191360 2018-11-07 06:53:41 -0800 [GTK][WPE] Bubblewrap launcher should not depend on memfd 2018-11-13 08:32:43 -0800 1 1 1 Unclassified WebKit WebKitGTK WebKit Nightly Build Unspecified Unspecified NEW Gtk P2 Normal --- 1 cgarcia webkit-unassigned bugs-noreply mcatanzaro pgriffis oldest_to_newest 1475975 0 cgarcia 2018-11-07 06:53:41 -0800 We can use SharedMemory which falls back to shm_open and a temporary file as a fallback for seccomp_export_bpf 1475976 1 354090 cgarcia 2018-11-07 06:57:39 -0800 Created attachment 354090 Patch 1476412 2 354090 mcatanzaro 2018-11-07 20:07:40 -0800 Comment on attachment 354090 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=354090&action=review > Source/WebCore/ChangeLog:3 > + [GTK][WPE] Bubblewrap launcher should not depend on memfd It's a little unclear to me why this is desirable given that kernel 3.17 is positively ancient now, but OK. > Source/WebCore/platform/glib/FileSystemGlib.cpp:42 > +#if HAVE(LINUX_MEMFD_H) Here's what really confuses me. A grep of the entire codebase shows no other uses of LINUX_MEMFD_H. And your patch doesn't appear to add it. So how does this check work? Is it always false? It's not the ideal check, either. The original code is designed to use memfd even if memfd.h doesn't exist, as long as the kernel is new enough. I guess it's perfectly fine to change this, since we have fallback in place, but it's not clear to me that the change here was intentional. > Source/WebCore/platform/glib/FileSystemGlib.cpp:43 > +#include <linux/memfd.h> Looks like this is unused? You only use sycall() directly and don't seem to use anything declared in this header. > Source/WebCore/platform/glib/FileSystemGlib.cpp:47 > + > + Too much space here > Source/WebCore/platform/glib/FileSystemGlib.cpp:477 > + fileDescriptor = syscall(__NR_memfd_create, name, 0); Since you're inside an #if HAVE(LINUX_MEMFD_H) guard, you know linux/memfd.h is available, and can use it instead of syscall(). We were using syscall() to ensure this works when memfd.h is not available. > Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp:-94 > - if (fcntl(fd, F_ADD_SEALS, F_SEAL_SHRINK | F_SEAL_GROW | F_SEAL_WRITE | F_SEAL_SEAL) == -1) { > - g_warning("Failed to seal memfd: %s", g_strerror(errno)); > - close(fd); > - return -1; > - } Well we lost the fd sealing code. I'm not sure how important this is, or why it's there in the first place. Are other processes somehow able to modify the fd and mess with the args passed to bwap without the sealing? Patrick, can you comment on this? > Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp:47 > -static int > -argsToFd(const Vector<CString>& args, const char *name) > +static RefPtr<SharedMemory> argsToFd(const Vector<CString>& args, const char *name) Oops. Also fix: const char* name > Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp:708 > + auto flatpakInfoMemory = createFlatpakInfo(); > + std::optional<int> flatpakInfoFd; > + if (flatpakInfoMemory) { How about: if (auto flatpakInfoMemory = createFlatpakInfo()) { 1476444 3 354090 cgarcia 2018-11-08 00:14:01 -0800 Comment on attachment 354090 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=354090&action=review >> Source/WebCore/ChangeLog:3 >> + [GTK][WPE] Bubblewrap launcher should not depend on memfd > > It's a little unclear to me why this is desirable given that kernel 3.17 is positively ancient now, but OK. The code si simpler using SharedMemory, IMO and SharedMemory now uses memfd when available. >> Source/WebCore/platform/glib/FileSystemGlib.cpp:42 >> +#if HAVE(LINUX_MEMFD_H) > > Here's what really confuses me. A grep of the entire codebase shows no other uses of LINUX_MEMFD_H. And your patch doesn't appear to add it. So how does this check work? Is it always false? > > It's not the ideal check, either. The original code is designed to use memfd even if memfd.h doesn't exist, as long as the kernel is new enough. I guess it's perfectly fine to change this, since we have fallback in place, but it's not clear to me that the change here was intentional. LINUX_MEMFD_H was added in r237922. Since we have a fallback now, I think it's simpler to only use it if the header is present. >> Source/WebCore/platform/glib/FileSystemGlib.cpp:43 >> +#include <linux/memfd.h> > > Looks like this is unused? You only use sycall() directly and don't seem to use anything declared in this header. Right >> Source/WebCore/platform/glib/FileSystemGlib.cpp:477 >> + fileDescriptor = syscall(__NR_memfd_create, name, 0); > > Since you're inside an #if HAVE(LINUX_MEMFD_H) guard, you know linux/memfd.h is available, and can use it instead of syscall(). We were using syscall() to ensure this works when memfd.h is not available. Can't we have newer glibc with old kernel? that's what ENOSYS is detecting, isn't it? >> Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp:-94 >> - } > > Well we lost the fd sealing code. I'm not sure how important this is, or why it's there in the first place. Are other processes somehow able to modify the fd and mess with the args passed to bwap without the sealing? Patrick, can you comment on this? I don't think we need it at all, seals only work with memfd and other processes don't assume the fd was created with memfd AFAIK. Ideally we could fix SharedMemoty::createHandle to use the protection parameter, but I don't know how to do it. 1476508 4 354090 mcatanzaro 2018-11-08 06:24:52 -0800 Comment on attachment 354090 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=354090&action=review OK, I was confused because I had forgotten about r237922 and was looking at the old version of SharedMemoryUnix.cpp! >>> Source/WebCore/platform/glib/FileSystemGlib.cpp:477 >>> + fileDescriptor = syscall(__NR_memfd_create, name, 0); >> >> Since you're inside an #if HAVE(LINUX_MEMFD_H) guard, you know linux/memfd.h is available, and can use it instead of syscall(). We were using syscall() to ensure this works when memfd.h is not available. > > Can't we have newer glibc with old kernel? that's what ENOSYS is detecting, isn't it? If you're checking for linux/memfd.h, you should use it. Right now you check to make sure the header exists, and include the header, but don't actually use anything from the header. So that doesn't make sense. r237922 has the same problem, which I missed when I reviewed it. So I would replace this syscall() and the syscall() in SharedMemoryUnix.cpp with calls to memfd_create(). Then you can get rid of the #include <sys/syscall.h>. Alternatively, you could take the opposite route, get rid of the checks for linux/memfd.h, and just rely on syscall(), like Patrick's original code was doing. Either way is fine IMO. But checking for the header and including it and not using it isn't fine! 1476509 5 mcatanzaro 2018-11-08 06:35:39 -0800 (In reply to Carlos Garcia Campos from comment #3) > Can't we have newer glibc with old kernel? that's what ENOSYS is detecting, > isn't it? I guess, but that's pedantic, and if anyone ever runs such a configuration, then I think failure is reasonable. 1476514 6 pgriffis 2018-11-08 07:09:26 -0800 Losing sealing shouldn't be a concern for our usage. 1476562 7 pgriffis 2018-11-08 10:24:38 -0800 Outside of existing comments looks fine and works here. 1476571 8 pgriffis 2018-11-08 10:49:52 -0800 Actually regarding F_SEAL_WRITE, I guess that is the definition of what `SharedMemory::Protection::ReadOnly` should do right? 1476821 9 cgarcia 2018-11-08 23:43:47 -0800 (In reply to Patrick Griffis from comment #8) > Actually regarding F_SEAL_WRITE, I guess that is the definition of what > `SharedMemory::Protection::ReadOnly` should do right? It could be, but I don't think we can do that anyway. It's true that we don't normally create more than one handle for the same shared memory, but the API allows that. We can only seal an fd created by memfd, but not the duplicated one used by the handler (AFAIK). So we would need to seal before dup, making the shared memory read only even if a following createHandle uses a readwrite protection, because seals can't be removed. We could add a seal method to shared memory, to be called after data have been written, but I don't think it's worth it. 1476862 10 pgriffis 2018-11-09 05:53:24 -0800 (In reply to Carlos Garcia Campos from comment #9) > (In reply to Patrick Griffis from comment #8) > > Actually regarding F_SEAL_WRITE, I guess that is the definition of what > > `SharedMemory::Protection::ReadOnly` should do right? > > It could be, but I don't think we can do that anyway. It's true that we > don't normally create more than one handle for the same shared memory, but > the API allows that. We can only seal an fd created by memfd, but not the > duplicated one used by the handler (AFAIK). So we would need to seal before > dup, making the shared memory read only even if a following createHandle > uses a readwrite protection, because seals can't be removed. We could add a > seal method to shared memory, to be called after data have been written, but > I don't think it's worth it. Well the resulting fd *must* be read-only otherwise its a sandbox escape. 1476883 11 mcatanzaro 2018-11-09 07:02:06 -0800 (In reply to Patrick Griffis from comment #10) > Well the resulting fd *must* be read-only otherwise its a sandbox escape. So then the sealing is important! But I don't understand. How can you escape the sandbox? The trusted UI process creates the fd, stuffs arguments into it, launches the bwrap process, and then bwrap reads them from the fd before launching the untrusted process. Right? I don't see why it has to be read-only. 1476941 12 pgriffis 2018-11-09 09:30:55 -0800 (In reply to Michael Catanzaro from comment #11) > But I don't understand. How can you escape the sandbox? The trusted UI > process creates the fd, stuffs arguments into it, launches the bwrap > process, and then bwrap reads them from the fd before launching the > untrusted process. Right? I don't see why it has to be read-only. Well I've not tested it yet, but `/.flatpak-info` is read at various points during runtime and what it contains determines what `xdg-desktop-portal` exposes. So it does need to be read-only. 1476948 13 pgriffis 2018-11-09 09:35:47 -0800 Ok so `bubblewrap` itself does make it read-only so its actually totally fine. 1476949 14 pgriffis 2018-11-09 09:36:24 -0800 It does sound like a bug that the ReadOnly permission is ignored though. 1477010 15 mcatanzaro 2018-11-09 11:28:58 -0800 I didn't realize this was used for /.flatpak-info. (We should really probably fix any portals that are depending on that, since it creates a very risky assumption that WebKit is Flatpak... I can imagine portals breaking us in the future with that assumption.) 1477212 16 pgriffis 2018-11-09 18:22:54 -0800 (In reply to Michael Catanzaro from comment #15) > (We should really probably fix any portals that are depending on that, since > it creates a very risky assumption that WebKit is Flatpak... I can imagine > portals breaking us in the future with that assumption.) Re can reinvent a new format that is effectively identical to flatpak-info but I'm not sure its really needed. I verified that only a single field is required by the portals `Name`, mclasen knows we use it for this, and I see every commit that lands upstream. I think it will be alright. 1477498 17 cgarcia 2018-11-12 00:39:30 -0800 (In reply to Patrick Griffis from comment #14) > It does sound like a bug that the ReadOnly permission is ignored though. https://bugs.webkit.org/show_bug.cgi?id=131542 1477997 18 354090 mcatanzaro 2018-11-13 08:32:43 -0800 Comment on attachment 354090 Patch It seems we agree on the modifications that are needed here. r- for now. 354090 2018-11-07 06:57:39 -0800 2018-11-13 08:32:43 -0800 Patch wk-memfd.diff text/plain 12228 cgarcia ZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJDb3JlL0NoYW5nZUxvZyBiL1NvdXJjZS9XZWJDb3JlL0No YW5nZUxvZwppbmRleCBlMTExMDllOGUzOC4uMTM2ZTI5NTU2YTAgMTAwNjQ0Ci0tLSBhL1NvdXJj ZS9XZWJDb3JlL0NoYW5nZUxvZworKysgYi9Tb3VyY2UvV2ViQ29yZS9DaGFuZ2VMb2cKQEAgLTEs MyArMSwxNiBAQAorMjAxOC0xMS0wNyAgQ2FybG9zIEdhcmNpYSBDYW1wb3MgIDxjZ2FyY2lhQGln YWxpYS5jb20+CisKKyAgICAgICAgW0dUS11bV1BFXSBCdWJibGV3cmFwIGxhdW5jaGVyIHNob3Vs ZCBub3QgZGVwZW5kIG9uIG1lbWZkCisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3No b3dfYnVnLmNnaT9pZD0xOTEzNjAKKworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMh KS4KKworICAgICAgICBBZGQgYSBoZWxwZXIgZnVuY3Rpb24gdG8gY3JlYXRlIGEgdGVtcG9yYXJ5 IGZpbGUgZGVzY3JpcHRvciB1c2luZyBtZW1mZCB3aGVuIGF2YWlsYWJsZS4KKworICAgICAgICAq IHBsYXRmb3JtL0ZpbGVTeXN0ZW0uaDoKKyAgICAgICAgKiBwbGF0Zm9ybS9nbGliL0ZpbGVTeXN0 ZW1HbGliLmNwcDoKKyAgICAgICAgKFdlYkNvcmU6OkZpbGVTeXN0ZW06Om9wZW5UZW1wb3JhcnlG aWxlRGVzY3JpcHRvcik6CisKIDIwMTgtMTEtMDcgIENoYXJsaWUgVHVybmVyICA8Y3R1cm5lckBp Z2FsaWEuY29tPgogCiAgICAgICAgIFtFTUVdW0dTdHJlYW1lcl0gRW5zdXJlIGtleSBpZCBidWZm ZXJzIGFyZSBwcmVzZW50IGFuZCBzaW1wbGlmeSBsaWZldGltZSBtYW5hZ2VtZW50IG9mIENsZWFy S2V5IGNsYXNzLgpkaWZmIC0tZ2l0IGEvU291cmNlL1dlYkNvcmUvcGxhdGZvcm0vRmlsZVN5c3Rl bS5oIGIvU291cmNlL1dlYkNvcmUvcGxhdGZvcm0vRmlsZVN5c3RlbS5oCmluZGV4IGE1MmFiNGM3 Y2Y0Li41NWY2YWY1OGYzZSAxMDA2NDQKLS0tIGEvU291cmNlL1dlYkNvcmUvcGxhdGZvcm0vRmls ZVN5c3RlbS5oCisrKyBiL1NvdXJjZS9XZWJDb3JlL3BsYXRmb3JtL0ZpbGVTeXN0ZW0uaApAQCAt MTczLDYgKzE3MywxMCBAQCBXRUJDT1JFX0VYUE9SVCBib29sIGZpbGVzSGF2ZVNhbWVWb2x1bWUo Y29uc3QgU3RyaW5nJiwgY29uc3QgU3RyaW5nJik7CiBSZXRhaW5QdHI8Q0ZVUkxSZWY+IHBhdGhB c1VSTChjb25zdCBTdHJpbmcmKTsKICNlbmRpZgogCisjaWYgVVNFKEdMSUIpICYmICFQTEFURk9S TShXSU4pCitzdGQ6Om9wdGlvbmFsPGludD4gb3BlblRlbXBvcmFyeUZpbGVEZXNjcmlwdG9yKGNv bnN0IGNoYXIqLCBHRXJyb3IqKik7CisjZW5kaWYKKwogI2lmIFBMQVRGT1JNKEdUSykgfHwgUExB VEZPUk0oV1BFKQogU3RyaW5nIGZpbGVuYW1lRm9yRGlzcGxheShjb25zdCBTdHJpbmcmKTsKICNl bmRpZgpkaWZmIC0tZ2l0IGEvU291cmNlL1dlYkNvcmUvcGxhdGZvcm0vZ2xpYi9GaWxlU3lzdGVt R2xpYi5jcHAgYi9Tb3VyY2UvV2ViQ29yZS9wbGF0Zm9ybS9nbGliL0ZpbGVTeXN0ZW1HbGliLmNw cAppbmRleCBmOTQwODE1ZjUxMi4uODhhMmJiNWZhOTQgMTAwNjQ0Ci0tLSBhL1NvdXJjZS9XZWJD b3JlL3BsYXRmb3JtL2dsaWIvRmlsZVN5c3RlbUdsaWIuY3BwCisrKyBiL1NvdXJjZS9XZWJDb3Jl L3BsYXRmb3JtL2dsaWIvRmlsZVN5c3RlbUdsaWIuY3BwCkBAIC0zOSw2ICszOSwxMiBAQAogI2lu Y2x1ZGUgPHd0Zi90ZXh0L1N0cmluZ0J1aWxkZXIuaD4KICNpbmNsdWRlIDx3dGYvdGV4dC9XVEZT dHJpbmcuaD4KIAorI2lmIEhBVkUoTElOVVhfTUVNRkRfSCkKKyNpbmNsdWRlIDxsaW51eC9tZW1m ZC5oPgorI2luY2x1ZGUgPHN5cy9zeXNjYWxsLmg+CisjZW5kaWYKKworCiBuYW1lc3BhY2UgV2Vi Q29yZSB7CiAKIG5hbWVzcGFjZSBGaWxlU3lzdGVtIHsKQEAgLTQ2MCw1ICs0NjYsMzcgQEAgYm9v bCB1bmxvY2tGaWxlKFBsYXRmb3JtRmlsZUhhbmRsZSBoYW5kbGUpCiB9CiAjZW5kaWYgLy8gVVNF KEZJTEVfTE9DSykKIAorc3RkOjpvcHRpb25hbDxpbnQ+IG9wZW5UZW1wb3JhcnlGaWxlRGVzY3Jp cHRvcihjb25zdCBjaGFyKiBuYW1lLCBHRXJyb3IqKiBlcnJvcikKK3sKKyAgICBpbnQgZmlsZURl c2NyaXB0b3IgPSAtMTsKKworI2lmIEhBVkUoTElOVVhfTUVNRkRfSCkKKyAgICBzdGF0aWMgYm9v bCBpc01lbUZkQXZhaWxhYmxlID0gdHJ1ZTsKKyAgICBpZiAoaXNNZW1GZEF2YWlsYWJsZSkgewor ICAgICAgICBkbyB7CisgICAgICAgICAgICBmaWxlRGVzY3JpcHRvciA9IHN5c2NhbGwoX19OUl9t ZW1mZF9jcmVhdGUsIG5hbWUsIDApOworICAgICAgICB9IHdoaWxlIChmaWxlRGVzY3JpcHRvciA9 PSAtMSAmJiBlcnJubyA9PSBFSU5UUik7CisKKyAgICAgICAgaWYgKGZpbGVEZXNjcmlwdG9yICE9 IC0xKQorICAgICAgICAgICAgcmV0dXJuIGZpbGVEZXNjcmlwdG9yOworCisgICAgICAgIGlmIChl cnJubyAhPSBFTk9TWVMpIHsKKyAgICAgICAgICAgIGdfc2V0X2Vycm9yKGVycm9yLCBHX0lPX0VS Uk9SLCBHX0lPX0VSUk9SX0ZBSUxFRCwgIkZhaWxlZCB0byBjcmVhdGUgbWVtZmQ6ICVzIiwgZ19z dHJlcnJvcihlcnJubykpOworICAgICAgICAgICAgcmV0dXJuIHN0ZDo6bnVsbG9wdDsKKyAgICAg ICAgfQorICAgIH0KKyAgICBpc01lbUZkQXZhaWxhYmxlID0gZmFsc2U7CisjZW5kaWYKKworICAg IEdVbmlxdWVPdXRQdHI8Y2hhcj4gcGF0aDsKKyAgICBHVW5pcXVlUHRyPGNoYXI+IGZpbGVuYW1l KGdfc3RyZHVwX3ByaW50ZigiJXMtWFhYWFhYIiwgbmFtZSkpOworICAgIGZpbGVEZXNjcmlwdG9y ID0gZ19maWxlX29wZW5fdG1wKGZpbGVuYW1lLmdldCgpLCAmcGF0aC5vdXRQdHIoKSwgZXJyb3Ip OworICAgIGlmIChmaWxlRGVzY3JpcHRvciA9PSAtMSkKKyAgICAgICAgcmV0dXJuIHN0ZDo6bnVs bG9wdDsKKworICAgIGdfdW5saW5rKHBhdGguZ2V0KCkpOworICAgIHJldHVybiBmaWxlRGVzY3Jp cHRvcjsKK30KKwogfSAvLyBuYW1lc3BhY2UgRmlsZVN5c3RlbQogfSAvLyBuYW1lc3BhY2UgV2Vi Q29yZQpkaWZmIC0tZ2l0IGEvU291cmNlL1dlYktpdC9DaGFuZ2VMb2cgYi9Tb3VyY2UvV2ViS2l0 L0NoYW5nZUxvZwppbmRleCAxZjA2MTQxMjE4Mi4uY2EyMTI1NWQ5ZTMgMTAwNjQ0Ci0tLSBhL1Nv dXJjZS9XZWJLaXQvQ2hhbmdlTG9nCisrKyBiL1NvdXJjZS9XZWJLaXQvQ2hhbmdlTG9nCkBAIC0x LDMgKzEsMjAgQEAKKzIwMTgtMTEtMDcgIENhcmxvcyBHYXJjaWEgQ2FtcG9zICA8Y2dhcmNpYUBp Z2FsaWEuY29tPgorCisgICAgICAgIFtHVEtdW1dQRV0gQnViYmxld3JhcCBsYXVuY2hlciBzaG91 bGQgbm90IGRlcGVuZCBvbiBtZW1mZAorICAgICAgICBodHRwczovL2J1Z3Mud2Via2l0Lm9yZy9z aG93X2J1Zy5jZ2k/aWQ9MTkxMzYwCisKKyAgICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZIChPT1BT ISkuCisKKyAgICAgICAgVXNlIFNoYXJlZE1lbW9yeSB3aGljaCBmYWxscyBiYWNrIHRvIHNobV9v cGVuIGFuZCBhIHRlbXBvcmFyeSBmaWxlIGFzIGEgZmFsbGJhY2sgZm9yIHNlY2NvbXBfZXhwb3J0 X2JwZi4KKworICAgICAgICAqIFVJUHJvY2Vzcy9MYXVuY2hlci9nbGliL0J1YmJsZXdyYXBMYXVu Y2hlci5jcHA6CisgICAgICAgIChXZWJLaXQ6OmNyZWF0ZVNoYXJlZE1lbW9yeVdpdGhEYXRhKToK KyAgICAgICAgKFdlYktpdDo6YXJnc1RvRmQpOgorICAgICAgICAoV2ViS2l0OjpYREdEQnVzUHJv eHlMYXVuY2hlcjo6bGF1bmNoKToKKyAgICAgICAgKFdlYktpdDo6c2V0dXBTZWNjb21wKToKKyAg ICAgICAgKFdlYktpdDo6Y3JlYXRlRmxhdHBha0luZm8pOgorICAgICAgICAoV2ViS2l0OjpidWJi bGV3cmFwU3Bhd24pOgorCiAyMDE4LTExLTA3ICBDYXJsb3MgR2FyY2lhIENhbXBvcyAgPGNnYXJj aWFAaWdhbGlhLmNvbT4KIAogICAgICAgICBbR1RLXSBDcmFzaCB3aGVuIHJ1bm5pbmcgd2l0aCBz YW5kYm94IGVuYWJsZWQKZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJLaXQvVUlQcm9jZXNzL0xhdW5j aGVyL2dsaWIvQnViYmxld3JhcExhdW5jaGVyLmNwcCBiL1NvdXJjZS9XZWJLaXQvVUlQcm9jZXNz L0xhdW5jaGVyL2dsaWIvQnViYmxld3JhcExhdW5jaGVyLmNwcAppbmRleCAxYjA0ZjM2Y2VjYy4u YzExM2JiMmIxNDggMTAwNjQ0Ci0tLSBhL1NvdXJjZS9XZWJLaXQvVUlQcm9jZXNzL0xhdW5jaGVy L2dsaWIvQnViYmxld3JhcExhdW5jaGVyLmNwcAorKysgYi9Tb3VyY2UvV2ViS2l0L1VJUHJvY2Vz cy9MYXVuY2hlci9nbGliL0J1YmJsZXdyYXBMYXVuY2hlci5jcHAKQEAgLTIwLDYgKzIwLDcgQEAK IAogI2lmIEVOQUJMRShCVUJCTEVXUkFQX1NBTkRCT1gpCiAKKyNpbmNsdWRlICJTaGFyZWRNZW1v cnkuaCIKICNpbmNsdWRlIDxXZWJDb3JlL0ZpbGVTeXN0ZW0uaD4KICNpbmNsdWRlIDxXZWJDb3Jl L1BsYXRmb3JtRGlzcGxheS5oPgogI2luY2x1ZGUgPGZjbnRsLmg+CkBAIC0zMCw3NCArMzEsMjAg QEAKICNpbmNsdWRlIDx3dGYvZ2xpYi9HUmVmUHRyLmg+CiAjaW5jbHVkZSA8d3RmL2dsaWIvR1Vu aXF1ZVB0ci5oPgogCi0jaWYgX19oYXNfaW5jbHVkZSg8c3lzL21lbWZkLmg+KQotCi0jaW5jbHVk ZSA8c3lzL21lbWZkLmg+Ci0KLSNlbHNlCi0KLS8vIFRoZXNlIGRlZmluZXMgd2VyZSBhZGRlZCBp biBnbGliYyAyLjI3LCB0aGUgc2FtZSByZWxlYXNlIHRoYXQgYWRkZWQgbWVtZmRfY3JlYXRlLgot Ly8gQnV0IHRoZSBrZXJuZWwgYWRkZWQgYWxsIG9mIHRoaXMgaW4gTGludXggMy4xNy4gU28gaXQn cyB0b3RhbGx5IHNhZmUgZm9yIHVzIHRvCi0vLyBkZXBlbmQgb24sIGFzIGxvbmcgYXMgd2UgZGVm aW5lIGl0IGFsbCBvdXJzZWx2ZXMuIFJlbW92ZSB0aGlzIG9uY2Ugd2UgZGVwZW5kIG9uCi0vLyBn bGliYyAyLjI3LgotCi0jZGVmaW5lIEZfQUREX1NFQUxTIDEwMzMKLSNkZWZpbmUgRl9HRVRfU0VB TFMgMTAzNAotCi0jZGVmaW5lIEZfU0VBTF9TRUFMICAgMHgwMDAxCi0jZGVmaW5lIEZfU0VBTF9T SFJJTksgMHgwMDAyCi0jZGVmaW5lIEZfU0VBTF9HUk9XICAgMHgwMDA0Ci0jZGVmaW5lIEZfU0VB TF9XUklURSAgMHgwMDA4Ci0KLSNkZWZpbmUgTUZEX0FMTE9XX1NFQUxJTkcgMlUKLQotc3RhdGlj IGludCBtZW1mZF9jcmVhdGUoY29uc3QgY2hhciogbmFtZSwgdW5zaWduZWQgZmxhZ3MpCi17Ci0g ICAgcmV0dXJuIHN5c2NhbGwoX19OUl9tZW1mZF9jcmVhdGUsIG5hbWUsIGZsYWdzKTsKLX0KLSNl bmRpZgotCiBuYW1lc3BhY2UgV2ViS2l0IHsKIHVzaW5nIG5hbWVzcGFjZSBXZWJDb3JlOwogCi1z dGF0aWMgaW50IGNyZWF0ZVNlYWxlZE1lbUZkV2l0aERhdGEoY29uc3QgY2hhciogbmFtZSwgZ2Nv bnN0cG9pbnRlciBkYXRhLCBzaXplX3Qgc2l6ZSkKK3N0YXRpYyBSZWZQdHI8U2hhcmVkTWVtb3J5 PiBjcmVhdGVTaGFyZWRNZW1vcnlXaXRoRGF0YShjb25zdCBjaGFyKiBuYW1lLCBnY29uc3Rwb2lu dGVyIGRhdGEsIHNpemVfdCBzaXplKQogewotICAgIGludCBmZCA9IG1lbWZkX2NyZWF0ZShuYW1l LCBNRkRfQUxMT1dfU0VBTElORyk7Ci0gICAgaWYgKGZkID09IC0xKSB7Ci0gICAgICAgIGdfd2Fy bmluZygibWVtZmRfY3JlYXRlIGZhaWxlZDogJXMiLCBnX3N0cmVycm9yKGVycm5vKSk7Ci0gICAg ICAgIHJldHVybiAtMTsKLSAgICB9CisgICAgYXV0byBzaGFyZWRNZW1vcnkgPSBTaGFyZWRNZW1v cnk6OmFsbG9jYXRlKHNpemUpOworICAgIGlmICghc2hhcmVkTWVtb3J5KQorICAgICAgICByZXR1 cm4gbnVsbHB0cjsKIAotICAgIHNzaXplX3QgYnl0ZXNXcml0dGVuID0gd3JpdGUoZmQsIGRhdGEs IHNpemUpOwotICAgIGlmIChieXRlc1dyaXR0ZW4gPCAwKSB7Ci0gICAgICAgIGdfd2FybmluZygi V3JpdGluZyBhcmdzIHRvIG1lbWZkIGZhaWxlZDogJXMiLCBnX3N0cmVycm9yKGVycm5vKSk7Ci0g ICAgICAgIGNsb3NlKGZkKTsKLSAgICAgICAgcmV0dXJuIC0xOwotICAgIH0KLQotICAgIGlmIChz dGF0aWNfY2FzdDxzaXplX3Q+KGJ5dGVzV3JpdHRlbikgIT0gc2l6ZSkgewotICAgICAgICBnX3dh cm5pbmcoIkZhaWxlZCB0byB3cml0ZSBhbGwgYXJncyB0byBtZW1mZCIpOwotICAgICAgICBjbG9z ZShmZCk7Ci0gICAgICAgIHJldHVybiAtMTsKLSAgICB9Ci0KLSAgICBpZiAobHNlZWsoZmQsIDAs IFNFRUtfU0VUKSA9PSAtMSkgewotICAgICAgICBnX3dhcm5pbmcoImxzZWVrIGZhaWxlZDogJXMi LCBnX3N0cmVycm9yKGVycm5vKSk7Ci0gICAgICAgIGNsb3NlKGZkKTsKLSAgICAgICAgcmV0dXJu IC0xOwotICAgIH0KLQotICAgIGlmIChmY250bChmZCwgRl9BRERfU0VBTFMsIEZfU0VBTF9TSFJJ TksgfCBGX1NFQUxfR1JPVyB8IEZfU0VBTF9XUklURSB8IEZfU0VBTF9TRUFMKSA9PSAtMSkgewot ICAgICAgICBnX3dhcm5pbmcoIkZhaWxlZCB0byBzZWFsIG1lbWZkOiAlcyIsIGdfc3RyZXJyb3Io ZXJybm8pKTsKLSAgICAgICAgY2xvc2UoZmQpOwotICAgICAgICByZXR1cm4gLTE7Ci0gICAgfQot Ci0gICAgcmV0dXJuIGZkOworICAgIG1lbWNweShzaGFyZWRNZW1vcnktPmRhdGEoKSwgZGF0YSwg c2l6ZSk7CisgICAgcmV0dXJuIHNoYXJlZE1lbW9yeTsKIH0KIAotc3RhdGljIGludAotYXJnc1Rv RmQoY29uc3QgVmVjdG9yPENTdHJpbmc+JiBhcmdzLCBjb25zdCBjaGFyICpuYW1lKQorc3RhdGlj IFJlZlB0cjxTaGFyZWRNZW1vcnk+IGFyZ3NUb0ZkKGNvbnN0IFZlY3RvcjxDU3RyaW5nPiYgYXJn cywgY29uc3QgY2hhciAqbmFtZSkKIHsKICAgICBHU3RyaW5nKiBidWZmZXIgPSBnX3N0cmluZ19u ZXcobnVsbHB0cik7CiAKQEAgLTEwOSwxMSArNTYsMTEgQEAgYXJnc1RvRmQoY29uc3QgVmVjdG9y PENTdHJpbmc+JiBhcmdzLCBjb25zdCBjaGFyICpuYW1lKQogICAgIHNpemVfdCBzaXplOwogICAg IGdjb25zdHBvaW50ZXIgZGF0YSA9IGdfYnl0ZXNfZ2V0X2RhdGEoYnl0ZXMuZ2V0KCksICZzaXpl KTsKIAotICAgIGludCBtZW1mZCA9IGNyZWF0ZVNlYWxlZE1lbUZkV2l0aERhdGEobmFtZSwgZGF0 YSwgc2l6ZSk7Ci0gICAgaWYgKG1lbWZkID09IC0xKQotICAgICAgICBnX2Vycm9yKCJGYWlsZWQg dG8gd3JpdGUgbWVtZmQiKTsKKyAgICBhdXRvIHNoYXJlZE1lbW9yeSA9IGNyZWF0ZVNoYXJlZE1l bW9yeVdpdGhEYXRhKG5hbWUsIGRhdGEsIHNpemUpOworICAgIGlmICghc2hhcmVkTWVtb3J5KQor ICAgICAgICBnX2Vycm9yKCJGYWlsZWQgdG8gY3JlYXRlIHNoYXJlZCBtZW1vcnkiKTsKIAotICAg IHJldHVybiBtZW1mZDsKKyAgICByZXR1cm4gc2hhcmVkTWVtb3J5OwogfQogCiBlbnVtIGNsYXNz IERCdXNBZGRyZXNzVHlwZSB7CkBAIC0xNzAsNyArMTE3LDEwIEBAIHB1YmxpYzoKIAogICAgICAg ICBwcm94eUFyZ3MuYXBwZW5kVmVjdG9yKG1fcGVybWlzc2lvbnMpOwogCi0gICAgICAgIGludCBw cm94eUZkID0gYXJnc1RvRmQocHJveHlBcmdzLCAiZGJ1cy1wcm94eSIpOworICAgICAgICBhdXRv IHByb3h5TWVtb3J5ID0gYXJnc1RvRmQocHJveHlBcmdzLCAiZGJ1cy1wcm94eSIpOworICAgICAg ICBTaGFyZWRNZW1vcnk6OkhhbmRsZSBoYW5kbGU7CisgICAgICAgIHByb3h5TWVtb3J5LT5jcmVh dGVIYW5kbGUoaGFuZGxlLCBTaGFyZWRNZW1vcnk6OlByb3RlY3Rpb246OlJlYWRPbmx5KTsKKyAg ICAgICAgaW50IHByb3h5RmQgPSBoYW5kbGUucmVsZWFzZUF0dGFjaG1lbnQoKS5yZWxlYXNlRmls ZURlc2NyaXB0b3IoKTsKICAgICAgICAgR1VuaXF1ZVB0cjxjaGFyPiBwcm94eUFyZ3NTdHIoZ19z dHJkdXBfcHJpbnRmKCItLWFyZ3M9JWQiLCBwcm94eUZkKSk7CiAKICAgICAgICAgVmVjdG9yPENT dHJpbmc+IGFyZ3MgPSB7CkBAIC02MzQsMjYgKzU4NCwyNyBAQCBzdGF0aWMgaW50IHNldHVwU2Vj Y29tcCgpCiAgICAgICAgIH0KICAgICB9CiAKLSAgICBpbnQgdG1wZmQgPSBtZW1mZF9jcmVhdGUo InNlY2NvbXAtYnBmIiwgMCk7Ci0gICAgaWYgKHRtcGZkID09IC0xKSB7CisgICAgR1VuaXF1ZU91 dFB0cjxHRXJyb3I+IGVycm9yOworICAgIGF1dG8gdG1wZmQgPSBGaWxlU3lzdGVtOjpvcGVuVGVt cG9yYXJ5RmlsZURlc2NyaXB0b3IoInNlY2NvbXAtYnBmIiwgJmVycm9yLm91dFB0cigpKTsKKyAg ICBpZiAoIXRtcGZkKSB7CiAgICAgICAgIHNlY2NvbXBfcmVsZWFzZShzZWNjb21wKTsKLSAgICAg ICAgZ19lcnJvcigiRmFpbGVkIHRvIGNyZWF0ZSBtZW1mZDogJXMiLCBnX3N0cmVycm9yKGVycm5v KSk7CisgICAgICAgIGdfZXJyb3IoIkZhaWxlZCB0byBjcmVhdGUgdGVtcG9yYXJ5IGZpbGUgZm9y IHNlY2NvbXA6ICVzIiwgZXJyb3ItPm1lc3NhZ2UpOwogICAgIH0KIAotICAgIGlmIChzZWNjb21w X2V4cG9ydF9icGYoc2VjY29tcCwgdG1wZmQpKSB7CisgICAgaWYgKHNlY2NvbXBfZXhwb3J0X2Jw ZihzZWNjb21wLCB0bXBmZC52YWx1ZSgpKSkgewogICAgICAgICBzZWNjb21wX3JlbGVhc2Uoc2Vj Y29tcCk7Ci0gICAgICAgIGNsb3NlKHRtcGZkKTsKKyAgICAgICAgY2xvc2UodG1wZmQudmFsdWUo KSk7CiAgICAgICAgIGdfZXJyb3IoIkZhaWxlZCB0byBleHBvcnQgc2VjY29tcCBicGYiKTsKICAg ICB9CiAKLSAgICBpZiAobHNlZWsodG1wZmQsIDAsIFNFRUtfU0VUKSA8IDApCisgICAgaWYgKGxz ZWVrKHRtcGZkLnZhbHVlKCksIDAsIFNFRUtfU0VUKSA8IDApCiAgICAgICAgIGdfZXJyb3IoImxz ZWVrIGZhaWxlZDogJXMiLCBnX3N0cmVycm9yKGVycm5vKSk7CiAKICAgICBzZWNjb21wX3JlbGVh c2Uoc2VjY29tcCk7Ci0gICAgcmV0dXJuIHRtcGZkOworICAgIHJldHVybiB0bXBmZC52YWx1ZSgp OwogfQogCi1zdGF0aWMgaW50IGNyZWF0ZUZsYXRwYWtJbmZvKCkKK3N0YXRpYyBSZWZQdHI8U2hh cmVkTWVtb3J5PiBjcmVhdGVGbGF0cGFrSW5mbygpCiB7CiAgICAgR1VuaXF1ZVB0cjxHS2V5Rmls ZT4ga2V5RmlsZShnX2tleV9maWxlX25ldygpKTsKIApAQCAtNjY1LDcgKzYxNiw3IEBAIHN0YXRp YyBpbnQgY3JlYXRlRmxhdHBha0luZm8oKQogICAgIEdBcHBsaWNhdGlvbiogYXBwID0gZ19hcHBs aWNhdGlvbl9nZXRfZGVmYXVsdCgpOwogICAgIGlmICghYXBwKSB7CiAgICAgICAgIGdfd2Fybmlu ZygiR0FwcGxpY2F0aW9uIGlzIHJlcXVpcmVkIGZvciB4ZGctZGVza3RvcC1wb3J0YWwgYWNjZXNz IGluIHRoZSBXZWJLaXQgc2FuZGJveC4gQWN0aW9ucyB0aGF0IHJlcXVpcmUgeGRnLWRlc2t0b3At cG9ydGFsIHdpbGwgYmUgYnJva2VuLiIpOwotICAgICAgICByZXR1cm4gLTE7CisgICAgICAgIHJl dHVybiBudWxscHRyOwogICAgIH0KICAgICBnX2tleV9maWxlX3NldF9zdHJpbmcoa2V5RmlsZS5n ZXQoKSwgIkFwcGxpY2F0aW9uIiwgIm5hbWUiLCBnX2FwcGxpY2F0aW9uX2dldF9hcHBsaWNhdGlv bl9pZChhcHApKTsKIApAQCAtNjc0LDEwICs2MjUsMTAgQEAgc3RhdGljIGludCBjcmVhdGVGbGF0 cGFrSW5mbygpCiAgICAgR1VuaXF1ZVB0cjxjaGFyPiBkYXRhKGdfa2V5X2ZpbGVfdG9fZGF0YShr ZXlGaWxlLmdldCgpLCAmc2l6ZSwgJmVycm9yLm91dFB0cigpKSk7CiAgICAgaWYgKGVycm9yLmdl dCgpKSB7CiAgICAgICAgIGdfd2FybmluZygiJXMiLCBlcnJvci0+bWVzc2FnZSk7Ci0gICAgICAg IHJldHVybiAtMTsKKyAgICAgICAgcmV0dXJuIG51bGxwdHI7CiAgICAgfQogCi0gICAgcmV0dXJu IGNyZWF0ZVNlYWxlZE1lbUZkV2l0aERhdGEoImZsYXRwYWstaW5mbyIsIGRhdGEuZ2V0KCksIHNp emUpOworICAgIHJldHVybiBjcmVhdGVTaGFyZWRNZW1vcnlXaXRoRGF0YSgiZmxhdHBhay1pbmZv IiwgZGF0YS5nZXQoKSwgc2l6ZSk7CiB9CiAKIEdSZWZQdHI8R1N1YnByb2Nlc3M+IGJ1YmJsZXdy YXBTcGF3bihHU3VicHJvY2Vzc0xhdW5jaGVyKiBsYXVuY2hlciwgY29uc3QgUHJvY2Vzc0xhdW5j aGVyOjpMYXVuY2hPcHRpb25zJiBsYXVuY2hPcHRpb25zLCBjaGFyKiogYXJndiwgR0Vycm9yICoq ZXJyb3IpCkBAIC03NTIsMTAgKzcwMywxNCBAQCBHUmVmUHRyPEdTdWJwcm9jZXNzPiBidWJibGV3 cmFwU3Bhd24oR1N1YnByb2Nlc3NMYXVuY2hlciogbGF1bmNoZXIsIGNvbnN0IFByb2NlcwogICAg IC8vIGZ1bGwgcGVybWlzc2lvbnMgdW5sZXNzIGl0IGNhbiBpZGVudGlmeSB5b3UgYXMgYSBzbmFw IG9yIGZsYXRwYWsuCiAgICAgLy8gVGhlIGVhc2llc3QgbWV0aG9kIGlzIGZvciB1cyB0byBwcmV0 ZW5kIHRvIGJlIGEgZmxhdHBhayBhbmQgaWYgdGhhdAogICAgIC8vIGZhaWxzIGp1c3QgYmxvY2tp bmcgcG9ydGFscyBlbnRpcmVseSBhcyBpdCBqdXN0IGJlY29tZXMgYSBzYW5kYm94IGVzY2FwZS4K LSAgICBpbnQgZmxhdHBha0luZm9GZCA9IGNyZWF0ZUZsYXRwYWtJbmZvKCk7Ci0gICAgaWYgKGZs YXRwYWtJbmZvRmQgIT0gLTEpIHsKLSAgICAgICAgZ19zdWJwcm9jZXNzX2xhdW5jaGVyX3Rha2Vf ZmQobGF1bmNoZXIsIGZsYXRwYWtJbmZvRmQsIGZsYXRwYWtJbmZvRmQpOwotICAgICAgICBHVW5p cXVlUHRyPGNoYXI+IGZsYXRwYWtJbmZvRmRTdHIoZ19zdHJkdXBfcHJpbnRmKCIlZCIsIGZsYXRw YWtJbmZvRmQpKTsKKyAgICBhdXRvIGZsYXRwYWtJbmZvTWVtb3J5ID0gY3JlYXRlRmxhdHBha0lu Zm8oKTsKKyAgICBzdGQ6Om9wdGlvbmFsPGludD4gZmxhdHBha0luZm9GZDsKKyAgICBpZiAoZmxh dHBha0luZm9NZW1vcnkpIHsKKyAgICAgICAgU2hhcmVkTWVtb3J5OjpIYW5kbGUgaGFuZGxlOwor ICAgICAgICBmbGF0cGFrSW5mb01lbW9yeS0+Y3JlYXRlSGFuZGxlKGhhbmRsZSwgU2hhcmVkTWVt b3J5OjpQcm90ZWN0aW9uOjpSZWFkT25seSk7CisgICAgICAgIGZsYXRwYWtJbmZvRmQgPSBoYW5k bGUucmVsZWFzZUF0dGFjaG1lbnQoKS5yZWxlYXNlRmlsZURlc2NyaXB0b3IoKTsKKyAgICAgICAg Z19zdWJwcm9jZXNzX2xhdW5jaGVyX3Rha2VfZmQobGF1bmNoZXIsIGZsYXRwYWtJbmZvRmQudmFs dWUoKSwgZmxhdHBha0luZm9GZC52YWx1ZSgpKTsKKyAgICAgICAgR1VuaXF1ZVB0cjxjaGFyPiBm bGF0cGFrSW5mb0ZkU3RyKGdfc3RyZHVwX3ByaW50ZigiJWQiLCBmbGF0cGFrSW5mb0ZkLnZhbHVl KCkpKTsKIAogICAgICAgICBzYW5kYm94QXJncy5hcHBlbmRWZWN0b3IoVmVjdG9yPENTdHJpbmc+ KHsKICAgICAgICAgICAgICItLXJvLWJpbmQtZGF0YSIsIGZsYXRwYWtJbmZvRmRTdHIuZ2V0KCks ICIvLmZsYXRwYWstaW5mbyIKQEAgLTgxNCw3ICs3NjksNyBAQCBHUmVmUHRyPEdTdWJwcm9jZXNz PiBidWJibGV3cmFwU3Bhd24oR1N1YnByb2Nlc3NMYXVuY2hlciogbGF1bmNoZXIsIGNvbnN0IFBy b2NlcwogICAgICAgICAgICAgICAgIC8vIEdTdHJlYW1lcnMgcGx1Z2luIGluc3RhbGwgaGVscGVy LgogICAgICAgICAgICAgICAgICItLWNhbGw9b3JnLmZyZWVkZXNrdG9wLlBhY2thZ2VLaXQ9b3Jn LmZyZWVkZXNrdG9wLlBhY2thZ2VLaXQuTW9kaWZ5Mi5JbnN0YWxsR1N0cmVhbWVyUmVzb3VyY2Vz QC9vcmcvZnJlZWRlc2t0b3AvUGFja2FnZUtpdCIKICAgICAgICAgICAgIH07Ci0gICAgICAgICAg ICBpZiAoZmxhdHBha0luZm9GZCAhPSAtMSkgeworICAgICAgICAgICAgaWYgKGZsYXRwYWtJbmZv RmQpIHsKICAgICAgICAgICAgICAgICAvLyB4ZGctZGVza3RvcC1wb3J0YWwgdXNlZCBieSBHVEsg YW5kIHVzLgogICAgICAgICAgICAgICAgIHBlcm1pc3Npb25zLmFwcGVuZCgiLS10YWxrPW9yZy5m cmVlZGVza3RvcC5wb3J0YWwuRGVza3RvcCIpOwogICAgICAgICAgICAgfQpAQCAtODQ2LDcgKzgw MSwxMCBAQCBHUmVmUHRyPEdTdWJwcm9jZXNzPiBidWJibGV3cmFwU3Bhd24oR1N1YnByb2Nlc3NM YXVuY2hlciogbGF1bmNoZXIsIGNvbnN0IFByb2NlcwogICAgIGdfc3VicHJvY2Vzc19sYXVuY2hl cl90YWtlX2ZkKGxhdW5jaGVyLCBzZWNjb21wRmQsIHNlY2NvbXBGZCk7CiAgICAgc2FuZGJveEFy Z3MuYXBwZW5kVmVjdG9yKFZlY3RvcjxDU3RyaW5nPih7ICItLXNlY2NvbXAiLCBmZFN0ci5nZXQo KSB9KSk7CiAKLSAgICBpbnQgYndyYXBGZCA9IGFyZ3NUb0ZkKHNhbmRib3hBcmdzLCAiYndyYXAi KTsKKyAgICBhdXRvIGJ3cmFwTWVtb3J5ID0gYXJnc1RvRmQoc2FuZGJveEFyZ3MsICJid3JhcCIp OworICAgIFNoYXJlZE1lbW9yeTo6SGFuZGxlIGhhbmRsZTsKKyAgICBid3JhcE1lbW9yeS0+Y3Jl YXRlSGFuZGxlKGhhbmRsZSwgU2hhcmVkTWVtb3J5OjpQcm90ZWN0aW9uOjpSZWFkT25seSk7Cisg ICAgaW50IGJ3cmFwRmQgPSBoYW5kbGUucmVsZWFzZUF0dGFjaG1lbnQoKS5yZWxlYXNlRmlsZURl c2NyaXB0b3IoKTsKICAgICBHVW5pcXVlUHRyPGNoYXI+IGJ3cmFwRmRTdHIoZ19zdHJkdXBfcHJp bnRmKCIlZCIsIGJ3cmFwRmQpKTsKICAgICBnX3N1YnByb2Nlc3NfbGF1bmNoZXJfdGFrZV9mZChs YXVuY2hlciwgYndyYXBGZCwgYndyYXBGZCk7CiAK