From patchwork Sat Feb 24 16:18:51 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jann Horn via Selinux X-Patchwork-Id: 10242257 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 95D9D60208 for ; Mon, 26 Feb 2018 13:13:47 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 839E729FF2 for ; Mon, 26 Feb 2018 13:13:47 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 7736F29FF6; Mon, 26 Feb 2018 13:13:47 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED autolearn=unavailable version=3.3.1 Received: from upbd19pa10.eemsg.mail.mil (upbd19pa10.eemsg.mail.mil [214.24.27.85]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id D163829FF2 for ; Mon, 26 Feb 2018 13:13:44 +0000 (UTC) Received: from emsm-gh1-uea11.ncsc.mil ([214.29.60.3]) by upbd19pa10.eemsg.mail.mil with ESMTP; 26 Feb 2018 13:13:43 +0000 X-IronPort-AV: E=Sophos;i="5.47,396,1515456000"; d="scan'208";a="9818592" IronPort-PHdr: =?us-ascii?q?9a23=3A/Gx5KhUyi2OmcXSxZM85bCP96wrV8LGtZVwlr6E/?= =?us-ascii?q?grcLSJyIuqrYYRyCtKdThVPEFb/W9+hDw7KP9fy4AipYud6oizMrSNR0TRgLiM?= =?us-ascii?q?EbzUQLIfWuLgnFFsPsdDEwB89YVVVorDmROElRH9viNRWJ+iXhpTEdFQ/iOgVr?= =?us-ascii?q?O+/7BpDdj9it1+C15pbffxhEiCCybL9uIhi6txndutULioZ+N6g9zQfErGFVcO?= =?us-ascii?q?pM32NoIlyTnxf45siu+ZNo7jpdtfE8+cNeSKv2Z6s3Q6BWAzQgKGA1+dbktQLf?= =?us-ascii?q?QguV53sTSXsZnxxVCAXY9h76X5Pxsizntuph3SSRIMP7QawoVTmk8qxkRgXoiC?= =?us-ascii?q?MaPDAn9m/ZhNF7gKZCrB+gohByxZPfboOIO/pkZq7Tfc0US3dPUMhSUCJMGZ+w?= =?us-ascii?q?Y5cVAuYdJ+tUs5Xxql0TphW+HwmsA+bvxydUiH/3waI60/4uERvb0wc9HdwBqn?= =?us-ascii?q?XUrNPrO6cJTOu10qjIwi/eZP1Lxzj97InIchY8ofCDQLl9dtHRxlcrFwPEiFWQ?= =?us-ascii?q?tIPkMiiJ1uUNr2eb7+1gWfipi248sQ59uDevxsAyioTQgI8e117K9SJ8wIkvJN?= =?us-ascii?q?24TlZ2bsK+H5tIrS6VLI92Td04T2Fupik61qUKuZG6fCgWyJQn2gXQZ+abfIiP?= =?us-ascii?q?5xLvTPqdLSpiiHJiYrK/iBC/+lWjxO3kTsS4zVlHoyVfntTMq3wBzQLf58eZRv?= =?us-ascii?q?dn40utwTWC2x3J5u1ZL004i7DXJpEgz7IqlJcesELOFTLslkrslq+ZbEAk9/Ct?= =?us-ascii?q?6+Tgf7rpuIeRN5RxigHiKqQundG/AfggPggOQWeb/eO82aX//ULjWrVKj+A2kr?= =?us-ascii?q?LDvJDGJcUUuq65AwhP3oYl9xm/FCup3M4dnXkGKFJJYBOHj473NFHSOP30EPiy?= =?us-ascii?q?jlu2nDpr2vzKJKPtD5rTInTZjbvtZbN95FRdyAo3w9Bf/ZVUCrQZLfLoREDxsN?= =?us-ascii?q?3YDhkkMw272uroE9J91p4YWW2THKCZK7jfsUOI5+0zI+mMY5UZuDDmK/c//fLu?= =?us-ascii?q?gng5mUEFcamzwZQXcGy4HuhhI0iBY3rshdEBHn0Wvgo+VuPqjkaPUTxUZ3a0Wq?= =?us-ascii?q?Iz/Co7CJ64AofZXYChmruB3D20HpdOfGBJFkiMEWv0d4WDQ/oMaiCSLdV9nTwH?= =?us-ascii?q?TrihTIkh1RCwtALhxbpnKvfU+yIDupL+0th1+/DTmQs19TxuAMSXy3uNQH1snm?= =?us-ascii?q?MUWz8227hyoEJ8yleH1Kh3neZYGMdd5/xXTwg6MoTcwPZiC9DoXQLBfMmGR0q6?= =?us-ascii?q?Qtm8BjExVN0xyccUY0lhA9WikgzD3y2yDrAIi7OLAZs08qTA33TsPMt91WjJ1L?= =?us-ascii?q?Mgj1gnRctPM3eqhqhh+AjPH4TJiVmWl762daQA2y7A7HqMzXaUs0FCSwN/TaLF?= =?us-ascii?q?XXUDaUTMttT5+lnOT7mwBrQ7KgFB09KNKrNWat31ilVLXPfiOdXZY2K3gGqwAB?= =?us-ascii?q?KIyqqNbIrsYWkd2j/SCFIHkwAS43aJKxIyBiG/rGLCFDZuD07gY1vw8elir3O2?= =?us-ascii?q?VkE0zxuQYE1ny7W1+wUViOeZS/ML37IIoTwhqjtvHFqn2NLWEdWArRJ7fKpAed?= =?us-ascii?q?M9/EtH1WXBugx+JJOgLKdihkMFfgR0pUzu1BJ3CphancgttnMqwxJ4KbiE31NZ?= =?us-ascii?q?azOYwZfwN6XNJWbv5hCvarDZ2kvF3dmM5qgP7e40q1L5vAGmDkAi6Wlo08FJ03?= =?us-ascii?q?uA4ZXHFBASXo/sXUss+Bh6or7bbjM754zKyX1mKbO0vSPa29I1GOslzQ6tf8xR?= =?us-ascii?q?MKOeEw/yCNEaCtO1KOwsnFioYBcEM/pU9KIuOcOpaeeG0raxPOl8hDKmkXhH4I?= =?us-ascii?q?dl30OC7SV8TvLI0Igfw/GDxQaHSSnzjE26vcDqnIBIfzYSHnCwySL8Ho5eerVy?= =?us-ascii?q?fZoXCWepO8C3wNR+h5rpW3FG716uHEkJ19GzeRqVdVD92hdQ1UsPq3y9hSS41y?= =?us-ascii?q?B0ky0urqeHwizOwvjtdAYAOm5RXmVtkVfsIY+yj9AVR0WoawkplB2/6kbgwKhX?= =?us-ascii?q?vqN/L3PcQU1QZSj5M3liUrestrqFe8NP7JIosT5LUOilelCVVLr9oxoc0yP+EG?= =?us-ascii?q?pT3ys7dymrupX/nhx1lHmdIGx1rHXHZcF63Q3f68DERf5NwjoGQzF1iSPQBli4?= =?us-ascii?q?O9mm48+UmIvEsuGwTG+hTYBTfjXwzY+asyu7/2JqCwWln/+vgt3nDRQ60Sjj2t?= =?us-ascii?q?lpSyrIqg38b5Lo16ukN+JnZU9oC0Hg68ZgHYF+iIQwjokK2XcGnpWV4WYHkWDr?= =?us-ascii?q?PNVDw63+cX4NSiATw9HP5gjlxFNsLmiSyoLkTXWS3NFhZ8KgbmMN3SI98tpKB7?= =?us-ascii?q?uK47xKmit1uFW4ohzLbfh7gDgd1eMk6GQGjOERpAot0iKdD6gMHUleICPhjAqI?= =?us-ascii?q?79ajo6VXfmqvd6a/1FZml9C7EL6Cuh1cWGr+epo6BS9/9Nh/MFbX3XLv64HkZN?= =?us-ascii?q?nRYcsdthKOlRfMle9VKIg+lvASnypoJXr9vWE5y+48lRFu04u1vI6bK2Vq+aK0?= =?us-ascii?q?GRBYOSPoaMMU4DHil75entyR34CtAJpuBikLUIHvTfKyHzIYre7nOBqWED0gtn?= =?us-ascii?q?ebHqLSHQqF50diq3LADYyrN22NK3YD1thiQgeSJFBEgA8IRjo6hoA2GhqsxMP/?= =?us-ascii?q?bEdz/ioR6ULgqhtQ1uJoMAHyUmnFpAi2dzg0U4KQLBxK7gFF/EfYKtaR4f52Hy?= =?us-ascii?q?1C+Z2htgONIHSBZwtUFWEJRlCEB1f7M7mo/9nP6fCYBvKlIvvAYLWOs/deV+uG?= =?us-ascii?q?xZKu1Itp5TCMOdmOPnZ4C/03wE1DXWp2G87BgTUAVzQXlz7Rb86cvBq84jN4od?= =?us-ascii?q?uh//TtWQLv+YyPBqBTMdpx5R+5n72PN+mKhCZ2MTxYzI8DxWfUyLgD214fkzph?= =?us-ascii?q?eCKqHbQEtC7NV77QmrRNAx4AdSx8KNFE77ki0QlJOM7bjM7117Fjg/EpC1ZFT0?= =?us-ascii?q?Hhmtqzac0EOW69KEjHBEGNNLicIj3L2c73a7umSbJMlOVUqwGwuTGDHkD4PzSD?= =?us-ascii?q?mD7pVxa0PO5Rki6UJx1et5u7chp3DmjjVt3mYAWhMNBrlT023aE0hnTSOGEGPj?= =?us-ascii?q?hzaV1NoaOL4CNfmvVwBWpB7n9/IumFnyaW9O7YK5kMvftsGCR0mPpQ4G4mxLtN?= =?us-ascii?q?8CFEWPt1lTPOrt5pplGqiPOPyj1mURVQrDZEn5iLvUJ8NqXa7ZRPRXHE/BcR4m?= =?us-ascii?q?qKEBQKu8FpCtvxtKBM0tLPjr78KC9e89LI+ssRH8rUKMKHMXo5NhrpHD/UDBcb?= =?us-ascii?q?QjOwMGHfhlBdkOuM+XGPqZg6sJfskoIUSrBHTFw1Cu8aCkN9EdwBIJZ3Wi0rnK?= =?us-ascii?q?WejM4P63q+ogfeRNlGvpDHUfKSBOvgJCyfjbZaexsC2an4IpgLNo3nx0xibUF3?= =?us-ascii?q?nILUFEXKWdBAuS5hbggvoEVR6nd+SHYz20Hkag+35n8cC+K0lAYsigRieeQt6C?= =?us-ascii?q?vs41AvK1rQuiQwi1c+ls//gT+NcD78N7y/XYBMCyXpsEgxPIv7QxxrYgyyh0Bk?= =?us-ascii?q?MinLR65Jhbt6aW9rkBPcuYdIGfNEUKJEZxkQxfeKaPo21VRcqz6qylVZ6uvfDp?= =?us-ascii?q?tujgwqcYSjr3hYwQJscMY1JbDMJKpO1lVfm7iBvjGp1u8s2w8TPFwC8HmIeC4P?= =?us-ascii?q?tk0ILacpKDa1/ux26AyChztCdHIKV/U0vvJg7lk9NPiYzyL8z75DLVi8N+iYL6?= =?us-ascii?q?ODpWfAk8+JQlQr20MHkUlF4KJ60cA5c0qbT0ov1qeeFwwVNcreLgFYd9FS+2bX?= =?us-ascii?q?fSaPt+XN3J10Mp6hGeDvSO+BqLwbglm4HAozGYQD8NgBFIG20E7ENcfnMKIFyR?= =?us-ascii?q?I16QT3JVWFCfNJeA6LkDYHuMyw0Z533IlHKT4GG2l9Nzu45qrPrA8wnPWDRMs2?= =?us-ascii?q?YmsdXoYcLH02XMy6lDJHsHtYCTm20uQZyA+E7zDmvSnfFzj8YMBlZPuNaxNsFc?= =?us-ascii?q?u6+TMh/KiqkVTX6InRJ3nmNdR+vd/C8fgVqIiBC/5PV7ZyrlnclJdCR3yxSWHP?= =?us-ascii?q?C960K4L3a4k2Ytz+Emy6XUCnizIpU8fxO86gLqeVgQHpQYZUtJeU3DU4OMCgCD?= =?us-ascii?q?4RABZwqPsF5K5mYg0DeZU7awbytwsiL6y/PBuY0tK2Tma3LztWTuVQzeW9Z7xT?= =?us-ascii?q?1Coidva0xmY6QJwmyOe66lICRJYPjh7C3/mjfJVeXTL1GnNDZwXFvTA5mHR5Nu?= =?us-ascii?q?Yu3uc/xwvFsUMGPDCRc+xmc3dJv80mBVyIP3V5FG44R16ajYrM5g6s3r8S/ytB?= =?us-ascii?q?n9Zay+JFqn3+soXZYD2yRKyhsY/VvDY4bdg6v61xNpTuI8WcuJzCnjzfTZzQsg?= =?us-ascii?q?yfXy65DPdam8ZfLzxGT/VSnmElI8MGs5Jb6UUtTsc+O6BPCK40q7CvczVkFy0S?= =?us-ascii?q?wjEFV4OB2jwCjfyx2rXAmReWbJsiNBsEsIhfjdsGSSJ2ZD0RpLO7XYXMi2CEUn?= =?us-ascii?q?QLIBsU7QlU/g0AjJJwfub/7IrLV5JMyj9Wo/NoUiTQDJVo8UX0Sn2Oi1jiVPqh?= =?us-ascii?q?i/Cp3R5VzP/009kbXgJ/BlZZx+lIk0snNq13K7MQv4PRtT+IbV31vGToyOS8JV?= =?us-ascii?q?lRzdbbd1r3DYbfsmr8SCIc82UORYBT0HHfCYgSkw1hZaY3o1VMJZurelri6zwh?= =?us-ascii?q?3ItlBb+4Wt63x1w9t3YJWz+qE8ZdC+FhqF/XWCdqY4qxp5XhJppfWXJf94OFq1?= =?us-ascii?q?dBjkptNzC2yYBGJ8FK+D4MUyBFoS+Bs9uqVM1Dxch2AocOItd4pXjwA75LN4aK?= =?us-ascii?q?o3IooLzv1mHW9C0mvFe82jqzB7eyT/hF8G0GBgUpO2Oep1EzD+Qx72jS80rCsl?= =?us-ascii?q?Rv8uhHAbiPiFl+ryxmHpBSHDpJ026qL0hrRnlcr+paMLjVc9BbQ/QqfhCvNQAx?= =?us-ascii?q?GeIk0kCU80x5hmv2Yyt3tgRG4S/dRBU0WTMTgrjzhT0UstunNiMCS5JUcTUhaD?= =?us-ascii?q?/IKxiFli9KvBZQcV1qVosdAtZC5bEUw5VY8dbFSUmxNy4JRhpiORwk0fBHj05M?= =?us-ascii?q?rF2YeTzBDQqvbfvPqgZ3fduLo8G0MPT05xxHioT6sOAi66oMWXummRG3Qd/Eq4?= =?us-ascii?q?/wrNqKtlGBdK3gKe2zfWfBTCTQjRC3nbokE4PK8DbNPwVGMJR61H4kYYT7CWHR?= =?us-ascii?q?IxRGJqUbJ05FWqBmc9lGpfpaZ8B8cqYT5aBtHg6HRg/oGIG3rvlJNEzTRTPFLy?= =?us-ascii?q?WF6OO/v5ne7bnASejkesyMxmrIQ6NtMZd88jn3AbDq0ZVR+kDuwPdi6lt6SUTa?= =?us-ascii?q?MyCGtNnhJBkE5M+sdkv4uZ0mAC3ZDYxskHX3wEFAbM0XTzes8JsG1JNT8GzwRv?= =?us-ascii?q?5g0kjvrO1S8KFp6Y8z471yyMe0I6LSJe5bsU9hDBiUHB9l9o4xAGhlWmBefvMR?= =?us-ascii?q?KOrLfasHl8zurPr3F6MP4h2P5+NZccfHJ13GmsSnDDGcSABLnAAFqTEANQuQzf?= =?us-ascii?q?+Fm6hzSca+vuj0wUct7lexLxIcy7Bt/4iE8LKSpODLdxvR0aQEWq/yS8zvtLss?= =?us-ascii?q?v12d5eY4lL8OfWx4eBanH/QcVsEDwGfg0aEqwjg2H8PFAb3g5OZJV2glkTL4h5?= =?us-ascii?q?B9A1IWF+sQHbqQ+IRTnnw1m+LHOdILdaBCgHyAFQa+Er8Fy36k9TeYIHV/jhHJ?= =?us-ascii?q?yRHwTnu57EXqoi9gXSvM09Djn1JXVrm2AEdfRC+pNlF4sTyRJgrotdz3uasv4E?= =?us-ascii?q?EwLGPkqMqHlHG9N7NPA83/ONucLDE1pFMWlpI+XMCg1JsAGdWjPNce7m1xYuHZ?= =?us-ascii?q?62OxnC9Lu71HiJbG4sGJ5vXXGmGtgLabq7WWyjFX0Ho4vVAj6tC4LP7O+tmKTu?= =?us-ascii?q?+02GYWUihwpRHOXwOvqrzctVAbI1aH0EDRmIwFJttZx2U31ln65Og/R9I+7B1e?= =?us-ascii?q?GZzcZ/wepTDyNjz0wUycY94uTSmRzT9XHlPzEVllF6kxw3rws9jVlXjM+10pSI?= =?us-ascii?q?5wd1bkhRBtDIU3N1gt6F4JzSoHCwQNbgqbDL6wD0T/MYQETVQDaQiA3LWidac4?= =?us-ascii?q?x1dzza2z5O/TduF8A6sNNupDgQ6OhldbB4kWvbcYQL1iZ19X7LTXqRT6C4j7Q/?= =?us-ascii?q?jmkmI9NfKrTcBc7cAZsHwi7gGkRxW+7ZdD7rAbiI2Hd6NfZZjDotp87kd96jIV?= =?us-ascii?q?cCxCngR/hQujUe8AvODj/sTbsJ2w5+myVqYiXfkY+gMoCGR5i5vwhFEjrs/N1+?= =?us-ascii?q?dAVILalYT//BpKI36Qt4bQywN8JvYWK4K3YLZg8G0KJy0ZJ3IIIdqWZOcz7jRo?= =?us-ascii?q?MDXS/VNCBN0DZc8WPcrKgwBUiVbpVKtV9sXFBl+SE51zeNww72rr1DA19oMxUu?= =?us-ascii?q?n85z+tPpDT9kxDMfxFgiVtktLCuecUzOHdCCgS+3aZbQZ6zjmFy5mXBPb65f+M?= =?us-ascii?q?x83MV1MaAi42VJ9QJDiF+QynQOq5jonmUgOQ6s/unZ0/dUOQRnqqnKQGs6ZBCv?= =?us-ascii?q?BAiiTl3jdEEoD6mvOVv8Cq6GRJql1NCJxz4gHdGKVDIpV7Pgz1lsi1RkdmACvy?= =?us-ascii?q?Y8XUdgczt+qXwecM+P9yN0zkZY8UOhgE0a716WJJTgtyT777plSZUvwfZNtoTP?= =?us-ascii?q?PJtX5U5phmK6ARIFiRvprqoSlUqFouGg8mdKcwriBGdknJhABVVKL0uLkOiwQC?= =?us-ascii?q?Vd55vVRBGXm3OGI45jrISb5ZjK+PB/wJ6j+TVLABU110MiNiRBO4wIlue7qsnf?= =?us-ascii?q?1crmNGnz9yoPs03DxiXhe8vzPjp74V0zI65L64rCkBuWBCTuiGlifICFZDzPcN?= =?us-ascii?q?jaoHCXbt81+8YH4FbITs5rlrP8Lg+pc9434nexUsYzUGXfi8CyH3l66HGZKAsN?= =?us-ascii?q?RAhBOWo8XOabizLTQONrQj1x3sWmJx0g/EnBZn6GELWCmv7Mc4JIWhPsYo3jKo?= =?us-ascii?q?GW/fdFkW+KNIvszxtVoFTOYtbFNhx2Jj0tOZSSIRXszPHH01jhMlaWVCf5JP8x?= =?us-ascii?q?gaF7MngjyQpKlJ4hkUYCvIEoSi4oTQk9nH2X08Tddy2G3bvayEhpIv0H1ghdx0?= =?us-ascii?q?9CqOt2oIe+zfSc9sDWD51p1Dxuzme/WtrucHRZNoybS5Sv8CM9Ws9nWt1ZVvW0?= =?us-ascii?q?+l2q4eEESjPO8E3LfbXD+vSXeEVuSTb2iMgzE5P1b15RmsMFI6c99Kr0snPevZ?= =?us-ascii?q?mp5clhHuUa9uRiqOu1DX1mojPv0GdwguooeoZxQKTPINZ+ibPeUuxPw+CF0Rb3?= =?us-ascii?q?7GBCd2D+62sUWxnIhgIHhg4F/1YeLq8gz8N9uSABYEG5bArpFt4fy6Wn6BOXh4?= =?us-ascii?q?wR13JkZ76+ffF1U3tu9baJuRg9nQh9Jl3u4BdvdtNzA9u9EJloJk84mU39+AcQ?= =?us-ascii?q?vNwZbqOdHVvv+YDuXdz0sweWFaVaEWbBjo54U8It45W7rTHaZWvRQcGag2Wpoh?= =?us-ascii?q?OHnt9KtsNgN8bhbRZKiogsntvu+LfZVUp3rK4V8xLyrRoAMDxeKuTQx6bpGqgH?= =?us-ascii?q?PyLIo2Rj1fs91hEhtmE5VLG8MHtwenB5mUl72hhN+1+0N6vPQKsbbqBvDO09S2?= =?us-ascii?q?w59+X5xH6kyMOTbeHqhrgkJ9guSzhPfPzIXxBNvhdN8ZTuR3X2DIZqHcEtb3Fj?= =?us-ascii?q?XbIc/4ekhb45aAwbl5VVOXfym/UK2Y8GWiOelo7FsT1IN1ZqzQwSYr4rWd38H9?= =?us-ascii?q?IylfpyG+vTuSP4dHxELFCPaYXB9OT/eBtmF/EulfaYry6fdLKtEp3cKd/xg26T?= =?us-ascii?q?NOzc+IC7auo1WK2U9hc5/fakzz1HUDVJEOMSi4ZHEtim/QsHiVIX1dKMW/YZ13?= =?us-ascii?q?gd2VBwbh0EJGmWgsYGNaMmD0RNGNNHId1t74bwqPolFlFdEGytS2ck4xrKH6ae?= =?us-ascii?q?BpPJhe0furvf08nNJoLTzfDJxBMiXRKqJmFiZABeXI4l4za1gLtKZjCdR9XoSH?= =?us-ascii?q?PE5SaBTI8ij11waXlBP5?= X-IPAS-Result: =?us-ascii?q?A2CuAwAzB5Ra/wHyM5BcGgEBAQEBAgEBAQEIAQEBAYMiLWZ?= =?us-ascii?q?wKI5qjQiDGJYZC4FpMAuHUlgUAQIBAQEBAQECAWoogjgkgk8CJFIDAwkCNxEIA?= =?us-ascii?q?wEkNhIFgmdOgT4BAQEVAwEMrHE6hAleg32CQQWHQhCDLYYXLRcCAQKBKS5WhTM?= =?us-ascii?q?FiiMHiF+OWAmHOYZ8hV6CE5BaiWeCaopTNSGBUSsIAhgIIQ86DQiBGxp5gkMcg?= =?us-ascii?q?Xt3AYxWAQEB?= Received: from tarius.tycho.ncsc.mil ([144.51.242.1]) by emsm-gh1-uea11.NCSC.MIL with ESMTP; 26 Feb 2018 13:13:41 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id w1QDDfBG025300; Mon, 26 Feb 2018 08:13:41 -0500 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id w1OGJKo4127738 for ; Sat, 24 Feb 2018 11:19:20 -0500 Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id w1OGJJWR008964; Sat, 24 Feb 2018 11:19:19 -0500 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A1B0AwAaj5Faly0VGNZdHQEBBQELAYMiK?= =?us-ascii?q?mlwKI5qjQiDGJYZgXQOIguFEII6WBQBAgEBAQEBAQITAQEBAQEGGAaFfQEEJhk?= =?us-ascii?q?BOAEVMkE2EoM6gT0BAxUDAQytTTqDBAWBAIRVB4IdAQEIHAQDBYZQcoM9hhctF?= =?us-ascii?q?wIBAoEpLlaFMwWKIweIX45YCYc5hnyFXoITkFqJZ4JqilM1gXIzGiNPDQiCLoI?= =?us-ascii?q?0DxAMgXt3AYxbAQEB?= X-IPAS-Result: =?us-ascii?q?A1B0AwAaj5Faly0VGNZdHQEBBQELAYMiKmlwKI5qjQiDGJY?= =?us-ascii?q?ZgXQOIguFEII6WBQBAgEBAQEBAQITAQEBAQEGGAaFfQEEJhkBOAEVMkE2EoM6g?= =?us-ascii?q?T0BAxUDAQytTTqDBAWBAIRVB4IdAQEIHAQDBYZQcoM9hhctFwIBAoEpLlaFMwW?= =?us-ascii?q?KIweIX45YCYc5hnyFXoITkFqJZ4JqilM1gXIzGiNPDQiCLoI0DxAMgXt3AYxbA?= =?us-ascii?q?QEB?= X-IronPort-AV: E=Sophos;i="5.47,388,1515474000"; d="scan'208";a="208848" Received: from emsm-gh1-uea11.ncsc.mil ([214.29.60.35]) by goalie.tycho.ncsc.mil with ESMTP; 24 Feb 2018 11:19:18 -0500 IronPort-PHdr: =?us-ascii?q?9a23=3AnVxn1BxA5D9z9q7XCy+O+j09IxM/srCxBDY+r6Qd?= =?us-ascii?q?0uoRK/ad9pjvdHbS+e9qxAeQG9mDsLQc06L/iOPJYSQ4+5GPsXQPItRndiQuro?= =?us-ascii?q?EopTEmG9OPEkbhLfTnPGQQFcVGU0J5rTngaRAGUMnxaEfPrXKs8DUcBgvwNRZv?= =?us-ascii?q?JuTyB4Xek9m72/q99pHPbQhEniaxba9vJxiqsAvdsdUbj5F/Iagr0BvJpXVIe+?= =?us-ascii?q?VSxWx2IF+Yggjx6MSt8pN96ipco/0u+dJOXqX8ZKQ4UKdXDC86PGAv5c3krgfM?= =?us-ascii?q?QA2S7XYBSGoWkx5IAw/Y7BHmW5r6ryX3uvZh1CScIMb7S60/Vza/4KdxUBLmiD?= =?us-ascii?q?kJOSM3/m/UjcJ9l75XrA67qhBj2YPYfJ2ZOfxjda3dZ9MaQm9BU95NWSxAHoy8?= =?us-ascii?q?b5EAD/AcMu1FrYfyvVoOrR2gCgm3GejizSVIhn7q0q06yeshCxzJ0xQ8EN0WsH?= =?us-ascii?q?TbttT1NKEMXuCu16TH1inDb/JQ2Tfh9ofIaBYhru+QXb5qbcXRzkwvGhrDg16N?= =?us-ascii?q?p4LlODaV2f4Ms2id9+dvSfigi3Y9pA5qpjig2N0gio/XiYIJ0lzE+iR5wJo1Jd?= =?us-ascii?q?2lU0F3e8KrEJxVty2CK4d6X9kuQ2ZyuCY1zLANpJ21fDASxZg52hLSZOaLf5aH?= =?us-ascii?q?7x75SuqdPC10iX1ldb6nhBu+7FKsxvDyW8WqylpHoStInsPOu30M0RHY99KJRe?= =?us-ascii?q?Fn/ki73DaCzwDT5f9AIUAzjafUJZwvzL02mJcdr0nNBDP7lFn3gaOMaEor5O2o?= =?us-ascii?q?6//oYrn8o5+TLY50igXkPqQrm8y/Bfw0MgkIX2eF5eSxzKPv8VD2TblQkPE7nb?= =?us-ascii?q?PVvI7HKcgBqaO0AxdZ0oM55Ba+Czem3s4YnX4CLF9dYhKHjpTmO1HUL/DiEPiw?= =?us-ascii?q?m0ijny9rx//cP73hBIvCLmPYnbj6YbZ96khcyBYtwtBF4ZJbFK0BLOjvVU/2sd?= =?us-ascii?q?zUFgU5PBCsw+b7FNV90ZsTWXmSDa+CK67SrV+J6f4vI+mLfoMVvi39JOI/6/7h?= =?us-ascii?q?in85h0cXfbO10psPdHC4AvNmLl2CYXXyhtcBEGEKvhcxTeHxlF2DUSJcZ3a1X6?= =?us-ascii?q?4m4DE7E5ipAZ3MRoCqnryNxCe7EYNSZmBBEl2MFXDoeJmeVPcIaCKSJdRhkiAe?= =?us-ascii?q?WbilTI8uyQuhtAvnxLpgK+rb4CwYtZT72Nh04e3ciw0y+CR3AsiAyW2BUm95kn?= =?us-ascii?q?0SS2x+4KcqukF5y1GewYBkkvdYEppV/PoPXQAkcdbawvB2Bs7aRA3MZJGKRUyg?= =?us-ascii?q?T9HgBis+Cpo1wtkTcwNmEMm6pg7M0jDsALIPkbGPQpsu/eaU23n3OtY40HvNyb?= =?us-ascii?q?Mgk0hjR8xDKGmrrrBw+hKVBIPTlUid0aGwevcyxinIoV2CxmqHpk0QcAdxV6je?= =?us-ascii?q?FSQFZ0DWpM710Uj1T7avD7k8GgFdyMieJ7FMZ8GvhlJDEqSwcO/Can68zj/jTS?= =?us-ascii?q?2DwamBOdLn?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0B2AwAaj5Faly0VGNZdHQEBBQELAYMiK?= =?us-ascii?q?mlwKI5qjQiDGJYZgXQOIguFEII6WBQBAgEBAQEBAQIBEgEBAQEBBhgGV4I4IoJ?= =?us-ascii?q?MAQQmGQE4ARUyQTYSgzqBPQEDFQMBDK1NOoMEBYEAhFUHgh0BAQgcBAMFhlByg?= =?us-ascii?q?z2GFy0XAgECgSkuVoIVCYMVBYojB4hfjlgJhzmGfIVeghOQWolngmqKUzWBcjM?= =?us-ascii?q?aI08NCIIugjQPEAyBe3cBjFsBAQE?= X-IPAS-Result: =?us-ascii?q?A0B2AwAaj5Faly0VGNZdHQEBBQELAYMiKmlwKI5qjQiDGJY?= =?us-ascii?q?ZgXQOIguFEII6WBQBAgEBAQEBAQIBEgEBAQEBBhgGV4I4IoJMAQQmGQE4ARUyQ?= =?us-ascii?q?TYSgzqBPQEDFQMBDK1NOoMEBYEAhFUHgh0BAQgcBAMFhlBygz2GFy0XAgECgSk?= =?us-ascii?q?uVoIVCYMVBYojB4hfjlgJhzmGfIVeghOQWolngmqKUzWBcjMaI08NCIIugjQPE?= =?us-ascii?q?AyBe3cBjFsBAQE?= X-IronPort-AV: E=Sophos;i="5.47,388,1515456000"; d="scan'208";a="9791986" X-IronPort-Outbreak-Status: No, level 0, Unknown - Unknown Received: from uhil3cpa06.eemsg.mail.mil ([214.24.21.45]) by emsm-gh1-uea11.NCSC.MIL with ESMTP; 24 Feb 2018 16:19:17 +0000 X-EEMSG-check-005: 0 X-EEMSG-check-006: 000-001;3cdc5792-9d04-4ad2-9001-e486dcde0afb X-EEMSG-check-008: 685466594|UHIL3CPA01_EEMSG_MP17.csd.disa.mil X-EEMSG-check-001: false X-EEMSG-SBRS: None X-EEMSG-ORIG-IP: 65.20.0.123 X-EEMSG-check-002: true X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A0C/AwB8jZFa/3sAFEFdHAEBAQQBAQoBAYMigRNwKI5qkCCWGYF0DiILhRCDEhQBAgEBAQEBAQJrKIUmBSYZATgBFTJBNhKDOoE9AQMVBAytTTqDBAWBAIRWB4IdASUEAwWGUIQvhhctFwIBAoEpLlaCFQmDFQWKIweIX45YCYc5hnyFXoITkFqJZ4JqilM1IYFRMxojTw0Igi6Bc0EPHIF7dwGMWwEBAQ X-IPAS-Result: A0C/AwB8jZFa/3sAFEFdHAEBAQQBAQoBAYMigRNwKI5qkCCWGYF0DiILhRCDEhQBAgEBAQEBAQJrKIUmBSYZATgBFTJBNhKDOoE9AQMVBAytTTqDBAWBAIRWB4IdASUEAwWGUIQvhhctFwIBAoEpLlaCFQmDFQWKIweIX45YCYc5hnyFXoITkFqJZ4JqilM1IYFRMxojTw0Igi6Bc0EPHIF7dwGMWwEBAQ Received: from rgout0103.bt.lon5.cpcloud.co.uk (HELO rgout01.bt.lon5.cpcloud.co.uk) ([65.20.0.123]) by UHIL3CPA01.eemsg.mail.mil with ESMTP; 24 Feb 2018 16:19:15 +0000 X-OWM-Source-IP: 81.132.46.76 (GB) X-OWM-Env-Sender: richard_c_haines@btinternet.com X-RazorGate-Vade-Classification: clean X-RazorGate-Vade-Verdict: clean 0 X-VadeSecure-score: verdict=clean score=0/300, class=clean X-SNCR-VADESECURE: CLEAN X-Junkmail-Premium-Raw: score=8/50, refid=2.7.2:2018.2.24.155416:17:8.317, ip=, rules=__HAS_FROM, __FRAUD_WEBMAIL_FROM, __TO_MALFORMED_2, __TO_NO_NAME, __HAS_CC_HDR, __MULTIPLE_RCPTS_CC_X2, __CC_NAME, __CC_NAME_DIFF_FROM_ACC, __SUBJ_ALPHA_END, __HAS_MSGID, __SANE_MSGID, __HAS_X_MAILER, __FROM_DOMAIN_IN_ANY_CC1, __ANY_URI, __HTTPS_URI, __URI_WITH_PATH, URI_ENDS_IN_HTML, __FRAUD_BODY_WEBMAIL, __URI_NO_WWW, __CP_URI_IN_BODY, __MULTIPLE_URI_TEXT, __URI_IN_BODY, __URI_NOT_IMG, __NO_HTML_TAG_RAW, BODY_SIZE_10000_PLUS, __MIME_TEXT_P1, __MIME_TEXT_ONLY, __URI_NS, HTML_00_01, HTML_00_10, __FRAUD_WEBMAIL, __FROM_DOMAIN_IN_RCPT, __CC_REAL_NAMES, MULTIPLE_RCPTS, __PHISH_SPEAR_STRUCTURE_1, __MIME_TEXT_P, URI_WITH_PATH_ONLY X-RazorGate-Vade: gggruggvucftvghtrhhoucdtuddrgedtfedrheejgdekiecutefuodetggdotefrodftvfcurfhrohhfihhlvgemuceutffkvffkuffjvffgnffgvefqofdpqfgfvfenuceurghilhhouhhtmecufedttdenucenucfjughrpefhvffufffkofestddtredtredttdenucfhrhhomheptfhitghhrghrugcujfgrihhnvghsuceorhhitghhrghruggptggphhgrihhnvghssegsthhinhhtvghrnhgvthdrtghomheqnecuffhomhgrihhnpegtrghprggslhgvrdhnvghtpdhgihhthhhusgdrtghomhdptddurdhorhhgnecukfhppeekuddrudefvddrgeeirdejieenucfrrghrrghmpehhvghloheplhhotggrlhhhohhsthdrlhhotggrlhguohhmrghinhdpihhnvghtpeekuddrudefvddr Received: from localhost.localdomain (81.132.46.76) by rgout01.bt.lon5.cpcloud.co.uk (9.0.019.21-1) (authenticated as richard_c_haines@btinternet.com) id 5A8D5DC7004672B8; Sat, 24 Feb 2018 16:18:59 +0000 X-EEMSG-check-009: 444-444 To: selinux@tycho.nsa.gov, netdev@vger.kernel.org, linux-sctp@vger.kernel.org, linux-security-module@vger.kernel.org Date: Sat, 24 Feb 2018 16:18:51 +0000 Message-Id: <20180224161851.29712-1-richard_c_haines@btinternet.com> X-Mailer: git-send-email 2.14.3 X-Mailman-Approved-At: Mon, 26 Feb 2018 08:11:29 -0500 Subject: [PATCH V8 2/4] sctp: Add ip option support X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: From: Richard Haines via Selinux Reply-To: Richard Haines Cc: marcelo.leitner@gmail.com, nhorman@tuxdriver.com, vyasevich@gmail.com, sds@tycho.nsa.gov Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP Add ip option support to allow LSM security modules to utilise CIPSO/IPv4 and CALIPSO/IPv6 services. Signed-off-by: Richard Haines --- All SCTP lksctp-tools/src/func_tests run correctly in enforcing mode. All "./sctp-tests run" obtained from: https://github.com/sctp/sctp-tests pass. V7 Changes: 1) Log when copy ip options fail for IPv4 and IPv6 2) Correct sctp_setsockopt_maxseg() function. Note that the lksctp-tools func_tests do not test with struct sctp_assoc_value. Just used simple test and okay. 3) Move calculation of overheads to sctp_packet_config(). NOTE: Initially in sctp_packet_reset() I set packet->size and packet->overhead to zero (as it is a reset). This was okay for all the lksctp-tools function tests, however when running "sctp-tests" ndatshched tests it causes these to fail with an st_s.log entry of: sid: 3, expected: 3 sid: 3, expected: 3 unexpected sid packet !!! sid: 1, expected: 3 I then found sctp_packet_transmit() relies on setting "packet->size = packet->overhead;" to reset size to the current overhead after sending packets, hence the comment in sctp_packet_reset() V8 Change: Fix sparse warning: net/sctp/protocol.c:269:28: sparse: dereference of noderef expression highlighted in [1] for sctp_v4_ip_options_len() function. [1] https://lists.01.org/pipermail/kbuild-all/2018-February/043695.html include/net/sctp/sctp.h | 4 +++- include/net/sctp/structs.h | 2 ++ net/sctp/chunk.c | 10 +++++++--- net/sctp/ipv6.c | 45 ++++++++++++++++++++++++++++++++++++++------- net/sctp/output.c | 34 +++++++++++++++++++++------------- net/sctp/protocol.c | 43 +++++++++++++++++++++++++++++++++++++++++++ net/sctp/socket.c | 11 ++++++++--- 7 files changed, 122 insertions(+), 27 deletions(-) diff --git a/include/net/sctp/sctp.h b/include/net/sctp/sctp.h index f7ae6b0..25c5c87 100644 --- a/include/net/sctp/sctp.h +++ b/include/net/sctp/sctp.h @@ -441,9 +441,11 @@ static inline int sctp_list_single_entry(struct list_head *head) static inline int sctp_frag_point(const struct sctp_association *asoc, int pmtu) { struct sctp_sock *sp = sctp_sk(asoc->base.sk); + struct sctp_af *af = sp->pf->af; int frag = pmtu; - frag -= sp->pf->af->net_header_len; + frag -= af->ip_options_len(asoc->base.sk); + frag -= af->net_header_len; frag -= sizeof(struct sctphdr) + sctp_datachk_len(&asoc->stream); if (asoc->user_frag) diff --git a/include/net/sctp/structs.h b/include/net/sctp/structs.h index 03e92dd..ead5fce 100644 --- a/include/net/sctp/structs.h +++ b/include/net/sctp/structs.h @@ -491,6 +491,7 @@ struct sctp_af { void (*ecn_capable)(struct sock *sk); __u16 net_header_len; int sockaddr_len; + int (*ip_options_len)(struct sock *sk); sa_family_t sa_family; struct list_head list; }; @@ -515,6 +516,7 @@ struct sctp_pf { int (*addr_to_user)(struct sctp_sock *sk, union sctp_addr *addr); void (*to_sk_saddr)(union sctp_addr *, struct sock *sk); void (*to_sk_daddr)(union sctp_addr *, struct sock *sk); + void (*copy_ip_options)(struct sock *sk, struct sock *newsk); struct sctp_af *af; }; diff --git a/net/sctp/chunk.c b/net/sctp/chunk.c index 991a530..d726d21 100644 --- a/net/sctp/chunk.c +++ b/net/sctp/chunk.c @@ -171,6 +171,8 @@ struct sctp_datamsg *sctp_datamsg_from_user(struct sctp_association *asoc, struct list_head *pos, *temp; struct sctp_chunk *chunk; struct sctp_datamsg *msg; + struct sctp_sock *sp; + struct sctp_af *af; int err; msg = sctp_datamsg_new(GFP_KERNEL); @@ -189,9 +191,11 @@ struct sctp_datamsg *sctp_datamsg_from_user(struct sctp_association *asoc, /* This is the biggest possible DATA chunk that can fit into * the packet */ - max_data = asoc->pathmtu - - sctp_sk(asoc->base.sk)->pf->af->net_header_len - - sizeof(struct sctphdr) - sctp_datachk_len(&asoc->stream); + sp = sctp_sk(asoc->base.sk); + af = sp->pf->af; + max_data = asoc->pathmtu - af->net_header_len - + sizeof(struct sctphdr) - sctp_datachk_len(&asoc->stream) - + af->ip_options_len(asoc->base.sk); max_data = SCTP_TRUNC4(max_data); /* If the the peer requested that we authenticate DATA chunks diff --git a/net/sctp/ipv6.c b/net/sctp/ipv6.c index e35d4f7..30a05a8 100644 --- a/net/sctp/ipv6.c +++ b/net/sctp/ipv6.c @@ -427,6 +427,41 @@ static void sctp_v6_copy_addrlist(struct list_head *addrlist, rcu_read_unlock(); } +/* Copy over any ip options */ +static void sctp_v6_copy_ip_options(struct sock *sk, struct sock *newsk) +{ + struct ipv6_pinfo *newnp, *np = inet6_sk(sk); + struct ipv6_txoptions *opt; + + newnp = inet6_sk(newsk); + + rcu_read_lock(); + opt = rcu_dereference(np->opt); + if (opt) { + opt = ipv6_dup_options(newsk, opt); + if (!opt) + pr_err("%s: Failed to copy ip options\n", __func__); + } + RCU_INIT_POINTER(newnp->opt, opt); + rcu_read_unlock(); +} + +/* Account for the IP options */ +static int sctp_v6_ip_options_len(struct sock *sk) +{ + struct ipv6_pinfo *np = inet6_sk(sk); + struct ipv6_txoptions *opt; + int len = 0; + + rcu_read_lock(); + opt = rcu_dereference(np->opt); + if (opt) + len = opt->opt_flen + opt->opt_nflen; + + rcu_read_unlock(); + return len; +} + /* Initialize a sockaddr_storage from in incoming skb. */ static void sctp_v6_from_skb(union sctp_addr *addr, struct sk_buff *skb, int is_saddr) @@ -666,7 +701,6 @@ static struct sock *sctp_v6_create_accept_sk(struct sock *sk, struct sock *newsk; struct ipv6_pinfo *newnp, *np = inet6_sk(sk); struct sctp6_sock *newsctp6sk; - struct ipv6_txoptions *opt; newsk = sk_alloc(sock_net(sk), PF_INET6, GFP_KERNEL, sk->sk_prot, kern); if (!newsk) @@ -689,12 +723,7 @@ static struct sock *sctp_v6_create_accept_sk(struct sock *sk, newnp->ipv6_ac_list = NULL; newnp->ipv6_fl_list = NULL; - rcu_read_lock(); - opt = rcu_dereference(np->opt); - if (opt) - opt = ipv6_dup_options(newsk, opt); - RCU_INIT_POINTER(newnp->opt, opt); - rcu_read_unlock(); + sctp_v6_copy_ip_options(sk, newsk); /* Initialize sk's sport, dport, rcv_saddr and daddr for getsockname() * and getpeername(). @@ -1041,6 +1070,7 @@ static struct sctp_af sctp_af_inet6 = { .ecn_capable = sctp_v6_ecn_capable, .net_header_len = sizeof(struct ipv6hdr), .sockaddr_len = sizeof(struct sockaddr_in6), + .ip_options_len = sctp_v6_ip_options_len, #ifdef CONFIG_COMPAT .compat_setsockopt = compat_ipv6_setsockopt, .compat_getsockopt = compat_ipv6_getsockopt, @@ -1059,6 +1089,7 @@ static struct sctp_pf sctp_pf_inet6 = { .addr_to_user = sctp_v6_addr_to_user, .to_sk_saddr = sctp_v6_to_sk_saddr, .to_sk_daddr = sctp_v6_to_sk_daddr, + .copy_ip_options = sctp_v6_copy_ip_options, .af = &sctp_af_inet6, }; diff --git a/net/sctp/output.c b/net/sctp/output.c index 01a26ee..a58d13c 100644 --- a/net/sctp/output.c +++ b/net/sctp/output.c @@ -69,7 +69,11 @@ static enum sctp_xmit sctp_packet_will_fit(struct sctp_packet *packet, static void sctp_packet_reset(struct sctp_packet *packet) { + /* sctp_packet_transmit() relies on this to reset size to the + * current overhead after sending packets. + */ packet->size = packet->overhead; + packet->has_cookie_echo = 0; packet->has_sack = 0; packet->has_data = 0; @@ -87,6 +91,7 @@ void sctp_packet_config(struct sctp_packet *packet, __u32 vtag, struct sctp_transport *tp = packet->transport; struct sctp_association *asoc = tp->asoc; struct sock *sk; + size_t overhead = sizeof(struct ipv6hdr) + sizeof(struct sctphdr); pr_debug("%s: packet:%p vtag:0x%x\n", __func__, packet, vtag); packet->vtag = vtag; @@ -95,10 +100,22 @@ void sctp_packet_config(struct sctp_packet *packet, __u32 vtag, if (!sctp_packet_empty(packet)) return; - /* set packet max_size with pathmtu */ + /* set packet max_size with pathmtu, then calculate overhead */ packet->max_size = tp->pathmtu; - if (!asoc) + if (asoc) { + struct sctp_sock *sp = sctp_sk(asoc->base.sk); + struct sctp_af *af = sp->pf->af; + + overhead = af->net_header_len + + af->ip_options_len(asoc->base.sk); + overhead += sizeof(struct sctphdr); + packet->overhead = overhead; + packet->size = overhead; + } else { + packet->overhead = overhead; + packet->size = overhead; return; + } /* update dst or transport pathmtu if in need */ sk = asoc->base.sk; @@ -140,23 +157,14 @@ void sctp_packet_init(struct sctp_packet *packet, struct sctp_transport *transport, __u16 sport, __u16 dport) { - struct sctp_association *asoc = transport->asoc; - size_t overhead; - pr_debug("%s: packet:%p transport:%p\n", __func__, packet, transport); packet->transport = transport; packet->source_port = sport; packet->destination_port = dport; INIT_LIST_HEAD(&packet->chunk_list); - if (asoc) { - struct sctp_sock *sp = sctp_sk(asoc->base.sk); - overhead = sp->pf->af->net_header_len; - } else { - overhead = sizeof(struct ipv6hdr); - } - overhead += sizeof(struct sctphdr); - packet->overhead = overhead; + /* The overhead will be calculated by sctp_packet_config() */ + packet->overhead = 0; sctp_packet_reset(packet); packet->vtag = 0; } diff --git a/net/sctp/protocol.c b/net/sctp/protocol.c index 91813e6..02f23ad 100644 --- a/net/sctp/protocol.c +++ b/net/sctp/protocol.c @@ -237,6 +237,45 @@ int sctp_copy_local_addr_list(struct net *net, struct sctp_bind_addr *bp, return error; } +/* Copy over any ip options */ +static void sctp_v4_copy_ip_options(struct sock *sk, struct sock *newsk) +{ + struct inet_sock *newinet, *inet = inet_sk(sk); + struct ip_options_rcu *inet_opt, *newopt = NULL; + + newinet = inet_sk(newsk); + + rcu_read_lock(); + inet_opt = rcu_dereference(inet->inet_opt); + if (inet_opt) { + newopt = sock_kmalloc(newsk, sizeof(*inet_opt) + + inet_opt->opt.optlen, GFP_ATOMIC); + if (newopt) + memcpy(newopt, inet_opt, sizeof(*inet_opt) + + inet_opt->opt.optlen); + else + pr_err("%s: Failed to copy ip options\n", __func__); + } + RCU_INIT_POINTER(newinet->inet_opt, newopt); + rcu_read_unlock(); +} + +/* Account for the IP options */ +static int sctp_v4_ip_options_len(struct sock *sk) +{ + struct inet_sock *inet = inet_sk(sk); + struct ip_options_rcu *inet_opt; + int len = 0; + + rcu_read_lock(); + inet_opt = rcu_dereference(inet->inet_opt); + if (inet_opt) + len = inet_opt->opt.optlen; + + rcu_read_unlock(); + return len; +} + /* Initialize a sctp_addr from in incoming skb. */ static void sctp_v4_from_skb(union sctp_addr *addr, struct sk_buff *skb, int is_saddr) @@ -588,6 +627,8 @@ static struct sock *sctp_v4_create_accept_sk(struct sock *sk, sctp_copy_sock(newsk, sk, asoc); sock_reset_flag(newsk, SOCK_ZAPPED); + sctp_v4_copy_ip_options(sk, newsk); + newinet = inet_sk(newsk); newinet->inet_daddr = asoc->peer.primary_addr.v4.sin_addr.s_addr; @@ -1006,6 +1047,7 @@ static struct sctp_pf sctp_pf_inet = { .addr_to_user = sctp_v4_addr_to_user, .to_sk_saddr = sctp_v4_to_sk_saddr, .to_sk_daddr = sctp_v4_to_sk_daddr, + .copy_ip_options = sctp_v4_copy_ip_options, .af = &sctp_af_inet }; @@ -1090,6 +1132,7 @@ static struct sctp_af sctp_af_inet = { .ecn_capable = sctp_v4_ecn_capable, .net_header_len = sizeof(struct iphdr), .sockaddr_len = sizeof(struct sockaddr_in), + .ip_options_len = sctp_v4_ip_options_len, #ifdef CONFIG_COMPAT .compat_setsockopt = compat_ip_setsockopt, .compat_getsockopt = compat_ip_getsockopt, diff --git a/net/sctp/socket.c b/net/sctp/socket.c index bf271f8..eb55c63 100644 --- a/net/sctp/socket.c +++ b/net/sctp/socket.c @@ -3138,6 +3138,7 @@ static int sctp_setsockopt_mappedv4(struct sock *sk, char __user *optval, unsign static int sctp_setsockopt_maxseg(struct sock *sk, char __user *optval, unsigned int optlen) { struct sctp_sock *sp = sctp_sk(sk); + struct sctp_af *af = sp->pf->af; struct sctp_assoc_value params; struct sctp_association *asoc; int val; @@ -3162,7 +3163,8 @@ static int sctp_setsockopt_maxseg(struct sock *sk, char __user *optval, unsigned if (val) { int min_len, max_len; - min_len = SCTP_DEFAULT_MINSEGMENT - sp->pf->af->net_header_len; + min_len = SCTP_DEFAULT_MINSEGMENT - af->net_header_len; + min_len -= af->ip_options_len(sk); min_len -= sizeof(struct sctphdr) + sizeof(struct sctp_data_chunk); @@ -3175,7 +3177,8 @@ static int sctp_setsockopt_maxseg(struct sock *sk, char __user *optval, unsigned asoc = sctp_id2assoc(sk, params.assoc_id); if (asoc) { if (val == 0) { - val = asoc->pathmtu - sp->pf->af->net_header_len; + val = asoc->pathmtu - af->net_header_len; + val -= af->ip_options_len(sk); val -= sizeof(struct sctphdr) + sctp_datachk_len(&asoc->stream); } @@ -5087,9 +5090,11 @@ int sctp_do_peeloff(struct sock *sk, sctp_assoc_t id, struct socket **sockp) sctp_copy_sock(sock->sk, sk, asoc); /* Make peeled-off sockets more like 1-1 accepted sockets. - * Set the daddr and initialize id to something more random + * Set the daddr and initialize id to something more random and also + * copy over any ip options. */ sp->pf->to_sk_daddr(&asoc->peer.primary_addr, sk); + sp->pf->copy_ip_options(sk, sock->sk); /* Populate the fields of the newsk from the oldsk and migrate the * asoc to the newsk.