From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.2 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_SANE_1 autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1AE7EC2D0A3 for ; Wed, 4 Nov 2020 16:09:03 +0000 (UTC) Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.kernel.org (Postfix) with SMTP id 9AA8C2080D for ; Wed, 4 Nov 2020 16:09:01 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.i=@armh.onmicrosoft.com header.b="0zC723ce"; dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.i=@armh.onmicrosoft.com header.b="0zC723ce" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 9AA8C2080D Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=arm.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kernel-hardening-return-20360-kernel-hardening=archiver.kernel.org@lists.openwall.com Received: (qmail 11990 invoked by uid 550); 4 Nov 2020 16:08:52 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Received: (qmail 11958 invoked from network); 4 Nov 2020 16:08:52 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=vJg9LWxDkBqnTvXChI+dbRR+BoThaIHNKZbwLF8Ms3s=; b=0zC723cewfcZxK/Ds/FXDZpof6cO/Hh8yNma4NeWPzeu5kIz7j6obZLSEwkAetJgt9W9zE2HNV06JHbpo3pA8iok5tji9vcXoBHAgtrbUBQNYEyrPhW5Me4oSn7uhho9LNP/oWes1i6Sxc7G6o+jrhuJGpKjeptTjtc8cGXBe+o= X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; lists.openwall.com; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;lists.openwall.com; dmarc=pass action=none header.from=arm.com; Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com; X-CheckRecipientChecked: true X-CR-MTA-CID: 39b346bc75defc7a X-CR-MTA-TID: 64aa7808 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=V0zsXIb4N7EK8iQDeOIDuoGZkEpTJVGmTJKb+4LjlSICxQc6GqAtPkm3lG7s09uNmnih1QecLUYHbis0RkZG1SANz0tWj4yreSSYYgDgCzSUAI7UkXMKGrvxpipQhZFiYDeZxvhrcczmi856MQmpVUOLCInqRXYXyalsrvoE3F17e2q6gf/UYD4t+bGQPfNeLja0WTHqFvcY/3p27O1KCEzzrUHAMh26gu8d8ZJniQIOkDuldk5aK5zDcZ85jdjx5jqk/nfQWKzXAJE5/EATZr7Pa7EYS8Dc/h03TsBPQW3+CRMLWL5wtNgEXkss/ms4KzQRbSfeH5P67Hus5Hb8gA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=vJg9LWxDkBqnTvXChI+dbRR+BoThaIHNKZbwLF8Ms3s=; b=frLO5qBnBud3Um6RPY/JFE+loA/Jbe1r+JVDnqKefVRQ+okz6NzOYl5y4Z3OXRnTWvXeCKbqjViwKKemvXDr1FRp60X+C6es6fp7Hr4z2Mx6YlPY8ODg4envsH+tl7ibxKaeKuL9b6+QZb3PKOi9GP+3sgSy6IsIaGmNeZ7dg4UgnoC+jMA3UFNkDjVT0cU6hFzWUFPn2i1EcxZ+tbXwIMmPn7ecv4upJ+dYNjkORy+YYMezh64QZ5GEGeHwGWhdmlAwMs+NcqDrrxSdk+MKhr+ieCQkkMtFd4hAwL8FKGxfZlYLvmi4r/gS0ema/jdyMPEh6U7nW1Aa8SRSRiC4+Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=vJg9LWxDkBqnTvXChI+dbRR+BoThaIHNKZbwLF8Ms3s=; b=0zC723cewfcZxK/Ds/FXDZpof6cO/Hh8yNma4NeWPzeu5kIz7j6obZLSEwkAetJgt9W9zE2HNV06JHbpo3pA8iok5tji9vcXoBHAgtrbUBQNYEyrPhW5Me4oSn7uhho9LNP/oWes1i6Sxc7G6o+jrhuJGpKjeptTjtc8cGXBe+o= Authentication-Results-Original: gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=none action=none header.from=arm.com; Date: Wed, 4 Nov 2020 16:08:10 +0000 From: Szabolcs Nagy To: Topi Miettinen Cc: Catalin Marinas , Florian Weimer , Will Deacon , Mark Brown , libc-alpha@sourceware.org, Jeremy Linton , Mark Rutland , Kees Cook , Salvatore Mesoraca , Lennart Poettering , linux-kernel@vger.kernel.org, linux-arm-kernel@lists.infradead.org, kernel-hardening@lists.openwall.com, linux-hardening@vger.kernel.org Subject: Re: [PATCH 0/4] aarch64: avoid mprotect(PROT_BTI|PROT_EXEC) [BZ #26831] Message-ID: <20201104160810.GD24704@arm.com> References: <20201103173438.GD5545@sirena.org.uk> <20201104092012.GA6439@willie-the-truck> <87h7q54ghy.fsf@oldenburg2.str.redhat.com> <20201104143500.GC28902@gaia> Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: User-Agent: Mutt/1.9.4 (2018-02-28) X-Originating-IP: [217.140.106.54] X-ClientProxiedBy: LO2P265CA0140.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:9f::32) To PR3PR08MB5564.eurprd08.prod.outlook.com (2603:10a6:102:87::18) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 9bcea7a2-3a91-4351-5847-08d880dbe421 X-MS-TrafficTypeDiagnostic: PA4PR08MB6110:|VE1PR08MB5790: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: x-checkrecipientrouted: true NoDisclaimer: true X-MS-Oob-TLC-OOBClassifiers: OLM:9508;OLM:9508; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Untrusted: BCL:0; X-Microsoft-Antispam-Message-Info-Original: eRDvAKnvuUN8LSsaY7Wed5Jy2FTi/ucBB8twfl3xFU+SIZ/AFelWpXHFQET4VOr6KqPImnDEbx4ksgPf4ZLvut7UWzIKSr2XuBjWtofOK379Va0JU/SyxwYrj6cAqlxlBzR0VGZfbhWmKvmqqIYjHzYW7/9Xzpphn7rbrqilh6asnOncAUNiJJ00+BFgI0grGRqX/S+EAG4E2YnCA9DB19DHnFb9umAQ3T0Zl/yv98lYhVlTY8zp6pAe2/IrSxnBfqI0USfrx7Ab2TY84KYwTrbhuBrK0wCOdiVhQndJID2kHu+tggtc1YOjt7z0A+j6LF3HSy91BtBxLLmiH2hWiOMYx5bpVHO3MGcHLQirZsHbwQXQiutdtiK0HL65qz0hjRvx/E8VSZEXDYXc/cKH36t3WaFo8RDRiDcUFr6DKUT1OvVy4mhodjf6a0n8NYT0NHhMsknKcdMYVfoPlUZs1g== X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PR3PR08MB5564.eurprd08.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(39860400002)(136003)(366004)(396003)(346002)(376002)(54906003)(956004)(2616005)(86362001)(5660300002)(8886007)(2906002)(8936002)(186003)(26005)(16526019)(1076003)(36756003)(7416002)(8676002)(44832011)(83380400001)(4326008)(316002)(52116002)(33656002)(66946007)(66556008)(66476007)(55016002)(6916009)(7696005)(478600001)(83133001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: scDUYs+Yv4uhYCKZH9t9N+P0Zngv37kPjysPacw5USUCg8sdv4MY5wce17g4H/965mY06CiOg6yfjhphz2w48k2b40y8e/NRLjuYRm5a9JQ4naV52kt/d5UuB9vJUocLBkbb0X6I2CTcxhwFrxLHbVBeyzPg1gsEFGqNvTJzvat5Ic0Wz/nYv1yE7YziY28j0YIVvPBlm/XtqE0ZNqbe+V1z7q8UeMEKIgl4LI2eTz+dbbqLG0ARHGzDKqEpoa5zFnhkPXa3/fPRBZYb3Bvhubhi9hWUxTIHOMHiRVGpBCJI2dX+fTA2TABqJB38GxVuhTezGFpwuZu6Xfa8LGvbOFIs8LXu9jLQztBP2UrTGnHHOIu6EcPICL5ts7Cbvk116jnxFnQtO0ejalv/uD/ZjrSSMwSYAVKoI6GCqByG3PwRFo9AmaoWGHXowPTM2jYtSTYJzQobyGSXjLVDHqwbCRMuA4WPUgLFyTlP1vaRyo97Irdm4dRzbfiS6th1gm+LfqKb6dS/oqEsWY5ErqasKeq61Ks6h/9fZ8QeUE2laxo74qQSpdGS7tpfBA/Qk4gBBEV8KK0Twh2Wb2RXINhxbr2JoqAbgdgc7rwoZJQBkJUYjslbg+spPA81TdaugJRNCrO2cCp9fuBBibSc/CvqXQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: PA4PR08MB6110 Original-Authentication-Results: gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=none action=none header.from=arm.com; X-EOPAttributedMessage: 0 X-MS-Exchange-Transport-CrossTenantHeadersStripped: VE1EUR03FT020.eop-EUR03.prod.protection.outlook.com X-MS-Office365-Filtering-Correlation-Id-Prvs: 91106ac1-7a74-4046-cf5d-08d880dbd47d X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 5jL0lYigYUFbdfnpHMAupsKTVbn/LB9QkPTXSxTUeL4zo1bKmZhKVCkSqUoGz6B6vy5u3lb0cQ7d/3MNkpxkqj0LWeMjNtL04Uf9COmZxd8anOZqd1IozsKI8KrZtpI46TAhOcnGAyiS1dTLgR97dDSgYUvyawGcNu80XnWXUGxNdL97Mf4W8Yx1UMnsqdaODnLjyIK3J5MT+z/QYvS2bShIOx9Kas5M/+M9WFyHmBmVIfx8m2vqo/+VIdXI7B2vwoFCkBoby8mgqdgfgcCLpejNstqxRDjkmOUlmkY2+BVkaZknjnMueYTS0DfMMKAY4y/rZYO8/tC72hpdPIQ9o1bmvfWNa5Xojzm3TkRiWKNjoW91fuyNCnftxWw3RkIFVCQTgd3xdZiB9ujYMhYCcK1k8lds2jmqacymRP3/9K/MMv3KuBZbb9+vtTStTJr/UmMl3QM2zMD32w+QVpQKCt2kiMV+sFba3PDT4xHgc1uPikSYQ2FaA61PkjmdcR1i X-Forefront-Antispam-Report: CIP:63.35.35.123;CTRY:IE;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:64aa7808-outbound-1.mta.getcheckrecipient.com;PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com;CAT:NONE;SFS:(4636009)(396003)(376002)(346002)(136003)(39860400002)(46966005)(36756003)(36906005)(478600001)(316002)(16526019)(44832011)(4326008)(26005)(186003)(956004)(54906003)(82310400003)(8886007)(8676002)(8936002)(33656002)(107886003)(2616005)(1076003)(81166007)(356005)(70206006)(70586007)(336012)(47076004)(55016002)(83380400001)(6862004)(5660300002)(82740400003)(2906002)(86362001)(7696005)(83133001);DIR:OUT;SFP:1101; X-OriginatorOrg: arm.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 04 Nov 2020 16:08:38.5439 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 9bcea7a2-3a91-4351-5847-08d880dbe421 X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d;Ip=[63.35.35.123];Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com] X-MS-Exchange-CrossTenant-AuthSource: VE1EUR03FT020.eop-EUR03.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: VE1PR08MB5790 The 11/04/2020 17:19, Topi Miettinen wrote: > On 4.11.2020 16.35, Catalin Marinas wrote: > > On Wed, Nov 04, 2020 at 11:55:57AM +0200, Topi Miettinen wrote: > > > On 4.11.2020 11.29, Florian Weimer wrote: > > > > * Will Deacon: > > > > > Is there real value in this seccomp filter if it only looks at mprotect(), > > > > > or was it just implemented because it's easy to do and sounds like a good > > > > > idea? > > > > > > > > It seems bogus to me. Everyone will just create alias mappings instead, > > > > just like they did for the similar SELinux feature. See “Example code > > > > to avoid execmem violations” in: > > > > > > > > > > [...] > > > > As you can see, this reference implementation creates a PROT_WRITE > > > > mapping aliased to a PROT_EXEC mapping, so it actually reduces security > > > > compared to something that generates the code in an anonymous mapping > > > > and calls mprotect to make it executable. > > [...] > > > If a service legitimately needs executable and writable mappings (due to > > > JIT, trampolines etc), it's easy to disable the filter whenever really > > > needed with "MemoryDenyWriteExecute=no" (which is the default) in case of > > > systemd or a TE rule like "allow type_t self:process { execmem };" for > > > SELinux. But this shouldn't be the default case, since there are many > > > services which don't need W&X. > > > > I think Drepper's point is that separate X and W mappings, with enough > > randomisation, would be more secure than allowing W&X at the same > > address (but, of course, less secure than not having W at all, though > > that's not always possible). > > > > > I'd also question what is the value of BTI if it can be easily circumvented > > > by removing PROT_BTI with mprotect()? > > > > Well, BTI is a protection against JOP attacks. The assumption here is > > that an attacker cannot invoke mprotect() to disable PROT_BTI. If it > > can, it's probably not worth bothering with a subsequent JOP attack, it > > can already call functions directly. > > I suppose that the target for the attacker is to eventually perform system > calls rather than looping forever in JOP/ROP gadgets. > > > I see MDWX not as a way of detecting attacks but rather plugging > > inadvertent security holes in certain programs. On arm64, such hardening > > currently gets in the way of another hardening feature, BTI. > > I don't think it has to get in the way at all. Why wouldn't something simple > like this work: PROT_BTI is only valid on binaries that are BTI compatible. to detect that, the load segments must be already mapped. AT_BTI does not solve this: we want to be able to load legacy elf modules. (a BTI enforcement setting may be useful where incompatible modules are rejected, but that cannot be the default for backward compatibility reasons.) > > diff --git a/elf/dl-load.c b/elf/dl-load.c > index 646c5dca40..12a74d15e8 100644 > --- a/elf/dl-load.c > +++ b/elf/dl-load.c > @@ -1170,8 +1170,13 @@ _dl_map_object_from_fd (const char *name, const char > *origname, int fd, > c->prot |= PROT_READ; > if (ph->p_flags & PF_W) > c->prot |= PROT_WRITE; > - if (ph->p_flags & PF_X) > + if (ph->p_flags & PF_X) { > c->prot |= PROT_EXEC; > +#ifdef PROT_BTI > + if (GLRO(dl_bti) & 1) > + c->prot |= PROT_BTI; > +#endif > + } > #endif > break; > > diff --git a/elf/dl-support.c b/elf/dl-support.c > index 7704c101c5..22c7cc7b81 100644 > --- a/elf/dl-support.c > +++ b/elf/dl-support.c > @@ -222,7 +222,7 @@ __rtld_lock_define_initialized_recursive (, > _dl_load_write_lock) > > > #ifdef HAVE_AUX_VECTOR > -int _dl_clktck; > +int _dl_clktck, _dl_bti; > > void > _dl_aux_init (ElfW(auxv_t) *av) > @@ -294,6 +294,11 @@ _dl_aux_init (ElfW(auxv_t) *av) > case AT_RANDOM: > _dl_random = (void *) av->a_un.a_val; > break; > +#ifdef PROT_BTI > + case AT_BTI: > + _dl_bti = (void *) av->a_un.a_val; > + break; > +#endif > DL_PLATFORM_AUXV > } > if (seen == 0xf) > > Kernel sets the aux vector to indicate that BTI should be enabled for all > segments and main exe is already protected. > > -Topi From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.2 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS, UNPARSEABLE_RELAY,URIBL_BLOCKED,USER_AGENT_SANE_1 autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2C769C2D0A3 for ; Wed, 4 Nov 2020 16:10:17 +0000 (UTC) Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 9342620786 for ; Wed, 4 Nov 2020 16:10:16 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="niJm+s59"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=armh.onmicrosoft.com header.i=@armh.onmicrosoft.com header.b="0zC723ce"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=armh.onmicrosoft.com header.i=@armh.onmicrosoft.com header.b="0zC723ce" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 9342620786 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=arm.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:In-Reply-To:References:Message-ID: Subject:To:From:Date:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=u4bDBl2GiEQJJ9J6H2n6shEV29+nWd9A5VKD21yMDU0=; b=niJm+s599Wg1XTPdALYgXHMwd nnmZM8pO5qJEPhlkav/l3XVrw7AWjhsPJ239Har7AY4HNbDWcSnSZRWRNPtvTUn3wiAScJ8rSb0+F aBeTYh8Kwg+V2TmscxZWaSJoFIpJ0tURL9aKCXsJQn9Vsc3rH7teavt9FjadJtcFaFE0Lw7qmRZ7G 1BR0NEN/3Xyl9NDZyhEABJHhioZ0oo+vgbMlL/Y7cLUn7g1mjkbFe853I0dIF+6WkVrFzFAUWdTER U8RpS8M+e+1FNY6Nk7KE+KGBqrKeNj/H/NL+fohx1SPZMOynsAa/Iw2/ggnDM/AvVQ+Qy+rLG5WXJ 8j0fxCdCw==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1kaLL9-0001H4-2M; Wed, 04 Nov 2020 16:08:51 +0000 Received: from mail-eopbgr140041.outbound.protection.outlook.com ([40.107.14.41] helo=EUR01-VE1-obe.outbound.protection.outlook.com) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1kaLL5-0001GP-Vu for linux-arm-kernel@lists.infradead.org; Wed, 04 Nov 2020 16:08:49 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=vJg9LWxDkBqnTvXChI+dbRR+BoThaIHNKZbwLF8Ms3s=; b=0zC723cewfcZxK/Ds/FXDZpof6cO/Hh8yNma4NeWPzeu5kIz7j6obZLSEwkAetJgt9W9zE2HNV06JHbpo3pA8iok5tji9vcXoBHAgtrbUBQNYEyrPhW5Me4oSn7uhho9LNP/oWes1i6Sxc7G6o+jrhuJGpKjeptTjtc8cGXBe+o= Received: from AM7PR02CA0028.eurprd02.prod.outlook.com (2603:10a6:20b:100::38) by PA4PR08MB5983.eurprd08.prod.outlook.com (2603:10a6:102:e7::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3499.18; Wed, 4 Nov 2020 16:08:38 +0000 Received: from AM5EUR03FT064.eop-EUR03.prod.protection.outlook.com (2603:10a6:20b:100:cafe::34) by AM7PR02CA0028.outlook.office365.com (2603:10a6:20b:100::38) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3499.18 via Frontend Transport; Wed, 4 Nov 2020 16:08:38 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; lists.infradead.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;lists.infradead.org; dmarc=pass action=none header.from=arm.com; Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com; Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by AM5EUR03FT064.mail.protection.outlook.com (10.152.17.53) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3520.15 via Frontend Transport; Wed, 4 Nov 2020 16:08:38 +0000 Received: ("Tessian outbound c579d876a324:v64"); Wed, 04 Nov 2020 16:08:38 +0000 X-CheckRecipientChecked: true X-CR-MTA-CID: 39b346bc75defc7a X-CR-MTA-TID: 64aa7808 Received: from c3d3e2315817.2 by 64aa7808-outbound-1.mta.getcheckrecipient.com id 3AFA5A81-4790-4BE2-85B7-956DDF15DEDF.1; Wed, 04 Nov 2020 16:08:14 +0000 Received: from EUR05-VI1-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id c3d3e2315817.2 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Wed, 04 Nov 2020 16:08:14 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=V0zsXIb4N7EK8iQDeOIDuoGZkEpTJVGmTJKb+4LjlSICxQc6GqAtPkm3lG7s09uNmnih1QecLUYHbis0RkZG1SANz0tWj4yreSSYYgDgCzSUAI7UkXMKGrvxpipQhZFiYDeZxvhrcczmi856MQmpVUOLCInqRXYXyalsrvoE3F17e2q6gf/UYD4t+bGQPfNeLja0WTHqFvcY/3p27O1KCEzzrUHAMh26gu8d8ZJniQIOkDuldk5aK5zDcZ85jdjx5jqk/nfQWKzXAJE5/EATZr7Pa7EYS8Dc/h03TsBPQW3+CRMLWL5wtNgEXkss/ms4KzQRbSfeH5P67Hus5Hb8gA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=vJg9LWxDkBqnTvXChI+dbRR+BoThaIHNKZbwLF8Ms3s=; b=frLO5qBnBud3Um6RPY/JFE+loA/Jbe1r+JVDnqKefVRQ+okz6NzOYl5y4Z3OXRnTWvXeCKbqjViwKKemvXDr1FRp60X+C6es6fp7Hr4z2Mx6YlPY8ODg4envsH+tl7ibxKaeKuL9b6+QZb3PKOi9GP+3sgSy6IsIaGmNeZ7dg4UgnoC+jMA3UFNkDjVT0cU6hFzWUFPn2i1EcxZ+tbXwIMmPn7ecv4upJ+dYNjkORy+YYMezh64QZ5GEGeHwGWhdmlAwMs+NcqDrrxSdk+MKhr+ieCQkkMtFd4hAwL8FKGxfZlYLvmi4r/gS0ema/jdyMPEh6U7nW1Aa8SRSRiC4+Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=vJg9LWxDkBqnTvXChI+dbRR+BoThaIHNKZbwLF8Ms3s=; b=0zC723cewfcZxK/Ds/FXDZpof6cO/Hh8yNma4NeWPzeu5kIz7j6obZLSEwkAetJgt9W9zE2HNV06JHbpo3pA8iok5tji9vcXoBHAgtrbUBQNYEyrPhW5Me4oSn7uhho9LNP/oWes1i6Sxc7G6o+jrhuJGpKjeptTjtc8cGXBe+o= Authentication-Results-Original: gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=none action=none header.from=arm.com; Received: from PR3PR08MB5564.eurprd08.prod.outlook.com (2603:10a6:102:87::18) by PA4PR08MB6110.eurprd08.prod.outlook.com (2603:10a6:102:e1::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3499.27; Wed, 4 Nov 2020 16:08:12 +0000 Received: from PR3PR08MB5564.eurprd08.prod.outlook.com ([fe80::2904:edcf:b299:f792]) by PR3PR08MB5564.eurprd08.prod.outlook.com ([fe80::2904:edcf:b299:f792%3]) with mapi id 15.20.3499.032; Wed, 4 Nov 2020 16:08:12 +0000 Date: Wed, 4 Nov 2020 16:08:10 +0000 From: Szabolcs Nagy To: Topi Miettinen Subject: Re: [PATCH 0/4] aarch64: avoid mprotect(PROT_BTI|PROT_EXEC) [BZ #26831] Message-ID: <20201104160810.GD24704@arm.com> References: <20201103173438.GD5545@sirena.org.uk> <20201104092012.GA6439@willie-the-truck> <87h7q54ghy.fsf@oldenburg2.str.redhat.com> <20201104143500.GC28902@gaia> Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.9.4 (2018-02-28) X-Originating-IP: [217.140.106.54] X-ClientProxiedBy: LO2P265CA0140.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:9f::32) To PR3PR08MB5564.eurprd08.prod.outlook.com (2603:10a6:102:87::18) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from arm.com (217.140.106.54) by LO2P265CA0140.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:9f::32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3499.19 via Frontend Transport; Wed, 4 Nov 2020 16:08:12 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 52be6bdf-2c7a-46ae-4642-08d880dbe40e X-MS-TrafficTypeDiagnostic: PA4PR08MB6110:|PA4PR08MB5983: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: x-checkrecipientrouted: true NoDisclaimer: true X-MS-Oob-TLC-OOBClassifiers: OLM:9508;OLM:9508; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Untrusted: BCL:0; X-Microsoft-Antispam-Message-Info-Original: eRDvAKnvuUN8LSsaY7Wed5Jy2FTi/ucBB8twfl3xFU+SIZ/AFelWpXHFQET4VOr6KqPImnDEbx4ksgPf4ZLvut7UWzIKSr2XuBjWtofOK379Va0JU/SyxwYrj6cAqlxlBzR0VGZfbhWmKvmqqIYjHzYW7/9Xzpphn7rbrqilh6asnOncAUNiJJ00+BFgI0grGRqX/S+EAG4E2YnCA9DB19DHnFb9umAQ3T0Zl/yv98lYhVlTY8zp6pAe2/IrSxnBfqI0USfrx7Ab2TY84KYwTrbhuBrK0wCOdiVhQndJID2kHu+tggtc1YOjt7z0A+j6LF3HSy91BtBxLLmiH2hWiOMYx5bpVHO3MGcHLQirZsHbwQXQiutdtiK0HL65qz0hjRvx/E8VSZEXDYXc/cKH36t3WaFo8RDRiDcUFr6DKUT1OvVy4mhodjf6a0n8NYT0NHhMsknKcdMYVfoPlUZs1g== X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PR3PR08MB5564.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(39860400002)(136003)(366004)(396003)(346002)(376002)(54906003)(956004)(2616005)(86362001)(5660300002)(8886007)(2906002)(8936002)(186003)(26005)(16526019)(1076003)(36756003)(7416002)(8676002)(44832011)(83380400001)(4326008)(316002)(52116002)(33656002)(66946007)(66556008)(66476007)(55016002)(6916009)(7696005)(478600001)(83133001); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData: scDUYs+Yv4uhYCKZH9t9N+P0Zngv37kPjysPacw5USUCg8sdv4MY5wce17g4H/965mY06CiOg6yfjhphz2w48k2b40y8e/NRLjuYRm5a9JQ4naV52kt/d5UuB9vJUocLBkbb0X6I2CTcxhwFrxLHbVBeyzPg1gsEFGqNvTJzvat5Ic0Wz/nYv1yE7YziY28j0YIVvPBlm/XtqE0ZNqbe+V1z7q8UeMEKIgl4LI2eTz+dbbqLG0ARHGzDKqEpoa5zFnhkPXa3/fPRBZYb3Bvhubhi9hWUxTIHOMHiRVGpBCJI2dX+fTA2TABqJB38GxVuhTezGFpwuZu6Xfa8LGvbOFIs8LXu9jLQztBP2UrTGnHHOIu6EcPICL5ts7Cbvk116jnxFnQtO0ejalv/uD/ZjrSSMwSYAVKoI6GCqByG3PwRFo9AmaoWGHXowPTM2jYtSTYJzQobyGSXjLVDHqwbCRMuA4WPUgLFyTlP1vaRyo97Irdm4dRzbfiS6th1gm+LfqKb6dS/oqEsWY5ErqasKeq61Ks6h/9fZ8QeUE2laxo74qQSpdGS7tpfBA/Qk4gBBEV8KK0Twh2Wb2RXINhxbr2JoqAbgdgc7rwoZJQBkJUYjslbg+spPA81TdaugJRNCrO2cCp9fuBBibSc/CvqXQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: PA4PR08MB6110 Original-Authentication-Results: gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=none action=none header.from=arm.com; X-EOPAttributedMessage: 0 X-MS-Exchange-Transport-CrossTenantHeadersStripped: AM5EUR03FT064.eop-EUR03.prod.protection.outlook.com X-MS-Office365-Filtering-Correlation-Id-Prvs: 91106ac1-7a74-4046-cf5d-08d880dbd47d X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 1B645eurIhYZG2Gu4kzaatPsKQW9a+H3IJzyWpvPDzIqswXdu7YTFa/Gl9yYr3F7oAQS5WOCNj2/yvpQDFEUOAYnqIddqKlLjRNzJKfsQCT7+q9j6cDreVG9UI/mFCH3uy6vm5pXLSbMBwQloS7jbmhB2KPKymcOueo3BfJZ63s25Qgt4n8lFrYBzOsc0nRfqE4MEZqBc5reowhKCPw1noJpdLYpHkuGPIq3zmaaNxPF1QwsFM3h+62w/G04AASjq2PbyWmOi62r58BIRaQ1F02ST03Hu3GZrsRB5f9q7q/OiORZ7GKmddPiOljJo7viTAhUsLMYVZ1wV6yLRTbC80pg7YVdkH/8t3d36wN8iXT4OTpoC4neOnNUsJg+P1W8Kx21bVXDeMI+iKro0HZAUUxTRYOoR0/tPKmdB+M0U+Xjwv82j1SfITjBOJWmrlOSCPxTKZQbTcbyN9XWujuuBDGoRg/HrD3foSW5IuNjJbP0eo/fxRAiNy52fFZ1oICA X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFS:(4636009)(396003)(376002)(346002)(136003)(39860400002)(46966005)(336012)(7696005)(1076003)(6862004)(86362001)(26005)(36756003)(186003)(70586007)(5660300002)(8936002)(478600001)(107886003)(2616005)(70206006)(956004)(4326008)(16526019)(55016002)(8886007)(8676002)(44832011)(54906003)(36906005)(316002)(2906002)(356005)(81166007)(83380400001)(47076004)(33656002)(82310400003)(82740400003)(83133001); DIR:OUT; SFP:1101; X-OriginatorOrg: arm.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 04 Nov 2020 16:08:38.4689 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 52be6bdf-2c7a-46ae-4642-08d880dbe40e X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com] X-MS-Exchange-CrossTenant-AuthSource: AM5EUR03FT064.eop-EUR03.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PA4PR08MB5983 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20201104_110848_222621_CAFC2082 X-CRM114-Status: GOOD ( 40.68 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Florian Weimer , Mark Rutland , libc-alpha@sourceware.org, Kees Cook , kernel-hardening@lists.openwall.com, Salvatore Mesoraca , Catalin Marinas , linux-kernel@vger.kernel.org, Jeremy Linton , Mark Brown , Lennart Poettering , linux-hardening@vger.kernel.org, Will Deacon , linux-arm-kernel@lists.infradead.org Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org VGhlIDExLzA0LzIwMjAgMTc6MTksIFRvcGkgTWlldHRpbmVuIHdyb3RlOgo+IE9uIDQuMTEuMjAy MCAxNi4zNSwgQ2F0YWxpbiBNYXJpbmFzIHdyb3RlOgo+ID4gT24gV2VkLCBOb3YgMDQsIDIwMjAg YXQgMTE6NTU6NTdBTSArMDIwMCwgVG9waSBNaWV0dGluZW4gd3JvdGU6Cj4gPiA+IE9uIDQuMTEu MjAyMCAxMS4yOSwgRmxvcmlhbiBXZWltZXIgd3JvdGU6Cj4gPiA+ID4gKiBXaWxsIERlYWNvbjoK PiA+ID4gPiA+IElzIHRoZXJlIHJlYWwgdmFsdWUgaW4gdGhpcyBzZWNjb21wIGZpbHRlciBpZiBp dCBvbmx5IGxvb2tzIGF0IG1wcm90ZWN0KCksCj4gPiA+ID4gPiBvciB3YXMgaXQganVzdCBpbXBs ZW1lbnRlZCBiZWNhdXNlIGl0J3MgZWFzeSB0byBkbyBhbmQgc291bmRzIGxpa2UgYSBnb29kCj4g PiA+ID4gPiBpZGVhPwo+ID4gPiA+IAo+ID4gPiA+IEl0IHNlZW1zIGJvZ3VzIHRvIG1lLiAgRXZl cnlvbmUgd2lsbCBqdXN0IGNyZWF0ZSBhbGlhcyBtYXBwaW5ncyBpbnN0ZWFkLAo+ID4gPiA+IGp1 c3QgbGlrZSB0aGV5IGRpZCBmb3IgdGhlIHNpbWlsYXIgU0VMaW51eCBmZWF0dXJlLiAgU2VlIOKA nEV4YW1wbGUgY29kZQo+ID4gPiA+IHRvIGF2b2lkIGV4ZWNtZW0gdmlvbGF0aW9uc+KAnSBpbjoK PiA+ID4gPiAKPiA+ID4gPiAgICAgPGh0dHBzOi8vd3d3LmFra2FkaWEub3JnL2RyZXBwZXIvc2Vs aW51eC1tZW0uaHRtbD4KPiA+IFsuLi5dCj4gPiA+ID4gQXMgeW91IGNhbiBzZWUsIHRoaXMgcmVm ZXJlbmNlIGltcGxlbWVudGF0aW9uIGNyZWF0ZXMgYSBQUk9UX1dSSVRFCj4gPiA+ID4gbWFwcGlu ZyBhbGlhc2VkIHRvIGEgUFJPVF9FWEVDIG1hcHBpbmcsIHNvIGl0IGFjdHVhbGx5IHJlZHVjZXMg c2VjdXJpdHkKPiA+ID4gPiBjb21wYXJlZCB0byBzb21ldGhpbmcgdGhhdCBnZW5lcmF0ZXMgdGhl IGNvZGUgaW4gYW4gYW5vbnltb3VzIG1hcHBpbmcKPiA+ID4gPiBhbmQgY2FsbHMgbXByb3RlY3Qg dG8gbWFrZSBpdCBleGVjdXRhYmxlLgo+ID4gWy4uLl0KPiA+ID4gSWYgYSBzZXJ2aWNlIGxlZ2l0 aW1hdGVseSBuZWVkcyBleGVjdXRhYmxlIGFuZCB3cml0YWJsZSBtYXBwaW5ncyAoZHVlIHRvCj4g PiA+IEpJVCwgdHJhbXBvbGluZXMgZXRjKSwgaXQncyBlYXN5IHRvIGRpc2FibGUgdGhlIGZpbHRl ciB3aGVuZXZlciByZWFsbHkKPiA+ID4gbmVlZGVkIHdpdGggIk1lbW9yeURlbnlXcml0ZUV4ZWN1 dGU9bm8iICh3aGljaCBpcyB0aGUgZGVmYXVsdCkgaW4gY2FzZSBvZgo+ID4gPiBzeXN0ZW1kIG9y IGEgVEUgcnVsZSBsaWtlICJhbGxvdyB0eXBlX3Qgc2VsZjpwcm9jZXNzIHsgZXhlY21lbSB9OyIg Zm9yCj4gPiA+IFNFTGludXguIEJ1dCB0aGlzIHNob3VsZG4ndCBiZSB0aGUgZGVmYXVsdCBjYXNl LCBzaW5jZSB0aGVyZSBhcmUgbWFueQo+ID4gPiBzZXJ2aWNlcyB3aGljaCBkb24ndCBuZWVkIFcm WC4KPiA+IAo+ID4gSSB0aGluayBEcmVwcGVyJ3MgcG9pbnQgaXMgdGhhdCBzZXBhcmF0ZSBYIGFu ZCBXIG1hcHBpbmdzLCB3aXRoIGVub3VnaAo+ID4gcmFuZG9taXNhdGlvbiwgd291bGQgYmUgbW9y ZSBzZWN1cmUgdGhhbiBhbGxvd2luZyBXJlggYXQgdGhlIHNhbWUKPiA+IGFkZHJlc3MgKGJ1dCwg b2YgY291cnNlLCBsZXNzIHNlY3VyZSB0aGFuIG5vdCBoYXZpbmcgVyBhdCBhbGwsIHRob3VnaAo+ ID4gdGhhdCdzIG5vdCBhbHdheXMgcG9zc2libGUpLgo+ID4gCj4gPiA+IEknZCBhbHNvIHF1ZXN0 aW9uIHdoYXQgaXMgdGhlIHZhbHVlIG9mIEJUSSBpZiBpdCBjYW4gYmUgZWFzaWx5IGNpcmN1bXZl bnRlZAo+ID4gPiBieSByZW1vdmluZyBQUk9UX0JUSSB3aXRoIG1wcm90ZWN0KCk/Cj4gPiAKPiA+ IFdlbGwsIEJUSSBpcyBhIHByb3RlY3Rpb24gYWdhaW5zdCBKT1AgYXR0YWNrcy4gVGhlIGFzc3Vt cHRpb24gaGVyZSBpcwo+ID4gdGhhdCBhbiBhdHRhY2tlciBjYW5ub3QgaW52b2tlIG1wcm90ZWN0 KCkgdG8gZGlzYWJsZSBQUk9UX0JUSS4gSWYgaXQKPiA+IGNhbiwgaXQncyBwcm9iYWJseSBub3Qg d29ydGggYm90aGVyaW5nIHdpdGggYSBzdWJzZXF1ZW50IEpPUCBhdHRhY2ssIGl0Cj4gPiBjYW4g YWxyZWFkeSBjYWxsIGZ1bmN0aW9ucyBkaXJlY3RseS4KPiAKPiBJIHN1cHBvc2UgdGhhdCB0aGUg dGFyZ2V0IGZvciB0aGUgYXR0YWNrZXIgaXMgdG8gZXZlbnR1YWxseSBwZXJmb3JtIHN5c3RlbQo+ IGNhbGxzIHJhdGhlciB0aGFuIGxvb3BpbmcgZm9yZXZlciBpbiBKT1AvUk9QIGdhZGdldHMuCj4g Cj4gPiBJIHNlZSBNRFdYIG5vdCBhcyBhIHdheSBvZiBkZXRlY3RpbmcgYXR0YWNrcyBidXQgcmF0 aGVyIHBsdWdnaW5nCj4gPiBpbmFkdmVydGVudCBzZWN1cml0eSBob2xlcyBpbiBjZXJ0YWluIHBy b2dyYW1zLiBPbiBhcm02NCwgc3VjaCBoYXJkZW5pbmcKPiA+IGN1cnJlbnRseSBnZXRzIGluIHRo ZSB3YXkgb2YgYW5vdGhlciBoYXJkZW5pbmcgZmVhdHVyZSwgQlRJLgo+IAo+IEkgZG9uJ3QgdGhp bmsgaXQgaGFzIHRvIGdldCBpbiB0aGUgd2F5IGF0IGFsbC4gV2h5IHdvdWxkbid0IHNvbWV0aGlu ZyBzaW1wbGUKPiBsaWtlIHRoaXMgd29yazoKClBST1RfQlRJIGlzIG9ubHkgdmFsaWQgb24gYmlu YXJpZXMgdGhhdCBhcmUgQlRJIGNvbXBhdGlibGUuCnRvIGRldGVjdCB0aGF0LCB0aGUgbG9hZCBz ZWdtZW50cyBtdXN0IGJlIGFscmVhZHkgbWFwcGVkLgoKQVRfQlRJIGRvZXMgbm90IHNvbHZlIHRo aXM6IHdlIHdhbnQgdG8gYmUgYWJsZSB0byBsb2FkIGxlZ2FjeQplbGYgbW9kdWxlcy4gKGEgQlRJ IGVuZm9yY2VtZW50IHNldHRpbmcgbWF5IGJlIHVzZWZ1bCB3aGVyZQppbmNvbXBhdGlibGUgbW9k dWxlcyBhcmUgcmVqZWN0ZWQsIGJ1dCB0aGF0IGNhbm5vdCBiZSB0aGUKZGVmYXVsdCBmb3IgYmFj a3dhcmQgY29tcGF0aWJpbGl0eSByZWFzb25zLikKCj4gCj4gZGlmZiAtLWdpdCBhL2VsZi9kbC1s b2FkLmMgYi9lbGYvZGwtbG9hZC5jCj4gaW5kZXggNjQ2YzVkY2E0MC4uMTJhNzRkMTVlOCAxMDA2 NDQKPiAtLS0gYS9lbGYvZGwtbG9hZC5jCj4gKysrIGIvZWxmL2RsLWxvYWQuYwo+IEBAIC0xMTcw LDggKzExNzAsMTMgQEAgX2RsX21hcF9vYmplY3RfZnJvbV9mZCAoY29uc3QgY2hhciAqbmFtZSwg Y29uc3QgY2hhcgo+ICpvcmlnbmFtZSwgaW50IGZkLAo+ICAgICAgICAgICAgIGMtPnByb3QgfD0g UFJPVF9SRUFEOwo+ICAgICAgICAgICBpZiAocGgtPnBfZmxhZ3MgJiBQRl9XKQo+ICAgICAgICAg ICAgIGMtPnByb3QgfD0gUFJPVF9XUklURTsKPiAtICAgICAgICAgaWYgKHBoLT5wX2ZsYWdzICYg UEZfWCkKPiArICAgICAgICAgaWYgKHBoLT5wX2ZsYWdzICYgUEZfWCkgewo+ICAgICAgICAgICAg IGMtPnByb3QgfD0gUFJPVF9FWEVDOwo+ICsjaWZkZWYgUFJPVF9CVEkKPiArICAgICAgICAgICBp ZiAoR0xSTyhkbF9idGkpICYgMSkKPiArICAgICAgICAgICAgIGMtPnByb3QgfD0gUFJPVF9CVEk7 Cj4gKyNlbmRpZgo+ICsgICAgICAgICB9Cj4gICNlbmRpZgo+ICAgICAgICAgICBicmVhazsKPiAK PiBkaWZmIC0tZ2l0IGEvZWxmL2RsLXN1cHBvcnQuYyBiL2VsZi9kbC1zdXBwb3J0LmMKPiBpbmRl eCA3NzA0YzEwMWM1Li4yMmM3Y2M3YjgxIDEwMDY0NAo+IC0tLSBhL2VsZi9kbC1zdXBwb3J0LmMK PiArKysgYi9lbGYvZGwtc3VwcG9ydC5jCj4gQEAgLTIyMiw3ICsyMjIsNyBAQCBfX3J0bGRfbG9j a19kZWZpbmVfaW5pdGlhbGl6ZWRfcmVjdXJzaXZlICgsCj4gX2RsX2xvYWRfd3JpdGVfbG9jaykK PiAKPiAKPiAgI2lmZGVmIEhBVkVfQVVYX1ZFQ1RPUgo+IC1pbnQgX2RsX2Nsa3RjazsKPiAraW50 IF9kbF9jbGt0Y2ssIF9kbF9idGk7Cj4gCj4gIHZvaWQKPiAgX2RsX2F1eF9pbml0IChFbGZXKGF1 eHZfdCkgKmF2KQo+IEBAIC0yOTQsNiArMjk0LDExIEBAIF9kbF9hdXhfaW5pdCAoRWxmVyhhdXh2 X3QpICphdikKPiAgICAgICAgY2FzZSBBVF9SQU5ET006Cj4gICAgICAgICBfZGxfcmFuZG9tID0g KHZvaWQgKikgYXYtPmFfdW4uYV92YWw7Cj4gICAgICAgICBicmVhazsKPiArI2lmZGVmIFBST1Rf QlRJCj4gKyAgICAgIGNhc2UgQVRfQlRJOgo+ICsgICAgICAgX2RsX2J0aSA9ICh2b2lkICopIGF2 LT5hX3VuLmFfdmFsOwo+ICsgICAgICAgYnJlYWs7Cj4gKyNlbmRpZgo+ICAgICAgICBETF9QTEFU Rk9STV9BVVhWCj4gICAgICAgIH0KPiAgICBpZiAoc2VlbiA9PSAweGYpCj4gCj4gS2VybmVsIHNl dHMgdGhlIGF1eCB2ZWN0b3IgdG8gaW5kaWNhdGUgdGhhdCBCVEkgc2hvdWxkIGJlIGVuYWJsZWQg Zm9yIGFsbAo+IHNlZ21lbnRzIGFuZCBtYWluIGV4ZSBpcyBhbHJlYWR5IHByb3RlY3RlZC4KPiAK PiAtVG9waQoKX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18K bGludXgtYXJtLWtlcm5lbCBtYWlsaW5nIGxpc3QKbGludXgtYXJtLWtlcm5lbEBsaXN0cy5pbmZy YWRlYWQub3JnCmh0dHA6Ly9saXN0cy5pbmZyYWRlYWQub3JnL21haWxtYW4vbGlzdGluZm8vbGlu dXgtYXJtLWtlcm5lbAo=