[OpenAFS] OpenAFS 1.8.7 on Linux systems running Crowdstrike
falcon-sensor
Martin Kelly
martin.kelly@crowdstrike.com
Tue, 9 Mar 2021 18:28:38 +0000
------=_NextPart_000_002A_01D714CE.968C6200
Content-Type: multipart/alternative;
boundary="----=_NextPart_001_002B_01D714CE.968C6200"
------=_NextPart_001_002B_01D714CE.968C6200
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
This is exactly the issue referenced in the LKML thread, and the one that
Jeffrey Altman analyzed, so it seems the issue has not yet been fixed.
Unfortunately, I don't think the patches dealing with credentials will fix
this because dentry_open calls security_file_open regardless of credentials,
and security_file_open expects process context.
I believe the way to fix this is that OpenAFS needs to open this file in a
way that does not go through the LSM, because there is no process context
here.
From: Jonathan Billings <jsbillin@umich.edu>
Sent: Tuesday, March 9, 2021 5:46 AM
To: openafs-info@openafs.org
Cc: Martin Kelly <martin.kelly@crowdstrike.com>
Subject: [External] Re: [OpenAFS] OpenAFS 1.8.7 on Linux systems running
Crowdstrike falcon-sensor
Basically, this is what I'm running:
# git describe --abbrev=4 openafs-stable-1_8_x
openafs-stable-1_8_7-109-gb7bdd
# rxdebug localhost 7001 -version
Trying 127.0.0.1 [127.0.0.1]
<https://urldefense.proofpoint.com/v2/url?u=http-3A__127.0.0.1&d=DwQFaQ&c=08
AGY6txKsvMOP6lYkHQpPMRA1U6kqhAwGa8-0QCg3M&r=wsraf2W9gLu3Kwvcq4lteczxlOggIsFy
oEwCrqmJ1gE&m=YBSO0k1d9jL782APR0Fvy6pws5z_ZZ2yXwqqX2r4Tzk&s=za_1x9waWw1p_UYf
sz-uz1ZXNQCsoJwjTXFBN_tLnSc&e=> (port 7001):
AFS version: OpenAFS 1.8.7-109-gb7bdd 2021-03-08 mockbuild@
With this kmod and the latest RHEL7 kernel, this is the kernel backtrace:
[ 170.503804] BUG: unable to handle kernel NULL pointer dereference at
0000000000000004
[ 170.506260] IP: [<ffffffff8238a6ec>] _raw_spin_lock+0xc/0x30
[ 170.507074] PGD 0
[ 170.507824] Oops: 0002 [#1] SMP
[ 170.508596] Modules linked in: cts rpcsec_gss_krb5 nfsv4 dns_resolver nfs
lockd grace falcon_lsm_serviceable(PE) falcon_nf_netcontain(PE)
falcon_kal(E) falcon_lsm_pinned_11308(E) nf_log_ipv4 nf_log_common xt_LOG
ip6t_rpfilter ip6t_REJECT nf_reject_ipv6 ipt_REJECT nf_reject_ipv4
xt_conntrack ebtable_nat ebtable_broute bridge stp llc ip6table_nat
nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 ip6table_mangle
ip6table_security ip6table_raw iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4
nf_nat_ipv4 nf_nat iptable_mangle iptable_security iptable_raw nf_conntrack
libcrc32c ip_set nfnetlink ebtable_filter ebtables ip6table_filter
ip6_tables iptable_filter vmw_vsock_vmci_transport vsock cachefiles fscache
sb_edac ppdev iosf_mbi crc32_pclmul ghash_clmulni_intel vmw_balloon
aesni_intel lrw gf128mul glue_helper
[ 170.512708] ablk_helper cryptd pcspkr joydev sg vmw_vmci i2c_piix4
parport_pc parport binfmt_misc openafs(POE) auth_rpcgss sunrpc ip_tables
ext4 mbcache jbd2 sr_mod cdrom ata_generic pata_acpi sd_mod crc_t10dif
crct10dif_generic vmwgfx drm_kms_helper syscopyarea sysfillrect sysimgblt
fb_sys_fops ttm mptsas ata_piix scsi_transport_sas nfit drm crct10dif_pclmul
mptscsih crct10dif_common libata serio_raw crc32c_intel libnvdimm mptbase
vmxnet3 drm_panel_orientation_quirks floppy dm_mirror dm_region_hash dm_log
dm_mod fuse
[ 170.516344] CPU: 6 PID: 2782 Comm: llvmpipe-8 Kdump: loaded Tainted: P
OE ------------ 3.10.0-1160.15.2.el7.x86_64 #1
[ 170.517353] Hardware name: VMware, Inc. VMware Virtual Platform/440BX
Desktop Reference Platform, BIOS 6.00 12/12/2018
[ 170.518320] task: ffff9c0127fe0000 ti: ffff9c0556be0000 task.ti:
ffff9c0556be0000
[ 170.519315] RIP: 0010:[<ffffffff8238a6ec>] [<ffffffff8238a6ec>]
_raw_spin_lock+0xc/0x30
[ 170.520311] RSP: 0018:ffff9c0556be3710 EFLAGS: 00010246
[ 170.521317] RAX: 0000000000000000 RBX: 0000000000000004 RCX:
0000000000000000
[ 170.522310] RDX: 0000000000000001 RSI: ffff9c013eb85d80 RDI:
0000000000000004
[ 170.523301] RBP: ffff9c0556be3730 R08: 000000000001f060 R09:
ffff9c013efc67a0
[ 170.524292] R10: ffff9c0073e7aa80 R11: ffff9c013c7ae440 R12:
ffff9c0556be3740
[ 170.525298] R13: 0000000000000000 R14: 0000000000000000 R15:
ffff9c050c867810
[ 170.526303] FS: 00007f5b1dd69700(0000) GS:ffff9c0569300000(0000)
knlGS:0000000000000000
[ 170.527315] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 170.528324] CR2: 0000000000000004 CR3: 00000004da610000 CR4:
00000000001607e0
[ 170.529415] Call Trace:
[ 170.530459] [<ffffffffc0af7d9d>] ? 0xffffffffc0af7d9c
[ 170.531482] [<ffffffffc0b56ab8>] _ZdlPv+0x48088/0x484f0
[falcon_lsm_serviceable]
[ 170.532523] [<ffffffffc0b5725b>]
cshook_security_file_permission+0x9b/0x8c0 [falcon_lsm_serviceable]
[ 170.533579] [<ffffffffc0b5ea9e>] cshook_security_file_open+0xe/0x10
[falcon_lsm_serviceable]
[ 170.534637] [<ffffffffc0ae4873>] pinnedhook_security_file_open+0x43/0x70
[falcon_lsm_pinned_11308]
[ 170.535719] [<ffffffff81f08f12>] security_file_open+0x22/0x70
[ 170.536789] [<ffffffff81e4b339>] do_dentry_open+0xc9/0x2d0
[ 170.537850] [<ffffffff81e4b5da>] vfs_open+0x5a/0xb0
[ 170.538876] [<ffffffff81e4b679>] dentry_open+0x49/0xc0
[ 170.540008] [<ffffffffc06cdb0f>] afs_linux_raw_open+0x8f/0x140 [openafs]
[ 170.541094] [<ffffffffc06cdc74>] osi_UFSOpen+0xb4/0x1a0 [openafs]
[ 170.542140] [<ffffffffc06567f1>] DRead+0x341/0x520 [openafs]
[ 170.543225] [<ffffffffc0669a7e>] FindItem+0x5e/0x1f0 [openafs]
[ 170.544306] [<ffffffffc066a183>] afs_dir_Delete+0x33/0x1a0 [openafs]
[ 170.545409] [<ffffffffc06a6d17>] ? RXAFS_RemoveFile+0x67/0x120 [openafs]
[ 170.546510] [<ffffffffc068e1ad>] ? afs_LocalHero+0x11d/0x200 [openafs]
[ 170.547616] [<ffffffffc069abc9>] afsremove+0x489/0x7d0 [openafs]
[ 170.548705] [<ffffffffc069beca>] afs_remunlink+0x24a/0x2f0 [openafs]
[ 170.549798] [<ffffffffc068489d>] afs_InactiveVCache+0x7d/0x80 [openafs]
[ 170.550891] [<ffffffffc06d28e8>] afs_dentry_iput+0x58/0x140 [openafs]
[ 170.551931] [<ffffffff81e670ca>] __dentry_kill+0x13a/0x1d0
[ 170.553003] [<ffffffff81e67785>] dput+0xb5/0x1a0
[ 170.554060] [<ffffffff81e500cd>] __fput+0x18d/0x230
[ 170.555118] [<ffffffff81e5025e>] ____fput+0xe/0x10
[ 170.556169] [<ffffffff81cc294b>] task_work_run+0xbb/0xe0
[ 170.557191] [<ffffffff81ca1894>] do_exit+0x2d4/0xa30
[ 170.558162] [<ffffffff81d1317f>] ? futex_wait+0x11f/0x280
[ 170.559126] [<ffffffff81c63d03>] ? x2apic_send_IPI_mask+0x13/0x20
[ 170.560048] [<ffffffff81ca206f>] do_group_exit+0x3f/0xa0
[ 170.560939] [<ffffffff81cb323e>] get_signal_to_deliver+0x1ce/0x5e0
[ 170.561802] [<ffffffff81c2c527>] do_signal+0x57/0x6f0
[ 170.562626] [<ffffffff81d14f46>] ? do_futex+0x106/0x5a0
[ 170.563420] [<ffffffff81c2cc32>] do_notify_resume+0x72/0xc0
[ 170.564184] [<ffffffff823952ef>] int_signal+0x12/0x17
[ 170.564878] Code: 5d c3 0f 1f 44 00 00 85 d2 74 e4 0f 1f 40 00 eb ed 66
0f 1f 44 00 00 b8 01 00 00 00 5d c3 90 0f 1f 44 00 00 31 c0 ba 01 00 00 00
<f0> 0f b1 17 85 c0 75 01 c3 55 89 c6 48 89 e5 e8 ea 18 ff ff 5d
[ 170.566509] RIP [<ffffffff8238a6ec>] _raw_spin_lock+0xc/0x30
[ 170.567274] RSP <ffff9c0556be3710>
[ 170.568018] CR2: 0000000000000004
On Mon, Mar 8, 2021 at 8:22 PM Jeffrey E Altman <jaltman@auristor.com
<mailto:jaltman@auristor.com> > wrote:
On 3/8/2021 7:20 PM, Benjamin Kaduk (kaduk@mit.edu <mailto:kaduk@mit.edu> )
wrote:
> On Mon, Mar 08, 2021 at 07:35:19PM +0000, Martin Kelly wrote:
>> Below is the LKML LSM thread regarding this. Please let me know if you
have any other questions:
>>
>> https://www.spinics.net/lists/linux-security-module/msg39081.html
[spinics.net]
<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.spinics.net_lists_
linux-2Dsecurity-2Dmodule_msg39081.html&d=DwMFaQ&c=08AGY6txKsvMOP6lYkHQpPMRA
1U6kqhAwGa8-0QCg3M&r=wsraf2W9gLu3Kwvcq4lteczxlOggIsFyoEwCrqmJ1gE&m=YBSO0k1d9
jL782APR0Fvy6pws5z_ZZ2yXwqqX2r4Tzk&s=1KnxijRcsGp8k_dt6qTga6LJh5Nu53ja1ZuNA6x
9AQc&e=>
>> https://www.spinics.net/lists/linux-security-module/msg39083.html
[spinics.net]
<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.spinics.net_lists_
linux-2Dsecurity-2Dmodule_msg39083.html&d=DwMFaQ&c=08AGY6txKsvMOP6lYkHQpPMRA
1U6kqhAwGa8-0QCg3M&r=wsraf2W9gLu3Kwvcq4lteczxlOggIsFyoEwCrqmJ1gE&m=YBSO0k1d9
jL782APR0Fvy6pws5z_ZZ2yXwqqX2r4Tzk&s=DWivoWdmUWYhc2fPQ040MVvE8ryH7ncDdVo9vQV
V1A8&e=>
>
> Thanks for spotting this thread and the quick follow-up.
This is the same thread that Yadav discussed with the openafs-release
team on 11 Dec 2020.
> I suspect that the changes at https://gerrit.openafs.org/#/c/13751/
[gerrit.openafs.org]
<https://urldefense.proofpoint.com/v2/url?u=https-3A__gerrit.openafs.org_-23
_c_13751_&d=DwMFaQ&c=08AGY6txKsvMOP6lYkHQpPMRA1U6kqhAwGa8-0QCg3M&r=wsraf2W9g
Lu3Kwvcq4lteczxlOggIsFyoEwCrqmJ1gE&m=YBSO0k1d9jL782APR0Fvy6pws5z_ZZ2yXwqqX2r
4Tzk&s=IzzLrxc0PFa4NClPYSdo20jhIRaCdMK_JWp58-1aroQ&e=> are
> going to be relevant in this space, but without seeing the stack trace of
> the crash in question it's hard to be sure. Can you speak to whether this
> is touching the "right" part of the code with respect to the crashes you
> were investigating?
The suggested change was cherry-picked to openafs-stable-1_8_x as
https://gerrit.openafs.org/14082 [gerrit.openafs.org]
<https://urldefense.proofpoint.com/v2/url?u=https-3A__gerrit.openafs.org_140
82&d=DwMFaQ&c=08AGY6txKsvMOP6lYkHQpPMRA1U6kqhAwGa8-0QCg3M&r=wsraf2W9gLu3Kwvc
q4lteczxlOggIsFyoEwCrqmJ1gE&m=YBSO0k1d9jL782APR0Fvy6pws5z_ZZ2yXwqqX2r4Tzk&s=
lHcFqdLdUXfADi3w5wJ7Ig4CBNsRsa9dqLCuSp2rJ10&e=> and merged as
ee578e92d9f810d93659a9805d0c12084fe2bb95.
As Jonathan wrote to IRC OpenAFS:
> (4:53:15 PM) billings: I built openafs from the latest commit in
> 1_8_x and crowdstrike still panics, so it doesnt look like any
> merged commits there fix my issue.
Martin's e-mail describes the call pattern:
> - A process exits, calling task_exit().
I think Martin meant do_exit().
> - exit_fs() is called, setting current->fs = NULL.
task_struct field struct fs_struct *fs;
> - Next, exit_task_work() is called,
exit_task_work() calls task_work_run() which flushes any pending works.
> which calls fput().
which must have been called by a pending work.
> - In response to the fput(), the filesystem opens a file
disk cache
> to update some metadata, calling dentry_open().
dentry_open() in turn will trigger a call to any configured LSM.
If task_struct.fs is NULL, Kaboom!!!
Jeffrey Altman
--
Jonathan Billings <jsbillin@umich.edu <mailto:jsbillin@umich.edu> > (he/his)
College of Engineering - CAEN - Linux Support
------=_NextPart_001_002B_01D714CE.968C6200
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<html xmlns:v=3D"urn:schemas-microsoft-com:vml" =
xmlns:o=3D"urn:schemas-microsoft-com:office:office" =
xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" =
xmlns=3D"http://www.w3.org/TR/REC-html40"><head>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Dus-ascii">
<meta name=3DGenerator content=3D"Microsoft Word 15 (filtered =
medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
span.EmailStyle19
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]--></head><body lang=3DEN-GB link=3Dblue =
vlink=3Dpurple style=3D'word-wrap:break-word'><div =
class=3DWordSection1><p class=3DMsoNormal><span =
style=3D'mso-fareast-language:EN-US'>This is exactly the issue =
referenced in the LKML thread, and the one that Jeffrey Altman analyzed, =
so it seems the issue has not yet been fixed. Unfortunately, I don't =
think the patches dealing with credentials will fix this because =
dentry_open calls security_file_open regardless of credentials, and =
security_file_open expects process context.<o:p></o:p></span></p><p =
class=3DMsoNormal><span =
style=3D'mso-fareast-language:EN-US'><o:p> </o:p></span></p><p =
class=3DMsoNormal><span style=3D'mso-fareast-language:EN-US'>I believe =
the way to fix this is that OpenAFS needs to open this file in a way =
that does not go through the LSM, because there is no process context =
here.<o:p></o:p></span></p><p class=3DMsoNormal><span =
style=3D'mso-fareast-language:EN-US'><o:p> </o:p></span></p><div =
style=3D'border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in =
4.0pt'><div><div style=3D'border:none;border-top:solid #E1E1E1 =
1.0pt;padding:3.0pt 0in 0in 0in'><p class=3DMsoNormal><b><span =
lang=3DEN-US>From:</span></b><span lang=3DEN-US> Jonathan Billings =
<jsbillin@umich.edu> <br><b>Sent:</b> Tuesday, March 9, 2021 5:46 =
AM<br><b>To:</b> openafs-info@openafs.org<br><b>Cc:</b> Martin Kelly =
<martin.kelly@crowdstrike.com><br><b>Subject:</b> [External] Re: =
[OpenAFS] OpenAFS 1.8.7 on Linux systems running Crowdstrike =
falcon-sensor<o:p></o:p></span></p></div></div><p =
class=3DMsoNormal><o:p> </o:p></p><div><div><p =
class=3DMsoNormal>Basically, this is what I'm =
running:<o:p></o:p></p></div><div><p =
class=3DMsoNormal><o:p> </o:p></p></div><div><p class=3DMsoNormal># =
git describe --abbrev=3D4 openafs-stable-1_8_x =
<br>openafs-stable-1_8_7-109-gb7bdd<o:p></o:p></p></div><div><p =
class=3DMsoNormal># rxdebug localhost 7001 -version<br>Trying <a =
href=3D"https://urldefense.proofpoint.com/v2/url?u=3Dhttp-3A__127.0.0.1&a=
mp;d=3DDwQFaQ&c=3D08AGY6txKsvMOP6lYkHQpPMRA1U6kqhAwGa8-0QCg3M&r=3D=
wsraf2W9gLu3Kwvcq4lteczxlOggIsFyoEwCrqmJ1gE&m=3DYBSO0k1d9jL782APR0Fvy=
6pws5z_ZZ2yXwqqX2r4Tzk&s=3Dza_1x9waWw1p_UYfsz-uz1ZXNQCsoJwjTXFBN_tLnS=
c&e=3D">127.0.0.1 [127.0.0.1]</a> (port 7001):<br>AFS version: =
OpenAFS 1.8.7-109-gb7bdd 2021-03-08 =
mockbuild@<o:p></o:p></p></div><div><p =
class=3DMsoNormal><o:p> </o:p></p></div><div><p =
class=3DMsoNormal>With this kmod and the latest RHEL7 kernel, this is =
the kernel backtrace:<o:p></o:p></p></div><div><p =
class=3DMsoNormal><o:p> </o:p></p></div><p =
class=3DMsoNormal><o:p> </o:p></p><div><p class=3DMsoNormal><span =
style=3D'font-family:"Courier New"'>[ 170.503804] BUG: unable to =
handle kernel NULL pointer dereference at 0000000000000004<br>[ =
170.506260] IP: [<ffffffff8238a6ec>] =
_raw_spin_lock+0xc/0x30<br>[ 170.507074] PGD 0 <br>[ =
170.507824] Oops: 0002 [#1] SMP <br>[ 170.508596] Modules =
linked in: cts rpcsec_gss_krb5 nfsv4 dns_resolver nfs lockd grace =
falcon_lsm_serviceable(PE) falcon_nf_netcontain(PE) falcon_kal(E) =
falcon_lsm_pinned_11308(E) nf_log_ipv4 nf_log_common xt_LOG =
ip6t_rpfilter ip6t_REJECT nf_reject_ipv6 ipt_REJECT nf_reject_ipv4 =
xt_conntrack ebtable_nat ebtable_broute bridge stp llc ip6table_nat =
nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 ip6table_mangle =
ip6table_security ip6table_raw iptable_nat nf_conntrack_ipv4 =
nf_defrag_ipv4 nf_nat_ipv4 nf_nat iptable_mangle iptable_security =
iptable_raw nf_conntrack libcrc32c ip_set nfnetlink ebtable_filter =
ebtables ip6table_filter ip6_tables iptable_filter =
vmw_vsock_vmci_transport vsock cachefiles fscache sb_edac ppdev iosf_mbi =
crc32_pclmul ghash_clmulni_intel vmw_balloon aesni_intel lrw gf128mul =
glue_helper<br>[ 170.512708] ablk_helper cryptd pcspkr =
joydev sg vmw_vmci i2c_piix4 parport_pc parport binfmt_misc openafs(POE) =
auth_rpcgss sunrpc ip_tables ext4 mbcache jbd2 sr_mod cdrom ata_generic =
pata_acpi sd_mod crc_t10dif crct10dif_generic vmwgfx drm_kms_helper =
syscopyarea sysfillrect sysimgblt fb_sys_fops ttm mptsas ata_piix =
scsi_transport_sas nfit drm crct10dif_pclmul mptscsih crct10dif_common =
libata serio_raw crc32c_intel libnvdimm mptbase vmxnet3 =
drm_panel_orientation_quirks floppy dm_mirror dm_region_hash dm_log =
dm_mod fuse<br>[ 170.516344] CPU: 6 PID: 2782 Comm: llvmpipe-8 =
Kdump: loaded Tainted: P OE =
------------ 3.10.0-1160.15.2.el7.x86_64 #1<br>[ =
170.517353] Hardware name: VMware, Inc. VMware Virtual =
Platform/440BX Desktop Reference Platform, BIOS 6.00 12/12/2018<br>[ =
170.518320] task: ffff9c0127fe0000 ti: ffff9c0556be0000 task.ti: =
ffff9c0556be0000<br>[ 170.519315] RIP: =
0010:[<ffffffff8238a6ec>] [<ffffffff8238a6ec>] =
_raw_spin_lock+0xc/0x30<br>[ 170.520311] RSP: =
0018:ffff9c0556be3710 EFLAGS: 00010246<br>[ 170.521317] RAX: =
0000000000000000 RBX: 0000000000000004 RCX: 0000000000000000<br>[ =
170.522310] RDX: 0000000000000001 RSI: ffff9c013eb85d80 RDI: =
0000000000000004<br>[ 170.523301] RBP: ffff9c0556be3730 R08: =
000000000001f060 R09: ffff9c013efc67a0<br>[ 170.524292] R10: =
ffff9c0073e7aa80 R11: ffff9c013c7ae440 R12: ffff9c0556be3740<br>[ =
170.525298] R13: 0000000000000000 R14: 0000000000000000 R15: =
ffff9c050c867810<br>[ 170.526303] FS: 00007f5b1dd69700(0000) =
GS:ffff9c0569300000(0000) knlGS:0000000000000000<br>[ 170.527315] =
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033<br>[ =
170.528324] CR2: 0000000000000004 CR3: 00000004da610000 CR4: =
00000000001607e0<br>[ 170.529415] Call Trace:<br>[ =
170.530459] [<ffffffffc0af7d9d>] ? =
0xffffffffc0af7d9c<br>[ 170.531482] =
[<ffffffffc0b56ab8>] _ZdlPv+0x48088/0x484f0 =
[falcon_lsm_serviceable]<br>[ 170.532523] =
[<ffffffffc0b5725b>] =
cshook_security_file_permission+0x9b/0x8c0 [falcon_lsm_serviceable]<br>[ =
170.533579] [<ffffffffc0b5ea9e>] =
cshook_security_file_open+0xe/0x10 [falcon_lsm_serviceable]<br>[ =
170.534637] [<ffffffffc0ae4873>] =
pinnedhook_security_file_open+0x43/0x70 [falcon_lsm_pinned_11308]<br>[ =
170.535719] [<ffffffff81f08f12>] =
security_file_open+0x22/0x70<br>[ 170.536789] =
[<ffffffff81e4b339>] do_dentry_open+0xc9/0x2d0<br>[ =
170.537850] [<ffffffff81e4b5da>] =
vfs_open+0x5a/0xb0<br>[ 170.538876] =
[<ffffffff81e4b679>] dentry_open+0x49/0xc0<br>[ =
170.540008] [<ffffffffc06cdb0f>] =
afs_linux_raw_open+0x8f/0x140 [openafs]<br>[ 170.541094] =
[<ffffffffc06cdc74>] osi_UFSOpen+0xb4/0x1a0 [openafs]<br>[ =
170.542140] [<ffffffffc06567f1>] DRead+0x341/0x520 =
[openafs]<br>[ 170.543225] [<ffffffffc0669a7e>] =
FindItem+0x5e/0x1f0 [openafs]<br>[ 170.544306] =
[<ffffffffc066a183>] afs_dir_Delete+0x33/0x1a0 =
[openafs]<br>[ 170.545409] [<ffffffffc06a6d17>] ? =
RXAFS_RemoveFile+0x67/0x120 [openafs]<br>[ 170.546510] =
[<ffffffffc068e1ad>] ? afs_LocalHero+0x11d/0x200 =
[openafs]<br>[ 170.547616] [<ffffffffc069abc9>] =
afsremove+0x489/0x7d0 [openafs]<br>[ 170.548705] =
[<ffffffffc069beca>] afs_remunlink+0x24a/0x2f0 =
[openafs]<br>[ 170.549798] [<ffffffffc068489d>] =
afs_InactiveVCache+0x7d/0x80 [openafs]<br>[ 170.550891] =
[<ffffffffc06d28e8>] afs_dentry_iput+0x58/0x140 =
[openafs]<br>[ 170.551931] [<ffffffff81e670ca>] =
__dentry_kill+0x13a/0x1d0<br>[ 170.553003] =
[<ffffffff81e67785>] dput+0xb5/0x1a0<br>[ 170.554060] =
[<ffffffff81e500cd>] __fput+0x18d/0x230<br>[ =
170.555118] [<ffffffff81e5025e>] =
____fput+0xe/0x10<br>[ 170.556169] =
[<ffffffff81cc294b>] task_work_run+0xbb/0xe0<br>[ =
170.557191] [<ffffffff81ca1894>] =
do_exit+0x2d4/0xa30<br>[ 170.558162] =
[<ffffffff81d1317f>] ? futex_wait+0x11f/0x280<br>[ =
170.559126] [<ffffffff81c63d03>] ? =
x2apic_send_IPI_mask+0x13/0x20<br>[ 170.560048] =
[<ffffffff81ca206f>] do_group_exit+0x3f/0xa0<br>[ =
170.560939] [<ffffffff81cb323e>] =
get_signal_to_deliver+0x1ce/0x5e0<br>[ 170.561802] =
[<ffffffff81c2c527>] do_signal+0x57/0x6f0<br>[ =
170.562626] [<ffffffff81d14f46>] ? =
do_futex+0x106/0x5a0<br>[ 170.563420] =
[<ffffffff81c2cc32>] do_notify_resume+0x72/0xc0<br>[ =
170.564184] [<ffffffff823952ef>] =
int_signal+0x12/0x17<br>[ 170.564878] Code: 5d c3 0f 1f 44 00 00 =
85 d2 74 e4 0f 1f 40 00 eb ed 66 0f 1f 44 00 00 b8 01 00 00 00 5d c3 90 =
0f 1f 44 00 00 31 c0 ba 01 00 00 00 <f0> 0f b1 17 85 c0 75 01 c3 =
55 89 c6 48 89 e5 e8 ea 18 ff ff 5d <br>[ 170.566509] RIP =
[<ffffffff8238a6ec>] _raw_spin_lock+0xc/0x30<br>[ =
170.567274] RSP <ffff9c0556be3710><br>[ =
170.568018] CR2: =
0000000000000004</span><o:p></o:p></p></div><div><p =
class=3DMsoNormal><o:p> </o:p></p></div></div><p =
class=3DMsoNormal><o:p> </o:p></p><div><div><p class=3DMsoNormal>On =
Mon, Mar 8, 2021 at 8:22 PM Jeffrey E Altman <<a =
href=3D"mailto:jaltman@auristor.com">jaltman@auristor.com</a>> =
wrote:<o:p></o:p></p></div><blockquote =
style=3D'border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in =
6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5=
.0pt'><p class=3DMsoNormal>On 3/8/2021 7:20 PM, Benjamin Kaduk (<a =
href=3D"mailto:kaduk@mit.edu" target=3D"_blank">kaduk@mit.edu</a>) =
wrote:<br>> On Mon, Mar 08, 2021 at 07:35:19PM +0000, Martin Kelly =
wrote:<br>>> Below is the LKML LSM thread regarding this. Please =
let me know if you have any other questions:<br>>><br>>> <a =
href=3D"https://urldefense.proofpoint.com/v2/url?u=3Dhttps-3A__www.spinic=
s.net_lists_linux-2Dsecurity-2Dmodule_msg39081.html&d=3DDwMFaQ&c=3D=
08AGY6txKsvMOP6lYkHQpPMRA1U6kqhAwGa8-0QCg3M&r=3Dwsraf2W9gLu3Kwvcq4lte=
czxlOggIsFyoEwCrqmJ1gE&m=3DYBSO0k1d9jL782APR0Fvy6pws5z_ZZ2yXwqqX2r4Tz=
k&s=3D1KnxijRcsGp8k_dt6qTga6LJh5Nu53ja1ZuNA6x9AQc&e=3D" =
target=3D"_blank">https://www.spinics.net/lists/linux-security-module/msg=
39081.html [spinics.net]</a><br>>> <a =
href=3D"https://urldefense.proofpoint.com/v2/url?u=3Dhttps-3A__www.spinic=
s.net_lists_linux-2Dsecurity-2Dmodule_msg39083.html&d=3DDwMFaQ&c=3D=
08AGY6txKsvMOP6lYkHQpPMRA1U6kqhAwGa8-0QCg3M&r=3Dwsraf2W9gLu3Kwvcq4lte=
czxlOggIsFyoEwCrqmJ1gE&m=3DYBSO0k1d9jL782APR0Fvy6pws5z_ZZ2yXwqqX2r4Tz=
k&s=3DDWivoWdmUWYhc2fPQ040MVvE8ryH7ncDdVo9vQVV1A8&e=3D" =
target=3D"_blank">https://www.spinics.net/lists/linux-security-module/msg=
39083.html [spinics.net]</a><br>> <br>> Thanks for spotting this =
thread and the quick follow-up.<br><br>This is the same thread that =
Yadav discussed with the openafs-release <br>team on 11 Dec =
2020.<br><br>> I suspect that the changes at <a =
href=3D"https://urldefense.proofpoint.com/v2/url?u=3Dhttps-3A__gerrit.ope=
nafs.org_-23_c_13751_&d=3DDwMFaQ&c=3D08AGY6txKsvMOP6lYkHQpPMRA1U6=
kqhAwGa8-0QCg3M&r=3Dwsraf2W9gLu3Kwvcq4lteczxlOggIsFyoEwCrqmJ1gE&m=
=3DYBSO0k1d9jL782APR0Fvy6pws5z_ZZ2yXwqqX2r4Tzk&s=3DIzzLrxc0PFa4NClPYS=
do20jhIRaCdMK_JWp58-1aroQ&e=3D" =
target=3D"_blank">https://gerrit.openafs.org/#/c/13751/ =
[gerrit.openafs.org]</a> are<br>> going to be relevant in this space, =
but without seeing the stack trace of<br>> the crash in question it's =
hard to be sure. Can you speak to whether this<br>> is touching =
the "right" part of the code with respect to the crashes =
you<br>> were investigating?<br><br>The suggested change was =
cherry-picked to openafs-stable-1_8_x as<br><a =
href=3D"https://urldefense.proofpoint.com/v2/url?u=3Dhttps-3A__gerrit.ope=
nafs.org_14082&d=3DDwMFaQ&c=3D08AGY6txKsvMOP6lYkHQpPMRA1U6kqhAwGa=
8-0QCg3M&r=3Dwsraf2W9gLu3Kwvcq4lteczxlOggIsFyoEwCrqmJ1gE&m=3DYBSO=
0k1d9jL782APR0Fvy6pws5z_ZZ2yXwqqX2r4Tzk&s=3DlHcFqdLdUXfADi3w5wJ7Ig4CB=
NsRsa9dqLCuSp2rJ10&e=3D" =
target=3D"_blank">https://gerrit.openafs.org/14082 =
[gerrit.openafs.org]</a> and merged as =
<br>ee578e92d9f810d93659a9805d0c12084fe2bb95.<br><br>As Jonathan wrote =
to IRC OpenAFS:<br><br> > (4:53:15 PM) billings: I built openafs =
from the latest commit in<br> > 1_8_x and crowdstrike still =
panics, so it doesnt look like any<br> > merged commits there =
fix my issue.<br><br>Martin's e-mail describes the call =
pattern:<br><br> > - A process exits, calling =
task_exit().<br><br>I think Martin meant do_exit().<br><br> > - =
exit_fs() is called, setting current->fs =3D NULL.<br><br>task_struct =
field struct fs_struct *fs;<br><br> > - Next, exit_task_work() =
is called,<br><br>exit_task_work() calls task_work_run() which flushes =
any pending works.<br><br> > which calls fput().<br><br>which =
must have been called by a pending work.<br><br> > - In response =
to the fput(), the filesystem opens a file<br><br>disk =
cache<br><br> > to update some metadata, calling =
dentry_open().<br><br>dentry_open() in turn will trigger a call to any =
configured LSM.<br>If task_struct.fs is NULL, Kaboom!!!<br><br>Jeffrey =
Altman<o:p></o:p></p></blockquote></div><p class=3DMsoNormal><br =
clear=3Dall><br>-- <o:p></o:p></p><div><div><p =
class=3DMsoNormal>Jonathan Billings <<a =
href=3D"mailto:jsbillin@umich.edu" =
target=3D"_blank">jsbillin@umich.edu</a>> (he/his)<br>College of =
Engineering - CAEN - Linux =
Support<o:p></o:p></p></div></div></div></div></body></html>
------=_NextPart_001_002B_01D714CE.968C6200--
------=_NextPart_000_002A_01D714CE.968C6200
Content-Type: application/pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIOnDCCBCow
ggMSoAMCAQICBDhj3vgwDQYJKoZIhvcNAQEFBQAwgbQxFDASBgNVBAoTC0VudHJ1c3QubmV0MUAw
PgYDVQQLFDd3d3cuZW50cnVzdC5uZXQvQ1BTXzIwNDggaW5jb3JwLiBieSByZWYuIChsaW1pdHMg
bGlhYi4pMSUwIwYDVQQLExwoYykgMTk5OSBFbnRydXN0Lm5ldCBMaW1pdGVkMTMwMQYDVQQDEypF
bnRydXN0Lm5ldCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAoMjA0OCkwHhcNOTkxMjI0MTc1MDUx
WhcNMjkwNzI0MTQxNTEyWjCBtDEUMBIGA1UEChMLRW50cnVzdC5uZXQxQDA+BgNVBAsUN3d3dy5l
bnRydXN0Lm5ldC9DUFNfMjA0OCBpbmNvcnAuIGJ5IHJlZi4gKGxpbWl0cyBsaWFiLikxJTAjBgNV
BAsTHChjKSAxOTk5IEVudHJ1c3QubmV0IExpbWl0ZWQxMzAxBgNVBAMTKkVudHJ1c3QubmV0IENl
cnRpZmljYXRpb24gQXV0aG9yaXR5ICgyMDQ4KTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK1NS6kShrLqoyAHFRZkKitL0b8LSk2O7YB2pWe3eEDAc0LIaMDbUyvdXrh2mDWTixqdfBM6
Dh9btx7P5SQUHrGBqY19uMxrSwPxAgzcq6VAJAB/dJShnQgps4gL9Yd3nVXN5MN+12pkq4UUhpVb
lzJQbz3IumYM4/y9uEnBdolJGf3AqL2Jo2cvxp+8cRlguC3pLMmQdmZ7lOKveNZlU1081pyyzykD
+S+kULLUSM4FMlWK/bJkTA7kmAd123/fuQhVYIUwKfl7SKRphuM1Px6GXXp6Fb3vAI4VIlQXAJAm
k7wOSWiRv/hH052VQsEOTd9vJs/DGCFiZkNw1tXAB+ECAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEG
MA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFFXkgdERgL7YibkIozH5oSQJFrlwMA0GCSqGSIb3
DQEBBQUAA4IBAQA7m49WmzDnU5l8enmnTZfXGZWQ+wYfyjN8RmOPlmYk+kAbISfK5nJz8k/+MZn9
yAxMaFPGgIITmPq2rdpdPfHObvYVEZSCDO4/la8Rqw/XL94fA49XLB7Ju5oaRJXrGE+mH819VxAv
mwQJWoS1btgdOuHWntFseV55HBTF49BMkztlPO3fPb6m5ZUaw7UZw71eW7v/I+9oGcsSkydcAy1v
MNAethqs3lr30aqoJ6b+eYHEeZkzV7oSsKngQmyTylbe/m2ECwiLfo3q15ghxvPnPHkvXpzRTBWN
4ewiN8yaQwuX3ICQjbNnm29ICBVWz7/xK3xemnbpWZDFfIM1EWVRMIIFFTCCA/2gAwIBAgIRAK8c
BLKsjP+bAAAAAFHOGOMwDQYJKoZIhvcNAQELBQAwgbQxFDASBgNVBAoTC0VudHJ1c3QubmV0MUAw
PgYDVQQLFDd3d3cuZW50cnVzdC5uZXQvQ1BTXzIwNDggaW5jb3JwLiBieSByZWYuIChsaW1pdHMg
bGlhYi4pMSUwIwYDVQQLExwoYykgMTk5OSBFbnRydXN0Lm5ldCBMaW1pdGVkMTMwMQYDVQQDEypF
bnRydXN0Lm5ldCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAoMjA0OCkwHhcNMjAwNzI5MTU0ODMw
WhcNMjkwNjI5MTYxODMwWjCBpTELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4x
OTA3BgNVBAsTMHd3dy5lbnRydXN0Lm5ldC9DUFMgaXMgaW5jb3Jwb3JhdGVkIGJ5IHJlZmVyZW5j
ZTEfMB0GA1UECxMWKGMpIDIwMTAgRW50cnVzdCwgSW5jLjEiMCAGA1UEAxMZRW50cnVzdCBDbGFz
cyAyIENsaWVudCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMQyjULQnhmdW5Ba
EEy1EAAhuQdI3q5ugNb/FFAG6HWva0aO56VPrcOMsPp74BmR/fBjrXFJ86gcH6s0GSBOS1TpAJO+
cAgx3olTrFe8JO8qj0LU9+qVJV0UdtLNpxL6G7K0XGFAvV/dV5tEVdjFiRk8ZT256NSlLcIs0+qD
MaIIPF5ZrhIuKgqMXvOzMa4KrX7ssEkJ/KcuIh5oZDSdFuOmPQMxQBb3lPZLGTTJl+YinEjeZKCD
C1gFmMQiRokF/aO+9klMYQMWpPgKmRziwMZ+aQIyV5ADrwCUobnczq/v9HwYzjALyof41V8fWVHY
iwu5OMZYwlN82ibU2/K9kM0CAwEAAaOCAS0wggEpMA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAU
BggrBgEFBQcDBAYIKwYBBQUHAwIwEgYDVR0TAQH/BAgwBgEB/wIBADAzBggrBgEFBQcBAQQnMCUw
IwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLmVudHJ1c3QubmV0MDIGA1UdHwQrMCkwJ6AloCOGIWh0
dHA6Ly9jcmwuZW50cnVzdC5uZXQvMjA0OGNhLmNybDA7BgNVHSAENDAyMDAGBFUdIAAwKDAmBggr
BgEFBQcCARYaaHR0cDovL3d3dy5lbnRydXN0Lm5ldC9ycGEwHQYDVR0OBBYEFAmRpbrp8i4qdd/N
fv53yvLea5skMB8GA1UdIwQYMBaAFFXkgdERgL7YibkIozH5oSQJFrlwMA0GCSqGSIb3DQEBCwUA
A4IBAQA/vekQdfNCp9FsgSahRiBXEiQVWrIMCH/dR7k/QpOkCq9MEe7MazD0tCyE3goXkPl4NK6u
JkV2BTUkg8CTc5lPpXJxY7QJiBHLbG7vlJXVSTfPoQDwDUsUUUb0aHGy/mChNw8l/O8gWjPGqYfJ
6lL212lIls5azxCb9rcBwzohpchDwISdA/jFNAiHy4sKg1yqIyvp/7jep0kObTIVgTDIJ/TA/s8a
dcyHu7oRoYJlUAWf80WSh6BFuBnnX/hGClvM2F1rFpFMFZVq4+T83gZ09mxU3cQl8GkW1uoOP1m+
AWL5YJ8dQLMx9xCcL/mKRGbYYAJOMRCx9peO/iCDvU1KMIIFUTCCBDmgAwIBAgIQDJP99GX/o7gA
AAAATDnPWjANBgkqhkiG9w0BAQsFADCBpTELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3Qs
IEluYy4xOTA3BgNVBAsTMHd3dy5lbnRydXN0Lm5ldC9DUFMgaXMgaW5jb3Jwb3JhdGVkIGJ5IHJl
ZmVyZW5jZTEfMB0GA1UECxMWKGMpIDIwMTAgRW50cnVzdCwgSW5jLjEiMCAGA1UEAxMZRW50cnVz
dCBDbGFzcyAyIENsaWVudCBDQTAeFw0yMDEwMTQyMjA2NDRaFw0yMjEwMTQyMjM2NDNaMIGRMQsw
CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEPMA0GA1UEBxMGSXJ2aW5lMRowGAYDVQQK
ExFDcm93ZFN0cmlrZSwgSW5jLjFAMBMGA1UEAxMMTWFydGluIEtlbGx5MCkGCSqGSIb3DQEJARYc
bWFydGluLmtlbGx5QGNyb3dkc3RyaWtlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMT46ZuzJ/RhZGH9+qht+LO1VOIYXTlKXOYwfashRkS/Bbro15Km8ARz41X1CQ/9AmjPgPFL
wFJXQlYZZybTsGl1o/R4PBmZUZ9AwfqHPXUrM3WKP3A4s5mVffPilfe6lTuSoipTzq8MoOaz2rK/
4kffBpTqDL3MvYvJX9hva2UJ4RvhQ9kS/6NAf/2mobNyVufM2NAAdUyQlUV4A8Hgdz+GklWtDpzR
jdZjGs7Cb+cylSVG/X8ntvq2idrWOUu8/2gH6aV1ZiR3G1U3I8HaYAdZK6ycXNfvdFSrePv9TKCk
7ud/0v5RwTcenut579PJ9J1ILBxxrphRD1MsulKWP4MCAwEAAaOCAY0wggGJMA4GA1UdDwEB/wQE
AwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwQgYDVR0gBDswOTA3BgtghkgBhvps
CgEEAjAoMCYGCCsGAQUFBwIBFhpodHRwOi8vd3d3LmVudHJ1c3QubmV0L3JwYTBqBggrBgEFBQcB
AQReMFwwIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLmVudHJ1c3QubmV0MDUGCCsGAQUFBzAChilo
dHRwOi8vYWlhLmVudHJ1c3QubmV0LzIwNDhjbGFzczJzaGEyLmNlcjA0BgNVHR8ELTArMCmgJ6Al
hiNodHRwOi8vY3JsLmVudHJ1c3QubmV0L2NsYXNzMmNhLmNybDAnBgNVHREEIDAegRxtYXJ0aW4u
a2VsbHlAY3Jvd2RzdHJpa2UuY29tMB8GA1UdIwQYMBaAFAmRpbrp8i4qdd/Nfv53yvLea5skMB0G
A1UdDgQWBBSlEgDqZESbubhJcEKhhhhKnl7OtDAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBCwUAA4IB
AQCoPnFPAX5tAP+aIr17tIgq1L2nP1F2pTeHgXd7ETwtUF1rSfq22mtKsDslQ5cRxy6l8LzH9j1h
2QmWK6dd+lSOUR/KaDSnXyhXsCHBX9455sWu6+n6Umrol/kOoRB3eFAht8wvXyIkNWoGf2M+p1kC
r7NYzgTDauE40ch1P15zLw47j9BODeX1BRhzlal0mrdEbLgZmcCdThe9S3+X1WOucSUIA54mFl46
uuZWlpl2lSKCrvWZn5RcGWqrdbM27SsNipli0sz0H+jPKUtFfr3DNsPQTANJsPU3u9k9A5HropDq
sZRj+3j+2z9Yiyi01g1k7bjc6LHmxXa0YjhQeMA8MYIEdzCCBHMCAQEwgbowgaUxCzAJBgNVBAYT
AlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMTkwNwYDVQQLEzB3d3cuZW50cnVzdC5uZXQvQ1BT
IGlzIGluY29ycG9yYXRlZCBieSByZWZlcmVuY2UxHzAdBgNVBAsTFihjKSAyMDEwIEVudHJ1c3Qs
IEluYy4xIjAgBgNVBAMTGUVudHJ1c3QgQ2xhc3MgMiBDbGllbnQgQ0ECEAyT/fRl/6O4AAAAAEw5
z1owCQYFKw4DAhoFAKCCApEwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUx
DxcNMjEwMzA5MTgyNTU1WjAjBgkqhkiG9w0BCQQxFgQU4GSZ22a8ExdGmiMlgytG+wR/MzswgZMG
CSqGSIb3DQEJDzGBhTCBgjALBglghkgBZQMEASowCwYJYIZIAWUDBAEWMAoGCCqGSIb3DQMHMAsG
CWCGSAFlAwQBAjAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAhowCwYJYIZI
AWUDBAIDMAsGCWCGSAFlAwQCAjALBglghkgBZQMEAgEwgcsGCSsGAQQBgjcQBDGBvTCBujCBpTEL
MAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xOTA3BgNVBAsTMHd3dy5lbnRydXN0
Lm5ldC9DUFMgaXMgaW5jb3Jwb3JhdGVkIGJ5IHJlZmVyZW5jZTEfMB0GA1UECxMWKGMpIDIwMTAg
RW50cnVzdCwgSW5jLjEiMCAGA1UEAxMZRW50cnVzdCBDbGFzcyAyIENsaWVudCBDQQIQDJP99GX/
o7gAAAAATDnPWjCBzQYLKoZIhvcNAQkQAgsxgb2ggbowgaUxCzAJBgNVBAYTAlVTMRYwFAYDVQQK
Ew1FbnRydXN0LCBJbmMuMTkwNwYDVQQLEzB3d3cuZW50cnVzdC5uZXQvQ1BTIGlzIGluY29ycG9y
YXRlZCBieSByZWZlcmVuY2UxHzAdBgNVBAsTFihjKSAyMDEwIEVudHJ1c3QsIEluYy4xIjAgBgNV
BAMTGUVudHJ1c3QgQ2xhc3MgMiBDbGllbnQgQ0ECEAyT/fRl/6O4AAAAAEw5z1owDQYJKoZIhvcN
AQEBBQAEggEABgPiRFnd+M/QkapnRPdpPLRIptSIevqY22gph0xq+0JUfLsJuDNLzGsKpDEYqcqP
jRJYJvIBU+/hMbPx9oxv+tY/IG3IMCO4GrrKcET/uebjtYaABseJ3lFTB6mmWBzoYXMqNh+hUiMm
zPgoR8H7i2bMGWtW/tsx9SkIHggN0ohXj2goXMTPyia0V5tm5Na2Ea81s8QflAPYV7TwPJ7srAjG
1yQFgTEMnYY0P96k541Ebzp7xn9KA69yE7S5sZiAPxrZDjMotIm85FkDToVw0yDeqcy74we64mhc
sfexDodm4oFmkYewtK/kSec5gwQs4EQts74DllgzO7XCPxcGCAAAAAAAAA==
------=_NextPart_000_002A_01D714CE.968C6200--