From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.1 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_PASS autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id AA692C43381 for ; Wed, 13 Mar 2019 22:58:28 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 639302146E for ; Wed, 13 Mar 2019 22:58:28 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="R5S4yBdh" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727129AbfCMW61 (ORCPT ); Wed, 13 Mar 2019 18:58:27 -0400 Received: from mail-vs1-f67.google.com ([209.85.217.67]:39615 "EHLO mail-vs1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725883AbfCMW60 (ORCPT ); Wed, 13 Mar 2019 18:58:26 -0400 Received: by mail-vs1-f67.google.com with SMTP id w14so2088300vso.6 for ; Wed, 13 Mar 2019 15:58:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=Pw4Vuq3TzOLDE/NhyBJ4D931rldDgs2N1sir0Z7lN90=; b=R5S4yBdhd04EqoZz/cIf1yuuOss5j9AlEZBodoAKxgsceG1zk9W/hAvs4hI+7kuztr XCtMp6PzfPvvm+zEk+lh0GQoCoFH+B8mCITEdO3j3YBFyQYeflFnBeimcrRjJiBFmXkj 9bvrYvKNnX/M1dk9biTc7iJLjZxls2k/uzrs0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=Pw4Vuq3TzOLDE/NhyBJ4D931rldDgs2N1sir0Z7lN90=; b=udk4AMFJby3oIEZSANXOsviZQ8ETC3gskdsQRAHns2a00Y1Sk4YoEjODwvupxrs7QA liy3hpxd09QdQJHEHgxAht+JqdQqHNOnEBBSKRvggT8gdQp3rO3JzaWQqNXBky5KZZbp WdUgFx64o8exZQHwDkkHmeL/CKeX8lQ5hN9Y8GFDAeaEhfPXoO78Bo7Jz+NVNsOm8DkK m1XvBGkI+bX3EXyrj1fn7gLosvK3qaMFR1Fbe+4Tce/xDkO+qxe19kjZH65uBLxcTEBE JdAeDhjqS4xPn2c/I0kqLLo0YP1GCdVS2w47ipVOZT/IGMr2DJMcRx0pQ9C7vURFKXpW qjGg== X-Gm-Message-State: APjAAAU59mcEytqFcjuLdzD2waXJ1vbQ+aB1a4OpztlVn5RYUs9+6B9A BURr2+dcdTcnKQ5QosjTMtrWwLlXIrU= X-Google-Smtp-Source: APXvYqzcVfwbQwqUw6D4ITwq5xRUwLfWogVHdhtulZhyfrsOLj39hRfw0ES5jXnSOx2poaO/bHm9VA== X-Received: by 2002:a67:cb19:: with SMTP id b25mr25040683vsl.145.1552517904455; Wed, 13 Mar 2019 15:58:24 -0700 (PDT) Received: from mail-vs1-f53.google.com (mail-vs1-f53.google.com. [209.85.217.53]) by smtp.gmail.com with ESMTPSA id w68sm6155589vkw.9.2019.03.13.15.58.23 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 13 Mar 2019 15:58:23 -0700 (PDT) Received: by mail-vs1-f53.google.com with SMTP id u6so2085062vso.10 for ; Wed, 13 Mar 2019 15:58:23 -0700 (PDT) X-Received: by 2002:a67:ed0c:: with SMTP id l12mr6241086vsp.66.1552517902631; Wed, 13 Mar 2019 15:58:22 -0700 (PDT) MIME-Version: 1.0 References: <20190312173248.13490-1-alisaidi@amazon.com> <20190312173248.13490-3-alisaidi@amazon.com> In-Reply-To: <20190312173248.13490-3-alisaidi@amazon.com> From: Kees Cook Date: Wed, 13 Mar 2019 15:58:10 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH 2/2] x86/mmap: handle worst-case heap randomization in mmap_base To: Ali Saidi Cc: LKML , linux-arm-kernel , X86 ML , "H. Peter Anvin" , Andrew Morton , Borislav Petkov , Ingo Molnar , Thomas Gleixner , Peter Zijlstra , Andy Lutomirski , Dave Hansen , Will Deacon , Catalin Marinas , David Woodhouse , Anthony Liguori Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Mar 12, 2019 at 10:33 AM Ali Saidi wrote: > > Increase mmap_base by the worst-case brk randomization so that > the stack and heap remain apart. > > In Linux 4.13 a change was committed that special cased the kernel ELF > loader when the loader is invoked directly (eab09532d400; binfmt_elf: use > ELF_ET_DYN_BASE only for PIE). Generally, the loader isn=E2=80=99t invoke= d > directly and this issue is limited to cases where it is, (e.g to set a > non-inheritable LD_LIBRARY_PATH, testing new versions of the loader). In > those rare cases, the loader doesn't take into account the amount of brk > randomization that will be applied by arch_randomize_brk(). This can > lead to the stack and heap being arbitrarily close to each other. In the case of using the loader directly, brk (so helpfully identified as "[heap]") is allocated with the _loader_ not the binary. For example, with ASLR entirely disabled, you can see this more clearly: $ /bin/cat /proc/self/maps 555555554000-55555555c000 r-xp 00000000 fd:02 34603015 /bin/cat 55555575b000-55555575c000 r--p 00007000 fd:02 34603015 /bin/cat 55555575c000-55555575d000 rw-p 00008000 fd:02 34603015 /bin/cat 55555575d000-55555577e000 rw-p 00000000 00:00 0 [h= eap] ... 7ffff7ff7000-7ffff7ffa000 r--p 00000000 00:00 0 [v= var] 7ffff7ffa000-7ffff7ffc000 r-xp 00000000 00:00 0 [v= dso] 7ffff7ffc000-7ffff7ffd000 r--p 00027000 fd:02 49287483 /lib/x86_64-linux-gnu/ld-2.27.so 7ffff7ffd000-7ffff7ffe000 rw-p 00028000 fd:02 49287483 /lib/x86_64-linux-gnu/ld-2.27.so 7ffff7ffe000-7ffff7fff000 rw-p 00000000 00:00 0 7ffffffde000-7ffffffff000 rw-p 00000000 00:00 0 [s= tack] $ /lib/x86_64-linux-gnu/ld-2.27.so /bin/cat /proc/self/maps ... 7ffff7bcc000-7ffff7bd4000 r-xp 00000000 fd:02 34603015 /bin/cat 7ffff7bd4000-7ffff7dd3000 ---p 00008000 fd:02 34603015 /bin/cat 7ffff7dd3000-7ffff7dd4000 r--p 00007000 fd:02 34603015 /bin/cat 7ffff7dd4000-7ffff7dd5000 rw-p 00008000 fd:02 34603015 /bin/cat 7ffff7dd5000-7ffff7dfc000 r-xp 00000000 fd:02 49287483 /lib/x86_64-linux-gnu/ld-2.27.so 7ffff7fb2000-7ffff7fd6000 rw-p 00000000 00:00 0 7ffff7ff7000-7ffff7ffa000 r--p 00000000 00:00 0 [v= var] 7ffff7ffa000-7ffff7ffc000 r-xp 00000000 00:00 0 [v= dso] 7ffff7ffc000-7ffff7ffd000 r--p 00027000 fd:02 49287483 /lib/x86_64-linux-gnu/ld-2.27.so 7ffff7ffd000-7ffff7ffe000 rw-p 00028000 fd:02 49287483 /lib/x86_64-linux-gnu/ld-2.27.so 7ffff7ffe000-7ffff8020000 rw-p 00000000 00:00 0 [h= eap] 7ffffffde000-7ffffffff000 rw-p 00000000 00:00 0 [s= tack] So I think changing this globally isn't the right solution (normally brk is between text and mmap). Adjusting the mmap base padding means we lose even more memory space. Perhaps it would be better if brk allocation would be placed before the mmap region (i.e. use ELF_ET_DYN_BASE). This seems to work for me: diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c index 7d09d125f148..cdaa33f4a3ef 100644 --- a/fs/binfmt_elf.c +++ b/fs/binfmt_elf.c @@ -1131,6 +1131,15 @@ static int load_elf_binary(struct linux_binprm *bprm= ) current->mm->end_data =3D end_data; current->mm->start_stack =3D bprm->p; + /* + * When executing a loader directly (ET_DYN without Interp), move + * the brk area out of the mmap region (since it grows up, and may + * collide early with the stack growing down), and into the unused + * ELF_ET_DYN_BASE region. + */ + if (!elf_interpreter) + current->mm->brk =3D current->mm->start_brk =3D ELF_ET_DYN_= BASE; + if ((current->flags & PF_RANDOMIZE) && (randomize_va_space > 1)) { current->mm->brk =3D current->mm->start_brk =3D arch_randomize_brk(current->mm); $ /lib/x86_64-linux-gnu/ld-2.27.so /bin/cat /proc/self/maps 555556de3000-555556e04000 rw-p 00000000 00:00 0 [h= eap] 7f8467da9000-7f8467f90000 r-xp 00000000 fd:01 399295 /lib/x86_64-linux-gnu/libc-2.27.so ... 7f846819a000-7f84681a2000 r-xp 00000000 fd:01 263229 /bin/cat ... 7f84685cb000-7f84685cc000 rw-p 00028000 fd:01 399286 /lib/x86_64-linux-gnu/ld-2.27.so 7f84685cc000-7f84685cd000 rw-p 00000000 00:00 0 7ffce68f8000-7ffce6919000 rw-p 00000000 00:00 0 [s= tack] 7ffce69f0000-7ffce69f3000 r--p 00000000 00:00 0 [v= var] 7ffce69f3000-7ffce69f4000 r-xp 00000000 00:00 0 [v= dso] Does anyone see problems with this? (Note that ET_EXEC base is 0x400000, so no collision there...) --=20 Kees Cook From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.0 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI, SPF_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 38091C43381 for ; Wed, 13 Mar 2019 22:58:45 +0000 (UTC) Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id F1FE021019 for ; Wed, 13 Mar 2019 22:58:44 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="N5kqW8S1"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="R5S4yBdh" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org F1FE021019 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=chromium.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+infradead-linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:To:Subject:Message-ID:Date:From: In-Reply-To:References:MIME-Version:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=4t/9aoPjzt0bnE4+C+vf1YWrsMxTZtVQutGsiRy6Loo=; b=N5kqW8S1BLZvyk VYJ8QXpj1j6qHEcK564U7H2ce7xSefZ3e4MaNycavFhS2CrR2Z6bd8elPIkCz+BsqA9v3+Fd3AiNU bzflkdaycXM5dvZh9xBmra3FYM7Y0lfVdhB3/Q6iC6FNWuuo6RG3labb+qMLRwV6E/EtEaouS3gAv h6/5bjd5cT4AwXD9LXx+pXRCA3U7pr3sSoTuLWnAC+l0Cl/lslu0f2ocbESomzZpozAdb54jPgRag XjPtna7mSFD7x38WSJ8bxQDq4wRM7Hy2hrlITePbsRk9nDVf9KqZRLqz48DDA15RC5aRNHY4FTeAs gnqZ4j1bJeT3Veyvj2sA==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1h4CpU-0000vN-LK; Wed, 13 Mar 2019 22:58:32 +0000 Received: from mail-ua1-x941.google.com ([2607:f8b0:4864:20::941]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1h4CpQ-0000uI-RX for linux-arm-kernel@lists.infradead.org; Wed, 13 Mar 2019 22:58:30 +0000 Received: by mail-ua1-x941.google.com with SMTP id s15so1274682uap.6 for ; Wed, 13 Mar 2019 15:58:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=Pw4Vuq3TzOLDE/NhyBJ4D931rldDgs2N1sir0Z7lN90=; b=R5S4yBdhd04EqoZz/cIf1yuuOss5j9AlEZBodoAKxgsceG1zk9W/hAvs4hI+7kuztr XCtMp6PzfPvvm+zEk+lh0GQoCoFH+B8mCITEdO3j3YBFyQYeflFnBeimcrRjJiBFmXkj 9bvrYvKNnX/M1dk9biTc7iJLjZxls2k/uzrs0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=Pw4Vuq3TzOLDE/NhyBJ4D931rldDgs2N1sir0Z7lN90=; b=Q0QL+/zfQg0+H/odqkprQmU972bv1TfT3Y3vaek9BthfRnmnWkjf1vIpC7bU7G679E qJrNsaMP3qSCKtA1Mrx925SGJ97GnHyjiIsv/fY5y0uGeNQ96nP8nKe8h/H3Q7cP9WNS 4ctmCzWpIPfSSC30jWxzJmTA4MoHrNozZ8Vco09T096MQL4ldCpTh2ZTPXXFmq5zYaO/ E1YNBQk+IpDrgjCKsXIlUS5z9XFrO6NKmDfyWMm1sHH2+rfxE4VkHFUEqgJ6egASTLhs Dxuj/f+V2syRiFOx/I004v4QRZZhakYP51wweVrLGDkAmZHaFr2ZpEj0VUFWWUQCr0vA 0aWA== X-Gm-Message-State: APjAAAWHi38RgzyhjSlzsoir4aRsAc4kwVnABGQeJNIJbvw4yX+pErKU I9pGDDdMy6sl1cJeVnaXaG/4debK1DM= X-Google-Smtp-Source: APXvYqztFTL5toIbWaLIcXsc/Ery7pkl0xgUmetPgI9+6yF7tlEac5THtVeY84toqqW8xBKBM5BuIg== X-Received: by 2002:ab0:7483:: with SMTP id n3mr24397578uap.131.1552517904606; Wed, 13 Mar 2019 15:58:24 -0700 (PDT) Received: from mail-vs1-f43.google.com (mail-vs1-f43.google.com. [209.85.217.43]) by smtp.gmail.com with ESMTPSA id b65sm3754798vkb.52.2019.03.13.15.58.23 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 13 Mar 2019 15:58:23 -0700 (PDT) Received: by mail-vs1-f43.google.com with SMTP id e126so1881672vse.1 for ; Wed, 13 Mar 2019 15:58:23 -0700 (PDT) X-Received: by 2002:a67:ed0c:: with SMTP id l12mr6241086vsp.66.1552517902631; Wed, 13 Mar 2019 15:58:22 -0700 (PDT) MIME-Version: 1.0 References: <20190312173248.13490-1-alisaidi@amazon.com> <20190312173248.13490-3-alisaidi@amazon.com> In-Reply-To: <20190312173248.13490-3-alisaidi@amazon.com> From: Kees Cook Date: Wed, 13 Mar 2019 15:58:10 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH 2/2] x86/mmap: handle worst-case heap randomization in mmap_base To: Ali Saidi X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20190313_155828_916626_E95B8700 X-CRM114-Status: GOOD ( 19.37 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Dave Hansen , Anthony Liguori , Peter Zijlstra , Catalin Marinas , X86 ML , Will Deacon , LKML , Ingo Molnar , Borislav Petkov , David Woodhouse , Andy Lutomirski , "H. Peter Anvin" , Andrew Morton , Thomas Gleixner , linux-arm-kernel Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+infradead-linux-arm-kernel=archiver.kernel.org@lists.infradead.org T24gVHVlLCBNYXIgMTIsIDIwMTkgYXQgMTA6MzMgQU0gQWxpIFNhaWRpIDxhbGlzYWlkaUBhbWF6 b24uY29tPiB3cm90ZToKPgo+IEluY3JlYXNlIG1tYXBfYmFzZSBieSB0aGUgd29yc3QtY2FzZSBi cmsgcmFuZG9taXphdGlvbiBzbyB0aGF0Cj4gdGhlIHN0YWNrIGFuZCBoZWFwIHJlbWFpbiBhcGFy dC4KPgo+IEluIExpbnV4IDQuMTMgYSBjaGFuZ2Ugd2FzIGNvbW1pdHRlZCB0aGF0IHNwZWNpYWwg Y2FzZWQgdGhlIGtlcm5lbCBFTEYKPiBsb2FkZXIgd2hlbiB0aGUgbG9hZGVyIGlzIGludm9rZWQg ZGlyZWN0bHkgKGVhYjA5NTMyZDQwMDsgYmluZm10X2VsZjogdXNlCj4gRUxGX0VUX0RZTl9CQVNF IG9ubHkgZm9yIFBJRSkuIEdlbmVyYWxseSwgdGhlIGxvYWRlciBpc27igJl0IGludm9rZWQKPiBk aXJlY3RseSBhbmQgdGhpcyBpc3N1ZSBpcyBsaW1pdGVkIHRvIGNhc2VzIHdoZXJlIGl0IGlzLCAo ZS5nIHRvIHNldCBhCj4gbm9uLWluaGVyaXRhYmxlIExEX0xJQlJBUllfUEFUSCwgdGVzdGluZyBu ZXcgdmVyc2lvbnMgb2YgdGhlIGxvYWRlcikuIEluCj4gdGhvc2UgcmFyZSBjYXNlcywgdGhlIGxv YWRlciBkb2Vzbid0IHRha2UgaW50byBhY2NvdW50IHRoZSBhbW91bnQgb2YgYnJrCj4gcmFuZG9t aXphdGlvbiB0aGF0IHdpbGwgYmUgYXBwbGllZCBieSBhcmNoX3JhbmRvbWl6ZV9icmsoKS4gVGhp cyBjYW4KPiBsZWFkIHRvIHRoZSBzdGFjayBhbmQgaGVhcCBiZWluZyBhcmJpdHJhcmlseSBjbG9z ZSB0byBlYWNoIG90aGVyLgoKSW4gdGhlIGNhc2Ugb2YgdXNpbmcgdGhlIGxvYWRlciBkaXJlY3Rs eSwgYnJrIChzbyBoZWxwZnVsbHkgaWRlbnRpZmllZAphcyAiW2hlYXBdIikgaXMgYWxsb2NhdGVk IHdpdGggdGhlIF9sb2FkZXJfIG5vdCB0aGUgYmluYXJ5LiBGb3IKZXhhbXBsZSwgd2l0aCBBU0xS IGVudGlyZWx5IGRpc2FibGVkLCB5b3UgY2FuIHNlZSB0aGlzIG1vcmUgY2xlYXJseToKCiQgL2Jp bi9jYXQgL3Byb2Mvc2VsZi9tYXBzCjU1NTU1NTU1NDAwMC01NTU1NTU1NWMwMDAgci14cCAwMDAw MDAwMCBmZDowMiAzNDYwMzAxNQogIC9iaW4vY2F0CjU1NTU1NTc1YjAwMC01NTU1NTU3NWMwMDAg ci0tcCAwMDAwNzAwMCBmZDowMiAzNDYwMzAxNQogIC9iaW4vY2F0CjU1NTU1NTc1YzAwMC01NTU1 NTU3NWQwMDAgcnctcCAwMDAwODAwMCBmZDowMiAzNDYwMzAxNQogIC9iaW4vY2F0CjU1NTU1NTc1 ZDAwMC01NTU1NTU3N2UwMDAgcnctcCAwMDAwMDAwMCAwMDowMCAwICAgICAgICAgICAgICAgICAg ICAgICAgICBbaGVhcF0KLi4uCjdmZmZmN2ZmNzAwMC03ZmZmZjdmZmEwMDAgci0tcCAwMDAwMDAw MCAwMDowMCAwICAgICAgICAgICAgICAgICAgICAgICAgICBbdnZhcl0KN2ZmZmY3ZmZhMDAwLTdm ZmZmN2ZmYzAwMCByLXhwIDAwMDAwMDAwIDAwOjAwIDAgICAgICAgICAgICAgICAgICAgICAgICAg IFt2ZHNvXQo3ZmZmZjdmZmMwMDAtN2ZmZmY3ZmZkMDAwIHItLXAgMDAwMjcwMDAgZmQ6MDIgNDky ODc0ODMKICAvbGliL3g4Nl82NC1saW51eC1nbnUvbGQtMi4yNy5zbwo3ZmZmZjdmZmQwMDAtN2Zm ZmY3ZmZlMDAwIHJ3LXAgMDAwMjgwMDAgZmQ6MDIgNDkyODc0ODMKICAvbGliL3g4Nl82NC1saW51 eC1nbnUvbGQtMi4yNy5zbwo3ZmZmZjdmZmUwMDAtN2ZmZmY3ZmZmMDAwIHJ3LXAgMDAwMDAwMDAg MDA6MDAgMAo3ZmZmZmZmZGUwMDAtN2ZmZmZmZmZmMDAwIHJ3LXAgMDAwMDAwMDAgMDA6MDAgMCAg ICAgICAgICAgICAgICAgICAgICAgICAgW3N0YWNrXQoKJCAvbGliL3g4Nl82NC1saW51eC1nbnUv bGQtMi4yNy5zbyAvYmluL2NhdCAvcHJvYy9zZWxmL21hcHMKLi4uCjdmZmZmN2JjYzAwMC03ZmZm ZjdiZDQwMDAgci14cCAwMDAwMDAwMCBmZDowMiAzNDYwMzAxNQogIC9iaW4vY2F0CjdmZmZmN2Jk NDAwMC03ZmZmZjdkZDMwMDAgLS0tcCAwMDAwODAwMCBmZDowMiAzNDYwMzAxNQogIC9iaW4vY2F0 CjdmZmZmN2RkMzAwMC03ZmZmZjdkZDQwMDAgci0tcCAwMDAwNzAwMCBmZDowMiAzNDYwMzAxNQog IC9iaW4vY2F0CjdmZmZmN2RkNDAwMC03ZmZmZjdkZDUwMDAgcnctcCAwMDAwODAwMCBmZDowMiAz NDYwMzAxNQogIC9iaW4vY2F0CjdmZmZmN2RkNTAwMC03ZmZmZjdkZmMwMDAgci14cCAwMDAwMDAw MCBmZDowMiA0OTI4NzQ4MwogIC9saWIveDg2XzY0LWxpbnV4LWdudS9sZC0yLjI3LnNvCjdmZmZm N2ZiMjAwMC03ZmZmZjdmZDYwMDAgcnctcCAwMDAwMDAwMCAwMDowMCAwCjdmZmZmN2ZmNzAwMC03 ZmZmZjdmZmEwMDAgci0tcCAwMDAwMDAwMCAwMDowMCAwICAgICAgICAgICAgICAgICAgICAgICAg ICBbdnZhcl0KN2ZmZmY3ZmZhMDAwLTdmZmZmN2ZmYzAwMCByLXhwIDAwMDAwMDAwIDAwOjAwIDAg ICAgICAgICAgICAgICAgICAgICAgICAgIFt2ZHNvXQo3ZmZmZjdmZmMwMDAtN2ZmZmY3ZmZkMDAw IHItLXAgMDAwMjcwMDAgZmQ6MDIgNDkyODc0ODMKICAvbGliL3g4Nl82NC1saW51eC1nbnUvbGQt Mi4yNy5zbwo3ZmZmZjdmZmQwMDAtN2ZmZmY3ZmZlMDAwIHJ3LXAgMDAwMjgwMDAgZmQ6MDIgNDky ODc0ODMKICAvbGliL3g4Nl82NC1saW51eC1nbnUvbGQtMi4yNy5zbwo3ZmZmZjdmZmUwMDAtN2Zm ZmY4MDIwMDAwIHJ3LXAgMDAwMDAwMDAgMDA6MDAgMCAgICAgICAgICAgICAgICAgICAgICAgICAg W2hlYXBdCjdmZmZmZmZkZTAwMC03ZmZmZmZmZmYwMDAgcnctcCAwMDAwMDAwMCAwMDowMCAwICAg ICAgICAgICAgICAgICAgICAgICAgICBbc3RhY2tdCgpTbyBJIHRoaW5rIGNoYW5naW5nIHRoaXMg Z2xvYmFsbHkgaXNuJ3QgdGhlIHJpZ2h0IHNvbHV0aW9uIChub3JtYWxseQpicmsgaXMgYmV0d2Vl biB0ZXh0IGFuZCBtbWFwKS4gQWRqdXN0aW5nIHRoZSBtbWFwIGJhc2UgcGFkZGluZyBtZWFucwp3 ZSBsb3NlIGV2ZW4gbW9yZSBtZW1vcnkgc3BhY2UuIFBlcmhhcHMgaXQgd291bGQgYmUgYmV0dGVy IGlmIGJyawphbGxvY2F0aW9uIHdvdWxkIGJlIHBsYWNlZCBiZWZvcmUgdGhlIG1tYXAgcmVnaW9u IChpLmUuIHVzZQpFTEZfRVRfRFlOX0JBU0UpLiBUaGlzIHNlZW1zIHRvIHdvcmsgZm9yIG1lOgoK ZGlmZiAtLWdpdCBhL2ZzL2JpbmZtdF9lbGYuYyBiL2ZzL2JpbmZtdF9lbGYuYwppbmRleCA3ZDA5 ZDEyNWYxNDguLmNkYWEzM2Y0YTNlZiAxMDA2NDQKLS0tIGEvZnMvYmluZm10X2VsZi5jCisrKyBi L2ZzL2JpbmZtdF9lbGYuYwpAQCAtMTEzMSw2ICsxMTMxLDE1IEBAIHN0YXRpYyBpbnQgbG9hZF9l bGZfYmluYXJ5KHN0cnVjdCBsaW51eF9iaW5wcm0gKmJwcm0pCiAgICAgICAgY3VycmVudC0+bW0t PmVuZF9kYXRhID0gZW5kX2RhdGE7CiAgICAgICAgY3VycmVudC0+bW0tPnN0YXJ0X3N0YWNrID0g YnBybS0+cDsKCisgICAgICAgLyoKKyAgICAgICAgKiBXaGVuIGV4ZWN1dGluZyBhIGxvYWRlciBk aXJlY3RseSAoRVRfRFlOIHdpdGhvdXQgSW50ZXJwKSwgbW92ZQorICAgICAgICAqIHRoZSBicmsg YXJlYSBvdXQgb2YgdGhlIG1tYXAgcmVnaW9uIChzaW5jZSBpdCBncm93cyB1cCwgYW5kIG1heQor ICAgICAgICAqIGNvbGxpZGUgZWFybHkgd2l0aCB0aGUgc3RhY2sgZ3Jvd2luZyBkb3duKSwgYW5k IGludG8gdGhlIHVudXNlZAorICAgICAgICAqIEVMRl9FVF9EWU5fQkFTRSByZWdpb24uCisgICAg ICAgICovCisgICAgICAgaWYgKCFlbGZfaW50ZXJwcmV0ZXIpCisgICAgICAgICAgICAgICBjdXJy ZW50LT5tbS0+YnJrID0gY3VycmVudC0+bW0tPnN0YXJ0X2JyayA9IEVMRl9FVF9EWU5fQkFTRTsK KwogICAgICAgIGlmICgoY3VycmVudC0+ZmxhZ3MgJiBQRl9SQU5ET01JWkUpICYmIChyYW5kb21p emVfdmFfc3BhY2UgPiAxKSkgewogICAgICAgICAgICAgICAgY3VycmVudC0+bW0tPmJyayA9IGN1 cnJlbnQtPm1tLT5zdGFydF9icmsgPQogICAgICAgICAgICAgICAgICAgICAgICBhcmNoX3JhbmRv bWl6ZV9icmsoY3VycmVudC0+bW0pOwoKJCAvbGliL3g4Nl82NC1saW51eC1nbnUvbGQtMi4yNy5z byAvYmluL2NhdCAvcHJvYy9zZWxmL21hcHMKNTU1NTU2ZGUzMDAwLTU1NTU1NmUwNDAwMCBydy1w IDAwMDAwMDAwIDAwOjAwIDAgICAgICAgICAgICAgICAgICAgICAgICAgIFtoZWFwXQo3Zjg0Njdk YTkwMDAtN2Y4NDY3ZjkwMDAwIHIteHAgMDAwMDAwMDAgZmQ6MDEgMzk5Mjk1CiAgL2xpYi94ODZf NjQtbGludXgtZ251L2xpYmMtMi4yNy5zbwouLi4KN2Y4NDY4MTlhMDAwLTdmODQ2ODFhMjAwMCBy LXhwIDAwMDAwMDAwIGZkOjAxIDI2MzIyOQogIC9iaW4vY2F0Ci4uLgo3Zjg0Njg1Y2IwMDAtN2Y4 NDY4NWNjMDAwIHJ3LXAgMDAwMjgwMDAgZmQ6MDEgMzk5Mjg2CiAgL2xpYi94ODZfNjQtbGludXgt Z251L2xkLTIuMjcuc28KN2Y4NDY4NWNjMDAwLTdmODQ2ODVjZDAwMCBydy1wIDAwMDAwMDAwIDAw OjAwIDAKN2ZmY2U2OGY4MDAwLTdmZmNlNjkxOTAwMCBydy1wIDAwMDAwMDAwIDAwOjAwIDAgICAg ICAgICAgICAgICAgICAgICAgICAgIFtzdGFja10KN2ZmY2U2OWYwMDAwLTdmZmNlNjlmMzAwMCBy LS1wIDAwMDAwMDAwIDAwOjAwIDAgICAgICAgICAgICAgICAgICAgICAgICAgIFt2dmFyXQo3ZmZj ZTY5ZjMwMDAtN2ZmY2U2OWY0MDAwIHIteHAgMDAwMDAwMDAgMDA6MDAgMCAgICAgICAgICAgICAg ICAgICAgICAgICAgW3Zkc29dCgpEb2VzIGFueW9uZSBzZWUgcHJvYmxlbXMgd2l0aCB0aGlzPyAo Tm90ZSB0aGF0IEVUX0VYRUMgYmFzZSBpcwoweDQwMDAwMCwgc28gbm8gY29sbGlzaW9uIHRoZXJl Li4uKQoKLS0gCktlZXMgQ29vawoKX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX18KbGludXgtYXJtLWtlcm5lbCBtYWlsaW5nIGxpc3QKbGludXgtYXJtLWtlcm5l bEBsaXN0cy5pbmZyYWRlYWQub3JnCmh0dHA6Ly9saXN0cy5pbmZyYWRlYWQub3JnL21haWxtYW4v bGlzdGluZm8vbGludXgtYXJtLWtlcm5lbAo=