From patchwork Mon Jun 25 16:34:25 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jann Horn via Selinux X-Patchwork-Id: 10486971 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id EE0B06023A for ; Mon, 25 Jun 2018 17:00:48 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id D402B285F7 for ; Mon, 25 Jun 2018 17:00:48 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id C2C7628765; Mon, 25 Jun 2018 17:00:48 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.2 required=2.0 tests=BAYES_00, MAILING_LIST_MULTI, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from UCOL19PA10.eemsg.mail.mil (ucol19pa10.eemsg.mail.mil [214.24.24.83]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id A668228700 for ; Mon, 25 Jun 2018 17:00:36 +0000 (UTC) X-IronPort-AV: E=Sophos;i="5.51,270,1526342400"; d="scan'208";a="541880701" Received: from emsm-gh1-uea10.ncsc.mil ([214.29.60.2]) by UCOL19PA10.eemsg.mail.mil with ESMTP/TLS/AES256-SHA; 25 Jun 2018 16:37:49 +0000 X-IronPort-AV: E=Sophos;i="5.51,270,1526342400"; d="scan'208";a="13173819" IronPort-PHdr: =?us-ascii?q?9a23=3ATPVAThw09FrNHFfXCy+O+j09IxM/srCxBDY+r6?= =?us-ascii?q?Qd1u8fIvad9pjvdHbS+e9qxAeQG9mDtrQc06L/iOPJYSQ4+5GPsXQPItRndi?= =?us-ascii?q?QuroEopTEmG9OPEkbhLfTnPGQQFcVGU0J5rTngaRAGUMnxaEfPrXKs8DUcBg?= =?us-ascii?q?vwNRZvJuTyB4Xek9m72/q99pHPYwhEniaxba9vJxiqsAvdsdUbj5F/Iagr0B?= =?us-ascii?q?vJpXVIe+VSxWx2IF+Yggjx6MSt8pN96ipco/0u+dJOXqX8ZKQ4UKdXDC86PG?= =?us-ascii?q?Av5c3krgfMQA2S7XYBSGoWkx5IAw/Y7BHmW5r6ryX3uvZh1CScIMb7Vq4/Vy?= =?us-ascii?q?i84Kh3SR/okCYHOCA/8GHLkcx7kaZXrAu8qxBj34LYZYeYO/RkfqPZYNgUW2?= =?us-ascii?q?xPUMhMXCBFG4+wcpcDA+8HMO1FrYfyukEOoAOxCgeiB+3hzSFGiGLu3aA4zu?= =?us-ascii?q?gsHwHI3BY8ENwBrnvUt874NLsQXO2v0KXF1ynPY+1Q1Dzg6IbIaBchofSUUL?= =?us-ascii?q?x0a8XRz08vHB7HgFWXs4zlOS6e1voMs2eB8uFuSPygi2omqwF3vziuydonh4?= =?us-ascii?q?7Sho0LzlDE9CN5wJs6JNCjVE56YcKrEJtXty2AMYt2WdktT3tnuCY91L0LoJ?= =?us-ascii?q?i2dzUJxpQ/3xPTdvOKfoeS7h/jSeqdOyl0iX17dL6lmhq+6VasxvH4W8Wu01?= =?us-ascii?q?tHrjBJnsfSunwRzRDf9NSLRuV780y8wziAzRrT5ftBIU0skKrbLIMuzaAom5?= =?us-ascii?q?oItETDAjf2mELrjK+Kbkkk+van6+DgYrj+up+TLZV0igDjMqQ1gMC/HeQ5PR?= =?us-ascii?q?QOX2ic4+i80qHs/VblT7lQi/02k63ZvIjbJcQduKG5HxdY3pss5huwFTur0M?= =?us-ascii?q?kUkWMZIF9KZh6LlZXlN0nLIP/iDPe/h1qskC1sx/DDJrDhGYvCLnzCkLfnYL?= =?us-ascii?q?Z85FdQxxE0zdBC4ZJbFq8OIOnoV0/ttN3XEh85Mwuuz+bhE9VyzJkSWW2IAq?= =?us-ascii?q?+HKK/Sq0OH5vozI+mQY48YoDT9K/8j5/H0kX85mUUSfa+y0JsVb3C4GPFmLF?= =?us-ascii?q?+CYXrwnNgBC3wKshA5TOzwh12ISSRTaGqqX6Ig+jE7D5qrDYXBRo+3nLOB3z?= =?us-ascii?q?y7HppQZmBHFFCBCnnod4GZW/YDcy2SP8lhkiAZVbS7TI8hzx6uvhfgy7V7Nu?= =?us-ascii?q?rU5jEYtZX72dht+eLcjg899Tp1D8SB1GGAVGB0kX0WSDAoxqx/plZ9ylib26?= =?us-ascii?q?hin/NYDcBT5+9OUgoiKJHcyOp6C9bvVQ3feteJSU2rTc+4DjErSdI92dgOY1?= =?us-ascii?q?xyG9+6lBDMwzKqA6MJl7yMHJE7777c0GLrJ8tm13nG06whgEU8TctUKW2qnK?= =?us-ascii?q?h/+BbPB4TRiUWWi76qdbgA3C7K7GqDzGyOvF1GXw50T6rFWG4QZlfMrdX5/U?= =?us-ascii?q?7CSKeuBqohMgtE08GCK69KZcbujVRJXvvjP87eY22pkWeqGRmI3q+MbJbte2?= =?us-ascii?q?gF0iTdCUwEkwUN8nacLgU+CDmurH/ZDDx0D13ve1ns8e58qHylUkA00xuGb0?= =?us-ascii?q?p717q64hQVn+CTS+sP3rIYvycsszt0HEyn0NLQF9WAphFhcb5ZYdMl4VdLzH?= =?us-ascii?q?nZtgJmPpC6KKBinFEeeRxtv0zyzxV3FplAkc8yoXMp1gVyKqWY0E5aejObx5?= =?us-ascii?q?/wObrXKnTo8BCoca7W1UnU0MyK9acX9PQ4t1LjsRmzGUU/6XVn0sda02GH65?= =?us-ascii?q?rQEAUSVIj9UkEt9xh1v7vaeDUy55vI1X1wNqm5qiPN1MgtBOQ70RagY9deMK?= =?us-ascii?q?SfGQ/pD8IaBtahKOo2m1iodB0IJuZS+7AoP8m+bfuJxLarPPp8nDKhlWlH+p?= =?us-ascii?q?1y3V+X+ipzT+7J0IwJw/eG0QubTz38lkuustjrmYBYYjEfBnG/ySb+BI5Wfa?= =?us-ascii?q?1yYZ0GCXyoI82wyNR+goTiW3hC+F6lGVwGxNejeQCOYFzlwQ1QyUMXrGSpmC?= =?us-ascii?q?Siyzx0jy8mrrCE3CHV3eTtagAHNXVWRGlnl1vsJpK0j98CVkiycwcpjAel5V?= =?us-ascii?q?r9x6VDuqR/LnXcQVtPfyjsNW1tTquwtr2EY85A854otSRXUOKmblCATb7xuR?= =?us-ascii?q?wa0znsH2FG3jA0aymquonlnxx9kG+dKHdzrGHFec1p3hfQ+tjcRf9X3jobSy?= =?us-ascii?q?h1kiLXBkC9P9mv/NWbi4zDvvq4V22/Sp1ZaTPrwp+YtCun+W1qBgWyn+q0mt?= =?us-ascii?q?3jFQg1zzX72MVtVSTGtxv8eZTr2LihMe59eUloHlD84dJgGo5iioswmI0Q2X?= =?us-ascii?q?8Ci5WW43UHl3zzPM5Y2a3ganoNXjgLzMDJ4AT/301jNH2JzZrjVnqB2sthe8?= =?us-ascii?q?W6YmQO1yIl9c9KFaOU46JcnSRvpFq4sRzeYeJmkzcA0vsh9mQag/oTtAo2yS?= =?us-ascii?q?WdH6oSElVGMizikBSI9d++o7tNaGapb7ewyFJ0ncq9A7GavgFcRHH5d488HS?= =?us-ascii?q?9288pyK0zM0Hvu5YHkYtXQa8wctgGMmRfak+dVMI4xluYNhSd/IWLyp2Aly+?= =?us-ascii?q?oggBNy3JG6oIiGJ3xj/K2jBB5ULDr1Z9kc+jv1l6ZRgt6W35yzHpVmAjgLX5?= =?us-ascii?q?vpTfa2Hz8JsPTnMAiOEDMipXeHBbrfHQif6EJ4oH7VFZCkKW2XLmEDzdp+XB?= =?us-ascii?q?mdOFBfgAcMUTU0hJE5EByqxMvkcEpi6DAe+EP3qhxWyu1yLxn/SGDfpAW2ZT?= =?us-ascii?q?goVJiTNh1W7htN503NK8yR8vpzHz1E/p2mtAGNJHabaBpVAmESQEOEAUzjPr?= =?us-ascii?q?615dTb6eeXGu++I+HJYbWUpuxUT+2Iyo630ot64zaMMd2CMWJ5APE83kpDXG?= =?us-ascii?q?t5G9jCmzkVUCwYiT7CY9SApBii/i13r8a/8OnkWQ/0+YSOC6FSMch0+xysj6?= =?us-ascii?q?aMLfKQhD1+KTZezJ8MwmXIyLcH1l4Ily5ubyWtEagHtSPVSqLQm6tXDxoFZC?= =?us-ascii?q?NoL8ZH9bwz3hNKOcLBjdP1zLF4hOYvC1hZTVzhht2pZcsSLm6mNVPHC0GLNL?= =?us-ascii?q?KdKDLW3c74eqK8RqdWjOlOsB2wozmbGVf5PjufjznpSwyvMeZUgS6BMxxRop?= =?us-ascii?q?+9fQh2BGjkVNLpdBu7MNptgj03xb07nXTKNGEGPTh7aUNNoaWa7TlEjfVnB2?= =?us-ascii?q?xB8n1lIPGYmyae6unUMIwWsfxqAytqkeJV+246y7xL4yFHX/F6hCzSrttyrF?= =?us-ascii?q?68iemP1iBrUBxQpTZXnIiLp1ltOb3F9plcXnbJ5BAN7WWQChQSoNtlDtzvu7?= =?us-ascii?q?xOxdXUkaLzKStC88jK8scGAMjUMs2HOmI7MRX1AD7UEBcFTTmzOGHZmUNSiv?= =?us-ascii?q?WS+2aWrpg9sZjshIABSrlAVFw2F/MWEEJlE8IeIJ1vRDMrjaabjNIU5Xq5tB?= =?us-ascii?q?TRXttVvovZWf2IG/XgNDaZgKJfaBsJ27P3MIMTNoPj20x4dFZ7nJ7GG0zOUt?= =?us-ascii?q?BRuidhdBM7oF1R8HhiSW0+w1/qZRmz4H8SCPG0hQU7hRFkYeQ38zft7Uw3KU?= =?us-ascii?q?TWqystikkxmMnlgDCLfD73MqiwQZlcCzDouEgpLpP7XwF1YBW2nUxjLjfLWb?= =?us-ascii?q?RRjrpndW1whw/cv4ZPFeRbTa1ebx8a3euXaOkw0VRAtiWnwldK5fDbBptmlQ?= =?us-ascii?q?sqd4Osrn1b1g1/a941ILDfK7BSzlhMnK6OuDGn1vwpyg8EO0kN6H+SeDIPuE?= =?us-ascii?q?EQK7YpOy+o/utq6QyehjdOY3YMWOQwovJr90I9POKAwzjm07FdNkC7L/afIL?= =?us-ascii?q?+Bu2jcic6IRUs91l8Jl0lA+rh2zccjckqPWk8yzbuQFw4GOtHYJQFTccVS6G?= =?us-ascii?q?DZfTySvuXV3ZJ1I4K9G/jyQu+KtaYbnlyrEx4sH4UM6MQBGZ+s31vDIMj8Lb?= =?us-ascii?q?4K0xMt6B3lJFWYFvhJfgyEkCsfqcGl0JB3xZVdJi0aAWhlKiq4+LDXqxQwj/?= =?us-ascii?q?WeQtc5fG0aXpAeOXIsWMy2gSlZv25PDDOvyOIW1BCC7yPgpiTXFDT8ddxjZP?= =?us-ascii?q?aIahNsD9G2/S4//bCvh1DK6JvTO2b0OM9+td/I7OMVu4yIC+hITbVntUfThZ?= =?us-ascii?q?VYTWSwU2HTCd61O4Twa440YNPoCHa1SECwhikpQMf2ONatKqmIjh/yRYZIro?= =?us-ascii?q?aUwDAjOdW6FjEEFBd6v/sD675kZQ0ff5o7Zgbltx4kOKylJweXyc6jQ3q3KT?= =?us-ascii?q?RMUflQ0+G6Z71Rzyojau+6yXQgTpEmz+m560ENXpQKggvYxfm9e4lUSTLzFW?= =?us-ascii?q?BFewXTuSo5kHBsN+gozugjwBPIsFwcMzGRe+xqc2FEvs8zCk2MLnlsDWo4XV?= =?us-ascii?q?Cch5LZ4gGwx7AS4zddn9FM3O1Aqnf+pJzfbyywWKyqr5XVvDEtbNY8rK13LY?= =?us-ascii?q?PjJsyGtI7DkTzEVpXQtBOKUDKiHfpAhtdQOD5YQOVPmWw9IcwGvo5B5lArVs?= =?us-ascii?q?YwILxPDKcsq6uvaTpjCi4S1jEWWJ+a3DwFmee8wLralhGfcJg4NxwEqppCiM?= =?us-ascii?q?MHUyFqeiMeuLOjV4LOmmCeUGgLPQET4R5P5A8bl49wf+Hl4JbTQ5NWzT5Zve?= =?us-ascii?q?50WDPRFpZ071v7Vn2WgV/gRfW9lOyp2BlfzO7w3tkeQxFzE05dyPhKlkEwMr?= =?us-ascii?q?F4N7EQvpLWsj+PbU76vmXtx/W9KVZM18LUbEP3DJDZtWXiTyIQ43sUSpFTyH?= =?us-ascii?q?vHD5QdjxJ5aLo3pFVLOI2mZlvx6CElx4tzG7m1Ttykx1EgrXkaXSiqCMZBB/?= =?us-ascii?q?tgsF3JRD1ve4qrp4n9O5VOXm9Q/4WQpExXkEpxLyK0y4dQJs9W7zEQWzhPpC?= =?us-ascii?q?mSs8GpSM1fw8N2CYEDIstnsXfnBKxEIISRo2ExurH30H/W5S0zsFegyzWvAK?= =?us-ascii?q?K4S+VZ/3MAFQk3O2uerVQgAPU2/mfU7F/Nrkh+//1HCbiXkUVxvDF9E4hWBj?= =?us-ascii?q?ZSyXCqNUl8TGVdvuVBL6TVbtZcTOUsah+pJxw+D+Qp30iT8UFzh3f5bDR4th?= =?us-ascii?q?FG9CDFQwk0SS4Vj6/xmT0EtM6oJyIVRolVbTUlcyfFMRiUmT5WvBZYb0FlRY?= =?us-ascii?q?wZDsxC+7EB0ote5tDCRlq0KSEZQBxiMRo10f9Fmk5HtEWXZzzdDRayevnVqR?= =?us-ascii?q?B3e9merNKyLPvl5ghHkp3ovPo+96odW32sgRetTszGr4/gqt2KsVODdKXiPO?= =?us-ascii?q?2mZn/BVzzMggquhbo/CpnK4izTMBZaK5ZmyHore57hCXXRMRRBPaIbKFJRVb?= =?us-ascii?q?pmZtVevuBae8hkdb4L+aB3ABKHSAnvGIuyo/ZYNVvTWS7RLyOa8uy4u47T66?= =?us-ascii?q?LSSfT4bMyW23nHW753Pot96TTjFLfqzI5e+k7y2vhz80N3UkXJPD6ao9TgPA?= =?us-ascii?q?wL4tOudkz4vp0mBTnWGot/kGLxxkFccMoaWy+q8JUdyJ5C7Xb/V+J53VbpsO?= =?us-ascii?q?1T8blk5pM747Z3xseoPa3SM+hVsVd7AhiIAQVn7pMtAGxkSmBQZO8RLe3dfa?= =?us-ascii?q?UfjcDgseD4DbcX6AGP++xEddTHO1zBmtOhBT2GThxEhggBoyYALgSAz/6Fh7?= =?us-ascii?q?N0ScG9qOj83UIt5US+LhEYw7124IeE+7CHpOnJYBvNw7kEXbLqRsDorrg2vU?= =?us-ascii?q?Od++EknqYUemNpew2nDPQdVskFy2fk1qAqyCIhHtjNH73+5fFDUGg5kSj4m5?= =?us-ascii?q?BnGFUWGO0bEqaX/YhEmWc4gePZPMUMcq9egmaPCQKkErgaxH6q6iqYOnNqjQ?= =?us-ascii?q?3V3hHrX2yz8EH5ojNiTSvL1dfjnVJfVqOrCkdKQyqpJUh4vSuUMwrpr9r2t7?= =?us-ascii?q?467EM3Mmz4rNKCjnahOLdMEsLjI9yTPDc7q0gKjJ0rQdyvw5oUFcC6INcL/3?= =?us-ascii?q?F0duHe5H+zky9dv6dHgJLT4tmP9fXLAXagj6Obq7KXxDBb03Q4pk8w6tShNv?= =?us-ascii?q?HI+t2LTO+l134LQCdjpwTBXxC0qrvBr1AXI0CL01nEmJYMPt5H2Xk0zEbm5P?= =?us-ascii?q?IsQNgr7gVRCp7AZ+8epTD0IDb0zkyQY8gpWSmC0ztaBVb1EVhkGKci2GL/pt?= =?us-ascii?q?/JlWzK910uWIZwa1TthQZrAIUgNUIt9F8XzzIMEQcTbxCbELaoBUPiIYsfS0?= =?us-ascii?q?cDbRWH3L6neqY4xkBzxq2g5PXTbONmHaYNMOhSjhKWllhBBp0WqbEeQK57e1?= =?us-ascii?q?JF8q7XpxTtC4/jX/f8jno8L/y1Qsdd8cACrHsv+QO/ShWv6JtZ6LYbkp+IfL?= =?us-ascii?q?ZeYZfQpMB881tn5TkXeyxCnBd/lAi5XfkBqu7s5NbbsZyo6vuhVas2SOUX8g?= =?us-ascii?q?I7B2JggJfqh1Aju97X3f9GSoLJkYT/7BxNI3mStYbY1Bl8KewOJ5i3c7Zg83?= =?us-ascii?q?UHOjURJnMPPdqQcPk84C5tPS7N51xDHMMDf9cYM9fMmQxOjE3mRq1T/NLBGl?= =?us-ascii?q?CEE4dza9wo723vxTA075szSODg5SSyJZDC8l5NPvRDjD52mNLFvugVzuLYCD?= =?us-ascii?q?IL7nmBdxh13iSCxoGPC/nu8+WMxtXUWkgIHyEsVYdSOiaC9RahRuWriJXjSh?= =?us-ascii?q?mU5dPrgJIiaEKQQWS8nKsBsqZLH+9PlCH73jxFG4DugPKVtdus53dNul1BDo?= =?us-ascii?q?lz8QXPGL9DMZVjJRT4is6rS1B5Biv+e8HUdR0utfGUxugW4OV+ME3+apEdIh?= =?us-ascii?q?4ezbL192ZVRBN0SLHqplaZQf4RZNx+RfzfsH9V755gJrQUPFiZo5zqsitIqE?= =?us-ascii?q?4oDwA0crMwqSZadkbWlg1PR6n0oKIAihcbUdNht09DB2awOGMm5zXZTqlUja?= =?us-ascii?q?iRCPkQ8jqNVKwOV1tnPjl5QxOv15VkY6GpkuxfsmNagiN9p+An0jJ+RBumuC?= =?us-ascii?q?3ju7wC1Ckl+LG5qDUBo2JKQv+ZkyfSBlVJ1O4KgrsEC3b+9Vy8Z2EObIz24L?= =?us-ascii?q?Z5Psng7Y0h7G4kYRU/fi0JQfigCzvugKyWGICPtsxThAKVssXUcbCzNTQSNq?= =?us-ascii?q?g6yR/7Q3h90w7enAtn8WcSRjWg7cQkJJmmOcs+xyqnA27bdFEW7qNOqsvxuk?= =?us-ascii?q?YBTPEqZlN53GVjzs+HSzUIRMPVB2k1jgkkaWNDcJ9Y9x8aFq8ojSiMvqlH+A?= =?us-ascii?q?EUfTjVHp6i+onKksfCwWM9QstyxmLKuq2FgYsn0H9/lNN36S6Bo28fd/HeU8?= =?us-ascii?q?9wAnjz0ZpfyeP+Z/WxqOwHTpVpyKi5Wv8YLsaj4Xe22IltWkK9xLQeGl25MP?= =?us-ascii?q?UZxrfaSCeoUmuYVv6Oc2eSnjY1KEny5QOnLlcvcsdFs1c9Mvfehp5bjwDhSr?= =?us-ascii?q?10RiCMqlLaz2EuKv0aeBwsuIemeg0KS+gRa/KaJecw3P1tQGcLOkfAAC8+Lu?= =?us-ascii?q?ixq1PlyJByJnFI+UznZaHo9Qf8PZ2ZHRxSVcbhspNp+fG8DlmEMHtkwQw6aF?= =?us-ascii?q?J47M/DBl8xsalaaJ/Xkt/O0ZAz/PQEfL9VODc8oZZHl5pq84iP+N+DaxDK1p?= =?us-ascii?q?L7LtyTpeKXVbmX1Ekue2dHQpIFcAj14MM8Jdd/VLrNWfNbtBIaBYA1R5suM2?= =?us-ascii?q?q3/6Zxfzl+agrAWLPhoMDsoKqrYYFS7yvU51Q2LA/TvBoMzvHyRgt+OcOEnX?= =?us-ascii?q?L3dbI5QDQJj9p3DFN4HYIHIM4Ergy6E9bAg6y/itms62tmquQKtuz2EfmM29?= =?us-ascii?q?OnidYiF6NG7FCGaW6CTJJghV5o26Hr26/N?= X-IPAS-Result: =?us-ascii?q?A2CQAQCmGTFb/wHyM5BUCBoBAQEBAQIBAQEBCAEBAQGDH?= =?us-ascii?q?yqBBVwoi31gi2GXDxQMgQQDTCoTAYdPITQYAQIBAQEBAQECAWwoQgEECQGBZ?= =?us-ascii?q?CQBglYCJBMUIAsDAwkCEi4ICAMBLQMBBQELFwEHCwUYBIJCQoIAA6AGPIxxM?= =?us-ascii?q?4RMg3mBGBKIWg6CB4EPh0MTAQ0FAYV1AodchGuMaAmPBguNSAGRXjCBIDgzL?= =?us-ascii?q?nErCAIYCCEPO4EyGoEdkFNtegEBiShLgieCOQEB?= Received: from tarius.tycho.ncsc.mil ([144.51.242.1]) by EMSM-GH1-UEA10.NCSC.MIL with ESMTP; 25 Jun 2018 16:37:47 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus.infosec.tycho.ncsc.mil [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id w5PGb3HA022658; Mon, 25 Jun 2018 12:37:13 -0400 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id w5PGZNYq011699 for ; Mon, 25 Jun 2018 12:35:23 -0400 Received: from goalie.tycho.ncsc.mil (goalie.infosec.tycho.ncsc.mil [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id w5PGZU5v022511 for ; Mon, 25 Jun 2018 12:35:30 -0400 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A1DmAACO7jBbly0WGNZUCBwBAQEEAQEKA?= =?us-ascii?q?QGDRoFkFhKDeYgEjEGXD4EkA4VGAoMOITQYAQIBAQEBAQECFAEBAQEBBhgGTIV?= =?us-ascii?q?eBBkBATcBNAImAjYBBQEiARKDJYIAA59DPIobbYFpM4JxAQEFgWSDZnoIEnmHY?= =?us-ascii?q?YFWP4EPhicCgRohgyaCVYdehGuMaAmEV4ovC41JkV4wgSBrgR8zGggbFYMkghc?= =?us-ascii?q?0gzSKVG2MEII5AQE?= X-IPAS-Result: =?us-ascii?q?A1DmAACO7jBbly0WGNZUCBwBAQEEAQEKAQGDRoFkFhKDeYg?= =?us-ascii?q?EjEGXD4EkA4VGAoMOITQYAQIBAQEBAQECFAEBAQEBBhgGTIVeBBkBATcBNAImA?= =?us-ascii?q?jYBBQEiARKDJYIAA59DPIobbYFpM4JxAQEFgWSDZnoIEnmHYYFWP4EPhicCgRo?= =?us-ascii?q?hgyaCVYdehGuMaAmEV4ovC41JkV4wgSBrgR8zGggbFYMkghc0gzSKVG2MEII5A?= =?us-ascii?q?QE?= X-IronPort-AV: E=Sophos;i="5.51,270,1526356800"; d="scan'208";a="309409" Received: from emsm-gh1-uea11.ncsc.mil ([214.29.60.35]) by goalie.tycho.ncsc.mil with ESMTP; 25 Jun 2018 12:35:29 -0400 IronPort-PHdr: =?us-ascii?q?9a23=3Aj1lYYBxC9O5Ntk/XCy+O+j09IxM/srCxBDY+r6?= =?us-ascii?q?Qd2uIUIJqq85mqBkHD//Il1AaPAd2Graocw8Pt8InYEVQa5piAtH1QOLdtbD?= =?us-ascii?q?Qizfssogo7HcSeAlf6JvO5JwYzHcBFSUM3tyrjaRsdF8nxfUDdrWOv5jAOBB?= =?us-ascii?q?r/KRB1JuPoEYLOksi7ze+/94HTbglSmDaxfa55IQmrownWqsQYm5ZpJLwryh?= =?us-ascii?q?vOrHtIeuBWyn1tKFmOgRvy5dq+8YB6/ShItP0v68BPUaPhf6QlVrNYFygpM3?= =?us-ascii?q?o05MLwqxbOSxaE62YGXWUXlhpIBBXF7A3/U5zsvCb2qvZx1S+HNsDtU7s6RS?= =?us-ascii?q?qt4LtqSB/wiScIKTg58H3MisdtiK5XuQ+tqwBjz4LRZoyeKfhwcb7Hfd4CWG?= =?us-ascii?q?ROUchfWS9GDI28cYUAE/EMPfpEo4Tnu1cDtweyCAuqCejyyjFInHj23agi3u?= =?us-ascii?q?olCw7G2gogFM8MvnTTttX1MroZXOe3zKbSyzXDafNW1Czy6IjPdRAhrvWMUq?= =?us-ascii?q?xqfcXNzkkvEhrIg1ONooLmJzOYzvoBv3WU4uZ6S+6ihHQrpx9vrjS1ycohip?= =?us-ascii?q?HFipwJxl3A7yl0w4Y4KcemREJlfdKoCoVcuz2EO4ZwX8gsWXtnuDwgxb0DoZ?= =?us-ascii?q?O7fDYFyJAgxxPHZfOJbpSF7AztWeuPOzl1mG5pdbClixms70egz/b8Vsau3F?= =?us-ascii?q?ZPtCVFk93MumoI1xzS7siLUvp9/kG/1jaTzw3f9PxILE8umabFJJMt2KA8mo?= =?us-ascii?q?QJvUnMHiL6gED2g7WXdkUg9Oio8ePnYrD+q5KSMo91hQL+M6sulc2xD+s2Nx?= =?us-ascii?q?UDUmaY9+u/z7Ps4FD2T7RKgfIojKbWsIvVKsoBqqCkHQBazocj5BikADikzd?= =?us-ascii?q?sYnn8HLFBCeByajofmJUvCL+35DfmkmVijkClkx/TdM73vBpXCMHfCnK74cb?= =?us-ascii?q?Z/8UFczgwzzdBF651PDbEBPfTzVVPvu9zDFBM5PAu0w+HoCNV5yIwSQ36AAq?= =?us-ascii?q?icMK/Kq1+H+vovI/WQZI8SoDv9MOYq5/rvjX8/hF8ccrKk3YcXaX+kHvRmJF?= =?us-ascii?q?+VYXz3gtgbC2sKsQ0+TPK5wGGFBAZaenL6eqU7/DxzXJqvEIPrXomwhPmE2y?= =?us-ascii?q?ChE9tdYWUQThi3DXrwd4iCE8wJYSaWL94pxicITpC9WoQh0leorwa8xL15eK?= =?us-ascii?q?6c1zcZvtrb3cJ0/KWHmAk77z1vJ9yUyWCWV2V9lW5OQCU5iuQ3ukF5y1GewY?= =?us-ascii?q?BkkvdYEppV/PoPXQAkcdbexup8C/j9XQXOetrPQ1GjEfu8BjRkbNs3xZcuZF?= =?us-ascii?q?x7U4GghxbF3wKlBLgak7HND5sxpPGPl0PtLtpwni6VnJIqiEMrF44WbTX83P?= =?us-ascii?q?x26hTTCojVkk6Qi6etc+EG0TXQ8HuYlzXV7nx7fSopAJ3sBylZa0bTttu/40?= =?us-ascii?q?rDS/mrCLB0ehBZx5ukLa1HIsbskU0AXO3qbdbXZWSxs2i3AhmMy/WHa4+5M3?= =?us-ascii?q?4F0nDlAVMf2xsW4W7AMAE/Aim7pGeLVzl+FkLQfH7P27Jfmkq3Qn8Lwgy1ZX?= =?us-ascii?q?An7Le++yMftPCfTfEU5YIJ/isgknNLEVKV0dbbG5/FpQNneqUaa9Qg5lxKzi?= =?us-ascii?q?TWsAtyOpHmJKdn1RYFawoimUTo2l1sD5lY18gnqHR/1A1pNaeRy09MbRud1J?= =?us-ascii?q?H0f6TUciz8pkj1LaHR3V7a3ZCd/aJcoPg7qlC2pAiyDQJi6HRo1dBJzmGRro?= =?us-ascii?q?vHFgscUJ/9Ew43+hF2qqucY3wV6ITT2nlhd6KztzI=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0CNAADnGDFbly0WGNZUCBwBAQEEAQE?= =?us-ascii?q?KAQGDRoFkFhKDeYgEjEGXD4EkA4VGAoMRITQYAQIBAQEBAQECARMBAQEBAQY?= =?us-ascii?q?YBkwMgjUkAYJ4BBkBATcBNAImAjYBBQEiARKDJYIAA6AFPIobbYFpM4JxAQE?= =?us-ascii?q?FgWSDaYEQCBJ5h2GBVj+BD4YnAoEaIYMmglWHXoRrjGgJhFeKLwuNSZFeMIE?= =?us-ascii?q?ga4EfMxoIGxWDJIIXNIM0ilRtjRaCOQEB?= X-IPAS-Result: =?us-ascii?q?A0CNAADnGDFbly0WGNZUCBwBAQEEAQEKAQGDRoFkFhKDe?= =?us-ascii?q?YgEjEGXD4EkA4VGAoMRITQYAQIBAQEBAQECARMBAQEBAQYYBkwMgjUkAYJ4B?= =?us-ascii?q?BkBATcBNAImAjYBBQEiARKDJYIAA6AFPIobbYFpM4JxAQEFgWSDaYEQCBJ5h?= =?us-ascii?q?2GBVj+BD4YnAoEaIYMmglWHXoRrjGgJhFeKLwuNSZFeMIEga4EfMxoIGxWDJ?= =?us-ascii?q?IIXNIM0ilRtjRaCOQEB?= X-IronPort-AV: E=Sophos;i="5.51,270,1526342400"; d="scan'208";a="14995692" X-IronPort-Outbreak-Status: No, level 0, Unknown - Unknown Received: from usat3cpa07.eemsg.mail.mil ([214.24.22.45]) by emsm-gh1-uea11.NCSC.MIL with ESMTP; 25 Jun 2018 16:35:29 +0000 X-EEMSG-check-005: 0 X-EEMSG-check-006: 000-001;64e68fb7-5067-4e4f-9be0-6f498f1f4ea7 X-EEMSG-check-008: 49538360|UKEL19PA21_EEMSG_MP14.csd.disa.mil X-EEMSG-SBRS: None X-EEMSG-ORIG-IP: 209.85.220.202 X-EEMSG-check-002: true IronPort-PHdr: =?us-ascii?q?9a23=3Ar1SbLBw3b/9cwKTXCy+O+j09IxM/srCxBDY+r6Qd?= =?us-ascii?q?0OoVIJqq85mqBkHD//Il1AaPBtqLra8fwLOL+4nbGkU+or+5+EgYd5JNUxJXwe?= =?us-ascii?q?43pCcHRPC/NEvgMfTxZDY7FskRHHVs/nW8LFQHUJ2mPw6aijSI4DUTAhTyMxZu?= =?us-ascii?q?bqSwQ9aKzpf/6+fnw5TOZ01tgz2nbPsmNByrqS3Jv9QSxI5lLbw8jBDOpy0MM9?= =?us-ascii?q?9KyHtoKFTbpBP14sO97dY36ChLk+4w/M5HF6PhduI3SqIOSHwLKWE+rPXirxjY?= =?us-ascii?q?BV+C/nIGU34+ihNSAhPd6BjxU9H2qCSs8qJm1S2bO9DmZawlUjSlqaFwQVnnjz?= =?us-ascii?q?lDfzww9mfXosN3i61frVSqoBks7ZTTZdS3Pfx4NoPaZ9VSEWhIWMBRfyNGBYy4?= =?us-ascii?q?Ys0ECO9XbrUQlJX0u1Zb9Uj2PgKrHu66j2YQ3ianj51/6PwoFET95CJlGtsPtH?= =?us-ascii?q?rOq9CubvUcVe2liezKxDPFb7Vc3ir744XTNB8mpv6IUPR7ds+DkBBzRTOAtU2Z?= =?us-ascii?q?rMneBx3Qzv4E6jLJ4O1nWuaizWUgrlMp+2X99oIXkoDMw7kt5BXE+CF+mthnIN?= =?us-ascii?q?S5TAtiYobhHsEI7WeVMIx5Rs5kSGZt6n43?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0BBAQCeGDFb/8rcVdFUCBwBAQEEAQEKA?= =?us-ascii?q?QGDSYFhFhKDeYgEjEGXD4EkA3GEVQKDERkHAQQwGAECAQEBAQEBAQEBbBwMgjU?= =?us-ascii?q?FAR4BBYJzBBkBATcBNAImAjYBBQEiARKDJYIAoAg8ihttgWkzgnEBAQWBZINpg?= =?us-ascii?q?RAIEnmHYYFWP4EPhicCgRohgyaCVYdehGuMaAmEV4ovC41IAZFeMIEgODOBHzM?= =?us-ascii?q?aCBsVgySCF4NoilQ9MI0WX4FaAQE?= X-IPAS-Result: =?us-ascii?q?A0BBAQCeGDFb/8rcVdFUCBwBAQEEAQEKAQGDSYFhFhKDeYg?= =?us-ascii?q?EjEGXD4EkA3GEVQKDERkHAQQwGAECAQEBAQEBAQEBbBwMgjUFAR4BBYJzBBkBA?= =?us-ascii?q?TcBNAImAjYBBQEiARKDJYIAoAg8ihttgWkzgnEBAQWBZINpgRAIEnmHYYFWP4E?= =?us-ascii?q?PhicCgRohgyaCVYdehGuMaAmEV4ovC41IAZFeMIEgODOBHzMaCBsVgySCF4Noi?= =?us-ascii?q?lQ9MI0WX4FaAQE?= Received: from mail-qk0-f202.google.com ([209.85.220.202]) by UKEL19PA21.eemsg.mail.mil with ESMTP; 25 Jun 2018 16:34:57 +0000 Received: by mail-qk0-f202.google.com with SMTP id z68-v6so9757771qka.16 for ; Mon, 25 Jun 2018 09:34:52 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:date:message-id:subject:from:to:cc; bh=aXlDQQmpWYao8JR4v1byMs0Gmu296f08HhR0cF1tF3s=; b=dXWuIs52/jte3HKUvLUbEVsDy1ksH2YB8kbFvv76pzVoXATLsnPzP5zbTvYAPPBhzx GISkXdgKjorIi8Jpm+TsIQsB01LXJ9hHZy13vUx2/VmmZuDhF4r5t0EKU41xSKjR72bB 8ZC+bL8xhvL/tq+crQjmL0w6Q8BZQLOfnalRilVe1Mxfu/LwxDTbrxQJwJg7hsguQFyG /2zZHnwCKu/tEv+TfVwo4MSf4aRh8N4YIlxwKv/nH7lhK5m6Coy4+wrE9j4ymzb8x1dC 4jhDaVKuSk/nxleAw0QzhYnXW+XDJwS3hjDiFWq135caR7TusC0T1m04qecp607XXPo3 Qkvg== X-Gm-Message-State: APt69E2RN6ZfFJj+A4I7BTXJoW3SFF8SHLW4d+u8Kl24GNf3EOqyWpZU VpkAbL9qZtJj+NP9LMvud1fTk11ioQ== X-Google-Smtp-Source: AAOMgpcahIqYFx1AxLu6kC+mFirPHW7S8+OVbX3fKryqbnoPB2Pdd174FjKf0Iuu4TFWF8uYzHYQzYStyA== MIME-Version: 1.0 X-Received: by 2002:ac8:13c1:: with SMTP id i1-v6mr7244503qtj.25.1529944475282; Mon, 25 Jun 2018 09:34:35 -0700 (PDT) Date: Mon, 25 Jun 2018 18:34:25 +0200 Message-Id: <20180625163425.216965-1-jannh@google.com> X-Mailer: git-send-email 2.18.0.rc2.346.g013aa6912e-goog X-EEMSG-check-009: 444-444 To: Paul Moore , Stephen Smalley , Eric Paris , selinux@tycho.nsa.gov, jannh@google.com X-Mailman-Approved-At: Mon, 25 Jun 2018 12:36:55 -0400 Subject: [PATCH] selinux: move user accesses in selinuxfs out of locked regions X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: From: Jann Horn via Selinux Reply-To: Jann Horn Cc: security@kernel.org, linux-kernel@vger.kernel.org Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP If a user is accessing a file in selinuxfs with a pointer to a userspace buffer that is backed by e.g. a userfaultfd, the userspace access can stall indefinitely, which can block fsi->mutex if it is held. For sel_read_policy(), remove the locking, since this method doesn't seem to access anything that requires locking. For sel_read_bool(), move the user access below the locked region. For sel_write_bool() and sel_commit_bools_write(), move the user access up above the locked region. Cc: stable@vger.kernel.org Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Jann Horn Acked-by: Stephen Smalley --- security/selinux/selinuxfs.c | 77 ++++++++++++++++-------------------- 1 file changed, 33 insertions(+), 44 deletions(-) diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index f3d374d2ca04..065f8cea84e3 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c @@ -445,18 +445,13 @@ static ssize_t sel_read_policy(struct file *filp, char __user *buf, struct policy_load_memory *plm = filp->private_data; int ret; - mutex_lock(&fsi->mutex); - ret = avc_has_perm(&selinux_state, current_sid(), SECINITSID_SECURITY, SECCLASS_SECURITY, SECURITY__READ_POLICY, NULL); if (ret) - goto out; + return ret; - ret = simple_read_from_buffer(buf, count, ppos, plm->data, plm->len); -out: - mutex_unlock(&fsi->mutex); - return ret; + return simple_read_from_buffer(buf, count, ppos, plm->data, plm->len); } static vm_fault_t sel_mmap_policy_fault(struct vm_fault *vmf) @@ -1188,25 +1183,29 @@ static ssize_t sel_read_bool(struct file *filep, char __user *buf, ret = -EINVAL; if (index >= fsi->bool_num || strcmp(name, fsi->bool_pending_names[index])) - goto out; + goto out_unlock; ret = -ENOMEM; page = (char *)get_zeroed_page(GFP_KERNEL); if (!page) - goto out; + goto out_unlock; cur_enforcing = security_get_bool_value(fsi->state, index); if (cur_enforcing < 0) { ret = cur_enforcing; - goto out; + goto out_unlock; } length = scnprintf(page, PAGE_SIZE, "%d %d", cur_enforcing, fsi->bool_pending_values[index]); - ret = simple_read_from_buffer(buf, count, ppos, page, length); -out: mutex_unlock(&fsi->mutex); + ret = simple_read_from_buffer(buf, count, ppos, page, length); +out_free: free_page((unsigned long)page); return ret; + +out_unlock: + mutex_unlock(&fsi->mutex); + goto out_free; } static ssize_t sel_write_bool(struct file *filep, const char __user *buf, @@ -1219,6 +1218,17 @@ static ssize_t sel_write_bool(struct file *filep, const char __user *buf, unsigned index = file_inode(filep)->i_ino & SEL_INO_MASK; const char *name = filep->f_path.dentry->d_name.name; + if (count >= PAGE_SIZE) + return -ENOMEM; + + /* No partial writes. */ + if (*ppos != 0) + return -EINVAL; + + page = memdup_user_nul(buf, count); + if (IS_ERR(page)) + return PTR_ERR(page); + mutex_lock(&fsi->mutex); length = avc_has_perm(&selinux_state, @@ -1233,22 +1243,6 @@ static ssize_t sel_write_bool(struct file *filep, const char __user *buf, fsi->bool_pending_names[index])) goto out; - length = -ENOMEM; - if (count >= PAGE_SIZE) - goto out; - - /* No partial writes. */ - length = -EINVAL; - if (*ppos != 0) - goto out; - - page = memdup_user_nul(buf, count); - if (IS_ERR(page)) { - length = PTR_ERR(page); - page = NULL; - goto out; - } - length = -EINVAL; if (sscanf(page, "%d", &new_value) != 1) goto out; @@ -1280,6 +1274,17 @@ static ssize_t sel_commit_bools_write(struct file *filep, ssize_t length; int new_value; + if (count >= PAGE_SIZE) + return -ENOMEM; + + /* No partial writes. */ + if (*ppos != 0) + return -EINVAL; + + page = memdup_user_nul(buf, count); + if (IS_ERR(page)) + return PTR_ERR(page); + mutex_lock(&fsi->mutex); length = avc_has_perm(&selinux_state, @@ -1289,22 +1294,6 @@ static ssize_t sel_commit_bools_write(struct file *filep, if (length) goto out; - length = -ENOMEM; - if (count >= PAGE_SIZE) - goto out; - - /* No partial writes. */ - length = -EINVAL; - if (*ppos != 0) - goto out; - - page = memdup_user_nul(buf, count); - if (IS_ERR(page)) { - length = PTR_ERR(page); - page = NULL; - goto out; - } - length = -EINVAL; if (sscanf(page, "%d", &new_value) != 1) goto out;