From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.1 required=3.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_IN_DEF_DKIM_WL autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 80626C4363D for ; Thu, 1 Oct 2020 01:53:27 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 3C27C2193E for ; Thu, 1 Oct 2020 01:53:27 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="kWsAhO4I" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729617AbgJABwb (ORCPT ); Wed, 30 Sep 2020 21:52:31 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54452 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725800AbgJABwb (ORCPT ); Wed, 30 Sep 2020 21:52:31 -0400 Received: from mail-ej1-x644.google.com (mail-ej1-x644.google.com [IPv6:2a00:1450:4864:20::644]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DDBF1C0613D0 for ; Wed, 30 Sep 2020 18:52:30 -0700 (PDT) Received: by mail-ej1-x644.google.com with SMTP id i26so5610153ejb.12 for ; Wed, 30 Sep 2020 18:52:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=1bLW1cuECr8U7GaM7z86G6hDD6exav2AJLPz5W/9Rmc=; b=kWsAhO4IucLVoZpMkahGgNES5DttbXTJpcoZ05moKrnMJckcHdlnDveEpyQqJc8ldL QfmGxf8Eh4Ts/puB9RclgWUNuwb8+d/iVmtJDeUBqGiXQbFScpcYNmbeq7REh8GBZzeT kLpXr6famz6F0NUDrEYV8TJ5EJq6Nq8M6GVDbEf26mf8kaU1XPG2YffLFbMei3Nk91vQ QdDbgSTH81W6Vq5el8rE1yJwMjFMyj2dtgPTKf+GCr0p1w2ZwEJrKJ3piLN2eBBO7yzq DUiUUF2/1A5woJuzwtDu3Xmtc/UNDykkbFsVApnq68QIoe/tglaDjWjVMTFxgl8A6CWl gExw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=1bLW1cuECr8U7GaM7z86G6hDD6exav2AJLPz5W/9Rmc=; b=j5mEJdNzuz5446b3pPCtGAxFiNYSf+H9g0S1awSNbp19i8RJ9mpQDxPeezrqvTdayZ qX/UCAWxXoDm7Ea6Qnm0n8NwQ5oUEWVUhy4eGwE95Ze/3l0OcEzFly5LLPndsM1kpw0D h9FseQO633sbF4g3/MHthnl/VAWqf3dljKNC23sT4RlaYPLF2NPhXw+k+47BBLbBzj7t Nae/M3qZPlP6A7LcmlhSMCrB5lDDhW5jMnxAnYy1TOMvg/0yRuzGO/ncLZjfqclEccrP pyP5rZXUfiaoewBZ35LDD1eShy4TomC17OAardmmIm1CP9h2LUKSXBfgRRzfuzzMUF6t c8YQ== X-Gm-Message-State: AOAM533oHyEJUW6knag5DeEpX8oC4WVtbVfZSM4Olye+c0qTBmIpujn9 q0kQjSvpyc5P8DtIhCdfrEhmSuQhoF4T1DJNupg1YQ== X-Google-Smtp-Source: ABdhPJy9aveDYFv4Gp14hKtilrKvNnkWXVsoiclevL5nYsStDKDifSDiKxQQKSwQqipgFKjnKXSV1kjDNtmgRMOszBo= X-Received: by 2002:a17:906:1f94:: with SMTP id t20mr5795435ejr.493.1601517149212; Wed, 30 Sep 2020 18:52:29 -0700 (PDT) MIME-Version: 1.0 References: <45f07f17-18b6-d187-0914-6f341fe90857@gmail.com> <20200930150330.GC284424@cisco> <8bcd956f-58d2-d2f0-ca7c-0a30f3fcd5b8@gmail.com> <20200930230327.GA1260245@cisco> <20200930232456.GB1260245@cisco> In-Reply-To: <20200930232456.GB1260245@cisco> From: Jann Horn Date: Thu, 1 Oct 2020 03:52:02 +0200 Message-ID: Subject: Re: For review: seccomp_user_notif(2) manual page To: Tycho Andersen Cc: "Michael Kerrisk (man-pages)" , Sargun Dhillon , Kees Cook , Christian Brauner , linux-man , lkml , Aleksa Sarai , Alexei Starovoitov , Will Drewry , bpf , Song Liu , Daniel Borkmann , Andy Lutomirski , Linux Containers , Giuseppe Scrivano , Robert Sesek Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Oct 1, 2020 at 1:25 AM Tycho Andersen wrote: > On Thu, Oct 01, 2020 at 01:11:33AM +0200, Jann Horn wrote: > > On Thu, Oct 1, 2020 at 1:03 AM Tycho Andersen wrote= : > > > On Wed, Sep 30, 2020 at 10:34:51PM +0200, Michael Kerrisk (man-pages)= wrote: > > > > On 9/30/20 5:03 PM, Tycho Andersen wrote: > > > > > On Wed, Sep 30, 2020 at 01:07:38PM +0200, Michael Kerrisk (man-pa= ges) wrote: > > > > >> =E2=94=8C=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2= =94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94= =80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80= =E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2= =94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94= =80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80= =E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=90 > > > > >> =E2=94=82FIXME = =E2=94=82 > > > > >> =E2=94=9C=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2= =94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94= =80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80= =E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2= =94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94= =80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80= =E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=A4 > > > > >> =E2=94=82From my experiments, it appears that if a = SEC=E2=80=90 =E2=94=82 > > > > >> =E2=94=82COMP_IOCTL_NOTIF_RECV is done after the ta= rget =E2=94=82 > > > > >> =E2=94=82process terminates, then the ioctl() simply bl= ocks =E2=94=82 > > > > >> =E2=94=82(rather than returning an error to indicate that= the =E2=94=82 > > > > >> =E2=94=82target process no longer exists). = =E2=94=82 > > > > > > > > > > Yeah, I think Christian wanted to fix this at some point, > > > > > > > > Do you have a pointer that discussion? I could not find it with a > > > > quick search. > > > > > > > > > but it's a > > > > > bit sticky to do. > > > > > > > > Can you say a few words about the nature of the problem? > > > > > > I remembered wrong, it's actually in the tree: 99cdb8b9a573 ("seccomp= : > > > notify about unused filter"). So maybe there's a bug here? > > > > That thing only notifies on ->poll, it doesn't unblock ioctls; and > > Michael's sample code uses SECCOMP_IOCTL_NOTIF_RECV to wait. So that > > commit doesn't have any effect on this kind of usage. > > Yes, thanks. And the ones stuck in RECV are waiting on a semaphore so > we don't have a count of all of them, unfortunately. > > We could maybe look inside the wait_list, but that will probably make > people angry :) The easiest way would probably be to open-code the semaphore-ish part, and let the semaphore and poll share the waitqueue. The current code kind of mirrors the semaphore's waitqueue in the wqh - open-coding the entire semaphore would IMO be cleaner than that. And it's not like semaphore semantics are even a good fit for this code anyway. Let's see... if we didn't have the existing UAPI to worry about, I'd do it as follows (*completely* untested). That way, the ioctl would block exactly until either there actually is a request to deliver or there are no more users of the filter. The problem is that if we just apply this patch, existing users of SECCOMP_IOCTL_NOTIF_RECV that use an event loop and don't set O_NONBLOCK will be screwed. So we'd probably also have to add some stupid counter in place of the semaphore's counter that we can use to preserve the old behavior of returning -ENOENT once for each cancelled request. :( I guess this is a nice point in favor of Michael's usual complaint that if there are no man pages for a feature by the time the feature lands upstream, there's a higher chance that the UAPI will suck forever... diff --git a/kernel/seccomp.c b/kernel/seccomp.c index 676d4af62103..f0f4c68e0bc6 100644 --- a/kernel/seccomp.c +++ b/kernel/seccomp.c @@ -138,7 +138,6 @@ struct seccomp_kaddfd { * @notifications: A list of struct seccomp_knotif elements. */ struct notification { - struct semaphore request; u64 next_id; struct list_head notifications; }; @@ -859,7 +858,6 @@ static int seccomp_do_user_notification(int this_syscal= l, list_add(&n.list, &match->notif->notifications); INIT_LIST_HEAD(&n.addfd); - up(&match->notif->request); wake_up_poll(&match->wqh, EPOLLIN | EPOLLRDNORM); mutex_unlock(&match->notify_lock); @@ -1175,9 +1173,10 @@ find_notification(struct seccomp_filter *filter, u64= id) static long seccomp_notify_recv(struct seccomp_filter *filter, - void __user *buf) + void __user *buf, bool blocking) { struct seccomp_knotif *knotif =3D NULL, *cur; + DECLARE_WAITQUEUE(wait, current); struct seccomp_notif unotif; ssize_t ret; @@ -1190,11 +1189,9 @@ static long seccomp_notify_recv(struct seccomp_filter *filter, memset(&unotif, 0, sizeof(unotif)); - ret =3D down_interruptible(&filter->notif->request); - if (ret < 0) - return ret; - mutex_lock(&filter->notify_lock); + +retry: list_for_each_entry(cur, &filter->notif->notifications, list) { if (cur->state =3D=3D SECCOMP_NOTIFY_INIT) { knotif =3D cur; @@ -1202,14 +1199,32 @@ static long seccomp_notify_recv(struct seccomp_filter *filter, } } - /* - * If we didn't find a notification, it could be that the task was - * interrupted by a fatal signal between the time we were woken and - * when we were able to acquire the rw lock. - */ if (!knotif) { - ret =3D -ENOENT; - goto out; + /* This has to happen before checking &filter->users. */ + prepare_to_wait(&filter->wqh, &wait, TASK_INTERRUPTIBLE); + + /* + * If all users of the filter are gone, throw an error inst= ead + * of pointlessly continuing to block. + */ + if (refcount_read(&filter->users) =3D=3D 0) { + ret =3D -ENOTCON; + goto out; + } + if (blocking) { + /* No notifications pending - wait for one, then retry. */ + mutex_unlock(&filter->notify_lock); + schedule(); + mutex_lock(&filter->notify_lock); + if (signal_pending(current)) { + ret =3D -EINTR; + goto out; + } + goto retry; + } else { + ret =3D -ENOENT; + goto out; + } } unotif.id =3D knotif->id; @@ -1220,6 +1235,7 @@ static long seccomp_notify_recv(struct seccomp_filter *filter, wake_up_poll(&filter->wqh, EPOLLOUT | EPOLLWRNORM); ret =3D 0; out: + finish_wait(&filter->wqh, &wait); mutex_unlock(&filter->notify_lock); if (ret =3D=3D 0 && copy_to_user(buf, &unotif, sizeof(unotif))) { @@ -1233,10 +1249,8 @@ static long seccomp_notify_recv(struct seccomp_filter *filter, */ mutex_lock(&filter->notify_lock); knotif =3D find_notification(filter, unotif.id); - if (knotif) { + if (knotif) knotif->state =3D SECCOMP_NOTIFY_INIT; - up(&filter->notif->request); - } mutex_unlock(&filter->notify_lock); } @@ -1412,11 +1426,12 @@ static long seccomp_notify_ioctl(struct file *file, unsigned int cmd, { struct seccomp_filter *filter =3D file->private_data; void __user *buf =3D (void __user *)arg; + bool blocking =3D !(file->f_flags & O_NONBLOCK); /* Fixed-size ioctls */ switch (cmd) { case SECCOMP_IOCTL_NOTIF_RECV: - return seccomp_notify_recv(filter, buf); + return seccomp_notify_recv(filter, buf, blocking); case SECCOMP_IOCTL_NOTIF_SEND: return seccomp_notify_send(filter, buf); case SECCOMP_IOCTL_NOTIF_ID_VALID_WRONG_DIR: @@ -1485,7 +1500,6 @@ static struct file *init_listener(struct seccomp_filter *filter) if (!filter->notif) goto out; - sema_init(&filter->notif->request, 0); filter->notif->next_id =3D get_random_u64(); INIT_LIST_HEAD(&filter->notif->notifications); From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.5 required=3.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 72551C4363D for ; Thu, 1 Oct 2020 01:52:35 +0000 (UTC) Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id CF8742193E for ; Thu, 1 Oct 2020 01:52:34 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=google.com header.i=@google.com header.b="kWsAhO4I" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org CF8742193E Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=lists.linux-foundation.org Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=containers-bounces@lists.linux-foundation.org Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id 807108727C; Thu, 1 Oct 2020 01:52:34 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 96vxSBlTX1+1; Thu, 1 Oct 2020 01:52:33 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by hemlock.osuosl.org (Postfix) with ESMTP id B712B8727B; Thu, 1 Oct 2020 01:52:33 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 9C472C0889; Thu, 1 Oct 2020 01:52:33 +0000 (UTC) Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by lists.linuxfoundation.org (Postfix) with ESMTP id 9DF7FC0051 for ; Thu, 1 Oct 2020 01:52:32 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id 984CA868FF for ; Thu, 1 Oct 2020 01:52:32 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Tb9ZvfVFqPhy for ; Thu, 1 Oct 2020 01:52:31 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mail-ej1-f68.google.com (mail-ej1-f68.google.com [209.85.218.68]) by whitealder.osuosl.org (Postfix) with ESMTPS id 23092868FB for ; Thu, 1 Oct 2020 01:52:31 +0000 (UTC) Received: by mail-ej1-f68.google.com with SMTP id z23so5600380ejr.13 for ; Wed, 30 Sep 2020 18:52:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=1bLW1cuECr8U7GaM7z86G6hDD6exav2AJLPz5W/9Rmc=; b=kWsAhO4IucLVoZpMkahGgNES5DttbXTJpcoZ05moKrnMJckcHdlnDveEpyQqJc8ldL QfmGxf8Eh4Ts/puB9RclgWUNuwb8+d/iVmtJDeUBqGiXQbFScpcYNmbeq7REh8GBZzeT kLpXr6famz6F0NUDrEYV8TJ5EJq6Nq8M6GVDbEf26mf8kaU1XPG2YffLFbMei3Nk91vQ QdDbgSTH81W6Vq5el8rE1yJwMjFMyj2dtgPTKf+GCr0p1w2ZwEJrKJ3piLN2eBBO7yzq DUiUUF2/1A5woJuzwtDu3Xmtc/UNDykkbFsVApnq68QIoe/tglaDjWjVMTFxgl8A6CWl gExw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=1bLW1cuECr8U7GaM7z86G6hDD6exav2AJLPz5W/9Rmc=; b=gage1jtAeZA7dQREHFOxzJrAipE4+d0i8N742qJxlCAv9TMh/47tC9K55xk4e/JJ2R uZ4OPaeeqq9YqBkvexa3cbeVGPSiLQcvJLxtjoiOFhtmVx3KatYPeYMwC5R9e3X/FrVr kLd//X1lcLmauh7VY6HxJ/X6d3+6Ac8j6ieGkfF1iZMynWMxgfmjoo6HYArfbud17zD9 NCFAlDxGpvMtWE64B+IK2ktKuqPIHBzFPS6q4cTcFDvH+JS8moPZq6RUH8wYDU82eJfd 8KWwgMLxsNzLVi26I1AlYooHdelwL4m9oMKl8oxdlVtHD1SFXVt7hF2PQm7dCI3oAjqh LrEA== X-Gm-Message-State: AOAM533xPmyCo7sKibkCQW9b7psbxjmhZJGcRkWyTb4/ivEbQEN95INC k4TBNeYiSS9HcF9OpirRK0odSYCxLC8mGzcaug0frw== X-Google-Smtp-Source: ABdhPJy9aveDYFv4Gp14hKtilrKvNnkWXVsoiclevL5nYsStDKDifSDiKxQQKSwQqipgFKjnKXSV1kjDNtmgRMOszBo= X-Received: by 2002:a17:906:1f94:: with SMTP id t20mr5795435ejr.493.1601517149212; Wed, 30 Sep 2020 18:52:29 -0700 (PDT) MIME-Version: 1.0 References: <45f07f17-18b6-d187-0914-6f341fe90857@gmail.com> <20200930150330.GC284424@cisco> <8bcd956f-58d2-d2f0-ca7c-0a30f3fcd5b8@gmail.com> <20200930230327.GA1260245@cisco> <20200930232456.GB1260245@cisco> In-Reply-To: <20200930232456.GB1260245@cisco> Date: Thu, 1 Oct 2020 03:52:02 +0200 Message-ID: Subject: Re: For review: seccomp_user_notif(2) manual page To: Tycho Andersen Cc: linux-man , Song Liu , Will Drewry , Kees Cook , Daniel Borkmann , Giuseppe Scrivano , Robert Sesek , Linux Containers , lkml , Alexei Starovoitov , "Michael Kerrisk \(man-pages\)" , bpf , Andy Lutomirski , Christian Brauner X-BeenThere: containers@lists.linux-foundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Linux Containers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: Jann Horn via Containers Reply-To: Jann Horn Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Errors-To: containers-bounces@lists.linux-foundation.org Sender: "Containers" T24gVGh1LCBPY3QgMSwgMjAyMCBhdCAxOjI1IEFNIFR5Y2hvIEFuZGVyc2VuIDx0eWNob0B0eWNo by5waXp6YT4gd3JvdGU6Cj4gT24gVGh1LCBPY3QgMDEsIDIwMjAgYXQgMDE6MTE6MzNBTSArMDIw MCwgSmFubiBIb3JuIHdyb3RlOgo+ID4gT24gVGh1LCBPY3QgMSwgMjAyMCBhdCAxOjAzIEFNIFR5 Y2hvIEFuZGVyc2VuIDx0eWNob0B0eWNoby5waXp6YT4gd3JvdGU6Cj4gPiA+IE9uIFdlZCwgU2Vw IDMwLCAyMDIwIGF0IDEwOjM0OjUxUE0gKzAyMDAsIE1pY2hhZWwgS2VycmlzayAobWFuLXBhZ2Vz KSB3cm90ZToKPiA+ID4gPiBPbiA5LzMwLzIwIDU6MDMgUE0sIFR5Y2hvIEFuZGVyc2VuIHdyb3Rl Ogo+ID4gPiA+ID4gT24gV2VkLCBTZXAgMzAsIDIwMjAgYXQgMDE6MDc6MzhQTSArMDIwMCwgTWlj aGFlbCBLZXJyaXNrIChtYW4tcGFnZXMpIHdyb3RlOgo+ID4gPiA+ID4+ICAgICAgICDilIzilIDi lIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDi lIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDi lIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilJAKPiA+ID4gPiA+PiAg ICAgICAg4pSCRklYTUUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICDilIIKPiA+ID4gPiA+PiAgICAgICAg4pSc4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA 4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA 4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA 4pSA4pSA4pSA4pSA4pSA4pSA4pSkCj4gPiA+ID4gPj4gICAgICAgIOKUgkZyb20gbXkgZXhwZXJp bWVudHMsICBpdCAgYXBwZWFycyAgdGhhdCAgaWYgIGEgIFNFQ+KAkCDilIIKPiA+ID4gPiA+PiAg ICAgICAg4pSCQ09NUF9JT0NUTF9OT1RJRl9SRUNWICAgaXMgIGRvbmUgIGFmdGVyICB0aGUgIHRh cmdldCDilIIKPiA+ID4gPiA+PiAgICAgICAg4pSCcHJvY2VzcyB0ZXJtaW5hdGVzLCB0aGVuIHRo ZSBpb2N0bCgpICBzaW1wbHkgIGJsb2NrcyDilIIKPiA+ID4gPiA+PiAgICAgICAg4pSCKHJhdGhl ciB0aGFuIHJldHVybmluZyBhbiBlcnJvciB0byBpbmRpY2F0ZSB0aGF0IHRoZSDilIIKPiA+ID4g PiA+PiAgICAgICAg4pSCdGFyZ2V0IHByb2Nlc3Mgbm8gbG9uZ2VyIGV4aXN0cykuICAgICAgICAg ICAgICAgICAgICDilIIKPiA+ID4gPiA+Cj4gPiA+ID4gPiBZZWFoLCBJIHRoaW5rIENocmlzdGlh biB3YW50ZWQgdG8gZml4IHRoaXMgYXQgc29tZSBwb2ludCwKPiA+ID4gPgo+ID4gPiA+IERvIHlv dSBoYXZlIGEgcG9pbnRlciB0aGF0IGRpc2N1c3Npb24/IEkgY291bGQgbm90IGZpbmQgaXQgd2l0 aCBhCj4gPiA+ID4gcXVpY2sgc2VhcmNoLgo+ID4gPiA+Cj4gPiA+ID4gPiBidXQgaXQncyBhCj4g PiA+ID4gPiBiaXQgc3RpY2t5IHRvIGRvLgo+ID4gPiA+Cj4gPiA+ID4gQ2FuIHlvdSBzYXkgYSBm ZXcgd29yZHMgYWJvdXQgdGhlIG5hdHVyZSBvZiB0aGUgcHJvYmxlbT8KPiA+ID4KPiA+ID4gSSBy ZW1lbWJlcmVkIHdyb25nLCBpdCdzIGFjdHVhbGx5IGluIHRoZSB0cmVlOiA5OWNkYjhiOWE1NzMg KCJzZWNjb21wOgo+ID4gPiBub3RpZnkgYWJvdXQgdW51c2VkIGZpbHRlciIpLiBTbyBtYXliZSB0 aGVyZSdzIGEgYnVnIGhlcmU/Cj4gPgo+ID4gVGhhdCB0aGluZyBvbmx5IG5vdGlmaWVzIG9uIC0+ cG9sbCwgaXQgZG9lc24ndCB1bmJsb2NrIGlvY3RsczsgYW5kCj4gPiBNaWNoYWVsJ3Mgc2FtcGxl IGNvZGUgdXNlcyBTRUNDT01QX0lPQ1RMX05PVElGX1JFQ1YgdG8gd2FpdC4gU28gdGhhdAo+ID4g Y29tbWl0IGRvZXNuJ3QgaGF2ZSBhbnkgZWZmZWN0IG9uIHRoaXMga2luZCBvZiB1c2FnZS4KPgo+ IFllcywgdGhhbmtzLiBBbmQgdGhlIG9uZXMgc3R1Y2sgaW4gUkVDViBhcmUgd2FpdGluZyBvbiBh IHNlbWFwaG9yZSBzbwo+IHdlIGRvbid0IGhhdmUgYSBjb3VudCBvZiBhbGwgb2YgdGhlbSwgdW5m b3J0dW5hdGVseS4KPgo+IFdlIGNvdWxkIG1heWJlIGxvb2sgaW5zaWRlIHRoZSB3YWl0X2xpc3Qs IGJ1dCB0aGF0IHdpbGwgcHJvYmFibHkgbWFrZQo+IHBlb3BsZSBhbmdyeSA6KQoKVGhlIGVhc2ll c3Qgd2F5IHdvdWxkIHByb2JhYmx5IGJlIHRvIG9wZW4tY29kZSB0aGUgc2VtYXBob3JlLWlzaCBw YXJ0LAphbmQgbGV0IHRoZSBzZW1hcGhvcmUgYW5kIHBvbGwgc2hhcmUgdGhlIHdhaXRxdWV1ZS4g VGhlIGN1cnJlbnQgY29kZQpraW5kIG9mIG1pcnJvcnMgdGhlIHNlbWFwaG9yZSdzIHdhaXRxdWV1 ZSBpbiB0aGUgd3FoIC0gb3Blbi1jb2RpbmcgdGhlCmVudGlyZSBzZW1hcGhvcmUgd291bGQgSU1P IGJlIGNsZWFuZXIgdGhhbiB0aGF0LiBBbmQgaXQncyBub3QgbGlrZQpzZW1hcGhvcmUgc2VtYW50 aWNzIGFyZSBldmVuIGEgZ29vZCBmaXQgZm9yIHRoaXMgY29kZSBhbnl3YXkuCgpMZXQncyBzZWUu Li4gaWYgd2UgZGlkbid0IGhhdmUgdGhlIGV4aXN0aW5nIFVBUEkgdG8gd29ycnkgYWJvdXQsIEkn ZApkbyBpdCBhcyBmb2xsb3dzICgqY29tcGxldGVseSogdW50ZXN0ZWQpLiBUaGF0IHdheSwgdGhl IGlvY3RsIHdvdWxkCmJsb2NrIGV4YWN0bHkgdW50aWwgZWl0aGVyIHRoZXJlIGFjdHVhbGx5IGlz IGEgcmVxdWVzdCB0byBkZWxpdmVyIG9yCnRoZXJlIGFyZSBubyBtb3JlIHVzZXJzIG9mIHRoZSBm aWx0ZXIuIFRoZSBwcm9ibGVtIGlzIHRoYXQgaWYgd2UganVzdAphcHBseSB0aGlzIHBhdGNoLCBl eGlzdGluZyB1c2VycyBvZiBTRUNDT01QX0lPQ1RMX05PVElGX1JFQ1YgdGhhdCB1c2UKYW4gZXZl bnQgbG9vcCBhbmQgZG9uJ3Qgc2V0IE9fTk9OQkxPQ0sgd2lsbCBiZSBzY3Jld2VkLiBTbyB3ZSdk CnByb2JhYmx5IGFsc28gaGF2ZSB0byBhZGQgc29tZSBzdHVwaWQgY291bnRlciBpbiBwbGFjZSBv ZiB0aGUKc2VtYXBob3JlJ3MgY291bnRlciB0aGF0IHdlIGNhbiB1c2UgdG8gcHJlc2VydmUgdGhl IG9sZCBiZWhhdmlvciBvZgpyZXR1cm5pbmcgLUVOT0VOVCBvbmNlIGZvciBlYWNoIGNhbmNlbGxl ZCByZXF1ZXN0LiA6KAoKSSBndWVzcyB0aGlzIGlzIGEgbmljZSBwb2ludCBpbiBmYXZvciBvZiBN aWNoYWVsJ3MgdXN1YWwgY29tcGxhaW50CnRoYXQgaWYgdGhlcmUgYXJlIG5vIG1hbiBwYWdlcyBm b3IgYSBmZWF0dXJlIGJ5IHRoZSB0aW1lIHRoZSBmZWF0dXJlCmxhbmRzIHVwc3RyZWFtLCB0aGVy ZSdzIGEgaGlnaGVyIGNoYW5jZSB0aGF0IHRoZSBVQVBJIHdpbGwgc3Vjawpmb3JldmVyLi4uCgoK CmRpZmYgLS1naXQgYS9rZXJuZWwvc2VjY29tcC5jIGIva2VybmVsL3NlY2NvbXAuYwppbmRleCA2 NzZkNGFmNjIxMDMuLmYwZjRjNjhlMGJjNiAxMDA2NDQKLS0tIGEva2VybmVsL3NlY2NvbXAuYwor KysgYi9rZXJuZWwvc2VjY29tcC5jCkBAIC0xMzgsNyArMTM4LDYgQEAgc3RydWN0IHNlY2NvbXBf a2FkZGZkIHsKICAqIEBub3RpZmljYXRpb25zOiBBIGxpc3Qgb2Ygc3RydWN0IHNlY2NvbXBfa25v dGlmIGVsZW1lbnRzLgogICovCiBzdHJ1Y3Qgbm90aWZpY2F0aW9uIHsKLSAgICAgICBzdHJ1Y3Qg c2VtYXBob3JlIHJlcXVlc3Q7CiAgICAgICAgdTY0IG5leHRfaWQ7CiAgICAgICAgc3RydWN0IGxp c3RfaGVhZCBub3RpZmljYXRpb25zOwogfTsKQEAgLTg1OSw3ICs4NTgsNiBAQCBzdGF0aWMgaW50 IHNlY2NvbXBfZG9fdXNlcl9ub3RpZmljYXRpb24oaW50IHRoaXNfc3lzY2FsbCwKICAgICAgICBs aXN0X2FkZCgmbi5saXN0LCAmbWF0Y2gtPm5vdGlmLT5ub3RpZmljYXRpb25zKTsKICAgICAgICBJ TklUX0xJU1RfSEVBRCgmbi5hZGRmZCk7CgotICAgICAgIHVwKCZtYXRjaC0+bm90aWYtPnJlcXVl c3QpOwogICAgICAgIHdha2VfdXBfcG9sbCgmbWF0Y2gtPndxaCwgRVBPTExJTiB8IEVQT0xMUkRO T1JNKTsKICAgICAgICBtdXRleF91bmxvY2soJm1hdGNoLT5ub3RpZnlfbG9jayk7CgpAQCAtMTE3 NSw5ICsxMTczLDEwIEBAIGZpbmRfbm90aWZpY2F0aW9uKHN0cnVjdCBzZWNjb21wX2ZpbHRlciAq ZmlsdGVyLCB1NjQgaWQpCgoKIHN0YXRpYyBsb25nIHNlY2NvbXBfbm90aWZ5X3JlY3Yoc3RydWN0 IHNlY2NvbXBfZmlsdGVyICpmaWx0ZXIsCi0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg dm9pZCBfX3VzZXIgKmJ1ZikKKyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB2b2lkIF9f dXNlciAqYnVmLCBib29sIGJsb2NraW5nKQogewogICAgICAgIHN0cnVjdCBzZWNjb21wX2tub3Rp ZiAqa25vdGlmID0gTlVMTCwgKmN1cjsKKyAgICAgICBERUNMQVJFX1dBSVRRVUVVRSh3YWl0LCBj dXJyZW50KTsKICAgICAgICBzdHJ1Y3Qgc2VjY29tcF9ub3RpZiB1bm90aWY7CiAgICAgICAgc3Np emVfdCByZXQ7CgpAQCAtMTE5MCwxMSArMTE4OSw5IEBAIHN0YXRpYyBsb25nIHNlY2NvbXBfbm90 aWZ5X3JlY3Yoc3RydWN0CnNlY2NvbXBfZmlsdGVyICpmaWx0ZXIsCgogICAgICAgIG1lbXNldCgm dW5vdGlmLCAwLCBzaXplb2YodW5vdGlmKSk7CgotICAgICAgIHJldCA9IGRvd25faW50ZXJydXB0 aWJsZSgmZmlsdGVyLT5ub3RpZi0+cmVxdWVzdCk7Ci0gICAgICAgaWYgKHJldCA8IDApCi0gICAg ICAgICAgICAgICByZXR1cm4gcmV0OwotCiAgICAgICAgbXV0ZXhfbG9jaygmZmlsdGVyLT5ub3Rp ZnlfbG9jayk7CisKK3JldHJ5OgogICAgICAgIGxpc3RfZm9yX2VhY2hfZW50cnkoY3VyLCAmZmls dGVyLT5ub3RpZi0+bm90aWZpY2F0aW9ucywgbGlzdCkgewogICAgICAgICAgICAgICAgaWYgKGN1 ci0+c3RhdGUgPT0gU0VDQ09NUF9OT1RJRllfSU5JVCkgewogICAgICAgICAgICAgICAgICAgICAg ICBrbm90aWYgPSBjdXI7CkBAIC0xMjAyLDE0ICsxMTk5LDMyIEBAIHN0YXRpYyBsb25nIHNlY2Nv bXBfbm90aWZ5X3JlY3Yoc3RydWN0CnNlY2NvbXBfZmlsdGVyICpmaWx0ZXIsCiAgICAgICAgICAg ICAgICB9CiAgICAgICAgfQoKLSAgICAgICAvKgotICAgICAgICAqIElmIHdlIGRpZG4ndCBmaW5k IGEgbm90aWZpY2F0aW9uLCBpdCBjb3VsZCBiZSB0aGF0IHRoZSB0YXNrIHdhcwotICAgICAgICAq IGludGVycnVwdGVkIGJ5IGEgZmF0YWwgc2lnbmFsIGJldHdlZW4gdGhlIHRpbWUgd2Ugd2VyZSB3 b2tlbiBhbmQKLSAgICAgICAgKiB3aGVuIHdlIHdlcmUgYWJsZSB0byBhY3F1aXJlIHRoZSBydyBs b2NrLgotICAgICAgICAqLwogICAgICAgIGlmICgha25vdGlmKSB7Ci0gICAgICAgICAgICAgICBy ZXQgPSAtRU5PRU5UOwotICAgICAgICAgICAgICAgZ290byBvdXQ7CisgICAgICAgICAgICAgICAv KiBUaGlzIGhhcyB0byBoYXBwZW4gYmVmb3JlIGNoZWNraW5nICZmaWx0ZXItPnVzZXJzLiAqLwor ICAgICAgICAgICAgICAgcHJlcGFyZV90b193YWl0KCZmaWx0ZXItPndxaCwgJndhaXQsIFRBU0tf SU5URVJSVVBUSUJMRSk7CisKKyAgICAgICAgICAgICAgIC8qCisgICAgICAgICAgICAgICAgKiBJ ZiBhbGwgdXNlcnMgb2YgdGhlIGZpbHRlciBhcmUgZ29uZSwgdGhyb3cgYW4gZXJyb3IgaW5zdGVh ZAorICAgICAgICAgICAgICAgICogb2YgcG9pbnRsZXNzbHkgY29udGludWluZyB0byBibG9jay4K KyAgICAgICAgICAgICAgICAqLworICAgICAgICAgICAgICAgaWYgKHJlZmNvdW50X3JlYWQoJmZp bHRlci0+dXNlcnMpID09IDApIHsKKyAgICAgICAgICAgICAgICAgICAgICAgcmV0ID0gLUVOT1RD T047CisgICAgICAgICAgICAgICAgICAgICAgIGdvdG8gb3V0OworICAgICAgICAgICAgICAgfQor ICAgICAgICAgICAgICAgaWYgKGJsb2NraW5nKSB7CisgICAgICAgICAgICAgICAgICAgICAgIC8q IE5vIG5vdGlmaWNhdGlvbnMgcGVuZGluZyAtIHdhaXQgZm9yIG9uZSwKdGhlbiByZXRyeS4gKi8K KyAgICAgICAgICAgICAgICAgICAgICAgbXV0ZXhfdW5sb2NrKCZmaWx0ZXItPm5vdGlmeV9sb2Nr KTsKKyAgICAgICAgICAgICAgICAgICAgICAgc2NoZWR1bGUoKTsKKyAgICAgICAgICAgICAgICAg ICAgICAgbXV0ZXhfbG9jaygmZmlsdGVyLT5ub3RpZnlfbG9jayk7CisgICAgICAgICAgICAgICAg ICAgICAgIGlmIChzaWduYWxfcGVuZGluZyhjdXJyZW50KSkgeworICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgIHJldCA9IC1FSU5UUjsKKyAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICBnb3RvIG91dDsKKyAgICAgICAgICAgICAgICAgICAgICAgfQorICAgICAgICAgICAgICAgICAg ICAgICBnb3RvIHJldHJ5OworICAgICAgICAgICAgICAgfSBlbHNlIHsKKyAgICAgICAgICAgICAg ICAgICAgICAgcmV0ID0gLUVOT0VOVDsKKyAgICAgICAgICAgICAgICAgICAgICAgZ290byBvdXQ7 CisgICAgICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICB1bm90aWYuaWQgPSBrbm90aWYt PmlkOwpAQCAtMTIyMCw2ICsxMjM1LDcgQEAgc3RhdGljIGxvbmcgc2VjY29tcF9ub3RpZnlfcmVj dihzdHJ1Y3QKc2VjY29tcF9maWx0ZXIgKmZpbHRlciwKICAgICAgICB3YWtlX3VwX3BvbGwoJmZp bHRlci0+d3FoLCBFUE9MTE9VVCB8IEVQT0xMV1JOT1JNKTsKICAgICAgICByZXQgPSAwOwogb3V0 OgorICAgICAgIGZpbmlzaF93YWl0KCZmaWx0ZXItPndxaCwgJndhaXQpOwogICAgICAgIG11dGV4 X3VubG9jaygmZmlsdGVyLT5ub3RpZnlfbG9jayk7CgogICAgICAgIGlmIChyZXQgPT0gMCAmJiBj b3B5X3RvX3VzZXIoYnVmLCAmdW5vdGlmLCBzaXplb2YodW5vdGlmKSkpIHsKQEAgLTEyMzMsMTAg KzEyNDksOCBAQCBzdGF0aWMgbG9uZyBzZWNjb21wX25vdGlmeV9yZWN2KHN0cnVjdApzZWNjb21w X2ZpbHRlciAqZmlsdGVyLAogICAgICAgICAgICAgICAgICovCiAgICAgICAgICAgICAgICBtdXRl eF9sb2NrKCZmaWx0ZXItPm5vdGlmeV9sb2NrKTsKICAgICAgICAgICAgICAgIGtub3RpZiA9IGZp bmRfbm90aWZpY2F0aW9uKGZpbHRlciwgdW5vdGlmLmlkKTsKLSAgICAgICAgICAgICAgIGlmIChr bm90aWYpIHsKKyAgICAgICAgICAgICAgIGlmIChrbm90aWYpCiAgICAgICAgICAgICAgICAgICAg ICAgIGtub3RpZi0+c3RhdGUgPSBTRUNDT01QX05PVElGWV9JTklUOwotICAgICAgICAgICAgICAg ICAgICAgICB1cCgmZmlsdGVyLT5ub3RpZi0+cmVxdWVzdCk7Ci0gICAgICAgICAgICAgICB9CiAg ICAgICAgICAgICAgICBtdXRleF91bmxvY2soJmZpbHRlci0+bm90aWZ5X2xvY2spOwogICAgICAg IH0KCkBAIC0xNDEyLDExICsxNDI2LDEyIEBAIHN0YXRpYyBsb25nIHNlY2NvbXBfbm90aWZ5X2lv Y3RsKHN0cnVjdCBmaWxlCipmaWxlLCB1bnNpZ25lZCBpbnQgY21kLAogewogICAgICAgIHN0cnVj dCBzZWNjb21wX2ZpbHRlciAqZmlsdGVyID0gZmlsZS0+cHJpdmF0ZV9kYXRhOwogICAgICAgIHZv aWQgX191c2VyICpidWYgPSAodm9pZCBfX3VzZXIgKilhcmc7CisgICAgICAgYm9vbCBibG9ja2lu ZyA9ICEoZmlsZS0+Zl9mbGFncyAmIE9fTk9OQkxPQ0spOwoKICAgICAgICAvKiBGaXhlZC1zaXpl IGlvY3RscyAqLwogICAgICAgIHN3aXRjaCAoY21kKSB7CiAgICAgICAgY2FzZSBTRUNDT01QX0lP Q1RMX05PVElGX1JFQ1Y6Ci0gICAgICAgICAgICAgICByZXR1cm4gc2VjY29tcF9ub3RpZnlfcmVj dihmaWx0ZXIsIGJ1Zik7CisgICAgICAgICAgICAgICByZXR1cm4gc2VjY29tcF9ub3RpZnlfcmVj dihmaWx0ZXIsIGJ1ZiwgYmxvY2tpbmcpOwogICAgICAgIGNhc2UgU0VDQ09NUF9JT0NUTF9OT1RJ Rl9TRU5EOgogICAgICAgICAgICAgICAgcmV0dXJuIHNlY2NvbXBfbm90aWZ5X3NlbmQoZmlsdGVy LCBidWYpOwogICAgICAgIGNhc2UgU0VDQ09NUF9JT0NUTF9OT1RJRl9JRF9WQUxJRF9XUk9OR19E SVI6CkBAIC0xNDg1LDcgKzE1MDAsNiBAQCBzdGF0aWMgc3RydWN0IGZpbGUgKmluaXRfbGlzdGVu ZXIoc3RydWN0CnNlY2NvbXBfZmlsdGVyICpmaWx0ZXIpCiAgICAgICAgaWYgKCFmaWx0ZXItPm5v dGlmKQogICAgICAgICAgICAgICAgZ290byBvdXQ7CgotICAgICAgIHNlbWFfaW5pdCgmZmlsdGVy LT5ub3RpZi0+cmVxdWVzdCwgMCk7CiAgICAgICAgZmlsdGVyLT5ub3RpZi0+bmV4dF9pZCA9IGdl dF9yYW5kb21fdTY0KCk7CiAgICAgICAgSU5JVF9MSVNUX0hFQUQoJmZpbHRlci0+bm90aWYtPm5v dGlmaWNhdGlvbnMpOwpfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fXwpDb250YWluZXJzIG1haWxpbmcgbGlzdApDb250YWluZXJzQGxpc3RzLmxpbnV4LWZvdW5k YXRpb24ub3JnCmh0dHBzOi8vbGlzdHMubGludXhmb3VuZGF0aW9uLm9yZy9tYWlsbWFuL2xpc3Rp bmZvL2NvbnRhaW5lcnM=