From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from smtp3.osuosl.org (smtp3.osuosl.org [140.211.166.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id E0C9AC77B7A for ; Wed, 31 May 2023 10:25:12 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp3.osuosl.org (Postfix) with ESMTP id 5D57D60B5A; Wed, 31 May 2023 10:25:12 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org 5D57D60B5A Authentication-Results: smtp3.osuosl.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=cc/iCJdI X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp3.osuosl.org ([127.0.0.1]) by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uTfmTPaKUDuZ; Wed, 31 May 2023 10:25:10 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by smtp3.osuosl.org (Postfix) with ESMTPS id 3D06560B46; Wed, 31 May 2023 10:25:10 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org 3D06560B46 Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 14C4DC0087; Wed, 31 May 2023 10:25:10 +0000 (UTC) Received: from smtp3.osuosl.org (smtp3.osuosl.org [140.211.166.136]) by lists.linuxfoundation.org (Postfix) with ESMTP id D879FC0037 for ; Wed, 31 May 2023 10:25:08 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp3.osuosl.org (Postfix) with ESMTP id A543660B3C for ; Wed, 31 May 2023 10:25:08 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org A543660B3C X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp3.osuosl.org ([127.0.0.1]) by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id En-j6H5DCXck for ; Wed, 31 May 2023 10:25:07 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0 DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org E919960AE9 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by smtp3.osuosl.org (Postfix) with ESMTPS id E919960AE9 for ; Wed, 31 May 2023 10:25:06 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1685528705; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=DvwGCRQeWTvKp10bN1Sbh5bj4YnUv0Bqw0o1UOThBzY=; b=cc/iCJdIaNZ57pKP2kkx4AA5/YFYk7t3pfKq//xGPibFeLKlyL3hwAHe8cQQhhnovYF0mf lcvci7ZXpJ1+mnwY+IuHAv/CLFk2hvozGha+KmmVocpC17eRr1WykTs9vUQY0YFrkwFczQ BWD2kfO9VBXADTMGDbr3B09LQp3ahW8= Received: from mail-wr1-f70.google.com (mail-wr1-f70.google.com [209.85.221.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-586-gS2qN_FZOlWObx9Dk5vHxg-1; Wed, 31 May 2023 06:25:03 -0400 X-MC-Unique: gS2qN_FZOlWObx9Dk5vHxg-1 Received: by mail-wr1-f70.google.com with SMTP id ffacd0b85a97d-30aefcc211fso1587929f8f.0 for ; Wed, 31 May 2023 03:25:03 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1685528702; x=1688120702; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=DvwGCRQeWTvKp10bN1Sbh5bj4YnUv0Bqw0o1UOThBzY=; b=lpR+cFui93EhbbEjpkKKjV9JHt9z8JUax0wW7bc9Zoo8Y2f3o6r7DetoJkdni10XEW MdbuIHAYOEQk0r4FDdYBBghtUlh/D6WeeeDLrbY2qmpSuygIAKdh5uK22okTo6GoLpQm TwlTjIJ0uJDGJbQEO0SZirNKoiw249efacAh+omzKgQiUvOl6UEBAWhN5YRLRNnbhi7A JGjPiogGb7zmR11gWyXuVpyPKwF67IoLSaJe8S9Avk48jexkJ4BHWieDxJu4vFzDrmHq 9Vln6I2lWI1E2/h37Sj4hHnHaOXwWhdADnMDEAFFK4VWFLgEkIluSO2K0YaJGRu7WfKD MzSA== X-Gm-Message-State: AC+VfDzwM4PoLj9KtwqdBAZ59xLIkD/TCIE6qrixQVNvMXG+Nv0RleZj qXbjDCB2kO7XyqVzXrz54Z9iY3zdt/rCRuCHM5Wo2NyQasMpUce6GsjrGO+IVHac2+zlvEA/1Q9 0ufIXEgbfnPPWWU2m6e/GpuJQrBDcshtqVSck8t4Seg== X-Received: by 2002:adf:f452:0:b0:307:8b3e:285a with SMTP id f18-20020adff452000000b003078b3e285amr4867796wrp.67.1685528702685; Wed, 31 May 2023 03:25:02 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ5rdqa0yP0CU0wQqaMcpUQBMYn4ha0O+FEx/Q20k8/Cui3MNm3+FsNtrElTCiHBdmXhEbnbSQ== X-Received: by 2002:adf:f452:0:b0:307:8b3e:285a with SMTP id f18-20020adff452000000b003078b3e285amr4867778wrp.67.1685528702252; Wed, 31 May 2023 03:25:02 -0700 (PDT) Received: from redhat.com ([2.52.11.69]) by smtp.gmail.com with ESMTPSA id b9-20020adfe309000000b003079986fd71sm6404500wrj.88.2023.05.31.03.25.00 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 31 May 2023 03:25:01 -0700 (PDT) Date: Wed, 31 May 2023 06:24:58 -0400 From: "Michael S. Tsirkin" To: Jason Wang Subject: Re: [PATCH] virtio_ring: validate used buffer length Message-ID: <20230531062108-mutt-send-email-mst@kernel.org> References: <20230526063041.18359-1-jasowang@redhat.com> <20230528033037-mutt-send-email-mst@kernel.org> <20230529055729-mutt-send-email-mst@kernel.org> <20230531014326-mutt-send-email-mst@kernel.org> MIME-Version: 1.0 In-Reply-To: X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Disposition: inline Cc: xuanzhuo@linux.alibaba.com, linux-kernel@vger.kernel.org, virtualization@lists.linux-foundation.org X-BeenThere: virtualization@lists.linux-foundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Linux virtualization List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Errors-To: virtualization-bounces@lists.linux-foundation.org Sender: "Virtualization" T24gV2VkLCBNYXkgMzEsIDIwMjMgYXQgMDQ6MjY6MzhQTSArMDgwMCwgSmFzb24gV2FuZyB3cm90 ZToKPiBPbiBXZWQsIE1heSAzMSwgMjAyMyBhdCAzOjM24oCvUE0gSmFzb24gV2FuZyA8amFzb3dh bmdAcmVkaGF0LmNvbT4gd3JvdGU6Cj4gPgo+ID4gT24gV2VkLCBNYXkgMzEsIDIwMjMgYXQgMTo1 MOKAr1BNIE1pY2hhZWwgUy4gVHNpcmtpbiA8bXN0QHJlZGhhdC5jb20+IHdyb3RlOgo+ID4gPgo+ ID4gPiBPbiBXZWQsIE1heSAzMSwgMjAyMyBhdCAwOTowNTowMEFNICswODAwLCBKYXNvbiBXYW5n IHdyb3RlOgo+ID4gPiA+IE9uIE1vbiwgTWF5IDI5LCAyMDIzIGF0IDY6MDPigK9QTSBNaWNoYWVs IFMuIFRzaXJraW4gPG1zdEByZWRoYXQuY29tPiB3cm90ZToKPiA+ID4gPiA+Cj4gPiA+ID4gPiBP biBNb24sIE1heSAyOSwgMjAyMyBhdCAwOToxODoxMEFNICswODAwLCBKYXNvbiBXYW5nIHdyb3Rl Ogo+ID4gPiA+ID4gPiBPbiBTdW4sIE1heSAyOCwgMjAyMyBhdCAzOjU34oCvUE0gTWljaGFlbCBT LiBUc2lya2luIDxtc3RAcmVkaGF0LmNvbT4gd3JvdGU6Cj4gPiA+ID4gPiA+ID4KPiA+ID4gPiA+ ID4gPiBPbiBGcmksIE1heSAyNiwgMjAyMyBhdCAwMjozMDo0MVBNICswODAwLCBKYXNvbiBXYW5n IHdyb3RlOgo+ID4gPiA+ID4gPiA+ID4gVGhpcyBwYXRjaCB2YWxpZGF0ZQo+ID4gPiA+ID4gPiA+ Cj4gPiA+ID4gPiA+ID4gdmFsaWRhdGVzCj4gPiA+ID4gPiA+ID4KPiA+ID4gPiA+ID4gPiA+IHRo ZSB1c2VkIGJ1ZmZlciBsZW5ndGggcHJvdmlkZWQgYnkgdGhlIGRldmljZQo+ID4gPiA+ID4gPiA+ ID4gYmVmb3JlIHRyeWluZyB0byB1c2UgaXQuCj4gPiA+ID4gPiA+ID4KPiA+ID4gPiA+ID4gPiBi ZWZvcmUgcmV0dXJuaW5nIGl0IHRvIGNhbGxlcgo+ID4gPiA+ID4gPiA+Cj4gPiA+ID4gPiA+ID4g PiBUaGlzIGlzIGRvbmUgYnkgcmVtZW1iZXJpbmcgdGhlIGluIGJ1ZmZlcgo+ID4gPiA+ID4gPiA+ ID4gbGVuZ3RoIGluIGEgZGVkaWNhdGVkIGFycmF5IGR1cmluZyB2aXJ0cXVldWVfYWRkKCksIHRo ZW4gd2UgY2FuIGZhaWwKPiA+ID4gPiA+ID4gPiA+IHRoZSB2aXJ0cXVldWVfZ2V0X2J1ZigpIHdo ZW4gd2UgZmluZCB0aGUgZGV2aWNlIGlzIHRyeWluZyB0byBnaXZlIHVzIGEKPiA+ID4gPiA+ID4g PiA+IHVzZWQgYnVmZmVyIGxlbmd0aCB3aGljaCBpcyBncmVhdGVyIHRoYW4gd2Ugc3RvcmVkIGJl Zm9yZS4KPiA+ID4gPiA+ID4gPgo+ID4gPiA+ID4gPiA+IHRoYW4gd2hhdCB3ZSBzdG9yZWQKPiA+ ID4gPiA+ID4gPgo+ID4gPiA+ID4gPiA+ID4KPiA+ID4gPiA+ID4gPiA+IFRoaXMgdmFsaWRhdGlv biBpcyBkaXNhYmxlCj4gPiA+ID4gPiA+ID4KPiA+ID4gPiA+ID4gPiBkaXNhYmxlZAo+ID4gPiA+ ID4gPiA+Cj4gPiA+ID4gPiA+ID4gPiBieSBkZWZhdWx0IHZpYSBtb2R1bGUgcGFyYW1ldGVyIHRv IHVuYnJlYWsKPiA+ID4gPiA+ID4gPiA+IHNvbWUgZXhpc3RpbmcgZGV2aWNlcyBzaW5jZSBzb21l IGxlZ2FjeSBkZXZpY2VzIGFyZSBrbm93biB0byByZXBvcnQKPiA+ID4gPiA+ID4gPiA+IGJ1Z2d5 IHVzZWQgbGVuZ3RoLgo+ID4gPiA+ID4gPiA+ID4KPiA+ID4gPiA+ID4gPiA+IFNpZ25lZC1vZmYt Ynk6IEphc29uIFdhbmcgPGphc293YW5nQHJlZGhhdC5jb20+Cj4gPiA+ID4gPiA+ID4KPiA+ID4g PiA+ID4gPiBGaXJzdCBJJ20gbm90IG1lcmdpbmcgdGhpcyB3aXRob3V0IG1vcmUgZGF0YSBhYm91 dAo+ID4gPiA+ID4gPiA+IHdoYXQgaXMga25vd24gdG8gYmUgYnJva2VuIGFuZCB3aGF0IGlzIGtu b3duIHRvIHdvcmsgd2VsbAo+ID4gPiA+ID4gPiA+IGluIHRoZSBjb21taXQgbG9nLiBBbmQgaG93 IGV4YWN0bHkgZG8gdGhpbmdzIHdvcmsgaWYgdXNlZCBsZW5ndGgKPiA+ID4gPiA+ID4gPiBpcyB3 cm9uZz8KPiA+ID4gPiA+ID4KPiA+ID4gPiA+ID4gQXNzdW1pbmcgdGhlIGRldmljZSBpcyBtYWxp Y2lvdXMsIGl0IHdvdWxkIGJlIHZlcnkgaGFyZCB0byBhbnN3ZXIuCj4gPiA+ID4gPiA+IEF1ZGl0 aW5nIGFuZCBmdXp6aW5nIHdvbid0IGNvdmVyIGV2ZXJ5IGNhc2UuIEluc3RlYWQgb2YgdHJ5aW5n IHRvIHNlZWsKPiA+ID4gPiA+ID4gdGhlIGFuc3dlciwgd2UgY2FuIHNpbXBseSBtYWtlIHN1cmUg dGhlIHVzZWQgaW4gYnVmZmVyIGxlbmd0aCBpcwo+ID4gPiA+ID4gPiB2YWxpZGF0ZWQgdGhlbiB3 ZSBrbm93IHdlJ3JlIGZpbmUgb3Igbm90Lgo+ID4gPiA+ID4KPiA+ID4gPiA+IFRvIHJlc3RhdGUg dGhlIHF1ZXN0aW9uLCB5b3Ugc2FpZCBhYm92ZSAic29tZSBsZWdhY3kgZGV2aWNlcyBhcmUga25v d24KPiA+ID4gPiA+IHRvIHJlcG9ydCBidWdneSB1c2VkIGxlbmd0aCIuIElmIHRoZXkgcmVwb3J0 IGJ1Z2d5IGxlbmd0aCB0aGVuIGhvdwo+ID4gPiA+ID4gY2FuIHRoaW5ncyB3b3JrPwo+ID4gPiA+ Cj4gPiA+ID4gVGhlIHZhbGlkYXRpb24gaXMgZGlzYWJsZWQgZm9yIGxlZ2FjeSBkZXZpY2UgKGFz IHN0YXRlZCBpbiB0aGUgY2hhbmdlbG9nKToKPiA+ID4gPgo+ID4gPiA+IHN0YXRpYyBib29sIHZy aW5nX25lZWRzX3VzZWRfdmFsaWRhdGlvbihjb25zdCBzdHJ1Y3QgdmlydGlvX2RldmljZSAqdmRl dikKPiA+ID4gPiB7Cj4gPiA+ID4gICAgICAgICAvKgo+ID4gPiA+ICAgICAgICAgICogU2V2ZXJh bCBsZWdhY3kgZGV2aWNlcyBhcmUga25vd24gdG8gcHJvZHVjZSBidWdneSB1c2VkCj4gPiA+ID4g ICAgICAgICAgKiBsZW5ndGguIEluIG9yZGVyIHRvIGxldCBkcml2ZXIgd29yaywgd2Ugd29uJ3Qg dmFsaWRhdGUgdXNlZAo+ID4gPiA+ICAgICAgICAgICogYnVmZmVyIGxlbmd0aCBpbiB0aGlzIGNh c2UuCj4gPiA+ID4gICAgICAgICAgKi8KPiA+ID4gPiAgICAgICAgIGlmICghdmlydGlvX2hhc19m ZWF0dXJlKHZkZXYsIFZJUlRJT19GX1ZFUlNJT05fMSkpCj4gPiA+ID4gICAgICAgICAgICAgICAg IHJldHVybiBmYWxzZTsKPiA+ID4gPiAgICAgICAgIGlmIChmb3JjZV91c2VkX3ZhbGlkYXRpb24p Cj4gPiA+ID4gICAgICAgICAgICAgICAgIHJldHVybiB0cnVlOwo+ID4gPiA+ICAgICAgICAgcmV0 dXJuIGZhbHNlOwo+ID4gPiA+IH0KPiA+ID4gPgo+ID4gPiA+IFRoaXMgc2VlbXMgdG8gYmUgd2hh dCB3ZSd2ZSBhZ3JlZWQgaW4gbGFzdCB2ZXJzaW9uOgo+ID4gPiA+Cj4gPiA+ID4gaHR0cHM6Ly9s b3JlLmtlcm5lbC5vcmcvYWxsL0NBTkxzWWt4ZmhhbVVVMGJiNGo3eTZONF9HOW9kS3hMQ2pYeGdY RXg0U0o2X0tmK00yUUBtYWlsLmdtYWlsLmNvbS9ULyNtMzFmM2IwNmY5MDMyYmVlYzE3NWMzMTJk ZmEyNTMyY2IwOGIxNWM1Ngo+ID4gPiA+Cj4gPiA+ID4gVGhhbmtzCj4gPiA+ID4KPiA+ID4KPiA+ ID4gSSBkb24ndCBnZXQgaXQuIFlvdSB3cm90ZToKPiA+ID4KPiA+ID4gICAgICAgICBUaGlzIHZh bGlkYXRpb24gaXMgZGlzYWJsZQo+ID4gPiAgICAgICAgIGJ5IGRlZmF1bHQgdmlhIG1vZHVsZSBw YXJhbWV0ZXIgdG8gdW5icmVhawo+ID4gPiAgICAgICAgIHNvbWUgZXhpc3RpbmcgZGV2aWNlcyBz aW5jZSBzb21lIGxlZ2FjeSBkZXZpY2VzIGFyZSBrbm93biB0byByZXBvcnQKPiA+ID4gICAgICAg ICBidWdneSB1c2VkIGxlbmd0aC4KPiA+ID4KPiA+ID4gd2hpY2ggZGV2aWNlcz8KPiA+Cj4gPiBs ZWdhY3kgcnBtc2cgYW5kIHZzb2NrIGRldmljZSAoYmVmb3JlIDQ5ZDhjNWZmYWQwNykgYXQgbGVh c3QuCj4gPgo+ID4gPiB3aHkgZG8geW91IG5lZWQgYSBtb2R1bGUgcGFyYW1ldGVyPwo+ID4KPiA+ IElmIHdlIGVuYWJsZSBpdCB1bmNvbmRpdGlvbmFsbHkgZm9yIG1vZGVybiBkZXZpY2VzLCBpdCBt YXkgYnJlYWsgc29tZQo+ID4gYnVnZ3kgbW9kZW4gZGV2aWNlICh2c29jayB3aXRob3V0IGEgZml4 IGFzIGFuIGV4YW1wbGUpLgo+ID4KPiA+ID4KPiA+ID4KPiA+ID4gPiA+Cj4gPiA+ID4gPiA+ID4g U2Vjb25kIHdoYXQncyB3cm9uZyB3aXRoIGRtYV9kZXNjX2V4dHJhIHRoYXQgd2UgYWxyZWFkeSBt YWludGFpbj8KPiA+ID4gPiA+ID4gPiBUaGlyZCBtb3RpdmF0aW9uIC0gaXQncyBwYXJ0IGFuZCBw YXJjZWwgb2YgdGhlIGhhcmRlbmluZyBlZmZvcnQgeWVzPwo+ID4gPiA+ID4gPgo+ID4gPiA+ID4g PiBUaGV5IGFyZSBkaWZmZXJlbnQuIGRtYV9kZXNjX2V4dHJhIGlzIGZvciBhIGRlc2NyaXB0b3Ig cmluZywgYnV0IHRoaXMKPiA+ID4gPiA+ID4gaXMgZm9yIGEgdXNlZCByaW5nLiBUZWNobmljYWxs eSB3ZSBjYW4gZ28gYmFjayB0byBpdGVyYXRlIG9uIHRoZQo+ID4gPiA+ID4gPiBkZXNjcmlwdG9y IHJpbmcgZm9yIGEgbGVnYWwgdXNlZCBpbiBidWZmZXIgbGVuZ3RoLiBCdXQgaXQgd2lsbCBoYXZl Cj4gPiA+ID4gPiA+IHdvcnNlIHBlcmZvcm1hbmNlLgo+ID4gPiA+ID4KPiA+ID4gPiA+IEkgZG9u J3QgcmVhbGx5IHVuZGVyc3RhbmQuIFdlIGFscmVhZHkgaXRlcmF0ZSB3aGVuIHdlIHVubWFwIC0K PiA+ID4gPiA+IGFsbCB0aGF0IGlzIG5lY2Vzc2FyeSBpcyB0byBzdWJ0cmFjdCBpdCBmcm9tIHVz ZWQgbGVuZ3RoLCBpZiBhdAo+ID4gPiA+ID4gdGhlIGVuZCBvZiB0aGUgcHJvY2VzcyBpdCBpcyA+ MCB0aGVuIHdlIGtub3cgdXNlZCBsZW5ndGggaXMgdG9vCj4gPiA+ID4gPiBsYXJnZS4KPiA+ID4g Pgo+ID4gPiA+IFllcywgYnV0IGl0IGlzIHRoZSBqb2IgdGhhdCBpcyBkb25lIGluIHRoZSBkcml2 ZXIgbGV2ZWwgbm90IHRoZSB2aXJ0aW8KPiA+ID4gPiBjb3JlLgo+ID4gPgo+ID4gPiBXaGF0IGpv Yj8KPiA+Cj4gPiBJIG1lYW50IHRoZSBkcml2ZXIgY2FuIGRvIHRoZSB2YWxpZGF0aW9uIHNpbmNl IGl0IGhhcyB0aGUga25vd2xlZGdlIG9mCj4gPiB0aGUgYnVmZmVyIGxlbmd0aCBpZiBpdCB3YW50 cy4KPiA+Cj4gPiA+IHVubWFwIGlzIGRvbmUgaW4gZGV0YWNoX2J1Zl9zcGxpdCBhbmQgZGV0YWNo X2J1Zl9wYWNrZWQgcmVzcGVjdGl2ZWx5Lgo+ID4gPiB2cmluZ19kZXNjX2V4dHJhIGlzbid0IGV2 ZW4gdmlzaWJsZSBvdXRzaWRlIGRyaXZlcnMvdmlydGlvL3ZpcnRpb19yaW5nLmMKPiA+Cj4gPiBk ZXNjX2V4dHJhIGRvZXNuJ3QgY29udGFpbiBidWZmZXIgbGVuZ3RoIGZvciB0aGUgY2FzZSBvZiBp bmRpcmVjdAo+ID4gZGVzY3JpcHRvcnMuIFNvIHdlIG5lZWQgdG8gaXRlcmF0ZSBpbiB0aGUgZGVz Y3JpcHRvcnMgd2hlbiBpdCBsb29rcwo+ID4gZXhwZW5zaXZlIGlmIHdlIGRvbid0IG5lZWQgdW5t YXAuCj4gPgo+ID4gVGhhbmtzCj4gPgo+ID4gPgo+ID4gPiBGb3IgZHJpdmVycyB0aGF0IGRvIHVu bWFwIGF0IGRyaXZlciBsZXZlbCAtIEkgZ3Vlc3MgdGhleSBjYW4gZG8KPiA+ID4gdmFsaWRhdGlv biB0aGVyZSB0b28uCj4gPiA+Cj4gPiA+ID4gVmFsaWRhdGlvbiBpbiB2aXJ0aW8gY29yZSBpcyBz dGlsbCBuZWNlc3Nhcnkgc2luY2UgdGhleSdyZQo+ID4gPiA+IHdvcmtpbmcgYXQgZGlmZmVyZW50 IGxldmVscyBhbmQgaXQncyBoYXJkIHRvIGZvcmNlIHRoZSB2YWxpZGF0aW9uIGluCj4gPiA+ID4g YWxsIGRyaXZlcnMgYnkgY29kZXMuIExhc3QgdmVyc2lvbiBpbnRyb2R1Y2VzIGEKPiA+ID4gPiBz dXBwcmVzc19kcml2ZXJfdmFsaWRhdGlvbiB0byBhbGxvdyB0aGUgZHJpdmVyIHRvIHN1cHByZXNz IHRoZSBjb3JlCj4gPiA+ID4gdmFsaWRhdGlvbiB3aGljaCBzZWVtcyBub3QgZ29vZCwgd2UgbmVl ZCBhIHdheSB0byBmb3JjZSB0aGUKPiA+ID4gPiB2aXJ0aW9fcmluZyBjb2RlIHRvIGRvIHZhbGlk YXRpb24gYmVmb3JlLgo+ID4gPgo+ID4gPiBXaHkgZG8gd2U/IElmIGRyaXZlciB2YWxpZGF0ZXMg bGVuZ3RoIHZpcnRpb19yaW5nIGRvZXMgbm90IG5lZWQgdG8KPiA+ID4gdmFsaWRhdGUuCj4gCj4g VG8gYmUgbW9yZSBzYWZlLCB0aGVyZSdzIG5vIGd1YXJhbnRlZSB0aGF0IHRoZXJlJ3Mgbm8gYnVn IGluIHRoZSBkcml2ZXIuCgpFeHRyYSBvcHRpb25zIGluY3JlYXNlIHRlc3RpbmcgbWF0cml4IHNp emUgc28gLSB0aGVyZSBiZSBidWdzLgpXZSBuZWVkIHRvIG1ha2UgdGhlc2UgZGVjaXNpb25zIGZv ciAobW9zdCkgdXNlcnMuCgo+ID4gIElmIGRyaXZlciBkb2VzIG5vdCB1c2UgbGVuZ3RoIHZpcnRp b19yaW5nIGRvZXMgbm90IG5lZWQgdG8KPiA+ID4gdmFsaWRhdGUuCj4gCj4gVGhpcyBjb3VsZCBi ZSBkb25lIG9uIHRvcCBhc3N1bWluZyB0aGUgdmFsaWRhdGlvbiBpcyBkaXNhYmxlZCBieQo+IGRl ZmF1bHQuIEJ1dCBpZiB0aGUgYWRtaW5pc3RyYXRvciB3YW50cyB0byBoYXZlIGJlbHQgYW5kIGJy YWNlcyB3ZQo+IG5lZWQgdG8gbGVhdmUgYW4gb3B0aW9uIGZvciB0aGVtLgo+IAo+IFRoYW5rcwoK Tm8sIHdlIGRvbid0IHJlZ3Jlc3MgdGhlbiBmaXggb24gdG9wLgpBcyBmb3IgbW9kIHBhcmFtZXRl ciBJIGFtIG5vdCBpbXByZXNzZWQgLQpubyBvbmUncyBnb2luZyB0byBoYXZlIHRoZSB0aW1lIG9y IGluY2xpbmF0aW9uIHRvIGRvIHRoZSByZXF1aXNpdGUKdGVzdGluZyB0byBrbm93IHdoZXRoZXIg dGhlIG1vZHVsZSBwYXJhbWV0ZXIgaXMgc2FmZS4KCj4gPiBjb3JlIGNhbiBwcm92aWRlIHRoaXMg c2VydmljZSBmb3IgdGhlIGdhemlsbGlvbiBub24KPiA+ID4gcGVyZm9ybWFuY2UgY3JpdGljYWwg ZHJpdmVycyB0aGF0IGp1c3Qgd2FudCB0byBrZWVwIHRoaW5ncyBzaW1wbGUsCj4gPiA+IGJ1dCB0 aGUgNC01IGNyaXRpY2FsIG9uZXMgY2FuIGRvIHRoZWlyIG93biB2YWxpZGF0aW9uIGlmIHRoZXkg d2FudCB0by4KPiA+ID4KPiA+ID4gPiBPciBzdWNoIHN0dWZmIGNvdWxkIGJlIGFkZGVkCj4gPiA+ ID4gb24gdG9wIHNpbmNlIHRoZSB2YWxpZGF0aW9uIGlzIGJ5IGRlZmF1bHQgYW55d2F5Lgo+ID4g PiA+Cj4gPiA+ID4gVGhhbmtzCj4gPiA+Cj4gPiA+Cj4gPiA+Cj4gPiA+ID4gPgo+ID4gPiA+ID4K PiA+ID4gPiA+ID4gPiBJJ2QgbGlrZSB0byBrbm93IHRoZSBmYXRlIG9mIFZJUlRJT19IQVJERU5f Tk9USUZJQ0FUSU9OIGJlZm9yZQo+ID4gPiA+ID4gPiA+IHdlIGRvIG1vcmUgaGFyZGVuaW5nLiBJ ZiBpdCdzIGlycmV2b2NhYmx5IGJyb2tlbiBsZXQncyByaXAgaXQgb3V0Pwo+ID4gPiA+ID4gPgo+ ID4gPiA+ID4gPiBTbyB0aGUgcGxhbiBpcwo+ID4gPiA+ID4gPgo+ID4gPiA+ID4gPiAxKSBmaW5p c2ggdXNlZCByaW5nIHZhbGlkYXRpb24gKHRoaXMgaGFkIGJlZW4gcHJvcG9zZWQsIG1lcmdlZCBh bmQKPiA+ID4gPiA+ID4gcmV2ZXJ0ZWQgYmVmb3JlIG5vdGlmaWNhdGlvbiBoYXJkZW5pbmcpCj4g PiA+ID4gPiA+IDIpIGRvIG5vdGlmaWNhdGlvbiBoYXJkZW5pbmcgb24gdG9wLgo+ID4gPiA+ID4g Pgo+ID4gPiA+ID4gPiBTbyBsZXQncyBsZWF2ZSBpdCBhcyBpcyBhbmQgSSB3aWxsIGRvIGEgcmV3 b3JrIGFmdGVyIHdlIGZpbmFsaXplIHRoZQo+ID4gPiA+ID4gPiB1c2VkIHJpbmcgdmFsaWRhdGlv bi4KPiA+ID4gPiA+ID4KPiA+ID4gPiA+ID4gVGhhbmtzCj4gPiA+ID4gPiA+Cj4gPiA+ID4gPiA+ ID4KPiA+ID4gPiA+ID4gPgo+ID4gPiA+ID4gPiA+ID4gLS0tCj4gPiA+ID4gPiA+ID4gPiBDaGFu Z2VzIHNpbmNlIFY0Ogo+ID4gPiA+ID4gPiA+ID4gLSBkcm9wIHRoZSBmbGF0IGZvciBkcml2ZXIg dG8gc3VwcHJlc3MgdGhlIGNoZWNrCj4gPiA+ID4gPiA+ID4gPiAtIHZhbGlkYXRpb24gaXMgZGlz YWJsZWQgYnkgZGVmYXVsdAo+ID4gPiA+ID4gPiA+ID4gLSBkb24ndCBkbyB2YWxpZGF0aW9uIGZv ciBsZWdhY3kgZGV2aWNlCj4gPiA+ID4gPiA+ID4gPiAtIHJlYmFzZSBhbmQgc3VwcG9ydCB2aXJ0 cXVldWUgcmVzaXplCj4gPiA+ID4gPiA+ID4gPiAtLS0KPiA+ID4gPiA+ID4gPiA+ICBkcml2ZXJz L3ZpcnRpby92aXJ0aW9fcmluZy5jIHwgNzUgKysrKysrKysrKysrKysrKysrKysrKysrKysrKysr KysrKysrCj4gPiA+ID4gPiA+ID4gPiAgMSBmaWxlIGNoYW5nZWQsIDc1IGluc2VydGlvbnMoKykK PiA+ID4gPiA+ID4gPiA+Cj4gPiA+ID4gPiA+ID4gPiBkaWZmIC0tZ2l0IGEvZHJpdmVycy92aXJ0 aW8vdmlydGlvX3JpbmcuYyBiL2RyaXZlcnMvdmlydGlvL3ZpcnRpb19yaW5nLmMKPiA+ID4gPiA+ ID4gPiA+IGluZGV4IDE0M2YzODBiYWExYy4uNWIxNTE2MDVhYWY4IDEwMDY0NAo+ID4gPiA+ID4g PiA+ID4gLS0tIGEvZHJpdmVycy92aXJ0aW8vdmlydGlvX3JpbmcuYwo+ID4gPiA+ID4gPiA+ID4g KysrIGIvZHJpdmVycy92aXJ0aW8vdmlydGlvX3JpbmcuYwo+ID4gPiA+ID4gPiA+ID4gQEAgLTE1 LDYgKzE1LDkgQEAKPiA+ID4gPiA+ID4gPiA+ICAjaW5jbHVkZSA8bGludXgvc3BpbmxvY2suaD4K PiA+ID4gPiA+ID4gPiA+ICAjaW5jbHVkZSA8eGVuL3hlbi5oPgo+ID4gPiA+ID4gPiA+ID4KPiA+ ID4gPiA+ID4gPiA+ICtzdGF0aWMgYm9vbCBmb3JjZV91c2VkX3ZhbGlkYXRpb24gPSBmYWxzZTsK PiA+ID4gPiA+ID4gPiA+ICttb2R1bGVfcGFyYW0oZm9yY2VfdXNlZF92YWxpZGF0aW9uLCBib29s LCAwNDQ0KTsKPiA+ID4gPiA+ID4gPiA+ICsKPiA+ID4gPiA+ID4gPiA+ICAjaWZkZWYgREVCVUcK PiA+ID4gPiA+ID4gPiA+ICAvKiBGb3IgZGV2ZWxvcG1lbnQsIHdlIHdhbnQgdG8gY3Jhc2ggd2hl bmV2ZXIgdGhlIHJpbmcgaXMgc2NyZXdlZC4gKi8KPiA+ID4gPiA+ID4gPiA+ICAjZGVmaW5lIEJB RF9SSU5HKF92cSwgZm10LCBhcmdzLi4uKSAgICAgICAgICAgICAgICAgICAgICAgICAgXAo+ID4g PiA+ID4gPiA+ID4gQEAgLTEwNSw2ICsxMDgsOSBAQCBzdHJ1Y3QgdnJpbmdfdmlydHF1ZXVlX3Nw bGl0IHsKPiA+ID4gPiA+ID4gPiA+ICAgICAgIHN0cnVjdCB2cmluZ19kZXNjX3N0YXRlX3NwbGl0 ICpkZXNjX3N0YXRlOwo+ID4gPiA+ID4gPiA+ID4gICAgICAgc3RydWN0IHZyaW5nX2Rlc2NfZXh0 cmEgKmRlc2NfZXh0cmE7Cj4gPiA+ID4gPiA+ID4gPgo+ID4gPiA+ID4gPiA+ID4gKyAgICAgLyog TWF4aW11bSBpbiBidWZmZXIgbGVuZ3RoLCBOVUxMIG1lYW5zIG5vIHVzZWQgdmFsaWRhdGlvbiAq Lwo+ID4gPiA+ID4gPiA+ID4gKyAgICAgdTMyICpidWZsZW47Cj4gPiA+ID4gPiA+ID4gPiArCj4g PiA+ID4gPiA+ID4gPiAgICAgICAvKiBETUEgYWRkcmVzcyBhbmQgc2l6ZSBpbmZvcm1hdGlvbiAq Lwo+ID4gPiA+ID4gPiA+ID4gICAgICAgZG1hX2FkZHJfdCBxdWV1ZV9kbWFfYWRkcjsKPiA+ID4g PiA+ID4gPiA+ICAgICAgIHNpemVfdCBxdWV1ZV9zaXplX2luX2J5dGVzOwo+ID4gPiA+ID4gPiA+ ID4gQEAgLTE0NSw2ICsxNTEsOSBAQCBzdHJ1Y3QgdnJpbmdfdmlydHF1ZXVlX3BhY2tlZCB7Cj4g PiA+ID4gPiA+ID4gPiAgICAgICBzdHJ1Y3QgdnJpbmdfZGVzY19zdGF0ZV9wYWNrZWQgKmRlc2Nf c3RhdGU7Cj4gPiA+ID4gPiA+ID4gPiAgICAgICBzdHJ1Y3QgdnJpbmdfZGVzY19leHRyYSAqZGVz Y19leHRyYTsKPiA+ID4gPiA+ID4gPiA+Cj4gPiA+ID4gPiA+ID4gPiArICAgICAvKiBNYXhpbXVt IGluIGJ1ZmZlciBsZW5ndGgsIE5VTEwgbWVhbnMgbm8gdXNlZCB2YWxpZGF0aW9uICovCj4gPiA+ ID4gPiA+ID4gPiArICAgICB1MzIgKmJ1ZmxlbjsKPiA+ID4gPiA+ID4gPiA+ICsKPiA+ID4gPiA+ ID4gPiA+ICAgICAgIC8qIERNQSBhZGRyZXNzIGFuZCBzaXplIGluZm9ybWF0aW9uICovCj4gPiA+ ID4gPiA+ID4gPiAgICAgICBkbWFfYWRkcl90IHJpbmdfZG1hX2FkZHI7Cj4gPiA+ID4gPiA+ID4g PiAgICAgICBkbWFfYWRkcl90IGRyaXZlcl9ldmVudF9kbWFfYWRkcjsKPiA+ID4gPiA+ID4gPiA+ IEBAIC01NTIsNiArNTYxLDcgQEAgc3RhdGljIGlubGluZSBpbnQgdmlydHF1ZXVlX2FkZF9zcGxp dChzdHJ1Y3QgdmlydHF1ZXVlICpfdnEsCj4gPiA+ID4gPiA+ID4gPiAgICAgICB1bnNpZ25lZCBp bnQgaSwgbiwgYXZhaWwsIGRlc2NzX3VzZWQsIHByZXYsIGVycl9pZHg7Cj4gPiA+ID4gPiA+ID4g PiAgICAgICBpbnQgaGVhZDsKPiA+ID4gPiA+ID4gPiA+ICAgICAgIGJvb2wgaW5kaXJlY3Q7Cj4g PiA+ID4gPiA+ID4gPiArICAgICB1MzIgYnVmbGVuID0gMDsKPiA+ID4gPiA+ID4gPiA+Cj4gPiA+ ID4gPiA+ID4gPiAgICAgICBTVEFSVF9VU0UodnEpOwo+ID4gPiA+ID4gPiA+ID4KPiA+ID4gPiA+ ID4gPiA+IEBAIC02MzUsNiArNjQ1LDcgQEAgc3RhdGljIGlubGluZSBpbnQgdmlydHF1ZXVlX2Fk ZF9zcGxpdChzdHJ1Y3QgdmlydHF1ZXVlICpfdnEsCj4gPiA+ID4gPiA+ID4gPiAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBWUklOR19ERVNDX0ZfTkVY VCB8Cj4gPiA+ID4gPiA+ID4gPiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICBWUklOR19ERVNDX0ZfV1JJVEUsCj4gPiA+ID4gPiA+ID4gPiAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBpbmRpcmVjdCk7Cj4g PiA+ID4gPiA+ID4gPiArICAgICAgICAgICAgICAgICAgICAgYnVmbGVuICs9IHNnLT5sZW5ndGg7 Cj4gPiA+ID4gPiA+ID4gPiAgICAgICAgICAgICAgIH0KPiA+ID4gPiA+ID4gPiA+ICAgICAgIH0K PiA+ID4gPiA+ID4gPiA+ICAgICAgIC8qIExhc3Qgb25lIGRvZXNuJ3QgY29udGludWUuICovCj4g PiA+ID4gPiA+ID4gPiBAQCAtNjc1LDYgKzY4NiwxMCBAQCBzdGF0aWMgaW5saW5lIGludCB2aXJ0 cXVldWVfYWRkX3NwbGl0KHN0cnVjdCB2aXJ0cXVldWUgKl92cSwKPiA+ID4gPiA+ID4gPiA+ICAg ICAgIGVsc2UKPiA+ID4gPiA+ID4gPiA+ICAgICAgICAgICAgICAgdnEtPnNwbGl0LmRlc2Nfc3Rh dGVbaGVhZF0uaW5kaXJfZGVzYyA9IGN0eDsKPiA+ID4gPiA+ID4gPiA+Cj4gPiA+ID4gPiA+ID4g PiArICAgICAvKiBTdG9yZSBpbiBidWZmZXIgbGVuZ3RoIGlmIG5lY2Vzc2FyeSAqLwo+ID4gPiA+ ID4gPiA+ID4gKyAgICAgaWYgKHZxLT5zcGxpdC5idWZsZW4pCj4gPiA+ID4gPiA+ID4gPiArICAg ICAgICAgICAgIHZxLT5zcGxpdC5idWZsZW5baGVhZF0gPSBidWZsZW47Cj4gPiA+ID4gPiA+ID4g PiArCj4gPiA+ID4gPiA+ID4gPiAgICAgICAvKiBQdXQgZW50cnkgaW4gYXZhaWxhYmxlIGFycmF5 IChidXQgZG9uJ3QgdXBkYXRlIGF2YWlsLT5pZHggdW50aWwgdGhleQo+ID4gPiA+ID4gPiA+ID4g ICAgICAgICogZG8gc3luYykuICovCj4gPiA+ID4gPiA+ID4gPiAgICAgICBhdmFpbCA9IHZxLT5z cGxpdC5hdmFpbF9pZHhfc2hhZG93ICYgKHZxLT5zcGxpdC52cmluZy5udW0gLSAxKTsKPiA+ID4g PiA+ID4gPiA+IEBAIC04NjEsNiArODc2LDExIEBAIHN0YXRpYyB2b2lkICp2aXJ0cXVldWVfZ2V0 X2J1Zl9jdHhfc3BsaXQoc3RydWN0IHZpcnRxdWV1ZSAqX3ZxLAo+ID4gPiA+ID4gPiA+ID4gICAg ICAgICAgICAgICBCQURfUklORyh2cSwgImlkICV1IGlzIG5vdCBhIGhlYWQhXG4iLCBpKTsKPiA+ ID4gPiA+ID4gPiA+ICAgICAgICAgICAgICAgcmV0dXJuIE5VTEw7Cj4gPiA+ID4gPiA+ID4gPiAg ICAgICB9Cj4gPiA+ID4gPiA+ID4gPiArICAgICBpZiAodnEtPnNwbGl0LmJ1ZmxlbiAmJiB1bmxp a2VseSgqbGVuID4gdnEtPnNwbGl0LmJ1ZmxlbltpXSkpIHsKPiA+ID4gPiA+ID4gPiA+ICsgICAg ICAgICAgICAgQkFEX1JJTkcodnEsICJ1c2VkIGxlbiAlZCBpcyBsYXJnZXIgdGhhbiBtYXggaW4g YnVmZmVyIGxlbiAldVxuIiwKPiA+ID4gPiA+ID4gPiA+ICsgICAgICAgICAgICAgICAgICAgICAq bGVuLCB2cS0+c3BsaXQuYnVmbGVuW2ldKTsKPiA+ID4gPiA+ID4gPiA+ICsgICAgICAgICAgICAg cmV0dXJuIE5VTEw7Cj4gPiA+ID4gPiA+ID4gPiArICAgICB9Cj4gPiA+ID4gPiA+ID4gPgo+ID4g PiA+ID4gPiA+ID4gICAgICAgLyogZGV0YWNoX2J1Zl9zcGxpdCBjbGVhcnMgZGF0YSwgc28gZ3Jh YiBpdCBub3cuICovCj4gPiA+ID4gPiA+ID4gPiAgICAgICByZXQgPSB2cS0+c3BsaXQuZGVzY19z dGF0ZVtpXS5kYXRhOwo+ID4gPiA+ID4gPiA+ID4gQEAgLTEwODUsMTAgKzExMDUsMjUgQEAgc3Rh dGljIHZvaWQgdnJpbmdfZnJlZV9zcGxpdChzdHJ1Y3QgdnJpbmdfdmlydHF1ZXVlX3NwbGl0ICp2 cmluZ19zcGxpdCwKPiA+ID4gPiA+ID4gPiA+ICAgICAgICAgICAgICAgICAgICAgICAgdnJpbmdf c3BsaXQtPnF1ZXVlX2RtYV9hZGRyLAo+ID4gPiA+ID4gPiA+ID4gICAgICAgICAgICAgICAgICAg ICAgICBkbWFfZGV2KTsKPiA+ID4gPiA+ID4gPiA+Cj4gPiA+ID4gPiA+ID4gPiArICAgICBrZnJl ZSh2cmluZ19zcGxpdC0+YnVmbGVuKTsKPiA+ID4gPiA+ID4gPiA+ICAgICAgIGtmcmVlKHZyaW5n X3NwbGl0LT5kZXNjX3N0YXRlKTsKPiA+ID4gPiA+ID4gPiA+ICAgICAgIGtmcmVlKHZyaW5nX3Nw bGl0LT5kZXNjX2V4dHJhKTsKPiA+ID4gPiA+ID4gPiA+ICB9Cj4gPiA+ID4gPiA+ID4gPgo+ID4g PiA+ID4gPiA+ID4gK3N0YXRpYyBib29sIHZyaW5nX25lZWRzX3VzZWRfdmFsaWRhdGlvbihjb25z dCBzdHJ1Y3QgdmlydGlvX2RldmljZSAqdmRldikKPiA+ID4gPiA+ID4gPiA+ICt7Cj4gPiA+ID4g PiA+ID4gPiArICAgICAvKgo+ID4gPiA+ID4gPiA+ID4gKyAgICAgICogU2V2ZXJhbCBsZWdhY3kg ZGV2aWNlcyBhcmUga25vd24gdG8gcHJvZHVjZSBidWdneSB1c2VkCj4gPiA+ID4gPiA+ID4gPiAr ICAgICAgKiBsZW5ndGguIEluIG9yZGVyIHRvIGxldCBkcml2ZXIgd29yaywgd2Ugd29uJ3QgdmFs aWRhdGUgdXNlZAo+ID4gPiA+ID4gPiA+ID4gKyAgICAgICogYnVmZmVyIGxlbmd0aCBpbiB0aGlz IGNhc2UuCj4gPiA+ID4gPiA+ID4gPiArICAgICAgKi8KPiA+ID4gPiA+ID4gPiA+ICsgICAgIGlm ICghdmlydGlvX2hhc19mZWF0dXJlKHZkZXYsIFZJUlRJT19GX1ZFUlNJT05fMSkpCj4gPiA+ID4g PiA+ID4gPiArICAgICAgICAgICAgIHJldHVybiBmYWxzZTsKPiA+ID4gPiA+ID4gPiA+ICsgICAg IGlmIChmb3JjZV91c2VkX3ZhbGlkYXRpb24pCj4gPiA+ID4gPiA+ID4gPiArICAgICAgICAgICAg IHJldHVybiB0cnVlOwo+ID4gPiA+ID4gPiA+ID4gKyAgICAgcmV0dXJuIGZhbHNlOwo+ID4gPiA+ ID4gPiA+ID4gK30KPiA+ID4gPiA+ID4gPiA+ICsKPiA+ID4gPiA+ID4gPiA+ICBzdGF0aWMgaW50 IHZyaW5nX2FsbG9jX3F1ZXVlX3NwbGl0KHN0cnVjdCB2cmluZ192aXJ0cXVldWVfc3BsaXQgKnZy aW5nX3NwbGl0LAo+ID4gPiA+ID4gPiA+ID4gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgc3RydWN0IHZpcnRpb19kZXZpY2UgKnZkZXYsCj4gPiA+ID4gPiA+ID4gPiAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICB1MzIgbnVtLAo+ID4gPiA+ID4gPiA+ID4gQEAgLTExMzcs NyArMTE3MiwxOSBAQCBzdGF0aWMgaW50IHZyaW5nX2FsbG9jX3F1ZXVlX3NwbGl0KHN0cnVjdCB2 cmluZ192aXJ0cXVldWVfc3BsaXQgKnZyaW5nX3NwbGl0LAo+ID4gPiA+ID4gPiA+ID4gICAgICAg dnJpbmdfc3BsaXQtPnZyaW5nX2FsaWduID0gdnJpbmdfYWxpZ247Cj4gPiA+ID4gPiA+ID4gPiAg ICAgICB2cmluZ19zcGxpdC0+bWF5X3JlZHVjZV9udW0gPSBtYXlfcmVkdWNlX251bTsKPiA+ID4g PiA+ID4gPiA+Cj4gPiA+ID4gPiA+ID4gPiArICAgICBpZiAodnJpbmdfbmVlZHNfdXNlZF92YWxp ZGF0aW9uKHZkZXYpKSB7Cj4gPiA+ID4gPiA+ID4gPiArICAgICAgICAgICAgIHZyaW5nX3NwbGl0 LT5idWZsZW4gPQo+ID4gPiA+ID4gPiA+ID4gKyAgICAgICAgICAgICAgICAgICAgIGttYWxsb2Nf YXJyYXkobnVtLCBzaXplb2YoKnZyaW5nX3NwbGl0LT5idWZsZW4pLAo+ID4gPiA+ID4gPiA+ID4g KyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgR0ZQX0tFUk5FTCk7Cj4gPiA+ID4g PiA+ID4gPiArICAgICAgICAgICAgIGlmICghdnJpbmdfc3BsaXQtPmJ1ZmxlbikKPiA+ID4gPiA+ ID4gPiA+ICsgICAgICAgICAgICAgICAgICAgICBnb3RvIGVycl9idWZsZW47Cj4gPiA+ID4gPiA+ ID4gPiArICAgICB9Cj4gPiA+ID4gPiA+ID4gPiArCj4gPiA+ID4gPiA+ID4gPiAgICAgICByZXR1 cm4gMDsKPiA+ID4gPiA+ID4gPiA+ICsKPiA+ID4gPiA+ID4gPiA+ICtlcnJfYnVmbGVuOgo+ID4g PiA+ID4gPiA+ID4gKyAgICAgdnJpbmdfZnJlZV9zcGxpdCh2cmluZ19zcGxpdCwgdmRldiwgZG1h X2Rldik7Cj4gPiA+ID4gPiA+ID4gPiArICAgICByZXR1cm4gLUVOT01FTTsKPiA+ID4gPiA+ID4g PiA+ICB9Cj4gPiA+ID4gPiA+ID4gPgo+ID4gPiA+ID4gPiA+ID4gIHN0YXRpYyBzdHJ1Y3Qgdmly dHF1ZXVlICp2cmluZ19jcmVhdGVfdmlydHF1ZXVlX3NwbGl0KAo+ID4gPiA+ID4gPiA+ID4gQEAg LTEyOTcsNiArMTM0NCw3IEBAIHN0YXRpYyBpbnQgdmlydHF1ZXVlX2FkZF9pbmRpcmVjdF9wYWNr ZWQoc3RydWN0IHZyaW5nX3ZpcnRxdWV1ZSAqdnEsCj4gPiA+ID4gPiA+ID4gPiAgICAgICB1bnNp Z25lZCBpbnQgaSwgbiwgZXJyX2lkeDsKPiA+ID4gPiA+ID4gPiA+ICAgICAgIHUxNiBoZWFkLCBp ZDsKPiA+ID4gPiA+ID4gPiA+ICAgICAgIGRtYV9hZGRyX3QgYWRkcjsKPiA+ID4gPiA+ID4gPiA+ ICsgICAgIHUzMiBidWZsZW4gPSAwOwo+ID4gPiA+ID4gPiA+ID4KPiA+ID4gPiA+ID4gPiA+ICAg ICAgIGhlYWQgPSB2cS0+cGFja2VkLm5leHRfYXZhaWxfaWR4Owo+ID4gPiA+ID4gPiA+ID4gICAg ICAgZGVzYyA9IGFsbG9jX2luZGlyZWN0X3BhY2tlZCh0b3RhbF9zZywgZ2ZwKTsKPiA+ID4gPiA+ ID4gPiA+IEBAIC0xMzI1LDYgKzEzNzMsOCBAQCBzdGF0aWMgaW50IHZpcnRxdWV1ZV9hZGRfaW5k aXJlY3RfcGFja2VkKHN0cnVjdCB2cmluZ192aXJ0cXVldWUgKnZxLAo+ID4gPiA+ID4gPiA+ID4g ICAgICAgICAgICAgICAgICAgICAgIGRlc2NbaV0uYWRkciA9IGNwdV90b19sZTY0KGFkZHIpOwo+ ID4gPiA+ID4gPiA+ID4gICAgICAgICAgICAgICAgICAgICAgIGRlc2NbaV0ubGVuID0gY3B1X3Rv X2xlMzIoc2ctPmxlbmd0aCk7Cj4gPiA+ID4gPiA+ID4gPiAgICAgICAgICAgICAgICAgICAgICAg aSsrOwo+ID4gPiA+ID4gPiA+ID4gKyAgICAgICAgICAgICAgICAgICAgIGlmIChuID49IG91dF9z Z3MpCj4gPiA+ID4gPiA+ID4gPiArICAgICAgICAgICAgICAgICAgICAgICAgICAgICBidWZsZW4g Kz0gc2ctPmxlbmd0aDsKPiA+ID4gPiA+ID4gPiA+ICAgICAgICAgICAgICAgfQo+ID4gPiA+ID4g PiA+ID4gICAgICAgfQo+ID4gPiA+ID4gPiA+ID4KPiA+ID4gPiA+ID4gPiA+IEBAIC0xMzc5LDYg KzE0MjksMTAgQEAgc3RhdGljIGludCB2aXJ0cXVldWVfYWRkX2luZGlyZWN0X3BhY2tlZChzdHJ1 Y3QgdnJpbmdfdmlydHF1ZXVlICp2cSwKPiA+ID4gPiA+ID4gPiA+ICAgICAgIHZxLT5wYWNrZWQu ZGVzY19zdGF0ZVtpZF0ubGFzdCA9IGlkOwo+ID4gPiA+ID4gPiA+ID4gICAgICAgdnEtPnBhY2tl ZC5kZXNjX3N0YXRlW2lkXS5wcmVtYXBwZWQgPSBwcmVtYXBwZWQ7Cj4gPiA+ID4gPiA+ID4gPgo+ ID4gPiA+ID4gPiA+ID4gKyAgICAgLyogU3RvcmUgaW4gYnVmZmVyIGxlbmd0aCBpZiBuZWNlc3Nh cnkgKi8KPiA+ID4gPiA+ID4gPiA+ICsgICAgIGlmICh2cS0+cGFja2VkLmJ1ZmxlbikKPiA+ID4g PiA+ID4gPiA+ICsgICAgICAgICAgICAgdnEtPnBhY2tlZC5idWZsZW5baWRdID0gYnVmbGVuOwo+ ID4gPiA+ID4gPiA+ID4gKwo+ID4gPiA+ID4gPiA+ID4gICAgICAgdnEtPm51bV9hZGRlZCArPSAx Owo+ID4gPiA+ID4gPiA+ID4KPiA+ID4gPiA+ID4gPiA+ICAgICAgIHByX2RlYnVnKCJBZGRlZCBi dWZmZXIgaGVhZCAlaSB0byAlcFxuIiwgaGVhZCwgdnEpOwo+ID4gPiA+ID4gPiA+ID4gQEAgLTE0 MTYsNiArMTQ3MCw3IEBAIHN0YXRpYyBpbmxpbmUgaW50IHZpcnRxdWV1ZV9hZGRfcGFja2VkKHN0 cnVjdCB2aXJ0cXVldWUgKl92cSwKPiA+ID4gPiA+ID4gPiA+ICAgICAgIF9fbGUxNiBoZWFkX2Zs YWdzLCBmbGFnczsKPiA+ID4gPiA+ID4gPiA+ICAgICAgIHUxNiBoZWFkLCBpZCwgcHJldiwgY3Vy ciwgYXZhaWxfdXNlZF9mbGFnczsKPiA+ID4gPiA+ID4gPiA+ICAgICAgIGludCBlcnI7Cj4gPiA+ ID4gPiA+ID4gPiArICAgICB1MzIgYnVmbGVuID0gMDsKPiA+ID4gPiA+ID4gPiA+Cj4gPiA+ID4g PiA+ID4gPiAgICAgICBTVEFSVF9VU0UodnEpOwo+ID4gPiA+ID4gPiA+ID4KPiA+ID4gPiA+ID4g PiA+IEBAIC0xNDk4LDYgKzE1NTMsOCBAQCBzdGF0aWMgaW5saW5lIGludCB2aXJ0cXVldWVfYWRk X3BhY2tlZChzdHJ1Y3QgdmlydHF1ZXVlICpfdnEsCj4gPiA+ID4gPiA+ID4gPiAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgIDEgPDwgVlJJTkdfUEFDS0VEX0RFU0NfRl9BVkFJ TCB8Cj4gPiA+ID4gPiA+ID4gPiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg IDEgPDwgVlJJTkdfUEFDS0VEX0RFU0NfRl9VU0VEOwo+ID4gPiA+ID4gPiA+ID4gICAgICAgICAg ICAgICAgICAgICAgIH0KPiA+ID4gPiA+ID4gPiA+ICsgICAgICAgICAgICAgICAgICAgICBpZiAo biA+PSBvdXRfc2dzKQo+ID4gPiA+ID4gPiA+ID4gKyAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgYnVmbGVuICs9IHNnLT5sZW5ndGg7Cj4gPiA+ID4gPiA+ID4gPiAgICAgICAgICAgICAgIH0K PiA+ID4gPiA+ID4gPiA+ICAgICAgIH0KPiA+ID4gPiA+ID4gPiA+Cj4gPiA+ID4gPiA+ID4gPiBA QCAtMTUxOCw2ICsxNTc1LDEwIEBAIHN0YXRpYyBpbmxpbmUgaW50IHZpcnRxdWV1ZV9hZGRfcGFj a2VkKHN0cnVjdCB2aXJ0cXVldWUgKl92cSwKPiA+ID4gPiA+ID4gPiA+ICAgICAgIHZxLT5wYWNr ZWQuZGVzY19zdGF0ZVtpZF0ubGFzdCA9IHByZXY7Cj4gPiA+ID4gPiA+ID4gPiAgICAgICB2cS0+ cGFja2VkLmRlc2Nfc3RhdGVbaWRdLnByZW1hcHBlZCA9IHByZW1hcHBlZDsKPiA+ID4gPiA+ID4g PiA+Cj4gPiA+ID4gPiA+ID4gPiArICAgICAvKiBTdG9yZSBpbiBidWZmZXIgbGVuZ3RoIGlmIG5l Y2Vzc2FyeSAqLwo+ID4gPiA+ID4gPiA+ID4gKyAgICAgaWYgKHZxLT5wYWNrZWQuYnVmbGVuKQo+ ID4gPiA+ID4gPiA+ID4gKyAgICAgICAgICAgICB2cS0+cGFja2VkLmJ1ZmxlbltpZF0gPSBidWZs ZW47Cj4gPiA+ID4gPiA+ID4gPiArCj4gPiA+ID4gPiA+ID4gPiAgICAgICAvKgo+ID4gPiA+ID4g PiA+ID4gICAgICAgICogQSBkcml2ZXIgTVVTVCBOT1QgbWFrZSB0aGUgZmlyc3QgZGVzY3JpcHRv ciBpbiB0aGUgbGlzdAo+ID4gPiA+ID4gPiA+ID4gICAgICAgICogYXZhaWxhYmxlIGJlZm9yZSBh bGwgc3Vic2VxdWVudCBkZXNjcmlwdG9ycyBjb21wcmlzaW5nCj4gPiA+ID4gPiA+ID4gPiBAQCAt MTcxOCw2ICsxNzc5LDExIEBAIHN0YXRpYyB2b2lkICp2aXJ0cXVldWVfZ2V0X2J1Zl9jdHhfcGFj a2VkKHN0cnVjdCB2aXJ0cXVldWUgKl92cSwKPiA+ID4gPiA+ID4gPiA+ICAgICAgICAgICAgICAg QkFEX1JJTkcodnEsICJpZCAldSBpcyBub3QgYSBoZWFkIVxuIiwgaWQpOwo+ID4gPiA+ID4gPiA+ ID4gICAgICAgICAgICAgICByZXR1cm4gTlVMTDsKPiA+ID4gPiA+ID4gPiA+ICAgICAgIH0KPiA+ ID4gPiA+ID4gPiA+ICsgICAgIGlmICh2cS0+cGFja2VkLmJ1ZmxlbiAmJiB1bmxpa2VseSgqbGVu ID4gdnEtPnBhY2tlZC5idWZsZW5baWRdKSkgewo+ID4gPiA+ID4gPiA+ID4gKyAgICAgICAgICAg ICBCQURfUklORyh2cSwgInVzZWQgbGVuICVkIGlzIGxhcmdlciB0aGFuIG1heCBpbiBidWZmZXIg bGVuICV1XG4iLAo+ID4gPiA+ID4gPiA+ID4gKyAgICAgICAgICAgICAgICAgICAgICpsZW4sIHZx LT5wYWNrZWQuYnVmbGVuW2lkXSk7Cj4gPiA+ID4gPiA+ID4gPiArICAgICAgICAgICAgIHJldHVy biBOVUxMOwo+ID4gPiA+ID4gPiA+ID4gKyAgICAgfQo+ID4gPiA+ID4gPiA+ID4KPiA+ID4gPiA+ ID4gPiA+ICAgICAgIC8qIGRldGFjaF9idWZfcGFja2VkIGNsZWFycyBkYXRhLCBzbyBncmFiIGl0 IG5vdy4gKi8KPiA+ID4gPiA+ID4gPiA+ICAgICAgIHJldCA9IHZxLT5wYWNrZWQuZGVzY19zdGF0 ZVtpZF0uZGF0YTsKPiA+ID4gPiA+ID4gPiA+IEBAIC0xOTM3LDYgKzIwMDMsNyBAQCBzdGF0aWMg dm9pZCB2cmluZ19mcmVlX3BhY2tlZChzdHJ1Y3QgdnJpbmdfdmlydHF1ZXVlX3BhY2tlZCAqdnJp bmdfcGFja2VkLAo+ID4gPiA+ID4gPiA+ID4gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg IHZyaW5nX3BhY2tlZC0+ZGV2aWNlX2V2ZW50X2RtYV9hZGRyLAo+ID4gPiA+ID4gPiA+ID4gICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRtYV9kZXYpOwo+ID4gPiA+ID4gPiA+ID4KPiA+ ID4gPiA+ID4gPiA+ICsgICAgIGtmcmVlKHZyaW5nX3BhY2tlZC0+YnVmbGVuKTsKPiA+ID4gPiA+ ID4gPiA+ICAgICAgIGtmcmVlKHZyaW5nX3BhY2tlZC0+ZGVzY19zdGF0ZSk7Cj4gPiA+ID4gPiA+ ID4gPiAgICAgICBrZnJlZSh2cmluZ19wYWNrZWQtPmRlc2NfZXh0cmEpOwo+ID4gPiA+ID4gPiA+ ID4gIH0KPiA+ID4gPiA+ID4gPiA+IEBAIC0xOTg4LDYgKzIwNTUsMTQgQEAgc3RhdGljIGludCB2 cmluZ19hbGxvY19xdWV1ZV9wYWNrZWQoc3RydWN0IHZyaW5nX3ZpcnRxdWV1ZV9wYWNrZWQgKnZy aW5nX3BhY2tlZCwKPiA+ID4gPiA+ID4gPiA+Cj4gPiA+ID4gPiA+ID4gPiAgICAgICB2cmluZ19w YWNrZWQtPnZyaW5nLm51bSA9IG51bTsKPiA+ID4gPiA+ID4gPiA+Cj4gPiA+ID4gPiA+ID4gPiAr ICAgICBpZiAodnJpbmdfbmVlZHNfdXNlZF92YWxpZGF0aW9uKHZkZXYpKSB7Cj4gPiA+ID4gPiA+ ID4gPiArICAgICAgICAgICAgIHZyaW5nX3BhY2tlZC0+YnVmbGVuID0KPiA+ID4gPiA+ID4gPiA+ ICsgICAgICAgICAgICAgICAgICAgICBrbWFsbG9jX2FycmF5KG51bSwgc2l6ZW9mKCp2cmluZ19w YWNrZWQtPmJ1ZmxlbiksCj4gPiA+ID4gPiA+ID4gPiArICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICBHRlBfS0VSTkVMKTsKPiA+ID4gPiA+ID4gPiA+ICsgICAgICAgICAgICAgaWYg KCF2cmluZ19wYWNrZWQtPmJ1ZmxlbikKPiA+ID4gPiA+ID4gPiA+ICsgICAgICAgICAgICAgICAg ICAgICBnb3RvIGVycjsKPiA+ID4gPiA+ID4gPiA+ICsgICAgIH0KPiA+ID4gPiA+ID4gPiA+ICsK PiA+ID4gPiA+ID4gPiA+ICAgICAgIHJldHVybiAwOwo+ID4gPiA+ID4gPiA+ID4KPiA+ID4gPiA+ ID4gPiA+ICBlcnI6Cj4gPiA+ID4gPiA+ID4gPiAtLQo+ID4gPiA+ID4gPiA+ID4gMi4yNS4xCj4g PiA+ID4gPiA+ID4KPiA+ID4gPiA+Cj4gPiA+CgpfX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fXwpWaXJ0dWFsaXphdGlvbiBtYWlsaW5nIGxpc3QKVmlydHVhbGl6 YXRpb25AbGlzdHMubGludXgtZm91bmRhdGlvbi5vcmcKaHR0cHM6Ly9saXN0cy5saW51eGZvdW5k YXRpb24ub3JnL21haWxtYW4vbGlzdGluZm8vdmlydHVhbGl6YXRpb24= From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8B2A6C77B7A for ; Wed, 31 May 2023 10:25:57 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231501AbjEaKZ4 (ORCPT ); Wed, 31 May 2023 06:25:56 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41288 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229949AbjEaKZx (ORCPT ); Wed, 31 May 2023 06:25:53 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6FD6F132 for ; Wed, 31 May 2023 03:25:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1685528705; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=DvwGCRQeWTvKp10bN1Sbh5bj4YnUv0Bqw0o1UOThBzY=; b=cc/iCJdIaNZ57pKP2kkx4AA5/YFYk7t3pfKq//xGPibFeLKlyL3hwAHe8cQQhhnovYF0mf lcvci7ZXpJ1+mnwY+IuHAv/CLFk2hvozGha+KmmVocpC17eRr1WykTs9vUQY0YFrkwFczQ BWD2kfO9VBXADTMGDbr3B09LQp3ahW8= Received: from mail-wr1-f72.google.com (mail-wr1-f72.google.com [209.85.221.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-101-fGG67D_iP5aNY6hmKeJWEQ-1; Wed, 31 May 2023 06:25:04 -0400 X-MC-Unique: fGG67D_iP5aNY6hmKeJWEQ-1 Received: by mail-wr1-f72.google.com with SMTP id ffacd0b85a97d-30ad0812151so3097965f8f.3 for ; Wed, 31 May 2023 03:25:04 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1685528703; x=1688120703; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=DvwGCRQeWTvKp10bN1Sbh5bj4YnUv0Bqw0o1UOThBzY=; b=BsGvWHEH3omHPRLHE4/jWqFUCcR7Olqp5/MaWEhjshgcokvPSB045cDRuG41qZGl8T zG67lUZaGVQfTtRmC82m4j7blIdZ7dKAonYOC9kDv0Bazg3M5PZ/jtvAml8pheDHXwsb z+71+eNGRZw6P7M54Ue8CCJfHsy3OBrak3mM9rBLssDTTiF2gQlS9NoVmn6/FRmtxqAq fVu65Em0T6Q7tsdU0pnnQs1iwIXCwrlhUlusVGeQNvOHw3ZBfknIAbQFrRHheHKmYi1m B6C7/qUuLD60+LdAC6Av/X8ruosudtB58GkkzOrGomqQLyRozsGwVhdD9goRVlIT7LBf RSuw== X-Gm-Message-State: AC+VfDzF/xFUMzWuQRh25jQcxVxrHEfoTvAKEjq40iLnNm0ofma30hnV VtGSLopiwaPJgKkGjC5m+tzonxjrs66/Jd2qOy0S+4eYLfE6/aH9roDnl34FPUK9R3bXWzSpz6S jUwaXMmRrJT9H5mUxxMnhfmYqe5rRS5sz X-Received: by 2002:adf:f452:0:b0:307:8b3e:285a with SMTP id f18-20020adff452000000b003078b3e285amr4867795wrp.67.1685528702685; Wed, 31 May 2023 03:25:02 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ5rdqa0yP0CU0wQqaMcpUQBMYn4ha0O+FEx/Q20k8/Cui3MNm3+FsNtrElTCiHBdmXhEbnbSQ== X-Received: by 2002:adf:f452:0:b0:307:8b3e:285a with SMTP id f18-20020adff452000000b003078b3e285amr4867778wrp.67.1685528702252; Wed, 31 May 2023 03:25:02 -0700 (PDT) Received: from redhat.com ([2.52.11.69]) by smtp.gmail.com with ESMTPSA id b9-20020adfe309000000b003079986fd71sm6404500wrj.88.2023.05.31.03.25.00 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 31 May 2023 03:25:01 -0700 (PDT) Date: Wed, 31 May 2023 06:24:58 -0400 From: "Michael S. Tsirkin" To: Jason Wang Cc: xuanzhuo@linux.alibaba.com, virtualization@lists.linux-foundation.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH] virtio_ring: validate used buffer length Message-ID: <20230531062108-mutt-send-email-mst@kernel.org> References: <20230526063041.18359-1-jasowang@redhat.com> <20230528033037-mutt-send-email-mst@kernel.org> <20230529055729-mutt-send-email-mst@kernel.org> <20230531014326-mutt-send-email-mst@kernel.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, May 31, 2023 at 04:26:38PM +0800, Jason Wang wrote: > On Wed, May 31, 2023 at 3:36 PM Jason Wang wrote: > > > > On Wed, May 31, 2023 at 1:50 PM Michael S. Tsirkin wrote: > > > > > > On Wed, May 31, 2023 at 09:05:00AM +0800, Jason Wang wrote: > > > > On Mon, May 29, 2023 at 6:03 PM Michael S. Tsirkin wrote: > > > > > > > > > > On Mon, May 29, 2023 at 09:18:10AM +0800, Jason Wang wrote: > > > > > > On Sun, May 28, 2023 at 3:57 PM Michael S. Tsirkin wrote: > > > > > > > > > > > > > > On Fri, May 26, 2023 at 02:30:41PM +0800, Jason Wang wrote: > > > > > > > > This patch validate > > > > > > > > > > > > > > validates > > > > > > > > > > > > > > > the used buffer length provided by the device > > > > > > > > before trying to use it. > > > > > > > > > > > > > > before returning it to caller > > > > > > > > > > > > > > > This is done by remembering the in buffer > > > > > > > > length in a dedicated array during virtqueue_add(), then we can fail > > > > > > > > the virtqueue_get_buf() when we find the device is trying to give us a > > > > > > > > used buffer length which is greater than we stored before. > > > > > > > > > > > > > > than what we stored > > > > > > > > > > > > > > > > > > > > > > > This validation is disable > > > > > > > > > > > > > > disabled > > > > > > > > > > > > > > > by default via module parameter to unbreak > > > > > > > > some existing devices since some legacy devices are known to report > > > > > > > > buggy used length. > > > > > > > > > > > > > > > > Signed-off-by: Jason Wang > > > > > > > > > > > > > > First I'm not merging this without more data about > > > > > > > what is known to be broken and what is known to work well > > > > > > > in the commit log. And how exactly do things work if used length > > > > > > > is wrong? > > > > > > > > > > > > Assuming the device is malicious, it would be very hard to answer. > > > > > > Auditing and fuzzing won't cover every case. Instead of trying to seek > > > > > > the answer, we can simply make sure the used in buffer length is > > > > > > validated then we know we're fine or not. > > > > > > > > > > To restate the question, you said above "some legacy devices are known > > > > > to report buggy used length". If they report buggy length then how > > > > > can things work? > > > > > > > > The validation is disabled for legacy device (as stated in the changelog): > > > > > > > > static bool vring_needs_used_validation(const struct virtio_device *vdev) > > > > { > > > > /* > > > > * Several legacy devices are known to produce buggy used > > > > * length. In order to let driver work, we won't validate used > > > > * buffer length in this case. > > > > */ > > > > if (!virtio_has_feature(vdev, VIRTIO_F_VERSION_1)) > > > > return false; > > > > if (force_used_validation) > > > > return true; > > > > return false; > > > > } > > > > > > > > This seems to be what we've agreed in last version: > > > > > > > > https://lore.kernel.org/all/CANLsYkxfhamUU0bb4j7y6N4_G9odKxLCjXxgXEx4SJ6_Kf+M2Q@mail.gmail.com/T/#m31f3b06f9032beec175c312dfa2532cb08b15c56 > > > > > > > > Thanks > > > > > > > > > > I don't get it. You wrote: > > > > > > This validation is disable > > > by default via module parameter to unbreak > > > some existing devices since some legacy devices are known to report > > > buggy used length. > > > > > > which devices? > > > > legacy rpmsg and vsock device (before 49d8c5ffad07) at least. > > > > > why do you need a module parameter? > > > > If we enable it unconditionally for modern devices, it may break some > > buggy moden device (vsock without a fix as an example). > > > > > > > > > > > > > > > > > > > > Second what's wrong with dma_desc_extra that we already maintain? > > > > > > > Third motivation - it's part and parcel of the hardening effort yes? > > > > > > > > > > > > They are different. dma_desc_extra is for a descriptor ring, but this > > > > > > is for a used ring. Technically we can go back to iterate on the > > > > > > descriptor ring for a legal used in buffer length. But it will have > > > > > > worse performance. > > > > > > > > > > I don't really understand. We already iterate when we unmap - > > > > > all that is necessary is to subtract it from used length, if at > > > > > the end of the process it is >0 then we know used length is too > > > > > large. > > > > > > > > Yes, but it is the job that is done in the driver level not the virtio > > > > core. > > > > > > What job? > > > > I meant the driver can do the validation since it has the knowledge of > > the buffer length if it wants. > > > > > unmap is done in detach_buf_split and detach_buf_packed respectively. > > > vring_desc_extra isn't even visible outside drivers/virtio/virtio_ring.c > > > > desc_extra doesn't contain buffer length for the case of indirect > > descriptors. So we need to iterate in the descriptors when it looks > > expensive if we don't need unmap. > > > > Thanks > > > > > > > > For drivers that do unmap at driver level - I guess they can do > > > validation there too. > > > > > > > Validation in virtio core is still necessary since they're > > > > working at different levels and it's hard to force the validation in > > > > all drivers by codes. Last version introduces a > > > > suppress_driver_validation to allow the driver to suppress the core > > > > validation which seems not good, we need a way to force the > > > > virtio_ring code to do validation before. > > > > > > Why do we? If driver validates length virtio_ring does not need to > > > validate. > > To be more safe, there's no guarantee that there's no bug in the driver. Extra options increase testing matrix size so - there be bugs. We need to make these decisions for (most) users. > > If driver does not use length virtio_ring does not need to > > > validate. > > This could be done on top assuming the validation is disabled by > default. But if the administrator wants to have belt and braces we > need to leave an option for them. > > Thanks No, we don't regress then fix on top. As for mod parameter I am not impressed - no one's going to have the time or inclination to do the requisite testing to know whether the module parameter is safe. > > core can provide this service for the gazillion non > > > performance critical drivers that just want to keep things simple, > > > but the 4-5 critical ones can do their own validation if they want to. > > > > > > > Or such stuff could be added > > > > on top since the validation is by default anyway. > > > > > > > > Thanks > > > > > > > > > > > > > > > > > > > > > > > > > > I'd like to know the fate of VIRTIO_HARDEN_NOTIFICATION before > > > > > > > we do more hardening. If it's irrevocably broken let's rip it out? > > > > > > > > > > > > So the plan is > > > > > > > > > > > > 1) finish used ring validation (this had been proposed, merged and > > > > > > reverted before notification hardening) > > > > > > 2) do notification hardening on top. > > > > > > > > > > > > So let's leave it as is and I will do a rework after we finalize the > > > > > > used ring validation. > > > > > > > > > > > > Thanks > > > > > > > > > > > > > > > > > > > > > > > > > > > > --- > > > > > > > > Changes since V4: > > > > > > > > - drop the flat for driver to suppress the check > > > > > > > > - validation is disabled by default > > > > > > > > - don't do validation for legacy device > > > > > > > > - rebase and support virtqueue resize > > > > > > > > --- > > > > > > > > drivers/virtio/virtio_ring.c | 75 ++++++++++++++++++++++++++++++++++++ > > > > > > > > 1 file changed, 75 insertions(+) > > > > > > > > > > > > > > > > diff --git a/drivers/virtio/virtio_ring.c b/drivers/virtio/virtio_ring.c > > > > > > > > index 143f380baa1c..5b151605aaf8 100644 > > > > > > > > --- a/drivers/virtio/virtio_ring.c > > > > > > > > +++ b/drivers/virtio/virtio_ring.c > > > > > > > > @@ -15,6 +15,9 @@ > > > > > > > > #include > > > > > > > > #include > > > > > > > > > > > > > > > > +static bool force_used_validation = false; > > > > > > > > +module_param(force_used_validation, bool, 0444); > > > > > > > > + > > > > > > > > #ifdef DEBUG > > > > > > > > /* For development, we want to crash whenever the ring is screwed. */ > > > > > > > > #define BAD_RING(_vq, fmt, args...) \ > > > > > > > > @@ -105,6 +108,9 @@ struct vring_virtqueue_split { > > > > > > > > struct vring_desc_state_split *desc_state; > > > > > > > > struct vring_desc_extra *desc_extra; > > > > > > > > > > > > > > > > + /* Maximum in buffer length, NULL means no used validation */ > > > > > > > > + u32 *buflen; > > > > > > > > + > > > > > > > > /* DMA address and size information */ > > > > > > > > dma_addr_t queue_dma_addr; > > > > > > > > size_t queue_size_in_bytes; > > > > > > > > @@ -145,6 +151,9 @@ struct vring_virtqueue_packed { > > > > > > > > struct vring_desc_state_packed *desc_state; > > > > > > > > struct vring_desc_extra *desc_extra; > > > > > > > > > > > > > > > > + /* Maximum in buffer length, NULL means no used validation */ > > > > > > > > + u32 *buflen; > > > > > > > > + > > > > > > > > /* DMA address and size information */ > > > > > > > > dma_addr_t ring_dma_addr; > > > > > > > > dma_addr_t driver_event_dma_addr; > > > > > > > > @@ -552,6 +561,7 @@ static inline int virtqueue_add_split(struct virtqueue *_vq, > > > > > > > > unsigned int i, n, avail, descs_used, prev, err_idx; > > > > > > > > int head; > > > > > > > > bool indirect; > > > > > > > > + u32 buflen = 0; > > > > > > > > > > > > > > > > START_USE(vq); > > > > > > > > > > > > > > > > @@ -635,6 +645,7 @@ static inline int virtqueue_add_split(struct virtqueue *_vq, > > > > > > > > VRING_DESC_F_NEXT | > > > > > > > > VRING_DESC_F_WRITE, > > > > > > > > indirect); > > > > > > > > + buflen += sg->length; > > > > > > > > } > > > > > > > > } > > > > > > > > /* Last one doesn't continue. */ > > > > > > > > @@ -675,6 +686,10 @@ static inline int virtqueue_add_split(struct virtqueue *_vq, > > > > > > > > else > > > > > > > > vq->split.desc_state[head].indir_desc = ctx; > > > > > > > > > > > > > > > > + /* Store in buffer length if necessary */ > > > > > > > > + if (vq->split.buflen) > > > > > > > > + vq->split.buflen[head] = buflen; > > > > > > > > + > > > > > > > > /* Put entry in available array (but don't update avail->idx until they > > > > > > > > * do sync). */ > > > > > > > > avail = vq->split.avail_idx_shadow & (vq->split.vring.num - 1); > > > > > > > > @@ -861,6 +876,11 @@ static void *virtqueue_get_buf_ctx_split(struct virtqueue *_vq, > > > > > > > > BAD_RING(vq, "id %u is not a head!\n", i); > > > > > > > > return NULL; > > > > > > > > } > > > > > > > > + if (vq->split.buflen && unlikely(*len > vq->split.buflen[i])) { > > > > > > > > + BAD_RING(vq, "used len %d is larger than max in buffer len %u\n", > > > > > > > > + *len, vq->split.buflen[i]); > > > > > > > > + return NULL; > > > > > > > > + } > > > > > > > > > > > > > > > > /* detach_buf_split clears data, so grab it now. */ > > > > > > > > ret = vq->split.desc_state[i].data; > > > > > > > > @@ -1085,10 +1105,25 @@ static void vring_free_split(struct vring_virtqueue_split *vring_split, > > > > > > > > vring_split->queue_dma_addr, > > > > > > > > dma_dev); > > > > > > > > > > > > > > > > + kfree(vring_split->buflen); > > > > > > > > kfree(vring_split->desc_state); > > > > > > > > kfree(vring_split->desc_extra); > > > > > > > > } > > > > > > > > > > > > > > > > +static bool vring_needs_used_validation(const struct virtio_device *vdev) > > > > > > > > +{ > > > > > > > > + /* > > > > > > > > + * Several legacy devices are known to produce buggy used > > > > > > > > + * length. In order to let driver work, we won't validate used > > > > > > > > + * buffer length in this case. > > > > > > > > + */ > > > > > > > > + if (!virtio_has_feature(vdev, VIRTIO_F_VERSION_1)) > > > > > > > > + return false; > > > > > > > > + if (force_used_validation) > > > > > > > > + return true; > > > > > > > > + return false; > > > > > > > > +} > > > > > > > > + > > > > > > > > static int vring_alloc_queue_split(struct vring_virtqueue_split *vring_split, > > > > > > > > struct virtio_device *vdev, > > > > > > > > u32 num, > > > > > > > > @@ -1137,7 +1172,19 @@ static int vring_alloc_queue_split(struct vring_virtqueue_split *vring_split, > > > > > > > > vring_split->vring_align = vring_align; > > > > > > > > vring_split->may_reduce_num = may_reduce_num; > > > > > > > > > > > > > > > > + if (vring_needs_used_validation(vdev)) { > > > > > > > > + vring_split->buflen = > > > > > > > > + kmalloc_array(num, sizeof(*vring_split->buflen), > > > > > > > > + GFP_KERNEL); > > > > > > > > + if (!vring_split->buflen) > > > > > > > > + goto err_buflen; > > > > > > > > + } > > > > > > > > + > > > > > > > > return 0; > > > > > > > > + > > > > > > > > +err_buflen: > > > > > > > > + vring_free_split(vring_split, vdev, dma_dev); > > > > > > > > + return -ENOMEM; > > > > > > > > } > > > > > > > > > > > > > > > > static struct virtqueue *vring_create_virtqueue_split( > > > > > > > > @@ -1297,6 +1344,7 @@ static int virtqueue_add_indirect_packed(struct vring_virtqueue *vq, > > > > > > > > unsigned int i, n, err_idx; > > > > > > > > u16 head, id; > > > > > > > > dma_addr_t addr; > > > > > > > > + u32 buflen = 0; > > > > > > > > > > > > > > > > head = vq->packed.next_avail_idx; > > > > > > > > desc = alloc_indirect_packed(total_sg, gfp); > > > > > > > > @@ -1325,6 +1373,8 @@ static int virtqueue_add_indirect_packed(struct vring_virtqueue *vq, > > > > > > > > desc[i].addr = cpu_to_le64(addr); > > > > > > > > desc[i].len = cpu_to_le32(sg->length); > > > > > > > > i++; > > > > > > > > + if (n >= out_sgs) > > > > > > > > + buflen += sg->length; > > > > > > > > } > > > > > > > > } > > > > > > > > > > > > > > > > @@ -1379,6 +1429,10 @@ static int virtqueue_add_indirect_packed(struct vring_virtqueue *vq, > > > > > > > > vq->packed.desc_state[id].last = id; > > > > > > > > vq->packed.desc_state[id].premapped = premapped; > > > > > > > > > > > > > > > > + /* Store in buffer length if necessary */ > > > > > > > > + if (vq->packed.buflen) > > > > > > > > + vq->packed.buflen[id] = buflen; > > > > > > > > + > > > > > > > > vq->num_added += 1; > > > > > > > > > > > > > > > > pr_debug("Added buffer head %i to %p\n", head, vq); > > > > > > > > @@ -1416,6 +1470,7 @@ static inline int virtqueue_add_packed(struct virtqueue *_vq, > > > > > > > > __le16 head_flags, flags; > > > > > > > > u16 head, id, prev, curr, avail_used_flags; > > > > > > > > int err; > > > > > > > > + u32 buflen = 0; > > > > > > > > > > > > > > > > START_USE(vq); > > > > > > > > > > > > > > > > @@ -1498,6 +1553,8 @@ static inline int virtqueue_add_packed(struct virtqueue *_vq, > > > > > > > > 1 << VRING_PACKED_DESC_F_AVAIL | > > > > > > > > 1 << VRING_PACKED_DESC_F_USED; > > > > > > > > } > > > > > > > > + if (n >= out_sgs) > > > > > > > > + buflen += sg->length; > > > > > > > > } > > > > > > > > } > > > > > > > > > > > > > > > > @@ -1518,6 +1575,10 @@ static inline int virtqueue_add_packed(struct virtqueue *_vq, > > > > > > > > vq->packed.desc_state[id].last = prev; > > > > > > > > vq->packed.desc_state[id].premapped = premapped; > > > > > > > > > > > > > > > > + /* Store in buffer length if necessary */ > > > > > > > > + if (vq->packed.buflen) > > > > > > > > + vq->packed.buflen[id] = buflen; > > > > > > > > + > > > > > > > > /* > > > > > > > > * A driver MUST NOT make the first descriptor in the list > > > > > > > > * available before all subsequent descriptors comprising > > > > > > > > @@ -1718,6 +1779,11 @@ static void *virtqueue_get_buf_ctx_packed(struct virtqueue *_vq, > > > > > > > > BAD_RING(vq, "id %u is not a head!\n", id); > > > > > > > > return NULL; > > > > > > > > } > > > > > > > > + if (vq->packed.buflen && unlikely(*len > vq->packed.buflen[id])) { > > > > > > > > + BAD_RING(vq, "used len %d is larger than max in buffer len %u\n", > > > > > > > > + *len, vq->packed.buflen[id]); > > > > > > > > + return NULL; > > > > > > > > + } > > > > > > > > > > > > > > > > /* detach_buf_packed clears data, so grab it now. */ > > > > > > > > ret = vq->packed.desc_state[id].data; > > > > > > > > @@ -1937,6 +2003,7 @@ static void vring_free_packed(struct vring_virtqueue_packed *vring_packed, > > > > > > > > vring_packed->device_event_dma_addr, > > > > > > > > dma_dev); > > > > > > > > > > > > > > > > + kfree(vring_packed->buflen); > > > > > > > > kfree(vring_packed->desc_state); > > > > > > > > kfree(vring_packed->desc_extra); > > > > > > > > } > > > > > > > > @@ -1988,6 +2055,14 @@ static int vring_alloc_queue_packed(struct vring_virtqueue_packed *vring_packed, > > > > > > > > > > > > > > > > vring_packed->vring.num = num; > > > > > > > > > > > > > > > > + if (vring_needs_used_validation(vdev)) { > > > > > > > > + vring_packed->buflen = > > > > > > > > + kmalloc_array(num, sizeof(*vring_packed->buflen), > > > > > > > > + GFP_KERNEL); > > > > > > > > + if (!vring_packed->buflen) > > > > > > > > + goto err; > > > > > > > > + } > > > > > > > > + > > > > > > > > return 0; > > > > > > > > > > > > > > > > err: > > > > > > > > -- > > > > > > > > 2.25.1 > > > > > > > > > > > > > > >