Date: Mon, 4 Aug 2014 16:36:47 -0400 From: Scott Moore <sdmoore@fas.harvard.edu> To: freebsd-arch@freebsd.org Subject: New hooks for MAC framework? Message-ID: <CANCm3%2BKNPhEvPM-OspO78qS2_OaxgT369yBXRvz%2B5bCvBWPSTA@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
--001a11332c8ea872e904ffd3b22b Content-Type: text/plain; charset=UTF-8 Hi all, Recently, I've been working on a capability-based shell scripting language. The purpose of the language is to give script writers and consumers fine-grained control over what resources (files, sockets, etc) a script can access. As part of this project, we have developed a new capability-based sandbox that extends the security guarantees provided by the language to arbitrary executables. The sandbox is implemented as a policy module for the FreeBSD MAC framework. To get this to work, we needed to make a few changes to the MAC framework itself. In particular, we needed to add two new hooks: mac_vnode_post_lookup and mac_vnode_post_create. The first hook, mac_vnode_post_lookup, is inside the namei loop and provides the policy module with the vnodes and labels of both the parent node and the child, along with the componentname that was just resolved. The second hook, mac_vnode_post_create follows the various operations that invoke mac_vnode_check_create and also provides the parent and child vnodes along with the componentname. We need these hooks because our policy module simulates capability enforcement by propagating derived capabilities as files and directories are accessed or created. Our initial performance analysis indicates that these hooks introduce relatively little overhead, but we're working on more detailed benchmarks. I am curious if anyone else has implemented similar functionality for a different project or thinks that these could be useful changes to push upstream. I've attached the patch from our prototype to this email. Of course, it needs more substantial testing and additional changes to integrate it correctly with other subsystems like audit. On a related note, I'd also like to suggest a possible change to the interaction between the MAC and DAC enforcement mechanisms in the filesystem. Currently, vn_setlabel checks with the filesystem DAC before allowing a label change (by invoking VOP_ACCESS with VADMIN). For our particular use of the MAC framework this isn't ideal since our labels only restrict the current process, and this check requires the process creating the sandbox to have more privileges than it needs. It would be nice if our policy could use the privilege mechanism to overrule the DAC check in this function. I haven't worked on a patch to do this yet. Thanks, Scott --001a11332c8ea872e904ffd3b22b Content-Type: application/octet-stream; name="hooks.patch" Content-Disposition: attachment; filename="hooks.patch" Content-Transfer-Encoding: base64 X-Attachment-Id: f_hyg9crzb0 RnJvbSAyNzY5YTBhMGZmNDRjYzA2MTM2ZjlhMWRiYjRkYzhhNzQwMWRmY2QwIE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpGcm9tOiBTY290dCBNb29yZSA8c2Rtb29yZUBmYXMuaGFydmFyZC5lZHU+ CkRhdGU6IFRodSwgMTYgSmFuIDIwMTQgMTc6MzE6NDAgLTA1MDAKU3ViamVjdDogW1BBVENIIDEv MV0gQWRkIG1hY19wb2xpY3kgaG9va3MgYWZ0ZXIgbG9va3VwIGFuZCBjcmVhdGUgb3BlcmF0aW9u cwoKLS0tCiBzeXMvY29tcGF0L2xpbnV4L2xpbnV4X2dldGN3ZC5jICB8ICA1ICsrKysrCiBzeXMv a2Vybi91aXBjX3VzcnJlcS5jICAgICAgICAgICB8ICAzICsrKwogc3lzL2tlcm4vdmZzX2xvb2t1 cC5jICAgICAgICAgICAgfCAgOCArKysrKysrKwogc3lzL2tlcm4vdmZzX3N5c2NhbGxzLmMgICAg ICAgICAgfCAzMSArKysrKysrKysrKysrKysrKysrKysrKysrKysrLS0tCiBzeXMva2Vybi92ZnNf dm5vcHMuYyAgICAgICAgICAgICB8ICA0ICsrKysKIHN5cy9zZWN1cml0eS9tYWMvbWFjX2ZyYW1l d29yay5oIHwgIDUgKysrKysKIHN5cy9zZWN1cml0eS9tYWMvbWFjX3BvbGljeS5oICAgIHwgMTAg KysrKysrKysrKwogc3lzL3NlY3VyaXR5L21hYy9tYWNfdmZzLmMgICAgICAgfCAzOSArKysrKysr KysrKysrKysrKysrKysrKysrKysrLS0tLS0tLS0tLS0KIDggZmlsZXMgY2hhbmdlZCwgOTEgaW5z ZXJ0aW9ucygrKSwgMTQgZGVsZXRpb25zKC0pCgpkaWZmIC0tZ2l0IGEvc3lzL2NvbXBhdC9saW51 eC9saW51eF9nZXRjd2QuYyBiL3N5cy9jb21wYXQvbGludXgvbGludXhfZ2V0Y3dkLmMKaW5kZXgg Y2FkNWEyMi4uYjE1YWViMCAxMDA2NDQKLS0tIGEvc3lzL2NvbXBhdC9saW51eC9saW51eF9nZXRj d2QuYworKysgYi9zeXMvY29tcGF0L2xpbnV4L2xpbnV4X2dldGN3ZC5jCkBAIC0xNjYsNiArMTY2 LDExIEBAIGxpbnV4X2dldGN3ZF9zY2FuZGlyKGx2cHAsIHV2cHAsIGJwcCwgYnVmcCwgdGQpCiAJ aWYgKGVycm9yID09IDApCiAjZW5kaWYKIAkJZXJyb3IgPSBWT1BfTE9PS1VQKGx2cCwgdXZwcCwg JmNuKTsKKyNpZmRlZiBNQUMKKwlpZiAoIWVycm9yKSB7CisJICBtYWNfdm5vZGVfcG9zdF9sb29r dXAodGQtPnRkX3VjcmVkLCBsdnAsICZjbiwgKnV2cHApOworCX0KKyNlbmRpZiAvKiBNQUMgKi8K IAlpZiAoZXJyb3IpIHsKIAkJdnB1dChsdnApOwogCQkqbHZwcCA9IE5VTEw7CmRpZmYgLS1naXQg YS9zeXMva2Vybi91aXBjX3VzcnJlcS5jIGIvc3lzL2tlcm4vdWlwY191c3JyZXEuYwppbmRleCA2 OWNlNGY4Li40MDI0ODlkIDEwMDY0NAotLS0gYS9zeXMva2Vybi91aXBjX3VzcnJlcS5jCisrKyBi L3N5cy9rZXJuL3VpcGNfdXNycmVxLmMKQEAgLTUzNyw2ICs1MzcsOSBAQCByZXN0YXJ0OgogCQl2 bl9maW5pc2hlZF93cml0ZShtcCk7CiAJCWdvdG8gZXJyb3I7CiAJfQorI2lmZGVmIE1BQworCW1h Y192bm9kZV9wb3N0X2NyZWF0ZSh0ZC0+dGRfdWNyZWQsIG5kLm5pX2R2cCwgbmQubmlfdnAsICZu ZC5uaV9jbmQsICZ2YXR0cik7CisjZW5kaWYKIAl2cCA9IG5kLm5pX3ZwOwogCUFTU0VSVF9WT1Bf RUxPQ0tFRCh2cCwgInVpcGNfYmluZCIpOwogCXNvdW4gPSAoc3RydWN0IHNvY2thZGRyX3VuICop c29kdXBzb2NrYWRkcihuYW0sIE1fV0FJVE9LKTsKZGlmZiAtLWdpdCBhL3N5cy9rZXJuL3Zmc19s b29rdXAuYyBiL3N5cy9rZXJuL3Zmc19sb29rdXAuYwppbmRleCA3N2RlYTgxLi42NjFhYjBmIDEw MDY0NAotLS0gYS9zeXMva2Vybi92ZnNfbG9va3VwLmMKKysrIGIvc3lzL2tlcm4vdmZzX2xvb2t1 cC5jCkBAIC03ODQsNiArNzg0LDE0IEBAIHVuaW9ubG9va3VwOgogCQlnb3RvIHN1Y2Nlc3M7CiAJ fSBlbHNlCiAJCWNucC0+Y25fbGtmbGFncyA9IGxrZmxhZ3Nfc2F2ZTsKKworI2lmZGVmIE1BQwor CWlmICgoY25wLT5jbl9mbGFncyAmIE5PTUFDQ0hFQ0spID09IDApIHsKKwkJbWFjX3Zub2RlX3Bv c3RfbG9va3VwKGNucC0+Y25fdGhyZWFkLT50ZF91Y3JlZCwgZHAsCisJCQkJICAgICAgY25wLCBu ZHAtPm5pX3ZwKTsKKwl9CisjZW5kaWYKKwogI2lmZGVmIE5BTUVJX0RJQUdOT1NUSUMKIAlwcmlu dGYoImZvdW5kXG4iKTsKICNlbmRpZgpkaWZmIC0tZ2l0IGEvc3lzL2tlcm4vdmZzX3N5c2NhbGxz LmMgYi9zeXMva2Vybi92ZnNfc3lzY2FsbHMuYwppbmRleCBjNjU5OTk4Li5mZWVmODViIDEwMDY0 NAotLS0gYS9zeXMva2Vybi92ZnNfc3lzY2FsbHMuYworKysgYi9zeXMva2Vybi92ZnNfc3lzY2Fs bHMuYwpAQCAtMTQxOCw4ICsxNDE4LDE0IEBAIHJlc3RhcnQ6CiAJCWVsc2UgewogCQkJZXJyb3Ig PSBWT1BfTUtOT0QobmQubmlfZHZwLCAmbmQubmlfdnAsCiAJCQkJCQkmbmQubmlfY25kLCAmdmF0 dHIpOwotCQkJaWYgKGVycm9yID09IDApCisJCQlpZiAoZXJyb3IgPT0gMCkgewogCQkJCXZwdXQo bmQubmlfdnApOworI2lmZGVmIE1BQworCQkJCW1hY192bm9kZV9wb3N0X2NyZWF0ZSh0ZC0+dGRf dWNyZWQsCisJCQkJCQkgICAgICBuZC5uaV9kdnAsIG5kLm5pX3ZwLAorCQkJCQkJICAgICAgJm5k Lm5pX2NuZCwgJnZhdHRyKTsKKyNlbmRpZgorCQkJfQogCQl9CiAJfQogCU5ERlJFRSgmbmQsIE5E Rl9PTkxZX1BOQlVGKTsKQEAgLTE1MTgsOSArMTUyNCwxNSBAQCByZXN0YXJ0OgogCQlnb3RvIG91 dDsKICNlbmRpZgogCWVycm9yID0gVk9QX01LTk9EKG5kLm5pX2R2cCwgJm5kLm5pX3ZwLCAmbmQu bmlfY25kLCAmdmF0dHIpOwotCWlmIChlcnJvciA9PSAwKQorCWlmIChlcnJvciA9PSAwKSB7CiAJ CXZwdXQobmQubmlfdnApOwogI2lmZGVmIE1BQworCQltYWNfdm5vZGVfcG9zdF9jcmVhdGUodGQt PnRkX3VjcmVkLAorCQkJCSAgICAgIG5kLm5pX2R2cCwgbmQubmlfdnAsCisJCQkJICAgICAgJm5k Lm5pX2NuZCwgJnZhdHRyKTsKKyNlbmRpZgorCX0KKyNpZmRlZiBNQUMKIG91dDoKICNlbmRpZgog CXZwdXQobmQubmlfZHZwKTsKQEAgLTE3ODAsOSArMTc5MiwxNSBAQCByZXN0YXJ0OgogCQlnb3Rv IG91dDI7CiAjZW5kaWYKIAllcnJvciA9IFZPUF9TWU1MSU5LKG5kLm5pX2R2cCwgJm5kLm5pX3Zw LCAmbmQubmlfY25kLCAmdmF0dHIsIHN5c3BhdGgpOwotCWlmIChlcnJvciA9PSAwKQorCWlmIChl cnJvciA9PSAwKSB7CiAJCXZwdXQobmQubmlfdnApOwogI2lmZGVmIE1BQworCQltYWNfdm5vZGVf cG9zdF9jcmVhdGUodGQtPnRkX3VjcmVkLAorCQkJCSAgICAgIG5kLm5pX2R2cCwgbmQubmlfdnAs CisJCQkJICAgICAgJm5kLm5pX2NuZCwgJnZhdHRyKTsKKyNlbmRpZgorCX0KKyNpZmRlZiBNQUMK IG91dDI6CiAjZW5kaWYKIAlOREZSRUUoJm5kLCBOREZfT05MWV9QTkJVRik7CkBAIC0zODU4LDYg KzM4NzYsMTMgQEAgcmVzdGFydDoKICNlbmRpZgogCWVycm9yID0gVk9QX01LRElSKG5kLm5pX2R2 cCwgJm5kLm5pX3ZwLCAmbmQubmlfY25kLCAmdmF0dHIpOwogI2lmZGVmIE1BQworCWlmIChlcnJv ciA9PSAwKSB7CisJCW1hY192bm9kZV9wb3N0X2NyZWF0ZSh0ZC0+dGRfdWNyZWQsCisJCQkJICAg ICAgbmQubmlfZHZwLCBuZC5uaV92cCwKKwkJCQkgICAgICAmbmQubmlfY25kLCAmdmF0dHIpOwor CX0KKyNlbmRpZgorI2lmZGVmIE1BQwogb3V0OgogI2VuZGlmCiAJTkRGUkVFKCZuZCwgTkRGX09O TFlfUE5CVUYpOwpkaWZmIC0tZ2l0IGEvc3lzL2tlcm4vdmZzX3Zub3BzLmMgYi9zeXMva2Vybi92 ZnNfdm5vcHMuYwppbmRleCAzZWQ5ZDFmLi4wZjU4NGJiIDEwMDY0NAotLS0gYS9zeXMva2Vybi92 ZnNfdm5vcHMuYworKysgYi9zeXMva2Vybi92ZnNfdm5vcHMuYwpAQCAtMTgwLDYgKzE4MCwxMCBA QCByZXN0YXJ0OgogCQkJCU5ERlJFRShuZHAsIE5ERl9PTkxZX1BOQlVGKTsKIAkJCQlyZXR1cm4g KGVycm9yKTsKIAkJCX0KKyNpZmRlZiBNQUMKKwkJICAgICAgICBtYWNfdm5vZGVfcG9zdF9jcmVh dGUoY3JlZCwgbmRwLT5uaV9kdnAsIG5kcC0+bmlfdnAsCisJCQkJCSAgICAgICZuZHAtPm5pX2Nu ZCwgdmFwKTsKKyNlbmRpZgogCQkJZm1vZGUgJj0gfk9fVFJVTkM7CiAJCQl2cCA9IG5kcC0+bmlf dnA7CiAJCX0gZWxzZSB7CmRpZmYgLS1naXQgYS9zeXMvc2VjdXJpdHkvbWFjL21hY19mcmFtZXdv cmsuaCBiL3N5cy9zZWN1cml0eS9tYWMvbWFjX2ZyYW1ld29yay5oCmluZGV4IDkyYWVkZWEuLjU2 YmMxNDEgMTAwNjQ0Ci0tLSBhL3N5cy9zZWN1cml0eS9tYWMvbWFjX2ZyYW1ld29yay5oCisrKyBi L3N5cy9zZWN1cml0eS9tYWMvbWFjX2ZyYW1ld29yay5oCkBAIC0zNzcsNiArMzc3LDkgQEAgaW50 CW1hY192bm9kZV9jaGVja19jaGRpcihzdHJ1Y3QgdWNyZWQgKmNyZWQsIHN0cnVjdCB2bm9kZSAq ZHZwKTsKIGludAltYWNfdm5vZGVfY2hlY2tfY2hyb290KHN0cnVjdCB1Y3JlZCAqY3JlZCwgc3Ry dWN0IHZub2RlICpkdnApOwogaW50CW1hY192bm9kZV9jaGVja19jcmVhdGUoc3RydWN0IHVjcmVk ICpjcmVkLCBzdHJ1Y3Qgdm5vZGUgKmR2cCwKIAkgICAgc3RydWN0IGNvbXBvbmVudG5hbWUgKmNu cCwgc3RydWN0IHZhdHRyICp2YXApOwordm9pZAltYWNfdm5vZGVfcG9zdF9jcmVhdGUoc3RydWN0 IHVjcmVkICpjcmVkLCBzdHJ1Y3Qgdm5vZGUgKmR2cCwKKwkJCSAgICAgIHN0cnVjdCB2bm9kZSAq dnAsIHN0cnVjdCBjb21wb25lbnRuYW1lICpjbnAsCisJCQkgICAgICBzdHJ1Y3QgdmF0dHIgKnZh cCk7CiBpbnQJbWFjX3Zub2RlX2NoZWNrX2RlbGV0ZWFjbChzdHJ1Y3QgdWNyZWQgKmNyZWQsIHN0 cnVjdCB2bm9kZSAqdnAsCiAJICAgIGFjbF90eXBlX3QgdHlwZSk7CiBpbnQJbWFjX3Zub2RlX2No ZWNrX2RlbGV0ZWV4dGF0dHIoc3RydWN0IHVjcmVkICpjcmVkLCBzdHJ1Y3Qgdm5vZGUgKnZwLApA QCAtMzkzLDYgKzM5Niw4IEBAIGludAltYWNfdm5vZGVfY2hlY2tfbGlzdGV4dGF0dHIoc3RydWN0 IHVjcmVkICpjcmVkLCBzdHJ1Y3Qgdm5vZGUgKnZwLAogCSAgICBpbnQgYXR0cm5hbWVzcGFjZSk7 CiBpbnQJbWFjX3Zub2RlX2NoZWNrX2xvb2t1cChzdHJ1Y3QgdWNyZWQgKmNyZWQsIHN0cnVjdCB2 bm9kZSAqZHZwLAogIAkgICAgc3RydWN0IGNvbXBvbmVudG5hbWUgKmNucCk7Cit2b2lkCW1hY192 bm9kZV9wb3N0X2xvb2t1cChzdHJ1Y3QgdWNyZWQgKmNyZWQsIHN0cnVjdCB2bm9kZSAqZHZwLAor IAkgICAgc3RydWN0IGNvbXBvbmVudG5hbWUgKmNucCwgc3RydWN0IHZub2RlICp2cCk7CiBpbnQJ bWFjX3Zub2RlX2NoZWNrX21tYXAoc3RydWN0IHVjcmVkICpjcmVkLCBzdHJ1Y3Qgdm5vZGUgKnZw LCBpbnQgcHJvdCwKIAkgICAgaW50IGZsYWdzKTsKIGludAltYWNfdm5vZGVfY2hlY2tfbXByb3Rl Y3Qoc3RydWN0IHVjcmVkICpjcmVkLCBzdHJ1Y3Qgdm5vZGUgKnZwLApkaWZmIC0tZ2l0IGEvc3lz L3NlY3VyaXR5L21hYy9tYWNfcG9saWN5LmggYi9zeXMvc2VjdXJpdHkvbWFjL21hY19wb2xpY3ku aAppbmRleCAwOTBkYzQwLi42ZGRjNzRlIDEwMDY0NAotLS0gYS9zeXMvc2VjdXJpdHkvbWFjL21h Y19wb2xpY3kuaAorKysgYi9zeXMvc2VjdXJpdHkvbWFjL21hY19wb2xpY3kuaApAQCAtNTU3LDYg KzU1NywxMCBAQCB0eXBlZGVmIGludAkoKm1wb192bm9kZV9jaGVja19jaHJvb3RfdCkoc3RydWN0 IHVjcmVkICpjcmVkLAogdHlwZWRlZiBpbnQJKCptcG9fdm5vZGVfY2hlY2tfY3JlYXRlX3QpKHN0 cnVjdCB1Y3JlZCAqY3JlZCwKIAkJICAgIHN0cnVjdCB2bm9kZSAqZHZwLCBzdHJ1Y3QgbGFiZWwg KmR2cGxhYmVsLAogCQkgICAgc3RydWN0IGNvbXBvbmVudG5hbWUgKmNucCwgc3RydWN0IHZhdHRy ICp2YXApOwordHlwZWRlZiB2b2lkICAgICgqbXBvX3Zub2RlX3Bvc3RfY3JlYXRlX3QpKHN0cnVj dCB1Y3JlZCAqY3JlZCwKKwkJICAgIHN0cnVjdCB2bm9kZSAqZHZwLCBzdHJ1Y3QgbGFiZWwgKmR2 cGxhYmVsLAorCQkgICAgc3RydWN0IHZub2RlICp2cCwgc3RydWN0IGxhYmVsICp2cGxhYmVsLAor CQkgICAgc3RydWN0IGNvbXBvbmVudG5hbWUgKmNucCwgc3RydWN0IHZhdHRyICp2YXApOwogdHlw ZWRlZiBpbnQJKCptcG9fdm5vZGVfY2hlY2tfZGVsZXRlYWNsX3QpKHN0cnVjdCB1Y3JlZCAqY3Jl ZCwKIAkJICAgIHN0cnVjdCB2bm9kZSAqdnAsIHN0cnVjdCBsYWJlbCAqdnBsYWJlbCwKIAkJICAg IGFjbF90eXBlX3QgdHlwZSk7CkBAIC01ODIsNiArNTg2LDEwIEBAIHR5cGVkZWYgaW50CSgqbXBv X3Zub2RlX2NoZWNrX2xpc3RleHRhdHRyX3QpKHN0cnVjdCB1Y3JlZCAqY3JlZCwKIHR5cGVkZWYg aW50CSgqbXBvX3Zub2RlX2NoZWNrX2xvb2t1cF90KShzdHJ1Y3QgdWNyZWQgKmNyZWQsCiAJCSAg ICBzdHJ1Y3Qgdm5vZGUgKmR2cCwgc3RydWN0IGxhYmVsICpkdnBsYWJlbCwKIAkJICAgIHN0cnVj dCBjb21wb25lbnRuYW1lICpjbnApOwordHlwZWRlZiB2b2lkCSgqbXBvX3Zub2RlX3Bvc3RfbG9v a3VwX3QpKHN0cnVjdCB1Y3JlZCAqY3JlZCwKKwkJICAgIHN0cnVjdCB2bm9kZSAqZHZwLCBzdHJ1 Y3QgbGFiZWwgKmR2cGxhYmVsLAorCQkgICAgc3RydWN0IGNvbXBvbmVudG5hbWUgKmNucCwgc3Ry dWN0IHZub2RlICp2cCwKKwkJICAgIHN0cnVjdCBsYWJlbCAqdnBsYWJlbCk7CiB0eXBlZGVmIGlu dAkoKm1wb192bm9kZV9jaGVja19tbWFwX3QpKHN0cnVjdCB1Y3JlZCAqY3JlZCwKIAkJICAgIHN0 cnVjdCB2bm9kZSAqdnAsIHN0cnVjdCBsYWJlbCAqbGFiZWwsIGludCBwcm90LAogCQkgICAgaW50 IGZsYWdzKTsKQEAgLTkxOSw2ICs5MjcsNyBAQCBzdHJ1Y3QgbWFjX3BvbGljeV9vcHMgewogCW1w b192bm9kZV9jaGVja19jaGRpcl90CQkJbXBvX3Zub2RlX2NoZWNrX2NoZGlyOwogCW1wb192bm9k ZV9jaGVja19jaHJvb3RfdAkJbXBvX3Zub2RlX2NoZWNrX2Nocm9vdDsKIAltcG9fdm5vZGVfY2hl Y2tfY3JlYXRlX3QJCW1wb192bm9kZV9jaGVja19jcmVhdGU7CisJbXBvX3Zub2RlX3Bvc3RfY3Jl YXRlX3QJCQltcG9fdm5vZGVfcG9zdF9jcmVhdGU7CiAJbXBvX3Zub2RlX2NoZWNrX2RlbGV0ZWFj bF90CQltcG9fdm5vZGVfY2hlY2tfZGVsZXRlYWNsOwogCW1wb192bm9kZV9jaGVja19kZWxldGVl eHRhdHRyX3QJCW1wb192bm9kZV9jaGVja19kZWxldGVleHRhdHRyOwogCW1wb192bm9kZV9jaGVj a19leGVjX3QJCQltcG9fdm5vZGVfY2hlY2tfZXhlYzsKQEAgLTkyNyw2ICs5MzYsNyBAQCBzdHJ1 Y3QgbWFjX3BvbGljeV9vcHMgewogCW1wb192bm9kZV9jaGVja19saW5rX3QJCQltcG9fdm5vZGVf Y2hlY2tfbGluazsKIAltcG9fdm5vZGVfY2hlY2tfbGlzdGV4dGF0dHJfdAkJbXBvX3Zub2RlX2No ZWNrX2xpc3RleHRhdHRyOwogCW1wb192bm9kZV9jaGVja19sb29rdXBfdAkJbXBvX3Zub2RlX2No ZWNrX2xvb2t1cDsKKwltcG9fdm5vZGVfcG9zdF9sb29rdXBfdAkJCW1wb192bm9kZV9wb3N0X2xv b2t1cDsKIAltcG9fdm5vZGVfY2hlY2tfbW1hcF90CQkJbXBvX3Zub2RlX2NoZWNrX21tYXA7CiAJ bXBvX3Zub2RlX2NoZWNrX21tYXBfZG93bmdyYWRlX3QJbXBvX3Zub2RlX2NoZWNrX21tYXBfZG93 bmdyYWRlOwogCW1wb192bm9kZV9jaGVja19tcHJvdGVjdF90CQltcG9fdm5vZGVfY2hlY2tfbXBy b3RlY3Q7CmRpZmYgLS1naXQgYS9zeXMvc2VjdXJpdHkvbWFjL21hY192ZnMuYyBiL3N5cy9zZWN1 cml0eS9tYWMvbWFjX3Zmcy5jCmluZGV4IGM0ZjMwNWIuLmY3YzQxYmQgMTAwNjQ0Ci0tLSBhL3N5 cy9zZWN1cml0eS9tYWMvbWFjX3Zmcy5jCisrKyBiL3N5cy9zZWN1cml0eS9tYWMvbWFjX3Zmcy5j CkBAIC00MzUsNiArNDM1LDIxIEBAIG1hY192bm9kZV9jaGVja19jcmVhdGUoc3RydWN0IHVjcmVk ICpjcmVkLCBzdHJ1Y3Qgdm5vZGUgKmR2cCwKIAlyZXR1cm4gKGVycm9yKTsKIH0KIAordm9pZAor bWFjX3Zub2RlX3Bvc3RfY3JlYXRlKHN0cnVjdCB1Y3JlZCAqY3JlZCwgc3RydWN0IHZub2RlICpk dnAsIHN0cnVjdCB2bm9kZSAqdnAsCisgICAgc3RydWN0IGNvbXBvbmVudG5hbWUgKmNucCwgc3Ry dWN0IHZhdHRyICp2YXApCit7CisJQVNTRVJUX1ZPUF9MT0NLRUQoZHZwLCAibWFjX3Zub2RlX3Bv c3RfY3JlYXRlIik7CisJQVNTRVJUX1ZPUF9MT0NLRUQodnAsICJtYWNfdm5vZGVfcG9zdF9jcmVh dGUiKTsKKworCU1BQ19QT0xJQ1lfUEVSRk9STSh2bm9kZV9wb3N0X2NyZWF0ZSwgY3JlZCwKKwkJ CSAgIGR2cCwgZHZwLT52X2xhYmVsLAorCQkJICAgdnAsIHZwLT52X2xhYmVsLAorCQkJICAgY25w LCB2YXApOworCisJcmV0dXJuOworfQorCiBNQUNfQ0hFQ0tfUFJPQkVfREVGSU5FMyh2bm9kZV9j aGVja19kZWxldGVhY2wsICJzdHJ1Y3QgdWNyZWQgKiIsCiAgICAgInN0cnVjdCB2bm9kZSAqIiwg ImFjbF90eXBlX3QiKTsKIApAQCAtNTc5LDUgKzU5NCwxOCBAQCBtYWNfdm5vZGVfY2hlY2tfbG9v a3VwKHN0cnVjdCB1Y3JlZCAqY3JlZCwgc3RydWN0IHZub2RlICpkdnAsCiAJcmV0dXJuIChlcnJv cik7CiB9CiAKK3ZvaWQKK21hY192bm9kZV9wb3N0X2xvb2t1cChzdHJ1Y3QgdWNyZWQgKmNyZWQs IHN0cnVjdCB2bm9kZSAqZHZwLAorCQkgICAgICBzdHJ1Y3QgY29tcG9uZW50bmFtZSAqY25wLCBz dHJ1Y3Qgdm5vZGUgKnZwKQoreworCUFTU0VSVF9WT1BfTE9DS0VEKGR2cCwgIm1hY192bm9kZV9w b3N0X2xvb2t1cCIpOworCUFTU0VSVF9WT1BfTE9DS0VEKHZwLCAibWFjX3Zub2RlX3Bvc3RfbG9v a3VwIik7CisKKwlNQUNfUE9MSUNZX1BFUkZPUk0odm5vZGVfcG9zdF9sb29rdXAsIGNyZWQsIGR2 cCwgZHZwLT52X2xhYmVsLCBjbnAsCisJCQkgICB2cCwgdnAtPnZfbGFiZWwpOworCisJcmV0dXJu OworfQorCiBNQUNfQ0hFQ0tfUFJPQkVfREVGSU5FNCh2bm9kZV9jaGVja19tbWFwLCAic3RydWN0 IHVjcmVkICoiLCAic3RydWN0IHZub2RlICoiLAogICAgICJpbnQiLCAiaW50Iik7Cg== --001a11332c8ea872e904ffd3b22b--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CANCm3%2BKNPhEvPM-OspO78qS2_OaxgT369yBXRvz%2B5bCvBWPSTA>