Received: by 2002:a05:7412:31a9:b0:e2:908c:2ebd with SMTP id et41csp6133696rdb; Mon, 18 Sep 2023 05:22:46 -0700 (PDT) X-Google-Smtp-Source: AGHT+IF2mhIciRkMPOH5ZA4B4MwmPL6BuU/3gFaC5TeqLWU490jPuQW80oOjIDg8+RqEW8ltIkBk X-Received: by 2002:a17:90a:c706:b0:276:86e0:2e45 with SMTP id o6-20020a17090ac70600b0027686e02e45mr627624pjt.43.1695039766014; Mon, 18 Sep 2023 05:22:46 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1695039765; cv=none; d=google.com; s=arc-20160816; b=t1W6X3SDpca6jwNacSp0YhsFT+aQMMvscw7wDsaAp3VjLRyTcr7hFte4L3ojsHVpn+ T+8+OfxAkDPpBrR+3hO2DVZfX3eT2PSCRd+DTYHJA6rNgDElhFynW58QBuhl57qzxZh+ lYOhbJ2bCukE5G/HSP9mTMuJNQJ+xacfPXln00bmn94AgFY2mOnnDVWZ1HMNJPMrzMsE fCpXe82QJQsLmA2ITQltXIU76+hKnRHbhGkG316fi9hMNFNQMkjtZw1o5fY3phEYSXX4 OsbXat+IAI3SlsmkcvZ8TWkydqVjf7oK0t0ld4SdSGLRr4zv87vcWrGkqLSKhbuFnHtT 8Vxw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:user-agent:references:in-reply-to :date:cc:to:from:subject:message-id:dkim-signature; bh=DcmiIAQVHRq60isA5KdbUrcOnbqih4hHehoz7kNm28E=; fh=Xdgy5lI7uxegMLto2G8xPkelawk6w6ZrEYWx6F16z30=; b=d9LbQa273dPU4efnIEKFtPT8jJgucM0wEqXM3N3mY7LZ/OEhhM+bae2eXpfOBBUa+G YRdz9LSa8nEhjfUJN6grECDK1gWI49WeFLTgRxTTLpC04bS4MjNY+emYlyUMQn3AHxqu 0/BX/ow/pGO/yLdLfA21HEA6/sBa/QmtpT+0VcvxmUSKAqmL924Q8Co6wSSz07CGwzwV VRslybZdolXdO05caxwQdJHLiqWW6p0Rt9RGZqumIfmm4WHjrIeFs0YPbhID+TlNfb7m 7F4QZUGHHko1Arh55/LCmBctQcaMHQsQUuuJ5xHs8hnDu+Nhvm8+YxeQq9MkCsmXj9r/ CmeA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@infradead.org header.s=casper.20170209 header.b=DcYQlqe1; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from snail.vger.email (snail.vger.email. [23.128.96.37]) by mx.google.com with ESMTPS id q9-20020a17090a178900b00262ee7c6cafsi7933804pja.87.2023.09.18.05.22.25 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 18 Sep 2023 05:22:45 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) client-ip=23.128.96.37; Authentication-Results: mx.google.com; dkim=pass header.i=@infradead.org header.s=casper.20170209 header.b=DcYQlqe1; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by snail.vger.email (Postfix) with ESMTP id 228DB804ACF2; Mon, 18 Sep 2023 04:12:30 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at snail.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S241350AbjIRLLt (ORCPT + 99 others); Mon, 18 Sep 2023 07:11:49 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41622 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S239114AbjIRLLP (ORCPT ); Mon, 18 Sep 2023 07:11:15 -0400 Received: from casper.infradead.org (casper.infradead.org [IPv6:2001:8b0:10b:1236::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 91FAC130; Mon, 18 Sep 2023 04:10:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=MIME-Version:Content-Type:References: In-Reply-To:Date:Cc:To:From:Subject:Message-ID:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=DcmiIAQVHRq60isA5KdbUrcOnbqih4hHehoz7kNm28E=; b=DcYQlqe1JK/l2NcdrF0m5auNSh J+bTQrLCKOKkVRHezPFl4PrllsLsEMoayZRPf7q1VKA+fNlY/f3/BDGhxl5pTaXyNoUfLb0/vj26R Gn12JL6vRimvuPQeWbBww8QFETciBMR7CRQGxJD7PwMcpM8ZxBGzSfbx2kzUj08AjwHrKERgMSg1x ZNPIqh5sTjnqH5HpVQuaV9p7xS+uSn4fpOd5pT9Q6jydgM1kYCq2Su4NXFL3z8Zq2EtAM+I3Uzgul AEDkoRpEUCn9RohO+wbYLO+aE2ZrVHY2ETNJCd/gKRuDKEhiSTYftU47mf9oI7SNyqhszi3VI9iOL KesnNNgg==; Received: from [2001:8b0:10b:5:cea0:d147:7c2e:9e61] (helo=u3832b3a9db3152.ant.amazon.com) by casper.infradead.org with esmtpsa (Exim 4.94.2 #2 (Red Hat Linux)) id 1qiC9C-00AeCQ-OA; Mon, 18 Sep 2023 11:10:34 +0000 Message-ID: Subject: Re: [RFC] KVM: x86: Allow userspace exit on HLT and MWAIT, else yield on MWAIT From: David Woodhouse To: Alexander Graf , kvm@vger.kernel.org, Peter Zijlstra Cc: Sean Christopherson , Paolo Bonzini , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , linux-kernel@vger.kernel.org, Nicolas Saenz Julienne , "Griffoul, Fred" Date: Mon, 18 Sep 2023 13:10:34 +0200 In-Reply-To: <63b382bf-d1fb-464f-ab06-4185f796a85f@amazon.de> References: <1b52b557beb6606007f7ec5672eab0adf1606a34.camel@infradead.org> <63b382bf-d1fb-464f-ab06-4185f796a85f@amazon.de> Content-Type: multipart/signed; micalg="sha-256"; protocol="application/pkcs7-signature"; boundary="=-wBCmAjOCBoLK8Ewnyrpy" User-Agent: Evolution 3.44.4-0ubuntu2 MIME-Version: 1.0 X-SRS-Rewrite: SMTP reverse-path rewritten from by casper.infradead.org. See http://www.infradead.org/rpr.html X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_BLOCKED, SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (snail.vger.email [0.0.0.0]); Mon, 18 Sep 2023 04:12:30 -0700 (PDT) --=-wBCmAjOCBoLK8Ewnyrpy Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Mon, 2023-09-18 at 11:41 +0200, Alexander Graf wrote: >=20 > IIUC you want to do work in a user space vCPU thread when the guest vCPU= =20 > is idle. As you pointed out above, KVM can not actually do much about > MWAIT: It basically busy loops and hogs the CPU. Well.. I suspect what I *really* want is a decent way to emulate MWAIT properly and let it actually sleep. Or failing that, to declare that we can actually change the guest-visible experience when those guests are migrated to KVM, and take away MWAIT completely. > The typical flow I would expect for "work in a vCPU thread" is: >=20 > 0) vCPU runs. HLT/MWAIT is directly exposed to guest. > 1) vCPU exits. Creates deferred work. Enables HLT/MWAIT trapping. That can happen, but it may also be a separate I/O thread which receives an eventfd notification and finds that there is now work to be done. If that work can be fairly much instantaneous, it can be done immediately. Else it gets deferred to what we Linux hackers might think of as a workqueue. If all the vCPUs are in HLT when the work queue becomes non-empty, we'd need to prod them *all* to change their exit-on-{HLT,MWAIT} status when work becomes available, just in case one of them becomes idle and can process the work "for free" using idle cycles. > 2) vCPU runs again > 3) vCPU calls HLT/MWAIT. We exit to user space to finish work from 1 > 4) vCPU runs again without HLT/MWAIT trapping > > That means on top (or instead?) of the bits you have below that indicate= =20 > "Should I exit to user space?", what you really need are bits that do > what enable_cap(KVM_CAP_X86_DISABLE_EXITS) does in light-weight: Disable= =20 > HLT/MWAIT trapping temporarily. If I do it that way, yes. A lightweight way to enable/disable the exits even to kernel would be a nice to have. But it's a trade-off. For HLT you'd get lower latency re-entering the vCPU at a cost of much higher latency processing work if the vCPU was *already* in HLT. We probably would want to stop burning power in the MWAIT loop though, and let the pCPU sit in the guest in MWAIT if there really is nothing else to do. We're experimenting with various permutations. > Also, please keep in mind that you still would need a fallback mechanism= =20 > to run your "deferred work" even when the guest does not call HLT/MWAIT,= =20 > like a regular timer in your main thread. Yeah. In that case I think the ideal answer is that we let the kernel scheduler sort it out. I was thinking of a model where we have I/O (or workqueue) threads in *addition* to the userspace exits on idle. The separate threads own the work (and a number of them are woken according to the queue depth), and idle vCPUs *opportunistically* process work items on top of that. That approach alone would work fine with the existing HLT scheduling; it's just MWAIT which is a pain because yield() doesn't really do much (but as noted, it's better than *nothing*). > On top of all this, I'm not sure it's more efficient to do the trap to= =20 > the vCPU thread compared to just creating a separate real thread. Your= =20 > main problem is the emulatability of MWAIT because that leaves "no time"= =20 > to do deferred work. But then again, if your deferred work is so complex= =20 > that it needs more than a few ms (which you can always steal from the > vCPU thread, especiall with yield()), you'll need to start implementing= =20 > time slicing of that work in user space next - and basically rebuild=20 > your own scheduler there. Ugh. > > IMHO the real core value of this idea would be in a vcpu_run bit that on= =20 > VCPU_RUN can toggle between HLT/MWAIT intercept on and off. The actual= =20 > trap to user space, you're most likely better off with a separate thread. No, that's very much not the point. The problem is that yield() doesn't work well enough =E2=80=94 and isn't designed or guaranteed to do anything = in particular for most cases. It's better than *nothing* but we want the opportunity to do the actual work right there in the *loop* of the guest bouncing through MWAIT. --=-wBCmAjOCBoLK8Ewnyrpy Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Disposition: attachment; filename="smime.p7s" Content-Transfer-Encoding: base64 MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCCEkQw ggYQMIID+KADAgECAhBNlCwQ1DvglAnFgS06KwZPMA0GCSqGSIb3DQEBDAUAMIGIMQswCQYDVQQG EwJVUzETMBEGA1UECBMKTmV3IEplcnNleTEUMBIGA1UEBxMLSmVyc2V5IENpdHkxHjAcBgNVBAoT FVRoZSBVU0VSVFJVU1QgTmV0d29yazEuMCwGA1UEAxMlVVNFUlRydXN0IFJTQSBDZXJ0aWZpY2F0 aW9uIEF1dGhvcml0eTAeFw0xODExMDIwMDAwMDBaFw0zMDEyMzEyMzU5NTlaMIGWMQswCQYDVQQG EwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRgwFgYD VQQKEw9TZWN0aWdvIExpbWl0ZWQxPjA8BgNVBAMTNVNlY3RpZ28gUlNBIENsaWVudCBBdXRoZW50 aWNhdGlvbiBhbmQgU2VjdXJlIEVtYWlsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC AQEAyjztlApB/975Rrno1jvm2pK/KxBOqhq8gr2+JhwpKirSzZxQgT9tlC7zl6hn1fXjSo5MqXUf ItMltrMaXqcESJuK8dtK56NCSrq4iDKaKq9NxOXFmqXX2zN8HHGjQ2b2Xv0v1L5Nk1MQPKA19xeW QcpGEGFUUd0kN+oHox+L9aV1rjfNiCj3bJk6kJaOPabPi2503nn/ITX5e8WfPnGw4VuZ79Khj1YB rf24k5Ee1sLTHsLtpiK9OjG4iQRBdq6Z/TlVx/hGAez5h36bBJMxqdHLpdwIUkTqT8se3ed0PewD ch/8kHPo5fZl5u1B0ecpq/sDN/5sCG52Ds+QU5O5EwIDAQABo4IBZDCCAWAwHwYDVR0jBBgwFoAU U3m/WqorSs9UgOHYm8Cd8rIDZsswHQYDVR0OBBYEFAnA8vwL2pTbX/4r36iZQs/J4K0AMA4GA1Ud DwEB/wQEAwIBhjASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEF BQcDBDARBgNVHSAECjAIMAYGBFUdIAAwUAYDVR0fBEkwRzBFoEOgQYY/aHR0cDovL2NybC51c2Vy dHJ1c3QuY29tL1VTRVJUcnVzdFJTQUNlcnRpZmljYXRpb25BdXRob3JpdHkuY3JsMHYGCCsGAQUF BwEBBGowaDA/BggrBgEFBQcwAoYzaHR0cDovL2NydC51c2VydHJ1c3QuY29tL1VTRVJUcnVzdFJT QUFkZFRydXN0Q0EuY3J0MCUGCCsGAQUFBzABhhlodHRwOi8vb2NzcC51c2VydHJ1c3QuY29tMA0G CSqGSIb3DQEBDAUAA4ICAQBBRHUAqznCFfXejpVtMnFojADdF9d6HBA4kMjjsb0XMZHztuOCtKF+ xswhh2GqkW5JQrM8zVlU+A2VP72Ky2nlRA1GwmIPgou74TZ/XTarHG8zdMSgaDrkVYzz1g3nIVO9 IHk96VwsacIvBF8JfqIs+8aWH2PfSUrNxP6Ys7U0sZYx4rXD6+cqFq/ZW5BUfClN/rhk2ddQXyn7 kkmka2RQb9d90nmNHdgKrwfQ49mQ2hWQNDkJJIXwKjYA6VUR/fZUFeCUisdDe/0ABLTI+jheXUV1 eoYV7lNwNBKpeHdNuO6Aacb533JlfeUHxvBz9OfYWUiXu09sMAviM11Q0DuMZ5760CdO2VnpsXP4 KxaYIhvqPqUMWqRdWyn7crItNkZeroXaecG03i3mM7dkiPaCkgocBg0EBYsbZDZ8bsG3a08LwEsL 1Ygz3SBsyECa0waq4hOf/Z85F2w2ZpXfP+w8q4ifwO90SGZZV+HR/Jh6rEaVPDRF/CEGVqR1hiuQ OZ1YL5ezMTX0ZSLwrymUE0pwi/KDaiYB15uswgeIAcA6JzPFf9pLkAFFWs1QNyN++niFhsM47qod x/PL+5jR87myx5uYdBEQkkDc+lKB1Wct6ucXqm2EmsaQ0M95QjTmy+rDWjkDYdw3Ms6mSWE3Bn7i 5ZgtwCLXgAIe5W8mybM2JzCCBhQwggT8oAMCAQICEQDGvhmWZ0DEAx0oURL6O6l+MA0GCSqGSIb3 DQEBCwUAMIGWMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYD VQQHEwdTYWxmb3JkMRgwFgYDVQQKEw9TZWN0aWdvIExpbWl0ZWQxPjA8BgNVBAMTNVNlY3RpZ28g UlNBIENsaWVudCBBdXRoZW50aWNhdGlvbiBhbmQgU2VjdXJlIEVtYWlsIENBMB4XDTIyMDEwNzAw MDAwMFoXDTI1MDEwNjIzNTk1OVowJDEiMCAGCSqGSIb3DQEJARYTZHdtdzJAaW5mcmFkZWFkLm9y ZzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALQ3GpC2bomUqk+91wLYBzDMcCj5C9m6 oZaHwvmIdXftOgTbCJXADo6G9T7BBAebw2JV38EINgKpy/ZHh7htyAkWYVoFsFPrwHounto8xTsy SSePMiPlmIdQ10BcVSXMUJ3Juu16GlWOnAMJY2oYfEzmE7uT9YgcBqKCo65pTFmOnR/VVbjJk4K2 xE34GC2nAdUQkPFuyaFisicc6HRMOYXPuF0DuwITEKnjxgNjP+qDrh0db7PAjO1D4d5ftfrsf+kd RR4gKVGSk8Tz2WwvtLAroJM4nXjNPIBJNT4w/FWWc/5qPHJy2U+eITZ5LLE5s45mX2oPFknWqxBo bQZ8a9dsZ3dSPZBvE9ZrmtFLrVrN4eo1jsXgAp1+p7bkfqd3BgBEmfsYWlBXO8rVXfvPgLs32VdV NZxb/CDWPqBsiYv0Hv3HPsz07j5b+/cVoWqyHDKzkaVbxfq/7auNVRmPB3v5SWEsH8xi4Bez2V9U KxfYCnqsjp8RaC2/khxKt0A552Eaxnz/4ly/2C7wkwTQnBmdlFYhAflWKQ03Ufiu8t3iBE3VJbc2 5oMrglj7TRZrmKq3CkbFnX0fyulB+kHimrt6PIWn7kgyl9aelIl6vtbhMA+l0nfrsORMa4kobqQ5 C5rveVgmcIad67EDa+UqEKy/GltUwlSh6xy+TrK1tzDvAgMBAAGjggHMMIIByDAfBgNVHSMEGDAW gBQJwPL8C9qU21/+K9+omULPyeCtADAdBgNVHQ4EFgQUzMeDMcimo0oz8o1R1Nver3ZVpSkwDgYD VR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwQGCCsGAQUFBwMC MEAGA1UdIAQ5MDcwNQYMKwYBBAGyMQECAQEBMCUwIwYIKwYBBQUHAgEWF2h0dHBzOi8vc2VjdGln by5jb20vQ1BTMFoGA1UdHwRTMFEwT6BNoEuGSWh0dHA6Ly9jcmwuc2VjdGlnby5jb20vU2VjdGln b1JTQUNsaWVudEF1dGhlbnRpY2F0aW9uYW5kU2VjdXJlRW1haWxDQS5jcmwwgYoGCCsGAQUFBwEB BH4wfDBVBggrBgEFBQcwAoZJaHR0cDovL2NydC5zZWN0aWdvLmNvbS9TZWN0aWdvUlNBQ2xpZW50 QXV0aGVudGljYXRpb25hbmRTZWN1cmVFbWFpbENBLmNydDAjBggrBgEFBQcwAYYXaHR0cDovL29j c3Auc2VjdGlnby5jb20wHgYDVR0RBBcwFYETZHdtdzJAaW5mcmFkZWFkLm9yZzANBgkqhkiG9w0B AQsFAAOCAQEAyW6MUir5dm495teKqAQjDJwuFCi35h4xgnQvQ/fzPXmtR9t54rpmI2TfyvcKgOXp qa7BGXNFfh1JsqexVkIqZP9uWB2J+uVMD+XZEs/KYNNX2PvIlSPrzIB4Z2wyIGQpaPLlYflrrVFK v9CjT2zdqvy2maK7HKOQRt3BiJbVG5lRiwbbygldcALEV9ChWFfgSXvrWDZspnU3Gjw/rMHrGnql Htlyebp3pf3fSS9kzQ1FVtVIDrL6eqhTwJxe+pXSMMqFiN0whpBtXdyDjzBtQTaZJ7zTT/vlehc/ tDuqZwGHm/YJy883Ll+GP3NvOkgaRGWEuYWJJ6hFCkXYjyR9IzCCBhQwggT8oAMCAQICEQDGvhmW Z0DEAx0oURL6O6l+MA0GCSqGSIb3DQEBCwUAMIGWMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3Jl YXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRgwFgYDVQQKEw9TZWN0aWdvIExpbWl0 ZWQxPjA8BgNVBAMTNVNlY3RpZ28gUlNBIENsaWVudCBBdXRoZW50aWNhdGlvbiBhbmQgU2VjdXJl IEVtYWlsIENBMB4XDTIyMDEwNzAwMDAwMFoXDTI1MDEwNjIzNTk1OVowJDEiMCAGCSqGSIb3DQEJ ARYTZHdtdzJAaW5mcmFkZWFkLm9yZzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALQ3 GpC2bomUqk+91wLYBzDMcCj5C9m6oZaHwvmIdXftOgTbCJXADo6G9T7BBAebw2JV38EINgKpy/ZH h7htyAkWYVoFsFPrwHounto8xTsySSePMiPlmIdQ10BcVSXMUJ3Juu16GlWOnAMJY2oYfEzmE7uT 9YgcBqKCo65pTFmOnR/VVbjJk4K2xE34GC2nAdUQkPFuyaFisicc6HRMOYXPuF0DuwITEKnjxgNj P+qDrh0db7PAjO1D4d5ftfrsf+kdRR4gKVGSk8Tz2WwvtLAroJM4nXjNPIBJNT4w/FWWc/5qPHJy 2U+eITZ5LLE5s45mX2oPFknWqxBobQZ8a9dsZ3dSPZBvE9ZrmtFLrVrN4eo1jsXgAp1+p7bkfqd3 BgBEmfsYWlBXO8rVXfvPgLs32VdVNZxb/CDWPqBsiYv0Hv3HPsz07j5b+/cVoWqyHDKzkaVbxfq/ 7auNVRmPB3v5SWEsH8xi4Bez2V9UKxfYCnqsjp8RaC2/khxKt0A552Eaxnz/4ly/2C7wkwTQnBmd lFYhAflWKQ03Ufiu8t3iBE3VJbc25oMrglj7TRZrmKq3CkbFnX0fyulB+kHimrt6PIWn7kgyl9ae lIl6vtbhMA+l0nfrsORMa4kobqQ5C5rveVgmcIad67EDa+UqEKy/GltUwlSh6xy+TrK1tzDvAgMB AAGjggHMMIIByDAfBgNVHSMEGDAWgBQJwPL8C9qU21/+K9+omULPyeCtADAdBgNVHQ4EFgQUzMeD Mcimo0oz8o1R1Nver3ZVpSkwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYw FAYIKwYBBQUHAwQGCCsGAQUFBwMCMEAGA1UdIAQ5MDcwNQYMKwYBBAGyMQECAQEBMCUwIwYIKwYB BQUHAgEWF2h0dHBzOi8vc2VjdGlnby5jb20vQ1BTMFoGA1UdHwRTMFEwT6BNoEuGSWh0dHA6Ly9j cmwuc2VjdGlnby5jb20vU2VjdGlnb1JTQUNsaWVudEF1dGhlbnRpY2F0aW9uYW5kU2VjdXJlRW1h aWxDQS5jcmwwgYoGCCsGAQUFBwEBBH4wfDBVBggrBgEFBQcwAoZJaHR0cDovL2NydC5zZWN0aWdv LmNvbS9TZWN0aWdvUlNBQ2xpZW50QXV0aGVudGljYXRpb25hbmRTZWN1cmVFbWFpbENBLmNydDAj BggrBgEFBQcwAYYXaHR0cDovL29jc3Auc2VjdGlnby5jb20wHgYDVR0RBBcwFYETZHdtdzJAaW5m cmFkZWFkLm9yZzANBgkqhkiG9w0BAQsFAAOCAQEAyW6MUir5dm495teKqAQjDJwuFCi35h4xgnQv Q/fzPXmtR9t54rpmI2TfyvcKgOXpqa7BGXNFfh1JsqexVkIqZP9uWB2J+uVMD+XZEs/KYNNX2PvI lSPrzIB4Z2wyIGQpaPLlYflrrVFKv9CjT2zdqvy2maK7HKOQRt3BiJbVG5lRiwbbygldcALEV9Ch WFfgSXvrWDZspnU3Gjw/rMHrGnqlHtlyebp3pf3fSS9kzQ1FVtVIDrL6eqhTwJxe+pXSMMqFiN0w hpBtXdyDjzBtQTaZJ7zTT/vlehc/tDuqZwGHm/YJy883Ll+GP3NvOkgaRGWEuYWJJ6hFCkXYjyR9 IzGCBMcwggTDAgEBMIGsMIGWMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVz dGVyMRAwDgYDVQQHEwdTYWxmb3JkMRgwFgYDVQQKEw9TZWN0aWdvIExpbWl0ZWQxPjA8BgNVBAMT NVNlY3RpZ28gUlNBIENsaWVudCBBdXRoZW50aWNhdGlvbiBhbmQgU2VjdXJlIEVtYWlsIENBAhEA xr4ZlmdAxAMdKFES+jupfjANBglghkgBZQMEAgEFAKCCAeswGAYJKoZIhvcNAQkDMQsGCSqGSIb3 DQEHATAcBgkqhkiG9w0BCQUxDxcNMjMwOTE4MTExMDM0WjAvBgkqhkiG9w0BCQQxIgQgxEc91/Q1 YdmUyLIeXR/bLZV1Qf2w0vPzDav1DtTxXRswgb0GCSsGAQQBgjcQBDGBrzCBrDCBljELMAkGA1UE BhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEYMBYG A1UEChMPU2VjdGlnbyBMaW1pdGVkMT4wPAYDVQQDEzVTZWN0aWdvIFJTQSBDbGllbnQgQXV0aGVu dGljYXRpb24gYW5kIFNlY3VyZSBFbWFpbCBDQQIRAMa+GZZnQMQDHShREvo7qX4wgb8GCyqGSIb3 DQEJEAILMYGvoIGsMIGWMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVy MRAwDgYDVQQHEwdTYWxmb3JkMRgwFgYDVQQKEw9TZWN0aWdvIExpbWl0ZWQxPjA8BgNVBAMTNVNl Y3RpZ28gUlNBIENsaWVudCBBdXRoZW50aWNhdGlvbiBhbmQgU2VjdXJlIEVtYWlsIENBAhEAxr4Z lmdAxAMdKFES+jupfjANBgkqhkiG9w0BAQEFAASCAgA7RTI6MU5nGLfyUSIEB6nr/IemmwqBdc9R 6guxlVdjrhWYnM9hh4YYVjIdKbUfVVWBn9MWIrTFxJM0H2+024TH5df8dpWKhNBQ3XMqpNn3tXWo AMKxQF8PJK2nnyokBY0jRuJJwZFJ4PHjIMzMgVCPuH0Zs6gk+l8t3oXsS04ui/AEIqV4Qvux9JdF k80swJ0GT43evOF0vqIWFZEJQ+QtZXHhGoYeS/eDB9sKT2lLJdWmVuSGf4CA+gqDNXbxPwoguMYG 2u8IVTt+89fdNXVNdaIf/ou5yF/FI19rTnhLRHFwRYkuuvuyb3p33cxR08Qd5eGiRSdwvKC8NfoM 6i0P22Q0G0evbLHQR8NEnv4lM612Sq8EmgewUyXESKW/k/ZnTsbCbz763mWtTc+kXSfeUb//pg0a pq03THeg3wBLMpp0hX8ytfIxMf1aYEUxHLILBKP6lLh/mvflPaHP1TVEK+fUMAEGTDHpXICSsvDU R+uNidqM4ORdRK+qeOMPNsqSffD7gnZhlAGOjRfZGOAvU/Szdife8liw3BjllJUDHnyg5pnVTFk3 0hmy+JmaANvHQ2Bs4GGMPo6/SBcm21Bdcz8NLVptHIkGvbTL08I8FRLVNbJKd0vaxVwJiLClwYZ9 jjSIrkBkcPceEBJyviWfTekJF3chKekdmW1jrOBj6QAAAAAAAA== --=-wBCmAjOCBoLK8Ewnyrpy--