Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp3782162pxu; Mon, 30 Nov 2020 10:07:16 -0800 (PST) X-Google-Smtp-Source: ABdhPJybWPxTp3KVpk57swn5slTpHcUkiA50pUt2ORXl2Lwrz9XgmbwLcdfP7y1FWcn5io70nPs0 X-Received: by 2002:a50:f0dc:: with SMTP id a28mr23549634edm.291.1606759636458; Mon, 30 Nov 2020 10:07:16 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1606759636; cv=none; d=google.com; s=arc-20160816; b=ZZi9XFUeVMAvPWGlkU5Iyimzof8PeGhYplWUdKXZBAik2XPyfzqv2VnK0qnbLB0yxL zURl6CCOZCCoN4tIkuHeo41wR7jrI+eQ+azhuBfSCbLN/quzpt0PzN4LmEJQkbaCbQdD /nFT9qi316cZFBxLCXqkUxySyDeJJEmD+RjK/oDb+ZOFwdRT+d1APJTQkgW+9f7Wyi6r U94FZ1u97MpScKci1nZBIDtdKTMMfkfhPBPSPQGYoZMpQhRfzV3+VC/YUNxv4CQllCbM qV0Hqw2NkQ41mhCS7gAOIFz+xMQOHpaKkKGy+Ci404TIN0QaG1LNVfy19YraK0VwMHnN RJuA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:references:in-reply-to:date:cc:to :from:subject:message-id:dkim-signature; bh=lg1/IRsPmvO9DVTV8smf2kgAGqoFtygDKQ6GjrqRXfM=; b=Q5vaohMbmOBqtHeUqTRpZnEgP9ImUhxBZnTaCOTOKJN/+0+aHMerOYT8EHX24TX0fm pGQULIBXgRLx+IlHYCQ3dRkNBUH7IM45d3YztFgQvxGcP+0H5nOPiWHIFY3VeKO0ScZj KUhg54ZAOVF6GYN2IuOTqRldQPcu8s3Hn9UMcIvid8nrUnZD0rGerILeCxWqacwdZGHE xVUsLOVBPPMoCu7A5lU4S0FqjAqvYMBzX/pwvWm70/cGLQUreq2CqiuSzU7/r5+9I98Y vNIoLJTycahQHEMfo97OuC1ywKMKemTQx0cYTiNoY40AgbAW6w1W+RZJnpRgZlUtsImK 1/MQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@infradead.org header.s=merlin.20170209 header.b=TMQrHEWB; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id y10si10055357ejh.425.2020.11.30.10.06.52; Mon, 30 Nov 2020 10:07:16 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@infradead.org header.s=merlin.20170209 header.b=TMQrHEWB; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2387885AbgK3SCU (ORCPT + 99 others); Mon, 30 Nov 2020 13:02:20 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52648 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2387817AbgK3SCU (ORCPT ); Mon, 30 Nov 2020 13:02:20 -0500 Received: from merlin.infradead.org (merlin.infradead.org [IPv6:2001:8b0:10b:1231::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E2E14C0613CF; Mon, 30 Nov 2020 10:01:39 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=merlin.20170209; h=Mime-Version:Content-Type:References: In-Reply-To:Date:Cc:To:From:Subject:Message-ID:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=lg1/IRsPmvO9DVTV8smf2kgAGqoFtygDKQ6GjrqRXfM=; b=TMQrHEWBa5qbLermdB3Ap/V4mJ 3cDHfquXS7BZOqAQTA8bYWHgDSFP+t36wEomb72dxyucyK/7kBy2k+ag5W4OwMEc3jdh6iub23lKY oZ2KbCyOsa+Uei6915c1zsFv18eSnIyNlFsytlqPP7T4ulVLnoMmVfJq2DWYYUkaRStN8dm2Ss3XL 1nkLZ03sAge1HemRG2Li2dAJYZJwZFDgLBpYkIXnqFvTzDUUystwdGgFl+wgkFiRXfZBghoW3K1hp Zc/rlO5gmj0JKIMLnc7HieckHotzFNxhg1EYPwFxVGH9VOt7IYpc7/Ryf44A3yozp6p1zGOq30Rr6 Ju5IV8sw==; Received: from 54-240-197-239.amazon.com ([54.240.197.239] helo=freeip.amazon.com) by merlin.infradead.org with esmtpsa (Exim 4.92.3 #3 (Red Hat Linux)) id 1kjnUP-0007yg-1t; Mon, 30 Nov 2020 18:01:29 +0000 Message-ID: <13bc2ca60ca4e6d74c619e65502889961a08c3ff.camel@infradead.org> Subject: Re: [PATCH RFC 11/39] KVM: x86/xen: evtchn signaling via eventfd From: David Woodhouse To: Joao Martins , Ankur Arora Cc: Boris Ostrovsky , Paolo Bonzini , Radim =?UTF-8?Q?Kr=C4=8Dm=C3=A1=C5=99?= , Thomas Gleixner , Ingo Molnar , Borislav Petkov , "H. Peter Anvin" , x86@kernel.org, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Date: Mon, 30 Nov 2020 18:01:25 +0000 In-Reply-To: <05661003-64f0-a32a-5659-6463d4806ef9@oracle.com> References: <20190220201609.28290-1-joao.m.martins@oracle.com> <20190220201609.28290-12-joao.m.martins@oracle.com> <874d1fa922cb56238676b90bbeeba930d0706500.camel@infradead.org> <18e854e2a84750c2de2d32384710132b83d84286.camel@infradead.org> <0b9d3901-c10b-effd-6278-6afd1e95b09e@oracle.com> <315ea414c2bf938978f7f2c0598e80fa05b4c07b.camel@infradead.org> <05661003-64f0-a32a-5659-6463d4806ef9@oracle.com> Content-Type: multipart/signed; micalg="sha-256"; protocol="application/x-pkcs7-signature"; boundary="=-s5323ca3rhxaqo0/GcDc" X-Mailer: Evolution 3.28.5-0ubuntu0.18.04.2 Mime-Version: 1.0 X-SRS-Rewrite: SMTP reverse-path rewritten from by merlin.infradead.org. See http://www.infradead.org/rpr.html Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org --=-s5323ca3rhxaqo0/GcDc Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Mon, 2020-11-30 at 17:15 +0000, Joao Martins wrote: > On 11/30/20 4:48 PM, David Woodhouse wrote: > > On Mon, 2020-11-30 at 15:08 +0000, Joao Martins wrote: > > > On 11/30/20 12:55 PM, David Woodhouse wrote: > > > > On Mon, 2020-11-30 at 12:17 +0000, Joao Martins wrote: > > > > > On 11/30/20 9:41 AM, David Woodhouse wrote: > > > > > > On Wed, 2019-02-20 at 20:15 +0000, Joao Martins wrote: > > > > >=20 > > > > > One thing I didn't quite do at the time, is the whitelisting of u= nregistered > > > > > ports to userspace. ... > But felt it was still worth having this discussion ... should this be > considered or discarded. I suppose we stick with the later for now. Ack. Duly discarded :) > > > > > Perhaps eventfd could be a way to express this? Like if you regis= ter > > > > > without an eventfd it's offloaded, otherwise it's assigned to use= rspace, > > > > > or if neither it's then returned an error without bothering the V= MM. > > > >=20 > > > > I much prefer the simple model where the *only* event channels that= the > > > > kernel knows about are the ones it's expected to handle. > > > >=20 > > > > For any others, the bypass doesn't kick in, and userspace gets the > > > > KVM_EXIT_HYPERCALL exit. > > > >=20 > > >=20 > > > /me nods > > >=20 > > > I should comment on your other patch but: if we're going to make it g= eneric for > > > the userspace hypercall handling, might as well move hyper-v there to= o. In this series, > > > I added KVM_EXIT_XEN, much like it exists KVM_EXIT_HYPERV -- but with= a generic version > > > I wonder if a capability could gate KVM_EXIT_HYPERCALL to handle both= guest types, while > > > disabling KVM_EXIT_HYPERV. But this is probably subject of its own se= parate patch :) > >=20 > > There's a limit to how much consolidation we can do because the ABI is > > different; the args are in different registers. > >=20 >=20 > Yes. It would be optionally enabled of course and VMM would have to adjus= t to the new ABI > -- surely wouldn't want to break current users of KVM_EXIT_HYPERV. True, but that means we'd have to keep KVM_EXIT_HYPERV around anyway, and can't actually *remove* it. The "consolidation" gives us more complexity, not less. > > I do suspect Hyper-V should have marshalled its arguments into the > > existing kvm_run->arch.hypercall and used KVM_EXIT_HYPERCALL but I > > don't think it makes sense to change it now since it's a user-facing > > ABI. I don't want to follow its lead by inventing *another* gratuitous > > exit type for Xen though. > >=20 >=20 > I definitely like the KVM_EXIT_HYPERCALL better than a KVM_EXIT_XEN users= pace > exit type ;) >=20 > But I guess you still need to co-relate a type of hypercall (Xen guest ca= p enabled?) to > tell it's Xen or KVM to specially enlighten certain opcodes (EVTCHNOP_sen= d). Sure, but if the VMM doesn't know what kind of guest it's hosting, we have bigger problems... :) --=-s5323ca3rhxaqo0/GcDc Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Disposition: attachment; filename="smime.p7s" Content-Transfer-Encoding: base64 MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCCECow ggUcMIIEBKADAgECAhEA4rtJSHkq7AnpxKUY8ZlYZjANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UE BhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgG A1UEChMRQ09NT0RPIENBIExpbWl0ZWQxPTA7BgNVBAMTNENPTU9ETyBSU0EgQ2xpZW50IEF1dGhl bnRpY2F0aW9uIGFuZCBTZWN1cmUgRW1haWwgQ0EwHhcNMTkwMTAyMDAwMDAwWhcNMjIwMTAxMjM1 OTU5WjAkMSIwIAYJKoZIhvcNAQkBFhNkd213MkBpbmZyYWRlYWQub3JnMIIBIjANBgkqhkiG9w0B AQEFAAOCAQ8AMIIBCgKCAQEAsv3wObLTCbUA7GJqKj9vHGf+Fa+tpkO+ZRVve9EpNsMsfXhvFpb8 RgL8vD+L133wK6csYoDU7zKiAo92FMUWaY1Hy6HqvVr9oevfTV3xhB5rQO1RHJoAfkvhy+wpjo7Q cXuzkOpibq2YurVStHAiGqAOMGMXhcVGqPuGhcVcVzVUjsvEzAV9Po9K2rpZ52FE4rDkpDK1pBK+ uOAyOkgIg/cD8Kugav5tyapydeWMZRJQH1vMQ6OVT24CyAn2yXm2NgTQMS1mpzStP2ioPtTnszIQ Ih7ASVzhV6csHb8Yrkx8mgllOyrt9Y2kWRRJFm/FPRNEurOeNV6lnYAXOymVJwIDAQABo4IB0zCC Ac8wHwYDVR0jBBgwFoAUgq9sjPjF/pZhfOgfPStxSF7Ei8AwHQYDVR0OBBYEFLfuNf820LvaT4AK xrGK3EKx1DE7MA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUF BwMEBggrBgEFBQcDAjBGBgNVHSAEPzA9MDsGDCsGAQQBsjEBAgEDBTArMCkGCCsGAQUFBwIBFh1o dHRwczovL3NlY3VyZS5jb21vZG8ubmV0L0NQUzBaBgNVHR8EUzBRME+gTaBLhklodHRwOi8vY3Js LmNvbW9kb2NhLmNvbS9DT01PRE9SU0FDbGllbnRBdXRoZW50aWNhdGlvbmFuZFNlY3VyZUVtYWls Q0EuY3JsMIGLBggrBgEFBQcBAQR/MH0wVQYIKwYBBQUHMAKGSWh0dHA6Ly9jcnQuY29tb2RvY2Eu Y29tL0NPTU9ET1JTQUNsaWVudEF1dGhlbnRpY2F0aW9uYW5kU2VjdXJlRW1haWxDQS5jcnQwJAYI KwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmNvbW9kb2NhLmNvbTAeBgNVHREEFzAVgRNkd213MkBpbmZy YWRlYWQub3JnMA0GCSqGSIb3DQEBCwUAA4IBAQALbSykFusvvVkSIWttcEeifOGGKs7Wx2f5f45b nv2ghcxK5URjUvCnJhg+soxOMoQLG6+nbhzzb2rLTdRVGbvjZH0fOOzq0LShq0EXsqnJbbuwJhK+ PnBtqX5O23PMHutP1l88AtVN+Rb72oSvnD+dK6708JqqUx2MAFLMevrhJRXLjKb2Mm+/8XBpEw+B 7DisN4TMlLB/d55WnT9UPNHmQ+3KFL7QrTO8hYExkU849g58Dn3Nw3oCbMUgny81ocrLlB2Z5fFG Qu1AdNiBA+kg/UxzyJZpFbKfCITd5yX49bOriL692aMVDyqUvh8fP+T99PqorH4cIJP6OxSTdxKM MIIFHDCCBASgAwIBAgIRAOK7SUh5KuwJ6cSlGPGZWGYwDQYJKoZIhvcNAQELBQAwgZcxCzAJBgNV BAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAY BgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMT0wOwYDVQQDEzRDT01PRE8gUlNBIENsaWVudCBBdXRo ZW50aWNhdGlvbiBhbmQgU2VjdXJlIEVtYWlsIENBMB4XDTE5MDEwMjAwMDAwMFoXDTIyMDEwMTIz NTk1OVowJDEiMCAGCSqGSIb3DQEJARYTZHdtdzJAaW5mcmFkZWFkLm9yZzCCASIwDQYJKoZIhvcN AQEBBQADggEPADCCAQoCggEBALL98Dmy0wm1AOxiaio/bxxn/hWvraZDvmUVb3vRKTbDLH14bxaW /EYC/Lw/i9d98CunLGKA1O8yogKPdhTFFmmNR8uh6r1a/aHr301d8YQea0DtURyaAH5L4cvsKY6O 0HF7s5DqYm6tmLq1UrRwIhqgDjBjF4XFRqj7hoXFXFc1VI7LxMwFfT6PStq6WedhROKw5KQytaQS vrjgMjpICIP3A/CroGr+bcmqcnXljGUSUB9bzEOjlU9uAsgJ9sl5tjYE0DEtZqc0rT9oqD7U57My ECIewElc4VenLB2/GK5MfJoJZTsq7fWNpFkUSRZvxT0TRLqznjVepZ2AFzsplScCAwEAAaOCAdMw ggHPMB8GA1UdIwQYMBaAFIKvbIz4xf6WYXzoHz0rcUhexIvAMB0GA1UdDgQWBBS37jX/NtC72k+A CsaxitxCsdQxOzAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEF BQcDBAYIKwYBBQUHAwIwRgYDVR0gBD8wPTA7BgwrBgEEAbIxAQIBAwUwKzApBggrBgEFBQcCARYd aHR0cHM6Ly9zZWN1cmUuY29tb2RvLm5ldC9DUFMwWgYDVR0fBFMwUTBPoE2gS4ZJaHR0cDovL2Ny bC5jb21vZG9jYS5jb20vQ09NT0RPUlNBQ2xpZW50QXV0aGVudGljYXRpb25hbmRTZWN1cmVFbWFp bENBLmNybDCBiwYIKwYBBQUHAQEEfzB9MFUGCCsGAQUFBzAChklodHRwOi8vY3J0LmNvbW9kb2Nh LmNvbS9DT01PRE9SU0FDbGllbnRBdXRoZW50aWNhdGlvbmFuZFNlY3VyZUVtYWlsQ0EuY3J0MCQG CCsGAQUFBzABhhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wHgYDVR0RBBcwFYETZHdtdzJAaW5m cmFkZWFkLm9yZzANBgkqhkiG9w0BAQsFAAOCAQEAC20spBbrL71ZEiFrbXBHonzhhirO1sdn+X+O W579oIXMSuVEY1LwpyYYPrKMTjKECxuvp24c829qy03UVRm742R9Hzjs6tC0oatBF7KpyW27sCYS vj5wbal+TttzzB7rT9ZfPALVTfkW+9qEr5w/nSuu9PCaqlMdjABSzHr64SUVy4ym9jJvv/FwaRMP gew4rDeEzJSwf3eeVp0/VDzR5kPtyhS+0K0zvIWBMZFPOPYOfA59zcN6AmzFIJ8vNaHKy5QdmeXx RkLtQHTYgQPpIP1Mc8iWaRWynwiE3ecl+PWzq4i+vdmjFQ8qlL4fHz/k/fT6qKx+HCCT+jsUk3cS jDCCBeYwggPOoAMCAQICEGqb4Tg7/ytrnwHV2binUlYwDQYJKoZIhvcNAQEMBQAwgYUxCzAJBgNV BAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAY BgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMSswKQYDVQQDEyJDT01PRE8gUlNBIENlcnRpZmljYXRp b24gQXV0aG9yaXR5MB4XDTEzMDExMDAwMDAwMFoXDTI4MDEwOTIzNTk1OVowgZcxCzAJBgNVBAYT AkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNV BAoTEUNPTU9ETyBDQSBMaW1pdGVkMT0wOwYDVQQDEzRDT01PRE8gUlNBIENsaWVudCBBdXRoZW50 aWNhdGlvbiBhbmQgU2VjdXJlIEVtYWlsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC AQEAvrOeV6wodnVAFsc4A5jTxhh2IVDzJXkLTLWg0X06WD6cpzEup/Y0dtmEatrQPTRI5Or1u6zf +bGBSyD9aH95dDSmeny1nxdlYCeXIoymMv6pQHJGNcIDpFDIMypVpVSRsivlJTRENf+RKwrB6vcf WlP8dSsE3Rfywq09N0ZfxcBa39V0wsGtkGWC+eQKiz4pBZYKjrc5NOpG9qrxpZxyb4o4yNNwTqza aPpGRqXB7IMjtf7tTmU2jqPMLxFNe1VXj9XB1rHvbRikw8lBoNoSWY66nJN/VCJv5ym6Q0mdCbDK CMPybTjoNCQuelc0IAaO4nLUXk0BOSxSxt8kCvsUtQIDAQABo4IBPDCCATgwHwYDVR0jBBgwFoAU u69+Aj36pvE8hI6t7jiY7NkyMtQwHQYDVR0OBBYEFIKvbIz4xf6WYXzoHz0rcUhexIvAMA4GA1Ud DwEB/wQEAwIBhjASBgNVHRMBAf8ECDAGAQH/AgEAMBEGA1UdIAQKMAgwBgYEVR0gADBMBgNVHR8E RTBDMEGgP6A9hjtodHRwOi8vY3JsLmNvbW9kb2NhLmNvbS9DT01PRE9SU0FDZXJ0aWZpY2F0aW9u QXV0aG9yaXR5LmNybDBxBggrBgEFBQcBAQRlMGMwOwYIKwYBBQUHMAKGL2h0dHA6Ly9jcnQuY29t b2RvY2EuY29tL0NPTU9ET1JTQUFkZFRydXN0Q0EuY3J0MCQGCCsGAQUFBzABhhhodHRwOi8vb2Nz cC5jb21vZG9jYS5jb20wDQYJKoZIhvcNAQEMBQADggIBAHhcsoEoNE887l9Wzp+XVuyPomsX9vP2 SQgG1NgvNc3fQP7TcePo7EIMERoh42awGGsma65u/ITse2hKZHzT0CBxhuhb6txM1n/y78e/4ZOs 0j8CGpfb+SJA3GaBQ+394k+z3ZByWPQedXLL1OdK8aRINTsjk/H5Ns77zwbjOKkDamxlpZ4TKSDM KVmU/PUWNMKSTvtlenlxBhh7ETrN543j/Q6qqgCWgWuMAXijnRglp9fyadqGOncjZjaaSOGTTFB+ E2pvOUtY+hPebuPtTbq7vODqzCM6ryEhNhzf+enm0zlpXK7q332nXttNtjv7VFNYG+I31gnMrwfH M5tdhYF/8v5UY5g2xANPECTQdu9vWPoqNSGDt87b3gXb1AiGGaI06vzgkejL580ul+9hz9D0S0U4 jkhJiA7EuTecP/CFtR72uYRBcunwwH3fciPjviDDAI9SnC/2aPY8ydehzuZutLbZdRJ5PDEJM/1t yZR2niOYihZ+FCbtf3D9mB12D4ln9icgc7CwaxpNSCPt8i/GqK2HsOgkL3VYnwtx7cJUmpvVdZ4o gnzgXtgtdk3ShrtOS1iAN2ZBXFiRmjVzmehoMof06r1xub+85hFQzVxZx5/bRaTKTlL8YXLI8nAb R9HWdFqzcOoB/hxfEyIQpx9/s81rgzdEZOofSlZHynoSMYIDyjCCA8YCAQEwga0wgZcxCzAJBgNV BAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAY BgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMT0wOwYDVQQDEzRDT01PRE8gUlNBIENsaWVudCBBdXRo ZW50aWNhdGlvbiBhbmQgU2VjdXJlIEVtYWlsIENBAhEA4rtJSHkq7AnpxKUY8ZlYZjANBglghkgB ZQMEAgEFAKCCAe0wGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMjAx MTMwMTgwMTI1WjAvBgkqhkiG9w0BCQQxIgQgwXl927HAxRTqTTZ+51IbY/dubcEYhlrL0HyvDVKR VM8wgb4GCSsGAQQBgjcQBDGBsDCBrTCBlzELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIg TWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQx PTA7BgNVBAMTNENPTU9ETyBSU0EgQ2xpZW50IEF1dGhlbnRpY2F0aW9uIGFuZCBTZWN1cmUgRW1h aWwgQ0ECEQDiu0lIeSrsCenEpRjxmVhmMIHABgsqhkiG9w0BCRACCzGBsKCBrTCBlzELMAkGA1UE BhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgG A1UEChMRQ09NT0RPIENBIExpbWl0ZWQxPTA7BgNVBAMTNENPTU9ETyBSU0EgQ2xpZW50IEF1dGhl bnRpY2F0aW9uIGFuZCBTZWN1cmUgRW1haWwgQ0ECEQDiu0lIeSrsCenEpRjxmVhmMA0GCSqGSIb3 DQEBAQUABIIBAH9NWd3Z4kXXIe+7bpzW+TLkp4b8i1SC8MYuPRtpcCmz2EFhAIEHnVeHGq76ekPO qCmNgt7smOmhg2s+8ESBBIaV5PlhwuYD49ImRJPZraKfHkXez5tfsHQ1lFiFemVfDpJEZy+6N2BF Sagnf+j97gOQUJhQy6lIS6zGk4vgpBOMXIg0Mz/lrUpN7TXxLXEumIWrAxiNPrV/ott71AZPGnxZ 01gUEOL6rkwXpshCROSksCGTviAjJvBwLhTuKygwea15cmezDeLjecCrDp+jh3vXirMhtqzy35MG QJQXVQCZ/ar368M93yCO04AVl0GNHVeKUsKPybSZkeQyJGh4XawAAAAAAAA= --=-s5323ca3rhxaqo0/GcDc--