From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 58973 invoked by alias); 6 Sep 2019 14:46:44 -0000 Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Archive: List-Post: List-Help: Sender: gcc-patches-owner@gcc.gnu.org Received: (qmail 58788 invoked by uid 89); 6 Sep 2019 14:46:43 -0000 Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: No, score=-23.6 required=5.0 tests=AWL,BAYES_00,GIT_PATCH_0,GIT_PATCH_1,GIT_PATCH_2,GIT_PATCH_3,KAM_LOTSOFHASH,RCVD_IN_DNSWL_NONE,SPF_HELO_PASS,SPF_PASS autolearn=ham version=3.3.1 spammy=intercepts X-HELO: EUR03-VE1-obe.outbound.protection.outlook.com Received: from mail-eopbgr50060.outbound.protection.outlook.com (HELO EUR03-VE1-obe.outbound.protection.outlook.com) (40.107.5.60) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Fri, 06 Sep 2019 14:46:36 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Py7k/vsFuiCZSSsZ2B7l52kgPpXEnGlK/l5VouJp1K8=; b=1PoI5LAzVJEdJijPurB6hXeVTWWFhu85RE27Z7vISlH+lAT6jgyVQXHhKmJxU6ug2oZpis2AzUVAiX5+vIJmoicQVLlmbxtAiWnYkINBhLmijvjkqVMrmLsaw0b3GHydQNurevq59rq5DNX6mDl1xav+Q4JUV6UFLBP1cdF/j4U= Received: from DB6PR0802CA0029.eurprd08.prod.outlook.com (2603:10a6:4:a3::15) by VI1PR08MB3488.eurprd08.prod.outlook.com (2603:10a6:803:7c::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2241.14; Fri, 6 Sep 2019 14:46:31 +0000 Received: from VE1EUR03FT040.eop-EUR03.prod.protection.outlook.com (2a01:111:f400:7e09::209) by DB6PR0802CA0029.outlook.office365.com (2603:10a6:4:a3::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.2241.14 via Frontend Transport; Fri, 6 Sep 2019 14:46:31 +0000 Authentication-Results: spf=temperror (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; gcc.gnu.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;gcc.gnu.org; dmarc=temperror action=none header.from=arm.com; Received-SPF: TempError (protection.outlook.com: error in processing during lookup of arm.com: DNS Timeout) Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by VE1EUR03FT040.mail.protection.outlook.com (10.152.18.210) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.2241.14 via Frontend Transport; Fri, 6 Sep 2019 14:46:29 +0000 Received: ("Tessian outbound a25c4e5fef41:v27"); Fri, 06 Sep 2019 14:46:29 +0000 X-CheckRecipientChecked: true X-CR-MTA-CID: 4dfb01a1297e9719 X-CR-MTA-TID: 64aa7808 Received: from f3f365b2bab7.1 (cr-mta-lb-1.cr-mta-net [104.47.2.57]) by 64aa7808-outbound-1.mta.getcheckrecipient.com id 9DC82F27-1627-4C93-A7F1-C02AC1E6184A.1; Fri, 06 Sep 2019 14:46:24 +0000 Received: from EUR01-DB5-obe.outbound.protection.outlook.com (mail-db5eur01lp2057.outbound.protection.outlook.com [104.47.2.57]) by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id f3f365b2bab7.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Fri, 06 Sep 2019 14:46:24 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=FVU+dD7X7+dhaYjf3VuIfVKvmLNv+lvSAdruCz4gaqWU7N/UEifwuV0n3m/mIKPGLqn2f9rU7RaQBoqjrKu4GVYCnTZI+BjvsHWn5bunKC7dOH0WzDSM//fgjszUXK0G+124MFVIQOFtc1xrb9SNl8wYbx+GVh1H/vQvja5dtUjIjQR/BYKA2lvf9smoAmd/w6LWO2XU0d/0BfUb1RIl84FIc811wiX132zw2okA9XjIXo9rJujAcg5qdnCP9TZSwtvlLqK3VSyYTKFzifptXo4rSMF9SmUww1BxUwbpHhruCN5lEkNP1NqYzCCxL+984xCqAjZXOMMgccUTMOKbfg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Py7k/vsFuiCZSSsZ2B7l52kgPpXEnGlK/l5VouJp1K8=; b=ehADqS4ufHReqZCl4tlbn09La2YuiO4hUmLKiCXE1oVW1Przh5/g6yDW6AmkyLtdnGQ1PNGGI4tISLJvAxM+EuZyrDqqs0OqbpaIYIT+IGa0G+akIaNtKAluCGSbgX0kY6N1EAI4cFCwokwR6pywGWJsn7VAEPNiB8nw6g5MfMg1IL6r26LO38rCdIJTn7zP1mNKMtpcQ5ksBL78V8HOlwrGKhhTXnZCtCSRK+MWKMh8D0N0HnlufrtO+q2W+3lJBbNkG3qEh5cF5I7D9JC7gVohDHfX5Nx6lD9lju7Ak8W9BVFmWSqzOdNhK3pcnUqzizO/ZFMpPj5hd67rnZ2K9g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Py7k/vsFuiCZSSsZ2B7l52kgPpXEnGlK/l5VouJp1K8=; b=1PoI5LAzVJEdJijPurB6hXeVTWWFhu85RE27Z7vISlH+lAT6jgyVQXHhKmJxU6ug2oZpis2AzUVAiX5+vIJmoicQVLlmbxtAiWnYkINBhLmijvjkqVMrmLsaw0b3GHydQNurevq59rq5DNX6mDl1xav+Q4JUV6UFLBP1cdF/j4U= Received: from VI1PR08MB5471.eurprd08.prod.outlook.com (52.133.246.83) by VI1PR08MB3488.eurprd08.prod.outlook.com (20.177.59.30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2241.14; Fri, 6 Sep 2019 14:46:22 +0000 Received: from VI1PR08MB5471.eurprd08.prod.outlook.com ([fe80::206a:65bd:e6a9:536b]) by VI1PR08MB5471.eurprd08.prod.outlook.com ([fe80::206a:65bd:e6a9:536b%2]) with mapi id 15.20.2241.018; Fri, 6 Sep 2019 14:46:22 +0000 From: Matthew Malcomson To: "gcc-patches@gcc.gnu.org" CC: "mliska@suse.cz" , "dodji@redhat.com" , nd , "kcc@google.com" , "jakub@redhat.com" , "dvyukov@google.com" Subject: [RFC][PATCH 13/X][libsanitizer] Instrument known builtin function calls Date: Fri, 06 Sep 2019 14:47:00 -0000 Message-ID: References: <156778058239.16148.17480879484406897649.scripted-patch-series@arm.com> In-Reply-To: <156778058239.16148.17480879484406897649.scripted-patch-series@arm.com> Authentication-Results-Original: spf=none (sender IP is ) smtp.mailfrom=Matthew.Malcomson@arm.com; X-Microsoft-Antispam-Untrusted: BCL:0;PCL:0;RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600166)(711020)(4605104)(1401327)(4618075)(2017052603328)(49563074)(7193020);SRVR:VI1PR08MB3488; x-checkrecipientrouted: true x-ms-oob-tlc-oobclassifiers: OLM:5516;OLM:5516; X-Forefront-Antispam-Report-Untrusted: SFV:NSPM;SFS:(10009020)(4636009)(39860400002)(396003)(346002)(376002)(136003)(366004)(54534003)(189003)(199004)(3846002)(6436002)(54906003)(53936002)(52536014)(6916009)(6116002)(5660300002)(71200400001)(8936002)(71190400001)(14454004)(14444005)(81166006)(2351001)(81156014)(256004)(446003)(8676002)(30864003)(5640700003)(52116002)(5024004)(66446008)(44832011)(25786009)(9686003)(2501003)(86362001)(186003)(305945005)(486006)(476003)(6506007)(102836004)(11346002)(26005)(7696005)(74316002)(99286004)(7736002)(386003)(33656002)(316002)(55016002)(2906002)(66556008)(99936001)(478600001)(4326008)(76176011)(66946007)(64756008)(66616009)(66476007)(66066001);DIR:OUT;SFP:1101;SCL:1;SRVR:VI1PR08MB3488;H:VI1PR08MB5471.eurprd08.prod.outlook.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;MX:1;A:1; received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts) X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info-Original: +9aZ4FvllTE4mC7KlqZeWAafnxrxXSgehKHX75XqfF8uFl1L8YVMLtW6gv9mXOfLIqdxJto3Y7y4c0vyhPoZyPSJdr6nVD4IjobRV904B45kuaJKdGEYY3gB846gtNQbVhKEaPEXR1zMVj/4pFM3EUZPTkrIDl++Q10HBod97A7eqIUCk42PkSTQdhnVKs1qlH+WHRznkFudvjOA4q/k/qZ9Tl7mHVEMHYIWbmtrAbGgY3vwH5rjjal7P1Vd4lDK3HlLq9cQwSdRnPzdbRar7c4JAwGmZ1cCxqzyB7nS1E19ZAKq7hXLFfxtZxjJACWVl43LCMJQRY2YLStzEv6IITGBHGkQK0gx3krrK6hi6r7VvRSqiqPm0SOc/0Dfy4OAcXuEWCe8bZHoI9XR57hppEu+zNMLc2V6eWCNQ62KRR0= x-ms-exchange-transport-forked: True Content-Type: multipart/mixed; boundary="_002_VI1PR08MB5471F9AF60EF483B15A3D671E0BA0VI1PR08MB5471eurp_" MIME-Version: 1.0 Original-Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Matthew.Malcomson@arm.com; Return-Path: Matthew.Malcomson@arm.com X-MS-Exchange-Transport-CrossTenantHeadersStripped: VE1EUR03FT040.eop-EUR03.prod.protection.outlook.com X-MS-Office365-Filtering-Correlation-Id-Prvs: e21a6d61-46cf-4ec3-1781-08d732d8fbfc X-IsSubscribed: yes X-SW-Source: 2019-09/txt/msg00400.txt.bz2 --_002_VI1PR08MB5471F9AF60EF483B15A3D671E0BA0VI1PR08MB5471eurp_ Content-Type: text/plain; charset="us-ascii" Content-ID: <73C68FAA6CB6CE4BAE24FFF041E347FD@eurprd08.prod.outlook.com> Content-Transfer-Encoding: quoted-printable Content-length: 14886 Handle all builtin functions that we know use memory accesses. This commit uses the machinery added for ASAN to identify builtin functions that access memory. The main differences between the approaches for HWASAN and ASAN are: 1) libhwasan intercepts much less builtin functions. 2) Alloca needs to be transformed differently (instead of adding redzones it needs to colour shadow memory and return a tagged pointer). 3) stack_restore needs to uncolour the shadow stack between the current position and where it's going. 4) `noreturn` functions can not be handled by simply unpoisoning the entire shadow stack -- there is no "always valid" colour. For hardware implemented checking such as AArch64's memory tagging extension alloca and stack_restore will need to be handled by hooks in the backend rather than transformation at the gimple level. This will allow architecture specific handling of such stack modifications. gcc/ChangeLog: 2019-09-06 Matthew Malcomson * asan.c (handle_builtin_stack_restore): Handle HWASAN. (handle_builtin_alloca): Handle HWASAN. (get_mem_refs_of_builtin_call): Avoid strlen for HWASAN. (maybe_instrument_call): HWASAN avoids ASAN_HANDLE_NO_RETURN. (initialize_sanitizer_builtins): Define new function type. (hwasan_base): New. * asan.h (hwasan_base): New decl. * builtin-types.def (BT_FN_PTR_CONST_PTR_UINT8): New type. * internal-fn.c (expand_HWASAN_CHOOSE_COLOUR): New. * internal-fn.def (HWASAN_CHOOSE_COLOUR): New. * sanitizer.def (BUILT_IN_HWASAN_HANDLE_LONGJMP): New. (BUILT_IN_HWASAN_TAG_PTR): New. ############### Attachment also inlined for ease of reply ##########= ##### diff --git a/gcc/asan.h b/gcc/asan.h index 68ea1b4afaf9195553251a987df33788421fa142..e4e823080e4ca7489135ee2da9e= 0727de9bba8ae 100644 --- a/gcc/asan.h +++ b/gcc/asan.h @@ -30,6 +30,7 @@ extern void hwasan_increment_tag (); extern rtx hwasan_with_tag (rtx, poly_int64); extern void hwasan_tag_init (); extern rtx hwasan_create_untagged_base (rtx); +extern rtx hwasan_base (); extern void hwasan_emit_prologue (rtx *, rtx *, poly_int64 *, uint8_t *, s= ize_t); extern rtx_insn *hwasan_emit_uncolour_frame (rtx, rtx, rtx_insn *); extern bool hwasan_expand_check_ifn (gimple_stmt_iterator *, bool); diff --git a/gcc/asan.c b/gcc/asan.c index ae1f8a0d28e911c2ff30be8ea9f4001923983cb1..fefd28cbd136d74ad3389cf8efb= f1949e3815dfd 100644 --- a/gcc/asan.c +++ b/gcc/asan.c @@ -579,15 +579,28 @@ get_last_alloca_addr () static void handle_builtin_stack_restore (gcall *call, gimple_stmt_iterator *iter) { - if (!iter || !asan_sanitize_allocas_p ()) + if (!iter + || !(asan_sanitize_allocas_p () || memory_tagging_p ())) return; =20 - tree last_alloca =3D get_last_alloca_addr (); tree restored_stack =3D gimple_call_arg (call, 0); - tree fn =3D builtin_decl_implicit (BUILT_IN_ASAN_ALLOCAS_UNPOISON); - gimple *g =3D gimple_build_call (fn, 2, last_alloca, restored_stack); - gsi_insert_before (iter, g, GSI_SAME_STMT); - g =3D gimple_build_assign (last_alloca, restored_stack); + + gimple *g; + + if (memory_tagging_p ()) + { + tree fn =3D builtin_decl_implicit (BUILT_IN_HWASAN_HANDLE_LONGJMP); + g =3D gimple_build_call (fn, 1, restored_stack); + } + else + { + tree last_alloca =3D get_last_alloca_addr (); + tree fn =3D builtin_decl_implicit (BUILT_IN_ASAN_ALLOCAS_UNPOISON); + g =3D gimple_build_call (fn, 2, last_alloca, restored_stack); + gsi_insert_before (iter, g, GSI_SAME_STMT); + g =3D gimple_build_assign (last_alloca, restored_stack); + } + gsi_insert_before (iter, g, GSI_SAME_STMT); } =20 @@ -617,14 +630,12 @@ handle_builtin_stack_restore (gcall *call, gimple_stm= t_iterator *iter) static void handle_builtin_alloca (gcall *call, gimple_stmt_iterator *iter) { - if (!iter || !asan_sanitize_allocas_p ()) + if (!iter + || !(asan_sanitize_allocas_p () || memory_tagging_p ())) return; =20 gassign *g; gcall *gg; - const HOST_WIDE_INT redzone_mask =3D ASAN_RED_ZONE_SIZE - 1; - - tree last_alloca =3D get_last_alloca_addr (); tree callee =3D gimple_call_fndecl (call); tree old_size =3D gimple_call_arg (call, 0); tree ptr_type =3D gimple_call_lhs (call) ? TREE_TYPE (gimple_call_lhs (c= all)) @@ -634,6 +645,86 @@ handle_builtin_alloca (gcall *call, gimple_stmt_iterat= or *iter) =3D DECL_FUNCTION_CODE (callee) =3D=3D BUILT_IN_ALLOCA ? 0 : tree_to_uhwi (gimple_call_arg (call, 1)); =20 + if (memory_tagging_p ()) + { + /* + HWASAN needs a different expansion. + + addr =3D __builtin_alloca (size, align); + + should be replaced by + + new_size =3D size rounded up to HWASAN_TAG_GRANULE_SIZE byte alignment; + untagged_addr =3D __builtin_alloca (new_size, align); + colour =3D __hwasan_choose_alloca_colour (); + addr =3D __hwasan_tag_pointer (untagged_addr, colour); + __hwasan_tag_memory (addr, colour, new_size); + */ + /* Ensure alignment at least HWASAN_TAG_GRANULE_SIZE bytes so we sta= rt on + a tag granule. aarch64 already has an alignment of 16 bytes by + default which is the same as HWASAN_TAG_GRANULE_SIZE at the moment. */ + align =3D align > HWASAN_TAG_GRANULE_SIZE ? align : HWASAN_TAG_GRANU= LE_SIZE; + + /* tree new_size =3D (old_size + 15) & ~15; */ + uint8_t tg_mask =3D HWASAN_TAG_GRANULE_SIZE - 1; + tree old_size =3D gimple_call_arg (call, 0); + tree tree_mask =3D build_int_cst (size_type_node, tg_mask); + g =3D gimple_build_assign (make_ssa_name (size_type_node), PLUS_EXPR, + old_size, tree_mask); + gsi_insert_before (iter, g, GSI_SAME_STMT); + tree oversize =3D gimple_assign_lhs (g); + + g =3D gimple_build_assign (make_ssa_name (size_type_node), BIT_NOT_E= XPR, + tree_mask); + tree mask =3D gimple_assign_lhs (g); + gsi_insert_before (iter, g, GSI_SAME_STMT); + + g =3D gimple_build_assign (make_ssa_name (size_type_node), BIT_AND_E= XPR, + oversize, mask); + gsi_insert_before (iter, g, GSI_SAME_STMT); + tree new_size =3D gimple_assign_lhs (g); + + /* emit the alloca call */ + tree fn =3D builtin_decl_implicit (BUILT_IN_ALLOCA_WITH_ALIGN); + gg =3D gimple_build_call (fn, 2, new_size, + build_int_cst (size_type_node, align)); + tree untagged_addr =3D make_ssa_name (ptr_type, gg); + gimple_call_set_lhs (gg, untagged_addr); + gsi_insert_before (iter, gg, GSI_SAME_STMT); + + /* Insert code choosing the tag. + Here we use an internal function so we can choose the colour at expand + time. We want this so the decision is made after stack variables have + been assigned their colour (i.e. once the tag_offset variable has been + set to one after the last stack variables tag). */ + + gg =3D gimple_build_call_internal (IFN_HWASAN_CHOOSE_COLOUR, 0); + tree colour =3D make_ssa_name (unsigned_char_type_node, gg); + gimple_call_set_lhs (gg, colour); + gsi_insert_before (iter, gg, GSI_SAME_STMT); + + /* Insert code adding tag to pointer. */ + fn =3D builtin_decl_implicit (BUILT_IN_HWASAN_TAG_PTR); + gg =3D gimple_build_call (fn, 2, untagged_addr, colour); + tree addr =3D make_ssa_name (ptr_type, gg); + gimple_call_set_lhs (gg, addr); + gsi_insert_before (iter, gg, GSI_SAME_STMT); + + /* Insert code colouring shadow memory. + NOTE: require using `untagged_addr` here. */ + fn =3D builtin_decl_implicit (BUILT_IN_HWASAN_TAG_MEM); + gg =3D gimple_build_call (fn, 3, untagged_addr, colour, new_size); + gsi_insert_before (iter, gg, GSI_SAME_STMT); + + /* Finally, replace old alloca ptr with NEW_ALLOCA. */ + replace_call_with_value (iter, addr); + return; + } + + tree last_alloca =3D get_last_alloca_addr (); + const HOST_WIDE_INT redzone_mask =3D ASAN_RED_ZONE_SIZE - 1; + + /* If ALIGN > ASAN_RED_ZONE_SIZE, we embed left redzone into first ALIGN bytes of allocated space. Otherwise, align alloca to ASAN_RED_ZONE_S= IZE manually. */ @@ -786,6 +877,33 @@ get_mem_refs_of_builtin_call (gcall *call, break; =20 case BUILT_IN_STRLEN: + /* + Special case strlen here because its length is taken from its return + value. + + The approach taken by the sanitizers is to check a memory access + before it's taken. For ASAN strlen is intercepted by libasan, so no + check is inserted by the compiler. + + This function still returns `true` and provides a length to the rest + of the ASAN pass in order to record what areas have been checked, + avoiding superfluous checks later on. + + HWASAN does not intercept any of these internal functions. + This means that checks for memory accesses must be inserted by the + compiler. + strlen is a special case, because we can tell the length from the + return of the function, but that is not known until after the function + has returned. + + Hence we can't check the memory access before it happens. + We could check the memory access after it has already happened, but + for now I'm choosing to just ignore `strlen` calls. + This decision was simply made because that means the special case is + limited to this one case of this one function. + */ + if (memory_tagging_p ()) + return false; source0 =3D gimple_call_arg (call, 0); len =3D gimple_call_lhs (call); break; @@ -2493,8 +2611,6 @@ maybe_instrument_assignment (gimple_stmt_iterator *it= er) static bool maybe_instrument_call (gimple_stmt_iterator *iter) { - if (memory_tagging_p ()) - return false; gimple *stmt =3D gsi_stmt (*iter); bool is_builtin =3D gimple_call_builtin_p (stmt, BUILT_IN_NORMAL); =20 @@ -2516,10 +2632,13 @@ maybe_instrument_call (gimple_stmt_iterator *iter) break; } } - tree decl =3D builtin_decl_implicit (BUILT_IN_ASAN_HANDLE_NO_RETURN); - gimple *g =3D gimple_build_call (decl, 0); - gimple_set_location (g, gimple_location (stmt)); - gsi_insert_before (iter, g, GSI_SAME_STMT); + if (! memory_tagging_p ()) + { + tree decl =3D builtin_decl_implicit (BUILT_IN_ASAN_HANDLE_NO_RETURN); + gimple *g =3D gimple_build_call (decl, 0); + gimple_set_location (g, gimple_location (stmt)); + gsi_insert_before (iter, g, GSI_SAME_STMT); + } } =20 bool instrumented =3D false; @@ -2918,6 +3037,9 @@ initialize_sanitizer_builtins (void) =3D build_function_type_list (void_type_node, uint64_type_node, ptr_type_node, NULL_TREE); =20 + tree BT_FN_PTR_CONST_PTR_UINT8 + =3D build_function_type_list (ptr_type_node, const_ptr_type_node, + unsigned_char_type_node, NULL_TREE); tree BT_FN_VOID_PTR_UINT8_SIZE =3D build_function_type_list (void_type_node, ptr_type_node, unsigned_char_type_node, size_type_node, @@ -3749,6 +3871,14 @@ hwasan_record_base (rtx base) } =20 uint8_t hwasan_current_tag () { return tag_offset; } +rtx +hwasan_base () +{ + if (! hwasan_base_ptr) + hwasan_record_base (gen_reg_rtx (Pmode)); + + return hwasan_base_ptr; +} =20 void hwasan_increment_tag () diff --git a/gcc/builtin-types.def b/gcc/builtin-types.def index d05f597b6434f39fe95d4f28dd2ef3ed463dd925..00592b1eea76164471e281c8922= 893937cf9bb2e 100644 --- a/gcc/builtin-types.def +++ b/gcc/builtin-types.def @@ -493,6 +493,7 @@ DEF_FUNCTION_TYPE_2 (BT_FN_INT_FEXCEPT_T_PTR_INT, BT_IN= T, BT_FEXCEPT_T_PTR, BT_INT) DEF_FUNCTION_TYPE_2 (BT_FN_INT_CONST_FEXCEPT_T_PTR_INT, BT_INT, BT_CONST_FEXCEPT_T_PTR, BT_INT) +DEF_FUNCTION_TYPE_2 (BT_FN_PTR_CONST_PTR_UINT8, BT_PTR, BT_CONST_PTR, BT_U= INT8) =20 DEF_POINTER_TYPE (BT_PTR_FN_VOID_PTR_PTR, BT_FN_VOID_PTR_PTR) =20 diff --git a/gcc/internal-fn.c b/gcc/internal-fn.c index 80f94f141bfd92e9f6af13a6df76f0c9ac053fdc..4eec9919b520691ab3e73a2920e= f8b544cf55dfe 100644 --- a/gcc/internal-fn.c +++ b/gcc/internal-fn.c @@ -462,6 +462,42 @@ expand_HWASAN_CHECK (internal_fn, gcall *) } =20 static void +expand_HWASAN_CHOOSE_COLOUR (internal_fn, gcall *gc) +{ + /* TODO Use shared function somewhere so that MTE can use the same basic + functionality when it needs to get a tag for alloca. */ + tree colour =3D gimple_call_lhs (gc); + rtx target =3D expand_expr (colour, NULL_RTX, VOIDmode, EXPAND_NORMAL); + machine_mode mode =3D GET_MODE (target); + gcc_assert (mode =3D=3D QImode); + + rtx base_tag =3D expand_simple_binop (Pmode, LSHIFTRT, hwasan_base (), + HWASAN_SHIFT_RTX, + NULL_RTX, /* unsignedp =3D */0, + OPTAB_DIRECT); + + gcc_assert (base_tag); + rtx tag_offset =3D const_int_rtx[MAX_SAVED_CONST_INT + hwasan_current_ta= g ()]; + rtx chosen_tag =3D expand_simple_binop (QImode, PLUS, base_tag, tag_offs= et, + target, /* unsignedp =3D */1, + OPTAB_WIDEN); + + gcc_assert (chosen_tag); + /* TODO truncate target */ + if (chosen_tag !=3D target) + { + rtx temp =3D chosen_tag; + machine_mode ret_mode =3D GET_MODE (chosen_tag); + if (ret_mode !=3D mode) + temp =3D simplify_gen_unary (TRUNCATE, mode, chosen_tag, ret_mode); + + emit_move_insn (target, temp); + } + + hwasan_increment_tag (); +} + +static void expand_ASAN_CHECK (internal_fn, gcall *) { gcc_unreachable (); diff --git a/gcc/internal-fn.def b/gcc/internal-fn.def index c683e5d8e5c607f18909bda4d97b58421cb7c2a4..ed0c5bc110f16b2cdbc139403db= dbd8ebe7e2823 100644 --- a/gcc/internal-fn.def +++ b/gcc/internal-fn.def @@ -288,6 +288,7 @@ DEF_INTERNAL_FN (UBSAN_PTR, ECF_LEAF | ECF_NOTHROW, ".R= .") DEF_INTERNAL_FN (UBSAN_OBJECT_SIZE, ECF_LEAF | ECF_NOTHROW, NULL) DEF_INTERNAL_FN (ABNORMAL_DISPATCHER, ECF_NORETURN, NULL) DEF_INTERNAL_FN (BUILTIN_EXPECT, ECF_CONST | ECF_LEAF | ECF_NOTHROW, NULL) +DEF_INTERNAL_FN (HWASAN_CHOOSE_COLOUR, ECF_LEAF | ECF_NOTHROW, ".") DEF_INTERNAL_FN (HWASAN_CHECK, ECF_TM_PURE | ECF_LEAF | ECF_NOTHROW, "..R.= .") DEF_INTERNAL_FN (ASAN_CHECK, ECF_TM_PURE | ECF_LEAF | ECF_NOTHROW, "..R..") DEF_INTERNAL_FN (ASAN_MARK, ECF_LEAF | ECF_NOTHROW, NULL) diff --git a/gcc/sanitizer.def b/gcc/sanitizer.def index 0edf349cc23e846608b89d54a1024b9d99de9c4d..b6944f3e365bcd9ecd319bbf66b= ada32f87ad249 100644 --- a/gcc/sanitizer.def +++ b/gcc/sanitizer.def @@ -187,6 +187,10 @@ DEF_SANITIZER_BUILTIN(BUILT_IN_HWASAN_LOADN, "__hwasan= _loadN", BT_FN_VOID_PTR_PTRMODE, ATTR_TMPURE_NOTHROW_LEAF_LIST) DEF_SANITIZER_BUILTIN(BUILT_IN_HWASAN_STOREN, "__hwasan_storeN", BT_FN_VOID_PTR_PTRMODE, ATTR_TMPURE_NOTHROW_LEAF_LIST) +DEF_SANITIZER_BUILTIN(BUILT_IN_HWASAN_HANDLE_LONGJMP, "__hwasan_handle_lon= gjmp", + BT_FN_VOID_CONST_PTR, ATTR_NOTHROW_LIST) +DEF_SANITIZER_BUILTIN(BUILT_IN_HWASAN_TAG_PTR, "__hwasan_tag_pointer", + BT_FN_PTR_CONST_PTR_UINT8, ATTR_TMPURE_NOTHROW_LEAF_LIST) DEF_SANITIZER_BUILTIN(BUILT_IN_HWASAN_TAG_MEM, "__hwasan_tag_memory", BT_FN_VOID_PTR_UINT8_SIZE, ATTR_NOTHROW_LIST) =20 --_002_VI1PR08MB5471F9AF60EF483B15A3D671E0BA0VI1PR08MB5471eurp_ Content-Type: text/plain; name="hwasan-implementation12.patch" Content-Description: hwasan-implementation12.patch Content-Disposition: attachment; filename="hwasan-implementation12.patch"; size=12975; creation-date="Fri, 06 Sep 2019 14:46:21 GMT"; modification-date="Fri, 06 Sep 2019 14:46:21 GMT" Content-ID: Content-Transfer-Encoding: base64 Content-length: 17589 ZGlmZiAtLWdpdCBhL2djYy9hc2FuLmggYi9nY2MvYXNhbi5oCmluZGV4IDY4 ZWExYjRhZmFmOTE5NTU1MzI1MWE5ODdkZjMzNzg4NDIxZmExNDIuLmU0ZTgy MzA4MGU0Y2E3NDg5MTM1ZWUyZGE5ZTA3MjdkZTliYmE4YWUgMTAwNjQ0Ci0t LSBhL2djYy9hc2FuLmgKKysrIGIvZ2NjL2FzYW4uaApAQCAtMzAsNiArMzAs NyBAQCBleHRlcm4gdm9pZCBod2FzYW5faW5jcmVtZW50X3RhZyAoKTsKIGV4 dGVybiBydHggaHdhc2FuX3dpdGhfdGFnIChydHgsIHBvbHlfaW50NjQpOwog ZXh0ZXJuIHZvaWQgaHdhc2FuX3RhZ19pbml0ICgpOwogZXh0ZXJuIHJ0eCBo d2FzYW5fY3JlYXRlX3VudGFnZ2VkX2Jhc2UgKHJ0eCk7CitleHRlcm4gcnR4 IGh3YXNhbl9iYXNlICgpOwogZXh0ZXJuIHZvaWQgaHdhc2FuX2VtaXRfcHJv bG9ndWUgKHJ0eCAqLCBydHggKiwgcG9seV9pbnQ2NCAqLCB1aW50OF90ICos IHNpemVfdCk7CiBleHRlcm4gcnR4X2luc24gKmh3YXNhbl9lbWl0X3VuY29s b3VyX2ZyYW1lIChydHgsIHJ0eCwgcnR4X2luc24gKik7CiBleHRlcm4gYm9v bCBod2FzYW5fZXhwYW5kX2NoZWNrX2lmbiAoZ2ltcGxlX3N0bXRfaXRlcmF0 b3IgKiwgYm9vbCk7CmRpZmYgLS1naXQgYS9nY2MvYXNhbi5jIGIvZ2NjL2Fz YW4uYwppbmRleCBhZTFmOGEwZDI4ZTkxMWMyZmYzMGJlOGVhOWY0MDAxOTIz OTgzY2IxLi5mZWZkMjhjYmQxMzZkNzRhZDMzODljZjhlZmJmMTk0OWUzODE1 ZGZkIDEwMDY0NAotLS0gYS9nY2MvYXNhbi5jCisrKyBiL2djYy9hc2FuLmMK QEAgLTU3OSwxNSArNTc5LDI4IEBAIGdldF9sYXN0X2FsbG9jYV9hZGRyICgp CiBzdGF0aWMgdm9pZAogaGFuZGxlX2J1aWx0aW5fc3RhY2tfcmVzdG9yZSAo Z2NhbGwgKmNhbGwsIGdpbXBsZV9zdG10X2l0ZXJhdG9yICppdGVyKQogewot ICBpZiAoIWl0ZXIgfHwgIWFzYW5fc2FuaXRpemVfYWxsb2Nhc19wICgpKQor ICBpZiAoIWl0ZXIKKyAgICAgIHx8ICEoYXNhbl9zYW5pdGl6ZV9hbGxvY2Fz X3AgKCkgfHwgbWVtb3J5X3RhZ2dpbmdfcCAoKSkpCiAgICAgcmV0dXJuOwog Ci0gIHRyZWUgbGFzdF9hbGxvY2EgPSBnZXRfbGFzdF9hbGxvY2FfYWRkciAo KTsKICAgdHJlZSByZXN0b3JlZF9zdGFjayA9IGdpbXBsZV9jYWxsX2FyZyAo Y2FsbCwgMCk7Ci0gIHRyZWUgZm4gPSBidWlsdGluX2RlY2xfaW1wbGljaXQg KEJVSUxUX0lOX0FTQU5fQUxMT0NBU19VTlBPSVNPTik7Ci0gIGdpbXBsZSAq ZyA9IGdpbXBsZV9idWlsZF9jYWxsIChmbiwgMiwgbGFzdF9hbGxvY2EsIHJl c3RvcmVkX3N0YWNrKTsKLSAgZ3NpX2luc2VydF9iZWZvcmUgKGl0ZXIsIGcs IEdTSV9TQU1FX1NUTVQpOwotICBnID0gZ2ltcGxlX2J1aWxkX2Fzc2lnbiAo bGFzdF9hbGxvY2EsIHJlc3RvcmVkX3N0YWNrKTsKKworICBnaW1wbGUgKmc7 CisKKyAgaWYgKG1lbW9yeV90YWdnaW5nX3AgKCkpCisgICAgeworICAgICAg dHJlZSBmbiA9IGJ1aWx0aW5fZGVjbF9pbXBsaWNpdCAoQlVJTFRfSU5fSFdB U0FOX0hBTkRMRV9MT05HSk1QKTsKKyAgICAgIGcgPSBnaW1wbGVfYnVpbGRf Y2FsbCAoZm4sIDEsIHJlc3RvcmVkX3N0YWNrKTsKKyAgICB9CisgIGVsc2UK KyAgICB7CisgICAgICB0cmVlIGxhc3RfYWxsb2NhID0gZ2V0X2xhc3RfYWxs b2NhX2FkZHIgKCk7CisgICAgICB0cmVlIGZuID0gYnVpbHRpbl9kZWNsX2lt cGxpY2l0IChCVUlMVF9JTl9BU0FOX0FMTE9DQVNfVU5QT0lTT04pOworICAg ICAgZyA9IGdpbXBsZV9idWlsZF9jYWxsIChmbiwgMiwgbGFzdF9hbGxvY2Es IHJlc3RvcmVkX3N0YWNrKTsKKyAgICAgIGdzaV9pbnNlcnRfYmVmb3JlIChp dGVyLCBnLCBHU0lfU0FNRV9TVE1UKTsKKyAgICAgIGcgPSBnaW1wbGVfYnVp bGRfYXNzaWduIChsYXN0X2FsbG9jYSwgcmVzdG9yZWRfc3RhY2spOworICAg IH0KKwogICBnc2lfaW5zZXJ0X2JlZm9yZSAoaXRlciwgZywgR1NJX1NBTUVf U1RNVCk7CiB9CiAKQEAgLTYxNywxNCArNjMwLDEyIEBAIGhhbmRsZV9idWls dGluX3N0YWNrX3Jlc3RvcmUgKGdjYWxsICpjYWxsLCBnaW1wbGVfc3RtdF9p dGVyYXRvciAqaXRlcikKIHN0YXRpYyB2b2lkCiBoYW5kbGVfYnVpbHRpbl9h bGxvY2EgKGdjYWxsICpjYWxsLCBnaW1wbGVfc3RtdF9pdGVyYXRvciAqaXRl cikKIHsKLSAgaWYgKCFpdGVyIHx8ICFhc2FuX3Nhbml0aXplX2FsbG9jYXNf cCAoKSkKKyAgaWYgKCFpdGVyCisgICAgICB8fCAhKGFzYW5fc2FuaXRpemVf YWxsb2Nhc19wICgpIHx8IG1lbW9yeV90YWdnaW5nX3AgKCkpKQogICAgIHJl dHVybjsKIAogICBnYXNzaWduICpnOwogICBnY2FsbCAqZ2c7Ci0gIGNvbnN0 IEhPU1RfV0lERV9JTlQgcmVkem9uZV9tYXNrID0gQVNBTl9SRURfWk9ORV9T SVpFIC0gMTsKLQotICB0cmVlIGxhc3RfYWxsb2NhID0gZ2V0X2xhc3RfYWxs b2NhX2FkZHIgKCk7CiAgIHRyZWUgY2FsbGVlID0gZ2ltcGxlX2NhbGxfZm5k ZWNsIChjYWxsKTsKICAgdHJlZSBvbGRfc2l6ZSA9IGdpbXBsZV9jYWxsX2Fy ZyAoY2FsbCwgMCk7CiAgIHRyZWUgcHRyX3R5cGUgPSBnaW1wbGVfY2FsbF9s aHMgKGNhbGwpID8gVFJFRV9UWVBFIChnaW1wbGVfY2FsbF9saHMgKGNhbGwp KQpAQCAtNjM0LDYgKzY0NSw4NiBAQCBoYW5kbGVfYnVpbHRpbl9hbGxvY2Eg KGdjYWxsICpjYWxsLCBnaW1wbGVfc3RtdF9pdGVyYXRvciAqaXRlcikKICAg ICA9IERFQ0xfRlVOQ1RJT05fQ09ERSAoY2FsbGVlKSA9PSBCVUlMVF9JTl9B TExPQ0EKICAgICAgID8gMCA6IHRyZWVfdG9fdWh3aSAoZ2ltcGxlX2NhbGxf YXJnIChjYWxsLCAxKSk7CiAKKyAgaWYgKG1lbW9yeV90YWdnaW5nX3AgKCkp CisgICAgeworICAgICAgLyoKKwkgSFdBU0FOIG5lZWRzIGEgZGlmZmVyZW50 IGV4cGFuc2lvbi4KKworCSBhZGRyID0gX19idWlsdGluX2FsbG9jYSAoc2l6 ZSwgYWxpZ24pOworCisJIHNob3VsZCBiZSByZXBsYWNlZCBieQorCisJIG5l d19zaXplID0gc2l6ZSByb3VuZGVkIHVwIHRvIEhXQVNBTl9UQUdfR1JBTlVM RV9TSVpFIGJ5dGUgYWxpZ25tZW50OworCSB1bnRhZ2dlZF9hZGRyID0gX19i dWlsdGluX2FsbG9jYSAobmV3X3NpemUsIGFsaWduKTsKKwkgY29sb3VyID0g X19od2FzYW5fY2hvb3NlX2FsbG9jYV9jb2xvdXIgKCk7CisJIGFkZHIgPSBf X2h3YXNhbl90YWdfcG9pbnRlciAodW50YWdnZWRfYWRkciwgY29sb3VyKTsK KwkgX19od2FzYW5fdGFnX21lbW9yeSAoYWRkciwgY29sb3VyLCBuZXdfc2l6 ZSk7CisJKi8KKyAgICAgIC8qIEVuc3VyZSBhbGlnbm1lbnQgYXQgbGVhc3Qg SFdBU0FOX1RBR19HUkFOVUxFX1NJWkUgYnl0ZXMgc28gd2Ugc3RhcnQgb24K KwkgYSB0YWcgZ3JhbnVsZS4gYWFyY2g2NCBhbHJlYWR5IGhhcyBhbiBhbGln bm1lbnQgb2YgMTYgYnl0ZXMgYnkKKwkgZGVmYXVsdCB3aGljaCBpcyB0aGUg c2FtZSBhcyBIV0FTQU5fVEFHX0dSQU5VTEVfU0laRSBhdCB0aGUgbW9tZW50 LiAqLworICAgICAgYWxpZ24gPSBhbGlnbiA+IEhXQVNBTl9UQUdfR1JBTlVM RV9TSVpFID8gYWxpZ24gOiBIV0FTQU5fVEFHX0dSQU5VTEVfU0laRTsKKwor ICAgICAgLyogdHJlZSBuZXdfc2l6ZSA9IChvbGRfc2l6ZSArIDE1KSAmIH4x NTsgICovCisgICAgICB1aW50OF90IHRnX21hc2sgPSBIV0FTQU5fVEFHX0dS QU5VTEVfU0laRSAtIDE7CisgICAgICB0cmVlIG9sZF9zaXplID0gZ2ltcGxl X2NhbGxfYXJnIChjYWxsLCAwKTsKKyAgICAgIHRyZWUgdHJlZV9tYXNrID0g YnVpbGRfaW50X2NzdCAoc2l6ZV90eXBlX25vZGUsIHRnX21hc2spOworICAg ICAgZyA9IGdpbXBsZV9idWlsZF9hc3NpZ24gKG1ha2Vfc3NhX25hbWUgKHNp emVfdHlwZV9ub2RlKSwgUExVU19FWFBSLAorCQkJICAgICAgIG9sZF9zaXpl LCB0cmVlX21hc2spOworICAgICAgZ3NpX2luc2VydF9iZWZvcmUgKGl0ZXIs IGcsIEdTSV9TQU1FX1NUTVQpOworICAgICAgdHJlZSBvdmVyc2l6ZSA9IGdp bXBsZV9hc3NpZ25fbGhzIChnKTsKKworICAgICAgZyA9IGdpbXBsZV9idWls ZF9hc3NpZ24gKG1ha2Vfc3NhX25hbWUgKHNpemVfdHlwZV9ub2RlKSwgQklU X05PVF9FWFBSLAorCQkJICAgICAgIHRyZWVfbWFzayk7CisgICAgICB0cmVl IG1hc2sgPSBnaW1wbGVfYXNzaWduX2xocyAoZyk7CisgICAgICBnc2lfaW5z ZXJ0X2JlZm9yZSAoaXRlciwgZywgR1NJX1NBTUVfU1RNVCk7CisKKyAgICAg IGcgPSBnaW1wbGVfYnVpbGRfYXNzaWduIChtYWtlX3NzYV9uYW1lIChzaXpl X3R5cGVfbm9kZSksIEJJVF9BTkRfRVhQUiwKKwkJCSAgICAgICBvdmVyc2l6 ZSwgbWFzayk7CisgICAgICBnc2lfaW5zZXJ0X2JlZm9yZSAoaXRlciwgZywg R1NJX1NBTUVfU1RNVCk7CisgICAgICB0cmVlIG5ld19zaXplID0gZ2ltcGxl X2Fzc2lnbl9saHMgKGcpOworCisgICAgICAvKiBlbWl0IHRoZSBhbGxvY2Eg Y2FsbCAqLworICAgICAgdHJlZSBmbiA9IGJ1aWx0aW5fZGVjbF9pbXBsaWNp dCAoQlVJTFRfSU5fQUxMT0NBX1dJVEhfQUxJR04pOworICAgICAgZ2cgPSBn aW1wbGVfYnVpbGRfY2FsbCAoZm4sIDIsIG5ld19zaXplLAorCQkJICAgICAg YnVpbGRfaW50X2NzdCAoc2l6ZV90eXBlX25vZGUsIGFsaWduKSk7CisgICAg ICB0cmVlIHVudGFnZ2VkX2FkZHIgPSBtYWtlX3NzYV9uYW1lIChwdHJfdHlw ZSwgZ2cpOworICAgICAgZ2ltcGxlX2NhbGxfc2V0X2xocyAoZ2csIHVudGFn Z2VkX2FkZHIpOworICAgICAgZ3NpX2luc2VydF9iZWZvcmUgKGl0ZXIsIGdn LCBHU0lfU0FNRV9TVE1UKTsKKworICAgICAgLyogSW5zZXJ0IGNvZGUgY2hv b3NpbmcgdGhlIHRhZy4KKwkgSGVyZSB3ZSB1c2UgYW4gaW50ZXJuYWwgZnVu Y3Rpb24gc28gd2UgY2FuIGNob29zZSB0aGUgY29sb3VyIGF0IGV4cGFuZAor CSB0aW1lLiAgV2Ugd2FudCB0aGlzIHNvIHRoZSBkZWNpc2lvbiBpcyBtYWRl IGFmdGVyIHN0YWNrIHZhcmlhYmxlcyBoYXZlCisJIGJlZW4gYXNzaWduZWQg dGhlaXIgY29sb3VyIChpLmUuIG9uY2UgdGhlIHRhZ19vZmZzZXQgdmFyaWFi bGUgaGFzIGJlZW4KKwkgc2V0IHRvIG9uZSBhZnRlciB0aGUgbGFzdCBzdGFj ayB2YXJpYWJsZXMgdGFnKS4gICovCisKKyAgICAgIGdnID0gZ2ltcGxlX2J1 aWxkX2NhbGxfaW50ZXJuYWwgKElGTl9IV0FTQU5fQ0hPT1NFX0NPTE9VUiwg MCk7CisgICAgICB0cmVlIGNvbG91ciA9IG1ha2Vfc3NhX25hbWUgKHVuc2ln bmVkX2NoYXJfdHlwZV9ub2RlLCBnZyk7CisgICAgICBnaW1wbGVfY2FsbF9z ZXRfbGhzIChnZywgY29sb3VyKTsKKyAgICAgIGdzaV9pbnNlcnRfYmVmb3Jl IChpdGVyLCBnZywgR1NJX1NBTUVfU1RNVCk7CisKKyAgICAgIC8qIEluc2Vy dCBjb2RlIGFkZGluZyB0YWcgdG8gcG9pbnRlci4gICovCisgICAgICBmbiA9 IGJ1aWx0aW5fZGVjbF9pbXBsaWNpdCAoQlVJTFRfSU5fSFdBU0FOX1RBR19Q VFIpOworICAgICAgZ2cgPSBnaW1wbGVfYnVpbGRfY2FsbCAoZm4sIDIsIHVu dGFnZ2VkX2FkZHIsIGNvbG91cik7CisgICAgICB0cmVlIGFkZHIgPSBtYWtl X3NzYV9uYW1lIChwdHJfdHlwZSwgZ2cpOworICAgICAgZ2ltcGxlX2NhbGxf c2V0X2xocyAoZ2csIGFkZHIpOworICAgICAgZ3NpX2luc2VydF9iZWZvcmUg KGl0ZXIsIGdnLCBHU0lfU0FNRV9TVE1UKTsKKworICAgICAgLyogSW5zZXJ0 IGNvZGUgY29sb3VyaW5nIHNoYWRvdyBtZW1vcnkuCisJIE5PVEU6IHJlcXVp cmUgdXNpbmcgYHVudGFnZ2VkX2FkZHJgIGhlcmUuICAqLworICAgICAgZm4g PSBidWlsdGluX2RlY2xfaW1wbGljaXQgKEJVSUxUX0lOX0hXQVNBTl9UQUdf TUVNKTsKKyAgICAgIGdnID0gZ2ltcGxlX2J1aWxkX2NhbGwgKGZuLCAzLCB1 bnRhZ2dlZF9hZGRyLCBjb2xvdXIsIG5ld19zaXplKTsKKyAgICAgIGdzaV9p bnNlcnRfYmVmb3JlIChpdGVyLCBnZywgR1NJX1NBTUVfU1RNVCk7CisKKyAg ICAgIC8qIEZpbmFsbHksIHJlcGxhY2Ugb2xkIGFsbG9jYSBwdHIgd2l0aCBO RVdfQUxMT0NBLiAgKi8KKyAgICAgIHJlcGxhY2VfY2FsbF93aXRoX3ZhbHVl IChpdGVyLCBhZGRyKTsKKyAgICAgIHJldHVybjsKKyAgICB9CisKKyAgdHJl ZSBsYXN0X2FsbG9jYSA9IGdldF9sYXN0X2FsbG9jYV9hZGRyICgpOworICBj b25zdCBIT1NUX1dJREVfSU5UIHJlZHpvbmVfbWFzayA9IEFTQU5fUkVEX1pP TkVfU0laRSAtIDE7CisKKwogICAvKiBJZiBBTElHTiA+IEFTQU5fUkVEX1pP TkVfU0laRSwgd2UgZW1iZWQgbGVmdCByZWR6b25lIGludG8gZmlyc3QgQUxJ R04KICAgICAgYnl0ZXMgb2YgYWxsb2NhdGVkIHNwYWNlLiAgT3RoZXJ3aXNl LCBhbGlnbiBhbGxvY2EgdG8gQVNBTl9SRURfWk9ORV9TSVpFCiAgICAgIG1h bnVhbGx5LiAgKi8KQEAgLTc4Niw2ICs4NzcsMzMgQEAgZ2V0X21lbV9yZWZz X29mX2J1aWx0aW5fY2FsbCAoZ2NhbGwgKmNhbGwsCiAgICAgICBicmVhazsK IAogICAgIGNhc2UgQlVJTFRfSU5fU1RSTEVOOgorICAgICAgLyoKKwkgU3Bl Y2lhbCBjYXNlIHN0cmxlbiBoZXJlIGJlY2F1c2UgaXRzIGxlbmd0aCBpcyB0 YWtlbiBmcm9tIGl0cyByZXR1cm4KKwkgdmFsdWUuCisKKwkgVGhlIGFwcHJv YWNoIHRha2VuIGJ5IHRoZSBzYW5pdGl6ZXJzIGlzIHRvIGNoZWNrIGEgbWVt b3J5IGFjY2VzcworCSBiZWZvcmUgaXQncyB0YWtlbi4gIEZvciBBU0FOIHN0 cmxlbiBpcyBpbnRlcmNlcHRlZCBieSBsaWJhc2FuLCBzbyBubworCSBjaGVj ayBpcyBpbnNlcnRlZCBieSB0aGUgY29tcGlsZXIuCisKKwkgVGhpcyBmdW5j dGlvbiBzdGlsbCByZXR1cm5zIGB0cnVlYCBhbmQgcHJvdmlkZXMgYSBsZW5n dGggdG8gdGhlIHJlc3QKKwkgb2YgdGhlIEFTQU4gcGFzcyBpbiBvcmRlciB0 byByZWNvcmQgd2hhdCBhcmVhcyBoYXZlIGJlZW4gY2hlY2tlZCwKKwkgYXZv aWRpbmcgc3VwZXJmbHVvdXMgY2hlY2tzIGxhdGVyIG9uLgorCisJIEhXQVNB TiBkb2VzIG5vdCBpbnRlcmNlcHQgYW55IG9mIHRoZXNlIGludGVybmFsIGZ1 bmN0aW9ucy4KKwkgVGhpcyBtZWFucyB0aGF0IGNoZWNrcyBmb3IgbWVtb3J5 IGFjY2Vzc2VzIG11c3QgYmUgaW5zZXJ0ZWQgYnkgdGhlCisJIGNvbXBpbGVy LgorCSBzdHJsZW4gaXMgYSBzcGVjaWFsIGNhc2UsIGJlY2F1c2Ugd2UgY2Fu IHRlbGwgdGhlIGxlbmd0aCBmcm9tIHRoZQorCSByZXR1cm4gb2YgdGhlIGZ1 bmN0aW9uLCBidXQgdGhhdCBpcyBub3Qga25vd24gdW50aWwgYWZ0ZXIgdGhl IGZ1bmN0aW9uCisJIGhhcyByZXR1cm5lZC4KKworCSBIZW5jZSB3ZSBjYW4n dCBjaGVjayB0aGUgbWVtb3J5IGFjY2VzcyBiZWZvcmUgaXQgaGFwcGVucy4K KwkgV2UgY291bGQgY2hlY2sgdGhlIG1lbW9yeSBhY2Nlc3MgYWZ0ZXIgaXQg aGFzIGFscmVhZHkgaGFwcGVuZWQsIGJ1dAorCSBmb3Igbm93IEknbSBjaG9v c2luZyB0byBqdXN0IGlnbm9yZSBgc3RybGVuYCBjYWxscy4KKwkgVGhpcyBk ZWNpc2lvbiB3YXMgc2ltcGx5IG1hZGUgYmVjYXVzZSB0aGF0IG1lYW5zIHRo ZSBzcGVjaWFsIGNhc2UgaXMKKwkgbGltaXRlZCB0byB0aGlzIG9uZSBjYXNl IG9mIHRoaXMgb25lIGZ1bmN0aW9uLgorCSovCisgICAgICBpZiAobWVtb3J5 X3RhZ2dpbmdfcCAoKSkKKwlyZXR1cm4gZmFsc2U7CiAgICAgICBzb3VyY2Uw ID0gZ2ltcGxlX2NhbGxfYXJnIChjYWxsLCAwKTsKICAgICAgIGxlbiA9IGdp bXBsZV9jYWxsX2xocyAoY2FsbCk7CiAgICAgICBicmVhazsKQEAgLTI0OTMs OCArMjYxMSw2IEBAIG1heWJlX2luc3RydW1lbnRfYXNzaWdubWVudCAoZ2lt cGxlX3N0bXRfaXRlcmF0b3IgKml0ZXIpCiBzdGF0aWMgYm9vbAogbWF5YmVf aW5zdHJ1bWVudF9jYWxsIChnaW1wbGVfc3RtdF9pdGVyYXRvciAqaXRlcikK IHsKLSAgaWYgKG1lbW9yeV90YWdnaW5nX3AgKCkpCi0gICAgcmV0dXJuIGZh bHNlOwogICBnaW1wbGUgKnN0bXQgPSBnc2lfc3RtdCAoKml0ZXIpOwogICBi b29sIGlzX2J1aWx0aW4gPSBnaW1wbGVfY2FsbF9idWlsdGluX3AgKHN0bXQs IEJVSUxUX0lOX05PUk1BTCk7CiAKQEAgLTI1MTYsMTAgKzI2MzIsMTMgQEAg bWF5YmVfaW5zdHJ1bWVudF9jYWxsIChnaW1wbGVfc3RtdF9pdGVyYXRvciAq aXRlcikKIAkgICAgICBicmVhazsKIAkgICAgfQogCX0KLSAgICAgIHRyZWUg ZGVjbCA9IGJ1aWx0aW5fZGVjbF9pbXBsaWNpdCAoQlVJTFRfSU5fQVNBTl9I QU5ETEVfTk9fUkVUVVJOKTsKLSAgICAgIGdpbXBsZSAqZyA9IGdpbXBsZV9i dWlsZF9jYWxsIChkZWNsLCAwKTsKLSAgICAgIGdpbXBsZV9zZXRfbG9jYXRp b24gKGcsIGdpbXBsZV9sb2NhdGlvbiAoc3RtdCkpOwotICAgICAgZ3NpX2lu c2VydF9iZWZvcmUgKGl0ZXIsIGcsIEdTSV9TQU1FX1NUTVQpOworICAgICAg aWYgKCEgbWVtb3J5X3RhZ2dpbmdfcCAoKSkKKwl7CisJICB0cmVlIGRlY2wg PSBidWlsdGluX2RlY2xfaW1wbGljaXQgKEJVSUxUX0lOX0FTQU5fSEFORExF X05PX1JFVFVSTik7CisJICBnaW1wbGUgKmcgPSBnaW1wbGVfYnVpbGRfY2Fs bCAoZGVjbCwgMCk7CisJICBnaW1wbGVfc2V0X2xvY2F0aW9uIChnLCBnaW1w bGVfbG9jYXRpb24gKHN0bXQpKTsKKwkgIGdzaV9pbnNlcnRfYmVmb3JlIChp dGVyLCBnLCBHU0lfU0FNRV9TVE1UKTsKKwl9CiAgICAgfQogCiAgIGJvb2wg aW5zdHJ1bWVudGVkID0gZmFsc2U7CkBAIC0yOTE4LDYgKzMwMzcsOSBAQCBp bml0aWFsaXplX3Nhbml0aXplcl9idWlsdGlucyAodm9pZCkKICAgICA9IGJ1 aWxkX2Z1bmN0aW9uX3R5cGVfbGlzdCAodm9pZF90eXBlX25vZGUsIHVpbnQ2 NF90eXBlX25vZGUsCiAJCQkJcHRyX3R5cGVfbm9kZSwgTlVMTF9UUkVFKTsK IAorICB0cmVlIEJUX0ZOX1BUUl9DT05TVF9QVFJfVUlOVDgKKyAgICA9IGJ1 aWxkX2Z1bmN0aW9uX3R5cGVfbGlzdCAocHRyX3R5cGVfbm9kZSwgY29uc3Rf cHRyX3R5cGVfbm9kZSwKKwkJCQl1bnNpZ25lZF9jaGFyX3R5cGVfbm9kZSwg TlVMTF9UUkVFKTsKICAgdHJlZSBCVF9GTl9WT0lEX1BUUl9VSU5UOF9TSVpF CiAgICAgPSBidWlsZF9mdW5jdGlvbl90eXBlX2xpc3QgKHZvaWRfdHlwZV9u b2RlLCBwdHJfdHlwZV9ub2RlLAogCQkJCXVuc2lnbmVkX2NoYXJfdHlwZV9u b2RlLCBzaXplX3R5cGVfbm9kZSwKQEAgLTM3NDksNiArMzg3MSwxNCBAQCBo d2FzYW5fcmVjb3JkX2Jhc2UgKHJ0eCBiYXNlKQogfQogCiB1aW50OF90IGh3 YXNhbl9jdXJyZW50X3RhZyAoKSB7IHJldHVybiB0YWdfb2Zmc2V0OyB9City dHgKK2h3YXNhbl9iYXNlICgpCit7CisgIGlmICghIGh3YXNhbl9iYXNlX3B0 cikKKyAgICBod2FzYW5fcmVjb3JkX2Jhc2UgKGdlbl9yZWdfcnR4IChQbW9k ZSkpOworCisgIHJldHVybiBod2FzYW5fYmFzZV9wdHI7Cit9CiAKIHZvaWQK IGh3YXNhbl9pbmNyZW1lbnRfdGFnICgpCmRpZmYgLS1naXQgYS9nY2MvYnVp bHRpbi10eXBlcy5kZWYgYi9nY2MvYnVpbHRpbi10eXBlcy5kZWYKaW5kZXgg ZDA1ZjU5N2I2NDM0ZjM5ZmU5NWQ0ZjI4ZGQyZWYzZWQ0NjNkZDkyNS4uMDA1 OTJiMWVlYTc2MTY0NDcxZTI4MWM4OTIyODkzOTM3Y2Y5YmIyZSAxMDA2NDQK LS0tIGEvZ2NjL2J1aWx0aW4tdHlwZXMuZGVmCisrKyBiL2djYy9idWlsdGlu LXR5cGVzLmRlZgpAQCAtNDkzLDYgKzQ5Myw3IEBAIERFRl9GVU5DVElPTl9U WVBFXzIgKEJUX0ZOX0lOVF9GRVhDRVBUX1RfUFRSX0lOVCwgQlRfSU5ULCBC VF9GRVhDRVBUX1RfUFRSLAogCQkgICAgIEJUX0lOVCkKIERFRl9GVU5DVElP Tl9UWVBFXzIgKEJUX0ZOX0lOVF9DT05TVF9GRVhDRVBUX1RfUFRSX0lOVCwg QlRfSU5ULAogCQkgICAgIEJUX0NPTlNUX0ZFWENFUFRfVF9QVFIsIEJUX0lO VCkKK0RFRl9GVU5DVElPTl9UWVBFXzIgKEJUX0ZOX1BUUl9DT05TVF9QVFJf VUlOVDgsIEJUX1BUUiwgQlRfQ09OU1RfUFRSLCBCVF9VSU5UOCkKIAogREVG X1BPSU5URVJfVFlQRSAoQlRfUFRSX0ZOX1ZPSURfUFRSX1BUUiwgQlRfRk5f Vk9JRF9QVFJfUFRSKQogCmRpZmYgLS1naXQgYS9nY2MvaW50ZXJuYWwtZm4u YyBiL2djYy9pbnRlcm5hbC1mbi5jCmluZGV4IDgwZjk0ZjE0MWJmZDkyZTlm NmFmMTNhNmRmNzZmMGM5YWMwNTNmZGMuLjRlZWM5OTE5YjUyMDY5MWFiM2U3 M2EyOTIwZWY4YjU0NGNmNTVkZmUgMTAwNjQ0Ci0tLSBhL2djYy9pbnRlcm5h bC1mbi5jCisrKyBiL2djYy9pbnRlcm5hbC1mbi5jCkBAIC00NjIsNiArNDYy LDQyIEBAIGV4cGFuZF9IV0FTQU5fQ0hFQ0sgKGludGVybmFsX2ZuLCBnY2Fs bCAqKQogfQogCiBzdGF0aWMgdm9pZAorZXhwYW5kX0hXQVNBTl9DSE9PU0Vf Q09MT1VSIChpbnRlcm5hbF9mbiwgZ2NhbGwgKmdjKQoreworICAvKiBUT0RP IFVzZSBzaGFyZWQgZnVuY3Rpb24gc29tZXdoZXJlIHNvIHRoYXQgTVRFIGNh biB1c2UgdGhlIHNhbWUgYmFzaWMKKyAgICAgZnVuY3Rpb25hbGl0eSB3aGVu IGl0IG5lZWRzIHRvIGdldCBhIHRhZyBmb3IgYWxsb2NhLiAgKi8KKyAgdHJl ZSBjb2xvdXIgPSBnaW1wbGVfY2FsbF9saHMgKGdjKTsKKyAgcnR4IHRhcmdl dCA9IGV4cGFuZF9leHByIChjb2xvdXIsIE5VTExfUlRYLCBWT0lEbW9kZSwg RVhQQU5EX05PUk1BTCk7CisgIG1hY2hpbmVfbW9kZSBtb2RlID0gR0VUX01P REUgKHRhcmdldCk7CisgIGdjY19hc3NlcnQgKG1vZGUgPT0gUUltb2RlKTsK KworICBydHggYmFzZV90YWcgPSBleHBhbmRfc2ltcGxlX2Jpbm9wIChQbW9k ZSwgTFNISUZUUlQsIGh3YXNhbl9iYXNlICgpLAorCQkJCSAgICAgIEhXQVNB Tl9TSElGVF9SVFgsCisJCQkJICAgICAgTlVMTF9SVFgsIC8qIHVuc2lnbmVk cCA9ICovMCwKKwkJCQkgICAgICBPUFRBQl9ESVJFQ1QpOworCisgIGdjY19h c3NlcnQgKGJhc2VfdGFnKTsKKyAgcnR4IHRhZ19vZmZzZXQgPSBjb25zdF9p bnRfcnR4W01BWF9TQVZFRF9DT05TVF9JTlQgKyBod2FzYW5fY3VycmVudF90 YWcgKCldOworICBydHggY2hvc2VuX3RhZyA9IGV4cGFuZF9zaW1wbGVfYmlu b3AgKFFJbW9kZSwgUExVUywgYmFzZV90YWcsIHRhZ19vZmZzZXQsCisJCQkJ CXRhcmdldCwgLyogdW5zaWduZWRwID0gKi8xLAorCQkJCQlPUFRBQl9XSURF Tik7CisKKyAgZ2NjX2Fzc2VydCAoY2hvc2VuX3RhZyk7CisgIC8qIFRPRE8g dHJ1bmNhdGUgdGFyZ2V0ICovCisgIGlmIChjaG9zZW5fdGFnICE9IHRhcmdl dCkKKyAgICB7CisgICAgICBydHggdGVtcCA9IGNob3Nlbl90YWc7CisgICAg ICBtYWNoaW5lX21vZGUgcmV0X21vZGUgPSBHRVRfTU9ERSAoY2hvc2VuX3Rh Zyk7CisgICAgICBpZiAocmV0X21vZGUgIT0gbW9kZSkKKwl0ZW1wID0gc2lt cGxpZnlfZ2VuX3VuYXJ5IChUUlVOQ0FURSwgbW9kZSwgY2hvc2VuX3RhZywg cmV0X21vZGUpOworCisgICAgICBlbWl0X21vdmVfaW5zbiAodGFyZ2V0LCB0 ZW1wKTsKKyAgICB9CisKKyAgaHdhc2FuX2luY3JlbWVudF90YWcgKCk7Cit9 CisKK3N0YXRpYyB2b2lkCiBleHBhbmRfQVNBTl9DSEVDSyAoaW50ZXJuYWxf Zm4sIGdjYWxsICopCiB7CiAgIGdjY191bnJlYWNoYWJsZSAoKTsKZGlmZiAt LWdpdCBhL2djYy9pbnRlcm5hbC1mbi5kZWYgYi9nY2MvaW50ZXJuYWwtZm4u ZGVmCmluZGV4IGM2ODNlNWQ4ZTVjNjA3ZjE4OTA5YmRhNGQ5N2I1ODQyMWNi N2MyYTQuLmVkMGM1YmMxMTBmMTZiMmNkYmMxMzk0MDNkYmRiZDhlYmU3ZTI4 MjMgMTAwNjQ0Ci0tLSBhL2djYy9pbnRlcm5hbC1mbi5kZWYKKysrIGIvZ2Nj L2ludGVybmFsLWZuLmRlZgpAQCAtMjg4LDYgKzI4OCw3IEBAIERFRl9JTlRF Uk5BTF9GTiAoVUJTQU5fUFRSLCBFQ0ZfTEVBRiB8IEVDRl9OT1RIUk9XLCAi LlIuIikKIERFRl9JTlRFUk5BTF9GTiAoVUJTQU5fT0JKRUNUX1NJWkUsIEVD Rl9MRUFGIHwgRUNGX05PVEhST1csIE5VTEwpCiBERUZfSU5URVJOQUxfRk4g KEFCTk9STUFMX0RJU1BBVENIRVIsIEVDRl9OT1JFVFVSTiwgTlVMTCkKIERF Rl9JTlRFUk5BTF9GTiAoQlVJTFRJTl9FWFBFQ1QsIEVDRl9DT05TVCB8IEVD Rl9MRUFGIHwgRUNGX05PVEhST1csIE5VTEwpCitERUZfSU5URVJOQUxfRk4g KEhXQVNBTl9DSE9PU0VfQ09MT1VSLCBFQ0ZfTEVBRiB8IEVDRl9OT1RIUk9X LCAiLiIpCiBERUZfSU5URVJOQUxfRk4gKEhXQVNBTl9DSEVDSywgRUNGX1RN X1BVUkUgfCBFQ0ZfTEVBRiB8IEVDRl9OT1RIUk9XLCAiLi5SLi4iKQogREVG X0lOVEVSTkFMX0ZOIChBU0FOX0NIRUNLLCBFQ0ZfVE1fUFVSRSB8IEVDRl9M RUFGIHwgRUNGX05PVEhST1csICIuLlIuLiIpCiBERUZfSU5URVJOQUxfRk4g KEFTQU5fTUFSSywgRUNGX0xFQUYgfCBFQ0ZfTk9USFJPVywgTlVMTCkKZGlm ZiAtLWdpdCBhL2djYy9zYW5pdGl6ZXIuZGVmIGIvZ2NjL3Nhbml0aXplci5k ZWYKaW5kZXggMGVkZjM0OWNjMjNlODQ2NjA4Yjg5ZDU0YTEwMjRiOWQ5OWRl OWM0ZC4uYjY5NDRmM2UzNjViY2Q5ZWNkMzE5YmJmNjZiYWRhMzJmODdhZDI0 OSAxMDA2NDQKLS0tIGEvZ2NjL3Nhbml0aXplci5kZWYKKysrIGIvZ2NjL3Nh bml0aXplci5kZWYKQEAgLTE4Nyw2ICsxODcsMTAgQEAgREVGX1NBTklUSVpF Ul9CVUlMVElOKEJVSUxUX0lOX0hXQVNBTl9MT0FETiwgIl9faHdhc2FuX2xv YWROIiwKIAkJICAgICAgQlRfRk5fVk9JRF9QVFJfUFRSTU9ERSwgQVRUUl9U TVBVUkVfTk9USFJPV19MRUFGX0xJU1QpCiBERUZfU0FOSVRJWkVSX0JVSUxU SU4oQlVJTFRfSU5fSFdBU0FOX1NUT1JFTiwgIl9faHdhc2FuX3N0b3JlTiIs CiAJCSAgICAgIEJUX0ZOX1ZPSURfUFRSX1BUUk1PREUsIEFUVFJfVE1QVVJF X05PVEhST1dfTEVBRl9MSVNUKQorREVGX1NBTklUSVpFUl9CVUlMVElOKEJV SUxUX0lOX0hXQVNBTl9IQU5ETEVfTE9OR0pNUCwgIl9faHdhc2FuX2hhbmRs ZV9sb25nam1wIiwKKwkJICAgICAgQlRfRk5fVk9JRF9DT05TVF9QVFIsIEFU VFJfTk9USFJPV19MSVNUKQorREVGX1NBTklUSVpFUl9CVUlMVElOKEJVSUxU X0lOX0hXQVNBTl9UQUdfUFRSLCAiX19od2FzYW5fdGFnX3BvaW50ZXIiLAor CQkgICAgICBCVF9GTl9QVFJfQ09OU1RfUFRSX1VJTlQ4LCBBVFRSX1RNUFVS RV9OT1RIUk9XX0xFQUZfTElTVCkKIERFRl9TQU5JVElaRVJfQlVJTFRJTihC VUlMVF9JTl9IV0FTQU5fVEFHX01FTSwgIl9faHdhc2FuX3RhZ19tZW1vcnki LAogCQkgICAgICBCVF9GTl9WT0lEX1BUUl9VSU5UOF9TSVpFLCBBVFRSX05P VEhST1dfTElTVCkKIAoK --_002_VI1PR08MB5471F9AF60EF483B15A3D671E0BA0VI1PR08MB5471eurp_--