From mboxrd@z Thu Jan  1 00:00:00 1970
From: Ilya Smith <blackzert@gmail.com>
Subject: Re: [RFC PATCH v2 0/2] Randomization of address chosen by mmap.
Date: Tue, 3 Apr 2018 03:11:50 +0300
Message-ID: <D9173B50-39D6-4EE5-AF8B-3EB50D0C9A3B@gmail.com>
References: <1521736598-12812-1-git-send-email-blackzert@gmail.com>
 <20180323124806.GA5624@bombadil.infradead.org>
 <651E0DB6-4507-4DA1-AD46-9C26ED9792A8@gmail.com>
 <20180326084650.GC5652@dhcp22.suse.cz>
 <01A133F4-27DF-4AE2-80D6-B0368BF758CD@gmail.com>
 <20180327072432.GY5652@dhcp22.suse.cz>
 <0549F29C-12FC-4401-9E85-A430BC11DA78@gmail.com>
 <CAGXu5j+XXufprMaJ9GbHxD3mZ7iqUuu60-tTMC6wo2x1puYzMQ@mail.gmail.com>
 <20180327234904.GA27734@bombadil.infradead.org>
 <20180328000025.GM1436@brightrain.aerifal.cx>
 <3908561D78D1C84285E8C5FCA982C28F7B3B8BC5@ORSMSX110.amr.corp.intel.com>
Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\))
Content-Type: text/plain; charset="utf-8"
Cc: Kate Stewart <kstewart@linuxfoundation.org>,
 Linux MIPS Mailing List <linux-mips@linux-mips.org>,
 Rich Felker <dalias@libc.org>, Jan Kara <jack@suse.cz>,
 linux-sh <linux-sh@vger.kernel.org>,
 Benjamin Herrenschmidt <benh@kernel.crashing.org>,
 Bhupesh Sharma <bhsharma@redhat.com>,
 Heiko Carstens <heiko.carstens@de.ibm.com>, Michal Hocko <mhocko@kernel.org>,
 Linux-MM <linux-mm@kvack.org>, Paul Mackerras <paulus@samba.org>,
 Deepa Dinamani <deepa.kernel@gmail.com>, "H. Peter Anvin" <hpa@zytor.com>,
 sparclinux <sparclinux@vger.kernel.org>,
 "linux-ia64@vger.kernel.org" <linux-ia64@vger.kernel.org>, "Williams,
 Dan J" <dan.j.williams@intel.com>, Andrea Arcangeli <aarcange@redhat.com>,
 linux-s390 <linux-s390@vger.kernel.org>,
 Yoshinori Sato <ysato@users.sourceforge.jp>,
 Michael Ellerman <mpe@ellerman.id.au>, Helge Deller <deller@gmx.de>,
 X86 ML <x86@kernel.org>, Hugh Dickins <hu
To: "Luck, Tony" <tony.luck@intel.com>
Return-path: <linux-snps-arc-bounces+gla-linux-snps-arc=m.gmane.org@lists.infradead.org>
In-Reply-To: <3908561D78D1C84285E8C5FCA982C28F7B3B8BC5@ORSMSX110.amr.corp.intel.com>
List-Id: Linux on Synopsys ARC Processors <linux-snps-arc.lists.infradead.org>
List-Unsubscribe: <http://lists.infradead.org/mailman/options/linux-snps-arc>,
 <mailto:linux-snps-arc-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/linux-snps-arc/>
List-Post: <mailto:linux-snps-arc@lists.infradead.org>
List-Help: <mailto:linux-snps-arc-request@lists.infradead.org?subject=help>
List-Subscribe: <http://lists.infradead.org/mailman/listinfo/linux-snps-arc>,
 <mailto:linux-snps-arc-request@lists.infradead.org?subject=subscribe>
Errors-To: linux-snps-arc-bounces+gla-linux-snps-arc=m.gmane.org@lists.infradead.org

PiBPbiAyOSBNYXIgMjAxOCwgYXQgMDA6MDcsIEx1Y2ssIFRvbnkgPHRvbnkubHVja0BpbnRlbC5j
b20+IHdyb3RlOgo+IAo+PiBUaGUgZGVmYXVsdCBsaW1pdCBvZiBvbmx5IDY1NTM2IFZNQXMgd2ls
bCBhbHNvIHF1aWNrbHkgY29tZSBpbnRvIHBsYXkKPj4gaWYgY29uc2VjdXRpdmUgYW5vbiBtbWFw
cyBkb24ndCBnZXQgbWVyZ2VkLiBPZiBjb3Vyc2UgdGhpcyBjYW4gYmUKPj4gcmFpc2VkLCBidXQg
aXQgaGFzIHNpZ25pZmljYW50IHJlc291cmNlIGFuZCBwZXJmb3JtYW5jZSAoZm9yaykgY29zdHMu
Cj4gCj4gQ291bGQgdGhlIHJhbmRvbSBtbWFwIGFkZHJlc3MgY2hvb3NlciBsb29rIGZvciBob3cg
bWFueSBleGlzdGluZwo+IFZNQXMgaGF2ZSBzcGFjZSBiZWZvcmUvYWZ0ZXIgYW5kIHRoZSByaWdo
dCBhdHRyaWJ1dGVzIHRvIG1lcmdlIHdpdGggdGhlCj4gbmV3IG9uZSB5b3Ugd2FudCB0byBjcmVh
dGU/IElmIHRoaXMgaXMgYWJvdmUgc29tZSB0aHJlc2hvbGQgKDEwMD8pIHRoZW4KPiBwaWNrIG9u
ZSBvZiB0aGVtIHJhbmRvbWx5IGFuZCBhbGxvY2F0ZSB0aGUgbmV3IGFkZHJlc3Mgc28gdGhhdCBp
dCB3aWxsCj4gbWVyZ2UgZnJvbSBiZWxvdy9hYm92ZSB3aXRoIGFuIGV4aXN0aW5nIG9uZS4KPiAK
PiBUaGF0IHNob3VsZCBzdGlsbCBnaXZlIHlvdSBhIHZlcnkgaGlnaCBkZWdyZWUgb2YgcmFuZG9t
bmVzcywgYnV0IHByZXZlbnQKPiBvdXQgb2YgY29udHJvbCBudW1iZXJzIG9mIFZNQXMgZnJvbSBi
ZWluZyBjcmVhdGVkLgoKSSB0aGluayB0aGlzIHdvdWxkbuKAmXQgd29yay4gRm9yIGV4YW1wbGUg
dGhlc2UgMTAwIGFsbG9jYXRpb24gbWF5IGhhcHBlbmVkIG9uIApwcm9jZXNzIGluaXRpYWxpemF0
aW9uLiBCdXQgd2hlbiBhdHRhY2tlciBjb21lIHRvIHRoZSBzZXJ2ZXIgYWxsIGhpcyAKYWxsb2Nh
dGlvbnMgd291bGQgYmUgbWFkZSBvbiB0aGUgcHJlZGljdGFibGUgb2Zmc2V0cyBmcm9tIGVhY2gg
b3RoZXIuIFNvIGluIApyZXN1bHQgd2UgZGlkIG5vdGhpbmcganVzdCBkZWNyZWFzZSBwZXJmb3Jt
YW5jZSBvZiBmaXJzdCAxMDAgYWxsb2NhdGlvbnMuIEkgCnRoaW5rIEkgY2FuIG1ha2UgaW9jdGwg
dG8gdHVybiBvZmYgdGhpcyByYW5kb21pemF0aW9uIHBlciBwcm9jZXNzIGFuZCBpdCBjb3VsZCAK
YmUgdXNlZCBpZiBuZWVkZWQuIEZvciBleGFtcGxlIGlmIGFwcGxpY2F0aW9uIGdvaW5nIHRvIGFs
bG9jYXRlIGJpZyBjaHVuayBvciAKbWFrZSBiaWcgbWVtb3J5IHByZXNzdXJlLCBldGMuCgpCZXN0
IHJlZ2FyZHMsCklseWEKCl9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f
X19fX19fCmxpbnV4LXNucHMtYXJjIG1haWxpbmcgbGlzdApsaW51eC1zbnBzLWFyY0BsaXN0cy5p
bmZyYWRlYWQub3JnCmh0dHA6Ly9saXN0cy5pbmZyYWRlYWQub3JnL21haWxtYW4vbGlzdGluZm8v
bGludXgtc25wcy1hcmM=

From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <blackzert@gmail.com>
ARC-Seal: i=1; a=rsa-sha256; t=1522714370; cv=none;
        d=google.com; s=arc-20160816;
        b=ZWxCWQPXy0ofWl67vT1W59nsajgiJxWjK7Al2XuTxd0unS22RpPjJotdd+TKOrt8mc
         3Crv2v5RRHyqI3kK5hleLMorxQdiyzv28E0j156M2O7sH5nKbb0NuHzl4ZoedGf9KmXX
         GGr6HjV7CLdoeTQPjMf23IYPtyCmNaf6m2goiFvsB60ZsNs41T7fPEB8jGupxH2rkJ5s
         n0UuWQ2LO55Cead6v8GuRlFmpK1Ed6/+fgKk0iMKc4XaZDOH9LX76iqa62hNU3FLeYin
         rdVi87/jczT4wvojDQNdYPBJCjJ+IiF2tGXRkgyePvwJ4KU79ZtKehIhGbNxKG7RrOK+
         pbsw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=to:references:message-id:content-transfer-encoding:cc:date
         :in-reply-to:from:subject:mime-version:dkim-signature
         :arc-authentication-results;
        bh=J1d8GZtrK4hY+JTjitzp/6IX1SAUit8cEPdA71kilVA=;
        b=F1U3AFRo/zrNR60RmxBfw9IeI7nDUgiSkMbUxMUqZuhfexFRajQUITjFD+iMX1Ogpw
         F2RH2a79odgJ3bCOxQnk7ujEiG3Ta3997n9IIMJ6Ta/jvTRFafJRLRKUHMwipG/C82V2
         aU1dKmjAC17pP5PpGL6YvTCkw6ib36MTWQ7cDPhAIKARwj+57LaAWEwT0poe6fDpCjFe
         a6n1X2cY0YxeUb/OPKfpZts1E9VYrl46G7KPk3TBIk7Juk2qraZsp9KZJwnPq1iwJbTh
         Bb4yJe27MbdKQT+7S+SH3iIepVdf1tNxtRwTVXnKEAzAmZPRMKgeLMiA+s2cEsJkQasX
         OTDA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=EuGazHaJ;
       spf=pass (google.com: domain of blackzert@gmail.com designates 209.85.220.41 as permitted sender) smtp.mailfrom=blackzert@gmail.com;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=EuGazHaJ;
       spf=pass (google.com: domain of blackzert@gmail.com designates 209.85.220.41 as permitted sender) smtp.mailfrom=blackzert@gmail.com;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
X-Google-Smtp-Source: AIpwx49ClP02AGgxiYwZoPDHz8HxKYxZ15sE72H7Zj1waosYFFtzDGDuzQQRgJhpA6TX5qvHmOQxOA==
Content-Type: text/plain;
	charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\))
Subject: Re: [RFC PATCH v2 0/2] Randomization of address chosen by mmap.
From: Ilya Smith <blackzert@gmail.com>
In-Reply-To: <3908561D78D1C84285E8C5FCA982C28F7B3B8BC5@ORSMSX110.amr.corp.intel.com>
Date: Tue, 3 Apr 2018 03:11:50 +0300
Cc: Rich Felker <dalias@libc.org>,
 Matthew Wilcox <willy@infradead.org>,
 Kees Cook <keescook@chromium.org>,
 Michal Hocko <mhocko@kernel.org>,
 Richard Henderson <rth@twiddle.net>,
 "ink@jurassic.park.msu.ru" <ink@jurassic.park.msu.ru>,
 "mattst88@gmail.com" <mattst88@gmail.com>,
 Vineet Gupta <vgupta@synopsys.com>,
 Russell King <linux@armlinux.org.uk>,
 "Yu, Fenghua" <fenghua.yu@intel.com>,
 Ralf Baechle <ralf@linux-mips.org>,
 "James E.J. Bottomley" <jejb@parisc-linux.org>,
 Helge Deller <deller@gmx.de>,
 Benjamin Herrenschmidt <benh@kernel.crashing.org>,
 Paul Mackerras <paulus@samba.org>,
 Michael Ellerman <mpe@ellerman.id.au>,
 Martin Schwidefsky <schwidefsky@de.ibm.com>,
 Heiko Carstens <heiko.carstens@de.ibm.com>,
 Yoshinori Sato <ysato@users.sourceforge.jp>,
 "David S. Miller" <davem@davemloft.net>,
 Thomas Gleixner <tglx@linutronix.de>,
 Ingo Molnar <mingo@redhat.com>,
 "H. Peter Anvin" <hpa@zytor.com>,
 X86 ML <x86@kernel.org>,
 "nyc@holomorphy.com" <nyc@holomorphy.com>,
 Al Viro <viro@zeniv.linux.org.uk>,
 Arnd Bergmann <arnd@arndb.de>,
 Greg KH <gregkh@linuxfoundation.org>,
 Deepa Dinamani <deepa.kernel@gmail.com>,
 Hugh Dickins <hughd@google.com>,
 Kate Stewart <kstewart@linuxfoundation.org>,
 Philippe Ombredanne <pombredanne@nexb.com>,
 Andrew Morton <akpm@linux-foundation.org>,
 Steve Capper <steve.capper@arm.com>,
 Punit Agrawal <punit.agrawal@arm.com>,
 "Aneesh Kumar K.V" <aneesh.kumar@linux.vnet.ibm.com>,
 Nick Piggin <npiggin@gmail.com>,
 Bhupesh Sharma <bhsharma@redhat.com>,
 Rik van Riel <riel@redhat.com>,
 "nitin.m.gupta@oracle.com" <nitin.m.gupta@oracle.com>,
 "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>,
 "Williams, Dan J" <dan.j.williams@intel.com>,
 Jan Kara <jack@suse.cz>,
 Ross Zwisler <ross.zwisler@linux.intel.com>,
 Jerome Glisse <jglisse@redhat.com>,
 Andrea Arcangeli <aarcange@redhat.com>,
 Oleg Nesterov <oleg@redhat.com>,
 "linux-alpha@vger.kernel.org" <linux-alpha@vger.kernel.org>,
 LKML <linux-kernel@vger.kernel.org>,
 "linux-snps-arc@lists.infradead.org" <linux-snps-arc@lists.infradead.org>,
 "linux-ia64@vger.kernel.org" <linux-ia64@vger.kernel.org>,
 "linux-metag@vger.kernel.org" <linux-metag@vger.kernel.org>,
 Linux MIPS Mailing List <linux-mips@linux-mips.org>,
 linux-parisc <linux-parisc@vger.kernel.org>,
 PowerPC <linuxppc-dev@lists.ozlabs.org>,
 linux-s390 <linux-s390@vger.kernel.org>,
 linux-sh <linux-sh@vger.kernel.org>,
 sparclinux <sparclinux@vger.kernel.org>,
 Linux-MM <linux-mm@kvack.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <D9173B50-39D6-4EE5-AF8B-3EB50D0C9A3B@gmail.com>
References: <1521736598-12812-1-git-send-email-blackzert@gmail.com>
 <20180323124806.GA5624@bombadil.infradead.org>
 <651E0DB6-4507-4DA1-AD46-9C26ED9792A8@gmail.com>
 <20180326084650.GC5652@dhcp22.suse.cz>
 <01A133F4-27DF-4AE2-80D6-B0368BF758CD@gmail.com>
 <20180327072432.GY5652@dhcp22.suse.cz>
 <0549F29C-12FC-4401-9E85-A430BC11DA78@gmail.com>
 <CAGXu5j+XXufprMaJ9GbHxD3mZ7iqUuu60-tTMC6wo2x1puYzMQ@mail.gmail.com>
 <20180327234904.GA27734@bombadil.infradead.org>
 <20180328000025.GM1436@brightrain.aerifal.cx>
 <3908561D78D1C84285E8C5FCA982C28F7B3B8BC5@ORSMSX110.amr.corp.intel.com>
To: "Luck, Tony" <tony.luck@intel.com>
X-Mailer: Apple Mail (2.3445.5.20)
X-getmail-retrieved-from-mailbox: INBOX
X-GMAIL-THRID: =?utf-8?q?1595656488556903336?=
X-GMAIL-MSGID: =?utf-8?q?1596681744210038058?=
X-Mailing-List: linux-kernel@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>

> On 29 Mar 2018, at 00:07, Luck, Tony <tony.luck@intel.com> wrote:
>=20
>> The default limit of only 65536 VMAs will also quickly come into play
>> if consecutive anon mmaps don't get merged. Of course this can be
>> raised, but it has significant resource and performance (fork) costs.
>=20
> Could the random mmap address chooser look for how many existing
> VMAs have space before/after and the right attributes to merge with =
the
> new one you want to create? If this is above some threshold (100?) =
then
> pick one of them randomly and allocate the new address so that it will
> merge from below/above with an existing one.
>=20
> That should still give you a very high degree of randomness, but =
prevent
> out of control numbers of VMAs from being created.

I think this wouldn=E2=80=99t work. For example these 100 allocation may =
happened on=20
process initialization. But when attacker come to the server all his=20
allocations would be made on the predictable offsets from each other. So =
in=20
result we did nothing just decrease performance of first 100 =
allocations. I=20
think I can make ioctl to turn off this randomization per process and it =
could=20
be used if needed. For example if application going to allocate big =
chunk or=20
make big memory pressure, etc.

Best regards,
Ilya

From mboxrd@z Thu Jan  1 00:00:00 1970
Received: with ECARTIS (v1.0.0; list linux-mips); Tue, 03 Apr 2018 02:13:02 +0200 (CEST)
Received: from mail-wm0-x230.google.com ([IPv6:2a00:1450:400c:c09::230]:52191
        "EHLO mail-wm0-x230.google.com" rhost-flags-OK-OK-OK-OK)
        by eddie.linux-mips.org with ESMTP id S23992827AbeDCAMzugDpF convert rfc822-to-8bit
        (ORCPT <rfc822;linux-mips@linux-mips.org>);
        Tue, 3 Apr 2018 02:12:55 +0200
Received: by mail-wm0-x230.google.com with SMTP id v21so29357157wmc.1;
        Mon, 02 Apr 2018 17:12:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:subject:from:in-reply-to:date:cc
         :content-transfer-encoding:message-id:references:to;
        bh=J1d8GZtrK4hY+JTjitzp/6IX1SAUit8cEPdA71kilVA=;
        b=EuGazHaJzfISFZPcaALS46j4L2SWOQSJr2G0H6JQggNgAP3jOI/Z1miZU0cLVtfS+D
         XQHKKNOuaR0G4aP4sVgBxJCb5pGMX9v5HTG2Xo/kSfMUrBs+Z+LqpNIVRFRgKtpEwcyJ
         Tw8Fwdp0WRulT0LU7BkFCv/X2cVbfO0Kz7bbrnptgTn/8O6unYV6Tt1Epoj8qtwwGSpq
         dO3Q5AxB4ASt322rkDh94EeraoMfNW10dAwylgtAQnTo9bSGgQOlZGxR4ifxFyhfrWyZ
         Og5c8OJc0VsU+yZA5lE987aGBBu0mgSoCKczbI5z9eo8v2VK2G+mckRss/zkON29ss6+
         9UPA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc
         :content-transfer-encoding:message-id:references:to;
        bh=J1d8GZtrK4hY+JTjitzp/6IX1SAUit8cEPdA71kilVA=;
        b=m9sIBFbwX0KpzFPsqbyOB1oGw+nKNgMsbHqDAEanZLiVlVpxjsaCafmIm28pcd25WO
         DOTW95A/sQJwTBEfs6PDEy3ftPq5MClyyc05aWPqqnISYrcUhWj7DuCJfEu1bwIxay8H
         lmM68+SADoMNkup0nDORbxhcaOkL17jBHnKJPxhaWnxr9BnD78k2eUfCrGcJHgzEQIQm
         UmkbwooK+vPXZluJsGuj7LuIuNUSe8kGKTjNiKGj0FfOrnE25/LiecdwaC4TdWDMywT1
         qL6rgKZCha7Y0gn7vRadgZ3AOCyBxwHk+m3M4OHdv/apaIA9KsIP3yCaQ/PbU3RxMy+u
         m6vQ==
X-Gm-Message-State: AElRT7HbrrnjkhdBXH29y53pKnjdlDWpfIfEjA7Lb9H79QAVKR7g2fyn
        FC6Q/MPSwplxI8Jrjh1RdJg=
X-Google-Smtp-Source: AIpwx49ClP02AGgxiYwZoPDHz8HxKYxZ15sE72H7Zj1waosYFFtzDGDuzQQRgJhpA6TX5qvHmOQxOA==
X-Received: by 10.46.16.1 with SMTP id j1mr7300865lje.102.1522714370429;
        Mon, 02 Apr 2018 17:12:50 -0700 (PDT)
Received: from [192.168.1.3] (broadband-188-255-70-164.moscow.rt.ru. [188.255.70.164])
        by smtp.gmail.com with ESMTPSA id 93-v6sm272506lfy.5.2018.04.02.17.12.48
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Mon, 02 Apr 2018 17:12:49 -0700 (PDT)
Content-Type: text/plain;
        charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\))
Subject: Re: [RFC PATCH v2 0/2] Randomization of address chosen by mmap.
From:   Ilya Smith <blackzert@gmail.com>
In-Reply-To: <3908561D78D1C84285E8C5FCA982C28F7B3B8BC5@ORSMSX110.amr.corp.intel.com>
Date:   Tue, 3 Apr 2018 03:11:50 +0300
Cc:     Rich Felker <dalias@libc.org>,
        Matthew Wilcox <willy@infradead.org>,
        Kees Cook <keescook@chromium.org>,
        Michal Hocko <mhocko@kernel.org>,
        Richard Henderson <rth@twiddle.net>,
        "ink@jurassic.park.msu.ru" <ink@jurassic.park.msu.ru>,
        "mattst88@gmail.com" <mattst88@gmail.com>,
        Vineet Gupta <vgupta@synopsys.com>,
        Russell King <linux@armlinux.org.uk>,
        "Yu, Fenghua" <fenghua.yu@intel.com>,
        Ralf Baechle <ralf@linux-mips.org>,
        "James E.J. Bottomley" <jejb@parisc-linux.org>,
        Helge Deller <deller@gmx.de>,
        Benjamin Herrenschmidt <benh@kernel.crashing.org>,
        Paul Mackerras <paulus@samba.org>,
        Michael Ellerman <mpe@ellerman.id.au>,
        Martin Schwidefsky <schwidefsky@de.ibm.com>,
        Heiko Carstens <heiko.carstens@de.ibm.com>,
        Yoshinori Sato <ysato@users.sourceforge.jp>,
        "David S. Miller" <davem@davemloft.net>,
        Thomas Gleixner <tglx@linutronix.de>,
        Ingo Molnar <mingo@redhat.com>,
        "H. Peter Anvin" <hpa@zytor.com>, X86 ML <x86@kernel.org>,
        "nyc@holomorphy.com" <nyc@holomorphy.com>,
        Al Viro <viro@zeniv.linux.org.uk>,
        Arnd Bergmann <arnd@arndb.de>,
        Greg KH <gregkh@linuxfoundation.org>,
        Deepa Dinamani <deepa.kernel@gmail.com>,
        Hugh Dickins <hughd@google.com>,
        Kate Stewart <kstewart@linuxfoundation.org>,
        Philippe Ombredanne <pombredanne@nexb.com>,
        Andrew Morton <akpm@linux-foundation.org>,
        Steve Capper <steve.capper@arm.com>,
        Punit Agrawal <punit.agrawal@arm.com>,
        "Aneesh Kumar K.V" <aneesh.kumar@linux.vnet.ibm.com>,
        Nick Piggin <npiggin@gmail.com>,
        Bhupesh Sharma <bhsharma@redhat.com>,
        Rik van Riel <riel@redhat.com>,
        "nitin.m.gupta@oracle.com" <nitin.m.gupta@oracle.com>,
        "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>,
        "Williams, Dan J" <dan.j.williams@intel.com>,
        Jan Kara <jack@suse.cz>,
        Ross Zwisler <ross.zwisler@linux.intel.com>,
        Jerome Glisse <jglisse@redhat.com>,
        Andrea Arcangeli <aarcange@redhat.com>,
        Oleg Nesterov <oleg@redhat.com>,
        "linux-alpha@vger.kernel.org" <linux-alpha@vger.kernel.org>,
        LKML <linux-kernel@vger.kernel.org>,
        "linux-snps-arc@lists.infradead.org" 
        <linux-snps-arc@lists.infradead.org>,
        "linux-ia64@vger.kernel.org" <linux-ia64@vger.kernel.org>,
        "linux-metag@vger.kernel.org" <linux-metag@vger.kernel.org>,
        Linux MIPS Mailing List <linux-mips@linux-mips.org>,
        linux-parisc <linux-parisc@vger.kernel.org>,
        PowerPC <linuxppc-dev@lists.ozlabs.org>,
        linux-s390 <linux-s390@vger.kernel.org>,
        linux-sh <linux-sh@vger.kernel.org>,
        sparclinux <sparclinux@vger.kernel.org>,
        Linux-MM <linux-mm@kvack.org>
Content-Transfer-Encoding: 8BIT
Message-Id: <D9173B50-39D6-4EE5-AF8B-3EB50D0C9A3B@gmail.com>
References: <1521736598-12812-1-git-send-email-blackzert@gmail.com>
 <20180323124806.GA5624@bombadil.infradead.org>
 <651E0DB6-4507-4DA1-AD46-9C26ED9792A8@gmail.com>
 <20180326084650.GC5652@dhcp22.suse.cz>
 <01A133F4-27DF-4AE2-80D6-B0368BF758CD@gmail.com>
 <20180327072432.GY5652@dhcp22.suse.cz>
 <0549F29C-12FC-4401-9E85-A430BC11DA78@gmail.com>
 <CAGXu5j+XXufprMaJ9GbHxD3mZ7iqUuu60-tTMC6wo2x1puYzMQ@mail.gmail.com>
 <20180327234904.GA27734@bombadil.infradead.org>
 <20180328000025.GM1436@brightrain.aerifal.cx>
 <3908561D78D1C84285E8C5FCA982C28F7B3B8BC5@ORSMSX110.amr.corp.intel.com>
To:     "Luck, Tony" <tony.luck@intel.com>
X-Mailer: Apple Mail (2.3445.5.20)
Return-Path: <blackzert@gmail.com>
X-Envelope-To: <"|/home/ecartis/ecartis -s linux-mips"> (uid 0)
X-Orcpt: rfc822;linux-mips@linux-mips.org
Original-Recipient: rfc822;linux-mips@linux-mips.org
X-archive-position: 63381
X-ecartis-version: Ecartis v1.0.0
Sender: linux-mips-bounce@linux-mips.org
Errors-to: linux-mips-bounce@linux-mips.org
X-original-sender: blackzert@gmail.com
Precedence: bulk
List-help: <mailto:ecartis@linux-mips.org?Subject=help>
List-unsubscribe: <mailto:ecartis@linux-mips.org?subject=unsubscribe%20linux-mips>
List-software: Ecartis version 1.0.0
List-Id: linux-mips <linux-mips.eddie.linux-mips.org>
X-List-ID: linux-mips <linux-mips.eddie.linux-mips.org>
List-subscribe: <mailto:ecartis@linux-mips.org?subject=subscribe%20linux-mips>
List-owner: <mailto:ralf@linux-mips.org>
List-post: <mailto:linux-mips@linux-mips.org>
List-archive: <http://www.linux-mips.org/archives/linux-mips/>
X-list: linux-mips

> On 29 Mar 2018, at 00:07, Luck, Tony <tony.luck@intel.com> wrote:
> 
>> The default limit of only 65536 VMAs will also quickly come into play
>> if consecutive anon mmaps don't get merged. Of course this can be
>> raised, but it has significant resource and performance (fork) costs.
> 
> Could the random mmap address chooser look for how many existing
> VMAs have space before/after and the right attributes to merge with the
> new one you want to create? If this is above some threshold (100?) then
> pick one of them randomly and allocate the new address so that it will
> merge from below/above with an existing one.
> 
> That should still give you a very high degree of randomness, but prevent
> out of control numbers of VMAs from being created.

I think this wouldn’t work. For example these 100 allocation may happened on 
process initialization. But when attacker come to the server all his 
allocations would be made on the predictable offsets from each other. So in 
result we did nothing just decrease performance of first 100 allocations. I 
think I can make ioctl to turn off this randomization per process and it could 
be used if needed. For example if application going to allocate big chunk or 
make big memory pressure, etc.

Best regards,
Ilya

From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <blackzert@gmail.com>
Received: from mail-wm0-x231.google.com (mail-wm0-x231.google.com
 [IPv6:2a00:1450:400c:c09::231])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (No client certificate requested)
 by lists.ozlabs.org (Postfix) with ESMTPS id 40FV0j5gGrzF25c
 for <linuxppc-dev@lists.ozlabs.org>; Tue,  3 Apr 2018 10:12:53 +1000 (AEST)
Received: by mail-wm0-x231.google.com with SMTP id b127so28466522wmf.5
 for <linuxppc-dev@lists.ozlabs.org>; Mon, 02 Apr 2018 17:12:53 -0700 (PDT)
Content-Type: text/plain;
	charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\))
Subject: Re: [RFC PATCH v2 0/2] Randomization of address chosen by mmap.
From: Ilya Smith <blackzert@gmail.com>
In-Reply-To: <3908561D78D1C84285E8C5FCA982C28F7B3B8BC5@ORSMSX110.amr.corp.intel.com>
Date: Tue, 3 Apr 2018 03:11:50 +0300
Cc: Rich Felker <dalias@libc.org>, Matthew Wilcox <willy@infradead.org>,
 Kees Cook <keescook@chromium.org>, Michal Hocko <mhocko@kernel.org>,
 Richard Henderson <rth@twiddle.net>,
 "ink@jurassic.park.msu.ru" <ink@jurassic.park.msu.ru>,
 "mattst88@gmail.com" <mattst88@gmail.com>,
 Vineet Gupta <vgupta@synopsys.com>, Russell King <linux@armlinux.org.uk>,
 "Yu, Fenghua" <fenghua.yu@intel.com>, Ralf Baechle <ralf@linux-mips.org>,
 "James E.J. Bottomley" <jejb@parisc-linux.org>,
 Helge Deller <deller@gmx.de>,
 Benjamin Herrenschmidt <benh@kernel.crashing.org>,
 Paul Mackerras <paulus@samba.org>, Michael Ellerman <mpe@ellerman.id.au>,
 Martin Schwidefsky <schwidefsky@de.ibm.com>,
 Heiko Carstens <heiko.carstens@de.ibm.com>,
 Yoshinori Sato <ysato@users.sourceforge.jp>,
 "David S. Miller" <davem@davemloft.net>,
 Thomas Gleixner <tglx@linutronix.de>, Ingo Molnar <mingo@redhat.com>,
 "H. Peter Anvin" <hpa@zytor.com>, X86 ML <x86@kernel.org>,
 "nyc@holomorphy.com" <nyc@holomorphy.com>,
 Al Viro <viro@zeniv.linux.org.uk>, Arnd Bergmann <arnd@arndb.de>,
 Greg KH <gregkh@linuxfoundation.org>,
 Deepa Dinamani <deepa.kernel@gmail.com>, Hugh Dickins <hughd@google.com>,
 Kate Stewart <kstewart@linuxfoundation.org>,
 Philippe Ombredanne <pombredanne@nexb.com>,
 Andrew Morton <akpm@linux-foundation.org>,
 Steve Capper <steve.capper@arm.com>, Punit Agrawal <punit.agrawal@arm.com>,
 "Aneesh Kumar K.V" <aneesh.kumar@linux.vnet.ibm.com>,
 Nick Piggin <npiggin@gmail.com>, Bhupesh Sharma <bhsharma@redhat.com>,
 Rik van Riel <riel@redhat.com>,
 "nitin.m.gupta@oracle.com" <nitin.m.gupta@oracle.com>,
 "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>,
 "Williams, Dan J" <dan.j.williams@intel.com>, Jan Kara <jack@suse.cz>,
 Ross Zwisler <ross.zwisler@linux.intel.com>,
 Jerome Glisse <jglisse@redhat.com>, Andrea Arcangeli <aarcange@redhat.com>,
 Oleg Nesterov <oleg@redhat.com>,
 "linux-alpha@vger.kernel.org" <linux-alpha@vger.kernel.org>,
 LKML <linux-kernel@vger.kernel.org>,
 "linux-snps-arc@lists.infradead.org" <linux-snps-arc@lists.infradead.org>,
 "linux-ia64@vger.kernel.org" <linux-ia64@vger.kernel.org>,
 "linux-metag@vger.kernel.org" <linux-metag@vger.kernel.org>,
 Linux MIPS Mailing List <linux-mips@linux-mips.org>,
 linux-parisc <linux-parisc@vger.kernel.org>,
 PowerPC <linuxppc-dev@lists.ozlabs.org>,
 linux-s390 <linux-s390@vger.kernel.org>,
 linux-sh <linux-sh@vger.kernel.org>,
 sparclinux <sparclinux@vger.kernel.org>, Linux-MM <linux-mm@kvack.org>
Message-Id: <D9173B50-39D6-4EE5-AF8B-3EB50D0C9A3B@gmail.com>
References: <1521736598-12812-1-git-send-email-blackzert@gmail.com>
 <20180323124806.GA5624@bombadil.infradead.org>
 <651E0DB6-4507-4DA1-AD46-9C26ED9792A8@gmail.com>
 <20180326084650.GC5652@dhcp22.suse.cz>
 <01A133F4-27DF-4AE2-80D6-B0368BF758CD@gmail.com>
 <20180327072432.GY5652@dhcp22.suse.cz>
 <0549F29C-12FC-4401-9E85-A430BC11DA78@gmail.com>
 <CAGXu5j+XXufprMaJ9GbHxD3mZ7iqUuu60-tTMC6wo2x1puYzMQ@mail.gmail.com>
 <20180327234904.GA27734@bombadil.infradead.org>
 <20180328000025.GM1436@brightrain.aerifal.cx>
 <3908561D78D1C84285E8C5FCA982C28F7B3B8BC5@ORSMSX110.amr.corp.intel.com>
To: "Luck, Tony" <tony.luck@intel.com>
List-Id: Linux on PowerPC Developers Mail List <linuxppc-dev.lists.ozlabs.org>
List-Unsubscribe: <https://lists.ozlabs.org/options/linuxppc-dev>,
 <mailto:linuxppc-dev-request@lists.ozlabs.org?subject=unsubscribe>
List-Archive: <http://lists.ozlabs.org/pipermail/linuxppc-dev/>
List-Post: <mailto:linuxppc-dev@lists.ozlabs.org>
List-Help: <mailto:linuxppc-dev-request@lists.ozlabs.org?subject=help>
List-Subscribe: <https://lists.ozlabs.org/listinfo/linuxppc-dev>,
 <mailto:linuxppc-dev-request@lists.ozlabs.org?subject=subscribe>

> On 29 Mar 2018, at 00:07, Luck, Tony <tony.luck@intel.com> wrote:
>=20
>> The default limit of only 65536 VMAs will also quickly come into play
>> if consecutive anon mmaps don't get merged. Of course this can be
>> raised, but it has significant resource and performance (fork) costs.
>=20
> Could the random mmap address chooser look for how many existing
> VMAs have space before/after and the right attributes to merge with =
the
> new one you want to create? If this is above some threshold (100?) =
then
> pick one of them randomly and allocate the new address so that it will
> merge from below/above with an existing one.
>=20
> That should still give you a very high degree of randomness, but =
prevent
> out of control numbers of VMAs from being created.

I think this wouldn=E2=80=99t work. For example these 100 allocation may =
happened on=20
process initialization. But when attacker come to the server all his=20
allocations would be made on the predictable offsets from each other. So =
in=20
result we did nothing just decrease performance of first 100 =
allocations. I=20
think I can make ioctl to turn off this randomization per process and it =
could=20
be used if needed. For example if application going to allocate big =
chunk or=20
make big memory pressure, etc.

Best regards,
Ilya

From mboxrd@z Thu Jan  1 00:00:00 1970
From: blackzert@gmail.com (Ilya Smith)
Date: Tue, 3 Apr 2018 03:11:50 +0300
Subject: [RFC PATCH v2 0/2] Randomization of address chosen by mmap.
In-Reply-To: <3908561D78D1C84285E8C5FCA982C28F7B3B8BC5@ORSMSX110.amr.corp.intel.com>
References: <1521736598-12812-1-git-send-email-blackzert@gmail.com>
 <20180323124806.GA5624@bombadil.infradead.org>
 <651E0DB6-4507-4DA1-AD46-9C26ED9792A8@gmail.com>
 <20180326084650.GC5652@dhcp22.suse.cz>
 <01A133F4-27DF-4AE2-80D6-B0368BF758CD@gmail.com>
 <20180327072432.GY5652@dhcp22.suse.cz>
 <0549F29C-12FC-4401-9E85-A430BC11DA78@gmail.com>
 <CAGXu5j+XXufprMaJ9GbHxD3mZ7iqUuu60-tTMC6wo2x1puYzMQ@mail.gmail.com>
 <20180327234904.GA27734@bombadil.infradead.org>
 <20180328000025.GM1436@brightrain.aerifal.cx>
 <3908561D78D1C84285E8C5FCA982C28F7B3B8BC5@ORSMSX110.amr.corp.intel.com>
List-ID: <linux-snps-arc@lists.infradead.org>
Message-ID: <D9173B50-39D6-4EE5-AF8B-3EB50D0C9A3B@gmail.com>
To: linux-snps-arc@lists.infradead.org

> On 29 Mar 2018,@00:07, Luck, Tony <tony.luck@intel.com> wrote:
> 
>> The default limit of only 65536 VMAs will also quickly come into play
>> if consecutive anon mmaps don't get merged. Of course this can be
>> raised, but it has significant resource and performance (fork) costs.
> 
> Could the random mmap address chooser look for how many existing
> VMAs have space before/after and the right attributes to merge with the
> new one you want to create? If this is above some threshold (100?) then
> pick one of them randomly and allocate the new address so that it will
> merge from below/above with an existing one.
> 
> That should still give you a very high degree of randomness, but prevent
> out of control numbers of VMAs from being created.

I think this wouldn?t work. For example these 100 allocation may happened on 
process initialization. But when attacker come to the server all his 
allocations would be made on the predictable offsets from each other. So in 
result we did nothing just decrease performance of first 100 allocations. I 
think I can make ioctl to turn off this randomization per process and it could 
be used if needed. For example if application going to allocate big chunk or 
make big memory pressure, etc.

Best regards,
Ilya

From mboxrd@z Thu Jan  1 00:00:00 1970
From: Ilya Smith <blackzert@gmail.com>
Subject: Re: [RFC PATCH v2 0/2] Randomization of address chosen by mmap.
Date: Tue, 3 Apr 2018 03:11:50 +0300
Message-ID: <D9173B50-39D6-4EE5-AF8B-3EB50D0C9A3B@gmail.com>
References: <1521736598-12812-1-git-send-email-blackzert@gmail.com>
 <20180323124806.GA5624@bombadil.infradead.org>
 <651E0DB6-4507-4DA1-AD46-9C26ED9792A8@gmail.com>
 <20180326084650.GC5652@dhcp22.suse.cz>
 <01A133F4-27DF-4AE2-80D6-B0368BF758CD@gmail.com>
 <20180327072432.GY5652@dhcp22.suse.cz>
 <0549F29C-12FC-4401-9E85-A430BC11DA78@gmail.com>
 <CAGXu5j+XXufprMaJ9GbHxD3mZ7iqUuu60-tTMC6wo2x1puYzMQ@mail.gmail.com>
 <20180327234904.GA27734@bombadil.infradead.org>
 <20180328000025.GM1436@brightrain.aerifal.cx>
 <3908561D78D1C84285E8C5FCA982C28F7B3B8BC5@ORSMSX110.amr.corp.intel.com>
Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\))
Content-Transfer-Encoding: base64
Return-path: <linux-snps-arc-bounces+gla-linux-snps-arc=m.gmane.org@lists.infradead.org>
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=bombadil.20170209; h=Sender:
	Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post:
	List-Archive:List-Unsubscribe:List-Id:To:References:Message-Id:Date:
	In-Reply-To:From:Subject:Mime-Version:Reply-To:Content-ID:Content-Description
	:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:
	List-Owner; bh=yiTlZzHOraXb2l7uSY/Q+cQlU0zxL23qAGDjEMIAtF8=; b=pfraRL9V5ng7DW
	YkIOh04lNn7h54pEO73/0OWVPCMATnVrty0dsuTJ24kwZ/SkRKa83gzdVQ41Ns8UEIOlRyWpl8Yk9
	pYgujV97QGUfWdXtAxXC9cca88q5iwox5yiSdESy3ucwI4Au0pRLnL+fvMn6KJkzfBOJL+knHmkyT
	N14VQRV5VsL1i7evHBc0wd7H668nuiDJ4JtsLaIZ2LFGEnBnBDvo5t4gJaZqvgTngYSGoWWW4L28H
	9FtMwi7I8lxlahDirBLCOD06GhZCNWqxiB7y72zkRVSYuAIeOagHRNMUsaTJlAP3j4R4ChJGMNRwv
	P3sr5KiV399m/kqevaeg==;
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=mime-version:subject:from:in-reply-to:date:cc
 :content-transfer-encoding:message-id:references:to;
 bh=J1d8GZtrK4hY+JTjitzp/6IX1SAUit8cEPdA71kilVA=;
 b=EuGazHaJzfISFZPcaALS46j4L2SWOQSJr2G0H6JQggNgAP3jOI/Z1miZU0cLVtfS+D
 XQHKKNOuaR0G4aP4sVgBxJCb5pGMX9v5HTG2Xo/kSfMUrBs+Z+LqpNIVRFRgKtpEwcyJ
 Tw8Fwdp0WRulT0LU7BkFCv/X2cVbfO0Kz7bbrnptgTn/8O6unYV6Tt1Epoj8qtwwGSpq
 dO3Q5AxB4ASt322rkDh94EeraoMfNW10dAwylgtAQnTo9bSGgQOlZGxR4ifxFyhfrWyZ
 Og5c8OJc0VsU+yZA5lE987aGBBu0mgSoCKczbI5z9eo8v2VK2G+mckRss/zkON29ss6+
 9UPA==
In-Reply-To: <3908561D78D1C84285E8C5FCA982C28F7B3B8BC5@ORSMSX110.amr.corp.intel.com>
List-Id: <linux-alpha.vger.kernel.org>
List-Unsubscribe: <http://lists.infradead.org/mailman/options/linux-snps-arc>, 
 <mailto:linux-snps-arc-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/linux-snps-arc/>
List-Post: <mailto:linux-snps-arc@lists.infradead.org>
List-Help: <mailto:linux-snps-arc-request@lists.infradead.org?subject=help>
List-Subscribe: <http://lists.infradead.org/mailman/listinfo/linux-snps-arc>, 
 <mailto:linux-snps-arc-request@lists.infradead.org?subject=subscribe>
Sender: "linux-snps-arc" <linux-snps-arc-bounces@lists.infradead.org>
Errors-To: linux-snps-arc-bounces+gla-linux-snps-arc=m.gmane.org@lists.infradead.org
Content-Type: text/plain; charset="windows-1252"
To: "Luck, Tony" <tony.luck@intel.com>
Cc: Kate Stewart <kstewart@linuxfoundation.org>, Linux MIPS Mailing List <linux-mips@linux-mips.org>, Rich Felker <dalias@libc.org>, Jan Kara <jack@suse.cz>, linux-sh <linux-sh@vger.kernel.org>, Benjamin Herrenschmidt <benh@kernel.crashing.org>, Bhupesh Sharma <bhsharma@redhat.com>, Heiko Carstens <heiko.carstens@de.ibm.com>, Michal Hocko <mhocko@kernel.org>, Linux-MM <linux-mm@kvack.org>, Paul Mackerras <paulus@samba.org>, Deepa Dinamani <deepa.kernel@gmail.com>, "H. Peter Anvin" <hpa@zytor.com>, sparclinux <sparclinux@vger.kernel.org>, "linux-ia64@vger.kernel.org" <linux-ia64@vger.kernel.org>, "Williams,
 Dan J" <dan.j.williams@intel.com>, Andrea Arcangeli <aarcange@redhat.com>, linux-s390 <linux-s390@vger.kernel.org>, Yoshinori Sato <ysato@users.sourceforge.jp>, Michael Ellerman <mpe@ellerman.id.au>, Helge Deller <deller@gmx.de>, X86 ML <x86@kernel.org>, Hugh Dickins <hu>

PiBPbiAyOSBNYXIgMjAxOCwgYXQgMDA6MDcsIEx1Y2ssIFRvbnkgPHRvbnkubHVja0BpbnRlbC5j
b20+IHdyb3RlOgo+IAo+PiBUaGUgZGVmYXVsdCBsaW1pdCBvZiBvbmx5IDY1NTM2IFZNQXMgd2ls
bCBhbHNvIHF1aWNrbHkgY29tZSBpbnRvIHBsYXkKPj4gaWYgY29uc2VjdXRpdmUgYW5vbiBtbWFw
cyBkb24ndCBnZXQgbWVyZ2VkLiBPZiBjb3Vyc2UgdGhpcyBjYW4gYmUKPj4gcmFpc2VkLCBidXQg
aXQgaGFzIHNpZ25pZmljYW50IHJlc291cmNlIGFuZCBwZXJmb3JtYW5jZSAoZm9yaykgY29zdHMu
Cj4gCj4gQ291bGQgdGhlIHJhbmRvbSBtbWFwIGFkZHJlc3MgY2hvb3NlciBsb29rIGZvciBob3cg
bWFueSBleGlzdGluZwo+IFZNQXMgaGF2ZSBzcGFjZSBiZWZvcmUvYWZ0ZXIgYW5kIHRoZSByaWdo
dCBhdHRyaWJ1dGVzIHRvIG1lcmdlIHdpdGggdGhlCj4gbmV3IG9uZSB5b3Ugd2FudCB0byBjcmVh
dGU/IElmIHRoaXMgaXMgYWJvdmUgc29tZSB0aHJlc2hvbGQgKDEwMD8pIHRoZW4KPiBwaWNrIG9u
ZSBvZiB0aGVtIHJhbmRvbWx5IGFuZCBhbGxvY2F0ZSB0aGUgbmV3IGFkZHJlc3Mgc28gdGhhdCBp
dCB3aWxsCj4gbWVyZ2UgZnJvbSBiZWxvdy9hYm92ZSB3aXRoIGFuIGV4aXN0aW5nIG9uZS4KPiAK
PiBUaGF0IHNob3VsZCBzdGlsbCBnaXZlIHlvdSBhIHZlcnkgaGlnaCBkZWdyZWUgb2YgcmFuZG9t
bmVzcywgYnV0IHByZXZlbnQKPiBvdXQgb2YgY29udHJvbCBudW1iZXJzIG9mIFZNQXMgZnJvbSBi
ZWluZyBjcmVhdGVkLgoKSSB0aGluayB0aGlzIHdvdWxkbuKAmXQgd29yay4gRm9yIGV4YW1wbGUg
dGhlc2UgMTAwIGFsbG9jYXRpb24gbWF5IGhhcHBlbmVkIG9uIApwcm9jZXNzIGluaXRpYWxpemF0
aW9uLiBCdXQgd2hlbiBhdHRhY2tlciBjb21lIHRvIHRoZSBzZXJ2ZXIgYWxsIGhpcyAKYWxsb2Nh
dGlvbnMgd291bGQgYmUgbWFkZSBvbiB0aGUgcHJlZGljdGFibGUgb2Zmc2V0cyBmcm9tIGVhY2gg
b3RoZXIuIFNvIGluIApyZXN1bHQgd2UgZGlkIG5vdGhpbmcganVzdCBkZWNyZWFzZSBwZXJmb3Jt
YW5jZSBvZiBmaXJzdCAxMDAgYWxsb2NhdGlvbnMuIEkgCnRoaW5rIEkgY2FuIG1ha2UgaW9jdGwg
dG8gdHVybiBvZmYgdGhpcyByYW5kb21pemF0aW9uIHBlciBwcm9jZXNzIGFuZCBpdCBjb3VsZCAK
YmUgdXNlZCBpZiBuZWVkZWQuIEZvciBleGFtcGxlIGlmIGFwcGxpY2F0aW9uIGdvaW5nIHRvIGFs
bG9jYXRlIGJpZyBjaHVuayBvciAKbWFrZSBiaWcgbWVtb3J5IHByZXNzdXJlLCBldGMuCgpCZXN0
IHJlZ2FyZHMsCklseWEKCl9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f
X19fX19fCmxpbnV4LXNucHMtYXJjIG1haWxpbmcgbGlzdApsaW51eC1zbnBzLWFyY0BsaXN0cy5p
bmZyYWRlYWQub3JnCmh0dHA6Ly9saXN0cy5pbmZyYWRlYWQub3JnL21haWxtYW4vbGlzdGluZm8v
bGludXgtc25wcy1hcmM=