From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=U9nl=DH=lists.linux-foundation.org=containers-bounces@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-10.0 required=3.0 tests=BAYES_00,
	DKIM_ADSP_CUSTOM_MED,DKIM_INVALID,DKIM_SIGNED,FREEMAIL_FORGED_FROMDOMAIN,
	FREEMAIL_FROM,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,
	MENTIONS_GIT_HOSTING,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_SANE_1
	autolearn=ham autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 83611C4727E
	for <containers@archiver.kernel.org>; Wed, 30 Sep 2020 11:07:53 +0000 (UTC)
Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mail.kernel.org (Postfix) with ESMTPS id E708B206FC
	for <containers@archiver.kernel.org>; Wed, 30 Sep 2020 11:07:52 +0000 (UTC)
Authentication-Results: mail.kernel.org;
	dkim=fail reason="signature verification failed" (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="nCGYhsvD"
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org E708B206FC
Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com
Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=containers-bounces@lists.linux-foundation.org
Received: from localhost (localhost [127.0.0.1])
	by whitealder.osuosl.org (Postfix) with ESMTP id 53AF485B36;
	Wed, 30 Sep 2020 11:07:52 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from whitealder.osuosl.org ([127.0.0.1])
	by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id aD6ryYgX4RfA; Wed, 30 Sep 2020 11:07:47 +0000 (UTC)
Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56])
	by whitealder.osuosl.org (Postfix) with ESMTP id 6BAE585AB3;
	Wed, 30 Sep 2020 11:07:47 +0000 (UTC)
Received: from lf-lists.osuosl.org (localhost [127.0.0.1])
	by lists.linuxfoundation.org (Postfix) with ESMTP id 55071C016F;
	Wed, 30 Sep 2020 11:07:47 +0000 (UTC)
Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136])
 by lists.linuxfoundation.org (Postfix) with ESMTP id 6FE1BC0051
 for <containers@lists.linux-foundation.org>;
 Wed, 30 Sep 2020 11:07:46 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by silver.osuosl.org (Postfix) with ESMTP id 57B9120398
 for <containers@lists.linux-foundation.org>;
 Wed, 30 Sep 2020 11:07:46 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from silver.osuosl.org ([127.0.0.1])
 by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id RAIU+8gpZZgU
 for <containers@lists.linux-foundation.org>;
 Wed, 30 Sep 2020 11:07:42 +0000 (UTC)
X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6
Received: from mail-wr1-f67.google.com (mail-wr1-f67.google.com
 [209.85.221.67])
 by silver.osuosl.org (Postfix) with ESMTPS id 6BF2320347
 for <containers@lists.linux-foundation.org>;
 Wed, 30 Sep 2020 11:07:42 +0000 (UTC)
Received: by mail-wr1-f67.google.com with SMTP id k10so1305702wru.6
 for <containers@lists.linux-foundation.org>;
 Wed, 30 Sep 2020 04:07:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=cc:to:from:subject:message-id:date:user-agent:mime-version
 :content-language:content-transfer-encoding;
 bh=7V06UaidBYVts5T1QXfJB9g2Eh0Pg9/j1QaxuXnO3gY=;
 b=nCGYhsvD3VGoXhra82c9I5Rw937nJzJiMVdc1vONn9GUXWc4IPRapiQHLRntLuYszb
 15Vq6rW9SEjccoY+KuCqkobPwhm2+4u1aFnZ3FBk6/8vZ/3A3kzBddKWYLdpvj2oVnV+
 x95NnQ+prm42jwPP5hfuxLqlQAbT5XiN7nur+bwZf4RqYcTLkfayiuNcFbx+1rjMdEHN
 rFp2IqSJ3Agx9tQx0vbjC35JEORHKquHqbUIuf5LdRxlHeZ15u/rUNoiIuCbZbxG8usZ
 V2RIOEveYhz6fs0S1UpbLoZRN04qTf61fq/sIbyH4qicCjj7uAP1q0OMCuSrLnoimRl7
 Lj1w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:cc:to:from:subject:message-id:date:user-agent
 :mime-version:content-language:content-transfer-encoding;
 bh=7V06UaidBYVts5T1QXfJB9g2Eh0Pg9/j1QaxuXnO3gY=;
 b=GrW/lpIYsLi9Go0PxqEhCJRfnraLWYBV+QP3wPX7jxmAvxGygcLkF8OU1HttmnU7YA
 dWd3Bjdt5Ap8wu08WyiEph/kbg/HYscgeIq/NLcE++cjFZMC71uBZUF4+VXtMztRC9b1
 aJwnl/zqEj+/QWAC1PhQhUwLOr0KYmuHEEca/QY8dNjk2Grf4ZpH37AYk+JVmADt3388
 85pOi/1Ta8BG7vmUR1Kkk0fNCUZBhBNsdi6BLzc5C4+CWlRBucNXUpcU02wAaHvMaL1g
 oQEjxN3kt+badH24G+jBWie71nw11tfYJnUBWe8cdHBfKZ99Crs/H0L2n9xkyV09N3Zf
 NlSQ==
X-Gm-Message-State: AOAM530QEO++gnVcPaZ4FVSfQTtooie4bzikM/8AKOSZlrP+fqo8YWfA
 jya0MnYW4odT5KnmP56TBuw=
X-Google-Smtp-Source: ABdhPJzG1F25MJr5TUsySnk7PHJdQwUKEAHHu5jYlqZdltrqhAa5BqkugE2nL6CdykN9OfXafIS7RA==
X-Received: by 2002:adf:f4c6:: with SMTP id h6mr2489705wrp.310.1601464060090; 
 Wed, 30 Sep 2020 04:07:40 -0700 (PDT)
Received: from ?IPv6:2001:a61:2479:6801:d8fe:4132:9f23:7e8f?
 ([2001:a61:2479:6801:d8fe:4132:9f23:7e8f])
 by smtp.gmail.com with ESMTPSA id 76sm2365466wma.42.2020.09.30.04.07.38
 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
 Wed, 30 Sep 2020 04:07:39 -0700 (PDT)
To: Tycho Andersen <tycho@tycho.pizza>, Sargun Dhillon <sargun@sargun.me>
From: "Michael Kerrisk (man-pages)" <mtk.manpages@gmail.com>
Subject: For review: seccomp_user_notif(2) manual page
Message-ID: <45f07f17-18b6-d187-0914-6f341fe90857@gmail.com>
Date: Wed, 30 Sep 2020 13:07:38 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101
 Thunderbird/68.10.0
MIME-Version: 1.0
Content-Language: en-US
Cc: linux-man <linux-man@vger.kernel.org>, Song Liu <songliubraving@fb.com>,
 wad@chromium.org, Kees Cook <keescook@chromium.org>,
 Daniel Borkmann <daniel@iogearbox.net>, Jann Horn <jannh@google.com>,
 Robert Sesek <rsesek@google.com>,
 Linux Containers <containers@lists.linux-foundation.org>,
 lkml <linux-kernel@vger.kernel.org>, Alexei Starovoitov <ast@kernel.org>,
 mtk.manpages@gmail.com, Giuseppe Scrivano <gscrivan@redhat.com>,
 bpf@vger.kernel.org, Andy Lutomirski <luto@amacapital.net>,
 Christian Brauner <christian@brauner.io>
X-BeenThere: containers@lists.linux-foundation.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Linux Containers <containers.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/containers>, 
 <mailto:containers-request@lists.linux-foundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/containers/>
List-Post: <mailto:containers@lists.linux-foundation.org>
List-Help: <mailto:containers-request@lists.linux-foundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/containers>, 
 <mailto:containers-request@lists.linux-foundation.org?subject=subscribe>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Errors-To: containers-bounces@lists.linux-foundation.org
Sender: "Containers" <containers-bounces@lists.linux-foundation.org>

SGkgVHljaG8sIFNhcmd1biAoYW5kIGFsbCksCgpJIGtuZXcgaXQgd291bGQgYmUgYSBiaWcgYXNr
LCBidXQgYmVsb3cgaXMga2luZCBvZiB0aGUgbWFudWFsIHBhZ2UKSSB3YXMgaG9waW5nIHlvdSBt
aWdodCB3cml0ZSBbMV0gZm9yIHRoZSBzZWNjb21wIHVzZXItc3BhY2Ugbm90aWZpY2F0aW9uCm1l
Y2hhbmlzbS4gU2luY2UgeW91IGRpZG4ndCAoYW5kIGJlY2F1c2UgNS45IGFkZHMgdmFyaW91cyBu
ZXcgcGllY2VzIApzdWNoIGFzIFNFQ0NPTVBfQURERkRfRkxBR19TRVRGRCBhbmQgU0VDQ09NUF9J
T0NUTF9OT1RJRl9BRERGRCAKdGhhdCBhbHNvIHdpbGwgbmVlZCBkb2N1bWVudGluZyBbMl0pLCBJ
IGRpZCA6LSkuIEJ1dCBvZiBjb3Vyc2UgSSBtYXkgCmhhdmUgbWFkZSBtaXN0YWtlcy4uLgoKSSd2
ZSBzaG93biB0aGUgcmVuZGVyZWQgdmVyc2lvbiBvZiB0aGUgcGFnZSBiZWxvdywgYW5kIHdvdWxk
IGxvdmUKdG8gcmVjZWl2ZSByZXZpZXcgY29tbWVudHMgZnJvbSB5b3UgYW5kIG90aGVycywgYW5k
IGFja3MsIGV0Yy4KClRoZXJlIGFyZSBhIGZldyBGSVhNRXMgc3ByaW5rbGVkIGludG8gdGhlIHBh
Z2UsIGluY2x1ZGluZyBvbmUKdGhhdCByZWxhdGVzIHRvIHdoYXQgYXBwZWFycyB0byBtZSB0byBi
ZSBhIG1pc2Rlc2lnbiAocG9zc2libHkgCmZpeGFibGUpIGluIHRoZSBvcGVyYXRpb24gb2YgdGhl
IFNFQ0NPTVBfSU9DVExfTk9USUZfUkVDViAKb3BlcmF0aW9uLiBJIHdvdWxkIGJlIGVzcGVjaWFs
bHkgaW50ZXJlc3RlZCBpbiBmZWVkYmFjayBvbiB0aGF0CkZJWE1FLCBhbmQgYWxzbyBvZiBjb3Vy
c2UgdGhlIG90aGVyIEZJWE1Fcy4KClRoZSBwYWdlIGluY2x1ZGVzIGFuIGV4dGVuc2l2ZSAoYWxi
ZWl0IHNsaWdodGx5IGNvbnRyaXZlZCkKZXhhbXBsZSBwcm9ncmFtLCBhbmQgSSB3b3VsZCBiZSBo
YXBweSBhbHNvIHRvIHJlY2VpdmUgY29tbWVudHMKb24gdGhhdCBwcm9ncmFtLgoKVGhlIHBhZ2Ug
c291cmNlIGN1cnJlbnRseSBzaXRzIGluIGEgYnJhbmNoIChhbG9uZyB3aXRoIHRoZSB0ZXh0CnRo
YXQgeW91IHNlbnQgbWUgZm9yIHRoZSBzZWNjb21wKDIpIHBhZ2UpIGF0Cmh0dHBzOi8vZ2l0Lmtl
cm5lbC5vcmcvcHViL3NjbS9kb2NzL21hbi1wYWdlcy9tYW4tcGFnZXMuZ2l0L2xvZy8/aD1zZWNj
b21wX3VzZXJfbm90aWYKClRoYW5rcywKCk1pY2hhZWwKClsxXSBodHRwczovL2xvcmUua2VybmVs
Lm9yZy9saW51eC1tYW4vMmNlYTVmZWMtZTczZS01NzQ5LTE4YWYtMTVjMzVhNGJkMjNjQGdtYWls
LmNvbS8jdApbMl0gU2FyZ3VuLCBjYW4geW91IHByZXBhcmUgc29tZXRoaW5nIG9uIFNFQ0NPTVBf
QURERkRfRkxBR19TRVRGRAogICAgYW5kIFNFQ0NPTVBfSU9DVExfTk9USUZfQURERkQgdG8gYmUg
YWRkZWQgdG8gdGhpcyBwYWdlPwoKPT09PT0KCk5BTUUKICAgICAgIHNlY2NvbXBfdXNlcl9ub3Rp
ZiAtIFNlY2NvbXAgdXNlci1zcGFjZSBub3RpZmljYXRpb24gbWVjaGFuaXNtCgpTWU5PUFNJUwog
ICAgICAgI2luY2x1ZGUgPGxpbnV4L3NlY2NvbXAuaD4KICAgICAgICNpbmNsdWRlIDxsaW51eC9m
aWx0ZXIuaD4KICAgICAgICNpbmNsdWRlIDxsaW51eC9hdWRpdC5oPgoKICAgICAgIGludCBzZWNj
b21wKHVuc2lnbmVkIGludCBvcGVyYXRpb24sIHVuc2lnbmVkIGludCBmbGFncywgdm9pZCAqYXJn
cyk7CgpERVNDUklQVElPTgogICAgICAgVGhpcyAgcGFnZSAgZGVzY3JpYmVzICB0aGUgdXNlci1z
cGFjZSBub3RpZmljYXRpb24gbWVjaGFuaXNtIHByb+KAkAogICAgICAgdmlkZWQgYnkgdGhlIFNl
Y3VyZSBDb21wdXRpbmcgKHNlY2NvbXApIGZhY2lsaXR5LiAgQXMgd2VsbCBhcyB0aGUKICAgICAg
IHVzZSAgIG9mICB0aGUgIFNFQ0NPTVBfRklMVEVSX0ZMQUdfTkVXX0xJU1RFTkVSICBmbGFnLCAg
dGhlICBTRUPigJAKICAgICAgIENPTVBfUkVUX1VTRVJfTk9USUYgYWN0aW9uIHZhbHVlLCBhbmQg
dGhlIFNFQ0NPTVBfR0VUX05PVElGX1NJWkVTCiAgICAgICBvcGVyYXRpb24gIGRlc2NyaWJlZCAg
aW4gIHNlY2NvbXAoMiksIHRoaXMgbWVjaGFuaXNtIGludm9sdmVzIHRoZQogICAgICAgdXNlIG9m
IGEgbnVtYmVyIG9mIHJlbGF0ZWQgaW9jdGwoMikgb3BlcmF0aW9ucyAoZGVzY3JpYmVkIGJlbG93
KS4KCiAgIE92ZXJ2aWV3CiAgICAgICBJbiBjb252ZW50aW9uYWwgdXNhZ2Ugb2YgYSBzZWNjb21w
IGZpbHRlciwgdGhlIGRlY2lzaW9uIGFib3V0IGhvdwogICAgICAgdG8gIHRyZWF0ICBhIHBhcnRp
Y3VsYXIgc3lzdGVtIGNhbGwgaXMgbWFkZSBieSB0aGUgZmlsdGVyIGl0c2VsZi4KICAgICAgIFRo
ZSB1c2VyLXNwYWNlIG5vdGlmaWNhdGlvbiBtZWNoYW5pc20gYWxsb3dzIHRoZSBoYW5kbGluZyBv
ZiAgdGhlCiAgICAgICBzeXN0ZW0gIGNhbGwgIHRvICBpbnN0ZWFkICBiZSBoYW5kZWQgb2ZmIHRv
IGEgdXNlci1zcGFjZSBwcm9jZXNzLgogICAgICAgVGhlIGFkdmFudGFnZXMgb2YgZG9pbmcgdGhp
cyBhcmUgdGhhdCwgYnkgY29udHJhc3Qgd2l0aCB0aGUgIHNlY+KAkAogICAgICAgY29tcCAgZmls
dGVyLCAgd2hpY2ggIGlzICBydW5uaW5nIG9uIGEgdmlydHVhbCBtYWNoaW5lIGluc2lkZSB0aGUK
ICAgICAgIGtlcm5lbCwgdGhlIHVzZXItc3BhY2UgcHJvY2VzcyBoYXMgYWNjZXNzIHRvIGluZm9y
bWF0aW9uIHRoYXQgIGlzCiAgICAgICB1bmF2YWlsYWJsZSB0byB0aGUgc2VjY29tcCBmaWx0ZXIg
YW5kIGl0IGNhbiBwZXJmb3JtIGFjdGlvbnMgdGhhdAogICAgICAgY2FuJ3QgYmUgcGVyZm9ybWVk
IGZyb20gdGhlIHNlY2NvbXAgZmlsdGVyLgoKICAgICAgIEluIHRoZSBkaXNjdXNzaW9uIHRoYXQg
Zm9sbG93cywgdGhlIHByb2Nlc3MgIHRoYXQgIGhhcyAgaW5zdGFsbGVkCiAgICAgICB0aGUgIHNl
Y2NvbXAgZmlsdGVyIGlzIHJlZmVycmVkIHRvIGFzIHRoZSB0YXJnZXQsIGFuZCB0aGUgcHJvY2Vz
cwogICAgICAgdGhhdCBpcyBub3RpZmllZCBieSAgdGhlICB1c2VyLXNwYWNlICBub3RpZmljYXRp
b24gIG1lY2hhbmlzbSAgaXMKICAgICAgIHJlZmVycmVkICB0byAgYXMgIHRoZSAgc3VwZXJ2aXNv
ci4gIEFuIG92ZXJ2aWV3IG9mIHRoZSBzdGVwcyBwZXLigJAKICAgICAgIGZvcm1lZCBieSB0aGVz
ZSB0d28gcHJvY2Vzc2VzIGlzIGFzIGZvbGxvd3M6CgogICAgICAgMS4gVGhlIHRhcmdldCBwcm9j
ZXNzIGVzdGFibGlzaGVzIGEgc2VjY29tcCBmaWx0ZXIgaW4gIHRoZSAgdXN1YWwKICAgICAgICAg
IG1hbm5lciwgYnV0IHdpdGggdHdvIGRpZmZlcmVuY2VzOgoKICAgICAgICAgIMK3IFRoZSBzZWNj
b21wKDIpIGZsYWdzIGFyZ3VtZW50IGluY2x1ZGVzIHRoZSBmbGFnIFNFQ0NPTVBfRklM4oCQCiAg
ICAgICAgICAgIFRFUl9GTEFHX05FV19MSVNURU5FUi4gIENvbnNlcXVlbnRseSwgdGhlIHJldHVy
biAgdmFsdWUgICBvZgogICAgICAgICAgICB0aGUgIChzdWNjZXNzZnVsKSAgc2VjY29tcCgyKSBj
YWxsIGlzIGEgbmV3ICJsaXN0ZW5pbmciIGZpbGUKICAgICAgICAgICAgZGVzY3JpcHRvciB0aGF0
IGNhbiBiZSB1c2VkIHRvIHJlY2VpdmUgbm90aWZpY2F0aW9ucy4KCiAgICAgICAgICDCtyBJbiBj
YXNlcyB3aGVyZSBpdCBpcyBhcHByb3ByaWF0ZSwgdGhlIHNlY2NvbXAgZmlsdGVyIHJldHVybnMK
ICAgICAgICAgICAgdGhlICBhY3Rpb24gdmFsdWUgU0VDQ09NUF9SRVRfVVNFUl9OT1RJRi4gIFRo
aXMgcmV0dXJuIHZhbHVlCiAgICAgICAgICAgIHdpbGwgdHJpZ2dlciBhIG5vdGlmaWNhdGlvbiBl
dmVudC4KCiAgICAgICAyLiBJbiBvcmRlciB0aGF0IHRoZSBzdXBlcnZpc29yIHByb2Nlc3MgY2Fu
IG9idGFpbiAgbm90aWZpY2F0aW9ucwogICAgICAgICAgdXNpbmcgIHRoZSAgbGlzdGVuaW5nICBm
aWxlICBkZXNjcmlwdG9yLCAoYSBkdXBsaWNhdGUgb2YpIHRoYXQKICAgICAgICAgIGZpbGUgZGVz
Y3JpcHRvciBtdXN0IGJlIHBhc3NlZCBmcm9tIHRoZSB0YXJnZXQgcHJvY2VzcyB0byAgdGhlCiAg
ICAgICAgICBzdXBlcnZpc29yIHByb2Nlc3MuICBPbmUgd2F5IGluIHdoaWNoIHRoaXMgY291bGQg
YmUgZG9uZSBpcyBieQogICAgICAgICAgcGFzc2luZyB0aGUgZmlsZSBkZXNjcmlwdG9yIG92ZXIg
YSBVTklYIGRvbWFpbiBzb2NrZXQgIGNvbm5lY+KAkAogICAgICAgICAgdGlvbiBiZXR3ZWVuIHRo
ZSB0d28gcHJvY2Vzc2VzICh1c2luZyB0aGUgU0NNX1JJR0hUUyBhbmNpbGxhcnkKICAgICAgICAg
IG1lc3NhZ2UgdHlwZSBkZXNjcmliZWQgaW4gdW5peCg3KSkuICAgQW5vdGhlciAgcG9zc2liaWxp
dHkgIGlzCiAgICAgICAgICB0aGF0ICB0aGUgIHN1cGVydmlzb3IgIG1pZ2h0ICBpbmhlcml0ICB0
aGUgZmlsZSBkZXNjcmlwdG9yIHZpYQogICAgICAgICAgZm9yaygyKS4KCiAgICAgICAzLiBUaGUg
c3VwZXJ2aXNvciBwcm9jZXNzIHdpbGwgcmVjZWl2ZSBub3RpZmljYXRpb24gZXZlbnRzIG9uIHRo
ZQogICAgICAgICAgbGlzdGVuaW5nICBmaWxlICBkZXNjcmlwdG9yLiAgIFRoZXNlICBldmVudHMg
IGFyZSAgcmV0dXJuZWQgYXMKICAgICAgICAgIHN0cnVjdHVyZXMgb2YgdHlwZSBzZWNjb21wX25v
dGlmLiAgQmVjYXVzZSB0aGlzIHN0cnVjdHVyZSAgYW5kCiAgICAgICAgICBpdHMgIHNpemUgbWF5
IGV2b2x2ZSBvdmVyIGtlcm5lbCB2ZXJzaW9ucywgdGhlIHN1cGVydmlzb3IgbXVzdAogICAgICAg
ICAgZmlyc3QgZGV0ZXJtaW5lIHRoZSBzaXplIG9mICB0aGlzICBzdHJ1Y3R1cmUgIHVzaW5nICB0
aGUgIHNlY+KAkAogICAgICAgICAgY29tcCgyKSAgU0VDQ09NUF9HRVRfTk9USUZfU0laRVMgIG9w
ZXJhdGlvbiwgIHdoaWNoICByZXR1cm5zIGEKICAgICAgICAgIHN0cnVjdHVyZSBvZiB0eXBlIHNl
Y2NvbXBfbm90aWZfc2l6ZXMuICBUaGUgIHN1cGVydmlzb3IgIGFsbG/igJAKICAgICAgICAgIGNh
dGVzIGEgYnVmZmVyIG9mIHNpemUgc2VjY29tcF9ub3RpZl9zaXplcy5zZWNjb21wX25vdGlmIGJ5
dGVzCiAgICAgICAgICB0byByZWNlaXZlIG5vdGlmaWNhdGlvbiBldmVudHMuICAgSW4gIGFkZGl0
aW9uLHRoZSAgc3VwZXJ2aXNvcgogICAgICAgICAgYWxsb2NhdGVzICBhbm90aGVyICBidWZmZXIg
IG9mICBzaXplICBzZWNjb21wX25vdGlmX3NpemVzLnNlY+KAkAogICAgICAgICAgY29tcF9ub3Rp
Zl9yZXNwICBieXRlcyAgZm9yICB0aGUgIHJlc3BvbnNlICAoYSAgIHN0cnVjdCAgIHNlY+KAkAog
ICAgICAgICAgY29tcF9ub3RpZl9yZXNwICBzdHJ1Y3R1cmUpIHRoYXQgaXQgd2lsbCBwcm92aWRl
IHRvIHRoZSBrZXJuZWwKICAgICAgICAgIChhbmQgdGh1cyB0aGUgdGFyZ2V0IHByb2Nlc3MpLgoK
ICAgICAgIDQuIFRoZSB0YXJnZXQgcHJvY2VzcyB0aGVuIHBlcmZvcm1zIGl0cyB3b3JrbG9hZCwg
d2hpY2ggIGluY2x1ZGVzCiAgICAgICAgICBzeXN0ZW0gIGNhbGxzICB0aGF0ICB3aWxsIGJlIGNv
bnRyb2xsZWQgYnkgdGhlIHNlY2NvbXAgZmlsdGVyLgogICAgICAgICAgV2hlbmV2ZXIgb25lIG9m
IHRoZXNlIHN5c3RlbSBjYWxscyBjYXVzZXMgdGhlIGZpbHRlciB0byByZXR1cm4KICAgICAgICAg
IHRoZSAgU0VDQ09NUF9SRVRfVVNFUl9OT1RJRiAgYWN0aW9uIHZhbHVlLCB0aGUga2VybmVsIGRv
ZXMgbm90CiAgICAgICAgICBleGVjdXRlIHRoZSBzeXN0ZW0gY2FsbDsgIGluc3RlYWQsICBleGVj
dXRpb24gIG9mICB0aGUgIHRhcmdldAogICAgICAgICAgcHJvY2VzcyBpcyB0ZW1wb3JhcmlseSBi
bG9ja2VkIGluc2lkZSB0aGUga2VybmVsIGFuZCBhIG5vdGlmaeKAkAogICAgICAgICAgY2F0aW9u
IGV2ZW50IGlzIGdlbmVyYXRlZCBvbiB0aGUgbGlzdGVuaW5nIGZpbGUgZGVzY3JpcHRvci4KCiAg
ICAgICA1LiBUaGUgc3VwZXJ2aXNvciBwcm9jZXNzIGNhbiBub3cgcmVwZWF0ZWRseSBtb25pdG9y
IHRoZSAgbGlzdGVu4oCQCiAgICAgICAgICBpbmcgICBmaWxlICAgZGVzY3JpcHRvciAgZm9yICBT
RUNDT01QX1JFVF9VU0VSX05PVElGLXRyaWdnZXJlZAogICAgICAgICAgZXZlbnRzLiAgIFRvICBk
byAgdGhpcywgICB0aGUgICBzdXBlcnZpc29yICAgdXNlcyAgIHRoZSAgIFNFQ+KAkAogICAgICAg
ICAgQ09NUF9JT0NUTF9OT1RJRl9SRUNWICBpb2N0bCgyKSAgb3BlcmF0aW9uIHRvIHJlYWQgaW5m
b3JtYXRpb24KICAgICAgICAgIGFib3V0IGEgbm90aWZpY2F0aW9uIGV2ZW50OyB0aGlzICBvcGVy
YXRpb24gIGJsb2NrcyAgdW50aWwgIGFuCiAgICAgICAgICBldmVudCAgaXMgIGF2YWlsYWJsZS4g
ICBUaGUgIG9wZXJhdGlvbiByZXR1cm5zIGEgc2VjY29tcF9ub3RpZgogICAgICAgICAgc3RydWN0
dXJlIGNvbnRhaW5pbmcgaW5mb3JtYXRpb24gYWJvdXQgdGhlIHN5c3RlbSBjYWxsIHRoYXQgaXMK
ICAgICAgICAgIGJlaW5nIGF0dGVtcHRlZCBieSB0aGUgdGFyZ2V0IHByb2Nlc3MuCgogICAgICAg
Ni4gVGhlICAgIHNlY2NvbXBfbm90aWYgICAgc3RydWN0dXJlICAgcmV0dXJuZWQgICBieSAgIHRo
ZSAgIFNFQ+KAkAogICAgICAgICAgQ09NUF9JT0NUTF9OT1RJRl9SRUNWIG9wZXJhdGlvbiBpbmNs
dWRlcyB0aGUgc2FtZSAgaW5mb3JtYXRpb24KICAgICAgICAgIChhIHNlY2NvbXBfZGF0YSBzdHJ1
Y3R1cmUpIHRoYXQgd2FzIHBhc3NlZCB0byB0aGUgc2VjY29tcCBmaWzigJAKICAgICAgICAgIHRl
ci4gIFRoaXMgaW5mb3JtYXRpb24gYWxsb3dzIHRoZSBzdXBlcnZpc29yIHRvICBkaXNjb3ZlciAg
dGhlCiAgICAgICAgICBzeXN0ZW0gIGNhbGwgbnVtYmVyIGFuZCB0aGUgYXJndW1lbnRzIGZvciB0
aGUgdGFyZ2V0IHByb2Nlc3MncwogICAgICAgICAgc3lzdGVtIGNhbGwuICBJbiBhZGRpdGlvbiwg
dGhlIG5vdGlmaWNhdGlvbiBldmVudCBjb250YWlucyB0aGUKICAgICAgICAgIFBJRCBvZiB0aGUg
dGFyZ2V0IHByb2Nlc3MuCgogICAgICAgICAgVGhlICBpbmZvcm1hdGlvbiAgaW4gIHRoZSBub3Rp
ZmljYXRpb24gY2FuIGJlIHVzZWQgdG8gZGlzY292ZXIKICAgICAgICAgIHRoZSB2YWx1ZXMgb2Yg
cG9pbnRlciBhcmd1bWVudHMgZm9yIHRoZSB0YXJnZXQgcHJvY2VzcydzICBzeXPigJAKICAgICAg
ICAgIHRlbSBjYWxsLiAgKFRoaXMgaXMgc29tZXRoaW5nIHRoYXQgY2FuJ3QgYmUgZG9uZSBmcm9t
IHdpdGhpbiBhCiAgICAgICAgICBzZWNjb21wIGZpbHRlci4pICBUbyBkbyB0aGlzIChhbmQgIGFz
c3VtaW5nICBpdCAgaGFzICBzdWl0YWJsZQogICAgICAgICAgcGVybWlzc2lvbnMpLCAgIHRoZSAg
IHN1cGVydmlzb3IgICBvcGVucyAgIHRoZSAgIGNvcnJlc3BvbmRpbmcKICAgICAgICAgIC9wcm9j
L1twaWRdL21lbSBmaWxlLCBzZWVrcyB0byB0aGUgbWVtb3J5IGxvY2F0aW9uIHRoYXQgY29ycmXi
gJAKICAgICAgICAgIHNwb25kcyB0byBvbmUgb2YgdGhlIHBvaW50ZXIgYXJndW1lbnRzIHdob3Nl
IHZhbHVlIGlzIHN1cHBsaWVkCiAgICAgICAgICBpbiB0aGUgbm90aWZpY2F0aW9uIGV2ZW50LCBh
bmQgcmVhZHMgYnl0ZXMgZnJvbSB0aGF0IGxvY2F0aW9uLgogICAgICAgICAgKFRoZSBzdXBlcnZp
c29yIG11c3QgYmUgY2FyZWZ1bCB0byBhdm9pZCBhIHJhY2UgY29uZGl0aW9uIHRoYXQKICAgICAg
ICAgIGNhbiBvY2N1ciB3aGVuIGRvaW5nIHRoaXM7IHNlZSB0aGUgIGRlc2NyaXB0aW9uICBvZiAg
dGhlICBTRUPigJAKICAgICAgICAgIENPTVBfSU9DVExfTk9USUZfSURfVkFMSUQgaW9jdGwoMikg
b3BlcmF0aW9uIGJlbG93LikgIEluIGFkZGnigJAKICAgICAgICAgIHRpb24sIHRoZSBzdXBlcnZp
c29yIGNhbiBhY2Nlc3Mgb3RoZXIgc3lzdGVtIGluZm9ybWF0aW9uICB0aGF0CiAgICAgICAgICBp
cyAgdmlzaWJsZSAgaW4gIHVzZXIgc3BhY2UgYnV0IHdoaWNoIGlzIG5vdCBhY2Nlc3NpYmxlIGZy
b20gYQogICAgICAgICAgc2VjY29tcCBmaWx0ZXIuCgogICAgICAgICAg4pSM4pSA4pSA4pSA4pSA
4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA
4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA
4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSQCiAgICAgICAgICDilIJGSVhNRSAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIOKUggogICAgICAg
ICAg4pSc4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA
4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA
4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSkCiAg
ICAgICAgICDilIJTdXBwb3NlIHdlIGFyZSByZWFkaW5nIGEgcGF0aG5hbWUgZnJvbSAvcHJvYy9Q
SUQvbWVtIOKUggogICAgICAgICAg4pSCZm9yICBhIHN5c3RlbSBjYWxsIHN1Y2ggYXMgbWtkaXIo
KS4gVGhlIHBhdGhuYW1lIGNhbiDilIIKICAgICAgICAgIOKUgmJlIGFuIGFyYml0cmFyeSBsZW5n
dGguIEhvdyBkbyB3ZSBrbm93IGhvdyBtdWNoIChob3cg4pSCCiAgICAgICAgICDilIJtYW55IHBh
Z2VzKSB0byByZWFkIGZyb20gL3Byb2MvUElEL21lbT8gICAgICAgICAgICAgIOKUggogICAgICAg
ICAg4pSU4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA
4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA
4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSYCgog
ICAgICAgNy4gSGF2aW5nICBvYnRhaW5lZCAgaW5mb3JtYXRpb24gIGFzICBwZXIgIHRoZSBwcmV2
aW91cyBzdGVwLCB0aGUKICAgICAgICAgIHN1cGVydmlzb3IgbWF5IHRoZW4gY2hvb3NlIHRvIHBl
cmZvcm0gYW4gYWN0aW9uIGluIHJlc3BvbnNlIHRvCiAgICAgICAgICB0aGUgIHRhcmdldCAgcHJv
Y2VzcydzICBzeXN0ZW0gY2FsbCAod2hpY2gsIGFzIG5vdGVkIGFib3ZlLCBpcwogICAgICAgICAg
bm90ICBleGVjdXRlZCAgd2hlbiAgdGhlICBzZWNjb21wICBmaWx0ZXIgIHJldHVybnMgIHRoZSAg
IFNFQ+KAkAogICAgICAgICAgQ09NUF9SRVRfVVNFUl9OT1RJRiBhY3Rpb24gdmFsdWUpLgoKICAg
ICAgICAgIE9uZSAgZXhhbXBsZSAgdXNlIGNhc2UgaGVyZSByZWxhdGVzIHRvIGNvbnRhaW5lcnMu
ICBUaGUgdGFyZ2V0CiAgICAgICAgICBwcm9jZXNzIG1heSBiZSBsb2NhdGVkIGluc2lkZSBhIGNv
bnRhaW5lciB3aGVyZSAgaXQgIGRvZXMgIG5vdAogICAgICAgICAgaGF2ZSBzdWZmaWNpZW50IGNh
cGFiaWxpdGllcyB0byBtb3VudCBhIGZpbGVzeXN0ZW0gaW4gdGhlIGNvbuKAkAogICAgICAgICAg
dGFpbmVyJ3MgbW91bnQgbmFtZXNwYWNlLiAgSG93ZXZlciwgdGhlIHN1cGVydmlzb3IgIG1heSAg
YmUgIGEKICAgICAgICAgIG1vcmUgIHByaXZpbGVnZWQgIHByb2Nlc3MgdGhhdCB0aGF0IGRvZXMg
aGF2ZSBzdWZmaWNpZW50IGNhcGHigJAKICAgICAgICAgIGJpbGl0aWVzIHRvIHBlcmZvcm0gdGhl
IG1vdW50IG9wZXJhdGlvbi4KCiAgICAgICA4LiBUaGUgc3VwZXJ2aXNvciB0aGVuIHNlbmRzIGEg
cmVzcG9uc2UgdG8gdGhlIG5vdGlmaWNhdGlvbi4gIFRoZQogICAgICAgICAgaW5mb3JtYXRpb24g
IGluICB0aGlzICByZXNwb25zZSAgaXMgdXNlZCBieSB0aGUga2VybmVsIHRvIGNvbuKAkAogICAg
ICAgICAgc3RydWN0IGEgcmV0dXJuIHZhbHVlIGZvciB0aGUgdGFyZ2V0IHByb2Nlc3MncyBzeXN0
ZW0gY2FsbCBhbmQKICAgICAgICAgIHByb3ZpZGUgYSB2YWx1ZSB0aGF0IHdpbGwgYmUgYXNzaWdu
ZWQgdG8gdGhlIGVycm5vIHZhcmlhYmxlIG9mCiAgICAgICAgICB0aGUgdGFyZ2V0IHByb2Nlc3Mu
CgogICAgICAgICAgVGhlICByZXNwb25zZSAgaXMgIHNlbnQgIHVzaW5nICB0aGUgICBTRUNDT01Q
X0lPQ1RMX05PVElGX1JFQ1YKICAgICAgICAgIGlvY3RsKDIpICAgb3BlcmF0aW9uLCAgIHdoaWNo
ICBpcyAgdXNlZCAgdG8gIHRyYW5zbWl0ICBhICBzZWPigJAKICAgICAgICAgIGNvbXBfbm90aWZf
cmVzcCAgc3RydWN0dXJlICB0byAgdGhlICBrZXJuZWwuICAgVGhpcyAgc3RydWN0dXJlCiAgICAg
ICAgICBpbmNsdWRlcyAgYSAgY29va2llICB2YWx1ZSB0aGF0IHRoZSBzdXBlcnZpc29yIG9idGFp
bmVkIGluIHRoZQogICAgICAgICAgc2VjY29tcF9ub3RpZiAgICBzdHJ1Y3R1cmUgICAgcmV0dXJu
ZWQgICAgIGJ5ICAgICB0aGUgICAgIFNFQ+KAkAogICAgICAgICAgQ09NUF9JT0NUTF9OT1RJRl9S
RUNWIG9wZXJhdGlvbi4gIFRoaXMgY29va2llIHZhbHVlIGFsbG93cyB0aGUKICAgICAgICAgIGtl
cm5lbCB0byBhc3NvY2lhdGUgdGhlIHJlc3BvbnNlIHdpdGggdGhlIHRhcmdldCBwcm9jZXNzLgoK
ICAgICAgIDkuIE9uY2UgdGhlIG5vdGlmaWNhdGlvbiBoYXMgYmVlbiBzZW50LCB0aGUgc3lzdGVt
ICBjYWxsICBpbiAgdGhlCiAgICAgICAgICB0YXJnZXQgIHByb2Nlc3MgIHVuYmxvY2tzLCAgcmV0
dXJuaW5nIHRoZSBpbmZvcm1hdGlvbiB0aGF0IHdhcwogICAgICAgICAgcHJvdmlkZWQgYnkgdGhl
IHN1cGVydmlzb3IgaW4gdGhlIG5vdGlmaWNhdGlvbiByZXNwb25zZS4KCiAgICAgICBBcyBhIHZh
cmlhdGlvbiBvbiB0aGUgbGFzdCB0d28gc3RlcHMsIHRoZSBzdXBlcnZpc29yIGNhbiAgc2VuZCAg
YQogICAgICAgcmVzcG9uc2UgIHRoYXQgdGVsbHMgdGhlIGtlcm5lbCB0aGF0IGl0IHNob3VsZCBl
eGVjdXRlIHRoZSB0YXJnZXQKICAgICAgIHByb2Nlc3MncyAgIHN5c3RlbSAgIGNhbGw7ICAgc2Vl
ICAgdGhlICAgZGlzY3Vzc2lvbiAgICBvZiAgICBTRUPigJAKICAgICAgIENPTVBfVVNFUl9OT1RJ
Rl9GTEFHX0NPTlRJTlVFLCBiZWxvdy4KCiAgIGlvY3RsKDIpIG9wZXJhdGlvbnMKICAgICAgIFRo
ZSBmb2xsb3dpbmcgaW9jdGwoMikgb3BlcmF0aW9ucyBhcmUgcHJvdmlkZWQgdG8gc3VwcG9ydCBz
ZWNjb21wCiAgICAgICB1c2VyLXNwYWNlIG5vdGlmaWNhdGlvbi4gIEZvciBlYWNoIG9mIHRoZXNl
IG9wZXJhdGlvbnMsIHRoZSBmaXJzdAogICAgICAgKGZpbGUgIGRlc2NyaXB0b3IpICBhcmd1bWVu
dCAgb2YgIGlvY3RsKDIpICBpcyB0aGUgbGlzdGVuaW5nIGZpbGUKICAgICAgIGRlc2NyaXB0b3Ig
cmV0dXJuZWQgYnkgYSBjYWxsIHRvIHNlY2NvbXAoMikgd2l0aCB0aGUgU0VDQ09NUF9GSUzigJAK
ICAgICAgIFRFUl9GTEFHX05FV19MSVNURU5FUiBmbGFnLgoKICAgICAgIFNFQ0NPTVBfSU9DVExf
Tk9USUZfUkVDVgogICAgICAgICAgICAgIFRoaXMgb3BlcmF0aW9uIGlzIHVzZWQgdG8gb2J0YWlu
IGEgdXNlci1zcGFjZSBub3RpZmljYXRpb24KICAgICAgICAgICAgICBldmVudC4gIElmIG5vIHN1
Y2ggZXZlbnQgaXMgY3VycmVudGx5IHBlbmRpbmcsIHRoZSAgb3BlcmHigJAKICAgICAgICAgICAg
ICB0aW9uICBibG9ja3MgIHVudGlsICBhbiAgZXZlbnQgb2NjdXJzLiAgVGhlIHRoaXJkIGlvY3Rs
KDIpCiAgICAgICAgICAgICAgYXJndW1lbnQgaXMgYSBwb2ludGVyIHRvIGEgc3RydWN0dXJlIG9m
IHRoZSBmb2xsb3dpbmcgZm9ybQogICAgICAgICAgICAgIHdoaWNoICBjb250YWlucyAgaW5mb3Jt
YXRpb24gYWJvdXQgdGhlIGV2ZW50LiAgVGhpcyBzdHJ1Y+KAkAogICAgICAgICAgICAgIHR1cmUg
bXVzdCBiZSB6ZXJvZWQgb3V0IGJlZm9yZSB0aGUgY2FsbC4KCiAgICAgICAgICAgICAgICAgIHN0
cnVjdCBzZWNjb21wX25vdGlmIHsKICAgICAgICAgICAgICAgICAgICAgIF9fdTY0ICBpZDsgICAg
ICAgICAgICAgIC8qIENvb2tpZSAqLwogICAgICAgICAgICAgICAgICAgICAgX191MzIgIHBpZDsg
ICAgICAgICAgICAgLyogUElEIG9mIHRhcmdldCBwcm9jZXNzICovCiAgICAgICAgICAgICAgICAg
ICAgICBfX3UzMiAgZmxhZ3M7ICAgICAgICAgICAvKiBDdXJyZW50bHkgdW51c2VkICgwKSAqLwog
ICAgICAgICAgICAgICAgICAgICAgc3RydWN0IHNlY2NvbXBfZGF0YSBkYXRhOyAgIC8qIFNlZSBz
ZWNjb21wKDIpICovCiAgICAgICAgICAgICAgICAgIH07CgogICAgICAgICAgICAgIFRoZSBmaWVs
ZHMgaW4gdGhpcyBzdHJ1Y3R1cmUgYXJlIGFzIGZvbGxvd3M6CgogICAgICAgICAgICAgIGlkICAg
ICBUaGlzIGlzIGEgY29va2llIGZvciB0aGUgbm90aWZpY2F0aW9uLiAgIEVhY2ggIHN1Y2gKICAg
ICAgICAgICAgICAgICAgICAgY29va2llICBpcyAgZ3VhcmFudGVlZCAgdG8gYmUgdW5pcXVlIGZv
ciB0aGUgY29ycmXigJAKICAgICAgICAgICAgICAgICAgICAgc3BvbmRpbmcgc2VjY29tcCAgZmls
dGVyLiAgIEluICBvdGhlciAgd29yZHMsICB0aGlzCiAgICAgICAgICAgICAgICAgICAgIGNvb2tp
ZSAgaXMgIHVuaXF1ZSBmb3IgZWFjaCBub3RpZmljYXRpb24gZXZlbnQgZnJvbQogICAgICAgICAg
ICAgICAgICAgICB0aGUgdGFyZ2V0IHByb2Nlc3MuICBUaGUgY29va2llIHZhbHVlIGhhcyB0aGUg
IGZvbOKAkAogICAgICAgICAgICAgICAgICAgICBsb3dpbmcgdXNlczoKCiAgICAgICAgICAgICAg
ICAgICAgIMK3IEl0ICAgICBjYW4gICAgIGJlICAgICB1c2VkICAgIHdpdGggICAgdGhlICAgIFNF
Q+KAkAogICAgICAgICAgICAgICAgICAgICAgIENPTVBfSU9DVExfTk9USUZfSURfVkFMSUQgaW9j
dGwoMikgIG9wZXJhdGlvbiAgdG8KICAgICAgICAgICAgICAgICAgICAgICB2ZXJpZnkgdGhhdCB0
aGUgdGFyZ2V0IHByb2Nlc3MgaXMgc3RpbGwgYWxpdmUuCgogICAgICAgICAgICAgICAgICAgICDC
tyBXaGVuICByZXR1cm5pbmcgIGEgIG5vdGlmaWNhdGlvbiAgcmVzcG9uc2UgdG8gdGhlCiAgICAg
ICAgICAgICAgICAgICAgICAga2VybmVsLCB0aGUgc3VwZXJ2aXNvciBtdXN0ICBpbmNsdWRlICB0
aGUgIGNvb2tpZQogICAgICAgICAgICAgICAgICAgICAgIHZhbHVlIGluIHRoZSBzZWNjb21wX25v
dGlmX3Jlc3Agc3RydWN0dXJlIHRoYXQgaXMKICAgICAgICAgICAgICAgICAgICAgICBzcGVjaWZp
ZWQgICBhcyAgIHRoZSAgIGFyZ3VtZW50ICAgb2YgICB0aGUgICBTRUPigJAKICAgICAgICAgICAg
ICAgICAgICAgICBDT01QX0lPQ1RMX05PVElGX1NFTkQgb3BlcmF0aW9uLgoKICAgICAgICAgICAg
ICBwaWQgICAgVGhpcyAgaXMgIHRoZSAgUElEIG9mIHRoZSB0YXJnZXQgcHJvY2VzcyB0aGF0IHRy
aWfigJAKICAgICAgICAgICAgICAgICAgICAgZ2VyZWQgdGhlIG5vdGlmaWNhdGlvbiBldmVudC4K
CiAgICAgICAgICAgICAgICAgICAgIOKUjOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKU
gOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKU
gOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKU
gOKUgOKUgOKUgOKUgOKUkAogICAgICAgICAgICAgICAgICAgICDilIJGSVhNRSAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIOKUggogICAgICAgICAgICAgICAg
ICAgICDilJzilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDi
lIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDi
lIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilKQK
ICAgICAgICAgICAgICAgICAgICAg4pSCVGhpcyBpcyBhIHRocmVhZCBJRCwgcmF0aGVyIHRoYW4g
YSBQSUQsIHJpZ2h0PyAgICAgICDilIIKICAgICAgICAgICAgICAgICAgICAg4pSU4pSA4pSA4pSA
4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA
4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA
4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSYCgogICAgICAgICAgICAgIGZs
YWdzICBUaGlzIGlzIGEgIGJpdCAgbWFzayAgb2YgIGZsYWdzICBwcm92aWRpbmcgIGZ1cnRoZXIK
ICAgICAgICAgICAgICAgICAgICAgaW5mb3JtYXRpb24gb24gdGhlIGV2ZW50LiAgSW4gdGhlIGN1
cnJlbnQgaW1wbGVtZW7igJAKICAgICAgICAgICAgICAgICAgICAgdGF0aW9uLCB0aGlzIGZpZWxk
IGlzIGFsd2F5cyB6ZXJvLgoKICAgICAgICAgICAgICBkYXRhICAgVGhpcyBpcyBhIHNlY2NvbXBf
ZGF0YSBzdHJ1Y3R1cmUgY29udGFpbmluZyAgaW5mb3LigJAKICAgICAgICAgICAgICAgICAgICAg
bWF0aW9uICBhYm91dCAgdGhlICBzeXN0ZW0gIGNhbGwgdGhhdCB0cmlnZ2VyZWQgdGhlCiAgICAg
ICAgICAgICAgICAgICAgIG5vdGlmaWNhdGlvbi4gIFRoaXMgaXMgdGhlIHNhbWUgc3RydWN0dXJl
ICB0aGF0ICBpcwogICAgICAgICAgICAgICAgICAgICBwYXNzZWQgIHRvICB0aGUgc2VjY29tcCBm
aWx0ZXIuICBTZWUgc2VjY29tcCgyKSBmb3IKICAgICAgICAgICAgICAgICAgICAgZGV0YWlscyBv
ZiB0aGlzIHN0cnVjdHVyZS4KCiAgICAgICAgICAgICAgT24gc3VjY2VzcywgdGhpcyBvcGVyYXRp
b24gcmV0dXJucyAwOyBvbiAgZmFpbHVyZSwgIC0xICBpcwogICAgICAgICAgICAgIHJldHVybmVk
LCAgYW5kICBlcnJubyAgaXMgc2V0IHRvIGluZGljYXRlIHRoZSBjYXVzZSBvZiB0aGUKICAgICAg
ICAgICAgICBlcnJvci4gIFRoaXMgb3BlcmF0aW9uIGNhbiBmYWlsIHdpdGggdGhlIGZvbGxvd2lu
ZyBlcnJvcnM6CgogICAgICAgICAgICAgIEVJTlZBTCAoc2luY2UgTGludXggNS41KQogICAgICAg
ICAgICAgICAgICAgICBUaGUgc2VjY29tcF9ub3RpZiBzdHJ1Y3R1cmUgdGhhdCB3YXMgcGFzc2Vk
IHRvICB0aGUKICAgICAgICAgICAgICAgICAgICAgY2FsbCBjb250YWluZWQgbm9uemVybyBmaWVs
ZHMuCgogICAgICAgICAgICAgIEVOT0VOVCBUaGUgIHRhcmdldCAgcHJvY2VzcyAgd2FzIGtpbGxl
ZCBieSBhIHNpZ25hbCBhcyB0aGUKICAgICAgICAgICAgICAgICAgICAgbm90aWZpY2F0aW9uIGlu
Zm9ybWF0aW9uIHdhcyBiZWluZyBnZW5lcmF0ZWQuCgogICAgICAg4pSM4pSA4pSA4pSA4pSA4pSA
4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA
4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA
4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSQCiAgICAgICDilIJGSVhNRSAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIOKUggogICAgICAg4pSc4pSA
4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA
4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA
4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSkCiAgICAgICDilIJG
cm9tIG15IGV4cGVyaW1lbnRzLCAgaXQgIGFwcGVhcnMgIHRoYXQgIGlmICBhICBTRUPigJAg4pSC
CiAgICAgICDilIJDT01QX0lPQ1RMX05PVElGX1JFQ1YgICBpcyAgZG9uZSAgYWZ0ZXIgIHRoZSAg
dGFyZ2V0IOKUggogICAgICAg4pSCcHJvY2VzcyB0ZXJtaW5hdGVzLCB0aGVuIHRoZSBpb2N0bCgp
ICBzaW1wbHkgIGJsb2NrcyDilIIKICAgICAgIOKUgihyYXRoZXIgdGhhbiByZXR1cm5pbmcgYW4g
ZXJyb3IgdG8gaW5kaWNhdGUgdGhhdCB0aGUg4pSCCiAgICAgICDilIJ0YXJnZXQgcHJvY2VzcyBu
byBsb25nZXIgZXhpc3RzKS4gICAgICAgICAgICAgICAgICAgIOKUggogICAgICAg4pSCICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICDilIIKICAgICAg
IOKUgkkgZm91bmQgdGhhdCBzdXJwcmlzaW5nLCBhbmQgaXQgcmVxdWlyZWQgIHNvbWUgIGNvbuKA
kCDilIIKICAgICAgIOKUgnRvcnRpb25zICBpbiB0aGUgZXhhbXBsZSBwcm9ncmFtLiAgSXQgd2Fz
IG5vdCBwb3NzaeKAkCDilIIKICAgICAgIOKUgmJsZSB0byBjb2RlIG15IFNJR0NITEQgaGFuZGxl
ciAod2hpY2ggcmVhcHMgdGhlIHpvbeKAkCDilIIKICAgICAgIOKUgmJpZSAgd2hlbiAgdGhlICB3
b3JrZXIvdGFyZ2V0IHByb2Nlc3MgdGVybWluYXRlcykgdG8g4pSCCiAgICAgICDilIJzaW1wbHkg
c2V0IGEgZmxhZyBjaGVja2VkIGluIHRoZSBtYWluICBoYW5kbGVOb3RpZmnigJAg4pSCCiAgICAg
ICDilIJjYXRpb25zKCkgIGxvb3AsICBzaW5jZSAgdGhpcyBjcmVhdGVkIGFuIHVuYXZvaWRhYmxl
IOKUggogICAgICAg4pSCcmFjZSB3aGVyZSB0aGUgY2hpbGQgbWlnaHQgdGVybWluYXRlICBqdXN0
ICBhZnRlciAgSSDilIIKICAgICAgIOKUgmhhZCAgY2hlY2tlZCAgdGhlICBmbGFnLCAgYnV0IGJl
Zm9yZSBJIGJsb2NrZWQgKGZvcuKAkCDilIIKICAgICAgIOKUgmV2ZXIhKSBpbiAgdGhlICBTRUND
T01QX0lPQ1RMX05PVElGX1JFQ1YgIG9wZXJhdGlvbi4g4pSCCiAgICAgICDilIJJbnN0ZWFkLCAg
SSBoYWQgdG8gY29kZSB0aGUgc2lnbmFsIGhhbmRsZXIgdG8gc2ltcGx5IOKUggogICAgICAg4pSC
Y2FsbCBfZXhpdCgyKSAgaW4gIG9yZGVyICB0byAgdGVybWluYXRlICB0aGUgIHBhcmVudCDilIIK
ICAgICAgIOKUgnByb2Nlc3MgKHRoZSBzdXBlcnZpc29yKS4gICAgICAgICAgICAgICAgICAgICAg
ICAgICAg4pSCCiAgICAgICDilIIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgIOKUggogICAgICAg4pSCSXMgIHRoaXMgIGV4cGVjdGVkICBiZWhhdmlv
cj8gIEl0IHNlZW1zIHRvIG1lIHJhdGhlciDilIIKICAgICAgIOKUgmRlc2lyYWJsZSB0aGF0IFNF
Q0NPTVBfSU9DVExfTk9USUZfUkVDViBzaG91bGQgIGdpdmUg4pSCCiAgICAgICDilIJhbiBlcnJv
ciBpZiB0aGUgdGFyZ2V0IHByb2Nlc3MgaGFzIHRlcm1pbmF0ZWQuICAgICAgIOKUggogICAgICAg
4pSU4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA
4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA
4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSYCgogICAg
ICAgU0VDQ09NUF9JT0NUTF9OT1RJRl9JRF9WQUxJRAogICAgICAgICAgICAgIFRoaXMgb3BlcmF0
aW9uIGNhbiBiZSB1c2VkIHRvIGNoZWNrIHRoYXQgYSBub3RpZmljYXRpb24gSUQKICAgICAgICAg
ICAgICByZXR1cm5lZCBieSBhbiBlYXJsaWVyIFNFQ0NPTVBfSU9DVExfTk9USUZfUkVDViAgb3Bl
cmF0aW9uCiAgICAgICAgICAgICAgaXMgIHN0aWxsICB2YWxpZCAgKGkuZS4sICB0aGF0ICB0aGUg
IHRhcmdldCAgcHJvY2VzcyBzdGlsbAogICAgICAgICAgICAgIGV4aXN0cykuCgogICAgICAgICAg
ICAgIFRoZSB0aGlyZCBpb2N0bCgyKSBhcmd1bWVudCBpcyBhICBwb2ludGVyICB0byAgdGhlICBj
b29raWUKICAgICAgICAgICAgICAoaWQpIHJldHVybmVkIGJ5IHRoZSBTRUNDT01QX0lPQ1RMX05P
VElGX1JFQ1Ygb3BlcmF0aW9uLgoKICAgICAgICAgICAgICBUaGlzICBvcGVyYXRpb24gaXMgbmVj
ZXNzYXJ5IHRvIGF2b2lkIHJhY2UgY29uZGl0aW9ucyB0aGF0CiAgICAgICAgICAgICAgY2FuICBv
Y2N1ciAgIHdoZW4gICB0aGUgICBwaWQgICByZXR1cm5lZCAgIGJ5ICAgdGhlICAgU0VD4oCQCiAg
ICAgICAgICAgICAgQ09NUF9JT0NUTF9OT1RJRl9SRUNWICAgb3BlcmF0aW9uICAgdGVybWluYXRl
cywgIGFuZCAgdGhhdAogICAgICAgICAgICAgIHByb2Nlc3MgSUQgaXMgcmV1c2VkIGJ5IGFub3Ro
ZXIgcHJvY2Vzcy4gICBBbiAgZXhhbXBsZSAgb2YKICAgICAgICAgICAgICB0aGlzIGtpbmQgb2Yg
cmFjZSBpcyB0aGUgZm9sbG93aW5nCgogICAgICAgICAgICAgIDEuIEEgIG5vdGlmaWNhdGlvbiAg
aXMgIGdlbmVyYXRlZCAgb24gIHRoZSAgbGlzdGVuaW5nIGZpbGUKICAgICAgICAgICAgICAgICBk
ZXNjcmlwdG9yLiAgVGhlIHJldHVybmVkICBzZWNjb21wX25vdGlmICBjb250YWlucyAgdGhlCiAg
ICAgICAgICAgICAgICAgUElEIG9mIHRoZSB0YXJnZXQgcHJvY2Vzcy4KCiAgICAgICAgICAgICAg
Mi4gVGhlIHRhcmdldCBwcm9jZXNzIHRlcm1pbmF0ZXMuCgogICAgICAgICAgICAgIDMuIEFub3Ro
ZXIgcHJvY2VzcyBpcyBjcmVhdGVkIG9uIHRoZSBzeXN0ZW0gdGhhdCBieSBjaGFuY2UKICAgICAg
ICAgICAgICAgICByZXVzZXMgdGhlIFBJRCB0aGF0IHdhcyBmcmVlZCB3aGVuIHRoZSAgdGFyZ2V0
ICBwcm9jZXNzCiAgICAgICAgICAgICAgICAgdGVybWluYXRlcy4KCiAgICAgICAgICAgICAgNC4g
VGhlICBzdXBlcnZpc29yICBvcGVuKDIpcyAgdGhlIC9wcm9jL1twaWRdL21lbSBmaWxlIGZvcgog
ICAgICAgICAgICAgICAgIHRoZSBQSUQgb2J0YWluZWQgaW4gc3RlcCAxLCB3aXRoIHRoZSBpbnRl
bnRpb24gb2YgKHNheSkKICAgICAgICAgICAgICAgICBpbnNwZWN0aW5nIHRoZSBtZW1vcnkgbG9j
YXRpb25zIHRoYXQgY29udGFpbnMgdGhlIGFyZ3XigJAKICAgICAgICAgICAgICAgICBtZW50cyBv
ZiB0aGUgc3lzdGVtIGNhbGwgdGhhdCB0cmlnZ2VyZWQgIHRoZSAgbm90aWZpY2HigJAKICAgICAg
ICAgICAgICAgICB0aW9uIGluIHN0ZXAgMS4KCiAgICAgICAgICAgICAgSW4gdGhlIGFib3ZlIHNj
ZW5hcmlvLCB0aGUgcmlzayBpcyB0aGF0IHRoZSBzdXBlcnZpc29yIG1heQogICAgICAgICAgICAg
IHRyeSB0byBhY2Nlc3MgdGhlIG1lbW9yeSBvZiBhIHByb2Nlc3Mgb3RoZXIgdGhhbiB0aGUgIHRh
cuKAkAogICAgICAgICAgICAgIGdldC4gICBUaGlzICByYWNlICBjYW4gYmUgYXZvaWRlZCBieSBm
b2xsb3dpbmcgdGhlIGNhbGwgdG8KICAgICAgICAgICAgICBvcGVuIHdpdGggYSBTRUNDT01QX0lP
Q1RMX05PVElGX0lEX1ZBTElEIG9wZXJhdGlvbiB0byB2ZXLigJAKICAgICAgICAgICAgICBpZnkg
IHRoYXQgIHRoZSAgcHJvY2VzcyB0aGF0IGdlbmVyYXRlZCB0aGUgbm90aWZpY2F0aW9uIGlzCiAg
ICAgICAgICAgICAgc3RpbGwgYWxpdmUuICAoTm90ZSB0aGF0ICBpZiAgdGhlICB0YXJnZXQgIHBy
b2Nlc3MgIHN1YnNl4oCQCiAgICAgICAgICAgICAgcXVlbnRseSAgdGVybWluYXRlcywgaXRzIFBJ
RCB3b24ndCBiZSByZXVzZWQgYmVjYXVzZSB0aGVyZQogICAgICAgICAgICAgIHJlbWFpbnMgYW4g
b3BlbiByZWZlcmVuY2UgdG8gdGhlIC9wcm9jW3BpZF0vbWVtICBmaWxlOyAgaW4KICAgICAgICAg
ICAgICB0aGlzICBjYXNlLCBhIHN1YnNlcXVlbnQgcmVhZCgyKSBmcm9tIHRoZSBmaWxlIHdpbGwg
cmV0dXJuCiAgICAgICAgICAgICAgMCwgaW5kaWNhdGluZyBlbmQgb2YgZmlsZS4pCgogICAgICAg
ICAgICAgIE9uIHN1Y2Nlc3MgKGkuZS4sIHRoZSBub3RpZmljYXRpb24gIElEICBpcyAgc3RpbGwg
IHZhbGlkKSwKICAgICAgICAgICAgICB0aGlzICBvcGVyYXRpb24gIHJldHVybnMgMCBPbiBmYWls
dXJlIChpLmUuLCB0aGUgbm90aWZpY2HigJAKICAgICAgICAgICAgICB0aW9uIElEIGlzIG5vIGxv
bmdlciB2YWxpZCksIC0xIGlzIHJldHVybmVkLCBhbmQgZXJybm8gIGlzCiAgICAgICAgICAgICAg
c2V0IHRvIEVOT0VOVC4KCiAgICAgICBTRUNDT01QX0lPQ1RMX05PVElGX1NFTkQKICAgICAgICAg
ICAgICBUaGlzICBvcGVyYXRpb24gIGlzICB1c2VkICB0byBzZW5kIGEgbm90aWZpY2F0aW9uIHJl
c3BvbnNlCiAgICAgICAgICAgICAgYmFjayB0byB0aGUga2VybmVsLiAgVGhlIHRoaXJkIGlvY3Rs
KDIpIGFyZ3VtZW50ICBvZiAgdGhpcwogICAgICAgICAgICAgIHN0cnVjdHVyZSAgaXMgIGEgIHBv
aW50ZXIgIHRvIGEgc3RydWN0dXJlIG9mIHRoZSBmb2xsb3dpbmcKICAgICAgICAgICAgICBmb3Jt
OgoKICAgICAgICAgICAgICAgICAgc3RydWN0IHNlY2NvbXBfbm90aWZfcmVzcCB7CiAgICAgICAg
ICAgICAgICAgICAgICBfX3U2NCBpZDsgICAgICAgICAgICAgICAvKiBDb29raWUgdmFsdWUgKi8K
ICAgICAgICAgICAgICAgICAgICAgIF9fczY0IHZhbDsgICAgICAgICAgICAgIC8qIFN1Y2Nlc3Mg
cmV0dXJuIHZhbHVlICovCiAgICAgICAgICAgICAgICAgICAgICBfX3MzMiBlcnJvcjsgICAgICAg
ICAgICAvKiAwIChzdWNjZXNzKSBvciBuZWdhdGl2ZQogICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgZXJyb3IgbnVtYmVyICovCiAgICAgICAgICAgICAgICAg
ICAgICBfX3UzMiBmbGFnczsgICAgICAgICAgICAvKiBTZWUgYmVsb3cgKi8KICAgICAgICAgICAg
ICAgICAgfTsKCiAgICAgICAgICAgICAgVGhlIGZpZWxkcyBvZiB0aGlzIHN0cnVjdHVyZSBhcmUg
YXMgZm9sbG93czoKCiAgICAgICAgICAgICAgaWQgICAgIFRoaXMgaXMgdGhlIGNvb2tpZSB2YWx1
ZSB0aGF0ICB3YXMgIG9idGFpbmVkICB1c2luZwogICAgICAgICAgICAgICAgICAgICB0aGUgICBT
RUNDT01QX0lPQ1RMX05PVElGX1JFQ1YgICBvcGVyYXRpb24uICAgIFRoaXMKICAgICAgICAgICAg
ICAgICAgICAgY29va2llIHZhbHVlIGFsbG93cyB0aGUga2VybmVsIHRvICBjb3JyZWN0bHkgIGFz
c2/igJAKICAgICAgICAgICAgICAgICAgICAgY2lhdGUgdGhpcyByZXNwb25zZSB3aXRoIHRoZSBz
eXN0ZW0gY2FsbCB0aGF0IHRyaWfigJAKICAgICAgICAgICAgICAgICAgICAgZ2VyZWQgdGhlIHVz
ZXItc3BhY2Ugbm90aWZpY2F0aW9uLgoKICAgICAgICAgICAgICB2YWwgICAgVGhpcyBpcyB0aGUg
dmFsdWUgdGhhdCB3aWxsIGJlIHVzZWQgZm9yICBhICBzcG9vZmVkCiAgICAgICAgICAgICAgICAg
ICAgIHN1Y2Nlc3MgIHJldHVybiAgZm9yICB0aGUgIHRhcmdldCAgcHJvY2VzcydzIHN5c3RlbQog
ICAgICAgICAgICAgICAgICAgICBjYWxsOyBzZWUgYmVsb3cuCgogICAgICAgICAgICAgIGVycm9y
ICBUaGlzIGlzIHRoZSB2YWx1ZSB0aGF0IHdpbGwgYmUgdXNlZCAgYXMgIHRoZSAgZXJyb3IKICAg
ICAgICAgICAgICAgICAgICAgbnVtYmVyICAoZXJybm8pICBmb3IgYSBzcG9vZmVkIGVycm9yIHJl
dHVybiBmb3IgdGhlCiAgICAgICAgICAgICAgICAgICAgIHRhcmdldCBwcm9jZXNzJ3Mgc3lzdGVt
IGNhbGw7IHNlZSBiZWxvdy4KCiAgICAgICAgICAgICAgZmxhZ3MgIFRoaXMgaXMgYSBiaXQgbWFz
ayB0aGF0IGluY2x1ZGVzIHplcm8gIG9yICBtb3JlICBvZgogICAgICAgICAgICAgICAgICAgICB0
aGUgZm9sbG93aW5nIGZsYWdzCgogICAgICAgICAgICAgICAgICAgICBTRUNDT01QX1VTRVJfTk9U
SUZfRkxBR19DT05USU5VRSAoc2luY2UgTGludXggNS41KQogICAgICAgICAgICAgICAgICAgICAg
ICAgICAgVGVsbCAgIHRoZSAga2VybmVsICB0byAgZXhlY3V0ZSAgdGhlICB0YXJnZXQKICAgICAg
ICAgICAgICAgICAgICAgICAgICAgIHByb2Nlc3MncyBzeXN0ZW0gY2FsbC4KCiAgICAgICAgICAg
ICAgVHdvIGtpbmRzIG9mIHJlc3BvbnNlIGFyZSBwb3NzaWJsZToKCiAgICAgICAgICAgICAgwrcg
QSByZXNwb25zZSB0byB0aGUga2VybmVsIHRlbGxpbmcgaXQgdG8gZXhlY3V0ZSB0aGUgIHRhcuKA
kAogICAgICAgICAgICAgICAgZ2V0ICBwcm9jZXNzJ3MgIHN5c3RlbSAgY2FsbC4gICBJbiAgdGhp
cyBjYXNlLCB0aGUgZmxhZ3MKICAgICAgICAgICAgICAgIGZpZWxkIGluY2x1ZGVzIFNFQ0NPTVBf
VVNFUl9OT1RJRl9GTEFHX0NPTlRJTlVFIGFuZCAgdGhlCiAgICAgICAgICAgICAgICBlcnJvciBh
bmQgdmFsIGZpZWxkcyBtdXN0IGJlIHplcm8uCgogICAgICAgICAgICAgICAgVGhpcyAga2luZCAg
b2YgcmVzcG9uc2UgY2FuIGJlIHVzZWZ1bCBpbiBjYXNlcyB3aGVyZSB0aGUKICAgICAgICAgICAg
ICAgIHN1cGVydmlzb3IgbmVlZHMgdG8gZG8gZGVlcGVyIGFuYWx5c2lzIG9mICB0aGUgIHRhcmdl
dCdzCiAgICAgICAgICAgICAgICBzeXN0ZW0gIGNhbGwgIHRoYW4gIGlzICBwb3NzaWJsZSAgZnJv
bSAgYSBzZWNjb21wIGZpbHRlcgogICAgICAgICAgICAgICAgKGUuZy4sIGV4YW1pbmluZyB0aGUg
dmFsdWVzIG9mIHBvaW50ZXIgYXJndW1lbnRzKSwgIGFuZCwKICAgICAgICAgICAgICAgIGhhdmlu
ZyAgdmVyaWZpZWQgdGhhdCB0aGUgc3lzdGVtIGNhbGwgaXMgYWNjZXB0YWJsZSwgdGhlCiAgICAg
ICAgICAgICAgICBzdXBlcnZpc29yIHdhbnRzIHRvIGFsbG93IGl0IHRvIHByb2NlZWQuCgogICAg
ICAgICAgICAgIMK3IEEgc3Bvb2ZlZCByZXR1cm4gdmFsdWUgZm9yIHRoZSB0YXJnZXQgIHByb2Nl
c3MncyAgc3lzdGVtCiAgICAgICAgICAgICAgICBjYWxsLiAgIEluICB0aGlzICBjYXNlLCAgdGhl
IGtlcm5lbCBkb2VzIG5vdCBleGVjdXRlIHRoZQogICAgICAgICAgICAgICAgdGFyZ2V0IHByb2Nl
c3MncyBzeXN0ZW0gY2FsbCwgaW5zdGVhZCBjYXVzaW5nIHRoZSBzeXN0ZW0KICAgICAgICAgICAg
ICAgIGNhbGwgdG8gcmV0dXJuIGEgc3Bvb2ZlZCB2YWx1ZSBhcyBzcGVjaWZpZWQgYnkgZmllbGRz
IG9mCiAgICAgICAgICAgICAgICB0aGUgc2VjY29tcF9ub3RpZl9yZXNwIHN0cnVjdHVyZS4gIFRo
ZSBzdXBlcnZpc29yIHNob3VsZAogICAgICAgICAgICAgICAgc2V0IHRoZSBmaWVsZHMgb2YgdGhp
cyBzdHJ1Y3R1cmUgYXMgZm9sbG93czoKCiAgICAgICAgICAgICAgICArICBmbGFncyAgZG9lcyAg
bm90IGNvbnRhaW4gU0VDQ09NUF9VU0VSX05PVElGX0ZMQUdfQ09O4oCQCiAgICAgICAgICAgICAg
ICAgICBUSU5VRS4KCiAgICAgICAgICAgICAgICArICBlcnJvciBpcyBzZXQgZWl0aGVyIHRvICAw
ICBmb3IgIGEgIHNwb29mZWQgICJzdWNjZXNzIgogICAgICAgICAgICAgICAgICAgcmV0dXJuICBv
ciAgdG8gIGEgbmVnYXRpdmUgZXJyb3IgbnVtYmVyIGZvciBhIHNwb29mZWQKICAgICAgICAgICAg
ICAgICAgICJmYWlsdXJlIiByZXR1cm4uICBJbiB0aGUgIGZvcm1lciAgY2FzZSwgIHRoZSAga2Vy
bmVsCiAgICAgICAgICAgICAgICAgICBjYXVzZXMgdGhlIHRhcmdldCBwcm9jZXNzJ3Mgc3lzdGVt
IGNhbGwgdG8gcmV0dXJuIHRoZQogICAgICAgICAgICAgICAgICAgdmFsdWUgc3BlY2lmaWVkIGlu
IHRoZSB2YWwgZmllbGQuICBJbiB0aGUgbGF0ZXIgY2FzZSwKICAgICAgICAgICAgICAgICAgIHRo
ZSBrZXJuZWwgY2F1c2VzIHRoZSB0YXJnZXQgcHJvY2VzcydzIHN5c3RlbSBjYWxsIHRvCiAgICAg
ICAgICAgICAgICAgICByZXR1cm4gLTEsIGFuZCBlcnJubyBpcyBhc3NpZ25lZCAgdGhlICBuZWdh
dGVkICBlcnJvcgogICAgICAgICAgICAgICAgICAgdmFsdWUuCgogICAgICAgICAgICAgICAgKyAg
dmFsIGlzIHNldCB0byBhIHZhbHVlIHRoYXQgd2lsbCBiZSB1c2VkIGFzIHRoZSByZXR1cm4KICAg
ICAgICAgICAgICAgICAgIHZhbHVlIGZvciBhIHNwb29mZWQgInN1Y2Nlc3MiIHJldHVybiBmb3Ig
IHRoZSAgdGFyZ2V0CiAgICAgICAgICAgICAgICAgICBwcm9jZXNzJ3MgIHN5c3RlbSAgY2FsbC4g
ICBUaGUgdmFsdWUgaW4gdGhpcyBmaWVsZCBpcwogICAgICAgICAgICAgICAgICAgaWdub3JlZCBp
ZiB0aGUgZXJyb3IgZmllbGQgY29udGFpbnMgYSBub256ZXJvIHZhbHVlLgoKICAgICAgICAgICAg
ICBPbiBzdWNjZXNzLCB0aGlzIG9wZXJhdGlvbiByZXR1cm5zIDA7IG9uICBmYWlsdXJlLCAgLTEg
IGlzCiAgICAgICAgICAgICAgcmV0dXJuZWQsICBhbmQgIGVycm5vICBpcyBzZXQgdG8gaW5kaWNh
dGUgdGhlIGNhdXNlIG9mIHRoZQogICAgICAgICAgICAgIGVycm9yLiAgVGhpcyBvcGVyYXRpb24g
Y2FuIGZhaWwgd2l0aCB0aGUgZm9sbG93aW5nIGVycm9yczoKCiAgICAgICAgICAgICAgRUlOUFJP
R1JFU1MKICAgICAgICAgICAgICAgICAgICAgQSByZXNwb25zZSB0byB0aGlzIG5vdGlmaWNhdGlv
biAgaGFzICBhbHJlYWR5ICBiZWVuCiAgICAgICAgICAgICAgICAgICAgIHNlbnQuCgogICAgICAg
ICAgICAgIEVJTlZBTCBBbiBpbnZhbGlkIHZhbHVlIHdhcyBzcGVjaWZpZWQgaW4gdGhlIGZsYWdz
IGZpZWxkLgoKICAgICAgICAgICAgICBFSU5WQUwgVGhlICAgICAgIGZsYWdzICAgICAgZmllbGQg
ICAgICBjb250YWluZWQgICAgICBTRUPigJAKICAgICAgICAgICAgICAgICAgICAgQ09NUF9VU0VS
X05PVElGX0ZMQUdfQ09OVElOVUUsIGFuZCB0aGUgZXJyb3Igb3IgdmFsCiAgICAgICAgICAgICAg
ICAgICAgIGZpZWxkIHdhcyBub3QgemVyby4KCiAgICAgICAgICAgICAgRU5PRU5UIFRoZSAgYmxv
Y2tlZCAgc3lzdGVtIGNhbGwgaW4gdGhlIHRhcmdldCBwcm9jZXNzIGhhcwogICAgICAgICAgICAg
ICAgICAgICBiZWVuIGludGVycnVwdGVkIGJ5IGEgc2lnbmFsIGhhbmRsZXIuCgpOT1RFUwogICAg
ICAgVGhlIGZpbGUgZGVzY3JpcHRvciByZXR1cm5lZCB3aGVuIHNlY2NvbXAoMikgaXMgZW1wbG95
ZWQgd2l0aCB0aGUKICAgICAgIFNFQ0NPTVBfRklMVEVSX0ZMQUdfTkVXX0xJU1RFTkVSICBmbGFn
ICBjYW4gIGJlICBtb25pdG9yZWQgIHVzaW5nCiAgICAgICBwb2xsKDIpLCBlcG9sbCg3KSwgYW5k
IHNlbGVjdCgyKS4gIFdoZW4gYSBub3RpZmljYXRpb24gIGlzICBwZW5k4oCQCiAgICAgICBpbmcs
ICB0aGVzZSBpbnRlcmZhY2VzIGluZGljYXRlIHRoYXQgdGhlIGZpbGUgZGVzY3JpcHRvciBpcyBy
ZWFk4oCQCiAgICAgICBhYmxlLgoKICAgICAgIOKUjOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKU
gOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKU
gOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKU
gOKUgOKUgOKUgOKUgOKUgOKUgOKUkAogICAgICAg4pSCRklYTUUgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICDilIIKICAgICAgIOKUnOKUgOKUgOKUgOKUgOKU
gOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKU
gOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKU
gOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUpAogICAgICAg4pSCSW50ZXJlc3Rpbmds
eSwgYWZ0ZXIgdGhlIGV2ZW50ICBoYWQgIGJlZW4gIHJlY2VpdmVkLCDilIIKICAgICAgIOKUgnRo
ZSAgZmlsZSBkZXNjcmlwdG9yIGluZGljYXRlcyBhcyB3cml0YWJsZSAodmVyaWZpZWQg4pSCCiAg
ICAgICDilIJmcm9tIHRoZSBzb3VyY2UgY29kZSBhbmQgYnkgZXhwZXJpbWVudCkuIEhvdyBpcyB0
aGlzIOKUggogICAgICAg4pSCdXNlZnVsPyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICDilIIKICAgICAgIOKUlOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKU
gOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKU
gOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKU
gOKUgOKUgOKUgOKUgOKUgOKUmAoKRVhBTVBMRVMKICAgICAgIFRoZSAoc29tZXdoYXQgY29udHJp
dmVkKSBwcm9ncmFtIHNob3duIGJlbG93IGRlbW9uc3RyYXRlcyB0aGUgdXNlCiAgICAgICBvZiB0
aGUgaW50ZXJmYWNlcyBkZXNjcmliZWQgaW4gdGhpcyBwYWdlLiAgVGhlIHByb2dyYW0gY3JlYXRl
cyAgYQogICAgICAgY2hpbGQgIHByb2Nlc3MgIHRoYXQgIHNlcnZlcyAgYXMgdGhlICJ0YXJnZXQi
IHByb2Nlc3MuICBUaGUgY2hpbGQKICAgICAgIHByb2Nlc3MgIGluc3RhbGxzICBhICBzZWNjb21w
ICBmaWx0ZXIgIHRoYXQgIHJldHVybnMgICB0aGUgICBTRUPigJAKICAgICAgIENPTVBfUkVUX1VT
RVJfTk9USUYgIGFjdGlvbiAgdmFsdWUgaWYgYSBjYWxsIGlzIG1hZGUgdG8gbWtkaXIoMikuCiAg
ICAgICBUaGUgY2hpbGQgcHJvY2VzcyB0aGVuIGNhbGxzIG1rZGlyKDIpIG9uY2UgZm9yIGVhY2gg
b2YgIHRoZSAgc3Vw4oCQCiAgICAgICBwbGllZCAgY29tbWFuZC1saW5lIGFyZ3VtZW50cywgYW5k
IHJlcG9ydHMgdGhlIHJlc3VsdCByZXR1cm5lZCBieQogICAgICAgdGhlIGNhbGwuICBBZnRlciBw
cm9jZXNzaW5nIGFsbCBhcmd1bWVudHMsIHRoZSBjaGlsZCBwcm9jZXNzIHRlcuKAkAogICAgICAg
bWluYXRlcy4KCiAgICAgICBUaGUgIHBhcmVudCAgcHJvY2VzcyAgYWN0cyAgYXMgIHRoZSBzdXBl
cnZpc29yLCBsaXN0ZW5pbmcgZm9yIHRoZQogICAgICAgbm90aWZpY2F0aW9ucyB0aGF0IGFyZSBn
ZW5lcmF0ZWQgd2hlbiB0aGUgIHRhcmdldCAgcHJvY2VzcyAgY2FsbHMKICAgICAgIG1rZGlyKDIp
LiAgIFdoZW4gc3VjaCBhIG5vdGlmaWNhdGlvbiBvY2N1cnMsIHRoZSBzdXBlcnZpc29yIGV4YW3i
gJAKICAgICAgIGluZXMgdGhlIG1lbW9yeSBvZiB0aGUgdGFyZ2V0IHByb2Nlc3MgKHVzaW5nIC9w
cm9jL1twaWRdL21lbSkgIHRvCiAgICAgICBkaXNjb3ZlciAgdGhlIHBhdGhuYW1lIGFyZ3VtZW50
IHRoYXQgd2FzIHN1cHBsaWVkIHRvIHRoZSBta2RpcigyKQogICAgICAgY2FsbCwgYW5kIHBlcmZv
cm1zIG9uZSBvZiB0aGUgZm9sbG93aW5nIGFjdGlvbnM6CgogICAgICAgwrcgSWYgdGhlIHBhdGhu
YW1lIGJlZ2lucyB3aXRoIHRoZSBwcmVmaXggIi90bXAvIiwgdGhlbiB0aGUgc3VwZXLigJAKICAg
ICAgICAgdmlzb3IgIGF0dGVtcHRzICB0byAgY3JlYXRlICB0aGUgIHNwZWNpZmllZCBkaXJlY3Rv
cnksIGFuZCB0aGVuCiAgICAgICAgIHNwb29mcyBhIHJldHVybiBmb3IgdGhlIHRhcmdldCAgcHJv
Y2VzcyAgYmFzZWQgIG9uICB0aGUgIHJldHVybgogICAgICAgICB2YWx1ZSAgb2YgIHRoZSAgc3Vw
ZXJ2aXNvcidzICBta2RpcigyKSBjYWxsLiAgSW4gdGhlIGV2ZW50IHRoYXQKICAgICAgICAgdGhh
dCBjYWxsIHN1Y2NlZWRzLCB0aGUgc3Bvb2ZlZCBzdWNjZXNzICByZXR1cm4gIHZhbHVlICBpcyAg
dGhlCiAgICAgICAgIGxlbmd0aCBvZiB0aGUgcGF0aG5hbWUuCgogICAgICAgwrcgSWYgIHRoZSBw
YXRobmFtZSBiZWdpbnMgd2l0aCAiLi8iIChpLmUuLCBpdCBpcyBhIHJlbGF0aXZlIHBhdGjigJAK
ICAgICAgICAgbmFtZSksIHRoZSBzdXBlcnZpc29yIHNlbmRzIGEgIFNFQ0NPTVBfVVNFUl9OT1RJ
Rl9GTEFHX0NPTlRJTlVFCiAgICAgICAgIHJlc3BvbnNlICB0byAgdGhlICBrZXJuZWwgdG8gc2F5
IHRoYXQga2VybmVsIHNob3VsZCBleGVjdXRlIHRoZQogICAgICAgICB0YXJnZXQgcHJvY2Vzcydz
IG1rZGlyKDIpIGNhbGwuCgogICAgICAgwrcgSWYgdGhlIHBhdGhuYW1lIGJlZ2lucyB3aXRoIHNv
bWUgb3RoZXIgcHJlZml4LCAgdGhlICBzdXBlcnZpc29yCiAgICAgICAgIHNwb29mcyBhbiBlcnJv
ciByZXR1cm4gZm9yIHRoZSB0YXJnZXQgcHJvY2Vzcywgc28gdGhhdCB0aGUgdGFy4oCQCiAgICAg
ICAgIGdldCBwcm9jZXNzJ3MgbWtkaXIoMikgY2FsbCBhcHBlYXJzIHRvIGZhaWwgd2l0aCB0aGUg
ZXJyb3IgRU9Q4oCQCiAgICAgICAgIE5PVFNVUFAgICgiT3BlcmF0aW9uICBub3QgIHN1cHBvcnRl
ZCIpLiAgIEFkZGl0aW9uYWxseSwgIGlmIHRoZQogICAgICAgICBzcGVjaWZpZWQgcGF0aG5hbWUg
aXMgZXhhY3RseSAiL2J5ZSIsIHRoZW4gdGhlIHN1cGVydmlzb3IgIHRlcuKAkAogICAgICAgICBt
aW5hdGVzLgoKICAgICAgIFRoaXMgIHByb2dyYW0gIGNhbiAgdXNlZCAgdG8gIGRlbW9uc3RyYXRl
ICB2YXJpb3VzIGFzcGVjdHMgb2YgdGhlCiAgICAgICBiZWhhdmlvciBvZiB0aGUgc2VjY29tcCB1
c2VyLXNwYWNlICBub3RpZmljYXRpb24gIG1lY2hhbmlzbS4gICBUbwogICAgICAgaGVscCAgYWlk
ICBzdWNoIGRlbW9uc3RyYXRpb25zLCB0aGUgcHJvZ3JhbSBsb2dzIHZhcmlvdXMgbWVzc2FnZXMK
ICAgICAgIHRvIHNob3cgdGhlIG9wZXJhdGlvbiBvZiB0aGUgdGFyZ2V0IHByb2Nlc3MgKGxpbmVz
IHByZWZpeGVkICJUOiIpCiAgICAgICBhbmQgdGhlIHN1cGVydmlzb3IgKGluZGVudGVkIGxpbmVz
IHByZWZpeGVkICJTOiIpLgoKICAgICAgIEluICB0aGUgIGZvbGxvd2luZyAgZXhhbXBsZSwgIHRo
ZSAgdGFyZ2V0ICBhdHRlbXB0cyB0byBjcmVhdGUgdGhlCiAgICAgICBkaXJlY3RvcnkgL3RtcC94
LiAgVXBvbiByZWNlaXZpbmcgdGhlIG5vdGlmaWNhdGlvbiwgdGhlICBzdXBlcnZp4oCQCiAgICAg
ICBzb3IgIGNyZWF0ZXMgIHRoZSAgZGlyZWN0b3J5IG9uIHRoZSB0YXJnZXQncyBiZWhhbGYsIGFu
ZCBzcG9vZnMgYQogICAgICAgc3VjY2VzcyByZXR1cm4gdG8gYmUgcmVjZWl2ZWQgYnkgdGhlICB0
YXJnZXQgIHByb2Nlc3MncyAgbWtkaXIoMikKICAgICAgIGNhbGwuCgogICAgICAgICAgICQgLi9z
ZWNjb21wX3Vub3RpZnkgL3RtcC94CiAgICAgICAgICAgVDogUElEID0gMjMxNjgKCiAgICAgICAg
ICAgVDogYWJvdXQgdG8gbWtkaXIoIi90bXAveCIpCiAgICAgICAgICAgICAgICAgICBTOiBnb3Qg
bm90aWZpY2F0aW9uIChJRCAweDE3NDQ1YzRhMGY0ZTBlM2MpIGZvciBQSUQgMjMxNjgKICAgICAg
ICAgICAgICAgICAgIFM6IGV4ZWN1dGluZzogbWtkaXIoIi90bXAveCIsIDA3MDApCiAgICAgICAg
ICAgICAgICAgICBTOiBzdWNjZXNzISBzcG9vZmVkIHJldHVybiA9IDYKICAgICAgICAgICAgICAg
ICAgIFM6IHNlbmRpbmcgcmVzcG9uc2UgKGZsYWdzID0gMDsgdmFsID0gNjsgZXJyb3IgPSAwKQog
ICAgICAgICAgIFQ6IFNVQ0NFU1M6IG1rZGlyKDIpIHJldHVybmVkIDYKCiAgICAgICAgICAgVDog
dGVybWluYXRpbmcKICAgICAgICAgICAgICAgICAgIFM6IHRhcmdldCBoYXMgdGVybWluYXRlZDsg
YnllCgogICAgICAgSW4gIHRoZSAgYWJvdmUgb3V0cHV0LCBub3RlIHRoYXQgdGhlIHNwb29mZWQg
cmV0dXJuIHZhbHVlIHNlZW4gYnkKICAgICAgIHRoZSB0YXJnZXQgcHJvY2VzcyBpcyA2ICh0aGUg
IGxlbmd0aCAgb2YgIHRoZSAgcGF0aG5hbWUgIC90bXAveCksCiAgICAgICB3aGVyZWFzIGEgbm9y
bWFsIG1rZGlyKDIpIGNhbGwgcmV0dXJucyAwIG9uIHN1Y2Nlc3MuCgogICAgICAgSW4gIHRoZSAg
bmV4dCAgZXhhbXBsZSwgdGhlIHRhcmdldCBhdHRlbXB0cyB0byBjcmVhdGUgYSBkaXJlY3RvcnkK
ICAgICAgIHVzaW5nIHRoZSByZWxhdGl2ZSBwYXRobmFtZSAuL3N1Yi4gIFNpbmNlICB0aGlzICBw
YXRobmFtZSAgc3RhcnRzCiAgICAgICB3aXRoICAiLi8iLCAgdGhlICBzdXBlcnZpc29yIHNlbmRz
IGEgU0VDQ09NUF9VU0VSX05PVElGX0ZMQUdfQ09O4oCQCiAgICAgICBUSU5VRSByZXNwb25zZSB0
byB0aGUga2VybmVsLCBhbmQgdGhlIGtlcm5lbCB0aGVuICAoc3VjY2Vzc2Z1bGx5KQogICAgICAg
ZXhlY3V0ZXMgdGhlIHRhcmdldCBwcm9jZXNzJ3MgbWtkaXIoMikgY2FsbC4KCiAgICAgICAgICAg
JCAuL3NlY2NvbXBfdW5vdGlmeSAuL3N1YgogICAgICAgICAgIFQ6IFBJRCA9IDIzMjA0CgogICAg
ICAgICAgIFQ6IGFib3V0IHRvIG1rZGlyKCIuL3N1YiIpCiAgICAgICAgICAgICAgICAgICBTOiBn
b3Qgbm90aWZpY2F0aW9uIChJRCAweGRkYjE2YWJlMjViNGMxMikgZm9yIFBJRCAyMzIwNAogICAg
ICAgICAgICAgICAgICAgUzogdGFyZ2V0IGNhbiBleGVjdXRlIHN5c3RlbSBjYWxsCiAgICAgICAg
ICAgICAgICAgICBTOiBzZW5kaW5nIHJlc3BvbnNlIChmbGFncyA9IDB4MTsgdmFsID0gMDsgZXJy
b3IgPSAwKQogICAgICAgICAgIFQ6IFNVQ0NFU1M6IG1rZGlyKDIpIHJldHVybmVkIDAKCiAgICAg
ICAgICAgVDogdGVybWluYXRpbmcKICAgICAgICAgICAgICAgICAgIFM6IHRhcmdldCBoYXMgdGVy
bWluYXRlZDsgYnllCgogICAgICAgSWYgdGhlIHRhcmdldCBwcm9jZXNzIGF0dGVtcHRzIHRvIGNy
ZWF0ZSBhIGRpcmVjdG9yeSB3aXRoIGEgcGF0aOKAkAogICAgICAgbmFtZSB0aGF0IGRvZXNuJ3Qg
c3RhcnQgd2l0aCAiLiIgYW5kIGRvZXNuJ3QgYmVnaW4gd2l0aCB0aGUgIHByZeKAkAogICAgICAg
Zml4ICAiL3RtcC8iLCB0aGVuIHRoZSBzdXBlcnZpc29yIHNwb29mcyBhbiBlcnJvciByZXR1cm4g
KEVPUE5PVOKAkAogICAgICAgU1VQUCwgIk9wZXJhdGlvbiBub3QgIHN1cHBvcnRlZCIpIGZvciB0
aGUgdGFyZ2V0J3MgbWtkaXIoMikgIGNhbGwKICAgICAgICh3aGljaCBpcyBub3QgZXhlY3V0ZWQp
OgoKICAgICAgICAgICAkIC4vc2VjY29tcF91bm90aWZ5IC94eHgKICAgICAgICAgICBUOiBQSUQg
PSAyMzE3OAoKICAgICAgICAgICBUOiBhYm91dCB0byBta2RpcigiL3h4eCIpCiAgICAgICAgICAg
ICAgICAgICBTOiBnb3Qgbm90aWZpY2F0aW9uIChJRCAweGU3ZGMwOTVkMWM1MjRlODApIGZvciBQ
SUQgMjMxNzgKICAgICAgICAgICAgICAgICAgIFM6IHNwb29maW5nIGVycm9yIHJlc3BvbnNlIChP
cGVyYXRpb24gbm90IHN1cHBvcnRlZCkKICAgICAgICAgICAgICAgICAgIFM6IHNlbmRpbmcgcmVz
cG9uc2UgKGZsYWdzID0gMDsgdmFsID0gMDsgZXJyb3IgPSAtOTUpCiAgICAgICAgICAgVDogRVJS
T1I6IG1rZGlyKDIpOiBPcGVyYXRpb24gbm90IHN1cHBvcnRlZAoKICAgICAgICAgICBUOiB0ZXJt
aW5hdGluZwogICAgICAgICAgICAgICAgICAgUzogdGFyZ2V0IGhhcyB0ZXJtaW5hdGVkOyBieWUK
CiAgICAgICBJbiAgdGhlICBuZXh0ICBleGFtcGxlLCAgdGhlICB0YXJnZXQgcHJvY2VzcyBhdHRl
bXB0cyB0byBjcmVhdGUgYQogICAgICAgZGlyZWN0b3J5IHdpdGggdGhlIHBhdGhuYW1lIC90bXAv
bm9zdWNoZGlyL2IuICBVcG9uIHJlY2VpdmluZyB0aGUKICAgICAgIG5vdGlmaWNhdGlvbiwgIHRo
ZSAgc3VwZXJ2aXNvciBhdHRlbXB0cyB0byBjcmVhdGUgdGhhdCBkaXJlY3RvcnksCiAgICAgICBi
dXQgdGhlIG1rZGlyKDIpIGNhbGwgZmFpbHMgYmVjYXVzZSB0aGUgZGlyZWN0b3J5ICAvdG1wL25v
c3VjaGRpcgogICAgICAgZG9lcyAgbm90ICBleGlzdC4gICBDb25zZXF1ZW50bHksICB0aGUgc3Vw
ZXJ2aXNvciBzcG9vZnMgYW4gZXJyb3IKICAgICAgIHJldHVybiB0aGF0IHBhc3NlcyB0aGUgZXJy
b3IgdGhhdCBpdCByZWNlaXZlZCBiYWNrIHRvIHRoZSAgdGFyZ2V0CiAgICAgICBwcm9jZXNzJ3Mg
bWtkaXIoMikgY2FsbC4KCiAgICAgICAgICAgJCAuL3NlY2NvbXBfdW5vdGlmeSAvdG1wL25vc3Vj
aGRpci9iCiAgICAgICAgICAgVDogUElEID0gMjMxOTkKCiAgICAgICAgICAgVDogYWJvdXQgdG8g
bWtkaXIoIi90bXAvbm9zdWNoZGlyL2IiKQogICAgICAgICAgICAgICAgICAgUzogZ290IG5vdGlm
aWNhdGlvbiAoSUQgMHg4NzQ0NDU0MjkzNTA2MDQ2KSBmb3IgUElEIDIzMTk5CiAgICAgICAgICAg
ICAgICAgICBTOiBleGVjdXRpbmc6IG1rZGlyKCIvdG1wL25vc3VjaGRpci9iIiwgMDcwMCkKICAg
ICAgICAgICAgICAgICAgIFM6IGZhaWx1cmUhIChlcnJubyA9IDI7IE5vIHN1Y2ggZmlsZSBvciBk
aXJlY3RvcnkpCiAgICAgICAgICAgICAgICAgICBTOiBzZW5kaW5nIHJlc3BvbnNlIChmbGFncyA9
IDA7IHZhbCA9IDA7IGVycm9yID0gLTIpCiAgICAgICAgICAgVDogRVJST1I6IG1rZGlyKDIpOiBO
byBzdWNoIGZpbGUgb3IgZGlyZWN0b3J5CgogICAgICAgICAgIFQ6IHRlcm1pbmF0aW5nCiAgICAg
ICAgICAgICAgICAgICBTOiB0YXJnZXQgaGFzIHRlcm1pbmF0ZWQ7IGJ5ZQoKICAgICAgIElmIHRo
ZSBzdXBlcnZpc29yIHJlY2VpdmVzIGEgbm90aWZpY2F0aW9uIGFuZCBzZWVzIHRoYXQgdGhlIGFy
Z3XigJAKICAgICAgIG1lbnQgb2YgdGhlIHRhcmdldCdzIG1rZGlyKDIpIGlzIHRoZSBzdHJpbmcg
Ii9ieWUiLCB0aGVuIChhcyB3ZWxsCiAgICAgICBhcyAgc3Bvb2ZpbmcgYW4gRU9QTk9UU1VQUCBl
cnJvciksIHRoZSBzdXBlcnZpc29yIHRlcm1pbmF0ZXMuICBJZgogICAgICAgdGhlIHRhcmdldCBw
cm9jZXNzIHN1YnNlcXVlbnRseSBleGVjdXRlcyAgYW5vdGhlciAgbWtkaXIoMikgIHRoYXQKICAg
ICAgIHRyaWdnZXJzICBpdHMgc2VjY29tcCBmaWx0ZXIgdG8gcmV0dXJuIHRoZSBTRUNDT01QX1JF
VF9VU0VSX05PVElGCiAgICAgICBhY3Rpb24gdmFsdWUsIHRoZW4gdGhlIGtlcm5lbCBjYXVzZXMg
dGhlIHRhcmdldCBwcm9jZXNzJ3MgIHN5c3RlbQogICAgICAgY2FsbCAgdG8gZmFpbCB3aXRoIHRo
ZSBlcnJvciBFTk9TWVMgKCJGdW5jdGlvbiBub3QgaW1wbGVtZW50ZWQiKS4KICAgICAgIFRoaXMg
aXMgZGVtb25zdHJhdGVkIGJ5IHRoZSBmb2xsb3dpbmcgZXhhbXBsZToKCiAgICAgICAgICAgJCAu
L3NlY2NvbXBfdW5vdGlmeSAvYnllIC90bXAveQogICAgICAgICAgIFQ6IFBJRCA9IDIzMTg1Cgog
ICAgICAgICAgIFQ6IGFib3V0IHRvIG1rZGlyKCIvYnllIikKICAgICAgICAgICAgICAgICAgIFM6
IGdvdCBub3RpZmljYXRpb24gKElEIDB4YTgxMjM2YjFkMmY3YjBmNCkgZm9yIFBJRCAyMzE4NQog
ICAgICAgICAgICAgICAgICAgUzogc3Bvb2ZpbmcgZXJyb3IgcmVzcG9uc2UgKE9wZXJhdGlvbiBu
b3Qgc3VwcG9ydGVkKQogICAgICAgICAgICAgICAgICAgUzogc2VuZGluZyByZXNwb25zZSAoZmxh
Z3MgPSAwOyB2YWwgPSAwOyBlcnJvciA9IC05NSkKICAgICAgICAgICAgICAgICAgIFM6IHRlcm1p
bmF0aW5nICoqKioqKioqKioKICAgICAgICAgICBUOiBFUlJPUjogbWtkaXIoMik6IE9wZXJhdGlv
biBub3Qgc3VwcG9ydGVkCgogICAgICAgICAgIFQ6IGFib3V0IHRvIG1rZGlyKCIvdG1wL3kiKQog
ICAgICAgICAgIFQ6IEVSUk9SOiBta2RpcigyKTogRnVuY3Rpb24gbm90IGltcGxlbWVudGVkCgog
ICAgICAgICAgIFQ6IHRlcm1pbmF0aW5nCgogICBQcm9ncmFtIHNvdXJjZQogICAgICAgI2RlZmlu
ZSBfR05VX1NPVVJDRQogICAgICAgI2luY2x1ZGUgPHN5cy90eXBlcy5oPgogICAgICAgI2luY2x1
ZGUgPHN5cy9wcmN0bC5oPgogICAgICAgI2luY2x1ZGUgPGZjbnRsLmg+CiAgICAgICAjaW5jbHVk
ZSA8bGltaXRzLmg+CiAgICAgICAjaW5jbHVkZSA8c2lnbmFsLmg+CiAgICAgICAjaW5jbHVkZSA8
c3RkZGVmLmg+CiAgICAgICAjaW5jbHVkZSA8c3RkaW50Lmg+CiAgICAgICAjaW5jbHVkZSA8c3Rk
Ym9vbC5oPgogICAgICAgI2luY2x1ZGUgPGxpbnV4L2F1ZGl0Lmg+CiAgICAgICAjaW5jbHVkZSA8
c3lzL3N5c2NhbGwuaD4KICAgICAgICNpbmNsdWRlIDxzeXMvc3RhdC5oPgogICAgICAgI2luY2x1
ZGUgPGxpbnV4L2ZpbHRlci5oPgogICAgICAgI2luY2x1ZGUgPGxpbnV4L3NlY2NvbXAuaD4KICAg
ICAgICNpbmNsdWRlIDxzeXMvaW9jdGwuaD4KICAgICAgICNpbmNsdWRlIDxzdGRpby5oPgogICAg
ICAgI2luY2x1ZGUgPHN0ZGxpYi5oPgogICAgICAgI2luY2x1ZGUgPHVuaXN0ZC5oPgogICAgICAg
I2luY2x1ZGUgPGVycm5vLmg+CiAgICAgICAjaW5jbHVkZSA8c3lzL3NvY2tldC5oPgogICAgICAg
I2luY2x1ZGUgPHN5cy91bi5oPgoKICAgICAgICNkZWZpbmUgZXJyRXhpdChtc2cpICAgIGRvIHsg
cGVycm9yKG1zZyk7IGV4aXQoRVhJVF9GQUlMVVJFKTsgXAogICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgfSB3aGlsZSAoMCkKCiAgICAgICAvKiBTZW5kIHRoZSBmaWxlIGRlc2NyaXB0b3Ig
J2ZkJyBvdmVyIHRoZSBjb25uZWN0ZWQgVU5JWCBkb21haW4gc29ja2V0CiAgICAgICAgICAnc29j
a2ZkJy4gUmV0dXJucyAwIG9uIHN1Y2Nlc3MsIG9yIC0xIG9uIGVycm9yLiAqLwoKICAgICAgIHN0
YXRpYyBpbnQKICAgICAgIHNlbmRmZChpbnQgc29ja2ZkLCBpbnQgZmQpCiAgICAgICB7CiAgICAg
ICAgICAgc3RydWN0IG1zZ2hkciBtc2doOwogICAgICAgICAgIHN0cnVjdCBpb3ZlYyBpb3Y7CiAg
ICAgICAgICAgaW50IGRhdGE7CiAgICAgICAgICAgc3RydWN0IGNtc2doZHIgKmNtc2dwOwoKICAg
ICAgICAgICAvKiBBbGxvY2F0ZSBhIGNoYXIgYXJyYXkgb2Ygc3VpdGFibGUgc2l6ZSB0byBob2xk
IHRoZSBhbmNpbGxhcnkgZGF0YS4KICAgICAgICAgICAgICBIb3dldmVyLCBzaW5jZSB0aGlzIGJ1
ZmZlciBpcyBpbiByZWFsaXR5IGEgJ3N0cnVjdCBjbXNnaGRyJywgdXNlIGEKICAgICAgICAgICAg
ICB1bmlvbiB0byBlbnN1cmUgdGhhdCBpdCBpcyBzdWl0YWJsZSBhbGlnbmVkLiAqLwogICAgICAg
ICAgIHVuaW9uIHsKICAgICAgICAgICAgICAgY2hhciAgIGJ1ZltDTVNHX1NQQUNFKHNpemVvZihp
bnQpKV07CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAvKiBTcGFjZSBsYXJnZSBlbm91
Z2ggdG8gaG9sZCBhbiAnaW50JyAqLwogICAgICAgICAgICAgICBzdHJ1Y3QgY21zZ2hkciBhbGln
bjsKICAgICAgICAgICB9IGNvbnRyb2xNc2c7CgogICAgICAgICAgIC8qIFRoZSAnbXNnX25hbWUn
IGZpZWxkIGNhbiBiZSB1c2VkIHRvIHNwZWNpZnkgdGhlIGFkZHJlc3Mgb2YgdGhlCiAgICAgICAg
ICAgICAgZGVzdGluYXRpb24gc29ja2V0IHdoZW4gc2VuZGluZyBhIGRhdGFncmFtLiBIb3dldmVy
LCB3ZSBkbyBub3QKICAgICAgICAgICAgICBuZWVkIHRvIHVzZSB0aGlzIGZpZWxkIGJlY2F1c2Ug
J3NvY2tmZCcgaXMgYSBjb25uZWN0ZWQgc29ja2V0LiAqLwoKICAgICAgICAgICBtc2doLm1zZ19u
YW1lID0gTlVMTDsKICAgICAgICAgICBtc2doLm1zZ19uYW1lbGVuID0gMDsKCiAgICAgICAgICAg
LyogT24gTGludXgsIHdlIG11c3QgdHJhbnNtaXQgYXQgbGVhc3Qgb25lIGJ5dGUgb2YgcmVhbCBk
YXRhIGluCiAgICAgICAgICAgICAgb3JkZXIgdG8gc2VuZCBhbmNpbGxhcnkgZGF0YS4gV2UgdHJh
bnNtaXQgYW4gYXJiaXRyYXJ5IGludGVnZXIKICAgICAgICAgICAgICB3aG9zZSB2YWx1ZSBpcyBp
Z25vcmVkIGJ5IHJlY3ZmZCgpLiAqLwoKICAgICAgICAgICBtc2doLm1zZ19pb3YgPSAmaW92Owog
ICAgICAgICAgIG1zZ2gubXNnX2lvdmxlbiA9IDE7CiAgICAgICAgICAgaW92Lmlvdl9iYXNlID0g
JmRhdGE7CiAgICAgICAgICAgaW92Lmlvdl9sZW4gPSBzaXplb2YoaW50KTsKICAgICAgICAgICBk
YXRhID0gMTIzNDU7CgogICAgICAgICAgIC8qIFNldCAnbXNnaGRyJyBmaWVsZHMgdGhhdCBkZXNj
cmliZSBhbmNpbGxhcnkgZGF0YSAqLwoKICAgICAgICAgICBtc2doLm1zZ19jb250cm9sID0gY29u
dHJvbE1zZy5idWY7CiAgICAgICAgICAgbXNnaC5tc2dfY29udHJvbGxlbiA9IHNpemVvZihjb250
cm9sTXNnLmJ1Zik7CgogICAgICAgICAgIC8qIFNldCB1cCBhbmNpbGxhcnkgZGF0YSBkZXNjcmli
aW5nIGZpbGUgZGVzY3JpcHRvciB0byBzZW5kICovCgogICAgICAgICAgIGNtc2dwID0gQ01TR19G
SVJTVEhEUigmbXNnaCk7CiAgICAgICAgICAgY21zZ3AtPmNtc2dfbGV2ZWwgPSBTT0xfU09DS0VU
OwogICAgICAgICAgIGNtc2dwLT5jbXNnX3R5cGUgPSBTQ01fUklHSFRTOwogICAgICAgICAgIGNt
c2dwLT5jbXNnX2xlbiA9IENNU0dfTEVOKHNpemVvZihpbnQpKTsKICAgICAgICAgICBtZW1jcHko
Q01TR19EQVRBKGNtc2dwKSwgJmZkLCBzaXplb2YoaW50KSk7CgogICAgICAgICAgIC8qIFNlbmQg
cmVhbCBwbHVzIGFuY2lsbGFyeSBkYXRhICovCgogICAgICAgICAgIGlmIChzZW5kbXNnKHNvY2tm
ZCwgJm1zZ2gsIDApID09IC0xKQogICAgICAgICAgICAgICByZXR1cm4gLTE7CgogICAgICAgICAg
IHJldHVybiAwOwogICAgICAgfQoKICAgICAgIC8qIFJlY2VpdmUgYSBmaWxlIGRlc2NyaXB0b3Ig
b24gYSBjb25uZWN0ZWQgVU5JWCBkb21haW4gc29ja2V0LiBSZXR1cm5zCiAgICAgICAgICB0aGUg
cmVjZWl2ZWQgZmlsZSBkZXNjcmlwdG9yIG9uIHN1Y2Nlc3MsIG9yIC0xIG9uIGVycm9yLiAqLwoK
ICAgICAgIHN0YXRpYyBpbnQKICAgICAgIHJlY3ZmZChpbnQgc29ja2ZkKQogICAgICAgewogICAg
ICAgICAgIHN0cnVjdCBtc2doZHIgbXNnaDsKICAgICAgICAgICBzdHJ1Y3QgaW92ZWMgaW92Owog
ICAgICAgICAgIGludCBkYXRhLCBmZDsKICAgICAgICAgICBzc2l6ZV90IG5yOwoKICAgICAgICAg
ICAvKiBBbGxvY2F0ZSBhIGNoYXIgYnVmZmVyIGZvciB0aGUgYW5jaWxsYXJ5IGRhdGEuIFNlZSB0
aGUgY29tbWVudHMKICAgICAgICAgICAgICBpbiBzZW5kZmQoKSAqLwogICAgICAgICAgIHVuaW9u
IHsKICAgICAgICAgICAgICAgY2hhciAgIGJ1ZltDTVNHX1NQQUNFKHNpemVvZihpbnQpKV07CiAg
ICAgICAgICAgICAgIHN0cnVjdCBjbXNnaGRyIGFsaWduOwogICAgICAgICAgIH0gY29udHJvbE1z
ZzsKICAgICAgICAgICBzdHJ1Y3QgY21zZ2hkciAqY21zZ3A7CgogICAgICAgICAgIC8qIFRoZSAn
bXNnX25hbWUnIGZpZWxkIGNhbiBiZSB1c2VkIHRvIG9idGFpbiB0aGUgYWRkcmVzcyBvZiB0aGUK
ICAgICAgICAgICAgICBzZW5kaW5nIHNvY2tldC4gSG93ZXZlciwgd2UgZG8gbm90IG5lZWQgdGhp
cyBpbmZvcm1hdGlvbi4gKi8KCiAgICAgICAgICAgbXNnaC5tc2dfbmFtZSA9IE5VTEw7CiAgICAg
ICAgICAgbXNnaC5tc2dfbmFtZWxlbiA9IDA7CgogICAgICAgICAgIC8qIFNwZWNpZnkgYnVmZmVy
IGZvciByZWNlaXZpbmcgcmVhbCBkYXRhICovCgogICAgICAgICAgIG1zZ2gubXNnX2lvdiA9ICZp
b3Y7CiAgICAgICAgICAgbXNnaC5tc2dfaW92bGVuID0gMTsKICAgICAgICAgICBpb3YuaW92X2Jh
c2UgPSAmZGF0YTsgICAgICAgLyogUmVhbCBkYXRhIGlzIGFuICdpbnQnICovCiAgICAgICAgICAg
aW92Lmlvdl9sZW4gPSBzaXplb2YoaW50KTsKCiAgICAgICAgICAgLyogU2V0ICdtc2doZHInIGZp
ZWxkcyB0aGF0IGRlc2NyaWJlIGFuY2lsbGFyeSBkYXRhICovCgogICAgICAgICAgIG1zZ2gubXNn
X2NvbnRyb2wgPSBjb250cm9sTXNnLmJ1ZjsKICAgICAgICAgICBtc2doLm1zZ19jb250cm9sbGVu
ID0gc2l6ZW9mKGNvbnRyb2xNc2cuYnVmKTsKCiAgICAgICAgICAgLyogUmVjZWl2ZSByZWFsIHBs
dXMgYW5jaWxsYXJ5IGRhdGE7IHJlYWwgZGF0YSBpcyBpZ25vcmVkICovCgogICAgICAgICAgIG5y
ID0gcmVjdm1zZyhzb2NrZmQsICZtc2doLCAwKTsKICAgICAgICAgICBpZiAobnIgPT0gLTEpCiAg
ICAgICAgICAgICAgIHJldHVybiAtMTsKCiAgICAgICAgICAgY21zZ3AgPSBDTVNHX0ZJUlNUSERS
KCZtc2doKTsKCiAgICAgICAgICAgLyogQ2hlY2sgdGhlIHZhbGlkaXR5IG9mIHRoZSAnY21zZ2hk
cicgKi8KCiAgICAgICAgICAgaWYgKGNtc2dwID09IE5VTEwgfHwKICAgICAgICAgICAgICAgICAg
IGNtc2dwLT5jbXNnX2xlbiAhPSBDTVNHX0xFTihzaXplb2YoaW50KSkgfHwKICAgICAgICAgICAg
ICAgICAgIGNtc2dwLT5jbXNnX2xldmVsICE9IFNPTF9TT0NLRVQgfHwKICAgICAgICAgICAgICAg
ICAgIGNtc2dwLT5jbXNnX3R5cGUgIT0gU0NNX1JJR0hUUykgewogICAgICAgICAgICAgICBlcnJu
byA9IEVJTlZBTDsKICAgICAgICAgICAgICAgcmV0dXJuIC0xOwogICAgICAgICAgIH0KCiAgICAg
ICAgICAgLyogUmV0dXJuIHRoZSByZWNlaXZlZCBmaWxlIGRlc2NyaXB0b3IgdG8gb3VyIGNhbGxl
ciAqLwoKICAgICAgICAgICBtZW1jcHkoJmZkLCBDTVNHX0RBVEEoY21zZ3ApLCBzaXplb2YoaW50
KSk7CiAgICAgICAgICAgcmV0dXJuIGZkOwogICAgICAgfQoKICAgICAgIHN0YXRpYyB2b2lkCiAg
ICAgICBzaWdjaGxkSGFuZGxlcihpbnQgc2lnKQogICAgICAgewogICAgICAgICAgIGNoYXIgKm1z
ZyAgPSAiXHRTOiB0YXJnZXQgaGFzIHRlcm1pbmF0ZWQ7IGJ5ZVxuIjsKCiAgICAgICAgICAgd3Jp
dGUoU1RET1VUX0ZJTEVOTywgbXNnLCBzdHJsZW4obXNnKSk7CiAgICAgICAgICAgX2V4aXQoRVhJ
VF9TVUNDRVNTKTsKICAgICAgIH0KCiAgICAgICBzdGF0aWMgaW50CiAgICAgICBzZWNjb21wKHVu
c2lnbmVkIGludCBvcGVyYXRpb24sIHVuc2lnbmVkIGludCBmbGFncywgdm9pZCAqYXJncykKICAg
ICAgIHsKICAgICAgICAgICByZXR1cm4gc3lzY2FsbChfX05SX3NlY2NvbXAsIG9wZXJhdGlvbiwg
ZmxhZ3MsIGFyZ3MpOwogICAgICAgfQoKICAgICAgIC8qIFRoZSBmb2xsb3dpbmcgaXMgdGhlIHg4
Ni02NC1zcGVjaWZpYyBCUEYgYm9pbGVycGxhdGUgY29kZSBmb3IgY2hlY2tpbmcKICAgICAgICAg
IHRoYXQgdGhlIEJQRiBwcm9ncmFtIGlzIHJ1bm5pbmcgb24gdGhlIHJpZ2h0IGFyY2hpdGVjdHVy
ZSArIEFCSS4gQXQKICAgICAgICAgIGNvbXBsZXRpb24gb2YgdGhlc2UgaW5zdHJ1Y3Rpb25zLCB0
aGUgYWNjdW11bGF0b3IgY29udGFpbnMgdGhlIHN5c3RlbQogICAgICAgICAgY2FsbCBudW1iZXIu
ICovCgogICAgICAgLyogRm9yIHRoZSB4MzIgQUJJLCBhbGwgc3lzdGVtIGNhbGwgbnVtYmVycyBo
YXZlIGJpdCAzMCBzZXQgKi8KCiAgICAgICAjZGVmaW5lIFgzMl9TWVNDQUxMX0JJVCAgICAgICAg
IDB4NDAwMDAwMDAKCiAgICAgICAjZGVmaW5lIFg4Nl82NF9DSEVDS19BUkNIX0FORF9MT0FEX1NZ
U0NBTExfTlIgXAogICAgICAgICAgICAgICBCUEZfU1RNVChCUEZfTEQgfCBCUEZfVyB8IEJQRl9B
QlMsIFwKICAgICAgICAgICAgICAgICAgICAgICAob2Zmc2V0b2Yoc3RydWN0IHNlY2NvbXBfZGF0
YSwgYXJjaCkpKSwgXAogICAgICAgICAgICAgICBCUEZfSlVNUChCUEZfSk1QIHwgQlBGX0pFUSB8
IEJQRl9LLCBBVURJVF9BUkNIX1g4Nl82NCwgMCwgMiksIFwKICAgICAgICAgICAgICAgQlBGX1NU
TVQoQlBGX0xEIHwgQlBGX1cgfCBCUEZfQUJTLCBcCiAgICAgICAgICAgICAgICAgICAgICAgIChv
ZmZzZXRvZihzdHJ1Y3Qgc2VjY29tcF9kYXRhLCBucikpKSwgXAogICAgICAgICAgICAgICBCUEZf
SlVNUChCUEZfSk1QIHwgQlBGX0pHRSB8IEJQRl9LLCBYMzJfU1lTQ0FMTF9CSVQsIDAsIDEpLCBc
CiAgICAgICAgICAgICAgIEJQRl9TVE1UKEJQRl9SRVQgfCBCUEZfSywgU0VDQ09NUF9SRVRfS0lM
TF9QUk9DRVNTKQoKICAgICAgIC8qIGluc3RhbGxOb3RpZnlGaWx0ZXIoKSBpbnN0YWxscyBhIHNl
Y2NvbXAgZmlsdGVyIHRoYXQgZ2VuZXJhdGVzCiAgICAgICAgICB1c2VyLXNwYWNlIG5vdGlmaWNh
dGlvbnMgKFNFQ0NPTVBfUkVUX1VTRVJfTk9USUYpIHdoZW4gdGhlIHByb2Nlc3MKICAgICAgICAg
IGNhbGxzIG1rZGlyKDIpOyB0aGUgZmlsdGVyIGFsbG93cyBhbGwgb3RoZXIgc3lzdGVtIGNhbGxz
LgoKICAgICAgICAgIFRoZSBmdW5jdGlvbiByZXR1cm4gdmFsdWUgaXMgYSBmaWxlIGRlc2NyaXB0
b3IgZnJvbSB3aGljaCB0aGUKICAgICAgICAgIHVzZXItc3BhY2Ugbm90aWZpY2F0aW9ucyBjYW4g
YmUgZmV0Y2hlZC4gKi8KCiAgICAgICBzdGF0aWMgaW50CiAgICAgICBpbnN0YWxsTm90aWZ5Rmls
dGVyKHZvaWQpCiAgICAgICB7CiAgICAgICAgICAgc3RydWN0IHNvY2tfZmlsdGVyIGZpbHRlcltd
ID0gewogICAgICAgICAgICAgICBYODZfNjRfQ0hFQ0tfQVJDSF9BTkRfTE9BRF9TWVNDQUxMX05S
LAoKICAgICAgICAgICAgICAgLyogbWtkaXIoKSB0cmlnZ2VycyBub3RpZmljYXRpb24gdG8gdXNl
ci1zcGFjZSBzdXBlcnZpc29yICovCgogICAgICAgICAgICAgICBCUEZfSlVNUChCUEZfSk1QIHwg
QlBGX0pFUSB8IEJQRl9LLCBfX05SX21rZGlyLCAwLCAxKSwKICAgICAgICAgICAgICAgQlBGX1NU
TVQoQlBGX1JFVCArIEJQRl9LLCBTRUNDT01QX1JFVF9VU0VSX05PVElGKSwKCiAgICAgICAgICAg
ICAgIC8qIEV2ZXJ5IG90aGVyIHN5c3RlbSBjYWxsIGlzIGFsbG93ZWQgKi8KCiAgICAgICAgICAg
ICAgIEJQRl9TVE1UKEJQRl9SRVQgfCBCUEZfSywgU0VDQ09NUF9SRVRfQUxMT1cpLAogICAgICAg
ICAgIH07CgogICAgICAgICAgIHN0cnVjdCBzb2NrX2Zwcm9nIHByb2cgPSB7CiAgICAgICAgICAg
ICAgIC5sZW4gPSBzaXplb2YoZmlsdGVyKSAvIHNpemVvZihmaWx0ZXJbMF0pLAogICAgICAgICAg
ICAgICAuZmlsdGVyID0gZmlsdGVyLAogICAgICAgICAgIH07CgogICAgICAgICAgIC8qIEluc3Rh
bGwgdGhlIGZpbHRlciB3aXRoIHRoZSBTRUNDT01QX0ZJTFRFUl9GTEFHX05FV19MSVNURU5FUiBm
bGFnOwogICAgICAgICAgICAgIGFzIGEgcmVzdWx0LCBzZWNjb21wKCkgcmV0dXJucyBhIG5vdGlm
aWNhdGlvbiBmaWxlIGRlc2NyaXB0b3IuICovCgogICAgICAgICAgIGludCBub3RpZnlGZCA9IHNl
Y2NvbXAoU0VDQ09NUF9TRVRfTU9ERV9GSUxURVIsCiAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICBTRUNDT01QX0ZJTFRFUl9GTEFHX05FV19MSVNURU5FUiwgJnByb2cpOwogICAgICAg
ICAgIGlmIChub3RpZnlGZCA9PSAtMSkKICAgICAgICAgICAgICAgZXJyRXhpdCgic2VjY29tcC1p
bnN0YWxsLW5vdGlmeS1maWx0ZXIiKTsKCiAgICAgICAgICAgcmV0dXJuIG5vdGlmeUZkOwogICAg
ICAgfQoKICAgICAgIC8qIENsb3NlIGEgcGFpciBvZiBzb2NrZXRzIGNyZWF0ZWQgYnkgc29ja2V0
cGFpcigpICovCgogICAgICAgc3RhdGljIHZvaWQKICAgICAgIGNsb3NlU29ja2V0UGFpcihpbnQg
c29ja1BhaXJbMl0pCiAgICAgICB7CiAgICAgICAgICAgaWYgKGNsb3NlKHNvY2tQYWlyWzBdKSA9
PSAtMSkKICAgICAgICAgICAgICAgZXJyRXhpdCgiY2xvc2VTb2NrZXRQYWlyLWNsb3NlLTAiKTsK
ICAgICAgICAgICBpZiAoY2xvc2Uoc29ja1BhaXJbMV0pID09IC0xKQogICAgICAgICAgICAgICBl
cnJFeGl0KCJjbG9zZVNvY2tldFBhaXItY2xvc2UtMSIpOwogICAgICAgfQoKICAgICAgIC8qIElt
cGxlbWVudGF0aW9uIG9mIHRoZSB0YXJnZXQgcHJvY2VzczsgY3JlYXRlIGEgY2hpbGQgcHJvY2Vz
cyB0aGF0OgoKICAgICAgICAgICgxKSBpbnN0YWxscyBhIHNlY2NvbXAgZmlsdGVyIHdpdGggdGhl
CiAgICAgICAgICAgICAgU0VDQ09NUF9GSUxURVJfRkxBR19ORVdfTElTVEVORVIgZmxhZzsKICAg
ICAgICAgICgyKSB3cml0ZXMgdGhlIHNlY2NvbXAgbm90aWZpY2F0aW9uIGZpbGUgZGVzY3JpcHRv
ciByZXR1cm5lZCBmcm9tCiAgICAgICAgICAgICAgdGhlIHByZXZpb3VzIHN0ZXAgb250byB0aGUg
VU5JWCBkb21haW4gc29ja2V0LCAnc29ja1BhaXJbMF0nOwogICAgICAgICAgKDMpIGNhbGxzIG1r
ZGlyKDIpIGZvciBlYWNoIGVsZW1lbnQgb2YgJ2FyZ3YnLgoKICAgICAgICAgIFRoZSBmdW5jdGlv
biByZXR1cm4gdmFsdWUgaW4gdGhlIHBhcmVudCBpcyB0aGUgUElEIG9mIHRoZSBjaGlsZAogICAg
ICAgICAgcHJvY2VzczsgdGhlIGNoaWxkIGRvZXMgbm90IHJldHVybiBmcm9tIHRoaXMgZnVuY3Rp
b24uICovCgogICAgICAgc3RhdGljIHBpZF90CiAgICAgICB0YXJnZXRQcm9jZXNzKGludCBzb2Nr
UGFpclsyXSwgY2hhciAqYXJndltdKQogICAgICAgewogICAgICAgICAgIHBpZF90IHRhcmdldFBp
ZCA9IGZvcmsoKTsKICAgICAgICAgICBpZiAodGFyZ2V0UGlkID09IC0xKQogICAgICAgICAgICAg
ICBlcnJFeGl0KCJmb3JrIik7CgogICAgICAgICAgIGlmICh0YXJnZXRQaWQgPiAwKSAgICAgICAg
ICAvKiBJbiBwYXJlbnQsIHJldHVybiBQSUQgb2YgY2hpbGQgKi8KICAgICAgICAgICAgICAgcmV0
dXJuIHRhcmdldFBpZDsKCiAgICAgICAgICAgLyogQ2hpbGQgZmFsbHMgdGhyb3VnaCB0byBoZXJl
ICovCgogICAgICAgICAgIHByaW50ZigiVDogUElEID0gJWxkXG4iLCAobG9uZykgZ2V0cGlkKCkp
OwoKICAgICAgICAgICAvKiBJbnN0YWxsIHNlY2NvbXAgZmlsdGVyKHMpICovCgogICAgICAgICAg
IGlmIChwcmN0bChQUl9TRVRfTk9fTkVXX1BSSVZTLCAxLCAwLCAwLCAwKSkKICAgICAgICAgICAg
ICAgZXJyRXhpdCgicHJjdGwiKTsKCiAgICAgICAgICAgaW50IG5vdGlmeUZkID0gaW5zdGFsbE5v
dGlmeUZpbHRlcigpOwoKICAgICAgICAgICAvKiBQYXNzIHRoZSBub3RpZmljYXRpb24gZmlsZSBk
ZXNjcmlwdG9yIHRvIHRoZSB0cmFjaW5nIHByb2Nlc3Mgb3ZlcgogICAgICAgICAgICAgIGEgVU5J
WCBkb21haW4gc29ja2V0ICovCgogICAgICAgICAgIGlmIChzZW5kZmQoc29ja1BhaXJbMF0sIG5v
dGlmeUZkKSA9PSAtMSkKICAgICAgICAgICAgICAgZXJyRXhpdCgic2VuZGZkIik7CgogICAgICAg
ICAgIC8qIE5vdGlmaWNhdGlvbiBhbmQgc29ja2V0IEZEcyBhcmUgbm8gbG9uZ2VyIG5lZWRlZCBp
biB0YXJnZXQgKi8KCiAgICAgICAgICAgaWYgKGNsb3NlKG5vdGlmeUZkKSA9PSAtMSkKICAgICAg
ICAgICAgICAgZXJyRXhpdCgiY2xvc2UtdGFyZ2V0LW5vdGlmeS1mZCIpOwoKICAgICAgICAgICBj
bG9zZVNvY2tldFBhaXIoc29ja1BhaXIpOwoKICAgICAgICAgICAvKiBQZXJmb3JtIGEgbWtkaXIo
KSBjYWxsIGZvciBlYWNoIG9mIHRoZSBjb21tYW5kLWxpbmUgYXJndW1lbnRzICovCgogICAgICAg
ICAgIGZvciAoY2hhciAqKmFwID0gYXJndjsgKmFwICE9IE5VTEw7IGFwKyspIHsKICAgICAgICAg
ICAgICAgcHJpbnRmKCJcblQ6IGFib3V0IHRvIG1rZGlyKFwiJXNcIilcbiIsICphcCk7CgogICAg
ICAgICAgICAgICBpbnQgcyA9IG1rZGlyKCphcCwgMDcwMCk7CiAgICAgICAgICAgICAgIGlmIChz
ID09IC0xKQogICAgICAgICAgICAgICAgICAgcGVycm9yKCJUOiBFUlJPUjogbWtkaXIoMikiKTsK
ICAgICAgICAgICAgICAgZWxzZQogICAgICAgICAgICAgICAgICAgcHJpbnRmKCJUOiBTVUNDRVNT
OiBta2RpcigyKSByZXR1cm5lZCAlZFxuIiwgcyk7CiAgICAgICAgICAgfQoKICAgICAgICAgICBw
cmludGYoIlxuVDogdGVybWluYXRpbmdcbiIpOwogICAgICAgICAgIGV4aXQoRVhJVF9TVUNDRVNT
KTsKICAgICAgIH0KCiAgICAgICAvKiBDaGVjayB0aGF0IHRoZSBub3RpZmljYXRpb24gSUQgcHJv
dmlkZWQgYnkgYSBTRUNDT01QX0lPQ1RMX05PVElGX1JFQ1YKICAgICAgICAgIG9wZXJhdGlvbiBp
cyBzdGlsbCB2YWxpZC4gSXQgd2lsbCBubyBsb25nZXIgYmUgdmFsaWQgaWYgdGhlIHByb2Nlc3MK
ICAgICAgICAgIGhhcyB0ZXJtaW5hdGVkLiBUaGlzIG9wZXJhdGlvbiBjYW4gYmUgdXNlZCB3aGVu
IGFjY2Vzc2luZyAvcHJvYy9QSUQKICAgICAgICAgIGZpbGVzIGluIHRoZSB0YXJnZXQgcHJvY2Vz
cyBpbiBvcmRlciB0byBhdm9pZCBUT0NUT1UgcmFjZSBjb25kaXRpb25zCiAgICAgICAgICB3aGVy
ZSB0aGUgUElEIHRoYXQgaXMgcmV0dXJuZWQgYnkgU0VDQ09NUF9JT0NUTF9OT1RJRl9SRUNWIHRl
cm1pbmF0ZXMKICAgICAgICAgIGFuZCBpcyByZXVzZWQgYnkgYW5vdGhlciBwcm9jZXNzLiAqLwoK
ICAgICAgIHN0YXRpYyB2b2lkCiAgICAgICBjaGVja05vdGlmaWNhdGlvbklkSXNWYWxpZChpbnQg
bm90aWZ5RmQsIHVpbnQ2NF90IGlkKQogICAgICAgewogICAgICAgICAgIGlmIChpb2N0bChub3Rp
ZnlGZCwgU0VDQ09NUF9JT0NUTF9OT1RJRl9JRF9WQUxJRCwgJmlkKSA9PSAtMSkgewogICAgICAg
ICAgICAgICBmcHJpbnRmKHN0ZGVyciwgIlx0Uzogbm90aWZpY2F0aW9uIElEIGNoZWNrOiAiCiAg
ICAgICAgICAgICAgICAgICAgICAgInRhcmdldCBoYXMgdGVybWluYXRlZCEhIVxuIik7CgogICAg
ICAgICAgICAgICBleGl0KEVYSVRfRkFJTFVSRSk7CiAgICAgICAgICAgfQogICAgICAgfQoKICAg
ICAgIC8qIEFjY2VzcyB0aGUgbWVtb3J5IG9mIHRoZSB0YXJnZXQgcHJvY2VzcyBpbiBvcmRlciB0
byBkaXNjb3ZlciB0aGUKICAgICAgICAgIHBhdGhuYW1lIHRoYXQgd2FzIGdpdmVuIHRvIG1rZGly
KCkgKi8KCiAgICAgICBzdGF0aWMgdm9pZAogICAgICAgZ2V0VGFyZ2V0UGF0aG5hbWUoc3RydWN0
IHNlY2NvbXBfbm90aWYgKnJlcSwgaW50IG5vdGlmeUZkLAogICAgICAgICAgICAgICAgICAgICAg
ICAgY2hhciAqcGF0aCwgc2l6ZV90IGxlbikKICAgICAgIHsKICAgICAgICAgICBjaGFyIHByb2NN
ZW1QYXRoW1BBVEhfTUFYXTsKICAgICAgICAgICBzbnByaW50Zihwcm9jTWVtUGF0aCwgc2l6ZW9m
KHByb2NNZW1QYXRoKSwgIi9wcm9jLyVkL21lbSIsIHJlcS0+cGlkKTsKCiAgICAgICAgICAgaW50
IHByb2NNZW1GZCA9IG9wZW4ocHJvY01lbVBhdGgsIE9fUkRPTkxZKTsKICAgICAgICAgICBpZiAo
cHJvY01lbUZkID09IC0xKQogICAgICAgICAgICAgICBlcnJFeGl0KCJTdXBlcnZpc29yOiBvcGVu
Iik7CgogICAgICAgICAgIC8qIENoZWNrIHRoYXQgdGhlIHByb2Nlc3Mgd2hvc2UgaW5mbyB3ZSBh
cmUgYWNjZXNzaW5nIGlzIHN0aWxsIGFsaXZlLgogICAgICAgICAgICAgIElmIHRoZSBTRUNDT01Q
X0lPQ1RMX05PVElGX0lEX1ZBTElEIG9wZXJhdGlvbiAocGVyZm9ybWVkCiAgICAgICAgICAgICAg
aW4gY2hlY2tOb3RpZmljYXRpb25JZElzVmFsaWQoKSkgc3VjY2VlZHMsIHdlIGtub3cgdGhhdCB0
aGUKICAgICAgICAgICAgICAvcHJvYy9QSUQvbWVtIGZpbGUgZGVzY3JpcHRvciB0aGF0IHdlIG9w
ZW5lZCBjb3JyZXNwb25kcyB0byB0aGUKICAgICAgICAgICAgICBwcm9jZXNzIGZvciB3aGljaCB3
ZSByZWNlaXZlZCBhIG5vdGlmaWNhdGlvbi4gSWYgdGhhdCBwcm9jZXNzCiAgICAgICAgICAgICAg
c3Vic2VxdWVudGx5IHRlcm1pbmF0ZXMsIHRoZW4gcmVhZCgpIG9uIHRoYXQgZmlsZSBkZXNjcmlw
dG9yCiAgICAgICAgICAgICAgd2lsbCByZXR1cm4gMCAoRU9GKS4gKi8KCiAgICAgICAgICAgY2hl
Y2tOb3RpZmljYXRpb25JZElzVmFsaWQobm90aWZ5RmQsIHJlcS0+aWQpOwoKICAgICAgICAgICAv
KiBTZWVrIHRvIHRoZSBsb2NhdGlvbiBjb250YWluaW5nIHRoZSBwYXRobmFtZSBhcmd1bWVudCAo
aS5lLiwgdGhlCiAgICAgICAgICAgICAgZmlyc3QgYXJndW1lbnQpIG9mIHRoZSBta2RpcigyKSBj
YWxsIGFuZCByZWFkIHRoYXQgcGF0aG5hbWUgKi8KCiAgICAgICAgICAgaWYgKGxzZWVrKHByb2NN
ZW1GZCwgcmVxLT5kYXRhLmFyZ3NbMF0sIFNFRUtfU0VUKSA9PSAtMSkKICAgICAgICAgICAgICAg
ZXJyRXhpdCgiU3VwZXJ2aXNvcjogbHNlZWsiKTsKCiAgICAgICAgICAgc3NpemVfdCBzID0gcmVh
ZChwcm9jTWVtRmQsIHBhdGgsIFBBVEhfTUFYKTsKICAgICAgICAgICBpZiAocyA9PSAtMSkKICAg
ICAgICAgICAgICAgZXJyRXhpdCgicmVhZCIpOwoKICAgICAgICAgICBpZiAocyA9PSAwKSB7CiAg
ICAgICAgICAgICAgIGZwcmludGYoc3RkZXJyLCAiXHRTOiByZWFkKCkgb2YgL3Byb2MvUElEL21l
bSAiCiAgICAgICAgICAgICAgICAgICAgICAgInJldHVybmVkIDAgKEVPRilcbiIpOwogICAgICAg
ICAgICAgICBleGl0KEVYSVRfRkFJTFVSRSk7CiAgICAgICAgICAgfQoKICAgICAgICAgICBpZiAo
Y2xvc2UocHJvY01lbUZkKSA9PSAtMSkKICAgICAgICAgICAgICAgZXJyRXhpdCgiY2xvc2UtL3By
b2MvUElEL21lbSIpOwogICAgICAgfQoKICAgICAgIC8qIEhhbmRsZSBub3RpZmljYXRpb25zIHRo
YXQgYXJyaXZlIHZpYSB0aGUgU0VDQ09NUF9SRVRfVVNFUl9OT1RJRiBmaWxlCiAgICAgICAgICBk
ZXNjcmlwdG9yLCAnbm90aWZ5RmQnLiAqLwoKICAgICAgIHN0YXRpYyB2b2lkCiAgICAgICBoYW5k
bGVOb3RpZmljYXRpb25zKGludCBub3RpZnlGZCkKICAgICAgIHsKICAgICAgICAgICBzdHJ1Y3Qg
c2VjY29tcF9ub3RpZl9zaXplcyBzaXplczsKICAgICAgICAgICBjaGFyIHBhdGhbUEFUSF9NQVhd
OwogICAgICAgICAgICAgICAvKiBGb3Igc2ltcGxpY2l0eSwgd2UgYXNzdW1lIHRoYXQgdGhlIHBh
dGhuYW1lIGdpdmVuIHRvIG1rZGlyKCkKICAgICAgICAgICAgICAgICAgaXMgbm8gbW9yZSB0aGFu
IFBBVEhfTUFYIGJ5dGVzOyBidXQgdGhpcyBtaWdodCBub3QgYmUgdHJ1ZS4gKi8KCiAgICAgICAg
ICAgLyogRGlzY292ZXIgdGhlIHNpemVzIG9mIHRoZSBzdHJ1Y3R1cmVzIHRoYXQgYXJlIHVzZWQg
dG8gcmVjZWl2ZQogICAgICAgICAgICAgIG5vdGlmaWNhdGlvbnMgYW5kIHNlbmQgbm90aWZpY2F0
aW9uIHJlc3BvbnNlcywgYW5kIGFsbG9jYXRlCiAgICAgICAgICAgICAgYnVmZmVycyBvZiB0aG9z
ZSBzaXplcy4gKi8KCiAgICAgICAgICAgaWYgKHNlY2NvbXAoU0VDQ09NUF9HRVRfTk9USUZfU0la
RVMsIDAsICZzaXplcykgPT0gLTEpCiAgICAgICAgICAgICAgIGVyckV4aXQoIlx0Uzogc2VjY29t
cC1TRUNDT01QX0dFVF9OT1RJRl9TSVpFUyIpOwoKICAgICAgICAgICBzdHJ1Y3Qgc2VjY29tcF9u
b3RpZiAqcmVxID0gbWFsbG9jKHNpemVzLnNlY2NvbXBfbm90aWYpOwogICAgICAgICAgIGlmIChy
ZXEgPT0gTlVMTCkKICAgICAgICAgICAgICAgZXJyRXhpdCgiXHRTOiBtYWxsb2MiKTsKCiAgICAg
ICAgICAgc3RydWN0IHNlY2NvbXBfbm90aWZfcmVzcCAqcmVzcCA9IG1hbGxvYyhzaXplcy5zZWNj
b21wX25vdGlmX3Jlc3ApOwogICAgICAgICAgIGlmIChyZXNwID09IE5VTEwpCiAgICAgICAgICAg
ICAgIGVyckV4aXQoIlx0UzogbWFsbG9jIik7CgogICAgICAgICAgIC8qIExvb3AgaGFuZGxpbmcg
bm90aWZpY2F0aW9ucyAqLwoKICAgICAgICAgICBmb3IgKDs7KSB7CiAgICAgICAgICAgICAgIC8q
IFdhaXQgZm9yIG5leHQgbm90aWZpY2F0aW9uLCByZXR1cm5pbmcgaW5mbyBpbiAnKnJlcScgKi8K
CiAgICAgICAgICAgICAgIG1lbXNldChyZXEsIDAsIHNpemVzLnNlY2NvbXBfbm90aWYpOwogICAg
ICAgICAgICAgICBpZiAoaW9jdGwobm90aWZ5RmQsIFNFQ0NPTVBfSU9DVExfTk9USUZfUkVDViwg
cmVxKSA9PSAtMSkgewogICAgICAgICAgICAgICAgICAgaWYgKGVycm5vID09IEVJTlRSKQogICAg
ICAgICAgICAgICAgICAgICAgIGNvbnRpbnVlOwogICAgICAgICAgICAgICAgICAgZXJyRXhpdCgi
U3VwZXJ2aXNvcjogaW9jdGwtU0VDQ09NUF9JT0NUTF9OT1RJRl9SRUNWIik7CiAgICAgICAgICAg
ICAgIH0KCiAgICAgICAgICAgICAgIHByaW50ZigiXHRTOiBnb3Qgbm90aWZpY2F0aW9uIChJRCAl
I2xseCkgZm9yIFBJRCAlZFxuIiwKICAgICAgICAgICAgICAgICAgICAgICByZXEtPmlkLCByZXEt
PnBpZCk7CgogICAgICAgICAgICAgICAvKiBUaGUgb25seSBzeXN0ZW0gY2FsbCB0aGF0IGNhbiBn
ZW5lcmF0ZSBhIG5vdGlmaWNhdGlvbiBldmVudAogICAgICAgICAgICAgICAgICBpcyBta2Rpcigy
KS4gTmV2ZXJ0aGVsZXNzLCB3ZSBjaGVjayB0aGF0IHRoZSBub3RpZmllZCBzeXN0ZW0KICAgICAg
ICAgICAgICAgICAgY2FsbCBpcyBpbmRlZWQgbWtkaXIoKSBhcyBraW5kIG9mIGZ1dHVyZS1wcm9v
ZmluZyBvZiB0aGlzCiAgICAgICAgICAgICAgICAgIGNvZGUgaW4gY2FzZSB0aGUgc2VjY29tcCBm
aWx0ZXIgaXMgbGF0ZXIgbW9kaWZpZWQgdG8KICAgICAgICAgICAgICAgICAgZ2VuZXJhdGUgbm90
aWZpY2F0aW9ucyBmb3Igb3RoZXIgc3lzdGVtIGNhbGxzLiAqLwoKICAgICAgICAgICAgICAgaWYg
KHJlcS0+ZGF0YS5uciAhPSBfX05SX21rZGlyKSB7CiAgICAgICAgICAgICAgICAgICBwcmludGYo
Ilx0Uzogbm90aWZpY2F0aW9uIGNvbnRhaW5lZCB1bmV4cGVjdGVkICIKICAgICAgICAgICAgICAg
ICAgICAgICAgICAgInN5c3RlbSBjYWxsIG51bWJlcjsgYnllISEhXG4iKTsKICAgICAgICAgICAg
ICAgICAgIGV4aXQoRVhJVF9GQUlMVVJFKTsKICAgICAgICAgICAgICAgfQoKICAgICAgICAgICAg
ICAgZ2V0VGFyZ2V0UGF0aG5hbWUocmVxLCBub3RpZnlGZCwgcGF0aCwgc2l6ZW9mKHBhdGgpKTsK
CiAgICAgICAgICAgICAgIC8qIFByZXBvcHVsYXRlIHNvbWUgZmllbGRzIG9mIHRoZSByZXNwb25z
ZSAqLwoKICAgICAgICAgICAgICAgcmVzcC0+aWQgPSByZXEtPmlkOyAgICAgLyogUmVzcG9uc2Ug
aW5jbHVkZXMgbm90aWZpY2F0aW9uIElEICovCiAgICAgICAgICAgICAgIHJlc3AtPmZsYWdzID0g
MDsKICAgICAgICAgICAgICAgcmVzcC0+dmFsID0gMDsKCiAgICAgICAgICAgICAgIC8qIElmIHRo
ZSBkaXJlY3RvcnkgaXMgaW4gL3RtcCwgdGhlbiBjcmVhdGUgaXQgb24gYmVoYWxmIG9mCiAgICAg
ICAgICAgICAgICAgIHRoZSBzdXBlcnZpc29yOyBpZiB0aGUgcGF0aG5hbWUgc3RhcnRzIHdpdGgg
Jy4nLCB0ZWxsIHRoZQogICAgICAgICAgICAgICAgICBrZXJuZWwgdG8gbGV0IHRoZSB0YXJnZXQg
cHJvY2VzcyBleGVjdXRlIHRoZSBta2RpcigpOwogICAgICAgICAgICAgICAgICBvdGhlcndpc2Us
IGdpdmUgYW4gZXJyb3IgZm9yIGEgZGlyZWN0b3J5IHBhdGhuYW1lIGluCiAgICAgICAgICAgICAg
ICAgIGFueSBvdGhlciBsb2NhdGlvbi4gKi8KCiAgICAgICAgICAgICAgIGlmIChzdHJuY21wKHBh
dGgsICIvdG1wLyIsIHN0cmxlbigiL3RtcC8iKSkgPT0gMCkgewogICAgICAgICAgICAgICAgICAg
cHJpbnRmKCJcdFM6IGV4ZWN1dGluZzogbWtkaXIoXCIlc1wiLCAlI2xsbylcbiIsCiAgICAgICAg
ICAgICAgICAgICAgICAgICAgIHBhdGgsIHJlcS0+ZGF0YS5hcmdzWzFdKTsKCiAgICAgICAgICAg
ICAgICAgICBpZiAobWtkaXIocGF0aCwgcmVxLT5kYXRhLmFyZ3NbMV0pID09IDApIHsKICAgICAg
ICAgICAgICAgICAgICAgICByZXNwLT5lcnJvciA9IDA7ICAgICAgICAgICAgLyogIlN1Y2Nlc3Mi
ICovCiAgICAgICAgICAgICAgICAgICAgICAgcmVzcC0+dmFsID0gc3RybGVuKHBhdGgpOyAgIC8q
IFVzZWQgYXMgcmV0dXJuIHZhbHVlIG9mCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgIG1rZGlyKCkgaW4gdGFyZ2V0ICovCiAgICAgICAgICAgICAg
ICAgICAgICAgcHJpbnRmKCJcdFM6IHN1Y2Nlc3MhIHNwb29mZWQgcmV0dXJuID0gJWxsZFxuIiwK
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHJlc3AtPnZhbCk7CiAgICAgICAgICAgICAg
ICAgICB9IGVsc2UgewoKICAgICAgICAgICAgICAgICAgICAgICAvKiBJZiBta2RpcigpIGZhaWxl
ZCBpbiB0aGUgc3VwZXJ2aXNvciwgcGFzcyB0aGUgZXJyb3IKICAgICAgICAgICAgICAgICAgICAg
ICAgICBiYWNrIHRvIHRoZSB0YXJnZXQgKi8KCiAgICAgICAgICAgICAgICAgICAgICAgcmVzcC0+
ZXJyb3IgPSAtZXJybm87CiAgICAgICAgICAgICAgICAgICAgICAgcHJpbnRmKCJcdFM6IGZhaWx1
cmUhIChlcnJubyA9ICVkOyAlcylcbiIsIGVycm5vLAogICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgc3RyZXJyb3IoZXJybm8pKTsKICAgICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgfSBlbHNlIGlm
IChzdHJuY21wKHBhdGgsICIuLyIsIHN0cmxlbigiLi8iKSkgPT0gMCkgewogICAgICAgICAgICAg
ICAgICAgcmVzcC0+ZXJyb3IgPSByZXNwLT52YWwgPSAwOwogICAgICAgICAgICAgICAgICAgcmVz
cC0+ZmxhZ3MgPSBTRUNDT01QX1VTRVJfTk9USUZfRkxBR19DT05USU5VRTsKICAgICAgICAgICAg
ICAgICAgIHByaW50ZigiXHRTOiB0YXJnZXQgY2FuIGV4ZWN1dGUgc3lzdGVtIGNhbGxcbiIpOwog
ICAgICAgICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAgICAgICAgcmVzcC0+ZXJyb3IgPSAt
RU9QTk9UU1VQUDsKICAgICAgICAgICAgICAgICAgIHByaW50ZigiXHRTOiBzcG9vZmluZyBlcnJv
ciByZXNwb25zZSAoJXMpXG4iLAogICAgICAgICAgICAgICAgICAgICAgICAgICBzdHJlcnJvcigt
cmVzcC0+ZXJyb3IpKTsKICAgICAgICAgICAgICAgfQoKICAgICAgICAgICAgICAgLyogU2VuZCBh
IHJlc3BvbnNlIHRvIHRoZSBub3RpZmljYXRpb24gKi8KCiAgICAgICAgICAgICAgIHByaW50Zigi
XHRTOiBzZW5kaW5nIHJlc3BvbnNlICIKICAgICAgICAgICAgICAgICAgICAgICAiKGZsYWdzID0g
JSN4OyB2YWwgPSAlbGxkOyBlcnJvciA9ICVkKVxuIiwKICAgICAgICAgICAgICAgICAgICAgICBy
ZXNwLT5mbGFncywgcmVzcC0+dmFsLCByZXNwLT5lcnJvcik7CgogICAgICAgICAgICAgICBpZiAo
aW9jdGwobm90aWZ5RmQsIFNFQ0NPTVBfSU9DVExfTk9USUZfU0VORCwgcmVzcCkgPT0gLTEpIHsK
ICAgICAgICAgICAgICAgICAgIGlmIChlcnJubyA9PSBFTk9FTlQpCiAgICAgICAgICAgICAgICAg
ICAgICAgcHJpbnRmKCJcdFM6IHJlc3BvbnNlIGZhaWxlZCB3aXRoIEVOT0VOVDsgIgogICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgInBlcmhhcHMgdGFyZ2V0IHByb2Nlc3MncyBzeXNjYWxs
IHdhcyAiCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiaW50ZXJydXB0ZWQgYnkgc2ln
bmFsP1xuIik7CiAgICAgICAgICAgICAgICAgICBlbHNlCiAgICAgICAgICAgICAgICAgICAgICAg
cGVycm9yKCJpb2N0bC1TRUNDT01QX0lPQ1RMX05PVElGX1NFTkQiKTsKICAgICAgICAgICAgICAg
fQoKICAgICAgICAgICAgICAgLyogSWYgdGhlIHBhdGhuYW1lIGlzIGp1c3QgIi9ieWUiLCB0aGVu
IHRoZSBzdXBlcnZpc29yCiAgICAgICAgICAgICAgICAgIHRlcm1pbmF0ZXMuIFRoaXMgYWxsb3dz
IHVzIHRvIHNlZSB3aGF0IGhhcHBlbnMgaWYgdGhlCiAgICAgICAgICAgICAgICAgIHRhcmdldCBw
cm9jZXNzIG1ha2VzIGZ1cnRoZXIgY2FsbHMgdG8gbWtkaXIoMikuICovCgogICAgICAgICAgICAg
ICBpZiAoc3RyY21wKHBhdGgsICIvYnllIikgPT0gMCkgewogICAgICAgICAgICAgICAgICAgcHJp
bnRmKCJcdFM6IHRlcm1pbmF0aW5nICoqKioqKioqKipcbiIpOwogICAgICAgICAgICAgICAgICAg
ZXhpdChFWElUX0ZBSUxVUkUpOwogICAgICAgICAgICAgICB9CiAgICAgICAgICAgfQogICAgICAg
fQoKICAgICAgIC8qIEltcGxlbWVudGF0aW9uIG9mIHRoZSBzdXBlcnZpc29yIHByb2Nlc3M6Cgog
ICAgICAgICAgKDEpIG9idGFpbnMgdGhlIG5vdGlmaWNhdGlvbiBmaWxlIGRlc2NyaXB0b3IgZnJv
bSAnc29ja1BhaXJbMV0nCiAgICAgICAgICAoMikgaGFuZGxlcyBub3RpZmljYXRpb25zIHRoYXQg
YXJyaXZlIG9uIHRoYXQgZmlsZSBkZXNjcmlwdG9yLiAqLwoKICAgICAgIHN0YXRpYyB2b2lkCiAg
ICAgICBzdXBlcnZpc29yKGludCBzb2NrUGFpclsyXSkKICAgICAgIHsKICAgICAgICAgICBpbnQg
bm90aWZ5RmQgPSByZWN2ZmQoc29ja1BhaXJbMV0pOwogICAgICAgICAgIGlmIChub3RpZnlGZCA9
PSAtMSkKICAgICAgICAgICAgICAgZXJyRXhpdCgicmVjdmZkIik7CgogICAgICAgICAgIGNsb3Nl
U29ja2V0UGFpcihzb2NrUGFpcik7ICAvKiBXZSBubyBsb25nZXIgbmVlZCB0aGUgc29ja2V0IHBh
aXIgKi8KCiAgICAgICAgICAgaGFuZGxlTm90aWZpY2F0aW9ucyhub3RpZnlGZCk7CiAgICAgICB9
CgogICAgICAgaW50CiAgICAgICBtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pCiAgICAgICB7
CiAgICAgICAgICAgaW50IHNvY2tQYWlyWzJdOwoKICAgICAgICAgICBzZXRidWYoc3Rkb3V0LCBO
VUxMKTsKCiAgICAgICAgICAgaWYgKGFyZ2MgPCAyKSB7CiAgICAgICAgICAgICAgIGZwcmludGYo
c3RkZXJyLCAiQXQgbGVhc3Qgb25lIHBhdGhuYW1lIGFyZ3VtZW50IGlzIHJlcXVpcmVkXG4iKTsK
ICAgICAgICAgICAgICAgZXhpdChFWElUX0ZBSUxVUkUpOwogICAgICAgICAgIH0KCiAgICAgICAg
ICAgLyogQ3JlYXRlIGEgVU5JWCBkb21haW4gc29ja2V0IHRoYXQgaXMgdXNlZCB0byBwYXNzIHRo
ZSBzZWNjb21wCiAgICAgICAgICAgICAgbm90aWZpY2F0aW9uIGZpbGUgZGVzY3JpcHRvciBmcm9t
IHRoZSB0YXJnZXQgcHJvY2VzcyB0byB0aGUKICAgICAgICAgICAgICBzdXBlcnZpc29yIHByb2Nl
c3MuICovCgogICAgICAgICAgIGlmIChzb2NrZXRwYWlyKEFGX1VOSVgsIFNPQ0tfU1RSRUFNLCAw
LCBzb2NrUGFpcikgPT0gLTEpCiAgICAgICAgICAgICAgIGVyckV4aXQoInNvY2tldHBhaXIiKTsK
CiAgICAgICAgICAgLyogQ3JlYXRlIGEgY2hpbGQgcHJvY2Vzcy0tdGhlICJ0YXJnZXQiLS10aGF0
IGluc3RhbGxzIHNlY2NvbXAKICAgICAgICAgICAgICBmaWx0ZXJpbmcuIFRoZSB0YXJnZXQgcHJv
Y2VzcyB3cml0ZXMgdGhlIHNlY2NvbXAgbm90aWZpY2F0aW9uCiAgICAgICAgICAgICAgZmlsZSBk
ZXNjcmlwdG9yIG9udG8gJ3NvY2tQYWlyWzBdJyBhbmQgdGhlbiBjYWxscyBta2RpcigyKSBmb3IK
ICAgICAgICAgICAgICBlYWNoIGRpcmVjdG9yeSBpbiB0aGUgY29tbWFuZC1saW5lIGFyZ3VtZW50
cy4gKi8KCiAgICAgICAgICAgKHZvaWQpIHRhcmdldFByb2Nlc3Moc29ja1BhaXIsICZhcmd2W29w
dGluZF0pOwoKICAgICAgICAgICAvKiBDYXRjaCBTSUdDSExEIHdoZW4gdGhlIHRhcmdldCB0ZXJt
aW5hdGVzLCBzbyB0aGF0IHRoZQogICAgICAgICAgICAgIHN1cGVydmlzb3IgY2FuIGFsc28gdGVy
bWluYXRlLiAqLwoKICAgICAgICAgICBzdHJ1Y3Qgc2lnYWN0aW9uIHNhOwogICAgICAgICAgIHNh
LnNhX2hhbmRsZXIgPSBzaWdjaGxkSGFuZGxlcjsKICAgICAgICAgICBzYS5zYV9mbGFncyA9IDA7
CiAgICAgICAgICAgc2lnZW1wdHlzZXQoJnNhLnNhX21hc2spOwogICAgICAgICAgIGlmIChzaWdh
Y3Rpb24oU0lHQ0hMRCwgJnNhLCBOVUxMKSA9PSAtMSkKICAgICAgICAgICAgICAgZXJyRXhpdCgi
c2lnYWN0aW9uIik7CgogICAgICAgICAgIHN1cGVydmlzb3Ioc29ja1BhaXIpOwoKICAgICAgICAg
ICBleGl0KEVYSVRfU1VDQ0VTUyk7CiAgICAgICB9CgpTRUUgQUxTTwogICAgICAgaW9jdGwoMiks
IHNlY2NvbXAoMikKCgotLSAKTWljaGFlbCBLZXJyaXNrCkxpbnV4IG1hbi1wYWdlcyBtYWludGFp
bmVyOyBodHRwOi8vd3d3Lmtlcm5lbC5vcmcvZG9jL21hbi1wYWdlcy8KTGludXgvVU5JWCBTeXN0
ZW0gUHJvZ3JhbW1pbmcgVHJhaW5pbmc6IGh0dHA6Ly9tYW43Lm9yZy90cmFpbmluZy8KX19fX19f
X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KQ29udGFpbmVycyBtYWls
aW5nIGxpc3QKQ29udGFpbmVyc0BsaXN0cy5saW51eC1mb3VuZGF0aW9uLm9yZwpodHRwczovL2xp
c3RzLmxpbnV4Zm91bmRhdGlvbi5vcmcvbWFpbG1hbi9saXN0aW5mby9jb250YWluZXJz

From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=Ftx9=DH=vger.kernel.org=linux-kernel-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-10.3 required=3.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,
	HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,MENTIONS_GIT_HOSTING,
	SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_SANE_1 autolearn=unavailable
	autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id DAF94C4727E
	for <linux-kernel@archiver.kernel.org>; Wed, 30 Sep 2020 11:08:19 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by mail.kernel.org (Postfix) with ESMTP id 7A568206FC
	for <linux-kernel@archiver.kernel.org>; Wed, 30 Sep 2020 11:08:19 +0000 (UTC)
Authentication-Results: mail.kernel.org;
	dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="nCGYhsvD"
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1729483AbgI3LHn (ORCPT
        <rfc822;linux-kernel@archiver.kernel.org>);
        Wed, 30 Sep 2020 07:07:43 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58492 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1728430AbgI3LHn (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 30 Sep 2020 07:07:43 -0400
Received: from mail-wr1-x442.google.com (mail-wr1-x442.google.com [IPv6:2a00:1450:4864:20::442])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 59FC2C061755;
        Wed, 30 Sep 2020 04:07:42 -0700 (PDT)
Received: by mail-wr1-x442.google.com with SMTP id x14so1298336wrl.12;
        Wed, 30 Sep 2020 04:07:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=cc:to:from:subject:message-id:date:user-agent:mime-version
         :content-language:content-transfer-encoding;
        bh=7V06UaidBYVts5T1QXfJB9g2Eh0Pg9/j1QaxuXnO3gY=;
        b=nCGYhsvD3VGoXhra82c9I5Rw937nJzJiMVdc1vONn9GUXWc4IPRapiQHLRntLuYszb
         15Vq6rW9SEjccoY+KuCqkobPwhm2+4u1aFnZ3FBk6/8vZ/3A3kzBddKWYLdpvj2oVnV+
         x95NnQ+prm42jwPP5hfuxLqlQAbT5XiN7nur+bwZf4RqYcTLkfayiuNcFbx+1rjMdEHN
         rFp2IqSJ3Agx9tQx0vbjC35JEORHKquHqbUIuf5LdRxlHeZ15u/rUNoiIuCbZbxG8usZ
         V2RIOEveYhz6fs0S1UpbLoZRN04qTf61fq/sIbyH4qicCjj7uAP1q0OMCuSrLnoimRl7
         Lj1w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:cc:to:from:subject:message-id:date:user-agent
         :mime-version:content-language:content-transfer-encoding;
        bh=7V06UaidBYVts5T1QXfJB9g2Eh0Pg9/j1QaxuXnO3gY=;
        b=BHWn5K11w7cawJNEzJ9gawtGAA2/lXdk8V8iur0hYxWREq6tDnhj2dtQ4V1qpcpYUs
         XlZIuJOvDHK4L8itubv6HaVtFs70Ypn5tbGzw2AOE33NfUk67vrM44eTomrsks2pPj3c
         /lb5rkUfyKgxPX9aVecBTxKqZPHQ/prJLZbYjnFn0CkmS+pPWlYwwxd4CKWFm3ODaGYH
         46WyKPsIqoaCw+qW/a8ESSZwkmOGvZqw7CQA1CmC5LslSIKBhuxLoRLdsuYNu5rTdF1v
         aTKj8hCoW1HN93GXhKQDNlIFzaQF96y+J3JlL9xgOz/cDTUBkvu3miu4ygY/GPRY6uBy
         LgVA==
X-Gm-Message-State: AOAM53240JQHUgBZ5SHOZJlR6Ifektu5lgMfrKWoLrH0ovD2Ye0MHVCR
        cfpbkMBUFL0lybiHnmga8cE=
X-Google-Smtp-Source: ABdhPJzG1F25MJr5TUsySnk7PHJdQwUKEAHHu5jYlqZdltrqhAa5BqkugE2nL6CdykN9OfXafIS7RA==
X-Received: by 2002:adf:f4c6:: with SMTP id h6mr2489705wrp.310.1601464060090;
        Wed, 30 Sep 2020 04:07:40 -0700 (PDT)
Received: from ?IPv6:2001:a61:2479:6801:d8fe:4132:9f23:7e8f? ([2001:a61:2479:6801:d8fe:4132:9f23:7e8f])
        by smtp.gmail.com with ESMTPSA id 76sm2365466wma.42.2020.09.30.04.07.38
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Wed, 30 Sep 2020 04:07:39 -0700 (PDT)
Cc:     mtk.manpages@gmail.com, Kees Cook <keescook@chromium.org>,
        Christian Brauner <christian@brauner.io>,
        linux-man <linux-man@vger.kernel.org>,
        lkml <linux-kernel@vger.kernel.org>,
        Aleksa Sarai <cyphar@cyphar.com>, Jann Horn <jannh@google.com>,
        Alexei Starovoitov <ast@kernel.org>, wad@chromium.org,
        bpf@vger.kernel.org, Song Liu <songliubraving@fb.com>,
        Daniel Borkmann <daniel@iogearbox.net>,
        Andy Lutomirski <luto@amacapital.net>,
        Linux Containers <containers@lists.linux-foundation.org>,
        Giuseppe Scrivano <gscrivan@redhat.com>,
        Robert Sesek <rsesek@google.com>
To:     Tycho Andersen <tycho@tycho.pizza>,
        Sargun Dhillon <sargun@sargun.me>
From:   "Michael Kerrisk (man-pages)" <mtk.manpages@gmail.com>
Subject: For review: seccomp_user_notif(2) manual page
Message-ID: <45f07f17-18b6-d187-0914-6f341fe90857@gmail.com>
Date:   Wed, 30 Sep 2020 13:07:38 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101
 Thunderbird/68.10.0
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Hi Tycho, Sargun (and all),

I knew it would be a big ask, but below is kind of the manual page
I was hoping you might write [1] for the seccomp user-space notification
mechanism. Since you didn't (and because 5.9 adds various new pieces 
such as SECCOMP_ADDFD_FLAG_SETFD and SECCOMP_IOCTL_NOTIF_ADDFD 
that also will need documenting [2]), I did :-). But of course I may 
have made mistakes...

I've shown the rendered version of the page below, and would love
to receive review comments from you and others, and acks, etc.

There are a few FIXMEs sprinkled into the page, including one
that relates to what appears to me to be a misdesign (possibly 
fixable) in the operation of the SECCOMP_IOCTL_NOTIF_RECV 
operation. I would be especially interested in feedback on that
FIXME, and also of course the other FIXMEs.

The page includes an extensive (albeit slightly contrived)
example program, and I would be happy also to receive comments
on that program.

The page source currently sits in a branch (along with the text
that you sent me for the seccomp(2) page) at
https://git.kernel.org/pub/scm/docs/man-pages/man-pages.git/log/?h=seccomp_user_notif

Thanks,

Michael

[1] https://lore.kernel.org/linux-man/2cea5fec-e73e-5749-18af-15c35a4bd23c@gmail.com/#t
[2] Sargun, can you prepare something on SECCOMP_ADDFD_FLAG_SETFD
    and SECCOMP_IOCTL_NOTIF_ADDFD to be added to this page?

=====

NAME
       seccomp_user_notif - Seccomp user-space notification mechanism

SYNOPSIS
       #include <linux/seccomp.h>
       #include <linux/filter.h>
       #include <linux/audit.h>

       int seccomp(unsigned int operation, unsigned int flags, void *args);

DESCRIPTION
       This  page  describes  the user-space notification mechanism pro‐
       vided by the Secure Computing (seccomp) facility.  As well as the
       use   of  the  SECCOMP_FILTER_FLAG_NEW_LISTENER  flag,  the  SEC‐
       COMP_RET_USER_NOTIF action value, and the SECCOMP_GET_NOTIF_SIZES
       operation  described  in  seccomp(2), this mechanism involves the
       use of a number of related ioctl(2) operations (described below).

   Overview
       In conventional usage of a seccomp filter, the decision about how
       to  treat  a particular system call is made by the filter itself.
       The user-space notification mechanism allows the handling of  the
       system  call  to  instead  be handed off to a user-space process.
       The advantages of doing this are that, by contrast with the  sec‐
       comp  filter,  which  is  running on a virtual machine inside the
       kernel, the user-space process has access to information that  is
       unavailable to the seccomp filter and it can perform actions that
       can't be performed from the seccomp filter.

       In the discussion that follows, the process  that  has  installed
       the  seccomp filter is referred to as the target, and the process
       that is notified by  the  user-space  notification  mechanism  is
       referred  to  as  the  supervisor.  An overview of the steps per‐
       formed by these two processes is as follows:

       1. The target process establishes a seccomp filter in  the  usual
          manner, but with two differences:

          · The seccomp(2) flags argument includes the flag SECCOMP_FIL‐
            TER_FLAG_NEW_LISTENER.  Consequently, the return  value   of
            the  (successful)  seccomp(2) call is a new "listening" file
            descriptor that can be used to receive notifications.

          · In cases where it is appropriate, the seccomp filter returns
            the  action value SECCOMP_RET_USER_NOTIF.  This return value
            will trigger a notification event.

       2. In order that the supervisor process can obtain  notifications
          using  the  listening  file  descriptor, (a duplicate of) that
          file descriptor must be passed from the target process to  the
          supervisor process.  One way in which this could be done is by
          passing the file descriptor over a UNIX domain socket  connec‐
          tion between the two processes (using the SCM_RIGHTS ancillary
          message type described in unix(7)).   Another  possibility  is
          that  the  supervisor  might  inherit  the file descriptor via
          fork(2).

       3. The supervisor process will receive notification events on the
          listening  file  descriptor.   These  events  are  returned as
          structures of type seccomp_notif.  Because this structure  and
          its  size may evolve over kernel versions, the supervisor must
          first determine the size of  this  structure  using  the  sec‐
          comp(2)  SECCOMP_GET_NOTIF_SIZES  operation,  which  returns a
          structure of type seccomp_notif_sizes.  The  supervisor  allo‐
          cates a buffer of size seccomp_notif_sizes.seccomp_notif bytes
          to receive notification events.   In  addition,the  supervisor
          allocates  another  buffer  of  size  seccomp_notif_sizes.sec‐
          comp_notif_resp  bytes  for  the  response  (a   struct   sec‐
          comp_notif_resp  structure) that it will provide to the kernel
          (and thus the target process).

       4. The target process then performs its workload, which  includes
          system  calls  that  will be controlled by the seccomp filter.
          Whenever one of these system calls causes the filter to return
          the  SECCOMP_RET_USER_NOTIF  action value, the kernel does not
          execute the system call;  instead,  execution  of  the  target
          process is temporarily blocked inside the kernel and a notifi‐
          cation event is generated on the listening file descriptor.

       5. The supervisor process can now repeatedly monitor the  listen‐
          ing   file   descriptor  for  SECCOMP_RET_USER_NOTIF-triggered
          events.   To  do  this,   the   supervisor   uses   the   SEC‐
          COMP_IOCTL_NOTIF_RECV  ioctl(2)  operation to read information
          about a notification event; this  operation  blocks  until  an
          event  is  available.   The  operation returns a seccomp_notif
          structure containing information about the system call that is
          being attempted by the target process.

       6. The    seccomp_notif    structure   returned   by   the   SEC‐
          COMP_IOCTL_NOTIF_RECV operation includes the same  information
          (a seccomp_data structure) that was passed to the seccomp fil‐
          ter.  This information allows the supervisor to  discover  the
          system  call number and the arguments for the target process's
          system call.  In addition, the notification event contains the
          PID of the target process.

          The  information  in  the notification can be used to discover
          the values of pointer arguments for the target process's  sys‐
          tem call.  (This is something that can't be done from within a
          seccomp filter.)  To do this (and  assuming  it  has  suitable
          permissions),   the   supervisor   opens   the   corresponding
          /proc/[pid]/mem file, seeks to the memory location that corre‐
          sponds to one of the pointer arguments whose value is supplied
          in the notification event, and reads bytes from that location.
          (The supervisor must be careful to avoid a race condition that
          can occur when doing this; see the  description  of  the  SEC‐
          COMP_IOCTL_NOTIF_ID_VALID ioctl(2) operation below.)  In addi‐
          tion, the supervisor can access other system information  that
          is  visible  in  user space but which is not accessible from a
          seccomp filter.

          ┌─────────────────────────────────────────────────────┐
          │FIXME                                                │
          ├─────────────────────────────────────────────────────┤
          │Suppose we are reading a pathname from /proc/PID/mem │
          │for  a system call such as mkdir(). The pathname can │
          │be an arbitrary length. How do we know how much (how │
          │many pages) to read from /proc/PID/mem?              │
          └─────────────────────────────────────────────────────┘

       7. Having  obtained  information  as  per  the previous step, the
          supervisor may then choose to perform an action in response to
          the  target  process's  system call (which, as noted above, is
          not  executed  when  the  seccomp  filter  returns  the   SEC‐
          COMP_RET_USER_NOTIF action value).

          One  example  use case here relates to containers.  The target
          process may be located inside a container where  it  does  not
          have sufficient capabilities to mount a filesystem in the con‐
          tainer's mount namespace.  However, the supervisor  may  be  a
          more  privileged  process that that does have sufficient capa‐
          bilities to perform the mount operation.

       8. The supervisor then sends a response to the notification.  The
          information  in  this  response  is used by the kernel to con‐
          struct a return value for the target process's system call and
          provide a value that will be assigned to the errno variable of
          the target process.

          The  response  is  sent  using  the   SECCOMP_IOCTL_NOTIF_RECV
          ioctl(2)   operation,   which  is  used  to  transmit  a  sec‐
          comp_notif_resp  structure  to  the  kernel.   This  structure
          includes  a  cookie  value that the supervisor obtained in the
          seccomp_notif    structure    returned     by     the     SEC‐
          COMP_IOCTL_NOTIF_RECV operation.  This cookie value allows the
          kernel to associate the response with the target process.

       9. Once the notification has been sent, the system  call  in  the
          target  process  unblocks,  returning the information that was
          provided by the supervisor in the notification response.

       As a variation on the last two steps, the supervisor can  send  a
       response  that tells the kernel that it should execute the target
       process's   system   call;   see   the   discussion    of    SEC‐
       COMP_USER_NOTIF_FLAG_CONTINUE, below.

   ioctl(2) operations
       The following ioctl(2) operations are provided to support seccomp
       user-space notification.  For each of these operations, the first
       (file  descriptor)  argument  of  ioctl(2)  is the listening file
       descriptor returned by a call to seccomp(2) with the SECCOMP_FIL‐
       TER_FLAG_NEW_LISTENER flag.

       SECCOMP_IOCTL_NOTIF_RECV
              This operation is used to obtain a user-space notification
              event.  If no such event is currently pending, the  opera‐
              tion  blocks  until  an  event occurs.  The third ioctl(2)
              argument is a pointer to a structure of the following form
              which  contains  information about the event.  This struc‐
              ture must be zeroed out before the call.

                  struct seccomp_notif {
                      __u64  id;              /* Cookie */
                      __u32  pid;             /* PID of target process */
                      __u32  flags;           /* Currently unused (0) */
                      struct seccomp_data data;   /* See seccomp(2) */
                  };

              The fields in this structure are as follows:

              id     This is a cookie for the notification.   Each  such
                     cookie  is  guaranteed  to be unique for the corre‐
                     sponding seccomp  filter.   In  other  words,  this
                     cookie  is  unique for each notification event from
                     the target process.  The cookie value has the  fol‐
                     lowing uses:

                     · It     can     be     used    with    the    SEC‐
                       COMP_IOCTL_NOTIF_ID_VALID ioctl(2)  operation  to
                       verify that the target process is still alive.

                     · When  returning  a  notification  response to the
                       kernel, the supervisor must  include  the  cookie
                       value in the seccomp_notif_resp structure that is
                       specified   as   the   argument   of   the   SEC‐
                       COMP_IOCTL_NOTIF_SEND operation.

              pid    This  is  the  PID of the target process that trig‐
                     gered the notification event.

                     ┌─────────────────────────────────────────────────────┐
                     │FIXME                                                │
                     ├─────────────────────────────────────────────────────┤
                     │This is a thread ID, rather than a PID, right?       │
                     └─────────────────────────────────────────────────────┘

              flags  This is a  bit  mask  of  flags  providing  further
                     information on the event.  In the current implemen‐
                     tation, this field is always zero.

              data   This is a seccomp_data structure containing  infor‐
                     mation  about  the  system  call that triggered the
                     notification.  This is the same structure  that  is
                     passed  to  the seccomp filter.  See seccomp(2) for
                     details of this structure.

              On success, this operation returns 0; on  failure,  -1  is
              returned,  and  errno  is set to indicate the cause of the
              error.  This operation can fail with the following errors:

              EINVAL (since Linux 5.5)
                     The seccomp_notif structure that was passed to  the
                     call contained nonzero fields.

              ENOENT The  target  process  was killed by a signal as the
                     notification information was being generated.

       ┌─────────────────────────────────────────────────────┐
       │FIXME                                                │
       ├─────────────────────────────────────────────────────┤
       │From my experiments,  it  appears  that  if  a  SEC‐ │
       │COMP_IOCTL_NOTIF_RECV   is  done  after  the  target │
       │process terminates, then the ioctl()  simply  blocks │
       │(rather than returning an error to indicate that the │
       │target process no longer exists).                    │
       │                                                     │
       │I found that surprising, and it required  some  con‐ │
       │tortions  in the example program.  It was not possi‐ │
       │ble to code my SIGCHLD handler (which reaps the zom‐ │
       │bie  when  the  worker/target process terminates) to │
       │simply set a flag checked in the main  handleNotifi‐ │
       │cations()  loop,  since  this created an unavoidable │
       │race where the child might terminate  just  after  I │
       │had  checked  the  flag,  but before I blocked (for‐ │
       │ever!) in  the  SECCOMP_IOCTL_NOTIF_RECV  operation. │
       │Instead,  I had to code the signal handler to simply │
       │call _exit(2)  in  order  to  terminate  the  parent │
       │process (the supervisor).                            │
       │                                                     │
       │Is  this  expected  behavior?  It seems to me rather │
       │desirable that SECCOMP_IOCTL_NOTIF_RECV should  give │
       │an error if the target process has terminated.       │
       └─────────────────────────────────────────────────────┘

       SECCOMP_IOCTL_NOTIF_ID_VALID
              This operation can be used to check that a notification ID
              returned by an earlier SECCOMP_IOCTL_NOTIF_RECV  operation
              is  still  valid  (i.e.,  that  the  target  process still
              exists).

              The third ioctl(2) argument is a  pointer  to  the  cookie
              (id) returned by the SECCOMP_IOCTL_NOTIF_RECV operation.

              This  operation is necessary to avoid race conditions that
              can  occur   when   the   pid   returned   by   the   SEC‐
              COMP_IOCTL_NOTIF_RECV   operation   terminates,  and  that
              process ID is reused by another process.   An  example  of
              this kind of race is the following

              1. A  notification  is  generated  on  the  listening file
                 descriptor.  The returned  seccomp_notif  contains  the
                 PID of the target process.

              2. The target process terminates.

              3. Another process is created on the system that by chance
                 reuses the PID that was freed when the  target  process
                 terminates.

              4. The  supervisor  open(2)s  the /proc/[pid]/mem file for
                 the PID obtained in step 1, with the intention of (say)
                 inspecting the memory locations that contains the argu‐
                 ments of the system call that triggered  the  notifica‐
                 tion in step 1.

              In the above scenario, the risk is that the supervisor may
              try to access the memory of a process other than the  tar‐
              get.   This  race  can be avoided by following the call to
              open with a SECCOMP_IOCTL_NOTIF_ID_VALID operation to ver‐
              ify  that  the  process that generated the notification is
              still alive.  (Note that  if  the  target  process  subse‐
              quently  terminates, its PID won't be reused because there
              remains an open reference to the /proc[pid]/mem  file;  in
              this  case, a subsequent read(2) from the file will return
              0, indicating end of file.)

              On success (i.e., the notification  ID  is  still  valid),
              this  operation  returns 0 On failure (i.e., the notifica‐
              tion ID is no longer valid), -1 is returned, and errno  is
              set to ENOENT.

       SECCOMP_IOCTL_NOTIF_SEND
              This  operation  is  used  to send a notification response
              back to the kernel.  The third ioctl(2) argument  of  this
              structure  is  a  pointer  to a structure of the following
              form:

                  struct seccomp_notif_resp {
                      __u64 id;               /* Cookie value */
                      __s64 val;              /* Success return value */
                      __s32 error;            /* 0 (success) or negative
                                                 error number */
                      __u32 flags;            /* See below */
                  };

              The fields of this structure are as follows:

              id     This is the cookie value that  was  obtained  using
                     the   SECCOMP_IOCTL_NOTIF_RECV   operation.    This
                     cookie value allows the kernel to  correctly  asso‐
                     ciate this response with the system call that trig‐
                     gered the user-space notification.

              val    This is the value that will be used for  a  spoofed
                     success  return  for  the  target  process's system
                     call; see below.

              error  This is the value that will be used  as  the  error
                     number  (errno)  for a spoofed error return for the
                     target process's system call; see below.

              flags  This is a bit mask that includes zero  or  more  of
                     the following flags

                     SECCOMP_USER_NOTIF_FLAG_CONTINUE (since Linux 5.5)
                            Tell   the  kernel  to  execute  the  target
                            process's system call.

              Two kinds of response are possible:

              · A response to the kernel telling it to execute the  tar‐
                get  process's  system  call.   In  this case, the flags
                field includes SECCOMP_USER_NOTIF_FLAG_CONTINUE and  the
                error and val fields must be zero.

                This  kind  of response can be useful in cases where the
                supervisor needs to do deeper analysis of  the  target's
                system  call  than  is  possible  from  a seccomp filter
                (e.g., examining the values of pointer arguments),  and,
                having  verified that the system call is acceptable, the
                supervisor wants to allow it to proceed.

              · A spoofed return value for the target  process's  system
                call.   In  this  case,  the kernel does not execute the
                target process's system call, instead causing the system
                call to return a spoofed value as specified by fields of
                the seccomp_notif_resp structure.  The supervisor should
                set the fields of this structure as follows:

                +  flags  does  not contain SECCOMP_USER_NOTIF_FLAG_CON‐
                   TINUE.

                +  error is set either to  0  for  a  spoofed  "success"
                   return  or  to  a negative error number for a spoofed
                   "failure" return.  In the  former  case,  the  kernel
                   causes the target process's system call to return the
                   value specified in the val field.  In the later case,
                   the kernel causes the target process's system call to
                   return -1, and errno is assigned  the  negated  error
                   value.

                +  val is set to a value that will be used as the return
                   value for a spoofed "success" return for  the  target
                   process's  system  call.   The value in this field is
                   ignored if the error field contains a nonzero value.

              On success, this operation returns 0; on  failure,  -1  is
              returned,  and  errno  is set to indicate the cause of the
              error.  This operation can fail with the following errors:

              EINPROGRESS
                     A response to this notification  has  already  been
                     sent.

              EINVAL An invalid value was specified in the flags field.

              EINVAL The       flags      field      contained      SEC‐
                     COMP_USER_NOTIF_FLAG_CONTINUE, and the error or val
                     field was not zero.

              ENOENT The  blocked  system call in the target process has
                     been interrupted by a signal handler.

NOTES
       The file descriptor returned when seccomp(2) is employed with the
       SECCOMP_FILTER_FLAG_NEW_LISTENER  flag  can  be  monitored  using
       poll(2), epoll(7), and select(2).  When a notification  is  pend‐
       ing,  these interfaces indicate that the file descriptor is read‐
       able.

       ┌─────────────────────────────────────────────────────┐
       │FIXME                                                │
       ├─────────────────────────────────────────────────────┤
       │Interestingly, after the event  had  been  received, │
       │the  file descriptor indicates as writable (verified │
       │from the source code and by experiment). How is this │
       │useful?                                              │
       └─────────────────────────────────────────────────────┘

EXAMPLES
       The (somewhat contrived) program shown below demonstrates the use
       of the interfaces described in this page.  The program creates  a
       child  process  that  serves  as the "target" process.  The child
       process  installs  a  seccomp  filter  that  returns   the   SEC‐
       COMP_RET_USER_NOTIF  action  value if a call is made to mkdir(2).
       The child process then calls mkdir(2) once for each of  the  sup‐
       plied  command-line arguments, and reports the result returned by
       the call.  After processing all arguments, the child process ter‐
       minates.

       The  parent  process  acts  as  the supervisor, listening for the
       notifications that are generated when the  target  process  calls
       mkdir(2).   When such a notification occurs, the supervisor exam‐
       ines the memory of the target process (using /proc/[pid]/mem)  to
       discover  the pathname argument that was supplied to the mkdir(2)
       call, and performs one of the following actions:

       · If the pathname begins with the prefix "/tmp/", then the super‐
         visor  attempts  to  create  the  specified directory, and then
         spoofs a return for the target  process  based  on  the  return
         value  of  the  supervisor's  mkdir(2) call.  In the event that
         that call succeeds, the spoofed success  return  value  is  the
         length of the pathname.

       · If  the pathname begins with "./" (i.e., it is a relative path‐
         name), the supervisor sends a  SECCOMP_USER_NOTIF_FLAG_CONTINUE
         response  to  the  kernel to say that kernel should execute the
         target process's mkdir(2) call.

       · If the pathname begins with some other prefix,  the  supervisor
         spoofs an error return for the target process, so that the tar‐
         get process's mkdir(2) call appears to fail with the error EOP‐
         NOTSUPP  ("Operation  not  supported").   Additionally,  if the
         specified pathname is exactly "/bye", then the supervisor  ter‐
         minates.

       This  program  can  used  to  demonstrate  various aspects of the
       behavior of the seccomp user-space  notification  mechanism.   To
       help  aid  such demonstrations, the program logs various messages
       to show the operation of the target process (lines prefixed "T:")
       and the supervisor (indented lines prefixed "S:").

       In  the  following  example,  the  target  attempts to create the
       directory /tmp/x.  Upon receiving the notification, the  supervi‐
       sor  creates  the  directory on the target's behalf, and spoofs a
       success return to be received by the  target  process's  mkdir(2)
       call.

           $ ./seccomp_unotify /tmp/x
           T: PID = 23168

           T: about to mkdir("/tmp/x")
                   S: got notification (ID 0x17445c4a0f4e0e3c) for PID 23168
                   S: executing: mkdir("/tmp/x", 0700)
                   S: success! spoofed return = 6
                   S: sending response (flags = 0; val = 6; error = 0)
           T: SUCCESS: mkdir(2) returned 6

           T: terminating
                   S: target has terminated; bye

       In  the  above output, note that the spoofed return value seen by
       the target process is 6 (the  length  of  the  pathname  /tmp/x),
       whereas a normal mkdir(2) call returns 0 on success.

       In  the  next  example, the target attempts to create a directory
       using the relative pathname ./sub.  Since  this  pathname  starts
       with  "./",  the  supervisor sends a SECCOMP_USER_NOTIF_FLAG_CON‐
       TINUE response to the kernel, and the kernel then  (successfully)
       executes the target process's mkdir(2) call.

           $ ./seccomp_unotify ./sub
           T: PID = 23204

           T: about to mkdir("./sub")
                   S: got notification (ID 0xddb16abe25b4c12) for PID 23204
                   S: target can execute system call
                   S: sending response (flags = 0x1; val = 0; error = 0)
           T: SUCCESS: mkdir(2) returned 0

           T: terminating
                   S: target has terminated; bye

       If the target process attempts to create a directory with a path‐
       name that doesn't start with "." and doesn't begin with the  pre‐
       fix  "/tmp/", then the supervisor spoofs an error return (EOPNOT‐
       SUPP, "Operation not  supported") for the target's mkdir(2)  call
       (which is not executed):

           $ ./seccomp_unotify /xxx
           T: PID = 23178

           T: about to mkdir("/xxx")
                   S: got notification (ID 0xe7dc095d1c524e80) for PID 23178
                   S: spoofing error response (Operation not supported)
                   S: sending response (flags = 0; val = 0; error = -95)
           T: ERROR: mkdir(2): Operation not supported

           T: terminating
                   S: target has terminated; bye

       In  the  next  example,  the  target process attempts to create a
       directory with the pathname /tmp/nosuchdir/b.  Upon receiving the
       notification,  the  supervisor attempts to create that directory,
       but the mkdir(2) call fails because the directory  /tmp/nosuchdir
       does  not  exist.   Consequently,  the supervisor spoofs an error
       return that passes the error that it received back to the  target
       process's mkdir(2) call.

           $ ./seccomp_unotify /tmp/nosuchdir/b
           T: PID = 23199

           T: about to mkdir("/tmp/nosuchdir/b")
                   S: got notification (ID 0x8744454293506046) for PID 23199
                   S: executing: mkdir("/tmp/nosuchdir/b", 0700)
                   S: failure! (errno = 2; No such file or directory)
                   S: sending response (flags = 0; val = 0; error = -2)
           T: ERROR: mkdir(2): No such file or directory

           T: terminating
                   S: target has terminated; bye

       If the supervisor receives a notification and sees that the argu‐
       ment of the target's mkdir(2) is the string "/bye", then (as well
       as  spoofing an EOPNOTSUPP error), the supervisor terminates.  If
       the target process subsequently executes  another  mkdir(2)  that
       triggers  its seccomp filter to return the SECCOMP_RET_USER_NOTIF
       action value, then the kernel causes the target process's  system
       call  to fail with the error ENOSYS ("Function not implemented").
       This is demonstrated by the following example:

           $ ./seccomp_unotify /bye /tmp/y
           T: PID = 23185

           T: about to mkdir("/bye")
                   S: got notification (ID 0xa81236b1d2f7b0f4) for PID 23185
                   S: spoofing error response (Operation not supported)
                   S: sending response (flags = 0; val = 0; error = -95)
                   S: terminating **********
           T: ERROR: mkdir(2): Operation not supported

           T: about to mkdir("/tmp/y")
           T: ERROR: mkdir(2): Function not implemented

           T: terminating

   Program source
       #define _GNU_SOURCE
       #include <sys/types.h>
       #include <sys/prctl.h>
       #include <fcntl.h>
       #include <limits.h>
       #include <signal.h>
       #include <stddef.h>
       #include <stdint.h>
       #include <stdbool.h>
       #include <linux/audit.h>
       #include <sys/syscall.h>
       #include <sys/stat.h>
       #include <linux/filter.h>
       #include <linux/seccomp.h>
       #include <sys/ioctl.h>
       #include <stdio.h>
       #include <stdlib.h>
       #include <unistd.h>
       #include <errno.h>
       #include <sys/socket.h>
       #include <sys/un.h>

       #define errExit(msg)    do { perror(msg); exit(EXIT_FAILURE); \
                               } while (0)

       /* Send the file descriptor 'fd' over the connected UNIX domain socket
          'sockfd'. Returns 0 on success, or -1 on error. */

       static int
       sendfd(int sockfd, int fd)
       {
           struct msghdr msgh;
           struct iovec iov;
           int data;
           struct cmsghdr *cmsgp;

           /* Allocate a char array of suitable size to hold the ancillary data.
              However, since this buffer is in reality a 'struct cmsghdr', use a
              union to ensure that it is suitable aligned. */
           union {
               char   buf[CMSG_SPACE(sizeof(int))];
                               /* Space large enough to hold an 'int' */
               struct cmsghdr align;
           } controlMsg;

           /* The 'msg_name' field can be used to specify the address of the
              destination socket when sending a datagram. However, we do not
              need to use this field because 'sockfd' is a connected socket. */

           msgh.msg_name = NULL;
           msgh.msg_namelen = 0;

           /* On Linux, we must transmit at least one byte of real data in
              order to send ancillary data. We transmit an arbitrary integer
              whose value is ignored by recvfd(). */

           msgh.msg_iov = &iov;
           msgh.msg_iovlen = 1;
           iov.iov_base = &data;
           iov.iov_len = sizeof(int);
           data = 12345;

           /* Set 'msghdr' fields that describe ancillary data */

           msgh.msg_control = controlMsg.buf;
           msgh.msg_controllen = sizeof(controlMsg.buf);

           /* Set up ancillary data describing file descriptor to send */

           cmsgp = CMSG_FIRSTHDR(&msgh);
           cmsgp->cmsg_level = SOL_SOCKET;
           cmsgp->cmsg_type = SCM_RIGHTS;
           cmsgp->cmsg_len = CMSG_LEN(sizeof(int));
           memcpy(CMSG_DATA(cmsgp), &fd, sizeof(int));

           /* Send real plus ancillary data */

           if (sendmsg(sockfd, &msgh, 0) == -1)
               return -1;

           return 0;
       }

       /* Receive a file descriptor on a connected UNIX domain socket. Returns
          the received file descriptor on success, or -1 on error. */

       static int
       recvfd(int sockfd)
       {
           struct msghdr msgh;
           struct iovec iov;
           int data, fd;
           ssize_t nr;

           /* Allocate a char buffer for the ancillary data. See the comments
              in sendfd() */
           union {
               char   buf[CMSG_SPACE(sizeof(int))];
               struct cmsghdr align;
           } controlMsg;
           struct cmsghdr *cmsgp;

           /* The 'msg_name' field can be used to obtain the address of the
              sending socket. However, we do not need this information. */

           msgh.msg_name = NULL;
           msgh.msg_namelen = 0;

           /* Specify buffer for receiving real data */

           msgh.msg_iov = &iov;
           msgh.msg_iovlen = 1;
           iov.iov_base = &data;       /* Real data is an 'int' */
           iov.iov_len = sizeof(int);

           /* Set 'msghdr' fields that describe ancillary data */

           msgh.msg_control = controlMsg.buf;
           msgh.msg_controllen = sizeof(controlMsg.buf);

           /* Receive real plus ancillary data; real data is ignored */

           nr = recvmsg(sockfd, &msgh, 0);
           if (nr == -1)
               return -1;

           cmsgp = CMSG_FIRSTHDR(&msgh);

           /* Check the validity of the 'cmsghdr' */

           if (cmsgp == NULL ||
                   cmsgp->cmsg_len != CMSG_LEN(sizeof(int)) ||
                   cmsgp->cmsg_level != SOL_SOCKET ||
                   cmsgp->cmsg_type != SCM_RIGHTS) {
               errno = EINVAL;
               return -1;
           }

           /* Return the received file descriptor to our caller */

           memcpy(&fd, CMSG_DATA(cmsgp), sizeof(int));
           return fd;
       }

       static void
       sigchldHandler(int sig)
       {
           char *msg  = "\tS: target has terminated; bye\n";

           write(STDOUT_FILENO, msg, strlen(msg));
           _exit(EXIT_SUCCESS);
       }

       static int
       seccomp(unsigned int operation, unsigned int flags, void *args)
       {
           return syscall(__NR_seccomp, operation, flags, args);
       }

       /* The following is the x86-64-specific BPF boilerplate code for checking
          that the BPF program is running on the right architecture + ABI. At
          completion of these instructions, the accumulator contains the system
          call number. */

       /* For the x32 ABI, all system call numbers have bit 30 set */

       #define X32_SYSCALL_BIT         0x40000000

       #define X86_64_CHECK_ARCH_AND_LOAD_SYSCALL_NR \
               BPF_STMT(BPF_LD | BPF_W | BPF_ABS, \
                       (offsetof(struct seccomp_data, arch))), \
               BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, AUDIT_ARCH_X86_64, 0, 2), \
               BPF_STMT(BPF_LD | BPF_W | BPF_ABS, \
                        (offsetof(struct seccomp_data, nr))), \
               BPF_JUMP(BPF_JMP | BPF_JGE | BPF_K, X32_SYSCALL_BIT, 0, 1), \
               BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_KILL_PROCESS)

       /* installNotifyFilter() installs a seccomp filter that generates
          user-space notifications (SECCOMP_RET_USER_NOTIF) when the process
          calls mkdir(2); the filter allows all other system calls.

          The function return value is a file descriptor from which the
          user-space notifications can be fetched. */

       static int
       installNotifyFilter(void)
       {
           struct sock_filter filter[] = {
               X86_64_CHECK_ARCH_AND_LOAD_SYSCALL_NR,

               /* mkdir() triggers notification to user-space supervisor */

               BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, __NR_mkdir, 0, 1),
               BPF_STMT(BPF_RET + BPF_K, SECCOMP_RET_USER_NOTIF),

               /* Every other system call is allowed */

               BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_ALLOW),
           };

           struct sock_fprog prog = {
               .len = sizeof(filter) / sizeof(filter[0]),
               .filter = filter,
           };

           /* Install the filter with the SECCOMP_FILTER_FLAG_NEW_LISTENER flag;
              as a result, seccomp() returns a notification file descriptor. */

           int notifyFd = seccomp(SECCOMP_SET_MODE_FILTER,
                                  SECCOMP_FILTER_FLAG_NEW_LISTENER, &prog);
           if (notifyFd == -1)
               errExit("seccomp-install-notify-filter");

           return notifyFd;
       }

       /* Close a pair of sockets created by socketpair() */

       static void
       closeSocketPair(int sockPair[2])
       {
           if (close(sockPair[0]) == -1)
               errExit("closeSocketPair-close-0");
           if (close(sockPair[1]) == -1)
               errExit("closeSocketPair-close-1");
       }

       /* Implementation of the target process; create a child process that:

          (1) installs a seccomp filter with the
              SECCOMP_FILTER_FLAG_NEW_LISTENER flag;
          (2) writes the seccomp notification file descriptor returned from
              the previous step onto the UNIX domain socket, 'sockPair[0]';
          (3) calls mkdir(2) for each element of 'argv'.

          The function return value in the parent is the PID of the child
          process; the child does not return from this function. */

       static pid_t
       targetProcess(int sockPair[2], char *argv[])
       {
           pid_t targetPid = fork();
           if (targetPid == -1)
               errExit("fork");

           if (targetPid > 0)          /* In parent, return PID of child */
               return targetPid;

           /* Child falls through to here */

           printf("T: PID = %ld\n", (long) getpid());

           /* Install seccomp filter(s) */

           if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0))
               errExit("prctl");

           int notifyFd = installNotifyFilter();

           /* Pass the notification file descriptor to the tracing process over
              a UNIX domain socket */

           if (sendfd(sockPair[0], notifyFd) == -1)
               errExit("sendfd");

           /* Notification and socket FDs are no longer needed in target */

           if (close(notifyFd) == -1)
               errExit("close-target-notify-fd");

           closeSocketPair(sockPair);

           /* Perform a mkdir() call for each of the command-line arguments */

           for (char **ap = argv; *ap != NULL; ap++) {
               printf("\nT: about to mkdir(\"%s\")\n", *ap);

               int s = mkdir(*ap, 0700);
               if (s == -1)
                   perror("T: ERROR: mkdir(2)");
               else
                   printf("T: SUCCESS: mkdir(2) returned %d\n", s);
           }

           printf("\nT: terminating\n");
           exit(EXIT_SUCCESS);
       }

       /* Check that the notification ID provided by a SECCOMP_IOCTL_NOTIF_RECV
          operation is still valid. It will no longer be valid if the process
          has terminated. This operation can be used when accessing /proc/PID
          files in the target process in order to avoid TOCTOU race conditions
          where the PID that is returned by SECCOMP_IOCTL_NOTIF_RECV terminates
          and is reused by another process. */

       static void
       checkNotificationIdIsValid(int notifyFd, uint64_t id)
       {
           if (ioctl(notifyFd, SECCOMP_IOCTL_NOTIF_ID_VALID, &id) == -1) {
               fprintf(stderr, "\tS: notification ID check: "
                       "target has terminated!!!\n");

               exit(EXIT_FAILURE);
           }
       }

       /* Access the memory of the target process in order to discover the
          pathname that was given to mkdir() */

       static void
       getTargetPathname(struct seccomp_notif *req, int notifyFd,
                         char *path, size_t len)
       {
           char procMemPath[PATH_MAX];
           snprintf(procMemPath, sizeof(procMemPath), "/proc/%d/mem", req->pid);

           int procMemFd = open(procMemPath, O_RDONLY);
           if (procMemFd == -1)
               errExit("Supervisor: open");

           /* Check that the process whose info we are accessing is still alive.
              If the SECCOMP_IOCTL_NOTIF_ID_VALID operation (performed
              in checkNotificationIdIsValid()) succeeds, we know that the
              /proc/PID/mem file descriptor that we opened corresponds to the
              process for which we received a notification. If that process
              subsequently terminates, then read() on that file descriptor
              will return 0 (EOF). */

           checkNotificationIdIsValid(notifyFd, req->id);

           /* Seek to the location containing the pathname argument (i.e., the
              first argument) of the mkdir(2) call and read that pathname */

           if (lseek(procMemFd, req->data.args[0], SEEK_SET) == -1)
               errExit("Supervisor: lseek");

           ssize_t s = read(procMemFd, path, PATH_MAX);
           if (s == -1)
               errExit("read");

           if (s == 0) {
               fprintf(stderr, "\tS: read() of /proc/PID/mem "
                       "returned 0 (EOF)\n");
               exit(EXIT_FAILURE);
           }

           if (close(procMemFd) == -1)
               errExit("close-/proc/PID/mem");
       }

       /* Handle notifications that arrive via the SECCOMP_RET_USER_NOTIF file
          descriptor, 'notifyFd'. */

       static void
       handleNotifications(int notifyFd)
       {
           struct seccomp_notif_sizes sizes;
           char path[PATH_MAX];
               /* For simplicity, we assume that the pathname given to mkdir()
                  is no more than PATH_MAX bytes; but this might not be true. */

           /* Discover the sizes of the structures that are used to receive
              notifications and send notification responses, and allocate
              buffers of those sizes. */

           if (seccomp(SECCOMP_GET_NOTIF_SIZES, 0, &sizes) == -1)
               errExit("\tS: seccomp-SECCOMP_GET_NOTIF_SIZES");

           struct seccomp_notif *req = malloc(sizes.seccomp_notif);
           if (req == NULL)
               errExit("\tS: malloc");

           struct seccomp_notif_resp *resp = malloc(sizes.seccomp_notif_resp);
           if (resp == NULL)
               errExit("\tS: malloc");

           /* Loop handling notifications */

           for (;;) {
               /* Wait for next notification, returning info in '*req' */

               memset(req, 0, sizes.seccomp_notif);
               if (ioctl(notifyFd, SECCOMP_IOCTL_NOTIF_RECV, req) == -1) {
                   if (errno == EINTR)
                       continue;
                   errExit("Supervisor: ioctl-SECCOMP_IOCTL_NOTIF_RECV");
               }

               printf("\tS: got notification (ID %#llx) for PID %d\n",
                       req->id, req->pid);

               /* The only system call that can generate a notification event
                  is mkdir(2). Nevertheless, we check that the notified system
                  call is indeed mkdir() as kind of future-proofing of this
                  code in case the seccomp filter is later modified to
                  generate notifications for other system calls. */

               if (req->data.nr != __NR_mkdir) {
                   printf("\tS: notification contained unexpected "
                           "system call number; bye!!!\n");
                   exit(EXIT_FAILURE);
               }

               getTargetPathname(req, notifyFd, path, sizeof(path));

               /* Prepopulate some fields of the response */

               resp->id = req->id;     /* Response includes notification ID */
               resp->flags = 0;
               resp->val = 0;

               /* If the directory is in /tmp, then create it on behalf of
                  the supervisor; if the pathname starts with '.', tell the
                  kernel to let the target process execute the mkdir();
                  otherwise, give an error for a directory pathname in
                  any other location. */

               if (strncmp(path, "/tmp/", strlen("/tmp/")) == 0) {
                   printf("\tS: executing: mkdir(\"%s\", %#llo)\n",
                           path, req->data.args[1]);

                   if (mkdir(path, req->data.args[1]) == 0) {
                       resp->error = 0;            /* "Success" */
                       resp->val = strlen(path);   /* Used as return value of
                                                      mkdir() in target */
                       printf("\tS: success! spoofed return = %lld\n",
                               resp->val);
                   } else {

                       /* If mkdir() failed in the supervisor, pass the error
                          back to the target */

                       resp->error = -errno;
                       printf("\tS: failure! (errno = %d; %s)\n", errno,
                               strerror(errno));
                   }
                                                            } else if (strncmp(path, "./", strlen("./")) == 0) {
                   resp->error = resp->val = 0;
                   resp->flags = SECCOMP_USER_NOTIF_FLAG_CONTINUE;
                   printf("\tS: target can execute system call\n");
               } else {
                   resp->error = -EOPNOTSUPP;
                   printf("\tS: spoofing error response (%s)\n",
                           strerror(-resp->error));
               }

               /* Send a response to the notification */

               printf("\tS: sending response "
                       "(flags = %#x; val = %lld; error = %d)\n",
                       resp->flags, resp->val, resp->error);

               if (ioctl(notifyFd, SECCOMP_IOCTL_NOTIF_SEND, resp) == -1) {
                   if (errno == ENOENT)
                       printf("\tS: response failed with ENOENT; "
                               "perhaps target process's syscall was "
                               "interrupted by signal?\n");
                   else
                       perror("ioctl-SECCOMP_IOCTL_NOTIF_SEND");
               }

               /* If the pathname is just "/bye", then the supervisor
                  terminates. This allows us to see what happens if the
                  target process makes further calls to mkdir(2). */

               if (strcmp(path, "/bye") == 0) {
                   printf("\tS: terminating **********\n");
                   exit(EXIT_FAILURE);
               }
           }
       }

       /* Implementation of the supervisor process:

          (1) obtains the notification file descriptor from 'sockPair[1]'
          (2) handles notifications that arrive on that file descriptor. */

       static void
       supervisor(int sockPair[2])
       {
           int notifyFd = recvfd(sockPair[1]);
           if (notifyFd == -1)
               errExit("recvfd");

           closeSocketPair(sockPair);  /* We no longer need the socket pair */

           handleNotifications(notifyFd);
       }

       int
       main(int argc, char *argv[])
       {
           int sockPair[2];

           setbuf(stdout, NULL);

           if (argc < 2) {
               fprintf(stderr, "At least one pathname argument is required\n");
               exit(EXIT_FAILURE);
           }

           /* Create a UNIX domain socket that is used to pass the seccomp
              notification file descriptor from the target process to the
              supervisor process. */

           if (socketpair(AF_UNIX, SOCK_STREAM, 0, sockPair) == -1)
               errExit("socketpair");

           /* Create a child process--the "target"--that installs seccomp
              filtering. The target process writes the seccomp notification
              file descriptor onto 'sockPair[0]' and then calls mkdir(2) for
              each directory in the command-line arguments. */

           (void) targetProcess(sockPair, &argv[optind]);

           /* Catch SIGCHLD when the target terminates, so that the
              supervisor can also terminate. */

           struct sigaction sa;
           sa.sa_handler = sigchldHandler;
           sa.sa_flags = 0;
           sigemptyset(&sa.sa_mask);
           if (sigaction(SIGCHLD, &sa, NULL) == -1)
               errExit("sigaction");

           supervisor(sockPair);

           exit(EXIT_SUCCESS);
       }

SEE ALSO
       ioctl(2), seccomp(2)


-- 
Michael Kerrisk
Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/
Linux/UNIX System Programming Training: http://man7.org/training/