From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-10.1 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,INCLUDES_PATCH,MAILING_LIST_MULTI,SIGNED_OFF_BY, SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 52D5CFA372C for ; Fri, 8 Nov 2019 11:42:43 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 29F95222C4 for ; Fri, 8 Nov 2019 11:42:43 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1573213363; bh=0vx65RjpRJZQ4ULHxxgE65D1vts6kuf75w99/xFy9+8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=zFG4TBUA3mOglSwAsoyOtR4FylmSBN5ho6+dgBZx2ujnT0ArH0t333/p2K7PdRTAc pZQNt9fhxX+zrGqjfDGA2oRlXFLqALeXDWFK+/eqXLIreRNUbYa+ja/Wdgv7U7Ms9B 2+voWZzvcmpXx8oIiPF1NLyO207e5c/8JKlY9tSs= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2390108AbfKHLml (ORCPT ); Fri, 8 Nov 2019 06:42:41 -0500 Received: from mail.kernel.org ([198.145.29.99]:56684 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2390064AbfKHLmi (ORCPT ); Fri, 8 Nov 2019 06:42:38 -0500 Received: from sasha-vm.mshome.net (c-73-47-72-35.hsd1.nh.comcast.net [73.47.72.35]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 44BC521D82; Fri, 8 Nov 2019 11:42:36 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1573213357; bh=0vx65RjpRJZQ4ULHxxgE65D1vts6kuf75w99/xFy9+8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=rOx3Ns4gxYodKNQEZVOPm9mfbadLU9tEUbsh8kahZxlIbQgYTGRbbdOgFGIacwMSU sXC+yQPa8rCKJqCr2zp54JvC1CK3znp8A52hGSYPoGWBkQDcKm7nAnYOQEJSaHUnWT Z/LdedJQvWv9UMkHIwjL+YnQOhnIbxBXFywpnVBM= From: Sasha Levin To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Sherry Yang , =?UTF-8?q?Arve=20Hj=C3=B8nnev=C3=A5g?= , Martijn Coenen , Greg Kroah-Hartman , Sasha Levin , devel@driverdev.osuosl.org Subject: [PATCH AUTOSEL 4.19 187/205] android: binder: no outgoing transaction when thread todo has transaction Date: Fri, 8 Nov 2019 06:37:34 -0500 Message-Id: <20191108113752.12502-187-sashal@kernel.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20191108113752.12502-1-sashal@kernel.org> References: <20191108113752.12502-1-sashal@kernel.org> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 X-stable: review X-Patchwork-Hint: Ignore Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Sherry Yang [ Upstream commit 44b73962cb25f1c8170ea695c4564b05a75e1fd4 ] When a process dies, failed reply is sent to the sender of any transaction queued on a dead thread's todo list. The sender asserts that the received failed reply corresponds to the head of the transaction stack. This assert can fail if the dead thread is allowed to send outgoing transactions when there is already a transaction on its todo list, because this new transaction can end up on the transaction stack of the original sender. The following steps illustrate how this assertion can fail. 1. Thread1 sends txn19 to Thread2 (T1->transaction_stack=txn19, T2->todo+=txn19) 2. Without processing todo list, Thread2 sends txn20 to Thread1 (T1->todo+=txn20, T2->transaction_stack=txn20) 3. T1 processes txn20 on its todo list (T1->transaction_stack=txn20->txn19, T1->todo=) 4. T2 dies, T2->todo cleanup attempts to send failed reply for txn19, but T1->transaction_stack points to txn20 -- assertion failes Step 2. is the incorrect behavior. When there is a transaction on a thread's todo list, this thread should not be able to send any outgoing synchronous transactions. Only the head of the todo list needs to be checked because only threads that are waiting for proc work can directly receive work from another thread, and no work is allowed to be queued on such a thread without waking up the thread. This patch also enforces that a thread is not waiting for proc work when a work is directly enqueued to its todo list. Acked-by: Arve Hjønnevåg Signed-off-by: Sherry Yang Reviewed-by: Martijn Coenen Signed-off-by: Greg Kroah-Hartman Signed-off-by: Sasha Levin --- drivers/android/binder.c | 44 +++++++++++++++++++++++++++++----------- 1 file changed, 32 insertions(+), 12 deletions(-) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index 6e04e7a707a12..cf4367135a00b 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -822,6 +822,7 @@ static void binder_enqueue_deferred_thread_work_ilocked(struct binder_thread *thread, struct binder_work *work) { + WARN_ON(!list_empty(&thread->waiting_thread_node)); binder_enqueue_work_ilocked(work, &thread->todo); } @@ -839,6 +840,7 @@ static void binder_enqueue_thread_work_ilocked(struct binder_thread *thread, struct binder_work *work) { + WARN_ON(!list_empty(&thread->waiting_thread_node)); binder_enqueue_work_ilocked(work, &thread->todo); thread->process_todo = true; } @@ -1270,19 +1272,12 @@ static int binder_inc_node_nilocked(struct binder_node *node, int strong, } else node->local_strong_refs++; if (!node->has_strong_ref && target_list) { + struct binder_thread *thread = container_of(target_list, + struct binder_thread, todo); binder_dequeue_work_ilocked(&node->work); - /* - * Note: this function is the only place where we queue - * directly to a thread->todo without using the - * corresponding binder_enqueue_thread_work() helper - * functions; in this case it's ok to not set the - * process_todo flag, since we know this node work will - * always be followed by other work that starts queue - * processing: in case of synchronous transactions, a - * BR_REPLY or BR_ERROR; in case of oneway - * transactions, a BR_TRANSACTION_COMPLETE. - */ - binder_enqueue_work_ilocked(&node->work, target_list); + BUG_ON(&thread->todo != target_list); + binder_enqueue_deferred_thread_work_ilocked(thread, + &node->work); } } else { if (!internal) @@ -2733,6 +2728,7 @@ static void binder_transaction(struct binder_proc *proc, { int ret; struct binder_transaction *t; + struct binder_work *w; struct binder_work *tcomplete; binder_size_t *offp, *off_end, *off_start; binder_size_t off_min; @@ -2874,6 +2870,29 @@ static void binder_transaction(struct binder_proc *proc, goto err_invalid_target_handle; } binder_inner_proc_lock(proc); + + w = list_first_entry_or_null(&thread->todo, + struct binder_work, entry); + if (!(tr->flags & TF_ONE_WAY) && w && + w->type == BINDER_WORK_TRANSACTION) { + /* + * Do not allow new outgoing transaction from a + * thread that has a transaction at the head of + * its todo list. Only need to check the head + * because binder_select_thread_ilocked picks a + * thread from proc->waiting_threads to enqueue + * the transaction, and nothing is queued to the + * todo list while the thread is on waiting_threads. + */ + binder_user_error("%d:%d new transaction not allowed when there is a transaction on thread todo\n", + proc->pid, thread->pid); + binder_inner_proc_unlock(proc); + return_error = BR_FAILED_REPLY; + return_error_param = -EPROTO; + return_error_line = __LINE__; + goto err_bad_todo_list; + } + if (!(tr->flags & TF_ONE_WAY) && thread->transaction_stack) { struct binder_transaction *tmp; @@ -3256,6 +3275,7 @@ err_alloc_tcomplete_failed: kfree(t); binder_stats_deleted(BINDER_STAT_TRANSACTION); err_alloc_t_failed: +err_bad_todo_list: err_bad_call_stack: err_empty_call_stack: err_dead_binder: -- 2.20.1 From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.8 required=3.0 tests=DKIM_INVALID,DKIM_SIGNED, INCLUDES_PATCH,MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id AACA9C5DF60 for ; Fri, 8 Nov 2019 11:42:42 +0000 (UTC) Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 7F9BD2245C for ; Fri, 8 Nov 2019 11:42:42 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=kernel.org header.i=@kernel.org header.b="rOx3Ns4g" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 7F9BD2245C Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=kernel.org Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=driverdev-devel-bounces@linuxdriverproject.org Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id 3890F85FDE; Fri, 8 Nov 2019 11:42:42 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 65h3fuiT8HqG; Fri, 8 Nov 2019 11:42:41 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by fraxinus.osuosl.org (Postfix) with ESMTP id 7B3FF85FD0; Fri, 8 Nov 2019 11:42:41 +0000 (UTC) Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137]) by ash.osuosl.org (Postfix) with ESMTP id 3CA611BF346 for ; Fri, 8 Nov 2019 11:42:40 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id 374BC85FD0 for ; Fri, 8 Nov 2019 11:42:40 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id l_ERNZ5mgXRX for ; Fri, 8 Nov 2019 11:42:37 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by fraxinus.osuosl.org (Postfix) with ESMTPS id 5935D84558 for ; Fri, 8 Nov 2019 11:42:37 +0000 (UTC) Received: from sasha-vm.mshome.net (c-73-47-72-35.hsd1.nh.comcast.net [73.47.72.35]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 44BC521D82; Fri, 8 Nov 2019 11:42:36 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1573213357; bh=0vx65RjpRJZQ4ULHxxgE65D1vts6kuf75w99/xFy9+8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=rOx3Ns4gxYodKNQEZVOPm9mfbadLU9tEUbsh8kahZxlIbQgYTGRbbdOgFGIacwMSU sXC+yQPa8rCKJqCr2zp54JvC1CK3znp8A52hGSYPoGWBkQDcKm7nAnYOQEJSaHUnWT Z/LdedJQvWv9UMkHIwjL+YnQOhnIbxBXFywpnVBM= From: Sasha Levin To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Subject: [PATCH AUTOSEL 4.19 187/205] android: binder: no outgoing transaction when thread todo has transaction Date: Fri, 8 Nov 2019 06:37:34 -0500 Message-Id: <20191108113752.12502-187-sashal@kernel.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20191108113752.12502-1-sashal@kernel.org> References: <20191108113752.12502-1-sashal@kernel.org> MIME-Version: 1.0 X-stable: review X-Patchwork-Hint: Ignore X-BeenThere: driverdev-devel@linuxdriverproject.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Linux Driver Project Developer List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Sasha Levin , devel@driverdev.osuosl.org, Sherry Yang , Greg Kroah-Hartman , =?UTF-8?q?Arve=20Hj=C3=B8nnev=C3=A5g?= , Martijn Coenen Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Errors-To: driverdev-devel-bounces@linuxdriverproject.org Sender: "devel" RnJvbTogU2hlcnJ5IFlhbmcgPHNoZXJyeXlAYW5kcm9pZC5jb20+CgpbIFVwc3RyZWFtIGNvbW1p dCA0NGI3Mzk2MmNiMjVmMWM4MTcwZWE2OTVjNDU2NGIwNWE3NWUxZmQ0IF0KCldoZW4gYSBwcm9j ZXNzIGRpZXMsIGZhaWxlZCByZXBseSBpcyBzZW50IHRvIHRoZSBzZW5kZXIgb2YgYW55IHRyYW5z YWN0aW9uCnF1ZXVlZCBvbiBhIGRlYWQgdGhyZWFkJ3MgdG9kbyBsaXN0LiBUaGUgc2VuZGVyIGFz c2VydHMgdGhhdCB0aGUKcmVjZWl2ZWQgZmFpbGVkIHJlcGx5IGNvcnJlc3BvbmRzIHRvIHRoZSBo ZWFkIG9mIHRoZSB0cmFuc2FjdGlvbiBzdGFjay4KVGhpcyBhc3NlcnQgY2FuIGZhaWwgaWYgdGhl IGRlYWQgdGhyZWFkIGlzIGFsbG93ZWQgdG8gc2VuZCBvdXRnb2luZwp0cmFuc2FjdGlvbnMgd2hl biB0aGVyZSBpcyBhbHJlYWR5IGEgdHJhbnNhY3Rpb24gb24gaXRzIHRvZG8gbGlzdCwKYmVjYXVz ZSB0aGlzIG5ldyB0cmFuc2FjdGlvbiBjYW4gZW5kIHVwIG9uIHRoZSB0cmFuc2FjdGlvbiBzdGFj ayBvZiB0aGUKb3JpZ2luYWwgc2VuZGVyLiBUaGUgZm9sbG93aW5nIHN0ZXBzIGlsbHVzdHJhdGUg aG93IHRoaXMgYXNzZXJ0aW9uIGNhbgpmYWlsLgoKMS4gVGhyZWFkMSBzZW5kcyB0eG4xOSB0byBU aHJlYWQyCiAgIChUMS0+dHJhbnNhY3Rpb25fc3RhY2s9dHhuMTksIFQyLT50b2RvKz10eG4xOSkK Mi4gV2l0aG91dCBwcm9jZXNzaW5nIHRvZG8gbGlzdCwgVGhyZWFkMiBzZW5kcyB0eG4yMCB0byBU aHJlYWQxCiAgIChUMS0+dG9kbys9dHhuMjAsIFQyLT50cmFuc2FjdGlvbl9zdGFjaz10eG4yMCkK My4gVDEgcHJvY2Vzc2VzIHR4bjIwIG9uIGl0cyB0b2RvIGxpc3QKICAgKFQxLT50cmFuc2FjdGlv bl9zdGFjaz10eG4yMC0+dHhuMTksIFQxLT50b2RvPTxlbXB0eT4pCjQuIFQyIGRpZXMsIFQyLT50 b2RvIGNsZWFudXAgYXR0ZW1wdHMgdG8gc2VuZCBmYWlsZWQgcmVwbHkgZm9yIHR4bjE5LCBidXQK ICAgVDEtPnRyYW5zYWN0aW9uX3N0YWNrIHBvaW50cyB0byB0eG4yMCAtLSBhc3NlcnRpb24gZmFp bGVzCgpTdGVwIDIuIGlzIHRoZSBpbmNvcnJlY3QgYmVoYXZpb3IuIFdoZW4gdGhlcmUgaXMgYSB0 cmFuc2FjdGlvbiBvbiBhCnRocmVhZCdzIHRvZG8gbGlzdCwgdGhpcyB0aHJlYWQgc2hvdWxkIG5v dCBiZSBhYmxlIHRvIHNlbmQgYW55IG91dGdvaW5nCnN5bmNocm9ub3VzIHRyYW5zYWN0aW9ucy4g T25seSB0aGUgaGVhZCBvZiB0aGUgdG9kbyBsaXN0IG5lZWRzIHRvIGJlCmNoZWNrZWQgYmVjYXVz ZSBvbmx5IHRocmVhZHMgdGhhdCBhcmUgd2FpdGluZyBmb3IgcHJvYyB3b3JrIGNhbiBkaXJlY3Rs eQpyZWNlaXZlIHdvcmsgZnJvbSBhbm90aGVyIHRocmVhZCwgYW5kIG5vIHdvcmsgaXMgYWxsb3dl ZCB0byBiZSBxdWV1ZWQKb24gc3VjaCBhIHRocmVhZCB3aXRob3V0IHdha2luZyB1cCB0aGUgdGhy ZWFkLiBUaGlzIHBhdGNoIGFsc28gZW5mb3JjZXMKdGhhdCBhIHRocmVhZCBpcyBub3Qgd2FpdGlu ZyBmb3IgcHJvYyB3b3JrIHdoZW4gYSB3b3JrIGlzIGRpcmVjdGx5CmVucXVldWVkIHRvIGl0cyB0 b2RvIGxpc3QuCgpBY2tlZC1ieTogQXJ2ZSBIasO4bm5ldsOlZyA8YXJ2ZUBhbmRyb2lkLmNvbT4K U2lnbmVkLW9mZi1ieTogU2hlcnJ5IFlhbmcgPHNoZXJyeXlAYW5kcm9pZC5jb20+ClJldmlld2Vk LWJ5OiBNYXJ0aWpuIENvZW5lbiA8bWFjb0BhbmRyb2lkLmNvbT4KU2lnbmVkLW9mZi1ieTogR3Jl ZyBLcm9haC1IYXJ0bWFuIDxncmVna2hAbGludXhmb3VuZGF0aW9uLm9yZz4KU2lnbmVkLW9mZi1i eTogU2FzaGEgTGV2aW4gPHNhc2hhbEBrZXJuZWwub3JnPgotLS0KIGRyaXZlcnMvYW5kcm9pZC9i aW5kZXIuYyB8IDQ0ICsrKysrKysrKysrKysrKysrKysrKysrKysrKysrLS0tLS0tLS0tLS0KIDEg ZmlsZSBjaGFuZ2VkLCAzMiBpbnNlcnRpb25zKCspLCAxMiBkZWxldGlvbnMoLSkKCmRpZmYgLS1n aXQgYS9kcml2ZXJzL2FuZHJvaWQvYmluZGVyLmMgYi9kcml2ZXJzL2FuZHJvaWQvYmluZGVyLmMK aW5kZXggNmUwNGU3YTcwN2ExMi4uY2Y0MzY3MTM1YTAwYiAxMDA2NDQKLS0tIGEvZHJpdmVycy9h bmRyb2lkL2JpbmRlci5jCisrKyBiL2RyaXZlcnMvYW5kcm9pZC9iaW5kZXIuYwpAQCAtODIyLDYg KzgyMiw3IEBAIHN0YXRpYyB2b2lkCiBiaW5kZXJfZW5xdWV1ZV9kZWZlcnJlZF90aHJlYWRfd29y a19pbG9ja2VkKHN0cnVjdCBiaW5kZXJfdGhyZWFkICp0aHJlYWQsCiAJCQkJCSAgICBzdHJ1Y3Qg YmluZGVyX3dvcmsgKndvcmspCiB7CisJV0FSTl9PTighbGlzdF9lbXB0eSgmdGhyZWFkLT53YWl0 aW5nX3RocmVhZF9ub2RlKSk7CiAJYmluZGVyX2VucXVldWVfd29ya19pbG9ja2VkKHdvcmssICZ0 aHJlYWQtPnRvZG8pOwogfQogCkBAIC04MzksNiArODQwLDcgQEAgc3RhdGljIHZvaWQKIGJpbmRl cl9lbnF1ZXVlX3RocmVhZF93b3JrX2lsb2NrZWQoc3RydWN0IGJpbmRlcl90aHJlYWQgKnRocmVh ZCwKIAkJCQkgICBzdHJ1Y3QgYmluZGVyX3dvcmsgKndvcmspCiB7CisJV0FSTl9PTighbGlzdF9l bXB0eSgmdGhyZWFkLT53YWl0aW5nX3RocmVhZF9ub2RlKSk7CiAJYmluZGVyX2VucXVldWVfd29y a19pbG9ja2VkKHdvcmssICZ0aHJlYWQtPnRvZG8pOwogCXRocmVhZC0+cHJvY2Vzc190b2RvID0g dHJ1ZTsKIH0KQEAgLTEyNzAsMTkgKzEyNzIsMTIgQEAgc3RhdGljIGludCBiaW5kZXJfaW5jX25v ZGVfbmlsb2NrZWQoc3RydWN0IGJpbmRlcl9ub2RlICpub2RlLCBpbnQgc3Ryb25nLAogCQl9IGVs c2UKIAkJCW5vZGUtPmxvY2FsX3N0cm9uZ19yZWZzKys7CiAJCWlmICghbm9kZS0+aGFzX3N0cm9u Z19yZWYgJiYgdGFyZ2V0X2xpc3QpIHsKKwkJCXN0cnVjdCBiaW5kZXJfdGhyZWFkICp0aHJlYWQg PSBjb250YWluZXJfb2YodGFyZ2V0X2xpc3QsCisJCQkJCQkgICAgc3RydWN0IGJpbmRlcl90aHJl YWQsIHRvZG8pOwogCQkJYmluZGVyX2RlcXVldWVfd29ya19pbG9ja2VkKCZub2RlLT53b3JrKTsK LQkJCS8qCi0JCQkgKiBOb3RlOiB0aGlzIGZ1bmN0aW9uIGlzIHRoZSBvbmx5IHBsYWNlIHdoZXJl IHdlIHF1ZXVlCi0JCQkgKiBkaXJlY3RseSB0byBhIHRocmVhZC0+dG9kbyB3aXRob3V0IHVzaW5n IHRoZQotCQkJICogY29ycmVzcG9uZGluZyBiaW5kZXJfZW5xdWV1ZV90aHJlYWRfd29yaygpIGhl bHBlcgotCQkJICogZnVuY3Rpb25zOyBpbiB0aGlzIGNhc2UgaXQncyBvayB0byBub3Qgc2V0IHRo ZQotCQkJICogcHJvY2Vzc190b2RvIGZsYWcsIHNpbmNlIHdlIGtub3cgdGhpcyBub2RlIHdvcmsg d2lsbAotCQkJICogYWx3YXlzIGJlIGZvbGxvd2VkIGJ5IG90aGVyIHdvcmsgdGhhdCBzdGFydHMg cXVldWUKLQkJCSAqIHByb2Nlc3Npbmc6IGluIGNhc2Ugb2Ygc3luY2hyb25vdXMgdHJhbnNhY3Rp b25zLCBhCi0JCQkgKiBCUl9SRVBMWSBvciBCUl9FUlJPUjsgaW4gY2FzZSBvZiBvbmV3YXkKLQkJ CSAqIHRyYW5zYWN0aW9ucywgYSBCUl9UUkFOU0FDVElPTl9DT01QTEVURS4KLQkJCSAqLwotCQkJ YmluZGVyX2VucXVldWVfd29ya19pbG9ja2VkKCZub2RlLT53b3JrLCB0YXJnZXRfbGlzdCk7CisJ CQlCVUdfT04oJnRocmVhZC0+dG9kbyAhPSB0YXJnZXRfbGlzdCk7CisJCQliaW5kZXJfZW5xdWV1 ZV9kZWZlcnJlZF90aHJlYWRfd29ya19pbG9ja2VkKHRocmVhZCwKKwkJCQkJCQkJICAgJm5vZGUt PndvcmspOwogCQl9CiAJfSBlbHNlIHsKIAkJaWYgKCFpbnRlcm5hbCkKQEAgLTI3MzMsNiArMjcy OCw3IEBAIHN0YXRpYyB2b2lkIGJpbmRlcl90cmFuc2FjdGlvbihzdHJ1Y3QgYmluZGVyX3Byb2Mg KnByb2MsCiB7CiAJaW50IHJldDsKIAlzdHJ1Y3QgYmluZGVyX3RyYW5zYWN0aW9uICp0OworCXN0 cnVjdCBiaW5kZXJfd29yayAqdzsKIAlzdHJ1Y3QgYmluZGVyX3dvcmsgKnRjb21wbGV0ZTsKIAli aW5kZXJfc2l6ZV90ICpvZmZwLCAqb2ZmX2VuZCwgKm9mZl9zdGFydDsKIAliaW5kZXJfc2l6ZV90 IG9mZl9taW47CkBAIC0yODc0LDYgKzI4NzAsMjkgQEAgc3RhdGljIHZvaWQgYmluZGVyX3RyYW5z YWN0aW9uKHN0cnVjdCBiaW5kZXJfcHJvYyAqcHJvYywKIAkJCWdvdG8gZXJyX2ludmFsaWRfdGFy Z2V0X2hhbmRsZTsKIAkJfQogCQliaW5kZXJfaW5uZXJfcHJvY19sb2NrKHByb2MpOworCisJCXcg PSBsaXN0X2ZpcnN0X2VudHJ5X29yX251bGwoJnRocmVhZC0+dG9kbywKKwkJCQkJICAgICBzdHJ1 Y3QgYmluZGVyX3dvcmssIGVudHJ5KTsKKwkJaWYgKCEodHItPmZsYWdzICYgVEZfT05FX1dBWSkg JiYgdyAmJgorCQkgICAgdy0+dHlwZSA9PSBCSU5ERVJfV09SS19UUkFOU0FDVElPTikgeworCQkJ LyoKKwkJCSAqIERvIG5vdCBhbGxvdyBuZXcgb3V0Z29pbmcgdHJhbnNhY3Rpb24gZnJvbSBhCisJ CQkgKiB0aHJlYWQgdGhhdCBoYXMgYSB0cmFuc2FjdGlvbiBhdCB0aGUgaGVhZCBvZgorCQkJICog aXRzIHRvZG8gbGlzdC4gT25seSBuZWVkIHRvIGNoZWNrIHRoZSBoZWFkCisJCQkgKiBiZWNhdXNl IGJpbmRlcl9zZWxlY3RfdGhyZWFkX2lsb2NrZWQgcGlja3MgYQorCQkJICogdGhyZWFkIGZyb20g cHJvYy0+d2FpdGluZ190aHJlYWRzIHRvIGVucXVldWUKKwkJCSAqIHRoZSB0cmFuc2FjdGlvbiwg YW5kIG5vdGhpbmcgaXMgcXVldWVkIHRvIHRoZQorCQkJICogdG9kbyBsaXN0IHdoaWxlIHRoZSB0 aHJlYWQgaXMgb24gd2FpdGluZ190aHJlYWRzLgorCQkJICovCisJCQliaW5kZXJfdXNlcl9lcnJv cigiJWQ6JWQgbmV3IHRyYW5zYWN0aW9uIG5vdCBhbGxvd2VkIHdoZW4gdGhlcmUgaXMgYSB0cmFu c2FjdGlvbiBvbiB0aHJlYWQgdG9kb1xuIiwKKwkJCQkJICBwcm9jLT5waWQsIHRocmVhZC0+cGlk KTsKKwkJCWJpbmRlcl9pbm5lcl9wcm9jX3VubG9jayhwcm9jKTsKKwkJCXJldHVybl9lcnJvciA9 IEJSX0ZBSUxFRF9SRVBMWTsKKwkJCXJldHVybl9lcnJvcl9wYXJhbSA9IC1FUFJPVE87CisJCQly ZXR1cm5fZXJyb3JfbGluZSA9IF9fTElORV9fOworCQkJZ290byBlcnJfYmFkX3RvZG9fbGlzdDsK KwkJfQorCiAJCWlmICghKHRyLT5mbGFncyAmIFRGX09ORV9XQVkpICYmIHRocmVhZC0+dHJhbnNh Y3Rpb25fc3RhY2spIHsKIAkJCXN0cnVjdCBiaW5kZXJfdHJhbnNhY3Rpb24gKnRtcDsKIApAQCAt MzI1Niw2ICszMjc1LDcgQEAgZXJyX2FsbG9jX3Rjb21wbGV0ZV9mYWlsZWQ6CiAJa2ZyZWUodCk7 CiAJYmluZGVyX3N0YXRzX2RlbGV0ZWQoQklOREVSX1NUQVRfVFJBTlNBQ1RJT04pOwogZXJyX2Fs bG9jX3RfZmFpbGVkOgorZXJyX2JhZF90b2RvX2xpc3Q6CiBlcnJfYmFkX2NhbGxfc3RhY2s6CiBl cnJfZW1wdHlfY2FsbF9zdGFjazoKIGVycl9kZWFkX2JpbmRlcjoKLS0gCjIuMjAuMQoKX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KZGV2ZWwgbWFpbGluZyBs aXN0CmRldmVsQGxpbnV4ZHJpdmVycHJvamVjdC5vcmcKaHR0cDovL2RyaXZlcmRldi5saW51eGRy aXZlcnByb2plY3Qub3JnL21haWxtYW4vbGlzdGluZm8vZHJpdmVyZGV2LWRldmVsCg==