From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from outgoing2021.csail.mit.edu (outgoing2021.csail.mit.edu [128.30.2.78]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E9AB7EC0 for ; Mon, 20 Jan 2025 18:01:23 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=128.30.2.78 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737396086; cv=none; b=uHoFAjwuZKVZMrTtAYWa3TSf5cHQ8mOIgCq+b03tRwZwIk9jD0ThOUwGxIWS/nff1cAHX71hi/1hF7AINbnvCy0WNqjV3xh+sO8swBeulwilkp9IQRtlXyQzHaAHfU/gSz0vu0PfazCopfGB/+egtorEulHkUg21pSUebRjEGBo= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737396086; c=relaxed/simple; bh=qtcpWXms49/RoUbMNpovyg/+ZkWcLZ7wBx9ff8O5TCI=; h=To:From:Subject:MIME-Version:Content-Type:Date:Message-ID; b=UYWbUi50iAzCNbHcR4zKKfAbCDnwCIx/D9ezq9n0fnBV+15smrl0q8I2R4IZBYtn5Yo8rceLDdjmnUkrderohznd0ZcdTpEaWzXNYHXuTdBxgnleMc5T6sXYrHOhg2QqRUrhpxsp3LI40tH9VBYvANI7EDIZMxvN8Xx0BLjVzW0= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=csail.mit.edu; spf=pass smtp.mailfrom=csail.mit.edu; dkim=pass (2048-bit key) header.d=outgoing.csail.mit.edu header.i=@outgoing.csail.mit.edu header.b=I8igt5Mu; arc=none smtp.client-ip=128.30.2.78 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=csail.mit.edu Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=csail.mit.edu Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=outgoing.csail.mit.edu header.i=@outgoing.csail.mit.edu header.b="I8igt5Mu" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=outgoing.csail.mit.edu; s=test20231205; h=Message-ID:Date:Content-Type: MIME-Version:Subject:Reply-To:From:To:Sender:Cc:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=Zc//Ps8HUH1maaMOu16fP645tpKveSprmUe+IjYFVqA=; t=1737396083; x=1738260083; b=I8igt5MuTac6dpsv0emvDXJEwLPmufO0eoUfbn+y7db4lS5TpkfZQXUIH/tpudC6Bxw6Ccz/2l2 st7I40P2Iub83Zp2MACEPQsBBTFbpF9iQrhLxhFrUzSWsBo4IFso0iZnuWRE/VnO9b0Ir4ToZ5ncP 9xoYP6vLlPq/skZl21HcdapXB8flz7QqH0JBuG75frmwzWH+pmH9+mShDUh2VLqeNOMeNLQ/qKkKg L9AJUeeGclGJG/z3ufVitYwDKg6W1bOUrQON4QMoKeG/mfrV5xnctnp4cYjc4dVfVqpx5Kh9x1Joc /BCd3I1kLSyXYAyfakrSc3U2QLB8Q5qBZ31w==; Received: from [73.149.18.137] (helo=crash.local) by outgoing2021.csail.mit.edu with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1tZvYV-00H60e-OU for linux-usb@vger.kernel.org; Mon, 20 Jan 2025 12:27:19 -0500 Received: from localhost (localhost [127.0.0.1]) by crash.local (Postfix) with ESMTP id 329EA19FA113 for ; Mon, 20 Jan 2025 12:27:19 -0500 (EST) To: linux-usb@vger.kernel.org From: rtm@csail.mit.edu Reply-To: rtm@csail.mit.edu Subject: USB hub code can dereference NULL hub and hub->ports Precedence: bulk X-Mailing-List: linux-usb@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" Date: Mon, 20 Jan 2025 12:27:19 -0500 Message-ID: <95564.1737394039@localhost> --=-=-= Content-Type: text/plain The attached program, which acts via usbip as a USB device or hub, causes my linux machines to dereference some NULL pointers in drivers/usb/core/hub.c. These are places where udev->maxchild > 0, but either usb_hub_to_struct_hub(udev) returns NULL, or the returned hub has hub->ports == NULL. This is one such place: static void recursively_mark_NOTATTACHED(struct usb_device *udev) { struct usb_hub *hub = usb_hub_to_struct_hub(udev); int i; for (i = 0; i < udev->maxchild; ++i) { if (hub->ports[i]->child) And this: static void hub_disconnect_children(struct usb_device *udev) { struct usb_hub *hub = usb_hub_to_struct_hub(udev); int i; /* Free up all the children before we remove this device */ for (i = 0; i < udev->maxchild; i++) { if (hub->ports[i]->child) This can see NULL hub->ports: void usb_hub_adjust_deviceremovable(struct usb_device *hdev, struct usb_hub_descriptor *desc) { struct usb_hub *hub = usb_hub_to_struct_hub(hdev); enum usb_port_connect_type connect_type; int i; if (!hub) return; if (!hub_is_superspeed(hdev)) { for (i = 1; i <= hdev->maxchild; i++) { struct usb_port *port_dev = hub->ports[i - 1]; This can see a NULL hub: static int hub_set_address(struct usb_device *udev, int devnum) { int retval; unsigned int timeout_ms = USB_CTRL_SET_TIMEOUT; struct usb_hcd *hcd = bus_to_hcd(udev->bus); struct usb_hub *hub = usb_hub_to_struct_hub(udev->parent); if (hub->hdev->quirks & USB_QUIRK_SHORT_SET_ADDRESS_REQ_TIMEOUT) I've attached a demo that runs into some of these NULL dereferences. It depends on being able to run usbip (and modeprobe vhci-hcd). # uname -a Linux xxx 6.13.0-rc3-00017-gf44d154d6e3d #14 SMP Mon Jan 20 04:52:59 EST 2025 x86_64 x86_64 x86_64 GNU/Linux # cc usbhub11b.c # ./a.out ... hub 1-1:1.16: bad descriptor, ignoring hub hub 1-1:1.16: probe with driver hub failed with error -5 BUG: kernel NULL pointer dereference, address: 0000000000000250 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: Oops: 0000 [#1] SMP DEBUG_PAGEALLOC PTI CPU: 8 UID: 0 PID: 302 Comm: kworker/8:1 Not tainted 6.13.0-rc3-00017-gf44d154d6 e3d #14 Hardware name: FreeBSD BHYVE/BHYVE, BIOS 14.0 10/17/2021 Workqueue: usb_hub_wq hub_event RIP: 0010:recursively_mark_NOTATTACHED+0x37/0x90 Code: 48 85 ff 74 71 4c 8b a7 18 04 00 00 4d 85 e4 74 13 85 c0 74 3a 49 8b 94 24 98 00 00 00 4c 8b a2 c8 00 00 00 85 c0 7e 27 31 db <49> 8b 84 24 50 02 00 00 48 8b 04 d8 48 8b 38 48 85 ff 74 05 e8 b0 RSP: 0018:ffffc9000096bd28 EFLAGS: 00010046 RAX: 0000000000000001 RBX: 0000000000000000 RCX: ffff888106224c00 RDX: ffff8881037bc000 RSI: 0000000000000007 RDI: ffff88810a502000 RBP: ffff88810a502000 R08: 000000000000005a R09: 0000000000000000 R10: ffff88810a502000 R11: ffff88810a502000 R12: 0000000000000000 R13: ffff88810a502000 R14: ffff8881062241f0 R15: 0000000000000001 FS: 0000000000000000(0000) GS:ffff88842dc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000250 CR3: 0000000003636001 CR4: 00000000003706f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: ? __die+0x1e/0x60 ? page_fault_oops+0x157/0x450 ? set_track_prepare+0x3b/0x60 ? usb_control_msg+0xfd/0x150 ? check_bytes_and_report.isra.0+0x48/0x120 ? exc_page_fault+0x66/0x140 ? asm_exc_page_fault+0x26/0x30 ? recursively_mark_NOTATTACHED+0x37/0x90 ? usb_control_msg+0xfd/0x150 usb_disconnect+0x37/0x2c0 hub_event+0xc8f/0x1870 usb_disconnect+0x37/0x2c0 hub_event+0xc8f/0x1870 ? trace_event_raw_event_sched_switch+0x51/0x150 process_one_work+0x13f/0x330 worker_thread+0x25a/0x370 ? _raw_spin_unlock_irqrestore+0xd/0x20 ? __pfx_worker_thread+0x10/0x10 kthread+0xdc/0x110 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x2f/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30 Robert Morris rtm@mit.edu --=-=-= Content-Type: application/octet-stream Content-Disposition: attachment; filename=usbhub11b.c Content-Transfer-Encoding: base64 I2luY2x1ZGUgPHN0ZGlvLmg+CiNpbmNsdWRlIDxzdGRsaWIuaD4KI2luY2x1ZGUgPHVuaXN0ZC5o PgojaW5jbHVkZSA8c3lzL3NvY2tldC5oPgojaW5jbHVkZSA8c3lzL3NlbGVjdC5oPgojaW5jbHVk ZSA8c3lzL3R5cGVzLmg+CiNpbmNsdWRlIDxzeXMvdGltZS5oPgojaW5jbHVkZSA8bmV0aW5ldC9p bi5oPgojaW5jbHVkZSA8c2lnbmFsLmg+CiNpbmNsdWRlIDxmY250bC5oPgojaW5jbHVkZSA8c3Ry aW5nLmg+CiNpbmNsdWRlIDxzeXMvd2FpdC5oPgojaW5jbHVkZSA8c3lzL3Jlc291cmNlLmg+CiNp bmNsdWRlIDxhc3NlcnQuaD4KCmludCBzeW1jbWQgPSA1OwppbnQgc3ltY21kMiA9IC0xOwppbnQg c3ltX2FsbF9zY3NpID0gMDsKaW50IHN5bV9zY3NpX2NtZCA9IC0xOwoKdW5zaWduZWQgbG9uZyBh YVtdID0gewoweDEwMDAwMDAwMDB1bGwsCjB4MTAwMDAwMDB1bGwsCjB4MjUwMDAwMDB1bGwsCjB4 MHVsbCwKMHgwdWxsLAoweDB1bGwsCjB4MHVsbCwKMHgwdWxsLAoweDB1bGwsCjB4MHVsbCwKMHgw dWxsLAoweDB1bGwsCjB4MHVsbCwKMHgwdWxsLAoweDB1bGwsCjB4MHVsbCwKMHgwdWxsLAoweDB1 bGwsCjB4MHVsbCwKMHgwdWxsLAoweDB1bGwsCjB4MHVsbCwKMHgwdWxsLAoweDB1bGwsCjB4MHVs bCwKMHgwdWxsLAoweDB1bGwsCjB4MHVsbCwKMHgwdWxsLAoweDB1bGwsCjB4MHVsbCwKMHgwdWxs LAoweDB1bGwsCjB4MHVsbCwKMHgwdWxsLAoweDB1bGwsCjB4MHVsbCwKMHgwdWxsLAoweDB1bGws CjB4MHVsbCwKMHgwdWxsLAoweDB1bGwsCjB4MHVsbCwKMHgwdWxsLAoweDB1bGwsCjB4MHVsbCwK MHgwdWxsLAoweDB1bGwsCjB4MHVsbCwKMHgwdWxsLAoweDB1bGwsCjB4MHVsbCwKMHgwdWxsLAow eDB1bGwsCjB4MHVsbCwKMHgwdWxsLAoweDB1bGwsCjB4MHVsbCwKMHgwdWxsLAoweDB1bGwsCjB4 MHVsbCwKMHgwdWxsLAoweDB1bGwsCjB4MHVsbCwKfTsKaW50IGFhaTsKCnN0YXRpYyBpbmxpbmUg dW5zaWduZWQgbG9uZyByZWFsX3N5bXgoKSB7CiAgcmV0dXJuIGFhW2FhaSsrXTsKfQoKc3RhdGlj IGludCBzdGFydGVkID0gMDsKc3RhdGljIHVuc2lnbmVkIGxvbmcgc3lteCgpIHsKI2RlZmluZSBO U1lNIDY0CiAgc3RhdGljIHVuc2lnbmVkIGxvbmcgc2FbTlNZTV07CiAgc3RhdGljIGludCBzYWkg PSAwOwogIGlmKHN0YXJ0ZWQgPT0gMCl7CiAgICBzdGFydGVkID0gMTsKICAgIHVzbGVlcCgyMDAw MDApOwogICAgZm9yKGludCBpID0gMDsgaSA8IE5TWU07IGkrKyl7CiAgICAgIHNhW2ldID0gcmVh bF9zeW14KCk7CiAgICB9CiAgfQogIGlmKHNhaSA+PSBOU1lNKXsKICAgIHByaW50ZigiISEhIHJh biBvdXQgb2YgU1lNXG4iKTsKICAgIHJldHVybiAwOwogIH0KICByZXR1cm4gc2Fbc2FpKytdOwp9 CgpzdHJ1Y3Qgb3BfY29tbW9uIHsKICB1bnNpZ25lZCBzaG9ydCB2ZXJzaW9uOwogIHVuc2lnbmVk IHNob3J0IGNvZGU7CiAgdW5zaWduZWQgaW50IHN0YXR1czsKfTsKCnN0cnVjdCB1c2JpcF91c2Jf ZGV2aWNlIHsKCWNoYXIgcGF0aFsyNTZdOwoJY2hhciBidXNpZFszMl07CgoJdWludDMyX3QgYnVz bnVtOwoJdWludDMyX3QgZGV2bnVtOwoJdWludDMyX3Qgc3BlZWQ7CgoJdWludDE2X3QgaWRWZW5k b3I7Cgl1aW50MTZfdCBpZFByb2R1Y3Q7Cgl1aW50MTZfdCBiY2REZXZpY2U7CgoJdWludDhfdCBi RGV2aWNlQ2xhc3M7Cgl1aW50OF90IGJEZXZpY2VTdWJDbGFzczsKCXVpbnQ4X3QgYkRldmljZVBy b3RvY29sOwoJdWludDhfdCBiQ29uZmlndXJhdGlvblZhbHVlOwoJdWludDhfdCBiTnVtQ29uZmln dXJhdGlvbnM7Cgl1aW50OF90IGJOdW1JbnRlcmZhY2VzOwp9IF9fYXR0cmlidXRlX18oKHBhY2tl ZCkpOwoKc3RydWN0IHVzYmlwX2hlYWRlcl9iYXNpYyB7CiAgdW5zaWduZWQgaW50IGNvbW1hbmQ7 CiAgdW5zaWduZWQgaW50IHNlcW51bTsKICB1bnNpZ25lZCBpbnQgZGV2aWQ7CiAgdW5zaWduZWQg aW50IGRpcmVjdGlvbjsKICB1bnNpZ25lZCBpbnQgZXA7Cn07CgpzdHJ1Y3QgdXNiaXBfaGVhZGVy X2NtZF9zdWJtaXQgewogIHVuc2lnbmVkIGludCB0cmFuc2Zlcl9mbGFnczsKICBpbnQgdHJhbnNm ZXJfYnVmZmVyX2xlbmd0aDsKICBpbnQgc3RhcnRfZnJhbWU7CiAgaW50IG51bWJlcl9vZl9wYWNr ZXRzOwogIGludCBpbnRlcnZhbDsKICB1bnNpZ25lZCBjaGFyIHNldHVwWzhdOwp9OwoKc3RydWN0 IHVzYmlwX2hlYWRlcl9yZXRfc3VibWl0IHsKICBpbnQgc3RhdHVzOwogIGludCBhY3R1YWxfbGVu Z3RoOwogIGludCBzdGFydF9mcmFtZTsKICBpbnQgbnVtYmVyX29mX3BhY2tldHM7CiAgaW50IGVy cm9yX2NvdW50Owp9OwoKaW50CnJlYWRhYmxlKGludCBmZCkKewogIGZkX3NldCByZWFkZmRzOwog IEZEX1pFUk8oJnJlYWRmZHMpOwogIEZEX1NFVChmZCwgJnJlYWRmZHMpOwogIHN0cnVjdCB0aW1l dmFsIHR2OwogIHR2LnR2X3NlYyA9IDQ7CiAgdHYudHZfdXNlYyA9IDA7CiAgaW50IHNzID0gc2Vs ZWN0KGZkICsgMSwgJnJlYWRmZHMsIChmZF9zZXQqKTAsIChmZF9zZXQqKTAsICZ0dik7CiAgcmV0 dXJuIEZEX0lTU0VUKGZkLCAmcmVhZGZkcyk7Cn0KCmludApyZWFkbihpbnQgZmQsIHZvaWQgKnhi dWYsIGludCBuKQp7CiAgY2hhciAqYnVmID0geGJ1ZjsKICBpbnQgZ290ID0gMDsKICB3aGlsZShn b3QgPCBuKXsKICAgIGlmKHJlYWRhYmxlKGZkKSA9PSAwKXsKICAgICAgcHJpbnRmKCJ1c2JpcDA6 IHRpbWVvdXRcbiIpOwogICAgICByZXR1cm4gLTE7CiAgICB9CiAgICBpbnQgY2MgPSByZWFkKGZk LCBidWYrZ290LCBuLWdvdCk7CiAgICBpZihjYyA8PSAwKXsKICAgICAgcGVycm9yKCJ1c2JpcDA6 IHJlYWQiKTsKICAgICAgcmV0dXJuIC0xOwogICAgfQogICAgZ290ICs9IGNjOwogIH0KICByZXR1 cm4gZ290Owp9Cgp2b2lkCm1raWYoY2hhciAqKnhwLCBpbnQgbnVtLCBpbnQgYWx0LCBpbnQgZXBz LCBpbnQgY2wsIGludCBzdWJjbCwgaW50IHByb3RvLCBpbnQgaWZmKQp7CiAgY2hhciAqcCA9ICp4 cDsKCiAgLy8gdXNiX2ludGVyZmFjZV9kZXNjcmlwdG9yCiAgKnArKyA9IDk7IC8vIGJMZW5ndGgK ICAqcCsrID0gNDsgLy8gYkRlc2NyaXB0b3JUeXBlIFVTQl9EVF9JTlRFUkZBQ0UKICAqcCsrID0g bnVtOyAvLyBiSW50ZXJmYWNlTnVtYmVyCiAgKnArKyA9IGFsdDsgLy8gYkFsdGVybmF0ZVNldHRp bmcKICAqcCsrID0gZXBzOyAvLyBiTnVtRW5kcG9pbnRzCiAgKnArKyA9IGNsOyAvLyBiSW50ZXJm YWNlQ2xhc3MKICAqcCsrID0gc3ViY2w7IC8vIGJJbnRlcmZhY2VTdWJDbGFzcwogICpwKysgPSBw cm90bzsgLy8gYkludGVyZmFjZVByb3RvY29sCiAgKnArKyA9IGlmZjsgLy8gaUludGVyZmFjZQoK ICAqeHAgPSBwOwp9Cgp2b2lkCm1rYWQoY2hhciAqKnhwLCBpbnQgdHlwZSwgaW50IHN1YnR5cGUp CnsKICBjaGFyICpwID0gKnhwOwoKICAvLyBBZGRpdGlvbmFsIERlc2NyaXB0b3IKCiAgKnArKyA9 IDA7IC8vIGJMZW5ndGggKGZpbGxlZCBpbiBsYXRlcikKICAqcCsrID0gdHlwZTsgLy8gYkRlc2Ny aXB0b3JUeXBlCiAgKnArKyA9IHN1YnR5cGU7IC8vIGJEZXNjcmlwdG9yU3VidHlwZQogIAogIGlm KHR5cGUgPT0gMzYgJiYgc3VidHlwZSA9PSAxKXsKICAgIC8vIEFTX0dFTkVSQUwKICAgICpwKysg PSAxOyAvLyBiVGVybWluYWxMaW5rCiAgICAqcCsrID0gMTsgLy8gYkRlbGF5CiAgICAqcCsrID0g MTsgLy8gd0Zvcm1hdFRhZyBQQ00KICAgIHArKzsKICB9IGVsc2UgaWYodHlwZSA9PSAzNiAmJiBz dWJ0eXBlID09IDIpewogICAgLy8gRk9STUFUX1RZUEUKICAgICpwKysgPSAxOyAvLyBiRm9ybWF0 VHlwZQogICAgKnArKyA9IDI7IC8vIGJOckNoYW5uZWxzCiAgICAqcCsrID0gMzsgLy8gYlN1YmZy YW1lU2l6ZQogICAgKnArKyA9IDI0OyAvLyBiQml0UmVzb2x1dGlvbgogICAgKnArKyA9IDI7IC8v IGJTYW1GcmVxVHlwZSAKICAgICpwKysgPSAyOyAvLyBiU2FtRnJlcVR5cGUgCiAgICBwICs9IDU7 CiAgfSBlbHNlIHsKICAgICpwKysgPSAwOyAvLyBiY2RBREMKICAgICpwKysgPSAxOwogICAgKihz aG9ydCopcCA9IDB4NWY7IC8vIHdUb3RhbExlbmd0aAogICAgcCArPSAyOwogICAgKnArKyA9IDI7 IC8vIGJJbkNvbGxlY3Rpb24KICAgICpwKysgPSAxOyAvLyBiYUludGVyZmFjZU5yKDApCiAgICAq cCsrID0gMjsgLy8gYmFJbnRlcmZhY2VOcigxKQogIH0KCiAgKigqeHApID0gcCAtICgqeHApOyAv LyBiTGVuZ3RoCgogICp4cCA9IHA7Cn0KCnZvaWQKbWthZHgoY2hhciAqKnhwLCBpbnQgdHlwZSwg aW50IHN1YnR5cGUsIGludCBsZW4sIGludCBhW10pCnsKICBjaGFyICpwID0gKnhwOwoKICAvLyBB ZGRpdGlvbmFsIERlc2NyaXB0b3IKCiAgKnArKyA9IDA7IC8vIGJMZW5ndGggKGZpbGxlZCBpbiBs YXRlcikKICAqcCsrID0gdHlwZTsgLy8gYkRlc2NyaXB0b3JUeXBlCiAgKnArKyA9IHN1YnR5cGU7 IC8vIGJEZXNjcmlwdG9yU3VidHlwZQoKICBmb3IoaW50IGkgPSAwOyBpIDwgbGVuIC0gMzsgaSsr KQogICAgKnArKyA9IGFbaV07CgogICooKnhwKSA9IHAgLSAoKnhwKTsgLy8gYkxlbmd0aAogICp4 cCA9IHA7Cn0KCnZvaWQKbWtlcChjaGFyICoqeHAsIGludCBlcGEsIGludCBhdHRyLCBpbnQgbWF4 cCkKewogIGNoYXIgKnAgPSAqeHA7CgogIC8vIHVzYl9lbmRwb2ludF9kZXNjcmlwdG9yCiAgKnAr KyA9IDk7CiAgKnArKyA9IDU7IC8vIGJEZXNjcmlwdG9yVHlwZSBVU0JfRFRfRU5EUE9JTlQKICAq cCsrID0gZXBhOyAvLyBiRW5kcG9pbnRBZGRyZXNzCiAgKnArKyA9IGF0dHI7IC8vIGJtQXR0cmli dXRlcwogICooc2hvcnQqKXAgPSBtYXhwOyAvLyB3TWF4UGFja2V0U2l6ZQogIHAgKz0gMjsKICAq cCsrID0gNzsgLy8gYkludGVydmFsCiAgcCArPSAyOyAvLyA/Pz8KCiAgKnhwID0gcDsKfQoKaW50 Cm1haW4oaW50IGFyZ2MsIGNoYXIgKmFyZ3ZbXSkKewogIHN0cnVjdCBybGltaXQgcjsKICByLnJs aW1fY3VyID0gci5ybGltX21heCA9IDA7CiAgc2V0cmxpbWl0KFJMSU1JVF9DT1JFLCAmcik7Cgog IGludCBwb3J0ID0gMzI0MDsKICBpbnQgcywgeWVzID0gMTsKICBzdHJ1Y3Qgc29ja2FkZHJfaW4g c2luOwoKICBtZW1zZXQoJnNpbiwgMCwgc2l6ZW9mKHNpbikpOwogIHNpbi5zaW5fZmFtaWx5ID0g QUZfSU5FVDsKICBzaW4uc2luX3BvcnQgPSBodG9ucyhwb3J0KTsKCiAgcyA9IHNvY2tldChBRl9J TkVULCBTT0NLX1NUUkVBTSwgMCk7CiAgaWYocyA8IDApewogICAgcGVycm9yKCJzb2NrZXQiKTsK ICAgIGV4aXQoMSk7CiAgfQoKICBzZXRzb2Nrb3B0KHMsIFNPTF9TT0NLRVQsIFNPX1JFVVNFQURE UiwgJnllcywgc2l6ZW9mKHllcykpOwoKICBpZihiaW5kKHMsIChzdHJ1Y3Qgc29ja2FkZHIgKikg JnNpbiwgc2l6ZW9mKHNpbikpIDwgMCl7CiAgICBwZXJyb3IoImZhc3RmaW5nZXJkOiBiaW5kIik7 CiAgICBleGl0KDEpOwogIH0KCiAgaWYobGlzdGVuKHMsIDMwMDApIDwgMCl7CiAgICBwZXJyb3Io ImZhc3RmaW5nZXJkOiBsaXN0ZW4iKTsKICAgIGV4aXQoMSk7CiAgfQoKICBzeXN0ZW0oIm1vZHBy b2JlIHZoY2ktaGNkIik7CgogIC8vIHN5c3RlbSgidXNiaXAvc3JjL3VzYmlwIGF0dGFjaCAtciAx MjcuMC4wLjEgLWIgMS0xICYiKTsKICBzeXN0ZW0oInVzYmlwIGF0dGFjaCAtciAxMjcuMC4wLjEg LWIgMS0xICYiKTsKICBzbGVlcCgyKTsKICBzeW5jKCk7CiAgc2xlZXAoMSk7CgogIGludCBzMTsK ICB1bnNpZ25lZCBzaW5sZW4gPSBzaXplb2Yoc2luKTsKICBzMSA9IGFjY2VwdChzLCAoc3RydWN0 IHNvY2thZGRyICopICZzaW4sICZzaW5sZW4pOwogIGlmKHMxIDwgMCl7CiAgICBwZXJyb3IoImFj Y2VwdCIpOwogICAgZXhpdCgxKTsKICB9CiAgY2xvc2Uocyk7CiAgCiAgc3RydWN0IG9wX2NvbW1v biBvcDsKICAKICAvLyBPUF9SRVFfSU1QT1JUCiAgcmVhZG4oczEsICZvcCwgc2l6ZW9mKG9wKSk7 CiAgLy9wcmludGYoInZlcnNpb24gMHgleCBjb2RlIDB4JXggc3RhdHVzIDB4JXhcbiIsIAogIC8v ICAgICAgIG9wLnZlcnNpb24sIG9wLmNvZGUsIG9wLnN0YXR1cyk7CiAgCiAgY2hhciBidXNpZFsz Ml07CiAgcmVhZG4oczEsIGJ1c2lkLCBzaXplb2YoYnVzaWQpKTsKICAKICBvcC5jb2RlID0gaHRv bnMoMHgwMyk7IC8vIE9QX1JFUF9JTVBPUlQKICBvcC5zdGF0dXMgPSBodG9ubCgwKTsgLy8gU1Rf T0sKICAKICB3cml0ZShzMSwgJm9wLCBzaXplb2Yob3ApKTsKICAKICBzdHJ1Y3QgdXNiaXBfdXNi X2RldmljZSB1dWQ7CiAgbWVtc2V0KCZ1dWQsIDAsIHNpemVvZih1dWQpKTsKICBzdHJjcHkodXVk LmJ1c2lkLCBidXNpZCk7CiAgLy91dWQuc3BlZWQgPSBodG9ubCgyKTsgLy8gVVNCX1NQRUVEX0ZV TEwKICB1dWQuc3BlZWQgPSBodG9ubCgzKTsgLy8gVVNCX1NQRUVEX0hJR0gKICAvL3V1ZC5zcGVl ZCA9IGh0b25sKDUpOyAvLyBVU0JfU1BFRURfU1VQRVIKICAKICB3cml0ZShzMSwgJnV1ZCwgc2l6 ZW9mKHV1ZCkpOwogIAogIC8vIG5vdyB0YWxraW5nIHRvIHRoZSBrZXJuZWwKCiAgaW50IGNtZG5v ID0gMDsKICBpbnQgbGFzdFRhZyA9IDA7IC8vIHVzYl9zdG9yX0J1bGtUcmFuc3BvcnQgbGluZSAx MjU1CiAgdW5zaWduZWQgY2hhciBDREJbMTZdOyAvLyBTQ1NJIGNvbW1hbmQKICBtZW1zZXQoQ0RC LCAwLCBzaXplb2YoQ0RCKSk7CgogIHdoaWxlKDEpewogICAgc3RydWN0IHVzYmlwX2hlYWRlcl9i YXNpYyBpYmg7CiAgICAvL3N5bmMoKTsgLy8gZG9uJ3Qgc3luYygpIC0tIGRlYWRsb2NrLgogICAg aWYocmVhZG4oczEsICZpYmgsIHNpemVvZihpYmgpKSA8IDApCiAgICAgIGJyZWFrOwoKI2lmIDEK ICAgIHByaW50ZigiJWQ6IGNvbW1hbmQgMHgleCBzZXFudW0gJWQgZGV2aWQgMHgleCBkaXJlY3Rp b24gMHgleCBlcCAweCV4XG4iLAogICAgICAgICAgIGNtZG5vLAogICAgICAgICAgIG50b2hsKGli aC5jb21tYW5kKSwKICAgICAgICAgICBudG9obChpYmguc2VxbnVtKSwKICAgICAgICAgICBudG9o bChpYmguZGV2aWQpLAogICAgICAgICAgIG50b2hsKGliaC5kaXJlY3Rpb24pLAogICAgICAgICAg IG50b2hsKGliaC5lcCkpOwojZW5kaWYKICAKICAgIGlmKG50b2hsKGliaC5jb21tYW5kKSA9PSAx KXsKICAgICAgLy8gVVNCSVBfQ01EX1NVQk1JVAogICAgICBzdHJ1Y3QgdXNiaXBfaGVhZGVyX2Nt ZF9zdWJtaXQgY3M7CiAgICAgIG1lbXNldCgmY3MsIDAsIHNpemVvZihjcykpOwogICAgICBpZihy ZWFkbihzMSwgJmNzLCBzaXplb2YoY3MpKSA8IDApCiAgICAgICAgYnJlYWs7CiNpZiAxCiAgICAg IHByaW50ZigiICBmbGFncyAweCV4IGJ1ZmxlbiAlZCBucCAlZCwgIiwKICAgICAgICAgICAgIG50 b2hsKGNzLnRyYW5zZmVyX2ZsYWdzKSwKICAgICAgICAgICAgIG50b2hsKGNzLnRyYW5zZmVyX2J1 ZmZlcl9sZW5ndGgpLAogICAgICAgICAgICAgbnRvaGwoY3MubnVtYmVyX29mX3BhY2tldHMpKTsK ICAgICAgZm9yKGludCBpID0gMDsgaSA8IDg7IGkrKykKICAgICAgICBwcmludGYoIiUwMnggIiwg Y3Muc2V0dXBbaV0gJiAweGZmKTsKICAgICAgcHJpbnRmKCJcbiIpOwojZW5kaWYKICAgICAgCiAg ICAgIGludCB0cmFuc2xlbiA9IG50b2hsKGNzLnRyYW5zZmVyX2J1ZmZlcl9sZW5ndGgpOwogICAg ICAKICAgICAgaWYoaWJoLmRpcmVjdGlvbiA9PSAwKXsKICAgICAgICBjaGFyIGlidWZbNDA5Nl07 CiAgICAgICAgYXNzZXJ0KHRyYW5zbGVuIDw9IHNpemVvZihpYnVmKSk7CiAgICAgICAgaWYocmVh ZG4oczEsIGlidWYsIHRyYW5zbGVuKSA8IDApCiAgICAgICAgICBicmVhazsKICAgICAgICBpZih0 cmFuc2xlbiA+PSAxNiAmJiBtZW1jbXAoaWJ1ZiwgIlVTQkMiLCA0KSA9PSAwKXsKICAgICAgICAg IC8vIHN0cnVjdCBidWxrX2NiX3dyYXAKICAgICAgICAgIGxhc3RUYWcgPSBpYnVmWzRdOwogICAg ICAgICAgcHJpbnRmKCIgIFVTQkMgdGFnPSVkIGR0bD0lZCBmbD0weCUwMnggbHVuPSVkIGxlbj0l ZFxuIiwKICAgICAgICAgICAgICAgICAqKGludCopKGlidWYrNCksCiAgICAgICAgICAgICAgICAg KihpbnQqKShpYnVmKzgpLAogICAgICAgICAgICAgICAgIGlidWZbMTJdICYgMHhmZiwKICAgICAg ICAgICAgICAgICBpYnVmWzEzXSAmIDB4ZmYsCiAgICAgICAgICAgICAgICAgaWJ1ZlsxNF0gJiAw eGZmKTsKICAgICAgICAgIHByaW50ZigiICAiKTsKICAgICAgICAgIGZvcihpbnQgaSA9IDA7IGkg PCAxNjsgaSsrKQogICAgICAgICAgICBwcmludGYoIiUwMnggIiwgaWJ1ZlsxNStpXSAmIDB4ZmYp OwogICAgICAgICAgcHJpbnRmKCJcbiIpOwogICAgICAgICAgbWVtY3B5KENEQiwgaWJ1ZisxNSwg c2l6ZW9mKENEQikpOwogICAgICAgIH0gZWxzZSBpZih0cmFuc2xlbiA+IDApewogICAgICAgICAg Zm9yKGludCBpID0gMDsgaSA8IHRyYW5zbGVuICYmIGkgPCAxNjsgaSsrKQogICAgICAgICAgICBw cmludGYoIiUwMnggIiwgaWJ1ZltpXSAmIDB4ZmYpOwogICAgICAgICAgcHJpbnRmKCJcbiIpOwog ICAgICAgIH0KICAgICAgfQogICAgICAKICAgICAgc3RydWN0IHVzYmlwX2hlYWRlcl9iYXNpYyBv Ymg7CiAgICAgIG1lbXNldCgmb2JoLCAwLCBzaXplb2Yob2JoKSk7CiAgICAgIG9iaC5jb21tYW5k ID0gaHRvbmwoMyk7IC8vIFVTQklQX1JFVF9TVUJNSVQKICAgICAgb2JoLnNlcW51bSA9IGliaC5z ZXFudW07CiAgICAgIG9iaC5kZXZpZCA9IGliaC5kZXZpZDsKICAgICAgb2JoLmRpcmVjdGlvbiA9 IGh0b25sKCFudG9obChpYmguZGlyZWN0aW9uKSk7CiAgICAgIG9iaC5lcCA9IGliaC5lcDsKICAg ICAgd3JpdGUoczEsICZvYmgsIHNpemVvZihvYmgpKTsKICAgICAgCiAgICAgIGNoYXIgcnNidWZb c2l6ZW9mKGNzKV07CiAgICAgIG1lbXNldChyc2J1ZiwgMCwgc2l6ZW9mKHJzYnVmKSk7CiAgICAg IHN0cnVjdCB1c2JpcF9oZWFkZXJfcmV0X3N1Ym1pdCAqcnMgPSAodm9pZCopcnNidWY7CiAgICAg IGlmKGliaC5kaXJlY3Rpb24pewogICAgICAgIHJzLT5hY3R1YWxfbGVuZ3RoID0gaHRvbmwodHJh bnNsZW4pOwogICAgICB9IGVsc2UgewogICAgICAgIHJzLT5hY3R1YWxfbGVuZ3RoID0gaHRvbmwo MzEpOwogICAgICB9CiAgICAgIHdyaXRlKHMxLCBycywgc2l6ZW9mKHJzYnVmKSk7CiAgICAgIAog ICAgICBpZihpYmguZGlyZWN0aW9uKXsKICAgICAgICBjaGFyIGJ1ZjY0WzQwOTZdOwogICAgICAg IGlmKHRyYW5zbGVuID4gc2l6ZW9mKGJ1ZjY0KSl7CiAgICAgICAgICBwcmludGYoImh1Z2UgdHJh bnNsZW5cbiIpOwogICAgICAgICAgYnJlYWs7CiAgICAgICAgfQogICAgICAgIG1lbXNldChidWY2 NCwgMCwgc2l6ZW9mKGJ1ZjY0KSk7CiAgICAgICAgaWYoY3Muc2V0dXBbMV0gPT0gMHgwNil7CiAg ICAgICAgICAvLyBVU0JfUkVRX0dFVF9ERVNDUklQVE9SCiAgICAgICAgICBpZihjcy5zZXR1cFsw XSA9PSAweDgwICYmIGNzLnNldHVwWzNdID09IDEpewogICAgICAgICAgICAvLyBVU0JfRFRfREVW SUNFCiAgICAgICAgICAgIC8vIHN0cnVjdCB1c2JfZGV2aWNlX2Rlc2NyaXB0b3IKICAgICAgICAg ICAgYnVmNjRbMF0gPSAxODsgLy8gYkxlbmd0aAogICAgICAgICAgICBidWY2NFsxXSA9IDE7IC8v IGJEZXNjcmlwdG9yVHlwZSA9IFVTQl9EVF9ERVZJQ0UKICAgICAgICAgICAgYnVmNjRbMl0gPSAw eDEwOyAvLyBiY2RVU0IKICAgICAgICAgICAgYnVmNjRbM10gPSAweDAyOyAvLyBiY2RVU0IKICAg ICAgICAgICAgYnVmNjRbNF0gPSA5OyAvLyBiRGV2aWNlQ2xhc3MKICAgICAgICAgICAgYnVmNjRb NV0gPSAwOyAvLyBiRGV2aWNlU3ViQ2xhc3MKICAgICAgICAgICAgYnVmNjRbNl0gPSAyOyAvLyBi RGV2aWNlUHJvdG9jb2wKICAgICAgICAgICAgYnVmNjRbN10gPSA2NDsgLy8gYk1heFBhY2tldFNp emUwCiAgICAgICAgICAgICooc2hvcnQqKShidWY2NCs4KSA9IDB4MjEwOTsgLy8gaWRWZW5kb3Ig VklBIExhYnMKICAgICAgICAgICAgKihzaG9ydCopKGJ1ZjY0KzEwKSA9IDB4MjgyMjsgLy8gaWRQ cm9kdWN0IEh1YgogICAgICAgICAgICAvLyooc2hvcnQqKShidWY2NCs4KSA9IDB4MWE0MDsgLy8g aWRWZW5kb3IgVGVybWludXMgVGVjaG5vbG9neQogICAgICAgICAgICAvLyooc2hvcnQqKShidWY2 NCsxMCkgPSAweDAxMDE7IC8vIGlkUHJvZHVjdCBIdWIKICAgICAgICAgICAgYnVmNjRbMTJdID0g MHhhMzsgLy8gYmNkRGV2aWNlCiAgICAgICAgICAgIGJ1ZjY0WzEzXSA9IDE7IC8vIGJjZERldmlj ZQogICAgICAgICAgICBidWY2NFsxNF0gPSAxOyAvLyBpTWFudWZhY3R1cmVyCiAgICAgICAgICAg IGJ1ZjY0WzE1XSA9IDI7IC8vIGlQcm9kdWN0CiAgICAgICAgICAgIGJ1ZjY0WzE2XSA9IDA7IC8v IGlTZXJpYWwKICAgICAgICAgICAgYnVmNjRbMTddID0gMTsgLy8gYk51bUNvbmZpZ3VyYXRpb25z CiAgICAgICAgICB9IGVsc2UgaWYoY3Muc2V0dXBbMF0gPT0gMHg4MCAmJiBjcy5zZXR1cFszXSA9 PSAyKXsKICAgICAgICAgICAgLy8gVVNCX0RUX0NPTkZJRwogICAgICAgICAgICAvLyBzdHJ1Y3Qg dXNiX2NvbmZpZ19kZXNjcmlwdG9yCiAgICAgICAgICAgIGNoYXIgKnAgPSBidWY2NDsKICAgICAg ICAgICAgKnArKyA9IDk7IC8vIGJMZW5ndGgKICAgICAgICAgICAgKnArKyA9IDI7IC8vIFVTQl9E VF9DT05GSUcKICAgICAgICAgICAgc2hvcnQgKmxlbnAgPSAoc2hvcnQqKSBwOwogICAgICAgICAg ICAqKHNob3J0KilwID0gOSArIDQqOSArIDE1KjEwICsgMio3OyAvLyB3VG90YWxMZW5ndGgKICAg ICAgICAgICAgcCArPSAyOwogICAgICAgICAgICAqcCsrID0gMTsgLy8gYk51bUludGVyZmFjZXMK ICAgICAgICAgICAgKnArKyA9IDE7IC8vIGJDb25maWd1cmF0aW9uVmFsdWUKICAgICAgICAgICAg KnArKyA9IDA7IC8vIGlDb25maWd1cmF0aW9uCiAgICAgICAgICAgICpwKysgPSAweGUwOyAvLyBi bUF0dHJpYnV0ZXMKICAgICAgICAgICAgKnArKyA9IDE7IC8vIGJNYXhQb3dlcgoKICAgICAgICAg ICAgLy8gaW50ZXJmYWNlIDAKICAgICAgICAgICAgbWtpZigmcCwgMCwgMCwgMSwgOSwgMCwgMSwg MCk7CiAgICAgICAgICAgIG1rZXAoJnAsIDB4ODEsIDMsIDEpOwoKICAgICAgICAgICAgLy8gaW50 ZXJmYWNlIDAgYWx0IDEKICAgICAgICAgICAgbWtpZigmcCwgMCwgMSwgMSwgOSwgMCwgMiwgMCk7 CiAgICAgICAgICAgIG1rZXAoJnAsIDB4ODEsIDMsIDEpOwoKICAgICAgICAgICAgLy8gQmluYXJ5 IE9iamVjdCBTdG9yZSBEZXNjcmlwdG9yCiAgICAgICAgICAgICpwKysgPSA1OyAvLyBiTGVuZ3Ro CiAgICAgICAgICAgICpwKysgPSAxNTsgLy8gYkRlc2NyaXB0b3JUeXBlCiAgICAgICAgICAgICoo c2hvcnQqKXAgPSAweDQ5OyAvLyB3VG90YWxMZW5ndGgKICAgICAgICAgICAgcCArPSAyOwogICAg ICAgICAgICAqcCsrID0gMzsgLy8gYk51bURldmljZUNhcHMKCiAgICAgICAgICAgIC8vIFVTQiAy LjAgRXh0ZW5zaW9uIERldmljZSBDYXBhYmlsaXR5CiAgICAgICAgICAgICpwKysgPSA3OwogICAg ICAgICAgICAqcCsrID0gMTY7CiAgICAgICAgICAgICpwKysgPSAyOyAvLyBiRGV2Q2FwYWJpbGl0 eVR5cGUKICAgICAgICAgICAgKihpbnQqKXAgPSA2OyAvLyBibUF0dHJpYnV0ZXMKICAgICAgICAg ICAgcCArPSA0OwoKICAgICAgICAgICAgLy8gU3VwZXJTcGVlZCBVU0IgRGV2aWNlIENhcGFiaWxp dHkKICAgICAgICAgICAgKnArKyA9IDEwOwogICAgICAgICAgICAqcCsrID0gMTY7CiAgICAgICAg ICAgICpwKysgPSAzOyAvLyBiRGV2Q2FwYWJpbGl0eVR5cGUKICAgICAgICAgICAgKnArKyA9IDA7 IC8vIGJtQXR0cmlidXRlcwogICAgICAgICAgICAqKHNob3J0KilwID0gMHgwMDBlOyAvLyB3U3Bl ZWRzU3VwcG9ydGVkCiAgICAgICAgICAgIHAgKz0gMjsKICAgICAgICAgICAgKnArKyA9IDE7IC8v IGJGdW5jdGlvbmFsaXR5U3VwcG9ydAogICAgICAgICAgICAqcCsrID0gNDsKICAgICAgICAgICAg KnArKyA9IDIzMTsKICAgICAgICAgICAgKnArKyA9IDA7IC8vID8/PwogICAgICAgICAgICAKICAg ICAgICAgICAgLy8gQ29udGFpbmVyIElEIERldmljZSBDYXBhYmlsaXR5CiAgICAgICAgICAgICpw KysgPSAyMDsKICAgICAgICAgICAgKnArKyA9IDE2OwogICAgICAgICAgICAqcCsrID0gNDsKICAg ICAgICAgICAgKnArKyA9IDA7CiAgICAgICAgICAgIHAgKz0gMTY7CgogICAgICAgICAgICAvLyBT dXBlclNwZWVkUGx1cyBVU0IgRGV2aWNlIENhcGFiaWxpdHkKICAgICAgICAgICAgKnArKyA9IDI4 OwogICAgICAgICAgICAqcCsrID0gMTY7CiAgICAgICAgICAgICpwKysgPSAxMDsKICAgICAgICAg ICAgKihpbnQqKXAgPSAweDIzOwogICAgICAgICAgICBwICs9IDQ7CiAgICAgICAgICAgICooc2hv cnQqKXAgPSAweDExMDA7CiAgICAgICAgICAgIHAgKz0gMjsKICAgICAgICAgICAgKihpbnQqKXAg PSAweDUwMDMwOwogICAgICAgICAgICBwICs9IDQ7CiAgICAgICAgICAgICooaW50KilwID0gMHg1 MDBiMDsKICAgICAgICAgICAgcCArPSA0OwogICAgICAgICAgICAqKGludCopcCA9IDB4YTQwMzE7 CiAgICAgICAgICAgIHAgKz0gNDsKICAgICAgICAgICAgKihpbnQqKXAgPSAweGE0MGIxOwogICAg ICAgICAgICBwICs9IDQ7CiAgICAgICAgICAgIHAgKz0gMzsgLy8gPz8/CgogICAgICAgICAgICAv LyBIdWIgRGVzY3JpcHRvcgogICAgICAgICAgICAqcCsrID0gOTsgLy8gYkxlbmd0aAogICAgICAg ICAgICAqcCsrID0gNDE7IC8vIGJEZXNjcmlwdG9yVHlwZQogICAgICAgICAgICAqcCsrID0gNDsg Ly8gbk5iclBvcnRzCiAgICAgICAgICAgICooc2hvcnQqKXAgPSAweGU5OyAvLyB3SHViQ2hhcmFj dGVyaXN0aWMKICAgICAgICAgICAgcCArPSAyOwogICAgICAgICAgICAqcCsrID0gNTA7IC8vIGJQ d3JPbjJQd3JHb29kCiAgICAgICAgICAgICpwKysgPSAxOyAvLyBiSHViQ29udHJDdXJyZW50CiAg ICAgICAgICAgICpwKysgPSAwOyAvLyBEZXZpY2VSZW1vdmFibGUKICAgICAgICAgICAgKnArKyA9 IDB4ZmY7IC8vIFBvcnRQd3JDdHJsTWFzawoKICAgICAgICAgICAgLy8gRGV2aWNlIFF1YWxpZmll cgogICAgICAgICAgICAqcCsrID0gMTA7IC8vIGJMZW5ndGgKICAgICAgICAgICAgKnArKyA9IDY7 IC8vIGJEZXNjcmlwdG9yVHlwZQogICAgICAgICAgICAqcCsrID0gMDsgLy8gYmNkVVNCIAogICAg ICAgICAgICAqcCsrID0gMjsKICAgICAgICAgICAgKnArKyA9IDk7IC8vIGJEZXZpY2VDbGFzcwog ICAgICAgICAgICAqcCsrID0gMDsgLy8gYkRldmljZVN1YkNsYXNzCiAgICAgICAgICAgICpwKysg PSAwOyAvLyBiRGV2aWNlUHJvdG9jb2wKICAgICAgICAgICAgKnArKyA9IDY0OyAvLyBiTWF4UGFj a2V0U2l6ZTAKICAgICAgICAgICAgKnArKyA9IDE7IC8vIGJOdW1Db25maWd1cmF0aW9ucwogICAg ICAgICAgICAqcCsrID0gMTsgLy8gPz8/CgogICAgICAgICAgICBhc3NlcnQocCAtIGJ1ZjY0IDw9 IHNpemVvZihidWY2NCkpOwogICAgICAgICAgICAqbGVucCA9IHAgLSBidWY2NDsKICAgICAgICAg IH0gZWxzZSBpZihjcy5zZXR1cFswXSA9PSAweDgwICYmIGNzLnNldHVwWzNdID09IDB4MGYpewog ICAgICAgICAgICAvLyBVU0JfRFRfQk9TCiAgICAgICAgICAgIC8vIHN0cnVjdCB1c2JfYm9zX2Rl c2NyaXB0b3IKICAgICAgICAgICAgY2hhciAqcCA9IGJ1ZjY0OwogICAgICAgICAgICAqcCsrID0g NTsgLy8gYkxlbmd0aAogICAgICAgICAgICAqcCsrID0gMTU7CiAgICAgICAgICAgICooc2hvcnQq KXAgPSAweDAwMmE7IC8vIHdUb3RhbExlbmd0aAogICAgICAgICAgICBwICs9IDI7CiAgICAgICAg ICAgICpwKysgPSAzOyAvLyBiTnVtRGV2aWNlQ2FwcwogICAgICAgICAgICAvLyB1c2JfZXh0X2Nh cF9kZXNjcmlwdG9yCiAgICAgICAgICAgICpwKysgPSA3OyAvLyBiTGVuZ3RoCiAgICAgICAgICAg ICpwKysgPSAxNjsgLy8gYkRlc2NyaXB0b3JUeXBlCiAgICAgICAgICAgICpwKysgPSAyOyAvLyBi RGV2Q2FwYWJpbGl0eVR5cGUKICAgICAgICAgICAgKihpbnQqKXAgPSAweDAwMDBmNDFlOyAvLyBi bUF0dHJpYnV0ZXMKICAgICAgICAgICAgcCArPSA0OwogICAgICAgICAgICAvLyB1c2Jfc3NfY2Fw X2Rlc2NyaXB0b3IKICAgICAgICAgICAgKnArKyA9IDEwOyAvLyBiTGVuZ3RoCiAgICAgICAgICAg ICpwKysgPSAxNjsgLy8gYkRlc2NyaXB0b3JUeXBlCiAgICAgICAgICAgICpwKysgPSAzOyAvLyBi RGV2Q2FwYWJpbGl0eVR5cGUKICAgICAgICAgICAgKnArKyA9IDA7IC8vIGJtQXR0cmlidXRlcwog ICAgICAgICAgICAqKHNob3J0KilwID0gMHhlOyAvLyB3U3BlZWRzU3VwcG9ydGVkCiAgICAgICAg ICAgIHAgKz0gMjsKICAgICAgICAgICAgKnArKyA9IDE7IC8vIGJGdW5jdGlvbmFsaXR5U3VwcG9y dAogICAgICAgICAgICAqcCsrID0gMTA7IC8vIGJVMWRldkV4aXRMYXQKICAgICAgICAgICAgKihz aG9ydCopcCA9IDIwNDc7IC8vIGJVMkRldkV4aXRMYXQKICAgICAgICAgICAgcCArPSAyOwogICAg ICAgICAgICAvLyB1c2Jfc3NwX2NhcF9kZXNjcmlwdG9yCiAgICAgICAgICAgICpwKysgPSAyMDsg Ly8gYkxlbmd0aAogICAgICAgICAgICAqcCsrID0gMTY7IC8vIGJEZXNjcmlwdG9yVHlwZQogICAg ICAgICAgICAqcCsrID0gMTA7IC8vIGJEZXZDYXBhYmlsaXR5VHlwZQogICAgICAgICAgICAqcCsr ID0gMDsgLy8gYlJlc2VydmVkCiAgICAgICAgICAgICooaW50KilwID0gMDsgLy8gYm1BdHRyaWJ1 dGVzCiAgICAgICAgICAgIHAgKz0gNDsKICAgICAgICAgICAgKihzaG9ydCopcCA9IDE7IC8vIGJG dW5jdGlvbmFsaXR5U3VwcG9ydAogICAgICAgICAgICBwICs9IDI7CiAgICAgICAgICAgIHAgKz0g MjsgLy8gd1Jlc2VydmVkCiAgICAgICAgICAgICooaW50KilwID0gMHgwMDBhNDAzMDsKICAgICAg ICAgICAgcCArPSA0OwogICAgICAgICAgICAqKGludCopcCA9IDB4MDAwYTQwYjA7CiAgICAgICAg ICAgIHAgKz0gNDsKICAgICAgICAgIH0gZWxzZSBpZihjcy5zZXR1cFswXSA9PSAweDgwICYmIGNz LnNldHVwWzNdID09IDMpewogICAgICAgICAgICAvLyBVU0JfRFRfU1RSSU5HCiAgICAgICAgICAg IGNoYXIgKnAgPSBidWY2NDsKICAgICAgICAgICAgKnArKyA9IDY7IC8vIGxlbmd0aAogICAgICAg ICAgICAqcCsrID0gMzsgLy8gZGVzY3JpcHRvciB0eXBlCiAgICAgICAgICAgICpwKysgPSAnYSc7 CiAgICAgICAgICAgICpwKysgPSAnYic7CiAgICAgICAgICAgICpwKysgPSAnYyc7CiAgICAgICAg ICAgICpwKysgPSAnZCc7CiAgICAgICAgICB9IGVsc2UgaWYoY3Muc2V0dXBbMF0gPT0gMHhhMCl7 CiAgICAgICAgICAgIC8vIHVzYl9odWJfZGVzY3JpcHRvcgogICAgICAgICAgICBtZW1zZXQoYnVm NjQsIDB4ZmYsIDMyKTsKICAgICAgICAgICAgYnVmNjRbMF0gPSAxNTsgLy8gYkRlc2NMZW5ndGgK ICAgICAgICAgICAgYnVmNjRbMV0gPSA0MjsgLy8gYkRlc2NyaXB0b3JUeXBlCiAgICAgICAgICAg IGJ1ZjY0WzJdID0gMTsgLy8gYk5iclBvcnRzCiAgICAgICAgICAgIGJ1ZjY0WzZdID0gODsgLy8g Ykh1YkNvbnRyQ3VycmVudAogICAgICAgICAgfQogICAgICAgIH0gZWxzZSBpZihjcy5zZXR1cFsx XSA9PSAwICYmIGNzLnNldHVwWzBdID09IDB4ODApewogICAgICAgICAgLy8gVVNCX1JFUV9HRVRf U1RBVFVTIFVTQl9SVF9QT1JUCiAgICAgICAgICAvLyB1c2JfcG9ydF9zdGF0dXMKICAgICAgICAg ICooc2hvcnQqKShidWY2NCswKSA9IDM7IC8vIHdQb3J0U3RhdHVzCiAgICAgICAgfSBlbHNlIGlm KGNzLnNldHVwWzFdID09IDAgJiYgY3Muc2V0dXBbMF0gPT0gMHhhMCl7CiAgICAgICAgICAvLyBV U0JfUkVRX0dFVF9TVEFUVVMgVVNCX1JUX0hVQgogICAgICAgICAgLy8gdXNiX2h1Yl9zdGF0dXMK ICAgICAgICAgIG1lbXNldChidWY2NCwgMHhmZiwgNCk7CiAgICAgICAgfSBlbHNlIGlmKGNzLnNl dHVwWzFdID09IDAgJiYgY3Muc2V0dXBbMF0gPT0gMHhhMyl7CiAgICAgICAgICAvLyBVU0JfUkVR X0dFVF9TVEFUVVMgVVNCX1JUX1BPUlQgPz8/CiAgICAgICAgICAvLyB1c2JfcG9ydF9zdGF0dXMg Pz8/CiAgICAgICAgICBtZW1zZXQoYnVmNjQsIDB4ZmYsIDgpOwogICAgICAgIH0gZWxzZSBpZihj cy5zZXR1cFsxXSA9PSAwICYmIGNzLnNldHVwWzBdID09IDApewogICAgICAgICAgLy8gPz8/CiAg ICAgICAgICBtZW1zZXQoYnVmNjQsIDB4ZmYsIDgpOwogICAgICAgIH0gZWxzZSBpZihjcy5zZXR1 cFsxXSA9PSAweGZlKXsKICAgICAgICAgIGlmKG50b2hsKGliaC5lcCkgPT0gMCl7CiAgICAgICAg ICAgIC8vIFVTX0JVTEtfR0VUX01BWF9MVU4KICAgICAgICAgICAgYnVmNjRbMF0gPSAwOyAvLyBt YXliZSBtYXggdW5pdCAjPwogICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgbWVtY3B5KGJ1 ZjY0LCAiVVNCUyIsIDQpOwogICAgICAgICAgICBidWY2NFs0XSA9IGxhc3RUYWc7IC8vIG1ha2Ug dHJhbnNwb3J0LmM6MTI1NSBoYXBweTogYnVsa19jc193cmFwLlRhZwogICAgICAgICAgfQogICAg ICAgIH0gZWxzZSBpZihudG9obChjcy50cmFuc2Zlcl9mbGFncykgPT0gMHg0MDIwMSAmJgogICAg ICAgICAgICAgICAgICBjcy5zZXR1cFswXSA9PSAwICYmIGNzLnNldHVwWzFdID09IDApewogICAg ICAgICAgLy8gdXNiX3N0b3JfQnVsa190cmFuc3BvcnQgcmVhZGluZyBTQ1NJIGNtZCByZXN1bHQK ICAgICAgICAgIGlmKENEQlswXSA9PSAweDEyKXsKICAgICAgICAgICAgLy8gSU5RVUlSWQogICAg ICAgICAgICBidWY2NFs0XSA9IDM2IC0gNTsgLy8gcmVzcG9uc2VfbGVuCiAgICAgICAgICAgIGJ1 ZjY0WzJdID0gMTQ7IC8vIHNjc2lfbGV2ZWw/CiAgICAgICAgICAgIGJ1ZjY0WzhdID0gMHhmZjsg Ly8gZmxhZ3M/CiAgICAgICAgICAgIGJ1ZjY0WzE2XSA9IDB4ZmY7IC8vIGZsYWdzPwogICAgICAg ICAgfSBlbHNlIGlmKENEQlswXSA9PSAweDI1KXsKICAgICAgICAgICAgLy8gUkVBRF9DQVBBQ0lU WQogICAgICAgICAgICAqKGludCopKGJ1ZjY0KzApID0gaHRvbmwoMTAyNCk7IC8vIGxiYT8gY2Fw YWNpdHk/CiAgICAgICAgICAgICooaW50KikoYnVmNjQrNCkgPSBodG9ubCg1MTIpOyAvLyBzZWN0 b3Igc2l6ZQogICAgICAgICAgfQogICAgICAgICAgaWYoc3ltX2FsbF9zY3NpID4gMCB8fCBzeW1f c2NzaV9jbWQgPT0gQ0RCWzBdKXsKICAgICAgICAgICAgZm9yKGludCBpID0gMDsgaSA8IDY0ICYm IGkgPCB0cmFuc2xlbjsgaSArPSA4KXsKICAgICAgICAgICAgICAqKGxvbmcqKShidWY2NCArIGkp IF49IHN5bXgoKTsKICAgICAgICAgICAgfQogICAgICAgICAgICBpZihDREJbMF0gPT0gMHgxMil7 CiAgICAgICAgICAgICAgLy8gSU5RVUlSWQogICAgICAgICAgICAgIGJ1ZjY0WzRdID0gMzYgLSA1 OyAvLyByZXNwb25zZV9sZW4KICAgICAgICAgICAgfQogICAgICAgICAgfQogICAgICAgIH0KICAg ICAgICBpZihjbWRubyA9PSBzeW1jbWQgfHwgY21kbm8gPT0gc3ltY21kMil7CiAgICAgICAgICBm b3IoaW50IGkgPSAwOyBpIDwgNjQgJiYgaSs4IDw9IHNpemVvZihidWY2NCk7IGkgKz0gOCl7CiAg ICAgICAgICAgICoobG9uZyopKGJ1ZjY0ICsgaSkgXj0gc3lteCgpOwogICAgICAgICAgfQogICAg ICAgIH0KICAgICAgICB3cml0ZShzMSwgYnVmNjQsIHRyYW5zbGVuKTsKICAgICAgfQogICAgfSBl bHNlIGlmKG50b2hsKGliaC5jb21tYW5kKSA9PSAyKXsKICAgICAgLy8gVVNCSVBfQ01EX1VOTElO SwogICAgICAvLyBzdHJ1Y3QgdXNiaXBfaGVhZGVyX2NtZF91bmxpbmsgdWg7CiAgICAgIGNoYXIg YnVmW3NpemVvZihzdHJ1Y3QgdXNiaXBfaGVhZGVyX2NtZF9zdWJtaXQpXTsKICAgICAgbWVtc2V0 KGJ1ZiwgMCwgc2l6ZW9mKGJ1ZikpOwogICAgICBpZihyZWFkbihzMSwgYnVmLCBzaXplb2YoYnVm KSkgPCAwKQogICAgICAgIGJyZWFrOwogICAgICB1bnNpZ25lZCBpbnQgdWggPSAqKGludCopYnVm OzsKICAgICAgcHJpbnRmKCJ1bmxpbmsgc2VxICVkXG4iLCBudG9obCh1aCkpOwogICAgICAKICAg ICAgc3RydWN0IHVzYmlwX2hlYWRlcl9iYXNpYyBvYmg7CiAgICAgIG1lbXNldCgmb2JoLCAwLCBz aXplb2Yob2JoKSk7CiAgICAgIG9iaC5jb21tYW5kID0gaHRvbmwoNCk7IC8vIFVTQklQX1JFVF9V TkxJTksKICAgICAgLy8gb2JoLnNlcW51bSA9IGliaC5zZXFudW07CiAgICAgIG9iaC5zZXFudW0g PSB1aDsKICAgICAgb2JoLmRldmlkID0gaWJoLmRldmlkOwogICAgICBvYmguZGlyZWN0aW9uID0g aHRvbmwoIW50b2hsKGliaC5kaXJlY3Rpb24pKTsKICAgICAgb2JoLmVwID0gaWJoLmVwOwogICAg ICB3cml0ZShzMSwgJm9iaCwgc2l6ZW9mKG9iaCkpOwoKICAgICAgY2hhciByc2J1ZltzaXplb2Yo c3RydWN0IHVzYmlwX2hlYWRlcl9jbWRfc3VibWl0KV07CiAgICAgIG1lbXNldChyc2J1ZiwgMCwg c2l6ZW9mKHJzYnVmKSk7CiAgICAgIHdyaXRlKHMxLCByc2J1Ziwgc2l6ZW9mKHJzYnVmKSk7CiAg ICB9CgogICAgaWYoY21kbm8gPj0gMjUpCiAgICAgIGJyZWFrOwogICAgICAKICAgIGNtZG5vICs9 IDE7CiAgfQogICAgCiAgdXNsZWVwKDUwMDAwMCk7CiAgY2xvc2UoczEpOwogIHVzbGVlcCg1MDAw MDApOwp9Cg== --=-=-=--