From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4634FCDB482 for ; Thu, 19 Oct 2023 07:27:20 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id C68D58D0171; Thu, 19 Oct 2023 03:27:19 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id C3F6C8D0110; Thu, 19 Oct 2023 03:27:19 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id B2F568D0171; Thu, 19 Oct 2023 03:27:19 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id A2CCD8D0110 for ; Thu, 19 Oct 2023 03:27:19 -0400 (EDT) Received: from smtpin30.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id 61228140C5D for ; Thu, 19 Oct 2023 07:27:19 +0000 (UTC) X-FDA: 81361380198.30.C3FF57D Received: from mail-ej1-f54.google.com (mail-ej1-f54.google.com [209.85.218.54]) by imf13.hostedemail.com (Postfix) with ESMTP id A996220014 for ; Thu, 19 Oct 2023 07:27:17 +0000 (UTC) Authentication-Results: imf13.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b="OAXQehX/"; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf13.hostedemail.com: domain of sroettger@google.com designates 209.85.218.54 as permitted sender) smtp.mailfrom=sroettger@google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1697700437; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=9IOBcsMV6u+s6HYiaCBSZ10WxBad56dNC2+Yj1WZL+w=; b=YWtgNzUgyS/UwdF3f39O1rM/b1zglqwRidIjqKtlvrFwPP6e0cozMlGtdCwB8+i7hwfHWY 4cpvPbffbRnIkI8eaxyYOju/WkDKKZ1nlbeCjE9hNZleRsyMxFzs4KIy9FZ+y0oQ1e6w+I QbV4Y37SgA0k5yr+YdgbsGbOSqKH3PM= ARC-Authentication-Results: i=1; imf13.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b="OAXQehX/"; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf13.hostedemail.com: domain of sroettger@google.com designates 209.85.218.54 as permitted sender) smtp.mailfrom=sroettger@google.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1697700437; a=rsa-sha256; cv=none; b=nPbMQVQADY+dCy670yBfPmeGbaXTzmybRMNKVExklClQnu6a53VrKGIydQa+Awmz5YXqPb a+Uh0TIS5VpCGVtTk3gSwu/f6NbJPowDBCjPk79boCnBRqRvyYCKsbyyHFTt1MzhMYAds5 grV42rE2cecJPVE9mOup8TMkq9SBdf4= Received: by mail-ej1-f54.google.com with SMTP id a640c23a62f3a-99c1c66876aso1239959866b.2 for ; Thu, 19 Oct 2023 00:27:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1697700436; x=1698305236; darn=kvack.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=9IOBcsMV6u+s6HYiaCBSZ10WxBad56dNC2+Yj1WZL+w=; b=OAXQehX/8M70Jhgmjg/2plbK6bY2Fie/t3v/PgHthxUBNLKqU1KwaSeA58/B0cu7MJ rrxHkR5KsYRk4+gsyvwn1fmJ1sM/TqAbx6tZIJAWeHRwUxtphdtC4vvLMpNIDNw1YlXj xvwu203jv5auBnYvpSK8ZMZ9/D6HmulcMzN4NA/Jfe3fH25l5D+ZalYXuJb1tAMt8igA 4qCyhWQM+L/iM9UMgiyXhR/Gao95EPWJuM6ZrGAdPFEeI1IA9hgQDkj49VRdgHQJBb4I nRYYBK/9OKUFAABawdtT7BnfEjRzjh+2IHefSSUtyqAPqse65L7bIpB3Y7r2q7XOa43v IXqQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1697700436; x=1698305236; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=9IOBcsMV6u+s6HYiaCBSZ10WxBad56dNC2+Yj1WZL+w=; b=ct3PAsaWVrhxhGYZqXV+hk/JhV5wJE2RnPQK/dVlfhPUDPZ4op3LFLVdX33eLnkNhI qDF0dGwUpklpIaJWiGNyj+4i3SjLZjWdRdtOJsSx7LV1Vn25h7/ZmwjMlpELlbWAtxUs /KihVfjZf0+/VWqerWePkBlRn5fN9stgF82aB5VlUScf12Qx4pFYIwuadvRYOs7LUEyR 7pu+G4OnHd636n2i/GaUOLm43CklR59jnSaFt3vvRPAq5OyZ6tqdHFU4AyzxM+qX1+Dl 7hhf3dYhklUbTit2FcMDpTZvrgOvOYbSdxbtvRMWQuErpg+ZcCgT0VFtTlageXXQDx6n rjrQ== X-Gm-Message-State: AOJu0YwxBkbp7VsTc+5S29Dx7MbfQfo7ov+edj7kC7qpkWi08t+mhRJf NbRJavTqMCdO6buIxKunlfEkQ/KEY9E9KqwemLgWAA== X-Google-Smtp-Source: AGHT+IGDuSrjm/LSP0ZdVnB/CsSuk8tRwiJx8nY9IgGE+UbaAmYZ6S004s+qoUGv4L+jbyufwK1NmNeJnxPu2l58U3I= X-Received: by 2002:a17:907:2d9e:b0:9bf:b8f7:1fca with SMTP id gt30-20020a1709072d9e00b009bfb8f71fcamr971488ejc.55.1697700435854; Thu, 19 Oct 2023 00:27:15 -0700 (PDT) MIME-Version: 1.0 References: <20231017090815.1067790-1-jeffxu@chromium.org> <20231017090815.1067790-8-jeffxu@chromium.org> In-Reply-To: From: =?UTF-8?Q?Stephen_R=C3=B6ttger?= Date: Thu, 19 Oct 2023 09:27:03 +0200 Message-ID: Subject: Re: [RFC PATCH v2 7/8] mseal:Check seal flag for mmap(2) To: Linus Torvalds Cc: jeffxu@chromium.org, akpm@linux-foundation.org, keescook@chromium.org, jannh@google.com, willy@infradead.org, gregkh@linuxfoundation.org, jeffxu@google.com, jorgelo@chromium.org, groeck@chromium.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-mm@kvack.org, surenb@google.com, alex.sierra@amd.com, apopple@nvidia.com, aneesh.kumar@linux.ibm.com, axelrasmussen@google.com, ben@decadent.org.uk, catalin.marinas@arm.com, david@redhat.com, dwmw@amazon.co.uk, ying.huang@intel.com, hughd@google.com, joey.gouly@arm.com, corbet@lwn.net, wangkefeng.wang@huawei.com, Liam.Howlett@oracle.com, lstoakes@gmail.com, mawupeng1@huawei.com, linmiaohe@huawei.com, namit@vmware.com, peterx@redhat.com, peterz@infradead.org, ryan.roberts@arm.com, shr@devkernel.io, vbabka@suse.cz, xiujianfeng@huawei.com, yu.ma@intel.com, zhangpeng362@huawei.com, dave.hansen@intel.com, luto@kernel.org, linux-hardening@vger.kernel.org Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-256; boundary="0000000000007330d806080caf30" X-Rspam-User: X-Rspamd-Server: rspam12 X-Rspamd-Queue-Id: A996220014 X-Stat-Signature: wustf1bhi8ojoxpspbeuxo81eafzwapk X-HE-Tag: 1697700437-832198 X-HE-Meta: U2FsdGVkX1/9IpkasipW+AnPHeDyaYa5e5jTZouoHItK25vQMqgGEvregawGWIHNoCP+dX8SW7tL/5IEBxu2v7ihiRnxKPlo5Ijo9ASk/50kfSpE4hBxPw92A8SUIeF3TSHRlPFFgU9/mSgIoyIKIvxap57PwV463hUCGi/ZpWn5AIdc9MIH5gnyoTkdZgP4wAXD1eZIi+bljFp/ROrAYtt06VvZT3ouE36MY8D/PdfpPoUBKzeTxbDZbastonN91iZA43KagixTkwCg2W7JnKA0S5YqZPUhObIax6V4J+yHIK/w+/LPCe77sIzoT5xmzb9bkLmnkbcbBXEWDxYXFm2ObP48hJEPAwaWSUwRVYe86YIM2KnVF4wDv0aDwKlkGHJL8+2W5GgvGqOvlt6toz45G+tDG/U59EnqYiBQwRopB3KI+qRrJlX+x17K44zhq/sgKBuO1cMwWrHPLHWpyZSZ32FFMKxvmvfyX2JxGZROx3R6HujM5dHHhcfig/YetWBOc+C72GnbxmrO8FB+JgOdFkqAYGxPn2P424u4bl0q8To8SG0OzcuuHP6acnlNiacYlr9G3rEGa9RUj0JwVozzqF99FLmR2Hm44bbtit8N9kbhQDQvOlLFgaNpQnpcVQTWM04p6KqYa1HwMrY5M2aaF3k4XcX9whxjaOLMse7nc5r0F8BbjAwilDyMBuOrTtAzlZqJbOQmhd9rmb6FGRFJjAfgUvoG2TabBylyBUZTlCdtifYilz1C87CXKYT3mUT9+JHp0vX5lyxl35XBWjqXZmnDVnTOTggJMr3eby3vI0UfGT0OXaDVJo9FU4CS1rZt1Ov9qBiLh06CWdSgDQ6X56d6eBCdCvOXsKItgPEfuhA0sk7qF53ow4/061jlIUYwczQbjmC2Zalmvc9wvbUaAjbp4UdRx4rstqbmKGkKXhkPiUjxjB3r025zSZEIZF3ClVcdnJZMYxGlC/T yr0PA9/s DCsrG0ohaf+IpKzIzxGaGPvssq6U+VVQiCU/VT+1cnVE9OKKRWnXi+Yca2oREhxGVKLX+QcsJTzuTE+V8k5mmh33YVIZV81PCs9PFdPy3C18l+rnHMQfPRG8FZUrUS9M36M2BUKad1pqXCoryK0PQ/5XoHN9+qecB8JiV8BxR+mLXk2HZJrw5xLxNcOl1nwmZ1HNte0GqYIVz5Wn4x2v+PgGePQzVsGldOKKiX04hNgrZY/Q39g+iRNGL3q7r/vIQYR/oz97nHZ/uUXxraJTz7bPANN8zxc87NPcQAY2eNd/nOGCx9VsEmHJYkvkG9osxpf6tWHjSDhogHmmRg2vD+0NyBO2/pgXGF1c+DA5hffLc8onZ7z7V3fHdrAWmBmX+jthlSZPnzXqNVDI= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: --0000000000007330d806080caf30 Content-Type: text/plain; charset="UTF-8" > Without that practical reason, I think the only two sane sealing operations are: > > - SEAL_MUNMAP: "don't allow this mapping address to go away" > > IOW no unmap, no shrinking, no moving mremap > > - SEAL_MPROTECT: "don't allow any mapping permission changes" > > Again, that permission case might end up being "don't allow > _additional_ permissions" and "don't allow taking permissions away". > Or it could be split by operation (ie "don't allow permission changes > to writability / readability / executability respectively"). > > I suspect there isn't a real-life example of splitting the > SEAL_MPROTECT (the same way I doubt there's a real-life example for > splitting the UNMAP into "unmap vs move"), so unless there is some > real reason, I'd keep the sealing minimal and to just those two flags. These two flags are exactly what we would use in Chrome. I can't think of a use case for a more fine grained split either. --0000000000007330d806080caf30 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIIPoQYJKoZIhvcNAQcCoIIPkjCCD44CAQExDzANBglghkgBZQMEAgEFADALBgkqhkiG9w0BBwGg ggz7MIIEtjCCA56gAwIBAgIQeAMYYHb81ngUVR0WyMTzqzANBgkqhkiG9w0BAQsFADBMMSAwHgYD VQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMzETMBEGA1UEChMKR2xvYmFsU2lnbjETMBEGA1UE AxMKR2xvYmFsU2lnbjAeFw0yMDA3MjgwMDAwMDBaFw0yOTAzMTgwMDAwMDBaMFQxCzAJBgNVBAYT AkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMSowKAYDVQQDEyFHbG9iYWxTaWduIEF0bGFz IFIzIFNNSU1FIENBIDIwMjAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvLe9xPU9W dpiHLAvX7kFnaFZPuJLey7LYaMO8P/xSngB9IN73mVc7YiLov12Fekdtn5kL8PjmDBEvTYmWsuQS 6VBo3vdlqqXZ0M9eMkjcKqijrmDRleudEoPDzTumwQ18VB/3I+vbN039HIaRQ5x+NHGiPHVfk6Rx c6KAbYceyeqqfuJEcq23vhTdium/Bf5hHqYUhuJwnBQ+dAUcFndUKMJrth6lHeoifkbw2bv81zxJ I9cvIy516+oUekqiSFGfzAqByv41OrgLV4fLGCDH3yRh1tj7EtV3l2TngqtrDLUs5R+sWIItPa/4 AJXB1Q3nGNl2tNjVpcSn0uJ7aFPbAgMBAAGjggGKMIIBhjAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0l BBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFHzM CmjXouseLHIb0c1dlW+N+/JjMB8GA1UdIwQYMBaAFI/wS3+oLkUkrk1Q+mOai97i3Ru8MHsGCCsG AQUFBwEBBG8wbTAuBggrBgEFBQcwAYYiaHR0cDovL29jc3AyLmdsb2JhbHNpZ24uY29tL3Jvb3Ry MzA7BggrBgEFBQcwAoYvaHR0cDovL3NlY3VyZS5nbG9iYWxzaWduLmNvbS9jYWNlcnQvcm9vdC1y My5jcnQwNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5nbG9iYWxzaWduLmNvbS9yb290LXIz LmNybDBMBgNVHSAERTBDMEEGCSsGAQQBoDIBKDA0MDIGCCsGAQUFBwIBFiZodHRwczovL3d3dy5n bG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzANBgkqhkiG9w0BAQsFAAOCAQEANyYcO+9JZYyqQt41 TMwvFWAw3vLoLOQIfIn48/yea/ekOcParTb0mbhsvVSZ6sGn+txYAZb33wIb1f4wK4xQ7+RUYBfI TuTPL7olF9hDpojC2F6Eu8nuEf1XD9qNI8zFd4kfjg4rb+AME0L81WaCL/WhP2kDCnRU4jm6TryB CHhZqtxkIvXGPGHjwJJazJBnX5NayIce4fGuUEJ7HkuCthVZ3Rws0UyHSAXesT/0tXATND4mNr1X El6adiSQy619ybVERnRi5aDe1PTwE+qNiotEEaeujz1a/+yYaaTY+k+qJcVxi7tbyQ0hi0UB3myM A/z2HmGEwO8hx7hDjKmKbDCCA18wggJHoAMCAQICCwQAAAAAASFYUwiiMA0GCSqGSIb3DQEBCwUA MEwxIDAeBgNVBAsTF0dsb2JhbFNpZ24gUm9vdCBDQSAtIFIzMRMwEQYDVQQKEwpHbG9iYWxTaWdu MRMwEQYDVQQDEwpHbG9iYWxTaWduMB4XDTA5MDMxODEwMDAwMFoXDTI5MDMxODEwMDAwMFowTDEg MB4GA1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkdsb2JhbFNpZ24xEzAR BgNVBAMTCkdsb2JhbFNpZ24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMJXaQeQZ4 Ihb1wIO2hMoonv0FdhHFrYhy/EYCQ8eyip0EXyTLLkvhYIJG4VKrDIFHcGzdZNHr9SyjD4I9DCuu l9e2FIYQebs7E4B3jAjhSdJqYi8fXvqWaN+JJ5U4nwbXPsnLJlkNc96wyOkmDoMVxu9bi9IEYMpJ pij2aTv2y8gokeWdimFXN6x0FNx04Druci8unPvQu7/1PQDhBjPogiuuU6Y6FnOM3UEOIDrAtKeh 6bJPkC4yYOlXy7kEkmho5TgmYHWyn3f/kRTvriBJ/K1AFUjRAjFhGV64l++td7dkmnq/X8ET75ti +w1s4FRpFqkD2m7pg5NxdsZphYIXAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E BTADAQH/MB0GA1UdDgQWBBSP8Et/qC5FJK5NUPpjmove4t0bvDANBgkqhkiG9w0BAQsFAAOCAQEA S0DbwFCq/sgM7/eWVEVJu5YACUGssxOGhigHM8pr5nS5ugAtrqQK0/Xx8Q+Kv3NnSoPHRHt44K9u bG8DKY4zOUXDjuS5V2yq/BKW7FPGLeQkbLmUY/vcU2hnVj6DuM81IcPJaP7O2sJTqsyQiunwXUaM ld16WCgaLx3ezQA3QY/tRG3XUyiXfvNnBB4V14qWtNPeTCekTBtzc3b0F5nCH3oO4y0IrQocLP88 q1UOD5F+NuvDV0m+4S4tfGCLw0FREyOdzvcya5QBqJnnLDMfOjsl0oZAzjsshnjJYS8Uuu7bVW/f hO4FCU29KNhyztNiUGUe65KXgzHZs7XKR1g/XzCCBNowggPCoAMCAQICEAFp/vXw/R/y8Lw9a544 0YEwDQYJKoZIhvcNAQELBQAwVDELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYt c2ExKjAoBgNVBAMTIUdsb2JhbFNpZ24gQXRsYXMgUjMgU01JTUUgQ0EgMjAyMDAeFw0yMzA4MDMx NDAzNDFaFw0yNDAxMzAxNDAzNDFaMCUxIzAhBgkqhkiG9w0BCQEWFHNyb2V0dGdlckBnb29nbGUu Y29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzZBSWG7xnoaWcP4VRUAeztPXUgNd 4NVClkgOotwFn0FApauaJXUitczPQ2w4m1sPPA48zEhzTwXMSwtz6Wv7R1H9Dg1QywapO8P96WlF pG7WYEC++EJCxTk76P0djj2QNygfgvl150GkwmND15qMN8XgBgs0YMLse26UtQDC9Oz+QkMYWVal GZfXs2f/WRb1WNkLIB9JfeGE35OXFsuhrwiyfxaF3IYQNJP3OxSuYccnJUTwEKB4OqHuxdwNfvHG BsgT+rklyUPEcOT/jS9EGatv79VPLXtr21rzz4/no0sJf074YB0jjCVqlpKfQW2rYncOAI7tO/Vc ReJB/+2+iwIDAQABo4IB1TCCAdEwHwYDVR0RBBgwFoEUc3JvZXR0Z2VyQGdvb2dsZS5jb20wDgYD VR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMEBggrBgEFBQcDAjAdBgNVHQ4EFgQUwQlr miiwZhqbFo3H+sN+36dVsCIwTAYDVR0gBEUwQzBBBgkrBgEEAaAyASgwNDAyBggrBgEFBQcCARYm aHR0cHM6Ly93d3cuZ2xvYmFsc2lnbi5jb20vcmVwb3NpdG9yeS8wDAYDVR0TAQH/BAIwADCBmgYI KwYBBQUHAQEEgY0wgYowPgYIKwYBBQUHMAGGMmh0dHA6Ly9vY3NwLmdsb2JhbHNpZ24uY29tL2Nh L2dzYXRsYXNyM3NtaW1lY2EyMDIwMEgGCCsGAQUFBzAChjxodHRwOi8vc2VjdXJlLmdsb2JhbHNp Z24uY29tL2NhY2VydC9nc2F0bGFzcjNzbWltZWNhMjAyMC5jcnQwHwYDVR0jBBgwFoAUfMwKaNei 6x4schvRzV2Vb4378mMwRgYDVR0fBD8wPTA7oDmgN4Y1aHR0cDovL2NybC5nbG9iYWxzaWduLmNv bS9jYS9nc2F0bGFzcjNzbWltZWNhMjAyMC5jcmwwDQYJKoZIhvcNAQELBQADggEBABDOrwE7xhhZ KPffKFRtuggfC0sfh0EHmrCzCXlyiQFmTpjm73me7rw+ibiPUnohQxkeqC9KvwDd/gF7OAY3un01 f8y5iEmwoymOLIzkTKIMHDp6qOul60jFrAWe8EQMuBMEc9TQbOiXB4jFgLuDZX7AspyVvnmLA5sw msq0yrGgxTsEeZniQpdOP/qZNS2TJmvNH8a8HuQfHH/pd20lRWfTEuhSRN8cTkKihK7iO8wjCmrp EXefUessFdMqMUSfGI6rUaZTfU0SRfdrVHW4IE8onI30/UVurbGlFiugNF3LbDMXdqzs2/eTsLiD 8Dv1+pt7SJqI4zNhzZFOpvBPVIkxggJqMIICZgIBATBoMFQxCzAJBgNVBAYTAkJFMRkwFwYDVQQK ExBHbG9iYWxTaWduIG52LXNhMSowKAYDVQQDEyFHbG9iYWxTaWduIEF0bGFzIFIzIFNNSU1FIENB IDIwMjACEAFp/vXw/R/y8Lw9a5440YEwDQYJYIZIAWUDBAIBBQCggdQwLwYJKoZIhvcNAQkEMSIE IN2IFPpOnvXSpoGzgEz3z1Q7ztGrZLNWxOihLSSxsUInMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0B BwEwHAYJKoZIhvcNAQkFMQ8XDTIzMTAxOTA3MjcxNlowaQYJKoZIhvcNAQkPMVwwWjALBglghkgB ZQMEASowCwYJYIZIAWUDBAEWMAsGCWCGSAFlAwQBAjAKBggqhkiG9w0DBzALBgkqhkiG9w0BAQow CwYJKoZIhvcNAQEHMAsGCWCGSAFlAwQCATANBgkqhkiG9w0BAQEFAASCAQAQZi8Cbujk7196wVll Ohg031+F1CO0igozIyB4gXg6lJ/SWn7dHjH/fbtuqmRgIMAK0JJkv3/lxutEF7Rnw9CUgSSw7c8l eq2/8nqhOC6E6GgJ63tyfJ0q3EiwXZTfzqBNh5TnoFUFGjzgYr+eSKbP6DFGCYqLk/y3749s3yo2 S9opv3yJY/2deCWfCSX7JM4UPM53PGyXZjtH/TW/ocuocdldouKXrnxbCr4+/MVHXHYale0oqmJV ahL7qn3Gpb6x7PBUGZ7XoZghcy4AKiPKaJXmyWEahnhhC+FPCfHRyuewSrWUbV3TyOdrbp7Tg/zt 5gcgWkqKezX7GR/5d6KT --0000000000007330d806080caf30--