140131 2015-01-06 10:50:24 -0800 [GStreamer] Seccomp Filters: Avoid gstreamer registry update in web process 2016-09-21 05:27:21 -0700 1 1 1 Unclassified WebKit WebCore Misc. 528+ (Nightly build) PC Linux RESOLVED WONTFIX https://bugzilla.gnome.org/show_bug.cgi?id=742617 https://bugs.webkit.org/show_bug.cgi?id=135972 P2 Normal --- 142978 140072 1 mcatanzaro mcatanzaro cgarcia commit-queue guijemont mcatanzaro pnormand slomo tmpsantos yoon oldest_to_newest 1059056 0 mcatanzaro 2015-01-06 10:50:24 -0800 We currently run plugin scanning in-process if seccomp filters are enabled, rather than use gst-plugin-scanner, so that it doesn't receive SIGSYS and dump core. See bug #140069. But this has disadvantages: "Note that putting the plugin scanning in-process has two huge disadvantages though. You will dlopen() all (changed) plugins, which in turn loads all dependent libraries... and they will never be unloaded again for this process. And if any plugin crashes during initialization, it will just take your application process with it." I see three options: * Live with it. Presumably, plugins won't be changed very often, and only a modified plugin should be dlopened() by the plugin scanner (right?). * Try to run the plugin scanner before initializing seccomp filters. We'd have to initialize gstreamer in WebKit2 instead of WebCore, even in web processes that never use gstreamer. Yuck. * Rewrite the sandbox so that it's based on ptrace() rather than SIGSYS. (I haven't researched ptrace() fully. I think it would suffice, but I'm not sure what the disadvantages would be.) This would require rewriting the sandbox from scratch. It's probably not worth it for just gst-plugin-scanner, but perhaps another dependency will try to run a subprocess in the future. I intend to at least explore option #3. 1059757 1 slomo 2015-01-08 00:12:50 -0800 What exactly is the reason for the plugin scanner failing with the current sandbox approach? Does it disallow forking processes in general, or is it something the plugin scanner is doing that breaks? 1059781 2 mcatanzaro 2015-01-08 04:11:56 -0800 (In reply to comment #1) > What exactly is the reason for the plugin scanner failing with the current > sandbox approach? Does it disallow forking processes in general Not in general, but the subprocess needs to play ball with our seccomp broker process, so arbitrary subprocesses are a no-go. The point of this is that a compromised web process should not be able to escape the sandbox by using fork() and exec(). > or is it something the plugin scanner is doing that breaks? If the subprocess tries to use a trapped system call, e.g. open(), the kernel will send it SIGSYS. The subprocess is then responsible for handling SIGSYS (rather than dumping core) and communicating its request for a system call via some form of IPC to an unconfined process (our seccomp broker) to be audited and executed remotely. So we cannot spawn arbitrary subprocesses, only subprocesses that have been modified to chat with our sandbox broker process (which currently isn't set up to handle subprocesses anyway). Another trick we might try would be to create a shared library that reimplements the glibc wrappers for the system calls I want to trap and set LD_PRELOAD before spawning the subprocess. I didn't think of that earlier, but this seems like a use case for LD_PRELOAD if there ever was one. The reimplemented functions would not use the system calls at all, they would serialize the arguments and send them to the seccomp broker process. (Now, setting up the IPC for that in the subprocess might be *interesting.*) If updated in tandem with the list of trapped calls, the subprocess would not even need to install a SIGSYS handler. I would need to update the seccomp broker to broker calls for arbitrary processes (rather than using a private socket to an individual web process), but I don't see any security reason to disallow that. 1059785 3 slomo 2015-01-08 04:39:45 -0800 LD_PRELOAD seems like a good idea, but more generically why is the IPC needed at all? Shouldn't this all be implemented at the kernel level, controlled via some kind of rule set instead of talking to some magic process? 1059868 4 mcatanzaro 2015-01-08 10:19:47 -0800 (In reply to comment #3) > LD_PRELOAD seems like a good idea, but more generically why is the IPC > needed at all? Shouldn't this all be implemented at the kernel level, > controlled via some kind of rule set Good question. Actually it is implemented at the kernel level, but we just use it to say "send SIGSYS when you see open()" rather than "block open unless xyz." I think we can make the kernel allow access to particular paths and ditch the magic process, but the magic process canocalizes file paths, which I'm not sure we can do otherwise. 1059872 5 mcatanzaro 2015-01-08 10:46:29 -0800 Another benefit of the broker: if the open() is impermissible, the broker will just return -1 and EACCES, the web process's signal handler will put EACCES into errno and -1 into the proper register, and then the signal handler will complete and the web process will resume from the syscall as if it was a normal permission denied error. If we have the kernel do the check, it would instead kill the web process. (I think that would be acceptable, though.) 1059874 6 mcatanzaro 2015-01-08 10:54:48 -0800 (In reply to comment #4) > the magic process canocalizes I mean "canonicalizes." To resolve symlinks. 1059885 7 yoon 2015-01-08 11:18:44 -0800 In my opinion, we should not allow WebProcess to spawn any subprocesses. These spawning request should be delegated to the UIProcess. We should use UIProcess as a broker and process launcher. Like Web Processes and Plugin / Network Processes, UIProcess should know every subprocesses and relationships between them. It will be much easier to implement broker login in UI Process. And UIProcess cannot be sandboxed so this process should be unconfined already. If we restrict the UIProcess, client program (like web browser) cannot even open a file itself. Also, I think it is not acceptable just kill the web process when it has a problem. Users cannot distinguish between crash from attack or crash from bug. 1059896 8 slomo 2015-01-08 11:51:47 -0800 In that case maybe the best is to run the plugin scanner from the UI process, and in the web process just disable the plugin scanner completely? GST_REGISTRY_UPDATE=no in the environment would do that. 1059910 9 mcatanzaro 2015-01-08 12:17:16 -0800 (In reply to comment #8) > In that case maybe the best is to run the plugin scanner from the UI > process, and in the web process just disable the plugin scanner completely? > GST_REGISTRY_UPDATE=no in the environment would do that. Well that's clearly the best option in this case, so let's do that. I guess I failed to mention that the UI process is unconfined. :) If another dependency tries to spawn a subprocess in the future, which hopefully will not happen, then we can handle it with the LD_PRELOAD method. 1059933 10 mcatanzaro 2015-01-08 13:20:16 -0800 We decided it would be best to run the plugin scanner from a child of the UI process that will just call gst_init() and then immediately exit. However, we need to make sure missing plugin installation still works; see https://bugzilla.gnome.org/show_bug.cgi?id=742617 1079366 11 mcatanzaro 2015-03-23 13:28:44 -0700 I spent a considerable amount of time trying to get the LD_PRELOAD trick to work once I realized I could use the GCC constructor extension to run arbitrary code in the subprocess after exec but before main. That would have allowed subprocesses other than gst-plugin-scanner to be used. Alas, it was not to be (the subprocess dies trying to call open before it gets to exec), so I'll try the approach in comment #10 next; since gst-plugin-scanner is the only subprocess we ever create, that will suffice. 1109087 12 mcatanzaro 2015-07-13 07:51:28 -0700 Oops, I forgot to post my patch for this :) 1109088 13 256696 mcatanzaro 2015-07-13 07:51:51 -0700 Created attachment 256696 [Seccomp] Avoid gstreamer registry update in web process 1109091 14 commit-queue 2015-07-13 07:53:48 -0700 Attachment 256696 did not pass style-queue: ERROR: Source/WebKit2/UIProcess/Launcher/gtk/ProcessLauncherGtk.cpp:62: An else if statement should be written as an if statement when the prior "if" concludes with a return, break, continue or goto statement. [readability/control_flow] [4] ERROR: Source/WebKit2/UIProcess/Launcher/gtk/ProcessLauncherGtk.cpp:65: Tests for true/false, null/non-null, and zero/non-zero should all be done without equality comparisons. [readability/comparison_to_zero] [5] ERROR: Source/WebKit2/UIProcess/Launcher/gtk/ProcessLauncherGtk.cpp:79: Semicolon defining empty statement for this loop. Use { } instead. [whitespace/semicolon] [5] Total errors found: 3 in 3 files If any of these errors are false positives, please file a bug against check-webkit-style. 1109100 15 256696 mcatanzaro 2015-07-13 08:18:00 -0700 Comment on attachment 256696 [Seccomp] Avoid gstreamer registry update in web process (Didn't mean to request review: this is currently the end of a long series of patches.) 1109103 16 256702 mcatanzaro 2015-07-13 08:27:03 -0700 Created attachment 256702 [Seccomp] Avoid gstreamer registry update in web process 1111346 17 mcatanzaro 2015-07-22 11:01:25 -0700 Hm, this no longer works; I'll need to figure out what went wrong.... 256696 2015-07-13 07:51:51 -0700 2015-07-13 08:27:00 -0700 [Seccomp] Avoid gstreamer registry update in web process bug-140131-20150713095046.patch text/plain 4490 mcatanzaro U3VidmVyc2lvbiBSZXZpc2lvbjogMTg2NzYxCmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViS2l0Mi9Q bGF0Zm9ybUdUSy5jbWFrZSBiL1NvdXJjZS9XZWJLaXQyL1BsYXRmb3JtR1RLLmNtYWtlCmluZGV4 IDk5YmIxNjFjNTJlM2YwMGRjODI1NDZlMzY5MWYwZjUzMjcwNjEyZTguLmU4NDE3MWNkOTE3NGI3 NWRlYjRmYjNhMTg2ZGVhZWEzYjMxYmQwOTMgMTAwNjQ0Ci0tLSBhL1NvdXJjZS9XZWJLaXQyL1Bs YXRmb3JtR1RLLmNtYWtlCisrKyBiL1NvdXJjZS9XZWJLaXQyL1BsYXRmb3JtR1RLLmNtYWtlCkBA IC01MTgsNiArNTE4LDE2IEBAIGxpc3QoQVBQRU5EIFdlYktpdDJfU1lTVEVNX0lOQ0xVREVfRElS RUNUT1JJRVMKICkKIGVuZGlmICgpCiAKK2lmIChFTkFCTEVfVklERU8gT1IgRU5BQkxFX1dFQl9B VURJTykKKyAgICBsaXN0KEFQUEVORCBXZWJLaXQyX0lOQ0xVREVfRElSRUNUT1JJRVMKKyAgICAg ICAgJHtHU1RSRUFNRVJfSU5DTFVERV9ESVJTfQorICAgICkKKworICAgIGxpc3QoQVBQRU5EIFdl YktpdDJfTElCUkFSSUVTCisgICAgICAgICR7R1NUUkVBTUVSX0xJQlJBUklFU30KKyAgICApCitl bmRpZiAoKQorCiBzZXQoV2ViS2l0MkNvbW1vbkluY2x1ZGVEaXJlY3RvcmllcyAke1dlYktpdDJf SU5DTFVERV9ESVJFQ1RPUklFU30pCiBzZXQoV2ViS2l0MkNvbW1vblN5c3RlbUluY2x1ZGVEaXJl Y3RvcmllcyAke1dlYktpdDJfU1lTVEVNX0lOQ0xVREVfRElSRUNUT1JJRVN9KQogCmRpZmYgLS1n aXQgYS9Tb3VyY2UvV2ViS2l0Mi9VSVByb2Nlc3MvTGF1bmNoZXIvZ3RrL1Byb2Nlc3NMYXVuY2hl ckd0ay5jcHAgYi9Tb3VyY2UvV2ViS2l0Mi9VSVByb2Nlc3MvTGF1bmNoZXIvZ3RrL1Byb2Nlc3NM YXVuY2hlckd0ay5jcHAKaW5kZXggOWQ0MTZhOGY3ZWIxZDMxOTM3YWZmNmUxNTExOWRiMjQzMDA3 ZGYzYi4uOGExZjgwNDQ5YmUwZGY5YTRkMzk5MGRmNTVjZmQ4NjY1NzkzNmU2MyAxMDA2NDQKLS0t IGEvU291cmNlL1dlYktpdDIvVUlQcm9jZXNzL0xhdW5jaGVyL2d0ay9Qcm9jZXNzTGF1bmNoZXJH dGsuY3BwCisrKyBiL1NvdXJjZS9XZWJLaXQyL1VJUHJvY2Vzcy9MYXVuY2hlci9ndGsvUHJvY2Vz c0xhdW5jaGVyR3RrLmNwcApAQCAtMzcsMTYgKzM3LDU4IEBACiAjaW5jbHVkZSA8ZmNudGwuaD4K ICNpbmNsdWRlIDxnbGliLmg+CiAjaW5jbHVkZSA8bG9jYWxlLmg+CisjaW5jbHVkZSA8c3RkbGli Lmg+CisjaW5jbHVkZSA8c3lzL3R5cGVzLmg+CisjaW5jbHVkZSA8c3lzL3dhaXQuaD4KICNpbmNs dWRlIDx3dGYvUnVuTG9vcC5oPgogI2luY2x1ZGUgPHd0Zi9nbGliL0dMaWJVdGlsaXRpZXMuaD4K ICNpbmNsdWRlIDx3dGYvZ2xpYi9HVW5pcXVlUHRyLmg+CiAjaW5jbHVkZSA8d3RmL3RleHQvQ1N0 cmluZy5oPgogI2luY2x1ZGUgPHd0Zi90ZXh0L1dURlN0cmluZy5oPgogCisjaWYgVVNFKEdTVFJF QU1FUikKKyNpbmNsdWRlIDxnc3QvZ3N0Lmg+CisjZW5kaWYKKwogdXNpbmcgbmFtZXNwYWNlIFdl YkNvcmU7CiAKIG5hbWVzcGFjZSBXZWJLaXQgewogCitzdGF0aWMgdm9pZCB1cGRhdGVHc3RSZWdp c3RyeUluU3VicHJvY2VzcygpCit7CisjaWYgRU5BQkxFKFNFQ0NPTVBfRklMVEVSUykgJiYgVVNF KEdTVFJFQU1FUikKKyAgICBhdXRvIHJlc3VsdCA9IGZvcmsoKTsKKworICAgIGlmIChyZXN1bHQg PT0gLTEpIHsKKyAgICAgICAgQVNTRVJUX05PVF9SRUFDSEVEKCk7CisgICAgICAgIHJldHVybjsK KyAgICB9IGVsc2UgaWYgKHJlc3VsdCA9PSAwKSB7CisgICAgICAgIC8vIENoaWxkIHByb2Nlc3Mu CisgICAgICAgIEdVbmlxdWVPdXRQdHI8R0Vycm9yPiBlcnJvcjsKKyAgICAgICAgZ3N0X2luaXRf Y2hlY2sobnVsbHB0ciwgbnVsbHB0ciwgJmVycm9yLm91dFB0cigpKTsKKyAgICAgICAgaWYgKGVy cm9yKSB7CisgICAgICAgICAgICBnX3dhcm5pbmcoImdzdF9pbml0IGZhaWxlZDogJXMiLCBlcnJv ci0+bWVzc2FnZSk7CisgICAgICAgICAgICBleGl0KEVYSVRfRkFJTFVSRSk7CisgICAgICAgIH0K KyAgICAgICAgZXhpdChFWElUX1NVQ0NFU1MpOworICAgIH0KKworICAgIC8vIFBhcmVudCBwcm9j ZXNzLiBXYWl0IHVudGlsIHRoZSBjaGlsZCBoYXMgZmluaXNoZWQuCisgICAgYXV0byBwaWQgPSBy ZXN1bHQ7CisgICAgaW50IHN0YXR1czsKKyAgICB3aGlsZSAoKHJlc3VsdCA9IHdhaXRwaWQocGlk LCAmc3RhdHVzLCAwKSkgPT0gLTEgJiYgZXJybm8gPT0gRUlOVFIpOworICAgIEFTU0VSVChyZXN1 bHQgIT0gLTEpOworICAgIEFTU0VSVChXSUZFWElURUQoc3RhdHVzKSk7CisgICAgQVNTRVJUKFdF WElUU1RBVFVTKHN0YXR1cykgPT0gRVhJVF9TVUNDRVNTKTsKKyNlbmRpZgorfQorCitzdGF0aWMg Z3BvaW50ZXIgd2lsbExhdW5jaEZpcnN0U3VicHJvY2VzcyhncG9pbnRlcikKK3sKKyAgICB1cGRh dGVHc3RSZWdpc3RyeUluU3VicHJvY2VzcygpOworICAgIHJldHVybiBudWxscHRyOworfQorCiBz dGF0aWMgdm9pZCBjaGlsZFNldHVwRnVuY3Rpb24oZ3BvaW50ZXIgdXNlckRhdGEpCiB7CiAgICAg aW50IHNvY2tldCA9IEdQT0lOVEVSX1RPX0lOVCh1c2VyRGF0YSk7CkBAIC01NSw3ICs5Nyw4IEBA IHN0YXRpYyB2b2lkIGNoaWxkU2V0dXBGdW5jdGlvbihncG9pbnRlciB1c2VyRGF0YSkKIAogdm9p ZCBQcm9jZXNzTGF1bmNoZXI6OmxhdW5jaFByb2Nlc3MoKQogewotICAgIEdQaWQgcGlkID0gMDsK KyAgICBzdGF0aWMgR09uY2Ugb25jZUluaXQgPSBHX09OQ0VfSU5JVDsKKyAgICAodm9pZCkgZ19v bmNlKCZvbmNlSW5pdCwgd2lsbExhdW5jaEZpcnN0U3VicHJvY2VzcywgMCk7CiAKICAgICBJUEM6 OkNvbm5lY3Rpb246OlNvY2tldFBhaXIgc29ja2V0UGFpciA9IElQQzo6Q29ubmVjdGlvbjo6Y3Jl YXRlUGxhdGZvcm1Db25uZWN0aW9uKElQQzo6Q29ubmVjdGlvbjo6Q29ubmVjdGlvbk9wdGlvbnM6 OlNldENsb2V4ZWNPblNlcnZlcik7CiAKQEAgLTExOSw2ICsxNjIsNyBAQCB2b2lkIFByb2Nlc3NM YXVuY2hlcjo6bGF1bmNoUHJvY2VzcygpCiAgICAgYXJndltpKytdID0gY29uc3RfY2FzdDxjaGFy Kj4ocmVhbFBsdWdpblBhdGguZGF0YSgpKTsKICAgICBhcmd2W2krK10gPSAwOwogCisgICAgR1Bp ZCBwaWQgPSAwOwogICAgIEdVbmlxdWVPdXRQdHI8R0Vycm9yPiBlcnJvcjsKICAgICBpZiAoIWdf c3Bhd25fYXN5bmMoMCwgYXJndiwgMCwgR19TUEFXTl9MRUFWRV9ERVNDUklQVE9SU19PUEVOLCBj aGlsZFNldHVwRnVuY3Rpb24sIEdJTlRfVE9fUE9JTlRFUihzb2NrZXRQYWlyLnNlcnZlciksICZw aWQsICZlcnJvci5vdXRQdHIoKSkpIHsKICAgICAgICAgZ19wcmludGVycigiVW5hYmxlIHRvIGZv cmsgYSBuZXcgV2ViUHJvY2VzczogJXMuXG4iLCBlcnJvci0+bWVzc2FnZSk7CmRpZmYgLS1naXQg YS9Tb3VyY2UvV2ViS2l0Mi9XZWJQcm9jZXNzL0VudHJ5UG9pbnQvdW5peC9XZWJQcm9jZXNzTWFp bi5jcHAgYi9Tb3VyY2UvV2ViS2l0Mi9XZWJQcm9jZXNzL0VudHJ5UG9pbnQvdW5peC9XZWJQcm9j ZXNzTWFpbi5jcHAKaW5kZXggNWY0NWQwMWFmNzhhZTg2NjhjOWRlNzdhZGMxYmYwMWFiMDEwOGNk YS4uZDc5MGVjNGVlYjJiYjRlZWVlOGU5ZjVmODQ3MGY3ZjIzYWNiZTc4YiAxMDA2NDQKLS0tIGEv U291cmNlL1dlYktpdDIvV2ViUHJvY2Vzcy9FbnRyeVBvaW50L3VuaXgvV2ViUHJvY2Vzc01haW4u Y3BwCisrKyBiL1NvdXJjZS9XZWJLaXQyL1dlYlByb2Nlc3MvRW50cnlQb2ludC91bml4L1dlYlBy b2Nlc3NNYWluLmNwcApAQCAtNDEsNSArNDEsMTQgQEAgaW50IG1haW4oaW50IGFyZ2MsIGNoYXIq KiBhcmd2KQogICAgIC8vIFdBUk5JTkc6IFRoaXMgbmVlZHMgdG8gYmUgS0VQVCBJTiBTWU5DIHdp dGggV2ViUHJvY2Vzc01haW4uY3BwLgogICAgIHNldGVudigiR19UTFNfR05VVExTX1BSSU9SSVRZ IiwgIk5PUk1BTDolQ09NUEFUOiVMQVRFU1RfUkVDT1JEX1ZFUlNJT046IVZFUlMtU1NMMy4wOiFB UkNGT1VSLTEyOCIsIDApOwogCisjaWYgRU5BQkxFKFNFQ0NPTVBfRklMVEVSUykgJiYgVVNFKEdT VFJFQU1FUikKKyAgICAvLyBEbyBub3QgYXR0ZW1wdCB0byB1cGRhdGUgdGhlIEdTdHJlYW1lciBw bHVnaW4gcmVnaXN0cnkuIFN1YnByb2Nlc3NlcyBoYXZlCisgICAgLy8gbm8gYWNjZXNzIHRvIHN5 c2NhbGxzIGFuZCB3aWxsIGp1c3QgZHVtcCBjb3JlIHdoZW4gdGhleSByZWNlaXZlIFNJR1NZUy4K KyAgICAvLyBXZSB1cGRhdGUgdGhlIHBsdWdpbiByZWdpc3RyeSBpbiBhIGNoaWxkIG9mIHRoZSBV SSBwcm9jZXNzIHRvIG1ha2Ugc3VyZQorICAgIC8vIHRoaXMgd29ya3MuIE5CIHdlIG9ubHkgc2V0 ZW52IGF0IHRoZSB2ZXJ5IGJlZ2lubmluZyBvZiBtYWluIGJlY2F1c2UKKyAgICAvLyBzZXRlbnYv Z2V0ZW52IGFyZSBub3QgdGhyZWFkLXNhZmUgYW5kIGNvdWxkIGNyYXNoIHRoZSBwcm9jZXNzLgor ICAgIHNldGVudigiR1NUX1JFR0lTVFJZX1VQREFURSIsICJubyIsIDEpOworI2VuZGlmCisKICAg ICByZXR1cm4gV2ViUHJvY2Vzc01haW5Vbml4KGFyZ2MsIGFyZ3YpOwogfQo= 256702 2015-07-13 08:27:03 -0700 2015-07-13 08:27:03 -0700 [Seccomp] Avoid gstreamer registry update in web process bug-140131-20150713102557.patch text/plain 4491 mcatanzaro U3VidmVyc2lvbiBSZXZpc2lvbjogMTg2NzYxCmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViS2l0Mi9Q bGF0Zm9ybUdUSy5jbWFrZSBiL1NvdXJjZS9XZWJLaXQyL1BsYXRmb3JtR1RLLmNtYWtlCmluZGV4 IDA0Njc5NmZkZWM1ZDU4YzlkNWVmMzY2ZmFlN2I1MWM3MmE5MjAwMGEuLjBhYWEzMDQyYjNjYzc2 ZjE3MzA2ZmYxNzdjZmY3ZTQ5ZTlmNzgzYzkgMTAwNjQ0Ci0tLSBhL1NvdXJjZS9XZWJLaXQyL1Bs YXRmb3JtR1RLLmNtYWtlCisrKyBiL1NvdXJjZS9XZWJLaXQyL1BsYXRmb3JtR1RLLmNtYWtlCkBA IC01MTgsNiArNTE4LDE2IEBAIGxpc3QoQVBQRU5EIFdlYktpdDJfU1lTVEVNX0lOQ0xVREVfRElS RUNUT1JJRVMKICkKIGVuZGlmICgpCiAKK2lmIChFTkFCTEVfVklERU8gT1IgRU5BQkxFX1dFQl9B VURJTykKKyAgICBsaXN0KEFQUEVORCBXZWJLaXQyX0lOQ0xVREVfRElSRUNUT1JJRVMKKyAgICAg ICAgJHtHU1RSRUFNRVJfSU5DTFVERV9ESVJTfQorICAgICkKKworICAgIGxpc3QoQVBQRU5EIFdl YktpdDJfTElCUkFSSUVTCisgICAgICAgICR7R1NUUkVBTUVSX0xJQlJBUklFU30KKyAgICApCitl bmRpZiAoKQorCiBzZXQoV2ViS2l0MkNvbW1vbkluY2x1ZGVEaXJlY3RvcmllcyAke1dlYktpdDJf SU5DTFVERV9ESVJFQ1RPUklFU30pCiBzZXQoV2ViS2l0MkNvbW1vblN5c3RlbUluY2x1ZGVEaXJl Y3RvcmllcyAke1dlYktpdDJfU1lTVEVNX0lOQ0xVREVfRElSRUNUT1JJRVN9KQogCmRpZmYgLS1n aXQgYS9Tb3VyY2UvV2ViS2l0Mi9VSVByb2Nlc3MvTGF1bmNoZXIvZ3RrL1Byb2Nlc3NMYXVuY2hl ckd0ay5jcHAgYi9Tb3VyY2UvV2ViS2l0Mi9VSVByb2Nlc3MvTGF1bmNoZXIvZ3RrL1Byb2Nlc3NM YXVuY2hlckd0ay5jcHAKaW5kZXggOWQ0MTZhOGY3ZWIxZDMxOTM3YWZmNmUxNTExOWRiMjQzMDA3 ZGYzYi4uMzgyZWNlOGVmMTlkNGNkMjI0ZjQwNDZiMzVhYjA1NGYzYzViM2Q5OSAxMDA2NDQKLS0t IGEvU291cmNlL1dlYktpdDIvVUlQcm9jZXNzL0xhdW5jaGVyL2d0ay9Qcm9jZXNzTGF1bmNoZXJH dGsuY3BwCisrKyBiL1NvdXJjZS9XZWJLaXQyL1VJUHJvY2Vzcy9MYXVuY2hlci9ndGsvUHJvY2Vz c0xhdW5jaGVyR3RrLmNwcApAQCAtMzcsMTYgKzM3LDYwIEBACiAjaW5jbHVkZSA8ZmNudGwuaD4K ICNpbmNsdWRlIDxnbGliLmg+CiAjaW5jbHVkZSA8bG9jYWxlLmg+CisjaW5jbHVkZSA8c3RkbGli Lmg+CisjaW5jbHVkZSA8c3lzL3R5cGVzLmg+CisjaW5jbHVkZSA8c3lzL3dhaXQuaD4KICNpbmNs dWRlIDx3dGYvUnVuTG9vcC5oPgogI2luY2x1ZGUgPHd0Zi9nbGliL0dMaWJVdGlsaXRpZXMuaD4K ICNpbmNsdWRlIDx3dGYvZ2xpYi9HVW5pcXVlUHRyLmg+CiAjaW5jbHVkZSA8d3RmL3RleHQvQ1N0 cmluZy5oPgogI2luY2x1ZGUgPHd0Zi90ZXh0L1dURlN0cmluZy5oPgogCisjaWYgVVNFKEdTVFJF QU1FUikKKyNpbmNsdWRlIDxnc3QvZ3N0Lmg+CisjZW5kaWYKKwogdXNpbmcgbmFtZXNwYWNlIFdl YkNvcmU7CiAKIG5hbWVzcGFjZSBXZWJLaXQgewogCitzdGF0aWMgdm9pZCB1cGRhdGVHc3RSZWdp c3RyeUluU3VicHJvY2VzcygpCit7CisjaWYgRU5BQkxFKFNFQ0NPTVBfRklMVEVSUykgJiYgVVNF KEdTVFJFQU1FUikKKyAgICBhdXRvIHJlc3VsdCA9IGZvcmsoKTsKKworICAgIGlmIChyZXN1bHQg PT0gLTEpIHsKKyAgICAgICAgQVNTRVJUX05PVF9SRUFDSEVEKCk7CisgICAgICAgIHJldHVybjsK KyAgICB9CisKKyAgICBpZiAoIXJlc3VsdCkgeworICAgICAgICAvLyBDaGlsZCBwcm9jZXNzLgor ICAgICAgICBHVW5pcXVlT3V0UHRyPEdFcnJvcj4gZXJyb3I7CisgICAgICAgIGdzdF9pbml0X2No ZWNrKG51bGxwdHIsIG51bGxwdHIsICZlcnJvci5vdXRQdHIoKSk7CisgICAgICAgIGlmIChlcnJv cikgeworICAgICAgICAgICAgZ193YXJuaW5nKCJnc3RfaW5pdCBmYWlsZWQ6ICVzIiwgZXJyb3It Pm1lc3NhZ2UpOworICAgICAgICAgICAgZXhpdChFWElUX0ZBSUxVUkUpOworICAgICAgICB9Cisg ICAgICAgIGV4aXQoRVhJVF9TVUNDRVNTKTsKKyAgICB9CisKKyAgICAvLyBQYXJlbnQgcHJvY2Vz cy4gV2FpdCB1bnRpbCB0aGUgY2hpbGQgaGFzIGZpbmlzaGVkLgorICAgIGF1dG8gcGlkID0gcmVz dWx0OworICAgIGludCBzdGF0dXM7CisgICAgd2hpbGUgKChyZXN1bHQgPSB3YWl0cGlkKHBpZCwg JnN0YXR1cywgMCkpID09IC0xICYmIGVycm5vID09IEVJTlRSKSB7IH0KKyAgICBBU1NFUlQocmVz dWx0ICE9IC0xKTsKKyAgICBBU1NFUlQoV0lGRVhJVEVEKHN0YXR1cykpOworICAgIEFTU0VSVChX RVhJVFNUQVRVUyhzdGF0dXMpID09IEVYSVRfU1VDQ0VTUyk7CisjZW5kaWYKK30KKworc3RhdGlj IGdwb2ludGVyIHdpbGxMYXVuY2hGaXJzdFN1YnByb2Nlc3MoZ3BvaW50ZXIpCit7CisgICAgdXBk YXRlR3N0UmVnaXN0cnlJblN1YnByb2Nlc3MoKTsKKyAgICByZXR1cm4gbnVsbHB0cjsKK30KKwog c3RhdGljIHZvaWQgY2hpbGRTZXR1cEZ1bmN0aW9uKGdwb2ludGVyIHVzZXJEYXRhKQogewogICAg IGludCBzb2NrZXQgPSBHUE9JTlRFUl9UT19JTlQodXNlckRhdGEpOwpAQCAtNTUsNyArOTksOCBA QCBzdGF0aWMgdm9pZCBjaGlsZFNldHVwRnVuY3Rpb24oZ3BvaW50ZXIgdXNlckRhdGEpCiAKIHZv aWQgUHJvY2Vzc0xhdW5jaGVyOjpsYXVuY2hQcm9jZXNzKCkKIHsKLSAgICBHUGlkIHBpZCA9IDA7 CisgICAgc3RhdGljIEdPbmNlIG9uY2VJbml0ID0gR19PTkNFX0lOSVQ7CisgICAgKHZvaWQpIGdf b25jZSgmb25jZUluaXQsIHdpbGxMYXVuY2hGaXJzdFN1YnByb2Nlc3MsIDApOwogCiAgICAgSVBD OjpDb25uZWN0aW9uOjpTb2NrZXRQYWlyIHNvY2tldFBhaXIgPSBJUEM6OkNvbm5lY3Rpb246OmNy ZWF0ZVBsYXRmb3JtQ29ubmVjdGlvbihJUEM6OkNvbm5lY3Rpb246OkNvbm5lY3Rpb25PcHRpb25z OjpTZXRDbG9leGVjT25TZXJ2ZXIpOwogCkBAIC0xMTksNiArMTY0LDcgQEAgdm9pZCBQcm9jZXNz TGF1bmNoZXI6OmxhdW5jaFByb2Nlc3MoKQogICAgIGFyZ3ZbaSsrXSA9IGNvbnN0X2Nhc3Q8Y2hh cio+KHJlYWxQbHVnaW5QYXRoLmRhdGEoKSk7CiAgICAgYXJndltpKytdID0gMDsKIAorICAgIEdQ aWQgcGlkID0gMDsKICAgICBHVW5pcXVlT3V0UHRyPEdFcnJvcj4gZXJyb3I7CiAgICAgaWYgKCFn X3NwYXduX2FzeW5jKDAsIGFyZ3YsIDAsIEdfU1BBV05fTEVBVkVfREVTQ1JJUFRPUlNfT1BFTiwg Y2hpbGRTZXR1cEZ1bmN0aW9uLCBHSU5UX1RPX1BPSU5URVIoc29ja2V0UGFpci5zZXJ2ZXIpLCAm cGlkLCAmZXJyb3Iub3V0UHRyKCkpKSB7CiAgICAgICAgIGdfcHJpbnRlcnIoIlVuYWJsZSB0byBm b3JrIGEgbmV3IFdlYlByb2Nlc3M6ICVzLlxuIiwgZXJyb3ItPm1lc3NhZ2UpOwpkaWZmIC0tZ2l0 IGEvU291cmNlL1dlYktpdDIvV2ViUHJvY2Vzcy9FbnRyeVBvaW50L3VuaXgvV2ViUHJvY2Vzc01h aW4uY3BwIGIvU291cmNlL1dlYktpdDIvV2ViUHJvY2Vzcy9FbnRyeVBvaW50L3VuaXgvV2ViUHJv Y2Vzc01haW4uY3BwCmluZGV4IDVmNDVkMDFhZjc4YWU4NjY4YzlkZTc3YWRjMWJmMDFhYjAxMDhj ZGEuLmQ3OTBlYzRlZWIyYmI0ZWVlZThlOWY1Zjg0NzBmN2YyM2FjYmU3OGIgMTAwNjQ0Ci0tLSBh L1NvdXJjZS9XZWJLaXQyL1dlYlByb2Nlc3MvRW50cnlQb2ludC91bml4L1dlYlByb2Nlc3NNYWlu LmNwcAorKysgYi9Tb3VyY2UvV2ViS2l0Mi9XZWJQcm9jZXNzL0VudHJ5UG9pbnQvdW5peC9XZWJQ cm9jZXNzTWFpbi5jcHAKQEAgLTQxLDUgKzQxLDE0IEBAIGludCBtYWluKGludCBhcmdjLCBjaGFy KiogYXJndikKICAgICAvLyBXQVJOSU5HOiBUaGlzIG5lZWRzIHRvIGJlIEtFUFQgSU4gU1lOQyB3 aXRoIFdlYlByb2Nlc3NNYWluLmNwcC4KICAgICBzZXRlbnYoIkdfVExTX0dOVVRMU19QUklPUklU WSIsICJOT1JNQUw6JUNPTVBBVDolTEFURVNUX1JFQ09SRF9WRVJTSU9OOiFWRVJTLVNTTDMuMDoh QVJDRk9VUi0xMjgiLCAwKTsKIAorI2lmIEVOQUJMRShTRUNDT01QX0ZJTFRFUlMpICYmIFVTRShH U1RSRUFNRVIpCisgICAgLy8gRG8gbm90IGF0dGVtcHQgdG8gdXBkYXRlIHRoZSBHU3RyZWFtZXIg cGx1Z2luIHJlZ2lzdHJ5LiBTdWJwcm9jZXNzZXMgaGF2ZQorICAgIC8vIG5vIGFjY2VzcyB0byBz eXNjYWxscyBhbmQgd2lsbCBqdXN0IGR1bXAgY29yZSB3aGVuIHRoZXkgcmVjZWl2ZSBTSUdTWVMu CisgICAgLy8gV2UgdXBkYXRlIHRoZSBwbHVnaW4gcmVnaXN0cnkgaW4gYSBjaGlsZCBvZiB0aGUg VUkgcHJvY2VzcyB0byBtYWtlIHN1cmUKKyAgICAvLyB0aGlzIHdvcmtzLiBOQiB3ZSBvbmx5IHNl dGVudiBhdCB0aGUgdmVyeSBiZWdpbm5pbmcgb2YgbWFpbiBiZWNhdXNlCisgICAgLy8gc2V0ZW52 L2dldGVudiBhcmUgbm90IHRocmVhZC1zYWZlIGFuZCBjb3VsZCBjcmFzaCB0aGUgcHJvY2Vzcy4K KyAgICBzZXRlbnYoIkdTVF9SRUdJU1RSWV9VUERBVEUiLCAibm8iLCAxKTsKKyNlbmRpZgorCiAg ICAgcmV0dXJuIFdlYlByb2Nlc3NNYWluVW5peChhcmdjLCBhcmd2KTsKIH0K