From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id B0DCCE77173 for ; Fri, 6 Dec 2024 15:35:25 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 2D5908D0008; Fri, 6 Dec 2024 10:35:25 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 2847B8D0006; Fri, 6 Dec 2024 10:35:25 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 0FFB98D0008; Fri, 6 Dec 2024 10:35:25 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id E53528D0006 for ; Fri, 6 Dec 2024 10:35:24 -0500 (EST) Received: from smtpin23.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id 90EEB141AFA for ; Fri, 6 Dec 2024 15:35:24 +0000 (UTC) X-FDA: 82864932822.23.F0DA26B Received: from mail-yb1-f179.google.com (mail-yb1-f179.google.com [209.85.219.179]) by imf04.hostedemail.com (Postfix) with ESMTP id 64E1C40018 for ; Fri, 6 Dec 2024 15:35:04 +0000 (UTC) Authentication-Results: imf04.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=Sghy3RIV; spf=pass (imf04.hostedemail.com: domain of mvanotti@google.com designates 209.85.219.179 as permitted sender) smtp.mailfrom=mvanotti@google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1733499314; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=syqIdJV9W0nENUY0I/tJ2xcYQBq1TsR/BgEW/6Kse6k=; b=SpwMUDrmHIIZ7Fo/A216RziKVP/KMUJiARhi4BUEz2R9rr5LBqGkerLkcampG6z0xcMPkw AdHlGhDyBhc4UJ7DzpvpkW11zOwnRK5stvjj3XZjzem9HlEXSNSz6S/Hbgm9TCDDYkORDB Fw7tlyuOY6vvFwhyoux2y0UoXWqC35Q= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1733499314; a=rsa-sha256; cv=none; b=sNELHxIKSV2WmAuoswBgnW2CMIWNYylf8xfFufHFjYwVwSPRC7RP53aH1NiuHS5tTP5w8J ay/iWQ2lpHOMUbr7OcVGzfxzyXvBmOnq+GoV5WJrj7XjDhYiCjlr327IGMpMcGU7dYP5uq Ka4bHRla/68hiy8MRICs2BDVG++lGc8= ARC-Authentication-Results: i=1; imf04.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=Sghy3RIV; spf=pass (imf04.hostedemail.com: domain of mvanotti@google.com designates 209.85.219.179 as permitted sender) smtp.mailfrom=mvanotti@google.com; dmarc=pass (policy=reject) header.from=google.com Received: by mail-yb1-f179.google.com with SMTP id 3f1490d57ef6-e39841c8fd6so2396322276.3 for ; Fri, 06 Dec 2024 07:35:22 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1733499322; x=1734104122; darn=kvack.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=syqIdJV9W0nENUY0I/tJ2xcYQBq1TsR/BgEW/6Kse6k=; b=Sghy3RIVfWA+d+0KsJ1VrOqcdidHoQeoA1tcWpw64Ja4cm5ZisScXOKZapApNIhxEs MzO00vkTQUfVIYZCkJqs7ZEDBpvf18+HCBO26VP123Y1yGKmGvx7T/opgYaBnqeucfo/ i5D3dDFW5xhQr0VqJogVEkoPTFmtHl1IzvQGmyffnPXHjt5V+FKbTbFOs6Q/DI4T/k6R +6a4Z/eK+hdhOksRs0nFBWGDTcMixL6iUbJhnlKYAFXfASOr5lm0sx6Y+YKy81C2QKS5 NDRKsjtBS9xlpfTvxlfkA9SVnZw61mx4DiYKrQ2HsM0ikpF7HrPSXl2Fy4pt1qkdadWN vYjg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1733499322; x=1734104122; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=syqIdJV9W0nENUY0I/tJ2xcYQBq1TsR/BgEW/6Kse6k=; b=C3GuBpN7oiP49Siaokk5KCQrk30yCkt0XAKFgbxcFrVGHXiRIsS/LJ10SnazwObKiN mmNgbst3wd+Yz5mn6JqEvCyX/uc2TWCFZ1f3FcEwIaQ/L3dCuVOaYcXSsFnRORwUGmZT 70aht8S7x2DG/+quwQI8d6VFU2uZymm0GbBGPTLeJSGx8gAA6sG1p7VDot6prSnRx6lD Vh5AkyaLBy7NEBROxdDjGHQ6lQd+8VmxZk4zXYTg956eXht9bYrfffwVLTRCHFFCUO3p xEZkIKtyNxsCykt2YsgejcNY74+ae4iEk4QAbkN9u3dXDX4+JeerlmNwn5+AeKxfck2D fEFQ== X-Forwarded-Encrypted: i=1; AJvYcCUufNaKiBMpTw6iV3g6Q0D02+DdV8nkmeK9aX9sru+sFy+rao/5iTmu6EBdv3GL9vLdrVOHCx5NOw==@kvack.org X-Gm-Message-State: AOJu0Yx/oj2tZQ8TsJDXj1E04L0CwTr6rrAC7arjNrL9bssU5mVoEmUC RoA68XRrac1OtPQGOb2ak66TmEcgY+/fGWG4MOD9022P1DwJjLI1yqZqngOBOUV83MfhWnFQc/2 v5aJwA6mH0GvZ7tN4GGCJzJbF6p7xxZjkO3dp X-Gm-Gg: ASbGncst7O5mD2SiQvkDUcu5P9w6NBqoj7Y8Hn3phvV+tYc+uqmz1ktpxxrdaCClv6D Er4qSOXmtrpG11H3vEGoY4x20NSiRmn5XIh1lbAX1FBXqZWGA30heUX44tVE= X-Google-Smtp-Source: AGHT+IFuZLFtzwRg+JRsBwQ/3EqqNsFYlGwoB9FyffJ+nGfAGob1JrXtERHFpnUBC6hMDQmk7UEWhzC5bKsJcXfTiVo= X-Received: by 2002:a05:6902:2491:b0:e30:e39b:9d72 with SMTP id 3f1490d57ef6-e3a0b0be842mr3543484276.16.1733499321601; Fri, 06 Dec 2024 07:35:21 -0800 (PST) MIME-Version: 1.0 References: <20241206152032.1222067-1-bgeffon@google.com> <20241206152032.1222067-2-bgeffon@google.com> In-Reply-To: <20241206152032.1222067-2-bgeffon@google.com> From: Marco Vanotti Date: Fri, 6 Dec 2024 12:34:43 -0300 Message-ID: Subject: Re: [PATCH 1/2] mremap: Fix new_addr being used as a hint with MREMAP_DONTUNMAP To: Brian Geffon Cc: Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-256; boundary="0000000000004fc95d06289bc34e" X-Rspamd-Server: rspam10 X-Rspamd-Queue-Id: 64E1C40018 X-Stat-Signature: ghip7rjk97mktjrgm7sity6us9ebii7n X-Rspam-User: X-HE-Tag: 1733499304-136550 X-HE-Meta: U2FsdGVkX192f8mnnt0stUOwiBf3EQNoLe9drTXjMgOa9PRbrG/qULnDE1vE+3Mfsoa4kq8ZEFOpNM+C7gBfIUNJurGlFAKb/3D699WTl6YGc/IWnZIJ34Bs8KntBQqw9xwJN16PkoWkIe9wu3ZWsUQerNwpcJZYlW9KhT9sdPGvGhnDJoppRJgu7DvpYGBZ1J8uXNxZPkrl8bat76CoIvEaHS9eUv+CIbHHKFXP1HyeH5SUANemYTRgVQoTvtAi9ZzVnqzYkZSaA8PqcPfLzhqdBlmGWVbAuQapQJxSkyoWS2JiRed0qu/2JiH8vEO4HQCsGCM2wUT99RkQ9zuqQ79z/pAbhAhLeRsLlvCcxu4GKGXoPKvFjPvqGzAgwSmCRwS9Jqm83vxuAA5rcUIV40IPyg1caB3geYcnXvyNzQxhETxXu45hXOkHhClBlu3E7V1yCeS162AJtVVaw29yEzQKmYAFs1/eJygwPufhFgkLuRwyDWS2KGBERmBi6udyFwxgD4Xmw+Um5nNum8hgqNncaB9+RiTbyMbL48XCH0VgiLKo1mJQouONgfpbohsY2r56siXI572d2SR2FC52y0BvAYTTx2queaegYbf6PjupLSxlSABKmhVVGmsoJkAPaeIY8xgXNFhI77uPJY0c371R2P7vP8RuMZ9HsF2T2Z13rF+7VDFDakuRmewRLeKRkWl2OY8o2POohndNCEYwSR10NIB0yTJ6kHrbGWbl0f+KipmKUkrW9ftwCupZieUKkQcYAJ3V9OVwb/HP8nbwc1oJzgujsIRkSSZBCsp+sOsF39jxnLL7ouIrCHlHyJQ050i4IGALco8p3kApae/fKOdii9zr6tl+GHK+OF4RFgVVunm8wtkv4+gWfDyBb9pzs9dBo/X7maZBFpg0MVZha9yx6kxFd8GNXxtaYRhaE8LNQeNeJalzDfBjXwf6HUSDxRvNDs9/c+4c0clav5e B02MSxVf VOHVYBpzmQzkPfqLo1pr6n0zEELq75VxzRM7e2TICHrpuNf4GKuQ3MR1hM6N7Y1IsO4aWam8E+CpO9V8NKwZqXUW1dwF87e9pK5TtCqYgVnGrqfVN2uHGNh192EBLcG8RH9n1TbkHCshnXq9M+0PsLyBiW6k83oVC91fLHZHpyRy5n2pEG/u6I3G5V+UG6JmwEeERLciDbilmMDRn8U6K/pQLn6BJPkCRvIG9xtU74wK6lGWTti/ANwPhA+pgTblPcwqZ4791NOJJupcc3ezghF9RUDg1Vc7nuz8VGfGWFm+zJf7WPkJOWC9HuwGWQO15h6q0H7BPTf9CYrxNF1WyiQbb9MeM6EPxxNwkwkwK7p9zt58KYXX1rTRgNf6nRpGy/XcQGaal6RHBryuM8FjK1y62NQ== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000392, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: --0000000000004fc95d06289bc34e Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Fri, Dec 6, 2024 at 12:20=E2=80=AFPM Brian Geffon w= rote: > > Two non-mutually exclusive paths can land in mremap_to, MREMAP_FIXED > and MREMAP_DONTUNMAP which are called from mremap(). In the case of > MREMAP_FIXED we must validate the new_addr to ensure that the new > address is valid. In the case of MREMAP_DONTUNMAP without MREMAP_FIXED > a new address is specified as a hint, just like it would be in the > case of mmap. In this second case we don't need to perform any checks > because get_unmapped_area() will align new_addr, just like it would in > the case of mmap. > > Signed-off-by: Brian Geffon > Reported-by: Marco Vanotti > --- > mm/mremap.c | 26 +++++++++++++++++++------- > 1 file changed, 19 insertions(+), 7 deletions(-) > > diff --git a/mm/mremap.c b/mm/mremap.c > index 60473413836b..286ffdb883df 100644 > --- a/mm/mremap.c > +++ b/mm/mremap.c > @@ -912,15 +912,27 @@ static unsigned long mremap_to(unsigned long addr, = unsigned long old_len, > unsigned long ret; > unsigned long map_flags =3D 0; > > - if (offset_in_page(new_addr)) > - return -EINVAL; > + /* > + * Two non-mutually exclusive paths can land in mremap_to, MREMAP= _FIXED > + * and MREMAP_DONTUNMAP which are called from mremap(). In the ca= se of > + * MREMAP_FIXED we must validate the new_addr to ensure that the = new > + * address is valid. In the case of MREMAP_DONTUNMAP without MREM= AP_FIXED > + * a new address is specified as a hint, just like it would be in= the > + * case of mmap. In this second case we don't need to perform any= checks > + * because get_unmapped_area() will align new_addr, just like it = would in > + * the case of mmap. > + */ A few lines below we also check for MREMAP_FIXED before calling do_unmap, can't we do the validation there? > + if (flags & MREMAP_FIXED) { > + if (offset_in_page(new_addr)) > + return -EINVAL; > > - if (new_len > TASK_SIZE || new_addr > TASK_SIZE - new_len) > - return -EINVAL; > + if (new_len > TASK_SIZE || new_addr > TASK_SIZE - new_len= ) > + return -EINVAL; > > - /* Ensure the old/new locations do not overlap */ > - if (addr + old_len > new_addr && new_addr + new_len > addr) > - return -EINVAL; > + /* Ensure the old/new locations do not overlap */ > + if (addr + old_len > new_addr && new_addr + new_len > add= r) > + return -EINVAL; > + } > > /* > * move_vma() need us to stay 4 maps below the threshold, otherwi= se > -- > 2.47.0.338.g60cca15819-goog > --0000000000004fc95d06289bc34e Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIIUqgYJKoZIhvcNAQcCoIIUmzCCFJcCAQExDzANBglghkgBZQMEAgEFADALBgkqhkiG9w0BBwGg ghIEMIIGkTCCBHmgAwIBAgIQfofDAVIq0iZG5Ok+mZCT2TANBgkqhkiG9w0BAQwFADBMMSAwHgYD VQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSNjETMBEGA1UEChMKR2xvYmFsU2lnbjETMBEGA1UE AxMKR2xvYmFsU2lnbjAeFw0yMzA0MTkwMzUzNDdaFw0zMjA0MTkwMDAwMDBaMFQxCzAJBgNVBAYT AkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMSowKAYDVQQDEyFHbG9iYWxTaWduIEF0bGFz IFI2IFNNSU1FIENBIDIwMjMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDYydcdmKyg 4IBqVjT4XMf6SR2Ix+1ChW2efX6LpapgGIl63csmTdJQw8EcbwU9C691spkltzTASK2Ayi4aeosB mk63SPrdVjJNNTkSbTowej3xVVGnYwAjZ6/qcrIgRUNtd/mbtG7j9W80JoP6o2Szu6/mdjb/yxRM KaCDlloE9vID2jSNB5qOGkKKvN0x6I5e/B1Y6tidYDHemkW4Qv9mfE3xtDAoe5ygUvKA4KHQTOIy VQEFpd/ZAu1yvrEeA/egkcmdJs6o47sxfo9p/fGNsLm/TOOZg5aj5RHJbZlc0zQ3yZt1wh+NEe3x ewU5ZoFnETCjjTKz16eJ5RE21EmnCtLb3kU1s+t/L0RUU3XUAzMeBVYBEsEmNnbo1UiiuwUZBWiJ vMBxd9LeIodDzz3ULIN5Q84oYBOeWGI2ILvplRe9Fx/WBjHhl9rJgAXs2h9dAMVeEYIYkvW+9mpt BIU9cXUiO0bky1lumSRRg11fOgRzIJQsphStaOq5OPTb3pBiNpwWvYpvv5kCG2X58GfdR8SWA+fm OLXHcb5lRljrS4rT9MROG/QkZgNtoFLBo/r7qANrtlyAwPx5zPsQSwG9r8SFdgMTHnA2eWCZPOmN 1Tt4xU4v9mQIHNqQBuNJLjlxvalUOdTRgw21OJAFt6Ncx5j/20Qw9FECnP+B3EPVmQIDAQABo4IB ZTCCAWEwDgYDVR0PAQH/BAQDAgGGMDMGA1UdJQQsMCoGCCsGAQUFBwMCBggrBgEFBQcDBAYJKwYB BAGCNxUGBgkrBgEEAYI3FQUwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQUM7q+o9Q5TSoZ 18hmkmiB/cHGycYwHwYDVR0jBBgwFoAUrmwFo5MT4qLn4tcc1sfwf8hnU6AwewYIKwYBBQUHAQEE bzBtMC4GCCsGAQUFBzABhiJodHRwOi8vb2NzcDIuZ2xvYmFsc2lnbi5jb20vcm9vdHI2MDsGCCsG AQUFBzAChi9odHRwOi8vc2VjdXJlLmdsb2JhbHNpZ24uY29tL2NhY2VydC9yb290LXI2LmNydDA2 BgNVHR8ELzAtMCugKaAnhiVodHRwOi8vY3JsLmdsb2JhbHNpZ24uY29tL3Jvb3QtcjYuY3JsMBEG A1UdIAQKMAgwBgYEVR0gADANBgkqhkiG9w0BAQwFAAOCAgEAVc4mpSLg9A6QpSq1JNO6tURZ4rBI MkwhqdLrEsKs8z40RyxMURo+B2ZljZmFLcEVxyNt7zwpZ2IDfk4URESmfDTiy95jf856Hcwzdxfy jdwx0k7n4/0WK9ElybN4J95sgeGRcqd4pji6171bREVt0UlHrIRkftIMFK1bzU0dgpgLMu+ykJSE 0Bog41D9T6Swl2RTuKYYO4UAl9nSjWN6CVP8rZQotJv8Kl2llpe83n6ULzNfe2QT67IB5sJdsrNk jIxSwaWjOUNddWvCk/b5qsVUROOuctPyYnAFTU5KY5qhyuiFTvvVlOMArFkStNlVKIufop5EQh6p jqDGT6rp4ANDoEWbHKd4mwrMtvrh51/8UzaJrLzj3GjdkJ/sPWkDbn+AIt6lrO8hbYSD8L7RQDqK C28FheVr4ynpkrWkT7Rl6npWhyumaCbjR+8bo9gs7rto9SPDhWhgPSR9R1//WF3mdHt8SKERhvtd NFkE3zf36V9Vnu0EO1ay2n5imrOfLkOVF3vtAjleJnesM/R7v5tMS0tWoIr39KaQNURwI//WVuR+ zjqIQVx5s7Ta1GgEL56z0C5GJoNE1LvGXnQDyvDO6QeJVThFNgwkossyvmMAaPOJYnYCrYXiXXle A6TpL63Gu8foNftUO0T83JbV/e6J8iCOnGZwZDrubOtYn1QwggWDMIIDa6ADAgECAg5F5rsDgzPD hWVI5v9FUTANBgkqhkiG9w0BAQwFADBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBS NjETMBEGA1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjAeFw0xNDEyMTAwMDAw MDBaFw0zNDEyMTAwMDAwMDBaMEwxIDAeBgNVBAsTF0dsb2JhbFNpZ24gUm9vdCBDQSAtIFI2MRMw EQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWduMIICIjANBgkqhkiG9w0BAQEF AAOCAg8AMIICCgKCAgEAlQfoc8pm+ewUyns89w0I8bRFCyyCtEjG61s8roO4QZIzFKRvf+kqzMaw iGvFtonRxrL/FM5RFCHsSt0bWsbWh+5NOhUG7WRmC5KAykTec5RO86eJf094YwjIElBtQmYvTbl5 KE1SGooagLcZgQ5+xIq8ZEwhHENo1z08isWyZtWQmrcxBsW+4m0yBqYe+bnrqqO4v76CY1DQ8BiJ 3+QPefXqoh8q0nAue+e8k7ttU+JIfIwQBzj/ZrJ3YX7g6ow8qrSk9vOVShIHbf2MsonP0KBhd8hY dLDUIzr3XTrKotudCd5dRC2Q8YHNV5L6frxQBGM032uTGL5rNrI55KwkNrfw77YcE1eTtt6y+OKF t3OiuDWqRfLgnTahb1SK8XJWbi6IxVFCRBWU7qPFOJabTk5aC0fzBjZJdzC8cTflpuwhCHX85mEW P3fV2ZGXhAps1AJNdMAU7f05+4PyXhShBLAL6f7uj+FuC7IIs2FmCWqxBjplllnA8DX9ydoojRoR h3CBCqiadR2eOoYFAJ7bgNYl+dwFnidZTHY5W+r5paHYgw/R/98wEfmFzzNI9cptZBQselhP00sI ScWVZBpjDnk99bOMylitnEJFeW4OhxlcVLFltr+Mm9wT6Q1vuC7cZ27JixG1hBSKABlwg3mRl5HU Gie/Nx4yB9gUYzwoTK8CAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8w HQYDVR0OBBYEFK5sBaOTE+Ki5+LXHNbH8H/IZ1OgMB8GA1UdIwQYMBaAFK5sBaOTE+Ki5+LXHNbH 8H/IZ1OgMA0GCSqGSIb3DQEBDAUAA4ICAQCDJe3o0f2VUs2ewASgkWnmXNCE3tytok/oR3jWZZip W6g8h3wCitFutxZz5l/AVJjVdL7BzeIRka0jGD3d4XJElrSVXsB7jpl4FkMTVlezorM7tXfcQHKs o+ubNT6xCCGh58RDN3kyvrXnnCxMvEMpmY4w06wh4OMd+tgHM3ZUACIquU0gLnBo2uVT/INc053y /0QMRGby0uO9RgAabQK6JV2NoTFR3VRGHE3bmZbvGhwEXKYV73jgef5d2z6qTFX9mhWpb+Gm+99w MOnD7kJG7cKTBYn6fWN7P9BxgXwA6JiuDng0wyX7rwqfIGvdOxOPEoziQRpIenOgd2nHtlx/gsge /lgbKCuobK1ebcAF0nu364D+JTf+AptorEJdw+71zNzwUHXSNmmc5nsE324GabbeCglIWYfrexRg emSqaUPvkcdM7BjdbO9TLYyZ4V7ycj7PVMi9Z+ykD0xF/9O5MCMHTI8Qv4aW2ZlatJlXHKTMuxWJ U7osBQ/kxJ4ZsRg01Uyduu33H68klQR4qAO77oHl2l98i0qhkHQlp7M+S8gsVr3HyO844lyS8Hn3 nIS6dC1hASB+ftHyTwdZX4stQ1LrRgyU4fVmR3l31VRbH60kN8tFWk6gREjI2LCZxRWECfbWSUnA ZbjmGnFuoKjxguhFPmzWAtcKZ4MFWsmkEDCCBeQwggPMoAMCAQICEAHllGpqeZ38I6s6Rp3Rz6Uw DQYJKoZIhvcNAQELBQAwVDELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2Ex KjAoBgNVBAMTIUdsb2JhbFNpZ24gQXRsYXMgUjYgU01JTUUgQ0EgMjAyMzAeFw0yNDA4MjkyMTI0 MjFaFw0yNTAyMjUyMTI0MjFaMCQxIjAgBgkqhkiG9w0BCQEWE212YW5vdHRpQGdvb2dsZS5jb20w ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEqJZf8GmFmko36s1F1q+nXtWnVUog02fq dTh5y87o6cPPtRxTdlTWURw7qqWYQOR+9rEByre4VwHEHAT9bP/n1kuCYTqXbYKnFV1mUKyHeSFa 19LuG+7xvG4iG0Tk7MeIjd/awt4WWx3voUv776a9cr18UbGQ1IiFVBnXxEP3/8PqHJIEHF00gJTc iMjtsdjne2hmqYhzOFQi18OXgWJhF+xWzX8HMpa/xuCsXE4vHgWyTAoHVXuqgZu4tZYMCLwG2IF6 m06/5lp/f2fffNSWqDSMix0VSbBUyU8cP5vO4dxqWZaZdqpPRgEPYrZf6NS+TlWb9fGNjWP22FTU dse5AgMBAAGjggHgMIIB3DAeBgNVHREEFzAVgRNtdmFub3R0aUBnb29nbGUuY29tMA4GA1UdDwEB /wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDBAYIKwYBBQUHAwIwHQYDVR0OBBYEFLnoaPhnYXx5 pj5LfE9mu0kpE3fkMFgGA1UdIARRME8wCQYHZ4EMAQUBAjBCBgorBgEEAaAyCgMDMDQwMgYIKwYB BQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMAwGA1UdEwEB/wQC MAAwgZoGCCsGAQUFBwEBBIGNMIGKMD4GCCsGAQUFBzABhjJodHRwOi8vb2NzcC5nbG9iYWxzaWdu LmNvbS9jYS9nc2F0bGFzcjZzbWltZWNhMjAyMzBIBggrBgEFBQcwAoY8aHR0cDovL3NlY3VyZS5n bG9iYWxzaWduLmNvbS9jYWNlcnQvZ3NhdGxhc3I2c21pbWVjYTIwMjMuY3J0MB8GA1UdIwQYMBaA FDO6vqPUOU0qGdfIZpJogf3BxsnGMEYGA1UdHwQ/MD0wO6A5oDeGNWh0dHA6Ly9jcmwuZ2xvYmFs c2lnbi5jb20vY2EvZ3NhdGxhc3I2c21pbWVjYTIwMjMuY3JsMA0GCSqGSIb3DQEBCwUAA4ICAQDQ RDODjaJ7Sb/dqzbTZr/xcacY7QyDvKjrNfBPa33/WilRhBboYY4FOF7645JjBi1lgILfYG0xaSzX E8BoWb8YNSnJ537eMDSz71KBsIisoEiVGuQ+dAl9dpb7mpJoN33HAYdhHjjHopTg64v7GG0mHiSI KDJiDvh/p6AX2GLPqh9pFojEEwmUJ7DA7fO3e5//PNKYJxR3Rozw34nVP3W73S/xh6h3skYX8j21 XonJ/b1fjEKh52XqsyTOaE1VYuoKW3H36t8S5AG6pLxMWljM27Wg+nViRg0kGWuryJfmjQQwJtzm msjSHemKMeufSQ25XIJ/sSjQbgJj32wjRgOISUea6p+TC2kkvTKZCOHoKy3u+JvUtvTF1r21N4Ml ZU066dYKa1oAfNWm9pyy79xr7UtiMOGTjepILioA7xPljuFpCTKFreDjBl1q9y6PLHfmzazJ3Zna pOD0O2El81W12dxmFvODQmfBAE6r8IVD94FKgrrv6PHnroFYLkyYOoXyy4khQmqxRsNpgxGkJRRW hN0zokj+sl6k2AQ3kpY0jGHX1I/Q7YMwjCYXX3cMPvDDB+Z1X8U/1MMhKnmNCNiwocEeY7NALbzz WoscHXUz4AfS9fQp6ajna/gsWvqjUzs+or538lKoev6Ady0Jzxlo2XdNJK2vLDit2yI4FqYCnDGC AmowggJmAgEBMGgwVDELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExKjAo BgNVBAMTIUdsb2JhbFNpZ24gQXRsYXMgUjYgU01JTUUgQ0EgMjAyMwIQAeWUamp5nfwjqzpGndHP pTANBglghkgBZQMEAgEFAKCB1DAvBgkqhkiG9w0BCQQxIgQgl27RjW9XUqrGDfHJE5alFGaAOSdf Xh08g07M3FJ7XlcwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMjQx MjA2MTUzNTIyWjBpBgkqhkiG9w0BCQ8xXDBaMAsGCWCGSAFlAwQBKjALBglghkgBZQMEARYwCwYJ YIZIAWUDBAECMAoGCCqGSIb3DQMHMAsGCSqGSIb3DQEBCjALBgkqhkiG9w0BAQcwCwYJYIZIAWUD BAIBMA0GCSqGSIb3DQEBAQUABIIBABxRee5Vrn6B6n8FKWobEcgBGgG5RR8TF0Oa+VhnoQdlIIsg NDM6HGPfzxO9KFRr7J/VeVZyH7Rn9iZPnEThUn1DVsVF63lmjBcSrTu9HVdNtGTZx1HyT1FqCd0l PbFTmcOEbLgIHFWZdkkkE8f2PPrWcu3T9xsCs+PrMgiiDodjDkFi0TbARWGzhG+X7f+Twq9Vw7ca yOYvFTgTgMlIDKrfXwVifOegIEFwQi6rBwxdYavgHe4HqK1heGDQjLUpawJrO+SBNVW0n23qx+Ic 81aBnoAtp6nngojiFEAPbThgHRL2F+tREPz9z5+bsYDxUsVprn8OPyJC5Drk2l5vBGo= --0000000000004fc95d06289bc34e--