From mboxrd@z Thu Jan 1 00:00:00 1970 From: rminnich@gmail.com (ron minnich) Date: Sat, 10 Nov 2018 08:46:07 -0800 Subject: [sw-dev] SBI extension proposal v2 In-Reply-To: References: <4aef7216-726c-f565-5c0f-cebd2aefb46d@wdc.com> <2e5329eff04e2b0bc2433b5d974bf10f@mailhost.ics.forth.gr> Message-ID: To: linux-riscv@lists.infradead.org List-Id: linux-riscv.lists.infradead.org At Google and other places, we've been struggling now for years with overly complex firmware that is implemented incorrectly, enabling exploits and other bad things. The list of things vendors get wrong in firmware, both enabling exploits and enabling others to enable exploits, is long and it continues to this day. There is an unbelievable amount of money out there all involving firmware exploits, very little of it involving nice people. I'm currently working on deleting all use of the x86 version of M mode, i.e. SMM. There are many proposals out there for deleting SMM from the architecture. I've also shown at a talk in 2017 how we could redirect SMM interrupts back into the kernel. We're also removing all use of callbacks into UEFI on x86. We're almost there. Which is why I'm a bit unhappy to see this (to me) cancerous growth in proposals for M- mode code. PPP in firmware? Really? multiple serial devices? really? We've been here before, in the 1970s, with something called the BIOS. If you're not familiar with it, go take a look, or you can take my word for it that these proposals implement that idea. We spent over 20 years freeing ourselves from it on x86. Why go back to a 50 year old model on a CPU designed to be in use for 50 years? My early understanding of M mode was that it was an Alpha PALCode like thing, enabling access to resources that were behind a privilege wall. I did not like it that much, but I was OK: it was very limited in function, and the kernel could replace it, or at least measure it. I also accept that every cpu vendor uses m mode like things (e.g. ARM TF) for reasonable purposes and also (let's be honest here) for dealing with chipset mistakes. But that does not mean you need to recreate BIOS. The SBI should be hard to add to, deliberately. It should be used only when there are no possible alternatives. It needs to be open source and held in common. It should be possible for a kernel to replace or at least measure it. And, further, there needs to be some work done on why you add to it, and why you don't, with bias against adding to it. This proposal works against those ideals, as it explicitly enables vendor-specific forks of the SBI. Sure, this can happen, but why make it so easy? see https://github.com/riscv/riscv-sbi-doc/pull/12 for other thoughts. Also, I've had discussions with some security folks in our firmware community about the fact that the PMP can be used in a way that the kernel can not measure the SBI, since SBI might read-protect itself. This is a real step backwards, FYI. Not sure if it can be changed at this point. ron p.s. For interleaving debug and console output firmware, use the oldest trick in the book: ASCII is 7 bits. Since console out is 8 bits, reserve 128 values for console out, and 128 for debug stream, and if the debug stream needs 8 bit for some words, you know what to do. It's very easy and doesn't require that we add multiple UART support to SBI. On Sat, Nov 10, 2018 at 7:49 AM Luke Kenneth Casson Leighton wrote: > > --- > crowd-funded eco-conscious hardware: https://www.crowdsupply.com/eoma68 > > On Sat, Nov 10, 2018 at 3:31 PM Nick Kossifidis wrote: > > > > ???? 2018-11-10 07:12, Luke Kenneth Casson Leighton ??????: > > > On Sat, Nov 10, 2018 at 2:42 AM Atish Patra > > > wrote: > > > > > >> ## Conclusion > > >> This proposal is far from perfect and absolutely any suggestion is > > >> welcome. Obviously, there are many other functionalities that can be > > >> added to this proposal. However, I just wanted to start with something > > >> that is an incremental change at best to kick off the discussion. The > > >> aim here is to initiate a discussion that can lead to a robust SBI > > >> specification. > > > > > > very cool, atish. > > > > > > i would very much like to see the optional addition of multiple > > > serial lines, by adding a getchar and putchar function that takes just > > > one extra argument: the serial line index. > > > > > > there are a lot of different uses to which mult-serial lines may be > > > put: > > > > > > * boot message separation from console login > > > * boot management separation from other purposes (u-boot/coreboot) > > > * virtual /dev/ttyS0-3 > > > * clean UPS reporting and management > > > * remote virtual machine power management (power-on / off) > > > * simple bog-standard multiple virtual login consoles > > > * separation of debug messages (stdout/stderr) to ease debugging and > > > development > > > * remote and virtual OpenOCD and kernel debugging without disrupting > > > the main serial console > > > * PPP serial links. > > > > > > this latter is one that i am particularly interested in, as i would > > > like to be able to boot a full GNU/Linux OS on spike, given the lower > > > barrier to entry in making modifications and experimenting with spike > > > than it is with qemu. > > > > > > if spike were able, through a multi-serial SBI interface, to have a > > > PPP serial line, it would be possible to run a root NFS (or other > > > network block device) without having to sacrifice console access. it > > > would be possible to create an initramfs from a lower-capability > > > system like buildroot, containing PPP, enable it, and pivot-root out > > > to a full stock GNU/Linux OS such as debian or fedora. > > > > > > so there are huge benefits, reducing the development barrier to entry > > > into RISC-V experimentation and debugging, and opening up a much wider > > > range of capabilities and possibilities for machine and virtual system > > > management. > > > > > > l. > > > > > > The current SBI says that console_getchar/console_putchar are for the > > debug > > console but on Linux we use them for the main console on earlyprintk. > > ... yeah exactly. and what if something goes wrong, you want to be > able to interact over openocd without interfering with that > earlyprintk, particularly during that critical first bringup phase of > real-world silicon? > > > I > > think it's misleading and we should at least have an argument to chose > > between the main console and an optional debug console, or rename > > them to debug_console_getchar/debug_console_putchar and > > main_console_getchar/ > > main_console_putchar. > > i initially thought of proposing that, however: > > (1) the API already exists with "single console". it would therefore > be disruptive to change that > > (2) if adding something called debug_console_{get/put}char, it might > as well take advantage of the opportunity to be extended and made > generic, and have the extra argument added > > > However I don't think that argument should be the serial line. Different > > vendors may use different serial lines for the main console / debug > > console, > > the caller doesn't know which serial line maps to which console, so the > > SBI > > should be more abstract and use something like a console id where e.g. 0 > > is > > main console an 1 is debug. > > yes, it should [have]: my feeling is, it's a little late in the game > given that it's almost certainly baked into pre-existing hardware, by > now, so the next best thing is a new function call. > > l. > > -- > You received this message because you are subscribed to the Google Groups "RISC-V SW Dev" group. > To unsubscribe from this group and stop receiving emails from it, send an email to sw-dev+unsubscribe at groups.riscv.org. > To post to this group, send email to sw-dev at groups.riscv.org. > Visit this group at https://groups.google.com/a/groups.riscv.org/group/sw-dev/. > To view this discussion on the web visit https://groups.google.com/a/groups.riscv.org/d/msgid/sw-dev/CAPweEDz-7oRg2UWPkvTDdfi36Z4PQLAuLdL3-Sy-kmkGEJ%3D44A%40mail.gmail.com. From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.7 required=3.0 tests=DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED,DKIM_VALID,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,MENTIONS_GIT_HOSTING, SPF_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 61441C43441 for ; Sat, 10 Nov 2018 16:46:36 +0000 (UTC) Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 0A79520818 for ; Sat, 10 Nov 2018 16:46:35 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="iqqxFmSI"; dkim=fail reason="signature verification failed" (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="V6I7xMAQ" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 0A79520818 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-riscv-bounces+infradead-linux-riscv=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:To:Subject:Message-ID:Date:From: In-Reply-To:References:MIME-Version:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=EnFAAENx8jj7Dw8P8J4+pgbaVYHPZppTKFr/SxNy9n8=; b=iqqxFmSIi6UVgK YQM074jfpakoQ4OTEwEryQ5zm9HhXA1tHkG+7pR9+hWcl/Zpgfc8fDEmGbul8k1L43Gmabc5Q2F0u u5dManQTrY1SuMB2GrxwOOhyHQKLrzjueieK4EH14quRMV6Jc/wZTPIihbYb9uxmDK/quq9YUpGm9 aZPJoJkFlCMZNvD4dgoCG9ofutuQU4o2uTxua6HNxl8a0NLvRD/hfifX0bWrW3aib6Kb5q/XFN0Fa 7aZ/qiPwglV3lBSuPrUIXotXrQv9uMnaMZB9ZO4yQpqbuBtSr3zkA70MKkpHr8WXcPHUzKOAiKbY/ aSMyOdAoRFzkMATRn5bg==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1gLWP4-0003Ak-LH; Sat, 10 Nov 2018 16:46:34 +0000 Received: from mail-ed1-x544.google.com ([2a00:1450:4864:20::544]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1gLWP1-0003AF-PS for linux-riscv@lists.infradead.org; Sat, 10 Nov 2018 16:46:33 +0000 Received: by mail-ed1-x544.google.com with SMTP id e18-v6so4150233eds.2 for ; Sat, 10 Nov 2018 08:46:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=hAAINMjNrEHQVOwgj7TKy560PVylWgqxdzqitSSMVRs=; b=V6I7xMAQkmzIefaAHg1F3BxqV/uSY8XvJ8BMkIjyZzAoa5XD7c7AuYkx8cSV6x+lXL aTjabjKD5uOrD4iyqgj5C9Rsy3ZMNFwBySrNinMBnhTFgZL4BTBq6wlxEEhFT3yNayM/ tckXjfKmAjc2lIBuKdxoaSAKGEi32jzj7DA/hEWw2NieiGC9KPAcDzXzMpf9wGkm6KtA 5EwgSQaIPBDSD0hBs0K9gdFO+um2u7NR49LjircG41Jl8qh5dPLvJnNYwuAmQ1jLhg8F EWLRYX6CpAEa/WJM4zjaX45ZX/40uvIfAQmdA3AvVF94klhwGITSja3/aIXZ0SlcVS5S 7Mlw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=hAAINMjNrEHQVOwgj7TKy560PVylWgqxdzqitSSMVRs=; b=ULmu1qcNcmLKy+nf9BJxFkdThxE6OE+Aq0WFb+fy8uSpkkFKGnmWC3IZqKTjzpNMQ7 ABhloJQMbouhlMGpcw9R64XaOwExWa7Lr2JnNqNGicN+l5tIbgGzYxjqWcs6mx3aJSrW mrrXaMYRyCpLyD482cvTNWhTXiZHJWyRV4zacgW9JKhhbq71gSDjp2rHcASgnUa89CB4 C2BR3w0Kyzy1LMhVLk0G5UbRGRJSxtEiUCtxbr9UEIM0r9WpuDjgG6cSyhyPbbgRVCoU MxF9/gUcsDsuCn8aqCC5wHQ+ijz4jY8iY2HNl2RzfgRrkg8+5YHQ7E30qT+2y4BaaYiy ZMuA== X-Gm-Message-State: AGRZ1gKUu5wspKQG1sHnAnZU2PIpxbd8WAnrO4r7n1pHA93b95DXOS21 uBKwQ9g58QE2ulqBsvqBgMPGc0MGzf1GMpBvOLk= X-Google-Smtp-Source: AJdET5cDeciCU9Bgs/bmJ7FhQC2MtZ2blIkv1gdt64lYtaDfNp6HHBGM+xqa6/bdoUKtnr3daMHIwQz6AbRyOm6VZJ4= X-Received: by 2002:a50:f285:: with SMTP id f5-v6mr6457223edm.77.1541868378490; Sat, 10 Nov 2018 08:46:18 -0800 (PST) MIME-Version: 1.0 References: <4aef7216-726c-f565-5c0f-cebd2aefb46d@wdc.com> <2e5329eff04e2b0bc2433b5d974bf10f@mailhost.ics.forth.gr> In-Reply-To: From: ron minnich Date: Sat, 10 Nov 2018 08:46:07 -0800 Message-ID: Subject: Re: [sw-dev] SBI extension proposal v2 To: Luke Kenneth Casson Leighton X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20181110_084631_826770_484FA114 X-CRM114-Status: GOOD ( 39.28 ) X-BeenThere: linux-riscv@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: mark.rutland@arm.com, Christoph Hellwig , Damien.LeMoal@wdc.com, Olof Johansson , alankao@andestech.com, abner.chang@hpe.com, Anup Patel , Palmer Dabbelt , agraf@suse.de, zong@andestech.com, atish.patra@wdc.com, sw-dev@groups.riscv.org, Paul Walmsley , mick@ics.forth.gr, Alistair.Francis@wdc.com, linux-riscv@lists.infradead.org, Andrew Waterman Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Sender: "linux-riscv" Errors-To: linux-riscv-bounces+infradead-linux-riscv=archiver.kernel.org@lists.infradead.org Message-ID: <20181110164607.T5Tn4uvGntIoAENj-3qMFRFA0H84so1aj3HjnQihNds@z> QXQgR29vZ2xlIGFuZCBvdGhlciBwbGFjZXMsIHdlJ3ZlIGJlZW4gc3RydWdnbGluZyBub3cgZm9y IHllYXJzIHdpdGgKb3Zlcmx5IGNvbXBsZXggZmlybXdhcmUgdGhhdCBpcyBpbXBsZW1lbnRlZCBp bmNvcnJlY3RseSwgZW5hYmxpbmcKZXhwbG9pdHMgYW5kIG90aGVyIGJhZCB0aGluZ3MuIFRoZSBs aXN0IG9mIHRoaW5ncyB2ZW5kb3JzIGdldCB3cm9uZyBpbgpmaXJtd2FyZSwgYm90aCBlbmFibGlu ZyBleHBsb2l0cyBhbmQgZW5hYmxpbmcgb3RoZXJzIHRvIGVuYWJsZQpleHBsb2l0cywgaXMgbG9u ZyBhbmQgaXQgY29udGludWVzIHRvIHRoaXMgZGF5LiBUaGVyZSBpcyBhbgp1bmJlbGlldmFibGUg YW1vdW50IG9mIG1vbmV5IG91dCB0aGVyZSBhbGwgaW52b2x2aW5nIGZpcm13YXJlCmV4cGxvaXRz LCB2ZXJ5IGxpdHRsZSBvZiBpdCBpbnZvbHZpbmcgbmljZSBwZW9wbGUuCgpJJ20gY3VycmVudGx5 IHdvcmtpbmcgb24gZGVsZXRpbmcgYWxsIHVzZSBvZiB0aGUgeDg2IHZlcnNpb24gb2YgTQptb2Rl LCBpLmUuIFNNTS4gVGhlcmUgYXJlIG1hbnkgcHJvcG9zYWxzIG91dCB0aGVyZSBmb3IgZGVsZXRp bmcgU01NCmZyb20gdGhlIGFyY2hpdGVjdHVyZS4gSSd2ZSBhbHNvIHNob3duIGF0IGEgdGFsayBp biAyMDE3IGhvdyB3ZSBjb3VsZApyZWRpcmVjdCBTTU0gaW50ZXJydXB0cyBiYWNrIGludG8gdGhl IGtlcm5lbC4gV2UncmUgYWxzbyByZW1vdmluZyBhbGwKdXNlIG9mIGNhbGxiYWNrcyBpbnRvIFVF Rkkgb24geDg2LiBXZSdyZSBhbG1vc3QgdGhlcmUuCgpXaGljaCBpcyB3aHkgSSdtIGEgYml0IHVu aGFwcHkgdG8gc2VlIHRoaXMgKHRvIG1lKSBjYW5jZXJvdXMgZ3Jvd3RoIGluCnByb3Bvc2FscyBm b3IgTS0gbW9kZSBjb2RlLiBQUFAgaW4gZmlybXdhcmU/IFJlYWxseT8gbXVsdGlwbGUgc2VyaWFs CmRldmljZXM/IHJlYWxseT8gV2UndmUgYmVlbiBoZXJlIGJlZm9yZSwgaW4gdGhlIDE5NzBzLCB3 aXRoIHNvbWV0aGluZwpjYWxsZWQgdGhlIEJJT1MuIElmIHlvdSdyZSBub3QgZmFtaWxpYXIgd2l0 aCBpdCwgZ28gdGFrZSBhIGxvb2ssIG9yCnlvdSBjYW4gdGFrZSBteSB3b3JkIGZvciBpdCB0aGF0 IHRoZXNlIHByb3Bvc2FscyBpbXBsZW1lbnQgdGhhdCBpZGVhLgpXZSBzcGVudCBvdmVyIDIwIHll YXJzIGZyZWVpbmcgb3Vyc2VsdmVzIGZyb20gaXQgb24geDg2LiBXaHkgZ28gYmFjawp0byBhIDUw IHllYXIgb2xkIG1vZGVsIG9uIGEgQ1BVIGRlc2lnbmVkIHRvIGJlIGluIHVzZSBmb3IgNTAgeWVh cnM/CgpNeSBlYXJseSB1bmRlcnN0YW5kaW5nIG9mIE0gbW9kZSB3YXMgdGhhdCBpdCB3YXMgYW4g QWxwaGEgUEFMQ29kZSBsaWtlCnRoaW5nLCBlbmFibGluZyBhY2Nlc3MgdG8gcmVzb3VyY2VzIHRo YXQgd2VyZSBiZWhpbmQgYSBwcml2aWxlZ2Ugd2FsbC4KSSBkaWQgbm90IGxpa2UgaXQgdGhhdCBt dWNoLCBidXQgSSB3YXMgT0s6IGl0IHdhcyB2ZXJ5IGxpbWl0ZWQgaW4KZnVuY3Rpb24sIGFuZCB0 aGUga2VybmVsIGNvdWxkIHJlcGxhY2UgaXQsIG9yIGF0IGxlYXN0IG1lYXN1cmUgaXQuIEkKYWxz byBhY2NlcHQgdGhhdCBldmVyeSBjcHUgdmVuZG9yIHVzZXMgbSBtb2RlIGxpa2UgdGhpbmdzIChl LmcuIEFSTQpURikgZm9yIHJlYXNvbmFibGUgcHVycG9zZXMgYW5kIGFsc28gKGxldCdzIGJlIGhv bmVzdCBoZXJlKSAgZm9yCmRlYWxpbmcgd2l0aCBjaGlwc2V0IG1pc3Rha2VzLiBCdXQgdGhhdCBk b2VzIG5vdCBtZWFuIHlvdSBuZWVkIHRvCnJlY3JlYXRlIEJJT1MuCgpUaGUgU0JJIHNob3VsZCBi ZSBoYXJkIHRvIGFkZCB0bywgZGVsaWJlcmF0ZWx5LiBJdCBzaG91bGQgYmUgdXNlZCBvbmx5Cndo ZW4gdGhlcmUgYXJlIG5vIHBvc3NpYmxlIGFsdGVybmF0aXZlcy4gSXQgbmVlZHMgdG8gYmUgb3Bl biBzb3VyY2UKYW5kIGhlbGQgaW4gY29tbW9uLiBJdCBzaG91bGQgYmUgcG9zc2libGUgZm9yIGEg a2VybmVsIHRvIHJlcGxhY2Ugb3IKYXQgbGVhc3QgbWVhc3VyZSBpdC4gQW5kLCBmdXJ0aGVyLCB0 aGVyZSBuZWVkcyB0byBiZSBzb21lIHdvcmsgZG9uZSBvbgp3aHkgeW91IGFkZCB0byBpdCwgYW5k IHdoeSB5b3UgZG9uJ3QsIHdpdGggYmlhcyBhZ2FpbnN0IGFkZGluZyB0byBpdC4KVGhpcyBwcm9w b3NhbCB3b3JrcyBhZ2FpbnN0IHRob3NlIGlkZWFscywgYXMgaXQgZXhwbGljaXRseSBlbmFibGVz CnZlbmRvci1zcGVjaWZpYyBmb3JrcyBvZiB0aGUgU0JJLiBTdXJlLCB0aGlzIGNhbiBoYXBwZW4s IGJ1dCB3aHkgbWFrZQppdCBzbyBlYXN5PwoKc2VlIGh0dHBzOi8vZ2l0aHViLmNvbS9yaXNjdi9y aXNjdi1zYmktZG9jL3B1bGwvMTIgZm9yIG90aGVyIHRob3VnaHRzLgoKQWxzbywgSSd2ZSBoYWQg ZGlzY3Vzc2lvbnMgd2l0aCBzb21lIHNlY3VyaXR5IGZvbGtzIGluIG91ciBmaXJtd2FyZQpjb21t dW5pdHkgYWJvdXQgdGhlIGZhY3QgdGhhdCB0aGUgUE1QIGNhbiBiZSB1c2VkIGluIGEgd2F5IHRo YXQgdGhlCmtlcm5lbCBjYW4gbm90IG1lYXN1cmUgdGhlIFNCSSwgc2luY2UgU0JJIG1pZ2h0IHJl YWQtcHJvdGVjdCBpdHNlbGYuClRoaXMgaXMgYSByZWFsIHN0ZXAgYmFja3dhcmRzLCBGWUkuIE5v dCBzdXJlIGlmIGl0IGNhbiBiZSBjaGFuZ2VkIGF0CnRoaXMgcG9pbnQuCgpyb24KcC5zLiBGb3Ig aW50ZXJsZWF2aW5nIGRlYnVnIGFuZCBjb25zb2xlIG91dHB1dCBmaXJtd2FyZSwgdXNlIHRoZQpv bGRlc3QgdHJpY2sgaW4gdGhlIGJvb2s6IEFTQ0lJIGlzIDcgYml0cy4gU2luY2UgY29uc29sZSBv dXQgaXMgOApiaXRzLCByZXNlcnZlIDEyOCB2YWx1ZXMgZm9yIGNvbnNvbGUgb3V0LCBhbmQgMTI4 IGZvciBkZWJ1ZyBzdHJlYW0sCmFuZCBpZiB0aGUgZGVidWcgc3RyZWFtIG5lZWRzIDggYml0IGZv ciBzb21lIHdvcmRzLCB5b3Uga25vdyB3aGF0IHRvCmRvLiBJdCdzIHZlcnkgZWFzeSBhbmQgZG9l c24ndCByZXF1aXJlIHRoYXQgd2UgYWRkIG11bHRpcGxlIFVBUlQKc3VwcG9ydCB0byBTQkkuCk9u IFNhdCwgTm92IDEwLCAyMDE4IGF0IDc6NDkgQU0gTHVrZSBLZW5uZXRoIENhc3NvbiBMZWlnaHRv bgo8bGtjbEBsa2NsLm5ldD4gd3JvdGU6Cj4KPiAtLS0KPiBjcm93ZC1mdW5kZWQgZWNvLWNvbnNj aW91cyBoYXJkd2FyZTogaHR0cHM6Ly93d3cuY3Jvd2RzdXBwbHkuY29tL2VvbWE2OAo+Cj4gT24g U2F0LCBOb3YgMTAsIDIwMTggYXQgMzozMSBQTSBOaWNrIEtvc3NpZmlkaXMgPG1pY2tAaWNzLmZv cnRoLmdyPiB3cm90ZToKPiA+Cj4gPiDOo8+EzrnPgiAyMDE4LTExLTEwIDA3OjEyLCBMdWtlIEtl bm5ldGggQ2Fzc29uIExlaWdodG9uIM6tzrPPgc6xz4jOtToKPiA+ID4gT24gU2F0LCBOb3YgMTAs IDIwMTggYXQgMjo0MiBBTSBBdGlzaCBQYXRyYSA8YXRpc2gucGF0cmFAd2RjLmNvbT4KPiA+ID4g d3JvdGU6Cj4gPiA+Cj4gPiA+PiAjIyBDb25jbHVzaW9uCj4gPiA+PiBUaGlzIHByb3Bvc2FsIGlz IGZhciBmcm9tIHBlcmZlY3QgYW5kIGFic29sdXRlbHkgYW55IHN1Z2dlc3Rpb24gaXMKPiA+ID4+ IHdlbGNvbWUuIE9idmlvdXNseSwgdGhlcmUgYXJlIG1hbnkgb3RoZXIgZnVuY3Rpb25hbGl0aWVz IHRoYXQgY2FuIGJlCj4gPiA+PiBhZGRlZCB0byB0aGlzIHByb3Bvc2FsLiBIb3dldmVyLCBJIGp1 c3Qgd2FudGVkIHRvIHN0YXJ0IHdpdGggc29tZXRoaW5nCj4gPiA+PiB0aGF0IGlzIGFuIGluY3Jl bWVudGFsIGNoYW5nZSBhdCBiZXN0IHRvIGtpY2sgb2ZmIHRoZSBkaXNjdXNzaW9uLiBUaGUKPiA+ ID4+IGFpbSBoZXJlIGlzIHRvIGluaXRpYXRlIGEgZGlzY3Vzc2lvbiB0aGF0IGNhbiBsZWFkIHRv IGEgcm9idXN0IFNCSQo+ID4gPj4gc3BlY2lmaWNhdGlvbi4KPiA+ID4KPiA+ID4gIHZlcnkgY29v bCwgYXRpc2guCj4gPiA+Cj4gPiA+ICBpIHdvdWxkIHZlcnkgbXVjaCBsaWtlIHRvIHNlZSB0aGUg b3B0aW9uYWwgYWRkaXRpb24gb2YgbXVsdGlwbGUKPiA+ID4gc2VyaWFsIGxpbmVzLCBieSBhZGRp bmcgYSBnZXRjaGFyIGFuZCBwdXRjaGFyIGZ1bmN0aW9uIHRoYXQgdGFrZXMganVzdAo+ID4gPiBv bmUgZXh0cmEgYXJndW1lbnQ6IHRoZSBzZXJpYWwgbGluZSBpbmRleC4KPiA+ID4KPiA+ID4gIHRo ZXJlIGFyZSBhIGxvdCBvZiBkaWZmZXJlbnQgdXNlcyB0byB3aGljaCBtdWx0LXNlcmlhbCBsaW5l cyBtYXkgYmUKPiA+ID4gcHV0Ogo+ID4gPgo+ID4gPiAgKiBib290IG1lc3NhZ2Ugc2VwYXJhdGlv biBmcm9tIGNvbnNvbGUgbG9naW4KPiA+ID4gICogYm9vdCBtYW5hZ2VtZW50IHNlcGFyYXRpb24g ZnJvbSBvdGhlciBwdXJwb3NlcyAodS1ib290L2NvcmVib290KQo+ID4gPiAgKiB2aXJ0dWFsIC9k ZXYvdHR5UzAtMwo+ID4gPiAgKiBjbGVhbiBVUFMgcmVwb3J0aW5nIGFuZCBtYW5hZ2VtZW50Cj4g PiA+ICAqIHJlbW90ZSB2aXJ0dWFsIG1hY2hpbmUgcG93ZXIgbWFuYWdlbWVudCAocG93ZXItb24g LyBvZmYpCj4gPiA+ICAqIHNpbXBsZSBib2ctc3RhbmRhcmQgbXVsdGlwbGUgdmlydHVhbCBsb2dp biBjb25zb2xlcwo+ID4gPiAgKiBzZXBhcmF0aW9uIG9mIGRlYnVnIG1lc3NhZ2VzIChzdGRvdXQv c3RkZXJyKSB0byBlYXNlIGRlYnVnZ2luZyBhbmQKPiA+ID4gZGV2ZWxvcG1lbnQKPiA+ID4gICog cmVtb3RlIGFuZCB2aXJ0dWFsIE9wZW5PQ0QgYW5kIGtlcm5lbCBkZWJ1Z2dpbmcgd2l0aG91dCBk aXNydXB0aW5nCj4gPiA+IHRoZSBtYWluIHNlcmlhbCBjb25zb2xlCj4gPiA+ICAqIFBQUCBzZXJp YWwgbGlua3MuCj4gPiA+Cj4gPiA+IHRoaXMgbGF0dGVyIGlzIG9uZSB0aGF0IGkgYW0gcGFydGlj dWxhcmx5IGludGVyZXN0ZWQgaW4sIGFzIGkgd291bGQKPiA+ID4gbGlrZSB0byBiZSBhYmxlIHRv IGJvb3QgYSBmdWxsIEdOVS9MaW51eCBPUyBvbiBzcGlrZSwgZ2l2ZW4gdGhlIGxvd2VyCj4gPiA+ IGJhcnJpZXIgdG8gZW50cnkgaW4gbWFraW5nIG1vZGlmaWNhdGlvbnMgYW5kIGV4cGVyaW1lbnRp bmcgd2l0aCBzcGlrZQo+ID4gPiB0aGFuIGl0IGlzIHdpdGggcWVtdS4KPiA+ID4KPiA+ID4gIGlm IHNwaWtlIHdlcmUgYWJsZSwgdGhyb3VnaCBhIG11bHRpLXNlcmlhbCBTQkkgaW50ZXJmYWNlLCB0 byBoYXZlIGEKPiA+ID4gUFBQIHNlcmlhbCBsaW5lLCBpdCB3b3VsZCBiZSBwb3NzaWJsZSB0byBy dW4gYSByb290IE5GUyAob3Igb3RoZXIKPiA+ID4gbmV0d29yayBibG9jayBkZXZpY2UpIHdpdGhv dXQgaGF2aW5nIHRvIHNhY3JpZmljZSBjb25zb2xlIGFjY2Vzcy4gIGl0Cj4gPiA+IHdvdWxkIGJl IHBvc3NpYmxlIHRvIGNyZWF0ZSBhbiBpbml0cmFtZnMgZnJvbSBhIGxvd2VyLWNhcGFiaWxpdHkK PiA+ID4gc3lzdGVtIGxpa2UgYnVpbGRyb290LCBjb250YWluaW5nIFBQUCwgZW5hYmxlIGl0LCBh bmQgcGl2b3Qtcm9vdCBvdXQKPiA+ID4gdG8gYSBmdWxsIHN0b2NrIEdOVS9MaW51eCBPUyBzdWNo IGFzIGRlYmlhbiBvciBmZWRvcmEuCj4gPiA+Cj4gPiA+ICBzbyB0aGVyZSBhcmUgaHVnZSBiZW5l Zml0cywgcmVkdWNpbmcgdGhlIGRldmVsb3BtZW50IGJhcnJpZXIgdG8gZW50cnkKPiA+ID4gaW50 byBSSVNDLVYgZXhwZXJpbWVudGF0aW9uIGFuZCBkZWJ1Z2dpbmcsIGFuZCBvcGVuaW5nIHVwIGEg bXVjaCB3aWRlcgo+ID4gPiByYW5nZSBvZiBjYXBhYmlsaXRpZXMgYW5kIHBvc3NpYmlsaXRpZXMg Zm9yIG1hY2hpbmUgYW5kIHZpcnR1YWwgc3lzdGVtCj4gPiA+IG1hbmFnZW1lbnQuCj4gPiA+Cj4g PiA+IGwuCj4gPgo+ID4KPiA+IFRoZSBjdXJyZW50IFNCSSBzYXlzIHRoYXQgY29uc29sZV9nZXRj aGFyL2NvbnNvbGVfcHV0Y2hhciBhcmUgZm9yIHRoZQo+ID4gZGVidWcKPiA+IGNvbnNvbGUgYnV0 IG9uIExpbnV4IHdlIHVzZSB0aGVtIGZvciB0aGUgbWFpbiBjb25zb2xlIG9uIGVhcmx5cHJpbnRr Lgo+Cj4gIC4uLiB5ZWFoIGV4YWN0bHkuICBhbmQgd2hhdCBpZiBzb21ldGhpbmcgZ29lcyB3cm9u ZywgeW91IHdhbnQgdG8gYmUKPiBhYmxlIHRvIGludGVyYWN0IG92ZXIgb3Blbm9jZCB3aXRob3V0 IGludGVyZmVyaW5nIHdpdGggdGhhdAo+IGVhcmx5cHJpbnRrLCBwYXJ0aWN1bGFybHkgZHVyaW5n IHRoYXQgY3JpdGljYWwgZmlyc3QgYnJpbmd1cCBwaGFzZSBvZgo+IHJlYWwtd29ybGQgc2lsaWNv bj8KPgo+ID4gSQo+ID4gdGhpbmsgaXQncyBtaXNsZWFkaW5nIGFuZCB3ZSBzaG91bGQgYXQgbGVh c3QgaGF2ZSBhbiBhcmd1bWVudCB0byBjaG9zZQo+ID4gYmV0d2VlbiB0aGUgbWFpbiBjb25zb2xl IGFuZCBhbiBvcHRpb25hbCBkZWJ1ZyBjb25zb2xlLCBvciByZW5hbWUKPiA+IHRoZW0gdG8gZGVi dWdfY29uc29sZV9nZXRjaGFyL2RlYnVnX2NvbnNvbGVfcHV0Y2hhciBhbmQKPiA+IG1haW5fY29u c29sZV9nZXRjaGFyLwo+ID4gbWFpbl9jb25zb2xlX3B1dGNoYXIuCj4KPiAgaSBpbml0aWFsbHkg dGhvdWdodCBvZiBwcm9wb3NpbmcgdGhhdCwgaG93ZXZlcjoKPgo+ICAoMSkgdGhlIEFQSSBhbHJl YWR5IGV4aXN0cyB3aXRoICJzaW5nbGUgY29uc29sZSIuIGl0IHdvdWxkIHRoZXJlZm9yZQo+IGJl IGRpc3J1cHRpdmUgdG8gY2hhbmdlIHRoYXQKPgo+ICAoMikgaWYgYWRkaW5nIHNvbWV0aGluZyBj YWxsZWQgZGVidWdfY29uc29sZV97Z2V0L3B1dH1jaGFyLCBpdCBtaWdodAo+IGFzIHdlbGwgdGFr ZSBhZHZhbnRhZ2Ugb2YgdGhlIG9wcG9ydHVuaXR5IHRvIGJlIGV4dGVuZGVkIGFuZCBtYWRlCj4g Z2VuZXJpYywgYW5kIGhhdmUgdGhlIGV4dHJhIGFyZ3VtZW50IGFkZGVkCj4KPiA+IEhvd2V2ZXIg SSBkb24ndCB0aGluayB0aGF0IGFyZ3VtZW50IHNob3VsZCBiZSB0aGUgc2VyaWFsIGxpbmUuIERp ZmZlcmVudAo+ID4gdmVuZG9ycyBtYXkgdXNlIGRpZmZlcmVudCBzZXJpYWwgbGluZXMgZm9yIHRo ZSBtYWluIGNvbnNvbGUgLyBkZWJ1Zwo+ID4gY29uc29sZSwKPiA+IHRoZSBjYWxsZXIgZG9lc24n dCBrbm93IHdoaWNoIHNlcmlhbCBsaW5lIG1hcHMgdG8gd2hpY2ggY29uc29sZSwgc28gdGhlCj4g PiBTQkkKPiA+IHNob3VsZCBiZSBtb3JlIGFic3RyYWN0IGFuZCB1c2Ugc29tZXRoaW5nIGxpa2Ug YSBjb25zb2xlIGlkIHdoZXJlIGUuZy4gMAo+ID4gaXMKPiA+IG1haW4gY29uc29sZSBhbiAxIGlz IGRlYnVnLgo+Cj4gIHllcywgaXQgc2hvdWxkIFtoYXZlXTogbXkgZmVlbGluZyBpcywgaXQncyBh IGxpdHRsZSBsYXRlIGluIHRoZSBnYW1lCj4gZ2l2ZW4gdGhhdCBpdCdzIGFsbW9zdCBjZXJ0YWlu bHkgYmFrZWQgaW50byBwcmUtZXhpc3RpbmcgaGFyZHdhcmUsIGJ5Cj4gbm93LCBzbyB0aGUgbmV4 dCBiZXN0IHRoaW5nIGlzIGEgbmV3IGZ1bmN0aW9uIGNhbGwuCj4KPiBsLgo+Cj4gLS0KPiBZb3Ug cmVjZWl2ZWQgdGhpcyBtZXNzYWdlIGJlY2F1c2UgeW91IGFyZSBzdWJzY3JpYmVkIHRvIHRoZSBH b29nbGUgR3JvdXBzICJSSVNDLVYgU1cgRGV2IiBncm91cC4KPiBUbyB1bnN1YnNjcmliZSBmcm9t IHRoaXMgZ3JvdXAgYW5kIHN0b3AgcmVjZWl2aW5nIGVtYWlscyBmcm9tIGl0LCBzZW5kIGFuIGVt YWlsIHRvIHN3LWRldit1bnN1YnNjcmliZUBncm91cHMucmlzY3Yub3JnLgo+IFRvIHBvc3QgdG8g dGhpcyBncm91cCwgc2VuZCBlbWFpbCB0byBzdy1kZXZAZ3JvdXBzLnJpc2N2Lm9yZy4KPiBWaXNp dCB0aGlzIGdyb3VwIGF0IGh0dHBzOi8vZ3JvdXBzLmdvb2dsZS5jb20vYS9ncm91cHMucmlzY3Yu b3JnL2dyb3VwL3N3LWRldi8uCj4gVG8gdmlldyB0aGlzIGRpc2N1c3Npb24gb24gdGhlIHdlYiB2 aXNpdCBodHRwczovL2dyb3Vwcy5nb29nbGUuY29tL2EvZ3JvdXBzLnJpc2N2Lm9yZy9kL21zZ2lk L3N3LWRldi9DQVB3ZUVEei03b1JnMlVXUGt2VERkZmkzNlo0UFFMQXVMZEwzLVN5LWtta0dFSiUz RDQ0QSU0MG1haWwuZ21haWwuY29tLgoKX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX18KbGludXgtcmlzY3YgbWFpbGluZyBsaXN0CmxpbnV4LXJpc2N2QGxpc3Rz LmluZnJhZGVhZC5vcmcKaHR0cDovL2xpc3RzLmluZnJhZGVhZC5vcmcvbWFpbG1hbi9saXN0aW5m by9saW51eC1yaXNjdgo=