From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-pj1-f45.google.com (mail-pj1-f45.google.com [209.85.216.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 852DC283FF8 for ; Fri, 26 Sep 2025 21:07:10 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.45 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1758920832; cv=none; b=n3r9alQ1TFWut57YiiypUJtuAuPczDPL1g+TbOrj4Hdhh6xLv6+pK/R3L7A9rCOkAxBeExC66dWod3LfL6og1b+z8gusCjC95NCEX5LjW6LCWF7bz6EYeYDOi9n+tS2tqY0+RuI6zCEzS9ne1foylsGCYrdEIIehLO+bE7uGpCs= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1758920832; c=relaxed/simple; bh=zNQpeKWP6iuGOhZinBW1XMutuiMBR/+q9XOpc4A9o9U=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=kwsi+rSB27qv2Akw7WEi+Gs+8Aqn/ie+Q4N0SUyaWjO+e1YngXAlybmUaAJ86i5jveTK50FL+kxjPfncPJbTL33j2YMvU5ZRjt+u7uYYDLBFqcpiVkFJzWPMjnJkRjgU1Nzzv5x+CAU0D6DyUD5D45b1J2AVUuggEMWp7OCGCAU= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=rivosinc.com; spf=pass smtp.mailfrom=rivosinc.com; dkim=pass (2048-bit key) header.d=rivosinc.com header.i=@rivosinc.com header.b=OzgAM4Wl; arc=none smtp.client-ip=209.85.216.45 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=rivosinc.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=rivosinc.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=rivosinc.com header.i=@rivosinc.com header.b="OzgAM4Wl" Received: by mail-pj1-f45.google.com with SMTP id 98e67ed59e1d1-32ee4817c43so2304529a91.0 for ; Fri, 26 Sep 2025 14:07:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rivosinc.com; s=google; t=1758920830; x=1759525630; darn=vger.kernel.org; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:references:message-id:subject:cc:to:from:date:from:to :cc:subject:date:message-id:reply-to; bh=KnypQUg3EKrzG9RmKnVPYdoI8/tvp78hXYQJseWkeXU=; b=OzgAM4WlyfVg9esUCQ4S1VEi1fOPIK50vw3dEzYQ1l+AL9Bd9Ddmxkik9sPhvlzUsy kWbdsip8BH4UA84c9wULgngKuSsZBEzXZi2t5EkPtRi/Pq/FFRq51G6i330QjhQyhVeY szDCMgnXAb7MjRFan5dbj6cD/xp77ecGBCgBtH3FbpPMQy6wlwi/gKrbFJq9Lwkm8ORM mAvzPIbDmm2QkG9atD75FdAnFneJUp2E2TFENu9AUS9D5wh1JvsSqxluARHcfTJkKNPr pXI8Ce/SEPqCivghS51B88JfxzVqzbFYSCn1+7XBsKLAMNBsPVXCJaf/ydB4U4jS7mJb +rUw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1758920830; x=1759525630; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=KnypQUg3EKrzG9RmKnVPYdoI8/tvp78hXYQJseWkeXU=; b=OLbOGvKZU7dukjgRpXFWl6OjMZ0Fsyr+5B/QIQwCWUEgRFDToOrKqm9qHgRebS2uSk /87D3rZdyVmfodcJt9af69uhlIDCjMnCjV1EL724YZkbT3uHVGdU4caDqGxA9EJbBCR2 ii8fXgushCgD5oVM8V9kbNbgZnIUIhxQHm4ZSDppwv8s7blmPSWnXHnNrFeWXn58S4SS BOeqaQodt978ufz6nlhi2XH9CpxnsymsQqjTa/qamnSwUukGA4Al8u5fdKMXSrnDX1Y4 jHDQIAgr1XmFjT0beS6xCKjfCOYpDf2KRtz9AggrBXI/7pVX+c4HAPGhUj0kZyEzPffH rJjg== X-Forwarded-Encrypted: i=1; AJvYcCXhTcbmG0aUsLBZHFH9/FmCcDIN3aOPj8Z2D6oYj6yG3tkiuiFRj6GuthvrR3HNMALfGUq6uujiBL8W@vger.kernel.org X-Gm-Message-State: AOJu0YyZCoRwFGlkKdp60FC+LhGcDcV5FZ5bx4Bu9khtfs5Rw3UN2g0Q vSRBIQcWKpNL4fiE51/yjbwvyxyjQ7Ih57fs69dE9dvvr+gU3uxE1dN7JfrBU9ymC4k= X-Gm-Gg: ASbGncv8Vr9Rcq1ow5jaivVPUFKzmfZvMyq9yuK/6UEkiZin16Epej4lkOEyxIBAznJ o39CEy104F3RkIqZ8EWaVFCrK/odtWJB4ZXZ/GJ5L7gGCbkaimOgT28736SE1qlI1ePzlYlHpzs A6N0rv+7bqP5IKoJVycD2Vg/X5m+SjiKXJchDQPBRU2+Bnkhs1xukSnOHKuQAhAn3yFGgGCDfyu nBQLO3jSxIZ/l2WdSkoHYMi/Xyk0YJncfWH4rS1UBVgq10qAQ2In/cC3G2EDj+xCYJElglkZTNR AZS0KYwT4v9zl+wOJVgaSlP0z5SqMQcISCJfwRAf528vZgsnDW6a3X7w/Eo1VE5Rmqs5k7JZwY1 oTQ1gO2n2biyqvrUUD6jNz+TIlI17JE8AP4S7QJ/gG2M= X-Google-Smtp-Source: AGHT+IHn6NeY5dtoWojDFn95+d6BgY2U1yoTg8Yib4J+bRdePmMEhyGi2ikTPsB6k/JjLKsrf4UQUQ== X-Received: by 2002:a17:90b:17ce:b0:32e:7340:a7fe with SMTP id 98e67ed59e1d1-336b3ca1d27mr750014a91.12.1758920829689; Fri, 26 Sep 2025 14:07:09 -0700 (PDT) Received: from debug.ba.rivosinc.com ([64.71.180.162]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-b57c55a2c45sm5436382a12.45.2025.09.26.14.07.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 26 Sep 2025 14:07:09 -0700 (PDT) Date: Fri, 26 Sep 2025 14:07:06 -0700 From: Deepak Gupta To: Charles Mirabile Cc: pjw@kernel.org, Liam.Howlett@oracle.com, a.hindborg@kernel.org, akpm@linux-foundation.org, alex.gaynor@gmail.com, alexghiti@rivosinc.com, aliceryhl@google.com, alistair.francis@wdc.com, andybnac@gmail.com, aou@eecs.berkeley.edu, arnd@arndb.de, atishp@rivosinc.com, bjorn3_gh@protonmail.com, boqun.feng@gmail.com, bp@alien8.de, brauner@kernel.org, broonie@kernel.org, charlie@rivosinc.com, cleger@rivosinc.com, conor+dt@kernel.org, conor@kernel.org, corbet@lwn.net, dave.hansen@linux.intel.com, david@redhat.com, devicetree@vger.kernel.org, ebiederm@xmission.com, evan@rivosinc.com, gary@garyguo.net, hpa@zytor.com, jannh@google.com, jim.shu@sifive.com, kees@kernel.org, kito.cheng@sifive.com, krzk+dt@kernel.org, linux-arch@vger.kernel.org, linux-doc@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-mm@kvack.org, linux-riscv@lists.infradead.org, lorenzo.stoakes@oracle.com, lossin@kernel.org, mingo@redhat.com, ojeda@kernel.org, oleg@redhat.com, palmer@dabbelt.com, paul.walmsley@sifive.com, peterz@infradead.org, richard.henderson@linaro.org, rick.p.edgecombe@intel.com, robh@kernel.org, rust-for-linux@vger.kernel.org, samitolvanen@google.com, shuah@kernel.org, tglx@linutronix.de, tmgross@umich.edu, vbabka@suse.cz, x86@kernel.org, zong.li@sifive.com Subject: Re: [PATCH v19 00/27] riscv control-flow integrity for usermode Message-ID: References: <20250926192919.349578-1-cmirabil@redhat.com> Precedence: bulk X-Mailing-List: linux-arch@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: On Fri, Sep 26, 2025 at 04:28:58PM -0400, Charles Mirabile wrote: >Hi Deepak - > >On Fri, Sep 26, 2025 at 3:57 PM Deepak Gupta wrote: >> >> Hi Charles, >> >> Thanks for response. Rest inline >> >> On Fri, Sep 26, 2025 at 03:29:19PM -0400, Charles Mirabile wrote: >> >Hi - >> > >> >Hoping that I got everything right with git-send-email so that this is >> >delivered alright... >> > >> >Wanted to jump in to head off a potential talking past one another / >> >miscommunication situation I see here. >> > >> >On Wed, Sep 24, 2025 at 08:36:11AM -0600, Paul Walmsley wrote: >> >> Hi, >> >> >> >> On Thu, 31 Jul 2025, Deepak Gupta wrote: >> >> >> >> [ ... ] >> >> >> >> > vDSO related Opens (in the flux) >> >> > ================================= >> >> > >> >> > I am listing these opens for laying out plan and what to expect in future >> >> > patch sets. And of course for the sake of discussion. >> >> > >> >> >> >> [ ... ] >> >> >> >> > How many vDSOs >> >> > --------------- >> >> > Shadow stack instructions are carved out of zimop (may be operations) and if CPU >> >> > doesn't implement zimop, they're illegal instructions. Kernel could be running on >> >> > a CPU which may or may not implement zimop. And thus kernel will have to carry 2 >> >> > different vDSOs and expose the appropriate one depending on whether CPU implements >> >> > zimop or not. >> >> >> >> If we merge this series without this, then when CFI is enabled in the >> >> Kconfig, we'll wind up with a non-portable kernel that won't run on older >> >> hardware. We go to great lengths to enable kernel binary portability >> >> across the presence or absence of other RISC-V extensions, and I think >> >> these CFI extensions should be no different. >> > >> >That is not true, this series does not contain the VDSO changes so it can >> >be merged as is. >> >> Look at patch 23/27. It does have vDSO change. Although shadow stack >> instruction are inserted as compiled flag for vDSO only when cfi config is >> selected by user. Right now default is "No". So it won't impact anyone unles >> user explicitly says "Yes". > >Yes sorry I caught that after hitting send and replied to my own email >(but then I said 19/27 instead of 23/27 *facepalm*) > >> >> > >> >> >> >> So before considering this for merging, I'd like to see at least an >> >> attempt to implement the dual-vDSO approach (or something equivalent) >> >> where the same kernel binary with CFI enabled can run on both pre-Zimop >> >> and post-Zimop hardware, with the existing userspaces that are common >> >> today. >> > >> >I agree that when the VDSO patches are submitted for inclusion they should >> >be written in a way that avoids limiting the entire kernel to either >> >pre-Zimop or post-Zimop hardware based on the config, but I think it >> >should be quite possible to perform e.g. runtime patching of the VDSO >> >to replace the Zimop instructions with nops if the config is enabled but >> >the hardware does not support Zimop. >> >> Why kernel need to do this extra work of carry two binaries and patching it >> runtime? >> >> If for instance we do this, and then this allow this kernel to be taken to >> pre-Zimop hardware, it is assumed that entire userspace for such hardware >> was compiled without shadow stack (thus no zimop). In that case, kernel >> should have been compiled without CFI option. > >You raise a good point, it just breaks the tradition of runtime >detection and backwards compat that has been the standard for riscv >extensions in the kernel so far. riscv (and others arches) have been able to do that because of "alternatives". It's just that due to composable nature of riscv, alternatives are just spread everywhere in the code and feels like riscv is doing something unique here. Whenever there is a surgical placement of certain instructions in kernel, it could be hidden behind alternatives and be patched in runtime. However situations where instructions are emitted as part of codegen, there is no hiding. Either it works or it doesn't. If we have auto vectorization enabled in usermode, such a binary won't run on hardware which doesn't implement vector. In case of shadow stack, it similar situation. If enabled compiler decides to insert sspush and sspopchk. They necessarily won't be prologue or epilogue but somewhere in function body as deemed fit by compiler, thus increasing the complexity of runtime patching. More so, here are wishing for kernel to do this patching for usermode vDSO when there is no guarantee of such of rest of usermode (which if was compiled with shadow stack would have faulted before vDSO's sspush/sspopchk if ran on pre-zimop hardware) > >It would be nice if a kernel could be built that would run on both >pre-Zimop and post-Zimop hardware and be able to offer CFI to >userspace when running on hardware with Zimop (and Zicfiss / Zicfilp) >but agree that it is a burden. > >> >> Just for sake of thought exercise, let's say Fedora 43 is first release with >> RVA23 compatiblity (zimop and shadow stack), there is no way this and future >> release will be able to run on pre-zimop hardware. Unless redhat is going to >> start two different binary distribution. One for pre-zimop and one for >> post-zimop. If that would be the case, then compiling two different kernel for >> such two different hardware would be least of the worry. > >It would be one thing if there were hardware supporting >Zimop/Zicfiss/Zicfilp readily available, but I am not aware of any And that's the reason currently default is "No" for cfi config in kernel. Hope is whenever we have hardware, we can start lighting up and take decision how to proceed. I keep reiterting, door isn't closed yet but we gotta approach the door. >platform other than qemu to test this code. I have tested this with qemu in following configurations qemu implements cfi extensions: Kernel with cfi enable is able to host userspace with and without cfi compiled. Kernel with cfi enable is able to host userspace with cfi but disabled (default to zimop) Kernel without cfi enable is able to host userspace with cfi (default to zimop) and without cfi. qemu doesn't implement cfi extension: - Kernel without cfi enable is able to host userspace without cfi compiled in. - Kernel without cfi enable hosting userspace with cfi compiled in faults in libc/ld on first sspush. - Kernel with cfi enable trying to host userspace with cfi faults in libc/ld on first sspush. - Kernel with cfi enable trying to host userspace without cfi faults in vDSO on first sspush. Last case is the only breaking case, rest all compatibilities stories work. In order to solve this last compatiblity story, I am fearful that we might be adding un-necessary complexity in kernel which isn't desired because rest of the userspace won't be signing up for that complexity of patching and making it work with single binary. > Since it breaks >compatibility with hardware I am not sure anyone will be able to do >anything with this config option and it moves the burden on to each >distro to go in and specifically enabling it vs just making things >work to get important security improvements if the hardware has >support and not if it doesn't in a backwards compatible way. I wished that shadow stack instructions came out of HINT space. But it is what it is. Perhaps distro should give this feedback to RVI. But here we are. zimop is backward compatible only RVA23 onwards. That's why it's important for distro to make a decision on this. Once they compile for RVA23 profile, it assumed a clean break from previous hardware. Future extensions will also take encodings out of zimop and thus I believe its better to take that decision now with first user of zimop. > >> >> Only other usecase is of a seasoned kernel developer or build your own stuff >> in embedded environment, those users can anyways are advanced users. But it >> forces complexity on rest of kernel. There will be more extensions taking zimop >> encodings in future, we will end up patching vDSO and keep this complexity >> while rest of the userspace will not be patched and will be separate binary >> distribution (if OS distros endup distributing multiple binaries per release) >> >> > >> >However, that concern should not hold up this patch series. Raise it again >> >when the VDSO patches are posted. >> >> As I said earlier, these changes default cfi config to No. So whenever this >> is selected "Yes" by a distro, they can drive such patches (if there is a real >> need) > >If we did the patching we could make this config default to yes to >that you are building a kernel that is set up to be able to offer CFI >when running on hardware which supports it as long as you have a >toolchain that recognizes the extensions which I think would be good >for moving this important security feature forward. Again, Why kernel should be doing this when rest of the userspace isn't patchable on pre-zimop hardware (thats the only scenario patching is needed)? Are distro's distributing different binary for with autovec and without autovec for different kind of riscv hardware? Giving example of Fedora 43, once it is compiled in with cfi enabling, kernel is also compiled in with the feature. Its not like there is going to "Fedora 43_rv64gc" release. If there is going to be a "Fedora 43_rv64gc" release, it'll be much easier to no select CFI for that release's kernel compile rather than kernel doing patching in runtime (rest of userspace is not doing any patching) > >> >> > >> >> >> >> thanks Deepak, >> >> >> >> - Paul >> > >> >Best - Charlie >> > >> > >Sorry for stirring the pot on this. I really appreciate your work on >this patch series. > >I agree that this is a difficult call, and I could see it going either >way but I lean towards trying to maintain the backwards compatibility >because the hardware doesn't exist yet. > >Best - Charlie > From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 2725BCAC5BB for ; Fri, 26 Sep 2025 21:07:20 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:Content-Type: Content-Transfer-Encoding:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:In-Reply-To:MIME-Version:References:Message-ID: Subject:Cc:To:From:Date:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=iHZjrz+uKjLpgYJeT8UDtg1G/UP0jbCddRFnAGGK6JY=; b=vcN7wZtFTeuft8X3ez9Ho5I7G6 mk0bYfwrGdvnMY/rZPt69qtLc2Ir1n6XVkR0rR0lY9EImFKxzmd+iMasLGjhIUsvD6ZRD+5/Wgzzj v+UMA131QcKA++f1rkrIO+pwUYa/ZIoRGDpqEdimUWvcLJlrfnhgYq4fKpxjJY4H2wU/cqAxZGrVD Jiwyqed+ppkcs0FQwbYjKHUL+uTJgtMSs019hZSd6wK8JpwKi0LZdWU8+CtQjwAUEOXiXwG7iXYWx c8uO+yLms5qBUc8BoYIP+39TZ/tvyWRceVSS5ovHLZxnCzJ0PFEHGnagUcxga5AwuWW+TzaVG63Lq ZAvJFEAQ==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98.2 #2 (Red Hat Linux)) id 1v2Feq-00000004XNa-3iGe; Fri, 26 Sep 2025 21:07:12 +0000 Received: from mail-pj1-x1034.google.com ([2607:f8b0:4864:20::1034]) by bombadil.infradead.org with esmtps (Exim 4.98.2 #2 (Red Hat Linux)) id 1v2Feo-00000004XMw-3Vvr for linux-riscv@lists.infradead.org; Fri, 26 Sep 2025 21:07:12 +0000 Received: by mail-pj1-x1034.google.com with SMTP id 98e67ed59e1d1-3305c08d9f6so2061063a91.1 for ; Fri, 26 Sep 2025 14:07:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rivosinc.com; s=google; t=1758920830; x=1759525630; darn=lists.infradead.org; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:references:message-id:subject:cc:to:from:date:from:to :cc:subject:date:message-id:reply-to; bh=KnypQUg3EKrzG9RmKnVPYdoI8/tvp78hXYQJseWkeXU=; b=BKJBQ8VtlqVfSiixFWRSuYKFkhVWmnWppy2zBtWu2TdNIr89PhIiAyilxsPARNQKPG gdbzkg+bOAAZUsBg9rsuXY8TesRkRVlJSBs5V4960WDnJYcGlG8eBiiMQAYn+AFSoAB3 OX5d8Yzjot/I0VWQmIlSW78Coqa7LBraK70ROFiMVXeNkofjwYxlARp5qV3qvGpCSGew 2iO6VupHwxAQN6VdHfsZ5yGHD9WCLSXdssbHcoDQuEeTJOxqBe3kIgH09W9fYpjdwTEb hZb4XtsIEpzB020Ux6TNVX8vCXcBxn4Suwi/YSOqJ10Yv1ygorqW2OvhTcxOInlpTFI3 BuEg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1758920830; x=1759525630; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=KnypQUg3EKrzG9RmKnVPYdoI8/tvp78hXYQJseWkeXU=; b=TIROi9FMKW82nkkndegoOXJOFCjXFVjGUiUCyFT3+bV5RKs18UlLfmqxKFM2qL1aOd u5a7x/jlRt8J+Svs3+cxXwtYkojxPXBia9OFWzrMt4iwhNNUR8ha3rySuEE/AIREwh7A hhA0I/FatIBEAnwZ07brUEUNIClgkSMNPdMqgC++XlrVOEPg75FZvVF5qpJYZ4HNtlP4 jNYXS61bOTFMNKjxH1vS38/cPqohcDt8hjivsmSleTz89QD6gFde9Gy5EOR2kL0Ql0f1 BZb42z+vSYBDirDtYFcrkyCNXaXq/3BOuoVNPwt7MopyyDR0Pd8Uc8TIgm+eSCtndj+k 3INQ== X-Forwarded-Encrypted: i=1; AJvYcCXtYV0G6AXoM2tb/3CoJgXEmCh3RLTlttTC4VrleEvikG2uw45KxilXDUc7EmRIJjsfhxK1ejqyZ8UdSw==@lists.infradead.org X-Gm-Message-State: AOJu0Yw0L9l2jCVrJ3FW0jPcl9i9Vw57pBpo5c/ZZIK+C5lGH4ACkqHi leQeN5V2RhrW5Fo16rm9DhdMLdGf1PKnCBDIktSUrYC6K/7Qplqm6unFsweFM5KzQ7c= X-Gm-Gg: ASbGncsWkYoQcEdhVWO2g0bi/YHv5kVlFwrw37tgFvMQuxDrVTLZ1aCjIlQ6XC9LSDA ovGFlKsO1Ciel7eT9ejyoZvMAQnjuNSizK1IKbrfk8u34Q7PFCf0F/Euc0xxxxqWqNmPDUu4/s3 m063kYBy1dTu6a1wpUmLPRgaeln1qblb934ojKqNWp/F199LY6AXmv07nYupE6/+TF3ROWtwt3G 9QySoAFBdwxSYA1NeFCHvG3xy+gvQG9OekmOA8XCHY86YiaP4stk5NL3hted7MNjJsIrjD+KUZ9 q9Um7qhPvG2bAGQh6OVUCQV94ZyP8TRkm37tCzqKg7UmlRygbYwXIYh1HaZfJWyKRhf0VEP2zHX pdQnTDH1LASIGCU0z7i5Z7H68iWoMkpOyOsLuh0QRchw= X-Google-Smtp-Source: AGHT+IHn6NeY5dtoWojDFn95+d6BgY2U1yoTg8Yib4J+bRdePmMEhyGi2ikTPsB6k/JjLKsrf4UQUQ== X-Received: by 2002:a17:90b:17ce:b0:32e:7340:a7fe with SMTP id 98e67ed59e1d1-336b3ca1d27mr750014a91.12.1758920829689; Fri, 26 Sep 2025 14:07:09 -0700 (PDT) Received: from debug.ba.rivosinc.com ([64.71.180.162]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-b57c55a2c45sm5436382a12.45.2025.09.26.14.07.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 26 Sep 2025 14:07:09 -0700 (PDT) Date: Fri, 26 Sep 2025 14:07:06 -0700 From: Deepak Gupta To: Charles Mirabile Cc: pjw@kernel.org, Liam.Howlett@oracle.com, a.hindborg@kernel.org, akpm@linux-foundation.org, alex.gaynor@gmail.com, alexghiti@rivosinc.com, aliceryhl@google.com, alistair.francis@wdc.com, andybnac@gmail.com, aou@eecs.berkeley.edu, arnd@arndb.de, atishp@rivosinc.com, bjorn3_gh@protonmail.com, boqun.feng@gmail.com, bp@alien8.de, brauner@kernel.org, broonie@kernel.org, charlie@rivosinc.com, cleger@rivosinc.com, conor+dt@kernel.org, conor@kernel.org, corbet@lwn.net, dave.hansen@linux.intel.com, david@redhat.com, devicetree@vger.kernel.org, ebiederm@xmission.com, evan@rivosinc.com, gary@garyguo.net, hpa@zytor.com, jannh@google.com, jim.shu@sifive.com, kees@kernel.org, kito.cheng@sifive.com, krzk+dt@kernel.org, linux-arch@vger.kernel.org, linux-doc@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-mm@kvack.org, linux-riscv@lists.infradead.org, lorenzo.stoakes@oracle.com, lossin@kernel.org, mingo@redhat.com, ojeda@kernel.org, oleg@redhat.com, palmer@dabbelt.com, paul.walmsley@sifive.com, peterz@infradead.org, richard.henderson@linaro.org, rick.p.edgecombe@intel.com, robh@kernel.org, rust-for-linux@vger.kernel.org, samitolvanen@google.com, shuah@kernel.org, tglx@linutronix.de, tmgross@umich.edu, vbabka@suse.cz, x86@kernel.org, zong.li@sifive.com Subject: Re: [PATCH v19 00/27] riscv control-flow integrity for usermode Message-ID: References: <20250926192919.349578-1-cmirabil@redhat.com> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20250926_140710_896698_9F757F6A X-CRM114-Status: GOOD ( 48.15 ) X-BeenThere: linux-riscv@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: base64 Content-Type: text/plain; charset="utf-8"; Format="flowed" Sender: "linux-riscv" Errors-To: linux-riscv-bounces+linux-riscv=archiver.kernel.org@lists.infradead.org T24gRnJpLCBTZXAgMjYsIDIwMjUgYXQgMDQ6Mjg6NThQTSAtMDQwMCwgQ2hhcmxlcyBNaXJhYmls ZSB3cm90ZToKPkhpIERlZXBhayAtCj4KPk9uIEZyaSwgU2VwIDI2LCAyMDI1IGF0IDM6NTfigK9Q TSBEZWVwYWsgR3VwdGEgPGRlYnVnQHJpdm9zaW5jLmNvbT4gd3JvdGU6Cj4+Cj4+IEhpIENoYXJs ZXMsCj4+Cj4+IFRoYW5rcyBmb3IgcmVzcG9uc2UuIFJlc3QgaW5saW5lCj4+Cj4+IE9uIEZyaSwg U2VwIDI2LCAyMDI1IGF0IDAzOjI5OjE5UE0gLTA0MDAsIENoYXJsZXMgTWlyYWJpbGUgd3JvdGU6 Cj4+ID5IaSAtCj4+ID4KPj4gPkhvcGluZyB0aGF0IEkgZ290IGV2ZXJ5dGhpbmcgcmlnaHQgd2l0 aCBnaXQtc2VuZC1lbWFpbCBzbyB0aGF0IHRoaXMgaXMKPj4gPmRlbGl2ZXJlZCBhbHJpZ2h0Li4u Cj4+ID4KPj4gPldhbnRlZCB0byBqdW1wIGluIHRvIGhlYWQgb2ZmIGEgcG90ZW50aWFsIHRhbGtp bmcgcGFzdCBvbmUgYW5vdGhlciAvCj4+ID5taXNjb21tdW5pY2F0aW9uIHNpdHVhdGlvbiBJIHNl ZSBoZXJlLgo+PiA+Cj4+ID5PbiBXZWQsIFNlcCAyNCwgMjAyNSBhdCAwODozNjoxMUFNIC0wNjAw LCBQYXVsIFdhbG1zbGV5IHdyb3RlOgo+PiA+PiBIaSwKPj4gPj4KPj4gPj4gT24gVGh1LCAzMSBK dWwgMjAyNSwgRGVlcGFrIEd1cHRhIHdyb3RlOgo+PiA+Pgo+PiA+PiBbIC4uLiBdCj4+ID4+Cj4+ ID4+ID4gdkRTTyByZWxhdGVkIE9wZW5zIChpbiB0aGUgZmx1eCkKPj4gPj4gPiA9PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT0KPj4gPj4gPgo+PiA+PiA+IEkgYW0gbGlzdGluZyB0aGVz ZSBvcGVucyBmb3IgbGF5aW5nIG91dCBwbGFuIGFuZCB3aGF0IHRvIGV4cGVjdCBpbiBmdXR1cmUK Pj4gPj4gPiBwYXRjaCBzZXRzLiBBbmQgb2YgY291cnNlIGZvciB0aGUgc2FrZSBvZiBkaXNjdXNz aW9uLgo+PiA+PiA+Cj4+ID4+Cj4+ID4+IFsgLi4uIF0KPj4gPj4KPj4gPj4gPiBIb3cgbWFueSB2 RFNPcwo+PiA+PiA+IC0tLS0tLS0tLS0tLS0tLQo+PiA+PiA+IFNoYWRvdyBzdGFjayBpbnN0cnVj dGlvbnMgYXJlIGNhcnZlZCBvdXQgb2Ygemltb3AgKG1heSBiZSBvcGVyYXRpb25zKSBhbmQgaWYg Q1BVCj4+ID4+ID4gZG9lc24ndCBpbXBsZW1lbnQgemltb3AsIHRoZXkncmUgaWxsZWdhbCBpbnN0 cnVjdGlvbnMuIEtlcm5lbCBjb3VsZCBiZSBydW5uaW5nIG9uCj4+ID4+ID4gYSBDUFUgd2hpY2gg bWF5IG9yIG1heSBub3QgaW1wbGVtZW50IHppbW9wLiBBbmQgdGh1cyBrZXJuZWwgd2lsbCBoYXZl IHRvIGNhcnJ5IDIKPj4gPj4gPiBkaWZmZXJlbnQgdkRTT3MgYW5kIGV4cG9zZSB0aGUgYXBwcm9w cmlhdGUgb25lIGRlcGVuZGluZyBvbiB3aGV0aGVyIENQVSBpbXBsZW1lbnRzCj4+ID4+ID4gemlt b3Agb3Igbm90Lgo+PiA+Pgo+PiA+PiBJZiB3ZSBtZXJnZSB0aGlzIHNlcmllcyB3aXRob3V0IHRo aXMsIHRoZW4gd2hlbiBDRkkgaXMgZW5hYmxlZCBpbiB0aGUKPj4gPj4gS2NvbmZpZywgd2UnbGwg d2luZCB1cCB3aXRoIGEgbm9uLXBvcnRhYmxlIGtlcm5lbCB0aGF0IHdvbid0IHJ1biBvbiBvbGRl cgo+PiA+PiBoYXJkd2FyZS4gIFdlIGdvIHRvIGdyZWF0IGxlbmd0aHMgdG8gZW5hYmxlIGtlcm5l bCBiaW5hcnkgcG9ydGFiaWxpdHkKPj4gPj4gYWNyb3NzIHRoZSBwcmVzZW5jZSBvciBhYnNlbmNl IG9mIG90aGVyIFJJU0MtViBleHRlbnNpb25zLCBhbmQgSSB0aGluawo+PiA+PiB0aGVzZSBDRkkg ZXh0ZW5zaW9ucyBzaG91bGQgYmUgbm8gZGlmZmVyZW50Lgo+PiA+Cj4+ID5UaGF0IGlzIG5vdCB0 cnVlLCB0aGlzIHNlcmllcyBkb2VzIG5vdCBjb250YWluIHRoZSBWRFNPIGNoYW5nZXMgc28gaXQg Y2FuCj4+ID5iZSBtZXJnZWQgYXMgaXMuCj4+Cj4+IExvb2sgYXQgcGF0Y2ggMjMvMjcuIEl0IGRv ZXMgaGF2ZSB2RFNPIGNoYW5nZS4gQWx0aG91Z2ggc2hhZG93IHN0YWNrCj4+IGluc3RydWN0aW9u IGFyZSBpbnNlcnRlZCBhcyBjb21waWxlZCBmbGFnIGZvciB2RFNPIG9ubHkgd2hlbiBjZmkgY29u ZmlnIGlzCj4+IHNlbGVjdGVkIGJ5IHVzZXIuIFJpZ2h0IG5vdyBkZWZhdWx0IGlzICJObyIuIFNv IGl0IHdvbid0IGltcGFjdCBhbnlvbmUgdW5sZXMKPj4gdXNlciBleHBsaWNpdGx5IHNheXMgIlll cyIuCj4KPlllcyBzb3JyeSBJIGNhdWdodCB0aGF0IGFmdGVyIGhpdHRpbmcgc2VuZCBhbmQgcmVw bGllZCB0byBteSBvd24gZW1haWwKPihidXQgdGhlbiBJIHNhaWQgMTkvMjcgaW5zdGVhZCBvZiAy My8yNyAqZmFjZXBhbG0qKQo+Cj4+Cj4+ID4KPj4gPj4KPj4gPj4gU28gYmVmb3JlIGNvbnNpZGVy aW5nIHRoaXMgZm9yIG1lcmdpbmcsIEknZCBsaWtlIHRvIHNlZSBhdCBsZWFzdCBhbgo+PiA+PiBh dHRlbXB0IHRvIGltcGxlbWVudCB0aGUgZHVhbC12RFNPIGFwcHJvYWNoIChvciBzb21ldGhpbmcg ZXF1aXZhbGVudCkKPj4gPj4gd2hlcmUgdGhlIHNhbWUga2VybmVsIGJpbmFyeSB3aXRoIENGSSBl bmFibGVkIGNhbiBydW4gb24gYm90aCBwcmUtWmltb3AKPj4gPj4gYW5kIHBvc3QtWmltb3AgaGFy ZHdhcmUsIHdpdGggdGhlIGV4aXN0aW5nIHVzZXJzcGFjZXMgdGhhdCBhcmUgY29tbW9uCj4+ID4+ IHRvZGF5Lgo+PiA+Cj4+ID5JIGFncmVlIHRoYXQgd2hlbiB0aGUgVkRTTyBwYXRjaGVzIGFyZSBz dWJtaXR0ZWQgZm9yIGluY2x1c2lvbiB0aGV5IHNob3VsZAo+PiA+YmUgd3JpdHRlbiBpbiBhIHdh eSB0aGF0IGF2b2lkcyBsaW1pdGluZyB0aGUgZW50aXJlIGtlcm5lbCB0byBlaXRoZXIKPj4gPnBy ZS1aaW1vcCBvciBwb3N0LVppbW9wIGhhcmR3YXJlIGJhc2VkIG9uIHRoZSBjb25maWcsIGJ1dCBJ IHRoaW5rIGl0Cj4+ID5zaG91bGQgYmUgcXVpdGUgcG9zc2libGUgdG8gcGVyZm9ybSBlLmcuIHJ1 bnRpbWUgcGF0Y2hpbmcgb2YgdGhlIFZEU08KPj4gPnRvIHJlcGxhY2UgdGhlIFppbW9wIGluc3Ry dWN0aW9ucyB3aXRoIG5vcHMgaWYgdGhlIGNvbmZpZyBpcyBlbmFibGVkIGJ1dAo+PiA+dGhlIGhh cmR3YXJlIGRvZXMgbm90IHN1cHBvcnQgWmltb3AuCj4+Cj4+IFdoeSBrZXJuZWwgbmVlZCB0byBk byB0aGlzIGV4dHJhIHdvcmsgb2YgY2FycnkgdHdvIGJpbmFyaWVzIGFuZCBwYXRjaGluZyBpdAo+ PiBydW50aW1lPwo+Pgo+PiBJZiBmb3IgaW5zdGFuY2Ugd2UgZG8gdGhpcywgYW5kIHRoZW4gdGhp cyBhbGxvdyB0aGlzIGtlcm5lbCB0byBiZSB0YWtlbiB0bwo+PiBwcmUtWmltb3AgaGFyZHdhcmUs IGl0IGlzIGFzc3VtZWQgdGhhdCBlbnRpcmUgdXNlcnNwYWNlIGZvciBzdWNoIGhhcmR3YXJlCj4+ IHdhcyBjb21waWxlZCB3aXRob3V0IHNoYWRvdyBzdGFjayAodGh1cyBubyB6aW1vcCkuIEluIHRo YXQgY2FzZSwga2VybmVsCj4+IHNob3VsZCBoYXZlIGJlZW4gY29tcGlsZWQgd2l0aG91dCBDRkkg b3B0aW9uLgo+Cj5Zb3UgcmFpc2UgYSBnb29kIHBvaW50LCBpdCBqdXN0IGJyZWFrcyB0aGUgdHJh ZGl0aW9uIG9mIHJ1bnRpbWUKPmRldGVjdGlvbiBhbmQgYmFja3dhcmRzIGNvbXBhdCB0aGF0IGhh cyBiZWVuIHRoZSBzdGFuZGFyZCBmb3IgcmlzY3YKPmV4dGVuc2lvbnMgaW4gdGhlIGtlcm5lbCBz byBmYXIuCgpyaXNjdiAoYW5kIG90aGVycyBhcmNoZXMpIGhhdmUgYmVlbiBhYmxlIHRvIGRvIHRo YXQgYmVjYXVzZSBvZiAiYWx0ZXJuYXRpdmVzIi4KSXQncyBqdXN0IHRoYXQgZHVlIHRvIGNvbXBv c2FibGUgbmF0dXJlIG9mIHJpc2N2LCBhbHRlcm5hdGl2ZXMgYXJlIGp1c3Qgc3ByZWFkCmV2ZXJ5 d2hlcmUgaW4gdGhlIGNvZGUgYW5kIGZlZWxzIGxpa2UgcmlzY3YgaXMgZG9pbmcgc29tZXRoaW5n IHVuaXF1ZSBoZXJlLgpXaGVuZXZlciB0aGVyZSBpcyBhIHN1cmdpY2FsIHBsYWNlbWVudCBvZiBj ZXJ0YWluIGluc3RydWN0aW9ucyBpbiBrZXJuZWwsIGl0CmNvdWxkIGJlIGhpZGRlbiBiZWhpbmQg YWx0ZXJuYXRpdmVzIGFuZCBiZSBwYXRjaGVkIGluIHJ1bnRpbWUuCgpIb3dldmVyIHNpdHVhdGlv bnMgd2hlcmUgaW5zdHJ1Y3Rpb25zIGFyZSBlbWl0dGVkIGFzIHBhcnQgb2YgY29kZWdlbiwgdGhl cmUgaXMKbm8gaGlkaW5nLiBFaXRoZXIgaXQgd29ya3Mgb3IgaXQgZG9lc24ndC4gSWYgd2UgaGF2 ZSBhdXRvIHZlY3Rvcml6YXRpb24gZW5hYmxlZAppbiB1c2VybW9kZSwgc3VjaCBhIGJpbmFyeSB3 b24ndCBydW4gb24gaGFyZHdhcmUgd2hpY2ggZG9lc24ndCBpbXBsZW1lbnQgdmVjdG9yLgoKSW4g Y2FzZSBvZiBzaGFkb3cgc3RhY2ssIGl0IHNpbWlsYXIgc2l0dWF0aW9uLiBJZiBlbmFibGVkIGNv bXBpbGVyIGRlY2lkZXMgdG8KaW5zZXJ0IHNzcHVzaCBhbmQgc3Nwb3BjaGsuIFRoZXkgbmVjZXNz YXJpbHkgd29uJ3QgYmUgcHJvbG9ndWUgb3IgZXBpbG9ndWUgYnV0CnNvbWV3aGVyZSBpbiBmdW5j dGlvbiBib2R5IGFzIGRlZW1lZCBmaXQgYnkgY29tcGlsZXIsIHRodXMgaW5jcmVhc2luZyB0aGUK Y29tcGxleGl0eSBvZiBydW50aW1lIHBhdGNoaW5nLgoKTW9yZSBzbywgaGVyZSBhcmUgd2lzaGlu ZyBmb3Iga2VybmVsIHRvIGRvIHRoaXMgcGF0Y2hpbmcgZm9yIHVzZXJtb2RlIHZEU08gd2hlbgp0 aGVyZSBpcyBubyBndWFyYW50ZWUgb2Ygc3VjaCBvZiByZXN0IG9mIHVzZXJtb2RlICh3aGljaCBp ZiB3YXMgY29tcGlsZWQgd2l0aApzaGFkb3cgc3RhY2sgd291bGQgaGF2ZSBmYXVsdGVkIGJlZm9y ZSB2RFNPJ3Mgc3NwdXNoL3NzcG9wY2hrIGlmIHJhbiBvbgpwcmUtemltb3AgaGFyZHdhcmUpCgo+ Cj5JdCB3b3VsZCBiZSBuaWNlIGlmIGEga2VybmVsIGNvdWxkIGJlIGJ1aWx0IHRoYXQgd291bGQg cnVuIG9uIGJvdGgKPnByZS1aaW1vcCBhbmQgcG9zdC1aaW1vcCBoYXJkd2FyZSBhbmQgYmUgYWJs ZSB0byBvZmZlciBDRkkgdG8KPnVzZXJzcGFjZSB3aGVuIHJ1bm5pbmcgb24gaGFyZHdhcmUgd2l0 aCBaaW1vcCAoYW5kIFppY2Zpc3MgLyBaaWNmaWxwKQo+YnV0IGFncmVlIHRoYXQgaXQgaXMgYSBi dXJkZW4uCj4KPj4KPj4gSnVzdCBmb3Igc2FrZSBvZiB0aG91Z2h0IGV4ZXJjaXNlLCBsZXQncyBz YXkgRmVkb3JhIDQzIGlzIGZpcnN0IHJlbGVhc2Ugd2l0aAo+PiBSVkEyMyBjb21wYXRpYmxpdHkg KHppbW9wIGFuZCBzaGFkb3cgc3RhY2spLCB0aGVyZSBpcyBubyB3YXkgdGhpcyBhbmQgZnV0dXJl Cj4+IHJlbGVhc2Ugd2lsbCBiZSBhYmxlIHRvIHJ1biBvbiBwcmUtemltb3AgaGFyZHdhcmUuIFVu bGVzcyByZWRoYXQgaXMgZ29pbmcgdG8KPj4gc3RhcnQgdHdvIGRpZmZlcmVudCBiaW5hcnkgZGlz dHJpYnV0aW9uLiBPbmUgZm9yIHByZS16aW1vcCBhbmQgb25lIGZvcgo+PiBwb3N0LXppbW9wLiBJ ZiB0aGF0IHdvdWxkIGJlIHRoZSBjYXNlLCB0aGVuIGNvbXBpbGluZyB0d28gZGlmZmVyZW50IGtl cm5lbCBmb3IKPj4gc3VjaCB0d28gZGlmZmVyZW50IGhhcmR3YXJlIHdvdWxkIGJlIGxlYXN0IG9m IHRoZSB3b3JyeS4KPgo+SXQgd291bGQgYmUgb25lIHRoaW5nIGlmIHRoZXJlIHdlcmUgaGFyZHdh cmUgc3VwcG9ydGluZwo+Wmltb3AvWmljZmlzcy9aaWNmaWxwIHJlYWRpbHkgYXZhaWxhYmxlLCBi dXQgSSBhbSBub3QgYXdhcmUgb2YgYW55CgpBbmQgdGhhdCdzIHRoZSByZWFzb24gY3VycmVudGx5 IGRlZmF1bHQgaXMgIk5vIiBmb3IgY2ZpIGNvbmZpZyBpbiBrZXJuZWwuCkhvcGUgaXMgd2hlbmV2 ZXIgd2UgaGF2ZSBoYXJkd2FyZSwgd2UgY2FuIHN0YXJ0IGxpZ2h0aW5nIHVwIGFuZCB0YWtlIGRl Y2lzaW9uCmhvdyB0byBwcm9jZWVkLiBJIGtlZXAgcmVpdGVydGluZywgZG9vciBpc24ndCBjbG9z ZWQgeWV0IGJ1dCB3ZSBnb3R0YSBhcHByb2FjaAp0aGUgZG9vci4KCj5wbGF0Zm9ybSBvdGhlciB0 aGFuIHFlbXUgdG8gdGVzdCB0aGlzIGNvZGUuIAoKSSBoYXZlIHRlc3RlZCB0aGlzIHdpdGggcWVt dSBpbiBmb2xsb3dpbmcgY29uZmlndXJhdGlvbnMKCnFlbXUgaW1wbGVtZW50cyBjZmkgZXh0ZW5z aW9uczoKS2VybmVsIHdpdGggY2ZpIGVuYWJsZSBpcyBhYmxlIHRvIGhvc3QgdXNlcnNwYWNlIHdp dGggYW5kIHdpdGhvdXQgY2ZpIGNvbXBpbGVkLgpLZXJuZWwgd2l0aCBjZmkgZW5hYmxlIGlzIGFi bGUgdG8gaG9zdCB1c2Vyc3BhY2Ugd2l0aCBjZmkgYnV0IGRpc2FibGVkIChkZWZhdWx0CnRvIHpp bW9wKQpLZXJuZWwgd2l0aG91dCBjZmkgZW5hYmxlIGlzIGFibGUgdG8gaG9zdCB1c2Vyc3BhY2Ug d2l0aCBjZmkgKGRlZmF1bHQgdG8gemltb3ApCmFuZCB3aXRob3V0IGNmaS4KCnFlbXUgZG9lc24n dCBpbXBsZW1lbnQgY2ZpIGV4dGVuc2lvbjoKLSBLZXJuZWwgd2l0aG91dCBjZmkgZW5hYmxlIGlz IGFibGUgdG8gaG9zdCB1c2Vyc3BhY2Ugd2l0aG91dCBjZmkgY29tcGlsZWQgaW4uCi0gS2VybmVs IHdpdGhvdXQgY2ZpIGVuYWJsZSBob3N0aW5nIHVzZXJzcGFjZSB3aXRoIGNmaSBjb21waWxlZCBp biBmYXVsdHMgaW4KICAgbGliYy9sZCBvbiBmaXJzdCBzc3B1c2guCi0gS2VybmVsIHdpdGggY2Zp IGVuYWJsZSB0cnlpbmcgdG8gaG9zdCB1c2Vyc3BhY2Ugd2l0aCBjZmkgZmF1bHRzIGluIGxpYmMv bGQgb24KICAgZmlyc3Qgc3NwdXNoLgotIEtlcm5lbCB3aXRoIGNmaSBlbmFibGUgdHJ5aW5nIHRv IGhvc3QgdXNlcnNwYWNlIHdpdGhvdXQgY2ZpIGZhdWx0cyBpbiB2RFNPIG9uCiAgIGZpcnN0IHNz cHVzaC4KCkxhc3QgY2FzZSBpcyB0aGUgb25seSBicmVha2luZyBjYXNlLCByZXN0IGFsbCBjb21w YXRpYmlsaXRpZXMgc3RvcmllcyB3b3JrLgpJbiBvcmRlciB0byBzb2x2ZSB0aGlzIGxhc3QgY29t cGF0aWJsaXR5IHN0b3J5LCBJIGFtIGZlYXJmdWwgdGhhdCB3ZSBtaWdodCBiZQphZGRpbmcgdW4t bmVjZXNzYXJ5IGNvbXBsZXhpdHkgaW4ga2VybmVsIHdoaWNoIGlzbid0IGRlc2lyZWQgYmVjYXVz ZSByZXN0IG9mCnRoZSB1c2Vyc3BhY2Ugd29uJ3QgYmUgc2lnbmluZyB1cCBmb3IgdGhhdCBjb21w bGV4aXR5IG9mIHBhdGNoaW5nIGFuZCBtYWtpbmcKaXQgd29yayB3aXRoIHNpbmdsZSBiaW5hcnku Cgo+IFNpbmNlIGl0IGJyZWFrcwo+Y29tcGF0aWJpbGl0eSB3aXRoIGhhcmR3YXJlIEkgYW0gbm90 IHN1cmUgYW55b25lIHdpbGwgYmUgYWJsZSB0byBkbwo+YW55dGhpbmcgd2l0aCB0aGlzIGNvbmZp ZyBvcHRpb24gYW5kIGl0IG1vdmVzIHRoZSBidXJkZW4gb24gdG8gZWFjaAo+ZGlzdHJvIHRvIGdv IGluIGFuZCBzcGVjaWZpY2FsbHkgZW5hYmxpbmcgaXQgdnMganVzdCBtYWtpbmcgdGhpbmdzCj53 b3JrIHRvIGdldCBpbXBvcnRhbnQgc2VjdXJpdHkgaW1wcm92ZW1lbnRzIGlmIHRoZSBoYXJkd2Fy ZSBoYXMKPnN1cHBvcnQgYW5kIG5vdCBpZiBpdCBkb2Vzbid0IGluIGEgYmFja3dhcmRzIGNvbXBh dGlibGUgd2F5LgoKSSB3aXNoZWQgdGhhdCBzaGFkb3cgc3RhY2sgaW5zdHJ1Y3Rpb25zIGNhbWUg b3V0IG9mIEhJTlQgc3BhY2UuIEJ1dCBpdCBpcwp3aGF0IGl0IGlzLiBQZXJoYXBzIGRpc3RybyBz aG91bGQgZ2l2ZSB0aGlzIGZlZWRiYWNrIHRvIFJWSS4gQnV0IGhlcmUgd2UKYXJlLgoKemltb3Ag aXMgYmFja3dhcmQgY29tcGF0aWJsZSBvbmx5IFJWQTIzIG9ud2FyZHMuIFRoYXQncyB3aHkgaXQn cyBpbXBvcnRhbnQKZm9yIGRpc3RybyB0byBtYWtlIGEgZGVjaXNpb24gb24gdGhpcy4gT25jZSB0 aGV5IGNvbXBpbGUgZm9yIFJWQTIzIHByb2ZpbGUsCml0IGFzc3VtZWQgYSBjbGVhbiBicmVhayBm cm9tIHByZXZpb3VzIGhhcmR3YXJlLiBGdXR1cmUgZXh0ZW5zaW9ucyB3aWxsIGFsc28KdGFrZSBl bmNvZGluZ3Mgb3V0IG9mIHppbW9wIGFuZCB0aHVzIEkgYmVsaWV2ZSBpdHMgYmV0dGVyIHRvIHRh a2UgdGhhdCBkZWNpc2lvbgpub3cgd2l0aCBmaXJzdCB1c2VyIG9mIHppbW9wLgoKPgo+Pgo+PiBP bmx5IG90aGVyIHVzZWNhc2UgaXMgb2YgYSBzZWFzb25lZCBrZXJuZWwgZGV2ZWxvcGVyIG9yIGJ1 aWxkIHlvdXIgb3duIHN0dWZmCj4+IGluIGVtYmVkZGVkIGVudmlyb25tZW50LCB0aG9zZSB1c2Vy cyBjYW4gYW55d2F5cyBhcmUgYWR2YW5jZWQgdXNlcnMuIEJ1dCBpdAo+PiBmb3JjZXMgY29tcGxl eGl0eSBvbiByZXN0IG9mIGtlcm5lbC4gVGhlcmUgd2lsbCBiZSBtb3JlIGV4dGVuc2lvbnMgdGFr aW5nIHppbW9wCj4+IGVuY29kaW5ncyBpbiBmdXR1cmUsIHdlIHdpbGwgZW5kIHVwIHBhdGNoaW5n IHZEU08gYW5kIGtlZXAgdGhpcyBjb21wbGV4aXR5Cj4+IHdoaWxlIHJlc3Qgb2YgdGhlIHVzZXJz cGFjZSB3aWxsIG5vdCBiZSBwYXRjaGVkIGFuZCB3aWxsIGJlIHNlcGFyYXRlIGJpbmFyeQo+PiBk aXN0cmlidXRpb24gKGlmIE9TIGRpc3Ryb3MgZW5kdXAgZGlzdHJpYnV0aW5nIG11bHRpcGxlIGJp bmFyaWVzIHBlciByZWxlYXNlKQo+Pgo+PiA+Cj4+ID5Ib3dldmVyLCB0aGF0IGNvbmNlcm4gc2hv dWxkIG5vdCBob2xkIHVwIHRoaXMgcGF0Y2ggc2VyaWVzLiBSYWlzZSBpdCBhZ2Fpbgo+PiA+d2hl biB0aGUgVkRTTyBwYXRjaGVzIGFyZSBwb3N0ZWQuCj4+Cj4+IEFzIEkgc2FpZCBlYXJsaWVyLCB0 aGVzZSBjaGFuZ2VzIGRlZmF1bHQgY2ZpIGNvbmZpZyB0byBOby4gU28gd2hlbmV2ZXIgdGhpcwo+ PiBpcyBzZWxlY3RlZCAiWWVzIiBieSBhIGRpc3RybywgdGhleSBjYW4gZHJpdmUgc3VjaCBwYXRj aGVzIChpZiB0aGVyZSBpcyBhIHJlYWwKPj4gbmVlZCkKPgo+SWYgd2UgZGlkIHRoZSBwYXRjaGlu ZyB3ZSBjb3VsZCBtYWtlIHRoaXMgY29uZmlnIGRlZmF1bHQgdG8geWVzIHRvCj50aGF0IHlvdSBh cmUgYnVpbGRpbmcgYSBrZXJuZWwgdGhhdCBpcyBzZXQgdXAgdG8gYmUgYWJsZSB0byBvZmZlciBD RkkKPndoZW4gcnVubmluZyBvbiBoYXJkd2FyZSB3aGljaCBzdXBwb3J0cyBpdCBhcyBsb25nIGFz IHlvdSBoYXZlIGEKPnRvb2xjaGFpbiB0aGF0IHJlY29nbml6ZXMgdGhlIGV4dGVuc2lvbnMgd2hp Y2ggSSB0aGluayB3b3VsZCBiZSBnb29kCj5mb3IgbW92aW5nIHRoaXMgaW1wb3J0YW50IHNlY3Vy aXR5IGZlYXR1cmUgZm9yd2FyZC4KCkFnYWluLCBXaHkga2VybmVsIHNob3VsZCBiZSBkb2luZyB0 aGlzIHdoZW4gcmVzdCBvZiB0aGUgdXNlcnNwYWNlIGlzbid0CnBhdGNoYWJsZSBvbiBwcmUtemlt b3AgaGFyZHdhcmUgKHRoYXRzIHRoZSBvbmx5IHNjZW5hcmlvIHBhdGNoaW5nIGlzIG5lZWRlZCk/ CgpBcmUgZGlzdHJvJ3MgZGlzdHJpYnV0aW5nIGRpZmZlcmVudCBiaW5hcnkgZm9yIHdpdGggYXV0 b3ZlYyBhbmQgd2l0aG91dCBhdXRvdmVjCmZvciBkaWZmZXJlbnQga2luZCBvZiByaXNjdiBoYXJk d2FyZT8KCkdpdmluZyBleGFtcGxlIG9mIEZlZG9yYSA0Mywgb25jZSBpdCBpcyBjb21waWxlZCBp biB3aXRoIGNmaSBlbmFibGluZywga2VybmVsIGlzCmFsc28gY29tcGlsZWQgaW4gd2l0aCB0aGUg ZmVhdHVyZS4gSXRzIG5vdCBsaWtlIHRoZXJlIGlzIGdvaW5nIHRvICJGZWRvcmEKNDNfcnY2NGdj IiByZWxlYXNlLiBJZiB0aGVyZSBpcyBnb2luZyB0byBiZSBhICJGZWRvcmEgNDNfcnY2NGdjIiBy ZWxlYXNlLCBpdCdsbApiZSBtdWNoIGVhc2llciB0byBubyBzZWxlY3QgQ0ZJIGZvciB0aGF0IHJl bGVhc2UncyBrZXJuZWwgY29tcGlsZSByYXRoZXIgdGhhbgprZXJuZWwgZG9pbmcgcGF0Y2hpbmcg aW4gcnVudGltZSAocmVzdCBvZiB1c2Vyc3BhY2UgaXMgbm90IGRvaW5nIGFueSBwYXRjaGluZykK Cj4KPj4KPj4gPgo+PiA+Pgo+PiA+PiB0aGFua3MgRGVlcGFrLAo+PiA+Pgo+PiA+PiAtIFBhdWwK Pj4gPgo+PiA+QmVzdCAtIENoYXJsaWUKPj4gPgo+Pgo+Cj5Tb3JyeSBmb3Igc3RpcnJpbmcgdGhl IHBvdCBvbiB0aGlzLiBJIHJlYWxseSBhcHByZWNpYXRlIHlvdXIgd29yayBvbgo+dGhpcyBwYXRj aCBzZXJpZXMuCj4KPkkgYWdyZWUgdGhhdCB0aGlzIGlzIGEgZGlmZmljdWx0IGNhbGwsIGFuZCBJ IGNvdWxkIHNlZSBpdCBnb2luZyBlaXRoZXIKPndheSBidXQgSSBsZWFuIHRvd2FyZHMgdHJ5aW5n IHRvIG1haW50YWluIHRoZSBiYWNrd2FyZHMgY29tcGF0aWJpbGl0eQo+YmVjYXVzZSB0aGUgaGFy ZHdhcmUgZG9lc24ndCBleGlzdCB5ZXQuCj4KPkJlc3QgLSBDaGFybGllCj4KCl9fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fCmxpbnV4LXJpc2N2IG1haWxpbmcg bGlzdApsaW51eC1yaXNjdkBsaXN0cy5pbmZyYWRlYWQub3JnCmh0dHA6Ly9saXN0cy5pbmZyYWRl YWQub3JnL21haWxtYW4vbGlzdGluZm8vbGludXgtcmlzY3YK