From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-wr1-f48.google.com (mail-wr1-f48.google.com [209.85.221.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9A0B17CF17; Tue, 9 Apr 2024 07:45:59 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.221.48 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712648761; cv=none; b=qkGSRWY1YZgZIWllxSESdmi0pD9VzrAUfaMZWbKHoSszEOAbQTMvmWGK4fgOqTqoUVZUkrsztU38jzkA83C8H6AXmhlCbHlWZWf3y0dbD/H1tUqabxqyT/X3mkQOrWcpUdom+UoGYHxLZwXfLvd1wdM2iCUDKJzKZCdaYR4xEGk= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712648761; c=relaxed/simple; bh=gEFrq6qnBYWiBwzxenQxEtcGLyXgvwTm1q5KCoyftSE=; h=From:To:Cc:Subject:In-Reply-To:References:Date:Message-ID: MIME-Version:Content-Type; b=pVCa9PwQG/BoOX8/Lap/3F1rtPiOkT6xgVY1QoyaqX6gEc9/bk9suN9NghJdS9omuPYYNTCqb9axw5bWyyzQBeSOKuUvJT6f+W9NvME+5ONtqfhz0ZSwuk7awIUfEcQcdM7izPlLqIR2FddBF6lMv+rRJFlc8Dc2GMKJF7Xv+B8= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=gz8JzFeE; arc=none smtp.client-ip=209.85.221.48 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="gz8JzFeE" Received: by mail-wr1-f48.google.com with SMTP id ffacd0b85a97d-345e1c64695so718409f8f.1; Tue, 09 Apr 2024 00:45:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1712648758; x=1713253558; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:message-id:date:references :in-reply-to:subject:cc:to:from:from:to:cc:subject:date:message-id :reply-to; bh=HYjf00jBH0Rb8lew+KMaX2TbsCfyE+4RpDstXxT0XI0=; b=gz8JzFeEzBO/t4gAEGwWO1gvgSvsD5zutVXMNGjCJdhaVxPhh/nBEdFv5PR4AG5Q6m 9ieHMTVsUdUhZ0VqW24746kfy15NaeEn8OnzMWIamTN6eSdf/AtjZbInT9PDB7qEEIim 7fr/e76UIEGvqtmIuvQaE+2ps/g+m1oJXMXx+m8jhp/Z4voO6DXqF4Ejr96J7AZhwB/c rGWpccNC4hjSIHpiOUqyw42ZRHc3VOUt/t7MMMVLsug1jNH0ycg6tsbNM3ztEej0HJZd 3E2jZZVq4VVa13F5ejEMTok3LEK1aL/RwGHKZFO0i4yTGB4rOZ+BEdmP5i3Ptah+tuxv ilnw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712648758; x=1713253558; h=content-transfer-encoding:mime-version:message-id:date:references :in-reply-to:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=HYjf00jBH0Rb8lew+KMaX2TbsCfyE+4RpDstXxT0XI0=; b=qSQ2EoqhIV9nFcbyPhNV027QjmDLVv96HI21WkbDAd5tHHYUyEUzBq8RUHoadGBfiU 5n+R1Na0vEXHEGV61mHJiumb88q3Y6E2Avaa3pk5Qpu0qoH9blawAbebDQOouuL88405 yRqNQYqEK7uD3ZOKyd2h9R8sQlo0RJfZjCbvggaHkjG/LWp09zjWDMfYl7I5Ab+R7xww JZj3eKbhtWi21L0qcKN5M2ZQAbPg1xsasi5Wb5mExkF93PIyaNf0Jfwqn2UXI3UiIUY/ wX/+JFb6QTBM/LwLT/ZsNgdvhSvcDma+QiJb9DZohkUHCndyDvc1wDzl7+XNJJ4NTsFd G0Wg== X-Forwarded-Encrypted: i=1; AJvYcCWQhmmiycmBuMcnBp3DjqY4zbXdTG5p25zFlQjARMlHGgpO9y7ZCxABYS6npiR0TJyZXtc6Jgsdj1nQ8OCHJMx52HfK5cqdunzHSXeALEk6mTg6sW6qFGs381BKmEdUxPFE X-Gm-Message-State: AOJu0YyxySikgHAgn+C6KgrXxc0rOBNra3HJks83DFdz9agH1rdxFLxc qkvMOVQ6+q7yPgSC23FGT3orDISBoWZTp8Q3xy5EK2RCTxmWXNxZ X-Google-Smtp-Source: AGHT+IGa2PZeToYId1gdUUSd9DtmWBHX4GKe4xxDWC8xPGS7olJXLSXKKR6QKrnPUZaDKceg1VBH3Q== X-Received: by 2002:adf:f5cd:0:b0:33e:72f4:d6b5 with SMTP id k13-20020adff5cd000000b0033e72f4d6b5mr7049667wrp.66.1712648757690; Tue, 09 Apr 2024 00:45:57 -0700 (PDT) Received: from localhost (54-240-197-231.amazon.com. [54.240.197.231]) by smtp.gmail.com with ESMTPSA id m5-20020a5d56c5000000b00341ce80ea66sm10740263wrw.82.2024.04.09.00.45.57 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 09 Apr 2024 00:45:57 -0700 (PDT) From: Puranjay Mohan To: "Russell King (Oracle)" , Andrii Nakryiko Cc: Alexei Starovoitov , Mark Rutland , Andrew Morton , linux-arm-kernel , syzbot , LKML , linux-mm , syzkaller-bugs , bpf Subject: Re: [syzbot] [mm?] BUG: unable to handle kernel paging request in copy_from_kernel_nofault (2) In-Reply-To: References: <000000000000e9a8d80615163f2a@google.com> <20240403184149.0847a9d614f11b249529fd02@linux-foundation.org> Date: Tue, 09 Apr 2024 07:45:54 +0000 Message-ID: Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable "Russell King (Oracle)" writes: > On Fri, Apr 05, 2024 at 10:50:30AM -0700, Andrii Nakryiko wrote: >> On Fri, Apr 5, 2024 at 9:30=E2=80=AFAM Alexei Starovoitov >> wrote: >> > >> > On Fri, Apr 5, 2024 at 4:36=E2=80=AFAM Russell King (Oracle) >> > wrote: >> > > >> > > On Fri, Apr 05, 2024 at 12:02:36PM +0100, Mark Rutland wrote: >> > > > On Thu, Apr 04, 2024 at 03:57:04PM -0700, Alexei Starovoitov wrote: >> > > > > On Wed, Apr 3, 2024 at 6:56=E2=80=AFPM Andrew Morton wrote: >> > > > > > >> > > > > > On Mon, 01 Apr 2024 22:19:25 -0700 syzbot wrote: >> > > > > > >> > > > > > > Hello, >> > > > > > >> > > > > > Thanks. Cc: bpf@vger.kernel.org >> > > > > >> > > > > I suspect the issue is not on bpf side. >> > > > > Looks like the bug is somewhere in arm32 bits. >> > > > > copy_from_kernel_nofault() is called from lots of places. >> > > > > bpf is just one user that is easy for syzbot to fuzz. >> > > > > Interestingly arm defines copy_from_kernel_nofault_allowed() >> > > > > that should have filtered out user addresses. >> > > > > In this case ffffffe9 is probably a kernel address? >> > > > >> > > > It's at the end of the kernel range, and it's ERR_PTR(-EINVAL). >> > > > >> > > > 0xffffffe9 is -0x16, which is -22, which is -EINVAL. >> > > > >> > > > > But the kernel is doing a write? >> > > > > Which makes no sense, since copy_from_kernel_nofault is probe re= ading. >> > > > >> > > > It makes perfect sense; the read from 'src' happened, then the ker= nel tries to >> > > > write the result to 'dst', and that aligns with the disassembly in= the report >> > > > below, which I beleive is: >> > > > >> > > > 8: e4942000 ldr r2, [r4], #0 <-- Read of 'src', f= ault fixup is elsewhere >> > > > c: e3530000 cmp r3, #0 >> > > > * 10: e5852000 str r2, [r5] <-- Write to 'dst' >> > > > >> > > > As above, it looks like 'dst' is ERR_PTR(-EINVAL). >> > > > >> > > > Are you certain that BPF is passing a sane value for 'dst'? Where = does that >> > > > come from in the first place? >> > > >> > > It looks to me like it gets passed in from the BPF program, and the >> > > "type" for the argument is set to ARG_PTR_TO_UNINIT_MEM. What that >> > > means for validation purposes, I've no idea, I'm not a BPF hacker. >> > > >> > > Obviously, if BPF is allowing copy_from_kernel_nofault() to be passed >> > > an arbitary destination address, that would be a huge security hole. >> > >> > If that's the case that's indeed a giant security hole, >> > but I doubt it. We would be crashing other archs as well. >> > I cannot really tell whether arm32 JIT is on. >> > If it is, it's likely a bug there. >> > Puranjay, >> > could you please take a look. >> > >>=20 >> I dumped the BPF program that repro.c is loading, it works on x86-64 >> and there is nothing special there. We are probe-reading 5 bytes from >> somewhere into the stack. Everything is unaligned here, but stays >> within a well-defined memory slot. >>=20 >> Note the r3 =3D (s8)r1, that's a new-ish thing, maybe bug is somewhere >> there (but then it would be JIT, not verifier itself) >>=20 >> 0: (7a) *(u64 *)(r10 -8) =3D 896542069 >> 1: (bf) r1 =3D r10 >> 2: (07) r1 +=3D -7 >> 3: (b7) r2 =3D 5 >> 4: (bf) r3 =3D (s8)r1 >> 5: (85) call bpf_probe_read_kernel#-72390 > I have started looking into this, the issue only reproduces when the JIT is enabled. With the interpreter, it works fine. I used GDB to dump the JITed BPF program: 0xbf00012c: push {r4, r5, r6, r7, r8, r9, r11, lr} 0xbf000130: mov r11, sp 0xbf000134: mov r3, #0 0xbf000138: sub r2, sp, #80 @ 0x50 0xbf00013c: sub sp, sp, #88 @ 0x58 0xbf000140: strd r2, [r11, #-64] @ 0xffffffc0 0xbf000144: mov r2, #0 0xbf000148: strd r2, [r11, #-72] @ 0xffffffb8 0xbf00014c: mov r2, r0 0xbf000150: movw r8, #9589 @ 0x2575 0xbf000154: movt r8, #13680 @ 0x3570 0xbf000158: mov r9, #0 0xbf00015c: ldr r6, [r11, #-64] @ 0xffffffc0 0xbf000160: str r8, [r6, #-8] 0xbf000164: str r9, [r6, #-4] 0xbf000168: ldrd r2, [r11, #-64] @ 0xffffffc0 0xbf00016c: movw r8, #65529 @ 0xfff9 0xbf000170: movt r8, #65535 @ 0xffff 0xbf000174: movw r9, #65535 @ 0xffff 0xbf000178: movt r9, #65535 @ 0xffff 0xbf00017c: adds r2, r2, r8 0xbf000180: adc r3, r3, r9 0xbf000184: mov r6, #5 0xbf000188: mov r7, #0 0xbf00018c: strd r6, [r11, #-8] 0xbf000190: ldrd r6, [r11, #-16] 0xbf000194: lsl r2, r2, #24 0xbf000198: asr r2, r2, #24 0xbf00019c: str r2, [r11, #-16] 0xbf0001a0: asr r7, r6, #31 0xbf0001a4: mov r1, r3 0xbf0001a8: mov r0, r2 0xbf0001ac: ldrd r2, [r11, #-8] 0xbf0001b0: ldrd r8, [r11, #-32] @ 0xffffffe0 0xbf0001b4: push {r8, r9} 0xbf0001b8: ldrd r8, [r11, #-24] @ 0xffffffe8 0xbf0001bc: push {r8, r9} 0xbf0001c0: ldrd r8, [r11, #-16] 0xbf0001c4: push {r8, r9} 0xbf0001c8: movw r6, #40536 @ 0x9e58 0xbf0001cc: movt r6, #49223 @ 0xc047 0xbf0001d0: blx r6 0xbf0001d4: add sp, sp, #24 0xbf0001d8: mov r0, #0 0xbf0001dc: mov r1, #0 0xbf0001e0: mov sp, r11 0xbf0001e4: pop {r4, r5, r6, r7, r8, r9, r11, pc} Thanks, Puranjay From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 0E141C67861 for ; Tue, 9 Apr 2024 07:46:15 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-ID:Date:References :In-Reply-To:Subject:Cc:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=En2sM6chU83/CsNb/czJ5pzmV8WzNWJePCdWX0Z1YcU=; b=1nRlkKeglsUfi4 8jBIrwQ9pyL3q153R2r/F/2mzWmh8PlJ/JIX/u9lrT4AjHx6yjQUhOhPkPDuvh75msr392bmUfVtL Iy73GulRY6udYmO+BwBnUcQKf41v72EQQc4/U1JkMVsjCByDDZjsbk0Yqm7Wb5lEmZqtJGNX+8DfV 342WgIZT80JRtfrMLg2tQpkVA1CKc1mcRH0e9QZzpFSgf53MFtgfINIDFmhryXmX1Yk8PmzL0VrJj IqrUX/6Ra7dZxilHE/VC7Ai01q529iVIiqDN9lpYwKNwsiWZSPE1uhKWiABZEyrLrSKg+TnyFTsdv yvNDddKxIlD6eS0ywUKw==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.97.1 #2 (Red Hat Linux)) id 1ru6BB-00000000oii-3ls3; Tue, 09 Apr 2024 07:46:05 +0000 Received: from mail-wr1-x435.google.com ([2a00:1450:4864:20::435]) by bombadil.infradead.org with esmtps (Exim 4.97.1 #2 (Red Hat Linux)) id 1ru6B8-00000000ofo-2b9b for linux-arm-kernel@lists.infradead.org; Tue, 09 Apr 2024 07:46:04 +0000 Received: by mail-wr1-x435.google.com with SMTP id ffacd0b85a97d-3458b699d6cso828665f8f.0 for ; Tue, 09 Apr 2024 00:45:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1712648758; x=1713253558; darn=lists.infradead.org; h=content-transfer-encoding:mime-version:message-id:date:references :in-reply-to:subject:cc:to:from:from:to:cc:subject:date:message-id :reply-to; bh=HYjf00jBH0Rb8lew+KMaX2TbsCfyE+4RpDstXxT0XI0=; b=FssFfZBmoSQCE8/P1ntJ2NrLpNmsKF/bxrIar5JRQJ64teOHa6gwbj0ixr0y+2P6RS 9S2jaMwSl0lOBT6sAMF0Bx+ZDFhRa24lyR80b4rQi2BBR2/dRfJeLQIURMvK1IyKRu1h 2WhO9pTxhANCpkY8wGae41VusiTiamMhEoUuhw8Lv3pMsu0P0y0Ii9GJbhamW8J0ekQe Wsle8H1ePepf5meFtb3y1TSeDbeoVg6AVLGyPHaJVfDizjbhjjq5idOCedzakAyluhhF YnIp2Jg5IkYZoNhEcI1RuWXd7P3371+fmMrU+ZKJ5oqu00Ak2aeGdTqoAVnn6JAdAh1R ZY+A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712648758; x=1713253558; h=content-transfer-encoding:mime-version:message-id:date:references :in-reply-to:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=HYjf00jBH0Rb8lew+KMaX2TbsCfyE+4RpDstXxT0XI0=; b=IY9Ka4RyeYL1v04ZkSyhgVT05ICKDRXNuGa1MC2VMDN5jHJTSNK3qHrg+l0ciLE/Zn JGlRnoXWzCV3qxi9oDlKDtKFtcddfnDkBfjz1wcEabbigEW0oDZNdF/ULIAA/KAAPScU y0QXYSsKnHrp6IYsDWIu9w4wM7wZH9+epi6J0Slivx3TYjQLFMRlSpCTGHJtLHYgwNMl HlcaAF+CQg3kyP8JXmyqjl3fBKeeufVfRcvfKuwsg1BEiZrPRilV2/wDQHP/FUM8aquH llLj2q8L+ZdN4OVYDjiEWOAh016mNdA+LE57wv3wOU2Uauim4SAF/wwbLU6dE0c4RkV4 chZQ== X-Forwarded-Encrypted: i=1; AJvYcCXXRLAhH030VRFuERuuvql09eo7LnxBoku5FLRhnO0bKh85u22PATmcRbo4Gc5FUho1i1NRWIGq1mUm89sKTJN7fzlohI/+z9Ncqc2CMvIYGcXN638= X-Gm-Message-State: AOJu0YwtN3UFJUdSOFKqOQL3yHLftekRPY5nfVcXGbVDMIS6VB7JAt3W Rj8mIGRDBUYr//nf+DhACaaQLxYyawHIenciWSJJGcBQF8+G3wqE X-Google-Smtp-Source: AGHT+IGa2PZeToYId1gdUUSd9DtmWBHX4GKe4xxDWC8xPGS7olJXLSXKKR6QKrnPUZaDKceg1VBH3Q== X-Received: by 2002:adf:f5cd:0:b0:33e:72f4:d6b5 with SMTP id k13-20020adff5cd000000b0033e72f4d6b5mr7049667wrp.66.1712648757690; Tue, 09 Apr 2024 00:45:57 -0700 (PDT) Received: from localhost (54-240-197-231.amazon.com. [54.240.197.231]) by smtp.gmail.com with ESMTPSA id m5-20020a5d56c5000000b00341ce80ea66sm10740263wrw.82.2024.04.09.00.45.57 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 09 Apr 2024 00:45:57 -0700 (PDT) From: Puranjay Mohan To: "Russell King (Oracle)" , Andrii Nakryiko Cc: Alexei Starovoitov , Mark Rutland , Andrew Morton , linux-arm-kernel , syzbot , LKML , linux-mm , syzkaller-bugs , bpf Subject: Re: [syzbot] [mm?] BUG: unable to handle kernel paging request in copy_from_kernel_nofault (2) In-Reply-To: References: <000000000000e9a8d80615163f2a@google.com> <20240403184149.0847a9d614f11b249529fd02@linux-foundation.org> Date: Tue, 09 Apr 2024 07:45:54 +0000 Message-ID: MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20240409_004602_727453_B7D4261B X-CRM114-Status: GOOD ( 37.22 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org IlJ1c3NlbGwgS2luZyAoT3JhY2xlKSIgPGxpbnV4QGFybWxpbnV4Lm9yZy51az4gd3JpdGVzOgoK PiBPbiBGcmksIEFwciAwNSwgMjAyNCBhdCAxMDo1MDozMEFNIC0wNzAwLCBBbmRyaWkgTmFrcnlp a28gd3JvdGU6Cj4+IE9uIEZyaSwgQXByIDUsIDIwMjQgYXQgOTozMOKAr0FNIEFsZXhlaSBTdGFy b3ZvaXRvdgo+PiA8YWxleGVpLnN0YXJvdm9pdG92QGdtYWlsLmNvbT4gd3JvdGU6Cj4+ID4KPj4g PiBPbiBGcmksIEFwciA1LCAyMDI0IGF0IDQ6MzbigK9BTSBSdXNzZWxsIEtpbmcgKE9yYWNsZSkK Pj4gPiA8bGludXhAYXJtbGludXgub3JnLnVrPiB3cm90ZToKPj4gPiA+Cj4+ID4gPiBPbiBGcmks IEFwciAwNSwgMjAyNCBhdCAxMjowMjozNlBNICswMTAwLCBNYXJrIFJ1dGxhbmQgd3JvdGU6Cj4+ ID4gPiA+IE9uIFRodSwgQXByIDA0LCAyMDI0IGF0IDAzOjU3OjA0UE0gLTA3MDAsIEFsZXhlaSBT dGFyb3ZvaXRvdiB3cm90ZToKPj4gPiA+ID4gPiBPbiBXZWQsIEFwciAzLCAyMDI0IGF0IDY6NTbi gK9QTSBBbmRyZXcgTW9ydG9uIDxha3BtQGxpbnV4LWZvdW5kYXRpb25vcmc+IHdyb3RlOgo+PiA+ ID4gPiA+ID4KPj4gPiA+ID4gPiA+IE9uIE1vbiwgMDEgQXByIDIwMjQgMjI6MTk6MjUgLTA3MDAg c3l6Ym90IDxzeXpib3QrMTg2NTIyNjcwZTY3MjI2OTJkODZAc3l6a2FsbGVyLmFwcHNwb3RtYWls LmNvbT4gd3JvdGU6Cj4+ID4gPiA+ID4gPgo+PiA+ID4gPiA+ID4gPiBIZWxsbywKPj4gPiA+ID4g PiA+Cj4+ID4gPiA+ID4gPiBUaGFua3MuICBDYzogYnBmQHZnZXIua2VybmVsLm9yZwo+PiA+ID4g PiA+Cj4+ID4gPiA+ID4gSSBzdXNwZWN0IHRoZSBpc3N1ZSBpcyBub3Qgb24gYnBmIHNpZGUuCj4+ ID4gPiA+ID4gTG9va3MgbGlrZSB0aGUgYnVnIGlzIHNvbWV3aGVyZSBpbiBhcm0zMiBiaXRzLgo+ PiA+ID4gPiA+IGNvcHlfZnJvbV9rZXJuZWxfbm9mYXVsdCgpIGlzIGNhbGxlZCBmcm9tIGxvdHMg b2YgcGxhY2VzLgo+PiA+ID4gPiA+IGJwZiBpcyBqdXN0IG9uZSB1c2VyIHRoYXQgaXMgZWFzeSBm b3Igc3l6Ym90IHRvIGZ1enouCj4+ID4gPiA+ID4gSW50ZXJlc3RpbmdseSBhcm0gZGVmaW5lcyBj b3B5X2Zyb21fa2VybmVsX25vZmF1bHRfYWxsb3dlZCgpCj4+ID4gPiA+ID4gdGhhdCBzaG91bGQg aGF2ZSBmaWx0ZXJlZCBvdXQgdXNlciBhZGRyZXNzZXMuCj4+ID4gPiA+ID4gSW4gdGhpcyBjYXNl IGZmZmZmZmU5IGlzIHByb2JhYmx5IGEga2VybmVsIGFkZHJlc3M/Cj4+ID4gPiA+Cj4+ID4gPiA+ IEl0J3MgYXQgdGhlIGVuZCBvZiB0aGUga2VybmVsIHJhbmdlLCBhbmQgaXQncyBFUlJfUFRSKC1F SU5WQUwpLgo+PiA+ID4gPgo+PiA+ID4gPiAweGZmZmZmZmU5IGlzIC0weDE2LCB3aGljaCBpcyAt MjIsIHdoaWNoIGlzIC1FSU5WQUwuCj4+ID4gPiA+Cj4+ID4gPiA+ID4gQnV0IHRoZSBrZXJuZWwg aXMgZG9pbmcgYSB3cml0ZT8KPj4gPiA+ID4gPiBXaGljaCBtYWtlcyBubyBzZW5zZSwgc2luY2Ug Y29weV9mcm9tX2tlcm5lbF9ub2ZhdWx0IGlzIHByb2JlIHJlYWRpbmcuCj4+ID4gPiA+Cj4+ID4g PiA+IEl0IG1ha2VzIHBlcmZlY3Qgc2Vuc2U7IHRoZSByZWFkIGZyb20gJ3NyYycgaGFwcGVuZWQs IHRoZW4gdGhlIGtlcm5lbCB0cmllcyB0bwo+PiA+ID4gPiB3cml0ZSB0aGUgcmVzdWx0IHRvICdk c3QnLCBhbmQgdGhhdCBhbGlnbnMgd2l0aCB0aGUgZGlzYXNzZW1ibHkgaW4gdGhlIHJlcG9ydAo+ PiA+ID4gPiBiZWxvdywgd2hpY2ggSSBiZWxlaXZlIGlzOgo+PiA+ID4gPgo+PiA+ID4gPiAgICAg IDg6IGU0OTQyMDAwICAgICAgICBsZHIgICAgIHIyLCBbcjRdLCAjMCAgPC0tIFJlYWQgb2YgJ3Ny YycsIGZhdWx0IGZpeHVwIGlzIGVsc2V3aGVyZQo+PiA+ID4gPiAgICAgIGM6IGUzNTMwMDAwICAg ICAgICBjbXAgICAgIHIzLCAjMAo+PiA+ID4gPiAgICogMTA6IGU1ODUyMDAwICAgICAgICBzdHIg ICAgIHIyLCBbcjVdICAgICAgPC0tIFdyaXRlIHRvICdkc3QnCj4+ID4gPiA+Cj4+ID4gPiA+IEFz IGFib3ZlLCBpdCBsb29rcyBsaWtlICdkc3QnIGlzIEVSUl9QVFIoLUVJTlZBTCkuCj4+ID4gPiA+ Cj4+ID4gPiA+IEFyZSB5b3UgY2VydGFpbiB0aGF0IEJQRiBpcyBwYXNzaW5nIGEgc2FuZSB2YWx1 ZSBmb3IgJ2RzdCc/IFdoZXJlIGRvZXMgdGhhdAo+PiA+ID4gPiBjb21lIGZyb20gaW4gdGhlIGZp cnN0IHBsYWNlPwo+PiA+ID4KPj4gPiA+IEl0IGxvb2tzIHRvIG1lIGxpa2UgaXQgZ2V0cyBwYXNz ZWQgaW4gZnJvbSB0aGUgQlBGIHByb2dyYW0sIGFuZCB0aGUKPj4gPiA+ICJ0eXBlIiBmb3IgdGhl IGFyZ3VtZW50IGlzIHNldCB0byBBUkdfUFRSX1RPX1VOSU5JVF9NRU0uIFdoYXQgdGhhdAo+PiA+ ID4gbWVhbnMgZm9yIHZhbGlkYXRpb24gcHVycG9zZXMsIEkndmUgbm8gaWRlYSwgSSdtIG5vdCBh IEJQRiBoYWNrZXIuCj4+ID4gPgo+PiA+ID4gT2J2aW91c2x5LCBpZiBCUEYgaXMgYWxsb3dpbmcg Y29weV9mcm9tX2tlcm5lbF9ub2ZhdWx0KCkgdG8gYmUgcGFzc2VkCj4+ID4gPiBhbiBhcmJpdGFy eSBkZXN0aW5hdGlvbiBhZGRyZXNzLCB0aGF0IHdvdWxkIGJlIGEgaHVnZSBzZWN1cml0eSBob2xl Lgo+PiA+Cj4+ID4gSWYgdGhhdCdzIHRoZSBjYXNlIHRoYXQncyBpbmRlZWQgYSBnaWFudCBzZWN1 cml0eSBob2xlLAo+PiA+IGJ1dCBJIGRvdWJ0IGl0LiBXZSB3b3VsZCBiZSBjcmFzaGluZyBvdGhl ciBhcmNocyBhcyB3ZWxsLgo+PiA+IEkgY2Fubm90IHJlYWxseSB0ZWxsIHdoZXRoZXIgYXJtMzIg SklUIGlzIG9uLgo+PiA+IElmIGl0IGlzLCBpdCdzIGxpa2VseSBhIGJ1ZyB0aGVyZS4KPj4gPiBQ dXJhbmpheSwKPj4gPiBjb3VsZCB5b3UgcGxlYXNlIHRha2UgYSBsb29rLgo+PiA+Cj4+IAo+PiBJ IGR1bXBlZCB0aGUgQlBGIHByb2dyYW0gdGhhdCByZXByby5jIGlzIGxvYWRpbmcsIGl0IHdvcmtz IG9uIHg4Ni02NAo+PiBhbmQgdGhlcmUgaXMgbm90aGluZyBzcGVjaWFsIHRoZXJlLiBXZSBhcmUg cHJvYmUtcmVhZGluZyA1IGJ5dGVzIGZyb20KPj4gc29tZXdoZXJlIGludG8gdGhlIHN0YWNrLiBF dmVyeXRoaW5nIGlzIHVuYWxpZ25lZCBoZXJlLCBidXQgc3RheXMKPj4gd2l0aGluIGEgd2VsbC1k ZWZpbmVkIG1lbW9yeSBzbG90Lgo+PiAKPj4gTm90ZSB0aGUgcjMgPSAoczgpcjEsIHRoYXQncyBh IG5ldy1pc2ggdGhpbmcsIG1heWJlIGJ1ZyBpcyBzb21ld2hlcmUKPj4gdGhlcmUgKGJ1dCB0aGVu IGl0IHdvdWxkIGJlIEpJVCwgbm90IHZlcmlmaWVyIGl0c2VsZikKPj4gCj4+ICAgIDA6ICg3YSkg Kih1NjQgKikocjEwIC04KSA9IDg5NjU0MjA2OQo+PiAgICAxOiAoYmYpIHIxID0gcjEwCj4+ICAg IDI6ICgwNykgcjEgKz0gLTcKPj4gICAgMzogKGI3KSByMiA9IDUKPj4gICAgNDogKGJmKSByMyA9 IChzOClyMQo+PiAgICA1OiAoODUpIGNhbGwgYnBmX3Byb2JlX3JlYWRfa2VybmVsIy03MjM5MAo+ CgpJIGhhdmUgc3RhcnRlZCBsb29raW5nIGludG8gdGhpcywgdGhlIGlzc3VlIG9ubHkgcmVwcm9k dWNlcyB3aGVuIHRoZSBKSVQKaXMgZW5hYmxlZC4gV2l0aCB0aGUgaW50ZXJwcmV0ZXIsIGl0IHdv cmtzIGZpbmUuCgpJIHVzZWQgR0RCIHRvIGR1bXAgdGhlIEpJVGVkIEJQRiBwcm9ncmFtOgoKICAg MHhiZjAwMDEyYzogIHB1c2ggICAge3I0LCByNSwgcjYsIHI3LCByOCwgcjksIHIxMSwgbHJ9CiAg IDB4YmYwMDAxMzA6ICBtb3YgICAgIHIxMSwgc3AKICAgMHhiZjAwMDEzNDogIG1vdiAgICAgcjMs ICMwCiAgIDB4YmYwMDAxMzg6ICBzdWIgICAgIHIyLCBzcCwgIzgwICAgICBAIDB4NTAKICAgMHhi ZjAwMDEzYzogIHN1YiAgICAgc3AsIHNwLCAjODggICAgIEAgMHg1OAogICAweGJmMDAwMTQwOiAg c3RyZCAgICByMiwgW3IxMSwgIy02NF0gQCAweGZmZmZmZmMwCiAgIDB4YmYwMDAxNDQ6ICBtb3Yg ICAgIHIyLCAjMAogICAweGJmMDAwMTQ4OiAgc3RyZCAgICByMiwgW3IxMSwgIy03Ml0gQCAweGZm ZmZmZmI4CiAgIDB4YmYwMDAxNGM6ICBtb3YgICAgIHIyLCByMAogICAweGJmMDAwMTUwOiAgbW92 dyAgICByOCwgIzk1ODkgICAgICAgQCAweDI1NzUKICAgMHhiZjAwMDE1NDogIG1vdnQgICAgcjgs ICMxMzY4MCAgICAgIEAgMHgzNTcwCiAgIDB4YmYwMDAxNTg6ICBtb3YgICAgIHI5LCAjMAogICAw eGJmMDAwMTVjOiAgbGRyICAgICByNiwgW3IxMSwgIy02NF0gQCAweGZmZmZmZmMwCiAgIDB4YmYw MDAxNjA6ICBzdHIgICAgIHI4LCBbcjYsICMtOF0KICAgMHhiZjAwMDE2NDogIHN0ciAgICAgcjks IFtyNiwgIy00XQogICAweGJmMDAwMTY4OiAgbGRyZCAgICByMiwgW3IxMSwgIy02NF0gQCAweGZm ZmZmZmMwCiAgIDB4YmYwMDAxNmM6ICBtb3Z3ICAgIHI4LCAjNjU1MjkgICAgICBAIDB4ZmZmOQog ICAweGJmMDAwMTcwOiAgbW92dCAgICByOCwgIzY1NTM1ICAgICAgQCAweGZmZmYKICAgMHhiZjAw MDE3NDogIG1vdncgICAgcjksICM2NTUzNSAgICAgIEAgMHhmZmZmCiAgIDB4YmYwMDAxNzg6ICBt b3Z0ICAgIHI5LCAjNjU1MzUgICAgICBAIDB4ZmZmZgogICAweGJmMDAwMTdjOiAgYWRkcyAgICBy MiwgcjIsIHI4CiAgIDB4YmYwMDAxODA6ICBhZGMgICAgIHIzLCByMywgcjkKICAgMHhiZjAwMDE4 NDogIG1vdiAgICAgcjYsICM1CiAgIDB4YmYwMDAxODg6ICBtb3YgICAgIHI3LCAjMAogICAweGJm MDAwMThjOiAgc3RyZCAgICByNiwgW3IxMSwgIy04XQogICAweGJmMDAwMTkwOiAgbGRyZCAgICBy NiwgW3IxMSwgIy0xNl0KICAgMHhiZjAwMDE5NDogIGxzbCAgICAgcjIsIHIyLCAjMjQKICAgMHhi ZjAwMDE5ODogIGFzciAgICAgcjIsIHIyLCAjMjQKICAgMHhiZjAwMDE5YzogIHN0ciAgICAgcjIs IFtyMTEsICMtMTZdCiAgIDB4YmYwMDAxYTA6ICBhc3IgICAgIHI3LCByNiwgIzMxCiAgIDB4YmYw MDAxYTQ6ICBtb3YgICAgIHIxLCByMwogICAweGJmMDAwMWE4OiAgbW92ICAgICByMCwgcjIKICAg MHhiZjAwMDFhYzogIGxkcmQgICAgcjIsIFtyMTEsICMtOF0KICAgMHhiZjAwMDFiMDogIGxkcmQg ICAgcjgsIFtyMTEsICMtMzJdIEAgMHhmZmZmZmZlMAogICAweGJmMDAwMWI0OiAgcHVzaCAgICB7 cjgsIHI5fQogICAweGJmMDAwMWI4OiAgbGRyZCAgICByOCwgW3IxMSwgIy0yNF0gQCAweGZmZmZm ZmU4CiAgIDB4YmYwMDAxYmM6ICBwdXNoICAgIHtyOCwgcjl9CiAgIDB4YmYwMDAxYzA6ICBsZHJk ICAgIHI4LCBbcjExLCAjLTE2XQogICAweGJmMDAwMWM0OiAgcHVzaCAgICB7cjgsIHI5fQogICAw eGJmMDAwMWM4OiAgbW92dyAgICByNiwgIzQwNTM2ICAgICAgQCAweDllNTgKICAgMHhiZjAwMDFj YzogIG1vdnQgICAgcjYsICM0OTIyMyAgICAgIEAgMHhjMDQ3CiAgIDB4YmYwMDAxZDA6ICBibHgg ICAgIHI2CiAgIDB4YmYwMDAxZDQ6ICBhZGQgICAgIHNwLCBzcCwgIzI0CiAgIDB4YmYwMDAxZDg6 ICBtb3YgICAgIHIwLCAjMAogICAweGJmMDAwMWRjOiAgbW92ICAgICByMSwgIzAKICAgMHhiZjAw MDFlMDogIG1vdiAgICAgc3AsIHIxMQogICAweGJmMDAwMWU0OiAgcG9wICAgICB7cjQsIHI1LCBy NiwgcjcsIHI4LCByOSwgcjExLCBwY30KClRoYW5rcywKUHVyYW5qYXkKCl9fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fCmxpbnV4LWFybS1rZXJuZWwgbWFpbGlu ZyBsaXN0CmxpbnV4LWFybS1rZXJuZWxAbGlzdHMuaW5mcmFkZWFkLm9yZwpodHRwOi8vbGlzdHMu aW5mcmFkZWFkLm9yZy9tYWlsbWFuL2xpc3RpbmZvL2xpbnV4LWFybS1rZXJuZWwK