From patchwork Tue Oct 17 13:58:33 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Richard Haines X-Patchwork-Id: 10012217 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 7A1A5601E7 for ; Tue, 17 Oct 2017 14:46:36 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 7E2DA28936 for ; Tue, 17 Oct 2017 14:46:36 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 7263E28939; Tue, 17 Oct 2017 14:46:36 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.1 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_MED, T_DKIM_INVALID autolearn=unavailable version=3.3.1 Received: from uhil19pa09.eemsg.mail.mil (uhil19pa09.eemsg.mail.mil [214.24.21.82]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 44E8E28936 for ; Tue, 17 Oct 2017 14:46:33 +0000 (UTC) Received: from emsm-gh1-uea10.ncsc.mil ([214.29.60.2]) by uhil19pa09.eemsg.mail.mil with ESMTP/TLS/AES256-SHA; 17 Oct 2017 14:46:32 +0000 X-IronPort-AV: E=Sophos;i="5.43,391,1503360000"; d="scan'208";a="4819167" IronPort-PHdr: =?us-ascii?q?9a23=3AgP/TJRWpONFHE0DW5iYS7q1sX0LV8LGtZVwlr6E/?= =?us-ascii?q?grcLSJyIuqrYYR2HvadThVPEFb/W9+hDw7KP9fy4ASpZvd3R6DgrS99lb1c9k8?= =?us-ascii?q?IYnggtUoauKHbQC7rUVRE8B9lIT1R//nu2YgB/Ecf6YEDO8DXptWZBUhrwOhBo?= =?us-ascii?q?KevrB4Xck9q41/yo+53Ufg5EmCexbal9IRmqsQndrNQajIRtJqsy1hfCv2dFdf?= =?us-ascii?q?lRyW50P1yYggzy5t23/J5t8iRQv+wu+stdWqjkfKo2UKJVAi0+P286+MPkux/D?= =?us-ascii?q?TRCS5nQHSWUZjgBIAwne4x7kWJr6rzb3ufB82CmeOs32UKw0VDG/5KplVBPklC?= =?us-ascii?q?EKPCM3/2HNjsx7kbxVrhSvqRdix4LYeZyZOOZ7cq7bYNgUR3dOXtxJWiJBHI2y?= =?us-ascii?q?YYgBAe0cM+ZArYTxulUDogWlBQS3GO/j1iVFimPs0KEmz+gsFxzN0gw6H9IJtX?= =?us-ascii?q?TZtMn7NKYOXuC11qbI1yjMZO5U1zjn6YjIdA4uoeqRVr93a8rRyFUgFwPfgVWK?= =?us-ascii?q?tIPqJy+a2fwNs2eB7upgU/ygi3U8pg5qvjivx8EsipXXiYIPzFDL6zl5zJwpKt?= =?us-ascii?q?2/TU52eNipG4ZTuSGCL4Z6X8wvTm5ytCs617EKo4C3cScUxJg92hLTc/+KfomS?= =?us-ascii?q?7h7+WuucLi10iXJrdb6lmhq/8Fasx+vhXceuyllKtDBKktzUu3AI0Bzc99aIR+?= =?us-ascii?q?Nm/kekxTaPzwfT6vxYIUwslarUNZohwrkom5oPq0vDBC72mFjtjKOMakUl+vSn?= =?us-ascii?q?6+TgYrn8oJ+TK5R0hR3kPqQrm8y/Bfw0MgkIX2eF5eSxzKDv8EL2TblQjvA6j7?= =?us-ascii?q?PVvI7VKMgFvKK1HhdZ0oM55Ba+Czem3s4YnX4CLF9dYxKIkYzpO1DIIPDlAvaz?= =?us-ascii?q?mk+jkDB2x/DAIrLuHI7NI2PfkLbhYbl960lcxBA1zdBE/Z1YEL4BIPXtWkPprt?= =?us-ascii?q?zXEgc5MxCow+bgENh91IQeWWSVDa+FMKPdq1mI6/ktI+mLYo8VvSzyK+M55/Hw?= =?us-ascii?q?l385gkURfa6z3ZsYcHq4BOhpI12FYXrwhdcMCWUKvggkQ+P2i12CSjlTZ3CzX6?= =?us-ascii?q?Ii/Tw7BoamDZrMR4+2nbyB2ju7HoBMamBBEFCMHm/id5+YVPcUdCKSPshhnyQc?= =?us-ascii?q?Vbe/UIAuyxeutA7my7pgNefU+zMXuoz929Rv4O3Tjx4y/yRuD8uBy2GNU310nm?= =?us-ascii?q?QQSjAr26B/p0p9xUqd3qh8gvxVDsZc6O1TUgc9L5LcyPZ6C9/qUALbYtiJUEqm?= =?us-ascii?q?QsmhATwpU90x38UBY1xmFtq+iRDD2jalDKUOl7yXHpA09LzT32TpLcZn13nGzL?= =?us-ascii?q?Uhj0UhQsZXNG2mgLJ/+BbXB4HXlkWWibqqdb4c3SPW82eD1XSBvEddUAFqUKXF?= =?us-ascii?q?WWsQZkzZrNjj4UPCVbCuA6w9MgRd0c6CNrdKatrxgFRGRfbjP9Lebnm0m2e0HB?= =?us-ascii?q?qIx7WMYJDse2oHxiXdC0kEkx4N8nqcMwgxGDuhqXrEDDNyDVLvf1/s8e5mpXK1?= =?us-ascii?q?T080ywSKYFN717eu9B4am+GTS/QJ3r0eoCchsTJ0HFSj0N3KF9qMvQ1hfL9TYd?= =?us-ascii?q?kl+ldIyXrZtxBhPpynN61iiEQefB5xv0zy1hV3EZ5Nkc0yrHMr1QZyMqyZ0Ehb?= =?us-ascii?q?ezOfx5DwNaXdKnPu8xC3d67Wxlbe3c6V+qgV6/Q4rEjjsRqqFkU48HVn1MRV32?= =?us-ascii?q?Gb5pXQAwoYSYjxXVov9xhmu7HaZTEw6JnJ2n12MKm7rCXC1skzC+Q5zxasZdBf?= =?us-ascii?q?MLmLFAXqCc0VG9CuKPA2m1iudh8LIPpd9KoqMMO9a/uH2KmrMf17nD26jGRI/o?= =?us-ascii?q?Z90l6N9yVmUOLI2YgKw+2A1AudSzj8lEuhstzwmY1cfzEdA3ewxDPrBI5Uaax+?= =?us-ascii?q?Z4ALBnmyI8ev3NVxm4btW2JE9F6kH14Gw8GpeQCVb1zmwQ1dzl8XoXqgmSq2yj?= =?us-ascii?q?x7iTcporCZ3CPQ3+TobAAHNXJTRGl+kVfsJpC5jt4AU0iscwgmigGl5V3hyqhF?= =?us-ascii?q?uqt/NXLcQVpNfyTsKGFiSKSwvKKYY8FT8JMorTlXUOOkbFCGV7Hyvhoa3DnnH2?= =?us-ascii?q?ZF2D87cDSqtYnjkBxhlGKRNnBzo2TFecto3xfQ+MTcReJN3joBXCR4lzjXCUSg?= =?us-ascii?q?P9mu59WYjYvMsuC5V2KnWZ1eai3rzYKGtCSh/21qBgezn/epmt3oCQI6yzP018?= =?us-ascii?q?F2VSXUqxbxeo3r16WhMeJ7Z0VoH0Hz6857GoF4j4sxi4od2WMChpWU+3oHkHv8?= =?us-ascii?q?Mc5B1aL4cnUNWSYBw8TJ7wj9xE1jMnWJyprjVnWaxsthY8e1YnkK1SI64cFHE7?= =?us-ascii?q?yU7KFYkituuFa4qhjRYfdllDcH1fQu8GIag/0OuAc1zSWSHLYSHVJDMCzviRuI?= =?us-ascii?q?6cu+rKNJa2aza7Sw01B+nd+5BrGYvg5cQGr5eoslHSJo9sVwKk/M0Hnt5YH8Yt?= =?us-ascii?q?bQa84TuQOOkxrbkuhVM4w+luARhSZ9ImL9umAly/QnghNw05G6u5KHK2pz866j?= =?us-ascii?q?BB5XKCH1bdsJ+j7xlaZegtqW34e3E5V/HDUEQYDlTeyuED0PtfTrLQCOHyMgqn?= =?us-ascii?q?2DA7rQARef6Ft6r3LIC52rL2uYJGQdzdh5WBadJVBfgQANUDU0hJE5EBqmxMv7?= =?us-ascii?q?cEd2/joR/EL3qgNQyuJ0MBnySmTfpQesajgqU5WfKR1W7g9M50jLLcye8uJzHy?= =?us-ascii?q?Zd/pK/tgCNLHKUZxhQB2ETRkOEH0zjPqWp5dTY/eiXHOy+L+fJYbWLsuFeWemH?= =?us-ascii?q?yo+o0ot85TmMLt+PPn5gD/IlxkVDQWp1G8PDmzUAUyYXjT7Cb9aHpBeg/S16tt?= =?us-ascii?q?q//O7lWQ714IuAEb9SMdJv+h2tm6iMK+uQiDx+KTZC2ZMG3WXIx6QH3F4OlyFu?= =?us-ascii?q?cCGgEboatSHTUa3QgbVYDxgHayN0L8tF9Lgz0RVIOcLBjdP1zLF4hOYvC1hZTV?= =?us-ascii?q?zhht2pZcsSLmG7LlPIHl6LNKydKD3FwsH3e7i8SaFejOVVsR2/ozCbHFPiPjuZ?= =?us-ascii?q?kznlTRevMftDjCuDJhxRpJm9cgpxCWjkVN/pcQa0PNhzjT032r00mmjKOXQHMT?= =?us-ascii?q?dib0xBtKaQ4j1cgvV+HWxB83VkIPKYlCeZ9enYN40WveFlAytui+Ja+3M6y71P?= =?us-ascii?q?4CFDXvx1lzPYrsRyrFG+jumP1j1nXQJIqjZKgIKLuVttOb7C+5ZaR3nE5hUN4X?= =?us-ascii?q?+XCxQQqNtvEsfvtLxIytjTiKLzLy9P/MnV/csTAMjULtmKP2c/PhXyGT7bFg0F?= =?us-ascii?q?QSSsNWHFiExXiOuS+WGNrpgmtpjsn4IDRaVUVFMvCPMVFF9oHNsaIJhpWDMklK?= =?us-ascii?q?SUjM8M5XWlqxnQS99WvpfdVvKdGf/vMiqWjaFYZxsUxrP1NZgTNor+20B4cFl6?= =?us-ascii?q?m4XLFFTWXd9WuC1haRE7oEZW/XdiSW0z3l7qZRm24H8PD/K0mAA5ihdma+Q36D?= =?us-ascii?q?js+0s3JkbNpCYolkk+h8/qgTSKfT7yK6ewRp1WBDDyt0gqMZP7Qhx5bQuskkx4?= =?us-ascii?q?LD3EXa5ej6N8dWB3jw/RoYFPFuBHTaJaehAQ3+2YZ/Uz3FtHqyWn31JI5ezLCZ?= =?us-ascii?q?t6jgslb56to2hG2w19cN4/PbbQK7ZRzlhMmqKOuTel2f0rzw8AJkYC7XiSdTUS?= =?us-ascii?q?t0wSLLkmICSp/vdy5gOehjtDYmkMV+Yqo/5w8EMyJfiAxTr607FfMkCxK/CfL6?= =?us-ascii?q?SBtmjEks6IWE0/1kUJlklC5rV23sEjc1eOW0Ao1ruRGAwDNdDeJgFNc8pS6H/T?= =?us-ascii?q?cD6VserTxZJ1PoO9Fv3nTOKVqKkUhUekExozEIQX8sQNBJ+s31/ELc3/Nr4K1Q?= =?us-ascii?q?0t5Bj3JFWCFPlGZQ6EkDIAo8G50J97wJJQJi8DDmVnMCW257HXpgkwjPqFQtg2?= =?us-ascii?q?fm8QXpEYOXIuRM26hylZsmxcDDm21+IZzxSC7z/8pynLETb8btpia+2Pah92Dt?= =?us-ascii?q?G55yk/+bCsiVHL6pXeO336NdN6t9/A8+MVvZCHC+9PQLl8tEfdlY9YR2CqU2HR?= =?us-ascii?q?EN61IYTwZJc2bdDuDHa1TEC/gSovT8jtJNatMrSIgQbwSIlOtImb3SwsOtGlGT?= =?us-ascii?q?EbGxZwoeYD5KRmagAYeJU7YATntwInO6yxPQeUyNOuTHixKTFOVflQ0f26Z6BL?= =?us-ascii?q?zyorduK102UvTpchwuat7EENWo8FjgvFxfm5fYlfUTL/GntHewXAvSA5jXRuNv?= =?us-ascii?q?4uwucjxxPFqUMcMzaKdON1aGxEuNU8BUiKL3tvF2Q2XUORg43Y7wGw2LAS+jdS?= =?us-ascii?q?kMxP0e1ZqnT+uIHQYC60UqyxtZrVqzYgbcQho6BpLYPjINGJu4/FkzPDS5nQtg?= =?us-ascii?q?mFUC+kGPpAhthfPj5XQPlSlWEiI8wGtpJL6VAtWccmO7xPFK4sq6iwaTV+Fy4S?= =?us-ascii?q?yjQWWpic3DwYmOi8xaXVlhORcJQkPxwEtJRCgtQdUy5qbCMRvrWjV4DMm2+CVG?= =?us-ascii?q?cLPB8Z7R5Q6wIYio9wYufl7ZLGTZNW1zFWo/N0Ui7KFpZy9Fv2UWCWjkbmR/q/?= =?us-ascii?q?ieCp2hhSzP302NkBRBF/EVRdx/pRlkYwMLF3LK0QsZTQsj6GckP6uGztxfCjJF?= =?us-ascii?q?lWzs3UbEP3A5bftWr7SS0c4nwURYlAyH3FEpQSiQV5Yr4xpFpQOICmZlr+5zs8?= =?us-ascii?q?yotzBbm4SMary0wmrXsdRieqEttBC/19v17NXj1qfYyroo3/O5pOWm9Q5IGdq1?= =?us-ascii?q?BBnUVxNC65zIFRK91R7j4JRzdDuzOds8WuSMdbw895E4cMIstju3f6AK5EOIKe?= =?us-ascii?q?o2cstbzr13DU4C0zv0mixDWrBaC4S/xW/3cEFgUuPWSepVElD/Ew/WfK7lDNrl?= =?us-ascii?q?d08v9ZBriIk0p8uytyEY5VBjlXz3ClM0p8Q2Rcv+VcNqvVb9RWQ+Muah+3Jxw+?= =?us-ascii?q?Cfkm0lSS8kF6gXj1fy5/uhZU9i3GQwY0UiwVjav3lj0FtsGrIzkaRIxUbT85dS?= =?us-ascii?q?fKNxqbmTxLvBZYc0xqQY4WDctF+74BwYtZ5c7CSUGyKS4bQhBtKgU43udBmkJZ?= =?us-ascii?q?tkWXZzzdBxKydfnTqh13YduRrMmxIfTh5wdHlpnov/0k96gYXH2mnhCtQcrCoI?= =?us-ascii?q?DisN2KqlGOe738M+GmZn/BVjfMhwiqhbg4F5nK4zTTMA1DJplm03orf4buBnPQ?= =?us-ascii?q?MBRbI6IbO1BbWrpkadVHpeBaY9FreLoT9a9qHBKHSQvlGJazo/leMlbTWTPeIj?= =?us-ascii?q?2E8uOlpYLT6aLSSfT8ZsOW3XnKWKR3MYlm6TngB7jly5de9VTs1vdr6Ex6VUDM?= =?us-ascii?q?Mzqdo9T5OgML+M6ie1PgvpIzBzPWB4xwkH73yUFebMcXRjCq8JAEyJNY9HnwSP?= =?us-ascii?q?h30k7osOFI8Llk84Y36ahzycioPafSNehasUh/DxiWHApq8JstAHJ4R29MfOAc?= =?us-ascii?q?M+vRcr4fjcD1rOD7DaoX5wOJ++ZBc9vIO1nBmtWjCjGbURFEkxoBqT8eLguYyf?= =?us-ascii?q?GFnrR5Rtu7qufi20Ii+V6+IgQBzLB36oeO4rCIq/PPbxvN0bgEXbDnRsX3rrk3?= =?us-ascii?q?ukOS4/gkmKQPemxzbQ2nCvISVtUBxmf60KAl0T4sE97ZH73+4vJDUGg5nj34kZ?= =?us-ascii?q?BnA1oWAu8UHaaM/YlGm2c4nOrZNsEZcq9cgWuPEB+kHaUEyXG19yuWLm5lggvN?= =?us-ascii?q?0xHrW2+z6kH5rTNgSyvW09jjilZVVqWwBUpKWyqpIkp4vTOUMQrmqtX4pKM17F?= =?us-ascii?q?ssPWz8rtKNk2mhN61LEM3jPtCcJjM0pF0Php0rWtOvwZwbGca6INoJ8nF+b/7e?= =?us-ascii?q?5niukyBfo6ZImZDe4sCT+vXYB3WgibOVq6mVzjBC1nc4pU0/6synNvzW5t2LQu?= =?us-ascii?q?6n2HwNQCpkoAvOQQK1paLHoFwOPkyLykjLkpQQPt5FxXk4yl3m5O87Td0o9QVe?= =?us-ascii?q?DYjBaOkApTDyJDv02UyQY88zViSFzzRXGU/6HkdiF6ghwmLwu9jJmm3K910vXI?= =?us-ascii?q?lweFTthQZrAIUgNUIt9F8XzzIbEQcXdRCUELGoBEriLYseVkgPcA+H06a+eqc2?= =?us-ascii?q?201z37yu6fTLbeNmG6oCKvZdjwCJnFhBGZIaq64eT6xme19b6qHXohLuC4/9X/?= =?us-ascii?q?jpjXAwL+G6QthG8cAFsHsv+hq/RwC+5pdH9bkbjo6He7VZbpjNs8B87ltn6iQU?= =?us-ascii?q?diNXmhh/kgm1UeYCq+D/+tLbqoan6v6yVKYxQOUa7xc0CH5kj5TunFAjocra1+?= =?us-ascii?q?NdSo3Jl4v/8BpCI2ORuIrA1RlzN/YOIZqxfLl873UHOzQeJ3UWMNqZdfY85TNt?= =?us-ascii?q?MDLU51BFGcMDe9cYPMvLmQBJhUzkQ7VT+dTBGl6YEYh/bcYo4HTryDot65szTv?= =?us-ascii?q?7g6COqJZDY91xNOfJDgzlrlNLGvucV2uDeCCkQ4XmecBh12TiPy5yCBvf/5+mM?= =?us-ascii?q?z8vUV1weFC4sT4hdPCaC+RCgRuetm5XmThiU6tTqjJwje0yeQH2xnKIYsqdDCu?= =?us-ascii?q?NAhSD70SJYFo/rnf6VtMCs6GRPvF1dDIlz9QHFGLlYPphjOxT4kcmrRk5mCiTj?= =?us-ascii?q?eMHUcgcut/eXx+cN5eV+LEj+ZY4ALxIayrL692BaTg9zR773pFqZW/weZMd+Qv?= =?us-ascii?q?Pesn9V8Z5gK7MIPFWFpZzqsC1HqFYtDQ8tdb8/sz1adk7VnAFPXKb0orEAgBMG?= =?us-ascii?q?UdFloU9MBX6wOGUm6jrFS6tVgqeRCPgO/zSdVKMOVVtnMj9kTxOzxppuZ6Ojne?= =?us-ascii?q?pbvWNegiN9vP8q3iRpRBu4vi3tqbwC2TYk+LyjrzUBvnpFTuSCnCvSD1VM0ugK?= =?us-ascii?q?h78GC3n+8Vy8fGUDbIzq7bllJcTh9ZEh43M7YRUiYy0JQ/+tCyTxj6OUGIyArs?= =?us-ascii?q?hQhBmXuMXBdbWzNzQdNqwhyRL/QHhwyhTenBdt8GYQXjWg7cMrJIajNsYh3Cao?= =?us-ascii?q?H3bUdEoU6KNTrMTxrUILTPcxaV55xWVj08uHRi4KRMHUGWY6lAskaWJCcJ1d7x?= =?us-ascii?q?8WDa8ojSiUvqNe5AEbfC/UEpi5+onXhcrHwmcyTdF2xm/Nva2FgpQq0GF5m9Nq?= =?us-ascii?q?8CGBpW4ed+vCU89jGnLzzJtQyfTiZ/WxteAKUIVmx6qlUP8DKsms53C72ZRrWk?= =?us-ascii?q?+gw7QRAUC5MOsdybvBVCelU2KYU/yRc2eQhzY5LlLy5R6wI1w5cMdKtU49Pffc?= =?us-ascii?q?iZNHkg3hUK90Rj+OqlPBy2wjK+wafRosuIi7YwwKUPIRZ++EKOgpxP0xFkABb2?= =?us-ascii?q?fNHSRsEO+2rV+tk5RnO3V6/0r1f/7h8gb4P9uOAhMEC5LVroZt+fymQWKMIXtg?= =?us-ascii?q?zBx0PElp+ObTDlAxtu5Hc5aNhtjdnNV73vQDd/dqKyE9vcQTmo1744mOzMiKaQ?= =?us-ascii?q?3Rzor1JdzNufiXHfnfz0UsemFHXbsVZgz755k6PtEnQb3cA6NZsg4HCKg5XpMh?= =?us-ascii?q?LWHx+79wLAxobw7Ra664gs7wpuKEfpFUvWPZ7kosLCfAvB0O0vm0QhZnYJCqhn?= =?us-ascii?q?XyJpcwSylfr91sDBtpAo9PG8IGrwq6DJ+Ygqa7i8W++0lioe8FrbLwCuzW1NS+?= =?us-ascii?q?x4hxXYJV5U+MPDnKH6Rrn0JljviygvfHz5nxBsPiec8eWOh9XGHFdqfMHp+jJT?= =?us-ascii?q?KWJsL8Z0lG/qae0LJ8VRWRfjr5X6udtCC/MvVr+0A7xZJ5fObJyzwt9b7b0sPo?= =?us-ascii?q?Z25HviejsWKJNJxH4VzRC+zeWg5bRPuG/Wt+A60Yc5H09OYPMNwlxtiQ+Q9z4y?= =?us-ascii?q?pe0JjNH6/0tULI20RmZbrHPUDp3GA/QoBMLxOhdQMqjHPVp2r1H3tRNI6nJNNr?= =?us-ascii?q?jdLTCQbiowF1mGcwditaEXbwbcmeNHJd2M+kYgCOsgVRAJJLm++xZF59raC5VP?= =?us-ascii?q?NpJoQAnOKmqbEKuchmJjuJR8VAOSzUarhsMWl/FOLK8WIpaR4NqbR9eo40Y5WV?= =?us-ascii?q?aBcdMUyAwDn++gD10UT1cdG3/KyVISAK/29Bwq6D2j9J8Vrq8c2Fi9HuBeiKJK?= =?us-ascii?q?r9W+TfZW98Djw=3D?= X-IPAS-Result: =?us-ascii?q?A2BTBACAF+ZZ/wHyM5BdHAEBBAEBCgEBFwEBBAEBCgEBgwg?= =?us-ascii?q?pA4FSJ48NjkOYO4IAJooRQhUBAQEBAQEBAQEBAWoogjgkgkkCJBkBOAECAwkCB?= =?us-ascii?q?TIRCAMBWhIFiEiBNwEDFQMBrCo6gwkFgQKEYIJvBAiDLoE2UYM7hgmBYoEEhTU?= =?us-ascii?q?FoUuUXoIhkQSKIo0HNSKBWTQhJYNCggxBDxyBaHWIPCyCFgEBAQ?= Received: from tarius.tycho.ncsc.mil ([144.51.242.1]) by EMSM-GH1-UEA10.NCSC.MIL with ESMTP; 17 Oct 2017 14:45:12 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id v9HEj5WL028678; Tue, 17 Oct 2017 10:45:07 -0400 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id v9HE4v87045446 for ; Tue, 17 Oct 2017 10:04:57 -0400 Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id v9HE4uGU009375; Tue, 17 Oct 2017 10:04:56 -0400 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A1CPAgDQDeZZfygVGNZdHAEBBAEBCgEBg?= =?us-ascii?q?zMpgVUnnVCYKRCCBA+FNoRtQRYBAgEBAQEBAQETAQELFoYoGQE4ARUydxKITYE?= =?us-ascii?q?3AQMVAwGsFTqDCQWBAoRggkkBJQQIgy6BNlGDO4YJgWKBBIU1BaFLlF6CIZEEi?= =?us-ascii?q?iKNByYLgX80ISWDQoIMQQ8cgWh1iDcsghYBAQE?= X-IPAS-Result: =?us-ascii?q?A1CPAgDQDeZZfygVGNZdHAEBBAEBCgEBgzMpgVUnnVCYKRC?= =?us-ascii?q?CBA+FNoRtQRYBAgEBAQEBAQETAQELFoYoGQE4ARUydxKITYE3AQMVAwGsFTqDC?= =?us-ascii?q?QWBAoRggkkBJQQIgy6BNlGDO4YJgWKBBIU1BaFLlF6CIZEEiiKNByYLgX80ISW?= =?us-ascii?q?DQoIMQQ8cgWh1iDcsghYBAQE?= X-IronPort-AV: E=Sophos;i="5.43,391,1503374400"; d="scan'208";a="86203" Received: from emsm-gh1-uea10.ncsc.mil ([214.29.60.34]) by goalie.tycho.ncsc.mil with ESMTP; 17 Oct 2017 10:04:41 -0400 IronPort-PHdr: =?us-ascii?q?9a23=3ATvNILhXWtnBfOkVuqfZ3tzErsAjV8LGtZVwlr6E/?= =?us-ascii?q?grcLSJyIuqrYbRaBt8tkgFKBZ4jH8fUM07OQ7/i4HzVcqsnY+Fk5M7V0Hycfjs?= =?us-ascii?q?sXmwFySOWkMmbcaMDQUiohAc5ZX0Vk9XzoeWJcGcL5ekGA6ibqtW1aFRrwLxd6?= =?us-ascii?q?KfroEYDOkcu3y/qy+5rOaAlUmTaxe7x/IAmqoQnLq8UbjoRuJ6QsxhDUvnZGZu?= =?us-ascii?q?NayH9yK1mOhRj8/MCw/JBi8yRUpf0s8tNLXLv5caolU7FWFSwqPG8p6sLlsxnD?= =?us-ascii?q?VhaP6WAHUmoKiBpIAhPK4w/8U5zsryb1rOt92C2dPc3rUbA5XCmp4ql3RBP0ji?= =?us-ascii?q?oMKjg0+3zVhMNtlqJWuA+vqRxhzYDaY4+bM+Fzcr/Bcd4AWWZMRNpdWzBHD4ih?= =?us-ascii?q?b4UPFe0BPeNAoofhplsBsRu+ChO2BOzy1zRGhGX53aw80+s/CgHNwQstH8gPsH?= =?us-ascii?q?vIrNX6Lr0SXv2tw6bU1TrDb+lZ2Tb76IfWaRAsuuqDXa5xccrX1UkgCRnFjlOO?= =?us-ascii?q?poz5JT+ayuMNs22C4udmSOmhiHYnphlvrjSyycogkJfFi40Pxlza6Cl12ok4Kc?= =?us-ascii?q?GgREN4YNOoCoZcui+VOodsQs4vTXtktDs7x7EYv5OwYTIEx449xxHFbvyKa4iI?= =?us-ascii?q?7QznVOaWOTp3inBrdrG5iRu870Wu0PHxWtWp3FpQsCVKjNzMtmsC1xDJ78iIUP?= =?us-ascii?q?p9/kO71TaK1gDT7vlIIUEylaXFN54s2qA8moccvEjZACP7l1/6gLGLekk+9eWk?= =?us-ascii?q?9/zrYrD8qZ+dM490hBv+MqMrmsGnG+Q4MxQBX2iB9uSmybLs5VH2T61KjvIsk6?= =?us-ascii?q?nZto7VJd8Aq6GiHw9V04Aj6wqhADe81tQXg2UHIEhZdxKAiojlI0vOL+zgDfej?= =?us-ascii?q?n1Ssly9mx+vbMb36GZjNMnjCn6vhfbZ68UJczhEzwspF65JbDbEBPur5WlXtu9?= =?us-ascii?q?zAEh85Lwu0zv78CNpj0oMeWGSPArKWMa7JrV+J5v4gI+mLZIMPvjb9MOIq6+Th?= =?us-ascii?q?jX8+h19ONZWuiIAabHG+A+ROP1SSYX2qhMwIV2gNoE52SuH2hFCceSBcamz0XK?= =?us-ascii?q?8m4Dw/ToW8AsOLQoGrnazExyynBrVIaW1cTFOBC3Hlc8ODQfhIICaTJNJx1ycJ?= =?us-ascii?q?XqW7SpMwkBSpuBL+xpJ5IefOvC4Vr5Tu0J5y/eKAuws18GlODs+d2nuBB0F9n2?= =?us-ascii?q?UFXHdixqF0oUVnxmCI5qhxgvpVDvRZ+/JPTgogM5PAied9DoahCUr6Yt6VRQP+?= =?us-ascii?q?EZ2dCjYrQ4dpzg=3D=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0CPAgDXDOZZfygVGNZdHAEBBAEBCgEBF?= =?us-ascii?q?wEBBAEBCgEBgwgpgVUnnVCYKRCCBA+FNoRtQRYBAQEBAQEBAQEBARIBAQsWXYI?= =?us-ascii?q?4IoJxGQE4ARUydxKITYE3AQMVAwGsEzqDCQWBAoRggkkBJQQIgy6BNlGDO4YJg?= =?us-ascii?q?WKBBIIXDIMSBaFLlF6CIZEEiiKNByYLgX80ISWDQoIMQQ8cgWh1iDcsghYBAQE?= X-IPAS-Result: =?us-ascii?q?A0CPAgDXDOZZfygVGNZdHAEBBAEBCgEBFwEBBAEBCgEBgwg?= =?us-ascii?q?pgVUnnVCYKRCCBA+FNoRtQRYBAQEBAQEBAQEBARIBAQsWXYI4IoJxGQE4ARUyd?= =?us-ascii?q?xKITYE3AQMVAwGsEzqDCQWBAoRggkkBJQQIgy6BNlGDO4YJgWKBBIIXDIMSBaF?= =?us-ascii?q?LlF6CIZEEiiKNByYLgX80ISWDQoIMQQ8cgWh1iDcsghYBAQE?= X-IronPort-AV: E=Sophos;i="5.43,391,1503360000"; d="scan'208";a="4816457" X-IronPort-Outbreak-Status: No, level 0, Unknown - Unknown Received: from uhil3cpa01.eemsg.mail.mil ([214.24.21.40]) by EMSM-GH1-UEA10.NCSC.MIL with ESMTP; 17 Oct 2017 14:04:38 +0000 X-EEMSG-check-005: 0 X-EEMSG-check-006: 000-001;00861d36-feb5-4373-8b5e-6015dc731dff Authentication-Results: UHIL19PA16.eemsg.mail.mil; dkim=permerror (key too small [TEST]) header.i=@btinternet.com X-EEMSG-check-008: 188592964|UHIL19PA16_EEMSG_MP14.csd.disa.mil X-EEMSG-SBRS: 2.8 X-EEMSG-ORIG-IP: 65.20.0.148 X-EEMSG-check-002: true X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A0BxAQBGCuZZgJQAFEFdHAEBBAEBCgEBgzOBfie1eRCCBA+FNoRtQRYBAgEBAQEBAQETAQELCwkIJjGFSxkBOAEVMncSiE2BNwEDFQSsBjqDCQWBAoRggkkmBAiDLoE2hAyGCYFigQSCFwyDEgWhS5RegiGRBIoijQcmC4F/NCElg0KCDAFADxyBaHWINyyCFgEBAQ X-IPAS-Result: A0BxAQBGCuZZgJQAFEFdHAEBBAEBCgEBgzOBfie1eRCCBA+FNoRtQRYBAgEBAQEBAQETAQELCwkIJjGFSxkBOAEVMncSiE2BNwEDFQSsBjqDCQWBAoRggkkmBAiDLoE2hAyGCYFigQSCFwyDEgWhS5RegiGRBIoijQcmC4F/NCElg0KCDAFADxyBaHWINyyCFgEBAQ Received: from rgout0801.bt.lon5.cpcloud.co.uk ([65.20.0.148]) by UHIL19PA16.eemsg.mail.mil with ESMTP; 17 Oct 2017 13:58:46 +0000 X-OWM-Source-IP: 86.134.53.162 (GB) X-OWM-Env-Sender: richard_c_haines@btinternet.com X-Junkmail-Premium-Raw: score=8/50, refid=2.7.2:2017.10.17.134816:17:8.317, ip=, rules=__HAS_FROM, __FRAUD_WEBMAIL_FROM, __TO_MALFORMED_2, __TO_NO_NAME, __HAS_CC_HDR, __MULTIPLE_RCPTS_CC_X2, __CC_NAME, __CC_NAME_DIFF_FROM_ACC, __SUBJ_ALPHA_END, __HAS_MSGID, __SANE_MSGID, __HAS_X_MAILER, __FROM_DOMAIN_IN_ANY_CC1, __ANY_URI, __FRAUD_BODY_WEBMAIL, __URI_NO_WWW, __NO_HTML_TAG_RAW, __MIME_TEXT_P1, __MIME_TEXT_ONLY, __URI_NS, HTML_00_01, HTML_00_10, __FRAUD_WEBMAIL, __FROM_DOMAIN_IN_RCPT, __CC_REAL_NAMES, MULTIPLE_RCPTS, __PHISH_SPEAR_STRUCTURE_1, __MIME_TEXT_P, NO_URI_HTTPS Received: from localhost.localdomain (86.134.53.162) by rgout08.bt.lon5.cpcloud.co.uk (9.0.019.13-1) (authenticated as richard_c_haines@btinternet.com) id 58BFF08017316DE8; Tue, 17 Oct 2017 14:58:40 +0100 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=btinternet.com; s=btcpcloud; t=1508248728; bh=Uk+L6rX7CwPGKyg/ZISdsm77hljYHqdrzufWfPa0N0w=; h=From:To:Cc:Subject:Date:Message-Id:X-Mailer; b=B6QVBQDtPX+UXpM/oYCSxrcyZJNV1aszBkLR/gB0g3wS/9nK7J2TWtp/Z1HjyfgvDiW0disu2NpHhF2wrEBq5MDxI+yBh9AnWuPQJ41UN42wq8Knsgj8qJLqvElF3bnbC516+XY6HAjFok/J3v0Kh/s3Q+JpmhWY6nP2lEwtQvM= X-EEMSG-check-009: 444-444 From: Richard Haines To: selinux@tycho.nsa.gov, netdev@vger.kernel.org, linux-sctp@vger.kernel.org, linux-security-module@vger.kernel.org Date: Tue, 17 Oct 2017 14:58:33 +0100 Message-Id: <20171017135833.4292-1-richard_c_haines@btinternet.com> X-Mailer: git-send-email 2.13.6 X-Mailman-Approved-At: Tue, 17 Oct 2017 10:36:38 -0400 Subject: [RFC PATCH 3/5] sctp: Add LSM hooks X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: Cc: marcelo.leitner@gmail.com, nhorman@tuxdriver.com, vyasevich@gmail.com, sds@tycho.nsa.gov Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP Add security hooks to allow security modules to exercise access control over SCTP. Signed-off-by: Richard Haines --- include/net/sctp/structs.h | 10 ++++++++ include/uapi/linux/sctp.h | 1 + net/sctp/sm_make_chunk.c | 12 +++++++++ net/sctp/sm_statefuns.c | 14 ++++++++++- net/sctp/socket.c | 61 +++++++++++++++++++++++++++++++++++++++++++++- 5 files changed, 96 insertions(+), 2 deletions(-) diff --git a/include/net/sctp/structs.h b/include/net/sctp/structs.h index 7767577..6e72e3e 100644 --- a/include/net/sctp/structs.h +++ b/include/net/sctp/structs.h @@ -1270,6 +1270,16 @@ struct sctp_endpoint { reconf_enable:1; __u8 strreset_enable; + + /* Security identifiers from incoming (INIT). These are set by + * security_sctp_assoc_request(). These will only be used by + * SCTP TCP type sockets and peeled off connections as they + * cause a new socket to be generated. security_sctp_sk_clone() + * will then plug these into the new socket. + */ + + u32 secid; + u32 peer_secid; }; /* Recover the outter endpoint structure. */ diff --git a/include/uapi/linux/sctp.h b/include/uapi/linux/sctp.h index 6217ff8..c04812f 100644 --- a/include/uapi/linux/sctp.h +++ b/include/uapi/linux/sctp.h @@ -122,6 +122,7 @@ typedef __s32 sctp_assoc_t; #define SCTP_RESET_ASSOC 120 #define SCTP_ADD_STREAMS 121 #define SCTP_SOCKOPT_PEELOFF_FLAGS 122 +#define SCTP_SENDMSG_CONNECT 123 /* PR-SCTP policies */ #define SCTP_PR_SCTP_NONE 0x0000 diff --git a/net/sctp/sm_make_chunk.c b/net/sctp/sm_make_chunk.c index 6110447..ca4705b 100644 --- a/net/sctp/sm_make_chunk.c +++ b/net/sctp/sm_make_chunk.c @@ -3059,6 +3059,12 @@ static __be16 sctp_process_asconf_param(struct sctp_association *asoc, if (af->is_any(&addr)) memcpy(&addr, &asconf->source, sizeof(addr)); + if (security_sctp_bind_connect(asoc->ep->base.sk, + SCTP_PARAM_ADD_IP, + (struct sockaddr *)&addr, + af->sockaddr_len)) + return SCTP_ERROR_REQ_REFUSED; + /* ADDIP 4.3 D9) If an endpoint receives an ADD IP address * request and does not have the local resources to add this * new address to the association, it MUST return an Error @@ -3125,6 +3131,12 @@ static __be16 sctp_process_asconf_param(struct sctp_association *asoc, if (af->is_any(&addr)) memcpy(&addr.v4, sctp_source(asconf), sizeof(addr)); + if (security_sctp_bind_connect(asoc->ep->base.sk, + SCTP_PARAM_SET_PRIMARY, + (struct sockaddr *)&addr, + af->sockaddr_len)) + return SCTP_ERROR_REQ_REFUSED; + peer = sctp_assoc_lookup_paddr(asoc, &addr); if (!peer) return SCTP_ERROR_DNS_FAILED; diff --git a/net/sctp/sm_statefuns.c b/net/sctp/sm_statefuns.c index b2a74c3..4ba5805 100644 --- a/net/sctp/sm_statefuns.c +++ b/net/sctp/sm_statefuns.c @@ -314,6 +314,11 @@ sctp_disposition_t sctp_sf_do_5_1B_init(struct net *net, sctp_unrecognized_param_t *unk_param; int len; + /* Update socket peer label if first association. */ + if (security_sctp_assoc_request((struct sctp_endpoint *)ep, + chunk->skb, SCTP_CID_INIT)) + return sctp_sf_pdiscard(net, ep, asoc, type, arg, commands); + /* 6.10 Bundling * An endpoint MUST NOT bundle INIT, INIT ACK or * SHUTDOWN COMPLETE with any other chunks. @@ -446,7 +451,6 @@ sctp_disposition_t sctp_sf_do_5_1B_init(struct net *net, } sctp_add_cmd_sf(commands, SCTP_CMD_NEW_ASOC, SCTP_ASOC(new_asoc)); - sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(repl)); /* @@ -507,6 +511,11 @@ sctp_disposition_t sctp_sf_do_5_1C_ack(struct net *net, struct sctp_chunk *err_chunk; struct sctp_packet *packet; + /* Update socket peer label if first association. */ + if (security_sctp_assoc_request((struct sctp_endpoint *)ep, + chunk->skb, SCTP_CID_INIT_ACK)) + return sctp_sf_pdiscard(net, ep, asoc, type, arg, commands); + if (!sctp_vtag_verify(chunk, asoc)) return sctp_sf_pdiscard(net, ep, asoc, type, arg, commands); @@ -899,6 +908,9 @@ sctp_disposition_t sctp_sf_do_5_1E_ca(struct net *net, */ sctp_add_cmd_sf(commands, SCTP_CMD_INIT_COUNTER_RESET, SCTP_NULL()); + /* Set peer label for connection. */ + security_inet_conn_established(ep->base.sk, chunk->skb); + /* RFC 2960 5.1 Normal Establishment of an Association * * E) Upon reception of the COOKIE ACK, endpoint "A" will move diff --git a/net/sctp/socket.c b/net/sctp/socket.c index 70355a0..e948163 100644 --- a/net/sctp/socket.c +++ b/net/sctp/socket.c @@ -1014,6 +1014,12 @@ static int sctp_setsockopt_bindx(struct sock *sk, /* Do the work. */ switch (op) { case SCTP_BINDX_ADD_ADDR: + /* Allow security module to validate bindx addresses. */ + err = security_sctp_bind_connect(sk, SCTP_SOCKOPT_BINDX_ADD, + (struct sockaddr *)kaddrs, + addrs_size); + if (err) + goto out; err = sctp_bindx_add(sk, kaddrs, addrcnt); if (err) goto out; @@ -1223,6 +1229,7 @@ static int __sctp_connect(struct sock *sk, if (assoc_id) *assoc_id = asoc->assoc_id; + err = sctp_wait_for_connect(asoc, &timeo); /* Note: the asoc may be freed after the return of * sctp_wait_for_connect. @@ -1336,9 +1343,17 @@ static int __sctp_setsockopt_connectx(struct sock *sk, if (__copy_from_user(kaddrs, addrs, addrs_size)) { err = -EFAULT; } else { + /* Allow security module to validate connectx addresses. */ + err = security_sctp_bind_connect(sk, SCTP_SOCKOPT_CONNECTX, + (struct sockaddr *)kaddrs, + addrs_size); + if (err) + goto out_free; + err = __sctp_connect(sk, kaddrs, addrs_size, assoc_id); } +out_free: kfree(kaddrs); return err; @@ -1604,6 +1619,7 @@ static int sctp_sendmsg(struct sock *sk, struct msghdr *msg, size_t msg_len) struct sctp_transport *transport, *chunk_tp; struct sctp_chunk *chunk; union sctp_addr to; + struct sctp_af *af; struct sockaddr *msg_name = NULL; struct sctp_sndrcvinfo default_sinfo; struct sctp_sndrcvinfo *sinfo; @@ -1833,6 +1849,24 @@ static int sctp_sendmsg(struct sock *sk, struct msghdr *msg, size_t msg_len) } scope = sctp_scope(&to); + + /* Label connection socket for first association 1-to-many + * style for client sequence socket()->sendmsg(). This + * needs to be done before sctp_assoc_add_peer() as that will + * set up the initial packet that needs to account for any + * security ip options (CIPSO/CALIPSO) added to the packet. + */ + af = sctp_get_af_specific(to.sa.sa_family); + if (!af) { + err = -EINVAL; + goto out_unlock; + } + err = security_sctp_bind_connect(sk, SCTP_SENDMSG_CONNECT, + (struct sockaddr *)&to, + af->sockaddr_len); + if (err < 0) + goto out_unlock; + new_asoc = sctp_association_new(ep, sk, scope, GFP_KERNEL); if (!new_asoc) { err = -ENOMEM; @@ -2865,6 +2899,8 @@ static int sctp_setsockopt_primary_addr(struct sock *sk, char __user *optval, { struct sctp_prim prim; struct sctp_transport *trans; + struct sctp_af *af; + int err; if (optlen != sizeof(struct sctp_prim)) return -EINVAL; @@ -2872,6 +2908,17 @@ static int sctp_setsockopt_primary_addr(struct sock *sk, char __user *optval, if (copy_from_user(&prim, optval, sizeof(struct sctp_prim))) return -EFAULT; + /* Allow security module to validate address but need address len. */ + af = sctp_get_af_specific(prim.ssp_addr.ss_family); + if (!af) + return -EINVAL; + + err = security_sctp_bind_connect(sk, SCTP_PRIMARY_ADDR, + (struct sockaddr *)&prim.ssp_addr, + af->sockaddr_len); + if (err) + return err; + trans = sctp_addr_id2transport(sk, &prim.ssp_addr, prim.ssp_assoc_id); if (!trans) return -EINVAL; @@ -3192,6 +3239,13 @@ static int sctp_setsockopt_peer_primary_addr(struct sock *sk, char __user *optva if (!sctp_assoc_lookup_laddr(asoc, (union sctp_addr *)&prim.sspp_addr)) return -EADDRNOTAVAIL; + /* Allow security module to validate address. */ + err = security_sctp_bind_connect(sk, SCTP_SET_PEER_PRIMARY_ADDR, + (struct sockaddr *)&prim.sspp_addr, + af->sockaddr_len); + if (err) + return err; + /* Create an ASCONF chunk with SET_PRIMARY parameter */ chunk = sctp_make_asconf_set_prim(asoc, (union sctp_addr *)&prim.sspp_addr); @@ -8024,6 +8078,8 @@ void sctp_copy_sock(struct sock *newsk, struct sock *sk, { struct inet_sock *inet = inet_sk(sk); struct inet_sock *newinet; + struct sctp_sock *sp = sctp_sk(sk); + struct sctp_endpoint *ep = sp->ep; newsk->sk_type = sk->sk_type; newsk->sk_bound_dev_if = sk->sk_bound_dev_if; @@ -8066,7 +8122,10 @@ void sctp_copy_sock(struct sock *newsk, struct sock *sk, if (newsk->sk_flags & SK_FLAGS_TIMESTAMP) net_enable_timestamp(); - security_sk_clone(sk, newsk); + /* Set newsk security attributes from orginal sk and connection + * security attribute from ep. + */ + security_sctp_sk_clone(ep, sk, newsk); } static inline void sctp_copy_descendant(struct sock *sk_to,