From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2F43AC433EF for ; Tue, 23 Nov 2021 10:20:24 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235216AbhKWKXa (ORCPT ); Tue, 23 Nov 2021 05:23:30 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:32978 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231221AbhKWKX3 (ORCPT ); Tue, 23 Nov 2021 05:23:29 -0500 Received: from mail-qt1-x833.google.com (mail-qt1-x833.google.com [IPv6:2607:f8b0:4864:20::833]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C047BC061574 for ; Tue, 23 Nov 2021 02:20:21 -0800 (PST) Received: by mail-qt1-x833.google.com with SMTP id f20so19344693qtb.4 for ; Tue, 23 Nov 2021 02:20:21 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=F+kxZkQQT7OHNmGMuUCVRF4t6nUAJ3c6sxl3xAFz4pk=; b=lw6p6cfcs8K3sP7S7ZJg8SrjbF0rowhzO3XZEQeqhWqd/rKOUMcyg0A3t/skz1HlPy Ru4dxvCiIHm4M6Y86yjdAz1SdtfZnY4P1xuxvJfZxiWYPgjyKzbXFg6M3ApqSkYG5dBb Zowe6xc7Re7uMOhVnYI8xKdMLNcZguTEy7zCIaW6oGmApqXc9GZGn3T0K4MC51hBfM4Z z9yEbgGBWNlpcMIbPrxAAvg++xp+OcqAoKH4piIIaQP11H32e8+Top4hcqq+bDEPpWXq ZmlcxtW4UkPW5cDU8lI8YBhrs6HGO+9JbKqadRA9ajE/4jtb/ZwJF3MOXlVSsmHQdjbk 2Vtg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=F+kxZkQQT7OHNmGMuUCVRF4t6nUAJ3c6sxl3xAFz4pk=; b=VThiYfplVFykVQJVXOupDeemd9sQ73exHM6zoL//XsODEb5WgQOmLYbVIrVpwWz7yf UDCO7GNafczm3FB1KkYVQyqUqV/zSDjPVwXo/qX0Ru7WE+597gQ5ZufhHPIX/mEvM07S TfOb4xvKiPh0q6mqvRhwVkMukjUEKtvLBboQ+VBxLVlGYK6LqVgHNQE2M0t0kTLlbR6t 8pov5A3mmcvYT5Cxuj2ULoRqzHmDbUI4nlsfAhvHxlV9E5/YNSk5+pu35MgvEiu+XLLZ UC947Vw+wOwcK7RY8j51MBzhKoYaUfYEeN0DccGIyilwDBODhmXzHJgvZBsmSkuFfpBV Y+Xw== X-Gm-Message-State: AOAM532LPYqXMjH8VX63dsPPYO6KQIKl5ou0b8Pu8OeDRGnYN5o+Umpv DCpCY6Tl7AkT3uEJYNC3s2UHKwLnX5j3KFqMxCRngg== X-Google-Smtp-Source: ABdhPJzhfMUonhREpiLejz8RriF63os5QyQ1fmOi2gaXPdkixZcXDAfGNJxBHNs+6l40BwgiRtGAj8srNdIJ53LbUao= X-Received: by 2002:a05:622a:1045:: with SMTP id f5mr4828127qte.319.1637662820622; Tue, 23 Nov 2021 02:20:20 -0800 (PST) MIME-Version: 1.0 References: <20211123051658.3195589-1-pcc@google.com> <20211123051658.3195589-3-pcc@google.com> In-Reply-To: From: Alexander Potapenko Date: Tue, 23 Nov 2021 11:19:44 +0100 Message-ID: Subject: Re: [PATCH v2 2/5] uaccess-buffer: add core code To: Dmitry Vyukov Cc: Peter Collingbourne , Catalin Marinas , Will Deacon , Ingo Molnar , Peter Zijlstra , Juri Lelli , Vincent Guittot , Dietmar Eggemann , Steven Rostedt , Ben Segall , Mel Gorman , Daniel Bristot de Oliveira , Thomas Gleixner , Andy Lutomirski , Kees Cook , Andrew Morton , Masahiro Yamada , Sami Tolvanen , YiFei Zhu , Colin Ian King , Mark Rutland , Frederic Weisbecker , Viresh Kumar , Andrey Konovalov , Gabriel Krisman Bertazi , Chris Hyser , Daniel Vetter , Chris Wilson , Arnd Bergmann , Christian Brauner , "Eric W. Biederman" , Alexey Gladkov , Ran Xiaokai , David Hildenbrand , Xiaofeng Cao , Cyrill Gorcunov , Thomas Cedeno , Marco Elver , linux-kernel@vger.kernel.org, linux-arm-kernel@lists.infradead.org, Evgenii Stepanov Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Nov 23, 2021 at 10:56 AM Dmitry Vyukov wrote: > > .On Tue, 23 Nov 2021 at 06:17, Peter Collingbourne wrote= : > > > > Add the core code to support uaccess logging. Subsequent patches will > > hook this up to the arch-specific kernel entry and exit code for > > certain architectures. > > I don't see where we block signals when a user writes to the addr. I > expected to see some get_user from the addr somewhere in the signal > handling code. What am I missing? > > > Link: https://linux-review.googlesource.com/id/I6581765646501a5631b281d= 670903945ebadc57d > > Signed-off-by: Peter Collingbourne > > --- > > v2: > > - New interface that avoids multiple syscalls per real syscall and > > is arch-generic > > - Avoid logging uaccesses done by BPF programs > > - Add documentation > > - Split up into multiple patches > > - Various code moves, renames etc as requested by Marco > > > > arch/Kconfig | 5 + > > fs/exec.c | 2 + > > include/linux/instrumented.h | 5 +- > > include/linux/sched.h | 4 + > > include/linux/uaccess-buffer-log-hooks.h | 59 +++++++++++ > > include/linux/uaccess-buffer.h | 79 ++++++++++++++ > > include/uapi/linux/prctl.h | 3 + > > include/uapi/linux/uaccess-buffer.h | 25 +++++ > > kernel/Makefile | 1 + > > kernel/bpf/helpers.c | 6 +- > > kernel/fork.c | 3 + > > kernel/signal.c | 4 +- > > kernel/sys.c | 6 ++ > > kernel/uaccess-buffer.c | 125 +++++++++++++++++++++++ > > 14 files changed, 324 insertions(+), 3 deletions(-) > > create mode 100644 include/linux/uaccess-buffer-log-hooks.h > > create mode 100644 include/linux/uaccess-buffer.h > > create mode 100644 include/uapi/linux/uaccess-buffer.h > > create mode 100644 kernel/uaccess-buffer.c > > > > diff --git a/arch/Kconfig b/arch/Kconfig > > index 26b8ed11639d..6030298a7e9a 100644 > > --- a/arch/Kconfig > > +++ b/arch/Kconfig > > @@ -1302,6 +1302,11 @@ config ARCH_HAS_PARANOID_L1D_FLUSH > > config DYNAMIC_SIGFRAME > > bool > > > > +config HAVE_ARCH_UACCESS_BUFFER > > + bool > > + help > > + Select if the architecture's syscall entry/exit code supports= uaccess buffers. > > + > > source "kernel/gcov/Kconfig" > > > > source "scripts/gcc-plugins/Kconfig" > > diff --git a/fs/exec.c b/fs/exec.c > > index 537d92c41105..5f30314f3ec6 100644 > > --- a/fs/exec.c > > +++ b/fs/exec.c > > @@ -65,6 +65,7 @@ > > #include > > #include > > #include > > +#include > > > > #include > > #include > > @@ -1313,6 +1314,7 @@ int begin_new_exec(struct linux_binprm * bprm) > > me->personality &=3D ~bprm->per_clear; > > > > clear_syscall_work_syscall_user_dispatch(me); > > + uaccess_buffer_set_descriptor_addr_addr(0); > > > > /* > > * We have to apply CLOEXEC before we change whether the proces= s is > > diff --git a/include/linux/instrumented.h b/include/linux/instrumented.= h > > index 42faebbaa202..c96be1695614 100644 > > --- a/include/linux/instrumented.h > > +++ b/include/linux/instrumented.h > > @@ -2,7 +2,7 @@ > > > > /* > > * This header provides generic wrappers for memory access instrumenta= tion that > > - * the compiler cannot emit for: KASAN, KCSAN. > > + * the compiler cannot emit for: KASAN, KCSAN, uaccess buffers. > > */ > > #ifndef _LINUX_INSTRUMENTED_H > > #define _LINUX_INSTRUMENTED_H > > @@ -11,6 +11,7 @@ > > #include > > #include > > #include > > +#include > > > > /** > > * instrument_read - instrument regular read access > > @@ -117,6 +118,7 @@ instrument_copy_to_user(void __user *to, const void= *from, unsigned long n) > > { > > kasan_check_read(from, n); > > kcsan_check_read(from, n); > > + uaccess_buffer_log_write(to, n); > > } > > > > /** > > @@ -134,6 +136,7 @@ instrument_copy_from_user(const void *to, const voi= d __user *from, unsigned long > > { > > kasan_check_write(to, n); > > kcsan_check_write(to, n); > > + uaccess_buffer_log_read(from, n); > > } > > > > #endif /* _LINUX_INSTRUMENTED_H */ > > diff --git a/include/linux/sched.h b/include/linux/sched.h > > index 78c351e35fec..1f978deaa3f8 100644 > > --- a/include/linux/sched.h > > +++ b/include/linux/sched.h > > @@ -1484,6 +1484,10 @@ struct task_struct { > > struct callback_head l1d_flush_kill; > > #endif > > > > +#ifdef CONFIG_HAVE_ARCH_UACCESS_BUFFER > > + struct uaccess_buffer_info uaccess_buffer; > > +#endif > > Shouldn't this be controlled by an additional config that a user can > enable/disable? > If I am reading this correctly, the current implementation forces > uaccess logging for all arches that support it. Some embed kernels may > not want this. > > > > /* > > * New fields for task_struct should be added above here, so th= at > > * they are included in the randomized portion of task_struct. > > diff --git a/include/linux/uaccess-buffer-log-hooks.h b/include/linux/u= access-buffer-log-hooks.h > > new file mode 100644 > > index 000000000000..bddc84ddce32 > > --- /dev/null > > +++ b/include/linux/uaccess-buffer-log-hooks.h > > @@ -0,0 +1,59 @@ > > +/* SPDX-License-Identifier: GPL-2.0 */ > > +#ifndef _LINUX_UACCESS_BUFFER_LOG_HOOKS_H > > +#define _LINUX_UACCESS_BUFFER_LOG_HOOKS_H > > + > > +#ifdef CONFIG_HAVE_ARCH_UACCESS_BUFFER > > + > > +struct uaccess_buffer_info { > > + /* > > + * The pointer to pointer to struct uaccess_descriptor. This is= the > > + * value controlled by prctl(PR_SET_UACCESS_DESCRIPTOR_ADDR_ADD= R). > > + */ > > + struct uaccess_descriptor __user *__user *desc_ptr_ptr; > > + > > + /* > > + * The pointer to struct uaccess_descriptor read at syscall ent= ry time. > > + */ > > + struct uaccess_descriptor __user *desc_ptr; > > + > > + /* > > + * A pointer to the kernel's temporary copy of the uaccess log = for the > > + * current syscall. We log to a kernel buffer in order to avoid= leaking > > + * timing information to userspace. > > + */ > > + struct uaccess_buffer_entry *kbegin; > > + > > + /* > > + * The position of the next uaccess buffer entry for the curren= t > > + * syscall. > > + */ > > + struct uaccess_buffer_entry *kcur; > > + > > + /* > > + * A pointer to the end of the kernel's uaccess log. > > + */ > > + struct uaccess_buffer_entry *kend; > > + > > + /* > > + * The pointer to the userspace uaccess log, as read from the > > + * struct uaccess_descriptor. > > + */ > > + struct uaccess_buffer_entry __user *ubegin; > > +}; > > + > > +void uaccess_buffer_log_read(const void __user *from, unsigned long n)= ; > > +void uaccess_buffer_log_write(void __user *to, unsigned long n); > > + > > +#else > > + > > +static inline void uaccess_buffer_log_read(const void __user *from, > > + unsigned long n) > > +{ > > +} > > +static inline void uaccess_buffer_log_write(void __user *to, unsigned = long n) > > +{ > > +} > > + > > +#endif > > + > > +#endif /* _LINUX_UACCESS_BUFFER_LOG_HOOKS_H */ > > diff --git a/include/linux/uaccess-buffer.h b/include/linux/uaccess-buf= fer.h > > new file mode 100644 > > index 000000000000..14261368d3a9 > > --- /dev/null > > +++ b/include/linux/uaccess-buffer.h > > @@ -0,0 +1,79 @@ > > +/* SPDX-License-Identifier: GPL-2.0 */ > > +#ifndef _LINUX_UACCESS_BUFFER_H > > +#define _LINUX_UACCESS_BUFFER_H > > + > > +#include > > +#include > > + > > +#include > > + > > +#ifdef CONFIG_HAVE_ARCH_UACCESS_BUFFER > > + > > +static inline bool uaccess_buffer_maybe_blocked(struct task_struct *ts= k) > > +{ > > + return tsk->uaccess_buffer.desc_ptr_ptr; > > +} > > + > > +void __uaccess_buffer_syscall_entry(void); > > +static inline void uaccess_buffer_syscall_entry(void) > > +{ > > + if (uaccess_buffer_maybe_blocked(current)) > > + __uaccess_buffer_syscall_entry(); > > +} > > + > > +void __uaccess_buffer_syscall_exit(void); > > +static inline void uaccess_buffer_syscall_exit(void) > > +{ > > + if (uaccess_buffer_maybe_blocked(current)) > > + __uaccess_buffer_syscall_exit(); > > +} > > + > > +bool __uaccess_buffer_pre_exit_loop(void); > > +static inline bool uaccess_buffer_pre_exit_loop(void) > > +{ > > + if (!uaccess_buffer_maybe_blocked(current)) > > + return false; > > + return __uaccess_buffer_pre_exit_loop(); > > +} > > + > > +void __uaccess_buffer_post_exit_loop(void); > > +static inline void uaccess_buffer_post_exit_loop(bool pending) > > +{ > > + if (pending) > > + __uaccess_buffer_post_exit_loop(); > > +} > > + > > +void uaccess_buffer_cancel_log(struct task_struct *tsk); > > +int uaccess_buffer_set_descriptor_addr_addr(unsigned long addr); > > + > > +#else > > + > > +static inline bool uaccess_buffer_maybe_blocked(struct task_struct *ts= k) > > +{ > > + return false; > > +} > > + > > +static inline void uaccess_buffer_syscall_entry(void) > > +{ > > +} > > +static inline void uaccess_buffer_syscall_exit(void) > > +{ > > +} > > +static inline bool uaccess_buffer_pre_exit_loop(void) > > +{ > > + return false; > > +} > > +static inline void uaccess_buffer_post_exit_loop(bool pending) > > +{ > > +} > > +static inline void uaccess_buffer_cancel_log(struct task_struct *tsk) > > +{ > > +} > > + > > +static inline int uaccess_buffer_set_descriptor_addr_addr(unsigned lon= g addr) > > +{ > > + return -EINVAL; > > +} > > +#endif > > + > > +#endif /* _LINUX_UACCESS_BUFFER_H */ > > diff --git a/include/uapi/linux/prctl.h b/include/uapi/linux/prctl.h > > index bb73e9a0b24f..74b37469c7b3 100644 > > --- a/include/uapi/linux/prctl.h > > +++ b/include/uapi/linux/prctl.h > > @@ -272,4 +272,7 @@ struct prctl_mm_map { > > # define PR_SCHED_CORE_SCOPE_THREAD_GROUP 1 > > # define PR_SCHED_CORE_SCOPE_PROCESS_GROUP 2 > > > > +/* Configure uaccess logging feature */ > > +#define PR_SET_UACCESS_DESCRIPTOR_ADDR_ADDR 63 > > + > > #endif /* _LINUX_PRCTL_H */ > > diff --git a/include/uapi/linux/uaccess-buffer.h b/include/uapi/linux/u= access-buffer.h > > new file mode 100644 > > index 000000000000..619b17dc25c4 > > --- /dev/null > > +++ b/include/uapi/linux/uaccess-buffer.h > > @@ -0,0 +1,25 @@ > > +/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ > > +#ifndef _UAPI_LINUX_UACCESS_BUFFER_H > > +#define _UAPI_LINUX_UACCESS_BUFFER_H > > + > > +/* Location of the uaccess log. */ > > +struct uaccess_descriptor { > > + /* Address of the uaccess_buffer_entry array. */ > > + __u64 addr; > > + /* Size of the uaccess_buffer_entry array in number of elements= . */ > > + __u64 size; > > +}; > > + > > +/* Format of the entries in the uaccess log. */ > > +struct uaccess_buffer_entry { > > + /* Address being accessed. */ > > + __u64 addr; > > + /* Number of bytes that were accessed. */ > > + __u64 size; > > + /* UACCESS_BUFFER_* flags. */ > > + __u64 flags; > > +}; > > + > > +#define UACCESS_BUFFER_FLAG_WRITE 1 /* access was a write */ > > + > > +#endif /* _UAPI_LINUX_UACCESS_BUFFER_H */ > > diff --git a/kernel/Makefile b/kernel/Makefile > > index 186c49582f45..d4d9be5146c3 100644 > > --- a/kernel/Makefile > > +++ b/kernel/Makefile > > @@ -114,6 +114,7 @@ obj-$(CONFIG_KCSAN) +=3D kcsan/ > > obj-$(CONFIG_SHADOW_CALL_STACK) +=3D scs.o > > obj-$(CONFIG_HAVE_STATIC_CALL_INLINE) +=3D static_call.o > > obj-$(CONFIG_CFI_CLANG) +=3D cfi.o > > +obj-$(CONFIG_HAVE_ARCH_UACCESS_BUFFER) +=3D uaccess-buffer.o > > > > obj-$(CONFIG_PERF_EVENTS) +=3D events/ > > > > diff --git a/kernel/bpf/helpers.c b/kernel/bpf/helpers.c > > index 649f07623df6..167b50177066 100644 > > --- a/kernel/bpf/helpers.c > > +++ b/kernel/bpf/helpers.c > > @@ -637,7 +637,11 @@ const struct bpf_func_proto bpf_event_output_data_= proto =3D { > > BPF_CALL_3(bpf_copy_from_user, void *, dst, u32, size, > > const void __user *, user_ptr) > > { > > - int ret =3D copy_from_user(dst, user_ptr, size); > > + /* > > + * Avoid copy_from_user() here as it may leak information about= the BPF > > + * program to userspace via the uaccess buffer. > > + */ > > + int ret =3D raw_copy_from_user(dst, user_ptr, size); > > Here I am more concerned about KASAN/KMSAN checks. > What exactly is the attack vector here? Are these accesses secret? If there are concerns about leaking information in this particular case, any other call to copy_from_user() added in the future will be prone to the same issues. So if uaccess logging is meant for production use, it should be possible to lock the feature down from unwanted users. > Can't the same info be obtained using userfaultfd/unmapping memory? > > raw_copy_from_user also skips access_ok, is it ok? > > > > if (unlikely(ret)) { > > memset(dst, 0, size); > > diff --git a/kernel/fork.c b/kernel/fork.c > > index 3244cc56b697..c7abe7e7c7cd 100644 > > --- a/kernel/fork.c > > +++ b/kernel/fork.c > > @@ -96,6 +96,7 @@ > > #include > > #include > > #include > > +#include > > > > #include > > #include > > @@ -890,6 +891,8 @@ static struct task_struct *dup_task_struct(struct t= ask_struct *orig, int node) > > if (memcg_charge_kernel_stack(tsk)) > > goto free_stack; > > > > + uaccess_buffer_cancel_log(tsk); > > Why do we need this? > tsk is a newly allocated task_struct. If I am not mistaken, it's not > zero initialized, so are we kfree'ing garbage? > But we may need to do something with tasks after arch_dup_task_struct. > > > stack_vm_area =3D task_stack_vm_area(tsk); > > > > err =3D arch_dup_task_struct(tsk, orig); > > diff --git a/kernel/signal.c b/kernel/signal.c > > index a629b11bf3e0..69bf21518bd0 100644 > > --- a/kernel/signal.c > > +++ b/kernel/signal.c > > @@ -45,6 +45,7 @@ > > #include > > #include > > #include > > +#include > > > > #define CREATE_TRACE_POINTS > > #include > > @@ -1031,7 +1032,8 @@ static void complete_signal(int sig, struct task_= struct *p, enum pid_type type) > > if (sig_fatal(p, sig) && > > !(signal->flags & SIGNAL_GROUP_EXIT) && > > !sigismember(&t->real_blocked, sig) && > > - (sig =3D=3D SIGKILL || !p->ptrace)) { > > + (sig =3D=3D SIGKILL || > > + !(p->ptrace || uaccess_buffer_maybe_blocked(p)))) { > > Why do we need this change? > > > /* > > * This signal will be fatal to the whole group. > > */ > > diff --git a/kernel/sys.c b/kernel/sys.c > > index 8fdac0d90504..c71a9a9c0f68 100644 > > --- a/kernel/sys.c > > +++ b/kernel/sys.c > > @@ -42,6 +42,7 @@ > > #include > > #include > > #include > > +#include > > > > #include > > #include > > @@ -2530,6 +2531,11 @@ SYSCALL_DEFINE5(prctl, int, option, unsigned lon= g, arg2, unsigned long, arg3, > > error =3D sched_core_share_pid(arg2, arg3, arg4, arg5); > > break; > > #endif > > + case PR_SET_UACCESS_DESCRIPTOR_ADDR_ADDR: > > + if (arg3 || arg4 || arg5) > > + return -EINVAL; > > + error =3D uaccess_buffer_set_descriptor_addr_addr(arg2)= ; > > + break; > > default: > > error =3D -EINVAL; > > break; > > diff --git a/kernel/uaccess-buffer.c b/kernel/uaccess-buffer.c > > new file mode 100644 > > index 000000000000..e1c6d6ab9af8 > > --- /dev/null > > +++ b/kernel/uaccess-buffer.c > > @@ -0,0 +1,125 @@ > > +// SPDX-License-Identifier: GPL-2.0 > > +/* > > + * Support for uaccess logging via uaccess buffers. > > + * > > + * Copyright (C) 2021, Google LLC. > > + */ > > + > > +#include > > +#include > > +#include > > +#include > > +#include > > +#include > > +#include > > +#include > > +#include > > + > > +static void uaccess_buffer_log(unsigned long addr, unsigned long size, > > + unsigned long flags) > > +{ > > + struct uaccess_buffer_info *buf =3D ¤t->uaccess_buffer; > > + struct uaccess_buffer_entry *entry =3D buf->kcur; > > + > > + if (!entry || unlikely(uaccess_kernel())) > > + return; > > + entry->addr =3D addr; > > + entry->size =3D size; > > + entry->flags =3D flags; > > + > > + ++buf->kcur; > > + if (buf->kcur =3D=3D buf->kend) > > + buf->kcur =3D 0; > > =3D NULL; > > > +} > > + > > +void uaccess_buffer_log_read(const void __user *from, unsigned long n) > > +{ > > + uaccess_buffer_log((unsigned long)from, n, 0); > > +} > > +EXPORT_SYMBOL(uaccess_buffer_log_read); > > + > > +void uaccess_buffer_log_write(void __user *to, unsigned long n) > > +{ > > + uaccess_buffer_log((unsigned long)to, n, UACCESS_BUFFER_FLAG_WR= ITE); > > +} > > +EXPORT_SYMBOL(uaccess_buffer_log_write); > > + > > +int uaccess_buffer_set_descriptor_addr_addr(unsigned long addr) > > +{ > > + current->uaccess_buffer.desc_ptr_ptr =3D > > + (struct uaccess_descriptor __user * __user *)addr; > > + uaccess_buffer_cancel_log(current); > > Is this necessary? It looks more reasonable and useful to not call > cancel. In most cases the user won't setup it twice/change. But if the > user anyhow asked to trace the prctl, why not trace it? > > > + return 0; > > +} > > + > > +bool __uaccess_buffer_pre_exit_loop(void) > > +{ > > + struct uaccess_buffer_info *buf =3D ¤t->uaccess_buffer; > > + struct uaccess_descriptor __user *desc_ptr; > > + sigset_t tmp_mask; > > + > > + if (get_user(desc_ptr, buf->desc_ptr_ptr) || !desc_ptr) > > + return false; > > + > > + current->real_blocked =3D current->blocked; > > + sigfillset(&tmp_mask); > > + set_current_blocked(&tmp_mask); > > + return true; > > +} > > + > > +void __uaccess_buffer_post_exit_loop(void) > > +{ > > + spin_lock_irq(¤t->sighand->siglock); > > + current->blocked =3D current->real_blocked; > > + recalc_sigpending(); > > + spin_unlock_irq(¤t->sighand->siglock); > > +} > > + > ;> +void uaccess_buffer_cancel_log(struct task_struct *tsk) > > +{ > > + struct uaccess_buffer_info *buf =3D &tsk->uaccess_buffer; > > + > > + if (buf->kcur) { > > uaccess_buffer_log sets kcur to NULL on overflow and we call this > function from a middle of fork, it looks strange that kfree'ing > something depends on the previous buffer overflow. Should we check > kbegin here? > > > + buf->kcur =3D 0; > > =3D NULL > I would also set kend to NULL to not leave a dangling pointer. > > > + kfree(buf->kbegin); > > + } > > +} > > + > > +void __uaccess_buffer_syscall_entry(void) > > +{ > > + struct uaccess_buffer_info *buf =3D ¤t->uaccess_buffer; > > + struct uaccess_descriptor desc; > > + > > + if (get_user(buf->desc_ptr, buf->desc_ptr_ptr) || !buf->desc_pt= r || > > + put_user(0, buf->desc_ptr_ptr) || > > + copy_from_user(&desc, buf->desc_ptr, sizeof(desc))) > > + return; > > + > > + if (desc.size > 1024) > > + desc.size =3D 1024; > > + > > + buf->kbegin =3D kmalloc_array( > > + desc.size, sizeof(struct uaccess_buffer_entry), GFP_KER= NEL); > > Is not handling error intentional here? > Maybe it's better to check the error just to make the code more > explicit (and maybe prevent some future bugs). > > Actually an interesting attack vector. If you can make this kmalloc > fail, you can prevent sanitizers from detecting any of the bad > accesses :) > > Does it make sense to flag the error somewhere in the desc?... or I am > thinking if we should pre-allocate the buffer, if we start tracing a > task, we will trace lots of syscalls, so avoiding kmalloc/kfree per > syscall can make sense. What do you think? > > > + buf->kcur =3D buf->kbegin; > > + buf->kend =3D buf->kbegin + desc.size; > > + buf->ubegin =3D (struct uaccess_buffer_entry __user *)desc.addr= ; > > +} > > + > > +void __uaccess_buffer_syscall_exit(void) > > +{ > > + struct uaccess_buffer_info *buf =3D ¤t->uaccess_buffer; > > + u64 num_entries =3D buf->kcur - buf->kbegin; > > + struct uaccess_descriptor desc; > > + > > + if (!buf->kcur) > > uaccess_buffer_log sets kcur to NULL on overflow. I think we need to > check kbegin here. > > > > + return; > > + > > + desc.addr =3D (u64)(buf->ubegin + num_entries); > > + desc.size =3D buf->kend - buf->kcur; > > Is the user expected to use size in any of reasonable scenarios? > We cap size at 1024 at entry, so the size can be truncated here. > > > + buf->kcur =3D 0; > > =3D NULL > > > + if (copy_to_user(buf->ubegin, buf->kbegin, > > + num_entries * sizeof(struct uaccess_buffer_ent= ry)) =3D=3D 0) > > + (void)copy_to_user(buf->desc_ptr, &desc, sizeof(desc)); > > + > > + kfree(buf->kbegin); > > What if we enter exit/exit_group with logging enabled, won't we leak the = buffer? > > > +} > > -- > > 2.34.0.rc2.393.gf8c9666880-goog > > --=20 Alexander Potapenko Software Engineer Google Germany GmbH Erika-Mann-Stra=C3=9Fe, 33 80636 M=C3=BCnchen Gesch=C3=A4ftsf=C3=BChrer: Paul Manicle, Halimah DeLaine Prado Registergericht und -nummer: Hamburg, HRB 86891 Sitz der Gesellschaft: Hamburg From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id ABC9CC433F5 for ; Tue, 23 Nov 2021 10:22:15 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:Cc:To:Subject:Message-ID:Date:From: In-Reply-To:References:MIME-Version:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=+0xCk87rpO2rSdHeDmYZ+WgrmsrD1txAwitGYioiTVI=; b=K1VCa/F3rx+Vkp UsARCeLFwRlvYHV+hxIwj2JA8rWUWDYDR5U/zGHWrR3mEy9ANXhxuVWREvUL0e4dL8sOTh0LwZSV0 RBJQnueLgLbGN2h2SclXFAC5BFtC9ZzCH0lbbKfq4zu6tBiXwGzVvyre/Ieb770H0rnurVAhdb3VS YUczTLoPRUFs/4cx/E2mfcocMnfhrbYMSPaI+PnAcKoGRv9n3QYX152bUg4Qx+mut8I0ww0CoOKh3 T7WKAZ9aGBzjNDr/YKx0aEzk2kYlEXn/RRNjcusq0ElGMtU9bd0ty2txV+fLpq1RJWJbrYpko18gd uzZQrCFnD0DfDyUFCi7w==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1mpSua-001gn6-P8; Tue, 23 Nov 2021 10:20:29 +0000 Received: from mail-qt1-x82a.google.com ([2607:f8b0:4864:20::82a]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1mpSuV-001gkv-7n for linux-arm-kernel@lists.infradead.org; Tue, 23 Nov 2021 10:20:26 +0000 Received: by mail-qt1-x82a.google.com with SMTP id 8so19382335qtx.5 for ; Tue, 23 Nov 2021 02:20:21 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=F+kxZkQQT7OHNmGMuUCVRF4t6nUAJ3c6sxl3xAFz4pk=; b=lw6p6cfcs8K3sP7S7ZJg8SrjbF0rowhzO3XZEQeqhWqd/rKOUMcyg0A3t/skz1HlPy Ru4dxvCiIHm4M6Y86yjdAz1SdtfZnY4P1xuxvJfZxiWYPgjyKzbXFg6M3ApqSkYG5dBb Zowe6xc7Re7uMOhVnYI8xKdMLNcZguTEy7zCIaW6oGmApqXc9GZGn3T0K4MC51hBfM4Z z9yEbgGBWNlpcMIbPrxAAvg++xp+OcqAoKH4piIIaQP11H32e8+Top4hcqq+bDEPpWXq ZmlcxtW4UkPW5cDU8lI8YBhrs6HGO+9JbKqadRA9ajE/4jtb/ZwJF3MOXlVSsmHQdjbk 2Vtg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=F+kxZkQQT7OHNmGMuUCVRF4t6nUAJ3c6sxl3xAFz4pk=; b=x2rdhNtMpZSWlQzBl7l5lC/csIqEyi2D2ake5ro9U5od1iM5/9FEjcPlMm5yQ5eEji ooQ8zUTzQWedZS8T54hzS9ukLxSHjQGU8EMEz53bASkXDowWPRNvjOJdW7bs6PosUCQy BF2S4LFKOUP4Ab/ENk4mF1Suj7GMRM4Ab/atzvJ65H5kxp24ys59DhS9nnXRS5efuFlm Mkbt/KRypqfTcCBtJFLSgMaE9MjyCz28KKO+wVm/eJB7EOU4ruTdp7AHuT+hI0atc0EB xvVytXqicC7BSF/PNNujV9zlcFFltY+yTaoprpw81DfaRB3eEg8U/U2mboeGv8nzBwFL 9f0A== X-Gm-Message-State: AOAM532hTyMm6ChETbbkItVdUphdShdvKcQY/7X/s8CF4ksHyz9YJJiJ Qu5FhkUBQhlqILTc/5TkdLtIPMOx4dRn9uaX5yzG2w== X-Google-Smtp-Source: ABdhPJzhfMUonhREpiLejz8RriF63os5QyQ1fmOi2gaXPdkixZcXDAfGNJxBHNs+6l40BwgiRtGAj8srNdIJ53LbUao= X-Received: by 2002:a05:622a:1045:: with SMTP id f5mr4828127qte.319.1637662820622; Tue, 23 Nov 2021 02:20:20 -0800 (PST) MIME-Version: 1.0 References: <20211123051658.3195589-1-pcc@google.com> <20211123051658.3195589-3-pcc@google.com> In-Reply-To: From: Alexander Potapenko Date: Tue, 23 Nov 2021 11:19:44 +0100 Message-ID: Subject: Re: [PATCH v2 2/5] uaccess-buffer: add core code To: Dmitry Vyukov Cc: Peter Collingbourne , Catalin Marinas , Will Deacon , Ingo Molnar , Peter Zijlstra , Juri Lelli , Vincent Guittot , Dietmar Eggemann , Steven Rostedt , Ben Segall , Mel Gorman , Daniel Bristot de Oliveira , Thomas Gleixner , Andy Lutomirski , Kees Cook , Andrew Morton , Masahiro Yamada , Sami Tolvanen , YiFei Zhu , Colin Ian King , Mark Rutland , Frederic Weisbecker , Viresh Kumar , Andrey Konovalov , Gabriel Krisman Bertazi , Chris Hyser , Daniel Vetter , Chris Wilson , Arnd Bergmann , Christian Brauner , "Eric W. Biederman" , Alexey Gladkov , Ran Xiaokai , David Hildenbrand , Xiaofeng Cao , Cyrill Gorcunov , Thomas Cedeno , Marco Elver , linux-kernel@vger.kernel.org, linux-arm-kernel@lists.infradead.org, Evgenii Stepanov X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20211123_022023_303004_D8550CC3 X-CRM114-Status: GOOD ( 44.74 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org T24gVHVlLCBOb3YgMjMsIDIwMjEgYXQgMTA6NTYgQU0gRG1pdHJ5IFZ5dWtvdiA8ZHZ5dWtvdkBn b29nbGUuY29tPiB3cm90ZToKPgo+IC5PbiBUdWUsIDIzIE5vdiAyMDIxIGF0IDA2OjE3LCBQZXRl ciBDb2xsaW5nYm91cm5lIDxwY2NAZ29vZ2xlLmNvbT4gd3JvdGU6Cj4gPgo+ID4gQWRkIHRoZSBj b3JlIGNvZGUgdG8gc3VwcG9ydCB1YWNjZXNzIGxvZ2dpbmcuIFN1YnNlcXVlbnQgcGF0Y2hlcyB3 aWxsCj4gPiBob29rIHRoaXMgdXAgdG8gdGhlIGFyY2gtc3BlY2lmaWMga2VybmVsIGVudHJ5IGFu ZCBleGl0IGNvZGUgZm9yCj4gPiBjZXJ0YWluIGFyY2hpdGVjdHVyZXMuCj4KPiBJIGRvbid0IHNl ZSB3aGVyZSB3ZSBibG9jayBzaWduYWxzIHdoZW4gYSB1c2VyIHdyaXRlcyB0byB0aGUgYWRkci4g SQo+IGV4cGVjdGVkIHRvIHNlZSBzb21lIGdldF91c2VyIGZyb20gdGhlIGFkZHIgc29tZXdoZXJl IGluIHRoZSBzaWduYWwKPiBoYW5kbGluZyBjb2RlLiBXaGF0IGFtIEkgbWlzc2luZz8KPgo+ID4g TGluazogaHR0cHM6Ly9saW51eC1yZXZpZXcuZ29vZ2xlc291cmNlLmNvbS9pZC9JNjU4MTc2NTY0 NjUwMWE1NjMxYjI4MWQ2NzA5MDM5NDVlYmFkYzU3ZAo+ID4gU2lnbmVkLW9mZi1ieTogUGV0ZXIg Q29sbGluZ2JvdXJuZSA8cGNjQGdvb2dsZS5jb20+Cj4gPiAtLS0KPiA+IHYyOgo+ID4gLSBOZXcg aW50ZXJmYWNlIHRoYXQgYXZvaWRzIG11bHRpcGxlIHN5c2NhbGxzIHBlciByZWFsIHN5c2NhbGwg YW5kCj4gPiAgIGlzIGFyY2gtZ2VuZXJpYwo+ID4gLSBBdm9pZCBsb2dnaW5nIHVhY2Nlc3NlcyBk b25lIGJ5IEJQRiBwcm9ncmFtcwo+ID4gLSBBZGQgZG9jdW1lbnRhdGlvbgo+ID4gLSBTcGxpdCB1 cCBpbnRvIG11bHRpcGxlIHBhdGNoZXMKPiA+IC0gVmFyaW91cyBjb2RlIG1vdmVzLCByZW5hbWVz IGV0YyBhcyByZXF1ZXN0ZWQgYnkgTWFyY28KPiA+Cj4gPiAgYXJjaC9LY29uZmlnICAgICAgICAg ICAgICAgICAgICAgICAgICAgICB8ICAgNSArCj4gPiAgZnMvZXhlYy5jICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICB8ICAgMiArCj4gPiAgaW5jbHVkZS9saW51eC9pbnN0cnVtZW50ZWQu aCAgICAgICAgICAgICB8ICAgNSArLQo+ID4gIGluY2x1ZGUvbGludXgvc2NoZWQuaCAgICAgICAg ICAgICAgICAgICAgfCAgIDQgKwo+ID4gIGluY2x1ZGUvbGludXgvdWFjY2Vzcy1idWZmZXItbG9n LWhvb2tzLmggfCAgNTkgKysrKysrKysrKysKPiA+ICBpbmNsdWRlL2xpbnV4L3VhY2Nlc3MtYnVm ZmVyLmggICAgICAgICAgIHwgIDc5ICsrKysrKysrKysrKysrCj4gPiAgaW5jbHVkZS91YXBpL2xp bnV4L3ByY3RsLmggICAgICAgICAgICAgICB8ICAgMyArCj4gPiAgaW5jbHVkZS91YXBpL2xpbnV4 L3VhY2Nlc3MtYnVmZmVyLmggICAgICB8ICAyNSArKysrKwo+ID4gIGtlcm5lbC9NYWtlZmlsZSAg ICAgICAgICAgICAgICAgICAgICAgICAgfCAgIDEgKwo+ID4gIGtlcm5lbC9icGYvaGVscGVycy5j ICAgICAgICAgICAgICAgICAgICAgfCAgIDYgKy0KPiA+ICBrZXJuZWwvZm9yay5jICAgICAgICAg ICAgICAgICAgICAgICAgICAgIHwgICAzICsKPiA+ICBrZXJuZWwvc2lnbmFsLmMgICAgICAgICAg ICAgICAgICAgICAgICAgIHwgICA0ICstCj4gPiAga2VybmVsL3N5cy5jICAgICAgICAgICAgICAg ICAgICAgICAgICAgICB8ICAgNiArKwo+ID4gIGtlcm5lbC91YWNjZXNzLWJ1ZmZlci5jICAgICAg ICAgICAgICAgICAgfCAxMjUgKysrKysrKysrKysrKysrKysrKysrKysKPiA+ICAxNCBmaWxlcyBj aGFuZ2VkLCAzMjQgaW5zZXJ0aW9ucygrKSwgMyBkZWxldGlvbnMoLSkKPiA+ICBjcmVhdGUgbW9k ZSAxMDA2NDQgaW5jbHVkZS9saW51eC91YWNjZXNzLWJ1ZmZlci1sb2ctaG9va3MuaAo+ID4gIGNy ZWF0ZSBtb2RlIDEwMDY0NCBpbmNsdWRlL2xpbnV4L3VhY2Nlc3MtYnVmZmVyLmgKPiA+ICBjcmVh dGUgbW9kZSAxMDA2NDQgaW5jbHVkZS91YXBpL2xpbnV4L3VhY2Nlc3MtYnVmZmVyLmgKPiA+ICBj cmVhdGUgbW9kZSAxMDA2NDQga2VybmVsL3VhY2Nlc3MtYnVmZmVyLmMKPiA+Cj4gPiBkaWZmIC0t Z2l0IGEvYXJjaC9LY29uZmlnIGIvYXJjaC9LY29uZmlnCj4gPiBpbmRleCAyNmI4ZWQxMTYzOWQu LjYwMzAyOThhN2U5YSAxMDA2NDQKPiA+IC0tLSBhL2FyY2gvS2NvbmZpZwo+ID4gKysrIGIvYXJj aC9LY29uZmlnCj4gPiBAQCAtMTMwMiw2ICsxMzAyLDExIEBAIGNvbmZpZyBBUkNIX0hBU19QQVJB Tk9JRF9MMURfRkxVU0gKPiA+ICBjb25maWcgRFlOQU1JQ19TSUdGUkFNRQo+ID4gICAgICAgICBi b29sCj4gPgo+ID4gK2NvbmZpZyBIQVZFX0FSQ0hfVUFDQ0VTU19CVUZGRVIKPiA+ICsgICAgICAg Ym9vbAo+ID4gKyAgICAgICBoZWxwCj4gPiArICAgICAgICAgU2VsZWN0IGlmIHRoZSBhcmNoaXRl Y3R1cmUncyBzeXNjYWxsIGVudHJ5L2V4aXQgY29kZSBzdXBwb3J0cyB1YWNjZXNzIGJ1ZmZlcnMu Cj4gPiArCj4gPiAgc291cmNlICJrZXJuZWwvZ2Nvdi9LY29uZmlnIgo+ID4KPiA+ICBzb3VyY2Ug InNjcmlwdHMvZ2NjLXBsdWdpbnMvS2NvbmZpZyIKPiA+IGRpZmYgLS1naXQgYS9mcy9leGVjLmMg Yi9mcy9leGVjLmMKPiA+IGluZGV4IDUzN2Q5MmM0MTEwNS4uNWYzMDMxNGYzZWM2IDEwMDY0NAo+ ID4gLS0tIGEvZnMvZXhlYy5jCj4gPiArKysgYi9mcy9leGVjLmMKPiA+IEBAIC02NSw2ICs2NSw3 IEBACj4gPiAgI2luY2x1ZGUgPGxpbnV4L3ZtYWxsb2MuaD4KPiA+ICAjaW5jbHVkZSA8bGludXgv aW9fdXJpbmcuaD4KPiA+ICAjaW5jbHVkZSA8bGludXgvc3lzY2FsbF91c2VyX2Rpc3BhdGNoLmg+ Cj4gPiArI2luY2x1ZGUgPGxpbnV4L3VhY2Nlc3MtYnVmZmVyLmg+Cj4gPgo+ID4gICNpbmNsdWRl IDxsaW51eC91YWNjZXNzLmg+Cj4gPiAgI2luY2x1ZGUgPGFzbS9tbXVfY29udGV4dC5oPgo+ID4g QEAgLTEzMTMsNiArMTMxNCw3IEBAIGludCBiZWdpbl9uZXdfZXhlYyhzdHJ1Y3QgbGludXhfYmlu cHJtICogYnBybSkKPiA+ICAgICAgICAgbWUtPnBlcnNvbmFsaXR5ICY9IH5icHJtLT5wZXJfY2xl YXI7Cj4gPgo+ID4gICAgICAgICBjbGVhcl9zeXNjYWxsX3dvcmtfc3lzY2FsbF91c2VyX2Rpc3Bh dGNoKG1lKTsKPiA+ICsgICAgICAgdWFjY2Vzc19idWZmZXJfc2V0X2Rlc2NyaXB0b3JfYWRkcl9h ZGRyKDApOwo+ID4KPiA+ICAgICAgICAgLyoKPiA+ICAgICAgICAgICogV2UgaGF2ZSB0byBhcHBs eSBDTE9FWEVDIGJlZm9yZSB3ZSBjaGFuZ2Ugd2hldGhlciB0aGUgcHJvY2VzcyBpcwo+ID4gZGlm ZiAtLWdpdCBhL2luY2x1ZGUvbGludXgvaW5zdHJ1bWVudGVkLmggYi9pbmNsdWRlL2xpbnV4L2lu c3RydW1lbnRlZC5oCj4gPiBpbmRleCA0MmZhZWJiYWEyMDIuLmM5NmJlMTY5NTYxNCAxMDA2NDQK PiA+IC0tLSBhL2luY2x1ZGUvbGludXgvaW5zdHJ1bWVudGVkLmgKPiA+ICsrKyBiL2luY2x1ZGUv bGludXgvaW5zdHJ1bWVudGVkLmgKPiA+IEBAIC0yLDcgKzIsNyBAQAo+ID4KPiA+ICAvKgo+ID4g ICAqIFRoaXMgaGVhZGVyIHByb3ZpZGVzIGdlbmVyaWMgd3JhcHBlcnMgZm9yIG1lbW9yeSBhY2Nl c3MgaW5zdHJ1bWVudGF0aW9uIHRoYXQKPiA+IC0gKiB0aGUgY29tcGlsZXIgY2Fubm90IGVtaXQg Zm9yOiBLQVNBTiwgS0NTQU4uCj4gPiArICogdGhlIGNvbXBpbGVyIGNhbm5vdCBlbWl0IGZvcjog S0FTQU4sIEtDU0FOLCB1YWNjZXNzIGJ1ZmZlcnMuCj4gPiAgICovCj4gPiAgI2lmbmRlZiBfTElO VVhfSU5TVFJVTUVOVEVEX0gKPiA+ICAjZGVmaW5lIF9MSU5VWF9JTlNUUlVNRU5URURfSAo+ID4g QEAgLTExLDYgKzExLDcgQEAKPiA+ICAjaW5jbHVkZSA8bGludXgva2FzYW4tY2hlY2tzLmg+Cj4g PiAgI2luY2x1ZGUgPGxpbnV4L2tjc2FuLWNoZWNrcy5oPgo+ID4gICNpbmNsdWRlIDxsaW51eC90 eXBlcy5oPgo+ID4gKyNpbmNsdWRlIDxsaW51eC91YWNjZXNzLWJ1ZmZlci1sb2ctaG9va3MuaD4K PiA+Cj4gPiAgLyoqCj4gPiAgICogaW5zdHJ1bWVudF9yZWFkIC0gaW5zdHJ1bWVudCByZWd1bGFy IHJlYWQgYWNjZXNzCj4gPiBAQCAtMTE3LDYgKzExOCw3IEBAIGluc3RydW1lbnRfY29weV90b191 c2VyKHZvaWQgX191c2VyICp0bywgY29uc3Qgdm9pZCAqZnJvbSwgdW5zaWduZWQgbG9uZyBuKQo+ ID4gIHsKPiA+ICAgICAgICAga2FzYW5fY2hlY2tfcmVhZChmcm9tLCBuKTsKPiA+ICAgICAgICAg a2NzYW5fY2hlY2tfcmVhZChmcm9tLCBuKTsKPiA+ICsgICAgICAgdWFjY2Vzc19idWZmZXJfbG9n X3dyaXRlKHRvLCBuKTsKPiA+ICB9Cj4gPgo+ID4gIC8qKgo+ID4gQEAgLTEzNCw2ICsxMzYsNyBA QCBpbnN0cnVtZW50X2NvcHlfZnJvbV91c2VyKGNvbnN0IHZvaWQgKnRvLCBjb25zdCB2b2lkIF9f dXNlciAqZnJvbSwgdW5zaWduZWQgbG9uZwo+ID4gIHsKPiA+ICAgICAgICAga2FzYW5fY2hlY2tf d3JpdGUodG8sIG4pOwo+ID4gICAgICAgICBrY3Nhbl9jaGVja193cml0ZSh0bywgbik7Cj4gPiAr ICAgICAgIHVhY2Nlc3NfYnVmZmVyX2xvZ19yZWFkKGZyb20sIG4pOwo+ID4gIH0KPiA+Cj4gPiAg I2VuZGlmIC8qIF9MSU5VWF9JTlNUUlVNRU5URURfSCAqLwo+ID4gZGlmZiAtLWdpdCBhL2luY2x1 ZGUvbGludXgvc2NoZWQuaCBiL2luY2x1ZGUvbGludXgvc2NoZWQuaAo+ID4gaW5kZXggNzhjMzUx ZTM1ZmVjLi4xZjk3OGRlYWEzZjggMTAwNjQ0Cj4gPiAtLS0gYS9pbmNsdWRlL2xpbnV4L3NjaGVk LmgKPiA+ICsrKyBiL2luY2x1ZGUvbGludXgvc2NoZWQuaAo+ID4gQEAgLTE0ODQsNiArMTQ4NCwx MCBAQCBzdHJ1Y3QgdGFza19zdHJ1Y3Qgewo+ID4gICAgICAgICBzdHJ1Y3QgY2FsbGJhY2tfaGVh ZCAgICAgICAgICAgIGwxZF9mbHVzaF9raWxsOwo+ID4gICNlbmRpZgo+ID4KPiA+ICsjaWZkZWYg Q09ORklHX0hBVkVfQVJDSF9VQUNDRVNTX0JVRkZFUgo+ID4gKyAgICAgICBzdHJ1Y3QgdWFjY2Vz c19idWZmZXJfaW5mbyAgICAgIHVhY2Nlc3NfYnVmZmVyOwo+ID4gKyNlbmRpZgo+Cj4gU2hvdWxk bid0IHRoaXMgYmUgY29udHJvbGxlZCBieSBhbiBhZGRpdGlvbmFsIGNvbmZpZyB0aGF0IGEgdXNl ciBjYW4KPiBlbmFibGUvZGlzYWJsZT8KPiBJZiBJIGFtIHJlYWRpbmcgdGhpcyBjb3JyZWN0bHks IHRoZSBjdXJyZW50IGltcGxlbWVudGF0aW9uIGZvcmNlcwo+IHVhY2Nlc3MgbG9nZ2luZyBmb3Ig YWxsIGFyY2hlcyB0aGF0IHN1cHBvcnQgaXQuIFNvbWUgZW1iZWQga2VybmVscyBtYXkKPiBub3Qg d2FudCB0aGlzLgo+Cj4KPiA+ICAgICAgICAgLyoKPiA+ICAgICAgICAgICogTmV3IGZpZWxkcyBm b3IgdGFza19zdHJ1Y3Qgc2hvdWxkIGJlIGFkZGVkIGFib3ZlIGhlcmUsIHNvIHRoYXQKPiA+ICAg ICAgICAgICogdGhleSBhcmUgaW5jbHVkZWQgaW4gdGhlIHJhbmRvbWl6ZWQgcG9ydGlvbiBvZiB0 YXNrX3N0cnVjdC4KPiA+IGRpZmYgLS1naXQgYS9pbmNsdWRlL2xpbnV4L3VhY2Nlc3MtYnVmZmVy LWxvZy1ob29rcy5oIGIvaW5jbHVkZS9saW51eC91YWNjZXNzLWJ1ZmZlci1sb2ctaG9va3MuaAo+ ID4gbmV3IGZpbGUgbW9kZSAxMDA2NDQKPiA+IGluZGV4IDAwMDAwMDAwMDAwMC4uYmRkYzg0ZGRj ZTMyCj4gPiAtLS0gL2Rldi9udWxsCj4gPiArKysgYi9pbmNsdWRlL2xpbnV4L3VhY2Nlc3MtYnVm ZmVyLWxvZy1ob29rcy5oCj4gPiBAQCAtMCwwICsxLDU5IEBACj4gPiArLyogU1BEWC1MaWNlbnNl LUlkZW50aWZpZXI6IEdQTC0yLjAgKi8KPiA+ICsjaWZuZGVmIF9MSU5VWF9VQUNDRVNTX0JVRkZF Ul9MT0dfSE9PS1NfSAo+ID4gKyNkZWZpbmUgX0xJTlVYX1VBQ0NFU1NfQlVGRkVSX0xPR19IT09L U19ICj4gPiArCj4gPiArI2lmZGVmIENPTkZJR19IQVZFX0FSQ0hfVUFDQ0VTU19CVUZGRVIKPiA+ ICsKPiA+ICtzdHJ1Y3QgdWFjY2Vzc19idWZmZXJfaW5mbyB7Cj4gPiArICAgICAgIC8qCj4gPiAr ICAgICAgICAqIFRoZSBwb2ludGVyIHRvIHBvaW50ZXIgdG8gc3RydWN0IHVhY2Nlc3NfZGVzY3Jp cHRvci4gVGhpcyBpcyB0aGUKPiA+ICsgICAgICAgICogdmFsdWUgY29udHJvbGxlZCBieSBwcmN0 bChQUl9TRVRfVUFDQ0VTU19ERVNDUklQVE9SX0FERFJfQUREUikuCj4gPiArICAgICAgICAqLwo+ ID4gKyAgICAgICBzdHJ1Y3QgdWFjY2Vzc19kZXNjcmlwdG9yIF9fdXNlciAqX191c2VyICpkZXNj X3B0cl9wdHI7Cj4gPiArCj4gPiArICAgICAgIC8qCj4gPiArICAgICAgICAqIFRoZSBwb2ludGVy IHRvIHN0cnVjdCB1YWNjZXNzX2Rlc2NyaXB0b3IgcmVhZCBhdCBzeXNjYWxsIGVudHJ5IHRpbWUu Cj4gPiArICAgICAgICAqLwo+ID4gKyAgICAgICBzdHJ1Y3QgdWFjY2Vzc19kZXNjcmlwdG9yIF9f dXNlciAqZGVzY19wdHI7Cj4gPiArCj4gPiArICAgICAgIC8qCj4gPiArICAgICAgICAqIEEgcG9p bnRlciB0byB0aGUga2VybmVsJ3MgdGVtcG9yYXJ5IGNvcHkgb2YgdGhlIHVhY2Nlc3MgbG9nIGZv ciB0aGUKPiA+ICsgICAgICAgICogY3VycmVudCBzeXNjYWxsLiBXZSBsb2cgdG8gYSBrZXJuZWwg YnVmZmVyIGluIG9yZGVyIHRvIGF2b2lkIGxlYWtpbmcKPiA+ICsgICAgICAgICogdGltaW5nIGlu Zm9ybWF0aW9uIHRvIHVzZXJzcGFjZS4KPiA+ICsgICAgICAgICovCj4gPiArICAgICAgIHN0cnVj dCB1YWNjZXNzX2J1ZmZlcl9lbnRyeSAqa2JlZ2luOwo+ID4gKwo+ID4gKyAgICAgICAvKgo+ID4g KyAgICAgICAgKiBUaGUgcG9zaXRpb24gb2YgdGhlIG5leHQgdWFjY2VzcyBidWZmZXIgZW50cnkg Zm9yIHRoZSBjdXJyZW50Cj4gPiArICAgICAgICAqIHN5c2NhbGwuCj4gPiArICAgICAgICAqLwo+ ID4gKyAgICAgICBzdHJ1Y3QgdWFjY2Vzc19idWZmZXJfZW50cnkgKmtjdXI7Cj4gPiArCj4gPiAr ICAgICAgIC8qCj4gPiArICAgICAgICAqIEEgcG9pbnRlciB0byB0aGUgZW5kIG9mIHRoZSBrZXJu ZWwncyB1YWNjZXNzIGxvZy4KPiA+ICsgICAgICAgICovCj4gPiArICAgICAgIHN0cnVjdCB1YWNj ZXNzX2J1ZmZlcl9lbnRyeSAqa2VuZDsKPiA+ICsKPiA+ICsgICAgICAgLyoKPiA+ICsgICAgICAg ICogVGhlIHBvaW50ZXIgdG8gdGhlIHVzZXJzcGFjZSB1YWNjZXNzIGxvZywgYXMgcmVhZCBmcm9t IHRoZQo+ID4gKyAgICAgICAgKiBzdHJ1Y3QgdWFjY2Vzc19kZXNjcmlwdG9yLgo+ID4gKyAgICAg ICAgKi8KPiA+ICsgICAgICAgc3RydWN0IHVhY2Nlc3NfYnVmZmVyX2VudHJ5IF9fdXNlciAqdWJl Z2luOwo+ID4gK307Cj4gPiArCj4gPiArdm9pZCB1YWNjZXNzX2J1ZmZlcl9sb2dfcmVhZChjb25z dCB2b2lkIF9fdXNlciAqZnJvbSwgdW5zaWduZWQgbG9uZyBuKTsKPiA+ICt2b2lkIHVhY2Nlc3Nf YnVmZmVyX2xvZ193cml0ZSh2b2lkIF9fdXNlciAqdG8sIHVuc2lnbmVkIGxvbmcgbik7Cj4gPiAr Cj4gPiArI2Vsc2UKPiA+ICsKPiA+ICtzdGF0aWMgaW5saW5lIHZvaWQgdWFjY2Vzc19idWZmZXJf bG9nX3JlYWQoY29uc3Qgdm9pZCBfX3VzZXIgKmZyb20sCj4gPiArICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgdW5zaWduZWQgbG9uZyBuKQo+ID4gK3sKPiA+ICt9Cj4g PiArc3RhdGljIGlubGluZSB2b2lkIHVhY2Nlc3NfYnVmZmVyX2xvZ193cml0ZSh2b2lkIF9fdXNl ciAqdG8sIHVuc2lnbmVkIGxvbmcgbikKPiA+ICt7Cj4gPiArfQo+ID4gKwo+ID4gKyNlbmRpZgo+ ID4gKwo+ID4gKyNlbmRpZiAgLyogX0xJTlVYX1VBQ0NFU1NfQlVGRkVSX0xPR19IT09LU19IICov Cj4gPiBkaWZmIC0tZ2l0IGEvaW5jbHVkZS9saW51eC91YWNjZXNzLWJ1ZmZlci5oIGIvaW5jbHVk ZS9saW51eC91YWNjZXNzLWJ1ZmZlci5oCj4gPiBuZXcgZmlsZSBtb2RlIDEwMDY0NAo+ID4gaW5k ZXggMDAwMDAwMDAwMDAwLi4xNDI2MTM2OGQzYTkKPiA+IC0tLSAvZGV2L251bGwKPiA+ICsrKyBi L2luY2x1ZGUvbGludXgvdWFjY2Vzcy1idWZmZXIuaAo+ID4gQEAgLTAsMCArMSw3OSBAQAo+ID4g Ky8qIFNQRFgtTGljZW5zZS1JZGVudGlmaWVyOiBHUEwtMi4wICovCj4gPiArI2lmbmRlZiBfTElO VVhfVUFDQ0VTU19CVUZGRVJfSAo+ID4gKyNkZWZpbmUgX0xJTlVYX1VBQ0NFU1NfQlVGRkVSX0gK PiA+ICsKPiA+ICsjaW5jbHVkZSA8bGludXgvc2NoZWQuaD4KPiA+ICsjaW5jbHVkZSA8dWFwaS9s aW51eC91YWNjZXNzLWJ1ZmZlci5oPgo+ID4gKwo+ID4gKyNpbmNsdWRlIDxhc20tZ2VuZXJpYy9l cnJuby1iYXNlLmg+Cj4gPiArCj4gPiArI2lmZGVmIENPTkZJR19IQVZFX0FSQ0hfVUFDQ0VTU19C VUZGRVIKPiA+ICsKPiA+ICtzdGF0aWMgaW5saW5lIGJvb2wgdWFjY2Vzc19idWZmZXJfbWF5YmVf YmxvY2tlZChzdHJ1Y3QgdGFza19zdHJ1Y3QgKnRzaykKPiA+ICt7Cj4gPiArICAgICAgIHJldHVy biB0c2stPnVhY2Nlc3NfYnVmZmVyLmRlc2NfcHRyX3B0cjsKPiA+ICt9Cj4gPiArCj4gPiArdm9p ZCBfX3VhY2Nlc3NfYnVmZmVyX3N5c2NhbGxfZW50cnkodm9pZCk7Cj4gPiArc3RhdGljIGlubGlu ZSB2b2lkIHVhY2Nlc3NfYnVmZmVyX3N5c2NhbGxfZW50cnkodm9pZCkKPiA+ICt7Cj4gPiArICAg ICAgIGlmICh1YWNjZXNzX2J1ZmZlcl9tYXliZV9ibG9ja2VkKGN1cnJlbnQpKQo+ID4gKyAgICAg ICAgICAgICAgIF9fdWFjY2Vzc19idWZmZXJfc3lzY2FsbF9lbnRyeSgpOwo+ID4gK30KPiA+ICsK PiA+ICt2b2lkIF9fdWFjY2Vzc19idWZmZXJfc3lzY2FsbF9leGl0KHZvaWQpOwo+ID4gK3N0YXRp YyBpbmxpbmUgdm9pZCB1YWNjZXNzX2J1ZmZlcl9zeXNjYWxsX2V4aXQodm9pZCkKPiA+ICt7Cj4g PiArICAgICAgIGlmICh1YWNjZXNzX2J1ZmZlcl9tYXliZV9ibG9ja2VkKGN1cnJlbnQpKQo+ID4g KyAgICAgICAgICAgICAgIF9fdWFjY2Vzc19idWZmZXJfc3lzY2FsbF9leGl0KCk7Cj4gPiArfQo+ ID4gKwo+ID4gK2Jvb2wgX191YWNjZXNzX2J1ZmZlcl9wcmVfZXhpdF9sb29wKHZvaWQpOwo+ID4g K3N0YXRpYyBpbmxpbmUgYm9vbCB1YWNjZXNzX2J1ZmZlcl9wcmVfZXhpdF9sb29wKHZvaWQpCj4g PiArewo+ID4gKyAgICAgICBpZiAoIXVhY2Nlc3NfYnVmZmVyX21heWJlX2Jsb2NrZWQoY3VycmVu dCkpCj4gPiArICAgICAgICAgICAgICAgcmV0dXJuIGZhbHNlOwo+ID4gKyAgICAgICByZXR1cm4g X191YWNjZXNzX2J1ZmZlcl9wcmVfZXhpdF9sb29wKCk7Cj4gPiArfQo+ID4gKwo+ID4gK3ZvaWQg X191YWNjZXNzX2J1ZmZlcl9wb3N0X2V4aXRfbG9vcCh2b2lkKTsKPiA+ICtzdGF0aWMgaW5saW5l IHZvaWQgdWFjY2Vzc19idWZmZXJfcG9zdF9leGl0X2xvb3AoYm9vbCBwZW5kaW5nKQo+ID4gK3sK PiA+ICsgICAgICAgaWYgKHBlbmRpbmcpCj4gPiArICAgICAgICAgICAgICAgX191YWNjZXNzX2J1 ZmZlcl9wb3N0X2V4aXRfbG9vcCgpOwo+ID4gK30KPiA+ICsKPiA+ICt2b2lkIHVhY2Nlc3NfYnVm ZmVyX2NhbmNlbF9sb2coc3RydWN0IHRhc2tfc3RydWN0ICp0c2spOwo+ID4gK2ludCB1YWNjZXNz X2J1ZmZlcl9zZXRfZGVzY3JpcHRvcl9hZGRyX2FkZHIodW5zaWduZWQgbG9uZyBhZGRyKTsKPiA+ ICsKPiA+ICsjZWxzZQo+ID4gKwo+ID4gK3N0YXRpYyBpbmxpbmUgYm9vbCB1YWNjZXNzX2J1ZmZl cl9tYXliZV9ibG9ja2VkKHN0cnVjdCB0YXNrX3N0cnVjdCAqdHNrKQo+ID4gK3sKPiA+ICsgICAg ICAgcmV0dXJuIGZhbHNlOwo+ID4gK30KPiA+ICsKPiA+ICtzdGF0aWMgaW5saW5lIHZvaWQgdWFj Y2Vzc19idWZmZXJfc3lzY2FsbF9lbnRyeSh2b2lkKQo+ID4gK3sKPiA+ICt9Cj4gPiArc3RhdGlj IGlubGluZSB2b2lkIHVhY2Nlc3NfYnVmZmVyX3N5c2NhbGxfZXhpdCh2b2lkKQo+ID4gK3sKPiA+ ICt9Cj4gPiArc3RhdGljIGlubGluZSBib29sIHVhY2Nlc3NfYnVmZmVyX3ByZV9leGl0X2xvb3Ao dm9pZCkKPiA+ICt7Cj4gPiArICAgICAgIHJldHVybiBmYWxzZTsKPiA+ICt9Cj4gPiArc3RhdGlj IGlubGluZSB2b2lkIHVhY2Nlc3NfYnVmZmVyX3Bvc3RfZXhpdF9sb29wKGJvb2wgcGVuZGluZykK PiA+ICt7Cj4gPiArfQo+ID4gK3N0YXRpYyBpbmxpbmUgdm9pZCB1YWNjZXNzX2J1ZmZlcl9jYW5j ZWxfbG9nKHN0cnVjdCB0YXNrX3N0cnVjdCAqdHNrKQo+ID4gK3sKPiA+ICt9Cj4gPiArCj4gPiAr c3RhdGljIGlubGluZSBpbnQgdWFjY2Vzc19idWZmZXJfc2V0X2Rlc2NyaXB0b3JfYWRkcl9hZGRy KHVuc2lnbmVkIGxvbmcgYWRkcikKPiA+ICt7Cj4gPiArICAgICAgIHJldHVybiAtRUlOVkFMOwo+ ID4gK30KPiA+ICsjZW5kaWYKPiA+ICsKPiA+ICsjZW5kaWYgIC8qIF9MSU5VWF9VQUNDRVNTX0JV RkZFUl9IICovCj4gPiBkaWZmIC0tZ2l0IGEvaW5jbHVkZS91YXBpL2xpbnV4L3ByY3RsLmggYi9p bmNsdWRlL3VhcGkvbGludXgvcHJjdGwuaAo+ID4gaW5kZXggYmI3M2U5YTBiMjRmLi43NGIzNzQ2 OWM3YjMgMTAwNjQ0Cj4gPiAtLS0gYS9pbmNsdWRlL3VhcGkvbGludXgvcHJjdGwuaAo+ID4gKysr IGIvaW5jbHVkZS91YXBpL2xpbnV4L3ByY3RsLmgKPiA+IEBAIC0yNzIsNCArMjcyLDcgQEAgc3Ry dWN0IHByY3RsX21tX21hcCB7Cj4gPiAgIyBkZWZpbmUgUFJfU0NIRURfQ09SRV9TQ09QRV9USFJF QURfR1JPVVAgICAgICAxCj4gPiAgIyBkZWZpbmUgUFJfU0NIRURfQ09SRV9TQ09QRV9QUk9DRVNT X0dST1VQICAgICAyCj4gPgo+ID4gKy8qIENvbmZpZ3VyZSB1YWNjZXNzIGxvZ2dpbmcgZmVhdHVy ZSAqLwo+ID4gKyNkZWZpbmUgUFJfU0VUX1VBQ0NFU1NfREVTQ1JJUFRPUl9BRERSX0FERFIgICAg NjMKPiA+ICsKPiA+ICAjZW5kaWYgLyogX0xJTlVYX1BSQ1RMX0ggKi8KPiA+IGRpZmYgLS1naXQg YS9pbmNsdWRlL3VhcGkvbGludXgvdWFjY2Vzcy1idWZmZXIuaCBiL2luY2x1ZGUvdWFwaS9saW51 eC91YWNjZXNzLWJ1ZmZlci5oCj4gPiBuZXcgZmlsZSBtb2RlIDEwMDY0NAo+ID4gaW5kZXggMDAw MDAwMDAwMDAwLi42MTliMTdkYzI1YzQKPiA+IC0tLSAvZGV2L251bGwKPiA+ICsrKyBiL2luY2x1 ZGUvdWFwaS9saW51eC91YWNjZXNzLWJ1ZmZlci5oCj4gPiBAQCAtMCwwICsxLDI1IEBACj4gPiAr LyogU1BEWC1MaWNlbnNlLUlkZW50aWZpZXI6IEdQTC0yLjAgV0lUSCBMaW51eC1zeXNjYWxsLW5v dGUgKi8KPiA+ICsjaWZuZGVmIF9VQVBJX0xJTlVYX1VBQ0NFU1NfQlVGRkVSX0gKPiA+ICsjZGVm aW5lIF9VQVBJX0xJTlVYX1VBQ0NFU1NfQlVGRkVSX0gKPiA+ICsKPiA+ICsvKiBMb2NhdGlvbiBv ZiB0aGUgdWFjY2VzcyBsb2cuICovCj4gPiArc3RydWN0IHVhY2Nlc3NfZGVzY3JpcHRvciB7Cj4g PiArICAgICAgIC8qIEFkZHJlc3Mgb2YgdGhlIHVhY2Nlc3NfYnVmZmVyX2VudHJ5IGFycmF5LiAq Lwo+ID4gKyAgICAgICBfX3U2NCBhZGRyOwo+ID4gKyAgICAgICAvKiBTaXplIG9mIHRoZSB1YWNj ZXNzX2J1ZmZlcl9lbnRyeSBhcnJheSBpbiBudW1iZXIgb2YgZWxlbWVudHMuICovCj4gPiArICAg ICAgIF9fdTY0IHNpemU7Cj4gPiArfTsKPiA+ICsKPiA+ICsvKiBGb3JtYXQgb2YgdGhlIGVudHJp ZXMgaW4gdGhlIHVhY2Nlc3MgbG9nLiAqLwo+ID4gK3N0cnVjdCB1YWNjZXNzX2J1ZmZlcl9lbnRy eSB7Cj4gPiArICAgICAgIC8qIEFkZHJlc3MgYmVpbmcgYWNjZXNzZWQuICovCj4gPiArICAgICAg IF9fdTY0IGFkZHI7Cj4gPiArICAgICAgIC8qIE51bWJlciBvZiBieXRlcyB0aGF0IHdlcmUgYWNj ZXNzZWQuICovCj4gPiArICAgICAgIF9fdTY0IHNpemU7Cj4gPiArICAgICAgIC8qIFVBQ0NFU1Nf QlVGRkVSXyogZmxhZ3MuICovCj4gPiArICAgICAgIF9fdTY0IGZsYWdzOwo+ID4gK307Cj4gPiAr Cj4gPiArI2RlZmluZSBVQUNDRVNTX0JVRkZFUl9GTEFHX1dSSVRFICAgICAgMSAvKiBhY2Nlc3Mg d2FzIGEgd3JpdGUgKi8KPiA+ICsKPiA+ICsjZW5kaWYgLyogX1VBUElfTElOVVhfVUFDQ0VTU19C VUZGRVJfSCAqLwo+ID4gZGlmZiAtLWdpdCBhL2tlcm5lbC9NYWtlZmlsZSBiL2tlcm5lbC9NYWtl ZmlsZQo+ID4gaW5kZXggMTg2YzQ5NTgyZjQ1Li5kNGQ5YmU1MTQ2YzMgMTAwNjQ0Cj4gPiAtLS0g YS9rZXJuZWwvTWFrZWZpbGUKPiA+ICsrKyBiL2tlcm5lbC9NYWtlZmlsZQo+ID4gQEAgLTExNCw2 ICsxMTQsNyBAQCBvYmotJChDT05GSUdfS0NTQU4pICs9IGtjc2FuLwo+ID4gIG9iai0kKENPTkZJ R19TSEFET1dfQ0FMTF9TVEFDSykgKz0gc2NzLm8KPiA+ICBvYmotJChDT05GSUdfSEFWRV9TVEFU SUNfQ0FMTF9JTkxJTkUpICs9IHN0YXRpY19jYWxsLm8KPiA+ICBvYmotJChDT05GSUdfQ0ZJX0NM QU5HKSArPSBjZmkubwo+ID4gK29iai0kKENPTkZJR19IQVZFX0FSQ0hfVUFDQ0VTU19CVUZGRVIp ICs9IHVhY2Nlc3MtYnVmZmVyLm8KPiA+Cj4gPiAgb2JqLSQoQ09ORklHX1BFUkZfRVZFTlRTKSAr PSBldmVudHMvCj4gPgo+ID4gZGlmZiAtLWdpdCBhL2tlcm5lbC9icGYvaGVscGVycy5jIGIva2Vy bmVsL2JwZi9oZWxwZXJzLmMKPiA+IGluZGV4IDY0OWYwNzYyM2RmNi4uMTY3YjUwMTc3MDY2IDEw MDY0NAo+ID4gLS0tIGEva2VybmVsL2JwZi9oZWxwZXJzLmMKPiA+ICsrKyBiL2tlcm5lbC9icGYv aGVscGVycy5jCj4gPiBAQCAtNjM3LDcgKzYzNywxMSBAQCBjb25zdCBzdHJ1Y3QgYnBmX2Z1bmNf cHJvdG8gYnBmX2V2ZW50X291dHB1dF9kYXRhX3Byb3RvID0gIHsKPiA+ICBCUEZfQ0FMTF8zKGJw Zl9jb3B5X2Zyb21fdXNlciwgdm9pZCAqLCBkc3QsIHUzMiwgc2l6ZSwKPiA+ICAgICAgICAgICAg Y29uc3Qgdm9pZCBfX3VzZXIgKiwgdXNlcl9wdHIpCj4gPiAgewo+ID4gLSAgICAgICBpbnQgcmV0 ID0gY29weV9mcm9tX3VzZXIoZHN0LCB1c2VyX3B0ciwgc2l6ZSk7Cj4gPiArICAgICAgIC8qCj4g PiArICAgICAgICAqIEF2b2lkIGNvcHlfZnJvbV91c2VyKCkgaGVyZSBhcyBpdCBtYXkgbGVhayBp bmZvcm1hdGlvbiBhYm91dCB0aGUgQlBGCj4gPiArICAgICAgICAqIHByb2dyYW0gdG8gdXNlcnNw YWNlIHZpYSB0aGUgdWFjY2VzcyBidWZmZXIuCj4gPiArICAgICAgICAqLwo+ID4gKyAgICAgICBp bnQgcmV0ID0gcmF3X2NvcHlfZnJvbV91c2VyKGRzdCwgdXNlcl9wdHIsIHNpemUpOwo+Cj4gSGVy ZSBJIGFtIG1vcmUgY29uY2VybmVkIGFib3V0IEtBU0FOL0tNU0FOIGNoZWNrcy4KPiBXaGF0IGV4 YWN0bHkgaXMgdGhlIGF0dGFjayB2ZWN0b3IgaGVyZT8gQXJlIHRoZXNlIGFjY2Vzc2VzIHNlY3Jl dD8KCklmIHRoZXJlIGFyZSBjb25jZXJucyBhYm91dCBsZWFraW5nIGluZm9ybWF0aW9uIGluIHRo aXMgcGFydGljdWxhcgpjYXNlLCBhbnkgb3RoZXIgY2FsbCB0byBjb3B5X2Zyb21fdXNlcigpIGFk ZGVkIGluIHRoZSBmdXR1cmUgd2lsbCBiZQpwcm9uZSB0byB0aGUgc2FtZSBpc3N1ZXMuClNvIGlm IHVhY2Nlc3MgbG9nZ2luZyBpcyBtZWFudCBmb3IgcHJvZHVjdGlvbiB1c2UsIGl0IHNob3VsZCBi ZQpwb3NzaWJsZSB0byBsb2NrIHRoZSBmZWF0dXJlIGRvd24gZnJvbSB1bndhbnRlZCB1c2Vycy4K Cj4gQ2FuJ3QgdGhlIHNhbWUgaW5mbyBiZSBvYnRhaW5lZCB1c2luZyB1c2VyZmF1bHRmZC91bm1h cHBpbmcgbWVtb3J5Pwo+Cj4gcmF3X2NvcHlfZnJvbV91c2VyIGFsc28gc2tpcHMgYWNjZXNzX29r LCBpcyBpdCBvaz8KPgo+Cj4gPiAgICAgICAgIGlmICh1bmxpa2VseShyZXQpKSB7Cj4gPiAgICAg ICAgICAgICAgICAgbWVtc2V0KGRzdCwgMCwgc2l6ZSk7Cj4gPiBkaWZmIC0tZ2l0IGEva2VybmVs L2ZvcmsuYyBiL2tlcm5lbC9mb3JrLmMKPiA+IGluZGV4IDMyNDRjYzU2YjY5Ny4uYzdhYmU3ZTdj N2NkIDEwMDY0NAo+ID4gLS0tIGEva2VybmVsL2ZvcmsuYwo+ID4gKysrIGIva2VybmVsL2Zvcmsu Ywo+ID4gQEAgLTk2LDYgKzk2LDcgQEAKPiA+ICAjaW5jbHVkZSA8bGludXgvc2NzLmg+Cj4gPiAg I2luY2x1ZGUgPGxpbnV4L2lvX3VyaW5nLmg+Cj4gPiAgI2luY2x1ZGUgPGxpbnV4L2JwZi5oPgo+ ID4gKyNpbmNsdWRlIDxsaW51eC91YWNjZXNzLWJ1ZmZlci5oPgo+ID4KPiA+ICAjaW5jbHVkZSA8 YXNtL3BnYWxsb2MuaD4KPiA+ICAjaW5jbHVkZSA8bGludXgvdWFjY2Vzcy5oPgo+ID4gQEAgLTg5 MCw2ICs4OTEsOCBAQCBzdGF0aWMgc3RydWN0IHRhc2tfc3RydWN0ICpkdXBfdGFza19zdHJ1Y3Qo c3RydWN0IHRhc2tfc3RydWN0ICpvcmlnLCBpbnQgbm9kZSkKPiA+ICAgICAgICAgaWYgKG1lbWNn X2NoYXJnZV9rZXJuZWxfc3RhY2sodHNrKSkKPiA+ICAgICAgICAgICAgICAgICBnb3RvIGZyZWVf c3RhY2s7Cj4gPgo+ID4gKyAgICAgICB1YWNjZXNzX2J1ZmZlcl9jYW5jZWxfbG9nKHRzayk7Cj4K PiBXaHkgZG8gd2UgbmVlZCB0aGlzPwo+IHRzayBpcyBhIG5ld2x5IGFsbG9jYXRlZCB0YXNrX3N0 cnVjdC4gSWYgSSBhbSBub3QgbWlzdGFrZW4sIGl0J3Mgbm90Cj4gemVybyBpbml0aWFsaXplZCwg c28gYXJlIHdlIGtmcmVlJ2luZyBnYXJiYWdlPwo+IEJ1dCB3ZSBtYXkgbmVlZCB0byBkbyBzb21l dGhpbmcgd2l0aCB0YXNrcyBhZnRlciBhcmNoX2R1cF90YXNrX3N0cnVjdC4KPgo+ID4gICAgICAg ICBzdGFja192bV9hcmVhID0gdGFza19zdGFja192bV9hcmVhKHRzayk7Cj4gPgo+ID4gICAgICAg ICBlcnIgPSBhcmNoX2R1cF90YXNrX3N0cnVjdCh0c2ssIG9yaWcpOwo+ID4gZGlmZiAtLWdpdCBh L2tlcm5lbC9zaWduYWwuYyBiL2tlcm5lbC9zaWduYWwuYwo+ID4gaW5kZXggYTYyOWIxMWJmM2Uw Li42OWJmMjE1MThiZDAgMTAwNjQ0Cj4gPiAtLS0gYS9rZXJuZWwvc2lnbmFsLmMKPiA+ICsrKyBi L2tlcm5lbC9zaWduYWwuYwo+ID4gQEAgLTQ1LDYgKzQ1LDcgQEAKPiA+ICAjaW5jbHVkZSA8bGlu dXgvcG9zaXgtdGltZXJzLmg+Cj4gPiAgI2luY2x1ZGUgPGxpbnV4L2Nncm91cC5oPgo+ID4gICNp bmNsdWRlIDxsaW51eC9hdWRpdC5oPgo+ID4gKyNpbmNsdWRlIDxsaW51eC91YWNjZXNzLWJ1ZmZl ci5oPgo+ID4KPiA+ICAjZGVmaW5lIENSRUFURV9UUkFDRV9QT0lOVFMKPiA+ICAjaW5jbHVkZSA8 dHJhY2UvZXZlbnRzL3NpZ25hbC5oPgo+ID4gQEAgLTEwMzEsNyArMTAzMiw4IEBAIHN0YXRpYyB2 b2lkIGNvbXBsZXRlX3NpZ25hbChpbnQgc2lnLCBzdHJ1Y3QgdGFza19zdHJ1Y3QgKnAsIGVudW0g cGlkX3R5cGUgdHlwZSkKPiA+ICAgICAgICAgaWYgKHNpZ19mYXRhbChwLCBzaWcpICYmCj4gPiAg ICAgICAgICAgICAhKHNpZ25hbC0+ZmxhZ3MgJiBTSUdOQUxfR1JPVVBfRVhJVCkgJiYKPiA+ICAg ICAgICAgICAgICFzaWdpc21lbWJlcigmdC0+cmVhbF9ibG9ja2VkLCBzaWcpICYmCj4gPiAtICAg ICAgICAgICAoc2lnID09IFNJR0tJTEwgfHwgIXAtPnB0cmFjZSkpIHsKPiA+ICsgICAgICAgICAg IChzaWcgPT0gU0lHS0lMTCB8fAo+ID4gKyAgICAgICAgICAgICEocC0+cHRyYWNlIHx8IHVhY2Nl c3NfYnVmZmVyX21heWJlX2Jsb2NrZWQocCkpKSkgewo+Cj4gV2h5IGRvIHdlIG5lZWQgdGhpcyBj aGFuZ2U/Cj4KPiA+ICAgICAgICAgICAgICAgICAvKgo+ID4gICAgICAgICAgICAgICAgICAqIFRo aXMgc2lnbmFsIHdpbGwgYmUgZmF0YWwgdG8gdGhlIHdob2xlIGdyb3VwLgo+ID4gICAgICAgICAg ICAgICAgICAqLwo+ID4gZGlmZiAtLWdpdCBhL2tlcm5lbC9zeXMuYyBiL2tlcm5lbC9zeXMuYwo+ ID4gaW5kZXggOGZkYWMwZDkwNTA0Li5jNzFhOWE5YzBmNjggMTAwNjQ0Cj4gPiAtLS0gYS9rZXJu ZWwvc3lzLmMKPiA+ICsrKyBiL2tlcm5lbC9zeXMuYwo+ID4gQEAgLTQyLDYgKzQyLDcgQEAKPiA+ ICAjaW5jbHVkZSA8bGludXgvdmVyc2lvbi5oPgo+ID4gICNpbmNsdWRlIDxsaW51eC9jdHlwZS5o Pgo+ID4gICNpbmNsdWRlIDxsaW51eC9zeXNjYWxsX3VzZXJfZGlzcGF0Y2guaD4KPiA+ICsjaW5j bHVkZSA8bGludXgvdWFjY2Vzcy1idWZmZXIuaD4KPiA+Cj4gPiAgI2luY2x1ZGUgPGxpbnV4L2Nv bXBhdC5oPgo+ID4gICNpbmNsdWRlIDxsaW51eC9zeXNjYWxscy5oPgo+ID4gQEAgLTI1MzAsNiAr MjUzMSwxMSBAQCBTWVNDQUxMX0RFRklORTUocHJjdGwsIGludCwgb3B0aW9uLCB1bnNpZ25lZCBs b25nLCBhcmcyLCB1bnNpZ25lZCBsb25nLCBhcmczLAo+ID4gICAgICAgICAgICAgICAgIGVycm9y ID0gc2NoZWRfY29yZV9zaGFyZV9waWQoYXJnMiwgYXJnMywgYXJnNCwgYXJnNSk7Cj4gPiAgICAg ICAgICAgICAgICAgYnJlYWs7Cj4gPiAgI2VuZGlmCj4gPiArICAgICAgIGNhc2UgUFJfU0VUX1VB Q0NFU1NfREVTQ1JJUFRPUl9BRERSX0FERFI6Cj4gPiArICAgICAgICAgICAgICAgaWYgKGFyZzMg fHwgYXJnNCB8fCBhcmc1KQo+ID4gKyAgICAgICAgICAgICAgICAgICAgICAgcmV0dXJuIC1FSU5W QUw7Cj4gPiArICAgICAgICAgICAgICAgZXJyb3IgPSB1YWNjZXNzX2J1ZmZlcl9zZXRfZGVzY3Jp cHRvcl9hZGRyX2FkZHIoYXJnMik7Cj4gPiArICAgICAgICAgICAgICAgYnJlYWs7Cj4gPiAgICAg ICAgIGRlZmF1bHQ6Cj4gPiAgICAgICAgICAgICAgICAgZXJyb3IgPSAtRUlOVkFMOwo+ID4gICAg ICAgICAgICAgICAgIGJyZWFrOwo+ID4gZGlmZiAtLWdpdCBhL2tlcm5lbC91YWNjZXNzLWJ1ZmZl ci5jIGIva2VybmVsL3VhY2Nlc3MtYnVmZmVyLmMKPiA+IG5ldyBmaWxlIG1vZGUgMTAwNjQ0Cj4g PiBpbmRleCAwMDAwMDAwMDAwMDAuLmUxYzZkNmFiOWFmOAo+ID4gLS0tIC9kZXYvbnVsbAo+ID4g KysrIGIva2VybmVsL3VhY2Nlc3MtYnVmZmVyLmMKPiA+IEBAIC0wLDAgKzEsMTI1IEBACj4gPiAr Ly8gU1BEWC1MaWNlbnNlLUlkZW50aWZpZXI6IEdQTC0yLjAKPiA+ICsvKgo+ID4gKyAqIFN1cHBv cnQgZm9yIHVhY2Nlc3MgbG9nZ2luZyB2aWEgdWFjY2VzcyBidWZmZXJzLgo+ID4gKyAqCj4gPiAr ICogQ29weXJpZ2h0IChDKSAyMDIxLCBHb29nbGUgTExDLgo+ID4gKyAqLwo+ID4gKwo+ID4gKyNp bmNsdWRlIDxsaW51eC9jb21wYXQuaD4KPiA+ICsjaW5jbHVkZSA8bGludXgvbW0uaD4KPiA+ICsj aW5jbHVkZSA8bGludXgvcHJjdGwuaD4KPiA+ICsjaW5jbHVkZSA8bGludXgvcHRyYWNlLmg+Cj4g PiArI2luY2x1ZGUgPGxpbnV4L3NjaGVkLmg+Cj4gPiArI2luY2x1ZGUgPGxpbnV4L3NpZ25hbC5o Pgo+ID4gKyNpbmNsdWRlIDxsaW51eC9zbGFiLmg+Cj4gPiArI2luY2x1ZGUgPGxpbnV4L3VhY2Nl c3MuaD4KPiA+ICsjaW5jbHVkZSA8bGludXgvdWFjY2Vzcy1idWZmZXIuaD4KPiA+ICsKPiA+ICtz dGF0aWMgdm9pZCB1YWNjZXNzX2J1ZmZlcl9sb2codW5zaWduZWQgbG9uZyBhZGRyLCB1bnNpZ25l ZCBsb25nIHNpemUsCj4gPiArICAgICAgICAgICAgICAgICAgICAgICAgICAgICB1bnNpZ25lZCBs b25nIGZsYWdzKQo+ID4gK3sKPiA+ICsgICAgICAgc3RydWN0IHVhY2Nlc3NfYnVmZmVyX2luZm8g KmJ1ZiA9ICZjdXJyZW50LT51YWNjZXNzX2J1ZmZlcjsKPiA+ICsgICAgICAgc3RydWN0IHVhY2Nl c3NfYnVmZmVyX2VudHJ5ICplbnRyeSA9IGJ1Zi0+a2N1cjsKPiA+ICsKPiA+ICsgICAgICAgaWYg KCFlbnRyeSB8fCB1bmxpa2VseSh1YWNjZXNzX2tlcm5lbCgpKSkKPiA+ICsgICAgICAgICAgICAg ICByZXR1cm47Cj4gPiArICAgICAgIGVudHJ5LT5hZGRyID0gYWRkcjsKPiA+ICsgICAgICAgZW50 cnktPnNpemUgPSBzaXplOwo+ID4gKyAgICAgICBlbnRyeS0+ZmxhZ3MgPSBmbGFnczsKPiA+ICsK PiA+ICsgICAgICAgKytidWYtPmtjdXI7Cj4gPiArICAgICAgIGlmIChidWYtPmtjdXIgPT0gYnVm LT5rZW5kKQo+ID4gKyAgICAgICAgICAgICAgIGJ1Zi0+a2N1ciA9IDA7Cj4KPiA9IE5VTEw7Cj4K PiA+ICt9Cj4gPiArCj4gPiArdm9pZCB1YWNjZXNzX2J1ZmZlcl9sb2dfcmVhZChjb25zdCB2b2lk IF9fdXNlciAqZnJvbSwgdW5zaWduZWQgbG9uZyBuKQo+ID4gK3sKPiA+ICsgICAgICAgdWFjY2Vz c19idWZmZXJfbG9nKCh1bnNpZ25lZCBsb25nKWZyb20sIG4sIDApOwo+ID4gK30KPiA+ICtFWFBP UlRfU1lNQk9MKHVhY2Nlc3NfYnVmZmVyX2xvZ19yZWFkKTsKPiA+ICsKPiA+ICt2b2lkIHVhY2Nl c3NfYnVmZmVyX2xvZ193cml0ZSh2b2lkIF9fdXNlciAqdG8sIHVuc2lnbmVkIGxvbmcgbikKPiA+ ICt7Cj4gPiArICAgICAgIHVhY2Nlc3NfYnVmZmVyX2xvZygodW5zaWduZWQgbG9uZyl0bywgbiwg VUFDQ0VTU19CVUZGRVJfRkxBR19XUklURSk7Cj4gPiArfQo+ID4gK0VYUE9SVF9TWU1CT0wodWFj Y2Vzc19idWZmZXJfbG9nX3dyaXRlKTsKPiA+ICsKPiA+ICtpbnQgdWFjY2Vzc19idWZmZXJfc2V0 X2Rlc2NyaXB0b3JfYWRkcl9hZGRyKHVuc2lnbmVkIGxvbmcgYWRkcikKPiA+ICt7Cj4gPiArICAg ICAgIGN1cnJlbnQtPnVhY2Nlc3NfYnVmZmVyLmRlc2NfcHRyX3B0ciA9Cj4gPiArICAgICAgICAg ICAgICAgKHN0cnVjdCB1YWNjZXNzX2Rlc2NyaXB0b3IgX191c2VyICogX191c2VyICopYWRkcjsK PiA+ICsgICAgICAgdWFjY2Vzc19idWZmZXJfY2FuY2VsX2xvZyhjdXJyZW50KTsKPgo+IElzIHRo aXMgbmVjZXNzYXJ5PyBJdCBsb29rcyBtb3JlIHJlYXNvbmFibGUgYW5kIHVzZWZ1bCB0byBub3Qg Y2FsbAo+IGNhbmNlbC4gSW4gbW9zdCBjYXNlcyB0aGUgdXNlciB3b24ndCBzZXR1cCBpdCB0d2lj ZS9jaGFuZ2UuIEJ1dCBpZiB0aGUKPiB1c2VyIGFueWhvdyBhc2tlZCB0byB0cmFjZSB0aGUgcHJj dGwsIHdoeSBub3QgdHJhY2UgaXQ/Cj4KPiA+ICsgICAgICAgcmV0dXJuIDA7Cj4gPiArfQo+ID4g Kwo+ID4gK2Jvb2wgX191YWNjZXNzX2J1ZmZlcl9wcmVfZXhpdF9sb29wKHZvaWQpCj4gPiArewo+ ID4gKyAgICAgICBzdHJ1Y3QgdWFjY2Vzc19idWZmZXJfaW5mbyAqYnVmID0gJmN1cnJlbnQtPnVh Y2Nlc3NfYnVmZmVyOwo+ID4gKyAgICAgICBzdHJ1Y3QgdWFjY2Vzc19kZXNjcmlwdG9yIF9fdXNl ciAqZGVzY19wdHI7Cj4gPiArICAgICAgIHNpZ3NldF90IHRtcF9tYXNrOwo+ID4gKwo+ID4gKyAg ICAgICBpZiAoZ2V0X3VzZXIoZGVzY19wdHIsIGJ1Zi0+ZGVzY19wdHJfcHRyKSB8fCAhZGVzY19w dHIpCj4gPiArICAgICAgICAgICAgICAgcmV0dXJuIGZhbHNlOwo+ID4gKwo+ID4gKyAgICAgICBj dXJyZW50LT5yZWFsX2Jsb2NrZWQgPSBjdXJyZW50LT5ibG9ja2VkOwo+ID4gKyAgICAgICBzaWdm aWxsc2V0KCZ0bXBfbWFzayk7Cj4gPiArICAgICAgIHNldF9jdXJyZW50X2Jsb2NrZWQoJnRtcF9t YXNrKTsKPiA+ICsgICAgICAgcmV0dXJuIHRydWU7Cj4gPiArfQo+ID4gKwo+ID4gK3ZvaWQgX191 YWNjZXNzX2J1ZmZlcl9wb3N0X2V4aXRfbG9vcCh2b2lkKQo+ID4gK3sKPiA+ICsgICAgICAgc3Bp bl9sb2NrX2lycSgmY3VycmVudC0+c2lnaGFuZC0+c2lnbG9jayk7Cj4gPiArICAgICAgIGN1cnJl bnQtPmJsb2NrZWQgPSBjdXJyZW50LT5yZWFsX2Jsb2NrZWQ7Cj4gPiArICAgICAgIHJlY2FsY19z aWdwZW5kaW5nKCk7Cj4gPiArICAgICAgIHNwaW5fdW5sb2NrX2lycSgmY3VycmVudC0+c2lnaGFu ZC0+c2lnbG9jayk7Cj4gPiArfQo+ID4gKwo+IDs+ICt2b2lkIHVhY2Nlc3NfYnVmZmVyX2NhbmNl bF9sb2coc3RydWN0IHRhc2tfc3RydWN0ICp0c2spCj4gPiArewo+ID4gKyAgICAgICBzdHJ1Y3Qg dWFjY2Vzc19idWZmZXJfaW5mbyAqYnVmID0gJnRzay0+dWFjY2Vzc19idWZmZXI7Cj4gPiArCj4g PiArICAgICAgIGlmIChidWYtPmtjdXIpIHsKPgo+IHVhY2Nlc3NfYnVmZmVyX2xvZyBzZXRzIGtj dXIgdG8gTlVMTCBvbiBvdmVyZmxvdyBhbmQgd2UgY2FsbCB0aGlzCj4gZnVuY3Rpb24gZnJvbSBh IG1pZGRsZSBvZiBmb3JrLCBpdCBsb29rcyBzdHJhbmdlIHRoYXQga2ZyZWUnaW5nCj4gc29tZXRo aW5nIGRlcGVuZHMgb24gdGhlIHByZXZpb3VzIGJ1ZmZlciBvdmVyZmxvdy4gU2hvdWxkIHdlIGNo ZWNrCj4ga2JlZ2luIGhlcmU/Cj4KPiA+ICsgICAgICAgICAgICAgICBidWYtPmtjdXIgPSAwOwo+ Cj4gPSBOVUxMCj4gSSB3b3VsZCBhbHNvIHNldCBrZW5kIHRvIE5VTEwgdG8gbm90IGxlYXZlIGEg ZGFuZ2xpbmcgcG9pbnRlci4KPgo+ID4gKyAgICAgICAgICAgICAgIGtmcmVlKGJ1Zi0+a2JlZ2lu KTsKPiA+ICsgICAgICAgfQo+ID4gK30KPiA+ICsKPiA+ICt2b2lkIF9fdWFjY2Vzc19idWZmZXJf c3lzY2FsbF9lbnRyeSh2b2lkKQo+ID4gK3sKPiA+ICsgICAgICAgc3RydWN0IHVhY2Nlc3NfYnVm ZmVyX2luZm8gKmJ1ZiA9ICZjdXJyZW50LT51YWNjZXNzX2J1ZmZlcjsKPiA+ICsgICAgICAgc3Ry dWN0IHVhY2Nlc3NfZGVzY3JpcHRvciBkZXNjOwo+ID4gKwo+ID4gKyAgICAgICBpZiAoZ2V0X3Vz ZXIoYnVmLT5kZXNjX3B0ciwgYnVmLT5kZXNjX3B0cl9wdHIpIHx8ICFidWYtPmRlc2NfcHRyIHx8 Cj4gPiArICAgICAgICAgICBwdXRfdXNlcigwLCBidWYtPmRlc2NfcHRyX3B0cikgfHwKPiA+ICsg ICAgICAgICAgIGNvcHlfZnJvbV91c2VyKCZkZXNjLCBidWYtPmRlc2NfcHRyLCBzaXplb2YoZGVz YykpKQo+ID4gKyAgICAgICAgICAgICAgIHJldHVybjsKPiA+ICsKPiA+ICsgICAgICAgaWYgKGRl c2Muc2l6ZSA+IDEwMjQpCj4gPiArICAgICAgICAgICAgICAgZGVzYy5zaXplID0gMTAyNDsKPiA+ ICsKPiA+ICsgICAgICAgYnVmLT5rYmVnaW4gPSBrbWFsbG9jX2FycmF5KAo+ID4gKyAgICAgICAg ICAgICAgIGRlc2Muc2l6ZSwgc2l6ZW9mKHN0cnVjdCB1YWNjZXNzX2J1ZmZlcl9lbnRyeSksIEdG UF9LRVJORUwpOwo+Cj4gSXMgbm90IGhhbmRsaW5nIGVycm9yIGludGVudGlvbmFsIGhlcmU/Cj4g TWF5YmUgaXQncyBiZXR0ZXIgdG8gY2hlY2sgdGhlIGVycm9yIGp1c3QgdG8gbWFrZSB0aGUgY29k ZSBtb3JlCj4gZXhwbGljaXQgKGFuZCBtYXliZSBwcmV2ZW50IHNvbWUgZnV0dXJlIGJ1Z3MpLgo+ Cj4gQWN0dWFsbHkgYW4gaW50ZXJlc3RpbmcgYXR0YWNrIHZlY3Rvci4gSWYgeW91IGNhbiBtYWtl IHRoaXMga21hbGxvYwo+IGZhaWwsIHlvdSBjYW4gcHJldmVudCBzYW5pdGl6ZXJzIGZyb20gZGV0 ZWN0aW5nIGFueSBvZiB0aGUgYmFkCj4gYWNjZXNzZXMgOikKPgo+IERvZXMgaXQgbWFrZSBzZW5z ZSB0byBmbGFnIHRoZSBlcnJvciBzb21ld2hlcmUgaW4gdGhlIGRlc2M/Li4uIG9yIEkgYW0KPiB0 aGlua2luZyBpZiB3ZSBzaG91bGQgcHJlLWFsbG9jYXRlIHRoZSBidWZmZXIsIGlmIHdlIHN0YXJ0 IHRyYWNpbmcgYQo+IHRhc2ssIHdlIHdpbGwgdHJhY2UgbG90cyBvZiBzeXNjYWxscywgc28gYXZv aWRpbmcga21hbGxvYy9rZnJlZSBwZXIKPiBzeXNjYWxsIGNhbiBtYWtlIHNlbnNlLiBXaGF0IGRv IHlvdSB0aGluaz8KPgo+ID4gKyAgICAgICBidWYtPmtjdXIgPSBidWYtPmtiZWdpbjsKPiA+ICsg ICAgICAgYnVmLT5rZW5kID0gYnVmLT5rYmVnaW4gKyBkZXNjLnNpemU7Cj4gPiArICAgICAgIGJ1 Zi0+dWJlZ2luID0gKHN0cnVjdCB1YWNjZXNzX2J1ZmZlcl9lbnRyeSBfX3VzZXIgKilkZXNjLmFk ZHI7Cj4gPiArfQo+ID4gKwo+ID4gK3ZvaWQgX191YWNjZXNzX2J1ZmZlcl9zeXNjYWxsX2V4aXQo dm9pZCkKPiA+ICt7Cj4gPiArICAgICAgIHN0cnVjdCB1YWNjZXNzX2J1ZmZlcl9pbmZvICpidWYg PSAmY3VycmVudC0+dWFjY2Vzc19idWZmZXI7Cj4gPiArICAgICAgIHU2NCBudW1fZW50cmllcyA9 IGJ1Zi0+a2N1ciAtIGJ1Zi0+a2JlZ2luOwo+ID4gKyAgICAgICBzdHJ1Y3QgdWFjY2Vzc19kZXNj cmlwdG9yIGRlc2M7Cj4gPiArCj4gPiArICAgICAgIGlmICghYnVmLT5rY3VyKQo+Cj4gdWFjY2Vz c19idWZmZXJfbG9nIHNldHMga2N1ciB0byBOVUxMIG9uIG92ZXJmbG93LiBJIHRoaW5rIHdlIG5l ZWQgdG8KPiBjaGVjayBrYmVnaW4gaGVyZS4KPgo+Cj4gPiArICAgICAgICAgICAgICAgcmV0dXJu Owo+ID4gKwo+ID4gKyAgICAgICBkZXNjLmFkZHIgPSAodTY0KShidWYtPnViZWdpbiArIG51bV9l bnRyaWVzKTsKPiA+ICsgICAgICAgZGVzYy5zaXplID0gYnVmLT5rZW5kIC0gYnVmLT5rY3VyOwo+ Cj4gSXMgdGhlIHVzZXIgZXhwZWN0ZWQgdG8gdXNlIHNpemUgaW4gYW55IG9mIHJlYXNvbmFibGUg c2NlbmFyaW9zPwo+IFdlIGNhcCBzaXplIGF0IDEwMjQgYXQgZW50cnksIHNvIHRoZSBzaXplIGNh biBiZSB0cnVuY2F0ZWQgaGVyZS4KPgo+ID4gKyAgICAgICBidWYtPmtjdXIgPSAwOwo+Cj4gPSBO VUxMCj4KPiA+ICsgICAgICAgaWYgKGNvcHlfdG9fdXNlcihidWYtPnViZWdpbiwgYnVmLT5rYmVn aW4sCj4gPiArICAgICAgICAgICAgICAgICAgICAgICAgbnVtX2VudHJpZXMgKiBzaXplb2Yoc3Ry dWN0IHVhY2Nlc3NfYnVmZmVyX2VudHJ5KSkgPT0gMCkKPiA+ICsgICAgICAgICAgICAgICAodm9p ZCljb3B5X3RvX3VzZXIoYnVmLT5kZXNjX3B0ciwgJmRlc2MsIHNpemVvZihkZXNjKSk7Cj4gPiAr Cj4gPiArICAgICAgIGtmcmVlKGJ1Zi0+a2JlZ2luKTsKPgo+IFdoYXQgaWYgd2UgZW50ZXIgZXhp dC9leGl0X2dyb3VwIHdpdGggbG9nZ2luZyBlbmFibGVkLCB3b24ndCB3ZSBsZWFrIHRoZSBidWZm ZXI/Cj4KPiA+ICt9Cj4gPiAtLQo+ID4gMi4zNC4wLnJjMi4zOTMuZ2Y4Yzk2NjY4ODAtZ29vZwo+ ID4KCgoKLS0gCkFsZXhhbmRlciBQb3RhcGVua28KU29mdHdhcmUgRW5naW5lZXIKCkdvb2dsZSBH ZXJtYW55IEdtYkgKRXJpa2EtTWFubi1TdHJhw59lLCAzMwo4MDYzNiBNw7xuY2hlbgoKR2VzY2jD pGZ0c2bDvGhyZXI6IFBhdWwgTWFuaWNsZSwgSGFsaW1haCBEZUxhaW5lIFByYWRvClJlZ2lzdGVy Z2VyaWNodCB1bmQgLW51bW1lcjogSGFtYnVyZywgSFJCIDg2ODkxClNpdHogZGVyIEdlc2VsbHNj aGFmdDogSGFtYnVyZwoKX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX18KbGludXgtYXJtLWtlcm5lbCBtYWlsaW5nIGxpc3QKbGludXgtYXJtLWtlcm5lbEBsaXN0 cy5pbmZyYWRlYWQub3JnCmh0dHA6Ly9saXN0cy5pbmZyYWRlYWQub3JnL21haWxtYW4vbGlzdGlu Zm8vbGludXgtYXJtLWtlcm5lbAo=