From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 60709 invoked by alias); 6 Sep 2019 14:46:56 -0000 Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Archive: List-Post: List-Help: Sender: gcc-patches-owner@gcc.gnu.org Received: (qmail 60570 invoked by uid 89); 6 Sep 2019 14:46:55 -0000 Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: No, score=-23.8 required=5.0 tests=AWL,BAYES_00,GIT_PATCH_0,GIT_PATCH_1,GIT_PATCH_2,GIT_PATCH_3,KAM_LOTSOFHASH,RCVD_IN_DNSWL_NONE,SPF_HELO_PASS,SPF_PASS autolearn=ham version=3.3.1 spammy= X-HELO: EUR03-AM5-obe.outbound.protection.outlook.com Received: from mail-eopbgr30058.outbound.protection.outlook.com (HELO EUR03-AM5-obe.outbound.protection.outlook.com) (40.107.3.58) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Fri, 06 Sep 2019 14:46:48 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ttvx1zJjHn7IdpknCzegXnT7bM6wqPc41ZNqljwIqXc=; b=8kSW3+i5TycNnbvXTk/sjeSx76tVTeWndAqLXBhKhO+qmo6BZrASWvTWlzlYEHB6inKHKuuphls6noz3yrQhIH3p2K/owdKZz3KacZTC2MNvyWh/bPiP6/Dghz+UadjEVBi/s23oSBev8ou/R3215KjhZkBIeQGTSg4UPD6xjPc= Received: from VE1PR08CA0021.eurprd08.prod.outlook.com (2603:10a6:803:104::34) by AM6PR08MB3158.eurprd08.prod.outlook.com (2603:10a6:209:44::31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2241.14; Fri, 6 Sep 2019 14:46:44 +0000 Received: from VE1EUR03FT046.eop-EUR03.prod.protection.outlook.com (2a01:111:f400:7e09::209) by VE1PR08CA0021.outlook.office365.com (2603:10a6:803:104::34) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.2241.14 via Frontend Transport; Fri, 6 Sep 2019 14:46:44 +0000 Authentication-Results: spf=temperror (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; gcc.gnu.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;gcc.gnu.org; dmarc=temperror action=none header.from=arm.com; Received-SPF: TempError (protection.outlook.com: error in processing during lookup of arm.com: DNS Timeout) Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by VE1EUR03FT046.mail.protection.outlook.com (10.152.19.226) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.2241.14 via Frontend Transport; Fri, 6 Sep 2019 14:46:42 +0000 Received: ("Tessian outbound f83cc93ed55d:v27"); Fri, 06 Sep 2019 14:46:25 +0000 X-CheckRecipientChecked: true X-CR-MTA-CID: f3faa10a2f08297d X-CR-MTA-TID: 64aa7808 Received: from 4351d8756756.1 (cr-mta-lb-1.cr-mta-net [104.47.2.57]) by 64aa7808-outbound-1.mta.getcheckrecipient.com id 90AA6DCD-F0C3-4B8A-9AB4-C97A6E8AA677.1; Fri, 06 Sep 2019 14:46:19 +0000 Received: from EUR01-DB5-obe.outbound.protection.outlook.com (mail-db5eur01lp2057.outbound.protection.outlook.com [104.47.2.57]) by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 4351d8756756.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Fri, 06 Sep 2019 14:46:19 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=b7Wm4hB8Uhck6FYesKxt3oCQrdV5JF37ipHhHhKk1ZXX97kHv+geyOj83+IF4MLcDuEff9QNgkG5GHvG4aaK+Su+YPuLv/RlHofmjetUj3/paE79t04MLi90EUvQaLFVic17RGVnmPnAl1yf8kzkWqlkMzQZFtQKRJEWjiJZ4xelGRoV5aEZEofxrA+S0tiWqWxGC80BqyvYFvZP6qb1BNLMd0+J1gO0O/5rsuUdAHGpym9UX2OaiqtJa5KrhNLzm4cJaceV8X515iI+6i0pI5sqPrpN9ByQ519L0BEmEOxfyXmDYloiGDuxnNmGCZFeoLHAXmEjQbSNVNOd1p4urw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ttvx1zJjHn7IdpknCzegXnT7bM6wqPc41ZNqljwIqXc=; b=Xp8YzDE32zz7l/X3MKJc/doJtLQtxfAjbM+AiUkW5iJoWECCSRRsoltDervfqa/AxR+0mV1b7icdT4XV9LTVtXdwwPy5fDvJ8C6NeTw4ErhYcGGT2CWUukzLs5oSPqxNwRTtDJVieisSNwmp4etMvrjFXpVUWWsKFd3ybG2bppxEWBuxiRMDOtnQjIiXmg5VYDIHz7+JCdzQAcllVtXe0JxMwjx88x3VKonJHIqhlM/CRLQD2kwCF6dzMyUZtKLmcJLx6AdBeta1+OA1Ys9VeHZm6kfyhpr1FT4poRS8MQGo/+XYWyZ8FKf7L4VRopMYLeWjHGCNSVJnhT8bDOLjqA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ttvx1zJjHn7IdpknCzegXnT7bM6wqPc41ZNqljwIqXc=; b=8kSW3+i5TycNnbvXTk/sjeSx76tVTeWndAqLXBhKhO+qmo6BZrASWvTWlzlYEHB6inKHKuuphls6noz3yrQhIH3p2K/owdKZz3KacZTC2MNvyWh/bPiP6/Dghz+UadjEVBi/s23oSBev8ou/R3215KjhZkBIeQGTSg4UPD6xjPc= Received: from VI1PR08MB5471.eurprd08.prod.outlook.com (52.133.246.83) by VI1PR08MB3488.eurprd08.prod.outlook.com (20.177.59.30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2241.14; Fri, 6 Sep 2019 14:46:18 +0000 Received: from VI1PR08MB5471.eurprd08.prod.outlook.com ([fe80::206a:65bd:e6a9:536b]) by VI1PR08MB5471.eurprd08.prod.outlook.com ([fe80::206a:65bd:e6a9:536b%2]) with mapi id 15.20.2241.018; Fri, 6 Sep 2019 14:46:18 +0000 From: Matthew Malcomson To: "gcc-patches@gcc.gnu.org" CC: "mliska@suse.cz" , "dodji@redhat.com" , nd , "kcc@google.com" , "jakub@redhat.com" , "dvyukov@google.com" Subject: [RFC][PATCH 10/X][libsanitizer] Colour the shadow stack for each stack variable Date: Fri, 06 Sep 2019 14:47:00 -0000 Message-ID: References: <156778058239.16148.17480879484406897649.scripted-patch-series@arm.com> In-Reply-To: <156778058239.16148.17480879484406897649.scripted-patch-series@arm.com> Authentication-Results-Original: spf=none (sender IP is ) smtp.mailfrom=Matthew.Malcomson@arm.com; X-Microsoft-Antispam-Untrusted: BCL:0;PCL:0;RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600166)(711020)(4605104)(1401327)(4618075)(2017052603328)(49563074)(7193020);SRVR:VI1PR08MB3488; x-checkrecipientrouted: true x-ms-oob-tlc-oobclassifiers: OLM:10000;OLM:10000; X-Forefront-Antispam-Report-Untrusted: SFV:NSPM;SFS:(10009020)(4636009)(39860400002)(396003)(346002)(376002)(136003)(366004)(54534003)(189003)(199004)(3846002)(6436002)(54906003)(53936002)(52536014)(6916009)(6116002)(5660300002)(71200400001)(8936002)(71190400001)(14454004)(14444005)(81166006)(2351001)(81156014)(256004)(446003)(8676002)(30864003)(5640700003)(52116002)(5024004)(66446008)(44832011)(25786009)(9686003)(2501003)(86362001)(186003)(305945005)(486006)(476003)(6506007)(102836004)(11346002)(26005)(7696005)(74316002)(99286004)(7736002)(386003)(33656002)(316002)(55016002)(2906002)(66556008)(99936001)(478600001)(4326008)(76176011)(66946007)(64756008)(66616009)(66476007)(66066001);DIR:OUT;SFP:1101;SCL:1;SRVR:VI1PR08MB3488;H:VI1PR08MB5471.eurprd08.prod.outlook.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;MX:1;A:1; received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts) X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info-Original: AdzWUeeHc3O10MP6TBTVCtclWfVikEkLwXPjltVZeaA6k+MJKcHYjY9UIk1p6vNy8An9xvXnX/qUHvieApD7xEDiZ0FxZz8kIjcK/S0hc/CbwEF5LUGCct4hwpFZWqzK85MV6LvTtLnw3bRejBK4nRbvr/zhpiRjMBM80gzwrA5WQRqcpERFJiUMybikTK7bQVCvdUrt/Eo3MzcJ3P6a3+XIJi99N6aNzw8ClDuL9A4vsJcCoz8ApCk5UufdMgTVHCXoIm10gVRmYNDGsGR3nIoRM7MAo2Hcbl9L0sjsnkW5FjKUKHAHMpsAtrqsUjSuJbRf10FD73PJTP17LpblxV1ZEqhnDb8MozrUDDPjtAPDqJKhF/e4iQB3/4hk4TKAdeAAZqujreT2zHUOdN5JChjt1VR5I1Wpn6xcc3obNZU= x-ms-exchange-transport-forked: True Content-Type: multipart/mixed; boundary="_002_VI1PR08MB54713A319FDEF82EC806C481E0BA0VI1PR08MB5471eurp_" MIME-Version: 1.0 Original-Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Matthew.Malcomson@arm.com; Return-Path: Matthew.Malcomson@arm.com X-MS-Exchange-Transport-CrossTenantHeadersStripped: VE1EUR03FT046.eop-EUR03.prod.protection.outlook.com X-MS-Office365-Filtering-Correlation-Id-Prvs: d5e9d095-90fe-4c8c-1350-08d732d8f982 X-IsSubscribed: yes X-SW-Source: 2019-09/txt/msg00399.txt.bz2 --_002_VI1PR08MB54713A319FDEF82EC806C481E0BA0VI1PR08MB5471eurp_ Content-Type: text/plain; charset="us-ascii" Content-ID: Content-Transfer-Encoding: quoted-printable Content-length: 14270 On entry to each function we colour the relevant shadow stack region for each stack variable the colour to match the tag added to each pointer for that variable. We currently only use the library option for this, in the future inline options will be added and configured in the same way as ASAN. This is the first patch where we use the HWASAN shadow space, so we need to add in the libhwasan initialisation code that creates this shadow memory region into the binary we produce. This instrumentation is done in `compile_file`. gcc/ChangeLog: 2019-09-06 Matthew Malcomson * asan.c (initialize_sanitizer_builtins): Define new builtins. (ATTR_NOTHROW_LIST): New macro. (hwasan_current_tag): New. (hwasan_emit_prologue): New. (hwasan_create_untagged_base): New. (hwasan_finish_file): New. * asan.h (hwasan_finish_file): New. (hwasan_current_tag): New. (hwasan_create_untagged_base): New. (hwasan_emit_prologue): New. * builtin-types.def (BT_FN_VOID_PTR_UINT8_SIZE): New. * builtins.def (DEF_SANITIZER_BUILTIN): Enable for HWASAN. * cfgexpand.c (struct stack_vars_data): (expand_stack_vars): Record offsets for hwasan. (expand_used_vars): Call function to emit prologue. * sanitizer.def (BUILT_IN_HWASAN_INIT): New. (BUILT_IN_HWASAN_TAG_MEM): New. * toplev.c (compile_file): Emit libhwasan initialisation. ############### Attachment also inlined for ease of reply ##########= ##### diff --git a/gcc/asan.h b/gcc/asan.h index 127c24aa6b0e4e6d0ba332004145ec498034c955..028afdd2e7d16245c6cbbe106b7= ccb9c5034d542 100644 --- a/gcc/asan.h +++ b/gcc/asan.h @@ -23,10 +23,14 @@ along with GCC; see the file COPYING3. If not see =20 extern void asan_function_start (void); extern void asan_finish_file (void); +extern void hwasan_finish_file (void); extern void hwasan_record_base (rtx); +extern uint8_t hwasan_current_tag (); extern void hwasan_increment_tag (); extern rtx hwasan_with_tag (rtx, poly_int64); extern void hwasan_tag_init (); +extern rtx hwasan_create_untagged_base (rtx); +extern void hwasan_emit_prologue (rtx *, rtx *, poly_int64 *, uint8_t *, s= ize_t); extern bool memory_tagging_p (void); extern rtx_insn *asan_emit_stack_protection (rtx, rtx, unsigned int, HOST_WIDE_INT *, tree *, int); diff --git a/gcc/asan.c b/gcc/asan.c index a6ff503ceec294f2c09b0bd723a3d8043e4de6a1..d361b4b562f75cb0c2e08121807= 3eacb3704f8d0 100644 --- a/gcc/asan.c +++ b/gcc/asan.c @@ -2895,6 +2895,11 @@ initialize_sanitizer_builtins (void) =3D build_function_type_list (void_type_node, uint64_type_node, ptr_type_node, NULL_TREE); =20 + tree BT_FN_VOID_PTR_UINT8_SIZE + =3D build_function_type_list (void_type_node, ptr_type_node, + unsigned_char_type_node, size_type_node, + NULL_TREE); + tree BT_FN_BOOL_VPTR_PTR_IX_INT_INT[5]; tree BT_FN_IX_CONST_VPTR_INT[5]; tree BT_FN_IX_VPTR_IX_INT[5]; @@ -2945,6 +2950,8 @@ initialize_sanitizer_builtins (void) #define BT_FN_I16_CONST_VPTR_INT BT_FN_IX_CONST_VPTR_INT[4] #define BT_FN_I16_VPTR_I16_INT BT_FN_IX_VPTR_IX_INT[4] #define BT_FN_VOID_VPTR_I16_INT BT_FN_VOID_VPTR_IX_INT[4] +#undef ATTR_NOTHROW_LIST +#define ATTR_NOTHROW_LIST ECF_NOTHROW #undef ATTR_NOTHROW_LEAF_LIST #define ATTR_NOTHROW_LEAF_LIST ECF_NOTHROW | ECF_LEAF #undef ATTR_TMPURE_NOTHROW_LEAF_LIST @@ -3707,6 +3714,8 @@ hwasan_record_base (rtx base) hwasan_base_ptr =3D base; } =20 +uint8_t hwasan_current_tag () { return tag_offset; } + void hwasan_increment_tag () { @@ -3760,4 +3769,104 @@ hwasan_tag_init () tag_offset =3D HWASAN_STACK_BACKGROUND + 1; } =20 +void +hwasan_emit_prologue (rtx *bases, + rtx *untagged_bases, + poly_int64 *offsets, + uint8_t *tags, + size_t length) +{ + /* + NOTE: bases contains both the tagged and untagged base. + This allows us to get both the original frame tag and the untagged var= iable + pointer with a minimal of extra instructions. + + We fetch the untagged variable pointer from the offset to the untagged= base + and fetch the "base" tag from the tagged base. + + We need the untagged base pointer since libhwasan only accepts untagged + pointers in __hwasan_tag_memory. We need the tagged base pointer to o= btain + the base tag for an offset. + + We also will need the tagged base pointer for MTE, since the ADDTAG + instruction takes a tagged pointer. + */ + for (size_t i =3D 0; (i * 2) + 1 < length; i++) + { + poly_int64 start =3D offsets[i * 2]; + poly_int64 end =3D offsets[(i * 2) + 1]; + + poly_int64 bot, top; + if (known_ge (start, end)) + { + top =3D start; + bot =3D end; + } + else + { + top =3D end; + bot =3D start; + } + poly_int64 size =3D (top - bot); + + /* Can't check that all poly_int64's are aligned, but still nice + to check when we can. */ + HOST_WIDE_INT tmp; + if (top.is_constant (&tmp)) + gcc_assert (tmp % HWASAN_TAG_GRANULE_SIZE =3D=3D 0); + if (bot.is_constant (&tmp)) + gcc_assert (tmp % HWASAN_TAG_GRANULE_SIZE =3D=3D 0); + if (size.is_constant (&tmp)) + gcc_assert (tmp % HWASAN_TAG_GRANULE_SIZE =3D=3D 0); + + /* TODO Other options (i.e. inline options) */ + /* TODO At the moment we don't generate a random base tag for each + frame. When that happens we will need to generate the tag by + adding tags[i] to the frame tag fetched from `bases[i]`. */ + rtx ret =3D init_one_libfunc ("__hwasan_tag_memory"); + emit_library_call (ret, + LCT_NORMAL, + VOIDmode, + plus_constant (ptr_mode, untagged_bases[i], bot), + ptr_mode, + const_int_rtx[MAX_SAVED_CONST_INT + tags[i]], + QImode, + gen_int_mode (size, ptr_mode), + ptr_mode); + } +} + +rtx +hwasan_create_untagged_base (rtx orig_base) +{ + rtx untagged_base =3D gen_reg_rtx (Pmode); + rtx tag_mask =3D gen_int_mode ((1ULL << HWASAN_SHIFT) - 1, Pmode); + untagged_base =3D expand_binop (Pmode, and_optab, + orig_base, tag_mask, + untagged_base, true, OPTAB_DIRECT); + gcc_assert (untagged_base); + return untagged_base; +} + +/* Needs to be GTY(()), because cgraph_build_static_cdtor may + invoke ggc_collect. */ +static GTY(()) tree hwasan_ctor_statements; + +void +hwasan_finish_file (void) +{ + /* Avoid instrumenting code in the hwasan constructors/destructors. */ + flag_sanitize &=3D ~SANITIZE_HWADDRESS; + /* TODO Only do this if in userspace. + For kernel space will have to look more closely into this. + May want to look at `asan_finish_file` for what ASAN does in this + situation. */ + + int priority =3D MAX_RESERVED_INIT_PRIORITY - 1; + tree fn =3D builtin_decl_implicit (BUILT_IN_HWASAN_INIT); + append_to_statement_list (build_call_expr (fn, 0), &hwasan_ctor_statemen= ts); + cgraph_build_static_cdtor ('I', hwasan_ctor_statements, priority); + flag_sanitize |=3D SANITIZE_HWADDRESS; +} + #include "gt-asan.h" diff --git a/gcc/builtin-types.def b/gcc/builtin-types.def index e5c9e063c480d1392b6c2b395ec9d029b6d94209..d05f597b6434f39fe95d4f28dd2= ef3ed463dd925 100644 --- a/gcc/builtin-types.def +++ b/gcc/builtin-types.def @@ -625,6 +625,8 @@ DEF_FUNCTION_TYPE_3 (BT_FN_VOID_UINT32_UINT32_PTR, DEF_FUNCTION_TYPE_3 (BT_FN_VOID_SIZE_SIZE_PTR, BT_VOID, BT_SIZE, BT_SIZE, BT_PTR) DEF_FUNCTION_TYPE_3 (BT_FN_UINT_UINT_PTR_PTR, BT_UINT, BT_UINT, BT_PTR, BT= _PTR) +DEF_FUNCTION_TYPE_3 (BT_FN_VOID_PTR_UINT8_SIZE, BT_VOID, BT_PTR, BT_UINT8, + BT_SIZE) =20 DEF_FUNCTION_TYPE_4 (BT_FN_SIZE_CONST_PTR_SIZE_SIZE_FILEPTR, BT_SIZE, BT_CONST_PTR, BT_SIZE, BT_SIZE, BT_FILEPTR) diff --git a/gcc/builtins.def b/gcc/builtins.def index c92292aeab9da21cb8268e6483078a6be9e49d95..e067ebc7f7003bcdf7df4d52db1= 8c31762623285 100644 --- a/gcc/builtins.def +++ b/gcc/builtins.def @@ -237,6 +237,7 @@ along with GCC; see the file COPYING3. If not see DEF_BUILTIN (ENUM, "__builtin_" NAME, BUILT_IN_NORMAL, TYPE, TYPE, \ true, true, true, ATTRS, true, \ (flag_sanitize & (SANITIZE_ADDRESS | SANITIZE_THREAD \ + | SANITIZE_HWADDRESS \ | SANITIZE_UNDEFINED \ | SANITIZE_UNDEFINED_NONDEFAULT) \ || flag_sanitize_coverage)) diff --git a/gcc/cfgexpand.c b/gcc/cfgexpand.c index 10739bc25940374c686c191ca76b1dfe8f000562..aacf210facc462675a980ee87bd= 38d4a7d94ad09 100644 --- a/gcc/cfgexpand.c +++ b/gcc/cfgexpand.c @@ -1034,9 +1034,24 @@ struct stack_vars_data The vector is in reversed, highest offset pairs come first. */ auto_vec asan_vec; =20 + /* HWASAN records the poly_int64 since it needs to act on everything rec= orded + to the stack (as anything not properly coloured would end up causing a + falut of some sort). + + ASAN records HOST_WIDE_INT offsets (that was enough before the + introduction of SVE vectors) which */ + auto_vec hwasan_vec; + auto_vec hwasan_untagged_base_vec; + auto_vec hwasan_base_vec; + /* Vector of partition representative decls in between the paddings. */ auto_vec asan_decl_vec; =20 + /* Vector of tag offsets representing the colour of each stack variable. + Each offset determines the difference between the randomly generated + colour for the current frame and the colour for this stack variable. = */ + auto_vec hwasan_colour_vec; + /* Base pseudo register for Address Sanitizer protected automatic vars. = */ rtx asan_base; =20 @@ -1054,6 +1069,7 @@ expand_stack_vars (bool (*pred) (size_t), struct stac= k_vars_data *data) size_t si, i, j, n =3D stack_vars_num; poly_uint64 large_size =3D 0, large_alloc =3D 0; rtx large_base =3D NULL; + rtx large_untagged_base =3D NULL; unsigned large_align =3D 0; bool large_allocation_done =3D false; tree decl; @@ -1110,7 +1126,7 @@ expand_stack_vars (bool (*pred) (size_t), struct stac= k_vars_data *data) { rtx base; unsigned base_align, alignb; - poly_int64 offset; + poly_int64 offset =3D 0; =20 i =3D stack_vars_sorted[si]; =20 @@ -1156,7 +1172,9 @@ expand_stack_vars (bool (*pred) (size_t), struct stac= k_vars_data *data) ABI requirements) and these can't share a tag granule with a tagged variable. */ gcc_assert (stack_vars[i].alignb >=3D HWASAN_TAG_GRANULE_SIZE); - alloc_stack_frame_space (0, HWASAN_TAG_GRANULE_SIZE); + offset =3D alloc_stack_frame_space (0, HWASAN_TAG_GRANULE_SIZE); + data->hwasan_vec.safe_push (offset); + data->hwasan_untagged_base_vec.safe_push (virtual_stack_vars_rtx); } /* ASAN description strings don't yet have a syntax for expressing polynomial offsets. */ @@ -1237,6 +1255,9 @@ expand_stack_vars (bool (*pred) (size_t), struct stac= k_vars_data *data) offset =3D alloc_stack_frame_space (stack_vars[i].size, alignb); base_align =3D crtl->max_used_stack_slot_alignment; } + + if (memory_tagging_p ()) + data->hwasan_vec.safe_push (offset); } else { @@ -1262,6 +1283,18 @@ expand_stack_vars (bool (*pred) (size_t), struct sta= ck_vars_data *data) =20 gcc_assert (large_base !=3D NULL); large_alloc =3D aligned_upper_bound (large_alloc, alignb); + if (memory_tagging_p ()) + { + /* + For now we just assume that an object with a large alignment + requirement means that the alignment requirement is greater + than the required alignment for tags. + */ + if (!large_untagged_base) + large_untagged_base =3D hwasan_create_untagged_base (large_base); + data->hwasan_vec.safe_push (large_alloc); + data->hwasan_untagged_base_vec.safe_push (large_untagged_base); + } offset =3D large_alloc; large_alloc +=3D stack_vars[i].size; if (memory_tagging_p ()) @@ -1280,6 +1313,7 @@ expand_stack_vars (bool (*pred) (size_t), struct stac= k_vars_data *data) */ poly_int64 align_again =3D aligned_upper_bound (large_alloc, HWASAN_TAG_GRANULE_SIZE); + data->hwasan_vec.safe_push (align_again); } =20 base =3D large_base; @@ -1297,8 +1331,15 @@ expand_stack_vars (bool (*pred) (size_t), struct sta= ck_vars_data *data) ? data->asan_base : virtual_stack_vars_rtx); } + if (memory_tagging_p ()) - hwasan_increment_tag (); + { + /* Record the tag for this object in `data` so the prologue knows + what colour to put in the shadow memory during cfgexpand.c. */ + data->hwasan_base_vec.safe_push (base); + data->hwasan_colour_vec.safe_push (hwasan_current_tag ()); + hwasan_increment_tag (); + } } =20 gcc_assert (known_eq (large_alloc, large_size)); @@ -2358,6 +2399,13 @@ expand_used_vars (void) } =20 expand_stack_vars (NULL, &data); + + if (memory_tagging_p ()) + hwasan_emit_prologue (data.hwasan_base_vec.address (), + data.hwasan_untagged_base_vec.address (), + data.hwasan_vec.address (), + data.hwasan_colour_vec.address (), + data.hwasan_vec.length ()); } =20 if (asan_sanitize_allocas_p () && cfun->calls_alloca) diff --git a/gcc/sanitizer.def b/gcc/sanitizer.def index 374d15007d868363d9b4fbf467e1e462abbca61a..7bd50715f24a2cb154b578e2abd= ea4e8fcdb2107 100644 --- a/gcc/sanitizer.def +++ b/gcc/sanitizer.def @@ -180,6 +180,12 @@ DEF_SANITIZER_BUILTIN(BUILT_IN_ASAN_POINTER_COMPARE, "= __sanitizer_ptr_cmp", DEF_SANITIZER_BUILTIN(BUILT_IN_ASAN_POINTER_SUBTRACT, "__sanitizer_ptr_sub= ", BT_FN_VOID_PTR_PTRMODE, ATTR_NOTHROW_LEAF_LIST) =20 +/* Hardware Address Sanitizer. */ +DEF_SANITIZER_BUILTIN(BUILT_IN_HWASAN_INIT, "__hwasan_init", + BT_FN_VOID, ATTR_NOTHROW_LEAF_LIST) +DEF_SANITIZER_BUILTIN(BUILT_IN_HWASAN_TAG_MEM, "__hwasan_tag_memory", + BT_FN_VOID_PTR_UINT8_SIZE, ATTR_NOTHROW_LIST) + /* Thread Sanitizer */ DEF_SANITIZER_BUILTIN(BUILT_IN_TSAN_INIT, "__tsan_init",=20 BT_FN_VOID, ATTR_NOTHROW_LEAF_LIST) diff --git a/gcc/toplev.c b/gcc/toplev.c index d300ac2ec894ee947156616e71796d55d9d04307..93484f87690b8d54d93abe0a67c= df51c4a9a3ee1 100644 --- a/gcc/toplev.c +++ b/gcc/toplev.c @@ -508,6 +508,9 @@ compile_file (void) if (flag_sanitize & SANITIZE_THREAD) tsan_finish_file (); =20 + if (gate_hwasan ()) + hwasan_finish_file (); + omp_finish_file (); =20 hsa_output_brig (); --_002_VI1PR08MB54713A319FDEF82EC806C481E0BA0VI1PR08MB5471eurp_ Content-Type: text/plain; name="hwasan-implementation09.patch" Content-Description: hwasan-implementation09.patch Content-Disposition: attachment; filename="hwasan-implementation09.patch"; size=12645; creation-date="Fri, 06 Sep 2019 14:46:17 GMT"; modification-date="Fri, 06 Sep 2019 14:46:17 GMT" Content-ID: Content-Transfer-Encoding: base64 Content-length: 17141 ZGlmZiAtLWdpdCBhL2djYy9hc2FuLmggYi9nY2MvYXNhbi5oCmluZGV4IDEy N2MyNGFhNmIwZTRlNmQwYmEzMzIwMDQxNDVlYzQ5ODAzNGM5NTUuLjAyOGFm ZGQyZTdkMTYyNDVjNmNiYmUxMDZiN2NjYjljNTAzNGQ1NDIgMTAwNjQ0Ci0t LSBhL2djYy9hc2FuLmgKKysrIGIvZ2NjL2FzYW4uaApAQCAtMjMsMTAgKzIz LDE0IEBAIGFsb25nIHdpdGggR0NDOyBzZWUgdGhlIGZpbGUgQ09QWUlORzMu ICBJZiBub3Qgc2VlCiAKIGV4dGVybiB2b2lkIGFzYW5fZnVuY3Rpb25fc3Rh cnQgKHZvaWQpOwogZXh0ZXJuIHZvaWQgYXNhbl9maW5pc2hfZmlsZSAodm9p ZCk7CitleHRlcm4gdm9pZCBod2FzYW5fZmluaXNoX2ZpbGUgKHZvaWQpOwog ZXh0ZXJuIHZvaWQgaHdhc2FuX3JlY29yZF9iYXNlIChydHgpOworZXh0ZXJu IHVpbnQ4X3QgaHdhc2FuX2N1cnJlbnRfdGFnICgpOwogZXh0ZXJuIHZvaWQg aHdhc2FuX2luY3JlbWVudF90YWcgKCk7CiBleHRlcm4gcnR4IGh3YXNhbl93 aXRoX3RhZyAocnR4LCBwb2x5X2ludDY0KTsKIGV4dGVybiB2b2lkIGh3YXNh bl90YWdfaW5pdCAoKTsKK2V4dGVybiBydHggaHdhc2FuX2NyZWF0ZV91bnRh Z2dlZF9iYXNlIChydHgpOworZXh0ZXJuIHZvaWQgaHdhc2FuX2VtaXRfcHJv bG9ndWUgKHJ0eCAqLCBydHggKiwgcG9seV9pbnQ2NCAqLCB1aW50OF90ICos IHNpemVfdCk7CiBleHRlcm4gYm9vbCBtZW1vcnlfdGFnZ2luZ19wICh2b2lk KTsKIGV4dGVybiBydHhfaW5zbiAqYXNhbl9lbWl0X3N0YWNrX3Byb3RlY3Rp b24gKHJ0eCwgcnR4LCB1bnNpZ25lZCBpbnQsCiAJCQkJCSAgICAgSE9TVF9X SURFX0lOVCAqLCB0cmVlICosIGludCk7CmRpZmYgLS1naXQgYS9nY2MvYXNh bi5jIGIvZ2NjL2FzYW4uYwppbmRleCBhNmZmNTAzY2VlYzI5NGYyYzA5YjBi ZDcyM2EzZDgwNDNlNGRlNmExLi5kMzYxYjRiNTYyZjc1Y2IwYzJlMDgxMjE4 MDczZWFjYjM3MDRmOGQwIDEwMDY0NAotLS0gYS9nY2MvYXNhbi5jCisrKyBi L2djYy9hc2FuLmMKQEAgLTI4OTUsNiArMjg5NSwxMSBAQCBpbml0aWFsaXpl X3Nhbml0aXplcl9idWlsdGlucyAodm9pZCkKICAgICA9IGJ1aWxkX2Z1bmN0 aW9uX3R5cGVfbGlzdCAodm9pZF90eXBlX25vZGUsIHVpbnQ2NF90eXBlX25v ZGUsCiAJCQkJcHRyX3R5cGVfbm9kZSwgTlVMTF9UUkVFKTsKIAorICB0cmVl IEJUX0ZOX1ZPSURfUFRSX1VJTlQ4X1NJWkUKKyAgICA9IGJ1aWxkX2Z1bmN0 aW9uX3R5cGVfbGlzdCAodm9pZF90eXBlX25vZGUsIHB0cl90eXBlX25vZGUs CisJCQkJdW5zaWduZWRfY2hhcl90eXBlX25vZGUsIHNpemVfdHlwZV9ub2Rl LAorCQkJCU5VTExfVFJFRSk7CisKICAgdHJlZSBCVF9GTl9CT09MX1ZQVFJf UFRSX0lYX0lOVF9JTlRbNV07CiAgIHRyZWUgQlRfRk5fSVhfQ09OU1RfVlBU Ul9JTlRbNV07CiAgIHRyZWUgQlRfRk5fSVhfVlBUUl9JWF9JTlRbNV07CkBA IC0yOTQ1LDYgKzI5NTAsOCBAQCBpbml0aWFsaXplX3Nhbml0aXplcl9idWls dGlucyAodm9pZCkKICNkZWZpbmUgQlRfRk5fSTE2X0NPTlNUX1ZQVFJfSU5U IEJUX0ZOX0lYX0NPTlNUX1ZQVFJfSU5UWzRdCiAjZGVmaW5lIEJUX0ZOX0kx Nl9WUFRSX0kxNl9JTlQgQlRfRk5fSVhfVlBUUl9JWF9JTlRbNF0KICNkZWZp bmUgQlRfRk5fVk9JRF9WUFRSX0kxNl9JTlQgQlRfRk5fVk9JRF9WUFRSX0lY X0lOVFs0XQorI3VuZGVmIEFUVFJfTk9USFJPV19MSVNUCisjZGVmaW5lIEFU VFJfTk9USFJPV19MSVNUIEVDRl9OT1RIUk9XCiAjdW5kZWYgQVRUUl9OT1RI Uk9XX0xFQUZfTElTVAogI2RlZmluZSBBVFRSX05PVEhST1dfTEVBRl9MSVNU IEVDRl9OT1RIUk9XIHwgRUNGX0xFQUYKICN1bmRlZiBBVFRSX1RNUFVSRV9O T1RIUk9XX0xFQUZfTElTVApAQCAtMzcwNyw2ICszNzE0LDggQEAgaHdhc2Fu X3JlY29yZF9iYXNlIChydHggYmFzZSkKICAgaHdhc2FuX2Jhc2VfcHRyID0g YmFzZTsKIH0KIAordWludDhfdCBod2FzYW5fY3VycmVudF90YWcgKCkgeyBy ZXR1cm4gdGFnX29mZnNldDsgfQorCiB2b2lkCiBod2FzYW5faW5jcmVtZW50 X3RhZyAoKQogewpAQCAtMzc2MCw0ICszNzY5LDEwNCBAQCBod2FzYW5fdGFn X2luaXQgKCkKICAgdGFnX29mZnNldCA9IEhXQVNBTl9TVEFDS19CQUNLR1JP VU5EICsgMTsKIH0KIAordm9pZAoraHdhc2FuX2VtaXRfcHJvbG9ndWUgKHJ0 eCAqYmFzZXMsCisJCSAgICAgIHJ0eCAqdW50YWdnZWRfYmFzZXMsCisJCSAg ICAgIHBvbHlfaW50NjQgKm9mZnNldHMsCisJCSAgICAgIHVpbnQ4X3QgKnRh Z3MsCisJCSAgICAgIHNpemVfdCBsZW5ndGgpCit7CisgIC8qCisgICAgTk9U RTogYmFzZXMgY29udGFpbnMgYm90aCB0aGUgdGFnZ2VkIGFuZCB1bnRhZ2dl ZCBiYXNlLgorICAgIFRoaXMgYWxsb3dzIHVzIHRvIGdldCBib3RoIHRoZSBv cmlnaW5hbCBmcmFtZSB0YWcgYW5kIHRoZSB1bnRhZ2dlZCB2YXJpYWJsZQor ICAgIHBvaW50ZXIgd2l0aCBhIG1pbmltYWwgb2YgZXh0cmEgaW5zdHJ1Y3Rp b25zLgorCisgICAgV2UgZmV0Y2ggdGhlIHVudGFnZ2VkIHZhcmlhYmxlIHBv aW50ZXIgZnJvbSB0aGUgb2Zmc2V0IHRvIHRoZSB1bnRhZ2dlZCBiYXNlCisg ICAgYW5kIGZldGNoIHRoZSAiYmFzZSIgdGFnIGZyb20gdGhlIHRhZ2dlZCBi YXNlLgorCisgICAgV2UgbmVlZCB0aGUgdW50YWdnZWQgYmFzZSBwb2ludGVy IHNpbmNlIGxpYmh3YXNhbiBvbmx5IGFjY2VwdHMgdW50YWdnZWQKKyAgICBw b2ludGVycyBpbiBfX2h3YXNhbl90YWdfbWVtb3J5LiAgV2UgbmVlZCB0aGUg dGFnZ2VkIGJhc2UgcG9pbnRlciB0byBvYnRhaW4KKyAgICB0aGUgYmFzZSB0 YWcgZm9yIGFuIG9mZnNldC4KKworICAgIFdlIGFsc28gd2lsbCBuZWVkIHRo ZSB0YWdnZWQgYmFzZSBwb2ludGVyIGZvciBNVEUsIHNpbmNlIHRoZSBBRERU QUcKKyAgICBpbnN0cnVjdGlvbiB0YWtlcyBhIHRhZ2dlZCBwb2ludGVyLgor ICovCisgIGZvciAoc2l6ZV90IGkgPSAwOyAoaSAqIDIpICsgMSA8IGxlbmd0 aDsgaSsrKQorICAgIHsKKyAgICAgIHBvbHlfaW50NjQgc3RhcnQgPSBvZmZz ZXRzW2kgKiAyXTsKKyAgICAgIHBvbHlfaW50NjQgZW5kID0gb2Zmc2V0c1so aSAqIDIpICsgMV07CisKKyAgICAgIHBvbHlfaW50NjQgYm90LCB0b3A7Cisg ICAgICBpZiAoa25vd25fZ2UgKHN0YXJ0LCBlbmQpKQorCXsKKwkgIHRvcCA9 IHN0YXJ0OworCSAgYm90ID0gZW5kOworCX0KKyAgICAgIGVsc2UKKwl7CisJ ICB0b3AgPSBlbmQ7CisJICBib3QgPSBzdGFydDsKKwl9CisgICAgICBwb2x5 X2ludDY0IHNpemUgPSAodG9wIC0gYm90KTsKKworICAgICAgLyogQ2FuJ3Qg Y2hlY2sgdGhhdCBhbGwgcG9seV9pbnQ2NCdzIGFyZSBhbGlnbmVkLCBidXQg c3RpbGwgbmljZQorCSB0byBjaGVjayB3aGVuIHdlIGNhbi4gICovCisgICAg ICBIT1NUX1dJREVfSU5UIHRtcDsKKyAgICAgIGlmICh0b3AuaXNfY29uc3Rh bnQgKCZ0bXApKQorCWdjY19hc3NlcnQgKHRtcCAlIEhXQVNBTl9UQUdfR1JB TlVMRV9TSVpFID09IDApOworICAgICAgaWYgKGJvdC5pc19jb25zdGFudCAo JnRtcCkpCisJZ2NjX2Fzc2VydCAodG1wICUgSFdBU0FOX1RBR19HUkFOVUxF X1NJWkUgPT0gMCk7CisgICAgICBpZiAoc2l6ZS5pc19jb25zdGFudCAoJnRt cCkpCisJZ2NjX2Fzc2VydCAodG1wICUgSFdBU0FOX1RBR19HUkFOVUxFX1NJ WkUgPT0gMCk7CisKKyAgICAgIC8qIFRPRE8gT3RoZXIgb3B0aW9ucyAoaS5l LiBpbmxpbmUgb3B0aW9ucykgICovCisgICAgICAvKiBUT0RPIEF0IHRoZSBt b21lbnQgd2UgZG9uJ3QgZ2VuZXJhdGUgYSByYW5kb20gYmFzZSB0YWcgZm9y IGVhY2gKKyAgICAgICAgIGZyYW1lLiAgV2hlbiB0aGF0IGhhcHBlbnMgd2Ug d2lsbCBuZWVkIHRvIGdlbmVyYXRlIHRoZSB0YWcgYnkKKyAgICAgICAgIGFk ZGluZyB0YWdzW2ldIHRvIHRoZSBmcmFtZSB0YWcgZmV0Y2hlZCBmcm9tIGBi YXNlc1tpXWAuICAqLworICAgICAgcnR4IHJldCA9IGluaXRfb25lX2xpYmZ1 bmMgKCJfX2h3YXNhbl90YWdfbWVtb3J5Iik7CisgICAgICBlbWl0X2xpYnJh cnlfY2FsbCAocmV0LAorCSAgTENUX05PUk1BTCwKKwkgIFZPSURtb2RlLAor CSAgcGx1c19jb25zdGFudCAocHRyX21vZGUsIHVudGFnZ2VkX2Jhc2VzW2ld LCBib3QpLAorCSAgcHRyX21vZGUsCisJICBjb25zdF9pbnRfcnR4W01BWF9T QVZFRF9DT05TVF9JTlQgKyB0YWdzW2ldXSwKKwkgIFFJbW9kZSwKKwkgIGdl bl9pbnRfbW9kZSAoc2l6ZSwgcHRyX21vZGUpLAorCSAgcHRyX21vZGUpOwor ICAgIH0KK30KKworcnR4Citod2FzYW5fY3JlYXRlX3VudGFnZ2VkX2Jhc2Ug KHJ0eCBvcmlnX2Jhc2UpCit7CisgIHJ0eCB1bnRhZ2dlZF9iYXNlID0gZ2Vu X3JlZ19ydHggKFBtb2RlKTsKKyAgcnR4IHRhZ19tYXNrID0gZ2VuX2ludF9t b2RlICgoMVVMTCA8PCBIV0FTQU5fU0hJRlQpIC0gMSwgUG1vZGUpOworICB1 bnRhZ2dlZF9iYXNlID0gZXhwYW5kX2Jpbm9wIChQbW9kZSwgYW5kX29wdGFi LAorCQkJCW9yaWdfYmFzZSwgdGFnX21hc2ssCisJCQkJdW50YWdnZWRfYmFz ZSwgdHJ1ZSwgT1BUQUJfRElSRUNUKTsKKyAgZ2NjX2Fzc2VydCAodW50YWdn ZWRfYmFzZSk7CisgIHJldHVybiB1bnRhZ2dlZF9iYXNlOworfQorCisvKiBO ZWVkcyB0byBiZSBHVFkoKCkpLCBiZWNhdXNlIGNncmFwaF9idWlsZF9zdGF0 aWNfY2R0b3IgbWF5CisgICBpbnZva2UgZ2djX2NvbGxlY3QuICAqLworc3Rh dGljIEdUWSgoKSkgdHJlZSBod2FzYW5fY3Rvcl9zdGF0ZW1lbnRzOworCit2 b2lkCitod2FzYW5fZmluaXNoX2ZpbGUgKHZvaWQpCit7CisgIC8qIEF2b2lk IGluc3RydW1lbnRpbmcgY29kZSBpbiB0aGUgaHdhc2FuIGNvbnN0cnVjdG9y cy9kZXN0cnVjdG9ycy4gICovCisgIGZsYWdfc2FuaXRpemUgJj0gflNBTklU SVpFX0hXQUREUkVTUzsKKyAgLyogVE9ETyBPbmx5IGRvIHRoaXMgaWYgaW4g dXNlcnNwYWNlLgorICAgICAgRm9yIGtlcm5lbCBzcGFjZSB3aWxsIGhhdmUg dG8gbG9vayBtb3JlIGNsb3NlbHkgaW50byB0aGlzLgorICAgICAgTWF5IHdh bnQgdG8gbG9vayBhdCBgYXNhbl9maW5pc2hfZmlsZWAgZm9yIHdoYXQgQVNB TiBkb2VzIGluIHRoaXMKKyAgICAgIHNpdHVhdGlvbi4gICovCisKKyAgaW50 IHByaW9yaXR5ID0gTUFYX1JFU0VSVkVEX0lOSVRfUFJJT1JJVFkgLSAxOwor ICB0cmVlIGZuID0gYnVpbHRpbl9kZWNsX2ltcGxpY2l0IChCVUlMVF9JTl9I V0FTQU5fSU5JVCk7CisgIGFwcGVuZF90b19zdGF0ZW1lbnRfbGlzdCAoYnVp bGRfY2FsbF9leHByIChmbiwgMCksICZod2FzYW5fY3Rvcl9zdGF0ZW1lbnRz KTsKKyAgY2dyYXBoX2J1aWxkX3N0YXRpY19jZHRvciAoJ0knLCBod2FzYW5f Y3Rvcl9zdGF0ZW1lbnRzLCBwcmlvcml0eSk7CisgIGZsYWdfc2FuaXRpemUg fD0gU0FOSVRJWkVfSFdBRERSRVNTOworfQorCiAjaW5jbHVkZSAiZ3QtYXNh bi5oIgpkaWZmIC0tZ2l0IGEvZ2NjL2J1aWx0aW4tdHlwZXMuZGVmIGIvZ2Nj L2J1aWx0aW4tdHlwZXMuZGVmCmluZGV4IGU1YzllMDYzYzQ4MGQxMzkyYjZj MmIzOTVlYzlkMDI5YjZkOTQyMDkuLmQwNWY1OTdiNjQzNGYzOWZlOTVkNGYy OGRkMmVmM2VkNDYzZGQ5MjUgMTAwNjQ0Ci0tLSBhL2djYy9idWlsdGluLXR5 cGVzLmRlZgorKysgYi9nY2MvYnVpbHRpbi10eXBlcy5kZWYKQEAgLTYyNSw2 ICs2MjUsOCBAQCBERUZfRlVOQ1RJT05fVFlQRV8zIChCVF9GTl9WT0lEX1VJ TlQzMl9VSU5UMzJfUFRSLAogREVGX0ZVTkNUSU9OX1RZUEVfMyAoQlRfRk5f Vk9JRF9TSVpFX1NJWkVfUFRSLCBCVF9WT0lELCBCVF9TSVpFLCBCVF9TSVpF LAogCQkgICAgIEJUX1BUUikKIERFRl9GVU5DVElPTl9UWVBFXzMgKEJUX0ZO X1VJTlRfVUlOVF9QVFJfUFRSLCBCVF9VSU5ULCBCVF9VSU5ULCBCVF9QVFIs IEJUX1BUUikKK0RFRl9GVU5DVElPTl9UWVBFXzMgKEJUX0ZOX1ZPSURfUFRS X1VJTlQ4X1NJWkUsIEJUX1ZPSUQsIEJUX1BUUiwgQlRfVUlOVDgsCisJCSAg ICAgQlRfU0laRSkKIAogREVGX0ZVTkNUSU9OX1RZUEVfNCAoQlRfRk5fU0la RV9DT05TVF9QVFJfU0laRV9TSVpFX0ZJTEVQVFIsCiAJCSAgICAgQlRfU0la RSwgQlRfQ09OU1RfUFRSLCBCVF9TSVpFLCBCVF9TSVpFLCBCVF9GSUxFUFRS KQpkaWZmIC0tZ2l0IGEvZ2NjL2J1aWx0aW5zLmRlZiBiL2djYy9idWlsdGlu cy5kZWYKaW5kZXggYzkyMjkyYWVhYjlkYTIxY2I4MjY4ZTY0ODMwNzhhNmJl OWU0OWQ5NS4uZTA2N2ViYzdmNzAwM2JjZGY3ZGY0ZDUyZGIxOGMzMTc2MjYy MzI4NSAxMDA2NDQKLS0tIGEvZ2NjL2J1aWx0aW5zLmRlZgorKysgYi9nY2Mv YnVpbHRpbnMuZGVmCkBAIC0yMzcsNiArMjM3LDcgQEAgYWxvbmcgd2l0aCBH Q0M7IHNlZSB0aGUgZmlsZSBDT1BZSU5HMy4gIElmIG5vdCBzZWUKICAgREVG X0JVSUxUSU4gKEVOVU0sICJfX2J1aWx0aW5fIiBOQU1FLCBCVUlMVF9JTl9O T1JNQUwsIFRZUEUsIFRZUEUsICAgIFwKIAkgICAgICAgdHJ1ZSwgdHJ1ZSwg dHJ1ZSwgQVRUUlMsIHRydWUsIFwKIAkgICAgICAoZmxhZ19zYW5pdGl6ZSAm IChTQU5JVElaRV9BRERSRVNTIHwgU0FOSVRJWkVfVEhSRUFEIFwKKwkJCQl8 IFNBTklUSVpFX0hXQUREUkVTUyBcCiAJCQkJfCBTQU5JVElaRV9VTkRFRklO RUQgXAogCQkJCXwgU0FOSVRJWkVfVU5ERUZJTkVEX05PTkRFRkFVTFQpIFwK IAkgICAgICAgfHwgZmxhZ19zYW5pdGl6ZV9jb3ZlcmFnZSkpCmRpZmYgLS1n aXQgYS9nY2MvY2ZnZXhwYW5kLmMgYi9nY2MvY2ZnZXhwYW5kLmMKaW5kZXgg MTA3MzliYzI1OTQwMzc0YzY4NmMxOTFjYTc2YjFkZmU4ZjAwMDU2Mi4uYWFj ZjIxMGZhY2M0NjI2NzVhOTgwZWU4N2JkMzhkNGE3ZDk0YWQwOSAxMDA2NDQK LS0tIGEvZ2NjL2NmZ2V4cGFuZC5jCisrKyBiL2djYy9jZmdleHBhbmQuYwpA QCAtMTAzNCw5ICsxMDM0LDI0IEBAIHN0cnVjdCBzdGFja192YXJzX2RhdGEK ICAgICAgVGhlIHZlY3RvciBpcyBpbiByZXZlcnNlZCwgaGlnaGVzdCBvZmZz ZXQgcGFpcnMgY29tZSBmaXJzdC4gICovCiAgIGF1dG9fdmVjPEhPU1RfV0lE RV9JTlQ+IGFzYW5fdmVjOwogCisgIC8qIEhXQVNBTiByZWNvcmRzIHRoZSBw b2x5X2ludDY0IHNpbmNlIGl0IG5lZWRzIHRvIGFjdCBvbiBldmVyeXRoaW5n IHJlY29yZGVkCisgICAgIHRvIHRoZSBzdGFjayAoYXMgYW55dGhpbmcgbm90 IHByb3Blcmx5IGNvbG91cmVkIHdvdWxkIGVuZCB1cCBjYXVzaW5nIGEKKyAg ICAgZmFsdXQgb2Ygc29tZSBzb3J0KS4KKworICAgICBBU0FOIHJlY29yZHMg SE9TVF9XSURFX0lOVCBvZmZzZXRzICh0aGF0IHdhcyBlbm91Z2ggYmVmb3Jl IHRoZQorICAgICBpbnRyb2R1Y3Rpb24gb2YgU1ZFIHZlY3RvcnMpIHdoaWNo ICAqLworICBhdXRvX3ZlYzxwb2x5X2ludDY0PiBod2FzYW5fdmVjOworICBh dXRvX3ZlYzxydHg+IGh3YXNhbl91bnRhZ2dlZF9iYXNlX3ZlYzsKKyAgYXV0 b192ZWM8cnR4PiBod2FzYW5fYmFzZV92ZWM7CisKICAgLyogVmVjdG9yIG9m IHBhcnRpdGlvbiByZXByZXNlbnRhdGl2ZSBkZWNscyBpbiBiZXR3ZWVuIHRo ZSBwYWRkaW5ncy4gICovCiAgIGF1dG9fdmVjPHRyZWU+IGFzYW5fZGVjbF92 ZWM7CiAKKyAgLyogVmVjdG9yIG9mIHRhZyBvZmZzZXRzIHJlcHJlc2VudGlu ZyB0aGUgY29sb3VyIG9mIGVhY2ggc3RhY2sgdmFyaWFibGUuCisgICAgIEVh Y2ggb2Zmc2V0IGRldGVybWluZXMgdGhlIGRpZmZlcmVuY2UgYmV0d2VlbiB0 aGUgcmFuZG9tbHkgZ2VuZXJhdGVkCisgICAgIGNvbG91ciBmb3IgdGhlIGN1 cnJlbnQgZnJhbWUgYW5kIHRoZSBjb2xvdXIgZm9yIHRoaXMgc3RhY2sgdmFy aWFibGUuICAqLworICBhdXRvX3ZlYzx1aW50OF90PiBod2FzYW5fY29sb3Vy X3ZlYzsKKwogICAvKiBCYXNlIHBzZXVkbyByZWdpc3RlciBmb3IgQWRkcmVz cyBTYW5pdGl6ZXIgcHJvdGVjdGVkIGF1dG9tYXRpYyB2YXJzLiAgKi8KICAg cnR4IGFzYW5fYmFzZTsKIApAQCAtMTA1NCw2ICsxMDY5LDcgQEAgZXhwYW5k X3N0YWNrX3ZhcnMgKGJvb2wgKCpwcmVkKSAoc2l6ZV90KSwgc3RydWN0IHN0 YWNrX3ZhcnNfZGF0YSAqZGF0YSkKICAgc2l6ZV90IHNpLCBpLCBqLCBuID0g c3RhY2tfdmFyc19udW07CiAgIHBvbHlfdWludDY0IGxhcmdlX3NpemUgPSAw LCBsYXJnZV9hbGxvYyA9IDA7CiAgIHJ0eCBsYXJnZV9iYXNlID0gTlVMTDsK KyAgcnR4IGxhcmdlX3VudGFnZ2VkX2Jhc2UgPSBOVUxMOwogICB1bnNpZ25l ZCBsYXJnZV9hbGlnbiA9IDA7CiAgIGJvb2wgbGFyZ2VfYWxsb2NhdGlvbl9k b25lID0gZmFsc2U7CiAgIHRyZWUgZGVjbDsKQEAgLTExMTAsNyArMTEyNiw3 IEBAIGV4cGFuZF9zdGFja192YXJzIChib29sICgqcHJlZCkgKHNpemVfdCks IHN0cnVjdCBzdGFja192YXJzX2RhdGEgKmRhdGEpCiAgICAgewogICAgICAg cnR4IGJhc2U7CiAgICAgICB1bnNpZ25lZCBiYXNlX2FsaWduLCBhbGlnbmI7 Ci0gICAgICBwb2x5X2ludDY0IG9mZnNldDsKKyAgICAgIHBvbHlfaW50NjQg b2Zmc2V0ID0gMDsKIAogICAgICAgaSA9IHN0YWNrX3ZhcnNfc29ydGVkW3Np XTsKIApAQCAtMTE1Niw3ICsxMTcyLDkgQEAgZXhwYW5kX3N0YWNrX3ZhcnMg KGJvb2wgKCpwcmVkKSAoc2l6ZV90KSwgc3RydWN0IHN0YWNrX3ZhcnNfZGF0 YSAqZGF0YSkKIAkJIEFCSSByZXF1aXJlbWVudHMpIGFuZCB0aGVzZSBjYW4n dCBzaGFyZSBhIHRhZyBncmFudWxlIHdpdGggYQogCQkgdGFnZ2VkIHZhcmlh YmxlLiAgKi8KIAkgICAgICBnY2NfYXNzZXJ0IChzdGFja192YXJzW2ldLmFs aWduYiA+PSBIV0FTQU5fVEFHX0dSQU5VTEVfU0laRSk7Ci0JICAgICAgYWxs b2Nfc3RhY2tfZnJhbWVfc3BhY2UgKDAsIEhXQVNBTl9UQUdfR1JBTlVMRV9T SVpFKTsKKwkgICAgICBvZmZzZXQgPSBhbGxvY19zdGFja19mcmFtZV9zcGFj ZSAoMCwgSFdBU0FOX1RBR19HUkFOVUxFX1NJWkUpOworCSAgICAgIGRhdGEt Pmh3YXNhbl92ZWMuc2FmZV9wdXNoIChvZmZzZXQpOworCSAgICAgIGRhdGEt Pmh3YXNhbl91bnRhZ2dlZF9iYXNlX3ZlYy5zYWZlX3B1c2ggKHZpcnR1YWxf c3RhY2tfdmFyc19ydHgpOwogCSAgICB9CiAJICAvKiBBU0FOIGRlc2NyaXB0 aW9uIHN0cmluZ3MgZG9uJ3QgeWV0IGhhdmUgYSBzeW50YXggZm9yIGV4cHJl c3NpbmcKIAkgICAgIHBvbHlub21pYWwgb2Zmc2V0cy4gICovCkBAIC0xMjM3 LDYgKzEyNTUsOSBAQCBleHBhbmRfc3RhY2tfdmFycyAoYm9vbCAoKnByZWQp IChzaXplX3QpLCBzdHJ1Y3Qgc3RhY2tfdmFyc19kYXRhICpkYXRhKQogCSAg ICAgIG9mZnNldCA9IGFsbG9jX3N0YWNrX2ZyYW1lX3NwYWNlIChzdGFja192 YXJzW2ldLnNpemUsIGFsaWduYik7CiAJICAgICAgYmFzZV9hbGlnbiA9IGNy dGwtPm1heF91c2VkX3N0YWNrX3Nsb3RfYWxpZ25tZW50OwogCSAgICB9CisK KwkgIGlmIChtZW1vcnlfdGFnZ2luZ19wICgpKQorCSAgICBkYXRhLT5od2Fz YW5fdmVjLnNhZmVfcHVzaCAob2Zmc2V0KTsKIAl9CiAgICAgICBlbHNlCiAJ ewpAQCAtMTI2Miw2ICsxMjgzLDE4IEBAIGV4cGFuZF9zdGFja192YXJzIChi b29sICgqcHJlZCkgKHNpemVfdCksIHN0cnVjdCBzdGFja192YXJzX2RhdGEg KmRhdGEpCiAKIAkgIGdjY19hc3NlcnQgKGxhcmdlX2Jhc2UgIT0gTlVMTCk7 CiAJICBsYXJnZV9hbGxvYyA9IGFsaWduZWRfdXBwZXJfYm91bmQgKGxhcmdl X2FsbG9jLCBhbGlnbmIpOworCSAgaWYgKG1lbW9yeV90YWdnaW5nX3AgKCkp CisJICAgIHsKKwkgICAgICAvKgorCQkgRm9yIG5vdyB3ZSBqdXN0IGFzc3Vt ZSB0aGF0IGFuIG9iamVjdCB3aXRoIGEgbGFyZ2UgYWxpZ25tZW50CisJCSBy ZXF1aXJlbWVudCBtZWFucyB0aGF0IHRoZSBhbGlnbm1lbnQgcmVxdWlyZW1l bnQgaXMgZ3JlYXRlcgorCQkgdGhhbiB0aGUgcmVxdWlyZWQgYWxpZ25tZW50 IGZvciB0YWdzLgorCQkqLworCSAgICAgIGlmICghbGFyZ2VfdW50YWdnZWRf YmFzZSkKKwkJbGFyZ2VfdW50YWdnZWRfYmFzZSA9IGh3YXNhbl9jcmVhdGVf dW50YWdnZWRfYmFzZSAobGFyZ2VfYmFzZSk7CisJICAgICAgZGF0YS0+aHdh c2FuX3ZlYy5zYWZlX3B1c2ggKGxhcmdlX2FsbG9jKTsKKwkgICAgICBkYXRh LT5od2FzYW5fdW50YWdnZWRfYmFzZV92ZWMuc2FmZV9wdXNoIChsYXJnZV91 bnRhZ2dlZF9iYXNlKTsKKwkgICAgfQogCSAgb2Zmc2V0ID0gbGFyZ2VfYWxs b2M7CiAJICBsYXJnZV9hbGxvYyArPSBzdGFja192YXJzW2ldLnNpemU7CiAJ ICBpZiAobWVtb3J5X3RhZ2dpbmdfcCAoKSkKQEAgLTEyODAsNiArMTMxMyw3 IEBAIGV4cGFuZF9zdGFja192YXJzIChib29sICgqcHJlZCkgKHNpemVfdCks IHN0cnVjdCBzdGFja192YXJzX2RhdGEgKmRhdGEpCiAJCSAqLwogCSAgICAg IHBvbHlfaW50NjQgYWxpZ25fYWdhaW4gPQogCQlhbGlnbmVkX3VwcGVyX2Jv dW5kIChsYXJnZV9hbGxvYywgSFdBU0FOX1RBR19HUkFOVUxFX1NJWkUpOwor CSAgICAgIGRhdGEtPmh3YXNhbl92ZWMuc2FmZV9wdXNoIChhbGlnbl9hZ2Fp bik7CiAJICAgIH0KIAogCSAgYmFzZSA9IGxhcmdlX2Jhc2U7CkBAIC0xMjk3 LDggKzEzMzEsMTUgQEAgZXhwYW5kX3N0YWNrX3ZhcnMgKGJvb2wgKCpwcmVk KSAoc2l6ZV90KSwgc3RydWN0IHN0YWNrX3ZhcnNfZGF0YSAqZGF0YSkKIAkJ CQkgICA/IGRhdGEtPmFzYW5fYmFzZQogCQkJCSAgIDogdmlydHVhbF9zdGFj a192YXJzX3J0eCk7CiAJfQorCiAgICAgICBpZiAobWVtb3J5X3RhZ2dpbmdf cCAoKSkKLQlod2FzYW5faW5jcmVtZW50X3RhZyAoKTsKKwl7CisJICAvKiBS ZWNvcmQgdGhlIHRhZyBmb3IgdGhpcyBvYmplY3QgaW4gYGRhdGFgIHNvIHRo ZSBwcm9sb2d1ZSBrbm93cworCSAgICAgd2hhdCBjb2xvdXIgdG8gcHV0IGlu IHRoZSBzaGFkb3cgbWVtb3J5IGR1cmluZyBjZmdleHBhbmQuYy4gICovCisJ ICBkYXRhLT5od2FzYW5fYmFzZV92ZWMuc2FmZV9wdXNoIChiYXNlKTsKKwkg IGRhdGEtPmh3YXNhbl9jb2xvdXJfdmVjLnNhZmVfcHVzaCAoaHdhc2FuX2N1 cnJlbnRfdGFnICgpKTsKKwkgIGh3YXNhbl9pbmNyZW1lbnRfdGFnICgpOwor CX0KICAgICB9CiAKICAgZ2NjX2Fzc2VydCAoa25vd25fZXEgKGxhcmdlX2Fs bG9jLCBsYXJnZV9zaXplKSk7CkBAIC0yMzU4LDYgKzIzOTksMTMgQEAgZXhw YW5kX3VzZWRfdmFycyAodm9pZCkKIAl9CiAKICAgICAgIGV4cGFuZF9zdGFj a192YXJzIChOVUxMLCAmZGF0YSk7CisKKyAgICAgIGlmIChtZW1vcnlfdGFn Z2luZ19wICgpKQorCWh3YXNhbl9lbWl0X3Byb2xvZ3VlIChkYXRhLmh3YXNh bl9iYXNlX3ZlYy5hZGRyZXNzICgpLAorCQkJICAgICAgZGF0YS5od2FzYW5f dW50YWdnZWRfYmFzZV92ZWMuYWRkcmVzcyAoKSwKKwkJCSAgICAgIGRhdGEu aHdhc2FuX3ZlYy5hZGRyZXNzICgpLAorCQkJICAgICAgZGF0YS5od2FzYW5f Y29sb3VyX3ZlYy5hZGRyZXNzICgpLAorCQkJICAgICAgZGF0YS5od2FzYW5f dmVjLmxlbmd0aCAoKSk7CiAgICAgfQogCiAgIGlmIChhc2FuX3Nhbml0aXpl X2FsbG9jYXNfcCAoKSAmJiBjZnVuLT5jYWxsc19hbGxvY2EpCmRpZmYgLS1n aXQgYS9nY2Mvc2FuaXRpemVyLmRlZiBiL2djYy9zYW5pdGl6ZXIuZGVmCmlu ZGV4IDM3NGQxNTAwN2Q4NjgzNjNkOWI0ZmJmNDY3ZTFlNDYyYWJiY2E2MWEu LjdiZDUwNzE1ZjI0YTJjYjE1NGI1NzhlMmFiZGVhNGU4ZmNkYjIxMDcgMTAw NjQ0Ci0tLSBhL2djYy9zYW5pdGl6ZXIuZGVmCisrKyBiL2djYy9zYW5pdGl6 ZXIuZGVmCkBAIC0xODAsNiArMTgwLDEyIEBAIERFRl9TQU5JVElaRVJfQlVJ TFRJTihCVUlMVF9JTl9BU0FOX1BPSU5URVJfQ09NUEFSRSwgIl9fc2FuaXRp emVyX3B0cl9jbXAiLAogREVGX1NBTklUSVpFUl9CVUlMVElOKEJVSUxUX0lO X0FTQU5fUE9JTlRFUl9TVUJUUkFDVCwgIl9fc2FuaXRpemVyX3B0cl9zdWIi LAogCQkgICAgICBCVF9GTl9WT0lEX1BUUl9QVFJNT0RFLCBBVFRSX05PVEhS T1dfTEVBRl9MSVNUKQogCisvKiBIYXJkd2FyZSBBZGRyZXNzIFNhbml0aXpl ci4gICovCitERUZfU0FOSVRJWkVSX0JVSUxUSU4oQlVJTFRfSU5fSFdBU0FO X0lOSVQsICJfX2h3YXNhbl9pbml0IiwKKwkJICAgICAgQlRfRk5fVk9JRCwg QVRUUl9OT1RIUk9XX0xFQUZfTElTVCkKK0RFRl9TQU5JVElaRVJfQlVJTFRJ TihCVUlMVF9JTl9IV0FTQU5fVEFHX01FTSwgIl9faHdhc2FuX3RhZ19tZW1v cnkiLAorCQkgICAgICBCVF9GTl9WT0lEX1BUUl9VSU5UOF9TSVpFLCBBVFRS X05PVEhST1dfTElTVCkKKwogLyogVGhyZWFkIFNhbml0aXplciAqLwogREVG X1NBTklUSVpFUl9CVUlMVElOKEJVSUxUX0lOX1RTQU5fSU5JVCwgIl9fdHNh bl9pbml0IiwgCiAJCSAgICAgIEJUX0ZOX1ZPSUQsIEFUVFJfTk9USFJPV19M RUFGX0xJU1QpCmRpZmYgLS1naXQgYS9nY2MvdG9wbGV2LmMgYi9nY2MvdG9w bGV2LmMKaW5kZXggZDMwMGFjMmVjODk0ZWU5NDcxNTY2MTZlNzE3OTZkNTVk OWQwNDMwNy4uOTM0ODRmODc2OTBiOGQ1NGQ5M2FiZTBhNjdjZGY1MWM0YTlh M2VlMSAxMDA2NDQKLS0tIGEvZ2NjL3RvcGxldi5jCisrKyBiL2djYy90b3Bs ZXYuYwpAQCAtNTA4LDYgKzUwOCw5IEBAIGNvbXBpbGVfZmlsZSAodm9pZCkK ICAgICAgIGlmIChmbGFnX3Nhbml0aXplICYgU0FOSVRJWkVfVEhSRUFEKQog CXRzYW5fZmluaXNoX2ZpbGUgKCk7CiAKKyAgICAgIGlmIChnYXRlX2h3YXNh biAoKSkKKwlod2FzYW5fZmluaXNoX2ZpbGUgKCk7CisKICAgICAgIG9tcF9m aW5pc2hfZmlsZSAoKTsKIAogICAgICAgaHNhX291dHB1dF9icmlnICgpOwoK --_002_VI1PR08MB54713A319FDEF82EC806C481E0BA0VI1PR08MB5471eurp_--