public inbox for libc-alpha@sourceware.org
 help / color / mirror / Atom feed
* [PATCH v6 00/20] Multiple rtld-audit fixes
@ 2021-11-15 18:37 Adhemerval Zanella
  2021-11-15 18:37 ` [PATCH v6 01/20] elf: Suppress audit calls when a (new) namespace is empty (BZ #28062) Adhemerval Zanella
                   ` (19 more replies)
  0 siblings, 20 replies; 89+ messages in thread
From: Adhemerval Zanella @ 2021-11-15 18:37 UTC (permalink / raw)
  To: libc-alpha, Florian Weimer; +Cc: John Mellor-Crummey, Ben Woodard

This patchset fixes most of the rtld-audit issues brought by John
Mellor-Crummey [1] while trying to use it along with the HPCToolkit.
This should cover all the issues listed as 'Tier 1' [2] (although the
aarch64 SVE is marked as RFC) and also most of the 'Tier2' issue
(BZ#28096 inclusive) which prevents the use of some glibc function
that uses TLS internally on the audit module.

On this set I also added a possible fix for the aarch64 SVE, although
there is some issues regarding STO_AARCH64_VARIANT_PCS.

I also pushed this patch on a personal branch [3].

There is also some point brough by John Melloc-Crummey documents that
I don't have a straighforward answer so I haven't added on this
patchset:

  1 la_activity(LA_ACT_ADD) is never called for auditor namespaces,
     even though la_objopen and la_activity(LA_ACT_CONSISTENT) are.

  There is no easy solution for this: we need at least to load the
  *first* auditor to actually issue the la_activity(LA_ACT_ADD).  It
  means that it would *only* work for subsequent audit modules, and
  adding this specific semantic is confusing and does not really
  improve things (it only helps when multiple audit modules are used).

  2. la_objopen is called for the main binary and for ld.so before the
     first la_activity(LA_ACT_ADD) call.  This contradicts the pattern
     found in a successful dlopen (where la_activity(LA_ACT_ADD)
     precedes la_objopen).

  The constrain here is we need to handle DT_AUDIT and DT_DEPAUDIT
  dynamic tags, which means we need to first load the executable in
  memory to parse the required audit modules.  So we need to first parse
  the dynamic audit tags, load the audit modules, and then load the
  object itself.

  3. For non-PIE executables the base address listed in link_map->l_addr
     for the main application binary is 0, even though dladdr is able to
     recover the correct offset. La_objopen is affected by this.

  This would require to change an internal semantic for link_map->l_addr.
  This is not straighfoward and I am not sure about the direct gains.

I have checked the patches on x86_64, i686, aarch64, armv7, powerpc64,
powerpc64le, and powerpc.

[1] https://sourceware.org/pipermail/libc-alpha/2021-June/127636.html
[2] https://docs.google.com/document/d/1dVaDBdzySecxQqD6hLLzDrEF18M1UtjDna9gL5BWWI0/edit#
[3] https://sourceware.org/git/?p=glibc.git;a=shortlog;h=refs/heads/azanella/ld-audit-fixes

Changes from v5:
  - Fixed build with --enable-profiling=yes.
  - Moved la_activity (LA_ACT_ADD) *after* _dl_add_to_namespace_list()
    for BZ#28062 fix.
  - Fixed powerpc64 ELFv1 OPD toc setup for bind-now.
  - Fixed testsuite issues for ia64.
  - Removed LA_SYMB_BINDNOW now that LA_SYMB_NOPLTENTER and
    LA_SYMB_NOPLTEXIT is passed for bind-now.

Changes from v4:
  - Added a fix for constructors if executable has a soname of a
    dependency
  - Rebased against master.

Changes from v3
  - Added a aarch64 SVE RFC patch.
  - Fixed an issue with bind-now fix on powerpc64 ELFv1.
  - Rebased against master.

Changes from v2
  - Refactored rtld-audit code to move common come to dl-audit.c.
  - Issue audit la_objopen() for vDSO.
  - Isseu la_activity during application exit.
  - Issue la_symbind() for bind-now (BZ #23734).
  - Fix runtime linker auditing on aarch64 (BZ #26643)

Changes from v1
  - Fixed -fstack-protector-all tst-auditmod17.
  - Simplify the _dl_call_libc_early_init call the 'Fix audit
    regression' patch.
  - Remove symbind check fr BZ#15333.
  - Added the BZ#28096 fix.

Adhemerval Zanella (19):
  elf: Suppress audit calls when a (new) namespace is empty (BZ #28062)
  elf: Add _dl_audit_objopen
  elf: Add _dl_audit_activity_map and _dl_audit_activity_nsid
  elf: Add _dl_audit_objsearch
  elf: Add _dl_audit_objclose
  elf: Add _dl_audit_symbind_alt and _dl_audit_symbind
  elf: Add _dl_audit_preinit
  elf: Add _dl_audit_pltenter
  elf: Add _dl_audit_pltexit
  elf: Avoid unnecessary slowdown from profiling with audit (BZ#15533)
  elf: Add audit tests for modules with TLSDESC
  elf: Do not fail for failed dlmopen on audit modules (BZ #28061)
  elf: Fix initial-exec TLS access on audit modules (BZ #28096)
  elf: Issue audit la_objopen() for vDSO
  elf: Run constructors if executable has a soname of a dependency
  elf: Add main application on main_map l_name
  elf: Add la_activity during application exit
  elf: Issue la_symbind() for bind-now (BZ #23734)
  elf: Add SVE support for aarch64 rtld-audit

Ben Woodard (1):
  elf: Fix runtime linker auditing on aarch64 (BZ #26643)

 NEWS                                      |   4 +
 csu/libc-start.c                          |  23 +-
 dlfcn/Makefile                            |   4 +-
 dlfcn/tst-dladdr-self.c                   |  55 +++
 elf/Makefile                              | 148 +++++++-
 elf/Versions                              |   1 +
 elf/dl-addr.c                             |   5 -
 elf/dl-audit.c                            | 394 ++++++++++++++++++++++
 elf/dl-close.c                            |  74 +---
 elf/dl-dst.h                              |   2 +-
 elf/dl-fini.c                             |  25 +-
 elf/dl-init.c                             |   3 +-
 elf/dl-load.c                             | 141 ++------
 elf/dl-misc.c                             |   1 +
 elf/dl-object.c                           |  20 +-
 elf/dl-open.c                             |  22 +-
 elf/dl-reloc.c                            |  28 +-
 elf/dl-runtime.c                          | 245 ++------------
 elf/dl-sym-post.h                         |  47 +--
 elf/dl-tls.c                              |  16 +-
 elf/do-rel.h                              |  71 +++-
 elf/dso-sort-tests-1.def                  |   5 +-
 elf/dynamic-link.h                        |  26 +-
 elf/rtld.c                                |  81 +----
 elf/setup-vdso.h                          |   2 +-
 elf/tst-audit-tlsdesc-audit.c             |  25 ++
 elf/tst-audit-tlsdesc-dlopen.c            |  67 ++++
 elf/tst-audit-tlsdesc.c                   |  60 ++++
 elf/tst-audit18.c                         | 129 +++++++
 elf/tst-audit18mod.c                      |  23 ++
 elf/tst-audit19a.c                        |  39 +++
 elf/tst-audit19b.c                        |  94 ++++++
 elf/tst-audit19bmod.c                     |  23 ++
 elf/tst-audit20.c                         |  25 ++
 elf/tst-audit21.c                         |  42 +++
 elf/tst-audit22.c                         | 128 +++++++
 elf/tst-audit23.c                         | 173 ++++++++++
 elf/tst-audit23mod.c                      |  23 ++
 elf/tst-audit24a.c                        |  36 ++
 elf/tst-audit24amod1.c                    |  31 ++
 elf/tst-audit24amod2.c                    |  25 ++
 elf/tst-audit24b.c                        |  37 ++
 elf/tst-audit24bmod1.c                    |  31 ++
 elf/tst-audit24bmod2.c                    |  23 ++
 elf/tst-audit24c.c                        |   2 +
 elf/tst-audit24d.c                        |  36 ++
 elf/tst-audit24dmod1.c                    |  33 ++
 elf/tst-audit24dmod2.c                    |  28 ++
 elf/tst-audit24dmod3.c                    |  31 ++
 elf/tst-audit24dmod4.c                    |  25 ++
 elf/tst-audit25a.c                        | 127 +++++++
 elf/tst-audit25b.c                        | 128 +++++++
 elf/tst-audit25mod1.c                     |  30 ++
 elf/tst-audit25mod2.c                     |  30 ++
 elf/tst-audit25mod3.c                     |  22 ++
 elf/tst-audit25mod4.c                     |  22 ++
 elf/tst-auditmod-tlsdesc1.c               |  41 +++
 elf/tst-auditmod-tlsdesc2.c               |  33 ++
 elf/tst-auditmod18.c                      |  73 ++++
 elf/tst-auditmod19a.c                     |  23 ++
 elf/tst-auditmod19b.c                     |  46 +++
 elf/tst-auditmod20.c                      |  57 ++++
 elf/tst-auditmod21a.c                     |  80 +++++
 elf/tst-auditmod21b.c                     |  22 ++
 elf/tst-auditmod22.c                      |  59 ++++
 elf/tst-auditmod23.c                      |  68 ++++
 elf/tst-auditmod24.h                      |  29 ++
 elf/tst-auditmod24a.c                     | 113 +++++++
 elf/tst-auditmod24b.c                     | 103 ++++++
 elf/tst-auditmod24c.c                     |   3 +
 elf/tst-auditmod24d.c                     | 119 +++++++
 elf/tst-auditmod25.c                      |  78 +++++
 gmon/gmon.c                               |  10 +-
 include/dlfcn.h                           |   1 +
 include/link.h                            |   4 +
 sysdeps/aarch64/Makefile                  |  32 ++
 sysdeps/aarch64/bits/link.h               |  28 +-
 sysdeps/aarch64/bits/link_lavcurrent.h    |  25 ++
 sysdeps/aarch64/dl-link.sym               |   7 +-
 sysdeps/aarch64/dl-machine.h              |  14 +-
 sysdeps/aarch64/dl-trampoline.S           | 394 ++++++++++++++++++++--
 sysdeps/aarch64/tst-audit26.c             |  37 ++
 sysdeps/aarch64/tst-audit26mod.c          |  33 ++
 sysdeps/aarch64/tst-audit26mod.h          |  50 +++
 sysdeps/aarch64/tst-audit27.c             |  64 ++++
 sysdeps/aarch64/tst-audit27mod.c          |  95 ++++++
 sysdeps/aarch64/tst-audit27mod.h          |  67 ++++
 sysdeps/aarch64/tst-audit28.c             |  44 +++
 sysdeps/aarch64/tst-audit28mod.c          |  48 +++
 sysdeps/aarch64/tst-audit28mod.h          |  74 ++++
 sysdeps/aarch64/tst-auditmod26.c          |  98 ++++++
 sysdeps/aarch64/tst-auditmod27.c          | 252 ++++++++++++++
 sysdeps/aarch64/tst-auditmod28.c          | 193 +++++++++++
 sysdeps/alpha/dl-machine.h                |   2 +-
 sysdeps/alpha/dl-trampoline.S             |   8 +-
 sysdeps/arc/dl-machine.h                  |   2 +-
 sysdeps/arm/dl-machine.h                  |   2 +-
 sysdeps/arm/dl-trampoline.S               |   2 +-
 sysdeps/csky/dl-machine.h                 |   2 +-
 sysdeps/generic/dl-fixup-attribute.h      |  24 ++
 sysdeps/generic/dl-lookupcfg.h            |   3 +
 sysdeps/generic/ldsodefs.h                |  30 ++
 sysdeps/hppa/dl-lookupcfg.h               |   3 +
 sysdeps/hppa/dl-machine.h                 |   2 +-
 sysdeps/hppa/dl-runtime.c                 |   2 +-
 sysdeps/hppa/dl-trampoline.S              |   6 +-
 sysdeps/i386/dl-fixup-attribute.h         |  30 ++
 sysdeps/i386/dl-machine.h                 |  25 +-
 sysdeps/i386/dl-trampoline.S              |   2 +-
 sysdeps/ia64/dl-lookupcfg.h               |   3 +
 sysdeps/ia64/dl-machine.h                 |   2 +-
 sysdeps/ia64/dl-trampoline.S              |  16 +-
 sysdeps/m68k/dl-machine.h                 |   2 +-
 sysdeps/m68k/dl-trampoline.S              |   2 +-
 sysdeps/microblaze/dl-machine.h           |   2 +-
 sysdeps/mips/dl-machine.h                 |   2 +-
 sysdeps/nios2/dl-machine.h                |   2 +-
 sysdeps/powerpc/dl-lookupcfg.h            |  39 +++
 sysdeps/powerpc/powerpc32/dl-machine.h    |   2 +-
 sysdeps/powerpc/powerpc64/dl-machine.h    |   2 +-
 sysdeps/powerpc/powerpc64/dl-trampoline.S |   4 +-
 sysdeps/riscv/dl-machine.h                |   2 +-
 sysdeps/s390/s390-32/dl-machine.h         |   2 +-
 sysdeps/s390/s390-32/dl-trampoline.h      |   4 +-
 sysdeps/s390/s390-64/dl-machine.h         |   2 +-
 sysdeps/s390/s390-64/dl-trampoline.h      |   2 +-
 sysdeps/sh/dl-machine.h                   |   2 +-
 sysdeps/sh/dl-trampoline.S                |   4 +-
 sysdeps/sparc/sparc32/dl-machine.h        |   2 +-
 sysdeps/sparc/sparc32/dl-trampoline.S     |   2 +-
 sysdeps/sparc/sparc64/dl-machine.h        |   2 +-
 sysdeps/sparc/sparc64/dl-trampoline.S     |   2 +-
 sysdeps/x86_64/dl-machine.h               |   2 +-
 sysdeps/x86_64/dl-runtime.h               |   2 +-
 sysdeps/x86_64/dl-trampoline.h            |   6 +-
 135 files changed, 5033 insertions(+), 734 deletions(-)
 create mode 100644 dlfcn/tst-dladdr-self.c
 create mode 100644 elf/dl-audit.c
 create mode 100644 elf/tst-audit-tlsdesc-audit.c
 create mode 100644 elf/tst-audit-tlsdesc-dlopen.c
 create mode 100644 elf/tst-audit-tlsdesc.c
 create mode 100644 elf/tst-audit18.c
 create mode 100644 elf/tst-audit18mod.c
 create mode 100644 elf/tst-audit19a.c
 create mode 100644 elf/tst-audit19b.c
 create mode 100644 elf/tst-audit19bmod.c
 create mode 100644 elf/tst-audit20.c
 create mode 100644 elf/tst-audit21.c
 create mode 100644 elf/tst-audit22.c
 create mode 100644 elf/tst-audit23.c
 create mode 100644 elf/tst-audit23mod.c
 create mode 100644 elf/tst-audit24a.c
 create mode 100644 elf/tst-audit24amod1.c
 create mode 100644 elf/tst-audit24amod2.c
 create mode 100644 elf/tst-audit24b.c
 create mode 100644 elf/tst-audit24bmod1.c
 create mode 100644 elf/tst-audit24bmod2.c
 create mode 100644 elf/tst-audit24c.c
 create mode 100644 elf/tst-audit24d.c
 create mode 100644 elf/tst-audit24dmod1.c
 create mode 100644 elf/tst-audit24dmod2.c
 create mode 100644 elf/tst-audit24dmod3.c
 create mode 100644 elf/tst-audit24dmod4.c
 create mode 100644 elf/tst-audit25a.c
 create mode 100644 elf/tst-audit25b.c
 create mode 100644 elf/tst-audit25mod1.c
 create mode 100644 elf/tst-audit25mod2.c
 create mode 100644 elf/tst-audit25mod3.c
 create mode 100644 elf/tst-audit25mod4.c
 create mode 100644 elf/tst-auditmod-tlsdesc1.c
 create mode 100644 elf/tst-auditmod-tlsdesc2.c
 create mode 100644 elf/tst-auditmod18.c
 create mode 100644 elf/tst-auditmod19a.c
 create mode 100644 elf/tst-auditmod19b.c
 create mode 100644 elf/tst-auditmod20.c
 create mode 100644 elf/tst-auditmod21a.c
 create mode 100644 elf/tst-auditmod21b.c
 create mode 100644 elf/tst-auditmod22.c
 create mode 100644 elf/tst-auditmod23.c
 create mode 100644 elf/tst-auditmod24.h
 create mode 100644 elf/tst-auditmod24a.c
 create mode 100644 elf/tst-auditmod24b.c
 create mode 100644 elf/tst-auditmod24c.c
 create mode 100644 elf/tst-auditmod24d.c
 create mode 100644 elf/tst-auditmod25.c
 create mode 100644 sysdeps/aarch64/bits/link_lavcurrent.h
 create mode 100644 sysdeps/aarch64/tst-audit26.c
 create mode 100644 sysdeps/aarch64/tst-audit26mod.c
 create mode 100644 sysdeps/aarch64/tst-audit26mod.h
 create mode 100644 sysdeps/aarch64/tst-audit27.c
 create mode 100644 sysdeps/aarch64/tst-audit27mod.c
 create mode 100644 sysdeps/aarch64/tst-audit27mod.h
 create mode 100644 sysdeps/aarch64/tst-audit28.c
 create mode 100644 sysdeps/aarch64/tst-audit28mod.c
 create mode 100644 sysdeps/aarch64/tst-audit28mod.h
 create mode 100644 sysdeps/aarch64/tst-auditmod26.c
 create mode 100644 sysdeps/aarch64/tst-auditmod27.c
 create mode 100644 sysdeps/aarch64/tst-auditmod28.c
 create mode 100644 sysdeps/generic/dl-fixup-attribute.h
 create mode 100644 sysdeps/i386/dl-fixup-attribute.h
 create mode 100644 sysdeps/powerpc/dl-lookupcfg.h

-- 
2.32.0


^ permalink raw reply	[flat|nested] 89+ messages in thread

end of thread, other threads:[~2021-12-21 18:20 UTC | newest]

Thread overview: 89+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-11-15 18:37 [PATCH v6 00/20] Multiple rtld-audit fixes Adhemerval Zanella
2021-11-15 18:37 ` [PATCH v6 01/20] elf: Suppress audit calls when a (new) namespace is empty (BZ #28062) Adhemerval Zanella
2021-11-15 19:01   ` Florian Weimer
2021-11-16 13:14     ` Adhemerval Zanella
2021-11-16 13:15       ` Florian Weimer
2021-11-16 13:45       ` Andreas Schwab
2021-11-16 13:48         ` Florian Weimer
2021-11-16 14:16           ` Andreas Schwab
2021-11-18 19:58             ` Adhemerval Zanella
2021-11-15 18:37 ` [PATCH v6 02/20] elf: Add _dl_audit_objopen Adhemerval Zanella
2021-12-10 12:40   ` Florian Weimer
2021-12-10 12:48     ` Florian Weimer
2021-12-10 13:45       ` Adhemerval Zanella
2021-12-10 14:11         ` Adhemerval Zanella
2021-12-10 14:15           ` Florian Weimer
2021-12-10 14:41             ` Adhemerval Zanella
2021-11-15 18:37 ` [PATCH v6 03/20] elf: Add _dl_audit_activity_map and _dl_audit_activity_nsid Adhemerval Zanella
2021-12-10 13:54   ` Florian Weimer
2021-12-10 14:58     ` Adhemerval Zanella
2021-11-15 18:37 ` [PATCH v6 04/20] elf: Add _dl_audit_objsearch Adhemerval Zanella
2021-12-17 12:21   ` Florian Weimer
2021-12-17 16:09     ` Adhemerval Zanella
2021-12-17 16:12       ` Florian Weimer
2021-12-17 16:33         ` Adhemerval Zanella
2021-11-15 18:37 ` [PATCH v6 05/20] elf: Add _dl_audit_objclose Adhemerval Zanella
2021-12-17 16:29   ` Florian Weimer
2021-12-17 16:39     ` Adhemerval Zanella
2021-11-15 18:37 ` [PATCH v6 06/20] elf: Add _dl_audit_symbind_alt and _dl_audit_symbind Adhemerval Zanella
2021-12-17 16:50   ` Florian Weimer
2021-12-17 18:46     ` Adhemerval Zanella
2021-11-15 18:37 ` [PATCH v6 07/20] elf: Add _dl_audit_preinit Adhemerval Zanella
2021-12-17 17:13   ` Florian Weimer
2021-12-17 18:54     ` Adhemerval Zanella
2021-11-15 18:37 ` [PATCH v6 08/20] elf: Add _dl_audit_pltenter Adhemerval Zanella
2021-12-17 17:21   ` Florian Weimer
2021-11-15 18:37 ` [PATCH v6 09/20] elf: Add _dl_audit_pltexit Adhemerval Zanella
2021-12-17 17:43   ` Florian Weimer
2021-12-17 19:02     ` Adhemerval Zanella
2021-11-15 18:37 ` [PATCH v6 10/20] elf: Avoid unnecessary slowdown from profiling with audit (BZ#15533) Adhemerval Zanella
2021-12-18 18:45   ` Florian Weimer
2021-12-20 12:10     ` Adhemerval Zanella
2021-11-15 18:37 ` [PATCH v6 11/20] elf: Add audit tests for modules with TLSDESC Adhemerval Zanella
2021-12-18 18:53   ` Florian Weimer
2021-12-20 12:23     ` Adhemerval Zanella
2021-11-15 18:37 ` [PATCH v6 12/20] elf: Do not fail for failed dlmopen on audit modules (BZ #28061) Adhemerval Zanella
2021-12-18 18:59   ` Florian Weimer
2021-12-20 12:24     ` Adhemerval Zanella
2021-11-15 18:37 ` [PATCH v6 13/20] elf: Fix initial-exec TLS access on audit modules (BZ #28096) Adhemerval Zanella
2021-12-18 18:01   ` Florian Weimer
2021-12-20 13:25     ` Adhemerval Zanella
2021-11-15 18:37 ` [PATCH v6 14/20] elf: Issue audit la_objopen() for vDSO Adhemerval Zanella
2021-12-18 20:00   ` Florian Weimer
2021-12-20 12:50     ` Adhemerval Zanella
2021-12-20 13:18       ` Florian Weimer
2021-11-15 18:37 ` [PATCH v6 15/20] elf: Run constructors if executable has a soname of a dependency Adhemerval Zanella
2021-12-18 20:08   ` Florian Weimer
2021-12-20 16:49     ` Adhemerval Zanella
2021-12-20 16:52       ` Florian Weimer
2021-12-20 16:55         ` Adhemerval Zanella
2021-11-15 18:37 ` [PATCH v6 16/20] elf: Add main application on main_map l_name Adhemerval Zanella
2021-12-20 13:32   ` Florian Weimer
2021-12-20 18:04     ` Adhemerval Zanella
2021-11-15 18:37 ` [PATCH v6 17/20] elf: Add la_activity during application exit Adhemerval Zanella
2021-12-20 13:34   ` Florian Weimer
2021-12-20 19:46     ` Adhemerval Zanella
2021-11-15 18:37 ` [PATCH v6 18/20] elf: Issue la_symbind() for bind-now (BZ #23734) Adhemerval Zanella
2021-12-20 19:18   ` Florian Weimer
2021-12-20 20:43     ` Adhemerval Zanella
2021-12-20 21:04       ` Florian Weimer
2021-12-20 21:09         ` Adhemerval Zanella
2021-11-15 18:37 ` [PATCH v6 19/20] elf: Fix runtime linker auditing on aarch64 (BZ #26643) Adhemerval Zanella
2021-12-20 21:32   ` Florian Weimer
2021-12-21 14:33     ` Adhemerval Zanella
2021-12-21 14:44       ` Florian Weimer
2021-12-21 14:48         ` Adhemerval Zanella
2021-12-21 14:54           ` Florian Weimer
2021-12-21 17:03             ` Adhemerval Zanella
2021-12-21 17:22               ` Florian Weimer
2021-12-21 17:38                 ` Adhemerval Zanella
2021-12-21 18:11                   ` Florian Weimer
2021-12-21 18:19                     ` Adhemerval Zanella
2021-12-20 21:34   ` Florian Weimer
2021-12-21 17:47   ` Szabolcs Nagy
2021-12-21 17:49     ` Adhemerval Zanella
2021-11-15 18:37 ` [PATCH v6 20/20] elf: Add SVE support for aarch64 rtld-audit Adhemerval Zanella
2021-12-21 14:27   ` Florian Weimer
2021-12-21 14:37     ` Adhemerval Zanella
2021-12-21 16:45     ` Szabolcs Nagy
2021-12-21 17:08       ` Adhemerval Zanella

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).