Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp1475038imu; Sat, 8 Dec 2018 00:17:01 -0800 (PST) X-Google-Smtp-Source: AFSGD/UGozqlmid4UDKUm1njvnNDukw423dht9qptsmGqgOT0VDhx9JPQM6a50DHmcLRrU/5pL1V X-Received: by 2002:a17:902:7b91:: with SMTP id w17mr4995666pll.111.1544257021437; Sat, 08 Dec 2018 00:17:01 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1544257021; cv=none; d=google.com; s=arc-20160816; b=PEbb9TQWQAFy9rTnRDOh1B2STHO25v+B0mA3IRN9E054v16Hz6t4Qd/NNAhzKJZbMK zRX1/Flh+x7t7vVC/RxGn8aXPW9xIByT/OvGUA4NdcHlDReeX/A9XU9WKjIx3EcEASfj qO4JDonM4Kt/LXo9OEj12vRxi89DFfG+YrJ9ZFxWts070rt9WwEI8oAy9Mrpxnuby5uV uGfG0UK8oHpShmD2uX0qu42SM5A0Qnvu7Gt0kBhrQvuNRqdi0rubVAGLCtNju5NJEB8O z3hXpmJVEedkuuzYn59w+KzbRWmBrVltTIrQ/B4yXSqArWL1vrFZ1SiWZFWLMq4AijXf tILg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:spamdiagnosticmetadata :spamdiagnosticoutput:content-language:accept-language:in-reply-to :references:message-id:date:thread-index:thread-topic:subject:cc:to :from:dkim-signature; bh=uOcb2W4ENDcDtYykc3nB7GPtpO7zjhW0kwHbUkBrdjA=; b=lgoHWhBnQSRB/3+bqODh/qoYA7G20qLDAzRVV60WB5onvOH98o4wA75f6mzqevfrx+ t8jyIFu6POZW+mkor6FIwvcKjZkZhZb1/f3Y6anFf1T/kaAe1+i+HK853Mb7q7hm74ED BhOo7egiCWwRod4lOOHSvYSe6uHi0eDNz+F5eq/4IGTPAmNmfDrxWIkeaDeCPOxk/Opl +uD+V7KskRmqsaT3/R3Fel8y7lJyTsU5FKZkOF0hxtEPpygZS9DjEDJP8MYsfHZKLZrG iXetCD4q/OuG3dtKjepcLMM/P93ot+vbMQ78xU4XNeKnrMXgbXNSNvCd7G0UszgXW+++ NXyg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@fortanix.onmicrosoft.com header.s=selector1-fortanix-com header.b=NGZStG7I; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id q128si5542572pfc.179.2018.12.08.00.16.43; Sat, 08 Dec 2018 00:17:01 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@fortanix.onmicrosoft.com header.s=selector1-fortanix-com header.b=NGZStG7I; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726227AbeLHIPn (ORCPT + 99 others); Sat, 8 Dec 2018 03:15:43 -0500 Received: from mail-eopbgr730102.outbound.protection.outlook.com ([40.107.73.102]:49504 "EHLO NAM05-DM3-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1726103AbeLHIPn (ORCPT ); Sat, 8 Dec 2018 03:15:43 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fortanix.onmicrosoft.com; s=selector1-fortanix-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=uOcb2W4ENDcDtYykc3nB7GPtpO7zjhW0kwHbUkBrdjA=; b=NGZStG7IebHBJ9Zf8kl7lNZ/2n/slyhoHtgqcTdJyKFZRMRhjb8YSQ4z715A1hxsAIiEAy5rt3zWNGZ1lRaedp4pTg+bmSz8bb7BzppQR3wjpKkaoe5p1hHqf/mdq5iz/Ucd5pgEsJAqoKrJ3GmOmW79fpdK9MbD3J8NNnmMPXI= Received: from SN6PR11MB3167.namprd11.prod.outlook.com (52.135.109.144) by SN6PR11MB2815.namprd11.prod.outlook.com (52.135.93.18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1404.22; Sat, 8 Dec 2018 08:15:38 +0000 Received: from SN6PR11MB3167.namprd11.prod.outlook.com ([fe80::916c:7b87:64a8:d58c]) by SN6PR11MB3167.namprd11.prod.outlook.com ([fe80::916c:7b87:64a8:d58c%3]) with mapi id 15.20.1404.023; Sat, 8 Dec 2018 08:15:38 +0000 From: Jethro Beekman To: Dave Hansen , Sean Christopherson , Andy Lutomirski , Thomas Gleixner , Ingo Molnar , Borislav Petkov , "x86@kernel.org" , Dave Hansen , Peter Zijlstra CC: "H. Peter Anvin" , "linux-kernel@vger.kernel.org" , Andy Lutomirski , Jarkko Sakkinen , Josh Triplett , Haitao Huang , "linux-sgx@vger.kernel.org" , "Dr. Greg" Subject: Re: [RFC PATCH v2 4/4] x86/vdso: Add __vdso_sgx_enter_enclave() to wrap SGX enclave transitions Thread-Topic: [RFC PATCH v2 4/4] x86/vdso: Add __vdso_sgx_enter_enclave() to wrap SGX enclave transitions Thread-Index: AQHUjljGdIrv8QEhmk6icaec8mjmDaVznP6AgADio4A= Date: Sat, 8 Dec 2018 08:15:38 +0000 Message-ID: References: <20181206221922.31012-1-sean.j.christopherson@intel.com> <20181206221922.31012-5-sean.j.christopherson@intel.com> <59c989a1-e699-9665-780f-6dd263f41ce4@intel.com> In-Reply-To: <59c989a1-e699-9665-780f-6dd263f41ce4@intel.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: x-clientproxiedby: MAXPR0101CA0066.INDPRD01.PROD.OUTLOOK.COM (2603:1096:a00:e::28) To SN6PR11MB3167.namprd11.prod.outlook.com (2603:10b6:805:c4::16) authentication-results: spf=none (sender IP is ) smtp.mailfrom=jethro@fortanix.com; x-ms-exchange-messagesentrepresentingtype: 1 x-originating-ip: [122.166.155.231] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1;SN6PR11MB2815;6:zxPjEbFtSTBkJ/JSLl+Vz0B9nsQITfYxrDPLIGsW2viH4pWYvcaACyKzs7imTNs/pvzZuSG/Hn1fjWDX7vPX4GsHXXmXuqhwfnPALQ16G6000gG73KrsnfZsaOc/qxmz890RapRPP9BI34HJMMy7zXjdFCyWFr5o0zBFq4MJXI/Od1tB3xiZszBv52t7FET2G3ixhA7b+nsssoC5GbDChKHHpM+IMQPxZTJlIz1t3l0HXaXNaO7STUhBmz6RLggTxTkBlecwxbSdpE1CdPKOlAtejSWG1d/IoSif2yvOrFKVD/15eUB/Ki4EuSQWXKVLj0chlj96OgRqtpfFevbJ0mYQGC/2hWTYTMA8VHobV7EXSh878QVmxqkj4lagUwBwWqsRL4Ae4zJE0lMlH+HQ0rSUa0Jm/7aug3xJesKCh15OsXYfv7Ua10Gtl10EYrfymLkVqu6oRzA4uDgVSLpA6g==;5:1RfA6SOf7+v7g7OwXfj3LCCaASUkiqTzumBOGF/fcDp95LbGrxX5ztRsdIpuKyjBbxJaA0A2havPhjV7mXGHan8zuDRM+YsSJNA/vC0jbzwvO+sAf741E8RSTAefMmr3fZCc3BCfx7o+AKwpUOftIcu/BGZdSqwx6FxphiijyAU=;7:EC1J9vuFkzW1HbTNSgtX4eqX/HYD6eEQlWfCcqlSgbvonVQZjH7CeGQL/XzbrNvLTAGa4zqJfm9bdVMzx7HnJ4qHlaUFL+W1iqq00G/1oPDrG4lGRwPT6YbMH0CrdnOxlclm7o8nkuPdD3KFCmdI9g== x-ms-office365-filtering-correlation-id: fbf8a607-31cb-47b3-55e7-08d65ce555b8 x-microsoft-antispam: BCL:0;PCL:0;RULEID:(2390098)(7020095)(4652040)(7021145)(8989299)(4534185)(7022145)(4603075)(4627221)(201702281549075)(8990200)(7048125)(7024125)(7027125)(7023125)(5600074)(711020)(2017052603328)(7153060)(49563074)(7193020);SRVR:SN6PR11MB2815; x-ms-traffictypediagnostic: SN6PR11MB2815: x-microsoft-antispam-prvs: x-ms-exchange-senderadcheck: 1 x-exchange-antispam-report-cfa-test: BCL:0;PCL:0;RULEID:(102415395)(6040522)(2401047)(5005006)(8121501046)(3002001)(3231455)(999002)(944501520)(4983020)(52105112)(93006095)(93001095)(10201501046)(148016)(149066)(150057)(6041310)(20161123562045)(20161123560045)(20161123564045)(20161123558120)(2016111802025)(6043046)(201708071742011)(7699051)(76991095);SRVR:SN6PR11MB2815;BCL:0;PCL:0;RULEID:;SRVR:SN6PR11MB2815; x-forefront-prvs: 0880FB6EC1 x-forefront-antispam-report: SFV:NSPM;SFS:(10019020)(346002)(376002)(366004)(136003)(396003)(39830400003)(189003)(199004)(45074003)(68736007)(25786009)(102836004)(53546011)(6506007)(486006)(7416002)(476003)(31686004)(6116002)(52116002)(8936002)(66066001)(217873002)(93886005)(508600001)(5660300001)(76176011)(99936001)(316002)(6486002)(4326008)(229853002)(3846002)(386003)(2906002)(186003)(53936002)(6512007)(6246003)(97736004)(54906003)(26005)(14454004)(71200400001)(110136005)(6436002)(31696002)(446003)(8676002)(71190400001)(305945005)(2616005)(81166006)(81156014)(106356001)(105586002)(256004)(36756003)(99286004)(2501003)(7736002)(86362001)(11346002);DIR:OUT;SFP:1102;SCL:1;SRVR:SN6PR11MB2815;H:SN6PR11MB3167.namprd11.prod.outlook.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;MX:1;A:1; received-spf: None (protection.outlook.com: fortanix.com does not designate permitted sender hosts) x-microsoft-antispam-message-info: WtzsMDQ599qygnDSfiFyqLytMZOcDi/MxSTt7WbBWHtc44JjPY3ZUzN5odejddq54BrNW0FCyNmQB+iv6B9HHG9zaKE1uhhnV1lHHZ/lkG/0Wq2d3r2QV6nrcN2xuAAgxzUBgQ0Uk6jnCorTTVTr7jfo5aqpkITsUaggK0gnPuai6ssnRAJbg3nnufW53nWfhEdc1yx4L0AGnQyuOg6zmoqi3VI3ZAEjY1Wj/UDCUtllO6a1XyC2hVkheH/wuXhOUl3ZSVUr6u50AcRR/AbQkpgUdm3xWG1/u3aGG95CyDCJR7UoaJ6CoFRjesGTO/z3YHrGw2b3mmwMG2cSk5Y7U0vrvmGBzHHFRL1p1+FkjHk= spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-256; boundary="------------ms020508090705090307070409" MIME-Version: 1.0 X-OriginatorOrg: fortanix.com X-MS-Exchange-CrossTenant-Network-Message-Id: fbf8a607-31cb-47b3-55e7-08d65ce555b8 X-MS-Exchange-CrossTenant-originalarrivaltime: 08 Dec 2018 08:15:38.5651 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: de7becae-4883-43e8-82c7-7dbdbb988ae6 X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR11MB2815 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org --------------ms020508090705090307070409 Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 2018-12-08 00:14, Dave Hansen wrote: > On 12/7/18 10:15 AM, Jethro Beekman wrote: >> This is not sufficient to support the Fortanix SGX ABI calling >> convention, which was designed to be mostly compatible with the SysV >> 64-bit calling convention. The following registers need to be passed i= n >> to an enclave from userspace: RDI, RSI, RDX, R8, R9, R10. The followin= g >> registers need to be passed out from an enclave to userspace: RDI, RSI= , >> RDX, R8, R9. >=20 > Are you asking nicely to change the new Linux ABI to be consistent with= > your existing ABI? Or, are you saying that the new ABI *must* be > compatible with this previous out-of-tree implementation? What's being discussed here is one of the alternatives for SGX fault=20 handling, meant to improve the current status quo of having to use a=20 signal handler. I'm merely providing a data point that the currently proposed solution=20 is not sufficient to support current use of the (ring 3) ENCLU=20 instruction. You might find this useful in determining whether proposed=20 kernel features will actually be used by users, and in further=20 developing this solution or other solutions to the fault handling issue. If going with the vDSO solution, I think something with semantics closer = to the actual instruction would be preferred, like the following: notrace __attribute__((naked)) long __vdso_sgx_enclu_with_aep() { asm volatile( " lea 2f(%%rip), %%rcx\n" "1: enclu\n" "2: ret\n" ".pushsection .fixup, \"ax\" \n" "3: jmp 2b\n" ".popsection\n" _ASM_VDSO_EXTABLE_HANDLE(1b, 3b) ::: ); } -- Jethro Beekman | Fortanix --------------ms020508090705090307070409 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCC Cx8wggUxMIIEGaADAgECAhBdZC9mIseKJlmxx1xn+g00MA0GCSqGSIb3DQEBCwUAMIGXMQsw CQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxm b3JkMRowGAYDVQQKExFDT01PRE8gQ0EgTGltaXRlZDE9MDsGA1UEAxM0Q09NT0RPIFJTQSBD bGllbnQgQXV0aGVudGljYXRpb24gYW5kIFNlY3VyZSBFbWFpbCBDQTAeFw0xODA5MTUwMDAw MDBaFw0xOTA5MTUyMzU5NTlaMCQxIjAgBgkqhkiG9w0BCQEWE2pldGhyb0Bmb3J0YW5peC5j b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDRQDOQsroKjy2xAQCXLyqryJt4 Xwj8hcweJCzOnjILKHIoWlOQ0b9yIbFLIWBRt/9zdxlE5ZabDVHnkIyhcVgtU/BA73e78Wx2 LOObdg0wfs9U2CVRYhz2EPHFjGvkYKihItt69ye91hj1w7RKCrYC8KZGSZ/+sbkJzQdXVy32 lxmiNEt17GNRebpkJCaFnznd6C2a8tBAS2Fa/UNyFdEs4eoRoYSKswclRhbe81aVhqY2hjcd O6puyyaYp5hkmau2UPih6OpRSOhbe6Tuebceg1yvumoVX3OZtGPS1VdQ+p0bxB0RE6gNs140 ZKUhrvAJDETuGaaQD4A2/6ksLunjAgMBAAGjggHpMIIB5TAfBgNVHSMEGDAWgBSCr2yM+MX+ lmF86B89K3FIXsSLwDAdBgNVHQ4EFgQUsFUcmGtaJBU7/52LyTYHC/M+LscwDgYDVR0PAQH/ BAQDAgWgMAwGA1UdEwEB/wQCMAAwIAYDVR0lBBkwFwYIKwYBBQUHAwQGCysGAQQBsjEBAwUC MBEGCWCGSAGG+EIBAQQEAwIFIDBGBgNVHSAEPzA9MDsGDCsGAQQBsjEBAgEBATArMCkGCCsG AQUFBwIBFh1odHRwczovL3NlY3VyZS5jb21vZG8ubmV0L0NQUzBaBgNVHR8EUzBRME+gTaBL hklodHRwOi8vY3JsLmNvbW9kb2NhLmNvbS9DT01PRE9SU0FDbGllbnRBdXRoZW50aWNhdGlv bmFuZFNlY3VyZUVtYWlsQ0EuY3JsMIGLBggrBgEFBQcBAQR/MH0wVQYIKwYBBQUHMAKGSWh0 dHA6Ly9jcnQuY29tb2RvY2EuY29tL0NPTU9ET1JTQUNsaWVudEF1dGhlbnRpY2F0aW9uYW5k U2VjdXJlRW1haWxDQS5jcnQwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmNvbW9kb2NhLmNv bTAeBgNVHREEFzAVgRNqZXRocm9AZm9ydGFuaXguY29tMA0GCSqGSIb3DQEBCwUAA4IBAQB6 v3tFEUSGv9+yY4wUjvcMyz3126nJrX5LkfEvrnCEpEiImECuoYvxOYNLYYynell7BQGtTaZg shMfDvwpy2isoi3w1AWAfbn6npnSKLzu0BMRvcCPWY8VPmePPizTqXoPkLwgTJfSaWkxMP1u rfL9S5NeRdkjwjHklX5IWuwwDu1hsKVZrxSSY2unCtvq67UHWz+z6rG1JQrP2YDfb98xun3y eLBNe/LFBNnGISbkT5q6D+e5c0bgzoH9nH4bsw3t8aDqJTfT3BqQdWr4pF05ODzzeOmEqeYE qGlD9hIL2AbmTZLjunAnARr6Fv7Sfqt23ptsGkmoZ9ZQNjT3TlwvMIIF5jCCA86gAwIBAgIQ apvhODv/K2ufAdXZuKdSVjANBgkqhkiG9w0BAQwFADCBhTELMAkGA1UEBhMCR0IxGzAZBgNV BAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09N T0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRo b3JpdHkwHhcNMTMwMTEwMDAwMDAwWhcNMjgwMTA5MjM1OTU5WjCBlzELMAkGA1UEBhMCR0Ix GzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UE ChMRQ09NT0RPIENBIExpbWl0ZWQxPTA7BgNVBAMTNENPTU9ETyBSU0EgQ2xpZW50IEF1dGhl bnRpY2F0aW9uIGFuZCBTZWN1cmUgRW1haWwgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw ggEKAoIBAQC+s55XrCh2dUAWxzgDmNPGGHYhUPMleQtMtaDRfTpYPpynMS6n9jR22YRq2tA9 NEjk6vW7rN/5sYFLIP1of3l0NKZ6fLWfF2VgJ5cijKYy/qlAckY1wgOkUMgzKlWlVJGyK+Ul NEQ1/5ErCsHq9x9aU/x1KwTdF/LCrT03Rl/FwFrf1XTCwa2QZYL55AqLPikFlgqOtzk06kb2 qvGlnHJvijjI03BOrNpo+kZGpcHsgyO1/u1OZTaOo8wvEU17VVeP1cHWse9tGKTDyUGg2hJZ jrqck39UIm/nKbpDSZ0JsMoIw/JtOOg0JC56VzQgBo7ictReTQE5LFLG3yQK+xS1AgMBAAGj ggE8MIIBODAfBgNVHSMEGDAWgBS7r34CPfqm8TyEjq3uOJjs2TIy1DAdBgNVHQ4EFgQUgq9s jPjF/pZhfOgfPStxSF7Ei8AwDgYDVR0PAQH/BAQDAgGGMBIGA1UdEwEB/wQIMAYBAf8CAQAw EQYDVR0gBAowCDAGBgRVHSAAMEwGA1UdHwRFMEMwQaA/oD2GO2h0dHA6Ly9jcmwuY29tb2Rv Y2EuY29tL0NPTU9ET1JTQUNlcnRpZmljYXRpb25BdXRob3JpdHkuY3JsMHEGCCsGAQUFBwEB BGUwYzA7BggrBgEFBQcwAoYvaHR0cDovL2NydC5jb21vZG9jYS5jb20vQ09NT0RPUlNBQWRk VHJ1c3RDQS5jcnQwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmNvbW9kb2NhLmNvbTANBgkq hkiG9w0BAQwFAAOCAgEAeFyygSg0TzzuX1bOn5dW7I+iaxf28/ZJCAbU2C81zd9A/tNx4+js QgwRGiHjZrAYayZrrm78hOx7aEpkfNPQIHGG6Fvq3EzWf/Lvx7/hk6zSPwIal9v5IkDcZoFD 7f3iT7PdkHJY9B51csvU50rxpEg1OyOT8fk2zvvPBuM4qQNqbGWlnhMpIMwpWZT89RY0wpJO +2V6eXEGGHsROs3njeP9DqqqAJaBa4wBeKOdGCWn1/Jp2oY6dyNmNppI4ZNMUH4Tam85S1j6 E95u4+1Nuru84OrMIzqvISE2HN/56ebTOWlcrurffade2022O/tUU1gb4jfWCcyvB8czm12F gX/y/lRjmDbEA08QJNB2729Y+io1IYO3ztveBdvUCIYZojTq/OCR6MvnzS6X72HP0PRLRTiO SEmIDsS5N5w/8IW1Hva5hEFy6fDAfd9yI+O+IMMAj1KcL/Zo9jzJ16HO5m60ttl1Enk8MQkz /W3JlHaeI5iKFn4UJu1/cP2YHXYPiWf2JyBzsLBrGk1II+3yL8aorYew6CQvdVifC3HtwlSa m9V1niiCfOBe2C12TdKGu05LWIA3ZkFcWJGaNXOZ6Ggyh/TqvXG5v7zmEVDNXFnHn9tFpMpO UvxhcsjycBtH0dZ0WrNw6gH+HF8TIhCnH3+zzWuDN0Rk6h9KVkfKehIxggQ1MIIEMQIBATCB rDCBlzELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE BxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxPTA7BgNVBAMTNENPTU9E TyBSU0EgQ2xpZW50IEF1dGhlbnRpY2F0aW9uIGFuZCBTZWN1cmUgRW1haWwgQ0ECEF1kL2Yi x4omWbHHXGf6DTQwDQYJYIZIAWUDBAIBBQCgggJZMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0B BwEwHAYJKoZIhvcNAQkFMQ8XDTE4MTIwODA4MTUyMVowLwYJKoZIhvcNAQkEMSIEIO53I7Um bLjolm5L8pftPOnttD+QlteWG2wn0C9h53dSMGwGCSqGSIb3DQEJDzFfMF0wCwYJYIZIAWUD BAEqMAsGCWCGSAFlAwQBAjAKBggqhkiG9w0DBzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcN AwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgwgb0GCSsGAQQBgjcQBDGBrzCBrDCBlzEL MAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2Fs Zm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxPTA7BgNVBAMTNENPTU9ETyBSU0Eg Q2xpZW50IEF1dGhlbnRpY2F0aW9uIGFuZCBTZWN1cmUgRW1haWwgQ0ECEF1kL2Yix4omWbHH XGf6DTQwgb8GCyqGSIb3DQEJEAILMYGvoIGsMIGXMQswCQYDVQQGEwJHQjEbMBkGA1UECBMS R3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01PRE8g Q0EgTGltaXRlZDE9MDsGA1UEAxM0Q09NT0RPIFJTQSBDbGllbnQgQXV0aGVudGljYXRpb24g YW5kIFNlY3VyZSBFbWFpbCBDQQIQXWQvZiLHiiZZscdcZ/oNNDANBgkqhkiG9w0BAQEFAASC AQBEvnR5NFa62R1pCGQl1eCUMDgDGpXudzw2mE10o1MXn/R5Y2DYwDyeCPpif/jVUdeOycqh Zsa8TugUHuzkatL+qWST4QIIZVYPQo+FszcjVicxNGaifcqqTH6w/+yjzlpW0xaaVR4R0Okp W/8PBR8nLdlH7gjbKQ1R8qYBUDRzLjdV9HVAs3U2Ej4DLA+T8heyeCVk+U/lJgt4pg/74APC ya4b5oi7l/avHjQwuuQobxnNKRkA0kla6ZgRu8fBC5S9dKFAZE1npBEHmZ9pwdTqIKRORThm veK03JAQl8oARY2GQ5RXIDLPdMFjQTciJswjooP+pPKktLBxIpAbF3afAAAAAAAA --------------ms020508090705090307070409--