGV4YWN0 bHkgMHg5MTAwMDNmZCwKPiAgICAgIHRoZSBhdHRhY2tlciBjYW4ganVtcCB0byB0aGUgbmV4dCBp bnN0cnVjdGlvbiBwb3NpdGlvbiBvZiBhbnkKPiAgICAgICJtb3YgeDI5LHNwIiBpbnN0cnVjdGlv biAoc3VjaCBhcyAweDQwMDYyOCBoZXJlKS4KPgo+IDQuIEluc2VydCBhIHN5bWJvbCBfX2NmaV88 ZnVuY3Rpb24+IGJlZm9yZSBlYWNoIGZ1bmN0aW9uJ3MgdHlwZWlkLAo+ICAgIHdoaWNoIG1heSBi ZSBoZWxwZnVsIGZvciBmaW5lLWdyYWluZWQgS0FTTFIgaW1wbGVtZW50YXRpb25zIChvciBub3Q/ KS4KPgo+IDUuIFRoZSBjdXJyZW50IGltcGxlbWVudGF0aW9uIG9mIGdjYyBvbmx5IHN1cHBvcnRz IHRoZSBhYXJjaDY0IHBsYXRmb3JtLgo+Cj4gVGhpcyBwcm9kdWNlcyB0aGUgZm9sbG93aW5nIG9v cHMgb24gQ0ZJIGZhaWx1cmUgKGdlbmVyYXRlZCB1c2luZyBsa2R0bSk6Cj4KPiAva3NlbGZ0ZXN0 X2luc3RhbGwvbGtkdG0gIyAuL0NGSV9GT1JXQVJEX1BST1RPLnNoCj4gWyAgIDc0Ljg1NjUxNl0g bGtkdG06IFBlcmZvcm1pbmcgZGlyZWN0IGVudHJ5IENGSV9GT1JXQVJEX1BST1RPCj4gWyAgIDc0 Ljg1Njg3OF0gbGtkdG06IENhbGxpbmcgbWF0Y2hlZCBwcm90b3R5cGUgLi4uCj4gWyAgIDc0Ljg1 NzAxMV0gbGtkdG06IENhbGxpbmcgbWlzbWF0Y2hlZCBwcm90b3R5cGUgLi4uCj4gWyAgIDc0Ljg1 NzEzM10gQ0ZJIGZhaWx1cmUgYXQgbGtkdG1faW5kaXJlY3RfY2FsbCsweDMwLzB4NTAgKHRhcmdl dDogbGtkdG1faW5jcmVtZW50X2ludCsweDAvMHgxYzsgZXhwZWN0ZWQgdHlwZTogMHhjNTljNjhm MSkKPiBbICAgNzQuODU4MTg1XSBLZXJuZWwgcGFuaWMgLSBub3Qgc3luY2luZzogT29wcyAtIENG SQo+IFsgICA3NC44NTkyNDBdIENQVTogMCBQSUQ6IDEyOSBDb21tOiBjYXQgTm90IHRhaW50ZWQg Ni4wLjAtcmM0LTAwMDI0LWczMmJmN2YxNGY0OTctZGlydHkgIzE1MAo+IFsgICA3NC44NTk0ODFd IEhhcmR3YXJlIG5hbWU6IGxpbnV4LGR1bW15LXZpcnQgKERUKQo+IFsgICA3NC44NTk3OTVdIENh bGwgdHJhY2U6Cj4gWyAgIDc0Ljg1OTk1OV0gIGR1bXBfYmFja3RyYWNlLnBhcnQuMCsweGNjLzB4 ZTAKPiBbICAgNzQuODYwMjEyXSAgc2hvd19zdGFjaysweDE4LzB4NWMKPiBbICAgNzQuODYwMzI3 XSAgZHVtcF9zdGFja19sdmwrMHg2NC8weDg0Cj4gWyAgIDc0Ljg2MDM5OF0gIGR1bXBfc3RhY2sr MHgxOC8weDM4Cj4gWyAgIDc0Ljg2MDQ0M10gIHBhbmljKzB4MTcwLzB4MzZjCj4gWyAgIDc0Ljg2 MDQ5Nl0gIGNmaV9jaGVja19mYWlsZWQrMHgzOC8weDQ0Cj4gWyAgIDc0Ljg2MDU2NF0gIGxrZHRt X2luZGlyZWN0X2NhbGwrMHgzMC8weDUwCj4gWyAgIDc0Ljg2MDYxNF0gIGxrZHRtX0NGSV9GT1JX QVJEX1BST1RPKzB4M2MvMHg2Ywo+IFsgICA3NC44NjA3MDFdICBsa2R0bV9kb19hY3Rpb24rMHg0 NC8weDU4Cj4gWyAgIDc0Ljg2MDc2NF0gIGRpcmVjdF9lbnRyeSsweDE0OC8weDE2MAo+IFsgICA3 NC44NjA4MTRdICBmdWxsX3Byb3h5X3dyaXRlKzB4NzQvMHhlMAo+IFsgICA3NC44NjA4NzRdICB2 ZnNfd3JpdGUrMHhkOC8weDJkMAo+IFsgICA3NC44NjA5NDJdICBrc3lzX3dyaXRlKzB4NzAvMHgx MTAKPiBbICAgNzQuODYxMDAwXSAgX19hcm02NF9zeXNfd3JpdGUrMHgxYy8weDMwCj4gWyAgIDc0 Ljg2MTA2N10gIGludm9rZV9zeXNjYWxsKzB4NWMvMHgxNDAKPiBbICAgNzQuODYxMTE3XSAgZWww X3N2Y19jb21tb24uY29uc3Rwcm9wLjArMHg0NC8weGYwCj4gWyAgIDc0Ljg2MTE5MF0gIGRvX2Vs MF9zdmMrMHgyYy8weGMwCj4gWyAgIDc0Ljg2MTIzM10gIGVsMF9zdmMrMHgyMC8weDYwCj4gWyAg IDc0Ljg2MTI4N10gIGVsMHRfNjRfc3luY19oYW5kbGVyKzB4ZjQvMHgxMjQKPiBbICAgNzQuODYx MzQwXSAgZWwwdF82NF9zeW5jKzB4MTYwLzB4MTY0Cj4gWyAgIDc0Ljg2MTc4Ml0gU01QOiBzdG9w cGluZyBzZWNvbmRhcnkgQ1BVcwo+IFsgICA3NC44NjIzMzZdIEtlcm5lbCBPZmZzZXQ6IGRpc2Fi bGVkCj4gWyAgIDc0Ljg2MjQzOV0gQ1BVIGZlYXR1cmVzOiAweDAwMDAsMDAwNzUwMjQsNjk5NDE4 YWYKPiBbICAgNzQuODYyNzk5XSBNZW1vcnkgTGltaXQ6IG5vbmUKPiBbICAgNzQuODYzMzczXSAt LS1bIGVuZCBLZXJuZWwgcGFuaWMgLSBub3Qgc3luY2luZzogT29wcyAtIENGSSBdLS0tCj4KPiBU aGUgZ2NjLXJlbGF0ZWQgcGF0Y2hlc1s0XSBhcmUgYmFzZWQgb24gdGFnOiByZWxlYXNlcy9nY2Mt MTIuMi4wLgo+Cj4gQW55IHN1Z2dlc3Rpb24gcGxlYXNlIGxldCBtZSBrbm93IDopLgo+Cj4gVGhh bmtzLCBEYW4uCj4KPiBbMV0gaHR0cHM6Ly9sb3JlLmtlcm5lbC5vcmcvYWxsLzIwMjIwOTA4MjE1 NTA0LjM2ODY4MjctMS1zYW1pdG9sdmFuZW5AZ29vZ2xlLmNvbS8KPiBbMl0gaHR0cHM6Ly9nY2Mu Z251Lm9yZy9idWd6aWxsYS9zaG93X2J1Zy5jZ2k/aWQ9MTA3MDQ4Cj4gWzNdIGh0dHBzOi8vcmV2 aWV3cy5sbHZtLm9yZy9EMTE5Mjk2Cj4gWzRdIGh0dHBzOi8vbG9yZS5rZXJuZWwub3JnL2xpbnV4 LWhhcmRlbmluZy8yMDIyMTIxOTA1NTQzMS4yMjU5Ni0xLWFzaGltaWRhLjE5OTBAZ21haWwuY29t Lwo+Cj4gU2lnbmVkLW9mZi1ieTogRGFuIExpIDxhc2hpbWlkYS4xOTkwQGdtYWlsLmNvbT4KPiAt LS0KPiAgTWFrZWZpbGUgICAgICAgICAgICAgICAgICAgICB8ICA2ICsrKysrKwo+ICBhcmNoL0tj b25maWcgICAgICAgICAgICAgICAgIHwgMjQgKysrKysrKysrKysrKysrKysrKysrKystCj4gIGFy Y2gvYXJtNjQvS2NvbmZpZyAgICAgICAgICAgfCAgMSArCj4gIGluY2x1ZGUvbGludXgvY2ZpX3R5 cGVzLmggICAgfCAxNSArKysrKysrKysrKy0tLS0KPiAgaW5jbHVkZS9saW51eC9jb21waWxlci1n Y2MuaCB8ICA0ICsrKysKPiAga2VybmVsL01ha2VmaWxlICAgICAgICAgICAgICB8ICAxICsKPiAg a2VybmVsL2NmaS5jICAgICAgICAgICAgICAgICB8IDIzICsrKysrKysrKysrKysrKysrKysrKysr Cj4gIHNjcmlwdHMva2FsbHN5bXMuYyAgICAgICAgICAgfCAgNCArKystCj4gIDggZmlsZXMgY2hh bmdlZCwgNzIgaW5zZXJ0aW9ucygrKSwgNiBkZWxldGlvbnMoLSkKPgo+IGRpZmYgLS1naXQgYS9N YWtlZmlsZSBiL01ha2VmaWxlCj4gaW5kZXggNDNlMDhjOWY5NWU5Li43Yzc0ZGFjNTdhYTQgMTAw NjQ0Cj4gLS0tIGEvTWFrZWZpbGUKPiArKysgYi9NYWtlZmlsZQo+IEBAIC05MjYsNiArOTI2LDEy IEBAIEtCVUlMRF9DRkxBR1MgICAgICArPSAkKENDX0ZMQUdTX0NGSSkKPiAgZXhwb3J0IENDX0ZM QUdTX0NGSQo+ICBlbmRpZgo+Cj4gK2lmZGVmIENPTkZJR19DRklfR0NDCj4gK0NDX0ZMQUdTX0NG SSAgIDo9IC1mc2FuaXRpemU9Y2ZpCj4gK0tCVUlMRF9DRkxBR1MgICs9ICQoQ0NfRkxBR1NfQ0ZJ KQo+ICtleHBvcnQgQ0NfRkxBR1NfQ0ZJCj4gK2VuZGlmCj4gKwo+ICBpZmRlZiBDT05GSUdfREVC VUdfRk9SQ0VfRlVOQ1RJT05fQUxJR05fNjRCCj4gIEtCVUlMRF9DRkxBR1MgKz0gLWZhbGlnbi1m dW5jdGlvbnM9NjQKPiAgZW5kaWYKPiBkaWZmIC0tZ2l0IGEvYXJjaC9LY29uZmlnIGIvYXJjaC9L Y29uZmlnCj4gaW5kZXggMWMxZWNhMGMwMDE5Li44YjQzYTlmZDNiNTQgMTAwNjQ0Cj4gLS0tIGEv YXJjaC9LY29uZmlnCj4gKysrIGIvYXJjaC9LY29uZmlnCj4gQEAgLTc1Niw5ICs3NTYsMzEgQEAg Y29uZmlnIENGSV9DTEFORwo+Cj4gICAgICAgICAgICAgaHR0cHM6Ly9jbGFuZy5sbHZtLm9yZy9k b2NzL0NvbnRyb2xGbG93SW50ZWdyaXR5Lmh0bWwKPgo+ICtjb25maWcgQVJDSF9TVVBQT1JUU19D RklfR0NDCj4gKyAgICAgICBib29sCj4gKyAgICAgICBoZWxwCj4gKyAgICAgICAgIEFuIGFyY2hp dGVjdHVyZSBzaG91bGQgc2VsZWN0IHRoaXMgb3B0aW9uIGlmIGl0IGNhbiBzdXBwb3J0IEdDQydz Cj4gKyAgICAgICAgIENvbnRyb2wtRmxvdyBJbnRlZ3JpdHkgKENGSSkgY2hlY2tpbmcuCj4gKwo+ ICtjb25maWcgQ0ZJX0dDQwo+ICsgICAgICAgYm9vbCAiVXNlIEdDQydzIENvbnRyb2wgRmxvdyBJ bnRlZ3JpdHkgKENGSSkiCj4gKyAgICAgICBkZXBlbmRzIG9uIEFSQ0hfU1VQUE9SVFNfQ0ZJX0dD Qwo+ICsgICAgICAgZGVwZW5kcyBvbiAkKGNjLW9wdGlvbiwtZnNhbml0aXplPWNmaSkKPiArICAg ICAgIGhlbHAKPiArICAgICAgICAgVGhpcyBvcHRpb24gZW5hYmxlcyBHQ0PigJlzIGZvcndhcmQt ZWRnZSBDb250cm9sIEZsb3cgSW50ZWdyaXR5Cj4gKyAgICAgICAgIChDRkkpIGNoZWNraW5nLCB3 aGVyZSB0aGUgY29tcGlsZXIgaW5qZWN0cyBhIHJ1bnRpbWUgY2hlY2sgdG8gZWFjaAo+ICsgICAg ICAgICBpbmRpcmVjdCBmdW5jdGlvbiBjYWxsIHRvIGVuc3VyZSB0aGUgdGFyZ2V0IGlzIGEgdmFs aWQgZnVuY3Rpb24gd2l0aAo+ICsgICAgICAgICB0aGUgY29ycmVjdCBzdGF0aWMgdHlwZS4gVGhp cyByZXN0cmljdHMgcG9zc2libGUgY2FsbCB0YXJnZXRzIGFuZAo+ICsgICAgICAgICBtYWtlcyBp dCBtb3JlIGRpZmZpY3VsdCBmb3IgYW4gYXR0YWNrZXIgdG8gZXhwbG9pdCBidWdzIHRoYXQgYWxs b3cKPiArICAgICAgICAgdGhlIG1vZGlmaWNhdGlvbiBvZiBzdG9yZWQgZnVuY3Rpb24gcG9pbnRl cnMuIE1vcmUgaW5mb3JtYXRpb24gY2FuIGJlCj4gKyAgICAgICAgIGZvdW5kIGZyb20gdGhlIGNv bXBpbGVyJ3MgZG9jdW1lbnRhdGlvbjoKPiArCj4gKyAgICAgICAgIC0gQ2xhbmc6IGh0dHBzOi8v Y2xhbmcubGx2bS5vcmcvZG9jcy9Db250cm9sRmxvd0ludGVncml0eS5odG1sCj4gKyAgICAgICAg IC0gR0NDOiBodHRwczovL2djYy5nbnUub3JnL29ubGluZWRvY3MvZ2NjL0luc3RydW1lbnRhdGlv bi1PcHRpb25zLmh0bWwjSW5zdHJ1bWVudGF0aW9uLU9wdGlvbnMKPiArCj4gIGNvbmZpZyBDRklf UEVSTUlTU0lWRQo+ICAgICAgICAgYm9vbCAiVXNlIENGSSBpbiBwZXJtaXNzaXZlIG1vZGUiCj4g LSAgICAgICBkZXBlbmRzIG9uIENGSV9DTEFORwo+ICsgICAgICAgZGVwZW5kcyBvbiBDRklfQ0xB TkcgfHwgQ0ZJX0dDQwo+ICAgICAgICAgaGVscAo+ICAgICAgICAgICBXaGVuIHNlbGVjdGVkLCBD b250cm9sIEZsb3cgSW50ZWdyaXR5IChDRkkpIHZpb2xhdGlvbnMgcmVzdWx0IGluIGEKPiAgICAg ICAgICAgd2FybmluZyBpbnN0ZWFkIG9mIGEga2VybmVsIHBhbmljLiBUaGlzIG9wdGlvbiBzaG91 bGQgb25seSBiZSB1c2VkCj4gZGlmZiAtLWdpdCBhL2FyY2gvYXJtNjQvS2NvbmZpZyBiL2FyY2gv YXJtNjQvS2NvbmZpZwo+IGluZGV4IDlmYjlmZmYwOGM5NC4uNjBmZGZiMDFjZWNiIDEwMDY0NAo+ IC0tLSBhL2FyY2gvYXJtNjQvS2NvbmZpZwo+ICsrKyBiL2FyY2gvYXJtNjQvS2NvbmZpZwo+IEBA IC04OSw2ICs4OSw3IEBAIGNvbmZpZyBBUk02NAo+ICAgICAgICAgc2VsZWN0IEFSQ0hfU1VQUE9S VFNfTFRPX0NMQU5HIGlmIENQVV9MSVRUTEVfRU5ESUFOCj4gICAgICAgICBzZWxlY3QgQVJDSF9T VVBQT1JUU19MVE9fQ0xBTkdfVEhJTgo+ICAgICAgICAgc2VsZWN0IEFSQ0hfU1VQUE9SVFNfQ0ZJ X0NMQU5HCj4gKyAgICAgICBzZWxlY3QgQVJDSF9TVVBQT1JUU19DRklfR0NDCj4gICAgICAgICBz ZWxlY3QgQVJDSF9TVVBQT1JUU19BVE9NSUNfUk1XCj4gICAgICAgICBzZWxlY3QgQVJDSF9TVVBQ T1JUU19JTlQxMjggaWYgQ0NfSEFTX0lOVDEyOAo+ICAgICAgICAgc2VsZWN0IEFSQ0hfU1VQUE9S VFNfTlVNQV9CQUxBTkNJTkcKPiBkaWZmIC0tZ2l0IGEvaW5jbHVkZS9saW51eC9jZmlfdHlwZXMu aCBiL2luY2x1ZGUvbGludXgvY2ZpX3R5cGVzLmgKPiBpbmRleCA2Yjg3MTM2NzU3NjUuLjFjM2I3 ZWE2YTc5ZiAxMDA2NDQKPiAtLS0gYS9pbmNsdWRlL2xpbnV4L2NmaV90eXBlcy5oCj4gKysrIGIv aW5jbHVkZS9saW51eC9jZmlfdHlwZXMuaAo+IEBAIC04LDE4ICs4LDI1IEBACj4gICNpZmRlZiBf X0FTU0VNQkxZX18KPiAgI2luY2x1ZGUgPGxpbnV4L2xpbmthZ2UuaD4KPgo+IC0jaWZkZWYgQ09O RklHX0NGSV9DTEFORwo+ICsjaWYgZGVmaW5lZChDT05GSUdfQ0ZJX0NMQU5HKSB8fCBkZWZpbmVk KENPTkZJR19DRklfR0NDKQo+ICAvKgo+IC0gKiBVc2UgdGhlIF9fa2NmaV90eXBlaWRfPGZ1bmN0 aW9uPiB0eXBlIGlkZW50aWZpZXIgc3ltYm9sIHRvCj4gKyAqIFVzZSB0aGUgX19ba11jZmlfdHlw ZWlkXzxmdW5jdGlvbj4gdHlwZSBpZGVudGlmaWVyIHN5bWJvbCB0bwo+ICAgKiBhbm5vdGF0ZSBp bmRpcmVjdGx5IGNhbGxlZCBhc3NlbWJseSBmdW5jdGlvbnMuIFRoZSBjb21waWxlciBlbWl0cwo+ ICAgKiB0aGVzZSBzeW1ib2xzIGZvciBhbGwgYWRkcmVzcy10YWtlbiBmdW5jdGlvbiBkZWNsYXJh dGlvbnMgaW4gQwo+ICAgKiBjb2RlLgo+ICAgKi8KPiAgI2lmbmRlZiBfX0NGSV9UWVBFCj4gKwo+ ICsjaWZkZWYgQ09ORklHX0NGSV9HQ0MKPiArI2RlZmluZSBfX0NGSV9UWVBFKG5hbWUpICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgIFwKPiArICAgICAgIC40Ynl0ZSBfX2NmaV90eXBlaWRf IyNuYW1lCj4gKyNlbHNlCj4gICNkZWZpbmUgX19DRklfVFlQRShuYW1lKSAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICBcCj4gICAgICAgICAuNGJ5dGUgX19rY2ZpX3R5cGVpZF8jI25hbWUK PiAgI2VuZGlmCj4KPiArI2VuZGlmCj4gKwo+ICAjZGVmaW5lIFNZTV9UWVBFRF9FTlRSWShuYW1l LCBsaW5rYWdlLCBhbGlnbi4uLikgICAgICAgXAo+ICAgICAgICAgbGlua2FnZShuYW1lKSBBU01f TkwgICAgICAgICAgICAgICAgICAgICAgICAgICAgXAo+ICAgICAgICAgYWxpZ24gQVNNX05MICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgXAo+IEBAIC0yOSwxMiArMzYsMTIgQEAK PiAgI2RlZmluZSBTWU1fVFlQRURfU1RBUlQobmFtZSwgbGlua2FnZSwgYWxpZ24uLi4pICAgICAg IFwKPiAgICAgICAgIFNZTV9UWVBFRF9FTlRSWShuYW1lLCBsaW5rYWdlLCBhbGlnbikKPgo+IC0j ZWxzZSAvKiBDT05GSUdfQ0ZJX0NMQU5HICovCj4gKyNlbHNlIC8qIGRlZmluZWQoQ09ORklHX0NG SV9DTEFORykgfHwgZGVmaW5lZChDT05GSUdfQ0ZJX0dDQykgKi8KPgo+ICAjZGVmaW5lIFNZTV9U WVBFRF9TVEFSVChuYW1lLCBsaW5rYWdlLCBhbGlnbi4uLikgICAgICAgXAo+ICAgICAgICAgU1lN X1NUQVJUKG5hbWUsIGxpbmthZ2UsIGFsaWduKQo+Cj4gLSNlbmRpZiAvKiBDT05GSUdfQ0ZJX0NM QU5HICovCj4gKyNlbmRpZiAvKiBkZWZpbmVkKENPTkZJR19DRklfQ0xBTkcpIHx8IGRlZmluZWQo Q09ORklHX0NGSV9HQ0MpICovCj4KPiAgI2lmbmRlZiBTWU1fVFlQRURfRlVOQ19TVEFSVAo+ICAj ZGVmaW5lIFNZTV9UWVBFRF9GVU5DX1NUQVJUKG5hbWUpICAgICAgICAgICAgICAgICAgICAgXAo+ IGRpZmYgLS1naXQgYS9pbmNsdWRlL2xpbnV4L2NvbXBpbGVyLWdjYy5oIGIvaW5jbHVkZS9saW51 eC9jb21waWxlci1nY2MuaAo+IGluZGV4IDliMTU3YjcxMDM2Zi4uYWVjMWNlMzI3YjFhIDEwMDY0 NAo+IC0tLSBhL2luY2x1ZGUvbGludXgvY29tcGlsZXItZ2NjLmgKPiArKysgYi9pbmNsdWRlL2xp bnV4L2NvbXBpbGVyLWdjYy5oCj4gQEAgLTgyLDYgKzgyLDEwIEBACj4gICNkZWZpbmUgX19ub3Nj cyBfX2F0dHJpYnV0ZV9fKChfX25vX3Nhbml0aXplX18oInNoYWRvdy1jYWxsLXN0YWNrIikpKQo+ ICAjZW5kaWYKPgo+ICsjaWZkZWYgQ09ORklHX0NGSV9HQ0MKPiArI2RlZmluZSBfX25vY2ZpIF9f YXR0cmlidXRlX18oKG5vX3Nhbml0aXplKCJjZmkiKSkpCj4gKyNlbmRpZgo+ICsKPiAgI2lmIF9f aGFzX2F0dHJpYnV0ZShfX25vX3Nhbml0aXplX2FkZHJlc3NfXykKPiAgI2RlZmluZSBfX25vX3Nh bml0aXplX2FkZHJlc3MgX19hdHRyaWJ1dGVfXygobm9fc2FuaXRpemVfYWRkcmVzcykpCj4gICNl bHNlCj4gZGlmZiAtLWdpdCBhL2tlcm5lbC9NYWtlZmlsZSBiL2tlcm5lbC9NYWtlZmlsZQo+IGlu ZGV4IDMxODc4OWM3MjhkMy4uOTIzZDNlMDYwODUyIDEwMDY0NAo+IC0tLSBhL2tlcm5lbC9NYWtl ZmlsZQo+ICsrKyBiL2tlcm5lbC9NYWtlZmlsZQo+IEBAIC0xMTQsNiArMTE0LDcgQEAgb2JqLSQo Q09ORklHX1NIQURPV19DQUxMX1NUQUNLKSArPSBzY3Mubwo+ICBvYmotJChDT05GSUdfSEFWRV9T VEFUSUNfQ0FMTCkgKz0gc3RhdGljX2NhbGwubwo+ICBvYmotJChDT05GSUdfSEFWRV9TVEFUSUNf Q0FMTF9JTkxJTkUpICs9IHN0YXRpY19jYWxsX2lubGluZS5vCj4gIG9iai0kKENPTkZJR19DRklf Q0xBTkcpICs9IGNmaS5vCj4gK29iai0kKENPTkZJR19DRklfR0NDKSArPSBjZmkubwo+Cj4gIG9i ai0kKENPTkZJR19QRVJGX0VWRU5UUykgKz0gZXZlbnRzLwo+Cj4gZGlmZiAtLWdpdCBhL2tlcm5l bC9jZmkuYyBiL2tlcm5lbC9jZmkuYwo+IGluZGV4IDA4Y2FhZDc3NjcxNy4uOWJmZjM1NzM2NzU2 IDEwMDY0NAo+IC0tLSBhL2tlcm5lbC9jZmkuYwo+ICsrKyBiL2tlcm5lbC9jZmkuYwo+IEBAIC0y NSw2ICsyNSw3IEBAIGVudW0gYnVnX3RyYXBfdHlwZSByZXBvcnRfY2ZpX2ZhaWx1cmUoc3RydWN0 IHB0X3JlZ3MgKnJlZ3MsIHVuc2lnbmVkIGxvbmcgYWRkciwKPiAgICAgICAgIHJldHVybiBCVUdf VFJBUF9UWVBFX0JVRzsKPiAgfQo+Cj4gKyNpZmRlZiBDT05GSUdfQ0ZJX0NMQU5HCj4gICNpZmRl ZiBDT05GSUdfQVJDSF9VU0VTX0NGSV9UUkFQUwo+ICBzdGF0aWMgaW5saW5lIHVuc2lnbmVkIGxv bmcgdHJhcF9hZGRyZXNzKHMzMiAqcCkKPiAgewo+IEBAIC05OSwzICsxMDAsMjUgQEAgYm9vbCBp c19jZmlfdHJhcCh1bnNpZ25lZCBsb25nIGFkZHIpCj4gICAgICAgICByZXR1cm4gaXNfbW9kdWxl X2NmaV90cmFwKGFkZHIpOwo+ICB9Cj4gICNlbmRpZiAvKiBDT05GSUdfQVJDSF9VU0VTX0NGSV9U UkFQUyAqLwo+ICsjZW5kaWYgLyogQ09ORklHX0NGSV9DTEFORyAqLwo+ICsKPiArCj4gKyNpZmRl ZiBDT05GSUdfQ0ZJX0dDQwo+ICt2b2lkIGNmaV9jaGVja19mYWlsZWQodTMyIGNhbGxlcl9oYXNo LCB1MzIgY2FsbGVlX2hhc2gsIHZvaWQgKmNhbGxlZV9hZGRyKQo+ICt7Cj4gKyAgICAgICB1bnNp Z25lZCBsb25nIHBjLCB0YXJnZXQ7Cj4gKwo+ICsgICAgICAgcGMgPSAodW5zaWduZWQgbG9uZylf X2J1aWx0aW5fcmV0dXJuX2FkZHJlc3MoMCk7Cj4gKyAgICAgICB0YXJnZXQgPSAodW5zaWduZWQg bG9uZyljYWxsZWVfYWRkcjsKPiArCj4gKyAgICAgICBzd2l0Y2ggKHJlcG9ydF9jZmlfZmFpbHVy ZShOVUxMLCBwYywgJnRhcmdldCwgY2FsbGVyX2hhc2gpKSB7Cj4gKyAgICAgICBjYXNlIEJVR19U UkFQX1RZUEVfV0FSTjoKPiArICAgICAgICAgICAgICAgYnJlYWs7Cj4gKwo+ICsgICAgICAgZGVm YXVsdDoKPiArICAgICAgICAgICAgICAgcGFuaWMoIk9vcHMgLSBDRkkiKTsKPiArICAgICAgIH0K PiArfQo+ICtFWFBPUlRfU1lNQk9MKGNmaV9jaGVja19mYWlsZWQpOwo+ICsKPiArI2VuZGlmIC8q IENPTkZJR19DRklfR0NDICovCj4gZGlmZiAtLWdpdCBhL3NjcmlwdHMva2FsbHN5bXMuYyBiL3Nj cmlwdHMva2FsbHN5bXMuYwo+IGluZGV4IGNjZGYwYzg5N2YzMS4uZWQ4ZGI1MTNiOTE4IDEwMDY0 NAo+IC0tLSBhL3NjcmlwdHMva2FsbHN5bXMuYwo+ICsrKyBiL3NjcmlwdHMva2FsbHN5bXMuYwo+ IEBAIC0xMTksNyArMTE5LDkgQEAgc3RhdGljIGJvb2wgaXNfaWdub3JlZF9zeW1ib2woY29uc3Qg Y2hhciAqbmFtZSwgY2hhciB0eXBlKQo+ICAgICAgICAgICAgICAgICAiX19UaHVtYlY3UElMb25n VGh1bmtfIiwKPiAgICAgICAgICAgICAgICAgIl9fTEEyNVRodW5rXyIsICAgICAgICAgLyogbWlw cyBsbGQgKi8KPiAgICAgICAgICAgICAgICAgIl9fbWljcm9MQTI1VGh1bmtfIiwKPiAtICAgICAg ICAgICAgICAgIl9fa2NmaV90eXBlaWRfIiwgICAgICAgLyogQ0ZJIHR5cGUgaWRlbnRpZmllcnMg Ki8KPiArICAgICAgICAgICAgICAgIl9fa2NmaV90eXBlaWRfIiwgICAgICAgLyogQ0ZJIHR5cGUg aWRlbnRpZmllcnMgaW4gQ2xhbmcgKi8KPiArICAgICAgICAgICAgICAgIl9fY2ZpXyIsICAgICAg ICAgICAgICAgLyogQ0ZJIHR5cGUgaWRlbnRpZmllcnMgaW4gR0NDICovCj4gKyAgICAgICAgICAg ICAgICJfX3BpX19fY2ZpIiwgICAgICAgICAgIC8qIENGSSB0eXBlIGlkZW50aWZpZXJzIGluIEdD QyAqLwo+ICAgICAgICAgICAgICAgICBOVUxMCj4gICAgICAgICB9Owo+Cj4gLS0KPiAyLjE3LjEK PgoKX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KbGludXgt YXJtLWtlcm5lbCBtYWlsaW5nIGxpc3QKbGludXgtYXJtLWtlcm5lbEBsaXN0cy5pbmZyYWRlYWQu b3JnCmh0dHA6Ly9saXN0cy5pbmZyYWRlYWQub3JnL21haWxtYW4vbGlzdGluZm8vbGludXgtYXJt LWtlcm5lbAo=