From mboxrd@z Thu Jan 1 00:00:00 1970 From: Greg KH Subject: Re: usb HC busted? Date: Tue, 17 Jul 2018 14:04:11 +0200 Message-ID: <20180717120411.GB28592@kroah.com> References: <42ec4ab07d96b4302b875ac9c5eb76675bf85690.camel@linux.intel.com> <20180606164524.n4vb7xre6rykzxih@debian> <2e8829c2-850d-6bca-5f0c-58a809dc9499@linux.intel.com> <20180621005332.5uy74tkjoel6w4xy@debian> <2b4fe87a-3706-0aa8-2b61-a9c1d1352a7a@linux.intel.com> <20180625161500.dbyxd4b434jh5jhj@debian> <20180627115948.ww534mkoovkt3uwb@debian> <4b269009-7593-a41f-9f0f-203ee174b52e@linux.intel.com> <20180630210704.vzkt2poh5qr3hpff@debian> <20180717114104.irgdb5rmg2qxclgp@debian> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: Content-Disposition: inline In-Reply-To: <20180717114104.irgdb5rmg2qxclgp@debian> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: iommu-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org Errors-To: iommu-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org To: Sudip Mukherjee Cc: Mathias Nyman , Mathias Nyman , linux-usb-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, iommu-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org, Christoph Hellwig , Andy Shevchenko , Andy Shevchenko , lukaszx.szulc-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org List-Id: iommu@lists.linux-foundation.org On Tue, Jul 17, 2018 at 12:41:04PM +0100, Sudip Mukherjee wrote: > Hi Mathias, > > On Sat, Jun 30, 2018 at 10:07:04PM +0100, Sudip Mukherjee wrote: > > Hi Mathias, > > > > On Fri, Jun 29, 2018 at 02:41:13PM +0300, Mathias Nyman wrote: > > > On 27.06.2018 14:59, Sudip Mukherjee wrote: > > > > > > Can you share a bit more details on the platform you are using, and what types of test you are running. > > > > > > > > Then to track what is going on, I added the slub debugging and :( > > I have attached part of dmesg for you to check. > > Will appreciate your help in finding out the problem. > > I did some more debugging. Tested with a KASAN enabled kernel and that > shows the problem. The report is attached. > > To my understanding: > > btusb_work() is calling usb_set_interface() with alternate = 0. which > again calls usb_hcd_alloc_bandwidth() and that frees the rings by > xhci_free_endpoint_ring(). But then usb_set_interface() continues and > calls usb_disable_interface() -> usb_hcd_flush_endpoint()->unlink1()-> > xhci_urb_dequeue() which at the end gives the command to stop endpoint. > > In all the cycles I have tested I see that only in the fail case > handle_cmd_completion() gets called, but in the cycles where the error > is not there handle_cmd_completion() is not called with that command. > > I am not sure what is happening, and you are the best person to understand > what is happening. :) > > But for now (untill you are back from holiday and suggest a proper solution), > I made a hacky patch (attached) which is working and I donot get any > corruption after that. Both KASAN and slub debug are also happy. > > So, now waiting for you to analyze what is going on and suggest a proper > fix. > > Thanks in advance. > > -- > Regards > Sudip > [ 236.814156] ================================================================== > [ 236.814187] BUG: KASAN: use-after-free in xhci_trb_virt_to_dma+0x2e/0x74 [xhci_hcd] > [ 236.814193] Read of size 8 at addr ffff8800789329c8 by task weston/138 > > [ 236.814203] CPU: 0 PID: 138 Comm: weston Tainted: G U W O 4.14.47-20180606+ #7 > [ 236.814206] Hardware name: xxx, BIOS 2017.01-00087-g43e04de 08/30/2017 > [ 236.814209] Call Trace: > [ 236.814214] > [ 236.814226] dump_stack+0x46/0x59 > [ 236.814238] print_address_description+0x6b/0x23b > [ 236.814255] ? xhci_trb_virt_to_dma+0x2e/0x74 [xhci_hcd] > [ 236.814262] kasan_report+0x220/0x246 > [ 236.814278] xhci_trb_virt_to_dma+0x2e/0x74 [xhci_hcd] > [ 236.814294] trb_in_td+0x3b/0x1cd [xhci_hcd] > [ 236.814311] handle_cmd_completion+0x1181/0x2c9b [xhci_hcd] > [ 236.814329] ? xhci_queue_new_dequeue_state+0x5d9/0x5d9 [xhci_hcd] > [ 236.814337] ? drm_handle_vblank+0x4ec/0x590 > [ 236.814352] xhci_irq+0x529/0x3294 [xhci_hcd] > [ 236.814362] ? __accumulate_pelt_segments+0x24/0x33 > [ 236.814378] ? finish_td.isra.40+0x223/0x223 [xhci_hcd] > [ 236.814384] ? __accumulate_pelt_segments+0x24/0x33 > [ 236.814390] ? __accumulate_pelt_segments+0x24/0x33 > [ 236.814405] ? xhci_irq+0x3294/0x3294 [xhci_hcd] > [ 236.814412] __handle_irq_event_percpu+0x149/0x3db > [ 236.814421] handle_irq_event_percpu+0x65/0x109 > [ 236.814428] ? __handle_irq_event_percpu+0x3db/0x3db > [ 236.814436] ? ttwu_do_wakeup.isra.18+0x3a2/0x3ce > [ 236.814442] handle_irq_event+0xa8/0x10a > [ 236.814449] handle_edge_irq+0x4b2/0x538 > [ 236.814458] handle_irq+0x3e/0x45 > [ 236.814465] do_IRQ+0x5c/0x126 > [ 236.814474] common_interrupt+0x7a/0x7a > [ 236.814478] > [ 236.814483] RIP: 0023:0xf79d3d82 > [ 236.814486] RSP: 002b:00000000ffc588e8 EFLAGS: 00200282 ORIG_RAX: ffffffffffffffdc > [ 236.814493] RAX: 0000000000000000 RBX: 00000000f7bebd5c RCX: 0000000000000000 > [ 236.814496] RDX: 0000000008d4197c RSI: 0000000000000000 RDI: 00000000f746c020 > [ 236.814499] RBP: 00000000ffc588e8 R08: 0000000000000000 R09: 0000000000000000 > [ 236.814503] R10: 0000000000000000 R11: 0000000000200206 R12: 0000000000000000 > [ 236.814506] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 > > [ 236.814513] Allocated by task 2082: > [ 236.814521] kasan_kmalloc.part.1+0x51/0xc7 > [ 236.814526] kmem_cache_alloc_trace+0x178/0x187 > [ 236.814540] xhci_segment_alloc.isra.11+0x9d/0x3bf [xhci_hcd] > [ 236.814553] xhci_alloc_segments_for_ring+0x9e/0x176 [xhci_hcd] > [ 236.814566] xhci_ring_alloc.constprop.16+0x197/0x4ba [xhci_hcd] > [ 236.814579] xhci_endpoint_init+0x77a/0x9ba [xhci_hcd] > [ 236.814592] xhci_add_endpoint+0x3bc/0x43b [xhci_hcd] > [ 236.814615] usb_hcd_alloc_bandwidth+0x7ef/0x857 [usbcore] > [ 236.814637] usb_set_interface+0x294/0x681 [usbcore] > [ 236.814645] btusb_work+0x2e6/0x981 [btusb] > [ 236.814651] process_one_work+0x579/0x9e9 > [ 236.814656] worker_thread+0x68f/0x804 > [ 236.814662] kthread+0x31c/0x32b > [ 236.814668] ret_from_fork+0x35/0x40 > > [ 236.814672] Freed by task 1533: > [ 236.814678] kasan_slab_free+0xb3/0x15e > [ 236.814683] kfree+0x103/0x1a9 > [ 236.814696] xhci_ring_free+0x205/0x286 [xhci_hcd] > [ 236.814709] xhci_free_endpoint_ring+0x4d/0x83 [xhci_hcd] > [ 236.814722] xhci_check_bandwidth+0x57b/0x65a [xhci_hcd] > [ 236.814743] usb_hcd_alloc_bandwidth+0x665/0x857 [usbcore] > [ 236.814765] usb_set_interface+0x294/0x681 [usbcore] > [ 236.814772] btusb_work+0x664/0x981 [btusb] > [ 236.814777] process_one_work+0x579/0x9e9 > [ 236.814782] worker_thread+0x68f/0x804 > [ 236.814788] kthread+0x31c/0x32b > [ 236.814793] ret_from_fork+0x35/0x40 > > [ 236.814799] The buggy address belongs to the object at ffff8800789329c8 > which belongs to the cache kmalloc-64 of size 64 > [ 236.814804] The buggy address is located 0 bytes inside of > 64-byte region [ffff8800789329c8, ffff880078932a08) > [ 236.814806] The buggy address belongs to the page: > [ 236.814812] page:ffffea0001e24c80 count:1 mapcount:0 mapping: (null) index:0x0 compound_mapcount: 0 > [ 236.825813] flags: 0x4000000000008100(slab|head) > [ 236.830981] raw: 4000000000008100 0000000000000000 0000000000000000 0000000100130013 > [ 236.830988] raw: ffffea0000cfbaa0 ffffea00010ddf20 ffff88013b80f640 0000000000000000 > [ 236.830990] page dumped because: kasan: bad access detected > > [ 236.830993] Memory state around the buggy address: > [ 236.830999] ffff880078932880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc > [ 236.831004] ffff880078932900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc > [ 236.831008] >ffff880078932980: fc fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb > [ 236.831011] ^ > [ 236.831015] ffff880078932a00: fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc > [ 236.831019] ffff880078932a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc > [ 236.831021] ================================================================== > [ 236.831024] Disabling lock debugging due to kernel taint > >From cbbe6dc59ac90a4f2c358de56e58e254320171e0 Mon Sep 17 00:00:00 2001 > From: Sudip Mukherjee > Date: Tue, 10 Jul 2018 09:50:00 +0100 > Subject: [PATCH] hacky solution to mem-corruption > > Signed-off-by: Sudip Mukherjee > --- > drivers/usb/core/message.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/drivers/usb/core/message.c b/drivers/usb/core/message.c > index 7cd4ec33dbf4..7fdf7a27611d 100644 > --- a/drivers/usb/core/message.c > +++ b/drivers/usb/core/message.c > @@ -1398,7 +1398,8 @@ int usb_set_interface(struct usb_device *dev, int interface, int alternate) > remove_intf_ep_devs(iface); > usb_remove_sysfs_intf_files(iface); > } > - usb_disable_interface(dev, iface, true); > + if (!(iface->cur_altsetting && alt)) > + usb_disable_interface(dev, iface, true); This feels like a "correct" patch anyway, why would a driver keep calling set_interface to an interface that it was already set to? But can't we check for this higher up in the function? This hack will just not disable an interface but it will do all of the other stuff being asked for. Does the patch below also solve this for you? It's not a good solution of course, but it might work around the problem a bit better. thanks, greg k-h diff --git a/drivers/usb/core/message.c b/drivers/usb/core/message.c index 1a15392326fc..0f718f1a1ca3 100644 --- a/drivers/usb/core/message.c +++ b/drivers/usb/core/message.c @@ -1376,6 +1376,14 @@ int usb_set_interface(struct usb_device *dev, int interface, int alternate) return -EINVAL; } + if (iface->cur_altsetting == alt) { + /* + * foolish bluetooth stack, don't try to set a setting you are + * already set to... + */ + return 0; + } + /* Make sure we have enough bandwidth for this alternate interface. * Remove the current alt setting and add the new alt setting. */ From mboxrd@z Thu Jan 1 00:00:00 1970 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Subject: usb HC busted? From: Greg Kroah-Hartman Message-Id: <20180717120411.GB28592@kroah.com> Date: Tue, 17 Jul 2018 14:04:11 +0200 To: Sudip Mukherjee Cc: Mathias Nyman , Andy Shevchenko , Andy Shevchenko , Mathias Nyman , linux-usb@vger.kernel.org, lukaszx.szulc@intel.com, Christoph Hellwig , Marek Szyprowski , iommu@lists.linux-foundation.org List-ID: T24gVHVlLCBKdWwgMTcsIDIwMTggYXQgMTI6NDE6MDRQTSArMDEwMCwgU3VkaXAgTXVraGVyamVl IHdyb3RlOgo+IEhpIE1hdGhpYXMsCj4gCj4gT24gU2F0LCBKdW4gMzAsIDIwMTggYXQgMTA6MDc6 MDRQTSArMDEwMCwgU3VkaXAgTXVraGVyamVlIHdyb3RlOgo+ID4gSGkgTWF0aGlhcywKPiA+IAo+ ID4gT24gRnJpLCBKdW4gMjksIDIwMTggYXQgMDI6NDE6MTNQTSArMDMwMCwgTWF0aGlhcyBOeW1h biB3cm90ZToKPiA+ID4gT24gMjcuMDYuMjAxOCAxNDo1OSwgU3VkaXAgTXVraGVyamVlIHdyb3Rl Ogo+ID4gPiA+ID4gPiBDYW4geW91IHNoYXJlIGEgYml0IG1vcmUgZGV0YWlscyBvbiB0aGUgcGxh dGZvcm0geW91IGFyZSB1c2luZywgYW5kIHdoYXQgdHlwZXMgb2YgdGVzdCB5b3UgYXJlIHJ1bm5p bmcuCj4gPiA+ID4gPiAKPiA8c25pcD4KPiA+IFRoZW4gdG8gdHJhY2sgd2hhdCBpcyBnb2luZyBv biwgSSBhZGRlZCB0aGUgc2x1YiBkZWJ1Z2dpbmcgYW5kIDooCj4gPiBJIGhhdmUgYXR0YWNoZWQg cGFydCBvZiBkbWVzZyBmb3IgeW91IHRvIGNoZWNrLgo+ID4gV2lsbCBhcHByZWNpYXRlIHlvdXIg aGVscCBpbiBmaW5kaW5nIG91dCB0aGUgcHJvYmxlbS4KPiAKPiBJIGRpZCBzb21lIG1vcmUgZGVi dWdnaW5nLiBUZXN0ZWQgd2l0aCBhIEtBU0FOIGVuYWJsZWQga2VybmVsIGFuZCB0aGF0Cj4gc2hv d3MgdGhlIHByb2JsZW0uIFRoZSByZXBvcnQgaXMgYXR0YWNoZWQuCj4gCj4gVG8gbXkgdW5kZXJz dGFuZGluZzoKPiAKPiBidHVzYl93b3JrKCkgaXMgY2FsbGluZyB1c2Jfc2V0X2ludGVyZmFjZSgp IHdpdGggYWx0ZXJuYXRlID0gMC4gd2hpY2gKPiBhZ2FpbiBjYWxscyB1c2JfaGNkX2FsbG9jX2Jh bmR3aWR0aCgpIGFuZCB0aGF0IGZyZWVzIHRoZSByaW5ncyBieQo+IHhoY2lfZnJlZV9lbmRwb2lu dF9yaW5nKCkuIEJ1dCB0aGVuIHVzYl9zZXRfaW50ZXJmYWNlKCkgY29udGludWVzIGFuZAo+IGNh bGxzIHVzYl9kaXNhYmxlX2ludGVyZmFjZSgpIC0+IHVzYl9oY2RfZmx1c2hfZW5kcG9pbnQoKS0+ dW5saW5rMSgpLT4KPiB4aGNpX3VyYl9kZXF1ZXVlKCkgd2hpY2ggYXQgdGhlIGVuZCBnaXZlcyB0 aGUgY29tbWFuZCB0byBzdG9wIGVuZHBvaW50Lgo+IAo+IEluIGFsbCB0aGUgY3ljbGVzIEkgaGF2 ZSB0ZXN0ZWQgSSBzZWUgdGhhdCBvbmx5IGluIHRoZSBmYWlsIGNhc2UKPiBoYW5kbGVfY21kX2Nv bXBsZXRpb24oKSBnZXRzIGNhbGxlZCwgYnV0IGluIHRoZSBjeWNsZXMgd2hlcmUgdGhlIGVycm9y Cj4gaXMgbm90IHRoZXJlIGhhbmRsZV9jbWRfY29tcGxldGlvbigpIGlzIG5vdCBjYWxsZWQgd2l0 aCB0aGF0IGNvbW1hbmQuCj4gCj4gSSBhbSBub3Qgc3VyZSB3aGF0IGlzIGhhcHBlbmluZywgYW5k IHlvdSBhcmUgdGhlIGJlc3QgcGVyc29uIHRvIHVuZGVyc3RhbmQKPiB3aGF0IGlzIGhhcHBlbmlu Zy4gOikKPiAKPiBCdXQgZm9yIG5vdyAodW50aWxsIHlvdSBhcmUgYmFjayBmcm9tIGhvbGlkYXkg YW5kIHN1Z2dlc3QgYSBwcm9wZXIgc29sdXRpb24pLAo+IEkgbWFkZSBhIGhhY2t5IHBhdGNoIChh dHRhY2hlZCkgd2hpY2ggaXMgd29ya2luZyBhbmQgSSBkb25vdCBnZXQgYW55Cj4gY29ycnVwdGlv biBhZnRlciB0aGF0LiBCb3RoIEtBU0FOIGFuZCBzbHViIGRlYnVnIGFyZSBhbHNvIGhhcHB5Lgo+ IAo+IFNvLCBub3cgd2FpdGluZyBmb3IgeW91IHRvIGFuYWx5emUgd2hhdCBpcyBnb2luZyBvbiBh bmQgc3VnZ2VzdCBhIHByb3Blcgo+IGZpeC4KPiAKPiBUaGFua3MgaW4gYWR2YW5jZS4KPiAKPiAt LQo+IFJlZ2FyZHMKPiBTdWRpcAoKPiBbICAyMzYuODE0MTU2XSA9PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KPiBbICAyMzYu ODE0MTg3XSBCVUc6IEtBU0FOOiB1c2UtYWZ0ZXItZnJlZSBpbiB4aGNpX3RyYl92aXJ0X3RvX2Rt YSsweDJlLzB4NzQgW3hoY2lfaGNkXQo+IFsgIDIzNi44MTQxOTNdIFJlYWQgb2Ygc2l6ZSA4IGF0 IGFkZHIgZmZmZjg4MDA3ODkzMjljOCBieSB0YXNrIHdlc3Rvbi8xMzgKPiAKPiBbICAyMzYuODE0 MjAzXSBDUFU6IDAgUElEOiAxMzggQ29tbTogd2VzdG9uIFRhaW50ZWQ6IEcgICAgIFUgIFcgIE8g ICAgNC4xNC40Ny0yMDE4MDYwNisgIzcKPiBbICAyMzYuODE0MjA2XSBIYXJkd2FyZSBuYW1lOiB4 eHgsIEJJT1MgMjAxNy4wMS0wMDA4Ny1nNDNlMDRkZSAwOC8zMC8yMDE3Cj4gWyAgMjM2LjgxNDIw OV0gQ2FsbCBUcmFjZToKPiBbICAyMzYuODE0MjE0XSAgPElSUT4KPiBbICAyMzYuODE0MjI2XSAg ZHVtcF9zdGFjaysweDQ2LzB4NTkKPiBbICAyMzYuODE0MjM4XSAgcHJpbnRfYWRkcmVzc19kZXNj cmlwdGlvbisweDZiLzB4MjNiCj4gWyAgMjM2LjgxNDI1NV0gID8geGhjaV90cmJfdmlydF90b19k bWErMHgyZS8weDc0IFt4aGNpX2hjZF0KPiBbICAyMzYuODE0MjYyXSAga2FzYW5fcmVwb3J0KzB4 MjIwLzB4MjQ2Cj4gWyAgMjM2LjgxNDI3OF0gIHhoY2lfdHJiX3ZpcnRfdG9fZG1hKzB4MmUvMHg3 NCBbeGhjaV9oY2RdCj4gWyAgMjM2LjgxNDI5NF0gIHRyYl9pbl90ZCsweDNiLzB4MWNkIFt4aGNp X2hjZF0KPiBbICAyMzYuODE0MzExXSAgaGFuZGxlX2NtZF9jb21wbGV0aW9uKzB4MTE4MS8weDJj OWIgW3hoY2lfaGNkXQo+IFsgIDIzNi44MTQzMjldICA/IHhoY2lfcXVldWVfbmV3X2RlcXVldWVf c3RhdGUrMHg1ZDkvMHg1ZDkgW3hoY2lfaGNkXQo+IFsgIDIzNi44MTQzMzddICA/IGRybV9oYW5k bGVfdmJsYW5rKzB4NGVjLzB4NTkwCj4gWyAgMjM2LjgxNDM1Ml0gIHhoY2lfaXJxKzB4NTI5LzB4 MzI5NCBbeGhjaV9oY2RdCj4gWyAgMjM2LjgxNDM2Ml0gID8gX19hY2N1bXVsYXRlX3BlbHRfc2Vn bWVudHMrMHgyNC8weDMzCj4gWyAgMjM2LjgxNDM3OF0gID8gZmluaXNoX3RkLmlzcmEuNDArMHgy MjMvMHgyMjMgW3hoY2lfaGNkXQo+IFsgIDIzNi44MTQzODRdICA/IF9fYWNjdW11bGF0ZV9wZWx0 X3NlZ21lbnRzKzB4MjQvMHgzMwo+IFsgIDIzNi44MTQzOTBdICA/IF9fYWNjdW11bGF0ZV9wZWx0 X3NlZ21lbnRzKzB4MjQvMHgzMwo+IFsgIDIzNi44MTQ0MDVdICA/IHhoY2lfaXJxKzB4MzI5NC8w eDMyOTQgW3hoY2lfaGNkXQo+IFsgIDIzNi44MTQ0MTJdICBfX2hhbmRsZV9pcnFfZXZlbnRfcGVy Y3B1KzB4MTQ5LzB4M2RiCj4gWyAgMjM2LjgxNDQyMV0gIGhhbmRsZV9pcnFfZXZlbnRfcGVyY3B1 KzB4NjUvMHgxMDkKPiBbICAyMzYuODE0NDI4XSAgPyBfX2hhbmRsZV9pcnFfZXZlbnRfcGVyY3B1 KzB4M2RiLzB4M2RiCj4gWyAgMjM2LjgxNDQzNl0gID8gdHR3dV9kb193YWtldXAuaXNyYS4xOCsw eDNhMi8weDNjZQo+IFsgIDIzNi44MTQ0NDJdICBoYW5kbGVfaXJxX2V2ZW50KzB4YTgvMHgxMGEK PiBbICAyMzYuODE0NDQ5XSAgaGFuZGxlX2VkZ2VfaXJxKzB4NGIyLzB4NTM4Cj4gWyAgMjM2Ljgx NDQ1OF0gIGhhbmRsZV9pcnErMHgzZS8weDQ1Cj4gWyAgMjM2LjgxNDQ2NV0gIGRvX0lSUSsweDVj LzB4MTI2Cj4gWyAgMjM2LjgxNDQ3NF0gIGNvbW1vbl9pbnRlcnJ1cHQrMHg3YS8weDdhCj4gWyAg MjM2LjgxNDQ3OF0gIDwvSVJRPgo+IFsgIDIzNi44MTQ0ODNdIFJJUDogMDAyMzoweGY3OWQzZDgy Cj4gWyAgMjM2LjgxNDQ4Nl0gUlNQOiAwMDJiOjAwMDAwMDAwZmZjNTg4ZTggRUZMQUdTOiAwMDIw MDI4MiBPUklHX1JBWDogZmZmZmZmZmZmZmZmZmZkYwo+IFsgIDIzNi44MTQ0OTNdIFJBWDogMDAw MDAwMDAwMDAwMDAwMCBSQlg6IDAwMDAwMDAwZjdiZWJkNWMgUkNYOiAwMDAwMDAwMDAwMDAwMDAw Cj4gWyAgMjM2LjgxNDQ5Nl0gUkRYOiAwMDAwMDAwMDA4ZDQxOTdjIFJTSTogMDAwMDAwMDAwMDAw MDAwMCBSREk6IDAwMDAwMDAwZjc0NmMwMjAKPiBbICAyMzYuODE0NDk5XSBSQlA6IDAwMDAwMDAw ZmZjNTg4ZTggUjA4OiAwMDAwMDAwMDAwMDAwMDAwIFIwOTogMDAwMDAwMDAwMDAwMDAwMAo+IFsg IDIzNi44MTQ1MDNdIFIxMDogMDAwMDAwMDAwMDAwMDAwMCBSMTE6IDAwMDAwMDAwMDAyMDAyMDYg UjEyOiAwMDAwMDAwMDAwMDAwMDAwCj4gWyAgMjM2LjgxNDUwNl0gUjEzOiAwMDAwMDAwMDAwMDAw MDAwIFIxNDogMDAwMDAwMDAwMDAwMDAwMCBSMTU6IDAwMDAwMDAwMDAwMDAwMDAKPiAKPiBbICAy MzYuODE0NTEzXSBBbGxvY2F0ZWQgYnkgdGFzayAyMDgyOgo+IFsgIDIzNi44MTQ1MjFdICBrYXNh bl9rbWFsbG9jLnBhcnQuMSsweDUxLzB4YzcKPiBbICAyMzYuODE0NTI2XSAga21lbV9jYWNoZV9h bGxvY190cmFjZSsweDE3OC8weDE4Nwo+IFsgIDIzNi44MTQ1NDBdICB4aGNpX3NlZ21lbnRfYWxs b2MuaXNyYS4xMSsweDlkLzB4M2JmIFt4aGNpX2hjZF0KPiBbICAyMzYuODE0NTUzXSAgeGhjaV9h bGxvY19zZWdtZW50c19mb3JfcmluZysweDllLzB4MTc2IFt4aGNpX2hjZF0KPiBbICAyMzYuODE0 NTY2XSAgeGhjaV9yaW5nX2FsbG9jLmNvbnN0cHJvcC4xNisweDE5Ny8weDRiYSBbeGhjaV9oY2Rd Cj4gWyAgMjM2LjgxNDU3OV0gIHhoY2lfZW5kcG9pbnRfaW5pdCsweDc3YS8weDliYSBbeGhjaV9o Y2RdCj4gWyAgMjM2LjgxNDU5Ml0gIHhoY2lfYWRkX2VuZHBvaW50KzB4M2JjLzB4NDNiIFt4aGNp X2hjZF0KPiBbICAyMzYuODE0NjE1XSAgdXNiX2hjZF9hbGxvY19iYW5kd2lkdGgrMHg3ZWYvMHg4 NTcgW3VzYmNvcmVdCj4gWyAgMjM2LjgxNDYzN10gIHVzYl9zZXRfaW50ZXJmYWNlKzB4Mjk0LzB4 NjgxIFt1c2Jjb3JlXQo+IFsgIDIzNi44MTQ2NDVdICBidHVzYl93b3JrKzB4MmU2LzB4OTgxIFti dHVzYl0KPiBbICAyMzYuODE0NjUxXSAgcHJvY2Vzc19vbmVfd29yaysweDU3OS8weDllOQo+IFsg IDIzNi44MTQ2NTZdICB3b3JrZXJfdGhyZWFkKzB4NjhmLzB4ODA0Cj4gWyAgMjM2LjgxNDY2Ml0g IGt0aHJlYWQrMHgzMWMvMHgzMmIKPiBbICAyMzYuODE0NjY4XSAgcmV0X2Zyb21fZm9yaysweDM1 LzB4NDAKPiAKPiBbICAyMzYuODE0NjcyXSBGcmVlZCBieSB0YXNrIDE1MzM6Cj4gWyAgMjM2Ljgx NDY3OF0gIGthc2FuX3NsYWJfZnJlZSsweGIzLzB4MTVlCj4gWyAgMjM2LjgxNDY4M10gIGtmcmVl KzB4MTAzLzB4MWE5Cj4gWyAgMjM2LjgxNDY5Nl0gIHhoY2lfcmluZ19mcmVlKzB4MjA1LzB4Mjg2 IFt4aGNpX2hjZF0KPiBbICAyMzYuODE0NzA5XSAgeGhjaV9mcmVlX2VuZHBvaW50X3JpbmcrMHg0 ZC8weDgzIFt4aGNpX2hjZF0KPiBbICAyMzYuODE0NzIyXSAgeGhjaV9jaGVja19iYW5kd2lkdGgr MHg1N2IvMHg2NWEgW3hoY2lfaGNkXQo+IFsgIDIzNi44MTQ3NDNdICB1c2JfaGNkX2FsbG9jX2Jh bmR3aWR0aCsweDY2NS8weDg1NyBbdXNiY29yZV0KPiBbICAyMzYuODE0NzY1XSAgdXNiX3NldF9p bnRlcmZhY2UrMHgyOTQvMHg2ODEgW3VzYmNvcmVdCj4gWyAgMjM2LjgxNDc3Ml0gIGJ0dXNiX3dv cmsrMHg2NjQvMHg5ODEgW2J0dXNiXQo+IFsgIDIzNi44MTQ3NzddICBwcm9jZXNzX29uZV93b3Jr KzB4NTc5LzB4OWU5Cj4gWyAgMjM2LjgxNDc4Ml0gIHdvcmtlcl90aHJlYWQrMHg2OGYvMHg4MDQK PiBbICAyMzYuODE0Nzg4XSAga3RocmVhZCsweDMxYy8weDMyYgo+IFsgIDIzNi44MTQ3OTNdICBy ZXRfZnJvbV9mb3JrKzB4MzUvMHg0MAo+IAo+IFsgIDIzNi44MTQ3OTldIFRoZSBidWdneSBhZGRy ZXNzIGJlbG9uZ3MgdG8gdGhlIG9iamVjdCBhdCBmZmZmODgwMDc4OTMyOWM4Cj4gIHdoaWNoIGJl bG9uZ3MgdG8gdGhlIGNhY2hlIGttYWxsb2MtNjQgb2Ygc2l6ZSA2NAo+IFsgIDIzNi44MTQ4MDRd IFRoZSBidWdneSBhZGRyZXNzIGlzIGxvY2F0ZWQgMCBieXRlcyBpbnNpZGUgb2YKPiAgNjQtYnl0 ZSByZWdpb24gW2ZmZmY4ODAwNzg5MzI5YzgsIGZmZmY4ODAwNzg5MzJhMDgpCj4gWyAgMjM2Ljgx NDgwNl0gVGhlIGJ1Z2d5IGFkZHJlc3MgYmVsb25ncyB0byB0aGUgcGFnZToKPiBbICAyMzYuODE0 ODEyXSBwYWdlOmZmZmZlYTAwMDFlMjRjODAgY291bnQ6MSBtYXBjb3VudDowIG1hcHBpbmc6ICAg ICAgICAgIChudWxsKSBpbmRleDoweDAgY29tcG91bmRfbWFwY291bnQ6IDAKPiBbICAyMzYuODI1 ODEzXSBmbGFnczogMHg0MDAwMDAwMDAwMDA4MTAwKHNsYWJ8aGVhZCkKPiBbICAyMzYuODMwOTgx XSByYXc6IDQwMDAwMDAwMDAwMDgxMDAgMDAwMDAwMDAwMDAwMDAwMCAwMDAwMDAwMDAwMDAwMDAw IDAwMDAwMDAxMDAxMzAwMTMKPiBbICAyMzYuODMwOTg4XSByYXc6IGZmZmZlYTAwMDBjZmJhYTAg ZmZmZmVhMDAwMTBkZGYyMCBmZmZmODgwMTNiODBmNjQwIDAwMDAwMDAwMDAwMDAwMDAKPiBbICAy MzYuODMwOTkwXSBwYWdlIGR1bXBlZCBiZWNhdXNlOiBrYXNhbjogYmFkIGFjY2VzcyBkZXRlY3Rl ZAo+IAo+IFsgIDIzNi44MzA5OTNdIE1lbW9yeSBzdGF0ZSBhcm91bmQgdGhlIGJ1Z2d5IGFkZHJl c3M6Cj4gWyAgMjM2LjgzMDk5OV0gIGZmZmY4ODAwNzg5MzI4ODA6IGZjIGZjIGZjIGZjIGZjIGZj IGZjIGZjIGZjIGZjIGZjIGZjIGZjIGZjIGZjIGZjCj4gWyAgMjM2LjgzMTAwNF0gIGZmZmY4ODAw Nzg5MzI5MDA6IGZjIGZjIGZjIGZjIGZjIGZjIGZjIGZjIGZjIGZjIGZjIGZjIGZjIGZjIGZjIGZj Cj4gWyAgMjM2LjgzMTAwOF0gPmZmZmY4ODAwNzg5MzI5ODA6IGZjIGZjIGZjIGZjIGZjIGZjIGZj IGZjIGZjIGZiIGZiIGZiIGZiIGZiIGZiIGZiCj4gWyAgMjM2LjgzMTAxMV0gICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIF4KPiBbICAyMzYuODMxMDE1XSAgZmZm Zjg4MDA3ODkzMmEwMDogZmIgZmMgZmMgZmMgZmMgZmMgZmMgZmMgZmMgZmMgZmMgZmMgZmMgZmMg ZmMgZmMKPiBbICAyMzYuODMxMDE5XSAgZmZmZjg4MDA3ODkzMmE4MDogZmMgZmMgZmMgZmMgZmMg ZmMgZmMgZmMgZmMgZmMgZmMgZmMgZmMgZmMgZmMgZmMKPiBbICAyMzYuODMxMDIxXSA9PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT0KPiBbICAyMzYuODMxMDI0XSBEaXNhYmxpbmcgbG9jayBkZWJ1Z2dpbmcgZHVlIHRvIGtlcm5l bCB0YWludAoKPiA+RnJvbSBjYmJlNmRjNTlhYzkwYTRmMmMzNThkZTU2ZTU4ZTI1NDMyMDE3MWUw IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQo+IEZyb206IFN1ZGlwIE11a2hlcmplZSA8c3VkaXBt Lm11a2hlcmplZUBnbWFpbC5jb20+Cj4gRGF0ZTogVHVlLCAxMCBKdWwgMjAxOCAwOTo1MDowMCAr MDEwMAo+IFN1YmplY3Q6IFtQQVRDSF0gaGFja3kgc29sdXRpb24gdG8gbWVtLWNvcnJ1cHRpb24K PiAKPiBTaWduZWQtb2ZmLWJ5OiBTdWRpcCBNdWtoZXJqZWUgPHN1ZGlwbS5tdWtoZXJqZWVAZ21h aWwuY29tPgo+IC0tLQo+ICBkcml2ZXJzL3VzYi9jb3JlL21lc3NhZ2UuYyB8IDMgKystCj4gIDEg ZmlsZSBjaGFuZ2VkLCAyIGluc2VydGlvbnMoKyksIDEgZGVsZXRpb24oLSkKPiAKPiBkaWZmIC0t Z2l0IGEvZHJpdmVycy91c2IvY29yZS9tZXNzYWdlLmMgYi9kcml2ZXJzL3VzYi9jb3JlL21lc3Nh Z2UuYwo+IGluZGV4IDdjZDRlYzMzZGJmNC4uN2ZkZjdhMjc2MTFkIDEwMDY0NAo+IC0tLSBhL2Ry aXZlcnMvdXNiL2NvcmUvbWVzc2FnZS5jCj4gKysrIGIvZHJpdmVycy91c2IvY29yZS9tZXNzYWdl LmMKPiBAQCAtMTM5OCw3ICsxMzk4LDggQEAgaW50IHVzYl9zZXRfaW50ZXJmYWNlKHN0cnVjdCB1 c2JfZGV2aWNlICpkZXYsIGludCBpbnRlcmZhY2UsIGludCBhbHRlcm5hdGUpCj4gIAkJcmVtb3Zl X2ludGZfZXBfZGV2cyhpZmFjZSk7Cj4gIAkJdXNiX3JlbW92ZV9zeXNmc19pbnRmX2ZpbGVzKGlm YWNlKTsKPiAgCX0KPiAtCXVzYl9kaXNhYmxlX2ludGVyZmFjZShkZXYsIGlmYWNlLCB0cnVlKTsK PiArCWlmICghKGlmYWNlLT5jdXJfYWx0c2V0dGluZyAmJiBhbHQpKQo+ICsJCXVzYl9kaXNhYmxl X2ludGVyZmFjZShkZXYsIGlmYWNlLCB0cnVlKTsKCgoKVGhpcyBmZWVscyBsaWtlIGEgImNvcnJl Y3QiIHBhdGNoIGFueXdheSwgd2h5IHdvdWxkIGEgZHJpdmVyIGtlZXAKY2FsbGluZyBzZXRfaW50 ZXJmYWNlIHRvIGFuIGludGVyZmFjZSB0aGF0IGl0IHdhcyBhbHJlYWR5IHNldCB0bz8KCkJ1dCBj YW4ndCB3ZSBjaGVjayBmb3IgdGhpcyBoaWdoZXIgdXAgaW4gdGhlIGZ1bmN0aW9uPyAgVGhpcyBo YWNrIHdpbGwKanVzdCBub3QgZGlzYWJsZSBhbiBpbnRlcmZhY2UgYnV0IGl0IHdpbGwgZG8gYWxs IG9mIHRoZSBvdGhlciBzdHVmZgpiZWluZyBhc2tlZCBmb3IuICBEb2VzIHRoZSBwYXRjaCBiZWxv dyBhbHNvIHNvbHZlIHRoaXMgZm9yIHlvdT8gIEl0J3MKbm90IGEgZ29vZCBzb2x1dGlvbiBvZiBj b3Vyc2UsIGJ1dCBpdCBtaWdodCB3b3JrIGFyb3VuZCB0aGUgcHJvYmxlbSBhCmJpdCBiZXR0ZXIu Cgp0aGFua3MsCgpncmVnIGstaAotLS0KVG8gdW5zdWJzY3JpYmUgZnJvbSB0aGlzIGxpc3Q6IHNl bmQgdGhlIGxpbmUgInVuc3Vic2NyaWJlIGxpbnV4LXVzYiIgaW4KdGhlIGJvZHkgb2YgYSBtZXNz YWdlIHRvIG1ham9yZG9tb0B2Z2VyLmtlcm5lbC5vcmcKTW9yZSBtYWpvcmRvbW8gaW5mbyBhdCAg aHR0cDovL3ZnZXIua2VybmVsLm9yZy9tYWpvcmRvbW8taW5mby5odG1sCgpkaWZmIC0tZ2l0IGEv ZHJpdmVycy91c2IvY29yZS9tZXNzYWdlLmMgYi9kcml2ZXJzL3VzYi9jb3JlL21lc3NhZ2UuYwpp bmRleCAxYTE1MzkyMzI2ZmMuLjBmNzE4ZjFhMWNhMyAxMDA2NDQKLS0tIGEvZHJpdmVycy91c2Iv Y29yZS9tZXNzYWdlLmMKKysrIGIvZHJpdmVycy91c2IvY29yZS9tZXNzYWdlLmMKQEAgLTEzNzYs NiArMTM3NiwxNCBAQCBpbnQgdXNiX3NldF9pbnRlcmZhY2Uoc3RydWN0IHVzYl9kZXZpY2UgKmRl diwgaW50IGludGVyZmFjZSwgaW50IGFsdGVybmF0ZSkKIAkJcmV0dXJuIC1FSU5WQUw7CiAJfQog CisJaWYgKGlmYWNlLT5jdXJfYWx0c2V0dGluZyA9PSBhbHQpIHsKKwkJLyoKKwkJICogZm9vbGlz aCBibHVldG9vdGggc3RhY2ssIGRvbid0IHRyeSB0byBzZXQgYSBzZXR0aW5nIHlvdSBhcmUKKwkJ ICogYWxyZWFkeSBzZXQgdG8uLi4KKwkJICovCisJCXJldHVybiAwOworCX0KKwogCS8qIE1ha2Ug c3VyZSB3ZSBoYXZlIGVub3VnaCBiYW5kd2lkdGggZm9yIHRoaXMgYWx0ZXJuYXRlIGludGVyZmFj ZS4KIAkgKiBSZW1vdmUgdGhlIGN1cnJlbnQgYWx0IHNldHRpbmcgYW5kIGFkZCB0aGUgbmV3IGFs dCBzZXR0aW5nLgogCSAqLwo=