From mboxrd@z Thu Jan 1 00:00:00 1970 From: Jeff Layton Subject: Re: [PATCH v23 17/22] richacl: Automatic Inheritance Date: Tue, 12 Jul 2016 07:56:00 -0400 Message-ID: <1468324560.7798.14.camel@redhat.com> References: <1467294433-3222-1-git-send-email-agruenba@redhat.com> <1467294433-3222-18-git-send-email-agruenba@redhat.com> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: QUOTED-PRINTABLE Return-path: In-Reply-To: <1467294433-3222-18-git-send-email-agruenba@redhat.com> Sender: linux-ext4-owner@vger.kernel.org To: Andreas Gruenbacher , Alexander Viro Cc: Christoph Hellwig , Theodore Ts'o , Andreas Dilger , "J. Bruce Fields" , Trond Myklebust , Anna Schumaker , Dave Chinner , linux-ext4@vger.kernel.org, xfs@oss.sgi.com, linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-nfs@vger.kernel.org, linux-cifs@vger.kernel.org, linux-api@vger.kernel.org List-Id: linux-api@vger.kernel.org On Thu, 2016-06-30 at 15:47 +0200, Andreas Gruenbacher wrote: > Automatic Inheritance (AI) allows changes to the acl of a directory t= o > propagate down to children. >=20 > This is mostly implemented in user space: when a process changes the > permissions of a directory and Automatic Inheritance is enabled for t= hat > directory, the process must propagate those changes to all children, > recursively. >=20 > The kernel enables this by keeping track of which permissions have be= en > inherited at create time.=C2=A0=C2=A0In addition, it makes sure that = permission > propagation is turned off when the permissions are set explicitly (fo= r > example, upon create or chmod). >=20 > Automatic Inheritance works as follows: >=20 > =C2=A0- When the RICHACL_AUTO_INHERIT flag in the acl of a file or di= rectory > =C2=A0=C2=A0=C2=A0is not set, the file or directory is not affected b= y AI. >=20 > =C2=A0- When the RICHACL_AUTO_INHERIT flag in the acl of a directory = is set > =C2=A0=C2=A0=C2=A0and a file or subdirectory is created in that direc= tory, the > =C2=A0=C2=A0=C2=A0inherited acl will have the RICHACL_AUTO_INHERIT fl= ag set, and all > =C2=A0=C2=A0=C2=A0inherited aces will have the RICHACE_INHERITED_ACE = flag set.=C2=A0=C2=A0This > =C2=A0=C2=A0=C2=A0allows user space to distinguish between aces which= have been > =C2=A0=C2=A0=C2=A0inherited and aces which have been explicitly added= =2E >=20 > =C2=A0- When the RICHACL_PROTECTED acl flag in the acl of a file or d= irectory > =C2=A0=C2=A0=C2=A0is set, AI will not modify the acl.=C2=A0=C2=A0This= does not affect propagation > =C2=A0=C2=A0=C2=A0of permissions from the file to its children (if th= e file is a > =C2=A0=C2=A0=C2=A0directory). >=20 > Linux does not have a way of creating files or directories without se= tting the > file permission bits, so all files created inside a directory with > RICHACL_AUTO_INHERIT set will have the RICHACL_PROTECTED flag set.=C2= =A0=C2=A0This > effectively disables Automatic Inheritance. >=20 > Protocols which support creating files without specifying permissions= can > explicitly clear the RICHACL_PROTECTED flag after creating a file and= reset the > file masks to "undo" applying the create mode; see richacl_compute_ma= x_masks(). > They should set the RICHACL_DEFAULTED flag.=C2=A0=C2=A0(A mechanism t= hat would allow to > indicate to the kernel to ignore the create mode in the first place w= hen there > are inherited permissions would be nice to have.) >=20 > Signed-off-by: Andreas Gruenbacher > --- > =C2=A0fs/richacl.c=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0| 20 +++++++++++++++= ++++- > =C2=A0include/linux/richacl.h=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0| 12= ++++++++++++ > =C2=A0include/uapi/linux/richacl.h | 11 ++++++++++- > =C2=A03 files changed, 41 insertions(+), 2 deletions(-) >=20 > diff --git a/fs/richacl.c b/fs/richacl.c > index 29eaf89..40e4af9 100644 > --- a/fs/richacl.c > +++ b/fs/richacl.c > @@ -573,7 +573,8 @@ __richacl_chmod(struct richacl *acl, umode_t mode= ) > =C2=A0 =C2=A0=C2=A0=C2=A0=C2=A0acl->a_group_mask =3D=3D group_mask && > =C2=A0 =C2=A0=C2=A0=C2=A0=C2=A0acl->a_other_mask =3D=3D other_mask && > =C2=A0 =C2=A0=C2=A0=C2=A0=C2=A0(acl->a_flags & RICHACL_MASKED) && > - =C2=A0=C2=A0=C2=A0=C2=A0(acl->a_flags & RICHACL_WRITE_THROUGH)) > + =C2=A0=C2=A0=C2=A0=C2=A0(acl->a_flags & RICHACL_WRITE_THROUGH) && > + =C2=A0=C2=A0=C2=A0=C2=A0(!richacl_is_auto_inherit(acl) || richacl_i= s_protected(acl))) > =C2=A0 return acl; > =C2=A0 > =C2=A0 clone =3D richacl_clone(acl, GFP_KERNEL); > @@ -585,6 +586,8 @@ __richacl_chmod(struct richacl *acl, umode_t mode= ) > =C2=A0 clone->a_owner_mask =3D owner_mask; > =C2=A0 clone->a_group_mask =3D group_mask; > =C2=A0 clone->a_other_mask =3D other_mask; > + if (richacl_is_auto_inherit(clone)) > + clone->a_flags |=3D RICHACL_PROTECTED; > =C2=A0 > =C2=A0 return clone; > =C2=A0} > @@ -800,6 +803,14 @@ richacl_inherit(const struct richacl *dir_acl, i= nt isdir) > =C2=A0 ace++; > =C2=A0 } > =C2=A0 } > + if (richacl_is_auto_inherit(dir_acl)) { > + acl->a_flags =3D RICHACL_AUTO_INHERIT; > + richacl_for_each_entry(ace, acl) > + ace->e_flags |=3D RICHACE_INHERITED_ACE; > + } else { > + richacl_for_each_entry(ace, acl) > + ace->e_flags &=3D ~RICHACE_INHERITED_ACE; > + } > =C2=A0 > =C2=A0 return acl; > =C2=A0} > @@ -828,6 +839,13 @@ richacl_inherit_inode(const struct richacl *dir_= acl, umode_t *mode_p) > =C2=A0 richacl_put(acl); > =C2=A0 acl =3D NULL; > =C2=A0 } else { > + /* > + =C2=A0* We need to set RICHACL_PROTECTED because we are > + =C2=A0* doing an implicit chmod > + =C2=A0*/ > + if (richacl_is_auto_inherit(acl)) > + acl->a_flags |=3D RICHACL_PROTECTED; > + > =C2=A0 richacl_compute_max_masks(acl); > =C2=A0 /* > =C2=A0 =C2=A0* Ensure that the acl will not grant any permissions > diff --git a/include/linux/richacl.h b/include/linux/richacl.h > index 7aca1a3..a442372 100644 > --- a/include/linux/richacl.h > +++ b/include/linux/richacl.h > @@ -81,6 +81,18 @@ extern void set_cached_richacl(struct inode *, str= uct richacl *); > =C2=A0extern void forget_cached_richacl(struct inode *); > =C2=A0extern struct richacl *get_richacl(struct inode *); > =C2=A0 > +static inline int > +richacl_is_auto_inherit(const struct richacl *acl) > +{ > + return acl->a_flags & RICHACL_AUTO_INHERIT; > +} > + > +static inline int > +richacl_is_protected(const struct richacl *acl) > +{ > + return acl->a_flags & RICHACL_PROTECTED; > +} > + > =C2=A0/** > =C2=A0 * richace_is_owner=C2=A0=C2=A0-=C2=A0=C2=A0check if @ace is an= OWNER@ entry > =C2=A0 */ > diff --git a/include/uapi/linux/richacl.h b/include/uapi/linux/richac= l.h > index 1ed48ac..8849a53 100644 > --- a/include/uapi/linux/richacl.h > +++ b/include/uapi/linux/richacl.h > @@ -18,6 +18,9 @@ > =C2=A0#define __UAPI_RICHACL_H > =C2=A0 > =C2=A0/* a_flags values */ > +#define RICHACL_AUTO_INHERIT 0x01 > +#define RICHACL_PROTECTED 0x02 > +#define RICHACL_DEFAULTED 0x04 > =C2=A0#define RICHACL_WRITE_THROUGH 0x40 > =C2=A0#define RICHACL_MASKED 0x80 > =C2=A0 > @@ -31,6 +34,7 @@ > =C2=A0#define RICHACE_NO_PROPAGATE_INHERIT_ACE 0x0004 > =C2=A0#define RICHACE_INHERIT_ONLY_ACE 0x0008 > =C2=A0#define RICHACE_IDENTIFIER_GROUP 0x0040 > +#define RICHACE_INHERITED_ACE 0x0080 > =C2=A0#define RICHACE_SPECIAL_WHO 0x4000 > =C2=A0 > =C2=A0/* e_mask bitflags */ > @@ -60,6 +64,9 @@ > =C2=A0#define RICHACE_EVERYONE_SPECIAL_ID 2 > =C2=A0 > =C2=A0#define RICHACL_VALID_FLAGS ( \ > + RICHACL_AUTO_INHERIT | \ > + RICHACL_PROTECTED | \ > + RICHACL_DEFAULTED | \ > =C2=A0 RICHACL_WRITE_THROUGH | \ > =C2=A0 RICHACL_MASKED ) > =C2=A0 > @@ -69,13 +76,15 @@ > =C2=A0 RICHACE_NO_PROPAGATE_INHERIT_ACE | \ > =C2=A0 RICHACE_INHERIT_ONLY_ACE | \ > =C2=A0 RICHACE_IDENTIFIER_GROUP | \ > + RICHACE_INHERITED_ACE | \ > =C2=A0 RICHACE_SPECIAL_WHO ) > =C2=A0 > =C2=A0#define RICHACE_INHERITANCE_FLAGS ( \ > =C2=A0 RICHACE_FILE_INHERIT_ACE | \ > =C2=A0 RICHACE_DIRECTORY_INHERIT_ACE | \ > =C2=A0 RICHACE_NO_PROPAGATE_INHERIT_ACE | \ > - RICHACE_INHERIT_ONLY_ACE ) > + RICHACE_INHERIT_ONLY_ACE | \ > + RICHACE_INHERITED_ACE ) > =C2=A0 > =C2=A0/* Valid RICHACE_* flags for directories and non-directories */ > =C2=A0#define RICHACE_VALID_MASK ( =09 > \ Barf. AI seems like a trainwreck waiting to happen. What are the chances that userland is going to get this right? Still, I do applaud the fact that you're just doing the bare minimum in kernel to support userland apps that want this. Thanks for not trying to push the propagation of the changed ACEs into the kernel. Reviewed-by: Jeff Layton -- To unsubscribe from this list: send the line "unsubscribe linux-ext4" i= n the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-qt0-f173.google.com ([209.85.216.173]:35834 "EHLO mail-qt0-f173.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S933154AbcGLL4D (ORCPT ); Tue, 12 Jul 2016 07:56:03 -0400 Received: by mail-qt0-f173.google.com with SMTP id j35so6438954qtj.2 for ; Tue, 12 Jul 2016 04:56:03 -0700 (PDT) Message-ID: <1468324560.7798.14.camel@redhat.com> Subject: Re: [PATCH v23 17/22] richacl: Automatic Inheritance From: Jeff Layton To: Andreas Gruenbacher , Alexander Viro Cc: Christoph Hellwig , "Theodore Ts'o" , Andreas Dilger , "J. Bruce Fields" , Trond Myklebust , Anna Schumaker , Dave Chinner , linux-ext4@vger.kernel.org, xfs@oss.sgi.com, linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-nfs@vger.kernel.org, linux-cifs@vger.kernel.org, linux-api@vger.kernel.org Date: Tue, 12 Jul 2016 07:56:00 -0400 In-Reply-To: <1467294433-3222-18-git-send-email-agruenba@redhat.com> References: <1467294433-3222-1-git-send-email-agruenba@redhat.com> <1467294433-3222-18-git-send-email-agruenba@redhat.com> Content-Type: text/plain; charset="UTF-8" Mime-Version: 1.0 Sender: linux-nfs-owner@vger.kernel.org List-ID: On Thu, 2016-06-30 at 15:47 +0200, Andreas Gruenbacher wrote: > Automatic Inheritance (AI) allows changes to the acl of a directory to > propagate down to children. > > This is mostly implemented in user space: when a process changes the > permissions of a directory and Automatic Inheritance is enabled for that > directory, the process must propagate those changes to all children, > recursively. > > The kernel enables this by keeping track of which permissions have been > inherited at create time.  In addition, it makes sure that permission > propagation is turned off when the permissions are set explicitly (for > example, upon create or chmod). > > Automatic Inheritance works as follows: > >  - When the RICHACL_AUTO_INHERIT flag in the acl of a file or directory >    is not set, the file or directory is not affected by AI. > >  - When the RICHACL_AUTO_INHERIT flag in the acl of a directory is set >    and a file or subdirectory is created in that directory, the >    inherited acl will have the RICHACL_AUTO_INHERIT flag set, and all >    inherited aces will have the RICHACE_INHERITED_ACE flag set.  This >    allows user space to distinguish between aces which have been >    inherited and aces which have been explicitly added. > >  - When the RICHACL_PROTECTED acl flag in the acl of a file or directory >    is set, AI will not modify the acl.  This does not affect propagation >    of permissions from the file to its children (if the file is a >    directory). > > Linux does not have a way of creating files or directories without setting the > file permission bits, so all files created inside a directory with > RICHACL_AUTO_INHERIT set will have the RICHACL_PROTECTED flag set.  This > effectively disables Automatic Inheritance. > > Protocols which support creating files without specifying permissions can > explicitly clear the RICHACL_PROTECTED flag after creating a file and reset the > file masks to "undo" applying the create mode; see richacl_compute_max_masks(). > They should set the RICHACL_DEFAULTED flag.  (A mechanism that would allow to > indicate to the kernel to ignore the create mode in the first place when there > are inherited permissions would be nice to have.) > > Signed-off-by: Andreas Gruenbacher > --- >  fs/richacl.c                 | 20 +++++++++++++++++++- >  include/linux/richacl.h      | 12 ++++++++++++ >  include/uapi/linux/richacl.h | 11 ++++++++++- >  3 files changed, 41 insertions(+), 2 deletions(-) > > diff --git a/fs/richacl.c b/fs/richacl.c > index 29eaf89..40e4af9 100644 > --- a/fs/richacl.c > +++ b/fs/richacl.c > @@ -573,7 +573,8 @@ __richacl_chmod(struct richacl *acl, umode_t mode) >       acl->a_group_mask == group_mask && >       acl->a_other_mask == other_mask && >       (acl->a_flags & RICHACL_MASKED) && > -     (acl->a_flags & RICHACL_WRITE_THROUGH)) > +     (acl->a_flags & RICHACL_WRITE_THROUGH) && > +     (!richacl_is_auto_inherit(acl) || richacl_is_protected(acl))) >   return acl; >   >   clone = richacl_clone(acl, GFP_KERNEL); > @@ -585,6 +586,8 @@ __richacl_chmod(struct richacl *acl, umode_t mode) >   clone->a_owner_mask = owner_mask; >   clone->a_group_mask = group_mask; >   clone->a_other_mask = other_mask; > + if (richacl_is_auto_inherit(clone)) > + clone->a_flags |= RICHACL_PROTECTED; >   >   return clone; >  } > @@ -800,6 +803,14 @@ richacl_inherit(const struct richacl *dir_acl, int isdir) >   ace++; >   } >   } > + if (richacl_is_auto_inherit(dir_acl)) { > + acl->a_flags = RICHACL_AUTO_INHERIT; > + richacl_for_each_entry(ace, acl) > + ace->e_flags |= RICHACE_INHERITED_ACE; > + } else { > + richacl_for_each_entry(ace, acl) > + ace->e_flags &= ~RICHACE_INHERITED_ACE; > + } >   >   return acl; >  } > @@ -828,6 +839,13 @@ richacl_inherit_inode(const struct richacl *dir_acl, umode_t *mode_p) >   richacl_put(acl); >   acl = NULL; >   } else { > + /* > +  * We need to set RICHACL_PROTECTED because we are > +  * doing an implicit chmod > +  */ > + if (richacl_is_auto_inherit(acl)) > + acl->a_flags |= RICHACL_PROTECTED; > + >   richacl_compute_max_masks(acl); >   /* >    * Ensure that the acl will not grant any permissions > diff --git a/include/linux/richacl.h b/include/linux/richacl.h > index 7aca1a3..a442372 100644 > --- a/include/linux/richacl.h > +++ b/include/linux/richacl.h > @@ -81,6 +81,18 @@ extern void set_cached_richacl(struct inode *, struct richacl *); >  extern void forget_cached_richacl(struct inode *); >  extern struct richacl *get_richacl(struct inode *); >   > +static inline int > +richacl_is_auto_inherit(const struct richacl *acl) > +{ > + return acl->a_flags & RICHACL_AUTO_INHERIT; > +} > + > +static inline int > +richacl_is_protected(const struct richacl *acl) > +{ > + return acl->a_flags & RICHACL_PROTECTED; > +} > + >  /** >   * richace_is_owner  -  check if @ace is an OWNER@ entry >   */ > diff --git a/include/uapi/linux/richacl.h b/include/uapi/linux/richacl.h > index 1ed48ac..8849a53 100644 > --- a/include/uapi/linux/richacl.h > +++ b/include/uapi/linux/richacl.h > @@ -18,6 +18,9 @@ >  #define __UAPI_RICHACL_H >   >  /* a_flags values */ > +#define RICHACL_AUTO_INHERIT 0x01 > +#define RICHACL_PROTECTED 0x02 > +#define RICHACL_DEFAULTED 0x04 >  #define RICHACL_WRITE_THROUGH 0x40 >  #define RICHACL_MASKED 0x80 >   > @@ -31,6 +34,7 @@ >  #define RICHACE_NO_PROPAGATE_INHERIT_ACE 0x0004 >  #define RICHACE_INHERIT_ONLY_ACE 0x0008 >  #define RICHACE_IDENTIFIER_GROUP 0x0040 > +#define RICHACE_INHERITED_ACE 0x0080 >  #define RICHACE_SPECIAL_WHO 0x4000 >   >  /* e_mask bitflags */ > @@ -60,6 +64,9 @@ >  #define RICHACE_EVERYONE_SPECIAL_ID 2 >   >  #define RICHACL_VALID_FLAGS ( \ > + RICHACL_AUTO_INHERIT | \ > + RICHACL_PROTECTED | \ > + RICHACL_DEFAULTED | \ >   RICHACL_WRITE_THROUGH | \ >   RICHACL_MASKED ) >   > @@ -69,13 +76,15 @@ >   RICHACE_NO_PROPAGATE_INHERIT_ACE | \ >   RICHACE_INHERIT_ONLY_ACE | \ >   RICHACE_IDENTIFIER_GROUP | \ > + RICHACE_INHERITED_ACE | \ >   RICHACE_SPECIAL_WHO ) >   >  #define RICHACE_INHERITANCE_FLAGS ( \ >   RICHACE_FILE_INHERIT_ACE | \ >   RICHACE_DIRECTORY_INHERIT_ACE | \ >   RICHACE_NO_PROPAGATE_INHERIT_ACE | \ > - RICHACE_INHERIT_ONLY_ACE ) > + RICHACE_INHERIT_ONLY_ACE | \ > + RICHACE_INHERITED_ACE ) >   >  /* Valid RICHACE_* flags for directories and non-directories */ >  #define RICHACE_VALID_MASK ( > \ Barf. AI seems like a trainwreck waiting to happen. What are the chances that userland is going to get this right? Still, I do applaud the fact that you're just doing the bare minimum in kernel to support userland apps that want this. Thanks for not trying to push the propagation of the changed ACEs into the kernel. Reviewed-by: Jeff Layton From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from relay.sgi.com (relay3.corp.sgi.com [198.149.34.15]) by oss.sgi.com (Postfix) with ESMTP id 358607CA4 for ; Tue, 12 Jul 2016 06:56:10 -0500 (CDT) Received: from cuda.sgi.com (cuda3.sgi.com [192.48.176.15]) by relay3.corp.sgi.com (Postfix) with ESMTP id 93DB9AC001 for ; Tue, 12 Jul 2016 04:56:06 -0700 (PDT) Received: from mail-qt0-f177.google.com (mail-qt0-f177.google.com [209.85.216.177]) by cuda.sgi.com with ESMTP id AEaAZN7SfsJnU4mj (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO) for ; Tue, 12 Jul 2016 04:56:03 -0700 (PDT) Received: by mail-qt0-f177.google.com with SMTP id 52so6397804qtq.3 for ; Tue, 12 Jul 2016 04:56:03 -0700 (PDT) Message-ID: <1468324560.7798.14.camel@redhat.com> Subject: Re: [PATCH v23 17/22] richacl: Automatic Inheritance From: Jeff Layton Date: Tue, 12 Jul 2016 07:56:00 -0400 In-Reply-To: <1467294433-3222-18-git-send-email-agruenba@redhat.com> References: <1467294433-3222-1-git-send-email-agruenba@redhat.com> <1467294433-3222-18-git-send-email-agruenba@redhat.com> Mime-Version: 1.0 List-Id: XFS Filesystem from SGI List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Errors-To: xfs-bounces@oss.sgi.com Sender: xfs-bounces@oss.sgi.com To: Andreas Gruenbacher , Alexander Viro Cc: "J. Bruce Fields" , linux-nfs@vger.kernel.org, Theodore Ts'o , linux-cifs@vger.kernel.org, linux-api@vger.kernel.org, Trond Myklebust , linux-kernel@vger.kernel.org, xfs@oss.sgi.com, Christoph Hellwig , Andreas Dilger , linux-fsdevel@vger.kernel.org, linux-ext4@vger.kernel.org, Anna Schumaker T24gVGh1LCAyMDE2LTA2LTMwIGF0IDE1OjQ3ICswMjAwLCBBbmRyZWFzIEdydWVuYmFjaGVyIHdy b3RlOgo+IEF1dG9tYXRpYyBJbmhlcml0YW5jZSAoQUkpIGFsbG93cyBjaGFuZ2VzIHRvIHRoZSBh Y2wgb2YgYSBkaXJlY3RvcnkgdG8KPiBwcm9wYWdhdGUgZG93biB0byBjaGlsZHJlbi4KPiAKPiBU aGlzIGlzIG1vc3RseSBpbXBsZW1lbnRlZCBpbiB1c2VyIHNwYWNlOiB3aGVuIGEgcHJvY2VzcyBj aGFuZ2VzIHRoZQo+IHBlcm1pc3Npb25zIG9mIGEgZGlyZWN0b3J5IGFuZCBBdXRvbWF0aWMgSW5o ZXJpdGFuY2UgaXMgZW5hYmxlZCBmb3IgdGhhdAo+IGRpcmVjdG9yeSwgdGhlIHByb2Nlc3MgbXVz dCBwcm9wYWdhdGUgdGhvc2UgY2hhbmdlcyB0byBhbGwgY2hpbGRyZW4sCj4gcmVjdXJzaXZlbHku Cj4gCj4gVGhlIGtlcm5lbCBlbmFibGVzIHRoaXMgYnkga2VlcGluZyB0cmFjayBvZiB3aGljaCBw ZXJtaXNzaW9ucyBoYXZlIGJlZW4KPiBpbmhlcml0ZWQgYXQgY3JlYXRlIHRpbWUuwqDCoEluIGFk ZGl0aW9uLCBpdCBtYWtlcyBzdXJlIHRoYXQgcGVybWlzc2lvbgo+IHByb3BhZ2F0aW9uIGlzIHR1 cm5lZCBvZmYgd2hlbiB0aGUgcGVybWlzc2lvbnMgYXJlIHNldCBleHBsaWNpdGx5IChmb3IKPiBl eGFtcGxlLCB1cG9uIGNyZWF0ZSBvciBjaG1vZCkuCj4gCj4gQXV0b21hdGljIEluaGVyaXRhbmNl IHdvcmtzIGFzIGZvbGxvd3M6Cj4gCj4gwqAtIFdoZW4gdGhlIFJJQ0hBQ0xfQVVUT19JTkhFUklU IGZsYWcgaW4gdGhlIGFjbCBvZiBhIGZpbGUgb3IgZGlyZWN0b3J5Cj4gwqDCoMKgaXMgbm90IHNl dCwgdGhlIGZpbGUgb3IgZGlyZWN0b3J5IGlzIG5vdCBhZmZlY3RlZCBieSBBSS4KPiAKPiDCoC0g V2hlbiB0aGUgUklDSEFDTF9BVVRPX0lOSEVSSVQgZmxhZyBpbiB0aGUgYWNsIG9mIGEgZGlyZWN0 b3J5IGlzIHNldAo+IMKgwqDCoGFuZCBhIGZpbGUgb3Igc3ViZGlyZWN0b3J5IGlzIGNyZWF0ZWQg aW4gdGhhdCBkaXJlY3RvcnksIHRoZQo+IMKgwqDCoGluaGVyaXRlZCBhY2wgd2lsbCBoYXZlIHRo ZSBSSUNIQUNMX0FVVE9fSU5IRVJJVCBmbGFnIHNldCwgYW5kIGFsbAo+IMKgwqDCoGluaGVyaXRl ZCBhY2VzIHdpbGwgaGF2ZSB0aGUgUklDSEFDRV9JTkhFUklURURfQUNFIGZsYWcgc2V0LsKgwqBU aGlzCj4gwqDCoMKgYWxsb3dzIHVzZXIgc3BhY2UgdG8gZGlzdGluZ3Vpc2ggYmV0d2VlbiBhY2Vz IHdoaWNoIGhhdmUgYmVlbgo+IMKgwqDCoGluaGVyaXRlZCBhbmQgYWNlcyB3aGljaCBoYXZlIGJl ZW4gZXhwbGljaXRseSBhZGRlZC4KPiAKPiDCoC0gV2hlbiB0aGUgUklDSEFDTF9QUk9URUNURUQg YWNsIGZsYWcgaW4gdGhlIGFjbCBvZiBhIGZpbGUgb3IgZGlyZWN0b3J5Cj4gwqDCoMKgaXMgc2V0 LCBBSSB3aWxsIG5vdCBtb2RpZnkgdGhlIGFjbC7CoMKgVGhpcyBkb2VzIG5vdCBhZmZlY3QgcHJv cGFnYXRpb24KPiDCoMKgwqBvZiBwZXJtaXNzaW9ucyBmcm9tIHRoZSBmaWxlIHRvIGl0cyBjaGls ZHJlbiAoaWYgdGhlIGZpbGUgaXMgYQo+IMKgwqDCoGRpcmVjdG9yeSkuCj4gCj4gTGludXggZG9l cyBub3QgaGF2ZSBhIHdheSBvZiBjcmVhdGluZyBmaWxlcyBvciBkaXJlY3RvcmllcyB3aXRob3V0 IHNldHRpbmcgdGhlCj4gZmlsZSBwZXJtaXNzaW9uIGJpdHMsIHNvIGFsbCBmaWxlcyBjcmVhdGVk IGluc2lkZSBhIGRpcmVjdG9yeSB3aXRoCj4gUklDSEFDTF9BVVRPX0lOSEVSSVQgc2V0IHdpbGwg aGF2ZSB0aGUgUklDSEFDTF9QUk9URUNURUQgZmxhZyBzZXQuwqDCoFRoaXMKPiBlZmZlY3RpdmVs eSBkaXNhYmxlcyBBdXRvbWF0aWMgSW5oZXJpdGFuY2UuCj4gCj4gUHJvdG9jb2xzIHdoaWNoIHN1 cHBvcnQgY3JlYXRpbmcgZmlsZXMgd2l0aG91dCBzcGVjaWZ5aW5nIHBlcm1pc3Npb25zIGNhbgo+ IGV4cGxpY2l0bHkgY2xlYXIgdGhlIFJJQ0hBQ0xfUFJPVEVDVEVEIGZsYWcgYWZ0ZXIgY3JlYXRp bmcgYSBmaWxlIGFuZCByZXNldCB0aGUKPiBmaWxlIG1hc2tzIHRvICJ1bmRvIiBhcHBseWluZyB0 aGUgY3JlYXRlIG1vZGU7IHNlZSByaWNoYWNsX2NvbXB1dGVfbWF4X21hc2tzKCkuCj4gVGhleSBz aG91bGQgc2V0IHRoZSBSSUNIQUNMX0RFRkFVTFRFRCBmbGFnLsKgwqAoQSBtZWNoYW5pc20gdGhh dCB3b3VsZCBhbGxvdyB0bwo+IGluZGljYXRlIHRvIHRoZSBrZXJuZWwgdG8gaWdub3JlIHRoZSBj cmVhdGUgbW9kZSBpbiB0aGUgZmlyc3QgcGxhY2Ugd2hlbiB0aGVyZQo+IGFyZSBpbmhlcml0ZWQg cGVybWlzc2lvbnMgd291bGQgYmUgbmljZSB0byBoYXZlLikKPiAKPiBTaWduZWQtb2ZmLWJ5OiBB bmRyZWFzIEdydWVuYmFjaGVyIDxhZ3J1ZW5iYUByZWRoYXQuY29tPgo+IC0tLQo+IMKgZnMvcmlj aGFjbC5jwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoHwgMjAgKysrKysrKysrKysr KysrKysrKy0KPiDCoGluY2x1ZGUvbGludXgvcmljaGFjbC5owqDCoMKgwqDCoMKgfCAxMiArKysr KysrKysrKysKPiDCoGluY2x1ZGUvdWFwaS9saW51eC9yaWNoYWNsLmggfCAxMSArKysrKysrKysr LQo+IMKgMyBmaWxlcyBjaGFuZ2VkLCA0MSBpbnNlcnRpb25zKCspLCAyIGRlbGV0aW9ucygtKQo+ IAo+IGRpZmYgLS1naXQgYS9mcy9yaWNoYWNsLmMgYi9mcy9yaWNoYWNsLmMKPiBpbmRleCAyOWVh Zjg5Li40MGU0YWY5IDEwMDY0NAo+IC0tLSBhL2ZzL3JpY2hhY2wuYwo+ICsrKyBiL2ZzL3JpY2hh Y2wuYwo+IEBAIC01NzMsNyArNTczLDggQEAgX19yaWNoYWNsX2NobW9kKHN0cnVjdCByaWNoYWNs ICphY2wsIHVtb2RlX3QgbW9kZSkKPiDCoAnCoMKgwqDCoGFjbC0+YV9ncm91cF9tYXNrID09IGdy b3VwX21hc2sgJiYKPiDCoAnCoMKgwqDCoGFjbC0+YV9vdGhlcl9tYXNrID09IG90aGVyX21hc2sg JiYKPiDCoAnCoMKgwqDCoChhY2wtPmFfZmxhZ3MgJiBSSUNIQUNMX01BU0tFRCkgJiYKPiAtCcKg wqDCoMKgKGFjbC0+YV9mbGFncyAmIFJJQ0hBQ0xfV1JJVEVfVEhST1VHSCkpCj4gKwnCoMKgwqDC oChhY2wtPmFfZmxhZ3MgJiBSSUNIQUNMX1dSSVRFX1RIUk9VR0gpICYmCj4gKwnCoMKgwqDCoCgh cmljaGFjbF9pc19hdXRvX2luaGVyaXQoYWNsKSB8fCByaWNoYWNsX2lzX3Byb3RlY3RlZChhY2wp KSkKPiDCoAkJcmV0dXJuIGFjbDsKPiDCoAo+IMKgCWNsb25lID0gcmljaGFjbF9jbG9uZShhY2ws IEdGUF9LRVJORUwpOwo+IEBAIC01ODUsNiArNTg2LDggQEAgX19yaWNoYWNsX2NobW9kKHN0cnVj dCByaWNoYWNsICphY2wsIHVtb2RlX3QgbW9kZSkKPiDCoAljbG9uZS0+YV9vd25lcl9tYXNrID0g b3duZXJfbWFzazsKPiDCoAljbG9uZS0+YV9ncm91cF9tYXNrID0gZ3JvdXBfbWFzazsKPiDCoAlj bG9uZS0+YV9vdGhlcl9tYXNrID0gb3RoZXJfbWFzazsKPiArCWlmIChyaWNoYWNsX2lzX2F1dG9f aW5oZXJpdChjbG9uZSkpCj4gKwkJY2xvbmUtPmFfZmxhZ3MgfD0gUklDSEFDTF9QUk9URUNURUQ7 Cj4gwqAKPiDCoAlyZXR1cm4gY2xvbmU7Cj4gwqB9Cj4gQEAgLTgwMCw2ICs4MDMsMTQgQEAgcmlj aGFjbF9pbmhlcml0KGNvbnN0IHN0cnVjdCByaWNoYWNsICpkaXJfYWNsLCBpbnQgaXNkaXIpCj4g wqAJCQlhY2UrKzsKPiDCoAkJfQo+IMKgCX0KPiArCWlmIChyaWNoYWNsX2lzX2F1dG9faW5oZXJp dChkaXJfYWNsKSkgewo+ICsJCWFjbC0+YV9mbGFncyA9IFJJQ0hBQ0xfQVVUT19JTkhFUklUOwo+ ICsJCXJpY2hhY2xfZm9yX2VhY2hfZW50cnkoYWNlLCBhY2wpCj4gKwkJCWFjZS0+ZV9mbGFncyB8 PSBSSUNIQUNFX0lOSEVSSVRFRF9BQ0U7Cj4gKwl9IGVsc2Ugewo+ICsJCXJpY2hhY2xfZm9yX2Vh Y2hfZW50cnkoYWNlLCBhY2wpCj4gKwkJCWFjZS0+ZV9mbGFncyAmPSB+UklDSEFDRV9JTkhFUklU RURfQUNFOwo+ICsJfQo+IMKgCj4gwqAJcmV0dXJuIGFjbDsKPiDCoH0KPiBAQCAtODI4LDYgKzgz OSwxMyBAQCByaWNoYWNsX2luaGVyaXRfaW5vZGUoY29uc3Qgc3RydWN0IHJpY2hhY2wgKmRpcl9h Y2wsIHVtb2RlX3QgKm1vZGVfcCkKPiDCoAkJCXJpY2hhY2xfcHV0KGFjbCk7Cj4gwqAJCQlhY2wg PSBOVUxMOwo+IMKgCQl9IGVsc2Ugewo+ICsJCQkvKgo+ICsJCQnCoCogV2UgbmVlZCB0byBzZXQg UklDSEFDTF9QUk9URUNURUQgYmVjYXVzZSB3ZSBhcmUKPiArCQkJwqAqIGRvaW5nIGFuIGltcGxp Y2l0IGNobW9kCj4gKwkJCcKgKi8KPiArCQkJaWYgKHJpY2hhY2xfaXNfYXV0b19pbmhlcml0KGFj bCkpCj4gKwkJCQlhY2wtPmFfZmxhZ3MgfD0gUklDSEFDTF9QUk9URUNURUQ7Cj4gKwo+IMKgCQkJ cmljaGFjbF9jb21wdXRlX21heF9tYXNrcyhhY2wpOwo+IMKgCQkJLyoKPiDCoAkJCcKgKiBFbnN1 cmUgdGhhdCB0aGUgYWNsIHdpbGwgbm90IGdyYW50IGFueSBwZXJtaXNzaW9ucwo+IGRpZmYgLS1n aXQgYS9pbmNsdWRlL2xpbnV4L3JpY2hhY2wuaCBiL2luY2x1ZGUvbGludXgvcmljaGFjbC5oCj4g aW5kZXggN2FjYTFhMy4uYTQ0MjM3MiAxMDA2NDQKPiAtLS0gYS9pbmNsdWRlL2xpbnV4L3JpY2hh Y2wuaAo+ICsrKyBiL2luY2x1ZGUvbGludXgvcmljaGFjbC5oCj4gQEAgLTgxLDYgKzgxLDE4IEBA IGV4dGVybiB2b2lkIHNldF9jYWNoZWRfcmljaGFjbChzdHJ1Y3QgaW5vZGUgKiwgc3RydWN0IHJp Y2hhY2wgKik7Cj4gwqBleHRlcm4gdm9pZCBmb3JnZXRfY2FjaGVkX3JpY2hhY2woc3RydWN0IGlu b2RlICopOwo+IMKgZXh0ZXJuIHN0cnVjdCByaWNoYWNsICpnZXRfcmljaGFjbChzdHJ1Y3QgaW5v ZGUgKik7Cj4gwqAKPiArc3RhdGljIGlubGluZSBpbnQKPiArcmljaGFjbF9pc19hdXRvX2luaGVy aXQoY29uc3Qgc3RydWN0IHJpY2hhY2wgKmFjbCkKPiArewo+ICsJcmV0dXJuIGFjbC0+YV9mbGFn cyAmIFJJQ0hBQ0xfQVVUT19JTkhFUklUOwo+ICt9Cj4gKwo+ICtzdGF0aWMgaW5saW5lIGludAo+ ICtyaWNoYWNsX2lzX3Byb3RlY3RlZChjb25zdCBzdHJ1Y3QgcmljaGFjbCAqYWNsKQo+ICt7Cj4g KwlyZXR1cm4gYWNsLT5hX2ZsYWdzICYgUklDSEFDTF9QUk9URUNURUQ7Cj4gK30KPiArCj4gwqAv KioKPiDCoCAqIHJpY2hhY2VfaXNfb3duZXLCoMKgLcKgwqBjaGVjayBpZiBAYWNlIGlzIGFuIE9X TkVSQCBlbnRyeQo+IMKgICovCj4gZGlmZiAtLWdpdCBhL2luY2x1ZGUvdWFwaS9saW51eC9yaWNo YWNsLmggYi9pbmNsdWRlL3VhcGkvbGludXgvcmljaGFjbC5oCj4gaW5kZXggMWVkNDhhYy4uODg0 OWE1MyAxMDA2NDQKPiAtLS0gYS9pbmNsdWRlL3VhcGkvbGludXgvcmljaGFjbC5oCj4gKysrIGIv aW5jbHVkZS91YXBpL2xpbnV4L3JpY2hhY2wuaAo+IEBAIC0xOCw2ICsxOCw5IEBACj4gwqAjZGVm aW5lIF9fVUFQSV9SSUNIQUNMX0gKPiDCoAo+IMKgLyogYV9mbGFncyB2YWx1ZXMgKi8KPiArI2Rl ZmluZSBSSUNIQUNMX0FVVE9fSU5IRVJJVAkJCTB4MDEKPiArI2RlZmluZSBSSUNIQUNMX1BST1RF Q1RFRAkJCTB4MDIKPiArI2RlZmluZSBSSUNIQUNMX0RFRkFVTFRFRAkJCTB4MDQKPiDCoCNkZWZp bmUgUklDSEFDTF9XUklURV9USFJPVUdICQkJMHg0MAo+IMKgI2RlZmluZSBSSUNIQUNMX01BU0tF RAkJCQkweDgwCj4gwqAKPiBAQCAtMzEsNiArMzQsNyBAQAo+IMKgI2RlZmluZSBSSUNIQUNFX05P X1BST1BBR0FURV9JTkhFUklUX0FDRQkweDAwMDQKPiDCoCNkZWZpbmUgUklDSEFDRV9JTkhFUklU X09OTFlfQUNFCQkweDAwMDgKPiDCoCNkZWZpbmUgUklDSEFDRV9JREVOVElGSUVSX0dST1VQCQkw eDAwNDAKPiArI2RlZmluZSBSSUNIQUNFX0lOSEVSSVRFRF9BQ0UJCQkweDAwODAKPiDCoCNkZWZp bmUgUklDSEFDRV9TUEVDSUFMX1dITwkJCTB4NDAwMAo+IMKgCj4gwqAvKiBlX21hc2sgYml0Zmxh Z3MgKi8KPiBAQCAtNjAsNiArNjQsOSBAQAo+IMKgI2RlZmluZSBSSUNIQUNFX0VWRVJZT05FX1NQ RUNJQUxfSUQJCTIKPiDCoAo+IMKgI2RlZmluZSBSSUNIQUNMX1ZBTElEX0ZMQUdTICgJCQkJCVwK PiArCVJJQ0hBQ0xfQVVUT19JTkhFUklUIHwJCQkJCVwKPiArCVJJQ0hBQ0xfUFJPVEVDVEVEIHwJ CQkJCVwKPiArCVJJQ0hBQ0xfREVGQVVMVEVEIHwJCQkJCVwKPiDCoAlSSUNIQUNMX1dSSVRFX1RI Uk9VR0ggfAkJCQkJXAo+IMKgCVJJQ0hBQ0xfTUFTS0VEICkKPiDCoAo+IEBAIC02OSwxMyArNzYs MTUgQEAKPiDCoAlSSUNIQUNFX05PX1BST1BBR0FURV9JTkhFUklUX0FDRSB8CQkJXAo+IMKgCVJJ Q0hBQ0VfSU5IRVJJVF9PTkxZX0FDRSB8CQkJCVwKPiDCoAlSSUNIQUNFX0lERU5USUZJRVJfR1JP VVAgfAkJCQlcCj4gKwlSSUNIQUNFX0lOSEVSSVRFRF9BQ0UgfAkJCQkJXAo+IMKgCVJJQ0hBQ0Vf U1BFQ0lBTF9XSE8gKQo+IMKgCj4gwqAjZGVmaW5lIFJJQ0hBQ0VfSU5IRVJJVEFOQ0VfRkxBR1Mg KAkJCQlcCj4gwqAJUklDSEFDRV9GSUxFX0lOSEVSSVRfQUNFIHwJCQkJXAo+IMKgCVJJQ0hBQ0Vf RElSRUNUT1JZX0lOSEVSSVRfQUNFIHwJCQkJXAo+IMKgCVJJQ0hBQ0VfTk9fUFJPUEFHQVRFX0lO SEVSSVRfQUNFIHwJCQlcCj4gLQlSSUNIQUNFX0lOSEVSSVRfT05MWV9BQ0UgKQo+ICsJUklDSEFD RV9JTkhFUklUX09OTFlfQUNFIHwJCQkJXAo+ICsJUklDSEFDRV9JTkhFUklURURfQUNFICkKPiDC oAo+IMKgLyogVmFsaWQgUklDSEFDRV8qIGZsYWdzIGZvciBkaXJlY3RvcmllcyBhbmQgbm9uLWRp cmVjdG9yaWVzICovCj4gwqAjZGVmaW5lIFJJQ0hBQ0VfVkFMSURfTUFTSyAoCQkJCQkKPiBcCgpC YXJmLiBBSSBzZWVtcyBsaWtlIGEgdHJhaW53cmVjayB3YWl0aW5nIHRvIGhhcHBlbi4gV2hhdCBh cmUgdGhlCmNoYW5jZXMgdGhhdCB1c2VybGFuZCBpcyBnb2luZyB0byBnZXQgdGhpcyByaWdodD8K ClN0aWxsLCBJIGRvIGFwcGxhdWQgdGhlIGZhY3QgdGhhdCB5b3UncmUganVzdCBkb2luZyB0aGUg YmFyZSBtaW5pbXVtIGluCmtlcm5lbCB0byBzdXBwb3J0IHVzZXJsYW5kIGFwcHMgdGhhdCB3YW50 IHRoaXMuIFRoYW5rcyBmb3Igbm90IHRyeWluZwp0byBwdXNoIHRoZSBwcm9wYWdhdGlvbiBvZiB0 aGUgY2hhbmdlZCBBQ0VzIGludG8gdGhlIGtlcm5lbC4KClJldmlld2VkLWJ5OiBKZWZmIExheXRv biA8amxheXRvbkByZWRoYXQuY29tPgoKX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX18KeGZzIG1haWxpbmcgbGlzdAp4ZnNAb3NzLnNnaS5jb20KaHR0cDovL29z cy5zZ2kuY29tL21haWxtYW4vbGlzdGluZm8veGZzCg==