From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.1 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI,NICE_REPLY_A, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_SANE_1 autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id B0880C2D0A3 for ; Wed, 4 Nov 2020 15:19:30 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 52F6B2074B for ; Wed, 4 Nov 2020 15:19:30 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="NptPlEGj" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730400AbgKDPT3 (ORCPT ); Wed, 4 Nov 2020 10:19:29 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53374 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730198AbgKDPT0 (ORCPT ); Wed, 4 Nov 2020 10:19:26 -0500 Received: from mail-lf1-x143.google.com (mail-lf1-x143.google.com [IPv6:2a00:1450:4864:20::143]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 04EBBC0613D3; Wed, 4 Nov 2020 07:19:26 -0800 (PST) Received: by mail-lf1-x143.google.com with SMTP id 126so27588981lfi.8; Wed, 04 Nov 2020 07:19:25 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=IKIIpB9wqyidyjb1EI8WFpMa+/cnKeKADUKKGpWDv08=; b=NptPlEGjmoYRgz9gbQS8+xuGz9yZ8ay7KQ+4RLy0Mi9mgRLXLF7eSZri//Wv+ozuMd Za11jHGFTilOW2qjOreq4UpZUbqKBdoZtjPfrkHP1vxN+LpehgkkLLUYLQ/wH0RWeB0E /lqqxJ4PWBA8iwO39iRsRwKTO9IHld8M2N848B5uF1c7JhloOl5YJaoZjXpW9YC+P5od 21A50Sqd7K1N7GuWHBbI4fFpUNKFGtX2LrSUcGUiki5jp3wLqtoCPlOeajTVMknzrxLv HSkXI7714dQumN5Lp7mTEe0xTA+SLaSfod1Enr6YV38J8rzHmII/CTrnQV73l1i7dKui dWAQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=IKIIpB9wqyidyjb1EI8WFpMa+/cnKeKADUKKGpWDv08=; b=WYYAAYKdcsudkJNa9F+ijk0ONkBpqHys6G9G1Mgc7I6dOXO+yG0Ue2ymcuIZAD/aTJ 286Yj3p29L1I4Uf631IkOQ3N1bHyrRaoxHiPDSmvrqGU1jGu4fh8o8btgQbDNyB0TCVe 0RmRVNSbn10gUu6QpBkFqkCPAMPdipEbEWISPrleU5P0j6QcSWHLyo12RAToLM5RxBYA gjXhNKKGwUECX55mvCksXNE+B6jnPtgqQBuzbpqiQdLVqXSxQ/LgVcta5mBmG6paCysX 80+azvO+fpD1KiC0yAleBSWROvDYAuiZA5zAOzzA3WGRpiGYwivepkPCK2fvHMhcHLKA eI8w== X-Gm-Message-State: AOAM531qpLuMCqD4FqYJV1VmW5lnftEbmMUzaPapzt+wiULbZtbEKlxj fhKOIjc0dB31n3Hw7/K1+rLY4UwNgWe7Sg== X-Google-Smtp-Source: ABdhPJxRsNTI+FRktRgXc8IKzV3bqj8ft1XhtV7Y1uPyzyr4gei7EPySND+E7YvldxtAg6TA6B1hkw== X-Received: by 2002:ac2:58f6:: with SMTP id v22mr10547760lfo.431.1604503163884; Wed, 04 Nov 2020 07:19:23 -0800 (PST) Received: from [192.168.1.112] (88-114-211-119.elisa-laajakaista.fi. [88.114.211.119]) by smtp.gmail.com with ESMTPSA id f9sm542782ljg.53.2020.11.04.07.19.22 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 04 Nov 2020 07:19:23 -0800 (PST) Subject: Re: [PATCH 0/4] aarch64: avoid mprotect(PROT_BTI|PROT_EXEC) [BZ #26831] To: Catalin Marinas Cc: Florian Weimer , Will Deacon , Mark Brown , Szabolcs Nagy , libc-alpha@sourceware.org, Jeremy Linton , Mark Rutland , Kees Cook , Salvatore Mesoraca , Lennart Poettering , linux-kernel@vger.kernel.org, linux-arm-kernel@lists.infradead.org, kernel-hardening@lists.openwall.com, linux-hardening@vger.kernel.org References: <20201103173438.GD5545@sirena.org.uk> <20201104092012.GA6439@willie-the-truck> <87h7q54ghy.fsf@oldenburg2.str.redhat.com> <20201104143500.GC28902@gaia> From: Topi Miettinen Message-ID: Date: Wed, 4 Nov 2020 17:19:19 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.4.0 MIME-Version: 1.0 In-Reply-To: <20201104143500.GC28902@gaia> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 4.11.2020 16.35, Catalin Marinas wrote: > On Wed, Nov 04, 2020 at 11:55:57AM +0200, Topi Miettinen wrote: >> On 4.11.2020 11.29, Florian Weimer wrote: >>> * Will Deacon: >>> >>>> Is there real value in this seccomp filter if it only looks at mprotect(), >>>> or was it just implemented because it's easy to do and sounds like a good >>>> idea? >>> >>> It seems bogus to me. Everyone will just create alias mappings instead, >>> just like they did for the similar SELinux feature. See “Example code >>> to avoid execmem violations” in: >>> >>> > [...] >>> As you can see, this reference implementation creates a PROT_WRITE >>> mapping aliased to a PROT_EXEC mapping, so it actually reduces security >>> compared to something that generates the code in an anonymous mapping >>> and calls mprotect to make it executable. > [...] >> If a service legitimately needs executable and writable mappings (due to >> JIT, trampolines etc), it's easy to disable the filter whenever really >> needed with "MemoryDenyWriteExecute=no" (which is the default) in case of >> systemd or a TE rule like "allow type_t self:process { execmem };" for >> SELinux. But this shouldn't be the default case, since there are many >> services which don't need W&X. > > I think Drepper's point is that separate X and W mappings, with enough > randomisation, would be more secure than allowing W&X at the same > address (but, of course, less secure than not having W at all, though > that's not always possible). > >> I'd also question what is the value of BTI if it can be easily circumvented >> by removing PROT_BTI with mprotect()? > > Well, BTI is a protection against JOP attacks. The assumption here is > that an attacker cannot invoke mprotect() to disable PROT_BTI. If it > can, it's probably not worth bothering with a subsequent JOP attack, it > can already call functions directly. I suppose that the target for the attacker is to eventually perform system calls rather than looping forever in JOP/ROP gadgets. > I see MDWX not as a way of detecting attacks but rather plugging > inadvertent security holes in certain programs. On arm64, such hardening > currently gets in the way of another hardening feature, BTI. I don't think it has to get in the way at all. Why wouldn't something simple like this work: diff --git a/elf/dl-load.c b/elf/dl-load.c index 646c5dca40..12a74d15e8 100644 --- a/elf/dl-load.c +++ b/elf/dl-load.c @@ -1170,8 +1170,13 @@ _dl_map_object_from_fd (const char *name, const char *origname, int fd, c->prot |= PROT_READ; if (ph->p_flags & PF_W) c->prot |= PROT_WRITE; - if (ph->p_flags & PF_X) + if (ph->p_flags & PF_X) { c->prot |= PROT_EXEC; +#ifdef PROT_BTI + if (GLRO(dl_bti) & 1) + c->prot |= PROT_BTI; +#endif + } #endif break; diff --git a/elf/dl-support.c b/elf/dl-support.c index 7704c101c5..22c7cc7b81 100644 --- a/elf/dl-support.c +++ b/elf/dl-support.c @@ -222,7 +222,7 @@ __rtld_lock_define_initialized_recursive (, _dl_load_write_lock) #ifdef HAVE_AUX_VECTOR -int _dl_clktck; +int _dl_clktck, _dl_bti; void _dl_aux_init (ElfW(auxv_t) *av) @@ -294,6 +294,11 @@ _dl_aux_init (ElfW(auxv_t) *av) case AT_RANDOM: _dl_random = (void *) av->a_un.a_val; break; +#ifdef PROT_BTI + case AT_BTI: + _dl_bti = (void *) av->a_un.a_val; + break; +#endif DL_PLATFORM_AUXV } if (seen == 0xf) Kernel sets the aux vector to indicate that BTI should be enabled for all segments and main exe is already protected. -Topi From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.0 required=3.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED,DKIM_VALID,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI,NICE_REPLY_A, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_SANE_1 autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 85CC4C2D0A3 for ; Wed, 4 Nov 2020 15:19:57 +0000 (UTC) Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 0B8B12074B for ; Wed, 4 Nov 2020 15:19:56 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="F8NUfK49"; dkim=fail reason="signature verification failed" (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="NptPlEGj" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 0B8B12074B Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Type: Content-Transfer-Encoding:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:In-Reply-To:MIME-Version:Date:Message-ID:From: References:To:Subject:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=foJCk2IrunOu2zGug4qDSus64Y98R5UYzq0kLoA/EJk=; b=F8NUfK49YAHAVd7qjIA9Gx/Qe 5a7ujogMH6Q5woDY1aUeuSQqIKXWy2+lz8NxiiYLC1/n38zhifjOsC0POe+OBiolmXWOpZJMiFmAA tUUAS6lnpBpWirJNOHMwBUUu6dYelo/1ir6l+/CnD9IAAMzrIo4T6NpI+tpLinqdPbzQSJVNSJNEB G8ZZ3j//nLzyiTTfOEavU3t7wZIok7Pd2xJCZZpFFfnd9vVGYENKIbnINNJ3phNSl1nJpKLeFYcqm 7mBDB9WutfcgBBSeh3dCW+5DwdgrWz0FuZ+4QaSDQQkZ8k1L4Fu19D28/htdPb5FXNGLivqoi4Am2 PtAosLygQ==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1kaKZL-0001d4-PJ; Wed, 04 Nov 2020 15:19:27 +0000 Received: from mail-lf1-x141.google.com ([2a00:1450:4864:20::141]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1kaKZJ-0001cW-Je for linux-arm-kernel@lists.infradead.org; Wed, 04 Nov 2020 15:19:26 +0000 Received: by mail-lf1-x141.google.com with SMTP id y184so25658971lfa.12 for ; Wed, 04 Nov 2020 07:19:25 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=IKIIpB9wqyidyjb1EI8WFpMa+/cnKeKADUKKGpWDv08=; b=NptPlEGjmoYRgz9gbQS8+xuGz9yZ8ay7KQ+4RLy0Mi9mgRLXLF7eSZri//Wv+ozuMd Za11jHGFTilOW2qjOreq4UpZUbqKBdoZtjPfrkHP1vxN+LpehgkkLLUYLQ/wH0RWeB0E /lqqxJ4PWBA8iwO39iRsRwKTO9IHld8M2N848B5uF1c7JhloOl5YJaoZjXpW9YC+P5od 21A50Sqd7K1N7GuWHBbI4fFpUNKFGtX2LrSUcGUiki5jp3wLqtoCPlOeajTVMknzrxLv HSkXI7714dQumN5Lp7mTEe0xTA+SLaSfod1Enr6YV38J8rzHmII/CTrnQV73l1i7dKui dWAQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=IKIIpB9wqyidyjb1EI8WFpMa+/cnKeKADUKKGpWDv08=; b=KPP37/6PoysP3pF1T7yFasBxwr7k2QP2BQIu9owQDAlOT9ish4zjV0tfWZq3GKh/00 o62xgWQjn3fKMa84Y/4/xQPb6ie2D1bPbllgJn9Ol363pTMHb2oCY7gfPs2ACOWSozLr VpI/K1JujNR7QAMFYYJIwaoWVkBTUIEYs2LB1EykT9sgDd5cIFAQ1I2uPCNm61SeAupy ubE4q3E9go3nxu52+EUrb+QBxuGnUj+ZvOlAy1R9HWe2g5Xv7EgqXKwAlZU4fK3+Ga21 0ldT6ugU0KlNtB8gRa7S0Lp0SUmvD096Zvd6GnvSo1Jm7aCPVUHE9zwfFa9z7UjPNANu /hIw== X-Gm-Message-State: AOAM531+hDVYCvGkCq2Y6YSuUi/AVZ3B7cd8uqDM0EgAys6qOwUMiPOC 8vXca5psz05jk3MygaWAEbM= X-Google-Smtp-Source: ABdhPJxRsNTI+FRktRgXc8IKzV3bqj8ft1XhtV7Y1uPyzyr4gei7EPySND+E7YvldxtAg6TA6B1hkw== X-Received: by 2002:ac2:58f6:: with SMTP id v22mr10547760lfo.431.1604503163884; Wed, 04 Nov 2020 07:19:23 -0800 (PST) Received: from [192.168.1.112] (88-114-211-119.elisa-laajakaista.fi. [88.114.211.119]) by smtp.gmail.com with ESMTPSA id f9sm542782ljg.53.2020.11.04.07.19.22 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 04 Nov 2020 07:19:23 -0800 (PST) Subject: Re: [PATCH 0/4] aarch64: avoid mprotect(PROT_BTI|PROT_EXEC) [BZ #26831] To: Catalin Marinas References: <20201103173438.GD5545@sirena.org.uk> <20201104092012.GA6439@willie-the-truck> <87h7q54ghy.fsf@oldenburg2.str.redhat.com> <20201104143500.GC28902@gaia> From: Topi Miettinen Message-ID: Date: Wed, 4 Nov 2020 17:19:19 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.4.0 MIME-Version: 1.0 In-Reply-To: <20201104143500.GC28902@gaia> Content-Language: en-US X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20201104_101925_654819_227AFCB5 X-CRM114-Status: GOOD ( 27.26 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Florian Weimer , Mark Rutland , libc-alpha@sourceware.org, Kees Cook , kernel-hardening@lists.openwall.com, Szabolcs Nagy , linux-kernel@vger.kernel.org, Jeremy Linton , Mark Brown , Lennart Poettering , linux-hardening@vger.kernel.org, Salvatore Mesoraca , Will Deacon , linux-arm-kernel@lists.infradead.org Content-Transfer-Encoding: base64 Content-Type: text/plain; charset="utf-8"; Format="flowed" Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org T24gNC4xMS4yMDIwIDE2LjM1LCBDYXRhbGluIE1hcmluYXMgd3JvdGU6Cj4gT24gV2VkLCBOb3Yg MDQsIDIwMjAgYXQgMTE6NTU6NTdBTSArMDIwMCwgVG9waSBNaWV0dGluZW4gd3JvdGU6Cj4+IE9u IDQuMTEuMjAyMCAxMS4yOSwgRmxvcmlhbiBXZWltZXIgd3JvdGU6Cj4+PiAqIFdpbGwgRGVhY29u Ogo+Pj4KPj4+PiBJcyB0aGVyZSByZWFsIHZhbHVlIGluIHRoaXMgc2VjY29tcCBmaWx0ZXIgaWYg aXQgb25seSBsb29rcyBhdCBtcHJvdGVjdCgpLAo+Pj4+IG9yIHdhcyBpdCBqdXN0IGltcGxlbWVu dGVkIGJlY2F1c2UgaXQncyBlYXN5IHRvIGRvIGFuZCBzb3VuZHMgbGlrZSBhIGdvb2QKPj4+PiBp ZGVhPwo+Pj4KPj4+IEl0IHNlZW1zIGJvZ3VzIHRvIG1lLiAgRXZlcnlvbmUgd2lsbCBqdXN0IGNy ZWF0ZSBhbGlhcyBtYXBwaW5ncyBpbnN0ZWFkLAo+Pj4ganVzdCBsaWtlIHRoZXkgZGlkIGZvciB0 aGUgc2ltaWxhciBTRUxpbnV4IGZlYXR1cmUuICBTZWUg4oCcRXhhbXBsZSBjb2RlCj4+PiB0byBh dm9pZCBleGVjbWVtIHZpb2xhdGlvbnPigJ0gaW46Cj4+Pgo+Pj4gICAgIDxodHRwczovL3d3dy5h a2thZGlhLm9yZy9kcmVwcGVyL3NlbGludXgtbWVtLmh0bWw+Cj4gWy4uLl0KPj4+IEFzIHlvdSBj YW4gc2VlLCB0aGlzIHJlZmVyZW5jZSBpbXBsZW1lbnRhdGlvbiBjcmVhdGVzIGEgUFJPVF9XUklU RQo+Pj4gbWFwcGluZyBhbGlhc2VkIHRvIGEgUFJPVF9FWEVDIG1hcHBpbmcsIHNvIGl0IGFjdHVh bGx5IHJlZHVjZXMgc2VjdXJpdHkKPj4+IGNvbXBhcmVkIHRvIHNvbWV0aGluZyB0aGF0IGdlbmVy YXRlcyB0aGUgY29kZSBpbiBhbiBhbm9ueW1vdXMgbWFwcGluZwo+Pj4gYW5kIGNhbGxzIG1wcm90 ZWN0IHRvIG1ha2UgaXQgZXhlY3V0YWJsZS4KPiBbLi4uXQo+PiBJZiBhIHNlcnZpY2UgbGVnaXRp bWF0ZWx5IG5lZWRzIGV4ZWN1dGFibGUgYW5kIHdyaXRhYmxlIG1hcHBpbmdzIChkdWUgdG8KPj4g SklULCB0cmFtcG9saW5lcyBldGMpLCBpdCdzIGVhc3kgdG8gZGlzYWJsZSB0aGUgZmlsdGVyIHdo ZW5ldmVyIHJlYWxseQo+PiBuZWVkZWQgd2l0aCAiTWVtb3J5RGVueVdyaXRlRXhlY3V0ZT1ubyIg KHdoaWNoIGlzIHRoZSBkZWZhdWx0KSBpbiBjYXNlIG9mCj4+IHN5c3RlbWQgb3IgYSBURSBydWxl IGxpa2UgImFsbG93IHR5cGVfdCBzZWxmOnByb2Nlc3MgeyBleGVjbWVtIH07IiBmb3IKPj4gU0VM aW51eC4gQnV0IHRoaXMgc2hvdWxkbid0IGJlIHRoZSBkZWZhdWx0IGNhc2UsIHNpbmNlIHRoZXJl IGFyZSBtYW55Cj4+IHNlcnZpY2VzIHdoaWNoIGRvbid0IG5lZWQgVyZYLgo+IAo+IEkgdGhpbmsg RHJlcHBlcidzIHBvaW50IGlzIHRoYXQgc2VwYXJhdGUgWCBhbmQgVyBtYXBwaW5ncywgd2l0aCBl bm91Z2gKPiByYW5kb21pc2F0aW9uLCB3b3VsZCBiZSBtb3JlIHNlY3VyZSB0aGFuIGFsbG93aW5n IFcmWCBhdCB0aGUgc2FtZQo+IGFkZHJlc3MgKGJ1dCwgb2YgY291cnNlLCBsZXNzIHNlY3VyZSB0 aGFuIG5vdCBoYXZpbmcgVyBhdCBhbGwsIHRob3VnaAo+IHRoYXQncyBub3QgYWx3YXlzIHBvc3Np YmxlKS4KPiAKPj4gSSdkIGFsc28gcXVlc3Rpb24gd2hhdCBpcyB0aGUgdmFsdWUgb2YgQlRJIGlm IGl0IGNhbiBiZSBlYXNpbHkgY2lyY3VtdmVudGVkCj4+IGJ5IHJlbW92aW5nIFBST1RfQlRJIHdp dGggbXByb3RlY3QoKT8KPiAKPiBXZWxsLCBCVEkgaXMgYSBwcm90ZWN0aW9uIGFnYWluc3QgSk9Q IGF0dGFja3MuIFRoZSBhc3N1bXB0aW9uIGhlcmUgaXMKPiB0aGF0IGFuIGF0dGFja2VyIGNhbm5v dCBpbnZva2UgbXByb3RlY3QoKSB0byBkaXNhYmxlIFBST1RfQlRJLiBJZiBpdAo+IGNhbiwgaXQn cyBwcm9iYWJseSBub3Qgd29ydGggYm90aGVyaW5nIHdpdGggYSBzdWJzZXF1ZW50IEpPUCBhdHRh Y2ssIGl0Cj4gY2FuIGFscmVhZHkgY2FsbCBmdW5jdGlvbnMgZGlyZWN0bHkuCgpJIHN1cHBvc2Ug dGhhdCB0aGUgdGFyZ2V0IGZvciB0aGUgYXR0YWNrZXIgaXMgdG8gZXZlbnR1YWxseSBwZXJmb3Jt IApzeXN0ZW0gY2FsbHMgcmF0aGVyIHRoYW4gbG9vcGluZyBmb3JldmVyIGluIEpPUC9ST1AgZ2Fk Z2V0cy4KCj4gSSBzZWUgTURXWCBub3QgYXMgYSB3YXkgb2YgZGV0ZWN0aW5nIGF0dGFja3MgYnV0 IHJhdGhlciBwbHVnZ2luZwo+IGluYWR2ZXJ0ZW50IHNlY3VyaXR5IGhvbGVzIGluIGNlcnRhaW4g cHJvZ3JhbXMuIE9uIGFybTY0LCBzdWNoIGhhcmRlbmluZwo+IGN1cnJlbnRseSBnZXRzIGluIHRo ZSB3YXkgb2YgYW5vdGhlciBoYXJkZW5pbmcgZmVhdHVyZSwgQlRJLgoKSSBkb24ndCB0aGluayBp dCBoYXMgdG8gZ2V0IGluIHRoZSB3YXkgYXQgYWxsLiBXaHkgd291bGRuJ3Qgc29tZXRoaW5nIApz aW1wbGUgbGlrZSB0aGlzIHdvcms6CgpkaWZmIC0tZ2l0IGEvZWxmL2RsLWxvYWQuYyBiL2VsZi9k bC1sb2FkLmMKaW5kZXggNjQ2YzVkY2E0MC4uMTJhNzRkMTVlOCAxMDA2NDQKLS0tIGEvZWxmL2Rs LWxvYWQuYworKysgYi9lbGYvZGwtbG9hZC5jCkBAIC0xMTcwLDggKzExNzAsMTMgQEAgX2RsX21h cF9vYmplY3RfZnJvbV9mZCAoY29uc3QgY2hhciAqbmFtZSwgY29uc3QgCmNoYXIgKm9yaWduYW1l LCBpbnQgZmQsCiAgICAgICAgICAgICBjLT5wcm90IHw9IFBST1RfUkVBRDsKICAgICAgICAgICBp ZiAocGgtPnBfZmxhZ3MgJiBQRl9XKQogICAgICAgICAgICAgYy0+cHJvdCB8PSBQUk9UX1dSSVRF OwotICAgICAgICAgaWYgKHBoLT5wX2ZsYWdzICYgUEZfWCkKKyAgICAgICAgIGlmIChwaC0+cF9m bGFncyAmIFBGX1gpIHsKICAgICAgICAgICAgIGMtPnByb3QgfD0gUFJPVF9FWEVDOworI2lmZGVm IFBST1RfQlRJCisgICAgICAgICAgIGlmIChHTFJPKGRsX2J0aSkgJiAxKQorICAgICAgICAgICAg IGMtPnByb3QgfD0gUFJPVF9CVEk7CisjZW5kaWYKKyAgICAgICAgIH0KICAjZW5kaWYKICAgICAg ICAgICBicmVhazsKCmRpZmYgLS1naXQgYS9lbGYvZGwtc3VwcG9ydC5jIGIvZWxmL2RsLXN1cHBv cnQuYwppbmRleCA3NzA0YzEwMWM1Li4yMmM3Y2M3YjgxIDEwMDY0NAotLS0gYS9lbGYvZGwtc3Vw cG9ydC5jCisrKyBiL2VsZi9kbC1zdXBwb3J0LmMKQEAgLTIyMiw3ICsyMjIsNyBAQCBfX3J0bGRf bG9ja19kZWZpbmVfaW5pdGlhbGl6ZWRfcmVjdXJzaXZlICgsIApfZGxfbG9hZF93cml0ZV9sb2Nr KQoKCiAgI2lmZGVmIEhBVkVfQVVYX1ZFQ1RPUgotaW50IF9kbF9jbGt0Y2s7CitpbnQgX2RsX2Ns a3RjaywgX2RsX2J0aTsKCiAgdm9pZAogIF9kbF9hdXhfaW5pdCAoRWxmVyhhdXh2X3QpICphdikK QEAgLTI5NCw2ICsyOTQsMTEgQEAgX2RsX2F1eF9pbml0IChFbGZXKGF1eHZfdCkgKmF2KQogICAg ICAgIGNhc2UgQVRfUkFORE9NOgogICAgICAgICBfZGxfcmFuZG9tID0gKHZvaWQgKikgYXYtPmFf dW4uYV92YWw7CiAgICAgICAgIGJyZWFrOworI2lmZGVmIFBST1RfQlRJCisgICAgICBjYXNlIEFU X0JUSToKKyAgICAgICBfZGxfYnRpID0gKHZvaWQgKikgYXYtPmFfdW4uYV92YWw7CisgICAgICAg YnJlYWs7CisjZW5kaWYKICAgICAgICBETF9QTEFURk9STV9BVVhWCiAgICAgICAgfQogICAgaWYg KHNlZW4gPT0gMHhmKQoKS2VybmVsIHNldHMgdGhlIGF1eCB2ZWN0b3IgdG8gaW5kaWNhdGUgdGhh dCBCVEkgc2hvdWxkIGJlIGVuYWJsZWQgZm9yIAphbGwgc2VnbWVudHMgYW5kIG1haW4gZXhlIGlz IGFscmVhZHkgcHJvdGVjdGVkLgoKLVRvcGkKCl9fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fCmxpbnV4LWFybS1rZXJuZWwgbWFpbGluZyBsaXN0CmxpbnV4LWFy bS1rZXJuZWxAbGlzdHMuaW5mcmFkZWFkLm9yZwpodHRwOi8vbGlzdHMuaW5mcmFkZWFkLm9yZy9t YWlsbWFuL2xpc3RpbmZvL2xpbnV4LWFybS1rZXJuZWwK