From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751436AbeDYGfC (ORCPT ); Wed, 25 Apr 2018 02:35:02 -0400 Received: from mail-wm0-f46.google.com ([74.125.82.46]:54597 "EHLO mail-wm0-f46.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750929AbeDYGfA (ORCPT ); Wed, 25 Apr 2018 02:35:00 -0400 X-Google-Smtp-Source: AIpwx4/OU8mctMyOX7CaQkZZiwMd1A2YHOAa/zp6fCnXMUYFk7B4Vfbb2dpBi9X253TrR4ENRyBOOw== Date: Wed, 25 Apr 2018 08:34:55 +0200 From: Daniel Vetter To: Oleksandr Andrushchenko Cc: Dongwon Kim , jgross@suse.com, Artem Mygaiev , Wei Liu , konrad.wilk@oracle.com, airlied@linux.ie, "Oleksandr_Andrushchenko@epam.com" , linux-kernel@vger.kernel.org, dri-devel@lists.freedesktop.org, "Potrola, MateuszX" , xen-devel@lists.xenproject.org, daniel.vetter@intel.com, boris.ostrovsky@oracle.com, Roger Pau =?iso-8859-1?Q?Monn=E9?= Subject: Re: [Xen-devel] [PATCH 0/1] drm/xen-zcopy: Add Xen zero-copy helper DRM driver Message-ID: <20180425063455.GH25142@phenom.ffwll.local> Mail-Followup-To: Oleksandr Andrushchenko , Dongwon Kim , jgross@suse.com, Artem Mygaiev , Wei Liu , konrad.wilk@oracle.com, airlied@linux.ie, "Oleksandr_Andrushchenko@epam.com" , linux-kernel@vger.kernel.org, dri-devel@lists.freedesktop.org, "Potrola, MateuszX" , xen-devel@lists.xenproject.org, daniel.vetter@intel.com, boris.ostrovsky@oracle.com, Roger Pau =?iso-8859-1?Q?Monn=E9?= References: <20180418101058.hyqk3gr3b2ibxswu@MacBook-Pro-de-Roger.local> <20180420071914.GG31310@phenom.ffwll.local> <76cdc65a-7bb1-9377-7bc5-6164e32f7b5d@gmail.com> <20180423115242.ywdwqblj2aseu3fr@citrix.com> <61105351-8896-072b-abf0-757c7f6c0edf@gmail.com> <20180424115437.GT31310@phenom.ffwll.local> <18ab5f76-00b0-42a0-fcb8-e0cbf4cdd527@gmail.com> <20180424203514.GA26787@downor-Z87X-UD5H> <43bc755f-3e31-6841-0962-542c42515f88@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <43bc755f-3e31-6841-0962-542c42515f88@gmail.com> X-Operating-System: Linux phenom 4.15.0-1-amd64 User-Agent: Mutt/1.9.4 (2018-02-28) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Apr 25, 2018 at 09:07:07AM +0300, Oleksandr Andrushchenko wrote: > On 04/24/2018 11:35 PM, Dongwon Kim wrote: > > Had a meeting with Daniel and talked about bringing out generic > > part of hyper-dmabuf to the userspace, which means we most likely > > reuse IOCTLs defined in xen-zcopy for our use-case if we follow > > his suggestion. > I will still have kernel side API, so backends/frontends implemented > in the kernel can access that functionality as well. > > > > So assuming we use these IOCTLs as they are, > > Several things I would like you to double-check.. > > > > 1. returning gref as is to the user space is still unsafe because > > it is a constant, easy to guess and any process that hijacks it can easily > > exploit the buffer. So I am wondering if it's possible to keep dmabuf-to > > -gref or gref-to-dmabuf in kernel space and add other layers on top > > of those in actual IOCTLs to add some safety.. We introduced flink like > > hyper_dmabuf_id including random number but many says even that is still > > not safe. > Yes, it is generally unsafe. But even if we have implemented > the approach you have in hyper-dmabuf or similar, what stops > malicious software from doing the same with the existing gntdev UAPI? > No need to brute force new UAPI if there is a simpler one. > That being said, I'll put security aside at the first stage, > but of course we can start investigating ways to improve > (I assume you already have use-cases where security issues must > be considered, so, probably you can tell more on what was investigated > so far). Maybe a bit more context here: So in graphics we have this old flink approach for buffer sharing with processes, and it's unsafe because way too easy to guess the buffer handles. And anyone with access to the graphics driver can then import that buffer object. We switched to file descriptor passing to make sure only the intended recipient can import a buffer. So at the vm->vm level it sounds like grefs are safe, because they're only for a specific other guest (or sets of guests, not sure about). That means security is only within the OS. For that you need to make sure that unpriviledge userspace simply can't ever access a gref. If that doesn't work out, then I guess we should improve the xen gref stuff to have a more secure cookie. > > 2. maybe we could take hypervisor-independent process (e.g. SGT<->page) > > out of xen-zcopy and put those in a new helper library. > I believe this can be done, but at the first stage I would go without > that helper library, so it is clearly seen what can be moved to it later > (I know that you want to run ACRN as well, but can I run it on ARM? ;) There's already helpers for walking sgtables and adding pages/enumerating pages. I don't think we need more. > > 3. please consider the case where original DMA-BUF's first offset > > and last length are not 0 and PAGE_SIZE respectively. I assume current > > xen-zcopy only supports page-aligned buffer with PAGE_SIZE x n big. > Hm, what is the use-case for that? dma-buf is always page-aligned. That's a hard constraint of the linux dma-buf interface spec. -Daniel > > thanks, > > DW > Thank you, > Oleksandr > > On Tue, Apr 24, 2018 at 02:59:39PM +0300, Oleksandr Andrushchenko wrote: > > > On 04/24/2018 02:54 PM, Daniel Vetter wrote: > > > > On Mon, Apr 23, 2018 at 03:10:35PM +0300, Oleksandr Andrushchenko wrote: > > > > > On 04/23/2018 02:52 PM, Wei Liu wrote: > > > > > > On Fri, Apr 20, 2018 at 02:25:20PM +0300, Oleksandr Andrushchenko wrote: > > > > > > > > > the gntdev. > > > > > > > > > > > > > > > > > > I think this is generic enough that it could be implemented by a > > > > > > > > > device not tied to Xen. AFAICT the hyper_dma guys also wanted > > > > > > > > > something similar to this. > > > > > > > > You can't just wrap random userspace memory into a dma-buf. We've just had > > > > > > > > this discussion with kvm/qemu folks, who proposed just that, and after a > > > > > > > > bit of discussion they'll now try to have a driver which just wraps a > > > > > > > > memfd into a dma-buf. > > > > > > > So, we have to decide either we introduce a new driver > > > > > > > (say, under drivers/xen/xen-dma-buf) or extend the existing > > > > > > > gntdev/balloon to support dma-buf use-cases. > > > > > > > > > > > > > > Can anybody from Xen community express their preference here? > > > > > > > > > > > > > Oleksandr talked to me on IRC about this, he said a few IOCTLs need to > > > > > > be added to either existing drivers or a new driver. > > > > > > > > > > > > I went through this thread twice and skimmed through the relevant > > > > > > documents, but I couldn't see any obvious pros and cons for either > > > > > > approach. So I don't really have an opinion on this. > > > > > > > > > > > > But, assuming if implemented in existing drivers, those IOCTLs need to > > > > > > be added to different drivers, which means userspace program needs to > > > > > > write more code and get more handles, it would be slightly better to > > > > > > implement a new driver from that perspective. > > > > > If gntdev/balloon extension is still considered: > > > > > > > > > > All the IOCTLs will be in gntdev driver (in current xen-zcopy terminology): > > > I was lazy to change dumb to dma-buf, so put this notice ;) > > > > >  - DRM_ICOTL_XEN_ZCOPY_DUMB_FROM_REFS > > > > >  - DRM_IOCTL_XEN_ZCOPY_DUMB_TO_REFS > > > > >  - DRM_IOCTL_XEN_ZCOPY_DUMB_WAIT_FREE > > > > s/DUMB/DMA_BUF/ please. This is generic dma-buf, it has nothing to do with > > > > the dumb scanout buffer support in the drm/gfx subsystem. This here can be > > > > used for any zcopy sharing among guests (as long as your endpoints > > > > understands dma-buf, which most relevant drivers do). > > > Of course, please see above > > > > -Daniel > > > > > > > > > Balloon driver extension, which is needed for contiguous/DMA > > > > > buffers, will be to provide new *kernel API*, no UAPI is needed. > > > > > > > > > > > Wei. > > > > > Thank you, > > > > > Oleksandr > > > > > _______________________________________________ > > > > > dri-devel mailing list > > > > > dri-devel@lists.freedesktop.org > > > > > https://lists.freedesktop.org/mailman/listinfo/dri-devel > > _______________________________________________ > dri-devel mailing list > dri-devel@lists.freedesktop.org > https://lists.freedesktop.org/mailman/listinfo/dri-devel -- Daniel Vetter Software Engineer, Intel Corporation http://blog.ffwll.ch From mboxrd@z Thu Jan 1 00:00:00 1970 From: Daniel Vetter Subject: Re: [Xen-devel] [PATCH 0/1] drm/xen-zcopy: Add Xen zero-copy helper DRM driver Date: Wed, 25 Apr 2018 08:34:55 +0200 Message-ID: <20180425063455.GH25142@phenom.ffwll.local> References: <20180418101058.hyqk3gr3b2ibxswu@MacBook-Pro-de-Roger.local> <20180420071914.GG31310@phenom.ffwll.local> <76cdc65a-7bb1-9377-7bc5-6164e32f7b5d@gmail.com> <20180423115242.ywdwqblj2aseu3fr@citrix.com> <61105351-8896-072b-abf0-757c7f6c0edf@gmail.com> <20180424115437.GT31310@phenom.ffwll.local> <18ab5f76-00b0-42a0-fcb8-e0cbf4cdd527@gmail.com> <20180424203514.GA26787@downor-Z87X-UD5H> <43bc755f-3e31-6841-0962-542c42515f88@gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Return-path: Received: from mail-wm0-x230.google.com (mail-wm0-x230.google.com [IPv6:2a00:1450:400c:c09::230]) by gabe.freedesktop.org (Postfix) with ESMTPS id 978EC6E52C for ; Wed, 25 Apr 2018 06:35:00 +0000 (UTC) Received: by mail-wm0-x230.google.com with SMTP id t67so5126866wmt.0 for ; Tue, 24 Apr 2018 23:35:00 -0700 (PDT) Content-Disposition: inline In-Reply-To: <43bc755f-3e31-6841-0962-542c42515f88@gmail.com> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dri-devel-bounces@lists.freedesktop.org Sender: "dri-devel" To: Oleksandr Andrushchenko Cc: jgross@suse.com, Artem Mygaiev , Wei Liu , Dongwon Kim , konrad.wilk@oracle.com, airlied@linux.ie, "Oleksandr_Andrushchenko@epam.com" , linux-kernel@vger.kernel.org, dri-devel@lists.freedesktop.org, "Potrola, MateuszX" , daniel.vetter@intel.com, xen-devel@lists.xenproject.org, boris.ostrovsky@oracle.com, Roger Pau =?iso-8859-1?Q?Monn=E9?= List-Id: dri-devel@lists.freedesktop.org T24gV2VkLCBBcHIgMjUsIDIwMTggYXQgMDk6MDc6MDdBTSArMDMwMCwgT2xla3NhbmRyIEFuZHJ1 c2hjaGVua28gd3JvdGU6Cj4gT24gMDQvMjQvMjAxOCAxMTozNSBQTSwgRG9uZ3dvbiBLaW0gd3Jv dGU6Cj4gPiBIYWQgYSBtZWV0aW5nIHdpdGggRGFuaWVsIGFuZCB0YWxrZWQgYWJvdXQgYnJpbmdp bmcgb3V0IGdlbmVyaWMKPiA+IHBhcnQgb2YgaHlwZXItZG1hYnVmIHRvIHRoZSB1c2Vyc3BhY2Us IHdoaWNoIG1lYW5zIHdlIG1vc3QgbGlrZWx5Cj4gPiByZXVzZSBJT0NUTHMgZGVmaW5lZCBpbiB4 ZW4temNvcHkgZm9yIG91ciB1c2UtY2FzZSBpZiB3ZSBmb2xsb3cKPiA+IGhpcyBzdWdnZXN0aW9u Lgo+IEkgd2lsbCBzdGlsbCBoYXZlIGtlcm5lbCBzaWRlIEFQSSwgc28gYmFja2VuZHMvZnJvbnRl bmRzIGltcGxlbWVudGVkCj4gaW4gdGhlIGtlcm5lbCBjYW4gYWNjZXNzIHRoYXQgZnVuY3Rpb25h bGl0eSBhcyB3ZWxsLgo+ID4gCj4gPiBTbyBhc3N1bWluZyB3ZSB1c2UgdGhlc2UgSU9DVExzIGFz IHRoZXkgYXJlLAo+ID4gU2V2ZXJhbCB0aGluZ3MgSSB3b3VsZCBsaWtlIHlvdSB0byBkb3VibGUt Y2hlY2suLgo+ID4gCj4gPiAxLiByZXR1cm5pbmcgZ3JlZiBhcyBpcyB0byB0aGUgdXNlciBzcGFj ZSBpcyBzdGlsbCB1bnNhZmUgYmVjYXVzZQo+ID4gaXQgaXMgYSBjb25zdGFudCwgZWFzeSB0byBn dWVzcyBhbmQgYW55IHByb2Nlc3MgdGhhdCBoaWphY2tzIGl0IGNhbiBlYXNpbHkKPiA+IGV4cGxv aXQgdGhlIGJ1ZmZlci4gU28gSSBhbSB3b25kZXJpbmcgaWYgaXQncyBwb3NzaWJsZSB0byBrZWVw IGRtYWJ1Zi10bwo+ID4gLWdyZWYgb3IgZ3JlZi10by1kbWFidWYgaW4ga2VybmVsIHNwYWNlIGFu ZCBhZGQgb3RoZXIgbGF5ZXJzIG9uIHRvcAo+ID4gb2YgdGhvc2UgaW4gYWN0dWFsIElPQ1RMcyB0 byBhZGQgc29tZSBzYWZldHkuLiBXZSBpbnRyb2R1Y2VkIGZsaW5rIGxpa2UKPiA+IGh5cGVyX2Rt YWJ1Zl9pZCBpbmNsdWRpbmcgcmFuZG9tIG51bWJlciBidXQgbWFueSBzYXlzIGV2ZW4gdGhhdCBp cyBzdGlsbAo+ID4gbm90IHNhZmUuCj4gWWVzLCBpdCBpcyBnZW5lcmFsbHkgdW5zYWZlLiBCdXQg ZXZlbiBpZiB3ZSBoYXZlIGltcGxlbWVudGVkCj4gdGhlIGFwcHJvYWNoIHlvdSBoYXZlIGluIGh5 cGVyLWRtYWJ1ZiBvciBzaW1pbGFyLCB3aGF0IHN0b3BzCj4gbWFsaWNpb3VzIHNvZnR3YXJlIGZy b20gZG9pbmcgdGhlIHNhbWUgd2l0aCB0aGUgZXhpc3RpbmcgZ250ZGV2IFVBUEk/Cj4gTm8gbmVl ZCB0byBicnV0ZSBmb3JjZSBuZXcgVUFQSSBpZiB0aGVyZSBpcyBhIHNpbXBsZXIgb25lLgo+IFRo YXQgYmVpbmcgc2FpZCwgSSdsbCBwdXQgc2VjdXJpdHkgYXNpZGUgYXQgdGhlIGZpcnN0IHN0YWdl LAo+IGJ1dCBvZiBjb3Vyc2Ugd2UgY2FuIHN0YXJ0IGludmVzdGlnYXRpbmcgd2F5cyB0byBpbXBy b3ZlCj4gKEkgYXNzdW1lIHlvdSBhbHJlYWR5IGhhdmUgdXNlLWNhc2VzIHdoZXJlIHNlY3VyaXR5 IGlzc3VlcyBtdXN0Cj4gYmUgY29uc2lkZXJlZCwgc28sIHByb2JhYmx5IHlvdSBjYW4gdGVsbCBt b3JlIG9uIHdoYXQgd2FzIGludmVzdGlnYXRlZAo+IHNvIGZhcikuCgpNYXliZSBhIGJpdCBtb3Jl IGNvbnRleHQgaGVyZToKClNvIGluIGdyYXBoaWNzIHdlIGhhdmUgdGhpcyBvbGQgZmxpbmsgYXBw cm9hY2ggZm9yIGJ1ZmZlciBzaGFyaW5nIHdpdGgKcHJvY2Vzc2VzLCBhbmQgaXQncyB1bnNhZmUg YmVjYXVzZSB3YXkgdG9vIGVhc3kgdG8gZ3Vlc3MgdGhlIGJ1ZmZlcgpoYW5kbGVzLiBBbmQgYW55 b25lIHdpdGggYWNjZXNzIHRvIHRoZSBncmFwaGljcyBkcml2ZXIgY2FuIHRoZW4gaW1wb3J0CnRo YXQgYnVmZmVyIG9iamVjdC4gV2Ugc3dpdGNoZWQgdG8gZmlsZSBkZXNjcmlwdG9yIHBhc3Npbmcg dG8gbWFrZSBzdXJlCm9ubHkgdGhlIGludGVuZGVkIHJlY2lwaWVudCBjYW4gaW1wb3J0IGEgYnVm ZmVyLgoKU28gYXQgdGhlIHZtLT52bSBsZXZlbCBpdCBzb3VuZHMgbGlrZSBncmVmcyBhcmUgc2Fm ZSwgYmVjYXVzZSB0aGV5J3JlIG9ubHkKZm9yIGEgc3BlY2lmaWMgb3RoZXIgZ3Vlc3QgKG9yIHNl dHMgb2YgZ3Vlc3RzLCBub3Qgc3VyZSBhYm91dCkuIFRoYXQgbWVhbnMKc2VjdXJpdHkgaXMgb25s eSB3aXRoaW4gdGhlIE9TLiBGb3IgdGhhdCB5b3UgbmVlZCB0byBtYWtlIHN1cmUgdGhhdAp1bnBy aXZpbGVkZ2UgdXNlcnNwYWNlIHNpbXBseSBjYW4ndCBldmVyIGFjY2VzcyBhIGdyZWYuIElmIHRo YXQgZG9lc24ndAp3b3JrIG91dCwgdGhlbiBJIGd1ZXNzIHdlIHNob3VsZCBpbXByb3ZlIHRoZSB4 ZW4gZ3JlZiBzdHVmZiB0byBoYXZlIGEgbW9yZQpzZWN1cmUgY29va2llLgoKPiA+IDIuIG1heWJl IHdlIGNvdWxkIHRha2UgaHlwZXJ2aXNvci1pbmRlcGVuZGVudCBwcm9jZXNzIChlLmcuIFNHVDwt PnBhZ2UpCj4gPiBvdXQgb2YgeGVuLXpjb3B5IGFuZCBwdXQgdGhvc2UgaW4gYSBuZXcgaGVscGVy IGxpYnJhcnkuCj4gSSBiZWxpZXZlIHRoaXMgY2FuIGJlIGRvbmUsIGJ1dCBhdCB0aGUgZmlyc3Qg c3RhZ2UgSSB3b3VsZCBnbyB3aXRob3V0Cj4gdGhhdCBoZWxwZXIgbGlicmFyeSwgc28gaXQgaXMg Y2xlYXJseSBzZWVuIHdoYXQgY2FuIGJlIG1vdmVkIHRvIGl0IGxhdGVyCj4gKEkga25vdyB0aGF0 IHlvdSB3YW50IHRvIHJ1biBBQ1JOIGFzIHdlbGwsIGJ1dCBjYW4gSSBydW4gaXQgb24gQVJNPyA7 KQoKVGhlcmUncyBhbHJlYWR5IGhlbHBlcnMgZm9yIHdhbGtpbmcgc2d0YWJsZXMgYW5kIGFkZGlu ZyBwYWdlcy9lbnVtZXJhdGluZwpwYWdlcy4gSSBkb24ndCB0aGluayB3ZSBuZWVkIG1vcmUuCgo+ ID4gMy4gcGxlYXNlIGNvbnNpZGVyIHRoZSBjYXNlIHdoZXJlIG9yaWdpbmFsIERNQS1CVUYncyBm aXJzdCBvZmZzZXQKPiA+IGFuZCBsYXN0IGxlbmd0aCBhcmUgbm90IDAgYW5kIFBBR0VfU0laRSBy ZXNwZWN0aXZlbHkuIEkgYXNzdW1lIGN1cnJlbnQKPiA+IHhlbi16Y29weSBvbmx5IHN1cHBvcnRz IHBhZ2UtYWxpZ25lZCBidWZmZXIgd2l0aCBQQUdFX1NJWkUgeCBuIGJpZy4KPiBIbSwgd2hhdCBp cyB0aGUgdXNlLWNhc2UgZm9yIHRoYXQ/CgpkbWEtYnVmIGlzIGFsd2F5cyBwYWdlLWFsaWduZWQu IFRoYXQncyBhIGhhcmQgY29uc3RyYWludCBvZiB0aGUgbGludXgKZG1hLWJ1ZiBpbnRlcmZhY2Ug c3BlYy4KLURhbmllbAoKPiA+IHRoYW5rcywKPiA+IERXCj4gVGhhbmsgeW91LAo+IE9sZWtzYW5k cgo+ID4gT24gVHVlLCBBcHIgMjQsIDIwMTggYXQgMDI6NTk6MzlQTSArMDMwMCwgT2xla3NhbmRy IEFuZHJ1c2hjaGVua28gd3JvdGU6Cj4gPiA+IE9uIDA0LzI0LzIwMTggMDI6NTQgUE0sIERhbmll bCBWZXR0ZXIgd3JvdGU6Cj4gPiA+ID4gT24gTW9uLCBBcHIgMjMsIDIwMTggYXQgMDM6MTA6MzVQ TSArMDMwMCwgT2xla3NhbmRyIEFuZHJ1c2hjaGVua28gd3JvdGU6Cj4gPiA+ID4gPiBPbiAwNC8y My8yMDE4IDAyOjUyIFBNLCBXZWkgTGl1IHdyb3RlOgo+ID4gPiA+ID4gPiBPbiBGcmksIEFwciAy MCwgMjAxOCBhdCAwMjoyNToyMFBNICswMzAwLCBPbGVrc2FuZHIgQW5kcnVzaGNoZW5rbyB3cm90 ZToKPiA+ID4gPiA+ID4gPiA+ID4gICAgICAgdGhlIGdudGRldi4KPiA+ID4gPiA+ID4gPiA+ID4g Cj4gPiA+ID4gPiA+ID4gPiA+IEkgdGhpbmsgdGhpcyBpcyBnZW5lcmljIGVub3VnaCB0aGF0IGl0 IGNvdWxkIGJlIGltcGxlbWVudGVkIGJ5IGEKPiA+ID4gPiA+ID4gPiA+ID4gZGV2aWNlIG5vdCB0 aWVkIHRvIFhlbi4gQUZBSUNUIHRoZSBoeXBlcl9kbWEgZ3V5cyBhbHNvIHdhbnRlZAo+ID4gPiA+ ID4gPiA+ID4gPiBzb21ldGhpbmcgc2ltaWxhciB0byB0aGlzLgo+ID4gPiA+ID4gPiA+ID4gWW91 IGNhbid0IGp1c3Qgd3JhcCByYW5kb20gdXNlcnNwYWNlIG1lbW9yeSBpbnRvIGEgZG1hLWJ1Zi4g V2UndmUganVzdCBoYWQKPiA+ID4gPiA+ID4gPiA+IHRoaXMgZGlzY3Vzc2lvbiB3aXRoIGt2bS9x ZW11IGZvbGtzLCB3aG8gcHJvcG9zZWQganVzdCB0aGF0LCBhbmQgYWZ0ZXIgYQo+ID4gPiA+ID4g PiA+ID4gYml0IG9mIGRpc2N1c3Npb24gdGhleSdsbCBub3cgdHJ5IHRvIGhhdmUgYSBkcml2ZXIg d2hpY2gganVzdCB3cmFwcyBhCj4gPiA+ID4gPiA+ID4gPiBtZW1mZCBpbnRvIGEgZG1hLWJ1Zi4K PiA+ID4gPiA+ID4gPiBTbywgd2UgaGF2ZSB0byBkZWNpZGUgZWl0aGVyIHdlIGludHJvZHVjZSBh IG5ldyBkcml2ZXIKPiA+ID4gPiA+ID4gPiAoc2F5LCB1bmRlciBkcml2ZXJzL3hlbi94ZW4tZG1h LWJ1Zikgb3IgZXh0ZW5kIHRoZSBleGlzdGluZwo+ID4gPiA+ID4gPiA+IGdudGRldi9iYWxsb29u IHRvIHN1cHBvcnQgZG1hLWJ1ZiB1c2UtY2FzZXMuCj4gPiA+ID4gPiA+ID4gCj4gPiA+ID4gPiA+ ID4gQ2FuIGFueWJvZHkgZnJvbSBYZW4gY29tbXVuaXR5IGV4cHJlc3MgdGhlaXIgcHJlZmVyZW5j ZSBoZXJlPwo+ID4gPiA+ID4gPiA+IAo+ID4gPiA+ID4gPiBPbGVrc2FuZHIgdGFsa2VkIHRvIG1l IG9uIElSQyBhYm91dCB0aGlzLCBoZSBzYWlkIGEgZmV3IElPQ1RMcyBuZWVkIHRvCj4gPiA+ID4g PiA+IGJlIGFkZGVkIHRvIGVpdGhlciBleGlzdGluZyBkcml2ZXJzIG9yIGEgbmV3IGRyaXZlci4K PiA+ID4gPiA+ID4gCj4gPiA+ID4gPiA+IEkgd2VudCB0aHJvdWdoIHRoaXMgdGhyZWFkIHR3aWNl IGFuZCBza2ltbWVkIHRocm91Z2ggdGhlIHJlbGV2YW50Cj4gPiA+ID4gPiA+IGRvY3VtZW50cywg YnV0IEkgY291bGRuJ3Qgc2VlIGFueSBvYnZpb3VzIHByb3MgYW5kIGNvbnMgZm9yIGVpdGhlcgo+ ID4gPiA+ID4gPiBhcHByb2FjaC4gU28gSSBkb24ndCByZWFsbHkgaGF2ZSBhbiBvcGluaW9uIG9u IHRoaXMuCj4gPiA+ID4gPiA+IAo+ID4gPiA+ID4gPiBCdXQsIGFzc3VtaW5nIGlmIGltcGxlbWVu dGVkIGluIGV4aXN0aW5nIGRyaXZlcnMsIHRob3NlIElPQ1RMcyBuZWVkIHRvCj4gPiA+ID4gPiA+ IGJlIGFkZGVkIHRvIGRpZmZlcmVudCBkcml2ZXJzLCB3aGljaCBtZWFucyB1c2Vyc3BhY2UgcHJv Z3JhbSBuZWVkcyB0bwo+ID4gPiA+ID4gPiB3cml0ZSBtb3JlIGNvZGUgYW5kIGdldCBtb3JlIGhh bmRsZXMsIGl0IHdvdWxkIGJlIHNsaWdodGx5IGJldHRlciB0bwo+ID4gPiA+ID4gPiBpbXBsZW1l bnQgYSBuZXcgZHJpdmVyIGZyb20gdGhhdCBwZXJzcGVjdGl2ZS4KPiA+ID4gPiA+IElmIGdudGRl di9iYWxsb29uIGV4dGVuc2lvbiBpcyBzdGlsbCBjb25zaWRlcmVkOgo+ID4gPiA+ID4gCj4gPiA+ ID4gPiBBbGwgdGhlIElPQ1RMcyB3aWxsIGJlIGluIGdudGRldiBkcml2ZXIgKGluIGN1cnJlbnQg eGVuLXpjb3B5IHRlcm1pbm9sb2d5KToKPiA+ID4gSSB3YXMgbGF6eSB0byBjaGFuZ2UgZHVtYiB0 byBkbWEtYnVmLCBzbyBwdXQgdGhpcyBub3RpY2UgOykKPiA+ID4gPiA+ICDCoC0gRFJNX0lDT1RM X1hFTl9aQ09QWV9EVU1CX0ZST01fUkVGUwo+ID4gPiA+ID4gIMKgLSBEUk1fSU9DVExfWEVOX1pD T1BZX0RVTUJfVE9fUkVGUwo+ID4gPiA+ID4gIMKgLSBEUk1fSU9DVExfWEVOX1pDT1BZX0RVTUJf V0FJVF9GUkVFCj4gPiA+ID4gcy9EVU1CL0RNQV9CVUYvIHBsZWFzZS4gVGhpcyBpcyBnZW5lcmlj IGRtYS1idWYsIGl0IGhhcyBub3RoaW5nIHRvIGRvIHdpdGgKPiA+ID4gPiB0aGUgZHVtYiBzY2Fu b3V0IGJ1ZmZlciBzdXBwb3J0IGluIHRoZSBkcm0vZ2Z4IHN1YnN5c3RlbS4gVGhpcyBoZXJlIGNh biBiZQo+ID4gPiA+IHVzZWQgZm9yIGFueSB6Y29weSBzaGFyaW5nIGFtb25nIGd1ZXN0cyAoYXMg bG9uZyBhcyB5b3VyIGVuZHBvaW50cwo+ID4gPiA+IHVuZGVyc3RhbmRzIGRtYS1idWYsIHdoaWNo IG1vc3QgcmVsZXZhbnQgZHJpdmVycyBkbykuCj4gPiA+IE9mIGNvdXJzZSwgcGxlYXNlIHNlZSBh Ym92ZQo+ID4gPiA+IC1EYW5pZWwKPiA+ID4gPiAKPiA+ID4gPiA+IEJhbGxvb24gZHJpdmVyIGV4 dGVuc2lvbiwgd2hpY2ggaXMgbmVlZGVkIGZvciBjb250aWd1b3VzL0RNQQo+ID4gPiA+ID4gYnVm ZmVycywgd2lsbCBiZSB0byBwcm92aWRlIG5ldyAqa2VybmVsIEFQSSosIG5vIFVBUEkgaXMgbmVl ZGVkLgo+ID4gPiA+ID4gCj4gPiA+ID4gPiA+IFdlaS4KPiA+ID4gPiA+IFRoYW5rIHlvdSwKPiA+ ID4gPiA+IE9sZWtzYW5kcgo+ID4gPiA+ID4gX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX18KPiA+ID4gPiA+IGRyaS1kZXZlbCBtYWlsaW5nIGxpc3QKPiA+ID4g PiA+IGRyaS1kZXZlbEBsaXN0cy5mcmVlZGVza3RvcC5vcmcKPiA+ID4gPiA+IGh0dHBzOi8vbGlz dHMuZnJlZWRlc2t0b3Aub3JnL21haWxtYW4vbGlzdGluZm8vZHJpLWRldmVsCj4gCj4gX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KPiBkcmktZGV2ZWwgbWFp bGluZyBsaXN0Cj4gZHJpLWRldmVsQGxpc3RzLmZyZWVkZXNrdG9wLm9yZwo+IGh0dHBzOi8vbGlz dHMuZnJlZWRlc2t0b3Aub3JnL21haWxtYW4vbGlzdGluZm8vZHJpLWRldmVsCgotLSAKRGFuaWVs IFZldHRlcgpTb2Z0d2FyZSBFbmdpbmVlciwgSW50ZWwgQ29ycG9yYXRpb24KaHR0cDovL2Jsb2cu ZmZ3bGwuY2gKX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18K ZHJpLWRldmVsIG1haWxpbmcgbGlzdApkcmktZGV2ZWxAbGlzdHMuZnJlZWRlc2t0b3Aub3JnCmh0 dHBzOi8vbGlzdHMuZnJlZWRlc2t0b3Aub3JnL21haWxtYW4vbGlzdGluZm8vZHJpLWRldmVsCg==