Re: [Xen-devel] [PATCH 2/2] efi/boot: Don't free ebmalloc area at all

On Tue, Feb 28, 2017 at 07:09:14PM +, Andrew Cooper wrote: > On 28/02/17 19:01, Daniel Kiper wrote: > > On Tue, Feb 28, 2017 at 05:58:26PM +, Andrew Cooper wrote: > >> On 28/02/17 17:41, Daniel Kiper wrote: > >>> On Tue, Feb 28, 2017 at 04:08:35PM +, And

Re: [Xen-devel] [xen-unstable bisection] complete test-amd64-i386-xl-qemut-stubdom-debianhvm-amd64-xsm

On Thu, Mar 02, 2017 at 10:42:57AM +, Andrew Cooper wrote: > On 02/03/17 10:41, Daniel Kiper wrote: > > On Wed, Mar 01, 2017 at 11:53:52PM +, osstest service owner wrote: > >> branch xen-unstable > >> xenbranch xen-unstable > >> job test-amd64-i386-

Re: [Xen-devel] EFI + tboot + Xen

On Fri, Apr 14, 2017 at 04:17:54PM +0100, Andrew Cooper wrote: > On 14/04/2017 15:54, Daniel Kiper wrote: > > Hey, > > > > Has anybody tried to run EFI + tboot + Xen? > > I have a feeling that it does not work because > > tboot shuts down EFI boot servic

[Xen-devel] [GRUB2 PATCH RFC 1/1] efi: Add EFI shim lock verifier

This is based on git://git.savannah.gnu.org/grub.git phcoder/verifiers branch. Just an RFC. TODO: - disable the GRUB2 modules load/unload, - disable the dangerous modules, e.g. iorw, memrw. Signed-off-by: Daniel Kiper <daniel.ki...@oracle.com> --- grub-core/Makefile.core.def

[Xen-devel] [PATCH RFC 6/7] xen/x86/efi: Verify dom0 kernel with SHIM_LOCK protocol in efi_multiboot2()

Signed-off-by: Daniel Kiper <daniel.ki...@oracle.com> --- xen/arch/x86/boot/head.S| 20 ++-- xen/arch/x86/efi/efi-boot.h | 12 +++- xen/arch/x86/efi/stub.c |5 - 3 files changed, 33 insertions(+), 4 deletions(-) diff --git a/xen/arch/x86/boot/he

[Xen-devel] [PATCH RFC 5/7] efi: split out efi_shim_lock()

..which verifies PE signatures with SHIM_LOCK protocol. We want to re-use this code in subsequent patch in efi_multiboot2(). Signed-off-by: Daniel Kiper <daniel.ki...@oracle.com> --- xen/common/efi/boot.c | 19 +-- 1 file changed, 13 insertions(+), 6 deletions(-) diff

[Xen-devel] [PATCH RFC 2/7] xen/x86: Manually build PE header

by crash tool, - simpler code, - simpler build, - Xen build will no longer depend on ld i386pep support. Signed-off-by: Daniel Kiper <daniel.ki...@oracle.com> --- xen/arch/x86/Rules.mk|2 + xen/arch/x86/boot/head.S | 145 ++ xen/ar

[Xen-devel] [PATCH RFC 7/7] xen/x86: Build xen.mb.efi directly from xen-syms

Signed-off-by: Daniel Kiper <daniel.ki...@oracle.com> --- xen/arch/x86/Makefile |1 + 1 file changed, 1 insertion(+) diff --git a/xen/arch/x86/Makefile b/xen/arch/x86/Makefile index 93ead6e..e09f5f4 100644 --- a/xen/arch/x86/Makefile +++ b/xen/arch/x86/Makefile @@ -95,6 +95,7 @@ sym

[Xen-devel] [PATCH RFC 4/7] xen/x86: Add some addresses to the Multiboot2 header

MULTIBOOT2_HEADER_TAG_ENTRY_ADDRESS and MULTIBOOT2_HEADER_TAG_ENTRY_ADDRESS_EFI64 tags close to each other. Signed-off-by: Daniel Kiper <daniel.ki...@oracle.com> --- xen/arch/x86/boot/head.S | 19 +++ 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/xen/arch/x86/boot/head.S b/xen/arch/x8

[Xen-devel] [PATCH RFC 0/7] Change xen.efi build and add SHIM_LOCK verification into efi_multiboot2()

/include/xen/compile.h.in |1 + 9 files changed, 245 insertions(+), 22 deletions(-) Daniel Kiper (7): xen: Introduce XEN_COMPILE_POSIX_TIME xen/x86: Manually build PE header xen/x86: Add some addresses to the Multiboot header xen/x86: Add some addresses to the Multiboot2

[Xen-devel] [PATCH RFC 3/7] xen/x86: Add some addresses to the Multiboot header

In comparison to ELF the PE format is not supported by the Multiboot protocol. So, if we wish to load xen.efi using this protocol we have to put header_addr, load_addr, load_end_addr, bss_end_addr and entry_addr data into Multiboot header. Signed-off-by: Daniel Kiper <daniel.ki...@oracle.

[Xen-devel] [PATCH RFC 1/7] xen: Introduce XEN_COMPILE_POSIX_TIME

We need the POSIX time to properly fill the TimeDateStamp field in the PE header. Signed-off-by: Daniel Kiper <daniel.ki...@oracle.com> --- xen/Makefile | 14 -- xen/include/xen/compile.h.in |1 + 2 files changed, 9 insertions(+), 6 deletions(-) diff

Re: [Xen-devel] Xen 4.10 Development Update

== > > * Per-cpu tasklet > - XEN-28 > - Konrad Rzeszutek Wilk > > * Add support of rcu_idle_{enter,exit} > - XEN-27 > - Dario Faggioli > > === x86 === Could you add the following project to the list? * Change xen.efi build and add SHIM_LOCK verific

Re: [Xen-devel] [PATCH 4.12 26/84] x86/xen/efi: Initialize only the EFI struct members used by Xen

On Thu, Jul 20, 2017 at 11:16:39AM +0200, Greg Kroah-Hartman wrote: > On Thu, Jul 20, 2017 at 10:39:10AM +0200, Ingo Molnar wrote: > > > > * Daniel Kiper <daniel.ki...@oracle.com> wrote: > > > > > Hey Greg, > > > > > > On Wed, Jul

Re: [Xen-devel] [PATCH 4.12 26/84] x86/xen/efi: Initialize only the EFI struct members used by Xen

On Wed, Jul 19, 2017 at 01:12:14PM +0200, Greg Kroah-Hartman wrote: > On Wed, Jul 19, 2017 at 12:37:47PM +0200, Daniel Kiper wrote: > > Hey Greg, > > > > On Wed, Jul 19, 2017 at 11:43:32AM +0200, Greg Kroah-Hartman wrote: > > > 4.12-stable review patch. If anyone has

Re: [Xen-devel] [PATCH 4.12 26/84] x86/xen/efi: Initialize only the EFI struct members used by Xen

On Wed, Jul 19, 2017 at 01:19:58PM +0200, Greg Kroah-Hartman wrote: > On Wed, Jul 19, 2017 at 01:12:14PM +0200, Greg Kroah-Hartman wrote: > > On Wed, Jul 19, 2017 at 12:37:47PM +0200, Daniel Kiper wrote: > > > Hey Greg, > > > > > > On Wed, Jul 19, 2017 at 11:43:

Re: [Xen-devel] [PATCH 4.12 26/84] x86/xen/efi: Initialize only the EFI struct members used by Xen

Hey Greg, On Wed, Jul 19, 2017 at 11:43:32AM +0200, Greg Kroah-Hartman wrote: > 4.12-stable review patch. If anyone has any objections, please let me know. Why did you skip this patch for 4.11? IMO it should be applied there too. Daniel ___

Re: [Xen-devel] Optimising the DevSummit schedule on July 11

On Mon, Jul 03, 2017 at 11:37:29AM +0100, Lars Kurth wrote: > Folks, (committers and speakers/moderators CC'ed) > > I have a few extra sessions from Jan which came in today. Most of Tuesday > in x86 stuff, so there is no space. I merged one of my session with a proposal > from Jan, but it seems to

Re: [Xen-devel] OOPS new Xen 4.9.0_08 / kernel 4.12.0 Dom0 crash @ domain_crash_sync called from entry.S: fault at ffff82d080342328 entry.o#create_bounce_frame+0x135/0x14d

On Wed, Jul 05, 2017 at 10:27:19AM -0700, PGNet Dev wrote: > On 7/5/17 12:58 AM, Jan Beulich wrote: > >So there are two problems here: One is the fact that the kernel > >really should put an Invalid Opcode exception handler in place > >before intentionally raising any such exceptions (which WARN()

Re: [Xen-devel] Optimising the DevSummit schedule on July 11

On Tue, Jul 04, 2017 at 09:01:27AM +0100, Roger Pau Monne wrote: > On Mon, Jul 03, 2017 at 11:37:29AM +0100, Lars Kurth wrote: > > Folks, (committers and speakers/moderators CC'ed) > > > > I have a few extra sessions from Jan which came in today. Most of Tuesday > > in x86 stuff, so there is no

Re: [Xen-devel] [Xen-users] UEFI Secure Boot Xen 4.9

Hey, CC-ing Xen-devel to spread some knowledge about the issue. On Mon, May 15, 2017 at 10:42:23AM +0100, George Dunlap wrote: > On Wed, May 10, 2017 at 11:36 PM, Bill Jacobs (billjac) > wrote: > > Hi all > > > > I gather that with 4.9, UEFI secure boot of Xen should be

Re: [Xen-devel] [PATCH v8 0/3] arm64, xen: add xen_boot support into grub-mkconfig

Hi Julien, On Mon, May 15, 2017 at 02:43:28PM +0100, Julien Grall wrote: > Hi Daniel, > > On 15/05/17 14:38, Daniel Kiper wrote: > >On Sun, May 14, 2017 at 03:43:44PM +0800, fu@linaro.org wrote: > >>From: Fu Wei <fu@linaro.org> > >> > >

Re: [Xen-devel] [PATCH v8 0/3] arm64, xen: add xen_boot support into grub-mkconfig

On Sun, May 14, 2017 at 03:43:44PM +0800, fu@linaro.org wrote: > From: Fu Wei > > This patchset add xen_boot support into grub-mkconfig for > generating xen boot entrances automatically > > Also update the docs/grub.texi for new xen_boot commands. LGTM, if there are no

Re: [Xen-devel] [Xen-users] UEFI Secure Boot Xen 4.9

On Mon, May 15, 2017 at 07:09:54PM +, Bill Jacobs (billjac) wrote: > > -Original Message- > > From: Daniel Kiper [mailto:daniel.ki...@oracle.com] > > Sent: Monday, May 15, 2017 6:13 AM > > To: Bill Jacobs (billjac) <bill...@cisco.com>; george.dun..

Re: [Xen-devel] [PATCH 2/2] x86/xen/efi: Init only efi struct members used by Xen

On Wed, Jun 21, 2017 at 11:24:06AM +0200, Ingo Molnar wrote: > > * Daniel Kiper <daniel.ki...@oracle.com> wrote: > > > -static const struct efi efi_xen __initconst = { > > - .systab = NULL, /* Initialized later. */ > > - .runtime_version

Re: [Xen-devel] [PATCH 2/2] x86/xen/efi: Init only efi struct members used by Xen

On Wed, Jun 21, 2017 at 09:10:51AM +0100, Andrew Cooper wrote: > On 20/06/2017 21:14, Daniel Kiper wrote: > > Current approach, wholesale efi struct initialization from efi_xen, is not > > good. Usually if new member is defined then it is properly initialized in > > drive

[Xen-devel] [PATCH 0/2] xen/efi: Fixes

insertions(+), 34 deletions(-) Daniel Kiper (2): efi: Process MEMATTR table only if EFI_MEMMAP x86/xen/efi: Init only efi struct members used by Xen ___ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel

[Xen-devel] [PATCH 1/2] efi: Process MEMATTR table only if EFI_MEMMAP

Otherwise e.g. Xen dom0 on x86_64 EFI platforms crashes. In theory we can check EFI_PARAVIRT too, however, EFI_MEMMAP looks more generic and covers more cases. Signed-off-by: Daniel Kiper <daniel.ki...@oracle.com> --- drivers/firmware/efi/efi.c |3 ++- 1 file changed, 2 insertions

[Xen-devel] [PATCH 2/2] x86/xen/efi: Init only efi struct members used by Xen

used by Xen to avoid such issues in the future. Signed-off-by: Daniel Kiper <daniel.ki...@oracle.com> --- arch/x86/xen/efi.c | 45 - 1 file changed, 12 insertions(+), 33 deletions(-) diff --git a/arch/x86/xen/efi.c b/arch/x86/xen/efi.c index 3

[Xen-devel] [PATCH v2 0/2] xen/efi: Fixes

- drivers/firmware/efi/efi.c |3 ++- 2 files changed, 14 insertions(+), 34 deletions(-) Daniel Kiper (2): efi: Process MEMATTR table only if EFI_MEMMAP x86/xen/efi: Init only efi struct members used by Xen ___ Xen-devel

[Xen-devel] [PATCH v2 1/2] efi: Process MEMATTR table only if EFI_MEMMAP

Otherwise e.g. Xen dom0 on x86_64 EFI platforms crashes. In theory we can check EFI_PARAVIRT too, however, EFI_MEMMAP looks more generic and covers more cases. Signed-off-by: Daniel Kiper <daniel.ki...@oracle.com> Reviewed-by: Ard Biesheuvel <ard.biesheu...@linaro.org> --- drivers/

[Xen-devel] [PATCH v2 2/2] x86/xen/efi: Init only efi struct members used by Xen

used by Xen to avoid such issues in the future. Signed-off-by: Daniel Kiper <daniel.ki...@oracle.com> Acked-by: Ard Biesheuvel <ard.biesheu...@linaro.org> -- Align assignments to increase readability. Suggested by Ingo Molnar. --- arch/x86/xen/

Re: [Xen-devel] [Crash-utility] [PATCH] xen: Add support for domU with Linux kernel 3.19 and newer

translated again. > > * Endless loop starts from here. > > */ > > xen_m2p(machine=0x581b7e000) > > __xen_m2p(machine=0x581b7e000, mfn=0x581b7e) > > readmem(addr=0xc91f5000) > > > > Fortunately, PV domU p2m mapping is also stored at xd->xfd + > > xc

Re: [Xen-devel] [PATCH v8 0/3] arm64, xen: add xen_boot support into grub-mkconfig

On Mon, May 15, 2017 at 03:46:55PM +0200, Daniel Kiper wrote: > Hi Julien, > > On Mon, May 15, 2017 at 02:43:28PM +0100, Julien Grall wrote: > > Hi Daniel, > > > > On 15/05/17 14:38, Daniel Kiper wrote: > > >On Sun, May 14, 2017 at 03:43:44PM +0800, fu@lina

Re: [Xen-devel] [PATCH for-4.9] x86/boot: Fix the boot time relocation calculations

per <andrew.coop...@citrix.com> > Tested-by: Sergey Dyasli <sergey.dya...@citrix.com> > --- > CC: Jan Beulich <jbeul...@suse.com> > CC: Julien Grall <julien.gr...@arm.com> > CC: Daniel Kiper <daniel.ki...@oracle.com> > CC: Doug Goldstein <car...@cardoe

Re: [Xen-devel] [PATCH v2] x86/boot: Fix the boot time relocation calculations

her than limiting to an arbitrary 1k. One side effect is that the > MB2/EFI path continues to use the EFI stack until the trampoline is entered. > > Signed-off-by: Andrew Cooper <andrew.coop...@citrix.com> > Tested-by: Sergey Dyasli <sergey.dya...@citrix.com> Reviewed-by: Dan

Re: [Xen-devel] [PATCH v7 0/3] arm64, xen: add xen_boot support into grup-mkconfig

Hey, On Tue, May 02, 2017 at 03:06:24PM +0800, fu@linaro.org wrote: > From: Fu Wei > > This patchset add xen_boot support into grup-mkconfig for > generating xen boot entrances automatically > > Also update the docs/grub.texi for new xen_boot commands. Slowly recovering

Re: [Xen-devel] [Xen-users] UEFI Secure Boot Xen 4.9

On Mon, Sep 18, 2017 at 11:24:15AM -0400, Tamas K Lengyel wrote: > On Tue, Sep 5, 2017 at 12:26 PM, Tamas K Lengyel > <tamas.k.leng...@gmail.com> wrote: > > On Mon, Sep 4, 2017 at 6:40 AM, Daniel Kiper <daniel.ki...@oracle.com> > > wrote: > >> On Wed, Au

Re: [Xen-devel] Booting signed xen.efi through shim

On Fri, Sep 22, 2017 at 02:25:46AM -0600, Jan Beulich wrote: > >>> On 22.09.17 at 00:46, wrote: > > One piece that I see still missing is the Xen command line parameters > > not being verified. It would be ideal to have the option to get that > > set during compile time as

Re: [Xen-devel] Booting signed xen.efi through shim

On Wed, Sep 20, 2017 at 09:59:51AM -0600, Tamas K Lengyel wrote: > On Wed, Sep 20, 2017 at 9:46 AM, Jan Beulich wrote: > On 20.09.17 at 17:20, wrote: > >> On Wed, Sep 20, 2017 at 12:30 AM, Jan Beulich wrote: > >> On 20.09.17 at

Re: [Xen-devel] [PATCH 1/2] x86/boot: fix early error display

On Thu, Oct 12, 2017 at 03:50:06PM -0500, Doug Goldstein wrote: > From: David Esler > > In 9180f5365524 a change was made to the send_chr function to take in > C-strings and print out a character at a time until a NULL was > encountered. However there is no code to

Re: [Xen-devel] [PATCH 2/2] x86/boot: rename send_chr to print_err

just send it over the serial UART anymore so rename > > it to print_err so that its closer in name to what it does. > > > > Reviewed-by: Doug Goldstein <car...@cardoe.com> > > Signed-off-by: David Esler <drumandst...@gmail.com> > > Reviewed-by: Andrew Cooper <

Re: [Xen-devel] [Xen-users] UEFI Secure Boot Xen 4.9

On Thu, Oct 12, 2017 at 05:03:13PM +, Bill Jacobs (billjac) wrote: > Hi > What is the status of creating a shim to abstract secure boot > signing for Xen (to leverage MSFT 3rd party, e.g)? xen.efi works with shim itself out of the box. If you wish to use shim and GRUB2 to load Xen you have to

Re: [Xen-devel] [PATCH 2/2] Use grub-file to figure out whether multiboot2 should be used for Xen.gz

On Mon, Aug 28, 2017 at 02:40:15PM -0400, Konrad Rzeszutek Wilk wrote: > The multiboot2 is much more preferable than multiboot. Especiall > if booting under EFI where multiboot does not have the functionality > to pass ImageHandler. > > Signed-off-by: Konrad Rzeszutek Wilk

Re: [Xen-devel] [Xen-users] UEFI Secure Boot Xen 4.9

Hey Tamas, Sorry for late reply. I was on vacation. On Tue, Aug 22, 2017 at 09:01:06PM -0600, Tamas K Lengyel wrote: > On Tue, May 16, 2017 at 5:04 AM, Daniel Kiper <daniel.ki...@oracle.com> wrote: [...] > > UEFI will verify shim secure boot signature then shim will verify GRUB

Re: [Xen-devel] [PATCH 1/2] Fix util/grub.d/20_linux_xen.in: Add xen_boot command support for aarch64

On Mon, Aug 28, 2017 at 02:42:18PM -0400, Konrad Rzeszutek Wilk wrote: > On Mon, Aug 28, 2017 at 02:40:14PM -0400, Konrad Rzeszutek Wilk wrote: > > Commit d33045ce7ffcb7c1e4a60c14d5ca64b36e3c5abe introduced > > the support for this, but it does not work under x86 (as it stops > > 20_linux_xen from

Re: [Xen-devel] [PATCH v2] Fix ARM multiboot2 breaking Fedora.

On Tue, Aug 29, 2017 at 04:40:51PM -0400, Konrad Rzeszutek Wilk wrote: > Since v1 [http://lists.gnu.org/archive/html/grub-devel/2017-08/msg00073.html] > - Fixed up patch with failing invocation, > - Redid patch #2 per Daniel's instructions. > > > Hey, > > The first patch: > [PATCH 1/2] Fix

[Xen-devel] GRUB documentation updated

Hey, Some people asked me about Multiboot2 Specification and other GRUB doc stuff. So, I have put latest things at https://www.gnu.org/software/grub/grub-documentation.html I hope that helps. If you have any questions please drop me a line. Thanks, Daniel

Re: [Xen-devel] [PATCH v2] Fix ARM multiboot2 breaking Fedora.

On Wed, Aug 30, 2017 at 12:26:28PM +0200, Daniel Kiper wrote: > On Tue, Aug 29, 2017 at 04:40:51PM -0400, Konrad Rzeszutek Wilk wrote: > > Since v1 > > [http://lists.gnu.org/archive/html/grub-devel/2017-08/msg00073.html] > > - Fixed up patch with failing invocation, >

Re: [Xen-devel] Booting signed xen.efi through shim

Hi Tamas, On Tue, Sep 12, 2017 at 05:40:35PM -0600, Tamas K Lengyel wrote: > Hi all, > for the last couple weeks I've been poking around the options > available to get Xen booted on a Secureboot enabled box. My goal is to > extend the chain of trust to the dom0 kernel. According to >

Re: [Xen-devel] [Xen-users] UEFI Secure Boot Xen 4.9

On Wed, Aug 30, 2017 at 10:16:23AM -0600, Tamas K Lengyel wrote: > On Tue, Aug 29, 2017 at 2:01 PM, Daniel Kiper <daniel.ki...@oracle.com> wrote: > > Hey Tamas, > > > > Sorry for late reply. I was on vacation. > > > > On Tue, Aug 22, 2017 at 09:01:06PM -0

Re: [Xen-devel] [PATCH v2 1/2] x86/boot: fix early error display

by: David Esler <drumandst...@gmail.com> In general Reviewed-by: Daniel Kiper <daniel.ki...@oracle.com> Though please take into account Jan's request WRT to commit message. Or I am OK with Jan's changes before committing. Daniel ___ Xen-deve

Re: [Xen-devel] [PATCH v2 2/2] x86/boot: rename send_chr to print_err

rr so that its closer in name to what it does. > > Reviewed-by: Doug Goldstein <car...@cardoe.com> Ditto. > Signed-off-by: David Esler <drumandst...@gmail.com> Anyway, Reviewed-by: Daniel Kiper <daniel.ki...@oracle.com> Daniel

Re: [Xen-devel] [PATCH] x86/boot: fix MB2 header to require EFI BS

On Tue, Oct 24, 2017 at 02:40:41PM -0500, Doug Goldstein wrote: > The EFI multiboot2 entry point currently requires EFI BootServices to > not have been exited however the header currently tells the boot > loader that Xen optionally supports EFI BootServices having been exited. > With this change

Re: [Xen-devel] [PATCH] x86/boot: fix MB2 header to require EFI BS

On Tue, Oct 24, 2017 at 03:28:52PM -0500, Doug Goldstein wrote: > On 10/24/17 3:08 PM, Daniel Kiper wrote: > > On Tue, Oct 24, 2017 at 02:40:41PM -0500, Doug Goldstein wrote: > >> The EFI multiboot2 entry point currently requires EFI BootServices to > >> not have bee

Re: [Xen-devel] [PATCH] x86/boot: fix MB2 header to require EFI BS

On Tue, Oct 24, 2017 at 10:40:26PM +0100, Andrew Cooper wrote: > On 24/10/2017 22:11, Daniel Kiper wrote: > > On Tue, Oct 24, 2017 at 09:22:20PM +0100, Andrew Cooper wrote: > >> On 24/10/17 21:08, Daniel Kiper wrote: > >>> On Tue, Oct 24, 2017 at 02:40:41

Re: [Xen-devel] [PATCH] x86/boot: fix MB2 header to require EFI BS

On Tue, Oct 24, 2017 at 09:22:20PM +0100, Andrew Cooper wrote: > On 24/10/17 21:08, Daniel Kiper wrote: > > On Tue, Oct 24, 2017 at 02:40:41PM -0500, Doug Goldstein wrote: > >> The EFI multiboot2 entry point currently requires EFI BootServices to > >> not have bee

Re: [Xen-devel] [PATCH] x86/boot: fix MB2 header to require EFI BS

On Tue, Oct 24, 2017 at 03:49:10PM -0500, Doug Goldstein wrote: > On 10/24/17 3:22 PM, Andrew Cooper wrote: > > On 24/10/17 21:08, Daniel Kiper wrote: > >> On Tue, Oct 24, 2017 at 02:40:41PM -0500, Doug Goldstein wrote: > >>> The EFI multiboot2 entry point curre

<    4   5   6   7   8   9