From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-pj1-f51.google.com (mail-pj1-f51.google.com [209.85.216.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 145C43207 for ; Wed, 11 May 2022 20:07:16 +0000 (UTC) Received: by mail-pj1-f51.google.com with SMTP id cx11-20020a17090afd8b00b001d9fe5965b3so5901819pjb.3 for ; Wed, 11 May 2022 13:07:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sifive.com; s=google; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=IZ67w/mh933XiD19vlG6O7B4SYRWnOVzoIExpzyMUE0=; b=g7UmHFS/LA2KGK9m6aKmUe1JQl60PJ06dQ7r5CAX7xMSNCw9tpdOpx9Aig9fcTU+ug 7UK1Vg0N16rhaYBNrQ5vduoDtmOGZt/5yTUpmJpgIiMHSNqEqwipINdxP55PgDfBPt+U 1Tu1J14t6o8MKU59QeIm4Z9FJXYzWJv0yRRyn5kFIWNXcPSbIFz3Fza/PEFfV5GfI8wk +c26A0nbMt5Wn7GANVzEm6kO8JNNRDaAltFn9ty0MX5eJ98syDFSWy66Z2aF1W6IX3PT +RGUNvIawY5r9hQS01eArNokDJCkKiH/hOi6J0r9F9zyt4OM4fUCCeDshuq+DogvxrTs Io2g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=IZ67w/mh933XiD19vlG6O7B4SYRWnOVzoIExpzyMUE0=; b=IOg0RzRpVt2TNaZ+640EFrskAXOF8SZ46kbUxOrYBibeUFWS9hq50hDU/B1dKcrZTz wEX7lObW6QqK1pr2YSSERul6O7KSJ24LeYSx0KgkMK2hH3vyu21auatsrcvGKmZh9byI NKv/XeNH25UIsX5UPqRG5XknFZYQP+jJUM6PRIQ5FvQgMdNhrWUI6IAP89zBntSJahSj hr0DpgNSSKPOKvSiFrOhPzz+S2/BkxLjPuKoBsWSqCNkLGo6Xm7GTlWEOAwGscyxYu4F 8Va0wVvHkRE/AU+pc6eXhJF0wMEYSpJtCzbLY6IOpUG6Y+vL2w0ayiv9mHRJSVHId8xC MIiw== X-Gm-Message-State: AOAM530R8lZ2p/93/jZTXN+qU7kR4m6iSyT3Kyk0xx5WPNjqG4e+GN5c PBKqBvzQGR7ZVvX7p94Fm9Rs4w== X-Google-Smtp-Source: ABdhPJxLJe31QIcOOnwIRWdz+kNjZVtljkSMtGxZxRiKYxf+nhdigC4qKSGw0NxEWOvUa5CU+0D0rA== X-Received: by 2002:a17:90b:3843:b0:1dc:3da2:7fd8 with SMTP id nl3-20020a17090b384300b001dc3da27fd8mr7016266pjb.219.1652299636416; Wed, 11 May 2022 13:07:16 -0700 (PDT) Received: from smtpclient.apple ([50.39.129.137]) by smtp.gmail.com with ESMTPSA id n3-20020a622703000000b0050e0a43712esm2176777pfn.63.2022.05.11.13.07.15 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 11 May 2022 13:07:15 -0700 (PDT) Content-Type: text/plain; charset=utf-8 Precedence: bulk X-Mailing-List: llvm@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.80.82.1.1\)) Subject: Re: riscv: llvm-compiler: calling convention violation: temporary register $t2 is used to pass the ninth function parameter From: Craig Topper In-Reply-To: Date: Wed, 11 May 2022 13:07:14 -0700 Cc: Changbin Du , Paul Walmsley , Palmer Dabbelt , Albert Ou , Steven Rostedt , hw.huiwang@huawei.com, linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org, llvm@lists.linux.dev, codegen-riscv@discourse.llvm.org, llvmproject@discourse.llvm.org, asb@asbradbury.org Content-Transfer-Encoding: quoted-printable Message-Id: <10BD31AB-C9F3-45FD-9A4A-EF7DC07C94D5@sifive.com> References: <20220510065336.hlfjrc25ajed5zj4@M910t> To: Nick Desaulniers X-Mailer: Apple Mail (2.3696.80.82.1.1) I=E2=80=99m guessing that because the function is static, the calling = convention was changed to fastcall which allows us to ignore the ABI. > On May 11, 2022, at 11:39 AM, Nick Desaulniers = wrote: >=20 > On Mon, May 9, 2022 at 11:54 PM Changbin Du = wrote: >>=20 >> [This is a resent to correct llvm mailist.] >>=20 >> Hello, folks, >>=20 >> Recently I encountered a kernel crash problem when using ftrace with = 'perf ftrace' >> command on risc-v kernel built with llvm. >>=20 >> This crash only exists on llvm build, not reproducable with GCC. So I = hope llvm >> guys can take a look :) >>=20 >> The llvm versions I have tried are llvm-13.0.0 and mainline (commit = 102bc634cb >> ("[runtime] Build compiler-rt with --unwindlib=3Dnone")). >>=20 >> [ 612.947887][ T496] Unable to handle kernel NULL pointer = dereference at virtual address 0000000000000001 >> [ 613.050789][ T496] Hardware name: riscv-virtio,qemu (DT) >> [ 613.087976][ T496] epc : __find_rr_leaf+0x128/0x220 >> [ 613.107493][ T496] ra : return_to_handler+0x22/0x24 >> [ 613.125322][ T496] epc : ffffffff80a1915a ra : ffffffff80009506 = sp : ff20000011e43860 >> [ 613.150124][ T496] gp : ffffffff81812f40 tp : ff6000008bb01580 = t0 : ff600000806cf0f0 >> [ 613.173657][ T496] t1 : 000000000001b29a t2 : 0000000000000001 = s0 : ff20000011e43920 >> [ 613.187311][ T496] s1 : ff600000848c2a00 a0 : 0000000000000002 = a1 : 0000000000000002 >> [ 613.202731][ T496] a2 : fffffffffffffffd a3 : ff6000009d287000 = a4 : 00000000000002c0 >> [ 613.213723][ T496] a5 : ff6000009d259b40 a6 : ffffffffffffff9c = a7 : ffffffffffffffff >> [ 613.226648][ T496] s2 : 0000000000000001 s3 : ff20000011e439d8 = s4 : ffffffff8160d140 >> [ 613.246571][ T496] s5 : 0000000000000002 s6 : 0000000000000000 = s7 : 0000000000000000 >> [ 613.264681][ T496] s8 : 0000000000000064 s9 : 0000000000000000 = s10: 0000000000400000 >> [ 613.277999][ T496] s11: ff600000848c2aa8 t3 : 0000000000000290 = t4 : 00000000004002c0 >> [ 613.303729][ T496] t5 : 00000000ffffffff t6 : ff6000009d2872d0 >> [ 613.322145][ T496] status: 0000000200000120 badaddr: = 0000000000000001 cause: 000000000000000d >> [ 613.346228][ T496] [] ip6_pol_route+0xb6/0x602 >> [ 613.365722][ T496] [] = ip6_pol_route_output+0x2c/0x34 >> [ 613.386374][ T496] [] = fib6_rule_lookup+0x36/0xa0 >> [ 613.401865][ T496] [] = ip6_route_output_flags_noref+0xd6/0xea >> [ 613.412776][ T496] [] = ip6_route_output_flags+0x52/0xd4 >> [ 613.432013][ T496] [] = ip6_dst_lookup_tail+0x68/0x23a >> [ 613.456198][ T496] [] = ip6_sk_dst_lookup_flow+0x132/0x1cc >> [ 613.513174][ T496] [] ret_from_syscall+0x0/0x2 >> [ 613.518973][ T496] [] = return_to_handler+0x0/0x24 >> [ 613.563961][ T496] Kernel panic - not syncing: Fatal exception >> [ 613.572278][ T496] SMP: stopping secondary CPUs >> [ 613.587449][ T496] ---[ end Kernel panic - not syncing: Fatal = exception ]--- >>=20 >> The crash happened when dereferencing the point 'mpri' at = route.c:758. >>=20 >> (gdb) l *__find_rr_leaf+0x128 >> 0xffffffff809da9c4 is in __find_rr_leaf (net/ipv6/route.c:758). >> 753 >> 754 if (strict & RT6_LOOKUP_F_REACHABLE) >> 755 rt6_probe(nh); >> 756 >> 757 /* note that m can be RT6_NUD_FAIL_PROBE at this = point */ >> 758 if (m > *mpri) { >> 759 *do_rr =3D match_do_rr; >> 760 *mpri =3D m; >> 761 rc =3D true; >> 762 } >>=20 >> Adding some logs, I found the problem. The ninth passed parameter of = function >> __find_rr_leaf() which is the address of local variable 'mpri', is = changed to >> value '0x1' when inside the function __find_rr_leaf. >> Here is the code snippet and full link >> = https://github.com/torvalds/linux/blob/9cb7c013420f98fa6fd12fc6a5dc055170c= 108db/net/ipv6/route.c. >>=20 >> static void find_rr_leaf(struct fib6_node *fn, struct fib6_info = *leaf, >> struct fib6_info *rr_head, int oif, int = strict, >> bool *do_rr, struct fib6_result *res) >> { >> u32 metric =3D rr_head->fib6_metric; >> struct fib6_info *cont =3D NULL; >> int mpri =3D -1; >>=20 >> __find_rr_leaf(rr_head, NULL, metric, res, &cont, >> oif, strict, do_rr, &mpri); >> ... >> } >>=20 >> Then debugging with gdb, I found this probably is a compiler bug. We = can see the >> local function __find_rr_leaf() is not optimized out and the compiler = generates >> a local symbol for it. The find_rr_leaf() (inlined by = fib6_table_lookup) invokes >> this function with 'jalr' instruction. >>=20 >> (gdb) disassemble fib6_table_lookup >> Dump of assembler code for function fib6_table_lookup: >> [snip] >> 0xffffffff80a1240e <+412>: beqz a1,0xffffffff80a12436 = >> 0xffffffff80a12410 <+414>: slli a1,s9,0x20 >> 0xffffffff80a12414 <+418>: srli a1,a1,0x20 >> 0xffffffff80a12416 <+420>: sext.w a2,a1 >> 0xffffffff80a1241a <+424>: addi a7,s0,-125 >> 0xffffffff80a1241e <+428>: addi t2,s0,-124 >> 0xffffffff80a12422 <+432>: li a1,0 >> 0xffffffff80a12424 <+434>: mv a3,s10 >> 0xffffffff80a12426 <+436>: li a4,0 >> 0xffffffff80a12428 <+438>: ld a5,-152(s0) >> 0xffffffff80a1242c <+442>: mv a6,s8 >> 0xffffffff80a1242e <+444>: auipc ra,0x7 >> 0xffffffff80a12432 <+448>: jalr -686(ra) # 0xffffffff80a19180 = <__find_rr_leaf> >> [snip] >>=20 >> And at line route.c:758, the value of point 'mpri' is stored in = temporary register >> $t2 and $s3 (copied from $t2). >>=20 >> (gdb) info scope __find_rr_leaf >> [snip] >> Symbol mpri is multi-location: >> Base address 0xffffffff80a10564 Range = 0xffffffff80a19190-0xffffffff80a191ae: a variable in $t2 >> Range 0xffffffff80a191c0-0xffffffff80a191d6: a variable in $s3 >> Range 0xffffffff80a19200-0xffffffff80a19208: a variable in $s3 >> Range 0xffffffff80a1921e-0xffffffff80a192fe: a variable in $s3 >> Range 0xffffffff80a1930a-0xffffffff80a19356: a variable in $s3 >>=20 >> Let's see when register $t2 is corrupted with single-step mode. = Obviously, register >> $t2 is changed by mcount function ftrace_caller(). This is why the = bug happens >> to ftrace. >>=20 >> Dump of assembler code for function __find_rr_leaf: >> 0xffffffff80a19180 <+0>: sd ra,-8(sp) # $t2 =3D = 0xff200000120db7b4 >> 0xffffffff80a19184 <+4>: auipc ra,0xff5f1 >> 0xffffffff80a19188 <+8>: jalr -1744(ra) # 0xffffffff80009ab4 = # $t2 =3D 0xff200000120db7b4 >> =3D> 0xffffffff80a1918c <+12>: ld ra,-8(sp) # $t2 =3D = 0x1, bug, $t2 is corrupted!! >> 0xffffffff80a19190 <+16>: addi sp,sp,-176 >> [snip] >>=20 >> So now we can come to a conclusion. The generated local function = __find_rr_leaf() >> violates the risc-v calling convention and leads to the panic. It = should use stack >> but *not* temporary register $t2 to pass the ninth parameter! It's = okay if the >> callsite can take care of local symbol callees, but the Function = Instrumentation >> features should be considerated carefully. >>=20 >> For comparison, here is the result from gcc (9.2.0): >> (gdb) info scope __find_rr_leaf >> [snip] >> Symbol mpri is a complex DWARF expression: >> 0: DW_OP_fbreg 0, length 8. >>=20 >> I also built a simple test function with 9 parameters by clang and = same cflags, >> but cannot reproduce it. Maybe it is conditional? >>=20 >> Simple test code: >> __attribute__ ((noinline)) >> void test_func(int *a, int *b, int *c, int *d, int *e, int *f, int = *g, int *h, int *i) >> { >> printf("__find_rr_leaf: %d\n", *i); >> } >>=20 >> int main(void) >> { >> int a,b,c,d,e,f,g,h,i =3D 100; >>=20 >> test_func(&a,&b,&c,&d,&e,&f,&g,&h,&i); >> return 0; >> } >=20 > Hmm...any chance you could come up with a more concise test case then > using creduce [0] or cvise [1]? > [0] https://embed.cs.utah.edu/creduce/ > [1] https://github.com/marxin/cvise >=20 >=20 >>=20 >> -- >> Cheers, >> Changbin Du >>=20 >=20 >=20 > --=20 > Thanks, > ~Nick Desaulniers From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 2F9E6C433EF for ; Wed, 11 May 2022 20:07:36 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:To:References:Message-Id:Cc:Date: In-Reply-To:From:Subject:Mime-Version:Reply-To:Content-ID:Content-Description :Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=K9KpgCooYX/AEBBgs3qDueRjLsdbSc4oYfctzhvPWqE=; b=32g2fHA+voBy0R wSDyBTOBVqVIAlVKeOpGBWos0Oj/D/sK4F8YUCuLM21ePiPjWMv3VnL/lm+r6h8YTlEQewgWcBLpV h7eVZD6uImEwAz+xLyrSZH0UnEyzNEYw0GVuUP3Q+P/QXqYr2GiHb2Fq/fO+Kqqox2Kgjb9/EL+J+ mINqtsW3KbukviYhM7hvMLVfWM/u5sL1BPY6K1JSkxL4GaQP6T2mvyvRE0tcSVXwcdhX3RD8c2Vv7 dcvraKBOvVdxnORIU2nkRjjQFc0z7x0K1DAyJjyEQEVcz52oGzYb4coHXncX/D+M7FGEEhkc32jeX SOFWKCiCtntDLJvIFszA==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1noscF-008TRF-Et; Wed, 11 May 2022 20:07:23 +0000 Received: from mail-pl1-x633.google.com ([2607:f8b0:4864:20::633]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1noscC-008TPl-5l for linux-riscv@lists.infradead.org; Wed, 11 May 2022 20:07:22 +0000 Received: by mail-pl1-x633.google.com with SMTP id m12so2930742plb.4 for ; Wed, 11 May 2022 13:07:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sifive.com; s=google; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=IZ67w/mh933XiD19vlG6O7B4SYRWnOVzoIExpzyMUE0=; b=g7UmHFS/LA2KGK9m6aKmUe1JQl60PJ06dQ7r5CAX7xMSNCw9tpdOpx9Aig9fcTU+ug 7UK1Vg0N16rhaYBNrQ5vduoDtmOGZt/5yTUpmJpgIiMHSNqEqwipINdxP55PgDfBPt+U 1Tu1J14t6o8MKU59QeIm4Z9FJXYzWJv0yRRyn5kFIWNXcPSbIFz3Fza/PEFfV5GfI8wk +c26A0nbMt5Wn7GANVzEm6kO8JNNRDaAltFn9ty0MX5eJ98syDFSWy66Z2aF1W6IX3PT +RGUNvIawY5r9hQS01eArNokDJCkKiH/hOi6J0r9F9zyt4OM4fUCCeDshuq+DogvxrTs Io2g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=IZ67w/mh933XiD19vlG6O7B4SYRWnOVzoIExpzyMUE0=; b=DXy+VLVd55kYlhPAAXnNZGETFgur9AJ1Zr7O6VNMy325CGJJmAvW/VxVe5Mmwaf2SJ z0oHMNuOaMAJCJsQJgyjGwd2K4z/8upNUI+pl51bPk69lcnMcD/K7EXnPGlw5Qwk7oYF u+YhPZJaXewBmAmKDN1JMtd5N4ur7vkVfuZ4/ZdT2Ur7bfy2ROF8lX+hBz2eUzfoKP99 SZ5H7GKEu+x2gyrutE47UDmV/dAfoyVWpNsimZwt9qMng/iV5WD+VaYYk3iAa8FVTDl1 d8j5UyQOLT8ZtB/HlonhPY3RroVYTY8Tyi9PGjmpK9cZeidzklpxN0tyYNmaohwSfpmv LIcw== X-Gm-Message-State: AOAM530TAf5vrx0QYmITuKKY/ILcIsYGd8BwVTbBSrvFvkvbMsPZ3/Fq coeJ/PPdIoIiyuo5TGY82bnKbw== X-Google-Smtp-Source: ABdhPJxLJe31QIcOOnwIRWdz+kNjZVtljkSMtGxZxRiKYxf+nhdigC4qKSGw0NxEWOvUa5CU+0D0rA== X-Received: by 2002:a17:90b:3843:b0:1dc:3da2:7fd8 with SMTP id nl3-20020a17090b384300b001dc3da27fd8mr7016266pjb.219.1652299636416; Wed, 11 May 2022 13:07:16 -0700 (PDT) Received: from smtpclient.apple ([50.39.129.137]) by smtp.gmail.com with ESMTPSA id n3-20020a622703000000b0050e0a43712esm2176777pfn.63.2022.05.11.13.07.15 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 11 May 2022 13:07:15 -0700 (PDT) Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.80.82.1.1\)) Subject: Re: riscv: llvm-compiler: calling convention violation: temporary register $t2 is used to pass the ninth function parameter From: Craig Topper In-Reply-To: Date: Wed, 11 May 2022 13:07:14 -0700 Cc: Changbin Du , Paul Walmsley , Palmer Dabbelt , Albert Ou , Steven Rostedt , hw.huiwang@huawei.com, linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org, llvm@lists.linux.dev, codegen-riscv@discourse.llvm.org, llvmproject@discourse.llvm.org, asb@asbradbury.org Message-Id: <10BD31AB-C9F3-45FD-9A4A-EF7DC07C94D5@sifive.com> References: <20220510065336.hlfjrc25ajed5zj4@M910t> To: Nick Desaulniers X-Mailer: Apple Mail (2.3696.80.82.1.1) X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20220511_130720_323553_DA6787E4 X-CRM114-Status: GOOD ( 23.75 ) X-BeenThere: linux-riscv@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Sender: "linux-riscv" Errors-To: linux-riscv-bounces+linux-riscv=archiver.kernel.org@lists.infradead.org SeKAmW0gZ3Vlc3NpbmcgdGhhdCBiZWNhdXNlIHRoZSBmdW5jdGlvbiBpcyBzdGF0aWMsIHRoZSBj YWxsaW5nIGNvbnZlbnRpb24gd2FzIGNoYW5nZWQgdG8gZmFzdGNhbGwgd2hpY2ggYWxsb3dzIHVz IHRvIGlnbm9yZSB0aGUgQUJJLgoKPiBPbiBNYXkgMTEsIDIwMjIsIGF0IDExOjM5IEFNLCBOaWNr IERlc2F1bG5pZXJzIDxuZGVzYXVsbmllcnNAZ29vZ2xlLmNvbT4gd3JvdGU6Cj4gCj4gT24gTW9u LCBNYXkgOSwgMjAyMiBhdCAxMTo1NCBQTSBDaGFuZ2JpbiBEdSA8Y2hhbmdiaW4uZHVAaHVhd2Vp LmNvbT4gd3JvdGU6Cj4+IAo+PiBbVGhpcyBpcyBhIHJlc2VudCB0byBjb3JyZWN0IGxsdm0gbWFp bGlzdC5dCj4+IAo+PiBIZWxsbywgZm9sa3MsCj4+IAo+PiBSZWNlbnRseSBJIGVuY291bnRlcmVk IGEga2VybmVsIGNyYXNoIHByb2JsZW0gd2hlbiB1c2luZyBmdHJhY2Ugd2l0aCAncGVyZiBmdHJh Y2UnCj4+IGNvbW1hbmQgb24gcmlzYy12IGtlcm5lbCBidWlsdCB3aXRoIGxsdm0uCj4+IAo+PiBU aGlzIGNyYXNoIG9ubHkgZXhpc3RzIG9uIGxsdm0gYnVpbGQsIG5vdCByZXByb2R1Y2FibGUgd2l0 aCBHQ0MuIFNvIEkgaG9wZSBsbHZtCj4+IGd1eXMgY2FuIHRha2UgYSBsb29rIDopCj4+IAo+PiBU aGUgbGx2bSB2ZXJzaW9ucyBJIGhhdmUgdHJpZWQgYXJlIGxsdm0tMTMuMC4wIGFuZCBtYWlubGlu ZSAoY29tbWl0IDEwMmJjNjM0Y2IKPj4gKCJbcnVudGltZV0gQnVpbGQgY29tcGlsZXItcnQgd2l0 aCAtLXVud2luZGxpYj1ub25lIikpLgo+PiAKPj4gWyAgNjEyLjk0Nzg4N11bICBUNDk2XSBVbmFi bGUgdG8gaGFuZGxlIGtlcm5lbCBOVUxMIHBvaW50ZXIgZGVyZWZlcmVuY2UgYXQgdmlydHVhbCBh ZGRyZXNzIDAwMDAwMDAwMDAwMDAwMDEKPj4gWyAgNjEzLjA1MDc4OV1bICBUNDk2XSBIYXJkd2Fy ZSBuYW1lOiByaXNjdi12aXJ0aW8scWVtdSAoRFQpCj4+IFsgIDYxMy4wODc5NzZdWyAgVDQ5Nl0g ZXBjIDogX19maW5kX3JyX2xlYWYrMHgxMjgvMHgyMjAKPj4gWyAgNjEzLjEwNzQ5M11bICBUNDk2 XSAgcmEgOiByZXR1cm5fdG9faGFuZGxlcisweDIyLzB4MjQKPj4gWyAgNjEzLjEyNTMyMl1bICBU NDk2XSBlcGMgOiBmZmZmZmZmZjgwYTE5MTVhIHJhIDogZmZmZmZmZmY4MDAwOTUwNiBzcCA6IGZm MjAwMDAwMTFlNDM4NjAKPj4gWyAgNjEzLjE1MDEyNF1bICBUNDk2XSAgZ3AgOiBmZmZmZmZmZjgx ODEyZjQwIHRwIDogZmY2MDAwMDA4YmIwMTU4MCB0MCA6IGZmNjAwMDAwODA2Y2YwZjAKPj4gWyAg NjEzLjE3MzY1N11bICBUNDk2XSAgdDEgOiAwMDAwMDAwMDAwMDFiMjlhIHQyIDogMDAwMDAwMDAw MDAwMDAwMSBzMCA6IGZmMjAwMDAwMTFlNDM5MjAKPj4gWyAgNjEzLjE4NzMxMV1bICBUNDk2XSAg czEgOiBmZjYwMDAwMDg0OGMyYTAwIGEwIDogMDAwMDAwMDAwMDAwMDAwMiBhMSA6IDAwMDAwMDAw MDAwMDAwMDIKPj4gWyAgNjEzLjIwMjczMV1bICBUNDk2XSAgYTIgOiBmZmZmZmZmZmZmZmZmZmZk IGEzIDogZmY2MDAwMDA5ZDI4NzAwMCBhNCA6IDAwMDAwMDAwMDAwMDAyYzAKPj4gWyAgNjEzLjIx MzcyM11bICBUNDk2XSAgYTUgOiBmZjYwMDAwMDlkMjU5YjQwIGE2IDogZmZmZmZmZmZmZmZmZmY5 YyBhNyA6IGZmZmZmZmZmZmZmZmZmZmYKPj4gWyAgNjEzLjIyNjY0OF1bICBUNDk2XSAgczIgOiAw MDAwMDAwMDAwMDAwMDAxIHMzIDogZmYyMDAwMDAxMWU0MzlkOCBzNCA6IGZmZmZmZmZmODE2MGQx NDAKPj4gWyAgNjEzLjI0NjU3MV1bICBUNDk2XSAgczUgOiAwMDAwMDAwMDAwMDAwMDAyIHM2IDog MDAwMDAwMDAwMDAwMDAwMCBzNyA6IDAwMDAwMDAwMDAwMDAwMDAKPj4gWyAgNjEzLjI2NDY4MV1b ICBUNDk2XSAgczggOiAwMDAwMDAwMDAwMDAwMDY0IHM5IDogMDAwMDAwMDAwMDAwMDAwMCBzMTA6 IDAwMDAwMDAwMDA0MDAwMDAKPj4gWyAgNjEzLjI3Nzk5OV1bICBUNDk2XSAgczExOiBmZjYwMDAw MDg0OGMyYWE4IHQzIDogMDAwMDAwMDAwMDAwMDI5MCB0NCA6IDAwMDAwMDAwMDA0MDAyYzAKPj4g WyAgNjEzLjMwMzcyOV1bICBUNDk2XSAgdDUgOiAwMDAwMDAwMGZmZmZmZmZmIHQ2IDogZmY2MDAw MDA5ZDI4NzJkMAo+PiBbICA2MTMuMzIyMTQ1XVsgIFQ0OTZdIHN0YXR1czogMDAwMDAwMDIwMDAw MDEyMCBiYWRhZGRyOiAwMDAwMDAwMDAwMDAwMDAxIGNhdXNlOiAwMDAwMDAwMDAwMDAwMDBkCj4+ IFsgIDYxMy4zNDYyMjhdWyAgVDQ5Nl0gWzxmZmZmZmZmZjgwYTEyNTI2Pl0gaXA2X3BvbF9yb3V0 ZSsweGI2LzB4NjAyCj4+IFsgIDYxMy4zNjU3MjJdWyAgVDQ5Nl0gWzxmZmZmZmZmZjgwYTEzMjFh Pl0gaXA2X3BvbF9yb3V0ZV9vdXRwdXQrMHgyYy8weDM0Cj4+IFsgIDYxMy4zODYzNzRdWyAgVDQ5 Nl0gWzxmZmZmZmZmZjgwYTFjMDI4Pl0gZmliNl9ydWxlX2xvb2t1cCsweDM2LzB4YTAKPj4gWyAg NjEzLjQwMTg2NV1bICBUNDk2XSBbPGZmZmZmZmZmODBhMTMxZGE+XSBpcDZfcm91dGVfb3V0cHV0 X2ZsYWdzX25vcmVmKzB4ZDYvMHhlYQo+PiBbICA2MTMuNDEyNzc2XVsgIFQ0OTZdIFs8ZmZmZmZm ZmY4MGExMzI3ND5dIGlwNl9yb3V0ZV9vdXRwdXRfZmxhZ3MrMHg1Mi8weGQ0Cj4+IFsgIDYxMy40 MzIwMTNdWyAgVDQ5Nl0gWzxmZmZmZmZmZjgwOWZmYjNhPl0gaXA2X2RzdF9sb29rdXBfdGFpbCsw eDY4LzB4MjNhCj4+IFsgIDYxMy40NTYxOThdWyAgVDQ5Nl0gWzxmZmZmZmZmZjgwOWZmZWM2Pl0g aXA2X3NrX2RzdF9sb29rdXBfZmxvdysweDEzMi8weDFjYwo+PiBbICA2MTMuNTEzMTc0XVsgIFQ0 OTZdIFs8ZmZmZmZmZmY4MDAwM2NkOD5dIHJldF9mcm9tX3N5c2NhbGwrMHgwLzB4Mgo+PiBbICA2 MTMuNTE4OTczXVsgIFQ0OTZdIFs8ZmZmZmZmZmY4MDAwOTRlND5dIHJldHVybl90b19oYW5kbGVy KzB4MC8weDI0Cj4+IFsgIDYxMy41NjM5NjFdWyAgVDQ5Nl0gS2VybmVsIHBhbmljIC0gbm90IHN5 bmNpbmc6IEZhdGFsIGV4Y2VwdGlvbgo+PiBbICA2MTMuNTcyMjc4XVsgIFQ0OTZdIFNNUDogc3Rv cHBpbmcgc2Vjb25kYXJ5IENQVXMKPj4gWyAgNjEzLjU4NzQ0OV1bICBUNDk2XSAtLS1bIGVuZCBL ZXJuZWwgcGFuaWMgLSBub3Qgc3luY2luZzogRmF0YWwgZXhjZXB0aW9uIF0tLS0KPj4gCj4+IFRo ZSBjcmFzaCBoYXBwZW5lZCB3aGVuIGRlcmVmZXJlbmNpbmcgdGhlIHBvaW50ICdtcHJpJyBhdCBy b3V0ZS5jOjc1OC4KPj4gCj4+IChnZGIpIGwgKl9fZmluZF9ycl9sZWFmKzB4MTI4Cj4+IDB4ZmZm ZmZmZmY4MDlkYTljNCBpcyBpbiBfX2ZpbmRfcnJfbGVhZiAobmV0L2lwdjYvcm91dGUuYzo3NTgp Lgo+PiA3NTMKPj4gNzU0ICAgICAgICAgICAgIGlmIChzdHJpY3QgJiBSVDZfTE9PS1VQX0ZfUkVB Q0hBQkxFKQo+PiA3NTUgICAgICAgICAgICAgICAgICAgICBydDZfcHJvYmUobmgpOwo+PiA3NTYK Pj4gNzU3ICAgICAgICAgICAgIC8qIG5vdGUgdGhhdCBtIGNhbiBiZSBSVDZfTlVEX0ZBSUxfUFJP QkUgYXQgdGhpcyBwb2ludCAqLwo+PiA3NTggICAgICAgICAgICAgaWYgKG0gPiAqbXByaSkgewo+ PiA3NTkgICAgICAgICAgICAgICAgICAgICAqZG9fcnIgPSBtYXRjaF9kb19ycjsKPj4gNzYwICAg ICAgICAgICAgICAgICAgICAgKm1wcmkgPSBtOwo+PiA3NjEgICAgICAgICAgICAgICAgICAgICBy YyA9IHRydWU7Cj4+IDc2MiAgICAgICAgICAgICB9Cj4+IAo+PiBBZGRpbmcgc29tZSBsb2dzLCBJ IGZvdW5kIHRoZSBwcm9ibGVtLiBUaGUgbmludGggcGFzc2VkIHBhcmFtZXRlciBvZiBmdW5jdGlv bgo+PiBfX2ZpbmRfcnJfbGVhZigpIHdoaWNoIGlzIHRoZSBhZGRyZXNzIG9mIGxvY2FsIHZhcmlh YmxlICdtcHJpJywgaXMgY2hhbmdlZCB0bwo+PiB2YWx1ZSAnMHgxJyB3aGVuIGluc2lkZSB0aGUg ZnVuY3Rpb24gX19maW5kX3JyX2xlYWYuCj4+IEhlcmUgaXMgdGhlIGNvZGUgc25pcHBldCBhbmQg ZnVsbCBsaW5rCj4+IGh0dHBzOi8vZ2l0aHViLmNvbS90b3J2YWxkcy9saW51eC9ibG9iLzljYjdj MDEzNDIwZjk4ZmE2ZmQxMmZjNmE1ZGMwNTUxNzBjMTA4ZGIvbmV0L2lwdjYvcm91dGUuYy4KPj4g Cj4+IHN0YXRpYyB2b2lkIGZpbmRfcnJfbGVhZihzdHJ1Y3QgZmliNl9ub2RlICpmbiwgc3RydWN0 IGZpYjZfaW5mbyAqbGVhZiwKPj4gICAgICAgICAgICAgICAgICAgICAgICAgc3RydWN0IGZpYjZf aW5mbyAqcnJfaGVhZCwgaW50IG9pZiwgaW50IHN0cmljdCwKPj4gICAgICAgICAgICAgICAgICAg ICAgICAgYm9vbCAqZG9fcnIsIHN0cnVjdCBmaWI2X3Jlc3VsdCAqcmVzKQo+PiB7Cj4+ICAgICAg ICB1MzIgbWV0cmljID0gcnJfaGVhZC0+ZmliNl9tZXRyaWM7Cj4+ICAgICAgICBzdHJ1Y3QgZmli Nl9pbmZvICpjb250ID0gTlVMTDsKPj4gICAgICAgIGludCBtcHJpID0gLTE7Cj4+IAo+PiAgICAg ICAgX19maW5kX3JyX2xlYWYocnJfaGVhZCwgTlVMTCwgbWV0cmljLCByZXMsICZjb250LAo+PiAg ICAgICAgICAgICAgICAgICAgICAgb2lmLCBzdHJpY3QsIGRvX3JyLCAmbXByaSk7Cj4+ICAgICAg ICAuLi4KPj4gfQo+PiAKPj4gVGhlbiBkZWJ1Z2dpbmcgd2l0aCBnZGIsIEkgZm91bmQgdGhpcyBw cm9iYWJseSBpcyBhIGNvbXBpbGVyIGJ1Zy4gV2UgY2FuIHNlZSB0aGUKPj4gbG9jYWwgZnVuY3Rp b24gX19maW5kX3JyX2xlYWYoKSBpcyBub3Qgb3B0aW1pemVkIG91dCBhbmQgdGhlIGNvbXBpbGVy IGdlbmVyYXRlcwo+PiBhIGxvY2FsIHN5bWJvbCBmb3IgaXQuIFRoZSBmaW5kX3JyX2xlYWYoKSAo aW5saW5lZCBieSBmaWI2X3RhYmxlX2xvb2t1cCkgaW52b2tlcwo+PiB0aGlzIGZ1bmN0aW9uIHdp dGggJ2phbHInIGluc3RydWN0aW9uLgo+PiAKPj4gKGdkYikgZGlzYXNzZW1ibGUgZmliNl90YWJs ZV9sb29rdXAKPj4gRHVtcCBvZiBhc3NlbWJsZXIgY29kZSBmb3IgZnVuY3Rpb24gZmliNl90YWJs ZV9sb29rdXA6Cj4+ICAgW3NuaXBdCj4+ICAgMHhmZmZmZmZmZjgwYTEyNDBlIDwrNDEyPjogICBi ZXF6ICAgIGExLDB4ZmZmZmZmZmY4MGExMjQzNiA8ZmliNl90YWJsZV9sb29rdXArNDUyPgo+PiAg IDB4ZmZmZmZmZmY4MGExMjQxMCA8KzQxND46ICAgc2xsaSAgICBhMSxzOSwweDIwCj4+ICAgMHhm ZmZmZmZmZjgwYTEyNDE0IDwrNDE4PjogICBzcmxpICAgIGExLGExLDB4MjAKPj4gICAweGZmZmZm ZmZmODBhMTI0MTYgPCs0MjA+OiAgIHNleHQudyAgYTIsYTEKPj4gICAweGZmZmZmZmZmODBhMTI0 MWEgPCs0MjQ+OiAgIGFkZGkgICAgYTcsczAsLTEyNQo+PiAgIDB4ZmZmZmZmZmY4MGExMjQxZSA8 KzQyOD46ICAgYWRkaSAgICB0MixzMCwtMTI0Cj4+ICAgMHhmZmZmZmZmZjgwYTEyNDIyIDwrNDMy PjogICBsaSAgICAgIGExLDAKPj4gICAweGZmZmZmZmZmODBhMTI0MjQgPCs0MzQ+OiAgIG12ICAg ICAgYTMsczEwCj4+ICAgMHhmZmZmZmZmZjgwYTEyNDI2IDwrNDM2PjogICBsaSAgICAgIGE0LDAK Pj4gICAweGZmZmZmZmZmODBhMTI0MjggPCs0Mzg+OiAgIGxkICAgICAgYTUsLTE1MihzMCkKPj4g ICAweGZmZmZmZmZmODBhMTI0MmMgPCs0NDI+OiAgIG12ICAgICAgYTYsczgKPj4gICAweGZmZmZm ZmZmODBhMTI0MmUgPCs0NDQ+OiAgIGF1aXBjICAgcmEsMHg3Cj4+ICAgMHhmZmZmZmZmZjgwYTEy NDMyIDwrNDQ4PjogICBqYWxyICAgIC02ODYocmEpICMgMHhmZmZmZmZmZjgwYTE5MTgwIDxfX2Zp bmRfcnJfbGVhZj4KPj4gICBbc25pcF0KPj4gCj4+IEFuZCBhdCBsaW5lIHJvdXRlLmM6NzU4LCB0 aGUgdmFsdWUgb2YgcG9pbnQgJ21wcmknIGlzIHN0b3JlZCBpbiB0ZW1wb3JhcnkgcmVnaXN0ZXIK Pj4gJHQyIGFuZCAkczMgKGNvcGllZCBmcm9tICR0MikuCj4+IAo+PiAoZ2RiKSBpbmZvIHNjb3Bl IF9fZmluZF9ycl9sZWFmCj4+IFtzbmlwXQo+PiBTeW1ib2wgbXByaSBpcyBtdWx0aS1sb2NhdGlv bjoKPj4gIEJhc2UgYWRkcmVzcyAweGZmZmZmZmZmODBhMTA1NjQgIFJhbmdlIDB4ZmZmZmZmZmY4 MGExOTE5MC0weGZmZmZmZmZmODBhMTkxYWU6IGEgdmFyaWFibGUgaW4gJHQyCj4+ICBSYW5nZSAw eGZmZmZmZmZmODBhMTkxYzAtMHhmZmZmZmZmZjgwYTE5MWQ2OiBhIHZhcmlhYmxlIGluICRzMwo+ PiAgUmFuZ2UgMHhmZmZmZmZmZjgwYTE5MjAwLTB4ZmZmZmZmZmY4MGExOTIwODogYSB2YXJpYWJs ZSBpbiAkczMKPj4gIFJhbmdlIDB4ZmZmZmZmZmY4MGExOTIxZS0weGZmZmZmZmZmODBhMTkyZmU6 IGEgdmFyaWFibGUgaW4gJHMzCj4+ICBSYW5nZSAweGZmZmZmZmZmODBhMTkzMGEtMHhmZmZmZmZm ZjgwYTE5MzU2OiBhIHZhcmlhYmxlIGluICRzMwo+PiAKPj4gTGV0J3Mgc2VlIHdoZW4gcmVnaXN0 ZXIgJHQyIGlzIGNvcnJ1cHRlZCB3aXRoIHNpbmdsZS1zdGVwIG1vZGUuIE9idmlvdXNseSwgcmVn aXN0ZXIKPj4gJHQyIGlzIGNoYW5nZWQgYnkgbWNvdW50IGZ1bmN0aW9uIGZ0cmFjZV9jYWxsZXIo KS4gVGhpcyBpcyB3aHkgdGhlIGJ1ZyBoYXBwZW5zCj4+IHRvIGZ0cmFjZS4KPj4gCj4+IER1bXAg b2YgYXNzZW1ibGVyIGNvZGUgZm9yIGZ1bmN0aW9uIF9fZmluZF9ycl9sZWFmOgo+PiAgIDB4ZmZm ZmZmZmY4MGExOTE4MCA8KzA+OiAgICAgc2QgICAgICByYSwtOChzcCkgICAjICAkdDIgPSAweGZm MjAwMDAwMTIwZGI3YjQKPj4gICAweGZmZmZmZmZmODBhMTkxODQgPCs0PjogICAgIGF1aXBjICAg cmEsMHhmZjVmMQo+PiAgIDB4ZmZmZmZmZmY4MGExOTE4OCA8Kzg+OiAgICAgamFsciAgICAtMTc0 NChyYSkgIyAweGZmZmZmZmZmODAwMDlhYjQgPGZ0cmFjZV9jYWxsZXI+ICMgICR0MiA9IDB4ZmYy MDAwMDAxMjBkYjdiNAo+PiA9PiAweGZmZmZmZmZmODBhMTkxOGMgPCsxMj46ICAgIGxkICAgICAg cmEsLTgoc3ApICAgICMgICR0MiA9IDB4MSwgYnVnLCAkdDIgaXMgY29ycnVwdGVkISEKPj4gICAw eGZmZmZmZmZmODBhMTkxOTAgPCsxNj46ICAgIGFkZGkgICAgc3Asc3AsLTE3Ngo+PiAgIFtzbmlw XQo+PiAKPj4gU28gbm93IHdlIGNhbiBjb21lIHRvIGEgY29uY2x1c2lvbi4gVGhlIGdlbmVyYXRl ZCBsb2NhbCBmdW5jdGlvbiBfX2ZpbmRfcnJfbGVhZigpCj4+IHZpb2xhdGVzIHRoZSByaXNjLXYg Y2FsbGluZyBjb252ZW50aW9uIGFuZCBsZWFkcyB0byB0aGUgcGFuaWMuIEl0IHNob3VsZCB1c2Ug c3RhY2sKPj4gYnV0ICpub3QqIHRlbXBvcmFyeSByZWdpc3RlciAkdDIgdG8gcGFzcyB0aGUgbmlu dGggcGFyYW1ldGVyISBJdCdzIG9rYXkgaWYgdGhlCj4+IGNhbGxzaXRlIGNhbiB0YWtlIGNhcmUg b2YgbG9jYWwgc3ltYm9sIGNhbGxlZXMsIGJ1dCB0aGUgRnVuY3Rpb24gSW5zdHJ1bWVudGF0aW9u Cj4+IGZlYXR1cmVzIHNob3VsZCBiZSBjb25zaWRlcmF0ZWQgY2FyZWZ1bGx5Lgo+PiAKPj4gRm9y IGNvbXBhcmlzb24sIGhlcmUgaXMgdGhlIHJlc3VsdCBmcm9tIGdjYyAoOS4yLjApOgo+PiAoZ2Ri KSBpbmZvIHNjb3BlIF9fZmluZF9ycl9sZWFmCj4+IFtzbmlwXQo+PiBTeW1ib2wgbXByaSBpcyBh IGNvbXBsZXggRFdBUkYgZXhwcmVzc2lvbjoKPj4gICAgIDA6IERXX09QX2ZicmVnIDAsIGxlbmd0 aCA4Lgo+PiAKPj4gSSBhbHNvIGJ1aWx0IGEgc2ltcGxlIHRlc3QgZnVuY3Rpb24gd2l0aCA5IHBh cmFtZXRlcnMgYnkgY2xhbmcgYW5kIHNhbWUgY2ZsYWdzLAo+PiBidXQgY2Fubm90IHJlcHJvZHVj ZSBpdC4gTWF5YmUgaXQgaXMgY29uZGl0aW9uYWw/Cj4+IAo+PiBTaW1wbGUgdGVzdCBjb2RlOgo+ PiBfX2F0dHJpYnV0ZV9fICgobm9pbmxpbmUpKQo+PiB2b2lkIHRlc3RfZnVuYyhpbnQgKmEsIGlu dCAqYiwgaW50ICpjLCBpbnQgKmQsIGludCAqZSwgaW50ICpmLCBpbnQgKmcsIGludCAqaCwgaW50 ICppKQo+PiB7Cj4+ICAgICAgICBwcmludGYoIl9fZmluZF9ycl9sZWFmOiAlZFxuIiwgKmkpOwo+ PiB9Cj4+IAo+PiBpbnQgbWFpbih2b2lkKQo+PiB7Cj4+ICAgICAgICBpbnQgYSxiLGMsZCxlLGYs ZyxoLGkgPSAxMDA7Cj4+IAo+PiAgICAgICAgdGVzdF9mdW5jKCZhLCZiLCZjLCZkLCZlLCZmLCZn LCZoLCZpKTsKPj4gICAgICAgIHJldHVybiAwOwo+PiB9Cj4gCj4gSG1tLi4uYW55IGNoYW5jZSB5 b3UgY291bGQgY29tZSB1cCB3aXRoIGEgbW9yZSBjb25jaXNlIHRlc3QgY2FzZSB0aGVuCj4gdXNp bmcgY3JlZHVjZSBbMF0gb3IgY3Zpc2UgWzFdPwo+IFswXSBodHRwczovL2VtYmVkLmNzLnV0YWgu ZWR1L2NyZWR1Y2UvCj4gWzFdIGh0dHBzOi8vZ2l0aHViLmNvbS9tYXJ4aW4vY3Zpc2UKPiAKPiAK Pj4gCj4+IC0tCj4+IENoZWVycywKPj4gQ2hhbmdiaW4gRHUKPj4gCj4gCj4gCj4gLS0gCj4gVGhh bmtzLAo+IH5OaWNrIERlc2F1bG5pZXJzCgoKX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX18KbGludXgtcmlzY3YgbWFpbGluZyBsaXN0CmxpbnV4LXJpc2N2QGxp c3RzLmluZnJhZGVhZC5vcmcKaHR0cDovL2xpc3RzLmluZnJhZGVhZC5vcmcvbWFpbG1hbi9saXN0 aW5mby9saW51eC1yaXNjdgo=