From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, MAILING_LIST_MULTI,RCVD_IN_MSPIKE_H2 autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 14901 invoked from network); 21 Nov 2022 05:15:09 -0000 Received: from second.openwall.net (193.110.157.125) by inbox.vuxu.org with ESMTPUTF8; 21 Nov 2022 05:15:09 -0000 Received: (qmail 28105 invoked by uid 550); 21 Nov 2022 05:15:04 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Reply-To: musl@lists.openwall.com Received: (qmail 28067 invoked from network); 21 Nov 2022 05:15:03 -0000 DKIM-Filter: OpenDKIM Filter v2.11.0 mail.ispras.ru C90A8419E9CC DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ispras.ru; s=default; t=1669007690; bh=05gMcnIJOvoaNSYC50T4Vu+ngAEQr5F99+yTe/WcRvI=; h=Date:From:To:Subject:Reply-To:From; b=kT6ESKQacZJBIb2C5s8JSbtrrfNzMvtc6NYgaEP7yULhYCKmwvBbfe8th2elyvwhB JRxnZMx1AOJ/E0SKD9QktMjBwV3x8L95YDavP78SfJ6o3XrcfnKlLaG7d1C8Bfyj5g AZqgxKVORtZBtlAK5FYDiiHm9vc5Kili9fgKCz0U= MIME-Version: 1.0 Date: Mon, 21 Nov 2022 08:14:50 +0300 From: Alexey Izbyshev To: musl@lists.openwall.com Mail-Followup-To: musl@lists.openwall.com User-Agent: Roundcube Webmail/1.4.4 Message-ID: X-Sender: izbyshev@ispras.ru Content-Type: multipart/mixed; boundary="=_e95a929e43d97ee92d98ca7492bc505c" Subject: [musl] sem_post() can miss waiters --=_e95a929e43d97ee92d98ca7492bc505c Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII; format=flowed Hi, While reading musl's POSIX semaphore implementation I realized that its accounting of waiters is incorrect (after commit 88c4e720317845a8e01aee03f142ba82674cd23d) due to combination of the following factors: * sem_post relies on a potentially stale waiters count when deciding whether to wake a waiter. * Presence of waiters is not reflected in the semaphore value when the semaphore is unlocked. Here is an example scenario with 4 threads: * initial state - val = 1, waiters = 0 * T1 - enters sem_post - reads val = 1, waiters = 0, is preempted - val = 1, waiters = 0 * T2 - sem_wait - another sem_wait (blocks) - val = -1, waiters = 1 * T3 - sem_wait (blocks) - val = -1, waiters = 2 * T4 - sem_post (wakes T2) - val = 1, waiters = 2 * T1 - continues in sem_post - a_cas(1, 2) succeeds - T3 is NOT woken because sem_post thinks there are no waiters - val = 2, waiters = 1 * T2 - wakes and completes sem_wait - val = 1, waiters = 1 So in the end T3 remains blocked despite that the semaphore is unlocked. Here is two ideas how this can be fixed without reintroducing the problem with accessing a potentially destroyed semaphore after it's unlocked. * Idea 1 - use a proper WAITERS_BIT in the semaphore state instead of just a single value and preserve it in sem_post by default - in sem_post, when we notice that waiters count is zero but WAITERS_BIT is set, reset WAITERS_BIT, but wake all potential waiters afterwards. This ensures that any new waiters that could arrive after we read waiters count are taken into account (and they will proceed to lock the semaphore and potentially set WAITERS_BIT again after they are woken). The sem_post body would look like this (the full patch is attached): int val, new, priv = sem->__val[2], sync = 0; do { val = sem->__val[0]; waiters = sem->__val[1]; if ((val & SEM_VALUE_MAX) == SEM_VALUE_MAX) { errno = EOVERFLOW; return -1; } new = val + 1; if (!waiters) new &= ~0x80000000; } while (a_cas(sem->__val, val, new) != val); if (val<0) __wake(sem->__val, waiters ? 1 : -1, priv); The main downside of this approach is that a FUTEX_WAKE system call will be performed each time the semaphore transitions from "maybe have waiters" to "no waiters" state, and in practice it will be useless in most cases. * Idea 2 - use a proper WAITERS_BIT as above - also add a new DETECT_NEW_WAITERS_BIT - in sem_post, when we notice that waiters count is zero, WAITERS_BIT is set and DETECT_NEW_WAITERS_BIT is not set, atomically transition into "waiters detection" state (DETECT_NEW_WAITERS_BIT is set, WAITERS_BIT is unset) *without unlocking the semaphore*. Then recheck waiters count again, and if it's still zero, try to atomically transition to "no waiters" state (both bits are unset) while also unlocking the semaphore. If this succeeds, we know that no new waiters arrived before we unlocked the semaphore and hence no wake up is needed. Regardless of whether we succeeded, we always leave "waiters detection" state before exiting the CAS loop. - in sem_post, wake a single waiter if at least one of WAITERS_BIT or DETECT_NEW_WAITERS_BIT is set. This ensures no waiters are missed in sem_post calls racing with the sem_post currently responsible for waiters detection. The sem_post body would look like this (the full patch is attached): int val, new, priv = sem->__val[2], sync = 0; for (;;) { int cnt; val = sem->__val[0]; cnt = val & SEM_VALUE_MAX; if (cnt < SEM_VALUE_MAX) { if (!sync && val < 0 && !(val & 0x40000000) && !sem->__val[1]) { new = cnt | 0x40000000; if (a_cas(sem->__val, val, new) != val) continue; val = new; sync = 1; } new = val + 1; } else { new = val; } if (sync) { if (sem->__val[1]) new |= 0x80000000; new &= ~0x40000000; } if (a_cas(sem->__val, val, new) == val) break; } if ((val & SEM_VALUE_MAX) == SEM_VALUE_MAX) { errno = EOVERFLOW; return -1; } if (new < 0 || (new & 0x40000000)) __wake(sem->__val, 1, priv); Compared to the first approach, there is just an extra a_cas instead of a system call, though we lose one bit in SEM_VALUE_MAX. Hope this helps, Alexey --=_e95a929e43d97ee92d98ca7492bc505c Content-Transfer-Encoding: base64 Content-Type: text/x-diff; name=sem-post-detect-new-waiters.diff Content-Disposition: attachment; filename=sem-post-detect-new-waiters.diff; size=3680 ZGlmZiAtLWdpdCBhL2luY2x1ZGUvbGltaXRzLmggYi9pbmNsdWRlL2xpbWl0cy5oCmluZGV4IDUz YTI3YjlkLi5jNGQzZjQyYiAxMDA2NDQKLS0tIGEvaW5jbHVkZS9saW1pdHMuaAorKysgYi9pbmNs dWRlL2xpbWl0cy5oCkBAIC02Niw3ICs2Niw3IEBACiAjZGVmaW5lIFBUSFJFQURfS0VZU19NQVgg MTI4CiAjZGVmaW5lIFBUSFJFQURfU1RBQ0tfTUlOIDIwNDgKICNkZWZpbmUgUFRIUkVBRF9ERVNU UlVDVE9SX0lURVJBVElPTlMgNAotI2RlZmluZSBTRU1fVkFMVUVfTUFYIDB4N2ZmZmZmZmYKKyNk ZWZpbmUgU0VNX1ZBTFVFX01BWCAweDNmZmZmZmZmCiAjZGVmaW5lIFNFTV9OU0VNU19NQVggMjU2 CiAjZGVmaW5lIERFTEFZVElNRVJfTUFYIDB4N2ZmZmZmZmYKICNkZWZpbmUgTVFfUFJJT19NQVgg MzI3NjgKZGlmZiAtLWdpdCBhL3NyYy90aHJlYWQvc2VtX2dldHZhbHVlLmMgYi9zcmMvdGhyZWFk L3NlbV9nZXR2YWx1ZS5jCmluZGV4IGQ5ZDgzMDcxLi5jMGI3NzYyZCAxMDA2NDQKLS0tIGEvc3Jj L3RocmVhZC9zZW1fZ2V0dmFsdWUuYworKysgYi9zcmMvdGhyZWFkL3NlbV9nZXR2YWx1ZS5jCkBA IC0xLDggKzEsOSBAQAogI2luY2x1ZGUgPHNlbWFwaG9yZS5oPgorI2luY2x1ZGUgPGxpbWl0cy5o PgogCiBpbnQgc2VtX2dldHZhbHVlKHNlbV90ICpyZXN0cmljdCBzZW0sIGludCAqcmVzdHJpY3Qg dmFscCkKIHsKIAlpbnQgdmFsID0gc2VtLT5fX3ZhbFswXTsKLQkqdmFscCA9IHZhbCA8IDAgPyAw IDogdmFsOworCSp2YWxwID0gdmFsICYgU0VNX1ZBTFVFX01BWDsKIAlyZXR1cm4gMDsKIH0KZGlm ZiAtLWdpdCBhL3NyYy90aHJlYWQvc2VtX3Bvc3QuYyBiL3NyYy90aHJlYWQvc2VtX3Bvc3QuYwpp bmRleCAzMWUzMjkzZC4uNTA1MWVjOTcgMTAwNjQ0Ci0tLSBhL3NyYy90aHJlYWQvc2VtX3Bvc3Qu YworKysgYi9zcmMvdGhyZWFkL3NlbV9wb3N0LmMKQEAgLTEsMTcgKzEsMzggQEAKICNpbmNsdWRl IDxzZW1hcGhvcmUuaD4KKyNpbmNsdWRlIDxsaW1pdHMuaD4KICNpbmNsdWRlICJwdGhyZWFkX2lt cGwuaCIKIAogaW50IHNlbV9wb3N0KHNlbV90ICpzZW0pCiB7Ci0JaW50IHZhbCwgd2FpdGVycywg cHJpdiA9IHNlbS0+X192YWxbMl07Ci0JZG8geworCWludCB2YWwsIG5ldywgcHJpdiA9IHNlbS0+ X192YWxbMl0sIHN5bmMgPSAwOworCWZvciAoOzspIHsKKwkJaW50IGNudDsKIAkJdmFsID0gc2Vt LT5fX3ZhbFswXTsKLQkJd2FpdGVycyA9IHNlbS0+X192YWxbMV07Ci0JCWlmICh2YWwgPT0gU0VN X1ZBTFVFX01BWCkgewotCQkJZXJybm8gPSBFT1ZFUkZMT1c7Ci0JCQlyZXR1cm4gLTE7CisJCWNu dCA9IHZhbCAmIFNFTV9WQUxVRV9NQVg7CisJCWlmIChjbnQgPCBTRU1fVkFMVUVfTUFYKSB7CisJ CQlpZiAoIXN5bmMgJiYgdmFsIDwgMCAmJiAhKHZhbCAmIDB4NDAwMDAwMDApICYmICFzZW0tPl9f dmFsWzFdKSB7CisJCQkJbmV3ID0gY250IHwgMHg0MDAwMDAwMDsKKwkJCQlpZiAoYV9jYXMoc2Vt LT5fX3ZhbCwgdmFsLCBuZXcpICE9IHZhbCkKKwkJCQkJY29udGludWU7CisJCQkJdmFsID0gbmV3 OworCQkJCXN5bmMgPSAxOworCQkJfQorCQkJbmV3ID0gdmFsICsgMTsKKwkJfSBlbHNlIHsKKwkJ CW5ldyA9IHZhbDsKIAkJfQotCX0gd2hpbGUgKGFfY2FzKHNlbS0+X192YWwsIHZhbCwgdmFsKzEr KHZhbDwwKSkgIT0gdmFsKTsKLQlpZiAodmFsPDAgfHwgd2FpdGVycykgX193YWtlKHNlbS0+X192 YWwsIDEsIHByaXYpOworCQlpZiAoc3luYykgeworCQkJaWYgKHNlbS0+X192YWxbMV0pCisJCQkJ bmV3IHw9IDB4ODAwMDAwMDA7CisJCQluZXcgJj0gfjB4NDAwMDAwMDA7CisJCX0KKwkJaWYgKGFf Y2FzKHNlbS0+X192YWwsIHZhbCwgbmV3KSA9PSB2YWwpCisJCQlicmVhazsKKwl9CisJaWYgKCh2 YWwgJiBTRU1fVkFMVUVfTUFYKSA9PSBTRU1fVkFMVUVfTUFYKSB7CisJCWVycm5vID0gRU9WRVJG TE9XOworCQlyZXR1cm4gLTE7CisJfQorCWlmIChuZXcgPCAwIHx8IChuZXcgJiAweDQwMDAwMDAw KSkgX193YWtlKHNlbS0+X192YWwsIDEsIHByaXYpOwogCXJldHVybiAwOwogfQpkaWZmIC0tZ2l0 IGEvc3JjL3RocmVhZC9zZW1fdGltZWR3YWl0LmMgYi9zcmMvdGhyZWFkL3NlbV90aW1lZHdhaXQu YwppbmRleCA1OGQzZWJmZS4uNTFmNmE0NzQgMTAwNjQ0Ci0tLSBhL3NyYy90aHJlYWQvc2VtX3Rp bWVkd2FpdC5jCisrKyBiL3NyYy90aHJlYWQvc2VtX3RpbWVkd2FpdC5jCkBAIC0xLDQgKzEsNSBA QAogI2luY2x1ZGUgPHNlbWFwaG9yZS5oPgorI2luY2x1ZGUgPGxpbWl0cy5oPgogI2luY2x1ZGUg InB0aHJlYWRfaW1wbC5oIgogCiBzdGF0aWMgdm9pZCBjbGVhbnVwKHZvaWQgKnApCkBAIC0xMywx NCArMTQsMTggQEAgaW50IHNlbV90aW1lZHdhaXQoc2VtX3QgKnJlc3RyaWN0IHNlbSwgY29uc3Qg c3RydWN0IHRpbWVzcGVjICpyZXN0cmljdCBhdCkKIAlpZiAoIXNlbV90cnl3YWl0KHNlbSkpIHJl dHVybiAwOwogCiAJaW50IHNwaW5zID0gMTAwOwotCXdoaWxlIChzcGlucy0tICYmIHNlbS0+X192 YWxbMF0gPD0gMCAmJiAhc2VtLT5fX3ZhbFsxXSkgYV9zcGluKCk7CisJd2hpbGUgKHNwaW5zLS0g JiYgIShzZW0tPl9fdmFsWzBdICYgU0VNX1ZBTFVFX01BWCkgJiYgIXNlbS0+X192YWxbMV0pCisJ CWFfc3BpbigpOwogCiAJd2hpbGUgKHNlbV90cnl3YWl0KHNlbSkpIHsKLQkJaW50IHI7CisJCWlu dCByLCB0LCB2YWwgPSBzZW0tPl9fdmFsWzBdOworCQlpZiAodmFsICYgU0VNX1ZBTFVFX01BWCkK KwkJCWNvbnRpbnVlOwogCQlhX2luYyhzZW0tPl9fdmFsKzEpOwotCQlhX2NhcyhzZW0tPl9fdmFs LCAwLCAtMSk7CisJCXQgPSB2YWwgfCAweDgwMDAwMDAwOworCQlhX2NhcyhzZW0tPl9fdmFsLCB2 YWwsIHQpOwogCQlwdGhyZWFkX2NsZWFudXBfcHVzaChjbGVhbnVwLCAodm9pZCAqKShzZW0tPl9f dmFsKzEpKTsKLQkJciA9IF9fdGltZWR3YWl0X2NwKHNlbS0+X192YWwsIC0xLCBDTE9DS19SRUFM VElNRSwgYXQsIHNlbS0+X192YWxbMl0pOworCQlyID0gX190aW1lZHdhaXRfY3Aoc2VtLT5fX3Zh bCwgdCwgQ0xPQ0tfUkVBTFRJTUUsIGF0LCBzZW0tPl9fdmFsWzJdKTsKIAkJcHRocmVhZF9jbGVh bnVwX3BvcCgxKTsKIAkJaWYgKHIpIHsKIAkJCWVycm5vID0gcjsKZGlmZiAtLWdpdCBhL3NyYy90 aHJlYWQvc2VtX3RyeXdhaXQuYyBiL3NyYy90aHJlYWQvc2VtX3RyeXdhaXQuYwppbmRleCAwNGVk ZjQ2Yi4uYmViNDM1ZGEgMTAwNjQ0Ci0tLSBhL3NyYy90aHJlYWQvc2VtX3RyeXdhaXQuYworKysg Yi9zcmMvdGhyZWFkL3NlbV90cnl3YWl0LmMKQEAgLTEsMTIgKzEsMTIgQEAKICNpbmNsdWRlIDxz ZW1hcGhvcmUuaD4KKyNpbmNsdWRlIDxsaW1pdHMuaD4KICNpbmNsdWRlICJwdGhyZWFkX2ltcGwu aCIKIAogaW50IHNlbV90cnl3YWl0KHNlbV90ICpzZW0pCiB7CiAJaW50IHZhbDsKLQl3aGlsZSAo KHZhbD1zZW0tPl9fdmFsWzBdKSA+IDApIHsKLQkJaW50IG5ldyA9IHZhbC0xLSh2YWw9PTEgJiYg c2VtLT5fX3ZhbFsxXSk7Ci0JCWlmIChhX2NhcyhzZW0tPl9fdmFsLCB2YWwsIG5ldyk9PXZhbCkg cmV0dXJuIDA7CisJd2hpbGUgKCh2YWw9c2VtLT5fX3ZhbFswXSkgJiBTRU1fVkFMVUVfTUFYKSB7 CisJCWlmIChhX2NhcyhzZW0tPl9fdmFsLCB2YWwsIHZhbC0xKT09dmFsKSByZXR1cm4gMDsKIAl9 CiAJZXJybm8gPSBFQUdBSU47CiAJcmV0dXJuIC0xOwo= --=_e95a929e43d97ee92d98ca7492bc505c Content-Transfer-Encoding: base64 Content-Type: text/x-diff; name=sem-post-wake-all.diff Content-Disposition: attachment; filename=sem-post-wake-all.diff; size=2795 ZGlmZiAtLWdpdCBhL3NyYy90aHJlYWQvc2VtX2dldHZhbHVlLmMgYi9zcmMvdGhyZWFkL3NlbV9n ZXR2YWx1ZS5jCmluZGV4IGQ5ZDgzMDcxLi5jMGI3NzYyZCAxMDA2NDQKLS0tIGEvc3JjL3RocmVh ZC9zZW1fZ2V0dmFsdWUuYworKysgYi9zcmMvdGhyZWFkL3NlbV9nZXR2YWx1ZS5jCkBAIC0xLDgg KzEsOSBAQAogI2luY2x1ZGUgPHNlbWFwaG9yZS5oPgorI2luY2x1ZGUgPGxpbWl0cy5oPgogCiBp bnQgc2VtX2dldHZhbHVlKHNlbV90ICpyZXN0cmljdCBzZW0sIGludCAqcmVzdHJpY3QgdmFscCkK IHsKIAlpbnQgdmFsID0gc2VtLT5fX3ZhbFswXTsKLQkqdmFscCA9IHZhbCA8IDAgPyAwIDogdmFs OworCSp2YWxwID0gdmFsICYgU0VNX1ZBTFVFX01BWDsKIAlyZXR1cm4gMDsKIH0KZGlmZiAtLWdp dCBhL3NyYy90aHJlYWQvc2VtX3Bvc3QuYyBiL3NyYy90aHJlYWQvc2VtX3Bvc3QuYwppbmRleCAz MWUzMjkzZC4uY2E4ZDY2M2MgMTAwNjQ0Ci0tLSBhL3NyYy90aHJlYWQvc2VtX3Bvc3QuYworKysg Yi9zcmMvdGhyZWFkL3NlbV9wb3N0LmMKQEAgLTEsMTcgKzEsMjEgQEAKICNpbmNsdWRlIDxzZW1h cGhvcmUuaD4KKyNpbmNsdWRlIDxsaW1pdHMuaD4KICNpbmNsdWRlICJwdGhyZWFkX2ltcGwuaCIK IAogaW50IHNlbV9wb3N0KHNlbV90ICpzZW0pCiB7Ci0JaW50IHZhbCwgd2FpdGVycywgcHJpdiA9 IHNlbS0+X192YWxbMl07CisJaW50IHZhbCwgbmV3LCB3YWl0ZXJzLCBwcml2ID0gc2VtLT5fX3Zh bFsyXTsKIAlkbyB7CiAJCXZhbCA9IHNlbS0+X192YWxbMF07CiAJCXdhaXRlcnMgPSBzZW0tPl9f dmFsWzFdOwotCQlpZiAodmFsID09IFNFTV9WQUxVRV9NQVgpIHsKKwkJaWYgKCh2YWwgJiBTRU1f VkFMVUVfTUFYKSA9PSBTRU1fVkFMVUVfTUFYKSB7CiAJCQllcnJubyA9IEVPVkVSRkxPVzsKIAkJ CXJldHVybiAtMTsKIAkJfQotCX0gd2hpbGUgKGFfY2FzKHNlbS0+X192YWwsIHZhbCwgdmFsKzEr KHZhbDwwKSkgIT0gdmFsKTsKLQlpZiAodmFsPDAgfHwgd2FpdGVycykgX193YWtlKHNlbS0+X192 YWwsIDEsIHByaXYpOworCQluZXcgPSB2YWwgKyAxOworCQlpZiAoIXdhaXRlcnMpCisJCQluZXcg Jj0gfjB4ODAwMDAwMDA7CisJfSB3aGlsZSAoYV9jYXMoc2VtLT5fX3ZhbCwgdmFsLCBuZXcpICE9 IHZhbCk7CisJaWYgKHZhbDwwKSBfX3dha2Uoc2VtLT5fX3ZhbCwgd2FpdGVycyA/IDEgOiAtMSwg cHJpdik7CiAJcmV0dXJuIDA7CiB9CmRpZmYgLS1naXQgYS9zcmMvdGhyZWFkL3NlbV90aW1lZHdh aXQuYyBiL3NyYy90aHJlYWQvc2VtX3RpbWVkd2FpdC5jCmluZGV4IDU4ZDNlYmZlLi5hYTY3Mzc2 YyAxMDA2NDQKLS0tIGEvc3JjL3RocmVhZC9zZW1fdGltZWR3YWl0LmMKKysrIGIvc3JjL3RocmVh ZC9zZW1fdGltZWR3YWl0LmMKQEAgLTEsNCArMSw1IEBACiAjaW5jbHVkZSA8c2VtYXBob3JlLmg+ CisjaW5jbHVkZSA8bGltaXRzLmg+CiAjaW5jbHVkZSAicHRocmVhZF9pbXBsLmgiCiAKIHN0YXRp YyB2b2lkIGNsZWFudXAodm9pZCAqcCkKQEAgLTEzLDE0ICsxNCwxNSBAQCBpbnQgc2VtX3RpbWVk d2FpdChzZW1fdCAqcmVzdHJpY3Qgc2VtLCBjb25zdCBzdHJ1Y3QgdGltZXNwZWMgKnJlc3RyaWN0 IGF0KQogCWlmICghc2VtX3RyeXdhaXQoc2VtKSkgcmV0dXJuIDA7CiAKIAlpbnQgc3BpbnMgPSAx MDA7Ci0Jd2hpbGUgKHNwaW5zLS0gJiYgc2VtLT5fX3ZhbFswXSA8PSAwICYmICFzZW0tPl9fdmFs WzFdKSBhX3NwaW4oKTsKKwl3aGlsZSAoc3BpbnMtLSAmJiAhKHNlbS0+X192YWxbMF0gJiBTRU1f VkFMVUVfTUFYKSAmJiAhc2VtLT5fX3ZhbFsxXSkKKwkJYV9zcGluKCk7CiAKIAl3aGlsZSAoc2Vt X3RyeXdhaXQoc2VtKSkgewotCQlpbnQgcjsKKwkJaW50IHIsIHByaXYgPSBzZW0tPl9fdmFsWzJd OwogCQlhX2luYyhzZW0tPl9fdmFsKzEpOwotCQlhX2NhcyhzZW0tPl9fdmFsLCAwLCAtMSk7CisJ CWFfY2FzKHNlbS0+X192YWwsIDAsIDB4ODAwMDAwMDApOwogCQlwdGhyZWFkX2NsZWFudXBfcHVz aChjbGVhbnVwLCAodm9pZCAqKShzZW0tPl9fdmFsKzEpKTsKLQkJciA9IF9fdGltZWR3YWl0X2Nw KHNlbS0+X192YWwsIC0xLCBDTE9DS19SRUFMVElNRSwgYXQsIHNlbS0+X192YWxbMl0pOworCQly ID0gX190aW1lZHdhaXRfY3Aoc2VtLT5fX3ZhbCwgMHg4MDAwMDAwMCwgQ0xPQ0tfUkVBTFRJTUUs IGF0LCBwcml2KTsKIAkJcHRocmVhZF9jbGVhbnVwX3BvcCgxKTsKIAkJaWYgKHIpIHsKIAkJCWVy cm5vID0gcjsKZGlmZiAtLWdpdCBhL3NyYy90aHJlYWQvc2VtX3RyeXdhaXQuYyBiL3NyYy90aHJl YWQvc2VtX3RyeXdhaXQuYwppbmRleCAwNGVkZjQ2Yi4uYmViNDM1ZGEgMTAwNjQ0Ci0tLSBhL3Ny Yy90aHJlYWQvc2VtX3RyeXdhaXQuYworKysgYi9zcmMvdGhyZWFkL3NlbV90cnl3YWl0LmMKQEAg LTEsMTIgKzEsMTIgQEAKICNpbmNsdWRlIDxzZW1hcGhvcmUuaD4KKyNpbmNsdWRlIDxsaW1pdHMu aD4KICNpbmNsdWRlICJwdGhyZWFkX2ltcGwuaCIKIAogaW50IHNlbV90cnl3YWl0KHNlbV90ICpz ZW0pCiB7CiAJaW50IHZhbDsKLQl3aGlsZSAoKHZhbD1zZW0tPl9fdmFsWzBdKSA+IDApIHsKLQkJ aW50IG5ldyA9IHZhbC0xLSh2YWw9PTEgJiYgc2VtLT5fX3ZhbFsxXSk7Ci0JCWlmIChhX2Nhcyhz ZW0tPl9fdmFsLCB2YWwsIG5ldyk9PXZhbCkgcmV0dXJuIDA7CisJd2hpbGUgKCh2YWw9c2VtLT5f X3ZhbFswXSkgJiBTRU1fVkFMVUVfTUFYKSB7CisJCWlmIChhX2NhcyhzZW0tPl9fdmFsLCB2YWws IHZhbC0xKT09dmFsKSByZXR1cm4gMDsKIAl9CiAJZXJybm8gPSBFQUdBSU47CiAJcmV0dXJuIC0x Owo= --=_e95a929e43d97ee92d98ca7492bc505c--