From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-pj1-f47.google.com (mail-pj1-f47.google.com [209.85.216.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 90D81168483 for ; Tue, 17 Sep 2024 22:52:18 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.47 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726613542; cv=none; b=TRkj9NY6unEmeusRBJN3B0al7LoGU0/776VNwNx2ta1kM+eO7W1PprqqujT1+HMhOsg0HqVfPzeiPTGqCPpBOKhj0LieRvU2F1HIDjPkz03OoMWsQByWonSyLxFFWiMfBrI/kt565gBt4qcgRV+zogja8IZroRyB/tMx2hsHXC8= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726613542; c=relaxed/simple; bh=xEL5i2NrNoCubbGXHBwmeXVJnMF3QnYuTTU7UJv3VgI=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=H+2kftaRiQmMHS+L2JGyXf6zZi07QjW0yQs141dDP7RHJXorZ0aZIFTaowjZ9cmsRy2HaWfN5lzIo8vyN/f6gxnFT+W2YkIqOkSIXS+VlAap5Ozhi80jEG/w4P8RxT9hXO7gYa2HA0Kloxoyf5uSsN+OEEO7EQ3eAIE3Eiz0f8M= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=rivosinc.com; spf=pass smtp.mailfrom=rivosinc.com; dkim=pass (2048-bit key) header.d=rivosinc-com.20230601.gappssmtp.com header.i=@rivosinc-com.20230601.gappssmtp.com header.b=BB6CZxWc; arc=none smtp.client-ip=209.85.216.47 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=rivosinc.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=rivosinc.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=rivosinc-com.20230601.gappssmtp.com header.i=@rivosinc-com.20230601.gappssmtp.com header.b="BB6CZxWc" Received: by mail-pj1-f47.google.com with SMTP id 98e67ed59e1d1-2d877dab61fso3463108a91.3 for ; Tue, 17 Sep 2024 15:52:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rivosinc-com.20230601.gappssmtp.com; s=20230601; t=1726613538; x=1727218338; darn=vger.kernel.org; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:references:message-id:subject:cc:to:from:date:from:to :cc:subject:date:message-id:reply-to; bh=8LgfL6ONVrdwnf/yGtLCv1uWs0otVWaD3MZUYHzEzNc=; b=BB6CZxWc/vreTtFohY1cTI2o+68am73u+sZqvlIBKjjpb3TorZ2mz98jwGeKMgUyIB 1JLGFyfCHLTYw1mkypSFCKafIxU7QC65/ksmhw4/DhLa5JcngnJwJaaovhJ3J0mEuxIh LvTeVP0B3xUuEAZ3TVorAKvHt+sond1dQNMu0a4ls+5KuNx2Bvv/x06g8Yd7q47D9k50 rW66mDORJrX0t+8cmF2bha1xgtJyhDako/oqyQwMKtuJN+/IFQwRNwhinEmwMiWGWudu b2IpYV8GD50qjMXIa1Sqn3W8Fq/H7Bl3ISSi/NA5E3m6wULFLO3S+ua75sA0W3EFH1N1 WfdQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1726613538; x=1727218338; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=8LgfL6ONVrdwnf/yGtLCv1uWs0otVWaD3MZUYHzEzNc=; b=dB60+qvjzmpBo7ZkLmgWakkP3Yig7OysYqO9XR7jzSk9Avc/Pd597OqDnRrtUOljbw zLMM3TJ6aKNC+kYZYPcY8bHQXTg4Thnskyr2Ro+nVf/dATQnJTKxaXpksrs+6ipB/1bv Bs+mc3hGsvY8iWLUijEkIocjjnJlB9hUia+xvVDIRbPWRk/F656NhI2+zzA2ff2D5qUI S7S5CgOw1VRHNjAhFESgZD/hZ3sfVlJJxwOJjqGKRxXPUc+L8JS8AiT/JX6drLvUcEzT SEGypd3gNkIJCi/VdPwwPf21QU7i6UQPgKMcSiZ98DxhBBwAbNlkN66PGYxlcK4ybeHI MlBg== X-Forwarded-Encrypted: i=1; AJvYcCVTwibePP6XbQFTTsJUrhjpH7afWb+ikIim1mq+zweOhHkt/XLajeLlUi9PGCjOxZFsxZ6oO4X4Dd+K@vger.kernel.org X-Gm-Message-State: AOJu0YzbnDMyuMFhLjrfyWz25Iva0VeLVtjvuSrCDvlDy1L3kPVQ8DwI DXD4QHJctUMrZb5iJqIQgLb+0ArDJQiQZG3Q0et8tp/gDl9tbT9JvOWXPSIl840= X-Google-Smtp-Source: AGHT+IGhq1GnSQZF5MxVR/0K0G2NJThoWCkNzk83MwW/s6Yz+26hm9MeL/l8on1yytS+Oc/w/84WRw== X-Received: by 2002:a17:90b:164b:b0:2d8:aba8:787a with SMTP id 98e67ed59e1d1-2dbb9db9c78mr20241981a91.6.1726613537298; Tue, 17 Sep 2024 15:52:17 -0700 (PDT) Received: from debug.ba.rivosinc.com ([64.71.180.162]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-2dd609d2958sm16864a91.53.2024.09.17.15.52.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 17 Sep 2024 15:52:16 -0700 (PDT) Date: Tue, 17 Sep 2024 15:52:11 -0700 From: Deepak Gupta To: Andy Chiu Cc: paul.walmsley@sifive.com, palmer@sifive.com, conor@kernel.org, linux-doc@vger.kernel.org, linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org, devicetree@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, linux-arch@vger.kernel.org, linux-kselftest@vger.kernel.org, quic_zhonhan@quicinc.com, zong.li@sifive.com, zev@bewilderbeest.net, david@redhat.com, peterz@infradead.org, catalin.marinas@arm.com, broonie@kernel.org, dave.hansen@linux.intel.com, atishp@rivosinc.com, bjorn@rivosinc.com, namcaov@gmail.com, usama.anjum@collabora.com, guoren@kernel.org, alx@kernel.org, jszhang@kernel.org, hpa@zytor.com, puranjay@kernel.org, shuah@kernel.org, sorear@fastmail.com, costa.shul@redhat.com, robh@kernel.org, antonb@tenstorrent.com, quic_bjorande@quicinc.com, lorenzo.stoakes@oracle.com, corbet@lwn.net, dawei.li@shingroup.cn, anup@brainfault.org, deller@gmx.de, x86@kernel.org, andrii@kernel.org, willy@infradead.org, kees@kernel.org, mingo@redhat.com, libang.li@antgroup.com, samitolvanen@google.com, greentime.hu@sifive.com, osalvador@suse.de, ajones@ventanamicro.com, revest@chromium.org, ancientmodern4@gmail.com, aou@eecs.berkeley.edu, jerry.shih@sifive.com, alexghiti@rivosinc.com, arnd@arndb.de, yang.lee@linux.alibaba.com, charlie@rivosinc.com, bgray@linux.ibm.com, Liam.Howlett@oracle.com, leobras@redhat.com, songshuaishuai@tinylab.org, xiao.w.wang@intel.com, bp@alien8.de, cuiyunhui@bytedance.com, mchitale@ventanamicro.com, cleger@rivosinc.com, tglx@linutronix.de, krzk+dt@kernel.org, vbabka@suse.cz, brauner@kernel.org, bhe@redhat.com, ke.zhao@shingroup.cn, oleg@redhat.com, samuel.holland@sifive.com, ben.dooks@codethink.co.uk, evan@rivosinc.com, palmer@dabbelt.com, ebiederm@xmission.com, andy.chiu@sifive.com, schwab@suse.de, akpm@linux-foundation.org, sameo@rivosinc.com, tanzhasanwork@gmail.com, rppt@kernel.org, ryan.roberts@arm.com Subject: Re: [PATCH v4 23/30] riscv signal: save and restore of shadow stack for signal Message-ID: References: <20240912231650.3740732-1-debug@rivosinc.com> <20240912231650.3740732-24-debug@rivosinc.com> Precedence: bulk X-Mailing-List: linux-arch@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: On Wed, Sep 18, 2024 at 12:03:45AM +0200, Andy Chiu wrote: >Deepak Gupta 於 2024年9月17日 週二 上午12:03寫道: >> >> On Fri, Sep 13, 2024 at 09:25:57PM +0200, Andy Chiu wrote: >> >Hi Deepak, >> > >> >Deepak Gupta 於 2024年9月13日 週五 上午1:20寫道: >> >> >> >> Save shadow stack pointer in sigcontext structure while delivering signal. >> >> Restore shadow stack pointer from sigcontext on sigreturn. >> >> >> >> As part of save operation, kernel uses `ssamoswap` to save snapshot of >> >> current shadow stack on shadow stack itself (can be called as a save >> >> token). During restore on sigreturn, kernel retrieves token from top of >> >> shadow stack and validates it. This allows that user mode can't arbitrary >> >> pivot to any shadow stack address without having a token and thus provide >> >> strong security assurance between signaly delivery and sigreturn window. >> >> >> >> Signed-off-by: Deepak Gupta >> >> Suggested-by: Andy Chiu >> >> --- >> >> arch/riscv/include/asm/usercfi.h | 19 ++++++++++ >> >> arch/riscv/kernel/signal.c | 62 +++++++++++++++++++++++++++++++- >> >> arch/riscv/kernel/usercfi.c | 57 +++++++++++++++++++++++++++++ >> >> 3 files changed, 137 insertions(+), 1 deletion(-) >> >> >> >> diff --git a/arch/riscv/include/asm/usercfi.h b/arch/riscv/include/asm/usercfi.h >> >> index 20a9102cce51..d5050a5df26c 100644 >> >> --- a/arch/riscv/include/asm/usercfi.h >> >> +++ b/arch/riscv/include/asm/usercfi.h >> >> @@ -8,6 +8,7 @@ >> >> #ifndef __ASSEMBLY__ >> >> #include >> >> #include >> >> +#include >> >> >> >> struct task_struct; >> >> struct kernel_clone_args; >> >> @@ -35,6 +36,9 @@ bool is_shstk_locked(struct task_struct *task); >> >> bool is_shstk_allocated(struct task_struct *task); >> >> void set_shstk_lock(struct task_struct *task); >> >> void set_shstk_status(struct task_struct *task, bool enable); >> >> +unsigned long get_active_shstk(struct task_struct *task); >> >> +int restore_user_shstk(struct task_struct *tsk, unsigned long shstk_ptr); >> >> +int save_user_shstk(struct task_struct *tsk, unsigned long *saved_shstk_ptr); >> >> bool is_indir_lp_enabled(struct task_struct *task); >> >> bool is_indir_lp_locked(struct task_struct *task); >> >> void set_indir_lp_status(struct task_struct *task, bool enable); >> >> @@ -96,6 +100,21 @@ static inline void set_shstk_status(struct task_struct *task, bool enable) >> >> >> >> } >> >> >> >> +static inline int restore_user_shstk(struct task_struct *tsk, unsigned long shstk_ptr) >> >> +{ >> >> + return -EINVAL; >> >> +} >> >> + >> >> +static inline int save_user_shstk(struct task_struct *tsk, unsigned long *saved_shstk_ptr) >> >> +{ >> >> + return -EINVAL; >> >> +} >> >> + >> >> +static inline unsigned long get_active_shstk(struct task_struct *task) >> >> +{ >> >> + return 0; >> >> +} >> >> + >> >> static inline bool is_indir_lp_enabled(struct task_struct *task) >> >> { >> >> return false; >> >> diff --git a/arch/riscv/kernel/signal.c b/arch/riscv/kernel/signal.c >> >> index dcd282419456..7d5c1825650f 100644 >> >> --- a/arch/riscv/kernel/signal.c >> >> +++ b/arch/riscv/kernel/signal.c >> >> @@ -22,6 +22,7 @@ >> >> #include >> >> #include >> >> #include >> >> +#include >> >> >> >> unsigned long signal_minsigstksz __ro_after_init; >> >> >> >> @@ -153,6 +154,16 @@ static long restore_sigcontext(struct pt_regs *regs, >> >> void __user *sc_ext_ptr = &sc->sc_extdesc.hdr; >> >> __u32 rsvd; >> >> long err; >> >> + unsigned long ss_ptr = 0; >> >> + struct __sc_riscv_cfi_state __user *sc_cfi = NULL; >> >> + >> >> + sc_cfi = (struct __sc_riscv_cfi_state *) >> >> + ((unsigned long) sc_ext_ptr + sizeof(struct __riscv_ctx_hdr)); >> >> + >> >> + if (has_vector() && riscv_v_vstate_query(regs)) >> >> + sc_cfi = (struct __sc_riscv_cfi_state *) >> >> + ((unsigned long) sc_cfi + riscv_v_sc_size); >> >> + >> >> /* sc_regs is structured the same as the start of pt_regs */ >> >> err = __copy_from_user(regs, &sc->sc_regs, sizeof(sc->sc_regs)); >> >> if (unlikely(err)) >> >> @@ -172,6 +183,24 @@ static long restore_sigcontext(struct pt_regs *regs, >> >> if (unlikely(rsvd)) >> >> return -EINVAL; >> >> >> >> + /* >> >> + * Restore shadow stack as a form of token stored on shadow stack itself as a safe >> >> + * way to restore. >> >> + * A token on shadow gives following properties >> >> + * - Safe save and restore for shadow stack switching. Any save of shadow stack >> >> + * must have had saved a token on shadow stack. Similarly any restore of shadow >> >> + * stack must check the token before restore. Since writing to shadow stack with >> >> + * address of shadow stack itself is not easily allowed. A restore without a save >> >> + * is quite difficult for an attacker to perform. >> >> + * - A natural break. A token in shadow stack provides a natural break in shadow stack >> >> + * So a single linear range can be bucketed into different shadow stack segments. >> >> + * sspopchk will detect the condition and fault to kernel as sw check exception. >> >> + */ >> >> + if (is_shstk_enabled(current)) { >> >> + err |= __copy_from_user(&ss_ptr, &sc_cfi->ss_ptr, sizeof(unsigned long)); >> >> + err |= restore_user_shstk(current, ss_ptr); >> >> + } >> >> + >> >> while (!err) { >> >> __u32 magic, size; >> >> struct __riscv_ctx_hdr __user *head = sc_ext_ptr; >> >> @@ -215,6 +244,10 @@ static size_t get_rt_frame_size(bool cal_all) >> >> if (cal_all || riscv_v_vstate_query(task_pt_regs(current))) >> >> total_context_size += riscv_v_sc_size; >> >> } >> >> + >> >> + if (is_shstk_enabled(current)) >> >> + total_context_size += sizeof(struct __sc_riscv_cfi_state); >> >> + >> >> /* >> >> * Preserved a __riscv_ctx_hdr for END signal context header if an >> >> * extension uses __riscv_extra_ext_header >> >> @@ -276,18 +309,40 @@ static long setup_sigcontext(struct rt_sigframe __user *frame, >> >> { >> >> struct sigcontext __user *sc = &frame->uc.uc_mcontext; >> >> struct __riscv_ctx_hdr __user *sc_ext_ptr = &sc->sc_extdesc.hdr; >> >> + unsigned long ss_ptr = 0; >> >> + struct __sc_riscv_cfi_state __user *sc_cfi = NULL; >> >> long err; >> >> >> >> + sc_cfi = (struct __sc_riscv_cfi_state *) (sc_ext_ptr + 1); >> >> + >> > >> >Is it intended that cfi sigcontext does not follow the sigcontext rule >> >setup by Vector? It seems like there is no extension header (struct >> >__riscv_ctx_hdr) defined for cfi sigcontext here. If the sigcontext is >> >directly appended to the signal stack, the user may not be able to >> >recognize the meaning without defining a new ABI. >> >> Hmm... I didn't realize that struct `struct __riscv_ctx_hdr` is strongly >> tied to vector state. I was under the impression that any new extended >> state addition would require this header to be present. > >__riscv_ctx_hdr is not tied to vector state. Your impression is not >wrong. When sigcontext for Vector was designed, it is intended that >every new extension should define its header, please check >RISCV_V_MAGIC. The magic value and the size of the extension added to >the sigcontext are written into each hdr->magic and hdr->size. >However, I did not find the corresponding code in this patch. Or, >maybe I am missing something obvious. Could you help point me out it? Sorry I was under the impression that there is only one ctx header for all extended state. It seems like from this conversation, any new state must declare it's own header, magic word and size. Now that I am having this conversation, it seems like that the idea for having ctx header is to ensure that any software (user space or kernel) must parse sigcontext beyong pt_regs iteratively and start poking only when it sees relevant data structure (based on magic word?) Hopefully, I got it right this time. I'll fix it, if that's the intention here. > >> >> cfi sigcontenxt doesn't need any ABI between user and kernel here. We need >> this space so that kernel can save a pointer to shadow stack token on signal >> delivery. Once sigreturn happens, kernel will use the same pointer, verify >> the token saved on shadow stack and restore shadow stack for user mode. >> At no point in this scheme, user mode is required to perform any action. >> >> All that is needed is that user mode doesn't accidenly trample at this offset. >> >> Since I was under the impression that `struct __riscv_ctx_hdr` is there for >> context extension and must be present for any state beyond `sc_regs`, I assumed >> that I must make space for this header (even if vector state is not present). >> >> > >> >BTW, I have sent a patch[1] that refactor setup_sigcontext so it'd be >> >easier for future extensions to expand on the signal stack. >> >> I can adopt to this, although its orthogonal to what we are discussing here. >> >> > >> >> /* sc_regs is structured the same as the start of pt_regs */ >> >> err = __copy_to_user(&sc->sc_regs, regs, sizeof(sc->sc_regs)); >> >> /* Save the floating-point state. */ >> >> if (has_fpu()) >> >> err |= save_fp_state(regs, &sc->sc_fpregs); >> >> /* Save the vector state. */ >> >> - if (has_vector() && riscv_v_vstate_query(regs)) >> >> + if (has_vector() && riscv_v_vstate_query(regs)) { >> >> err |= save_v_state(regs, (void __user **)&sc_ext_ptr); >> >> + sc_cfi = (struct __sc_riscv_cfi_state *) ((unsigned long) sc_cfi + riscv_v_sc_size); >> >> + } >> >> /* Write zero to fp-reserved space and check it on restore_sigcontext */ >> >> err |= __put_user(0, &sc->sc_extdesc.reserved); >> >> + /* >> >> + * Save a pointer to shadow stack itself on shadow stack as a form of token. >> >> + * A token on shadow gives following properties >> >> + * - Safe save and restore for shadow stack switching. Any save of shadow stack >> >> + * must have had saved a token on shadow stack. Similarly any restore of shadow >> >> + * stack must check the token before restore. Since writing to shadow stack with >> >> + * address of shadow stack itself is not easily allowed. A restore without a save >> >> + * is quite difficult for an attacker to perform. >> >> + * - A natural break. A token in shadow stack provides a natural break in shadow stack >> >> + * So a single linear range can be bucketed into different shadow stack segments. Any >> >> + * sspopchk will detect the condition and fault to kernel as sw check exception. >> >> + */ >> >> + if (is_shstk_enabled(current)) { >> >> + err |= save_user_shstk(current, &ss_ptr); >> >> + err |= __put_user(ss_ptr, &sc_cfi->ss_ptr); >> >> + } >> >> /* And put END __riscv_ctx_hdr at the end. */ >> >> err |= __put_user(END_MAGIC, &sc_ext_ptr->magic); >> >> err |= __put_user(END_HDR_SIZE, &sc_ext_ptr->size); >> >> @@ -345,6 +400,11 @@ static int setup_rt_frame(struct ksignal *ksig, sigset_t *set, >> >> #ifdef CONFIG_MMU >> >> regs->ra = (unsigned long)VDSO_SYMBOL( >> >> current->mm->context.vdso, rt_sigreturn); >> >> + >> >> + /* if bcfi is enabled x1 (ra) and x5 (t0) must match. not sure if we need this? */ >> >> + if (is_shstk_enabled(current)) >> >> + regs->t0 = regs->ra; >> >> + >> >> #else >> >> /* >> >> * For the nommu case we don't have a VDSO. Instead we push two >> >> diff --git a/arch/riscv/kernel/usercfi.c b/arch/riscv/kernel/usercfi.c >> >> index 8da509afdbe9..40c32258b6ec 100644 >> >> --- a/arch/riscv/kernel/usercfi.c >> >> +++ b/arch/riscv/kernel/usercfi.c >> >> @@ -52,6 +52,11 @@ void set_active_shstk(struct task_struct *task, unsigned long shstk_addr) >> >> task->thread_info.user_cfi_state.user_shdw_stk = shstk_addr; >> >> } >> >> >> >> +unsigned long get_active_shstk(struct task_struct *task) >> >> +{ >> >> + return task->thread_info.user_cfi_state.user_shdw_stk; >> >> +} >> >> + >> >> void set_shstk_status(struct task_struct *task, bool enable) >> >> { >> >> task->thread_info.user_cfi_state.ubcfi_en = enable ? 1 : 0; >> >> @@ -164,6 +169,58 @@ static int create_rstor_token(unsigned long ssp, unsigned long *token_addr) >> >> return 0; >> >> } >> >> >> >> +/* >> >> + * Save user shadow stack pointer on shadow stack itself and return pointer to saved location >> >> + * returns -EFAULT if operation was unsuccessful >> >> + */ >> >> +int save_user_shstk(struct task_struct *tsk, unsigned long *saved_shstk_ptr) >> >> +{ >> >> + unsigned long ss_ptr = 0; >> >> + unsigned long token_loc = 0; >> >> + int ret = 0; >> >> + >> >> + if (saved_shstk_ptr == NULL) >> >> + return -EINVAL; >> >> + >> >> + ss_ptr = get_active_shstk(tsk); >> >> + ret = create_rstor_token(ss_ptr, &token_loc); >> >> + >> >> + if (!ret) { >> >> + *saved_shstk_ptr = token_loc; >> >> + set_active_shstk(tsk, token_loc); >> >> + } >> >> + >> >> + return ret; >> >> +} >> >> + >> >> +/* >> >> + * Restores user shadow stack pointer from token on shadow stack for task `tsk` >> >> + * returns -EFAULT if operation was unsuccessful >> >> + */ >> >> +int restore_user_shstk(struct task_struct *tsk, unsigned long shstk_ptr) >> >> +{ >> >> + unsigned long token = 0; >> >> + >> >> + token = amo_user_shstk((unsigned long __user *)shstk_ptr, 0); >> >> + >> >> + if (token == -1) >> >> + return -EFAULT; >> >> + >> >> + /* invalid token, return EINVAL */ >> >> + if ((token - shstk_ptr) != SHSTK_ENTRY_SIZE) { >> >> + pr_info_ratelimited( >> >> + "%s[%d]: bad restore token in %s: pc=%p sp=%p, token=%p, shstk_ptr=%p\n", >> >> + tsk->comm, task_pid_nr(tsk), __func__, >> >> + (void *)(task_pt_regs(tsk)->epc), (void *)(task_pt_regs(tsk)->sp), >> >> + (void *)token, (void *)shstk_ptr); >> >> + return -EINVAL; >> >> + } >> >> + >> >> + /* all checks passed, set active shstk and return success */ >> >> + set_active_shstk(tsk, token); >> >> + return 0; >> >> +} >> >> + >> >> static unsigned long allocate_shadow_stack(unsigned long addr, unsigned long size, >> >> unsigned long token_offset, >> >> bool set_tok) >> >> -- >> >> 2.45.0 >> >> >> >> >> >> _______________________________________________ >> >> linux-riscv mailing list >> >> linux-riscv@lists.infradead.org >> >> http://lists.infradead.org/mailman/listinfo/linux-riscv >> > >> >- [1]: https://lore.kernel.org/all/20240628-dev-signal-refactor-v1-1-0c391b260261@sifive.com/ >> > >> >Thanks, >> >Andy > >Regards, >Andy From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 8058ACAC5AE for ; Tue, 17 Sep 2024 22:52:28 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:Content-Type: Content-Transfer-Encoding:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:In-Reply-To:MIME-Version:References:Message-ID: Subject:Cc:To:From:Date:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=zhqA1ts6QOjeTh0LR4G9Sxr3zworUlZGBentjRdjIp8=; b=wkQ8PAVmVFH93TqgCJb9MxVWSN TJd4o3b8htr1e89pBQmYQk7T/3U7pIZ5vCRv03yoQYFn2STICV0ox3X6khAKtmWaYDiZiSSoWZhW4 U3T0hfIhzDVUG+7Y6h8eOFPVYC+awgHMfnvXS7hGgEvjA9hZivcr6vsA9dvWIA40rQxCcEyacr/XC QBPiyLfGeeAuxcBRj8ENeuwLuRBRNZiaMD0hmNdeM4ua6JeU8tFTHe2QgXaDgP0ZudcBSrd+lYUN8 7uHkyAqq0ggYymtYjgqzVTuLsSzBAkTlkWVELVx882JVez6mxXgCDZEZ2QXo8a0Vn/iq/tr50ow62 1N2SvLdA==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1sqh3X-000000075II-2akr; Tue, 17 Sep 2024 22:52:23 +0000 Received: from mail-pl1-x636.google.com ([2607:f8b0:4864:20::636]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1sqh3T-000000075Gs-0oiP for linux-riscv@lists.infradead.org; Tue, 17 Sep 2024 22:52:21 +0000 Received: by mail-pl1-x636.google.com with SMTP id d9443c01a7336-2068acc8a4fso47890045ad.1 for ; Tue, 17 Sep 2024 15:52:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rivosinc-com.20230601.gappssmtp.com; s=20230601; t=1726613538; x=1727218338; darn=lists.infradead.org; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:references:message-id:subject:cc:to:from:date:from:to :cc:subject:date:message-id:reply-to; bh=8LgfL6ONVrdwnf/yGtLCv1uWs0otVWaD3MZUYHzEzNc=; b=XhZd2OCSOSUcQ/gC4uOc6wOm7nQlW1mrowle+LVqZc1oueVd48zwHq0YicQhsPgkJ6 Q68oY9XQ1FiGm1Ce5WcJZXN+sqNIq1WHpT+MV1X7EfcbJ7V1wYL9O9QBkA55l5VXITIL vOpQgPUSc30FKnDUfI0sgQmvGehqHrhDzB+Ew7tB7TjlYxN7jgKQpqYIMu65nSydjhs5 IcUX9Mktc2SDOfeu1yM0UFVS5pqwmEyW3E5N6Zk6VDNXagI/cnU02ogPvftApklxZRrX EJb3p7bDrxi0Fl1HQfvKrXq06z3QijbsOFVoFCW62pqDQo/xFClXjz0s0e0LShmGlPVw xvJg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1726613538; x=1727218338; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=8LgfL6ONVrdwnf/yGtLCv1uWs0otVWaD3MZUYHzEzNc=; b=DQc07Tni5J6M9ZmyQWPq2JSb4GUj04A13p4OBqcQCF3gLOag3onKSf/EZ2W97w8Qmx ZiMrabRFGgxOxvg3UV361BCXK7Yrs5CRY29W77x1UBIr/BmwWAm4Pm6MvVafsQie03FF Nkz5t32dsnVjkst83J7w/fKjQeIs1A4X70BHKqLkbtMd46Iq3LTmnI33wZxjJHhBX6Bl QGmkbhv1GK/W0ctQtYX5X5Hm4ZoOlT/j1nDJDhzVbU5hk5GJj+1dIM+2HmZIjIjU9Dw+ +SDRbsYZ1OG2gIWvcovcF1wk0Zvo3l43ILJbY3mtW0vM1GueB3fHVXpyyr4JZcbgBvEQ uVlQ== X-Forwarded-Encrypted: i=1; AJvYcCXZpdG13p+Dviyl9mBhB4uZgZE6kYKWzyQg/VQwjwyNZis9zSpIfUfMXcO2DyI3eT5O1g7sC6eg9KTvUw==@lists.infradead.org X-Gm-Message-State: AOJu0Yz3O6lQG4mNMgW3hdPguAAipShv7T6QYj/p+fYfSNFAs+XP1sqn 54lrwN2tBzKA7atzhrGmYW2QhycfXWscc14lYsjWkZ04ZHYIIz6sl+BJO4oRThw= X-Google-Smtp-Source: AGHT+IGhq1GnSQZF5MxVR/0K0G2NJThoWCkNzk83MwW/s6Yz+26hm9MeL/l8on1yytS+Oc/w/84WRw== X-Received: by 2002:a17:90b:164b:b0:2d8:aba8:787a with SMTP id 98e67ed59e1d1-2dbb9db9c78mr20241981a91.6.1726613537298; Tue, 17 Sep 2024 15:52:17 -0700 (PDT) Received: from debug.ba.rivosinc.com ([64.71.180.162]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-2dd609d2958sm16864a91.53.2024.09.17.15.52.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 17 Sep 2024 15:52:16 -0700 (PDT) Date: Tue, 17 Sep 2024 15:52:11 -0700 From: Deepak Gupta To: Andy Chiu Cc: paul.walmsley@sifive.com, palmer@sifive.com, conor@kernel.org, linux-doc@vger.kernel.org, linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org, devicetree@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, linux-arch@vger.kernel.org, linux-kselftest@vger.kernel.org, quic_zhonhan@quicinc.com, zong.li@sifive.com, zev@bewilderbeest.net, david@redhat.com, peterz@infradead.org, catalin.marinas@arm.com, broonie@kernel.org, dave.hansen@linux.intel.com, atishp@rivosinc.com, bjorn@rivosinc.com, namcaov@gmail.com, usama.anjum@collabora.com, guoren@kernel.org, alx@kernel.org, jszhang@kernel.org, hpa@zytor.com, puranjay@kernel.org, shuah@kernel.org, sorear@fastmail.com, costa.shul@redhat.com, robh@kernel.org, antonb@tenstorrent.com, quic_bjorande@quicinc.com, lorenzo.stoakes@oracle.com, corbet@lwn.net, dawei.li@shingroup.cn, anup@brainfault.org, deller@gmx.de, x86@kernel.org, andrii@kernel.org, willy@infradead.org, kees@kernel.org, mingo@redhat.com, libang.li@antgroup.com, samitolvanen@google.com, greentime.hu@sifive.com, osalvador@suse.de, ajones@ventanamicro.com, revest@chromium.org, ancientmodern4@gmail.com, aou@eecs.berkeley.edu, jerry.shih@sifive.com, alexghiti@rivosinc.com, arnd@arndb.de, yang.lee@linux.alibaba.com, charlie@rivosinc.com, bgray@linux.ibm.com, Liam.Howlett@oracle.com, leobras@redhat.com, songshuaishuai@tinylab.org, xiao.w.wang@intel.com, bp@alien8.de, cuiyunhui@bytedance.com, mchitale@ventanamicro.com, cleger@rivosinc.com, tglx@linutronix.de, krzk+dt@kernel.org, vbabka@suse.cz, brauner@kernel.org, bhe@redhat.com, ke.zhao@shingroup.cn, oleg@redhat.com, samuel.holland@sifive.com, ben.dooks@codethink.co.uk, evan@rivosinc.com, palmer@dabbelt.com, ebiederm@xmission.com, andy.chiu@sifive.com, schwab@suse.de, akpm@linux-foundation.org, sameo@rivosinc.com, tanzhasanwork@gmail.com, rppt@kernel.org, ryan.roberts@arm.com Subject: Re: [PATCH v4 23/30] riscv signal: save and restore of shadow stack for signal Message-ID: References: <20240912231650.3740732-1-debug@rivosinc.com> <20240912231650.3740732-24-debug@rivosinc.com> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20240917_155219_553608_2AEBC53C X-CRM114-Status: GOOD ( 35.00 ) X-BeenThere: linux-riscv@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: base64 Content-Type: text/plain; charset="utf-8"; Format="flowed" Sender: "linux-riscv" Errors-To: linux-riscv-bounces+linux-riscv=archiver.kernel.org@lists.infradead.org T24gV2VkLCBTZXAgMTgsIDIwMjQgYXQgMTI6MDM6NDVBTSArMDIwMCwgQW5keSBDaGl1IHdyb3Rl Ogo+RGVlcGFrIEd1cHRhIDxkZWJ1Z0ByaXZvc2luYy5jb20+IOaWvCAyMDI05bm0OeaciDE35pel IOmAseS6jCDkuIrljYgxMjowM+Wvq+mBk++8mgo+Pgo+PiBPbiBGcmksIFNlcCAxMywgMjAyNCBh dCAwOToyNTo1N1BNICswMjAwLCBBbmR5IENoaXUgd3JvdGU6Cj4+ID5IaSBEZWVwYWssCj4+ID4K Pj4gPkRlZXBhayBHdXB0YSA8ZGVidWdAcml2b3NpbmMuY29tPiDmlrwgMjAyNOW5tDnmnIgxM+aX pSDpgLHkupQg5LiK5Y2IMToyMOWvq+mBk++8mgo+PiA+Pgo+PiA+PiBTYXZlIHNoYWRvdyBzdGFj ayBwb2ludGVyIGluIHNpZ2NvbnRleHQgc3RydWN0dXJlIHdoaWxlIGRlbGl2ZXJpbmcgc2lnbmFs Lgo+PiA+PiBSZXN0b3JlIHNoYWRvdyBzdGFjayBwb2ludGVyIGZyb20gc2lnY29udGV4dCBvbiBz aWdyZXR1cm4uCj4+ID4+Cj4+ID4+IEFzIHBhcnQgb2Ygc2F2ZSBvcGVyYXRpb24sIGtlcm5lbCB1 c2VzIGBzc2Ftb3N3YXBgIHRvIHNhdmUgc25hcHNob3Qgb2YKPj4gPj4gY3VycmVudCBzaGFkb3cg c3RhY2sgb24gc2hhZG93IHN0YWNrIGl0c2VsZiAoY2FuIGJlIGNhbGxlZCBhcyBhIHNhdmUKPj4g Pj4gdG9rZW4pLiBEdXJpbmcgcmVzdG9yZSBvbiBzaWdyZXR1cm4sIGtlcm5lbCByZXRyaWV2ZXMg dG9rZW4gZnJvbSB0b3Agb2YKPj4gPj4gc2hhZG93IHN0YWNrIGFuZCB2YWxpZGF0ZXMgaXQuIFRo aXMgYWxsb3dzIHRoYXQgdXNlciBtb2RlIGNhbid0IGFyYml0cmFyeQo+PiA+PiBwaXZvdCB0byBh bnkgc2hhZG93IHN0YWNrIGFkZHJlc3Mgd2l0aG91dCBoYXZpbmcgYSB0b2tlbiBhbmQgdGh1cyBw cm92aWRlCj4+ID4+IHN0cm9uZyBzZWN1cml0eSBhc3N1cmFuY2UgYmV0d2VlbiBzaWduYWx5IGRl bGl2ZXJ5IGFuZCBzaWdyZXR1cm4gd2luZG93Lgo+PiA+Pgo+PiA+PiBTaWduZWQtb2ZmLWJ5OiBE ZWVwYWsgR3VwdGEgPGRlYnVnQHJpdm9zaW5jLmNvbT4KPj4gPj4gU3VnZ2VzdGVkLWJ5OiBBbmR5 IENoaXUgPGFuZHkuY2hpdUBzaWZpdmUuY29tPgo+PiA+PiAtLS0KPj4gPj4gIGFyY2gvcmlzY3Yv aW5jbHVkZS9hc20vdXNlcmNmaS5oIHwgMTkgKysrKysrKysrKwo+PiA+PiAgYXJjaC9yaXNjdi9r ZXJuZWwvc2lnbmFsLmMgICAgICAgfCA2MiArKysrKysrKysrKysrKysrKysrKysrKysrKysrKysr LQo+PiA+PiAgYXJjaC9yaXNjdi9rZXJuZWwvdXNlcmNmaS5jICAgICAgfCA1NyArKysrKysrKysr KysrKysrKysrKysrKysrKysrKwo+PiA+PiAgMyBmaWxlcyBjaGFuZ2VkLCAxMzcgaW5zZXJ0aW9u cygrKSwgMSBkZWxldGlvbigtKQo+PiA+Pgo+PiA+PiBkaWZmIC0tZ2l0IGEvYXJjaC9yaXNjdi9p bmNsdWRlL2FzbS91c2VyY2ZpLmggYi9hcmNoL3Jpc2N2L2luY2x1ZGUvYXNtL3VzZXJjZmkuaAo+ PiA+PiBpbmRleCAyMGE5MTAyY2NlNTEuLmQ1MDUwYTVkZjI2YyAxMDA2NDQKPj4gPj4gLS0tIGEv YXJjaC9yaXNjdi9pbmNsdWRlL2FzbS91c2VyY2ZpLmgKPj4gPj4gKysrIGIvYXJjaC9yaXNjdi9p bmNsdWRlL2FzbS91c2VyY2ZpLmgKPj4gPj4gQEAgLTgsNiArOCw3IEBACj4+ID4+ICAjaWZuZGVm IF9fQVNTRU1CTFlfXwo+PiA+PiAgI2luY2x1ZGUgPGxpbnV4L3R5cGVzLmg+Cj4+ID4+ICAjaW5j bHVkZSA8bGludXgvcHJjdGwuaD4KPj4gPj4gKyNpbmNsdWRlIDxsaW51eC9lcnJuby5oPgo+PiA+ Pgo+PiA+PiAgc3RydWN0IHRhc2tfc3RydWN0Owo+PiA+PiAgc3RydWN0IGtlcm5lbF9jbG9uZV9h cmdzOwo+PiA+PiBAQCAtMzUsNiArMzYsOSBAQCBib29sIGlzX3Noc3RrX2xvY2tlZChzdHJ1Y3Qg dGFza19zdHJ1Y3QgKnRhc2spOwo+PiA+PiAgYm9vbCBpc19zaHN0a19hbGxvY2F0ZWQoc3RydWN0 IHRhc2tfc3RydWN0ICp0YXNrKTsKPj4gPj4gIHZvaWQgc2V0X3Noc3RrX2xvY2soc3RydWN0IHRh c2tfc3RydWN0ICp0YXNrKTsKPj4gPj4gIHZvaWQgc2V0X3Noc3RrX3N0YXR1cyhzdHJ1Y3QgdGFz a19zdHJ1Y3QgKnRhc2ssIGJvb2wgZW5hYmxlKTsKPj4gPj4gK3Vuc2lnbmVkIGxvbmcgZ2V0X2Fj dGl2ZV9zaHN0ayhzdHJ1Y3QgdGFza19zdHJ1Y3QgKnRhc2spOwo+PiA+PiAraW50IHJlc3RvcmVf dXNlcl9zaHN0ayhzdHJ1Y3QgdGFza19zdHJ1Y3QgKnRzaywgdW5zaWduZWQgbG9uZyBzaHN0a19w dHIpOwo+PiA+PiAraW50IHNhdmVfdXNlcl9zaHN0ayhzdHJ1Y3QgdGFza19zdHJ1Y3QgKnRzaywg dW5zaWduZWQgbG9uZyAqc2F2ZWRfc2hzdGtfcHRyKTsKPj4gPj4gIGJvb2wgaXNfaW5kaXJfbHBf ZW5hYmxlZChzdHJ1Y3QgdGFza19zdHJ1Y3QgKnRhc2spOwo+PiA+PiAgYm9vbCBpc19pbmRpcl9s cF9sb2NrZWQoc3RydWN0IHRhc2tfc3RydWN0ICp0YXNrKTsKPj4gPj4gIHZvaWQgc2V0X2luZGly X2xwX3N0YXR1cyhzdHJ1Y3QgdGFza19zdHJ1Y3QgKnRhc2ssIGJvb2wgZW5hYmxlKTsKPj4gPj4g QEAgLTk2LDYgKzEwMCwyMSBAQCBzdGF0aWMgaW5saW5lIHZvaWQgc2V0X3Noc3RrX3N0YXR1cyhz dHJ1Y3QgdGFza19zdHJ1Y3QgKnRhc2ssIGJvb2wgZW5hYmxlKQo+PiA+Pgo+PiA+PiAgfQo+PiA+ Pgo+PiA+PiArc3RhdGljIGlubGluZSBpbnQgcmVzdG9yZV91c2VyX3Noc3RrKHN0cnVjdCB0YXNr X3N0cnVjdCAqdHNrLCB1bnNpZ25lZCBsb25nIHNoc3RrX3B0cikKPj4gPj4gK3sKPj4gPj4gKyAg ICAgICByZXR1cm4gLUVJTlZBTDsKPj4gPj4gK30KPj4gPj4gKwo+PiA+PiArc3RhdGljIGlubGlu ZSBpbnQgc2F2ZV91c2VyX3Noc3RrKHN0cnVjdCB0YXNrX3N0cnVjdCAqdHNrLCB1bnNpZ25lZCBs b25nICpzYXZlZF9zaHN0a19wdHIpCj4+ID4+ICt7Cj4+ID4+ICsgICAgICAgcmV0dXJuIC1FSU5W QUw7Cj4+ID4+ICt9Cj4+ID4+ICsKPj4gPj4gK3N0YXRpYyBpbmxpbmUgdW5zaWduZWQgbG9uZyBn ZXRfYWN0aXZlX3Noc3RrKHN0cnVjdCB0YXNrX3N0cnVjdCAqdGFzaykKPj4gPj4gK3sKPj4gPj4g KyAgICAgICByZXR1cm4gMDsKPj4gPj4gK30KPj4gPj4gKwo+PiA+PiAgc3RhdGljIGlubGluZSBi b29sIGlzX2luZGlyX2xwX2VuYWJsZWQoc3RydWN0IHRhc2tfc3RydWN0ICp0YXNrKQo+PiA+PiAg ewo+PiA+PiAgICAgICAgIHJldHVybiBmYWxzZTsKPj4gPj4gZGlmZiAtLWdpdCBhL2FyY2gvcmlz Y3Yva2VybmVsL3NpZ25hbC5jIGIvYXJjaC9yaXNjdi9rZXJuZWwvc2lnbmFsLmMKPj4gPj4gaW5k ZXggZGNkMjgyNDE5NDU2Li43ZDVjMTgyNTY1MGYgMTAwNjQ0Cj4+ID4+IC0tLSBhL2FyY2gvcmlz Y3Yva2VybmVsL3NpZ25hbC5jCj4+ID4+ICsrKyBiL2FyY2gvcmlzY3Yva2VybmVsL3NpZ25hbC5j Cj4+ID4+IEBAIC0yMiw2ICsyMiw3IEBACj4+ID4+ICAjaW5jbHVkZSA8YXNtL3ZlY3Rvci5oPgo+ PiA+PiAgI2luY2x1ZGUgPGFzbS9jc3IuaD4KPj4gPj4gICNpbmNsdWRlIDxhc20vY2FjaGVmbHVz aC5oPgo+PiA+PiArI2luY2x1ZGUgPGFzbS91c2VyY2ZpLmg+Cj4+ID4+Cj4+ID4+ICB1bnNpZ25l ZCBsb25nIHNpZ25hbF9taW5zaWdzdGtzeiBfX3JvX2FmdGVyX2luaXQ7Cj4+ID4+Cj4+ID4+IEBA IC0xNTMsNiArMTU0LDE2IEBAIHN0YXRpYyBsb25nIHJlc3RvcmVfc2lnY29udGV4dChzdHJ1Y3Qg cHRfcmVncyAqcmVncywKPj4gPj4gICAgICAgICB2b2lkIF9fdXNlciAqc2NfZXh0X3B0ciA9ICZz Yy0+c2NfZXh0ZGVzYy5oZHI7Cj4+ID4+ICAgICAgICAgX191MzIgcnN2ZDsKPj4gPj4gICAgICAg ICBsb25nIGVycjsKPj4gPj4gKyAgICAgICB1bnNpZ25lZCBsb25nIHNzX3B0ciA9IDA7Cj4+ID4+ ICsgICAgICAgc3RydWN0IF9fc2NfcmlzY3ZfY2ZpX3N0YXRlIF9fdXNlciAqc2NfY2ZpID0gTlVM TDsKPj4gPj4gKwo+PiA+PiArICAgICAgIHNjX2NmaSA9IChzdHJ1Y3QgX19zY19yaXNjdl9jZmlf c3RhdGUgKikKPj4gPj4gKyAgICAgICAgICAgICAgICAoKHVuc2lnbmVkIGxvbmcpIHNjX2V4dF9w dHIgKyBzaXplb2Yoc3RydWN0IF9fcmlzY3ZfY3R4X2hkcikpOwo+PiA+PiArCj4+ID4+ICsgICAg ICAgaWYgKGhhc192ZWN0b3IoKSAmJiByaXNjdl92X3ZzdGF0ZV9xdWVyeShyZWdzKSkKPj4gPj4g KyAgICAgICAgICAgICAgIHNjX2NmaSA9IChzdHJ1Y3QgX19zY19yaXNjdl9jZmlfc3RhdGUgKikK Pj4gPj4gKyAgICAgICAgICAgICAgICAgICAgICAgICgodW5zaWduZWQgbG9uZykgc2NfY2ZpICsg cmlzY3Zfdl9zY19zaXplKTsKPj4gPj4gKwo+PiA+PiAgICAgICAgIC8qIHNjX3JlZ3MgaXMgc3Ry dWN0dXJlZCB0aGUgc2FtZSBhcyB0aGUgc3RhcnQgb2YgcHRfcmVncyAqLwo+PiA+PiAgICAgICAg IGVyciA9IF9fY29weV9mcm9tX3VzZXIocmVncywgJnNjLT5zY19yZWdzLCBzaXplb2Yoc2MtPnNj X3JlZ3MpKTsKPj4gPj4gICAgICAgICBpZiAodW5saWtlbHkoZXJyKSkKPj4gPj4gQEAgLTE3Miw2 ICsxODMsMjQgQEAgc3RhdGljIGxvbmcgcmVzdG9yZV9zaWdjb250ZXh0KHN0cnVjdCBwdF9yZWdz ICpyZWdzLAo+PiA+PiAgICAgICAgIGlmICh1bmxpa2VseShyc3ZkKSkKPj4gPj4gICAgICAgICAg ICAgICAgIHJldHVybiAtRUlOVkFMOwo+PiA+Pgo+PiA+PiArICAgICAgIC8qCj4+ID4+ICsgICAg ICAgICogUmVzdG9yZSBzaGFkb3cgc3RhY2sgYXMgYSBmb3JtIG9mIHRva2VuIHN0b3JlZCBvbiBz aGFkb3cgc3RhY2sgaXRzZWxmIGFzIGEgc2FmZQo+PiA+PiArICAgICAgICAqIHdheSB0byByZXN0 b3JlLgo+PiA+PiArICAgICAgICAqIEEgdG9rZW4gb24gc2hhZG93IGdpdmVzIGZvbGxvd2luZyBw cm9wZXJ0aWVzCj4+ID4+ICsgICAgICAgICogICAgICAtIFNhZmUgc2F2ZSBhbmQgcmVzdG9yZSBm b3Igc2hhZG93IHN0YWNrIHN3aXRjaGluZy4gQW55IHNhdmUgb2Ygc2hhZG93IHN0YWNrCj4+ID4+ ICsgICAgICAgICogICAgICAgIG11c3QgaGF2ZSBoYWQgc2F2ZWQgYSB0b2tlbiBvbiBzaGFkb3cg c3RhY2suIFNpbWlsYXJseSBhbnkgcmVzdG9yZSBvZiBzaGFkb3cKPj4gPj4gKyAgICAgICAgKiAg ICAgICAgc3RhY2sgbXVzdCBjaGVjayB0aGUgdG9rZW4gYmVmb3JlIHJlc3RvcmUuIFNpbmNlIHdy aXRpbmcgdG8gc2hhZG93IHN0YWNrIHdpdGgKPj4gPj4gKyAgICAgICAgKiAgICAgICAgYWRkcmVz cyBvZiBzaGFkb3cgc3RhY2sgaXRzZWxmIGlzIG5vdCBlYXNpbHkgYWxsb3dlZC4gQSByZXN0b3Jl IHdpdGhvdXQgYSBzYXZlCj4+ID4+ICsgICAgICAgICogICAgICAgIGlzIHF1aXRlIGRpZmZpY3Vs dCBmb3IgYW4gYXR0YWNrZXIgdG8gcGVyZm9ybS4KPj4gPj4gKyAgICAgICAgKiAgICAgIC0gQSBu YXR1cmFsIGJyZWFrLiBBIHRva2VuIGluIHNoYWRvdyBzdGFjayBwcm92aWRlcyBhIG5hdHVyYWwg YnJlYWsgaW4gc2hhZG93IHN0YWNrCj4+ID4+ICsgICAgICAgICogICAgICAgIFNvIGEgc2luZ2xl IGxpbmVhciByYW5nZSBjYW4gYmUgYnVja2V0ZWQgaW50byBkaWZmZXJlbnQgc2hhZG93IHN0YWNr IHNlZ21lbnRzLgo+PiA+PiArICAgICAgICAqICAgICAgICBzc3BvcGNoayB3aWxsIGRldGVjdCB0 aGUgY29uZGl0aW9uIGFuZCBmYXVsdCB0byBrZXJuZWwgYXMgc3cgY2hlY2sgZXhjZXB0aW9uLgo+ PiA+PiArICAgICAgICAqLwo+PiA+PiArICAgICAgIGlmIChpc19zaHN0a19lbmFibGVkKGN1cnJl bnQpKSB7Cj4+ID4+ICsgICAgICAgICAgICAgICBlcnIgfD0gX19jb3B5X2Zyb21fdXNlcigmc3Nf cHRyLCAmc2NfY2ZpLT5zc19wdHIsIHNpemVvZih1bnNpZ25lZCBsb25nKSk7Cj4+ID4+ICsgICAg ICAgICAgICAgICBlcnIgfD0gcmVzdG9yZV91c2VyX3Noc3RrKGN1cnJlbnQsIHNzX3B0cik7Cj4+ ID4+ICsgICAgICAgfQo+PiA+PiArCj4+ID4+ICAgICAgICAgd2hpbGUgKCFlcnIpIHsKPj4gPj4g ICAgICAgICAgICAgICAgIF9fdTMyIG1hZ2ljLCBzaXplOwo+PiA+PiAgICAgICAgICAgICAgICAg c3RydWN0IF9fcmlzY3ZfY3R4X2hkciBfX3VzZXIgKmhlYWQgPSBzY19leHRfcHRyOwo+PiA+PiBA QCAtMjE1LDYgKzI0NCwxMCBAQCBzdGF0aWMgc2l6ZV90IGdldF9ydF9mcmFtZV9zaXplKGJvb2wg Y2FsX2FsbCkKPj4gPj4gICAgICAgICAgICAgICAgIGlmIChjYWxfYWxsIHx8IHJpc2N2X3ZfdnN0 YXRlX3F1ZXJ5KHRhc2tfcHRfcmVncyhjdXJyZW50KSkpCj4+ID4+ICAgICAgICAgICAgICAgICAg ICAgICAgIHRvdGFsX2NvbnRleHRfc2l6ZSArPSByaXNjdl92X3NjX3NpemU7Cj4+ID4+ICAgICAg ICAgfQo+PiA+PiArCj4+ID4+ICsgICAgICAgaWYgKGlzX3Noc3RrX2VuYWJsZWQoY3VycmVudCkp Cj4+ID4+ICsgICAgICAgICAgICAgICB0b3RhbF9jb250ZXh0X3NpemUgKz0gc2l6ZW9mKHN0cnVj dCBfX3NjX3Jpc2N2X2NmaV9zdGF0ZSk7Cj4+ID4+ICsKPj4gPj4gICAgICAgICAvKgo+PiA+PiAg ICAgICAgICAqIFByZXNlcnZlZCBhIF9fcmlzY3ZfY3R4X2hkciBmb3IgRU5EIHNpZ25hbCBjb250 ZXh0IGhlYWRlciBpZiBhbgo+PiA+PiAgICAgICAgICAqIGV4dGVuc2lvbiB1c2VzIF9fcmlzY3Zf ZXh0cmFfZXh0X2hlYWRlcgo+PiA+PiBAQCAtMjc2LDE4ICszMDksNDAgQEAgc3RhdGljIGxvbmcg c2V0dXBfc2lnY29udGV4dChzdHJ1Y3QgcnRfc2lnZnJhbWUgX191c2VyICpmcmFtZSwKPj4gPj4g IHsKPj4gPj4gICAgICAgICBzdHJ1Y3Qgc2lnY29udGV4dCBfX3VzZXIgKnNjID0gJmZyYW1lLT51 Yy51Y19tY29udGV4dDsKPj4gPj4gICAgICAgICBzdHJ1Y3QgX19yaXNjdl9jdHhfaGRyIF9fdXNl ciAqc2NfZXh0X3B0ciA9ICZzYy0+c2NfZXh0ZGVzYy5oZHI7Cj4+ID4+ICsgICAgICAgdW5zaWdu ZWQgbG9uZyBzc19wdHIgPSAwOwo+PiA+PiArICAgICAgIHN0cnVjdCBfX3NjX3Jpc2N2X2NmaV9z dGF0ZSBfX3VzZXIgKnNjX2NmaSA9IE5VTEw7Cj4+ID4+ICAgICAgICAgbG9uZyBlcnI7Cj4+ID4+ Cj4+ID4+ICsgICAgICAgc2NfY2ZpID0gKHN0cnVjdCBfX3NjX3Jpc2N2X2NmaV9zdGF0ZSAqKSAo c2NfZXh0X3B0ciArIDEpOwo+PiA+PiArCj4+ID4KPj4gPklzIGl0IGludGVuZGVkIHRoYXQgY2Zp IHNpZ2NvbnRleHQgZG9lcyBub3QgZm9sbG93IHRoZSBzaWdjb250ZXh0IHJ1bGUKPj4gPnNldHVw IGJ5IFZlY3Rvcj8gSXQgc2VlbXMgbGlrZSB0aGVyZSBpcyBubyBleHRlbnNpb24gaGVhZGVyIChz dHJ1Y3QKPj4gPl9fcmlzY3ZfY3R4X2hkcikgZGVmaW5lZCBmb3IgY2ZpIHNpZ2NvbnRleHQgaGVy ZS4gSWYgdGhlIHNpZ2NvbnRleHQgaXMKPj4gPmRpcmVjdGx5IGFwcGVuZGVkIHRvIHRoZSBzaWdu YWwgc3RhY2ssIHRoZSB1c2VyIG1heSBub3QgYmUgYWJsZSB0bwo+PiA+cmVjb2duaXplIHRoZSBt ZWFuaW5nIHdpdGhvdXQgZGVmaW5pbmcgYSBuZXcgQUJJLgo+Pgo+PiBIbW0uLi4gSSBkaWRuJ3Qg cmVhbGl6ZSB0aGF0IHN0cnVjdCBgc3RydWN0IF9fcmlzY3ZfY3R4X2hkcmAgaXMgc3Ryb25nbHkK Pj4gdGllZCB0byB2ZWN0b3Igc3RhdGUuIEkgd2FzIHVuZGVyIHRoZSBpbXByZXNzaW9uIHRoYXQg YW55IG5ldyBleHRlbmRlZAo+PiBzdGF0ZSBhZGRpdGlvbiB3b3VsZCByZXF1aXJlIHRoaXMgaGVh ZGVyIHRvIGJlIHByZXNlbnQuCj4KPl9fcmlzY3ZfY3R4X2hkciBpcyBub3QgdGllZCB0byB2ZWN0 b3Igc3RhdGUuIFlvdXIgaW1wcmVzc2lvbiBpcyBub3QKPndyb25nLiBXaGVuIHNpZ2NvbnRleHQg Zm9yIFZlY3RvciB3YXMgZGVzaWduZWQsIGl0IGlzIGludGVuZGVkIHRoYXQKPmV2ZXJ5IG5ldyBl eHRlbnNpb24gc2hvdWxkIGRlZmluZSBpdHMgaGVhZGVyLCBwbGVhc2UgY2hlY2sKPlJJU0NWX1Zf TUFHSUMuIFRoZSBtYWdpYyB2YWx1ZSBhbmQgdGhlIHNpemUgb2YgdGhlIGV4dGVuc2lvbiBhZGRl ZCB0bwo+dGhlIHNpZ2NvbnRleHQgYXJlIHdyaXR0ZW4gaW50byBlYWNoIGhkci0+bWFnaWMgYW5k IGhkci0+c2l6ZS4KPkhvd2V2ZXIsIEkgZGlkIG5vdCBmaW5kIHRoZSBjb3JyZXNwb25kaW5nIGNv ZGUgaW4gdGhpcyBwYXRjaC4gT3IsCj5tYXliZSBJIGFtIG1pc3Npbmcgc29tZXRoaW5nIG9idmlv dXMuIENvdWxkIHlvdSBoZWxwIHBvaW50IG1lIG91dCBpdD8KClNvcnJ5IEkgd2FzIHVuZGVyIHRo ZSBpbXByZXNzaW9uIHRoYXQgdGhlcmUgaXMgb25seSBvbmUgY3R4IGhlYWRlciBmb3IKYWxsIGV4 dGVuZGVkIHN0YXRlLiBJdCBzZWVtcyBsaWtlIGZyb20gdGhpcyBjb252ZXJzYXRpb24sIGFueSBu ZXcgc3RhdGUKbXVzdCBkZWNsYXJlIGl0J3Mgb3duIGhlYWRlciwgbWFnaWMgd29yZCBhbmQgc2l6 ZS4KCk5vdyB0aGF0IEkgYW0gaGF2aW5nIHRoaXMgY29udmVyc2F0aW9uLCBpdCBzZWVtcyBsaWtl IHRoYXQgdGhlIGlkZWEgZm9yCmhhdmluZyBjdHggaGVhZGVyIGlzIHRvIGVuc3VyZSB0aGF0IGFu eSBzb2Z0d2FyZSAodXNlciBzcGFjZSBvciBrZXJuZWwpCm11c3QgcGFyc2Ugc2lnY29udGV4dCBi ZXlvbmcgcHRfcmVncyBpdGVyYXRpdmVseSBhbmQgc3RhcnQgcG9raW5nIG9ubHkKd2hlbiBpdCBz ZWVzIHJlbGV2YW50IGRhdGEgc3RydWN0dXJlIChiYXNlZCBvbiBtYWdpYyB3b3JkPykKCkhvcGVm dWxseSwgSSBnb3QgaXQgcmlnaHQgdGhpcyB0aW1lLiBJJ2xsIGZpeCBpdCwgaWYgdGhhdCdzIHRo ZSBpbnRlbnRpb24KaGVyZS4KCj4KPj4KPj4gY2ZpIHNpZ2NvbnRlbnh0IGRvZXNuJ3QgbmVlZCBh bnkgQUJJIGJldHdlZW4gdXNlciBhbmQga2VybmVsIGhlcmUuIFdlIG5lZWQKPj4gdGhpcyBzcGFj ZSBzbyB0aGF0IGtlcm5lbCBjYW4gc2F2ZSBhIHBvaW50ZXIgdG8gc2hhZG93IHN0YWNrIHRva2Vu IG9uIHNpZ25hbAo+PiBkZWxpdmVyeS4gT25jZSBzaWdyZXR1cm4gaGFwcGVucywga2VybmVsIHdp bGwgdXNlIHRoZSBzYW1lIHBvaW50ZXIsIHZlcmlmeQo+PiB0aGUgdG9rZW4gc2F2ZWQgb24gc2hh ZG93IHN0YWNrIGFuZCByZXN0b3JlIHNoYWRvdyBzdGFjayBmb3IgdXNlciBtb2RlLgo+PiBBdCBu byBwb2ludCBpbiB0aGlzIHNjaGVtZSwgdXNlciBtb2RlIGlzIHJlcXVpcmVkIHRvIHBlcmZvcm0g YW55IGFjdGlvbi4KPj4KPj4gQWxsIHRoYXQgaXMgbmVlZGVkIGlzIHRoYXQgdXNlciBtb2RlIGRv ZXNuJ3QgYWNjaWRlbmx5IHRyYW1wbGUgYXQgdGhpcyBvZmZzZXQuCj4+Cj4+IFNpbmNlIEkgd2Fz IHVuZGVyIHRoZSBpbXByZXNzaW9uIHRoYXQgYHN0cnVjdCBfX3Jpc2N2X2N0eF9oZHJgIGlzIHRo ZXJlIGZvcgo+PiBjb250ZXh0IGV4dGVuc2lvbiBhbmQgbXVzdCBiZSBwcmVzZW50IGZvciBhbnkg c3RhdGUgYmV5b25kIGBzY19yZWdzYCwgSSBhc3N1bWVkCj4+IHRoYXQgSSBtdXN0IG1ha2Ugc3Bh Y2UgZm9yIHRoaXMgaGVhZGVyIChldmVuIGlmIHZlY3RvciBzdGF0ZSBpcyBub3QgcHJlc2VudCku Cj4+Cj4+ID4KPj4gPkJUVywgSSBoYXZlIHNlbnQgYSBwYXRjaFsxXSB0aGF0IHJlZmFjdG9yIHNl dHVwX3NpZ2NvbnRleHQgc28gaXQnZCBiZQo+PiA+ZWFzaWVyIGZvciBmdXR1cmUgZXh0ZW5zaW9u cyB0byBleHBhbmQgb24gdGhlIHNpZ25hbCBzdGFjay4KPj4KPj4gSSBjYW4gYWRvcHQgdG8gdGhp cywgYWx0aG91Z2ggaXRzIG9ydGhvZ29uYWwgdG8gd2hhdCB3ZSBhcmUgZGlzY3Vzc2luZyBoZXJl Lgo+Pgo+PiA+Cj4+ID4+ICAgICAgICAgLyogc2NfcmVncyBpcyBzdHJ1Y3R1cmVkIHRoZSBzYW1l IGFzIHRoZSBzdGFydCBvZiBwdF9yZWdzICovCj4+ID4+ICAgICAgICAgZXJyID0gX19jb3B5X3Rv X3VzZXIoJnNjLT5zY19yZWdzLCByZWdzLCBzaXplb2Yoc2MtPnNjX3JlZ3MpKTsKPj4gPj4gICAg ICAgICAvKiBTYXZlIHRoZSBmbG9hdGluZy1wb2ludCBzdGF0ZS4gKi8KPj4gPj4gICAgICAgICBp ZiAoaGFzX2ZwdSgpKQo+PiA+PiAgICAgICAgICAgICAgICAgZXJyIHw9IHNhdmVfZnBfc3RhdGUo cmVncywgJnNjLT5zY19mcHJlZ3MpOwo+PiA+PiAgICAgICAgIC8qIFNhdmUgdGhlIHZlY3RvciBz dGF0ZS4gKi8KPj4gPj4gLSAgICAgICBpZiAoaGFzX3ZlY3RvcigpICYmIHJpc2N2X3ZfdnN0YXRl X3F1ZXJ5KHJlZ3MpKQo+PiA+PiArICAgICAgIGlmIChoYXNfdmVjdG9yKCkgJiYgcmlzY3Zfdl92 c3RhdGVfcXVlcnkocmVncykpIHsKPj4gPj4gICAgICAgICAgICAgICAgIGVyciB8PSBzYXZlX3Zf c3RhdGUocmVncywgKHZvaWQgX191c2VyICoqKSZzY19leHRfcHRyKTsKPj4gPj4gKyAgICAgICAg ICAgICAgIHNjX2NmaSA9IChzdHJ1Y3QgX19zY19yaXNjdl9jZmlfc3RhdGUgKikgKCh1bnNpZ25l ZCBsb25nKSBzY19jZmkgKyByaXNjdl92X3NjX3NpemUpOwo+PiA+PiArICAgICAgIH0KPj4gPj4g ICAgICAgICAvKiBXcml0ZSB6ZXJvIHRvIGZwLXJlc2VydmVkIHNwYWNlIGFuZCBjaGVjayBpdCBv biByZXN0b3JlX3NpZ2NvbnRleHQgKi8KPj4gPj4gICAgICAgICBlcnIgfD0gX19wdXRfdXNlcigw LCAmc2MtPnNjX2V4dGRlc2MucmVzZXJ2ZWQpOwo+PiA+PiArICAgICAgIC8qCj4+ID4+ICsgICAg ICAgICogU2F2ZSBhIHBvaW50ZXIgdG8gc2hhZG93IHN0YWNrIGl0c2VsZiBvbiBzaGFkb3cgc3Rh Y2sgYXMgYSBmb3JtIG9mIHRva2VuLgo+PiA+PiArICAgICAgICAqIEEgdG9rZW4gb24gc2hhZG93 IGdpdmVzIGZvbGxvd2luZyBwcm9wZXJ0aWVzCj4+ID4+ICsgICAgICAgICogICAgICAtIFNhZmUg c2F2ZSBhbmQgcmVzdG9yZSBmb3Igc2hhZG93IHN0YWNrIHN3aXRjaGluZy4gQW55IHNhdmUgb2Yg c2hhZG93IHN0YWNrCj4+ID4+ICsgICAgICAgICogICAgICAgIG11c3QgaGF2ZSBoYWQgc2F2ZWQg YSB0b2tlbiBvbiBzaGFkb3cgc3RhY2suIFNpbWlsYXJseSBhbnkgcmVzdG9yZSBvZiBzaGFkb3cK Pj4gPj4gKyAgICAgICAgKiAgICAgICAgc3RhY2sgbXVzdCBjaGVjayB0aGUgdG9rZW4gYmVmb3Jl IHJlc3RvcmUuIFNpbmNlIHdyaXRpbmcgdG8gc2hhZG93IHN0YWNrIHdpdGgKPj4gPj4gKyAgICAg ICAgKiAgICAgICAgYWRkcmVzcyBvZiBzaGFkb3cgc3RhY2sgaXRzZWxmIGlzIG5vdCBlYXNpbHkg YWxsb3dlZC4gQSByZXN0b3JlIHdpdGhvdXQgYSBzYXZlCj4+ID4+ICsgICAgICAgICogICAgICAg IGlzIHF1aXRlIGRpZmZpY3VsdCBmb3IgYW4gYXR0YWNrZXIgdG8gcGVyZm9ybS4KPj4gPj4gKyAg ICAgICAgKiAgICAgIC0gQSBuYXR1cmFsIGJyZWFrLiBBIHRva2VuIGluIHNoYWRvdyBzdGFjayBw cm92aWRlcyBhIG5hdHVyYWwgYnJlYWsgaW4gc2hhZG93IHN0YWNrCj4+ID4+ICsgICAgICAgICog ICAgICAgIFNvIGEgc2luZ2xlIGxpbmVhciByYW5nZSBjYW4gYmUgYnVja2V0ZWQgaW50byBkaWZm ZXJlbnQgc2hhZG93IHN0YWNrIHNlZ21lbnRzLiBBbnkKPj4gPj4gKyAgICAgICAgKiAgICAgICAg c3Nwb3BjaGsgd2lsbCBkZXRlY3QgdGhlIGNvbmRpdGlvbiBhbmQgZmF1bHQgdG8ga2VybmVsIGFz IHN3IGNoZWNrIGV4Y2VwdGlvbi4KPj4gPj4gKyAgICAgICAgKi8KPj4gPj4gKyAgICAgICBpZiAo aXNfc2hzdGtfZW5hYmxlZChjdXJyZW50KSkgewo+PiA+PiArICAgICAgICAgICAgICAgZXJyIHw9 IHNhdmVfdXNlcl9zaHN0ayhjdXJyZW50LCAmc3NfcHRyKTsKPj4gPj4gKyAgICAgICAgICAgICAg IGVyciB8PSBfX3B1dF91c2VyKHNzX3B0ciwgJnNjX2NmaS0+c3NfcHRyKTsKPj4gPj4gKyAgICAg ICB9Cj4+ID4+ICAgICAgICAgLyogQW5kIHB1dCBFTkQgX19yaXNjdl9jdHhfaGRyIGF0IHRoZSBl bmQuICovCj4+ID4+ICAgICAgICAgZXJyIHw9IF9fcHV0X3VzZXIoRU5EX01BR0lDLCAmc2NfZXh0 X3B0ci0+bWFnaWMpOwo+PiA+PiAgICAgICAgIGVyciB8PSBfX3B1dF91c2VyKEVORF9IRFJfU0la RSwgJnNjX2V4dF9wdHItPnNpemUpOwo+PiA+PiBAQCAtMzQ1LDYgKzQwMCwxMSBAQCBzdGF0aWMg aW50IHNldHVwX3J0X2ZyYW1lKHN0cnVjdCBrc2lnbmFsICprc2lnLCBzaWdzZXRfdCAqc2V0LAo+ PiA+PiAgI2lmZGVmIENPTkZJR19NTVUKPj4gPj4gICAgICAgICByZWdzLT5yYSA9ICh1bnNpZ25l ZCBsb25nKVZEU09fU1lNQk9MKAo+PiA+PiAgICAgICAgICAgICAgICAgY3VycmVudC0+bW0tPmNv bnRleHQudmRzbywgcnRfc2lncmV0dXJuKTsKPj4gPj4gKwo+PiA+PiArICAgICAgIC8qIGlmIGJj ZmkgaXMgZW5hYmxlZCB4MSAocmEpIGFuZCB4NSAodDApIG11c3QgbWF0Y2guIG5vdCBzdXJlIGlm IHdlIG5lZWQgdGhpcz8gKi8KPj4gPj4gKyAgICAgICBpZiAoaXNfc2hzdGtfZW5hYmxlZChjdXJy ZW50KSkKPj4gPj4gKyAgICAgICAgICAgICAgIHJlZ3MtPnQwID0gcmVncy0+cmE7Cj4+ID4+ICsK Pj4gPj4gICNlbHNlCj4+ID4+ICAgICAgICAgLyoKPj4gPj4gICAgICAgICAgKiBGb3IgdGhlIG5v bW11IGNhc2Ugd2UgZG9uJ3QgaGF2ZSBhIFZEU08uICBJbnN0ZWFkIHdlIHB1c2ggdHdvCj4+ID4+ IGRpZmYgLS1naXQgYS9hcmNoL3Jpc2N2L2tlcm5lbC91c2VyY2ZpLmMgYi9hcmNoL3Jpc2N2L2tl cm5lbC91c2VyY2ZpLmMKPj4gPj4gaW5kZXggOGRhNTA5YWZkYmU5Li40MGMzMjI1OGI2ZWMgMTAw NjQ0Cj4+ID4+IC0tLSBhL2FyY2gvcmlzY3Yva2VybmVsL3VzZXJjZmkuYwo+PiA+PiArKysgYi9h cmNoL3Jpc2N2L2tlcm5lbC91c2VyY2ZpLmMKPj4gPj4gQEAgLTUyLDYgKzUyLDExIEBAIHZvaWQg c2V0X2FjdGl2ZV9zaHN0ayhzdHJ1Y3QgdGFza19zdHJ1Y3QgKnRhc2ssIHVuc2lnbmVkIGxvbmcg c2hzdGtfYWRkcikKPj4gPj4gICAgICAgICB0YXNrLT50aHJlYWRfaW5mby51c2VyX2NmaV9zdGF0 ZS51c2VyX3NoZHdfc3RrID0gc2hzdGtfYWRkcjsKPj4gPj4gIH0KPj4gPj4KPj4gPj4gK3Vuc2ln bmVkIGxvbmcgZ2V0X2FjdGl2ZV9zaHN0ayhzdHJ1Y3QgdGFza19zdHJ1Y3QgKnRhc2spCj4+ID4+ ICt7Cj4+ID4+ICsgICAgICAgcmV0dXJuIHRhc2stPnRocmVhZF9pbmZvLnVzZXJfY2ZpX3N0YXRl LnVzZXJfc2hkd19zdGs7Cj4+ID4+ICt9Cj4+ID4+ICsKPj4gPj4gIHZvaWQgc2V0X3Noc3RrX3N0 YXR1cyhzdHJ1Y3QgdGFza19zdHJ1Y3QgKnRhc2ssIGJvb2wgZW5hYmxlKQo+PiA+PiAgewo+PiA+ PiAgICAgICAgIHRhc2stPnRocmVhZF9pbmZvLnVzZXJfY2ZpX3N0YXRlLnViY2ZpX2VuID0gZW5h YmxlID8gMSA6IDA7Cj4+ID4+IEBAIC0xNjQsNiArMTY5LDU4IEBAIHN0YXRpYyBpbnQgY3JlYXRl X3JzdG9yX3Rva2VuKHVuc2lnbmVkIGxvbmcgc3NwLCB1bnNpZ25lZCBsb25nICp0b2tlbl9hZGRy KQo+PiA+PiAgICAgICAgIHJldHVybiAwOwo+PiA+PiAgfQo+PiA+Pgo+PiA+PiArLyoKPj4gPj4g KyAqIFNhdmUgdXNlciBzaGFkb3cgc3RhY2sgcG9pbnRlciBvbiBzaGFkb3cgc3RhY2sgaXRzZWxm IGFuZCByZXR1cm4gcG9pbnRlciB0byBzYXZlZCBsb2NhdGlvbgo+PiA+PiArICogcmV0dXJucyAt RUZBVUxUIGlmIG9wZXJhdGlvbiB3YXMgdW5zdWNjZXNzZnVsCj4+ID4+ICsgKi8KPj4gPj4gK2lu dCBzYXZlX3VzZXJfc2hzdGsoc3RydWN0IHRhc2tfc3RydWN0ICp0c2ssIHVuc2lnbmVkIGxvbmcg KnNhdmVkX3Noc3RrX3B0cikKPj4gPj4gK3sKPj4gPj4gKyAgICAgICB1bnNpZ25lZCBsb25nIHNz X3B0ciA9IDA7Cj4+ID4+ICsgICAgICAgdW5zaWduZWQgbG9uZyB0b2tlbl9sb2MgPSAwOwo+PiA+ PiArICAgICAgIGludCByZXQgPSAwOwo+PiA+PiArCj4+ID4+ICsgICAgICAgaWYgKHNhdmVkX3No c3RrX3B0ciA9PSBOVUxMKQo+PiA+PiArICAgICAgICAgICAgICAgcmV0dXJuIC1FSU5WQUw7Cj4+ ID4+ICsKPj4gPj4gKyAgICAgICBzc19wdHIgPSBnZXRfYWN0aXZlX3Noc3RrKHRzayk7Cj4+ID4+ ICsgICAgICAgcmV0ID0gY3JlYXRlX3JzdG9yX3Rva2VuKHNzX3B0ciwgJnRva2VuX2xvYyk7Cj4+ ID4+ICsKPj4gPj4gKyAgICAgICBpZiAoIXJldCkgewo+PiA+PiArICAgICAgICAgICAgICAgKnNh dmVkX3Noc3RrX3B0ciA9IHRva2VuX2xvYzsKPj4gPj4gKyAgICAgICAgICAgICAgIHNldF9hY3Rp dmVfc2hzdGsodHNrLCB0b2tlbl9sb2MpOwo+PiA+PiArICAgICAgIH0KPj4gPj4gKwo+PiA+PiAr ICAgICAgIHJldHVybiByZXQ7Cj4+ID4+ICt9Cj4+ID4+ICsKPj4gPj4gKy8qCj4+ID4+ICsgKiBS ZXN0b3JlcyB1c2VyIHNoYWRvdyBzdGFjayBwb2ludGVyIGZyb20gdG9rZW4gb24gc2hhZG93IHN0 YWNrIGZvciB0YXNrIGB0c2tgCj4+ID4+ICsgKiByZXR1cm5zIC1FRkFVTFQgaWYgb3BlcmF0aW9u IHdhcyB1bnN1Y2Nlc3NmdWwKPj4gPj4gKyAqLwo+PiA+PiAraW50IHJlc3RvcmVfdXNlcl9zaHN0 ayhzdHJ1Y3QgdGFza19zdHJ1Y3QgKnRzaywgdW5zaWduZWQgbG9uZyBzaHN0a19wdHIpCj4+ID4+ ICt7Cj4+ID4+ICsgICAgICAgdW5zaWduZWQgbG9uZyB0b2tlbiA9IDA7Cj4+ID4+ICsKPj4gPj4g KyAgICAgICB0b2tlbiA9IGFtb191c2VyX3Noc3RrKCh1bnNpZ25lZCBsb25nIF9fdXNlciAqKXNo c3RrX3B0ciwgMCk7Cj4+ID4+ICsKPj4gPj4gKyAgICAgICBpZiAodG9rZW4gPT0gLTEpCj4+ID4+ ICsgICAgICAgICAgICAgICByZXR1cm4gLUVGQVVMVDsKPj4gPj4gKwo+PiA+PiArICAgICAgIC8q IGludmFsaWQgdG9rZW4sIHJldHVybiBFSU5WQUwgKi8KPj4gPj4gKyAgICAgICBpZiAoKHRva2Vu IC0gc2hzdGtfcHRyKSAhPSBTSFNUS19FTlRSWV9TSVpFKSB7Cj4+ID4+ICsgICAgICAgICAgICAg ICBwcl9pbmZvX3JhdGVsaW1pdGVkKAo+PiA+PiArICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICIlc1slZF06IGJhZCByZXN0b3JlIHRva2VuIGluICVzOiBwYz0lcCBzcD0lcCwgdG9rZW49 JXAsIHNoc3RrX3B0cj0lcFxuIiwKPj4gPj4gKyAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICB0c2stPmNvbW0sIHRhc2tfcGlkX25yKHRzayksIF9fZnVuY19fLAo+PiA+PiArICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICh2b2lkICopKHRhc2tfcHRfcmVncyh0c2spLT5lcGMpLCAo dm9pZCAqKSh0YXNrX3B0X3JlZ3ModHNrKS0+c3ApLAo+PiA+PiArICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICh2b2lkICopdG9rZW4sICh2b2lkICopc2hzdGtfcHRyKTsKPj4gPj4gKyAg ICAgICAgICAgICAgIHJldHVybiAtRUlOVkFMOwo+PiA+PiArICAgICAgIH0KPj4gPj4gKwo+PiA+ PiArICAgICAgIC8qIGFsbCBjaGVja3MgcGFzc2VkLCBzZXQgYWN0aXZlIHNoc3RrIGFuZCByZXR1 cm4gc3VjY2VzcyAqLwo+PiA+PiArICAgICAgIHNldF9hY3RpdmVfc2hzdGsodHNrLCB0b2tlbik7 Cj4+ID4+ICsgICAgICAgcmV0dXJuIDA7Cj4+ID4+ICt9Cj4+ID4+ICsKPj4gPj4gIHN0YXRpYyB1 bnNpZ25lZCBsb25nIGFsbG9jYXRlX3NoYWRvd19zdGFjayh1bnNpZ25lZCBsb25nIGFkZHIsIHVu c2lnbmVkIGxvbmcgc2l6ZSwKPj4gPj4gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB1 bnNpZ25lZCBsb25nIHRva2VuX29mZnNldCwKPj4gPj4gICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICBib29sIHNldF90b2spCj4+ID4+IC0tCj4+ID4+IDIuNDUuMAo+PiA+Pgo+PiA+Pgo+ PiA+PiBfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXwo+PiA+ PiBsaW51eC1yaXNjdiBtYWlsaW5nIGxpc3QKPj4gPj4gbGludXgtcmlzY3ZAbGlzdHMuaW5mcmFk ZWFkLm9yZwo+PiA+PiBodHRwOi8vbGlzdHMuaW5mcmFkZWFkLm9yZy9tYWlsbWFuL2xpc3RpbmZv L2xpbnV4LXJpc2N2Cj4+ID4KPj4gPi0gWzFdOiBodHRwczovL2xvcmUua2VybmVsLm9yZy9hbGwv MjAyNDA2MjgtZGV2LXNpZ25hbC1yZWZhY3Rvci12MS0xLTBjMzkxYjI2MDI2MUBzaWZpdmUuY29t Lwo+PiA+Cj4+ID5UaGFua3MsCj4+ID5BbmR5Cj4KPlJlZ2FyZHMsCj5BbmR5CgpfX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXwpsaW51eC1yaXNjdiBtYWlsaW5n IGxpc3QKbGludXgtcmlzY3ZAbGlzdHMuaW5mcmFkZWFkLm9yZwpodHRwOi8vbGlzdHMuaW5mcmFk ZWFkLm9yZy9tYWlsbWFuL2xpc3RpbmZvL2xpbnV4LXJpc2N2Cg==