From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 11E49E7717D for ; Wed, 11 Dec 2024 16:46:57 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 8A87E6B008A; Wed, 11 Dec 2024 11:46:57 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 8580E6B0099; Wed, 11 Dec 2024 11:46:57 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 6F8146B009B; Wed, 11 Dec 2024 11:46:57 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id 4E52C6B008A for ; Wed, 11 Dec 2024 11:46:57 -0500 (EST) Received: from smtpin01.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id D78F9121312 for ; Wed, 11 Dec 2024 16:46:56 +0000 (UTC) X-FDA: 82883256582.01.FD0F23C Received: from mail-yb1-f178.google.com (mail-yb1-f178.google.com [209.85.219.178]) by imf05.hostedemail.com (Postfix) with ESMTP id A40A7100003 for ; Wed, 11 Dec 2024 16:46:10 +0000 (UTC) Authentication-Results: imf05.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=e5gSoz2r; spf=pass (imf05.hostedemail.com: domain of mvanotti@google.com designates 209.85.219.178 as permitted sender) smtp.mailfrom=mvanotti@google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1733935590; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=hMKD8t083+1kiX6WIOqzRHf9IuUaT4yhM1A4LWerA+s=; b=WXRW8C2hQ8GFDOI5wcuEcNNnMemW4zIvnLJGAO330/pLpSVuEn/KHceeHH2dIMgnQbDSa7 3jK63Ak238qBcyGrmLv2mM8T6sL7fxobNgBEHJ8JsebljW8TTZ8BeARo5vbzAG0QkQSjZB LUkFlVTa8i6bjP7vXh1yi/yvUWWjcGI= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1733935590; a=rsa-sha256; cv=none; b=KJtC8DW1DkKdGQMJDTFuGIvfyfOfJVluejs6cE+hKiLheTknDPO1Aa0xCTka6p3Bx09fZ8 L5gtvJ6e49Qw+NU3KCzLWtGHwY1mIjU8WXECxV465l75KCRqWhA7EEDnveEl/erMEJsw/2 kFOqRu/4RcFLZ9nvbm/XgoxY8eh6jGE= ARC-Authentication-Results: i=1; imf05.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=e5gSoz2r; spf=pass (imf05.hostedemail.com: domain of mvanotti@google.com designates 209.85.219.178 as permitted sender) smtp.mailfrom=mvanotti@google.com; dmarc=pass (policy=reject) header.from=google.com Received: by mail-yb1-f178.google.com with SMTP id 3f1490d57ef6-e3d18886010so77340276.3 for ; Wed, 11 Dec 2024 08:46:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1733935614; x=1734540414; darn=kvack.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=hMKD8t083+1kiX6WIOqzRHf9IuUaT4yhM1A4LWerA+s=; b=e5gSoz2roMXEQME16oE5OilUTAItjhAA8dkPyoSuXncGehkd3NfFTyQtgTLPZGRoHM OhfRZTfnoGtzpQLeVNyRp5DI4bTMLXJ525XrvTQSrgsrov2vph7/nJSfH5UQfpnX7f3/ CIHhPAYIRXmtu8KVpDwUCEqj21+4fDlkdXm51FYHUnuRnBbYzgs6pOjXQdxpHzOSG/Al oijCmIAE7OyM/srZhhyr9JyBuIxM3iA5leIZ/0Xr5+7VWPdDFQiyQ4/ooc3hiPcnJ2Dp stTfOYr3qpwc9kdHIIdmQFC9loLkSup8hh2AfrHmhnroKFs4i+YyJW0MnskXYlnY+cq7 K5Vw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1733935614; x=1734540414; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=hMKD8t083+1kiX6WIOqzRHf9IuUaT4yhM1A4LWerA+s=; b=cVzbr5/RrEtLgEyp+ERUx30Jgvc4o6nlAdhi2ZjF/GeJN/bTWNNrwcDIx2juug+0PG zFXq2jRIWVjirN6LrYN+acvY91oxw94PmeYlHv9aBpPBQYBol0m3sz0530x83sjU5TLt v3jE/rzfFR/vUA9Ju4BjI83pmLcjhtWROISeDYAKD0ZVQHMpCSqCBwcdV2dvL/g9+aoY 3VafgAnsfQ8JI2ACGunR6bvk7Sc0zgmPnwfQ8D+V1IHKobZy5jzjKVMMJtSQzqempmDV eF+s/zuOrSsmrze1tRo+qn0cIvbmRqLE4LuX0zb4m3k+WTCyfTKBsZixtOHK3UBixuDM oZ/A== X-Forwarded-Encrypted: i=1; AJvYcCVWNeg4fl4QWAKDwBenizd0ii9+JsiSkuafPVIEV40c+Dm7c7p/iYwlDtvPpy9EI3YTeECOtW+TbA==@kvack.org X-Gm-Message-State: AOJu0YwSPTn4zfhv2W/ZFaKD1c7LBZ3nZ2wrwvEgu7bsR0FtVHGLBJjf HBu/XekNXLu9w8MSTMBMv+9lnGhhji8hGamE3SCdfluKYnckjm5LhJ4IbDp5JRxT/DI7B1RFkNk ySEcvWWpH/6B7QMYyKJbWv6AbybRO2SNBVYEk X-Gm-Gg: ASbGnctHo5gf1qbsrtFZekulOGsGyaNlWbzlkcFHZ/3nLLCK8bHgd/GbUnfAi+87i5e iFt7RKQK1mPXXhcoToW/4GraQDDJY8b4PCu7TtMVq0Q+pxJ2JZgxJTHo25JEQ X-Google-Smtp-Source: AGHT+IF6N8vwOQ96UWylhlRr8FRba/nYJlSYE3yE4mdgjIxA5ohkyrAaivms93hJYIRn18O7beh8woCjA4bWTIN44w4= X-Received: by 2002:a05:6902:2206:b0:e3a:235a:4da3 with SMTP id 3f1490d57ef6-e3da0d5c17dmr65414276.24.1733935613799; Wed, 11 Dec 2024 08:46:53 -0800 (PST) MIME-Version: 1.0 References: <20241210213050.2839638-1-bgeffon@google.com> <20241210213050.2839638-2-bgeffon@google.com> In-Reply-To: <20241210213050.2839638-2-bgeffon@google.com> From: Marco Vanotti Date: Wed, 11 Dec 2024 13:46:17 -0300 Message-ID: Subject: Re: [RFC PATCH 1/5] mm: mremap: Fix new_addr being used as a hint with MREMAP_DONTUNMAP To: Brian Geffon Cc: Andrew Morton , Lorenzo Stoakes , Jann Horn , Vlastimil Babka , "Liam R. Howlett" , linux-mm@kvack.org, linux-kernel@vger.kernel.org Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-256; boundary="0000000000005b996f062901589b" X-Rspamd-Queue-Id: A40A7100003 X-Rspam-User: X-Rspamd-Server: rspam07 X-Stat-Signature: zuhio8bw7ur31pd9555wi9dzciowkgpp X-HE-Tag: 1733935570-465999 X-HE-Meta: U2FsdGVkX1/aHh9UeFjjujozGbbPEd5dEFcBdx4Kdbo9hYINJlSCM8AfMJ7tlRna2m5hX01VWiHnjhmOx/g8dSZuMOJzH00hwzM9CQxntg5XPOB1VDbLBOm41eUDOfvbWsv0vtQjh3lh3CdGdoVkRF1oaOExylASFlcYkLyTPdqM+87KmXxWzxiaIk1B8poyeci3bvdR87nNJLChGpphOWbsbdGMN6pYifDkpdWoVUKRUslY077aIXOCD6f7TT2MjmiNbUHhMtQ/X9Af+bBmQteGGTvT6/Jd21R91qa1w0mU9hiz5lQenfxb/xfVXQQSn2alqZWAMZnJYUdPvROsCSN/T5ZPgPMMloEL6xVqzoNWbFERsz+bJ7tE2ECduqO8nuT97PKfBkIc6fKGHnnmAfk4OpfcGVVWB0q0khCPwyaRvGW4IwaZe7s3JkLEUAMPjpRe6DIpLQDqHuWKv+HCaaXt7rox5ur3u6cb/1E9P1Cm67dVOVKtYzAFJRsCBodi331OaoEu7lsz+S1orpkkha7j7+ObsqM3xc+2TDJWnpJ3OlpEUS4h9jQtDiqKm4fYDamkHo8Z8ecuX+1SkVsVxtemHwBkqDybIRJGccwQoiaAhc0Po14H4vQnwbp5DgV1KSSPmQj74NJHIVbRyJduItvo5Comia/z+Ayx1UsqVSS5ZGUwkFeTlARFKPbhsKh+AyXBihFdImqCXhbeBSfIevovEGdjmx23AfRt23wwzWi+kd9yT8+iCq837mY8qbJTDZakIZCxbsqoHcM2/tl1yDcE0ZsWgJwDPeiIsY5hvygY6xMkvZk894oUWHMrl4JuUcA2LyOD6qtNQeBnF9fEflkS1u/1gaXqEPesuqD8L9n4CXEdaNjkZnssmbcxNH7Q4GwFSlQCLPXEADAfDzdHytr1OdpjR+mhy6xfIFaC253YO9z2+BSbJd36p8kycfFtA3kgSywoD6J1Gwbortp 7+RUCC2+ AclAVNXJnrm8maCuOchYd67rUZIRx8kNx1yjhM5FxjCe2oQwFujpHQj8UK0PLHBjyrS/gKw8LaoydKvPjjjJcA7sCkiSTd8tw3nfoAVUbO6MreHnlxVH46xdEA6zMNaMtCZqMgyUxvZtHqa1ls1AmcTEuJfUrZ3DZYhPmLe8jiti8LEY+ytODYR7a6cnW5J6ugAhA2yyoSwhMNRIrIWh2AYNkzXtRqkZS3XsoPNYPAf9L6rSVSYbkCpgx2LtNfEdURros1RPQ/2E1xBeja8up8SqCZDRHm/Koed8cb9Jyakuk0mNTPuiP/cfg6GICQEdBtje/ox8Gx3AlagCXifK812ZaC0rs5/zcYm+bU2ll45dHxNebP82lSBPiNmV1Qd2s1l/JvTHDosJFLXuMr37BgjVdRA== X-Bogosity: Ham, tests=bogofilter, spamicity=0.274604, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: --0000000000005b996f062901589b Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Tue, Dec 10, 2024 at 6:31=E2=80=AFPM Brian Geffon w= rote: > > Two non-mutually exclusive paths can land in mremap_to, MREMAP_FIXED > and MREMAP_DONTUNMAP which are called from mremap(). In the case of > MREMAP_FIXED we must validate the new_addr to ensure that the new > address is valid. In the case of MREMAP_DONTUNMAP without MREMAP_FIXED > a new address is specified as a hint, just like it would be in the > case of mmap. In this second case we don't need to perform any checks > because get_unmapped_area() will align new_addr, just like it would in > the case of mmap. > > This patch only fixes the behavior that was inadvertently added > with MREMAP_DONTUNMAP. > > v2: > - Addressed comment from Marco Vanotti to consolidate these checks > into existing MREMAP_FIXED blocks. > > Signed-off-by: Brian Geffon > Reported-by: Marco Vanotti Reviewed-By: Marco Vanotti > --- > mm/mremap.c | 29 +++++++++++++++++++---------- > 1 file changed, 19 insertions(+), 10 deletions(-) > > diff --git a/mm/mremap.c b/mm/mremap.c > index 60473413836b..62aec72bbe42 100644 > --- a/mm/mremap.c > +++ b/mm/mremap.c > @@ -912,16 +912,6 @@ static unsigned long mremap_to(unsigned long addr, u= nsigned long old_len, > unsigned long ret; > unsigned long map_flags =3D 0; > > - if (offset_in_page(new_addr)) > - return -EINVAL; > - > - if (new_len > TASK_SIZE || new_addr > TASK_SIZE - new_len) > - return -EINVAL; > - > - /* Ensure the old/new locations do not overlap */ > - if (addr + old_len > new_addr && new_addr + new_len > addr) > - return -EINVAL; > - > /* > * move_vma() need us to stay 4 maps below the threshold, otherwi= se > * it will bail out at the very beginning. > @@ -940,6 +930,25 @@ static unsigned long mremap_to(unsigned long addr, u= nsigned long old_len, > return -ENOMEM; > > if (flags & MREMAP_FIXED) { > + /* > + * Two non-mutually exclusive paths can land in mremap_to= , MREMAP_FIXED > + * and MREMAP_DONTUNMAP which are called from mremap(). I= n the case of > + * MREMAP_FIXED we must validate the new_addr to ensure t= hat the new > + * address is valid. In the case of MREMAP_DONTUNMAP with= out MREMAP_FIXED > + * a new address is specified as a hint, just like it wou= ld be in the > + * case of mmap. In this second case we don't need to per= form any checks > + * because get_unmapped_area() will align new_addr, just = like it would in > + * the case of mmap. > + */ > + if (offset_in_page(new_addr)) > + return -EINVAL; > + > + if (new_len > TASK_SIZE || new_addr > TASK_SIZE - new_len= ) > + return -EINVAL; > + > + /* Ensure the old/new locations do not overlap */ > + if (addr + old_len > new_addr && new_addr + new_len > add= r) > + return -EINVAL; > /* > * In mremap_to(). > * VMA is moved to dst address, and munmap dst first. > -- > 2.47.0.338.g60cca15819-goog > --0000000000005b996f062901589b Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIIUqgYJKoZIhvcNAQcCoIIUmzCCFJcCAQExDzANBglghkgBZQMEAgEFADALBgkqhkiG9w0BBwGg ghIEMIIGkTCCBHmgAwIBAgIQfofDAVIq0iZG5Ok+mZCT2TANBgkqhkiG9w0BAQwFADBMMSAwHgYD VQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSNjETMBEGA1UEChMKR2xvYmFsU2lnbjETMBEGA1UE AxMKR2xvYmFsU2lnbjAeFw0yMzA0MTkwMzUzNDdaFw0zMjA0MTkwMDAwMDBaMFQxCzAJBgNVBAYT AkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMSowKAYDVQQDEyFHbG9iYWxTaWduIEF0bGFz IFI2IFNNSU1FIENBIDIwMjMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDYydcdmKyg 4IBqVjT4XMf6SR2Ix+1ChW2efX6LpapgGIl63csmTdJQw8EcbwU9C691spkltzTASK2Ayi4aeosB mk63SPrdVjJNNTkSbTowej3xVVGnYwAjZ6/qcrIgRUNtd/mbtG7j9W80JoP6o2Szu6/mdjb/yxRM KaCDlloE9vID2jSNB5qOGkKKvN0x6I5e/B1Y6tidYDHemkW4Qv9mfE3xtDAoe5ygUvKA4KHQTOIy VQEFpd/ZAu1yvrEeA/egkcmdJs6o47sxfo9p/fGNsLm/TOOZg5aj5RHJbZlc0zQ3yZt1wh+NEe3x ewU5ZoFnETCjjTKz16eJ5RE21EmnCtLb3kU1s+t/L0RUU3XUAzMeBVYBEsEmNnbo1UiiuwUZBWiJ vMBxd9LeIodDzz3ULIN5Q84oYBOeWGI2ILvplRe9Fx/WBjHhl9rJgAXs2h9dAMVeEYIYkvW+9mpt BIU9cXUiO0bky1lumSRRg11fOgRzIJQsphStaOq5OPTb3pBiNpwWvYpvv5kCG2X58GfdR8SWA+fm OLXHcb5lRljrS4rT9MROG/QkZgNtoFLBo/r7qANrtlyAwPx5zPsQSwG9r8SFdgMTHnA2eWCZPOmN 1Tt4xU4v9mQIHNqQBuNJLjlxvalUOdTRgw21OJAFt6Ncx5j/20Qw9FECnP+B3EPVmQIDAQABo4IB ZTCCAWEwDgYDVR0PAQH/BAQDAgGGMDMGA1UdJQQsMCoGCCsGAQUFBwMCBggrBgEFBQcDBAYJKwYB BAGCNxUGBgkrBgEEAYI3FQUwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQUM7q+o9Q5TSoZ 18hmkmiB/cHGycYwHwYDVR0jBBgwFoAUrmwFo5MT4qLn4tcc1sfwf8hnU6AwewYIKwYBBQUHAQEE bzBtMC4GCCsGAQUFBzABhiJodHRwOi8vb2NzcDIuZ2xvYmFsc2lnbi5jb20vcm9vdHI2MDsGCCsG AQUFBzAChi9odHRwOi8vc2VjdXJlLmdsb2JhbHNpZ24uY29tL2NhY2VydC9yb290LXI2LmNydDA2 BgNVHR8ELzAtMCugKaAnhiVodHRwOi8vY3JsLmdsb2JhbHNpZ24uY29tL3Jvb3QtcjYuY3JsMBEG A1UdIAQKMAgwBgYEVR0gADANBgkqhkiG9w0BAQwFAAOCAgEAVc4mpSLg9A6QpSq1JNO6tURZ4rBI MkwhqdLrEsKs8z40RyxMURo+B2ZljZmFLcEVxyNt7zwpZ2IDfk4URESmfDTiy95jf856Hcwzdxfy jdwx0k7n4/0WK9ElybN4J95sgeGRcqd4pji6171bREVt0UlHrIRkftIMFK1bzU0dgpgLMu+ykJSE 0Bog41D9T6Swl2RTuKYYO4UAl9nSjWN6CVP8rZQotJv8Kl2llpe83n6ULzNfe2QT67IB5sJdsrNk jIxSwaWjOUNddWvCk/b5qsVUROOuctPyYnAFTU5KY5qhyuiFTvvVlOMArFkStNlVKIufop5EQh6p jqDGT6rp4ANDoEWbHKd4mwrMtvrh51/8UzaJrLzj3GjdkJ/sPWkDbn+AIt6lrO8hbYSD8L7RQDqK C28FheVr4ynpkrWkT7Rl6npWhyumaCbjR+8bo9gs7rto9SPDhWhgPSR9R1//WF3mdHt8SKERhvtd NFkE3zf36V9Vnu0EO1ay2n5imrOfLkOVF3vtAjleJnesM/R7v5tMS0tWoIr39KaQNURwI//WVuR+ zjqIQVx5s7Ta1GgEL56z0C5GJoNE1LvGXnQDyvDO6QeJVThFNgwkossyvmMAaPOJYnYCrYXiXXle A6TpL63Gu8foNftUO0T83JbV/e6J8iCOnGZwZDrubOtYn1QwggWDMIIDa6ADAgECAg5F5rsDgzPD hWVI5v9FUTANBgkqhkiG9w0BAQwFADBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBS NjETMBEGA1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjAeFw0xNDEyMTAwMDAw MDBaFw0zNDEyMTAwMDAwMDBaMEwxIDAeBgNVBAsTF0dsb2JhbFNpZ24gUm9vdCBDQSAtIFI2MRMw EQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWduMIICIjANBgkqhkiG9w0BAQEF AAOCAg8AMIICCgKCAgEAlQfoc8pm+ewUyns89w0I8bRFCyyCtEjG61s8roO4QZIzFKRvf+kqzMaw iGvFtonRxrL/FM5RFCHsSt0bWsbWh+5NOhUG7WRmC5KAykTec5RO86eJf094YwjIElBtQmYvTbl5 KE1SGooagLcZgQ5+xIq8ZEwhHENo1z08isWyZtWQmrcxBsW+4m0yBqYe+bnrqqO4v76CY1DQ8BiJ 3+QPefXqoh8q0nAue+e8k7ttU+JIfIwQBzj/ZrJ3YX7g6ow8qrSk9vOVShIHbf2MsonP0KBhd8hY dLDUIzr3XTrKotudCd5dRC2Q8YHNV5L6frxQBGM032uTGL5rNrI55KwkNrfw77YcE1eTtt6y+OKF t3OiuDWqRfLgnTahb1SK8XJWbi6IxVFCRBWU7qPFOJabTk5aC0fzBjZJdzC8cTflpuwhCHX85mEW P3fV2ZGXhAps1AJNdMAU7f05+4PyXhShBLAL6f7uj+FuC7IIs2FmCWqxBjplllnA8DX9ydoojRoR h3CBCqiadR2eOoYFAJ7bgNYl+dwFnidZTHY5W+r5paHYgw/R/98wEfmFzzNI9cptZBQselhP00sI ScWVZBpjDnk99bOMylitnEJFeW4OhxlcVLFltr+Mm9wT6Q1vuC7cZ27JixG1hBSKABlwg3mRl5HU Gie/Nx4yB9gUYzwoTK8CAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8w HQYDVR0OBBYEFK5sBaOTE+Ki5+LXHNbH8H/IZ1OgMB8GA1UdIwQYMBaAFK5sBaOTE+Ki5+LXHNbH 8H/IZ1OgMA0GCSqGSIb3DQEBDAUAA4ICAQCDJe3o0f2VUs2ewASgkWnmXNCE3tytok/oR3jWZZip W6g8h3wCitFutxZz5l/AVJjVdL7BzeIRka0jGD3d4XJElrSVXsB7jpl4FkMTVlezorM7tXfcQHKs o+ubNT6xCCGh58RDN3kyvrXnnCxMvEMpmY4w06wh4OMd+tgHM3ZUACIquU0gLnBo2uVT/INc053y /0QMRGby0uO9RgAabQK6JV2NoTFR3VRGHE3bmZbvGhwEXKYV73jgef5d2z6qTFX9mhWpb+Gm+99w MOnD7kJG7cKTBYn6fWN7P9BxgXwA6JiuDng0wyX7rwqfIGvdOxOPEoziQRpIenOgd2nHtlx/gsge /lgbKCuobK1ebcAF0nu364D+JTf+AptorEJdw+71zNzwUHXSNmmc5nsE324GabbeCglIWYfrexRg emSqaUPvkcdM7BjdbO9TLYyZ4V7ycj7PVMi9Z+ykD0xF/9O5MCMHTI8Qv4aW2ZlatJlXHKTMuxWJ U7osBQ/kxJ4ZsRg01Uyduu33H68klQR4qAO77oHl2l98i0qhkHQlp7M+S8gsVr3HyO844lyS8Hn3 nIS6dC1hASB+ftHyTwdZX4stQ1LrRgyU4fVmR3l31VRbH60kN8tFWk6gREjI2LCZxRWECfbWSUnA ZbjmGnFuoKjxguhFPmzWAtcKZ4MFWsmkEDCCBeQwggPMoAMCAQICEAHllGpqeZ38I6s6Rp3Rz6Uw DQYJKoZIhvcNAQELBQAwVDELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2Ex KjAoBgNVBAMTIUdsb2JhbFNpZ24gQXRsYXMgUjYgU01JTUUgQ0EgMjAyMzAeFw0yNDA4MjkyMTI0 MjFaFw0yNTAyMjUyMTI0MjFaMCQxIjAgBgkqhkiG9w0BCQEWE212YW5vdHRpQGdvb2dsZS5jb20w ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEqJZf8GmFmko36s1F1q+nXtWnVUog02fq dTh5y87o6cPPtRxTdlTWURw7qqWYQOR+9rEByre4VwHEHAT9bP/n1kuCYTqXbYKnFV1mUKyHeSFa 19LuG+7xvG4iG0Tk7MeIjd/awt4WWx3voUv776a9cr18UbGQ1IiFVBnXxEP3/8PqHJIEHF00gJTc iMjtsdjne2hmqYhzOFQi18OXgWJhF+xWzX8HMpa/xuCsXE4vHgWyTAoHVXuqgZu4tZYMCLwG2IF6 m06/5lp/f2fffNSWqDSMix0VSbBUyU8cP5vO4dxqWZaZdqpPRgEPYrZf6NS+TlWb9fGNjWP22FTU dse5AgMBAAGjggHgMIIB3DAeBgNVHREEFzAVgRNtdmFub3R0aUBnb29nbGUuY29tMA4GA1UdDwEB /wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDBAYIKwYBBQUHAwIwHQYDVR0OBBYEFLnoaPhnYXx5 pj5LfE9mu0kpE3fkMFgGA1UdIARRME8wCQYHZ4EMAQUBAjBCBgorBgEEAaAyCgMDMDQwMgYIKwYB BQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMAwGA1UdEwEB/wQC MAAwgZoGCCsGAQUFBwEBBIGNMIGKMD4GCCsGAQUFBzABhjJodHRwOi8vb2NzcC5nbG9iYWxzaWdu LmNvbS9jYS9nc2F0bGFzcjZzbWltZWNhMjAyMzBIBggrBgEFBQcwAoY8aHR0cDovL3NlY3VyZS5n bG9iYWxzaWduLmNvbS9jYWNlcnQvZ3NhdGxhc3I2c21pbWVjYTIwMjMuY3J0MB8GA1UdIwQYMBaA FDO6vqPUOU0qGdfIZpJogf3BxsnGMEYGA1UdHwQ/MD0wO6A5oDeGNWh0dHA6Ly9jcmwuZ2xvYmFs c2lnbi5jb20vY2EvZ3NhdGxhc3I2c21pbWVjYTIwMjMuY3JsMA0GCSqGSIb3DQEBCwUAA4ICAQDQ RDODjaJ7Sb/dqzbTZr/xcacY7QyDvKjrNfBPa33/WilRhBboYY4FOF7645JjBi1lgILfYG0xaSzX E8BoWb8YNSnJ537eMDSz71KBsIisoEiVGuQ+dAl9dpb7mpJoN33HAYdhHjjHopTg64v7GG0mHiSI KDJiDvh/p6AX2GLPqh9pFojEEwmUJ7DA7fO3e5//PNKYJxR3Rozw34nVP3W73S/xh6h3skYX8j21 XonJ/b1fjEKh52XqsyTOaE1VYuoKW3H36t8S5AG6pLxMWljM27Wg+nViRg0kGWuryJfmjQQwJtzm msjSHemKMeufSQ25XIJ/sSjQbgJj32wjRgOISUea6p+TC2kkvTKZCOHoKy3u+JvUtvTF1r21N4Ml ZU066dYKa1oAfNWm9pyy79xr7UtiMOGTjepILioA7xPljuFpCTKFreDjBl1q9y6PLHfmzazJ3Zna pOD0O2El81W12dxmFvODQmfBAE6r8IVD94FKgrrv6PHnroFYLkyYOoXyy4khQmqxRsNpgxGkJRRW hN0zokj+sl6k2AQ3kpY0jGHX1I/Q7YMwjCYXX3cMPvDDB+Z1X8U/1MMhKnmNCNiwocEeY7NALbzz WoscHXUz4AfS9fQp6ajna/gsWvqjUzs+or538lKoev6Ady0Jzxlo2XdNJK2vLDit2yI4FqYCnDGC AmowggJmAgEBMGgwVDELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExKjAo BgNVBAMTIUdsb2JhbFNpZ24gQXRsYXMgUjYgU01JTUUgQ0EgMjAyMwIQAeWUamp5nfwjqzpGndHP pTANBglghkgBZQMEAgEFAKCB1DAvBgkqhkiG9w0BCQQxIgQgwD+aCwRK6A4xbNbVvyHXh4chlzCX vmumTUGMreySrvAwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMjQx MjExMTY0NjU0WjBpBgkqhkiG9w0BCQ8xXDBaMAsGCWCGSAFlAwQBKjALBglghkgBZQMEARYwCwYJ YIZIAWUDBAECMAoGCCqGSIb3DQMHMAsGCSqGSIb3DQEBCjALBgkqhkiG9w0BAQcwCwYJYIZIAWUD BAIBMA0GCSqGSIb3DQEBAQUABIIBAF+C5XjPvg+TylCjWs3PfPxwpCpUcwN6J1EioOmJadmQt+no NiV67AdlEhuWUVR9pR46iCDfxBoWrgz+llVC4qmikYYBiOSMhb1EzkN80KhRPNFjg+UaIzehpgMh UV+lmrMpGsIU61EQyf/W0TXqhKf1b4qW2rC1ayryMHuUf8NTOrl1QR7hH6+wFo6TN+tkUwQchv8d 2bTUfTc4iAVdofpjj5cC26sLkfz6I40fewGzn42aBgX34P36hMFc8e9Cjs9yWDFgulfYIT1v807a 2mBOfCXIK+kDFvOLuzfEObZrEzAZRtoDMveXnuQVIBdbtUznm6UvXJnW11wdvA3HUcE= --0000000000005b996f062901589b--