From patchwork Thu Jun 1 20:59:47 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Scott Mayhew X-Patchwork-Id: 9761201 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 5EB016038E for ; Thu, 1 Jun 2017 21:00:58 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 4CE6D28533 for ; Thu, 1 Jun 2017 21:00:58 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 416492853C; Thu, 1 Jun 2017 21:00:58 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED autolearn=unavailable version=3.3.1 Received: from emsm-gh1-uea11.nsa.gov (emsm-gh1-uea11.nsa.gov [8.44.101.9]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 514DF28533 for ; Thu, 1 Jun 2017 21:00:56 +0000 (UTC) X-IronPort-AV: E=Sophos;i="5.39,281,1493683200"; d="scan'208";a="6293353" IronPort-PHdr: =?us-ascii?q?9a23=3AlM+qohTzOzrkVo4fLAEKY4bDfNpsv+yvbD5Q0YIu?= =?us-ascii?q?jvd0So/mwa68ZReEt8tkgFKBZ4jH8fUM07OQ6PG/HzBRqs/c7zgrS99lb1c9k8?= =?us-ascii?q?IYnggtUoauKHbQC7rUVRE8B9lIT1R//nu2YgB/Ecf6YEDO8DXptWZBUhrwOhBo?= =?us-ascii?q?KevrB4Xck9q41/yo+53Ufg5EmCexbal8IRiyrwjdrMYbjI9tJqosyhbEoGZDdv?= =?us-ascii?q?hLy29vOV+dhQv36N2q/J5k/SRQuvYh+NBFXK7nYak2TqFWASo/PWwt68LlqRfM?= =?us-ascii?q?TQ2U5nsBSWoWiQZHAxLE7B7hQJj8tDbxu/dn1ymbOc32Sq00WSin4qx2RhLklD?= =?us-ascii?q?sLOjgk+2zMlMd+kLxUrw6gpxxnwo7bfoeVNOZlfqjAed8WXHdNUtpNWyBEBI6z?= =?us-ascii?q?YZEPD+4cNuhGqYfzqUYFoR+nCQWxGO/jzzlFjWL006InyeQsCQHI0hI9EdwAs3?= =?us-ascii?q?rbrtv1NL8QXOyowqTH0y7DYuhK1Tvh8oXEbgwtre2QUb92bMHfyVMvFwTAjliI?= =?us-ascii?q?tILqIzSV1vgRs2OG6ORvT+Kui245pAB/vzOiwdwsiozTiYMVylDL6yt4zZ0vJd?= =?us-ascii?q?KmVUF7YcSrEIdKuy6GMIt2R9ovTmd1syg50r0LoYO3cScFxZg9xxPTduaLf5aH?= =?us-ascii?q?7x79TuqdPC90iGx5dL+7nRq+7EatxvPmWsWp01tHoDBJnsfPu30Lyhfd8NKISu?= =?us-ascii?q?Fn8UekwTuP0gfT5fxaLk0sjqrbLoIhwqY3lpoOrUTPBi/2l1vyjK+Rbkgk5vKn?= =?us-ascii?q?6/7mYrX7vZ+QLZN0iwHiPaQuncyzG+I4PRQVX2eH4+i80bzj/UnhTLVLiP05jL?= =?us-ascii?q?XZvYjHKckUqaO1GQ9Y3ps55xqhADqqzs4UkWQfIFJAYh2HjozpO1/UIPD/CPey?= =?us-ascii?q?m0+snylvx/DHOL3hH5rMImHYn7fmYLZ97VJTxxQozd1E+5JVCq0OIPL0WkPrst?= =?us-ascii?q?zYFQU2Pxa7w+bgFtVxzpkeVn6XAq+FLKPStkeF5uAoI+mKfoAVpDb9JOIj5/P1?= =?us-ascii?q?j385nlkdfayz0psMdHC3AO5mI16DbXrrmNcBHn8AvhAiQ+zylF2CTTlTam6wX6?= =?us-ascii?q?I+/D40FIGmDZzERoCrgbyBwjy2HpNSZmBbBVGDCmrod4OYW/cRci6SJdVhkjMc?= =?us-ascii?q?X7i7V4AhzQ2utBP9y7d/IOvU+ykYtZf929hv/ODTmw89+iFzD8SHyW6NV3t0nm?= =?us-ascii?q?QKRzAowK9/vVZxylCZ0ah3m/ZYD8Bc5+tVUgcmMp7R1/F1BMz3WgLGeNeJVEuq?= =?us-ascii?q?T864AT4vVNIxwt4PY0F7G9m4iBDMwTaqCacPl7OXHJw07r7c33/pKslg13bJzr?= =?us-ascii?q?MhgkI6TctIMG2pmrRw9xPPB4LTlUWWibqqf7wG3CHR7GeD0XaOvEZAXQ9wUKTF?= =?us-ascii?q?WnYfa1DTrdT9/0/CTrmuBa4hMgRb086CKapKasP3gllcQvfsJsjeaXqrm2isHR?= =?us-ascii?q?aI2q+MbI3ydmoGxyrRD0wEkwEI/XaaLggyHDyhrHzCAzB0DlLgfUfs8eh4qHOm?= =?us-ascii?q?QU451B2Fbk1717qo4R4Zn/KdROkP3rIfvychrS94HFGn39LZE9CAvRZufL1AYd?= =?us-ascii?q?Mh51dKzWzZtxZnMZymM69ih0Uefh9yv0P21hV7E55AkMYxrH8wywpyM62Y2ktb?= =?us-ascii?q?dzyExZDwJqHXKm7q8RCscaHW2Vbe0MuN96cM8vs4qFLjvByzGkol6XVn3MFf02?= =?us-ascii?q?GA6ZXSEAoSTZXxX14t+BdnvbHaYzcy55nP2HJ2Laa0tyXO29UzBOsq0hygZctQ?= =?us-ascii?q?MLuYFA/uFM0XH9OuKOIwm1iudRIEIPtf9LUyP8OhefqG3bSkPOB6kDKgk2tH/J?= =?us-ascii?q?h30liQ+CpkVu7Iw5EFzumW3wSdUzf8kEmustrsmY1fezEdAHC/xjP5BI5UfKFy?= =?us-ascii?q?epwLCWi2Kc2t2tp+n4LtW2Jf9FO7G1MJxdKmeRuIYFz5xgBfyUMXoXm7liSi1D?= =?us-ascii?q?x0jyslrqyB0yzS2+7ibgYIOnZXRGl+ilfhOY60j9EeXEiscQcpjwCo6lzkyKhB?= =?us-ascii?q?o6RzNW7TQV1HfyLuNWFtTrOwtqaeY85I8J4oryRXX/igYVCdUL7xuQcV0yPkH2?= =?us-ascii?q?tYyzA2bDWqupT/nxNgkmKdK2x/rH3DecF/3R3f/sDTReZN3joaQyl1kT3XBlmn?= =?us-ascii?q?P9m15NmUjInMsuS/V2KnS51SfjLmzZiYtCu6421qAAGwn+uplt3hDwc6zTfx18?= =?us-ascii?q?N2WiXQsBb8fo7r2rygMeJgekloAEHz69BmFYF5nIo9n4oQ2WUGiZWO53YHln3z?= =?us-ascii?q?MdpD06LkcHUNXSILw8LS4AX9wE1sNG+Jx4bjWnqH2MdufN66YmcK2iI66cBHE6?= =?us-ascii?q?KU4KBCnStyvlW0twTRbuZhnj0F0/sh9GYag/0VuAoq1iidAa4dHU9DPSH3lBSH?= =?us-ascii?q?8da+rL5RZGmxbbi8zk1+ncquDLuauAFTRG75eos+HS939sh/LlTM32Do54H6ft?= =?us-ascii?q?nfcNITugeSkxjek+hfMIgxmeYShSp7JWL9umUoy/Yhghxz2ZG3p5SIK2Rx/KO5?= =?us-ascii?q?GxJYOCf6Z8UJ9jHql6Zekd6c35qzEZV5BjULQJzoQOqwED0IqPTnMxiBECUmpX?= =?us-ascii?q?edBbrQAxWf5Vx7r3LUDZ+rLWqXKGMCzdVlWRmdPlBQjx4aXDU9hJ45GR6lyNbn?= =?us-ascii?q?cEhn+jAb/kT4pQdUyuJ0Kxn/VX/SpAmyZTcyVJifKx9W4xpM50jLLMOe6fhzED?= =?us-ascii?q?tA/p27qwyNKHKUaBhUDW0TXUyEHV/jNKG05dbc6+iYGva+L/zWbLWLs+NeU/OI?= =?us-ascii?q?yoyz0ot65TmDLN6CPn98AP0nwUpMQWp2G9zHlDkVTSwYiT7NZdaBpBig4i13st?= =?us-ascii?q?y/8PPzVQL1/4eOBaFeMdB19BCyhqeCN/WdizxlJjZdzJ8MwmXIyLcH1l4Ily5u?= =?us-ascii?q?byWtEagHtSPVQqLQgLFYAAMAayxpMstI86U83hJWNMHBltz106R0jvkvC1dKTV?= =?us-ascii?q?bhgN2mZdQWI2GhM1PKHECLNK6cKj3T28H6eq28SbxKjOVPqx2wtzebE0n5MTSF?= =?us-ascii?q?izbpVgqgMeVWgCGcJhxet5m3cgxxBmj7UNLmdhq7PcdvjTIo2rI7mHXKNW8AMT?= =?us-ascii?q?h7aE5Nr6Of4j1GjfllHGxB9HVlJ/GemymF9+nYNooWsfxzDytpjOJV/m41y7RP?= =?us-ascii?q?7C5eWvx4gzDSocRto1G7iOmA0CBrUB5TqjZNno2Lp1xuObne9plDWXfE+wgB7W?= =?us-ascii?q?OOBBQWv9FlEMHgu7hMytjTk6L+MCxC/MjK/cQGCMjbNtmHPWE6MRXzBj7bFgQF?= =?us-ascii?q?QiCwNW3FgUxSju2S/GWPrpcmspjshIYOSrhDWVMuF/MaBUNlHNoZLZhqQDwrir?= =?us-ascii?q?+bg9QO5XakqxnRXspatIjdVv2OGfXvNCqZjb5cahQSzrP3N5oTOZPg1kxlcll1?= =?us-ascii?q?goLKG0/KUtBMpi1udQg0oUpX/Hh5VG0z1Frvahmx738LCf60ghk2hxNiYeQq8T?= =?us-ascii?q?fg+U03Jl3LpSQulkk+gs/lgTePfz7yN6q/QYZWCy/ouEcrKZP7Xxx5bQuskkx4?= =?us-ascii?q?LD3EXa5ej6N8dWB3jw/RoZhPGP5YTaJaexIQwPaXZ/sm0VtCtiWn2U9H5ezACZ?= =?us-ascii?q?R8jgcqd4Cjr25Y0QJ5cNE1PbDQJLZOzlVIgKKBoDWn1uQqzQ8dIEYN63+SdzQO?= =?us-ascii?q?uEwTNbkmJjCk/upy5gyegzFDYnQDV+I2ovJ28UMwI/6AwDz707FdME+xLfCQL6?= =?us-ascii?q?OCtmfblM6IWE4/1kQGl0ld57h5z8cif1CSV08x0LubDw4JOtbaKQFJc8pS82De?= =?us-ascii?q?cjuJseXLx5J6IpuyFuTpTeKVrqkbnFikHAEzE4QL9MQBEYGm0FvEIsf/ML4F1R?= =?us-ascii?q?It6Rz2K1qfEvRJeQ+EkCwcrs6l1p93x45dJz8GAWpjLSq3+6zXpg42gPuDRts2?= =?us-ascii?q?ZGkVXpccPHIsRMK6gzJZv2hHDDSv1uIZzxKC4CH6piXRCznxdNVjZPGJZR92D9?= =?us-ascii?q?G24zo/+bCsiVHL6pXeO336NdN6t9/U9+wao5eHC/VJTbhyqErTh45YR3m2XGHV?= =?us-ascii?q?Ct61O4L8a48yYtzoEny6SECwiyopT8ftO9agNquIgRvoRIlOtombwDAjONSyFj?= =?us-ascii?q?EZAxd/u/sP5KRiag0fe5A7ewLntxwiN6yjJweVysmuQ2eoKTtRU/lfzeW7aqdK?= =?us-ascii?q?wCotbu610mAvQos8z+ap7U4HXIsKgQ3Gxfa/e4leVjD+FWZZewXOuSU2iXBuNu?= =?us-ascii?q?Myw+c5xxPIt0MTPiuQe+xocmNEucgwBV2PIXlsDGo3WUOch5LZ4gGwx7AS4zdd?= =?us-ascii?q?n9FM3OJernf+uITSbyixV6y1t5rVqTEgYsI8o6xxK4DjJdGGtJzGlDzFUJbQqh?= =?us-ascii?q?GFUDK9F/dCldhQPSNYQP1MmW47PMwLopdO5lQqWcc/PbNPDrMgprewaTprFSQS?= =?us-ascii?q?1zMWV5uc3Dweheexw6HalhGRcJs+MBwEt5FCgsAFXSBvfy0QvrOuWYLNmmCYTW?= =?us-ascii?q?gLJRsc4h5X5AIcjINweP7q4JbQRp9W1zFWu+50UjfMFpRw7Vv0V3yZjEP3SPWk?= =?us-ascii?q?nO2lxwRSw+zw0tMDQh5wFVBdx/pKlksvMLx3MbMfvpTNsjCTbk76oHjtx/G4JF?= =?us-ascii?q?ZPzc3Udlv4DIXBtWr9XS0c+WEURYFVx3HFEJQeiQx5Z7g3pF9UOoCpZl7+5yA4?= =?us-ascii?q?x4RuB7S5W9qnyEolrXYHQieqEsBOC+J9vVLWRjJqfY6kpI/iO5VITW9a4IedpE?= =?us-ascii?q?tBkEVxLy65zoJRJNtX4j4RWjhDuzadscCzSM1C2M92E4QDLs15u3jjBKNOIIKR?= =?us-ascii?q?rGEuurzz1n/Z/CgxsFa8xDWvBaC4S/xW/2gAFQU1PWSfqlIiD+w08mjM9FDNt0?= =?us-ascii?q?p7/+ZfBreUikVwryxxHpdUBjZGzXqlNUh8TGFas+VGL6TYa8NcQ+Moah+pJxwz?= =?us-ascii?q?Dv8m30uH/EFygXf5YzJ9tgpc+yDBQQY0TzMZgrHzlj0CssunIyMVS4pUbTU9aC?= =?us-ascii?q?fIMx6bmSdSvBtEd0FmR5UZDc1f97Edw4RU4tLISVywJiEdQBxiKgU43OJflUFZ?= =?us-ascii?q?qkWXYyTdAhezePnSrBJ3Zd+Ro9CtLPvn5gdLkITnsPo3968bXX2phRWtQczCr4?= =?us-ascii?q?/7rtCKtEyOe7njPuKhf3DBVybDjQqshbg6EpbG5S7TPxRHK5Ni03orfYDhCXLX?= =?us-ascii?q?PRRBP68UPERbWrxmZdhEv+xXadRpd7oO+a9oGh2IXAjvGJC1oPlAMFnTWSzULz?= =?us-ascii?q?+d/eynvYLT8bvdRPD6ZsOS2nnHQ7h4Poth5Dn/HLfqz5FR9lTq1fdq60x1V0LK?= =?us-ascii?q?Myafo9T9PgkL/tWtdlP+vp01GjPbGI9wkGHxxk5aasUXXzan8I8fyJNE8nb/Vf?= =?us-ascii?q?x30k7vsO1I7bZk7ZM747dzyce7Pa3SM+hVsVd7AhiIAQVn7oktAHJhSG9Pf+Ac?= =?us-ascii?q?M+rRfaAFjcD0se/3Ca0X6BqR++NHddvLPUbBmtOwCjuEUxxLgB8BqSIGLgubz/?= =?us-ascii?q?OFmbV7Sdyipeji3kIi+Ua+IwUDzLBw4YeE5quIq/PWbxTLy7gEQbLmRsTprrQj?= =?us-ascii?q?o0mS/+ErlKYSemxpZA2qCOodWdQbxmfu16Aqyj8jHN3YErL84vFDUWk5njX6l5?= =?us-ascii?q?B7AVoWBuseHaCX8oRGgmc4h+vZO8UQcqBGgWuPFBikEroYxX6q7SuXLnNljQvV?= =?us-ascii?q?0xHsW2Oz8UP5rTNlQSvW0djviE1VVqO4BU1KRSqmJVd4sC+TPArvrNf3v6U141?= =?us-ascii?q?0xMmzgrt2Nj3GtOLJQH834P9ycOjI5pFcYgZw+XNCv3pobGdWlKtcL7H5+dufe?= =?us-ascii?q?63+skyJZv6hInY7e7d+O+vXLHXigiLaXq66RyzBZ1Hc4u00/6tG6Of3U4d2FXe?= =?us-ascii?q?io3X4LTyhjowvBQwK1qrvDolAQIkyL1UfGlZcEPt5HwHY40Vvm6/I7QNIp8wVe?= =?us-ascii?q?FJjPaO8epTzpPzv021mfacotViaCyztXAk71EV5gFag+2WLwudnElXLO9FwoWI?= =?us-ascii?q?ZwbU3nhRp4D4kiL0Ii9kQXyDIZEQcRcRCbEK2oBUP9IIsFVEkMcw6I06Shd6cs?= =?us-ascii?q?w0Jz3q2g6/PJYex7HaoNOe5XjhSSk1hDBpIWraoeTapndF9c767WqBLtC4rmX/?= =?us-ascii?q?j6jXo/L+C1QsRB/M8FsHst/xiwSAC96ZdZ6LYbkoqHerRDYZjWs8B2911n6iIX?= =?us-ascii?q?dixRnBh/iAu0UfgGq+D//tfbsJSp6uG0VKYuXukX7AY7B2B/j5v2nVAirsra1/?= =?us-ascii?q?9GRY3JlYv/8A5MI3mQuIbZyRV8KvQBK5itfLl+83ULPS8eJ2gBPdCOcfkz/zdt?= =?us-ascii?q?MCnP51xFGs4MeckYM9TJmQ9OjE3mRqpe+dfaGl+XCodza9on73HtxzAv7JswSO?= =?us-ascii?q?Dg5yGqJZrH9VFCI+tDjDlwlNLFvOUVzuDdCDIJ7nmFaxh42SeCy5iRC/nu/eWD?= =?us-ascii?q?0szUV0gcEi4wTYhdOCKI+Ra7SeqtiJXpTgSU59f8gJ0gckKQWnuxnKMCvqZXD+?= =?us-ascii?q?FAjiT73j5DFoH6nP+Vt8Sj6HFXt1JdCopz6wPKGLlHNJVhJRv4jtWrRlR7Bibn?= =?us-ascii?q?ZM7UdAAht/aNy+gQ5OV+M0/+ZY4FLRIe17L192ZaTgt0RL7xpFaZUvobZMF6R/?= =?us-ascii?q?PcsnBV9YVgJrcKPFiaopzqsjhIp04tDQ8sab8/tDpaeVfSnAxbXKb0or0AihAG?= =?us-ascii?q?Xd5/p0BMBXq6OHgi6DrfSaRVkK6RBeQa8jqPVawOSFxkPD5xTR2z2ZVufaapnP?= =?us-ascii?q?9cv2NJmyNyuv4q3CJ8SBu7oy3sqLoH2Sg897GgqDUBpXtFQ/2ckyfPCVVDyu4G?= =?us-ascii?q?grscC3bm9FyzfXgCbIr04Ll8JsTg9JIs42o+YRU9ZSIGWfmvCyDqg6OOHIOPrM?= =?us-ascii?q?pWhASRt8XWcb+zMS8SO6w8yRL9XXd91BPTnBJ18GQWQzWg68QkKJ+6OcY/ySqi?= =?us-ascii?q?AXLbe0oU4qNVrMvxskYGTOkoZlNvzmVj1tOKRyMXS8zJBWk1khIoaWNaf5Jf8R?= =?us-ascii?q?UaDbUngi6Uvqla+QEZeDjUEoCi+ojeg8jI3X09QMxxxmLRoK2Fh48l3Gdjm9xq?= =?us-ascii?q?8i6EoG4SePDAU89wHnjz0Z9Sye7+Z/StquAHT49myLW9UPAcKcSj/Gq22IlwWk?= =?us-ascii?q?C73LgeGEC5MOAbzLfBTyilUXGYWfiMc2WUgzY5M0vy6AK0Ll02dMhKrFEyMu/Y?= =?us-ascii?q?ip5aiQLhTat+Rj+Mql/D0GwjLeQaehozuIemeAwKT+kRavOeJec0w/0+D10MYG?= =?us-ascii?q?HPHSdsDe+5r0KtlpBhO3p8+UX6ffjt8gf+PdSJBBYEF5Lao4Vq+fy+QWKBJWNg?= =?us-ascii?q?zANsM0Zp7evfEE4xtuBEeZaLgdfQn8h70fICd/p1KS09vdoTlZh56Yia18eKdR?= =?us-ascii?q?/Rw433JdHSpfiYGOPQwFgwemFdSboZegL154M1PtIjXL3TB7RZtwwGBacmWJwh?= =?us-ascii?q?K3vx9KZsIQN9bAHRYLW0gtH0qe+QZ5pUpnrW7lcuIyfGvx0M1Oa4TQthb5Cln3?= =?us-ascii?q?/yOow/Ripdr91xDRtrBIVOG9sarwqmH5Gbhrq2i9qw+0Nmoe8Fr7D8CvfQ1NS2?= =?us-ascii?q?x49xRYRV5VSXPDbNA6lmmkNljuCsjfrbypnxDdntecgYVOh6XmHFdqXGEZuhJT?= =?us-ascii?q?6UPMLzZVJG+aaG0L1lShWReDz5X62euS2gNfVk51g7y4NhcOrXzTwt9K3b2MDp?= =?us-ascii?q?amFavCijq3mJOIFY7FzQCuzURwhURuad8GZ5Aa0XapP59PwQPtwmwdic5RRz7T?= =?us-ascii?q?tF3MWKP6ihrlHD2lhlepLDNkTkwCU5VpcQIBS5L0QshXTWqmnSAXhGKcikM8Zt?= =?us-ascii?q?is6PDhPx/0lxhX0tZmlZF2rtX9ieJWgb28O4ZA2N7w9LEdcDn+ipdk48t62yT/?= =?us-ascii?q?RoO5pfleWtrrUHns5jKzvTS8hCIyHQMLh2MyJTDurVp1goZQULvqMoWoczeZiO?= =?us-ascii?q?IEQHMFqPySPy0QvOy0v0eMKw1KyROiYZ7m1Hz67Z0ThLvwS5tuyWjdb5ULDYcp?= =?us-ascii?q?72WOXfMDQhVj6AXjQyEFup9U2iu/UaoPqSOX0frUwMYiKOFA4TobhirdrVDm/U?= =?us-ascii?q?g+1jZpwKhOuBViD2UiJ4kbQ9BidRuUCLWfoDGhHcb2X9j2pEpAyiOvhM8Gr+b7?= =?us-ascii?q?2Ww6paR+0bD4hXf/2HXdTYY/FeJjYvljUfIuq8ecPTr6pqmm7PGHAUF6jO6U22?= =?us-ascii?q?UF+dQvvawSniG4oSocx8visu58KVmCFsO7rHMqzZpDO09IO8yiGCtr7wTG4oNn?= =?us-ascii?q?c+h/4eSEyI0RlNNylQENQcqUHgXYaaakpM3W5vguVrjUxfMD9vW2FjhyUF1M22?= =?us-ascii?q?HddUHBtN1Tuj?= X-IPAS-Result: =?us-ascii?q?A2E2AQBQfzBZ/wHyM5BdGQEBAQEBAQEBAQEBBwEBAQEBFQE?= =?us-ascii?q?BAQECAQEBAQgBAQEBgwEoA4Fvjn+iHIZnKIh5VwEBAQEBAQEBAgECaCiCMyQBg?= =?us-ascii?q?kEGAQIkUgMDCQEBFy4DCAMBKCsHEgWIU4FSr2w6JgKLKgExhmGJUoYIAQSQK41?= =?us-ascii?q?+kx4NinsnhldIlA9YgQowIQgbFYVMHBmBZlqJbwEBAQ?= Received: from unknown (HELO tarius.tycho.ncsc.mil) ([144.51.242.1]) by emsm-gh1-uea11.nsa.gov with ESMTP; 01 Jun 2017 21:00:55 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id v51L0FDA005718; Thu, 1 Jun 2017 17:00:24 -0400 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id v51L0EaZ089824 for ; Thu, 1 Jun 2017 17:00:14 -0400 Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id v51L0Dpq005701; Thu, 1 Jun 2017 17:00:13 -0400 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A1DXAAD1fzBZhxy3hNFdGwEBAQMBAQEJAQEBgywogXKOf6Ichm6GJAKCdFcBAgEBAQEBAhMBAQEKCwkIKIVIAwMnUhBGCywrBxKIWIFSr286i1IBAQEBBgImhmGJUoYIAQSQK41+kx4NinuGfkiUD4FhMCEIGxWFTBAMGYFmJDaJbwEBAQ X-IPAS-Result: A1DXAAD1fzBZhxy3hNFdGwEBAQMBAQEJAQEBgywogXKOf6Ichm6GJAKCdFcBAgEBAQEBAhMBAQEKCwkIKIVIAwMnUhBGCywrBxKIWIFSr286i1IBAQEBBgImhmGJUoYIAQSQK41+kx4NinuGfkiUD4FhMCEIGxWFTBAMGYFmJDaJbwEBAQ X-IronPort-AV: E=Sophos;i="5.39,281,1493697600"; d="scan'208";a="6075528" Received: from emsm-gh1-uea11.corp.nsa.gov (HELO emsm-gh1-uea11.nsa.gov) ([10.208.41.37]) by goalie.tycho.ncsc.mil with ESMTP; 01 Jun 2017 16:59:50 -0400 IronPort-PHdr: =?us-ascii?q?9a23=3Ae9Wa7xbRo8E5E90eOlBORw3/LSx+4OfEezUN459i?= =?us-ascii?q?sYplN5qZoMW/bnLW6fgltlLVR4KTs6sC0LuJ9fyxEjVdvt6oizMrSNR0TRgLiM?= =?us-ascii?q?EbzUQLIfWuLgnFFsPsdDEwB89YVVVorDmROElRH9viNRWJ+iXhpTEdFQ/iOgVr?= =?us-ascii?q?O+/7BpDdj9it1+C15pbffxhEiCCzbL52Lhi6twrcu80ZjYd/Kqs8yAbCr2dVde?= =?us-ascii?q?hR2W5mP0+YkQzm5se38p5j8iBQtOwk+sVdT6j0fLk2QKJBAjg+PG87+MPktR/Y?= =?us-ascii?q?TQuS/XQcSXkZkgBJAwfe8h73WIr6vzbguep83CmaOtD2TawxVD+/4apnVAPkhS?= =?us-ascii?q?EaPDMi7mrZltJ/g75aoBK5phxw3YjUYJ2ONPFjeq/RZM4WSXZdUspUUSFKH4Gy?= =?us-ascii?q?YJYVD+cZPehWsZTzqVUNoxS8CwmhH//jxiNSi3PqwaE2z/gtHAfb1wIgBdIOt3?= =?us-ascii?q?HUoc3oOqgOVuC10LXIxijEYfxM2Tb96JbHcx48qvyLRrJwdNDeyEkvFwzbgFSd?= =?us-ascii?q?spblMC2I2eQNqWeb8/BsWv6oi24isgx8pCWkyMQ0ioTRmI4Z1lTJ+T9kzIs7O9?= =?us-ascii?q?G0UlN3bN2qHZdKqS2XNI17Sd44TW5yoiY10LgGtIa7fCcUzJQnwAbSa/mIcoSV?= =?us-ascii?q?+B7jTvieLip4hH1/ZLKznQq98U+lyuHkV8m01khFrjZdn9XSqnwA0wbf5tWJR/?= =?us-ascii?q?dj5EutxDWC2g7J5u1aIk04ja/bJIQgwr40mJoTq0PDHirulUXtia+ZbEUl+ui2?= =?us-ascii?q?5OXpebjmvIGTOJJ0ig7kLqQigNCwAeM9MgQWRWiU5fy81KH//U3+WLhKleA5kr?= =?us-ascii?q?LCvZDGJcUUuq65AwhP3oYl8BawFS2q0NsfnXkZNFhFYg6Ij5D1O1HSJ/D1Fey/?= =?us-ascii?q?jEqokDdqwfDGI7LgD47RLnnDjLjhfbF951RayAoo199T/Z1UCrYfIKG7Zkikr9?= =?us-ascii?q?HcDxkkIySo0u3nD5N7zYpYVmWRRuedMaXPoRqO6PkHPeaBfskWtSz7Jvxj4OTh?= =?us-ascii?q?3lEjnlpIRqKuwYdfTXmpHvl5axGCZHP9gtoeOX0Hsgo3UKrhj1jUAm0bXGq7Q6?= =?us-ascii?q?9pvmJzM4mhF4qWA9n12LE=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0GyAABQfzBZhxy3hNFdGwEBAQMBAQEJA?= =?us-ascii?q?QEBFgEBAQMBAQEJAQEBgwEogXKOf6Ichm6GJAKCdFcBAQEBAQEBAQIBAhABAQE?= =?us-ascii?q?KCwkIKC+CMyQBgkEDAydSEEYLLCsHEohYgVKvbDqLUgEBAQEGAiaGYYlShggFk?= =?us-ascii?q?CuNfpMeDYp7hn5IlA+BYjAhCBsVhUwQDBmBZiQ2iW8BAQE?= X-IPAS-Result: =?us-ascii?q?A0GyAABQfzBZhxy3hNFdGwEBAQMBAQEJAQEBFgEBAQMBAQE?= =?us-ascii?q?JAQEBgwEogXKOf6Ichm6GJAKCdFcBAQEBAQEBAQIBAhABAQEKCwkIKC+CMyQBg?= =?us-ascii?q?kEDAydSEEYLLCsHEohYgVKvbDqLUgEBAQEGAiaGYYlShggFkCuNfpMeDYp7hn5?= =?us-ascii?q?IlA+BYjAhCBsVhUwQDBmBZiQ2iW8BAQE?= X-IronPort-AV: E=Sophos;i="5.39,281,1493683200"; d="scan'208";a="6293319" X-IronPort-Outbreak-Status: No, level 0, Unknown - Unknown Received: from mx1.redhat.com ([209.132.183.28]) by emsm-gh1-uea11.nsa.gov with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 01 Jun 2017 20:59:49 +0000 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 742351E30; Thu, 1 Jun 2017 20:59:48 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 742351E30 Authentication-Results: ext-mx06.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx06.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=smayhew@redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com 742351E30 Received: from coeurl.usersys.redhat.com (ovpn-121-77.rdu2.redhat.com [10.10.121.77]) by smtp.corp.redhat.com (Postfix) with ESMTP id EEA0E60E38; Thu, 1 Jun 2017 20:59:47 +0000 (UTC) Received: by coeurl.usersys.redhat.com (Postfix, from userid 1000) id 7DB2E20315; Thu, 1 Jun 2017 16:59:47 -0400 (EDT) From: Scott Mayhew To: selinux@tycho.nsa.gov, linux-nfs@vger.kernel.org Subject: [PATCH v2] security/selinux: allow security_sb_clone_mnt_opts to enable/disable native labeling behavior Date: Thu, 1 Jun 2017 16:59:47 -0400 Message-Id: <20170601205947.4917-1-smayhew@redhat.com> In-Reply-To: <1496341807.27759.15.camel@tycho.nsa.gov> References: <1496341807.27759.15.camel@tycho.nsa.gov> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.30]); Thu, 01 Jun 2017 20:59:48 +0000 (UTC) X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: Cc: "J . Bruce Fields" , Stephen Smalley , Trond Myklebust Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP When an NFSv4 client performs a mount operation, it first mounts the NFSv4 root and then does path walk to the exported path and performs a submount on that, cloning the security mount options from the root's superblock to the submount's superblock in the process. Unless the NFS server has an explicit fsid=0 export with the "security_label" option, the NFSv4 root superblock will not have SBLABEL_MNT set, and neither will the submount superblock after cloning the security mount options. As a result, setxattr's of security labels over NFSv4.2 will fail. In a similar fashion, NFSv4.2 mounts mounted with the context= mount option will not show the correct labels because the nfs_server->caps flags of the cloned superblock will still have NFS_CAP_SECURITY_LABEL set. Allowing the NFSv4 client to enable or disable SECURITY_LSM_NATIVE_LABELS behavior will ensure that the SBLABEL_MNT flag has the correct value when the client traverses from an exported path without the "security_label" option to one with the "security_label" option and vice versa. Similarly, checking to see if SECURITY_LSM_NATIVE_LABELS is set upon return from security_sb_clone_mnt_opts() and clearing NFS_CAP_SECURITY_LABEL if necessary will allow the correct labels to be displayed for NFSv4.2 mounts mounted with the context= mount option. Signed-off-by: Scott Mayhew --- fs/nfs/super.c | 18 +++++++++++++++++- include/linux/lsm_hooks.h | 4 +++- include/linux/security.h | 8 ++++++-- security/security.c | 7 +++++-- security/selinux/hooks.c | 35 +++++++++++++++++++++++++++++++++-- 5 files changed, 64 insertions(+), 8 deletions(-) diff --git a/fs/nfs/super.c b/fs/nfs/super.c index 2f3822a..ffded39 100644 --- a/fs/nfs/super.c +++ b/fs/nfs/super.c @@ -2544,10 +2544,26 @@ EXPORT_SYMBOL_GPL(nfs_set_sb_security); int nfs_clone_sb_security(struct super_block *s, struct dentry *mntroot, struct nfs_mount_info *mount_info) { + int error; + unsigned long kflags = 0, kflags_out = 0; + /* clone any lsm security options from the parent to the new sb */ if (d_inode(mntroot)->i_op != NFS_SB(s)->nfs_client->rpc_ops->dir_inode_ops) return -ESTALE; - return security_sb_clone_mnt_opts(mount_info->cloned->sb, s); + + if (NFS_SB(s)->caps & NFS_CAP_SECURITY_LABEL) + kflags |= SECURITY_LSM_NATIVE_LABELS; + + error = security_sb_clone_mnt_opts(mount_info->cloned->sb, s, kflags, + &kflags_out); + if (error) + return error; + + if (NFS_SB(s)->caps & NFS_CAP_SECURITY_LABEL && + !(kflags_out & SECURITY_LSM_NATIVE_LABELS)) + NFS_SB(s)->caps &= ~NFS_CAP_SECURITY_LABEL; + return error; + } EXPORT_SYMBOL_GPL(nfs_clone_sb_security); diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index 080f34e..2f54bfb 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -1388,7 +1388,9 @@ union security_list_options { unsigned long kern_flags, unsigned long *set_kern_flags); int (*sb_clone_mnt_opts)(const struct super_block *oldsb, - struct super_block *newsb); + struct super_block *newsb, + unsigned long kern_flags, + unsigned long *set_kern_flags); int (*sb_parse_opts_str)(char *options, struct security_mnt_opts *opts); int (*dentry_init_security)(struct dentry *dentry, int mode, const struct qstr *name, void **ctx, diff --git a/include/linux/security.h b/include/linux/security.h index af675b5..a55ae9c 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -240,7 +240,9 @@ int security_sb_set_mnt_opts(struct super_block *sb, unsigned long kern_flags, unsigned long *set_kern_flags); int security_sb_clone_mnt_opts(const struct super_block *oldsb, - struct super_block *newsb); + struct super_block *newsb, + unsigned long kern_flags, + unsigned long *set_kern_flags); int security_sb_parse_opts_str(char *options, struct security_mnt_opts *opts); int security_dentry_init_security(struct dentry *dentry, int mode, const struct qstr *name, void **ctx, @@ -581,7 +583,9 @@ static inline int security_sb_set_mnt_opts(struct super_block *sb, } static inline int security_sb_clone_mnt_opts(const struct super_block *oldsb, - struct super_block *newsb) + struct super_block *newsb, + unsigned long kern_flags, + unsigned long *set_kern_flags) { return 0; } diff --git a/security/security.c b/security/security.c index b9fea39..7b70ea2 100644 --- a/security/security.c +++ b/security/security.c @@ -380,9 +380,12 @@ int security_sb_set_mnt_opts(struct super_block *sb, EXPORT_SYMBOL(security_sb_set_mnt_opts); int security_sb_clone_mnt_opts(const struct super_block *oldsb, - struct super_block *newsb) + struct super_block *newsb, + unsigned long kern_flags, + unsigned long *set_kern_flags) { - return call_int_hook(sb_clone_mnt_opts, 0, oldsb, newsb); + return call_int_hook(sb_clone_mnt_opts, 0, oldsb, newsb, + kern_flags, set_kern_flags); } EXPORT_SYMBOL(security_sb_clone_mnt_opts); diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index e67a526..d8d5d35 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -529,8 +529,16 @@ static int sb_finish_set_opts(struct super_block *sb) sb->s_id, sb->s_type->name); sbsec->flags |= SE_SBINITIALIZED; + + /* + * Explicitly set or clear SBLABEL_MNT. It's not sufficient to simply + * leave the flag untouched because sb_clone_mnt_opts might be handing + * us a superblock that needs the flag to be cleared. + */ if (selinux_is_sblabel_mnt(sb)) sbsec->flags |= SBLABEL_MNT; + else + sbsec->flags &= ~SBLABEL_MNT; /* Initialize the root inode. */ rc = inode_doinit_with_dentry(root_inode, root); @@ -963,8 +971,11 @@ static int selinux_cmp_sb_context(const struct super_block *oldsb, } static int selinux_sb_clone_mnt_opts(const struct super_block *oldsb, - struct super_block *newsb) + struct super_block *newsb, + unsigned long kern_flags, + unsigned long *set_kern_flags) { + int rc = 0; const struct superblock_security_struct *oldsbsec = oldsb->s_security; struct superblock_security_struct *newsbsec = newsb->s_security; @@ -979,6 +990,13 @@ static int selinux_sb_clone_mnt_opts(const struct super_block *oldsb, if (!ss_initialized) return 0; + /* + * Specifying internal flags without providing a place to + * place the results is not allowed. + */ + if (kern_flags && !set_kern_flags) + return -EINVAL; + /* how can we clone if the old one wasn't set up?? */ BUG_ON(!(oldsbsec->flags & SE_SBINITIALIZED)); @@ -994,6 +1012,18 @@ static int selinux_sb_clone_mnt_opts(const struct super_block *oldsb, newsbsec->def_sid = oldsbsec->def_sid; newsbsec->behavior = oldsbsec->behavior; + if (newsbsec->behavior == SECURITY_FS_USE_NATIVE && + !(kern_flags & SECURITY_LSM_NATIVE_LABELS) && !set_context) { + rc = security_fs_use(newsb); + if (rc) + goto out; + } + + if (kern_flags & SECURITY_LSM_NATIVE_LABELS && !set_context) { + newsbsec->behavior = SECURITY_FS_USE_NATIVE; + *set_kern_flags |= SECURITY_LSM_NATIVE_LABELS; + } + if (set_context) { u32 sid = oldsbsec->mntpoint_sid; @@ -1013,8 +1043,9 @@ static int selinux_sb_clone_mnt_opts(const struct super_block *oldsb, } sb_finish_set_opts(newsb); +out: mutex_unlock(&newsbsec->lock); - return 0; + return rc; } static int selinux_parse_opts_str(char *options,