From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id CA3D4C52D6D for ; Sat, 3 Aug 2024 08:36:27 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 4E1C86B0085; Sat, 3 Aug 2024 04:36:27 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 4911F6B0088; Sat, 3 Aug 2024 04:36:27 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 359286B0089; Sat, 3 Aug 2024 04:36:27 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id 10EC96B0085 for ; Sat, 3 Aug 2024 04:36:27 -0400 (EDT) Received: from smtpin25.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id AC797120F38 for ; Sat, 3 Aug 2024 08:36:26 +0000 (UTC) X-FDA: 82410277572.25.1BDB311 Received: from casper.infradead.org (casper.infradead.org [90.155.50.34]) by imf04.hostedemail.com (Postfix) with ESMTP id 3F51F4000B for ; Sat, 3 Aug 2024 08:36:23 +0000 (UTC) Authentication-Results: imf04.hostedemail.com; dkim=pass header.d=infradead.org header.s=casper.20170209 header.b=G7Qtmvdv; spf=none (imf04.hostedemail.com: domain of BATV+4273fc774276927059c0+7650+infradead.org+dwmw2@casper.srs.infradead.org has no SPF policy when checking 90.155.50.34) smtp.mailfrom=BATV+4273fc774276927059c0+7650+infradead.org+dwmw2@casper.srs.infradead.org; dmarc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1722674156; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=sX5mPvQNHxeir1HLtFut4TlTQw0C1g9TxiByvinTdD0=; b=zI0PMYvi2QPPmDebq+g0qfdEUIKxW3yiD4zGrS/fz49pscOOWYx592m3iLH1v5IwsOXFtT ezU8y9BKdTYl46EM+WzjBGbn3cel3HFNvyyJ7nG+pMFFuPdyiW4NdF8Kcrf0wdPS523P6o u+MiQdduk51ZIDRAl/NHhtWUF32FgVc= ARC-Authentication-Results: i=1; imf04.hostedemail.com; dkim=pass header.d=infradead.org header.s=casper.20170209 header.b=G7Qtmvdv; spf=none (imf04.hostedemail.com: domain of BATV+4273fc774276927059c0+7650+infradead.org+dwmw2@casper.srs.infradead.org has no SPF policy when checking 90.155.50.34) smtp.mailfrom=BATV+4273fc774276927059c0+7650+infradead.org+dwmw2@casper.srs.infradead.org; dmarc=none ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1722674156; a=rsa-sha256; cv=none; b=0xxwravQgayNGlIH6sWBcOpL+mOQIKqTY1uioYebWi7W44ReA+ay+AMVvwgriyfE/aAsz7 3/V90W2CKys3fFRQEF7/SjeNWcCr0Hz8Hr4uDZFr4Qd1qlCjrhNSxoqKWaQzHLuoyZAyFa fMM05tqgsHPQq9qawFavaaRiQ740uns= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=MIME-Version:Content-Type:References: In-Reply-To:Date:Cc:To:From:Subject:Message-ID:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=sX5mPvQNHxeir1HLtFut4TlTQw0C1g9TxiByvinTdD0=; b=G7QtmvdvyG06aZzHZ0LdapcGTZ uFky4+yk4xNjaYjXHhdos2uG5r9to4GwHbSUFcRGIEMn8zIrFjczBa+E0M4kmFs1T/fspzruxquH0 HO2M8zODkyno7icX9oz3wATgKpqnA0J5zgdPfRhxvhhBnHUMY8yoVNNwJaCNGnsiELZYdJOdhthKc sVZ3WHYJd9BlzvSNM2zsLrjau1cy3CqOZC2vDz2kx8A/0J4xzx8eKGV2JUFgaIkqU1SbLtIM3j8Xu O3WTczlog+1EYOO4u7hOsXA2Mbw9ICKNCEYAizNMi5XVUqtn0UQSfXjTUtLKAbEzJy4eREeJPa4Nh chYDY0Pw==; Received: from [2001:8b0:10b:5:baa5:735b:df3b:ad66] (helo=u3832b3a9db3152.ant.amazon.com) by casper.infradead.org with esmtpsa (Exim 4.97.1 #2 (Red Hat Linux)) id 1saAF2-00000001wIH-3oNd; Sat, 03 Aug 2024 08:35:57 +0000 Message-ID: Subject: Re: [PATCH] KVM: x86: Use gfn_to_pfn_cache for steal_time From: David Woodhouse To: Peter Xu Cc: Carsten Stollmaier , Sean Christopherson , Paolo Bonzini , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , nh-open-source@amazon.com, Sebastian Biemueller , kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Matthew Wilcox , Andrew Morton , "linux-mm@kvack.org" Date: Sat, 03 Aug 2024 09:35:56 +0100 In-Reply-To: References: <20240802114402.96669-1-stollmc@amazon.com> Content-Type: multipart/signed; micalg="sha-256"; protocol="application/pkcs7-signature"; boundary="=-JMXSzu51Qr8KhmrBCDra" User-Agent: Evolution 3.44.4-0ubuntu2 MIME-Version: 1.0 X-SRS-Rewrite: SMTP reverse-path rewritten from by casper.infradead.org. See http://www.infradead.org/rpr.html X-Rspamd-Server: rspam03 X-Rspam-User: X-Rspamd-Queue-Id: 3F51F4000B X-Stat-Signature: euzoh9mfwytn131xd6c7xpzjjgej7t3k X-HE-Tag: 1722674183-488336 X-HE-Meta: U2FsdGVkX1/a4O1+akPAZj5d9M5nFg9EZIjRtjjtA1XhdZsLWHz5fyoJgKWblBzSyV9OpWKWEum8aG/wIX1pfZ8ypWUCfQe1PVm4Ta6dmgSJpNxDHs9j/oGLYxx+gVHgtqxynk9cFshulFoAtG1fzTmwaNKF9AJd29k3Q6AW5mBySvG+CKSQYy4+QxhSQ99ee5DKFV02vZ2ek+Uz7BL+iNC7ziUWtcTtttAKag34dNwOxyWvb5MMmIvjORwWBJYvFSU2tpxofeWU6YboWcQtjv9xmwiEDh3G7q0//p51QAAUiZ14v6AAieYUAnQyyitlL6l0fqZFLRFzckP7dKVuHwRkBRf+Uu7JL0swOlCaKBhR3zkgyCb0wFWU4lESalCt1STmjf82D+xoDzhYYPqH7s11L9HnbaYpC3kuN5bcHqudDLBgPScUltpDLtiA16AauCsSCmQ37IdlvunlnMgzI7Wy3GT9+lSfHQVlGWUN357GJpxgCQmf0dzyF2RPCxTM9YBuF+xTZrXBXNNh7J/cAugyn5qyp1M+dpskD/xTShrl+v+XmMwyEYxZk4N+VuJBp0yuH53zmZopbQtPt+fNJEthakFRLFgvtWe/795WhcLcaLA770vsKg9qz6GH7a8S4b1W3qHZVHwNk41LWr3FHZUQiC+yVt7iXGzpSdov13k3lhM7mURz9U12LWeuHNlA85OZN1gqoEsTSVHf2Hl90rA+UrxO53dII8Xy5gbnsHKwbdBQKNHH68QsEJ5FNSebLyHwGBj+hk4NbnfXrmSZmgcqrxUd+3BW0yZCsc0xbhpsedfXnp9eH4HgF344Jf03XAM81aMZ722YAiww54qWcnJaDzZV4Jlyf7vAmlxExqd/l/rg0Qq/YOP4ZzIxL0BcmoDBtzcCsRwkJerIoRnqMMwnnjKIynKO2M4CjTLfZa7T3Uyrb66o1XSwJ3YXzVXZOOeEpaOr0+dA+TVLRI6 B9j7PYLc 5j2v0/O9XvMn/sqhUGIZQeJgoahbSXpjN+1R8TMIjMN3s3nFmbauGaLw+fihBIa+qShgjeraSp0gJc0uJ9lx8uu2z4HuFxBuaRDtBFPuhMJZWrDYG9l9flcKBzmgHvJlgb8hU8IdvpNhw+/r53Z+6IAdoqjl/+59AJBoUGG2Yhw//UuCWydXkA/QGoShgxjgImCbl6qfKXUaFfILZu6mtZszzky5PNMONN/CHzT9rnlr3zWoU9ctOfJmPnGaecmCpS2Tl18B5MUdwHW/QflkBG9LlLjX0SK3z/amarqhVioL8ieCZ5F4YEySfdwA8LaizFWLRn7nCPWS7jhz5AMWGh2Xtw0FrD4K8FCvNiqjEw7RkE6EIvePqOBa5J/M51k1250l0kUgIlXAT7NG1zsY/dyXguS65pI5Ol1pSbrlV3coiXdRxT9GMBRgnSdj39qmAh1XgTb/NKr4WxwsaVmQnkT5dBOSWN5Mlyw1sJP9ia8Eg54ygN8HSdzGK5NXrWBqXMsefHGQ5xTy7X7WflivnrnGFRNkMw68UJlXIdGd8O3L/5LrIAuppuAJcTzYEe+B+oWpK0NfVNqFOKBwd7qfoFXOHrTo/FZTDIBvjJjaVHM99PoKNo1yUyjMRtxV8egpSYslOdSRX1ZHcUjhhqrTZVoibBX96D/5GiDJzDJSnw8bl7P9hlBsGVx+CL4dt8ltL1LbBm4MdsqHoR8pPVMuxPlEJJMUSLue19/euufv85QjzDmg= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: --=-JMXSzu51Qr8KhmrBCDra Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Fri, 2024-08-02 at 18:40 -0400, Peter Xu wrote: > On Fri, Aug 02, 2024 at 01:03:16PM +0100, David Woodhouse wrote: > > An alternative workaround (which perhaps we should *also* consider) > > looked like this (plus some suitable code comment, of course): > >=20 > > --- a/arch/x86/mm/fault.c > > +++ b/arch/x86/mm/fault.c > > @@ -1304,6 +1304,8 @@ void do_user_addr_fault(struct pt_regs *regs, > > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 */ > > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 if (user_mode(regs)) > > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0 flags |=3D FAULT_FLAG_USER; > > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 else > > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0 flags &=3D ~FAULT_FLAG_INTERRUPTIBLE; > > =C2=A0 ... > Instead of "interruptible exception" or the original patch (which might > still be worthwhile, though?=C2=A0 I didn't follow much on kvm and the ne= w gpc > cache, but looks still nicer than get/put user from initial glance), abov= e Yes, I definitely think we want the GPC conversion anyway. That's why I suggested it to Carsten, to resolve our *immediate* problem while we continue to ponder the general case. > looks like the easier and complete solution to me.=C2=A0 For "completenes= s", I > mean I am not sure how many other copy_to/from_user() code in kvm can hit > this, so looks like still possible to hit outside steal time page? Right. It theoretically applies to *any* user access. It's just that anything other than *guest* pages is slightly less likely to be backed by userfaultfd. > I thought only the slow fault path was involved in INTERRUPTIBLE thing an= d > that was the plan, but I guess I overlooked how the default value could > affect copy to/from user invoked from KVM as well.. >=20 > With above patch to drop FAULT_FLAG_INTERRUPTIBLE for !user, KVM can stil= l > opt-in INTERRUPTIBLE anywhere by leveraging hva_to_pfn[_slow]() API, whic= h > is "INTERRUPTIBLE"-ready with a boolean the caller can set. But the calle= r > will need to be able to process KVM_PFN_ERR_SIGPENDING. Right. I think converting kvm_{read,write}_guest() and friends to do that and be interruptible might make sense? The patch snippet above obviously only fixes it for x86 and would need to be done across the board. Unless we do this one instead, abusing the knowledge that uffd is the only thing which honours FAULT_FLAG_INTERRUPTIBLE? --- a/fs/userfaultfd.c +++ b/fs/userfaultfd.c @@ -351,7 +351,7 @@ static inline bool userfaultfd_must_wait(struct userfau= ltfd_ctx *ctx, =20 static inline unsigned int userfaultfd_get_blocking_state(unsigned int fla= gs) { - if (flags & FAULT_FLAG_INTERRUPTIBLE) + if ((flags & FAULT_FLAG_INTERRUPTIBLE) && (flags & FAULT_FLAG_USER)= ) return TASK_INTERRUPTIBLE; =20 if (flags & FAULT_FLAG_KILLABLE) I still quite like the idea of *optional* interruptible exceptions, as seen in my proof of concept. Perhaps we wouldn't want the read(2) and write(2) system calls to use them, but there are plenty of other system calls which could be interruptible instead of blocking. Right now, even the simple case of a trivial SIGINT handler which does some minor cleanup before exiting, makes it a non-fatal signal so the kernel blocks and waits for ever. --=-JMXSzu51Qr8KhmrBCDra Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Disposition: attachment; filename="smime.p7s" Content-Transfer-Encoding: base64 MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCCEkQw ggYQMIID+KADAgECAhBNlCwQ1DvglAnFgS06KwZPMA0GCSqGSIb3DQEBDAUAMIGIMQswCQYDVQQG EwJVUzETMBEGA1UECBMKTmV3IEplcnNleTEUMBIGA1UEBxMLSmVyc2V5IENpdHkxHjAcBgNVBAoT FVRoZSBVU0VSVFJVU1QgTmV0d29yazEuMCwGA1UEAxMlVVNFUlRydXN0IFJTQSBDZXJ0aWZpY2F0 aW9uIEF1dGhvcml0eTAeFw0xODExMDIwMDAwMDBaFw0zMDEyMzEyMzU5NTlaMIGWMQswCQYDVQQG EwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRgwFgYD VQQKEw9TZWN0aWdvIExpbWl0ZWQxPjA8BgNVBAMTNVNlY3RpZ28gUlNBIENsaWVudCBBdXRoZW50 aWNhdGlvbiBhbmQgU2VjdXJlIEVtYWlsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC AQEAyjztlApB/975Rrno1jvm2pK/KxBOqhq8gr2+JhwpKirSzZxQgT9tlC7zl6hn1fXjSo5MqXUf ItMltrMaXqcESJuK8dtK56NCSrq4iDKaKq9NxOXFmqXX2zN8HHGjQ2b2Xv0v1L5Nk1MQPKA19xeW QcpGEGFUUd0kN+oHox+L9aV1rjfNiCj3bJk6kJaOPabPi2503nn/ITX5e8WfPnGw4VuZ79Khj1YB rf24k5Ee1sLTHsLtpiK9OjG4iQRBdq6Z/TlVx/hGAez5h36bBJMxqdHLpdwIUkTqT8se3ed0PewD ch/8kHPo5fZl5u1B0ecpq/sDN/5sCG52Ds+QU5O5EwIDAQABo4IBZDCCAWAwHwYDVR0jBBgwFoAU U3m/WqorSs9UgOHYm8Cd8rIDZsswHQYDVR0OBBYEFAnA8vwL2pTbX/4r36iZQs/J4K0AMA4GA1Ud DwEB/wQEAwIBhjASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEF BQcDBDARBgNVHSAECjAIMAYGBFUdIAAwUAYDVR0fBEkwRzBFoEOgQYY/aHR0cDovL2NybC51c2Vy dHJ1c3QuY29tL1VTRVJUcnVzdFJTQUNlcnRpZmljYXRpb25BdXRob3JpdHkuY3JsMHYGCCsGAQUF BwEBBGowaDA/BggrBgEFBQcwAoYzaHR0cDovL2NydC51c2VydHJ1c3QuY29tL1VTRVJUcnVzdFJT QUFkZFRydXN0Q0EuY3J0MCUGCCsGAQUFBzABhhlodHRwOi8vb2NzcC51c2VydHJ1c3QuY29tMA0G CSqGSIb3DQEBDAUAA4ICAQBBRHUAqznCFfXejpVtMnFojADdF9d6HBA4kMjjsb0XMZHztuOCtKF+ xswhh2GqkW5JQrM8zVlU+A2VP72Ky2nlRA1GwmIPgou74TZ/XTarHG8zdMSgaDrkVYzz1g3nIVO9 IHk96VwsacIvBF8JfqIs+8aWH2PfSUrNxP6Ys7U0sZYx4rXD6+cqFq/ZW5BUfClN/rhk2ddQXyn7 kkmka2RQb9d90nmNHdgKrwfQ49mQ2hWQNDkJJIXwKjYA6VUR/fZUFeCUisdDe/0ABLTI+jheXUV1 eoYV7lNwNBKpeHdNuO6Aacb533JlfeUHxvBz9OfYWUiXu09sMAviM11Q0DuMZ5760CdO2VnpsXP4 KxaYIhvqPqUMWqRdWyn7crItNkZeroXaecG03i3mM7dkiPaCkgocBg0EBYsbZDZ8bsG3a08LwEsL 1Ygz3SBsyECa0waq4hOf/Z85F2w2ZpXfP+w8q4ifwO90SGZZV+HR/Jh6rEaVPDRF/CEGVqR1hiuQ OZ1YL5ezMTX0ZSLwrymUE0pwi/KDaiYB15uswgeIAcA6JzPFf9pLkAFFWs1QNyN++niFhsM47qod x/PL+5jR87myx5uYdBEQkkDc+lKB1Wct6ucXqm2EmsaQ0M95QjTmy+rDWjkDYdw3Ms6mSWE3Bn7i 5ZgtwCLXgAIe5W8mybM2JzCCBhQwggT8oAMCAQICEQDGvhmWZ0DEAx0oURL6O6l+MA0GCSqGSIb3 DQEBCwUAMIGWMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYD VQQHEwdTYWxmb3JkMRgwFgYDVQQKEw9TZWN0aWdvIExpbWl0ZWQxPjA8BgNVBAMTNVNlY3RpZ28g UlNBIENsaWVudCBBdXRoZW50aWNhdGlvbiBhbmQgU2VjdXJlIEVtYWlsIENBMB4XDTIyMDEwNzAw MDAwMFoXDTI1MDEwNjIzNTk1OVowJDEiMCAGCSqGSIb3DQEJARYTZHdtdzJAaW5mcmFkZWFkLm9y ZzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALQ3GpC2bomUqk+91wLYBzDMcCj5C9m6 oZaHwvmIdXftOgTbCJXADo6G9T7BBAebw2JV38EINgKpy/ZHh7htyAkWYVoFsFPrwHounto8xTsy SSePMiPlmIdQ10BcVSXMUJ3Juu16GlWOnAMJY2oYfEzmE7uT9YgcBqKCo65pTFmOnR/VVbjJk4K2 xE34GC2nAdUQkPFuyaFisicc6HRMOYXPuF0DuwITEKnjxgNjP+qDrh0db7PAjO1D4d5ftfrsf+kd RR4gKVGSk8Tz2WwvtLAroJM4nXjNPIBJNT4w/FWWc/5qPHJy2U+eITZ5LLE5s45mX2oPFknWqxBo bQZ8a9dsZ3dSPZBvE9ZrmtFLrVrN4eo1jsXgAp1+p7bkfqd3BgBEmfsYWlBXO8rVXfvPgLs32VdV NZxb/CDWPqBsiYv0Hv3HPsz07j5b+/cVoWqyHDKzkaVbxfq/7auNVRmPB3v5SWEsH8xi4Bez2V9U KxfYCnqsjp8RaC2/khxKt0A552Eaxnz/4ly/2C7wkwTQnBmdlFYhAflWKQ03Ufiu8t3iBE3VJbc2 5oMrglj7TRZrmKq3CkbFnX0fyulB+kHimrt6PIWn7kgyl9aelIl6vtbhMA+l0nfrsORMa4kobqQ5 C5rveVgmcIad67EDa+UqEKy/GltUwlSh6xy+TrK1tzDvAgMBAAGjggHMMIIByDAfBgNVHSMEGDAW gBQJwPL8C9qU21/+K9+omULPyeCtADAdBgNVHQ4EFgQUzMeDMcimo0oz8o1R1Nver3ZVpSkwDgYD VR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwQGCCsGAQUFBwMC MEAGA1UdIAQ5MDcwNQYMKwYBBAGyMQECAQEBMCUwIwYIKwYBBQUHAgEWF2h0dHBzOi8vc2VjdGln by5jb20vQ1BTMFoGA1UdHwRTMFEwT6BNoEuGSWh0dHA6Ly9jcmwuc2VjdGlnby5jb20vU2VjdGln b1JTQUNsaWVudEF1dGhlbnRpY2F0aW9uYW5kU2VjdXJlRW1haWxDQS5jcmwwgYoGCCsGAQUFBwEB BH4wfDBVBggrBgEFBQcwAoZJaHR0cDovL2NydC5zZWN0aWdvLmNvbS9TZWN0aWdvUlNBQ2xpZW50 QXV0aGVudGljYXRpb25hbmRTZWN1cmVFbWFpbENBLmNydDAjBggrBgEFBQcwAYYXaHR0cDovL29j c3Auc2VjdGlnby5jb20wHgYDVR0RBBcwFYETZHdtdzJAaW5mcmFkZWFkLm9yZzANBgkqhkiG9w0B AQsFAAOCAQEAyW6MUir5dm495teKqAQjDJwuFCi35h4xgnQvQ/fzPXmtR9t54rpmI2TfyvcKgOXp qa7BGXNFfh1JsqexVkIqZP9uWB2J+uVMD+XZEs/KYNNX2PvIlSPrzIB4Z2wyIGQpaPLlYflrrVFK v9CjT2zdqvy2maK7HKOQRt3BiJbVG5lRiwbbygldcALEV9ChWFfgSXvrWDZspnU3Gjw/rMHrGnql Htlyebp3pf3fSS9kzQ1FVtVIDrL6eqhTwJxe+pXSMMqFiN0whpBtXdyDjzBtQTaZJ7zTT/vlehc/ tDuqZwGHm/YJy883Ll+GP3NvOkgaRGWEuYWJJ6hFCkXYjyR9IzCCBhQwggT8oAMCAQICEQDGvhmW Z0DEAx0oURL6O6l+MA0GCSqGSIb3DQEBCwUAMIGWMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3Jl YXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRgwFgYDVQQKEw9TZWN0aWdvIExpbWl0 ZWQxPjA8BgNVBAMTNVNlY3RpZ28gUlNBIENsaWVudCBBdXRoZW50aWNhdGlvbiBhbmQgU2VjdXJl IEVtYWlsIENBMB4XDTIyMDEwNzAwMDAwMFoXDTI1MDEwNjIzNTk1OVowJDEiMCAGCSqGSIb3DQEJ ARYTZHdtdzJAaW5mcmFkZWFkLm9yZzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALQ3 GpC2bomUqk+91wLYBzDMcCj5C9m6oZaHwvmIdXftOgTbCJXADo6G9T7BBAebw2JV38EINgKpy/ZH h7htyAkWYVoFsFPrwHounto8xTsySSePMiPlmIdQ10BcVSXMUJ3Juu16GlWOnAMJY2oYfEzmE7uT 9YgcBqKCo65pTFmOnR/VVbjJk4K2xE34GC2nAdUQkPFuyaFisicc6HRMOYXPuF0DuwITEKnjxgNj P+qDrh0db7PAjO1D4d5ftfrsf+kdRR4gKVGSk8Tz2WwvtLAroJM4nXjNPIBJNT4w/FWWc/5qPHJy 2U+eITZ5LLE5s45mX2oPFknWqxBobQZ8a9dsZ3dSPZBvE9ZrmtFLrVrN4eo1jsXgAp1+p7bkfqd3 BgBEmfsYWlBXO8rVXfvPgLs32VdVNZxb/CDWPqBsiYv0Hv3HPsz07j5b+/cVoWqyHDKzkaVbxfq/ 7auNVRmPB3v5SWEsH8xi4Bez2V9UKxfYCnqsjp8RaC2/khxKt0A552Eaxnz/4ly/2C7wkwTQnBmd lFYhAflWKQ03Ufiu8t3iBE3VJbc25oMrglj7TRZrmKq3CkbFnX0fyulB+kHimrt6PIWn7kgyl9ae lIl6vtbhMA+l0nfrsORMa4kobqQ5C5rveVgmcIad67EDa+UqEKy/GltUwlSh6xy+TrK1tzDvAgMB AAGjggHMMIIByDAfBgNVHSMEGDAWgBQJwPL8C9qU21/+K9+omULPyeCtADAdBgNVHQ4EFgQUzMeD Mcimo0oz8o1R1Nver3ZVpSkwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYw FAYIKwYBBQUHAwQGCCsGAQUFBwMCMEAGA1UdIAQ5MDcwNQYMKwYBBAGyMQECAQEBMCUwIwYIKwYB BQUHAgEWF2h0dHBzOi8vc2VjdGlnby5jb20vQ1BTMFoGA1UdHwRTMFEwT6BNoEuGSWh0dHA6Ly9j cmwuc2VjdGlnby5jb20vU2VjdGlnb1JTQUNsaWVudEF1dGhlbnRpY2F0aW9uYW5kU2VjdXJlRW1h aWxDQS5jcmwwgYoGCCsGAQUFBwEBBH4wfDBVBggrBgEFBQcwAoZJaHR0cDovL2NydC5zZWN0aWdv LmNvbS9TZWN0aWdvUlNBQ2xpZW50QXV0aGVudGljYXRpb25hbmRTZWN1cmVFbWFpbENBLmNydDAj BggrBgEFBQcwAYYXaHR0cDovL29jc3Auc2VjdGlnby5jb20wHgYDVR0RBBcwFYETZHdtdzJAaW5m cmFkZWFkLm9yZzANBgkqhkiG9w0BAQsFAAOCAQEAyW6MUir5dm495teKqAQjDJwuFCi35h4xgnQv Q/fzPXmtR9t54rpmI2TfyvcKgOXpqa7BGXNFfh1JsqexVkIqZP9uWB2J+uVMD+XZEs/KYNNX2PvI lSPrzIB4Z2wyIGQpaPLlYflrrVFKv9CjT2zdqvy2maK7HKOQRt3BiJbVG5lRiwbbygldcALEV9Ch WFfgSXvrWDZspnU3Gjw/rMHrGnqlHtlyebp3pf3fSS9kzQ1FVtVIDrL6eqhTwJxe+pXSMMqFiN0w hpBtXdyDjzBtQTaZJ7zTT/vlehc/tDuqZwGHm/YJy883Ll+GP3NvOkgaRGWEuYWJJ6hFCkXYjyR9 IzGCBMcwggTDAgEBMIGsMIGWMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVz dGVyMRAwDgYDVQQHEwdTYWxmb3JkMRgwFgYDVQQKEw9TZWN0aWdvIExpbWl0ZWQxPjA8BgNVBAMT NVNlY3RpZ28gUlNBIENsaWVudCBBdXRoZW50aWNhdGlvbiBhbmQgU2VjdXJlIEVtYWlsIENBAhEA xr4ZlmdAxAMdKFES+jupfjANBglghkgBZQMEAgEFAKCCAeswGAYJKoZIhvcNAQkDMQsGCSqGSIb3 DQEHATAcBgkqhkiG9w0BCQUxDxcNMjQwODAzMDgzNTU2WjAvBgkqhkiG9w0BCQQxIgQg7KLBfDJQ zM912CqpMePw5vdPh3Ee2ixqKQAo9Q2aT1gwgb0GCSsGAQQBgjcQBDGBrzCBrDCBljELMAkGA1UE BhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEYMBYG A1UEChMPU2VjdGlnbyBMaW1pdGVkMT4wPAYDVQQDEzVTZWN0aWdvIFJTQSBDbGllbnQgQXV0aGVu dGljYXRpb24gYW5kIFNlY3VyZSBFbWFpbCBDQQIRAMa+GZZnQMQDHShREvo7qX4wgb8GCyqGSIb3 DQEJEAILMYGvoIGsMIGWMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVy MRAwDgYDVQQHEwdTYWxmb3JkMRgwFgYDVQQKEw9TZWN0aWdvIExpbWl0ZWQxPjA8BgNVBAMTNVNl Y3RpZ28gUlNBIENsaWVudCBBdXRoZW50aWNhdGlvbiBhbmQgU2VjdXJlIEVtYWlsIENBAhEAxr4Z lmdAxAMdKFES+jupfjANBgkqhkiG9w0BAQEFAASCAgAZ/SJ05sxvHyLK3HmFlbmYXYBBJ95+GsAX WYEisxMPADPOmQ6XqE1kmS2SaE9g6i065pFXiqzP/tC7cAUnygY8uIMPjcluCgmNC+vwtmWNEyZr 3BVh26DA6hVkGiHMToCNHflZFD8DrW+QCyNerF6w+lwaAVEQZbTpatpf4crLmOV3Esfv5oZ+qnlT kbmiJZ/qr7oi8B4R4MT3n6pBhZtP7mu3+u7kE7ucq5lHXqvBE7eUq9UxMhto+CYqfT5+f+AHighu NKBJqYReKJVfnRQ7qZSBmbZVt2K+fYoGFljQZyLi8RYgiCONOF57Ri4XygojZc4lcrdX0FDhgvLB q2LwhuPjgq2KO+WJHrJyRgqcsatgi9NR0WgKvJ/pXfnIj/n/bI4RDjZo7Xp6L5q7tCe6ozCH4fYN 2SIspjEQqOK0ioT6Vr6LmCZeNP6LxDYBbjUB29r1/WdSPpAAy7ZxMn0atyWdTlpj+i+TNowHPZL4 yoaNuufB7YWxtL8jkjNSfvgC5E7WSUX9V3ozGGT8iWU6rT5haMCv3F9T8zDMUqlBXY7AGj4IZL76 010g8LM3wzbkG1t4g8rGIfHB0PK80DdhoNWUUPtVY/vluT4Igfd5lPYF3bAfgSAK0o59ANpPU+Lu rq+Cm3LPRJuutoYHRgS3MA9d0TG4CSlz52jMMIlaPQAAAAAAAA== --=-JMXSzu51Qr8KhmrBCDra--