From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 90069 invoked by alias); 6 Apr 2018 20:26:50 -0000 Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: libc-alpha-owner@sourceware.org Received: (qmail 90058 invoked by uid 89); 6 Apr 2018 20:26:49 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-23.3 required=5.0 tests=AWL,BAYES_00,FREEMAIL_FROM,GIT_PATCH_0,GIT_PATCH_1,GIT_PATCH_2,GIT_PATCH_3,KAM_SHORT,RCVD_IN_DNSWL_NONE,SPF_PASS,UNSUBSCRIBE_BODY autolearn=ham version=3.3.2 spammy= X-HELO: mail-ot0-f194.google.com X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=0IVlSGTWQu5vIdS7waXJEp05/BwbzBoC8qwjWHhPPOs=; b=kH8Vuy/SWk5ux1RfwkJfnhpSLjKWjgnoBtvTcdtS1V7WgqsxAjozBztvWuFrUoREIg otesfiqkI1EAiC5T9kxkxv7GLz3C3PnE+po8hH/YaSHB3Nw2/Lwo/SMKLfx13eY+CrE7 +5rK+j9Wi3bwaJgxHjqSwZCxx0jiiw+PTXJBcrYSJ0SP5NHKLKVSEbyA+50l9Wk2hdAT M25lCEzBUAlDAGX8e1YUrUICaYQIFiyG3m6i4p3MnMHi5xH0UCtQE+bO6+5Lr+ok/FjH UILOyzYQcDQPPjbj+SsfxOXIU7Bn2n5irebhZf40NLwimiKnH6X5OUS6A+Jmm1jwwY8A IGig== X-Gm-Message-State: ALQs6tAmiISeOjhPgApUU8wmhkXU/f9wXzTr36lHs0Tj6tkNz5+hCWZK dL6MIKznZKeNpPHYlQPLNF7q0IZ7NKzDXNMUzBE= X-Google-Smtp-Source: AIpwx49QyciBKpQAIirYzC/gFwrWbVhnLyBYaByolzBBPhEU5ogOfHmcXMYyhyBDVNN0PUjZnn8E5Z0hlL7tVgD5q8g= X-Received: by 2002:a9d:5186:: with SMTP id y6-v6mr3791868otg.125.1523046402234; Fri, 06 Apr 2018 13:26:42 -0700 (PDT) MIME-Version: 1.0 In-Reply-To: References: <61a5b452-e59e-dfef-4530-a94a60480961@redhat.com> From: "H.J. Lu" Date: Fri, 06 Apr 2018 20:26:00 -0000 Message-ID: Subject: Re: [PATCH] x86: Use pad in pthread_unwind_buf to preserve shadow stack register To: "Carlos O'Donell" Cc: Florian Weimer , Joseph Myers , "Tsimbalist, Igor V" , GNU C Library Content-Type: multipart/mixed; boundary="000000000000c83b24056933df64" X-SW-Source: 2018-04/txt/msg00156.txt.bz2 --000000000000c83b24056933df64 Content-Type: text/plain; charset="UTF-8" Content-length: 22194 On Fri, Apr 6, 2018 at 5:59 AM, H.J. Lu wrote: > On Thu, Apr 5, 2018 at 9:46 PM, Carlos O'Donell wrote: >> On 03/30/2018 12:41 PM, H.J. Lu wrote: >>> On Thu, Mar 29, 2018 at 1:20 PM, Florian Weimer wrote: >>>> * H. J. Lu: >>>> >>>>> On Thu, Mar 29, 2018 at 1:15 PM, Florian Weimer wrote: >>>>>> * H. J. Lu: >>>>>> >>>>>>> You need to make a choice. You either don't introduce a new symbol >>>>>>> version or don't save shadow stack for thread cancellation. You >>>>>>> can't have both. >>>>>> I don't understand. We have room to save the shadow stack pointer in >>>>>> the existing struct. >>>>> No, we don't have room in struct pthread_unwind_buf: >>>>> >>>>> Note: There is an unused pointer space in pthread_unwind_buf_data. But >>>>> it isn't suitable for saving and restoring shadow stack register since >>>>> x32 is a 64-bit process with 32-bit software pointer and kernel may >>>>> place x32 shadow stack above 4GB. We need to save and restore 64-bit >>>>> shadow stack register for x32. >>>> We have for void * fields. They are subsequently overwritten by >>>> __pthread_register_cancel. But __sigsetjmp can write to them first >>>> without causing any harm. We just need a private __longjmp_cancel >>>> that doesn't restore the shadow stack pointer. >>> Here is the patch which does that. Any comments? >> >> OK, so I have reviewed https://github.com/hjl-tools/glibc/ hjl/cet/master, >> please confirm that this is the correct branch of the required implementation >> for CET. It really helps to review the rest of the patch set, you should be >> preparing this as a patch set instead of having it reviewed one-at-a-time. >> This issue was already raised in the thread with Zack. > > Thanks for your feedbacks. > >> Architecture: >> >> * We avoid a "flag day" with feature_1 TCB flag to switch to a new ABI, >> which we have discussed is a fragile process which should be avoided if >> a supportable alternative solution exists. >> >> * We avoid versioned symbols, this makes CET backportable, and this has a >> bigger benefit for long-term stable distributions. >> >> * A key design problem has been that cancellation jump buffers within glibc >> are truncated to optimize on-stack size, and this means that setjmp could >> write beyond the structure because setjmp now tries to save the shadowstack >> pointer into space that the cancellation jump buffer did not allocate. >> For the record this optimization seems premature and I'm sad we did it, this >> is a lesson we should learn from. >> >> * We have all agreed to the following concepts: >> >> * The cancellation process, in particular the unwinder, never returns from >> any of the functions we call, it just keeps calling into the unwinder to >> jump to the next unwound cancellation function all the way to the thread >> start routine. Therefore because we never return from one of these functions >> we never need to restore the shadow stack, and consequently wherever it is >> stored in the cancellation jump buffer can be overwritten if we need the >> space (it's a dead store). >> >> * The corollary to this is that function calls made from cancellation handlers >> will continue to advance the shadowstack from the deepest point at which >> cancellation is initiated from. This means that the depth of the shadowstack >> doesn't match the depth of the real stack while we are unwinding. I don't >> know if this will have consequences on analysis tooling or not, or debug >> tools during unwinding. It's a fairly advanced situation and corner case, >> and restoring the shadowstack is not useful becuase we don't need it and >> simplifies the implementation. >> >> * The cancellation jump buffer has private data used for chaining the cancel >> jump buffers together such that the custom unwinder can follow them and >> call them in sequence. This space constitutes 4 void *'s which is space >> that setjmp can write to, because we will just overwrite it when we register >> the cancel handler. >> >> * If the new shadowstack-enabled setjmp stores the shadowstack pointer into >> the space taken by the 4 void*'s then we won't overflow the stack, and we >> don't need to change the layout of the cancellation jump buffer. The 4 void*'s >> are sufficient, even for x32 to write a 64-bit shadow stack address. >> >> * After fixing the cancellation jump buffers the following work needs to be reviewed: >> >> * Add feature_1 in tcb head to track CET status and make it easily available >> to runtime for checking. >> >> * Save and restore shadowstack in setjmp/longjmp. >> >> * Add CET support to ld.so et. al. and track runtime status. >> >> * Adjust vfork for shadow stack usage. >> >> * Add ENDBR or NOTRACK where required in assembly. >> >> * CET and makecontext incompatible. >> - Probably need to discuss which default is appropriate. >> - Should the user get CET automatically disabled in makecontext() et. al. silently? >> - Should your current solution, which is to error out during the build, and require >> flag changes, be the default? This forces the user to review the security for their >> application. > > I'd like to reserve 4 slots in ucontext for shadow stack: > > https://github.com/hjl-tools/glibc/commit/9bf6aefa8fb45f8df140d42ce9cf890bb24076e1 > > It should be binary backward compatible. I will investigate if there is a way > to support shadow stack with existing API. Otherwise, we need to add a new > API for ucontext functions with shadow stack. > >> * prctl for CET. > > We have been experimenting different approaches to get the best implementation. > I am expecting that this patch may change as we collect more data. > >> * The work to review after this patch appears to be less contentious in terms of >> the kinds of changes that are required. Most of the changes are internal details >> of enabling CET and not ABI details, with the exception of the possible pain we >> might cause with makecontext() being unsupported and what default position to take >> there. >> >> Design: >> >> * Overall the implementation looks exactly how I might expect it to look, but some >> of the math that places the shadowstack pointer appears to need either commenting >> or fixing because I don't understand it. You need to make it easy for me to see >> that we have placed the shadowstack pointer into the 4 pad words. >> >> Details: >> >> * One comment needs filling out a bit more, noted below. >> >>> 0001-x86-Use-pad-in-pthread_unwind_buf-to-preserve-shadow.patch >>> >>> >>> From f222537447f5ec879427f318b7c0396362b7453a Mon Sep 17 00:00:00 2001 >>> From: "H.J. Lu" >>> Date: Sat, 24 Feb 2018 17:23:54 -0800 >>> Subject: [PATCH] x86: Use pad in pthread_unwind_buf to preserve shadow stack >>> register >>> >>> The pad array in struct pthread_unwind_buf is used by setjmp to save >>> shadow stack register. We assert that size of struct pthread_unwind_buf >>> is no less than offset of shadow stack pointer + shadow stack pointer >>> size. >>> >> >> OK. >> >>> Since functions, like LIBC_START_MAIN, START_THREAD_DEFN as well as >>> these with thread cancellation, call setjmp, but never return after >>> __libc_unwind_longjmp, __libc_unwind_longjmp, which is defined as >>> __libc_longjmp on x86, doesn't need to restore shadow stack register. >> >> OK. >> >>> __libc_longjmp, which is a private interface for thread cancellation >>> implementation in libpthread, is changed to call __longjmp_cancel, >>> instead of __longjmp. __longjmp_cancel is a new internal function >>> in libc, which is similar to __longjmp, but doesn't restore shadow >>> stack register. >> >> OK. Good. I like the use of a __longjmp_cancel name to call out what's >> going on in the API (clear semantics). >> >>> >>> The compatibility longjmp and siglongjmp in libpthread.so are changed >>> to call __libc_siglongjmp, instead of __libc_longjmp, so that they will >>> restore shadow stack register. >> >> OK. >> >>> >>> Tested with build-many-glibcs.py. >>> >>> * nptl/pthread_create.c (START_THREAD_DEFN): Clear previous >>> handlers after setjmp. >>> * setjmp/longjmp.c (__libc_longjmp): Don't define alias if >>> defined. >>> * sysdeps/unix/sysv/linux/x86/setjmpP.h (_JUMP_BUF_SIGSET_NSIG): >>> Changed to 97. >>> * sysdeps/x86/Makefile (sysdep_routines): Add __longjmp_cancel. >>> * sysdeps/x86/__longjmp_cancel.S: New file. >>> * sysdeps/x86/longjmp.c: Likewise. >>> * sysdeps/x86/nptl/pt-longjmp.c: Likewise. >> >> This looks much better. >> >>> --- >>> nptl/pthread_create.c | 9 ++-- >>> setjmp/longjmp.c | 2 + >>> sysdeps/unix/sysv/linux/x86/setjmpP.h | 4 +- >>> sysdeps/x86/Makefile | 4 ++ >>> sysdeps/x86/__longjmp_cancel.S | 20 ++++++++ >>> sysdeps/x86/longjmp.c | 45 ++++++++++++++++ >>> sysdeps/x86/nptl/pt-longjmp.c | 97 +++++++++++++++++++++++++++++++++++ >>> 7 files changed, 176 insertions(+), 5 deletions(-) >>> create mode 100644 sysdeps/x86/__longjmp_cancel.S >>> create mode 100644 sysdeps/x86/longjmp.c >>> create mode 100644 sysdeps/x86/nptl/pt-longjmp.c >>> >>> diff --git a/nptl/pthread_create.c b/nptl/pthread_create.c >>> index caaf07c134..1c5b3780c6 100644 >>> --- a/nptl/pthread_create.c >>> +++ b/nptl/pthread_create.c >>> @@ -427,12 +427,15 @@ START_THREAD_DEFN >>> compilers without that support we do use setjmp. */ >>> struct pthread_unwind_buf unwind_buf; >>> >>> - /* No previous handlers. */ >>> + int not_first_call; >>> + not_first_call = setjmp ((struct __jmp_buf_tag *) unwind_buf.cancel_jmp_buf); >>> + >>> + /* No previous handlers. NB: This must be done after setjmp since >>> + the same space may be used by setjmp to store extra data which >>> + should never be used by __libc_unwind_longjmp. */ >> >> Suggest: >> ~~~ >> No previous handlers. NB: This must be done after setjmp since >> the private space in the unwind jump buffer may overlap space >> used by setjmp to store extra architecture-specific information >> which is never be used by the cancellation-specific >> __libc_unwind_longjmp. >> >> The private space is allowed to overlap because the unwinder never >> has to return through any of the jumped-to call frames, and thus >> only a minimum amount of saved data need be stored, and for example, >> need not include the process signal mask information. This is all >> an optimization to reduce stack usage when pushing cancellation >> handlers. >> ~~~ > > Will fix it. > >>> unwind_buf.priv.data.prev = NULL; >>> unwind_buf.priv.data.cleanup = NULL; >>> >>> - int not_first_call; >>> - not_first_call = setjmp ((struct __jmp_buf_tag *) unwind_buf.cancel_jmp_buf); >> >> OK. >> >>> if (__glibc_likely (! not_first_call)) >>> { >>> /* Store the new cleanup handler info. */ >>> diff --git a/setjmp/longjmp.c b/setjmp/longjmp.c >>> index a2a7065a85..453889e103 100644 >>> --- a/setjmp/longjmp.c >>> +++ b/setjmp/longjmp.c >>> @@ -40,9 +40,11 @@ __libc_siglongjmp (sigjmp_buf env, int val) >>> } >>> >>> #ifndef __libc_siglongjmp >>> +# ifndef __libc_longjmp >>> /* __libc_longjmp is a private interface for cancellation implementation >>> in libpthread. */ >>> strong_alias (__libc_siglongjmp, __libc_longjmp) >>> +# endif >> >> OK. >> >>> weak_alias (__libc_siglongjmp, _longjmp) >>> weak_alias (__libc_siglongjmp, longjmp) >>> weak_alias (__libc_siglongjmp, siglongjmp) >>> diff --git a/sysdeps/unix/sysv/linux/x86/setjmpP.h b/sysdeps/unix/sysv/linux/x86/setjmpP.h >>> index c0ed767a0d..90a6bbcf32 100644 >>> --- a/sysdeps/unix/sysv/linux/x86/setjmpP.h >>> +++ b/sysdeps/unix/sysv/linux/x86/setjmpP.h >>> @@ -22,8 +22,8 @@ >>> #include >>> >>> /* The biggest signal number + 1. As of kernel 4.14, x86 _NSIG is 64. >>> - Define it to 513 to leave some rooms for future use. */ >>> -#define _JUMP_BUF_SIGSET_NSIG 513 >>> + Define it to 97 to leave some rooms for future use. */ >> >> OK. >> >>> +#define _JUMP_BUF_SIGSET_NSIG 97 >> >> Please provide proof in the way of a comment or rewriting this constant >> to show that it places the shadow stack pointer on both x86_64 and x32 >> into the range of the private pad. > > sysdeps/x86/nptl/pt-longjmp.c has > > _Static_assert ((sizeof (struct pthread_unwind_buf) >>= (SHADOW_STACK_POINTER_OFFSET > + SHADOW_STACK_POINTER_SIZE)), > "size of struct pthread_unwind_buf < " > "(SHADOW_STACK_POINTER_OFFSET + SHADOW_STACK_POINTER_SIZE)"); > > If shadow stack pointer is saved in the offset bigger than the size of > struct pthread_unwind_buf, assert will trigger at compile-time. > >> Also, from commit f33632ccd1dec3217583fcfdd965afb62954203c, >> where did this math come from? >> >> ((_JUMP_BUF_SIGSET_NSIG - 1 + 7) / (8 * sizeof (unsigned long int))) >> >> Why the +7? > > _JUMP_BUF_SIGSET_NSIG is the biggest signal number + 1. > _JUMP_BUF_SIGSET_NSIG - 1 gives the biggest signal number. > _JUMP_BUF_SIGSET_NSIG - 1 + 7 rounds up to the number of bytes > which are needed to store the biggest signal number. > >>> /* Number of longs to hold all signals. */ >>> #define _JUMP_BUF_SIGSET_NWORDS \ >>> ((_JUMP_BUF_SIGSET_NSIG - 1 + 7) / (8 * sizeof (unsigned long int))) >>> diff --git a/sysdeps/x86/Makefile b/sysdeps/x86/Makefile >>> index 0d0326c21a..d25d6f0ae4 100644 >>> --- a/sysdeps/x86/Makefile >>> +++ b/sysdeps/x86/Makefile >>> @@ -8,3 +8,7 @@ sysdep-dl-routines += dl-get-cpu-features >>> tests += tst-get-cpu-features >>> tests-static += tst-get-cpu-features-static >>> endif >>> + >>> +ifeq ($(subdir),setjmp) >>> +sysdep_routines += __longjmp_cancel >>> +endif >> >> OK. >> >>> diff --git a/sysdeps/x86/__longjmp_cancel.S b/sysdeps/x86/__longjmp_cancel.S >>> new file mode 100644 >>> index 0000000000..b57dbfa376 >>> --- /dev/null >>> +++ b/sysdeps/x86/__longjmp_cancel.S >>> @@ -0,0 +1,20 @@ >>> +/* __longjmp_cancel for x86. >>> + Copyright (C) 2018 Free Software Foundation, Inc. >>> + This file is part of the GNU C Library. >>> + >>> + The GNU C Library is free software; you can redistribute it and/or >>> + modify it under the terms of the GNU Lesser General Public >>> + License as published by the Free Software Foundation; either >>> + version 2.1 of the License, or (at your option) any later version. >>> + >>> + The GNU C Library is distributed in the hope that it will be useful, >>> + but WITHOUT ANY WARRANTY; without even the implied warranty of >>> + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU >>> + Lesser General Public License for more details. >>> + >>> + You should have received a copy of the GNU Lesser General Public >>> + License along with the GNU C Library; if not, see >>> + . */ >>> + >>> +#define __longjmp __longjmp_cancel >>> +#include <__longjmp.S> >> >> OK. >> >>> diff --git a/sysdeps/x86/longjmp.c b/sysdeps/x86/longjmp.c >>> new file mode 100644 >>> index 0000000000..a53f31e1dd >>> --- /dev/null >>> +++ b/sysdeps/x86/longjmp.c >>> @@ -0,0 +1,45 @@ >>> +/* __libc_siglongjmp for x86. >>> + Copyright (C) 2018 Free Software Foundation, Inc. >>> + This file is part of the GNU C Library. >>> + >>> + The GNU C Library is free software; you can redistribute it and/or >>> + modify it under the terms of the GNU Lesser General Public >>> + License as published by the Free Software Foundation; either >>> + version 2.1 of the License, or (at your option) any later version. >>> + >>> + The GNU C Library is distributed in the hope that it will be useful, >>> + but WITHOUT ANY WARRANTY; without even the implied warranty of >>> + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU >>> + Lesser General Public License for more details. >>> + >>> + You should have received a copy of the GNU Lesser General Public >>> + License along with the GNU C Library; if not, see >>> + . */ >>> + >>> +#define __libc_longjmp __redirect___libc_longjmp >>> +#include >>> +#undef __libc_longjmp >>> + >>> +extern void __longjmp_cancel (__jmp_buf __env, int __val) >>> + __attribute__ ((__noreturn__)) attribute_hidden; >>> + >>> +/* Since __libc_longjmp is a private interface for cancellation >>> + implementation in libpthread, there is no need to restore shadow >>> + stack register. */ >>> + >>> +void >>> +__libc_longjmp (sigjmp_buf env, int val) >>> +{ >>> + /* Perform any cleanups needed by the frames being unwound. */ >>> + _longjmp_unwind (env, val); >> >> OK. >> >>> + >>> + if (env[0].__mask_was_saved) >>> + /* Restore the saved signal mask. */ >>> + (void) __sigprocmask (SIG_SETMASK, >>> + (sigset_t *) &env[0].__saved_mask, >>> + (sigset_t *) NULL); >> >> OK. >> >>> + >>> + /* Call the machine-dependent function to restore machine state >>> + without shadow stack. */ >>> + __longjmp_cancel (env[0].__jmpbuf, val ?: 1); >> >> OK. >> >>> +} >>> diff --git a/sysdeps/x86/nptl/pt-longjmp.c b/sysdeps/x86/nptl/pt-longjmp.c >>> new file mode 100644 >>> index 0000000000..7eb8651cfe >>> --- /dev/null >>> +++ b/sysdeps/x86/nptl/pt-longjmp.c >>> @@ -0,0 +1,97 @@ >>> +/* ABI compatibility for 'longjmp' and 'siglongjmp' symbols in libpthread ABI. >>> + X86 version. >>> + Copyright (C) 18 Free Software Foundation, Inc. >>> + This file is part of the GNU C Library. >>> + >>> + The GNU C Library is free software; you can redistribute it and/or >>> + modify it under the terms of the GNU Lesser General Public >>> + License as published by the Free Software Foundation; either >>> + version 2.1 of the License, or (at your option) any later version. >>> + >>> + The GNU C Library is distributed in the hope that it will be useful, >>> + but WITHOUT ANY WARRANTY; without even the implied warranty of >>> + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU >>> + Lesser General Public License for more details. >>> + >>> + You should have received a copy of the GNU Lesser General Public >>> + License along with the GNU C Library; if not, see >>> + . */ >>> + >>> +/* has >>> + >>> +struct pthread_unwind_buf >>> +{ >>> + struct >>> + { >>> + __jmp_buf jmp_buf; >>> + int mask_was_saved; >>> + } cancel_jmp_buf[1]; >>> + >>> + union >>> + { >>> + void *pad[4]; >>> + struct >>> + { >>> + struct pthread_unwind_buf *prev; >>> + struct _pthread_cleanup_buffer *cleanup; >>> + int canceltype; >>> + } data; >>> + } priv; >>> +}; >>> + >>> + The pad array in struct pthread_unwind_buf is used by setjmp to save >> >> This appears to be SHADOW_STACK_POINTER_OFFSET in subsequent patches. >> >> However on your hjl/cet/master branch it appears that this offset is not >> defined to be *just after* the mask_was_saved? > > sysdeps/unix/sysv/linux/x86/setjmpP.h has > > typedef struct > { > unsigned long int __val[_JUMP_BUF_SIGSET_NWORDS]; > } __jmp_buf_sigset_t; > > typedef union > { > __sigset_t __saved_mask_compat; > struct > { > __jmp_buf_sigset_t __saved_mask; > /* Used for shadow stack pointer. */ > unsigned long int __shadow_stack_pointer; > } __saved; > } __jmpbuf_arch_t; > > __shadow_stack_pointer is placed after __saved_mask, aka mask_was_saved. > >>> + shadow stack register. Assert that size of struct pthread_unwind_buf >>> + is no less than offset of shadow stack pointer plus shadow stack >>> + pointer size. >>> + >>> + NB: setjmp is called in libpthread to save shadow stack register. But >>> + __libc_unwind_longjmp doesn't restore shadow stack register since they >>> + never return after longjmp. */ >>> + >>> +#include >>> +#include >>> + >>> +#ifdef __x86_64__ >>> +# define SHADOW_STACK_POINTER_SIZE 8 >>> +#else >>> +# define SHADOW_STACK_POINTER_SIZE 4 >>> +#endif >>> + >>> +_Static_assert ((sizeof (struct pthread_unwind_buf) >>> + >= (SHADOW_STACK_POINTER_OFFSET >>> + + SHADOW_STACK_POINTER_SIZE)), >>> + "size of struct pthread_unwind_buf < " >>> + "(SHADOW_STACK_POINTER_OFFSET + SHADOW_STACK_POINTER_SIZE)"); >> >> OK. >> >>> + >>> +#include >>> + >>> +/* libpthread once had its own longjmp (and siglongjmp alias), though there >>> + was no apparent reason for it. There is no use in having a separate >>> + symbol in libpthread, but the historical ABI requires it. For static >>> + linking, there is no need to provide anything here--the libc version >>> + will be linked in. For shared library ABI compatibility, there must be >>> + longjmp and siglongjmp symbols in libpthread.so. >>> + >>> + With an IFUNC resolver, it would be possible to avoid the indirection, >>> + but the IFUNC resolver might run before the __libc_longjmp symbol has >>> + been relocated, in which case the IFUNC resolver would not be able to >>> + provide the correct address. */ >>> + >>> +#if SHLIB_COMPAT (libpthread, GLIBC_2_0, GLIBC_2_22) >>> + >>> +static void __attribute__ ((noreturn, used)) >>> +longjmp_compat (jmp_buf env, int val) >>> +{ >>> + /* NB: We call __libc_siglongjmp, instead of __libc_longjmp, since >>> + __libc_longjmp is a private interface for cancellation which >>> + doesn't restore shadow stack register. */ >>> + __libc_siglongjmp (env, val); >> >> OK. >> >>> +} >>> + >>> +strong_alias (longjmp_compat, longjmp_alias) >>> +compat_symbol (libpthread, longjmp_alias, longjmp, GLIBC_2_0); >>> + >>> +strong_alias (longjmp_alias, siglongjmp_alias) >>> +compat_symbol (libpthread, siglongjmp_alias, siglongjmp, GLIBC_2_0); >>> + >>> +#endif >>> -- 2.14.3 >> >> Here is the updated patch. OK for master? I will submit a CET patch set after this patch is merged. Thanks. -- H.J. --000000000000c83b24056933df64 Content-Type: text/x-patch; charset="US-ASCII"; name="0001-x86-Use-pad-in-pthread_unwind_buf-to-preserve-shadow.patch" Content-Disposition: attachment; filename="0001-x86-Use-pad-in-pthread_unwind_buf-to-preserve-shadow.patch" Content-Transfer-Encoding: base64 X-Attachment-Id: f_jfoeapk90 Content-length: 15913 RnJvbSBhMWY4YTA2MjEyZGQzYzVlZDQ0NWZkYzRlMjM0MjRiNzY2ZDQxOTMy IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiAiSC5KLiBMdSIgPGhq bC50b29sc0BnbWFpbC5jb20+CkRhdGU6IFNhdCwgMjQgRmViIDIwMTggMTc6 MjM6NTQgLTA4MDAKU3ViamVjdDogW1BBVENIXSB4ODY6IFVzZSBwYWQgaW4g cHRocmVhZF91bndpbmRfYnVmIHRvIHByZXNlcnZlIHNoYWRvdyBzdGFjawog cmVnaXN0ZXIKClRoZSBwYWQgYXJyYXkgaW4gc3RydWN0IHB0aHJlYWRfdW53 aW5kX2J1ZiBpcyB1c2VkIGJ5IHNldGptcCB0byBzYXZlCnNoYWRvdyBzdGFj ayByZWdpc3Rlci4gIFdlIGFzc2VydCB0aGF0IHNpemUgb2Ygc3RydWN0IHB0 aHJlYWRfdW53aW5kX2J1ZgppcyBubyBsZXNzIHRoYW4gb2Zmc2V0IG9mIHNo YWRvdyBzdGFjayBwb2ludGVyICsgc2hhZG93IHN0YWNrIHBvaW50ZXIKc2l6 ZS4KClNpbmNlIGZ1bmN0aW9ucywgbGlrZSBMSUJDX1NUQVJUX01BSU4sIFNU QVJUX1RIUkVBRF9ERUZOIGFzIHdlbGwgYXMKdGhlc2Ugd2l0aCB0aHJlYWQg Y2FuY2VsbGF0aW9uLCBjYWxsIHNldGptcCwgYnV0IG5ldmVyIHJldHVybiBh ZnRlcgpfX2xpYmNfdW53aW5kX2xvbmdqbXAsIF9fbGliY191bndpbmRfbG9u Z2ptcCwgd2hpY2ggaXMgZGVmaW5lZCBhcwpfX2xpYmNfbG9uZ2ptcCBvbiB4 ODYsIGRvZXNuJ3QgbmVlZCB0byByZXN0b3JlIHNoYWRvdyBzdGFjayByZWdp c3Rlci4KX19saWJjX2xvbmdqbXAsIHdoaWNoIGlzIGEgcHJpdmF0ZSBpbnRl cmZhY2UgZm9yIHRocmVhZCBjYW5jZWxsYXRpb24KaW1wbGVtZW50YXRpb24g aW4gbGlicHRocmVhZCwgaXMgY2hhbmdlZCB0byBjYWxsIF9fbG9uZ2ptcF9j YW5jZWwsCmluc3RlYWQgb2YgX19sb25nam1wLiAgX19sb25nam1wX2NhbmNl bCBpcyBhIG5ldyBpbnRlcm5hbCBmdW5jdGlvbgppbiBsaWJjLCB3aGljaCBp cyBzaW1pbGFyIHRvIF9fbG9uZ2ptcCwgYnV0IGRvZXNuJ3QgcmVzdG9yZSBz aGFkb3cKc3RhY2sgcmVnaXN0ZXIuCgpUaGUgY29tcGF0aWJpbGl0eSBsb25n am1wIGFuZCBzaWdsb25nam1wIGluIGxpYnB0aHJlYWQuc28gYXJlIGNoYW5n ZWQKdG8gY2FsbCBfX2xpYmNfc2lnbG9uZ2ptcCwgaW5zdGVhZCBvZiBfX2xp YmNfbG9uZ2ptcCwgc28gdGhhdCB0aGV5IHdpbGwKcmVzdG9yZSBzaGFkb3cg c3RhY2sgcmVnaXN0ZXIuCgpUZXN0ZWQgd2l0aCBidWlsZC1tYW55LWdsaWJj cy5weS4KCgkqIG5wdGwvcHRocmVhZF9jcmVhdGUuYyAoU1RBUlRfVEhSRUFE X0RFRk4pOiBDbGVhciBwcmV2aW91cwoJaGFuZGxlcnMgYWZ0ZXIgc2V0am1w LgoJKiBzZXRqbXAvbG9uZ2ptcC5jIChfX2xpYmNfbG9uZ2ptcCk6IERvbid0 IGRlZmluZSBhbGlhcyBpZgoJZGVmaW5lZC4KCSogc3lzZGVwcy91bml4L3N5 c3YvbGludXgveDg2L3NldGptcFAuaCAoX0pVTVBfQlVGX1NJR1NFVF9OU0lH KToKCUNoYW5nZWQgdG8gOTcuCgkqIHN5c2RlcHMveDg2L01ha2VmaWxlIChz eXNkZXBfcm91dGluZXMpOiBBZGQgX19sb25nam1wX2NhbmNlbC4KCSogc3lz ZGVwcy94ODYvX19sb25nam1wX2NhbmNlbC5TOiBOZXcgZmlsZS4KCSogc3lz ZGVwcy94ODYvbG9uZ2ptcC5jOiBMaWtld2lzZS4KCSogc3lzZGVwcy94ODYv bnB0bC9wdC1sb25nam1wLmM6IExpa2V3aXNlLgotLS0KIG5wdGwvcHRocmVh ZF9jcmVhdGUuYyAgICAgICAgICAgICAgICAgfCAxOCArKysrKy0tCiBzZXRq bXAvbG9uZ2ptcC5jICAgICAgICAgICAgICAgICAgICAgIHwgIDIgKwogc3lz ZGVwcy91bml4L3N5c3YvbGludXgveDg2L3NldGptcFAuaCB8ICA0ICstCiBz eXNkZXBzL3g4Ni9NYWtlZmlsZSAgICAgICAgICAgICAgICAgIHwgIDQgKysK IHN5c2RlcHMveDg2L19fbG9uZ2ptcF9jYW5jZWwuUyAgICAgICAgfCAyMCAr KysrKysrKwogc3lzZGVwcy94ODYvbG9uZ2ptcC5jICAgICAgICAgICAgICAg ICB8IDQ1ICsrKysrKysrKysrKysrKysKIHN5c2RlcHMveDg2L25wdGwvcHQt bG9uZ2ptcC5jICAgICAgICAgfCA5NyArKysrKysrKysrKysrKysrKysrKysr KysrKysrKysrKysrKwogNyBmaWxlcyBjaGFuZ2VkLCAxODUgaW5zZXJ0aW9u cygrKSwgNSBkZWxldGlvbnMoLSkKIGNyZWF0ZSBtb2RlIDEwMDY0NCBzeXNk ZXBzL3g4Ni9fX2xvbmdqbXBfY2FuY2VsLlMKIGNyZWF0ZSBtb2RlIDEwMDY0 NCBzeXNkZXBzL3g4Ni9sb25nam1wLmMKIGNyZWF0ZSBtb2RlIDEwMDY0NCBz eXNkZXBzL3g4Ni9ucHRsL3B0LWxvbmdqbXAuYwoKZGlmZiAtLWdpdCBhL25w dGwvcHRocmVhZF9jcmVhdGUuYyBiL25wdGwvcHRocmVhZF9jcmVhdGUuYwpp bmRleCBjYWFmMDdjMTM0Li44YjFmMDY1OTlkIDEwMDY0NAotLS0gYS9ucHRs L3B0aHJlYWRfY3JlYXRlLmMKKysrIGIvbnB0bC9wdGhyZWFkX2NyZWF0ZS5j CkBAIC00MjcsMTIgKzQyNywyNCBAQCBTVEFSVF9USFJFQURfREVGTgogICAg ICBjb21waWxlcnMgd2l0aG91dCB0aGF0IHN1cHBvcnQgd2UgZG8gdXNlIHNl dGptcC4gICovCiAgIHN0cnVjdCBwdGhyZWFkX3Vud2luZF9idWYgdW53aW5k X2J1ZjsKIAotICAvKiBObyBwcmV2aW91cyBoYW5kbGVycy4gICovCisgIGlu dCBub3RfZmlyc3RfY2FsbDsKKyAgbm90X2ZpcnN0X2NhbGwgPSBzZXRqbXAg KChzdHJ1Y3QgX19qbXBfYnVmX3RhZyAqKSB1bndpbmRfYnVmLmNhbmNlbF9q bXBfYnVmKTsKKworICAvKiBObyBwcmV2aW91cyBoYW5kbGVycy4gIE5COiBU aGlzIG11c3QgYmUgZG9uZSBhZnRlciBzZXRqbXAgc2luY2UKKyAgICAgdGhl IHByaXZhdGUgc3BhY2UgaW4gdGhlIHVud2luZCBqdW1wIGJ1ZmZlciBtYXkg b3ZlcmxhcCBzcGFjZQorICAgICB1c2VkIGJ5IHNldGptcCB0byBzdG9yZSBl eHRyYSBhcmNoaXRlY3R1cmUtc3BlY2lmaWMgaW5mb3JtYXRpb24KKyAgICAg d2hpY2ggaXMgbmV2ZXIgYmUgdXNlZCBieSB0aGUgY2FuY2VsbGF0aW9uLXNw ZWNpZmljCisgICAgIF9fbGliY191bndpbmRfbG9uZ2ptcC4KKworICAgICBU aGUgcHJpdmF0ZSBzcGFjZSBpcyBhbGxvd2VkIHRvIG92ZXJsYXAgYmVjYXVz ZSB0aGUgdW53aW5kZXIgbmV2ZXIKKyAgICAgaGFzIHRvIHJldHVybiB0aHJv dWdoIGFueSBvZiB0aGUganVtcGVkLXRvIGNhbGwgZnJhbWVzLCBhbmQgdGh1 cworICAgICBvbmx5IGEgbWluaW11bSBhbW91bnQgb2Ygc2F2ZWQgZGF0YSBu ZWVkIGJlIHN0b3JlZCwgYW5kIGZvciBleGFtcGxlLAorICAgICBuZWVkIG5v dCBpbmNsdWRlIHRoZSBwcm9jZXNzIHNpZ25hbCBtYXNrIGluZm9ybWF0aW9u LiBUaGlzIGlzIGFsbAorICAgICBhbiBvcHRpbWl6YXRpb24gdG8gcmVkdWNl IHN0YWNrIHVzYWdlIHdoZW4gcHVzaGluZyBjYW5jZWxsYXRpb24KKyAgICAg aGFuZGxlcnMuICAqLwogICB1bndpbmRfYnVmLnByaXYuZGF0YS5wcmV2ID0g TlVMTDsKICAgdW53aW5kX2J1Zi5wcml2LmRhdGEuY2xlYW51cCA9IE5VTEw7 CiAKLSAgaW50IG5vdF9maXJzdF9jYWxsOwotICBub3RfZmlyc3RfY2FsbCA9 IHNldGptcCAoKHN0cnVjdCBfX2ptcF9idWZfdGFnICopIHVud2luZF9idWYu Y2FuY2VsX2ptcF9idWYpOwogICBpZiAoX19nbGliY19saWtlbHkgKCEgbm90 X2ZpcnN0X2NhbGwpKQogICAgIHsKICAgICAgIC8qIFN0b3JlIHRoZSBuZXcg Y2xlYW51cCBoYW5kbGVyIGluZm8uICAqLwpkaWZmIC0tZ2l0IGEvc2V0am1w L2xvbmdqbXAuYyBiL3NldGptcC9sb25nam1wLmMKaW5kZXggYTJhNzA2NWE4 NS4uNDUzODg5ZTEwMyAxMDA2NDQKLS0tIGEvc2V0am1wL2xvbmdqbXAuYwor KysgYi9zZXRqbXAvbG9uZ2ptcC5jCkBAIC00MCw5ICs0MCwxMSBAQCBfX2xp YmNfc2lnbG9uZ2ptcCAoc2lnam1wX2J1ZiBlbnYsIGludCB2YWwpCiB9CiAK ICNpZm5kZWYgX19saWJjX3NpZ2xvbmdqbXAKKyMgaWZuZGVmIF9fbGliY19s b25nam1wCiAvKiBfX2xpYmNfbG9uZ2ptcCBpcyBhIHByaXZhdGUgaW50ZXJm YWNlIGZvciBjYW5jZWxsYXRpb24gaW1wbGVtZW50YXRpb24KICAgIGluIGxp YnB0aHJlYWQuICAqLwogc3Ryb25nX2FsaWFzIChfX2xpYmNfc2lnbG9uZ2pt cCwgX19saWJjX2xvbmdqbXApCisjIGVuZGlmCiB3ZWFrX2FsaWFzIChfX2xp YmNfc2lnbG9uZ2ptcCwgX2xvbmdqbXApCiB3ZWFrX2FsaWFzIChfX2xpYmNf c2lnbG9uZ2ptcCwgbG9uZ2ptcCkKIHdlYWtfYWxpYXMgKF9fbGliY19zaWds b25nam1wLCBzaWdsb25nam1wKQpkaWZmIC0tZ2l0IGEvc3lzZGVwcy91bml4 L3N5c3YvbGludXgveDg2L3NldGptcFAuaCBiL3N5c2RlcHMvdW5peC9zeXN2 L2xpbnV4L3g4Ni9zZXRqbXBQLmgKaW5kZXggYzBlZDc2N2EwZC4uOTBhNmJi Y2YzMiAxMDA2NDQKLS0tIGEvc3lzZGVwcy91bml4L3N5c3YvbGludXgveDg2 L3NldGptcFAuaAorKysgYi9zeXNkZXBzL3VuaXgvc3lzdi9saW51eC94ODYv c2V0am1wUC5oCkBAIC0yMiw4ICsyMiw4IEBACiAjaW5jbHVkZSA8Yml0cy90 eXBlcy9fX3NpZ3NldF90Lmg+CiAKIC8qIFRoZSBiaWdnZXN0IHNpZ25hbCBu dW1iZXIgKyAxLiAgQXMgb2Yga2VybmVsIDQuMTQsIHg4NiBfTlNJRyBpcyA2 NC4KLSAgIERlZmluZSBpdCB0byA1MTMgdG8gbGVhdmUgc29tZSByb29tcyBm b3IgZnV0dXJlIHVzZS4gICovCi0jZGVmaW5lIF9KVU1QX0JVRl9TSUdTRVRf TlNJRwk1MTMKKyAgIERlZmluZSBpdCB0byA5NyB0byBsZWF2ZSBzb21lIHJv b21zIGZvciBmdXR1cmUgdXNlLiAgKi8KKyNkZWZpbmUgX0pVTVBfQlVGX1NJ R1NFVF9OU0lHCTk3CiAvKiBOdW1iZXIgb2YgbG9uZ3MgdG8gaG9sZCBhbGwg c2lnbmFscy4gICovCiAjZGVmaW5lIF9KVU1QX0JVRl9TSUdTRVRfTldPUkRT IFwKICAgKChfSlVNUF9CVUZfU0lHU0VUX05TSUcgLSAxICsgNykgLyAoOCAq IHNpemVvZiAodW5zaWduZWQgbG9uZyBpbnQpKSkKZGlmZiAtLWdpdCBhL3N5 c2RlcHMveDg2L01ha2VmaWxlIGIvc3lzZGVwcy94ODYvTWFrZWZpbGUKaW5k ZXggMGQwMzI2YzIxYS4uZDI1ZDZmMGFlNCAxMDA2NDQKLS0tIGEvc3lzZGVw cy94ODYvTWFrZWZpbGUKKysrIGIvc3lzZGVwcy94ODYvTWFrZWZpbGUKQEAg LTgsMyArOCw3IEBAIHN5c2RlcC1kbC1yb3V0aW5lcyArPSBkbC1nZXQtY3B1 LWZlYXR1cmVzCiB0ZXN0cyArPSB0c3QtZ2V0LWNwdS1mZWF0dXJlcwogdGVz dHMtc3RhdGljICs9IHRzdC1nZXQtY3B1LWZlYXR1cmVzLXN0YXRpYwogZW5k aWYKKworaWZlcSAoJChzdWJkaXIpLHNldGptcCkKK3N5c2RlcF9yb3V0aW5l cyArPSBfX2xvbmdqbXBfY2FuY2VsCitlbmRpZgpkaWZmIC0tZ2l0IGEvc3lz ZGVwcy94ODYvX19sb25nam1wX2NhbmNlbC5TIGIvc3lzZGVwcy94ODYvX19s b25nam1wX2NhbmNlbC5TCm5ldyBmaWxlIG1vZGUgMTAwNjQ0CmluZGV4IDAw MDAwMDAwMDAuLmI1N2RiZmEzNzYKLS0tIC9kZXYvbnVsbAorKysgYi9zeXNk ZXBzL3g4Ni9fX2xvbmdqbXBfY2FuY2VsLlMKQEAgLTAsMCArMSwyMCBAQAor LyogX19sb25nam1wX2NhbmNlbCBmb3IgeDg2LgorICAgQ29weXJpZ2h0IChD KSAyMDE4IEZyZWUgU29mdHdhcmUgRm91bmRhdGlvbiwgSW5jLgorICAgVGhp cyBmaWxlIGlzIHBhcnQgb2YgdGhlIEdOVSBDIExpYnJhcnkuCisKKyAgIFRo ZSBHTlUgQyBMaWJyYXJ5IGlzIGZyZWUgc29mdHdhcmU7IHlvdSBjYW4gcmVk aXN0cmlidXRlIGl0IGFuZC9vcgorICAgbW9kaWZ5IGl0IHVuZGVyIHRoZSB0 ZXJtcyBvZiB0aGUgR05VIExlc3NlciBHZW5lcmFsIFB1YmxpYworICAgTGlj ZW5zZSBhcyBwdWJsaXNoZWQgYnkgdGhlIEZyZWUgU29mdHdhcmUgRm91bmRh dGlvbjsgZWl0aGVyCisgICB2ZXJzaW9uIDIuMSBvZiB0aGUgTGljZW5zZSwg b3IgKGF0IHlvdXIgb3B0aW9uKSBhbnkgbGF0ZXIgdmVyc2lvbi4KKworICAg VGhlIEdOVSBDIExpYnJhcnkgaXMgZGlzdHJpYnV0ZWQgaW4gdGhlIGhvcGUg dGhhdCBpdCB3aWxsIGJlIHVzZWZ1bCwKKyAgIGJ1dCBXSVRIT1VUIEFOWSBX QVJSQU5UWTsgd2l0aG91dCBldmVuIHRoZSBpbXBsaWVkIHdhcnJhbnR5IG9m CisgICBNRVJDSEFOVEFCSUxJVFkgb3IgRklUTkVTUyBGT1IgQSBQQVJUSUNV TEFSIFBVUlBPU0UuICBTZWUgdGhlIEdOVQorICAgTGVzc2VyIEdlbmVyYWwg UHVibGljIExpY2Vuc2UgZm9yIG1vcmUgZGV0YWlscy4KKworICAgWW91IHNo b3VsZCBoYXZlIHJlY2VpdmVkIGEgY29weSBvZiB0aGUgR05VIExlc3NlciBH ZW5lcmFsIFB1YmxpYworICAgTGljZW5zZSBhbG9uZyB3aXRoIHRoZSBHTlUg QyBMaWJyYXJ5OyBpZiBub3QsIHNlZQorICAgPGh0dHA6Ly93d3cuZ251Lm9y Zy9saWNlbnNlcy8+LiAgKi8KKworI2RlZmluZSBfX2xvbmdqbXAgX19sb25n am1wX2NhbmNlbAorI2luY2x1ZGUgPF9fbG9uZ2ptcC5TPgpkaWZmIC0tZ2l0 IGEvc3lzZGVwcy94ODYvbG9uZ2ptcC5jIGIvc3lzZGVwcy94ODYvbG9uZ2pt cC5jCm5ldyBmaWxlIG1vZGUgMTAwNjQ0CmluZGV4IDAwMDAwMDAwMDAuLmE1 M2YzMWUxZGQKLS0tIC9kZXYvbnVsbAorKysgYi9zeXNkZXBzL3g4Ni9sb25n am1wLmMKQEAgLTAsMCArMSw0NSBAQAorLyogX19saWJjX3NpZ2xvbmdqbXAg Zm9yIHg4Ni4KKyAgIENvcHlyaWdodCAoQykgMjAxOCBGcmVlIFNvZnR3YXJl IEZvdW5kYXRpb24sIEluYy4KKyAgIFRoaXMgZmlsZSBpcyBwYXJ0IG9mIHRo ZSBHTlUgQyBMaWJyYXJ5LgorCisgICBUaGUgR05VIEMgTGlicmFyeSBpcyBm cmVlIHNvZnR3YXJlOyB5b3UgY2FuIHJlZGlzdHJpYnV0ZSBpdCBhbmQvb3IK KyAgIG1vZGlmeSBpdCB1bmRlciB0aGUgdGVybXMgb2YgdGhlIEdOVSBMZXNz ZXIgR2VuZXJhbCBQdWJsaWMKKyAgIExpY2Vuc2UgYXMgcHVibGlzaGVkIGJ5 IHRoZSBGcmVlIFNvZnR3YXJlIEZvdW5kYXRpb247IGVpdGhlcgorICAgdmVy c2lvbiAyLjEgb2YgdGhlIExpY2Vuc2UsIG9yIChhdCB5b3VyIG9wdGlvbikg YW55IGxhdGVyIHZlcnNpb24uCisKKyAgIFRoZSBHTlUgQyBMaWJyYXJ5IGlz IGRpc3RyaWJ1dGVkIGluIHRoZSBob3BlIHRoYXQgaXQgd2lsbCBiZSB1c2Vm dWwsCisgICBidXQgV0lUSE9VVCBBTlkgV0FSUkFOVFk7IHdpdGhvdXQgZXZl biB0aGUgaW1wbGllZCB3YXJyYW50eSBvZgorICAgTUVSQ0hBTlRBQklMSVRZ IG9yIEZJVE5FU1MgRk9SIEEgUEFSVElDVUxBUiBQVVJQT1NFLiAgU2VlIHRo ZSBHTlUKKyAgIExlc3NlciBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIGZvciBt b3JlIGRldGFpbHMuCisKKyAgIFlvdSBzaG91bGQgaGF2ZSByZWNlaXZlZCBh IGNvcHkgb2YgdGhlIEdOVSBMZXNzZXIgR2VuZXJhbCBQdWJsaWMKKyAgIExp Y2Vuc2UgYWxvbmcgd2l0aCB0aGUgR05VIEMgTGlicmFyeTsgaWYgbm90LCBz ZWUKKyAgIDxodHRwOi8vd3d3LmdudS5vcmcvbGljZW5zZXMvPi4gICovCisK KyNkZWZpbmUgX19saWJjX2xvbmdqbXAgX19yZWRpcmVjdF9fX2xpYmNfbG9u Z2ptcAorI2luY2x1ZGUgPHNldGptcC9sb25nam1wLmM+CisjdW5kZWYgX19s aWJjX2xvbmdqbXAKKworZXh0ZXJuIHZvaWQgX19sb25nam1wX2NhbmNlbCAo X19qbXBfYnVmIF9fZW52LCBpbnQgX192YWwpCisgICAgIF9fYXR0cmlidXRl X18gKChfX25vcmV0dXJuX18pKSBhdHRyaWJ1dGVfaGlkZGVuOworCisvKiBT aW5jZSBfX2xpYmNfbG9uZ2ptcCBpcyBhIHByaXZhdGUgaW50ZXJmYWNlIGZv ciBjYW5jZWxsYXRpb24KKyAgIGltcGxlbWVudGF0aW9uIGluIGxpYnB0aHJl YWQsIHRoZXJlIGlzIG5vIG5lZWQgdG8gcmVzdG9yZSBzaGFkb3cKKyAgIHN0 YWNrIHJlZ2lzdGVyLiAgKi8KKwordm9pZAorX19saWJjX2xvbmdqbXAgKHNp Z2ptcF9idWYgZW52LCBpbnQgdmFsKQoreworICAvKiBQZXJmb3JtIGFueSBj bGVhbnVwcyBuZWVkZWQgYnkgdGhlIGZyYW1lcyBiZWluZyB1bndvdW5kLiAg Ki8KKyAgX2xvbmdqbXBfdW53aW5kIChlbnYsIHZhbCk7CisKKyAgaWYgKGVu dlswXS5fX21hc2tfd2FzX3NhdmVkKQorICAgIC8qIFJlc3RvcmUgdGhlIHNh dmVkIHNpZ25hbCBtYXNrLiAgKi8KKyAgICAodm9pZCkgX19zaWdwcm9jbWFz ayAoU0lHX1NFVE1BU0ssCisJCQkgIChzaWdzZXRfdCAqKSAmZW52WzBdLl9f c2F2ZWRfbWFzaywKKwkJCSAgKHNpZ3NldF90ICopIE5VTEwpOworCisgIC8q IENhbGwgdGhlIG1hY2hpbmUtZGVwZW5kZW50IGZ1bmN0aW9uIHRvIHJlc3Rv cmUgbWFjaGluZSBzdGF0ZQorICAgICB3aXRob3V0IHNoYWRvdyBzdGFjay4g ICovCisgIF9fbG9uZ2ptcF9jYW5jZWwgKGVudlswXS5fX2ptcGJ1ZiwgdmFs ID86IDEpOworfQpkaWZmIC0tZ2l0IGEvc3lzZGVwcy94ODYvbnB0bC9wdC1s b25nam1wLmMgYi9zeXNkZXBzL3g4Ni9ucHRsL3B0LWxvbmdqbXAuYwpuZXcg ZmlsZSBtb2RlIDEwMDY0NAppbmRleCAwMDAwMDAwMDAwLi43ZWI4NjUxY2Zl Ci0tLSAvZGV2L251bGwKKysrIGIvc3lzZGVwcy94ODYvbnB0bC9wdC1sb25n am1wLmMKQEAgLTAsMCArMSw5NyBAQAorLyogQUJJIGNvbXBhdGliaWxpdHkg Zm9yICdsb25nam1wJyBhbmQgJ3NpZ2xvbmdqbXAnIHN5bWJvbHMgaW4gbGli cHRocmVhZCBBQkkuCisgICBYODYgdmVyc2lvbi4KKyAgIENvcHlyaWdodCAo QykgMTggRnJlZSBTb2Z0d2FyZSBGb3VuZGF0aW9uLCBJbmMuCisgICBUaGlz IGZpbGUgaXMgcGFydCBvZiB0aGUgR05VIEMgTGlicmFyeS4KKworICAgVGhl IEdOVSBDIExpYnJhcnkgaXMgZnJlZSBzb2Z0d2FyZTsgeW91IGNhbiByZWRp c3RyaWJ1dGUgaXQgYW5kL29yCisgICBtb2RpZnkgaXQgdW5kZXIgdGhlIHRl cm1zIG9mIHRoZSBHTlUgTGVzc2VyIEdlbmVyYWwgUHVibGljCisgICBMaWNl bnNlIGFzIHB1Ymxpc2hlZCBieSB0aGUgRnJlZSBTb2Z0d2FyZSBGb3VuZGF0 aW9uOyBlaXRoZXIKKyAgIHZlcnNpb24gMi4xIG9mIHRoZSBMaWNlbnNlLCBv ciAoYXQgeW91ciBvcHRpb24pIGFueSBsYXRlciB2ZXJzaW9uLgorCisgICBU aGUgR05VIEMgTGlicmFyeSBpcyBkaXN0cmlidXRlZCBpbiB0aGUgaG9wZSB0 aGF0IGl0IHdpbGwgYmUgdXNlZnVsLAorICAgYnV0IFdJVEhPVVQgQU5ZIFdB UlJBTlRZOyB3aXRob3V0IGV2ZW4gdGhlIGltcGxpZWQgd2FycmFudHkgb2YK KyAgIE1FUkNIQU5UQUJJTElUWSBvciBGSVRORVNTIEZPUiBBIFBBUlRJQ1VM QVIgUFVSUE9TRS4gIFNlZSB0aGUgR05VCisgICBMZXNzZXIgR2VuZXJhbCBQ dWJsaWMgTGljZW5zZSBmb3IgbW9yZSBkZXRhaWxzLgorCisgICBZb3Ugc2hv dWxkIGhhdmUgcmVjZWl2ZWQgYSBjb3B5IG9mIHRoZSBHTlUgTGVzc2VyIEdl bmVyYWwgUHVibGljCisgICBMaWNlbnNlIGFsb25nIHdpdGggdGhlIEdOVSBD IExpYnJhcnk7IGlmIG5vdCwgc2VlCisgICA8aHR0cDovL3d3dy5nbnUub3Jn L2xpY2Vuc2VzLz4uICAqLworCisvKiA8bnB0bC9kZXNjci5oPiBoYXMKKwor c3RydWN0IHB0aHJlYWRfdW53aW5kX2J1ZgoreworICBzdHJ1Y3QKKyAgewor ICAgIF9fam1wX2J1ZiBqbXBfYnVmOworICAgIGludCBtYXNrX3dhc19zYXZl ZDsKKyAgfSBjYW5jZWxfam1wX2J1ZlsxXTsKKworICB1bmlvbgorICB7Cisg ICAgdm9pZCAqcGFkWzRdOworICAgIHN0cnVjdAorICAgIHsKKyAgICAgIHN0 cnVjdCBwdGhyZWFkX3Vud2luZF9idWYgKnByZXY7CisgICAgICBzdHJ1Y3Qg X3B0aHJlYWRfY2xlYW51cF9idWZmZXIgKmNsZWFudXA7CisgICAgICBpbnQg Y2FuY2VsdHlwZTsKKyAgICB9IGRhdGE7CisgIH0gcHJpdjsKK307CisKKyAg VGhlIHBhZCBhcnJheSBpbiBzdHJ1Y3QgcHRocmVhZF91bndpbmRfYnVmIGlz IHVzZWQgYnkgc2V0am1wIHRvIHNhdmUKKyAgc2hhZG93IHN0YWNrIHJlZ2lz dGVyLiAgQXNzZXJ0IHRoYXQgc2l6ZSBvZiBzdHJ1Y3QgcHRocmVhZF91bndp bmRfYnVmCisgIGlzIG5vIGxlc3MgdGhhbiBvZmZzZXQgb2Ygc2hhZG93IHN0 YWNrIHBvaW50ZXIgcGx1cyBzaGFkb3cgc3RhY2sKKyAgcG9pbnRlciBzaXpl LgorCisgIE5COiBzZXRqbXAgaXMgY2FsbGVkIGluIGxpYnB0aHJlYWQgdG8g c2F2ZSBzaGFkb3cgc3RhY2sgcmVnaXN0ZXIuICBCdXQKKyAgX19saWJjX3Vu d2luZF9sb25nam1wIGRvZXNuJ3QgcmVzdG9yZSBzaGFkb3cgc3RhY2sgcmVn aXN0ZXIgc2luY2UgdGhleQorICBuZXZlciByZXR1cm4gYWZ0ZXIgbG9uZ2pt cC4gICovCisKKyNpbmNsdWRlIDxwdGhyZWFkUC5oPgorI2luY2x1ZGUgPGpt cF9idWYtc3NwLmg+CisKKyNpZmRlZiBfX3g4Nl82NF9fCisjIGRlZmluZSBT SEFET1dfU1RBQ0tfUE9JTlRFUl9TSVpFIDgKKyNlbHNlCisjIGRlZmluZSBT SEFET1dfU1RBQ0tfUE9JTlRFUl9TSVpFIDQKKyNlbmRpZgorCitfU3RhdGlj X2Fzc2VydCAoKHNpemVvZiAoc3RydWN0IHB0aHJlYWRfdW53aW5kX2J1ZikK KwkJID49IChTSEFET1dfU1RBQ0tfUE9JTlRFUl9PRkZTRVQKKwkJICAgICAr IFNIQURPV19TVEFDS19QT0lOVEVSX1NJWkUpKSwKKwkJInNpemUgb2Ygc3Ry dWN0IHB0aHJlYWRfdW53aW5kX2J1ZiA8ICIKKwkJIihTSEFET1dfU1RBQ0tf UE9JTlRFUl9PRkZTRVQgKyBTSEFET1dfU1RBQ0tfUE9JTlRFUl9TSVpFKSIp OworCisjaW5jbHVkZSA8c2hsaWItY29tcGF0Lmg+CisKKy8qIGxpYnB0aHJl YWQgb25jZSBoYWQgaXRzIG93biBsb25nam1wIChhbmQgc2lnbG9uZ2ptcCBh bGlhcyksIHRob3VnaCB0aGVyZQorICAgd2FzIG5vIGFwcGFyZW50IHJlYXNv biBmb3IgaXQuICBUaGVyZSBpcyBubyB1c2UgaW4gaGF2aW5nIGEgc2VwYXJh dGUKKyAgIHN5bWJvbCBpbiBsaWJwdGhyZWFkLCBidXQgdGhlIGhpc3Rvcmlj YWwgQUJJIHJlcXVpcmVzIGl0LiAgRm9yIHN0YXRpYworICAgbGlua2luZywg dGhlcmUgaXMgbm8gbmVlZCB0byBwcm92aWRlIGFueXRoaW5nIGhlcmUtLXRo ZSBsaWJjIHZlcnNpb24KKyAgIHdpbGwgYmUgbGlua2VkIGluLiAgRm9yIHNo YXJlZCBsaWJyYXJ5IEFCSSBjb21wYXRpYmlsaXR5LCB0aGVyZSBtdXN0IGJl CisgICBsb25nam1wIGFuZCBzaWdsb25nam1wIHN5bWJvbHMgaW4gbGlicHRo cmVhZC5zby4KKworICAgV2l0aCBhbiBJRlVOQyByZXNvbHZlciwgaXQgd291 bGQgYmUgcG9zc2libGUgdG8gYXZvaWQgdGhlIGluZGlyZWN0aW9uLAorICAg YnV0IHRoZSBJRlVOQyByZXNvbHZlciBtaWdodCBydW4gYmVmb3JlIHRoZSBf X2xpYmNfbG9uZ2ptcCBzeW1ib2wgaGFzCisgICBiZWVuIHJlbG9jYXRlZCwg aW4gd2hpY2ggY2FzZSB0aGUgSUZVTkMgcmVzb2x2ZXIgd291bGQgbm90IGJl IGFibGUgdG8KKyAgIHByb3ZpZGUgdGhlIGNvcnJlY3QgYWRkcmVzcy4gICov CisKKyNpZiBTSExJQl9DT01QQVQgKGxpYnB0aHJlYWQsIEdMSUJDXzJfMCwg R0xJQkNfMl8yMikKKworc3RhdGljIHZvaWQgX19hdHRyaWJ1dGVfXyAoKG5v cmV0dXJuLCB1c2VkKSkKK2xvbmdqbXBfY29tcGF0IChqbXBfYnVmIGVudiwg aW50IHZhbCkKK3sKKyAgLyogTkI6IFdlIGNhbGwgX19saWJjX3NpZ2xvbmdq bXAsICBpbnN0ZWFkIG9mIF9fbGliY19sb25nam1wLCBzaW5jZQorICAgICBf X2xpYmNfbG9uZ2ptcCBpcyBhIHByaXZhdGUgaW50ZXJmYWNlIGZvciBjYW5j ZWxsYXRpb24gd2hpY2gKKyAgICAgZG9lc24ndCByZXN0b3JlIHNoYWRvdyBz dGFjayByZWdpc3Rlci4gICovCisgIF9fbGliY19zaWdsb25nam1wIChlbnYs IHZhbCk7Cit9CisKK3N0cm9uZ19hbGlhcyAobG9uZ2ptcF9jb21wYXQsIGxv bmdqbXBfYWxpYXMpCitjb21wYXRfc3ltYm9sIChsaWJwdGhyZWFkLCBsb25n am1wX2FsaWFzLCBsb25nam1wLCBHTElCQ18yXzApOworCitzdHJvbmdfYWxp YXMgKGxvbmdqbXBfYWxpYXMsIHNpZ2xvbmdqbXBfYWxpYXMpCitjb21wYXRf c3ltYm9sIChsaWJwdGhyZWFkLCBzaWdsb25nam1wX2FsaWFzLCBzaWdsb25n am1wLCBHTElCQ18yXzApOworCisjZW5kaWYKLS0gCjIuMTQuMwoK --000000000000c83b24056933df64--