From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: ** X-Spam-Status: No, score=2.2 required=3.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,HTML_MESSAGE,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7BBE6C4332D for ; Fri, 20 Mar 2020 08:36:52 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 2309A20739 for ; Fri, 20 Mar 2020 08:36:52 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="NWA6i6fk" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 2309A20739 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id C11576B0003; Fri, 20 Mar 2020 04:36:51 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id BC2CF6B0006; Fri, 20 Mar 2020 04:36:51 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id A89626B0007; Fri, 20 Mar 2020 04:36:51 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0111.hostedemail.com [216.40.44.111]) by kanga.kvack.org (Postfix) with ESMTP id 8FCA96B0003 for ; Fri, 20 Mar 2020 04:36:51 -0400 (EDT) Received: from smtpin20.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay05.hostedemail.com (Postfix) with ESMTP id 4268B181AC9CB for ; Fri, 20 Mar 2020 08:36:51 +0000 (UTC) X-FDA: 76615085022.20.comb57_3bcc9156b0660 X-HE-Tag: comb57_3bcc9156b0660 X-Filterd-Recvd-Size: 14815 Received: from mail-lf1-f48.google.com (mail-lf1-f48.google.com [209.85.167.48]) by imf14.hostedemail.com (Postfix) with ESMTP for ; Fri, 20 Mar 2020 08:36:50 +0000 (UTC) Received: by mail-lf1-f48.google.com with SMTP id j15so3833980lfk.6 for ; Fri, 20 Mar 2020 01:36:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=oR+jTIP15GcWjeFVlZjEov4YBsuIrHL0Aw0YZr6dF8E=; b=NWA6i6fkOUTJ6PDpisgZ6lSg9+IQN9Dblm9LnhPd+lFT2TdzuUY0eEaBWmDD8byRVK NLPw0cZuwmCEDNe6FPrnsQ7/6J+yQ4Z25LBS86+BkLPG6GwISepT2xMuQy9tLCCdH2Os X7g+ZLhuZpkEvEZ/5gXBsA8/QZuwkDk+Rzs25XdVV0dZRXrmoC3QjwDxIUKBK9sAkOIU ccROQ3SvBWkElX+sumQ3AQYWqQGxL5w6hNwbTD7QjXxcCt+7dpq4QT293CysH1973/nE YVcov/Ozjxl3athVzXWKcGuz+DyIGkGLQBo+O22wuSTgALFbuMWpIrym3s8hcgaj2Kuh 9Rqw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=oR+jTIP15GcWjeFVlZjEov4YBsuIrHL0Aw0YZr6dF8E=; b=ZifBVT/Z67MYYasRy9i+oJQ92TIaRXaLkVC+h+P9KbJl7kHEzjJiV/inHpSOTDki7l Mk3XOh/UC1hAlw7tOH1ChP2VxGAspTJcEl5AJ/TeXSL44kMOQALla+mXM6tadR5+hhna +80CG0J47MUUSLQ+mOKOHcf+Vm+7y8TJi3pJ7W0RFz6pQKzsEQwaa528owTWJpLY/31U F+bbLw4fv+uzUwZY7/OWc7Js1X4Uo1fRXk+pNAJRo/rO8sQOy+JHATYC0IfMvNow7DjB I5cQa13e4j+mBPROC8IpEfVvnhXRw7MCxp4zdMOL57Zhwz+bvr+QB7mTXDh5miJHRQ29 /LGw== X-Gm-Message-State: ANhLgQ2V8zGuTQJ/RMYGkC5YHpUuK+Dyeap9EQ5qWiWgXSfqsV9eFARO IKZjs83VOUWRmKzZjXb3MTkfnDkmvdR4YZo+zu0= X-Google-Smtp-Source: ADFU+vtMouUYYhzp14Abz6yny4yZqn4TeI64R+olSWvTjAlIMtOemzoKk6qljZsop5FOpDg3+cJ17QMC+U6ybDKpzDs= X-Received: by 2002:a19:ae0b:: with SMTP id f11mr4575943lfc.190.1584693409290; Fri, 20 Mar 2020 01:36:49 -0700 (PDT) MIME-Version: 1.0 References: <9e699198-d1e4-f285-f4ed-15fbf8a8c16e@infradead.org> In-Reply-To: <9e699198-d1e4-f285-f4ed-15fbf8a8c16e@infradead.org> From: Entropy Moe <3ntr0py1337@gmail.com> Date: Fri, 20 Mar 2020 12:36:38 +0400 Message-ID: Subject: Re: KASAN: stack-out-of-bounds Write in mpol_to_str To: Randy Dunlap Cc: linux-kernel@vger.kernel.org, linux-mm@kvack.org, akpm@linux-foundation.org Content-Type: multipart/mixed; boundary="000000000000bd44c705a1452fcc" X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: --000000000000bd44c705a1452fcc Content-Type: multipart/alternative; boundary="000000000000bd44c405a1452fca" --000000000000bd44c405a1452fca Content-Type: text/plain; charset="UTF-8" Hello Randy, please see attached POC for the vulnerability. On Mon, Mar 16, 2020 at 10:46 PM Randy Dunlap wrote: > On 3/15/20 12:57 PM, Entropy Moe wrote: > > Hello team, > > how are you ? > > I wanted to report a bug on mempolicy.c. I found the bug on the latest > version of the kernel. > > > > which is stack out of bound vulnerability. > > > > I am attaching report. > > > > If you need the POC crash code, I can provide. > > Hi Moe, > > Please post the POC code and your kernel .config file. > > thanks. > -- > ~Randy > > --000000000000bd44c405a1452fca Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hello Randy,
please see attached POC f= or the vulnerability.


On Mon, Mar 16, 2020 at 10:4= 6 PM Randy Dunlap <rdunlap@infr= adead.org> wrote:
On 3/15/20 12:57 PM, Entropy Moe wrote:
> Hello team,
> how are you ?
> I wanted to report a bug on mempolicy.c. I found the bug on the latest= version of the kernel.
>
> which is stack out of bound vulnerability.
>
> I am attaching=C2=A0 report.=C2=A0
>
> If you need the POC crash code, I can provide.

Hi Moe,

Please post the POC code and your kernel .config file.

thanks.
--
~Randy

--000000000000bd44c405a1452fca-- --000000000000bd44c705a1452fcc Content-Type: text/x-csrc; charset="US-ASCII"; name="mpol_to_string_poc.c" Content-Disposition: attachment; filename="mpol_to_string_poc.c" Content-Transfer-Encoding: base64 Content-ID: X-Attachment-Id: f_k7zxi8hz0 I2RlZmluZSBfR05VX1NPVVJDRSAKCiNpbmNsdWRlIDxlbmRpYW4uaD4KI2luY2x1ZGUgPGVycm5v Lmg+CiNpbmNsdWRlIDxmY250bC5oPgojaW5jbHVkZSA8c3RkaW50Lmg+CiNpbmNsdWRlIDxzdGRp by5oPgojaW5jbHVkZSA8c3RkbGliLmg+CiNpbmNsdWRlIDxzdHJpbmcuaD4KI2luY2x1ZGUgPHN5 cy9pb2N0bC5oPgojaW5jbHVkZSA8c3lzL21vdW50Lmg+CiNpbmNsdWRlIDxzeXMvc3RhdC5oPgoj aW5jbHVkZSA8c3lzL3N5c2NhbGwuaD4KI2luY2x1ZGUgPHN5cy90eXBlcy5oPgojaW5jbHVkZSA8 dW5pc3RkLmg+CgojaW5jbHVkZSA8bGludXgvbG9vcC5oPgoKc3RhdGljIHVuc2lnbmVkIGxvbmcg bG9uZyBwcm9jaWQ7CgpzdHJ1Y3QgZnNfaW1hZ2Vfc2VnbWVudCB7Cgl2b2lkKiBkYXRhOwoJdWlu dHB0cl90IHNpemU7Cgl1aW50cHRyX3Qgb2Zmc2V0Owp9OwoKI2RlZmluZSBJTUFHRV9NQVhfU0VH TUVOVFMgNDA5NgojZGVmaW5lIElNQUdFX01BWF9TSVpFICgxMjkgPDwgMjApCgojZGVmaW5lIHN5 c19tZW1mZF9jcmVhdGUgMzE5CgpzdGF0aWMgdW5zaWduZWQgbG9uZyBmc19pbWFnZV9zZWdtZW50 X2NoZWNrKHVuc2lnbmVkIGxvbmcgc2l6ZSwgdW5zaWduZWQgbG9uZyBuc2VncywgbG9uZyBzZWdt ZW50cykKewoJdW5zaWduZWQgbG9uZyBpOwoJc3RydWN0IGZzX2ltYWdlX3NlZ21lbnQqIHNlZ3Mg PSAoc3RydWN0IGZzX2ltYWdlX3NlZ21lbnQqKXNlZ21lbnRzOwoJaWYgKG5zZWdzID4gSU1BR0Vf TUFYX1NFR01FTlRTKQoJCW5zZWdzID0gSU1BR0VfTUFYX1NFR01FTlRTOwoJZm9yIChpID0gMDsg aSA8IG5zZWdzOyBpKyspIHsKCQlpZiAoc2Vnc1tpXS5zaXplID4gSU1BR0VfTUFYX1NJWkUpCgkJ CXNlZ3NbaV0uc2l6ZSA9IElNQUdFX01BWF9TSVpFOwoJCXNlZ3NbaV0ub2Zmc2V0ICU9IElNQUdF X01BWF9TSVpFOwoJCWlmIChzZWdzW2ldLm9mZnNldCA+IElNQUdFX01BWF9TSVpFIC0gc2Vnc1tp XS5zaXplKQoJCQlzZWdzW2ldLm9mZnNldCA9IElNQUdFX01BWF9TSVpFIC0gc2Vnc1tpXS5zaXpl OwoJCWlmIChzaXplIDwgc2Vnc1tpXS5vZmZzZXQgKyBzZWdzW2ldLm9mZnNldCkKCQkJc2l6ZSA9 IHNlZ3NbaV0ub2Zmc2V0ICsgc2Vnc1tpXS5vZmZzZXQ7Cgl9CglpZiAoc2l6ZSA+IElNQUdFX01B WF9TSVpFKQoJCXNpemUgPSBJTUFHRV9NQVhfU0laRTsKCXJldHVybiBzaXplOwp9CgpzdGF0aWMg bG9uZyBzeXpfbW91bnRfaW1hZ2Uodm9sYXRpbGUgbG9uZyBmc2FyZywgdm9sYXRpbGUgbG9uZyBk aXIsIHZvbGF0aWxlIHVuc2lnbmVkIGxvbmcgc2l6ZSwgdm9sYXRpbGUgdW5zaWduZWQgbG9uZyBu c2Vncywgdm9sYXRpbGUgbG9uZyBzZWdtZW50cywgdm9sYXRpbGUgbG9uZyBmbGFncywgdm9sYXRp bGUgbG9uZyBvcHRzYXJnKQp7CgljaGFyIGxvb3BuYW1lWzY0XSwgZnNbMzJdLCBvcHRzWzI1Nl07 CglpbnQgbG9vcGZkLCBlcnIgPSAwLCByZXMgPSAtMTsKCXVuc2lnbmVkIGxvbmcgaTsKCnNpemUg PSBmc19pbWFnZV9zZWdtZW50X2NoZWNrKHNpemUsIG5zZWdzLCBzZWdtZW50cyk7CglpbnQgbWVt ZmQgPSBzeXNjYWxsKHN5c19tZW1mZF9jcmVhdGUsICJzeXpfbW91bnRfaW1hZ2UiLCAwKTsKCWlm IChtZW1mZCA9PSAtMSkgewoJCWVyciA9IGVycm5vOwoJCWdvdG8gZXJyb3I7Cgl9CglpZiAoZnRy dW5jYXRlKG1lbWZkLCBzaXplKSkgewoJCWVyciA9IGVycm5vOwoJCWdvdG8gZXJyb3JfY2xvc2Vf bWVtZmQ7Cgl9Cglmb3IgKGkgPSAwOyBpIDwgbnNlZ3M7IGkrKykgewoJCXN0cnVjdCBmc19pbWFn ZV9zZWdtZW50KiBzZWdzID0gKHN0cnVjdCBmc19pbWFnZV9zZWdtZW50KilzZWdtZW50czsKCQlp bnQgcmVzMSA9IDA7CnJlczEgPSBwd3JpdGUobWVtZmQsIHNlZ3NbaV0uZGF0YSwgc2Vnc1tpXS5z aXplLCBzZWdzW2ldLm9mZnNldCk7CgkJaWYgKHJlczEgPCAwKSB7CgkJfQoJfQoJc25wcmludGYo bG9vcG5hbWUsIHNpemVvZihsb29wbmFtZSksICIvZGV2L2xvb3AlbGx1IiwgcHJvY2lkKTsKCWxv b3BmZCA9IG9wZW4obG9vcG5hbWUsIE9fUkRXUik7CglpZiAobG9vcGZkID09IC0xKSB7CgkJZXJy ID0gZXJybm87CgkJZ290byBlcnJvcl9jbG9zZV9tZW1mZDsKCX0KCWlmIChpb2N0bChsb29wZmQs IExPT1BfU0VUX0ZELCBtZW1mZCkpIHsKCQlpZiAoZXJybm8gIT0gRUJVU1kpIHsKCQkJZXJyID0g ZXJybm87CgkJCWdvdG8gZXJyb3JfY2xvc2VfbG9vcDsKCQl9CgkJaW9jdGwobG9vcGZkLCBMT09Q X0NMUl9GRCwgMCk7CgkJdXNsZWVwKDEwMDApOwoJCWlmIChpb2N0bChsb29wZmQsIExPT1BfU0VU X0ZELCBtZW1mZCkpIHsKCQkJZXJyID0gZXJybm87CgkJCWdvdG8gZXJyb3JfY2xvc2VfbG9vcDsK CQl9Cgl9Cglta2RpcigoY2hhciopZGlyLCAwNzc3KTsKCW1lbXNldChmcywgMCwgc2l6ZW9mKGZz KSk7CnN0cm5jcHkoZnMsIChjaGFyKilmc2FyZywgc2l6ZW9mKGZzKSAtIDEpOwoJbWVtc2V0KG9w dHMsIDAsIHNpemVvZihvcHRzKSk7CnN0cm5jcHkob3B0cywgKGNoYXIqKW9wdHNhcmcsIHNpemVv ZihvcHRzKSAtIDMyKTsKCWlmIChzdHJjbXAoZnMsICJpc285NjYwIikgPT0gMCkgewoJCWZsYWdz IHw9IE1TX1JET05MWTsKCX0gZWxzZSBpZiAoc3RybmNtcChmcywgImV4dCIsIDMpID09IDApIHsK CQlpZiAoc3Ryc3RyKG9wdHMsICJlcnJvcnM9cGFuaWMiKSB8fCBzdHJzdHIob3B0cywgImVycm9y cz1yZW1vdW50LXJvIikgPT0gMCkKCQkJc3RyY2F0KG9wdHMsICIsZXJyb3JzPWNvbnRpbnVlIik7 Cgl9IGVsc2UgaWYgKHN0cmNtcChmcywgInhmcyIpID09IDApIHsKCQlzdHJjYXQob3B0cywgIixu b3V1aWQiKTsKCX0KCWlmIChtb3VudChsb29wbmFtZSwgKGNoYXIqKWRpciwgZnMsIGZsYWdzLCBv cHRzKSkgewoJCWVyciA9IGVycm5vOwoJCWdvdG8gZXJyb3JfY2xlYXJfbG9vcDsKCX0KCXJlcyA9 IDA7CmVycm9yX2NsZWFyX2xvb3A6Cglpb2N0bChsb29wZmQsIExPT1BfQ0xSX0ZELCAwKTsKZXJy b3JfY2xvc2VfbG9vcDoKCWNsb3NlKGxvb3BmZCk7CmVycm9yX2Nsb3NlX21lbWZkOgoJY2xvc2Uo bWVtZmQpOwplcnJvcjoKCWVycm5vID0gZXJyOwoJcmV0dXJuIHJlczsKfQoKaW50IG1haW4odm9p ZCkKewoJCXN5c2NhbGwoX19OUl9tbWFwLCAweDIwMDAwMDAwdWwsIDB4MTAwMDAwMHVsLCAzdWws IDB4MzJ1bCwgLTEsIDApOwoKbWVtY3B5KCh2b2lkKikweDIwMDAwMDAwLCAidG1wZnNcMDAwIiwg Nik7Cm1lbWNweSgodm9pZCopMHgyMDAwMDEwMCwgIi4vZmlsZTBcMDAwIiwgOCk7Cm1lbWNweSgo dm9pZCopMHgyMDAwMDM0MCwgIm1wb2wiLCA0KTsKKih1aW50OF90KikweDIwMDAwMzQ0ID0gMHgz ZDsKbWVtY3B5KCh2b2lkKikweDIwMDAwMzQ1LCAicHJlZmVyIiwgNik7CioodWludDhfdCopMHgy MDAwMDM0YiA9IDB4M2E7CioodWludDhfdCopMHgyMDAwMDM0YyA9IDB4MmM7CioodWludDhfdCop MHgyMDAwMDM0ZCA9IDA7CglzeXpfbW91bnRfaW1hZ2UoMHgyMDAwMDAwMCwgMHgyMDAwMDEwMCwg MCwgMCwgMCwgMCwgMHgyMDAwMDM0MCk7CglyZXR1cm4gMDsKfQo= --000000000000bd44c705a1452fcc Content-Type: text/x-csrc; charset="US-ASCII"; name="mpol_to_string_poc.c" Content-Disposition: attachment; filename="mpol_to_string_poc.c" Content-Transfer-Encoding: base64 Content-ID: X-Attachment-Id: f_k7zxj3e81 I2RlZmluZSBfR05VX1NPVVJDRSAKCiNpbmNsdWRlIDxlbmRpYW4uaD4KI2luY2x1ZGUgPGVycm5v Lmg+CiNpbmNsdWRlIDxmY250bC5oPgojaW5jbHVkZSA8c3RkaW50Lmg+CiNpbmNsdWRlIDxzdGRp by5oPgojaW5jbHVkZSA8c3RkbGliLmg+CiNpbmNsdWRlIDxzdHJpbmcuaD4KI2luY2x1ZGUgPHN5 cy9pb2N0bC5oPgojaW5jbHVkZSA8c3lzL21vdW50Lmg+CiNpbmNsdWRlIDxzeXMvc3RhdC5oPgoj aW5jbHVkZSA8c3lzL3N5c2NhbGwuaD4KI2luY2x1ZGUgPHN5cy90eXBlcy5oPgojaW5jbHVkZSA8 dW5pc3RkLmg+CgojaW5jbHVkZSA8bGludXgvbG9vcC5oPgoKc3RhdGljIHVuc2lnbmVkIGxvbmcg bG9uZyBwcm9jaWQ7CgpzdHJ1Y3QgZnNfaW1hZ2Vfc2VnbWVudCB7Cgl2b2lkKiBkYXRhOwoJdWlu dHB0cl90IHNpemU7Cgl1aW50cHRyX3Qgb2Zmc2V0Owp9OwoKI2RlZmluZSBJTUFHRV9NQVhfU0VH TUVOVFMgNDA5NgojZGVmaW5lIElNQUdFX01BWF9TSVpFICgxMjkgPDwgMjApCgojZGVmaW5lIHN5 c19tZW1mZF9jcmVhdGUgMzE5CgpzdGF0aWMgdW5zaWduZWQgbG9uZyBmc19pbWFnZV9zZWdtZW50 X2NoZWNrKHVuc2lnbmVkIGxvbmcgc2l6ZSwgdW5zaWduZWQgbG9uZyBuc2VncywgbG9uZyBzZWdt ZW50cykKewoJdW5zaWduZWQgbG9uZyBpOwoJc3RydWN0IGZzX2ltYWdlX3NlZ21lbnQqIHNlZ3Mg PSAoc3RydWN0IGZzX2ltYWdlX3NlZ21lbnQqKXNlZ21lbnRzOwoJaWYgKG5zZWdzID4gSU1BR0Vf TUFYX1NFR01FTlRTKQoJCW5zZWdzID0gSU1BR0VfTUFYX1NFR01FTlRTOwoJZm9yIChpID0gMDsg aSA8IG5zZWdzOyBpKyspIHsKCQlpZiAoc2Vnc1tpXS5zaXplID4gSU1BR0VfTUFYX1NJWkUpCgkJ CXNlZ3NbaV0uc2l6ZSA9IElNQUdFX01BWF9TSVpFOwoJCXNlZ3NbaV0ub2Zmc2V0ICU9IElNQUdF X01BWF9TSVpFOwoJCWlmIChzZWdzW2ldLm9mZnNldCA+IElNQUdFX01BWF9TSVpFIC0gc2Vnc1tp XS5zaXplKQoJCQlzZWdzW2ldLm9mZnNldCA9IElNQUdFX01BWF9TSVpFIC0gc2Vnc1tpXS5zaXpl OwoJCWlmIChzaXplIDwgc2Vnc1tpXS5vZmZzZXQgKyBzZWdzW2ldLm9mZnNldCkKCQkJc2l6ZSA9 IHNlZ3NbaV0ub2Zmc2V0ICsgc2Vnc1tpXS5vZmZzZXQ7Cgl9CglpZiAoc2l6ZSA+IElNQUdFX01B WF9TSVpFKQoJCXNpemUgPSBJTUFHRV9NQVhfU0laRTsKCXJldHVybiBzaXplOwp9CgpzdGF0aWMg bG9uZyBzeXpfbW91bnRfaW1hZ2Uodm9sYXRpbGUgbG9uZyBmc2FyZywgdm9sYXRpbGUgbG9uZyBk aXIsIHZvbGF0aWxlIHVuc2lnbmVkIGxvbmcgc2l6ZSwgdm9sYXRpbGUgdW5zaWduZWQgbG9uZyBu c2Vncywgdm9sYXRpbGUgbG9uZyBzZWdtZW50cywgdm9sYXRpbGUgbG9uZyBmbGFncywgdm9sYXRp bGUgbG9uZyBvcHRzYXJnKQp7CgljaGFyIGxvb3BuYW1lWzY0XSwgZnNbMzJdLCBvcHRzWzI1Nl07 CglpbnQgbG9vcGZkLCBlcnIgPSAwLCByZXMgPSAtMTsKCXVuc2lnbmVkIGxvbmcgaTsKCnNpemUg PSBmc19pbWFnZV9zZWdtZW50X2NoZWNrKHNpemUsIG5zZWdzLCBzZWdtZW50cyk7CglpbnQgbWVt ZmQgPSBzeXNjYWxsKHN5c19tZW1mZF9jcmVhdGUsICJzeXpfbW91bnRfaW1hZ2UiLCAwKTsKCWlm IChtZW1mZCA9PSAtMSkgewoJCWVyciA9IGVycm5vOwoJCWdvdG8gZXJyb3I7Cgl9CglpZiAoZnRy dW5jYXRlKG1lbWZkLCBzaXplKSkgewoJCWVyciA9IGVycm5vOwoJCWdvdG8gZXJyb3JfY2xvc2Vf bWVtZmQ7Cgl9Cglmb3IgKGkgPSAwOyBpIDwgbnNlZ3M7IGkrKykgewoJCXN0cnVjdCBmc19pbWFn ZV9zZWdtZW50KiBzZWdzID0gKHN0cnVjdCBmc19pbWFnZV9zZWdtZW50KilzZWdtZW50czsKCQlp bnQgcmVzMSA9IDA7CnJlczEgPSBwd3JpdGUobWVtZmQsIHNlZ3NbaV0uZGF0YSwgc2Vnc1tpXS5z aXplLCBzZWdzW2ldLm9mZnNldCk7CgkJaWYgKHJlczEgPCAwKSB7CgkJfQoJfQoJc25wcmludGYo bG9vcG5hbWUsIHNpemVvZihsb29wbmFtZSksICIvZGV2L2xvb3AlbGx1IiwgcHJvY2lkKTsKCWxv b3BmZCA9IG9wZW4obG9vcG5hbWUsIE9fUkRXUik7CglpZiAobG9vcGZkID09IC0xKSB7CgkJZXJy ID0gZXJybm87CgkJZ290byBlcnJvcl9jbG9zZV9tZW1mZDsKCX0KCWlmIChpb2N0bChsb29wZmQs IExPT1BfU0VUX0ZELCBtZW1mZCkpIHsKCQlpZiAoZXJybm8gIT0gRUJVU1kpIHsKCQkJZXJyID0g ZXJybm87CgkJCWdvdG8gZXJyb3JfY2xvc2VfbG9vcDsKCQl9CgkJaW9jdGwobG9vcGZkLCBMT09Q X0NMUl9GRCwgMCk7CgkJdXNsZWVwKDEwMDApOwoJCWlmIChpb2N0bChsb29wZmQsIExPT1BfU0VU X0ZELCBtZW1mZCkpIHsKCQkJZXJyID0gZXJybm87CgkJCWdvdG8gZXJyb3JfY2xvc2VfbG9vcDsK CQl9Cgl9Cglta2RpcigoY2hhciopZGlyLCAwNzc3KTsKCW1lbXNldChmcywgMCwgc2l6ZW9mKGZz KSk7CnN0cm5jcHkoZnMsIChjaGFyKilmc2FyZywgc2l6ZW9mKGZzKSAtIDEpOwoJbWVtc2V0KG9w dHMsIDAsIHNpemVvZihvcHRzKSk7CnN0cm5jcHkob3B0cywgKGNoYXIqKW9wdHNhcmcsIHNpemVv ZihvcHRzKSAtIDMyKTsKCWlmIChzdHJjbXAoZnMsICJpc285NjYwIikgPT0gMCkgewoJCWZsYWdz IHw9IE1TX1JET05MWTsKCX0gZWxzZSBpZiAoc3RybmNtcChmcywgImV4dCIsIDMpID09IDApIHsK CQlpZiAoc3Ryc3RyKG9wdHMsICJlcnJvcnM9cGFuaWMiKSB8fCBzdHJzdHIob3B0cywgImVycm9y cz1yZW1vdW50LXJvIikgPT0gMCkKCQkJc3RyY2F0KG9wdHMsICIsZXJyb3JzPWNvbnRpbnVlIik7 Cgl9IGVsc2UgaWYgKHN0cmNtcChmcywgInhmcyIpID09IDApIHsKCQlzdHJjYXQob3B0cywgIixu b3V1aWQiKTsKCX0KCWlmIChtb3VudChsb29wbmFtZSwgKGNoYXIqKWRpciwgZnMsIGZsYWdzLCBv cHRzKSkgewoJCWVyciA9IGVycm5vOwoJCWdvdG8gZXJyb3JfY2xlYXJfbG9vcDsKCX0KCXJlcyA9 IDA7CmVycm9yX2NsZWFyX2xvb3A6Cglpb2N0bChsb29wZmQsIExPT1BfQ0xSX0ZELCAwKTsKZXJy b3JfY2xvc2VfbG9vcDoKCWNsb3NlKGxvb3BmZCk7CmVycm9yX2Nsb3NlX21lbWZkOgoJY2xvc2Uo bWVtZmQpOwplcnJvcjoKCWVycm5vID0gZXJyOwoJcmV0dXJuIHJlczsKfQoKaW50IG1haW4odm9p ZCkKewoJCXN5c2NhbGwoX19OUl9tbWFwLCAweDIwMDAwMDAwdWwsIDB4MTAwMDAwMHVsLCAzdWws IDB4MzJ1bCwgLTEsIDApOwoKbWVtY3B5KCh2b2lkKikweDIwMDAwMDAwLCAidG1wZnNcMDAwIiwg Nik7Cm1lbWNweSgodm9pZCopMHgyMDAwMDEwMCwgIi4vZmlsZTBcMDAwIiwgOCk7Cm1lbWNweSgo dm9pZCopMHgyMDAwMDM0MCwgIm1wb2wiLCA0KTsKKih1aW50OF90KikweDIwMDAwMzQ0ID0gMHgz ZDsKbWVtY3B5KCh2b2lkKikweDIwMDAwMzQ1LCAicHJlZmVyIiwgNik7CioodWludDhfdCopMHgy MDAwMDM0YiA9IDB4M2E7CioodWludDhfdCopMHgyMDAwMDM0YyA9IDB4MmM7CioodWludDhfdCop MHgyMDAwMDM0ZCA9IDA7CglzeXpfbW91bnRfaW1hZ2UoMHgyMDAwMDAwMCwgMHgyMDAwMDEwMCwg MCwgMCwgMCwgMCwgMHgyMDAwMDM0MCk7CglyZXR1cm4gMDsKfQo= --000000000000bd44c705a1452fcc--