Received: by 2002:ab2:69cc:0:b0:1fd:c486:4f03 with SMTP id n12csp150558lqp; Mon, 10 Jun 2024 23:14:31 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCWdliUfToJ5vXEsA2uph4t+xF8ZQUp0Xa2e1SxLe9V0+/MWiL3GZtQ8c6e/WQmb4FCjCQRISHUXSLADTNZDpWlwO4dj6i8NAlVQ/N+idg== X-Google-Smtp-Source: AGHT+IF2kc4bkL6mbzpXBkZwFx82Z+LC8E03quQ/YFNUFx3mwL3Xb4CPRrA9Ms6yjX0xguLNPET6 X-Received: by 2002:a05:6870:470a:b0:254:8666:34cf with SMTP id 586e51a60fabf-25486663cc4mr11298803fac.37.1718086471087; Mon, 10 Jun 2024 23:14:31 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1718086471; cv=pass; d=google.com; s=arc-20160816; b=ETysalmTNxrOAFI0koc5C2kB56UuTj+PJobLbnB/8XeY/Zq7PuWDef59hnOaKibBge xbFy1bTTOl1C9Z/jAemFLB08ksSvmk4LJyNz9+Vq5r35/7bIdvfTSK6GrRXKAODnmpl7 srovIFb3SwJzwojwkqwrfXrcTR8C1jd893L1CTRrERzF4Grx6diubULNto5K86hRlqPD QkIa6GizPJq19iNHZm7kQkYU7ZuZWxV4QyCzYsxBhuKxxwVIzouTN6EIOjZyPQvpBaNm hrHPzFJkX6bIkfvuqyzWVDRLb3TOCvZNdKBQXjSUF2IIbn40JrU/udLgi7Vf+e7QH2oM Yzmw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:list-unsubscribe:list-subscribe:list-id:precedence :dkim-signature; bh=Rw0yEybA58oGSenY87FDfNFGMr2HbsNIld+JH0QGeGY=; fh=pJoGD2o29PgMf6R5eXbj5GfYrQ5Fbr4IZgDMiXI++Xc=; b=cdRXlaNsSMtx7ZUhHsDaMCr0ZoO7H3JM6+7BhP58kKkmbFpbUSWnv7/CABHbbLz/VK TRFawzHyDYidg7zJd5EnP/9hsucAmlfY9511S4omVPX21fLJhzIcCNoawbIyiFuZP1Cd jQNSHH+LPvs5vCVx3kOYUarTGc0uw1Jy1CUFsGFFp4NX7tOXp3wYS7RI9BhJrdKjQMfm NzMHRHgj5GwelsGOL8SJnhDQTR3xEI/if6kM5hiBAhkhj0mYjAmxTHVysIEjfyrVSr6s G/rckNzMMLzfPZPTRZC902xlWtAmR3HpI8te6ITOwHXMOLPMuQLkIXm59DDRoBwscrFR kU9A==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=z2jDl8Yj; arc=pass (i=1 spf=pass spfdomain=google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com); spf=pass (google.com: domain of linux-kernel+bounces-209308-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-209308-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99]) by mx.google.com with ESMTPS id d2e1a72fcca58-704346cce51si4029300b3a.120.2024.06.10.23.14.30 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 10 Jun 2024 23:14:31 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-209308-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=z2jDl8Yj; arc=pass (i=1 spf=pass spfdomain=google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com); spf=pass (google.com: domain of linux-kernel+bounces-209308-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-209308-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 8EA4C283A52 for ; Tue, 11 Jun 2024 06:14:30 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 2557017108B; Tue, 11 Jun 2024 06:14:25 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="z2jDl8Yj" Received: from mail-qt1-f175.google.com (mail-qt1-f175.google.com [209.85.160.175]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8CF61171079 for ; Tue, 11 Jun 2024 06:14:22 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.160.175 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1718086464; cv=none; b=XlmIthmsa82PS/Vgo3Qv1Eor9fv0GK+VU59qRbeAfDOBKViyOh5ak7/I3wXV0KdVG3H8wz0M+PjuVwJNNdxKuPH4gmqdCa/4w9wr/DfrSpS8KuR/ceKSXGZdLoDjaECnLVoinQgX6DHEIxhhw448F1WImHAbdS6C3MB9BNfN8zE= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1718086464; c=relaxed/simple; bh=uzYvnZSrEDJuKRKlcwf09iqGICWoeHIo9Fu+ra0uNRs=; h=MIME-Version:References:In-Reply-To:From:Date:Message-ID:Subject: To:Cc:Content-Type; b=WIysDNEEHItbhKzk5rW9igFnbfNSik+MUWVWJWKuOdT7qXhV/ucqAXzuwrBMAy95eD7SHhhH8tzj4n4i+3tuJhL8idAvi+pgOFiUIJ/Q0Ml3u4UpgccrXqOaDS2Irr29O4ftZFub7xsYWJDiOXnJDeWK+KYXypikRJJMAtdBm5Q= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=z2jDl8Yj; arc=none smtp.client-ip=209.85.160.175 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=google.com Received: by mail-qt1-f175.google.com with SMTP id d75a77b69052e-44056f72257so219491cf.0 for ; Mon, 10 Jun 2024 23:14:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1718086461; x=1718691261; darn=vger.kernel.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=Rw0yEybA58oGSenY87FDfNFGMr2HbsNIld+JH0QGeGY=; b=z2jDl8Yjuamq7PN7jLw4fIY+w/5loCb3UGjR0NSNZAqKdlnpDZOZ4aHnjzhmCGUI8j EWdtJnyJrVOg8FHzykY5FsJmrCaQ9xitOfSWwsoIWTU/V1NG85T0gIKZH+ItfRv4s88k dJ43apTwiN2M4hcGdRgyML14oFuqeoMD/5ruIa2WWHDUsnRUikgikQ2AjyZ0vbwZiyj+ ZbZzCWSXcsy5+ooh9trEneXMEhtPDaO4DAVgNE8xA6miLLddyCEhSbvNpGyHko/rIqZ7 Eos0dQ3IboQ8KnqaqAWffYDqTfyK5TOykiv2EqESyG7CcGyOmyfz7Ei9UbZQW6BSLSJK M17A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1718086461; x=1718691261; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=Rw0yEybA58oGSenY87FDfNFGMr2HbsNIld+JH0QGeGY=; b=N8RFUpDKWc1/xwdfv1ldwZ7bw55UuPfb8j9Mr0MRlyny7gtOoga855EUBZJzria01C NEathqxLpJMzac1JIyZL2anWpeOmhqoi7ngNL/Bb9d7EEeD6X0M9HKoz3LlUk41xZVYG 11mkegC9QSoHm9MSeuvIDtAxY3p+Yxqr7uXF578jdPrzvT1WR5BF+yzyWDBSNq2dWg6z 7XWwo72tBRsDqSp9EvBwF8+/vkTk5e5/m26ComZ6NihFDcFZ9iamsa4JWJ/n6OJXMBfq 2q9Uw8oNnR9JAk7lbRbPSV2IPTYlTGISm1byD2fyKW+UycqH0GlBY0bwoyCpplZPs9Me jkvg== X-Forwarded-Encrypted: i=1; AJvYcCXjG48faw2JrdPum6t+GsDoQWmbDpYO4vWQsK7rb7Rgao8TXz1IvjpVt/2I1wVnLpR6/q/HwexfR3wMp0eVSk+EIzJ+g1T9+TzNLrEQ X-Gm-Message-State: AOJu0Yyl19VTbYzeLszOz0mRqh9ZTFzjvBpovlxeQMMxNosQoSAJAaV2 pBV28YYj7RDIuiEf4lVaTTy+lNDLZmPqOoHrHRFMx4BKTdusR65PHwzVof+ag36UZ08TWwzHRWy 8FsPtn2PRUSBbV3aMULhQfhmwSVZRjZd1ReR6PBfw2S9EGWGtp8p/ X-Received: by 2002:ac8:6f10:0:b0:43e:cb4:1d10 with SMTP id d75a77b69052e-44140140f5bmr2611541cf.14.1718086461364; Mon, 10 Jun 2024 23:14:21 -0700 (PDT) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 References: <20240610210213.work.143-kees@kernel.org> In-Reply-To: <20240610210213.work.143-kees@kernel.org> From: David Gow Date: Tue, 11 Jun 2024 14:14:07 +0800 Message-ID: Subject: Re: [PATCH] x86/uaccess: Fix missed zeroing of ia32 u64 get_user() range checking To: Kees Cook Cc: Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Sean Christopherson , Peter Zijlstra , Arnd Bergmann , "Kirill A. Shutemov" , Qiuxu Zhuo , Nadav Amit , Masahiro Yamada , Christian Brauner , David Howells , Uros Bizjak , linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-256; boundary="000000000000404af3061a972dc4" --000000000000404af3061a972dc4 Content-Type: text/plain; charset="UTF-8" On Tue, 11 Jun 2024 at 05:02, Kees Cook wrote: > > When reworking the range checking for get_user(), the get_user_8() case > on 32-bit wasn't zeroing the high register. (The jump to bad_get_user_8 > was accidentally dropped.) Restore the correct error handling > destination (and rename the jump to using the expected ".L" prefix). > > While here, switch to using a named argument ("size") for the call > template ("%c4" to "%c[size]") as already used in the other call > templates in this file. > > Found after moving the usercopy selftests to KUnit: > > # usercopy_test_invalid: EXPECTATION FAILED at > lib/usercopy_kunit.c:278 > Expected val_u64 == 0, but > val_u64 == -60129542144 (0xfffffff200000000) > > Reported-by: David Gow > Closes: https://lore.kernel.org/all/CABVgOSn=tb=Lj9SxHuT4_9MTjjKVxsq-ikdXC4kGHO4CfKVmGQ@mail.gmail.com > Fixes: b19b74bc99b1 ("x86/mm: Rework address range check in get_user() and put_user()") > Signed-off-by: Kees Cook > --- > Cc: Thomas Gleixner > Cc: Ingo Molnar > Cc: Borislav Petkov > Cc: Dave Hansen > Cc: x86@kernel.org > Cc: "H. Peter Anvin" > Cc: Sean Christopherson > Cc: Peter Zijlstra > Cc: Arnd Bergmann > Cc: "Kirill A. Shutemov" > Cc: Qiuxu Zhuo > Cc: Nadav Amit > Cc: Masahiro Yamada > --- Thanks: this fixes it here, both under qemu and on real hardware. Tested-by: David Gow -- David --000000000000404af3061a972dc4 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIIPqgYJKoZIhvcNAQcCoIIPmzCCD5cCAQExDzANBglghkgBZQMEAgEFADALBgkqhkiG9w0BBwGg gg0EMIIEtjCCA56gAwIBAgIQeAMYYHb81ngUVR0WyMTzqzANBgkqhkiG9w0BAQsFADBMMSAwHgYD VQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMzETMBEGA1UEChMKR2xvYmFsU2lnbjETMBEGA1UE AxMKR2xvYmFsU2lnbjAeFw0yMDA3MjgwMDAwMDBaFw0yOTAzMTgwMDAwMDBaMFQxCzAJBgNVBAYT AkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMSowKAYDVQQDEyFHbG9iYWxTaWduIEF0bGFz IFIzIFNNSU1FIENBIDIwMjAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvLe9xPU9W dpiHLAvX7kFnaFZPuJLey7LYaMO8P/xSngB9IN73mVc7YiLov12Fekdtn5kL8PjmDBEvTYmWsuQS 6VBo3vdlqqXZ0M9eMkjcKqijrmDRleudEoPDzTumwQ18VB/3I+vbN039HIaRQ5x+NHGiPHVfk6Rx c6KAbYceyeqqfuJEcq23vhTdium/Bf5hHqYUhuJwnBQ+dAUcFndUKMJrth6lHeoifkbw2bv81zxJ I9cvIy516+oUekqiSFGfzAqByv41OrgLV4fLGCDH3yRh1tj7EtV3l2TngqtrDLUs5R+sWIItPa/4 AJXB1Q3nGNl2tNjVpcSn0uJ7aFPbAgMBAAGjggGKMIIBhjAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0l BBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFHzM CmjXouseLHIb0c1dlW+N+/JjMB8GA1UdIwQYMBaAFI/wS3+oLkUkrk1Q+mOai97i3Ru8MHsGCCsG AQUFBwEBBG8wbTAuBggrBgEFBQcwAYYiaHR0cDovL29jc3AyLmdsb2JhbHNpZ24uY29tL3Jvb3Ry MzA7BggrBgEFBQcwAoYvaHR0cDovL3NlY3VyZS5nbG9iYWxzaWduLmNvbS9jYWNlcnQvcm9vdC1y My5jcnQwNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5nbG9iYWxzaWduLmNvbS9yb290LXIz LmNybDBMBgNVHSAERTBDMEEGCSsGAQQBoDIBKDA0MDIGCCsGAQUFBwIBFiZodHRwczovL3d3dy5n bG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzANBgkqhkiG9w0BAQsFAAOCAQEANyYcO+9JZYyqQt41 TMwvFWAw3vLoLOQIfIn48/yea/ekOcParTb0mbhsvVSZ6sGn+txYAZb33wIb1f4wK4xQ7+RUYBfI TuTPL7olF9hDpojC2F6Eu8nuEf1XD9qNI8zFd4kfjg4rb+AME0L81WaCL/WhP2kDCnRU4jm6TryB CHhZqtxkIvXGPGHjwJJazJBnX5NayIce4fGuUEJ7HkuCthVZ3Rws0UyHSAXesT/0tXATND4mNr1X El6adiSQy619ybVERnRi5aDe1PTwE+qNiotEEaeujz1a/+yYaaTY+k+qJcVxi7tbyQ0hi0UB3myM A/z2HmGEwO8hx7hDjKmKbDCCA18wggJHoAMCAQICCwQAAAAAASFYUwiiMA0GCSqGSIb3DQEBCwUA MEwxIDAeBgNVBAsTF0dsb2JhbFNpZ24gUm9vdCBDQSAtIFIzMRMwEQYDVQQKEwpHbG9iYWxTaWdu MRMwEQYDVQQDEwpHbG9iYWxTaWduMB4XDTA5MDMxODEwMDAwMFoXDTI5MDMxODEwMDAwMFowTDEg MB4GA1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkdsb2JhbFNpZ24xEzAR BgNVBAMTCkdsb2JhbFNpZ24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMJXaQeQZ4 Ihb1wIO2hMoonv0FdhHFrYhy/EYCQ8eyip0EXyTLLkvhYIJG4VKrDIFHcGzdZNHr9SyjD4I9DCuu l9e2FIYQebs7E4B3jAjhSdJqYi8fXvqWaN+JJ5U4nwbXPsnLJlkNc96wyOkmDoMVxu9bi9IEYMpJ pij2aTv2y8gokeWdimFXN6x0FNx04Druci8unPvQu7/1PQDhBjPogiuuU6Y6FnOM3UEOIDrAtKeh 6bJPkC4yYOlXy7kEkmho5TgmYHWyn3f/kRTvriBJ/K1AFUjRAjFhGV64l++td7dkmnq/X8ET75ti +w1s4FRpFqkD2m7pg5NxdsZphYIXAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E BTADAQH/MB0GA1UdDgQWBBSP8Et/qC5FJK5NUPpjmove4t0bvDANBgkqhkiG9w0BAQsFAAOCAQEA S0DbwFCq/sgM7/eWVEVJu5YACUGssxOGhigHM8pr5nS5ugAtrqQK0/Xx8Q+Kv3NnSoPHRHt44K9u bG8DKY4zOUXDjuS5V2yq/BKW7FPGLeQkbLmUY/vcU2hnVj6DuM81IcPJaP7O2sJTqsyQiunwXUaM ld16WCgaLx3ezQA3QY/tRG3XUyiXfvNnBB4V14qWtNPeTCekTBtzc3b0F5nCH3oO4y0IrQocLP88 q1UOD5F+NuvDV0m+4S4tfGCLw0FREyOdzvcya5QBqJnnLDMfOjsl0oZAzjsshnjJYS8Uuu7bVW/f hO4FCU29KNhyztNiUGUe65KXgzHZs7XKR1g/XzCCBOMwggPLoAMCAQICEAFsPHWl8lqMEwx3lAnp ufYwDQYJKoZIhvcNAQELBQAwVDELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYt c2ExKjAoBgNVBAMTIUdsb2JhbFNpZ24gQXRsYXMgUjMgU01JTUUgQ0EgMjAyMDAeFw0yNDA1MDIx NjM4MDFaFw0yNDEwMjkxNjM4MDFaMCQxIjAgBgkqhkiG9w0BCQEWE2RhdmlkZ293QGdvb2dsZS5j b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCTXdIWMQF7nbbIaTKZYFFHPZMXJQ+E UPQgWZ3nEBBk6iSB8aSPiMSq7EAFTQAaoNLZJ8JaIwthCo8I9CKIlhJBTkOZP5uZHraqCDWArgBu hkcnmzIClwKn7WKRE93IX7Y2S2L8/zs7VKX4KiiFMj24sZ+8PkN81zaSPcxzjWm9VavFSeMzZ8oA BCXfAl7p6TBuxYDS1gTpiU/0WFmWWAyhEIF3xXcjLSbem0317PyiGmHck1IVTz+lQNTO/fdM5IHR zrtRFI2hj4BxDQtViyXYHGTn3VsLP3mVeYwqn5IuIXRSLUBL5lm2+6h5/S/Wt99gwQOw+mk0d9bC weJCltovAgMBAAGjggHfMIIB2zAeBgNVHREEFzAVgRNkYXZpZGdvd0Bnb29nbGUuY29tMA4GA1Ud DwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDBAYIKwYBBQUHAwIwHQYDVR0OBBYEFDNpU2Nt JEfDtvHU6wy3MSBE3/TrMFcGA1UdIARQME4wCQYHZ4EMAQUBATBBBgkrBgEEAaAyASgwNDAyBggr BgEFBQcCARYmaHR0cHM6Ly93d3cuZ2xvYmFsc2lnbi5jb20vcmVwb3NpdG9yeS8wDAYDVR0TAQH/ BAIwADCBmgYIKwYBBQUHAQEEgY0wgYowPgYIKwYBBQUHMAGGMmh0dHA6Ly9vY3NwLmdsb2JhbHNp Z24uY29tL2NhL2dzYXRsYXNyM3NtaW1lY2EyMDIwMEgGCCsGAQUFBzAChjxodHRwOi8vc2VjdXJl Lmdsb2JhbHNpZ24uY29tL2NhY2VydC9nc2F0bGFzcjNzbWltZWNhMjAyMC5jcnQwHwYDVR0jBBgw FoAUfMwKaNei6x4schvRzV2Vb4378mMwRgYDVR0fBD8wPTA7oDmgN4Y1aHR0cDovL2NybC5nbG9i YWxzaWduLmNvbS9jYS9nc2F0bGFzcjNzbWltZWNhMjAyMC5jcmwwDQYJKoZIhvcNAQELBQADggEB AGwXYwvLVjByVooZ+uKzQVW2nnClCIizd0jfARuMRTPNAWI2uOBSKoR0T6XWsGsVvX1vBF0FA+a9 DQOd8GYqzEaKOiHDIjq/o455YXkiKhPpxDSIM+7st/OZnlkRbgAyq4rAhAjbZlceKp+1vj0wIvCa 4evQZvJNnJvTb4Vcnqf4Xg2Pl57hSUAgejWvIGAxfiAKG8Zk09I9DNd84hucIS2UIgoRGGWw3eIg GQs0EfiilyTgsH8iMOPqUJ1h4oX9z1FpaiJzfxcvcGG46SCieSFP0USs9aMl7GeERue37kBf14Pd kOYIfx09Pcv/N6lHV6kXlzG0xeUuV3RxtLtszQgxggJqMIICZgIBATBoMFQxCzAJBgNVBAYTAkJF MRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMSowKAYDVQQDEyFHbG9iYWxTaWduIEF0bGFzIFIz IFNNSU1FIENBIDIwMjACEAFsPHWl8lqMEwx3lAnpufYwDQYJYIZIAWUDBAIBBQCggdQwLwYJKoZI hvcNAQkEMSIEIGGf0FbWQBXElxXhKcACOdaBZboCNMX8T93QLr1mK4jiMBgGCSqGSIb3DQEJAzEL BgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTI0MDYxMTA2MTQyMVowaQYJKoZIhvcNAQkPMVww WjALBglghkgBZQMEASowCwYJYIZIAWUDBAEWMAsGCWCGSAFlAwQBAjAKBggqhkiG9w0DBzALBgkq hkiG9w0BAQowCwYJKoZIhvcNAQEHMAsGCWCGSAFlAwQCATANBgkqhkiG9w0BAQEFAASCAQAq9IW1 PsS5RyRm+2iPrCTuWhSycsSm08uCE+WwPo47gYpNjU01ypNIjFGlm/VNmP6qGRAQmM+sUcQ4SoFm /3elrTkmEbGd5NuUgqKSxt1Ohl9sMMjnK/ENFHY45ucSjeUdRT6ZqvMXdxMyZx41xjggXW+FS95k u/F9B9KBhZe9ZOmVkn97jXJoxqdmqScXNUD02xBE0WxbEwxMLfO7RbEXSPWxUCb1oUDj6yhRkYWx 4+1SY2sHyF/4LA9lyx0B31Dl9nZw2uvQ47LPoUYdbFGdmp5rzsFbcWSofvCcjcbNOJ+QtxRqyicy Axhwp8FbT34Snz4/XeHUv15qaA71XviC --000000000000404af3061a972dc4--