From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=j7Hi=ME=vger.kernel.org=linux-kernel-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-3.8 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS,
	MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_PASS autolearn=ham autolearn_force=no
	version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id B461BC433F4
	for <linux-kernel@archiver.kernel.org>; Sat, 22 Sep 2018 00:21:27 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.kernel.org (Postfix) with ESMTP id 6327A2157C
	for <linux-kernel@archiver.kernel.org>; Sat, 22 Sep 2018 00:21:27 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 6327A2157C
Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=decadent.org.uk
Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S2392150AbeIVGMn (ORCPT
        <rfc822;linux-kernel@archiver.kernel.org>);
        Sat, 22 Sep 2018 02:12:43 -0400
Received: from shadbolt.e.decadent.org.uk ([88.96.1.126]:44277 "EHLO
        shadbolt.e.decadent.org.uk" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S2391974AbeIVGKt (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sat, 22 Sep 2018 02:10:49 -0400
Received: from [2a02:8011:400e:2:cbab:f00:c93f:614] (helo=deadeye)
        by shadbolt.decadent.org.uk with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
        (Exim 4.84_2)
        (envelope-from <ben@decadent.org.uk>)
        id 1g3Vdy-0008BS-53; Sat, 22 Sep 2018 01:19:30 +0100
Received: from ben by deadeye with local (Exim 4.91)
        (envelope-from <ben@decadent.org.uk>)
        id 1g3Vdo-0000sq-Eo; Sat, 22 Sep 2018 01:19:20 +0100
Content-Type: text/plain; charset="UTF-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
MIME-Version: 1.0
From:   Ben Hutchings <ben@decadent.org.uk>
To:     linux-kernel@vger.kernel.org, stable@vger.kernel.org
CC:     akpm@linux-foundation.org, "H. Peter Anvin" <hpa@zytor.com>,
        "Dave Hansen" <dave.hansen@linux.intel.com>,
        "Greg KH" <gregkh@linuxfoundation.org>,
        "Ingo Molnar" <mingo@kernel.org>,
        "Andy Lutomirski" <luto@kernel.org>,
        "Brian Gerst" <brgerst@gmail.com>,
        "Josh Poimboeuf" <jpoimboe@redhat.com>,
        "Juergen Gross" <jgross@suse.com>,
        "Peter Zijlstra" <peterz@infradead.org>,
        "Denys Vlasenko" <dvlasenk@redhat.com>,
        "Dominik Brodowski" <linux@dominikbrodowski.net>,
        "Boris Ostrovsky" <boris.ostrovsky@oracle.com>,
        xen-devel@lists.xenproject.org,
        "Thomas Gleixner" <tglx@linutronix.de>,
        "Linus Torvalds" <torvalds@linux-foundation.org>,
        "Borislav Petkov" <bp@alien8.de>
Date:   Sat, 22 Sep 2018 01:15:42 +0100
Message-ID: <lsq.1537575342.497004293@decadent.org.uk>
X-Mailer: LinuxStableQueue (scripts by bwh)
Subject: [PATCH 3.16 39/63] x86/entry/64: Remove %ebx handling from
 error_entry/exit
In-Reply-To: <lsq.1537575341.194909669@decadent.org.uk>
X-SA-Exim-Connect-IP: 2a02:8011:400e:2:cbab:f00:c93f:614
X-SA-Exim-Mail-From: ben@decadent.org.uk
X-SA-Exim-Scanned: No (on shadbolt.decadent.org.uk); SAEximRunCond expanded to false
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

3.16.58-rc1 review patch.  If anyone has any objections, please let me know.

------------------

From: Andy Lutomirski <luto@kernel.org>

commit b3681dd548d06deb2e1573890829dff4b15abf46 upstream.

error_entry and error_exit communicate the user vs. kernel status of
the frame using %ebx.  This is unnecessary -- the information is in
regs->cs.  Just use regs->cs.

This makes error_entry simpler and makes error_exit more robust.

It also fixes a nasty bug.  Before all the Spectre nonsense, the
xen_failsafe_callback entry point returned like this:

        ALLOC_PT_GPREGS_ON_STACK
        SAVE_C_REGS
        SAVE_EXTRA_REGS
        ENCODE_FRAME_POINTER
        jmp     error_exit

And it did not go through error_entry.  This was bogus: RBX
contained garbage, and error_exit expected a flag in RBX.

Fortunately, it generally contained *nonzero* garbage, so the
correct code path was used.  As part of the Spectre fixes, code was
added to clear RBX to mitigate certain speculation attacks.  Now,
depending on kernel configuration, RBX got zeroed and, when running
some Wine workloads, the kernel crashes.  This was introduced by:

    commit 3ac6d8c787b8 ("x86/entry/64: Clear registers for exceptions/interrupts, to reduce speculation attack surface")

With this patch applied, RBX is no longer needed as a flag, and the
problem goes away.

I suspect that malicious userspace could use this bug to crash the
kernel even without the offending patch applied, though.

[ Historical note: I wrote this patch as a cleanup before I was aware
  of the bug it fixed. ]

[ Note to stable maintainers: this should probably get applied to all
  kernels.  If you're nervous about that, a more conservative fix to
  add xorl %ebx,%ebx; incl %ebx before the jump to error_exit should
  also fix the problem. ]

Reported-and-tested-by: M. Vefa Bicakci <m.v.b@runbox.com>
Signed-off-by: Andy Lutomirski <luto@kernel.org>
Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: Dave Hansen <dave.hansen@linux.intel.com>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: Dominik Brodowski <linux@dominikbrodowski.net>
Cc: Greg KH <gregkh@linuxfoundation.org>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Juergen Gross <jgross@suse.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: xen-devel@lists.xenproject.org
Fixes: 3ac6d8c787b8 ("x86/entry/64: Clear registers for exceptions/interrupts, to reduce speculation attack surface")
Link: http://lkml.kernel.org/r/b5010a090d3586b2d6e06c7ad3ec5542d1241c45.1532282627.git.luto@kernel.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
[bwh: Backported to 3.16:
 - error_exit moved EBX to EAX before testing it, so delete both instructions
 - error_exit does RESTORE_REST earlier, so adjust the offset to saved CS
   accordingly
 - Drop inapplicable comment changes
 - Adjust filename, context]
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
---
--- a/arch/x86/kernel/entry_64.S
+++ b/arch/x86/kernel/entry_64.S
@@ -1135,7 +1135,7 @@ ENTRY(\sym)
 	.if \paranoid
 	jmp paranoid_exit		/* %ebx: no swapgs flag */
 	.else
-	jmp error_exit			/* %ebx: no swapgs flag */
+	jmp error_exit
 	.endif
 
 	CFI_ENDPROC
@@ -1411,7 +1411,6 @@ END(paranoid_exit)
 
 /*
  * Exception entry point. This expects an error code/orig_rax on the stack.
- * returns in "no swapgs flag" in %ebx.
  */
 ENTRY(error_entry)
 	XCPT_FRAME
@@ -1440,7 +1439,6 @@ ENTRY(error_entry)
 	 * the kernel CR3 here.
 	 */
 	SWITCH_KERNEL_CR3
-	xorl %ebx,%ebx
 	testl $3,CS+8(%rsp)
 	je error_kernelspace
 error_swapgs:
@@ -1456,7 +1454,6 @@ error_sti:
  * for these here too.
  */
 error_kernelspace:
-	incl %ebx
 	leaq native_irq_return_iret(%rip),%rcx
 	cmpq %rcx,RIP+8(%rsp)
 	je error_bad_iret
@@ -1477,22 +1474,18 @@ error_bad_iret:
 	mov %rsp,%rdi
 	call fixup_bad_iret
 	mov %rax,%rsp
-	decl %ebx	/* Return to usergs */
 	jmp error_sti
 	CFI_ENDPROC
 END(error_entry)
 
-
-/* ebx:	no swapgs flag (1: don't need swapgs, 0: need it) */
 ENTRY(error_exit)
 	DEFAULT_FRAME
-	movl %ebx,%eax
 	RESTORE_REST
 	DISABLE_INTERRUPTS(CLBR_NONE)
 	TRACE_IRQS_OFF
 	GET_THREAD_INFO(%rcx)
-	testl %eax,%eax
-	jne retint_kernel
+	testb	$3, CS-ARGOFFSET(%rsp)
+	jz	retint_kernel
 	LOCKDEP_SYS_EXIT_IRQ
 	movl TI_flags(%rcx),%edx
 	movl $_TIF_WORK_MASK,%edi


From mboxrd@z Thu Jan  1 00:00:00 1970
From: Ben Hutchings <ben@decadent.org.uk>
Subject: [PATCH 3.16 39/63] x86/entry/64: Remove %ebx handling
 from error_entry/exit
Date: Sat, 22 Sep 2018 01:15:42 +0100
Message-ID: <lsq.1537575342.497004293@decadent.org.uk>
References: <lsq.1537575341.194909669@decadent.org.uk>
Mime-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Return-path: <xen-devel-bounces@lists.xenproject.org>
Received: from us1-rack-dfw2.inumbo.com ([104.130.134.6])
 by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from
 <srs0=jblx=me=decadent.org.uk=ben@srs-us1.protection.inumbo.net>)
 id 1g3Veb-0002LZ-Kd
 for xen-devel@lists.xenproject.org; Sat, 22 Sep 2018 00:20:09 +0000
Content-Disposition: inline
In-Reply-To: <lsq.1537575341.194909669@decadent.org.uk>
List-Unsubscribe: <https://lists.xenproject.org/mailman/options/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xenproject.org>
List-Help: <mailto:xen-devel-request@lists.xenproject.org?subject=help>
List-Subscribe: <https://lists.xenproject.org/mailman/listinfo/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=subscribe>
Errors-To: xen-devel-bounces@lists.xenproject.org
Sender: "Xen-devel" <xen-devel-bounces@lists.xenproject.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Juergen Gross <jgross@suse.com>, Thomas Gleixner <tglx@linutronix.de>, Denys Vlasenko <dvlasenk@redhat.com>, Brian Gerst <brgerst@gmail.com>, Peter Zijlstra <peterz@infradead.org>, Greg KH <gregkh@linuxfoundation.org>, Boris Ostrovsky <boris.ostrovsky@oracle.com>, Dave Hansen <dave.hansen@linux.intel.com>, Dominik Brodowski <linux@dominikbrodowski.net>, Josh Poimboeuf <jpoimboe@redhat.com>, Andy Lutomirski <luto@kernel.org>, "H. Peter Anvin" <hpa@zytor.com>, Borislav Petkov <bp@alien8.de>, xen-devel@lists.xenproject.org, akpm@linux-foundation.org, Linus Torvalds <torvalds@linux-foundation.org>, Ingo Molnar <mingo@kernel.org>
List-Id: xen-devel@lists.xenproject.org

My4xNi41OC1yYzEgcmV2aWV3IHBhdGNoLiAgSWYgYW55b25lIGhhcyBhbnkgb2JqZWN0aW9ucywg
cGxlYXNlIGxldCBtZSBrbm93LgoKLS0tLS0tLS0tLS0tLS0tLS0tCgpGcm9tOiBBbmR5IEx1dG9t
aXJza2kgPGx1dG9Aa2VybmVsLm9yZz4KCmNvbW1pdCBiMzY4MWRkNTQ4ZDA2ZGViMmUxNTczODkw
ODI5ZGZmNGIxNWFiZjQ2IHVwc3RyZWFtLgoKZXJyb3JfZW50cnkgYW5kIGVycm9yX2V4aXQgY29t
bXVuaWNhdGUgdGhlIHVzZXIgdnMuIGtlcm5lbCBzdGF0dXMgb2YKdGhlIGZyYW1lIHVzaW5nICVl
YnguICBUaGlzIGlzIHVubmVjZXNzYXJ5IC0tIHRoZSBpbmZvcm1hdGlvbiBpcyBpbgpyZWdzLT5j
cy4gIEp1c3QgdXNlIHJlZ3MtPmNzLgoKVGhpcyBtYWtlcyBlcnJvcl9lbnRyeSBzaW1wbGVyIGFu
ZCBtYWtlcyBlcnJvcl9leGl0IG1vcmUgcm9idXN0LgoKSXQgYWxzbyBmaXhlcyBhIG5hc3R5IGJ1
Zy4gIEJlZm9yZSBhbGwgdGhlIFNwZWN0cmUgbm9uc2Vuc2UsIHRoZQp4ZW5fZmFpbHNhZmVfY2Fs
bGJhY2sgZW50cnkgcG9pbnQgcmV0dXJuZWQgbGlrZSB0aGlzOgoKICAgICAgICBBTExPQ19QVF9H
UFJFR1NfT05fU1RBQ0sKICAgICAgICBTQVZFX0NfUkVHUwogICAgICAgIFNBVkVfRVhUUkFfUkVH
UwogICAgICAgIEVOQ09ERV9GUkFNRV9QT0lOVEVSCiAgICAgICAgam1wICAgICBlcnJvcl9leGl0
CgpBbmQgaXQgZGlkIG5vdCBnbyB0aHJvdWdoIGVycm9yX2VudHJ5LiAgVGhpcyB3YXMgYm9ndXM6
IFJCWApjb250YWluZWQgZ2FyYmFnZSwgYW5kIGVycm9yX2V4aXQgZXhwZWN0ZWQgYSBmbGFnIGlu
IFJCWC4KCkZvcnR1bmF0ZWx5LCBpdCBnZW5lcmFsbHkgY29udGFpbmVkICpub256ZXJvKiBnYXJi
YWdlLCBzbyB0aGUKY29ycmVjdCBjb2RlIHBhdGggd2FzIHVzZWQuICBBcyBwYXJ0IG9mIHRoZSBT
cGVjdHJlIGZpeGVzLCBjb2RlIHdhcwphZGRlZCB0byBjbGVhciBSQlggdG8gbWl0aWdhdGUgY2Vy
dGFpbiBzcGVjdWxhdGlvbiBhdHRhY2tzLiAgTm93LApkZXBlbmRpbmcgb24ga2VybmVsIGNvbmZp
Z3VyYXRpb24sIFJCWCBnb3QgemVyb2VkIGFuZCwgd2hlbiBydW5uaW5nCnNvbWUgV2luZSB3b3Jr
bG9hZHMsIHRoZSBrZXJuZWwgY3Jhc2hlcy4gIFRoaXMgd2FzIGludHJvZHVjZWQgYnk6CgogICAg
Y29tbWl0IDNhYzZkOGM3ODdiOCAoIng4Ni9lbnRyeS82NDogQ2xlYXIgcmVnaXN0ZXJzIGZvciBl
eGNlcHRpb25zL2ludGVycnVwdHMsIHRvIHJlZHVjZSBzcGVjdWxhdGlvbiBhdHRhY2sgc3VyZmFj
ZSIpCgpXaXRoIHRoaXMgcGF0Y2ggYXBwbGllZCwgUkJYIGlzIG5vIGxvbmdlciBuZWVkZWQgYXMg
YSBmbGFnLCBhbmQgdGhlCnByb2JsZW0gZ29lcyBhd2F5LgoKSSBzdXNwZWN0IHRoYXQgbWFsaWNp
b3VzIHVzZXJzcGFjZSBjb3VsZCB1c2UgdGhpcyBidWcgdG8gY3Jhc2ggdGhlCmtlcm5lbCBldmVu
IHdpdGhvdXQgdGhlIG9mZmVuZGluZyBwYXRjaCBhcHBsaWVkLCB0aG91Z2guCgpbIEhpc3Rvcmlj
YWwgbm90ZTogSSB3cm90ZSB0aGlzIHBhdGNoIGFzIGEgY2xlYW51cCBiZWZvcmUgSSB3YXMgYXdh
cmUKICBvZiB0aGUgYnVnIGl0IGZpeGVkLiBdCgpbIE5vdGUgdG8gc3RhYmxlIG1haW50YWluZXJz
OiB0aGlzIHNob3VsZCBwcm9iYWJseSBnZXQgYXBwbGllZCB0byBhbGwKICBrZXJuZWxzLiAgSWYg
eW91J3JlIG5lcnZvdXMgYWJvdXQgdGhhdCwgYSBtb3JlIGNvbnNlcnZhdGl2ZSBmaXggdG8KICBh
ZGQgeG9ybCAlZWJ4LCVlYng7IGluY2wgJWVieCBiZWZvcmUgdGhlIGp1bXAgdG8gZXJyb3JfZXhp
dCBzaG91bGQKICBhbHNvIGZpeCB0aGUgcHJvYmxlbS4gXQoKUmVwb3J0ZWQtYW5kLXRlc3RlZC1i
eTogTS4gVmVmYSBCaWNha2NpIDxtLnYuYkBydW5ib3guY29tPgpTaWduZWQtb2ZmLWJ5OiBBbmR5
IEx1dG9taXJza2kgPGx1dG9Aa2VybmVsLm9yZz4KQ2M6IEJvcmlzIE9zdHJvdnNreSA8Ym9yaXMu
b3N0cm92c2t5QG9yYWNsZS5jb20+CkNjOiBCb3Jpc2xhdiBQZXRrb3YgPGJwQGFsaWVuOC5kZT4K
Q2M6IEJyaWFuIEdlcnN0IDxicmdlcnN0QGdtYWlsLmNvbT4KQ2M6IERhdmUgSGFuc2VuIDxkYXZl
LmhhbnNlbkBsaW51eC5pbnRlbC5jb20+CkNjOiBEZW55cyBWbGFzZW5rbyA8ZHZsYXNlbmtAcmVk
aGF0LmNvbT4KQ2M6IERvbWluaWsgQnJvZG93c2tpIDxsaW51eEBkb21pbmlrYnJvZG93c2tpLm5l
dD4KQ2M6IEdyZWcgS0ggPGdyZWdraEBsaW51eGZvdW5kYXRpb24ub3JnPgpDYzogSC4gUGV0ZXIg
QW52aW4gPGhwYUB6eXRvci5jb20+CkNjOiBKb3NoIFBvaW1ib2V1ZiA8anBvaW1ib2VAcmVkaGF0
LmNvbT4KQ2M6IEp1ZXJnZW4gR3Jvc3MgPGpncm9zc0BzdXNlLmNvbT4KQ2M6IExpbnVzIFRvcnZh
bGRzIDx0b3J2YWxkc0BsaW51eC1mb3VuZGF0aW9uLm9yZz4KQ2M6IFBldGVyIFppamxzdHJhIDxw
ZXRlcnpAaW5mcmFkZWFkLm9yZz4KQ2M6IFRob21hcyBHbGVpeG5lciA8dGdseEBsaW51dHJvbml4
LmRlPgpDYzogeGVuLWRldmVsQGxpc3RzLnhlbnByb2plY3Qub3JnCkZpeGVzOiAzYWM2ZDhjNzg3
YjggKCJ4ODYvZW50cnkvNjQ6IENsZWFyIHJlZ2lzdGVycyBmb3IgZXhjZXB0aW9ucy9pbnRlcnJ1
cHRzLCB0byByZWR1Y2Ugc3BlY3VsYXRpb24gYXR0YWNrIHN1cmZhY2UiKQpMaW5rOiBodHRwOi8v
bGttbC5rZXJuZWwub3JnL3IvYjUwMTBhMDkwZDM1ODZiMmQ2ZTA2YzdhZDNlYzU1NDJkMTI0MWM0
NS4xNTMyMjgyNjI3LmdpdC5sdXRvQGtlcm5lbC5vcmcKU2lnbmVkLW9mZi1ieTogSW5nbyBNb2xu
YXIgPG1pbmdvQGtlcm5lbC5vcmc+Cltid2g6IEJhY2twb3J0ZWQgdG8gMy4xNjoKIC0gZXJyb3Jf
ZXhpdCBtb3ZlZCBFQlggdG8gRUFYIGJlZm9yZSB0ZXN0aW5nIGl0LCBzbyBkZWxldGUgYm90aCBp
bnN0cnVjdGlvbnMKIC0gZXJyb3JfZXhpdCBkb2VzIFJFU1RPUkVfUkVTVCBlYXJsaWVyLCBzbyBh
ZGp1c3QgdGhlIG9mZnNldCB0byBzYXZlZCBDUwogICBhY2NvcmRpbmdseQogLSBEcm9wIGluYXBw
bGljYWJsZSBjb21tZW50IGNoYW5nZXMKIC0gQWRqdXN0IGZpbGVuYW1lLCBjb250ZXh0XQpTaWdu
ZWQtb2ZmLWJ5OiBCZW4gSHV0Y2hpbmdzIDxiZW5AZGVjYWRlbnQub3JnLnVrPgotLS0KLS0tIGEv
YXJjaC94ODYva2VybmVsL2VudHJ5XzY0LlMKKysrIGIvYXJjaC94ODYva2VybmVsL2VudHJ5XzY0
LlMKQEAgLTExMzUsNyArMTEzNSw3IEBAIEVOVFJZKFxzeW0pCiAJLmlmIFxwYXJhbm9pZAogCWpt
cCBwYXJhbm9pZF9leGl0CQkvKiAlZWJ4OiBubyBzd2FwZ3MgZmxhZyAqLwogCS5lbHNlCi0Jam1w
IGVycm9yX2V4aXQJCQkvKiAlZWJ4OiBubyBzd2FwZ3MgZmxhZyAqLworCWptcCBlcnJvcl9leGl0
CiAJLmVuZGlmCiAKIAlDRklfRU5EUFJPQwpAQCAtMTQxMSw3ICsxNDExLDYgQEAgRU5EKHBhcmFu
b2lkX2V4aXQpCiAKIC8qCiAgKiBFeGNlcHRpb24gZW50cnkgcG9pbnQuIFRoaXMgZXhwZWN0cyBh
biBlcnJvciBjb2RlL29yaWdfcmF4IG9uIHRoZSBzdGFjay4KLSAqIHJldHVybnMgaW4gIm5vIHN3
YXBncyBmbGFnIiBpbiAlZWJ4LgogICovCiBFTlRSWShlcnJvcl9lbnRyeSkKIAlYQ1BUX0ZSQU1F
CkBAIC0xNDQwLDcgKzE0MzksNiBAQCBFTlRSWShlcnJvcl9lbnRyeSkKIAkgKiB0aGUga2VybmVs
IENSMyBoZXJlLgogCSAqLwogCVNXSVRDSF9LRVJORUxfQ1IzCi0JeG9ybCAlZWJ4LCVlYngKIAl0
ZXN0bCAkMyxDUys4KCVyc3ApCiAJamUgZXJyb3Jfa2VybmVsc3BhY2UKIGVycm9yX3N3YXBnczoK
QEAgLTE0NTYsNyArMTQ1NCw2IEBAIGVycm9yX3N0aToKICAqIGZvciB0aGVzZSBoZXJlIHRvby4K
ICAqLwogZXJyb3Jfa2VybmVsc3BhY2U6Ci0JaW5jbCAlZWJ4CiAJbGVhcSBuYXRpdmVfaXJxX3Jl
dHVybl9pcmV0KCVyaXApLCVyY3gKIAljbXBxICVyY3gsUklQKzgoJXJzcCkKIAlqZSBlcnJvcl9i
YWRfaXJldApAQCAtMTQ3NywyMiArMTQ3NCwxOCBAQCBlcnJvcl9iYWRfaXJldDoKIAltb3YgJXJz
cCwlcmRpCiAJY2FsbCBmaXh1cF9iYWRfaXJldAogCW1vdiAlcmF4LCVyc3AKLQlkZWNsICVlYngJ
LyogUmV0dXJuIHRvIHVzZXJncyAqLwogCWptcCBlcnJvcl9zdGkKIAlDRklfRU5EUFJPQwogRU5E
KGVycm9yX2VudHJ5KQogCi0KLS8qIGVieDoJbm8gc3dhcGdzIGZsYWcgKDE6IGRvbid0IG5lZWQg
c3dhcGdzLCAwOiBuZWVkIGl0KSAqLwogRU5UUlkoZXJyb3JfZXhpdCkKIAlERUZBVUxUX0ZSQU1F
Ci0JbW92bCAlZWJ4LCVlYXgKIAlSRVNUT1JFX1JFU1QKIAlESVNBQkxFX0lOVEVSUlVQVFMoQ0xC
Ul9OT05FKQogCVRSQUNFX0lSUVNfT0ZGCiAJR0VUX1RIUkVBRF9JTkZPKCVyY3gpCi0JdGVzdGwg
JWVheCwlZWF4Ci0Jam5lIHJldGludF9rZXJuZWwKKwl0ZXN0YgkkMywgQ1MtQVJHT0ZGU0VUKCVy
c3ApCisJanoJcmV0aW50X2tlcm5lbAogCUxPQ0tERVBfU1lTX0VYSVRfSVJRCiAJbW92bCBUSV9m
bGFncyglcmN4KSwlZWR4CiAJbW92bCAkX1RJRl9XT1JLX01BU0ssJWVkaQoKCl9fX19fX19fX19f
X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fClhlbi1kZXZlbCBtYWlsaW5nIGxp
c3QKWGVuLWRldmVsQGxpc3RzLnhlbnByb2plY3Qub3JnCmh0dHBzOi8vbGlzdHMueGVucHJvamVj
dC5vcmcvbWFpbG1hbi9saXN0aW5mby94ZW4tZGV2ZWw=