From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 36768 invoked by alias); 12 Apr 2018 23:50:42 -0000 Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: libc-alpha-owner@sourceware.org Received: (qmail 36753 invoked by uid 89); 12 Apr 2018 23:50:41 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-23.5 required=5.0 tests=AWL,BAYES_00,FREEMAIL_FROM,GIT_PATCH_0,GIT_PATCH_1,GIT_PATCH_2,GIT_PATCH_3,KAM_SHORT,RCVD_IN_DNSWL_NONE,SPF_PASS,UNSUBSCRIBE_BODY autolearn=ham version=3.3.2 spammy= X-HELO: mail-oi0-f67.google.com X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=CHH2KwwDnhYNDzCIzsWwqKQCrRZpbA4j1GGsDoVtI5M=; b=FRrDM4v2OhaSfNB72mMDmdiGAql6SIuLQlpatlx5Ivt3s9eBXTzCxwsFNRLpUrI2V/ tZjCvS9MjZ+veopEtDc0uun/B1z2jkfSddxzpfVrhrU22B6/CwMI3T+g8GHOv85IvBrD hyG71IdDlx7y2O2w4prpKKXSCNgTbJN/9uxqurKansuQ1ZH1IrZg8B/4ndF8avRY4Gjy 4Kwm/mLa34zaE0tlkvDAPtv/FmAjTsi2ZgYygLfBB/BXTNYvA7WRE06dOFopN+tPZx6O wVHu4YhZsDLELbXC9CAgSKXc+L10XT2pwSvScE3Flr3M1S4ZTEVAQ6Gi7DlQJiquAuxU pb/g== X-Gm-Message-State: ALQs6tAuDxHISe9EE+QF9YsBHi4/IT0Y8RmN5Duao1LZCppwYkTpFtL5 pZT3ipbwMZL3P8xyRpM6Auh7VYWyFSZTusa2JZE= X-Google-Smtp-Source: AIpwx4/E9rLPPnsUAtLc1hbuA/UaLKJPtEHQ6f3E3ByWneuLwbG25BjEu5Ls9cNwZjDjObSFvGtlreq/DrpntMgQJuk= X-Received: by 2002:aca:478a:: with SMTP id u132-v6mr7460875oia.227.1523577034610; Thu, 12 Apr 2018 16:50:34 -0700 (PDT) MIME-Version: 1.0 In-Reply-To: <2dc14d06-a06c-1aeb-dca3-f97f4ee68415@redhat.com> References: <61a5b452-e59e-dfef-4530-a94a60480961@redhat.com> <2dc14d06-a06c-1aeb-dca3-f97f4ee68415@redhat.com> From: "H.J. Lu" Date: Thu, 12 Apr 2018 23:50:00 -0000 Message-ID: Subject: Re: [PATCH] x86: Use pad in pthread_unwind_buf to preserve shadow stack register To: "Carlos O'Donell" Cc: Florian Weimer , Joseph Myers , "Tsimbalist, Igor V" , GNU C Library Content-Type: multipart/mixed; boundary="000000000000efc45c0569af6bf8" X-SW-Source: 2018-04/txt/msg00225.txt.bz2 --000000000000efc45c0569af6bf8 Content-Type: text/plain; charset="UTF-8" Content-length: 24004 On Thu, Apr 12, 2018 at 2:36 PM, Carlos O'Donell wrote: > On 04/06/2018 07:59 AM, H.J. Lu wrote: >> On Thu, Apr 5, 2018 at 9:46 PM, Carlos O'Donell wrote: >>> On 03/30/2018 12:41 PM, H.J. Lu wrote: >>>> On Thu, Mar 29, 2018 at 1:20 PM, Florian Weimer wrote: >>>>> * H. J. Lu: >>>>> >>>>>> On Thu, Mar 29, 2018 at 1:15 PM, Florian Weimer wrote: >>>>>>> * H. J. Lu: >>>>>>> >>>>>>>> You need to make a choice. You either don't introduce a new symbol >>>>>>>> version or don't save shadow stack for thread cancellation. You >>>>>>>> can't have both. >>>>>>> I don't understand. We have room to save the shadow stack pointer in >>>>>>> the existing struct. >>>>>> No, we don't have room in struct pthread_unwind_buf: >>>>>> >>>>>> Note: There is an unused pointer space in pthread_unwind_buf_data. But >>>>>> it isn't suitable for saving and restoring shadow stack register since >>>>>> x32 is a 64-bit process with 32-bit software pointer and kernel may >>>>>> place x32 shadow stack above 4GB. We need to save and restore 64-bit >>>>>> shadow stack register for x32. >>>>> We have for void * fields. They are subsequently overwritten by >>>>> __pthread_register_cancel. But __sigsetjmp can write to them first >>>>> without causing any harm. We just need a private __longjmp_cancel >>>>> that doesn't restore the shadow stack pointer. >>>> Here is the patch which does that. Any comments? >>> >>> OK, so I have reviewed https://github.com/hjl-tools/glibc/ hjl/cet/master, >>> please confirm that this is the correct branch of the required implementation >>> for CET. It really helps to review the rest of the patch set, you should be >>> preparing this as a patch set instead of having it reviewed one-at-a-time. >>> This issue was already raised in the thread with Zack. >> >> Thanks for your feedbacks. >> >>> Architecture: >>> >>> * We avoid a "flag day" with feature_1 TCB flag to switch to a new ABI, >>> which we have discussed is a fragile process which should be avoided if >>> a supportable alternative solution exists. >>> >>> * We avoid versioned symbols, this makes CET backportable, and this has a >>> bigger benefit for long-term stable distributions. >>> >>> * A key design problem has been that cancellation jump buffers within glibc >>> are truncated to optimize on-stack size, and this means that setjmp could >>> write beyond the structure because setjmp now tries to save the shadowstack >>> pointer into space that the cancellation jump buffer did not allocate. >>> For the record this optimization seems premature and I'm sad we did it, this >>> is a lesson we should learn from. >>> >>> * We have all agreed to the following concepts: >>> >>> * The cancellation process, in particular the unwinder, never returns from >>> any of the functions we call, it just keeps calling into the unwinder to >>> jump to the next unwound cancellation function all the way to the thread >>> start routine. Therefore because we never return from one of these functions >>> we never need to restore the shadow stack, and consequently wherever it is >>> stored in the cancellation jump buffer can be overwritten if we need the >>> space (it's a dead store). >>> >>> * The corollary to this is that function calls made from cancellation handlers >>> will continue to advance the shadowstack from the deepest point at which >>> cancellation is initiated from. This means that the depth of the shadowstack >>> doesn't match the depth of the real stack while we are unwinding. I don't >>> know if this will have consequences on analysis tooling or not, or debug >>> tools during unwinding. It's a fairly advanced situation and corner case, >>> and restoring the shadowstack is not useful becuase we don't need it and >>> simplifies the implementation. >>> >>> * The cancellation jump buffer has private data used for chaining the cancel >>> jump buffers together such that the custom unwinder can follow them and >>> call them in sequence. This space constitutes 4 void *'s which is space >>> that setjmp can write to, because we will just overwrite it when we register >>> the cancel handler. >>> >>> * If the new shadowstack-enabled setjmp stores the shadowstack pointer into >>> the space taken by the 4 void*'s then we won't overflow the stack, and we >>> don't need to change the layout of the cancellation jump buffer. The 4 void*'s >>> are sufficient, even for x32 to write a 64-bit shadow stack address. >>> >>> * After fixing the cancellation jump buffers the following work needs to be reviewed: >>> >>> * Add feature_1 in tcb head to track CET status and make it easily available >>> to runtime for checking. >>> >>> * Save and restore shadowstack in setjmp/longjmp. >>> >>> * Add CET support to ld.so et. al. and track runtime status. >>> >>> * Adjust vfork for shadow stack usage. >>> >>> * Add ENDBR or NOTRACK where required in assembly. >>> >>> * CET and makecontext incompatible. >>> - Probably need to discuss which default is appropriate. >>> - Should the user get CET automatically disabled in makecontext() et. al. silently? >>> - Should your current solution, which is to error out during the build, and require >>> flag changes, be the default? This forces the user to review the security for their >>> application. >> >> I'd like to reserve 4 slots in ucontext for shadow stack: >> >> https://github.com/hjl-tools/glibc/commit/9bf6aefa8fb45f8df140d42ce9cf890bb24076e1 >> >> It should be binary backward compatible. I will investigate if there is a way >> to support shadow stack with existing API. Otherwise, we need to add a new >> API for ucontext functions with shadow stack. > > Could you explain in detail how this is binary backwards compatible? > > Is the assumption that if you extend ucontext_t, that the kernel will just write > more to the stack, and users who accesss it via the void* in a signal handler > setup via sigaction + SA_SIGINFO, will not read past the size they expect? > > How is the shadow stack information moved between a getcontext -> setcontext > set of API calls? The user ucontext_t in existing binaries is too small to hold the > shadow stack? > > Would we again have a "flag day" where CET enablement must be coordinated with > the definition of a new ucontext_t? > >>> * prctl for CET. >> >> We have been experimenting different approaches to get the best implementation. >> I am expecting that this patch may change as we collect more data. >> > > OK. > >>> * The work to review after this patch appears to be less contentious in terms of >>> the kinds of changes that are required. Most of the changes are internal details >>> of enabling CET and not ABI details, with the exception of the possible pain we >>> might cause with makecontext() being unsupported and what default position to take >>> there. >>> >>> Design: >>> >>> * Overall the implementation looks exactly how I might expect it to look, but some >>> of the math that places the shadowstack pointer appears to need either commenting >>> or fixing because I don't understand it. You need to make it easy for me to see >>> that we have placed the shadowstack pointer into the 4 pad words. >>> >>> Details: >>> >>> * One comment needs filling out a bit more, noted below. >>> >>>> 0001-x86-Use-pad-in-pthread_unwind_buf-to-preserve-shadow.patch >>>> >>>> >>>> From f222537447f5ec879427f318b7c0396362b7453a Mon Sep 17 00:00:00 2001 >>>> From: "H.J. Lu" >>>> Date: Sat, 24 Feb 2018 17:23:54 -0800 >>>> Subject: [PATCH] x86: Use pad in pthread_unwind_buf to preserve shadow stack >>>> register >>>> >>>> The pad array in struct pthread_unwind_buf is used by setjmp to save >>>> shadow stack register. We assert that size of struct pthread_unwind_buf >>>> is no less than offset of shadow stack pointer + shadow stack pointer >>>> size. >>>> >>> >>> OK. >>> >>>> Since functions, like LIBC_START_MAIN, START_THREAD_DEFN as well as >>>> these with thread cancellation, call setjmp, but never return after >>>> __libc_unwind_longjmp, __libc_unwind_longjmp, which is defined as >>>> __libc_longjmp on x86, doesn't need to restore shadow stack register. >>> >>> OK. >>> >>>> __libc_longjmp, which is a private interface for thread cancellation >>>> implementation in libpthread, is changed to call __longjmp_cancel, >>>> instead of __longjmp. __longjmp_cancel is a new internal function >>>> in libc, which is similar to __longjmp, but doesn't restore shadow >>>> stack register. >>> >>> OK. Good. I like the use of a __longjmp_cancel name to call out what's >>> going on in the API (clear semantics). >>> >>>> >>>> The compatibility longjmp and siglongjmp in libpthread.so are changed >>>> to call __libc_siglongjmp, instead of __libc_longjmp, so that they will >>>> restore shadow stack register. >>> >>> OK. >>> >>>> >>>> Tested with build-many-glibcs.py. >>>> >>>> * nptl/pthread_create.c (START_THREAD_DEFN): Clear previous >>>> handlers after setjmp. >>>> * setjmp/longjmp.c (__libc_longjmp): Don't define alias if >>>> defined. >>>> * sysdeps/unix/sysv/linux/x86/setjmpP.h (_JUMP_BUF_SIGSET_NSIG): >>>> Changed to 97. >>>> * sysdeps/x86/Makefile (sysdep_routines): Add __longjmp_cancel. >>>> * sysdeps/x86/__longjmp_cancel.S: New file. >>>> * sysdeps/x86/longjmp.c: Likewise. >>>> * sysdeps/x86/nptl/pt-longjmp.c: Likewise. >>> >>> This looks much better. >>> >>>> --- >>>> nptl/pthread_create.c | 9 ++-- >>>> setjmp/longjmp.c | 2 + >>>> sysdeps/unix/sysv/linux/x86/setjmpP.h | 4 +- >>>> sysdeps/x86/Makefile | 4 ++ >>>> sysdeps/x86/__longjmp_cancel.S | 20 ++++++++ >>>> sysdeps/x86/longjmp.c | 45 ++++++++++++++++ >>>> sysdeps/x86/nptl/pt-longjmp.c | 97 +++++++++++++++++++++++++++++++++++ >>>> 7 files changed, 176 insertions(+), 5 deletions(-) >>>> create mode 100644 sysdeps/x86/__longjmp_cancel.S >>>> create mode 100644 sysdeps/x86/longjmp.c >>>> create mode 100644 sysdeps/x86/nptl/pt-longjmp.c >>>> >>>> diff --git a/nptl/pthread_create.c b/nptl/pthread_create.c >>>> index caaf07c134..1c5b3780c6 100644 >>>> --- a/nptl/pthread_create.c >>>> +++ b/nptl/pthread_create.c >>>> @@ -427,12 +427,15 @@ START_THREAD_DEFN >>>> compilers without that support we do use setjmp. */ >>>> struct pthread_unwind_buf unwind_buf; >>>> >>>> - /* No previous handlers. */ >>>> + int not_first_call; >>>> + not_first_call = setjmp ((struct __jmp_buf_tag *) unwind_buf.cancel_jmp_buf); >>>> + >>>> + /* No previous handlers. NB: This must be done after setjmp since >>>> + the same space may be used by setjmp to store extra data which >>>> + should never be used by __libc_unwind_longjmp. */ >>> >>> Suggest: >>> ~~~ >>> No previous handlers. NB: This must be done after setjmp since >>> the private space in the unwind jump buffer may overlap space >>> used by setjmp to store extra architecture-specific information >>> which is never be used by the cancellation-specific >>> __libc_unwind_longjmp. >>> >>> The private space is allowed to overlap because the unwinder never >>> has to return through any of the jumped-to call frames, and thus >>> only a minimum amount of saved data need be stored, and for example, >>> need not include the process signal mask information. This is all >>> an optimization to reduce stack usage when pushing cancellation >>> handlers. >>> ~~~ >> >> Will fix it. >> >>>> unwind_buf.priv.data.prev = NULL; >>>> unwind_buf.priv.data.cleanup = NULL; >>>> >>>> - int not_first_call; >>>> - not_first_call = setjmp ((struct __jmp_buf_tag *) unwind_buf.cancel_jmp_buf); >>> >>> OK. >>> >>>> if (__glibc_likely (! not_first_call)) >>>> { >>>> /* Store the new cleanup handler info. */ >>>> diff --git a/setjmp/longjmp.c b/setjmp/longjmp.c >>>> index a2a7065a85..453889e103 100644 >>>> --- a/setjmp/longjmp.c >>>> +++ b/setjmp/longjmp.c >>>> @@ -40,9 +40,11 @@ __libc_siglongjmp (sigjmp_buf env, int val) >>>> } >>>> >>>> #ifndef __libc_siglongjmp >>>> +# ifndef __libc_longjmp >>>> /* __libc_longjmp is a private interface for cancellation implementation >>>> in libpthread. */ >>>> strong_alias (__libc_siglongjmp, __libc_longjmp) >>>> +# endif >>> >>> OK. >>> >>>> weak_alias (__libc_siglongjmp, _longjmp) >>>> weak_alias (__libc_siglongjmp, longjmp) >>>> weak_alias (__libc_siglongjmp, siglongjmp) >>>> diff --git a/sysdeps/unix/sysv/linux/x86/setjmpP.h b/sysdeps/unix/sysv/linux/x86/setjmpP.h >>>> index c0ed767a0d..90a6bbcf32 100644 >>>> --- a/sysdeps/unix/sysv/linux/x86/setjmpP.h >>>> +++ b/sysdeps/unix/sysv/linux/x86/setjmpP.h >>>> @@ -22,8 +22,8 @@ >>>> #include >>>> >>>> /* The biggest signal number + 1. As of kernel 4.14, x86 _NSIG is 64. >>>> - Define it to 513 to leave some rooms for future use. */ >>>> -#define _JUMP_BUF_SIGSET_NSIG 513 >>>> + Define it to 97 to leave some rooms for future use. */ >>> >>> OK. >>> >>>> +#define _JUMP_BUF_SIGSET_NSIG 97 >>> >>> Please provide proof in the way of a comment or rewriting this constant >>> to show that it places the shadow stack pointer on both x86_64 and x32 >>> into the range of the private pad. >> >> sysdeps/x86/nptl/pt-longjmp.c has >> >> _Static_assert ((sizeof (struct pthread_unwind_buf) >>> = (SHADOW_STACK_POINTER_OFFSET >> + SHADOW_STACK_POINTER_SIZE)), >> "size of struct pthread_unwind_buf < " >> "(SHADOW_STACK_POINTER_OFFSET + SHADOW_STACK_POINTER_SIZE)"); >> >> If shadow stack pointer is saved in the offset bigger than the size of >> struct pthread_unwind_buf, assert will trigger at compile-time. >> > > Thanks, I'll review this in the patch you posted. > >>> Also, from commit f33632ccd1dec3217583fcfdd965afb62954203c, >>> where did this math come from? >>> >>> ((_JUMP_BUF_SIGSET_NSIG - 1 + 7) / (8 * sizeof (unsigned long int))) >>> >>> Why the +7? >> >> _JUMP_BUF_SIGSET_NSIG is the biggest signal number + 1. > > Agreed. > >> _JUMP_BUF_SIGSET_NSIG - 1 gives the biggest signal number. > > Agreed. > >> _JUMP_BUF_SIGSET_NSIG - 1 + 7 rounds up to the number of bytes >> which are needed to store the biggest signal number. > > It does not. I changed to /* Number of bits per long. */ #define _JUMP_BUF_SIGSET_BITS_PER_WORD (8 * sizeof (unsigned long int)) /* The biggest signal number. As of kernel 4.14, x86 _NSIG is 64. Define it to 96 to leave some rooms for future use. */ #define _JUMP_BUF_SIGSET_NSIG 96 /* Number of longs to hold all signals. */ #define _JUMP_BUF_SIGSET_NWORDS \ (ALIGN_UP (_JUMP_BUF_SIGSET_NSIG, _JUMP_BUF_SIGSET_BITS_PER_WORD) \ / _JUMP_BUF_SIGSET_BITS_PER_WORD) > Result # of signals # of bits Current # Expected # ... > Luckily for 512 signals (513) the math works out. > > For 96 signals it does not. > > (96 - 1 + 7) = 102 > 102 / 64 = 1 True. > That's only a signal word, that only supports 64 signals, not 96. Lucky for me. Since unsigned long int __shadow_stack_pointer is aligned as unsigned long, there is padding before __shadow_stack_pointer. > Why doesn't the static assert trigger? Because you a < the size of the > pthread_unwind_buf, and too small actually, writing into other parts of > the buffer! Assert _Static_assert ((sizeof (struct pthread_unwind_buf) >= (SHADOW_STACK_POINTER_OFFSET + SHADOW_STACK_POINTER_SIZE)), "size of struct pthread_unwind_buf < " "(SHADOW_STACK_POINTER_OFFSET + SHADOW_STACK_POINTER_SIZE)"); is correct. > I would expect us to use something like this: > > diff --git a/sysdeps/unix/sysv/linux/x86/setjmpP.h b/sysdeps/unix/sysv/linux/x86/setjmpP.h > index c0ed767a0d..6e1e8f901c 100644 > --- a/sysdeps/unix/sysv/linux/x86/setjmpP.h > +++ b/sysdeps/unix/sysv/linux/x86/setjmpP.h > @@ -20,13 +20,15 @@ > #define _SETJMPP_H 1 > > #include > +#include > > -/* The biggest signal number + 1. As of kernel 4.14, x86 _NSIG is 64. > - Define it to 513 to leave some rooms for future use. */ > -#define _JUMP_BUF_SIGSET_NSIG 513 > +/* As of kernel 4.14, x86 _NSIG is 64. > + Define it to 512 to leave some rooms for future use. */ > +#define _JUMP_BUF_SIGSET_NSIG 512 > /* Number of longs to hold all signals. */ > #define _JUMP_BUF_SIGSET_NWORDS \ > - ((_JUMP_BUF_SIGSET_NSIG - 1 + 7) / (8 * sizeof (unsigned long int))) > + (ALIGN_UP(_JUMP_BUF_SIGSET_NSIG, (8 * sizeof (unsigned long int))) \ > + / (8 * sizeof (unsigned long int))) > > typedef struct > { > --- > ... but with the size you need and explain *why* it's 96. > > You need a comment like this: > /* The layout looks like this: > - N words for this. > - N words for that. > - N words for shadow stack. > Total 96 signals. */ > > Align the number of signals up to multiple of signals you can store in > a hardware word, and then figure out how many words that takes up. I put comments in sysdeps/x86/nptl/pt-longjmp.c together with static assert. > Please review my math. > >>>> /* Number of longs to hold all signals. */ >>>> #define _JUMP_BUF_SIGSET_NWORDS \ >>>> ((_JUMP_BUF_SIGSET_NSIG - 1 + 7) / (8 * sizeof (unsigned long int))) >>>> diff --git a/sysdeps/x86/Makefile b/sysdeps/x86/Makefile >>>> index 0d0326c21a..d25d6f0ae4 100644 >>>> --- a/sysdeps/x86/Makefile >>>> +++ b/sysdeps/x86/Makefile >>>> @@ -8,3 +8,7 @@ sysdep-dl-routines += dl-get-cpu-features >>>> tests += tst-get-cpu-features >>>> tests-static += tst-get-cpu-features-static >>>> endif >>>> + >>>> +ifeq ($(subdir),setjmp) >>>> +sysdep_routines += __longjmp_cancel >>>> +endif >>> >>> OK. >>> >>>> diff --git a/sysdeps/x86/__longjmp_cancel.S b/sysdeps/x86/__longjmp_cancel.S >>>> new file mode 100644 >>>> index 0000000000..b57dbfa376 >>>> --- /dev/null >>>> +++ b/sysdeps/x86/__longjmp_cancel.S >>>> @@ -0,0 +1,20 @@ >>>> +/* __longjmp_cancel for x86. >>>> + Copyright (C) 2018 Free Software Foundation, Inc. >>>> + This file is part of the GNU C Library. >>>> + >>>> + The GNU C Library is free software; you can redistribute it and/or >>>> + modify it under the terms of the GNU Lesser General Public >>>> + License as published by the Free Software Foundation; either >>>> + version 2.1 of the License, or (at your option) any later version. >>>> + >>>> + The GNU C Library is distributed in the hope that it will be useful, >>>> + but WITHOUT ANY WARRANTY; without even the implied warranty of >>>> + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU >>>> + Lesser General Public License for more details. >>>> + >>>> + You should have received a copy of the GNU Lesser General Public >>>> + License along with the GNU C Library; if not, see >>>> + . */ >>>> + >>>> +#define __longjmp __longjmp_cancel >>>> +#include <__longjmp.S> >>> >>> OK. >>> >>>> diff --git a/sysdeps/x86/longjmp.c b/sysdeps/x86/longjmp.c >>>> new file mode 100644 >>>> index 0000000000..a53f31e1dd >>>> --- /dev/null >>>> +++ b/sysdeps/x86/longjmp.c >>>> @@ -0,0 +1,45 @@ >>>> +/* __libc_siglongjmp for x86. >>>> + Copyright (C) 2018 Free Software Foundation, Inc. >>>> + This file is part of the GNU C Library. >>>> + >>>> + The GNU C Library is free software; you can redistribute it and/or >>>> + modify it under the terms of the GNU Lesser General Public >>>> + License as published by the Free Software Foundation; either >>>> + version 2.1 of the License, or (at your option) any later version. >>>> + >>>> + The GNU C Library is distributed in the hope that it will be useful, >>>> + but WITHOUT ANY WARRANTY; without even the implied warranty of >>>> + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU >>>> + Lesser General Public License for more details. >>>> + >>>> + You should have received a copy of the GNU Lesser General Public >>>> + License along with the GNU C Library; if not, see >>>> + . */ >>>> + >>>> +#define __libc_longjmp __redirect___libc_longjmp >>>> +#include >>>> +#undef __libc_longjmp >>>> + >>>> +extern void __longjmp_cancel (__jmp_buf __env, int __val) >>>> + __attribute__ ((__noreturn__)) attribute_hidden; >>>> + >>>> +/* Since __libc_longjmp is a private interface for cancellation >>>> + implementation in libpthread, there is no need to restore shadow >>>> + stack register. */ >>>> + >>>> +void >>>> +__libc_longjmp (sigjmp_buf env, int val) >>>> +{ >>>> + /* Perform any cleanups needed by the frames being unwound. */ >>>> + _longjmp_unwind (env, val); >>> >>> OK. >>> >>>> + >>>> + if (env[0].__mask_was_saved) >>>> + /* Restore the saved signal mask. */ >>>> + (void) __sigprocmask (SIG_SETMASK, >>>> + (sigset_t *) &env[0].__saved_mask, >>>> + (sigset_t *) NULL); >>> >>> OK. >>> >>>> + >>>> + /* Call the machine-dependent function to restore machine state >>>> + without shadow stack. */ >>>> + __longjmp_cancel (env[0].__jmpbuf, val ?: 1); >>> >>> OK. >>> >>>> +} >>>> diff --git a/sysdeps/x86/nptl/pt-longjmp.c b/sysdeps/x86/nptl/pt-longjmp.c >>>> new file mode 100644 >>>> index 0000000000..7eb8651cfe >>>> --- /dev/null >>>> +++ b/sysdeps/x86/nptl/pt-longjmp.c >>>> @@ -0,0 +1,97 @@ >>>> +/* ABI compatibility for 'longjmp' and 'siglongjmp' symbols in libpthread ABI. >>>> + X86 version. >>>> + Copyright (C) 18 Free Software Foundation, Inc. >>>> + This file is part of the GNU C Library. >>>> + >>>> + The GNU C Library is free software; you can redistribute it and/or >>>> + modify it under the terms of the GNU Lesser General Public >>>> + License as published by the Free Software Foundation; either >>>> + version 2.1 of the License, or (at your option) any later version. >>>> + >>>> + The GNU C Library is distributed in the hope that it will be useful, >>>> + but WITHOUT ANY WARRANTY; without even the implied warranty of >>>> + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU >>>> + Lesser General Public License for more details. >>>> + >>>> + You should have received a copy of the GNU Lesser General Public >>>> + License along with the GNU C Library; if not, see >>>> + . */ >>>> + >>>> +/* has >>>> + >>>> +struct pthread_unwind_buf >>>> +{ >>>> + struct >>>> + { >>>> + __jmp_buf jmp_buf; >>>> + int mask_was_saved; >>>> + } cancel_jmp_buf[1]; >>>> + >>>> + union >>>> + { >>>> + void *pad[4]; >>>> + struct >>>> + { >>>> + struct pthread_unwind_buf *prev; >>>> + struct _pthread_cleanup_buffer *cleanup; >>>> + int canceltype; >>>> + } data; >>>> + } priv; >>>> +}; >>>> + >>>> + The pad array in struct pthread_unwind_buf is used by setjmp to save >>> >>> This appears to be SHADOW_STACK_POINTER_OFFSET in subsequent patches. >>> >>> However on your hjl/cet/master branch it appears that this offset is not >>> defined to be *just after* the mask_was_saved? >> >> sysdeps/unix/sysv/linux/x86/setjmpP.h has >> >> typedef struct >> { >> unsigned long int __val[_JUMP_BUF_SIGSET_NWORDS]; >> } __jmp_buf_sigset_t; >> >> typedef union >> { >> __sigset_t __saved_mask_compat; >> struct >> { >> __jmp_buf_sigset_t __saved_mask; >> /* Used for shadow stack pointer. */ >> unsigned long int __shadow_stack_pointer; >> } __saved; >> } __jmpbuf_arch_t; >> >> __shadow_stack_pointer is placed after __saved_mask, aka mask_was_saved. > > OK, I'll re-review. > > > I look forward to a v2 with correct rounding and a new comment. > Here is the updated patch. Please see if sysdeps/unix/sysv/linux/x86/setjmpP.h sysdeps/x86/nptl/pt-longjmp.c address your concerns. Thanks. -- H.J. --000000000000efc45c0569af6bf8 Content-Type: text/x-patch; charset="US-ASCII"; name="0001-x86-Use-pad-in-pthread_unwind_buf-to-preserve-shadow.patch" Content-Disposition: attachment; filename="0001-x86-Use-pad-in-pthread_unwind_buf-to-preserve-shadow.patch" Content-Transfer-Encoding: base64 X-Attachment-Id: f_jfx6a7gr0 Content-length: 16633 RnJvbSAxY2UyYjRmMTk5MDcwYTYzZDlhNjBiZDliN2NhOWUzMzAxM2Q0MjA4 IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiAiSC5KLiBMdSIgPGhq bC50b29sc0BnbWFpbC5jb20+CkRhdGU6IFNhdCwgMjQgRmViIDIwMTggMTc6 MjM6NTQgLTA4MDAKU3ViamVjdDogW1BBVENIXSB4ODY6IFVzZSBwYWQgaW4g cHRocmVhZF91bndpbmRfYnVmIHRvIHByZXNlcnZlIHNoYWRvdyBzdGFjawog cmVnaXN0ZXIKClRoZSBwYWQgYXJyYXkgaW4gc3RydWN0IHB0aHJlYWRfdW53 aW5kX2J1ZiBpcyB1c2VkIGJ5IHNldGptcCB0byBzYXZlCnNoYWRvdyBzdGFj ayByZWdpc3Rlci4gIFdlIGFzc2VydCB0aGF0IHNpemUgb2Ygc3RydWN0IHB0 aHJlYWRfdW53aW5kX2J1ZgppcyBubyBsZXNzIHRoYW4gb2Zmc2V0IG9mIHNo YWRvdyBzdGFjayBwb2ludGVyICsgc2hhZG93IHN0YWNrIHBvaW50ZXIKc2l6 ZS4KClNpbmNlIGZ1bmN0aW9ucywgbGlrZSBMSUJDX1NUQVJUX01BSU4sIFNU QVJUX1RIUkVBRF9ERUZOIGFzIHdlbGwgYXMKdGhlc2Ugd2l0aCB0aHJlYWQg Y2FuY2VsbGF0aW9uLCBjYWxsIHNldGptcCwgYnV0IG5ldmVyIHJldHVybiBh ZnRlcgpfX2xpYmNfdW53aW5kX2xvbmdqbXAsIF9fbGliY191bndpbmRfbG9u Z2ptcCwgd2hpY2ggaXMgZGVmaW5lZCBhcwpfX2xpYmNfbG9uZ2ptcCBvbiB4 ODYsIGRvZXNuJ3QgbmVlZCB0byByZXN0b3JlIHNoYWRvdyBzdGFjayByZWdp c3Rlci4KX19saWJjX2xvbmdqbXAsIHdoaWNoIGlzIGEgcHJpdmF0ZSBpbnRl cmZhY2UgZm9yIHRocmVhZCBjYW5jZWxsYXRpb24KaW1wbGVtZW50YXRpb24g aW4gbGlicHRocmVhZCwgaXMgY2hhbmdlZCB0byBjYWxsIF9fbG9uZ2ptcF9j YW5jZWwsCmluc3RlYWQgb2YgX19sb25nam1wLiAgX19sb25nam1wX2NhbmNl bCBpcyBhIG5ldyBpbnRlcm5hbCBmdW5jdGlvbgppbiBsaWJjLCB3aGljaCBp cyBzaW1pbGFyIHRvIF9fbG9uZ2ptcCwgYnV0IGRvZXNuJ3QgcmVzdG9yZSBz aGFkb3cKc3RhY2sgcmVnaXN0ZXIuCgpUaGUgY29tcGF0aWJpbGl0eSBsb25n am1wIGFuZCBzaWdsb25nam1wIGluIGxpYnB0aHJlYWQuc28gYXJlIGNoYW5n ZWQKdG8gY2FsbCBfX2xpYmNfc2lnbG9uZ2ptcCwgaW5zdGVhZCBvZiBfX2xp YmNfbG9uZ2ptcCwgc28gdGhhdCB0aGV5IHdpbGwKcmVzdG9yZSBzaGFkb3cg c3RhY2sgcmVnaXN0ZXIuCgpUZXN0ZWQgd2l0aCBidWlsZC1tYW55LWdsaWJj cy5weS4KCgkqIG5wdGwvcHRocmVhZF9jcmVhdGUuYyAoU1RBUlRfVEhSRUFE X0RFRk4pOiBDbGVhciBwcmV2aW91cwoJaGFuZGxlcnMgYWZ0ZXIgc2V0am1w LgoJKiBzZXRqbXAvbG9uZ2ptcC5jIChfX2xpYmNfbG9uZ2ptcCk6IERvbid0 IGRlZmluZSBhbGlhcyBpZgoJZGVmaW5lZC4KCSogc3lzZGVwcy91bml4L3N5 c3YvbGludXgveDg2L3NldGptcFAuaDogSW5jbHVkZQoJPGxpYmMtcG9pbnRl ci1hcml0aC5oPi4KCShfSlVNUF9CVUZfU0lHU0VUX0JJVFNfUEVSX1dPUkQp OiBOZXcuCgkoX0pVTVBfQlVGX1NJR1NFVF9OU0lHKTogQ2hhbmdlZCB0byA5 Ni4KCShfSlVNUF9CVUZfU0lHU0VUX05XT1JEUyk6IENoYW5nZWQgdG8gdXNl IEFMSUdOX1VQIGFuZAoJX0pVTVBfQlVGX1NJR1NFVF9CSVRTX1BFUl9XT1JE LgoJKiBzeXNkZXBzL3g4Ni9NYWtlZmlsZSAoc3lzZGVwX3JvdXRpbmVzKTog QWRkIF9fbG9uZ2ptcF9jYW5jZWwuCgkqIHN5c2RlcHMveDg2L19fbG9uZ2pt cF9jYW5jZWwuUzogTmV3IGZpbGUuCgkqIHN5c2RlcHMveDg2L2xvbmdqbXAu YzogTGlrZXdpc2UuCgkqIHN5c2RlcHMveDg2L25wdGwvcHQtbG9uZ2ptcC5j OiBMaWtld2lzZS4KLS0tCiBucHRsL3B0aHJlYWRfY3JlYXRlLmMgICAgICAg ICAgICAgICAgIHwgMTggKysrKystLQogc2V0am1wL2xvbmdqbXAuYyAgICAg ICAgICAgICAgICAgICAgICB8ICAyICsKIHN5c2RlcHMvdW5peC9zeXN2L2xp bnV4L3g4Ni9zZXRqbXBQLmggfCAxMiArKystLQogc3lzZGVwcy94ODYvTWFr ZWZpbGUgICAgICAgICAgICAgICAgICB8ICA0ICsrCiBzeXNkZXBzL3g4Ni9f X2xvbmdqbXBfY2FuY2VsLlMgICAgICAgIHwgMjAgKysrKysrKysKIHN5c2Rl cHMveDg2L2xvbmdqbXAuYyAgICAgICAgICAgICAgICAgfCA0NSArKysrKysr KysrKysrKysrCiBzeXNkZXBzL3g4Ni9ucHRsL3B0LWxvbmdqbXAuYyAgICAg ICAgIHwgOTcgKysrKysrKysrKysrKysrKysrKysrKysrKysrKysrKysrKysK IDcgZmlsZXMgY2hhbmdlZCwgMTkxIGluc2VydGlvbnMoKyksIDcgZGVsZXRp b25zKC0pCiBjcmVhdGUgbW9kZSAxMDA2NDQgc3lzZGVwcy94ODYvX19sb25n am1wX2NhbmNlbC5TCiBjcmVhdGUgbW9kZSAxMDA2NDQgc3lzZGVwcy94ODYv bG9uZ2ptcC5jCiBjcmVhdGUgbW9kZSAxMDA2NDQgc3lzZGVwcy94ODYvbnB0 bC9wdC1sb25nam1wLmMKCmRpZmYgLS1naXQgYS9ucHRsL3B0aHJlYWRfY3Jl YXRlLmMgYi9ucHRsL3B0aHJlYWRfY3JlYXRlLmMKaW5kZXggY2FhZjA3YzEz NC4uOGIxZjA2NTk5ZCAxMDA2NDQKLS0tIGEvbnB0bC9wdGhyZWFkX2NyZWF0 ZS5jCisrKyBiL25wdGwvcHRocmVhZF9jcmVhdGUuYwpAQCAtNDI3LDEyICs0 MjcsMjQgQEAgU1RBUlRfVEhSRUFEX0RFRk4KICAgICAgY29tcGlsZXJzIHdp dGhvdXQgdGhhdCBzdXBwb3J0IHdlIGRvIHVzZSBzZXRqbXAuICAqLwogICBz dHJ1Y3QgcHRocmVhZF91bndpbmRfYnVmIHVud2luZF9idWY7CiAKLSAgLyog Tm8gcHJldmlvdXMgaGFuZGxlcnMuICAqLworICBpbnQgbm90X2ZpcnN0X2Nh bGw7CisgIG5vdF9maXJzdF9jYWxsID0gc2V0am1wICgoc3RydWN0IF9fam1w X2J1Zl90YWcgKikgdW53aW5kX2J1Zi5jYW5jZWxfam1wX2J1Zik7CisKKyAg LyogTm8gcHJldmlvdXMgaGFuZGxlcnMuICBOQjogVGhpcyBtdXN0IGJlIGRv bmUgYWZ0ZXIgc2V0am1wIHNpbmNlCisgICAgIHRoZSBwcml2YXRlIHNwYWNl IGluIHRoZSB1bndpbmQganVtcCBidWZmZXIgbWF5IG92ZXJsYXAgc3BhY2UK KyAgICAgdXNlZCBieSBzZXRqbXAgdG8gc3RvcmUgZXh0cmEgYXJjaGl0ZWN0 dXJlLXNwZWNpZmljIGluZm9ybWF0aW9uCisgICAgIHdoaWNoIGlzIG5ldmVy IGJlIHVzZWQgYnkgdGhlIGNhbmNlbGxhdGlvbi1zcGVjaWZpYworICAgICBf X2xpYmNfdW53aW5kX2xvbmdqbXAuCisKKyAgICAgVGhlIHByaXZhdGUgc3Bh Y2UgaXMgYWxsb3dlZCB0byBvdmVybGFwIGJlY2F1c2UgdGhlIHVud2luZGVy IG5ldmVyCisgICAgIGhhcyB0byByZXR1cm4gdGhyb3VnaCBhbnkgb2YgdGhl IGp1bXBlZC10byBjYWxsIGZyYW1lcywgYW5kIHRodXMKKyAgICAgb25seSBh IG1pbmltdW0gYW1vdW50IG9mIHNhdmVkIGRhdGEgbmVlZCBiZSBzdG9yZWQs IGFuZCBmb3IgZXhhbXBsZSwKKyAgICAgbmVlZCBub3QgaW5jbHVkZSB0aGUg cHJvY2VzcyBzaWduYWwgbWFzayBpbmZvcm1hdGlvbi4gVGhpcyBpcyBhbGwK KyAgICAgYW4gb3B0aW1pemF0aW9uIHRvIHJlZHVjZSBzdGFjayB1c2FnZSB3 aGVuIHB1c2hpbmcgY2FuY2VsbGF0aW9uCisgICAgIGhhbmRsZXJzLiAgKi8K ICAgdW53aW5kX2J1Zi5wcml2LmRhdGEucHJldiA9IE5VTEw7CiAgIHVud2lu ZF9idWYucHJpdi5kYXRhLmNsZWFudXAgPSBOVUxMOwogCi0gIGludCBub3Rf Zmlyc3RfY2FsbDsKLSAgbm90X2ZpcnN0X2NhbGwgPSBzZXRqbXAgKChzdHJ1 Y3QgX19qbXBfYnVmX3RhZyAqKSB1bndpbmRfYnVmLmNhbmNlbF9qbXBfYnVm KTsKICAgaWYgKF9fZ2xpYmNfbGlrZWx5ICghIG5vdF9maXJzdF9jYWxsKSkK ICAgICB7CiAgICAgICAvKiBTdG9yZSB0aGUgbmV3IGNsZWFudXAgaGFuZGxl ciBpbmZvLiAgKi8KZGlmZiAtLWdpdCBhL3NldGptcC9sb25nam1wLmMgYi9z ZXRqbXAvbG9uZ2ptcC5jCmluZGV4IGEyYTcwNjVhODUuLjQ1Mzg4OWUxMDMg MTAwNjQ0Ci0tLSBhL3NldGptcC9sb25nam1wLmMKKysrIGIvc2V0am1wL2xv bmdqbXAuYwpAQCAtNDAsOSArNDAsMTEgQEAgX19saWJjX3NpZ2xvbmdqbXAg KHNpZ2ptcF9idWYgZW52LCBpbnQgdmFsKQogfQogCiAjaWZuZGVmIF9fbGli Y19zaWdsb25nam1wCisjIGlmbmRlZiBfX2xpYmNfbG9uZ2ptcAogLyogX19s aWJjX2xvbmdqbXAgaXMgYSBwcml2YXRlIGludGVyZmFjZSBmb3IgY2FuY2Vs bGF0aW9uIGltcGxlbWVudGF0aW9uCiAgICBpbiBsaWJwdGhyZWFkLiAgKi8K IHN0cm9uZ19hbGlhcyAoX19saWJjX3NpZ2xvbmdqbXAsIF9fbGliY19sb25n am1wKQorIyBlbmRpZgogd2Vha19hbGlhcyAoX19saWJjX3NpZ2xvbmdqbXAs IF9sb25nam1wKQogd2Vha19hbGlhcyAoX19saWJjX3NpZ2xvbmdqbXAsIGxv bmdqbXApCiB3ZWFrX2FsaWFzIChfX2xpYmNfc2lnbG9uZ2ptcCwgc2lnbG9u Z2ptcCkKZGlmZiAtLWdpdCBhL3N5c2RlcHMvdW5peC9zeXN2L2xpbnV4L3g4 Ni9zZXRqbXBQLmggYi9zeXNkZXBzL3VuaXgvc3lzdi9saW51eC94ODYvc2V0 am1wUC5oCmluZGV4IGMwZWQ3NjdhMGQuLjI0Zjg3ZGEyMDQgMTAwNjQ0Ci0t LSBhL3N5c2RlcHMvdW5peC9zeXN2L2xpbnV4L3g4Ni9zZXRqbXBQLmgKKysr IGIvc3lzZGVwcy91bml4L3N5c3YvbGludXgveDg2L3NldGptcFAuaApAQCAt MjAsMTMgKzIwLDE3IEBACiAjZGVmaW5lCV9TRVRKTVBQX0gJMQogCiAjaW5j bHVkZSA8Yml0cy90eXBlcy9fX3NpZ3NldF90Lmg+CisjaW5jbHVkZSA8bGli Yy1wb2ludGVyLWFyaXRoLmg+CiAKLS8qIFRoZSBiaWdnZXN0IHNpZ25hbCBu dW1iZXIgKyAxLiAgQXMgb2Yga2VybmVsIDQuMTQsIHg4NiBfTlNJRyBpcyA2 NC4KLSAgIERlZmluZSBpdCB0byA1MTMgdG8gbGVhdmUgc29tZSByb29tcyBm b3IgZnV0dXJlIHVzZS4gICovCi0jZGVmaW5lIF9KVU1QX0JVRl9TSUdTRVRf TlNJRwk1MTMKKy8qIE51bWJlciBvZiBiaXRzIHBlciBsb25nLiAgKi8KKyNk ZWZpbmUgX0pVTVBfQlVGX1NJR1NFVF9CSVRTX1BFUl9XT1JEICg4ICogc2l6 ZW9mICh1bnNpZ25lZCBsb25nIGludCkpCisvKiBUaGUgYmlnZ2VzdCBzaWdu YWwgbnVtYmVyLiAgQXMgb2Yga2VybmVsIDQuMTQsIHg4NiBfTlNJRyBpcyA2 NC4KKyAgIERlZmluZSBpdCB0byA5NiB0byBsZWF2ZSBzb21lIHJvb21zIGZv ciBmdXR1cmUgdXNlLiAgKi8KKyNkZWZpbmUgX0pVTVBfQlVGX1NJR1NFVF9O U0lHCTk2CiAvKiBOdW1iZXIgb2YgbG9uZ3MgdG8gaG9sZCBhbGwgc2lnbmFs cy4gICovCiAjZGVmaW5lIF9KVU1QX0JVRl9TSUdTRVRfTldPUkRTIFwKLSAg KChfSlVNUF9CVUZfU0lHU0VUX05TSUcgLSAxICsgNykgLyAoOCAqIHNpemVv ZiAodW5zaWduZWQgbG9uZyBpbnQpKSkKKyAgKEFMSUdOX1VQIChfSlVNUF9C VUZfU0lHU0VUX05TSUcsIF9KVU1QX0JVRl9TSUdTRVRfQklUU19QRVJfV09S RCkgXAorICAgLyBfSlVNUF9CVUZfU0lHU0VUX0JJVFNfUEVSX1dPUkQpCiAK IHR5cGVkZWYgc3RydWN0CiAgIHsKZGlmZiAtLWdpdCBhL3N5c2RlcHMveDg2 L01ha2VmaWxlIGIvc3lzZGVwcy94ODYvTWFrZWZpbGUKaW5kZXggMGQwMzI2 YzIxYS4uZDI1ZDZmMGFlNCAxMDA2NDQKLS0tIGEvc3lzZGVwcy94ODYvTWFr ZWZpbGUKKysrIGIvc3lzZGVwcy94ODYvTWFrZWZpbGUKQEAgLTgsMyArOCw3 IEBAIHN5c2RlcC1kbC1yb3V0aW5lcyArPSBkbC1nZXQtY3B1LWZlYXR1cmVz CiB0ZXN0cyArPSB0c3QtZ2V0LWNwdS1mZWF0dXJlcwogdGVzdHMtc3RhdGlj ICs9IHRzdC1nZXQtY3B1LWZlYXR1cmVzLXN0YXRpYwogZW5kaWYKKworaWZl cSAoJChzdWJkaXIpLHNldGptcCkKK3N5c2RlcF9yb3V0aW5lcyArPSBfX2xv bmdqbXBfY2FuY2VsCitlbmRpZgpkaWZmIC0tZ2l0IGEvc3lzZGVwcy94ODYv X19sb25nam1wX2NhbmNlbC5TIGIvc3lzZGVwcy94ODYvX19sb25nam1wX2Nh bmNlbC5TCm5ldyBmaWxlIG1vZGUgMTAwNjQ0CmluZGV4IDAwMDAwMDAwMDAu LmI1N2RiZmEzNzYKLS0tIC9kZXYvbnVsbAorKysgYi9zeXNkZXBzL3g4Ni9f X2xvbmdqbXBfY2FuY2VsLlMKQEAgLTAsMCArMSwyMCBAQAorLyogX19sb25n am1wX2NhbmNlbCBmb3IgeDg2LgorICAgQ29weXJpZ2h0IChDKSAyMDE4IEZy ZWUgU29mdHdhcmUgRm91bmRhdGlvbiwgSW5jLgorICAgVGhpcyBmaWxlIGlz IHBhcnQgb2YgdGhlIEdOVSBDIExpYnJhcnkuCisKKyAgIFRoZSBHTlUgQyBM aWJyYXJ5IGlzIGZyZWUgc29mdHdhcmU7IHlvdSBjYW4gcmVkaXN0cmlidXRl IGl0IGFuZC9vcgorICAgbW9kaWZ5IGl0IHVuZGVyIHRoZSB0ZXJtcyBvZiB0 aGUgR05VIExlc3NlciBHZW5lcmFsIFB1YmxpYworICAgTGljZW5zZSBhcyBw dWJsaXNoZWQgYnkgdGhlIEZyZWUgU29mdHdhcmUgRm91bmRhdGlvbjsgZWl0 aGVyCisgICB2ZXJzaW9uIDIuMSBvZiB0aGUgTGljZW5zZSwgb3IgKGF0IHlv dXIgb3B0aW9uKSBhbnkgbGF0ZXIgdmVyc2lvbi4KKworICAgVGhlIEdOVSBD IExpYnJhcnkgaXMgZGlzdHJpYnV0ZWQgaW4gdGhlIGhvcGUgdGhhdCBpdCB3 aWxsIGJlIHVzZWZ1bCwKKyAgIGJ1dCBXSVRIT1VUIEFOWSBXQVJSQU5UWTsg d2l0aG91dCBldmVuIHRoZSBpbXBsaWVkIHdhcnJhbnR5IG9mCisgICBNRVJD SEFOVEFCSUxJVFkgb3IgRklUTkVTUyBGT1IgQSBQQVJUSUNVTEFSIFBVUlBP U0UuICBTZWUgdGhlIEdOVQorICAgTGVzc2VyIEdlbmVyYWwgUHVibGljIExp Y2Vuc2UgZm9yIG1vcmUgZGV0YWlscy4KKworICAgWW91IHNob3VsZCBoYXZl IHJlY2VpdmVkIGEgY29weSBvZiB0aGUgR05VIExlc3NlciBHZW5lcmFsIFB1 YmxpYworICAgTGljZW5zZSBhbG9uZyB3aXRoIHRoZSBHTlUgQyBMaWJyYXJ5 OyBpZiBub3QsIHNlZQorICAgPGh0dHA6Ly93d3cuZ251Lm9yZy9saWNlbnNl cy8+LiAgKi8KKworI2RlZmluZSBfX2xvbmdqbXAgX19sb25nam1wX2NhbmNl bAorI2luY2x1ZGUgPF9fbG9uZ2ptcC5TPgpkaWZmIC0tZ2l0IGEvc3lzZGVw cy94ODYvbG9uZ2ptcC5jIGIvc3lzZGVwcy94ODYvbG9uZ2ptcC5jCm5ldyBm aWxlIG1vZGUgMTAwNjQ0CmluZGV4IDAwMDAwMDAwMDAuLmE1M2YzMWUxZGQK LS0tIC9kZXYvbnVsbAorKysgYi9zeXNkZXBzL3g4Ni9sb25nam1wLmMKQEAg LTAsMCArMSw0NSBAQAorLyogX19saWJjX3NpZ2xvbmdqbXAgZm9yIHg4Ni4K KyAgIENvcHlyaWdodCAoQykgMjAxOCBGcmVlIFNvZnR3YXJlIEZvdW5kYXRp b24sIEluYy4KKyAgIFRoaXMgZmlsZSBpcyBwYXJ0IG9mIHRoZSBHTlUgQyBM aWJyYXJ5LgorCisgICBUaGUgR05VIEMgTGlicmFyeSBpcyBmcmVlIHNvZnR3 YXJlOyB5b3UgY2FuIHJlZGlzdHJpYnV0ZSBpdCBhbmQvb3IKKyAgIG1vZGlm eSBpdCB1bmRlciB0aGUgdGVybXMgb2YgdGhlIEdOVSBMZXNzZXIgR2VuZXJh bCBQdWJsaWMKKyAgIExpY2Vuc2UgYXMgcHVibGlzaGVkIGJ5IHRoZSBGcmVl IFNvZnR3YXJlIEZvdW5kYXRpb247IGVpdGhlcgorICAgdmVyc2lvbiAyLjEg b2YgdGhlIExpY2Vuc2UsIG9yIChhdCB5b3VyIG9wdGlvbikgYW55IGxhdGVy IHZlcnNpb24uCisKKyAgIFRoZSBHTlUgQyBMaWJyYXJ5IGlzIGRpc3RyaWJ1 dGVkIGluIHRoZSBob3BlIHRoYXQgaXQgd2lsbCBiZSB1c2VmdWwsCisgICBi dXQgV0lUSE9VVCBBTlkgV0FSUkFOVFk7IHdpdGhvdXQgZXZlbiB0aGUgaW1w bGllZCB3YXJyYW50eSBvZgorICAgTUVSQ0hBTlRBQklMSVRZIG9yIEZJVE5F U1MgRk9SIEEgUEFSVElDVUxBUiBQVVJQT1NFLiAgU2VlIHRoZSBHTlUKKyAg IExlc3NlciBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIGZvciBtb3JlIGRldGFp bHMuCisKKyAgIFlvdSBzaG91bGQgaGF2ZSByZWNlaXZlZCBhIGNvcHkgb2Yg dGhlIEdOVSBMZXNzZXIgR2VuZXJhbCBQdWJsaWMKKyAgIExpY2Vuc2UgYWxv bmcgd2l0aCB0aGUgR05VIEMgTGlicmFyeTsgaWYgbm90LCBzZWUKKyAgIDxo dHRwOi8vd3d3LmdudS5vcmcvbGljZW5zZXMvPi4gICovCisKKyNkZWZpbmUg X19saWJjX2xvbmdqbXAgX19yZWRpcmVjdF9fX2xpYmNfbG9uZ2ptcAorI2lu Y2x1ZGUgPHNldGptcC9sb25nam1wLmM+CisjdW5kZWYgX19saWJjX2xvbmdq bXAKKworZXh0ZXJuIHZvaWQgX19sb25nam1wX2NhbmNlbCAoX19qbXBfYnVm IF9fZW52LCBpbnQgX192YWwpCisgICAgIF9fYXR0cmlidXRlX18gKChfX25v cmV0dXJuX18pKSBhdHRyaWJ1dGVfaGlkZGVuOworCisvKiBTaW5jZSBfX2xp YmNfbG9uZ2ptcCBpcyBhIHByaXZhdGUgaW50ZXJmYWNlIGZvciBjYW5jZWxs YXRpb24KKyAgIGltcGxlbWVudGF0aW9uIGluIGxpYnB0aHJlYWQsIHRoZXJl IGlzIG5vIG5lZWQgdG8gcmVzdG9yZSBzaGFkb3cKKyAgIHN0YWNrIHJlZ2lz dGVyLiAgKi8KKwordm9pZAorX19saWJjX2xvbmdqbXAgKHNpZ2ptcF9idWYg ZW52LCBpbnQgdmFsKQoreworICAvKiBQZXJmb3JtIGFueSBjbGVhbnVwcyBu ZWVkZWQgYnkgdGhlIGZyYW1lcyBiZWluZyB1bndvdW5kLiAgKi8KKyAgX2xv bmdqbXBfdW53aW5kIChlbnYsIHZhbCk7CisKKyAgaWYgKGVudlswXS5fX21h c2tfd2FzX3NhdmVkKQorICAgIC8qIFJlc3RvcmUgdGhlIHNhdmVkIHNpZ25h bCBtYXNrLiAgKi8KKyAgICAodm9pZCkgX19zaWdwcm9jbWFzayAoU0lHX1NF VE1BU0ssCisJCQkgIChzaWdzZXRfdCAqKSAmZW52WzBdLl9fc2F2ZWRfbWFz aywKKwkJCSAgKHNpZ3NldF90ICopIE5VTEwpOworCisgIC8qIENhbGwgdGhl IG1hY2hpbmUtZGVwZW5kZW50IGZ1bmN0aW9uIHRvIHJlc3RvcmUgbWFjaGlu ZSBzdGF0ZQorICAgICB3aXRob3V0IHNoYWRvdyBzdGFjay4gICovCisgIF9f bG9uZ2ptcF9jYW5jZWwgKGVudlswXS5fX2ptcGJ1ZiwgdmFsID86IDEpOwor fQpkaWZmIC0tZ2l0IGEvc3lzZGVwcy94ODYvbnB0bC9wdC1sb25nam1wLmMg Yi9zeXNkZXBzL3g4Ni9ucHRsL3B0LWxvbmdqbXAuYwpuZXcgZmlsZSBtb2Rl IDEwMDY0NAppbmRleCAwMDAwMDAwMDAwLi43ZWI4NjUxY2ZlCi0tLSAvZGV2 L251bGwKKysrIGIvc3lzZGVwcy94ODYvbnB0bC9wdC1sb25nam1wLmMKQEAg LTAsMCArMSw5NyBAQAorLyogQUJJIGNvbXBhdGliaWxpdHkgZm9yICdsb25n am1wJyBhbmQgJ3NpZ2xvbmdqbXAnIHN5bWJvbHMgaW4gbGlicHRocmVhZCBB QkkuCisgICBYODYgdmVyc2lvbi4KKyAgIENvcHlyaWdodCAoQykgMTggRnJl ZSBTb2Z0d2FyZSBGb3VuZGF0aW9uLCBJbmMuCisgICBUaGlzIGZpbGUgaXMg cGFydCBvZiB0aGUgR05VIEMgTGlicmFyeS4KKworICAgVGhlIEdOVSBDIExp YnJhcnkgaXMgZnJlZSBzb2Z0d2FyZTsgeW91IGNhbiByZWRpc3RyaWJ1dGUg aXQgYW5kL29yCisgICBtb2RpZnkgaXQgdW5kZXIgdGhlIHRlcm1zIG9mIHRo ZSBHTlUgTGVzc2VyIEdlbmVyYWwgUHVibGljCisgICBMaWNlbnNlIGFzIHB1 Ymxpc2hlZCBieSB0aGUgRnJlZSBTb2Z0d2FyZSBGb3VuZGF0aW9uOyBlaXRo ZXIKKyAgIHZlcnNpb24gMi4xIG9mIHRoZSBMaWNlbnNlLCBvciAoYXQgeW91 ciBvcHRpb24pIGFueSBsYXRlciB2ZXJzaW9uLgorCisgICBUaGUgR05VIEMg TGlicmFyeSBpcyBkaXN0cmlidXRlZCBpbiB0aGUgaG9wZSB0aGF0IGl0IHdp bGwgYmUgdXNlZnVsLAorICAgYnV0IFdJVEhPVVQgQU5ZIFdBUlJBTlRZOyB3 aXRob3V0IGV2ZW4gdGhlIGltcGxpZWQgd2FycmFudHkgb2YKKyAgIE1FUkNI QU5UQUJJTElUWSBvciBGSVRORVNTIEZPUiBBIFBBUlRJQ1VMQVIgUFVSUE9T RS4gIFNlZSB0aGUgR05VCisgICBMZXNzZXIgR2VuZXJhbCBQdWJsaWMgTGlj ZW5zZSBmb3IgbW9yZSBkZXRhaWxzLgorCisgICBZb3Ugc2hvdWxkIGhhdmUg cmVjZWl2ZWQgYSBjb3B5IG9mIHRoZSBHTlUgTGVzc2VyIEdlbmVyYWwgUHVi bGljCisgICBMaWNlbnNlIGFsb25nIHdpdGggdGhlIEdOVSBDIExpYnJhcnk7 IGlmIG5vdCwgc2VlCisgICA8aHR0cDovL3d3dy5nbnUub3JnL2xpY2Vuc2Vz Lz4uICAqLworCisvKiA8bnB0bC9kZXNjci5oPiBoYXMKKworc3RydWN0IHB0 aHJlYWRfdW53aW5kX2J1ZgoreworICBzdHJ1Y3QKKyAgeworICAgIF9fam1w X2J1ZiBqbXBfYnVmOworICAgIGludCBtYXNrX3dhc19zYXZlZDsKKyAgfSBj YW5jZWxfam1wX2J1ZlsxXTsKKworICB1bmlvbgorICB7CisgICAgdm9pZCAq cGFkWzRdOworICAgIHN0cnVjdAorICAgIHsKKyAgICAgIHN0cnVjdCBwdGhy ZWFkX3Vud2luZF9idWYgKnByZXY7CisgICAgICBzdHJ1Y3QgX3B0aHJlYWRf Y2xlYW51cF9idWZmZXIgKmNsZWFudXA7CisgICAgICBpbnQgY2FuY2VsdHlw ZTsKKyAgICB9IGRhdGE7CisgIH0gcHJpdjsKK307CisKKyAgVGhlIHBhZCBh cnJheSBpbiBzdHJ1Y3QgcHRocmVhZF91bndpbmRfYnVmIGlzIHVzZWQgYnkg c2V0am1wIHRvIHNhdmUKKyAgc2hhZG93IHN0YWNrIHJlZ2lzdGVyLiAgQXNz ZXJ0IHRoYXQgc2l6ZSBvZiBzdHJ1Y3QgcHRocmVhZF91bndpbmRfYnVmCisg IGlzIG5vIGxlc3MgdGhhbiBvZmZzZXQgb2Ygc2hhZG93IHN0YWNrIHBvaW50 ZXIgcGx1cyBzaGFkb3cgc3RhY2sKKyAgcG9pbnRlciBzaXplLgorCisgIE5C OiBzZXRqbXAgaXMgY2FsbGVkIGluIGxpYnB0aHJlYWQgdG8gc2F2ZSBzaGFk b3cgc3RhY2sgcmVnaXN0ZXIuICBCdXQKKyAgX19saWJjX3Vud2luZF9sb25n am1wIGRvZXNuJ3QgcmVzdG9yZSBzaGFkb3cgc3RhY2sgcmVnaXN0ZXIgc2lu Y2UgdGhleQorICBuZXZlciByZXR1cm4gYWZ0ZXIgbG9uZ2ptcC4gICovCisK KyNpbmNsdWRlIDxwdGhyZWFkUC5oPgorI2luY2x1ZGUgPGptcF9idWYtc3Nw Lmg+CisKKyNpZmRlZiBfX3g4Nl82NF9fCisjIGRlZmluZSBTSEFET1dfU1RB Q0tfUE9JTlRFUl9TSVpFIDgKKyNlbHNlCisjIGRlZmluZSBTSEFET1dfU1RB Q0tfUE9JTlRFUl9TSVpFIDQKKyNlbmRpZgorCitfU3RhdGljX2Fzc2VydCAo KHNpemVvZiAoc3RydWN0IHB0aHJlYWRfdW53aW5kX2J1ZikKKwkJID49IChT SEFET1dfU1RBQ0tfUE9JTlRFUl9PRkZTRVQKKwkJICAgICArIFNIQURPV19T VEFDS19QT0lOVEVSX1NJWkUpKSwKKwkJInNpemUgb2Ygc3RydWN0IHB0aHJl YWRfdW53aW5kX2J1ZiA8ICIKKwkJIihTSEFET1dfU1RBQ0tfUE9JTlRFUl9P RkZTRVQgKyBTSEFET1dfU1RBQ0tfUE9JTlRFUl9TSVpFKSIpOworCisjaW5j bHVkZSA8c2hsaWItY29tcGF0Lmg+CisKKy8qIGxpYnB0aHJlYWQgb25jZSBo YWQgaXRzIG93biBsb25nam1wIChhbmQgc2lnbG9uZ2ptcCBhbGlhcyksIHRo b3VnaCB0aGVyZQorICAgd2FzIG5vIGFwcGFyZW50IHJlYXNvbiBmb3IgaXQu ICBUaGVyZSBpcyBubyB1c2UgaW4gaGF2aW5nIGEgc2VwYXJhdGUKKyAgIHN5 bWJvbCBpbiBsaWJwdGhyZWFkLCBidXQgdGhlIGhpc3RvcmljYWwgQUJJIHJl cXVpcmVzIGl0LiAgRm9yIHN0YXRpYworICAgbGlua2luZywgdGhlcmUgaXMg bm8gbmVlZCB0byBwcm92aWRlIGFueXRoaW5nIGhlcmUtLXRoZSBsaWJjIHZl cnNpb24KKyAgIHdpbGwgYmUgbGlua2VkIGluLiAgRm9yIHNoYXJlZCBsaWJy YXJ5IEFCSSBjb21wYXRpYmlsaXR5LCB0aGVyZSBtdXN0IGJlCisgICBsb25n am1wIGFuZCBzaWdsb25nam1wIHN5bWJvbHMgaW4gbGlicHRocmVhZC5zby4K KworICAgV2l0aCBhbiBJRlVOQyByZXNvbHZlciwgaXQgd291bGQgYmUgcG9z c2libGUgdG8gYXZvaWQgdGhlIGluZGlyZWN0aW9uLAorICAgYnV0IHRoZSBJ RlVOQyByZXNvbHZlciBtaWdodCBydW4gYmVmb3JlIHRoZSBfX2xpYmNfbG9u Z2ptcCBzeW1ib2wgaGFzCisgICBiZWVuIHJlbG9jYXRlZCwgaW4gd2hpY2gg Y2FzZSB0aGUgSUZVTkMgcmVzb2x2ZXIgd291bGQgbm90IGJlIGFibGUgdG8K KyAgIHByb3ZpZGUgdGhlIGNvcnJlY3QgYWRkcmVzcy4gICovCisKKyNpZiBT SExJQl9DT01QQVQgKGxpYnB0aHJlYWQsIEdMSUJDXzJfMCwgR0xJQkNfMl8y MikKKworc3RhdGljIHZvaWQgX19hdHRyaWJ1dGVfXyAoKG5vcmV0dXJuLCB1 c2VkKSkKK2xvbmdqbXBfY29tcGF0IChqbXBfYnVmIGVudiwgaW50IHZhbCkK K3sKKyAgLyogTkI6IFdlIGNhbGwgX19saWJjX3NpZ2xvbmdqbXAsICBpbnN0 ZWFkIG9mIF9fbGliY19sb25nam1wLCBzaW5jZQorICAgICBfX2xpYmNfbG9u Z2ptcCBpcyBhIHByaXZhdGUgaW50ZXJmYWNlIGZvciBjYW5jZWxsYXRpb24g d2hpY2gKKyAgICAgZG9lc24ndCByZXN0b3JlIHNoYWRvdyBzdGFjayByZWdp c3Rlci4gICovCisgIF9fbGliY19zaWdsb25nam1wIChlbnYsIHZhbCk7Cit9 CisKK3N0cm9uZ19hbGlhcyAobG9uZ2ptcF9jb21wYXQsIGxvbmdqbXBfYWxp YXMpCitjb21wYXRfc3ltYm9sIChsaWJwdGhyZWFkLCBsb25nam1wX2FsaWFz LCBsb25nam1wLCBHTElCQ18yXzApOworCitzdHJvbmdfYWxpYXMgKGxvbmdq bXBfYWxpYXMsIHNpZ2xvbmdqbXBfYWxpYXMpCitjb21wYXRfc3ltYm9sIChs aWJwdGhyZWFkLCBzaWdsb25nam1wX2FsaWFzLCBzaWdsb25nam1wLCBHTElC Q18yXzApOworCisjZW5kaWYKLS0gCjIuMTQuMwoK --000000000000efc45c0569af6bf8--