From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 25633C433F5 for ; Thu, 14 Apr 2022 12:42:46 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S239570AbiDNMpI (ORCPT ); Thu, 14 Apr 2022 08:45:08 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51892 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234566AbiDNMpI (ORCPT ); Thu, 14 Apr 2022 08:45:08 -0400 X-Greylist: delayed 16041 seconds by postgrey-1.37 at lindbergh.monkeyblade.net; Thu, 14 Apr 2022 05:42:42 PDT Received: from relay12.mail.gandi.net (relay12.mail.gandi.net [IPv6:2001:4b98:dc4:8::232]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 76C2485666; Thu, 14 Apr 2022 05:42:42 -0700 (PDT) Received: (Authenticated sender: miquel.raynal@bootlin.com) by mail.gandi.net (Postfix) with ESMTPSA id 1B73A20000B; Thu, 14 Apr 2022 12:42:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bootlin.com; s=gm1; t=1649940159; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=IzxE2WvL9rq7v5BifF1RggWJF7SATt0ADL+xVaYyURo=; b=Pn2BOdfWHgxWi3QIBOn//sLlklO3nKb1PAGVtKVz+Xm0UQUILQSkukh/5WRoila/GK+A0n b4XlxAxvNEzCtPGLytY1SEbqs8IJdmPzJFGPIe8PwBhMzlhr3FRr6j4NIIygXRaMVr/4L8 N9kp8cgmteWqeyY7mRhvzttmOndYMAL1qHoYa+mbHUHb30+KYsnl7H3sSJTKsqOixFFMUG eDtct6stRbGSQEAznr99qBw8co+3a0QBZjlFrckLRpo079CPSoRpaXX7Q1LgMIPF3TnZkL oU1lA3Y9euUpdncqLL9UjE898BpWL1Z2r+RXeRSJdhS+TYZyCpQBPYiQ14G9jw== Date: Thu, 14 Apr 2022 14:42:36 +0200 From: Miquel Raynal To: Md Sadre Alam Cc: , , , , , , , Subject: Re: [PATCH] mtd: rawnand: qcom: fix memory corruption that causes panic Message-ID: <20220414144236.4ea54e20@xps13> In-Reply-To: <2697e757-f446-9cdb-95e0-ea01a642e6d4@quicinc.com> References: <1649914773-22434-1-git-send-email-quic_mdalam@quicinc.com> <20220414101517.7bbc5e9d@xps13> <2697e757-f446-9cdb-95e0-ea01a642e6d4@quicinc.com> Organization: Bootlin X-Mailer: Claws Mail 3.17.7 (GTK+ 2.24.32; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-arm-msm@vger.kernel.org Hi Md, quic_mdalam@quicinc.com wrote on Thu, 14 Apr 2022 17:50:48 +0530: > > Hi Md, > > > > quic_mdalam@quicinc.com wrote on Thu, 14 Apr 2022 11:09:33 +0530: > > =20 > >> This patch fixes a memory corruption that occurred in the > >> nand_scan() path for Hynix nand device. > >> > >> On boot, for Hynix nand device will panic at a weird place: > >> | Unable to handle kernel NULL pointer dereference at virtual > >> address 00000070 > >> | [00000070] *pgd=3D00000000 > >> | Internal error: Oops: 5 [#1] PREEMPT SMP ARM Modules linked in: > >> | CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.17.0-01473-g13ae1769cfb0 > >> #38 > >> | Hardware name: Generic DT based system PC is at > >> | nandc_set_reg+0x8/0x1c LR is at qcom_nandc_command+0x20c/0x5d0 > >> | pc : [] lr : [] psr: 00000113 > >> | sp : c14adc50 ip : c14ee208 fp : c0cc970c > >> | r10: 000000a3 r9 : 00000000 r8 : 00000040 > >> | r7 : c16f6a00 r6 : 00000090 r5 : 00000004 r4 :c14ee040 > >> | r3 : 00000000 r2 : 0000000b r1 : 00000000 r0 :c14ee040 > >> | Flags: nzcv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none > >> | Control: 10c5387d Table: 8020406a DAC: 00000051 Register r0 > >> | information: slab kmalloc-2k start c14ee000 pointer offset > >> 64 size 2048 > >> | Process swapper/0 (pid: 1, stack limit =3D 0x(ptrval)) nandc_set_reg > >> | from qcom_nandc_command+0x20c/0x5d0 qcom_nandc_command from > >> | nand_readid_op+0x198/0x1e8 nand_readid_op from > >> | hynix_nand_has_valid_jedecid+0x30/0x78 > >> | hynix_nand_has_valid_jedecid from hynix_nand_init+0xb8/0x454 > >> | hynix_nand_init from nand_scan_with_ids+0xa30/0x14a8 > >> | nand_scan_with_ids from qcom_nandc_probe+0x648/0x7b0 > >> | qcom_nandc_probe from platform_probe+0x58/0xac > >> > >> The problem is that the nand_scan()'s qcom_nand_attach_chip callback > >> is updating the nandc->max_cwperpage from 1 to 4.This causes the > >> sg_init_table of clear_bam_transaction() in the driver's > >> qcom_nandc_command() to memset much more than what was initially > >> allocated by alloc_bam_transaction(). =20 > > Thanks for investigating! > > =20 > >> This patch will update nandc->max_cwperpage 1 to 4 after nand_scan() > >> returns, and remove updating nandc->max_cwperpage from > >> qcom_nand_attach_chip call back. =20 > > The fix does not look right, as far as I understand, this should be pro= perly handled during the attach phase. That is where we have all informatio= n about the chip and do the configuration for this chip. > > > > If you update max_cwperpage there you should probably update other inte= rnal variables that depend on it as well. =20 >=20 > =C2=A0=C2=A0 Currently we are updating max_cwperpage=C2=A0 in qcom_nand_= attach_chip(), but we are seeing issue for Hynix nand device since nand_sca= n_tail() is getting called after nand_attach() and in nand_attach() we are = updating max_cwperpage to 4 or 8 based on page size. >=20 > =C2=A0=C2=A0=C2=A0 From nand_scan_tail() there is a call for nand_manufa= cturer_init() , specific to Hynix nand read_id is getting called that's why= we are seeing this issue only for Hynix nand device. Read id sequence as b= elow >=20 > =C2=A0=C2=A0 hynix_nand_has_valid_jedecid() >=20 > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 | >=20 > =C2=A0=C2=A0 nand_readid_op() >=20 > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= | >=20 > =C2=A0qcom_nandc_command() >=20 > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 | >=20 > pre_command() >=20 > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 | >=20 > clear_bam_transaction()=C2=A0=C2=A0 --> In this call we are doing sg_init= _table() which is calling memset() based on max_cwperpage.Since initially w= e have allocated bam transaction as per max_cwperpage =3D1 and , since nand= _chip_attach() updated max_cwperpage,=C2=A0 now we are doing memset as per = max_cwperpage =3D 4 or 8. >=20 >=20 > So anyway we have to updated max_cwperpage after nand_scan() call only.= =C2=A0 Since there is no other dependency on max_cwperpage in nand_attach_c= hip() and we are using this in bam_alloc() and bam_clear(). Why don't you update the sg table after increasing max_cwperpage? >=20 > > =20 > >> Signed-off-by: Md Sadre Alam > >> Signed-off-by: Sricharan R > >> --- > >> drivers/mtd/nand/raw/qcom_nandc.c | 8 ++++---- > >> 1 file changed, 4 insertions(+), 4 deletions(-) > >> > >> diff --git a/drivers/mtd/nand/raw/qcom_nandc.c > >> b/drivers/mtd/nand/raw/qcom_nandc.c > >> index 1a77542..aa3ec45 100644 > >> --- a/drivers/mtd/nand/raw/qcom_nandc.c > >> +++ b/drivers/mtd/nand/raw/qcom_nandc.c > >> @@ -2652,9 +2652,6 @@ static int qcom_nand_attach_chip(struct > >> nand_chip *chip) > >> > >> mtd_set_ooblayout(mtd, &qcom_nand_ooblayout_ops); > >> > >> - nandc->max_cwperpage =3D max_t(unsigned int, nandc->max_cwperpag= e, > >> - cwperpage); > >> - > >> /* > >> * DATA_UD_BYTES varies based on whether the read/write command= protects > >> * spare data with ECC too. We protect spare data by default, so > >> we set @@ -2909,7 +2906,7 @@ static int qcom_nand_host_init_and_regist= er(struct qcom_nand_controller *nandc, > >> struct nand_chip *chip =3D &host->chip; > >> struct mtd_info *mtd =3D nand_to_mtd(chip); > >> struct device *dev =3D nandc->dev; > >> - int ret; > >> + int ret, cwperpage; > >> > >> ret =3D of_property_read_u32(dn, "reg", &host->cs); > >> if (ret) { > >> @@ -2955,6 +2952,9 @@ static int qcom_nand_host_init_and_register(stru= ct qcom_nand_controller *nandc, > >> if (ret) > >> return ret; > >> > >> + cwperpage =3D mtd->writesize / NANDC_STEP_SIZE; > >> + nandc->max_cwperpage =3D max_t(unsigned int, nandc->max_cwperpag= e, > >> + cwperpage); > >> if (nandc->props->is_bam) { > >> free_bam_transaction(nandc); > >> nandc->bam_txn =3D alloc_bam_transaction(nandc); =20 > > > > Thanks, > > Miqu=C3=A8l =20 Thanks, Miqu=C3=A8l From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 8A743C433F5 for ; Thu, 14 Apr 2022 12:43:19 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-ID:Subject:Cc:To:From:Date:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=nCLQ/Bw2XOCiAsYf+mGil4w3c5ScEQBKpbO1wWcLw9I=; b=egLUDqst/roXJG dvDQZle69WaT97yNBKGY8ZikgrgtIeSHw2NJQTgrR41C5OectVnxkOzsViBeYx9bQVIi1fwkSe5V+ K7tnOLRbb2zVtWdjK7ZiOg0S5XQqV7DeTrxGh1Vu4veG97h7SSVXneWbjAzWvjDzo+xoYcLpglYYw mpu7C9KdzKPyJbAlM6oMJCOwOUKj5AwM63Q3zsoMY95CimswjCmLk7/unAexOTmcewZMHMG93tM0T igxJl5ephPH8igoUEVXZ3lN/8eJ8gdOUeQVb0Y/xMgamNyaIXmC/5lk5GRW9S/QQZk/iH3/+PHeNB zP0iqr83q5D/fF9qllOg==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1neyoD-005a5m-Ge; Thu, 14 Apr 2022 12:42:49 +0000 Received: from relay12.mail.gandi.net ([2001:4b98:dc4:8::232]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1neyo8-005a2y-QL for linux-mtd@lists.infradead.org; Thu, 14 Apr 2022 12:42:47 +0000 Received: (Authenticated sender: miquel.raynal@bootlin.com) by mail.gandi.net (Postfix) with ESMTPSA id 1B73A20000B; Thu, 14 Apr 2022 12:42:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bootlin.com; s=gm1; t=1649940159; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=IzxE2WvL9rq7v5BifF1RggWJF7SATt0ADL+xVaYyURo=; b=Pn2BOdfWHgxWi3QIBOn//sLlklO3nKb1PAGVtKVz+Xm0UQUILQSkukh/5WRoila/GK+A0n b4XlxAxvNEzCtPGLytY1SEbqs8IJdmPzJFGPIe8PwBhMzlhr3FRr6j4NIIygXRaMVr/4L8 N9kp8cgmteWqeyY7mRhvzttmOndYMAL1qHoYa+mbHUHb30+KYsnl7H3sSJTKsqOixFFMUG eDtct6stRbGSQEAznr99qBw8co+3a0QBZjlFrckLRpo079CPSoRpaXX7Q1LgMIPF3TnZkL oU1lA3Y9euUpdncqLL9UjE898BpWL1Z2r+RXeRSJdhS+TYZyCpQBPYiQ14G9jw== Date: Thu, 14 Apr 2022 14:42:36 +0200 From: Miquel Raynal To: Md Sadre Alam Cc: , , , , , , , Subject: Re: [PATCH] mtd: rawnand: qcom: fix memory corruption that causes panic Message-ID: <20220414144236.4ea54e20@xps13> In-Reply-To: <2697e757-f446-9cdb-95e0-ea01a642e6d4@quicinc.com> References: <1649914773-22434-1-git-send-email-quic_mdalam@quicinc.com> <20220414101517.7bbc5e9d@xps13> <2697e757-f446-9cdb-95e0-ea01a642e6d4@quicinc.com> Organization: Bootlin X-Mailer: Claws Mail 3.17.7 (GTK+ 2.24.32; x86_64-pc-linux-gnu) MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20220414_054245_246562_5B5253F8 X-CRM114-Status: GOOD ( 33.23 ) X-BeenThere: linux-mtd@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Linux MTD discussion mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Sender: "linux-mtd" Errors-To: linux-mtd-bounces+linux-mtd=archiver.kernel.org@lists.infradead.org SGkgTWQsCgpxdWljX21kYWxhbUBxdWljaW5jLmNvbSB3cm90ZSBvbiBUaHUsIDE0IEFwciAyMDIy IDE3OjUwOjQ4ICswNTMwOgoKPiA+IEhpIE1kLAo+ID4KPiA+IHF1aWNfbWRhbGFtQHF1aWNpbmMu Y29tIHdyb3RlIG9uIFRodSwgMTQgQXByIDIwMjIgMTE6MDk6MzMgKzA1MzA6Cj4gPiAgCj4gPj4g VGhpcyBwYXRjaCBmaXhlcyBhIG1lbW9yeSBjb3JydXB0aW9uIHRoYXQgb2NjdXJyZWQgaW4gdGhl Cj4gPj4gbmFuZF9zY2FuKCkgcGF0aCBmb3IgSHluaXggbmFuZCBkZXZpY2UuCj4gPj4KPiA+PiBP biBib290LCBmb3IgSHluaXggbmFuZCBkZXZpY2Ugd2lsbCBwYW5pYyBhdCBhIHdlaXJkIHBsYWNl Ogo+ID4+IHwgVW5hYmxlIHRvIGhhbmRsZSBrZXJuZWwgTlVMTCBwb2ludGVyIGRlcmVmZXJlbmNl IGF0IHZpcnR1YWwKPiA+PiAgICBhZGRyZXNzIDAwMDAwMDcwCj4gPj4gfCBbMDAwMDAwNzBdICpw Z2Q9MDAwMDAwMDAKPiA+PiB8IEludGVybmFsIGVycm9yOiBPb3BzOiA1IFsjMV0gUFJFRU1QVCBT TVAgQVJNIE1vZHVsZXMgbGlua2VkIGluOgo+ID4+IHwgQ1BVOiAwIFBJRDogMSBDb21tOiBzd2Fw cGVyLzAgTm90IHRhaW50ZWQgNS4xNy4wLTAxNDczLWcxM2FlMTc2OWNmYjAKPiA+PiAgICAjMzgK PiA+PiB8IEhhcmR3YXJlIG5hbWU6IEdlbmVyaWMgRFQgYmFzZWQgc3lzdGVtIFBDIGlzIGF0Cj4g Pj4gfCBuYW5kY19zZXRfcmVnKzB4OC8weDFjIExSIGlzIGF0IHFjb21fbmFuZGNfY29tbWFuZCsw eDIwYy8weDVkMAo+ID4+IHwgcGMgOiBbPGMwODhiNzRjPl0gICAgbHIgOiBbPGMwODhkOWM4Pl0g ICAgcHNyOiAwMDAwMDExMwo+ID4+IHwgc3AgOiBjMTRhZGM1MCAgaXAgOiBjMTRlZTIwOCAgZnAg OiBjMGNjOTcwYwo+ID4+IHwgcjEwOiAwMDAwMDBhMyAgcjkgOiAwMDAwMDAwMCAgcjggOiAwMDAw MDA0MAo+ID4+IHwgcjcgOiBjMTZmNmEwMCAgcjYgOiAwMDAwMDA5MCAgcjUgOiAwMDAwMDAwNCAg cjQgOmMxNGVlMDQwCj4gPj4gfCByMyA6IDAwMDAwMDAwICByMiA6IDAwMDAwMDBiICByMSA6IDAw MDAwMDAwICByMCA6YzE0ZWUwNDAKPiA+PiB8IEZsYWdzOiBuemN2ICBJUlFzIG9uICBGSVFzIG9u ICBNb2RlIFNWQ18zMiAgSVNBIEFSTSBTZWdtZW50IG5vbmUKPiA+PiB8IENvbnRyb2w6IDEwYzUz ODdkICBUYWJsZTogODAyMDQwNmEgIERBQzogMDAwMDAwNTEgUmVnaXN0ZXIgcjAKPiA+PiB8IGlu Zm9ybWF0aW9uOiBzbGFiIGttYWxsb2MtMmsgc3RhcnQgYzE0ZWUwMDAgcG9pbnRlciBvZmZzZXQK PiA+PiAgICA2NCBzaXplIDIwNDgKPiA+PiB8IFByb2Nlc3Mgc3dhcHBlci8wIChwaWQ6IDEsIHN0 YWNrIGxpbWl0ID0gMHgocHRydmFsKSkgbmFuZGNfc2V0X3JlZwo+ID4+IHwgZnJvbSBxY29tX25h bmRjX2NvbW1hbmQrMHgyMGMvMHg1ZDAgcWNvbV9uYW5kY19jb21tYW5kIGZyb20KPiA+PiB8IG5h bmRfcmVhZGlkX29wKzB4MTk4LzB4MWU4IG5hbmRfcmVhZGlkX29wIGZyb20KPiA+PiB8IGh5bml4 X25hbmRfaGFzX3ZhbGlkX2plZGVjaWQrMHgzMC8weDc4Cj4gPj4gfCBoeW5peF9uYW5kX2hhc192 YWxpZF9qZWRlY2lkIGZyb20gaHluaXhfbmFuZF9pbml0KzB4YjgvMHg0NTQKPiA+PiB8IGh5bml4 X25hbmRfaW5pdCBmcm9tIG5hbmRfc2Nhbl93aXRoX2lkcysweGEzMC8weDE0YTgKPiA+PiB8IG5h bmRfc2Nhbl93aXRoX2lkcyBmcm9tIHFjb21fbmFuZGNfcHJvYmUrMHg2NDgvMHg3YjAKPiA+PiB8 IHFjb21fbmFuZGNfcHJvYmUgZnJvbSBwbGF0Zm9ybV9wcm9iZSsweDU4LzB4YWMKPiA+Pgo+ID4+ IFRoZSBwcm9ibGVtIGlzIHRoYXQgdGhlIG5hbmRfc2NhbigpJ3MgcWNvbV9uYW5kX2F0dGFjaF9j aGlwIGNhbGxiYWNrCj4gPj4gaXMgdXBkYXRpbmcgdGhlIG5hbmRjLT5tYXhfY3dwZXJwYWdlIGZy b20gMSB0byA0LlRoaXMgY2F1c2VzIHRoZQo+ID4+IHNnX2luaXRfdGFibGUgb2YgY2xlYXJfYmFt X3RyYW5zYWN0aW9uKCkgaW4gdGhlIGRyaXZlcidzCj4gPj4gcWNvbV9uYW5kY19jb21tYW5kKCkg dG8gbWVtc2V0IG11Y2ggbW9yZSB0aGFuIHdoYXQgd2FzIGluaXRpYWxseQo+ID4+IGFsbG9jYXRl ZCBieSBhbGxvY19iYW1fdHJhbnNhY3Rpb24oKS4gIAo+ID4gVGhhbmtzIGZvciBpbnZlc3RpZ2F0 aW5nIQo+ID4gIAo+ID4+IFRoaXMgcGF0Y2ggd2lsbCB1cGRhdGUgbmFuZGMtPm1heF9jd3BlcnBh Z2UgMSB0byA0IGFmdGVyIG5hbmRfc2NhbigpCj4gPj4gcmV0dXJucywgYW5kIHJlbW92ZSB1cGRh dGluZyBuYW5kYy0+bWF4X2N3cGVycGFnZSBmcm9tCj4gPj4gcWNvbV9uYW5kX2F0dGFjaF9jaGlw IGNhbGwgYmFjay4gIAo+ID4gVGhlIGZpeCBkb2VzIG5vdCBsb29rIHJpZ2h0LCBhcyBmYXIgYXMg SSB1bmRlcnN0YW5kLCB0aGlzIHNob3VsZCBiZSBwcm9wZXJseSBoYW5kbGVkIGR1cmluZyB0aGUg YXR0YWNoIHBoYXNlLiBUaGF0IGlzIHdoZXJlIHdlIGhhdmUgYWxsIGluZm9ybWF0aW9uIGFib3V0 IHRoZSBjaGlwIGFuZCBkbyB0aGUgY29uZmlndXJhdGlvbiBmb3IgdGhpcyBjaGlwLgo+ID4KPiA+ IElmIHlvdSB1cGRhdGUgbWF4X2N3cGVycGFnZSB0aGVyZSB5b3Ugc2hvdWxkIHByb2JhYmx5IHVw ZGF0ZSBvdGhlciBpbnRlcm5hbCB2YXJpYWJsZXMgdGhhdCBkZXBlbmQgb24gaXQgYXMgd2VsbC4g IAo+IAo+ICDCoMKgIEN1cnJlbnRseSB3ZSBhcmUgdXBkYXRpbmcgbWF4X2N3cGVycGFnZcKgIGlu IHFjb21fbmFuZF9hdHRhY2hfY2hpcCgpLCBidXQgd2UgYXJlIHNlZWluZyBpc3N1ZSBmb3IgSHlu aXggbmFuZCBkZXZpY2Ugc2luY2UgbmFuZF9zY2FuX3RhaWwoKSBpcyBnZXR0aW5nIGNhbGxlZCBh ZnRlciBuYW5kX2F0dGFjaCgpIGFuZCBpbiBuYW5kX2F0dGFjaCgpIHdlIGFyZSB1cGRhdGluZyBt YXhfY3dwZXJwYWdlIHRvIDQgb3IgOCBiYXNlZCBvbiBwYWdlIHNpemUuCj4gCj4gIMKgwqDCoCBG cm9tIG5hbmRfc2Nhbl90YWlsKCkgdGhlcmUgaXMgYSBjYWxsIGZvciBuYW5kX21hbnVmYWN0dXJl cl9pbml0KCkgLCBzcGVjaWZpYyB0byBIeW5peCBuYW5kIHJlYWRfaWQgaXMgZ2V0dGluZyBjYWxs ZWQgdGhhdCdzIHdoeSB3ZSBhcmUgc2VlaW5nIHRoaXMgaXNzdWUgb25seSBmb3IgSHluaXggbmFu ZCBkZXZpY2UuIFJlYWQgaWQgc2VxdWVuY2UgYXMgYmVsb3cKPiAKPiAgwqDCoCBoeW5peF9uYW5k X2hhc192YWxpZF9qZWRlY2lkKCkKPiAKPiAgwqDCoMKgwqDCoMKgwqAgwqAgwqAgwqAgwqAgfAo+ IAo+ICDCoMKgIG5hbmRfcmVhZGlkX29wKCkKPiAKPiAgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKg IHwKPiAKPiAgwqBxY29tX25hbmRjX2NvbW1hbmQoKQo+IAo+ICDCoMKgwqDCoMKgwqDCoMKgwqDC oMKgIHwKPiAKPiBwcmVfY29tbWFuZCgpCj4gCj4gIMKgwqDCoMKgwqDCoMKgwqDCoCB8Cj4gCj4g Y2xlYXJfYmFtX3RyYW5zYWN0aW9uKCnCoMKgIC0tPiBJbiB0aGlzIGNhbGwgd2UgYXJlIGRvaW5n IHNnX2luaXRfdGFibGUoKSB3aGljaCBpcyBjYWxsaW5nIG1lbXNldCgpIGJhc2VkIG9uIG1heF9j d3BlcnBhZ2UuU2luY2UgaW5pdGlhbGx5IHdlIGhhdmUgYWxsb2NhdGVkIGJhbSB0cmFuc2FjdGlv biBhcyBwZXIgbWF4X2N3cGVycGFnZSA9MSBhbmQgLCBzaW5jZSBuYW5kX2NoaXBfYXR0YWNoKCkg dXBkYXRlZCBtYXhfY3dwZXJwYWdlLMKgIG5vdyB3ZSBhcmUgZG9pbmcgbWVtc2V0IGFzIHBlciBt YXhfY3dwZXJwYWdlID0gNCBvciA4Lgo+IAo+IAo+IFNvIGFueXdheSB3ZSBoYXZlIHRvIHVwZGF0 ZWQgbWF4X2N3cGVycGFnZSBhZnRlciBuYW5kX3NjYW4oKSBjYWxsIG9ubHkuwqAgU2luY2UgdGhl cmUgaXMgbm8gb3RoZXIgZGVwZW5kZW5jeSBvbiBtYXhfY3dwZXJwYWdlIGluIG5hbmRfYXR0YWNo X2NoaXAoKSBhbmQgd2UgYXJlIHVzaW5nIHRoaXMgaW4gYmFtX2FsbG9jKCkgYW5kIGJhbV9jbGVh cigpLgoKV2h5IGRvbid0IHlvdSB1cGRhdGUgdGhlIHNnIHRhYmxlIGFmdGVyIGluY3JlYXNpbmcg bWF4X2N3cGVycGFnZT8KCj4gCj4gPiAgCj4gPj4gU2lnbmVkLW9mZi1ieTogTWQgU2FkcmUgQWxh bSA8cXVpY19tZGFsYW1AcXVpY2luYy5jb20+Cj4gPj4gU2lnbmVkLW9mZi1ieTogU3JpY2hhcmFu IFIgPHF1aWNfc3JpY2hhcmFAcXVpY2luYy5jb20+Cj4gPj4gLS0tCj4gPj4gICBkcml2ZXJzL210 ZC9uYW5kL3Jhdy9xY29tX25hbmRjLmMgfCA4ICsrKystLS0tCj4gPj4gICAxIGZpbGUgY2hhbmdl ZCwgNCBpbnNlcnRpb25zKCspLCA0IGRlbGV0aW9ucygtKQo+ID4+Cj4gPj4gZGlmZiAtLWdpdCBh L2RyaXZlcnMvbXRkL25hbmQvcmF3L3Fjb21fbmFuZGMuYwo+ID4+IGIvZHJpdmVycy9tdGQvbmFu ZC9yYXcvcWNvbV9uYW5kYy5jCj4gPj4gaW5kZXggMWE3NzU0Mi4uYWEzZWM0NSAxMDA2NDQKPiA+ PiAtLS0gYS9kcml2ZXJzL210ZC9uYW5kL3Jhdy9xY29tX25hbmRjLmMKPiA+PiArKysgYi9kcml2 ZXJzL210ZC9uYW5kL3Jhdy9xY29tX25hbmRjLmMKPiA+PiBAQCAtMjY1Miw5ICsyNjUyLDYgQEAg c3RhdGljIGludCBxY29tX25hbmRfYXR0YWNoX2NoaXAoc3RydWN0Cj4gPj4gbmFuZF9jaGlwICpj aGlwKQo+ID4+Cj4gPj4gICAgICAgIG10ZF9zZXRfb29ibGF5b3V0KG10ZCwgJnFjb21fbmFuZF9v b2JsYXlvdXRfb3BzKTsKPiA+Pgo+ID4+IC0gICAgIG5hbmRjLT5tYXhfY3dwZXJwYWdlID0gbWF4 X3QodW5zaWduZWQgaW50LCBuYW5kYy0+bWF4X2N3cGVycGFnZSwKPiA+PiAtICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgIGN3cGVycGFnZSk7Cj4gPj4gLQo+ID4+ICAgICAgICAvKgo+ ID4+ICAgICAgICAgKiBEQVRBX1VEX0JZVEVTIHZhcmllcyBiYXNlZCBvbiB3aGV0aGVyIHRoZSBy ZWFkL3dyaXRlIGNvbW1hbmQgcHJvdGVjdHMKPiA+PiAgICAgICAgICogc3BhcmUgZGF0YSB3aXRo IEVDQyB0b28uIFdlIHByb3RlY3Qgc3BhcmUgZGF0YSBieSBkZWZhdWx0LCBzbwo+ID4+IHdlIHNl dCBAQCAtMjkwOSw3ICsyOTA2LDcgQEAgc3RhdGljIGludCBxY29tX25hbmRfaG9zdF9pbml0X2Fu ZF9yZWdpc3RlcihzdHJ1Y3QgcWNvbV9uYW5kX2NvbnRyb2xsZXIgKm5hbmRjLAo+ID4+ICAgICAg ICBzdHJ1Y3QgbmFuZF9jaGlwICpjaGlwID0gJmhvc3QtPmNoaXA7Cj4gPj4gICAgICAgIHN0cnVj dCBtdGRfaW5mbyAqbXRkID0gbmFuZF90b19tdGQoY2hpcCk7Cj4gPj4gICAgICAgIHN0cnVjdCBk ZXZpY2UgKmRldiA9IG5hbmRjLT5kZXY7Cj4gPj4gLSAgICAgaW50IHJldDsKPiA+PiArICAgICBp bnQgcmV0LCBjd3BlcnBhZ2U7Cj4gPj4KPiA+PiAgICAgICAgcmV0ID0gb2ZfcHJvcGVydHlfcmVh ZF91MzIoZG4sICJyZWciLCAmaG9zdC0+Y3MpOwo+ID4+ICAgICAgICBpZiAocmV0KSB7Cj4gPj4g QEAgLTI5NTUsNiArMjk1Miw5IEBAIHN0YXRpYyBpbnQgcWNvbV9uYW5kX2hvc3RfaW5pdF9hbmRf cmVnaXN0ZXIoc3RydWN0IHFjb21fbmFuZF9jb250cm9sbGVyICpuYW5kYywKPiA+PiAgICAgICAg aWYgKHJldCkKPiA+PiAgICAgICAgICAgICAgICByZXR1cm4gcmV0Owo+ID4+Cj4gPj4gKyAgICAg Y3dwZXJwYWdlID0gbXRkLT53cml0ZXNpemUgLyBOQU5EQ19TVEVQX1NJWkU7Cj4gPj4gKyAgICAg bmFuZGMtPm1heF9jd3BlcnBhZ2UgPSBtYXhfdCh1bnNpZ25lZCBpbnQsIG5hbmRjLT5tYXhfY3dw ZXJwYWdlLAo+ID4+ICsgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgY3dwZXJwYWdl KTsKPiA+PiAgICAgICAgaWYgKG5hbmRjLT5wcm9wcy0+aXNfYmFtKSB7Cj4gPj4gICAgICAgICAg ICAgICAgZnJlZV9iYW1fdHJhbnNhY3Rpb24obmFuZGMpOwo+ID4+ICAgICAgICAgICAgICAgIG5h bmRjLT5iYW1fdHhuID0gYWxsb2NfYmFtX3RyYW5zYWN0aW9uKG5hbmRjKTsgIAo+ID4KPiA+IFRo YW5rcywKPiA+IE1pcXXDqGwgIAoKClRoYW5rcywKTWlxdcOobAoKX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fCkxpbnV4IE1URCBkaXNjdXNzaW9u IG1haWxpbmcgbGlzdApodHRwOi8vbGlzdHMuaW5mcmFkZWFkLm9yZy9tYWlsbWFuL2xpc3RpbmZv L2xpbnV4LW10ZC8K