From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from [140.186.70.92] (port=59819 helo=eggs.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1Q97cC-0007Ju-BQ
	for qemu-devel@nongnu.org; Sun, 10 Apr 2011 23:16:37 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <igor.v.kovalenko@gmail.com>) id 1Q97cA-0006Wo-74
	for qemu-devel@nongnu.org; Sun, 10 Apr 2011 23:16:36 -0400
Received: from mail-fx0-f45.google.com ([209.85.161.45]:61188)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <igor.v.kovalenko@gmail.com>) id 1Q97c9-0006WY-O7
	for qemu-devel@nongnu.org; Sun, 10 Apr 2011 23:16:34 -0400
Received: by fxm2 with SMTP id 2so4058588fxm.4
	for <qemu-devel@nongnu.org>; Sun, 10 Apr 2011 20:16:32 -0700 (PDT)
MIME-Version: 1.0
In-Reply-To: <BANLkTik=z0qxP695ZFaMh5A42DGkg7wWcw@mail.gmail.com>
References: <BANLkTi=NRjw8Md+PU+JcvkZ-cTeJO+zP-A@mail.gmail.com>
	<20110410132415.GA6719@volta.aurel32.net>
	<BANLkTin4X94gZVBQXoBLmedQbGoGWNjmyA@mail.gmail.com>
	<BANLkTi=Pnbk2zBEudUApz=_-gvoBrkiADA@mail.gmail.com>
	<BANLkTi=DC0NMecn1YCUf=zqu5cBByxhLmA@mail.gmail.com>
	<BANLkTikeAmZ9M-ey_G4E7yWjbzOs-DB2Ww@mail.gmail.com>
	<BANLkTikgtE-Nn4JJFYUA+OWwjgc2qBixMw@mail.gmail.com>
	<BANLkTim4fH31rQQ+-tF6bLNAMOwtcdnrQQ@mail.gmail.com>
	<BANLkTikJMPKQy9=imOh9GQZmGx+nG1ekDA@mail.gmail.com>
	<BANLkTik2NChYi8hADjCSbjdZeyP_oo8_Qg@mail.gmail.com>
	<BANLkTik=z0qxP695ZFaMh5A42DGkg7wWcw@mail.gmail.com>
Date: Mon, 11 Apr 2011 07:16:32 +0400
Message-ID: <BANLkTingH0PzzF_-ss5O++k3sU-nm6kZiQ@mail.gmail.com>
Subject: Re: [Qemu-devel] tcg/tcg.c:1892: tcg fatal error
From: Igor Kovalenko <igor.v.kovalenko@gmail.com>
Content-Type: multipart/mixed; boundary=001517478698a058e404a09c00ca
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Artyom Tarasenko <atar4qemu@gmail.com>
Cc: Blue Swirl <blauwirbel@gmail.com>, peter.maydell@linaro.org, qemu-devel <qemu-devel@nongnu.org>, Aurelien Jarno <aurelien@aurel32.net>

--001517478698a058e404a09c00ca
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

On Mon, Apr 11, 2011 at 12:00 AM, Artyom Tarasenko <atar4qemu@gmail.com> wr=
ote:
> On Sun, Apr 10, 2011 at 9:41 PM, Igor Kovalenko
> <igor.v.kovalenko@gmail.com> wrote:
>> On Sun, Apr 10, 2011 at 11:37 PM, Artyom Tarasenko <atar4qemu@gmail.com>=
 wrote:
>>> On Sun, Apr 10, 2011 at 8:52 PM, Igor Kovalenko
>>> <igor.v.kovalenko@gmail.com> wrote:
>>>> On Sun, Apr 10, 2011 at 10:35 PM, Artyom Tarasenko <atar4qemu@gmail.co=
m> wrote:
>>>>> On Sun, Apr 10, 2011 at 7:57 PM, Blue Swirl <blauwirbel@gmail.com> wr=
ote:
>>>>>> On Sun, Apr 10, 2011 at 8:48 PM, Artyom Tarasenko <atar4qemu@gmail.c=
om> wrote:
>>>>>>> On Sun, Apr 10, 2011 at 4:44 PM, Blue Swirl <blauwirbel@gmail.com> =
wrote:
>>>>>>>> On Sun, Apr 10, 2011 at 5:09 PM, Artyom Tarasenko <atar4qemu@gmail=
.com> wrote:
>>>>>>>>> On Sun, Apr 10, 2011 at 3:24 PM, Aurelien Jarno <aurelien@aurel32=
.net> wrote:
>>>>>>>>>> On Sun, Apr 10, 2011 at 02:29:59PM +0200, Artyom Tarasenko wrote=
:
>>>>>>>>>>> Trying to boot some proprietary OS I get qemu-system-sparc64 cr=
ash with a
>>>>>>>>>>>
>>>>>>>>>>> tcg/tcg.c:1892: tcg fatal error
>>>>>>>>>>>
>>>>>>>>>>> error message.
>>>>>>>>>>>
>>>>>>>>>>> It looks like it can be a platform independent bug though, beca=
use
>>>>>>>>>>> when a '-singlestep' option IS present, qemu doesn't crash and =
seems
>>>>>>>>>>> to translate the code properly.
>>>>>>>>>>>
>>>>>>>>>>> (gdb) bt
>>>>>>>>>>> #0 =A00x00000032c2e327f5 in raise () from /lib64/libc.so.6
>>>>>>>>>>> #1 =A00x00000032c2e33fd5 in abort () from /lib64/libc.so.6
>>>>>>>>>>> #2 =A00x000000000051933d in tcg_reg_alloc_call (s=3D<value opti=
mized out>,
>>>>>>>>>>> def=3D0x89d340, opc=3DINDEX_op_call, args=3D0x10acc98, dead_iar=
gs=3D3) at
>>>>>>>>>>> qemu/tcg/tcg.c:1892
>>>>>>>>>>> #3 =A00x000000000051a557 in tcg_gen_code_common (s=3D0x10b8940,
>>>>>>>>>>> gen_code_buf=3D0x40338b60 "I\213n@H\213] 3\355I\211\256\220") a=
t
>>>>>>>>>>> qemu/tcg/tcg.c:2099
>>>>>>>>>>> #4 =A0tcg_gen_code (s=3D0x10b8940, gen_code_buf=3D0x40338b60 "I=
\213n@H\213]
>>>>>>>>>>> 3\355I\211\256\220") at qemu/tcg/tcg.c:2142
>>>>>>>>>>> #5 =A00x00000000004d38f1 in cpu_sparc_gen_code (env=3D0x10cce10=
,
>>>>>>>>>>> tb=3D0x7fffe91bc218, gen_code_size_ptr=3D0x7fffffffd9b4) at
>>>>>>>>>>> qemu/translate-all.c:93
>>>>>>>>>>> #6 =A00x00000000004d1fd7 in tb_gen_code (env=3D0x10cce10, pc=3D=
18868776,
>>>>>>>>>>> cs_base=3D18868780, flags=3D15, cflags=3D0) at qemu/exec.c:989
>>>>>>>>>>> #7 =A00x00000000004d4029 in tb_find_slow (env1=3D<value optimiz=
ed out>) at
>>>>>>>>>>> qemu/cpu-exec.c:167
>>>>>>>>>>> #8 =A0tb_find_fast (env1=3D<value optimized out>) at cpu-exec.c=
:194
>>>>>>>>>>> #9 =A0cpu_sparc_exec (env1=3D<value optimized out>) at qemu/cpu=
-exec.c:556
>>>>>>>>>>> #10 0x0000000000408868 in tcg_cpu_exec () at qemu/cpus.c:1066
>>>>>>>>>>> #11 cpu_exec_all () at qemu/cpus.c:1102
>>>>>>>>>>> #12 0x000000000053c756 in main_loop (argc=3D<value optimized ou=
t>,
>>>>>>>>>>> argv=3D<value optimized out>, envp=3D<value optimized out>) at
>>>>>>>>>>> qemu/vl.c:1430
>>>>>>>>>>>
>>>>>>>>>>> I inspected ts->val_type causing the abort() case and it turned=
 out to be 0.
>>>>>>>>>>>
>>>>>>>>>>> The last lines of qemu.log (without -singlestep)
>>>>>>>>>>> IN:
>>>>>>>>>>> 0x00000000011fe9f0: =A0rdpr =A0%pstate, %g1
>>>>>>>>>>> 0x00000000011fe9f4: =A0wrpr =A0%g1, 2, %pstate
>>>>>>>>>>> --------------
>>>>>>>>>>> IN:
>>>>>>>>>>> 0x00000000011fe9f8: =A0ldub =A0[ %o0 ], %o1
>>>>>>>>>>> 0x00000000011fe9fc: =A0mov =A0%o1, %o2
>>>>>>>>>>> 0x00000000011fea00: =A0rdpr =A0%tick, %o3
>>>>>>>>>>> 0x00000000011fea04: =A0cmp =A0%o1, %o2
>>>>>>>>>>> 0x00000000011fea08: =A0be =A0%icc, 0x11fea00
>>>>>>>>>>> 0x00000000011fea0c: =A0ldub =A0[ %o0 ], %o2
>>>>>>>>>>>
>>>>>>>>>>> Search PC...
>>>>>>>>>>> Search PC...
>>>>>>>>>>> Search PC...
>>>>>>>>>>> Search PC...
>>>>>>>>>>> Search PC...
>>>>>>>>>>> Search PC...
>>>>>>>>>>> --------------
>>>>>>>>>>> IN:
>>>>>>>>>>> 0x00000000011fe9f8: =A0ldub =A0[ %o0 ], %o1
>>>>>>>>>>> 0x00000000011fe9fc: =A0mov =A0%o1, %o2
>>>>>>>>>>> 0x00000000011fea00: =A0rdpr =A0%tick, %o3
>>>>>>>>>>> 0x00000000011fea04: =A0cmp =A0%o1, %o2
>>>>>>>>>>> 0x00000000011fea08: =A0be =A0%icc, 0x11fea00
>>>>>>>>>>> 0x00000000011fea0c: =A0ldub =A0[ %o0 ], %o2
>>>>>>>>>>>
>>>>>>>>>>> 110521: Data Access MMU Miss (v=3D0068) pc=3D00000000011fe9f8
>>>>>>>>>>> npc=3D00000000011fe9fc SP=3D000000000180ae41
>>>>>>>>>>> pc: 00000000011fe9f8 =A0npc: 00000000011fe9fc
>>>>>>>>>>>
>>>>>>>>>>> IN:
>>>>>>>>>>> 0x00000000011fea00: =A0rdpr =A0%tick, %o3
>>>>>>>>>>> 0x00000000011fea04: =A0cmp =A0%o1, %o2
>>>>>>>>>>> 0x00000000011fea08: =A0be =A0%icc, 0x11fea00
>>>>>>>>>>> 0x00000000011fea0c: =A0ldub =A0[ %o0 ], %o2
>>>>>>>>>>> --------------
>>>>>>>>>>> IN:
>>>>>>>>>>> 0x00000000011fea10: =A0brz,pn =A0 %o2, 0x11fe9f8
>>>>>>>>>>> 0x00000000011fea14: =A0mov =A0%o2, %o4
>>>>>>>>>>> --------------
>>>>>>>>>>> IN:
>>>>>>>>>>> 0x00000000011fea18: =A0rdpr =A0%tick, %o5
>>>>>>>>>>> 0x00000000011fea1c: =A0cmp =A0%o2, %o4
>>>>>>>>>>> 0x00000000011fea20: =A0be =A0%icc, 0x11fea18
>>>>>>>>>>> 0x00000000011fea24: =A0ldub =A0[ %o0 ], %o4
>>>>>>>>>>> --------------
>>>>>>>>>>> IN:
>>>>>>>>>>> 0x00000000011fea28: =A0brz,pn =A0 %o4, 0x11fe9f4
>>>>>>>>>>> 0x00000000011fea2c: =A0wrpr =A0%g0, %g1, %pstate
>>>>>>>>>>> <EOF>
>>>>>>>>>>>
>>>>>>>>>>> The crash is 100% reproducible and happens always on the same p=
lace,
>>>>>>>>>>> so it's probably a pure TCG issue, not related on getting the
>>>>>>>>>>> external/timer interrupts.
>>>>>>>>>>>
>>>>>>>>>>> Do you need any additional info?
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> What would be interesting would be to get the corresponding TCG =
code
>>>>>>>>>> from qemu.log (-d op,op_opt).
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> OP:
>>>>>>>>> =A0---- 0x11fea28
>>>>>>>>> =A0ld_i64 tmp6,regwptr,$0x20
>>>>>>>>> =A0movi_i64 cond,$0x0
>>>>>>>>> =A0movi_i64 tmp8,$0x0
>>>>>>>>> =A0brcond_i64 tmp6,tmp8,ne,$0x0
>>>>>>>>> =A0movi_i64 cond,$0x1
>>>>>>>>> =A0set_label $0x0
>>>>>>>>>
>>>>>>>>> =A0---- 0x11fea2c
>>>>>>>>> =A0movi_i64 tmp7,$0x0
>>>>>>>>> =A0xor_i64 tmp0,tmp7,g1
>>>>>>>>> =A0movi_i64 pc,$0x11fea2c
>>>>>>>>> =A0movi_i64 tmp8,$compute_psr
>>>>>>>>> =A0call tmp8,$0x0,$0
>>>>>>>>> =A0movi_i64 tmp8,$0x0
>>>>>>>>> =A0brcond_i64 cond,tmp8,eq,$0x1
>>>>>>>>> =A0movi_i64 npc,$0x11fe9f4
>>>>>>>>> =A0br $0x2
>>>>>>>>> =A0set_label $0x1
>>>>>>>>> =A0movi_i64 npc,$0x11fea30
>>>>>>>>> =A0set_label $0x2
>>>>>>>>> =A0movi_i64 tmp8,$wrpstate
>>>>>>>>> =A0call tmp8,$0x0,$0,tmp0
>>>>>>>>> =A0mov_i64 pc,npc
>>>>>>>>> =A0movi_i64 tmp8,$0x4
>>>>>>>>> =A0add_i64 npc,npc,tmp8
>>>>>>>>> =A0exit_tb $0x0
>>>>>>>>>
>>>>>>>>> OP after liveness analysis:
>>>>>>>>> =A0---- 0x11fea28
>>>>>>>>> =A0ld_i64 tmp6,regwptr,$0x20
>>>>>>>>> =A0movi_i64 cond,$0x0
>>>>>>>>> =A0movi_i64 tmp8,$0x0
>>>>>>>>> =A0brcond_i64 tmp6,tmp8,ne,$0x0
>>>>>>>>> =A0movi_i64 cond,$0x1
>>>>>>>>> =A0set_label $0x0
>>>>>>>>>
>>>>>>>>> =A0---- 0x11fea2c
>>>>>>>>> =A0nopn $0x2,$0x2
>>>>>>>>> =A0nopn $0x3,$0x68,$0x3
>>>>>>>>> =A0movi_i64 pc,$0x11fea2c
>>>>>>>>> =A0movi_i64 tmp8,$compute_psr
>>>>>>>>> =A0call tmp8,$0x0,$0
>>>>>>>>> =A0movi_i64 tmp8,$0x0
>>>>>>>>> =A0brcond_i64 cond,tmp8,eq,$0x1
>>>>>>>>> =A0movi_i64 npc,$0x11fe9f4
>>>>>>>>> =A0br $0x2
>>>>>>>>> =A0set_label $0x1
>>>>>>>>> =A0movi_i64 npc,$0x11fea30
>>>>>>>>> =A0set_label $0x2
>>>>>>>>> =A0movi_i64 tmp8,$wrpstate
>>>>>>>>> =A0call tmp8,$0x0,$0,tmp0
>>>>>>>>> =A0mov_i64 pc,npc
>>>>>>>>> =A0movi_i64 tmp8,$0x4
>>>>>>>>> =A0add_i64 npc,npc,tmp8
>>>>>>>>> =A0exit_tb $0x0
>>>>>>>>> =A0end
>>>>>>>>>
>>>>>>>>> Does it mean the last block is processed correctly and the crash
>>>>>>>>> happens on the next instruction which doesn't make it to the log?
>>>>>>>>> The next instruction would be a
>>>>>>>>>
>>>>>>>>> 0x00000000011fea30: =A0retl
>>>>>>>>>
>>>>>>>>> Since it's a branch instruction I guess this would also be a tcg =
block boundary.
>>>>>>>>
>>>>>>>> Because abort() was called from tcg_reg_alloc_call, I'd say 'retl'
>>>>>>>> (synthetic op for 'jmpl %o8 + 8, %g0') was the problem.
>>>>>>>
>>>>>>> Any idea why? retl is not a rare instruction...
>>>>>>
>>>>>> Sorry, calls are generated for helpers, so it's not 'jmpl' but the
>>>>>> call to wrpstate helper.
>>>>>
>>>>> And why it doesn't happen in a singlestep mode?
>>>>> I tried to comment out
>>>>> cpu_check_irqs(env);
>>>>> in the helper_wrpstate but it made no difference. The only suspicious
>>>>> thing left is register bank switching. Is it safe to switch register
>>>>> banks in the helper function? Shouldn't we end the translation block
>>>>> before?
>>>>
>>>> Not sure if I have seen write to pstate in delay slot, but switching
>>>> globals with PS_AG appears to be safe.
>>>> Do you know which bits are changed in the pstate?
>>>
>>> Hard to say. With a breakpoint set qemu doesn't crash.
>>> The breakpoint shows the change from 0x14->0x16.
>>> So the only difference is that interrupts are getting enabled. No
>>> register bank change.
>>> (And now also no cpu_check_irqs(env) call, because I commented it out.)
>>>
>>> But given there was a Data Access MMU Miss, I would expect there must
>>> have beeb a PS_MG switch.
>>>
>>> Also the breakpoint makes tcg to cut the translation block before the w=
rpr:
>>>
>>> IN:
>>> 0x00000000011fea18: =A0rdpr =A0%tick, %o5
>>> 0x00000000011fea1c: =A0cmp =A0%o2, %o4
>>> 0x00000000011fea20: =A0be =A0%icc, 0x11fea18
>>> 0x00000000011fea24: =A0ldub =A0[ %o0 ], %o4
>>> --------------
>>> IN:
>>> 0x00000000011fea28: =A0brz,pn =A0 %o4, 0x11fe9f4
>>> --------------
>>> IN:
>>> 0x00000000011fea2c: =A0wrpr =A0%g0, %g1, %pstate
>>> --------------
>>> IN:
>>> 0x00000000011fea30: =A0retl
>>> --------------
>>> IN:
>>> 0x00000000011fea30: =A0retl
>>> 0x00000000011fea34: =A0sub =A0%o5, %o3, %o0
>>>
>>
>> You can try enabling DEBUG_PSTATE to see which bits are changed.
>
> I put an additional DPRINTF in the helper and it doesn't get executed
> at 11fea2c. Only at 11fe9f4 (0x16->0x14).

In such cases I would run with -d in_asm,int to have more data to
compare two runs.
May the patch attached help a bit to add verbose pstate output.

Do you have public test case?
It is possible to code this delay slot write test but real issue may
be corruption elsewhere.

--=20
Kind regards,
Igor V. Kovalenko

--001517478698a058e404a09c00ca
Content-Type: application/octet-stream; name=sparc64-dump-pstate-verbose
Content-Disposition: attachment; filename=sparc64-dump-pstate-verbose
Content-Transfer-Encoding: base64
X-Attachment-Id: f_gmcttxe30

c3BhcmM2NDogdmVyYm9zZSBwc3RhdGUgZHVtcAoKRnJvbTogSWdvciBWLiBLb3ZhbGVua28gPGln
b3Iudi5rb3ZhbGVua29AZ21haWwuY29tPgoKCi0tLQogdGFyZ2V0LXNwYXJjL2NwdS5oICAgICAg
IHwgICAgNCArKysrCiB0YXJnZXQtc3BhcmMvaGVscGVyLmMgICAgfCAgIDI5ICsrKysrKysrKysr
KysrKysrKysrKysrKysrKy0tCiB0YXJnZXQtc3BhcmMvb3BfaGVscGVyLmMgfCAgIDI0ICsrKysr
KysrKysrKysrKysrKysrKysrKwogMyBmaWxlcyBjaGFuZ2VkLCA1NSBpbnNlcnRpb25zKCspLCAy
IGRlbGV0aW9ucygtKQoKZGlmZiAtLWdpdCBhL3RhcmdldC1zcGFyYy9jcHUuaCBiL3RhcmdldC1z
cGFyYy9jcHUuaAppbmRleCA1Y2Q4OWE0Li5lMDAzMmRkIDEwMDY0NAotLS0gYS90YXJnZXQtc3Bh
cmMvY3B1LmgKKysrIGIvdGFyZ2V0LXNwYXJjL2NwdS5oCkBAIC02NjcsNCArNjY3LDggQEAgc3Rh
dGljIGlubGluZSB2b2lkIGNwdV9nZXRfdGJfY3B1X3N0YXRlKENQVVN0YXRlICplbnYsIHRhcmdl
dF91bG9uZyAqcGMsCiAjZW5kaWYKIH0KIAorI2lmIGRlZmluZWQoVEFSR0VUX1NQQVJDNjQpCit2
b2lkIHBzdGF0ZV90b19zdHJpbmcodWludDMyX3QgcHN0YXRlLCBjaGFyICpzdHIsIHNpemVfdCBz
dHJfbGltaXQpOworI2VuZGlmCisKICNlbmRpZgpkaWZmIC0tZ2l0IGEvdGFyZ2V0LXNwYXJjL2hl
bHBlci5jIGIvdGFyZ2V0LXNwYXJjL2hlbHBlci5jCmluZGV4IGU0MTViMjIuLjg5ZGE3MTEgMTAw
NjQ0Ci0tLSBhL3RhcmdldC1zcGFyYy9oZWxwZXIuYworKysgYi90YXJnZXQtc3BhcmMvaGVscGVy
LmMKQEAgLTE0ODAsNiArMTQ4MCwyNiBAQCBzdGF0aWMgdm9pZCBjcHVfcHJpbnRfY2MoRklMRSAq
ZiwgZnByaW50Zl9mdW5jdGlvbiBjcHVfZnByaW50ZiwKICNkZWZpbmUgUkVHU19QRVJfTElORSA4
CiAjZW5kaWYKIAorI2lmIGRlZmluZWQgKFRBUkdFVF9TUEFSQzY0KQordm9pZCBwc3RhdGVfdG9f
c3RyaW5nKHVpbnQzMl90IHBzdGF0ZSwgY2hhciAqc3RyLCBzaXplX3Qgc3RyX2xpbWl0KQorewor
ICAgIHNucHJpbnRmKHN0ciwgc3RyX2xpbWl0LAorICAgICAgICAgICAgICIlcyVzJXMlcyVzJXMl
cyVzJXMlcyVzICIsCisgICAgICAgICAgICAocHN0YXRlICYgUFNfSUcpICAgPyAiIElHIiA6ICIi
LAorICAgICAgICAgICAgKHBzdGF0ZSAmIFBTX01HKSAgID8gIiBNRyIgOiAiIiwKKyAgICAgICAg
ICAgIChwc3RhdGUgJiBQU19DTEUpICA/ICIgQ0xFIiA6ICIiLAorICAgICAgICAgICAgKHBzdGF0
ZSAmIFBTX1RMRSkgID8gIiBUTEUiIDogIiIsCisgICAgICAgICAgICAocHN0YXRlICYgUFNfUk1P
KSAgPyAiIFJNTyIgOiAiIiwKKyAgICAgICAgICAgIChwc3RhdGUgJiBQU19SRUQpICA/ICIgUkVE
IiA6ICIiLAorICAgICAgICAgICAgKHBzdGF0ZSAmIFBTX1BFRikgID8gIiBQRUYiIDogIiIsCisg
ICAgICAgICAgICAocHN0YXRlICYgUFNfQU0pICAgPyAiIEFNIiA6ICIiLAorICAgICAgICAgICAg
KHBzdGF0ZSAmIFBTX1BSSVYpID8gIiBQUklWIiA6ICIiLAorICAgICAgICAgICAgKHBzdGF0ZSAm
IFBTX0lFKSAgID8gIiBJRSIgOiAiIiwKKyAgICAgICAgICAgIChwc3RhdGUgJiBQU19BRykgICA/
ICIgQUciIDogIiIKKyAgICApOworfQorI2VuZGlmCisKIHZvaWQgY3B1X2R1bXBfc3RhdGUoQ1BV
U3RhdGUgKmVudiwgRklMRSAqZiwgZnByaW50Zl9mdW5jdGlvbiBjcHVfZnByaW50ZiwKICAgICAg
ICAgICAgICAgICAgICAgaW50IGZsYWdzKQogewpAQCAtMTUyMiw4ICsxNTQyLDEzIEBAIHZvaWQg
Y3B1X2R1bXBfc3RhdGUoQ1BVU3RhdGUgKmVudiwgRklMRSAqZiwgZnByaW50Zl9mdW5jdGlvbiBj
cHVfZnByaW50ZiwKICAgICAgICAgICAgIGNwdV9mcHJpbnRmKGYsICJcbiIpOwogICAgIH0KICNp
ZmRlZiBUQVJHRVRfU1BBUkM2NAotICAgIGNwdV9mcHJpbnRmKGYsICJwc3RhdGU6ICUwOHggY2Ny
OiAlMDJ4IChpY2M6ICIsIGVudi0+cHN0YXRlLAotICAgICAgICAgICAgICAgICh1bnNpZ25lZClj
cHVfZ2V0X2NjcihlbnYpKTsKKyAgICB7CisgICAgICAgIGNoYXIgcHN0YXRlX3N0cmluZ1sxMjhd
OworICAgICAgICBwc3RhdGVfdG9fc3RyaW5nKGVudi0+cHN0YXRlLCBwc3RhdGVfc3RyaW5nLCBz
aXplb2YgKHBzdGF0ZV9zdHJpbmcpKTsKKyAgICAgICAgY3B1X2ZwcmludGYoZiwgInBzdGF0ZTog
JTA4eCBbJXNdIGNjcjogJTAyeCAoaWNjOiAiLAorICAgICAgICAgICAgICAgICAgICBlbnYtPnBz
dGF0ZSwgcHN0YXRlX3N0cmluZywKKyAgICAgICAgICAgICAgICAgICAgKHVuc2lnbmVkKWNwdV9n
ZXRfY2NyKGVudikpOworICAgIH0KICAgICBjcHVfcHJpbnRfY2MoZiwgY3B1X2ZwcmludGYsIGNw
dV9nZXRfY2NyKGVudikgPDwgUFNSX0NBUlJZX1NISUZUKTsKICAgICBjcHVfZnByaW50ZihmLCAi
IHhjYzogIik7CiAgICAgY3B1X3ByaW50X2NjKGYsIGNwdV9mcHJpbnRmLCBjcHVfZ2V0X2Njcihl
bnYpIDw8IChQU1JfQ0FSUllfU0hJRlQgLSA0KSk7CmRpZmYgLS1naXQgYS90YXJnZXQtc3BhcmMv
b3BfaGVscGVyLmMgYi90YXJnZXQtc3BhcmMvb3BfaGVscGVyLmMKaW5kZXggZjI5MjMwOS4uZjAx
YmY1MyAxMDA2NDQKLS0tIGEvdGFyZ2V0LXNwYXJjL29wX2hlbHBlci5jCisrKyBiL3RhcmdldC1z
cGFyYy9vcF9oZWxwZXIuYwpAQCAtNDAzNiw2ICs0MDM2LDEyIEBAIHZvaWQgaGVscGVyX3dycHN0
YXRlKHRhcmdldF91bG9uZyBuZXdfc3RhdGUpCiB7CiAgICAgY2hhbmdlX3BzdGF0ZShuZXdfc3Rh
dGUgJiAweGYzZik7CiAKKyAgICB7CisgICAgICAgIGNoYXIgcHN0YXRlX3N0cmluZ1sxMjhdOwor
ICAgICAgICBwc3RhdGVfdG9fc3RyaW5nKGVudi0+cHN0YXRlLCBwc3RhdGVfc3RyaW5nLCBzaXpl
b2YgKHBzdGF0ZV9zdHJpbmcpKTsKKyAgICAgICAgRFBSSU5URl9QU1RBVEUoImhlbHBlcl93cnBz
dGF0ZSBwc3RhdGU9WyVzXVxuIiwgcHN0YXRlX3N0cmluZyk7CisgICAgfQorCiAjaWYgIWRlZmlu
ZWQoQ09ORklHX1VTRVJfT05MWSkKICAgICBpZiAoY3B1X2ludGVycnVwdHNfZW5hYmxlZChlbnYp
KSB7CiAgICAgICAgIGNwdV9jaGVja19pcnFzKGVudik7CkBAIC00MDcxLDYgKzQwNzcsMTIgQEAg
dm9pZCBoZWxwZXJfZG9uZSh2b2lkKQogCiAgICAgRFBSSU5URl9QU1RBVEUoIi4uLiBoZWxwZXJf
ZG9uZSB0bD0lZFxuIiwgZW52LT50bCk7CiAKKyAgICB7CisgICAgICAgIGNoYXIgcHN0YXRlX3N0
cmluZ1sxMjhdOworICAgICAgICBwc3RhdGVfdG9fc3RyaW5nKGVudi0+cHN0YXRlLCBwc3RhdGVf
c3RyaW5nLCBzaXplb2YgKHBzdGF0ZV9zdHJpbmcpKTsKKyAgICAgICAgRFBSSU5URl9QU1RBVEUo
ImhlbHBlcl9kb25lIHBzdGF0ZT1bJXNdXG4iLCBwc3RhdGVfc3RyaW5nKTsKKyAgICB9CisKICNp
ZiAhZGVmaW5lZChDT05GSUdfVVNFUl9PTkxZKQogICAgIGlmIChjcHVfaW50ZXJydXB0c19lbmFi
bGVkKGVudikpIHsKICAgICAgICAgY3B1X2NoZWNrX2lycXMoZW52KTsKQEAgLTQwOTIsNiArNDEw
NCwxMiBAQCB2b2lkIGhlbHBlcl9yZXRyeSh2b2lkKQogCiAgICAgRFBSSU5URl9QU1RBVEUoIi4u
LiBoZWxwZXJfcmV0cnkgdGw9JWRcbiIsIGVudi0+dGwpOwogCisgICAgeworICAgICAgICBjaGFy
IHBzdGF0ZV9zdHJpbmdbMTI4XTsKKyAgICAgICAgcHN0YXRlX3RvX3N0cmluZyhlbnYtPnBzdGF0
ZSwgcHN0YXRlX3N0cmluZywgc2l6ZW9mIChwc3RhdGVfc3RyaW5nKSk7CisgICAgICAgIERQUklO
VEZfUFNUQVRFKCJoZWxwZXJfcmV0cnkgcHN0YXRlPVslc11cbiIsIHBzdGF0ZV9zdHJpbmcpOwor
ICAgIH0KKwogI2lmICFkZWZpbmVkKENPTkZJR19VU0VSX09OTFkpCiAgICAgaWYgKGNwdV9pbnRl
cnJ1cHRzX2VuYWJsZWQoZW52KSkgewogICAgICAgICBjcHVfY2hlY2tfaXJxcyhlbnYpOwpAQCAt
NDI3Nyw2ICs0Mjk1LDEyIEBAIHZvaWQgZG9faW50ZXJydXB0KENQVVN0YXRlICplbnYpCiAgICAg
fQogICAgIGVudi0+bnBjID0gZW52LT5wYyArIDQ7CiAgICAgZW52LT5leGNlcHRpb25faW5kZXgg
PSAtMTsKKworICAgIHsKKyAgICAgICAgY2hhciBwc3RhdGVfc3RyaW5nWzEyOF07CisgICAgICAg
IHBzdGF0ZV90b19zdHJpbmcoZW52LT5wc3RhdGUsIHBzdGF0ZV9zdHJpbmcsIHNpemVvZiAocHN0
YXRlX3N0cmluZykpOworICAgICAgICBEUFJJTlRGX1BTVEFURSgiZG9faW50ZXJydXB0IHBzdGF0
ZT1bJXNdXG4iLCBwc3RhdGVfc3RyaW5nKTsKKyAgICB9CiB9CiAjZWxzZQogI2lmZGVmIERFQlVH
X1BDQUxMCg==
--001517478698a058e404a09c00ca--