From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id C023EC433FE for ; Tue, 15 Mar 2022 22:04:33 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1352107AbiCOWFo (ORCPT ); Tue, 15 Mar 2022 18:05:44 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51260 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234246AbiCOWFl (ORCPT ); Tue, 15 Mar 2022 18:05:41 -0400 Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 8D3B236334; Tue, 15 Mar 2022 15:04:28 -0700 (PDT) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id DAAB51474; Tue, 15 Mar 2022 15:04:27 -0700 (PDT) Received: from [10.57.42.204] (unknown [10.57.42.204]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 2F51D3F66F; Tue, 15 Mar 2022 15:04:26 -0700 (PDT) Message-ID: Date: Tue, 15 Mar 2022 22:04:20 +0000 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Thunderbird/91.6.2 Subject: Re: [PATCH 2/2] thunderbolt: Use pre-boot DMA protection on AMD systems Content-Language: en-GB To: "Limonciello, Mario" , Christoph Hellwig , christian@kellner.me, Mika Westerberg Cc: Michael Jamet , "open list:THUNDERBOLT DRIVER" , open list , Yehezkel Bernat , "open list:AMD IOMMU (AMD-VI)" , Andreas Noever , Will Deacon References: <20220315162455.5190-1-mario.limonciello@amd.com> <20220315162455.5190-2-mario.limonciello@amd.com> <21d33a75-8c0e-7734-b3d1-dbe33cfe0ab0@arm.com> <7d588dfa-aa57-7be1-9cbb-61897f81bf99@amd.com> From: Robin Murphy In-Reply-To: <7d588dfa-aa57-7be1-9cbb-61897f81bf99@amd.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2022-03-15 18:36, Limonciello, Mario wrote: > + Christian Kellner (Bolt userspace maintainer) > > On 3/15/2022 13:07, Robin Murphy wrote: >> On 2022-03-15 16:54, Limonciello, Mario via iommu wrote: >>> [Public] >>> >>> >>>> On Tue, Mar 15, 2022 at 11:24:55AM -0500, Mario Limonciello wrote: >>>>> -     * handled natively using IOMMU. It is enabled when IOMMU is >>>>> -     * enabled and ACPI DMAR table has DMAR_PLATFORM_OPT_IN set. >>>>> +     * handled natively using IOMMU. It is enabled when the IOMMU is >>>>> +     * enabled and either: >>>>> +     * ACPI DMAR table has DMAR_PLATFORM_OPT_IN set >>>>> +     * or >>>>> +     * ACPI IVRS table has DMA_REMAP bitset >>>>>        */ >>>>>       return sprintf(buf, "%d\n", >>>>> -               iommu_present(&pci_bus_type) && >>>> dmar_platform_optin()); >>>>> +               iommu_present(&pci_bus_type) && >>>>> +               (dmar_platform_optin() || amd_ivrs_remap_support())); >>>> >>>> Yikes.  No, the thunderbot code does not have any business poking into >>>> either dmar_platform_optin or amd_ivrs_remap_support.  This needs >>>> a proper abstration from the IOMMU code. >>> >>> To make sure I follow your ask - it's to make a new generic iommu >>> function >>> That would check dmar/ivrs, and switch out thunderbolt domain.c to >>> use the >>> symbol? >>> >>> I'm happy to rework that if that is what you want. >>> Do you have a preferred proposed function name for that? >> >> But why? Either IOMMU translation is enabled or it isn't, and if it >> is, what's to gain from guessing at *why* it might have been? And even >> if the IOMMU's firmware table did tell the IOMMU driver to enable the >> IOMMU, why should that be Thunderbolt's business? > A lot of this comes from baggage from early Thunderbolt 3 implementation > on systems with ICM (Intel's FW CM). On those systems there was a > concept of "Security Levels".  This meant that downstream PCIe devices > were not automatically authorized when a TBT3 device was plugged in.  In > those cases there was no guarantee that the IOMMU was in use and so the > security was passed on to the user to make a decision. > > In Linux this was accomplished using the 'authorized' attribute in > /sys/bus/thunderbolt/devices/$NUM/authorized.  When this was set to 1 > then the TBT3 device and PCIe topology behind it would be enumerated. > > Further documentation explaining how this works is available here: > https://www.kernel.org/doc/html/latest/admin-guide/thunderbolt.html#security-levels-and-how-to-use-them > > > (Intel based) Platforms from 2018+ w/ TBT3 started to use the IOMMU > consistently at runtime but had this existing implementation of security > levels to worry about.  Furthermore tunnels could be created pre-boot, > and so the thunderbolt driver may or may not re-create them based on > policy. > > So a new attribute was created "iommu_dma_protection" that userspace > could use as part of a policy decision to automatically authorize > devices.  Exporting this attribute is very similar to what Microsoft > does to let the user see the security of the system. > > https://docs.microsoft.com/en-us/windows-hardware/design/device-experiences/oem-kernel-dma-protection > > > In Linux today some userspace software "bolt" has a policy included by > default that will automatically authorize TBT3 and USB4 (w/ PCIe) > devices when iommu_dma_protection is set to 1. > >> >> Furthermore, looking at patch #1 I can only conclude that this is >> entirely meaningless anyway. AFAICS it's literally reporting whether >> the firmware flag was set or not. Not whether it's actually been >> honoured and the IOMMU is enforcing any kind of DMA protection at all. >> Even on Intel where the flag does at least have some effect on the >> IOMMU driver, that can still be overridden. > > Take a look at the Microsoft link I shared above.  They also make policy > decisions based on the information in these tables. > >> >> I already have a patch refactoring this to get rid of iommu_present(), >> but at the time I wasn't looking to closely at what it's trying to >> *do* with the information. If it's supposed to accurately reflect >> whether the Thunderbolt device is subject to IOMMU translation and not >> bypassed, I can fix that too (and unexport dmar_platform_optin() in >> the process...) >> >> Robin. > > This patch series stems from that history.  To give the best experience > to end users you want hotplugged devices to be automatically authorized > when software says it's safe to do so. > > To summarize the flow: > * User plugs in device > * USB4 CM will query supported tunnels > * USB4 CM will create devices in /sys/bus/thunderbolt/devices for new > plugged in TBT3/USB4 device > * "authorized" attribute will default to "0" and PCIe tunnels are not > created > * Userspace gets a uevent that the device was added > * Userspace (bolt) reacts by reading > /sys/bus/thunderbolt/devices/domainX/iommu_dma_protection > * If that is set to "1", bolt will write "1" to "authorized"  and USB4 > CM will create PCIe tunnels > * If that is set to "0", bolt will send an event to GUI to show a popup > asking to authorize the device > * After user acks the authorization then it will write "1" to > "authorized" and USB4 CM will create PCIe tunnels > > > Mika, > > I wonder if maybe what we really want is to only use that flow for the > authorized attribute when using TBT3 + ICM (or IOMMU disabled at > runtime).  If we're using a USB4 host, check IOMMU translation layer > active like Robin suggested and then automatically authorize from the CM. Thanks for the explanation. I don't think there's anything wrong with that flow per se - fundamentally, whether it's relayed through userspace or done automagically inside the kernel doesn't change the end result - but it does seem to confirm my suspicion that even now it's not actually working as intended and may end up letting devices be authorised in circumstances that they probably shouldn't be. It's absolutely fine for Thunderbolt to care about whether a device currently has IOMMU translation enabled (and to expose that to userspace in its own way if it wants to), but that's generic IOMMU API stuff, no firmware-poking required :) Tomorrow I'll rework the patch out of my iommu_present() cleanup stack to do the right thing, and share it. Cheers, Robin. From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from smtp2.osuosl.org (smtp2.osuosl.org [140.211.166.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id A0DE5C433EF for ; Tue, 15 Mar 2022 22:04:33 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp2.osuosl.org (Postfix) with ESMTP id 37CFA40525; Tue, 15 Mar 2022 22:04:33 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp2.osuosl.org ([127.0.0.1]) by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tRzlGuqHj_CS; Tue, 15 Mar 2022 22:04:32 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by smtp2.osuosl.org (Postfix) with ESMTPS id BE1364053E; Tue, 15 Mar 2022 22:04:31 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 82B9AC001D; Tue, 15 Mar 2022 22:04:31 +0000 (UTC) Received: from smtp4.osuosl.org (smtp4.osuosl.org [140.211.166.137]) by lists.linuxfoundation.org (Postfix) with ESMTP id 376BEC0012 for ; Tue, 15 Mar 2022 22:04:30 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id 2646D416D0 for ; Tue, 15 Mar 2022 22:04:30 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pOtjNlB8fEE9 for ; Tue, 15 Mar 2022 22:04:29 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0 Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by smtp4.osuosl.org (Postfix) with ESMTP id EEC31403F5 for ; Tue, 15 Mar 2022 22:04:28 +0000 (UTC) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id DAAB51474; Tue, 15 Mar 2022 15:04:27 -0700 (PDT) Received: from [10.57.42.204] (unknown [10.57.42.204]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 2F51D3F66F; Tue, 15 Mar 2022 15:04:26 -0700 (PDT) Message-ID: Date: Tue, 15 Mar 2022 22:04:20 +0000 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Thunderbird/91.6.2 Subject: Re: [PATCH 2/2] thunderbolt: Use pre-boot DMA protection on AMD systems Content-Language: en-GB To: "Limonciello, Mario" , Christoph Hellwig , christian@kellner.me, Mika Westerberg References: <20220315162455.5190-1-mario.limonciello@amd.com> <20220315162455.5190-2-mario.limonciello@amd.com> <21d33a75-8c0e-7734-b3d1-dbe33cfe0ab0@arm.com> <7d588dfa-aa57-7be1-9cbb-61897f81bf99@amd.com> From: Robin Murphy In-Reply-To: <7d588dfa-aa57-7be1-9cbb-61897f81bf99@amd.com> Cc: Michael Jamet , "open list:THUNDERBOLT DRIVER" , open list , Andreas Noever , "open list:AMD IOMMU \(AMD-VI\)" , Yehezkel Bernat , Will Deacon X-BeenThere: iommu@lists.linux-foundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Development issues for Linux IOMMU support List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: base64 Content-Type: text/plain; charset="utf-8"; Format="flowed" Errors-To: iommu-bounces@lists.linux-foundation.org Sender: "iommu" T24gMjAyMi0wMy0xNSAxODozNiwgTGltb25jaWVsbG8sIE1hcmlvIHdyb3RlOgo+ICsgQ2hyaXN0 aWFuIEtlbGxuZXIgKEJvbHQgdXNlcnNwYWNlIG1haW50YWluZXIpCj4gCj4gT24gMy8xNS8yMDIy IDEzOjA3LCBSb2JpbiBNdXJwaHkgd3JvdGU6Cj4+IE9uIDIwMjItMDMtMTUgMTY6NTQsIExpbW9u Y2llbGxvLCBNYXJpbyB2aWEgaW9tbXUgd3JvdGU6Cj4+PiBbUHVibGljXQo+Pj4KPj4+Cj4+Pj4g T24gVHVlLCBNYXIgMTUsIDIwMjIgYXQgMTE6MjQ6NTVBTSAtMDUwMCwgTWFyaW8gTGltb25jaWVs bG8gd3JvdGU6Cj4+Pj4+IC3CoMKgwqDCoCAqIGhhbmRsZWQgbmF0aXZlbHkgdXNpbmcgSU9NTVUu IEl0IGlzIGVuYWJsZWQgd2hlbiBJT01NVSBpcwo+Pj4+PiAtwqDCoMKgwqAgKiBlbmFibGVkIGFu ZCBBQ1BJIERNQVIgdGFibGUgaGFzIERNQVJfUExBVEZPUk1fT1BUX0lOIHNldC4KPj4+Pj4gK8Kg wqDCoMKgICogaGFuZGxlZCBuYXRpdmVseSB1c2luZyBJT01NVS4gSXQgaXMgZW5hYmxlZCB3aGVu IHRoZSBJT01NVSBpcwo+Pj4+PiArwqDCoMKgwqAgKiBlbmFibGVkIGFuZCBlaXRoZXI6Cj4+Pj4+ ICvCoMKgwqDCoCAqIEFDUEkgRE1BUiB0YWJsZSBoYXMgRE1BUl9QTEFURk9STV9PUFRfSU4gc2V0 Cj4+Pj4+ICvCoMKgwqDCoCAqIG9yCj4+Pj4+ICvCoMKgwqDCoCAqIEFDUEkgSVZSUyB0YWJsZSBo YXMgRE1BX1JFTUFQIGJpdHNldAo+Pj4+PiDCoMKgwqDCoMKgwqAgKi8KPj4+Pj4gwqDCoMKgwqDC oCByZXR1cm4gc3ByaW50ZihidWYsICIlZFxuIiwKPj4+Pj4gLcKgwqDCoMKgwqDCoMKgwqDCoMKg wqDCoMKgwqAgaW9tbXVfcHJlc2VudCgmcGNpX2J1c190eXBlKSAmJgo+Pj4+IGRtYXJfcGxhdGZv cm1fb3B0aW4oKSk7Cj4+Pj4+ICvCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgIGlvbW11X3By ZXNlbnQoJnBjaV9idXNfdHlwZSkgJiYKPj4+Pj4gK8KgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKg wqAgKGRtYXJfcGxhdGZvcm1fb3B0aW4oKSB8fCBhbWRfaXZyc19yZW1hcF9zdXBwb3J0KCkpKTsK Pj4+Pgo+Pj4+IFlpa2VzLsKgIE5vLCB0aGUgdGh1bmRlcmJvdCBjb2RlIGRvZXMgbm90IGhhdmUg YW55IGJ1c2luZXNzIHBva2luZyBpbnRvCj4+Pj4gZWl0aGVyIGRtYXJfcGxhdGZvcm1fb3B0aW4g b3IgYW1kX2l2cnNfcmVtYXBfc3VwcG9ydC7CoCBUaGlzIG5lZWRzCj4+Pj4gYSBwcm9wZXIgYWJz dHJhdGlvbiBmcm9tIHRoZSBJT01NVSBjb2RlLgo+Pj4KPj4+IFRvIG1ha2Ugc3VyZSBJIGZvbGxv dyB5b3VyIGFzayAtIGl0J3MgdG8gbWFrZSBhIG5ldyBnZW5lcmljIGlvbW11IAo+Pj4gZnVuY3Rp b24KPj4+IFRoYXQgd291bGQgY2hlY2sgZG1hci9pdnJzLCBhbmQgc3dpdGNoIG91dCB0aHVuZGVy Ym9sdCBkb21haW4uYyB0byAKPj4+IHVzZSB0aGUKPj4+IHN5bWJvbD8KPj4+Cj4+PiBJJ20gaGFw cHkgdG8gcmV3b3JrIHRoYXQgaWYgdGhhdCBpcyB3aGF0IHlvdSB3YW50Lgo+Pj4gRG8geW91IGhh dmUgYSBwcmVmZXJyZWQgcHJvcG9zZWQgZnVuY3Rpb24gbmFtZSBmb3IgdGhhdD8KPj4KPj4gQnV0 IHdoeT8gRWl0aGVyIElPTU1VIHRyYW5zbGF0aW9uIGlzIGVuYWJsZWQgb3IgaXQgaXNuJ3QsIGFu ZCBpZiBpdCAKPj4gaXMsIHdoYXQncyB0byBnYWluIGZyb20gZ3Vlc3NpbmcgYXQgKndoeSogaXQg bWlnaHQgaGF2ZSBiZWVuPyBBbmQgZXZlbiAKPj4gaWYgdGhlIElPTU1VJ3MgZmlybXdhcmUgdGFi bGUgZGlkIHRlbGwgdGhlIElPTU1VIGRyaXZlciB0byBlbmFibGUgdGhlIAo+PiBJT01NVSwgd2h5 IHNob3VsZCB0aGF0IGJlIFRodW5kZXJib2x0J3MgYnVzaW5lc3M/Cj4gQSBsb3Qgb2YgdGhpcyBj b21lcyBmcm9tIGJhZ2dhZ2UgZnJvbSBlYXJseSBUaHVuZGVyYm9sdCAzIGltcGxlbWVudGF0aW9u IAo+IG9uIHN5c3RlbXMgd2l0aCBJQ00gKEludGVsJ3MgRlcgQ00pLiBPbiB0aG9zZSBzeXN0ZW1z IHRoZXJlIHdhcyBhIAo+IGNvbmNlcHQgb2YgIlNlY3VyaXR5IExldmVscyIuwqAgVGhpcyBtZWFu dCB0aGF0IGRvd25zdHJlYW0gUENJZSBkZXZpY2VzIAo+IHdlcmUgbm90IGF1dG9tYXRpY2FsbHkg YXV0aG9yaXplZCB3aGVuIGEgVEJUMyBkZXZpY2Ugd2FzIHBsdWdnZWQgaW4uwqAgSW4gCj4gdGhv c2UgY2FzZXMgdGhlcmUgd2FzIG5vIGd1YXJhbnRlZSB0aGF0IHRoZSBJT01NVSB3YXMgaW4gdXNl IGFuZCBzbyB0aGUgCj4gc2VjdXJpdHkgd2FzIHBhc3NlZCBvbiB0byB0aGUgdXNlciB0byBtYWtl IGEgZGVjaXNpb24uCj4gCj4gSW4gTGludXggdGhpcyB3YXMgYWNjb21wbGlzaGVkIHVzaW5nIHRo ZSAnYXV0aG9yaXplZCcgYXR0cmlidXRlIGluIAo+IC9zeXMvYnVzL3RodW5kZXJib2x0L2Rldmlj ZXMvJE5VTS9hdXRob3JpemVkLsKgIFdoZW4gdGhpcyB3YXMgc2V0IHRvIDEgCj4gdGhlbiB0aGUg VEJUMyBkZXZpY2UgYW5kIFBDSWUgdG9wb2xvZ3kgYmVoaW5kIGl0IHdvdWxkIGJlIGVudW1lcmF0 ZWQuCj4gCj4gRnVydGhlciBkb2N1bWVudGF0aW9uIGV4cGxhaW5pbmcgaG93IHRoaXMgd29ya3Mg aXMgYXZhaWxhYmxlIGhlcmU6Cj4gaHR0cHM6Ly93d3cua2VybmVsLm9yZy9kb2MvaHRtbC9sYXRl c3QvYWRtaW4tZ3VpZGUvdGh1bmRlcmJvbHQuaHRtbCNzZWN1cml0eS1sZXZlbHMtYW5kLWhvdy10 by11c2UtdGhlbSAKPiAKPiAKPiAoSW50ZWwgYmFzZWQpIFBsYXRmb3JtcyBmcm9tIDIwMTgrIHcv IFRCVDMgc3RhcnRlZCB0byB1c2UgdGhlIElPTU1VIAo+IGNvbnNpc3RlbnRseSBhdCBydW50aW1l IGJ1dCBoYWQgdGhpcyBleGlzdGluZyBpbXBsZW1lbnRhdGlvbiBvZiBzZWN1cml0eSAKPiBsZXZl bHMgdG8gd29ycnkgYWJvdXQuwqAgRnVydGhlcm1vcmUgdHVubmVscyBjb3VsZCBiZSBjcmVhdGVk IHByZS1ib290LCAKPiBhbmQgc28gdGhlIHRodW5kZXJib2x0IGRyaXZlciBtYXkgb3IgbWF5IG5v dCByZS1jcmVhdGUgdGhlbSBiYXNlZCBvbiAKPiBwb2xpY3kuCj4gCj4gU28gYSBuZXcgYXR0cmli dXRlIHdhcyBjcmVhdGVkICJpb21tdV9kbWFfcHJvdGVjdGlvbiIgdGhhdCB1c2Vyc3BhY2UgCj4g Y291bGQgdXNlIGFzIHBhcnQgb2YgYSBwb2xpY3kgZGVjaXNpb24gdG8gYXV0b21hdGljYWxseSBh dXRob3JpemUgCj4gZGV2aWNlcy7CoCBFeHBvcnRpbmcgdGhpcyBhdHRyaWJ1dGUgaXMgdmVyeSBz aW1pbGFyIHRvIHdoYXQgTWljcm9zb2Z0IAo+IGRvZXMgdG8gbGV0IHRoZSB1c2VyIHNlZSB0aGUg c2VjdXJpdHkgb2YgdGhlIHN5c3RlbS4KPiAKPiBodHRwczovL2RvY3MubWljcm9zb2Z0LmNvbS9l bi11cy93aW5kb3dzLWhhcmR3YXJlL2Rlc2lnbi9kZXZpY2UtZXhwZXJpZW5jZXMvb2VtLWtlcm5l bC1kbWEtcHJvdGVjdGlvbiAKPiAKPiAKPiBJbiBMaW51eCB0b2RheSBzb21lIHVzZXJzcGFjZSBz b2Z0d2FyZSAiYm9sdCIgaGFzIGEgcG9saWN5IGluY2x1ZGVkIGJ5Cj4gZGVmYXVsdCB0aGF0IHdp bGwgYXV0b21hdGljYWxseSBhdXRob3JpemUgVEJUMyBhbmQgVVNCNCAody8gUENJZSkgCj4gZGV2 aWNlcyB3aGVuIGlvbW11X2RtYV9wcm90ZWN0aW9uIGlzIHNldCB0byAxLgo+IAo+Pgo+PiBGdXJ0 aGVybW9yZSwgbG9va2luZyBhdCBwYXRjaCAjMSBJIGNhbiBvbmx5IGNvbmNsdWRlIHRoYXQgdGhp cyBpcyAKPj4gZW50aXJlbHkgbWVhbmluZ2xlc3MgYW55d2F5LiBBRkFJQ1MgaXQncyBsaXRlcmFs bHkgcmVwb3J0aW5nIHdoZXRoZXIgCj4+IHRoZSBmaXJtd2FyZSBmbGFnIHdhcyBzZXQgb3Igbm90 LiBOb3Qgd2hldGhlciBpdCdzIGFjdHVhbGx5IGJlZW4gCj4+IGhvbm91cmVkIGFuZCB0aGUgSU9N TVUgaXMgZW5mb3JjaW5nIGFueSBraW5kIG9mIERNQSBwcm90ZWN0aW9uIGF0IGFsbC4gCj4+IEV2 ZW4gb24gSW50ZWwgd2hlcmUgdGhlIGZsYWcgZG9lcyBhdCBsZWFzdCBoYXZlIHNvbWUgZWZmZWN0 IG9uIHRoZSAKPj4gSU9NTVUgZHJpdmVyLCB0aGF0IGNhbiBzdGlsbCBiZSBvdmVycmlkZGVuLgo+ IAo+IFRha2UgYSBsb29rIGF0IHRoZSBNaWNyb3NvZnQgbGluayBJIHNoYXJlZCBhYm92ZS7CoCBU aGV5IGFsc28gbWFrZSBwb2xpY3kKPiBkZWNpc2lvbnMgYmFzZWQgb24gdGhlIGluZm9ybWF0aW9u IGluIHRoZXNlIHRhYmxlcy4KPiAKPj4KPj4gSSBhbHJlYWR5IGhhdmUgYSBwYXRjaCByZWZhY3Rv cmluZyB0aGlzIHRvIGdldCByaWQgb2YgaW9tbXVfcHJlc2VudCgpLCAKPj4gYnV0IGF0IHRoZSB0 aW1lIEkgd2Fzbid0IGxvb2tpbmcgdG8gY2xvc2VseSBhdCB3aGF0IGl0J3MgdHJ5aW5nIHRvIAo+ PiAqZG8qIHdpdGggdGhlIGluZm9ybWF0aW9uLiBJZiBpdCdzIHN1cHBvc2VkIHRvIGFjY3VyYXRl bHkgcmVmbGVjdCAKPj4gd2hldGhlciB0aGUgVGh1bmRlcmJvbHQgZGV2aWNlIGlzIHN1YmplY3Qg dG8gSU9NTVUgdHJhbnNsYXRpb24gYW5kIG5vdCAKPj4gYnlwYXNzZWQsIEkgY2FuIGZpeCB0aGF0 IHRvbyAoYW5kIHVuZXhwb3J0IGRtYXJfcGxhdGZvcm1fb3B0aW4oKSBpbiAKPj4gdGhlIHByb2Nl c3MuLi4pCj4+Cj4+IFJvYmluLgo+IAo+IFRoaXMgcGF0Y2ggc2VyaWVzIHN0ZW1zIGZyb20gdGhh dCBoaXN0b3J5LsKgIFRvIGdpdmUgdGhlIGJlc3QgZXhwZXJpZW5jZSAKPiB0byBlbmQgdXNlcnMg eW91IHdhbnQgaG90cGx1Z2dlZCBkZXZpY2VzIHRvIGJlIGF1dG9tYXRpY2FsbHkgYXV0aG9yaXpl ZCAKPiB3aGVuIHNvZnR3YXJlIHNheXMgaXQncyBzYWZlIHRvIGRvIHNvLgo+IAo+IFRvIHN1bW1h cml6ZSB0aGUgZmxvdzoKPiAqIFVzZXIgcGx1Z3MgaW4gZGV2aWNlCj4gKiBVU0I0IENNIHdpbGwg cXVlcnkgc3VwcG9ydGVkIHR1bm5lbHMKPiAqIFVTQjQgQ00gd2lsbCBjcmVhdGUgZGV2aWNlcyBp biAvc3lzL2J1cy90aHVuZGVyYm9sdC9kZXZpY2VzIGZvciBuZXcgCj4gcGx1Z2dlZCBpbiBUQlQz L1VTQjQgZGV2aWNlCj4gKiAiYXV0aG9yaXplZCIgYXR0cmlidXRlIHdpbGwgZGVmYXVsdCB0byAi MCIgYW5kIFBDSWUgdHVubmVscyBhcmUgbm90IAo+IGNyZWF0ZWQKPiAqIFVzZXJzcGFjZSBnZXRz IGEgdWV2ZW50IHRoYXQgdGhlIGRldmljZSB3YXMgYWRkZWQKPiAqIFVzZXJzcGFjZSAoYm9sdCkg cmVhY3RzIGJ5IHJlYWRpbmcgCj4gL3N5cy9idXMvdGh1bmRlcmJvbHQvZGV2aWNlcy9kb21haW5Y L2lvbW11X2RtYV9wcm90ZWN0aW9uCj4gKiBJZiB0aGF0IGlzIHNldCB0byAiMSIsIGJvbHQgd2ls bCB3cml0ZSAiMSIgdG8gImF1dGhvcml6ZWQiwqAgYW5kIFVTQjQgCj4gQ00gd2lsbCBjcmVhdGUg UENJZSB0dW5uZWxzCj4gKiBJZiB0aGF0IGlzIHNldCB0byAiMCIsIGJvbHQgd2lsbCBzZW5kIGFu IGV2ZW50IHRvIEdVSSB0byBzaG93IGEgcG9wdXAgCj4gYXNraW5nIHRvIGF1dGhvcml6ZSB0aGUg ZGV2aWNlCj4gKiBBZnRlciB1c2VyIGFja3MgdGhlIGF1dGhvcml6YXRpb24gdGhlbiBpdCB3aWxs IHdyaXRlICIxIiB0byAKPiAiYXV0aG9yaXplZCIgYW5kIFVTQjQgQ00gd2lsbCBjcmVhdGUgUENJ ZSB0dW5uZWxzCj4gCj4gCj4gTWlrYSwKPiAKPiBJIHdvbmRlciBpZiBtYXliZSB3aGF0IHdlIHJl YWxseSB3YW50IGlzIHRvIG9ubHkgdXNlIHRoYXQgZmxvdyBmb3IgdGhlIAo+IGF1dGhvcml6ZWQg YXR0cmlidXRlIHdoZW4gdXNpbmcgVEJUMyArIElDTSAob3IgSU9NTVUgZGlzYWJsZWQgYXQgCj4g cnVudGltZSkuwqAgSWYgd2UncmUgdXNpbmcgYSBVU0I0IGhvc3QsIGNoZWNrIElPTU1VIHRyYW5z bGF0aW9uIGxheWVyIAo+IGFjdGl2ZSBsaWtlIFJvYmluIHN1Z2dlc3RlZCBhbmQgdGhlbiBhdXRv bWF0aWNhbGx5IGF1dGhvcml6ZSBmcm9tIHRoZSBDTS4KClRoYW5rcyBmb3IgdGhlIGV4cGxhbmF0 aW9uLiBJIGRvbid0IHRoaW5rIHRoZXJlJ3MgYW55dGhpbmcgd3Jvbmcgd2l0aCAKdGhhdCBmbG93 IHBlciBzZSAtIGZ1bmRhbWVudGFsbHksIHdoZXRoZXIgaXQncyByZWxheWVkIHRocm91Z2ggdXNl cnNwYWNlIApvciBkb25lIGF1dG9tYWdpY2FsbHkgaW5zaWRlIHRoZSBrZXJuZWwgZG9lc24ndCBj aGFuZ2UgdGhlIGVuZCByZXN1bHQgLSAKYnV0IGl0IGRvZXMgc2VlbSB0byBjb25maXJtIG15IHN1 c3BpY2lvbiB0aGF0IGV2ZW4gbm93IGl0J3Mgbm90IGFjdHVhbGx5IAp3b3JraW5nIGFzIGludGVu ZGVkIGFuZCBtYXkgZW5kIHVwIGxldHRpbmcgZGV2aWNlcyBiZSBhdXRob3Jpc2VkIGluIApjaXJj dW1zdGFuY2VzIHRoYXQgdGhleSBwcm9iYWJseSBzaG91bGRuJ3QgYmUuCgpJdCdzIGFic29sdXRl bHkgZmluZSBmb3IgVGh1bmRlcmJvbHQgdG8gY2FyZSBhYm91dCB3aGV0aGVyIGEgZGV2aWNlIApj dXJyZW50bHkgaGFzIElPTU1VIHRyYW5zbGF0aW9uIGVuYWJsZWQgKGFuZCB0byBleHBvc2UgdGhh dCB0byB1c2Vyc3BhY2UgCmluIGl0cyBvd24gd2F5IGlmIGl0IHdhbnRzIHRvKSwgYnV0IHRoYXQn cyBnZW5lcmljIElPTU1VIEFQSSBzdHVmZiwgbm8gCmZpcm13YXJlLXBva2luZyByZXF1aXJlZCA6 KQoKVG9tb3Jyb3cgSSdsbCByZXdvcmsgdGhlIHBhdGNoIG91dCBvZiBteSBpb21tdV9wcmVzZW50 KCkgY2xlYW51cCBzdGFjayAKdG8gZG8gdGhlIHJpZ2h0IHRoaW5nLCBhbmQgc2hhcmUgaXQuCgpD aGVlcnMsClJvYmluLgpfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fXwppb21tdSBtYWlsaW5nIGxpc3QKaW9tbXVAbGlzdHMubGludXgtZm91bmRhdGlvbi5vcmcK aHR0cHM6Ly9saXN0cy5saW51eGZvdW5kYXRpb24ub3JnL21haWxtYW4vbGlzdGluZm8vaW9tbXU=