Print this page
9210 remove KMDB branch debugging support
9211 ::crregs could do with cr2/cr3 support
9209 ::ttrace should be able to filter by thread
Reviewed by: Patrick Mooney <patrick.mooney@joyent.com>
9207 kdi_idt: Cast GATESEG_GETOFFSET through uintptr_t
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/uts/intel/kdi/kdi_idt.c
+++ new/usr/src/uts/intel/kdi/kdi_idt.c
1 1 /*
2 2 * CDDL HEADER START
3 3 *
4 4 * The contents of this file are subject to the terms of the
5 5 * Common Development and Distribution License (the "License").
6 6 * You may not use this file except in compliance with the License.
7 7 *
8 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 9 * or http://www.opensolaris.org/os/licensing.
10 10 * See the License for the specific language governing permissions
11 11 * and limitations under the License.
12 12 *
13 13 * When distributing Covered Code, include this CDDL HEADER in each
|
↓ open down ↓ |
13 lines elided |
↑ open up ↑ |
14 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 15 * If applicable, add the following below this CDDL HEADER, with the
16 16 * fields enclosed by brackets "[]" replaced with your own identifying
17 17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 18 *
19 19 * CDDL HEADER END
20 20 */
21 21 /*
22 22 * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
23 23 * Use is subject to license terms.
24 + *
25 + * Copyright 2018 Joyent, Inc.
24 26 */
25 27
26 28 /*
27 29 * Management of KMDB's IDT, which is installed upon KMDB activation.
28 30 *
29 31 * Debugger activation has two flavors, which cover the cases where KMDB is
30 32 * loaded at boot, and when it is loaded after boot. In brief, in both cases,
31 33 * the KDI needs to interpose upon several handlers in the IDT. When
32 34 * mod-loaded KMDB is deactivated, we undo the IDT interposition, restoring the
33 35 * handlers to what they were before we started.
34 36 *
35 37 * We also take over the entirety of IDT (except the double-fault handler) on
36 38 * the active CPU when we're in kmdb so we can handle things like page faults
37 39 * sensibly.
38 40 *
39 41 * Boot-loaded KMDB
40 42 *
41 43 * When we're first activated, we're running on boot's IDT. We need to be able
42 44 * to function in this world, so we'll install our handlers into boot's IDT.
43 45 * This is a little complicated: we're using the fake cpu_t set up by
44 46 * boot_kdi_tmpinit(), so we can't access cpu_idt directly. Instead,
45 47 * kdi_idt_write() notices that cpu_idt is NULL, and works around this problem.
46 48 *
47 49 * Later, when we're about to switch to the kernel's IDT, it'll call us via
48 50 * kdi_idt_sync(), allowing us to add our handlers to the new IDT. While
49 51 * boot-loaded KMDB can't be unloaded, we still need to save the descriptors we
50 52 * replace so we can pass traps back to the kernel as necessary.
51 53 *
52 54 * The last phase of boot-loaded KMDB activation occurs at non-boot CPU
53 55 * startup. We will be called on each non-boot CPU, thus allowing us to set up
54 56 * any watchpoints that may have been configured on the boot CPU and interpose
55 57 * on the given CPU's IDT. We don't save the interposed descriptors in this
56 58 * case -- see kdi_cpu_init() for details.
57 59 *
58 60 * Mod-loaded KMDB
59 61 *
60 62 * This style of activation is much simpler, as the CPUs are already running,
61 63 * and are using their own copy of the kernel's IDT. We simply interpose upon
62 64 * each CPU's IDT. We save the handlers we replace, both for deactivation and
63 65 * for passing traps back to the kernel. Note that for the hypervisors'
64 66 * benefit, we need to xcall to the other CPUs to do this, since we need to
65 67 * actively set the trap entries in its virtual IDT from that vcpu's context
66 68 * rather than just modifying the IDT table from the CPU running kdi_activate().
67 69 */
68 70
69 71 #include <sys/types.h>
70 72 #include <sys/segments.h>
71 73 #include <sys/trap.h>
72 74 #include <sys/cpuvar.h>
73 75 #include <sys/reboot.h>
74 76 #include <sys/sunddi.h>
75 77 #include <sys/archsystm.h>
76 78 #include <sys/kdi_impl.h>
77 79 #include <sys/x_call.h>
78 80 #include <ia32/sys/psw.h>
79 81
80 82 #define KDI_GATE_NVECS 3
81 83
82 84 #define KDI_IDT_NOSAVE 0
83 85 #define KDI_IDT_SAVE 1
84 86
85 87 #define KDI_IDT_DTYPE_KERNEL 0
86 88 #define KDI_IDT_DTYPE_BOOT 1
87 89
88 90 kdi_cpusave_t *kdi_cpusave;
89 91 int kdi_ncpusave;
90 92
91 93 static kdi_main_t kdi_kmdb_main;
92 94
|
↓ open down ↓ |
59 lines elided |
↑ open up ↑ |
93 95 kdi_drreg_t kdi_drreg;
94 96
95 97 #ifndef __amd64
96 98 /* Used to track the current set of valid kernel selectors. */
97 99 uint32_t kdi_cs;
98 100 uint32_t kdi_ds;
99 101 uint32_t kdi_fs;
100 102 uint32_t kdi_gs;
101 103 #endif
102 104
103 -uint_t kdi_msr_wrexit_msr;
104 -uint64_t *kdi_msr_wrexit_valp;
105 -
106 105 uintptr_t kdi_kernel_handler;
107 106
108 107 int kdi_trap_switch;
109 108
110 109 #define KDI_MEMRANGES_MAX 2
111 110
112 111 kdi_memrange_t kdi_memranges[KDI_MEMRANGES_MAX];
113 112 int kdi_nmemranges;
114 113
115 114 typedef void idt_hdlr_f(void);
116 115
117 116 extern idt_hdlr_f kdi_trap0, kdi_trap1, kdi_int2, kdi_trap3, kdi_trap4;
118 117 extern idt_hdlr_f kdi_trap5, kdi_trap6, kdi_trap7, kdi_trap9;
119 118 extern idt_hdlr_f kdi_traperr10, kdi_traperr11, kdi_traperr12;
120 119 extern idt_hdlr_f kdi_traperr13, kdi_traperr14, kdi_trap16, kdi_trap17;
121 120 extern idt_hdlr_f kdi_trap18, kdi_trap19, kdi_trap20, kdi_ivct32;
122 121 extern idt_hdlr_f kdi_invaltrap;
123 122 extern size_t kdi_ivct_size;
124 -extern char kdi_slave_entry_patch;
125 123
126 124 typedef struct kdi_gate_spec {
127 125 uint_t kgs_vec;
128 126 uint_t kgs_dpl;
129 127 } kdi_gate_spec_t;
130 128
131 129 /*
132 130 * Beware: kdi_pass_to_kernel() has unpleasant knowledge of this list.
133 131 */
134 132 static const kdi_gate_spec_t kdi_gate_specs[KDI_GATE_NVECS] = {
135 133 { T_SGLSTP, TRP_KPL },
136 134 { T_BPTFLT, TRP_UPL },
137 135 { T_DBGENTR, TRP_KPL }
138 136 };
139 137
140 138 static gate_desc_t kdi_kgates[KDI_GATE_NVECS];
141 139
142 140 gate_desc_t kdi_idt[NIDT];
143 141
144 142 struct idt_description {
145 143 uint_t id_low;
146 144 uint_t id_high;
147 145 idt_hdlr_f *id_basehdlr;
148 146 size_t *id_incrp;
149 147 } idt_description[] = {
150 148 { T_ZERODIV, 0, kdi_trap0, NULL },
151 149 { T_SGLSTP, 0, kdi_trap1, NULL },
152 150 { T_NMIFLT, 0, kdi_int2, NULL },
153 151 { T_BPTFLT, 0, kdi_trap3, NULL },
154 152 { T_OVFLW, 0, kdi_trap4, NULL },
155 153 { T_BOUNDFLT, 0, kdi_trap5, NULL },
156 154 { T_ILLINST, 0, kdi_trap6, NULL },
157 155 { T_NOEXTFLT, 0, kdi_trap7, NULL },
158 156 #if !defined(__xpv)
159 157 { T_DBLFLT, 0, syserrtrap, NULL },
160 158 #endif
161 159 { T_EXTOVRFLT, 0, kdi_trap9, NULL },
162 160 { T_TSSFLT, 0, kdi_traperr10, NULL },
163 161 { T_SEGFLT, 0, kdi_traperr11, NULL },
164 162 { T_STKFLT, 0, kdi_traperr12, NULL },
165 163 { T_GPFLT, 0, kdi_traperr13, NULL },
166 164 { T_PGFLT, 0, kdi_traperr14, NULL },
167 165 { 15, 0, kdi_invaltrap, NULL },
168 166 { T_EXTERRFLT, 0, kdi_trap16, NULL },
169 167 { T_ALIGNMENT, 0, kdi_trap17, NULL },
170 168 { T_MCE, 0, kdi_trap18, NULL },
171 169 { T_SIMDFPE, 0, kdi_trap19, NULL },
172 170 { T_DBGENTR, 0, kdi_trap20, NULL },
173 171 { 21, 31, kdi_invaltrap, NULL },
174 172 { 32, 255, kdi_ivct32, &kdi_ivct_size },
175 173 { 0, 0, NULL },
176 174 };
177 175
178 176 void
179 177 kdi_idt_init(selector_t sel)
180 178 {
181 179 struct idt_description *id;
182 180 int i;
183 181
184 182 for (id = idt_description; id->id_basehdlr != NULL; id++) {
185 183 uint_t high = id->id_high != 0 ? id->id_high : id->id_low;
186 184 size_t incr = id->id_incrp != NULL ? *id->id_incrp : 0;
|
↓ open down ↓ |
52 lines elided |
↑ open up ↑ |
187 185
188 186 for (i = id->id_low; i <= high; i++) {
189 187 caddr_t hdlr = (caddr_t)id->id_basehdlr +
190 188 incr * (i - id->id_low);
191 189 set_gatesegd(&kdi_idt[i], (void (*)())hdlr, sel,
192 190 SDT_SYSIGT, TRP_KPL, i);
193 191 }
194 192 }
195 193 }
196 194
197 -/*
198 - * Patch caller-provided code into the debugger's IDT handlers. This code is
199 - * used to save MSRs that must be saved before the first branch. All handlers
200 - * are essentially the same, and end with a branch to kdi_cmnint. To save the
201 - * MSR, we need to patch in before the branch. The handlers have the following
202 - * structure: KDI_MSR_PATCHOFF bytes of code, KDI_MSR_PATCHSZ bytes of
203 - * patchable space, followed by more code.
204 - */
205 -void
206 -kdi_idt_patch(caddr_t code, size_t sz)
207 -{
208 - int i;
209 -
210 - ASSERT(sz <= KDI_MSR_PATCHSZ);
211 -
212 - for (i = 0; i < sizeof (kdi_idt) / sizeof (struct gate_desc); i++) {
213 - gate_desc_t *gd;
214 - uchar_t *patch;
215 -
216 - if (i == T_DBLFLT)
217 - continue; /* uses kernel's handler */
218 -
219 - gd = &kdi_idt[i];
220 - patch = (uchar_t *)GATESEG_GETOFFSET(gd) + KDI_MSR_PATCHOFF;
221 -
222 - /*
223 - * We can't ASSERT that there's a nop here, because this may be
224 - * a debugger restart. In that case, we're copying the new
225 - * patch point over the old one.
226 - */
227 - /* FIXME: dtrace fbt ... */
228 - bcopy(code, patch, sz);
229 -
230 - /* Fill the rest with nops to be sure */
231 - while (sz < KDI_MSR_PATCHSZ)
232 - patch[sz++] = 0x90; /* nop */
233 - }
234 -}
235 -
236 195 static void
237 196 kdi_idt_gates_install(selector_t sel, int saveold)
238 197 {
239 198 gate_desc_t gates[KDI_GATE_NVECS];
240 199 int i;
241 200
242 201 bzero(gates, sizeof (*gates));
243 202
244 203 for (i = 0; i < KDI_GATE_NVECS; i++) {
245 204 const kdi_gate_spec_t *gs = &kdi_gate_specs[i];
246 205 uintptr_t func = GATESEG_GETOFFSET(&kdi_idt[gs->kgs_vec]);
247 206 set_gatesegd(&gates[i], (void (*)())func, sel, SDT_SYSIGT,
248 207 gs->kgs_dpl, gs->kgs_vec);
249 208 }
250 209
251 210 for (i = 0; i < KDI_GATE_NVECS; i++) {
252 211 uint_t vec = kdi_gate_specs[i].kgs_vec;
253 212
254 213 if (saveold)
255 214 kdi_kgates[i] = CPU->cpu_m.mcpu_idt[vec];
256 215
257 216 kdi_idt_write(&gates[i], vec);
258 217 }
259 218 }
260 219
261 220 static void
262 221 kdi_idt_gates_restore(void)
263 222 {
264 223 int i;
265 224
266 225 for (i = 0; i < KDI_GATE_NVECS; i++)
267 226 kdi_idt_write(&kdi_kgates[i], kdi_gate_specs[i].kgs_vec);
268 227 }
269 228
270 229 /*
|
↓ open down ↓ |
25 lines elided |
↑ open up ↑ |
271 230 * Called when we switch to the kernel's IDT. We need to interpose on the
272 231 * kernel's IDT entries and stop using KMDBCODE_SEL.
273 232 */
274 233 void
275 234 kdi_idt_sync(void)
276 235 {
277 236 kdi_idt_init(KCS_SEL);
278 237 kdi_idt_gates_install(KCS_SEL, KDI_IDT_SAVE);
279 238 }
280 239
281 -/*
282 - * On some processors, we'll need to clear a certain MSR before proceeding into
283 - * the debugger. Complicating matters, this MSR must be cleared before we take
284 - * any branches. We have patch points in every trap handler, which will cover
285 - * all entry paths for master CPUs. We also have a patch point in the slave
286 - * entry code.
287 - */
288 -static void
289 -kdi_msr_add_clrentry(uint_t msr)
290 -{
291 -#ifdef __amd64
292 - uchar_t code[] = {
293 - 0x51, 0x50, 0x52, /* pushq %rcx, %rax, %rdx */
294 - 0xb9, 0x00, 0x00, 0x00, 0x00, /* movl $MSRNUM, %ecx */
295 - 0x31, 0xc0, /* clr %eax */
296 - 0x31, 0xd2, /* clr %edx */
297 - 0x0f, 0x30, /* wrmsr */
298 - 0x5a, 0x58, 0x59 /* popq %rdx, %rax, %rcx */
299 - };
300 - uchar_t *patch = &code[4];
301 -#else
302 - uchar_t code[] = {
303 - 0x60, /* pushal */
304 - 0xb9, 0x00, 0x00, 0x00, 0x00, /* movl $MSRNUM, %ecx */
305 - 0x31, 0xc0, /* clr %eax */
306 - 0x31, 0xd2, /* clr %edx */
307 - 0x0f, 0x30, /* wrmsr */
308 - 0x61 /* popal */
309 - };
310 - uchar_t *patch = &code[2];
311 -#endif
312 -
313 - bcopy(&msr, patch, sizeof (uint32_t));
314 -
315 - kdi_idt_patch((caddr_t)code, sizeof (code));
316 -
317 - bcopy(code, &kdi_slave_entry_patch, sizeof (code));
318 -}
319 -
320 -static void
321 -kdi_msr_add_wrexit(uint_t msr, uint64_t *valp)
322 -{
323 - kdi_msr_wrexit_msr = msr;
324 - kdi_msr_wrexit_valp = valp;
325 -}
326 -
327 240 void
328 -kdi_set_debug_msrs(kdi_msr_t *msrs)
329 -{
330 - int nmsrs, i;
331 -
332 - ASSERT(kdi_cpusave[0].krs_msr == NULL);
333 -
334 - /* Look in CPU0's MSRs for any special MSRs. */
335 - for (nmsrs = 0; msrs[nmsrs].msr_num != 0; nmsrs++) {
336 - switch (msrs[nmsrs].msr_type) {
337 - case KDI_MSR_CLEARENTRY:
338 - kdi_msr_add_clrentry(msrs[nmsrs].msr_num);
339 - break;
340 -
341 - case KDI_MSR_WRITEDELAY:
342 - kdi_msr_add_wrexit(msrs[nmsrs].msr_num,
343 - msrs[nmsrs].kdi_msr_valp);
344 - break;
345 - }
346 - }
347 -
348 - nmsrs++;
349 -
350 - for (i = 0; i < kdi_ncpusave; i++)
351 - kdi_cpusave[i].krs_msr = &msrs[nmsrs * i];
352 -}
353 -
354 -void
355 241 kdi_update_drreg(kdi_drreg_t *drreg)
356 242 {
357 243 kdi_drreg = *drreg;
358 244 }
359 245
360 246 void
361 247 kdi_memrange_add(caddr_t base, size_t len)
362 248 {
363 249 kdi_memrange_t *mr = &kdi_memranges[kdi_nmemranges];
364 250
365 251 ASSERT(kdi_nmemranges != KDI_MEMRANGES_MAX);
366 252
367 253 mr->mr_base = base;
368 254 mr->mr_lim = base + len - 1;
369 255 kdi_nmemranges++;
370 256 }
371 257
372 258 void
373 259 kdi_idt_switch(kdi_cpusave_t *cpusave)
374 260 {
375 261 if (cpusave == NULL)
376 262 kdi_idtr_set(kdi_idt, sizeof (kdi_idt) - 1);
377 263 else
378 264 kdi_idtr_set(cpusave->krs_idt, (sizeof (*idt0) * NIDT) - 1);
379 265 }
380 266
381 267 /*
382 268 * Activation for CPUs other than the boot CPU, called from that CPU's
383 269 * mp_startup(). We saved the kernel's descriptors when we initialized the
384 270 * boot CPU, so we don't want to do it again. Saving the handlers from this
385 271 * CPU's IDT would actually be dangerous with the CPU initialization method in
386 272 * use at the time of this writing. With that method, the startup code creates
|
↓ open down ↓ |
22 lines elided |
↑ open up ↑ |
387 273 * the IDTs for slave CPUs by copying the one used by the boot CPU, which has
388 274 * already been interposed upon by KMDB. Were we to interpose again, we'd
389 275 * replace the kernel's descriptors with our own in the save area. By not
390 276 * saving, but still overwriting, we'll work in the current world, and in any
391 277 * future world where the IDT is generated from scratch.
392 278 */
393 279 void
394 280 kdi_cpu_init(void)
395 281 {
396 282 kdi_idt_gates_install(KCS_SEL, KDI_IDT_NOSAVE);
397 - /* Load the debug registers and MSRs */
283 + /* Load the debug registers. */
398 284 kdi_cpu_debug_init(&kdi_cpusave[CPU->cpu_id]);
399 285 }
400 286
401 287 /*
402 288 * Activation for all CPUs for mod-loaded kmdb, i.e. a kmdb that wasn't
403 289 * loaded at boot.
404 290 */
405 291 static int
406 292 kdi_cpu_activate(void)
407 293 {
408 294 kdi_idt_gates_install(KCS_SEL, KDI_IDT_SAVE);
409 295 return (0);
410 296 }
411 297
412 298 void
413 299 kdi_activate(kdi_main_t main, kdi_cpusave_t *cpusave, uint_t ncpusave)
414 300 {
415 301 int i;
416 302 cpuset_t cpuset;
417 303
418 304 CPUSET_ALL(cpuset);
419 305
420 306 kdi_cpusave = cpusave;
421 307 kdi_ncpusave = ncpusave;
422 308
423 309 kdi_kmdb_main = main;
424 310
425 311 for (i = 0; i < kdi_ncpusave; i++) {
426 312 kdi_cpusave[i].krs_cpu_id = i;
427 313
428 314 kdi_cpusave[i].krs_curcrumb =
429 315 &kdi_cpusave[i].krs_crumbs[KDI_NCRUMBS - 1];
430 316 kdi_cpusave[i].krs_curcrumbidx = KDI_NCRUMBS - 1;
431 317 }
432 318
433 319 if (boothowto & RB_KMDB)
434 320 kdi_idt_init(KMDBCODE_SEL);
435 321 else
436 322 kdi_idt_init(KCS_SEL);
437 323
438 324 /* The initial selector set. Updated by the debugger-entry code */
439 325 #ifndef __amd64
440 326 kdi_cs = B32CODE_SEL;
|
↓ open down ↓ |
33 lines elided |
↑ open up ↑ |
441 327 kdi_ds = kdi_fs = kdi_gs = B32DATA_SEL;
442 328 #endif
443 329
444 330 kdi_memranges[0].mr_base = kdi_segdebugbase;
445 331 kdi_memranges[0].mr_lim = kdi_segdebugbase + kdi_segdebugsize - 1;
446 332 kdi_nmemranges = 1;
447 333
448 334 kdi_drreg.dr_ctl = KDIREG_DRCTL_RESERVED;
449 335 kdi_drreg.dr_stat = KDIREG_DRSTAT_RESERVED;
450 336
451 - kdi_msr_wrexit_msr = 0;
452 - kdi_msr_wrexit_valp = NULL;
453 -
454 337 if (boothowto & RB_KMDB) {
455 338 kdi_idt_gates_install(KMDBCODE_SEL, KDI_IDT_NOSAVE);
456 339 } else {
457 340 xc_call(0, 0, 0, CPUSET2BV(cpuset),
458 341 (xc_func_t)kdi_cpu_activate);
459 342 }
460 343 }
461 344
462 345 static int
463 346 kdi_cpu_deactivate(void)
464 347 {
465 348 kdi_idt_gates_restore();
466 349 return (0);
467 350 }
468 351
469 352 void
470 353 kdi_deactivate(void)
471 354 {
472 355 cpuset_t cpuset;
473 356 CPUSET_ALL(cpuset);
474 357
475 358 xc_call(0, 0, 0, CPUSET2BV(cpuset), (xc_func_t)kdi_cpu_deactivate);
476 359 kdi_nmemranges = 0;
477 360 }
478 361
479 362 /*
480 363 * We receive all breakpoints and single step traps. Some of them,
481 364 * including those from userland and those induced by DTrace providers,
482 365 * are intended for the kernel, and must be processed there. We adopt
483 366 * this ours-until-proven-otherwise position due to the painful
484 367 * consequences of sending the kernel an unexpected breakpoint or
485 368 * single step. Unless someone can prove to us that the kernel is
486 369 * prepared to handle the trap, we'll assume there's a problem and will
487 370 * give the user a chance to debug it.
488 371 */
489 372 int
490 373 kdi_trap_pass(kdi_cpusave_t *cpusave)
491 374 {
492 375 greg_t tt = cpusave->krs_gregs[KDIREG_TRAPNO];
493 376 greg_t pc = cpusave->krs_gregs[KDIREG_PC];
494 377 greg_t cs = cpusave->krs_gregs[KDIREG_CS];
495 378
496 379 if (USERMODE(cs))
497 380 return (1);
498 381
499 382 if (tt != T_BPTFLT && tt != T_SGLSTP)
500 383 return (0);
501 384
502 385 if (tt == T_BPTFLT && kdi_dtrace_get_state() ==
503 386 KDI_DTSTATE_DTRACE_ACTIVE)
504 387 return (1);
505 388
506 389 /*
507 390 * See the comments in the kernel's T_SGLSTP handler for why we need to
508 391 * do this.
509 392 */
510 393 if (tt == T_SGLSTP &&
511 394 (pc == (greg_t)sys_sysenter || pc == (greg_t)brand_sys_sysenter))
512 395 return (1);
513 396
514 397 return (0);
515 398 }
516 399
517 400 /*
518 401 * State has been saved, and all CPUs are on the CPU-specific stacks. All
519 402 * CPUs enter here, and head off into the debugger proper.
520 403 */
521 404 void
522 405 kdi_debugger_entry(kdi_cpusave_t *cpusave)
523 406 {
524 407 /*
525 408 * BPTFLT gives us control with %eip set to the instruction *after*
526 409 * the int 3. Back it off, so we're looking at the instruction that
527 410 * triggered the fault.
528 411 */
529 412 if (cpusave->krs_gregs[KDIREG_TRAPNO] == T_BPTFLT)
530 413 cpusave->krs_gregs[KDIREG_PC]--;
531 414
532 415 kdi_kmdb_main(cpusave);
533 416 }
|
↓ open down ↓ |
70 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX